From 40015165c582fc93e63664d26a0ae5aa9458abf5 Mon Sep 17 00:00:00 2001
From: David Bomba <turbo124@gmail.com>
Date: Tue, 22 Nov 2022 16:49:19 +1100
Subject: [PATCH 1/4] Adjust rate limits to prevent abuse

---
 routes/api.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/routes/api.php b/routes/api.php
index d601bf2bd942..6eaabb51f1c0 100644
--- a/routes/api.php
+++ b/routes/api.php
@@ -182,7 +182,7 @@ Route::group(['middleware' => ['throttle:300,1', 'api_db', 'token_auth', 'locale
     Route::put('expenses/{expense}/upload', [ExpenseController::class, 'upload']);
     Route::post('expenses/bulk', [ExpenseController::class, 'bulk'])->name('expenses.bulk');
 
-    Route::post('export', [ExportController::class, 'index'])->name('export.index');
+    Route::post('export', [ExportController::class, 'index'])->middleware('throttle:2,1')->name('export.index');
 
     Route::resource('expense_categories', ExpenseCategoryController::class); // name = (expense_categories. index / create / show / update / destroy / edit
     Route::post('expense_categories/bulk', [ExpenseCategoryController::class, 'bulk'])->name('expense_categories.bulk');
@@ -192,7 +192,7 @@ Route::group(['middleware' => ['throttle:300,1', 'api_db', 'token_auth', 'locale
     Route::put('group_settings/{group_setting}/upload', [GroupSettingController::class, 'upload'])->name('group_settings.upload');
 
     Route::post('import', [ImportController::class, 'import'])->name('import.import');
-    Route::post('import_json', [ImportJsonController::class, 'import'])->name('import.import_json');
+    Route::post('import_json', [ImportJsonController::class, 'import'])->middleware('throttle:2,1')->name('import.import_json');
     Route::post('preimport', [ImportController::class, 'preimport'])->name('import.preimport');
 
     Route::resource('invoices', InvoiceController::class); // name = (invoices. index / create / show / update / destroy / edit

From 81fd33e9011727471f55af063f6d24b54d1a246f Mon Sep 17 00:00:00 2001
From: David Bomba <turbo124@gmail.com>
Date: Tue, 22 Nov 2022 17:37:41 +1100
Subject: [PATCH 2/4] Fixes for importing stripe customers where no customers
 exist in stripe

---
 app/PaymentDrivers/Stripe/ImportCustomers.php | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/app/PaymentDrivers/Stripe/ImportCustomers.php b/app/PaymentDrivers/Stripe/ImportCustomers.php
index 3661091b4956..377d2d53d386 100644
--- a/app/PaymentDrivers/Stripe/ImportCustomers.php
+++ b/app/PaymentDrivers/Stripe/ImportCustomers.php
@@ -63,7 +63,11 @@ class ImportCustomers
                 $this->addCustomer($customer);
             }
 
-            $starting_after = end($customers->data)['id'];
+            //handle 
+            if(is_array($customers->data) && end($customers->data) && array_key_exists('id', end($customers->data)))
+                $starting_after = end($customers->data)['id'];
+            else
+                break;
 
         } while ($customers->has_more);
     }

From 4d87b845e56636c6d1e192096cf82a673a04a9b1 Mon Sep 17 00:00:00 2001
From: David Bomba <turbo124@gmail.com>
Date: Tue, 22 Nov 2022 23:36:51 +1100
Subject: [PATCH 3/4] Fixes for bank transaction csv imports

---
 .../Requests/BankTransaction/StoreBankTransactionRequest.php    | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/Http/Requests/BankTransaction/StoreBankTransactionRequest.php b/app/Http/Requests/BankTransaction/StoreBankTransactionRequest.php
index 65f4665feffd..529eaa79a61a 100644
--- a/app/Http/Requests/BankTransaction/StoreBankTransactionRequest.php
+++ b/app/Http/Requests/BankTransaction/StoreBankTransactionRequest.php
@@ -44,7 +44,7 @@ class StoreBankTransactionRequest extends Request
     {
         $input = $this->all();
 
-            if(array_key_exists('bank_integration_id', $input) && strlen($input['bank_integration_id']) > 1)
+            if(array_key_exists('bank_integration_id', $input) && strlen($input['bank_integration_id']) > 1 && !is_numeric($input['bank_integration_id']))
                 $input['bank_integration_id'] = $this->decodePrimaryKey($input['bank_integration_id']);
 
         $this->replace($input);

From 575d5cda35bf05641ceb00cae55251302cbac691 Mon Sep 17 00:00:00 2001
From: David Bomba <turbo124@gmail.com>
Date: Wed, 23 Nov 2022 07:43:14 +1100
Subject: [PATCH 4/4] Catch payment intents without charges key

---
 app/PaymentDrivers/Stripe/Jobs/PaymentIntentWebhook.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/PaymentDrivers/Stripe/Jobs/PaymentIntentWebhook.php b/app/PaymentDrivers/Stripe/Jobs/PaymentIntentWebhook.php
index 6b00a1221a16..196b29bbc813 100644
--- a/app/PaymentDrivers/Stripe/Jobs/PaymentIntentWebhook.php
+++ b/app/PaymentDrivers/Stripe/Jobs/PaymentIntentWebhook.php
@@ -93,7 +93,7 @@ class PaymentIntentWebhook implements ShouldQueue
             return;
 
 
-        if(optional($this->stripe_request['object']['charges']['data'][0])['id']){
+        if(isset($this->stripe_request['object']['charges']) && optional($this->stripe_request['object']['charges']['data'][0])['id']){
 
             $company = Company::where('company_key', $this->company_key)->first();