[BACKEND] Payment verification is hardcoded to always return `true`

[Hydrax117]

Description:
The Paystack/Flutterwave verification method in TournamentService always returns success:

async fn verify_payment_with_provider(&self, reference: &str, amount: i64) -> Result<bool, ApiError> {
    // Simulate successful verification
    Ok(true)
}

Any caller can join any paid tournament by supplying a fake payment reference. This is a direct financial vulnerability.

Affected files: src/service/tournament_service.rs

Proposed fix: Implement real HTTP calls to the Paystack GET /transaction/verify/{reference} and Flutterwave GET /v3/transactions/{id}/verify endpoints. Verify both the payment status and the amount match the tournament entry fee before accepting registration.

---

[mohadon0]

@mohadon0 has applied to work on this issue as part of the Stellar Wave Program's 5th wave.

i would like to work on this issue

ℹ️ Repo Maintainers: To accept this application, review their application or assign @mohadon0 to this issue.

[drips-wave]

Congratulations, @mohadon0! 🎉 Your application was accepted by the repo's maintainers, and the issue is due on June 2, 2026.

🧑‍💻 @mohadon0: Please resolve the issue such that the repo's maintainers have enough time to review your contribution before the due date. You'll earn Points for completing the issue on-time, which will make you eligible for a share of the Stellar Wave Program's reward pool.

Warning

When opening a PR, please link it to this issue to ensure it gets tracked accurately. Points are awarded when this issue is marked as completed by the maintainer.

🤠 Repo maintainers: Please keep an eye on the contributor's progress and review their work before the due date. You can manage this issue, including adjusting its complexity and points, here.

🌊 Happy Wave 🌊