Bug: Rate limiter applies to Stripe webhook endpoint causing missed webhook events

[Aamod-Dev]

File: BACKEND/app.js (lines 66, 69)

Severity: LOW

Problem: app.use('/api', limiter) registers before the webhook route. Stripe sends webhook events that could be rate-limited if multiple events fire in quick succession, causing missed order processing.

Fix: Register the webhook route before the rate limiter, or exclude the webhook path from rate limiting.

[hashhhh-16]

Hi! @Aamod-Dev, I would like to work on this issue as a part of SSoC26.

[nikhildhamdhere15]

Hi @Aamod-Dev, I'd love to take this up! I can fix this by ensuring the Stripe webhook route is registered before the global rate limiter middleware in BACKEND/app.js, ensuring events aren't accidentally blocked. Could you please assign this issue to me?

[nikhildhamdhere15]

Hi @Aamod-Dev, Thank you for reviewing and merging the PR! I really enjoyed working on this feature. I'm ready to take on more work for SSoC26—whether it's tackling new "Hard" labeled features, fixing bugs, or assisting with other tasks. Please let me know if there are any other open issues you could assign to me next. I'm excited to keep contributing!

…

________________________________ From: Aamod Kumar ***@***.***> Sent: Tuesday, June 23, 2026 4:28 PM To: niharika-mente/Product-Store ***@***.***> Cc: Dhamdhere Nikhil ***@***.***>; Comment ***@***.***> Subject: Re: [niharika-mente/Product-Store] Bug: Rate limiter applies to Stripe webhook endpoint causing missed webhook events (Issue #356) Closed #356<#356> as completed via #405<#405>. — Reply to this email directly, view it on GitHub<#356?email_source=notifications&email_token=AVQOPM5OFEPXAUH7PHEZPTT5BJPETA5CNFSNUABQM5UWIORPF5TWS5BNNB2WEL2JONZXKZKFOZSW45CON52GSZTJMNQXI2LPNYXTENZQHA4TANBZHE4TNJTSMVQXG33OU5RW63LNMVXHJJLFOZSW45FMMZXW65DFOJPWG3DJMNVQ#event-27089049996>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/AVQOPM3BEXEKMFHP5LMXMN35BJPETAVCNFSNUABFKJSXA33TNF2G64TZHM4TSMZVHA2TKNJUHNEXG43VMU5TINZQG4ZTCNJQGYY2C5QC>. Triage notifications, keep track of coding agent tasks and review pull requests on the go with GitHub Mobile for iOS<https://github.com/notifications/mobile/ios/AVQOPMYQVOIUEQO66B5O74L5BJPETA5CNFSNUABQM5UWIORPF5TWS5BNNB2WEL2JONZXKZKFOZSW45CON52GSZTJMNQXI2LPNYXTENZQHA4TANBZHE4TNJTSMVQXG33OU5RW63LNMVXHJJLFOZSW45FKMZXW65DFOJPWS33T> and Android<https://github.com/notifications/mobile/android/AVQOPM6HG4LJB2PBBZW2UEL5BJPETA5CNFSNUABQM5UWIORPF5TWS5BNNB2WEL2JONZXKZKFOZSW45CON52GSZTJMNQXI2LPNYXTENZQHA4TANBZHE4TNJTSMVQXG33OU5RW63LNMVXHJJLFOZSW45FOMZXW65DFOJPWC3TEOJXWSZA>. Download it today! You are receiving this because you commented.Message ID: ***@***.***>