fix: prevent duplicate payments, overcharges, and double reader dispatch in Terminal backend

[JacobCoffee]

Summary

• Webhook duplicate payment: When CapturePaymentView marks a Payment as SUCCEEDED, the subsequent payment_intent.succeeded webhook no longer creates a duplicate Payment row. Added an already_succeeded check before the fallback create path.
• Overcharge on existing orders: _resolve_order_and_amount now validates order status is PENDING and calculates remaining balance (total minus succeeded payments) instead of blindly using order.total.
• Double reader dispatch: Removed server-side process_terminal_payment() call. The JS SDK drives reader interaction; server only creates the PaymentIntent and returns client_secret.
• Walk-up orders owned by staff: When no order_id is provided, accepts attendee_access_code in the payload to create the order for the attendee's user instead of the staff member.
• _parse_json_body accepts arrays: Added isinstance(payload, dict) guard matching views_checkin.py.
• Cancel uses client reader_id: CancelPaymentView now uses the stored terminal_payment.reader_id instead of trusting the request body.
• ValueError from convert_amount_for_api: Added ValueError catch around create_terminal_payment_intent call.
• Except syntax: Fixed all except X, Y: to except (X, Y): in both views_terminal.py and webhooks.py.

Test plan

• Verify terminal payment creates intent and returns client_secret without server-side reader dispatch
• Verify paying an already-paid order returns 409
• Verify webhook skips duplicate payment creation for terminal-captured intents
• Verify cancel uses stored reader ID from TerminalPayment record
• Verify walk-up sale with attendee_access_code creates order for attendee, not staff
• Verify JSON array body returns 400

🤖 Generated with Claude Code

[chatgpt-codex-connector]

You have reached your Codex usage limits for code reviews. You can see your limits in the Codex usage dashboard.