Updated donation checkout metadata handling

[9larsons]

no ref

Tightens how donation checkout metadata is assembled so Ghost-owned metadata stays authoritative and webhook routing keys off trusted values.

• normalizes caller-supplied checkout metadata before it's used
• keeps Ghost's own donation metadata as the source of truth
• adds unit coverage for the metadata handling and webhook routing paths

[coderabbitai]

Walkthrough

This PR adds layered defenses against reserved gift-related metadata being injected into donation checkout sessions. The router controller strips reserved keys from incoming requests, the webhook event handler normalizes metadata flags and rejects conflicting donation/gift markers, and the donation service ensures its own metadata flag cannot be overridden by caller input. Tests validate the filtering behavior end-to-end and confirm webhook routing correctly handles metadata normalization and conflicts.

Suggested reviewers

• sagzy
• minimaluminium

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 20.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately summarizes the main change: updating donation checkout metadata handling, which aligns with the core objective of hardening metadata processing across multiple services.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Description check	✅ Passed	The PR description accurately describes the changeset: tightening donation checkout metadata assembly, normalizing caller-supplied metadata, and keeping Ghost's donation metadata as authoritative, which aligns with the file changes across router-controller, stripe-api, webhook service, and test files.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch update-donation-checkout-metadata

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}