refactor: guard callback routes with reusable middleware that checks the payment processor

[Anshumancanrock]

Description

The /callbacks/opennode, /callbacks/lnbits, and /callbacks/zebedee routes were always registered regardless of which payment processor was active. Each controller then had to check settings.payments.processor and return 403 if it didn't match.

This PR moves that check to the route layer so each route is now only registered when its processor is the configured one, the same way /callbacks/nodeless works after #584.

Related Issue

Follows up on #584 (as approved by @cameri).

Motivation and Context

The in-controller processor check was redundant , if a route isn't registered, it can't be hit. Keeping dead routes open is unnecessary exposure, and the scattered paymentProcessor !== 'x' checks were noise that could easily be missed when reading the controller logic.

How Has This Been Tested?

• Removed the now-redundant processor-check tests from each controller spec
• Updated test/unit/routes/callbacks.spec.ts to stub createSettings so the OpenNode route registers correctly during the test

Screenshots (if appropriate):

N/A

Types of changes

• Non-functional change (docs, style, minor refactor)
• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to change)

Checklist:

• My code follows the code style of this project.
• My change requires a change to the documentation.
• I have updated the documentation accordingly.
• I have read the CONTRIBUTING document.
• I have added tests to cover my code changes.
• I added a changeset, or this is docs-only and I added an empty changeset.
• All new and existing tests passed.

[changeset-bot]

🦋 Changeset detected

Latest commit: 29bfef5

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 1 package

Name	Type
nostream	Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

[coveralls]

coverage: 64.775% (-0.1%) from 64.905% — Anshumancanrock:refactor/callback-routes-conditional-registration into cameri:main

[cameri]

should we also check here if payments are enabled, not just which processor is configured?

[Anshumancanrock]

should we also check here if payments are enabled, not just which processor is configured?

Hi @cameri , this PR #616 addresses your comment .requireProcessor now checks payments.enabled before the processor name. Also fixed the OpenNode integration test setup (it was missing callbackBaseURL, so all 4 scenarios were silently returning 500).

[cameri]

PR title does not quite match the change: callbacks are always registered, but guarded by a reusable middleware that checks the payment processor is configured before allowing the request.
Changeset has same issue.