litecharms/components
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 114 Wiki Activity

Removed comments from function blocks

Browse Source
This commit is contained in:
Khwezi Mngoma
2026-05-31 19:38:03 +02:00
parent 48f4cd45f1
commit c4f73fd999
1 changed files with 0 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files
LiteCharms.Features/Hasher/HashService.cs
-6
View File
@@ -35,7 +35,6 @@ public sealed partial class HashService(IHashids hasher, IOptions<HasherSettings
if (string.IsNullOrWhiteSpace(incomingSignature)) if (string.IsNullOrWhiteSpace(incomingSignature))
return Result.Fail<bool>("Validation failed: Missing signature string parameter."); return Result.Fail<bool>("Validation failed: Missing signature string parameter.");
// 1. Sort the parameters alphabetically and exclude the signature parameter to prevent recursive checking
var sortedFields = incomingFormData var sortedFields = incomingFormData
.Where(field => field.Key != "signature") .Where(field => field.Key != "signature")
.OrderBy(field => field.Key) .OrderBy(field => field.Key)
@@ -43,19 +42,14 @@ public sealed partial class HashService(IHashids hasher, IOptions<HasherSettings
string payload = string.Join("&", sortedFields); string payload = string.Join("&", sortedFields);
// 2. Append the secure, passphrase injected into the container pod from your environment variables
if (!string.IsNullOrWhiteSpace(settings.PayfastPassphrase)) if (!string.IsNullOrWhiteSpace(settings.PayfastPassphrase))
{
payload += $"&passphrase={Uri.EscapeDataString(settings.PayfastPassphrase).Replace("%20", "+")}"; payload += $"&passphrase={Uri.EscapeDataString(settings.PayfastPassphrase).Replace("%20", "+")}";
}
// 3. Compute localized hex token
var localHashResult = ComputeMd5Hash(payload); var localHashResult = ComputeMd5Hash(payload);
if (!localHashResult.IsSuccess) if (!localHashResult.IsSuccess)
return Result.Fail<bool>(localHashResult.Errors); return Result.Fail<bool>(localHashResult.Errors);
// 4. Constant-time secure text comparison to fully block timing analysis attacks
bool isValid = string.Equals(localHashResult.Value, incomingSignature, StringComparison.OrdinalIgnoreCase); bool isValid = string.Equals(localHashResult.Value, incomingSignature, StringComparison.OrdinalIgnoreCase);
return Result.Ok(isValid); return Result.Ok(isValid);