Merge pull request 'payments' (#110 ) from payments into master

Reviewed-on: #110
ensure alphabetical sorting
2026-06-13 15:50:20 +02:00 · 2026-06-13 15:49:45 +02:00 · 2026-06-13 15:45:59 +02:00 · 2026-06-13 12:08:23 +02:00 · 2026-06-13 10:46:11 +02:00 · 2026-06-13 10:45:31 +02:00
8 changed files with 78 additions and 46 deletions
@@ -1,11 +1,12 @@
 using LiteCharms.Features.Abstractions;
+using LiteCharms.Features.Browser;
 using LiteCharms.Features.MidrandBooks.Abstractions;

 namespace LiteCharms.Features.MidrandBooks.Extensions;

 public static class Shop
 {
-    public static IServiceCollection AddShopServices(this IServiceCollection services)
+    public static IServiceCollection AddShopServices(this IServiceCollection services, bool includeLocalStorage = false)
    {
        var serviceType = typeof(IService);

@@ -19,6 +20,9 @@ public static class Shop

        foreach (var coreImplementation in coreImplementations) services.AddScoped(coreImplementation);

+        if (includeLocalStorage)
+            services.AddScoped<LocalStorageService>();
+
        return services;
    }
 }
@@ -148,6 +148,7 @@

  <!-- Shared Usings -->
  <ItemGroup>
+    <Using Include="Microsoft.AspNetCore.Http" />
    <Using Include="System.Net.Sockets" />
    <Using Include="System.Text.RegularExpressions" />
    <Using Include="System.Web" />
@@ -1,5 +1,4 @@
-using LiteCharms.Features.Abstractions;
-using LiteCharms.Features.Browser;
+using LiteCharms.Features.Browser;
 using LiteCharms.Features.Hasher;
 using LiteCharms.Features.MidrandBooks.Authors.Models;
 using LiteCharms.Features.MidrandBooks.Payments.Models;
@@ -7,7 +6,7 @@ using LiteCharms.Features.MidrandBooks.Products.Models;

 namespace LiteCharms.Features.MidrandBooks.Payments;

-public sealed class CartService(LocalStorageService localStorage) : IService
+public sealed class CartService(LocalStorageService localStorage)
 {
    private readonly string CartStorageKey = HashService.ToMd5Hash(nameof(Cart)).Value;

@@ -48,6 +48,41 @@ public sealed partial class PayfastService(IDbContextFactory<MidrandBooksDbConte
        }
    }

+    public static bool VerifyIncomingSignature(HttpRequest request, string passphrase)
+    {
+        var formFields = new Dictionary<string, string>(StringComparer.Ordinal);
+
+        foreach (var file in request.Form)
+            formFields.Add(file.Key, file.Value.ToString());
+
+        if (!formFields.TryGetValue("signature", out string? incomingSignature))
+            return false;
+
+        var stringBuilder = new StringBuilder();
+
+        foreach (var key in formFields.Keys)
+        {
+            if (key.Equals("signature", StringComparison.OrdinalIgnoreCase))
+                continue;
+
+            string rawValue = formFields[key] ?? string.Empty;
+
+            string encodedVal = HttpUtility.UrlEncode(rawValue.Trim());
+            string cleanVal = PercentEncodingRegex.Replace(encodedVal, m => m.Value.ToUpperInvariant());
+
+            stringBuilder.Append($"{key}={cleanVal}&");
+        }
+
+        string encodedPassphrase = HttpUtility.UrlEncode(passphrase.Trim());
+        string safePassphrase = PercentEncodingRegex.Replace(encodedPassphrase, m => m.Value.ToUpperInvariant());
+
+        stringBuilder.Append($"passphrase={safePassphrase}");
+
+        string generatedSignature = HashService.ToMd5Hash(stringBuilder.ToString()).Value;
+
+        return incomingSignature.Equals(generatedSignature, StringComparison.OrdinalIgnoreCase);
+    }
+
    public async ValueTask<Result<bool>> ValidateReferrerIpAsync(string remoteIpAddress, bool allowLoopback = false, CancellationToken cancellationToken = default)
    {
        if(payfastOptions.Value?.ValidHosts?.Length == 0)
@@ -147,8 +182,35 @@ public sealed partial class PayfastService(IDbContextFactory<MidrandBooksDbConte
    {
        var pfOutput = new StringBuilder();

-        // Define the exact structural sequence mandated by Payfast's documentation
-        string[] mandatorySequence =
+        var mandatorySequence = GetPayfastMandatoryFieldSequence();
+
+        foreach (string key in mandatorySequence)
+        {
+            if (data.TryGetValue(key, out string? rawValue) && !string.IsNullOrEmpty(rawValue))
+            {
+                string encodedVal = HttpUtility.UrlEncode(rawValue.Trim());
+                string val = PercentEncodingRegex.Replace(encodedVal, m => m.Value.ToUpperInvariant());
+
+                pfOutput.Append($"{key}={val}&");
+            }
+        }
+
+        var getString = pfOutput.Length > 0
+            ? pfOutput.ToString()[..^1]
+            : string.Empty;
+
+        if (!string.IsNullOrWhiteSpace(passPhrase))
+        {
+            string encodedPassphrase = HttpUtility.UrlEncode(passPhrase.Trim());
+            string safePassphrase = PercentEncodingRegex.Replace(encodedPassphrase, m => m.Value.ToUpperInvariant());
+
+            getString += $"&passphrase={safePassphrase}";
+        }
+
+        return HashService.ToMd5Hash(getString);
+    }
+
+    private static string[] GetPayfastMandatoryFieldSequence() =>
        [
            "merchant_id",
            "merchant_key",
@@ -182,35 +244,4 @@ public sealed partial class PayfastService(IDbContextFactory<MidrandBooksDbConte
            "frequency",
            "cycles"
        ];
-
-        // 1. Iterate explicitly by the mandatory positional array sequence instead of the dictionary's internal order
-        foreach (string key in mandatorySequence)
-        {
-            // Only append if the key exists in your source dictionary and contains data
-            if (data.TryGetValue(key, out string? rawValue) && !string.IsNullOrEmpty(rawValue))
-            {
-                // Payfast requires spaces to be '+' signs. HttpUtility does this natively.
-                string encodedVal = HttpUtility.UrlEncode(rawValue.Trim());
-
-                // Payfast requires all OTHER percent-encoded hex arrays to be UPPERCASE (e.g., %3A instead of %3a)
-                string val = Regex.Replace(encodedVal, "%[0-9A-Fa-f]{2}", m => m.Value.ToUpperInvariant());
-
-                pfOutput.Append($"{key}={val}&");
-            }
-        }
-
-        string getString = pfOutput.Length > 0
-            ? pfOutput.ToString()[..^1]
-            : string.Empty;
-
-        if (!string.IsNullOrWhiteSpace(passPhrase))
-        {
-            string encodedPassphrase = HttpUtility.UrlEncode(passPhrase.Trim());
-            string safePassphrase = Regex.Replace(encodedPassphrase, "%[0-9A-Fa-f]{2}", m => m.Value.ToUpperInvariant());
-
-            getString += $"&passphrase={safePassphrase}";
-        }
-
-        return HashService.ToMd5Hash(getString);
-    }
 }
@@ -4,8 +4,6 @@
    "ValidHosts": [
      "www.payfast.co.za",
      "sandbox.payfast.co.za",
-      "w1w.payfast.co.za",
-      "w2w.payfast.co.za",
      "ips.payfast.co.za",
      "api.payfast.co.za",
      "payment.payfast.io"
@@ -1,11 +1,10 @@
-using LiteCharms.Features.Abstractions;
-using LiteCharms.Features.Api.Configuration;
+using LiteCharms.Features.Api.Configuration;
 using LiteCharms.Features.Api.Models;
 using LiteCharms.Features.Api.Sdk;

 namespace LiteCharms.Features.Api;

-public sealed class TokenService(IConnectApi connectApi, IOptions<LiteCharmsClientSettings> clientOptions) : IService
+public sealed class TokenService(IConnectApi connectApi, IOptions<LiteCharmsClientSettings> clientOptions)
 {
    private readonly LiteCharmsClientSettings clientSettings = clientOptions.Value;

@@ -1,8 +1,6 @@
-using LiteCharms.Features.Abstractions;
+namespace LiteCharms.Features.Browser;

-namespace LiteCharms.Features.Browser;
-
-public sealed class LocalStorageService(ProtectedLocalStorage storage) : IService
+public sealed class LocalStorageService(ProtectedLocalStorage storage)
 {
    public async ValueTask<Result> DeleteAsync(string key)
    {
@@ -46,6 +46,8 @@ public static class Api
                options.Retry.BackoffType = Polly.DelayBackoffType.Exponential;
            });

+        services.AddScoped<TokenService>();
+
        return services;
    }
Author	SHA1	Message	Date
khwezi	95dc2e2da2	Merge pull request 'payments' (#110 ) from payments into master Reviewed-on: #110	2026-06-13 15:50:20 +02:00
Khwezi Mngoma	59fc0432b4	ensure alphabetical sorting continuous-integration/drone/pr Build is passing Details	2026-06-13 15:49:45 +02:00
Khwezi Mngoma	99c0508f6f	Implemented separate signature validator	2026-06-13 15:45:59 +02:00
Khwezi Mngoma	b984dab2be	Updated valid payfast addresses	2026-06-13 12:08:23 +02:00
khwezi	157f097dfb	Merge pull request 'Catering for service registration of non-UI apps' (#109 ) from payments into master Reviewed-on: #109	2026-06-13 10:46:11 +02:00
Khwezi Mngoma	630e74814b	Catering for service registration of non-UI apps continuous-integration/drone/pr Build is passing Details	2026-06-13 10:45:31 +02:00
khwezi	6248d03ead	Merge pull request 'Removed automatic service registration for the CartService' (#108 ) from payments into master Reviewed-on: #108	2026-06-13 10:22:52 +02:00
Khwezi Mngoma	9b474a398b	Removed automatic service registration for the CartService continuous-integration/drone/pr Build is passing Details	2026-06-13 10:22:24 +02:00
khwezi	3deae15f5a	Merge pull request 'Removed automatic LocalStorageService registration' (#107 ) from payments into master Reviewed-on: #107	2026-06-13 10:19:13 +02:00
Khwezi Mngoma	8e1df7938b	Removed automatic LocalStorageService registration continuous-integration/drone/pr Build is passing Details	2026-06-13 10:18:42 +02:00
khwezi	d9f2d32c76	Merge pull request 'Refactored registration of Features service from Scoped to Transient' (#106 ) from payments into master Reviewed-on: #106	2026-06-13 10:07:27 +02:00
Khwezi Mngoma	9296f0331e	Refactored registration of Features service from Scoped to Transient continuous-integration/drone/pr Build is passing Details	2026-06-13 10:06:54 +02:00