Merge pull request 'Added cookie policies on AddLiteCharmsWebSecurity' (#125) from dataprotection into master

Reviewed-on: #125

LiteCharms.Abstractions/LiteCharms.Abstractions.csproj

@@ -0,0 +1,40 @@
+<Project Sdk="Microsoft.NET.Sdk">
+
+  <PropertyGroup>
+    <TargetFramework>net10.0</TargetFramework>
+    <ImplicitUsings>enable</ImplicitUsings>
+    <Nullable>enable</Nullable>
+    <SignAssembly>True</SignAssembly>
+    <AssemblyOriginatorKeyFile>..\LiteCharms.snk</AssemblyOriginatorKeyFile>
+  </PropertyGroup>
+
+  <!-- Nuget Package Details -->
+  <PropertyGroup>
+    <PackageId>LiteCharms.Abstractions</PackageId>
+    <Version>1.0.20</Version>
+    <Authors>Khwezi Mngoma</Authors>
+    <Company>Lite Charms (PTY) Ltd</Company>
+    <Description>Shared abstractions for Lite Charms applications.</Description>
+    <PackageProjectUrl>https://gitea.khongisa.co.za/litecharms/components</PackageProjectUrl>
+    <RepositoryUrl>https://gitea.khongisa.co.za/litecharms/components.git</RepositoryUrl>
+    <RepositoryType>git</RepositoryType>
+    <PackageLicenseFile>LICENSE</PackageLicenseFile>
+    <PackageTags>utility;dotnet</PackageTags>
+    <PackageIcon>icon.png</PackageIcon>
+  </PropertyGroup>
+
+  <ItemGroup>
+    <None Include="..\LICENSE" Pack="true" PackagePath="\" />
+    <None Include="..\icon.png" Pack="true" PackagePath="\" />
+  </ItemGroup>
+  
+  <ItemGroup>
+    <PackageReference Include="FluentResults" Version="4.0.0" />
+    <PackageReference Include="Mediator.Abstractions" Version="3.0.2" />
+
+    <Using Include="Mediator" />
+    <Using Include="FluentResults" />
+    <Using Include="System.Threading.Channels" />
+  </ItemGroup>
+
+</Project>

LiteCharms.Entities/LiteCharms.Entities.csproj

@@ -0,0 +1,45 @@
+<Project Sdk="Microsoft.NET.Sdk">
+
+  <PropertyGroup>
+    <TargetFramework>net10.0</TargetFramework>
+    <ImplicitUsings>enable</ImplicitUsings>
+    <Nullable>enable</Nullable>
+    <SignAssembly>True</SignAssembly>
+    <AssemblyOriginatorKeyFile>..\LiteCharms.snk</AssemblyOriginatorKeyFile>
+  </PropertyGroup>
+
+  <!-- Nuget Package Details -->
+  <PropertyGroup>
+    <PackageId>LiteCharms.Entities</PackageId>
+    <Version>1.0.20</Version>
+    <Authors>Khwezi Mngoma</Authors>
+    <Company>Lite Charms (PTY) Ltd</Company>
+    <Description>Shared entities for Lite Charms applications.</Description>
+    <PackageProjectUrl>https://gitea.khongisa.co.za/litecharms/components</PackageProjectUrl>
+    <RepositoryUrl>https://gitea.khongisa.co.za/litecharms/components.git</RepositoryUrl>
+    <RepositoryType>git</RepositoryType>
+    <PackageLicenseFile>LICENSE</PackageLicenseFile>
+    <PackageTags>utility;dotnet</PackageTags>
+    <PackageIcon>icon.png</PackageIcon>
+  </PropertyGroup>
+
+  <ItemGroup>
+    <None Include="..\LICENSE" Pack="true" PackagePath="\"/>
+    <None Include="..\icon.png" Pack="true" PackagePath="\" />
+  </ItemGroup>
+
+  <!-- Database -->
+  <ItemGroup>
+    <PackageReference Include="Microsoft.EntityFrameworkCore" Version="10.0.7" />    
+    <PackageReference Include="Microsoft.EntityFrameworkCore.Relational" Version="10.0.7" />    
+
+    <!-- Global Usings -->    
+    <Using Include="Microsoft.EntityFrameworkCore" />
+    <Using Include="Microsoft.EntityFrameworkCore.Metadata.Builders" />
+  </ItemGroup>
+
+  <ItemGroup>
+    <ProjectReference Include="..\LiteCharms.Models\LiteCharms.Models.csproj" />
+  </ItemGroup>
+
+</Project>

LiteCharms.Features.MidrandBooks.Seed/LiteCharms.Features.MidrandBooks.Seed.csproj

@@ -11,7 +11,7 @@
   <!-- Quartz Scheduler-->
   <ItemGroup>
     <PackageReference Include="Bogus" Version="35.6.5" />
-    <PackageReference Include="Meziantou.Analyzer" Version="3.0.102">
+    <PackageReference Include="Meziantou.Analyzer" Version="3.0.103">
       <PrivateAssets>all</PrivateAssets>
       <IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
     </PackageReference>
@@ -116,8 +116,8 @@
 
   <!-- Amazon S3 SDK -->
   <ItemGroup>
-    <PackageReference Include="AWSSDK.Extensions.NetCore.Setup" Version="4.0.4.6" />
-    <PackageReference Include="AWSSDK.S3" Version="4.0.24.3" />
+    <PackageReference Include="AWSSDK.Extensions.NetCore.Setup" Version="4.0.4.7" />
+    <PackageReference Include="AWSSDK.S3" Version="4.0.24.4" />
     <ProjectReference Include="..\LiteCharms.Features\LiteCharms.Features.csproj" />
 
     <!-- global Usings -->

LiteCharms.Features.MidrandBooks/LiteCharms.Features.MidrandBooks.csproj

@@ -32,7 +32,7 @@
   <!-- Quartz Scheduler-->
   <ItemGroup>
     <PackageReference Include="Humanizer" Version="3.0.10" />
-    <PackageReference Include="Meziantou.Analyzer" Version="3.0.102">
+    <PackageReference Include="Meziantou.Analyzer" Version="3.0.103">
       <PrivateAssets>all</PrivateAssets>
       <IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
     </PackageReference>
@@ -136,8 +136,8 @@
 
   <!-- Amazon S3 SDK -->
   <ItemGroup>
-    <PackageReference Include="AWSSDK.Extensions.NetCore.Setup" Version="4.0.4.6" />
-    <PackageReference Include="AWSSDK.S3" Version="4.0.24.3" />
+    <PackageReference Include="AWSSDK.Extensions.NetCore.Setup" Version="4.0.4.7" />
+    <PackageReference Include="AWSSDK.S3" Version="4.0.24.4" />
     <ProjectReference Include="..\LiteCharms.Features\LiteCharms.Features.csproj" />
 
     <!-- global Usings -->

LiteCharms.Features.MidrandBooks/Payments/Events/Handlers/PayfastPaymentConfirmationReceivedEventHandler.cs

@@ -1,17 +1,13 @@
-using LiteCharms.Features.Api.Configuration;
-using LiteCharms.Features.Hasher;
+using LiteCharms.Features.Hasher;
 using LiteCharms.Features.Mediator;
 using LiteCharms.Features.MidrandBooks.Orders;
 using LiteCharms.Features.MidrandBooks.Payments.Models;
 
 namespace LiteCharms.Features.MidrandBooks.Payments.Events.Handlers;
 
-public sealed class PayfastPaymentConfirmationReceivedEventHandler(IServiceProvider services, 
-    IOptions<PayfastSettings> payfastOptions, ILogger<PayfastPaymentConfirmationReceivedEvent> logger) :
+public sealed class PayfastPaymentConfirmationReceivedEventHandler(IServiceProvider services, ILogger<PayfastPaymentConfirmationReceivedEvent> logger) :
     INotificationHandler<PayfastPaymentConfirmationReceivedEvent>
 {
-    private readonly PayfastSettings pasfastSettings = payfastOptions.Value;
-
     public async ValueTask Handle(PayfastPaymentConfirmationReceivedEvent notification, CancellationToken cancellationToken)
     {
         using var activity = MediatorTelemetry.Source.StartActivity($"Quartz: {typeof(PayfastPaymentConfirmationReceivedEvent).Name}");
@@ -23,83 +19,34 @@ public sealed class PayfastPaymentConfirmationReceivedEventHandler(IServiceProvi
         var paymentService = scope.ServiceProvider.GetRequiredService<PaymentService>();
         var payfastService = scope.ServiceProvider.GetRequiredService<PayfastService>();
 
-        var payload = notification.Payload ?? throw new Exception("Payload metadata context context is null.");
+        var payload = notification.Payload ?? throw new Exception("Payload metadata context is null.");
 
-        var dict = payload.ToParamDictionary();
-        var localSignature = PayfastService.GenerateSignature(dict, pasfastSettings.Passphrase);
+        var hashResult = hashService.DecodeLongIdHash(payload.MerchantPaymentId!);
+        if (hashResult.IsFailed) throw new Exception("Failed to decode application tracking hash key identifier.");
 
-        if (localSignature.IsFailed)
-            throw new Exception("Failed to generate local signature for incoming webhook payload.");
+        var orderResult = await orderService.GetOrderAsync(hashResult.Value, cancellationToken);
+        if (orderResult.IsFailed) throw new Exception("Target system order entity context cannot be traced.");
 
-        if (!string.Equals(localSignature.Value, payload.Signature, StringComparison.OrdinalIgnoreCase))
+        var paymentResult = await paymentService.GetOrderPaymentAsync(orderResult.Value.Id, cancellationToken);
+        if (paymentResult.IsFailed) throw new Exception("Target payment ledger entity cannot be resolved.");
+
+        var isAlreadyProcessed = await paymentService.HasLedgerEntryAsync(orderResult.Value.Id, paymentResult.Value.Id, cancellationToken);
+        if (isAlreadyProcessed.Value)
         {
-            logger.LogCritical("Incoming webhook signature verification failed. Possible payload tampering.");
+            logger.LogWarning("Webhook reference token '{Ref}' already verified. Skipping processing routines.", payload.MerchantPaymentId);
 
             return;
         }
 
-        var hashResult = hashService.DecodeLongIdHash(payload.MerchantPaymentId!);
-
-        if (hashResult.IsFailed) throw new Exception("Failed to decode application tracking hash key identifier.");
-
-        var orderResult = await orderService.GetOrderAsync(hashResult.Value, cancellationToken);
-
-        if (orderResult.IsFailed) throw new Exception("Target system order entity context cannot be traced.");
-
-        var paymentResult = await paymentService.GetOrderPaymentAsync(orderResult.Value.Id, cancellationToken);
-
-        if (paymentResult.IsFailed) throw new Exception("Target payment ledger entity cannot be resolved.");
+        var isAmountValid = payfastService.ValidatePaymentAmount(orderResult.Value.Total, payload.AmountGross);
+        if (!isAmountValid.Value)
+            throw new Exception("Security validation exception: Transaction cost variance bounds breached (Price Tampering Detected).");
 
         decimal.TryParse(payload.AmountGross, CultureInfo.InvariantCulture, out var gross);
         decimal.TryParse(payload.AmountFee, CultureInfo.InvariantCulture, out var fee);
         decimal.TryParse(payload.AmountNet, CultureInfo.InvariantCulture, out var net);
         string status = payload.PaymentStatus ?? "UNKNOWN";
 
-        var isAlreadyProcessed = await paymentService.HasLedgerEntryAsync(orderResult.Value.Id, paymentResult.Value.Id, cancellationToken);
-
-        if (isAlreadyProcessed.Value)
-        {
-            logger.LogWarning("Webhook reference token '{Ref}' already verified. Skipping validation routines.", payload.MerchantPaymentId);
-
-            return;
-        }
-
-        if (notification.PerformBackgroundChecks)
-        {
-            var isHostValid = await payfastService.ValidateReferrerIpAsync(notification.RemoteIpAddress!, notification.AllowLoopback, cancellationToken);
-
-            if (isHostValid.IsFailed)
-                throw new Exception("Security validation exception: Webhook packet source address failed cluster validation checks.");
-
-            if (!isHostValid.Value)
-                throw new Exception("Security validation exception: Webhook packet source address failed cluster validation checks.");
-
-            var isAmountValid = payfastService.ValidatePaymentAmount(orderResult.Value.Total, payload.AmountGross);
-
-            if (!isAmountValid.Value)
-                throw new Exception("Security validation exception: Transaction cost variance bounds breached.");
-
-            var paramList = new List<string>();
-
-            foreach (var kvp in dict)
-            {
-                if (!string.IsNullOrEmpty(kvp.Value))
-                {
-                    string encoded = HttpUtility.UrlEncode(kvp.Value.Trim());
-
-                    string safeValue = PayfastService.PercentEncodingRegex.Replace(encoded, m => m.Value.ToLowerInvariant());
-                    paramList.Add($"{kvp.Key}={safeValue}");
-                }
-            }
-
-            string rawParamString = string.Join("&", paramList);
-
-            var serverConfirmation = await payfastService.ValidateServerConfirmationAsync(rawParamString, isSandbox: true, cancellationToken);
-
-            if (serverConfirmation.IsFailed)
-                throw new Exception("Security validation exception: Payfast central handshake server rejected payload legitimacy.");
-        }
-
         await payfastService.WriteLedgerEntryAsync(new CreateGatewayLedgerEntry
         {
             OrderId = orderResult.Value.Id,
@@ -119,46 +66,39 @@ public sealed class PayfastPaymentConfirmationReceivedEventHandler(IServiceProvi
             {
                 OrderId = orderResult.Value.Id,
                 PaymentId = paymentResult.Value.Id,
-                PaymentGatewayReference = payload.PaymentId!,
+                PaymentGatewayReference = payload.MerchantPaymentId!,
                 Status = LedgerStatuses.Completed,
                 CustomerId = orderResult.Value.CustomerId,
             }, cancellationToken);
 
-            if (ledgerWriteResult.IsFailed)
-                throw new Exception("Failed to write ledger entry for payment confirmation.");
+            if (ledgerWriteResult.IsFailed) throw new Exception("Failed to write ledger entry for payment confirmation.");
 
             var completePaymentResult = await paymentService.CompletePaymentAsync(paymentResult.Value.Id, PaymentStatuses.Paid, cancellationToken);
-
-            if (completePaymentResult.IsFailed)
-                throw new Exception("Failed to update payment status to 'Paid' for payment confirmation.");
+            if (completePaymentResult.IsFailed) throw new Exception("Failed to update payment status to 'Paid'.");
 
             var updateOrderResult = await orderService.UpdateOrderStatusAsync(orderResult.Value.Id, OrderStatus.Completed, cancellationToken);
-
-            if (updateOrderResult.IsFailed)
-                throw new Exception("Failed to update order status to 'Completed' for payment confirmation.");
+            if (updateOrderResult.IsFailed) throw new Exception("Failed to update order status to 'Completed'.");
 
             logger.LogInformation("Order payment verified secure and cleared successfully.");
         }
         else
         {
-            LedgerStatuses ledgerStatus;
+            LedgerStatuses ledgerStatus = status.Equals("CANCELLED", StringComparison.OrdinalIgnoreCase)
+                ? LedgerStatuses.Cancelled
+                : LedgerStatuses.Failed;
 
-            if (status.Equals("CANCELLED", StringComparison.OrdinalIgnoreCase))
-                ledgerStatus = LedgerStatuses.Cancelled;
-            else
-                ledgerStatus = LedgerStatuses.Failed;
-
-            var ledgerWriteResult = await paymentService.WriteLedgerEntryAsync(new CreateLedgerEntry
+            await paymentService.WriteLedgerEntryAsync(new CreateLedgerEntry
             {
                 OrderId = orderResult.Value.Id,
                 PaymentId = paymentResult.Value.Id,
-                PaymentGatewayReference = payload.PaymentId!,
+                PaymentGatewayReference = payload.MerchantPaymentId!,
                 Status = ledgerStatus,
                 CustomerId = orderResult.Value.CustomerId,
             }, cancellationToken);
 
-            logger.LogInformation("Webhook validation pipeline passed checks successfully, logged entry to ledger with status: {Status}", status);
+            logger.LogInformation("Webhook pipeline logged non-success entry to ledger with status: {Status}", status);
         }
+
         activity?.SetStatus(ActivityStatusCode.Ok);
     }
 }

LiteCharms.Features.MidrandBooks/Payments/PaymentService.cs

@@ -123,8 +123,7 @@ public sealed class PaymentService(IDbContextFactory<MidrandBooksDbContext> cont
             await using var context = await contextFactory.CreateDbContextAsync(cancellationToken);
 
             var exists = await context.Ledger.AnyAsync(l =>
-                l.OrderId == orderId &&
-                l.PaymentId == paymentId, cancellationToken);
+                l.OrderId == orderId && l.PaymentId == paymentId && l.Status == LedgerStatuses.Completed, cancellationToken);
 
             return Result.Ok(exists);
         }
@@ -162,7 +161,8 @@ public sealed class PaymentService(IDbContextFactory<MidrandBooksDbContext> cont
                 CustomerId = request.CustomerId,
                 OrderId = request.OrderId,
                 PaymentId = request.PaymentId,
-                Status = request.Status,
+                MerchantPaymentId = request.PaymentGatewayReference,
+                Status = request.Status,                
             });
 
             return await context.SaveChangesAsync(cancellationToken) > 0

LiteCharms.Features.TechShop/LiteCharms.Features.TechShop.csproj

@@ -136,8 +136,8 @@
 
   <!-- Amazon S3 SDK -->
   <ItemGroup>
-    <PackageReference Include="AWSSDK.Extensions.NetCore.Setup" Version="4.0.4.6" />
-    <PackageReference Include="AWSSDK.S3" Version="4.0.24.3" />
+    <PackageReference Include="AWSSDK.Extensions.NetCore.Setup" Version="4.0.4.7" />
+    <PackageReference Include="AWSSDK.S3" Version="4.0.24.4" />
     <ProjectReference Include="..\LiteCharms.Features\LiteCharms.Features.csproj" />
 
     <!-- global Usings -->

LiteCharms.Features.Tests/http/midrandshop-api/http-client.env.json

@@ -0,0 +1,17 @@
+{
+  "payfast-local": {
+    "baseUrl": "https://localhost:7196",
+    "paymentId": "jdPB2zaKM3Z",
+    "signature": "6aeff59bb74f2448ff2c3d81b2ec95de",
+    "item_name": "System Architecture Book",
+    "amount": "350.00"
+  },
+  "payfast-uat": {
+    "baseUrl": "https://api.uat.midrandbooks.co.za",
+    "paymentId": "jdPB2zaKM3Z",
+    "signature": "6aeff59bb74f2448ff2c3d81b2ec95de",
+    "item_name": "System Architecture Book",
+    "amount": "350.00"
+  }
+}
+ 

LiteCharms.Features/Extensions/Api.cs

@@ -2,6 +2,7 @@
 using LiteCharms.Features.Api;
 using LiteCharms.Features.Api.Configuration;
 using LiteCharms.Features.Api.Sdk;
+using LiteCharms.Features.Postgres;
 
 namespace LiteCharms.Features.Extensions;
 
@@ -18,7 +19,7 @@ public static class Api
 
         return services;
     }
-    
+
     public static IServiceCollection AddSecurityApiSdk(this IServiceCollection services, IConfiguration configuration)
     {
         var configSection = configuration.GetSection(nameof(LiteCharmsClientSettings));
@@ -53,6 +54,12 @@ public static class Api
 
     public static IServiceCollection AddLiteCharmsWebSecurity(this IServiceCollection services, IConfiguration configuration)
     {
+        var certificate = X509CertificateLoader.LoadPkcs12(Convert.FromBase64String(configuration["DataProtection:Certificate"]!), configuration["DataProtection:Password"]);
+
+        services.AddDataProtection().PersistKeysToDbContext<DataProtectionDbContext>()
+            .ProtectKeysWithCertificate(certificate)
+            .SetApplicationName("LiteCharmsApp");
+
         var configSection = configuration.GetSection(nameof(LiteCharmsSettings));
 
         var authOptions = new LiteCharmsSettings();
@@ -65,37 +72,48 @@ public static class Api
             options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
             options.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
         })
-        .AddCookie(CookieAuthenticationDefaults.AuthenticationScheme)
+        .AddCookie(CookieAuthenticationDefaults.AuthenticationScheme, options =>
+        {
+            options.Cookie.SecurePolicy = CookieSecurePolicy.Always;
+            options.Cookie.SameSite = SameSiteMode.Lax;
+            options.Cookie.Name = "LiteCharmsApp.Session";
+        })
         .AddOpenIdConnect(OpenIdConnectDefaults.AuthenticationScheme, options =>
         {
             options.Authority = authOptions.Authority;
-
             options.ClientId = authOptions.ClientId;
             options.ClientSecret = authOptions.ClientSecret;
             options.ResponseType = "code";
-
+        
             options.SaveTokens = true;
-            options.GetClaimsFromUserInfoEndpoint = true;
-
+            options.GetClaimsFromUserInfoEndpoint = true;        
+            options.CorrelationCookie.SecurePolicy = CookieSecurePolicy.Always;
+            options.CorrelationCookie.SameSite = SameSiteMode.None;
+        
+            options.NonceCookie.SecurePolicy = CookieSecurePolicy.Always;
+            options.NonceCookie.SameSite = SameSiteMode.None;
+        
+            options.ForwardSignOut = CookieAuthenticationDefaults.AuthenticationScheme;
+        
             options.Scope.Clear();
             options.Scope.Add("openid");
             options.Scope.Add("profile");
             options.Scope.Add("email");
-
+        
             options.Events = new OpenIdConnectEvents
             {
                 OnRedirectToIdentityProviderForSignOut = context =>
                 {
                     var idToken = context.ProtocolMessage.IdTokenHint;
-
+        
                     if (string.IsNullOrEmpty(idToken))
                     {
                         var tokens = context.Properties.GetTokens();
                         var idTokenItem = tokens.FirstOrDefault(t => string.Equals(t.Name, "id_token", StringComparison.Ordinal));
-
+        
                         if (idTokenItem != null) context.ProtocolMessage.IdTokenHint = idTokenItem.Value;
                     }
-
+        
                     return Task.CompletedTask;
                 },
             };
@@ -143,17 +161,22 @@ public static class Api
             });
         });
 
-        app.MapGet("/logout", async (HttpContext context) =>
+        app.MapGet("/logout", async (HttpContext context, string? redirectUri = null) =>
         {
             var idToken = await context.GetTokenAsync("id_token");
 
-            var authProperties = new AuthenticationProperties { RedirectUri = "/", };
+            if (string.IsNullOrWhiteSpace(redirectUri))
+            {
+                var host = context.Request.Host.ToUriComponent();
+                redirectUri = $"https://{host}/";
+            }
 
-            if (!string.IsNullOrEmpty(idToken)) 
+            var authProperties = new AuthenticationProperties { RedirectUri = redirectUri, };
+
+            if (!string.IsNullOrEmpty(idToken))
                 authProperties.Parameters.Add("id_token_hint", idToken);
 
             await context.SignOutAsync(OpenIdConnectDefaults.AuthenticationScheme, authProperties);
-            await context.SignOutAsync(CookieAuthenticationDefaults.AuthenticationScheme);
         });
 
         return app;

LiteCharms.Features/Extensions/Postgres.cs

@@ -1,6 +1,19 @@
-namespace LiteCharms.Features.Extensions;
+using LiteCharms.Features.Postgres;
+
+namespace LiteCharms.Features.Extensions;
 
 public static class Postgres
 {
-    public const string SchedulerDbConfigName = "PostgresScheduler";    
+    public const string SchedulerDbConfigName = "PostgresScheduler";
+    public const string DataProtectionDbConfigName = "PostgresDataProtection";
+
+    public static IServiceCollection AddDataProtectionDatabase(this IServiceCollection services, IConfiguration configuration)
+    {
+        var connectionString = configuration.GetConnectionString(DataProtectionDbConfigName);        
+
+        services.AddPooledDbContextFactory<DataProtectionDbContext>(options =>
+            options.UseNpgsql(connectionString));
+
+        return services;
+    }
 }

LiteCharms.Features/LiteCharms.Features.csproj

@@ -79,7 +79,7 @@
   <!-- Quartz Scheduler-->
   <ItemGroup>    
     <PackageReference Include="Hashids.net" Version="1.7.0" />    
-    <PackageReference Include="Meziantou.Analyzer" Version="3.0.102">
+    <PackageReference Include="Meziantou.Analyzer" Version="3.0.103">
       <PrivateAssets>all</PrivateAssets>
       <IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
     </PackageReference>    
@@ -153,9 +153,11 @@
       <IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
     </PackageReference>
     <PackageReference Include="Npgsql.EntityFrameworkCore.PostgreSQL" Version="10.0.2" />
+    <PackageReference Include="Microsoft.AspNetCore.DataProtection.EntityFrameworkCore" Version="10.0.9" />
 
     <!-- Global Usings -->
     <Using Include="Npgsql" />
+    <Using Include="Microsoft.AspNetCore.DataProtection.EntityFrameworkCore" />
     <Using Include="Microsoft.EntityFrameworkCore" />
     <Using Include="Microsoft.EntityFrameworkCore.Design" />
     <Using Include="Microsoft.EntityFrameworkCore.Metadata.Builders" />
@@ -183,8 +185,8 @@
   
   <!-- Amazon S3 SDK -->
   <ItemGroup>
-    <PackageReference Include="AWSSDK.Extensions.NetCore.Setup" Version="4.0.4.6" />
-    <PackageReference Include="AWSSDK.S3" Version="4.0.24.3" />
+    <PackageReference Include="AWSSDK.Extensions.NetCore.Setup" Version="4.0.4.7" />
+    <PackageReference Include="AWSSDK.S3" Version="4.0.24.4" />
     
     <!-- global Usings -->
     <Using Include="Amazon.S3" />
@@ -194,6 +196,8 @@
 
   <!-- Shared Usings -->
   <ItemGroup>
+    <Using Include="Microsoft.AspNetCore.DataProtection" />
+    <Using Include="System.Security.Cryptography.X509Certificates" />
     <Using Include="Microsoft.AspNetCore.Components.Server.ProtectedBrowserStorage" />
     <Using Include="System.Text.Json.Serialization" />
     <Using Include="System.Reflection" />

LiteCharms.Features/Postgres/DataProtectionDbContext.cs

@@ -0,0 +1,13 @@
+namespace LiteCharms.Features.Postgres;
+
+public class DataProtectionDbContext(DbContextOptions<DataProtectionDbContext> options) : DbContext(options), IDataProtectionKeyContext
+{
+    public DbSet<DataProtectionKey> DataProtectionKeys { get; set; }
+
+    protected override void OnModelCreating(ModelBuilder modelBuilder)
+    {
+        base.OnModelCreating(modelBuilder);
+
+        modelBuilder.Entity<DataProtectionKey>(entity => entity.ToTable(nameof(DataProtectionKeys), schema: "security"));
+    }
+}

LiteCharms.Features/Postgres/DataProtectionDbContextFactory.cs

@@ -0,0 +1,20 @@
+using static LiteCharms.Features.Extensions.Postgres;
+
+namespace LiteCharms.Features.Postgres;
+
+public class DataProtectionDbContextFactory : IDesignTimeDbContextFactory<DataProtectionDbContext>
+{
+    public DataProtectionDbContext CreateDbContext(string[] args)
+    {
+        var configuration = new ConfigurationBuilder()
+            .SetBasePath(Directory.GetCurrentDirectory())
+            .AddUserSecrets(typeof(DataProtectionDbContext).Assembly)
+            .AddEnvironmentVariables()
+            .Build();
+
+        var optionsBuilder = new DbContextOptionsBuilder<DataProtectionDbContext>();
+        optionsBuilder.UseNpgsql(configuration.GetConnectionString(DataProtectionDbConfigName));
+
+        return new DataProtectionDbContext(optionsBuilder.Options);
+    }
+}

LiteCharms.Features/Postgres/Migrations/20260614075149_Init.Designer.cs

@@ -0,0 +1,48 @@
+// <auto-generated />
+using LiteCharms.Features.Postgres;
+using Microsoft.EntityFrameworkCore;
+using Microsoft.EntityFrameworkCore.Infrastructure;
+using Microsoft.EntityFrameworkCore.Migrations;
+using Microsoft.EntityFrameworkCore.Storage.ValueConversion;
+using Npgsql.EntityFrameworkCore.PostgreSQL.Metadata;
+
+#nullable disable
+
+namespace LiteCharms.Features.Postgres.Migrations
+{
+    [DbContext(typeof(DataProtectionDbContext))]
+    [Migration("20260614075149_Init")]
+    partial class Init
+    {
+        /// <inheritdoc />
+        protected override void BuildTargetModel(ModelBuilder modelBuilder)
+        {
+#pragma warning disable 612, 618
+            modelBuilder
+                .HasAnnotation("ProductVersion", "10.0.9")
+                .HasAnnotation("Relational:MaxIdentifierLength", 63);
+
+            NpgsqlModelBuilderExtensions.UseIdentityByDefaultColumns(modelBuilder);
+
+            modelBuilder.Entity("Microsoft.AspNetCore.DataProtection.EntityFrameworkCore.DataProtectionKey", b =>
+                {
+                    b.Property<int>("Id")
+                        .ValueGeneratedOnAdd()
+                        .HasColumnType("integer");
+
+                    NpgsqlPropertyBuilderExtensions.UseIdentityByDefaultColumn(b.Property<int>("Id"));
+
+                    b.Property<string>("FriendlyName")
+                        .HasColumnType("text");
+
+                    b.Property<string>("Xml")
+                        .HasColumnType("text");
+
+                    b.HasKey("Id");
+
+                    b.ToTable("DataProtectionKeys", "security");
+                });
+#pragma warning restore 612, 618
+        }
+    }
+}

LiteCharms.Features/Postgres/Migrations/20260614075149_Init.cs

@@ -0,0 +1,41 @@
+using Microsoft.EntityFrameworkCore.Migrations;
+using Npgsql.EntityFrameworkCore.PostgreSQL.Metadata;
+
+#nullable disable
+
+namespace LiteCharms.Features.Postgres.Migrations
+{
+    /// <inheritdoc />
+    public partial class Init : Migration
+    {
+        /// <inheritdoc />
+        protected override void Up(MigrationBuilder migrationBuilder)
+        {
+            migrationBuilder.EnsureSchema(
+                name: "security");
+
+            migrationBuilder.CreateTable(
+                name: "DataProtectionKeys",
+                schema: "security",
+                columns: table => new
+                {
+                    Id = table.Column<int>(type: "integer", nullable: false)
+                        .Annotation("Npgsql:ValueGenerationStrategy", NpgsqlValueGenerationStrategy.IdentityByDefaultColumn),
+                    FriendlyName = table.Column<string>(type: "text", nullable: true),
+                    Xml = table.Column<string>(type: "text", nullable: true)
+                },
+                constraints: table =>
+                {
+                    table.PrimaryKey("PK_DataProtectionKeys", x => x.Id);
+                });
+        }
+
+        /// <inheritdoc />
+        protected override void Down(MigrationBuilder migrationBuilder)
+        {
+            migrationBuilder.DropTable(
+                name: "DataProtectionKeys",
+                schema: "security");
+        }
+    }
+}

LiteCharms.Features/Postgres/Migrations/DataProtectionDbContextModelSnapshot.cs

@@ -0,0 +1,45 @@
+// <auto-generated />
+using LiteCharms.Features.Postgres;
+using Microsoft.EntityFrameworkCore;
+using Microsoft.EntityFrameworkCore.Infrastructure;
+using Microsoft.EntityFrameworkCore.Storage.ValueConversion;
+using Npgsql.EntityFrameworkCore.PostgreSQL.Metadata;
+
+#nullable disable
+
+namespace LiteCharms.Features.Postgres.Migrations
+{
+    [DbContext(typeof(DataProtectionDbContext))]
+    partial class DataProtectionDbContextModelSnapshot : ModelSnapshot
+    {
+        protected override void BuildModel(ModelBuilder modelBuilder)
+        {
+#pragma warning disable 612, 618
+            modelBuilder
+                .HasAnnotation("ProductVersion", "10.0.9")
+                .HasAnnotation("Relational:MaxIdentifierLength", 63);
+
+            NpgsqlModelBuilderExtensions.UseIdentityByDefaultColumns(modelBuilder);
+
+            modelBuilder.Entity("Microsoft.AspNetCore.DataProtection.EntityFrameworkCore.DataProtectionKey", b =>
+                {
+                    b.Property<int>("Id")
+                        .ValueGeneratedOnAdd()
+                        .HasColumnType("integer");
+
+                    NpgsqlPropertyBuilderExtensions.UseIdentityByDefaultColumn(b.Property<int>("Id"));
+
+                    b.Property<string>("FriendlyName")
+                        .HasColumnType("text");
+
+                    b.Property<string>("Xml")
+                        .HasColumnType("text");
+
+                    b.HasKey("Id");
+
+                    b.ToTable("DataProtectionKeys", "security");
+                });
+#pragma warning restore 612, 618
+        }
+    }
+}

LiteCharms.Infrastructure/LiteCharms.Infrastructure.csproj

@@ -0,0 +1,104 @@
+<Project Sdk="Microsoft.NET.Sdk">
+
+  <PropertyGroup>
+    <TargetFramework>net10.0</TargetFramework>
+    <ImplicitUsings>enable</ImplicitUsings>
+    <Nullable>enable</Nullable>
+    <UserSecretsId>7770ab3b-72ee-4897-8e06-57d6613e050a</UserSecretsId>
+    <SignAssembly>True</SignAssembly>
+    <AssemblyOriginatorKeyFile>..\LiteCharms.snk</AssemblyOriginatorKeyFile>
+  </PropertyGroup>
+
+  <!-- Nuget Package Details -->
+  <PropertyGroup>
+    <PackageId>LiteCharms.Infrastructure</PackageId>
+    <Version>1.0.20</Version>
+    <Authors>Khwezi Mngoma</Authors>
+    <Company>Lite Charms (PTY) Ltd</Company>
+    <Description>Infrastructure components for Lite Charms applications.</Description>
+    <PackageProjectUrl>https://gitea.khongisa.co.za/litecharms/components</PackageProjectUrl>
+    <RepositoryUrl>https://gitea.khongisa.co.za/litecharms/components.git</RepositoryUrl>
+    <RepositoryType>git</RepositoryType>
+    <PackageLicenseFile>LICENSE</PackageLicenseFile>
+    <PackageIcon>icon.png</PackageIcon>
+  </PropertyGroup>
+
+  <ItemGroup>
+    <None Include="..\LICENSE" Pack="true" PackagePath="\" />
+    <None Include="..\icon.png" Pack="true" PackagePath="\" />
+  </ItemGroup>
+
+  <!-- Quartz Scheduler-->
+  <ItemGroup>        
+    <PackageReference Include="Quartz" Version="3.18.1" />    
+    <PackageReference Include="Quartz.Plugins" Version="3.18.1" />
+    <PackageReference Include="Quartz.Plugins.TimeZoneConverter" Version="3.18.1" />
+    <PackageReference Include="Quartz.Serialization.SystemTextJson" Version="3.18.1" />
+
+    <!-- Global Usings -->
+    <Using Include="Quartz" />
+    <Using Include="Mediator" />
+    <Using Include="FluentResults" />
+  </ItemGroup>
+
+  <!-- Configuration -->
+  <ItemGroup>
+    <PackageReference Include="Microsoft.Extensions.Configuration" Version="10.0.7" />    
+    <PackageReference Include="Microsoft.Extensions.Configuration.Abstractions" Version="10.0.7" />    
+    <PackageReference Include="Microsoft.Extensions.Configuration.EnvironmentVariables" Version="10.0.7" />    
+    <PackageReference Include="Microsoft.Extensions.Configuration.Json" Version="10.0.7" />    
+    <PackageReference Include="Microsoft.Extensions.Configuration.UserSecrets" Version="10.0.7" />
+    
+    <!-- Global Usings -->
+    <Using Include="Microsoft.Extensions.Configuration" />
+  </ItemGroup>
+  
+  <!-- Health Checks -->
+  <ItemGroup>    
+    <PackageReference Include="Microsoft.Extensions.Diagnostics.HealthChecks" Version="10.0.7" />
+    
+    <!-- Global Usings -->
+    <Using Include="Microsoft.Extensions.Diagnostics.HealthChecks" />
+  </ItemGroup>
+
+  <!-- Database -->
+  <ItemGroup>
+    <PackageReference Include="Microsoft.EntityFrameworkCore" Version="10.0.7" />
+    <PackageReference Include="Microsoft.EntityFrameworkCore.Design" Version="10.0.7">
+      <PrivateAssets>all</PrivateAssets>
+      <IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
+    </PackageReference>
+    <PackageReference Include="Microsoft.EntityFrameworkCore.Relational" Version="10.0.7" />
+    <PackageReference Include="Microsoft.EntityFrameworkCore.Tools" Version="10.0.7">
+      <PrivateAssets>all</PrivateAssets>
+      <IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
+    </PackageReference>
+    <PackageReference Include="Npgsql.EntityFrameworkCore.PostgreSQL" Version="10.0.1" />
+
+    <!-- Global Usings -->
+    <Using Include="Npgsql" />
+    <Using Include="Microsoft.EntityFrameworkCore" />
+    <Using Include="Microsoft.EntityFrameworkCore.Design" />
+    <Using Include="Microsoft.EntityFrameworkCore.Metadata.Builders" />
+  </ItemGroup>
+
+  <!-- Project References -->
+  <ItemGroup>
+    <ProjectReference Include="..\LiteCharms.Abstractions\LiteCharms.Abstractions.csproj" />
+    <ProjectReference Include="..\LiteCharms.Entities\LiteCharms.Entities.csproj" />
+    <ProjectReference Include="..\LiteCharms.Models\LiteCharms.Models.csproj" />
+  </ItemGroup>
+
+  <!-- Global Usings -->
+  <ItemGroup>
+    <Using Include="System.Text.Json" />
+    <Using Include="Microsoft.Extensions.Hosting" />
+  </ItemGroup>
+  
+  <ItemGroup>
+    <None Update="appsettings.json">
+      <CopyToOutputDirectory>PreserveNewest</CopyToOutputDirectory>
+    </None>
+  </ItemGroup>
+
+</Project>

LiteCharms.Models/LiteCharms.Models.csproj

@@ -0,0 +1,35 @@
+<Project Sdk="Microsoft.NET.Sdk">
+
+  <PropertyGroup>
+    <TargetFramework>net10.0</TargetFramework>
+    <ImplicitUsings>enable</ImplicitUsings>
+    <Nullable>enable</Nullable>
+    <SignAssembly>True</SignAssembly>
+    <AssemblyOriginatorKeyFile>..\LiteCharms.snk</AssemblyOriginatorKeyFile>
+  </PropertyGroup>
+
+  <!-- Nuget Package Details -->
+  <PropertyGroup>
+    <PackageId>LiteCharms.Models</PackageId>
+    <Version>1.0.20</Version>
+    <Authors>Khwezi Mngoma</Authors>
+    <Company>Lite Charms (PTY) Ltd</Company>
+    <Description>Shared models for Lite Charms applications.</Description>
+    <PackageProjectUrl>https://gitea.khongisa.co.za/litecharms/components</PackageProjectUrl>
+    <RepositoryUrl>https://gitea.khongisa.co.za/litecharms/components.git</RepositoryUrl>
+    <RepositoryType>git</RepositoryType>
+    <PackageLicenseFile>LICENSE</PackageLicenseFile>
+    <PackageTags>utility;dotnet</PackageTags>
+    <PackageIcon>icon.png</PackageIcon>
+  </PropertyGroup>
+
+  <!-- Global Usings -->
+  <ItemGroup>
+    <Using Include="System.ComponentModel.DataAnnotations"/>
+  </ItemGroup>
+
+  <ItemGroup>
+    <None Include="..\LICENSE" Pack="true" PackagePath="\" />
+    <None Include="..\icon.png" Pack="true" PackagePath="\" />
+  </ItemGroup>
+</Project>