Merge pull request 'Refactored authentication' (#71 ) from payments into master

Reviewed-on: #71
Refactored authentication
2026-06-04 08:48:15 +02:00 · 2026-06-04 08:47:18 +02:00 · 2026-06-03 17:49:04 +02:00 · 2026-06-03 17:48:38 +02:00 · 2026-06-03 17:38:45 +02:00 · 2026-06-03 17:37:56 +02:00
50 changed files with 3747 additions and 298 deletions
@@ -361,3 +361,6 @@ MigrationBackup/
 # Fody - auto-generated XML schema
 FodyWeavers.xsd
 /LiteCharms.Features.Tests/http/http-client.env.json
 /LiteCharms.Features.Tests/http/midrandshop-api/http-client.env.json
 /LiteCharms.Features.Tests/http/authentik/http-client.env.json
@@ -116,8 +116,8 @@
  <!-- Amazon S3 SDK -->
  <ItemGroup>
-    <PackageReference Include="AWSSDK.Extensions.NetCore.Setup" Version="4.0.4.1" />
+    <PackageReference Include="AWSSDK.Extensions.NetCore.Setup" Version="4.0.4.3" />
-    <PackageReference Include="AWSSDK.S3" Version="4.0.23.4" />
+    <PackageReference Include="AWSSDK.S3" Version="4.0.24" />
    <ProjectReference Include="..\LiteCharms.Features\LiteCharms.Features.csproj" />
    <!-- global Usings -->
@@ -1,6 +1,6 @@
 {
  "FeatureManagement": {
-    "CategorySeederService": true,
+    "CategorySeederService": false,
    "CustomerSeederService": false,
    "ProductsSeederService": false
  },
@@ -25,6 +25,7 @@ public class Fixture : IDisposable
            .Build();
        Services = new ServiceCollection()
            .AddHttpClient()
            .AddMediator()
            .AddLogging()
            .AddEmailServiceBus()
@@ -33,6 +34,7 @@ public class Fixture : IDisposable
            .AddEmailServices(Configuration)
            .AddSingleton(Configuration)
            .AddShopServices()
            .AddHashServices(Configuration)
            .BuildServiceProvider();
        Mediator = Services.GetRequiredService<IMediator>();
@@ -17,7 +17,7 @@
      <PrivateAssets>all</PrivateAssets>
      <IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
    </PackageReference>
-    <PackageReference Include="Microsoft.NET.Test.Sdk" Version="18.5.1" />
+    <PackageReference Include="Microsoft.NET.Test.Sdk" Version="18.6.0" />
    <PackageReference Include="xunit" Version="2.9.3" />
    <PackageReference Include="xunit.runner.visualstudio" Version="3.1.5">
      <PrivateAssets>all</PrivateAssets>
@@ -39,6 +39,7 @@
  </ItemGroup>
  <ItemGroup>
    <Using Include="System.Net" />
    <Using Include="System.Text.Json" />
    <Using Include="System.Diagnostics" />
    <Using Include="Xunit" />
@@ -0,0 +1,113 @@
 using LiteCharms.Features.MidrandBooks.Payments;
 using LiteCharms.Features.MidrandBooks.Payments.Models;
 using LiteCharms.Features.MidrandBooks.Tests.Common;
 namespace LiteCharms.Features.MidrandBooks.Tests;
 public sealed class PayfastServiceFeatureTests(Fixture fixture) : IClassFixture<Fixture>
 {
    private readonly PayfastService payfastService = fixture.Services.GetRequiredService<PayfastService>();
    [IntegrationFact]
    public async Task WriteLedgerEntryAsync_ShouldReturn_ResultWithGatewayLedgerId()
    {
        var request = new CreateGatewayLedgerEntry
        {
            OrderId = 1,
            PaymentId = 1,
            MerchantPaymentId = "M_REF_TEST_99",
            PayfastPaymentId = "PF_SYS_ID_10023",
            CustomerEmail = "buyer@litecharms.co.za",
            AmountGross = 350.00m,
            AmountFee = 12.50m,
            AmountNet = 337.50m,
            PaymentStatus = "COMPLETE"
        };
        var result = await payfastService.WriteLedgerEntryAsync(request, fixture.CancellationToken);
        Assert.True(result.IsSuccess);
        Assert.True(result.Value > 0);
    }
    [IntegrationFact]
    public async Task ValidateReferrerIpAsync_WithValidPayfastHostIp_ShouldReturnTrue()
    {
        var addresses = await Dns.GetHostAddressesAsync("sandbox.payfast.co.za", fixture.CancellationToken);
        string liveTargetIp = addresses.First().ToString();
        var result = await payfastService.ValidateReferrerIpAsync(liveTargetIp, true, fixture.CancellationToken);
        Assert.True(result.IsSuccess);
        Assert.True(result.Value);
    }
    [IntegrationFact]
    public async Task ValidateReferrerIpAsync_WithUntrustedIp_ShouldReturnFalse()
    {
        string rogueIp = "8.8.8.8";
        var result = await payfastService.ValidateReferrerIpAsync(rogueIp, true, fixture.CancellationToken);
        Assert.True(result.IsSuccess);
        Assert.False(result.Value);
    }
    [IntegrationFact]
    public void ValidatePaymentAmount_WhenWithinAllowableDelta_ShouldReturnTrue()
    {
        decimal systemExpectedTotal = 199.99m;
        string gatewayClearedGross = "200.00"; // Variance is exactly R0.01
        var result = payfastService.ValidatePaymentAmount(systemExpectedTotal, gatewayClearedGross);
        Assert.True(result.IsSuccess);
        Assert.True(result.Value);
    }
    [IntegrationFact]
    public void ValidatePaymentAmount_WhenVarianceBreachesDeltaBounds_ShouldReturnFalse()
    {
        decimal systemExpectedTotal = 199.99m;
        string gatewayClearedGross = "150.00";
        var result = payfastService.ValidatePaymentAmount(systemExpectedTotal, gatewayClearedGross);
        Assert.True(result.IsSuccess);
        Assert.False(result.Value);
    }
    [IntegrationFact]
    public async Task ValidateServerConfirmationAsync_WithUnrecognizedPayload_ShouldReturnFalseFromCentralGateway()
    {
        // Arrange - Execute against actual Payfast servers using raw mock parameters. 
        // The server handshake will return 200 OK with string payload 'INVALID'
        string arbitraryParameters = "merchant_id=10000000&payment_status=COMPLETE";
        var result = await payfastService.ValidateServerConfirmationAsync(arbitraryParameters, isSandbox: true, fixture.CancellationToken);
        Assert.True(result.IsSuccess);
        Assert.False(result.Value);   // Handshake data rejected as fraudulent/unrecognized
    }
    [IntegrationFact]
    public void GenerateSignature_WithStandardTelemetryData_ShouldSucceedAndHashString()
    {
        var telemetryPayload = new Dictionary<string, string?>
        {
            { "merchant_id", "10049307" },
            { "merchant_key", "ju6navn0jcbf0" },
            { "amount_gross", "250.00" },
            { "item_name", "Midrand School Textbook Variant A" }
        };
        string passphrase = "oauth_test_signature_pass";
        var result = PayfastService.GenerateSignature(telemetryPayload, passphrase);
        Assert.True(result.IsSuccess);
        Assert.False(string.IsNullOrWhiteSpace(result.Value));
        Assert.Equal(32, result.Value.Length); // MD5 outputs hex representations totaling 32 characters
    }
 }
@@ -1,4 +1,16 @@
 {
  "ValidPayfastHosts": [
    "www.payfast.co.za",
    "sandbox.payfast.co.za",
    "w1w.payfast.co.za",
    "w2w.payfast.co.za",
    "ips.payfast.co.za",
    "api.payfast.co.za",
    "payment.payfast.io"
  ],
  "HasherSettings": {
    "MinHashLength": 11
  },
  "BookshopS3Settings": {
    "ServiceUrl": "http://192.168.1.177:30900",
    "Region": "garage",
@@ -6,12 +6,26 @@ using LiteCharms.Features.MidrandBooks.Orders.Models;
 using LiteCharms.Features.MidrandBooks.Pages.Models;
 using LiteCharms.Features.MidrandBooks.Payments.Models;
 using LiteCharms.Features.MidrandBooks.Products.Models;
 using Microsoft.CodeAnalysis.CSharp.Syntax;
 namespace LiteCharms.Features.MidrandBooks.Extensions;
 public static class Mappers
 {
    public static PaymentGatewayLedger ToModel(this Payments.Entities.PaymentGatewayLedger entity) => new()
    {
        Id = entity.Id,
        CreatedAt = entity.CreatedAt,
        CustomerEmail = entity.CustomerEmail,
        OrderId = entity.OrderId,
        PaymentId = entity.PaymentId,
        MerchantPaymentId = entity.MerchantPaymentId,
        PayfastPaymentId = entity.PayfastPaymentId,
        PaymentStatus = entity.PaymentStatus,
        AmountGross = entity.AmountGross,
        AmountFee = entity.AmountFee,
        AmountNet = entity.AmountNet        
    };
    public static Refund ToModel(this Payments.Entities.Refund entity) => new()
    {
        CreatedAt = entity.CreatedAt,
@@ -30,10 +44,9 @@ public static class Mappers
        CreatedAt = entity.CreatedAt,
        CustomerId = entity.CustomerId,
        OrderId = entity.OrderId,
        PaymentGatewayId = entity.PaymentGatewayId,
        PaymentGatewayReference = entity.PaymentGatewayReference,
        PaymentId = entity.PaymentId,
        Status = entity.Status,
        MerchantPaymentId = entity.MerchantPaymentId,
    };
    public static PaymentGateway ToModel(this Payments.Entities.PaymentGateway entity) => new()
@@ -136,8 +136,8 @@
  <!-- Amazon S3 SDK -->
  <ItemGroup>
-    <PackageReference Include="AWSSDK.Extensions.NetCore.Setup" Version="4.0.4.1" />
+    <PackageReference Include="AWSSDK.Extensions.NetCore.Setup" Version="4.0.4.3" />
-    <PackageReference Include="AWSSDK.S3" Version="4.0.23.4" />
+    <PackageReference Include="AWSSDK.S3" Version="4.0.24" />
    <ProjectReference Include="..\LiteCharms.Features\LiteCharms.Features.csproj" />
    <!-- global Usings -->
@@ -148,6 +148,10 @@
  <!-- Shared Usings -->
  <ItemGroup>
    <Using Include="System.Net.Sockets" />
    <Using Include="System.Text.RegularExpressions" />
    <Using Include="System.Web" />
    <Using Include="System.Net" />
    <Using Include="Humanizer" />
    <Using Include="System.Globalization" />
    <Using Include="System.Reflection" />
@@ -0,0 +1,11 @@
 using LiteCharms.Features.MidrandBooks.Orders.Entities;
 namespace LiteCharms.Features.MidrandBooks.Payments.Entities;
 [EntityTypeConfiguration<PaymentGatewayLedgerConfiguration, PaymentGatewayLedger>]
 public class PaymentGatewayLedger : Models.PaymentGatewayLedger
 {
    public virtual Order? Order { get; set; }
    public virtual Payment? Payment { get; set; }
 }
@@ -0,0 +1,30 @@
 namespace LiteCharms.Features.MidrandBooks.Payments.Entities;
 public sealed class PaymentGatewayLedgerConfiguration : IEntityTypeConfiguration<PaymentGatewayLedger>
 {
    public void Configure(EntityTypeBuilder<PaymentGatewayLedger> builder)
    {
        builder.ToTable("GatewayLedger");
        builder.HasKey(f  => f.Id);
        builder.Property(f => f.CreatedAt).IsRequired().ValueGeneratedOnAdd().HasDefaultValueSql("now()");
        builder.Property(f => f.OrderId).IsRequired();
        builder.Property(f => f.PaymentId).IsRequired();
        builder.Property(f => f.PayfastPaymentId).IsRequired();
        builder.Property(f => f.MerchantPaymentId).IsRequired();
        builder.Property(f => f.AmountGross).IsRequired().HasPrecision(18, 2);        
        builder.Property(f => f.AmountFee).IsRequired().HasPrecision(18, 2);        
        builder.Property(f => f.AmountNet).IsRequired().HasPrecision(18, 2);        
        builder.Property(f => f.CustomerEmail).IsRequired(false);
        builder.HasOne(f => f.Order)
            .WithMany()
            .HasForeignKey(f => f.OrderId)
            .OnDelete(DeleteBehavior.Cascade);
        builder.HasOne(f => f.Payment)
            .WithMany()
            .HasForeignKey(f => f.PaymentId)
            .OnDelete(DeleteBehavior.Cascade);
    }
 }
@@ -11,6 +11,4 @@ public class PaymentLedger : Models.PaymentLedger
    public virtual Order? Order { get; set; }
    public virtual Customer? Customer { get; set; }
    public virtual PaymentGateway? Gateway { get; set; }
 }
@@ -9,8 +9,7 @@ public sealed class PaymentLedgerConfiguration : IEntityTypeConfiguration<Paymen
        builder.HasKey(f => f.Id);
        builder.Property(f => f.CreatedAt).IsRequired().ValueGeneratedOnAdd().HasDefaultValueSql("now()");
        builder.Property(f => f.Status).IsRequired();
-        builder.Property(f => f.PaymentGatewayReference).IsRequired(false);
+        builder.Property(f => f.MerchantPaymentId).IsRequired(false);
        builder.Property(f => f.PaymentGatewayId).IsRequired(false);
        builder.Property(f => f.OrderId).IsRequired();
        builder.Property(f => f.CustomerId).IsRequired();
        builder.Property(f => f.PaymentId).IsRequired();
@@ -31,11 +30,5 @@ public sealed class PaymentLedgerConfiguration : IEntityTypeConfiguration<Paymen
            .WithMany()
            .IsRequired()
            .HasForeignKey(f => f.CustomerId);
        builder.HasOne(f => f.Gateway)
            .WithMany()
            .IsRequired(false)
            .HasForeignKey(f => f.PaymentGatewayId)
            .OnDelete(DeleteBehavior.Cascade);
    }
 }
@@ -1,81 +1,164 @@
 using LiteCharms.Features.Hasher;
 using LiteCharms.Features.Hasher.Configuration;
 using LiteCharms.Features.Mediator;
 using LiteCharms.Features.MidrandBooks.Orders;
 using LiteCharms.Features.MidrandBooks.Payments.Models;
 namespace LiteCharms.Features.MidrandBooks.Payments.Events.Handlers;
-public sealed class PayfastPaymentConfirmationReceivedEventHandler(PaymentService paymentService,
+public sealed class PayfastPaymentConfirmationReceivedEventHandler(IServiceProvider services, IOptions<HasherSettings> hasherOptions, ILogger<PayfastPaymentConfirmationReceivedEvent> logger) :
    HashService hashService, OrderService orderService, ILogger<PayfastPaymentConfirmationReceivedEvent> logger) : 
    INotificationHandler<PayfastPaymentConfirmationReceivedEvent>
 {
    private readonly HasherSettings hasherSettings = hasherOptions.Value;
    public async ValueTask Handle(PayfastPaymentConfirmationReceivedEvent notification, CancellationToken cancellationToken)
    {
-        var hashResult = hashService.DecodeLongIdHash(notification.Payload?.MPaymentId!);
+        using var activity = MediatorTelemetry.Source.StartActivity($"Quartz: {typeof(PayfastPaymentConfirmationReceivedEvent).Name}");
-        if (hashResult.IsFailed)
+        activity?.SetTag("event.correlation_id", notification.CorrelationId);
        {
            logger.LogError("Failed to decode payment ID hash: {Hash}. Errors: {Errors}", notification.Payload?.MPaymentId, string.Join(", ", hashResult.Errors.Select(e => e.Message)));
            throw new Exception($"Failed to decode payment ID hash: {notification.Payload?.MPaymentId}.");
        }
-        var orderResult = await orderService.GetOrderAsync(hashResult.Value, cancellationToken);
+        await using var scope = services.CreateAsyncScope();
-        if (orderResult.IsFailed)
+        var hashService = scope.ServiceProvider.GetRequiredService<HashService>();
-        {
+        var orderService = scope.ServiceProvider.GetRequiredService<OrderService>();
-            logger.LogError("Failed to retrieve order for payment ID: {PaymentId}. Errors: {Errors}", notification.Payload?.MPaymentId, string.Join(", ", orderResult.Errors.Select(e => e.Message)));
+        var paymentService = scope.ServiceProvider.GetRequiredService<PaymentService>();
-            throw new Exception($"Failed to retrieve order for payment ID: {notification.Payload?.MPaymentId}.");
+        var payfastService = scope.ServiceProvider.GetRequiredService<PayfastService>();
        }
-        var paymentResult = await paymentService.GetOrderPaymentAsync(orderResult.Value.CustomerId, cancellationToken);
+        var payload = notification.Payload ?? throw new Exception("Payload metadata context context is null.");
        if (paymentResult.IsFailed)
        {
            logger.LogError("Failed to retrieve payment for order ID: {OrderId}. Errors: {Errors}", orderResult.Value.Id, string.Join(", ", paymentResult.Errors.Select(e => e.Message)));
            throw new Exception($"Failed to retrieve payment for order ID: {orderResult.Value.Id}.");
        }
-        var isAlreadyProcessed = await paymentService.HasLedgerEntryAsync(orderResult.Value.Id, paymentResult.Value.Id, 1, cancellationToken);
+        var dict = payload.ToParamDictionary();
        var localSignature = PayfastService.GenerateSignature(dict, hasherSettings.PayfastPassphrase);
-        if (isAlreadyProcessed.IsFailed)
+        if (localSignature.IsFailed)
-        {
+            throw new Exception("Failed to generate local signature for incoming webhook payload.");
            logger.LogError("Failed to check existing ledger entry for order ID: {OrderId} and payment ID: {PaymentId}. Errors: {Errors}", orderResult.Value.Id, paymentResult.Value.Id, string.Join(", ", isAlreadyProcessed.Errors.Select(e => e.Message)));
            throw new Exception($"Failed to check existing ledger entry for order ID: {orderResult.Value.Id} and payment ID: {paymentResult.Value.Id}.");
        }
-        if (isAlreadyProcessed.Value)
+        if (!string.Equals(localSignature.Value, payload.Signature, StringComparison.OrdinalIgnoreCase))
        {
-            logger.LogInformation("Payment confirmation for payment ID: {PaymentId} has already been processed. Skipping.", notification.Payload?.MPaymentId);
+            logger.LogCritical("Incoming webhook signature verification failed. Possible payload tampering.");
            return;
        }
-        var ledgerResult = await paymentService.WriteLedgerEntryAsync(new Models.CreateLedgerEntry
+        var hashResult = hashService.DecodeLongIdHash(payload.MerchantPaymentId!);
        if (hashResult.IsFailed) throw new Exception("Failed to decode application tracking hash key identifier.");
        var orderResult = await orderService.GetOrderAsync(hashResult.Value, cancellationToken);
        if (orderResult.IsFailed) throw new Exception("Target system order entity context cannot be traced.");
        var paymentResult = await paymentService.GetOrderPaymentAsync(orderResult.Value.Id, cancellationToken);
        if (paymentResult.IsFailed) throw new Exception("Target payment ledger entity cannot be resolved.");
        decimal.TryParse(payload.AmountGross, CultureInfo.InvariantCulture, out var gross);
        decimal.TryParse(payload.AmountFee, CultureInfo.InvariantCulture, out var fee);
        decimal.TryParse(payload.AmountNet, CultureInfo.InvariantCulture, out var net);
        string status = payload.PaymentStatus ?? "UNKNOWN";
        var isAlreadyProcessed = await paymentService.HasLedgerEntryAsync(orderResult.Value.Id, paymentResult.Value.Id, cancellationToken);
        if (isAlreadyProcessed.Value)
        {
            logger.LogWarning("Webhook reference token '{Ref}' already verified. Skipping validation routines.", payload.MerchantPaymentId);
            return;
        }
        if (notification.PerformBackgroundChecks)
        {
            var isHostValid = await payfastService.ValidateReferrerIpAsync(notification.RemoteIpAddress!, notification.AllowLoopback, cancellationToken);
            if (isHostValid.IsFailed)
                throw new Exception("Security validation exception: Webhook packet source address failed cluster validation checks.");
            if (!isHostValid.Value)
                throw new Exception("Security validation exception: Webhook packet source address failed cluster validation checks.");
            var isAmountValid = payfastService.ValidatePaymentAmount(orderResult.Value.Total, payload.AmountGross);
            if (!isAmountValid.Value)
                throw new Exception("Security validation exception: Transaction cost variance bounds breached.");
            var paramList = new List<string>();
            foreach (var kvp in dict)
            {
                if (!string.IsNullOrEmpty(kvp.Value))
                {
                    string encoded = HttpUtility.UrlEncode(kvp.Value.Trim());
                    string safeValue = PayfastService.PercentEncodingRegex.Replace(encoded, m => m.Value.ToLowerInvariant());
                    paramList.Add($"{kvp.Key}={safeValue}");
                }
            }
            string rawParamString = string.Join("&", paramList);
            var serverConfirmation = await payfastService.ValidateServerConfirmationAsync(rawParamString, isSandbox: true, cancellationToken);
            if (serverConfirmation.IsFailed)
                throw new Exception("Security validation exception: Payfast central handshake server rejected payload legitimacy.");
        }
        await payfastService.WriteLedgerEntryAsync(new CreateGatewayLedgerEntry
        {
            CustomerId = orderResult.Value.CustomerId,
            OrderId = orderResult.Value.Id,
            PaymentId = paymentResult.Value.Id,
-            Status = LedgerStatuses.Received,
+            MerchantPaymentId = payload.MerchantPaymentId!,
-            PaymentGatewayId = 1,
+            PayfastPaymentId = payload.PaymentId,
-            PaymentGatewayReference = notification.CorrelationId,
+            CustomerEmail = payload.EmailAddress,
            AmountFee = fee,
            AmountGross = gross,
            AmountNet = net,
            PaymentStatus = status,
        }, cancellationToken);
-        if (ledgerResult.IsFailed)
+        if (status.Equals("COMPLETE", StringComparison.OrdinalIgnoreCase))
        {
-            logger.LogError("Failed to write ledger entry for payment ID: {PaymentId}. Errors: {Errors}", notification.Payload?.MPaymentId, string.Join(", ", ledgerResult.Errors.Select(e => e.Message)));
+            var ledgerWriteResult = await paymentService.WriteLedgerEntryAsync(new CreateLedgerEntry
-            throw new Exception($"Failed to write ledger entry for payment ID: {notification.Payload?.MPaymentId}.");   
+            {
-        }
+                OrderId = orderResult.Value.Id,
                PaymentId = paymentResult.Value.Id,
                PaymentGatewayReference = payload.PaymentId!,
                Status = LedgerStatuses.Completed,
                CustomerId = orderResult.Value.CustomerId,
            }, cancellationToken);
-        var paymentCompletedResult = await paymentService.CompletePaymentAsync(paymentResult.Value.Id, PaymentStatuses.Paid, cancellationToken);
+            if (ledgerWriteResult.IsFailed)
-        if (paymentCompletedResult.IsFailed)
+                throw new Exception("Failed to write ledger entry for payment confirmation.");
            var completePaymentResult = await paymentService.CompletePaymentAsync(paymentResult.Value.Id, PaymentStatuses.Paid, cancellationToken);
            if (completePaymentResult.IsFailed)
                throw new Exception("Failed to update payment status to 'Paid' for payment confirmation.");
            var updateOrderResult = await orderService.UpdateOrderStatusAsync(orderResult.Value.Id, OrderStatus.Completed, cancellationToken);
            if (updateOrderResult.IsFailed)
                throw new Exception("Failed to update order status to 'Completed' for payment confirmation.");
            logger.LogInformation("Order payment verified secure and cleared successfully.");
        }
        else
        {
-            logger.LogError("Failed to complete payment for order ID: {OrderId}. Errors: {Errors}", orderResult.Value.Id, string.Join(", ", paymentCompletedResult.Errors.Select(e => e.Message)));
+            LedgerStatuses ledgerStatus;
-            throw new Exception($"Failed to complete payment for order ID: {orderResult.Value.Id}.");
+
            if (status.Equals("CANCELLED", StringComparison.OrdinalIgnoreCase))
                ledgerStatus = LedgerStatuses.Cancelled;
            else
                ledgerStatus = LedgerStatuses.Failed;
            var ledgerWriteResult = await paymentService.WriteLedgerEntryAsync(new CreateLedgerEntry
            {
                OrderId = orderResult.Value.Id,
                PaymentId = paymentResult.Value.Id,
                PaymentGatewayReference = payload.PaymentId!,
                Status = ledgerStatus,
                CustomerId = orderResult.Value.CustomerId,
            }, cancellationToken);
            logger.LogInformation("Webhook validation pipeline passed checks successfully, logged entry to ledger with status: {Status}", status);
        }
        activity?.SetStatus(ActivityStatusCode.Ok);
        var orderCompletedResult = await orderService.UpdateOrderStatusAsync(orderResult.Value.Id, OrderStatus.Completed, cancellationToken);
        if (orderCompletedResult.IsFailed)
        {
            logger.LogError("Failed to update order status to Completed for order ID: {OrderId}. Errors: {Errors}", orderResult.Value.Id, string.Join(", ", orderCompletedResult.Errors.Select(e => e.Message)));
            throw new Exception($"Failed to update order status to Completed for order ID: {orderResult.Value.Id}.");
        }
        logger.LogInformation("Received Payfast payment confirmation for payment ID: {PaymentId}", notification.Payload?.MPaymentId);
        // TODO: Publish MediatR notifications or queue downstream Quartz jobs (Discord, Shipping, Customer Email, Royalties)
    }
 }
@@ -1,5 +1,5 @@
 using LiteCharms.Features.Abstractions;
-using LiteCharms.Features.Models;
+using LiteCharms.Features.MidrandBooks.Payments.Models;
 namespace LiteCharms.Features.MidrandBooks.Payments.Events;
@@ -9,14 +9,22 @@ public sealed class PayfastPaymentConfirmationReceivedEvent : EventBase, IEvent
    public PayfastWebhookPayload? Payload { get; set; }
    public string? RemoteIpAddress { get; set; }
    public bool PerformBackgroundChecks { get; set; }
    public bool AllowLoopback { get; set; }
    public PayfastPaymentConfirmationReceivedEvent() { }
-    private PayfastPaymentConfirmationReceivedEvent(PayfastWebhookPayload? payload, string paymentId)
+    private PayfastPaymentConfirmationReceivedEvent(PayfastWebhookPayload? payload, string paymentId, bool performBackgroundChecks = true, bool allowLoopback = false)
    {
        Payload = payload;
        CorrelationId = paymentId;
        PerformBackgroundChecks = performBackgroundChecks;
        AllowLoopback = allowLoopback;
    }
-    public static PayfastPaymentConfirmationReceivedEvent Create(PayfastWebhookPayload? payload, string paymentId) =>
+    public static PayfastPaymentConfirmationReceivedEvent Create(PayfastWebhookPayload? payload, string paymentId, bool performBackgroundChecks = true, bool allowLoopback = false) =>
-        new(payload, paymentId);
+        new(payload, paymentId, performBackgroundChecks, allowLoopback);
 }
@@ -0,0 +1,59 @@
 namespace LiteCharms.Features.MidrandBooks.Payments.Models;
 public sealed class PayfastWebhookPayload
 {
    public string? MerchantId { get; set; }
    public string? MerchantKey { get; set; }
    public string? Signature { get; set; }
    public string? MerchantPaymentId { get; set; }
    public string? PaymentId { get; set; }
    public string? PaymentStatus { get; set; }
    public string? ItemName { get; set; }
    public string? ItemDescription { get; set; }
    public string? AmountGross { get; set; }
    public string? AmountFee { get; set; }
    public string? AmountNet { get; set; }
    public string? NameFirst { get; set; }
    public string? NameLast { get; set; }
    public string? EmailAddress { get; set; }
    public string? CustomStr1 { get; set; }
    public string? CustomInt1 { get; set; }
    public string? Token { get; set; }
    public IDictionary<string, string?> ToParamDictionary() => new Dictionary<string, string?>
        (StringComparer.Ordinal)
        {
            { "merchant_id", MerchantId },
            { "merchant_key", MerchantKey },
            { "m_payment_id", MerchantPaymentId },
            { "pf_payment_id", PaymentId },
            { "payment_status", PaymentStatus },
            { "item_name", ItemName },
            { "item_description", ItemDescription },
            { "amount_gross", AmountGross },
            { "amount_fee", AmountFee },
            { "amount_net", AmountNet },
            { "custom_str1", CustomStr1 },
            { "custom_int1", CustomInt1 },
            { "name_first", NameFirst },
            { "name_last", NameLast },
            { "email_address", EmailAddress },
            { "token", Token }
        };
 }
@@ -0,0 +1,26 @@
 namespace LiteCharms.Features.MidrandBooks.Payments.Models;
 public class PaymentGatewayLedger
 {
    public long Id { get; set; }
    public DateTime CreatedAt { get; set; }
    public string? CustomerEmail { get; set; }
    public long OrderId { get; set; }
    public long PaymentId { get; set; }
    public string? MerchantPaymentId { get; set; }
    public string? PayfastPaymentId { get; set; }
    public string? PaymentStatus { get; set; }
    public decimal AmountGross { get; set; }
    public decimal AmountFee { get; set; }
    public decimal AmountNet { get; set; }
 }
@@ -14,7 +14,5 @@ public class PaymentLedger
    public long CustomerId { get; set; }
-    public string? PaymentGatewayReference { get; set; }
+    public string? MerchantPaymentId { get; set; }
    public long? PaymentGatewayId { get; set; }
 }
@@ -1,5 +1,26 @@
 namespace LiteCharms.Features.MidrandBooks.Payments.Models;
 public sealed record CreateGatewayLedgerEntry
 {
    public string? CustomerEmail { get; set; }
    public required long OrderId { get; set; }
    public required long PaymentId { get; set; }
    public string? MerchantPaymentId { get; set; }
    public string? PayfastPaymentId { get; set; }
    public string? PaymentStatus { get; set; }
    public decimal AmountGross { get; set; }
    public decimal AmountFee { get; set; }
    public decimal AmountNet { get; set; }
 }
 public sealed record UpdateRefund
 {
    public long OrderId { get; set; }
@@ -0,0 +1,177 @@
 using LiteCharms.Features.Abstractions;
 using LiteCharms.Features.Hasher;
 using LiteCharms.Features.MidrandBooks.Payments.Models;
 using LiteCharms.Features.MidrandBooks.Postgres;
 namespace LiteCharms.Features.MidrandBooks.Payments;
 public sealed partial class PayfastService(IDbContextFactory<MidrandBooksDbContext> contextFactory, 
    ILogger<PayfastService> logger, IHttpClientFactory httpClientFactory, IConfiguration configuration) : IService
 {
    [GeneratedRegex(@"%[0-9A-Fa-f]{2}", RegexOptions.None, matchTimeoutMilliseconds: 1000)]
    public static partial Regex PercentEncodingRegex { get; }
    public readonly string[] ValidHosts = configuration.GetSection("ValidPayfastHosts").Get<string[]>() ?? [];
    public async ValueTask<Result<long>> WriteLedgerEntryAsync(CreateGatewayLedgerEntry request, CancellationToken cancellationToken = default)
    {
        try
        {
            await using var context = await contextFactory.CreateDbContextAsync(cancellationToken);
            if(!await context.Orders.AnyAsync(o => o.Id == request.OrderId, cancellationToken))
                return Result.Fail<long>("Referenced order ID does not exist in database.");
            if(!await context.Payments.AnyAsync(p => p.Id == request.PaymentId, cancellationToken))
                return Result.Fail<long>("Referenced payment ID does not exist in database.");
            var entry = context.GatewayLedger.Add(new Entities.PaymentGatewayLedger
            {
                CustomerEmail = request.CustomerEmail,
                OrderId = request.OrderId,
                PaymentId = request.PaymentId,
                MerchantPaymentId = request.MerchantPaymentId,
                PayfastPaymentId = request.PayfastPaymentId,
                PaymentStatus = request.PaymentStatus,
                AmountGross = request.AmountGross,
                AmountFee = request.AmountFee,
                AmountNet = request.AmountNet,
                CreatedAt = DateTime.UtcNow,                
            });
            return await context.SaveChangesAsync(cancellationToken) > 0
                ? Result.Ok(entry.Entity.Id)
                : Result.Fail<long>("Failed to save Payfast ledger entry to database.");
        }
        catch (Exception ex)
        {
            return Result.Fail<long>(new Error("Failed to write Payfast ledger entry to database.").CausedBy(ex));
        }
    }
    public async ValueTask<Result<bool>> ValidateReferrerIpAsync(string remoteIpAddress, bool allowLoopback = false, CancellationToken cancellationToken = default)
    {
        if (string.IsNullOrWhiteSpace(remoteIpAddress)) 
            return Result.Fail<bool>("Remote IP address is null or whitespace.");
        try
        {
            var validIps = new HashSet<IPAddress>();
            foreach (var host in ValidHosts)
            {
                try
                {
                    var addresses = await Dns.GetHostAddressesAsync(host, cancellationToken);
                    foreach (var addr in addresses) validIps.Add(addr);
                }
                catch (SocketException ex)
                {
                    logger.LogWarning(ex, "DNS warning: Failed to resolve Payfast node '{Host}'. It may be decommissioned or unreachable.", host);
                }
            }
            if (IPAddress.TryParse(remoteIpAddress, out var incomingIp))
            {
                if (allowLoopback && IPAddress.IsLoopback(incomingIp))
                {
                    logger.LogInformation("Local development loopback IP '{RemoteIp}' allowed bypassing DNS verification.", remoteIpAddress);
                    return Result.Ok(true);
                }
                bool isValid = validIps.Contains(incomingIp);
                if (!isValid)
                    logger.LogWarning("SECURITY ALERT: Webhook IP '{RemoteIp}' originated from an unlisted host schema.", remoteIpAddress);
                return Result.Ok(isValid);
            }
            return Result.Fail<bool>("Invalid remote IP address format.");
        }
        catch (Exception ex)
        {
            return Result.Fail<bool>(new Error("DNS Verification error while scanning Payfast IP nodes.").CausedBy(ex));
        }
    }
    public Result<bool> ValidatePaymentAmount(decimal expectedTotal, string? amountGrossString)
    {
        if (!decimal.TryParse(amountGrossString, CultureInfo.InvariantCulture, out decimal grossAmount))
            return Result.Fail<bool>("Failed to parse payment amount.");
        decimal delta = Math.Abs(expectedTotal - grossAmount);
        bool isAmountValid = delta <= 0.01m;
        if (!isAmountValid)
            logger.LogError("FINANCIAL DRIFT EXCEPTION: Expected order total R{Expected} but gateway cleared R{Cleared}.", expectedTotal, grossAmount);
        return Result.Ok(isAmountValid);
    }
    public async ValueTask<Result<bool>> ValidateServerConfirmationAsync(string rawQueryParamString, bool isSandbox, CancellationToken ct)
    {
        try
        {
            string host = isSandbox ? "sandbox.payfast.co.za" : "www.payfast.co.za";
            string targetUrl = $"https://{host}/eng/query/validate";
            using var content = new StringContent(rawQueryParamString, Encoding.UTF8, "application/x-www-form-urlencoded");
            var httpClient = httpClientFactory.CreateClient();
            var response = await httpClient.PostAsync(targetUrl, content, ct);
            if (!response.IsSuccessStatusCode) return Result.Fail<bool>("Failed to validate server confirmation.");
            string responseText = await response.Content.ReadAsStringAsync(ct);
            bool isValidated = string.Equals(responseText.Trim(), "VALID", StringComparison.OrdinalIgnoreCase);
            if (!isValidated)
                logger.LogWarning("SECURITY WARNING: Payfast back-channel returned validation response: '{Response}'", responseText);
            return Result.Ok(isValidated);
        }
        catch (Exception ex)
        {
            return Result.Fail<bool>(new Error("Failed to complete back-channel cURL verification handshakes with Payfast remote endpoints.").CausedBy(ex));
        }
    }
    public static Result<string> GenerateSignature(IDictionary<string, string?> data, string? passPhrase = null)
    {
        var pfOutput = new StringBuilder();
        foreach (var kvp in data)
        {
            if (string.IsNullOrEmpty(kvp.Value))
                continue;
            string key = kvp.Key;
            string encodedVal = HttpUtility.UrlEncode(kvp.Value.Trim());
            string val = PercentEncodingRegex.Replace(encodedVal, m => m.Value.ToLowerInvariant());
            pfOutput.Append($"{key}={val}&");
        }
        string getString = pfOutput.Length > 0
            ? pfOutput.ToString()[..^1]
            : string.Empty;
        if (!string.IsNullOrWhiteSpace(passPhrase))
        {
            string encodedPassphrase = HttpUtility.UrlEncode(passPhrase.Trim());
            string safePassphrase = PercentEncodingRegex.Replace(encodedPassphrase, m => m.Value.ToLowerInvariant());
            getString += $"&passphrase={safePassphrase}";
        }
        return HashService.ToMd5Hash(getString);
    }    
 }
@@ -116,7 +116,7 @@ public sealed class PaymentService(IDbContextFactory<MidrandBooksDbContext> cont
        }
    }
-    public async ValueTask<Result<bool>> HasLedgerEntryAsync(long orderId, long paymentId, long gatewayId, CancellationToken cancellationToken = default)
+    public async ValueTask<Result<bool>> HasLedgerEntryAsync(long orderId, long paymentId, CancellationToken cancellationToken = default)
    {
        try
        {
@@ -124,8 +124,7 @@ public sealed class PaymentService(IDbContextFactory<MidrandBooksDbContext> cont
            var exists = await context.Ledger.AnyAsync(l =>
                l.OrderId == orderId &&
-                l.PaymentId == paymentId &&
+                l.PaymentId == paymentId, cancellationToken);
                l.PaymentGatewayId == gatewayId, cancellationToken);
            return Result.Ok(exists);
        }
@@ -162,8 +161,6 @@ public sealed class PaymentService(IDbContextFactory<MidrandBooksDbContext> cont
                CreatedAt = DateTime.UtcNow,
                CustomerId = request.CustomerId,
                OrderId = request.OrderId,
                PaymentGatewayId = request.PaymentGatewayId,
                PaymentGatewayReference = request.PaymentGatewayReference,
                PaymentId = request.PaymentId,
                Status = request.Status,
            });
@@ -48,4 +48,6 @@ public sealed class MidrandBooksDbContext(DbContextOptions<MidrandBooksDbContext
    public DbSet<PaymentGateway> Gateways => Set<PaymentGateway>();
    public DbSet<PaymentLedger> Ledger => Set<PaymentLedger>();
    public DbSet<PaymentGatewayLedger> GatewayLedger => Set<PaymentGatewayLedger>();
 }
@@ -0,0 +1,108 @@
 using System;
 using Microsoft.EntityFrameworkCore.Migrations;
 using Npgsql.EntityFrameworkCore.PostgreSQL.Metadata;
 #nullable disable
 namespace LiteCharms.Features.MidrandBooks.Postgres.Migrations
 {
    /// <inheritdoc />
    public partial class AddedPaymentGatewayLedger : Migration
    {
        /// <inheritdoc />
        protected override void Up(MigrationBuilder migrationBuilder)
        {
            migrationBuilder.DropForeignKey(
                name: "FK_Ledger_Gateways_PaymentGatewayId",
                table: "Ledger");
            migrationBuilder.DropIndex(
                name: "IX_Ledger_PaymentGatewayId",
                table: "Ledger");
            migrationBuilder.DropColumn(
                name: "PaymentGatewayId",
                table: "Ledger");
            migrationBuilder.RenameColumn(
                name: "PaymentGatewayReference",
                table: "Ledger",
                newName: "MerchantPaymentId");
            migrationBuilder.CreateTable(
                name: "GatewayLedger",
                columns: table => new
                {
                    Id = table.Column<long>(type: "bigint", nullable: false)
                        .Annotation("Npgsql:ValueGenerationStrategy", NpgsqlValueGenerationStrategy.IdentityByDefaultColumn),
                    CreatedAt = table.Column<DateTime>(type: "timestamp with time zone", nullable: false, defaultValueSql: "now()"),
                    CustomerEmail = table.Column<string>(type: "text", nullable: true),
                    OrderId = table.Column<long>(type: "bigint", nullable: false),
                    PaymentId = table.Column<long>(type: "bigint", nullable: false),
                    MerchantPaymentId = table.Column<string>(type: "text", nullable: true),
                    PayfastPaymentId = table.Column<string>(type: "text", nullable: false),
                    PaymentStatus = table.Column<string>(type: "text", nullable: true),
                    AmountGross = table.Column<decimal>(type: "numeric(18,2)", precision: 18, scale: 2, nullable: false),
                    AmountFee = table.Column<decimal>(type: "numeric(18,2)", precision: 18, scale: 2, nullable: false),
                    AmountNet = table.Column<decimal>(type: "numeric(18,2)", precision: 18, scale: 2, nullable: false)
                },
                constraints: table =>
                {
                    table.PrimaryKey("PK_GatewayLedger", x => x.Id);
                    table.ForeignKey(
                        name: "FK_GatewayLedger_Orders_OrderId",
                        column: x => x.OrderId,
                        principalTable: "Orders",
                        principalColumn: "Id",
                        onDelete: ReferentialAction.Cascade);
                    table.ForeignKey(
                        name: "FK_GatewayLedger_Payments_PaymentId",
                        column: x => x.PaymentId,
                        principalTable: "Payments",
                        principalColumn: "Id",
                        onDelete: ReferentialAction.Cascade);
                });
            migrationBuilder.CreateIndex(
                name: "IX_GatewayLedger_OrderId",
                table: "GatewayLedger",
                column: "OrderId");
            migrationBuilder.CreateIndex(
                name: "IX_GatewayLedger_PaymentId",
                table: "GatewayLedger",
                column: "PaymentId");
        }
        /// <inheritdoc />
        protected override void Down(MigrationBuilder migrationBuilder)
        {
            migrationBuilder.DropTable(
                name: "GatewayLedger");
            migrationBuilder.RenameColumn(
                name: "MerchantPaymentId",
                table: "Ledger",
                newName: "PaymentGatewayReference");
            migrationBuilder.AddColumn<long>(
                name: "PaymentGatewayId",
                table: "Ledger",
                type: "bigint",
                nullable: true);
            migrationBuilder.CreateIndex(
                name: "IX_Ledger_PaymentGatewayId",
                table: "Ledger",
                column: "PaymentGatewayId");
            migrationBuilder.AddForeignKey(
                name: "FK_Ledger_Gateways_PaymentGatewayId",
                table: "Ledger",
                column: "PaymentGatewayId",
                principalTable: "Gateways",
                principalColumn: "Id",
                onDelete: ReferentialAction.Cascade);
        }
    }
 }
@@ -0,0 +1,36 @@
 using Microsoft.EntityFrameworkCore.Migrations;
 #nullable disable
 namespace LiteCharms.Features.MidrandBooks.Postgres.Migrations
 {
    /// <inheritdoc />
    public partial class AddedPayfastPaymentIdToPaymentGatewayLedger : Migration
    {
        /// <inheritdoc />
        protected override void Up(MigrationBuilder migrationBuilder)
        {
            migrationBuilder.AlterColumn<string>(
                name: "MerchantPaymentId",
                table: "GatewayLedger",
                type: "text",
                nullable: false,
                defaultValue: "",
                oldClrType: typeof(string),
                oldType: "text",
                oldNullable: true);
        }
        /// <inheritdoc />
        protected override void Down(MigrationBuilder migrationBuilder)
        {
            migrationBuilder.AlterColumn<string>(
                name: "MerchantPaymentId",
                table: "GatewayLedger",
                type: "text",
                nullable: true,
                oldClrType: typeof(string),
                oldType: "text");
        }
    }
 }
@@ -615,6 +615,60 @@ namespace LiteCharms.Features.MidrandBooks.Postgres.Migrations
                    b.ToTable("Gateways", (string)null);
                });
            modelBuilder.Entity("LiteCharms.Features.MidrandBooks.Payments.Entities.PaymentGatewayLedger", b =>
                {
                    b.Property<long>("Id")
                        .ValueGeneratedOnAdd()
                        .HasColumnType("bigint");
                    NpgsqlPropertyBuilderExtensions.UseIdentityByDefaultColumn(b.Property<long>("Id"));
                    b.Property<decimal>("AmountFee")
                        .HasPrecision(18, 2)
                        .HasColumnType("numeric(18,2)");
                    b.Property<decimal>("AmountGross")
                        .HasPrecision(18, 2)
                        .HasColumnType("numeric(18,2)");
                    b.Property<decimal>("AmountNet")
                        .HasPrecision(18, 2)
                        .HasColumnType("numeric(18,2)");
                    b.Property<DateTime>("CreatedAt")
                        .ValueGeneratedOnAdd()
                        .HasColumnType("timestamp with time zone")
                        .HasDefaultValueSql("now()");
                    b.Property<string>("CustomerEmail")
                        .HasColumnType("text");
                    b.Property<string>("MerchantPaymentId")
                        .IsRequired()
                        .HasColumnType("text");
                    b.Property<long>("OrderId")
                        .HasColumnType("bigint");
                    b.Property<string>("PayfastPaymentId")
                        .IsRequired()
                        .HasColumnType("text");
                    b.Property<long>("PaymentId")
                        .HasColumnType("bigint");
                    b.Property<string>("PaymentStatus")
                        .HasColumnType("text");
                    b.HasKey("Id");
                    b.HasIndex("OrderId");
                    b.HasIndex("PaymentId");
                    b.ToTable("GatewayLedger", (string)null);
                });
            modelBuilder.Entity("LiteCharms.Features.MidrandBooks.Payments.Entities.PaymentLedger", b =>
                {
                    b.Property<long>("Id")
@@ -631,15 +685,12 @@ namespace LiteCharms.Features.MidrandBooks.Postgres.Migrations
                    b.Property<long>("CustomerId")
                        .HasColumnType("bigint");
                    b.Property<string>("MerchantPaymentId")
                        .HasColumnType("text");
                    b.Property<long>("OrderId")
                        .HasColumnType("bigint");
                    b.Property<long?>("PaymentGatewayId")
                        .HasColumnType("bigint");
                    b.Property<string>("PaymentGatewayReference")
                        .HasColumnType("text");
                    b.Property<long>("PaymentId")
                        .HasColumnType("bigint");
@@ -652,8 +703,6 @@ namespace LiteCharms.Features.MidrandBooks.Postgres.Migrations
                    b.HasIndex("OrderId");
                    b.HasIndex("PaymentGatewayId");
                    b.HasIndex("PaymentId");
                    b.ToTable("Ledger", (string)null);
@@ -1062,6 +1111,25 @@ namespace LiteCharms.Features.MidrandBooks.Postgres.Migrations
                    b.Navigation("Order");
                });
            modelBuilder.Entity("LiteCharms.Features.MidrandBooks.Payments.Entities.PaymentGatewayLedger", b =>
                {
                    b.HasOne("LiteCharms.Features.MidrandBooks.Orders.Entities.Order", "Order")
                        .WithMany()
                        .HasForeignKey("OrderId")
                        .OnDelete(DeleteBehavior.Cascade)
                        .IsRequired();
                    b.HasOne("LiteCharms.Features.MidrandBooks.Payments.Entities.Payment", "Payment")
                        .WithMany()
                        .HasForeignKey("PaymentId")
                        .OnDelete(DeleteBehavior.Cascade)
                        .IsRequired();
                    b.Navigation("Order");
                    b.Navigation("Payment");
                });
            modelBuilder.Entity("LiteCharms.Features.MidrandBooks.Payments.Entities.PaymentLedger", b =>
                {
                    b.HasOne("LiteCharms.Features.MidrandBooks.Customers.Entities.Customer", "Customer")
@@ -1076,11 +1144,6 @@ namespace LiteCharms.Features.MidrandBooks.Postgres.Migrations
                        .OnDelete(DeleteBehavior.Cascade)
                        .IsRequired();
                    b.HasOne("LiteCharms.Features.MidrandBooks.Payments.Entities.PaymentGateway", "Gateway")
                        .WithMany()
                        .HasForeignKey("PaymentGatewayId")
                        .OnDelete(DeleteBehavior.Cascade);
                    b.HasOne("LiteCharms.Features.MidrandBooks.Payments.Entities.Payment", "Payment")
                        .WithMany()
                        .HasForeignKey("PaymentId")
@@ -1089,8 +1152,6 @@ namespace LiteCharms.Features.MidrandBooks.Postgres.Migrations
                    b.Navigation("Customer");
                    b.Navigation("Gateway");
                    b.Navigation("Order");
                    b.Navigation("Payment");
@@ -17,7 +17,7 @@
      <PrivateAssets>all</PrivateAssets>
      <IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
    </PackageReference>
-    <PackageReference Include="Microsoft.NET.Test.Sdk" Version="18.5.1" />
+    <PackageReference Include="Microsoft.NET.Test.Sdk" Version="18.6.0" />
    <PackageReference Include="xunit" Version="2.9.3" />
    <PackageReference Include="xunit.runner.visualstudio" Version="3.1.5">
      <PrivateAssets>all</PrivateAssets>
@@ -105,7 +105,7 @@
      <PrivateAssets>all</PrivateAssets>
      <IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
    </PackageReference>
-    <PackageReference Include="Npgsql.EntityFrameworkCore.PostgreSQL" Version="10.0.1" />
+    <PackageReference Include="Npgsql.EntityFrameworkCore.PostgreSQL" Version="10.0.2" />
    <!-- Global Usings -->
    <Using Include="Npgsql" />
@@ -116,8 +116,8 @@
  <!-- Email -->
  <ItemGroup>
-    <PackageReference Include="MailKit" Version="4.16.0" />
+    <PackageReference Include="MailKit" Version="4.17.0" />
-    <PackageReference Include="MimeKit" Version="4.16.0" />
+    <PackageReference Include="MimeKit" Version="4.17.0" />
    <!-- Global Usings-->
    <Using Include="MimeKit" />
@@ -136,8 +136,8 @@
  <!-- Amazon S3 SDK -->
  <ItemGroup>
-    <PackageReference Include="AWSSDK.Extensions.NetCore.Setup" Version="4.0.4.1" />
+    <PackageReference Include="AWSSDK.Extensions.NetCore.Setup" Version="4.0.4.3" />
-    <PackageReference Include="AWSSDK.S3" Version="4.0.23.4" />
+    <PackageReference Include="AWSSDK.S3" Version="4.0.24" />
    <ProjectReference Include="..\LiteCharms.Features\LiteCharms.Features.csproj" />
    <!-- global Usings -->
@@ -1,13 +1,10 @@
 using LiteCharms.Features.Hasher;
 using LiteCharms.Features.Models;
 using static LiteCharms.Features.Extensions.Hash;
 namespace LiteCharms.Features.Tests;
 public class HashServiceFeatureTests(Fixture fixture) : IClassFixture<Fixture>
 {
    private readonly HashService hashService = fixture.Services.GetRequiredService<HashService>();
    private readonly string payfastPassphrase = fixture.Configuration.GetSection("HasherSettings:PayfastPassphrase").Value!;
    [Fact]
    public void StringToSha256Hash_Should_GenerateHash()
@@ -62,28 +59,6 @@ public class HashServiceFeatureTests(Fixture fixture) : IClassFixture<Fixture>
        Assert.Equal(expectedMd5Lowercase, result.Value);
    }
    [Fact]
    public void VerifyPayfastWebhookSignature_Should_GenerateHash()
    {
        var paymentId = hashService.HashEncodeLongId(1001).Value;
        var payload = new PayfastWebhookPayload
        {
            Amount = "350.00",
            ItemName = "System Architecture Book",
            MPaymentId = paymentId,            
        };
        var rawPayload = payload.ToRawPayfastPayload(payfastPassphrase);
        var generatedSignature = HashService.ToMd5Hash(rawPayload).Value;
        var result = hashService.VerifyPayfastWebhookSignature(payload, generatedSignature);
        Assert.True(result.IsSuccess);
        Assert.True(result.Value);
    }
    [Fact]
    public void HashEncodeHex_Should_GenerateHash()
    {
@@ -17,7 +17,7 @@
      <PrivateAssets>all</PrivateAssets>
      <IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
    </PackageReference>
-    <PackageReference Include="Microsoft.NET.Test.Sdk" Version="18.5.1" />
+    <PackageReference Include="Microsoft.NET.Test.Sdk" Version="18.6.0" />
    <PackageReference Include="xunit" Version="2.9.3" />
    <PackageReference Include="xunit.runner.visualstudio" Version="3.1.5">
      <PrivateAssets>all</PrivateAssets>
@@ -0,0 +1,6 @@
 ### Authentik Token Request (Service Account Explicit)
 POST {{authority}}
 Content-Type: application/x-www-form-urlencoded
 Accept-Encoding: identity
 grant_type={{grantType}}&client_id={{clientId}}&username={{username}}&password={{password}}&scope={{scope}}
@@ -0,0 +1,8 @@
 ## Payfast Payment Confirmation
 # This endpoint is used by Payfast to confirm the payment status of a transaction. 
 # It receives a POST request with the payment details and updates the order status accordingly.
 POST {{baseUrl}}/v1/payments/payfast/confirm
 Content-Type: application/x-www-form-urlencoded
 amount={{amount}}&item_name={{item_name}}&m_payment_id={{paymentId}}&signature={{signature}}
@@ -0,0 +1,6 @@
 namespace LiteCharms.Features.Abstractions;
 public interface IEndpoint
 {
    void Map(IEndpointRouteBuilder builder);
 }
@@ -0,0 +1,12 @@
 namespace LiteCharms.Features.Abstractions;
 public interface IJobOrchestrator
 {
    ValueTask SendAsync<TNotification>(TNotification notification, CancellationToken cancellationToken = default)
        where TNotification : IEvent;
    ValueTask ScheduleAsync<TNotification>(TNotification notification, string cronExpression, CancellationToken cancellationToken = default) 
        where TNotification : IEvent;
    ValueTask<bool> InterruptAsync(string eventName, string? correlationId = null, CancellationToken cancellationToken = default);
 }
@@ -0,0 +1,7 @@
 namespace LiteCharms.Features.Api;
 [AttributeUsage(AttributeTargets.Class, AllowMultiple = true)]
 public sealed class ApiVersionTargetAttribute(int majorVersion) : Attribute
 {
    public int MajorVersion { get; } = majorVersion;
 }
@@ -0,0 +1,18 @@
 namespace LiteCharms.Features.Api.Configuration;
 public sealed class AuthentikSettings
 {
    public string? Authority { get; set; }
    public string? IntrospectionUrl { get; set; }
    public string? ApiResourceName { get; set; }
    public string? ApiResourceSecret { get; set; }
    public string? RequiredClaimName { get; set; }
    public string? RequiredClaimNameValue { get; set; }
    public bool RequireHttpsMetadata { get; set; }
 }
@@ -0,0 +1,16 @@
 namespace LiteCharms.Features.Api;
 public sealed class OpenApiBearerSecuritySchemeTransformer : IOpenApiDocumentTransformer
 {
    public async Task TransformAsync(OpenApiDocument document, OpenApiDocumentTransformerContext context, CancellationToken cancellationToken)
    {
        var bearerScheme = new OpenApiSecurityScheme
        {
            Type = SecuritySchemeType.Http,
            Scheme = "bearer",
            Description = "JWT Authorization header using the Bearer scheme",
        };
        document.AddComponent("Bearer", bearerScheme);
    }
 }
@@ -7,25 +7,25 @@ public sealed class EmailEnquiryModel
    [Required]
    [MinLength(2)]
    [MaxLength(255)]
-    [Display(Name = "Full Name")]
+    [System.ComponentModel.DataAnnotations.Display(Name = "Full Name")]
    public string? FullName { get; set; }
    [Required]
    [EmailAddress]
    [MinLength(5)]
    [MaxLength(255)]
-    [Display(Name = "Email Address")]
+    [System.ComponentModel.DataAnnotations.Display(Name = "Email Address")]
    public string? EmailAddress { get; set; }
    [Required]
    [MinLength(2)]
    [MaxLength(255)]
-    [Display(Name = "Subject")]
+    [System.ComponentModel.DataAnnotations.Display(Name = "Subject")]
    public string? EmailSubject { get; set; }
    [Required]
    [MinLength(2)]
    [MaxLength(2000)]
-    [Display(Name = "Message")]
+    [System.ComponentModel.DataAnnotations.Display(Name = "Message")]
    public string? Message { get; set; }
 }
@@ -19,6 +19,7 @@ public enum LedgerStatuses : int
    Cancelled = 4,
    Failed = 5,
    Partial = 6,
    Completed = 7,
 }
 public enum PaymentStatuses : int
@@ -0,0 +1,128 @@
 using LiteCharms.Features.Abstractions;
 using LiteCharms.Features.Api;
 using LiteCharms.Features.Api.Configuration;
 namespace LiteCharms.Features.Extensions;
 public static class Api
 {
    public const string Books = nameof(Books);
    public const string Payments = nameof(Payments);
    public static IServiceCollection AddAuthentic(this IServiceCollection services, IConfiguration configuration)
    {
        var configSection = configuration.GetSection(nameof(AuthentikSettings));
        var authOptions = new AuthentikSettings();
        configSection.Bind(authOptions);
        services.Configure<AuthentikSettings>(configSection);
        services.AddAuthentication(OAuth2IntrospectionDefaults.AuthenticationScheme)
            .AddOAuth2Introspection(OAuth2IntrospectionDefaults.AuthenticationScheme, options =>
            {
                options.Authority = authOptions.Authority;
                options.IntrospectionEndpoint = authOptions.IntrospectionUrl;
                options.ClientId = authOptions.ApiResourceName;
                options.ClientSecret = authOptions.ApiResourceSecret;
                options.NameClaimType = "sub";
                options.DiscoveryPolicy.RequireHttps = authOptions.RequireHttpsMetadata;
                options.DiscoveryPolicy.ValidateEndpoints = false;
                options.EnableCaching = false;                
            });
        services.AddAuthorization();
        return services;
    }
    public static IServiceCollection AddApiServices(this IServiceCollection services, IConfiguration configuration)
    {
        services.AddHttpClient();
        services.AddApiVersioning(options =>
        {
            options.DefaultApiVersion = new ApiVersion(1);
            options.ReportApiVersions = true;
            options.AssumeDefaultVersionWhenUnspecified = true;
            options.ApiVersionReader = ApiVersionReader.Combine(new UrlSegmentApiVersionReader(),
                new QueryStringApiVersionReader("version"),
                new QueryStringApiVersionReader("version"),
                new MediaTypeApiVersionReader("version"));
        })
        .AddApiExplorer(options =>
        {
            options.GroupNameFormat = "'v'VVV";
            options.SubstituteApiVersionInUrl = true;
        });
        var urls = configuration["ASPNETCORE_URLS"] ?? configuration["Urls"];
        var healthUrl = "http://localhost:8080/health";
        if (!string.IsNullOrWhiteSpace(urls))
        {
            string firstUrl = urls.Split(';').FirstOrDefault(s => s.Contains("http://"))!
                .Replace("0.0.0.0", "localhost")
                .Replace("*", "localhost")
                .Replace("+", "localhost");
            healthUrl = $"{firstUrl.TrimEnd('/')}/health";
        }
        services.AddHealthChecksUI(setup =>
        {
            setup.SetNotifyUnHealthyOneTimeUntilChange();
            setup.AddHealthCheckEndpoint("primary, heal", healthUrl);
            setup.SetHeaderText("Midrand Books");
        })
        .AddInMemoryStorage();
        services.AddOutputCache(options =>
        {
            options.AddBasePolicy(builder => builder.Cache());
            options.DefaultExpirationTimeSpan = TimeSpan.FromSeconds(10);
        });
        services.AddOpenApi(options => options.AddDocumentTransformer<OpenApiBearerSecuritySchemeTransformer>());
        return services;
    }
    public static IApplicationBuilder MapEndpoints(this WebApplication app, IDictionary<int, RouteGroupBuilder> versionGroups)
    {
        var endpoints = app.Services.GetRequiredService<IEnumerable<IEndpoint>>();
        foreach (var endpoint in endpoints)
        {
            var versionAttributes = endpoint.GetType().GetCustomAttributes<ApiVersionTargetAttribute>().ToList();
            if (versionAttributes.Count != 0)
            {
                foreach (var attr in versionAttributes)
                    if (versionGroups.TryGetValue(attr.MajorVersion, out var targetGroup))
                        endpoint.Map(targetGroup);
            }
            else
                endpoint.Map(app);
        }
        return app;
    }
    public static IServiceCollection AddEndpoints(this IServiceCollection services, Assembly assembly)
    {
        ServiceDescriptor[] discriptors = [.. assembly.DefinedTypes
            .Where(t => t is { IsInterface: false, IsAbstract: false })
            .Where(t => t.IsAssignableTo(typeof(IEndpoint)))
            .Select(t => ServiceDescriptor.Transient(typeof(IEndpoint), t))];
        services.TryAddEnumerable(discriptors);
        return services;
    }
    public static string ToEndpointName(this Type target, string? annotation = "") =>
        $"{target.Name.Replace("Endpoint", string.Empty)}{annotation}".ToLower(CultureInfo.CurrentCulture);
 }
@@ -1,6 +1,5 @@
 using LiteCharms.Features.Hasher;
 using LiteCharms.Features.Hasher.Configuration;
 using LiteCharms.Features.Models;
 namespace LiteCharms.Features.Extensions;
@@ -21,82 +20,4 @@ public static class Hash
        return services;
    }    
    public static string ToRawPayfastPayload(this PayfastWebhookPayload input, string passphrase)
    {
        var parameters = new List<string>();
        if (!string.IsNullOrWhiteSpace(input.Amount))
            parameters.Add($"amount={WebUtility.UrlEncode(input.Amount)}");
        if (!string.IsNullOrWhiteSpace(input.ItemName))
            parameters.Add($"item_name={WebUtility.UrlEncode(input.ItemName)}");
        if (!string.IsNullOrWhiteSpace(input.MPaymentId))
            parameters.Add($"m_payment_id={WebUtility.UrlEncode(input.MPaymentId)}");
        string payload = string.Join("&", parameters);
        if (!string.IsNullOrWhiteSpace(passphrase))
            payload += $"&passphrase={WebUtility.UrlEncode(passphrase)}";
        return payload;
    }
    public static (PayfastWebhookPayload Payload, string Passphrase) FromRawPayfastPayload(this string rawPayload)
    {
        string passphrase = string.Empty;
        var payload = new PayfastWebhookPayload();
        if (string.IsNullOrWhiteSpace(rawPayload)) return (payload, passphrase);
        var segments = rawPayload.Split('&', StringSplitOptions.RemoveEmptyEntries);
        foreach (var segment in segments)
        {
            int delimiterIndex = segment.IndexOf('=');
            if (delimiterIndex == -1)
                continue;
            string key = segment[..delimiterIndex].Trim();
            string rawValue = segment[(delimiterIndex + 1)..];
            string decodedValue = WebUtility.UrlDecode(rawValue);
            switch (key.ToLowerInvariant())
            {
                case "amount":
                    payload.Amount = decodedValue;
                    break;
                case "item_name":
                    payload.ItemName = decodedValue;
                    break;
                case "m_payment_id":
                    payload.MPaymentId = decodedValue;
                    break;
                case "passphrase":
                    passphrase = decodedValue;
                    break;
            }
        }
        return (payload, passphrase);
    }
    public static (PayfastWebhookPayload Payload, string Passphrase) FromRawPayfastPayload(this IFormCollection form)
    {
        string passphrase = string.Empty;
        var payload = new PayfastWebhookPayload();
        if (form.IsNullOrEmpty()) return (payload, passphrase);
        payload = new PayfastWebhookPayload
        {
            Amount = form.TryGetValue("amount", out var amountValues) ? amountValues.ToString() : null,
            ItemName = form.TryGetValue("item_name", out var itemValues) ? itemValues.ToString() : null,
            MPaymentId = form.TryGetValue("m_payment_id", out var paymentIdValues) ? paymentIdValues.ToString() : null,
        };
        return (payload, passphrase);
    }
 }
@@ -1,5 +1,5 @@
-using LiteCharms.Features.Quartz;
+using LiteCharms.Features.Abstractions;
-using LiteCharms.Features.Quartz.Abstractions;
+using LiteCharms.Features.Quartz;
 using static LiteCharms.Features.Extensions.Postgres;
 namespace LiteCharms.Features.Extensions;
@@ -1,14 +1,10 @@
 using LiteCharms.Features.Abstractions;
 using LiteCharms.Features.Hasher.Configuration;
 using LiteCharms.Features.Models;
 namespace LiteCharms.Features.Hasher;
-public sealed partial class HashService(IHashids hasher, IOptions<HasherSettings> options) : IService
+public sealed partial class HashService(IHashids hasher) : IService
 {
-    private readonly HasherSettings settings = options.Value;
+    [GeneratedRegex(@"\A\b[0-9a-fA-F]+\b\Z", RegexOptions.None, matchTimeoutMilliseconds: 100)]
    [GeneratedRegex(@"\A\b[0-9a-fA-F]+\b\Z")]
    private static partial Regex HexHashRegex { get; }
    [GeneratedRegex(@"\A[0-9a-fA-F]{32}\Z", RegexOptions.None, matchTimeoutMilliseconds: 100)]
@@ -41,44 +37,6 @@ public sealed partial class HashService(IHashids hasher, IOptions<HasherSettings
        return Result.Ok(Convert.ToHexString(bytes).ToLowerInvariant());
    }
    public Result<bool> VerifyPayfastWebhookSignature(PayfastWebhookPayload payload, string incomingSignature)
    {
        try
        {
            if (string.IsNullOrWhiteSpace(incomingSignature))
                return Result.Fail<bool>("Validation failed: Missing signature string parameter.");
            var parameters = new List<string>();
            if (!string.IsNullOrWhiteSpace(payload.Amount))
                parameters.Add($"amount={WebUtility.UrlEncode(payload.Amount)}");
            if (!string.IsNullOrWhiteSpace(payload.ItemName))
                parameters.Add($"item_name={WebUtility.UrlEncode(payload.ItemName)}");
            if (!string.IsNullOrWhiteSpace(payload.MPaymentId))
                parameters.Add($"m_payment_id={WebUtility.UrlEncode(payload.MPaymentId)}");
            string signatureString = string.Join("&", parameters);
            if (!string.IsNullOrWhiteSpace(settings.PayfastPassphrase))
                signatureString += $"&passphrase={WebUtility.UrlEncode(settings.PayfastPassphrase)}";
            var localHashResult = ToMd5Hash(signatureString);
            if (!localHashResult.IsSuccess)
                return Result.Fail<bool>(localHashResult.Errors);
            bool isValid = string.Equals(localHashResult.Value, incomingSignature, StringComparison.OrdinalIgnoreCase);
            return Result.Ok(isValid);
        }
        catch (Exception ex)
        {
            return Result.Fail<bool>(new Error("An error occurred during Payfast MD5 verification.").CausedBy(ex));
        }
    }
    public Result<string> HashEncodeHex(string input) => string.IsNullOrWhiteSpace(input) || !HexHashRegex.IsMatch(input)
            ? Result.Fail<string>("Input must be a valid hexadecimal string.")
            : Result.Ok(hasher.EncodeHex(input));
@@ -29,10 +29,42 @@
    <None Include="..\icon.png" Pack="true" PackagePath="\" />
  </ItemGroup>
  <!-- Security (IODC)-->
  <ItemGroup>
    <PackageReference Include="IdentityModel.AspNetCore" Version="4.3.0" />
    <PackageReference Include="IdentityModel.AspNetCore.OAuth2introspection" Version="6.2.0" />
    <PackageReference Include="IdentityServer4.AccessTokenValidation" Version="3.0.1" />
    <PackageReference Include="IdentityModel" Version="6.2.0" />
    <PackageReference Include="Microsoft.AspNetCore.Authentication.Certificate" Version="10.0.8" />
    <PackageReference Include="Microsoft.AspNetCore.Authentication.JwtBearer" Version="10.0.8" />
    <Using Include="IdentityModel.AspNetCore.OAuth2Introspection"/>
  </ItemGroup>
  <!-- API Versioning -->
  <ItemGroup>
    <PackageReference Include="AccessTokenClient.Extensions" Version="5.1.0" />
    <PackageReference Include="Asp.Versioning.Abstractions" Version="10.0.0" />
    <PackageReference Include="Asp.Versioning.Http" Version="10.0.0" />
    <PackageReference Include="Asp.Versioning.Mvc.ApiExplorer" Version="10.0.0" />
    <Using Include="Asp.Versioning" />
  </ItemGroup>
  <!-- API Documentation -->
  <ItemGroup>
    <PackageReference Include="Microsoft.AspNetCore.OpenApi" Version="10.0.8" />
    <PackageReference Include="Scalar.AspNetCore" Version="2.14.14" />
    <Using Include="Scalar.AspNetCore" />
    <Using Include="Microsoft.OpenApi" />
    <Using Include="Microsoft.AspNetCore.OpenApi" />
  </ItemGroup>
  <!-- Quartz Scheduler-->
  <ItemGroup>    
    <PackageReference Include="Hashids.net" Version="1.7.0" />    
-    <PackageReference Include="Meziantou.Analyzer" Version="3.0.96">
+    <PackageReference Include="Meziantou.Analyzer" Version="3.0.98">
      <PrivateAssets>all</PrivateAssets>
      <IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
    </PackageReference>    
@@ -105,7 +137,7 @@
      <PrivateAssets>all</PrivateAssets>
      <IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
    </PackageReference>
-    <PackageReference Include="Npgsql.EntityFrameworkCore.PostgreSQL" Version="10.0.1" />
+    <PackageReference Include="Npgsql.EntityFrameworkCore.PostgreSQL" Version="10.0.2" />
    <!-- Global Usings -->
    <Using Include="Npgsql" />
@@ -116,8 +148,8 @@
  <!-- Email -->
  <ItemGroup>
-    <PackageReference Include="MailKit" Version="4.16.0" />
+    <PackageReference Include="MailKit" Version="4.17.0" />
-    <PackageReference Include="MimeKit" Version="4.16.0" />
+    <PackageReference Include="MimeKit" Version="4.17.0" />
    <!-- Global Usings-->
    <Using Include="MimeKit" />
@@ -136,8 +168,8 @@
  <!-- Amazon S3 SDK -->
  <ItemGroup>
-    <PackageReference Include="AWSSDK.Extensions.NetCore.Setup" Version="4.0.4.1" />
+    <PackageReference Include="AWSSDK.Extensions.NetCore.Setup" Version="4.0.4.3" />
-    <PackageReference Include="AWSSDK.S3" Version="4.0.23.4" />
+    <PackageReference Include="AWSSDK.S3" Version="4.0.24" />
    <!-- global Usings -->
    <Using Include="Amazon.S3" />
@@ -147,6 +179,10 @@
  <!-- Shared Usings -->
  <ItemGroup>
    <Using Include="System.Reflection" />
    <Using Include="Microsoft.Extensions.DependencyInjection.Extensions" />
    <Using Include="Microsoft.AspNetCore.Routing" />
    <Using Include="System.Web" />
    <Using Include="Microsoft.IdentityModel.Tokens" />
    <Using Include="Microsoft.AspNetCore.Http" />
    <Using Include="HashidsNet" />
@@ -1,8 +0,0 @@
 namespace LiteCharms.Features.Models;
 public sealed class PayfastWebhookPayload
 {
    public string? Amount { get; set; }
    public string? ItemName { get; set; }
    public string? MPaymentId { get; set; }
 }
@@ -1,12 +0,0 @@
 using LiteCharms.Features.Abstractions;
 namespace LiteCharms.Features.Quartz.Abstractions;
 public interface IJobOrchestrator
 {
    Task SendAsync<TNotification>(TNotification notification, CancellationToken cancellationToken = default)
        where TNotification : IEvent;
    Task ScheduleAsync<TNotification>(TNotification notification, string cronExpression, CancellationToken cancellationToken = default) 
        where TNotification : IEvent;
 }
@@ -1,11 +1,10 @@
 using LiteCharms.Features.Abstractions;
 using LiteCharms.Features.Quartz.Abstractions;
 namespace LiteCharms.Features.Quartz;
 public sealed class JobOrchestrator(ISchedulerFactory schedulerFactory) : IJobOrchestrator
 {
-    public async Task SendAsync<TNotification>(TNotification notification, CancellationToken cancellationToken = default)
+    public async ValueTask SendAsync<TNotification>(TNotification notification, CancellationToken cancellationToken = default)
        where TNotification : IEvent
    {
        var chainedJobGroup = "onetime-jobs";
@@ -19,6 +18,7 @@ public sealed class JobOrchestrator(ISchedulerFactory schedulerFactory) : IJobOr
            .WithDescription($"Correlation ID: {notification.CorrelationId}")
            .UsingJobData(new JobDataMap { ["Payload"] = JsonSerializer.Serialize(notification) })
            .DisallowConcurrentExecution()
            .RequestRecovery()
            .Build();
        var trigger = global::Quartz.TriggerBuilder.Create()
@@ -29,7 +29,7 @@ public sealed class JobOrchestrator(ISchedulerFactory schedulerFactory) : IJobOr
        await scheduler.ScheduleJob(job, new List<ITrigger> { trigger }.AsReadOnly(), replace: true, cancellationToken);
    }
-    public async Task ScheduleAsync<TNotification>(TNotification notification, string cronExpression, CancellationToken cancellationToken = default)
+    public async ValueTask ScheduleAsync<TNotification>(TNotification notification, string cronExpression, CancellationToken cancellationToken = default)
        where TNotification : IEvent
    {
        var chainedJobGroup = "scheduled-jobs";
@@ -63,4 +63,25 @@ public sealed class JobOrchestrator(ISchedulerFactory schedulerFactory) : IJobOr
        else
            await scheduler.ScheduleJob(job, new List<ITrigger> { trigger }.AsReadOnly(), replace: true, cancellationToken);
    }
    public async ValueTask<bool> InterruptAsync(string eventName, string? correlationId = null, CancellationToken cancellationToken = default)
    {
        var scheduler = await schedulerFactory.GetScheduler(cancellationToken);
        var jobKeyName = string.Empty;
        var jobGroup = string.Empty;
        if (!string.IsNullOrWhiteSpace(correlationId))
        {
            jobKeyName = $"{eventName.ToLower(CultureInfo.InvariantCulture)}-{correlationId.ToLower(CultureInfo.InvariantCulture)}";
            jobGroup = "onetime-jobs";
        }
        else
        {
            jobKeyName = eventName.ToLower(CultureInfo.InvariantCulture);
            jobGroup = "scheduled-jobs";
        }
        return await scheduler.Interrupt(JobKey.Create(jobKeyName, jobGroup), cancellationToken);
    }
 }
@@ -8,6 +8,9 @@ public sealed class MediatorJob<TNotification>(IMediator mediator) : IJob where
 {
    public async Task Execute(IJobExecutionContext context)
    {
        if (context.Recovering)
            Trace.WriteLine($"CRITICAL RECOVERY: Resurrecting job '{typeof(TNotification).Name}' after a previous cluster node crashed mid-execution.");
        var data = context.MergedJobDataMap["Payload"] as string;
        if (string.IsNullOrWhiteSpace(data))
@@ -21,17 +24,28 @@ public sealed class MediatorJob<TNotification>(IMediator mediator) : IJob where
        if (notification is null)
        {
-            Trace.WriteLine("Notification could not be JSon converted from data string, job ended");
+            Trace.WriteLine("Notification could not be Json converted from data string, job ended");
            return;
        }
-        using var activity = MediatorTelemetry.Source.StartActivity($"Quartz: {typeof(TNotification).Name}");
+        using var activity = MediatorTelemetry.Source.StartActivity(typeof(TNotification).Name);
        activity?.SetTag("event.correlation_id", notification.CorrelationId);
-        await mediator.Publish(notification, context.CancellationToken);
+        try
        {
            await mediator.Publish(notification, context.CancellationToken);
-        Trace.WriteLine("Job published");
+            Trace.WriteLine("Job published successfully");
        }
        catch (OperationCanceledException) when (context.CancellationToken.IsCancellationRequested)
        {
            Trace.WriteLine($"Job '{typeof(TNotification).Name}' was gracefully interrupted by the cluster control plane.");
            activity?.SetStatus(ActivityStatusCode.Ok);
            return;
        }
    }
 }
@@ -12,6 +12,9 @@ public sealed class RetryJobListener : IJobListener
    public async Task JobWasExecuted(IJobExecutionContext context, JobExecutionException? jobException, CancellationToken cancellationToken = default)
    {
        if (context.CancellationToken.IsCancellationRequested)
            return;
        if (jobException is not null && context.RefireCount < RetryCount)
            jobException.RefireImmediately = true;
    }
Author	SHA1	Message	Date
khwezi	84d33d3607	Merge pull request 'Refactored authentication' (#71 ) from payments into master Reviewed-on: #71	2026-06-04 08:48:15 +02:00
Khwezi Mngoma	8f97d7cf38	Refactored authentication continuous-integration/drone/pr Build is passing Details	2026-06-04 08:47:18 +02:00
khwezi	f51cc03327	Merge pull request 'Disabled caching' (#70 ) from payments into master Reviewed-on: #70	2026-06-03 17:49:04 +02:00
Khwezi Mngoma	652ca82a57	Disabled caching continuous-integration/drone/pr Build is passing Details	2026-06-03 17:48:38 +02:00
khwezi	aff6fcabf4	Merge pull request 'payments' (#69 ) from payments into master Reviewed-on: #69	2026-06-03 17:38:45 +02:00
Khwezi Mngoma	a50830ffaa	Refactored auth continuous-integration/drone/pr Build is passing Details	2026-06-03 17:37:56 +02:00
Khwezi Mngoma	ee6f8a283e	Refactored oauth registration	2026-06-03 17:37:33 +02:00
khwezi	8140b5fe65	Merge pull request 'Added authentik configuration and service registration' (#68 ) from payments into master Reviewed-on: #68	2026-06-03 12:53:55 +02:00
Khwezi Mngoma	fda97db5fa	Added authentik configuration and service registration continuous-integration/drone/pr Build is passing Details	2026-06-03 12:52:59 +02:00
khwezi	9285cedfa9	Merge pull request 'Refactored token message' (#67 ) from payments into master Reviewed-on: #67	2026-06-03 12:16:31 +02:00
Khwezi Mngoma	29574f4df0	Refactored token message continuous-integration/drone/pr Build is passing Details	2026-06-03 12:15:31 +02:00
khwezi	343874551a	Merge pull request 'Added 0.0.0.0 health checks url transformation' (#66 ) from payments into master Reviewed-on: #66	2026-06-03 11:24:02 +02:00
Khwezi Mngoma	b4a48c9cbf	Added 0.0.0.0 health checks url transformation continuous-integration/drone/pr Build is passing Details	2026-06-03 11:23:13 +02:00
khwezi	0eac9d533f	Merge pull request 'payments' (#65 ) from payments into master Reviewed-on: #65	2026-06-03 11:12:10 +02:00
Khwezi Mngoma	961f03c1c7	Added guardrails around the cluster as well as software level continuous-integration/drone/pr Build is passing Details	2026-06-03 11:11:22 +02:00
Khwezi Mngoma	a0cf847e51	Added job interruption handling	2026-06-03 10:40:29 +02:00
khwezi	24ba609e0c	Merge pull request 'Excluded http environment from checkin' (#64 ) from payments into master Reviewed-on: #64	2026-06-03 00:51:30 +02:00
Khwezi Mngoma	4bac14881d	Excluded http environment from checkin continuous-integration/drone/pr Build is passing Details	2026-06-03 00:50:20 +02:00
khwezi	29f6d66c44	Merge pull request 'Fixed tests' (#63 ) from payments into master Reviewed-on: #63	2026-06-03 00:41:26 +02:00
Khwezi Mngoma	fd6057d691	Fixed tests continuous-integration/drone/pr Build is passing Details	2026-06-03 00:41:02 +02:00
khwezi	bcfc9ef962	Merge pull request 'Added loopback address whitelisting override' (#62 ) from payments into master Reviewed-on: #62	2026-06-03 00:38:29 +02:00
Khwezi Mngoma	7961d934ba	Added loopback address whitelisting override continuous-integration/drone/pr Build is failing Details	2026-06-03 00:37:59 +02:00
khwezi	b4e967acc9	Merge pull request 'payments' (#61 ) from payments into master Reviewed-on: #61	2026-06-03 00:23:22 +02:00
Khwezi Mngoma	0a95df4c39	Added midrand shop .http test folder continuous-integration/drone/pr Build is passing Details	2026-06-03 00:22:44 +02:00
Khwezi Mngoma	ad9fa0ab91	Added http test folder to features test project	2026-06-03 00:21:57 +02:00
Khwezi Mngoma	4df903e456	Added shared api feature	2026-06-03 00:20:46 +02:00
khwezi	205bbb9f3f	Merge pull request 'payments' (#60 ) from payments into master Reviewed-on: #60	2026-06-02 23:48:29 +02:00
Khwezi Mngoma	763d24f11f	Updated nuget packages continuous-integration/drone/pr Build is passing Details	2026-06-02 23:47:10 +02:00
Khwezi Mngoma	0ed04211bf	Added payment gateway ledger service to payments feature	2026-06-02 23:44:45 +02:00
khwezi	73ef4b04a9	Merge pull request 'Used scope to inject services' (#59 ) from payments into master Reviewed-on: #59	2026-06-02 00:03:50 +02:00
Khwezi Mngoma	5ab2d29aac	Used scope to inject services continuous-integration/drone/pr Build is passing Details	2026-06-02 00:03:01 +02:00
khwezi	780415b6d4	Merge pull request 'Fixed event service scope issue' (#58 ) from payments into master Reviewed-on: #58	2026-06-01 23:33:11 +02:00
Khwezi Mngoma	139ca1f866	Fixed event service scope issue continuous-integration/drone/pr Build is passing Details	2026-06-01 23:32:35 +02:00