Merge pull request 'Fixed tests' (#63 ) from payments into master

Reviewed-on: #63
Fixed tests
2026-06-03 00:41:26 +02:00 · 2026-06-03 00:41:02 +02:00 · 2026-06-03 00:38:29 +02:00 · 2026-06-03 00:37:59 +02:00 · 2026-06-03 00:23:22 +02:00 · 2026-06-03 00:22:44 +02:00
13 changed files with 195 additions and 13 deletions
@@ -360,4 +360,5 @@ MigrationBackup/
 .ionide/

 # Fody - auto-generated XML schema
-FodyWeavers.xsd
+FodyWeavers.xsd
+/LiteCharms.Features.Tests/http/http-client.env.json
@@ -37,7 +37,7 @@ public sealed class PayfastServiceFeatureTests(Fixture fixture) : IClassFixture<

        string liveTargetIp = addresses.First().ToString();

-        var result = await payfastService.ValidateReferrerIpAsync(liveTargetIp, fixture.CancellationToken);
+        var result = await payfastService.ValidateReferrerIpAsync(liveTargetIp, true, fixture.CancellationToken);

        Assert.True(result.IsSuccess);
        Assert.True(result.Value);
@@ -48,7 +48,7 @@ public sealed class PayfastServiceFeatureTests(Fixture fixture) : IClassFixture<
    {
        string rogueIp = "8.8.8.8";

-        var result = await payfastService.ValidateReferrerIpAsync(rogueIp, fixture.CancellationToken);
+        var result = await payfastService.ValidateReferrerIpAsync(rogueIp, true, fixture.CancellationToken);

        Assert.True(result.IsSuccess);
        Assert.False(result.Value);
@@ -87,7 +87,7 @@ public sealed class PayfastServiceFeatureTests(Fixture fixture) : IClassFixture<

        var result = await payfastService.ValidateServerConfirmationAsync(arbitraryParameters, isSandbox: true, fixture.CancellationToken);

-        Assert.True(result.IsSuccess); 
+        Assert.True(result.IsSuccess);
        Assert.False(result.Value);   // Handshake data rejected as fraudulent/unrecognized
    }

@@ -61,7 +61,7 @@ public sealed class PayfastPaymentConfirmationReceivedEventHandler(IServiceProvi

        if (notification.PerformBackgroundChecks)
        {
-            var isHostValid = await payfastService.ValidateReferrerIpAsync(notification.RemoteIpAddress!, cancellationToken);
+            var isHostValid = await payfastService.ValidateReferrerIpAsync(notification.RemoteIpAddress!, notification.AllowLoopback, cancellationToken);

            if (isHostValid.IsFailed) 
                throw new Exception("Security validation exception: Webhook packet source address failed cluster validation checks.");
@@ -13,15 +13,18 @@ public sealed class PayfastPaymentConfirmationReceivedEvent : EventBase, IEvent

    public bool PerformBackgroundChecks { get; set; }

+    public bool AllowLoopback { get; set; }
+
    public PayfastPaymentConfirmationReceivedEvent() { }

-    private PayfastPaymentConfirmationReceivedEvent(PayfastWebhookPayload? payload, string paymentId, bool performBackgroundChecks = true)
+    private PayfastPaymentConfirmationReceivedEvent(PayfastWebhookPayload? payload, string paymentId, bool performBackgroundChecks = true, bool allowLoopback = false)
    {
        Payload = payload;
        CorrelationId = paymentId;
        PerformBackgroundChecks = performBackgroundChecks;
+        AllowLoopback = allowLoopback;
    }

-    public static PayfastPaymentConfirmationReceivedEvent Create(PayfastWebhookPayload? payload, string paymentId, bool performBackgroundChecks = true) =>
-        new(payload, paymentId, performBackgroundChecks);
+    public static PayfastPaymentConfirmationReceivedEvent Create(PayfastWebhookPayload? payload, string paymentId, bool performBackgroundChecks = true, bool allowLoopback = false) =>
+        new(payload, paymentId, performBackgroundChecks, allowLoopback);
 }
@@ -49,7 +49,7 @@ public sealed partial class PayfastService(IDbContextFactory<MidrandBooksDbConte
        }
    }

-    public async ValueTask<Result<bool>> ValidateReferrerIpAsync(string remoteIpAddress, CancellationToken cancellationToken = default)
+    public async ValueTask<Result<bool>> ValidateReferrerIpAsync(string remoteIpAddress, bool allowLoopback = false, CancellationToken cancellationToken = default)
    {
        if (string.IsNullOrWhiteSpace(remoteIpAddress)) 
            return Result.Fail<bool>("Remote IP address is null or whitespace.");
@@ -74,6 +74,12 @@ public sealed partial class PayfastService(IDbContextFactory<MidrandBooksDbConte

            if (IPAddress.TryParse(remoteIpAddress, out var incomingIp))
            {
+                if (allowLoopback && IPAddress.IsLoopback(incomingIp))
+                {
+                    logger.LogInformation("Local development loopback IP '{RemoteIp}' allowed bypassing DNS verification.", remoteIpAddress);
+                    return Result.Ok(true);
+                }
+
                bool isValid = validIps.Contains(incomingIp);

                if (!isValid)
@@ -0,0 +1,8 @@
+## Payfast Payment Confirmation
+# This endpoint is used by Payfast to confirm the payment status of a transaction. 
+# It receives a POST request with the payment details and updates the order status accordingly.
+
+POST {{baseUrl}}/v1/payments/payfast/confirm
+Content-Type: application/x-www-form-urlencoded
+
+amount={{amount}}&item_name={{item_name}}&m_payment_id={{paymentId}}&signature={{signature}}
@@ -0,0 +1,16 @@
+{
+  "local": {
+    "baseUrl": "https://localhost:7196",
+    "paymentId": "jdPB2zaKM3Z",
+    "signature": "6aeff59bb74f2448ff2c3d81b2ec95de",
+    "item_name": "System Architecture Book",
+    "amount": "350.00"
+  },
+  "uat": {
+    "baseUrl": "https://api.uat.midrandbooks.co.za",
+    "paymentId": "jdPB2zaKM3Z",
+    "signature": "6aeff59bb74f2448ff2c3d81b2ec95de",
+    "item_name": "System Architecture Book",
+    "amount": "350.00"
+  }
+}
@@ -0,0 +1,6 @@
+namespace LiteCharms.Features.Abstractions;
+
+public interface IEndpoint
+{
+    void Map(IEndpointRouteBuilder builder);
+}
@@ -0,0 +1,7 @@
+namespace LiteCharms.Features.Api;
+
+[AttributeUsage(AttributeTargets.Class, AllowMultiple = true)]
+public sealed class ApiVersionTargetAttribute(int majorVersion) : Attribute
+{
+    public int MajorVersion { get; } = majorVersion;
+}
@@ -0,0 +1,16 @@
+namespace LiteCharms.Features.Api;
+
+public sealed class OpenApiBearerSecuritySchemeTransformer : IOpenApiDocumentTransformer
+{
+    public async Task TransformAsync(OpenApiDocument document, OpenApiDocumentTransformerContext context, CancellationToken cancellationToken)
+    {
+        var bearerScheme = new OpenApiSecurityScheme
+        {
+            Type = SecuritySchemeType.Http,
+            Scheme = "bearer",
+            Description = "JWT Authorization header using the Bearer scheme. Example: \"Bearer {token}\"",
+        };
+
+        document.AddComponent("Bearer", bearerScheme);
+    }
+}
@@ -7,25 +7,25 @@ public sealed class EmailEnquiryModel
    [Required]
    [MinLength(2)]
    [MaxLength(255)]
-    [Display(Name = "Full Name")]
+    [System.ComponentModel.DataAnnotations.Display(Name = "Full Name")]
    public string? FullName { get; set; }

    [Required]
    [EmailAddress]
    [MinLength(5)]
    [MaxLength(255)]
-    [Display(Name = "Email Address")]
+    [System.ComponentModel.DataAnnotations.Display(Name = "Email Address")]
    public string? EmailAddress { get; set; }

    [Required]
    [MinLength(2)]
    [MaxLength(255)]
-    [Display(Name = "Subject")]
+    [System.ComponentModel.DataAnnotations.Display(Name = "Subject")]
    public string? EmailSubject { get; set; }

    [Required]
    [MinLength(2)]
    [MaxLength(2000)]
-    [Display(Name = "Message")]
+    [System.ComponentModel.DataAnnotations.Display(Name = "Message")]
    public string? Message { get; set; }
 }
@@ -0,0 +1,96 @@
+using LiteCharms.Features.Abstractions;
+using LiteCharms.Features.Api;
+
+namespace LiteCharms.Features.Extensions;
+
+public static class Api
+{
+    public const string Books = nameof(Books);
+    public const string Payments = nameof(Payments);
+
+    public static IApplicationBuilder MapEndpoints(this WebApplication app, IDictionary<int, RouteGroupBuilder> versionGroups)
+    {
+        var endpoints = app.Services.GetRequiredService<IEnumerable<IEndpoint>>();
+
+        foreach (var endpoint in endpoints)
+        {
+            var versionAttributes = endpoint.GetType().GetCustomAttributes<ApiVersionTargetAttribute>().ToList();
+
+            if (versionAttributes.Count != 0)
+            {
+                foreach (var attr in versionAttributes)
+                    if (versionGroups.TryGetValue(attr.MajorVersion, out var targetGroup))
+                        endpoint.Map(targetGroup);
+            }
+            else
+                endpoint.Map(app);
+        }
+
+        return app;
+    }
+
+    public static IServiceCollection AddEndpoints(this IServiceCollection services, Assembly assembly)
+    {
+        ServiceDescriptor[] discriptors = [.. assembly.DefinedTypes
+            .Where(t => t is { IsInterface: false, IsAbstract: false })
+            .Where(t => t.IsAssignableTo(typeof(IEndpoint)))
+            .Select(t => ServiceDescriptor.Transient(typeof(IEndpoint), t))];
+
+        services.TryAddEnumerable(discriptors);
+
+        return services;
+    }
+
+    public static string ToEndpointName(this Type target, string? annotation = "") =>
+        $"{target.Name.Replace("Endpoint", string.Empty)}{annotation}".ToLower(CultureInfo.CurrentCulture);
+
+    public static IServiceCollection AddApiServices(this IServiceCollection services, IConfiguration configuration)
+    {
+        services.AddHttpClient();
+
+        services.AddApiVersioning(options =>
+        {
+            options.DefaultApiVersion = new ApiVersion(1);
+            options.ReportApiVersions = true;
+            options.AssumeDefaultVersionWhenUnspecified = true;
+            options.ApiVersionReader = ApiVersionReader.Combine(new UrlSegmentApiVersionReader(),
+                new QueryStringApiVersionReader("version"),
+                new QueryStringApiVersionReader("version"),
+                new MediaTypeApiVersionReader("version"));
+        })
+        .AddApiExplorer(options =>
+        {
+            options.GroupNameFormat = "'v'VVV";
+            options.SubstituteApiVersionInUrl = true;
+        });
+
+        var urls = configuration["ASPNETCORE_URLS"] ?? configuration["Urls"];
+        var healthUrl = "http://localhost:8080/health";
+
+        if (!string.IsNullOrWhiteSpace(urls))
+        {
+            string firstUrl = urls.Split(';').FirstOrDefault(s => s.Contains("http://"))!
+                .Replace("*", "localhost").Replace("+", "localhost");
+
+            healthUrl = $"{firstUrl.TrimEnd('/')}/health";
+        }
+
+        services.AddHealthChecksUI(setup =>
+        {
+            setup.SetNotifyUnHealthyOneTimeUntilChange();
+            setup.AddHealthCheckEndpoint("primary, heal", healthUrl);
+            setup.SetHeaderText("Midrand Books");
+        })
+        .AddInMemoryStorage();
+
+        services.AddOutputCache(options =>
+        {
+            options.AddBasePolicy(builder => builder.Cache());
+            options.DefaultExpirationTimeSpan = TimeSpan.FromSeconds(10);
+        });
+
+        services.AddOpenApi(options => options.AddDocumentTransformer<OpenApiBearerSecuritySchemeTransformer>());
+
+        return services;
+    }
+}
@@ -29,6 +29,26 @@
    <None Include="..\icon.png" Pack="true" PackagePath="\" />
  </ItemGroup>

+  <!-- API Versioning -->
+  <ItemGroup>
+    <PackageReference Include="AccessTokenClient.Extensions" Version="5.1.0" />
+    <PackageReference Include="Asp.Versioning.Abstractions" Version="10.0.0" />
+    <PackageReference Include="Asp.Versioning.Http" Version="10.0.0" />
+    <PackageReference Include="Asp.Versioning.Mvc.ApiExplorer" Version="10.0.0" />
+
+    <Using Include="Asp.Versioning" />
+  </ItemGroup>
+
+  <!-- API Documentation -->
+  <ItemGroup>
+    <PackageReference Include="Microsoft.AspNetCore.OpenApi" Version="10.0.8" />
+    <PackageReference Include="Scalar.AspNetCore" Version="2.14.14" />
+
+    <Using Include="Scalar.AspNetCore" />
+    <Using Include="Microsoft.OpenApi" />
+    <Using Include="Microsoft.AspNetCore.OpenApi" />
+  </ItemGroup>
+
  <!-- Quartz Scheduler-->
  <ItemGroup>    
    <PackageReference Include="Hashids.net" Version="1.7.0" />    
@@ -147,6 +167,9 @@

  <!-- Shared Usings -->
  <ItemGroup>
+    <Using Include="System.Reflection" />
+    <Using Include="Microsoft.Extensions.DependencyInjection.Extensions" />
+    <Using Include="Microsoft.AspNetCore.Routing" />
    <Using Include="System.Web" />
    <Using Include="Microsoft.IdentityModel.Tokens" />
    <Using Include="Microsoft.AspNetCore.Http" />
Author	SHA1	Message	Date
khwezi	29f6d66c44	Merge pull request 'Fixed tests' (#63 ) from payments into master Reviewed-on: #63	2026-06-03 00:41:26 +02:00
Khwezi Mngoma	fd6057d691	Fixed tests continuous-integration/drone/pr Build is passing Details	2026-06-03 00:41:02 +02:00
khwezi	bcfc9ef962	Merge pull request 'Added loopback address whitelisting override' (#62 ) from payments into master Reviewed-on: #62	2026-06-03 00:38:29 +02:00
Khwezi Mngoma	7961d934ba	Added loopback address whitelisting override continuous-integration/drone/pr Build is failing Details	2026-06-03 00:37:59 +02:00
khwezi	b4e967acc9	Merge pull request 'payments' (#61 ) from payments into master Reviewed-on: #61	2026-06-03 00:23:22 +02:00
Khwezi Mngoma	0a95df4c39	Added midrand shop .http test folder continuous-integration/drone/pr Build is passing Details	2026-06-03 00:22:44 +02:00
Khwezi Mngoma	ad9fa0ab91	Added http test folder to features test project	2026-06-03 00:21:57 +02:00
Khwezi Mngoma	4df903e456	Added shared api feature	2026-06-03 00:20:46 +02:00