LiteCharms.Features.MidrandBooks/LiteCharms.Features.MidrandBooks.csproj

@@ -148,6 +148,7 @@
 
   <!-- Shared Usings -->
   <ItemGroup>
+    <Using Include="Microsoft.AspNetCore.Http" />
     <Using Include="System.Net.Sockets" />
     <Using Include="System.Text.RegularExpressions" />
     <Using Include="System.Web" />

LiteCharms.Features.MidrandBooks/Payments/PayfastService.cs

@@ -48,6 +48,41 @@ public sealed partial class PayfastService(IDbContextFactory<MidrandBooksDbConte
         }
     }
 
+    public static bool VerifyIncomingSignature(HttpRequest request, string passphrase)
+    {
+        var formFields = new Dictionary<string, string>(StringComparer.Ordinal);
+
+        foreach (var file in request.Form)
+            formFields.Add(file.Key, file.Value.ToString());
+
+        if (!formFields.TryGetValue("signature", out string? incomingSignature))
+            return false;
+
+        var stringBuilder = new StringBuilder();
+
+        foreach (var key in formFields.Keys)
+        {
+            if (key.Equals("signature", StringComparison.OrdinalIgnoreCase))
+                continue;
+
+            string rawValue = formFields[key] ?? string.Empty;
+
+            string encodedVal = HttpUtility.UrlEncode(rawValue.Trim());
+            string cleanVal = PercentEncodingRegex.Replace(encodedVal, m => m.Value.ToUpperInvariant());
+
+            stringBuilder.Append($"{key}={cleanVal}&");
+        }
+
+        string encodedPassphrase = HttpUtility.UrlEncode(passphrase.Trim());
+        string safePassphrase = PercentEncodingRegex.Replace(encodedPassphrase, m => m.Value.ToUpperInvariant());
+
+        stringBuilder.Append($"passphrase={safePassphrase}");
+
+        string generatedSignature = HashService.ToMd5Hash(stringBuilder.ToString()).Value;
+
+        return incomingSignature.Equals(generatedSignature, StringComparison.OrdinalIgnoreCase);
+    }
+
     public async ValueTask<Result<bool>> ValidateReferrerIpAsync(string remoteIpAddress, bool allowLoopback = false, CancellationToken cancellationToken = default)
     {
         if(payfastOptions.Value?.ValidHosts?.Length == 0)

LiteCharms.Features.Tests.Common/appsettings.json

@@ -4,8 +4,6 @@
     "ValidHosts": [
       "www.payfast.co.za",
       "sandbox.payfast.co.za",
-      "w1w.payfast.co.za",
-      "w2w.payfast.co.za",
       "ips.payfast.co.za",
       "api.payfast.co.za",
       "payment.payfast.io"