Merge pull request 'payments' (#22 ) from payments into master

Reviewed-on: #22
Slowed down health check stream
2026-06-13 13:14:50 +02:00 · 2026-06-13 13:14:27 +02:00 · 2026-06-13 13:13:01 +02:00 · 2026-06-13 12:48:52 +02:00 · 2026-06-13 12:48:08 +02:00 · 2026-06-13 12:12:26 +02:00
6 changed files with 62 additions and 63 deletions
@@ -14,8 +14,8 @@
    <PackageReference Include="IdentityModel.AspNetCore.OAuth2introspection" Version="6.2.0" />
    <PackageReference Include="IdentityServer4.AccessTokenValidation" Version="3.0.1" />
    <PackageReference Include="IdentityModel" Version="6.2.0" />
-    <PackageReference Include="Microsoft.AspNetCore.Authentication.Certificate" Version="10.0.8" />
-    <PackageReference Include="Microsoft.AspNetCore.Authentication.JwtBearer" Version="10.0.8" />
+    <PackageReference Include="Microsoft.AspNetCore.Authentication.Certificate" Version="10.0.9" />
+    <PackageReference Include="Microsoft.AspNetCore.Authentication.JwtBearer" Version="10.0.9" />
  </ItemGroup>
  
  <!-- Health Checks -->
@@ -39,8 +39,8 @@
  
  <!-- API Documentation -->
  <ItemGroup>    
-    <PackageReference Include="Microsoft.AspNetCore.OpenApi" Version="10.0.8" />    
-    <PackageReference Include="Scalar.AspNetCore" Version="2.14.14" />
+    <PackageReference Include="Microsoft.AspNetCore.OpenApi" Version="10.0.9" />    
+    <PackageReference Include="Scalar.AspNetCore" Version="2.16.3" />

    <Using Include="Scalar.AspNetCore" />
    <Using Include="Microsoft.OpenApi" />
@@ -54,13 +54,13 @@
  </ItemGroup>

  <ItemGroup>
-    <PackageReference Include="LiteCharms.Features" Version="1.92.0" />
+    <PackageReference Include="LiteCharms.Features" Version="1.115.0" />
  </ItemGroup>

  <!-- UI -->
  <ItemGroup>
    <PackageReference Include="ANM.Blazored.Toast" Version="0.1.1" />
-    <PackageReference Include="LiteCharms.Features.MidrandBooks" Version="1.92.0" />
+    <PackageReference Include="LiteCharms.Features.MidrandBooks" Version="1.115.0" />

    <!-- Global Usings -->
    <Using Include="Blazored.Toast.Services" />
@@ -89,6 +89,8 @@
    <Using Include="System.Web" />
    <Using Include="System.Diagnostics" />
    <Using Include="System.Reflection" />
+    <Using Include="Microsoft.AspNetCore.Mvc" />
+    <Using Include="System.ComponentModel.DataAnnotations" />
    <Using Include="Microsoft.Extensions.DependencyInjection.Extensions" />
  </ItemGroup>

@@ -1,23 +0,0 @@
-using LiteCharms.Features.Abstractions;
-using LiteCharms.Features.Api;
-using LiteCharms.Features.Extensions;
-
-namespace MidrandBooksApi.Payments.Endpoints;
-
-[ApiVersionTarget(1)]
-public class IdentityEndpoint : IEndpoint
-{
-    public void Map(IEndpointRouteBuilder builder)
-    {
-        builder.MapGet("security/test", () =>
-        {
-            return Results.Ok();
-        })
-        .RequireAuthorization()
-        .WithDescription("Security test endpoint")
-        .WithName(typeof(IdentityEndpoint).ToEndpointName())
-        .Produces(StatusCodes.Status200OK)
-        .WithTags("Security")
-        .MapToApiVersion(1);
-    }
-}
@@ -6,29 +6,26 @@ using LiteCharms.Features.MidrandBooks.Payments.Events;
 using LiteCharms.Features.MidrandBooks.Payments.Models;
 using static LiteCharms.Features.Extensions.Api;

-namespace MidrandBooksApi.Payments.Endpoints;
+namespace MidrandBooksApi.Payments.Payfast;

 [ApiVersionTarget(1)]
-public sealed class ConfirmationEndpoint : IEndpoint
+public sealed class PayfastConfirmationEndpoint : IEndpoint
 {
    private static readonly ActivitySource PaymentActivitySource = new("MidrandBooksApi.Payments");

    public void Map(IEndpointRouteBuilder builder)
    {
        builder.MapPost("payments/payfast/confirm", async (HttpRequest request, PayfastService payfastService,
-            IJobOrchestrator jobOrchestrator, IConfiguration configuration, IHostEnvironment hostEnvironment, CancellationToken cancellationToken) =>
+            IJobOrchestrator jobOrchestrator, IConfiguration configuration, IHostEnvironment hostEnvironment,
+            ILogger<PayfastConfirmationEndpoint> logger, CancellationToken cancellationToken) =>
        {
            using Activity? activity = PaymentActivitySource.StartActivity("ReceivePayfastWebhook", ActivityKind.Server);

            activity?.SetTag("messaging.system", "payfast");
-            activity?.SetTag("messaging.destination.name", "payments/confirm");
+            activity?.SetTag("messaging.destination.name", "payments/payfast/confirm");

            string? remoteIp = request.HttpContext.Connection.RemoteIpAddress?.ToString();

-            var ipValidation = await payfastService.ValidateReferrerIpAsync(remoteIp!, !hostEnvironment.IsProduction(), cancellationToken);
-
-            if (ipValidation.IsFailed || !ipValidation.Value) return Results.Unauthorized();
-
            var formCollection = await request.ReadFormAsync(cancellationToken);

            if (!formCollection.TryGetValue("signature", out var signatureValues) || string.IsNullOrWhiteSpace(signatureValues.ToString()))
@@ -43,7 +40,11 @@ public sealed class ConfirmationEndpoint : IEndpoint
            var signatureCheck = PayfastService.GenerateSignature(paramDictionary, passphrase);

            if (signatureCheck.IsFailed || !string.Equals(signatureCheck.Value, incomingSignature, StringComparison.OrdinalIgnoreCase))
+            {
+                logger.LogCritical("Incoming sugnature failed validation: {signature}, {errors}", incomingSignature, signatureCheck.Errors.Select(e => e.Message).ToList());
+
                return Results.Unauthorized();
+            }

            var formPairs = formCollection.Select(kvp => $"{kvp.Key}={HttpUtility.UrlEncode(kvp.Value.ToString())}");

@@ -54,10 +55,14 @@ public sealed class ConfirmationEndpoint : IEndpoint
            var serverConfirmation = await payfastService.ValidateServerConfirmationAsync(rawQueryParamString, isSandbox, cancellationToken);

            if (serverConfirmation.IsFailed || !serverConfirmation.Value)
+            {
+                logger.LogCritical("Server confirmation failed: {rawstring}, {errors}", rawQueryParamString, serverConfirmation.Errors.Select(e => e.Message).ToList());
+
                return Results.Unauthorized();
+            }

            var notification = PayfastPaymentConfirmationReceivedEvent.Create(payload, payload.MerchantPaymentId!,
-                allowLoopback: !hostEnvironment.IsProduction(), performBackgroundChecks: false); // Set to false because comprehensive checks are completed inline above
+                allowLoopback: !hostEnvironment.IsProduction(), performBackgroundChecks: false);

            await jobOrchestrator.SendAsync(notification, cancellationToken);

@@ -66,7 +71,7 @@ public sealed class ConfirmationEndpoint : IEndpoint
            return Results.Ok();
        })
        .WithDescription("Securely confirm and process an incoming Payfast merchant payment callback.")
-        .WithName(typeof(ConfirmationEndpoint).ToEndpointName())
+        .WithName(typeof(PayfastConfirmationEndpoint).ToEndpointName())
        .MapToApiVersion(new ApiVersion(1))
        .Produces(StatusCodes.Status200OK)
        .Produces(StatusCodes.Status400BadRequest)
@@ -22,7 +22,9 @@ builder.Services.AddQuartzSchedulerClient(MidrandShopSchedulerName, builder.Conf
 builder.Services.AddEmailServices(builder.Configuration);
 builder.Services.AddEmailServiceBus();

+builder.Services.AddHttpClient();
 builder.Services.AddShopServices();
+builder.Services.AddPayfastServices(builder.Configuration);
 builder.Services.AddHashServices(builder.Configuration);
 builder.Services.AddMidrandShopDatabase(builder.Configuration);

@@ -1,17 +1,20 @@
 {
-  "LiteCharmsSettings": { 
+  "PayfastSettings": {
+    "CheckoutUrl": "https://sandbox.payfast.co.za/eng/process",
+    "ValidHosts": [
+      "www.payfast.co.za",
+      "sandbox.payfast.co.za",
+      "w1w.payfast.co.za",
+      "w2w.payfast.co.za",
+      "ips.payfast.co.za",
+      "api.payfast.co.za",
+      "payment.payfast.io"
+    ]
+  },
+  "LiteCharmsSettings": {
    "Authority": "https://sts.security.khongisa.co.za",
    "Audience": "midrandbooks-api"
  },
-  "ValidPayfastHosts": [
-    "www.payfast.co.za",
-    "sandbox.payfast.co.za",
-    "w1w.payfast.co.za",
-    "w2w.payfast.co.za",
-    "ips.payfast.co.za",
-    "api.payfast.co.za",
-    "payment.payfast.io"
-  ],
  "HasherSettings": {
    "MinHashLength": 11
  },
@@ -22,7 +25,6 @@
    "CdnBaseUrl": "https://bookshop.cdn.khongisa.co.za"
  },
  "Monitoring": {
-    "ApiKey": "",
    "Address": "http://aspire-dashboard-service.aspire.svc.cluster.local:18889",
    "ServiceName": "MidrandBooks.DEV"
  },
@@ -19,13 +19,12 @@ data:
  BookshopS3Settings__Region: "garage"
  BookshopS3Settings__BucketName: "bookshop"
  BookshopS3Settings__CdnBaseUrl: "https://bookshop.cdn.khongisa.co.za"
-  ValidPayfastHosts__0: "www.payfast.co.za"
-  ValidPayfastHosts__1: "sandbox.payfast.co.za"
-  ValidPayfastHosts__2: "w1w.payfast.co.za"
-  ValidPayfastHosts__3: "w2w.payfast.co.za"
-  ValidPayfastHosts__4: "ips.payfast.co.za"
-  ValidPayfastHosts__5: "api.payfast.co.za"
-  ValidPayfastHosts__6: "payment.payfast.io"
+  PayfastSettings__CheckoutUrl: "https://sandbox.payfast.co.za/eng/process"
+  PayfastSettings__ValidHosts__0: "www.payfast.co.za"
+  PayfastSettings__ValidHosts__1: "sandbox.payfast.co.za"
+  PayfastSettings__ValidHosts__2: "ips.payfast.co.za"
+  PayfastSettings__ValidHosts__3: "api.payfast.co.za"
+  PayfastSettings__ValidHosts__4: "payment.payfast.io"
  LiteCharmsSettings__Authority: "https://sts.security.khongisa.co.za"
  LiteCharmsSettings__Audience: "midrandbooks-api"
 ---
@@ -39,12 +38,14 @@ data:
  connection-string: SG9zdD0xOTIuMTY4LjEuMTcwO0RhdGFiYXNlPW1pZHJhbmRzaG9wLWRldjtVc2VybmFtZT1taWRyYW5kc2hvcC1kZXYtdXNlcjtQYXNzd29yZD1hUFh5a0tnM3RTOWNtRDtQZXJzaXN0IFNlY3VyaXR5IEluZm89VHJ1ZQ==
  connection-string-quartz: SG9zdD0xOTIuMTY4LjEuMTcwO0RhdGFiYXNlPXNjaGVkdWxlci1kZXY7VXNlcm5hbWU9c2NoZWR1bGVyLWRldi11c2VyO1Bhc3N3b3JkPWtWVm1vV0tKM3h6Z1FYO1BlcnNpc3QgU2VjdXJpdHkgSW5mbz1UcnVl
  aspire-apikey: bWMzRzYzSzJqNVpPRXNpMEFqTW9qTFRYbTFLRVpGY3R6SUlqU3dEaVRHdXQ4cUdTa1B1V3d4R1AxUmJzY0pVbw==
-  hasher-salt: VEdsbmFIUWdRMmhoY20xekxDQk5hV1J5WVc1a1FtOXZhM01nYldGclpTQnNiM1J6SUc5bUlHMXZibVY1SUdGdVpDQmhjbVVnWVNCemRXTmpaWE56Wm5Wc0lIWnBjbUZzSUhOMGIzSjVJR2x1SUZOdmRYUm9JRUZtY21sallRPT0=
-  hasher-payfastpassphrase: OUdBSVIwdFdwaFgwcU8=
+  hasher-salt: VEdsbmFIUWdRMmhoY20xekxDQk5hV1J5WVc1a1FtOXZhM01nYldGclpTQnNiM1J6SUc5bUlHMXZibVY1SUdGdVpDQmhjbVVnWVNCemRXTmpaWE56Wm5Wc0lIWnBjbUZzSUhOMGIzSjVJR2x1SUZOdmRYUm9JRUZtY21sallRPT0=  
  bookshop-s3-accesskey: R0s1MTRkMmNlOGRjNjkyMzdhMDVjMDFlZWY=
  bookshop-s3-secretkey: ZWFhZmVkYTFhZWQ0MDllY2ZlNjA3MTRlY2RhNTQ5YjgyYmRmNWEzZGFmOWYxOGRkNjFmNjZiNDk3M2E2NDgyZQ==
  litecharms-clientid: bWlkcmFuZGJvb2tzLWFwaQ==
  litecharms-clientsecret: c2VjcmV0X2YzZjA0YWNhYTMzNmVlOTEzZDRjNjdlYmQwOTE1ZWFlYzQ0NzdmYTkwOTdlYTJhYzkyZGE4ZDc0NjgzZTAyNTU=
+  payfast-passphrase: OUdBSVIwdFdwaFgwcU8=
+  payfast-merchantid: MTAwNDkzMDc=
+  payfast-merchantkey: anU2bmF2bjBqY2JmMA==
 ---
 apiVersion: v1
 kind: PersistentVolumeClaim
@@ -122,11 +123,21 @@ spec:
                secretKeyRef:
                  name: midrandbooksapi-secrets
                  key: hasher-salt
-            - name: HasherSettings__PayfastPassphrase
+            - name: PayfastSettings__Passphrase
              valueFrom:
                secretKeyRef:
                  name: midrandbooksapi-secrets
-                  key: hasher-payfastpassphrase
+                  key: payfast-passphrase
+            - name: PayfastSettings__MerchantId
+              valueFrom:
+                secretKeyRef:
+                  name: midrandbooksapi-secrets
+                  key: payfast-merchantid
+            - name: PayfastSettings__MerchantKey
+              valueFrom:
+                secretKeyRef:
+                  name: midrandbooksapi-secrets
+                  key: payfast-merchantkey
            - name: ConnectionStrings__PostgresScheduler
              valueFrom:
                secretKeyRef:
@@ -150,8 +161,8 @@ spec:
            httpGet:
              path: /health
              port: 8080
-            initialDelaySeconds: 5
-            periodSeconds: 10
+            initialDelaySeconds: 10
+            periodSeconds: 15
          readinessProbe:
            httpGet:
              path: /health
Author	SHA1	Message	Date
khwezi	8cc4425dfb	Merge pull request 'payments' (#22 ) from payments into master Reviewed-on: #22	2026-06-13 13:14:50 +02:00
Khwezi Mngoma	60579c6230	Slowed down health check stream continuous-integration/drone/pr Build is passing Details	2026-06-13 13:14:27 +02:00
Khwezi Mngoma	f3478270fb	Added logging to endpoint	2026-06-13 13:13:01 +02:00
khwezi	1039f6f2d5	Merge pull request 'Removed ipValidation checks' (#21 ) from payments into master Reviewed-on: #21	2026-06-13 12:48:52 +02:00
Khwezi Mngoma	765eee2060	Removed ipValidation checks continuous-integration/drone/pr Build is passing Details	2026-06-13 12:48:08 +02:00
khwezi	ee250a18f0	Merge pull request 'Refactored valid payfast host list' (#20 ) from payments into master Reviewed-on: #20	2026-06-13 12:12:26 +02:00
Khwezi Mngoma	5972f8906b	Refactored valid payfast host list continuous-integration/drone/pr Build is passing Details	2026-06-13 12:11:44 +02:00
khwezi	b90c6381a0	Merge pull request 'Refactored manifest to use correct secrets' (#19 ) from payments into master Reviewed-on: #19	2026-06-13 11:27:06 +02:00
Khwezi Mngoma	c65398bdf6	Refactored manifest to use correct secrets continuous-integration/drone/pr Build is passing Details	2026-06-13 11:26:43 +02:00
khwezi	2958ca8c00	Merge pull request 'Upgraded nuget librarief, refactored k8s manifest' (#18 ) from payments into master Reviewed-on: #18	2026-06-13 11:12:27 +02:00
Khwezi Mngoma	e546b3e7ff	Upgraded nuget librarief, refactored k8s manifest continuous-integration/drone/pr Build is passing Details	2026-06-13 11:11:50 +02:00
khwezi	1132ba0401	Merge pull request 'Added PayfastCheckoutEndpoint stub' (#17 ) from payments into master Reviewed-on: #17	2026-06-12 09:02:34 +02:00
Khwezi Mngoma	5e119818bb	Added PayfastCheckoutEndpoint stub continuous-integration/drone/pr Build is passing Details	2026-06-12 09:01:39 +02:00