|
|
@@ -16,15 +16,14 @@ public sealed class PayfastConfirmationEndpoint : IEndpoint
|
|
|
|
public void Map(IEndpointRouteBuilder builder)
|
|
|
|
public void Map(IEndpointRouteBuilder builder)
|
|
|
|
{
|
|
|
|
{
|
|
|
|
builder.MapPost("payments/payfast/confirm", async (HttpRequest request, PayfastService payfastService,
|
|
|
|
builder.MapPost("payments/payfast/confirm", async (HttpRequest request, PayfastService payfastService,
|
|
|
|
IJobOrchestrator jobOrchestrator, IConfiguration configuration, IHostEnvironment hostEnvironment, CancellationToken cancellationToken) =>
|
|
|
|
IJobOrchestrator jobOrchestrator, IConfiguration configuration, IHostEnvironment hostEnvironment,
|
|
|
|
|
|
|
|
ILogger<PayfastConfirmationEndpoint> logger, CancellationToken cancellationToken) =>
|
|
|
|
{
|
|
|
|
{
|
|
|
|
using Activity? activity = PaymentActivitySource.StartActivity("ReceivePayfastWebhook", ActivityKind.Server);
|
|
|
|
using Activity? activity = PaymentActivitySource.StartActivity("ReceivePayfastWebhook", ActivityKind.Server);
|
|
|
|
|
|
|
|
|
|
|
|
activity?.SetTag("messaging.system", "payfast");
|
|
|
|
activity?.SetTag("messaging.system", "payfast");
|
|
|
|
activity?.SetTag("messaging.destination.name", "payments/payfast/confirm");
|
|
|
|
activity?.SetTag("messaging.destination.name", "payments/payfast/confirm");
|
|
|
|
|
|
|
|
|
|
|
|
string? remoteIp = request.HttpContext.Connection.RemoteIpAddress?.ToString();
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
var formCollection = await request.ReadFormAsync(cancellationToken);
|
|
|
|
var formCollection = await request.ReadFormAsync(cancellationToken);
|
|
|
|
|
|
|
|
|
|
|
|
if (!formCollection.TryGetValue("signature", out var signatureValues) || string.IsNullOrWhiteSpace(signatureValues.ToString()))
|
|
|
|
if (!formCollection.TryGetValue("signature", out var signatureValues) || string.IsNullOrWhiteSpace(signatureValues.ToString()))
|
|
|
@@ -33,24 +32,30 @@ public sealed class PayfastConfirmationEndpoint : IEndpoint
|
|
|
|
string incomingSignature = signatureValues.ToString().Trim();
|
|
|
|
string incomingSignature = signatureValues.ToString().Trim();
|
|
|
|
var payload = ParseForm(formCollection, incomingSignature);
|
|
|
|
var payload = ParseForm(formCollection, incomingSignature);
|
|
|
|
|
|
|
|
|
|
|
|
var paramDictionary = payload.ToParamDictionary();
|
|
|
|
string? passphrase = configuration["PayfastSettings:Passphrase"];
|
|
|
|
string? passphrase = configuration["HasherSettings:PayfastPassphrase"];
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
var signatureCheck = PayfastService.GenerateSignature(paramDictionary, passphrase);
|
|
|
|
if (!PayfastService.VerifyIncomingSignatureFromForm(formCollection, passphrase!))
|
|
|
|
|
|
|
|
{
|
|
|
|
if (signatureCheck.IsFailed || !string.Equals(signatureCheck.Value, incomingSignature, StringComparison.OrdinalIgnoreCase))
|
|
|
|
logger.LogCritical($"Incoming signature failed validation: {incomingSignature}");
|
|
|
|
return Results.Unauthorized();
|
|
|
|
return Results.Unauthorized();
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
var formPairs = formCollection.Select(kvp => $"{kvp.Key}={HttpUtility.UrlEncode(kvp.Value.ToString())}");
|
|
|
|
var sortedPairs = formCollection
|
|
|
|
|
|
|
|
.Where(kvp => !kvp.Key.Equals("signature", StringComparison.OrdinalIgnoreCase))
|
|
|
|
|
|
|
|
.OrderBy(kvp => kvp.Key, StringComparer.Ordinal)
|
|
|
|
|
|
|
|
.Select(kvp => $"{kvp.Key}={HttpUtility.UrlEncode(kvp.Value.ToString().Trim())}");
|
|
|
|
|
|
|
|
|
|
|
|
string rawQueryParamString = string.Join("&", formPairs);
|
|
|
|
string rawQueryParamString = string.Join("&", sortedPairs);
|
|
|
|
|
|
|
|
|
|
|
|
bool isSandbox = !hostEnvironment.IsProduction();
|
|
|
|
bool isSandbox = !hostEnvironment.IsProduction();
|
|
|
|
|
|
|
|
|
|
|
|
var serverConfirmation = await payfastService.ValidateServerConfirmationAsync(rawQueryParamString, isSandbox, cancellationToken);
|
|
|
|
var serverConfirmation = await payfastService.ValidateServerConfirmationAsync(rawQueryParamString, isSandbox, cancellationToken);
|
|
|
|
|
|
|
|
|
|
|
|
if (serverConfirmation.IsFailed || !serverConfirmation.Value)
|
|
|
|
if (serverConfirmation.IsFailed || !serverConfirmation.Value)
|
|
|
|
|
|
|
|
{
|
|
|
|
|
|
|
|
logger.LogCritical($"Payfast server validation ping rejected the request data: {rawQueryParamString}");
|
|
|
|
|
|
|
|
|
|
|
|
return Results.Unauthorized();
|
|
|
|
return Results.Unauthorized();
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
var notification = PayfastPaymentConfirmationReceivedEvent.Create(payload, payload.MerchantPaymentId!,
|
|
|
|
var notification = PayfastPaymentConfirmationReceivedEvent.Create(payload, payload.MerchantPaymentId!,
|
|
|
|
allowLoopback: !hostEnvironment.IsProduction(), performBackgroundChecks: false);
|
|
|
|
allowLoopback: !hostEnvironment.IsProduction(), performBackgroundChecks: false);
|
|
|
@@ -58,7 +63,6 @@ public sealed class PayfastConfirmationEndpoint : IEndpoint
|
|
|
|
await jobOrchestrator.SendAsync(notification, cancellationToken);
|
|
|
|
await jobOrchestrator.SendAsync(notification, cancellationToken);
|
|
|
|
|
|
|
|
|
|
|
|
activity?.SetStatus(ActivityStatusCode.Ok);
|
|
|
|
activity?.SetStatus(ActivityStatusCode.Ok);
|
|
|
|
|
|
|
|
|
|
|
|
return Results.Ok();
|
|
|
|
return Results.Ok();
|
|
|
|
})
|
|
|
|
})
|
|
|
|
.WithDescription("Securely confirm and process an incoming Payfast merchant payment callback.")
|
|
|
|
.WithDescription("Securely confirm and process an incoming Payfast merchant payment callback.")
|
|
|
|
khwezi
Khwezi Mngoma