Merge pull request 'Refactored docker build to use image caching' (#32) from update into master

Reviewed-on: #32

.drone.yml

@@ -31,6 +31,8 @@ steps:
       registry: nexus.khongisa.co.za
       repo: nexus.khongisa.co.za/midrandbooks-api
       tags: [ latest, "1.${DRONE_BUILD_NUMBER}" ]
+      use_cache: true
+      cache_from: nexus.khongisa.co.za/midrandbooks-api:latest
       custom_labels:
         - org.opencontainers.image.source=https://gitea.khongisa.co.za/litecharms/midrandbooks-api
         - org.opencontainers.image.version=1.${DRONE_BUILD_NUMBER}

MidrandBooksApi/MidrandBooksApi.csproj

@@ -54,13 +54,13 @@
   </ItemGroup>
 
   <ItemGroup>
-    <PackageReference Include="LiteCharms.Features" Version="1.115.0" />
+    <PackageReference Include="LiteCharms.Features" Version="1.137.0" />
   </ItemGroup>
 
   <!-- UI -->
   <ItemGroup>
     <PackageReference Include="ANM.Blazored.Toast" Version="0.1.1" />
-    <PackageReference Include="LiteCharms.Features.MidrandBooks" Version="1.115.0" />
+    <PackageReference Include="LiteCharms.Features.MidrandBooks" Version="1.137.0" />
 
     <!-- Global Usings -->
     <Using Include="Blazored.Toast.Services" />

MidrandBooksApi/Payments/Payfast/PayfastConfirmationEndpoint.cs

@@ -24,8 +24,6 @@ public sealed class PayfastConfirmationEndpoint : IEndpoint
             activity?.SetTag("messaging.system", "payfast");
             activity?.SetTag("messaging.destination.name", "payments/payfast/confirm");
 
-            string? remoteIp = request.HttpContext.Connection.RemoteIpAddress?.ToString();
-
             var formCollection = await request.ReadFormAsync(cancellationToken);
 
             if (!formCollection.TryGetValue("signature", out var signatureValues) || string.IsNullOrWhiteSpace(signatureValues.ToString()))
@@ -34,29 +32,28 @@ public sealed class PayfastConfirmationEndpoint : IEndpoint
             string incomingSignature = signatureValues.ToString().Trim();
             var payload = ParseForm(formCollection, incomingSignature);
 
-            var paramDictionary = payload.ToParamDictionary();
-            string? passphrase = configuration["HasherSettings:PayfastPassphrase"];
+            string? passphrase = configuration["PayfastSettings:Passphrase"];
 
-            var signatureCheck = PayfastService.GenerateSignature(paramDictionary, passphrase);
-
-            if (signatureCheck.IsFailed || !string.Equals(signatureCheck.Value, incomingSignature, StringComparison.OrdinalIgnoreCase))
+            if (!PayfastService.VerifyIncomingSignatureFromForm(formCollection, passphrase!))
             {
-                logger.LogCritical("Incoming sugnature failed validation: {signature}, {errors}", incomingSignature, signatureCheck.Errors.Select(e => e.Message).ToList());
+                logger.LogCritical($"Incoming signature failed validation: {incomingSignature}");
 
                 return Results.Unauthorized();
             }
 
-            var formPairs = formCollection.Select(kvp => $"{kvp.Key}={HttpUtility.UrlEncode(kvp.Value.ToString())}");
+            var sortedPairs = formCollection
+                .Where(kvp => !kvp.Key.Equals("signature", StringComparison.OrdinalIgnoreCase))
+                .OrderBy(kvp => kvp.Key, StringComparer.Ordinal)
+                .Select(kvp => $"{kvp.Key}={HttpUtility.UrlEncode(kvp.Value.ToString().Trim())}");
 
-            string rawQueryParamString = string.Join("&", formPairs);
+            string rawQueryParamString = string.Join("&", sortedPairs);
 
             bool isSandbox = !hostEnvironment.IsProduction();
-
             var serverConfirmation = await payfastService.ValidateServerConfirmationAsync(rawQueryParamString, isSandbox, cancellationToken);
 
             if (serverConfirmation.IsFailed || !serverConfirmation.Value)
             {
-                logger.LogCritical("Server confirmation failed: {rawstring}, {errors}", rawQueryParamString, serverConfirmation.Errors.Select(e => e.Message).ToList());
+                logger.LogCritical($"Payfast server validation ping rejected the request data: {rawQueryParamString}");
 
                 return Results.Unauthorized();
             }
@@ -67,7 +64,6 @@ public sealed class PayfastConfirmationEndpoint : IEndpoint
             await jobOrchestrator.SendAsync(notification, cancellationToken);
 
             activity?.SetStatus(ActivityStatusCode.Ok);
-
             return Results.Ok();
         })
         .WithDescription("Securely confirm and process an incoming Payfast merchant payment callback.")

midrandbooksapi-uat.yml

@@ -29,25 +29,6 @@ data:
   LiteCharmsSettings__Audience: "midrandbooks-api"
 ---
 apiVersion: v1
-kind: Secret
-metadata:
-  name: midrandbooksapi-secrets
-  namespace: midrandbooksapi-uat
-type: Opaque
-data:  
-  connection-string: SG9zdD0xOTIuMTY4LjEuMTcwO0RhdGFiYXNlPW1pZHJhbmRzaG9wLWRldjtVc2VybmFtZT1taWRyYW5kc2hvcC1kZXYtdXNlcjtQYXNzd29yZD1hUFh5a0tnM3RTOWNtRDtQZXJzaXN0IFNlY3VyaXR5IEluZm89VHJ1ZQ==
-  connection-string-quartz: SG9zdD0xOTIuMTY4LjEuMTcwO0RhdGFiYXNlPXNjaGVkdWxlci1kZXY7VXNlcm5hbWU9c2NoZWR1bGVyLWRldi11c2VyO1Bhc3N3b3JkPWtWVm1vV0tKM3h6Z1FYO1BlcnNpc3QgU2VjdXJpdHkgSW5mbz1UcnVl
-  aspire-apikey: bWMzRzYzSzJqNVpPRXNpMEFqTW9qTFRYbTFLRVpGY3R6SUlqU3dEaVRHdXQ4cUdTa1B1V3d4R1AxUmJzY0pVbw==
-  hasher-salt: VEdsbmFIUWdRMmhoY20xekxDQk5hV1J5WVc1a1FtOXZhM01nYldGclpTQnNiM1J6SUc5bUlHMXZibVY1SUdGdVpDQmhjbVVnWVNCemRXTmpaWE56Wm5Wc0lIWnBjbUZzSUhOMGIzSjVJR2x1SUZOdmRYUm9JRUZtY21sallRPT0=  
-  bookshop-s3-accesskey: R0s1MTRkMmNlOGRjNjkyMzdhMDVjMDFlZWY=
-  bookshop-s3-secretkey: ZWFhZmVkYTFhZWQ0MDllY2ZlNjA3MTRlY2RhNTQ5YjgyYmRmNWEzZGFmOWYxOGRkNjFmNjZiNDk3M2E2NDgyZQ==
-  litecharms-clientid: bWlkcmFuZGJvb2tzLWFwaQ==
-  litecharms-clientsecret: c2VjcmV0X2YzZjA0YWNhYTMzNmVlOTEzZDRjNjdlYmQwOTE1ZWFlYzQ0NzdmYTkwOTdlYTJhYzkyZGE4ZDc0NjgzZTAyNTU=
-  payfast-passphrase: OUdBSVIwdFdwaFgwcU8=
-  payfast-merchantid: MTAwNDkzMDc=
-  payfast-merchantkey: anU2bmF2bjBqY2JmMA==
----
-apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
   name: midrandbooksapi-pvc
@@ -66,6 +47,7 @@ metadata:
   namespace: midrandbooksapi-uat
 spec:
   replicas: 2
+  revisionHistoryLimit: 0
   selector:
     matchLabels:
       app: midrandbooks-api
@@ -97,62 +79,8 @@ spec:
           envFrom:
             - configMapRef:
                 name: midrandbooksapi-config
-          env:
-            - name: LiteCharmsSettings__ClientId
-              valueFrom:
-                secretKeyRef:
-                  name: midrandbooksapi-secrets
-                  key: litecharms-clientid
-            - name: LiteCharmsSettings__ClientSecret
-              valueFrom:
-                secretKeyRef:
-                  name: midrandbooksapi-secrets
-                  key: litecharms-clientsecret
-            - name: BookshopS3Settings__AccessKey
-              valueFrom:
-                secretKeyRef:
-                  name: midrandbooksapi-secrets
-                  key: bookshop-s3-accesskey
-            - name: BookshopS3Settings__SecretKey
-              valueFrom:
-                secretKeyRef:
-                  name: midrandbooksapi-secrets
-                  key: bookshop-s3-secretkey
-            - name: HasherSettings__Salt
-              valueFrom:
-                secretKeyRef:
-                  name: midrandbooksapi-secrets
-                  key: hasher-salt
-            - name: PayfastSettings__Passphrase
-              valueFrom:
-                secretKeyRef:
-                  name: midrandbooksapi-secrets
-                  key: payfast-passphrase
-            - name: PayfastSettings__MerchantId
-              valueFrom:
-                secretKeyRef:
-                  name: midrandbooksapi-secrets
-                  key: payfast-merchantid
-            - name: PayfastSettings__MerchantKey
-              valueFrom:
-                secretKeyRef:
-                  name: midrandbooksapi-secrets
-                  key: payfast-merchantkey
-            - name: ConnectionStrings__PostgresScheduler
-              valueFrom:
-                secretKeyRef:
-                  name: midrandbooksapi-secrets
-                  key: connection-string-quartz
-            - name: ConnectionStrings__PostgresMidrandBooks
-              valueFrom:
-                secretKeyRef:
-                  name: midrandbooksapi-secrets
-                  key: connection-string
-            - name: Monitoring__ApiKey
-              valueFrom:
-                secretKeyRef:
-                  name: midrandbooksapi-secrets
-                  key: aspire-apikey
+            - secretRef:
+                name: midrandbooksapi-secrets          
           volumeMounts:
             - name: data
               mountPath: /app/wwwroot/content