Merge pull request 'Refactored manifest to use correct secrets' (#19 ) from payments into master

Reviewed-on: #19
Refactored manifest to use correct secrets
2026-06-13 11:27:06 +02:00 · 2026-06-13 11:26:43 +02:00 · 2026-06-13 11:12:27 +02:00 · 2026-06-13 11:11:50 +02:00 · 2026-06-12 09:02:34 +02:00 · 2026-06-12 09:01:39 +02:00
5 changed files with 70 additions and 35 deletions
@@ -14,8 +14,8 @@
    <PackageReference Include="IdentityModel.AspNetCore.OAuth2introspection" Version="6.2.0" />
    <PackageReference Include="IdentityServer4.AccessTokenValidation" Version="3.0.1" />
    <PackageReference Include="IdentityModel" Version="6.2.0" />
-    <PackageReference Include="Microsoft.AspNetCore.Authentication.Certificate" Version="10.0.8" />
-    <PackageReference Include="Microsoft.AspNetCore.Authentication.JwtBearer" Version="10.0.8" />
+    <PackageReference Include="Microsoft.AspNetCore.Authentication.Certificate" Version="10.0.9" />
+    <PackageReference Include="Microsoft.AspNetCore.Authentication.JwtBearer" Version="10.0.9" />
  </ItemGroup>
  
  <!-- Health Checks -->
@@ -39,8 +39,8 @@
  
  <!-- API Documentation -->
  <ItemGroup>    
-    <PackageReference Include="Microsoft.AspNetCore.OpenApi" Version="10.0.8" />    
-    <PackageReference Include="Scalar.AspNetCore" Version="2.14.14" />
+    <PackageReference Include="Microsoft.AspNetCore.OpenApi" Version="10.0.9" />    
+    <PackageReference Include="Scalar.AspNetCore" Version="2.16.3" />

    <Using Include="Scalar.AspNetCore" />
    <Using Include="Microsoft.OpenApi" />
@@ -54,13 +54,13 @@
  </ItemGroup>

  <ItemGroup>
-    <PackageReference Include="LiteCharms.Features" Version="1.72.0" />
+    <PackageReference Include="LiteCharms.Features" Version="1.115.0" />
  </ItemGroup>

  <!-- UI -->
  <ItemGroup>
    <PackageReference Include="ANM.Blazored.Toast" Version="0.1.1" />
-    <PackageReference Include="LiteCharms.Features.MidrandBooks" Version="1.72.0" />
+    <PackageReference Include="LiteCharms.Features.MidrandBooks" Version="1.115.0" />

    <!-- Global Usings -->
    <Using Include="Blazored.Toast.Services" />
@@ -89,6 +89,8 @@
    <Using Include="System.Web" />
    <Using Include="System.Diagnostics" />
    <Using Include="System.Reflection" />
+    <Using Include="Microsoft.AspNetCore.Mvc" />
+    <Using Include="System.ComponentModel.DataAnnotations" />
    <Using Include="Microsoft.Extensions.DependencyInjection.Extensions" />
  </ItemGroup>

@@ -6,10 +6,10 @@ using LiteCharms.Features.MidrandBooks.Payments.Events;
 using LiteCharms.Features.MidrandBooks.Payments.Models;
 using static LiteCharms.Features.Extensions.Api;

-namespace MidrandBooksApi.Payments.Endpoints;
+namespace MidrandBooksApi.Payments.Payfast;

 [ApiVersionTarget(1)]
-public sealed class ConfirmationEndpoint : IEndpoint
+public sealed class PayfastConfirmationEndpoint : IEndpoint
 {
    private static readonly ActivitySource PaymentActivitySource = new("MidrandBooksApi.Payments");

@@ -21,7 +21,7 @@ public sealed class ConfirmationEndpoint : IEndpoint
            using Activity? activity = PaymentActivitySource.StartActivity("ReceivePayfastWebhook", ActivityKind.Server);

            activity?.SetTag("messaging.system", "payfast");
-            activity?.SetTag("messaging.destination.name", "payments/confirm");
+            activity?.SetTag("messaging.destination.name", "payments/payfast/confirm");

            string? remoteIp = request.HttpContext.Connection.RemoteIpAddress?.ToString();

@@ -57,7 +57,7 @@ public sealed class ConfirmationEndpoint : IEndpoint
                return Results.Unauthorized();

            var notification = PayfastPaymentConfirmationReceivedEvent.Create(payload, payload.MerchantPaymentId!,
-                allowLoopback: !hostEnvironment.IsProduction(), performBackgroundChecks: false); // Set to false because comprehensive checks are completed inline above
+                allowLoopback: !hostEnvironment.IsProduction(), performBackgroundChecks: false);

            await jobOrchestrator.SendAsync(notification, cancellationToken);

@@ -66,7 +66,7 @@ public sealed class ConfirmationEndpoint : IEndpoint
            return Results.Ok();
        })
        .WithDescription("Securely confirm and process an incoming Payfast merchant payment callback.")
-        .WithName(typeof(ConfirmationEndpoint).ToEndpointName())
+        .WithName(typeof(PayfastConfirmationEndpoint).ToEndpointName())
        .MapToApiVersion(new ApiVersion(1))
        .Produces(StatusCodes.Status200OK)
        .Produces(StatusCodes.Status400BadRequest)
@@ -11,10 +11,8 @@ builder.Services.AddEndpointsApiExplorer();
 builder.Services.AddEndpoints(Assembly.GetExecutingAssembly());
 builder.Services.AddApiServices(builder.Configuration);

-builder.Services.AddAuthorization();
-builder.Services.AddAuthentication();
-
 builder.Services.AddMediator();
+builder.Services.AddLiteCharmsApiSecurity(builder.Configuration);

 builder.Services.AddScoped(typeof(IPipelineBehavior<,>), typeof(TelemetryPipelineBehavior<,>));
 builder.Services.AddScoped(typeof(IPipelineBehavior<,>), typeof(LoggingPipelineBehavior<,>));
@@ -24,7 +22,9 @@ builder.Services.AddQuartzSchedulerClient(MidrandShopSchedulerName, builder.Conf
 builder.Services.AddEmailServices(builder.Configuration);
 builder.Services.AddEmailServiceBus();

+builder.Services.AddHttpClient();
 builder.Services.AddShopServices();
+builder.Services.AddPayfastServices(builder.Configuration);
 builder.Services.AddHashServices(builder.Configuration);
 builder.Services.AddMidrandShopDatabase(builder.Configuration);

@@ -1,13 +1,20 @@
 {
-  "ValidPayfastHosts": [
-    "www.payfast.co.za",
-    "sandbox.payfast.co.za",
-    "w1w.payfast.co.za",
-    "w2w.payfast.co.za",
-    "ips.payfast.co.za",
-    "api.payfast.co.za",
-    "payment.payfast.io"
-  ],
+  "PayfastSettings": {
+    "CheckoutUrl": "https://sandbox.payfast.co.za/eng/process",
+    "ValidHosts": [
+      "www.payfast.co.za",
+      "sandbox.payfast.co.za",
+      "w1w.payfast.co.za",
+      "w2w.payfast.co.za",
+      "ips.payfast.co.za",
+      "api.payfast.co.za",
+      "payment.payfast.io"
+    ]
+  },
+  "LiteCharmsSettings": {
+    "Authority": "https://sts.security.khongisa.co.za",
+    "Audience": "midrandbooks-api"
+  },
  "HasherSettings": {
    "MinHashLength": 11
  },
@@ -18,7 +25,6 @@
    "CdnBaseUrl": "https://bookshop.cdn.khongisa.co.za"
  },
  "Monitoring": {
-    "ApiKey": "",
    "Address": "http://aspire-dashboard-service.aspire.svc.cluster.local:18889",
    "ServiceName": "MidrandBooks.DEV"
  },
@@ -19,13 +19,16 @@ data:
  BookshopS3Settings__Region: "garage"
  BookshopS3Settings__BucketName: "bookshop"
  BookshopS3Settings__CdnBaseUrl: "https://bookshop.cdn.khongisa.co.za"
-  ValidPayfastHosts__0: "www.payfast.co.za"
-  ValidPayfastHosts__1: "sandbox.payfast.co.za"
-  ValidPayfastHosts__2: "w1w.payfast.co.za"
-  ValidPayfastHosts__3: "w2w.payfast.co.za"
-  ValidPayfastHosts__4: "ips.payfast.co.za"
-  ValidPayfastHosts__5: "api.payfast.co.za"
-  ValidPayfastHosts__6: "payment.payfast.io"
+  PayfastSettings__CheckoutUrl: "https://sandbox.payfast.co.za/eng/process"
+  PayfastSettings__ValidHosts__0: "www.payfast.co.za"
+  PayfastSettings__ValidHosts__1: "sandbox.payfast.co.za"
+  PayfastSettings__ValidHosts__2: "w1w.payfast.co.za"
+  PayfastSettings__ValidHosts__3: "w2w.payfast.co.za"
+  PayfastSettings__ValidHosts__4: "ips.payfast.co.za"
+  PayfastSettings__ValidHosts__5: "api.payfast.co.za"
+  PayfastSettings__ValidHosts__6: "payment.payfast.io"
+  LiteCharmsSettings__Authority: "https://sts.security.khongisa.co.za"
+  LiteCharmsSettings__Audience: "midrandbooks-api"
 ---
 apiVersion: v1
 kind: Secret
@@ -37,10 +40,14 @@ data:
  connection-string: SG9zdD0xOTIuMTY4LjEuMTcwO0RhdGFiYXNlPW1pZHJhbmRzaG9wLWRldjtVc2VybmFtZT1taWRyYW5kc2hvcC1kZXYtdXNlcjtQYXNzd29yZD1hUFh5a0tnM3RTOWNtRDtQZXJzaXN0IFNlY3VyaXR5IEluZm89VHJ1ZQ==
  connection-string-quartz: SG9zdD0xOTIuMTY4LjEuMTcwO0RhdGFiYXNlPXNjaGVkdWxlci1kZXY7VXNlcm5hbWU9c2NoZWR1bGVyLWRldi11c2VyO1Bhc3N3b3JkPWtWVm1vV0tKM3h6Z1FYO1BlcnNpc3QgU2VjdXJpdHkgSW5mbz1UcnVl
  aspire-apikey: bWMzRzYzSzJqNVpPRXNpMEFqTW9qTFRYbTFLRVpGY3R6SUlqU3dEaVRHdXQ4cUdTa1B1V3d4R1AxUmJzY0pVbw==
-  hasher-salt: VEdsbmFIUWdRMmhoY20xekxDQk5hV1J5WVc1a1FtOXZhM01nYldGclpTQnNiM1J6SUc5bUlHMXZibVY1SUdGdVpDQmhjbVVnWVNCemRXTmpaWE56Wm5Wc0lIWnBjbUZzSUhOMGIzSjVJR2x1SUZOdmRYUm9JRUZtY21sallRPT0=
-  hasher-payfastpassphrase: OUdBSVIwdFdwaFgwcU8=
+  hasher-salt: VEdsbmFIUWdRMmhoY20xekxDQk5hV1J5WVc1a1FtOXZhM01nYldGclpTQnNiM1J6SUc5bUlHMXZibVY1SUdGdVpDQmhjbVVnWVNCemRXTmpaWE56Wm5Wc0lIWnBjbUZzSUhOMGIzSjVJR2x1SUZOdmRYUm9JRUZtY21sallRPT0=  
  bookshop-s3-accesskey: R0s1MTRkMmNlOGRjNjkyMzdhMDVjMDFlZWY=
  bookshop-s3-secretkey: ZWFhZmVkYTFhZWQ0MDllY2ZlNjA3MTRlY2RhNTQ5YjgyYmRmNWEzZGFmOWYxOGRkNjFmNjZiNDk3M2E2NDgyZQ==
+  litecharms-clientid: bWlkcmFuZGJvb2tzLWFwaQ==
+  litecharms-clientsecret: c2VjcmV0X2YzZjA0YWNhYTMzNmVlOTEzZDRjNjdlYmQwOTE1ZWFlYzQ0NzdmYTkwOTdlYTJhYzkyZGE4ZDc0NjgzZTAyNTU=
+  payfast-passphrase: OUdBSVIwdFdwaFgwcU8=
+  payfast-merchantid: MTAwNDkzMDc=
+  payfast-merchantkey: anU2bmF2bjBqY2JmMA==
 ---
 apiVersion: v1
 kind: PersistentVolumeClaim
@@ -93,6 +100,16 @@ spec:
            - configMapRef:
                name: midrandbooksapi-config
          env:
+            - name: LiteCharmsSettings__ClientId
+              valueFrom:
+                secretKeyRef:
+                  name: midrandbooksapi-secrets
+                  key: litecharms-clientid
+            - name: LiteCharmsSettings__ClientSecret
+              valueFrom:
+                secretKeyRef:
+                  name: midrandbooksapi-secrets
+                  key: litecharms-clientsecret
            - name: BookshopS3Settings__AccessKey
              valueFrom:
                secretKeyRef:
@@ -108,11 +125,21 @@ spec:
                secretKeyRef:
                  name: midrandbooksapi-secrets
                  key: hasher-salt
-            - name: HasherSettings__PayfastPassphrase
+            - name: PayfastSettings__Passphrase
              valueFrom:
                secretKeyRef:
                  name: midrandbooksapi-secrets
-                  key: hasher-payfastpassphrase
+                  key: payfast-passphrase
+            - name: PayfastSettings__MerchantId
+              valueFrom:
+                secretKeyRef:
+                  name: midrandbooksapi-secrets
+                  key: payfast-merchantid
+            - name: PayfastSettings__MerchantKey
+              valueFrom:
+                secretKeyRef:
+                  name: midrandbooksapi-secrets
+                  key: payfast-merchantkey
            - name: ConnectionStrings__PostgresScheduler
              valueFrom:
                secretKeyRef:
Author	SHA1	Message	Date
khwezi	b90c6381a0	Merge pull request 'Refactored manifest to use correct secrets' (#19 ) from payments into master Reviewed-on: #19	2026-06-13 11:27:06 +02:00
Khwezi Mngoma	c65398bdf6	Refactored manifest to use correct secrets continuous-integration/drone/pr Build is passing Details	2026-06-13 11:26:43 +02:00
khwezi	2958ca8c00	Merge pull request 'Upgraded nuget librarief, refactored k8s manifest' (#18 ) from payments into master Reviewed-on: #18	2026-06-13 11:12:27 +02:00
Khwezi Mngoma	e546b3e7ff	Upgraded nuget librarief, refactored k8s manifest continuous-integration/drone/pr Build is passing Details	2026-06-13 11:11:50 +02:00
khwezi	1132ba0401	Merge pull request 'Added PayfastCheckoutEndpoint stub' (#17 ) from payments into master Reviewed-on: #17	2026-06-12 09:02:34 +02:00
Khwezi Mngoma	5e119818bb	Added PayfastCheckoutEndpoint stub continuous-integration/drone/pr Build is passing Details	2026-06-12 09:01:39 +02:00
khwezi	181056d70d	Merge pull request 'Audience validation achieved' (#16 ) from payments into master Reviewed-on: #16	2026-06-07 00:04:00 +02:00
Khwezi Mngoma	c01a02ee97	Audience validation achieved continuous-integration/drone/pr Build is passing Details	2026-06-07 00:03:17 +02:00
khwezi	dfb5ce8a4b	Merge pull request 'Built test for Gomba' (#15 ) from payments into master Reviewed-on: #15	2026-06-06 22:47:02 +02:00
Khwezi Mngoma	36b2f365d9	Built test for Gomba continuous-integration/drone/pr Build is passing Details	2026-06-06 22:46:00 +02:00
khwezi	9bff28cec2	Merge pull request 'Updated api to use litecharms-security' (#14 ) from payments into master Reviewed-on: #14	2026-06-06 22:09:10 +02:00
Khwezi Mngoma	c76438b881	Updated api to use litecharms-security continuous-integration/drone/pr Build is passing Details	2026-06-06 22:08:04 +02:00
khwezi	857173af25	Merge pull request 'Updated introspection configuration' (#13 ) from payments into master Reviewed-on: #13	2026-06-05 06:03:52 +02:00
Khwezi Mngoma	e29c1ef6fc	Updated introspection configuration continuous-integration/drone/pr Build is passing Details	2026-06-05 06:02:58 +02:00
khwezi	c8a4a4cb17	Merge pull request 'Fixed setup issue' (#12 ) from payments into master Reviewed-on: #12	2026-06-04 14:22:51 +02:00
Khwezi Mngoma	56e002875e	Fixed setup issue continuous-integration/drone/pr Build is passing Details	2026-06-04 14:22:22 +02:00
khwezi	d485e78498	Merge pull request 'Updated auth configs' (#11 ) from payments into master Reviewed-on: #11	2026-06-04 14:14:03 +02:00
Khwezi Mngoma	ba3f8f6f9b	Updated auth configs continuous-integration/drone/pr Build is failing Details	2026-06-04 14:13:26 +02:00
khwezi	815470ab07	Merge pull request 'Mapped environment variables to secret keys' (#10 ) from payments into master Reviewed-on: #10	2026-06-04 11:48:32 +02:00
Khwezi Mngoma	16a2516816	Mapped environment variables to secret keys continuous-integration/drone/pr Build is passing Details	2026-06-04 11:47:42 +02:00
khwezi	8842d92b9b	Merge pull request 'payments' (#9 ) from payments into master Reviewed-on: #9	2026-06-04 09:09:16 +02:00
Khwezi Mngoma	fc25d7ea40	Refactored k8s manifest continuous-integration/drone/pr Build is passing Details	2026-06-04 09:08:36 +02:00
Khwezi Mngoma	8d8c1436f6	Applied authentik endpoint protection	2026-06-04 09:03:07 +02:00