From 8d8c1436f698d49c5f3137b63dea03468995d28d Mon Sep 17 00:00:00 2001
From: Khwezi Mngoma <khwezi@msn.com>
Date: Thu, 4 Jun 2026 09:03:07 +0200
Subject: [PATCH 1/2] Applied authentik endpoint protection

---
 MidrandBooksApi/MidrandBooksApi.csproj        |  4 ++--
 .../Payments/Endpoints/IdentityEndpoint.cs    | 23 +++++++++++++++++++
 MidrandBooksApi/Program.cs                    |  6 ++---
 MidrandBooksApi/appsettings.json              |  9 ++++++++
 4 files changed, 37 insertions(+), 5 deletions(-)
 create mode 100644 MidrandBooksApi/Payments/Endpoints/IdentityEndpoint.cs

diff --git a/MidrandBooksApi/MidrandBooksApi.csproj b/MidrandBooksApi/MidrandBooksApi.csproj
index 6a4aed9..7601a3a 100644
--- a/MidrandBooksApi/MidrandBooksApi.csproj
+++ b/MidrandBooksApi/MidrandBooksApi.csproj
@@ -54,13 +54,13 @@
   </ItemGroup>
 
   <ItemGroup>
-    <PackageReference Include="LiteCharms.Features" Version="1.72.0" />
+    <PackageReference Include="LiteCharms.Features" Version="1.77.0" />
   </ItemGroup>
 
   <!-- UI -->
   <ItemGroup>
     <PackageReference Include="ANM.Blazored.Toast" Version="0.1.1" />
-    <PackageReference Include="LiteCharms.Features.MidrandBooks" Version="1.72.0" />
+    <PackageReference Include="LiteCharms.Features.MidrandBooks" Version="1.77.0" />
 
     <!-- Global Usings -->
     <Using Include="Blazored.Toast.Services" />
diff --git a/MidrandBooksApi/Payments/Endpoints/IdentityEndpoint.cs b/MidrandBooksApi/Payments/Endpoints/IdentityEndpoint.cs
new file mode 100644
index 0000000..8276498
--- /dev/null
+++ b/MidrandBooksApi/Payments/Endpoints/IdentityEndpoint.cs
@@ -0,0 +1,23 @@
+using LiteCharms.Features.Abstractions;
+using LiteCharms.Features.Api;
+using LiteCharms.Features.Extensions;
+
+namespace MidrandBooksApi.Payments.Endpoints;
+
+[ApiVersionTarget(1)]
+public class IdentityEndpoint : IEndpoint
+{
+    public void Map(IEndpointRouteBuilder builder)
+    {
+        builder.MapGet("security/test", () =>
+        {
+            return Results.Ok();
+        })
+        .RequireAuthorization()
+        .WithDescription("Security test endpoint")
+        .WithName(typeof(IdentityEndpoint).ToEndpointName())
+        .Produces(StatusCodes.Status200OK)
+        .WithTags("Security")
+        .MapToApiVersion(1);
+    }
+}
diff --git a/MidrandBooksApi/Program.cs b/MidrandBooksApi/Program.cs
index 5df7539..b48974c 100644
--- a/MidrandBooksApi/Program.cs
+++ b/MidrandBooksApi/Program.cs
@@ -1,6 +1,8 @@
+using LiteCharms.Features.Api.Configuration;
 using LiteCharms.Features.Extensions;
 using LiteCharms.Features.Mediator;
 using LiteCharms.Features.MidrandBooks.Extensions;
+using Microsoft.Extensions.Options;
 using static LiteCharms.Features.Extensions.Quartz;
 
 var builder = WebApplication.CreateBuilder(args);
@@ -11,10 +13,8 @@ builder.Services.AddEndpointsApiExplorer();
 builder.Services.AddEndpoints(Assembly.GetExecutingAssembly());
 builder.Services.AddApiServices(builder.Configuration);
 
-builder.Services.AddAuthorization();
-builder.Services.AddAuthentication();
-
 builder.Services.AddMediator();
+builder.Services.AddAuthentic(builder.Configuration);
 
 builder.Services.AddScoped(typeof(IPipelineBehavior<,>), typeof(TelemetryPipelineBehavior<,>));
 builder.Services.AddScoped(typeof(IPipelineBehavior<,>), typeof(LoggingPipelineBehavior<,>));
diff --git a/MidrandBooksApi/appsettings.json b/MidrandBooksApi/appsettings.json
index b872baf..181de06 100644
--- a/MidrandBooksApi/appsettings.json
+++ b/MidrandBooksApi/appsettings.json
@@ -1,4 +1,13 @@
 {
+  "AuthentikSettings": {
+    "Authority": "https://id.khongisa.co.za/application/o/midrand-books-api-uat/",
+    "IntrospectionUrl": "https://id.khongisa.co.za/application/o/introspect/",
+    "ApiResourceName": "i6ygr84HlnhxFYqLJVJ2HhdlVrOYE4PnurT5cPQW",
+    "ApiResourceSecret": "tvPUM3Vqfk2sra99s9lN3Yli0ylaGT6vbQBqfH7KvSIbTeJ6dZGB12NW4MxqDDWJexP7vXfjTAZtR3j3ivD6cTJr5xQ9S4rpFnSfY4Fi69RNwRvKHj8hVrd3wobq6ODG",
+    "RequiredClaimName": "scope",
+    "RequiredClaimNameValue": "openid",
+    "RequireHttpsMetadata": true
+  },
   "ValidPayfastHosts": [
     "www.payfast.co.za",
     "sandbox.payfast.co.za",
-- 
2.47.3


From fc25d7ea40c336f2c44fe3b3a59c9727c25a4abc Mon Sep 17 00:00:00 2001
From: Khwezi Mngoma <khwezi@msn.com>
Date: Thu, 4 Jun 2026 09:08:36 +0200
Subject: [PATCH 2/2] Refactored k8s manifest

---
 MidrandBooksApi/Program.cs       | 2 --
 MidrandBooksApi/appsettings.json | 2 --
 midrandbooksapi-uat.yml          | 7 +++++++
 3 files changed, 7 insertions(+), 4 deletions(-)

diff --git a/MidrandBooksApi/Program.cs b/MidrandBooksApi/Program.cs
index b48974c..6fc42ac 100644
--- a/MidrandBooksApi/Program.cs
+++ b/MidrandBooksApi/Program.cs
@@ -1,8 +1,6 @@
-using LiteCharms.Features.Api.Configuration;
 using LiteCharms.Features.Extensions;
 using LiteCharms.Features.Mediator;
 using LiteCharms.Features.MidrandBooks.Extensions;
-using Microsoft.Extensions.Options;
 using static LiteCharms.Features.Extensions.Quartz;
 
 var builder = WebApplication.CreateBuilder(args);
diff --git a/MidrandBooksApi/appsettings.json b/MidrandBooksApi/appsettings.json
index 181de06..c2110f2 100644
--- a/MidrandBooksApi/appsettings.json
+++ b/MidrandBooksApi/appsettings.json
@@ -2,8 +2,6 @@
   "AuthentikSettings": {
     "Authority": "https://id.khongisa.co.za/application/o/midrand-books-api-uat/",
     "IntrospectionUrl": "https://id.khongisa.co.za/application/o/introspect/",
-    "ApiResourceName": "i6ygr84HlnhxFYqLJVJ2HhdlVrOYE4PnurT5cPQW",
-    "ApiResourceSecret": "tvPUM3Vqfk2sra99s9lN3Yli0ylaGT6vbQBqfH7KvSIbTeJ6dZGB12NW4MxqDDWJexP7vXfjTAZtR3j3ivD6cTJr5xQ9S4rpFnSfY4Fi69RNwRvKHj8hVrd3wobq6ODG",
     "RequiredClaimName": "scope",
     "RequiredClaimNameValue": "openid",
     "RequireHttpsMetadata": true
diff --git a/midrandbooksapi-uat.yml b/midrandbooksapi-uat.yml
index 50e5033..15a663a 100644
--- a/midrandbooksapi-uat.yml
+++ b/midrandbooksapi-uat.yml
@@ -26,6 +26,11 @@ data:
   ValidPayfastHosts__4: "ips.payfast.co.za"
   ValidPayfastHosts__5: "api.payfast.co.za"
   ValidPayfastHosts__6: "payment.payfast.io"
+  AuthentikSettings__Authority: "https://id.khongisa.co.za/application/o/midrand-books-api-uat/"
+  AuthentikSettings__IntrospectionUrl: "https://id.khongisa.co.za/application/o/introspect/"
+  AuthentikSettings__RequiredClaimName: "scope"
+  AuthentikSettings__RequiredClaimNameValue: "openid"
+  AuthentikSettings__RequireHttpsMetadata: "true"
 ---
 apiVersion: v1
 kind: Secret
@@ -41,6 +46,8 @@ data:
   hasher-payfastpassphrase: OUdBSVIwdFdwaFgwcU8=
   bookshop-s3-accesskey: R0s1MTRkMmNlOGRjNjkyMzdhMDVjMDFlZWY=
   bookshop-s3-secretkey: ZWFhZmVkYTFhZWQ0MDllY2ZlNjA3MTRlY2RhNTQ5YjgyYmRmNWEzZGFmOWYxOGRkNjFmNjZiNDk3M2E2NDgyZQ==
+  authentik-clientid: aTZ5Z3I4NEhsbmh4RllxTEpWSjJIaGRsVnJPWUU0UG51clQ1Y1BRVw==
+  authentik-clientsecret: dHZQVU0zVnFmazJzcmE5OXM5bE4zWWxpMHlsYUdUNnZiUUJxZkg3S3ZTSWJUZUo2ZFpHQjEyTlc0TXhxRERXSmV4UDd2WGZqVEFadFIzajNpdkQ2Y1RKcjV4UTlTNHJwRm5TZlk0Rmk2OVJOd1J2S0hqOGhWcmQzd29icTZPREc=
 ---
 apiVersion: v1
 kind: PersistentVolumeClaim
-- 
2.47.3