Merge pull request 'Fixed secrets mappings' (#42) from mock-data into main

Reviewed-on: #42

MidrandBookshop/Components/Layout/MainLayout.razor

@@ -167,7 +167,7 @@
                             <path d="M20 21v-2a4 4 0 0 0-4-4H8a4 4 0 0 0-4 4v2" />
                             <circle cx="12" cy="7" r="4" />
                         </svg>
-                        LogIn
+                        Account
                     </a>
 
                     <a href="/profile" class="btn btn-sm btn-dark rounded-circle d-inline-flex d-md-none align-items-center justify-content-center border-0 p-0 shadow-sm"

MidrandBookshop/Components/Pages/Home.razor.cs

@@ -1,4 +1,4 @@
-using LiteCharms.Features.MidrandBooks;
+using LiteCharms.Features;
 using LiteCharms.Features.MidrandBooks.AuthorBooks;
 using LiteCharms.Features.MidrandBooks.Authors;
 using LiteCharms.Features.MidrandBooks.Categories;

MidrandBookshop/Components/Pages/ProductView.razor.cs

@@ -1,4 +1,4 @@
-using LiteCharms.Features.MidrandBooks;
+using LiteCharms.Features;
 using LiteCharms.Features.MidrandBooks.Authors;
 using LiteCharms.Features.MidrandBooks.Authors.Models;
 using LiteCharms.Features.MidrandBooks.Products;
@@ -35,7 +35,6 @@ public partial class ProductView : ComponentBase
             CurrentAuthor = null;
             Thumbnails.Clear();
 
-            // 1. Resolve product listing details
             var productResult = await ProductService.GetProductAsync(BookId);
 
             if (productResult.IsSuccess && productResult.Value != null)
@@ -43,31 +42,24 @@ public partial class ProductView : ComponentBase
                 CurrentProduct = productResult.Value;
                 AuthorName = CurrentProduct.Metadata?.Manufacturer ?? "Unknown Author";
 
-                // 2. Load pricing data
                 var priceResult = await ProductService.GetProductPriceAsync(BookId);
                 LivePrice = priceResult.IsSuccess ? priceResult.Value.Amount : 0m;
 
-                // 3. Extract active catalog categories
                 var categoryResult = await ProductService.GetProductCategoriesAsync(BookId);
                 if (categoryResult.IsSuccess && categoryResult.Value.Length > 0)
-                {
                     PrimaryCategory = categoryResult.Value[0].Name ?? "General";
-                }
 
-                // 4. Retrieve complete contextual model through the newly instantiated AuthorService lookup
                 var authorResult = await AuthorService.GetAuthorByProductIdAsync(BookId);
                 if (authorResult.IsSuccess && authorResult.Value != null)
                 {
                     CurrentAuthor = authorResult.Value;
 
-                    // Format fully qualified author text cleanly depending on their publisher model details
                     if (CurrentAuthor.PublisherType == PublisherTypes.Company && !string.IsNullOrWhiteSpace(CurrentAuthor.Company))
                         AuthorName = CurrentAuthor.Company;
                     else
                         AuthorName = $"{CurrentAuthor.Name} {CurrentAuthor.LastName}".Trim();
                 }
 
-                // 5. Build presentation image viewer variables
                 if (!string.IsNullOrWhiteSpace(CurrentProduct.ImageUrl))
                     Thumbnails.Add(CurrentProduct.ImageUrl);
 

MidrandBookshop/Components/Pages/Profile.razor

@@ -1,5 +1,10 @@
 @page "/profile"
+@using Microsoft.AspNetCore.Components.Authorization
+@inject NavigationManager Navigation
+@rendermode InteractiveServer
 
+<AuthorizeView>
+    <Authorized>
         <div class="container py-5">
             <h2 class="fw-bold mb-5 tracking-tight">My Account</h2>
             <div class="row g-5">
@@ -9,7 +14,7 @@
                         <button class="nav-link text-start" data-bs-toggle="pill" data-bs-target="#shipping" role="tab">Shipping Address</button>
                         <button class="nav-link text-start" data-bs-toggle="pill" data-bs-target="#profile" role="tab">Profile Settings</button>
                         <hr />
-                <button class="nav-link text-danger text-start">Logout</button>
+                        <button class="nav-link text-danger text-start" @onclick="TriggerLogout">Logout</button>
                     </div>
                 </div>
 
@@ -193,6 +198,12 @@
                 </div>
             </div>
         </div>
+    </Authorized>
+    
+    <NotAuthorized>
+        <RedirectToLogin />
+    </NotAuthorized>
+</AuthorizeView>
 
 @code {
     private bool showAddForm = false;
@@ -216,6 +227,8 @@
         new AddressItem { Id = 3, Name = "Midrand Books Warehouse", Street = "Unit 8, Corporate Park North", City = "Randjespark", PostalCode = "1683", IsBilling = false, IsShipping = true, IsPrimary = false }
     };
 
+    private void TriggerLogout() => Navigation.NavigateTo("/logout", forceLoad: true);
+
     private void DownloadInvoice(string orderId)
     {
         // Handle invoice downloading logic here

MidrandBookshop/Components/RedirectToLogin.razor

@@ -0,0 +1,10 @@
+@inject NavigationManager Navigation
+
+@code {
+    protected override void OnInitialized()
+    {
+        var returnUrl = Navigation.ToBaseRelativePath(Navigation.Uri);
+
+        Navigation.NavigateTo($"/login?redirectUri={Uri.EscapeDataString(returnUrl)}", forceLoad: true);
+    }
+}

MidrandBookshop/Components/Routes.razor

@@ -1,7 +1,14 @@
-@using MidrandBookshop.Components.Pages
+@using Microsoft.AspNetCore.Components.Authorization
+@using MidrandBookshop.Components.Pages
+
+<CascadingAuthenticationState>
     <Router AppAssembly="@typeof(Program).Assembly">
         <Found Context="routeData">
-        <RouteView RouteData="@routeData" DefaultLayout="@typeof(MainLayout)" />
+            <AuthorizeRouteView RouteData="@routeData" DefaultLayout="@typeof(MainLayout)">
+                <NotAuthorized>                    
+                    <RedirectToLogin />
+                </NotAuthorized>
+            </AuthorizeRouteView>
             <FocusOnNavigate RouteData="@routeData" Selector="h1" />
         </Found>
         <NotFound>
@@ -10,3 +17,4 @@
             </LayoutView>
         </NotFound>
     </Router>
+</CascadingAuthenticationState>

MidrandBookshop/MidrandBookshop.csproj

@@ -18,13 +18,13 @@
   </ItemGroup>
 
   <ItemGroup>
-    <PackageReference Include="LiteCharms.Features" Version="1.57.0" />
+    <PackageReference Include="LiteCharms.Features" Version="1.82.0" />
   </ItemGroup>
 
   <!-- UI -->
   <ItemGroup>
     <PackageReference Include="ANM.Blazored.Toast" Version="0.1.1" />
-    <PackageReference Include="LiteCharms.Features.MidrandBooks" Version="1.57.0" />
+    <PackageReference Include="LiteCharms.Features.MidrandBooks" Version="1.82.0" />
     
     <!-- Global Usings -->
     <Using Include="Blazored.Toast.Services" />

MidrandBookshop/Program.cs

@@ -1,9 +1,12 @@
 using LiteCharms.Features.Extensions;
 using LiteCharms.Features.Mediator;
 using LiteCharms.Features.MidrandBooks.Extensions;
+using Microsoft.AspNetCore.HttpOverrides;
 using MidrandBookshop.Components;
 using static LiteCharms.Features.Extensions.Quartz;
 
+AppContext.SetSwitch("Microsoft.IdentityModel.DisableTelemetry", true);
+
 var builder = WebApplication.CreateBuilder(args);
 
 builder.Services.AddRazorComponents()
@@ -13,6 +16,7 @@ builder.AddMonitoring();
 builder.Services.AddEndpointsApiExplorer();
 
 builder.Services.AddMediator();
+builder.Services.AddAuthentikUiSecurity(builder.Configuration);
 
 builder.Services.AddScoped(typeof(IPipelineBehavior<,>), typeof(TelemetryPipelineBehavior<,>));
 builder.Services.AddScoped(typeof(IPipelineBehavior<,>), typeof(LoggingPipelineBehavior<,>));
@@ -22,15 +26,27 @@ builder.Services.AddQuartzSchedulerClient(MidrandShopSchedulerName, builder.Conf
 builder.Services.AddEmailServices(builder.Configuration);
 builder.Services.AddEmailServiceBus();
 
+builder.Services.AddHttpClient();
 builder.Services.AddShopServices();
+builder.Services.AddHashServices(builder.Configuration);
 builder.Services.AddMidrandShopDatabase(builder.Configuration);
 
 builder.Services.AddMidrandShopPostgresHealthCheck();
 builder.Services.AddMidrandShopQuartzHealthCheck();
 builder.Services.AddHealthChecksSupport(builder.Configuration);
+builder.Services.AddCascadingAuthenticationState();
+
+builder.Services.Configure<ForwardedHeadersOptions>(options =>
+{
+    options.ForwardedHeaders = ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto;
+    options.KnownProxies.Clear();
+});
 
 var app = builder.Build();
 
+app.UseForwardedHeaders();
+app.AddSecurityEndpoints();
+
 var schedulerFactory = app.Services.GetRequiredService<ISchedulerFactory>();
 var scheduler = await schedulerFactory.GetScheduler(MidrandShopSchedulerName);
 

MidrandBookshop/appsettings.json

@@ -1,4 +1,12 @@
 {
+  "AuthentikSettings": {
+    "Authority": "https://id.khongisa.co.za/application/o/midrand-books-uat/",
+    "MetadataEndpoint": "https://id.khongisa.co.za/application/o/midrand-books-uat/.well-known/openid-configuration",
+    "RevokationEndpoint": "https://id.khongisa.co.za/application/o/revoke/"
+  },
+  "HasherSettings": {
+    "MinHashLength": 11
+  },
   "BookshopS3Settings": {
     "ServiceUrl": "http://192.168.1.177:30900",
     "Region": "garage",

midrandbooks-uat.yml

@@ -14,6 +14,21 @@ data:
   ASPNETCORE_URLS: "http://0.0.0.0:8080"
   Monitoring__Address: "http://aspire-dashboard-service.aspire.svc.cluster.local:18889"
   Monitoring__ServiceName: "MidrandBooks.Uat"
+  HasherSettings__MinHashLength: "11"
+  BookshopS3Settings__ServiceUrl: "http://garage.garage.svc.cluster.local:3900"
+  BookshopS3Settings__Region: "garage"
+  BookshopS3Settings__BucketName: "bookshop"
+  BookshopS3Settings__CdnBaseUrl: "https://bookshop.cdn.khongisa.co.za"
+  ValidPayfastHosts__0: "www.payfast.co.za"
+  ValidPayfastHosts__1: "sandbox.payfast.co.za"
+  ValidPayfastHosts__2: "w1w.payfast.co.za"
+  ValidPayfastHosts__3: "w2w.payfast.co.za"
+  ValidPayfastHosts__4: "ips.payfast.co.za"
+  ValidPayfastHosts__5: "api.payfast.co.za"
+  ValidPayfastHosts__6: "payment.payfast.io"
+  AuthentikSettings__Authority: "https://id.khongisa.co.za/application/o/midrand-books-api-uat/"
+  AuthentikSettings__MetadataEndpoint: "https://id.khongisa.co.za/application/o/midrand-books-uat/.well-known/openid-configuration"
+  AuthentikSettings__RevokationEndpoint: "https://id.khongisa.co.za/application/o/revoke/"
 ---
 apiVersion: v1
 kind: Secret
@@ -25,6 +40,12 @@ data:
   connection-string: SG9zdD0xOTIuMTY4LjEuMTcwO0RhdGFiYXNlPW1pZHJhbmRzaG9wLWRldjtVc2VybmFtZT1taWRyYW5kc2hvcC1kZXYtdXNlcjtQYXNzd29yZD1hUFh5a0tnM3RTOWNtRDtQZXJzaXN0IFNlY3VyaXR5IEluZm89VHJ1ZQ==
   connection-string-quartz: SG9zdD0xOTIuMTY4LjEuMTcwO0RhdGFiYXNlPXNjaGVkdWxlci1kZXY7VXNlcm5hbWU9c2NoZWR1bGVyLWRldi11c2VyO1Bhc3N3b3JkPWtWVm1vV0tKM3h6Z1FYO1BlcnNpc3QgU2VjdXJpdHkgSW5mbz1UcnVl
   aspire-apikey: bWMzRzYzSzJqNVpPRXNpMEFqTW9qTFRYbTFLRVpGY3R6SUlqU3dEaVRHdXQ4cUdTa1B1V3d4R1AxUmJzY0pVbw==
+  hasher-salt: VEdsbmFIUWdRMmhoY20xekxDQk5hV1J5WVc1a1FtOXZhM01nYldGclpTQnNiM1J6SUc5bUlHMXZibVY1SUdGdVpDQmhjbVVnWVNCemRXTmpaWE56Wm5Wc0lIWnBjbUZzSUhOMGIzSjVJR2x1SUZOdmRYUm9JRUZtY21sallRPT0=
+  hasher-payfastpassphrase: OUdBSVIwdFdwaFgwcU8=
+  bookshop-s3-accesskey: R0s1MTRkMmNlOGRjNjkyMzdhMDVjMDFlZWY=
+  bookshop-s3-secretkey: ZWFhZmVkYTFhZWQ0MDllY2ZlNjA3MTRlY2RhNTQ5YjgyYmRmNWEzZGFmOWYxOGRkNjFmNjZiNDk3M2E2NDgyZQ==
+  authentik-clientid: Nm9oZk1lSndQNWR0YWY1RFMzZU9MY2NNSHF6WXlma1YzRTNGeE5Tbw==
+  authentik-clientsecret: TXV2a0FLQklHR3BkdEsyaFlabVU1dFRaUmNuM2FhRzhoMWhlVE1nazFYOGVwczYyMzNCS0REWGdpNXo0T01RalVzMGZEUEFmakpmVVRNN1h3ZjllMU01MTQyVGlvOXRycUdmZTM1THhPaExEUnp6N2gxSm5jVkNLYXZXUllndmQ=
 ---
 apiVersion: v1
 kind: PersistentVolumeClaim
@@ -77,6 +98,36 @@ spec:
             - configMapRef:
                 name: midrandbooks-config
           env:
+            - name: AuthentikSettings__ClientId
+              valueFrom:
+                secretKeyRef:
+                  name: midrandbooks-secrets
+                  key: authentik-clientid
+            - name: AuthentikSettings__ClientSecret
+              valueFrom:
+                secretKeyRef:
+                  name: midrandbooks-secrets
+                  key: authentik-clientsecret
+            - name: BookshopS3Settings__AccessKey
+              valueFrom:
+                secretKeyRef:
+                  name: midrandbooks-secrets
+                  key: bookshop-s3-accesskey
+            - name: BookshopS3Settings__SecretKey
+              valueFrom:
+                secretKeyRef:
+                  name: midrandbooks-secrets
+                  key: bookshop-s3-secretkey
+            - name: HasherSettings__Salt
+              valueFrom:
+                secretKeyRef:
+                  name: midrandbooks-secrets
+                  key: hasher-salt
+            - name: HasherSettings__PayfastPassphrase
+              valueFrom:
+                secretKeyRef:
+                  name: midrandbooks-secrets
+                  key: hasher-payfastpassphrase
             - name: ConnectionStrings__PostgresScheduler
               valueFrom:
                 secretKeyRef:
@@ -87,16 +138,6 @@ spec:
                 secretKeyRef:
                   name: midrandbooks-secrets
                   key: connection-string
-            - name: Monitoring__Address
-              valueFrom:
-                configMapKeyRef:
-                  name: midrandbooks-config
-                  key: Monitoring__Address
-            - name: Monitoring__ServiceName
-              valueFrom:
-                configMapKeyRef:
-                  name: midrandbooks-config
-                  key: Monitoring__ServiceName
             - name: Monitoring__ApiKey
               valueFrom:
                 secretKeyRef: