Merge pull request #646 from nofrixion/feature/MOOV-4824-merchant-token-ip-address

Feature/moov 4824 merchant token ip address

Author: donalnofrixion

src/NoFrixion.MoneyMoov/Attributes/IPAddressAttribute.cs

@@ -0,0 +1,52 @@
+// -----------------------------------------------------------------------------
+//  Filename: IPAddressAttribute.cs
+// 
+//  Description: A custom attribute to validate multiple IP addresses:
+// 
+//  Author(s):
+//  Donal O'Connor ([email protected])
+// 
+//  History:
+//  10 09 2025  Donal O'Connor   Created, Harcourt St, Dublin, Ireland.
+// 
+//  License:
+//  Proprietary NoFrixion.
+// -----------------------------------------------------------------------------
+
+using System.ComponentModel.DataAnnotations;
+
+namespace NoFrixion.MoneyMoov.Attributes;
+
+[AttributeUsage(AttributeTargets.Property | AttributeTargets.Field | AttributeTargets.Parameter)]
+public class IPAddressAttribute : ValidationAttribute
+{
+    protected override ValidationResult? IsValid(object? value, ValidationContext validationContext)
+    {
+        if (value == null)
+        {
+            return ValidationResult.Success;
+        }
+
+        if (value is not string ipAddressesValue)
+        {
+            return new ValidationResult($"The {validationContext.DisplayName} field must be a string.");
+        }
+
+        if (string.IsNullOrWhiteSpace(ipAddressesValue))
+        {
+            return ValidationResult.Success;
+        }
+
+        var ipAddresses = ipAddressesValue.Split([','], StringSplitOptions.RemoveEmptyEntries | StringSplitOptions.TrimEntries);
+
+        foreach (var ipAddress in ipAddresses)
+        {
+            if (!System.Net.IPAddress.TryParse(ipAddress, out _) && !System.Net.IPNetwork.TryParse(ipAddress, out _))
+            {
+                return new ValidationResult($"The {validationContext.DisplayName} field contains an invalid IP address: {ipAddress}");
+            }
+        }
+        
+        return ValidationResult.Success;
+    }
+}

src/NoFrixion.MoneyMoov/Enums/MerchantTokenPermissionsEnumExtensions.cs

@@ -0,0 +1,37 @@
+// -----------------------------------------------------------------------------
+//  Filename: MerchantTokenPermissionsEnumExtensions.cs
+// 
+//  Description: Contains extension methods for the MerchantTokenPermissionsEnum enum.:
+// 
+//  Author(s):
+//  Donal O'Connor ([email protected])
+// 
+//  History:
+//  11 09 2025  Donal O'Connor   Created, Harcourt St, Dublin, Ireland.
+// 
+//  License:
+//  Proprietary NoFrixion.
+// -----------------------------------------------------------------------------
+
+namespace NoFrixion.MoneyMoov.Enums;
+
+public static class MerchantTokenPermissionsEnumExtensions
+{
+    public static bool IsPrivilegedPermission(this MerchantTokenPermissionsEnum permission)
+    {
+        if (permission.HasFlag(MerchantTokenPermissionsEnum.ViewPaymentAccount))
+        {
+            return true;
+        }
+        if (permission.HasFlag(MerchantTokenPermissionsEnum.ViewPayout))
+        {
+            return true;
+        }
+        if (permission.HasFlag(MerchantTokenPermissionsEnum.ViewTransactions))
+        {
+            return true;
+        }
+        
+        return false;
+    }
+}

src/NoFrixion.MoneyMoov/Models/Token/TokenAdd.cs

@@ -14,6 +14,8 @@
 
 using System.ComponentModel.DataAnnotations;
 using System.Text.RegularExpressions;
+using NoFrixion.MoneyMoov.Attributes;
+
 namespace NoFrixion.MoneyMoov.Models;
 
 #nullable disable
@@ -92,6 +94,13 @@ private bool ValidateDescription()
         return false;
     }
 
+    /// <summary>
+    /// Optional. If set represents a comma separated list of IP addresses that this token is authorised to be used from.
+    /// Attempts to use the token from an IP address not in the list will be rejected.
+    /// </summary>
+    [IPAddress]
+    public string IPAddressWhitelist { get; set; }
+    
     /// <summary>
     /// Places all the token add member's properties into a dictionary. Useful
     /// for testing when HTML form encoding is required.
@@ -104,7 +113,8 @@ public IReadOnlyDictionary<string, string> ToDictionary()
 
         dict.Add(nameof(MerchantID), MerchantID.ToString());
         dict.Add(nameof(Description), Description.ToString());
-
+        dict.Add(nameof(IPAddressWhitelist), IPAddressWhitelist?.ToString());
+        
         if (PermissionTypes?.Count() > 0)
         {
             int permissionTypeNumber = 0;

src/NoFrixion.MoneyMoov/Models/Token/TokenUpdate.cs

@@ -13,6 +13,8 @@
 //  Proprietary NoFrixion.
 // -----------------------------------------------------------------------------
 
+using NoFrixion.MoneyMoov.Attributes;
+
 namespace NoFrixion.MoneyMoov.Models;
 
 public class TokenUpdate
@@ -25,4 +27,11 @@ public class TokenUpdate
     /// The permissions that the merchant token supports.
     /// </summary>
     public List<MerchantTokenPermissionsEnum>? PermissionTypes { get; set; }
+    
+    /// <summary>
+    /// Optional. If set represents a comma separated list of IP addresses that this token is authorised to be used from.
+    /// Attempts to use the token from an IP address not in the list will be rejected.
+    /// </summary>
+    [IPAddress]
+    public string? IPAddressWhitelist { get; set; }
 }