Merge branch 'release/comp-1.8.28'

Author: sipsorcery

src/NoFrixion.MoneyMoov/ApiClients/PayoutClient.cs

@@ -9,6 +9,7 @@
 // History:
 // 05 Feb 2023  Aaron Clauson   Created, Stillorgan Wood, Dublin, Ireland.
 // 19 Apr 2023  Aaron Clauson   Added batch payout methods.
+// 25 Oct 2024  Aaron Clauson   Added send payout method with HMAC signature authentication.
 //
 // License: 
 // MIT.
@@ -18,7 +19,6 @@
 using Microsoft.Extensions.Logging.Abstractions;
 using NoFrixion.MoneyMoov.Models;
 using System.Net;
-using System.Net.Http.Json;
 
 namespace NoFrixion.MoneyMoov;
 
@@ -41,6 +41,8 @@ public interface IPayoutClient
     Task<RestApiResponse> SubmitBatchPayoutAsync(string strongUserAccessToken, Guid batchPayoutID);
 
     Task<RestApiResponse> DeletePayoutAsync(string accessToken, Guid payoutID);
+
+    Task<RestApiResponse<Payout>> SendPayoutAsync(Guid appID, string secret, Guid merchantID, PayoutCreate payoutCreate);
 }
 
 public class PayoutClient : IPayoutClient
@@ -229,7 +231,7 @@ public Task<RestApiResponse> SubmitBatchPayoutAsync(string strongUserAccessToken
     /// </summary>
     /// <param name="accessToken">The user, or merchant, access token deleting the payout.</param>
     /// <param name="payoutID"></param>
-    /// <returns></returns>
+    /// <returns>An API response indicating the result of the delete attempt.</returns>
     public Task<RestApiResponse> DeletePayoutAsync(string accessToken, Guid payoutID)
     {
         var url = MoneyMoovUrlBuilder.PayoutsApi.PayoutUrl(_apiClient.GetBaseUri().ToString(), payoutID);
@@ -242,4 +244,20 @@ public Task<RestApiResponse> DeletePayoutAsync(string accessToken, Guid payoutID
             _ => Task.FromResult(new RestApiResponse(HttpStatusCode.PreconditionFailed, new Uri(url), prob))
         };
     }
+
+    /// <summary>
+    /// Calls the Trusted Third Party (TTP) MoneyMoov Payout endpoint to send a payout WITHOUT requiring NoFrixion Strong
+    /// Customer Authentication (SCA). This method relies on the caller to use ther own form of SCA.
+    /// </summary>
+    /// <param name="appID">The TTP application ID.</param>
+    /// <param name="secret">The TTP secret.</param>
+    /// <param name="merchantID">The merchant ID the send payout is being attempted for.</param>
+    /// <param name="payoutCreate">The payout create object with details of the payout to send.</param>
+    /// <returns>An API response indicating the result of the send attempt.</returns>
+    public Task<RestApiResponse<Payout>> SendPayoutAsync(Guid appID, string secret, Guid merchantID, PayoutCreate payoutCreate)
+    {
+        var url = MoneyMoovUrlBuilder.PayoutsApi.SendPayoutUrl(_apiClient.GetBaseUri().ToString());
+
+        return _apiClient.PostAsync<Payout>(url, appID, secret, merchantID, payoutCreate.ToJsonContent());
+    }
 }

src/NoFrixion.MoneyMoov/HmacSignature/HmacAuthenticationConstants.cs

@@ -0,0 +1,29 @@
+// -----------------------------------------------------------------------------
+//  Filename: HmacAuthenticationConstants.cs
+// 
+//  Description: Constants for HMAC authentication:
+// 
+//  Author(s):
+//  Donal O'Connor ([email protected])
+// 
+//  History:
+//  22 04 2024  Donal O'Connor   Created, Harcourt St, Dublin, Ireland.
+// 
+//  License:
+//  MIT.
+// -----------------------------------------------------------------------------
+
+namespace NoFrixion.MoneyMoov;
+
+public static class HmacAuthenticationConstants
+{
+    public const string SIGNATURE_SCHEME_NAME = "Signature";
+    public const string APP_ID_HEADER_NAME = "appId";
+    public const string AUTHORIZATION_HEADER_NAME = "Authorization";
+    public const string DATE_HEADER_NAME = "Date";
+    public const string NONCE_HEADER_NAME = "x-mod-nonce";
+    public const string MERCHANT_ID_HEADER_NAME = "x-nfx-merchantid";
+    public const string NOFRIXION_SIGNATURE_HEADER_NAME = "x-nfx-signature";
+    public const string HTTP_RETRY_HEADER_NAME = "x-mod-retry";
+    public const string IDEMPOTENT_HEADER_NAME = "idempotency-key";
+}

src/NoFrixion.MoneyMoov/HmacSignature/HmacSignatureAuthHelper.cs

@@ -0,0 +1,106 @@
+// -----------------------------------------------------------------------------
+//  Filename: HmacSignatureAuthHelper.cs
+// 
+//  Description: Used for generating HMAC signatures and verifying them.
+// 
+//  Author(s):
+//  Donal O'Connor ([email protected])
+// 
+//  History:
+//  08 02 2022  Donal O'Connor   Created, Carmichael House,
+// Dublin, Ireland.
+// 
+//  License:
+//  MIT.
+// -----------------------------------------------------------------------------
+
+using System.Net;
+using System.Security.Cryptography;
+using System.Text;
+
+namespace NoFrixion.MoneyMoov;
+
+public static class HmacSignatureAuthHelper
+{
+    public static Dictionary<string, string> GetAppHeaders(string appId,
+        string idempotencyKey,
+        string secret,
+        DateTime date,
+        Guid merchantId)
+    {
+        var signature = GenerateSignature(idempotencyKey, date, secret, true);
+
+        var headers = new Dictionary<string, string>
+        {
+            {HmacAuthenticationConstants.AUTHORIZATION_HEADER_NAME, GenerateAppAuthHeaderContent(appId, signature)},
+            {HmacAuthenticationConstants.DATE_HEADER_NAME, date.ToString("R")},
+            {HmacAuthenticationConstants.IDEMPOTENT_HEADER_NAME, idempotencyKey},
+            {HmacAuthenticationConstants.MERCHANT_ID_HEADER_NAME, merchantId.ToString()},
+        };
+
+        return headers;
+    }
+    
+    public static Dictionary<string, string> GetHeaders(string keyId,
+        string nonce,
+        string secret,
+        DateTime date,
+        bool asRetry = false)
+    {
+        var signature = GenerateSignature(nonce, date, secret);
+
+        var headers = new Dictionary<string, string>
+        {
+            {HmacAuthenticationConstants.AUTHORIZATION_HEADER_NAME, GenerateAuthHeaderContent(keyId, signature)},
+            {HmacAuthenticationConstants.DATE_HEADER_NAME, date.ToString("R")},
+            {HmacAuthenticationConstants.NONCE_HEADER_NAME, nonce},
+            {HmacAuthenticationConstants.HTTP_RETRY_HEADER_NAME, asRetry.ToString().ToLower()},
+            {HmacAuthenticationConstants.NOFRIXION_SIGNATURE_HEADER_NAME, signature},
+        };
+
+        return headers;
+    }
+
+    public static string GenerateSignature(string nonce, DateTime date, string secret, bool hmac256 = false)
+    {
+        return hmac256 ? 
+            HashAndEncode256($"date: {date:R}\n{HmacAuthenticationConstants.IDEMPOTENT_HEADER_NAME}: {nonce}", secret) : 
+            HashAndEncode($"date: {date:R}\n{HmacAuthenticationConstants.NONCE_HEADER_NAME}: {nonce}", secret);
+    }
+    
+    private static string GenerateAppAuthHeaderContent(string apiKey, string signature)
+    {
+        return $"Signature appId=\"{apiKey}\",headers=\"date {HmacAuthenticationConstants.IDEMPOTENT_HEADER_NAME}\",signature=\"{signature}\"";
+    }
+    
+    private static string GenerateAuthHeaderContent(string apiKey, string signature)
+    {
+        return $"Signature keyId=\"{apiKey}\",headers=\"date x-mod-nonce\",signature=\"{signature}\"";
+    }
+    
+    private static string HashAndEncode(string message, string secret)
+    {
+        var ascii = Encoding.ASCII;
+        
+        HMACSHA1 hmac = new HMACSHA1(ascii.GetBytes(secret));
+        hmac.Initialize();
+
+        byte[] messageBuffer = ascii.GetBytes(message);
+        byte[] hash = hmac.ComputeHash(messageBuffer);
+
+        return WebUtility.UrlEncode(Convert.ToBase64String(hash));
+    }
+    
+    private static string HashAndEncode256(string message, string secret)
+    {
+        var ascii = Encoding.ASCII;
+        
+        var hmac = new HMACSHA256(ascii.GetBytes(secret));
+        hmac.Initialize();
+
+        var messageBuffer = ascii.GetBytes(message);
+        var hash = hmac.ComputeHash(messageBuffer);
+
+        return WebUtility.UrlEncode(Convert.ToBase64String(hash));
+    }
+}

src/NoFrixion.MoneyMoov/Models/Payouts/Payout.cs

@@ -390,6 +390,12 @@ public Counterparty? DestinationAccount
     public PaymentRailEnum PaymentRail { get; set; }
 
     public string? Nonce { get; set; }
+    
+    /// <summary>
+    /// Collection of payrun invoices associated with the payout.
+    /// Will be empty if the payout is not associated with a payrun.
+    /// </summary>
+    public List<PayrunInvoice>? PayrunInvoices { get; set; }
 
     public NoFrixionProblem Validate()
     {

src/NoFrixion.MoneyMoov/Models/Transaction/Transaction.cs

@@ -115,4 +115,9 @@ public class Transaction : IWebhookPayload
     /// If set it indicates the  payin was to a virtual IBAN.
     /// </summary>
     public string VirtualIBAN { get; set; }
+
+    /// <summary>
+    /// An optional list of descriptive tags attached to the transaction.
+    /// </summary>
+    public List<Tag> Tags { get; set; } = [];
 }

src/NoFrixion.MoneyMoov/MoneyMoovUrlBuilder.cs

@@ -219,6 +219,9 @@ public static string CancelScheduledPayoutUrl(string moneyMoovBaseUrl, Guid payo
 
         public static string RejectPayoutUrl(string moneyMoovBaseUrl, Guid payoutID)
             => $"{moneyMoovBaseUrl}/{MoneyMoovResources.payouts}/reject/{payoutID}";
+
+        public static string SendPayoutUrl(string moneyMoovBaseUrl)
+            => $"{moneyMoovBaseUrl}/{MoneyMoovResources.payouts}/send";
     }
 
     /// <summary>