More configs

- optionnaly serving merchantid_domain_association: this is required to be served
to validate the domain with apple/stripe and should be done on infra but given
the simplicity we're using just this app and the proxy. The proxy cannot
serve this via a conf snippet as the string is too long.

- matching min/max amounts and currencies with the app and making those configurable

donation-api/src/donation_api/constants.py

@@ -12,11 +12,19 @@ class Constants:
     stripe_webhook_secret: str = os.getenv("STRIPE_WEBHOOK_SECRET") or ""
     stripe_webhook_sender_ips: list[str] = field(default_factory=list)
     stripe_webhook_testing_ips: list[str] = field(default_factory=list)
+    alllowed_currencies: list[str] = field(default_factory=list)
+    merchantid_domain_association: str = (
+        os.getenv("MERCHANTID_DOMAIN_ASSOCIATION") or ""
+    )
 
-    stripe_minimal_amount: float = 1.0
-    stripe_maximum_amount: float = 1000000
+    stripe_minimal_amount: int = int(os.getenv("STRIPE_MINIMAL_AMOUNT") or "5")
+    stripe_maximum_amount: int = int(os.getenv("STRIPE_MAXIMUM_AMOUNT") or "999999")
 
     def __post_init__(self):
+        self.alllowed_currencies = (
+            os.getenv("ALLOWED_CURRENCIES") or "USD|EUR|CHF"
+        ).split("|")
+
         self.stripe_webhook_testing_ips = os.getenv(
             "STRIPE_WEBHOOK_TESTING_IPS", ""
         ).split("|")

donation-api/src/donation_api/entrypoint.py

@@ -2,10 +2,11 @@
 
 from fastapi import FastAPI
 from fastapi.middleware.cors import CORSMiddleware
-from fastapi.responses import RedirectResponse
+from fastapi.responses import PlainTextResponse, RedirectResponse
 
 from donation_api import stripe
 from donation_api.__about__ import __description__, __title__, __version__
+from donation_api.constants import conf
 
 PREFIX = "/v1"
 
@@ -22,6 +23,16 @@ async def _():
         """Redirect to root of latest version of the API"""
         return RedirectResponse(f"{PREFIX}/", status_code=HTTPStatus.PERMANENT_REDIRECT)
 
+    # could be done on infra ; this is a handy shortcut
+    if conf.merchantid_domain_association:
+
+        @app.get("/.well-known/apple-developer-merchantid-domain-association")
+        async def _():
+            """Used to validate domain ownership with apple/stripe"""
+            return PlainTextResponse(
+                conf.merchantid_domain_association, status_code=HTTPStatus.OK
+            )
+
     api = FastAPI(
         title=__title__,
         description=__description__,

donation-api/src/donation_api/stripe.py

@@ -96,6 +96,9 @@ async def check_config():
     if not conf.stripe_webhook_sender_ips:
         errors.append("Missing Stripe IPs")
 
+    if not conf.alllowed_currencies:
+        errors.append("Missing currencies list")
+
     if errors:
         raise HTTPException(
             status_code=HTTPStatus.INTERNAL_SERVER_ERROR, detail="\n".join(errors)
@@ -124,6 +127,11 @@ async def create_payment_intent(pi_payload: PaymentIntentRequest):
             status_code=HTTPStatus.BAD_REQUEST,
             detail="Currency doesnt look like a currency",
         )
+    if pi_payload.currency not in conf.alllowed_currencies:
+        raise HTTPException(
+            status_code=HTTPStatus.BAD_REQUEST,
+            detail="Currency not supported",
+        )
 
     if (
         pi_payload.amount < conf.stripe_minimal_amount