Add random token for orders
This commit is contained in:
parent
31eb42c1d5
commit
88ae856195
2 changed files with 34 additions and 5 deletions
19
src/Order.hs
19
src/Order.hs
|
@ -29,11 +29,12 @@ data ZGoOrder =
|
||||||
, qpaid :: Bool
|
, qpaid :: Bool
|
||||||
, qexternalInvoice :: T.Text
|
, qexternalInvoice :: T.Text
|
||||||
, qshortCode :: T.Text
|
, qshortCode :: T.Text
|
||||||
|
, qtoken :: T.Text
|
||||||
}
|
}
|
||||||
deriving (Eq, Show, Generic)
|
deriving (Eq, Show, Generic)
|
||||||
|
|
||||||
instance ToJSON ZGoOrder where
|
instance ToJSON ZGoOrder where
|
||||||
toJSON (ZGoOrder i a s ts c cur p t tZ l paid eI sC) =
|
toJSON (ZGoOrder i a s ts c cur p t tZ l paid eI sC tk) =
|
||||||
case i of
|
case i of
|
||||||
Just oid ->
|
Just oid ->
|
||||||
object
|
object
|
||||||
|
@ -50,6 +51,7 @@ instance ToJSON ZGoOrder where
|
||||||
, "paid" .= paid
|
, "paid" .= paid
|
||||||
, "externalInvoice" .= eI
|
, "externalInvoice" .= eI
|
||||||
, "shortCode" .= sC
|
, "shortCode" .= sC
|
||||||
|
, "token" .= tk
|
||||||
]
|
]
|
||||||
Nothing ->
|
Nothing ->
|
||||||
object
|
object
|
||||||
|
@ -66,6 +68,7 @@ instance ToJSON ZGoOrder where
|
||||||
, "paid" .= paid
|
, "paid" .= paid
|
||||||
, "externalInvoice" .= eI
|
, "externalInvoice" .= eI
|
||||||
, "shortCode" .= sC
|
, "shortCode" .= sC
|
||||||
|
, "token" .= tk
|
||||||
]
|
]
|
||||||
|
|
||||||
instance FromJSON ZGoOrder where
|
instance FromJSON ZGoOrder where
|
||||||
|
@ -84,6 +87,7 @@ instance FromJSON ZGoOrder where
|
||||||
pd <- obj .: "paid"
|
pd <- obj .: "paid"
|
||||||
eI <- obj .: "externalInvoice"
|
eI <- obj .: "externalInvoice"
|
||||||
sC <- obj .: "shortCode"
|
sC <- obj .: "shortCode"
|
||||||
|
tk <- obj .: "token"
|
||||||
pure $
|
pure $
|
||||||
ZGoOrder
|
ZGoOrder
|
||||||
(if not (null i)
|
(if not (null i)
|
||||||
|
@ -101,9 +105,10 @@ instance FromJSON ZGoOrder where
|
||||||
pd
|
pd
|
||||||
eI
|
eI
|
||||||
sC
|
sC
|
||||||
|
tk
|
||||||
|
|
||||||
instance Val ZGoOrder where
|
instance Val ZGoOrder where
|
||||||
val (ZGoOrder i a s ts c cur p t tZ l pd eI sC) =
|
val (ZGoOrder i a s ts c cur p t tZ l pd eI sC tk) =
|
||||||
if isJust i
|
if isJust i
|
||||||
then Doc
|
then Doc
|
||||||
[ "_id" =: i
|
[ "_id" =: i
|
||||||
|
@ -119,6 +124,7 @@ instance Val ZGoOrder where
|
||||||
, "paid" =: pd
|
, "paid" =: pd
|
||||||
, "externalInvoice" =: eI
|
, "externalInvoice" =: eI
|
||||||
, "shortCode" =: sC
|
, "shortCode" =: sC
|
||||||
|
, "token" =: tk
|
||||||
]
|
]
|
||||||
else Doc
|
else Doc
|
||||||
[ "address" =: a
|
[ "address" =: a
|
||||||
|
@ -133,6 +139,7 @@ instance Val ZGoOrder where
|
||||||
, "paid" =: pd
|
, "paid" =: pd
|
||||||
, "externalInvoice" =: eI
|
, "externalInvoice" =: eI
|
||||||
, "shortCode" =: sC
|
, "shortCode" =: sC
|
||||||
|
, "token" =: tk
|
||||||
]
|
]
|
||||||
cast' (Doc d) = do
|
cast' (Doc d) = do
|
||||||
i <- B.lookup "_id" d
|
i <- B.lookup "_id" d
|
||||||
|
@ -148,7 +155,8 @@ instance Val ZGoOrder where
|
||||||
pd <- B.lookup "paid" d
|
pd <- B.lookup "paid" d
|
||||||
eI <- B.lookup "externalInvoice" d
|
eI <- B.lookup "externalInvoice" d
|
||||||
sC <- B.lookup "shortCode" d
|
sC <- B.lookup "shortCode" d
|
||||||
Just (ZGoOrder i a s ts c cur p t tZ l pd eI sC)
|
tk <- B.lookup "token" d
|
||||||
|
Just (ZGoOrder i a s ts c cur p t tZ l pd eI sC tk)
|
||||||
cast' _ = Nothing
|
cast' _ = Nothing
|
||||||
|
|
||||||
-- Type to represent an order line item
|
-- Type to represent an order line item
|
||||||
|
@ -224,12 +232,17 @@ updateOrderTotals o =
|
||||||
(qpaid o)
|
(qpaid o)
|
||||||
(qexternalInvoice o)
|
(qexternalInvoice o)
|
||||||
(qshortCode o)
|
(qshortCode o)
|
||||||
|
(qtoken o)
|
||||||
where
|
where
|
||||||
newTotal :: ZGoOrder -> Double
|
newTotal :: ZGoOrder -> Double
|
||||||
newTotal x = foldr tallyItems 0 (qlines x)
|
newTotal x = foldr tallyItems 0 (qlines x)
|
||||||
tallyItems :: LineItem -> Double -> Double
|
tallyItems :: LineItem -> Double -> Double
|
||||||
tallyItems y z = (lqty y * lcost y) + z
|
tallyItems y z = (lqty y * lcost y) + z
|
||||||
|
|
||||||
|
setOrderToken :: T.Text -> ZGoOrder -> ZGoOrder
|
||||||
|
setOrderToken token (ZGoOrder i a s ts c cur p t tZ l pd eI sC tk) =
|
||||||
|
ZGoOrder i a s ts c cur p t tZ l pd eI sC token
|
||||||
|
|
||||||
findOrder :: T.Text -> Action IO (Maybe Document)
|
findOrder :: T.Text -> Action IO (Maybe Document)
|
||||||
findOrder s = findOne (select ["session" =: s, "closed" =: False] "orders")
|
findOrder s = findOne (select ["session" =: s, "closed" =: False] "orders")
|
||||||
|
|
||||||
|
|
|
@ -12,6 +12,8 @@ import Control.Concurrent (forkIO, threadDelay)
|
||||||
import Control.Exception (try)
|
import Control.Exception (try)
|
||||||
import Control.Monad
|
import Control.Monad
|
||||||
import Control.Monad.IO.Class
|
import Control.Monad.IO.Class
|
||||||
|
import Crypto.RNG (newCryptoRNGState, runCryptoRNGT)
|
||||||
|
import Crypto.RNG.Utils (randomString)
|
||||||
import Data.Aeson
|
import Data.Aeson
|
||||||
import Data.Array
|
import Data.Array
|
||||||
import qualified Data.Bson as B
|
import qualified Data.Bson as B
|
||||||
|
@ -832,6 +834,7 @@ routes pipe config = do
|
||||||
(T.concat
|
(T.concat
|
||||||
[T.pack sUrl, "-", ordId, "-", orderKey])
|
[T.pack sUrl, "-", ordId, "-", orderKey])
|
||||||
""
|
""
|
||||||
|
""
|
||||||
newId <- liftAndCatchIO $ run (insertWooOrder newOrder)
|
newId <- liftAndCatchIO $ run (insertWooOrder newOrder)
|
||||||
status ok200
|
status ok200
|
||||||
Web.Scotty.json (object ["order" .= show newId])
|
Web.Scotty.json (object ["order" .= show newId])
|
||||||
|
@ -1169,8 +1172,16 @@ routes pipe config = do
|
||||||
Just u -> do
|
Just u -> do
|
||||||
if uaddress u == qaddress q
|
if uaddress u == qaddress q
|
||||||
then do
|
then do
|
||||||
_ <- liftAndCatchIO $ run (upsertOrder q)
|
if qtoken q == ""
|
||||||
status created201
|
then do
|
||||||
|
t <- liftIO generateToken
|
||||||
|
_ <-
|
||||||
|
liftAndCatchIO $
|
||||||
|
run (upsertOrder $ setOrderToken (T.pack t) q)
|
||||||
|
status created201
|
||||||
|
else do
|
||||||
|
_ <- liftAndCatchIO $ run (upsertOrder q)
|
||||||
|
status created201
|
||||||
else status forbidden403
|
else status forbidden403
|
||||||
--Delete order
|
--Delete order
|
||||||
Web.Scotty.delete "/api/order/:id" $ do
|
Web.Scotty.delete "/api/order/:id" $ do
|
||||||
|
@ -1585,4 +1596,9 @@ checkUser run s = do
|
||||||
user <- run (findUser s)
|
user <- run (findUser s)
|
||||||
return $ cast' . Doc =<< user
|
return $ cast' . Doc =<< user
|
||||||
|
|
||||||
|
generateToken :: IO String
|
||||||
|
generateToken = do
|
||||||
|
rngState <- newCryptoRNGState
|
||||||
|
runCryptoRNGT rngState $ randomString 16 "abcdef0123456789"
|
||||||
|
|
||||||
debug = flip trace
|
debug = flip trace
|
||||||
|
|
Loading…
Reference in a new issue