Add random token for orders

This commit is contained in:
Rene Vergara 2023-06-02 13:51:17 -05:00
parent 31eb42c1d5
commit 88ae856195
Signed by: pitmutt
GPG key ID: 65122AD495A7F5B2
2 changed files with 34 additions and 5 deletions

View file

@ -29,11 +29,12 @@ data ZGoOrder =
, qpaid :: Bool , qpaid :: Bool
, qexternalInvoice :: T.Text , qexternalInvoice :: T.Text
, qshortCode :: T.Text , qshortCode :: T.Text
, qtoken :: T.Text
} }
deriving (Eq, Show, Generic) deriving (Eq, Show, Generic)
instance ToJSON ZGoOrder where instance ToJSON ZGoOrder where
toJSON (ZGoOrder i a s ts c cur p t tZ l paid eI sC) = toJSON (ZGoOrder i a s ts c cur p t tZ l paid eI sC tk) =
case i of case i of
Just oid -> Just oid ->
object object
@ -50,6 +51,7 @@ instance ToJSON ZGoOrder where
, "paid" .= paid , "paid" .= paid
, "externalInvoice" .= eI , "externalInvoice" .= eI
, "shortCode" .= sC , "shortCode" .= sC
, "token" .= tk
] ]
Nothing -> Nothing ->
object object
@ -66,6 +68,7 @@ instance ToJSON ZGoOrder where
, "paid" .= paid , "paid" .= paid
, "externalInvoice" .= eI , "externalInvoice" .= eI
, "shortCode" .= sC , "shortCode" .= sC
, "token" .= tk
] ]
instance FromJSON ZGoOrder where instance FromJSON ZGoOrder where
@ -84,6 +87,7 @@ instance FromJSON ZGoOrder where
pd <- obj .: "paid" pd <- obj .: "paid"
eI <- obj .: "externalInvoice" eI <- obj .: "externalInvoice"
sC <- obj .: "shortCode" sC <- obj .: "shortCode"
tk <- obj .: "token"
pure $ pure $
ZGoOrder ZGoOrder
(if not (null i) (if not (null i)
@ -101,9 +105,10 @@ instance FromJSON ZGoOrder where
pd pd
eI eI
sC sC
tk
instance Val ZGoOrder where instance Val ZGoOrder where
val (ZGoOrder i a s ts c cur p t tZ l pd eI sC) = val (ZGoOrder i a s ts c cur p t tZ l pd eI sC tk) =
if isJust i if isJust i
then Doc then Doc
[ "_id" =: i [ "_id" =: i
@ -119,6 +124,7 @@ instance Val ZGoOrder where
, "paid" =: pd , "paid" =: pd
, "externalInvoice" =: eI , "externalInvoice" =: eI
, "shortCode" =: sC , "shortCode" =: sC
, "token" =: tk
] ]
else Doc else Doc
[ "address" =: a [ "address" =: a
@ -133,6 +139,7 @@ instance Val ZGoOrder where
, "paid" =: pd , "paid" =: pd
, "externalInvoice" =: eI , "externalInvoice" =: eI
, "shortCode" =: sC , "shortCode" =: sC
, "token" =: tk
] ]
cast' (Doc d) = do cast' (Doc d) = do
i <- B.lookup "_id" d i <- B.lookup "_id" d
@ -148,7 +155,8 @@ instance Val ZGoOrder where
pd <- B.lookup "paid" d pd <- B.lookup "paid" d
eI <- B.lookup "externalInvoice" d eI <- B.lookup "externalInvoice" d
sC <- B.lookup "shortCode" d sC <- B.lookup "shortCode" d
Just (ZGoOrder i a s ts c cur p t tZ l pd eI sC) tk <- B.lookup "token" d
Just (ZGoOrder i a s ts c cur p t tZ l pd eI sC tk)
cast' _ = Nothing cast' _ = Nothing
-- Type to represent an order line item -- Type to represent an order line item
@ -224,12 +232,17 @@ updateOrderTotals o =
(qpaid o) (qpaid o)
(qexternalInvoice o) (qexternalInvoice o)
(qshortCode o) (qshortCode o)
(qtoken o)
where where
newTotal :: ZGoOrder -> Double newTotal :: ZGoOrder -> Double
newTotal x = foldr tallyItems 0 (qlines x) newTotal x = foldr tallyItems 0 (qlines x)
tallyItems :: LineItem -> Double -> Double tallyItems :: LineItem -> Double -> Double
tallyItems y z = (lqty y * lcost y) + z tallyItems y z = (lqty y * lcost y) + z
setOrderToken :: T.Text -> ZGoOrder -> ZGoOrder
setOrderToken token (ZGoOrder i a s ts c cur p t tZ l pd eI sC tk) =
ZGoOrder i a s ts c cur p t tZ l pd eI sC token
findOrder :: T.Text -> Action IO (Maybe Document) findOrder :: T.Text -> Action IO (Maybe Document)
findOrder s = findOne (select ["session" =: s, "closed" =: False] "orders") findOrder s = findOne (select ["session" =: s, "closed" =: False] "orders")

View file

@ -12,6 +12,8 @@ import Control.Concurrent (forkIO, threadDelay)
import Control.Exception (try) import Control.Exception (try)
import Control.Monad import Control.Monad
import Control.Monad.IO.Class import Control.Monad.IO.Class
import Crypto.RNG (newCryptoRNGState, runCryptoRNGT)
import Crypto.RNG.Utils (randomString)
import Data.Aeson import Data.Aeson
import Data.Array import Data.Array
import qualified Data.Bson as B import qualified Data.Bson as B
@ -832,6 +834,7 @@ routes pipe config = do
(T.concat (T.concat
[T.pack sUrl, "-", ordId, "-", orderKey]) [T.pack sUrl, "-", ordId, "-", orderKey])
"" ""
""
newId <- liftAndCatchIO $ run (insertWooOrder newOrder) newId <- liftAndCatchIO $ run (insertWooOrder newOrder)
status ok200 status ok200
Web.Scotty.json (object ["order" .= show newId]) Web.Scotty.json (object ["order" .= show newId])
@ -1169,8 +1172,16 @@ routes pipe config = do
Just u -> do Just u -> do
if uaddress u == qaddress q if uaddress u == qaddress q
then do then do
_ <- liftAndCatchIO $ run (upsertOrder q) if qtoken q == ""
status created201 then do
t <- liftIO generateToken
_ <-
liftAndCatchIO $
run (upsertOrder $ setOrderToken (T.pack t) q)
status created201
else do
_ <- liftAndCatchIO $ run (upsertOrder q)
status created201
else status forbidden403 else status forbidden403
--Delete order --Delete order
Web.Scotty.delete "/api/order/:id" $ do Web.Scotty.delete "/api/order/:id" $ do
@ -1585,4 +1596,9 @@ checkUser run s = do
user <- run (findUser s) user <- run (findUser s)
return $ cast' . Doc =<< user return $ cast' . Doc =<< user
generateToken :: IO String
generateToken = do
rngState <- newCryptoRNGState
runCryptoRNGT rngState $ randomString 16 "abcdef0123456789"
debug = flip trace debug = flip trace