diff --git a/controllers/controllers.js b/controllers/controllers.js index e88e26f..26b84d7 100644 --- a/controllers/controllers.js +++ b/controllers/controllers.js @@ -92,7 +92,8 @@ function checkout( subDistrict, postalCode, logistic, - data + data, + key ) { let params = new URLSearchParams({ firstName: firstName, @@ -113,6 +114,9 @@ function checkout( headers: { "Content-Type": "application/x-www-form-urlencoded", }, + params: { + key: key, + } }; return axios .post(HOST + "/checkout", params, conf) diff --git a/routes/api.js b/routes/api.js index 3e4cfda..5a27087 100644 --- a/routes/api.js +++ b/routes/api.js @@ -1,9 +1,12 @@ const express = require("express"); const bcrypt = require("bcrypt"); const randtoken = require("rand-token"); + const router = express.Router(); + const db = require("../modules/db"); const mail = require("../modules/mail"); +const auth = require("../auth/auth"); const saltRounds = 10; @@ -295,75 +298,91 @@ router.get("/verify-mail", async (req, res) => { }); router.post("/checkout", async (req, res) => { - if ( - !req.body.firstName || - !req.body.lastName || - !req.body.phoneNumber || - !req.body.streetAddress1 || - !req.body.streetAddress2 || - !req.body.region || - !req.body.province || - !req.body.city || - !req.body.district || - !req.body.subDistrict || - !req.body.postalCode || - !req.body.logistic || - !req.body.data - ) { - res.status(400); + if (!req.query.key) { + res.status(401); res.json({ - message: "Bad Request", + message: "Unauthorized", }); } else { - const conn = db.connect(); - var data = { - firstName: req.body.firstName, - lastName: req.body.lastName, - phoneNumber: req.body.phoneNumber, - streetAddress1: req.body.streetAddress1, - streetAddress2: req.body.streetAddress2, - region: req.body.region, - province: req.body.province, - city: req.body.city, - district: req.body.district, - subDistrict: req.body.subDistrict, - postalCode: req.body.postalCode, - logistic: req.body.logistic, - paymentMethod: '-', - data: req.body.data, - userId: 14, - paid: '0', - status: 'pending' - }; - conn.query( - "INSERT INTO transactions SET ?", - data, - function (error, response, fields) { - if (error) { + auth.auth_checker(req.query.key).then((status) => { + if (status) { + if ( + !req.body.firstName || + !req.body.lastName || + !req.body.phoneNumber || + !req.body.streetAddress1 || + !req.body.streetAddress2 || + !req.body.region || + !req.body.province || + !req.body.city || + !req.body.district || + !req.body.subDistrict || + !req.body.postalCode || + !req.body.logistic || + !req.body.data + ) { res.status(400); res.json({ message: "Bad Request", }); } else { + const conn = db.connect(); + var data = { + firstName: req.body.firstName, + lastName: req.body.lastName, + phoneNumber: req.body.phoneNumber, + streetAddress1: req.body.streetAddress1, + streetAddress2: req.body.streetAddress2, + region: req.body.region, + province: req.body.province, + city: req.body.city, + district: req.body.district, + subDistrict: req.body.subDistrict, + postalCode: req.body.postalCode, + logistic: req.body.logistic, + paymentMethod: '-', + data: req.body.data, + userId: 14, + paid: '0', + status: 'pending' + }; conn.query( - 'SELECT * FROM transactions WHERE id ="' + response.insertId + '"', - function (err, result) { - if (err) { - res.status(400); - res.json({ - message: "Bad Request", - }); - } else { - res.status(201); - res.json({ - 'order_id': result[0].id, - 'data': result[0].data - }); + "INSERT INTO transactions SET ?", + data, + function (error, response, fields) { + if (error) { + res.status(400); + res.json({ + message: "Bad Request", + }); + } else { + conn.query( + 'SELECT * FROM transactions WHERE id ="' + response.insertId + '"', + function (err, result) { + if (err) { + res.status(400); + res.json({ + message: "Bad Request", + }); + } else { + res.status(201); + res.json({ + 'order_id': result[0].id, + 'data': result[0].data + }); + } + }); + } } - }); + ); } + } else { + res.status(401); + res.json({ + message: "Unauthorized", + }); } - ); + }); } }); diff --git a/routes/index.js b/routes/index.js index 2265e78..e9981f6 100644 --- a/routes/index.js +++ b/routes/index.js @@ -19,7 +19,7 @@ router.get("/", (req, res) => { }); router.route("/register") - .get((_req, res) => { + .get((req, res) => { auth.session_converter(req.cookies.session_token).then((key) => { if (key != null) { res.redirect("/"); @@ -45,7 +45,7 @@ router.route("/register") }); router.route("/login") - .get((_req, res) => { + .get((req, res) => { auth.session_converter(req.cookies.session_token).then((key) => { if (key != null) { res.redirect("/"); @@ -107,38 +107,46 @@ router.route("/checkout") }); }) .post((req, res) => { - controller.checkout( - req.body.firstName, - req.body.lastName, - req.body.phoneNumber, - req.body.streetAddress1, - req.body.streetAddress2, - req.body.region, - req.body.province, - req.body.city, - req.body.district, - req.body.subDistrict, - req.body.postalCode, - req.body.logistic, - req.body.data - ) - .then((data) => { - if (data[0] == 201) { - let total_price = 0; - let state = 0; - let order_data = JSON.parse(data[1].data); - for (let i=0; i { - state++; - total_price += parseInt(resp[0].PRICE * order_data[i].quantity); - if (state == order_data.length) { - res.render("pages/payment", { - orderId: data[1].order_id, - totalPrice: total_price, + auth.session_converter(req.cookies.session_token).then((key) => { + console.log(key); + if (key != null) { + controller.checkout( + req.body.firstName, + req.body.lastName, + req.body.phoneNumber, + req.body.streetAddress1, + req.body.streetAddress2, + req.body.region, + req.body.province, + req.body.city, + req.body.district, + req.body.subDistrict, + req.body.postalCode, + req.body.logistic, + req.body.data, + key + ) + .then((data) => { + if (data[0] == 201) { + let total_price = 0; + let state = 0; + let order_data = JSON.parse(data[1].data); + for (let i=0; i { + state++; + total_price += parseInt(resp[0].PRICE * order_data[i].quantity); + if (state == order_data.length) { + res.render("pages/payment", { + orderId: data[1].order_id, + totalPrice: total_price, + }); + } }); } - }); - } + } + }); + } else { + res.redirect("/login"); } }); });