nekoya/web
nekoya/web
1
0
Fork 0
mirror of https://gitlab.com/nekoya/web.git synced 2025-01-18 15:20:31 +01:00
Code Issues Projects Releases Packages 1 Wiki Activity

Add API authentication

Browse source
This commit is contained in:
Moe Poi ~ 2021-11-21 08:16:15 +07:00
parent 267f1d051a
commit 77372b2a2c
3 changed files with 121 additions and 90 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
controllers/controllers.js
View file

@ -92,7 +92,8 @@ function checkout(
subDistrict, subDistrict,
postalCode, postalCode,
logistic, logistic,
data data,
key
) { ) {
let params = new URLSearchParams({ let params = new URLSearchParams({
firstName: firstName, firstName: firstName,
@ -113,6 +114,9 @@ function checkout(
headers: { headers: {
"Content-Type": "application/x-www-form-urlencoded", "Content-Type": "application/x-www-form-urlencoded",
}, },
params: {
key: key,
}
}; };
return axios return axios
.post(HOST + "/checkout", params, conf) .post(HOST + "/checkout", params, conf)

133
routes/api.js
View file

@ -1,9 +1,12 @@
const express = require("express"); const express = require("express");
const bcrypt = require("bcrypt"); const bcrypt = require("bcrypt");
const randtoken = require("rand-token"); const randtoken = require("rand-token");
const router = express.Router(); const router = express.Router();
const db = require("../modules/db"); const db = require("../modules/db");
const mail = require("../modules/mail"); const mail = require("../modules/mail");
const auth = require("../auth/auth");
const saltRounds = 10; const saltRounds = 10;
@ -295,75 +298,91 @@ router.get("/verify-mail", async (req, res) => {
}); });
router.post("/checkout", async (req, res) => { router.post("/checkout", async (req, res) => {
if ( if (!req.query.key) {
!req.body.firstName || res.status(401);
!req.body.lastName ||
!req.body.phoneNumber ||
!req.body.streetAddress1 ||
!req.body.streetAddress2 ||
!req.body.region ||
!req.body.province ||
!req.body.city ||
!req.body.district ||
!req.body.subDistrict ||
!req.body.postalCode ||
!req.body.logistic ||
!req.body.data
) {
res.status(400);
res.json({ res.json({
message: "Bad Request", message: "Unauthorized",
}); });
} else { } else {
const conn = db.connect(); auth.auth_checker(req.query.key).then((status) => {
var data = { if (status) {
firstName: req.body.firstName, if (
lastName: req.body.lastName, !req.body.firstName ||
phoneNumber: req.body.phoneNumber, !req.body.lastName ||
streetAddress1: req.body.streetAddress1, !req.body.phoneNumber ||
streetAddress2: req.body.streetAddress2, !req.body.streetAddress1 ||
region: req.body.region, !req.body.streetAddress2 ||
province: req.body.province, !req.body.region ||
city: req.body.city, !req.body.province ||
district: req.body.district, !req.body.city ||
subDistrict: req.body.subDistrict, !req.body.district ||
postalCode: req.body.postalCode, !req.body.subDistrict ||
logistic: req.body.logistic, !req.body.postalCode ||
paymentMethod: '-', !req.body.logistic ||
data: req.body.data, !req.body.data
userId: 14, ) {
paid: '0',
status: 'pending'
};
conn.query(
"INSERT INTO transactions SET ?",
data,
function (error, response, fields) {
if (error) {
res.status(400); res.status(400);
res.json({ res.json({
message: "Bad Request", message: "Bad Request",
}); });
} else { } else {
const conn = db.connect();
var data = {
firstName: req.body.firstName,
lastName: req.body.lastName,
phoneNumber: req.body.phoneNumber,
streetAddress1: req.body.streetAddress1,
streetAddress2: req.body.streetAddress2,
region: req.body.region,
province: req.body.province,
city: req.body.city,
district: req.body.district,
subDistrict: req.body.subDistrict,
postalCode: req.body.postalCode,
logistic: req.body.logistic,
paymentMethod: '-',
data: req.body.data,
userId: 14,
paid: '0',
status: 'pending'
};
conn.query( conn.query(
'SELECT * FROM transactions WHERE id ="' + response.insertId + '"', "INSERT INTO transactions SET ?",
function (err, result) { data,
if (err) { function (error, response, fields) {
res.status(400); if (error) {
res.json({ res.status(400);
message: "Bad Request", res.json({
}); message: "Bad Request",
} else { });
res.status(201); } else {
res.json({ conn.query(
'order_id': result[0].id, 'SELECT * FROM transactions WHERE id ="' + response.insertId + '"',
'data': result[0].data function (err, result) {
}); if (err) {
res.status(400);
res.json({
message: "Bad Request",
});
} else {
res.status(201);
res.json({
'order_id': result[0].id,
'data': result[0].data
});
}
});
}
} }
}); );
} }
} else {
res.status(401);
res.json({
message: "Unauthorized",
});
} }
); });
} }
}); });

72
routes/index.js
View file

@ -19,7 +19,7 @@ router.get("/", (req, res) => {
}); });
router.route("/register") router.route("/register")
.get((_req, res) => { .get((req, res) => {
auth.session_converter(req.cookies.session_token).then((key) => { auth.session_converter(req.cookies.session_token).then((key) => {
if (key != null) { if (key != null) {
res.redirect("/"); res.redirect("/");
@ -45,7 +45,7 @@ router.route("/register")
}); });
router.route("/login") router.route("/login")
.get((_req, res) => { .get((req, res) => {
auth.session_converter(req.cookies.session_token).then((key) => { auth.session_converter(req.cookies.session_token).then((key) => {
if (key != null) { if (key != null) {
res.redirect("/"); res.redirect("/");
@ -107,38 +107,46 @@ router.route("/checkout")
}); });
}) })
.post((req, res) => { .post((req, res) => {
controller.checkout( auth.session_converter(req.cookies.session_token).then((key) => {
req.body.firstName, console.log(key);
req.body.lastName, if (key != null) {
req.body.phoneNumber, controller.checkout(
req.body.streetAddress1, req.body.firstName,
req.body.streetAddress2, req.body.lastName,
req.body.region, req.body.phoneNumber,
req.body.province, req.body.streetAddress1,
req.body.city, req.body.streetAddress2,
req.body.district, req.body.region,
req.body.subDistrict, req.body.province,
req.body.postalCode, req.body.city,
req.body.logistic, req.body.district,
req.body.data req.body.subDistrict,
) req.body.postalCode,
.then((data) => { req.body.logistic,
if (data[0] == 201) { req.body.data,
let total_price = 0; key
let state = 0; )
let order_data = JSON.parse(data[1].data); .then((data) => {
for (let i=0; i<order_data.length; i++) { if (data[0] == 201) {
controller.getProduct(order_data[i].product_id).then((resp) => { let total_price = 0;
state++; let state = 0;
total_price += parseInt(resp[0].PRICE * order_data[i].quantity); let order_data = JSON.parse(data[1].data);
if (state == order_data.length) { for (let i=0; i<order_data.length; i++) {
res.render("pages/payment", { controller.getProduct(order_data[i].product_id).then((resp) => {
orderId: data[1].order_id, state++;
totalPrice: total_price, total_price += parseInt(resp[0].PRICE * order_data[i].quantity);
if (state == order_data.length) {
res.render("pages/payment", {
orderId: data[1].order_id,
totalPrice: total_price,
});
}
}); });
} }
}); }
} });
} else {
res.redirect("/login");
} }
}); });
}); });