nekoya/web
nekoya/web
1
0
Fork 0
mirror of https://gitlab.com/nekoya/web.git synced 2025-01-03 17:52:24 +01:00
Code Issues Projects Releases Packages 1 Wiki Activity

Add API authentication

Browse source
This commit is contained in:
Moe Poi ~ 2021-11-21 08:16:15 +07:00
parent 267f1d051a
commit 77372b2a2c
3 changed files with 121 additions and 90 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
controllers/controllers.js
View file

@ -92,7 +92,8 @@ function checkout(
subDistrict,
postalCode,
logistic,
data
data,
key
) {
let params = new URLSearchParams({
firstName: firstName,
@ -113,6 +114,9 @@ function checkout(
headers: {
"Content-Type": "application/x-www-form-urlencoded",
},
params: {
key: key,
}
};
return axios
.post(HOST + "/checkout", params, conf)

133
routes/api.js
View file

@ -1,9 +1,12 @@
const express = require("express");
const bcrypt = require("bcrypt");
const randtoken = require("rand-token");
const router = express.Router();
const db = require("../modules/db");
const mail = require("../modules/mail");
const auth = require("../auth/auth");
const saltRounds = 10;
@ -295,75 +298,91 @@ router.get("/verify-mail", async (req, res) => {
});
router.post("/checkout", async (req, res) => {
if (
!req.body.firstName ||
!req.body.lastName ||
!req.body.phoneNumber ||
!req.body.streetAddress1 ||
!req.body.streetAddress2 ||
!req.body.region ||
!req.body.province ||
!req.body.city ||
!req.body.district ||
!req.body.subDistrict ||
!req.body.postalCode ||
!req.body.logistic ||
!req.body.data
) {
res.status(400);
if (!req.query.key) {
res.status(401);
res.json({
message: "Bad Request",
message: "Unauthorized",
});
} else {
const conn = db.connect();
var data = {
firstName: req.body.firstName,
lastName: req.body.lastName,
phoneNumber: req.body.phoneNumber,
streetAddress1: req.body.streetAddress1,
streetAddress2: req.body.streetAddress2,
region: req.body.region,
province: req.body.province,
city: req.body.city,
district: req.body.district,
subDistrict: req.body.subDistrict,
postalCode: req.body.postalCode,
logistic: req.body.logistic,
paymentMethod: '-',
data: req.body.data,
userId: 14,
paid: '0',
status: 'pending'
};
conn.query(
"INSERT INTO transactions SET ?",
data,
function (error, response, fields) {
if (error) {
auth.auth_checker(req.query.key).then((status) => {
if (status) {
if (
!req.body.firstName ||
!req.body.lastName ||
!req.body.phoneNumber ||
!req.body.streetAddress1 ||
!req.body.streetAddress2 ||
!req.body.region ||
!req.body.province ||
!req.body.city ||
!req.body.district ||
!req.body.subDistrict ||
!req.body.postalCode ||
!req.body.logistic ||
!req.body.data
) {
res.status(400);
res.json({
message: "Bad Request",
});
} else {
const conn = db.connect();
var data = {
firstName: req.body.firstName,
lastName: req.body.lastName,
phoneNumber: req.body.phoneNumber,
streetAddress1: req.body.streetAddress1,
streetAddress2: req.body.streetAddress2,
region: req.body.region,
province: req.body.province,
city: req.body.city,
district: req.body.district,
subDistrict: req.body.subDistrict,
postalCode: req.body.postalCode,
logistic: req.body.logistic,
paymentMethod: '-',
data: req.body.data,
userId: 14,
paid: '0',
status: 'pending'
};
conn.query(
'SELECT * FROM transactions WHERE id ="' + response.insertId + '"',
function (err, result) {
if (err) {
res.status(400);
res.json({
message: "Bad Request",
});
} else {
res.status(201);
res.json({
'order_id': result[0].id,
'data': result[0].data
});
"INSERT INTO transactions SET ?",
data,
function (error, response, fields) {
if (error) {
res.status(400);
res.json({
message: "Bad Request",
});
} else {
conn.query(
'SELECT * FROM transactions WHERE id ="' + response.insertId + '"',
function (err, result) {
if (err) {
res.status(400);
res.json({
message: "Bad Request",
});
} else {
res.status(201);
res.json({
'order_id': result[0].id,
'data': result[0].data
});
}
});
}
}
});
);
}
} else {
res.status(401);
res.json({
message: "Unauthorized",
});
}
);
});
}
});

72
routes/index.js
View file

@ -19,7 +19,7 @@ router.get("/", (req, res) => {
});
router.route("/register")
.get((_req, res) => {
.get((req, res) => {
auth.session_converter(req.cookies.session_token).then((key) => {
if (key != null) {
res.redirect("/");
@ -45,7 +45,7 @@ router.route("/register")
});
router.route("/login")
.get((_req, res) => {
.get((req, res) => {
auth.session_converter(req.cookies.session_token).then((key) => {
if (key != null) {
res.redirect("/");
@ -107,38 +107,46 @@ router.route("/checkout")
});
})
.post((req, res) => {
controller.checkout(
req.body.firstName,
req.body.lastName,
req.body.phoneNumber,
req.body.streetAddress1,
req.body.streetAddress2,
req.body.region,
req.body.province,
req.body.city,
req.body.district,
req.body.subDistrict,
req.body.postalCode,
req.body.logistic,
req.body.data
)
.then((data) => {
if (data[0] == 201) {
let total_price = 0;
let state = 0;
let order_data = JSON.parse(data[1].data);
for (let i=0; i<order_data.length; i++) {
controller.getProduct(order_data[i].product_id).then((resp) => {
state++;
total_price += parseInt(resp[0].PRICE * order_data[i].quantity);
if (state == order_data.length) {
res.render("pages/payment", {
orderId: data[1].order_id,
totalPrice: total_price,
auth.session_converter(req.cookies.session_token).then((key) => {
console.log(key);
if (key != null) {
controller.checkout(
req.body.firstName,
req.body.lastName,
req.body.phoneNumber,
req.body.streetAddress1,
req.body.streetAddress2,
req.body.region,
req.body.province,
req.body.city,
req.body.district,
req.body.subDistrict,
req.body.postalCode,
req.body.logistic,
req.body.data,
key
)
.then((data) => {
if (data[0] == 201) {
let total_price = 0;
let state = 0;
let order_data = JSON.parse(data[1].data);
for (let i=0; i<order_data.length; i++) {
controller.getProduct(order_data[i].product_id).then((resp) => {
state++;
total_price += parseInt(resp[0].PRICE * order_data[i].quantity);
if (state == order_data.length) {
res.render("pages/payment", {
orderId: data[1].order_id,
totalPrice: total_price,
});
}
});
}
});
}
}
});
} else {
res.redirect("/login");
}
});
});