From a9d1f8e9eedfcfbdd5d0c64195fa081891752f92 Mon Sep 17 00:00:00 2001
From: moepoi <moepoi@protonmail.com>
Date: Sun, 21 Nov 2021 11:25:28 +0700
Subject: [PATCH] Fix checkout API

---
 routes/api.js | 89 +++++++++++++++++++++++++++++----------------------
 1 file changed, 51 insertions(+), 38 deletions(-)

diff --git a/routes/api.js b/routes/api.js
index dddf284..a39fd29 100644
--- a/routes/api.js
+++ b/routes/api.js
@@ -327,51 +327,64 @@ router.post("/checkout", async (req, res) => {
                     });
                 } else {
                     const conn = db.connect();
-                    var data = {
-                        firstName: req.body.firstName,
-                        lastName: req.body.lastName,
-                        phoneNumber: req.body.phoneNumber,
-                        streetAddress1: req.body.streetAddress1,
-                        streetAddress2: req.body.streetAddress2,
-                        region: req.body.region,
-                        province: req.body.province,
-                        city: req.body.city,
-                        district: req.body.district,
-                        subDistrict: req.body.subDistrict,
-                        postalCode: req.body.postalCode,
-                        logistic: req.body.logistic,
-                        paymentMethod: '-',
-                        data: req.body.data,
-                        userId: 14,
-                        paid: '0',
-                        status: 'pending'
-                    };
                     conn.query(
-                        "INSERT INTO transactions SET ?",
-                        data,
-                        function (error, response, fields) {
+                        "SELECT * FROM users WHERE token = ?",
+                        [req.query.key],
+                        async function (error, resp, fields) {
                             if (error) {
-                                res.status(400);
+                                res.status(401);
                                 res.json({
-                                    message: "Bad Request",
+                                    message: "Unauthorized",
                                 });
                             } else {
+                                var data = {
+                                    firstName: req.body.firstName,
+                                    lastName: req.body.lastName,
+                                    phoneNumber: req.body.phoneNumber,
+                                    streetAddress1: req.body.streetAddress1,
+                                    streetAddress2: req.body.streetAddress2,
+                                    region: req.body.region,
+                                    province: req.body.province,
+                                    city: req.body.city,
+                                    district: req.body.district,
+                                    subDistrict: req.body.subDistrict,
+                                    postalCode: req.body.postalCode,
+                                    logistic: req.body.logistic,
+                                    paymentMethod: '-',
+                                    data: req.body.data,
+                                    userId: resp[0].id,
+                                    paid: '0',
+                                    status: 'pending'
+                                };
                                 conn.query(
-                                'SELECT * FROM transactions WHERE id ="' + response.insertId + '"',
-                                function (err, result) {
-                                    if (err) {
-                                        res.status(400);
-                                        res.json({
-                                            message: "Bad Request",
-                                        });
-                                    } else {
-                                        res.status(201);
-                                        res.json({
-                                            'order_id': result[0].id,
-                                            'data': result[0].data
-                                        });
+                                    "INSERT INTO transactions SET ?",
+                                    data,
+                                    function (error, response, fields) {
+                                        if (error) {
+                                            res.status(400);
+                                            res.json({
+                                                message: "Bad Request",
+                                            });
+                                        } else {
+                                            conn.query(
+                                            'SELECT * FROM transactions WHERE id ="' + response.insertId + '"',
+                                            function (err, result) {
+                                                if (err) {
+                                                    res.status(400);
+                                                    res.json({
+                                                        message: "Bad Request",
+                                                    });
+                                                } else {
+                                                    res.status(201);
+                                                    res.json({
+                                                        'order_id': result[0].id,
+                                                        'data': result[0].data
+                                                    });
+                                                }
+                                            });
+                                        }
                                     }
-                                });
+                                );
                             }
                         }
                     );