From ac8fad37c5b35befab6f2a530e23757677171b92 Mon Sep 17 00:00:00 2001 From: Peyton Duncan Date: Sat, 16 Mar 2024 17:26:18 -0700 Subject: [PATCH 1/4] Renamed `payload` to `user_jwt` --- routes/admin.py | 4 ++-- routes/api.py | 12 ++++++------ routes/infra.py | 16 ++++++++-------- routes/stripe.py | 32 +++++++++++++++----------------- routes/wallet.py | 4 ++-- 5 files changed, 33 insertions(+), 35 deletions(-) diff --git a/routes/admin.py b/routes/admin.py index 0bbced6..7b65652 100644 --- a/routes/admin.py +++ b/routes/admin.py @@ -187,7 +187,7 @@ async def admin_post_discord_message( request: Request, token: Optional[str] = Cookie(None), member_id: Optional[str] = "FAIL", - payload: dict = Body(None), + user_jwt: dict = Body(None), ): """ API endpoint that gets a specific user's data as JSON @@ -202,7 +202,7 @@ async def admin_post_discord_message( if not data: return Errors.generate(request, 404, "User Not Found") - message_text = payload.get("msg") + message_text = user_jwt.get("msg") res = Discord.send_message(data.get("discord_id"), message_text) diff --git a/routes/api.py b/routes/api.py index 70b4e78..95faedb 100644 --- a/routes/api.py +++ b/routes/api.py @@ -60,7 +60,7 @@ async def get_form(num: str): async def get_form_html( request: Request, token: Optional[str] = Cookie(None), - payload: Optional[object] = {}, + user_jwt: Optional[object] = {}, num: str = 1, ): # AWS dependencies @@ -71,7 +71,7 @@ async def get_form_html( data = Options.get_form_body(num) # Get data from DynamoDB - user_data = table.get_item(Key={"id": payload.get("id")}).get("Item", None) + user_data = table.get_item(Key={"id": user_jwt.get("id")}).get("Item", None) # Have Kennelish parse the data. body = Kennelish.parse(data, user_data) @@ -89,7 +89,7 @@ async def get_form_html( async def post_form( request: Request, token: Optional[str] = Cookie(None), - payload: Optional[object] = {}, + user_jwt: Optional[object] = {}, num: str = 1, ): # Get Kennelish data @@ -143,7 +143,7 @@ async def post_form( # Push data back to DynamoDB try: table.update_item( - Key={"id": payload.get("id")}, + Key={"id": user_jwt.get("id")}, UpdateExpression=update_expression, ExpressionAttributeValues=expression_attribute_values, ) @@ -164,7 +164,7 @@ async def post_form( # Create dictionary table.update_item( - Key={"id": payload.get("id")}, + Key={"id": user_jwt.get("id")}, # key_to_make is not user-supplied, rather, it's from the form JSON. # if this noSQLi's, then it's because of an insider threat. UpdateExpression=f"SET {key_to_make} = :dicty", @@ -173,7 +173,7 @@ async def post_form( # After all dicts are a thing, re-run query. table.update_item( - Key={"id": payload.get("id")}, + Key={"id": user_jwt.get("id")}, UpdateExpression=update_expression, ExpressionAttributeValues=expression_attribute_values, ) diff --git a/routes/infra.py b/routes/infra.py index ad329dc..54eef97 100644 --- a/routes/infra.py +++ b/routes/infra.py @@ -192,19 +192,19 @@ async def get_root(): async def get_provision( request: Request, token: Optional[str] = Cookie(None), - payload: Optional[object] = {}, + user_jwt: Optional[object] = {}, ): conn = openstack.connect(cloud="hackucf_infra") # Get single user - user = conn.identity.find_user(payload.get("infra_email")) + user = conn.identity.find_user(user_jwt.get("infra_email")) # Get project project = conn.identity.get_project(user.default_project_id) # Provision everything asyncio.create_task( - create_resource(project, payload.get("discord_id")) + create_resource(project, user_jwt.get("discord_id")) ) # runs teardown async return {"msg": "Queued."} @@ -231,7 +231,7 @@ async def get_teardown(request: Request, token: Optional[str] = Cookie(None)): async def get_options( request: Request, token: Optional[str] = Cookie(None), - payload: Optional[object] = {}, + user_jwt: Optional[object] = {}, ): return get_shitty_database() @@ -268,11 +268,11 @@ async def set_options( async def get_infra( request: Request, token: Optional[str] = Cookie(None), - payload: Optional[object] = {}, + user_jwt: Optional[object] = {}, ): - member_id = payload.get("id") + member_id = user_jwt.get("id") - if not (payload.get("is_full_member") or payload.get("infra_email")): + if not (user_jwt.get("is_full_member") or user_jwt.get("infra_email")): return Errors.generate( request, 403, "This API endpoint is restricted to Dues-Paying Members." ) @@ -330,7 +330,7 @@ async def get_infra( async def download_file( request: Request, token: Optional[str] = Cookie(None), - payload: Optional[object] = {}, + user_jwt: Optional[object] = {}, ): # Replace 'path/to/your/file.txt' with the actual path to your file file_path = "./HackUCF.ovpn" diff --git a/routes/stripe.py b/routes/stripe.py index ef05969..e6843ee 100644 --- a/routes/stripe.py +++ b/routes/stripe.py @@ -15,11 +15,15 @@ options = Options.fetch() templates = Jinja2Templates(directory="templates") +import logging +logger = logging.getLogger(__name__) + router = APIRouter(prefix="/pay", tags=["API"], responses=Errors.basic_http()) # Set Stripe API key. stripe.api_key = options.get("stripe").get("api_key") + """ Get API information. """ @@ -30,14 +34,14 @@ async def get_root( request: Request, token: Optional[str] = Cookie(None), - payload: Optional[object] = {}, + user_jwt: Optional[object] = {}, ): # AWS dependencies dynamodb = boto3.resource("dynamodb") table = dynamodb.Table(options.get("aws").get("dynamodb").get("table")) # Get data from DynamoDB - user_data = table.get_item(Key={"id": payload.get("id")}).get("Item", None) + user_data = table.get_item(Key={"id": user_jwt.get("id")}).get("Item", None) did_pay_dues = user_data.get("did_pay_dues", False) @@ -47,9 +51,9 @@ async def get_root( "pay.html", { "request": request, - "icon": payload["pfp"], - "name": payload["name"], - "id": payload["id"], + "icon": user_jwt["pfp"], + "name": user_jwt["name"], + "id": user_jwt["id"], "did_pay_dues": did_pay_dues, "is_nid": is_nid, }, @@ -61,14 +65,14 @@ async def get_root( async def create_checkout_session( request: Request, token: Optional[str] = Cookie(None), - payload: Optional[object] = {}, + user_jwt: Optional[object] = {}, ): # AWS dependencies dynamodb = boto3.resource("dynamodb") table = dynamodb.Table(options.get("aws").get("dynamodb").get("table")) # Get data from DynamoDB - user_data = table.get_item(Key={"id": payload.get("id")}).get("Item", None) + user_data = table.get_item(Key={"id": user_jwt.get("id")}).get("Item", None) try: stripe_email = user_data.get("email") @@ -102,39 +106,33 @@ async def webhook(request: Request): event = stripe.Webhook.construct_event(payload, sig_header, endpoint_secret) except ValueError as e: # Invalid payload - print(e) + logger.error("Malformed Stripe Payload", e) return HTTPException(status_code=400, detail="Malformed payload.") except stripe.error.SignatureVerificationError as e: # Invalid signature - print(e) + logger.error("Malformed Stripe Payload", e) return HTTPException(status_code=400, detail="Malformed payload.") - # Handle the checkout.session.completed event + # Event Handling if event["type"] == "checkout.session.completed": - session = event["data"]["object"] # Retrieve the session. If you require line items in the response, you may include them by expanding line_items. + session = event["data"]["object"] if session.payment_status == "paid": # Mark as paid. pay_dues(session) - print(session) - elif event["type"] == "checkout.session.async_payment_succeeded": session = event["data"]["object"] pay_dues(session) # Passed signature verification return HTTPException(status_code=200, detail="Success.") - # print(await request.json()) - # return "yeet" def pay_dues(session): customer_email = session.get("customer_email") - print(customer_email) - # AWS dependencies dynamodb = boto3.resource("dynamodb") table = dynamodb.Table(options.get("aws").get("dynamodb").get("table")) diff --git a/routes/wallet.py b/routes/wallet.py index 5d8db8c..05d32df 100644 --- a/routes/wallet.py +++ b/routes/wallet.py @@ -237,13 +237,13 @@ async def get_root(): async def aapl_gen( request: Request, token: Optional[str] = Cookie(None), - payload: Optional[object] = {}, + user_jwt: Optional[object] = {}, ): dynamodb = boto3.resource("dynamodb") table = dynamodb.Table(options.get("aws").get("dynamodb").get("table")) # Get data from DynamoDB - user_data = table.get_item(Key={"id": payload.get("id")}).get("Item", None) + user_data = table.get_item(Key={"id": user_jwt.get("id")}).get("Item", None) p = apple_wallet(user_data) From f668a0a7f194815762ba40df8ce7082c0f77d372 Mon Sep 17 00:00:00 2001 From: Peyton Duncan Date: Sat, 16 Mar 2024 17:28:54 -0700 Subject: [PATCH 2/4] Logging progress from a diff pr --- routes/stripe.py | 3 --- 1 file changed, 3 deletions(-) diff --git a/routes/stripe.py b/routes/stripe.py index e6843ee..73675b8 100644 --- a/routes/stripe.py +++ b/routes/stripe.py @@ -15,9 +15,6 @@ options = Options.fetch() templates = Jinja2Templates(directory="templates") -import logging -logger = logging.getLogger(__name__) - router = APIRouter(prefix="/pay", tags=["API"], responses=Errors.basic_http()) # Set Stripe API key. From d8a27a22af3e0d4d4eed66401139e6115b7eae6e Mon Sep 17 00:00:00 2001 From: Peyton Duncan Date: Sat, 16 Mar 2024 17:31:55 -0700 Subject: [PATCH 3/4] Reverting changes from other PR --- routes/stripe.py | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/routes/stripe.py b/routes/stripe.py index 73675b8..dbd320c 100644 --- a/routes/stripe.py +++ b/routes/stripe.py @@ -20,7 +20,6 @@ # Set Stripe API key. stripe.api_key = options.get("stripe").get("api_key") - """ Get API information. """ @@ -103,33 +102,39 @@ async def webhook(request: Request): event = stripe.Webhook.construct_event(payload, sig_header, endpoint_secret) except ValueError as e: # Invalid payload - logger.error("Malformed Stripe Payload", e) + print(e) return HTTPException(status_code=400, detail="Malformed payload.") except stripe.error.SignatureVerificationError as e: # Invalid signature - logger.error("Malformed Stripe Payload", e) + print(e) return HTTPException(status_code=400, detail="Malformed payload.") - # Event Handling + # Handle the checkout.session.completed event if event["type"] == "checkout.session.completed": - # Retrieve the session. If you require line items in the response, you may include them by expanding line_items. session = event["data"]["object"] + # Retrieve the session. If you require line items in the response, you may include them by expanding line_items. if session.payment_status == "paid": # Mark as paid. pay_dues(session) + print(session) + elif event["type"] == "checkout.session.async_payment_succeeded": session = event["data"]["object"] pay_dues(session) # Passed signature verification return HTTPException(status_code=200, detail="Success.") + # print(await request.json()) + # return "yeet" def pay_dues(session): customer_email = session.get("customer_email") + print(customer_email) + # AWS dependencies dynamodb = boto3.resource("dynamodb") table = dynamodb.Table(options.get("aws").get("dynamodb").get("table")) From 887007f5560fcb2d4313e48e14cd3f0c08c9aa2e Mon Sep 17 00:00:00 2001 From: Peyton Duncan Date: Sat, 16 Mar 2024 17:32:53 -0700 Subject: [PATCH 4/4] Undoing progres from another commit - git is confusing for reverts --- routes/stripe.py | 11 +++-------- 1 file changed, 3 insertions(+), 8 deletions(-) diff --git a/routes/stripe.py b/routes/stripe.py index dbd320c..456df99 100644 --- a/routes/stripe.py +++ b/routes/stripe.py @@ -20,6 +20,7 @@ # Set Stripe API key. stripe.api_key = options.get("stripe").get("api_key") + """ Get API information. """ @@ -109,32 +110,26 @@ async def webhook(request: Request): print(e) return HTTPException(status_code=400, detail="Malformed payload.") - # Handle the checkout.session.completed event + # Event Handling if event["type"] == "checkout.session.completed": - session = event["data"]["object"] # Retrieve the session. If you require line items in the response, you may include them by expanding line_items. + session = event["data"]["object"] if session.payment_status == "paid": # Mark as paid. pay_dues(session) - print(session) - elif event["type"] == "checkout.session.async_payment_succeeded": session = event["data"]["object"] pay_dues(session) # Passed signature verification return HTTPException(status_code=200, detail="Success.") - # print(await request.json()) - # return "yeet" def pay_dues(session): customer_email = session.get("customer_email") - print(customer_email) - # AWS dependencies dynamodb = boto3.resource("dynamodb") table = dynamodb.Table(options.get("aws").get("dynamodb").get("table"))