def add_to_cart(product_id, quantity):
cart = Cart.get_current()
cart.add_product(product_id, quantity)
response = make_response()
response.set_cookie('cart', cart.jsonified_data)
flash("Add succeeded!", 'success')
return response
def remove_from_cart(product_id):
cart = Cart.get_current()
cart.remove_product(product_id)
response = make_response()
response.set_cookie('cart', cart.jsonified_data)
flash("Remove succeeded!", 'success')
return response
def show_cart():
# if request.session.user is None:
# return redirect(url_for('home.login', next=request.url))
cart = Cart.get_current()
products = cart.products
if request.method == 'POST':
pass
return render_template('sites/shop/cart.html', products=products, cart=cart)
def checkout():
cart = Cart.get_current()
oi = cart
oi.data['total'] = cart.sum_value
oi = oi.jsonified_data
merchant_publickey = get_key(CertificateOwner.MERCHANT, CertificateType.MERCHANT)['public_key']
paymentgateway_publickey = get_key(CertificateOwner.GATEWAY, CertificateType.GATEWAY)['public_key']
products = cart.products
return render_template('sites/shop/checkout.html', products=products, cart=cart, oi=oi, kum=merchant_publickey, kupg=paymentgateway_publickey)
def password():
data = request.form.to_dict()
# Fetch Data
k6_encrypted_kum = data.get('k6_encrypted_kum')
k6_encrypted_kupg = data.get('k6_encrypted_kupg')
iv6 = data.get('iv6')
authdata_and_hashed_k6encrypted = data.get('authdata_and_hashed_k6encrypted')
pwd_kuisencrypted_and_hashed_k6encrypted = data.get('pwd_kuisencrypted_and_hashed_k6encrypted')
bank_name = data.get('bank_name', None)
# Decrypt K6
krm = RSA.importKey(get_key(CertificateOwner.MERCHANT, CertificateType.MERCHANT)['private_key'])
k6 = merchant_decrypt_k1(k6_encrypted_kum)
# Decrypt Authdata
authdata_and_hashed = decrypt_aes(k6, iv6, authdata_and_hashed_k6encrypted)
authdata = authdata_and_hashed[:-32]
hashed = authdata_and_hashed[len(authdata):]
# Hash authdata
authdata_hashed = SHA256.new(authdata).hexdigest()
authdata_hashed = bytes.fromhex(authdata_hashed)
if not authdata_hashed == hashed:
msg = ErrorMessages.MISMATCH_DIGEST
return make_response(json({'status': 'NO', 'message': msg}))
# Encrypt AuthData with k7
k7 = Random.get_random_bytes(16)
authdata_encrypted_k7 = encrypt_aes(k7, authdata.decode())
# Encrypt K7 with Kupg
kupg = RSA.importKey(get_key(CertificateOwner.GATEWAY, CertificateType.GATEWAY)['public_key'])
k7_encrypted_kupg = encrypt_rsa(kupg, k7)
# Sign authdata_encrypted_k7 with Krm
authdata_signature = sign_message(krm, authdata)
# Base64 Encode
b64_pwd_kuisencrypted_and_hashed_k6encrypted = base64.b64encode(pwd_kuisencrypted_and_hashed_k6encrypted.encode())
b64_k7_encrypted_kupg = base64.b64encode(k7_encrypted_kupg)
b64_authdata_signature = base64.b64encode(authdata_signature)
b64_authdata_encrypted_k7 = base64.b64encode(authdata_encrypted_k7)
b64_k6_encrypted_kupg = base64.b64encode(k6_encrypted_kupg.encode())
b64_iv6 = base64.b64encode(iv6.encode())
gateway_response = requests.post(Api.SEND_GATEWAY_PASSWORD,
data={
'b64_pwd_kuisencrypted_and_hashed_k6encrypted': b64_pwd_kuisencrypted_and_hashed_k6encrypted.decode(),
'b64_k7_encrypted_kupg': b64_k7_encrypted_kupg,
'b64_authdata_signature': b64_authdata_signature,
'b64_authdata_encrypted_k7': b64_authdata_encrypted_k7,
'b64_k6_encrypted_kupg': b64_k6_encrypted_kupg,
'b64_iv6': b64_iv6,
'session_id': request.cookies.get(SESSION_KEY),
'bank_name': bank_name})
if gateway_response.status_code != 200:
msg = ErrorMessages.FAILED_CONNECT_GATEWAY
return make_response(json({'status': 'NO', 'message': msg}))
gateway_response = gateway_response.json()['data']
if gateway_response.get('status') != 'YES':
msg = ErrorMessages.TRANSACTION_FAILED
return make_response(json({'status': 'NO', 'message': msg}))
# Fetch Data
b64_payment_response_encrypted = gateway_response.get('b64_payment_response_encrypted')
b64_k8_encrypted_kum = gateway_response.get('b64_k8_encrypted_kum')
b64_payment_response_signature = gateway_response.get('b64_payment_response_signature')
# Decode base64
payment_response_encrypted = base64.b64decode(b64_payment_response_encrypted)
k8_encrypted_kum = base64.b64decode(b64_k8_encrypted_kum)
payment_response_signature = base64.b64decode(b64_payment_response_signature)
# Decrypt K8_KUM
k8 = decrypt_rsa(krm, k8_encrypted_kum)
# Decrypt payment_response_encrypted
payment_response = AESCipher(k8).decrypt(payment_response_encrypted)
if verify_rsa(kupg, payment_response, payment_response_signature):
if payment_response.decode() == Messages.TRANSACTION_VERIFIED:
cart = Cart.get_current()
products = cart.products
msg = render_template('mail_order.html', products=products, cart=cart)
user = request.session.user
from app import mail
message = Message(subject="Mua Hàng Thành Công",
html=msg,
sender=("Anh Thu Shop", "*****@*****.**"),
recipients=[user.email])
mail.send(message)
cart = Cart.get_current()
cart.data = {}
response = make_response(json(
{'status': 'YES', 'payment_response': payment_response.decode(), 'url': url_for('home.index')}))
response.set_cookie('cart', cart.jsonified_data)
return response
elif payment_response.decode() == ErrorMessages.NOT_ENOUGH_MONEY:
msg = ErrorMessages.NOT_ENOUGH_MONEY
else:
msg = ErrorMessages.FAILED_VERIFY_TRANSACTION
return make_response(json({'status': 'NO', 'message': msg}))
