def post(self, tip_id: int = None):
tip_title = context.form.get('title')
print(tip_id, tip_title)
# Updating the tips title
# TipStore.get(tip_id).update(tip_title)
raise HttpFound('/tips/')
def post(self):
flow = google_auth_oauthlib.flow.Flow.from_client_secrets_file(
client_secret_file,
scopes=[settings.oauth_google_scope],
redirect_uri=settings.redirect_uri_auth)
authorization_url, state = flow.authorization_url(
access_type='offline', include_granted_scopes='true')
raise HttpFound(authorization_url)
def get(self, hash_id):
try:
db_id, = hashids.decode(hash_id)
except ValueError:
raise HttpBadRequest()
url = DBSession.query(Url).filter_by(id=db_id).one_or_none()
if url is None:
raise HttpNotFound()
raise HttpFound(url.url)
def google(self):
raise HttpFound('http://google.com')
def about(self):
raise HttpFound('/new/address')
def post(self, inner_resource: str):
# TODO: Warning: DDOS!
# TODO: Fix these shits!
# TODO: Add some salt to prevent man in the middle (Extra field to send on creation and check on verification,
# Use description part)
if inner_resource == 'pay-irs':
status = context.form.get('status', None)
trans_id = context.form.get('transId', None)
factor_number = context.form.get('factorNumber', None)
_ = context.form.get('description', None)
card_number = context.form.get('cardNumber', None)
trace_number = context.form.get('traceNumber', None)
_ = context.form.get('message', None)
result = 'successful'
if status == 0:
result = 'bad-status'
elif factor_number is None:
result = 'bad-factor-number'
elif trace_number is None:
result = 'bad-trace-number'
else:
target_transaction = Cashin.query \
.filter(Cashin.id == factor_number) \
.filter(Cashin.reference_id.is_(None)) \
.filter(Cashin.transaction_id == trans_id).one_or_none()
if target_transaction is None:
result = 'bad-transaction'
elif card_number[:6] != target_transaction.banking_id.pan.replace('-', '')[:6] or \
card_number[-4:] != target_transaction.banking_id.pan[-4:]:
result = 'bad-card'
else:
payment_gateway = target_transaction.payment_gateway
shaparak_provider = create_shaparak_provider()
try:
amount, _, _ = shaparak_provider.verify_transaction(
target_transaction.transaction_id)
amount = payment_gateway.fiat.input_to_normalized(
str(amount), strict=False)
# TODO: After verification, add a record with error to be possible to follow the problem later
if target_transaction.amount != amount:
result = 'bad-amount'
else:
try:
# Set reference_id
target_transaction.reference_id = trace_number
stexchange_client.balance_update(
user_id=target_transaction.member_id,
asset=target_transaction.payment_gateway.
fiat_symbol, # FIXME
business="cashin", # FIXME
business_id=target_transaction.
id, # FIXME: Think about double payment
change=payment_gateway.fiat.
format_normalized_string(
target_transaction.amount -
target_transaction.commission),
detail=target_transaction.to_dict(),
)
# FIXME: Important !!!! : rollback the updated balance if
# DBSession.commit() was not successful
DBSession.commit()
except StexchangeException as e:
if DBSession.is_active:
DBSession.rollback()
result = 'stexchange-error' + str(
e # FIXME: Delete the exception message for deployment
)
except:
import traceback
traceback.print_exc()
if DBSession.is_active:
DBSession.rollback()
result = 'internal-error'
except ShaparakError:
result = 'not-verified'
raise HttpFound(
f'{settings.shaparak.pay_ir.result_redirect_url}?result={result}'
)
raise HttpMethodNotAllowed()