def add_to_cart(product_id, quantity): cart = Cart.get_current() cart.add_product(product_id, quantity) response = make_response() response.set_cookie('cart', cart.jsonified_data) flash("Add succeeded!", 'success') return response
def remove_from_cart(product_id): cart = Cart.get_current() cart.remove_product(product_id) response = make_response() response.set_cookie('cart', cart.jsonified_data) flash("Remove succeeded!", 'success') return response
def show_cart(): # if request.session.user is None: # return redirect(url_for('home.login', next=request.url)) cart = Cart.get_current() products = cart.products if request.method == 'POST': pass return render_template('sites/shop/cart.html', products=products, cart=cart)
def checkout(): cart = Cart.get_current() oi = cart oi.data['total'] = cart.sum_value oi = oi.jsonified_data merchant_publickey = get_key(CertificateOwner.MERCHANT, CertificateType.MERCHANT)['public_key'] paymentgateway_publickey = get_key(CertificateOwner.GATEWAY, CertificateType.GATEWAY)['public_key'] products = cart.products return render_template('sites/shop/checkout.html', products=products, cart=cart, oi=oi, kum=merchant_publickey, kupg=paymentgateway_publickey)
def password(): data = request.form.to_dict() # Fetch Data k6_encrypted_kum = data.get('k6_encrypted_kum') k6_encrypted_kupg = data.get('k6_encrypted_kupg') iv6 = data.get('iv6') authdata_and_hashed_k6encrypted = data.get('authdata_and_hashed_k6encrypted') pwd_kuisencrypted_and_hashed_k6encrypted = data.get('pwd_kuisencrypted_and_hashed_k6encrypted') bank_name = data.get('bank_name', None) # Decrypt K6 krm = RSA.importKey(get_key(CertificateOwner.MERCHANT, CertificateType.MERCHANT)['private_key']) k6 = merchant_decrypt_k1(k6_encrypted_kum) # Decrypt Authdata authdata_and_hashed = decrypt_aes(k6, iv6, authdata_and_hashed_k6encrypted) authdata = authdata_and_hashed[:-32] hashed = authdata_and_hashed[len(authdata):] # Hash authdata authdata_hashed = SHA256.new(authdata).hexdigest() authdata_hashed = bytes.fromhex(authdata_hashed) if not authdata_hashed == hashed: msg = ErrorMessages.MISMATCH_DIGEST return make_response(json({'status': 'NO', 'message': msg})) # Encrypt AuthData with k7 k7 = Random.get_random_bytes(16) authdata_encrypted_k7 = encrypt_aes(k7, authdata.decode()) # Encrypt K7 with Kupg kupg = RSA.importKey(get_key(CertificateOwner.GATEWAY, CertificateType.GATEWAY)['public_key']) k7_encrypted_kupg = encrypt_rsa(kupg, k7) # Sign authdata_encrypted_k7 with Krm authdata_signature = sign_message(krm, authdata) # Base64 Encode b64_pwd_kuisencrypted_and_hashed_k6encrypted = base64.b64encode(pwd_kuisencrypted_and_hashed_k6encrypted.encode()) b64_k7_encrypted_kupg = base64.b64encode(k7_encrypted_kupg) b64_authdata_signature = base64.b64encode(authdata_signature) b64_authdata_encrypted_k7 = base64.b64encode(authdata_encrypted_k7) b64_k6_encrypted_kupg = base64.b64encode(k6_encrypted_kupg.encode()) b64_iv6 = base64.b64encode(iv6.encode()) gateway_response = requests.post(Api.SEND_GATEWAY_PASSWORD, data={ 'b64_pwd_kuisencrypted_and_hashed_k6encrypted': b64_pwd_kuisencrypted_and_hashed_k6encrypted.decode(), 'b64_k7_encrypted_kupg': b64_k7_encrypted_kupg, 'b64_authdata_signature': b64_authdata_signature, 'b64_authdata_encrypted_k7': b64_authdata_encrypted_k7, 'b64_k6_encrypted_kupg': b64_k6_encrypted_kupg, 'b64_iv6': b64_iv6, 'session_id': request.cookies.get(SESSION_KEY), 'bank_name': bank_name}) if gateway_response.status_code != 200: msg = ErrorMessages.FAILED_CONNECT_GATEWAY return make_response(json({'status': 'NO', 'message': msg})) gateway_response = gateway_response.json()['data'] if gateway_response.get('status') != 'YES': msg = ErrorMessages.TRANSACTION_FAILED return make_response(json({'status': 'NO', 'message': msg})) # Fetch Data b64_payment_response_encrypted = gateway_response.get('b64_payment_response_encrypted') b64_k8_encrypted_kum = gateway_response.get('b64_k8_encrypted_kum') b64_payment_response_signature = gateway_response.get('b64_payment_response_signature') # Decode base64 payment_response_encrypted = base64.b64decode(b64_payment_response_encrypted) k8_encrypted_kum = base64.b64decode(b64_k8_encrypted_kum) payment_response_signature = base64.b64decode(b64_payment_response_signature) # Decrypt K8_KUM k8 = decrypt_rsa(krm, k8_encrypted_kum) # Decrypt payment_response_encrypted payment_response = AESCipher(k8).decrypt(payment_response_encrypted) if verify_rsa(kupg, payment_response, payment_response_signature): if payment_response.decode() == Messages.TRANSACTION_VERIFIED: cart = Cart.get_current() products = cart.products msg = render_template('mail_order.html', products=products, cart=cart) user = request.session.user from app import mail message = Message(subject="Mua Hàng Thành Công", html=msg, sender=("Anh Thu Shop", "*****@*****.**"), recipients=[user.email]) mail.send(message) cart = Cart.get_current() cart.data = {} response = make_response(json( {'status': 'YES', 'payment_response': payment_response.decode(), 'url': url_for('home.index')})) response.set_cookie('cart', cart.jsonified_data) return response elif payment_response.decode() == ErrorMessages.NOT_ENOUGH_MONEY: msg = ErrorMessages.NOT_ENOUGH_MONEY else: msg = ErrorMessages.FAILED_VERIFY_TRANSACTION return make_response(json({'status': 'NO', 'message': msg}))