diff options
author | MS <ms@taler.net> | 2020-07-16 18:52:42 +0200 |
---|---|---|
committer | MS <ms@taler.net> | 2020-07-16 18:52:42 +0200 |
commit | 866f3294024534ea6cadc37a0c5f28bef05d3d56 (patch) | |
tree | dc40dce3a59d2cd300940ce7e55190d38a4182e1 /talerblog | |
parent | 0af88f048419ea32a0732d8f0c6a4bb92ee16df1 (diff) | |
download | blog-master.tar.gz blog-master.tar.bz2 blog-master.zip |
Diffstat (limited to 'talerblog')
-rw-r--r-- | talerblog/blog/blog.py | 40 |
1 files changed, 16 insertions, 24 deletions
diff --git a/talerblog/blog/blog.py b/talerblog/blog/blog.py index ae314cc..51a1596 100644 --- a/talerblog/blog/blog.py +++ b/talerblog/blog/blog.py @@ -43,7 +43,7 @@ TC = TalerConfig.from_env() BACKEND_BASE_URL = TC["frontends"]["backend"].value_string(required=True) CURRENCY = TC["taler"]["currency"].value_string(required=True) APIKEY = TC["frontends"]["backend_apikey"].value_string(required=True) -INSTANCE = TC["blog"]["instance"].value_string(required=True) +INSTANCE = "blog" ARTICLE_AMOUNT = CURRENCY + ":0.5" BACKEND_URL = urljoin(BACKEND_BASE_URL, f"instances/{INSTANCE}/") @@ -323,7 +323,6 @@ def check_status(order_id, session_id): @app.route("/essay/<article_name>") @app.route("/essay/<article_name>/data/<data>") def article(article_name, data=None): - # We use an explicit session ID so that each payment (or payment replay) is # bound to a browser. This forces re-play and prevents sharing the article # by just sharing the URL. @@ -349,45 +348,38 @@ def article(article_name, data=None): refund_deadline=dict(t_ms=1000*int(time.time() + 10 * 30)), wire_transfer_deadline=dict(t_ms=1000*int(time.time() + 15 * 30)), ) - order_resp = backend_post("order", dict(order=order)) + order_resp = backend_post("private/orders", dict(order=order)) order_id = order_resp["order_id"] return flask.redirect( flask.url_for( "article", article_name=article_name, order_id=order_id ) ) - - ## + # # Prepare data for the upcoming payment check. + # pay_params = dict(order_id=order_id, session_id=session_id) - pay_status = backend_get("check-payment", pay_params) - + pay_status = backend_get("private/orders/{}".format(order_id), params=dict()) if pay_status.get("paid"): + # Checks to do: + # + # - check that the paid article is actually the one + # mentioned in the requested URI. + # + # - check if the article was refunded before, and act + # accordingly. + # + + # FLOW HERE == ARTICLE PAID AND CAN BE SHOWN. - ## - # Somehow, a session with a payed article which _differs_ from - # the article requested in the URL existed; trigger the pay protocol! - if pay_status["contract_terms"]["extra"]["article_name"] != article_name: - err_abort( - 402, - message="You did not pay for this article (nice try!)", - json=pay_status - ) - - ## - # Show a "article refunded" page, in that case. - if pay_status.get("refunded"): - return flask.render_template( - "templates/article_refunded.html", article_name=article_name - ) - ## # Put the article in the cache. paid_articles_cache.set(session_id + "-" + article_name, order_id) ## # Finally return the article. return render_article(article_name, data, order_id) + elif pay_status.get("already_paid_order_id") is not None: return flask.redirect( flask.url_for( |