summaryrefslogtreecommitdiff
path: root/talerblog/blog/blog.py
diff options
context:
space:
mode:
Diffstat (limited to 'talerblog/blog/blog.py')
-rw-r--r--talerblog/blog/blog.py42
1 files changed, 17 insertions, 25 deletions
diff --git a/talerblog/blog/blog.py b/talerblog/blog/blog.py
index a0a9784..51a1596 100644
--- a/talerblog/blog/blog.py
+++ b/talerblog/blog/blog.py
@@ -43,7 +43,7 @@ TC = TalerConfig.from_env()
BACKEND_BASE_URL = TC["frontends"]["backend"].value_string(required=True)
CURRENCY = TC["taler"]["currency"].value_string(required=True)
APIKEY = TC["frontends"]["backend_apikey"].value_string(required=True)
-INSTANCE = TC["blog"]["instance"].value_string(required=True)
+INSTANCE = "blog"
ARTICLE_AMOUNT = CURRENCY + ":0.5"
BACKEND_URL = urljoin(BACKEND_BASE_URL, f"instances/{INSTANCE}/")
@@ -214,7 +214,7 @@ def refund(order_id):
session_id = flask.session.get("session_id", "")
pay_params = dict(order_id=order_id, session_id=session_id)
pay_status = backend_get("check-payment", pay_params)
- if not pay_status.paid:
+ if not pay_status.get("paid"):
err_abort(
402,
message="You did not pay for this article (nice try!)",
@@ -323,7 +323,6 @@ def check_status(order_id, session_id):
@app.route("/essay/<article_name>")
@app.route("/essay/<article_name>/data/<data>")
def article(article_name, data=None):
-
# We use an explicit session ID so that each payment (or payment replay) is
# bound to a browser. This forces re-play and prevents sharing the article
# by just sharing the URL.
@@ -349,45 +348,38 @@ def article(article_name, data=None):
refund_deadline=dict(t_ms=1000*int(time.time() + 10 * 30)),
wire_transfer_deadline=dict(t_ms=1000*int(time.time() + 15 * 30)),
)
- order_resp = backend_post("order", dict(order=order))
+ order_resp = backend_post("private/orders", dict(order=order))
order_id = order_resp["order_id"]
return flask.redirect(
flask.url_for(
"article", article_name=article_name, order_id=order_id
)
)
-
- ##
+ #
# Prepare data for the upcoming payment check.
+ #
pay_params = dict(order_id=order_id, session_id=session_id)
- pay_status = backend_get("check-payment", pay_params)
-
+ pay_status = backend_get("private/orders/{}".format(order_id), params=dict())
if pay_status.get("paid"):
+ # Checks to do:
+ #
+ # - check that the paid article is actually the one
+ # mentioned in the requested URI.
+ #
+ # - check if the article was refunded before, and act
+ # accordingly.
+ #
+
+ # FLOW HERE == ARTICLE PAID AND CAN BE SHOWN.
- ##
- # Somehow, a session with a payed article which _differs_ from
- # the article requested in the URL existed; trigger the pay protocol!
- if pay_status["contract_terms"]["extra"]["article_name"] != article_name:
- err_abort(
- 402,
- message="You did not pay for this article (nice try!)",
- json=pay_status
- )
-
- ##
- # Show a "article refunded" page, in that case.
- if pay_status.get("refunded"):
- return flask.render_template(
- "templates/article_refunded.html", article_name=article_name
- )
- ##
# Put the article in the cache.
paid_articles_cache.set(session_id + "-" + article_name, order_id)
##
# Finally return the article.
return render_article(article_name, data, order_id)
+
elif pay_status.get("already_paid_order_id") is not None:
return flask.redirect(
flask.url_for(