From 866f3294024534ea6cadc37a0c5f28bef05d3d56 Mon Sep 17 00:00:00 2001 From: MS Date: Thu, 16 Jul 2020 18:52:42 +0200 Subject: first steps towards protocol change --- talerblog/blog/blog.py | 40 ++++++++++++++++------------------------ 1 file changed, 16 insertions(+), 24 deletions(-) (limited to 'talerblog') diff --git a/talerblog/blog/blog.py b/talerblog/blog/blog.py index ae314cc..51a1596 100644 --- a/talerblog/blog/blog.py +++ b/talerblog/blog/blog.py @@ -43,7 +43,7 @@ TC = TalerConfig.from_env() BACKEND_BASE_URL = TC["frontends"]["backend"].value_string(required=True) CURRENCY = TC["taler"]["currency"].value_string(required=True) APIKEY = TC["frontends"]["backend_apikey"].value_string(required=True) -INSTANCE = TC["blog"]["instance"].value_string(required=True) +INSTANCE = "blog" ARTICLE_AMOUNT = CURRENCY + ":0.5" BACKEND_URL = urljoin(BACKEND_BASE_URL, f"instances/{INSTANCE}/") @@ -323,7 +323,6 @@ def check_status(order_id, session_id): @app.route("/essay/") @app.route("/essay//data/") def article(article_name, data=None): - # We use an explicit session ID so that each payment (or payment replay) is # bound to a browser. This forces re-play and prevents sharing the article # by just sharing the URL. @@ -349,45 +348,38 @@ def article(article_name, data=None): refund_deadline=dict(t_ms=1000*int(time.time() + 10 * 30)), wire_transfer_deadline=dict(t_ms=1000*int(time.time() + 15 * 30)), ) - order_resp = backend_post("order", dict(order=order)) + order_resp = backend_post("private/orders", dict(order=order)) order_id = order_resp["order_id"] return flask.redirect( flask.url_for( "article", article_name=article_name, order_id=order_id ) ) - - ## + # # Prepare data for the upcoming payment check. + # pay_params = dict(order_id=order_id, session_id=session_id) - pay_status = backend_get("check-payment", pay_params) - + pay_status = backend_get("private/orders/{}".format(order_id), params=dict()) if pay_status.get("paid"): + # Checks to do: + # + # - check that the paid article is actually the one + # mentioned in the requested URI. + # + # - check if the article was refunded before, and act + # accordingly. + # + + # FLOW HERE == ARTICLE PAID AND CAN BE SHOWN. - ## - # Somehow, a session with a payed article which _differs_ from - # the article requested in the URL existed; trigger the pay protocol! - if pay_status["contract_terms"]["extra"]["article_name"] != article_name: - err_abort( - 402, - message="You did not pay for this article (nice try!)", - json=pay_status - ) - - ## - # Show a "article refunded" page, in that case. - if pay_status.get("refunded"): - return flask.render_template( - "templates/article_refunded.html", article_name=article_name - ) - ## # Put the article in the cache. paid_articles_cache.set(session_id + "-" + article_name, order_id) ## # Finally return the article. return render_article(article_name, data, order_id) + elif pay_status.get("already_paid_order_id") is not None: return flask.redirect( flask.url_for( -- cgit v1.2.3