From 636ae5405ffffaddaae881420c83c63a1e229e99 Mon Sep 17 00:00:00 2001 From: GonzaDDV Date: Wed, 8 Feb 2023 17:05:39 -0300 Subject: [PATCH] verify transaction on views.py --- .../article/paywall/pw_auth_wo_credits.html | 29 ++++++++++++------- portal/apps/thedaily/views.py | 13 +++++++-- portal/requirements.txt | 3 +- 3 files changed, 31 insertions(+), 14 deletions(-) diff --git a/portal/apps/core/templates/article/paywall/pw_auth_wo_credits.html b/portal/apps/core/templates/article/paywall/pw_auth_wo_credits.html index ec797974..db1f7214 100644 --- a/portal/apps/core/templates/article/paywall/pw_auth_wo_credits.html +++ b/portal/apps/core/templates/article/paywall/pw_auth_wo_credits.html @@ -132,17 +132,24 @@ Toastify.success('La transacción fue confirmada! Gracias por tu compra.', { duration: -1 }); if (hasReachedSufficientCommitment) { - $.ajax({ - beforeSend: function (xhr, settings) { - xhr.setRequestHeader("X-CSRFToken", Cookies.get('csrftoken')); - }, - method: "POST", - url: "/usuarios/comprar-articulo/", - data: { - article_id: '{{ article.id }}', - user_id: '{{ user.id }}', - } - }); + try { + $.ajax({ + beforeSend: function (xhr, settings) { + xhr.setRequestHeader("X-CSRFToken", Cookies.get('csrftoken')); + }, + method: "POST", + url: "/usuarios/comprar-articulo/", + data: { + article_id: '{{ article.id }}', + user_id: '{{ user.id }}', + public_key: provider.publicKey.toString(), + signature, + transaction: serializedTransaction.toString('base64'), + } + }); + } catch { + Toastify.error('Ocurrió un error al procesar la transacción.'); + } clearInterval(interval); location.reload(); diff --git a/portal/apps/thedaily/views.py b/portal/apps/thedaily/views.py index bc8ec218..33f2a720 100644 --- a/portal/apps/thedaily/views.py +++ b/portal/apps/thedaily/views.py @@ -84,6 +84,8 @@ from .exceptions import UpdateCrmEx from .tasks import send_notification, notify_digital, notify_paper +import solana +from hashlib import sha256 standard_library.install_aliases() to_response = render_response('thedaily/templates/') @@ -1601,10 +1603,17 @@ def telephone_subscription_msg(user, preferred_time): @never_cache @to_response def buy_single_article(request): - # TODO: validate the transaction + # TODO: test the transaction validation article_id = request.POST.get('article_id') user_id = request.POST.get('user_id') - if request.method == 'POST' and article_id and user_id: + public_key = request.POST.get('public_key') + transaction = request.POST.get('transaction') + signature = request.POST.get('signature') + if request.method == 'POST' and article_id and user_id and public_key and transaction and signature: + hash = sha256(transaction).hexdigest() + valid = solana.signature.verify_signature(public_key, hash, signature) + if not valid: + return HttpResponse('Invalid signature', status=400) user = get_object_or_404(User, id=user_id) article = get_object_or_404(Article, id=article_id) user.subscriber.articles_bought.add(article) diff --git a/portal/requirements.txt b/portal/requirements.txt index 77fa6c79..31e76953 100644 --- a/portal/requirements.txt +++ b/portal/requirements.txt @@ -60,4 +60,5 @@ pywebpush django>1.11,<2 future factory-boy -w3storage \ No newline at end of file +w3storage +solana \ No newline at end of file