Added order deletion endpoint

2023-04-08 13:55:57 -06:00 · 2023-04-08 13:55:57 -06:00 · 4c6a2f3dc7
parent f12c41f152
commit 4c6a2f3dc7
3 changed files with 42 additions and 6 deletions
--- a/_src/assets/scripts/order.js
+++ b/_src/assets/scripts/order.js
@ -1,7 +1,6 @@
 'use strict'
 const formatUSD = (v) => v.toLocaleString(undefined, {
 	style: 'currency', currency: 'USD' })
-const cancel = () => window.location = '/shop/cart/'
 const qstr = new Proxy(new URLSearchParams(window.location.search), {
 	get: (searchParams, prop) => searchParams.get(prop),
 })
@ -50,12 +49,22 @@ const STRIPE_DECLINE_CODES = {
 	try_again_later: `The card was declined for an unknown reason. Ask the customer to attempt the payment again. If subsequent payments are declined, You need to contact your card-issuer for more information.`,
 	withdrawal_count_limit_exceeded: `The customer has exceeded the balance or credit limit available on your card. You need to use an alternative payment method.`,
 }
+
 const emptyCart = () => {
 	Object.keys(localStorage).forEach(i => {
 		if (i.substring(0,5)==='cart_')
 			localStorage.removeItem(i)
 	}); recountCart()
 }
+
+const cancel = () => {
+	fetch(
+		`${API_DOMAIN}/order/${qstr.id}?key=${qstr.key}`,
+		{ method:'DELETE' }
+	)
+	window.location = '/shop/cart/'
+}
+
 let xmr_price = 160 // For getting fees in USD before the first price loads

 class MoneroTransaction { constructor(data) { 
--- a/api/index.js
+++ b/api/index.js
@ -22,10 +22,12 @@ app.get('/', (req, res) => res.sendStatus(200))

 // Create new order
 app.options('/order', cors)
-.post('/order', jsonBodyParser, cors, require('./order-add'))
+	.post('/order', jsonBodyParser, cors, require('./order-add'))

-// Get an order
-app.get('/order/:orderid', cors, require('./order-get'))
+// Get or delete an order
+app.options('/order/:orderid', cors)
+	.get('/order/:orderid', cors, require('./order-get'))
+	.delete('/order/:orderid', cors, require('./order-del'))

 // XMR transactions polling (just proxying it to moneropay)
 app.get('/xmr-receive/:addr', cors, async (req, res) => {
@ -56,8 +58,8 @@ app.get('/xmr-receive/:addr', cors, async (req, res) => {

 // Send email through contact form
 app.options('/contact', cors)
-.post('/contact', jsonBodyParser, cors, require('./contact'))
+	.post('/contact', jsonBodyParser, cors, require('./contact'))

 // Send bug report through disclosure form
 app.options('/bug', cors)
-.post('/bug', jsonBodyParser, cors, require('./bug'))
+	.post('/bug', jsonBodyParser, cors, require('./bug'))
--- a/api/order-del.js
+++ b/api/order-del.js
@ -0,0 +1,25 @@
+'use strict'
+require('dotenv').config()
+const fs = require('fs').promises
+const ORDERS_DIR = `${__dirname}/../orders`
+
+module.exports = async (req, res) => {
+	const ip = req.ip.slice(7)
+	const orderFile = `${ORDERS_DIR}/${req.params.orderid}.json`
+	let order; try {
+		order = await JSON.parse(await fs.readFile(orderFile))
+	} catch (err) {
+		console.error(`[${ip}] requested ${orderFile} deletion but it couldn't be read:\n${err}`)
+		return res.sendStatus(500)
+	}
+	if (req.query.key.replace(/ /g,'+')===order.key) {
+		await fs.unlink(orderFile)
+		console.log(`[${ip}] Deleted order ${order.id}`)
+		return res.sendStatus(200)
+	}
+	else {
+		console.log(`[${ip}] tried to delete order ${order.id} but sent wrong key:\n ${req.query.key.replace(/ /g,'+')}`)
+		console.log(`[${ip}] correct key:\n ${order.key}`)
+		return res.status(403).send('Incorrect key!')
+	}
+}