Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Securing and factoring code #1028

Open
wants to merge 2 commits into
base: main
Choose a base branch
from
+41 −12
Open

Securing and factoring code #1028

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
842da6c
securing and factoring code
cab-all-er Dec 23, 2024
8ee64f0
Prettier
cab-all-er Dec 23, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
22 changes: 21 additions & 1 deletion src/app/api/buy/[item]/route.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,12 +7,15 @@ import { base } from 'airtable'
export async function GET(request, { params }) {
const session = await getSession()
const person = await getSelfPerson(session.slackId)

if (!person) {
return NextResponse.json(
{ error: "i don't even know who you are" },
{ status: 418 },
)
}

const { region } = request.query
const b = await base(process.env.BASE_ID)
const items = await b('shop_items')

Expand All @@ -22,11 +25,26 @@ export async function GET(request, { params }) {
maxRecords: 1,
})
.firstPage()

if (recs.length < 1) {
return NextResponse.json({ error: 'what do you want?!' }, { status: 418 })
return NextResponse.json({ error: 'Item not found' }, { status: 418 })
}

const item = recs[0]

const { tickets } =
await getPersonTicketBalanceAndTutorialStatutWowThisMethodNameSureIsLongPhew(
session.slackId,
)

const price = region === 'us' ? item.fields.priceUs : item.fields.priceGlobal
if (tickets < price) {
return NextResponse.json(
{ error: 'Not enough doubloons to buy this item' },
{ status: 400 },
)
}

const people = await b('people')
const otp = Math.random().toString(16).slice(2)

Expand All @@ -46,12 +64,14 @@ export async function GET(request, { params }) {
`https://forms.hackclub.com/eligibility?slack_id=${session.slackId}&program=High Seas&continue=${encodeURIComponent(item.fields.fillout_base_url.replace('shop-order', 'hs-order') + otp)}`,
)
}

await people.update(person.id, {
shop_otp: otp,
shop_otp_expires_at: new Date(
new Date().getTime() + 5 * 60 * 1000,
).toISOString(),
})

return redirect(
`${item.fields.fillout_base_url.replace('shop-order', 'hs-order')}${otp}`,
)
Expand Down
31 changes: 20 additions & 11 deletions src/app/harbor/shop/shop-item-component.js
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,4 @@
import { motion } from 'framer-motion'

import {
Card,
CardContent,
Expand All @@ -10,28 +9,40 @@ import {
import { Button } from '@/components/ui/button'
import { useMemo } from 'react'
import { cantAffordWords, purchaseWords, sample } from '../../../../lib/flavor'
import useLocalStorageState from '../../../../lib/useLocalStorageState.js'
import { useState } from 'react'
import Icon from '@hackclub/icons'

const ActionArea = ({ item, filterIndex, affordable }) => {
const buyWord = useMemo(() => sample(purchaseWords), [item.id])
const getYourRacksUp = useMemo(() => sample(cantAffordWords), [item.id])

if (filterIndex == 0) {
if (filterIndex === 0) {
return <Button disabled={true}>pick a region to buy!</Button>
}

if (item.comingSoon) {
return <Button disabled={true}>🕑 coming soon...</Button>
}

if (item.outOfStock) {
return <Button disabled={true}>out of stock...</Button>
}

if (!affordable) {
return <Button disabled={true}>💸 {getYourRacksUp}</Button>
}

return (
<form action={`/api/buy/${item.id}`} className="w-full">
<Button className="w-full bg-black hover:bg-gray-800 text-white font-semibold py-2 px-4 rounded transition-colors duration-200 text-3xl enchanted">
<form action={`/api/buy/${item.id}`} method="GET" className="w-full">
<input
type="hidden"
name="region"
value={filterIndex === 1 ? 'us' : 'global'}
/>{' '}
{/* hidden input for obtaining region */}
<Button
type="submit"
className="w-full bg-black hover:bg-gray-800 text-white font-semibold py-2 px-4 rounded transition-colors duration-200 text-3xl enchanted"
>
{buyWord}
</Button>
</form>
Expand Down Expand Up @@ -79,7 +90,7 @@ export const ShopItemComponent = ({
height={20}
className="mr-1"
/>
{filterIndex == 1 ? item.priceUs : item.priceGlobal}
{filterIndex === 1 ? item.priceUs : item.priceGlobal}
</span>

{item.minimumHoursEstimated && item.maximumHoursEstimated ? (
Expand All @@ -102,25 +113,23 @@ export const ShopItemComponent = ({
</CardContent>
)}

<CardFooter className="pt-4 flex gap-1 ">
<CardFooter className="pt-4 flex gap-1">
<ActionArea
item={item}
filterIndex={filterIndex}
affordable={
(filterIndex == 1 ? item.priceUs : item.priceGlobal) <=
(filterIndex === 1 ? item.priceUs : item.priceGlobal) <=
parseInt(personTicketBalance)
}
/>
<Button
onClick={() => {
setFavouriteItems((prevFav) => {
if (prevFav.includes(item.id)) {
console.log('remove', prevFav)
return prevFav.filter(
(favItem) => String(favItem) !== item.id,
)
} else {
console.log('add', prevFav)
return [...prevFav, item.id]
}
})
Expand Down
Loading