diff --git a/Backend/main.py b/Backend/main.py index b43a2c615a8714b305f7e8e522725ce69d9632fe..e603d48aac0047288601e69bb32b3d1146d67fff 100644 --- a/Backend/main.py +++ b/Backend/main.py @@ -1,7 +1,7 @@ from utils.application import app from routes.category import get_category from routes.home import get_home -#from routes.order import post_pay_products +from routes.order import post_create_order, pay_order #from routes.cart import get_cart from routes.login import post_login, post_logout, post_register from routes.product import get_product_by_id, get_product_all, get_products_by_search @@ -13,28 +13,33 @@ from routes.product import get_product_by_id, get_product_all, get_products_by_s def home(): return get_home() -#@app.route('/order/<int:order_id>', methods=['GET']) -#def order(order_id): -# return get_order(order_id) - # Routes for getting the different categories @app.route('/category/', methods=['GET']) @app.route('/category/<string:category_name>', methods=['GET']) def category(category_name=None): return get_category(category_name) +# Route for creating the order @app.route('/order/', methods=['POST']) -def pay_products(): - return post_pay_products() +def create_order(): + return post_create_order() + +# Route for paying an order +@app.route('/order/payment/', methods=['POST']) +def pay(): + return pay_order() +# Route for logging out of the app @app.route('/logout/', methods=['POST']) def logout(): return post_logout() +# Route for logging in @app.route('/login/', methods=['POST']) def login(): return post_login() +# Route for registering a new user @app.route('/register/', methods=['POST']) def register(): return post_register() @@ -49,6 +54,7 @@ def get_product(product_id): def get_products(): return get_product_all() +# Route for searching for a new product @app.route('/product/search/<string:search>', methods=['GET']) def search_products(search): return get_products_by_search(search) diff --git a/Backend/routes/order.py b/Backend/routes/order.py index c251d73bad11da53338db47617b04fc0c8b33834..649bb4290375f733e09853c042a0ab86b886bfc4 100644 --- a/Backend/routes/order.py +++ b/Backend/routes/order.py @@ -12,15 +12,26 @@ def post_create_order(): return jsonify({"message": "You are not logged in"}), 401 data = request.json + # Products is array of {product_id, quantity} + + # Example body: + + # "products": [ + # { + # "productid": 1, + # "quantity": 2 + # }, + # ... + # ], + products = data["products"] - payment_method = data["payment_method"] productIds = [] for product in products: productIds.append(product["product_id"]) - if (len(products) == 0): + if (len(products) <= 0): return jsonify({"message": "No products in order"}), 400 # Acquire the mutex lock @@ -75,4 +86,70 @@ def post_create_order(): # Release the lock even if the try-block fails mutex_lock.release() - return jsonify({"message": "Order placed"}), 201 \ No newline at end of file + return jsonify({"message": "Order placed"}), 201 + +def pay_order(): + # Get user from logged in cookie + userId = request.cookies.get('logged_in') + if userId is None: + return jsonify({"message": "You are not logged in"}), 401 + + # Example body: + + # { + # "order_id": 6, + # "payment_method": "Vipps" + # } + + data = request.json + + order_id = data['order_id'] + payment_method = data['payment_method'] + + # Get the user_id of the user with the email from the user table + # Check that the user_id logged in is the same as the user on the order + # Get the order status to make sure the order is not already paid + + cur = mysql.connection.cursor() + cur.execute('''SELECT user_order.status, user_order.total_amount, user.user_id + FROM user_order INNER JOIN user ON user_order.user_id = user.user_id + WHERE order_id = %s''', (order_id,)) + order_info = cur.fetchall() + cur.close() + + # Check we have one and only one order + if len(order_info) != 1: + return jsonify({"message": "Not a valid order id"}), 400 + + # Destructure the query into variables + status, amount, user_id = order_info[0] + + # Check email is the same as logged in email + if userId != str(user_id): + return jsonify({"message": "This order is not for the logged in user"}), 400 + + # Check order is not already paid + if status != "Pending": + return jsonify({"message": "Order is already paid"}), 400 + + # Make sure correct payment method + if payment_method != "Vipps": + return jsonify({"message": "Invalid payment method"}), 400 + + # Pay the order + payment = vipps(amount, order_id) + + if not payment: + return jsonify({"message": "Payment failed"}), 400 + + # Update the status of the order to paid + cur = mysql.connection.cursor() + cur.execute('''UPDATE user_order SET status = 'Paid' WHERE user_order.order_id = %s''', (order_id,)) + mysql.connection.commit() + cur.close() + + return jsonify({"message": "Order paid"}), 200 + +# Dummy payment method +def vipps(amount, order_id): + return True \ No newline at end of file