add payment functionality

2ef727fa · Knut Fineid · 7a0fa9ab · 2ef727fa · 2ef727fa
Commit 2ef727fa authored May 8, 2024 by Knut Fineid
--- a/Backend/main.py
+++ b/Backend/main.py
 from utils.application import app
 from routes.category import get_category
 from routes.home import get_home
-#from routes.order import post_pay_products
+from routes.order import post_create_order, pay_order
 #from routes.cart import get_cart
 from routes.login import post_login, post_logout, post_register
 from routes.product import get_product_by_id, get_product_all, get_products_by_search
@@ -13,28 +13,33 @@ from routes.product import get_product_by_id, get_product_all, get_products_by_s
 def home():
    return get_home()
-#@app.route('/order/<int:order_id>', methods=['GET'])
-#def order(order_id):
-#    return get_order(order_id)
 # Routes for getting the different categories
 @app.route('/category/', methods=['GET'])
 @app.route('/category/<string:category_name>', methods=['GET'])
 def category(category_name=None):
    return get_category(category_name)
+# Route for creating the order
 @app.route('/order/', methods=['POST'])
-def pay_products():
+def create_order():
-    return post_pay_products()
+    return post_create_order()
+# Route for paying an order
+@app.route('/order/payment/', methods=['POST'])
+def pay():
+    return pay_order()
+# Route for logging out of the app
 @app.route('/logout/', methods=['POST'])
 def logout():
    return post_logout()
+# Route for logging in
 @app.route('/login/', methods=['POST'])
 def login():
    return post_login()
+# Route for registering a new user
 @app.route('/register/', methods=['POST'])
 def register():
    return post_register()
@@ -49,6 +54,7 @@ def get_product(product_id):
 def get_products():
    return get_product_all()
+# Route for searching for a new product
 @app.route('/product/search/<string:search>', methods=['GET'])
 def search_products(search):
    return get_products_by_search(search)

--- a/Backend/routes/order.py
+++ b/Backend/routes/order.py
@@ -12,15 +12,26 @@ def post_create_order():
        return jsonify({"message": "You are not logged in"}), 401
    data = request.json
    # Products is array of {product_id, quantity}
+    # Example body:
+        # "products": [
+        #   {
+        #      "productid": 1,
+        #      "quantity": 2 
+        #   },
+        #   ...
+        # ],
    products = data["products"]
-    payment_method = data["payment_method"]
    productIds = []
    for product in products:
        productIds.append(product["product_id"])
-    if (len(products) == 0):
+    if (len(products) <= 0):
        return jsonify({"message": "No products in order"}), 400
    # Acquire the mutex lock
@@ -76,3 +87,69 @@ def post_create_order():
        mutex_lock.release()
    return jsonify({"message": "Order placed"}), 201
+def pay_order():
+    # Get user from logged in cookie
+    userId = request.cookies.get('logged_in')
+    if userId is None:
+        return jsonify({"message": "You are not logged in"}), 401
+    # Example body:
+    # {
+    #   "order_id": 6,
+    #   "payment_method": "Vipps"
+    # }
+    data = request.json
+    order_id = data['order_id']
+    payment_method = data['payment_method']
+    # Get the user_id of the user with the email from the user table
+    # Check that the user_id logged in is the same as the user on the order
+    # Get the order status to make sure the order is not already paid
+    cur = mysql.connection.cursor()
+    cur.execute('''SELECT user_order.status, user_order.total_amount, user.user_id 
+                FROM user_order INNER JOIN user ON user_order.user_id = user.user_id
+                WHERE order_id = %s''', (order_id,))
+    order_info = cur.fetchall()
+    cur.close()
+    # Check we have one and only one order
+    if len(order_info) != 1:
+        return jsonify({"message": "Not a valid order id"}), 400
+    # Destructure the query into variables
+    status, amount, user_id = order_info[0]
+    # Check email is the same as logged in email
+    if userId != str(user_id):
+        return jsonify({"message": "This order is not for the logged in user"}), 400
+    # Check order is not already paid
+    if status != "Pending":
+        return jsonify({"message": "Order is already paid"}), 400
+    # Make sure correct payment method
+    if payment_method != "Vipps":
+        return jsonify({"message": "Invalid payment method"}), 400
+    # Pay the order
+    payment = vipps(amount, order_id)
+    if not payment:
+        return jsonify({"message": "Payment failed"}), 400
+    # Update the status of the order to paid
+    cur = mysql.connection.cursor()
+    cur.execute('''UPDATE user_order SET status = 'Paid' WHERE user_order.order_id = %s''', (order_id,))
+    mysql.connection.commit()
+    cur.close()
+    return jsonify({"message": "Order paid"}), 200
+# Dummy payment method
+def vipps(amount, order_id):
+    return True
\ No newline at end of file