2019-09-13 18:08:48 +00:00
|
|
|
import binascii
|
2019-09-13 05:02:23 +00:00
|
|
|
import json
|
2019-09-13 18:08:48 +00:00
|
|
|
|
|
|
|
import requests
|
2019-09-14 07:49:22 +00:00
|
|
|
from decouple import config, Csv
|
2019-09-13 05:02:23 +00:00
|
|
|
from flask import Flask, request
|
|
|
|
from flask_restful import Resource, Api
|
2019-09-13 18:08:48 +00:00
|
|
|
from pyotp import TOTP
|
|
|
|
|
2019-09-13 06:37:53 +00:00
|
|
|
from config import etcd_client as client, logging, APP_PORT
|
2019-09-13 18:08:48 +00:00
|
|
|
from stripe_utils import StripeUtils
|
2019-09-14 07:18:19 +00:00
|
|
|
from uuid import uuid4
|
2019-09-13 05:02:23 +00:00
|
|
|
|
|
|
|
app = Flask(__name__)
|
|
|
|
api = Api(app)
|
|
|
|
|
|
|
|
|
2019-09-13 18:08:48 +00:00
|
|
|
def check_otp(name, realm, token):
|
|
|
|
try:
|
|
|
|
data = {
|
|
|
|
"auth_name": config("AUTH_NAME", ""),
|
|
|
|
"auth_token": TOTP(config("AUTH_SEED", "")).now(),
|
|
|
|
"auth_realm": config("AUTH_REALM", ""),
|
|
|
|
"name": name,
|
|
|
|
"realm": realm,
|
|
|
|
"token": token,
|
|
|
|
}
|
|
|
|
except binascii.Error:
|
|
|
|
return 400
|
|
|
|
|
|
|
|
response = requests.post(
|
|
|
|
"{OTP_SERVER}{OTP_VERIFY_ENDPOINT}".format(
|
|
|
|
OTP_SERVER=config("OTP_SERVER", ""),
|
|
|
|
OTP_VERIFY_ENDPOINT=config("OTP_VERIFY_ENDPOINT", "verify/"),
|
|
|
|
),
|
|
|
|
data=data,
|
|
|
|
)
|
|
|
|
return response.status_code
|
|
|
|
|
|
|
|
|
2019-09-13 05:02:23 +00:00
|
|
|
class ListProducts(Resource):
|
|
|
|
@staticmethod
|
|
|
|
def get():
|
|
|
|
products = client.get_prefix("/v1/products/", value_in_json=False)
|
|
|
|
prod_dict = {}
|
|
|
|
for p in products:
|
|
|
|
prod_dict[p.key] = json.loads(p.value)
|
2019-09-13 18:08:48 +00:00
|
|
|
logging.debug("Products = {}".format(prod_dict))
|
2019-09-13 05:02:23 +00:00
|
|
|
return prod_dict, 200
|
|
|
|
|
2019-09-13 18:08:48 +00:00
|
|
|
|
2019-09-13 05:02:23 +00:00
|
|
|
class AddProduct(Resource):
|
|
|
|
@staticmethod
|
|
|
|
def post():
|
|
|
|
data = request.json
|
2019-09-13 18:08:48 +00:00
|
|
|
logging.debug("Got data: {}".format(str(data)))
|
2019-09-14 07:49:22 +00:00
|
|
|
REALM_ALLOWED = config("REALM_ALLOWED", cast=Csv(str))
|
|
|
|
logging.debug("REALM_ALLOWED = {}".format(REALM_ALLOWED))
|
|
|
|
if data["realm"] not in REALM_ALLOWED:
|
|
|
|
logging.error(
|
|
|
|
"The given realm {} is not "
|
|
|
|
"allowed to do add product".format(data["realm"]))
|
|
|
|
return {"message": "Forbidden"}, 403
|
2019-09-13 19:18:30 +00:00
|
|
|
otp_response = check_otp(data["name"], data["realm"],
|
|
|
|
data["token"])
|
|
|
|
if otp_response != 200:
|
|
|
|
return {"message": "Wrong Credentials"}, 403
|
2019-09-13 05:02:23 +00:00
|
|
|
|
2019-09-13 19:18:30 +00:00
|
|
|
try:
|
2019-09-14 07:18:19 +00:00
|
|
|
product_uuid = uuid4().hex
|
|
|
|
product_key = "/v1/products/{}".format(product_uuid)
|
2019-09-13 19:18:30 +00:00
|
|
|
product_value = {
|
|
|
|
"name": data["product_name"],
|
|
|
|
"description": data["product_description"],
|
|
|
|
"type": data["product_type"],
|
|
|
|
"price": data["product_price"],
|
|
|
|
"recurring_duration": data["product_recurring_duration"],
|
|
|
|
"recurring_duration_units":
|
|
|
|
data["product_recurring_duration_units"]
|
|
|
|
}
|
|
|
|
logging.debug("Adding product data: {}".format(str(product_value)))
|
|
|
|
client.put(product_key, product_value, value_in_json=True)
|
|
|
|
return {"message":
|
|
|
|
"Product {} created".format(data['product_name'])}, 200
|
|
|
|
except KeyError as ke:
|
|
|
|
logging.error("KeyError occurred. details = {}".format(str(ke)))
|
|
|
|
return {"message":
|
|
|
|
"Missing or wrong parameters"}, 400
|
2019-09-13 18:08:48 +00:00
|
|
|
|
|
|
|
|
|
|
|
class UserRegisterPayment(Resource):
|
2019-09-13 19:44:02 +00:00
|
|
|
|
|
|
|
@staticmethod
|
|
|
|
def get_token(card_number, cvc, exp_month, exp_year):
|
|
|
|
stripe_utils = StripeUtils()
|
|
|
|
token_response = stripe_utils.get_token_from_card(
|
|
|
|
card_number, cvc, exp_month, exp_year
|
|
|
|
)
|
|
|
|
if token_response["response_object"]:
|
|
|
|
return token_response["response_object"].id
|
|
|
|
else:
|
|
|
|
return None
|
|
|
|
|
2019-09-13 18:08:48 +00:00
|
|
|
@staticmethod
|
|
|
|
def post():
|
|
|
|
try:
|
|
|
|
data = request.json
|
|
|
|
logging.debug("Got data: {}".format(str(data)))
|
|
|
|
otp_response = check_otp(data["name"], data["realm"],
|
|
|
|
data["token"])
|
2019-09-14 06:58:28 +00:00
|
|
|
last4 = data['card_number'].strip()[-4:]
|
2019-09-13 18:08:48 +00:00
|
|
|
if otp_response != 200:
|
|
|
|
return {"message": "Wrong Credentials"}, 403
|
|
|
|
|
|
|
|
stripe_utils = StripeUtils()
|
2019-09-14 06:58:28 +00:00
|
|
|
|
|
|
|
# Does customer already exist ?
|
2019-09-13 18:08:48 +00:00
|
|
|
stripe_customer = stripe_utils.get_stripe_customer_from_email(
|
|
|
|
data["email"])
|
2019-09-14 06:58:28 +00:00
|
|
|
|
|
|
|
# Does customer already exist ?
|
|
|
|
if stripe_customer is not None:
|
|
|
|
logging.debug(
|
|
|
|
"Customer {} exists already".format(data['email'])
|
|
|
|
)
|
|
|
|
# Check if the card already exists
|
|
|
|
ce_response = stripe_utils.card_exists(
|
|
|
|
stripe_customer.id, cc_number=data["card_number"],
|
|
|
|
exp_month=int(data["expiry_month"]),
|
|
|
|
exp_year=int(data["expiry_year"]),
|
|
|
|
cvc=data["cvc"])
|
|
|
|
if ce_response["response_object"]:
|
|
|
|
message = ("The given card ending in "
|
|
|
|
"{} exists already.").format(last4)
|
|
|
|
logging.debug(message)
|
|
|
|
return { "message": message }, 400
|
|
|
|
elif ce_response["response_object"] is False:
|
|
|
|
# Associate card with user
|
|
|
|
logging.debug("Adding card ending in {}".format(last4))
|
|
|
|
token_response = stripe_utils.get_token_from_card(
|
|
|
|
data["card_number"], data["cvc"], data["expiry_month"],
|
|
|
|
data["expiry_year"]
|
|
|
|
)
|
|
|
|
if token_response["response_object"]:
|
|
|
|
logging.debug(
|
|
|
|
"Token {}".format(
|
|
|
|
token_response["response_object"].id
|
|
|
|
)
|
|
|
|
)
|
|
|
|
resp = stripe_utils.associate_customer_card(
|
|
|
|
stripe_customer.id,
|
|
|
|
token_response["response_object"].id
|
|
|
|
)
|
|
|
|
if resp["response_object"]:
|
|
|
|
return {"message":
|
|
|
|
"Card ending in {} registered as your payment "
|
|
|
|
"source".format(last4)
|
|
|
|
}, 200
|
|
|
|
else:
|
|
|
|
logging.error("Could not obtain token")
|
|
|
|
return {"message": "Error with payment gateway. "
|
|
|
|
"Contact support"}, 400
|
|
|
|
else:
|
|
|
|
logging.error(
|
|
|
|
"Error occurred {}".format(ce_response["error"])
|
|
|
|
)
|
|
|
|
return {"message": "Error: {}".format(
|
|
|
|
ce_response["error"]
|
|
|
|
)}, 400
|
|
|
|
else:
|
|
|
|
# Stripe customer does not exist, create a new one
|
|
|
|
logging.debug(
|
|
|
|
"Customer {} does not exist, "
|
|
|
|
"creating new".format(data['email'])
|
|
|
|
)
|
|
|
|
token_response = stripe_utils.get_token_from_card(
|
|
|
|
data["card_number"], data["cvc"], data["expiry_month"],
|
|
|
|
data["expiry_year"]
|
|
|
|
)
|
|
|
|
if token_response["response_object"]:
|
|
|
|
logging.debug(
|
|
|
|
"Token {}".format(
|
|
|
|
token_response["response_object"].id))
|
|
|
|
|
|
|
|
#Create stripe customer
|
2019-09-13 18:08:48 +00:00
|
|
|
stripe_customer_resp = stripe_utils.create_customer(
|
2019-09-13 19:13:27 +00:00
|
|
|
name=data["card_holder_name"],
|
2019-09-14 06:58:28 +00:00
|
|
|
token=token_response["response_object"].id,
|
2019-09-13 19:13:27 +00:00
|
|
|
email=data["email"]
|
2019-09-13 18:08:48 +00:00
|
|
|
)
|
2019-09-14 06:58:28 +00:00
|
|
|
if stripe_customer_resp["response_object"]:
|
|
|
|
logging.debug(
|
|
|
|
"Created stripe customer {}".format(
|
|
|
|
stripe_customer_resp["response_object"].id
|
|
|
|
)
|
|
|
|
)
|
2019-09-13 19:13:27 +00:00
|
|
|
stripe_customer = stripe_customer_resp[
|
|
|
|
"response_object"]
|
2019-09-14 06:58:28 +00:00
|
|
|
return {"message":
|
2019-09-14 08:21:04 +00:00
|
|
|
"Card ending in {} registered as your "
|
|
|
|
"payment source".format(last4)
|
2019-09-14 06:58:28 +00:00
|
|
|
}, 200
|
2019-09-13 18:08:48 +00:00
|
|
|
else:
|
|
|
|
logging.error("Could not get/create stripe_customer "
|
|
|
|
"for {}".format(data["email"]))
|
|
|
|
return {"message":
|
|
|
|
"Error with card. Contact support"}, 400
|
2019-09-13 19:44:02 +00:00
|
|
|
else:
|
2019-09-14 06:58:28 +00:00
|
|
|
logging.error("Could not obtain token")
|
|
|
|
return {"message": "Error with payment gateway. "
|
|
|
|
"Contact support"}, 400
|
2019-09-13 18:08:48 +00:00
|
|
|
except KeyError as key_error:
|
2019-09-13 19:13:27 +00:00
|
|
|
logging.error("Key error occurred")
|
2019-09-13 18:08:48 +00:00
|
|
|
logging.error(str(key_error))
|
2019-09-13 19:13:27 +00:00
|
|
|
return {"message": "Missing or wrong parameters"}, 400
|
2019-09-13 18:08:48 +00:00
|
|
|
|
2019-09-13 05:02:23 +00:00
|
|
|
|
2019-09-14 08:03:23 +00:00
|
|
|
class ProductOrder(Resource):
|
|
|
|
@staticmethod
|
|
|
|
def post():
|
|
|
|
data = request.json
|
|
|
|
try:
|
|
|
|
otp_response = check_otp(data["name"], data["realm"],
|
|
|
|
data["token"])
|
|
|
|
if otp_response != 200:
|
|
|
|
return {"message": "Wrong Credentials"}, 403
|
|
|
|
|
2019-09-14 12:12:10 +00:00
|
|
|
stripe_utils = StripeUtils()
|
|
|
|
|
2019-09-14 08:03:53 +00:00
|
|
|
# Validate the given product is ok
|
2019-09-14 08:09:30 +00:00
|
|
|
product_id = data["product_id"]
|
2019-09-14 08:20:00 +00:00
|
|
|
product = client.get(
|
|
|
|
"/v1/products/{}".format(product_id), value_in_json=True
|
2019-09-14 08:09:30 +00:00
|
|
|
)
|
|
|
|
if not product:
|
2019-09-14 08:20:00 +00:00
|
|
|
logging.debug("User chose invalid product {}".format(product_id))
|
2019-09-14 08:09:30 +00:00
|
|
|
return {"message": "Invalid product"}, 400
|
|
|
|
|
2019-09-14 08:20:00 +00:00
|
|
|
logging.debug("Got product {}: {}".format(product.key, product.value))
|
2019-09-14 08:03:23 +00:00
|
|
|
|
2019-09-14 08:03:53 +00:00
|
|
|
# Check the user has a payment source added
|
2019-09-14 12:12:10 +00:00
|
|
|
stripe_customer = stripe_utils.get_stripe_customer_from_email(
|
|
|
|
data["email"]
|
|
|
|
)
|
|
|
|
|
|
|
|
if not stripe_customer or len(stripe_customer.sources) == 0:
|
|
|
|
logging.error("{} does not exist in Stripe => no cards".format(
|
|
|
|
data["email"])
|
|
|
|
)
|
|
|
|
return {"message": "Please register a payment source"}, 400
|
2019-09-14 08:03:23 +00:00
|
|
|
|
2019-09-14 08:03:53 +00:00
|
|
|
# Initiate a one-time/subscription based on product type
|
2019-09-14 12:12:10 +00:00
|
|
|
product_obj = product.value
|
|
|
|
if product_obj['type'] == "recurring":
|
|
|
|
logging.debug("Product {} is recurring payment".format(
|
|
|
|
product_obj["name"])
|
|
|
|
)
|
|
|
|
elif product_obj['type'] == "one-time":
|
|
|
|
logging.debug(
|
|
|
|
"Product {} is one-time "
|
|
|
|
"payment".format(product_obj["type"])
|
|
|
|
)
|
|
|
|
|
|
|
|
|
2019-09-14 08:03:23 +00:00
|
|
|
|
2019-09-14 08:03:53 +00:00
|
|
|
# If charge successful, create an order object
|
2019-09-14 08:03:23 +00:00
|
|
|
|
2019-09-14 08:03:53 +00:00
|
|
|
# Else handle unsuccessful cases with grace
|
2019-09-14 08:03:23 +00:00
|
|
|
|
|
|
|
except KeyError as key_error:
|
|
|
|
logging.error("Key error occurred")
|
|
|
|
logging.error(str(key_error))
|
|
|
|
return {"message": "Missing or wrong parameters"}, 400
|
|
|
|
|
2019-09-13 05:02:23 +00:00
|
|
|
api.add_resource(ListProducts, "/product/list")
|
|
|
|
api.add_resource(AddProduct, "/product/add")
|
2019-09-14 08:03:23 +00:00
|
|
|
api.add_resource(ProductOrder, "/product/order")
|
2019-09-13 19:13:27 +00:00
|
|
|
api.add_resource(UserRegisterPayment, "/user/register_payment")
|
2019-09-13 05:02:23 +00:00
|
|
|
|
2019-09-14 08:03:23 +00:00
|
|
|
|
2019-09-13 05:02:23 +00:00
|
|
|
if __name__ == '__main__':
|
2019-09-13 06:37:53 +00:00
|
|
|
app.run(host="::", port=APP_PORT, debug=True)
|