Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
productApi.get('/render-list', (req, res) => {
const productProxy = _getProxy(req)
if (!req.query.skus) { return apiStatus(res, 'skus parameter is required', 400); }
productProxy.renderList(req.query.skus.split(','), req.query.currencyCode, (req.query.storeId && parseInt(req.query.storeId) > 0) ? req.query.storeId : 1).then((result) => {
result.items = result.items.map((item) => {
let sgnObj = item
if (config.tax.calculateServerSide === true) {
sgnObj = { priceInclTax: item.price_info.final_price }
} else {
sgnObj = { price: item.price_info.extension_attributes.tax_adjustments.final_price }
}
item.sgn = hmac.sign(sgnSrc(sgnObj, item), config.objHashSecret); // for products we sign off only price and id becase only such data is getting back with orders
return item
})
apiStatus(res, result, 200);
}).catch(err => {
apiError(res, err);
productProxy.renderList(req.query.skus.split(','), req.query.currencyCode, (req.query.storeId && parseInt(req.query.storeId) > 0) ? req.query.storeId : 1).then((result) => {
result.items = result.items.map((item) => {
let sgnObj = item
if (config.tax.calculateServerSide === true) {
sgnObj = { priceInclTax: item.price_info.final_price }
} else {
sgnObj = { price: item.price_info.extension_attributes.tax_adjustments.final_price }
}
item.sgn = hmac.sign(sgnSrc(sgnObj, item), config.objHashSecret); // for products we sign off only price and id becase only such data is getting back with orders
return item
})
apiStatus(res, result, 200);
}).catch(err => {
apiError(res, err);
create (req, res) {
const ajv = new Ajv();
require('ajv-keywords')(ajv, 'regexp');
const orderSchema = require('../models/order.schema.js.js')
let orderSchemaExtension = {}
if (fs.existsSync('../models/order.schema.extension.json')) {
orderSchemaExtension = require('../models/order.schema.extension.json')
}
const validate = ajv.compile(merge(orderSchema, orderSchemaExtension));
if (!validate(req.body)) { // schema validation of upcoming order
console.dir(validate.errors);
apiStatus(res, validate.errors, 400);
return;
}
const incomingOrder = { title: 'Incoming order received on ' + new Date() + ' / ' + req.ip, ip: req.ip, agent: req.headers['user-agent'], receivedAt: new Date(), order: req.body }/* parsed using bodyParser.json middleware */
console.log(JSON.stringify(incomingOrder))
for (let product of req.body.products) {
let key = config.tax.calculateServerSide ? { priceInclTax: product.priceInclTax, id: null, sku: null } : { price: product.price, id: null, sku: null }
if (config.tax.alwaysSyncPlatformPricesOver) {
key.id = product.id
} else {
key.sku = product.sku
}
// console.log(key)
if (!config.tax.usePlatformTotals) {
if (!hmac.verify(key, product.sgn, config.objHashSecret)) {
const incomingOrder = { title: 'Incoming order received on ' + new Date() + ' / ' + req.ip, ip: req.ip, agent: req.headers['user-agent'], receivedAt: new Date(), order: req.body }/* parsed using bodyParser.json middleware */
console.log(JSON.stringify(incomingOrder))
for (let product of req.body.products) {
let key = config.tax.calculateServerSide ? { priceInclTax: product.priceInclTax, id: null, sku: null } : { price: product.price, id: null, sku: null }
if (config.tax.alwaysSyncPlatformPricesOver) {
key.id = product.id
} else {
key.sku = product.sku
}
// console.log(key)
if (!config.tax.usePlatformTotals) {
if (!hmac.verify(key, product.sgn, config.objHashSecret)) {
console.error('Invalid hash for ' + product.sku + ': ' + product.sgn)
apiStatus(res, 'Invalid signature validation of ' + product.sku, 200);
return;
}
}
}
if (config.orders.useServerQueue) {
try {
let queue = kue.createQueue(Object.assign(config.kue, { redis: config.redis }));
const job = queue.create('order', incomingOrder).save((err) => {
if (err) {
console.error(err)
apiError(res, err);
} else {
apiStatus(res, job.id, 200);
}
})
const job = queue.create('order', incomingOrder).save((err) => {
if (err) {
console.error(err)
apiError(res, err);
} else {
apiStatus(res, job.id, 200);
}
})
} catch (e) {
}
}
if (config.orders.useServerQueue) {
try {
let queue = kue.createQueue(Object.assign(config.kue, { redis: config.redis }));
const job = queue.create('order', incomingOrder).save((err) => {
if (err) {
console.error(err)
apiError(res, err);
} else {
apiStatus(res, job.id, 200);
}
})
} catch (e) {
apiStatus(res, e, 500);
}
} else {
const orderProxy = _getProxy(req, config)
orderProxy.create(req.body).then((result) => {
apiStatus(res, result, 200);
}).catch(err => {
apiError(res, err);
})
}
}
})
cartApi.get('/version', (req, res) => {
apiStatus(res, { version }, 200);
});
return cartApi;
orderProxy.create(req.body).then((result) => {
apiStatus(res, result, 200);
}).catch(err => {
apiError(res, err);