mirror of
https://codeberg.org/timelimit/timelimit-server.git
synced 2025-10-03 09:49:32 +02:00
129 lines
3.4 KiB
TypeScript
129 lines
3.4 KiB
TypeScript
/*
|
|
* server component for the TimeLimit App
|
|
* Copyright (C) 2019 Jonas Lochmann
|
|
*
|
|
* This program is free software: you can redistribute it and/or modify
|
|
* it under the terms of the GNU Affero General Public License as
|
|
* published by the Free Software Foundation, version 3 of the License.
|
|
*
|
|
* This program is distributed in the hope that it will be useful,
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
* GNU Affero General Public License for more details.
|
|
*
|
|
* You should have received a copy of the GNU Affero General Public License
|
|
* along with this program. If not, see <https://www.gnu.org/licenses/>.
|
|
*/
|
|
|
|
import { json } from 'body-parser'
|
|
import { Router } from 'express'
|
|
import { BadRequest, Conflict, Unauthorized } from 'http-errors'
|
|
import { Database } from '../database'
|
|
import {
|
|
addPurchase,
|
|
areGooglePlayPaymentsPossible,
|
|
canDoNextPurchase,
|
|
isGooglePlayPurchaseSignatureValid,
|
|
requireFamilyEntry
|
|
} from '../function/purchase'
|
|
import { WebsocketApi } from '../websocket'
|
|
import { isCanDoPurchaseRequest, isFinishPurchaseByGooglePlayRequest } from './validator'
|
|
|
|
export const createPurchaseRouter = ({ database, websocket }: {
|
|
database: Database
|
|
websocket: WebsocketApi
|
|
}) => {
|
|
const router = Router()
|
|
|
|
router.post('/can-do-purchase', json(), async (req, res, next) => {
|
|
if (!areGooglePlayPaymentsPossible) {
|
|
res.json({ canDoPurchase: 'no because not supported by the server' })
|
|
return
|
|
}
|
|
|
|
try {
|
|
if (!isCanDoPurchaseRequest(req.body)) {
|
|
throw new BadRequest()
|
|
}
|
|
|
|
const familyEntry = await requireFamilyEntry({
|
|
database,
|
|
deviceAuthToken: req.body.deviceAuthToken
|
|
})
|
|
|
|
const result = canDoNextPurchase({ fullVersionUntil: parseInt(familyEntry.fullVersionUntil, 10) })
|
|
|
|
res.json({
|
|
canDoPurchase: result ? 'yes' : 'no due to old purchase'
|
|
})
|
|
} catch (ex) {
|
|
next(ex)
|
|
}
|
|
})
|
|
|
|
router.post('/finish-purchase-by-google-play', json(), async (req, res, next) => {
|
|
try {
|
|
if (!isFinishPurchaseByGooglePlayRequest(req.body)) {
|
|
throw new BadRequest()
|
|
}
|
|
|
|
const deviceEntryUnsafe = await database.device.findOne({
|
|
where: {
|
|
deviceAuthToken: req.body.deviceAuthToken
|
|
},
|
|
attributes: ['familyId']
|
|
})
|
|
|
|
if (!deviceEntryUnsafe) {
|
|
throw new Unauthorized()
|
|
}
|
|
|
|
const deviceEntry = {
|
|
familyId: deviceEntryUnsafe.familyId
|
|
}
|
|
|
|
if (!isGooglePlayPurchaseSignatureValid({
|
|
receipt: req.body.receipt,
|
|
signature: req.body.signature
|
|
})) {
|
|
throw new Conflict()
|
|
}
|
|
|
|
const receipt = JSON.parse(req.body.receipt)
|
|
|
|
if (typeof receipt !== 'object') {
|
|
throw new Conflict()
|
|
}
|
|
|
|
let type: 'month' | 'year'
|
|
|
|
if (receipt.productId === 'premium_year_2018') {
|
|
type = 'year'
|
|
} else if (receipt.productId === 'premium_month_2018') {
|
|
type = 'month'
|
|
} else {
|
|
throw new Conflict()
|
|
}
|
|
|
|
const orderId = receipt.orderId
|
|
|
|
if (typeof orderId !== 'string') {
|
|
throw new Conflict()
|
|
}
|
|
|
|
await addPurchase({
|
|
database,
|
|
familyId: deviceEntry.familyId,
|
|
type,
|
|
transactionId: orderId,
|
|
websocket
|
|
})
|
|
|
|
res.json({ ok: true })
|
|
} catch (ex) {
|
|
next(ex)
|
|
}
|
|
})
|
|
|
|
return router
|
|
}
|