fix: potential context leak

Add BE validator
Sending invoice from the BE
2024-10-03 23:41:39 +02:00 · 2024-08-27 14:38:37 +02:00 · 2024-08-27 13:52:36 +02:00 · 2024-08-27 13:28:11 +02:00
12 changed files with 318 additions and 25 deletions
--- a/cmd/api/handlers-api.go
+++ b/cmd/api/handlers-api.go
@ -1,6 +1,7 @@
 package main

 import (
+	"bytes"
 	"encoding/json"
 	"errors"
 	"fmt"
@ -8,6 +9,7 @@ import (
 	"myapp/internal/cards/encryption"
 	"myapp/internal/models"
 	"myapp/internal/urlsigner"
+	"myapp/internal/validator"
 	"net/http"
 	"strconv"
 	"strings"
@ -103,6 +105,17 @@ func (app *application) GetWidgetByID(w http.ResponseWriter, r *http.Request) {
 	w.Write(out)
 }

+type Invoice struct {
+	ID        int       `json:"id"`
+	Quantity  int       `json:"quantity"`
+	Amount    int       `json:"amount"`
+	Product   string    `json:"product"`
+	FirstName string    `json:"first_name"`
+	LastName  string    `json:"last_name"`
+	Email     string    `json:"email"`
+	CreatedAt time.Time `json:"created_at"`
+}
+
 func (app *application) CreateCustomerAndSubscribeToPlan(w http.ResponseWriter, r *http.Request) {
 	var data stripePayload

@ -112,6 +125,14 @@ func (app *application) CreateCustomerAndSubscribeToPlan(w http.ResponseWriter,
 		return
 	}

+	// validate data
+	v := validator.New()
+	v.Check(len(data.FirstName) > 1, "first_name", "must be at least 2 characters")
+	if !v.Valid() {
+		app.failedValidation(w, r, v.Errors)
+		return
+	}
+
 	app.infoLog.Println(data.Email, data.LastFour, data.PaymentMethod, data.Plan)

 	card := cards.Card{
@ -183,11 +204,27 @@ func (app *application) CreateCustomerAndSubscribeToPlan(w http.ResponseWriter,
 			Amount:        amount,
 		}

-		_, err = app.SaveOrder(order)
+		orderID, err := app.SaveOrder(order)
 		if err != nil {
 			app.errorLog.Println(err)
 			return
 		}
+
+		inv := Invoice{
+			ID:        orderID,
+			Quantity:  order.Quantity,
+			Amount:    order.Amount,
+			Product:   "Bronze Plan",
+			FirstName: data.FirstName,
+			LastName:  data.LastName,
+			Email:     data.Email,
+			CreatedAt: time.Now(),
+		}
+		err = app.callInvoiceMicro(inv)
+		if err != nil {
+			app.errorLog.Println(err)
+			// Don't stop the program
+		}
 	}

 	resp := JSONResponse{
@ -205,6 +242,30 @@ func (app *application) CreateCustomerAndSubscribeToPlan(w http.ResponseWriter,
 	w.Write(out)
 }

+func (app *application) callInvoiceMicro(inv Invoice) error {
+	// TODO: Do not hard code this.
+	url := "http://localhost:5000/invoice/create-and-send"
+	out, err := json.MarshalIndent(inv, "", "\t")
+	if err != err {
+		return err
+	}
+
+	req, err := http.NewRequest("POST", url, bytes.NewBuffer(out))
+	if err != nil {
+		return nil
+	}
+	req.Header.Set("Content-Type", "application/json")
+	client := &http.Client{}
+	resp, err := client.Do(req)
+	if err != nil {
+		return err
+	}
+	defer resp.Body.Close()
+	app.infoLog.Println(resp.Body)
+
+	return nil
+}
+
 func (app *application) SaveCustomer(firstName, lastName, email string) (int, error) {
 	customer := models.Customer{
 		FirstName: firstName,
--- a/cmd/api/helpers.go
+++ b/cmd/api/helpers.go
@ -95,3 +95,20 @@ func (app *application) passwordMatches(hash, password string) (bool, error) {

 	return true, nil
 }
+
+func (app *application) failedValidation(
+	w http.ResponseWriter,
+	r *http.Request,
+	errors map[string]string,
+) {
+	var payload struct {
+		OK      bool              `json:"ok"`
+		Message string            `json:"message"`
+		Errors  map[string]string `json:"errors"`
+	}
+
+	payload.OK = false
+	payload.Message = "failed validation"
+	payload.Errors = errors
+	app.writeJSON(w, http.StatusUnprocessableEntity, payload)
+}
--- a/cmd/micro/invoice/email-templates/invoice.html.gohtml
+++ b/cmd/micro/invoice/email-templates/invoice.html.gohtml
@ -0,0 +1,18 @@
+{{ define "body" }}
+<!DOCTYPE html>
+<html>
+    <head>
+        <meta name="viewport" content="width=device-width">
+        <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
+    </head>
+    <body>
+        <p>Hello:</p>
+        <p>Please find your invoice attached.</p>
+        <p>
+            --
+            <br>
+            Widget Co.
+        </p>
+    </body>
+</html>
+{{ end }}
--- a/cmd/micro/invoice/email-templates/invoice.plain.gohtml
+++ b/cmd/micro/invoice/email-templates/invoice.plain.gohtml
@ -0,0 +1,9 @@
+{{ define "body" }}
+Hello:
+
+Please find your invoice attached.
+
+--
+Widget Co.
+{{ end }}
+
--- a/cmd/micro/invoice/invoice-handlers.go
+++ b/cmd/micro/invoice/invoice-handlers.go
@ -17,37 +17,38 @@ type Order struct {
 	FirstName string    `json:"first_name"`
 	LastName  string    `json:"last_name"`
 	Email     string    `json:"email"`
-	CreatedAt time.Time `json:"-"`
+	CreatedAt time.Time `json:"created_at"`
 }

 func (app *application) CreateAndSendInvoice(w http.ResponseWriter, r *http.Request) {
 	// receive json
 	var order Order

-	order.ID = 100
-	order.Email = "me@here.com"
-	order.FirstName = "John"
-	order.LastName = "Smith"
-	order.Quantity = 1
-	order.Amount = 1000
-	order.Product = "Widget"
-	order.CreatedAt = time.Now()
-	// err = app.readJSON(w, r, &order)
-	// if err != nil {
-	// 	app.badRequest(w, r, err)
-	// 	return
-	// }
+	err := app.readJSON(w, r, &order)
+	if err != nil {
+		app.badRequest(w, r, err)
+		return
+	}
+	app.infoLog.Println(order)

 	// generate a pdf invoice
-	err := app.createInvoicePDF(order)
+	err = app.createInvoicePDF(order)
 	if err != nil {
 		app.badRequest(w, r, err)
 		return
 	}

-	// create mail
+	// create mail attachment
+	attachments := []string{
+		fmt.Sprintf("./invoices/%d.pdf", order.ID),
+	}

 	// send mail with attachment
+	err = app.SendMail("info@widgets.com", order.Email, "Your invoice", "invoice", attachments, nil)
+	if err != nil {
+		app.badRequest(w, r, err)
+		return
+	}

 	// send response
 	var resp JSONResponse
--- a/cmd/micro/invoice/invoice-routes.go
+++ b/cmd/micro/invoice/invoice-routes.go
@ -18,6 +18,6 @@ func (app *application) routes() http.Handler {
 		MaxAge:           300,
 	}))

-	mux.Get("/invoice/create-and-send", app.CreateAndSendInvoice)
+	mux.Post("/invoice/create-and-send", app.CreateAndSendInvoice)
 	return mux
 }
--- a/cmd/micro/invoice/mailer.go
+++ b/cmd/micro/invoice/mailer.go
@ -0,0 +1,88 @@
+package main
+
+import (
+	"bytes"
+	"embed"
+	"fmt"
+	"text/template"
+	"time"
+
+	mail "github.com/xhit/go-simple-mail/v2"
+)
+
+//go:embed email-templates
+var emailTemplateFS embed.FS
+
+func (app *application) SendMail(
+	from, to, subject, tmpl string,
+	attachments []string,
+	data interface{},
+) error {
+	templateToRender := fmt.Sprintf("email-templates/%s.html.gohtml", tmpl)
+
+	t, err := template.New("email-html").ParseFS(emailTemplateFS, templateToRender)
+	if err != nil {
+		app.errorLog.Println(err)
+		return err
+	}
+
+	var tpl bytes.Buffer
+	if err = t.ExecuteTemplate(&tpl, "body", data); err != nil {
+		app.errorLog.Println(err)
+		return err
+	}
+
+	formattedMessage := tpl.String()
+
+	templateToRender = fmt.Sprintf("email-templates/%s.plain.gohtml", tmpl)
+	t, err = template.New("email-plain").ParseFS(emailTemplateFS, templateToRender)
+	if err != nil {
+		app.errorLog.Println(err)
+		return err
+	}
+	if err = t.ExecuteTemplate(&tpl, "body", data); err != nil {
+		app.errorLog.Println(err)
+		return err
+	}
+
+	plainMessage := tpl.String()
+
+	app.infoLog.Println(formattedMessage, plainMessage)
+
+	// send the mail
+	server := mail.NewSMTPClient()
+	server.Host = app.config.smtp.host
+	server.Port = app.config.smtp.port
+	// NOTE: not needed for MailHog
+	// server.Username = app.config.smtp.username
+	// server.Password = app.config.smtp.password
+	// server.Encryption = mail.EncryptionTLS
+	server.KeepAlive = false
+	server.ConnectTimeout = 10 * time.Second
+	server.SendTimeout = 10 * time.Second
+
+	smtpClient, err := server.Connect()
+	if err != nil {
+		return err
+	}
+	email := mail.NewMSG()
+	email.SetFrom(from).AddTo(to).SetSubject(subject)
+	email.SetBody(mail.TextHTML, formattedMessage)
+	email.AddAlternative(mail.TextPlain, plainMessage)
+
+	if len(attachments) > 0 {
+		for _, x := range attachments {
+			email.AddAttachment(x)
+		}
+	}
+
+	err = email.Send(smtpClient)
+	if err != nil {
+		app.errorLog.Println(err)
+		return err
+	}
+
+	app.infoLog.Println("send mail")
+
+	return nil
+}
--- a/cmd/web/handlers.go
+++ b/cmd/web/handlers.go
@ -1,6 +1,8 @@
 package main

 import (
+	"bytes"
+	"encoding/json"
 	"fmt"
 	"myapp/internal/cards"
 	"myapp/internal/cards/encryption"
@ -8,6 +10,7 @@ import (
 	"myapp/internal/urlsigner"
 	"net/http"
 	"strconv"
+	"time"

 	"github.com/go-chi/chi/v5"
 )
@ -95,6 +98,17 @@ func (app *application) GetTransactionData(r *http.Request) (TransactionData, er
 	return txnData, nil
 }

+type Invoice struct {
+	ID        int       `json:"id"`
+	Quantity  int       `json:"quantity"`
+	Amount    int       `json:"amount"`
+	Product   string    `json:"product"`
+	FirstName string    `json:"first_name"`
+	LastName  string    `json:"last_name"`
+	Email     string    `json:"email"`
+	CreatedAt time.Time `json:"created_at"`
+}
+
 func (app *application) PaymentSucceeded(w http.ResponseWriter, r *http.Request) {
 	// read posted data
 	err := r.ParseForm()
@ -150,6 +164,24 @@ func (app *application) PaymentSucceeded(w http.ResponseWriter, r *http.Request)
 		app.errorLog.Println(err)
 		return
 	}
+	// call microservice
+	inv := Invoice{
+		ID:        orderID,
+		Quantity:  order.Quantity,
+		Amount:    order.Amount,
+		Product:   "Widget",
+		FirstName: txnData.FirstName,
+		LastName:  txnData.LastName,
+		Email:     txnData.Email,
+		CreatedAt: time.Now(),
+	}
+
+	err = app.callInvoiceMicro(inv)
+	if err != nil {
+		app.errorLog.Println(err)
+		// Don't stop the program
+	}
+
 	app.infoLog.Printf("order id: %d", orderID)

 	app.Session.Put(r.Context(), "txn", txnData)
@ -157,6 +189,30 @@ func (app *application) PaymentSucceeded(w http.ResponseWriter, r *http.Request)
 	http.Redirect(w, r, "/receipt", http.StatusSeeOther)
 }

+func (app *application) callInvoiceMicro(inv Invoice) error {
+	// TODO: Do not hard code this.
+	url := "http://localhost:5000/invoice/create-and-send"
+	out, err := json.MarshalIndent(inv, "", "\t")
+	if err != err {
+		return err
+	}
+
+	req, err := http.NewRequest("POST", url, bytes.NewBuffer(out))
+	if err != nil {
+		return nil
+	}
+	req.Header.Set("Content-Type", "application/json")
+	client := &http.Client{}
+	resp, err := client.Do(req)
+	if err != nil {
+		return err
+	}
+	defer resp.Body.Close()
+	app.infoLog.Println(resp.Body)
+
+	return nil
+}
+
 func (app *application) VirtualTerminalPaymentSucceeded(w http.ResponseWriter, r *http.Request) {
 	txnData, err := app.GetTransactionData(r)
 	if err != nil {
--- a/cmd/web/templates/bronze-plan.page.gohtml
+++ b/cmd/web/templates/bronze-plan.page.gohtml
@ -14,18 +14,22 @@ Bronze Plan
      class="d-blick needs-validation charge-form"
      autocomplete="off"
      novalidate="">
-    <input type="hidden" id="product_id" name="product_id" value="{{$widget.ID}}">
+    <input type="hidden"
+           id="product_id"
+           name="product_id"
+           value="{{$widget.ID}}">
    <input type="hidden" id="amount" name="amount" value="{{$widget.Price}}">
    <p class="mt-2 mb-3 text-center">{{$widget.Description}}</p>
    <hr>
    <div class="mb-3">
-        <label for="first-name" class="form-label">First Name</label>
+        <label for="first_name" class="form-label">First Name</label>
        <input type="text"
-               id="first-name"
+               id="first_name"
               name="first_name"
-               autocomplete="first-name-new"
+               autocomplete="first_name-new"
               required=""
               class="form-control">
+        <div id="first_name-help" class="d-none"></div>
    </div>
    <div class="mb-3">
        <label for="last-name" class="form-label">Last Name</label>
--- a/internal/driver/driver.go
+++ b/internal/driver/driver.go
@ -19,7 +19,8 @@ func OpenDB(dsn string) (*sql.DB, error) {
 	db.SetMaxOpenConns(10)
 	db.SetMaxIdleConns(10)

-	ctx, _ := context.WithTimeout(context.Background(), 3*time.Second)
+	ctx, cancel := context.WithTimeout(context.Background(), 3*time.Second)
+	defer cancel()
 	err = db.PingContext(ctx)
 	if err != nil {
 		fmt.Println(err)
--- a/internal/validator/validator.go
+++ b/internal/validator/validator.go
@ -0,0 +1,25 @@
+package validator
+
+type Validator struct {
+	Errors map[string]string
+}
+
+func New() *Validator {
+	return &Validator{Errors: make(map[string]string)}
+}
+
+func (v *Validator) Valid() bool {
+	return len(v.Errors) == 0
+}
+
+func (v *Validator) AddError(key, message string) {
+	if _, exists := v.Errors[key]; !exists {
+		v.Errors[key] = message
+	}
+}
+
+func (v *Validator) Check(ok bool, key, message string) {
+	if !ok {
+		v.AddError(key, message)
+	}
+}
--- a/static/js/stripe-plan.js
+++ b/static/js/stripe-plan.js
@ -47,7 +47,7 @@ function stripePaymentMethodHandler(result, plan_id, api) {
            card_brand: result.paymentMethod.card.brand,
            expiry_month: result.paymentMethod.card.exp_month,
            expiry_year: result.paymentMethod.card.exp_year,
-            first_name: document.getElementById("first-name").value,
+            first_name: document.getElementById("first_name").value,
            last_name: document.getElementById("last-name").value,
            amount: document.getElementById("amount").value,
        };
@ -65,9 +65,22 @@ function stripePaymentMethodHandler(result, plan_id, api) {
            .then(response => response.json())
            .then(function (data) {
                console.log(data);
+                if (data.ok === false) {
+                    document.getElementById("charge_form").classList.remove("was-validated")
+                    Object.entries(data.errors).forEach((i) => {
+                        const [key, value] = i
+                        document.getElementById(key).classList.add("is-invalid");
+                        document.getElementById(key + "-help").classList.remove("valid-feedback");
+                        document.getElementById(key + "-help").classList.remove("d-none");
+                        document.getElementById(key + "-help").classList.add("invalid-feedback");
+                        document.getElementById(key + "-help").innerText = value;
+                    });
+                    showPayButton();
+                    return
+                }
                processing.classList.add("d-none");
                showSuccess("card-messages", "Transaction successful!");
-                sessionStorage.first_name = document.getElementById("first-name").value;
+                sessionStorage.first_name = document.getElementById("first_name").value;
                sessionStorage.last_name = document.getElementById("last-name").value;
                sessionStorage.amount = document.getElementById("amount").value;
                sessionStorage.last_four = result.paymentMethod.card.last4;
Author	SHA1	Message	Date
Muyao CHEN	c22b5d2372	fix: potential context leak	2024-10-03 23:41:39 +02:00
vinchent	3d5212fb53	Add BE validator	2024-08-27 14:38:37 +02:00
vinchent	082c75283d	Sending invoice from the BE	2024-08-27 13:52:36 +02:00
vinchent	9b31ff0bbb	Sending invoice mails with attachement	2024-08-27 13:28:11 +02:00