new update 1

channainfo · Dec 4, 2024 · cec67ea · cec67ea
1 parent c828bd2
commit cec67ea
Show file tree

Hide file tree

Showing 5 changed files with 31 additions and 20 deletions.
diff --git a/app/controllers/spree/api/v2/storefront/anonymous_order_controller.rb b/app/controllers/spree/api/v2/storefront/anonymous_order_controller.rb
@@ -6,29 +6,40 @@ class AnonymousOrderController < Spree::Api::V2::BaseController
 
           def show_anonymous_order
             token = params[:token]
+            order = order_jwt_token(token)
 
-            decoded_token = JWT.decode(token, nil, false)
-            payload = decoded_token.first
-
-            order_number = payload['order_number']
-            order = Spree::Order.find_by(number: order_number)
-
-            unless order
-              return render json: { error: 'Item not found' }, status: :not_found
-            end
-
-            server_jwt_token = JWT.encode(payload, order.token, 'HS256')
-
-            if token == server_jwt_token
+            if order
               render_serialized_payload { serialize_resource(order) }
             else
-              render json: { error: 'Item not found' }, status: :not_found
+              render json: { error: 'Invalid or expired token' }, status: :unauthorized
             end
           end
 
           def resource_serializer
             Spree::V2::Storefront::OrderSerializer
           end
+
+          private
+
+          def order_jwt_token(token)
+            decoded_token = decode_jwt(token)
+
+            order_number = decoded_token['order_number']
+            return nil unless order_number
+
+            order = Spree::Order.find_by(number: order_number)
+
+            decoded_token = decode_jwt(token, order&.token)
+            return nil unless decoded_token
+            order
+          end
+
+          def decode_jwt(token, secret = nil)
+              JWT.decode(token, secret, secret.present?, { algorithm: 'HS256' }).first
+            rescue JWT::DecodeError
+              nil
+          end
+
         end
       end
     end

diff --git a/app/helpers/spree/base_helper_decorator.rb b/app/helpers/spree/base_helper_decorator.rb
@@ -20,7 +20,7 @@ def custom_product_storefront_resource_url(resource, options = {})
       end
     end
 
-    def custom_product_line_item_url(line_item, options = {})
+    def custom_product_line_item_url(line_item, jwt_token, options = {})
       if defined?(locale_param) && locale_param.present?
         options.merge!(locale: locale_param)
       end
@@ -32,9 +32,9 @@ def custom_product_line_item_url(line_item, options = {})
                  end
 
       order = Spree::Order.find(line_item.order_id)
-      return if order.number.blank? && @jwt_token.blank?
+      return if order.number.blank? && jwt_token.blank?
 
-      "#{current_store.formatted_url + localize}/anonymous_orders/#{@jwt_token}"
+      "#{current_store.formatted_url + localize}/anonymous_orders/#{jwt_token}"
     end
   end
 end

diff --git a/app/mailers/spree/order_mailer_decorator.rb b/app/mailers/spree/order_mailer_decorator.rb
@@ -9,7 +9,7 @@ def cancel_email(order, resend: false)
     end
 
     def confirm_email(order, resend: false)
-      @order = order.respond_to?(:id) ? order : Spree::Order.find(order)
+      @order = order.respond_to?(:id) ? order : Spree::Ordetr.find(order)
       return false if @order.email.blank?
 
       @current_store = @order.store

diff --git a/app/views/spree_cm_commissioner/order_mailer/_greeting.html.erb b/app/views/spree_cm_commissioner/order_mailer/_greeting.html.erb
@@ -4,7 +4,7 @@
     <div class="booking-confirm"><%= I18n.t('mail.order_mailer.booking_confirm')%></div>
     <div class="hello"><%= I18n.t('mail.order_mailer.hello', full_name: user_full_name(order))%></div>
     <div class="description">
-      <%= I18n.t('mail.order_mailer.booking_event', event_name: order.products.first&.vendor.name || 'NA') %>
+      <%= I18n.t('mail.order_mailer.booking_event', order_number: order.products.first&.vendor.name || 'NA') %>
     </div>
   </div>
 

diff --git a/app/views/spree_cm_commissioner/order_mailer/purchased_items/_items.html.erb b/app/views/spree_cm_commissioner/order_mailer/purchased_items/_items.html.erb
@@ -16,7 +16,7 @@
             <%= sanitize(line_item.variant.options_text) %>
           </div>
         <% end %>
-        <div> <%= link_to 'View Details', custom_product_line_item_url(line_item) %></div>
+        <div> <%= link_to 'View Details', custom_product_line_item_url(line_item, @jwt_token) %></div>
       </td>
       <td class="align-right align-center-vertical" width="10%">
         <span>