pepettes/server.py

#! /usr/bin/env python3.6

"""
server.py
Stripe Sample.
Python 3.6 or newer required.
"""

import stripe
import json
import os
import random
import string

from flask import Flask, render_template, jsonify, request, session
from flask_babel import Babel
from flask_simple_csrf import CSRF


static_dir = str(os.path.abspath(os.path.join(__file__, "..", "assets")))
app = Flask(
    __name__, static_folder=static_dir, static_url_path="", template_folder=static_dir
)
app.config.from_pyfile("settings.py")
stripe.api_key = app.config["STRIPE_SECRET_KEY"]
CSRF = CSRF(config={"SECRET_CSRF_KEY": app.config["SECRET_CSRF_KEY"]})
app = CSRF.init_app(app)
babel = Babel(app)


@app.before_request
def before_request():
    if "CSRF_TOKEN" not in session or "USER_CSRF" not in session:
        session["USER_CSRF"] = "".join(
            random.SystemRandom().choice(string.ascii_uppercase + string.digits)
            for _ in range(64)
        )
        session["CSRF_TOKEN"] = CSRF.create(session["USER_CSRF"])


@babel.localeselector
def get_locale():
    return request.accept_languages.best_match(app.config["LANGUAGES"])


@app.route("/", methods=["GET"])
def get_index():
    return render_template(
        "index.html", **app.config["CUSTOM"], csrf=session["USER_CSRF"]
    )


@app.route("/success", methods=["GET"])
def get_success():
    return render_template("success.html", **app.config["CUSTOM"])


@app.route("/canceled", methods=["GET"])
def get_canceled():
    return render_template("canceled.html", **app.config["CUSTOM"])


@app.route("/create-checkout-session", methods=["POST"])
def create_checkout_session():
    data = json.loads(request.data)
    domain_url = app.config["DOMAIN"]
    try:
        donation = app.config["DONATION"]
        currencies = [iso for iso, symbol in app.config["CUSTOM"]["currencies"]]
        if (
            CSRF.verify(data["user_csrf"], session["CSRF_TOKEN"]) is False
            or data["frequency"] not in ["recuring", "one_time"]
            or data["currency"] not in currencies
            or int(data["quantity"]) <= 0
        ):
            return jsonify(error="Bad value"), 400

        # Create new Checkout Session for the order
        price = donation[data["frequency"]][data["currency"]]
        mode = "payment" if data["frequency"] == "one_time" else "subscription"

        checkout_session = stripe.checkout.Session.create(
            success_url=domain_url + "/success?session_id={CHECKOUT_SESSION_ID}",
            cancel_url=domain_url + "/canceled",
            payment_method_types=["card"],
            mode=mode,
            line_items=[{"price": price, "quantity": data["quantity"]}],
        )
        return jsonify({"sessionId": checkout_session["id"]})
    except Exception as e:
        return jsonify(error=str(e)), 403


if __name__ == "__main__":
    app.run(port=app.config["PORT"], debug=app.debug)
Initial commit 2021-02-15 04:36:24 +01:00			`#! /usr/bin/env python3.6`

			`"""`
			`server.py`
			`Stripe Sample.`
			`Python 3.6 or newer required.`
			`"""`

			`import stripe`
			`import json`
			`import os`
[fix] CSRF 2021-02-15 05:25:55 +01:00			`import random`
			`import string`
Initial commit 2021-02-15 04:36:24 +01:00
remove unused imports 2024-05-22 23:13:08 +02:00			`from flask import Flask, render_template, jsonify, request, session`
			`from flask_babel import Babel`
[wip] CSRF 2021-02-15 05:10:36 +01:00			`from flask_simple_csrf import CSRF`
Initial commit 2021-02-15 04:36:24 +01:00
[wip] CSRF 2021-02-15 05:10:36 +01:00
:art: Format Python code with Black 2024-03-07 14:25:25 +01:00			`static_dir = str(os.path.abspath(os.path.join(__file__, "..", "assets")))`
			`app = Flask(`
			`__name__, static_folder=static_dir, static_url_path="", template_folder=static_dir`
			`)`
			`app.config.from_pyfile("settings.py")`
			`stripe.api_key = app.config["STRIPE_SECRET_KEY"]`
			`CSRF = CSRF(config={"SECRET_CSRF_KEY": app.config["SECRET_CSRF_KEY"]})`
[wip] CSRF 2021-02-15 05:10:36 +01:00			`app = CSRF.init_app(app)`
i18n + custom settings 2021-02-19 00:14:04 +01:00			`babel = Babel(app)`
Initial commit 2021-02-15 04:36:24 +01:00
:art: Format Python code with Black 2024-03-07 14:25:25 +01:00
[wip] CSRF 2021-02-15 05:10:36 +01:00			`@app.before_request`
			`def before_request():`
:art: Format Python code with Black 2024-03-07 14:25:25 +01:00			`if "CSRF_TOKEN" not in session or "USER_CSRF" not in session:`
			`session["USER_CSRF"] = "".join(`
			`random.SystemRandom().choice(string.ascii_uppercase + string.digits)`
			`for _ in range(64)`
			`)`
			`session["CSRF_TOKEN"] = CSRF.create(session["USER_CSRF"])`

Initial commit 2021-02-15 04:36:24 +01:00
i18n + custom settings 2021-02-19 00:14:04 +01:00			`@babel.localeselector`
			`def get_locale():`
fixes automatic language selection 2024-05-23 02:53:45 +02:00			`return request.accept_languages.best_match(app.config["LANGUAGES"])`
i18n + custom settings 2021-02-19 00:14:04 +01:00
:art: Format Python code with Black 2024-03-07 14:25:25 +01:00
			`@app.route("/", methods=["GET"])`
Initial commit 2021-02-15 04:36:24 +01:00			`def get_index():`
:art: Format Python code with Black 2024-03-07 14:25:25 +01:00			`return render_template(`
			`"index.html", **app.config["CUSTOM"], csrf=session["USER_CSRF"]`
			`)`
i18n + custom settings 2021-02-19 00:14:04 +01:00

:art: Format Python code with Black 2024-03-07 14:25:25 +01:00			`@app.route("/success", methods=["GET"])`
i18n + custom settings 2021-02-19 00:14:04 +01:00			`def get_success():`
:art: Format Python code with Black 2024-03-07 14:25:25 +01:00			`return render_template("success.html", **app.config["CUSTOM"])`
i18n + custom settings 2021-02-19 00:14:04 +01:00
Initial commit 2021-02-15 04:36:24 +01:00
:art: Format Python code with Black 2024-03-07 14:25:25 +01:00			`@app.route("/canceled", methods=["GET"])`
i18n + custom settings 2021-02-19 00:14:04 +01:00			`def get_canceled():`
:art: Format Python code with Black 2024-03-07 14:25:25 +01:00			`return render_template("canceled.html", **app.config["CUSTOM"])`
Initial commit 2021-02-15 04:36:24 +01:00

:art: Format Python code with Black 2024-03-07 14:25:25 +01:00			`@app.route("/create-checkout-session", methods=["POST"])`
Initial commit 2021-02-15 04:36:24 +01:00			`def create_checkout_session():`
			`data = json.loads(request.data)`
:art: Format Python code with Black 2024-03-07 14:25:25 +01:00			`domain_url = app.config["DOMAIN"]`
Initial commit 2021-02-15 04:36:24 +01:00			`try:`
:art: Format Python code with Black 2024-03-07 14:25:25 +01:00			`donation = app.config["DONATION"]`
			`currencies = [iso for iso, symbol in app.config["CUSTOM"]["currencies"]]`
			`if (`
			`CSRF.verify(data["user_csrf"], session["CSRF_TOKEN"]) is False`
			`or data["frequency"] not in ["recuring", "one_time"]`
			`or data["currency"] not in currencies`
			`or int(data["quantity"]) <= 0`
			`):`
[fix] Check POST value 2021-02-15 04:53:44 +01:00			`return jsonify(error="Bad value"), 400`

Initial commit 2021-02-15 04:36:24 +01:00			`# Create new Checkout Session for the order`
:art: Format Python code with Black 2024-03-07 14:25:25 +01:00			`price = donation[data["frequency"]][data["currency"]]`
			`mode = "payment" if data["frequency"] == "one_time" else "subscription"`
Initial commit 2021-02-15 04:36:24 +01:00
			`checkout_session = stripe.checkout.Session.create(`
:art: Format Python code with Black 2024-03-07 14:25:25 +01:00			`success_url=domain_url + "/success?session_id={CHECKOUT_SESSION_ID}",`
i18n + custom settings 2021-02-19 00:14:04 +01:00			`cancel_url=domain_url + "/canceled",`
:art: Format Python code with Black 2024-03-07 14:25:25 +01:00			`payment_method_types=["card"],`
Initial commit 2021-02-15 04:36:24 +01:00			`mode=mode,`
:art: Format Python code with Black 2024-03-07 14:25:25 +01:00			`line_items=[{"price": price, "quantity": data["quantity"]}],`
Initial commit 2021-02-15 04:36:24 +01:00			`)`
:art: Format Python code with Black 2024-03-07 14:25:25 +01:00			`return jsonify({"sessionId": checkout_session["id"]})`
Initial commit 2021-02-15 04:36:24 +01:00			`except Exception as e:`
			`return jsonify(error=str(e)), 403`


:art: Format Python code with Black 2024-03-07 14:25:25 +01:00			`if __name__ == "__main__":`
			`app.run(port=app.config["PORT"], debug=app.debug)`