pepettes/server.py

#! /usr/bin/env python3.6

"""
server.py
Stripe Sample.
Python 3.6 or newer required.
"""

import stripe
import json
import os
import random
import string

from flask import Flask, render_template, jsonify, request, send_from_directory, session
from flask_babel import Babel, _
from flask_simple_csrf import CSRF


static_dir = str(os.path.abspath(os.path.join(
    __file__, "..", 'assets')))
app = Flask(__name__, static_folder=static_dir,
            static_url_path="", template_folder=static_dir)
app.config.from_pyfile('settings.py')
stripe.api_key = app.config['STRIPE_SECRET_KEY']
CSRF = CSRF(config={
    'SECRET_CSRF_KEY': app.config['SECRET_CSRF_KEY']
})
app = CSRF.init_app(app)
babel = Babel(app)

@app.before_request
def before_request():
    if 'CSRF_TOKEN' not in session or 'USER_CSRF' not in session:
        session['USER_CSRF'] = ''.join(random.SystemRandom().choice(string.ascii_uppercase + string.digits) for _ in range(64))
        session['CSRF_TOKEN'] = CSRF.create(session['USER_CSRF'])

@babel.localeselector
def get_locale():
    return 'fr' #request.accept_languages.best_match(app.config['LANGUAGES'])

@app.route('/', methods=['GET'])
def get_index():
    return render_template('index.html', **app.config['CUSTOM'],
                           csrf=session['USER_CSRF'])


@app.route('/success', methods=['GET'])
def get_success():
    return render_template('success.html', **app.config['CUSTOM'])


@app.route('/canceled', methods=['GET'])
def get_canceled():
    return render_template('canceled.html', **app.config['CUSTOM'])


@app.route('/create-checkout-session', methods=['POST'])
def create_checkout_session():
    data = json.loads(request.data)
    domain_url = app.config['DOMAIN']
    try:
        donation = app.config['DONATION']
        currencies = [iso for iso, symbol in app.config['CUSTOM']['currencies']]
        if CSRF.verify(data['user_csrf'], session['CSRF_TOKEN']) is False or \
           data['frequency'] not in ['recuring', 'one_time'] or \
           data['currency'] not in currencies or \
           int(data['quantity']) <= 0:
            return jsonify(error="Bad value"), 400

        # Create new Checkout Session for the order
        price = donation[data['frequency']][data['currency']]
        mode = "payment" if data['frequency'] == 'one_time' else "subscription"

        checkout_session = stripe.checkout.Session.create(
            success_url=domain_url +
            "/success?session_id={CHECKOUT_SESSION_ID}",
            cancel_url=domain_url + "/canceled",
            payment_method_types= ["card"],
            mode=mode,
            line_items=[
                {
                    "price": price,
                    "quantity": data['quantity']
                }
            ]
        )
        return jsonify({'sessionId': checkout_session['id']})
    except Exception as e:
        return jsonify(error=str(e)), 403


if __name__ == '__main__':
    app.run(port=app.config['PORT'], debug=app.debug)
Initial commit 2021-02-15 04:36:24 +01:00			`#! /usr/bin/env python3.6`

			`"""`
			`server.py`
			`Stripe Sample.`
			`Python 3.6 or newer required.`
			`"""`

			`import stripe`
			`import json`
			`import os`
[fix] CSRF 2021-02-15 05:25:55 +01:00			`import random`
			`import string`
Initial commit 2021-02-15 04:36:24 +01:00
[fix] CSRF 2021-02-15 05:25:55 +01:00			`from flask import Flask, render_template, jsonify, request, send_from_directory, session`
i18n + custom settings 2021-02-19 00:14:04 +01:00			`from flask_babel import Babel, _`
[wip] CSRF 2021-02-15 05:10:36 +01:00			`from flask_simple_csrf import CSRF`
Initial commit 2021-02-15 04:36:24 +01:00
[wip] CSRF 2021-02-15 05:10:36 +01:00
Initial commit 2021-02-15 04:36:24 +01:00			`static_dir = str(os.path.abspath(os.path.join(`
i18n + custom settings 2021-02-19 00:14:04 +01:00			`__file__, "..", 'assets')))`
Initial commit 2021-02-15 04:36:24 +01:00			`app = Flask(__name__, static_folder=static_dir,`
			`static_url_path="", template_folder=static_dir)`
i18n + custom settings 2021-02-19 00:14:04 +01:00			`app.config.from_pyfile('settings.py')`
			`stripe.api_key = app.config['STRIPE_SECRET_KEY']`
[fix] CSRF 2021-02-15 05:25:55 +01:00			`CSRF = CSRF(config={`
i18n + custom settings 2021-02-19 00:14:04 +01:00			`'SECRET_CSRF_KEY': app.config['SECRET_CSRF_KEY']`
[fix] CSRF 2021-02-15 05:25:55 +01:00			`})`
[wip] CSRF 2021-02-15 05:10:36 +01:00			`app = CSRF.init_app(app)`
i18n + custom settings 2021-02-19 00:14:04 +01:00			`babel = Babel(app)`
Initial commit 2021-02-15 04:36:24 +01:00
[wip] CSRF 2021-02-15 05:10:36 +01:00			`@app.before_request`
			`def before_request():`
			`if 'CSRF_TOKEN' not in session or 'USER_CSRF' not in session:`
[fix] CSRF 2021-02-15 05:25:55 +01:00			`session['USER_CSRF'] = ''.join(random.SystemRandom().choice(string.ascii_uppercase + string.digits) for _ in range(64))`
[wip] CSRF 2021-02-15 05:10:36 +01:00			`session['CSRF_TOKEN'] = CSRF.create(session['USER_CSRF'])`
Initial commit 2021-02-15 04:36:24 +01:00
i18n + custom settings 2021-02-19 00:14:04 +01:00			`@babel.localeselector`
			`def get_locale():`
			`return 'fr' #request.accept_languages.best_match(app.config['LANGUAGES'])`

Initial commit 2021-02-15 04:36:24 +01:00			`@app.route('/', methods=['GET'])`
			`def get_index():`
i18n + custom settings 2021-02-19 00:14:04 +01:00			`return render_template('index.html', **app.config['CUSTOM'],`
			`csrf=session['USER_CSRF'])`


			`@app.route('/success', methods=['GET'])`
			`def get_success():`
			`return render_template('success.html', **app.config['CUSTOM'])`

Initial commit 2021-02-15 04:36:24 +01:00
i18n + custom settings 2021-02-19 00:14:04 +01:00			`@app.route('/canceled', methods=['GET'])`
			`def get_canceled():`
			`return render_template('canceled.html', **app.config['CUSTOM'])`
Initial commit 2021-02-15 04:36:24 +01:00

			`@app.route('/create-checkout-session', methods=['POST'])`
			`def create_checkout_session():`
			`data = json.loads(request.data)`
i18n + custom settings 2021-02-19 00:14:04 +01:00			`domain_url = app.config['DOMAIN']`
Initial commit 2021-02-15 04:36:24 +01:00			`try:`
i18n + custom settings 2021-02-19 00:14:04 +01:00			`donation = app.config['DONATION']`
			`currencies = [iso for iso, symbol in app.config['CUSTOM']['currencies']]`
[fix] CSRF 2021-02-15 05:25:55 +01:00			`if CSRF.verify(data['user_csrf'], session['CSRF_TOKEN']) is False or \`
i18n + custom settings 2021-02-19 00:14:04 +01:00			`data['frequency'] not in ['recuring', 'one_time'] or \`
			`data['currency'] not in currencies or \`
[fix] Check POST value 2021-02-15 04:53:44 +01:00			`int(data['quantity']) <= 0:`
			`return jsonify(error="Bad value"), 400`

Initial commit 2021-02-15 04:36:24 +01:00			`# Create new Checkout Session for the order`
i18n + custom settings 2021-02-19 00:14:04 +01:00			`price = donation[data['frequency']][data['currency']]`
			`mode = "payment" if data['frequency'] == 'one_time' else "subscription"`
Initial commit 2021-02-15 04:36:24 +01:00
			`checkout_session = stripe.checkout.Session.create(`
			`success_url=domain_url +`
i18n + custom settings 2021-02-19 00:14:04 +01:00			`"/success?session_id={CHECKOUT_SESSION_ID}",`
			`cancel_url=domain_url + "/canceled",`
Initial commit 2021-02-15 04:36:24 +01:00			`payment_method_types= ["card"],`
			`mode=mode,`
			`line_items=[`
			`{`
i18n + custom settings 2021-02-19 00:14:04 +01:00			`"price": price,`
Initial commit 2021-02-15 04:36:24 +01:00			`"quantity": data['quantity']`
			`}`
			`]`
			`)`
			`return jsonify({'sessionId': checkout_session['id']})`
			`except Exception as e:`
			`return jsonify(error=str(e)), 403`



			`if __name__ == '__main__':`
i18n + custom settings 2021-02-19 00:14:04 +01:00			`app.run(port=app.config['PORT'], debug=app.debug)`