juice-shop
35 строк · 1.1 Кб
1/*
2* Copyright (c) 2014-2024 Bjoern Kimminich & the OWASP Juice Shop contributors.
3* SPDX-License-Identifier: MIT
4*/
5
6import { type Request, type Response, type NextFunction } from 'express'
7import { BasketModel } from '../models/basket'
8
9const security = require('../lib/insecurity')
10
11module.exports = function applyCoupon () {
12return ({ params }: Request, res: Response, next: NextFunction) => {
13const id = params.id
14let coupon: string | undefined | null = params.coupon ? decodeURIComponent(params.coupon) : undefined
15const discount = security.discountFromCoupon(coupon)
16coupon = discount ? coupon : null
17BasketModel.findByPk(id).then((basket: BasketModel | null) => {
18if (basket != null) {
19basket.update({ coupon: coupon?.toString() }).then(() => {
20if (discount) {
21res.json({ discount })
22} else {
23res.status(404).send('Invalid coupon.')
24}
25}).catch((error: Error) => {
26next(error)
27})
28} else {
29next(new Error('Basket with id=' + id + ' does not exist.'))
30}
31}).catch((error: Error) => {
32next(error)
33})
34}
35}
36