juice-shop

1
/*
2
 * Copyright (c) 2014-2024 Bjoern Kimminich & the OWASP Juice Shop contributors.
3
 * SPDX-License-Identifier: MIT
4
 */
5

6
import { type Request, type Response, type NextFunction } from 'express'
7
import { BasketModel } from '../models/basket'
8

9
const security = require('../lib/insecurity')
10

11
module.exports = function applyCoupon () {
12
  return ({ params }: Request, res: Response, next: NextFunction) => {
13
    const id = params.id
14
    let coupon: string | undefined | null = params.coupon ? decodeURIComponent(params.coupon) : undefined
15
    const discount = security.discountFromCoupon(coupon)
16
    coupon = discount ? coupon : null
17
    BasketModel.findByPk(id).then((basket: BasketModel | null) => {
18
      if (basket != null) {
19
        basket.update({ coupon: coupon?.toString() }).then(() => {
20
          if (discount) {
21
            res.json({ discount })
22
          } else {
23
            res.status(404).send('Invalid coupon.')
24
          }
25
        }).catch((error: Error) => {
26
          next(error)
27
        })
28
      } else {
29
        next(new Error('Basket with id=' + id + ' does not exist.'))
30
      }
31
    }).catch((error: Error) => {
32
      next(error)
33
    })
34
  }
35
}
36