juice-shop

1
/*
2
 * Copyright (c) 2014-2024 Bjoern Kimminich & the OWASP Juice Shop contributors.
3
 * SPDX-License-Identifier: MIT
4
 */
5

6
import { type Request, type Response, type NextFunction } from 'express'
7
import { CardModel } from '../models/card'
8

9
interface displayCard {
10
  UserId: number
11
  id: number
12
  fullName: string
13
  cardNum: string
14
  expMonth: number
15
  expYear: number
16
}
17

18
module.exports.getPaymentMethods = function getPaymentMethods () {
19
  return async (req: Request, res: Response, next: NextFunction) => {
20
    const displayableCards: displayCard[] = []
21
    const cards = await CardModel.findAll({ where: { UserId: req.body.UserId } })
22
    cards.forEach(card => {
23
      const displayableCard: displayCard = {
24
        UserId: card.UserId,
25
        id: card.id,
26
        fullName: card.fullName,
27
        cardNum: '',
28
        expMonth: card.expMonth,
29
        expYear: card.expYear
30
      }
31
      const cardNumber = String(card.cardNum)
32
      displayableCard.cardNum = '*'.repeat(12) + cardNumber.substring(cardNumber.length - 4)
33
      displayableCards.push(displayableCard)
34
    })
35
    res.status(200).json({ status: 'success', data: displayableCards })
36
  }
37
}
38

39
module.exports.getPaymentMethodById = function getPaymentMethodById () {
40
  return async (req: Request, res: Response, next: NextFunction) => {
41
    const card = await CardModel.findOne({ where: { id: req.params.id, UserId: req.body.UserId } })
42
    const displayableCard: displayCard = {
43
      UserId: 0,
44
      id: 0,
45
      fullName: '',
46
      cardNum: '',
47
      expMonth: 0,
48
      expYear: 0
49
    }
50
    if (card != null) {
51
      displayableCard.UserId = card.UserId
52
      displayableCard.id = card.id
53
      displayableCard.fullName = card.fullName
54
      displayableCard.expMonth = card.expMonth
55
      displayableCard.expYear = card.expYear
56

57
      const cardNumber = String(card.cardNum)
58
      displayableCard.cardNum = '*'.repeat(12) + cardNumber.substring(cardNumber.length - 4)
59
    }
60
    if ((card != null) && displayableCard) {
61
      res.status(200).json({ status: 'success', data: displayableCard })
62
    } else {
63
      res.status(400).json({ status: 'error', data: 'Malicious activity detected' })
64
    }
65
  }
66
}
67

68
module.exports.delPaymentMethodById = function delPaymentMethodById () {
69
  return async (req: Request, res: Response, next: NextFunction) => {
70
    const card = await CardModel.destroy({ where: { id: req.params.id, UserId: req.body.UserId } })
71
    if (card) {
72
      res.status(200).json({ status: 'success', data: 'Card deleted successfully.' })
73
    } else {
74
      res.status(400).json({ status: 'error', data: 'Malicious activity detected.' })
75
    }
76
  }
77
}
78