juice-shop
77 строк · 2.6 Кб
1/*
2* Copyright (c) 2014-2024 Bjoern Kimminich & the OWASP Juice Shop contributors.
3* SPDX-License-Identifier: MIT
4*/
5
6import { type Request, type Response, type NextFunction } from 'express'
7import { CardModel } from '../models/card'
8
9interface displayCard {
10UserId: number
11id: number
12fullName: string
13cardNum: string
14expMonth: number
15expYear: number
16}
17
18module.exports.getPaymentMethods = function getPaymentMethods () {
19return async (req: Request, res: Response, next: NextFunction) => {
20const displayableCards: displayCard[] = []
21const cards = await CardModel.findAll({ where: { UserId: req.body.UserId } })
22cards.forEach(card => {
23const displayableCard: displayCard = {
24UserId: card.UserId,
25id: card.id,
26fullName: card.fullName,
27cardNum: '',
28expMonth: card.expMonth,
29expYear: card.expYear
30}
31const cardNumber = String(card.cardNum)
32displayableCard.cardNum = '*'.repeat(12) + cardNumber.substring(cardNumber.length - 4)
33displayableCards.push(displayableCard)
34})
35res.status(200).json({ status: 'success', data: displayableCards })
36}
37}
38
39module.exports.getPaymentMethodById = function getPaymentMethodById () {
40return async (req: Request, res: Response, next: NextFunction) => {
41const card = await CardModel.findOne({ where: { id: req.params.id, UserId: req.body.UserId } })
42const displayableCard: displayCard = {
43UserId: 0,
44id: 0,
45fullName: '',
46cardNum: '',
47expMonth: 0,
48expYear: 0
49}
50if (card != null) {
51displayableCard.UserId = card.UserId
52displayableCard.id = card.id
53displayableCard.fullName = card.fullName
54displayableCard.expMonth = card.expMonth
55displayableCard.expYear = card.expYear
56
57const cardNumber = String(card.cardNum)
58displayableCard.cardNum = '*'.repeat(12) + cardNumber.substring(cardNumber.length - 4)
59}
60if ((card != null) && displayableCard) {
61res.status(200).json({ status: 'success', data: displayableCard })
62} else {
63res.status(400).json({ status: 'error', data: 'Malicious activity detected' })
64}
65}
66}
67
68module.exports.delPaymentMethodById = function delPaymentMethodById () {
69return async (req: Request, res: Response, next: NextFunction) => {
70const card = await CardModel.destroy({ where: { id: req.params.id, UserId: req.body.UserId } })
71if (card) {
72res.status(200).json({ status: 'success', data: 'Card deleted successfully.' })
73} else {
74res.status(400).json({ status: 'error', data: 'Malicious activity detected.' })
75}
76}
77}
78