Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Sanitize/Validate name field #20

Merged
merged 9 commits into from
Jan 26, 2024
Merged

Sanitize/Validate name field #20

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
9 commits
Select commit Hold shift + click to select a range
ffbf48f
escape name
talvasconcelos Dec 13, 2023
99dcb5a
add email pydantic validation (API)
talvasconcelos Dec 13, 2023
f3aeed0
format prettier
talvasconcelos Dec 13, 2023
1068a1f
don't allow slash on email also
talvasconcelos Dec 13, 2023
9fdc969
make regex const
talvasconcelos Dec 14, 2023
8b669ea
use string literals
talvasconcelos Dec 14, 2023
97b6eed
make get ticket a POST
talvasconcelos Dec 14, 2023
649ab58
email regex
talvasconcelos Dec 15, 2023
47e2b80
...
talvasconcelos Dec 16, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions models.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
from fastapi import Query
from pydantic import BaseModel
from pydantic import BaseModel, EmailStr
talvasconcelos marked this conversation as resolved.
Show resolved Hide resolved
from typing import Optional


Expand All @@ -17,7 +17,7 @@ class CreateEvent(BaseModel):

class CreateTicket(BaseModel):
name: str
email: str
email: EmailStr


class Event(BaseModel):
Expand Down
94 changes: 66 additions & 28 deletions templates/events/display.html
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,43 +13,77 @@ <h3 class="q-my-none">{{ event_name }}</h3>
<q-card-section class="q-pa-none">
<h5 class="q-mt-none">Buy Ticket</h5>
<q-form @submit="Invoice()" class="q-gutter-md">
<q-input filled dense v-model.trim="formDialog.data.name" type="name" label="Your name "></q-input>
<q-input filled dense v-model.trim="formDialog.data.email" type="email" label="Your email "></q-input>
<q-input
filled
dense
v-model.trim="formDialog.data.name"
label="Your name "
:rules="[val => nameValidation(val)]"
></q-input>
<q-input
filled
dense
v-model.trim="formDialog.data.email"
type="email"
label="Your email "
:rules="[val => emailValidation(val)]"
></q-input>

<div class="row q-mt-lg">
<q-btn unelevated color="primary"
<q-btn
unelevated
color="primary"
:disable="formDialog.data.name == '' || formDialog.data.email == '' || Boolean(paymentReq)"
type="submit">Submit</q-btn>
<q-btn @click="resetForm" flat color="grey" class="q-ml-auto">Cancel</q-btn>
type="submit"
>Submit</q-btn
>
<q-btn @click="resetForm" flat color="grey" class="q-ml-auto"
>Cancel</q-btn
>
</div>
</q-form>
</q-card-section>
</q-card>

<q-card v-show="ticketLink.show" class="q-pa-lg">
<div class="text-center q-mb-lg">
<q-btn unelevated size="xl" :href="ticketLink.data.link" target="_blank" color="primary" type="a">Link to your
ticket!</q-btn>
<q-btn
unelevated
size="xl"
:href="ticketLink.data.link"
target="_blank"
color="primary"
type="a"
>Link to your ticket!</q-btn
>
<br /><br />
<p>You'll be redirected in a few moments...</p>
</div>
</q-card>
</div>

<q-dialog v-model="receive.show" position="top" @hide="closeReceiveDialog">
<q-card v-if="!receive.paymentReq" class="q-pa-lg q-pt-xl lnbits__dialog-card">
<q-card
v-if="!receive.paymentReq"
class="q-pa-lg q-pt-xl lnbits__dialog-card"
>
</q-card>
<q-card v-else class="q-pa-lg q-pt-xl lnbits__dialog-card">
<div class="text-center q-mb-lg">
<a class="text-secondary" :href="'lightning:' + receive.paymentReq">
<q-responsive :ratio="1" class="q-mx-xl">
<qrcode :value="'lightning:' + receive.paymentReq.toUpperCase()" :options="{width: 340}"
class="rounded-borders"></qrcode>
<qrcode
:value="'lightning:' + receive.paymentReq.toUpperCase()"
:options="{width: 340}"
class="rounded-borders"
></qrcode>
</q-responsive>
</a>
</div>
<div class="row q-mt-lg">
<q-btn outline color="grey" @click="copyText(receive.paymentReq)">Copy invoice</q-btn>
<q-btn outline color="grey" @click="copyText(receive.paymentReq)"
>Copy invoice</q-btn
>
<q-btn v-close-popup flat color="grey" class="q-ml-auto">Close</q-btn>
</div>
</q-card>
Expand Down Expand Up @@ -108,20 +142,27 @@ <h5 class="q-mt-none">Buy Ticket</h5>
dismissMsg()

clearInterval(paymentChecker)
setTimeout(function () { }, 10000)
setTimeout(function () {}, 10000)
},
nameValidation(val) {
const regex = /[`!@#$%^&*()_+\-=\[\]{};':"\\|,.<>\/?~]/g
return (
!regex.test(val) ||
'Please enter valid name. No special character allowed.'
)
},
emailValidation(val) {
let regex = /^\w+([\.-]?\w+)*@\w+([\.-]?\w+)*(\.\w{2,3})+$/g
return !regex.test(val) || 'Please enter valid email.'
},

Invoice: function () {
var self = this
axios

.get(
'/events/api/v1/tickets/' +
'{{ event_id }}' +
'/' +
self.formDialog.data.name +
'/' +
self.formDialog.data.email
)
.post(`/events/api/v1/tickets/{{ event_id }}`, {
name: self.formDialog.data.name,
email: self.formDialog.data.email
})
.then(function (response) {
self.paymentReq = response.data.payment_request
self.paymentCheck = response.data.payment_hash
Expand All @@ -140,9 +181,7 @@ <h5 class="q-mt-none">Buy Ticket</h5>
paymentChecker = setInterval(function () {
axios
.post(
'/events/api/v1/tickets/' +
'{{ event_id }}/' +
self.paymentCheck,
`/events/api/v1/tickets/{{ event_id }}/${self.paymentCheck}`,
{
event: '{{ event_id }}',
event_name: '{{ event_name }}',
Expand Down Expand Up @@ -171,12 +210,11 @@ <h5 class="q-mt-none">Buy Ticket</h5>
self.ticketLink = {
show: true,
data: {
link: '/events/ticket/' + res.data.ticket_id
link: `/events/ticket/${res.data.ticket_id}`
}
}
setTimeout(function () {
window.location.href =
'/events/ticket/' + res.data.ticket_id
window.location.href = `/events/ticket/${res.data.ticket_id}`
}, 5000)
}
})
Expand All @@ -192,4 +230,4 @@ <h5 class="q-mt-none">Buy Ticket</h5>
}
})
</script>
{% endblock %}
{% endblock %}
Loading