I need help to evaluate weather i am doing it right or is there a better way, the scenario is an 3rd party application is sending an webhook request after a successful payment but the problem is that sometimes this application may send the same notification more than once.so it is recommended to ensure that implementation of the webhook is idempotent.so steps that i am implementing for this are
if signature is correct (assume it is corect),Find orders record in the database using orderId in the request params.
Please note: orderId in request params is payment_gateway_order_identifier in orders table.
if txStatus = 'SUCCESS' AND haven't already processed COLLECTION payment for this same order,
Create payments record.
201 response with nothing in the response body.
else
201 response with nothing in the response body.
else
422 response with {message: "Signature is incorrect"} in response body
views.py
#api_view(['POST'])
def cashfree_request(request):
if request.method == 'POST':
data=request.POST.dict()
payment_gateway_order_identifier= data['orderId']
amount = data['orderAmount']
transaction_status = data['txStatus']
signature = data['signature']
if(computedsignature==signature): #assume it to be true
order=Orders.objects.get(
payment_gateway_order_identifier=payment_gateway_order_identifier)
if transaction_status=='SUCCESS':
try:
payment= Payments.objects.get(orders=order)
return Response({"Payment":"Done"},status=status.HTTP_200_OK)
except (Payments.DoesNotExist):
payment = Payments(orders=order,amount=amount,datetime=datetime)
payment.save()
return Response(status=status.HTTP_200_OK)
else:
return Response(status=status.HTTP_422_UNPROCESSABLE_ENTITY)
models.py
class Orders(models.Model):
id= models.AutoField(primary_key=True)
amount = models.DecimalField(max_digits=19, decimal_places=4)
payment_gateway_order_identifier = models.UUIDField(
primary_key=False,default=uuid.uuid4,editable=False,unique=True)
sussessfull
class Payments(models.Model):
id = models.AutoField(primary_key=True)
orders = models.ForeignKey(Orders, on_delete=models.CASCADE)
amount = models.DecimalField(max_digits=19, decimal_places=4, verbose_name='Price in INR')
datetime = models.DateTimeField(auto_now=False,auto_now_add=False)
This rather belongs to Codereview site. Anyway - you are doing up to 3 consecutive SQL queries, so there's a chance for a race condition. A simple way how to prevent that: use some KV storage like Redis/Memcache as a lock - save the value you're using as a nonce on the start of the function, and delete it on the end.
#api_view(['POST'])
def cashfree_request(request):
data = request.POST.dict()
payment_gateway_order_identifier = data['orderId']
# `nx` will set & return only if the key does not exist
# set a timeout in case it wont reach `delete()` on the end
if not redis.set("lock_%s" % payment_gateway_order_identifier, "1", nx=True, ex=2):
return Response(status=status.HTTP_409_CONFLICT)
amount = data['orderAmount']
transaction_status = data['txStatus']
signature = data['signature']
if computedsignature == signature:
order = Orders.objects.get(payment_gateway_order_identifier=payment_gateway_order_identifier)
if transaction_status == 'SUCCESS':
try:
Payments.objects.get(orders=order)
res = Response({"Payment": "Done"}, status=status.HTTP_200_OK)
except Payments.DoesNotExist:
payment = Payments(orders=order, amount=amount, datetime=datetime)
payment.save()
res = Response(status=status.HTTP_200_OK)
else:
res = Response(status=status.HTTP_422_UNPROCESSABLE_ENTITY)
# unlock for another request
redis.delete("lock_%s" % payment_gateway_order_identifier)
return res
you dont need if request.method == 'POST': since the code is accessible via POST only anyway, that will make your code less indented.
notice you dont handle the case where transaction_status is not SUCCESS
Related
Hi everyone i have project include about payment function between user and user. But i have a problem when many user buy a product.the many payment object will created more than product avaliable. How i can to solve this ?
products_avaliable = Product.objects.filter(on_sell=true)
for product in products_avaliable:
payment = Payment()
payment.buyer = ....
payment.seller = product.owner
payment.save()
product.on_sell = False
product.save()
when add deley
products_avaliable = Product.objects.filter(on_sell=true)
for product in products_avaliable:
payment = Payment()
payment.buyer = ....
payment.seller = product.owner
payment.save()
time.sleep(10) # simulate to slow server or many request
product.on_sell = False
product.save()
when i try to time.delay before payment create (simulate when server to slow or may request by user) the payment will create many object
You can check if the object is on_sell before committing to the DB:
for product in products_avaliable:
payment = Payment()
payment.buyer = ....
payment.seller = product.owner
product.on_sell = False
product.refresh_from_db() # update the object
if product.on_sell:
payment.save()
product.save()
else:
...
I have made a webhook (flask) for stripe.
My app has both one time payment and subscription.
I would like to know how can I detect if it's normal checkout or subscription?
This is how I am separating now, but I think it's not recommended way.
I am checking stripe_subscription_id and if exist, I considered it as subscription.
(charge.succeeded is called for subscription succeeded also)
#api.route('/stripe/webhook', methods=['GET', 'POST'])
def webhook():
event = None
payload = request.data
try:
event = json.loads(payload)
except Exception as e:
print('Webhook error while parsing basic request.' + str(e))
if not event:
return jsonify({'status': 'failed'}), 400
# one time payout
if event['type'] == 'charge.succeeded':
event_intent = event['data']['object']
payment_intent = event_intent['payment_intent']
# payment
if event['type'] == 'checkout.session.completed':
checkout_session = event['data']['object']
stripe_subscription_id = checkout_session['subscription']
# customer_email = checkout_session['customer_email']
if stripe_subscription_id:
# Create a new subscription and mark it as paid this month.
customer_subscription_mark_paid(checkout_session['id'], stripe_subscription_id)
elif event['type'] == 'invoice.paid':
invoice = event['data']['object']
stripe_subscription_id = invoice['subscription']
if stripe_subscription_id:
# Check if this is the first invoice or a later invoice in the
# subscription lifecycle.
first_invoice = invoice['billing_reason'] == 'subscription_create'
# You already handle marking the first invoice as paid in the
# `checkout.session.completed` handler.
# Only use this for the 2nd invoice and later, so it doesn't conflict.
if not first_invoice:
# Mark the subscription as paid.
customer_subscription_mark_paid(None, stripe_subscription_id)
elif event['type'] == 'invoice.payment_failed':
invoice = event['data']['object']
stripe_subscription_id = invoice['subscription']
if stripe_subscription_id:
customer_subscription_mark_past_due(None, stripe_subscription_id)
Checking to see if the subscription field is filled is fine, but to be extra sure you can check the contents of the mode field.
My DetailView currently gets longer and longer. And therefore I am trying to learn more about some better practices to shorten it again. Right now, I am looking into the def post() part. The full code is even longer. My best idea currently is to create a utils.py in the same folder and take out the code snippets inside the if else statements. Is that best practice or would you do it in a different way?
class EventDetail(DetailView):
[...]
#transaction.atomic
def post(self, request, *args, **kwargs):
# Discount code POST
if self.discount_form.is_valid():
discount_code = self.discount_form.cleaned_data['code']
request.session[discount_cookie_name(request.event)] = discount_code
return redirect(reverse_obj(self.request.event, 'events:detail'))
# Consent form POST
elif self.consent_form.is_valid():
# Check if email entry exists
contact = request.event.organizer.contacts.filter(
email=self.consent_form.cleaned_data['email']
).first()
success_message = _("You successfully signed up to receive event updates.")
if contact:
# Check if current event is allocated to entered email.
event_entry = contact.contact_relation.filter(
event=request.event
).first()
if event_entry:
event_entry.lead = True
event_entry.save(update_fields=['lead'])
messages.success(request, success_message)
else:
# Email entry exists, but event allocation must be added.
ContactRelation.objects.create(
lead=True, contact=contact, event=request.event
)
messages.success(request, success_message)
# Create new email entry and allocate event.
else:
instance = self.consent_form.save(commit=False)
instance.organizer = request.event.organizer
instance.save()
instance.contact_relations.add(
request.event, through_defaults={'lead': True}
)
messages.success(request, success_message)
return redirect(reverse_obj(self.request.event, 'events:detail'))
elif self.formset.is_valid():
# Check if the user already has an order_reference in the session
old_order_reference = request.session.get('order_reference')
if old_order_reference is not None:
ReservedItem.objects.filter(
order_reference=old_order_reference
).delete()
# Generate a new order_reference and save it in the session
order_reference = unique_order_reference_generator()
request.session['order_reference'] = order_reference
for form in self.formset:
quantity = form.cleaned_data['quantity']
qty = 0 if not quantity else quantity
if qty > 0:
reserved_item = form.save(commit=False)
ticket = form.cleaned_data['ticket']
reserved_item.order_reference = order_reference
reserved_item.ticket_name = ticket.name
if ticket.tax:
reserved_item.ticket_tax = ticket.tax
reserved_item.tax_name = ticket.tax.name
reserved_item.tax_percentage = ticket.tax.percentage
# Prevent AttributeError
discount_obj = None
if self.discount_code:
discount_obj = self.discount_code
if self.social_ticketing_referral:
# That part is not inside generate_reserved_discount_items
# as the influencer is still getting points. Even, if the ticket
# has no discount.
reserved_item.social_ticketing_referral = (
self.social_ticketing_referral.ambassador
)
# Add points earned per ticket
reserved_item.social_ticketing_unit_points_earned = (
ticket.points.points
if self.social_ticketing.is_point_mode_manual()
else monetary_amount_to_points(
ticket.price_gross, request.event.currency
)
)
# Check if Social Ticketing has incentive discount (not talking point).
# That also means self.discount_code doesn't apply
if self.social_ticketing.is_incentive_discount():
discount_obj = self.social_ticketing.discount
reserved_item.discount_code = (
self.social_ticketing_referral.code
)
if discount_obj:
generate_reserved_discount_items(
reserved_item=reserved_item,
discount=discount_obj,
ticket=ticket,
quantity=quantity,
)
# Save reserved item
reserved_item.save()
return redirect('checkout:checkout', step='start')
return super().get(request, *args, **kwargs)
I added a check on a Post method to only let appointments on different dates pass through but I don't know how to return an error msg. here's the code
from flask_restful import Resource, Api, request
from package.model import conn
class Appointments(Resource):
def get(self):
appointment = conn.execute("SELECT p.*,d.*,a.* from appointment a LEFT JOIN patient p ON a.pat_id = p.pat_id LEFT JOIN doctor d ON a.doc_id = d.doc_id ORDER BY appointment_date DESC").fetchall()
return appointment
def post(self):
appointment = request.get_json(force=True)
pat_id = appointment['pat_id']
doc_id = appointment['doc_id']
appointment_date = appointment['appointment_date']
a = conn.execute("SELECT count(*) From appointment WHERE doc_id =?
AND appointment_date=?",(doc_id,appointment_date,)).fetchone()
if a['count(*)'] == 0:
appointment['app_id'] = conn.execute('''INSERT INTO appointment(pat_id,doc_id,appointment_date)VALUES(?,?,?)''', (pat_id, doc_id,appointment_date)).lastrowid
conn.commit()
return appointment
else:
pass
what do I return instead of the pass statement?
PS: For context, I'm trying to improve https://github.com/tushariscoolster/HospitalManagementSystem
Flask-Restful provides an abort function, it's can raise an HTTPException with special HTTP code and message back to the client.
So, you can try to change the code like below:
from flask_restful import abort
class Appointments(Resource):
def post(self):
# ignore some code
if a['count(*)'] == 0:
# ignore some code
else:
abort(403, error_message='just accept an appointment on special date')
then, the client will receive 403 and a valid JSON string like below:
{"error_message":"just accept an appointment on special date"}
The last, the client should deal with the error message properly.
I currently have a flask server and an angular js front end on which users can buy things from third party vendors.
These third party vendors have their own payment gateways to which I connect my front end to... So at the point of making the payment, we redirect the user to the payment gateway... Once a payment is made, we have a redirect url on our flask servers that captures the success message (and the payment details).
The issue here is that since we do it on the front end (and since this is a third party's website), the flask-login does not seem to work. We use session to store some of the data of the purchase and thus, we cant seem to be able to connect the product the customer has bought with the transaction he made to buy it!
I have given my apis below:
#api.route('/quoteRequest/',methods = ['POST'])
# #flask_login.login_required
def carquote():
data = request.get_json()
c = quoteController.FUTGENGI(data = data, lob = "Motor", stage="quote")
d = c.finOutput
finalQuotes = []
finalQuotes.append(d)
return Response(json.dumps(finalQuotes),mimetype = "application/json")
#api.route("/proposalRequest/",methods = ['POST'])
def proposalRequest():
data = request.get_json()
current_app.logger.debug(data)
c = quoteController.FUTGENGI(data = data, lob = "Motor", stage="proposal")
output = json.loads(c.quoteDict)
session['proposal'][data['Quote']['insurerID']] = data
return Response(json.dumps(output),mimetype = "application/json")
#Redirect URL:
#api.route('/FUTGENGI/policyCreate/', methods = ['GET','POST'])
def policyCreate(insurerID):
if request.method == "GET":
par = OrderedDict(
WS_P_ID = request.args.get('TranID')
TID = request.args.get('UID')
PGID = request.args.get('PaymentID')
Premium = request.args.get('Amt')
Response = request.args.get('Response')
)
if(par['Response'] == "Success"):
for k,v in par.items():
session['proposal']['FUTGENGI'][k] = v
c = quoteController.FUTGENGI(data = session['proposal']['FUTGENGI'], lob = "Motor", stage="payment")
return Response(json.dumps(c.paymentOutput), mimetype = "application/json")
else:
return Response(json.dumps({"output":"Oops. Something went wrong. Please try again"}), mimetype = "application/json")