diff --git a/foftickets.js b/foftickets.js index 9a3c4ed..64dafda 100644 --- a/foftickets.js +++ b/foftickets.js @@ -39,9 +39,9 @@ function hashPW(pw) { return(hash); } -function hashQR(t,username) { +function hashQR(t,ownername) { const hash0=crypto.createHash('sha256'); - const hash1=hash0.update(pw+QRSalt); + const hash1=hash0.update(t+QRSalt+ownername); const hash=hash1.digest("base64").slice(0,6); return(hash); } @@ -406,6 +406,16 @@ app.get('/logout', (req, res) => { }); }); +app.post('/qrcode',requireLogin,async (req,res) => { + const username=req.session.username; + const ticket=req.body.ticket; + console.log("Body: ",req.body); + console.log("Tickets["+ticket+"]",tickets[ticket]); + if (tickets[ticket].owner!=username) return res.status(500).send("Only a ticket owner can generate a QR code"); + const URL=await QRCode.toDataURL('localhost:3000/useticket?t='+ticket+'&h='+hashQR(ticket,username)); + return res.send({ qrcode: URL }); + }) + // Protected routes app.get('/products', requireLogin, (req, res) => { res.send(` diff --git a/views/transfer.ejs b/views/transfer.ejs index 7ff4df8..986104d 100644 --- a/views/transfer.ejs +++ b/views/transfer.ejs @@ -71,11 +71,18 @@ document.body.addEventListener("click", event => { .then( data => { UpdateSR(-1); event.target.textContent="QRCode"; } ) .catch( error => { console.log("Here is the error!"+error); ResponseError=error; UpdateSR(-1); }) } else { - + const js=JSON.stringify( { ticket: id0 } ); + const fetchtable={ method:'POST', headers: { 'Content-Type': 'application/json' }, body: js }; + fetch('/qrcode',fetchtable) + .then( response => { if (!response.ok) throw new Error(`Server responded with status ${response.status}`); else return response.json(); } ) + .then( data => { console.log("Data is: ",data); } ) + .catch( error => { console.log("Here is the error!"+error); ResponseError=error; UpdateSR(-1); }) + console.log("QRCode ",id0); } } -}); +}) + const checkboxes = document.querySelectorAll("[id$=-used]");