changes

foftickets.js

@@ -39,9 +39,9 @@ function hashPW(pw) {
     return(hash);
 }
 
-function hashQR(t,username) {
+function hashQR(t,ownername) {
     const hash0=crypto.createHash('sha256');
-    const hash1=hash0.update(pw+QRSalt);
+    const hash1=hash0.update(t+QRSalt+ownername);
     const hash=hash1.digest("base64").slice(0,6);
     return(hash);
 }
@@ -406,6 +406,16 @@ app.get('/logout', (req, res) => {
   });
 });
 
+app.post('/qrcode',requireLogin,async (req,res) => {
+    const username=req.session.username;
+    const ticket=req.body.ticket;
+    console.log("Body: ",req.body);
+    console.log("Tickets["+ticket+"]",tickets[ticket]);
+    if (tickets[ticket].owner!=username) return res.status(500).send("Only a ticket owner can generate a QR code");
+    const URL=await QRCode.toDataURL('localhost:3000/useticket?t='+ticket+'&h='+hashQR(ticket,username));
+    return res.send({ qrcode: URL });
+    })
+
 // Protected routes
 app.get('/products', requireLogin, (req, res) => {
   res.send(`

views/transfer.ejs

@@ -71,11 +71,18 @@ document.body.addEventListener("click", event => {
                 .then( data => { UpdateSR(-1); event.target.textContent="QRCode"; } )
                 .catch( error => { console.log("Here is the error!"+error); ResponseError=error; UpdateSR(-1); })
             } else {
-            
+            const js=JSON.stringify( { ticket: id0 } );
+	    const fetchtable={ method:'POST', headers: { 'Content-Type': 'application/json' }, body: js };
+            fetch('/qrcode',fetchtable)
+	        .then( response => { if (!response.ok) throw new Error(`Server responded with status ${response.status}`); else return response.json(); } )
+	        .then( data => { console.log("Data is: ",data); } )
+                .catch( error => { console.log("Here is the error!"+error); ResponseError=error; UpdateSR(-1); })
+	        
             console.log("QRCode ",id0);
             }
     }
-});
+})
+
 
 
 const checkboxes = document.querySelectorAll("[id$=-used]");