Merge branch 'main' into update-cd-dev

Author: RealDyllon

.coveragerc

@@ -0,0 +1,2 @@
+[run]
+omit = **/__init__.py

.env.dev

@@ -53,4 +53,4 @@ jobs:
 
       - name: Deploy to AWS
         run: |
-          npm run deploy -- --stage production --aws-profile github_actions
+          npm run deploy -- --stage prod --aws-profile github_actions

.env.test

@@ -22,7 +22,7 @@ jobs:
       - name: Setup Node
         uses: actions/setup-node@v2
         with:
-          node-version: "14"
+          node-version: "16"
 
       - name: Setup Python
         uses: actions/setup-python@v2
@@ -38,17 +38,48 @@ jobs:
           virtualenvs-path: ./poetry_virtualenv
           installer-parallel: true
 
+      - name: Create dummy .env file for tests
+        run: |
+          touch .env
+          echo "
+          STRIPE_SECRET_KEY=key
+          FRONTEND_HOST='http://localhost:3000'
+          PRODUCTS_TABLE_NAME=testing-products
+          PRODUCT_CATEGORIES_TABLE_NAME=testing-products-categories
+          ORDER_HOLD_TABLE_NAME=testing-order-hold
+          " >> .env
+
       - name: Setup aws dummy credentials
         run: |
           mkdir ~/.aws
           touch ~/.aws/credentials
 
       - name: Install dependencies
         run: npm run setup
-
+        
       - name: Pytest
-        run: npm run test
-
+        run: npm run test:py # TODO: change this to `npm run test`
+      
+        env:
+          STRIPE_SECRET_KEY: ${{ secrets.STRIPE_SECRET_KEY }}
+          IS_OFFLINE: "true"
+          AWS_ACCESS_KEY_ID: 'testing'
+          AWS_SECRET_ACCESS_KEY: 'testing'
+          AWS_SECURITY_TOKEN: 'testing'
+          AWS_SESSION_TOKEN: 'testing'
+          AWS_DEFAULT_REGION: 'ap-southeast-1'
+
+          PRODUCT_CATEGORIES_TABLE_NAME: 'be-dev-product_categories'
+          PRODUCTS_TABLE_NAME: 'be-dev-products'
+          FRONTEND_HOST: 'https://dev.merch.ntuscse.com'
+
+          BASE_API_SERVER_URL: 'https://api.dev.ntuscse.com'
+
+      - name: Pytest coverage comment
+        uses: MishaKav/pytest-coverage-comment@main
+        with:
+          pytest-xml-coverage-path: ./coverage.xml
+      
   lint:
     runs-on: ubuntu-latest
     steps:
@@ -63,9 +94,20 @@ jobs:
       - name: Setup Python
         uses: actions/setup-python@v2
         with:
-          python-version: "3.9"
+          python-version: "3.9.16"
           architecture: "x64"
 
+      - name: Create dummy .env file for lint
+        run: |
+          touch .env
+          echo "
+          STRIPE_SECRET_KEY=key
+          FRONTEND_HOST='http://localhost:3000'
+          PRODUCTS_TABLE_NAME=testing-products
+          PRODUCT_CATEGORIES_TABLE_NAME=testing-products-categories
+          ORDER_HOLD_TABLE_NAME=testing-order-hold
+          " >> .env
+
       - name: Install and configure Poetry
         uses: snok/install-poetry@v1
         with:

.github/workflows/cd-prod.yml

@@ -8,7 +8,20 @@ node_modules/
 # python local
 .dynamodb/
 .env
+.env.dev
 
 # generated
 out/
 docs_server/swagger/openapi.json
+
+#env vars
+.env.*
+
+# pytest
+/.pytest_cache/
+
+# test coverage
+/.coverage
+/coverage_html/
+/coverage.lcov
+/coverage.xml

.github/workflows/ci.yml

@@ -0,0 +1,2 @@
+STRIPE_SECRET_KEY='<redacted>'
+FRONTEND_HOST='http://localhost:3000'

.gitignore

@@ -0,0 +1,27 @@
+import boto3
+from datetime import datetime
+import os
+from utils.aws.dynamodb import dynamodb
+import sys
+
+
+table_name = os.environ["ORDER_HOLD_TABLE_NAME"]
+
+def handler(event, context):
+    table = dynamodb.Table(table_name)
+
+    # Get the current epoch time
+    now = int(datetime.now().timestamp())
+
+    # Scan the table to find all expired documents
+    result = table.scan(
+        FilterExpression="expiry < :now",
+        ExpressionAttributeValues={":now": now}
+    )
+
+    # Delete the expired documents
+    with table.batch_writer() as batch:
+        for item in result["Items"]:
+            batch.delete_item(Key={"transactionID": item["transactionID"]})
+
+    return dict()

.sample.env

@@ -2,15 +2,20 @@
 import uuid
 from fastapi import APIRouter, HTTPException
 from pydantic import BaseModel
-from datetime import datetime
+from botocore.exceptions import ClientError
+from datetime import datetime, timedelta
 import stripe
 from be.api.v1.templates.non_auth_route import create_non_auth_router
 from be.api.v1.models.cart import PriceModel, Cart
+from be.api.v1.models.order_hold_entry import OrderHoldEntry, ReservedProduct
 from be.api.v1.models.orders import OrderItem, Order, OrderStatus
 from be.api.v1.utils.cart_utils import calc_cart_value, describe_cart, generate_order_items_from_cart
 from utils.dal.order import dal_create_order
+from utils.dal.products import dal_increment_stock_count
+from utils.dal.order_hold import dal_create_order_hold_entry
 
 stripe.api_key = os.environ["STRIPE_SECRET_KEY"]
+DEFAULT_ORDER_EXPIRY_TIME = 1
 
 router = APIRouter(prefix="/cart/checkout", tags=["cart"])
 
@@ -30,6 +35,7 @@ class PostCheckoutResponseModel(BaseModel):
     items: list[OrderItem]
     price: PriceModel
     payment: PaymentModel
+    expiry: int
 
 
 @router.post("", response_model=PostCheckoutResponseModel)
@@ -45,10 +51,9 @@ async def post_checkout(req: CheckoutRequestBodyModel):
         # calculate subtotal
         items_products = generate_order_items_from_cart(req)
 
+        orderID = uuid.uuid4().__str__()
         price = calc_cart_value(items_products)
-        description = describe_cart(items_products)
-
-        # todo: create "pending" order here - in db
+        description = describe_cart(items_products, orderID)
 
         payment_intent = stripe.PaymentIntent.create(
             payment_method_types=["paynow"],
@@ -58,14 +63,13 @@ async def post_checkout(req: CheckoutRequestBodyModel):
             receipt_email=req.email,
             description=f"SCSE Merch Purchase:\n{description}"
         )
-
-        orderID = uuid.uuid4().__str__()
         orderDateTime = datetime.now().__str__()
         customerEmail = req.email
         transactionID = payment_intent.id
         paymentPlatform = "stripe"
         orderItems = items_products
         status = OrderStatus.PENDING_PAYMENT
+        expiry = datetime.now() + timedelta(hours=int(os.environ.get("ORDER_EXPIRY_TIME", DEFAULT_ORDER_EXPIRY_TIME)))
 
         order = Order(
             orderID = orderID,
@@ -77,7 +81,14 @@ async def post_checkout(req: CheckoutRequestBodyModel):
             status = status
         )
 
+        for orderItem in orderItems:
+            dal_increment_stock_count(orderItem.id, -orderItem.quantity, orderItem.size, orderItem.colorway)
+
+        reservedProducts = [ReservedProduct(productID=item.productId, qty=item.quantity) for item in req.items]
+        orderHoldEntry = OrderHoldEntry(transactionID=transactionID, expiry=int(expiry.timestamp()), reservedProducts=reservedProducts)
+
         dal_create_order(order)
+        dal_create_order_hold_entry(orderHoldEntry)
 
         return {
             "orderId": orderID,
@@ -87,11 +98,18 @@ async def post_checkout(req: CheckoutRequestBodyModel):
                 "paymentGateway": "stripe",
                 "clientSecret": payment_intent.client_secret
             },
-            "email": req.email
+            "email": req.email,
+            "expiry": int(expiry.timestamp())
         }
 
+    except ClientError as e:
+        if e.response['Error']['Code'] == 'ConditionalCheckFailedException':
+            raise HTTPException(status_code=400, detail="Current quantity cannot be less than 0 and must be available for sale")
+        else:
+            raise HTTPException(status_code=500, detail=e)
 
     except Exception as e:
+        print("Error checking out:", e)
         raise HTTPException(status_code=500, detail=e)
 
 

be/api/v1/cron/expire_unpaid_orders.py

@@ -9,8 +9,18 @@
 # gets a single order
 async def get_order(order_id: str):
     try:
-        return dal_read_order(order_id)
-    except Exception:
+        order = dal_read_order(order_id)
+        # Censor the email associated with the order.
+        split = order.customerEmail.split('@')
+        username = split[0]
+        if len(username) > 2:
+            username = username[:2] + '*' * (len(username)-2)
+        split[0] = username
+        # order.customerEmail = split.join('@')
+        order.customerEmail = '@'.join(split)
+        return order
+    except Exception as e:
+        print("Error reading order:", e)
         raise HTTPException(status_code=404, detail="Order not found")