Prevent QR code cheating

2025-01-11 10:06:20 +00:00 · 2016-09-10 09:50:13 +03:00 · 2016-09-10 09:50:13 +03:00 · e8c9d618aa
commit e8c9d618aa
parent c1af7788eb
3 changed files with 19 additions and 3 deletions
--- a/resources/sql/queries.sql
+++ b/resources/sql/queries.sql
@ -216,3 +216,10 @@ FROM issues i
    ON r.repo_id = i.repo_id
 WHERE r.user_id = :owner_id
      AND i.commit_id IS NULL;
+
+-- :name get-bounty-address :? :1
+SELECT i.contract_address
+FROM issues i
+  INNER JOIN repositories r ON r.repo_id = i.repo_id
+WHERE i.issue_number = :issue_number
+      AND r.login = :login AND r.repo = :repo;
--- a/src/clj/commiteth/db/bounties.clj
+++ b/src/clj/commiteth/db/bounties.clj
@ -23,3 +23,8 @@
  [issue-id confirm-hash]
  (jdbc/with-db-connection [con-db *db*]
    (db/update-confirm-hash con-db {:issue_id issue-id :confirm_hash confirm-hash})))
+
+(defn get-bounty-address
+  [user repo issue-number]
+  (jdbc/with-db-connection [con-db *db*]
+    (db/get-bounty-address con-db {:login user :repo repo :issue_number issue-number})))
--- a/src/clj/commiteth/routes/qrcodes.clj
+++ b/src/clj/commiteth/routes/qrcodes.clj
@ -1,6 +1,7 @@
 (ns commiteth.routes.qrcodes
  (:require [ring.util.http-response :refer :all]
            [compojure.api.sweet :refer :all]
+            [commiteth.db.bounties :as bounties]
            [clj.qrgen :as qr]))

 (defn generate-qr-code
@ -9,6 +10,9 @@
    (qr/from (str "ethereum:" address) :size [256 256])))

 (defapi qr-routes
-  (context "/qr.png" []
-    (GET "/" {{address :address} :params}
-      (ok (generate-qr-code address)))))
+  (context "/qr" []
+    (GET "/:user/:repo/bounty/:issue{[0-9]{1,9}}/qr.png" [user repo issue]
+      (let [address (bounties/get-bounty-address user repo (Integer/parseInt issue))]
+        (if address
+          (ok (generate-qr-code address))
+          (bad-request))))))