From e8c9d618aaff1f111b1692c4fdeff132eb9e3663 Mon Sep 17 00:00:00 2001
From: kagel <dimax4@gmail.com>
Date: Sat, 10 Sep 2016 09:50:13 +0300
Subject: [PATCH] Prevent QR code cheating

---
 resources/sql/queries.sql            |  7 +++++++
 src/clj/commiteth/db/bounties.clj    |  5 +++++
 src/clj/commiteth/routes/qrcodes.clj | 10 +++++++---
 3 files changed, 19 insertions(+), 3 deletions(-)

diff --git a/resources/sql/queries.sql b/resources/sql/queries.sql
index 8da7336..12f7df6 100644
--- a/resources/sql/queries.sql
+++ b/resources/sql/queries.sql
@@ -216,3 +216,10 @@ FROM issues i
     ON r.repo_id = i.repo_id
 WHERE r.user_id = :owner_id
       AND i.commit_id IS NULL;
+
+-- :name get-bounty-address :? :1
+SELECT i.contract_address
+FROM issues i
+  INNER JOIN repositories r ON r.repo_id = i.repo_id
+WHERE i.issue_number = :issue_number
+      AND r.login = :login AND r.repo = :repo;
diff --git a/src/clj/commiteth/db/bounties.clj b/src/clj/commiteth/db/bounties.clj
index 0166366..f4204d3 100644
--- a/src/clj/commiteth/db/bounties.clj
+++ b/src/clj/commiteth/db/bounties.clj
@@ -23,3 +23,8 @@
   [issue-id confirm-hash]
   (jdbc/with-db-connection [con-db *db*]
     (db/update-confirm-hash con-db {:issue_id issue-id :confirm_hash confirm-hash})))
+
+(defn get-bounty-address
+  [user repo issue-number]
+  (jdbc/with-db-connection [con-db *db*]
+    (db/get-bounty-address con-db {:login user :repo repo :issue_number issue-number})))
diff --git a/src/clj/commiteth/routes/qrcodes.clj b/src/clj/commiteth/routes/qrcodes.clj
index f1ebc71..1547a2b 100644
--- a/src/clj/commiteth/routes/qrcodes.clj
+++ b/src/clj/commiteth/routes/qrcodes.clj
@@ -1,6 +1,7 @@
 (ns commiteth.routes.qrcodes
   (:require [ring.util.http-response :refer :all]
             [compojure.api.sweet :refer :all]
+            [commiteth.db.bounties :as bounties]
             [clj.qrgen :as qr]))
 
 (defn generate-qr-code
@@ -9,6 +10,9 @@
     (qr/from (str "ethereum:" address) :size [256 256])))
 
 (defapi qr-routes
-  (context "/qr.png" []
-    (GET "/" {{address :address} :params}
-      (ok (generate-qr-code address)))))
+  (context "/qr" []
+    (GET "/:user/:repo/bounty/:issue{[0-9]{1,9}}/qr.png" [user repo issue]
+      (let [address (bounties/get-bounty-address user repo (Integer/parseInt issue))]
+        (if address
+          (ok (generate-qr-code address))
+          (bad-request))))))