Skip to content

Commit 5b2a340

Browse files
author
roniahmadi
committed
fix: fixing security
1 parent feff174 commit 5b2a340

File tree

5 files changed

+27
-28
lines changed

5 files changed

+27
-28
lines changed

frontend/function_view/detail_view.py

+2-2
Original file line numberDiff line numberDiff line change
@@ -11,8 +11,8 @@ def get(self, request, slug):
1111
gambar = None
1212
try:
1313
gambar = GambarProduk.objects.filter(produk_id=produk.id)
14-
except Exception:
15-
pass
14+
except Exception as e:
15+
print(e)
1616
return render(
1717
request,
1818
"home_detail.html",

frontend/views.py

+9-3
Original file line numberDiff line numberDiff line change
@@ -172,7 +172,7 @@ def post(self, request, id):
172172
for p in userprofileaddress:
173173
p.is_primary = False
174174
p.save()
175-
return redirect("/toko/{}/alamat".format(id))
175+
return redirect(reverse("alamat_toko", id))
176176

177177

178178
@method_decorator(csrf_exempt, name="dispatch")
@@ -518,7 +518,9 @@ def get(self, request, id):
518518
settingweb = self.configuration.api_key_pi
519519
header = {"Authorization": "Key " + settingweb}
520520
postdata = requests.post(
521-
"https://api.minepi.com/v2/payments/" + id + "/approve", headers=header
521+
"https://api.minepi.com/v2/payments/" + id + "/approve",
522+
headers=header,
523+
timeout=5000
522524
)
523525
if postdata.status_code == 200:
524526
return JsonResponse(postdata.json())
@@ -553,6 +555,7 @@ def get(self, request, id):
553555
"https://api.minepi.com/v2/payments/" + id + "/complete",
554556
data=datas,
555557
headers={"Authorization": "Key " + api_key},
558+
timeout=5000
556559
)
557560
if postdata.status_code == 200:
558561
cart = Cart.objects.get(pk=request.GET.get("id"))
@@ -577,6 +580,7 @@ def get(self, request, id):
577580
cancel = requests.get(
578581
"https://api.minepi.com/payments/" + id + "/cancel",
579582
headers={"Authorization": "Key " + api_key},
583+
timeout=5000
580584
)
581585
print(cancel.json())
582586
return JsonResponse(cancel, safe=False)
@@ -633,6 +637,7 @@ def setcomplete(self, request, cart_id, identifier, param):
633637
"https://api.minepi.com/v2/payments/" + identifier + "/complete",
634638
data=datas,
635639
headers={"Authorization": "Key " + api_key},
640+
timeout=5000
636641
)
637642

638643
if postdata.status_code == 200:
@@ -659,7 +664,8 @@ def get(self, request, param):
659664

660665
data_url = "https://api.minepi.com/v2/payments/" + param
661666
requestdata = requests.get(
662-
data_url, headers={"Authorization": "Key " + api_key}
667+
data_url, headers={"Authorization": "Key " + api_key},
668+
timeout=5000
663669
)
664670

665671
cart_id = request.GET.get("cart_id")

projekpi/pi_customer.py

+2-4
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,4 @@
11
class PiCustomer:
2-
api = ""
3-
token = ""
4-
52
def initialize(self, api, token):
6-
pass
3+
self.api = api
4+
self.token = token

projekpi/pi_network.py

+7-7
Original file line numberDiff line numberDiff line change
@@ -49,7 +49,7 @@ def get_balance(self):
4949

5050
def get_payment(self, payment_id):
5151
url = self.base_url + "/v2/payments/" + payment_id
52-
re = requests.get(url, headers=self.get_http_headers())
52+
re = requests.get(url, headers=self.get_http_headers(), timeout=10000)
5353
self.handle_http_response(re)
5454

5555
def create_payment(self, payment_data):
@@ -82,7 +82,7 @@ def create_payment(self, payment_data):
8282

8383
obj = json.dumps(obj)
8484
url = self.base_url + "/v2/payments"
85-
re = requests.post(url, data=obj, json=obj, headers=self.get_http_headers())
85+
re = requests.post(url, data=obj, json=obj, headers=self.get_http_headers(), timeout=10000)
8686
parsed_response = self.handle_http_response(re)
8787

8888
identifier = parsed_response["identifier"]
@@ -138,7 +138,7 @@ def submit_payment(self, payment_id, pending_payment):
138138

139139
def approved_payment(self, identifier):
140140
url = self.base_url + "/v2/payments/" + identifier + "/approve"
141-
re = requests.post(url, headers=self.get_http_headers())
141+
re = requests.post(url, headers=self.get_http_headers(), timeout=10000)
142142
self.handle_http_response(re)
143143

144144
def complete_payment(self, identifier, txid):
@@ -149,24 +149,24 @@ def complete_payment(self, identifier, txid):
149149

150150
obj = json.dumps(obj)
151151
url = self.base_url + "/v2/payments/" + identifier + "/complete"
152-
re = requests.post(url, data=obj, json=obj, headers=self.get_http_headers())
152+
re = requests.post(url, data=obj, json=obj, headers=self.get_http_headers(), timeout=10000)
153153
self.handle_http_response(re)
154154

155155
def cancel_payment(self, identifier):
156156
obj = {}
157157
obj = json.dumps(obj)
158158
url = self.base_url + "/v2/payments/" + identifier + "/cancel"
159-
re = requests.post(url, data=obj, json=obj, headers=self.get_http_headers())
159+
re = requests.post(url, data=obj, json=obj, headers=self.get_http_headers(), timeout=10000)
160160
self.handle_http_response(re)
161161

162162
def cancel_payment_user(self, identifier):
163163
url = self.base_url + "/v2/payments/" + identifier + "/cancel"
164-
re = requests.post(url, headers=self.get_http_headers())
164+
re = requests.post(url, headers=self.get_http_headers(), timeout=10000)
165165
self.handle_http_response(re)
166166

167167
def get_incomplete_server_payments(self):
168168
url = self.base_url + "/v2/payments/incomplete_server_payments"
169-
re = requests.get(url, headers=self.get_http_headers())
169+
re = requests.get(url, headers=self.get_http_headers(), timeout=10000)
170170
res = self.handle_http_response(re)
171171
return res["incomplete_server_payments"]
172172

projekpi/settings.py

+7-12
Original file line numberDiff line numberDiff line change
@@ -23,7 +23,7 @@
2323
# See https://docs.djangoproject.com/en/4.2/howto/deployment/checklist/
2424

2525
# SECURITY WARNING: keep the secret key used in production secret!
26-
SECRET_KEY = "django-insecure-k=#8wq*kz%tackrz%qsxybf155lf6kkg!5at6&x%yn5h086xms"
26+
SECRET_KEY = os.environ.get("SECRET_KEY")
2727

2828
# SECURITY WARNING: don't run with debug turned on in production!
2929
DEBUG = True
@@ -201,19 +201,14 @@
201201

202202
AUTH_USER_MODEL = "profiles.UserProfile"
203203

204-
# EMAIL_USE_TLS = os.getenv('EMAIL_USE_TLS',False)
205-
# EMAIL_HOST = os.getenv("EMAIL_HOST",'geraipi')
206-
# EMAIL_PORT = os.getenv("EMAIL_PORT",465)
207-
# EMAIL_HOST_USER = os.getenv("EMAIL_HOST_USER",'[email protected]')
208-
# EMAIL_HOST_PASSWORD = ("EMAIL_HOST_PASSWORD",'geraipi')
209-
210204
EMAIL_BACKEND = "django.core.mail.backends.smtp.EmailBackend"
211-
EMAIL_HOST = "testnet.geraipi.id"
212-
EMAIL_USE_TLS = False
213-
EMAIL_PORT = 465
205+
206+
EMAIL_USE_TLS = os.getenv('EMAIL_USE_TLS',False)
207+
EMAIL_HOST = os.getenv("EMAIL_HOST",'geraipi')
208+
EMAIL_PORT = os.getenv("EMAIL_PORT",465)
214209
EMAIL_USE_SSL = True
215-
EMAIL_HOST_USER = "[email protected]"
216-
EMAIL_HOST_PASSWORD = "Ahmadi123@"
210+
EMAIL_HOST_USER = os.getenv("EMAIL_HOST_USER",'[email protected]')
211+
EMAIL_HOST_PASSWORD = ("EMAIL_HOST_PASSWORD",'geraipi')
217212

218213
CKEDITOR_UPLOAD_PATH = "uploads/"
219214
CKEDITOR_FILENAME_GENERATOR = "utils.get_filename"

0 commit comments

Comments
 (0)