kbe/aperonight
1
0
Fork 0
Code Issues Pull Requests 1 Packages Projects Releases Wiki Activity

refactor: extract cart storage to dedicated API controller with dynamic frontend URLs
All checks were successful
Ruby on Rails Test / rails-test (push) Successful in 1m7s

Browse Source 
- Added dedicated CartsController for session-based cart storage
- Refactored routes to use POST /api/v1/carts/store
- Updated ticket selection JS to use dynamic data attributes for URLs
- Fixed CSRF protection in API and checkout payment increment
- Made checkout button URLs dynamic via data attributes
- Updated tests for new cart storage endpoint
- Removed obsolete store_cart from EventsController
This commit is contained in:
kbe
2025-09-15 19:52:01 +02:00
parent 4cde466f9a
commit d6184b6c84
8 changed files with 63 additions and 33 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
app/views/events/show.html.erb
View File

@@ -135,8 +135,12 @@
controller: "ticket-selection",
ticket_selection_target: "form",
ticket_selection_event_slug_value: @event.slug,
ticket_selection_event_id_value: @event.id
} do |form| %>
ticket_selection_event_id_value: @event.id,
ticket_selection_order_new_url_value: event_order_new_path(@event.slug, @event.id),
ticket_selection_store_cart_url_value: api_v1_store_cart_path,
ticket_selection_order_new_url_value: event_order_new_path(@event.slug, @event.id),
ticket_selection_store_cart_url_value: api_v1_store_cart_path
} do |form| %>
<div class="bg-gradient-to-br from-purple-50 to-indigo-50 rounded-2xl border border-purple-100 p-6 shadow-sm">
<div class="flex justify-center sm:justify-start mb-6">

37
app/views/orders/checkout.html.erb
View File

@@ -139,10 +139,13 @@
</div>
</div>
<button
id="checkout-button"
class="w-full btn btn-primary py-4 px-6 rounded-xl transition-all duration-200 transform hover:scale-105 active:scale-95 shadow-lg hover:shadow-xl"
>
<button
id="checkout-button"
data-order-id="<%= @order.id %>"
data-increment-url="/api/v1/orders/<%= @order.id %>/increment_payment_attempt"
data-session-id="<%= @checkout_session.id if @checkout_session.present? %>"
class="w-full btn btn-primary py-4 px-6 rounded-xl transition-all duration-200 transform hover:scale-105 active:scale-95 shadow-lg hover:shadow-xl"
>
<div class="flex items-center justify-center">
<i data-lucide="credit-card" class="w-5 h-5 mr-2"></i>
Payer <%= @order.total_amount_euros %>€
@@ -199,13 +202,16 @@
try {
// Increment payment attempt counter
console.log('Incrementing payment attempt for order:', '<%= @order.id %>');
const response = await fetch('/api/v1/orders/<%= @order.id %>/increment_payment_attempt', {
method: 'PATCH',
headers: {
'Content-Type': 'application/json'
}
});
const orderId = checkoutButton.dataset.orderId;
const incrementUrl = checkoutButton.dataset.incrementUrl;
console.log('Incrementing payment attempt for order:', orderId);
const response = await fetch(incrementUrl, {
method: 'PATCH',
headers: {
'Content-Type': 'application/json',
'X-CSRF-Token': document.querySelector('[name=csrf-token]').content
}
});
if (!response.ok) {
console.error('Payment attempt increment failed:', response.status, response.statusText);
@@ -226,10 +232,11 @@
`;
// Redirect to Stripe
console.log('Redirecting to Stripe with session ID:', '<%= @checkout_session&.id %>');
const stripeResult = await stripe.redirectToCheckout({
sessionId: '<%= @checkout_session.id %>'
});
const sessionId = checkoutButton.dataset.sessionId;
console.log('Redirecting to Stripe with session ID:', sessionId);
const stripeResult = await stripe.redirectToCheckout({
sessionId: sessionId
});
if (stripeResult.error) {
throw new Error(stripeResult.error.message);