feat(SW-2605): confirmation page only valid for 1 minute for the session

2025-05-06 12:04:00 +02:00
parent e0fe5ff0d5
commit c6a0ce86df
9 changed files with 73 additions and 21 deletions
--- a/apps/scandic-web/app/[lang]/(live)/(public)/hotelreservation/(confirmation)/booking-confirmation/page.tsx
+++ b/apps/scandic-web/app/[lang]/(live)/(public)/hotelreservation/(confirmation)/booking-confirmation/page.tsx
@@ -1,21 +1,41 @@
-import { notFound } from "next/navigation"
+import { cookies } from "next/headers"
+import { notFound, redirect } from "next/navigation"

 import { MEMBERSHIP_FAILED_ERROR } from "@/constants/booking"
 import { getBookingConfirmation } from "@/lib/trpc/memoizedRequests"

 import BookingConfirmation from "@/components/HotelReservation/BookingConfirmation"
+import { decrypt } from "@/utils/encryption"

 import type { LangParams, PageArgs } from "@/types/params"

 export default async function BookingConfirmationPage({
+  params,
  searchParams,
-}: PageArgs<LangParams, { RefId?: string }>) {
+}: PageArgs<
+  LangParams,
+  {
+    RefId?: string
+  }
+>) {
  const refId = searchParams.RefId

  if (!refId) {
    notFound()
  }

+  const sig = cookies().get("bcsig")?.value
+
+  if (!sig) {
+    redirect(`/${params.lang}`)
+  }
+
+  const expire = Number(decrypt(sig))
+  const now = Math.floor(Date.now() / 1000)
+  if (typeof expire === "number" && !isNaN(expire) && now > expire) {
+    redirect(`/${params.lang}`)
+  }
+
  void getBookingConfirmation(refId)

  const membershipFailedError =
--- a/apps/scandic-web/app/[lang]/(live)/(public)/hotelreservation/(payment-callback)/gla-payment-callback/page.tsx
+++ b/apps/scandic-web/app/[lang]/(live)/(public)/hotelreservation/(payment-callback)/gla-payment-callback/page.tsx
@@ -61,7 +61,9 @@ export default async function GuaranteePaymentCallbackPage({
        refId,
      })

-      const error = bookingStatus.errors.find((e) => e.errorCode)
+      const { booking } = bookingStatus
+
+      const error = booking.errors.find((e) => e.errorCode)
      errorMessage =
        error?.description ??
        `No error message found for booking ${confirmationNumber}, status: ${status}`
--- a/apps/scandic-web/app/[lang]/(live)/(public)/hotelreservation/(payment-callback)/payment-callback/page.tsx
+++ b/apps/scandic-web/app/[lang]/(live)/(public)/hotelreservation/(payment-callback)/payment-callback/page.tsx
@@ -15,6 +15,7 @@ import { getServiceToken } from "@/server/tokenManager"
 import { auth } from "@/auth"
 import HandleErrorCallback from "@/components/HotelReservation/EnterDetails/Payment/PaymentCallback/HandleErrorCallback"
 import HandleSuccessCallback from "@/components/HotelReservation/EnterDetails/Payment/PaymentCallback/HandleSuccessCallback"
+import { encrypt } from "@/utils/encryption"

 import type { LangParams, PageArgs } from "@/types/params"

@@ -62,6 +63,8 @@ export default async function PaymentCallbackPage({
  const { refId } = booking

  if (status === PaymentCallbackStatusEnum.Success && confirmationNumber) {
+    const expire = Math.floor(Date.now() / 1000) + 60
+    const sig = encrypt(expire.toString())
    const confirmationUrl = `${bookingConfirmation(lang)}?RefId=${encodeURIComponent(refId)}`
    console.log(
      `[payment-callback] rendering success callback with confirmation number: ${confirmationNumber}`
@@ -70,6 +73,7 @@ export default async function PaymentCallbackPage({
    return (
      <HandleSuccessCallback
        refId={refId}
+        sig={sig}
        successRedirectUrl={confirmationUrl}
      />
    )
@@ -86,8 +90,10 @@ export default async function PaymentCallbackPage({
        refId,
      })

+      const { booking } = bookingStatus
+
      // TODO: how to handle errors for multiple rooms?
-      const error = bookingStatus.errors.find((e) => e.errorCode)
+      const error = booking.errors.find((e) => e.errorCode)

      errorMessage =
        error?.description ??