Started basic public PDF endpoint to view/print tickets

Author: jfurfaro

lib/config.js

@@ -10,6 +10,7 @@ module.exports = {
 	},
 	jwt: {
 		secret: process.env.JWT_SECRET,
+		transactionSecret: process.env.JWT_TRANSACTION_SECRET,
 		ticketSecret: process.env.JWT_TICKET_SECRET
 	},
 	mailgun: {

lib/routes/index.js

@@ -5,6 +5,9 @@
 const api = require('express').Router(),
 	{ authorizeUser } = require('../middleware/auth'),
 	{ authenticateUser, refreshAccessToken } = require('../services/auth'),
+	{ validateTransactionToken } = require('../services/transactions'),
+	{ generateTicketsPDF } = require('../services/pdf'),
+	{ getTransactionTickets } = require('../services/guests'),
 	transactionsRouter = require('./transactions'),
 	sitesRouter = require('./sites'),
 	eventsRouter = require('./events'),
@@ -21,6 +24,32 @@ api.use('/promos', promosRouter);
 api.use('/guests', authorizeUser, guestsRouter);
 api.use('/users', authorizeUser, usersRouter);
 
+api.route('/mytickets')
+	.get(async (req, res, next) => {
+		if(!req.query.t) return next(400);
+
+		let transactionId;
+		try {
+			({ sub: transactionId } = validateTransactionToken(req.query.t));
+		} catch(e) {
+			next(e);
+		}
+
+		let tickets;
+		try {
+			tickets = await getTransactionTickets(transactionId);
+		} catch(e) {
+			if (e.code === 'UNAUTHORIZED') return next(401);
+
+			next(e);
+		}
+
+		const ticketsPDF = generateTicketsPDF(tickets);
+
+		ticketsPDF.pipe(res);
+		ticketsPDF.end();
+	});
+
 api.route('/authenticate')
 	.post(async (req, res, next) => {
 		if(!req.body.username || !req.body.password) return next(400);

lib/routes/transactions.js

@@ -1,6 +1,6 @@
 const transactionsRouter = require('express').Router(),
 	{ authorizeUser } = require('../middleware/auth'),
-	{ createTransaction, getTransactions, getTransaction } = require('../services/transactions'),
+	{ createTransaction, getTransactions, getTransaction, generateTransactionToken } = require('../services/transactions'),
 	{ sendReceipt, upsertEmailSubscriber } = require('../services/email');
 
 // TODO: make this configurable at some point
@@ -55,4 +55,17 @@ transactionsRouter.route('/:id')
 		}
 	});
 
+transactionsRouter.route('/:id/token')
+	.get(authorizeUser, async (req, res, next) => {
+		try {
+			const transactionToken = await generateTransactionToken(req.params.id);
+
+			res.json(transactionToken);
+		} catch(e) {
+			if(e.code === 'NOT_FOUND') return next(404);
+
+			next(e);
+		}
+	});
+
 module.exports = transactionsRouter;

lib/services/guests.js

@@ -19,7 +19,7 @@ class GuestsServiceError extends Error {
 	}
 }
 
-const createTicketToken = ({ id, guestId, created }) => jwt.sign({
+const generateTicketToken = ({ id, guestId, created }) => jwt.sign({
 	iss: 'mustachebash',
 	aud: guestId,
 	iat: Math.round(created / 1000),
@@ -84,7 +84,7 @@ module.exports = {
 	async getTicketQrCode(guestId, ticketId) {
 		const [ ticket ] = await run(r.table('tickets').getAll([guestId, ticketId], {index: 'guestAndTicketId'})).then(cursor => cursor.toArray());
 
-		return generateQRDataURI(JSON.stringify(createTicketToken(ticket)));
+		return generateQRDataURI(JSON.stringify(generateTicketToken(ticket)));
 	},
 
 	async createGuestTicket(guestId, { createdBy = 'purchase' } = {}) {
@@ -111,13 +111,30 @@ module.exports = {
 	async getCurrentGuestTicketQrCode(guestId) {
 		const [ ticket ] = await run(r.table('tickets').getAll(guestId, {index: 'guestId'}).filter({status: 'active'})).then(cursor => cursor.toArray());
 
-		return generateQRDataURI(JSON.stringify(createTicketToken(ticket)));
+		return generateQRDataURI(JSON.stringify(generateTicketToken(ticket)));
 	},
 
 	getGuestTickets(guestId) {
 		return run(r.table('tickets').getAll(guestId, {index: 'guestId'})).then(cursor => cursor.toArray());
 	},
 
+	async getTransactionTickets(transactionId) {
+		const query = r.table('guests')
+			.filter({transactionId})
+			.eqJoin('id', r.table('tickets'), {index: 'guestId'})
+			.filter({right: {status: 'active'}})
+			.map({guest: r.row('left'), ticket: r.row('right')});
+
+		const pairs = await run(query).then(cursor => cursor.toArray());
+
+		// Inject the QR Codes
+		for (const pair of pairs) {
+			pair.ticket.qrCode = await generateQRDataURI(JSON.stringify(generateTicketToken(pair.ticket)));
+		}
+
+		return pairs;
+	},
+
 	async updateGuest(id, updates) {
 		for(const u in updates) {
 			// Update whitelist

lib/services/pdf.js

@@ -0,0 +1,27 @@
+/**
+ * PDF service for generating downloadable tickets
+ * @type {Object}
+ */
+
+const PDFDocument = require('pdfkit');
+
+module.exports = {
+	generateTicketsPDF(guestsTicketsPairs) {
+		const doc = new PDFDocument({margin: 50, autoFirstPage: false});
+
+		guestsTicketsPairs.forEach(({ guest, ticket }) => {
+			doc.addPage();
+
+			const { firstName, lastName } = guest,
+				{ qrCode } = ticket;
+
+			doc.fontSize(20)
+				.text('Mustache Bash 2020 - Ticket', 0, 57, {align: 'center'})
+				.fontSize(14)
+				.text(`for ${firstName} ${lastName}`, 0, 97, {align: 'center'})
+				.image(qrCode, 0, 200);
+		});
+
+		return doc;
+	}
+};

lib/services/transactions.js

@@ -3,9 +3,10 @@
  * @type {object}
  */
 const braintree = require('braintree'),
+	jwt = require('jsonwebtoken'),
 	{ run, r } = require('../utils/db'),
 	{ createGuest, createGuestTicket } = require('../services/guests'),
-	{ braintree: btConfig, donationProductId } = require('../config');
+	{ braintree: btConfig, donationProductId, jwt: { transactionSecret } } = require('../config');
 
 const gateway = braintree.connect({
 	environment: braintree.Environment[btConfig.environment],
@@ -204,6 +205,24 @@ module.exports = {
 		return changes[0].new_val;
 	},
 
+	async generateTransactionToken(id) {
+		const transaction = await run(r.table('transactions').get(id));
+
+		if(!transaction) throw new TransactionsServiceError('Transaction not found', 'NOT_FOUND');
+
+		return jwt.sign({
+			iss: 'mustachebash',
+			aud: 'tickets',
+			iat: Math.round(transaction.created / 1000),
+			sub: id
+		},
+		transactionSecret);
+	},
+
+	validateTransactionToken(token) {
+		return jwt.verify(token, transactionSecret, {issuer: 'mustachebash'});
+	},
+
 	getTransaction(id) {
 		return run(r.table('transactions').get(id));
 	}