From bd7134e051a9ec679c42d153327fb8ae45208671 Mon Sep 17 00:00:00 2001
From: F-Node-Karlsruhe <undzn@student.kit.edu>
Date: Sun, 27 Jun 2021 21:50:00 +0200
Subject: [PATCH 1/3] implement manual payment check

---
 app.py             |  8 +++++++
 iota.py            | 55 ++++++++++++++++++++++++++++++++++++++++------
 templates/pay.html | 15 ++++++++++++-
 3 files changed, 70 insertions(+), 8 deletions(-)

diff --git a/app.py b/app.py
index e519628..153bbdc 100644
--- a/app.py
+++ b/app.py
@@ -128,6 +128,14 @@ def await_payment(data):
     iota_listener.socket_session_ids[user_token_hash] = request.sid
 
 
+# socket endpoint for manual check on payment
+@socketio.on('check_payment')
+def await_payment(data):
+
+    socketio.start_background_task(iota_listener.manual_payment_check, data['iota_address'], data['user_token_hash'])
+
+
+
 
 
 if __name__ == '__main__':
diff --git a/iota.py b/iota.py
index fb78b19..d656a60 100644
--- a/iota.py
+++ b/iota.py
@@ -41,6 +41,9 @@ def __init__(self, socketio):
         # link user_token_hashes to session ids
         self.socket_session_ids = {}
 
+        # manual payment checks
+        self.manual_pamyent_checks = set()
+
         # create the iota client
         self.client = iota_client.Client(nodes_name_password=[[node_url]],
                                         mqtt_broker_options=broker_options)
@@ -79,16 +82,13 @@ def mqtt_worker(self):
 
                 message = self.client.get_message_data(json.loads(event['payload'])['messageId'])
 
-                if self.check_payment(message):
+                if self.payment_valid(message):
                     # this must be easier to access within value transfers
                     user_token_hash = bytes(message['payload']['transaction'][0]['essence']['payload']['indexation'][0]['data']).decode()
 
-                    add_to_paid_db(user_token_hash, session_lifetime)
-
-                    if user_token_hash in self.socket_session_ids.keys():
+                    self.unlock_content(user_token_hash)
 
-                        # emit pamyent received event to the user
-                        self.socketio.emit('payment_received', room=self.socket_session_ids.pop(user_token_hash))
+                    
             
             except Exception as e:
                 LOG.warning(e)
@@ -96,7 +96,18 @@ def mqtt_worker(self):
             self.q.task_done()
 
 
-    def check_payment(self, message):
+    def unlock_content(self, user_token_hash):
+
+        add_to_paid_db(user_token_hash, session_lifetime)
+
+        # prevent key errors
+        if user_token_hash in self.socket_session_ids.keys():
+
+            # emit pamyent received event to the user
+            self.socketio.emit('payment_received', room=self.socket_session_ids.pop(user_token_hash))
+
+
+    def payment_valid(self, message):
 
         for output in message['payload']['transaction'][0]['essence']['outputs']:
 
@@ -108,6 +119,36 @@ def check_payment(self, message):
 
         return False
 
+    
+    def manual_payment_check(self, address, user_token_hash):
+
+        # easy checks first to prevent overload
+        if user_token_hash not in self.manual_pamyent_checks and is_own_address(address):
+
+            self.manual_pamyent_checks.add(user_token_hash)
+
+            outputs = self.client.find_outputs(addresses=[address])
+
+            for output in outputs:
+
+                message = self.client.get_message_data(output['message_id'])
+
+                if user_token_hash == bytes(message['payload']['transaction'][0]['essence']['payload']['indexation'][0]['data']).decode():
+
+                    if self.payment_valid(message):
+
+                        self.unlock_content(user_token_hash)
+
+            # prevent key errors
+            if user_token_hash in self.socket_session_ids.keys():
+
+                # emit pamyent not found
+                self.socketio.emit('payment_not_found', room=self.socket_session_ids[user_token_hash])
+
+        self.manual_pamyent_checks.remove(user_token_hash)
+
+
+
     def stop(self):
         self.q.put(self.STOP)
         LOG.info('MQTT worker stopped')
diff --git a/templates/pay.html b/templates/pay.html
index 154ee74..4fcdb84 100644
--- a/templates/pay.html
+++ b/templates/pay.html
@@ -13,8 +13,18 @@
         socket.on('payment_received', function() {
             location.reload();
         });
-
+        socket.on('payment_not_found', function() {
+            console.log('Payment not found');
+        });
+        $('#check_payment_button').on('click', function(){
+            socket.emit('check_payment', {user_token_hash: '{{ user_token_hash }}', iota_address: '{{ iota_address }}'});
+        });
+        // show manual payment check after 30 seconds time
+        setTimeout("showCheckPayment()", 30000);
     });
+    function showCheckPayment() { 
+        document.getElementById("check_payment").style.display = "inline"; 
+    }
 </script>
 <style>
     .custom-box {
@@ -84,5 +94,8 @@ <h5>
                 Firefly wallet
     </a>
     </h5>
+    <div id="check_payment" style="display:none">
+        <button id="check_payment_button">Check for payment</button>
+    </div>
     </div>
 </div>

From 2be24ebd5d8f4dc66b74069d205c9a029266f8b2 Mon Sep 17 00:00:00 2001
From: F-Node-Karlsruhe <undzn@student.kit.edu>
Date: Mon, 28 Jun 2021 18:34:15 +0200
Subject: [PATCH 2/3] add timestamp check

---
 app.py  |  2 +-
 data.py |  8 ++++----
 iota.py | 56 +++++++++++++++++++++++++++++++++++++++++++++++---------
 3 files changed, 52 insertions(+), 14 deletions(-)

diff --git a/app.py b/app.py
index 153bbdc..a15880f 100644
--- a/app.py
+++ b/app.py
@@ -115,7 +115,7 @@ def proxy(slug):
                                                         user_token_hash = user_token_hash,
                                                         iota_address = get_iota_address(slug, iota_listener),
                                                         price = price_per_content,
-                                                        exp_date =  (datetime.now() + timedelta(hours = session_lifetime))
+                                                        exp_date =  (datetime.utcnow() + timedelta(hours = session_lifetime))
                                                         .strftime('%d.%m.%y %H:%M')))
 
 
diff --git a/data.py b/data.py
index 7e38ad9..5074436 100644
--- a/data.py
+++ b/data.py
@@ -53,10 +53,10 @@ def user_token_hash_exists(user_token_hash):
     return user_token_hash in paid_db.keys()
 
 def user_token_hash_valid(user_token_hash):
-    return datetime.fromisoformat(paid_db[user_token_hash]) > datetime.now()
+    return datetime.fromisoformat(paid_db[user_token_hash]) > datetime.utcnow()
 
-def add_to_paid_db(user_token_hash, lifetime):
-    paid_db[user_token_hash] = (datetime.now() + timedelta(hours = lifetime)).isoformat()
+def add_to_paid_db(user_token_hash, exp_time):
+    paid_db[user_token_hash] = exp_time.isoformat()
 
 def pop_from_paid_db(user_token_hash):
     return paid_db.pop(user_token_hash)
@@ -121,7 +121,7 @@ def is_own_address(address):
 
 # remove all expired entries
 def _clear_db():
-    now = datetime.now()
+    now = datetime.utcnow()
     for hash, exp in list(paid_db.items()):
         if datetime.fromisoformat(exp) < now:
             del paid_db[hash]
diff --git a/iota.py b/iota.py
index d656a60..5989fc2 100644
--- a/iota.py
+++ b/iota.py
@@ -1,7 +1,9 @@
+from datetime import date, datetime
 import iota_client
 import queue
 import json
 import logging
+from datetime import datetime, timedelta
 from dotenv import load_dotenv
 from data import get_iota_listening_addresses, add_to_paid_db, is_own_address
 import os
@@ -42,7 +44,7 @@ def __init__(self, socketio):
         self.socket_session_ids = {}
 
         # manual payment checks
-        self.manual_pamyent_checks = set()
+        self.manual_payment_checks = set()
 
         # create the iota client
         self.client = iota_client.Client(nodes_name_password=[[node_url]],
@@ -66,6 +68,10 @@ def start(self):
 
 
     def add_listening_address(self, iota_address):
+        '''
+        Adds an iota_address to the topics of the mqtt listener
+        '''
+
         self.client.subscribe_topic('addresses/%s/outputs' % iota_address, self.on_mqtt_event)
 
 
@@ -96,9 +102,16 @@ def mqtt_worker(self):
             self.q.task_done()
 
 
-    def unlock_content(self, user_token_hash):
+    def unlock_content(self, user_token_hash, exp_time=None):
+        '''
+        Sends the user_token_hash to the db with the right expiration time and informs the user via socket
+        '''
+
+        if exp_time is None:
 
-        add_to_paid_db(user_token_hash, session_lifetime)
+            exp_time = datetime.utcnow() + timedelta(hours = session_lifetime)
+
+        add_to_paid_db(user_token_hash, exp_time)
 
         # prevent key errors
         if user_token_hash in self.socket_session_ids.keys():
@@ -108,6 +121,9 @@ def unlock_content(self, user_token_hash):
 
 
     def payment_valid(self, message):
+        '''
+        Check if the right amount arrived on the rigth address
+        '''
 
         for output in message['payload']['transaction'][0]['essence']['outputs']:
 
@@ -121,11 +137,14 @@ def payment_valid(self, message):
 
     
     def manual_payment_check(self, address, user_token_hash):
+        '''
+        Triggers a crawl on the designated address to find a payment in the past and add it to the db
+        '''
 
         # easy checks first to prevent overload
-        if user_token_hash not in self.manual_pamyent_checks and is_own_address(address):
+        if user_token_hash not in self.manual_payment_checks and is_own_address(address):
 
-            self.manual_pamyent_checks.add(user_token_hash)
+            self.manual_payment_checks.add(user_token_hash)
 
             outputs = self.client.find_outputs(addresses=[address])
 
@@ -137,7 +156,11 @@ def manual_payment_check(self, address, user_token_hash):
 
                     if self.payment_valid(message):
 
-                        self.unlock_content(user_token_hash)
+                        exp_time = self.get_payment_expiry(output['message_id'])
+
+                        if exp_time > datetime.utcnow():
+
+                            self.unlock_content(user_token_hash, exp_time)
 
             # prevent key errors
             if user_token_hash in self.socket_session_ids.keys():
@@ -145,14 +168,29 @@ def manual_payment_check(self, address, user_token_hash):
                 # emit pamyent not found
                 self.socketio.emit('payment_not_found', room=self.socket_session_ids[user_token_hash])
 
-        self.manual_pamyent_checks.remove(user_token_hash)
+        self.manual_payment_checks.remove(user_token_hash)
+
+    def get_payment_expiry(self, message_id):
+        '''
+        Fetches the tangle to get the timestamp of the milstone referencing the message
+        '''
+
+        milestone_index = self.client.get_message_metadata(message_id)['referenced_by_milestone_index']
+
+        message_timestamp = datetime.fromtimestamp(self.client.get_milestone(milestone_index)['timestamp'])
+
+        return message_timestamp + timedelta(hours = session_lifetime)
 
 
 
     def stop(self):
-        self.q.put(self.STOP)
-        LOG.info('MQTT worker stopped')
+        '''
+        Stops the iota listener gracefully
+        '''
+
         self.client.disconnect()
         LOG.info('MQTT client stopped')
+        self.q.put(self.STOP)
+        LOG.info('MQTT worker stopped')
         self.q.queue.clear()
         LOG.info('Working queue cleared')

From d998159ee44461cf9ad00c286db007d84f845959 Mon Sep 17 00:00:00 2001
From: F-Node-Karlsruhe <undzn@student.kit.edu>
Date: Mon, 28 Jun 2021 18:37:15 +0200
Subject: [PATCH 3/3] prevent spamming manual payment checks

---
 iota.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/iota.py b/iota.py
index 5989fc2..517e836 100644
--- a/iota.py
+++ b/iota.py
@@ -168,7 +168,7 @@ def manual_payment_check(self, address, user_token_hash):
                 # emit pamyent not found
                 self.socketio.emit('payment_not_found', room=self.socket_session_ids[user_token_hash])
 
-        self.manual_payment_checks.remove(user_token_hash)
+            self.manual_payment_checks.remove(user_token_hash)
 
     def get_payment_expiry(self, message_id):
         '''