twreporter / go-api Goto Github PK
View Code? Open in Web Editor NEWGolang API
License: MIT License
Golang API
License: MIT License
During build
job, each step can not retrieve project level variables $USER_DEFINED_VARIABLE
Report from accounting. From the user records in May, June, there are two types of user records with vague send_receipt
options.
cardholder_name
with yearly
option of send_receiptcardholder_name
with yearly
option of send_receiptBullet 1 results from directly close the receipt form page after transaction
Bullet 2 might result from filling with incorrect information (possibly options misunderstanding from users)
After discussion with @taylrj , mark the default of send_receipt to no
to reduce the vague records for accounting to deal with.
As of the context update of bookmark is removed in the commit, address the inconsistency in another approach. Possible solution might be retrieve the title and desc from the original post.
Need a way (e.g, script) to probe the Mysql service availability.
According to this line, the frontendRedirectUrl
is
"https://" + envToDonationHost[globals.Conf.Environment] + "/contribute/" + f + "/" + orderNumber
To meet front-end's design, frontendRedirectUrl
needs to be updated like (for reference only) :
"envToDonationProtocol[globals.Conf.Environment]://" + envToDonationHost[globals.Conf.Environment] + "/contribute/line/" + f + "/" + orderNumber
This is an example of frontendRedirectUrl
in localhost:
http://localhost:3000/contribute/line/one_time/twreporter-156713555982111400001
/periodic-donations/:id
/donations/prime/:id
/donations/others/:id
are using user_id
query param.
For example, the client would send the GET method request like following
Headers:
Cookie: id_token=<id_token>
Authorization: Bearer <access_token>
Endpoint:
`https://go-api.twreporter.org/v1/periodic-dontaions/10?user_id=1`
Even though we uses middlewares/jwt.go
ValidateAuthentication
and ValidateAuthorization
to valid the request. However, we are only checking donation.userID == c.Query('user_id')
, not checking donation.userID == user_id in the access_token.payload
.
Therefore, hackers can send malicious requests to get others' donation data.
Drop user_id
query param.
Use user_id in the access_token.payload
to validate the authorization.
According to the accounting staff, the send_receipt
of periodic donation will not have value monthly
.
In Narwhale, we cannot see the whole transaction information if the transaction has fail
status.
Current code logic is in these lines for periodic donations, and these lines for one-time donations
We only record tapPayResp.Status
and tapPayResp.Msg
, lacks of other important information, such as rec_trade_id
, bank_result_code
, bank_result_msg
...etc.
staging
branch into the release
branchgcloud sql connect twreporter-sql-db --user=membership_user --quiet
mailchimp-sync cronjob is used for syncing DB mailing preferences to Mailchimp by API. Deployment is documented in
README.
edit configs/config.go
features:
enable_rolemail: false
The role email feature is controlled by the enable_rolemail
flag in the configs/config.go
file. It will be set to false
by default. To enable the role email feature, set the enable_rolemail
flag to true
.
enable_rolemail
is false
(default), then the role email feature is disabled.enable_rolemail
is true
, then the role email feature is enabled.When the feature is enabled, the role change email will be sent to the user's email address. When the feature is disabled, the role change email will not be sent out. Only log messages will be generated.
To enable the role email feature in production, set the GOAPI_FEATURES_ENABLE_ROLEMAIL
to true
in the kubernetes-config
Trigger CircleCI pipeline (kubernetes kustomize)
In current situation, users receive success email when they are redirected to LINE payment page. However, they have not donated yet at this moment. The appropriate time that users receive the success email is when their donation get paid.
According to the donation policy, we are going to add options for users to select whether their name would be publicized. There are two options, partially disclosed
(例:王O明) or just show anonymous
(例:無名氏).
Therefore, we need to add a new field is_anonymous
whose value is in type boolean
for showing the anonymity of donation records. Note that true
is for people who wish to remain anonymous, and false
stands for people who agree to partially publicize their names.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.