-
Notifications
You must be signed in to change notification settings - Fork 13
Expand file tree
/
Copy pathassets_js_lib_bitrequest_checkout.js
More file actions
161 lines (149 loc) · 5.5 KB
/
assets_js_lib_bitrequest_checkout.js
File metadata and controls
161 lines (149 loc) · 5.5 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
const root_html = document.documentElement,
b_url = (function () {
// Auto-derive the trusted origin from this script's own location so the
// PWA works wherever it's hosted (github.io, web.app, IPFS, Arweave,
// self-host) without any configuration. Falls back to the canonical
// host if the origin can't be resolved (script inlined, blob:/data: URL).
const here = document.currentScript && document.currentScript.src;
if (here) {
try { return new URL(here).origin; } catch (e) {}
}
// Fallback: locate this helper by filename in the script tag list.
const scripts = document.getElementsByTagName("script");
for (let i = 0; i < scripts.length; i++) {
const src = scripts[i].src || "";
if (src.indexOf("assets_js_lib_bitrequest_checkout.js") !== -1) {
try { return new URL(src).origin; } catch (e) {}
}
}
return "https://bitrequest.github.io";
})();
document.addEventListener("DOMContentLoaded", function() {
document.addEventListener("click", function(e) {
// Logic for checkout button clicks
if (e.target.matches(".br_checkout")) {
e.preventDefault();
checkout(e.target);
}
// Logic for closing the loader
if (e.target.matches("#br_loadbox")) {
closeloader();
}
});
window.addEventListener("message", crossframe);
keyup();
});
// Handles the checkout process when a checkout button is clicked.
function checkout(clicked_elem) {
const request_url = clicked_elem.getAttribute("href");
// Sanitize URL: Ensure it starts with BASE_URL to prevent open redirects/XSS
if (!request_url.startsWith(b_url)) {
console.error("Invalid request URL:", request_url);
return
}
let payment_frame = document.querySelector("#br_framebox iframe");
showloader();
if (payment_frame) {
payment_frame.setAttribute("src", request_url);
} else {
append_iframe(request_url);
}
}
// Appends an iframe to the body with the given source URL.
function append_iframe(frame_url) {
const framebox = "<div id='br_framebox'><iframe src='" + frame_url + "' sandbox='allow-scripts allow-same-origin allow-popups'></iframe></div><div id='br_loadbox'><div id='br_loadpanel'><div id='br_loader'></div><p>Loading request...</p></div></div>";
// Insert the new elements at the end of the body.
document.body.insertAdjacentHTML("beforeend", framebox);
iframe_loaded();
}
// Sets up a load event listener for the newly created iframe.
function iframe_loaded() {
const payment_frame = document.querySelector("#br_framebox iframe");
payment_frame.addEventListener("load", () => {
const frame_url = payment_frame.getAttribute("src");
if (frame_url && frame_url !== b_url) {
showframe();
}
});
}
// Handles cross-frame communication from the iframe.
function crossframe(e) {
// Check origin to prevent unauthorized messages
if (e.origin !== b_url) {
console.warn("Message from untrusted origin:", e.origin);
return
}
const message = e.data;
switch (message) {
case "close_loader":
closeloader();
break;
case "close_request_confirm":
setTimeout(closeframe_confirm, 200);
break;
case "close_request":
setTimeout(closeframe, 200);
break;
default:
// Check for object messages like the result callback.
if (message && message.id === "result") {
result_callback(message.data);
}
}
}
// Placeholder function for handling result data.
function result_callback(post_data) {
// Overwrite this function for your callback.
console.log("Overwrite this function for your callback");
console.log(post_data);
}
// Shows the iframe by adding CSS classes to the root HTML element.
function showframe() {
root_html.classList.add("showframe", "zoomframe");
}
// Prompts for confirmation before closing the iframe.
function closeframe_confirm() {
if (confirm("Close request?")) {
closeframe();
}
}
// Closes the iframe by removing CSS classes.
function closeframe() {
if (root_html.classList.contains("zoomframe")) {
root_html.classList.remove("zoomframe");
setTimeout(() => {
root_html.classList.remove("showframe");
const payment_frame = document.querySelector("#br_framebox iframe");
if (payment_frame) {
payment_frame.setAttribute("src", b_url);
}
}, 400);
}
}
// Shows the loader by adding CSS classes.
function showloader() {
root_html.classList.add("slide_loader", "fade_loader");
}
// Closes the loader by removing CSS classes.
function closeloader() {
if (root_html.classList.contains("fade_loader")) {
root_html.classList.remove("fade_loader");
setTimeout(() => {
root_html.classList.remove("slide_loader");
}, 1000);
}
}
// Sets up a keyup event listener for the ESC key.
function keyup() {
document.addEventListener("keyup", function(e) {
if (e.key === "Escape" || e.keyCode === 27) {
if (root_html.classList.contains("slide_loader")) {
closeloader();
return; // Exit early to prevent fall-through
}
if (root_html.classList.contains("showframe")) {
closeframe_confirm();
}
}
});
}