Add endpoint to request a checkout with the given quote hash and cust…

…omer token

routes/api.php

@@ -3,6 +3,7 @@
 use Illuminate\Http\Request;
 use Illuminate\Support\Facades\Artisan;
 use Rapidez\Core\Http\Controllers\OrderController;
+use Rapidez\Core\Http\Controllers\GetSignedCheckoutController;
 use Rapidez\Core\Http\Middleware\VerifyAdminToken;
 
 Route::middleware('api')->prefix('api')->group(function () {
@@ -22,6 +23,8 @@
 
     Route::get('order', OrderController::class);
 
+    Route::post('get-checkout-url', GetSignedCheckoutController::class);
+
     Route::prefix('admin')->middleware(VerifyAdminToken::class)->group(function () {
         Route::match(['get', 'post'], 'cache/clear', fn () => Artisan::call('cache:clear'));
         Route::match(['get', 'post'], 'index/products', function (Request $request) {

routes/web.php

@@ -1,6 +1,7 @@
 <?php
 
 use Rapidez\Core\Facades\Rapidez;
+use Rapidez\Core\Http\Controllers\SignedCheckoutController;
 use Rapidez\Core\Http\Middleware\AuthenticateHealthCheck;
 
 Route::get('healthcheck', config('rapidez.routing.controllers.healthcheck'))->middleware(AuthenticateHealthCheck::class);
@@ -15,6 +16,7 @@
     Route::get('checkout/success', config('rapidez.routing.controllers.checkout-success'))->name('checkout.success');
 
     Route::get('checkout/onepage/success', fn () => redirect(route('checkout.success', request()->query()), 308));
+    Route::get('checkout/signed', SignedCheckoutController::class)->name('signed-checkout');;
     Route::get('checkout/{step?}', config('rapidez.routing.controllers.checkout'))->middleware('auth:magento-cart')->name('checkout');
     Route::get('search', config('rapidez.routing.controllers.search'))->name('search');
     Route::fallback(config('rapidez.routing.controllers.fallback'));

src/Http/Controllers/GetSignedCheckoutController.php

@@ -0,0 +1,29 @@
+<?php
+
+namespace Rapidez\Core\Http\Controllers;
+
+use Illuminate\Http\Request;
+use Illuminate\Support\Facades\Cache;
+use Illuminate\Support\Facades\URL;
+use Illuminate\Support\Str;
+
+class GetSignedCheckoutController
+{
+    /**
+     * Time for the signed route to be valid for, 2 minutes will result in a timeout anyways.
+     * So it's better to remove the mask and token after that time.
+     */
+    public const URL_TIMEOUT = 120;
+
+    public function __invoke(Request $request)
+    {
+        $data = $request->validate([
+            'mask' => 'required',
+            'token' => 'nullable',
+        ]);
+        $cachekey = (string)Str::uuid();
+        Cache::put('checkout-'.$cachekey, $data, static::URL_TIMEOUT);
+
+        return ['url' => URL::signedRoute('signed-checkout', ['key' => $cachekey], static::URL_TIMEOUT)];
+    }
+}

src/Http/Controllers/SignedCheckoutController.php

@@ -0,0 +1,36 @@
+<?php
+
+namespace Rapidez\Core\Http\Controllers;
+
+use Illuminate\Http\Request;
+use Illuminate\Support\Facades\Cache;
+use Rapidez\Core\Models\Quote;
+
+class SignedCheckoutController
+{
+    public function __invoke(Request $request)
+    {
+        if (! $request->hasValidSignature() || !Cache::has('checkout-' . $request->get('key'))) {
+            return redirect(config('rapidez.magento_url'), 301);
+        }
+
+        $data = Cache::get('checkout-' . $request->get('key'));
+        Cache::forget('checkout-' . $request->get('key'));
+
+        $response = redirect()->to('checkout');
+
+        if (!Quote::whereQuoteIdOrCustomerToken($data['mask'] ?? $data['token'])->exists()) {
+            return redirect(config('rapidez.magento_url'), 301);
+        }
+
+        if ($data['mask'] ?? false) {
+            $response->withCookie('mask', $data['mask'], 525949, null, null, null, false);
+        }
+
+        if ($data['token'] ?? false) {
+            $response->withCookie('token', $data['token'], 525949, null, null, null, false);
+        }
+
+        return $response;
+    }
+}