From ee8f6291cdb8fc22856684d1871746fa6a7f53e6 Mon Sep 17 00:00:00 2001
From: Janis Hutz <development@janishutz.com>
Date: Tue, 10 Oct 2023 15:10:45 +0200
Subject: [PATCH] improve ticket validation engine

---
 src/server/admin/appApiRoutes.js | 25 +++++++++++++++++++------
 1 file changed, 19 insertions(+), 6 deletions(-)

diff --git a/src/server/admin/appApiRoutes.js b/src/server/admin/appApiRoutes.js
index d2fc582..da9bd5d 100644
--- a/src/server/admin/appApiRoutes.js
+++ b/src/server/admin/appApiRoutes.js
@@ -38,17 +38,30 @@ module.exports = ( app ) => {
                     }
                     db.getDataSimple( 'orders', 'order_name', req.body.ticketID.slice( 0, indexOfOrderNameEnd ) ).then( dat => {
                         if ( dat[ 0 ] ) {
-                            const tickets = JSON.parse( dat[ 0 ][ 'tickets' ] );
+                            let tickets = JSON.parse( dat[ 0 ][ 'tickets' ] );
                             const event = req.body.ticketID.slice( indexOfOrderNameEnd + 1, req.body.ticketID.lastIndexOf( '-' ) );
                             const ticket = req.body.ticketID.slice( req.body.ticketID.lastIndexOf( '-' ) + 1, req.body.ticketID.length );
                             if ( tickets[ event ] ) {
                                 if ( tickets[ event ][ ticket ] ) {
-                                    if ( !tickets[ event ][ ticket ][ 'invalidated' ] ) {
-                                        tickets[ event ][ ticket ][ 'invalidated' ] = true;
-                                        db.writeDataSimple( 'orders', 'order_name', req.body.ticketID.slice( 0, req.body.ticketID.lastIndexOf( '_' ) ), { 'tickets': JSON.stringify( tickets ) } );
-                                        res.send( 'ticketValid' );
+                                    if ( tickets[ event ][ ticket ][ 'count' ] ) {
+                                        if ( !tickets[ event ][ ticket ][ 'used' ] ) {
+                                            tickets[ event ][ ticket ][ 'used' ] = 0;
+                                        }
+                                        if ( tickets[ event ][ ticket ][ 'used' ] == tickets[ event ][ ticket ][ 'count' ] ) {
+                                            tickets[ event ][ ticket ][ 'used' ] += 1;
+                                            db.writeDataSimple( 'orders', 'order_name', req.body.ticketID.slice( 0, req.body.ticketID.lastIndexOf( '_' ) ), { 'tickets': JSON.stringify( tickets ) } );
+                                            res.send( 'ticketValid' );
+                                        } else {
+                                            res.send( 'ticketInvalid' );
+                                        }
                                     } else {
-                                        res.send( 'ticketInvalid' );
+                                        if ( !tickets[ event ][ ticket ][ 'invalidated' ] ) {
+                                            tickets[ event ][ ticket ][ 'invalidated' ] = true;
+                                            db.writeDataSimple( 'orders', 'order_name', req.body.ticketID.slice( 0, req.body.ticketID.lastIndexOf( '_' ) ), { 'tickets': JSON.stringify( tickets ) } );
+                                            res.send( 'ticketValid' );
+                                        } else {
+                                            res.send( 'ticketInvalid' );
+                                        }
                                     }
                                 } else {
                                     res.send( 'ticketInvalid' );