From 93aff86f872617b98b1b7e9abd6708fc2d165051 Mon Sep 17 00:00:00 2001
From: Amir <amirsabani303@gmail.com>
Date: Fri, 20 Jun 2025 14:56:28 +0200
Subject: [PATCH] dodata validacija koda na payment page, 10 second delay za
 ispisivanje provere

---
 .../admin/paymentcode_changelist.html         |  2 +-
 backend/core/templates/payment.html           | 67 ++++++++++++++++---
 backend/core/urls.py                          |  1 +
 backend/core/views.py                         | 25 +++++--
 4 files changed, 81 insertions(+), 14 deletions(-)

diff --git a/backend/core/templates/admin/paymentcode_changelist.html b/backend/core/templates/admin/paymentcode_changelist.html
index efcbb95..be6ac30 100644
--- a/backend/core/templates/admin/paymentcode_changelist.html
+++ b/backend/core/templates/admin/paymentcode_changelist.html
@@ -1,6 +1,6 @@
 {% extends "admin/change_list.html" %}
 {% block object-tools %}
-<div style="padding: 12px 0; display: flex; gap: 8px;">
+<div style="padding: 12px 0;">
     <div style="padding: 12px 0;">
         <a href="{% url 'admin:generate-codes' %}" class="button">Generate Payment Codes</a>
     </div>
diff --git a/backend/core/templates/payment.html b/backend/core/templates/payment.html
index 0672221..7f4a218 100644
--- a/backend/core/templates/payment.html
+++ b/backend/core/templates/payment.html
@@ -10,14 +10,19 @@
     {% endif %}
     <form method="post" class="space-y-6">
       {% csrf_token %}
-      <input 
-        type="text" 
-        name="code" 
-        maxlength="10" 
-        class="w-full px-4 py-3 border-2 border-accent rounded-lg focus:outline-none focus:ring-2 focus:ring-accent text-lg tracking-widest text-center font-mono mb-2"
-        placeholder="Enter your code"
-        required
-      >
+      <div class="relative flex items-center">
+        <input 
+          type="text" 
+          id="code-input"
+          name="code" 
+          maxlength="10" 
+          class="w-full px-4 py-3 border-2 border-accent rounded-lg focus:outline-none focus:ring-2 focus:ring-accent text-lg tracking-widest text-center font-mono mb-2"
+          placeholder="Enter your code"
+          required
+          autocomplete="off"
+        >
+        <span id="code-status" class="absolute right-3 top-1/2 -translate-y-1/2 text-2xl"></span>
+      </div>
       <button 
         type="submit" 
         class="w-full bg-accent text-primary hover:bg-yellow-400 font-bold py-3 px-8 rounded-lg shadow-lg text-lg transition-all duration-200 ease-in-out transform hover:scale-105"
@@ -25,9 +30,53 @@
         Enter Code
       </button>
     </form>
+    <p id="code-error" class="mt-6 font-semibold text-lg"></p>
     {% if error %}
-      <p class="text-red-600 mt-6 font-semibold text-lg">{{ error }}</p>
+      <p id="backend-error" class="text-red-600 mt-6 font-semibold text-lg">{{ error }}</p>
     {% endif %}
   </div>
 </section>
+<script>
+document.addEventListener('DOMContentLoaded', function() {
+  const input = document.getElementById('code-input');
+  const status = document.getElementById('code-status');
+  const codeError = document.getElementById('code-error');
+  const backendError = document.getElementById('backend-error');
+
+  input.addEventListener('input', function() {
+    status.innerHTML = '';
+    codeError.innerHTML = '';
+    if (backendError) backendError.style.display = 'none';
+    const code = input.value.trim();
+    if (code.length === 0) return;
+
+    status.innerHTML = `<svg class="animate-spin h-6 w-6 text-accent" xmlns="http://www.w3.org/2000/svg" fill="none" viewBox="0 0 24 24">
+      <circle class="opacity-25" cx="12" cy="12" r="10" stroke="currentColor" stroke-width="4"></circle>
+      <path class="opacity-75" fill="currentColor" d="M4 12a8 8 0 018-8v8z"></path>
+    </svg>`;
+
+    fetch("{% url 'core:validate_code' %}", {
+      method: "POST",
+      headers: {
+        "Content-Type": "application/json",
+        "X-CSRFToken": "{{ csrf_token }}",
+      },
+      body: JSON.stringify({ code: code })
+    })
+    .then(response => response.json())
+    .then(data => {
+      status.innerHTML = '';
+      if (data.valid) {
+        codeError.innerHTML = '<span class="text-green-600">✅ Valid code</span>';
+      } else {
+        codeError.innerHTML = '<span class="text-red-600">❌ Invalid code</span>';
+      }
+    })
+    .catch(() => {
+      status.innerHTML = '';
+      codeError.innerHTML = '<span class="text-red-600">❌ Error checking code</span>';
+    });
+  });
+});
+</script>
 {% endblock %}
\ No newline at end of file
diff --git a/backend/core/urls.py b/backend/core/urls.py
index 4c57b3c..57cf8da 100644
--- a/backend/core/urls.py
+++ b/backend/core/urls.py
@@ -16,6 +16,7 @@ urlpatterns = [
     path('api/validate_form_fields/', v.validate_form_fields, name='validate_form_fields'),
     path('no_confidential_data/', v.no_confidential_data, name='no_confidential_data'),
     path('downloads/risklet_example_document.pdf', v.download_example_pdf, name='download_example_pdf'),
+    path('validate_code/', v.validate_code, name='validate_code'),
 
     #admin urls
     path('admin/payment-codes-pdf/', v.payment_codes_pdf_view, name='payment_codes_pdf'),
diff --git a/backend/core/views.py b/backend/core/views.py
index 69f528f..80db479 100644
--- a/backend/core/views.py
+++ b/backend/core/views.py
@@ -1,5 +1,8 @@
 import logging
 import yaml
+import os
+import json
+import time
 
 from django.shortcuts import render, redirect , get_object_or_404
 from .forms import OrganizationForm
@@ -9,15 +12,14 @@ from django.contrib.admin.views.decorators import staff_member_required
 from .utils import generate_pdf, generate_risk_graph, generate_residual_risk_graph
 from .tables import risk_matrix_table ,get_risk_table, get_safeguard_summary_table
 from django.conf import settings
-site_domain = settings.SITE_DOMAIN
 from .processors import render_template
 from django.http import JsonResponse, FileResponse, Http404, HttpResponse
 from django.core.exceptions import ValidationError
 from django.core.validators import validate_email
-import os
 from django.utils import timezone
 from weasyprint import HTML
 from django.template.loader import render_to_string
+from django.views.decorators.csrf import csrf_exempt
 
 
 # @login_required
@@ -25,6 +27,7 @@ from django.template.loader import render_to_string
 #     return HttpResponse('<h1>Django</h1><p>Página simples.</p>')
 
 logger = logging.getLogger(__name__)
+site_domain = settings.SITE_DOMAIN
 
 # @login_required
 def index(request):
@@ -134,7 +137,7 @@ def payment_page(request):
                 send_document_email(email, url, document)
                 return redirect(url)
         except PaymentCode.DoesNotExist:
-            error = "CODE INVALID"
+            error = "❌ Invalid code"
     return render(request, 'payment.html', {'error': error})
 
 def no_confidential_data(request):
@@ -161,4 +164,18 @@ def payment_codes_pdf_view(request):
     pdf_content = HTML(string=html_string, base_url=request.build_absolute_uri('/')).write_pdf()
     response = HttpResponse(pdf_content, content_type='application/pdf')
     response['Content-Disposition'] = f'inline; filename=payment_codes_{timezone.now().strftime("%Y%m%d_%H%M%S")}.pdf'
-    return response
\ No newline at end of file
+    return response
+
+@csrf_exempt
+def validate_code(request):
+    if request.method == "POST":
+        try:
+            data = json.loads(request.body)
+            code = data.get("code", "").strip().upper()
+            from .models import PaymentCode
+            valid = PaymentCode.objects.filter(code=code, used=False).exists()
+            time.sleep(10)
+            return JsonResponse({"valid": valid})
+        except Exception:
+            return JsonResponse({"valid": False})
+    return JsonResponse({"valid": False})
\ No newline at end of file