Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

escape all path parameters.

  • Loading branch information...
commit 4e01069326f8cc100ba8179d61f8a0effa91c03c 1 parent a9b4933
@chjj authored
Showing with 115 additions and 51 deletions.
  1. +115 −51 lib/charged.js
View
166 lib/charged.js
@@ -69,11 +69,12 @@ Charged.prototype.getCustomerById = function(name, callback) {
if (!this._isNumber(name)) {
return this.getCustomerByRef(name, callback);
}
- return this.get('/customers/' + name, callback, 'customer');
+ return this.get('/customers/' + escape(name), callback, 'customer');
};
Charged.prototype.getCustomerByRef = function(ref, callback) {
- return this.get('/customers/lookup?reference=' + ref, callback, 'customer');
+ var path = '/customers/lookup?reference=' + escape(ref);
+ return this.get(path, callback, 'customer');
};
Charged.prototype.deleteCustomer =
@@ -81,11 +82,12 @@ Charged.prototype.deleteCustomerById = function(name, callback) {
if (!this._isNumber(name)) {
return this.deleteCustomerByRef(name, callback);
}
- return this.delete('/customers/' + name, callback, 'customer');
+ return this.delete('/customers/' + escape(name), callback, 'customer');
};
Charged.prototype.deleteCustomerByRef = function(ref, callback) {
- return this.delete('/customers/lookup?reference=' + ref, callback, 'customer');
+ var path = '/customers/lookup?reference=' + escape(ref);
+ return this.delete(path, callback, 'customer');
};
Charged.prototype.createCustomer = function(options, callback) {
@@ -97,11 +99,12 @@ Charged.prototype.updateCustomerById = function(name, options, callback) {
if (!this._isNumber(name)) {
return this.updateCustomerByRef(name, options, callback);
}
- return this.put('/customers/' + name, options, callback, 'customer');
+ return this.put('/customers/' + escape(name), options, callback, 'customer');
};
Charged.prototype.updateCustomerByRef = function(ref, options, callback) {
- return this.put('/customers/lookup?reference=' + ref, options, callback, 'customer');
+ var path = '/customers/lookup?reference=' + escape(ref);
+ return this.put(path, options, callback, 'customer');
};
/**
@@ -128,22 +131,23 @@ Charged.prototype.createSubscription = function(options, callback) {
Charged.prototype.getSubscription =
Charged.prototype.readSubscription = function(name, callback) {
- return this.get('/subscriptions/' + name, callback, 'subscription');
+ return this.get('/subscriptions/' + escape(name), callback, 'subscription');
};
Charged.prototype.updateSubscription = function(name, options, callback) {
- return this.put('/subscriptions/' + name, options, callback, 'subscription');
+ var path = '/subscriptions/' + escape(name);
+ return this.put(path, options, callback, 'subscription');
};
// http://docs.chargify.com/cancellation
Charged.prototype.cancelSubscription = function(name, options, callback) {
- var path = '/subscriptions/' + name;
+ var path = '/subscriptions/' + escape(name);
return this.delete(path, options, callback, 'subscription');
};
// http://docs.chargify.com/reactivation
Charged.prototype.reactivateSubscription = function(name, options, callback) {
- var path = '/subscriptions/' + name + '/reactivate';
+ var path = '/subscriptions/' + escape(name) + '/reactivate';
return this.put(path, options, callback, 'subscription');
};
@@ -153,7 +157,7 @@ Charged.prototype.getSubscriptionsByCustomerId = function(customer, callback) {
if (!this._isNumber(customer)) {
return this.getSubscriptionsByCustomerRef(customer, callback);
}
- var path = '/customers/' + customer + '/subscriptions';
+ var path = '/customers/' + escape(customer) + '/subscriptions';
return this.get(path, callback, 'subscription');
};
@@ -171,12 +175,12 @@ Charged.prototype.delayedCancelSubscription = function(name, options, callback)
callback = options;
options = { cancel_at_end_of_period: 1 };
}
- var path = '/subscriptions/' + name;
+ var path = '/subscriptions/' + escape(name);
return this.put(path, options, callback, 'subscription');
};
Charged.prototype.resetSubscriptionBalance = function(name, callback) {
- var path = '/subscriptions/' + name + '/reset_balance';
+ var path = '/subscriptions/' + escape(name) + '/reset_balance';
return this.put(path, callback, 'subscription');
};
@@ -187,22 +191,22 @@ Charged.prototype.resetSubscriptionBalance = function(name, callback) {
*/
Charged.prototype.getSubscriptionStatements = function(name, callback) {
- var path = '/subscriptions/' + name + '/statements';
+ var path = '/subscriptions/' + escape(name) + '/statements';
return this.get(path, callback, 'statement');
};
Charged.prototype.getStatement = function(name, callback) {
- var path = '/statements/' + name;
+ var path = '/statements/' + escape(name);
return this.get(path, callback, 'statement');
};
Charged.prototype.getSubscriptionIds = function(name, callback) {
- var path = '/subscriptions/' + name + '/statements/ids';
+ var path = '/subscriptions/' + escape(name) + '/statements/ids';
return this.get(path, callback, 'statement_ids');
};
Charged.prototype.getStatementIds = function(name, callback) {
- var path = '/statements/' + name + '/ids';
+ var path = '/statements/' + escape(name) + '/ids';
return this.get(path, callback, 'statement_ids');
};
@@ -213,12 +217,12 @@ Charged.prototype.getStatementIds = function(name, callback) {
*/
Charged.prototype.migrateSubscription = function(name, options, callback) {
- var path = '/subscriptions/' + name + '/migrations';
+ var path = '/subscriptions/' + escape(name) + '/migrations';
return this.post(path, options, callback, 'migration');
};
Charged.prototype.previewSubscriptionMigration = function(name, options, callback) {
- var path = '/subscriptions/' + name + '/migrations/preview';
+ var path = '/subscriptions/' + escape(name) + '/migrations/preview';
return this.post(path, options, callback, 'migration');
};
@@ -231,7 +235,7 @@ Charged.prototype.previewSubscriptionMigration = function(name, options, callbac
Charged.prototype.charge =
Charged.prototype.createCharge =
Charged.prototype.chargeSubscription = function(name, options, callback) {
- var path = '/subscriptions/' + name + '/charges';
+ var path = '/subscriptions/' + escape(name) + '/charges';
return this.post(path, options, callback, 'subscription');
};
@@ -242,7 +246,7 @@ Charged.prototype.chargeSubscription = function(name, options, callback) {
*/
Charged.prototype.adjustSubscription = function(name, options, callback) {
- var path = '/subscriptions/' + name + '/adjustments';
+ var path = '/subscriptions/' + escape(name) + '/adjustments';
return this.post(path, options, callback, 'adjustment');
};
@@ -318,7 +322,7 @@ Charged.prototype.listProductFamilyComponents = function(name, callback) {
return this.getComponentsByFamilyHandle(name, callback);
}
- var path = '/product_families/' + name + '/components';
+ var path = '/product_families/' + escape(name) + '/components';
return this.get(path, callback, 'component');
};
@@ -347,7 +351,10 @@ Charged.prototype.getFamilyComponent = function(name, comp, callback) {
return this.getComponent(comp, callback);
}
- var path = '/product_families/' + name + '/components/' + comp;
+ var path = '/product_families/'
+ + escape(name)
+ + '/components/'
+ + escape(comp);
return this.get(path, callback, 'component');
};
@@ -379,13 +386,13 @@ Charged.prototype.createFamilyComponent = function(name, kind, options, callback
});
}
- var path = '/product_families/' + name + '/' + kind;
+ var path = '/product_families/' + escape(name) + '/' + escape(kind);
return this.post(path, options, callback, 'component');
};
Charged.prototype.getSubscriptionComponents =
Charged.prototype.listSubscriptionComponents = function(name, callback) {
- var path = '/subscriptions/' + name + '/components';
+ var path = '/subscriptions/' + escape(name) + '/components';
return this.get(path, callback, 'component');
};
@@ -393,7 +400,10 @@ Charged.prototype.getSubscriptionComponent = function(sub, comp, callback) {
if (!this._isNumber(comp)) {
return this.getSubscriptionComponentByName(sub, comp, callback);
}
- var path = '/subscriptions/' + sub + '/components/' + comp;
+ var path = '/subscriptions/'
+ + escape(sub)
+ + '/components/'
+ + escape(comp);
return this.get(path, callback);
};
@@ -408,7 +418,10 @@ Charged.prototype.updateSubscriptionComponent = function(sub, comp, options, cal
if (!this._isNumber(comp)) {
return this.updateSubscriptionComponentByName(sub, comp, options, callback);
}
- var path = '/subscriptions/' + sub + '/components/' + comp;
+ var path = '/subscriptions/'
+ + escape(sub)
+ + '/components/'
+ + escape(comp);
return this.put(path, options, callback);
};
@@ -435,13 +448,21 @@ Charged.prototype.listSubscriptionUsage = function(sub, comp, options, callback)
callback = options;
options = null;
}
- var path = '/subscriptions/' + sub + '/components/' + comp + '/usages';
+ var path = '/subscriptions/'
+ + escape(sub)
+ + '/components/'
+ + escape(comp)
+ + '/usages';
return this.get(path, options, callback, 'usage');
};
Charged.prototype.createSubscriptionUsage =
Charged.prototype.updateSubscriptionUsage = function(sub, comp, options, callback) {
- var path = '/subscriptions/' + sub + '/components/' + comp + '/usages';
+ var path = '/subscriptions/'
+ + escape(sub)
+ + '/components/'
+ + escape(comp)
+ + '/usages';
return this.post(path, options, callback, 'usage');
};
@@ -487,7 +508,7 @@ Charged.prototype.updateSubscriptionQuantity = function(sub, options, callback)
*/
Charged.prototype.createSubscriptionCredit = function(sub, options, callback) {
- var path = '/subscriptions/' + sub + '/credits';
+ var path = '/subscriptions/' + escape(sub) + '/credits';
return this.post(path, options, callback, 'credit');
};
@@ -498,7 +519,7 @@ Charged.prototype.createSubscriptionCredit = function(sub, options, callback) {
*/
Charged.prototype.createSubscriptionRefund = function(sub, options, callback) {
- var path = '/subscriptions/' + sub + '/refunds';
+ var path = '/subscriptions/' + escape(sub) + '/refunds';
return this.post(path, options, callback, 'refund');
};
@@ -512,7 +533,7 @@ Charged.prototype.getSubscriptionEvents = function(sub, options, callback) {
callback = options;
options = null;
}
- var path = '/subscriptions/' + sub + '/events';
+ var path = '/subscriptions/' + escape(sub) + '/events';
return this.get(path, options, callback);
};
@@ -536,7 +557,7 @@ Charged.prototype.createCoupon = function(options, callback) {
};
Charged.prototype.getCoupon = function(name, callback) {
- var path = '/coupons/' + name;
+ var path = '/coupons/' + escape(name);
return this.get(path, callback, 'coupon');
};
@@ -546,43 +567,49 @@ Charged.prototype.getCoupons = function(name, callback) {
};
Charged.prototype.getCouponByCode = function(code, callback) {
- var path = '/coupons/find?code=' + code;
+ var path = '/coupons/find?code=' + escape(code);
return this.get(path, callback, 'coupon');
};
Charged.prototype.validateCoupon = function(name, callback) {
- var path = '/coupons/' + name + '/validate';
+ var path = '/coupons/' + escape(name) + '/validate';
return this.get(path, callback, 'coupon');
};
Charged.prototype.validateCouponByCode = function(name, callback) {
- var path = '/coupons/' + name + '/validate';
- //var path = '/coupons/find/validate?code=' + name;
+ var path = '/coupons/' + escape(name) + '/validate';
+ //var path = '/coupons/find/validate?code=' + escape(name);
return this.get(path, callback, 'coupon');
};
Charged.prototype.updateCoupon = function(name, options, callback) {
- var path = '/coupons/' + name;
+ var path = '/coupons/' + escape(name);
return this.post(path, options, callback, 'coupon');
};
Charged.prototype.deleteCoupon = function(name, callback) {
- var path = '/coupons/' + name;
+ var path = '/coupons/' + escape(name);
return this.delete(path, callback);
};
Charged.prototype.getCouponUsage = function(name, callback) {
- var path = '/coupons/' + name + '/usage';
+ var path = '/coupons/' + escape(name) + '/usage';
return this.get(path, callback);
};
Charged.prototype.addSubscriptionCoupon = function(sub, name, callback) {
- var path = '/subscriptions/' + sub + '/add_coupon?code=' + name;
+ var path = '/subscriptions/'
+ + escape(sub)
+ + '/add_coupon?code='
+ + escape(name);
return this.post(path, callback, 'coupon');
};
Charged.prototype.removeSubscriptionCoupon = function(sub, name, callback) {
- var path = '/subscriptions/' + sub + '/remove_coupon?code=' + name;
+ var path = '/subscriptions/'
+ + escape(sub)
+ + '/remove_coupon?code='
+ + escape(name);
return this.delete(path, callback, 'coupon');
};
@@ -595,11 +622,11 @@ Charged.prototype.getTransactions = function(callback) {
};
Charged.prototype.getTransaction = function(name, callback) {
- return this.get('/transactions/' + name, callback, 'transaction');
+ return this.get('/transactions/' + escape(name), callback, 'transaction');
};
Charged.prototype.getSubscriptionTransactions = function(name, callback) {
- var path = '/subscriptions/' + name + '/transactions';
+ var path = '/subscriptions/' + escape(name) + '/transactions';
return this.get(path, callback, 'transaction');
};
@@ -665,7 +692,7 @@ Charged.prototype.getFamilyProducts = function(name, callback) {
return this.getFamilyProductsByHandle(name, callback);
}
- var path = '/product_families/' + name + '/products';
+ var path = '/product_families/' + escape(name) + '/products';
return this.get(path, callback, 'product');
};
@@ -681,11 +708,11 @@ Charged.prototype.getProduct = function(id, callback) {
if (!this._isNumber(id)) {
return this.getProductByHandle(id, callback);
}
- return this.get('/products/' + id, callback, 'product');
+ return this.get('/products/' + escape(id), callback, 'product');
};
Charged.prototype.getProductByHandle = function(handle, callback) {
- return this.get('/products/handle/' + handle, callback, 'product');
+ return this.get('/products/handle/' + escape(handle), callback, 'product');
};
Charged.prototype.createProduct = function(options, callback) {
@@ -968,18 +995,18 @@ Charged.prototype.hostedPage = function(shortname, id) {
return 'https://'
+ this.subdomain
+ '.chargify.com/'
- + shortname
+ + escape(shortname)
+ '/'
- + id
+ + escape(id)
+ '/'
- + token;
+ + escape(token);
};
Charged.prototype.signupPage = function(product) {
return 'https://'
+ this.subdomain
+ '.chargify.com/h/'
- + product
+ + escape(product)
+ '/subscriptions/new';
};
@@ -1008,6 +1035,43 @@ function sha1(data) {
.digest('hex');
}
+function escape(str) {
+ var type = typeof str;
+
+ try {
+ if ((type === 'string' && str.length)
+ || (type === 'number' && isFinite(str))) {
+ return encodeURIComponent(str + '');
+ }
+ } catch (e) {
+ ;
+ }
+
+ throw new
+ Error('Bad chargify parameter.');
+}
+
+/**
+ * Wrap methods with try/catch
+ */
+
+Object.keys(Charged.prototype).forEach(function(key) {
+ var method = Charged.prototype[key];
+ if (typeof method !== 'function') return;
+ Charged.prototype[key] = function() {
+ var callback = arguments[arguments.length-1];
+ try {
+ return method.apply(this, arguments);
+ } catch (e) {
+ if (typeof callback === 'function') {
+ return callback(e);
+ } else {
+ throw e;
+ }
+ }
+ };
+});
+
/**
* Mock
*/
Please sign in to comment.
Something went wrong with that request. Please try again.