2
我正在嘗試安裝Mollie API,但我沒有找到webhook的工作方式。我正在Ruby on Rails 4中工作。它一直在說無法驗證CSRF令牌的真實性。我嘗試了幾個從stackoverflow的答案,但他們不工作。例如。無法驗證CSRF令牌的真實性
- skip_before_filter:verify_authenticity_token
- protect_from_forgery除外:[:通知]
- protect_from_forgery用:null_session,如果: - > {?request.format.json}
我的通知控制器看起來像:
class ReservationsController < ApplicationController
before_action :authenticate_user!, except: [:notify]
skip_before_filter :verify_authenticity_token
def preload
training = Training.find(params[:training_id])
today = Date.today
reservations = training.reservations.where("date >= ?", today)
render json: reservations
end
def create
@thrill = Thrill.find(params[:thrill_id])
if @thrill.reservations.length < @thrill.training.tr_max_attendants
@reservation = current_user.reservations.create(reservation_params)
if @reservation
require 'Mollie/API/Client'
mollie = Mollie::API::Client.new('test_gUejkz43UkdeCauC22J6UNqqVRdpwW')
payment = mollie.payments.create(
amount: 10.00,
description: 'My first API payment',
redirect_Url: 'http://d7459af1.ngrok.io/your_trips',
webhookUrl: 'http://d7459af1.ngrok.io/notify',
metadata: {
reservationid: @reservation.id
}
)
@reservation.update_attributes payid:payment.id
redirect_to payment.payment_url
else
redirect_to @thrill.training, notice: "Helaas, de training is vol"
end
end
end
protect_from_forgery except: [:notify]
# protect_from_forgery with: :null_session, if: -> {request.format.json?}
def notify
require 'Mollie/API/Client'
mollie = Mollie::API::Client.new('test_gUejkz43UkdeCauC22J6UNqqVRdpwW')
payment = mollie.payments.get(payment.id)
params.permit!
status = params[:payment_status]
if payment.paid?
reservation = Reservation.find(params[:payid])
reservation.update_attributes status:true
else
reservation.destroy
end
render nothing: true
end
protect_from_forgery except: [:your_trips]
def your_trips
@reservations = current_user.reservations.joins(:thrill).order('thrills.thrilldate asc').where('? <= thrills.thrilldate', Date.today)
end
def your_reservations
@trainings = current_user.trainings
end
private
def reservation_params
params.permit(:thrill_id, :user_id)
end
end
如果有人有一個提示或暗示,將不勝感激! 謝謝!
嗨克里斯。如果你是Rails新手:你在這裏發佈的代碼看起來不像普通的Rails控制器。你能把所有的代碼發佈到你的通知控制器嗎?我希望它啓動'類NotifyController
Mauddev
嗨Mauddev,感謝您的評論。我確實對此很新,我添加了完整控制器。希望你能做到這一點。 –