defmodule DaProductAppWeb.Router do use DaProductAppWeb, :router import DaProductAppWeb.UserAuth pipeline :browser do plug :accepts, ["html"] plug :fetch_session plug :fetch_live_flash plug :put_root_layout, html: {DaProductAppWeb.Layouts, :root} plug :protect_from_forgery #plug :put_secure_browser_headers, %{"content-security-policy" => "default-src 'self'; img-src * data:;"} #add library which we want to add and make the list of it so that security check can be managed plug :put_secure_browser_headers, %{ "content-security-policy" => "default-src 'self'; " <> "script-src 'self' 'unsafe-inline' https://testapp.ariticapp.com; " <> "style-src 'self' 'unsafe-inline' https://fonts.googleapis.com ag-grid-community.min.js ag-grid-enterprise.js ag-charts-community.js ag-charts-enterprise.js; " <> "img-src * data:; " <> "font-src 'self' https://fonts.gstatic.com data:; " <> "connect-src 'self' wss://ariticapp.com;" } plug :fetch_current_user end pipeline :api do plug :accepts, ["json"] end pipeline :non_csrf do plug :accepts, ["html","json"] plug :fetch_session plug :put_secure_browser_headers # Do NOT include :protect_from_forgery, so CSRF is not enforced here end scope "/", DaProductAppWeb do pipe_through :browser get "/", PageController, :home live "/form", FormLive, :index live "/live", PageLive, :index live "/live/modal/:size", PageLive, :modal live "/live/slide_over/:origin", SbomComponentLive, :slide_over live "/live/pagination/:page", PageLive, :pagination end scope "/", DaProductAppWeb do pipe_through :browser get "/", PageController, :home #resources "/software", SoftwareController, only: [:index, :show] end scope "/", DaProductAppWeb do pipe_through [:browser, :require_authenticated_user] live_session :default, on_mount: [{DaProductAppWeb.UserAuth, :mount_current_user}] do live "/dashboard", DashboardLive, :index live "/sbomcomponent", SbomComponentLive, :index live "/sbomcomponent/:origin", SbomComponentLive, :slide_over live "/workflow", WorkflowLive live "/software", SoftwareLive live "/software/:id", SoftwareLive.Show end #live "/software/:id", SoftwareLive.Show, as: :software_show #resources "/software", SoftwareController, only: [:index, :show] #resources "/sbom_component", ComponentController, only: [:index] end # Enable LiveDashboard and Swoosh mailbox preview in development if Application.compile_env(:da_product_app, :dev_routes) do # If you want to use the LiveDashboard in production, you should put # it behind authentication and allow only admins to access it. # If your application does not have an admins-only section yet, # you can use Plug.BasicAuth to set up some basic authentication # as long as you are also using SSL (which you should anyway). import Phoenix.LiveDashboard.Router scope "/dev" do pipe_through [:browser, :require_authenticated_user] #pipe_through :browser live_dashboard "/dashboard-system", metrics: DaProductAppWeb.Telemetry forward "/mailbox", Plug.Swoosh.MailboxPreview end end ## Authentication routes scope "/", DaProductAppWeb do pipe_through [:browser, :redirect_if_user_is_authenticated] live_session :redirect_if_user_is_authenticated, on_mount: [{DaProductAppWeb.UserAuth, :redirect_if_user_is_authenticated}] do live "/users/register", UserRegistrationLive, :new live "/users/log_in", UserLoginLive, :new live "/users/reset_password", UserForgotPasswordLive, :new live "/users/reset_password/:token", UserResetPasswordLive, :edit live "/transactions/:id", TransactionLive.Show, :show end post "/users/log_in", UserSessionController, :create end scope "/", DaProductAppWeb do pipe_through [:browser, :require_authenticated_user] live_session :require_authenticated_user, on_mount: [{DaProductAppWeb.UserAuth, :ensure_authenticated}] do live "/users/settings", UserSettingsLive, :edit live "/users/settings/confirm_email/:token", UserSettingsLive, :confirm_email end end scope "/", DaProductAppWeb do pipe_through [:browser] delete "/users/log_out", UserSessionController, :delete live_session :current_user, on_mount: [{DaProductAppWeb.UserAuth, :mount_current_user}] do live "/users/confirm/:token", UserConfirmationLive, :edit live "/users/confirm", UserConfirmationInstructionsLive, :new end end scope "/", DaProductAppWeb do pipe_through :non_csrf post "/transaction_post", TransactionPostController, :new end scope "/api", DaProductAppWeb do post "/generate_qr", QRGenerationController, :generate post "/qr", QRController, :generate post "/alipay/dummy/notify", QRController, :notify end scope "/api", DaProductAppWeb do post "/device", DeviceController, :initiate end scope "/api", DaProductAppWeb do post "/qr/initiate", QRInitiateController, :initiate end scope "/api", DaProductAppWeb do # post "/transaction/createQrMf", QRMoreFunController, :initiate post "/Iotmsgtest/createQrMf", QRMoreFunController, :initiate end scope "/api", DaProductAppWeb do pipe_through :api post "/alipay/notify_payment", AlipayWebhookController, :notify_payment end scope "/api", DaProductAppWeb do post "/device/initiate", DeviceInitiateController, :initiate end scope "/api", DaProductAppWeb do pipe_through :api # Updated route for middle-layer logic post "/processTransaction", QRMiddleLayerController, :processTransaction end scope "/api", DaProductAppWeb do pipe_through :api # Updated route for middle-layer logic post "/processNewMiddleTransaction", QRNewMiddleLayerController, :processTransaction end scope "/api", DaProductAppWeb do post "/qr/status", QRInitiateController, :status post "/device/status", DeviceInitiateController, :status post "/device/initiate/status", DeviceInitiateController, :status end scope "/api", DaProductAppWeb do post "/qrmorefun/status", QRMoreFunController, :status end scope "/api", DaProductAppWeb do pipe_through :api post "/cancelPayment", QRMiddleLayerController, :cancel_payment end scope "/api", DaProductAppWeb do pipe_through :api post "/refundPayment", QRMiddleLayerController, :refund_payment end scope "/api", DaProductAppWeb do pipe_through :api get "/merchantTransactions", TransactionsController, :get_transactions get "/merchantDevices", TransactionsController, :get_device_ids get "/merchantStores", TransactionsController, :get_store_details get "/merchantDeviceDetails", TransactionsController, :get_device_details get "/storeDetails", MerchantApiController, :get_store_detail get "/deviceDetails", MerchantApiController, :get_device_detail post "/transactions", MerchantApiController, :get_total_transactions post "/cardTransactions", MerchantApiController, :get_total_card_transactions get "/uniqueDeviceDetails", MerchantApiController, :get_unique_device_detail get "/merchant/hierarchy", MerchantApiController, :get_merchant_hierarchy post "/chain", MerchantApiController, :create_group # Add this line put "/chain", MerchantApiController, :update_group post "/store", MerchantApiController, :create_store put "/store", MerchantApiController, :update_store get "/merchant/brands", MerchantApiController, :get_merchant_brands get "/merchant/providers", MerchantApiController, :get_providers delete "/store", MerchantApiController, :delete_store post "/addMCCCode", MerchantApiController, :add_mcc_code end scope "/api", DaProductAppWeb do pipe_through :api # ...existing routes... get "/getTransactionDetailFromEmail", TransactionsController, :get_transaction_by_email get "/getCustomLogFromTxnId", TransactionsController, :get_custom_log_from_txn_id get "/getDeviceDetailFromDeviceId", TransactionsController, :get_device_by_device_id get "/getStoreDetailFromStoreId", TransactionsController, :get_store_by_store_id end scope "/api", DaProductAppWeb do pipe_through :api # ...existing routes... post "/payment/notify-success", PaymentNotificationController, :process_payment_success end scope "/api", DaProductAppWeb do pipe_through :api # ...existing routes... post "/merchant/saveStoreAndAddress", MerchantApiController, :save_store_and_address post "/merchant/createGroupAndBrand", MerchantApiController, :create_group_and_brand get "/merchant/storeDetails", MerchantApiController, :get_store_details post "/merchant/saveDevice", MerchantApiController, :get_save_device post "/merchant/saveMerchantBatchNumber", MerchantApiController, :get_save_merchant_batch_number post "/merchant/getTerminalsDetails", MerchantApiController, :get_terminals_details post "/merchant/getShukriaTerminalsDetails", MerchantApiController, :getShukriaTerminalsDetails post "/merchant/createShukriaTerminalsDetails", MerchantApiController, :createShukriaTerminalsDetails post "/merchant/getProvidersByAlias", MerchantApiController, :getProvidersByAlias post "/merchant/updateShukriaProviderMidTid", MerchantApiController, :updateShukriaProviderMidTid post "/merchant/updateShukriaYspMidTid", MerchantApiController, :updateShukriaYspMidTid post "/merchant/checkExistingAnniShukriaTerminal", MerchantApiController, :checkExistingAnniShukriaTerminal post "/merchant/updateDevice", MerchantApiController, :updateDevice post "/merchant/forceUpdateDevice", MerchantApiController, :forceUpdateDevice post "/merchant/updateStore", MerchantApiController, :updateStore post "/merchant/transactionRefundDetails", MerchantApiController, :get_transaction_refund_details end scope "/api", DaProductAppWeb do pipe_through :api get "/getAllCardTransaction", PosTransactionController, :get_all_card_transaction get "/getCardTransactionById/:id", PosTransactionController, :get_card_transaction_by_id get "/getDeviceDetailFromDeviceIdTerminalId", PosTransactionController, :get_device_detail_by_serial_terminal_id get "/getDeviceDetailFromDeviceIdProviderId", PosTransactionController, :get_device_by_device_id_provider_id end scope "/api", DaProductAppWeb do pipe_through :api post "/merchant/store/qr", MerchantApiController, :get_merchant_store_qr end scope "/api", DaProductAppWeb do pipe_through :api get "/admin/transactions", MerchantApiController, :get_admin_transactions end #scope "/", DaProductAppWeb do # pipe_through :browser # # LiveView route showing the transaction details. #live "/transactions/:id", TransactionLive.Show, :show #end end