From c07952629cabb86a4ff8bd5d5976bdc73a4107ca Mon Sep 17 00:00:00 2001
From: Kukks <evilkukka@gmail.com>
Date: Mon, 28 Sep 2020 08:30:50 +0200
Subject: [PATCH] Commenting OrderTransactionRegisterLogic

---
 .../Shopify/OrderTransactionRegisterLogic.cs       | 14 +++++++++-----
 1 file changed, 9 insertions(+), 5 deletions(-)

diff --git a/BTCPayServer/Services/Shopify/OrderTransactionRegisterLogic.cs b/BTCPayServer/Services/Shopify/OrderTransactionRegisterLogic.cs
index 23e391d49..77f4f1d8f 100644
--- a/BTCPayServer/Services/Shopify/OrderTransactionRegisterLogic.cs
+++ b/BTCPayServer/Services/Shopify/OrderTransactionRegisterLogic.cs
@@ -1,9 +1,6 @@
-using System;
 using System.Linq;
 using System.Threading.Tasks;
 using BTCPayServer.Services.Shopify.ApiModels;
-using Microsoft.EntityFrameworkCore.Internal;
-using Newtonsoft.Json.Linq;
 
 namespace BTCPayServer.Services.Shopify
 {
@@ -25,10 +22,10 @@ namespace BTCPayServer.Services.Shopify
             {
                 return null;
             }
-            
-            
+            //TODO: verify if we should be doing this or filtering out the parent transaction by the gateway (the one that shows in the checkout UI, aka the manual payment method created by the merchant)
             var baseParentTransaction = existingShopifyOrderTransactions[0];
             
+            //technically, this exploit should not be possible as we use internal invoice tags to verify that the invoice was created by our controlled, dedicated endpoint.
             if (currency.ToUpperInvariant().Trim() != baseParentTransaction.currency.ToUpperInvariant().Trim())
             {
                 // because of parent_id present, currency will always be the one from parent transaction
@@ -41,21 +38,28 @@ namespace BTCPayServer.Services.Shopify
             var kind = "capture";
             var parentId = baseParentTransaction.id;
             var status = success ? "success" : "failure";
+            //find all existing transactions recorded around this invoice id 
             var existingShopifyOrderTransactionsOnSameInvoice =
                 existingShopifyOrderTransactions.Where(holder => holder.authorization == invoiceId);
             
+            //filter out the successful ones
             var successfulActions =
                 existingShopifyOrderTransactionsOnSameInvoice.Where(holder => holder.status == "success").ToArray();
 
+            //of the successful ones, get the ones we registered as a valid payment
             var successfulCaptures = successfulActions.Where(holder => holder.kind == "capture").ToArray();
+            
+            //of the successful ones, get the ones we registered as a voiding of a previous successful payment
             var refunds = successfulActions.Where(holder => holder.kind == "refund").ToArray();
             
+            //if we are working with a non-success registration, but see that we have previously registered this invoice as a success, we switch to creating a "void" transaction, which in shopify terms is a refund.
             if (!success && successfulCaptures.Length > 0 && (successfulCaptures.Length - refunds.Length) > 0)
             {
                 kind = "void";
                 parentId = successfulCaptures.Last().id;
                 status = "success";
             }
+            //if we are working with a success registration, but can see that we have already had a successful transaction saved, get outta here
             else if(success && successfulCaptures.Length >0 && (successfulCaptures.Length - refunds.Length  ) > 0 ) 
             {
                 return null;