如何让角的实际条纹电荷（stripeToken已经知道）？ [英] How to make the actual Stripe charge in Angular (stripeToken already known)?

问题描述

我使用href=\"https://github.com/tobyn/angular-stripe-checkout\" rel=\"nofollow\">角条纹结账库的 stripeToken 像这样的例如的。一些亮点如下所示。

就像许多角条纹库和示例，那只能说明如何创建stripeToken。

不过，我不清楚怎​​么有检索stripeToken后实际收取用户？

在条纹他们有说明如何与node.js中用户的充电但我不清楚如何设置这一点，并使其与角兼容。

---

的code亮点

HTML

 ＆LT;按钮NG点击=product.doCheckout（）＆GT;买入＆LT; /按钮＆GT;
 

JS

  //注意：StripeCheckout在控制器中注入
product.doCheckout =功能（标记，参数）{        //您应该配置的处理程序的视图加载时，
        //如果你直接使用checkout.js就像你。
        //
        //不像香草条纹结帐处理，这个人能
        //重复使用多次，只要你喜欢。
        VAR处理器= StripeCheckout.configure（{
          名称：自定义示例，
          令牌：功能（令牌，参数）{
              的console.log（token.id）
            //$log.debug(\"Got条纹令牌：+ token.id）;
          }
        }）;        VAR的选择= {
          说明：10 dollahs！
          量：10000
        };        //默认的处理程序API由具有open（）时增强
        //返回一个承诺。此许可代替使用，或者
        //除了令牌回调（或者你可以忽略
        //它，如果你喜欢默认的API）。
        //
        //该拒绝回调不IE6-7工作。
        handler.open（选项）
          。然后（功能（结果）{
            警报（得到条纹令牌：+结果[0] .ID）;
            的console.log（结果）;            VAR条纹= window.Stripe;
            VAR stripeToken =结果[0] .ID;            //
            // 接下来是什么？          }，函数（）{
            警报（条纹结帐关闭而不做销售:(）;
          }
        ）;
    };
 

解决方案

简短的回答是：不这样做。

详细的回答：你已经收到这条标记是一个事务ID。它是公共的，因为它本身不构成危险。把它看成是一个查找关键看你要处理的收费卡。

要过程的交易，但是，你需要一个私人/秘密元：你的密钥。为了处理它的客户端，你需要这个秘密泄露给客户端，这意味着，该值将是任何人都可见。

我不认为这是明智的做，尤其是有问题的密钥是API密钥，以条纹。

我也有过短暂的检查，他们的API不播CORS头，所以无论是什么，你正在使用某种形式的后台执行请求卡住了。

后端请求创建收费实际上是pretty简单。在实践中，HTTP调用类似于这样：

 卷曲https://api.stripe.com/v1/charges \\
  -u sk_test_BQokikJOvBiI2HlWgH4olfQ2：\\
  -d金额= 400 \\
  -d货币= USD \\
  -d源= tok_16t4Xt2eZvKYlo2CLvBSsmXD \\
  -d描述=充电的test@example.com
 

• sk_test_BQokikJOvBiI2HlWgH4olfQ2 是API密钥


• 您正在充电400美元与


• 在源是收到
条纹令牌

• 的描述是支付说明

如果您可以复制一个电话像这样的任何服务器端环境中，你是金色的。

（这直接来自他们的API文档在 https://stripe.com/docs/api#create_charge ）

I am using the Angular-Stripe-Checkout library to create a stripeToken like in this example. Some highlights are shown below.

Like in many angular-stripe libraries and examples, it only shows how to create the stripeToken.

However, it is unclear to me how to actually charge the user after having retrieved the stripeToken?

On Stripe they have instructions on how to charge the user with node.js. But it is unclear to me how to setup this and make it compatible with the Angular.

---

Highlights of the code

html

<button ng-click="product.doCheckout()">Buy</button>

js

// note: StripeCheckout is injected in the controller
product.doCheckout = function(token, args) {

        // You should configure a handler when the view is loaded,
        // just as you would if you were using checkout.js directly.
        //
        // Unlike a vanilla Stripe Checkout handler, this one can be
        // reused as many times as you like.
        var handler = StripeCheckout.configure({
          name: "Custom Example",
          token: function(token, args) {
              console.log(token.id)
            //$log.debug("Got stripe token: " + token.id);
          }
        });

        var options = {
          description: "Ten dollahs!",
          amount: 10000
        };

        // The default handler API is enhanced by having open()
        // return a promise. This promise can be used in lieu of or
        // in addition to the token callback (or you can just ignore
        // it if you like the default API).
        //
        // The rejection callback doesn't work in IE6-7.
        handler.open(options)
          .then(function(result) {
            alert("Got Stripe token: " + result[0].id);
            console.log(result);

            var stripe = window.Stripe;
            var stripeToken = result[0].id;

            //
            // what next?

          },function() {
            alert("Stripe Checkout closed without making a sale :(");
          }
        );
    };

解决方案

The short answer is: don't do it.

The long answer: this stripe token that you've received is a transaction ID. It is public, in that it itself poses no risk. Think of it as a lookup key to the card you want to process charges on.

To process the transaction, however, you need a private/secret element: your secret key. In order to process it client-side, you'd need to leak this secret to the client, which means that this value would be visible to anybody.

I don't think it's smart to do that, especially as the secret key in question is your API key to stripe.

I also had a brief check, their API doesn't broadcast CORS headers, so no matter what, you're stuck using a backend of some sort to perform the request.

The backend request to create the charge is actually pretty straightforward. In practice, the HTTP call is similar to this:

curl https://api.stripe.com/v1/charges \
  -u sk_test_BQokikJOvBiI2HlWgH4olfQ2: \
  -d amount=400 \
  -d currency=usd \
  -d source=tok_16t4Xt2eZvKYlo2CLvBSsmXD \
  -d description="Charge for test@example.com"

• sk_test_BQokikJOvBiI2HlWgH4olfQ2 is the API key
• you're charging 400 USD with that
• the source is the stripe token you've received
• the description is the payment description

If you can replicate a call like this on any server-side environment, you're golden.

(This came straight from their API doc at https://stripe.com/docs/api#create_charge )

这篇关于如何让角的实际条纹电荷（stripeToken已经知道）？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！