Create a gist now

Instantly share code, notes, and snippets.

Imagine you could purchase items from your store, with pure JavaScript in the browser. How would it look like? Here's what I came up with. Forks & comments much appreciated! #nobackend #dreamcode
// purchase a product with a credit card
purchase('productId')
.using( {
cc: "4556934156210213",
valid: "2016-10",
csc: "123"
} )
// purchase a product with paypal
purchase('productId')
.using( 'paypal' )
// upgrade a user to a pro plan, payment via paypal.
purchase(
account.upgradoTo( 'pro' )
).using('paypal')
@mathiasbynens

with is a reserved word, so you might want to pick some other name.

@Jonic
Jonic commented Apr 26, 2013

Maybe via would do the trick?

@manast
manast commented Apr 26, 2013

purchase('productId').using('paypal')

@matteocrippa

I agree with @manast, "using" probably is the best word to describe the action.
The only thing I'm a little worried by is to pass directly the csc number with all the other info, probably we will need a different approach to keep that value a little secured or at least not directly related to all the informations about the cc.

@gr2m
Owner
gr2m commented May 1, 2013

good catch @mathiasbynens, great suggestion @manast, love it!

Regarding the security concerns: I don't think we need to change anything in the frontend API.

I guess the credit card credentials won't be sent to the app server behind the curtain, instead they should be sent via a secured connection to a certified payment processing server, which then would inform the app server with a callback.

Makes sense?

@matteocrippa

@gr2m probably we will have to act something like paypal where the user pass to a secured page all the information and only there it will be asked to the user to provide his/her cc info.

So we can change it with something easier like:

purchase(arrayOfItems).with(paymentMethod);

where paymentMethod can be something like:

  • cc
  • paypal
  • googlecheckout
  • etc

Then the app will route to the right secured page to proceed

@gr2m
Owner
gr2m commented May 10, 2013

I think we can keep the CC option. Of course you as the app owner can decide not to use it, but technically I don't see a problem with it yet. Let's say for example you'd use stripe to recieve CC payments. If you'd run this code in your visitor's browser:

purchase('productId')
.using( {
  cc: "4556934156210213",
  valid: "2016-10",
  cvc: "123"
} ).then( sayThankYou )

it would

  1. And order object with product: "productId" gets stored in the user's store.
  2. The CC information gets sent right to Stripe's server.
  3. Stripe receives the payment, calls a URL that you configured
  4. Your app's backend receives the POST by Stripe, and markes the order object as successfully processed.
  5. sayThankYou callback gets executed.
@jpillora

This looks a lot like: http://simplecartjs.org/

Seems secure to me, just make sure the sensitive information is only stored transiently and always sent over HTTPS.

@gr2m
Owner
gr2m commented May 26, 2013

wow, simpleCart looks very nice indeed!

@makevoid

Bitcoin payments can be easily added with:
http://bitcore.io/playground/#/address and #/transaction

// ...
.using( 'bitcoin/bitcore' )
.payment_request({
  address: "1address...",
  amount: 10000, // satoshis
})

or some more sophisticated and complete example like:

// ...
.using(['bitcoin/bitcore', 'bitcoin/blockchain_info', 'bitcoin/blockr_io'])
.to({
  address: "1address...",
  amount: 10000, // satoshis
}).sign({
  privateKey: "5pvtkey...." // signs the transaction, doesn't send the private key
}).propagate(['blockchain_info', 'blockr_io'])

super-alpha version, need to be discussed I think, also what about multisig? Anyway dreamcode ftw!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment