Create a gist now

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Imagine you could purchase items from your store, with pure JavaScript in the browser. How would it look like? Here's what I came up with. Forks & comments much appreciated! #nobackend #dreamcode
// purchase a product with a credit card
purchase('productId')
.using( {
cc: "4556934156210213",
valid: "2016-10",
csc: "123"
} )
// purchase a product with paypal
purchase('productId')
.using( 'paypal' )
// upgrade a user to a pro plan, payment via paypal.
purchase(
account.upgradoTo( 'pro' )
).using('paypal')
@mathiasbynens

This comment has been minimized.

Show comment
Hide comment

with is a reserved word, so you might want to pick some other name.

@Jonic

This comment has been minimized.

Show comment
Hide comment
@Jonic

Jonic Apr 26, 2013

Maybe via would do the trick?

Jonic commented Apr 26, 2013

Maybe via would do the trick?

@manast

This comment has been minimized.

Show comment
Hide comment
@manast

manast Apr 26, 2013

purchase('productId').using('paypal')

manast commented Apr 26, 2013

purchase('productId').using('paypal')

@matteocrippa

This comment has been minimized.

Show comment
Hide comment
@matteocrippa

matteocrippa Apr 26, 2013

I agree with @manast, "using" probably is the best word to describe the action.
The only thing I'm a little worried by is to pass directly the csc number with all the other info, probably we will need a different approach to keep that value a little secured or at least not directly related to all the informations about the cc.

I agree with @manast, "using" probably is the best word to describe the action.
The only thing I'm a little worried by is to pass directly the csc number with all the other info, probably we will need a different approach to keep that value a little secured or at least not directly related to all the informations about the cc.

@gr2m

This comment has been minimized.

Show comment
Hide comment
@gr2m

gr2m May 1, 2013

good catch @mathiasbynens, great suggestion @manast, love it!

Regarding the security concerns: I don't think we need to change anything in the frontend API.

I guess the credit card credentials won't be sent to the app server behind the curtain, instead they should be sent via a secured connection to a certified payment processing server, which then would inform the app server with a callback.

Makes sense?

Owner

gr2m commented May 1, 2013

good catch @mathiasbynens, great suggestion @manast, love it!

Regarding the security concerns: I don't think we need to change anything in the frontend API.

I guess the credit card credentials won't be sent to the app server behind the curtain, instead they should be sent via a secured connection to a certified payment processing server, which then would inform the app server with a callback.

Makes sense?

@matteocrippa

This comment has been minimized.

Show comment
Hide comment
@matteocrippa

matteocrippa May 6, 2013

@gr2m probably we will have to act something like paypal where the user pass to a secured page all the information and only there it will be asked to the user to provide his/her cc info.

So we can change it with something easier like:

purchase(arrayOfItems).with(paymentMethod);

where paymentMethod can be something like:

  • cc
  • paypal
  • googlecheckout
  • etc

Then the app will route to the right secured page to proceed

@gr2m probably we will have to act something like paypal where the user pass to a secured page all the information and only there it will be asked to the user to provide his/her cc info.

So we can change it with something easier like:

purchase(arrayOfItems).with(paymentMethod);

where paymentMethod can be something like:

  • cc
  • paypal
  • googlecheckout
  • etc

Then the app will route to the right secured page to proceed

@gr2m

This comment has been minimized.

Show comment
Hide comment
@gr2m

gr2m May 10, 2013

I think we can keep the CC option. Of course you as the app owner can decide not to use it, but technically I don't see a problem with it yet. Let's say for example you'd use stripe to recieve CC payments. If you'd run this code in your visitor's browser:

purchase('productId')
.using( {
  cc: "4556934156210213",
  valid: "2016-10",
  cvc: "123"
} ).then( sayThankYou )

it would

  1. And order object with product: "productId" gets stored in the user's store.
  2. The CC information gets sent right to Stripe's server.
  3. Stripe receives the payment, calls a URL that you configured
  4. Your app's backend receives the POST by Stripe, and markes the order object as successfully processed.
  5. sayThankYou callback gets executed.
Owner

gr2m commented May 10, 2013

I think we can keep the CC option. Of course you as the app owner can decide not to use it, but technically I don't see a problem with it yet. Let's say for example you'd use stripe to recieve CC payments. If you'd run this code in your visitor's browser:

purchase('productId')
.using( {
  cc: "4556934156210213",
  valid: "2016-10",
  cvc: "123"
} ).then( sayThankYou )

it would

  1. And order object with product: "productId" gets stored in the user's store.
  2. The CC information gets sent right to Stripe's server.
  3. Stripe receives the payment, calls a URL that you configured
  4. Your app's backend receives the POST by Stripe, and markes the order object as successfully processed.
  5. sayThankYou callback gets executed.
@jpillora

This comment has been minimized.

Show comment
Hide comment
@jpillora

jpillora May 16, 2013

This looks a lot like: http://simplecartjs.org/

Seems secure to me, just make sure the sensitive information is only stored transiently and always sent over HTTPS.

This looks a lot like: http://simplecartjs.org/

Seems secure to me, just make sure the sensitive information is only stored transiently and always sent over HTTPS.

@gr2m

This comment has been minimized.

Show comment
Hide comment
@gr2m

gr2m May 26, 2013

wow, simpleCart looks very nice indeed!

Owner

gr2m commented May 26, 2013

wow, simpleCart looks very nice indeed!

@makevoid

This comment has been minimized.

Show comment
Hide comment
@makevoid

makevoid Jul 28, 2015

Bitcoin payments can be easily added with:
http://bitcore.io/playground/#/address and #/transaction

// ...
.using( 'bitcoin/bitcore' )
.payment_request({
  address: "1address...",
  amount: 10000, // satoshis
})

or some more sophisticated and complete example like:

// ...
.using(['bitcoin/bitcore', 'bitcoin/blockchain_info', 'bitcoin/blockr_io'])
.to({
  address: "1address...",
  amount: 10000, // satoshis
}).sign({
  privateKey: "5pvtkey...." // signs the transaction, doesn't send the private key
}).propagate(['blockchain_info', 'blockr_io'])

super-alpha version, need to be discussed I think, also what about multisig? Anyway dreamcode ftw!

Bitcoin payments can be easily added with:
http://bitcore.io/playground/#/address and #/transaction

// ...
.using( 'bitcoin/bitcore' )
.payment_request({
  address: "1address...",
  amount: 10000, // satoshis
})

or some more sophisticated and complete example like:

// ...
.using(['bitcoin/bitcore', 'bitcoin/blockchain_info', 'bitcoin/blockr_io'])
.to({
  address: "1address...",
  amount: 10000, // satoshis
}).sign({
  privateKey: "5pvtkey...." // signs the transaction, doesn't send the private key
}).propagate(['blockchain_info', 'blockr_io'])

super-alpha version, need to be discussed I think, also what about multisig? Anyway dreamcode ftw!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment