Skip to content

Instantly share code, notes, and snippets.

@gr2m
Last active April 29, 2024 19:17
Show Gist options
  • Save gr2m/5463675 to your computer and use it in GitHub Desktop.
Save gr2m/5463675 to your computer and use it in GitHub Desktop.
Imagine you could purchase items from your store, with pure JavaScript in the browser. How would it look like? Here's what I came up with. Forks & comments much appreciated! #nobackend #dreamcode
// purchase a product with a credit card
purchase('productId')
.using( {
cc: "4556934156210213",
valid: "2016-10",
csc: "123"
} )
// purchase a product with paypal
purchase('productId')
.using( 'paypal' )
// upgrade a user to a pro plan, payment via paypal.
purchase(
account.upgradoTo( 'pro' )
).using('paypal')
@Jonic
Copy link

Jonic commented Apr 26, 2013

Maybe via would do the trick?

@manast
Copy link

manast commented Apr 26, 2013

purchase('productId').using('paypal')

@matteocrippa
Copy link

I agree with @manast, "using" probably is the best word to describe the action.
The only thing I'm a little worried by is to pass directly the csc number with all the other info, probably we will need a different approach to keep that value a little secured or at least not directly related to all the informations about the cc.

@gr2m
Copy link
Author

gr2m commented May 1, 2013

good catch @mathiasbynens, great suggestion @manast, love it!

Regarding the security concerns: I don't think we need to change anything in the frontend API.

I guess the credit card credentials won't be sent to the app server behind the curtain, instead they should be sent via a secured connection to a certified payment processing server, which then would inform the app server with a callback.

Makes sense?

@matteocrippa
Copy link

@gr2m probably we will have to act something like paypal where the user pass to a secured page all the information and only there it will be asked to the user to provide his/her cc info.

So we can change it with something easier like:

purchase(arrayOfItems).with(paymentMethod);

where paymentMethod can be something like:

  • cc
  • paypal
  • googlecheckout
  • etc

Then the app will route to the right secured page to proceed

@gr2m
Copy link
Author

gr2m commented May 10, 2013

I think we can keep the CC option. Of course you as the app owner can decide not to use it, but technically I don't see a problem with it yet. Let's say for example you'd use stripe to recieve CC payments. If you'd run this code in your visitor's browser:

purchase('productId')
.using( {
  cc: "4556934156210213",
  valid: "2016-10",
  cvc: "123"
} ).then( sayThankYou )

it would

  1. And order object with product: "productId" gets stored in the user's store.
  2. The CC information gets sent right to Stripe's server.
  3. Stripe receives the payment, calls a URL that you configured
  4. Your app's backend receives the POST by Stripe, and markes the order object as successfully processed.
  5. sayThankYou callback gets executed.

@jpillora
Copy link

This looks a lot like: http://simplecartjs.org/

Seems secure to me, just make sure the sensitive information is only stored transiently and always sent over HTTPS.

@gr2m
Copy link
Author

gr2m commented May 26, 2013

wow, simpleCart looks very nice indeed!

@makevoid
Copy link

Bitcoin payments can be easily added with:
http://bitcore.io/playground/#/address and #/transaction

// ...
.using( 'bitcoin/bitcore' )
.payment_request({
  address: "1address...",
  amount: 10000, // satoshis
})

or some more sophisticated and complete example like:

// ...
.using(['bitcoin/bitcore', 'bitcoin/blockchain_info', 'bitcoin/blockr_io'])
.to({
  address: "1address...",
  amount: 10000, // satoshis
}).sign({
  privateKey: "5pvtkey...." // signs the transaction, doesn't send the private key
}).propagate(['blockchain_info', 'blockr_io'])

super-alpha version, need to be discussed I think, also what about multisig? Anyway dreamcode ftw!

@kareraisu
Copy link

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment