Skip to content

Instantly share code, notes, and snippets.

@gr2m

gr2m/payments_dreamcode.js

Last active October 17, 2018 19:20
Show Gist options
  • Star 11 You must be signed in to star a gist
  • Fork 3 You must be signed in to fork a gist
  • Save gr2m/5463675 to your computer and use it in GitHub Desktop.
Save gr2m/5463675 to your computer and use it in GitHub Desktop.
Download ZIP
Imagine you could purchase items from your store, with pure JavaScript in the browser. How would it look like? Here's what I came up with. Forks & comments much appreciated! #nobackend #dreamcode
Raw
payments_dreamcode.js
// purchase a product with a credit card
purchase('productId')
.using( {
cc: "4556934156210213",
valid: "2016-10",
csc: "123"
} )
// purchase a product with paypal
purchase('productId')
.using( 'paypal' )
// upgrade a user to a pro plan, payment via paypal.
purchase(
account.upgradoTo( 'pro' )
).using('paypal')
@gr2m
Copy link
Author

gr2m commented May 1, 2013

good catch @mathiasbynens, great suggestion @manast, love it!

Regarding the security concerns: I don't think we need to change anything in the frontend API.

I guess the credit card credentials won't be sent to the app server behind the curtain, instead they should be sent via a secured connection to a certified payment processing server, which then would inform the app server with a callback.

Makes sense?

@matteocrippa
Copy link

@gr2m probably we will have to act something like paypal where the user pass to a secured page all the information and only there it will be asked to the user to provide his/her cc info.

So we can change it with something easier like:

purchase(arrayOfItems).with(paymentMethod);

where paymentMethod can be something like:

  • cc
  • paypal
  • googlecheckout
  • etc

Then the app will route to the right secured page to proceed

@gr2m
Copy link
Author

gr2m commented May 10, 2013

I think we can keep the CC option. Of course you as the app owner can decide not to use it, but technically I don't see a problem with it yet. Let's say for example you'd use stripe to recieve CC payments. If you'd run this code in your visitor's browser:

purchase('productId')
.using( {
  cc: "4556934156210213",
  valid: "2016-10",
  cvc: "123"
} ).then( sayThankYou )

it would

  1. And order object with product: "productId" gets stored in the user's store.
  2. The CC information gets sent right to Stripe's server.
  3. Stripe receives the payment, calls a URL that you configured
  4. Your app's backend receives the POST by Stripe, and markes the order object as successfully processed.
  5. sayThankYou callback gets executed.

@jpillora
Copy link

This looks a lot like: http://simplecartjs.org/

Seems secure to me, just make sure the sensitive information is only stored transiently and always sent over HTTPS.

@gr2m
Copy link
Author

gr2m commented May 26, 2013

wow, simpleCart looks very nice indeed!

@makevoid
Copy link

Bitcoin payments can be easily added with:
http://bitcore.io/playground/#/address and #/transaction

// ...
.using( 'bitcoin/bitcore' )
.payment_request({
  address: "1address...",
  amount: 10000, // satoshis
})

or some more sophisticated and complete example like:

// ...
.using(['bitcoin/bitcore', 'bitcoin/blockchain_info', 'bitcoin/blockr_io'])
.to({
  address: "1address...",
  amount: 10000, // satoshis
}).sign({
  privateKey: "5pvtkey...." // signs the transaction, doesn't send the private key
}).propagate(['blockchain_info', 'blockr_io'])

super-alpha version, need to be discussed I think, also what about multisig? Anyway dreamcode ftw!

@kareraisu
Copy link

FYI, there's a standard for this now.
Although the API is a bit more complex.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment