Stripe Sources Best Practice

node v4.9.1
version: 7.0.0
var tonicExpress = require("@runkit/runkit/express-endpoint/1.0.0"); // Just provide the exports object to the tonicExpress helper var app = tonicExpress(module.exports) var bodyParser = require('body-parser'); var jsonParser = bodyParser.json(); app.use(bodyParser.urlencoded({ extended: false })); app.all('/*', function(req, res, next) { // Allow requests from my Github page and localhost var allowedOrigins = ['http://localhost:8888', 'https://tschaeff.github.io', 'https://stripe-internal.github.io', 'https://thorsten-stripe.github.io']; var origin = req.headers.origin; if(allowedOrigins.indexOf(origin) > -1){ res.setHeader('Access-Control-Allow-Origin', origin); res.header("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept"); } next(); }); app.get("/", jsonParser, (req, res) => { res.send("test"); }); // Creating sources app.post("/sources", jsonParser, (req, res) => { // Copy this notebook and set your own secret key // https://runkit.com/settings/environment var stripe = require("stripe")(process.env.STRIPE_SECRET_TEST_KEY); const chargeCurrency = 'eur'; let reqData = req.body; reqData.currency = chargeCurrency; reqData.redirect = { return_url: req.headers.referer }; stripe.sources.create(reqData).then(source => { res.json(source) }).catch(err => { res.json(err) }); }); // Handle source.chargeable Webhook app.post("/webhook", jsonParser, (req, res) => { // Copy this notebook and set your own secret key // https://runkit.com/settings/environment var stripe = require("stripe")(process.env.STRIPE_SECRET_TEST_KEY); // Retrieve the request's body and parse it as JSON try { // Retrieve the request's body and parse it as JSON var event_json = req.body; // Verify the event by fetching it from Stripe stripe.events.retrieve(event_json.id, function(err, event) { let eventObject = event.data.object; let objectType = eventObject.object; // Handle the different events switch (objectType) { case 'source': // Charge the source // For demo purposes we're retrieving the amount from the source object. // In your application, always make sure to retrieve the amount from your database! let source = eventObject; // Only charge sources that are in allowedSources // Only charge sources that have amount & currency set const allowedSources = ['card','sofort','sepa_debit','giropay','ideal','bancontact']; if(allowedSources.indexOf(source.type) > -1 && !!source.amount && !!source.currency) { stripe.charges.create({ amount: source.amount, currency: source.currency, source: source.id }).then(function(charge) { res.json(charge); }).catch(function(err) { res.json(err) }); } else { res.send(200) } break; case 'charge': // For demo purposes we're adding the charge status to the source's metadata. // In your application you should update the status in your database. let charge = eventObject; stripe.sources.setMetadata( charge.source.id, "charge_status", charge.status ).then(metadata => res.json(metadata)) break; default: res.send(200) break; } }); } catch(e) { console.log(e) } });
Once you create your Express app with the tonicExpress helper, it works like any other Express app. You can use middleware, declare routes, etc.

