I want to set up nodejs bitpay crypto payments. I am trying to test the setup for now.
I have used the bitpay button for it but it doesn't send back the request to the backend at IPN it asks, as my route is: http://localhost:4000/cryptopay
Bitpay Sevice IPN and Browser Redirect
The browser redirect is working but the service IPN is not getting any response from the bitpay. I tried doing console.log at the request.
Backend request handler.
app.post("/cryptopay", async(req, res) => {
console.log("Crypto Pay: ")
console.log(req);
});
Even after many successful payments, I don't have any response here.
Related
I have a react application and I'm trying to implement a "Sign in with Ebay" authentication (Like Google/Facebook OAuth process)
So currently In Ebay Developer I defined the callback url to a route in my backend ('/auth/ebay/callback'), But this is the flow I'm trying to achieve:
User clicks "sign in with ebay" in my app
Ebay OAuth popup window shows up
User authenticates
Ebay is calling my callback in backend with user's code
Closing popup window in React after authentication
Continue authencation in my app (get user data, access token...)
I'm having trouble in step 5:
When ebay calls my callback route, how can I know the client application that initiated the "auth" request to the code ebay given me?
React -> Ebay Auth popup -> backend callback
My backend has no way to know what client React app made the auth request
Currently this is what I have:
In my React app:
function EbaySignIn() {
const signInWithEbay = () => {
const EBAY_AUTH_URI = 'https://auth.sandbox.ebay.com/oauth2/authorize/.....'
window.open(EBAY_AUTH_URI)
}
return (
<button onClick={signInWithEbay}>
sign in with ebay
</button>
)
}
In my Backend (Node.js + NestJS app):
#Get('/auth/ebay/callback')
public authCallback(#Req() req: Request) {
const ebayCodeForGettingUserData = req.query.code
// Interact with ebay API on behalf of the user....
// Rest of app logic....
}
Is there a way to solve this? can I somehow intercept the http requests that the ebay auth page makes to my backend and somehow make the callback route call from my react?
The use of state parameter in the OAuth 2.0 protocol was made for this purpose. You can append a state parameter to the EBAY_AUTH_URI which will be sent back as part of the callback success URL. The client_app_id can be added as the state parameter and this can be used to interpret who the callback was initiated for. state parameter is free text and you can have your own custom key-value mapping as well (url encoded and within the realms of URL size management) to manage your applications.
Refer here for more details
https://www.oauth.com/oauth2-servers/server-side-apps/authorization-code/
What i would suggest is that, once the user have logged in through 0auth, you must also define a unique identifier token for them so it can give you response, that if this {Token User} have logged in, you'll know, if not, then he wasn't able to logged it in or there was something technical, this is what i do most of the time implementation of 0auth.
For getting envelop status, I followed these steps
docusign developer account, under connect, I created a connect with webhook url.
In code , I have given eventNotification with webhook listener url with https:// address of my application.
I am getting response in connect logs. But I am not getting any response in my application webhook listner .why?
I have used Laravel code, with route
Route::post('webhook', [TestController::class, 'webhook']);
But I am not getting any response in function?why?
Ensure that your server (the "listener") has an https URL that is visible (callable) from the public internet. Best way to confirm this: implement a GET function at a URL such as https://your-server.com/hello. It should reply with "hello" when called. Then try entering that URL on your mobile phone.
Look at DocuSign's Connect error log to see what it says.
To assure yourself that DocuSign is sending notification messages, first use https://webhook.site to get a test webhook listener URL, and configure DocuSign to use it.
If you feel that the messages are being sent to your server but are not being received by your software, check your web server's logs. For example, if you're including documents in your notifications, the notifications will be very large and may exceed your web server's default configuration limits.
One issue which I have found, the response which is sent from Webhook to our own custom API, which will receive request from webhook does not match
For e.g.argument webhook sends json payload , so make sure you have same object which is supported by your api from docusign connect
// this is C# code
public async Task Post([FromBody] JObject envelopeData)
To test locally, you can use ngrock, which will create local server but you will be able to debug
You can try something as below. The same worked for me.
if (!Request.Body.CanSeek) { Request.EnableBuffering(); }
Request.Body.Position = 0;
var reader = new StreamReader(Request.Body, Encoding.UTF8);
var body = await reader.ReadToEndAsync().ConfigureAwait(false);
I have front end page - contact us - where every user can fill up the form and contact us.After that the filled form is send to our email. Because on our web site, there will not be user registration, so possible client can contact us but he will not need to sign up to visit our web site because it is not "friendly".
I always secured my web api with json web token, so i see if the user is registered in our db so he can have access to some api routes or not. But because this time there will be no DB with users, how can i secure my api endpoints ?
For example: malicious user comes to my website, he can see in the network tab the post request that is made for sending the email.
He can go in postman, and he can make thousands of request if he wants to my api endpoint and it will make me a problems because he is not filling the form on the frontend page, but maybe he will ping my endpoint very often with pre-made body post maked object in postman.
How can i prevent this things without user authentication ?
So the only way that i found until now is to check the origin - from where the request is coming. We can write a middleware at the beggining of our .js file before all other routes and check that
const express = require('express');
const router = express.Router();
const helpers = require('../utils/helpers');
router.use(helpers.checkOrigin);
router.post("/sendemail", async (req, res) => {
...
})
helpers.js file
const checkOrigin = (req, res, next) => {
console.log("checkOrigin", req.headers.origin);
if(req.headers.origin == "www.yourdomain.com") {
next();
} else {
res.status(403).json({error: "Unauthorized"});
}
}
in the
console.log("checkOrigin", req.headers.origin);
when we send request from postman then it prints undefined so it goes to the else block
but if the request comes from www.yourdomain.com then it will go in the if block, execute next middleware and accept request from all routes below including - sendemail.
If anyone has other solutions and better please let me know !
I want to create a new customer in Stripe upon form submit and add that customer's credit card to their account. As of now, I'm using the following code upon submit in my React App. The create customer call is then made separately from my server:
async submit(ev) {
let {token} = await this.props.stripe.createToken({name: "Name"});
let response = await fetch("https://api.stripe.com/v1/customers", {
method: "POST",
headers: {"Content-Type": "text/plain"},
body: token.id
});
When sending that data, I get a 401 error on the let response = ... line. I know that a 401 is an auth error, but my test API keys are definitely correct and don't have limits on how they can access my stripe account. Can anyone advise?
The issue here is that you are trying to create a Customer object client-side in raw Javascript. This API request requires your Secret API key. This means you can never do this client-side, otherwise anyone could find your API key and use it to make refunds or transfer for example.
Instead, you need to send the token to your own server. There, you will be able to create a Customer or a Charge using one of Stripe's official libraries instead of making the raw HTTP request yourself.
In my case, it's throwing the error due to a missing of stripe public key
var stripe = Stripe('{{ env("STRIPE_KEY") }}');
then I pass the public key as above, and it worked like a charm.
I am testing Stripe webhooks locally using ngrok, so that the webhooks can be sent to an endpoint on localhost.
I want to test saving customer and payment information to my database, however, it seems like the middleware isn't attaching req.user (set by Passport) like it is on any other route. This makes it a lot less convenient in terms of accessing the authenticated user.
I could do the database work on the routes where I receive a Stripe token, but the bulk of useful information is sent as a webhook. Another option is to save the charge id or customer id at that stage, and then to look up the user at a later stage, but again this seems like unnecessary work.
I'm a little confused as to why this is, unless I'm missing something super obvious.
router.post('/stripe/webhook', (req, res) => {
console.log(req.user); //undefined
res.sendStatus(200);
});
You can find the detail of Stripe webhook mechanism here
You need to parse the body of the request which is holding the payload JSON
Example receiving endpoint :
app.post("/my/webhook/url", function(request, response) {
// Retrieve the request's body and parse it as JSON
var event_json = JSON.parse(request.body);
// Do something with event_json
response.send(200);
});
You can test the your receiving endpoint by test JSON which you can found in Event API of Stripe! And you send test JSON using many app like POSTMAN
(having also a chrome app)