Stripe Mongoose Api is a Mongoose plugin that simplifies building checkout and payment system for apis with stripe. It will provide you:
- Simple way to manage all the users for your api
- Highly customizable code for all your projects
- Ready in a few lines of code
npm install stripe-mongoose-api
First you need to plugin Stripe Mongoose Api into your User schema
const mongoose = require('mongoose');
const Schema = mongoose.Schema;
const stripeMongooseApi = require('stripe-mongoose-api');
const User = new Schema({});
User.plugin(stripeMongooseApi);
module.exports = mongoose.model('User', User);
You're free to define your User how you like. Stripe Mongoose Api will add a apiKey, customerId, subscriptionId and ItemId field.
Additionally Stripe Mongoose Api adds some methods to your Schema. see the Documentation section for more details.
When plugging in Stripe Mongoose Api plugin additional options can be provided to configure the hashing algorithm.
User.plugin(stripeMongooseApi, options);
stripeSecret
: the secret key needed for the stripe api. Default: nullwebhookSecret
: the key to connect the stripe webhook to your localhost. Default: nullpriceId
: the price id of the product that your clients will buy. Default: nullshowUsage
: specifies if send the user record after every api call. Default: falsesuccessUrl
: specifies the url where the user will be redirected after a successful checkout. Default: * localhost:3000*cancelUrl
: specifies the url where the user will be redirected after a non-successful checkout. Default: localhost:3000apiKeyField
: specifies the field name that holds the username. Default apiKeysaltField
: specifies the field name that holds the salt. Default saltcustomerIdField
: specifies the field name that holds the customer id. Default customerIdsubscriptionIdField
: specifies the field name that holds the subscription id. Default subscriptioniditemIdField
: specifies the field name that holds the item id. Default itemIdbytesApiKey
: specifies api key length in bytes. Default 16iterations
: specifies the number of iterations used in pbkdf2 hashing algorithm. Default: 25000salten
: specifies the secret word provided to the hashing algorithmkeylen
: specifies the length in byte of the hashed key. Default: 512digest
: specifies the pbkdf2 digest algorithm. Default: sha256. (get a list of supported algorithms with crypto.getHashes())
Attention! Changing any of the hashing options(salten, iterations, keylen or digest) in production environment will prevent that existing users to authenticate!
MissingStripeSecretKey
: No stripe secret key was givenMissingStripeSignKey
: No stripe sign key was givenInvalidUserError
: User cannot be created because of invalid inputInvalidStripeOptions
: Bad stripe options was providedInvalidHashingOptions
: Bad hashing options was provided
Stripe Mongoose Api use the pbkdf2 algorithm of the node crypto library. Pbkdf2 was chosen because platform independent (in contrary to bcrypt).
For a complete example implementing all the features of this projects see the test folder.
You can find a tutorial here
Methods directly connected to the user. For example to use customerRecords function use
const User = require('./models/user');
const user = User.findOne({});
const user.customerRecords(res);
Return the customer records in base of the user activity
Static methods are exposed on the model constructor. For example to use subscribeUser function use
const User = require('./models/user');
User.subscribeUser(user, res)
subscribeUser will create a checkout session for the user
an handler to request sended by stripe api, that will add to the user an apiKey, a customerId, a subscriptionId and an itemId
The hearth of the application, it will check if the user exist and the validity of the api key, and then i will send dataToSend
to the client
This method will simply provide a new apiKey to then user and the it will return an object with { apiKey, hashedApiKey } , if the user does not have an api it will return 'user.api.failed'
Stripe Mongoose Api is licenses under the MIT license.
Free Software, Hell Yeah!