/coinbase-commerce-meteor

Enable synchronous calls to Coinbase Commerce's API for Meteor users.

Primary LanguageTypeScriptISC LicenseISC

Coinbase Commerce Meteor

A wrapper package for enabling synchronous usage of Coinbase Commerce's REST API.

This package was written up primarily due to scoping issues with the official package (coinbase-commerce-node) when used in combination with Meteor.wrapAsync

Installation

meteor add jorgenvatle:coinbase-commerce-meteor

Setup

Import library:

import CoinbaseCommerce from 'meteor/jorgenvatle:coinbase-commerce-meteor';

const Commerce = new CoinbaseCommerce('your-api-key', 'your-webhook-shared-secret');

If you add a coinbase object to your project's settings.json, you can skip the above constructor arguments.

settings.json

{
  "coinbase": {
    "key": "Your API key",
    "secret": "Your shared secret"
  }
}

your-script.js

const Commerce = new CoinbaseCommerce();

Charges

const charge = Commerce.createCharge({
    name: 'The Sovereign Individual',
    description: 'Mastering the Transition to the Information Age',
    pricing_type: 'fixed_price',
    local_price: {
        amount: '100.00',
        currency: 'USD'
    },
});
const charge = Commerce.showCharge('charge-id-goes-here');

Webhooks

It's important that you validate webhooks to ensure the authenticity of the webhook data. Without validation, an attacker may be able to spoof webhooks in turn allowing them to fulfill orders that aren't paid for yet.

The webhook validator throws a Meteor.Error for webhooks that don't pass the validation.

Commerce.validateWebhook(req);

Validating with Picker:

Picker.route('/listeners/coinbase', (params, req, res) => {
    Commerce.validateWebhook(req);
    
    // Handle the webhook
});

If you'd rather not have exceptions thrown for invalid/unauthorized webhooks, use the boolean equivalent:

if (Commerce.isValidWebhook(req)) {
    // Webhook is valid!
}

Contributing

To start the development environment, you need to copy settings.example.json to settings.json and add in keys to your Coinbase Commerce application.

When adding new features, please include tests for them.

Build & Test

Running the following command will start up both the TypeScript watcher as well as the test environment.

npm start

License

This repository is licensed under the ISC license.

Copyright (c) 2018, Jørgen Vatle.