问题是,如果用户订阅产品,则会产生费用,并从订阅者中扣除金额。然后将生成发票,同时再次从订户账户中扣除金额。从订户帐户中双倍付款。
后端代码:
exports.createSubscription = function(req, res, next) {
console.log("1");
if (req.body.payment_method_id == undefined || req.body.payment_method_id == ''){
console.log("2")
console.log("Payment : -"+req.body.payment_method_id)
Response.failure(req, res, '', 'payment_method_id is required')
}
else{
console.log("package_name : -"+req.body.package_name)
if (req.body.package_name == undefined || req.body.package_name == '') {
console.log("4")
Response.failure(req, res, '', 'package_name is required')
}
else{
console.log("5")
console.log("amount : -"+req.body.amount)
if (req.body.amount == undefined || req.body.amount == '') {
console.log("6")
Response.failure(req, res, '', 'amount is required')
}
else{
console.log("7")
User.findById(req.userId,function(err, user){
console.log("7")
if(user){
console.log("8")
console.log("Inside User")
if(user.stripe_customer_id){
console.log("Inside User Stripe")
stripe.paymentMethods.attach(req.body.payment_method_id, {
customer: user.stripe_customer_id,
}).then((attch) => {
console.log("10")
console.log("Attch :- "+JSON.stringify(attch))
stripe.customers.update(
user.stripe_customer_id,
{
invoice_settings: {
default_payment_method: req.body.payment_method_id,
},
}
).then((up) => {
console.log("11")
console.log("UP :- "+JSON.stringify(up))
stripe.products.create({
name: req.body.package_name,
}).then((product) => {
console.log("12")
console.log("product :- "+JSON.stringify(product))
stripe.prices.create({
unit_amount: req.body.amount * 100,
currency: 'gbp',
recurring: {interval: 'month'},
product: product.id,
}).then((price) => {
console.log("13")
console.log("Price :- "+JSON.stringify(price))
stripe.subscriptions.create({
customer: user.stripe_customer_id,
items: [{ price: price.id }],
expand: ['latest_invoice.payment_intent'],
}).then((subscription) => {
console.log("14")
Response.success(req, res, subscription, 'Subscription created.')
console.log("done")
}).catch((error) => {
console.log("15")
Response.failure(req, res, {}, error.raw.message)
});
}).catch((error) => {
console.log("16")
Response.failure(req, res, {}, error.raw.message)
});
}).catch((error) => {
console.log("15")
Response.failure(req, res, {}, error.raw.message)
});
}).catch((error) => {
console.log("15")
Response.failure(req, res, {}, error.raw.message)
});
}).catch((error) => {
console.log("17")
Response.failure(req, res, {}, error.raw.message)
});
}
}
})
}
}
}
}
有人可以建议我如何修复它吗?
一些事情:
req.body.amount * 100
非常危险。这意味着恶意用户可以改变他们支付的价格。
.then()
。
// Create the Customer
const customer = await stripe.customers.create({
name: 'Foo Bar',
email: '[email protected]',
});
// Then create the Subscription for that customer
const subscription = await stripe.subscriptions.create({
customer: customer.id,
items: [{ price: "price_xxx" }],
payment_behavior: 'default_incomplete',
payment_settings: { save_default_payment_method: 'on_subscription' },
expand: ['latest_invoice.payment_intent'],
});
// Finally send the client secret on the frontend to collect a PaymentMethod
res.send({
clientSecret: subscription.latest_invoice.payment_intent.client_secret,
});