Security News
pnpm 10.0.0 Blocks Lifecycle Scripts by Default
pnpm 10 blocks lifecycle scripts by default to improve security, addressing supply chain attack risks but sparking debate over compatibility and workflow changes.
@adamvr/feathers-stripe
Advanced tools
A Feathers service for Stripe
This is still a work in progress and is not ready for production. Pull requests welcome! :smile:
npm install feathers-stripe --save
Please refer to the Stripe API Docs and the stripe-node docs for options that can be passed. Feathers service methods map to the following Stripe methods:
find
-> Stripe list
get
-> Stripe retrieve
create
-> Stripe create
patch
-> Stripe update
(in most cases). Some special cases in include paying an invoice or an order when you pass {pay: true}
as part of hook.data
.update
-> Stripe update
remove
-> Stripe del
(except in the case of transfers where we create a reversal)If a method is not supported by Stripe for a given resource it is not support here as well.
The following services are supported and map to the appropriate Stripe resource:
account
bankAccount
balance
card
charge
coupon
customer
customerSubscription
dispute
event
invoiceItem
invoice
order
plan
product
recipient
refund
sku
subscription
token
transaction
transfer
transferReversal
They are all referenced by stripe.<resource>
and can be used like so:
var stripe = require('feathers-stripe');
app.use('/stripe/charges', stripe.charge({ secretKey: 'your secret stripe key' }));
Coming Soon!
Coming soon!
The following are not fully supported. If you wish to add support pull requests are very welcome.
applePayDomains
threeDSecure
bitcoinReceivers
Pagination is also not currently supported. You can limit
results for finds but you need to handle pagination yourself.
This is pretty important! Since this connects to your Stripe account you want to make sure that you don't expose these endpoints via your app unless the user has the appropriate permissions. You can prevent any external access by doing this:
var hooks = require('feathers-hooks');
app.service('/stripe/charges').before({
all: [hooks.disable('external')]
});
To learn what that actually did you can read about some of the built-in Feathers hooks and about securing your Feathers app.
Here's an example of a Feathers server that uses feathers-authentication
for local auth. It includes a users
service that uses feathers-mongoose
. Note that it does NOT implement any authorization.
var feathers = require('feathers');
var rest = require('feathers-rest');
var socketio = require('feathers-socketio');
var hooks = require('feathers-hooks');
var bodyParser = require('body-parser');
var errorHandler = require('feathers-errors/handler');
var stripe = require('feather-stripe');
// Initialize the application
var app = feathers()
.configure(rest())
.configure(socketio())
.configure(hooks())
// Needed for parsing bodies (login)
.use(bodyParser.json())
.use(bodyParser.urlencoded({ extended: true }))
// A simple Message service that we can used for testing
.use('/stripe/charges', stripe.charge({ secretKey: 'your secret stripe key' }))
.use('/', feathers.static(__dirname + '/public'))
.use(errorHandler({ html: false }));
function validateCharge() {
return function(hook) {
console.log('Validating charge code goes here');
};
}
var chargeService = app.service('stripe/charges');
chargeService.before({
create: [validateCharge()]
});
var Charge = {
amount: 400,
currency: "cad",
source: "tok_87rau6axWXeqLq", // obtained with Stripe.js
description: "Charge for test@example.com"
};
chargeService.create(Charge).then(result => {
console.log('Charge created', result);
}).catch(error => {
console.log('Error creating charge', error);
});
app.listen(3030);
console.log('Feathers authentication app started on 127.0.0.1:3030');
0.3.0
$limit
for find queries0.2.0
0.1.0
Copyright (c) 2015
Licensed under the MIT license.
v0.3.3 (2017-09-27)
FAQs
A Feathers service for Stripe
The npm package @adamvr/feathers-stripe receives a total of 8 weekly downloads. As such, @adamvr/feathers-stripe popularity was classified as not popular.
We found that @adamvr/feathers-stripe demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
pnpm 10 blocks lifecycle scripts by default to improve security, addressing supply chain attack risks but sparking debate over compatibility and workflow changes.
Product
Socket now supports uv.lock files to ensure consistent, secure dependency resolution for Python projects and enhance supply chain security.
Research
Security News
Socket researchers have discovered multiple malicious npm packages targeting Solana private keys, abusing Gmail to exfiltrate the data and drain Solana wallets.