我想把条纹加入我的小项目中。这是一个Rails API应用程序,所以现在没有前端。我在测试用信用卡支付时遇到了这个错误。
“将信用卡号码直接发送到Stripe API通常是不安全的。我们建议您使用Map到正在使用的测试卡的测试令牌,请参阅https://stripe.com/docs/testing."
我知道我不能直接将信用卡的详细信息传递给API,但我正在做的是将信用卡信息传递给Stripe::Token*,这样它就可以对卡进行令牌化,然后传递给Stripe::Charge**方法。
以下是我的User Model:
class User < ApplicationRecord
# Include default devise modules. Others available are:
# :confirmable, :lockable, :timeoutable and :omniauthable
devise :database_authenticatable, :registerable,
:recoverable, :trackable, :validatable
include DeviseTokenAuth::Concerns::User
validates :stripe_id, presence: true
has_many :orders
before_validation :create_on_stripe, on: :create
def create_on_stripe
params = { email: self.email, name: self.first_name }
response = Stripe::Customer.create(params)
pry
self.stripe_id = response.id
end字符串
我的订单型号:
class Order < ApplicationRecord
attr_accessor :credit_card_number, :credit_card_exp_month, :credit_card_exp_year, :credit_card_cvv
belongs_to :user
has_one :payment
after_create :create_payment
enum payment_method: %i[credit_card]
def create_payment
params = {
order_id: id,
credit_card_number: credit_card_number,
credit_card_exp_month: credit_card_exp_month,
credit_card_exp_year: credit_card_exp_year,
credit_card_cvv: credit_card_cvv
}
Payment.create!(params)
end
end型
支付模式:
class Payment < ApplicationRecord
attr_accessor :credit_card_number, :credit_card_exp_month, :credit_card_exp_year, :credit_card_cvv
belongs_to :order
before_validation :create_on_stripe
def create_on_stripe
token = get_token
params = { amount: order.amount_cents, currency: 'usd', source: token}
response = Stripe::Charge.create(params)
self.stripe_id = response.id
end
def get_token
Stripe::Token.create({
card: {
number: credit_card_number,
exp_month: credit_card_exp_month,
exp_year: credit_card_exp_year,
cvc: credit_card_cvv,
}
})
end
end型
订单控制器是这样的:
module Api
module V1
class OrdersController < Api::V1::ApiController
include Pundit
after_action :verify_authorized, except: [:create]
def create
@order = Order.new(order_params.merge(amount_cents: 500, payment_method: 'credit_card'))
if @order.save
render json: { order: @order, payment: @order.payment }, status: :created
else
render json: @response.errors, status: :unprocessable_entity
end
end
private
def order_params
params.require(:data).permit(:user_id, :credit_card_number, :credit_card_exp_month, :credit_card_exp_year, :credit_card_cvv)
end
end
end
end型
Postman 的请求如下,所有这些数据到达get_token方法,在那里它失败,显示所提到的错误。
POST http://localhost:3000/api/v1/orders
{
"data": {
"user_id": 1,
"credit_card_number": "4000056655665556",
"credit_card_exp_month": "12",
"credit_card_exp_year": "2030",
"credit_card_cvv": "123"
}
}型
任何帮助将非常感谢。谢啦,谢啦
1条答案
按热度按时间p5fdfcr11#
这里没有一个明确的问题,但我会推断,这是“我如何才能做到这一点”?
当您发送到令牌创建API时,这仍然是将卡的详细信息从您的服务器直接发送到Stripe的API,这具有相当大的PCI合规性影响(参见“API direct”选项卡)。除非您已经符合PCI标准,否则您应该使用Stripe.js & Elements直接从客户端收集这些详细信息,而不需要通过您的服务器。
如果您能够安全地处理卡的详细信息,请使用contact Stripe's support team作为指导。