package Bod::Stripe;
# TODO - Pre release
#
# TODO - Post release
#
# Improve obtaining success/cancel URLs from environment
# Add P&P
our $VERSION = '0.1';
use HTTP::Tiny;
use JSON::PP;
use strict;
use warnings;
sub new {
my $class = shift;
my %attrs = @_;
my @products;
$attrs{'trolley'} = \@products;
$attrs{'currency'} //= 'GBP';
$attrs{'error'} = '';
$attrs{'cancel-url'} //= "$ENV{'REQUEST_SCHEME'}://$ENV{'HTTP_HOST'}$ENV{'SCRIPT_NAME'}";
$attrs{'success-url'} //= "$ENV{'REQUEST_SCHEME'}://$ENV{'HTTP_HOST'}$ENV{'SCRIPT_NAME'}";
$attrs{'error'} = 'cancel-url and success-url cannot be derived from the environment and need to be provided' unless ($attrs{'cancel-url'} and $attrs{'success-url'});
$attrs{'error'} = 'Public API key provided is not a valid key' if $attrs{'api-public'} and $attrs{'api-public'} !~ /^pk_/;
$attrs{'error'} = 'Secret API key provided is not a valid key' unless $attrs{'api-secret'} =~ /^sk_/;
$attrs{'error'} = 'Secret API key provided as Public key' if $attrs{'api-public'} and $attrs{'api-public'} =~ /^sk_/;
$attrs{'error'} = 'Public API key provided as Secret key' if $attrs{'api-secret'} =~ /^pk_/;
$attrs{'error'} = 'Secret API key is too short' unless length $attrs{'api-secret'} > 100;
$attrs{'error'} = 'Secret API key is missing' unless $attrs{'api-secret'};
return bless \%attrs, $class;
}
sub success {
my $self = shift;
return !$self->{'error'};
}
sub error {
my $self = shift;
return $self->{'error'};
}
sub add_product {
my ($self, %product) = @_;
$self->{'error'} = '';
unless ($product{'price'} > 0 and $product{'price'} !~ /\./) {
$self->{'error'} = 'Invalid price. Price is an integer of the lowest currency unit';
return;
}
unless ($product{'qty'} > 0 and $product{'qty'} !~ /\./) {
$self->{'error'} = 'Invalid qty. Qty is a positive integer';
return;
}
unless ($product{'name'}) {
$self->{'error'} = 'No product name supplied';
return;
}
$self->{'intent'} = undef;
# Update existing Product by ID
foreach my $prod(@{$self->{'trolley'}}) {
if ($prod->{'id'} eq $product{'id'}) {
foreach my $field('name', 'description', 'qty', 'price') {
$prod->{$field} = $product{$field};
}
return scalar @{$self->{'trolley'}};
}
}
my $new_product;
foreach my $field('id', 'name', 'description', 'qty', 'price') {
$new_product->{$field} = $product{$field};
}
push @{$self->{'trolley'}}, $new_product;
}
sub list_products {
my $self = shift;
my @products;
foreach my $prod(@{$self->{'trolley'}}) {
push @products, $prod->{'id'};
}
return @products;
}
sub get_product {
my ($self, $id) = @_;
$self->{'error'} = '';
unless ($id) {
$self->{'error'} = 'Product ID missing';
return;
}
foreach my $prod(@{$self->{'trolley'}}) {
if ($prod->{'id'} eq $id) {
return $prod;
}
}
$self->{'error'} = "Product ID $id not found";
}
sub delete_product {
my ($self, $id) = @_;
$self->{'error'} = '';
unless ($id) {
$self->{'error'} = 'Product ID missing';
return;
}
for (my $i = 0; $i < scalar @{$self->{'trolley'}}; $i++) {
if (${$self->{'trolley'}}[$i]->{'id'} eq $id) {
$self->{'intent'} = undef;
splice $self->{'trolley'}, $i, 1;
return scalar @{$self->{'trolley'}};
}
}
$self->{'error'} = "Product ID $id not found";
}
# Private method called internally by get_intent and get_intent_id
# Attempts to obtain a new session intent from Stripe
# Returns existing session if it exists and Trolley hasn't changed
sub _create_intent {
my $self = shift;
if ($self->{'intent'}) {
return $self->{'intent'};
}
$self->{'reference'} //= __PACKAGE__;
my $http = HTTP::Tiny->new;
my $headers = {
'Authorization' => 'Bearer ' . $self->{'api-secret'},
};
my $vars = {
'headers' => $headers,
};
my $payload = {
'cancel_url' => $self->{'cancel-url'},
'success_url' => $self->{'success-url'},
'payment_method_types[0]' => 'card',
'mode' => 'payment',
'client_reference_id' => $self->{'reference'},
};
$payload->{'customer_email'} = $self->{'email'} if $self->{'email'};
my $i = 0;
foreach my $prod(@{$self->{'trolley'}}) {
$payload->{"line_items[$i][currency]"} = $self->{'currency'};
$payload->{"line_items[$i][name]"} = $prod->{'name'};
$payload->{"line_items[$i][description]"} = $prod->{'description'} if $prod->{'description'};
$payload->{"line_items[$i][quantity]"} = $prod->{'qty'};
$payload->{"line_items[$i][amount]"} = $prod->{'price'};
$i++;
}
my $response = $http->post_form('https://api.stripe.com/v1/checkout/sessions', $payload, $vars);
$self->{'error'} = '';
if ($response->{'success'}) {
$self->{'intent'} = $response->{'content'};
} else {
$self->{'error'} = decode_json($response->{'content'})->{'error'}->{'message'};
}
}
sub get_intent {
my ($self, %attrs) = @_;
$self->{'reference'} = $attrs{'reference'} if $attrs{'reference'};
$self->{'email'} = $attrs{'email'} if $attrs{'email'};
$self->{'error'} = '';
return $self->_create_intent;
}
sub get_intent_id {
my ($self, %attrs) = @_;
$self->{'reference'} = $attrs{'reference'} if $attrs{'reference'};
$self->{'email'} = $attrs{'email'} if $attrs{'email'};
$self->{'error'} = '';
my $intent = $self->_create_intent;
if ($self->{'error'}) {
return $intent;
} else {
return decode_json($intent)->{'id'};
}
}
sub get_ids {
my ($self, %attrs) = @_;
$self->{'public-key'} = $attrs{'public-key'} if $attrs{'public-key'};
$self->{'error'} = '';
unless ($self->{'api-public'}) {
$self->{'error'} = 'Required Public API Key missing';
return;
}
$self->{'reference'} = $attrs{'reference'} if $attrs{'reference'};
$self->{'email'} = $attrs{'email'} if $attrs{'email'};
my $intent_id = $self->get_intent_id;
my %result;
if ($self->{'error'}) {
$result{'status'} = 'error';
$result{'message'} = $self->{'error'};
} else {
$result{'status'} = 'success';
$result{'api-key'} = $self->{'api-public'};
$result{'session'} = $intent_id;
}
return encode_json(\%result) if lc($attrs{'format'}) eq 'json';
return $result{'message'} || "$result{'api-key'}:$result{'session'}";
}
sub checkout {
my $self = shift;
my $data = $self->get_ids( 'format' => 'text', @_);
return if $self->{'error'};
my ($key, $session) = split /:/, $data;
unless ($key and $session) {
$self->{'error'} = 'Error getting key and session';
return;
}
return <<"END_HTML";
Content-type: text/html
END_HTML
}
1;
__END__
=pod
=encoding UTF-8
=head1 NAME
Bod::Stripe - Simple way to implement payments using Stripe hosted checkout
=head1 SYNOPSIS
use Bod::Stripe;
my $stripe = Bod::Stripe->new(
'api-secret' => 'sk_test_00000000000000000000000000',
);
# Note price is in lowest currency unit (i.e pence or cents not pounds or dollars)
$stripe->add_product(
'id' => 1,
'name' => 'My product',
'qty' => 4,
'price' => 250,
);
foreach my $id($stripe->list_products) {
print "$id is " . $stripe->get_product($id)->{'name'} . "\n";
}
$stripe->checkout(
'api-public' => 'pk_test_00000000000000000000000000',
);
=head1 DESCRIPTION
A simple to use interface to the Stripe payment gateway utilising the Stripe hosted checkout. The only dependencies are the core modules L and L.
L has a Trolley into which products are loaded. Once the Trolley is full of the product(s) in the order, this is passed to the Stripe hosted checkout either using Javascript provided by Stripe (see L), Javascript provided in this document or the B utility method that allows a server side script to send the user to Stripe invisibly.
At present L only handles simple, one-off payments. Manipulation of customers, handling subscriptions and user hosted checkout is not supported. However, this implementation makes payment for a single item or group of items simple to implement.
=head2 Keys
Stripe provides four API Keys. A Secret and a Publishable (called Public within L) for both testing and for live transactions. When calling the B method it is necessary to provide the Secret Key. Before calling the B method to redirect the user to the Stripe hosted checkout, the Public Key is also required so this is usually provided to the B method.
See L
=head2 Workflow
The basic workflow for L is to initially create an instance of the module with at minimum the Secret Key. If using a currency other than GBP this should also be set at this time.
my $stripe = Bod::Stripe->new(
'api-public' => 'pk_test_00000000000000000000000000',
'api-secret' => 'sk_test_00000000000000000000000000',
'currency' => 'USD',
);
Next, products are assembled in the Trolley. There are methods to add, update, remove and list the products in the Trolley.
$stripe->add_product(
'id' => 1,
'name' => 'My product',
'qty' => 4,
'price' => 250,
);
my @products = $stripe->list_products;
Once the Trolley contains all the products, the user is redirected to the Stripe hosted checkout where they pay for the Trolley. Once this happens, Stripe returns to your site using one of the URLs provided delending on whether the payment was successful or not. Where no return URLs are provide, the script URL is used although in practice this is not usually sufficient and return URLs will be needed.
$stripe->checkout;
Examples of other ways of redirecting the user to the Stripe hosted checkout and listed in the B section.
=head1 METHODS
=head2 new
Bod::Stripe->new('api-secret' => 'sk_test_00000000000000000000000000');
The constructor method. The Secret Key is required.
The following parameters may be provided:
=over 4
=item *
C - B The Secret Key.
=item *
C - The Public Key.
This would normally be provided to the B method but can be left until sending the user to the Stripe hosted checkout.
=item *
C
=item *
C - The callback URL that Stripe returns to once the payment transaction has completed either successfully or otherwise. If these are not explicitly included, the current script URL is used. Normally these need setting but can be omitted for testing or if the Stripe payment dashboard is being relied on to confirm successful payments.
=item *
C - The currency to use for the transaction. The default is British Pounds Stirling (GBP).
This should be a 3 letter currency code supported by Stripe (see L).
=item *
C - The reference to use for the transaction
Defaults to "Bod::Stripe" as this is required by Stripe.
=item *
C - If provided, this pre-fills the user's email address in the Stripe hosted checkout. If provided, this is then non editable during checkout.
=back
=head2 success
Returns true is the last method call was successful
=head2 error
Returns the last error message or an empty string if B returned true
=head1 Trolley Methods
=head2 add_product
Adds a product to the Trolley. Or update the product if an existing B is provided.
A product consists of the following hash entries
=over 4
=item *
C - B
A unique ID for the product.
This is not passed to Stripe and is only used by L to identify current products.
If B is called with an existing ID, that product is updated.
=item *
C - B
The name of the product as it will be passed to Stripe.
=item *
C - B
A one line decsription of the product as it will be passed to Stripe. This is typically used to specify options such as colour.
=item *
C - B
The number of the product to add to the Trolly.
=item *
C - B
The price of the product in the lowest currency unit. For example - E2.50 would be 250 as it is 250 pence; $10 would be 1000 as it is 1000 cents.
Note that special rules apply to Hungarian Forint (HUF) and Ugandan Shilling (UGX) - see L
=back
On success, returns the number of products in the Trolley
=head2 delete_product(id)
Delete the product with the specified id
On success, returns the number of products in the Trolley
=head2 list_products
Returns an array contining the IDs of the products in the Trolley
=head2 get_product(id)
On success, returns a hash with the product details. Each key of the hash corresponds to items listed for B
=head1 Checkout Methods
=head3 parameters
The following methods all take the following optional parameters. See B for their descriptions.
=over 4
=item *
C
=item *
C
=back
=head2 get_intent
This method will not normally need calling.
Returns the full session intent from Stripe if successful or the Stripe error otherwise.
=head2 get_intent_id
Returns the intend_id that needs passing to the Stripe hosted checkout if successful or the Stripe error otherwise.
=head2 get_id
In addition to the parameters listed above, this method also accepts the following optional parameters
=over 4
=item *
C - See B
=item *
C - The format of the returned information. Current options are JSON or text. The default is text.
=back
Provides the Public Key and Intent Session ID as these are the two pieces of information required by the Javascript provided by Stripe and te Javacsript provided here. If text output is used (the default) the Public Key and Intent Session ID are provided as a colon separated string.
=head2 checkout
A simple implementation of redirecting the user to the Stripe hosted checkout.
Calling this method provides a fully formed HTML document including the Content-Type header that can be sent to the users browser. The HTML document contains all the Javascript required to sent the user to the Stripe hosted checkout transparently. Unless you are building a checkout with entirely AJAX calls, you will almost certainly want to use this method.
=head1 EXAMPLES
=head2 1 - Using the Stripe provided Javascript
See L
=head3 Javascript
Buy cool new product
=head3 Perl trolley.pl
use Bod::Stripe;
use strict;
use CGI;
my $cgi = CGI->new;
if ($cgi->param('stripe') eq 'getIntent') {
my $stripe = Bod::Stripe->new(
'api-public' => 'pk_test_00000000000000000000000000',
'api-secret' => 'sk_test_00000000000000000000000000',
'success-url' => 'https://www.example.com/yippee.html',
'cancel-url' => 'https://www.example.com/ohdear.html',
'reference' => 'My Payment',
);
$stripe->add_product(
'id' => 'test',
'name' => 'Expensive Thingy',
'description' => 'Special edition version',
'qty' => 1,
'price' => 50000,
);
print "Content-Type: text/json\n\n";
print $stripe->get_intent;
}
=head2 2 - Simpler Javascript using XHR
=head3 Javascript