Update Parse.com User from Stripe Webhook

2020-02-09 16:15发布

问题:

Firstly I see there are several Parse / Stripe questions on here however none are of any help to me.

I have a mobile application that has both free and paid features. A variable is stored on the User class in Parse.com and it is checked for permissions when running a function. I would like to setup an account portal (separate to my app) so when users wish to signup they are sent to their browser and can signup to a plan over SSL etc etc.

For the account portal i'm having a Wordpress site with a Stripe plugin that will do my accounting, invoicing and form creation work for me.

Following signup on the Wordpress site I would like to receive the webhook on Parse.com and run a function to update User class. Ideally this will be a catch all function that will change the user to a number of states depending on their account status (i.e they stop paying and the plan will be on hold).

My question is two fold:

  1. What details (URL etc) do I need to place in my Stripe webhook settings to send all events to my Parse.com cloud code?

  2. How do I receive / run my function on the Cloud code upon receipt of a webhook from Parse.com?

I am open to criticism and remain flexible in my implementation if you have suggestions on how my app should work.

Many thanks in advance.

回答1:

Ok after some experimenting:

  1. create a webhook on in the Stripe Accounts area using the URL: https://**APPLICATION_ID**:javascript-key=**JAVASCRIPT_KEY**@api.parse.com/1/functions/update_user

  2. In your cloud code use the same function name as the final part of your URL. in my case update_user.

  3. Create a test version of the webhook and place this in your cloud code for testing :

Parse.Cloud.define("update_user", function(request, response) { response.success('** WEBHOOK WORKING **' + request); });

When running the test in the stripe dashboard you should see:

Hope that this helps someone - Would be grateful of any input anyone has as to my implementation or a slick function to run on my User class update.



回答2:

Mostly I think your solution will work.

I think using the javascript key could pose a security risk if you are not validating events that come from stripe.

Your javascript keys will be present in your web site. Someone could get it and call your cloud code function. I'd use the master key so you know its only from sources you trust. They might be able change important billing information.

In your cloud function definition you can check if the master key was used.

Parse.Cloud.define('stripeEvents', function (request, response) {
if (request.master){
    return response.success('stripeEvents - master');
}
response.error('stripeEvents - must use master key');});