Skip to content

feat: implement Stripe PaymentIntent with Zod validation and full test suite#65

Open
lele36844-maker wants to merge 1 commit into
SecureBananaLabs:mainfrom
lele36844-maker:fix/stripe-payment-intent
Open

feat: implement Stripe PaymentIntent with Zod validation and full test suite#65
lele36844-maker wants to merge 1 commit into
SecureBananaLabs:mainfrom
lele36844-maker:fix/stripe-payment-intent

Conversation

@lele36844-maker
Copy link
Copy Markdown

@lele36844-maker lele36844-maker commented May 17, 2026

Summary

Replaces the stub paymentService.js with a real Stripe SDK integration.

Benchmark Environment

Hardware: local workstation, SSD, 16 GB RAM, Windows 11
Runtime: Node.js 22.x LTS
AI Agent: Claude Code (claude-sonnet-4-6, Anthropic), human-supervised, shell+internet access

Changes

  • paymentService.js: Real stripe.paymentIntents.create() with Zod schema validation, optional metadata forwarding, explicit API version pin, env-key guard, clean error rethrow
  • package.json: Added stripe ^17.0.0
  • paymentService.test.js: 10 unit tests (happy path, default/explicit currency normalised lowercase, metadata included/omitted, missing amount, zero, negative, float, Stripe error rethrow)
  • paymentService.smoke.test.js: Integration test guarded by STRIPE_SMOKE_TEST=1

Acceptance Criteria

  • stripe installed; STRIPE_SECRET_KEY env var used, no hardcoded keys
  • payload.amount required positive integer; descriptive error if invalid
  • payload.currency defaults to usd
  • Real stripe.paymentIntents.create() call
  • Returns clientSecret and paymentId from Stripe response
  • Stub pay_timestamp removed
  • Stripe errors rethrown with original message preserved
  • Unit tests mock Stripe SDK
  • Smoke test guarded by env flag

Closes #1

@VOVANQUOCBAO
feat: implement Stripe PaymentIntent with Zod validation and full tes…
06d93b3 
…t suite

- Replace stub with real stripe.paymentIntents.create() call
- Use Zod for input validation (amount: positive int required, currency defaults to usd, optional metadata)
- Initialize Stripe client with explicit API version and env-based secret key
- Guard against missing STRIPE_SECRET_KEY at client creation time
- Support optional metadata field forwarded to Stripe
- Rethrow Stripe errors preserving original message
- 10 unit tests covering happy path, validation errors, currency normalisation, metadata, error rethrow
- Smoke test guarded by STRIPE_SMOKE_TEST=1 env flag

Closes SecureBananaLabs#1
github-actions Bot added a commit that referenced this pull request May 17, 2026
@github-actions
chore: update leaderboard for PR #65
2c7be16
@BossChaos
Copy link
Copy Markdown

BossChaos commented May 17, 2026

Code Review

PR: feat: implement Stripe PaymentIntent with Zod validation and full test suite by @lele36844-maker

  • 🔒 Payment integration — needs security review

Wallet: 0xdaE5d307339074A24F579dB48e7c639359D94904

Code review for SecureBananaLabs bug-bounty

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Implement Secure Payment Gateway and Payment Service

3 participants

@lele36844-maker @BossChaos @VOVANQUOCBAO