Skip to content

feat: integrate Stripe SDK for PaymentIntent creation#69

Open
guangningsun wants to merge 1 commit into
SecureBananaLabs:mainfrom
guangningsun:fix/stripe-payment-intent
Open

feat: integrate Stripe SDK for PaymentIntent creation#69
guangningsun wants to merge 1 commit into
SecureBananaLabs:mainfrom
guangningsun:fix/stripe-payment-intent

Conversation

@guangningsun
Copy link
Copy Markdown

@guangningsun guangningsun commented May 17, 2026

Summary

Replaces the stub createPaymentIntent implementation with a real Stripe SDK integration.

Changes

  • Add stripe npm package (v16) to apps/api/package.json
  • Rewrite paymentService.js: Replace fake pay_${Date.now()} ID generation with real stripe.paymentIntents.create() call
  • Add initStripe(secretKey, stripeInstance) for dependency injection and testability
  • Validate payload.amount (required, positive integer) before making any API call
  • Return shape: { paymentId, clientSecret, amount, currency, provider } — maps directly from Stripe's PaymentIntent object
  • Error passthrough: Stripe errors (StripeCardError, etc.) are caught and re-thrown with the original message preserved

Acceptance Criteria

  • stripe npm package installed with STRIPE_SECRET_KEY env var
  • payload.amount validated (required, positive integer) with descriptive error
  • currency defaults to "usd" when not provided
  • Real stripe.paymentIntents.create({ amount, currency }) call made
  • Resolved value includes clientSecret (mapped from paymentIntent.client_secret) and paymentId (mapped from paymentIntent.id)
  • Stub pay_${Date.now()} id generation removed
  • Stripe errors caught and re-thrown with original message
  • Unit tests mock Stripe SDK and assert correct arguments passed to paymentIntents.create()
  • All 9 tests pass

Test Results

 9 tests, 0 failures

PR closes: SecureBananaLabs/bug-bounty#1

/bounty $350

@guangningsun
feat: integrate Stripe SDK for PaymentIntent creation
cf38962 
- Add stripe npm package (v16)
- Rewrite paymentService.js to use real Stripe SDK instead of stub
- Add initStripe(secretKey, stripeInstance) for DI/testability
- Validate payload.amount (required, positive integer) before API call
- Return {paymentId, clientSecret, amount, currency, provider}
- Pass through Stripe error messages unchanged
- Add payment.test.js with 8 unit tests covering:
  - Validation (missing/zero/negative/non-numeric amount)
  - Correct PaymentIntent field mapping
  - Default currency to 'usd'
  - Error message passthrough

Closes SecureBananaLabs#1

Signed-off-by: sunguangning <sun-guangning@126.com>
github-actions Bot added a commit that referenced this pull request May 17, 2026
@github-actions
chore: update leaderboard for PR #69
db208a6
@guangningsun guangningsun mentioned this pull request May 17, 2026
Open
9 tasks
@BossChaos
Copy link
Copy Markdown

BossChaos commented May 17, 2026

Code Review

PR: feat: integrate Stripe SDK for PaymentIntent creation by @guangningsun

  • 🔒 Payment integration — needs security review

Wallet: 0xdaE5d307339074A24F579dB48e7c639359D94904

Code review for SecureBananaLabs bug-bounty

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Implement Secure Payment Gateway and Payment Service

2 participants

@guangningsun @BossChaos