Merge pull request #64 from codegasms/aahnik-razorpay-integration

Create  "orders" module to implement generic razorpay integration

Author: SahooBishwajeet

client/docs/README.md

@@ -0,0 +1,3 @@
+# flux-client
+
+* The examples folder contains code snippets for certain handy stuff!

client/docs/examples/razorpay.html

@@ -0,0 +1,101 @@
+<!DOCTYPE html>
+<html lang="en">
+
+<head>
+  <meta charset="UTF-8">
+  <meta name="viewport" content="width=device-width, initial-scale=1.0">
+  <title>Document</title>
+</head>
+<script src="https://cdn.tailwindcss.com"></script>
+
+<body>
+
+  <div class="m-12">
+    <button id="createOrder" class="bg-blue-500 hover:bg-blue-700 text-white font-bold py-2 px-4 rounded "> Create Order </button>
+    <button id="rzp-button1" class="bg-blue-500 hover:bg-blue-700 text-white font-bold py-2 px-4 rounded hidden">Pay with Razorpay</button>
+
+  </div>
+
+  <script src="https://checkout.razorpay.com/v1/checkout.js"></script>
+  <script>
+    let data = null;
+    document.getElementById('createOrder').addEventListener('click', async function postData(e) {
+      const baseUrl = 'http://localhost:3000/orders/create';
+
+      try {
+        const response = await fetch(baseUrl, {
+          method: 'POST',
+          headers: {
+            'accept': 'application/json',
+            'Content-Type': 'application/json',
+          },
+          credentials: "include",
+          body: JSON.stringify({
+            amount: 200,
+            currency: "INR",
+            receipt: "receipt-hello"
+          })
+
+        });
+        console.log(response.status);
+        if (!response.ok) {
+          console.log(response.status);
+          console.log(response.statusText);
+          alert('Could not create order! Make sure setup is correct')
+        } else {
+          data = await response.json();
+          console.log(data);
+          console.log("end of flow");
+        }
+        // console.log(response.body);
+
+      } catch (err) {
+        console.log('error happened')
+        console.log(err);
+        if (err?.response) {
+          console.log(await err.response.json());
+        }
+
+      }
+      alert(`Order created: id: ${data.order.id}. Click on Pay with Razorpay`);
+      if (data != null) {
+        document.getElementById('rzp-button1').classList.remove('hidden');
+        document.getElementById('createOrder').classList.add('hidden');
+
+      }
+      var options = {
+        key: data.key,
+        amount: data.order.amount,
+        // Amount is in currency subunits. Default currency is INR. Hence, 50000 refers to 50000 paise
+        currency: data.order.currency,
+        name: "Flux@Codegasms",
+        description: "Get your orgasms here!",
+        image: "https://i.ibb.co/ZJG2pG2/download-7.jpg",
+        order_id: data.order.id,
+        callback_url: `http://localhost:3000/${data.verifyUrl}?frontendBase=http://localhost:5501&successRedirect=/success&failureRedirect=/failure`,
+
+        "notes": {
+          "custom-data": "data"
+        },
+        "theme": {
+          "color": "#3399cc"
+        }
+      };
+      if (data.prefill) {
+        options['prefill'] = data.prefill;
+      }
+
+      var rzp1 = new Razorpay(options);
+      document.getElementById('rzp-button1').onclick = function(e) {
+        rzp1.open();
+        e.preventDefault();
+      }
+
+
+
+    });
+    console.log(data);
+  </script>
+</body>
+
+</html>

server/README.md

@@ -1,3 +1,46 @@
 # flux-server
 
 ALl the server side code lives here!
+
+## Running
+
+### Environment Variables
+
+Please set all the environment variables in `.env` as per the requirments outlined here.
+
+_*For quick start, copy the `template.env` file to `.env`. The values given in `template.env` needs to be changed as per deployment parameters_
+
+| Environment variable       | Purpose                                                                                        |
+| -------------------------- | ---------------------------------------------------------------------------------------------- |
+| MONGO_CON_STR              | MongoDB Connection String, URI pointing to your database                                       |
+| GOOGLE_OAUTH_CLIENT_ID     | Obtain From Google Cloud Console >> APIs and Services >>   Credentials >> OAuth 2.0 Client IDs |
+| GOOGLE_OAUTH_CLIENT_SECRET | ^^                                                                                             |
+| GOOGLE_OAUTH_CALLBACK_URL  | http://{yourDomain.com}/oauth/google/callback                                                  |
+| GITHUB_OAUTH_CLIENT_ID     | GitHub Settings >> Developer Settings >> New OAuth App                                         |
+| GITHUB_OAUTH_CLIENT_SECRET | ^^                                                                                             |
+| GITHUB_OAUTH_CALLBACK_URL  | http://{yourDomain.com}/oauth/google/callback                                                  |
+| RAZORPAY_KEY_ID            | Razorpay Dashboard >> Accounts & Settings >> Website & App Settings >> API Keys                |
+| RAZORPAY_KEY_SECRET        | ^^                                                                                             |
+| CORS_ALLOWED_ORIGINS       | Comma seperated list of allowed origins for CORS                                               |
+
+### Cors and Cookies
+
+- For security purposes, cookies are used in "same-site:strict" mode. On successful login/registration the backend sets the cookie `accessToken`.
+- Any request to the backend, from [same site](https://portswigger.net/web-security/csrf/bypassing-samesite-restrictions), can send the cookies to backend.
+- Make sure that the frontend has the same domain name of the backend. (deploy on a different sub-domain).
+  - Use [`credentials: "include"`](https://developer.mozilla.org/en-US/docs/Web/API/fetch#credentials), in your `fetch` options, because `fetch` [does not send cookies automatically](https://reqbin.com/code/javascript/lcpj87js/javascript-fetch-with-credentials).
+- The `CORS_ALLOWED_ORIGINS` env var must be correctly set, as described above.
+
+    > **NOTE**: Doing anything else, would not be permitted by the standard CORS policy implemented by modern browsers.
+
+### Development Mode
+
+To start the backend server with hot-reload:
+
+```shell
+npm run dev
+```
+
+## Production Deployment
+
+Nginx + PM2 + Certbot

server/docs/References.md

@@ -1,10 +1,40 @@
-## References
+# References
+
+## node js
 
-- https://dev.to/tugascript/nestjs-authentication-with-oauth20-adding-external-providers-2kj
-- https://docs.nestjs.com/recipes/passport
-- https://dev.to/chukwutosin_/implement-google-oauth-in-nestjs-using-passport-1j3k
 - https://stackoverflow.com/questions/43048113/use-fs-in-typescript
 - https://nodejs.org/api/path.html#pathjoinpaths
 - https://www.w3schools.com/js/js_loop_forof.asp
 - https://stackoverflow.com/questions/41553291/can-you-import-nodes-path-module-using-import-path-from-path
-- https://medium.com/@flavtech/google-oauth2-authentication-with-nestjs-explained-ab585c53edec
+
+## oauth
+
+- https://dev.to/tugascript/nestjs-authentication-with-oauth20-adding-external-providers-2kj
+- https://docs.nestjs.com/recipes/passport
+- https://dev.to/chukwutosin_/implement-google-oauth-in-nestjs-using-passport-1j3k
+- https://medium.com/@flavtech/google-oauth2-authentication-with-nestjs-explained-ab585c53edec
+
+## razorpay
+
+- https://razorpay.com/docs/payments/payment-gateway/web-integration/standard/integration-steps/
+- https://medium.com/@aifuture/razorpay-payment-gateway-integration-in-node-js-react-js-6a560740bba7
+
+## cookies
+
+- https://portswigger.net/web-security/csrf/bypassing-samesite-restrictions
+- https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-cookie-same-site-00#section-4.1.1
+
+## fetch
+
+- https://apidog.com/blog/axios-vs-fetch
+- https://reqbin.com/code/javascript/lcpj87js/javascript-fetch-with-credentials
+- https://developer.mozilla.org/en-US/docs/Web/API/Fetch_API
+- https://suhanwijaya.medium.com/missing-cookie-in-http-request-when-using-fetch-api-fc0199c3dc3c
+- https://developer.mozilla.org/en-US/docs/Web/API/Fetch_API/Using_Fetch#differences_from_jquery.ajax
+
+## cors
+
+- https://aws.amazon.com/what-is/cross-origin-resource-sharing
+- https://www.moesif.com/blog/technical/cors/Authoritative-Guide-to-CORS-Cross-Origin-Resource-Sharing-for-REST-APIs/
+- https://medium.com/@cybersphere/fetch-api-the-ultimate-guide-to-cors-and-no-cors-cbcef88d371e
+- https://web.dev/articles/cross-origin-resource-sharing