fuentesloic / nuxt-stripe Goto Github PK

Can I use stripe elements with this module?

Hello,

I wanted to use stripe elements in my nuxt3 app.
Is this module ready for production?
Thanks.

Pretty much title says everything, in the current state there is almost no Typescript support.

Missing documentation on how to configure or edit publishableKey and apiKey at runtime.

Following the official stripe-node repo and its documentation it could be beneficial to add all the other available options:

From the original README, some of the configurations are:

Note
Both maxNetworkRetries and timeout can be overridden on a per-request basis.

Hi,
After adding this modul to nuxt.config all Stripe scripts and HTML element were rendered on all pages. I don't even use it. Is it possible to only add it to pages where I use it and with lazy loading?

This list is not exhaustive and probably non blocker for deploying the npm package but here what will improve the project

• finish ssr tests ✔️ in v1.1.0
• more examples using ssr stripe code
• more examples using client stripe code
• add issue (this could probably help us) https://github.com/flozero/github-utils
• add pr template ✔️ in v1.1.0
• use docus / nuxt content for hosted doc I think nuxt and some other modules is using it
• look at open collective for sponsor contribution
• add sponsor config

Take a zip of coffee ☕

Hello,

Was looking around to implement Stripe with Nuxt and checking out this module. Seems like this was not updated for the last 6 months.
During those 6 months there were several updates on the SDKs and APIs from Stripe.

Is there a benefit to use this instead of implementing those by hand with the updated versions?

Will this ever be updated again?

Have a wonderful day, Colin.

Usually I build my docker images via GitHub Actions, and I try to make sure that any env variable like secrets and keys are available at runtime.

Are there any limitations for not letting both keys editable via NUXT_PUBLIC_* runtimeConfigs?

name: New Release

on:
  push:
    tags:
      - 'v[0-9]*'

env:
  GHCR_IMAGE: ghcr.io/${{ github.repository }}

jobs:
  create-release:
    name: Create Release
    runs-on: ubuntu-latest
    permissions:
      contents: write
    steps:
      - name: Checkout repository
        uses: actions/checkout@v3

      - name: Create release
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        run: gh release create "$GITHUB_REF_NAME" --notes "$GITHUB_REF_NAME"

  build-image:
    permissions:
      contents: write
      packages: write
    name: Build Image
    runs-on: ubuntu-latest
    steps:
      - name: Checkout repository
        uses: actions/checkout@v3

      - name: Setup QEMU
        uses: docker/setup-qemu-action@v2

      - name: Setup Docker Buildx
        uses: docker/setup-buildx-action@v2

      - name: Cache Docker layers
        uses: actions/cache@v3
        with:
          path: /tmp/.buildx-cache
          key: ${{ runner.os }}-buildx-${{ github.sha }}
          restore-keys: |
            ${{ runner.os }}-buildx-

      - name: Extract metadata for Docker image
        id: meta
        uses: docker/metadata-action@v4
        with:
          images: ${{ env.GHCR_IMAGE }}
          tags: |
            type=semver,pattern={{version}}
            type=semver,pattern={{major}}.{{minor}}
            type=semver,pattern={{major}}

      - name: Login to GHCR
        uses: docker/login-action@v2
        if: env.GHCR_IMAGE
        with:
          registry: ghcr.io
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}

      - name: Build and push
        uses: docker/build-push-action@v4
        with:
          context: .
          file: ./dockerfile.nuxt
          tags: ${{ steps.meta.outputs.tags }}
          labels: ${{ steps.meta.outputs.labels }}
          platforms: linux/amd64
          # platforms: linux/amd64,linux/arm64 ---> Disabled because not used and increased the build time by 10x
          push: true
          cache-from: type=local,src=/tmp/.buildx-cache
          cache-to: type=local,dest=/tmp/.buildx-cache-new

      # Temp fix:
      # https://github.com/docker/build-push-action/issues/252
      # https://github.com/moby/buildkit/issues/1896
      - name: Move cache
        run: |
          rm -rf /tmp/.buildx-cache
          mv /tmp/.buildx-cache-new /tmp/.buildx-cache

It would be awesome to include functionality to handle webhook secrets as well. More information about Stripe Webhook secrets can be found in Stripe's Documentation.

I don't know what would be the correct approach here. Possible solutions:

• Get the Webhook secret from the environment. In that case, no changes should be done to this module (this is how we are handling it right now):

  const body = await readRawBody(event);
  const stripe = await useServerStripe(event);
  const { stripeWebhookSecret } = useRuntimeConfig();
  const stripeSignatureHeader = headers['stripe-signature'];
  const stripeEvent = stripe.webhooks.constructEvent(body, stripeSignatureHeader, stripeWebhookSecret);

• Another possible solution would be to provide Webhood secrets to this module (through Nuxt/Env) and create a new function that validates a webhook request. Something like this:

  import { validateWebhookEvent } from '#stripe/server';
  
  const stripeEvent = await validateWebhookEvent(event);

Internally, this function should:

• Read the event body's
• Get stripe-signature header
• Get Webhook secret from module configuration
• Execute the constructEvent

I don't know what would be the implications of that. For example, what happens if the user has created more than one webhook, each one of them with a different webhook secret? How would that be handled internally?

Great module, made setting up stripe 100x easier.

What's the best way to handle webhooks in your opinion?

Thanks