0

So I need to add a stripe unsubscribe button. For that I need the function that contacts stripe API to be hidden as it uses a secret key. So I would like that function to be in the app.js file.

Basically in billing.ejs I have: 

<button onclick="<% unSubscribe() %>" class="btn btn-lg btn-success">Unsubscribe by clicking here</button>

and in app.js I have:

app.get('/billing', function(req, res, next) {
    function unSubscribe() {
        stripe.subscriptions.del(
            req.user.subscriptionId,
            function(err, confirmation) {
                // asynchronously called
            }
        );
    }
    stripe.checkout.sessions.create({
        customer_email: req.user.email,
        payment_method_types: ['card'],
        subscription_data: {
            items: [{
                plan: process.env.STRIPE_PLAN,
            }],
        },
        success_url: process.env.BASE_URL + ':3000/billing?session_id={CHECKOUT_SESSION_ID}',
        cancel_url: process.env.BASE_URL + ':3000/billing',
    }, function(err, session) {
        if (err) return next(err);
        res.render('billing', { STRIPE_PUBLIC_KEY: process.env.STRIPE_PUBLIC_KEY, sessionId: session.id, subscriptionActive: req.user.subscriptionActive })
    });
})

So the unSubcribe function is not working. If I pass it to res.render() then it works BUT also activates the function whenever the page loads. I am pretty lost here what to try next. Any help is appreciated.

Arcany
  • 1
  • 1
  • Your button in your HTML page, needs to make an Ajax call to your server to a route you define on your server and then your server (where the secret key is kept) can use the credentials to call the stripe API. This route for the Ajax call will be separate from the route that renders the page. Remember, the page itself runs in the browser, not on your server so from the page, you can't call something on the server directly. Instead, you send an http request (called an Ajax call) to your server and then your server carries out the operation on behalf of the client. – jfriend00 Mar 10 '20 at 23:28
  • Is making an Ajax call the only way to solve this problem? – Arcany Mar 10 '20 at 23:30
  • That last part is technically off topic and might get you down-voted. You should edit and delete that part. That aspect of this question is fine for reddit but is "off-topic" here. Take a look at [What topics can I ask about here?](https://stackoverflow.com/help/on-topic) - specifically the section about questions that are off-topic. – Rodger Mar 10 '20 at 23:30
  • Well, you're not putting a secret key in the web page and keeping it secret so if that's part of your objective, then the page can't call stripe directly so it has to call your server and let your server handle the secret key and calling stripe. That process is called an Ajax call. Make sure you see the 2nd half of my previous comment that I added. – jfriend00 Mar 10 '20 at 23:31
  • @Arcany — Ajax is one option. A regular form submission is the other. – Quentin Mar 10 '20 at 23:38
  • Yes, Ajax or form submission. Both are an http request to your server which then carries out the stripe operation for the client. Ajax is from Javascript, form is plain HTML and browser doing the http operation to your server based on the form definition. – jfriend00 Mar 10 '20 at 23:57
  • Just wanted to let anyone who is interested know that I solved this by pointing my button at "/unsub" And in app.js made app.get('/unsub'....) with the required stripe function – Arcany Mar 11 '20 at 03:12

0 Answers0