0

I am setting up a website for a desktop app I created. The website provides users a way to also download the app after a payment via Stripe. In order to do the proper verification before allowing the app to download, I am trying to respond to a POST request with downloading the file. I am seeing no errors but the browser is not downloading the file.

Server.js

app.post('/pay', jsonParser, async (req, res) => {
    // ...
    // Stripe payment verification
    // ...
    if (intent.status === 'succeeded') {
        console.log('downloading');
        res.setHeader( "Content-Disposition", `attachment; filename=${path.join(__dirname, '..', 'app', 'test.txt')}` );
        res.download(path.join(__dirname, '..', 'app', 'test.txt'), (error) => {
            if (error) throw error;
        });
    }
}

Checkout.js

fetch(
    '/pay',
    {
      method: 'POST',
      headers: { 'Content-Type': 'application/json' },
      body: JSON.stringify(data)
    }
  )
  .then(handleServerResponse)
Andrew
  • 21
  • 3
  • maybe like: https://stackoverflow.com/questions/32545632/how-can-i-download-a-file-using-window-fetch though I think generating a token and applying it back to the transaction is better then you can make a route `/download/:token` which then references what file and user download it, track downloads and allow the user to download more then once by providing them a url etc, maybe emailed.. as is your code allows one download, what happens if it fails, or user mistakenly did it on wrong device? – Lawrence Cherone Aug 04 '20 at 19:37
  • Thank you for your suggestion. So that would mean storing the user/token data in a database, then checking against that in my GET /download/:token request? – Andrew Aug 04 '20 at 20:51
  • yup, you would want to store bits of `intent` too, maybe all of it, when using stripe your want to be recording everything, so you can battle them wonderful people *test*ing stolen cards which specifically targets stripe integrations because it has bad fraud detection and a huge chargeback policy. – Lawrence Cherone Aug 04 '20 at 20:59

1 Answers1

0

Thanks to @Lawrence Cherone in the comments, I will be creating a new flow for the stripe request and download.

  1. Stripe completes server-side, generate a token, store user/token/stripe data in db
    • Email will be sent to user with the token
  2. Response sends token for first time use to client
  3. Client makes GET request to /download/: token endpoint and starts download
Andrew
  • 21
  • 3