Back to Details

payment-gateway-integration

Compare original and translation side by side

🇺🇸

Original

English
🇨🇳

Translation

Chinese

Payment Gateway Integration

支付网关集成

Integrate secure payment processing with proper error handling and compliance.
集成具备完善错误处理与合规性保障的安全支付处理功能。

Stripe Integration (Node.js)

Stripe集成(Node.js)

javascript
const stripe = require('stripe')(process.env.STRIPE_SECRET_KEY);

class PaymentService {
  async createPaymentIntent(amount, currency, customerId) {
    return stripe.paymentIntents.create({
      amount: Math.round(amount * 100), // Convert to cents
      currency,
      customer: customerId,
      automatic_payment_methods: { enabled: true }
    });
  }

  async createSubscription(customerId, priceId) {
    return stripe.subscriptions.create({
      customer: customerId,
      items: [{ price: priceId }],
      payment_behavior: 'default_incomplete',
      expand: ['latest_invoice.payment_intent']
    });
  }

  async refund(paymentIntentId, amount = null) {
    const params = { payment_intent: paymentIntentId };
    if (amount) params.amount = Math.round(amount * 100);
    return stripe.refunds.create(params);
  }
}
javascript
const stripe = require('stripe')(process.env.STRIPE_SECRET_KEY);

class PaymentService {
  async createPaymentIntent(amount, currency, customerId) {
    return stripe.paymentIntents.create({
      amount: Math.round(amount * 100), // Convert to cents
      currency,
      customer: customerId,
      automatic_payment_methods: { enabled: true }
    });
  }

  async createSubscription(customerId, priceId) {
    return stripe.subscriptions.create({
      customer: customerId,
      items: [{ price: priceId }],
      payment_behavior: 'default_incomplete',
      expand: ['latest_invoice.payment_intent']
    });
  }

  async refund(paymentIntentId, amount = null) {
    const params = { payment_intent: paymentIntentId };
    if (amount) params.amount = Math.round(amount * 100);
    return stripe.refunds.create(params);
  }
}

Webhook Handling

Webhook处理

javascript
app.post('/webhooks/stripe', express.raw({ type: 'application/json' }), (req, res) => {
  const sig = req.headers['stripe-signature'];

  let event;
  try {
    event = stripe.webhooks.constructEvent(req.body, sig, process.env.STRIPE_WEBHOOK_SECRET);
  } catch (err) {
    return res.status(400).send(`Webhook Error: ${err.message}`);
  }

  switch (event.type) {
    case 'payment_intent.succeeded':
      await handlePaymentSuccess(event.data.object);
      break;
    case 'invoice.payment_failed':
      await handlePaymentFailed(event.data.object);
      break;
  }

  res.json({ received: true });
});
javascript
app.post('/webhooks/stripe', express.raw({ type: 'application/json' }), (req, res) => {
  const sig = req.headers['stripe-signature'];

  let event;
  try {
    event = stripe.webhooks.constructEvent(req.body, sig, process.env.STRIPE_WEBHOOK_SECRET);
  } catch (err) {
    return res.status(400).send(`Webhook Error: ${err.message}`);
  }

  switch (event.type) {
    case 'payment_intent.succeeded':
      await handlePaymentSuccess(event.data.object);
      break;
    case 'invoice.payment_failed':
      await handlePaymentFailed(event.data.object);
      break;
  }

  res.json({ received: true });
});

PayPal Integration

PayPal集成

See references/paypal-integration.md for complete PayPal implementation with:
  • Order creation and capture
  • Refund processing
  • Webhook handling
  • Frontend SDK integration
  • Success/cancel callbacks
完整的PayPal实现细节请参考references/paypal-integration.md,包括:
  • 订单创建与捕获
  • 退款处理
  • Webhook处理
  • 前端SDK集成
  • 成功/取消回调

Security Checklist

安全检查清单

  • Use official SDK only
  • Verify webhook signatures
  • Never log full card numbers
  • Store minimal payment data
  • Test in sandbox first
  • HTTPS for all payment routes
  • Handle all error cases
  • Use idempotency keys
  • Implement retry logic
  • 仅使用官方SDK
  • 验证Webhook签名
  • 绝不记录完整卡号
  • 仅存储必要的支付数据
  • 先在沙箱环境测试
  • 所有支付路由使用HTTPS
  • 处理所有错误场景
  • 使用幂等键
  • 实现重试逻辑

Best Practices

最佳实践

Do:
  • Use official SDK libraries
  • Verify all webhook signatures
  • Log transaction IDs (not card data)
  • Test in sandbox environment
  • Handle all payment states
  • Implement proper error messages
Don't:
  • Process raw card data directly
  • Store sensitive payment info
  • Hardcode API keys
  • Skip webhook signature validation
  • Ignore failed payment events
  • Use test keys in production
建议:
  • 使用官方SDK库
  • 验证所有Webhook签名
  • 记录交易ID(而非卡数据)
  • 在沙箱环境测试
  • 处理所有支付状态
  • 实现清晰的错误提示
禁止:
  • 直接处理原始卡数据
  • 存储敏感支付信息
  • 硬编码API密钥
  • 跳过Webhook签名验证
  • 忽略支付失败事件
  • 在生产环境使用测试密钥