我用Braintree进行了定期付款,一切都运行良好。我的代码如下所示:
app.post("/create_customer", function (req, res) {
var customerRequest = {
firstName: req.body.first_name,
lastName: req.body.last_name,
creditCard: {
number: req.body.number,
cvv: req.body.cvv,
expirationMonth: req.body.month,
expirationYear: req.body.year,
billingAddress: {
postalCode: req.body.postal_code
}
}
};
gateway.customer.create(customerRequest, function (err, result) {
console.log(result);
if (result.success) {
res.send(
"<h1>Customer created with name: " + result.customer.firstName + " " + result.customer.lastName + "</h1>" +
"<a href="/subscriptions?id=" + result.customer.id + "">Click here to sign this Customer up for a recurring payment</a>"
);
} else {
res.send("<h1>Error: " + result.message + "</h1>");
}
});
});
app.get("/subscriptions", function (req, res) {
var customerId = req.query.id;
gateway.customer.find(customerId, function (err, customer) {
if (err) {
res.send("<h1>No customer found for id: " + req.query.id + "</h1>");
} else {
var subscriptionRequest = {
paymentMethodToken: customer.creditCards[0].token,
planId: "reccuringtest"
};
gateway.subscription.create(subscriptionRequest, function (err, result) {
res.send("<h1>Subscription Status " + result.subscription.status + "</h1>");
});
}
});
});
app.post("/create_transaction", function (req, res) {
var saleRequest = {
amount: "1000.00",
creditCard: {
number: req.body.number,
cvv: req.body.cvv,
expirationMonth: req.body.month,
expirationYear: req.body.year
},
options: {
submitForSettlement: true
}
};
gateway.transaction.sale(saleRequest, function (err, result) {
console.log(err, result);
if (result.success) {
res.send("<h1>Success! Transaction ID: " + result.transaction.id + "</h1>");
} else {
res.send("<h1>Error: " + result.message + "</h1>");
}
});
});
我可以进行客户和付款,然后添加网络钩子:
app.get("/webhooks", function (req, res) {
res.send(gateway.webhookNotification.verify(req.query.bt_challenge));
});
app.post("/webhooks", function (req, res) {
gateway.webhookNotification.parse(
req.body.bt_signature,
req.body.bt_payload,
function (err, webhookNotification) {
console.log("[Webhook Received " + webhookNotification.timestamp + "] | Kind: " + webhookNotification.kind + " | Subscription: " + webhookNotification.subscription.id);
}
);
res.send(200);
});
现在,当我进行付款后函数时,调用了但是我有csrf错误:
POST /webhooks 403 194.783 ms - -
Error: CSRF token mismatch
at csrf (/root/waitero/node_modules/lusca/lib/csrf.js:48:18)
感谢您的任何帮助!
您需要为从 Braintree 接收帖子的路由禁用 CSRF 保护。最好的方法可能是编写一个自定义中间件:
var expressCsrf = express.csrf();
var customCsrf = function (req, res, next) {
if (req.path == "/webhooks") {
expressCsrf(req, res, next);
} else {
next();
}
}
app.use(customCsrf);