1. 首页
  2. 问题列表
  3. 如何使一个刚性的贝宝REST API支付周期?
提问者:小点点

如何使一个刚性的贝宝REST API支付周期?


我在我的Flask应用程序上摆弄paypalrestsdk,下面是支付的顺序。有经验的人能指出周期是否僵化吗?

>

  • 使用适当的重定向URL创建付款。 

    payment = paypalrestsdk.Payment({
    "intent": "sale",
    "payer": {
        "payment_method": "paypal"
    },
    "redirect_urls": {
        "return_url": url_for('.payment_success', _external=True),
        "cancel_url": url_for('.payment_cancel', _external=True)
    },
...})
if payment.create():
      ...

    如果成功,请在数据库中保存以下付款响应详细信息。

    class PayPalPayment(db.Model):
    __tablename__ = 'ediket_paypal_payment'
    id = db.Column(db.Integer, primary_key=True)
    user_id = db.Column(db.Integer, db.ForeignKey('ediket_ediketuser.id'))
    payment_id = db.Column(db.String(30))
    amount = db.Column(db.String(10))
    state = db.Column(db.String(10))
    redirect_url = db.Column(db.VARCHAR)
    created_at = db.Column(db.DateTime)
    updated_at = db.Column(db.DateTime)

    然后,使用HATEOAS链接重定向。

    从数据库中查找当前用户上一个状态为“已创建”的事务。

    pending_payment = PayPalPayment.query.filter_by(user_id=user_id).filter_by(state='created').first()

    使用payment_id和payer_id执行付款

    payment = paypalrestsdk.Payment.find(pending_payment.payment_id)
if payment.execute({"payer_id": request.args.get('PayerID')}):
    #We are done!
    #Update Payment model for completion

    所有这些工作都很好,但是我不太确信这个流对于现实世界的应用程序是否安全。由于返回url只包含PayerID和Token,所以找到要执行的相关支付的唯一方法是使用当前用户id和status='created'对支付表进行盲查询。

    有没有改进的空间?


    • 共1个答案

    匿名用户

    此后的任何修改都是存储了名为token的额外字段,该字段与HATEOAS链接一起传递。通过存储此令牌,我能够定位用户的未决付款,以继续执行。

    更新:

    下面是实现细节。它可能不是完美的,但它现在起到了作用。

    class PayPalPayment(db.Model):
    __tablename__ = 'paypal_payment'
    id = db.Column(db.Integer, primary_key=True)
    user_id = db.Column(db.Integer, db.ForeignKey('user.id'))
    product_id = db.Column(db.Integer, db.ForeignKey('product.id'))
    payment_id = db.Column(db.String(30))
    amount = db.Column(db.String(10))
    state = db.Column(db.String(10))
    token = db.Column(db.String(30))
    redirect_url = db.Column(db.Text)
    created_at = db.Column(db.DateTime)
    updated_at = db.Column(db.DateTime)

    def __init__(self, payment, product_id, user_id):
        self.user_id = user_id
        self.product_id = product_id
        self.payment_id = payment.id
        self.amount = payment.transactions[0].amount.total
        self.state = payment.state

        self.created_at = datetime.datetime.strptime(payment.create_time, "%Y-%m-%dT%H:%M:%SZ")
        self.updated_at = datetime.datetime.strptime(payment.update_time, "%Y-%m-%dT%H:%M:%SZ")

        for link in payment.links:
            if link.method == "REDIRECT":
                self.redirect_url = link.href

        parsed = urlparse.urlparse(self.redirect_url)
        self.token = urlparse.parse_qs(parsed.query)['token'][0]

@payment_view.route('/paypal', methods=['POST'])
@login_required
def paypal_payment():
    user_id = current_user.get_id()
    product = Product.query.filter_by(id=request.form.get('product')).first_or_404()
    past = datetime.datetime.utcnow() - datetime.timedelta(minutes=3)
    count = PayPalPayment.query.filter_by(user_id=user_id).filter_by(state='created').filter(PayPalPayment.created_at >= past).count()

    # To prevent a spam where user creates Payment and never comes back to it
    if count > 4:
        return Response(render_template('payment/overflow.html'), mimetype='text/html')

    payment = paypalrestsdk.Payment({
        "intent": "sale",
        "payer": {
            "payment_method": "paypal"
        },
        "redirect_urls": {
            "return_url": url_for('.payment_success', _external=True),
            "cancel_url": url_for('.payment_cancel', _external=True)
        },

        "transactions": [{
            "amount": {
                "total": product.amount,
                "currency": "USD"
            },
            "description": product.description
        }]
    })

    if payment.create():
        new_payment = PayPalPayment(payment, product.id, user_id)
        db.session.add(new_payment)
        db.session.commit()
        return redirect(new_payment.redirect_url, code=302)
    else:
        return Response(render_template('payment/cancel.html'), mimetype='text/html')

@payment_view.route('/success')
@login_required
def payment_success():
    user_id = current_user.get_id()
    payerID = request.args.get('PayerID', None)
    token = request.args.get('token', None)

    pending_payment = PayPalPayment.query.filter_by(token=token).filter_by(state='created').first_or_404()

    try:
        payment = paypalrestsdk.Payment.find(pending_payment.payment_id)
    except paypalrestsdk.exceptions.ResourceNotFound:
        abort(404)

    template = 'payment/error.html'
    if payment.execute({"payer_id": request.args.get('PayerID')}):
        pending_payment.state = payment.state
        pending_payment.updated_at = datetime.datetime.strptime(payment.update_time, "%Y-%m-%dT%H:%M:%SZ")
        template = 'payment/success.html'

    db.session.commit()
    return Response(render_template(template), mimetype='text/html')

    请随便批评。

    相关问题



    热门标签
    Java JavaScript Python PHP C# Android Html jQuery C++ Css IOS MySQL NodeJS