Refactor the backend for the advanced integration guide

Author: gregjopa

.devcontainer/advanced-integration/devcontainer.json

@@ -27,11 +27,11 @@
 	},
 
 	"secrets": {
-		"CLIENT_ID": {
+		"PAYPAL_CLIENT_ID": {
 			"description": "Sandbox client ID of the application.",
 			"documentationUrl": "https://developer.paypal.com/dashboard/applications/sandbox"
 		},
-		"APP_SECRET": {
+		"PAYPAL_CLIENT_SECRET": {
 			"description": "Sandbox secret of the application.",
 			"documentationUrl": "https://developer.paypal.com/dashboard/applications/sandbox"
 		}

advanced-integration/.env.example

@@ -1,5 +1,5 @@
 # Create an application to obtain credentials at
 # https://developer.paypal.com/dashboard/applications/sandbox
 
-CLIENT_ID="YOUR_CLIENT_ID_GOES_HERE"
-APP_SECRET="YOUR_SECRET_GOES_HERE"
+PAYPAL_CLIENT_ID="YOUR_CLIENT_ID_GOES_HERE"
+PAYPAL_CLIENT_SECRET="YOUR_SECRET_GOES_HERE"

advanced-integration/README.md

@@ -2,7 +2,7 @@
 
 ## Instructions
 
-1. Rename `.env.example` to `.env` and update `CLIENT_ID` and `APP_SECRET`.
+1. Rename `.env.example` to `.env` and update `PAYPAL_CLIENT_ID` and `PAYPAL_CLIENT_SECRET`.
 2. Run `npm install`
 3. Run `npm start`
 4. Open http://localhost:8888

advanced-integration/package.json

@@ -1,5 +1,5 @@
 {
-  "name": "@paypalcorp/advanced-integration",
+  "name": "paypal-advanced-integration",
   "version": "1.0.0",
   "description": "",
   "main": "server.js",
@@ -11,9 +11,9 @@
   "author": "",
   "license": "Apache-2.0",
   "dependencies": {
-    "dotenv": "^16.0.0",
-    "ejs": "^3.1.6",
-    "express": "^4.17.3",
-    "node-fetch": "^3.2.1"
+    "dotenv": "^16.3.1",
+    "ejs": "^3.1.9",
+    "express": "^4.18.2",
+    "node-fetch": "^3.3.2"
   }
 }

advanced-integration/paypal-api.js

@@ -1,44 +1,178 @@
-import "dotenv/config";
-import express from "express";
-import * as paypal from "./paypal-api.js";
-const {PORT = 8888} = process.env;
+import express from 'express';
+import fetch from 'node-fetch';
+import 'dotenv/config';
+import path from 'path';
 
+const { PAYPAL_CLIENT_ID, PAYPAL_CLIENT_SECRET, PORT = 8888 } = process.env;
+const base = 'https://api-m.sandbox.paypal.com';
 const app = express();
 app.set("view engine", "ejs");
 app.use(express.static("public"));
 
+// parse post params sent in body in json format
+app.use(express.json());
+
+/**
+ * Generate an OAuth 2.0 access token for authenticating with PayPal REST APIs.
+ * @see https://developer.paypal.com/api/rest/authentication/
+ */
+const generateAccessToken = async () => {
+  try {
+    if (!PAYPAL_CLIENT_ID || !PAYPAL_CLIENT_SECRET) {
+      throw new Error('MISSING_API_CREDENTIALS');
+    }
+    const auth = Buffer.from(
+      PAYPAL_CLIENT_ID + ':' + PAYPAL_CLIENT_SECRET,
+    ).toString('base64');
+    const response = await fetch(`${base}/v1/oauth2/token`, {
+      method: 'POST',
+      body: 'grant_type=client_credentials',
+      headers: {
+        Authorization: `Basic ${auth}`,
+      },
+    });
+
+    const data = await response.json();
+    return data.access_token;
+  } catch (error) {
+    console.error('Failed to generate Access Token:', error);
+  }
+};
+
+/**
+ * Generate a client token for rendering the hosted card fields.
+ * @see https://developer.paypal.com/docs/checkout/advanced/integrate/#link-integratebackend
+ */
+const generateClientToken = async () => {
+  const accessToken = await generateAccessToken();
+  const url = `${base}/v1/identity/generate-token`;
+  const response = await fetch(url, {
+    method: "POST",
+    headers: {
+      Authorization: `Bearer ${accessToken}`,
+      "Accept-Language": "en_US",
+      "Content-Type": "application/json",
+    },
+  });
+
+  return handleResponse(response);
+};
+
+/**
+ * Create an order to start the transaction.
+ * @see https://developer.paypal.com/docs/api/orders/v2/#orders_create
+ */
+const createOrder = async (cart) => {
+  // use the cart information passed from the front-end to calculate the purchase unit details
+  console.log(
+    'shopping cart information passed from the frontend createOrder() callback:',
+    cart,
+  );
+
+  const accessToken = await generateAccessToken();
+  const url = `${base}/v2/checkout/orders`;
+  const payload = {
+    intent: 'CAPTURE',
+    purchase_units: [
+      {
+        amount: {
+          currency_code: 'USD',
+          value: '0.02',
+        },
+      },
+    ],
+  };
+
+  const response = await fetch(url, {
+    headers: {
+      'Content-Type': 'application/json',
+      Authorization: `Bearer ${accessToken}`,
+      // Uncomment one of these to force an error for negative testing (in sandbox mode only). Documentation:
+      // https://developer.paypal.com/tools/sandbox/negative-testing/request-headers/
+      // "PayPal-Mock-Response": '{"mock_application_codes": "MISSING_REQUIRED_PARAMETER"}'
+      // "PayPal-Mock-Response": '{"mock_application_codes": "PERMISSION_DENIED"}'
+      // "PayPal-Mock-Response": '{"mock_application_codes": "INTERNAL_SERVER_ERROR"}'
+    },
+    method: 'POST',
+    body: JSON.stringify(payload),
+  });
+
+  return handleResponse(response);
+};
+
+/**
+ * Capture payment for the created order to complete the transaction.
+ * @see https://developer.paypal.com/docs/api/orders/v2/#orders_capture
+ */
+const captureOrder = async (orderID) => {
+  const accessToken = await generateAccessToken();
+  const url = `${base}/v2/checkout/orders/${orderID}/capture`;
+
+  const response = await fetch(url, {
+    method: 'POST',
+    headers: {
+      'Content-Type': 'application/json',
+      Authorization: `Bearer ${accessToken}`,
+      // Uncomment one of these to force an error for negative testing (in sandbox mode only). Documentation:
+      // https://developer.paypal.com/tools/sandbox/negative-testing/request-headers/
+      // "PayPal-Mock-Response": '{"mock_application_codes": "INSTRUMENT_DECLINED"}'
+      // "PayPal-Mock-Response": '{"mock_application_codes": "TRANSACTION_REFUSED"}'
+      // "PayPal-Mock-Response": '{"mock_application_codes": "INTERNAL_SERVER_ERROR"}'
+    },
+  });
+
+  return handleResponse(response);
+};
+
+async function handleResponse(response) {
+  try {
+    const jsonResponse = await response.json();
+    return {
+      jsonResponse,
+      httpStatusCode: response.status,
+    };
+  } catch (err) {
+    const errorMessage = await response.text();
+    throw new Error(errorMessage);
+  }
+}
+
 // render checkout page with client id & unique client token
 app.get("/", async (req, res) => {
-  const clientId = process.env.CLIENT_ID;
   try {
-    const clientToken = await paypal.generateClientToken();
-    res.render("checkout", { clientId, clientToken });
+    const { jsonResponse } = await generateClientToken();
+    res.render("checkout", {
+      clientId: PAYPAL_CLIENT_ID,
+      clientToken: jsonResponse.client_token
+    });
   } catch (err) {
     res.status(500).send(err.message);
   }
 });
 
-// create order
-app.post("/api/orders", async (req, res) => {
+app.post('/api/orders', async (req, res) => {
   try {
-    const order = await paypal.createOrder();
-    res.json(order);
-  } catch (err) {
-    res.status(500).send(err.message);
+    // use the cart information passed from the front-end to calculate the order amount detals
+    const { cart } = req.body;
+    const { jsonResponse, httpStatusCode } = await createOrder(cart);
+    res.status(httpStatusCode).json(jsonResponse);
+  } catch (error) {
+    console.error('Failed to create order:', error);
+    res.status(500).json({ error: 'Failed to create order.' });
   }
 });
 
-// capture payment
-app.post("/api/orders/:orderID/capture", async (req, res) => {
-  const { orderID } = req.params;
+app.post('/api/orders/:orderID/capture', async (req, res) => {
   try {
-    const captureData = await paypal.capturePayment(orderID);
-    res.json(captureData);
-  } catch (err) {
-    res.status(500).send(err.message);
+    const { orderID } = req.params;
+    const { jsonResponse, httpStatusCode } = await captureOrder(orderID);
+    res.status(httpStatusCode).json(jsonResponse);
+  } catch (error) {
+    console.error('Failed to create order:', error);
+    res.status(500).json({ error: 'Failed to capture order.' });
   }
 });
 
 app.listen(PORT, () => {
-  console.log(`Server listening at http://localhost:${PORT}/`);
+  console.log(`Node server listening at http://localhost:${PORT}/`);
 });

advanced-integration/server.js

@@ -1,5 +1,5 @@
 {
-  "name": "@paypalcorp/standard-integration",
+  "name": "paypal-standard-integration",
   "version": "1.0.0",
   "main": "paypal-api.js",
   "type": "module",

standard-integration/package.json

@@ -3,7 +3,7 @@ import fetch from 'node-fetch';
 import 'dotenv/config';
 import path from 'path';
 
-const { PAYPAL_CLIENT_ID, PAYPAL_CLIENT_SECRET } = process.env;
+const { PAYPAL_CLIENT_ID, PAYPAL_CLIENT_SECRET, PORT = 8888 } = process.env;
 const base = 'https://api-m.sandbox.paypal.com';
 const app = express();
 
@@ -144,8 +144,6 @@ app.get('/', (req, res) => {
   res.sendFile(path.resolve('./index.html'));
 });
 
-const PORT = Number(process.env.PORT) || 8888;
-
 app.listen(PORT, () => {
   console.log(`Node server listening at http://localhost:${PORT}/`);
 });