@purposity/stripe-graphql-js v0.0.6
This package creates a Stripe GraphQL API.
query {
stripe {
customer(id: "cus_xxx" {
id
name
invoices {
data {
id
created
paid
hostedInvoiceUrl
}
}
}
}
}You can also add the Stripe GraphQL API as a Hasura Remote Schema and connect data from your database and Stripe. This allows you to request data from your database and Stripe in a single GraphQL query:
query {
users {
# User in your database
id
displayName
userData {
stripeCustomerId # Customer's Stripe Customer Id
stripeCustomer {
# Data from Stripe
id
name
paymentMethods {
id
card {
brand
last4
}
}
}
}
}
}Install
npm install @nhost/stripe-graphql-jsQuick Start
Serverless Function Setup
Create a new Serverless Function functions/graphql/stripe.ts:
import { createStripeGraphQLServer } from '@nhost/stripe-graphql-js'
const server = createStripeGraphQLServer()
export default serverYou can run the Stripe GraphQL API in any JS environment because it's built using GraphQL Yoga.
Stripe Secret Key
Add STRIPE_SECRET_KEY as an environment variable. If you're using Nhost, add STRIPE_SECRET_KEY to .env.development like this:
STRIPE_SECRET_KEY=sk_test_xxxLearn more about Stripe API keys.
Start Nhost
nhost upLearn more about the Nhost CLI.
Test
Test the Stripe GraphQL API in the browser:
http://localhost:1337/v1/functions/graphql/stripe
Remote Schema
Add the Stripe GraphQL API as a Remote Schema in Hasura.
URL
{{NHOST_BACKEND_URL}}/v1/functions/graphql/stripeHeaders
x-nhost-webhook-secret: NHOST_WEBHOOK_SECRET (from env var)
Permissions
Here's a minimal example without any custom permissions. Only requests using the x-hasura-admin-secret header will work:
const server = createStripeGraphQLServer()For more granular permissions, you can pass an isAllowed function to the createStripeGraphQLServer. The isAllowed function takes a stripeCustomerId and context as parameters and runs every time the GraphQL server makes a request to Stripe to get or modify data for a specific Stripe customer.
Here is an example of an isAllowed function:
const isAllowed = (stripeCustomerId: string, context: Context) => {
const { isAdmin, userClaims } = context
// allow requests if it has a valid `x-hasura-admin-secret`
if (isAdmin) {
return true
}
// get user id
const userId = userClaims['x-hasura-user-id']
// check if user is signed in
if (!userId) {
return false;
}
// get more user information from the database
const { user } = await gqlSDK.getUser({
id: userId,
});
if (!user) {
return false;
}
// check if the user is part of a workspace with the `stripeCustomerId`
return user.workspaceMembers
.some((workspaceMember) => {
return workspaceMember.workspace.stripeCustomerId === stripeCustomerId;
});
}Context
The context object contains:
userClaims- verified JWT claims from the user's access token.isAdmin-trueif the request was made using a validx-hasura-admin-secretheader.request- Fetch API Request object that represents the incoming HTTP request in platform-independent way. It can be useful for accessing headers to authenticate a userquery- the DocumentNode that was parsed from the GraphQL query stringoperationName- the operation name selected from the incoming queryvariables- the variables that were defined in the queryextensions- the extensions that were received from the client
Read more about the default context from GraphQL Yoga.
Development
Install dependencies:
pnpm installStart the development server:
pnpm devInclude the correct admin secret header for admin access
{
"x-hasura-admin-secret":"<secret value matching your NHOST_ADMIN_SECRET environment variable>"
}The GraphQL Server will reload every time the code changes.
Open GraphiQL:
3 years ago