GitXplorerGitXplorer
o

pp-ipn

public
4 stars
1 forks
1 issues

Commits

List of commits on branch master.
Unverified
86bb3de252c801e1b15c6927b89bf40401d79710

1.1.0

oorangewise committed 6 years ago
Unverified
14e2321b127a0f985ff3e6ddc6dff55ae2171ff9

add coveralls

oorangewise committed 6 years ago
Unverified
c1a13d7001a21bc55ce049a6d1a891a7ec61bb2c

update travis

oorangewise committed 6 years ago
Unverified
3253c8826fd17001089dfd7db5e05e90fe71eeeb

update deps

oorangewise committed 6 years ago
Verified
81bab50e9ac90d024f8a7dcf3e0c306d1de09a4f

Merge pull request #4 from sr-scott/patch-1

oorangewise committed 6 years ago
Verified
e94b2e01c1b5a5c90076e8fb31fc7638ef2f0ec9

Update PayPal IPN verification URLs

ssr-scott committed 6 years ago

README

The README file for this repository.

TLDR

Build Status Coverage Status

Drop-in replacement for paypal-ipn@3.0.0.

Why?

The original version, paypal-ipn, could not verify IPNs with characters that are already escaped by PayPal, like %E1 (á) and %E9 (é).

PayPal IPN Verification

A simple NodeJS package for verifying PayPal IPN messages.

Installation

$ npm install pp-ipn

Usage

There is only one function, verify, which is used to verify any IPN messages you receive:

ipn.verify(ipn_params, [settings], callback);

ipn_params is the dictionary of POST values sent to your IPN script by PayPal. Don't modify the dict in any way, just pass it directly to ipn.verify to check if the IPN message is valid.

Example code:

// Must respond to PayPal IPN request with an empty 200 first
// If using Express, uncomment the following:
// res.send(200);

var ipn = require('pp-ipn');

ipn.verify(params, function callback(err, msg) {
  if (err) {
    console.error(err);
  } else {
    // Do stuff with original params here

    if (params.payment_status == 'Completed') {
      // Payment has been confirmed as completed
    }
  }
});

//You can also pass a settings object to the verify function:
ipn.verify(params, {'allow_sandbox': true}, function callback(err, mes) {
  //The library will attempt to verify test payments instead of blocking them
});

Note that all the package does is confirm that the IPN message is valid. After this, you will still need to make some more checks:

  • Confirm that the payment_status is Completed.

  • Use the transaction ID to verify that the transaction has not already been processed, which prevents duplicate transactions from being processed.

  • Validate that the receiver's email address is registered to you.

  • Verify that the price, item description, and so on, match the transaction on your website.

You can find more information on the PayPal documentation for IPN.

Settings

Optional settings:

{
  'allow_sandbox': false
}

allow_sandbox

If this is true, the library will attempt to verify sandbox requests at PayPal's sandbox URL.

If this is false, the library will callback with an error without checking PayPal. (This is the default value.)

You should set this to false on production servers.

The callback

The callback has two parameters, err and msg.

If err is null then the IPN is valid and you can continue processing the payment. msg is always VERIFIED then.

In case IPN was invalid or the http request failed err holds the Error object.

Express

pp-ipn works fine with Express or any other web framework.

All you need to do is pass in the request parameters to ipn.verify.

In Express, the request parameters are in req.body:

ipn.verify(req.body, callback_function);

Testing

Tests are written in Node Tap, run them like this:

npm t

If you would like a more fancy report:

npm test -- --cov --coverage-report=lcov