What I’m trying to do:
Understand the anvil runtime to prevent security issues when using stripe with example shop templates written by Anvil (The only thing I’ve added is the logging). Is this code resistant from tampering on the client side?
Additionally, how do you ensure that this function guarantees that if the stripe.checkout.charge is successful, that the appropriate database record is record? Essentially, how do you make this function transactional
Code Sample, which is in the “Cart” form code:
def shop_button_click(self, **event_args):
"""This method is called when the button is clicked"""
get_open_form().shop_link_click()
def checkout_button_click(self, **event_args):
source = 'Cart checkout_button_click'
"""This method is called when the button is clicked"""
for i in self.items:
self.order.append({'name':i['product']['name'], 'quantity':i['quantity']})
try:
charge = stripe.checkout.charge(amount=self.subtotal*100,
currency="USD",
shipping address=True,
title="Cupcakes & Co.",
icon_url="_/theme/cupcake_logo.png")
anvil.server.call('add_log', source, str(charge), 'debug')
except Exception as e:
anvil.server.call('add_log', source, str(e), 'error')
alert('Something went wrong. Please contact customer support')
return
Clone link:
https://anvil.works/build#clone:UL5KJU3FD56ZT5RG=BV7VTDBQCQM6JIEZODLYETNS
Yes, I understand this code was given as an example, and not meant to be production ready.