DEV Community: Abhee Hudani ☕

Setup Nginx with HTTPS on Azure VM using Certbot

Abhee Hudani ☕ — Sat, 20 Feb 2021 08:49:05 +0000

We will setup HTTPS on Nginx using Certbot on an Azure Ubuntu VM

Steps

1) Create VM
2) Config Ports
3) Install Nginx
4) HTTPS using Certbot

Creating Azure Ubuntu VM

Let's get started by creating Azure VM.

I'm using ubuntu 18.04 LTS -Ge1 as OS Image and Size :Standard_B1ls - 1vcps. With SSH connection on PORT 22.
After that I'm going with default settings.

-- SAVE YOUR PRIVATE KEY, KEEP IT SECURE AND DON'T SHARE IT.

Azure Server DNS Config

Now we change Dynamic to Static Assigment
We set the Assignment as Static then we choose a DNS name label.

Here we choose nova-test therefore the VM will be accessible at nova-test.eastus2.cloudapp.azure.com.
After it is saved let's connect our azure using SSH in terminal.

SSH connection to server

Now let's connect our terminal to server using SSH.

Note: You can always find intructions in VM's Connect Tab

In my PC, I have saved my Private Key(Generated during VM creation) in a root folder called "Key".

Connection String ssh -i key.pem user_name@server_name > Note: You can also use public IP to connect instead of server_name

But before we access the key we need to change the permission of the private key otherwise you might face an issue saying, "Unprotected Private Key File!"
In order to do that, we need to goto key's dir and fire these commands


 chmod 600 test-vm_key.pem

And Volla! We are connected to our server.

Nginx Setup

Now let's get started with our nginx server !
Install nginx server first:



$ sudo apt-get update
$ sudo apt-get install nginx

And Done ???
-- Well technically, yes. Server is ready.
-- But wait you can't access it from browser right now because we haven't added port rule.
-- To access the server we need to add PORT 80 Access Rule to our VM.
-- In order to add rule for port 80, goto Networking Tab and click ```Add

Inbound Port Rule


 ![Azure VM Inbound Port ](https://drive.google.com/uc?export=view&id=1WFNE4p_lD-59y3bH730wjhxwcLPuP3i8)

 ![Azure VM Add New Inbound Port ](https://drive.google.com/uc?export=view&id=1_haaIwqWGkausry4PBgwLQMt3FJxaLqu)

> Note: You can always check your inbound port rules and add custom rules in VM's Networking Tab.

Now our server can be accessed by browser by visiting  nova-test.eastus2.cloudapp.azure.com

 ![Azure VM Server HTTP Nginx ](https://drive.google.com/uc?export=view&id=1ydU3QSmROg45HsN8SeQi17XcghFlBjQI)

As you can see our server is ready but it not secure. We can solve that by adding SSL certificate to our server.

-- And ....yes about the bookmarkbar, I forgot to hide it.

---
#### SSL Certificate using Certbot
---
In order to do that we need to add one last PORT 443 rule. As we know HTTPS runs on port 443 and without 443 access browser can't use https connection.

 ![Azure VM Server 443 Rule ](https://drive.google.com/uc?export=view&id=1MkZR6BWfMIP8Zayh9wq-xoBAonkJ_wEW)

Now we are ready for SSL certificate.

##### Installing Certbot
----

Fire following commands to get started:
-- Installing and updating snap
```sh


$ sudo snap install core; sudo snap refresh core

-- Installing Certbot



$ sudo snap install --classic certbot

Note: For More Info visit: https://certbot.eff.org/lets-encrypt/ubuntuxenial-nginx.html

Nginx Server Config

Before we initialize our certification process we need to configure our nginx default file.
-- Fire following commands to goto nginx default file


 cd /etc/nginx/sites-available

-- Now edit default file. I'm using nano as text edtor.


 sudo nano default

Add domain after server_name your_domain;

-- Save the file by pressing Ctrl+O, Enter(To Save). Ctrl+X (To Exit)

Certbot --nginx

Run this command to get a certificate and have Certbot edit your Nginx configuration automatically to serve it, turning on HTTPS access in a single step.



$ sudo certbot --nginx

-- Fill the details.
-- Once all the steps completed, you will see message similiar to this:

Congratulations ! We have successfully added certificate to our server.

VOLLA ! We did it. There is just one step remaining which is to restart nginx server.
We can restart it by following command:



$ sudo service nginx reload

Conclusion

We did it, we setup HTTPS on our server for free using Certbot. We did it by creating a VM on Azure and used a custom DNS, added port inbound rules for PORT 80 & 443, installed Nginx and configure default Nginx file. At the end we installed a SSL certification and configured Nginx with Certbot.

Payment Handling with Stripe, Node and Express

Abhee Hudani ☕ — Sun, 18 Oct 2020 12:48:24 +0000

Why do you need a payment gateway ?

Let's just assume that we are creating an e-commerce shopping website. Payment handling is one of the crucial part in e-commerce site.
There are many other payment gateways are available like PayPal, Amazon Pay, World Pay, Stripe etc. But in this tutorial we are going to stick with Stripe.
And using a payment gateway is not just for transferring money, but it has other benefits as well.
A payment gateway focuses on creating a secure pathway between a customer and the merchant to facilitate payments securely.

In this tutorial we are going to create payment gateway service for Node JS using STRIPE.

Github Repo Link and Postman Collection: Click Here

What are we building here:

1) Saving Customer's Details to Stripe
2) Add customer's Card in Stripe.
3) View Customer's Cards.
4) Update Customer's Cards.
5) Delete Customer's Card from stripe
6) Payment Checkout with Saved Card.
7) One Time Payment Checkout without saving card info.

How we are gonna save customer sensitive card details?

Instead of saving card details directly by passing them to API, we are going to create a charge first and after that we are going to save the charge details to customer. This we are not going to handle card information directly and our production integration is developed in a PCI Compliant manner. Which is also recommended by the Stripe.

What do we need ?

Stripe API Key
Node version >= 12 installed in your system
Postman/ Insomnia (Or any other software for testing API Calls)

Getting the stripe API Key:

You can get your own stripe API key by logging into Stripe Dashboard and get the test key. It will look something like this 'sk_live_...3Vls'.
In this tutorial we are gonna use the default sandbox key from here which is provided by stripe.

Note:

If you are using your own API key, then make sure to turn on "TEST MODE" from your Stripe Dashboard otherwise you might face some unexpected charges during the test and you will be able to see the test transactions in your dashboard.

Getting Started:

Stripe Charges the amount in cents so if you want to charge $200 then your amount would be 20000 ($200 x 100 = 20000).
We are not using any Database here so I'm just gonna store customer ID as a Constant during this tutorial. So if you use this make sure to connect to Database if you want to store customer's stripe data.

Install the dependencies.

$ npm init

Install Express, Stripe-Node packages

$ npm install express 
$ npm install --save stripe

Index.js

Ok now we get to create our first file called index.js . Once created, at the top of the file we want to include all of the dependencies that we will need for our project:

const express = require("express");
const app = express();
const port = 3000;

app.use(express.json());

When we want to test and make sure our server is working, we will run this function to listen on port 3000 and log a string if its successful:

app.get("/", (req, res) => {
  res.send("Hello World!");
});

app.listen(port, () => {
  console.log(`App listening at http://localhost:${port}`);
});

Now if you open your browser and type: http://localhost:3000/ you will see ' Hello World!' in your browser.

At this point our index.js file should look like this:

const express = require("express");
const app = express();
const port = 3000;

app.use(express.json());

app.get("/", (req, res) => {
    res.send("Hello World!");
});

app.listen(port, () => {
    console.log(`App listening at http://localhost:${port}`);
});

Stripe.js

Let's create a new file called strie.js which will be used for handling all stripe calls. Once created we are going to create a simple GET request and exporting our route file so index.js can access it:

const express = require("express");
const router = express.Router();

router.get("/", (req, res) => {
  res.status(200).json({
    message: "Stripe Hello World!",
  });
});

module.exports = router;

Adding stripe.js route to index.js

const stripe = require("./stripe");
app.use("/api/", stripe);

Now the index.js will something similar to this:

const express = require("express");
const app = express();
const stripe = require("./stripe");
const port = 3000;

app.use(express.json());

app.use("/api/", stripe);

app.get("/", (req, res) => {
  res.send("Hello World!");
});

app.listen(port, () => {
  console.log(`App listening at http://localhost:${port}`);
});

Now if you open your browser and type: http://localhost:3000/api/ you will see ' Stripe Hello World!' in your browser.

Creating a new Stripe Customer

In Stripe.js file let's add the stripe key as a constant and adding stripe module:

const Stripe_Key = 'sk_test_....jQb';
const stripe = require("stripe")(Stripe_Key);

and let's create an api which will create a new customer id from user's email address

Note
If you are using your own API key then you can add your organization account Secret Key. So it will link the customer with your organization.

You can add some extra fileds during creating the new customer using stripe API which you can found here on Stripe Documents
Currently we are not using any Database so we have to note down the customer id somewhere from our response message.

Response :

Let's Note Down Our Customer ID here: 'cus_IDxxDETTAorXTO'

Adding a card to the existing customer

For testing purposes we don't need to use real card data. Stripe has given some list of the card for the testing purposes and we are going to use it in this. You can find it here Stripe Test Cards

Card Number, Expiry Month, Year, CVC these are the required parameters for adding a new card. So if those parameters are not passed in the body then we are going throw a bad request error as the response.

Response :

View Customer's All Cards

To get the list of customer's saved cards we need to just pass the customerID which was generated by the stripe earlier.
In this case we only need cardId, Card Type, Expiry Details and Last 4 digit of the saved card. But if you need more data of the saved card you can find it here on Stripe Docs for View saved Cards

Response :

Update Card Details

From customer's saved card details we will get the cardID and from cardID we can update the saved card details like card holder name, expiry month, expiry year, address details etc. All the details except cardId is optional for update operation.
If you need to update more fields then you can find it here on Stripe Docs for Updating Card Details

Response :

Delete Saved Card

To delete a saved card we need to pass the ID of the savedCard

Response :

Creating A Payment Charge

We have two choices over here -- Customer can pay from existing card. -- Customer can pay without saving the new card or without existing cards.
So we are going to use 'oneTime' parameter from request.body as a toggle switch between them.

One Time Payment with new Card

const { amount, email } = req.body;
    const {
      cardNumber,
      cardExpMonth,
      cardExpYear,
      cardCVC,
      country,
      postalCode,
    } = req.body;

    if (!cardNumber || !cardExpMonth || !cardExpYear || !cardCVC) {
      return res.status(400).send({
        Error: "Necessary Card Details are required for One Time Payment",
      });
    }
    try {
      const cardToken = await stripe.tokens.create({
        card: {
          number: cardNumber,
          exp_month: cardExpMonth,
          exp_year: cardExpYear,
          cvc: cardCVC,
          address_state: country,
          address_zip: postalCode,
        },
      });

      const charge = await stripe.charges.create({
        amount: amount,
        currency: "usd",
        source: cardToken.id,
        receipt_email: email,
        description: `Stripe Charge Of Amount ${amount} for One Time Payment`,
      });

      if (charge.status === "succeeded") {
        return res.status(200).send({ Success: charge });
      } else {
        return res
          .status(400)
          .send({ Error: "Please try again later for One Time Payment" });
      }
    } catch (error) {
      return res.status(400).send({
        Error: error.raw.message,
      });
    }

Payment with an existing Card

const { amount, cardId,  email } = req.body;

try {
      const createCharge = await stripe.charges.create({
        amount: amount,
        currency: "usd",
        receipt_email: email,
        customer: customerId,
        card: cardId,
        description: `Stripe Charge Of Amount ${amount} for Payment`,
      });
      if (createCharge.status === "succeeded") {
        return res.status(200).send({ Success: createCharge });
      } else {
        return res
          .status(400)
          .send({ Error: "Please try again later for payment" });
      }
    } catch (error) {
      return res.status(400).send({
        Error: error.raw.message,
      });
    }

Final Charge Payment Code

One Time Payment Response :

Saved Card Payment Response :

Final Stripe.JS

Now the stripe.js will something similar to this:

const express = require("express");
const router = express.Router();
const Stripe_Key =
  "sk_test_....Qb";
const stripe = require("stripe")(Stripe_Key);
const customerId = "cus_IDxx....orXTO";

router.get("/", (req, res) => {
  res.status(200).json({
    message: "Stripe Hello World!",
  });
});

// Create a new customer for stripe
router.post("/newCustomer", async (req, res) => {
  console.log("\n\n Body Passed:", req.body);
  try {
    const customer = await stripe.customers.create(
      {
        email: req.body.email,
      }
      // {
      //   // If you are using your own api then you can add your organization account here. So it will link the customer with your organization
      //   stripeAccount: process.env.StripeAccountId,
      //}
    );
    return res.status(200).send({
      //   customerDetails: customer,
      customerId: customer.id,
      customerEmail: customer.email,
    });
  } catch (error) {
    return res.status(400).send({ Error: error.raw.message });
  }
});

// Add a new card of the customer
router.post("/addNewCard", async (req, res) => {
  console.log("\n\n Body Passed:", req.body);
  const {
    cardNumber,
    cardExpMonth,
    cardExpYear,
    cardCVC,
    cardName,
    country,
    postal_code,
  } = req.body;

  if (!cardNumber || !cardExpMonth || !cardExpYear || !cardCVC) {
    return res.status(400).send({
      Error: "Please Provide All Necessary Details to save the card",
    });
  }
  try {
    const cardToken = await stripe.tokens.create({
      card: {
        name: cardName,
        number: cardNumber,
        exp_month: cardExpMonth,
        exp_year: cardExpYear,
        cvc: cardCVC,
        address_country: country,
        address_zip: postal_code,
      },
      // customer: customer.stripe_id,
      // stripe_account: StripeAccountId,
    });

    const card = await stripe.customers.createSource(customerId, {
      source: `${cardToken.id}`,
    });

    return res.status(200).send({
      card: card.id,
    });
  } catch (error) {
    return res.status(400).send({
      Error: error.raw.message,
    });
  }
});

// Get List of all saved card of the customers
router.get("/viewAllCards", async (req, res) => {
  let cards = [];
  try {
    const savedCards = await stripe.customers.listSources(customerId, {
      object: "card",
    });
    const cardDetails = Object.values(savedCards.data);

    cardDetails.forEach((cardData) => {
      let obj = {
        cardId: cardData.id,
        cardType: cardData.brand,
        cardExpDetails: `${cardData.exp_month}/${cardData.exp_year}`,
        cardLast4: cardData.last4,
      };
      cards.push(obj);
    });
    return res.status(200).send({
      cardDetails: cards,
    });
  } catch (error) {
    return res.status(400).send({
      Error: error.raw.message,
    });
  }
});

// Update saved card details of the customer
router.post("/updateCardDetails", async (req, res) => {
  const { cardName, cardExpMonth, cardExpYear, cardId } = req.body;

  if (!cardId) {
    return res.status(400).send({
      Error: "CardID is Required to update",
    });
  }
  try {
    const card = await stripe.customers.updateSource(customerId, cardId, {
      name: cardName,
      exp_month: cardExpMonth,
      exp_year: cardExpYear,
    });
    return res.status(200).send({
      updatedCard: card,
    });
  } catch (error) {
    return res.status(400).send({
      Error: error.raw.message,
    });
  }
});

// Delete a saved card of the customer
router.post("/deleteCard", async (req, res) => {
  console.log("\n\n Body Passed:", req.body);
  const { cardId } = req.body;
  if (!cardId) {
    return res.status(400).send({
      Error: "CardId is required to delete Card",
    });
  }
  try {
    const deleteCard = await stripe.customers.deleteSource(customerId, cardId);
    return res.status(200).send(deleteCard);
  } catch (error) {
    return res.status(400).send({
      Error: error.raw.message,
    });
  }
});

// Create a payment charge
router.post("/createCharge", async (req, res) => {
  const { amount, cardId, oneTime, email } = req.body;
  if (oneTime) {
    const {
      cardNumber,
      cardExpMonth,
      cardExpYear,
      cardCVC,
      country,
      postalCode,
    } = req.body;

    if (!cardNumber || !cardExpMonth || !cardExpYear || !cardCVC) {
      return res.status(400).send({
        Error: "Necessary Card Details are required for One Time Payment",
      });
    }
    try {
      const cardToken = await stripe.tokens.create({
        card: {
          number: cardNumber,
          exp_month: cardExpMonth,
          exp_year: cardExpYear,
          cvc: cardCVC,
          address_state: country,
          address_zip: postalCode,
        },
      });

      const charge = await stripe.charges.create({
        amount: amount,
        currency: "usd",
        source: cardToken.id,
        receipt_email: email,
        description: `Stripe Charge Of Amount ${amount} for One Time Payment`,
      });

      if (charge.status === "succeeded") {
        return res.status(200).send({ Success: charge });
      } else {
        return res
          .status(400)
          .send({ Error: "Please try again later for One Time Payment" });
      }
    } catch (error) {
      return res.status(400).send({
        Error: error.raw.message,
      });
    }
  } else {
    try {
      const createCharge = await stripe.charges.create({
        amount: amount,
        currency: "usd",
        receipt_email: email,
        customer: customerId,
        card: cardId,
        description: `Stripe Charge Of Amount ${amount} for Payment`,
      });
      if (createCharge.status === "succeeded") {
        return res.status(200).send({ Success: charge });
      } else {
        return res
          .status(400)
          .send({ Error: "Please try again later for payment" });
      }
    } catch (error) {
      return res.status(400).send({
        Error: error.raw.message,
      });
    }
  }
});

module.exports = router;

Conclusion

This is the totally working code to handle payment and its related data. All you have to do is replace the sandbox key with your Strip API key and it will work perfectly. Let me know if it is not working or anything I would really appreciate your feedbacks.

Dealing with Timezone in JavaScript

Abhee Hudani ☕ — Tue, 13 Oct 2020 17:58:13 +0000

Dealing With Different Timezone in JavaScript

At some point in developer's life he has to deal with different timezones. And I guess it was my turn.

Why we need to deal with timezone ?

So let's just say that, one user from India, one from Canada, and one from Australia makes a new request for 10th January 2020. But the thing is that date is not same for all the users because of the different timezone which they are following.

Let's frame this in another way:

You are creating an international cab service, which accepts user's request date and time and according to that cab driver will provide service. If no cab driver accepts user's service before 8 hours then it will be marked as expired.
Now you get a call from Australia and a customer will say, by the way we are 9.5 hour ahead from your country. And you will be like okay we can make an exception. Now after 3 hours a customer calls from India and says that by the way we are 4 hours ahead from your country. Now if you think about that, then you will realize that there are more than 24 timezone. So at that time request expiration or deletion would not be easy because at that time we have to deal with all the timezone according to your customer. Because at that time you use the same 10th Jan 2020 -12 Hours Logic then it won't work for the all the customers.

How to deal with timezone ?

So one way to deal this problem is with JavaScript's getTimezoneOffset() function which returns the difference of request date and utc date in minutes.

getTimezoneOffset(): JavaScript getTimezoneOffset() method method returns the time difference between UTC time and local time, in minutes. It can either positive or negative depending upon user's local timezone from his machine.

So what one can do is just store the 10th Jan 2020 for all the users as UTC Timestamp and in another DB column you can store the offSet Difference value.
So whenever we want to check date for expiration or deletion purpose or any date related operations, we can just subtract the value (which is in minutes) from the original requested date.
So this way we can get the requested date in our current date and time. And after that we can find the difference between user's request date (which is now converted to our local timestamp) and current date(local time).

One Another way to deal this is using UNIX Timestamp.

UNIX Time : Unix time is a system for describing a point in time. It is the number of seconds that have elapsed since the Unix epoch, minus leap seconds, the Unix epoch is 00:00:00 UTC on 1 January 1970.

You can convert user's local time into UNIX time and then you can store it in the database and whenever you want to check for expiration or deletion you will just get the difference between request data's UNIX time and current time UNIX time.

Conclusion

I'm not saying this is 100% fail proof but I this solution worked for me. And I hope it will help you to give you a kick start. It might not be the best solution, but it gets the job done.