For discussion -- Stripe integration

Summary:
various stripe stuff, including

- external stripe library
- payment form
- test controller to play with payment form, sample business logic

My main questions / discussion topics are...

- is the stripe PHP library too big? (ie should I write something more simple just for phabricator?)
-- if its cool, what is the best way to include the client? (ie should I make it a submodule rather than the flat copy here?)
- is the JS I wrote (too) ridiculous?
-- particularly unhappy with the error message stuff being in JS *but* it seemed the best choice given the most juicy error messages come from the stripe JS such that the overall code complexity is lowest this way.
- how should the stripe JS be included?
-- flat copy like I did here?
-- some sort of external?
-- can we just load it off stripe servers at request time? (I like that from the "if stripe is down, stripe is down" perspective)
- wasn't sure if the date control was too silly and should just be baked into the form?
-- for some reason I feel like its good to be prepared to walk away from Stripe / switch providers here, though I think this is on the wrong side of pragmatic

Test Plan: - played around with sample client form

Reviewers: epriestley

Reviewed By: epriestley

CC: aran

Differential Revision: https://secure.phabricator.com/D2096

Author: bobtrahan

externals/stripe-js/stripe_core.js

@@ -0,0 +1,21 @@
+The MIT License
+
+Copyright (c) 2010 Stripe
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

externals/stripe-php/LICENSE

@@ -0,0 +1,20 @@
+= Installation
+
+Obtain the latest version of the Stripe PHP bindings with:
+
+    git clone https://github.com/stripe/stripe-php
+
+To get started, add the following to your PHP script:
+
+    require_once("/path/to/stripe-php/lib/Stripe.php");
+
+Simple usage looks like:
+
+    Stripe::setApiKey('d8e8fca2dc0f896fd7cb4cb0031ba249');
+    $myCard = array('number' => '4242424242424242', 'exp_month' => 5, 'exp_year' => 2015);
+    $charge = Stripe_Charge::create(array('card' => $myCard, 'amount' => 2000, 'currency' => 'usd'));
+    echo $charge;
+
+= Documentation
+
+Please see https://stripe.com/api for up-to-date documentation.

externals/stripe-php/README.rdoc

@@ -0,0 +1 @@
+1.6.3

externals/stripe-php/VERSION

@@ -0,0 +1,66 @@
+<?php
+
+// Tested on PHP 5.2, 5.3
+
+// This snippet (and some of the curl code) due to the Facebook SDK.
+if (!function_exists('curl_init')) {
+  throw new Exception('Stripe needs the CURL PHP extension.');
+}
+if (!function_exists('json_decode')) {
+  throw new Exception('Stripe needs the JSON PHP extension.');
+}
+
+
+abstract class Stripe
+{
+  public static $apiKey;
+  public static $apiBase = 'https://api.stripe.com/v1';
+  public static $verifySslCerts = true;
+  const VERSION = '1.6.3';
+
+  public static function getApiKey()
+  {
+    return self::$apiKey;
+  }
+
+  public static function setApiKey($apiKey)
+  {
+    self::$apiKey = $apiKey;
+  }
+
+  public static function getVerifySslCerts() {
+    return self::$verifySslCerts;
+  }
+
+  public static function setVerifySslCerts($verify) {
+    self::$verifySslCerts = $verify;
+  }
+}
+
+
+// Utilities
+require(dirname(__FILE__) . '/Stripe/Util.php');
+require(dirname(__FILE__) . '/Stripe/Util/Set.php');
+
+// Errors
+require(dirname(__FILE__) . '/Stripe/Error.php');
+require(dirname(__FILE__) . '/Stripe/ApiError.php');
+require(dirname(__FILE__) . '/Stripe/ApiConnectionError.php');
+require(dirname(__FILE__) . '/Stripe/AuthenticationError.php');
+require(dirname(__FILE__) . '/Stripe/CardError.php');
+require(dirname(__FILE__) . '/Stripe/InvalidRequestError.php');
+
+// Plumbing
+require(dirname(__FILE__) . '/Stripe/Object.php');
+require(dirname(__FILE__) . '/Stripe/ApiRequestor.php');
+require(dirname(__FILE__) . '/Stripe/ApiResource.php');
+
+// Stripe API Resources
+require(dirname(__FILE__) . '/Stripe/Charge.php');
+require(dirname(__FILE__) . '/Stripe/Customer.php');
+require(dirname(__FILE__) . '/Stripe/Invoice.php');
+require(dirname(__FILE__) . '/Stripe/InvoiceItem.php');
+require(dirname(__FILE__) . '/Stripe/Plan.php');
+require(dirname(__FILE__) . '/Stripe/Token.php');
+require(dirname(__FILE__) . '/Stripe/Coupon.php');
+require(dirname(__FILE__) . '/Stripe/Event.php');

externals/stripe-php/lib/Stripe.php

@@ -0,0 +1,5 @@
+<?php
+
+class Stripe_ApiConnectionError extends Stripe_Error
+{
+}

externals/stripe-php/lib/Stripe/ApiConnectionError.php

@@ -0,0 +1,5 @@
+<?php
+
+class Stripe_ApiError extends Stripe_Error
+{
+}

externals/stripe-php/lib/Stripe/ApiError.php

@@ -0,0 +1,197 @@
+<?php
+
+class Stripe_ApiRequestor
+{
+  public $apiKey;
+
+  public function __construct($apiKey=null)
+  {
+    $this->_apiKey = $apiKey;
+  }
+
+  public static function apiUrl($url='')
+  {
+    $apiBase = Stripe::$apiBase;
+    return "$apiBase$url";
+  }
+
+  public static function utf8($value)
+  {
+    if (is_string($value))
+      return utf8_encode($value);
+    else
+      return $value;
+  }
+
+  private static function _encodeObjects($d)
+  {
+    if ($d instanceof Stripe_ApiRequestor) {
+      return $d->id;
+    } else if ($d === true) {
+      return 'true';
+    } else if ($d === false) {
+      return 'false';
+    } else if (is_array($d)) {
+      $res = array();
+      foreach ($d as $k => $v)
+	$res[$k] = self::_encodeObjects($v);
+      return $res;
+    } else {
+      return $d;
+    }
+  }
+
+  public static function encode($d)
+  {
+    return http_build_query($d, null, '&');
+  }
+
+  public function request($meth, $url, $params=null)
+  {
+    if (!$params)
+      $params = array();
+    list($rbody, $rcode, $myApiKey) = $this->_requestRaw($meth, $url, $params);
+    $resp = $this->_interpretResponse($rbody, $rcode);
+    return array($resp, $myApiKey);
+  }
+
+  public function handleApiError($rbody, $rcode, $resp)
+  {
+    if (!is_array($resp) || !isset($resp['error']))
+      throw new Stripe_ApiError("Invalid response object from API: $rbody (HTTP response code was $rcode)", $rcode, $rbody, $resp);
+    $error = $resp['error'];
+    switch ($rcode) {
+    case 400:
+    case 404:
+      throw new Stripe_InvalidRequestError(isset($error['message']) ? $error['message'] : null,
+                                           isset($error['param']) ? $error['param'] : null,
+                                           $rcode, $rbody, $resp);
+    case 401:
+      throw new Stripe_AuthenticationError(isset($error['message']) ? $error['message'] : null, $rcode, $rbody, $resp);
+    case 402:
+      throw new Stripe_CardError(isset($error['message']) ? $error['message'] : null,
+                                 isset($error['param']) ? $error['param'] : null,
+                                 isset($error['code']) ? $error['code'] : null,
+                                 $rcode, $rbody, $resp);
+    default:
+      throw new Stripe_ApiError(isset($error['message']) ? $error['message'] : null, $rcode, $rbody, $resp);
+    }
+  }
+
+  private function _requestRaw($meth, $url, $params)
+  {
+    $myApiKey = $this->_apiKey;
+    if (!$myApiKey)
+      $myApiKey = Stripe::$apiKey;
+    if (!$myApiKey)
+      throw new Stripe_AuthenticationError('No API key provided.  (HINT: set your API key using "Stripe::setApiKey(<API-KEY>)".  You can generate API keys from the Stripe web interface.  See https://stripe.com/api for details, or email support@stripe.com if you have any questions.');
+
+    $absUrl = $this->apiUrl($url);
+    $params = self::_encodeObjects($params);
+    $langVersion = phpversion();
+    $uname = php_uname();
+    $ua = array('bindings_version' => Stripe::VERSION,
+		'lang' => 'php',
+		'lang_version' => $langVersion,
+		'publisher' => 'stripe',
+		'uname' => $uname);
+    $headers = array('X-Stripe-Client-User-Agent: ' . json_encode($ua),
+		     'User-Agent: Stripe/v1 PhpBindings/' . Stripe::VERSION);
+    list($rbody, $rcode) = $this->_curlRequest($meth, $absUrl, $headers, $params, $myApiKey);
+    return array($rbody, $rcode, $myApiKey);
+  }
+
+  private function _interpretResponse($rbody, $rcode)
+  {
+    try {
+      $resp = json_decode($rbody, true);
+    } catch (Exception $e) {
+      throw new Stripe_ApiError("Invalid response body from API: $rbody (HTTP response code was $rcode)", $rcode, $rbody);
+    }
+
+    if ($rcode < 200 || $rcode >= 300) {
+      $this->handleApiError($rbody, $rcode, $resp);
+    }
+    return $resp;
+  }
+
+  private function _curlRequest($meth, $absUrl, $headers, $params, $myApiKey)
+  {
+    $curl = curl_init();
+    $meth = strtolower($meth);
+    $opts = array();
+    if ($meth == 'get') {
+      $opts[CURLOPT_HTTPGET] = 1;
+      if (count($params) > 0) {
+	$encoded = self::encode($params);
+	$absUrl = "$absUrl?$encoded";
+      }
+    } else if ($meth == 'post') {
+      $opts[CURLOPT_POST] = 1;
+      $opts[CURLOPT_POSTFIELDS] = self::encode($params);
+    } else if ($meth == 'delete')  {
+      $opts[CURLOPT_CUSTOMREQUEST] = 'DELETE';
+      if (count($params) > 0) {
+	$encoded = self::encode($params);
+	$absUrl = "$absUrl?$encoded";
+      }
+    } else {
+      throw new Stripe_ApiError("Unrecognized method $meth");
+    }
+
+    $absUrl = self::utf8($absUrl);
+    $opts[CURLOPT_URL] = $absUrl;
+    $opts[CURLOPT_RETURNTRANSFER] = true;
+    $opts[CURLOPT_CONNECTTIMEOUT] = 30;
+    $opts[CURLOPT_TIMEOUT] = 80;
+    $opts[CURLOPT_RETURNTRANSFER] = true;
+    $opts[CURLOPT_HTTPHEADER] = $headers;
+    $opts[CURLOPT_USERPWD] = $myApiKey . ':';
+    if (!Stripe::$verifySslCerts)
+      $opts[CURLOPT_SSL_VERIFYPEER] = false;
+
+    curl_setopt_array($curl, $opts);
+    $rbody = curl_exec($curl);
+
+    $errno = curl_errno($curl);
+    if ($errno == CURLE_SSL_CACERT || $errno == CURLE_SSL_PEER_CERTIFICATE) {
+      array_push($headers, 'X-Stripe-Client-Info: {"ca":"using Stripe-supplied CA bundle"}');
+      curl_setopt($curl, CURLOPT_HTTPHEADER, $headers);
+      curl_setopt($curl, CURLOPT_CAINFO,
+                  dirname(__FILE__) . '/../data/ca-certificates.crt');
+      $rbody = curl_exec($curl);
+    }
+
+    if ($rbody === false) {
+      $errno = curl_errno($curl);
+      $message = curl_error($curl);
+      curl_close($curl);
+      $this->handleCurlError($errno, $message);
+    }
+
+    $rcode = curl_getinfo($curl, CURLINFO_HTTP_CODE);
+    curl_close($curl);
+    return array($rbody, $rcode);
+  }
+
+  public function handleCurlError($errno, $message)
+  {
+    $apiBase = Stripe::$apiBase;
+    switch ($errno) {
+    case CURLE_COULDNT_CONNECT:
+    case CURLE_COULDNT_RESOLVE_HOST:
+    case CURLE_OPERATION_TIMEOUTED:
+      $msg = "Could not connect to Stripe ($apiBase).  Please check your internet connection and try again.  If this problem persists, you should check Stripe's service status at https://twitter.com/stripestatus, or let us know at support@stripe.com.";
+      break;
+    case CURLE_SSL_CACERT:
+    case CURLE_SSL_PEER_CERTIFICATE:
+      $msg = "Could not verify Stripe's SSL certificate.  Please make sure that your network is not intercepting certificates.  (Try going to $apiBase in your browser.)  If this problem persists, let us know at support@stripe.com.";
+      break;
+    default:
+      $msg = "Unexpected error communicating with Stripe.  If this problem persists, let us know at support@stripe.com.";
+    }
+
+    $msg .= "\n\n(Network error: $message)";
+    throw new Stripe_ApiConnectionError($msg);
+  }
+}