A wise and secure online marketplace for selling files. online-marketplace safely encodes purchase information in urls (AES(bcrypt-hash)) and performs operations via automated, interactive email system.
In short we must ask, if it is possible to sell digital goods without forcing the user to create an account. If this is in deed, possible; then as a corollary: Why are we forcing the users to signup if it is not necessary.
There are no pros that could possibly outweigh the problems associated with a server breach, the legal repercussions that follow, and even the development of the features and flows to capture PII in the first place.
In the age of secure off-site (Stripe) 3rd party payment processors, signups (username/password) are not always necessary to run an online business. Username/Password invariably induces the need for other PII such as e-mail address to verify the claimed user identity and later to reset password. This relationship will then call for first and last name and later possibly address/ID where email is insufficient means of verification.
At this point we must ask, is all of this necessary. Customer information is an enormous liability in several domains. Legal (PII privacy laws), Software Vulnerabilities and Network Security. Additionally, we must also consider convenience. Sometimes a customer just wants the product.zip file without creating accounts and going through the extra effort that comes with it. Customers passing a security check on Stripe/PayPal should not sign-up the second time to the website, especially if they don't need to (in the larger sense, when trading money for service).
Stripe secret key, used to execute API commands on Stripe.com.
Secret Download Key used to encrypt re-download link.
Secret salt in decrypted link information.
mkdir my-online-marketplacecd my-online-marketplace/git clone https://github.com/fantasyui-com/online-marketplace.git .npm inpm start
at this point you will see http://0.0.0.0:8080/ navigate to the address to view the homepage.
Use default npm (uses server.js)
Use default npm command
Clone repository, install supervisor
npm install -G supervisor and then:
npm run watch;
Test system uses mocha.
curl -o- https://raw.githubusercontent.com/creationix/nvm/v0.33.1/install.sh | bashexport NVM_DIR="$HOME/.nvm"; [ -s "$NVM_DIR/nvm.sh" ] && \. "$NVM_DIR/nvm.sh" # This loads nvmnvm install node # node installednpm i -g pm2 # pm2 installed
cd ~git clone https://github.com/fantasyui-com/online-marketplace.gitcd online-marketplace/npm i;
cd ~pm2 start online-marketplace/server.jspm2 save
You MUST set three ENV variables
STRIPE_PUBLISHABLE_KEY=pk_test_6pRNASCoBOKtIshFeQd4XMUh \STRIPE_SECRET_KEY=sk_test_BQokikJOvBiI2HlWgH4olfQ2 \DOWNLOAD_SECRET_KEY=sk_test_c40aeeb535784f3fa179b107c5ee8e99 \DOWNLOAD_SECRET_SALT=st_test_784f3fa179b3f3f50a7c5faeeb5ee87c \node server.js
If you choose to use pm2 you can activate the provided process.json via
$> start online-marketplace/process.json please remember to update and guard the secret keys.
Server requires access to low level ports 80 (http) and 443 (https) to operate by default.
On linux servers you can use the following command to give Node access to these ports.
Note use of
sudo setcap cap_net_bind_service=+ep $(which node)
Note: Port forwarding is the preferred method.