KM SOFT

Food delivery website

Upgrading Stripe payments in a legacy app

Duration: 2020.09 - 2020.12 (3 months)
Technologies: Ruby, Rails, MongoDB, JavaScript, AngularJS, HTML, CSS, Stripe
Methodology: Kanban

As a developer at TheMasters Software House, I was tasked with upgrading a client’s integration with Stripe by implementing the new PaymentIntent API. This project necessitated significant modifications to both the backend and frontend systems of a legacy Rails monolith application that had been poorly maintained. The frontend utilized AngularJS version 1.6, an older framework that I was familiar with from my experience dating back to 2015.

Initially, my role was to assist a less experienced colleague in navigating the complexities of the AngularJS frontend as he would work on the tasks. However, due to the “specific nature” of the code and the heavy reliance on AngularJS-specific features, I soon took over the tasks entirely as a strong AngularJS experience was a must to get anything done.

The application, designed for ordering food from restaurants (with many delivery options, dedicated for night and hotel deliveries), had been operating in the British market for several years. It had an existing payment system integrated with Stripe. As the API vesion used was about the be discontinued, it required an upgrade to the latest API version, the PaymentIntents API. This upgrade involved changes to the checkout flow.

The main work involved:

  • Implementing the new credit card payment flow using Stripe PaymentIntents.
  • Ensuring that WeChat, AliPay, ApplePay, and PayPal payments were processed correctly after the switch.
  • Handling saved credit cards in user accounts, it required some additional work.
  • Applying changes in managing refunds in the Admin Panel.
  • Adding webhooks handling logic, related to PaymentIntents (payment_intent.succeeded and payment_intent.payment_failed).

During the implementation efforts, I discovered some issues that (by analyzing the git history) were present in the system for a while:

  • 3D Secure flow was not functioning correctly (which was fixed by the way, as a “side effect” of the upgrade).
  • Few vulnerabilities related with price calculations (which I described and shown to the client).
  • A weird issue where the frontend would not display response error to users until an interaction was taken, eg clicking anywhere or switching browser tabs (an AngularJS-related quirk).
  • I’ve found some unused, payment related code paths which I’ve discussed with the client’s developer as I wasn’t sure what was if form, and if I should do anything with it. They were unnecessary, and therefore deleted.