HTTPS SSH

This is an application using the Play framework (1.2.5) for a simple store using
Stripe ( https://stripe.com/ ) as a payment processor.

This sample store sells a maximum of 3 items per person. People can optionally
choose to donate to cover costs and whether or not they want a tung oil finish
on the item. Obviously for your own store, you will want to change this.

Despite the optional payment being listed as a donation, unless you have tax-
exempt status, those in the US may still need to collect taxes depending on the
laws for internet businesses from the states in which donating customers reside.
Those in Canada would need to do the same for provinces. This application as it
stands DOES NOT calculate or collect taxes. So if needed, don't forget to modify
it appropriately be properly lawful.

If you deploy this application for real use, it should be over HTTPS! DO NOT
risk your customers' data over an unsecured connection. There are plenty of
places offering store-trusted certificates, please acquire one.

This store requires JavaScript to work (which displays a message if the user has
turned if off in the browser). As a result of this, a customer's payment
information (credit card, CVC/CVV2, expiration, and billing address) is not
stored on the server. The server is only a pass-through of this encrypted data
to Stripe. The store does save the amount donated, quantity ordered,
(optionally) an email address, finish, and their shipping address.

The icons used in this application are from the Fugue icon set created by Yusuke
Kamiyamane and available at http://p.yusukekamiyamane.com/

The idyllic water header image is mine and I give rights to its use, however,
you will probably want to change it to something that more suits your particular
store and what you are selling in it.

The rest is licensed under the BSD 3-clause license, a copy of which is included
with the source. http://opensource.org/licenses/BSD-3-Clause

Setup instructions:

Before deploying, some setup needs to be done to make the application ready to
run. Anything starting with "run" needs to be done from a command line in the
application's directory.

  1. run "play secret"

    this generates a new secret key for the application. by default, the
    application does not ship with one.

  2. run "play dependencies"

    This connects to the internet to download all the required dependencies.

  3. Edit the application.conf directory to set up OpenID, Stripe, email, etc. and
    follow the instructions or notes above each entry. Items to edit are below:

    1. application.name

    2. application.defaultOpenId

    3. application.openIdSalt

    4. application.stripeApiKey

      This requires creating and setting up an account with Stripe. They
      do have a test-API key you can use until then, however.

    5. application.mode

      You will want to set this to "prod" on live deployment. When
      testing, leave it as "dev". If the framework you use for
      deployment is different from your testing framework, you can use
      the "%frameworkid.application.mode" syntax to automatically switch.

    6. db

      Any of the "db" properities. There is no default database so the
      app will fail to start if you don't select one. Don't use "db=mem"
      for a long-term deployed application.

    7. mail

      If you want actual mail to be sent out when users are charged or
      their order ships, these need to be filled out. The default of
      "mock" just prints to the console.

    8. Set up any admin user[s] in the config/initial-data.yml file

      1. The OpenID handling automatically creates users on the fly when
        they log in to the application if that user doesn't already exist
        in the system. By pre-defining users to be loaded at the start of
        the application, their admin flag can be set before a non-admin
        user is created for them when they log in.

      2. Only pre-define admin users if you trust the end providing OpenID.
        Anyone who can gain access to an OpenIDable account pre-marked
        with the admin flag will have extra access. Within this app admins
        can only view all orders and ship them, but even so the caution
        applies. If you do not trust the OpenID provider but must work
        with them, you need to set up another way to allow admins access
        separate from the OpenID users.

    9. Quantity

      This requires some code hacking. The default quantity is set to 50
      and because of the simplicity of this application is hard-coded in
      to the app/Application.java file. Just change the two spots 50 is
      used to update the quantity, or complexify this application with a
      better way to update the quantity on the fly as more stock becomes
      available.

    10. Stripe Webhooks (callbacks)

      Stripe supports calling web applications back after transactions to
      let them know the results. This app has a route /stripe that points
      to the Application.stripe action which listens for successful charges
      and marks the appropriate orders as such. This is an optional step but
      you may find it to be a useful feature. To set this up as a webhook,
      follow the instructions below.

      1. Log in to your Stripe account.

      2. Click the account dropdown at the top right and go to "Account Settings".

      3. Select the Webhooks tab.

      4. Click "Add URL", paste in the URL to your app's /stripe route, and
        click "Create endpoint".

      The app currently only looks for charge.succeeded events so you can tell
      Stripe to only send those events when setting up the webhook, but it won't
      hurt anything if you tell Stripe to send all events. Getting all events
      would make it easier to add support for others in the future, such as
      charge.failed