#Resources

🧁 The full code base can be found here.

• Test card number: 4242 4242 4242 4242!
• Choose a valid and random MM/YY (e.g. 09/23), as well as a random CVC (e.g. 123).

#A Paid Membership Site

If you’re looking for a way to finally charge people for your hard-earned digital work, look no further! In this tutorial, you’ll learn how to create a paid membership app where users can pay for a lifetime access pass to your Premium Content 💸.

We'll be using Stripe as our payment processor, Magic as our auth solution, React as our front end framework, Express as our server framework for Node.js, and Heroku to deploy our app!

#Prerequisites

1. If you’re unfamiliar with building a membership app with React, Express, and Magic, take a look at Build Magic auth into your React + Express app. We'll be reusing a lot of the code from this guide 😏.
2. Also, feel free to check out Stripe’s guide on the Custom payment flow. We followed the steps listed in this guide to help implement our Stripe payment page 🎊.

#File Structure

The root directory will contain the server-side files. The client folder will have all of the frontend files.

01├── README.md

02├── client

03│ ├── .env

04│ ├── package.json

05│ ├── public

06│ │ └── (static files, such as images)

07│ ├── src

08│ │ ├── App.js

09│ │ ├── components

10│ │ │ ├── header.js

11│ │ │ ├── home.js

12│ │ │ ├── layout.js

13│ │ │ ├── loading.js

14│ │ │ ├── login-form.js

15│ │ │ ├── login.js

16│ │ │ ├── payment-form.js

17│ │ │ ├── payment.js

18│ │ │ ├── premium-content.js

19│ │ │ ├── profile.js

20│ │ │ ├── signup-form.js

21│ │ │ ├── signup.js

22│ │ ├── index.js

23│ │ └── lib

24│ │ │ ├── LifetimeAccessRequestStatusContext.js

25│ │ │ ├── LifetimeContext.js

26│ │ │ ├── UserContext.js

27│ │ │ └── magic.js

28│ └── yarn.lock

29├── .env

30├── package.json

31├── server.js

32└── yarn.lock

#Quick Start Instructions

#Magic Setup

Create a Magic account and then grab your REACT_APP_MAGIC_PUBLISHABLE_KEY and MAGIC_SECRET_KEY from your Magic Dashboard.

#Stripe Setup

Create a Stripe account and then grab your REACT_APP_STRIPE_PK_KEY and STRIPE_SECRET_KEY from your Stripe Dashboard.

#Start your Express Server

1. git clone https://github.com/magiclabs/magic-stripe.git
2. cd magic-stripe
3. mv .env.example .env
4. Replace MAGIC_SECRET_KEY and STRIPE_SECRET_KEY with the appropriate values you just copied. Your .env file should look something like this: ⁠
   Bash

   Copy

   01MAGIC_SECRET_KEY=sk_live_XXX

   02CLIENT_URL=http://localhost:3000

   03STRIPE_SECRET_KEY=sk_live_XXX

5. yarn
6. node server.js ⁠

Note: Running yarn helped us pull the dependencies we need for our server, including the Stripe Node library.

#Start your React Client

(in a new terminal session)

1. cd client
2. mv .env.example .env
3. Replace REACT_APP_MAGIC_PUBLISHABLE_KEY and REACT_APP_STRIPE_PK_KEY with the appropriate values you just copied. Your .env file should look something like this: ⁠
   Bash

   Copy

   01REACT_APP_MAGIC_PUBLISHABLE_KEY=pk_live_XXX

   02REACT_APP_SERVER_URL=http://localhost:8080

   03REACT_APP_STRIPE_PK_KEY=pk_live_XXX

4. yarn
5. yarn start

Note: Running yarn helped us pull the dependencies we need for our client, including Stripe.js and the Stripe Elements UI library (both needed to stay PCI compliant; they ensure that card details go directly to Stripe and never reach your server.)

#Magic React Storybook

This tutorial was built using Magic React Storybook 🤩. If you wish to swap the Magic UI components out for your own custom CSS, delete @magiclabs/ui and framer-motionfrom your client/package.json dependencies.

#Client

Let's dive right in by going over the major steps we need to follow to build the app's Client side:

1. Set up the user sign up, payment, login, and logout flows.
2. Build the payment form as well as the Payment page that will house the form.
3. Make this Payment page accessible to the user by creating a Payment Route.

#Standard Auth Setup

#Keep Track of the Logged In User

We'll be keeping track of the logged in user's state with React's useContext hook. Inside App.js, wrap the entire app in <UserContext.Provider>. This way, all of the child components will have access to the hook we created (namely, const [user, setUser] = useState();) to help us determine whether or not the user is logged in.

01/* File: client/src/App.js */

02

03import React, { useState, useEffect } from 'react';

04import { Switch, Route, BrowserRouter as Router } from 'react-router-dom';

05import { UserContext } from './lib/UserContext';

06

07// Import UI components

08import Home from './components/home';

09import PremiumContent from './components/premium-content';

10import Login from './components/login';

11import SignUp from './components/signup';

12import Profile from './components/profile';

13import Layout from './components/layout';

14

15// Import Magic-related things

16import { magic } from './lib/magic';

17

18function App() {

19  // Create a hook to help us determine whether or not the  user is logged in

20  const [user, setUser] = useState();

21

22  // If isLoggedIn is true, set the UserContext with user data

23  // Otherwise, set it to {user: null}

24  useEffect(() => {

25    setUser({ loading: true });

26    magic.user.isLoggedIn().then(isLoggedIn => {

27      return isLoggedIn ? magic.user.getMetadata().then(userData => setUser(userData)) : setUser({ user: null });

28    });

29  }, []);

30

31  return (

32    <Router>

33      <Switch>

34        <UserContext.Provider value={[user, setUser]}>

35          <Layout>

36            <Route path="/" exact component={Home} />

37            <Route path="/premium-content" component={PremiumContent} />

38            <Route path="/signup" component={SignUp} />

39            <Route path="/login" component={Login} />

40            <Route path="/profile" component={Profile} />

41          </Layout>

42        </UserContext.Provider>

43      </Switch>

44    </Router>

45  );

46}

47

48export default App;

Note: Once a user logs in with Magic, unless they log out, they'll remain authenticated for 7 days by default (the session length is customizable by the developer through the Magic dashboard).

#Keep Track of the Paid User

We'll also be keeping track of whether or not the user has paid for lifetime access with the useContext hook. Again, inside of App.js, we wrap the entire app with two new contexts: <LifetimeContext>, then <LifetimeAccessRequestStatusContext>.

01/* File: client/src/App.js */

02import React, { useState, useEffect } from 'react';

03import { Switch, Route, BrowserRouter as Router } from 'react-router-dom';

04import { UserContext } from './lib/UserContext';

05import { LifetimeContext } from './lib/LifetimeContext';

06import { LifetimeAccessRequestStatusContext } from './lib/LifetimeAccessRequestStatusContext';

07

08// Import UI components

09import Home from './components/home';

10import PremiumContent from './components/premium-content';

11import Login from './components/login';

12import SignUp from './components/signup';

13import Profile from './components/profile';

14import Layout from './components/layout';

15

16// Import Magic-related things

17import { magic } from './lib/magic';

18

19function App() {

20  // Create a hook to check whether or not user has lifetime access

21  const [lifetimeAccess, setLifetimeAccess] = useState(false);

22  // Create a hook to prevent infinite loop in useEffect inside of /components/premium-content

23  const [lifetimeAccessRequestStatus, setLifetimeAccessRequestStatus] = useState('');

24  // Create a hook to help us determine whether or not the  user is logged in

25  const [user, setUser] = useState();

26

27  // If isLoggedIn is true, set the UserContext with user data

28  // Otherwise, set it to {user: null}

29  useEffect(() => {

30    setUser({ loading: true });

31    magic.user.isLoggedIn().then(isLoggedIn => {

32      return isLoggedIn ? magic.user.getMetadata().then(userData => setUser(userData)) : setUser({ user: null });

33    });

34  }, []);

35

36  return (

37    <Router>

38      <Switch>

39        <UserContext.Provider value={[user, setUser]}>

40          <LifetimeContext.Provider value={[lifetimeAccess, setLifetimeAccess]}>

41            <LifetimeAccessRequestStatusContext.Provider

42              value={[lifetimeAccessRequestStatus, setLifetimeAccessRequestStatus]}

43            >

44              <Layout>

45                <Route path="/" exact component={Home} />

46                <Route path="/premium-content" component={PremiumContent} />

47                <Route path="/signup" component={SignUp} />

48                <Route path="/login" component={Login} />

49                <Route path="/profile" component={Profile} />

50              </Layout>

51            </LifetimeAccessRequestStatusContext.Provider>

52          </LifetimeContext.Provider>

53        </UserContext.Provider>

54      </Switch>

55    </Router>

56  );

57}

58

59export default App;

As you can see, we've added two new hooks. The first hook will help us determine whether or not user has lifetime access:

01const [lifetimeAccess, setLifetimeAccess] = useState(false);

While the second hook will help us prevent an infinite loop of component re-renderings caused by the useEffect inside of /components/premium-content.

01const [lifetimeAccessRequestStatus, setLifetimeAccessRequestStatus] = useState('');

#Log in with Magic Link Auth

In client/src/components/login.js, magic.auth.loginWithMagicLink() is what triggers the magic link to be emailed to the user. It takes an object with two parameters, email and an optional redirectURI.

Magic allows you to configure the email link to open up a new tab, bringing the user back to your application. Since we won't be using redirect, the user will only get logged in on the original tab.

Once the user clicks the email link, we send the didToken to a server endpoint at /login to validate it. If the token is valid, we update the user's state by setting the UserContext and then redirect them to the profile page.

01/* File: client/src/components/login.js */

02

03async function handleLoginWithEmail(email) {

04  try {

05    setDisabled(true); // Disable login button to prevent multiple emails from being triggered

06

07    // Trigger Magic link to be sent to user

08    let didToken = await magic.auth.loginWithMagicLink({

09      email,

10    });

11

12    // Validate didToken with server

13    const res = await fetch(`${process.env.REACT_APP_SERVER_URL}/login`, {

14      method: 'POST',

15      headers: {

16        'Content-Type': 'application/json',

17        Authorization: 'Bearer ' + didToken,

18      },

19    });

20

21    if (res.status === 200) {

22      // Get info for the logged in user

23      let userMetadata = await magic.user.getMetadata();

24      // Set the UserContext to the now logged in user

25      await setUser(userMetadata);

26      history.push('/profile');

27    }

28  } catch (error) {

29    setDisabled(false); // Re-enable login button - user may have requested to edit their email

30    console.log(error);

31  }

32}

#Sign up with Magic Link Auth

We'll be applying practically the same code as in the Login component to our SignUp component (located in client/src/components/signup.js). The only difference is the user experience.

When a user first lands on our page, they'll have access to our Free Content.

We can also show them a sneak peek of our awesomeness in the Premium Content page.

Once they realize how awesome we are, and have decided to pay $500 for a lifetime access pass, they can click Count Me In.

Since the user is not logged in, our app will ask them to first sign up for a new account. Once they've been authenticated by Magic, they'll be redirected to the Payment page where they can seal the deal to a lifetime access of awesomeness!

#Log out with Magic

To allow users to log out, we'll add a logout function in our Header component. logout() ends the user's session with Magic, clears the user's information from the UserContext, resets both the user's lifetime access as well as the lifetime access request status, and redirects the user back to the login page.

01⁠/* File: client/src/components/header.js */

02

03const logout = () => {

04  magic.user.logout().then(() => {

05    setUser({ user: null }); // Clear user's info

06    setLifetimeAccess(false); // Reset user's lifetime access state

07    setLifetimeAccessRequestStatus(''); // Reset status of lifetime access request

08    history.push('/login');

09  });

10};

#Build the Payment Form

This is where we'll build out the PaymentForm component that's located in client/src/components/payment-form.js.

#Set up the State

To create the PaymentForm component, we'll first need to initialize some state to keep track of the payment, show errors, and manage the user interface.

01/* File: client/src/components/payment-form.js */

02

03const [succeeded, setSucceeded] = useState(false);

04const [error, setError] = useState(null);

05const [processing, setProcessing] = useState('');

06const [disabled, setDisabled] = useState(true);

07const [clientSecret, setClientSecret] = useState('');

There are two more states we need. One to keep track of the customer we create:

01/* File: client/src/components/payment-form.js */

02

03const [customerID, setCustomerID] = useState('');

And the other to set the lifetime access state to true if the user's payment was successful:

01/* File: client/src/components/payment-form.js */

02

03const [, setLifetimeAccess] = useContext(LifetimeContext);

#Store a Reference to Stripe

Since we're using Stripe to process the Customer's payment, we'll need to access the Stripe library. We do this by calling Stripe's useStripe() and useElements() hooks.

01/* File: client/src/components/payment-form.js */

02

03const stripe = useStripe();

04const elements = useElements();

#Fetch a PaymentIntent

As soon as the PaymentForm loads, we'll be making a request to the /create-payment-intent endpoint in our server.js file. Calling this route will create a Stripe Customer as well as a Stripe PaymentIntent. PaymentIntent will help us keep track of the Customer's payment cycle.

The data that the Client gets back includes the clientSecret returned by PaymentIntent. We'll be using this to complete the payment, so we've saved it using setClientSecret(). The data also includes the ID of the Customer that the PaymentIntent belongs to. We'll need this ID when we update the Customer's information, so we’ll also be saving it with setCustomerID().

01/* File: client/src/components/payment-form.js */

02

03useEffect(() => {

04  // Create PaymentIntent as soon as the page loads

05  fetch(`${process.env.REACT_APP_SERVER_URL}/create-payment-intent`, {

06    method: 'POST',

07    headers: {

08      'Content-Type': 'application/json',

09    },

10    body: JSON.stringify({ email }),

11  })

12    .then(res => {

13      return res.json();

14    })

15    .then(data => {

16      setClientSecret(data.clientSecret);

17      setCustomerID(data.customer);

18    });

19}, [email]);

#Update the Stripe Customer

If the Stripe payment transaction was successful, we'll send the Customer's ID to our server's /update-customer endpoint to update the Stripe Customer's information so that it includes a metadata which will help us determine whether or not the user has lifetime access.

Once this request has completed, we can finally redirect the Customer to the Premium Content page and let them bask in the awesomeness of our content.

01/* File: client/src/components/payment-form.js */

02

03const handleSubmit = async ev => {

04  ev.preventDefault();

05  setProcessing(true);

06  const payload = await stripe.confirmCardPayment(clientSecret, {

07    payment_method: {

08      card: elements.getElement(CardElement),

09    },

10  });

11

12  if (payload.error) {

13    setError(`Payment failed ${payload.error.message}`);

14    setProcessing(false);

15  } else {

16    setError(null);

17    setProcessing(false);

18    setSucceeded(true);

19    setLifetimeAccess(true);

20    // Update Stripe customer info to include metadata

21    // which will help us determine whether or not they

22    // are a Lifetime Access member.

23    fetch(`${process.env.REACT_APP_SERVER_URL}/update-customer`, {

24      method: 'POST',

25      headers: {

26        'Content-Type': 'application/json',

27      },

28      body: JSON.stringify({ customerID }),

29    })

30      .then(res => {

31        return res.json();

32      })

33      .then(data => {

34        console.log('Updated Stripe customer object: ', data);

35        history.push('/premium-content');

36      });

37  }

38};

#Add a CardElement

One last task to complete the PaymentForm component is to add the CardElement component provided by Stripe. The CardElement embeds an iframe with the necessary input fields to collect the card data. This creates a single input that collects the card number, expiry date, CVC, and postal code.

01⁠

02/* File: client/src/components/payment-form.js */

03

04<CardElement id="card-element" options={cardStyle} onChange={handleChange} />

#Build the Payment Page

Now that our PaymentForm component is ready, it's time to build the Payment component which will house it! This component is located in client/src/components/payment.js.

The two most important points to note about the Payment component are:

1. We'll be using the user state that we set in UserContext to check whether or not the user is logged in.
2. The component will take in Elements, PaymentForm, and promise as props to help us properly render the Stripe payment form.

01⁠

02/* File: client/src/components/payment.js */

03

04import { useContext, useEffect } from 'react';

05import { useHistory } from 'react-router';

06import { UserContext } from '../lib/UserContext';

07import Loading from './loading';

08

09export default function Payment({ Elements, PaymentForm, promise }) {

10  const [user] = useContext(UserContext);

11  const history = useHistory();

12

13  // If not loading and no user found, redirect to /login

14  useEffect(() => {

15    user && !user.loading && !user.issuer && history.push('/login');

16  }, [user, history]);

17

18  return (

19    <>

20      <h3 className="h3-header">Purchase Lifetime Access Pass to Awesomeness 🤩</h3>

21      <p>

22        Hi again {user?.loading ? <Loading /> : user?.email}! You successfully signed up with your email. Please enter

23        your card information below to purchase your Lifetime Access Pass securely via Stripe:

24      </p>

25      {user?.loading ? (

26        <Loading />

27      ) : (

28        <Elements stripe={promise}>

29          <PaymentForm email={user.email} />

30        </Elements>

31      )}

32      <style>{`

33        p {

34          margin-bottom: 15px;

35        }

36        .h3-header {

37          font-size: 22px;

38          margin: 25px 0;

39        }

40      `}</style>

41    </>

42  );

43}

#Add the Payment Route to App.js

Alright, with the PaymentForm and Payment components complete, we can finally route the user to the /payment page by updating client/src/App.js!

First, we import Stripe.js and the Stripe Elements UI library into our App.js file:

01⁠/* File: client/src/App.js */

02

03import { loadStripe } from '@stripe/stripe-js';

04import { Elements } from '@stripe/react-stripe-js';

Then we'll load Stripe.js outside of the App.js's render to avoid recreating the Stripe object on every render:

01/* File: client/src/App.js */

02

03const promise = loadStripe(process.env.REACT_APP_STRIPE_PK_KEY);

Note: As we saw in Build the Payment Page, promise is a prop that is passed into the Payment component and is used by the Elements provider to give it's child element, PaymentForm, access to the Stripe service.

Next, let's add a new route called /payment which returns the Payment component we created earlier with the props required to properly render the Stripe payment form.

01/* File: client/src/App.js */

02

03function  App() {

04

05...

06                <Route

07                  path="/payment"

08                  render={(props) => {

09                    return (

10                      <Payment

11                        Elements={Elements}

12                        PaymentForm={PaymentForm}

13                        promise={promise}

14                      />

15                    );

16                  }}

17                />

18 ...

19}

20export  default  App;

#Server

Now that we understand how the Client side is built and how it works, let's learn about our Server side code (located in server.js).

Here are the major functions our server needs to work seamlessly with the Client:

1. Validate the Auth Token (didToken) returned by Magic's loginWithMagicLink().
2. Create a Stripe PaymentIntent to keep track of the Customer's payment lifecycle.
3. Create a Stripe Customer so that we can tie the Customer to a matching PaymentIntent and keep track of whether or not the Customer has successfully paid.
4. Validate that the user is indeed a Customer who has lifetime access to your Premium Content.

#Validate the Auth Token (didToken)

As mentioned, when the user clicks the email link to log in, we send the didToken to a server endpoint called /login in order to validate it. It's best practice to validate the DID Token before continuing to avoid invalid or malformed tokens.

We verify the didToken with Magic's validate method. If the didToken is indeed valid, we then send a 200 status code back to the client.

01/* File: server.js */

02

03// Import, then initiate Magic instance for server-side methods

04const { Magic } = require('@magic-sdk/admin');

05const magic = new Magic(process.env.MAGIC_SECRET_KEY);

06

07// Route to validate the user's DID token

08app.post('/login', async (req, res) => {

09  try {

10    const didToken = req.headers.authorization.substr(7);

11    await magic.token.validate(didToken);

12    res.status(200).json({ authenticated: true });

13  } catch (error) {

14    res.status(500).json({ error: error.message });

15  }

16});

#Create a Stripe Payment Intent and Stripe Customer

Once a user decides to buy a lifetime access pass to our Premium Content, we consider them a customer. In order to keep track of the customer's payment cycle, we'll need to add a new server endpoint called /create-payment-intent in server.js that:

1. Creates a customer with their email address.
2. And then creates a PaymentIntent that is linked to this customer.

The PaymentIntent will keep track of any failed payment attempts and ensures that the customer is only charged once.

01/* File: server.js */

02

03// Import & initiate Stripe instance

04const stripe = require('stripe')(process.env.STRIPE_SECRET_KEY);

05

06// Add the user to your list of customers

07// Then create a PaymentIntent to track the customer's payment cycle

08app.post('/create-payment-intent', async (req, res) => {

09  const { email } = req.body;

10

11  const paymentIntent = await stripe.customers

12    .create({

13      email,

14    })

15    .then(customer =>

16      stripe.paymentIntents

17        .create({

18          amount: 50000, // Replace this constant with the price of your service

19          currency: 'usd',

20          customer: customer.id,

21        })

22        .catch(error => console.log('error: ', error)),

23    );

24

25  res.send({

26    clientSecret: paymentIntent.client_secret,

27    customer: paymentIntent.customer,

28  });

29});

As you can see, we'll be charging our customers $500 for a lifetime access pass to our awesome Premium Content. 😎

#Update the Stripe Customer's Info

As soon as the payment goes through, the Client side will send a request to /update-customer to update the Stripe Customer's information with a metadata of { lifetimeAccess: true }. Since we have a special use case; charging customers a one time fee, setting this metadata will help us validate whether or not the customer has paid.

01/* File: server.js */

02

03// Update the customer's info to reflect that they've

04// paid for lifetime access to your Premium Content

05app.post('/update-customer', async (req, res) => {

06  const { customerID } = req.body;

07

08  const customer = await stripe.customers.update(customerID, {

09    metadata: { lifetimeAccess: true },

10  });

11

12  res.send({

13    customer,

14  });

15});

#Validate a Paid Customer

Now that the user has successfully paid, they should be able to access the Premium Content page. To check whether or not the user is authorized, we'll be using the /validate-customer endpoint. It expects the user's email address, and returns a list of customers who has that email.

Ideally, your customer should know to only buy their lifetime access once. This way, the list that stripe.customers.list() returns will always have the single customer who paid.

However, accidents do happen. 🤷🏻‍♀️

To prevent users from purchasing a lifetime access twice, I suggest adding some logic to your SignUp component that checks whether or not the user who's trying to sign up is already a Stripe Customer with lifetime access. If they are, send them to the Premium Content page. Otherwise, they can continue to the Payment page.

01/* File: server.js */

02

03// Collect the customer's information to help validate

04// that they've paid for lifetime access

05app.post('/validate-customer', async (req, res) => {

06  const { email } = req.body;

07

08  const customer = await stripe.customers.list({

09    limit: 1,

10    email,

11  });

12

13  res.send({

14    customer: customer.data,

15  });

16});

#Test the integration

Alright, now that we know how the paid membership app works on both the Client and Server side, let's give it a test run! Here are a few UX flows I suggest testing out:

1. Head to the Premium Content page to sign up and pay for lifetime access.
2. Log in as a paid Customer and try to access the Premium Content page.
3. Using a different email, log in as an unpaid Customer and try to access the Premium Content page.

Btw, you can make your payments with this test card number: 4242 4242 4242 4242

#Deploying to Heroku

#Create a Project

🚀 Want to deploy your app on Heroku? First, install the Heroku CLI. Then run heroku create to generate a new Heroku project. It will return your Heroku app URL, similar to what is shown below.

01$ heroku create

02

03Creating app... done, ⬢ cryptic-waters-25194

04https://cryptic-waters-25194.herokuapp.com/ | https://git.heroku.com/cryptic-waters-25194.git

#Set Config Vars (.env)

Now let's set the production .env variables for our app. Locate your new project on Heroku and go to Settings. In Heroku, we set up .env variables under Config Vars. Click Reveal Config Vars and enter both of your client and server side environment variables.

#Update Server.js

Add the following into your server.js file so that Heroku knows how to build your app.

01⁠/* File: server.js */

02

03// For heroku deployment

04if (process.env.NODE_ENV === 'production') {

05  app.use(express.static('client/build'));

06  app.get('*', (req, res) => {

07    res.sendFile(path.resolve(__dirname, 'client', 'build', 'index.html'));

08  });

09}

#Update Package.json

In package.json, add this to the scripts object:

01⁠

02/* File: The server's package.json */

03

04"heroku-postbuild": "NPM_CONFIG_PRODUCTION=false npm install --prefix client && npm run build --prefix client"

Now you can run the following commands to deploy your application:

01⁠

02$ git add .

03$ git commit -m 'your message'

04$ git push heroku master

Heroku should have given you a link to your live app. Congrats! 🎉

#Outro

That's it for today! If you'd like more tutorials on Stripe x Magic, (e.g. how to create a subscription membership website) please let us know in the Discussion box below. Until next time 🙋🏻‍♀️ ♡.