How to Build a Paid Membership Site with Stripe and Magic
npx make-magic --template magic-stripe
#Resources
π° Test the live demo here!
- Test card number:
4242 4242 4242 4242! - Choose a valid and random MM/YY (e.g. 09/23), as well as a random CVC (e.g. 123).
π§ The full code base can be found here.
#A Paid Membership Site
If youβre looking for a way to finally charge people for your hard-earned digital work, look no further! In this tutorial, youβll learn how to create a paid membership app where users can pay for a lifetime access pass to your Premium Content πΈ.
We'll be using Stripe as our payment processor, Magic as our auth solution, React as our front end framework, Express as our server framework for Node.js, and Heroku to deploy our app!
#Prerequisites
- If youβre unfamiliar with building a membership app with React, Express, and Magic, take a look at Build Magic auth into your React + Express app. We'll be reusing a lot of the code from this guide π.
- Also, feel free to check out Stripeβs guide on the Custom payment flow. We followed the steps listed in this guide to help implement our Stripe payment page π.
#File Structure
The root directory will contain the server-side files. The client folder will have all of the frontend files.
01βββ README.md
02βββ client
03β βββ .env
04β βββ package.json
05β βββ public
06β β βββ (static files, such as images)
07β βββ src
08β β βββ App.js
09β β βββ components
10β β β βββ header.js
11β β β βββ home.js
12β β β βββ layout.js
13β β β βββ loading.js
14β β β βββ login-form.js
15β β β βββ login.js
16β β β βββ payment-form.js
17β β β βββ payment.js
18β β β βββ premium-content.js
19β β β βββ profile.js
20β β β βββ signup-form.js
21β β β βββ signup.js
22β β βββ index.js
23β β βββ lib
24β β β βββ LifetimeAccessRequestStatusContext.js
25β β β βββ LifetimeContext.js
26β β β βββ UserContext.js
27β β β βββ magic.js
28β βββ yarn.lock
29βββ .env
30βββ package.json
31βββ server.js
32βββ yarn.lock
#Quick Start Instructions
#Magic Setup
Create a Magic account and then grab your REACT_APP_MAGIC_PUBLISHABLE_KEY and MAGIC_SECRET_KEY from your Magic Dashboard.
#Stripe Setup
Create a Stripe account and then grab your REACT_APP_STRIPE_PK_KEY and STRIPE_SECRET_KEY from your Stripe Dashboard.
#Start your Express Server
git clone https://github.com/magiclabs/magic-stripe.gitcd magic-stripemv .env.example .env- Replace
MAGIC_SECRET_KEYandSTRIPE_SECRET_KEYwith the appropriate values you just copied. Your.envfile should look something like this: βBash01MAGIC_SECRET_KEY=sk_live_XXX
02CLIENT_URL=http://localhost:3000
03STRIPE_SECRET_KEY=sk_live_XXX
yarnnode server.jsβ
Note: RunningΒ yarn helped us pull the dependencies we need for our server, including the Stripe Node library.
#Start your React Client
(in a new terminal session)
cd clientmv .env.example .env- Replace
REACT_APP_MAGIC_PUBLISHABLE_KEYandREACT_APP_STRIPE_PK_KEYwith the appropriate values you just copied. Your.envfile should look something like this: βBash01REACT_APP_MAGIC_PUBLISHABLE_KEY=pk_live_XXX
02REACT_APP_SERVER_URL=http://localhost:8080
03REACT_APP_STRIPE_PK_KEY=pk_live_XXX
yarnyarn start
Note: RunningΒ yarn helped us pull the dependencies we need for our client, including Stripe.js and the Stripe Elements UI library (both needed to stay PCI compliant; they ensure that card details go directly to Stripe and never reach your server.)
#Magic React Storybook
This tutorial was built using Magic React Storybook π€©. If you wish to swap the Magic UI components out for your own custom CSS, delete @magiclabs/ui and framer-motionfrom your client/package.json dependencies.
#Client
Let's dive right in by going over the major steps we need to follow to build the app's Client side:
- Set up the user sign up, payment, login, and logout flows.
- Build the payment form as well as the Payment page that will house the form.
- Make this Payment page accessible to the user by creating a Payment Route.
#Standard Auth Setup
#Keep Track of the Logged In User
We'll be keeping track of the logged in user's state with React's useContext hook. Inside App.js, wrap the entire app in <UserContext.Provider>. This way, all of the child components will have access to the hook we created (namely, const [user, setUser] = useState();) to help us determine whether or not the user is logged in.
01/* File: client/src/App.js */
02
03import React, { useState, useEffect } from 'react';
04import { Switch, Route, BrowserRouter as Router } from 'react-router-dom';
05import { UserContext } from './lib/UserContext';
06
07// Import UI components
08import Home from './components/home';
09import PremiumContent from './components/premium-content';
10import Login from './components/login';
11import SignUp from './components/signup';
12import Profile from './components/profile';
13import Layout from './components/layout';
14
15// Import Magic-related things
16import { magic } from './lib/magic';
17
18function App() {
19 // Create a hook to help us determine whether or not the user is logged in
20 const [user, setUser] = useState();
21
22 // If isLoggedIn is true, set the UserContext with user data
23 // Otherwise, set it to {user: null}
24 useEffect(() => {
25 setUser({ loading: true });
26 magic.user.isLoggedIn().then(isLoggedIn => {
27 return isLoggedIn ? magic.user.getMetadata().then(userData => setUser(userData)) : setUser({ user: null });
28 });
29 }, []);
30
31 return (
32 <Router>
33 <Switch>
34 <UserContext.Provider value={[user, setUser]}>
35 <Layout>
36 <Route path="/" exact component={Home} />
37 <Route path="/premium-content" component={PremiumContent} />
38 <Route path="/signup" component={SignUp} />
39 <Route path="/login" component={Login} />
40 <Route path="/profile" component={Profile} />
41 </Layout>
42 </UserContext.Provider>
43 </Switch>
44 </Router>
45 );
46}
47
48export default App;
Note: Once a user logs in with Magic, unless they log out, they'll remain authenticated for 7 days by default (the session length is customizable by the developer through the Magic dashboard).
#Keep Track of the Paid User
We'll also be keeping track of whether or not the user has paid for lifetime access with the useContext hook. Again, inside of App.js, we wrap the entire app with two new contexts: <LifetimeContext>, then <LifetimeAccessRequestStatusContext>.
01/* File: client/src/App.js */
02import React, { useState, useEffect } from 'react';
03import { Switch, Route, BrowserRouter as Router } from 'react-router-dom';
04import { UserContext } from './lib/UserContext';
05import { LifetimeContext } from './lib/LifetimeContext';
06import { LifetimeAccessRequestStatusContext } from './lib/LifetimeAccessRequestStatusContext';
07
08// Import UI components
09import Home from './components/home';
10import PremiumContent from './components/premium-content';
11import Login from './components/login';
12import SignUp from './components/signup';
13import Profile from './components/profile';
14import Layout from './components/layout';
15
16// Import Magic-related things
17import { magic } from './lib/magic';
18
19function App() {
20 // Create a hook to check whether or not user has lifetime access
21 const [lifetimeAccess, setLifetimeAccess] = useState(false);
22 // Create a hook to prevent infinite loop in useEffect inside of /components/premium-content
23 const [lifetimeAccessRequestStatus, setLifetimeAccessRequestStatus] = useState('');
24 // Create a hook to help us determine whether or not the user is logged in
25 const [user, setUser] = useState();
26
27 // If isLoggedIn is true, set the UserContext with user data
28 // Otherwise, set it to {user: null}
29 useEffect(() => {
30 setUser({ loading: true });
31 magic.user.isLoggedIn().then(isLoggedIn => {
32 return isLoggedIn ? magic.user.getMetadata().then(userData => setUser(userData)) : setUser({ user: null });
33 });
34 }, []);
35
36 return (
37 <Router>
38 <Switch>
39 <UserContext.Provider value={[user, setUser]}>
40 <LifetimeContext.Provider value={[lifetimeAccess, setLifetimeAccess]}>
41 <LifetimeAccessRequestStatusContext.Provider
42 value={[lifetimeAccessRequestStatus, setLifetimeAccessRequestStatus]}
43 >
44 <Layout>
45 <Route path="/" exact component={Home} />
46 <Route path="/premium-content" component={PremiumContent} />
47 <Route path="/signup" component={SignUp} />
48 <Route path="/login" component={Login} />
49 <Route path="/profile" component={Profile} />
50 </Layout>
51 </LifetimeAccessRequestStatusContext.Provider>
52 </LifetimeContext.Provider>
53 </UserContext.Provider>
54 </Switch>
55 </Router>
56 );
57}
58
59export default App;
As you can see, we've added two new hooks. The first hook will help us determine whether or not user has lifetime access:
01const [lifetimeAccess, setLifetimeAccess] = useState(false);
While the second hook will help us preventΒ an infinite loop of component re-renderings caused by theΒ useEffect inside ofΒ /components/premium-content.
01const [lifetimeAccessRequestStatus, setLifetimeAccessRequestStatus] = useState('');
#Log in with Magic Link Auth
In client/src/components/login.js, magic.auth.loginWithMagicLink() is what triggers the magic link to be emailed to the user. It takes an object with two parameters, email and an optional redirectURI.
Magic allows you to configure the email link to open up a new tab, bringing the user back to your application. Since we won't be using redirect, the user will only get logged in on the original tab.
Once the user clicks the email link, we send the didToken to a server endpoint at /login to validate it. If the token is valid, we update the user's state by setting the UserContext and then redirect them to the profile page.
01/* File: client/src/components/login.js */
02
03async function handleLoginWithEmail(email) {
04 try {
05 setDisabled(true); // Disable login button to prevent multiple emails from being triggered
06
07 // Trigger Magic link to be sent to user
08 let didToken = await magic.auth.loginWithMagicLink({
09 email,
10 });
11
12 // Validate didToken with server
13 const res = await fetch(`${process.env.REACT_APP_SERVER_URL}/login`, {
14 method: 'POST',
15 headers: {
16 'Content-Type': 'application/json',
17 Authorization: 'Bearer ' + didToken,
18 },
19 });
20
21 if (res.status === 200) {
22 // Get info for the logged in user
23 let userMetadata = await magic.user.getMetadata();
24 // Set the UserContext to the now logged in user
25 await setUser(userMetadata);
26 history.push('/profile');
27 }
28 } catch (error) {
29 setDisabled(false); // Re-enable login button - user may have requested to edit their email
30 console.log(error);
31 }
32}
#Sign up with Magic Link Auth
We'll be applying practically the same code as in the Login component to our SignUp component (located in client/src/components/signup.js). The only difference is the user experience.
When a user first lands on our page, they'll have access to our Free Content.
We can also show them a sneak peek of our awesomeness in the Premium Content page.
Once they realize how awesome we are, and have decided to pay $500 for a lifetime access pass, they can clickΒ Count Me In.
Since the user is not logged in, our app will ask them to first sign up for a new account. Once they've been authenticated by Magic, they'll be redirected to the Payment page where they can seal the deal to a lifetime access of awesomeness!
#Log out with Magic
To allow users to log out, we'll add a logout function in our Header component. logout() ends the user's session with Magic, clears the user's information from the UserContext, resets both the user's lifetime access as well as the lifetime access request status, and redirects the user back to the login page.
01β /* File: client/src/components/header.js */
02
03const logout = () => {
04 magic.user.logout().then(() => {
05 setUser({ user: null }); // Clear user's info
06 setLifetimeAccess(false); // Reset user's lifetime access state
07 setLifetimeAccessRequestStatus(''); // Reset status of lifetime access request
08 history.push('/login');
09 });
10};
#Build the Payment Form
This is where we'll build out the PaymentForm component that's located in client/src/components/payment-form.js.
#Set up the State
To create the PaymentForm component, we'll first need to initialize some state to keep track of the payment, show errors, and manage the user interface.
01/* File: client/src/components/payment-form.js */
02
03const [succeeded, setSucceeded] = useState(false);
04const [error, setError] = useState(null);
05const [processing, setProcessing] = useState('');
06const [disabled, setDisabled] = useState(true);
07const [clientSecret, setClientSecret] = useState('');
There are two more states we need. One to keep track of the customer we create:
01/* File: client/src/components/payment-form.js */
02
03const [customerID, setCustomerID] = useState('');
And the other to set the lifetime access state to true if the user's payment was successful:
01/* File: client/src/components/payment-form.js */
02
03const [, setLifetimeAccess] = useContext(LifetimeContext);
#Store a Reference to Stripe
Since we're using Stripe to process the Customer's payment, we'll need to access the Stripe library. We do this by calling Stripe's useStripe() and useElements() hooks.
01/* File: client/src/components/payment-form.js */
02
03const stripe = useStripe();
04const elements = useElements();
#Fetch a PaymentIntent
As soon as the PaymentForm loads, we'll be making a request to the /create-payment-intent endpoint in our server.js file. Calling this route will create a Stripe Customer as well as a Stripe PaymentIntent. PaymentIntent will help us keep track of the Customer's payment cycle.
The data that the Client gets back includes the clientSecret returned by PaymentIntent. We'll be using this to complete the payment, so we've saved it using setClientSecret(). The data also includes the ID of the Customer that the PaymentIntent belongs to. We'll need this ID when we update the Customer's information, so weβll also be saving it with setCustomerID().
01/* File: client/src/components/payment-form.js */
02
03useEffect(() => {
04 // Create PaymentIntent as soon as the page loads
05 fetch(`${process.env.REACT_APP_SERVER_URL}/create-payment-intent`, {
06 method: 'POST',
07 headers: {
08 'Content-Type': 'application/json',
09 },
10 body: JSON.stringify({ email }),
11 })
12 .then(res => {
13 return res.json();
14 })
15 .then(data => {
16 setClientSecret(data.clientSecret);
17 setCustomerID(data.customer);
18 });
19}, [email]);
#Update the Stripe Customer
If the Stripe payment transaction was successful, we'll send the Customer's ID to our server's /update-customer endpoint to update the Stripe Customer's information so that it includes a metadata which will help us determine whether or not the user has lifetime access.
Once this request has completed, we can finally redirect the Customer to the Premium Content page and let them bask in the awesomeness of our content.
01/* File: client/src/components/payment-form.js */
02
03const handleSubmit = async ev => {
04 ev.preventDefault();
05 setProcessing(true);
06 const payload = await stripe.confirmCardPayment(clientSecret, {
07 payment_method: {
08 card: elements.getElement(CardElement),
09 },
10 });
11
12 if (payload.error) {
13 setError(`Payment failed ${payload.error.message}`);
14 setProcessing(false);
15 } else {
16 setError(null);
17 setProcessing(false);
18 setSucceeded(true);
19 setLifetimeAccess(true);
20 // Update Stripe customer info to include metadata
21 // which will help us determine whether or not they
22 // are a Lifetime Access member.
23 fetch(`${process.env.REACT_APP_SERVER_URL}/update-customer`, {
24 method: 'POST',
25 headers: {
26 'Content-Type': 'application/json',
27 },
28 body: JSON.stringify({ customerID }),
29 })
30 .then(res => {
31 return res.json();
32 })
33 .then(data => {
34 console.log('Updated Stripe customer object: ', data);
35 history.push('/premium-content');
36 });
37 }
38};
#Add a CardElement
One last task to complete the PaymentForm component is to add the CardElement component provided by Stripe. The CardElement embeds an iframe with the necessary input fields to collect the card data. This creates a single input that collects the card number, expiry date, CVC, and postal code.
01β
02/* File: client/src/components/payment-form.js */
03
04<CardElement id="card-element" options={cardStyle} onChange={handleChange} />
#Build the Payment Page
Now that our PaymentForm component is ready, it's time to build the Payment component which will house it! This component is located in client/src/components/payment.js.
The two most important points to note about the Payment component are:
- We'll be using the
userstate that we set inUserContextto check whether or not the user is logged in. - The component will take in
Elements,PaymentForm, andpromiseas props to help us properly render the Stripe payment form.
01β
02/* File: client/src/components/payment.js */
03
04import { useContext, useEffect } from 'react';
05import { useHistory } from 'react-router';
06import { UserContext } from '../lib/UserContext';
07import Loading from './loading';
08
09export default function Payment({ Elements, PaymentForm, promise }) {
10 const [user] = useContext(UserContext);
11 const history = useHistory();
12
13 // If not loading and no user found, redirect to /login
14 useEffect(() => {
15 user && !user.loading && !user.issuer && history.push('/login');
16 }, [user, history]);
17
18 return (
19 <>
20 <h3 className="h3-header">Purchase Lifetime Access Pass to Awesomeness π€©</h3>
21 <p>
22 Hi again {user?.loading ? <Loading /> : user?.email}! You successfully signed up with your email. Please enter
23 your card information below to purchase your Lifetime Access Pass securely via Stripe:
24 </p>
25 {user?.loading ? (
26 <Loading />
27 ) : (
28 <Elements stripe={promise}>
29 <PaymentForm email={user.email} />
30 </Elements>
31 )}
32 <style>{`
33 p {
34 margin-bottom: 15px;
35 }
36 .h3-header {
37 font-size: 22px;
38 margin: 25px 0;
39 }
40 `}</style>
41 </>
42 );
43}
#Add the Payment Route to App.js
Alright, with the PaymentForm and Payment components complete, we can finally route the user to the /payment page by updating client/src/App.js!
First, we import Stripe.js and the Stripe Elements UI library into our App.js file:
01β /* File: client/src/App.js */
02
03import { loadStripe } from '@stripe/stripe-js';
04import { Elements } from '@stripe/react-stripe-js';
Then we'll loadΒ Stripe.js outside of theΒ App.js's render to avoid recreating the Stripe object on every render:
01/* File: client/src/App.js */
02
03const promise = loadStripe(process.env.REACT_APP_STRIPE_PK_KEY);
Note: As we saw in Build the Payment Page, promise is a prop that is passed into the Payment component and is used by the Elements provider to give it's child element, PaymentForm, access to the Stripe service.
Next, let's add a new route called /payment which returns the Payment component we created earlier with the props required to properly render the Stripe payment form.
01/* File: client/src/App.js */
02
03function App() {
04
05...
06 <Route
07 path="/payment"
08 render={(props) => {
09 return (
10 <Payment
11 Elements={Elements}
12 PaymentForm={PaymentForm}
13 promise={promise}
14 />
15 );
16 }}
17 />
18 ...
19}
20export default App;
#Server
Now that we understand how the Client side is built and how it works, let's learn about our Server side code (located in server.js).
Here are the major functions our server needs to work seamlessly with the Client:
- Validate the Auth Token (
didToken) returned by Magic'sloginWithMagicLink(). - Create a Stripe
PaymentIntentto keep track of the Customer's payment lifecycle. - Create a Stripe Customer so that we can tie the Customer to a matching
PaymentIntentand keep track of whether or not the Customer has successfully paid. - Validate that the user is indeed a Customer who has lifetime access to your Premium Content.
#Validate the Auth Token (didToken)
As mentioned, when the user clicks the email link to log in, we send the didToken to a server endpoint called /login in order to validate it. It's best practice to validate the DID Token before continuing to avoid invalid or malformed tokens.
We verify the didToken with Magic's validate method. If the didToken is indeed valid, we then send a 200 status code back to the client.
01/* File: server.js */
02
03// Import, then initiate Magic instance for server-side methods
04const { Magic } = require('@magic-sdk/admin');
05const magic = new Magic(process.env.MAGIC_SECRET_KEY);
06
07// Route to validate the user's DID token
08app.post('/login', async (req, res) => {
09 try {
10 const didToken = req.headers.authorization.substr(7);
11 await magic.token.validate(didToken);
12 res.status(200).json({ authenticated: true });
13 } catch (error) {
14 res.status(500).json({ error: error.message });
15 }
16});
#Create a Stripe Payment Intent and Stripe Customer
Once a user decides to buy a lifetime access pass to our Premium Content, we consider them a customer. In order to keep track of the customer's payment cycle, we'll need to add a new server endpoint called /create-payment-intent in server.js that:
- Creates a customer with their email address.
- And then creates a
PaymentIntentthat is linked to this customer.
The PaymentIntent will keep track of any failed payment attempts and ensures that the customer is only charged once.
01/* File: server.js */
02
03// Import & initiate Stripe instance
04const stripe = require('stripe')(process.env.STRIPE_SECRET_KEY);
05
06// Add the user to your list of customers
07// Then create a PaymentIntent to track the customer's payment cycle
08app.post('/create-payment-intent', async (req, res) => {
09 const { email } = req.body;
10
11 const paymentIntent = await stripe.customers
12 .create({
13 email,
14 })
15 .then(customer =>
16 stripe.paymentIntents
17 .create({
18 amount: 50000, // Replace this constant with the price of your service
19 currency: 'usd',
20 customer: customer.id,
21 })
22 .catch(error => console.log('error: ', error)),
23 );
24
25 res.send({
26 clientSecret: paymentIntent.client_secret,
27 customer: paymentIntent.customer,
28 });
29});
As you can see, we'll be charging our customers $500 for a lifetime access pass to our awesome Premium Content. π
#Update the Stripe Customer's Info
As soon as the payment goes through, the Client side will send a request to /update-customer to update the Stripe Customer's information with a metadata of { lifetimeAccess: true }. Since we have a special use case; charging customers a one time fee, setting this metadata will help us validate whether or not the customer has paid.
01/* File: server.js */
02
03// Update the customer's info to reflect that they've
04// paid for lifetime access to your Premium Content
05app.post('/update-customer', async (req, res) => {
06 const { customerID } = req.body;
07
08 const customer = await stripe.customers.update(customerID, {
09 metadata: { lifetimeAccess: true },
10 });
11
12 res.send({
13 customer,
14 });
15});
#Validate a Paid Customer
Now that the user has successfully paid, they should be able to access the Premium Content page. To check whether or not the user is authorized, we'll be using the /validate-customer endpoint. It expects the user's email address, and returns a list of customers who has that email.
Ideally, your customer should know to only buy their lifetime access once. This way, the list that stripe.customers.list() returns will always have the single customer who paid.
However, accidents do happen. π€·π»ββοΈ
To prevent users from purchasing a lifetime access twice, I suggest adding some logic to your SignUp component that checks whether or not the user who's trying to sign up is already a Stripe Customer with lifetime access. If they are, send them to the Premium Content page. Otherwise, they can continue to the Payment page.
01/* File: server.js */
02
03// Collect the customer's information to help validate
04// that they've paid for lifetime access
05app.post('/validate-customer', async (req, res) => {
06 const { email } = req.body;
07
08 const customer = await stripe.customers.list({
09 limit: 1,
10 email,
11 });
12
13 res.send({
14 customer: customer.data,
15 });
16});
#Test the integration
Alright, now that we know how the paid membership app works on both the Client and Server side, let's give it a test run! Here are a few UX flows I suggest testing out:
- Head to the Premium Content page to sign up and pay for lifetime access.
- Log in as a paid Customer and try to access the Premium Content page.
- Using a different email, log in as an unpaid Customer and try to access the Premium Content page.
Btw, you can make your payments with this test card number: 4242 4242 4242 4242
#Deploying to Heroku
#Create a Project
π Want to deploy your app on Heroku? First, install the Heroku CLI. Then run heroku create to generate a new Heroku project. It will return your Heroku app URL, similar to what is shown below.
01$ heroku create
02
03Creating app... done, β¬’ cryptic-waters-25194
04https://cryptic-waters-25194.herokuapp.com/ | https://git.heroku.com/cryptic-waters-25194.git
#Set Config Vars (.env)
Now let's set the production .env variables for our app. Locate your new project on Heroku and go to Settings. In Heroku, we set up .env variables under Config Vars. Click Reveal Config Vars and enter both of your client and server side environment variables.
#Update Server.js
Add the following into your server.js file so that Heroku knows how to build your app.
01β /* File: server.js */
02
03// For heroku deployment
04if (process.env.NODE_ENV === 'production') {
05 app.use(express.static('client/build'));
06 app.get('*', (req, res) => {
07 res.sendFile(path.resolve(__dirname, 'client', 'build', 'index.html'));
08 });
09}
#Update Package.json
In package.json, add this to the scripts object:
01β
02/* File: The server's package.json */
03
04"heroku-postbuild": "NPM_CONFIG_PRODUCTION=false npm install --prefix client && npm run build --prefix client"
Now you can run the following commands to deploy your application:
01β
02$ git add .
03$ git commit -m 'your message'
04$ git push heroku master
Heroku should have given you a link to your live app. Congrats! π
#Outro
That's it for today! If you'd like more tutorials on Stripe x Magic, (e.g. how to create a subscription membership website) please let us know in the Discussion box below. Until next time ππ»ββοΈ β‘.
