vgs-nodejs-sample
vgs-nodejs-sample copied to clipboard
vgs-samples
Simple integration of node.js app with VGS
vgs-nodejs-sample
Integration of node.js app with VGS
Instructions for using this App
This demo app demonstrates the typical scenario for secure/revealing traffic from customer application to payments operator.
Requirements
Third-party services
- Create account on Stripe
- Generate Stripe sandbox API key (https://dashboard.stripe.com/account/apikeys)
- Create account on HomeAway
- Get your HomeAway client_id and secret (https://www.homeaway.com/platform/myClients)
VGS base setup
- Go to VGS-Dashboard, create a new organization, create a new vault.
- Select your vault, go to
Integrationpage - Copy your proxy URL, it should be in format:
http://<user>:<password>@<tenant>.SANDBOX.verygoodproxy.com:8080
- Proxy URL should start with
http://, otherwisehttps-proxy-agentlib won't work - This application contains SSL certificate
cert.pemfor VGS Sandbox environment only
Run application
- Clone repository and go to
appfolder - Install all dependencies
npm install - Run the app
HA_CLIENT='<client_id>' HA_SECRET='<secret_key>' STRIPE_TOKEN='<token>' HTTP_PROXY='<proxy_url>' npm start
- Run ngrok
ngrok http 3000 - Copy provided address
https://<some_id>.ngrok.io
Application structure
-
/- search form, after selecting some hotel will redirect to the payment page -
/list- list of payments for booked hotels -
/list/:id- revealed payment data page
Secure inbound traffic with VGS
-
Go to VGS dashboard
-
Go to
Secure traffic->Inbound -
Put ngrok url to upstream
-
Application should be available by
https://<tenant>.sandbox.verygoodproxy.com/ -
Fill forms in app, submit payment data
-
Take a look at list of payments
https://<tenant>.sandbox.verygoodproxy.com/list. The data was saved as is.
-
Next we are going to save and use tokens instead of the sensitive data. Open VGS dashboard, go to
Logs -
Ensure that logger is recording payloads
-
Find the request with payment data, click on it
-
Click on
Secure this payload -
Select fields, click
Secure -
Done, you inbound secure route has been created and should look like this:
-
Take a look at list of payments again
https://<tenant>.sandbox.verygoodproxy.com/listto ensure using tokens instead of sensitive data.
Setup self-revealing
- Open payments list page at
https://<tenant>.sandbox.verygoodproxy.com/list - All fields should be replaced with tokens
- Click on
Reveal, nothing should change because revealing rule isn't setup yet - Open VGS dashboard, go to
Routes - Click
New Route->New inbound route - Put ngrok url to upstream
- Set one filter condition:
Pathinfo matches /list/\\d+ - Phase:
On response - Basic type:
REVEAL - Operation:
RegExp - Fields in Regexp:
tok_[a-z]*_[0-9a-zA-Z]{20,22} - Click Save
- Go back to the payments page at
https://<tenant>.sandbox.verygoodproxy.com/list - Click on
Reveal, now instead of tokens you should see real data there - Done, you inbound self-revealing route has been created correctly and should look like this:
Secure outbound traffic to Stripe
- Go to VGS dashboard
- Go to
Secure traffic->Outbound - Switch to the application, submit payment data again
- Go back to VGS dashboard, it should detect the outbound connection, click on
Secure data - Find the request to Stripe API
https://api.stripe.com/v1/tokens, click on it - Click on
Secure this payload - Select fields, click
Secure, now Stripe will be receiving revealed data - Done, you outbound secure route has been created and should look like this:
What is VGS?
Want to just jump right in? Check out our getting started guide.
Very Good Security (VGS) allows you to enhance your security standing while maintaining the utility of your data internally and with third-parties. As an added benefit, we accelerate your compliance certification process and help you quickly obtain security-related compliances that stand between you and your market opportunities.
To learn more, visit us at https://www.verygoodsecurity.com/
License
This project is licensed under the MIT license. See the LICENSE file for details.
vgs-samples