Passing a variable to a backend page

I have hacked together a solution to provide a unique serial key and password to a user who purchases a product. I have some backend code that I am using to complete a transaction, and it is getting the name and price of the product from a wixData.query (below is the code from the pay.js backend page)

Here is part of the front end code to pass the variable & complete the transaction:

import { createMyPayment } from 'backend/pay';

$w.onReady(function () {

    $w("#button2").onClick( (event) => {

 let nameOfCollection = $w("#text4").text;
    createMyPayment(nameOfCollection)
    
    })

Here is the backend code (pay.jsw)

export async function createMyPayment(productId, nameOfCollection) {
 return wixData.query(nameOfCollection)
        .find()
        .then((product) => {
 let paymentInfo = ({
                items: [{
                    name: 'The Cool Product:<br>  Serial Key:<br> ' + product.items[0].serialKey + '<br>Password:<br>' + product.items[0].password,
                    price: product.items[0].price
                }],
                amount: price: product.items[0].price
            });
 return wixPay.createPayment(paymentInfo);
        });

}

I’m getting an error because nameOfCollection remains undefined in the backend file … :frowning:

Anyone able to help?

Your Backend function waits 2 parameters
createMyPayment ( productId, nameOfCollection )

The frontend calls passing only one createMyPayment ( nameOfCollection )

I don’t believe that is the problem … when I was fleshing this s all out, initially the front end code worked fine and read simply:

createMyPayment()

I needed to add the variable nameOfCollection in order to get the script to work in the particular site I was using it for though

I left out a bunch of the code for brevity, my code is based off the code in this tutorial: Velo Tutorial: Processing Payments | Help Center | Wix.com

… anyway …

I tried to edit the code

createMyPayment(productId, nameOFColection)

but that generates an error because productiD is undefined in the front end code …

HOWEVER … if I put this in the front end code: let productId … then it APPEARS to work … !!!

So it WAS the solution (or so it seems) … thanks @mvveiga !

@burkedunnweb
https://community.wix.com/partners/forum/technical-talk/passing-a-variable-to-a-backend-page

@russian-dima @MMVeiga … thank you both for your help on this (you both ultimately gave me the same solution)!

Now that the script is working, I have one other concern, and it’s not a minor one … whether I’ve created a security vulnerability …

Here’s my completed pay.jsw

import wixPay from 'wix-pay-backend';
import wixData from 'wix-data';

export async function createMyPayment(productId, nameOfCollection) {
 return wixData.query(nameOfCollection)
        .find()
        .then((product) => {
 let paymentInfo = ({
                items: [{
                    name: product.items[0].title + '<br>  Serial Key:<br> ' + product.items[0].serialKey + '<br>Password:<br>' + product.items[0].password,
                    price: product.items[0].price
                }],
                amount: product.items[0].price
            });
 return wixPay.createPayment(paymentInfo);
        });

}

As you can see, the serial key and password for the product (a piece of proprietary software) are sent to the user through the confirmation email, nothing is encrypted. It is my understanding that since this is taking place in a backend file it is secure; am I correct in that assumption?

My front end code looks like this (and this is what has me more worried)

import wixData from 'wix-data';
import wixPay from 'wix-pay';
import { createMyPayment } from 'backend/pay';

$w.onReady(function () {
let queryValue = wixLocation.query;
$w('#dataset2').setFilter(wixData.filter().contains('title', queryValue.product));
let queryValue2 = wixLocation.query;
$w('#dataset2').setFilter(wixData.filter().contains('title', queryValue2.product));

$w('#text17').hide();

$w("#button1").onClick( (event) => {
 let productId;
 let $item = $w.at(event.context);
 let nameOfCollection = $item("#text17").text;
    createMyPayment(productId, nameOfCollection)
        .then((payment) => {
            wixPay.startPayment(payment.id, {
 "showThankYouPage": false,
                    })
                        .then((result) => {
 if (result.status === "Successful") {
                                wixData.query(nameOfCollection)
                                .find()
                                .then((product) => {
                                wixData.remove(nameOfCollection, product.items[0]._id)
                                .then((removeItem) => {
 let item = removeItem;
                                    })
                                    .catch((err) => {
 let errorMsg = err;
                                    });
                            });
                        console.log('successful payment')
 //wixWindow.openLightbox("#lightbox1");
                    } else if (result.status === "Pending") {
                        console.log('payment failure')
 //wixWindow.openLightbox("Pending Box");
                    }
                });
        });

 
});
});

As you can see, after a successful transaction, I delete the item in the collection that contains the serial key and password that was sent to the purchaser. I am worried that this is creating a vulnerability since it is happening on a front end page …

Is this creating a vulnerability? Should I move this process to the pay.jsw page?

Can I use the info on the other backend page (event.js) to sent the email instead?(though I truthfully kind of like sending it as part of the the receipt, it’s “tidy”)


export function wixPay_onPaymentUpdate(event) {
 let paymentId = event.payment.id;
 let newTransactionStatus = event.status;
 let userInfo = event.userInfo;
}