{"id":24118370,"url":"https://github.com/fantasyui-com/online-marketplace","last_synced_at":"2025-09-18T07:30:57.997Z","repository":{"id":19356733,"uuid":"86866346","full_name":"fantasyui-com/online-marketplace","owner":"fantasyui-com","description":"Simple online marketplace for selling files. [Web Application, Business, StackScript]","archived":false,"fork":false,"pushed_at":"2024-12-31T17:16:24.000Z","size":848,"stargazers_count":19,"open_issues_count":1,"forks_count":8,"subscribers_count":4,"default_branch":"master","last_synced_at":"2024-12-31T17:38:11.387Z","etag":null,"topics":["e-commerce"],"latest_commit_sha":null,"homepage":"","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/fantasyui-com.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2017-03-31T22:54:07.000Z","updated_at":"2024-12-31T17:16:27.000Z","dependencies_parsed_at":"2024-10-28T19:36:39.049Z","dependency_job_id":null,"html_url":"https://github.com/fantasyui-com/online-marketplace","commit_stats":{"total_commits":234,"total_committers":3,"mean_commits":78.0,"dds":0.08119658119658124,"last_synced_commit":"638f9994d4e0b01a9b1dd7446e90c10d76f572f5"},"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fantasyui-com%2Fonline-marketplace","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fantasyui-com%2Fonline-marketplace/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fantasyui-com%2Fonline-marketplace/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fantasyui-com%2Fonline-marketplace/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/fantasyui-com","download_url":"https://codeload.github.com/fantasyui-com/online-marketplace/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":233456619,"owners_count":18679048,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["e-commerce"],"created_at":"2025-01-11T08:19:19.458Z","updated_at":"2025-09-18T07:30:52.529Z","avatar_url":"https://github.com/fantasyui-com.png","language":"JavaScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# online-marketplace\nA wise and secure online marketplace for selling files. online-marketplace safely encodes purchase information in urls (AES(bcrypt-hash)) and performs operations via automated, interactive email system.\n\n![Opening Intro](screenshots/a.jpg \"Opening Intro\")\n\n![Product Layout](screenshots/b.jpg \"Product Layout\")\n\n![Product Details](screenshots/c.jpg \"Product\n Details\")\n\n![Licensing](screenshots/d.jpg \"Licensing\")\n\n\n## Theory of operation, what problem does it fix, and do people have them?\n\nIn short we must ask, if it is possible to sell digital goods without forcing the user to create an account. If this is in deed, possible; then as a corollary: Why are we forcing the users to signup if it is not necessary.\n\nThere are no pros that could possibly outweigh the problems associated with a server breach, the legal repercussions that follow, and even the development of the features and flows to capture [PII](https://en.wikipedia.org/wiki/Personally_identifiable_information) in the first place.\n\nIn the age of secure off-site (Stripe) 3rd party payment processors, signups (username/password) are not always necessary to run an online business. Username/Password invariably induces the need for other [PII](https://en.wikipedia.org/wiki/Personally_identifiable_information) such as e-mail address to verify the claimed user identity and later to reset password. This relationship will then call for first and last name and later possibly address/ID where email is insufficient means of verification.\n\nAt this point we must ask, is all of this necessary. Customer information is an enormous liability in several domains. Legal ([PII](https://en.wikipedia.org/wiki/Personally_identifiable_information) privacy laws), Software Vulnerabilities and Network Security. Additionally, we must also consider convenience. Sometimes a customer just wants the product.zip file without creating accounts and going through the extra effort that comes with it. Customers passing a security check on Stripe/PayPal should not sign-up the second time to the website, especially if they don't need to (in the larger sense, when trading money for service).\n\n---\n\n## Security\n\n- Customer Privacy and Server Security first.\n- Minimal attack surface.\n- Server does not store e-mails in readable form (hash values only).\n- Credit card processing via Stripe or similar.\n\n## Structure\n\n- Simple product catalog (package.json format) see [product-catalog](https://github.com/fantasyui-com/product-catalog).\n- Potential for serving static pages (generate from live and serve via static)\n\n## Secrets/Key Disclosure (requires full server breach)\n\n### STRIPE_SECRET_KEY (allows access to parts of Stripe)\n\nStripe secret key, used to execute API commands on Stripe.com.\n\n- If disclosed \"Your secret API key can be used to make any API call; most notably, it can create new charges or refund existing payments. However, it cannot be used to retrieve any extremely sensitive data like your customer’s credit card numbers, which we’ll never reveal in our API.\" see [Stripe Questions](https://support.stripe.com/questions/what-happens-if-my-api-key-is-compromised)\n- Instantly mitigated by rolling new keys.\n\n### DOWNLOAD_SECRET_KEY (prevents magnet link disclosure)\n\nSecret Download Key used to encrypt re-download link.\n\n- If disclosed, it will be possible to decrypt the download link.\n- Instantly mitigated by changing the secret download key.\n\n### DOWNLOAD_SECRET_SALT (prevents magnet link forgery)\n\nSecret salt in decrypted link information.\n\n- If disclosed it is possible to tamper with the download link. It will be possible to forge a link that will allow arbitrary product downloads. Note this requires DOWNLOAD_SECRET_KEY disclosure.\n- Instantly mitigated by changing secret salt.\n\n## Development Status\n\nSee TODO.md\n\n[![NPM](https://nodei.co/npm/online-marketplace.png?downloads=true\u0026downloadRank=true\u0026stars=true)](https://nodei.co/npm/online-marketplace/)\n[![NPM](https://nodei.co/npm-dl/online-marketplace.png?months=1\u0026height=3)](https://nodei.co/npm/online-marketplace/)\n\n## Installation\n\n```sh\n\nmkdir my-online-marketplace\ncd my-online-marketplace/\ngit clone https://github.com/fantasyui-com/online-marketplace.git .\nnpm i\nnpm start\n\n```\n\nat this point you will see [http://0.0.0.0:8080/](http://0.0.0.0:8080/)\nnavigate to the address to view the homepage.\n\n\n## Start Server\n\nUse default npm (uses server.js)\n\n```sh\n\nnpm start;\n\n```\n\n## Periodic Updates\n\nUse default npm command\n\n```sh\n\nnpm update;\n\n```\n\n## Development\n\nClone repository, install supervisor ```npm install -G supervisor``` and then:\n\n```sh\n\nnpm run watch;\n\n```\n\n## Running Tests\n\nTest system uses mocha.\n\n```sh\n\nnpm test;\n\n```\n\n# Production\n\n## Using in Production\n\n### Installing node and pm2 for production\n\n```sh\n\ncurl -o- https://raw.githubusercontent.com/creationix/nvm/v0.33.1/install.sh | bash\nexport NVM_DIR=\"$HOME/.nvm\"; [ -s \"$NVM_DIR/nvm.sh\" ] \u0026\u0026 \\. \"$NVM_DIR/nvm.sh\"  # This loads nvm\nnvm install node # node installed\nnpm i -g pm2 # pm2 installed\n\n```\n\n### Installing marketplace for production\n\n```sh\n\ncd ~\ngit clone https://github.com/fantasyui-com/online-marketplace.git\ncd online-marketplace/\nnpm i;\n\n```\n\n### Using a Process manager (pm2) to manage the server:\n\n```sh\n\ncd ~\npm2 start online-marketplace/server.js\npm2 save\n\n```\n### Environment Variables\n\nYou MUST set three ENV variables ```STRIPE_PUBLISHABLE_KEY```, ```STRIPE_SECRET_KEY```, ```DOWNLOAD_SECRET_KEY```, and ```DOWNLOAD_SECRET_SALT``` example:\n\n```sh\n\nSTRIPE_PUBLISHABLE_KEY=pk_test_6pRNASCoBOKtIshFeQd4XMUh \\\nSTRIPE_SECRET_KEY=sk_test_BQokikJOvBiI2HlWgH4olfQ2 \\\nDOWNLOAD_SECRET_KEY=sk_test_c40aeeb535784f3fa179b107c5ee8e99 \\\nDOWNLOAD_SECRET_SALT=st_test_784f3fa179b3f3f50a7c5faeeb5ee87c \\\nnode server.js\n\n```\n\n### Process JSON\n\nIf you choose to use pm2 you can activate the provided process.json via ```$\u003e start online-marketplace/process.json``` please remember to update and guard the secret keys.\n\n```json\n\n{\n  \"apps\": [\n\n    {\n\n    \"name\": \"online-marketplace\",\n    \"script\":\"server.js\",\n    \"cwd\":\"/home/meow/online-marketplace\",\n\n    \"env\": {\n\n      \"STRIPE_PUBLISHABLE_KEY\" : \"pk_test_6pRNASCoBOKtIshFeQd4XMUh\",\n      \"STRIPE_SECRET_KEY\"      : \"sk_test_BQokikJOvBiI2HlWgH4olfQ2\",\n      \"DOWNLOAD_SECRET_KEY\"    : \"sk_test_c40aeeb535784f3fa179b107c5ee8e99\",\n      \"DOWNLOAD_SECRET_SALT\"   : \"st_test_784f3fa179b3f3f50a7c5faeeb5ee87c\",\n      }\n\n    }\n\n  ]\n}\n\n\n```\n\n### Low Number Ports\nServer requires access to low level ports 80 (http) and 443 (https) to operate by default.\nOn linux servers you can use the following command to give Node access to these ports.\nNote use of ```sudo setcap cap_net_bind_service=+ep $(which node)```\nNote: Port forwarding is the preferred method.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffantasyui-com%2Fonline-marketplace","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ffantasyui-com%2Fonline-marketplace","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffantasyui-com%2Fonline-marketplace/lists"}