Django - Stripe subscription

Question

I have a view that uses Stripe to charge an amount and then redirect the user to a subscription page, but how can I prevent a user from accessing the url directly?

Charge view :

def testview(request):

    charge = stripe.Charge.create(
        amount=2000,
        currency="usd",
        source="tok_visa", # obtained with Stripe.js
        description="Charge for jenny.rosen@example.com"
    )

    return render(request, 'test.html')

My subscription creation view:

def create_sub(request):
     plan1 = "plan_DiiAhydC7AxqeG"
     plan2 = "plan_DiiAypModfV7VJ"

     plan = request.GET.get('plan')

    if plan == '1':
        active_plan = plan1
    elif plan == '2':
        active_plan = plan2

    sub = stripe.Subscription.create(
        customer=request.user.stripe_id,
        items=[
            {
                "plan": active_plan,
            },
        ]
   )

My html charge template:

<form action="/test/create-sub?plan=2" method="POST">
{% csrf_token %}
 <script
    src="https://checkout.stripe.com/checkout.js" class="stripe-button"
    data-key="stripe_api_code"
    data-amount="100000"
    data-name="Bilpard"
    data-description="Paid plan"
    data-image="https://stripe.com/img/documentation/checkout/marketplace.png"
    data-locale="auto">
 </script>
</form>

Answer 1

How about wrapping the testview view inside the require_post decorator?

from django.views.decorators.http import require_POST

@require_POST()
def testview(request):

    charge = stripe.Charge.create(
        amount=2000,
        currency="usd",
        source="tok_visa", # obtained with Stripe.js
        description="Charge for jenny.rosen@example.com"
    )

    return render(request, 'test.html')

With that, only POST requests allowed to access this view.