CODEWITHSUNDEEP
phpnode.jscurlrequest
sir-haver
sir-haver

Reputation: 3592

Translate php curl to node js request

I have the following php code:

        //Create url
        $url = "https://pci.zcredit.co.il/WebControl/RequestToken.aspx";
        $post = "TerminalNumber=$TerminalNumber"
        ."&Username=$UserName&PaymentSum=$PaymentSum&PaymentsNumber=$PaymentsNumber&Lang=$Lang"
        ."&Currency=$Currency&UniqueID=$UniqueID&ItemDescription=$ItemDescription&ItemQtty=$ItemQtty"
        ."&ItemPicture=$ItemPicture&RedirectLink=$RedirectLink&NotifyLink=$NotifyLink"
        ."&UsePaymentsRange=$UsePaymentsRange&ShowHolderID=$ShowHolderID&AuthorizeOnly=$AuthorizeOnly"
        ."&HideCustomer=$HideCustomer&CustomerName=$CustomerName&CssType=$CssType&IsCssResponsive=$IsCssResponsive";

        $ch = curl_init();
        curl_setopt($ch, CURLOPT_URL, $url); // Create the request url
        curl_setopt($ch, CURLOPT_POSTFIELDS,$post); //Set post value
        curl_setopt($ch, CURLOPT_POST, 1); // Set the request method to POST
        curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); //Not return data in brower
        curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); 
        curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
        $page = curl_exec($ch);    // Get the response

Which I'm trying to use in node js, with Request:

let url = "https://pci.zcredit.co.il/WebControl/RequestToken.aspx";
        let post = `TerminalNumber=${TerminalNumber}`
        +`&Username=${UserName}&PaymentSum=${PaymentSum}&PaymentsNumber=${PaymentsNumber}&Lang=${Lang}`
        +`&Currency=${Currency}&UniqueID=${UniqueID}&ItemDescription=${ItemDescription}&ItemQtty=${ItemQtty}`
        +`&ItemPicture=${ItemPicture}&RedirectLink=${RedirectLink}&NotifyLink=${NotifyLink}`
        +`&UsePaymentsRange=${UsePaymentsRange}&ShowHolderID=${ShowHolderID}&AuthorizeOnly=${AuthorizeOnly}`
        +`&HideCustomer=${HideCustomer}&CustomerName=${CustomerName}&CssType=${CssType}&IsCssResponsive=${IsCssResponsive}`;

const request = require('request');

request(url +'/' + post, { json: true }, (err, res, body) => {
  if (err) { return console.log(err); }

});

But should I just add the post parameters to the original url? Is it secure?

Thanks in advance!

Upvotes: 0

Views: 79

Answers (1)

TGrif
TGrif

Reputation: 5931

The syntax for posting URL-encoded forms with Request is simple as:

request.post(url).form({ key: value })

Of course, you can choose to send the request with the parameters in the url, using template literals variables, and that will change nothing in a security point of view, but it will be more readable.

Your code will be secure if you sanitize the parameters and if you use encryption (https), the same way you should do in any language, as main.c says in his comment.

Upvotes: 1

Related Questions