Membership Site with Stripe

Rails 4.2 example application demonstrates how to use Stripe and the Payola gem for a Rails membership site, subscription site, or SaaS site (software-as-a-service). Use this example application as a starter app for your own web applications.

This application replaces a very popular Rails 3.2 implementation, available in a Rails 3.2 branch, and now uses the Payola gem.

See the tutorial for a complete explanation of the code:

• Membership Site with Stripe

This is a complex application. To understand the code, you’ll need the tutorial.

The application uses:

• Payola for Stripe integration with Rails
• Stripe for credit card payment processing
• Devise for user management and authentication
• Role-Based Authorization for administrator access
• Bootstrap front-end framework

Other tutorials may be helpful:

• Signup and Download
• Role-Based Authorization
• Devise Tutorial
• RSpec Tutorial

You can build this application in only a few minutes using the Rails Composer tool.

From the RailsApps Project

The RailsApps open source project offers starter applications and tutorials for Rails developers. Generate the applications with the Rails Composer tool.

All the code is explained in the Capstone Rails Tutorials. You can purchase the Capstone Rails Tutorials to support the project.

If You Are New to Rails

If you’re new to Rails, see What is Ruby on Rails?, the book Learn Ruby on Rails, and recommendations for a Rails tutorial.

Database

The application requires a database. The example application uses SQLite with Rails ActiveRecord. You can easily substitute PostgreSQL, MySQL, or other databases.

Front-end Framework

The example application integrates Bootstrap for a navigation bar and flash messages. The forms are set up to use Bootstrap. You can customize the application to use other front-end frameworks such as Zurb Foundation.

What’s Here

Stripe offers two approaches to implementing payment processing. Stripe Checkout is Stripe’s entry-level approach. Stripe Checkout competes with the button-based payment options from Google, PayPal, or Amazon, adding a pop-up payment form to any web page. Stripe Checkout is very limited because the pop-up payment form cannot be customized for use with a Rails application. Our Stripe Checkout Tutorial shows how to combine Stripe Checkout with Devise for simple applications.

Stripe.js is optimal for use with a Rails application, allowing full customization of a payment form and integration with Rails form processing. The rails-stripe-coupons starter application implements a payment feature using Stripe JS so a visitor pays to download a PDF file. The application accommodates promotional coupons and adds payment forms to landing pages, for real-world payment processing.

This example application, rails-stripe-membership-saas, provides subscription billing using Stripe and the Payola gem.

The application offers these features:

• tiered pricing for multiple subscription plans
• optional “free trial” subscription as well as free accounts using Stripe
• uses Stripe for no local credit card storage
• Stripe accepts credit card payments from customers in any country or currency
• PCI compliance using the Stripe JavaScript library
• Stripe handles recurring billing, retries if payment fails, and cancels subscription if retries fail
• paid subscriptions are created only after a successful credit card transaction
• subscribers can upgrade or downgrade subscription plans
• subscribers can cancel subscription plans

Additionally:

• background processing adds the email address to a mailing list
• background processing completes payment for a speedy response

What Is Not Here

There are additional features you may want for a SaaS application, such as:

• Basecamp-style subdomains (each user gets their own subdomain)
• multitenancy database segmentation

These features are not included in this application. For multitenancy, try Brad Robertson’s Apartment gem.

Similar Examples and Tutorials

This is one in a series of Rails example apps and tutorials from the RailsApps Project. See a list of additional Rails examples, tutorials, and starter apps. Related example applications may be useful:

• Learn Rails companion to the book Learn Ruby on Rails
• Foundation and Rails shows how to integrate Foundation
• Bootstrap and Rails shows to integrate Bootstrap
• Mailing Lists with Active Job for MailChimp subscriptions
• OmniAuth and Rails uses OmniAuth for authentication
• Devise and Rails uses Devise for authentication
• Role-Based Authorization using simple roles
• Pundit and Rails uses Pundit for authorization
• Signup and Download combines authentication with authorization and a PDF download
• Stripe Checkout
• Stripe JS With Coupons

Accounts You Will Need

Get the accounts you will need before deploying the application.

Email

Devise provides a “Forgot Password?” feature that resets a password and sends instructions to the user. You’ll need an email service provider to send email from the application. You can use Gmail during development. You can get a free Gmail account if you don’t already have one. For production, Gmail is not robust. Use transactional email services, such as Mandrill, to send email in production. See the article Send Email with Rails for more information.

Stripe

A Stripe account is required. Before you start, go to the Stripe website and set up an account. You don’t need a credit card merchant account or payment gateway. There’s no approval process to delay getting started.

Merchant Account

Your business will need a merchant account in order to accept credit card payments. If you already have a merchant account, you can use it with Stripe. Stripe provides a merchant account as part of its service, so you don’t need to obtain one.

MailChimp

A MailChimp account is optional. The application User model includes a method to subscribe a new user to a MailChimp mailing list when an account is created. If you choose to use this feature, you’ll need a MailChimp account.

When visitors submit an email address, the application will add them to a MailChimp list. To access MailChimp, we’ll need a MailChimp API key. “Log in to MailChimp”https://admin.mailchimp.com/ to get your API key. Click your name at the top of the navigation menu, then click “Account”. Click “Extras,” then “API keys.” You have to generate an API key; MailChimp doesn’t create one automatically.

You’ll also need to create a MailChimp mailing list. The MailChimp “Lists” page has a button for “Create List.” The list name and other details are up to you. We’ll need the MAILCHIMP_LIST_ID for the mailing list you’ve created. To find the list ID, on the MailChimp “Lists” page, click the “down arrow” for a menu and click “Settings.” At the bottom of the “List Settings” page, you’ll find the unique ID for the mailing list.

With MailChimp, you can send a welcome message automatically when the visitor signs up for the mailing list. Use the welcome message to inform the visitor that they’ve successfully subscribed to the mailing list. It’s a bit difficult to find the MailChimp option to create a welcome message. Strangely, MailChimp considers a welcome message a “form.” Here’s how to find it. On the MailChimp “Lists” page, click the “down arrow” for a list and click “Signup forms.” Then click “General forms.” On the “Create Forms” page, there is a drop-down list of “Forms & Response Emails.” The gray box shows “Signup form.” Click the down arrow. Select the menu item named “Final ‘Welcome’ Email” and you’ll be able to create a welcome message.

Hosting

We provide instructions to deploy the application to Heroku which provides Rails application hosting. It costs nothing to set up a Heroku account and deploy as many applications as you want. To deploy an app to Heroku, you must have a Heroku account. Visit Heroku to set up an account.

SSL

Visitors to your website will be sending credit card information from their browser to Stripe’s servers when they sign up for a subscription. The Stripe JavaScript library will open an SSL connection to Stripe’s servers when the form is submitted. You can host your site without SSL and your users’ credit card numbers will be protected on the way to Stripe’s servers. However, your security-conscious visitors will be uneasy if they see that the web URL for your registration page begins with http:// and not https:// (indicating an SSL connection). For their peace of mind (and the higher conversion rate that comes with trust), you should host your website with an SSL connection. Additionally, as a general practice, it is wise to host any webapp that requires login over an SSL connection.

If you’re deploying with Heroku, you can access any Heroku app over SSL at https://myapp.herokuapp.com/. Setting up an SSL certificate for a custom domain on Heroku can be a hassle but there’s a convenient alternative that is a better value. You can use CloudFlare to get free SSL without purchasing or installing an SSL certificate. CloudFlare is a content delivery network (CDN) and website optimizer; their free plan includes SSL. See the article Configuring CloudFlare DNS for a Heroku App. If you’re deploying on Heroku, you can wait until you’ve deployed to sign up for a Cloudflare account.

Dependencies

Before generating your application, you will need:

• The Ruby language – version 2.2
• The Rails gem – version 4.2

See the article Installing Rails for instructions about setting up Rails and your development environment. See the article Updating to Rails 4.2 if you are using Rails 4.1. You must install Rails 4.2 to use this application because Active Job is not available in earlier versions of Rails.

Getting the Application

Local

You have several options for getting the code on your own machine. You can fork, clone, or generate.

Fork

If you’d like to add features (or bug fixes) to improve the example application, you can fork the GitHub repo and make pull requests. Your code contributions are welcome!

Clone

If you want to copy and customize the app with changes that are only useful for your own project, you can clone the GitHub repo. You’ll need to search-and-replace the project name throughout the application. You probably should generate the app instead (see below). To clone:

$ git clone git://github.com/RailsApps/rails-stripe-membership-saas.git

You’ll need git on your machine. See Rails and Git.

Generate

If you want to use the project as a starter application, use the Rails Composer tool to generate a new version of the example app. You’ll be able to give it your own project name when you generate the app. Generating the application gives you additional options.

To build the example application, Rails 4.2 must be installed in your development environment. Run the command:

$ rails new rails-stripe-membership-saas -m https://raw.github.com/RailsApps/rails-composer/master/composer.rb

The $ character indicates a shell prompt; don’t include it when you run the command.

This creates a new Rails app named rails-stripe-membership-saas on your computer. You can use a different name if you wish.

You’ll see a prompt:

option  Build a starter application?
    1)  Build a RailsApps example application
    2)  Contributed applications
    3)  Custom application

Enter “1” to select Build a RailsApps example application. You’ll see a prompt:

option  Choose a starter application.
    1)  learn-rails
    2)  rails-bootstrap
    3)  rails-foundation
    4)  rails-mailinglist-activejob
    5)  rails-omniauth
    6)  rails-devise
    7)  rails-devise-roles
    8)  rails-devise-pundit
    9)  rails-signup-download
   10)  rails-stripe-checkout
   11)  rails-stripe-coupons
   12)  rails-stripe-membership-saas

Choose rails-stripe-membership-saas. The Rails Composer tool may give you other options (other applications may have been added since these notes were written).

The application generator template will ask you for additional preferences:

option  Web server for development?
     1)  WEBrick (default)
     2)  Thin
     3)  Unicorn
     4)  Puma
     5)  Phusion Passenger (Apache/Nginx)
     6)  Phusion Passenger (Standalone)
 option  Web server for production?
     1)  Same as development
     2)  Thin
     3)  Unicorn
     4)  Puma
     5)  Phusion Passenger (Apache/Nginx)
     6)  Phusion Passenger (Standalone)
 option  Database used in development?
     1)  SQLite
     2)  PostgreSQL
     3)  MySQL
 option  Template engine?
     1)  ERB
     2)  Haml
     3)  Slim
 option  Test framework?
     1)  None
     2)  RSpec with Capybara
 option  Continuous testing?
     1)  None
     2)  Guard
 option  Add support for sending email?
     1)  None
     2)  Gmail
     3)  SMTP
     4)  SendGrid
     5)  Mandrill
 option  Admin interface for database?
     1)  None
     2)  Upmin
 option  Install page-view analytics?
     1)  None
     2)  Google Analytics
     3)  Segment.io
 option  Prepare for deployment?
     1)  no
     2)  Heroku
     3)  Capistrano
 option  Set a robots.txt file to ban spiders? (y/n) n
 option  Create a GitHub repository? (y/n) n
 option  Use or create a project-specific rvm gemset? (y/n) y

Web Servers

If you plan to deploy to Heroku, select Puma as your production webserver. Puma is recommended by Heroku.

Database

Use SQLite for development on Mac or Linux, unless you already have PostgreSQL installed locally. Use PostgreSQL if you plan to deploy to Heroku. You can easily change the database later if you select SQLite to start.

Template Engine

The example application uses the default “ERB” Rails template engine. Optionally, you can use another template engine, such as Haml or Slim. See instructions for Haml and Rails.

Testing

If you are a beginner, select “None.”

Email

Choose Gmail for development if you already have a Gmail account. Choose SendGrid or Mandrill for production if your site will be heavily used.

Other Choices

Set a robots.txt file to ban spiders if you want to keep your new site out of Google search results.

If you choose to create a GitHub repository, the generator will prompt you for a GitHub username and password.

It is a good idea to use RVM, the Ruby Version Manager, and create a project-specific RVM gemset (not available on Windows). See Installing Rails.

Troubleshooting

If you get an error “OpenSSL certificate verify failed” or “Gem::RemoteFetcher::FetchError: SSL_connect” see the article OpenSSL errors and Rails.

Edit the README

If you’re storing the app in a GitHub repository, please edit the README files to add a description of the app and your contact info. If you don’t change the README, people will think I am the author of your version of the application.

Getting Started

See the article Installing Rails to make sure your development environment is prepared properly.

Use RVM

I recommend using RVM, the Ruby Version Manager, to create a project-specific gemset for the application. If you generate the application with the Rails Composer tool, you can create a project-specific gemset.

Gems

Here are the gems used by the application:

• bootstrap-sass provides a front-end framework
• devise for authentication and user management
• gibbon provides an API wrapper for MailChimp
• payola-payments a Rails engine for Stripe integration
• sucker_punch provides queuing for background jobs

These gems make development easier:

• better_errors – helps when things go wrong
• quiet_assets – suppresses distracting messages in the log
• rails_layout – generates files for an application layout

Install the Required Gems

If you used the Rails Composer tool to generate the example app, the application template script has already run the bundle install command.

If not, you should run the bundle install command to install the required gems on your computer:

$ bundle install

You can check which gems are installed on your computer with:

$ gem list

Keep in mind that you have installed these gems locally. When you deploy the app to another server, the same gems (and versions) must be available.

Configuration File

To consolidate configuration settings in a single location, we store credentials in the config/secrets.yml file. To keep your credentials private, use Unix environment variables to set your credentials. See the article Rails Environment Variables for more information.

Add your credentials to the file config/secrets.yml:

# Make sure the secrets in this file are kept private
# if you're sharing your code publicly.

development:
  admin_name: First User
  admin_email: [email protected]
  admin_password: changeme
  email_provider_username: <%= ENV["GMAIL_USERNAME"] %>
  email_provider_password: <%= ENV["GMAIL_PASSWORD"] %>
  domain_name: example.com
  mailchimp_api_key: <%= ENV["MAILCHIMP_API_KEY"] %>
  mailchimp_list_id: <%= ENV["MAILCHIMP_LIST_ID"] %>
  stripe_api_key: <%= ENV["STRIPE_API_KEY"] %>
  stripe_publishable_key: <%= ENV["STRIPE_PUBLISHABLE_KEY"] %>
  secret_key_base: very_long_random_string

test:
  domain_name: example.com
  secret_key_base: very_long_random_string

# Do not keep production secrets in the repository,
# instead read values from the environment.
production:
  admin_name: <%= ENV["ADMIN_NAME"] %>
  admin_email: <%= ENV["ADMIN_EMAIL"] %>
  admin_password: <%= ENV["ADMIN_PASSWORD"] %>
  email_provider_username: <%= ENV["GMAIL_USERNAME"] %>
  email_provider_password: <%= ENV["GMAIL_PASSWORD"] %>
  domain_name: example.com
  mailchimp_api_key: <%= ENV["MAILCHIMP_API_KEY"] %>
  mailchimp_list_id: <%= ENV["MAILCHIMP_LIST_ID"] %>
  stripe_api_key: <%= ENV["STRIPE_API_KEY"] %>
  stripe_publishable_key: <%= ENV["STRIPE_PUBLISHABLE_KEY"] %>
  secret_key_base: <%= ENV["SECRET_KEY_BASE"] %>

All configuration values in the config/secrets.yml file are available anywhere in the application as variables. For example, Rails.application.secrets.email_provider_username will return the string set in the Unix environment variable GMAIL_USERNAME.

If you don’t want to use Unix environment variables, you can set each value directly in the config/secrets.yml file. The file must be in your git repository when you deploy to Heroku. However, you shouldn’t save the file to a public GitHub repository where other people can see your credentials.

For the Gmail username and password, enter the credentials you use to log in to Gmail when you check your inbox. See the article Send Email with Rails if you are using Google two factor authentication.

The values for admin_email and admin_password are used when the database is seeded. You will be able to log in to the application with these credentials. Note that it’s not necessary to personalize the config/secrets.yml file before you deploy your app. You can deploy the app with an example user and then use the application’s “Edit Account” feature to change email address and password after you log in. Use this feature to log in as an administrator and change the email and password to your own.

The variable domain_name is used for sending email. You can use example.com in development. If you already have a custom domain name you’ll use when you deploy the application, you can set domain_name. If you deploy the application to Heroku, you’ll set domain_name with the unique name you’ve given your application on Heroku. You’ll have to wait until you deploy to know the name you’ll use on Heroku.

See the section “Accounts You Will Need” to learn where to find the mailchimp_api_key and mailchimp_list_id credentials.

You can find the stripe_api_key and stripe_publishable_key credentials when you log in to view the Stripe Dashboard. Look under “Account Settings” for the “API Keys” tab. If you use the “Test Secret Key” and “Test Publishable Key” during development, you can enter payments without getting charged.

Roles

The application manages access for users in multiple roles: admin and user, as well as three roles corresponding to subscription plans: silver, gold, and platinum. You can customize the application for additional roles if needed.

Roles are defined in the app/models/user.rb file (the User model).

class User < ActiveRecord::Base
  .
  .
  .
  enum role: [:user, :admin, :silver, :gold, :platinum]
  after_initialize :set_default_role, :if => :new_record?

  def set_default_role
    self.role ||= :user
  end

end

You can change the available roles by changing the array [:user, :admin, :silver, :gold, :platinum].

The application uses the ActiveRecord enum method to manage roles. ActiveRecord provides convenient methods to query the role attribute:

user.admin! # sets the role to "admin"
user.admin? # => true
user.role  # => "admin"

See documentation for ActiveRecord::Enum for details.

Database Seed File

The db/seeds.rb file initializes the database with default values.

# This file should contain all the record creation needed to seed the database with its default values.
# The data can then be loaded with the rake db:seed (or created alongside the db with db:setup).
#
# Examples:
#
#   cities = City.create([{ name: 'Chicago' }, { name: 'Copenhagen' }])
#   Mayor.create(name: 'Emanuel', city: cities.first)
user = CreateAdminService.new.call
puts 'CREATED ADMIN USER: ' << user.email
CreatePlanService.new.call
puts 'CREATED PLANS'

CreateAdminService is a service object that obtains admin_email and admin_password values from the config/secrets.yml file. You can examine the file app/services/create_admin_service.rb to see how a new user is created. CreatePlanService is a service object that creates subscription plans.

Set the Database

If you’ve used the Rails Composer tool to generate the application, the database is already set up with rake db:migrate and rake db:seed.

If you’ve cloned the repo, prepare the database and add the default user to the database by running the commands:

$ rake db:migrate
$ rake db:seed

Use rake db:reset if you want to empty and reseed the database.

If you’re not using rvm, the Ruby Version Manager, you should preface each rake command with bundle exec. You don’t need to use bundle exec if you are using rvm version 1.11.0 or newer.

Stripe Webhooks

When a credit card expires or a monthly transaction is declined, Stripe will automatically retry a recurring payment after it fails. After a number of attempts (set in your Stripe account settings), Stripe will cancel the subscription. Your application needs to know to deny access for a subscriber with an expired account. Stripe provides webhooks to communicate events to you (for details, see the Stripe webhooks documentation).

A Stripe webhook is an HTTP request from Stripe’s servers to your site, containing JSON data that provides data about the event, plus an event id that can be used to retrieve the data from the Stripe server. The example application responds to Stripe webhooks, using an implementation provided by Danny Whalen’s stripe_event gem, which is provided with the Payola gem. The application responds to webhook requests at https://www.example.com/payola/events.

The example application only responds to “customer.subscription.deleted” events. You can customize the application to respond to other events (such as sending a thank you email in response to an “invoice.payment_succeeded” event).

For webhooks to work, you must visit your Stripe dashboard at https://manage.stripe.com/#account/webhooks and add the URL for your application, such as https://www.example.com/payola/events.

Change your Application’s Secret Token

If you’ve used the Rails Composer tool to generate the application, the application’s secret token will be unique, just as with any Rails application generated with the rails new command.

However, if you’ve cloned the application directly from GitHub, it is crucial that you change the application’s secret token before deploying your application in production mode. Otherwise, people could change their session information, and potentially access your site without permission. Your secret token should be at least 30 characters long and completely random.

Get a unique secret token:

rake secret

Edit the config/secrets.yml file to change the secret token.

Test the App

You can check that your application runs properly by entering the command:

$ rails server

To see your application in action, open a browser window and navigate to http://localhost:3000/.

You should see a home page with a navigation bar. Click “Sign Up.”

Fill in the form. Use the fake credit card number 4242424242424242 and any three-digit number for a security code. Submit the form.

You’ll be redirected to a page for your subscription plan and see a message “Welcome! You have signed up successfully.” You’ll be logged in as a new user.

Visit your Stripe dashboard at https://manage.stripe.com/#test/customers and see the new customer you’ve created. If you check the customer details, you should see the fake credit card number and a payment record.

Sign out and sign in as the administrator (with the credentials in the config/secrets.yml file). You’ll be able to see a list of users.

Stop the server with Control-C. If you test the app by starting the web server and then leave the server running while you install new gems, you’ll have to restart the server to see any changes. The same is true for changes to configuration files in the config folder. This can be confusing to new Rails developers because you can change files in the app folders without restarting the server. Stop the server each time after testing and you will avoid this issue.

Deploy to Heroku

Heroku provides low cost, easily configured Rails application hosting.

You can deploy from the command line.

If you’ve set configuration values in the config/secrets.yml file, you’ll need to set them as Heroku environment variables. You can set Heroku environment variables directly with heroku config:add. For example:

$ heroku config:add MAILCHIMP_API_KEY='a6v34ggf23c123098765fcc6c996c540-us2' MAILCHIMP_LIST_ID='4x8bfgb034'

Complete Heroku deployment with:

$ git push heroku master

See the Tutorial for Rails on Heroku for details.

Troubleshooting

Problems? Check the issues.

Issues

Please create a GitHub issue if you identify any problems or have suggestions for improvements.

Where to Get Help

Your best source for help with problems is Stack Overflow. Your issue may have been encountered and addressed by others.

Use the tag “railsapps” on Stack Overflow for extra attention.

Contributing

If you make improvements to this application, please share with others.

Send the author a message, create an issue, or fork the project and submit a pull request.

If you add functionality to this application, create an alternative implementation, or build an application that is similar, please contact me and I’ll add a note to the README so that others can find your work.

Credits

Daniel Kehoe implemented the application and wrote the tutorial.

Is the app useful to you? Follow the project on Twitter: @rails_apps
and tweet some praise. I’d love to know you were helped out by what I’ve put together.

MIT License

MIT License

Copyright ©2014-15 Daniel Kehoe

Useful Links