Hey there! Let's walk through the issues in your code and fix them one by one—since you're learning Node.js, I'll explain each problem clearly so you understand why things went wrong.

核心错误：Payment Intent Confirm 参数错误 #

The error Argument "intent" must be a string, but got: undefined happens because you're passing the wrong value to stripe.paymentIntents.confirm().

Looking at your code:

stripe.paymentIntents.create({
  amount:1000,
  currency: 'usd',
  customer: customer.id,
  payment_method: paymentMethods.id
}).then(function(confirm) {
  return stripe.paymentIntents.confirm(
    paymentMethods.id, // ❌ This is NOT a Payment Intent ID
    {payment_method: 'pm_card_visa'}
  )
})

• stripe.paymentIntents.confirm() requires the ID of the Payment Intent as its first argument, not a Payment Method ID.
• Also, paymentMethods is a list object returned by stripe.paymentMethods.list(), so paymentMethods.id doesn't exist at all. The actual Payment Method IDs are in paymentMethods.data[0].id (for the first card), but that's still not what you need here.

其他关键问题 #

1. 异步流程逻辑错误
   Your if (!registered && paymentSuccessful) block runs immediately after starting the Stripe payment flow, before the payment is actually completed. Since stripe.paymentIntents.create() is asynchronous, the paymentSuccessful variable stays false when this check runs—so your user/activity update code never executes.

2. 报名检查逻辑错误
   Your current code checks if any user is registered to the event with:

   registered = await User.findOne({attendsTo: event._id})
   

   This means once one user signs up, everyone else gets the "already registered" error. You need to check if the current logged-in user is registered:

   const registered = await User.findOne({_id: user._id, attendsTo: event._id})
   

3. Stripe API 冗余与旧用法

   • Using source when creating a customer is deprecated—Stripe now recommends using Payment Methods.
   • You don't need to list Payment Methods right after creating a customer; you can handle payment methods directly in the Payment Intent flow.

修正后的代码 #

Here's the fixed version using async/await (to match your existing asyncHandler setup) and corrected logic:

// @desc 报名活动
// @route POST /api/events/attend
// @access Private
const attendToEvent = asyncHandler(async (req, res) => {
  const { eventID, stripeToken } = req.body; // 确保获取stripeToken
  const user = req.user;

  // 1. 验证活动ID格式
  const isValidEventID = mongoose.Types.ObjectId.isValid(eventID);
  if (!isValidEventID) {
    res.status(400);
    throw new Error('Invalid Event ID format.');
  }

  // 2. 查找活动
  const event = await Event.findOne({ _id: eventID });
  if (!event) {
    res.status(400);
    throw new Error('Invalid Event ID.');
  }

  // 3. 检查当前用户是否已报名
  const isRegistered = await User.findOne({ _id: user._id, attendsTo: event._id });
  if (isRegistered) {
    res.status(400);
    throw new Error('You are already registered to this event.');
  }

  try {
    // 4. 创建Stripe客户（使用现代API，不推荐source，这里暂时兼容你的token）
    const customer = await stripe.customers.create({
      name: user.username,
      email: user.email,
      source: stripeToken, // 注意：source是旧版API，建议迁移到Payment Methods
    });

    // 5. 创建Payment Intent
    const paymentIntent = await stripe.paymentIntents.create({
      amount: 1000, // $10.00（单位是分）
      currency: 'usd',
      customer: customer.id,
      payment_method_types: ['card'],
    });

    // 6. 确认Payment Intent（使用正确的Payment Intent ID）
    const confirmedPayment = await stripe.paymentIntents.confirm(
      paymentIntent.id, // ✅ 这里传Payment Intent的ID
      { payment_method: paymentIntent.payment_method } // 使用关联的支付方式
    );

    // 7. 支付成功后更新用户和活动数据
    if (confirmedPayment.status === 'succeeded') {
      // 更新用户的报名列表
      await User.findOneAndUpdate(
        { _id: user._id },
        { $push: { attendsTo: event._id } },
        { new: true } // 返回更新后的文档，可选
      );

      // 更新活动的参与者列表
      await Event.findOneAndUpdate(
        { _id: event._id },
        { $push: { attendees: user._id } },
        { new: true }
      );

      res.status(201).send(`Successfully registered to event: ${event.eventname}`);
    } else {
      res.status(400);
      throw new Error('Payment failed. Please try again.');
    }
  } catch (stripeError) {
    res.status(400);
    throw new Error(`Payment error: ${stripeError.message}`);
  }
});

额外建议 #

• 迁移到Stripe Payment Element：The stripeToken approach is legacy. For better security and compliance, use Stripe's Payment Element which handles card input securely on the frontend.
• Error Handling：Added a try/catch block around Stripe operations to catch and return payment-specific errors to the client.
• Async/Await Consistency：Using async/await everywhere makes the code easier to read and debug compared to mixing then() chains with async functions.

内容的提问来源于stack exchange，提问作者Ata