Stripe appears to be billing twice when user createsubcrition Subscription

Question

The issue is if the user subscribes to a product, a charge is created and the amount is deducted from the subscriber. Then the invoice will be generated and at the same time, again the amount will be deducted from the subscriber a/c. Double-time payment cuts from the subscriber's account.

The backend code:

 exports.createSubscription = function(req, res, next) {
    console.log("1");
    if (req.body.payment_method_id == undefined || req.body.payment_method_id == ''){
    console.log("2")
    console.log("Payment : -"+req.body.payment_method_id)
    Response.failure(req, res, '', 'payment_method_id is required')
}
else{
    console.log("package_name : -"+req.body.package_name)
    if (req.body.package_name == undefined || req.body.package_name == '') {
        console.log("4")
        Response.failure(req, res, '', 'package_name is required')
    }
    else{
        console.log("5")
        console.log("amount : -"+req.body.amount)
        if (req.body.amount == undefined || req.body.amount == '') {
            console.log("6")
            Response.failure(req, res, '', 'amount is required')
       
        }
        else{
          
            console.log("7")
      User.findById(req.userId,function(err, user){
          console.log("7")
          if(user){
            console.log("8")

            console.log("Inside User")
            if(user.stripe_customer_id){
                console.log("Inside User Stripe")
                stripe.paymentMethods.attach(req.body.payment_method_id, {
                    customer: user.stripe_customer_id,
                  }).then((attch) => {
                    console.log("10")
                      console.log("Attch :- "+JSON.stringify(attch))
                    stripe.customers.update(
                        user.stripe_customer_id,
                        {
                          invoice_settings: {
                            default_payment_method: req.body.payment_method_id,
                          },
                        }
                    ).then((up) => {
                        console.log("11")
                        console.log("UP :- "+JSON.stringify(up))
                        stripe.products.create({
                            name: req.body.package_name,
                          }).then((product) => {
                            console.log("12")
                            console.log("product :- "+JSON.stringify(product))
                            stripe.prices.create({
                                unit_amount: req.body.amount * 100,
                                currency: 'gbp',
                                recurring: {interval: 'month'},
                                product: product.id,
                              }).then((price) => {
                                console.log("13")
                                console.log("Price :- "+JSON.stringify(price))
                                stripe.subscriptions.create({
                                    customer: user.stripe_customer_id,
                                    items: [{ price: price.id }],
                                    expand: ['latest_invoice.payment_intent'],
                                }).then((subscription) => {
                                    
                                        console.log("14")
                                       
                                        Response.success(req, res, subscription, 'Subscription created.')
                                        console.log("done")
                                }).catch((error) => {
                                        console.log("15")
                                        Response.failure(req, res, {}, error.raw.message)
                                    });
                                }).catch((error) => {
                                    console.log("16")
                                    Response.failure(req, res, {}, error.raw.message)
                                });
                              }).catch((error) => {
                                console.log("15")
                                Response.failure(req, res, {}, error.raw.message)
                            });
                          }).catch((error) => {
                            console.log("15")
                            Response.failure(req, res, {}, error.raw.message)
                        });
                    }).catch((error) => {
                        console.log("17")
                        Response.failure(req, res, {}, error.raw.message)
                    });
                  }
            }
          })  
      }
    }
  }
}

Can anyone suggest to me how I fix it?

Answer 1

A few things:

1. The code you shared creates a single Subscription for the customer. The Subscription will contain an Invoice which contains a PaymentIntent. So this should only charge the customer once.
2. Your code doesn't follow Stripe's recommended flow mentioned in this guide.
3. Using req.body.amount * 100 is very dangerous. It means malicious users could change the price they pay.
4. Also your code is hard to read with all the nested .then().

Here's what I would recommend doing instead:

// Create the Customer
const customer = await stripe.customers.create({
  name: 'Foo Bar',
  email: '[email protected]',
});

// Then create the Subscription for that customer, using a hardcoded price ID
const subscription = await stripe.subscriptions.create({
  customer: customer.id,
  items: [{ price: "price_xxx" }],
  payment_behavior: 'default_incomplete',
  payment_settings: { save_default_payment_method: 'on_subscription' },
  expand: ['latest_invoice.payment_intent'],
});

// Finally send the client secret on the frontend to collect a PaymentMethod 
res.send({
  clientSecret: subscription.latest_invoice.payment_intent.client_secret,
});