npm i --save stripe

//checkout.ejs
<div class="centered">
            <button id="order-btn" class="btn">Order</button>
            <script src="<https://js.stripe.com/v3/>"></script>
            <script>
                var stripe = Stripe('pk_test_51Gs5X1LhIVDGgy4tyRA9K6iqbBARhEJ7JKZ8DFohir2yhOcXenw4fs5rnkX2qnH4fnRarftzTckHQDbl942dRu0z00QS0SmHTe');
                var orderBtn = document.getElementById("order-btn")
                orderBtn.addEventListener("click", () => {
                    stripe.redirectToCheckout({
                        sessionId: '<%= sessionId %>'
                    })
                })
            </script>
</div>

// routes/shop.js
router.get('/checkout', isAuth, shopController.getCheckout);
router.get('/checkout/success', isAuth, shopController.getCheckoutSuccess);
router.get('/checkout/cancel', isAuth, shopController.getCheckout);

// controller/shop.js

const privateKey = require("./../util/database").privateKey
const stripe = require("stripe")(privateKey)

exports.getCheckout = (req, res, next) => {
  let products
  let total = 0;
  req.user
    .populate('cart.items.productId')
    // to return a promise 
    .execPopulate()
    .then(user => {
      products = user.cart.items
      total = 0;
      products.forEach(p => {
        total += p.quantity * p.productId.price;
      })

      return stripe.checkout.sessions.create({
        payment_method_types: ['card'],
        line_items: products.map(p => {
          return {
            name: p.productId.title,
            description: p.productId.description,
            // in cents
            amount: p.productId.price * 100,
            currency: 'usd',
            quantity: p.quantity
          };
        }),
        success_url: req.protocol + '://' + req.get("host") + "/checkout/success",
        cancel_url:  req.protocol + '://' + req.get("host") + "/checkout/cancel"
      });

      
    })
    .then(session => {
      res.render('shop/checkout', {
        path: '/checkout',
        pageTitle: 'Checkout',
        products: products,
        totalSum: total,
        sessionId: session.id
      });
    })
    .catch(err => {
      const error = new Error(err);
      error.httpStatusCode = 500;
      return next(error)
    });
}

exports.getCheckoutSuccess = (req, res, next) => {
  req.user
    .populate('cart.items.productId')
    // to return a promise 
    .execPopulate()
    .then(user => {
      const products = user.cart.items.map(i => {
        return { quantity: i.quantity, product: { ...i.productId._doc } }
      })
      const order = new Order({
        user: {
          email: req.user.email,
          userId: req.user
        },
        products: products
      })
      return order.save();
    })
    .then(() => {
      return req.user.clearCart();
    }).then(() => {
      res.redirect("/orders")
    })
    .catch(err => {
      const error = new Error(err);
      error.httpStatusCode = 500;
      return next(error)
    })
}

Attention : Ici on a une route .get ce qui signifie que n'importe qui peut placer des elements dans le cart puis se diriger vers checkout/success et la commande sera enregistrée ! PAR CONTRE il n'y aura aucuns paiements sur Stripe ! Donc on peux croiser les sources entre nos commandes recues sur le site et les paiments sur Stripe.

Sinon pour les app de plus grandes echelles on peut mettre en place d'autres moyens de verifier tout ca : https://stripe.com/docs/payments