taler/exchange
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

integrate DELETE into dispatcher, remove legacy KYC code

Browse Source
This commit is contained in:
Christian Grothoff 2022-12-28 22:16:03 +01:00
parent 2f993d3ee3
commit b554501621
No known key found for this signature in database
GPG Key ID: 939E6BE1E29FC3CC
5 changed files with 51 additions and 410 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
src/exchange/exchange.conf
View File

@ -113,32 +113,3 @@ PRIVACY_DIR = $DATADIR/exchange/pp/
# Etag / filename for the privacy policy.
PRIVACY_ETAG = pp-v0
# Set to NONE to disable KYC checks.
# Set to "OAUTH2" to use OAuth 2.0 for KYC authorization.
KYC_MODE = NONE
# Balance threshold above which wallets are told
# to undergo a KYC check at the exchange. Optional,
# if not given there is no limit.
# KYC_WALLET_BALANCE_LIMIT = CURRENCY:150
#
# KYC_WITHDRAW_PERIOD = 1 month
[exchange-kyc-oauth2]
# URL of the OAuth endpoint for KYC checks
# KYC_OAUTH2_URL =
# URL of the "information" endpoint for KYC checks
# KYC_INFO_URL =
# KYC Oauth client ID.
# KYC_OAUTH2_CLIENT_ID =
# KYC Client secret used to obtain access tokens.
# KYC_OAUTH2_CLIENT_SECRET =
# Where to redirect clients after successful
# authorization?
# KYC_OAUTH2_POST_URL = https://bank.com/

281
src/exchange/taler-exchange-httpd.c
View File

@ -115,11 +115,6 @@ struct TALER_AgeRestrictionConfig TEH_age_restriction_config = {0};
*/
static struct MHD_Daemon *mhd;
/**
* Our KYC configuration.
*/
struct TEH_KycOptions TEH_kyc_config;
/**
* How long is caching /keys allowed at most? (global)
*/
@ -732,12 +727,16 @@ proceed_with_handler (struct TEH_RequestContext *rc,
/* Above logic ensures that 'root' is exactly non-NULL for POST operations,
so we test for 'root' to decide which handler to invoke. */
if (NULL != root)
if (0 == strcasecmp (rh->method,
MHD_HTTP_METHOD_POST))
ret = rh->handler.post (rc,
root,
args);
else /* We also only have "POST" or "GET" in the API for at this point
(OPTIONS/HEAD are taken care of earlier) */
else if (0 == strcasecmp (rh->method,
MHD_HTTP_METHOD_DELETE))
ret = rh->handler.delete (rc,
args);
else /* Only GET left */
ret = rh->handler.get (rc,
args);
}
@ -975,7 +974,7 @@ handle_post_management (struct TEH_RequestContext *rc,
/**
* Handle a get "/management" request.
* Handle a GET "/management" request.
*
* @param rc request context
* @param args array of additional options (must be [0] == "keys")
@ -1225,7 +1224,7 @@ handle_mhd_request (void *cls,
.url = "purses",
.method = MHD_HTTP_METHOD_POST,
.handler.post = &handle_post_purses,
.nargs = 2 // ??
.nargs = 2
},
/* Getting purse status */
{
@ -1234,6 +1233,13 @@ handle_mhd_request (void *cls,
.handler.get = &TEH_handler_purses_get,
.nargs = 2
},
/* Deleting purse */
{
.url = "purses",
.method = MHD_HTTP_METHOD_DELETE,
.handler.delete = &TEH_handler_purses_delete,
.nargs = 1
},
/* Getting contracts */
{
.url = "contracts",
@ -1525,185 +1531,6 @@ handle_mhd_request (void *cls,
}
/**
* Load general KYC configuration parameters for the exchange server into the
* #TEH_kyc_config variable.
*
* @return #GNUNET_OK on success
*/
static enum GNUNET_GenericReturnValue
parse_kyc_settings (void)
{
if (GNUNET_OK !=
GNUNET_CONFIGURATION_get_value_time (TEH_cfg,
"exchange",
"KYC_WITHDRAW_PERIOD",
&TEH_kyc_config.withdraw_period))
{
GNUNET_log_config_invalid (GNUNET_ERROR_TYPE_ERROR,
"exchange",
"KYC_WITHDRAW_PERIOD",
"valid relative time expected");
return GNUNET_SYSERR;
}
if (GNUNET_TIME_relative_is_zero (TEH_kyc_config.withdraw_period))
return GNUNET_OK;
if (GNUNET_OK !=
TALER_config_get_amount (TEH_cfg,
"exchange",
"KYC_WITHDRAW_LIMIT",
&TEH_kyc_config.withdraw_limit))
return GNUNET_SYSERR;
if (0 != strcasecmp (TEH_kyc_config.withdraw_limit.currency,
TEH_currency))
{
GNUNET_log_config_invalid (GNUNET_ERROR_TYPE_ERROR,
"exchange",
"KYC_WITHDRAW_LIMIT",
"currency mismatch");
return GNUNET_SYSERR;
}
return GNUNET_OK;
}
/**
* Load OAuth2.0 configuration parameters for the exchange server into the
* #TEH_kyc_config variable.
*
* @return #GNUNET_OK on success
*/
static enum GNUNET_GenericReturnValue
parse_kyc_oauth_cfg (void)
{
char *s;
if (GNUNET_OK !=
GNUNET_CONFIGURATION_get_value_string (TEH_cfg,
"exchange-kyc-oauth2",
"KYC_OAUTH2_AUTH_URL",
&s))
{
GNUNET_log_config_missing (GNUNET_ERROR_TYPE_ERROR,
"exchange-kyc-oauth2",
"KYC_OAUTH2_AUTH_URL");
return GNUNET_SYSERR;
}
if ( (! TALER_url_valid_charset (s)) ||
( (0 != strncasecmp (s,
"http://",
strlen ("http://"))) &&
(0 != strncasecmp (s,
"https://",
strlen ("https://"))) ) )
{
GNUNET_log_config_invalid (GNUNET_ERROR_TYPE_ERROR,
"exchange-kyc-oauth2",
"KYC_OAUTH2_AUTH_URL",
"not a valid URL");
GNUNET_free (s);
return GNUNET_SYSERR;
}
TEH_kyc_config.details.oauth2.auth_url = s;
if (GNUNET_OK !=
GNUNET_CONFIGURATION_get_value_string (TEH_cfg,
"exchange-kyc-oauth2",
"KYC_OAUTH2_LOGIN_URL",
&s))
{
GNUNET_log_config_missing (GNUNET_ERROR_TYPE_ERROR,
"exchange-kyc-oauth2",
"KYC_OAUTH2_LOGIN_URL");
return GNUNET_SYSERR;
}
if ( (! TALER_url_valid_charset (s)) ||
( (0 != strncasecmp (s,
"http://",
strlen ("http://"))) &&
(0 != strncasecmp (s,
"https://",
strlen ("https://"))) ) )
{
GNUNET_log_config_invalid (GNUNET_ERROR_TYPE_ERROR,
"exchange-kyc-oauth2",
"KYC_OAUTH2_LOGIN_URL",
"not a valid URL");
GNUNET_free (s);
return GNUNET_SYSERR;
}
TEH_kyc_config.details.oauth2.login_url = s;
if (GNUNET_OK !=
GNUNET_CONFIGURATION_get_value_string (TEH_cfg,
"exchange-kyc-oauth2",
"KYC_INFO_URL",
&s))
{
GNUNET_log_config_missing (GNUNET_ERROR_TYPE_ERROR,
"exchange-kyc-oauth2",
"KYC_INFO_URL");
return GNUNET_SYSERR;
}
if ( (! TALER_url_valid_charset (s)) ||
( (0 != strncasecmp (s,
"http://",
strlen ("http://"))) &&
(0 != strncasecmp (s,
"https://",
strlen ("https://"))) ) )
{
GNUNET_log_config_invalid (GNUNET_ERROR_TYPE_ERROR,
"exchange-kyc-oauth2",
"KYC_INFO_URL",
"not a valid URL");
GNUNET_free (s);
return GNUNET_SYSERR;
}
TEH_kyc_config.details.oauth2.info_url = s;
if (GNUNET_OK !=
GNUNET_CONFIGURATION_get_value_string (TEH_cfg,
"exchange-kyc-oauth2",
"KYC_OAUTH2_CLIENT_ID",
&s))
{
GNUNET_log_config_missing (GNUNET_ERROR_TYPE_ERROR,
"exchange-kyc-oauth2",
"KYC_OAUTH2_CLIENT_ID");
return GNUNET_SYSERR;
}
TEH_kyc_config.details.oauth2.client_id = s;
if (GNUNET_OK !=
GNUNET_CONFIGURATION_get_value_string (TEH_cfg,
"exchange-kyc-oauth2",
"KYC_OAUTH2_CLIENT_SECRET",
&s))
{
GNUNET_log_config_missing (GNUNET_ERROR_TYPE_ERROR,
"exchange-kyc-oauth2",
"KYC_OAUTH2_CLIENT_SECRET");
return GNUNET_SYSERR;
}
TEH_kyc_config.details.oauth2.client_secret = s;
if (GNUNET_OK !=
GNUNET_CONFIGURATION_get_value_string (TEH_cfg,
"exchange-kyc-oauth2",
"KYC_OAUTH2_POST_URL",
&s))
{
GNUNET_log_config_missing (GNUNET_ERROR_TYPE_ERROR,
"exchange-kyc-oauth2",
"KYC_OAUTH2_POST_URL");
return GNUNET_SYSERR;
}
TEH_kyc_config.details.oauth2.post_kyc_redirect_url = s;
return GNUNET_OK;
}
/**
* Load configuration parameters for the exchange
* server into the corresponding global variables.
@ -1718,47 +1545,6 @@ exchange_serve_process_config (void)
{
return GNUNET_SYSERR;
}
{
char *kyc_mode;
if (GNUNET_OK !=
GNUNET_CONFIGURATION_get_value_string (TEH_cfg,
"exchange",
"KYC_MODE",
&kyc_mode))
{
GNUNET_log_config_missing (GNUNET_ERROR_TYPE_ERROR,
"exchange",
"KYC_MODE");
return GNUNET_SYSERR;
}
if (0 == strcasecmp (kyc_mode,
"NONE"))
{
TEH_kyc_config.mode = TEH_KYC_NONE;
}
else if (0 == strcasecmp (kyc_mode,
"OAUTH2"))
{
TEH_kyc_config.mode = TEH_KYC_OAUTH2;
if (GNUNET_OK !=
parse_kyc_oauth_cfg ())
{
GNUNET_free (kyc_mode);
return GNUNET_SYSERR;
}
}
else
{
GNUNET_log_config_invalid (GNUNET_ERROR_TYPE_ERROR,
"exchange",
"KYC_MODE",
"Must be 'NONE' or 'OAUTH2'");
GNUNET_free (kyc_mode);
return GNUNET_SYSERR;
}
GNUNET_free (kyc_mode);
}
if (GNUNET_OK !=
GNUNET_CONFIGURATION_get_value_number (TEH_cfg,
"exchange",
@ -1823,35 +1609,6 @@ exchange_serve_process_config (void)
return GNUNET_SYSERR;
}
if (TEH_KYC_NONE != TEH_kyc_config.mode)
{
if (GNUNET_YES ==
GNUNET_CONFIGURATION_have_value (TEH_cfg,
"exchange",
"KYC_WALLET_BALANCE_LIMIT"))
{
if ( (GNUNET_OK !=
TALER_config_get_amount (TEH_cfg,
"exchange",
"KYC_WALLET_BALANCE_LIMIT",
&TEH_kyc_config.wallet_balance_limit)) ||
(0 != strcasecmp (TEH_currency,
TEH_kyc_config.wallet_balance_limit.currency)) )
{
GNUNET_log_config_invalid (GNUNET_ERROR_TYPE_ERROR,
"exchange",
"KYC_WALLET_BALANCE_LIMIT",
"valid amount expected");
return GNUNET_SYSERR;
}
}
else
{
memset (&TEH_kyc_config.wallet_balance_limit,
0,
sizeof (TEH_kyc_config.wallet_balance_limit));
}
}
{
char *master_public_key_str;
@ -1882,12 +1639,6 @@ exchange_serve_process_config (void)
}
GNUNET_free (master_public_key_str);
}
if (TEH_KYC_NONE != TEH_kyc_config.mode)
{
if (GNUNET_OK !=
parse_kyc_settings ())
return GNUNET_SYSERR;
}
GNUNET_log (GNUNET_ERROR_TYPE_INFO,
"Launching exchange with public key `%s'...\n",
GNUNET_p2s (&TEH_master_public_key.eddsa_pub));

121
src/exchange/taler-exchange-httpd.h
View File

@ -31,111 +31,6 @@
#include <gnunet/gnunet_mhd_compat.h>
/* ************* NOTE: OLD KYC logic,***********
new logic is in taler-exchange-httpd_kyc.h!
********************************************* */
/**
* Enumeration for our KYC modes.
*/
enum TEH_KycMode
{
/**
* KYC is disabled.
*/
TEH_KYC_NONE = 0,
/**
* We use Oauth2.0.
*/
TEH_KYC_OAUTH2 = 1
};
/**
* Structure describing our KYC configuration.
*/
struct TEH_KycOptions
{
/**
* What KYC mode are we in?
*/
enum TEH_KycMode mode;
/**
* Maximum amount that can be withdrawn in @e withdraw_period without
* needing KYC.
* Only valid if @e mode is not #TEH_KYC_NONE and
* if @e withdraw_period is non-zero.
*/
struct TALER_Amount withdraw_limit;
/**
* Maximum balance a wallet can hold without
* needing KYC.
* Only valid if @e mode is not #TEH_KYC_NONE and
* if the amount specified is valid.
*/
struct TALER_Amount wallet_balance_limit;
/**
* Time period over which @e withdraw_limit applies.
* Only valid if @e mode is not #TEH_KYC_NONE.
*/
struct GNUNET_TIME_Relative withdraw_period;
/**
* Details depending on @e mode.
*/
union
{
/**
* Configuration details if @e mode is #TEH_KYC_OAUTH2.
*/
struct
{
/**
* URL of the OAuth2.0 endpoint for KYC checks.
* (token/auth)
*/
char *auth_url;
/**
* URL of the OAuth2.0 endpoint for KYC checks.
*/
char *login_url;
/**
* URL of the user info access endpoint.
*/
char *info_url;
/**
* Our client ID for OAuth2.0.
*/
char *client_id;
/**
* Our client secret for OAuth2.0.
*/
char *client_secret;
/**
* Where to redirect clients after the
* Web-based KYC process is done?
*/
char *post_kyc_redirect_url;
} oauth2;
} details;
};
extern struct TEH_KycOptions TEH_kyc_config;
/**
* How long is caching /keys allowed at most?
*/
@ -301,11 +196,10 @@ struct TEH_RequestHandler
union
{
/**
* Function to call to handle a GET requests (and those
* Function to call to handle GET requests (and those
* with @e method NULL).
*
* @param rc context for the request
* @param mime_type the @e mime_type for the reply (hint, can be NULL)
* @param args array of arguments, needs to be of length @e args_expected
* @return MHD result code
*/
@ -315,7 +209,7 @@ struct TEH_RequestHandler
/**
* Function to call to handle a POST request.
* Function to call to handle POST requests.
*
* @param rc context for the request
* @param json uploaded JSON data
@ -327,6 +221,17 @@ struct TEH_RequestHandler
const json_t *root,
const char *const args[]);
/**
* Function to call to handle DELETE requests.
*
* @param rc context for the request
* @param args array of arguments, needs to be of length @e args_expected
* @return MHD result code
*/
MHD_RESULT
(*delete)(struct TEH_RequestContext *rc,
const char *const args[]);
} handler;
/**

22
src/exchange/taler-exchange-httpd_purses_delete.c
View File

@ -35,13 +35,27 @@
MHD_RESULT
TEH_handler_purses_delete (
struct MHD_Connection *connection,
const struct TALER_PurseContractPublicKeyP *purse_pub)
struct TEH_RequestContext *rc,
const char *const args[1])
{
struct MHD_Connection *connection = rc->connection;
struct TALER_PurseContractPublicKeyP purse_pub;
struct TALER_PurseContractSignatureP purse_sig;
bool found;
bool decided;
if (GNUNET_OK !=
GNUNET_STRINGS_string_to_data (args[0],
strlen (args[0]),
&purse_pub,
sizeof (purse_pub)))
{
GNUNET_break_op (0);
return TALER_MHD_reply_with_error (connection,
MHD_HTTP_BAD_REQUEST,
TALER_EC_EXCHANGE_GENERIC_PURSE_PUB_MALFORMED,
args[0]);
}
{
const char *sig;
@ -66,7 +80,7 @@ TEH_handler_purses_delete (
}
if (GNUNET_OK !=
TALER_wallet_purse_delete_verify (purse_pub,
TALER_wallet_purse_delete_verify (&purse_pub,
&purse_sig))
{
TALER_LOG_WARNING ("Invalid signature on /purses/$PID/delete request\n");
@ -89,7 +103,7 @@ TEH_handler_purses_delete (
enum GNUNET_DB_QueryStatus qs;
qs = TEH_plugin->do_purse_delete (TEH_plugin->cls,
purse_pub,
&purse_pub,
&purse_sig,
&decided,
&found);

8
src/exchange/taler-exchange-httpd_purses_delete.h
View File

@ -29,14 +29,14 @@
/**
* Handle a DELETE "/purses/$PURSE_PUB" request.
*
* @param connection the MHD connection to handle
* @param purse_pub public key of the purse
* @param rc request details about the request to handle
* @param args argument with the public key of the purse
* @return MHD result code
*/
MHD_RESULT
TEH_handler_purses_delete (
struct MHD_Connection *connection,
const struct TALER_PurseContractPublicKeyP *purse_pub);
struct TEH_RequestContext *rc,
const char *const args[1]);
#endif