From b554501621913b9fef71a2652ba10ebabd7849f4 Mon Sep 17 00:00:00 2001 From: Christian Grothoff Date: Wed, 28 Dec 2022 22:16:03 +0100 Subject: [PATCH] integrate DELETE into dispatcher, remove legacy KYC code --- src/exchange/exchange.conf | 29 -- src/exchange/taler-exchange-httpd.c | 281 +----------------- src/exchange/taler-exchange-httpd.h | 121 +------- .../taler-exchange-httpd_purses_delete.c | 22 +- .../taler-exchange-httpd_purses_delete.h | 8 +- 5 files changed, 51 insertions(+), 410 deletions(-) diff --git a/src/exchange/exchange.conf b/src/exchange/exchange.conf index d662cdd0e..758e77c97 100644 --- a/src/exchange/exchange.conf +++ b/src/exchange/exchange.conf @@ -113,32 +113,3 @@ PRIVACY_DIR = $DATADIR/exchange/pp/ # Etag / filename for the privacy policy. PRIVACY_ETAG = pp-v0 - -# Set to NONE to disable KYC checks. -# Set to "OAUTH2" to use OAuth 2.0 for KYC authorization. -KYC_MODE = NONE - -# Balance threshold above which wallets are told -# to undergo a KYC check at the exchange. Optional, -# if not given there is no limit. -# KYC_WALLET_BALANCE_LIMIT = CURRENCY:150 -# -# KYC_WITHDRAW_PERIOD = 1 month - -[exchange-kyc-oauth2] - -# URL of the OAuth endpoint for KYC checks -# KYC_OAUTH2_URL = - -# URL of the "information" endpoint for KYC checks -# KYC_INFO_URL = - -# KYC Oauth client ID. -# KYC_OAUTH2_CLIENT_ID = - -# KYC Client secret used to obtain access tokens. -# KYC_OAUTH2_CLIENT_SECRET = - -# Where to redirect clients after successful -# authorization? -# KYC_OAUTH2_POST_URL = https://bank.com/ diff --git a/src/exchange/taler-exchange-httpd.c b/src/exchange/taler-exchange-httpd.c index 4b64dfd54..76b388896 100644 --- a/src/exchange/taler-exchange-httpd.c +++ b/src/exchange/taler-exchange-httpd.c @@ -115,11 +115,6 @@ struct TALER_AgeRestrictionConfig TEH_age_restriction_config = {0}; */ static struct MHD_Daemon *mhd; -/** - * Our KYC configuration. - */ -struct TEH_KycOptions TEH_kyc_config; - /** * How long is caching /keys allowed at most? (global) */ @@ -732,12 +727,16 @@ proceed_with_handler (struct TEH_RequestContext *rc, /* Above logic ensures that 'root' is exactly non-NULL for POST operations, so we test for 'root' to decide which handler to invoke. */ - if (NULL != root) + if (0 == strcasecmp (rh->method, + MHD_HTTP_METHOD_POST)) ret = rh->handler.post (rc, root, args); - else /* We also only have "POST" or "GET" in the API for at this point - (OPTIONS/HEAD are taken care of earlier) */ + else if (0 == strcasecmp (rh->method, + MHD_HTTP_METHOD_DELETE)) + ret = rh->handler.delete (rc, + args); + else /* Only GET left */ ret = rh->handler.get (rc, args); } @@ -975,7 +974,7 @@ handle_post_management (struct TEH_RequestContext *rc, /** - * Handle a get "/management" request. + * Handle a GET "/management" request. * * @param rc request context * @param args array of additional options (must be [0] == "keys") @@ -1225,7 +1224,7 @@ handle_mhd_request (void *cls, .url = "purses", .method = MHD_HTTP_METHOD_POST, .handler.post = &handle_post_purses, - .nargs = 2 // ?? + .nargs = 2 }, /* Getting purse status */ { @@ -1234,6 +1233,13 @@ handle_mhd_request (void *cls, .handler.get = &TEH_handler_purses_get, .nargs = 2 }, + /* Deleting purse */ + { + .url = "purses", + .method = MHD_HTTP_METHOD_DELETE, + .handler.delete = &TEH_handler_purses_delete, + .nargs = 1 + }, /* Getting contracts */ { .url = "contracts", @@ -1525,185 +1531,6 @@ handle_mhd_request (void *cls, } -/** - * Load general KYC configuration parameters for the exchange server into the - * #TEH_kyc_config variable. - * - * @return #GNUNET_OK on success - */ -static enum GNUNET_GenericReturnValue -parse_kyc_settings (void) -{ - if (GNUNET_OK != - GNUNET_CONFIGURATION_get_value_time (TEH_cfg, - "exchange", - "KYC_WITHDRAW_PERIOD", - &TEH_kyc_config.withdraw_period)) - { - GNUNET_log_config_invalid (GNUNET_ERROR_TYPE_ERROR, - "exchange", - "KYC_WITHDRAW_PERIOD", - "valid relative time expected"); - return GNUNET_SYSERR; - } - if (GNUNET_TIME_relative_is_zero (TEH_kyc_config.withdraw_period)) - return GNUNET_OK; - if (GNUNET_OK != - TALER_config_get_amount (TEH_cfg, - "exchange", - "KYC_WITHDRAW_LIMIT", - &TEH_kyc_config.withdraw_limit)) - return GNUNET_SYSERR; - if (0 != strcasecmp (TEH_kyc_config.withdraw_limit.currency, - TEH_currency)) - { - GNUNET_log_config_invalid (GNUNET_ERROR_TYPE_ERROR, - "exchange", - "KYC_WITHDRAW_LIMIT", - "currency mismatch"); - return GNUNET_SYSERR; - } - return GNUNET_OK; -} - - -/** - * Load OAuth2.0 configuration parameters for the exchange server into the - * #TEH_kyc_config variable. - * - * @return #GNUNET_OK on success - */ -static enum GNUNET_GenericReturnValue -parse_kyc_oauth_cfg (void) -{ - char *s; - - if (GNUNET_OK != - GNUNET_CONFIGURATION_get_value_string (TEH_cfg, - "exchange-kyc-oauth2", - "KYC_OAUTH2_AUTH_URL", - &s)) - { - GNUNET_log_config_missing (GNUNET_ERROR_TYPE_ERROR, - "exchange-kyc-oauth2", - "KYC_OAUTH2_AUTH_URL"); - return GNUNET_SYSERR; - } - if ( (! TALER_url_valid_charset (s)) || - ( (0 != strncasecmp (s, - "http://", - strlen ("http://"))) && - (0 != strncasecmp (s, - "https://", - strlen ("https://"))) ) ) - { - GNUNET_log_config_invalid (GNUNET_ERROR_TYPE_ERROR, - "exchange-kyc-oauth2", - "KYC_OAUTH2_AUTH_URL", - "not a valid URL"); - GNUNET_free (s); - return GNUNET_SYSERR; - } - TEH_kyc_config.details.oauth2.auth_url = s; - - if (GNUNET_OK != - GNUNET_CONFIGURATION_get_value_string (TEH_cfg, - "exchange-kyc-oauth2", - "KYC_OAUTH2_LOGIN_URL", - &s)) - { - GNUNET_log_config_missing (GNUNET_ERROR_TYPE_ERROR, - "exchange-kyc-oauth2", - "KYC_OAUTH2_LOGIN_URL"); - return GNUNET_SYSERR; - } - if ( (! TALER_url_valid_charset (s)) || - ( (0 != strncasecmp (s, - "http://", - strlen ("http://"))) && - (0 != strncasecmp (s, - "https://", - strlen ("https://"))) ) ) - { - GNUNET_log_config_invalid (GNUNET_ERROR_TYPE_ERROR, - "exchange-kyc-oauth2", - "KYC_OAUTH2_LOGIN_URL", - "not a valid URL"); - GNUNET_free (s); - return GNUNET_SYSERR; - } - TEH_kyc_config.details.oauth2.login_url = s; - - if (GNUNET_OK != - GNUNET_CONFIGURATION_get_value_string (TEH_cfg, - "exchange-kyc-oauth2", - "KYC_INFO_URL", - &s)) - { - GNUNET_log_config_missing (GNUNET_ERROR_TYPE_ERROR, - "exchange-kyc-oauth2", - "KYC_INFO_URL"); - return GNUNET_SYSERR; - } - if ( (! TALER_url_valid_charset (s)) || - ( (0 != strncasecmp (s, - "http://", - strlen ("http://"))) && - (0 != strncasecmp (s, - "https://", - strlen ("https://"))) ) ) - { - GNUNET_log_config_invalid (GNUNET_ERROR_TYPE_ERROR, - "exchange-kyc-oauth2", - "KYC_INFO_URL", - "not a valid URL"); - GNUNET_free (s); - return GNUNET_SYSERR; - } - TEH_kyc_config.details.oauth2.info_url = s; - - if (GNUNET_OK != - GNUNET_CONFIGURATION_get_value_string (TEH_cfg, - "exchange-kyc-oauth2", - "KYC_OAUTH2_CLIENT_ID", - &s)) - { - GNUNET_log_config_missing (GNUNET_ERROR_TYPE_ERROR, - "exchange-kyc-oauth2", - "KYC_OAUTH2_CLIENT_ID"); - return GNUNET_SYSERR; - } - TEH_kyc_config.details.oauth2.client_id = s; - - if (GNUNET_OK != - GNUNET_CONFIGURATION_get_value_string (TEH_cfg, - "exchange-kyc-oauth2", - "KYC_OAUTH2_CLIENT_SECRET", - &s)) - { - GNUNET_log_config_missing (GNUNET_ERROR_TYPE_ERROR, - "exchange-kyc-oauth2", - "KYC_OAUTH2_CLIENT_SECRET"); - return GNUNET_SYSERR; - } - TEH_kyc_config.details.oauth2.client_secret = s; - - if (GNUNET_OK != - GNUNET_CONFIGURATION_get_value_string (TEH_cfg, - "exchange-kyc-oauth2", - "KYC_OAUTH2_POST_URL", - &s)) - { - GNUNET_log_config_missing (GNUNET_ERROR_TYPE_ERROR, - "exchange-kyc-oauth2", - "KYC_OAUTH2_POST_URL"); - return GNUNET_SYSERR; - } - TEH_kyc_config.details.oauth2.post_kyc_redirect_url = s; - return GNUNET_OK; -} - - /** * Load configuration parameters for the exchange * server into the corresponding global variables. @@ -1718,47 +1545,6 @@ exchange_serve_process_config (void) { return GNUNET_SYSERR; } - { - char *kyc_mode; - - if (GNUNET_OK != - GNUNET_CONFIGURATION_get_value_string (TEH_cfg, - "exchange", - "KYC_MODE", - &kyc_mode)) - { - GNUNET_log_config_missing (GNUNET_ERROR_TYPE_ERROR, - "exchange", - "KYC_MODE"); - return GNUNET_SYSERR; - } - if (0 == strcasecmp (kyc_mode, - "NONE")) - { - TEH_kyc_config.mode = TEH_KYC_NONE; - } - else if (0 == strcasecmp (kyc_mode, - "OAUTH2")) - { - TEH_kyc_config.mode = TEH_KYC_OAUTH2; - if (GNUNET_OK != - parse_kyc_oauth_cfg ()) - { - GNUNET_free (kyc_mode); - return GNUNET_SYSERR; - } - } - else - { - GNUNET_log_config_invalid (GNUNET_ERROR_TYPE_ERROR, - "exchange", - "KYC_MODE", - "Must be 'NONE' or 'OAUTH2'"); - GNUNET_free (kyc_mode); - return GNUNET_SYSERR; - } - GNUNET_free (kyc_mode); - } if (GNUNET_OK != GNUNET_CONFIGURATION_get_value_number (TEH_cfg, "exchange", @@ -1823,35 +1609,6 @@ exchange_serve_process_config (void) return GNUNET_SYSERR; } - if (TEH_KYC_NONE != TEH_kyc_config.mode) - { - if (GNUNET_YES == - GNUNET_CONFIGURATION_have_value (TEH_cfg, - "exchange", - "KYC_WALLET_BALANCE_LIMIT")) - { - if ( (GNUNET_OK != - TALER_config_get_amount (TEH_cfg, - "exchange", - "KYC_WALLET_BALANCE_LIMIT", - &TEH_kyc_config.wallet_balance_limit)) || - (0 != strcasecmp (TEH_currency, - TEH_kyc_config.wallet_balance_limit.currency)) ) - { - GNUNET_log_config_invalid (GNUNET_ERROR_TYPE_ERROR, - "exchange", - "KYC_WALLET_BALANCE_LIMIT", - "valid amount expected"); - return GNUNET_SYSERR; - } - } - else - { - memset (&TEH_kyc_config.wallet_balance_limit, - 0, - sizeof (TEH_kyc_config.wallet_balance_limit)); - } - } { char *master_public_key_str; @@ -1882,12 +1639,6 @@ exchange_serve_process_config (void) } GNUNET_free (master_public_key_str); } - if (TEH_KYC_NONE != TEH_kyc_config.mode) - { - if (GNUNET_OK != - parse_kyc_settings ()) - return GNUNET_SYSERR; - } GNUNET_log (GNUNET_ERROR_TYPE_INFO, "Launching exchange with public key `%s'...\n", GNUNET_p2s (&TEH_master_public_key.eddsa_pub)); diff --git a/src/exchange/taler-exchange-httpd.h b/src/exchange/taler-exchange-httpd.h index 67b8e75d0..2be26f14d 100644 --- a/src/exchange/taler-exchange-httpd.h +++ b/src/exchange/taler-exchange-httpd.h @@ -31,111 +31,6 @@ #include -/* ************* NOTE: OLD KYC logic,*********** - new logic is in taler-exchange-httpd_kyc.h! - ********************************************* */ - -/** - * Enumeration for our KYC modes. - */ -enum TEH_KycMode -{ - /** - * KYC is disabled. - */ - TEH_KYC_NONE = 0, - - /** - * We use Oauth2.0. - */ - TEH_KYC_OAUTH2 = 1 -}; - - -/** - * Structure describing our KYC configuration. - */ -struct TEH_KycOptions -{ - /** - * What KYC mode are we in? - */ - enum TEH_KycMode mode; - - /** - * Maximum amount that can be withdrawn in @e withdraw_period without - * needing KYC. - * Only valid if @e mode is not #TEH_KYC_NONE and - * if @e withdraw_period is non-zero. - */ - struct TALER_Amount withdraw_limit; - - /** - * Maximum balance a wallet can hold without - * needing KYC. - * Only valid if @e mode is not #TEH_KYC_NONE and - * if the amount specified is valid. - */ - struct TALER_Amount wallet_balance_limit; - - /** - * Time period over which @e withdraw_limit applies. - * Only valid if @e mode is not #TEH_KYC_NONE. - */ - struct GNUNET_TIME_Relative withdraw_period; - - /** - * Details depending on @e mode. - */ - union - { - - /** - * Configuration details if @e mode is #TEH_KYC_OAUTH2. - */ - struct - { - - /** - * URL of the OAuth2.0 endpoint for KYC checks. - * (token/auth) - */ - char *auth_url; - - /** - * URL of the OAuth2.0 endpoint for KYC checks. - */ - char *login_url; - - /** - * URL of the user info access endpoint. - */ - char *info_url; - - /** - * Our client ID for OAuth2.0. - */ - char *client_id; - - /** - * Our client secret for OAuth2.0. - */ - char *client_secret; - - /** - * Where to redirect clients after the - * Web-based KYC process is done? - */ - char *post_kyc_redirect_url; - - } oauth2; - - } details; -}; - - -extern struct TEH_KycOptions TEH_kyc_config; - /** * How long is caching /keys allowed at most? */ @@ -301,11 +196,10 @@ struct TEH_RequestHandler union { /** - * Function to call to handle a GET requests (and those + * Function to call to handle GET requests (and those * with @e method NULL). * * @param rc context for the request - * @param mime_type the @e mime_type for the reply (hint, can be NULL) * @param args array of arguments, needs to be of length @e args_expected * @return MHD result code */ @@ -315,7 +209,7 @@ struct TEH_RequestHandler /** - * Function to call to handle a POST request. + * Function to call to handle POST requests. * * @param rc context for the request * @param json uploaded JSON data @@ -327,6 +221,17 @@ struct TEH_RequestHandler const json_t *root, const char *const args[]); + /** + * Function to call to handle DELETE requests. + * + * @param rc context for the request + * @param args array of arguments, needs to be of length @e args_expected + * @return MHD result code + */ + MHD_RESULT + (*delete)(struct TEH_RequestContext *rc, + const char *const args[]); + } handler; /** diff --git a/src/exchange/taler-exchange-httpd_purses_delete.c b/src/exchange/taler-exchange-httpd_purses_delete.c index 34ab11b51..f4106a664 100644 --- a/src/exchange/taler-exchange-httpd_purses_delete.c +++ b/src/exchange/taler-exchange-httpd_purses_delete.c @@ -35,13 +35,27 @@ MHD_RESULT TEH_handler_purses_delete ( - struct MHD_Connection *connection, - const struct TALER_PurseContractPublicKeyP *purse_pub) + struct TEH_RequestContext *rc, + const char *const args[1]) { + struct MHD_Connection *connection = rc->connection; + struct TALER_PurseContractPublicKeyP purse_pub; struct TALER_PurseContractSignatureP purse_sig; bool found; bool decided; + if (GNUNET_OK != + GNUNET_STRINGS_string_to_data (args[0], + strlen (args[0]), + &purse_pub, + sizeof (purse_pub))) + { + GNUNET_break_op (0); + return TALER_MHD_reply_with_error (connection, + MHD_HTTP_BAD_REQUEST, + TALER_EC_EXCHANGE_GENERIC_PURSE_PUB_MALFORMED, + args[0]); + } { const char *sig; @@ -66,7 +80,7 @@ TEH_handler_purses_delete ( } if (GNUNET_OK != - TALER_wallet_purse_delete_verify (purse_pub, + TALER_wallet_purse_delete_verify (&purse_pub, &purse_sig)) { TALER_LOG_WARNING ("Invalid signature on /purses/$PID/delete request\n"); @@ -89,7 +103,7 @@ TEH_handler_purses_delete ( enum GNUNET_DB_QueryStatus qs; qs = TEH_plugin->do_purse_delete (TEH_plugin->cls, - purse_pub, + &purse_pub, &purse_sig, &decided, &found); diff --git a/src/exchange/taler-exchange-httpd_purses_delete.h b/src/exchange/taler-exchange-httpd_purses_delete.h index 15da21639..912dd43a8 100644 --- a/src/exchange/taler-exchange-httpd_purses_delete.h +++ b/src/exchange/taler-exchange-httpd_purses_delete.h @@ -29,14 +29,14 @@ /** * Handle a DELETE "/purses/$PURSE_PUB" request. * - * @param connection the MHD connection to handle - * @param purse_pub public key of the purse + * @param rc request details about the request to handle + * @param args argument with the public key of the purse * @return MHD result code */ MHD_RESULT TEH_handler_purses_delete ( - struct MHD_Connection *connection, - const struct TALER_PurseContractPublicKeyP *purse_pub); + struct TEH_RequestContext *rc, + const char *const args[1]); #endif