/*
This file is part of TALER
(C) 2016 GNUnet e.V.
TALER is free software; you can redistribute it and/or modify it under the
terms of the GNU General Public License as published by the Free Software
Foundation; either version 3, or (at your option) any later version.
TALER is distributed in the hope that it will be useful, but WITHOUT ANY
WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
A PARTICULAR PURPOSE. See the GNU General Public License for more details.
You should have received a copy of the GNU General Public License along with
TALER; see the file COPYING. If not, see
*/
/**
* Messaging for the WebExtensions wallet. Should contain
* parts that are specific for WebExtensions, but as little business
* logic as possible.
*/
/**
* Imports.
*/
import { BrowserHttpLib } from "../http";
import * as logging from "../logging";
import {
Index,
Store,
} from "../query";
import {
AmountJson,
Notifier,
ProposalRecord,
} from "../types";
import {
ConfirmReserveRequest,
CreateReserveRequest,
Stores,
Wallet,
} from "../wallet";
import { ChromeBadge } from "./chromeBadge";
import { MessageType } from "./messages";
import URI = require("urijs");
import Port = chrome.runtime.Port;
import MessageSender = chrome.runtime.MessageSender;
const DB_NAME = "taler";
/**
* Current database version, should be incremented
* each time we do incompatible schema changes on the database.
* In the future we might consider adding migration functions for
* each version increment.
*/
const DB_VERSION = 17;
function handleMessage(db: IDBDatabase,
wallet: Wallet,
sender: MessageSender,
type: MessageType, detail: any): any {
function assertNotFound(t: never): never {
console.error(`Request type ${t as string} unknown`);
console.error(`Request detail was ${detail}`);
return { error: "request unknown", requestType: type } as never;
}
switch (type) {
case "balances":
return wallet.getBalances();
case "dump-db":
return exportDb(db);
case "import-db":
return importDb(db, detail.dump);
case "get-tab-cookie":
if (!sender || !sender.tab || !sender.tab.id) {
return Promise.resolve();
}
const id: number = sender.tab.id;
const info: any = paymentRequestCookies[id] as any;
delete paymentRequestCookies[id];
return Promise.resolve(info);
case "ping":
return Promise.resolve();
case "reset":
if (db) {
const tx = db.transaction(Array.from(db.objectStoreNames), "readwrite");
// tslint:disable-next-line:prefer-for-of
for (let i = 0; i < db.objectStoreNames.length; i++) {
tx.objectStore(db.objectStoreNames[i]).clear();
}
}
deleteDb();
chrome.browserAction.setBadgeText({ text: "" });
console.log("reset done");
return Promise.resolve({});
case "create-reserve": {
const d = {
amount: detail.amount,
exchange: detail.exchange,
};
const req = CreateReserveRequest.checked(d);
return wallet.createReserve(req);
}
case "confirm-reserve":
const d = {
reservePub: detail.reservePub,
};
const req = ConfirmReserveRequest.checked(d);
return wallet.confirmReserve(req);
case "generate-nonce":
return wallet.generateNonce();
case "confirm-pay":
if (typeof detail.proposalId !== "number") {
throw Error("proposalId must be number");
}
return wallet.confirmPay(detail.proposalId);
case "check-pay":
if (typeof detail.proposalId !== "number") {
throw Error("proposalId must be number");
}
return wallet.checkPay(detail.proposalId);
case "query-payment":
if (sender.tab && sender.tab.id) {
rateLimitCache[sender.tab.id]++;
if (rateLimitCache[sender.tab.id] > 10) {
console.warn("rate limit for query-payment exceeded");
const msg = {
error: "rate limit exceeded for query-payment",
hint: "Check for redirect loops",
rateLimitExceeded: true,
};
return Promise.resolve(msg);
}
}
return wallet.queryPayment(detail.url);
case "exchange-info":
if (!detail.baseUrl) {
return Promise.resolve({ error: "bad url" });
}
return wallet.updateExchangeFromUrl(detail.baseUrl);
case "currency-info":
if (!detail.name) {
return Promise.resolve({ error: "name missing" });
}
return wallet.getCurrencyRecord(detail.name);
case "hash-contract":
if (!detail.contract) {
return Promise.resolve({ error: "contract missing" });
}
return wallet.hashContract(detail.contract).then((hash) => {
return hash;
});
case "put-history-entry":
if (!detail.historyEntry) {
return Promise.resolve({ error: "historyEntry missing" });
}
return wallet.putHistory(detail.historyEntry);
case "save-proposal":
console.log("handling save-proposal", detail);
const checkedRecord = ProposalRecord.checked({
contractTerms: detail.data,
contractTermsHash: detail.hash,
merchantSig: detail.sig,
});
return wallet.saveProposal(checkedRecord);
case "reserve-creation-info":
if (!detail.baseUrl || typeof detail.baseUrl !== "string") {
return Promise.resolve({ error: "bad url" });
}
const amount = AmountJson.checked(detail.amount);
return wallet.getReserveCreationInfo(detail.baseUrl, amount);
case "get-history":
// TODO: limit history length
return wallet.getHistory();
case "get-proposal":
return wallet.getProposal(detail.proposalId);
case "get-exchanges":
return wallet.getExchanges();
case "get-currencies":
return wallet.getCurrencies();
case "update-currency":
return wallet.updateCurrency(detail.currencyRecord);
case "get-reserves":
if (typeof detail.exchangeBaseUrl !== "string") {
return Promise.reject(Error("exchangeBaseUrl missing"));
}
return wallet.getReserves(detail.exchangeBaseUrl);
case "get-payback-reserves":
return wallet.getPaybackReserves();
case "withdraw-payback-reserve":
if (typeof detail.reservePub !== "string") {
return Promise.reject(Error("reservePub missing"));
}
return wallet.withdrawPaybackReserve(detail.reservePub);
case "get-coins":
if (typeof detail.exchangeBaseUrl !== "string") {
return Promise.reject(Error("exchangBaseUrl missing"));
}
return wallet.getCoins(detail.exchangeBaseUrl);
case "get-precoins":
if (typeof detail.exchangeBaseUrl !== "string") {
return Promise.reject(Error("exchangBaseUrl missing"));
}
return wallet.getPreCoins(detail.exchangeBaseUrl);
case "get-denoms":
if (typeof detail.exchangeBaseUrl !== "string") {
return Promise.reject(Error("exchangBaseUrl missing"));
}
return wallet.getDenoms(detail.exchangeBaseUrl);
case "refresh-coin":
if (typeof detail.coinPub !== "string") {
return Promise.reject(Error("coinPub missing"));
}
return wallet.refresh(detail.coinPub);
case "payback-coin":
if (typeof detail.coinPub !== "string") {
return Promise.reject(Error("coinPub missing"));
}
return wallet.payback(detail.coinPub);
case "payment-failed":
// For now we just update exchanges (maybe the exchange did something
// wrong and the keys were messed up).
// FIXME: in the future we should look at what actually went wrong.
console.error("payment reported as failed");
wallet.updateExchanges();
return Promise.resolve();
case "payment-succeeded":
const contractTermsHash = detail.contractTermsHash;
const merchantSig = detail.merchantSig;
if (!contractTermsHash) {
return Promise.reject(Error("contractHash missing"));
}
if (!merchantSig) {
return Promise.reject(Error("merchantSig missing"));
}
return wallet.paymentSucceeded(contractTermsHash, merchantSig);
default:
// Exhaustiveness check.
// See https://www.typescriptlang.org/docs/handbook/advanced-types.html
return assertNotFound(type);
}
}
async function dispatch(db: IDBDatabase, wallet: Wallet, req: any, sender: any, sendResponse: any): Promise {
try {
const p = handleMessage(db, wallet, sender, req.type, req.detail);
const r = await p;
try {
sendResponse(r);
} catch (e) {
// might fail if tab disconnected
}
} catch (e) {
console.log(`exception during wallet handler for '${req.type}'`);
console.log("request", req);
console.error(e);
let stack;
try {
stack = e.stack.toString();
} catch (e) {
// might fail
}
try {
sendResponse({
error: "exception",
hint: e.message,
stack,
});
} catch (e) {
console.log(e);
// might fail if tab disconnected
}
}
}
class ChromeNotifier implements Notifier {
private ports: Port[] = [];
constructor() {
chrome.runtime.onConnect.addListener((port) => {
console.log("got connect!");
this.ports.push(port);
port.onDisconnect.addListener(() => {
const i = this.ports.indexOf(port);
if (i >= 0) {
this.ports.splice(i, 1);
} else {
console.error("port already removed");
}
});
});
}
notify() {
for (const p of this.ports) {
p.postMessage({ notify: true });
}
}
}
/**
* Mapping from tab ID to payment information (if any).
*/
const paymentRequestCookies: { [n: number]: any } = {};
/**
* Handle a HTTP response that has the "402 Payment Required" status.
* In this callback we don't have access to the body, and must communicate via
* shared state with the content script that will later be run later
* in this tab.
*/
function handleHttpPayment(headerList: chrome.webRequest.HttpHeader[], url: string, tabId: number): any {
const headers: { [s: string]: string } = {};
for (const kv of headerList) {
if (kv.value) {
headers[kv.name.toLowerCase()] = kv.value;
}
}
const fields = {
contract_query: headers["x-taler-contract-query"],
contract_url: headers["x-taler-contract-url"],
offer_url: headers["x-taler-offer-url"],
};
const talerHeaderFound = Object.keys(fields).filter((x: any) => (fields as any)[x]).length !== 0;
if (!talerHeaderFound) {
// looks like it's not a taler request, it might be
// for a different payment system (or the shop is buggy)
console.log("ignoring non-taler 402 response");
return;
}
const payDetail = {
contract_url: fields.contract_url,
offer_url: fields.offer_url,
};
console.log("got pay detail", payDetail);
// This cookie will be read by the injected content script
// in the tab that displays the page.
paymentRequestCookies[tabId] = {
payDetail,
type: "pay",
};
}
function handleBankRequest(wallet: Wallet, headerList: chrome.webRequest.HttpHeader[],
url: string, tabId: number): any {
const headers: { [s: string]: string } = {};
for (const kv of headerList) {
if (kv.value) {
headers[kv.name.toLowerCase()] = kv.value;
}
}
const reservePub = headers["x-taler-reserve-pub"];
if (reservePub !== undefined) {
console.log(`confirming reserve ${reservePub} via 201`);
wallet.confirmReserve({reservePub});
return;
}
const amount = headers["x-taler-amount"];
if (amount) {
const callbackUrl = headers["x-taler-callback-url"];
if (!callbackUrl) {
console.log("202 not understood (X-Taler-Callback-Url missing)");
return;
}
let amountParsed;
try {
amountParsed = JSON.parse(amount);
} catch (e) {
const uri = new URI(chrome.extension.getURL("/src/webex/pages/error.html"));
const p = {
message: `Can't parse amount ("${amount}"): ${e.message}`,
};
const redirectUrl = uri.query(p).href();
// FIXME: use direct redirect when https://bugzilla.mozilla.org/show_bug.cgi?id=707624 is fixed
chrome.tabs.update(tabId, {url: redirectUrl});
return;
}
const wtTypes = headers["x-taler-wt-types"];
if (!wtTypes) {
console.log("202 not understood (X-Taler-Wt-Types missing)");
return;
}
const params = {
amount,
bank_url: url,
callback_url: new URI(callbackUrl) .absoluteTo(url),
suggested_exchange_url: headers["x-taler-suggested-exchange"],
wt_types: wtTypes,
};
const uri = new URI(chrome.extension.getURL("/src/webex/pages/confirm-create-reserve.html"));
const redirectUrl = uri.query(params).href();
console.log("redirecting to", redirectUrl);
// FIXME: use direct redirect when https://bugzilla.mozilla.org/show_bug.cgi?id=707624 is fixed
chrome.tabs.update(tabId, {url: redirectUrl});
return;
}
// no known headers found, not a taler request ...
}
// Rate limit cache for executePayment operations, to break redirect loops
let rateLimitCache: { [n: number]: number } = {};
function clearRateLimitCache() {
rateLimitCache = {};
}
/**
* Main function to run for the WebExtension backend.
*
* Sets up all event handlers and other machinery.
*/
export async function wxMain() {
window.onerror = (m, source, lineno, colno, error) => {
logging.record("error", m + error, undefined, source || "(unknown)", lineno || 0, colno || 0);
};
chrome.browserAction.setBadgeText({ text: "" });
const badge = new ChromeBadge();
chrome.tabs.query({}, (tabs) => {
for (const tab of tabs) {
if (!tab.url || !tab.id) {
return;
}
const uri = new URI(tab.url);
if (uri.protocol() === "http" || uri.protocol() === "https") {
console.log("injecting into existing tab", tab.id);
chrome.tabs.executeScript(tab.id, { file: "/dist/contentScript-bundle.js" });
const code = `
if (("taler" in window) || document.documentElement.getAttribute("data-taler-nojs")) {
document.dispatchEvent(new Event("taler-probe-result"));
}
`;
chrome.tabs.executeScript(tab.id, { code, runAt: "document_idle" });
}
}
});
const tabTimers: {[n: number]: number[]} = {};
chrome.tabs.onRemoved.addListener((tabId, changeInfo) => {
const tt = tabTimers[tabId] || [];
for (const t of tt) {
chrome.extension.getBackgroundPage().clearTimeout(t);
}
});
chrome.tabs.onUpdated.addListener((tabId, changeInfo) => {
if (changeInfo.status !== "complete") {
return;
}
const timers: number[] = [];
const addRun = (dt: number) => {
const id = chrome.extension.getBackgroundPage().setTimeout(run, dt);
timers.push(id);
};
const run = () => {
timers.shift();
chrome.tabs.get(tabId, (tab) => {
if (chrome.runtime.lastError) {
return;
}
if (!tab.url || !tab.id) {
return;
}
const uri = new URI(tab.url);
if (!(uri.protocol() === "http" || uri.protocol() === "https")) {
return;
}
const code = `
if (("taler" in window) || document.documentElement.getAttribute("data-taler-nojs")) {
document.dispatchEvent(new Event("taler-probe-result"));
}
`;
chrome.tabs.executeScript(tab.id!, { code, runAt: "document_start" });
});
};
addRun(0);
addRun(50);
addRun(300);
addRun(1000);
addRun(2000);
addRun(4000);
addRun(8000);
addRun(16000);
tabTimers[tabId] = timers;
});
chrome.extension.getBackgroundPage().setInterval(clearRateLimitCache, 5000);
let db: IDBDatabase;
try {
db = await openTalerDb();
} catch (e) {
console.error("could not open database", e);
return;
}
const http = new BrowserHttpLib();
const notifier = new ChromeNotifier();
console.log("setting wallet");
const wallet = new Wallet(db, http, badge!, notifier);
// Useful for debugging in the background page.
(window as any).talerWallet = wallet;
// Handlers for messages coming directly from the content
// script on the page
chrome.runtime.onMessage.addListener((req, sender, sendResponse) => {
dispatch(db, wallet, req, sender, sendResponse);
return true;
});
// Handlers for catching HTTP requests
chrome.webRequest.onHeadersReceived.addListener((details) => {
if (details.statusCode === 402) {
console.log(`got 402 from ${details.url}`);
return handleHttpPayment(details.responseHeaders || [],
details.url,
details.tabId);
} else if (details.statusCode === 202) {
return handleBankRequest(wallet!, details.responseHeaders || [],
details.url,
details.tabId);
}
}, { urls: [""] }, ["responseHeaders", "blocking"]);
}
/**
* Return a promise that resolves
* to the taler wallet db.
*/
function openTalerDb(): Promise {
return new Promise((resolve, reject) => {
const req = indexedDB.open(DB_NAME, DB_VERSION);
req.onerror = (e) => {
reject(e);
};
req.onsuccess = (e) => {
resolve(req.result);
};
req.onupgradeneeded = (e) => {
const db = req.result;
console.log("DB: upgrade needed: oldVersion = " + e.oldVersion);
switch (e.oldVersion) {
case 0: // DB does not exist yet
for (const n in Stores) {
if ((Stores as any)[n] instanceof Store) {
const si: Store = (Stores as any)[n];
const s = db.createObjectStore(si.name, si.storeParams);
for (const indexName in (si as any)) {
if ((si as any)[indexName] instanceof Index) {
const ii: Index = (si as any)[indexName];
s.createIndex(ii.indexName, ii.keyPath);
}
}
}
}
break;
default:
if (e.oldVersion !== DB_VERSION) {
window.alert("Incompatible wallet dababase version, please reset" +
" db.");
chrome.browserAction.setBadgeText({text: "err"});
chrome.browserAction.setBadgeBackgroundColor({color: "#F00"});
throw Error("incompatible DB");
}
break;
}
};
});
}
function exportDb(db: IDBDatabase): Promise {
const dump = {
name: db.name,
stores: {} as {[s: string]: any},
version: db.version,
};
return new Promise((resolve, reject) => {
const tx = db.transaction(Array.from(db.objectStoreNames));
tx.addEventListener("complete", () => {
resolve(dump);
});
// tslint:disable-next-line:prefer-for-of
for (let i = 0; i < db.objectStoreNames.length; i++) {
const name = db.objectStoreNames[i];
const storeDump = {} as {[s: string]: any};
dump.stores[name] = storeDump;
tx.objectStore(name)
.openCursor()
.addEventListener("success", (e: Event) => {
const cursor = (e.target as any).result;
if (cursor) {
storeDump[cursor.key] = cursor.value;
cursor.continue();
}
});
}
});
}
function importDb(db: IDBDatabase, dump: any): Promise {
console.log("importing db", dump);
return new Promise((resolve, reject) => {
const tx = db.transaction(Array.from(db.objectStoreNames), "readwrite");
if (dump.stores) {
for (const storeName in dump.stores) {
const objects = [];
const dumpStore = dump.stores[storeName];
for (const key in dumpStore) {
objects.push(dumpStore[key]);
}
console.log(`importing ${objects.length} records into ${storeName}`);
const store = tx.objectStore(storeName);
for (const obj of objects) {
store.put(obj);
}
}
}
tx.addEventListener("complete", () => {
resolve();
});
});
}
function deleteDb() {
indexedDB.deleteDatabase(DB_NAME);
}