Merge branch 'master' of git+ssh://git.taler.net/docs

9 files changed, 59 insertions, 33 deletions

diff --git a/_exts/typescriptdomain.py b/_exts/typescriptdomain.py
index 83ab26c6..ac6e4b89 100644
--- a/_exts/typescriptdomain.py
+++ b/_exts/typescriptdomain.py
@@ -420,6 +420,7 @@ class LinkingHtmlFormatter(HtmlFormatter):
                 + "#"
                 + r1[1]
             )
+            print(f"relative URL from {self._bridge.docname} to {r1[0]} is {rel_uri}")
             return (
                 '<a style="color:inherit;text-decoration:underline" href="%s">%s</a>'
                 % (rel_uri, content)
@@ -521,7 +522,7 @@ class MyPygmentsBridge(PygmentsBridge):
         elif isinstance(location, Element):
             self.line = location.line
             self.path = location.source
-            self.docname = Path(location.source).stem
+            self.docname = self.builder.env.path2doc(self.path)
         return super().highlight_block(source, lang, opts, force, location, **kwargs)
 
 
diff --git a/anastasis.rst b/anastasis.rst
index 8e6d0028..fc32343b 100644
--- a/anastasis.rst
+++ b/anastasis.rst
@@ -1292,7 +1292,7 @@ Optional arguments to try uploading recovery document only to specific providers
 
 Expected new state (backup process):
 
-.. code-block:: json
+.. code-block:: javascript
 
     {
       "backup_state": "POLICIES_REVIEWING",
@@ -1304,7 +1304,7 @@ Expected new state (backup process):
 
 Arguments (example):
 
-.. code-block:: json
+.. code-block:: javascript
 
     {
       "policy": [
@@ -1459,7 +1459,7 @@ Expected new state (backup process):
 
 Arguments (example):
 
-.. code-block:: json
+.. code-block:: javascript
 
     {
       "secret": string
diff --git a/conf.py b/conf.py
index 942c6ea7..d0a0ea89 100644
--- a/conf.py
+++ b/conf.py
@@ -243,7 +243,7 @@ latex_documents = [
      'GNU Taler team', 'manual'),
     ('taler-backoffice-manual', 'taler-backoffice-manual.tex',
      'GNU Taler Back Office Manual', 'GNU Taler team', 'manual'),
-    ('taler-developers-manual', 'taler-developers-manual.tex', 'GNU Taler Developer Manual',
+    ('taler-developer-manual', 'taler-developer-manual.tex', 'GNU Taler Developer Manual',
      'GNU Taler team', 'manual'),
 ]
 
@@ -360,7 +360,7 @@ texinfo_documents = [
      "DESCRIPTION", "CATEGORY"),
     ("taler-bank-manual", "taler-bank", "Taler Bank Manual", "GNU Taler team",
      "MENU ENTRY", "DESCRIPTION", "CATEGORY"),
-    ("taler-developers-manual", "taler-developers-manual", "Taler Developer Manual", "GNU Taler team",
+    ("taler-developer-manual", "taler-developer-manual", "Taler Developer Manual", "GNU Taler team",
      "MENU ENTRY", "DESCRIPTION", "CATEGORY"),
 ]
 
diff --git a/core/api-merchant.rst b/core/api-merchant.rst
index 1f96ae62..5a9e6bf5 100644
--- a/core/api-merchant.rst
+++ b/core/api-merchant.rst
@@ -825,11 +825,8 @@ Setting up instances
       // Merchant name corresponding to this instance.
       name: string;
 
-      // "Authentication" header required to authorize management access the instance.
-      // Optional, if not given authentication will be disabled for
-      // this instance (hopefully authentication checks are still
-      // done by some reverse proxy).
-      auth_token?: string;
+      // Authentication settings for this instance
+      auth: InstanceAuthConfigurationMessage;
 
       // The merchant's physical address (to be put into contracts).
       address: Location;
@@ -863,6 +860,35 @@ Setting up instances
     }
 
 
+.. http:post:: /private/instances/$INSTANCE/auth
+
+   Update the authentication settings for an instance.
+
+   **Request** the request must be an `InstanceAuthConfigurationMessage`.
+
+  :http:statuscode:`204 No content`:
+    The backend has successfully created the instance.
+  :http:statuscode:`404 Not found`:
+    This instance is unknown and thus cannot be reconfigured.
+
+  .. ts:def:: InstanceAuthConfigurationMessage
+
+    interface InstanceAuthConfigurationMessage {
+      // Type of authentication.
+      // "external":  The mechant backend does not do
+      //   any authentication checks.  Instead an API
+      //   gateway must do the authentication.
+      // "token": The merchant checks an auth token.
+      //   See "token" for details.
+      method: "external" | "token";
+
+      // For method "external", this field is mandatory.
+      // It specifies the "Authentication" HTTP header required to
+      // authorize management to access the instance.
+      token?: string;
+    }
+
+
 .. http:patch:: /private/instances/$INSTANCE
 
   Update the configuration of a merchant instance.  PATCH operations against
@@ -894,12 +920,6 @@ Setting up instances
       // Merchant name corresponding to this instance.
       name: string;
 
-      // "Authentication" header required to authorize management access the instance.
-      // Optional, if not given authentication will be disabled for
-      // this instance (hopefully authentication checks are still
-      // done by some reverse proxy).
-      auth_token?: string;
-
       // The merchant's physical address (to be put into contracts).
       address: Location;
 
@@ -1029,6 +1049,12 @@ Inspecting instances
       // offers we make be valid by default?
       default_pay_deadline: RelativeTime;
 
+      // Authentication configuration.
+      // Does not contain the token when token auth is configured.
+      auth: {
+        type: "external" | "token";
+      };
+
     }
 
   .. ts:def:: MerchantAccount
diff --git a/frags/taler-payment-cycle.rst b/frags/taler-payment-cycle.rst
index 9c7d1302..94dd5c8d 100644
--- a/frags/taler-payment-cycle.rst
+++ b/frags/taler-payment-cycle.rst
@@ -20,15 +20,18 @@ these are called the *reserve*.
 
 In step 3, (a) *withdraws* coins, either wholly or partially, from (b).  These
 coins are kept in a *wallet* under control of (a).  The coins in the wallet
-are anonymous.
+are unlinkable to the identity of (a) that was revealed during the withdraw
+operation.
 
 In step 4, (a) authorizes payment of coins from the wallet to (c).  This
 transfers payment coins from the wallet to (c), and change coins from (b) to
 the wallet (unless the payment amount exactly matches the denomination of the
 coins in the wallet).
 
-In step 5, (c) *deposits* coins into (b).  These coins are still anonymous,
-although the transaction itself is not anonymous.
+In step 5, (c) *deposits* coins into (b).  At this point, (b) knows the
+identity of (c), but not of (a).  Taler uses cryptography to validate that the
+coins are unique and were issued by (b), but (b) cannot determine to whom the
+coins were originally issued.
 
 In step 6, (b) directs (e) to wire transfer real funds corresponding to the
 accumulated deposited coins to (f).
diff --git a/taler-developer-manual.rst b/taler-developer-manual.rst
index a1148474..81c99c27 100644
--- a/taler-developer-manual.rst
+++ b/taler-developer-manual.rst
@@ -1603,8 +1603,6 @@ taler-config-generate
 
 **taler-config-generate** - tool to simplify Taler configuration generation
 
-Synopsis
-~~~~~~~~
 
 **taler-config-generate**
 [**-C** *CURRENCY* | **––currency=**\ ‌\ *CURRENCY*]
@@ -1623,8 +1621,6 @@ Synopsis
 [**––exchange-bank-account**]
 [**––merchant-bank-account**]
 
-Description
-~~~~~~~~~~~
 
 **taler-config-generate** can be used to generate configuration files
 for the Taler exchange or Taler merchants.
diff --git a/taler-merchant-manual.rst b/taler-merchant-manual.rst
index 0d98583c..990b57b1 100644
--- a/taler-merchant-manual.rst
+++ b/taler-merchant-manual.rst
@@ -1013,22 +1013,22 @@ each instance:
           if ($http_authorization !~ "(?i)ApiKey FOOTOKEN") {
              return 401;
           }
-          proxy_pass ...; // as above
+          proxy_pass ...; # as above
       }
       location ~ ^/instances/bar/private/ {
           if ($http_authorization !~ "(?i)ApiKey BARTOKEN") {
              return 401;
           }
-          proxy_pass ...; // as above
+          proxy_pass ...; # as above
       }
       location /private/ {
           if ($http_authorization !~ "(?i)ApiKey MASTERTOKEN") {
              return 401;
           }
-          proxy_pass ...; // as above
+          proxy_pass ...; # as above
       }
       location ~ /private/ {
-          return 401; // access to instances not explicitly configured is forbidden
+          return 401; # access to instances not explicitly configured is forbidden
       }
 
 Apache
diff --git a/taler-merchant-pos-terminal.rst b/taler-merchant-pos-terminal.rst
index 8bee175a..5ccfd5c0 100644
--- a/taler-merchant-pos-terminal.rst
+++ b/taler-merchant-pos-terminal.rst
@@ -93,7 +93,7 @@ Import in and build with Android Studio or run on the command line:
   $ ./gradlew assembleRelease
 
 If you do not have the proprietary Android SDK installed,
-see the :doc:`taler-developers-manual`
+see the :doc:`taler-developer-manual`
 for :ref:`build instructions using free SDK rebuilds <Build-apps-from-source>`.
 
 APIs and Data Formats
diff --git a/taler-wallet.rst b/taler-wallet.rst
index a87ee09c..be471446 100644
--- a/taler-wallet.rst
+++ b/taler-wallet.rst
@@ -80,7 +80,7 @@ Building from source
 Android Wallet
 ==============
 
-Please see :ref:`Build-apps-from-source` in the :doc:`taler-developers-manual`.
+Please see :ref:`Build-apps-from-source` in the :doc:`taler-developer-manual`.
 
 
 APIs and Data Formats
@@ -755,7 +755,7 @@ a payto URI).  They don't involve a merchant.
 
     interface CreateDepositGroupRequest {
       depositPaytoUri: string;
-      amount: AmountString;
+      amount: Amount;
     }
 :Response:
   .. ts:def:: CreateDepositGroupResponse
@@ -920,8 +920,8 @@ Preparing a tip
 
       // Has the tip already been accepted?
       accepted: boolean;
-      tipAmountRaw: AmountString;
-      tipAmountEffective: AmountString;
+      tipAmountRaw: Amount;
+      tipAmountEffective: Amount;
       exchangeBaseUrl: string;
       expirationTimestamp: Timestamp;
     }