diff options
author | Antoine A <> | 2024-02-19 17:08:08 +0100 |
---|---|---|
committer | Antoine A <> | 2024-02-19 17:08:08 +0100 |
commit | 22be66f8b688696df27b643081f76ded9d452127 (patch) | |
tree | 000944a0bd92efbb52a23c2f9e577d9a1e596f19 | |
parent | d648a98f511ac4ed1a8a83516c09f4fe66f164bf (diff) | |
download | libeufin-22be66f8b688696df27b643081f76ded9d452127.tar.gz libeufin-22be66f8b688696df27b643081f76ded9d452127.tar.bz2 libeufin-22be66f8b688696df27b643081f76ded9d452127.zip |
Environment variables for TAN script in libeufin-bank config
-rw-r--r-- | bank/src/main/kotlin/tech/libeufin/bank/Config.kt | 10 | ||||
-rw-r--r-- | bank/src/main/kotlin/tech/libeufin/bank/CoreBankApi.kt | 18 | ||||
-rw-r--r-- | contrib/bank.conf | 6 | ||||
-rwxr-xr-x | contrib/libeufin-tan-sms.sh | 14 |
4 files changed, 35 insertions, 13 deletions
diff --git a/bank/src/main/kotlin/tech/libeufin/bank/Config.kt b/bank/src/main/kotlin/tech/libeufin/bank/Config.kt index 45c370d5..cba29656 100644 --- a/bank/src/main/kotlin/tech/libeufin/bank/Config.kt +++ b/bank/src/main/kotlin/tech/libeufin/bank/Config.kt @@ -44,7 +44,7 @@ data class BankConfig( val fiatCurrency: String?, val fiatCurrencySpec: CurrencySpecification?, val spaPath: Path?, - val tanChannels: Map<TanChannel, Path>, + val tanChannels: Map<TanChannel, Pair<Path, Map<String, String>>>, val payto: BankPaytoCtx, val wireMethod: WireMethod ) @@ -97,7 +97,13 @@ fun TalerConfig.loadBankConfig(): BankConfig { val tanChannels = buildMap { for (channel in TanChannel.entries) { lookupPath("libeufin-bank", "tan_$channel")?.let { - put(channel, it) + val variables = lookupString("libeufin-bank", "tan_${channel}_env")?.let { env -> + env.split(' ').map { variable -> + variable.splitOnce("=") ?: + throw TalerConfigError.invalid("environment variables", "libeufin-bank", "tan_${channel}_env", "expected NAME=VALUE got '$variable'") + }.toMap() + } ?: mapOf() + put(channel, Pair(it, variables)) } } } diff --git a/bank/src/main/kotlin/tech/libeufin/bank/CoreBankApi.kt b/bank/src/main/kotlin/tech/libeufin/bank/CoreBankApi.kt index 11508407..dbb550ac 100644 --- a/bank/src/main/kotlin/tech/libeufin/bank/CoreBankApi.kt +++ b/bank/src/main/kotlin/tech/libeufin/bank/CoreBankApi.kt @@ -662,17 +662,29 @@ private fun Routing.coreBankTanApi(db: Database, ctx: BankConfig) { ) is TanSendResult.Success -> { res.tanCode?.run { - val tanScript = ctx.tanChannels.get(res.tanChannel) + val (tanScript, tanEnv) = ctx.tanChannels.get(res.tanChannel) ?: throw unsupportedTanChannel(res.tanChannel) val exitValue = withContext(Dispatchers.IO) { - val process = ProcessBuilder(tanScript.toString(), res.tanInfo).start() + val builder = ProcessBuilder(tanScript.toString(), res.tanInfo) + builder.redirectErrorStream(true) + for ((name, value) in tanEnv) { + builder.environment()[name] = value + } + val process = builder.start() try { process.outputWriter().use { it.write(res.tanCode) } process.onExit().await() } catch (e: Exception) { process.destroy() } - process.exitValue() + val exitValue = process.exitValue() + if (exitValue != 0) { + val out = process.getInputStream().reader().readText() + if (out.isNotEmpty()) { + logger.error("TAN ${res.tanChannel} - ${tanScript}: $out") + } + } + exitValue } if (exitValue != 0) { throw libeufinError( diff --git a/contrib/bank.conf b/contrib/bank.conf index 72791fd3..af7fb252 100644 --- a/contrib/bank.conf +++ b/contrib/bank.conf @@ -42,6 +42,12 @@ WIRE_TYPE = # Path to TAN challenge transmission script via email. If not specified, this TAN channel will not be supported. # TAN_EMAIL = libeufin-tan-email.sh +# Environment variables for the sms TAN script. +# TAN_SMS_ENV = AUTH_TOKEN=secret-token + +# Environment variables for the email TAN script. +# TAN_EMAIL_ENV = AUTH_TOKEN=secret-token + # How "libeufin-bank serve" serves its API, this can either be tcp or unix SERVE = tcp diff --git a/contrib/libeufin-tan-sms.sh b/contrib/libeufin-tan-sms.sh index ae33bad3..63c427ff 100755 --- a/contrib/libeufin-tan-sms.sh +++ b/contrib/libeufin-tan-sms.sh @@ -1,20 +1,18 @@ #!/bin/sh - # This file is in the public domain. - set -eu - -. telesign-secrets # need to be found in the PATH -# Set CUSTOMER_ID and API_KEY +# Set AUTH_TOKEN=... MESSAGE=`cat -` TMPFILE=`mktemp /tmp/sms-loggingXXXXXX` PHONE_NUMBER=$(echo $1 | sed 's/^+//') # Telesign refuses the leading + STATUS=$(curl --request POST \ - --user "$CUSTOMER_ID:$API_KEY" \ --url https://rest-api.telesign.com/v1/messaging \ - --data "message_type=OTP" \ + --header "authorization: Basic $AUTH_TOKEN" \ + --header 'content-type: application/x-www-form-urlencoded' \ + --data account_livecycle_event=transact \ --data "message=$MESSAGE" \ + --data message_type=OTP \ --data "phone_number=$PHONE_NUMBER" \ -w "%{http_code}" -s -o $TMPFILE) echo `cat $TMPFILE` >> $HOME/sms.log @@ -27,4 +25,4 @@ case $STATUS in exit 1; ;; esac -exit 1 +exit 1
\ No newline at end of file |