add new BASE_URL option (fixes #7966)

4 files changed, 89 insertions, 38 deletions

diff --git a/src/backend/merchant.conf b/src/backend/merchant.conf
index ee492691..44ec72d7 100644
--- a/src/backend/merchant.conf
+++ b/src/backend/merchant.conf
@@ -17,6 +17,10 @@ PORT = 9966
 # if left empty.  Only used if "SERVE" is 'tcp'.
 # BIND_TO =
 
+# Base URL of the merchant backend. Optional. If not given, the backend will determine
+# the Base URL based on X-Forwarded-* headers (hopefully) set by the reverse proxy.
+# BASE_URL = https://example.com/
+
 # How long do we keep contract / payment information around after the
 # purchase (for tax records and other legal reasons).
 LEGAL_PRESERVATION = 11 years
diff --git a/src/backend/taler-merchant-httpd.c b/src/backend/taler-merchant-httpd.c
index dd6e5a07..5a581928 100644
--- a/src/backend/taler-merchant-httpd.c
+++ b/src/backend/taler-merchant-httpd.c
@@ -118,6 +118,13 @@
 char *TMH_currency;
 
 /**
+ * What is the base URL for this merchant backend?  NULL if it is not
+ * configured and is to be determined from HTTP headers (X-Forwarded-Host and
+ * X-Forwarded-Port and X-Forwarded-Prefix) of the reverse proxy.
+ */
+char *TMH_base_url;
+
+/**
  * Inform the auditor for all deposit confirmations (global option)
  */
 int TMH_force_audit;
@@ -153,7 +160,7 @@ unsigned int TMH_num_cspecs;
 
 /**
  * Rendering specs for currencies.
- */ 
+ */
 struct TALER_CurrencySpecification *TMH_cspecs;
 
 /**
@@ -2180,7 +2187,7 @@ run (void *cls,
     GNUNET_SCHEDULER_shutdown ();
     return;
   }
-  
+
   if (GNUNET_OK !=
       GNUNET_CONFIGURATION_get_value_time (cfg,
                                            "merchant",
@@ -2193,6 +2200,27 @@ run (void *cls,
     GNUNET_SCHEDULER_shutdown ();
     return;
   }
+  if (GNUNET_OK ==
+      GNUNET_CONFIGURATION_get_value_string (cfg,
+                                             "merchant",
+                                             "BASE_URL",
+                                             &TMH_base_url))
+  {
+    if ( (0 != strncasecmp (TMH_base_url,
+                            "https://",
+                            strlen ("https://"))) &&
+         (0 != strncasecmp (TMH_base_url,
+                            "http://",
+                            strlen ("http://"))) )
+    {
+      GNUNET_log_config_invalid (GNUNET_ERROR_TYPE_ERROR,
+                                 "merchant",
+                                 "BASE_URL",
+                                 "Needs to start with 'http://' or 'https://'");
+      GNUNET_SCHEDULER_shutdown ();
+      return;
+    }
+  }
   if (GNUNET_YES ==
       GNUNET_CONFIGURATION_get_value_yesno (cfg,
                                             "merchant",
diff --git a/src/backend/taler-merchant-httpd.h b/src/backend/taler-merchant-httpd.h
index 3f34557e..7ccf0575 100644
--- a/src/backend/taler-merchant-httpd.h
+++ b/src/backend/taler-merchant-httpd.h
@@ -410,7 +410,8 @@ struct TMH_HandlerContext;
 /**
  * Possible authorization scopes. This is a bit mask.
  */
-enum TMH_AuthScope {
+enum TMH_AuthScope
+{
   /**
    * Nothing is authorized.
    */
@@ -672,13 +673,20 @@ struct TMH_SuspendedConnection
 extern char *TMH_currency;
 
 /**
+ * What is the base URL for this merchant backend?  NULL if it is not
+ * configured and is to be determined from HTTP headers (X-Forwarded-Host and
+ * X-Forwarded-Port and X-Forwarded-Prefix) of the reverse proxy.
+ */
+extern char *TMH_base_url;
+
+/**
  * Length of the TMH_cspecs array.
  */
 extern unsigned int TMH_num_cspecs;
 
 /**
  * Rendering specs for currencies.
- */ 
+ */
 extern struct TALER_CurrencySpecification *TMH_cspecs;
 
 /**
diff --git a/src/backend/taler-merchant-httpd_helper.c b/src/backend/taler-merchant-httpd_helper.c
index 2e06a432..ac181234 100644
--- a/src/backend/taler-merchant-httpd_helper.c
+++ b/src/backend/taler-merchant-httpd_helper.c
@@ -748,48 +748,59 @@ TMH_base_url_by_connection (struct MHD_Connection *connection,
   memset (buf,
           0,
           sizeof (*buf));
-  if (GNUNET_YES == TALER_mhd_is_https (connection))
-    GNUNET_buffer_write_str (buf, "https://");
-  else
-    GNUNET_buffer_write_str (buf, "http://");
-  host = MHD_lookup_connection_value (connection,
-                                      MHD_HEADER_KIND,
-                                      MHD_HTTP_HEADER_HOST);
-  forwarded_host = MHD_lookup_connection_value (connection,
-                                                MHD_HEADER_KIND,
-                                                "X-Forwarded-Host");
-  if (NULL != forwarded_host)
+  if (NULL != TMH_base_url)
   {
     GNUNET_buffer_write_str (buf,
-                             forwarded_host);
+                             TMH_base_url);
   }
   else
   {
-    if (NULL == host)
+    if (GNUNET_YES ==
+        TALER_mhd_is_https (connection))
+      GNUNET_buffer_write_str (buf,
+                               "https://");
+    else
+      GNUNET_buffer_write_str (buf,
+                               "http://");
+    host = MHD_lookup_connection_value (connection,
+                                        MHD_HEADER_KIND,
+                                        MHD_HTTP_HEADER_HOST);
+    forwarded_host = MHD_lookup_connection_value (connection,
+                                                  MHD_HEADER_KIND,
+                                                  "X-Forwarded-Host");
+    if (NULL != forwarded_host)
     {
-      GNUNET_buffer_clear (buf);
-      GNUNET_break (0);
-      return GNUNET_SYSERR;
+      GNUNET_buffer_write_str (buf,
+                               forwarded_host);
     }
-    GNUNET_buffer_write_str (buf,
-                             host);
-  }
-  forwarded_port = MHD_lookup_connection_value (connection,
-                                                MHD_HEADER_KIND,
-                                                "X-Forwarded-Port");
-  if (NULL != forwarded_port)
-  {
-    GNUNET_buffer_write_str (buf,
-                             ":");
-    GNUNET_buffer_write_str (buf,
-                             forwarded_port);
+    else
+    {
+      if (NULL == host)
+      {
+        GNUNET_buffer_clear (buf);
+        GNUNET_break (0);
+        return GNUNET_SYSERR;
+      }
+      GNUNET_buffer_write_str (buf,
+                               host);
+    }
+    forwarded_port = MHD_lookup_connection_value (connection,
+                                                  MHD_HEADER_KIND,
+                                                  "X-Forwarded-Port");
+    if (NULL != forwarded_port)
+    {
+      GNUNET_buffer_write_str (buf,
+                               ":");
+      GNUNET_buffer_write_str (buf,
+                               forwarded_port);
+    }
+    uri_path = MHD_lookup_connection_value (connection,
+                                            MHD_HEADER_KIND,
+                                            "X-Forwarded-Prefix");
+    if (NULL != uri_path)
+      GNUNET_buffer_write_path (buf,
+                                uri_path);
   }
-  uri_path = MHD_lookup_connection_value (connection,
-                                          MHD_HEADER_KIND,
-                                          "X-Forwarded-Prefix");
-  if (NULL != uri_path)
-    GNUNET_buffer_write_path (buf,
-                              uri_path);
   if (0 != strcmp (instance,
                    "default"))
   {