diff options
Diffstat (limited to 'src/backend/taler-merchant-httpd_private-post-instances-ID-token.c')
-rw-r--r-- | src/backend/taler-merchant-httpd_private-post-instances-ID-token.c | 149 |
1 files changed, 149 insertions, 0 deletions
diff --git a/src/backend/taler-merchant-httpd_private-post-instances-ID-token.c b/src/backend/taler-merchant-httpd_private-post-instances-ID-token.c new file mode 100644 index 00000000..a223a882 --- /dev/null +++ b/src/backend/taler-merchant-httpd_private-post-instances-ID-token.c @@ -0,0 +1,149 @@ +/* + This file is part of GNU Taler + (C) 2023 Taler Systems SA + + GNU Taler is free software; you can redistribute it and/or modify + it under the terms of the GNU Affero General Public License as + published by the Free Software Foundation; either version 3, + or (at your option) any later version. + + GNU Taler is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public + License along with TALER; see the file COPYING. If not, + see <http://www.gnu.org/licenses/> +*/ + +/** + * @file taler-merchant-httpd_private-post-instances-ID-token.c + * @brief implementing POST /instances/$ID/token request handling + * @author Christian Grothoff + */ +#include "platform.h" +#include "taler-merchant-httpd_private-post-instances-ID-token.h" +#include "taler-merchant-httpd_helper.h" +#include <taler/taler_json_lib.h> + + +/** + * Default duration for the validity of a login token. + */ +#define DEFAULT_DURATION GNUNET_TIME_UNIT_DAYS + + +MHD_RESULT +TMH_private_post_instances_ID_token (const struct TMH_RequestHandler *rh, + struct MHD_Connection *connection, + struct TMH_HandlerContext *hc) +{ + struct TMH_MerchantInstance *mi = hc->instance; + json_t *jtoken = hc->request_body; + const char *scope; + uint32_t iscope = TMH_AS_NONE; + bool refreshable = false; + struct TALER_MERCHANTDB_LoginTokenP btoken; + struct GNUNET_TIME_Relative duration + = DEFAULT_DURATION; + struct GNUNET_TIME_Timestamp expiration_time; + struct GNUNET_JSON_Specification spec[] = { + GNUNET_JSON_spec_string ("scope", + &scope), + GNUNET_JSON_spec_mark_optional ( + GNUNET_JSON_spec_relative_time ("duration", + &duration), + NULL), + GNUNET_JSON_spec_mark_optional ( + GNUNET_JSON_spec_bool ("refreshable", + &refreshable), + NULL), + GNUNET_JSON_spec_end () + }; + enum GNUNET_DB_QueryStatus qs; + + { + enum GNUNET_GenericReturnValue res; + + res = TALER_MHD_parse_json_data (connection, + jtoken, + spec); + if (GNUNET_OK != res) + return (GNUNET_NO == res) ? MHD_YES : MHD_NO; + } + GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_NONCE, + &btoken, + sizeof (btoken)); + expiration_time = GNUNET_TIME_relative_to_timestamp (duration); + if (0 == strcasecmp (scope, + "readonly")) + iscope = TMH_AS_READ_ONLY; + else if (0 == strcasecmp (scope, + "write")) + iscope = TMH_AS_ALL; + else + { + GNUNET_break_op (0); + return TALER_MHD_reply_with_ec (connection, + TALER_EC_GENERIC_PARAMETER_MALFORMED, + "scope"); + } + if (refreshable) + iscope |= TMH_AS_REFRESHABLE; + if (0 != (iscope & (~hc->auth_scope))) + { + /* more permissions requested for the new token, not allowed */ + GNUNET_break_op (0); + return TALER_MHD_reply_with_ec (connection, + TALER_EC_GENERIC_TOKEN_PERMISSION_INSUFFICIENT, + NULL); + } + qs = TMH_db->insert_login_token (TMH_db->cls, + mi->settings.id, + &btoken, + GNUNET_TIME_timestamp_get (), + expiration_time, + iscope); + switch (qs) + { + case GNUNET_DB_STATUS_HARD_ERROR: + case GNUNET_DB_STATUS_SOFT_ERROR: + case GNUNET_DB_STATUS_SUCCESS_NO_RESULTS: + GNUNET_break (0); + return TALER_MHD_reply_with_ec (connection, + TALER_EC_GENERIC_DB_STORE_FAILED, + "insert_login_token"); + case GNUNET_DB_STATUS_SUCCESS_ONE_RESULT: + break; + } + + { + char *tok; + MHD_RESULT ret; + char *val; + + val = GNUNET_STRINGS_data_to_string_alloc (&btoken, + sizeof (btoken)); + GNUNET_asprintf (&tok, + RFC_8959_PREFIX "%s", + val); + GNUNET_free (val); + ret = TALER_MHD_REPLY_JSON_PACK ( + connection, + MHD_HTTP_OK, + GNUNET_JSON_pack_string ("token", + tok), + GNUNET_JSON_pack_string ("scope", + scope), + GNUNET_JSON_pack_bool ("refreshable", + refreshable), + GNUNET_JSON_pack_timestamp ("expiration", + expiration_time)); + GNUNET_free (tok); + return ret; + } +} + + +/* end of taler-merchant-httpd_private-post-instances-ID-token.c */ |