diff options
Diffstat (limited to 'src/backend')
-rw-r--r-- | src/backend/merchant.conf | 4 | ||||
-rw-r--r-- | src/backend/taler-merchant-httpd.c | 32 | ||||
-rw-r--r-- | src/backend/taler-merchant-httpd.h | 12 | ||||
-rw-r--r-- | src/backend/taler-merchant-httpd_helper.c | 79 |
4 files changed, 89 insertions, 38 deletions
diff --git a/src/backend/merchant.conf b/src/backend/merchant.conf index ee492691..44ec72d7 100644 --- a/src/backend/merchant.conf +++ b/src/backend/merchant.conf @@ -17,6 +17,10 @@ PORT = 9966 # if left empty. Only used if "SERVE" is 'tcp'. # BIND_TO = +# Base URL of the merchant backend. Optional. If not given, the backend will determine +# the Base URL based on X-Forwarded-* headers (hopefully) set by the reverse proxy. +# BASE_URL = https://example.com/ + # How long do we keep contract / payment information around after the # purchase (for tax records and other legal reasons). LEGAL_PRESERVATION = 11 years diff --git a/src/backend/taler-merchant-httpd.c b/src/backend/taler-merchant-httpd.c index dd6e5a07..5a581928 100644 --- a/src/backend/taler-merchant-httpd.c +++ b/src/backend/taler-merchant-httpd.c @@ -118,6 +118,13 @@ char *TMH_currency; /** + * What is the base URL for this merchant backend? NULL if it is not + * configured and is to be determined from HTTP headers (X-Forwarded-Host and + * X-Forwarded-Port and X-Forwarded-Prefix) of the reverse proxy. + */ +char *TMH_base_url; + +/** * Inform the auditor for all deposit confirmations (global option) */ int TMH_force_audit; @@ -153,7 +160,7 @@ unsigned int TMH_num_cspecs; /** * Rendering specs for currencies. - */ + */ struct TALER_CurrencySpecification *TMH_cspecs; /** @@ -2180,7 +2187,7 @@ run (void *cls, GNUNET_SCHEDULER_shutdown (); return; } - + if (GNUNET_OK != GNUNET_CONFIGURATION_get_value_time (cfg, "merchant", @@ -2193,6 +2200,27 @@ run (void *cls, GNUNET_SCHEDULER_shutdown (); return; } + if (GNUNET_OK == + GNUNET_CONFIGURATION_get_value_string (cfg, + "merchant", + "BASE_URL", + &TMH_base_url)) + { + if ( (0 != strncasecmp (TMH_base_url, + "https://", + strlen ("https://"))) && + (0 != strncasecmp (TMH_base_url, + "http://", + strlen ("http://"))) ) + { + GNUNET_log_config_invalid (GNUNET_ERROR_TYPE_ERROR, + "merchant", + "BASE_URL", + "Needs to start with 'http://' or 'https://'"); + GNUNET_SCHEDULER_shutdown (); + return; + } + } if (GNUNET_YES == GNUNET_CONFIGURATION_get_value_yesno (cfg, "merchant", diff --git a/src/backend/taler-merchant-httpd.h b/src/backend/taler-merchant-httpd.h index 3f34557e..7ccf0575 100644 --- a/src/backend/taler-merchant-httpd.h +++ b/src/backend/taler-merchant-httpd.h @@ -410,7 +410,8 @@ struct TMH_HandlerContext; /** * Possible authorization scopes. This is a bit mask. */ -enum TMH_AuthScope { +enum TMH_AuthScope +{ /** * Nothing is authorized. */ @@ -672,13 +673,20 @@ struct TMH_SuspendedConnection extern char *TMH_currency; /** + * What is the base URL for this merchant backend? NULL if it is not + * configured and is to be determined from HTTP headers (X-Forwarded-Host and + * X-Forwarded-Port and X-Forwarded-Prefix) of the reverse proxy. + */ +extern char *TMH_base_url; + +/** * Length of the TMH_cspecs array. */ extern unsigned int TMH_num_cspecs; /** * Rendering specs for currencies. - */ + */ extern struct TALER_CurrencySpecification *TMH_cspecs; /** diff --git a/src/backend/taler-merchant-httpd_helper.c b/src/backend/taler-merchant-httpd_helper.c index 2e06a432..ac181234 100644 --- a/src/backend/taler-merchant-httpd_helper.c +++ b/src/backend/taler-merchant-httpd_helper.c @@ -748,48 +748,59 @@ TMH_base_url_by_connection (struct MHD_Connection *connection, memset (buf, 0, sizeof (*buf)); - if (GNUNET_YES == TALER_mhd_is_https (connection)) - GNUNET_buffer_write_str (buf, "https://"); - else - GNUNET_buffer_write_str (buf, "http://"); - host = MHD_lookup_connection_value (connection, - MHD_HEADER_KIND, - MHD_HTTP_HEADER_HOST); - forwarded_host = MHD_lookup_connection_value (connection, - MHD_HEADER_KIND, - "X-Forwarded-Host"); - if (NULL != forwarded_host) + if (NULL != TMH_base_url) { GNUNET_buffer_write_str (buf, - forwarded_host); + TMH_base_url); } else { - if (NULL == host) + if (GNUNET_YES == + TALER_mhd_is_https (connection)) + GNUNET_buffer_write_str (buf, + "https://"); + else + GNUNET_buffer_write_str (buf, + "http://"); + host = MHD_lookup_connection_value (connection, + MHD_HEADER_KIND, + MHD_HTTP_HEADER_HOST); + forwarded_host = MHD_lookup_connection_value (connection, + MHD_HEADER_KIND, + "X-Forwarded-Host"); + if (NULL != forwarded_host) { - GNUNET_buffer_clear (buf); - GNUNET_break (0); - return GNUNET_SYSERR; + GNUNET_buffer_write_str (buf, + forwarded_host); } - GNUNET_buffer_write_str (buf, - host); - } - forwarded_port = MHD_lookup_connection_value (connection, - MHD_HEADER_KIND, - "X-Forwarded-Port"); - if (NULL != forwarded_port) - { - GNUNET_buffer_write_str (buf, - ":"); - GNUNET_buffer_write_str (buf, - forwarded_port); + else + { + if (NULL == host) + { + GNUNET_buffer_clear (buf); + GNUNET_break (0); + return GNUNET_SYSERR; + } + GNUNET_buffer_write_str (buf, + host); + } + forwarded_port = MHD_lookup_connection_value (connection, + MHD_HEADER_KIND, + "X-Forwarded-Port"); + if (NULL != forwarded_port) + { + GNUNET_buffer_write_str (buf, + ":"); + GNUNET_buffer_write_str (buf, + forwarded_port); + } + uri_path = MHD_lookup_connection_value (connection, + MHD_HEADER_KIND, + "X-Forwarded-Prefix"); + if (NULL != uri_path) + GNUNET_buffer_write_path (buf, + uri_path); } - uri_path = MHD_lookup_connection_value (connection, - MHD_HEADER_KIND, - "X-Forwarded-Prefix"); - if (NULL != uri_path) - GNUNET_buffer_write_path (buf, - uri_path); if (0 != strcmp (instance, "default")) { |