From 1ca25d6db21187dd82d83edbda11a507c16ec9f3 Mon Sep 17 00:00:00 2001
From: Christian Grothoff <christian@grothoff.org>
Date: Thu, 4 Mar 2021 12:08:18 +0100
Subject: fix #6780

---
 src/backend/taler-merchant-httpd.c         | 67 +++++++++++++++++-------------
 src/lib/merchant_api_delete_instance.c     |  2 +-
 src/lib/merchant_api_get_instance.c        |  2 +-
 src/lib/merchant_api_patch_instance.c      |  2 +-
 src/testing/testing_api_cmd_delete_order.c | 12 +++++-
 5 files changed, 50 insertions(+), 35 deletions(-)

diff --git a/src/backend/taler-merchant-httpd.c b/src/backend/taler-merchant-httpd.c
index 5519f517..e46e4c8e 100644
--- a/src/backend/taler-merchant-httpd.c
+++ b/src/backend/taler-merchant-httpd.c
@@ -960,6 +960,7 @@ TMH_add_instance (struct TMH_MerchantInstance *mi)
   return ret;
 }
 
+
 /**
  * Extract the token from authorization header value @a auth.
  *
@@ -990,6 +991,7 @@ extract_token (const char **auth)
   *auth = tok;
 }
 
+
 /**
  * A client has requested the given url using the given method
  * (#MHD_HTTP_METHOD_GET, #MHD_HTTP_METHOD_PUT,
@@ -1041,13 +1043,30 @@ url_handler (void *cls,
              void **con_cls)
 {
   static struct TMH_RequestHandler private_handlers[] = {
-    /* GET /instances: */
+    /* GET /instances; MUST be at the beginning of the
+       array, as this endpoint ONLY applies to the
+       default instance! See use_default logic below. */
     {
       .url_prefix = "/instances",
       .method = MHD_HTTP_METHOD_GET,
       .skip_instance = true,
       .handler = &TMH_private_get_instances
     },
+    /* POST /instances; MUST be at the beginning of the
+       array, as this endpoint ONLY applies to the
+       default instance! See use_default logic below. */
+    {
+      .url_prefix = "/instances",
+      .method = MHD_HTTP_METHOD_POST,
+      .skip_instance = true,
+      .handler = &TMH_private_post_instances,
+      /* allow instance data of up to 8 MB, that should be plenty;
+         note that exceeding #GNUNET_MAX_MALLOC_CHECKED (40 MB)
+         would require further changes to the allocation logic
+         in the code... */
+      .max_upload = 1024 * 1024 * 8
+    },
+    /* **** End of array entries specific to default instance **** */
     /* GET /instances/$ID/: */
     {
       .url_prefix = "/",
@@ -1071,18 +1090,6 @@ url_handler (void *cls,
          in the code... */
       .max_upload = 1024 * 1024 * 8
     },
-    /* POST /instances: */
-    {
-      .url_prefix = "/instances",
-      .method = MHD_HTTP_METHOD_POST,
-      .skip_instance = true,
-      .handler = &TMH_private_post_instances,
-      /* allow instance data of up to 8 MB, that should be plenty;
-         note that exceeding #GNUNET_MAX_MALLOC_CHECKED (40 MB)
-         would require further changes to the allocation logic
-         in the code... */
-      .max_upload = 1024 * 1024 * 8
-    },
     /* POST /auth: */
     {
       .url_prefix = "/auth",
@@ -1404,6 +1411,7 @@ url_handler (void *cls,
   struct TMH_HandlerContext *hc = *con_cls;
   struct TMH_RequestHandler *handlers;
   bool use_private = false;
+  bool use_default = false;
 
   (void) cls;
   (void) version;
@@ -1484,18 +1492,6 @@ url_handler (void *cls,
                        MHD_HTTP_METHOD_HEAD))
     method = MHD_HTTP_METHOD_GET; /* MHD will deal with the rest */
 
-  {
-    const char *private_prefix = "/private/";
-
-    if (0 == strncmp (url,
-                      private_prefix,
-                      strlen (private_prefix)))
-    {
-      use_private = true;
-      url += strlen (private_prefix) - 1;
-    }
-  }
-
   /* Find out the merchant backend instance for the request.
    * If there is an instance, remove the instance specification
    * from the beginning of the request URL. */
@@ -1518,6 +1514,11 @@ url_handler (void *cls,
                                       slash - istart);
       hc->instance = TMH_lookup_instance (instance_id);
       GNUNET_free (instance_id);
+      if (NULL == hc->instance)
+        return TALER_MHD_reply_with_error (connection,
+                                           MHD_HTTP_NOT_FOUND,
+                                           TALER_EC_GENERIC_ENDPOINT_UNKNOWN,
+                                           url);
       if (NULL == slash)
         url = "";
       else
@@ -1526,6 +1527,7 @@ url_handler (void *cls,
     else
     {
       /* use 'default' */
+      use_default = true;
       hc->instance = TMH_lookup_instance (NULL);
       if ( (NULL != default_auth) &&
            (NULL != hc->instance) )
@@ -1544,17 +1546,22 @@ url_handler (void *cls,
   {
     const char *private_prefix = "/private/";
 
-    if (0 == strncmp (url,
-                      private_prefix,
-                      strlen (private_prefix)))
+    if ( (0 == strncmp (url,
+                        private_prefix,
+                        strlen (private_prefix))) ||
+         (0 == strcmp (url,
+                       "/private")) )
     {
-      handlers = private_handlers;
+      if (use_default)
+        handlers = private_handlers;
+      else
+        handlers = &private_handlers[2]; /* skip first two methods: default instance-only! */
       url += strlen (private_prefix) - 1;
       use_private = true;
     }
     else
     {
-      handlers = (use_private) ? private_handlers : public_handlers;
+      handlers = public_handlers;
     }
   }
 
diff --git a/src/lib/merchant_api_delete_instance.c b/src/lib/merchant_api_delete_instance.c
index 793b413c..4568f7e1 100644
--- a/src/lib/merchant_api_delete_instance.c
+++ b/src/lib/merchant_api_delete_instance.c
@@ -144,7 +144,7 @@ instance_delete (struct GNUNET_CURL_Context *ctx,
     char *path;
 
     GNUNET_asprintf (&path,
-                     "private/instances/%s",
+                     "instances/%s/private",
                      instance_id);
     if (purge)
       idh->url = TALER_url_join (backend_url,
diff --git a/src/lib/merchant_api_get_instance.c b/src/lib/merchant_api_get_instance.c
index 42d77da9..696bb964 100644
--- a/src/lib/merchant_api_get_instance.c
+++ b/src/lib/merchant_api_get_instance.c
@@ -242,7 +242,7 @@ TALER_MERCHANT_instance_get (struct GNUNET_CURL_Context *ctx,
     char *path;
 
     GNUNET_asprintf (&path,
-                     "private/instances/%s",
+                     "instances/%s/private",
                      instance_id);
     igh->url = TALER_url_join (backend_url,
                                path,
diff --git a/src/lib/merchant_api_patch_instance.c b/src/lib/merchant_api_patch_instance.c
index bd69a8ba..2fc8eaff 100644
--- a/src/lib/merchant_api_patch_instance.c
+++ b/src/lib/merchant_api_patch_instance.c
@@ -227,7 +227,7 @@ TALER_MERCHANT_instance_patch (
     char *path;
 
     GNUNET_asprintf (&path,
-                     "private/instances/%s",
+                     "instances/%s/private",
                      instance_id);
     iph->url = TALER_url_join (backend_url,
                                path,
diff --git a/src/testing/testing_api_cmd_delete_order.c b/src/testing/testing_api_cmd_delete_order.c
index 73bf93be..6d97b611 100644
--- a/src/testing/testing_api_cmd_delete_order.c
+++ b/src/testing/testing_api_cmd_delete_order.c
@@ -87,11 +87,19 @@ delete_order_cb (void *cls,
   }
   switch (hr->http_status)
   {
-  case MHD_HTTP_OK:
+  case MHD_HTTP_NO_CONTENT:
+    break;
+  case MHD_HTTP_UNAUTHORIZED:
+    break;
+  case MHD_HTTP_NOT_FOUND:
+    break;
+  case MHD_HTTP_CONFLICT:
     break;
   default:
+    GNUNET_break (0);
     GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
-                "Unhandled HTTP status.\n");
+                "Unhandled HTTP status %d.\n",
+                hr->http_status);
   }
   TALER_TESTING_interpreter_next (dos->is);
 }
-- 
cgit v1.2.3