challenger

OAuth 2.0-based authentication service that validates user can receive messages at a certain address
Log | Files | Refs | Submodules | README | LICENSE
commit 2e05624e11631d3fe2236f51adb7f085183bd187
parent e791f3da5cc17a0e839be21c8f192b94a2cac5cc
Author: Christian Grothoff <christian@grothoff.org>
Date:   Sun, 31 May 2026 14:23:17 +0200

minor cleanups

Diffstat:

Msrc/challenger/challenger-httpd.c | 53+++++++++++++----------------------------------------


Msrc/challenger/challenger-httpd.h | 7++++++-


Msrc/challenger/challenger-httpd_token.c | 7++-----


Msrc/challengerdb/challenger_do_challenge_set_address_and_pin.sql | 2+-


Msrc/challengerdb/challenger_do_validate_and_solve_pin.sql | 2+-


5 files changed, 23 insertions(+), 48 deletions(-)

diff --git a/src/challenger/challenger-httpd.c b/src/challenger/challenger-httpd.c
@@ -63,66 +63,28 @@ static int global_ret;
  */
 static bool have_daemons;
 
-/**
- * Connection handle to the our database
- */
 struct CHALLENGERDB_PostgresContext *CH_context;
 
-/**
- * (external) base URL of this service.
- */
 char *CH_base_url;
 
-/**
- * Mustach template for the letter to send.
- * WARNING: not 0-terminated! Allocated via mmap(), free with munmap()!
- */
 void *CH_message_template;
 
-/**
- * Number of bytes in #CH_message_template
- */
 size_t CH_message_template_len;
 
-/**
- * How long is an individual validation request valid?
- */
 struct GNUNET_TIME_Relative CH_validation_duration;
 
-/**
- * How long validated data considered to be valid?
- */
 struct GNUNET_TIME_Relative CH_validation_expiration;
 
-/**
- * How often do we retransmit the challenge.
- */
+struct GNUNET_TIME_Relative CH_token_expiration;
+
 struct GNUNET_TIME_Relative CH_pin_retransmission_frequency;
 
-/**
- * JSON object with key-object pairs mapping address keys (from the
- * form) to an object with a field "regex" containing a regular
- * expressions expressing restrictions on values for the address and a
- * field "hint" (and possibly "hint_i18n") containing a human-readable
- * message explaining the restriction. Missing map entries indicate
- * that the input is unrestricted.
- */
 json_t *CH_restrictions;
 
-/**
- * Type of addresses this challenger validates.
- */
 char *CH_address_type;
 
-/**
- * Hint to show to users about the address to enter.
- */
 char *CH_address_hint;
 
-/**
- * Helper command to run for transmission of
- * challenge values.
- */
 char *CH_auth_command;
 
 
@@ -568,6 +530,17 @@ run (void *cls,
     return;
   }
   if (GNUNET_OK !=
+      GNUNET_CONFIGURATION_get_value_time (config,
+                                           "CHALLENGER",
+                                           "TOKEN_EXPIRATION",
+                                           &CH_token_expiration))
+  {
+    GNUNET_log_config_missing (GNUNET_ERROR_TYPE_WARNING,
+                               "CHALLENGER",
+                               "VALIDATION_EXPIRATION");
+    CH_token_expiration = GNUNET_TIME_UNIT_HOURS;
+  }
+  if (GNUNET_OK !=
       GNUNET_CONFIGURATION_get_value_string (config,
                                              "CHALLENGER",
                                              "AUTH_COMMAND",
diff --git a/src/challenger/challenger-httpd.h b/src/challenger/challenger-httpd.h
@@ -174,11 +174,16 @@ extern size_t CH_message_template_len;
 extern struct GNUNET_TIME_Relative CH_validation_duration;
 
 /**
- * How long validated data considered to be valid?
+ * How long should validated data be considered valid?
  */
 extern struct GNUNET_TIME_Relative CH_validation_expiration;
 
 /**
+ * How long should the access token be valid?
+ */
+extern struct GNUNET_TIME_Relative CH_token_expiration;
+
+/**
  * How often do we retransmit the challenge.
  */
 extern struct GNUNET_TIME_Relative CH_pin_retransmission_frequency;
diff --git a/src/challenger/challenger-httpd_token.c b/src/challenger/challenger-httpd_token.c
@@ -617,9 +617,6 @@ CH_handler_token (struct CH_HandlerContext *hc,
   {
     struct CHALLENGER_AccessTokenP token;
     enum GNUNET_DB_QueryStatus qs;
-    /* FIXME: do not hard-code 1h? */
-    struct GNUNET_TIME_Relative token_expiration
-      = GNUNET_TIME_UNIT_HOURS;
 
     GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_NONCE,
                                 &token,
@@ -627,7 +624,7 @@ CH_handler_token (struct CH_HandlerContext *hc,
     qs = CHALLENGERDB_token_add_token (CH_context,
                                        &bc->nonce,
                                        &token,
-                                       token_expiration,
+                                       CH_token_expiration,
                                        CH_validation_expiration);
     switch (qs)
     {
@@ -661,7 +658,7 @@ CH_handler_token (struct CH_HandlerContext *hc,
       GNUNET_JSON_pack_string ("token_type",
                                "Bearer"),
       GNUNET_JSON_pack_uint64 ("expires_in",
-                               token_expiration.rel_value_us
+                               CH_token_expiration.rel_value_us
                                / GNUNET_TIME_UNIT_SECONDS.rel_value_us));
   }
 }
diff --git a/src/challengerdb/challenger_do_challenge_set_address_and_pin.sql b/src/challengerdb/challenger_do_challenge_set_address_and_pin.sql
@@ -125,7 +125,7 @@ THEN
    ,last_tx_time=my_status.last_tx_time
    ,last_pin=my_status.last_pin
    ,auth_attempts_left=my_status.auth_attempts_left
-  WHERE nonce=$1;
+  WHERE nonce=in_nonce;
 END IF;
 
 RETURN;
diff --git a/src/challengerdb/challenger_do_validate_and_solve_pin.sql b/src/challengerdb/challenger_do_validate_and_solve_pin.sql
@@ -98,7 +98,7 @@ END IF;
 
 UPDATE validations
  SET auth_attempts_left=out_auth_attempts_left
- WHERE nonce=$1;
+ WHERE nonce=in_nonce;
 
 RETURN;