commit e19052d28d93055db39fb1c03f978bfd2f2875a5
parent ddec0bfcadd6544cd5dadb6757bac5509d59fa48
Author: Christian Grothoff <grothoff@gnu.org>
Date: Sat, 25 Apr 2026 22:27:54 +0200
remove database plugin logic
Diffstat:
92 files changed, 2731 insertions(+), 3221 deletions(-)
diff --git a/src/challenger/challenger-admin.c b/src/challenger/challenger-admin.c
@@ -23,6 +23,11 @@
#include <gnunet/gnunet_db_lib.h>
#include "challenger_util.h"
#include "challenger_database_lib.h"
+#include "challenger-database/client_delete.h"
+#include "challenger-database/client_check.h"
+#include "challenger-database/client_modify.h"
+#include "challenger-database/client_add.h"
+#include "challenger-database/preflight.h"
/**
@@ -72,7 +77,7 @@ run (void *cls,
const struct GNUNET_CONFIGURATION_Handle *cfg)
{
const char *redirect_uri = args[0];
- struct CHALLENGER_DatabasePlugin *plugin;
+ struct CHALLENGERDB_PostgresContext *db;
(void) cls;
(void) cfgfile;
@@ -95,11 +100,11 @@ run (void *cls,
return;
}
if (NULL ==
- (plugin = CHALLENGER_DB_plugin_load (cfg,
- false)))
+ (db = CHALLENGERDB_connect (cfg,
+ false)))
{
GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
- "Failed to initialize database plugin.\n");
+ "Failed to initialize database connection.\n");
global_ret = EXIT_NOTINSTALLED;
return;
}
@@ -114,8 +119,8 @@ run (void *cls,
global_ret = EXIT_INVALIDARGUMENT;
goto cleanup;
}
- qs = plugin->client_delete (plugin->cls,
- redirect_uri);
+ qs = CHALLENGERDB_client_delete (db,
+ redirect_uri);
switch (qs)
{
case GNUNET_DB_STATUS_SOFT_ERROR:
@@ -153,10 +158,10 @@ run (void *cls,
goto cleanup;
}
- qs = plugin->client_modify (plugin->cls,
- row_id,
- redirect_uri,
- client_secret);
+ qs = CHALLENGERDB_client_modify (db,
+ row_id,
+ redirect_uri,
+ client_secret);
switch (qs)
{
case GNUNET_DB_STATUS_SOFT_ERROR:
@@ -183,10 +188,10 @@ run (void *cls,
enum GNUNET_DB_QueryStatus qs;
uint64_t row_id;
- qs = plugin->client_check2 (plugin->cls,
- redirect_uri,
- client_secret,
- &row_id);
+ qs = CHALLENGERDB_client_check2 (db,
+ redirect_uri,
+ client_secret,
+ &row_id);
switch (qs)
{
case GNUNET_DB_STATUS_SOFT_ERROR:
@@ -207,10 +212,10 @@ run (void *cls,
(unsigned long long) row_id);
goto cleanup;
}
- qs = plugin->client_add (plugin->cls,
- redirect_uri,
- client_secret,
- &row_id);
+ qs = CHALLENGERDB_client_add (db,
+ redirect_uri,
+ client_secret,
+ &row_id);
switch (qs)
{
case GNUNET_DB_STATUS_SOFT_ERROR:
@@ -237,7 +242,7 @@ run (void *cls,
goto cleanup;
}
cleanup:
- CHALLENGER_DB_plugin_unload (plugin);
+ CHALLENGERDB_disconnect (db);
}
diff --git a/src/challenger/challenger-httpd.c b/src/challenger/challenger-httpd.c
@@ -35,6 +35,7 @@
#include "challenger-httpd_token.h"
#include "challenger-httpd_spa.h"
#include "challenger_database_lib.h"
+#include "challenger-database/preflight.h"
/**
@@ -65,7 +66,7 @@ static bool have_daemons;
/**
* Connection handle to the our database
*/
-struct CHALLENGER_DatabasePlugin *CH_db;
+struct CHALLENGERDB_PostgresContext *CH_context;
/**
* (external) base URL of this service.
@@ -389,10 +390,10 @@ do_shutdown (void *cls)
GNUNET_CURL_gnunet_rc_destroy (rc);
rc = NULL;
}
- if (NULL != CH_db)
+ if (NULL != CH_context)
{
- CHALLENGER_DB_plugin_unload (CH_db);
- CH_db = NULL;
+ CHALLENGERDB_disconnect (CH_context);
+ CH_context = NULL;
}
}
@@ -425,7 +426,7 @@ handle_mhd_completion_callback (void *cls,
return;
GNUNET_assert (hc->connection == connection);
GNUNET_break (GNUNET_OK ==
- CH_db->preflight (CH_db->cls));
+ CHALLENGERDB_preflight (CH_context));
ci = MHD_get_connection_info (connection,
MHD_CONNECTION_INFO_HTTP_STATUS);
GNUNET_log (GNUNET_ERROR_TYPE_INFO,
@@ -735,7 +736,7 @@ run (void *cls,
&rc);
rc = GNUNET_CURL_gnunet_rc_create (CH_ctx);
if (NULL ==
- (CH_db = CHALLENGER_DB_plugin_load (config,
+ (CH_context = CHALLENGERDB_connect (config,
false)))
{
global_ret = EXIT_NOTINSTALLED;
@@ -743,7 +744,7 @@ run (void *cls,
return;
}
if (GNUNET_OK !=
- CH_db->preflight (CH_db->cls))
+ CHALLENGERDB_preflight (CH_context))
{
GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
"Database not setup. Did you run challenger-dbinit?\n");
diff --git a/src/challenger/challenger-httpd.h b/src/challenger/challenger-httpd.h
@@ -25,6 +25,7 @@
#include <microhttpd.h>
#include <taler/taler_mhd_lib.h>
#include "challenger_database_lib.h"
+#include "challenger_util.h"
#include <gnunet/gnunet_mhd_compat.h>
@@ -128,7 +129,7 @@ struct CH_RequestHandler
/**
* Handle to the database backend.
*/
-extern struct CHALLENGER_DatabasePlugin *CH_db;
+extern struct CHALLENGERDB_PostgresContext *CH_context;
/**
* Our context for making HTTP requests.
diff --git a/src/challenger/challenger-httpd_authorize.c b/src/challenger/challenger-httpd_authorize.c
@@ -21,10 +21,12 @@
#include "platform.h"
#include "challenger-httpd.h"
#include <gnunet/gnunet_util_lib.h>
+#include <gnunet/gnunet_db_lib.h>
#include <taler/taler_templating_lib.h>
#include "challenger-httpd_authorize.h"
#include "challenger-httpd_common.h"
#include "challenger-httpd_spa.h"
+#include "challenger-database/authorize_start.h"
#include "challenger_cm_enums.h"
/**
@@ -219,20 +221,20 @@ CH_handler_authorize (struct CH_HandlerContext *hc,
configured for the client and this one differs. */
for (unsigned int r = 0; r<MAX_RETRIES; r++)
{
- qs = CH_db->authorize_start (CH_db->cls,
- &nonce,
- client_id,
- scope,
- state,
- redirect_uri,
- code_challenge,
- (uint32_t) code_challenge_method_enum,
- &last_address,
- &address_attempts_left,
- &pin_transmissions_left,
- &auth_attempts_left,
- &solved,
- &last_tx_time);
+ qs = CHALLENGERDB_authorize_start (CH_context,
+ &nonce,
+ client_id,
+ scope,
+ state,
+ redirect_uri,
+ code_challenge,
+ (uint32_t) code_challenge_method_enum,
+ &last_address,
+ &address_attempts_left,
+ &pin_transmissions_left,
+ &auth_attempts_left,
+ &solved,
+ &last_tx_time);
switch (qs)
{
case GNUNET_DB_STATUS_HARD_ERROR:
diff --git a/src/challenger/challenger-httpd_challenge.c b/src/challenger/challenger-httpd_challenge.c
@@ -22,10 +22,13 @@
#include "challenger-httpd.h"
#include <regex.h>
#include <gnunet/gnunet_util_lib.h>
+#include <gnunet/gnunet_pq_lib.h>
#include "challenger-httpd_challenge.h"
#include <taler/taler_json_lib.h>
#include <taler/taler_templating_lib.h>
#include <taler/taler_signatures.h>
+#include "challenger-database/challenge_set_address_and_pin.h"
+#include "challenger-database/address_get.h"
#include "challenger-httpd_common.h"
/**
@@ -781,10 +784,9 @@ CH_handler_challenge (struct CH_HandlerContext *hc,
const json_t *ro;
GNUNET_assert (NULL == bc->client_redirect_uri);
- qs = CH_db->address_get (
- CH_db->cls,
- &bc->nonce,
- &old_address);
+ qs = CHALLENGERDB_address_get (CH_context,
+ &bc->nonce,
+ &old_address);
switch (qs)
{
case GNUNET_DB_STATUS_HARD_ERROR:
@@ -830,19 +832,18 @@ CH_handler_challenge (struct CH_HandlerContext *hc,
}
json_decref (old_address);
- qs = CH_db->challenge_set_address_and_pin (
- CH_db->cls,
- &bc->nonce,
- bc->address,
- CH_validation_duration,
- &bc->tan,
- &bc->state,
- &bc->last_tx_time,
- &bc->pin_attempts_left,
- &bc->retransmit,
- &bc->client_redirect_uri,
- &bc->address_refused,
- &bc->solved);
+ qs = CHALLENGERDB_challenge_set_address_and_pin (CH_context,
+ &bc->nonce,
+ bc->address,
+ CH_validation_duration,
+ &bc->tan,
+ &bc->state,
+ &bc->last_tx_time,
+ &bc->pin_attempts_left,
+ &bc->retransmit,
+ &bc->client_redirect_uri,
+ &bc->address_refused,
+ &bc->solved);
switch (qs)
{
case GNUNET_DB_STATUS_HARD_ERROR:
diff --git a/src/challenger/challenger-httpd_info.c b/src/challenger/challenger-httpd_info.c
@@ -21,8 +21,11 @@
#include "platform.h"
#include "challenger-httpd.h"
#include <gnunet/gnunet_util_lib.h>
+#include <gnunet/gnunet_db_lib.h>
#include "challenger-httpd_common.h"
#include "challenger-httpd_info.h"
+#include "challenger-database/info_get_token.h"
+
/**
* Prefix of a 'Bearer' token in an 'Authorization' HTTP header.
@@ -90,11 +93,11 @@ CH_handler_info (struct CH_HandlerContext *hc,
enum GNUNET_DB_QueryStatus qs;
struct GNUNET_TIME_Timestamp address_expiration;
- qs = CH_db->info_get_token (CH_db->cls,
- &grant,
- &id,
- &address,
- &address_expiration);
+ qs = CHALLENGERDB_info_get_token (CH_context,
+ &grant,
+ &id,
+ &address,
+ &address_expiration);
switch (qs)
{
case GNUNET_DB_STATUS_HARD_ERROR:
diff --git a/src/challenger/challenger-httpd_setup.c b/src/challenger/challenger-httpd_setup.c
@@ -21,8 +21,12 @@
#include "platform.h"
#include "challenger-httpd.h"
#include <gnunet/gnunet_util_lib.h>
+#include <gnunet/gnunet_db_lib.h>
#include "challenger-httpd_setup.h"
#include "challenger-httpd_common.h"
+#include "challenger-database/setup_nonce.h"
+#include "challenger-database/client_check.h"
+
/**
* Maximum number of retries for the database interaction.
@@ -185,11 +189,11 @@ CH_handler_setup (struct CH_HandlerContext *hc,
enum GNUNET_DB_QueryStatus qs;
char *client_url = NULL;
- qs = CH_db->client_check (CH_db->cls,
- (uint64_t) client_id,
- client_secret,
- 1,
- &client_url);
+ qs = CHALLENGERDB_client_check (CH_context,
+ (uint64_t) client_id,
+ client_secret,
+ 1,
+ &client_url);
switch (qs)
{
case GNUNET_DB_STATUS_HARD_ERROR:
@@ -227,11 +231,11 @@ CH_handler_setup (struct CH_HandlerContext *hc,
GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_NONCE,
&nonce,
sizeof (nonce));
- qs = CH_db->setup_nonce (CH_db->cls,
- client_id,
- &nonce,
- expiration_time,
- sc->root);
+ qs = CHALLENGERDB_setup_nonce (CH_context,
+ client_id,
+ &nonce,
+ expiration_time,
+ sc->root);
switch (qs)
{
case GNUNET_DB_STATUS_HARD_ERROR:
diff --git a/src/challenger/challenger-httpd_solve.c b/src/challenger/challenger-httpd_solve.c
@@ -21,11 +21,15 @@
#include "platform.h"
#include "challenger-httpd.h"
#include <gnunet/gnunet_util_lib.h>
+#include <gnunet/gnunet_db_lib.h>
#include "challenger-httpd_common.h"
#include "challenger-httpd_solve.h"
#include <taler/taler_json_lib.h>
#include <taler/taler_templating_lib.h>
#include <taler/taler_signatures.h>
+#include "challenger-database/validation_get.h"
+#include "challenger-database/validate_solve_pin.h"
+
/**
* Maximum number of retries for the database interaction.
@@ -271,17 +275,17 @@ CH_handler_solve (struct CH_HandlerContext *hc,
for (unsigned int r = 0; r<MAX_RETRIES; r++)
{
- qs = CH_db->validate_solve_pin (CH_db->cls,
- &bc->nonce,
- pin,
- &solved,
- &exhausted,
- &no_challenge,
- &bc->state,
- &bc->addr_left,
- &bc->auth_attempts_left,
- &bc->pin_transmissions_left,
- &bc->client_redirect_uri);
+ qs = CHALLENGERDB_validate_solve_pin (CH_context,
+ &bc->nonce,
+ pin,
+ &solved,
+ &exhausted,
+ &no_challenge,
+ &bc->state,
+ &bc->addr_left,
+ &bc->auth_attempts_left,
+ &bc->pin_transmissions_left,
+ &bc->client_redirect_uri);
switch (qs)
{
case GNUNET_DB_STATUS_HARD_ERROR:
@@ -370,13 +374,13 @@ CH_handler_solve (struct CH_HandlerContext *hc,
char *client_redirect_uri;
enum GNUNET_DB_QueryStatus qs;
- qs = CH_db->validation_get (CH_db->cls,
- &bc->nonce,
- &client_secret,
- &address,
- &client_scope,
- &client_state,
- &client_redirect_uri);
+ qs = CHALLENGERDB_validation_get (CH_context,
+ &bc->nonce,
+ &client_secret,
+ &address,
+ &client_scope,
+ &client_state,
+ &client_redirect_uri);
switch (qs)
{
case GNUNET_DB_STATUS_HARD_ERROR:
diff --git a/src/challenger/challenger-httpd_token.c b/src/challenger/challenger-httpd_token.c
@@ -21,11 +21,15 @@
#include "platform.h"
#include "challenger-httpd.h"
#include <gnunet/gnunet_util_lib.h>
+#include <gnunet/gnunet_db_lib.h>
#include "challenger-httpd_token.h"
#include "challenger-httpd_common.h"
#include <taler/taler_json_lib.h>
#include <taler/taler_signatures.h>
#include "challenger_cm_enums.h"
+#include "challenger-database/validation_get_pkce.h"
+#include "challenger-database/client_check.h"
+#include "challenger-database/token_add_token.h"
/**
@@ -304,11 +308,11 @@ CH_handler_token (struct CH_HandlerContext *hc,
"client_id");
}
- qs = CH_db->client_check (CH_db->cls,
- client_id,
- bc->client_secret,
- 0, /* do not increment */
- &client_url);
+ qs = CHALLENGERDB_client_check (CH_context,
+ client_id,
+ bc->client_secret,
+ 0, /* do not increment */
+ &client_url);
switch (qs)
{
case GNUNET_DB_STATUS_HARD_ERROR:
@@ -373,15 +377,15 @@ CH_handler_token (struct CH_HandlerContext *hc,
char *code;
enum CHALLENGER_CM code_challenge_method_enum;
- qs = CH_db->validation_get_pkce (CH_db->cls,
- &bc->nonce,
- &client_secret,
- &address,
- &client_scope,
- &client_state,
- &client_redirect_uri,
- &code_challenge,
- &code_challenge_method);
+ qs = CHALLENGERDB_validation_get_pkce (CH_context,
+ &bc->nonce,
+ &client_secret,
+ &address,
+ &client_scope,
+ &client_state,
+ &client_redirect_uri,
+ &code_challenge,
+ &code_challenge_method);
switch (qs)
{
case GNUNET_DB_STATUS_HARD_ERROR:
@@ -619,11 +623,11 @@ CH_handler_token (struct CH_HandlerContext *hc,
GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_NONCE,
&token,
sizeof (token));
- qs = CH_db->token_add_token (CH_db->cls,
- &bc->nonce,
- &token,
- token_expiration,
- CH_validation_expiration);
+ qs = CHALLENGERDB_token_add_token (CH_context,
+ &bc->nonce,
+ &token,
+ token_expiration,
+ CH_validation_expiration);
switch (qs)
{
case GNUNET_DB_STATUS_HARD_ERROR:
diff --git a/src/challengerdb/Makefile.am b/src/challengerdb/Makefile.am
@@ -1,19 +1,11 @@
# This Makefile.am is in the public domain
-AM_CPPFLAGS = -I$(top_srcdir)/src/include
+AM_CPPFLAGS = -I$(top_srcdir)/src/include -I$(top_srcdir)/src/include/challenger-database
pkgcfgdir = $(prefix)/share/challenger/config.d/
pkgcfg_DATA = \
challenger_db_postgres.conf
-plugindir = $(libdir)/challenger
-
-if HAVE_POSTGRESQL
-if HAVE_GNUNETPQ
-plugin_LTLIBRARIES = \
- libchallenger_plugin_db_postgres.la
-endif
-endif
if USE_COVERAGE
AM_CFLAGS = --coverage -O0
@@ -57,44 +49,37 @@ challenger_dbinit_LDADD = \
lib_LTLIBRARIES = \
libchallengerdb.la
libchallengerdb_la_SOURCES = \
- challenger_db_plugin.c
+ address_get.c \
+ client_add.c \
+ client_modify.c \
+ client_delete.c \
+ client_check.c \
+ create_tables.c \
+ drop_tables.c \
+ gc.c \
+ info_get_token.c \
+ token_add_token.c \
+ setup_nonce.c \
+ preflight.c \
+ pg.c pg_helper.h \
+ authorize_start.c \
+ challenge_set_address_and_pin.c \
+ validate_solve_pin.c \
+ validation_get.c \
+ validation_get_pkce.c
libchallengerdb_la_LIBADD = \
+ $(LTLIBINTL) \
$(top_builddir)/src/util/libchallengerutil.la \
-lgnunetpq \
-lpq \
+ -ltalerpq \
-lgnunetutil \
- -lltdl \
$(XLIB)
libchallengerdb_la_LDFLAGS = \
$(POSTGRESQL_LDFLAGS) \
-version-info 0:1:0 \
-no-undefined
-libchallenger_plugin_db_postgres_la_SOURCES = \
- pg_address_get.h pg_address_get.c \
- pg_client_add.h pg_client_add.c \
- pg_client_modify.h pg_client_modify.c \
- pg_client_delete.h pg_client_delete.c \
- pg_client_check.h pg_client_check.c \
- pg_info_get_token.h pg_info_get_token.c \
- pg_token_add_token.h pg_token_add_token.c \
- pg_setup_nonce.h pg_setup_nonce.c \
- pg_authorize_start.h pg_authorize_start.c \
- pg_challenge_set_address_and_pin.h pg_challenge_set_address_and_pin.c \
- pg_validate_solve_pin.h pg_validate_solve_pin.c \
- pg_validation_get.h pg_validation_get.c \
- pg_validation_get_pkce.h pg_validation_get_pkce.c \
- plugin_challengerdb_postgres.c pg_helper.h
-libchallenger_plugin_db_postgres_la_LIBADD = \
- $(LTLIBINTL)
-libchallenger_plugin_db_postgres_la_LDFLAGS = \
- $(CHALLENGER_PLUGIN_LDFLAGS) \
- -lgnunetpq \
- -lpq \
- -ltalerpq \
- -lgnunetutil \
- $(XLIB)
-
check_PROGRAMS = \
$(TESTS)
diff --git a/src/challengerdb/address_get.c b/src/challengerdb/address_get.c
@@ -0,0 +1,56 @@
+/*
+ This file is part of Challenger
+ Copyright (C) 2025 Taler Systems SA
+
+ Challenger is free software; you can redistribute it and/or modify it under the
+ terms of the GNU General Public License as published by the Free Software
+ Foundation; either version 3, or (at your option) any later version.
+
+ Challenger is distributed in the hope that it will be useful, but WITHOUT ANY
+ WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
+ A PARTICULAR PURPOSE. See the GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along with
+ Challenger; see the file COPYING. If not, see <http://www.gnu.org/licenses/>
+ */
+/**
+ * @file src/challengerdb/address_get.c
+ * @brief Implementation of the address_get function for Postgres
+ * @author Christian Grothoff
+ */
+#include "platform.h"
+#include <taler/taler_error_codes.h>
+#include <taler/taler_dbevents.h>
+#include <taler/taler_pq_lib.h>
+#include "address_get.h"
+#include "pg_helper.h"
+
+enum GNUNET_DB_QueryStatus
+CHALLENGERDB_address_get (struct CHALLENGERDB_PostgresContext *ctx,
+ const struct CHALLENGER_ValidationNonceP *nonce,
+ json_t **address)
+{
+ struct GNUNET_PQ_QueryParam params[] = {
+ GNUNET_PQ_query_param_auto_from_type (nonce),
+ GNUNET_PQ_query_param_end
+ };
+ struct GNUNET_PQ_ResultSpec rs[] = {
+ GNUNET_PQ_result_spec_allow_null (
+ TALER_PQ_result_spec_json ("address",
+ address),
+ NULL),
+ GNUNET_PQ_result_spec_end
+ };
+
+ *address = NULL;
+ PREPARE (ctx,
+ "address_get",
+ "SELECT "
+ " address"
+ " FROM validations"
+ " WHERE nonce=$1");
+ return GNUNET_PQ_eval_prepared_singleton_select (ctx->conn,
+ "address_get",
+ params,
+ rs);
+}
diff --git a/src/challengerdb/authorize_start.c b/src/challengerdb/authorize_start.c
@@ -0,0 +1,104 @@
+/*
+ This file is part of Challenger
+ Copyright (C) 2023 Taler Systems SA
+
+ Challenger is free software; you can redistribute it and/or modify it under the
+ terms of the GNU General Public License as published by the Free Software
+ Foundation; either version 3, or (at your option) any later version.
+
+ Challenger is distributed in the hope that it will be useful, but WITHOUT ANY
+ WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
+ A PARTICULAR PURPOSE. See the GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along with
+ Challenger; see the file COPYING. If not, see <http://www.gnu.org/licenses/>
+ */
+/**
+ * @file src/challengerdb/authorize_start.c
+ * @brief Implementation of the authorize_start function for Postgres
+ * @author Christian Grothoff
+ * @author Bohdan Potuzhnyi
+ * @author Vlada Svirsh
+ */
+#include "platform.h"
+#include <taler/taler_error_codes.h>
+#include <taler/taler_dbevents.h>
+#include <taler/taler_pq_lib.h>
+#include "authorize_start.h"
+#include "pg_helper.h"
+
+
+enum GNUNET_DB_QueryStatus
+CHALLENGERDB_authorize_start (struct CHALLENGERDB_PostgresContext *ctx,
+ const struct CHALLENGER_ValidationNonceP *nonce,
+ uint64_t client_id,
+ const char *client_scope,
+ const char *client_state,
+ const char *client_redirect_uri,
+ const char *code_challenge,
+ uint32_t code_challenge_method,
+ json_t **last_address,
+ uint32_t *address_attempts_left,
+ uint32_t *pin_transmissions_left,
+ uint32_t *auth_attempts_left,
+ bool *solved,
+ struct GNUNET_TIME_Absolute *last_tx_time)
+{
+ struct GNUNET_PQ_QueryParam params[] = {
+ GNUNET_PQ_query_param_auto_from_type (nonce),
+ GNUNET_PQ_query_param_uint64 (&client_id),
+ NULL != client_scope
+ ? GNUNET_PQ_query_param_string (client_scope)
+ : GNUNET_PQ_query_param_null (),
+ GNUNET_PQ_query_param_string (client_state),
+ NULL != client_redirect_uri
+ ? GNUNET_PQ_query_param_string (client_redirect_uri)
+ : GNUNET_PQ_query_param_null (),
+ NULL != code_challenge
+ ? GNUNET_PQ_query_param_string (code_challenge)
+ : GNUNET_PQ_query_param_null (),
+ GNUNET_PQ_query_param_uint32 (&code_challenge_method),
+ GNUNET_PQ_query_param_end
+ };
+ struct GNUNET_PQ_ResultSpec rs[] = {
+ GNUNET_PQ_result_spec_allow_null (
+ TALER_PQ_result_spec_json ("address",
+ last_address),
+ NULL),
+ GNUNET_PQ_result_spec_uint32 ("address_attempts_left",
+ address_attempts_left),
+ GNUNET_PQ_result_spec_uint32 ("pin_transmissions_left",
+ pin_transmissions_left),
+ GNUNET_PQ_result_spec_uint32 ("auth_attempts_left",
+ auth_attempts_left),
+ GNUNET_PQ_result_spec_bool ("solved",
+ solved),
+ GNUNET_PQ_result_spec_absolute_time ("last_tx_time",
+ last_tx_time),
+ GNUNET_PQ_result_spec_end
+ };
+
+ *last_address = NULL;
+ PREPARE (ctx,
+ "authorize_start_validation",
+ "UPDATE validations SET"
+ " client_scope=$3"
+ " ,client_state=$4"
+ " ,client_redirect_uri=$5::VARCHAR"
+ " ,code_challenge=$6"
+ " ,code_challenge_method=$7"
+ " WHERE nonce=$1"
+ " AND client_serial_id=$2"
+ " AND ($5::VARCHAR=COALESCE(client_redirect_uri,$5::VARCHAR))"
+ " RETURNING"
+ " address"
+ " ,address_attempts_left"
+ " ,pin_transmissions_left"
+ " ,GREATEST(0, auth_attempts_left) AS auth_attempts_left"
+ " ,auth_attempts_left = -1 AS solved"
+ " ,last_tx_time;");
+ return GNUNET_PQ_eval_prepared_singleton_select (ctx->conn,
+ "authorize_start_validation",
+ params,
+ rs);
+}
+\ No newline at end of file
diff --git a/src/challengerdb/challenge_set_address_and_pin.c b/src/challengerdb/challenge_set_address_and_pin.c
@@ -0,0 +1,108 @@
+/*
+ This file is part of Challenger
+ Copyright (C) 2023 Taler Systems SA
+
+ Challenger is free software; you can redistribute it and/or modify it under the
+ terms of the GNU General Public License as published by the Free Software
+ Foundation; either version 3, or (at your option) any later version.
+
+ Challenger is distributed in the hope that it will be useful, but WITHOUT ANY
+ WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
+ A PARTICULAR PURPOSE. See the GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along with
+ Challenger; see the file COPYING. If not, see <http://www.gnu.org/licenses/>
+ */
+/**
+ * @file src/challengerdb/challenge_set_address_and_pin.c
+ * @brief Implementation of the challenge_set_address_and_pin function for Postgres
+ * @author Christian Grothoff
+ */
+#include "platform.h"
+#include <taler/taler_error_codes.h>
+#include <taler/taler_dbevents.h>
+#include <taler/taler_pq_lib.h>
+#include "challenge_set_address_and_pin.h"
+#include "pg_helper.h"
+
+
+enum GNUNET_DB_QueryStatus
+CHALLENGERDB_challenge_set_address_and_pin (struct CHALLENGERDB_PostgresContext *ctx,
+ const struct CHALLENGER_ValidationNonceP *nonce,
+ const json_t *address,
+ struct GNUNET_TIME_Relative validation_duration,
+ uint32_t *tan,
+ char **state,
+ struct GNUNET_TIME_Absolute *last_tx_time,
+ uint32_t *auth_attempts_left,
+ bool *pin_transmit,
+ char **client_redirect_uri,
+ bool *address_refused,
+ bool *solved)
+{
+ struct GNUNET_TIME_Absolute now
+ = GNUNET_TIME_absolute_get ();
+ struct GNUNET_TIME_Absolute next_tx_time
+ = GNUNET_TIME_absolute_subtract (now,
+ validation_duration);
+ struct GNUNET_PQ_QueryParam params[] = {
+ GNUNET_PQ_query_param_auto_from_type (nonce),
+ TALER_PQ_query_param_json (address),
+ GNUNET_PQ_query_param_absolute_time (&next_tx_time),
+ GNUNET_PQ_query_param_absolute_time (&now),
+ GNUNET_PQ_query_param_uint32 (tan),
+ GNUNET_PQ_query_param_end
+ };
+ bool not_found;
+ struct GNUNET_PQ_ResultSpec rs[] = {
+ GNUNET_PQ_result_spec_bool ("not_found",
+ ¬_found),
+ GNUNET_PQ_result_spec_absolute_time ("last_tx_time",
+ last_tx_time),
+ GNUNET_PQ_result_spec_uint32 ("last_pin",
+ tan),
+ GNUNET_PQ_result_spec_bool ("pin_transmit",
+ pin_transmit),
+ GNUNET_PQ_result_spec_uint32 ("auth_attempts_left",
+ auth_attempts_left),
+ GNUNET_PQ_result_spec_allow_null (
+ GNUNET_PQ_result_spec_string ("client_redirect_uri",
+ client_redirect_uri),
+ NULL),
+ GNUNET_PQ_result_spec_allow_null (
+ GNUNET_PQ_result_spec_string ("state",
+ state),
+ NULL),
+ GNUNET_PQ_result_spec_bool ("address_refused",
+ address_refused),
+ GNUNET_PQ_result_spec_bool ("solved",
+ solved),
+ GNUNET_PQ_result_spec_end
+ };
+ enum GNUNET_DB_QueryStatus qs;
+
+ *client_redirect_uri = NULL;
+ PREPARE (ctx,
+ "do_challenge_set_address_and_pin",
+ "SELECT "
+ " out_not_found AS not_found"
+ ",out_last_tx_time AS last_tx_time"
+ ",out_pin_transmit AS pin_transmit"
+ ",out_last_pin AS last_pin"
+ ",out_state AS state"
+ ",out_auth_attempts_left AS auth_attempts_left"
+ ",out_client_redirect_uri AS client_redirect_uri"
+ ",out_address_refused AS address_refused"
+ ",out_solved AS solved"
+ " FROM challenger_do_challenge_set_address_and_pin"
+ " ($1,$2,$3,$4,$5);");
+ qs = GNUNET_PQ_eval_prepared_singleton_select (ctx->conn,
+ "do_challenge_set_address_and_pin",
+ params,
+ rs);
+ if (qs <= 0)
+ return qs;
+ if (not_found)
+ return GNUNET_DB_STATUS_SUCCESS_NO_RESULTS;
+ return qs;
+}
diff --git a/src/challengerdb/challenger-dbinit.c b/src/challengerdb/challenger-dbinit.c
@@ -22,6 +22,9 @@
#include <gnunet/gnunet_util_lib.h>
#include "challenger_util.h"
#include "challenger_database_lib.h"
+#include "challenger-database/create_tables.h"
+#include "challenger-database/drop_tables.h"
+#include "challenger-database/gc.h"
/**
@@ -54,33 +57,33 @@ run (void *cls,
const char *cfgfile,
const struct GNUNET_CONFIGURATION_Handle *cfg)
{
- struct CHALLENGER_DatabasePlugin *plugin;
+ struct CHALLENGERDB_PostgresContext *db;
(void) cls;
(void) args;
(void) cfgfile;
if (NULL ==
- (plugin = CHALLENGER_DB_plugin_load (cfg,
- true)))
+ (db = CHALLENGERDB_connect (cfg,
+ true)))
{
fprintf (stderr,
- "Failed to initialize database plugin.\n");
+ "Failed to initialize database connection.\n");
global_ret = EXIT_NOTINSTALLED;
return;
}
if (reset_db)
{
- if (GNUNET_OK != plugin->drop_tables (plugin->cls))
+ if (GNUNET_OK != CHALLENGERDB_drop_tables (db))
{
GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
"Could not drop tables as requested. Either database was not yet initialized, or permission denied. Consult the logs. Will still try to create new tables.\n");
}
}
if (GNUNET_OK !=
- plugin->create_tables (plugin->cls))
+ CHALLENGERDB_create_tables (db))
{
global_ret = EXIT_FAILURE;
- CHALLENGER_DB_plugin_unload (plugin);
+ CHALLENGERDB_disconnect (db);
return;
}
if (gc_db)
@@ -89,15 +92,15 @@ run (void *cls,
now = GNUNET_TIME_absolute_get ();
if (0 >
- plugin->gc (plugin->cls,
- now))
+ CHALLENGERDB_gc (db,
+ now))
{
fprintf (stderr,
"Garbage collection failed!\n");
global_ret = EXIT_FAILURE;
}
}
- CHALLENGER_DB_plugin_unload (plugin);
+ CHALLENGERDB_disconnect (db);
}
diff --git a/src/challengerdb/challenger_db_plugin.c b/src/challengerdb/challenger_db_plugin.c
@@ -1,87 +0,0 @@
-/*
- This file is part of Challenger
- Copyright (C) 2019 Taler Systems SA
-
- Challenger is free software; you can redistribute it and/or modify it under the
- terms of the GNU Lesser General Public License as published by the Free Software
- Foundation; either version 3, or (at your option) any later version.
-
- Challenger is distributed in the hope that it will be useful, but WITHOUT ANY
- WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
- A PARTICULAR PURPOSE. See the GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License along with
- Challenger; see the file COPYING. If not, see <http://www.gnu.org/licenses/>
-*/
-/**
- * @file challengerdb/challenger_db_plugin.c
- * @brief Logic to load database plugin
- * @author Christian Grothoff
- * @author Sree Harsha Totakura <sreeharsha@totakura.in>
- */
-#include "platform.h"
-#include "challenger_util.h"
-#include "challenger_database_lib.h"
-#include <ltdl.h>
-
-
-struct CHALLENGER_DatabasePlugin *
-CHALLENGER_DB_plugin_load (const struct GNUNET_CONFIGURATION_Handle *cfg,
- bool skip_preflight)
-{
- char *plugin_name;
- char *lib_name;
- struct CHALLENGER_DatabasePlugin *plugin;
-
- if (GNUNET_SYSERR ==
- GNUNET_CONFIGURATION_get_value_string (cfg,
- "challenger",
- "db",
- &plugin_name))
- {
- GNUNET_log_config_missing (GNUNET_ERROR_TYPE_ERROR,
- "challenger",
- "db");
- return NULL;
- }
- (void) GNUNET_asprintf (&lib_name,
- "libchallenger_plugin_db_%s",
- plugin_name);
- GNUNET_free (plugin_name);
- plugin = GNUNET_PLUGIN_load (CHALLENGER_project_data (),
- lib_name,
- (void *) cfg);
- if (NULL == plugin)
- {
- GNUNET_free (lib_name);
- return NULL;
- }
- plugin->library_name = lib_name;
- if ( (! skip_preflight) &&
- (GNUNET_OK !=
- plugin->preflight (plugin->cls)) )
- {
- GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
- "Database not ready. Try running challenger-dbinit!\n");
- CHALLENGER_DB_plugin_unload (plugin);
- return NULL;
- }
- return plugin;
-}
-
-
-void
-CHALLENGER_DB_plugin_unload (struct CHALLENGER_DatabasePlugin *plugin)
-{
- char *lib_name;
-
- if (NULL == plugin)
- return;
- lib_name = plugin->library_name;
- GNUNET_assert (NULL == GNUNET_PLUGIN_unload (lib_name,
- plugin));
- GNUNET_free (lib_name);
-}
-
-
-/* end of challenger_db_plugin.c */
diff --git a/src/challengerdb/client_add.c b/src/challengerdb/client_add.c
@@ -0,0 +1,58 @@
+/*
+ This file is part of Challenger
+ Copyright (C) 2023 Taler Systems SA
+
+ Challenger is free software; you can redistribute it and/or modify it under the
+ terms of the GNU General Public License as published by the Free Software
+ Foundation; either version 3, or (at your option) any later version.
+
+ Challenger is distributed in the hope that it will be useful, but WITHOUT ANY
+ WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
+ A PARTICULAR PURPOSE. See the GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along with
+ Challenger; see the file COPYING. If not, see <http://www.gnu.org/licenses/>
+ */
+/**
+ * @file src/challengerdb/client_add.c
+ * @brief Implementation of the client_add function for Postgres
+ * @author Christian Grothoff
+ */
+#include "platform.h"
+#include <taler/taler_error_codes.h>
+#include <taler/taler_dbevents.h>
+#include <taler/taler_pq_lib.h>
+#include "client_add.h"
+#include "pg_helper.h"
+
+enum GNUNET_DB_QueryStatus
+CHALLENGERDB_client_add (struct CHALLENGERDB_PostgresContext *ctx,
+ const char *client_redirect_uri,
+ const char *client_secret,
+ uint64_t *client_id)
+{
+ struct GNUNET_PQ_QueryParam params[] = {
+ GNUNET_PQ_query_param_string (client_redirect_uri),
+ GNUNET_PQ_query_param_string (client_secret),
+ GNUNET_PQ_query_param_end
+ };
+ struct GNUNET_PQ_ResultSpec rs[] = {
+ GNUNET_PQ_result_spec_uint64 ("client_serial_id",
+ client_id),
+ GNUNET_PQ_result_spec_end
+ };
+
+ PREPARE (ctx,
+ "client_add",
+ "INSERT INTO clients"
+ " (uri"
+ " ,client_secret"
+ ") VALUES "
+ "($1, $2)"
+ " ON CONFLICT DO NOTHING" /* CONFLICT on (uri) */
+ " RETURNING client_serial_id");
+ return GNUNET_PQ_eval_prepared_singleton_select (ctx->conn,
+ "client_add",
+ params,
+ rs);
+}
diff --git a/src/challengerdb/client_check.c b/src/challengerdb/client_check.c
@@ -0,0 +1,92 @@
+/*
+ This file is part of Challenger
+ Copyright (C) 2023 Taler Systems SA
+
+ Challenger is free software; you can redistribute it and/or modify it under the
+ terms of the GNU General Public License as published by the Free Software
+ Foundation; either version 3, or (at your option) any later version.
+
+ Challenger is distributed in the hope that it will be useful, but WITHOUT ANY
+ WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
+ A PARTICULAR PURPOSE. See the GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along with
+ Challenger; see the file COPYING. If not, see <http://www.gnu.org/licenses/>
+ */
+/**
+ * @file src/challengerdb/client_check.c
+ * @brief Implementation of the client_check function for Postgres
+ * @author Christian Grothoff
+ */
+#include "platform.h"
+#include <taler/taler_error_codes.h>
+#include <taler/taler_dbevents.h>
+#include <taler/taler_pq_lib.h>
+#include "client_check.h"
+#include "pg_helper.h"
+
+
+enum GNUNET_DB_QueryStatus
+CHALLENGERDB_client_check (struct CHALLENGERDB_PostgresContext *ctx,
+ uint64_t client_id,
+ const char *client_secret,
+ uint32_t counter_increment,
+ char **client_redirect_uri)
+{
+ struct GNUNET_PQ_QueryParam params[] = {
+ GNUNET_PQ_query_param_uint64 (&client_id),
+ GNUNET_PQ_query_param_string (client_secret),
+ GNUNET_PQ_query_param_uint32 (&counter_increment),
+ GNUNET_PQ_query_param_end
+ };
+ struct GNUNET_PQ_ResultSpec rs[] = {
+ GNUNET_PQ_result_spec_allow_null (
+ GNUNET_PQ_result_spec_string ("uri",
+ client_redirect_uri),
+ NULL),
+ GNUNET_PQ_result_spec_end
+ };
+
+ *client_redirect_uri = NULL;
+ PREPARE (ctx,
+ "client_check",
+ "UPDATE clients SET"
+ " validation_counter=validation_counter+CAST($3::INT4 AS INT8)"
+ " WHERE client_serial_id=$1"
+ " AND client_secret=$2"
+ " RETURNING uri;");
+ return GNUNET_PQ_eval_prepared_singleton_select (ctx->conn,
+ "client_check",
+ params,
+ rs);
+}
+
+
+enum GNUNET_DB_QueryStatus
+CHALLENGERDB_client_check2 (struct CHALLENGERDB_PostgresContext *ctx,
+ const char *client_uri,
+ const char *client_secret,
+ uint64_t *client_id)
+{
+ struct GNUNET_PQ_QueryParam params[] = {
+ GNUNET_PQ_query_param_string (client_uri),
+ GNUNET_PQ_query_param_string (client_secret),
+ GNUNET_PQ_query_param_end
+ };
+ struct GNUNET_PQ_ResultSpec rs[] = {
+ GNUNET_PQ_result_spec_uint64 ("client_serial_id",
+ client_id),
+ GNUNET_PQ_result_spec_end
+ };
+
+ PREPARE (ctx,
+ "client_check2",
+ "SELECT client_serial_id"
+ " FROM clients"
+ " WHERE uri=$1"
+ " AND client_secret=$2;");
+ return GNUNET_PQ_eval_prepared_singleton_select (ctx->conn,
+ "client_check2",
+ params,
+ rs);
+}
diff --git a/src/challengerdb/client_delete.c b/src/challengerdb/client_delete.c
@@ -0,0 +1,45 @@
+/*
+ This file is part of Challenger
+ Copyright (C) 2023 Taler Systems SA
+
+ Challenger is free software; you can redistribute it and/or modify it under the
+ terms of the GNU General Public License as published by the Free Software
+ Foundation; either version 3, or (at your option) any later version.
+
+ Challenger is distributed in the hope that it will be useful, but WITHOUT ANY
+ WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
+ A PARTICULAR PURPOSE. See the GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along with
+ Challenger; see the file COPYING. If not, see <http://www.gnu.org/licenses/>
+ */
+/**
+ * @file src/challengerdb/client_delete.c
+ * @brief Implementation of the client_delete function for Postgres
+ * @author Christian Grothoff
+ */
+#include "platform.h"
+#include <taler/taler_error_codes.h>
+#include <taler/taler_dbevents.h>
+#include <taler/taler_pq_lib.h>
+#include "client_delete.h"
+#include "pg_helper.h"
+
+
+enum GNUNET_DB_QueryStatus
+CHALLENGERDB_client_delete (struct CHALLENGERDB_PostgresContext *ctx,
+ const char *client_redirect_uri)
+{
+ struct GNUNET_PQ_QueryParam params[] = {
+ GNUNET_PQ_query_param_string (client_redirect_uri),
+ GNUNET_PQ_query_param_end
+ };
+
+ PREPARE (ctx,
+ "client_delete",
+ "DELETE FROM clients"
+ " WHERE uri=$1;");
+ return GNUNET_PQ_eval_prepared_non_select (ctx->conn,
+ "client_delete",
+ params);
+}
diff --git a/src/challengerdb/client_modify.c b/src/challengerdb/client_modify.c
@@ -0,0 +1,52 @@
+/*
+ This file is part of Challenger
+ Copyright (C) 2024 Taler Systems SA
+
+ Challenger is free software; you can redistribute it and/or modify it under the
+ terms of the GNU General Public License as published by the Free Software
+ Foundation; either version 3, or (at your option) any later version.
+
+ Challenger is distributed in the hope that it will be useful, but WITHOUT ANY
+ WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
+ A PARTICULAR PURPOSE. See the GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along with
+ Challenger; see the file COPYING. If not, see <http://www.gnu.org/licenses/>
+ */
+/**
+ * @file src/challengerdb/client_modify.c
+ * @brief Implementation of the client_modify function for Postgres
+ * @author Christian Grothoff
+ */
+#include "platform.h"
+#include <taler/taler_error_codes.h>
+#include <taler/taler_dbevents.h>
+#include <taler/taler_pq_lib.h>
+#include "client_modify.h"
+#include "pg_helper.h"
+
+enum GNUNET_DB_QueryStatus
+CHALLENGERDB_client_modify (struct CHALLENGERDB_PostgresContext *ctx,
+ uint64_t client_id,
+ const char *client_redirect_uri,
+ const char *client_secret)
+{
+ struct GNUNET_PQ_QueryParam params[] = {
+ GNUNET_PQ_query_param_uint64 (&client_id),
+ GNUNET_PQ_query_param_string (client_redirect_uri),
+ NULL == client_secret
+ ? GNUNET_PQ_query_param_null ()
+ : GNUNET_PQ_query_param_string (client_secret),
+ GNUNET_PQ_query_param_end
+ };
+
+ PREPARE (ctx,
+ "client_modify",
+ "UPDATE clients"
+ " SET uri=$2"
+ " ,client_secret=COALESCE($3,client_secret)"
+ " WHERE client_serial_id=$1");
+ return GNUNET_PQ_eval_prepared_non_select (ctx->conn,
+ "client_modify",
+ params);
+}
diff --git a/src/challengerdb/create_tables.c b/src/challengerdb/create_tables.c
@@ -0,0 +1,50 @@
+/*
+ This file is part of Challenger
+ Copyright (C) 2023 Taler Systems SA
+
+ Challenger is free software; you can redistribute it and/or modify it under the
+ terms of the GNU General Public License as published by the Free Software
+ Foundation; either version 3, or (at your option) any later version.
+
+ Challenger is distributed in the hope that it will be useful, but WITHOUT ANY
+ WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
+ A PARTICULAR PURPOSE. See the GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along with
+ Challenger; see the file COPYING. If not, see <http://www.gnu.org/licenses/>
+ */
+/**
+ * @file src/challengerdb/create_tables.c
+ * @brief Implementation of the create_tables function for Postgres
+ * @author Christian Grothoff
+ */
+#include "platform.h"
+#include <taler/taler_error_codes.h>
+#include <taler/taler_dbevents.h>
+#include <taler/taler_pq_lib.h>
+#include "challenger-database/create_tables.h"
+#include "pg_helper.h"
+
+
+enum GNUNET_GenericReturnValue
+CHALLENGERDB_create_tables (struct CHALLENGERDB_PostgresContext *pc)
+{
+ struct GNUNET_PQ_Context *conn;
+ struct GNUNET_PQ_ExecuteStatement es[] = {
+ GNUNET_PQ_make_execute ("SET search_path TO challenger;"),
+ GNUNET_PQ_EXECUTE_STATEMENT_END
+ };
+ enum GNUNET_GenericReturnValue ret;
+
+ conn = GNUNET_PQ_connect_with_cfg (pc->cfg,
+ "challengerdb-postgres",
+ "challenger-",
+ es,
+ NULL);
+ if (NULL == conn)
+ return GNUNET_SYSERR;
+ ret = GNUNET_PQ_exec_sql (conn,
+ "procedures");
+ GNUNET_PQ_disconnect (conn);
+ return ret;
+}
diff --git a/src/challengerdb/drop_tables.c b/src/challengerdb/drop_tables.c
@@ -0,0 +1,51 @@
+/*
+ This file is part of Challenger
+ Copyright (C) 2023 Taler Systems SA
+
+ Challenger is free software; you can redistribute it and/or modify it under the
+ terms of the GNU General Public License as published by the Free Software
+ Foundation; either version 3, or (at your option) any later version.
+
+ Challenger is distributed in the hope that it will be useful, but WITHOUT ANY
+ WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
+ A PARTICULAR PURPOSE. See the GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along with
+ Challenger; see the file COPYING. If not, see <http://www.gnu.org/licenses/>
+ */
+/**
+ * @file src/challengerdb/drop_tables.c
+ * @brief Implementation of the drop_tables function for Postgres
+ * @author Christian Grothoff
+ */
+#include "platform.h"
+#include <taler/taler_error_codes.h>
+#include <taler/taler_dbevents.h>
+#include <taler/taler_pq_lib.h>
+#include "challenger-database/drop_tables.h"
+#include "pg_helper.h"
+
+
+enum GNUNET_GenericReturnValue
+CHALLENGERDB_drop_tables (struct CHALLENGERDB_PostgresContext *pg)
+{
+ struct GNUNET_PQ_Context *conn;
+ enum GNUNET_GenericReturnValue ret;
+
+ if (NULL != pg->conn)
+ {
+ GNUNET_PQ_disconnect (pg->conn);
+ pg->conn = NULL;
+ }
+ conn = GNUNET_PQ_connect_with_cfg (pg->cfg,
+ "challengerdb-postgres",
+ NULL,
+ NULL,
+ NULL);
+ if (NULL == conn)
+ return GNUNET_SYSERR;
+ ret = GNUNET_PQ_exec_sql (conn,
+ "drop");
+ GNUNET_PQ_disconnect (conn);
+ return ret;
+}
diff --git a/src/challengerdb/gc.c b/src/challengerdb/gc.c
@@ -0,0 +1,56 @@
+/*
+ This file is part of Challenger
+ Copyright (C) 2023 Taler Systems SA
+
+ Challenger is free software; you can redistribute it and/or modify it under the
+ terms of the GNU General Public License as published by the Free Software
+ Foundation; either version 3, or (at your option) any later version.
+
+ Challenger is distributed in the hope that it will be useful, but WITHOUT ANY
+ WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
+ A PARTICULAR PURPOSE. See the GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along with
+ Challenger; see the file COPYING. If not, see <http://www.gnu.org/licenses/>
+ */
+/**
+ * @file src/challengerdb/gc.c
+ * @brief Implementation of the gc function for Postgres
+ * @author Christian Grothoff
+ */
+#include "platform.h"
+#include <taler/taler_pq_lib.h>
+#include "challenger-database/gc.h"
+#include "challenger-database/preflight.h"
+#include "pg_helper.h"
+
+
+enum GNUNET_DB_QueryStatus
+CHALLENGERDB_gc (struct CHALLENGERDB_PostgresContext *pg,
+ struct GNUNET_TIME_Absolute expire)
+{
+ struct GNUNET_PQ_QueryParam params[] = {
+ GNUNET_PQ_query_param_absolute_time (&expire),
+ GNUNET_PQ_query_param_end
+ };
+ enum GNUNET_DB_QueryStatus qs;
+
+ GNUNET_PQ_reconnect_if_down (pg->conn);
+ PREPARE (pg,
+ "gc_validations",
+ "DELETE FROM validations"
+ " WHERE expiration_time < $1;");
+ PREPARE (pg,
+ "gc_tokens",
+ "DELETE FROM tokens"
+ " WHERE token_expiration_time < $1;");
+ CHALLENGERDB_preflight (pg);
+ qs = GNUNET_PQ_eval_prepared_non_select (pg->conn,
+ "gc_validations",
+ params);
+ if (qs < 0)
+ return qs;
+ return GNUNET_PQ_eval_prepared_non_select (pg->conn,
+ "gc_tokens",
+ params);
+}
diff --git a/src/challengerdb/info_get_token.c b/src/challengerdb/info_get_token.c
@@ -0,0 +1,71 @@
+/*
+ This file is part of Challenger
+ Copyright (C) 2023 Taler Systems SA
+
+ Challenger is free software; you can redistribute it and/or modify it under the
+ terms of the GNU General Public License as published by the Free Software
+ Foundation; either version 3, or (at your option) any later version.
+
+ Challenger is distributed in the hope that it will be useful, but WITHOUT ANY
+ WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
+ A PARTICULAR PURPOSE. See the GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along with
+ Challenger; see the file COPYING. If not, see <http://www.gnu.org/licenses/>
+ */
+/**
+ * @file src/challengerdb/info_get_token.c
+ * @brief Implementation of the info_get_token function for Postgres
+ * @author Christian Grothoff
+ */
+#include "platform.h"
+#include <taler/taler_error_codes.h>
+#include <taler/taler_dbevents.h>
+#include <taler/taler_pq_lib.h>
+#include "info_get_token.h"
+#include "pg_helper.h"
+
+
+enum GNUNET_DB_QueryStatus
+CHALLENGERDB_info_get_token (struct CHALLENGERDB_PostgresContext *ctx,
+ const struct CHALLENGER_AccessTokenP *token,
+ uint64_t *rowid,
+ json_t **address,
+ struct GNUNET_TIME_Timestamp *address_expiration)
+{
+ struct GNUNET_TIME_Absolute now
+ = GNUNET_TIME_absolute_get ();
+ struct GNUNET_PQ_QueryParam params[] = {
+ GNUNET_PQ_query_param_auto_from_type (token),
+ GNUNET_PQ_query_param_absolute_time (&now),
+ GNUNET_PQ_query_param_end
+ };
+ struct GNUNET_TIME_Absolute at;
+ struct GNUNET_PQ_ResultSpec rs[] = {
+ GNUNET_PQ_result_spec_uint64 ("rowid",
+ rowid),
+ TALER_PQ_result_spec_json ("address",
+ address),
+ GNUNET_PQ_result_spec_absolute_time ("address_expiration_time",
+ &at),
+ GNUNET_PQ_result_spec_end
+ };
+ enum GNUNET_DB_QueryStatus qs;
+
+ PREPARE (ctx,
+ "info_get_token",
+ "SELECT "
+ " grant_serial_id AS rowid"
+ " ,address"
+ " ,address_expiration_time"
+ " FROM tokens"
+ " WHERE access_token=$1"
+ " AND token_expiration_time > $2");
+ qs = GNUNET_PQ_eval_prepared_singleton_select (ctx->conn,
+ "info_get_token",
+ params,
+ rs);
+ if (qs > 0)
+ *address_expiration = GNUNET_TIME_absolute_to_timestamp (at);
+ return qs;
+}
diff --git a/src/challengerdb/pg.c b/src/challengerdb/pg.c
@@ -0,0 +1,78 @@
+/*
+ This file is part of Challenger
+ (C) 2023 Taler Systems SA
+
+ Challenger is free software; you can redistribute it and/or modify it under the
+ terms of the GNU Lesser General Public License as published by the Free Software
+ Foundation; either version 3, or (at your option) any later version.
+
+ Challenger is distributed in the hope that it will be useful, but WITHOUT ANY
+ WARRANTY; without even the implied warranty of ANASTASISABILITY or FITNESS FOR
+ A PARTICULAR PURPOSE. See the GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along with
+ Challenger; see the file COPYING. If not, see <http://www.gnu.org/licenses/>
+*/
+/**
+ * @file challengerdb/plugin_challengerdb_postgres.c
+ * @brief database helper functions for postgres used by challenger
+ * @author Christian Grothoff
+ */
+#include "platform.h"
+#include <gnunet/gnunet_util_lib.h>
+#include <gnunet/gnunet_db_lib.h>
+#include <gnunet/gnunet_pq_lib.h>
+#include <taler/taler_pq_lib.h>
+#include "challenger_database_lib.h"
+#include "challenger_util.h"
+#include "challenger-database/preflight.h"
+#include "pg_helper.h"
+
+
+struct CHALLENGERDB_PostgresContext *
+CHALLENGERDB_connect (const struct GNUNET_CONFIGURATION_Handle *cfg,
+ bool skip_preflight)
+{
+ struct CHALLENGERDB_PostgresContext *pg;
+
+ pg = GNUNET_new (struct CHALLENGERDB_PostgresContext);
+ pg->cfg = cfg;
+ if (GNUNET_OK !=
+ GNUNET_CONFIGURATION_get_value_filename (cfg,
+ "challengerdb-postgres",
+ "SQL_DIR",
+ &pg->sql_dir))
+ {
+ GNUNET_log_config_missing (GNUNET_ERROR_TYPE_ERROR,
+ "challengerdb-postgres",
+ "SQL_DIR");
+ GNUNET_free (pg);
+ return NULL;
+ }
+ if (! skip_preflight)
+ {
+ if (GNUNET_OK !=
+ CHALLENGERDB_preflight (pg))
+ {
+ GNUNET_free (pg->sql_dir);
+ GNUNET_free (pg);
+ return NULL;
+ }
+ }
+ return pg;
+}
+
+
+void
+CHALLENGERDB_disconnect (struct CHALLENGERDB_PostgresContext *pg)
+{
+ if (NULL == pg)
+ return;
+ if (NULL != pg->conn)
+ GNUNET_PQ_disconnect (pg->conn);
+ GNUNET_free (pg->sql_dir);
+ GNUNET_free (pg);
+}
+
+
+/* end of plugin_challengerdb_postgres.c */
diff --git a/src/challengerdb/pg_address_get.c b/src/challengerdb/pg_address_get.c
@@ -1,57 +0,0 @@
-/*
- This file is part of Challenger
- Copyright (C) 2025 Taler Systems SA
-
- Challenger is free software; you can redistribute it and/or modify it under the
- terms of the GNU General Public License as published by the Free Software
- Foundation; either version 3, or (at your option) any later version.
-
- Challenger is distributed in the hope that it will be useful, but WITHOUT ANY
- WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
- A PARTICULAR PURPOSE. See the GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License along with
- Challenger; see the file COPYING. If not, see <http://www.gnu.org/licenses/>
- */
-/**
- * @file challengerdb/pg_address_get.c
- * @brief Implementation of the address_get function for Postgres
- * @author Christian Grothoff
- */
-#include "platform.h"
-#include <taler/taler_error_codes.h>
-#include <taler/taler_dbevents.h>
-#include <taler/taler_pq_lib.h>
-#include "pg_address_get.h"
-#include "pg_helper.h"
-
-enum GNUNET_DB_QueryStatus
-CH_PG_address_get (void *cls,
- const struct CHALLENGER_ValidationNonceP *nonce,
- json_t **address)
-{
- struct PostgresClosure *pg = cls;
- struct GNUNET_PQ_QueryParam params[] = {
- GNUNET_PQ_query_param_auto_from_type (nonce),
- GNUNET_PQ_query_param_end
- };
- struct GNUNET_PQ_ResultSpec rs[] = {
- GNUNET_PQ_result_spec_allow_null (
- TALER_PQ_result_spec_json ("address",
- address),
- NULL),
- GNUNET_PQ_result_spec_end
- };
-
- *address = NULL;
- PREPARE (pg,
- "address_get",
- "SELECT "
- " address"
- " FROM validations"
- " WHERE nonce=$1");
- return GNUNET_PQ_eval_prepared_singleton_select (pg->conn,
- "address_get",
- params,
- rs);
-}
diff --git a/src/challengerdb/pg_address_get.h b/src/challengerdb/pg_address_get.h
@@ -1,45 +0,0 @@
-/*
- This file is part of Challenger
- Copyright (C) 2025 Taler Systems SA
-
- Challenger is free software; you can redistribute it and/or modify it under the
- terms of the GNU General Public License as published by the Free Software
- Foundation; either version 3, or (at your option) any later version.
-
- Challenger is distributed in the hope that it will be useful, but WITHOUT ANY
- WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
- A PARTICULAR PURPOSE. See the GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License along with
- Challenger; see the file COPYING. If not, see <http://www.gnu.org/licenses/>
- */
-/**
- * @file challengerdb/pg_address_get.h
- * @brief implementation of the address_get function for Postgres
- * @author Christian Grothoff
- */
-#ifndef PG_ADDRESS_GET_H
-#define PG_ADDRESS_GET_H
-
-#include <taler/taler_util.h>
-#include <taler/taler_json_lib.h>
-#include "challenger_database_plugin.h"
-
-
-/**
- * Return address details.
- *
- * @param cls
- * @param nonce unique nonce to use to identify the validation
- * @param[out] address set to client-provided address (or to NULL)
- * @return transaction status:
- * #GNUNET_DB_STATUS_SUCCESS_ONE_RESULT if the nonce was found
- * #GNUNET_DB_STATUS_SUCCESS_NO_RESULTS if we do not know the nonce
- * #GNUNET_DB_STATUS_HARD_ERROR on failure
- */
-enum GNUNET_DB_QueryStatus
-CH_PG_address_get (void *cls,
- const struct CHALLENGER_ValidationNonceP *nonce,
- json_t **address);
-
-#endif
diff --git a/src/challengerdb/pg_authorize_start.c b/src/challengerdb/pg_authorize_start.c
@@ -1,105 +0,0 @@
-/*
- This file is part of Challenger
- Copyright (C) 2023 Taler Systems SA
-
- Challenger is free software; you can redistribute it and/or modify it under the
- terms of the GNU General Public License as published by the Free Software
- Foundation; either version 3, or (at your option) any later version.
-
- Challenger is distributed in the hope that it will be useful, but WITHOUT ANY
- WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
- A PARTICULAR PURPOSE. See the GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License along with
- Challenger; see the file COPYING. If not, see <http://www.gnu.org/licenses/>
- */
-/**
- * @file challengerdb/pg_authorize_start.c
- * @brief Implementation of the authorize_start function for Postgres
- * @author Christian Grothoff
- * @author Bohdan Potuzhnyi
- * @author Vlada Svirsh
- */
-#include "platform.h"
-#include <taler/taler_error_codes.h>
-#include <taler/taler_dbevents.h>
-#include <taler/taler_pq_lib.h>
-#include "pg_authorize_start.h"
-#include "pg_helper.h"
-
-
-enum GNUNET_DB_QueryStatus
-CH_PG_authorize_start (void *cls,
- const struct CHALLENGER_ValidationNonceP *nonce,
- uint64_t client_id,
- const char *client_scope,
- const char *client_state,
- const char *client_redirect_uri,
- const char *code_challenge,
- uint32_t code_challenge_method,
- json_t **last_address,
- uint32_t *address_attempts_left,
- uint32_t *pin_transmissions_left,
- uint32_t *auth_attempts_left,
- bool *solved,
- struct GNUNET_TIME_Absolute *last_tx_time)
-{
- struct PostgresClosure *pg = cls;
- struct GNUNET_PQ_QueryParam params[] = {
- GNUNET_PQ_query_param_auto_from_type (nonce),
- GNUNET_PQ_query_param_uint64 (&client_id),
- NULL != client_scope
- ? GNUNET_PQ_query_param_string (client_scope)
- : GNUNET_PQ_query_param_null (),
- GNUNET_PQ_query_param_string (client_state),
- NULL != client_redirect_uri
- ? GNUNET_PQ_query_param_string (client_redirect_uri)
- : GNUNET_PQ_query_param_null (),
- NULL != code_challenge
- ? GNUNET_PQ_query_param_string (code_challenge)
- : GNUNET_PQ_query_param_null (),
- GNUNET_PQ_query_param_uint32 (&code_challenge_method),
- GNUNET_PQ_query_param_end
- };
- struct GNUNET_PQ_ResultSpec rs[] = {
- GNUNET_PQ_result_spec_allow_null (
- TALER_PQ_result_spec_json ("address",
- last_address),
- NULL),
- GNUNET_PQ_result_spec_uint32 ("address_attempts_left",
- address_attempts_left),
- GNUNET_PQ_result_spec_uint32 ("pin_transmissions_left",
- pin_transmissions_left),
- GNUNET_PQ_result_spec_uint32 ("auth_attempts_left",
- auth_attempts_left),
- GNUNET_PQ_result_spec_bool ("solved",
- solved),
- GNUNET_PQ_result_spec_absolute_time ("last_tx_time",
- last_tx_time),
- GNUNET_PQ_result_spec_end
- };
-
- *last_address = NULL;
- PREPARE (pg,
- "authorize_start_validation",
- "UPDATE validations SET"
- " client_scope=$3"
- " ,client_state=$4"
- " ,client_redirect_uri=$5::VARCHAR"
- " ,code_challenge=$6"
- " ,code_challenge_method=$7"
- " WHERE nonce=$1"
- " AND client_serial_id=$2"
- " AND ($5::VARCHAR=COALESCE(client_redirect_uri,$5::VARCHAR))"
- " RETURNING"
- " address"
- " ,address_attempts_left"
- " ,pin_transmissions_left"
- " ,GREATEST(0, auth_attempts_left) AS auth_attempts_left"
- " ,auth_attempts_left = -1 AS solved"
- " ,last_tx_time;");
- return GNUNET_PQ_eval_prepared_singleton_select (pg->conn,
- "authorize_start_validation",
- params,
- rs);
-}
-\ No newline at end of file
diff --git a/src/challengerdb/pg_authorize_start.h b/src/challengerdb/pg_authorize_start.h
@@ -1,73 +0,0 @@
-/*
- This file is part of Challenger
- Copyright (C) 2023 Taler Systems SA
-
- Challenger is free software; you can redistribute it and/or modify it under the
- terms of the GNU General Public License as published by the Free Software
- Foundation; either version 3, or (at your option) any later version.
-
- Challenger is distributed in the hope that it will be useful, but WITHOUT ANY
- WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
- A PARTICULAR PURPOSE. See the GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License along with
- Challenger; see the file COPYING. If not, see <http://www.gnu.org/licenses/>
- */
-/**
- * @file challengerdb/pg_authorize_start.h
- * @brief implementation of the authorize_start function for Postgres
- * @author Christian Grothoff
- * @author Bohdan Potuzhnyi
- * @author Vlada Svirsh
- */
-#ifndef PG_LOGIN_START_H
-#define PG_LOGIN_START_H
-
-#include <taler/taler_util.h>
-#include <taler/taler_json_lib.h>
-#include "challenger_database_plugin.h"
-
-
-/**
- * Set the user-provided address in a validation process. Updates
- * the address and decrements the "addresses left" counter. If the
- * address did not change, the operation is successful even without
- * the counter change.
- *
- * @param cls
- * @param nonce unique nonce to use to identify the validation
- * @param client_id client that initiated the validation
- * @param client_scope scope of the validation
- * @param client_state state of the client
- * @param client_redirect_uri where to redirect at the end, NULL to use a unique one registered for the client
- * @param code_challenge PKCE code challenge
- * @param code_challenge_method PKCE code challenge method enum
- * @param[out] last_address set to the last address used
- * @param[out] address_attempts_left set to number of address changing attempts left for this address
- * @param[out] pin_transmissions_left set to number of times the PIN can still be re-requested
- * @param[out] auth_attempts_left set to number of authentication attempts remaining
- * @param[out] solved set to true if the challenge is already solved
- * @param[out] last_tx_time set to the last time when we (presumably) send a PIN to @a last_address; 0 if never sent
- * @return transaction status:
- * #GNUNET_DB_STATUS_SUCCESS_ONE_RESULT if the address was changed
- * #GNUNET_DB_STATUS_SUCCESS_NO_RESULTS if we do not permit further changes to the address (attempts exhausted)
- * #GNUNET_DB_STATUS_HARD_ERROR on failure
- */
-enum GNUNET_DB_QueryStatus
-CH_PG_authorize_start (void *cls,
- const struct CHALLENGER_ValidationNonceP *nonce,
- uint64_t client_id,
- const char *client_scope,
- const char *client_state,
- const char *client_redirect_uri,
- const char *code_challenge,
- uint32_t code_challenge_method,
- json_t **last_address,
- uint32_t *address_attempts_left,
- uint32_t *pin_transmissions_left,
- uint32_t *auth_attempts_left,
- bool *solved,
- struct GNUNET_TIME_Absolute *last_tx_time);
-
-
-#endif
diff --git a/src/challengerdb/pg_challenge_set_address_and_pin.c b/src/challengerdb/pg_challenge_set_address_and_pin.c
@@ -1,110 +0,0 @@
-/*
- This file is part of Challenger
- Copyright (C) 2023 Taler Systems SA
-
- Challenger is free software; you can redistribute it and/or modify it under the
- terms of the GNU General Public License as published by the Free Software
- Foundation; either version 3, or (at your option) any later version.
-
- Challenger is distributed in the hope that it will be useful, but WITHOUT ANY
- WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
- A PARTICULAR PURPOSE. See the GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License along with
- Challenger; see the file COPYING. If not, see <http://www.gnu.org/licenses/>
- */
-/**
- * @file challengerdb/pg_challenge_set_address_and_pin.c
- * @brief Implementation of the challenge_set_address_and_pin function for Postgres
- * @author Christian Grothoff
- */
-#include "platform.h"
-#include <taler/taler_error_codes.h>
-#include <taler/taler_dbevents.h>
-#include <taler/taler_pq_lib.h>
-#include "pg_challenge_set_address_and_pin.h"
-#include "pg_helper.h"
-
-
-enum GNUNET_DB_QueryStatus
-CH_PG_challenge_set_address_and_pin (
- void *cls,
- const struct CHALLENGER_ValidationNonceP *nonce,
- const json_t *address,
- struct GNUNET_TIME_Relative validation_duration,
- uint32_t *tan,
- char **state,
- struct GNUNET_TIME_Absolute *last_tx_time,
- uint32_t *auth_attempts_left,
- bool *pin_transmit,
- char **client_redirect_uri,
- bool *address_refused,
- bool *solved)
-{
- struct PostgresClosure *pg = cls;
- struct GNUNET_TIME_Absolute now
- = GNUNET_TIME_absolute_get ();
- struct GNUNET_TIME_Absolute next_tx_time
- = GNUNET_TIME_absolute_subtract (now,
- validation_duration);
- struct GNUNET_PQ_QueryParam params[] = {
- GNUNET_PQ_query_param_auto_from_type (nonce),
- TALER_PQ_query_param_json (address),
- GNUNET_PQ_query_param_absolute_time (&next_tx_time),
- GNUNET_PQ_query_param_absolute_time (&now),
- GNUNET_PQ_query_param_uint32 (tan),
- GNUNET_PQ_query_param_end
- };
- bool not_found;
- struct GNUNET_PQ_ResultSpec rs[] = {
- GNUNET_PQ_result_spec_bool ("not_found",
- ¬_found),
- GNUNET_PQ_result_spec_absolute_time ("last_tx_time",
- last_tx_time),
- GNUNET_PQ_result_spec_uint32 ("last_pin",
- tan),
- GNUNET_PQ_result_spec_bool ("pin_transmit",
- pin_transmit),
- GNUNET_PQ_result_spec_uint32 ("auth_attempts_left",
- auth_attempts_left),
- GNUNET_PQ_result_spec_allow_null (
- GNUNET_PQ_result_spec_string ("client_redirect_uri",
- client_redirect_uri),
- NULL),
- GNUNET_PQ_result_spec_allow_null (
- GNUNET_PQ_result_spec_string ("state",
- state),
- NULL),
- GNUNET_PQ_result_spec_bool ("address_refused",
- address_refused),
- GNUNET_PQ_result_spec_bool ("solved",
- solved),
- GNUNET_PQ_result_spec_end
- };
- enum GNUNET_DB_QueryStatus qs;
-
- *client_redirect_uri = NULL;
- PREPARE (pg,
- "do_challenge_set_address_and_pin",
- "SELECT "
- " out_not_found AS not_found"
- ",out_last_tx_time AS last_tx_time"
- ",out_pin_transmit AS pin_transmit"
- ",out_last_pin AS last_pin"
- ",out_state AS state"
- ",out_auth_attempts_left AS auth_attempts_left"
- ",out_client_redirect_uri AS client_redirect_uri"
- ",out_address_refused AS address_refused"
- ",out_solved AS solved"
- " FROM challenger_do_challenge_set_address_and_pin"
- " ($1,$2,$3,$4,$5);");
- qs = GNUNET_PQ_eval_prepared_singleton_select (pg->conn,
- "do_challenge_set_address_and_pin",
- params,
- rs);
- if (qs <= 0)
- return qs;
- if (not_found)
- return GNUNET_DB_STATUS_SUCCESS_NO_RESULTS;
- return qs;
-}
diff --git a/src/challengerdb/pg_challenge_set_address_and_pin.h b/src/challengerdb/pg_challenge_set_address_and_pin.h
@@ -1,67 +0,0 @@
-/*
- This file is part of Challenger
- Copyright (C) 2023 Taler Systems SA
-
- Challenger is free software; you can redistribute it and/or modify it under the
- terms of the GNU General Public License as published by the Free Software
- Foundation; either version 3, or (at your option) any later version.
-
- Challenger is distributed in the hope that it will be useful, but WITHOUT ANY
- WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
- A PARTICULAR PURPOSE. See the GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License along with
- Challenger; see the file COPYING. If not, see <http://www.gnu.org/licenses/>
- */
-/**
- * @file challengerdb/pg_challenge_set_address_and_pin.h
- * @brief implementation of the challenge_set_address_and_pin function for Postgres
- * @author Christian Grothoff
- */
-#ifndef PG_CHALLENGE_SET_ADDRESS_AND_PIN_H
-#define PG_CHALLENGE_SET_ADDRESS_AND_PIN_H
-
-#include <taler/taler_util.h>
-#include <taler/taler_json_lib.h>
-#include "challenger_database_plugin.h"
-
-
-/**
- * Set the user-provided address in a validation process. Updates
- * the address and decrements the "addresses left" counter. If the
- * address did not change, the operation is successful even without
- * the counter change.
- *
- * @param cls
- * @param nonce unique nonce to use to identify the validation
- * @param address the new address to validate
- * @param validation_duration minimum time between transmissions
- * @param[in,out] tan set to the PIN/TAN last send to @a address, input should be random PIN/TAN to use if address did not change
- * @param[out] state set to client's OAuth2 state if available
- * @param[out] last_tx_time set to the last time when we (presumably) send a PIN to @a address, input should be current time to use if the existing value for tx_time is past @a next_tx_time
- * @param[out] pin_transmit set to true if we should transmit the @a last_pin to the @a address
- * @param[out] auth_attempts_left set to number of attempts the user has left on this pin
- * @param[out] client_redirect_uri redirection URI of the client (for reporting failures)
- * @param[out] address_refused set to true if the address was refused (address change attempts exhausted)
- * @param[out] solved set to true if the challenge is already solved
- * @return transaction status:
- * #GNUNET_DB_STATUS_SUCCESS_ONE_RESULT if the address was changed
- * #GNUNET_DB_STATUS_SUCCESS_NO_RESULTS if we do not permit further changes to the address (attempts exhausted)
- * #GNUNET_DB_STATUS_HARD_ERROR on failure
- */
-enum GNUNET_DB_QueryStatus
-CH_PG_challenge_set_address_and_pin (
- void *cls,
- const struct CHALLENGER_ValidationNonceP *nonce,
- const json_t *address,
- struct GNUNET_TIME_Relative validation_duration,
- uint32_t *tan,
- char **state,
- struct GNUNET_TIME_Absolute *last_tx_time,
- uint32_t *auth_attempts_left,
- bool *pin_transmit,
- char **client_redirect_uri,
- bool *address_refused,
- bool *solved);
-
-#endif
diff --git a/src/challengerdb/pg_client_add.c b/src/challengerdb/pg_client_add.c
@@ -1,59 +0,0 @@
-/*
- This file is part of Challenger
- Copyright (C) 2023 Taler Systems SA
-
- Challenger is free software; you can redistribute it and/or modify it under the
- terms of the GNU General Public License as published by the Free Software
- Foundation; either version 3, or (at your option) any later version.
-
- Challenger is distributed in the hope that it will be useful, but WITHOUT ANY
- WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
- A PARTICULAR PURPOSE. See the GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License along with
- Challenger; see the file COPYING. If not, see <http://www.gnu.org/licenses/>
- */
-/**
- * @file challengerdb/pg_client_add.c
- * @brief Implementation of the client_add function for Postgres
- * @author Christian Grothoff
- */
-#include "platform.h"
-#include <taler/taler_error_codes.h>
-#include <taler/taler_dbevents.h>
-#include <taler/taler_pq_lib.h>
-#include "pg_client_add.h"
-#include "pg_helper.h"
-
-enum GNUNET_DB_QueryStatus
-CH_PG_client_add (void *cls,
- const char *client_redirect_uri,
- const char *client_secret,
- uint64_t *client_id)
-{
- struct PostgresClosure *pg = cls;
- struct GNUNET_PQ_QueryParam params[] = {
- GNUNET_PQ_query_param_string (client_redirect_uri),
- GNUNET_PQ_query_param_string (client_secret),
- GNUNET_PQ_query_param_end
- };
- struct GNUNET_PQ_ResultSpec rs[] = {
- GNUNET_PQ_result_spec_uint64 ("client_serial_id",
- client_id),
- GNUNET_PQ_result_spec_end
- };
-
- PREPARE (pg,
- "client_add",
- "INSERT INTO clients"
- " (uri"
- " ,client_secret"
- ") VALUES "
- "($1, $2)"
- " ON CONFLICT DO NOTHING" /* CONFLICT on (uri) */
- " RETURNING client_serial_id");
- return GNUNET_PQ_eval_prepared_singleton_select (pg->conn,
- "client_add",
- params,
- rs);
-}
diff --git a/src/challengerdb/pg_client_add.h b/src/challengerdb/pg_client_add.h
@@ -1,45 +0,0 @@
-/*
- This file is part of Challenger
- Copyright (C) 2023 Taler Systems SA
-
- Challenger is free software; you can redistribute it and/or modify it under the
- terms of the GNU General Public License as published by the Free Software
- Foundation; either version 3, or (at your option) any later version.
-
- Challenger is distributed in the hope that it will be useful, but WITHOUT ANY
- WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
- A PARTICULAR PURPOSE. See the GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License along with
- Challenger; see the file COPYING. If not, see <http://www.gnu.org/licenses/>
- */
-/**
- * @file challengerdb/pg_client_add.h
- * @brief implementation of the client_add function for Postgres
- * @author Christian Grothoff
- */
-#ifndef PG_CLIENT_ADD_H
-#define PG_CLIENT_ADD_H
-
-#include <taler/taler_util.h>
-#include <taler/taler_json_lib.h>
-#include "challenger_database_plugin.h"
-
-
-/**
- * Add client to the list of authorized clients.
- *
- * @param cls
- * @param client_url URL of the client
- * @param client_secret authorization secret for the client
- * @param[out] client_id set to the client ID on success
- * @return transaction status
- */
-enum GNUNET_DB_QueryStatus
-CH_PG_client_add (void *cls,
- const char *client_url,
- const char *client_secret,
- uint64_t *client_id);
-
-
-#endif
diff --git a/src/challengerdb/pg_client_check.c b/src/challengerdb/pg_client_check.c
@@ -1,94 +0,0 @@
-/*
- This file is part of Challenger
- Copyright (C) 2023 Taler Systems SA
-
- Challenger is free software; you can redistribute it and/or modify it under the
- terms of the GNU General Public License as published by the Free Software
- Foundation; either version 3, or (at your option) any later version.
-
- Challenger is distributed in the hope that it will be useful, but WITHOUT ANY
- WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
- A PARTICULAR PURPOSE. See the GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License along with
- Challenger; see the file COPYING. If not, see <http://www.gnu.org/licenses/>
- */
-/**
- * @file challengerdb/pg_client_check.c
- * @brief Implementation of the client_check function for Postgres
- * @author Christian Grothoff
- */
-#include "platform.h"
-#include <taler/taler_error_codes.h>
-#include <taler/taler_dbevents.h>
-#include <taler/taler_pq_lib.h>
-#include "pg_client_check.h"
-#include "pg_helper.h"
-
-
-enum GNUNET_DB_QueryStatus
-CH_PG_client_check (void *cls,
- uint64_t client_id,
- const char *client_secret,
- uint32_t counter_increment,
- char **client_redirect_uri)
-{
- struct PostgresClosure *pg = cls;
- struct GNUNET_PQ_QueryParam params[] = {
- GNUNET_PQ_query_param_uint64 (&client_id),
- GNUNET_PQ_query_param_string (client_secret),
- GNUNET_PQ_query_param_uint32 (&counter_increment),
- GNUNET_PQ_query_param_end
- };
- struct GNUNET_PQ_ResultSpec rs[] = {
- GNUNET_PQ_result_spec_allow_null (
- GNUNET_PQ_result_spec_string ("uri",
- client_redirect_uri),
- NULL),
- GNUNET_PQ_result_spec_end
- };
-
- *client_redirect_uri = NULL;
- PREPARE (pg,
- "client_check",
- "UPDATE clients SET"
- " validation_counter=validation_counter+CAST($3::INT4 AS INT8)"
- " WHERE client_serial_id=$1"
- " AND client_secret=$2"
- " RETURNING uri;");
- return GNUNET_PQ_eval_prepared_singleton_select (pg->conn,
- "client_check",
- params,
- rs);
-}
-
-
-enum GNUNET_DB_QueryStatus
-CH_PG_client_check2 (void *cls,
- const char *client_uri,
- const char *client_secret,
- uint64_t *client_id)
-{
- struct PostgresClosure *pg = cls;
- struct GNUNET_PQ_QueryParam params[] = {
- GNUNET_PQ_query_param_string (client_uri),
- GNUNET_PQ_query_param_string (client_secret),
- GNUNET_PQ_query_param_end
- };
- struct GNUNET_PQ_ResultSpec rs[] = {
- GNUNET_PQ_result_spec_uint64 ("client_serial_id",
- client_id),
- GNUNET_PQ_result_spec_end
- };
-
- PREPARE (pg,
- "client_check2",
- "SELECT client_serial_id"
- " FROM clients"
- " WHERE uri=$1"
- " AND client_secret=$2;");
- return GNUNET_PQ_eval_prepared_singleton_select (pg->conn,
- "client_check2",
- params,
- rs);
-}
diff --git a/src/challengerdb/pg_client_check.h b/src/challengerdb/pg_client_check.h
@@ -1,64 +0,0 @@
-/*
- This file is part of Challenger
- Copyright (C) 2023 Taler Systems SA
-
- Challenger is free software; you can redistribute it and/or modify it under the
- terms of the GNU General Public License as published by the Free Software
- Foundation; either version 3, or (at your option) any later version.
-
- Challenger is distributed in the hope that it will be useful, but WITHOUT ANY
- WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
- A PARTICULAR PURPOSE. See the GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License along with
- Challenger; see the file COPYING. If not, see <http://www.gnu.org/licenses/>
- */
-/**
- * @file challengerdb/pg_client_check.h
- * @brief implementation of the client_check function for Postgres
- * @author Christian Grothoff
- */
-#ifndef PG_CLIENT_CHECK_H
-#define PG_CLIENT_CHECK_H
-
-#include <taler/taler_util.h>
-#include <taler/taler_json_lib.h>
-#include "challenger_database_plugin.h"
-
-
-/**
- * Check if a client is in the list of authorized clients. If @a
- * counter_increment is non-zero, the validation counter of the
- * client is incremented by the given value if the client was found.
- *
- * @param cls
- * @param client_id unique row of the client
- * @param client_secret secret of the client
- * @param counter_increment change in validation counter
- * @param[out] client_url set to URL of the client (if any)
- * @return transaction status
- */
-enum GNUNET_DB_QueryStatus
-CH_PG_client_check (void *cls,
- uint64_t client_id,
- const char *client_secret,
- uint32_t counter_increment,
- char **client_url);
-
-
-/**
- * Check if a client is in the list of authorized clients.
- *
- * @param cls
- * @param client_url client redirect URL (if known)
- * @param client_secret secret of the client
- * @param[out] set to client_id ID of the client if found
- * @return transaction status
- */
-enum GNUNET_DB_QueryStatus
-CH_PG_client_check2 (void *cls,
- const char *client_url,
- const char *client_secret,
- uint64_t *client_id);
-
-#endif
diff --git a/src/challengerdb/pg_client_delete.c b/src/challengerdb/pg_client_delete.c
@@ -1,46 +0,0 @@
-/*
- This file is part of Challenger
- Copyright (C) 2023 Taler Systems SA
-
- Challenger is free software; you can redistribute it and/or modify it under the
- terms of the GNU General Public License as published by the Free Software
- Foundation; either version 3, or (at your option) any later version.
-
- Challenger is distributed in the hope that it will be useful, but WITHOUT ANY
- WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
- A PARTICULAR PURPOSE. See the GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License along with
- Challenger; see the file COPYING. If not, see <http://www.gnu.org/licenses/>
- */
-/**
- * @file challengerdb/pg_client_delete.c
- * @brief Implementation of the client_delete function for Postgres
- * @author Christian Grothoff
- */
-#include "platform.h"
-#include <taler/taler_error_codes.h>
-#include <taler/taler_dbevents.h>
-#include <taler/taler_pq_lib.h>
-#include "pg_client_delete.h"
-#include "pg_helper.h"
-
-
-enum GNUNET_DB_QueryStatus
-CH_PG_client_delete (void *cls,
- const char *client_redirect_uri)
-{
- struct PostgresClosure *pg = cls;
- struct GNUNET_PQ_QueryParam params[] = {
- GNUNET_PQ_query_param_string (client_redirect_uri),
- GNUNET_PQ_query_param_end
- };
-
- PREPARE (pg,
- "client_delete",
- "DELETE FROM clients"
- " WHERE uri=$1;");
- return GNUNET_PQ_eval_prepared_non_select (pg->conn,
- "client_delete",
- params);
-}
diff --git a/src/challengerdb/pg_client_delete.h b/src/challengerdb/pg_client_delete.h
@@ -1,39 +0,0 @@
-/*
- This file is part of Challenger
- Copyright (C) 2023 Taler Systems SA
-
- Challenger is free software; you can redistribute it and/or modify it under the
- terms of the GNU General Public License as published by the Free Software
- Foundation; either version 3, or (at your option) any later version.
-
- Challenger is distributed in the hope that it will be useful, but WITHOUT ANY
- WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
- A PARTICULAR PURPOSE. See the GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License along with
- Challenger; see the file COPYING. If not, see <http://www.gnu.org/licenses/>
- */
-/**
- * @file challengerdb/pg_client_delete.h
- * @brief implementation of the client_delete function for Postgres
- * @author Christian Grothoff
- */
-#ifndef PG_CLIENT_DELETE_H
-#define PG_CLIENT_DELETE_H
-
-#include <taler/taler_util.h>
-#include <taler/taler_json_lib.h>
-#include "challenger_database_plugin.h"
-
-/**
- * Delete client from the list of authorized clients.
- *
- * @param cls
- * @param client_url URL of the client
- * @return transaction status
- */
-enum GNUNET_DB_QueryStatus
-CH_PG_client_delete (void *cls,
- const char *client_url);
-
-#endif
diff --git a/src/challengerdb/pg_client_modify.c b/src/challengerdb/pg_client_modify.c
@@ -1,53 +0,0 @@
-/*
- This file is part of Challenger
- Copyright (C) 2024 Taler Systems SA
-
- Challenger is free software; you can redistribute it and/or modify it under the
- terms of the GNU General Public License as published by the Free Software
- Foundation; either version 3, or (at your option) any later version.
-
- Challenger is distributed in the hope that it will be useful, but WITHOUT ANY
- WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
- A PARTICULAR PURPOSE. See the GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License along with
- Challenger; see the file COPYING. If not, see <http://www.gnu.org/licenses/>
- */
-/**
- * @file challengerdb/pg_client_modify.c
- * @brief Implementation of the client_modify function for Postgres
- * @author Christian Grothoff
- */
-#include "platform.h"
-#include <taler/taler_error_codes.h>
-#include <taler/taler_dbevents.h>
-#include <taler/taler_pq_lib.h>
-#include "pg_client_modify.h"
-#include "pg_helper.h"
-
-enum GNUNET_DB_QueryStatus
-CH_PG_client_modify (void *cls,
- uint64_t client_id,
- const char *client_redirect_uri,
- const char *client_secret)
-{
- struct PostgresClosure *pg = cls;
- struct GNUNET_PQ_QueryParam params[] = {
- GNUNET_PQ_query_param_uint64 (&client_id),
- GNUNET_PQ_query_param_string (client_redirect_uri),
- NULL == client_secret
- ? GNUNET_PQ_query_param_null ()
- : GNUNET_PQ_query_param_string (client_secret),
- GNUNET_PQ_query_param_end
- };
-
- PREPARE (pg,
- "client_modify",
- "UPDATE clients"
- " SET uri=$2"
- " ,client_secret=COALESCE($3,client_secret)"
- " WHERE client_serial_id=$1");
- return GNUNET_PQ_eval_prepared_non_select (pg->conn,
- "client_modify",
- params);
-}
diff --git a/src/challengerdb/pg_client_modify.h b/src/challengerdb/pg_client_modify.h
@@ -1,45 +0,0 @@
-/*
- This file is part of Challenger
- Copyright (C) 2024 Taler Systems SA
-
- Challenger is free software; you can redistribute it and/or modify it under the
- terms of the GNU General Public License as published by the Free Software
- Foundation; either version 3, or (at your option) any later version.
-
- Challenger is distributed in the hope that it will be useful, but WITHOUT ANY
- WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
- A PARTICULAR PURPOSE. See the GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License along with
- Challenger; see the file COPYING. If not, see <http://www.gnu.org/licenses/>
- */
-/**
- * @file challengerdb/pg_client_modify.h
- * @brief implementation of the client_modify function for Postgres
- * @author Christian Grothoff
- */
-#ifndef PG_CLIENT_MODIFY_H
-#define PG_CLIENT_MODIFY_H
-
-#include <taler/taler_util.h>
-#include <taler/taler_json_lib.h>
-#include "challenger_database_plugin.h"
-
-
-/**
- * Modify client to the list of authorized clients.
- *
- * @param cls
- * @param client_id the client ID on success
- * @param client_url URL of the client
- * @param client_secret authorization secret for the client, NULL to not modify the secret
- * @return transaction status
- */
-enum GNUNET_DB_QueryStatus
-CH_PG_client_modify (void *cls,
- uint64_t client_id,
- const char *client_url,
- const char *client_secret);
-
-
-#endif
diff --git a/src/challengerdb/pg_helper.h b/src/challengerdb/pg_helper.h
@@ -26,7 +26,7 @@
* Type of the "cls" argument given to each of the functions in
* our API.
*/
-struct PostgresClosure
+struct CHALLENGERDB_PostgresContext
{
/**
@@ -60,7 +60,7 @@ struct PostgresClosure
/**
* Check that the database connection is still up.
*
- * @param cls a `struct PostgresClosure` with connection to check
+ * @param cls a `struct CHALLENGERDB_PostgresContext` with connection to check
*/
void
CH_PG_check_connection (void *cls);
@@ -70,7 +70,7 @@ CH_PG_check_connection (void *cls);
* connection @a pg once.
* Returns with #GNUNET_DB_STATUS_HARD_ERROR on failure.
*
- * @param pg a `struct PostgresClosure`
+ * @param pg a `struct CHALLENGERDB_PostgresContext`
* @param name name to prepare the statement under
* @param sql actual SQL text
*/
diff --git a/src/challengerdb/pg_info_get_token.c b/src/challengerdb/pg_info_get_token.c
@@ -1,73 +0,0 @@
-/*
- This file is part of Challenger
- Copyright (C) 2023 Taler Systems SA
-
- Challenger is free software; you can redistribute it and/or modify it under the
- terms of the GNU General Public License as published by the Free Software
- Foundation; either version 3, or (at your option) any later version.
-
- Challenger is distributed in the hope that it will be useful, but WITHOUT ANY
- WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
- A PARTICULAR PURPOSE. See the GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License along with
- Challenger; see the file COPYING. If not, see <http://www.gnu.org/licenses/>
- */
-/**
- * @file challengerdb/pg_info_get_token.c
- * @brief Implementation of the info_get_token function for Postgres
- * @author Christian Grothoff
- */
-#include "platform.h"
-#include <taler/taler_error_codes.h>
-#include <taler/taler_dbevents.h>
-#include <taler/taler_pq_lib.h>
-#include "pg_info_get_token.h"
-#include "pg_helper.h"
-
-
-enum GNUNET_DB_QueryStatus
-CH_PG_info_get_token (
- void *cls,
- const struct CHALLENGER_AccessTokenP *token,
- uint64_t *rowid,
- json_t **address,
- struct GNUNET_TIME_Timestamp *address_expiration)
-{
- struct PostgresClosure *pg = cls;
- struct GNUNET_TIME_Absolute now
- = GNUNET_TIME_absolute_get ();
- struct GNUNET_PQ_QueryParam params[] = {
- GNUNET_PQ_query_param_auto_from_type (token),
- GNUNET_PQ_query_param_absolute_time (&now),
- GNUNET_PQ_query_param_end
- };
- struct GNUNET_TIME_Absolute at;
- struct GNUNET_PQ_ResultSpec rs[] = {
- GNUNET_PQ_result_spec_uint64 ("rowid",
- rowid),
- TALER_PQ_result_spec_json ("address",
- address),
- GNUNET_PQ_result_spec_absolute_time ("address_expiration_time",
- &at),
- GNUNET_PQ_result_spec_end
- };
- enum GNUNET_DB_QueryStatus qs;
-
- PREPARE (pg,
- "info_get_token",
- "SELECT "
- " grant_serial_id AS rowid"
- " ,address"
- " ,address_expiration_time"
- " FROM tokens"
- " WHERE access_token=$1"
- " AND token_expiration_time > $2");
- qs = GNUNET_PQ_eval_prepared_singleton_select (pg->conn,
- "info_get_token",
- params,
- rs);
- if (qs > 0)
- *address_expiration = GNUNET_TIME_absolute_to_timestamp (at);
- return qs;
-}
diff --git a/src/challengerdb/pg_info_get_token.h b/src/challengerdb/pg_info_get_token.h
@@ -1,48 +0,0 @@
-/*
- This file is part of Challenger
- Copyright (C) 2023 Taler Systems SA
-
- Challenger is free software; you can redistribute it and/or modify it under the
- terms of the GNU General Public License as published by the Free Software
- Foundation; either version 3, or (at your option) any later version.
-
- Challenger is distributed in the hope that it will be useful, but WITHOUT ANY
- WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
- A PARTICULAR PURPOSE. See the GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License along with
- Challenger; see the file COPYING. If not, see <http://www.gnu.org/licenses/>
- */
-/**
- * @file challengerdb/pg_info_get_token.h
- * @brief implementation of the info_get_token function for Postgres
- * @author Christian Grothoff
- */
-#ifndef PG_INFO_GET_GRANT_H
-#define PG_INFO_GET_GRANT_H
-
-#include <taler/taler_util.h>
-#include <taler/taler_json_lib.h>
-#include "challenger_database_plugin.h"
-
-
-/**
- * Return @a address which @a grant gives access to.
- *
- * @param cls closure
- * @param grant grant token that grants access
- * @param[out] rowid account identifier within challenger
- * @param[out] address set to the address under @a grant
- * @param[out] address_expiration set to how long we consider @a address to be valid
- * @return transaction status
- */
-enum GNUNET_DB_QueryStatus
-CH_PG_info_get_token (
- void *cls,
- const struct CHALLENGER_AccessTokenP *grant,
- uint64_t *rowid,
- json_t **address,
- struct GNUNET_TIME_Timestamp *address_expiration);
-
-
-#endif
diff --git a/src/challengerdb/pg_setup_nonce.c b/src/challengerdb/pg_setup_nonce.c
@@ -1,61 +0,0 @@
-/*
- This file is part of Challenger
- Copyright (C) 2023 Taler Systems SA
-
- Challenger is free software; you can redistribute it and/or modify it under the
- terms of the GNU General Public License as published by the Free Software
- Foundation; either version 3, or (at your option) any later version.
-
- Challenger is distributed in the hope that it will be useful, but WITHOUT ANY
- WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
- A PARTICULAR PURPOSE. See the GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License along with
- Challenger; see the file COPYING. If not, see <http://www.gnu.org/licenses/>
- */
-/**
- * @file challengerdb/pg_setup_nonce.c
- * @brief Implementation of the validation_setup function for Postgres
- * @author Christian Grothoff
- */
-#include "platform.h"
-#include <taler/taler_error_codes.h>
-#include <taler/taler_dbevents.h>
-#include <taler/taler_pq_lib.h>
-#include "pg_setup_nonce.h"
-#include "pg_helper.h"
-
-
-enum GNUNET_DB_QueryStatus
-CH_PG_setup_nonce (void *cls,
- uint64_t client_id,
- const struct CHALLENGER_ValidationNonceP *nonce,
- struct GNUNET_TIME_Absolute expiration_time,
- const json_t *initial_address)
-{
- struct PostgresClosure *pg = cls;
- struct GNUNET_PQ_QueryParam params[] = {
- GNUNET_PQ_query_param_uint64 (&client_id),
- GNUNET_PQ_query_param_auto_from_type (nonce),
- GNUNET_PQ_query_param_absolute_time (&expiration_time),
- NULL == initial_address
- ? GNUNET_PQ_query_param_null ()
- : TALER_PQ_query_param_json (initial_address),
- GNUNET_PQ_query_param_end
- };
-
- PREPARE (pg,
- "setup_nonce",
- "INSERT INTO validations"
- " (client_serial_id"
- " ,nonce"
- " ,expiration_time"
- " ,client_redirect_uri"
- " ,address"
- ") SELECT $1, $2, $3, uri, $4"
- " FROM CLIENTS"
- " WHERE client_serial_id=$1;");
- return GNUNET_PQ_eval_prepared_non_select (pg->conn,
- "setup_nonce",
- params);
-}
diff --git a/src/challengerdb/pg_setup_nonce.h b/src/challengerdb/pg_setup_nonce.h
@@ -1,48 +0,0 @@
-/*
- This file is part of Challenger
- Copyright (C) 2023 Taler Systems SA
-
- Challenger is free software; you can redistribute it and/or modify it under the
- terms of the GNU General Public License as published by the Free Software
- Foundation; either version 3, or (at your option) any later version.
-
- Challenger is distributed in the hope that it will be useful, but WITHOUT ANY
- WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
- A PARTICULAR PURPOSE. See the GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License along with
- Challenger; see the file COPYING. If not, see <http://www.gnu.org/licenses/>
- */
-/**
- * @file challengerdb/pg_setup_nonce.h
- * @brief implementation of the validation_setup function for Postgres
- * @author Christian Grothoff
- */
-#ifndef PG_VALIDATION_SETUP_H
-#define PG_VALIDATION_SETUP_H
-
-#include <taler/taler_util.h>
-#include <taler/taler_json_lib.h>
-#include "challenger_database_plugin.h"
-
-/**
- * Start validation process by setting up a validation entry. Allows
- * the respective user who learns the @a nonce to later begin the
- * process.
- *
- * @param cls closure
- * @param client_id ID of the client
- * @param nonce unique nonce to use to identify the validation
- * @param expiration_time when will the validation expire
- * @param initial_address address the user should validate,
- * NULL if the user should enter it themselves
- * @return transaction status
- */
-enum GNUNET_DB_QueryStatus
-CH_PG_setup_nonce (void *cls,
- uint64_t client_id,
- const struct CHALLENGER_ValidationNonceP *nonce,
- struct GNUNET_TIME_Absolute expiration_time,
- const json_t *initial_address);
-
-#endif
diff --git a/src/challengerdb/pg_template.c b/src/challengerdb/pg_template.c
@@ -1,26 +0,0 @@
-/*
- This file is part of Challenger
- Copyright (C) 2023 Taler Systems SA
-
- Challenger is free software; you can redistribute it and/or modify it under the
- terms of the GNU General Public License as published by the Free Software
- Foundation; either version 3, or (at your option) any later version.
-
- Challenger is distributed in the hope that it will be useful, but WITHOUT ANY
- WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
- A PARTICULAR PURPOSE. See the GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License along with
- Challenger; see the file COPYING. If not, see <http://www.gnu.org/licenses/>
- */
-/**
- * @file challengerdb/pg_template.c
- * @brief Implementation of the template function for Postgres
- * @author Christian Grothoff
- */
-#include "platform.h"
-#include <taler/taler_error_codes.h>
-#include <taler/taler_dbevents.h>
-#include <taler/taler_pq_lib.h>
-#include "pg_template.h"
-#include "pg_helper.h"
diff --git a/src/challengerdb/pg_template.h b/src/challengerdb/pg_template.h
@@ -1,29 +0,0 @@
-/*
- This file is part of Challenger
- Copyright (C) 2023 Taler Systems SA
-
- Challenger is free software; you can redistribute it and/or modify it under the
- terms of the GNU General Public License as published by the Free Software
- Foundation; either version 3, or (at your option) any later version.
-
- Challenger is distributed in the hope that it will be useful, but WITHOUT ANY
- WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
- A PARTICULAR PURPOSE. See the GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License along with
- Challenger; see the file COPYING. If not, see <http://www.gnu.org/licenses/>
- */
-/**
- * @file challengerdb/pg_template.h
- * @brief implementation of the template function for Postgres
- * @author Christian Grothoff
- */
-#ifndef PG_TEMPLATE_H
-#define PG_TEMPLATE_H
-
-#include <taler/taler_util.h>
-#include <taler/taler_json_lib.h>
-#include "challenger_database_plugin.h"
-
-
-#endif
diff --git a/src/challengerdb/pg_token_add_token.c b/src/challengerdb/pg_token_add_token.c
@@ -1,62 +0,0 @@
-/*
- This file is part of Challenger
- Copyright (C) 2023 Taler Systems SA
-
- Challenger is free software; you can redistribute it and/or modify it under the
- terms of the GNU General Public License as published by the Free Software
- Foundation; either version 3, or (at your option) any later version.
-
- Challenger is distributed in the hope that it will be useful, but WITHOUT ANY
- WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
- A PARTICULAR PURPOSE. See the GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License along with
- Challenger; see the file COPYING. If not, see <http://www.gnu.org/licenses/>
- */
-/**
- * @file challengerdb/pg_token_add_token.c
- * @brief Implementation of the token_add_token function for Postgres
- * @author Christian Grothoff
- */
-#include "platform.h"
-#include <taler/taler_error_codes.h>
-#include <taler/taler_dbevents.h>
-#include <taler/taler_pq_lib.h>
-#include "pg_token_add_token.h"
-#include "pg_helper.h"
-
-
-enum GNUNET_DB_QueryStatus
-CH_PG_token_add_token (
- void *cls,
- const struct CHALLENGER_ValidationNonceP *nonce,
- const struct CHALLENGER_AccessTokenP *token,
- struct GNUNET_TIME_Relative token_expiration,
- struct GNUNET_TIME_Relative address_expiration)
-{
- struct PostgresClosure *pg = cls;
- struct GNUNET_TIME_Absolute ge
- = GNUNET_TIME_relative_to_absolute (token_expiration);
- struct GNUNET_PQ_QueryParam params[] = {
- GNUNET_PQ_query_param_auto_from_type (nonce),
- GNUNET_PQ_query_param_auto_from_type (token),
- GNUNET_PQ_query_param_absolute_time (&ge),
- GNUNET_PQ_query_param_relative_time (&address_expiration),
- GNUNET_PQ_query_param_end
- };
-
- PREPARE (pg,
- "token_add_token",
- "INSERT INTO tokens"
- " (access_token"
- " ,address"
- " ,token_expiration_time"
- " ,address_expiration_time"
- ") SELECT"
- " $2, address, $3, $4 + last_tx_time"
- " FROM validations"
- " WHERE nonce=$1;");
- return GNUNET_PQ_eval_prepared_non_select (pg->conn,
- "token_add_token",
- params);
-}
diff --git a/src/challengerdb/pg_token_add_token.h b/src/challengerdb/pg_token_add_token.h
@@ -1,48 +0,0 @@
-/*
- This file is part of Challenger
- Copyright (C) 2023 Taler Systems SA
-
- Challenger is free software; you can redistribute it and/or modify it under the
- terms of the GNU General Public License as published by the Free Software
- Foundation; either version 3, or (at your option) any later version.
-
- Challenger is distributed in the hope that it will be useful, but WITHOUT ANY
- WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
- A PARTICULAR PURPOSE. See the GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License along with
- Challenger; see the file COPYING. If not, see <http://www.gnu.org/licenses/>
- */
-/**
- * @file challengerdb/pg_token_add_token.h
- * @brief implementation of the token_add_token function for Postgres
- * @author Christian Grothoff
- */
-#ifndef PG_AUTH_ADD_GRANT_H
-#define PG_AUTH_ADD_GRANT_H
-
-#include <taler/taler_util.h>
-#include <taler/taler_json_lib.h>
-#include "challenger_database_plugin.h"
-
-
-/**
- * Add access @a grant to address under @a nonce.
- *
- * @param cls closure
- * @param nonce validation process to grant access to
- * @param grant grant token that grants access
- * @param grant_expiration for how long should the grant be valid
- * @param address_expiration for how long after validation do we consider addresses to be valid
- * @return transaction status
- */
-enum GNUNET_DB_QueryStatus
-CH_PG_token_add_token (
- void *cls,
- const struct CHALLENGER_ValidationNonceP *nonce,
- const struct CHALLENGER_AccessTokenP *grant,
- struct GNUNET_TIME_Relative grant_expiration,
- struct GNUNET_TIME_Relative address_expiration);
-
-
-#endif
diff --git a/src/challengerdb/pg_validate_login_address.c b/src/challengerdb/pg_validate_login_address.c
@@ -1,84 +0,0 @@
-/*
- This file is part of Challenger
- Copyright (C) 2023 Taler Systems SA
-
- Challenger is free software; you can redistribute it and/or modify it under the
- terms of the GNU General Public License as published by the Free Software
- Foundation; either version 3, or (at your option) any later version.
-
- Challenger is distributed in the hope that it will be useful, but WITHOUT ANY
- WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
- A PARTICULAR PURPOSE. See the GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License along with
- Challenger; see the file COPYING. If not, see <http://www.gnu.org/licenses/>
- */
-/**
- * @file challengerdb/pg_validate_login_address.c
- * @brief Implementation of the validate_login_address function for Postgres
- * @author Christian Grothoff
- */
-#include "platform.h"
-#include <taler/taler_error_codes.h>
-#include <taler/taler_dbevents.h>
-#include <taler/taler_pq_lib.h>
-#include "pg_validate_login_address.h"
-#include "pg_helper.h"
-
-
-enum GNUNET_DB_QueryStatus
-CH_PG_validate_login_address (void *cls,
- const struct CHALLENGER_ValidationNonceP *nonce,
- const char *address,
- const char *client_scope,
- const char *client_state,
- const char *client_redirect_uri,
- struct GNUNET_TIME_Absolute *last_tx_time,
- uint32_t *last_pin,
- uint32_t *pin_attempts_left)
-{
- struct PostgresClosure *pg = cls;
- struct GNUNET_PQ_QueryParam params[] = {
- GNUNET_PQ_query_param_auto_from_type (nonce),
- GNUNET_PQ_query_param_string (address),
- GNUNET_PQ_query_param_string (client_scope),
- GNUNET_PQ_query_param_string (client_state),
- NULL != client_redirect_uri
- ? GNUNET_PQ_query_param_string (client_redirect_uri)
- : GNUNET_PQ_query_param_null (),
- GNUNET_PQ_query_param_end
- };
- struct GNUNET_PQ_ResultSpec rs[] = {
- GNUNET_PQ_result_spec_absolute_time ("last_tx_time",
- last_tx_time),
- GNUNET_PQ_result_spec_uint32 ("last_pin",
- last_pin),
- GNUNET_PQ_result_spec_uint32 ("pin_attempts_left",
- pin_attempts_left),
- GNUNET_PQ_result_spec_end
- };
-
- PREPARE (pg,
- "validate_set_address",
- "UPDATE validations SET"
- " address_attempts_left=CASE"
- " WHEN address != $2"
- " THEN address_attempts_left - 1"
- " ELSE address_attempts_left"
- " END"
- " ,address=$2"
- " ,client_scope=$3"
- " ,client_state=$4"
- " ,client_redirect_uri=$5"
- " WHERE nonce=$1"
- " AND (address_attempts_left > 0"
- " OR address == $2)"
- " RETURNING"
- " last_tx_time"
- " ,last_pin"
- " ,pin_attempts_left;");
- return GNUNET_PQ_eval_prepared_singleton_select (pg->conn,
- "validate_set_address",
- params,
- rs);
-}
diff --git a/src/challengerdb/pg_validate_login_address.h b/src/challengerdb/pg_validate_login_address.h
@@ -1,61 +0,0 @@
-/*
- This file is part of Challenger
- Copyright (C) 2023 Taler Systems SA
-
- Challenger is free software; you can redistribute it and/or modify it under the
- terms of the GNU General Public License as published by the Free Software
- Foundation; either version 3, or (at your option) any later version.
-
- Challenger is distributed in the hope that it will be useful, but WITHOUT ANY
- WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
- A PARTICULAR PURPOSE. See the GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License along with
- Challenger; see the file COPYING. If not, see <http://www.gnu.org/licenses/>
- */
-/**
- * @file challengerdb/pg_validate_login_address.h
- * @brief implementation of the validate_login_address function for Postgres
- * @author Christian Grothoff
- */
-#ifndef PG_VALIDATE_LOGIN_ADDRESS_H
-#define PG_VALIDATE_LOGIN_ADDRESS_H
-
-#include <taler/taler_util.h>
-#include <taler/taler_json_lib.h>
-#include "challenger_database_plugin.h"
-
-
-/**
- * Set the user-provided address in a validation process. Updates
- * the address and decrements the "addresses left" counter. If the
- * address did not change, the operation is successful even without
- * the counter change.
- *
- * @param cls
- * @param nonce unique nonce to use to identify the validation
- * @param address the new address to validate
- * @param client_scope scope of the validation
- * @param client_state state of the client
- * @param client_redirect_uri where to redirect at the end, NULL to use a unique one registered for the client
- * @param[out] last_tx_time set to the last time when we (presumably) send a PIN to @a address; 0 if never sent
- * @param[out] last_pin set to the PIN last send to @a address, 0 if never sent
- * @param[in,out] pin_attempts_left set to number of PIN transmission attempts left for this address; input is value to be used if address is new, output is possibly different if address was not new
- * @return transaction status:
- * #GNUNET_DB_STATUS_SUCCESS_ONE_RESULT if the address was changed
- * #GNUNET_DB_STATUS_SUCCESS_NO_RESULTS if we do not permit further changes to the address (attempts exhausted)
- * #GNUNET_DB_STATUS_HARD_ERROR on failure
- */
-enum GNUNET_DB_QueryStatus
-CH_PG_validate_login_address (void *cls,
- const struct CHALLENGER_ValidationNonceP *nonce,
- const char *address,
- const char *client_scope,
- const char *client_state,
- const char *client_redirect_uri,
- struct GNUNET_TIME_Absolute *last_tx_time,
- uint32_t *last_pin,
- uint32_t *pin_attempts_left);
-
-
-#endif
diff --git a/src/challengerdb/pg_validate_login_pin.c b/src/challengerdb/pg_validate_login_pin.c
@@ -1,57 +0,0 @@
-/*
- This file is part of Challenger
- Copyright (C) 2023 Taler Systems SA
-
- Challenger is free software; you can redistribute it and/or modify it under the
- terms of the GNU General Public License as published by the Free Software
- Foundation; either version 3, or (at your option) any later version.
-
- Challenger is distributed in the hope that it will be useful, but WITHOUT ANY
- WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
- A PARTICULAR PURPOSE. See the GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License along with
- Challenger; see the file COPYING. If not, see <http://www.gnu.org/licenses/>
- */
-/**
- * @file challengerdb/pg_validate_login_pin.c
- * @brief Implementation of the validate_login_pin function for Postgres
- * @author Christian Grothoff
- */
-#include "platform.h"
-#include <taler/taler_error_codes.h>
-#include <taler/taler_dbevents.h>
-#include <taler/taler_pq_lib.h>
-#include "pg_validate_login_pin.h"
-#include "pg_helper.h"
-
-
-enum GNUNET_DB_QueryStatus
-CH_PG_validate_login_pin (void *cls,
- const struct CHALLENGER_ValidationNonceP *nonce,
- struct GNUNET_TIME_Absolute tx_time,
- uint32_t new_pin,
- uint32_t auth_attempts_allowed)
-{
- struct PostgresClosure *pg = cls;
- struct GNUNET_PQ_QueryParam params[] = {
- GNUNET_PQ_query_param_auto_from_type (nonce),
- GNUNET_PQ_query_param_absolute_time (&tx_time),
- GNUNET_PQ_query_param_uint32 (&new_pin),
- GNUNET_PQ_query_param_uint32 (&auth_attempts_allowed),
- GNUNET_PQ_query_param_end
- };
-
- PREPARE (pg,
- "validate_login_set_pin",
- "UPDATE validations SET"
- " last_tx_time=$2"
- " ,last_pin=$3"
- " ,auth_attempts_left=$4"
- " ,pin_attempts_left=pin_attempts_left - 1"
- " WHERE nonce=$1"
- " AND pin_attempts_left > 0;");
- return GNUNET_PQ_eval_prepared_non_select (pg->conn,
- "validate_login_set_pin",
- params);
-}
diff --git a/src/challengerdb/pg_validate_login_pin.h b/src/challengerdb/pg_validate_login_pin.h
@@ -1,50 +0,0 @@
-/*
- This file is part of Challenger
- Copyright (C) 2023 Taler Systems SA
-
- Challenger is free software; you can redistribute it and/or modify it under the
- terms of the GNU General Public License as published by the Free Software
- Foundation; either version 3, or (at your option) any later version.
-
- Challenger is distributed in the hope that it will be useful, but WITHOUT ANY
- WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
- A PARTICULAR PURPOSE. See the GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License along with
- Challenger; see the file COPYING. If not, see <http://www.gnu.org/licenses/>
- */
-/**
- * @file challengerdb/pg_validate_login_pin.h
- * @brief implementation of the validate_login_pin function for Postgres
- * @author Christian Grothoff
- */
-#ifndef PG_VALIDATE_LOGIN_PIN_H
-#define PG_VALIDATE_LOGIN_PIN_H
-
-#include <taler/taler_util.h>
-#include <taler/taler_json_lib.h>
-#include "challenger_database_plugin.h"
-
-
-/**
- * Store a new PIN to be used to validate an address.
- *
- * @param cls
- * @param nonce unique nonce to use to identify the validation
- * @param tx_time the current time
- * @param new_pin the PIN we are sending
- * @param auth_attempts_allowed how many attempts do we give to the user to enter the correct PIN
- * @return transaction status:
- * #GNUNET_DB_STATUS_SUCCESS_ONE_RESULT if the pin was stored
- * #GNUNET_DB_STATUS_SUCCESS_NO_RESULTS if we do not know the @a nonce or if pin attempts left is zero
- * #GNUNET_DB_STATUS_HARD_ERROR on failure
- */
-enum GNUNET_DB_QueryStatus
-CH_PG_validate_login_pin (void *cls,
- const struct CHALLENGER_ValidationNonceP *nonce,
- struct GNUNET_TIME_Absolute tx_time,
- uint32_t new_pin,
- uint32_t auth_attempts_allowed);
-
-
-#endif
diff --git a/src/challengerdb/pg_validate_solve_pin.c b/src/challengerdb/pg_validate_solve_pin.c
@@ -1,100 +0,0 @@
-/*
- This file is part of Challenger
- Copyright (C) 2023 Taler Systems SA
-
- Challenger is free software; you can redistribute it and/or modify it under the
- terms of the GNU General Public License as published by the Free Software
- Foundation; either version 3, or (at your option) any later version.
-
- Challenger is distributed in the hope that it will be useful, but WITHOUT ANY
- WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
- A PARTICULAR PURPOSE. See the GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License along with
- Challenger; see the file COPYING. If not, see <http://www.gnu.org/licenses/>
- */
-/**
- * @file challengerdb/pg_validate_solve_pin.c
- * @brief Implementation of the validate_solve_pin function for Postgres
- * @author Christian Grothoff
- */
-#include "platform.h"
-#include <taler/taler_error_codes.h>
-#include <taler/taler_dbevents.h>
-#include <taler/taler_pq_lib.h>
-#include "pg_validate_solve_pin.h"
-#include "pg_helper.h"
-
-
-enum GNUNET_DB_QueryStatus
-CH_PG_validate_solve_pin (void *cls,
- const struct CHALLENGER_ValidationNonceP *nonce,
- uint32_t new_pin,
- bool *solved,
- bool *exhausted,
- bool *no_challenge,
- char **state,
- uint32_t *addr_left,
- uint32_t *auth_attempts_left,
- uint32_t *pin_transmissions_left,
- char **client_redirect_uri)
-{
- struct PostgresClosure *pg = cls;
- struct GNUNET_PQ_QueryParam params[] = {
- GNUNET_PQ_query_param_auto_from_type (nonce),
- GNUNET_PQ_query_param_uint32 (&new_pin),
- GNUNET_PQ_query_param_end
- };
- bool not_found;
- struct GNUNET_PQ_ResultSpec rs[] = {
- GNUNET_PQ_result_spec_bool ("not_found",
- ¬_found),
- GNUNET_PQ_result_spec_bool ("solved",
- solved),
- GNUNET_PQ_result_spec_bool ("exhausted",
- exhausted),
- GNUNET_PQ_result_spec_bool ("no_challenge",
- no_challenge),
- GNUNET_PQ_result_spec_uint32 ("address_attempts_left",
- addr_left),
- GNUNET_PQ_result_spec_uint32 ("auth_attempts_left",
- auth_attempts_left),
- GNUNET_PQ_result_spec_uint32 ("pin_transmissions_left",
- pin_transmissions_left),
- GNUNET_PQ_result_spec_allow_null (
- GNUNET_PQ_result_spec_string ("client_redirect_uri",
- client_redirect_uri),
- NULL),
- GNUNET_PQ_result_spec_allow_null (
- GNUNET_PQ_result_spec_string ("state",
- state),
- NULL),
- GNUNET_PQ_result_spec_end
- };
- enum GNUNET_DB_QueryStatus qs;
-
- *client_redirect_uri = NULL;
- PREPARE (pg,
- "do_validate_solve_pin",
- "SELECT "
- " out_not_found AS not_found"
- ",out_solved AS solved"
- ",out_exhausted AS exhausted"
- ",out_no_challenge AS no_challenge"
- ",out_state AS state"
- ",out_address_attempts_left AS address_attempts_left"
- ",out_auth_attempts_left AS auth_attempts_left"
- ",out_pin_transmissions_left AS pin_transmissions_left"
- ",out_client_redirect_uri AS client_redirect_uri"
- " FROM challenger_do_validate_and_solve_pin"
- " ($1,$2);");
- qs = GNUNET_PQ_eval_prepared_singleton_select (pg->conn,
- "do_validate_solve_pin",
- params,
- rs);
- if (qs <= 0)
- return qs;
- if (not_found)
- return GNUNET_DB_STATUS_SUCCESS_NO_RESULTS;
- return qs;
-}
diff --git a/src/challengerdb/pg_validate_solve_pin.h b/src/challengerdb/pg_validate_solve_pin.h
@@ -1,63 +0,0 @@
-/*
- This file is part of Challenger
- Copyright (C) 2023 Taler Systems SA
-
- Challenger is free software; you can redistribute it and/or modify it under the
- terms of the GNU General Public License as published by the Free Software
- Foundation; either version 3, or (at your option) any later version.
-
- Challenger is distributed in the hope that it will be useful, but WITHOUT ANY
- WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
- A PARTICULAR PURPOSE. See the GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License along with
- Challenger; see the file COPYING. If not, see <http://www.gnu.org/licenses/>
- */
-/**
- * @file challengerdb/pg_validate_solve_pin.h
- * @brief implementation of the validate_solve_pin function for Postgres
- * @author Christian Grothoff
- */
-#ifndef PG_VALIDATE_SOLVE_PIN_H
-#define PG_VALIDATE_SOLVE_PIN_H
-
-#include <taler/taler_util.h>
-#include <taler/taler_json_lib.h>
-#include "challenger_database_plugin.h"
-
-
-/**
- * Check PIN entered to validate an address.
- *
- * @param cls
- * @param nonce unique nonce to use to identify the validation
- * @param new_pin the PIN the user entered
- * @param[out] solved set to true if the PIN was correct
- * @param[out] exhausted set to true if the number of attempts to enter the correct PIN has been exhausted
- * @param[out] no_challenge set to true if we never even issued a challenge
- * @param[out] state set to client's OAuth2 state if available
- * @param[out] addr_left set to number of address changes remaining
- * @param[out] auth_attempts_left set to number of authentication attempts remaining
- * @param[out] pin_transmissions_left set to number of times the PIN can still be re-requested
- * @param[out] client_redirect_uri set to OAuth2 client redirect URI
- * @return transaction status:
- * #GNUNET_DB_STATUS_SUCCESS_ONE_RESULT if the nonce was found
- * #GNUNET_DB_STATUS_SUCCESS_NO_RESULTS if we do not know the nonce
- * #GNUNET_DB_STATUS_HARD_ERROR on failure
- */
-enum GNUNET_DB_QueryStatus
-CH_PG_validate_solve_pin (
- void *cls,
- const struct CHALLENGER_ValidationNonceP *nonce,
- uint32_t new_pin,
- bool *solved,
- bool *exhausted,
- bool *no_challenge,
- char **state,
- uint32_t *addr_left,
- uint32_t *auth_attempts_left,
- uint32_t *pin_transmissions_left,
- char **client_redirect_uri);
-
-
-#endif
diff --git a/src/challengerdb/pg_validation_get.c b/src/challengerdb/pg_validation_get.c
@@ -1,81 +0,0 @@
-/*
- This file is part of Challenger
- Copyright (C) 2023 Taler Systems SA
-
- Challenger is free software; you can redistribute it and/or modify it under the
- terms of the GNU General Public License as published by the Free Software
- Foundation; either version 3, or (at your option) any later version.
-
- Challenger is distributed in the hope that it will be useful, but WITHOUT ANY
- WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
- A PARTICULAR PURPOSE. See the GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License along with
- Challenger; see the file COPYING. If not, see <http://www.gnu.org/licenses/>
- */
-/**
- * @file challengerdb/pg_validation_get.c
- * @brief Implementation of the validation_get function for Postgres
- * @author Christian Grothoff
- */
-#include "platform.h"
-#include <taler/taler_error_codes.h>
-#include <taler/taler_dbevents.h>
-#include <taler/taler_pq_lib.h>
-#include "pg_validation_get.h"
-#include "pg_helper.h"
-
-enum GNUNET_DB_QueryStatus
-CH_PG_validation_get (void *cls,
- const struct CHALLENGER_ValidationNonceP *nonce,
- char **client_secret,
- json_t **address,
- char **client_scope,
- char **client_state,
- char **client_redirect_uri)
-{
- struct PostgresClosure *pg = cls;
- struct GNUNET_PQ_QueryParam params[] = {
- GNUNET_PQ_query_param_auto_from_type (nonce),
- GNUNET_PQ_query_param_end
- };
- struct GNUNET_PQ_ResultSpec rs[] = {
- GNUNET_PQ_result_spec_string ("client_secret",
- client_secret),
- GNUNET_PQ_result_spec_allow_null (
- TALER_PQ_result_spec_json ("address",
- address),
- NULL),
- GNUNET_PQ_result_spec_allow_null (
- GNUNET_PQ_result_spec_string ("client_scope",
- client_scope),
- NULL),
- GNUNET_PQ_result_spec_allow_null (
- GNUNET_PQ_result_spec_string ("client_state",
- client_state),
- NULL),
- GNUNET_PQ_result_spec_string ("redirect_uri",
- client_redirect_uri),
- GNUNET_PQ_result_spec_end
- };
-
- *client_scope = NULL;
- *client_state = NULL;
- *address = NULL;
- PREPARE (pg,
- "validation_get",
- "SELECT "
- " client_secret"
- " ,address"
- " ,client_scope"
- " ,client_state"
- " ,COALESCE(client_redirect_uri,uri) AS redirect_uri"
- " FROM validations"
- " JOIN clients "
- " USING (client_serial_id)"
- " WHERE nonce=$1");
- return GNUNET_PQ_eval_prepared_singleton_select (pg->conn,
- "validation_get",
- params,
- rs);
-}
diff --git a/src/challengerdb/pg_validation_get.h b/src/challengerdb/pg_validation_get.h
@@ -1,55 +0,0 @@
-/*
- This file is part of Challenger
- Copyright (C) 2023 Taler Systems SA
-
- Challenger is free software; you can redistribute it and/or modify it under the
- terms of the GNU General Public License as published by the Free Software
- Foundation; either version 3, or (at your option) any later version.
-
- Challenger is distributed in the hope that it will be useful, but WITHOUT ANY
- WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
- A PARTICULAR PURPOSE. See the GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License along with
- Challenger; see the file COPYING. If not, see <http://www.gnu.org/licenses/>
- */
-/**
- * @file challengerdb/pg_validation_get.h
- * @brief implementation of the validation_get function for Postgres
- * @author Christian Grothoff
- */
-#ifndef PG_VALIDATION_GET_H
-#define PG_VALIDATION_GET_H
-
-#include <taler/taler_util.h>
-#include <taler/taler_json_lib.h>
-#include "challenger_database_plugin.h"
-
-
-/**
- * Return validation details. Used by ``/solve``, ``/auth`` and
- * ``/info`` endpoints to authorize and return validated user
- * address to the client.
- *
- * @param cls
- * @param nonce unique nonce to use to identify the validation
- * @param[out] client_secret set to secret of client (for client that setup the challenge)
- * @param[out] address set to client-provided address
- * @param[out] client_scope set to OAuth2 scope
- * @param[out] client_state set to client state
- * @param[out] client_redirect_uri set to client redirect URL
- * @return transaction status:
- * #GNUNET_DB_STATUS_SUCCESS_ONE_RESULT if the nonce was found
- * #GNUNET_DB_STATUS_SUCCESS_NO_RESULTS if we do not know the nonce
- * #GNUNET_DB_STATUS_HARD_ERROR on failure
- */
-enum GNUNET_DB_QueryStatus
-CH_PG_validation_get (void *cls,
- const struct CHALLENGER_ValidationNonceP *nonce,
- char **client_secret,
- json_t **address,
- char **client_scope,
- char **client_state,
- char **client_redirect_uri);
-
-#endif
diff --git a/src/challengerdb/pg_validation_get_pkce.c b/src/challengerdb/pg_validation_get_pkce.c
@@ -1,94 +0,0 @@
-/*
- This file is part of Challenger
- Copyright (C) 2023 Taler Systems SA
-
- Challenger is free software; you can redistribute it and/or modify it under the
- terms of the GNU General Public License as published by the Free Software
- Foundation; either version 3, or (at your option) any later version.
-
- Challenger is distributed in the hope that it will be useful, but WITHOUT ANY
- WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
- A PARTICULAR PURPOSE. See the GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License along with
- Challenger; see the file COPYING. If not, see <http://www.gnu.org/licenses/>
- */
-/**
- * @file challengerdb/pg_validation_get_pkce.c
- * @brief Implementation of the validation_get_pkce function for Postgres
- * @author Bohdan Potuzhnyi
- * @author Vlada Svirsh
- */
-#include "platform.h"
-#include <taler/taler_error_codes.h>
-#include <taler/taler_dbevents.h>
-#include <taler/taler_pq_lib.h>
-#include "pg_validation_get_pkce.h"
-#include "pg_helper.h"
-
-enum GNUNET_DB_QueryStatus
-CH_PG_validation_get_pkce (void *cls,
- const struct CHALLENGER_ValidationNonceP *nonce,
- char **client_secret,
- json_t **address,
- char **client_scope,
- char **client_state,
- char **client_redirect_uri,
- char **code_challenge,
- uint32_t *code_challenge_method)
-{
- struct PostgresClosure *pg = cls;
- struct GNUNET_PQ_QueryParam params[] = {
- GNUNET_PQ_query_param_auto_from_type (nonce),
- GNUNET_PQ_query_param_end
- };
- struct GNUNET_PQ_ResultSpec rs[] = {
- GNUNET_PQ_result_spec_string ("client_secret",
- client_secret),
- GNUNET_PQ_result_spec_allow_null (
- TALER_PQ_result_spec_json ("address",
- address),
- NULL),
- GNUNET_PQ_result_spec_allow_null (
- GNUNET_PQ_result_spec_string ("client_scope",
- client_scope),
- NULL),
- GNUNET_PQ_result_spec_allow_null (
- GNUNET_PQ_result_spec_string ("client_state",
- client_state),
- NULL),
- GNUNET_PQ_result_spec_string ("redirect_uri",
- client_redirect_uri),
- GNUNET_PQ_result_spec_allow_null (
- GNUNET_PQ_result_spec_string ("code_challenge",
- code_challenge),
- NULL),
- GNUNET_PQ_result_spec_allow_null (
- GNUNET_PQ_result_spec_uint32 ("code_challenge_method",
- code_challenge_method),
- NULL),
- GNUNET_PQ_result_spec_end
- };
-
- *client_scope = NULL;
- *client_state = NULL;
- *address = NULL;
- PREPARE (pg,
- "validation_get_pkce",
- "SELECT "
- " client_secret"
- " ,address"
- " ,client_scope"
- " ,client_state"
- " ,COALESCE(client_redirect_uri,uri) AS redirect_uri"
- " ,code_challenge"
- " ,code_challenge_method"
- " FROM validations"
- " JOIN clients "
- " USING (client_serial_id)"
- " WHERE nonce=$1");
- return GNUNET_PQ_eval_prepared_singleton_select (pg->conn,
- "validation_get_pkce",
- params,
- rs);
-}
diff --git a/src/challengerdb/pg_validation_get_pkce.h b/src/challengerdb/pg_validation_get_pkce.h
@@ -1,60 +0,0 @@
-/*
- This file is part of Challenger
- Copyright (C) 2023 Taler Systems SA
-
- Challenger is free software; you can redistribute it and/or modify it under the
- terms of the GNU General Public License as published by the Free Software
- Foundation; either version 3, or (at your option) any later version.
-
- Challenger is distributed in the hope that it will be useful, but WITHOUT ANY
- WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
- A PARTICULAR PURPOSE. See the GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License along with
- Challenger; see the file COPYING. If not, see <http://www.gnu.org/licenses/>
- */
-/**
- * @file challengerdb/pg_validation_get_pkce.h
- * @brief implementation of the validation_get_pkce function for Postgres
- * @author Bohdan Potuzhnyi
- * @author Vlada Svirsh
- */
-#ifndef PG_VALIDATION_GET_PKCE_H
-#define PG_VALIDATION_GET_PKCE_H
-
-#include <taler/taler_util.h>
-#include <taler/taler_json_lib.h>
-#include "challenger_database_plugin.h"
-
-
-/**
- * Return validation details. Used by ``/solve``, ``/auth`` and
- * ``/info`` endpoints to authorize and return validated user
- * address to the client.
- *
- * @param cls
- * @param nonce unique nonce to use to identify the validation
- * @param[out] client_secret set to secret of client (for client that setup the challenge)
- * @param[out] address set to client-provided address
- * @param[out] client_scope set to OAuth2 scope
- * @param[out] client_state set to client state
- * @param[out] client_redirect_uri set to client redirect URL
- * @param[out] code_challenge set to PKCE code challenge
- * @param[out] code_challenge_method set to PKCE code challenge method enum
- * @return transaction status:
- * #GNUNET_DB_STATUS_SUCCESS_ONE_RESULT if the nonce was found
- * #GNUNET_DB_STATUS_SUCCESS_NO_RESULTS if we do not know the nonce
- * #GNUNET_DB_STATUS_HARD_ERROR on failure
- */
-enum GNUNET_DB_QueryStatus
-CH_PG_validation_get_pkce (void *cls,
- const struct CHALLENGER_ValidationNonceP *nonce,
- char **client_secret,
- json_t **address,
- char **client_scope,
- char **client_state,
- char **client_redirect_uri,
- char **code_challenge,
- uint32_t *code_challenge_method);
-
-#endif
diff --git a/src/challengerdb/plugin_challengerdb_postgres.c b/src/challengerdb/plugin_challengerdb_postgres.c
@@ -1,449 +0,0 @@
-/*
- This file is part of Challenger
- (C) 2023 Taler Systems SA
-
- Challenger is free software; you can redistribute it and/or modify it under the
- terms of the GNU Lesser General Public License as published by the Free Software
- Foundation; either version 3, or (at your option) any later version.
-
- Challenger is distributed in the hope that it will be useful, but WITHOUT ANY
- WARRANTY; without even the implied warranty of ANASTASISABILITY or FITNESS FOR
- A PARTICULAR PURPOSE. See the GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License along with
- Challenger; see the file COPYING. If not, see <http://www.gnu.org/licenses/>
-*/
-/**
- * @file challengerdb/plugin_challengerdb_postgres.c
- * @brief database helper functions for postgres used by challenger
- * @author Christian Grothoff
- */
-#include "platform.h"
-#include <gnunet/gnunet_util_lib.h>
-#include <gnunet/gnunet_db_lib.h>
-#include <gnunet/gnunet_pq_lib.h>
-#include <taler/taler_pq_lib.h>
-#include "challenger_database_plugin.h"
-#include "challenger_database_lib.h"
-#include "pg_helper.h"
-#include "pg_address_get.h"
-#include "pg_client_add.h"
-#include "pg_client_modify.h"
-#include "pg_client_delete.h"
-#include "pg_info_get_token.h"
-#include "pg_token_add_token.h"
-#include "pg_client_check.h"
-#include "pg_setup_nonce.h"
-#include "pg_authorize_start.h"
-#include "pg_challenge_set_address_and_pin.h"
-#include "pg_validate_solve_pin.h"
-#include "pg_validation_get.h"
-#include "pg_validation_get_pkce.h"
-
-/**
- * Drop challenger tables
- *
- * @param cls closure our `struct Plugin`
- * @return #GNUNET_OK upon success; #GNUNET_SYSERR upon failure
- */
-static enum GNUNET_GenericReturnValue
-postgres_drop_tables (void *cls)
-{
- struct PostgresClosure *pg = cls;
- struct GNUNET_PQ_Context *conn;
- enum GNUNET_GenericReturnValue ret;
-
- if (NULL != pg->conn)
- {
- GNUNET_PQ_disconnect (pg->conn);
- pg->conn = NULL;
- }
- conn = GNUNET_PQ_connect_with_cfg (pg->cfg,
- "challengerdb-postgres",
- NULL,
- NULL,
- NULL);
- if (NULL == conn)
- return GNUNET_SYSERR;
- ret = GNUNET_PQ_exec_sql (conn,
- "drop");
- GNUNET_PQ_disconnect (conn);
- return ret;
-}
-
-
-/**
- * Roll back the current transaction of a database connection.
- *
- * @param cls the `struct PostgresClosure` with the plugin-specific state
- */
-static void
-postgres_rollback (void *cls)
-{
- struct PostgresClosure *pg = cls;
- struct GNUNET_PQ_ExecuteStatement es[] = {
- GNUNET_PQ_make_execute ("ROLLBACK"),
- GNUNET_PQ_EXECUTE_STATEMENT_END
- };
-
- if (GNUNET_OK !=
- GNUNET_PQ_exec_statements (pg->conn,
- es))
- {
- TALER_LOG_ERROR ("Failed to rollback transaction\n");
- GNUNET_break (0);
- }
- pg->transaction_name = NULL;
-}
-
-
-/**
- * Connect to the database if the connection does not exist yet.
- *
- * @param pg the plugin-specific state
- * @return #GNUNET_OK on success
- */
-static enum GNUNET_GenericReturnValue
-internal_setup (struct PostgresClosure *pg)
-{
- if (NULL == pg->conn)
- {
-#if AUTO_EXPLAIN
- /* Enable verbose logging to see where queries do not
- properly use indices */
- struct GNUNET_PQ_ExecuteStatement es[] = {
- GNUNET_PQ_make_try_execute ("LOAD 'auto_explain';"),
- GNUNET_PQ_make_try_execute ("SET auto_explain.log_min_duration=50;"),
- GNUNET_PQ_make_try_execute ("SET auto_explain.log_timing=TRUE;"),
- GNUNET_PQ_make_try_execute ("SET auto_explain.log_analyze=TRUE;"),
- /* https://wiki.postgresql.org/wiki/Serializable suggests to really
- force the default to 'serializable' if SSI is to be used. */
- GNUNET_PQ_make_try_execute (
- "SET SESSION CHARACTERISTICS AS TRANSACTION ISOLATION LEVEL SERIALIZABLE;"),
- GNUNET_PQ_make_execute ("SET search_path TO challenger;"),
- GNUNET_PQ_EXECUTE_STATEMENT_END
- };
-#else
- struct GNUNET_PQ_ExecuteStatement es[] = {
- GNUNET_PQ_make_execute ("SET search_path TO challenger;"),
- GNUNET_PQ_EXECUTE_STATEMENT_END
- };
-#endif
- struct GNUNET_PQ_Context *db_conn;
-
- db_conn = GNUNET_PQ_connect_with_cfg2 (pg->cfg,
- "challengerdb-postgres",
- "challenger-",
- es,
- NULL,
- GNUNET_PQ_FLAG_CHECK_CURRENT);
- if (NULL == db_conn)
- return GNUNET_SYSERR;
- pg->conn = db_conn;
- pg->prep_gen++;
- }
- if (NULL == pg->transaction_name)
- GNUNET_PQ_reconnect_if_down (pg->conn);
- return GNUNET_OK;
-}
-
-
-/**
- * Do a pre-flight check that we are not in an uncommitted transaction.
- * If we are, try to commit the previous transaction and output a warning.
- * Does not return anything, as we will continue regardless of the outcome.
- *
- * @param cls the `struct PostgresClosure` with the plugin-specific state
- * @return #GNUNET_OK if everything is fine
- * #GNUNET_NO if a transaction was rolled back
- * #GNUNET_SYSERR on hard errors
- */
-static enum GNUNET_GenericReturnValue
-postgres_preflight (void *cls)
-{
- struct PostgresClosure *pg = cls;
- struct GNUNET_PQ_ExecuteStatement es[] = {
- GNUNET_PQ_make_execute ("ROLLBACK"),
- GNUNET_PQ_EXECUTE_STATEMENT_END
- };
-
- if (NULL == pg->conn)
- {
- if (GNUNET_OK !=
- internal_setup (pg))
- {
- GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
- "Failed to ensure DB is initialized\n");
- return GNUNET_SYSERR;
- }
- }
- GNUNET_PQ_reconnect_if_down (pg->conn);
- if (NULL == pg->transaction_name)
- return GNUNET_OK; /* all good */
- if (GNUNET_OK ==
- GNUNET_PQ_exec_statements (pg->conn,
- es))
- {
- GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
- "BUG: Preflight check rolled back transaction `%s'!\n",
- pg->transaction_name);
- }
- else
- {
- GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
- "BUG: Preflight check failed to rollback transaction `%s'!\n",
- pg->transaction_name);
- }
- pg->transaction_name = NULL;
- return GNUNET_NO;
-}
-
-
-/**
- * Check that the database connection is still up.
- *
- * @param cls a `struct PostgresClosure` with connection to check
- */
-void
-CH_PG_check_connection (void *cls)
-{
- struct PostgresClosure *pg = cls;
-
- GNUNET_PQ_reconnect_if_down (pg->conn);
-}
-
-
-/**
- * Start a transaction.
- *
- * @param cls the `struct PostgresClosure` with the plugin-specific state
- * @param name unique name identifying the transaction (for debugging),
- * must point to a constant
- * @return #GNUNET_OK on success
- */
-static enum GNUNET_GenericReturnValue
-postgres_begin_transaction (void *cls,
- const char *name)
-{
- struct PostgresClosure *pg = cls;
- struct GNUNET_PQ_ExecuteStatement es[] = {
- GNUNET_PQ_make_execute ("START TRANSACTION ISOLATION LEVEL SERIALIZABLE"),
- GNUNET_PQ_EXECUTE_STATEMENT_END
- };
-
- CH_PG_check_connection (pg);
- postgres_preflight (pg);
- pg->transaction_name = name;
- if (GNUNET_OK !=
- GNUNET_PQ_exec_statements (pg->conn,
- es))
- {
- TALER_LOG_ERROR ("Failed to start transaction\n");
- GNUNET_break (0);
- return GNUNET_SYSERR;
- }
- return GNUNET_OK;
-}
-
-
-/**
- * Commit the current transaction of a database connection.
- *
- * @param cls the `struct PostgresClosure` with the plugin-specific state
- * @return transaction status code
- */
-static enum GNUNET_DB_QueryStatus
-postgres_commit_transaction (void *cls)
-{
- struct PostgresClosure *pg = cls;
- enum GNUNET_DB_QueryStatus qs;
- struct GNUNET_PQ_QueryParam no_params[] = {
- GNUNET_PQ_query_param_end
- };
-
- PREPARE (pg,
- "do_commit",
- "COMMIT");
- qs = GNUNET_PQ_eval_prepared_non_select (pg->conn,
- "do_commit",
- no_params);
- pg->transaction_name = NULL;
- return qs;
-}
-
-
-/**
- * Function called to perform "garbage collection" on the
- * database, expiring records we no longer require.
- *
- * @param cls closure
- * @param expire older than the given time stamp should be garbage collected
- * @return transaction status
- */
-static enum GNUNET_DB_QueryStatus
-postgres_gc (void *cls,
- struct GNUNET_TIME_Absolute expire)
-{
- struct PostgresClosure *pg = cls;
- struct GNUNET_PQ_QueryParam params[] = {
- GNUNET_PQ_query_param_absolute_time (&expire),
- GNUNET_PQ_query_param_end
- };
- enum GNUNET_DB_QueryStatus qs;
-
- CH_PG_check_connection (pg);
- PREPARE (pg,
- "gc_validations",
- "DELETE FROM validations"
- " WHERE expiration_time < $1;");
- PREPARE (pg,
- "gc_tokens",
- "DELETE FROM tokens"
- " WHERE token_expiration_time < $1;");
- postgres_preflight (pg);
- qs = GNUNET_PQ_eval_prepared_non_select (pg->conn,
- "gc_validations",
- params);
- if (qs < 0)
- return qs;
- return GNUNET_PQ_eval_prepared_non_select (pg->conn,
- "gc_tokens",
- params);
-}
-
-
-/**
- * Initialize tables.
- *
- * @param cls the `struct PostgresClosure` with the plugin-specific state
- * @return #GNUNET_OK upon success; #GNUNET_SYSERR upon failure
- */
-static enum GNUNET_GenericReturnValue
-postgres_create_tables (void *cls)
-{
- struct PostgresClosure *pc = cls;
- struct GNUNET_PQ_Context *conn;
- struct GNUNET_PQ_ExecuteStatement es[] = {
- GNUNET_PQ_make_execute ("SET search_path TO challenger;"),
- GNUNET_PQ_EXECUTE_STATEMENT_END
- };
- enum GNUNET_GenericReturnValue ret;
-
- conn = GNUNET_PQ_connect_with_cfg (pc->cfg,
- "challengerdb-postgres",
- "challenger-",
- es,
- NULL);
- if (NULL == conn)
- return GNUNET_SYSERR;
- ret = GNUNET_PQ_exec_sql (conn,
- "procedures");
- GNUNET_PQ_disconnect (conn);
- return ret;
-}
-
-
-/**
- * Initialize Postgres database subsystem.
- *
- * @param cls a configuration instance
- * @return NULL on error, otherwise a `struct TALER_CHALLENGERDB_Plugin`
- */
-void *
-libchallenger_plugin_db_postgres_init (void *cls);
-
-/* Declaration to suppress compiler warning */
-void *
-libchallenger_plugin_db_postgres_init (void *cls)
-{
- struct GNUNET_CONFIGURATION_Handle *cfg = cls;
- struct PostgresClosure *pg;
- struct CHALLENGER_DatabasePlugin *plugin;
-
- pg = GNUNET_new (struct PostgresClosure);
- pg->cfg = cfg;
- if (GNUNET_OK !=
- GNUNET_CONFIGURATION_get_value_filename (cfg,
- "challengerdb-postgres",
- "SQL_DIR",
- &pg->sql_dir))
- {
- GNUNET_log_config_missing (GNUNET_ERROR_TYPE_ERROR,
- "challengerdb-postgres",
- "SQL_DIR");
- GNUNET_free (pg);
- return NULL;
- }
- plugin = GNUNET_new (struct CHALLENGER_DatabasePlugin);
- plugin->cls = pg;
- plugin->create_tables
- = &postgres_create_tables;
- plugin->drop_tables
- = &postgres_drop_tables;
- plugin->preflight
- = &postgres_preflight;
- plugin->gc
- = &postgres_gc;
- plugin->begin_transaction
- = &postgres_begin_transaction;
- plugin->commit_transaction
- = &postgres_commit_transaction;
- plugin->rollback
- = &postgres_rollback;
- plugin->address_get
- = &CH_PG_address_get;
- plugin->client_add
- = &CH_PG_client_add;
- plugin->client_modify
- = &CH_PG_client_modify;
- plugin->client_delete
- = &CH_PG_client_delete;
- plugin->client_check
- = &CH_PG_client_check;
- plugin->client_check2
- = &CH_PG_client_check2;
- plugin->setup_nonce
- = &CH_PG_setup_nonce;
- plugin->authorize_start
- = &CH_PG_authorize_start;
- plugin->challenge_set_address_and_pin
- = &CH_PG_challenge_set_address_and_pin;
- plugin->validate_solve_pin
- = &CH_PG_validate_solve_pin;
- plugin->validation_get
- = &CH_PG_validation_get;
- plugin->validation_get_pkce
- = &CH_PG_validation_get_pkce;
- plugin->info_get_token
- = &CH_PG_info_get_token;
- plugin->token_add_token
- = &CH_PG_token_add_token;
- return plugin;
-}
-
-
-/**
- * Shutdown Postgres database subsystem.
- *
- * @param cls a `struct CHALLENGER_DB_Plugin`
- * @return NULL (always)
- */
-void *
-libchallenger_plugin_db_postgres_done (void *cls);
-
-/* Declaration to suppress compiler warning */
-void *
-libchallenger_plugin_db_postgres_done (void *cls)
-{
- struct CHALLENGER_DatabasePlugin *plugin = cls;
- struct PostgresClosure *pg = plugin->cls;
-
- GNUNET_PQ_disconnect (pg->conn);
- GNUNET_free (pg->sql_dir);
- GNUNET_free (pg);
- GNUNET_free (plugin);
- return NULL;
-}
-
-
-/* end of plugin_challengerdb_postgres.c */
diff --git a/src/challengerdb/preflight.c b/src/challengerdb/preflight.c
@@ -0,0 +1,109 @@
+/*
+ This file is part of Challenger
+ Copyright (C) 2023 Taler Systems SA
+
+ Challenger is free software; you can redistribute it and/or modify it under the
+ terms of the GNU General Public License as published by the Free Software
+ Foundation; either version 3, or (at your option) any later version.
+
+ Challenger is distributed in the hope that it will be useful, but WITHOUT ANY
+ WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
+ A PARTICULAR PURPOSE. See the GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along with
+ Challenger; see the file COPYING. If not, see <http://www.gnu.org/licenses/>
+ */
+/**
+ * @file src/challengerdb/preflight.c
+ * @brief Implementation of the preflight function for Postgres
+ * @author Christian Grothoff
+ */
+#include "platform.h"
+#include <taler/taler_pq_lib.h>
+#include "challenger-database/preflight.h"
+#include "pg_helper.h"
+
+
+static enum GNUNET_GenericReturnValue
+internal_setup (struct CHALLENGERDB_PostgresContext *pg)
+{
+ if (NULL == pg->conn)
+ {
+#if AUTO_EXPLAIN
+ /* Enable verbose logging to see where queries do not
+ properly use indices */
+ struct GNUNET_PQ_ExecuteStatement es[] = {
+ GNUNET_PQ_make_try_execute ("LOAD 'auto_explain';"),
+ GNUNET_PQ_make_try_execute ("SET auto_explain.log_min_duration=50;"),
+ GNUNET_PQ_make_try_execute ("SET auto_explain.log_timing=TRUE;"),
+ GNUNET_PQ_make_try_execute ("SET auto_explain.log_analyze=TRUE;"),
+ /* https://wiki.postgresql.org/wiki/Serializable suggests to really
+ force the default to 'serializable' if SSI is to be used. */
+ GNUNET_PQ_make_try_execute (
+ "SET SESSION CHARACTERISTICS AS TRANSACTION ISOLATION LEVEL SERIALIZABLE;"),
+ GNUNET_PQ_make_execute ("SET search_path TO challenger;"),
+ GNUNET_PQ_EXECUTE_STATEMENT_END
+ };
+#else
+ struct GNUNET_PQ_ExecuteStatement es[] = {
+ GNUNET_PQ_make_execute ("SET search_path TO challenger;"),
+ GNUNET_PQ_EXECUTE_STATEMENT_END
+ };
+#endif
+ struct GNUNET_PQ_Context *db_conn;
+
+ db_conn = GNUNET_PQ_connect_with_cfg2 (pg->cfg,
+ "challengerdb-postgres",
+ "challenger-",
+ es,
+ NULL,
+ GNUNET_PQ_FLAG_CHECK_CURRENT);
+ if (NULL == db_conn)
+ return GNUNET_SYSERR;
+ pg->conn = db_conn;
+ pg->prep_gen++;
+ }
+ if (NULL == pg->transaction_name)
+ GNUNET_PQ_reconnect_if_down (pg->conn);
+ return GNUNET_OK;
+}
+
+
+enum GNUNET_GenericReturnValue
+CHALLENGERDB_preflight (struct CHALLENGERDB_PostgresContext *pg)
+{
+ struct GNUNET_PQ_ExecuteStatement es[] = {
+ GNUNET_PQ_make_execute ("ROLLBACK"),
+ GNUNET_PQ_EXECUTE_STATEMENT_END
+ };
+
+ if (NULL == pg->conn)
+ {
+ if (GNUNET_OK !=
+ internal_setup (pg))
+ {
+ GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+ "Failed to ensure DB is initialized\n");
+ return GNUNET_SYSERR;
+ }
+ }
+ GNUNET_PQ_reconnect_if_down (pg->conn);
+ if (NULL == pg->transaction_name)
+ return GNUNET_OK; /* all good */
+ if (GNUNET_OK ==
+ GNUNET_PQ_exec_statements (pg->conn,
+ es))
+ {
+ GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+ "BUG: Preflight check rolled back transaction `%s'!\n",
+ pg->transaction_name);
+ }
+ else
+ {
+ GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+ "BUG: Preflight check failed to rollback transaction `%s'!\n",
+ pg->transaction_name);
+ }
+ pg->transaction_name = NULL;
+ return GNUNET_NO;
+}
diff --git a/src/challengerdb/setup_nonce.c b/src/challengerdb/setup_nonce.c
@@ -0,0 +1,60 @@
+/*
+ This file is part of Challenger
+ Copyright (C) 2023 Taler Systems SA
+
+ Challenger is free software; you can redistribute it and/or modify it under the
+ terms of the GNU General Public License as published by the Free Software
+ Foundation; either version 3, or (at your option) any later version.
+
+ Challenger is distributed in the hope that it will be useful, but WITHOUT ANY
+ WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
+ A PARTICULAR PURPOSE. See the GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along with
+ Challenger; see the file COPYING. If not, see <http://www.gnu.org/licenses/>
+ */
+/**
+ * @file src/challengerdb/setup_nonce.c
+ * @brief Implementation of the validation_setup function for Postgres
+ * @author Christian Grothoff
+ */
+#include "platform.h"
+#include <taler/taler_error_codes.h>
+#include <taler/taler_dbevents.h>
+#include <taler/taler_pq_lib.h>
+#include "setup_nonce.h"
+#include "pg_helper.h"
+
+
+enum GNUNET_DB_QueryStatus
+CHALLENGERDB_setup_nonce (struct CHALLENGERDB_PostgresContext *ctx,
+ uint64_t client_id,
+ const struct CHALLENGER_ValidationNonceP *nonce,
+ struct GNUNET_TIME_Absolute expiration_time,
+ const json_t *initial_address)
+{
+ struct GNUNET_PQ_QueryParam params[] = {
+ GNUNET_PQ_query_param_uint64 (&client_id),
+ GNUNET_PQ_query_param_auto_from_type (nonce),
+ GNUNET_PQ_query_param_absolute_time (&expiration_time),
+ NULL == initial_address
+ ? GNUNET_PQ_query_param_null ()
+ : TALER_PQ_query_param_json (initial_address),
+ GNUNET_PQ_query_param_end
+ };
+
+ PREPARE (ctx,
+ "setup_nonce",
+ "INSERT INTO validations"
+ " (client_serial_id"
+ " ,nonce"
+ " ,expiration_time"
+ " ,client_redirect_uri"
+ " ,address"
+ ") SELECT $1, $2, $3, uri, $4"
+ " FROM CLIENTS"
+ " WHERE client_serial_id=$1;");
+ return GNUNET_PQ_eval_prepared_non_select (ctx->conn,
+ "setup_nonce",
+ params);
+}
diff --git a/src/challengerdb/template.c b/src/challengerdb/template.c
@@ -0,0 +1,26 @@
+/*
+ This file is part of Challenger
+ Copyright (C) 2023 Taler Systems SA
+
+ Challenger is free software; you can redistribute it and/or modify it under the
+ terms of the GNU General Public License as published by the Free Software
+ Foundation; either version 3, or (at your option) any later version.
+
+ Challenger is distributed in the hope that it will be useful, but WITHOUT ANY
+ WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
+ A PARTICULAR PURPOSE. See the GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along with
+ Challenger; see the file COPYING. If not, see <http://www.gnu.org/licenses/>
+ */
+/**
+ * @file src/challengerdb/template.c
+ * @brief Implementation of the template function for Postgres
+ * @author Christian Grothoff
+ */
+#include "platform.h"
+#include <taler/taler_error_codes.h>
+#include <taler/taler_dbevents.h>
+#include <taler/taler_pq_lib.h>
+#include "template.h"
+#include "pg_helper.h"
diff --git a/src/challengerdb/test_challenger_db.c b/src/challengerdb/test_challenger_db.c
@@ -21,8 +21,11 @@
#include "platform.h"
#include <gnunet/gnunet_util_lib.h>
#include <taler/taler_util.h>
-#include "challenger_database_plugin.h"
#include "challenger_database_lib.h"
+#include "challenger-database/drop_tables.h"
+#include "challenger-database/create_tables.h"
+#include "challenger-database/preflight.h"
+#include "challenger-database/gc.h"
#include "challenger_util.h"
@@ -44,9 +47,9 @@
static int result;
/**
- * Handle to the plugin we are testing.
+ * Handle to the database we are testing.
*/
-static struct CHALLENGER_DatabasePlugin *plugin;
+static struct CHALLENGERDB_PostgresContext *pg;
/**
@@ -59,39 +62,39 @@ run (void *cls)
{
struct GNUNET_CONFIGURATION_Handle *cfg = cls;
- if (NULL == (plugin = CHALLENGER_DB_plugin_load (cfg,
- true)))
+ if (NULL == (pg = CHALLENGERDB_connect (cfg,
+ true)))
{
result = 77;
return;
}
if (GNUNET_OK !=
- plugin->drop_tables (plugin->cls))
+ CHALLENGERDB_drop_tables (pg))
{
GNUNET_log (GNUNET_ERROR_TYPE_INFO,
"Dropping tables failed\n");
}
if (GNUNET_OK !=
- plugin->create_tables (plugin->cls))
+ CHALLENGERDB_create_tables (pg))
{
GNUNET_log (GNUNET_ERROR_TYPE_INFO,
"Creating tables failed\n");
}
GNUNET_assert (GNUNET_OK ==
- plugin->preflight (plugin->cls));
+ CHALLENGERDB_preflight (pg));
{
struct GNUNET_TIME_Absolute ts = GNUNET_TIME_absolute_get ();
FAILIF (0 >
- plugin->gc (plugin->cls,
- ts));
+ CHALLENGERDB_gc (pg,
+ ts));
}
result = 0;
drop:
GNUNET_break (GNUNET_OK ==
- plugin->drop_tables (plugin->cls));
- CHALLENGER_DB_plugin_unload (plugin);
- plugin = NULL;
+ CHALLENGERDB_drop_tables (pg));
+ CHALLENGERDB_disconnect (pg);
+ pg = NULL;
}
@@ -99,42 +102,23 @@ int
main (int argc,
char *const argv[])
{
- const char *plugin_name;
- char *config_filename;
- char *testname;
struct GNUNET_CONFIGURATION_Handle *cfg;
(void) argc;
result = EXIT_FAILURE;
- if (NULL == (plugin_name = strrchr (argv[0], (int) '-')))
- {
- GNUNET_break (0);
- return EXIT_FAILURE;
- }
GNUNET_log_setup (argv[0],
"DEBUG",
NULL);
- plugin_name++;
- (void) GNUNET_asprintf (&testname,
- "%s",
- plugin_name);
- (void) GNUNET_asprintf (&config_filename,
- "test_challenger_db_%s.conf",
- testname);
cfg = GNUNET_CONFIGURATION_create (CHALLENGER_project_data ());
if (GNUNET_OK !=
GNUNET_CONFIGURATION_parse (cfg,
- config_filename))
+ "test_challenger_db_postgres.conf"))
{
GNUNET_break (0);
- GNUNET_free (config_filename);
- GNUNET_free (testname);
return EXIT_NOTCONFIGURED;
}
GNUNET_SCHEDULER_run (&run, cfg);
GNUNET_CONFIGURATION_destroy (cfg);
- GNUNET_free (config_filename);
- GNUNET_free (testname);
return result;
}
diff --git a/src/challengerdb/token_add_token.c b/src/challengerdb/token_add_token.c
@@ -0,0 +1,60 @@
+/*
+ This file is part of Challenger
+ Copyright (C) 2023 Taler Systems SA
+
+ Challenger is free software; you can redistribute it and/or modify it under the
+ terms of the GNU General Public License as published by the Free Software
+ Foundation; either version 3, or (at your option) any later version.
+
+ Challenger is distributed in the hope that it will be useful, but WITHOUT ANY
+ WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
+ A PARTICULAR PURPOSE. See the GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along with
+ Challenger; see the file COPYING. If not, see <http://www.gnu.org/licenses/>
+ */
+/**
+ * @file src/challengerdb/token_add_token.c
+ * @brief Implementation of the token_add_token function for Postgres
+ * @author Christian Grothoff
+ */
+#include "platform.h"
+#include <taler/taler_error_codes.h>
+#include <taler/taler_dbevents.h>
+#include <taler/taler_pq_lib.h>
+#include "token_add_token.h"
+#include "pg_helper.h"
+
+
+enum GNUNET_DB_QueryStatus
+CHALLENGERDB_token_add_token (struct CHALLENGERDB_PostgresContext *ctx,
+ const struct CHALLENGER_ValidationNonceP *nonce,
+ const struct CHALLENGER_AccessTokenP *token,
+ struct GNUNET_TIME_Relative token_expiration,
+ struct GNUNET_TIME_Relative address_expiration)
+{
+ struct GNUNET_TIME_Absolute ge
+ = GNUNET_TIME_relative_to_absolute (token_expiration);
+ struct GNUNET_PQ_QueryParam params[] = {
+ GNUNET_PQ_query_param_auto_from_type (nonce),
+ GNUNET_PQ_query_param_auto_from_type (token),
+ GNUNET_PQ_query_param_absolute_time (&ge),
+ GNUNET_PQ_query_param_relative_time (&address_expiration),
+ GNUNET_PQ_query_param_end
+ };
+
+ PREPARE (ctx,
+ "token_add_token",
+ "INSERT INTO tokens"
+ " (access_token"
+ " ,address"
+ " ,token_expiration_time"
+ " ,address_expiration_time"
+ ") SELECT"
+ " $2, address, $3, $4 + last_tx_time"
+ " FROM validations"
+ " WHERE nonce=$1;");
+ return GNUNET_PQ_eval_prepared_non_select (ctx->conn,
+ "token_add_token",
+ params);
+}
diff --git a/src/challengerdb/validate_login_address.c b/src/challengerdb/validate_login_address.c
@@ -0,0 +1,83 @@
+/*
+ This file is part of Challenger
+ Copyright (C) 2023 Taler Systems SA
+
+ Challenger is free software; you can redistribute it and/or modify it under the
+ terms of the GNU General Public License as published by the Free Software
+ Foundation; either version 3, or (at your option) any later version.
+
+ Challenger is distributed in the hope that it will be useful, but WITHOUT ANY
+ WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
+ A PARTICULAR PURPOSE. See the GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along with
+ Challenger; see the file COPYING. If not, see <http://www.gnu.org/licenses/>
+ */
+/**
+ * @file src/challengerdb/validate_login_address.c
+ * @brief Implementation of the validate_login_address function for Postgres
+ * @author Christian Grothoff
+ */
+#include "platform.h"
+#include <taler/taler_error_codes.h>
+#include <taler/taler_dbevents.h>
+#include <taler/taler_pq_lib.h>
+#include "validate_login_address.h"
+#include "pg_helper.h"
+
+
+enum GNUNET_DB_QueryStatus
+CHALLENGERDB_validate_login_address (struct CHALLENGERDB_PostgresContext *ctx,
+ const struct CHALLENGER_ValidationNonceP *nonce,
+ const char *address,
+ const char *client_scope,
+ const char *client_state,
+ const char *client_redirect_uri,
+ struct GNUNET_TIME_Absolute *last_tx_time,
+ uint32_t *last_pin,
+ uint32_t *pin_attempts_left)
+{
+ struct GNUNET_PQ_QueryParam params[] = {
+ GNUNET_PQ_query_param_auto_from_type (nonce),
+ GNUNET_PQ_query_param_string (address),
+ GNUNET_PQ_query_param_string (client_scope),
+ GNUNET_PQ_query_param_string (client_state),
+ NULL != client_redirect_uri
+ ? GNUNET_PQ_query_param_string (client_redirect_uri)
+ : GNUNET_PQ_query_param_null (),
+ GNUNET_PQ_query_param_end
+ };
+ struct GNUNET_PQ_ResultSpec rs[] = {
+ GNUNET_PQ_result_spec_absolute_time ("last_tx_time",
+ last_tx_time),
+ GNUNET_PQ_result_spec_uint32 ("last_pin",
+ last_pin),
+ GNUNET_PQ_result_spec_uint32 ("pin_attempts_left",
+ pin_attempts_left),
+ GNUNET_PQ_result_spec_end
+ };
+
+ PREPARE (ctx,
+ "validate_set_address",
+ "UPDATE validations SET"
+ " address_attempts_left=CASE"
+ " WHEN address != $2"
+ " THEN address_attempts_left - 1"
+ " ELSE address_attempts_left"
+ " END"
+ " ,address=$2"
+ " ,client_scope=$3"
+ " ,client_state=$4"
+ " ,client_redirect_uri=$5"
+ " WHERE nonce=$1"
+ " AND (address_attempts_left > 0"
+ " OR address == $2)"
+ " RETURNING"
+ " last_tx_time"
+ " ,last_pin"
+ " ,pin_attempts_left;");
+ return GNUNET_PQ_eval_prepared_singleton_select (ctx->conn,
+ "validate_set_address",
+ params,
+ rs);
+}
diff --git a/src/challengerdb/validate_login_pin.c b/src/challengerdb/validate_login_pin.c
@@ -0,0 +1,56 @@
+/*
+ This file is part of Challenger
+ Copyright (C) 2023 Taler Systems SA
+
+ Challenger is free software; you can redistribute it and/or modify it under the
+ terms of the GNU General Public License as published by the Free Software
+ Foundation; either version 3, or (at your option) any later version.
+
+ Challenger is distributed in the hope that it will be useful, but WITHOUT ANY
+ WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
+ A PARTICULAR PURPOSE. See the GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along with
+ Challenger; see the file COPYING. If not, see <http://www.gnu.org/licenses/>
+ */
+/**
+ * @file src/challengerdb/validate_login_pin.c
+ * @brief Implementation of the validate_login_pin function for Postgres
+ * @author Christian Grothoff
+ */
+#include "platform.h"
+#include <taler/taler_error_codes.h>
+#include <taler/taler_dbevents.h>
+#include <taler/taler_pq_lib.h>
+#include "validate_login_pin.h"
+#include "pg_helper.h"
+
+
+enum GNUNET_DB_QueryStatus
+CHALLENGERDB_validate_login_pin (struct CHALLENGERDB_PostgresContext *ctx,
+ const struct CHALLENGER_ValidationNonceP *nonce,
+ struct GNUNET_TIME_Absolute tx_time,
+ uint32_t new_pin,
+ uint32_t auth_attempts_allowed)
+{
+ struct GNUNET_PQ_QueryParam params[] = {
+ GNUNET_PQ_query_param_auto_from_type (nonce),
+ GNUNET_PQ_query_param_absolute_time (&tx_time),
+ GNUNET_PQ_query_param_uint32 (&new_pin),
+ GNUNET_PQ_query_param_uint32 (&auth_attempts_allowed),
+ GNUNET_PQ_query_param_end
+ };
+
+ PREPARE (ctx,
+ "validate_login_set_pin",
+ "UPDATE validations SET"
+ " last_tx_time=$2"
+ " ,last_pin=$3"
+ " ,auth_attempts_left=$4"
+ " ,pin_attempts_left=pin_attempts_left - 1"
+ " WHERE nonce=$1"
+ " AND pin_attempts_left > 0;");
+ return GNUNET_PQ_eval_prepared_non_select (ctx->conn,
+ "validate_login_set_pin",
+ params);
+}
diff --git a/src/challengerdb/validate_solve_pin.c b/src/challengerdb/validate_solve_pin.c
@@ -0,0 +1,99 @@
+/*
+ This file is part of Challenger
+ Copyright (C) 2023 Taler Systems SA
+
+ Challenger is free software; you can redistribute it and/or modify it under the
+ terms of the GNU General Public License as published by the Free Software
+ Foundation; either version 3, or (at your option) any later version.
+
+ Challenger is distributed in the hope that it will be useful, but WITHOUT ANY
+ WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
+ A PARTICULAR PURPOSE. See the GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along with
+ Challenger; see the file COPYING. If not, see <http://www.gnu.org/licenses/>
+ */
+/**
+ * @file src/challengerdb/validate_solve_pin.c
+ * @brief Implementation of the validate_solve_pin function for Postgres
+ * @author Christian Grothoff
+ */
+#include "platform.h"
+#include <taler/taler_error_codes.h>
+#include <taler/taler_dbevents.h>
+#include <taler/taler_pq_lib.h>
+#include "validate_solve_pin.h"
+#include "pg_helper.h"
+
+
+enum GNUNET_DB_QueryStatus
+CHALLENGERDB_validate_solve_pin (struct CHALLENGERDB_PostgresContext *ctx,
+ const struct CHALLENGER_ValidationNonceP *nonce,
+ uint32_t new_pin,
+ bool *solved,
+ bool *exhausted,
+ bool *no_challenge,
+ char **state,
+ uint32_t *addr_left,
+ uint32_t *auth_attempts_left,
+ uint32_t *pin_transmissions_left,
+ char **client_redirect_uri)
+{
+ struct GNUNET_PQ_QueryParam params[] = {
+ GNUNET_PQ_query_param_auto_from_type (nonce),
+ GNUNET_PQ_query_param_uint32 (&new_pin),
+ GNUNET_PQ_query_param_end
+ };
+ bool not_found;
+ struct GNUNET_PQ_ResultSpec rs[] = {
+ GNUNET_PQ_result_spec_bool ("not_found",
+ ¬_found),
+ GNUNET_PQ_result_spec_bool ("solved",
+ solved),
+ GNUNET_PQ_result_spec_bool ("exhausted",
+ exhausted),
+ GNUNET_PQ_result_spec_bool ("no_challenge",
+ no_challenge),
+ GNUNET_PQ_result_spec_uint32 ("address_attempts_left",
+ addr_left),
+ GNUNET_PQ_result_spec_uint32 ("auth_attempts_left",
+ auth_attempts_left),
+ GNUNET_PQ_result_spec_uint32 ("pin_transmissions_left",
+ pin_transmissions_left),
+ GNUNET_PQ_result_spec_allow_null (
+ GNUNET_PQ_result_spec_string ("client_redirect_uri",
+ client_redirect_uri),
+ NULL),
+ GNUNET_PQ_result_spec_allow_null (
+ GNUNET_PQ_result_spec_string ("state",
+ state),
+ NULL),
+ GNUNET_PQ_result_spec_end
+ };
+ enum GNUNET_DB_QueryStatus qs;
+
+ *client_redirect_uri = NULL;
+ PREPARE (ctx,
+ "do_validate_solve_pin",
+ "SELECT "
+ " out_not_found AS not_found"
+ ",out_solved AS solved"
+ ",out_exhausted AS exhausted"
+ ",out_no_challenge AS no_challenge"
+ ",out_state AS state"
+ ",out_address_attempts_left AS address_attempts_left"
+ ",out_auth_attempts_left AS auth_attempts_left"
+ ",out_pin_transmissions_left AS pin_transmissions_left"
+ ",out_client_redirect_uri AS client_redirect_uri"
+ " FROM challenger_do_validate_and_solve_pin"
+ " ($1,$2);");
+ qs = GNUNET_PQ_eval_prepared_singleton_select (ctx->conn,
+ "do_validate_solve_pin",
+ params,
+ rs);
+ if (qs <= 0)
+ return qs;
+ if (not_found)
+ return GNUNET_DB_STATUS_SUCCESS_NO_RESULTS;
+ return qs;
+}
diff --git a/src/challengerdb/validation_get.c b/src/challengerdb/validation_get.c
@@ -0,0 +1,80 @@
+/*
+ This file is part of Challenger
+ Copyright (C) 2023 Taler Systems SA
+
+ Challenger is free software; you can redistribute it and/or modify it under the
+ terms of the GNU General Public License as published by the Free Software
+ Foundation; either version 3, or (at your option) any later version.
+
+ Challenger is distributed in the hope that it will be useful, but WITHOUT ANY
+ WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
+ A PARTICULAR PURPOSE. See the GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along with
+ Challenger; see the file COPYING. If not, see <http://www.gnu.org/licenses/>
+ */
+/**
+ * @file src/challengerdb/validation_get.c
+ * @brief Implementation of the validation_get function for Postgres
+ * @author Christian Grothoff
+ */
+#include "platform.h"
+#include <taler/taler_error_codes.h>
+#include <taler/taler_dbevents.h>
+#include <taler/taler_pq_lib.h>
+#include "validation_get.h"
+#include "pg_helper.h"
+
+enum GNUNET_DB_QueryStatus
+CHALLENGERDB_validation_get (struct CHALLENGERDB_PostgresContext *ctx,
+ const struct CHALLENGER_ValidationNonceP *nonce,
+ char **client_secret,
+ json_t **address,
+ char **client_scope,
+ char **client_state,
+ char **client_redirect_uri)
+{
+ struct GNUNET_PQ_QueryParam params[] = {
+ GNUNET_PQ_query_param_auto_from_type (nonce),
+ GNUNET_PQ_query_param_end
+ };
+ struct GNUNET_PQ_ResultSpec rs[] = {
+ GNUNET_PQ_result_spec_string ("client_secret",
+ client_secret),
+ GNUNET_PQ_result_spec_allow_null (
+ TALER_PQ_result_spec_json ("address",
+ address),
+ NULL),
+ GNUNET_PQ_result_spec_allow_null (
+ GNUNET_PQ_result_spec_string ("client_scope",
+ client_scope),
+ NULL),
+ GNUNET_PQ_result_spec_allow_null (
+ GNUNET_PQ_result_spec_string ("client_state",
+ client_state),
+ NULL),
+ GNUNET_PQ_result_spec_string ("redirect_uri",
+ client_redirect_uri),
+ GNUNET_PQ_result_spec_end
+ };
+
+ *client_scope = NULL;
+ *client_state = NULL;
+ *address = NULL;
+ PREPARE (ctx,
+ "validation_get",
+ "SELECT "
+ " client_secret"
+ " ,address"
+ " ,client_scope"
+ " ,client_state"
+ " ,COALESCE(client_redirect_uri,uri) AS redirect_uri"
+ " FROM validations"
+ " JOIN clients "
+ " USING (client_serial_id)"
+ " WHERE nonce=$1");
+ return GNUNET_PQ_eval_prepared_singleton_select (ctx->conn,
+ "validation_get",
+ params,
+ rs);
+}
diff --git a/src/challengerdb/validation_get_pkce.c b/src/challengerdb/validation_get_pkce.c
@@ -0,0 +1,93 @@
+/*
+ This file is part of Challenger
+ Copyright (C) 2023 Taler Systems SA
+
+ Challenger is free software; you can redistribute it and/or modify it under the
+ terms of the GNU General Public License as published by the Free Software
+ Foundation; either version 3, or (at your option) any later version.
+
+ Challenger is distributed in the hope that it will be useful, but WITHOUT ANY
+ WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
+ A PARTICULAR PURPOSE. See the GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along with
+ Challenger; see the file COPYING. If not, see <http://www.gnu.org/licenses/>
+ */
+/**
+ * @file src/challengerdb/validation_get_pkce.c
+ * @brief Implementation of the validation_get_pkce function for Postgres
+ * @author Bohdan Potuzhnyi
+ * @author Vlada Svirsh
+ */
+#include "platform.h"
+#include <taler/taler_error_codes.h>
+#include <taler/taler_dbevents.h>
+#include <taler/taler_pq_lib.h>
+#include "validation_get_pkce.h"
+#include "pg_helper.h"
+
+enum GNUNET_DB_QueryStatus
+CHALLENGERDB_validation_get_pkce (struct CHALLENGERDB_PostgresContext *ctx,
+ const struct CHALLENGER_ValidationNonceP *nonce,
+ char **client_secret,
+ json_t **address,
+ char **client_scope,
+ char **client_state,
+ char **client_redirect_uri,
+ char **code_challenge,
+ uint32_t *code_challenge_method)
+{
+ struct GNUNET_PQ_QueryParam params[] = {
+ GNUNET_PQ_query_param_auto_from_type (nonce),
+ GNUNET_PQ_query_param_end
+ };
+ struct GNUNET_PQ_ResultSpec rs[] = {
+ GNUNET_PQ_result_spec_string ("client_secret",
+ client_secret),
+ GNUNET_PQ_result_spec_allow_null (
+ TALER_PQ_result_spec_json ("address",
+ address),
+ NULL),
+ GNUNET_PQ_result_spec_allow_null (
+ GNUNET_PQ_result_spec_string ("client_scope",
+ client_scope),
+ NULL),
+ GNUNET_PQ_result_spec_allow_null (
+ GNUNET_PQ_result_spec_string ("client_state",
+ client_state),
+ NULL),
+ GNUNET_PQ_result_spec_string ("redirect_uri",
+ client_redirect_uri),
+ GNUNET_PQ_result_spec_allow_null (
+ GNUNET_PQ_result_spec_string ("code_challenge",
+ code_challenge),
+ NULL),
+ GNUNET_PQ_result_spec_allow_null (
+ GNUNET_PQ_result_spec_uint32 ("code_challenge_method",
+ code_challenge_method),
+ NULL),
+ GNUNET_PQ_result_spec_end
+ };
+
+ *client_scope = NULL;
+ *client_state = NULL;
+ *address = NULL;
+ PREPARE (ctx,
+ "validation_get_pkce",
+ "SELECT "
+ " client_secret"
+ " ,address"
+ " ,client_scope"
+ " ,client_state"
+ " ,COALESCE(client_redirect_uri,uri) AS redirect_uri"
+ " ,code_challenge"
+ " ,code_challenge_method"
+ " FROM validations"
+ " JOIN clients "
+ " USING (client_serial_id)"
+ " WHERE nonce=$1");
+ return GNUNET_PQ_eval_prepared_singleton_select (ctx->conn,
+ "validation_get_pkce",
+ params,
+ rs);
+}
diff --git a/src/include/Makefile.am b/src/include/Makefile.am
@@ -1,10 +1,23 @@
# This Makefile.am is in the public domain
-EXTRA_DIST = \
- platform.h
challengerincludedir = $(includedir)/challenger
challengerinclude_HEADERS = \
- challenger_util.h \
+ challenger_util.h
+
+EXTRA_DIST = \
+ platform.h \
challenger_database_lib.h \
- challenger_database_plugin.h
+ challenger-database/address_get.h \
+ challenger-database/authorize_start.h \
+ challenger-database/challenge_set_address_and_pin.h \
+ challenger-database/client_add.h \
+ challenger-database/client_check.h \
+ challenger-database/client_delete.h \
+ challenger-database/client_modify.h \
+ challenger-database/info_get_token.h \
+ challenger-database/setup_nonce.h \
+ challenger-database/token_add_token.h \
+ challenger-database/validate_solve_pin.h \
+ challenger-database/validation_get.h \
+ challenger-database/validation_get_pkce.h
diff --git a/src/include/challenger-database/address_get.h b/src/include/challenger-database/address_get.h
@@ -0,0 +1,46 @@
+/*
+ This file is part of Challenger
+ Copyright (C) 2025 Taler Systems SA
+
+ Challenger is free software; you can redistribute it and/or modify it under the
+ terms of the GNU General Public License as published by the Free Software
+ Foundation; either version 3, or (at your option) any later version.
+
+ Challenger is distributed in the hope that it will be useful, but WITHOUT ANY
+ WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
+ A PARTICULAR PURPOSE. See the GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along with
+ Challenger; see the file COPYING. If not, see <http://www.gnu.org/licenses/>
+ */
+/**
+ * @file src/include/challenger-database/address_get.h
+ * @brief implementation of the address_get function for Postgres
+ * @author Christian Grothoff
+ */
+#ifndef CHALLENGER_DATABASE_ADDRESS_GET_H
+#define CHALLENGER_DATABASE_ADDRESS_GET_H
+
+#include <taler/taler_util.h>
+#include <taler/taler_json_lib.h>
+#include "challenger_util.h"
+#include "challenger_database_lib.h"
+
+
+/**
+ * Return address details.
+ *
+ * @param cls
+ * @param nonce unique nonce to use to identify the validation
+ * @param[out] address set to client-provided address (or to NULL)
+ * @return transaction status:
+ * #GNUNET_DB_STATUS_SUCCESS_ONE_RESULT if the nonce was found
+ * #GNUNET_DB_STATUS_SUCCESS_NO_RESULTS if we do not know the nonce
+ * #GNUNET_DB_STATUS_HARD_ERROR on failure
+ */
+enum GNUNET_DB_QueryStatus
+CHALLENGERDB_address_get (struct CHALLENGERDB_PostgresContext *ctx,
+ const struct CHALLENGER_ValidationNonceP *nonce,
+ json_t **address);
+
+#endif
diff --git a/src/include/challenger-database/authorize_start.h b/src/include/challenger-database/authorize_start.h
@@ -0,0 +1,75 @@
+/*
+ This file is part of Challenger
+ Copyright (C) 2023 Taler Systems SA
+
+ Challenger is free software; you can redistribute it and/or modify it under the
+ terms of the GNU General Public License as published by the Free Software
+ Foundation; either version 3, or (at your option) any later version.
+
+ Challenger is distributed in the hope that it will be useful, but WITHOUT ANY
+ WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
+ A PARTICULAR PURPOSE. See the GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along with
+ Challenger; see the file COPYING. If not, see <http://www.gnu.org/licenses/>
+ */
+/**
+ * @file src/include/challenger-database/authorize_start.h
+ * @brief implementation of the authorize_start function for Postgres
+ * @author Christian Grothoff
+ * @author Bohdan Potuzhnyi
+ * @author Vlada Svirsh
+ */
+#ifndef CHALLENGER_DATABASE_AUTHORIZE_START_H
+#define CHALLENGER_DATABASE_AUTHORIZE_START_H
+
+#include <taler/taler_util.h>
+#include <taler/taler_json_lib.h>
+#include "challenger_util.h"
+#include "challenger_database_lib.h"
+
+
+/**
+ * Set the user-provided address in a validation process. Updates
+ * the address and decrements the "addresses left" counter. If the
+ * address did not change, the operation is successful even without
+ * the counter change.
+ *
+ * @param cls
+ * @param nonce unique nonce to use to identify the validation
+ * @param client_id client that initiated the validation
+ * @param client_scope scope of the validation
+ * @param client_state state of the client
+ * @param client_redirect_uri where to redirect at the end, NULL to use a unique one registered for the client
+ * @param code_challenge PKCE code challenge
+ * @param code_challenge_method PKCE code challenge method enum
+ * @param[out] last_address set to the last address used
+ * @param[out] address_attempts_left set to number of address changing attempts left for this address
+ * @param[out] pin_transmissions_left set to number of times the PIN can still be re-requested
+ * @param[out] auth_attempts_left set to number of authentication attempts remaining
+ * @param[out] solved set to true if the challenge is already solved
+ * @param[out] last_tx_time set to the last time when we (presumably) send a PIN to @a last_address; 0 if never sent
+ * @return transaction status:
+ * #GNUNET_DB_STATUS_SUCCESS_ONE_RESULT if the address was changed
+ * #GNUNET_DB_STATUS_SUCCESS_NO_RESULTS if we do not permit further changes to the address (attempts exhausted)
+ * #GNUNET_DB_STATUS_HARD_ERROR on failure
+ */
+enum GNUNET_DB_QueryStatus
+CHALLENGERDB_authorize_start (
+ struct CHALLENGERDB_PostgresContext *ctx,
+ const struct CHALLENGER_ValidationNonceP *nonce,
+ uint64_t client_id,
+ const char *client_scope,
+ const char *client_state,
+ const char *client_redirect_uri,
+ const char *code_challenge,
+ uint32_t code_challenge_method,
+ json_t **last_address,
+ uint32_t *address_attempts_left,
+ uint32_t *pin_transmissions_left,
+ uint32_t *auth_attempts_left,
+ bool *solved,
+ struct GNUNET_TIME_Absolute *last_tx_time);
+
+
+#endif
diff --git a/src/include/challenger-database/challenge_set_address_and_pin.h b/src/include/challenger-database/challenge_set_address_and_pin.h
@@ -0,0 +1,68 @@
+/*
+ This file is part of Challenger
+ Copyright (C) 2023 Taler Systems SA
+
+ Challenger is free software; you can redistribute it and/or modify it under the
+ terms of the GNU General Public License as published by the Free Software
+ Foundation; either version 3, or (at your option) any later version.
+
+ Challenger is distributed in the hope that it will be useful, but WITHOUT ANY
+ WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
+ A PARTICULAR PURPOSE. See the GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along with
+ Challenger; see the file COPYING. If not, see <http://www.gnu.org/licenses/>
+ */
+/**
+ * @file src/include/challenger-database/challenge_set_address_and_pin.h
+ * @brief implementation of the challenge_set_address_and_pin function for Postgres
+ * @author Christian Grothoff
+ */
+#ifndef CHALLENGER_DATABASE_CHALLENGE_SET_ADDRESS_AND_PIN_H
+#define CHALLENGER_DATABASE_CHALLENGE_SET_ADDRESS_AND_PIN_H
+
+#include <taler/taler_util.h>
+#include <taler/taler_json_lib.h>
+#include "challenger_util.h"
+#include "challenger_database_lib.h"
+
+
+/**
+ * Set the user-provided address in a validation process. Updates
+ * the address and decrements the "addresses left" counter. If the
+ * address did not change, the operation is successful even without
+ * the counter change.
+ *
+ * @param cls
+ * @param nonce unique nonce to use to identify the validation
+ * @param address the new address to validate
+ * @param validation_duration minimum time between transmissions
+ * @param[in,out] tan set to the PIN/TAN last send to @a address, input should be random PIN/TAN to use if address did not change
+ * @param[out] state set to client's OAuth2 state if available
+ * @param[out] last_tx_time set to the last time when we (presumably) send a PIN to @a address, input should be current time to use if the existing value for tx_time is past @a next_tx_time
+ * @param[out] pin_transmit set to true if we should transmit the @a last_pin to the @a address
+ * @param[out] auth_attempts_left set to number of attempts the user has left on this pin
+ * @param[out] client_redirect_uri redirection URI of the client (for reporting failures)
+ * @param[out] address_refused set to true if the address was refused (address change attempts exhausted)
+ * @param[out] solved set to true if the challenge is already solved
+ * @return transaction status:
+ * #GNUNET_DB_STATUS_SUCCESS_ONE_RESULT if the address was changed
+ * #GNUNET_DB_STATUS_SUCCESS_NO_RESULTS if we do not permit further changes to the address (attempts exhausted)
+ * #GNUNET_DB_STATUS_HARD_ERROR on failure
+ */
+enum GNUNET_DB_QueryStatus
+CHALLENGERDB_challenge_set_address_and_pin (
+ struct CHALLENGERDB_PostgresContext *ctx,
+ const struct CHALLENGER_ValidationNonceP *nonce,
+ const json_t *address,
+ struct GNUNET_TIME_Relative validation_duration,
+ uint32_t *tan,
+ char **state,
+ struct GNUNET_TIME_Absolute *last_tx_time,
+ uint32_t *auth_attempts_left,
+ bool *pin_transmit,
+ char **client_redirect_uri,
+ bool *address_refused,
+ bool *solved);
+
+#endif
diff --git a/src/include/challenger-database/client_add.h b/src/include/challenger-database/client_add.h
@@ -0,0 +1,44 @@
+/*
+ This file is part of Challenger
+ Copyright (C) 2023 Taler Systems SA
+
+ Challenger is free software; you can redistribute it and/or modify it under the
+ terms of the GNU General Public License as published by the Free Software
+ Foundation; either version 3, or (at your option) any later version.
+
+ Challenger is distributed in the hope that it will be useful, but WITHOUT ANY
+ WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
+ A PARTICULAR PURPOSE. See the GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along with
+ Challenger; see the file COPYING. If not, see <http://www.gnu.org/licenses/>
+ */
+/**
+ * @file src/include/challenger-database/client_add.h
+ * @brief implementation of the client_add function for Postgres
+ * @author Christian Grothoff
+ */
+#ifndef CHALLENGER_DATABASE_CLIENT_ADD_H
+#define CHALLENGER_DATABASE_CLIENT_ADD_H
+
+#include <taler/taler_util.h>
+#include <taler/taler_json_lib.h>
+
+struct CHALLENGERDB_PostgresContext;
+/**
+ * Add client to the list of authorized clients.
+ *
+ * @param cls
+ * @param client_url URL of the client
+ * @param client_secret authorization secret for the client
+ * @param[out] client_id set to the client ID on success
+ * @return transaction status
+ */
+enum GNUNET_DB_QueryStatus
+CHALLENGERDB_client_add (struct CHALLENGERDB_PostgresContext *ctx,
+ const char *client_url,
+ const char *client_secret,
+ uint64_t *client_id);
+
+
+#endif
diff --git a/src/include/challenger-database/client_check.h b/src/include/challenger-database/client_check.h
@@ -0,0 +1,67 @@
+/*
+ This file is part of Challenger
+ Copyright (C) 2023 Taler Systems SA
+
+ Challenger is free software; you can redistribute it and/or modify it under the
+ terms of the GNU General Public License as published by the Free Software
+ Foundation; either version 3, or (at your option) any later version.
+
+ Challenger is distributed in the hope that it will be useful, but WITHOUT ANY
+ WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
+ A PARTICULAR PURPOSE. See the GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along with
+ Challenger; see the file COPYING. If not, see <http://www.gnu.org/licenses/>
+ */
+/**
+ * @file src/include/challenger-database/client_check.h
+ * @brief implementation of the client_check function for Postgres
+ * @author Christian Grothoff
+ */
+#ifndef CHALLENGER_DATABASE_CLIENT_CHECK_H
+#define CHALLENGER_DATABASE_CLIENT_CHECK_H
+
+#include <taler/taler_util.h>
+#include <taler/taler_json_lib.h>
+#include "challenger_util.h"
+#include "challenger_database_lib.h"
+
+
+/**
+ * Check if a client is in the list of authorized clients. If @a
+ * counter_increment is non-zero, the validation counter of the
+ * client is incremented by the given value if the client was found.
+ *
+ * @param cls
+ * @param client_id unique row of the client
+ * @param client_secret secret of the client
+ * @param counter_increment change in validation counter
+ * @param[out] client_url set to URL of the client (if any)
+ * @return transaction status
+ */
+enum GNUNET_DB_QueryStatus
+CHALLENGERDB_client_check (
+ struct CHALLENGERDB_PostgresContext *ctx,
+ uint64_t client_id,
+ const char *client_secret,
+ uint32_t counter_increment,
+ char **client_url);
+
+
+/**
+ * Check if a client is in the list of authorized clients.
+ *
+ * @param cls
+ * @param client_url client redirect URL (if known)
+ * @param client_secret secret of the client
+ * @param[out] set to client_id ID of the client if found
+ * @return transaction status
+ */
+enum GNUNET_DB_QueryStatus
+CHALLENGERDB_client_check2 (
+ struct CHALLENGERDB_PostgresContext *ctx,
+ const char *client_url,
+ const char *client_secret,
+ uint64_t *client_id);
+
+#endif
diff --git a/src/include/challenger-database/client_delete.h b/src/include/challenger-database/client_delete.h
@@ -0,0 +1,39 @@
+/*
+ This file is part of Challenger
+ Copyright (C) 2023 Taler Systems SA
+
+ Challenger is free software; you can redistribute it and/or modify it under the
+ terms of the GNU General Public License as published by the Free Software
+ Foundation; either version 3, or (at your option) any later version.
+
+ Challenger is distributed in the hope that it will be useful, but WITHOUT ANY
+ WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
+ A PARTICULAR PURPOSE. See the GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along with
+ Challenger; see the file COPYING. If not, see <http://www.gnu.org/licenses/>
+ */
+/**
+ * @file src/include/challenger-database/client_delete.h
+ * @brief implementation of the client_delete function for Postgres
+ * @author Christian Grothoff
+ */
+#ifndef CHALLENGER_DATABASE_CLIENT_DELETE_H
+#define CHALLENGER_DATABASE_CLIENT_DELETE_H
+
+#include <taler/taler_util.h>
+#include <taler/taler_json_lib.h>
+
+struct CHALLENGERDB_PostgresContext;
+/**
+ * Delete client from the list of authorized clients.
+ *
+ * @param cls
+ * @param client_url URL of the client
+ * @return transaction status
+ */
+enum GNUNET_DB_QueryStatus
+CHALLENGERDB_client_delete (struct CHALLENGERDB_PostgresContext *ctx,
+ const char *client_url);
+
+#endif
diff --git a/src/include/challenger-database/client_modify.h b/src/include/challenger-database/client_modify.h
@@ -0,0 +1,44 @@
+/*
+ This file is part of Challenger
+ Copyright (C) 2024 Taler Systems SA
+
+ Challenger is free software; you can redistribute it and/or modify it under the
+ terms of the GNU General Public License as published by the Free Software
+ Foundation; either version 3, or (at your option) any later version.
+
+ Challenger is distributed in the hope that it will be useful, but WITHOUT ANY
+ WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
+ A PARTICULAR PURPOSE. See the GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along with
+ Challenger; see the file COPYING. If not, see <http://www.gnu.org/licenses/>
+ */
+/**
+ * @file src/include/challenger-database/client_modify.h
+ * @brief implementation of the client_modify function for Postgres
+ * @author Christian Grothoff
+ */
+#ifndef CHALLENGER_DATABASE_CLIENT_MODIFY_H
+#define CHALLENGER_DATABASE_CLIENT_MODIFY_H
+
+#include <taler/taler_util.h>
+#include <taler/taler_json_lib.h>
+
+struct CHALLENGERDB_PostgresContext;
+/**
+ * Modify client to the list of authorized clients.
+ *
+ * @param cls
+ * @param client_id the client ID on success
+ * @param client_url URL of the client
+ * @param client_secret authorization secret for the client, NULL to not modify the secret
+ * @return transaction status
+ */
+enum GNUNET_DB_QueryStatus
+CHALLENGERDB_client_modify (struct CHALLENGERDB_PostgresContext *ctx,
+ uint64_t client_id,
+ const char *client_url,
+ const char *client_secret);
+
+
+#endif
diff --git a/src/include/challenger-database/create_tables.h b/src/include/challenger-database/create_tables.h
@@ -0,0 +1,36 @@
+/*
+ This file is part of Challenger
+ Copyright (C) 2023 Taler Systems SA
+
+ Challenger is free software; you can redistribute it and/or modify it under the
+ terms of the GNU General Public License as published by the Free Software
+ Foundation; either version 3, or (at your option) any later version.
+
+ Challenger is distributed in the hope that it will be useful, but WITHOUT ANY
+ WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
+ A PARTICULAR PURPOSE. See the GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along with
+ Challenger; see the file COPYING. If not, see <http://www.gnu.org/licenses/>
+ */
+/**
+ * @file src/include/challenger-database/create_tables.h
+ * @brief implementation of the create_tables function for Postgres
+ * @author Christian Grothoff
+ */
+#ifndef CHALLENGER_DATABASE_CREATE_TABLES_H
+#define CHALLENGER_DATABASE_CREATE_TABLES_H
+
+#include <gnunet/gnunet_util_lib.h>
+#include "challenger_database_lib.h"
+
+/**
+ * Create the necessary tables if they are not present
+ *
+ * @param cls the @e cls of this struct with the plugin-specific state
+ * @return #GNUNET_OK upon success; #GNUNET_SYSERR upon failure
+ */
+enum GNUNET_GenericReturnValue
+CHALLENGERDB_create_tables (struct CHALLENGERDB_PostgresContext *pc);
+
+#endif
diff --git a/src/include/challenger-database/drop_tables.h b/src/include/challenger-database/drop_tables.h
@@ -0,0 +1,36 @@
+/*
+ This file is part of Challenger
+ Copyright (C) 2023 Taler Systems SA
+
+ Challenger is free software; you can redistribute it and/or modify it under the
+ terms of the GNU General Public License as published by the Free Software
+ Foundation; either version 3, or (at your option) any later version.
+
+ Challenger is distributed in the hope that it will be useful, but WITHOUT ANY
+ WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
+ A PARTICULAR PURPOSE. See the GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along with
+ Challenger; see the file COPYING. If not, see <http://www.gnu.org/licenses/>
+ */
+/**
+ * @file src/include/challenger-database/drop_tables.h
+ * @brief implementation of the drop_Tables function for Postgres
+ * @author Christian Grothoff
+ */
+#ifndef CHALLENGER_DATABASE_DROP_TABLES_H
+#define CHALLENGER_DATABASE_DROP_TABLES_H
+
+#include <gnunet/gnunet_util_lib.h>
+#include "challenger_database_lib.h"
+
+/**
+ * Drop challenger tables. Used for testcases.
+ *
+ * @param cls closure
+ * @return #GNUNET_OK upon success; #GNUNET_SYSERR upon failure
+ */
+enum GNUNET_GenericReturnValue
+CHALLENGERDB_drop_tables (struct CHALLENGERDB_PostgresContext *pg);
+
+#endif
diff --git a/src/include/challenger-database/gc.h b/src/include/challenger-database/gc.h
@@ -0,0 +1,40 @@
+/*
+ This file is part of Challenger
+ Copyright (C) 2023 Taler Systems SA
+
+ Challenger is free software; you can redistribute it and/or modify it under the
+ terms of the GNU General Public License as published by the Free Software
+ Foundation; either version 3, or (at your option) any later version.
+
+ Challenger is distributed in the hope that it will be useful, but WITHOUT ANY
+ WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
+ A PARTICULAR PURPOSE. See the GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along with
+ Challenger; see the file COPYING. If not, see <http://www.gnu.org/licenses/>
+ */
+/**
+ * @file src/include/challenger-database/gc.h
+ * @brief implementation of the gc function for Postgres
+ * @author Christian Grothoff
+ */
+#ifndef CHALLENGER_DATABASE_GC_H
+#define CHALLENGER_DATABASE_GC_H
+
+#include <gnunet/gnunet_util_lib.h>
+#include <gnunet/gnunet_db_lib.h>
+#include "challenger_database_lib.h"
+
+/**
+ * Function called to perform "garbage collection" on the
+ * database, expiring records we no longer require.
+ *
+ * @param cls closure
+ * @param expire expiration time to use
+ * @return transaction status
+ */
+enum GNUNET_DB_QueryStatus
+CHALLENGERDB_gc (struct CHALLENGERDB_PostgresContext *pg,
+ struct GNUNET_TIME_Absolute expire);
+
+#endif
diff --git a/src/include/challenger-database/info_get_token.h b/src/include/challenger-database/info_get_token.h
@@ -0,0 +1,48 @@
+/*
+ This file is part of Challenger
+ Copyright (C) 2023 Taler Systems SA
+
+ Challenger is free software; you can redistribute it and/or modify it under the
+ terms of the GNU General Public License as published by the Free Software
+ Foundation; either version 3, or (at your option) any later version.
+
+ Challenger is distributed in the hope that it will be useful, but WITHOUT ANY
+ WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
+ A PARTICULAR PURPOSE. See the GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along with
+ Challenger; see the file COPYING. If not, see <http://www.gnu.org/licenses/>
+ */
+/**
+ * @file src/include/challenger-database/info_get_token.h
+ * @brief implementation of the info_get_token function for Postgres
+ * @author Christian Grothoff
+ */
+#ifndef CHALLENGER_DATABASE_INFO_GET_TOKEN_H
+#define CHALLENGER_DATABASE_INFO_GET_TOKEN_H
+
+#include <taler/taler_util.h>
+#include <jansson.h>
+#include "challenger_util.h"
+#include "challenger_database_lib.h"
+
+
+/**
+ * Return @a address which @a grant gives access to.
+ *
+ * @param cls closure
+ * @param grant grant token that grants access
+ * @param[out] rowid account identifier within challenger
+ * @param[out] address set to the address under @a grant
+ * @param[out] address_expiration set to how long we consider @a address to be valid
+ * @return transaction status
+ */
+enum GNUNET_DB_QueryStatus
+CHALLENGERDB_info_get_token (struct CHALLENGERDB_PostgresContext *ctx,
+ const struct CHALLENGER_AccessTokenP *grant,
+ uint64_t *rowid,
+ json_t **address,
+ struct GNUNET_TIME_Timestamp *address_expiration);
+
+
+#endif
diff --git a/src/include/challenger-database/preflight.h b/src/include/challenger-database/preflight.h
@@ -0,0 +1,40 @@
+/*
+ This file is part of Challenger
+ Copyright (C) 2023 Taler Systems SA
+
+ Challenger is free software; you can redistribute it and/or modify it under the
+ terms of the GNU General Public License as published by the Free Software
+ Foundation; either version 3, or (at your option) any later version.
+
+ Challenger is distributed in the hope that it will be useful, but WITHOUT ANY
+ WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
+ A PARTICULAR PURPOSE. See the GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along with
+ Challenger; see the file COPYING. If not, see <http://www.gnu.org/licenses/>
+ */
+/**
+ * @file src/include/challenger-database/preflight.h
+ * @brief implementation of the preflight function for Postgres
+ * @author Christian Grothoff
+ */
+#ifndef CHALLENGER_DATABASE_PREFLIGHT_H
+#define CHALLENGER_DATABASE_PREFLIGHT_H
+
+#include "challenger_database_lib.h"
+
+
+/**
+ * Do a pre-flight check that we are not in an uncommitted transaction.
+ * If we are, try to commit the previous transaction and output a warning.
+ * Does not return anything, as we will continue regardless of the outcome.
+ *
+ * @param cls the `struct PostgresClosure` with the plugin-specific state
+ * @return #GNUNET_OK if everything is fine
+ * #GNUNET_NO if a transaction was rolled back
+ * #GNUNET_SYSERR on hard errors
+ */
+enum GNUNET_GenericReturnValue
+CHALLENGERDB_preflight (struct CHALLENGERDB_PostgresContext *pg);
+
+#endif
diff --git a/src/include/challenger-database/setup_nonce.h b/src/include/challenger-database/setup_nonce.h
@@ -0,0 +1,51 @@
+/*
+ This file is part of Challenger
+ Copyright (C) 2023 Taler Systems SA
+
+ Challenger is free software; you can redistribute it and/or modify it under the
+ terms of the GNU General Public License as published by the Free Software
+ Foundation; either version 3, or (at your option) any later version.
+
+ Challenger is distributed in the hope that it will be useful, but WITHOUT ANY
+ WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
+ A PARTICULAR PURPOSE. See the GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along with
+ Challenger; see the file COPYING. If not, see <http://www.gnu.org/licenses/>
+ */
+/**
+ * @file src/include/challenger-database/setup_nonce.h
+ * @brief implementation of the validation_setup function for Postgres
+ * @author Christian Grothoff
+ */
+#ifndef CHALLENGER_DATABASE_SETUP_NONCE_H
+#define CHALLENGER_DATABASE_SETUP_NONCE_H
+
+#include <taler/taler_util.h>
+#include <taler/taler_json_lib.h>
+#include "challenger_util.h"
+#include "challenger_database_lib.h"
+
+
+/**
+ * Start validation process by setting up a validation entry. Allows
+ * the respective user who learns the @a nonce to later begin the
+ * process.
+ *
+ * @param cls closure
+ * @param client_id ID of the client
+ * @param nonce unique nonce to use to identify the validation
+ * @param expiration_time when will the validation expire
+ * @param initial_address address the user should validate,
+ * NULL if the user should enter it themselves
+ * @return transaction status
+ */
+enum GNUNET_DB_QueryStatus
+CHALLENGERDB_setup_nonce (
+ struct CHALLENGERDB_PostgresContext *ctx,
+ uint64_t client_id,
+ const struct CHALLENGER_ValidationNonceP *nonce,
+ struct GNUNET_TIME_Absolute expiration_time,
+ const json_t *initial_address);
+
+#endif
diff --git a/src/include/challenger-database/template.h b/src/include/challenger-database/template.h
@@ -0,0 +1,28 @@
+/*
+ This file is part of Challenger
+ Copyright (C) 2023 Taler Systems SA
+
+ Challenger is free software; you can redistribute it and/or modify it under the
+ terms of the GNU General Public License as published by the Free Software
+ Foundation; either version 3, or (at your option) any later version.
+
+ Challenger is distributed in the hope that it will be useful, but WITHOUT ANY
+ WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
+ A PARTICULAR PURPOSE. See the GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along with
+ Challenger; see the file COPYING. If not, see <http://www.gnu.org/licenses/>
+ */
+/**
+ * @file src/include/challenger-database/template.h
+ * @brief implementation of the template function for Postgres
+ * @author Christian Grothoff
+ */
+#ifndef CHALLENGER_DATABASE_TEMPLATE_H
+#define CHALLENGER_DATABASE_TEMPLATE_H
+
+#include <taler/taler_util.h>
+#include <taler/taler_json_lib.h>
+
+struct CHALLENGERDB_PostgresContext;
+#endif
diff --git a/src/include/challenger-database/token_add_token.h b/src/include/challenger-database/token_add_token.h
@@ -0,0 +1,49 @@
+/*
+ This file is part of Challenger
+ Copyright (C) 2023 Taler Systems SA
+
+ Challenger is free software; you can redistribute it and/or modify it under the
+ terms of the GNU General Public License as published by the Free Software
+ Foundation; either version 3, or (at your option) any later version.
+
+ Challenger is distributed in the hope that it will be useful, but WITHOUT ANY
+ WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
+ A PARTICULAR PURPOSE. See the GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along with
+ Challenger; see the file COPYING. If not, see <http://www.gnu.org/licenses/>
+ */
+/**
+ * @file src/include/challenger-database/token_add_token.h
+ * @brief implementation of the token_add_token function for Postgres
+ * @author Christian Grothoff
+ */
+#ifndef CHALLENGER_DATABASE_TOKEN_ADD_TOKEN_H
+#define CHALLENGER_DATABASE_TOKEN_ADD_TOKEN_H
+
+#include <taler/taler_util.h>
+#include <taler/taler_json_lib.h>
+#include "challenger_util.h"
+#include "challenger_database_lib.h"
+
+
+/**
+ * Add access @a grant to address under @a nonce.
+ *
+ * @param cls closure
+ * @param nonce validation process to grant access to
+ * @param grant grant token that grants access
+ * @param grant_expiration for how long should the grant be valid
+ * @param address_expiration for how long after validation do we consider addresses to be valid
+ * @return transaction status
+ */
+enum GNUNET_DB_QueryStatus
+CHALLENGERDB_token_add_token (
+ struct CHALLENGERDB_PostgresContext *ctx,
+ const struct CHALLENGER_ValidationNonceP *nonce,
+ const struct CHALLENGER_AccessTokenP *grant,
+ struct GNUNET_TIME_Relative grant_expiration,
+ struct GNUNET_TIME_Relative address_expiration);
+
+
+#endif
diff --git a/src/include/challenger-database/validate_login_address.h b/src/include/challenger-database/validate_login_address.h
@@ -0,0 +1,60 @@
+/*
+ This file is part of Challenger
+ Copyright (C) 2023 Taler Systems SA
+
+ Challenger is free software; you can redistribute it and/or modify it under the
+ terms of the GNU General Public License as published by the Free Software
+ Foundation; either version 3, or (at your option) any later version.
+
+ Challenger is distributed in the hope that it will be useful, but WITHOUT ANY
+ WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
+ A PARTICULAR PURPOSE. See the GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along with
+ Challenger; see the file COPYING. If not, see <http://www.gnu.org/licenses/>
+ */
+/**
+ * @file src/include/challenger-database/validate_login_address.h
+ * @brief implementation of the validate_login_address function for Postgres
+ * @author Christian Grothoff
+ */
+#ifndef CHALLENGER_DATABASE_VALIDATE_LOGIN_ADDRESS_H
+#define CHALLENGER_DATABASE_VALIDATE_LOGIN_ADDRESS_H
+
+#include <taler/taler_util.h>
+#include <taler/taler_json_lib.h>
+
+struct CHALLENGERDB_PostgresContext;
+/**
+ * Set the user-provided address in a validation process. Updates
+ * the address and decrements the "addresses left" counter. If the
+ * address did not change, the operation is successful even without
+ * the counter change.
+ *
+ * @param cls
+ * @param nonce unique nonce to use to identify the validation
+ * @param address the new address to validate
+ * @param client_scope scope of the validation
+ * @param client_state state of the client
+ * @param client_redirect_uri where to redirect at the end, NULL to use a unique one registered for the client
+ * @param[out] last_tx_time set to the last time when we (presumably) send a PIN to @a address; 0 if never sent
+ * @param[out] last_pin set to the PIN last send to @a address, 0 if never sent
+ * @param[in,out] pin_attempts_left set to number of PIN transmission attempts left for this address; input is value to be used if address is new, output is possibly different if address was not new
+ * @return transaction status:
+ * #GNUNET_DB_STATUS_SUCCESS_ONE_RESULT if the address was changed
+ * #GNUNET_DB_STATUS_SUCCESS_NO_RESULTS if we do not permit further changes to the address (attempts exhausted)
+ * #GNUNET_DB_STATUS_HARD_ERROR on failure
+ */
+enum GNUNET_DB_QueryStatus
+CHALLENGERDB_validate_login_address (struct CHALLENGERDB_PostgresContext *ctx,
+ const struct CHALLENGER_ValidationNonceP *nonce,
+ const char *address,
+ const char *client_scope,
+ const char *client_state,
+ const char *client_redirect_uri,
+ struct GNUNET_TIME_Absolute *last_tx_time,
+ uint32_t *last_pin,
+ uint32_t *pin_attempts_left);
+
+
+#endif
diff --git a/src/include/challenger-database/validate_login_pin.h b/src/include/challenger-database/validate_login_pin.h
@@ -0,0 +1,49 @@
+/*
+ This file is part of Challenger
+ Copyright (C) 2023 Taler Systems SA
+
+ Challenger is free software; you can redistribute it and/or modify it under the
+ terms of the GNU General Public License as published by the Free Software
+ Foundation; either version 3, or (at your option) any later version.
+
+ Challenger is distributed in the hope that it will be useful, but WITHOUT ANY
+ WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
+ A PARTICULAR PURPOSE. See the GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along with
+ Challenger; see the file COPYING. If not, see <http://www.gnu.org/licenses/>
+ */
+/**
+ * @file src/include/challenger-database/validate_login_pin.h
+ * @brief implementation of the validate_login_pin function for Postgres
+ * @author Christian Grothoff
+ */
+#ifndef CHALLENGER_DATABASE_VALIDATE_LOGIN_PIN_H
+#define CHALLENGER_DATABASE_VALIDATE_LOGIN_PIN_H
+
+#include <taler/taler_util.h>
+#include <taler/taler_json_lib.h>
+
+struct CHALLENGERDB_PostgresContext;
+/**
+ * Store a new PIN to be used to validate an address.
+ *
+ * @param cls
+ * @param nonce unique nonce to use to identify the validation
+ * @param tx_time the current time
+ * @param new_pin the PIN we are sending
+ * @param auth_attempts_allowed how many attempts do we give to the user to enter the correct PIN
+ * @return transaction status:
+ * #GNUNET_DB_STATUS_SUCCESS_ONE_RESULT if the pin was stored
+ * #GNUNET_DB_STATUS_SUCCESS_NO_RESULTS if we do not know the @a nonce or if pin attempts left is zero
+ * #GNUNET_DB_STATUS_HARD_ERROR on failure
+ */
+enum GNUNET_DB_QueryStatus
+CHALLENGERDB_validate_login_pin (struct CHALLENGERDB_PostgresContext *ctx,
+ const struct CHALLENGER_ValidationNonceP *nonce,
+ struct GNUNET_TIME_Absolute tx_time,
+ uint32_t new_pin,
+ uint32_t auth_attempts_allowed);
+
+
+#endif
diff --git a/src/include/challenger-database/validate_solve_pin.h b/src/include/challenger-database/validate_solve_pin.h
@@ -0,0 +1,64 @@
+/*
+ This file is part of Challenger
+ Copyright (C) 2023 Taler Systems SA
+
+ Challenger is free software; you can redistribute it and/or modify it under the
+ terms of the GNU General Public License as published by the Free Software
+ Foundation; either version 3, or (at your option) any later version.
+
+ Challenger is distributed in the hope that it will be useful, but WITHOUT ANY
+ WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
+ A PARTICULAR PURPOSE. See the GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along with
+ Challenger; see the file COPYING. If not, see <http://www.gnu.org/licenses/>
+ */
+/**
+ * @file src/include/challenger-database/validate_solve_pin.h
+ * @brief implementation of the validate_solve_pin function for Postgres
+ * @author Christian Grothoff
+ */
+#ifndef CHALLENGER_DATABASE_VALIDATE_SOLVE_PIN_H
+#define CHALLENGER_DATABASE_VALIDATE_SOLVE_PIN_H
+
+#include <taler/taler_util.h>
+#include <taler/taler_json_lib.h>
+#include "challenger_util.h"
+#include "challenger_database_lib.h"
+
+
+/**
+ * Check PIN entered to validate an address.
+ *
+ * @param cls
+ * @param nonce unique nonce to use to identify the validation
+ * @param new_pin the PIN the user entered
+ * @param[out] solved set to true if the PIN was correct
+ * @param[out] exhausted set to true if the number of attempts to enter the correct PIN has been exhausted
+ * @param[out] no_challenge set to true if we never even issued a challenge
+ * @param[out] state set to client's OAuth2 state if available
+ * @param[out] addr_left set to number of address changes remaining
+ * @param[out] auth_attempts_left set to number of authentication attempts remaining
+ * @param[out] pin_transmissions_left set to number of times the PIN can still be re-requested
+ * @param[out] client_redirect_uri set to OAuth2 client redirect URI
+ * @return transaction status:
+ * #GNUNET_DB_STATUS_SUCCESS_ONE_RESULT if the nonce was found
+ * #GNUNET_DB_STATUS_SUCCESS_NO_RESULTS if we do not know the nonce
+ * #GNUNET_DB_STATUS_HARD_ERROR on failure
+ */
+enum GNUNET_DB_QueryStatus
+CHALLENGERDB_validate_solve_pin (
+ struct CHALLENGERDB_PostgresContext *ctx,
+ const struct CHALLENGER_ValidationNonceP *nonce,
+ uint32_t new_pin,
+ bool *solved,
+ bool *exhausted,
+ bool *no_challenge,
+ char **state,
+ uint32_t *addr_left,
+ uint32_t *auth_attempts_left,
+ uint32_t *pin_transmissions_left,
+ char **client_redirect_uri);
+
+
+#endif
diff --git a/src/include/challenger-database/validation_get.h b/src/include/challenger-database/validation_get.h
@@ -0,0 +1,57 @@
+/*
+ This file is part of Challenger
+ Copyright (C) 2023 Taler Systems SA
+
+ Challenger is free software; you can redistribute it and/or modify it under the
+ terms of the GNU General Public License as published by the Free Software
+ Foundation; either version 3, or (at your option) any later version.
+
+ Challenger is distributed in the hope that it will be useful, but WITHOUT ANY
+ WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
+ A PARTICULAR PURPOSE. See the GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along with
+ Challenger; see the file COPYING. If not, see <http://www.gnu.org/licenses/>
+ */
+/**
+ * @file src/include/challenger-database/validation_get.h
+ * @brief implementation of the validation_get function for Postgres
+ * @author Christian Grothoff
+ */
+#ifndef CHALLENGER_DATABASE_VALIDATION_GET_H
+#define CHALLENGER_DATABASE_VALIDATION_GET_H
+
+#include <taler/taler_util.h>
+#include <taler/taler_json_lib.h>
+#include "challenger_util.h"
+#include "challenger_database_lib.h"
+
+
+/**
+ * Return validation details. Used by ``/solve``, ``/auth`` and
+ * ``/info`` endpoints to authorize and return validated user
+ * address to the client.
+ *
+ * @param cls
+ * @param nonce unique nonce to use to identify the validation
+ * @param[out] client_secret set to secret of client (for client that setup the challenge)
+ * @param[out] address set to client-provided address
+ * @param[out] client_scope set to OAuth2 scope
+ * @param[out] client_state set to client state
+ * @param[out] client_redirect_uri set to client redirect URL
+ * @return transaction status:
+ * #GNUNET_DB_STATUS_SUCCESS_ONE_RESULT if the nonce was found
+ * #GNUNET_DB_STATUS_SUCCESS_NO_RESULTS if we do not know the nonce
+ * #GNUNET_DB_STATUS_HARD_ERROR on failure
+ */
+enum GNUNET_DB_QueryStatus
+CHALLENGERDB_validation_get (
+ struct CHALLENGERDB_PostgresContext *ctx,
+ const struct CHALLENGER_ValidationNonceP *nonce,
+ char **client_secret,
+ json_t **address,
+ char **client_scope,
+ char **client_state,
+ char **client_redirect_uri);
+
+#endif
diff --git a/src/include/challenger-database/validation_get_pkce.h b/src/include/challenger-database/validation_get_pkce.h
@@ -0,0 +1,62 @@
+/*
+ This file is part of Challenger
+ Copyright (C) 2023 Taler Systems SA
+
+ Challenger is free software; you can redistribute it and/or modify it under the
+ terms of the GNU General Public License as published by the Free Software
+ Foundation; either version 3, or (at your option) any later version.
+
+ Challenger is distributed in the hope that it will be useful, but WITHOUT ANY
+ WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
+ A PARTICULAR PURPOSE. See the GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along with
+ Challenger; see the file COPYING. If not, see <http://www.gnu.org/licenses/>
+ */
+/**
+ * @file src/include/challenger-database/validation_get_pkce.h
+ * @brief implementation of the validation_get_pkce function for Postgres
+ * @author Bohdan Potuzhnyi
+ * @author Vlada Svirsh
+ */
+#ifndef CHALLENGER_DATABASE_VALIDATION_GET_PKCE_H
+#define CHALLENGER_DATABASE_VALIDATION_GET_PKCE_H
+
+#include <taler/taler_util.h>
+#include <taler/taler_json_lib.h>
+#include "challenger_util.h"
+#include "challenger_database_lib.h"
+
+
+/**
+ * Return validation details. Used by ``/solve``, ``/auth`` and
+ * ``/info`` endpoints to authorize and return validated user
+ * address to the client.
+ *
+ * @param cls
+ * @param nonce unique nonce to use to identify the validation
+ * @param[out] client_secret set to secret of client (for client that setup the challenge)
+ * @param[out] address set to client-provided address
+ * @param[out] client_scope set to OAuth2 scope
+ * @param[out] client_state set to client state
+ * @param[out] client_redirect_uri set to client redirect URL
+ * @param[out] code_challenge set to PKCE code challenge
+ * @param[out] code_challenge_method set to PKCE code challenge method enum
+ * @return transaction status:
+ * #GNUNET_DB_STATUS_SUCCESS_ONE_RESULT if the nonce was found
+ * #GNUNET_DB_STATUS_SUCCESS_NO_RESULTS if we do not know the nonce
+ * #GNUNET_DB_STATUS_HARD_ERROR on failure
+ */
+enum GNUNET_DB_QueryStatus
+CHALLENGERDB_validation_get_pkce (
+ struct CHALLENGERDB_PostgresContext *ctx,
+ const struct CHALLENGER_ValidationNonceP *nonce,
+ char **client_secret,
+ json_t **address,
+ char **client_scope,
+ char **client_state,
+ char **client_redirect_uri,
+ char **code_challenge,
+ uint32_t *code_challenge_method);
+
+#endif
diff --git a/src/include/challenger_database_lib.h b/src/include/challenger_database_lib.h
@@ -22,10 +22,11 @@
#define CHALLENGER_DB_LIB_H
#include <taler/taler_util.h>
-#include "challenger_database_plugin.h"
+
+struct CHALLENGERDB_PostgresContext;
/**
- * Initialize the plugin.
+ * Connect to the challenger database.
*
* @param cfg configuration to use
* @param skip_preflight true if we should skip the usual
@@ -33,18 +34,18 @@
* operational; only challenger-dbinit should use true here.
* @return NULL on failure
*/
-struct CHALLENGER_DatabasePlugin *
-CHALLENGER_DB_plugin_load (const struct GNUNET_CONFIGURATION_Handle *cfg,
- bool skip_preflight);
+struct CHALLENGERDB_PostgresContext *
+CHALLENGERDB_connect (const struct GNUNET_CONFIGURATION_Handle *cfg,
+ bool skip_preflight);
/**
- * Shutdown the plugin.
+ * Disconnect from the challenger database.
*
- * @param[in] plugin plugin to unload
+ * @param[in] pg context to disconnect and free
*/
void
-CHALLENGER_DB_plugin_unload (struct CHALLENGER_DatabasePlugin *plugin);
+CHALLENGERDB_disconnect (struct CHALLENGERDB_PostgresContext *pg);
#endif /* CHALLENGER_DB_LIB_H */
diff --git a/src/include/challenger_database_plugin.h b/src/include/challenger_database_plugin.h
@@ -1,478 +0,0 @@
-/*
- This file is part of Challenger
- Copyright (C) 2023 Taler Systems SA
-
- Challenger is free software; you can redistribute it and/or modify it under the
- terms of the GNU Lesser General Public License as published by the Free Software
- Foundation; either version 3, or (at your option) any later version.
-
- Challenger is distributed in the hope that it will be useful, but WITHOUT ANY
- WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
- A PARTICULAR PURPOSE. See the GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License along with
- Challenger; see the file COPYING.GPL. If not, see <http://www.gnu.org/licenses/>
-*/
-/**
- * @file include/challenger_database_plugin.h
- * @brief database access for Challenger
- * @author Christian Grothoff
- */
-#ifndef CHALLENGER_DATABASE_PLUGIN_H
-#define CHALLENGER_DATABASE_PLUGIN_H
-
-#include <gnunet/gnunet_util_lib.h>
-#include <gnunet/gnunet_db_lib.h>
-#include <jansson.h>
-#include <taler/taler_util.h>
-
-
-/**
- * Nonce used to uniquely (and unpredictably) identify validations.
- */
-struct CHALLENGER_ValidationNonceP
-{
- /**
- * 256-bit nonce used to identify validations.
- */
- uint32_t value[256 / 32];
-};
-
-
-/**
- * Nonce to uniquely (and unpredictably) identify access tokens.
- */
-struct CHALLENGER_AccessTokenP
-{
- /**
- * 256-bit nonce used to identify grants.
- */
- uint32_t value[256 / 32];
-};
-
-
-/**
- * Handle to interact with the database.
- *
- * Functions ending with "_TR" run their OWN transaction scope
- * and MUST NOT be called from within a transaction setup by the
- * caller. Functions ending with "_NT" require the caller to
- * setup a transaction scope. Functions without a suffix are
- * simple, single SQL queries that MAY be used either way.
- */
-struct CHALLENGER_DatabasePlugin
-{
-
- /**
- * Closure for all callbacks.
- */
- void *cls;
-
- /**
- * Name of the library which generated this plugin. Set by the
- * plugin loader.
- */
- char *library_name;
-
- /**
- * Drop challenger tables. Used for testcases.
- *
- * @param cls closure
- * @return #GNUNET_OK upon success; #GNUNET_SYSERR upon failure
- */
- enum GNUNET_GenericReturnValue
- (*drop_tables)(void *cls);
-
-
- /**
- * Create the necessary tables if they are not present
- *
- * @param cls the @e cls of this struct with the plugin-specific state
- * @return #GNUNET_OK upon success; #GNUNET_SYSERR upon failure
- */
- enum GNUNET_GenericReturnValue
- (*create_tables)(void *cls);
-
-
- /**
- * Do a pre-flight check that we are not in an uncommitted transaction.
- * If we are, try to commit the previous transaction and output a warning.
- * Does not return anything, as we will continue regardless of the outcome.
- *
- * @param cls the `struct PostgresClosure` with the plugin-specific state
- * @return #GNUNET_OK if everything is fine
- * #GNUNET_NO if a transaction was rolled back
- * #GNUNET_SYSERR on hard errors
- */
- enum GNUNET_GenericReturnValue
- (*preflight)(void *cls);
-
-
- /**
- * Start a transaction.
- *
- * @param cls the `struct PostgresClosure` with the plugin-specific state
- * @param name unique name identifying the transaction (for debugging),
- * must point to a constant
- * @return #GNUNET_OK on success
- */
- enum GNUNET_GenericReturnValue
- (*begin_transaction)(void *cls,
- const char *name);
-
-
- /**
- * Commit the current transaction of a database connection.
- *
- * @param cls the `struct PostgresClosure` with the plugin-specific state
- * @return transaction status code
- */
- enum GNUNET_DB_QueryStatus
- (*commit_transaction)(void *cls);
-
-
- /**
- * Roll back the current transaction of a database connection.
- *
- * @param cls the `struct PostgresClosure` with the plugin-specific state
- */
- void
- (*rollback) (void *cls);
-
- /**
- * Function called to perform "garbage collection" on the
- * database, expiring records we no longer require.
- *
- * @param cls closure
- * @param expire expiration time to use
- * @return transaction status
- */
- enum GNUNET_DB_QueryStatus
- (*gc)(void *cls,
- struct GNUNET_TIME_Absolute expire);
-
-
- /**
- * Add client to the list of authorized clients.
- *
- * @param cls
- * @param client_url URL of the client
- * @param client_secret authorization secret for the client
- * @param[out] client_id set to the client ID on success
- * @return transaction status
- */
- enum GNUNET_DB_QueryStatus
- (*client_add)(void *cls,
- const char *client_url,
- const char *client_secret,
- uint64_t *client_id);
-
-
- /**
- * Modify client in the list of authorized clients.
- *
- * @param cls
- * @param client_id the client ID on success
- * @param client_url URL of the client
- * @param client_secret authorization secret for the client, NULL to not modify the secret
- * @return transaction status
- */
- enum GNUNET_DB_QueryStatus
- (*client_modify)(void *cls,
- uint64_t client_id,
- const char *client_url,
- const char *client_secret);
-
- /**
- * Delete client from the list of authorized clients.
- *
- * @param cls
- * @param client_url URL of the client
- * @return transaction status
- */
- enum GNUNET_DB_QueryStatus
- (*client_delete)(void *cls,
- const char *client_url);
-
-
- /**
- * Check if a client is in the list of authorized clients. If @a
- * counter_increment is non-zero, the validation counter of the
- * client is incremented by the given value if the client was found.
- *
- * @param cls
- * @param client_id ID of the client
- * @param client_secret secret of the client
- * @param counter_increment change in validation counter
- * @param[out] client_url set client redirect URL (if known)
- * @return transaction status
- */
- enum GNUNET_DB_QueryStatus
- (*client_check)(void *cls,
- uint64_t client_id,
- const char *client_secret,
- uint32_t counter_increment,
- char **client_url);
-
-
- /**
- * Check if a client is in the list of authorized clients.
- *
- * @param cls
- * @param client_url client redirect URL (if known)
- * @param client_secret secret of the client
- * @param[out] set to client_id ID of the client if found
- * @return transaction status
- */
- enum GNUNET_DB_QueryStatus
- (*client_check2)(void *cls,
- const char *client_url,
- const char *client_secret,
- uint64_t *client_id);
-
-
- /**
- * Start validation process by setting up a validation entry. Allows
- * the respective user who learns the @a nonce to later begin the
- * process.
- *
- * @param cls closure
- * @param client_id ID of the client
- * @param nonce unique nonce to use to identify the validation
- * @param expiration_time when will the validation expire
- * @param initial_address address the user should validate,
- * NULL if the user should enter it themselves
- * @return transaction status
- */
- enum GNUNET_DB_QueryStatus
- (*setup_nonce)(void *cls,
- uint64_t client_id,
- const struct CHALLENGER_ValidationNonceP *nonce,
- struct GNUNET_TIME_Absolute expiration_time,
- const json_t *initial_address);
-
-
- /**
- * Set the user-provided address and PKCE parameters in a validation process.
- * Updates the address and decrements the "addresses left" counter. If the
- * address did not change, the operation is successful even without
- * the counter change.
- *
- * @param cls
- * @param nonce unique nonce to use to identify the validation
- * @param client_id client that initiated the validation
- * @param client_scope scope of the validation
- * @param client_state state of the client
- * @param client_redirect_uri where to redirect at the end, NULL to use a unique one registered for the client
- * @param code_challenge PKCE code challenge
- * @param code_challenge_method PKCE code challenge method
- * @param[out] last_address set to the last address used
- * @param[out] address_attempts_left set to number of address changing attempts left for this address
- * @param[out] pin_transmissions_left set to number of times the PIN can still be re-requested
- * @param[out] auth_attempts_left set to number of authentication attempts remaining
- * @param[out] solved set to true if the challenge is already solved
- * @param[out] last_tx_time set to the last time when we (presumably) send a PIN to @a last_address; 0 if never sent
- * @return transaction status:
- * #GNUNET_DB_STATUS_SUCCESS_ONE_RESULT if the address was changed
- * #GNUNET_DB_STATUS_SUCCESS_NO_RESULTS if we do not permit further changes to the address (attempts exhausted)
- * #GNUNET_DB_STATUS_HARD_ERROR on failure
- */
- enum GNUNET_DB_QueryStatus
- (*authorize_start)(void *cls,
- const struct CHALLENGER_ValidationNonceP *nonce,
- uint64_t client_id,
- const char *client_scope,
- const char *client_state,
- const char *client_redirect_uri,
- const char *code_challenge,
- uint32_t code_challenge_method,
- json_t **last_address,
- uint32_t *address_attempts_left,
- uint32_t *pin_transmissions_left,
- uint32_t *auth_attempts_left,
- bool *solved,
- struct GNUNET_TIME_Absolute *last_tx_time);
-
- /**
- * Set the user-provided address in a validation process. Updates
- * the address and decrements the "addresses left" counter. If the
- * address did not change, the operation is successful even without
- * the counter change.
- *
- * @param cls closure
- * @param nonce unique nonce to use to identify the validation
- * @param address the new address to validate
- * @param validation_duration minimum time between transmissions
- * @param[in,out] tan set to the PIN/TAN last send to @a address, input should be random PIN/TAN to use if address did not change
- * @param[out] state set to client's OAuth2 state if available
- * @param[out] last_tx_time set to the last time when we (presumably) send a PIN to @a address, input should be current time to use if the existing value for tx_time is past @a next_tx_time
- * @param[out] pin_transmit set to true if we should transmit the @a last_pin to the @a address
- * @param[out] auth_attempts_left set to number of attempts the user has left on this pin
- * @param[out] client_redirect_uri redirection URI of the client (for reporting failures)
- * @param[out] address_refused set to true if the address was refused (address change attempts exhausted)
- * @param[out] solved set to true if the challenge is already solved
- * @return transaction status:
- * #GNUNET_DB_STATUS_SUCCESS_ONE_RESULT if the address was changed
- * #GNUNET_DB_STATUS_SUCCESS_NO_RESULTS if we do not permit further changes to the address (attempts exhausted)
- * #GNUNET_DB_STATUS_HARD_ERROR on failure
- */
- enum GNUNET_DB_QueryStatus
- (*challenge_set_address_and_pin)(
- void *cls,
- const struct CHALLENGER_ValidationNonceP *nonce,
- const json_t *address,
- struct GNUNET_TIME_Relative validation_duration,
- uint32_t *tan,
- char **state,
- struct GNUNET_TIME_Absolute *last_tx_time,
- uint32_t *auth_attempts_left,
- bool *pin_transmit,
- char **client_redirect_uri,
- bool *address_refused,
- bool *solved);
-
-
- /**
- * Check PIN entered to validate an address.
- *
- * @param cls
- * @param nonce unique nonce to use to identify the validation
- * @param new_pin the PIN the user entered
- * @param[out] solved set to true if the PIN was correct
- * @param[out] exhausted set to true if the number of attempts to enter the correct PIN has been exhausted
- * @param[out] no_challenge set to true if we never even issued a challenge
- * @param[out] state set to client's OAuth2 state if available
- * @param[out] addr_left set to number of address changes remaining
- * @param[out] auth_attempts_left set to number of authentication attempts remaining
- * @param[out] pin_transmissions_left set to number of times the PIN can still be re-requested
- * @param[out] client_redirect_uri set to OAuth2 client redirect URI
- * @return transaction status:
- * #GNUNET_DB_STATUS_SUCCESS_ONE_RESULT if the nonce was found
- * #GNUNET_DB_STATUS_SUCCESS_NO_RESULTS if we do not know the nonce
- * #GNUNET_DB_STATUS_HARD_ERROR on failure
- */
- enum GNUNET_DB_QueryStatus
- (*validate_solve_pin)(void *cls,
- const struct CHALLENGER_ValidationNonceP *nonce,
- uint32_t new_pin,
- bool *solved,
- bool *exhausted,
- bool *no_challenge,
- char **state,
- uint32_t *addr_left,
- uint32_t *auth_attempts_left,
- uint32_t *pin_transmissions_left,
- char **client_redirect_uri);
-
-
- /**
- * Return validation details. Used by ``/solve``, ``/auth`` and
- * ``/info`` endpoints to authorize and return validated user
- * address to the client.
- *
- * @param cls
- * @param nonce unique nonce to use to identify the validation
- * @param[out] client_secret set to secret of client (for client that setup the challenge)
- * @param[out] address set to client-provided address
- * @param[out] client_scope set to OAuth2 scope
- * @param[out] client_state set to client state
- * @param[out] client_redirect_uri set to client redirect URL
- * @return transaction status:
- * #GNUNET_DB_STATUS_SUCCESS_ONE_RESULT if the nonce was found
- * #GNUNET_DB_STATUS_SUCCESS_NO_RESULTS if we do not know the nonce
- * #GNUNET_DB_STATUS_HARD_ERROR on failure
- */
- enum GNUNET_DB_QueryStatus
- (*validation_get)(void *cls,
- const struct CHALLENGER_ValidationNonceP *nonce,
- char **client_secret,
- json_t **address,
- char **client_scope,
- char **client_state,
- char **client_redirect_uri);
-
-
- /**
- * Return address known for a particular nonce.
- *
- * @param cls
- * @param nonce unique nonce to use to identify the validation
- * @param[out] address set to client-provided address, can be set to NULL!
- * @return transaction status:
- * #GNUNET_DB_STATUS_SUCCESS_ONE_RESULT if the nonce was found
- * #GNUNET_DB_STATUS_SUCCESS_NO_RESULTS if we do not know the nonce
- * #GNUNET_DB_STATUS_HARD_ERROR on failure
- */
- enum GNUNET_DB_QueryStatus
- (*address_get)(void *cls,
- const struct CHALLENGER_ValidationNonceP *nonce,
- json_t **address);
-
-
- /**
- * Return validation details including PKCE parameters. Used by `/solve`, `/auth`, and
- * `/info` endpoints to authorize and return validated user address to the client.
- *
- * @param cls
- * @param nonce unique nonce to use to identify the validation
- * @param[out] client_secret set to secret of client (for client that setup the challenge)
- * @param[out] address set to client-provided address
- * @param[out] client_scope set to OAuth2 scope
- * @param[out] client_state set to client state
- * @param[out] client_redirect_uri set to client redirect URL
- * @param[out] code_challenge set to PKCE code challenge
- * @param[out] code_challenge_method set to PKCE code challenge method
- * @return transaction status:
- * #GNUNET_DB_STATUS_SUCCESS_ONE_RESULT if the nonce was found
- * #GNUNET_DB_STATUS_SUCCESS_NO_RESULTS if we do not know the nonce
- * #GNUNET_DB_STATUS_HARD_ERROR on failure
- */
- enum GNUNET_DB_QueryStatus
- (*validation_get_pkce)(void *cls,
- const struct CHALLENGER_ValidationNonceP *nonce,
- char **client_secret,
- json_t **address,
- char **client_scope,
- char **client_state,
- char **client_redirect_uri,
- char **code_challenge,
- uint32_t *code_challenge_method);
-
- /**
- * Add access @a grant to address under @a nonce.
- *
- * @param cls closure
- * @param nonce validation process to grant access to
- * @param grant grant token that grants access
- * @param grant_expiration for how long should the grant be valid
- * @param address_expiration for how long after validation do we consider addresses to be valid
- * @return transaction status
- */
- enum GNUNET_DB_QueryStatus
- (*token_add_token)(void *cls,
- const struct CHALLENGER_ValidationNonceP *nonce,
- const struct CHALLENGER_AccessTokenP *grant,
- struct GNUNET_TIME_Relative grant_expiration,
- struct GNUNET_TIME_Relative address_expiration);
-
-
- /**
- * Return @a address which @a grant gives access to.
- *
- * @param cls closure
- * @param grant grant token that grants access
- * @param[out] rowid account identifier within challenger
- * @param[out] address set to the address under @a grant
- * @param[out] address_expiration set to how long we consider @a address to be valid
- * @return transaction status
- */
- enum GNUNET_DB_QueryStatus
- (*info_get_token)(void *cls,
- const struct CHALLENGER_AccessTokenP *grant,
- uint64_t *rowid,
- json_t **address,
- struct GNUNET_TIME_Timestamp *address_expiration);
-
-
-};
-#endif
diff --git a/src/include/challenger_util.h b/src/include/challenger_util.h
@@ -23,6 +23,31 @@
#include <gnunet/gnunet_util_lib.h>
+
+/**
+ * Nonce used to uniquely (and unpredictably) identify validations.
+ */
+struct CHALLENGER_ValidationNonceP
+{
+ /**
+ * 256-bit nonce used to identify validations.
+ */
+ uint32_t value[256 / 32];
+};
+
+
+/**
+ * Nonce to uniquely (and unpredictably) identify access tokens.
+ */
+struct CHALLENGER_AccessTokenP
+{
+ /**
+ * 256-bit nonce used to identify grants.
+ */
+ uint32_t value[256 / 32];
+};
+
+
/**
* Return project data used by Challenger.
*
