commit 511173a4bf138a14948e21c5b1f4938741c2e45e
parent 638c6f5599d546abc35a66befe4685faddd74b53
Author: Christian Grothoff <grothoff@gnunet.org>
Date: Wed, 7 May 2025 17:07:59 +0200
merge 5-wire_targets
Diffstat:
3 files changed, 33 insertions(+), 93 deletions(-)
diff --git a/src/exchangedb/0002-wire_targets.sql b/src/exchangedb/0002-wire_targets.sql
@@ -1,6 +1,6 @@
--
-- This file is part of TALER
--- Copyright (C) 2014--2022 Taler Systems SA
+-- Copyright (C) 2014--2025 Taler Systems SA
--
-- TALER is free software; you can redistribute it and/or modify it under the
-- terms of the GNU General Public License as published by the Free Software
@@ -14,6 +14,18 @@
-- TALER; see the file COPYING. If not, see <http://www.gnu.org/licenses/>
--
+CREATE OR REPLACE FUNCTION random_bytea(
+ bytea_length INT
+)
+RETURNS BYTEA
+ AS $body$
+ SELECT decode(string_agg(lpad(to_hex(width_bucket(random(), 0, 1, 256)-1),2,'0') ,''), 'hex')
+ FROM generate_series(1, $1);
+ $body$
+LANGUAGE 'sql'
+VOLATILE;
+
+
CREATE FUNCTION create_table_wire_targets(
IN partition_suffix TEXT DEFAULT NULL
)
@@ -26,6 +38,9 @@ BEGIN
'(wire_target_serial_id BIGINT GENERATED BY DEFAULT AS IDENTITY'
',wire_target_h_payto BYTEA PRIMARY KEY CHECK (LENGTH(wire_target_h_payto)=32)'
',payto_uri TEXT NOT NULL'
+ ',access_token BYTEA CHECK(LENGTH(access_token)=32)'
+ ' DEFAULT random_bytea(32)'
+ ',ADD COLUMN target_pub BYTEA CHECK(LENGTH(target_pub)=32) DEFAULT NULL'
') %s ;'
,'wire_targets'
,'PARTITION BY HASH (wire_target_h_payto)'
@@ -48,6 +63,18 @@ BEGIN
,'wire_targets'
,partition_suffix
);
+ PERFORM comment_partitioned_column(
+ 'high-entropy random value that is used as a bearer token used to authenticate access to the KYC SPA and its state (without requiring a signature)'
+ ,'access_token'
+ ,'wire_targets'
+ ,NULL
+ );
+ PERFORM comment_partitioned_column(
+ 'Public key of a merchant instance or reserve to authenticate access; NULL if KYC is not allowed for the account (if there was no incoming KYC wire transfer yet); updated, thus NOT available to the auditor'
+ ,'target_pub'
+ ,'wire_targets'
+ ,NULL
+ );
END $$;
@@ -66,6 +93,11 @@ BEGIN
' ADD CONSTRAINT ' || table_name || '_wire_target_serial_id_key'
' UNIQUE (wire_target_serial_id)'
);
+ EXECUTE FORMAT (
+ 'ALTER TABLE ' || table_name ||
+ ' ADD CONSTRAINT ' || table_name || '_wire_target_access_token_unique'
+ ' UNIQUE (access_token)'
+ );
END
$$;
diff --git a/src/exchangedb/0005-wire_targets.sql b/src/exchangedb/0005-wire_targets.sql
@@ -1,91 +0,0 @@
---
--- This file is part of TALER
--- Copyright (C) 2024 Taler Systems SA
---
--- TALER is free software; you can redistribute it and/or modify it under the
--- terms of the GNU General Public License as published by the Free Software
--- Foundation; either version 3, or (at your option) any later version.
---
--- TALER is distributed in the hope that it will be useful, but WITHOUT ANY
--- WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
--- A PARTICULAR PURPOSE. See the GNU General Public License for more details.
---
--- You should have received a copy of the GNU General Public License along with
--- TALER; see the file COPYING. If not, see <http://www.gnu.org/licenses/>
---
-
-CREATE OR REPLACE FUNCTION random_bytea(
- bytea_length INT
-)
-RETURNS BYTEA
- AS $body$
- SELECT decode(string_agg(lpad(to_hex(width_bucket(random(), 0, 1, 256)-1),2,'0') ,''), 'hex')
- FROM generate_series(1, $1);
- $body$
-LANGUAGE 'sql'
-VOLATILE;
-
-CREATE FUNCTION alter_table_wire_targets5()
-RETURNS VOID
-LANGUAGE plpgsql
-AS $$
-BEGIN
- EXECUTE FORMAT (
- 'ALTER TABLE wire_targets'
- ' ADD COLUMN access_token BYTEA CHECK(LENGTH(access_token)=32)'
- ' DEFAULT random_bytea(32)'
- ',ADD COLUMN target_pub BYTEA CHECK(LENGTH(target_pub)=32)'
- ' DEFAULT NULL'
- ';'
- );
-
- PERFORM comment_partitioned_column(
- 'high-entropy random value that is used as a bearer token used to authenticate access to the KYC SPA and its state (without requiring a signature)'
- ,'access_token'
- ,'wire_targets'
- ,NULL
- );
- PERFORM comment_partitioned_column(
- 'Public key of a merchant instance or reserve to authenticate access; NULL if KYC is not allowed for the account (if there was no incoming KYC wire transfer yet); updated, thus NOT available to the auditor'
- ,'target_pub'
- ,'wire_targets'
- ,NULL
- );
-END $$;
-
-
-CREATE FUNCTION constrain_table_wire_targets5(
- IN partition_suffix TEXT
-)
-RETURNS void
-LANGUAGE plpgsql
-AS $$
-DECLARE
- table_name TEXT DEFAULT 'wire_targets';
-BEGIN
- table_name = concat_ws('_', table_name, partition_suffix);
- EXECUTE FORMAT (
- 'ALTER TABLE ' || table_name ||
- ' ADD CONSTRAINT ' || table_name || '_wire_target_access_token_unique'
- ' UNIQUE (access_token)'
- );
-END
-$$;
-
-INSERT INTO exchange_tables
- (name
- ,version
- ,action
- ,partitioned
- ,by_range)
- VALUES
- ('wire_targets5'
- ,'exchange-0005'
- ,'alter'
- ,TRUE
- ,FALSE),
- ('wire_targets5'
- ,'exchange-0005'
- ,'constrain'
- ,TRUE
- ,FALSE);
diff --git a/src/exchangedb/exchange-0005.sql.in b/src/exchangedb/exchange-0005.sql.in
@@ -19,7 +19,6 @@ BEGIN;
SELECT _v.register_patch('exchange-0005', NULL, NULL);
SET search_path TO exchange;
-#include "0005-wire_targets.sql"
#include "0005-legitimization_measures.sql"
#include "0005-legitimization_outcomes.sql"
#include "0005-legitimization_processes.sql"
