commit 22be66f8b688696df27b643081f76ded9d452127
parent d648a98f511ac4ed1a8a83516c09f4fe66f164bf
Author: Antoine A <>
Date: Mon, 19 Feb 2024 17:08:08 +0100
Environment variables for TAN script in libeufin-bank config
Diffstat:
4 files changed, 36 insertions(+), 13 deletions(-)
diff --git a/bank/src/main/kotlin/tech/libeufin/bank/Config.kt b/bank/src/main/kotlin/tech/libeufin/bank/Config.kt
@@ -44,7 +44,7 @@ data class BankConfig(
val fiatCurrency: String?,
val fiatCurrencySpec: CurrencySpecification?,
val spaPath: Path?,
- val tanChannels: Map<TanChannel, Path>,
+ val tanChannels: Map<TanChannel, Pair<Path, Map<String, String>>>,
val payto: BankPaytoCtx,
val wireMethod: WireMethod
)
@@ -97,7 +97,13 @@ fun TalerConfig.loadBankConfig(): BankConfig {
val tanChannels = buildMap {
for (channel in TanChannel.entries) {
lookupPath("libeufin-bank", "tan_$channel")?.let {
- put(channel, it)
+ val variables = lookupString("libeufin-bank", "tan_${channel}_env")?.let { env ->
+ env.split(' ').map { variable ->
+ variable.splitOnce("=") ?:
+ throw TalerConfigError.invalid("environment variables", "libeufin-bank", "tan_${channel}_env", "expected NAME=VALUE got '$variable'")
+ }.toMap()
+ } ?: mapOf()
+ put(channel, Pair(it, variables))
}
}
}
diff --git a/bank/src/main/kotlin/tech/libeufin/bank/CoreBankApi.kt b/bank/src/main/kotlin/tech/libeufin/bank/CoreBankApi.kt
@@ -662,17 +662,29 @@ private fun Routing.coreBankTanApi(db: Database, ctx: BankConfig) {
)
is TanSendResult.Success -> {
res.tanCode?.run {
- val tanScript = ctx.tanChannels.get(res.tanChannel)
+ val (tanScript, tanEnv) = ctx.tanChannels.get(res.tanChannel)
?: throw unsupportedTanChannel(res.tanChannel)
val exitValue = withContext(Dispatchers.IO) {
- val process = ProcessBuilder(tanScript.toString(), res.tanInfo).start()
+ val builder = ProcessBuilder(tanScript.toString(), res.tanInfo)
+ builder.redirectErrorStream(true)
+ for ((name, value) in tanEnv) {
+ builder.environment()[name] = value
+ }
+ val process = builder.start()
try {
process.outputWriter().use { it.write(res.tanCode) }
process.onExit().await()
} catch (e: Exception) {
process.destroy()
}
- process.exitValue()
+ val exitValue = process.exitValue()
+ if (exitValue != 0) {
+ val out = process.getInputStream().reader().readText()
+ if (out.isNotEmpty()) {
+ logger.error("TAN ${res.tanChannel} - ${tanScript}: $out")
+ }
+ }
+ exitValue
}
if (exitValue != 0) {
throw libeufinError(
diff --git a/contrib/bank.conf b/contrib/bank.conf
@@ -42,6 +42,12 @@ WIRE_TYPE =
# Path to TAN challenge transmission script via email. If not specified, this TAN channel will not be supported.
# TAN_EMAIL = libeufin-tan-email.sh
+# Environment variables for the sms TAN script.
+# TAN_SMS_ENV = AUTH_TOKEN=secret-token
+
+# Environment variables for the email TAN script.
+# TAN_EMAIL_ENV = AUTH_TOKEN=secret-token
+
# How "libeufin-bank serve" serves its API, this can either be tcp or unix
SERVE = tcp
diff --git a/contrib/libeufin-tan-sms.sh b/contrib/libeufin-tan-sms.sh
@@ -1,20 +1,18 @@
#!/bin/sh
-
# This file is in the public domain.
-
set -eu
-
-. telesign-secrets # need to be found in the PATH
-# Set CUSTOMER_ID and API_KEY
+# Set AUTH_TOKEN=...
MESSAGE=`cat -`
TMPFILE=`mktemp /tmp/sms-loggingXXXXXX`
PHONE_NUMBER=$(echo $1 | sed 's/^+//') # Telesign refuses the leading +
STATUS=$(curl --request POST \
- --user "$CUSTOMER_ID:$API_KEY" \
--url https://rest-api.telesign.com/v1/messaging \
- --data "message_type=OTP" \
+ --header "authorization: Basic $AUTH_TOKEN" \
+ --header 'content-type: application/x-www-form-urlencoded' \
+ --data account_livecycle_event=transact \
--data "message=$MESSAGE" \
+ --data message_type=OTP \
--data "phone_number=$PHONE_NUMBER" \
-w "%{http_code}" -s -o $TMPFILE)
echo `cat $TMPFILE` >> $HOME/sms.log
@@ -27,4 +25,4 @@ case $STATUS in
exit 1;
;;
esac
-exit 1
+exit 1
+\ No newline at end of file
