commit 326a349eb491ab80f01e42619fec5c48b37d50da
parent a09b84c636f6332b219480ca620060eb6ca13758
Author: Antoine A <>
Date: Fri, 3 May 2024 18:40:09 +0900
nexus: more WG API checks
Diffstat:
4 files changed, 37 insertions(+), 6 deletions(-)
diff --git a/bank/src/main/kotlin/tech/libeufin/bank/api/CoreBankApi.kt b/bank/src/main/kotlin/tech/libeufin/bank/api/CoreBankApi.kt
@@ -190,8 +190,7 @@ suspend fun createAccount(
when (cfg.wireMethod) {
WireMethod.IBAN -> {
- if (req.payto_uri != null && !(req.payto_uri is IbanPayto))
- throw badRequest("Expected an IBAN payto uri")
+ req.payto_uri?.expectRequestIban()
var retry = if (req.payto_uri == null) IBAN_ALLOCATION_RETRY_COUNTER else 0
while (true) {
@@ -223,10 +222,9 @@ suspend fun createAccount(
}
WireMethod.X_TALER_BANK -> {
if (req.payto_uri != null) {
- if (!(req.payto_uri is XTalerBankPayto))
- throw badRequest("Expected an IBAN payto uri")
- else if (req.payto_uri.username != req.username)
- throw badRequest("Expected a payto uri for '${req.username}' got one for '${req.payto_uri.username}'")
+ val payto = req.payto_uri.expectRequestXTalerBank()
+ if (payto.username != req.username)
+ throw badRequest("Expected a payto uri for '${req.username}' got one for '${payto.username}'")
}
val internalPayto = XTalerBankPayto.forUsername(req.username)
diff --git a/common/src/main/kotlin/TalerCommon.kt b/common/src/main/kotlin/TalerCommon.kt
@@ -20,6 +20,7 @@
package tech.libeufin.common
import io.ktor.http.*
+import io.ktor.server.plugins.BadRequestException
import kotlinx.serialization.KSerializer
import kotlinx.serialization.Serializable
import kotlinx.serialization.descriptors.PrimitiveKind
@@ -242,6 +243,14 @@ sealed class Payto {
}
}
+ fun expectRequestIban(): IbanPayto {
+ try {
+ return expectIban()
+ } catch (e: Exception) {
+ throw BadRequestException(e.message ?: "", e)
+ }
+ }
+
fun expectXTalerBank(): XTalerBankPayto {
return when (this) {
is XTalerBankPayto -> this
@@ -249,6 +258,14 @@ sealed class Payto {
}
}
+ fun expectRequestXTalerBank(): XTalerBankPayto {
+ try {
+ return expectXTalerBank()
+ } catch (e: Exception) {
+ throw BadRequestException(e.message ?: "", e)
+ }
+ }
+
internal object Serializer : KSerializer<Payto> {
override val descriptor: SerialDescriptor =
PrimitiveSerialDescriptor("Payto", PrimitiveKind.STRING)
diff --git a/nexus/src/main/kotlin/tech/libeufin/nexus/api/WireGatewayApi.kt b/nexus/src/main/kotlin/tech/libeufin/nexus/api/WireGatewayApi.kt
@@ -43,6 +43,7 @@ fun Routing.wireGatewayApi(db: Database, cfg: NexusConfig) = authApi(cfg.wireGat
post("/taler-wire-gateway/transfer") {
val req = call.receive<TransferRequest>()
cfg.checkCurrency(req.amount)
+ req.credit_account.expectRequestIban()
val bankId = run {
val bytes = ByteArray(16)
kotlin.random.Random.nextBytes(bytes)
@@ -87,6 +88,7 @@ fun Routing.wireGatewayApi(db: Database, cfg: NexusConfig) = authApi(cfg.wireGat
post("/taler-wire-gateway/admin/add-incoming") {
val req = call.receive<AddIncomingRequest>()
cfg.checkCurrency(req.amount)
+ req.debit_account.expectRequestIban()
val timestamp = Instant.now()
val bankId = run {
val bytes = ByteArray(16)
diff --git a/nexus/src/test/kotlin/WireGatewayApiTest.kt b/nexus/src/test/kotlin/WireGatewayApiTest.kt
@@ -100,6 +100,13 @@ class WireGatewayApiTest {
"request_uid" to Base32Crockford.encode(ByteArray(65).rand())
}
}.assertBadRequest()
+
+ // Bad payto kind
+ client.postA("/taler-wire-gateway/transfer") {
+ json(valid_req) {
+ "credit_account" to "payto://x-taler-bank/bank.hostname.test/bar"
+ }
+ }.assertBadRequest()
}
// GET /taler-wire-gateway/history/incoming
@@ -209,6 +216,13 @@ class WireGatewayApiTest {
"reserve_pub" to Base32Crockford.encode(ByteArray(31).rand())
}
}.assertBadRequest()
+
+ // Bad payto kind
+ client.postA("/taler-wire-gateway/admin/add-incoming") {
+ json(valid_req) {
+ "debit_account" to "payto://x-taler-bank/bank.hostname.test/bar"
+ }
+ }.assertBadRequest()
}
@Test
