commit 22500b550b0ce9d03b99b5706afb74b29c3d9d1d
parent 790146569e9f530ca99899c7d595dbc0bb1460a1
Author: Christian Grothoff <grothoff@gnunet.org>
Date: Tue, 5 Aug 2025 00:12:24 +0200
update /config for future v21
Diffstat:
3 files changed, 102 insertions(+), 51 deletions(-)
diff --git a/src/backend/taler-merchant-httpd.c b/src/backend/taler-merchant-httpd.c
@@ -120,68 +120,36 @@
*/
#define DEFAULT_MAX_UPLOAD_SIZE (16 * 1024)
-/**
- * Which currency do we use?
- */
char *TMH_currency;
-/**
- * What is the base URL for this merchant backend? NULL if it is not
- * configured and is to be determined from HTTP headers (X-Forwarded-Host and
- * X-Forwarded-Port and X-Forwarded-Prefix) of the reverse proxy.
- */
char *TMH_base_url;
-/**
- * Inform the auditor for all deposit confirmations (global option)
- */
int TMH_force_audit;
-/**
- * Connection handle to the our database
- */
struct TALER_MERCHANTDB_Plugin *TMH_db;
-/**
- * Event handler for instance settings changes.
- */
-static struct GNUNET_DB_EventHandler *instance_eh;
-
-/**
- * Hashmap pointing at merchant instances by 'id'. An 'id' is
- * just a string that identifies a merchant instance. When a frontend
- * needs to specify an instance to the backend, it does so by 'id'
- */
struct GNUNET_CONTAINER_MultiHashMap *TMH_by_id_map;
-/**
- * #GNUNET_YES if protocol version 19 is strictly enforced.
- * (Default is #GNUNET_NO)
- */
int TMH_strict_v19;
-/**
- * #GNUNET_YES if authentication is disabled (For testing only!!).
- * (Default is #GNUNET_NO)
- */
int TMH_auth_disabled;
-/**
- * How long do we need to keep information on paid contracts on file for tax
- * or other legal reasons? Used to block deletions for younger transaction
- * data.
- */
+int TMH_have_self_provisioning;
+
+enum TEH_TanChannelSet TEH_mandatory_tan_channels;
+
struct GNUNET_TIME_Relative TMH_legal_expiration;
-/**
- * Length of the TMH_cspecs array.
- */
unsigned int TMH_num_cspecs;
+struct TALER_CurrencySpecification *TMH_cspecs;
+
+struct GNUNET_CURL_Context *TMH_curl_ctx;
+
/**
- * Rendering specs for currencies.
+ * Event handler for instance settings changes.
*/
-struct TALER_CurrencySpecification *TMH_cspecs;
+static struct GNUNET_DB_EventHandler *instance_eh;
/**
* True if we started any HTTP daemon.
@@ -194,11 +162,6 @@ static bool have_daemons;
static int merchant_connection_close;
/**
- * Context for all exchange operations (useful to the event loop).
- */
-struct GNUNET_CURL_Context *TMH_curl_ctx;
-
-/**
* Context for integrating #TMH_curl_ctx with the
* GNUnet event loop.
*/
@@ -2753,11 +2716,12 @@ run (void *cls,
}
if (GNUNET_SYSERR ==
- (TMH_strict_v19 = GNUNET_CONFIGURATION_get_value_yesno (cfg,
- "merchant",
- "STRICT_PROTOCOL_V19")))
+ (TMH_strict_v19
+ = GNUNET_CONFIGURATION_get_value_yesno (cfg,
+ "merchant",
+ "STRICT_PROTOCOL_V19")))
{
- GNUNET_log_config_missing (GNUNET_ERROR_TYPE_ERROR,
+ GNUNET_log_config_missing (GNUNET_ERROR_TYPE_INFO,
"merchant",
"STRICT_PROTOCOL_V19");
TMH_strict_v19 = GNUNET_NO;
@@ -2774,6 +2738,19 @@ run (void *cls,
GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
"DANGEROUS: Endpoint Authentication disabled!");
}
+
+ if (GNUNET_SYSERR ==
+ (TMH_have_self_provisioning
+ = GNUNET_CONFIGURATION_get_value_yesno (cfg,
+ "merchant",
+ "ENABLE_SELF_PROVISIONING")))
+ {
+ GNUNET_log_config_missing (GNUNET_ERROR_TYPE_INFO,
+ "merchant",
+ "ENABLE_SELF_PROVISIONING");
+ TMH_have_self_provisioning = GNUNET_NO;
+ }
+
if (GNUNET_OK !=
GNUNET_CONFIGURATION_get_value_time (cfg,
"merchant",
@@ -2787,6 +2764,44 @@ run (void *cls,
GNUNET_SCHEDULER_shutdown ();
return;
}
+
+ {
+ char *tan_channels;
+
+ if (GNUNET_OK ==
+ GNUNET_CONFIGURATION_get_value_string (cfg,
+ "merchant",
+ "MANDATORY_TAN_CHANNELS",
+ &tan_channels))
+ {
+ for (char *tok = strtok (tan_channels,
+ " ");
+ NULL != tok;
+ tok = strtok (NULL,
+ " "))
+ {
+ if (0 == strcasecmp (tok,
+ "sms"))
+ TEH_mandatory_tan_channels |= TEH_TCS_SMS;
+ else if (0 == strcasecmp (tok,
+ "email"))
+ TEH_mandatory_tan_channels |= TEH_TCS_EMAIL;
+ else
+ {
+ GNUNET_log_config_invalid (GNUNET_ERROR_TYPE_ERROR,
+ "merchant",
+ "MANDATORY_TAN_CHANNELS",
+ tok);
+ global_ret = EXIT_NOTCONFIGURED;
+ GNUNET_SCHEDULER_shutdown ();
+ GNUNET_free (tan_channels);
+ return;
+ }
+ }
+ GNUNET_free (tan_channels);
+ }
+ }
+
if (GNUNET_OK ==
GNUNET_CONFIGURATION_get_value_string (cfg,
"merchant",
diff --git a/src/backend/taler-merchant-httpd.h b/src/backend/taler-merchant-httpd.h
@@ -769,6 +769,27 @@ extern int TMH_strict_v19;
*/
extern int TMH_auth_disabled;
+/**
+ * True if self-provisioning is enabled.
+ */
+extern int TMH_have_self_provisioning;
+
+/**
+ * Set of TAN channels.
+ */
+enum TEH_TanChannelSet
+{
+ TEH_TCS_NONE = 0,
+ TEH_TCS_SMS = 1,
+ TEH_TCS_EMAIL = 2
+};
+
+
+/**
+ * Which TAN channels are mandatory for self-provisioned
+ * accounts and password resets? Bitmask.
+ */
+extern enum TEH_TanChannelSet TEH_mandatory_tan_channels;
/**
* Callback that frees an instances removing
diff --git a/src/backend/taler-merchant-httpd_config.c b/src/backend/taler-merchant-httpd_config.c
@@ -90,11 +90,21 @@ MH_handler_config (const struct TMH_RequestHandler *rh,
{
json_t *specs = json_object ();
json_t *exchanges = json_array ();
+ json_t *mtc = json_array ();
GNUNET_assert (NULL != specs);
GNUNET_assert (NULL != exchanges);
+ GNUNET_assert (NULL != mtc);
TMH_exchange_get_trusted (&add_exchange,
exchanges);
+ if (0 != (TEH_TCS_SMS & TEH_mandatory_tan_channels))
+ GNUNET_assert (0 ==
+ json_array_append_new (mtc,
+ json_string ("sms")));
+ if (0 != (TEH_TCS_EMAIL & TEH_mandatory_tan_channels))
+ GNUNET_assert (0 ==
+ json_array_append_new (mtc,
+ json_string ("email")));
for (unsigned int i = 0; i<TMH_num_cspecs; i++)
{
const struct TALER_CurrencySpecification *cspec = &TMH_cspecs[i];
@@ -110,10 +120,15 @@ MH_handler_config (const struct TMH_RequestHandler *rh,
response = TALER_MHD_MAKE_JSON_PACK (
GNUNET_JSON_pack_string ("currency",
TMH_currency),
+ GNUNET_JSON_pack_bool ("have_self_provisioning",
+ GNUNET_YES ==
+ TMH_have_self_provisioning),
GNUNET_JSON_pack_object_steal ("currencies",
specs),
GNUNET_JSON_pack_array_steal ("exchanges",
exchanges),
+ GNUNET_JSON_pack_array_steal ("mandatory_tan_channels",
+ mtc),
GNUNET_JSON_pack_string (
"implementation",
"urn:net:taler:specs:taler-merchant:c-reference"),
