taler-merchant-httpd.h (21163B)
1 /* 2 This file is part of TALER 3 Copyright (C) 2014-2025 Taler Systems SA 4 5 TALER is free software; you can redistribute it and/or modify it under the 6 terms of the GNU General Public License as published by the Free Software 7 Foundation; either version 3, or (at your option) any later version. 8 9 TALER is distributed in the hope that it will be useful, but WITHOUT ANY 10 WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR 11 A PARTICULAR PURPOSE. See the GNU General Public License for more details. 12 13 You should have received a copy of the GNU General Public License along with 14 TALER; see the file COPYING. If not, see <http://www.gnu.org/licenses/> 15 */ 16 /** 17 * @file taler-merchant-httpd.h 18 * @brief HTTP serving layer mainly intended to communicate with the frontend 19 * @author Marcello Stanisci 20 */ 21 #ifndef TALER_MERCHANT_HTTPD_H 22 #define TALER_MERCHANT_HTTPD_H 23 24 #include "platform.h" 25 #include "taler_merchantdb_lib.h" 26 #include <taler/taler_mhd_lib.h> 27 #include <gnunet/gnunet_mhd_compat.h> 28 #include "taler_merchant_bank_lib.h" 29 #include <regex.h> 30 31 32 /** 33 * Shorthand for exit jumps. 34 */ 35 #define EXITIF(cond) \ 36 do { \ 37 if (cond) { GNUNET_break (0); goto EXITIF_exit; } \ 38 } while (0) 39 40 41 /** 42 * Supported wire method. Kept in a DLL. 43 */ 44 struct TMH_WireMethod 45 { 46 /** 47 * Next entry in DLL. 48 */ 49 struct TMH_WireMethod *next; 50 51 /** 52 * Previous entry in DLL. 53 */ 54 struct TMH_WireMethod *prev; 55 56 /** 57 * Which wire method / payment target identifier is @e payto_uri using? 58 */ 59 char *wire_method; 60 61 /** 62 * Wire details for this instance 63 */ 64 struct TALER_FullPayto payto_uri; 65 66 /** 67 * Salt to use when computing @e h_wire from @e payto_uri. 68 */ 69 struct TALER_WireSaltP wire_salt; 70 71 /** 72 * Hash of our wire format details as given in @e payto_uri 73 */ 74 struct TALER_MerchantWireHashP h_wire; 75 76 /** 77 * Base URL of the credit facade. 78 */ 79 char *credit_facade_url; 80 81 /** 82 * Authentication data to access the credit facade. 83 * May be uninitialized if not provided by the client. 84 */ 85 json_t *credit_facade_credentials; 86 87 /** 88 * Is this wire method active (should it be included in new contracts)? 89 */ 90 bool active; 91 92 /** 93 * Are we currently in a transaction to delete this account? 94 */ 95 bool deleting; 96 97 /** 98 * Are we currently in a transaction to enable this account? 99 */ 100 bool enabling; 101 102 }; 103 104 105 /** 106 * A pending GET /orders request that is in long polling mode. 107 */ 108 struct TMH_PendingOrder; 109 110 111 /** 112 * Information that defines a merchant "instance". That way, a single 113 * backend can account for several merchants, as used to do in donation 114 * shops 115 */ 116 struct TMH_MerchantInstance 117 { 118 119 /** 120 * Next entry in DLL. 121 */ 122 struct TMH_WireMethod *wm_head; 123 124 /** 125 * Previous entry in DLL. 126 */ 127 struct TMH_WireMethod *wm_tail; 128 129 /** 130 * Hash of the instance ID, key for the DHT. 131 */ 132 struct GNUNET_HashCode h_instance; 133 134 /** 135 * Head of DLL of long-polling GET /orders requests of this instance. 136 */ 137 struct TMH_PendingOrder *po_head; 138 139 /** 140 * Tail of DLL of long-polling GET /orders requests of this instance. 141 */ 142 struct TMH_PendingOrder *po_tail; 143 144 /** 145 * Database event we are waiting on to be resuming 146 * long-polling requests from the @e po_head. 147 */ 148 struct GNUNET_DB_EventHandler *po_eh; 149 150 /** 151 * Merchant's private key. 152 */ 153 struct TALER_MerchantPrivateKeyP merchant_priv; 154 155 /** 156 * Merchant's public key 157 */ 158 struct TALER_MerchantPublicKeyP merchant_pub; 159 160 /** 161 * General settings for an instance. 162 */ 163 struct TALER_MERCHANTDB_InstanceSettings settings; 164 165 /** 166 * General settings for an instance. 167 */ 168 struct TALER_MERCHANTDB_InstanceAuthSettings auth; 169 170 /** 171 * Reference counter on this structure. Only destroyed if the 172 * counter hits zero. 173 */ 174 unsigned int rc; 175 176 /** 177 * True if this instance was deleted (but not yet purged). 178 */ 179 bool deleted; 180 181 /** 182 * True if email/sms validation is needed before the 183 * instance can be used. 184 */ 185 bool validation_needed; 186 }; 187 188 189 GNUNET_NETWORK_STRUCT_BEGIN 190 191 192 /** 193 * Event triggered when an order is paid. 194 */ 195 struct TMH_OrderPayEventP 196 { 197 /** 198 * Type is #TALER_DBEVENT_MERCHANT_ORDER_PAID 199 */ 200 struct GNUNET_DB_EventHeaderP header; 201 202 /** 203 * Always zero (for alignment). 204 */ 205 uint32_t reserved GNUNET_PACKED; 206 207 /** 208 * Merchant's public key 209 */ 210 struct TALER_MerchantPublicKeyP merchant_pub; 211 212 /** 213 * Hash of the order ID. 214 */ 215 struct GNUNET_HashCode h_order_id; 216 }; 217 218 219 /** 220 * Event triggered when a fulfillment URL is 221 * bound to a session (as paid). 222 */ 223 struct TMH_SessionEventP 224 { 225 /** 226 * Type is #TALER_DBEVENT_MERCHANT_SESSION_CAPTURED 227 */ 228 struct GNUNET_DB_EventHeaderP header; 229 230 /** 231 * Always zero (for alignment). 232 */ 233 uint32_t reserved GNUNET_PACKED; 234 235 /** 236 * Merchant's public key 237 */ 238 struct TALER_MerchantPublicKeyP merchant_pub; 239 240 /** 241 * Hash of the fulfillment URL. 242 */ 243 struct GNUNET_HashCode h_fulfillment_url; 244 245 /** 246 * Hash of the session ID 247 */ 248 struct GNUNET_HashCode h_session_id; 249 }; 250 251 252 /** 253 * Event triggered when an order's refund is increased 254 * or obtained by the respective wallet. 255 * 256 * Extra arguments are the amount (as a string). 257 */ 258 struct TMH_OrderRefundEventP 259 { 260 /** 261 * Type is #TALER_DBEVENT_MERCHANT_ORDER_REFUND or 262 * #TALER_DBEVENT_MERCHANT_REFUND_OBTAINED 263 */ 264 struct GNUNET_DB_EventHeaderP header; 265 266 /** 267 * Always zero (for alignment). 268 */ 269 uint32_t reserved GNUNET_PACKED; 270 271 /** 272 * Merchant's public key 273 */ 274 struct TALER_MerchantPublicKeyP merchant_pub; 275 276 /** 277 * Hash of the order ID. 278 */ 279 struct GNUNET_HashCode h_order_id; 280 }; 281 282 283 /** 284 * Event generated when a client picks up a reward. 285 */ 286 struct TMH_RewardPickupEventP 287 { 288 /** 289 * Type is #TALER_DBEVENT_MERCHANT_REWARD_PICKUP. 290 */ 291 struct GNUNET_DB_EventHeaderP header; 292 293 /** 294 * Always zero (for alignment). 295 */ 296 uint32_t reserved GNUNET_PACKED; 297 298 /** 299 * Reward ID. 300 */ 301 struct TALER_RewardIdentifierP reward_id; 302 303 /** 304 * Hash of the instance ID. 305 */ 306 struct GNUNET_HashCode h_instance; 307 308 }; 309 310 /** 311 * Possible flags indicating the state of an order. 312 */ 313 enum TMH_OrderStateFlags 314 { 315 TMH_OSF_NONE = 0, 316 317 /** 318 * Not yet used. 319 */ 320 TMH_OSF_CLAIMED = 1, 321 322 /** 323 * Customer paid the order. 324 */ 325 TMH_OSF_PAID = 2, 326 327 /** 328 * Merchant granted (possibly partial) refund. 329 */ 330 TMH_OSF_REFUNDED = 4, 331 332 /** 333 * Merchant received the payment from the exchange. 334 * FIXME: not triggered yet! 335 */ 336 TMH_OSF_WIRED = 8 337 }; 338 339 340 /** 341 * Extra information passed for a 342 * #TALER_DBEVENT_MERCHANT_ORDERS_CHANGE. 343 */ 344 struct TMH_OrderChangeEventDetailsP 345 { 346 /** 347 * Order ID, in NBO. 348 */ 349 uint64_t order_serial_id GNUNET_PACKED; 350 351 /** 352 * Execution date of the order. 353 */ 354 struct GNUNET_TIME_TimestampNBO execution_date; 355 356 /** 357 * See `enum TMH_OrderStateFlags`. In NBO. 358 */ 359 uint32_t order_state GNUNET_PACKED; 360 361 }; 362 363 364 /** 365 * Event triggered when an order's refund is increased 366 * or obtained by the respective wallet. 367 * 368 * Extra arguments are the amount (as a string). 369 */ 370 struct TMH_OrderChangeEventP 371 { 372 /** 373 * Type is #TALER_DBEVENT_MERCHANT_ORDERS_CHANGE. 374 */ 375 struct GNUNET_DB_EventHeaderP header; 376 377 /** 378 * Always zero (for alignment). 379 */ 380 uint32_t reserved GNUNET_PACKED; 381 382 /** 383 * Merchant's public key 384 */ 385 struct TALER_MerchantPublicKeyP merchant_pub; 386 }; 387 388 389 GNUNET_NETWORK_STRUCT_END 390 391 /** 392 * @brief Struct describing an URL and the handler for it. 393 * 394 * The overall URL is always @e url_prefix, optionally followed by the 395 * id_segment, which is optionally followed by the @e url_suffix. It is NOT 396 * allowed for the @e url_prefix to be directly followed by the @e url_suffix. 397 * A @e url_suffix SHOULD only be used with a @e method of #MHD_HTTP_METHOD_POST. 398 */ 399 struct TMH_RequestHandler; 400 401 /** 402 * This information is stored in the "connection_cls" of MHD for 403 * every request that we process. 404 * Individual handlers can evaluate its members and 405 * are allowed to update @e cc and @e ctx to store and clean up 406 * handler-specific data. 407 */ 408 struct TMH_HandlerContext; 409 410 411 /** 412 * Possible authorization scopes. This is a bit mask. 413 */ 414 enum TMH_AuthScope 415 { 416 /** 417 * Nothing is authorized. 418 */ 419 TMH_AS_NONE = 0, 420 421 /** 422 * Read-only access is OK. Any GET request is 423 * automatically OK. 424 */ 425 TMH_AS_READ_ONLY = 1, 426 427 /** 428 * 2 is Reserved. Was refreshable pre v42 429 */ 430 431 /** 432 * Order creation and payment status check only 433 */ 434 TMH_AS_ORDER_SIMPLE = 3, 435 436 /** 437 * Order creation and inventory locking, 438 * includes #TMH_AS_ORDER_SIMPLE 439 */ 440 TMH_AS_ORDER_POS = 4, 441 442 /** 443 * Order creation and refund 444 */ 445 TMH_AS_ORDER_MGMT = 5, 446 447 /** 448 * Order full 449 * Includes #TMH_AS_ORDER_POS and #TMH_AS_ORDER_MGMT 450 */ 451 TMH_AS_ORDER_FULL = 6, 452 453 /** 454 * Full access is granted to everything. 455 * We want to deprecate and remove this! 456 * Old scope "write" 457 */ 458 TMH_AS_ALL = 7 | 1 << 30, 459 460 /** 461 * Full access is granted to everything. 462 */ 463 TMH_AS_SPA = 8, 464 465 /** 466 * /login access to renew the token is OK. 467 * This is actually combined with other scopes 468 * and not (usually) used as a scope itself. 469 */ 470 TMH_AS_REFRESHABLE = 1 << 30, 471 472 }; 473 474 475 /** 476 * @brief Struct describing an URL and the handler for it. 477 * 478 * The overall URL is always @e url_prefix, optionally followed by the 479 * id_segment, which is optionally followed by the @e url_suffix. It is NOT 480 * allowed for the @e url_prefix to be directly followed by the @e url_suffix. 481 * A @e url_suffix SHOULD only be used with a @e method of #MHD_HTTP_METHOD_POST. 482 */ 483 struct TMH_RequestHandler 484 { 485 486 /** 487 * URL prefix the handler is for, includes the '/', 488 * so "/orders", "/templates", "/webhooks" or "/products". Does *not* include 489 * "/private", that is controlled by the array in which 490 * the handler is defined. Must not contain any 491 * '/' except for the leading '/'. 492 */ 493 const char *url_prefix; 494 495 /** 496 * Required access permission for this request. 497 */ 498 const char *permission; 499 500 /** 501 * Does this request include an identifier segment 502 * (product_id, reserve_pub, order_id, reward_id, template_id, webhook_id) in the 503 * second segment? 504 */ 505 bool have_id_segment; 506 507 /** 508 * Does this request handler work without an instance? 509 */ 510 bool skip_instance; 511 512 /** 513 * Does this endpoint ONLY apply for the admin instance? 514 */ 515 bool default_only; 516 517 /** 518 * Does this request handler work with a deleted instance? 519 */ 520 bool allow_deleted_instance; 521 522 /** 523 * URL suffix the handler is for, excludes the '/', 524 * so "pay" or "claim", not "/pay". 525 */ 526 const char *url_suffix; 527 528 /** 529 * HTTP method the handler is for, NULL for "all". 530 */ 531 const char *method; 532 533 /** 534 * Mime type to use in reply (hint, can be NULL). 535 */ 536 const char *mime_type; 537 538 /** 539 * Raw data for the @e handler (can be NULL). 540 */ 541 const void *data; 542 543 /** 544 * Number of bytes in @e data. 545 */ 546 size_t data_size; 547 548 /** 549 * Maximum upload size allowed for this handler. 550 * 0 for #DEFAULT_MAX_UPLOAD_SIZE. 551 */ 552 size_t max_upload; 553 554 /** 555 * Handler to be called for this URL/METHOD combination. 556 * 557 * @param rh this struct 558 * @param connection the MHD connection to handle 559 * @param[in,out] hc context with further information about the request 560 * @return MHD result code 561 */ 562 MHD_RESULT 563 (*handler)(const struct TMH_RequestHandler *rh, 564 struct MHD_Connection *connection, 565 struct TMH_HandlerContext *hc); 566 567 /** 568 * Default response code to use. 569 */ 570 unsigned int response_code; 571 }; 572 573 574 /** 575 * Signature of a function used to clean up the context 576 * we keep in the "connection_cls" of MHD when handling 577 * a request. 578 * 579 * @param ctx the context to clean up. 580 */ 581 typedef void 582 (*TMH_ContextCleanup)(void *ctx); 583 584 585 /** 586 * This information is stored in the "connection_cls" of MHD for 587 * every request that we process. 588 * Individual handlers can evaluate its members and 589 * are allowed to update @e cc and @e ctx to store and clean up 590 * handler-specific data. 591 */ 592 struct TMH_HandlerContext 593 { 594 595 /** 596 * Function to execute the handler-specific cleanup of the 597 * (request-specific) context in @e ctx. 598 */ 599 TMH_ContextCleanup cc; 600 601 /** 602 * Client-specific context we keep. Passed to @e cc. 603 */ 604 void *ctx; 605 606 /** 607 * Which request handler is handling this request? 608 */ 609 const struct TMH_RequestHandler *rh; 610 611 /** 612 * Which instance is handling this request? 613 */ 614 struct TMH_MerchantInstance *instance; 615 616 /** 617 * Asynchronous request context id. 618 */ 619 struct GNUNET_AsyncScopeId async_scope_id; 620 621 /** 622 * Our original URL, for logging. 623 */ 624 const char *url; 625 626 /** 627 * Copy of our original full URL with query parameters. 628 */ 629 char *full_url; 630 631 /** 632 * Client-provided authentication token for this 633 * request, can be NULL. 634 * 635 * Used to check for concurrent, conflicting updates of 636 * the authentication information in the database. 637 */ 638 const char *auth_token; 639 640 /** 641 * Infix part of @a url. 642 */ 643 char *infix; 644 645 /** 646 * Which connection was suspended. 647 */ 648 struct MHD_Connection *connection; 649 650 /** 651 * JSON body that was uploaded, NULL if @e has_body is false. 652 */ 653 json_t *request_body; 654 655 /** 656 * Placeholder for #TALER_MHD_parse_post_json() to keep its internal state. 657 * Used when we parse the POSTed data. 658 */ 659 void *json_parse_context; 660 661 /** 662 * Total size of the upload so far. 663 */ 664 uint64_t total_upload; 665 666 /** 667 * Actual authentication scope of this request. 668 * Only set for ``/private/`` requests. 669 */ 670 enum TMH_AuthScope auth_scope; 671 672 /** 673 * Set to true if this is an #MHD_HTTP_METHOD_POST or #MHD_HTTP_METHOD_PATCH request. 674 * (In principle #MHD_HTTP_METHOD_PUT may also belong, but we do not have PUTs 675 * in the API today, so we do not test for PUT.) 676 */ 677 bool has_body; 678 }; 679 680 681 /** 682 * Information common for suspended requests. 683 */ 684 struct TMH_SuspendedConnection 685 { 686 /** 687 * Which connection was suspended. 688 */ 689 struct MHD_Connection *con; 690 691 /** 692 * At what time does this request expire? If set in the future, we 693 * may wait this long for a payment to arrive before responding. 694 */ 695 struct GNUNET_TIME_Absolute long_poll_timeout; 696 697 /** 698 * Minimum refund amount to be exceeded (exclusive this value!) for resume. 699 */ 700 struct TALER_Amount refund_expected; 701 702 /** 703 * true if we are waiting for a refund. 704 */ 705 bool awaiting_refund; 706 707 /** 708 * Whether we're waiting for the refunds to be obtained. 709 */ 710 bool awaiting_refund_obtained; 711 712 }; 713 714 715 /** 716 * Which currency do we use? 717 */ 718 extern char *TMH_currency; 719 720 /** 721 * What is the base URL for this merchant backend? NULL if it is not 722 * configured and is to be determined from HTTP headers (X-Forwarded-Host and 723 * X-Forwarded-Port and X-Forwarded-Prefix) of the reverse proxy. 724 */ 725 extern char *TMH_base_url; 726 727 /** 728 * Name of helper program to send e-mail. 729 */ 730 extern char *TMH_helper_email; 731 732 /** 733 * Name of helper program to send SMS. 734 */ 735 extern char *TMH_helper_sms; 736 737 /** 738 * Space-separated list of allowed payment target types. 739 * "*" for "all" (no restriction). 740 */ 741 extern char *TMH_allowed_payment_targets; 742 743 /** 744 * Default persona to use for new browsers. 745 */ 746 extern char *TMH_default_persona; 747 748 /** 749 * Regular expression further restricting payment target types. 750 * Can be NULL/empty for no restrictions. 751 */ 752 extern char *TMH_payment_target_regex; 753 754 /** 755 * Compiled regular expression, only valid if 756 * #TMH_payment_target_regex is not NULL! 757 */ 758 extern regex_t TMH_payment_target_re; 759 760 /** 761 * Length of the TMH_cspecs array. 762 */ 763 extern unsigned int TMH_num_cspecs; 764 765 /** 766 * Rendering specs for currencies. 767 */ 768 extern struct TALER_CurrencySpecification *TMH_cspecs; 769 770 /** 771 * Inform the auditor for all deposit confirmations (global option) 772 */ 773 extern int TMH_force_audit; 774 775 /** 776 * Context for all CURL operations (useful to the event loop) 777 */ 778 extern struct GNUNET_CURL_Context *TMH_curl_ctx; 779 780 /** 781 * Handle to the database backend. 782 */ 783 extern struct TALER_MERCHANTDB_Plugin *TMH_db; 784 785 /** 786 * Hashmap pointing at merchant instances by 'id'. An 'id' is 787 * just a string that identifies a merchant instance. When a frontend 788 * needs to specify an instance to the backend, it does so by 'id' 789 */ 790 extern struct GNUNET_CONTAINER_MultiHashMap *TMH_by_id_map; 791 792 /** 793 * How long do we need to keep information on paid contracts on file for tax 794 * or other legal reasons? Used to block deletions for younger transaction 795 * data. 796 */ 797 extern struct GNUNET_TIME_Relative TMH_legal_expiration; 798 799 /** 800 * Default wire delay for new instances. 801 */ 802 extern struct GNUNET_TIME_Relative TMH_default_wire_transfer_delay; 803 804 /** 805 * Default rounding interval to be applied to new instances. 806 */ 807 extern enum GNUNET_TIME_RounderInterval 808 TMH_default_wire_transfer_rounding_interval; 809 810 /** 811 * Default payment delay for new instances. 812 */ 813 extern struct GNUNET_TIME_Relative TMH_default_pay_delay; 814 815 /** 816 * Default refund delay for new instances. 817 */ 818 extern struct GNUNET_TIME_Relative TMH_default_refund_delay; 819 820 /** 821 * #GNUNET_YES if protocol version 19 is strictly enforced. 822 * (Default is #GNUNET_NO) 823 */ 824 extern int TMH_strict_v19; 825 826 /** 827 * #GNUNET_YES if authentication is disabled (For testing only!!). 828 * (Default is #GNUNET_NO) 829 */ 830 extern int TMH_auth_disabled; 831 832 /** 833 * #GNUNET_YES if self-provisioning is enabled. 834 */ 835 extern int TMH_have_self_provisioning; 836 837 /** 838 * Set of TAN channels. 839 */ 840 enum TEH_TanChannelSet 841 { 842 TEH_TCS_NONE = 0, 843 TEH_TCS_SMS = 1, 844 TEH_TCS_EMAIL = 2, 845 TEH_TCS_EMAIL_AND_SMS = 3 846 }; 847 848 849 /** 850 * Which TAN channels are mandatory for self-provisioned 851 * accounts and password resets? Bitmask. 852 */ 853 extern enum TEH_TanChannelSet TEH_mandatory_tan_channels; 854 855 /** 856 * Callback that frees an instances removing 857 * it from the global hashmap. 858 * 859 * @param cls closure, pass NULL 860 * @param key current key (ignored) 861 * @param value a `struct TMH_MerchantInstance` 862 * @return #GNUNET_YES (always) 863 */ 864 enum GNUNET_GenericReturnValue 865 TMH_instance_free_cb (void *cls, 866 const struct GNUNET_HashCode *key, 867 void *value); 868 869 870 /** 871 * Add instance definition to our active set of instances. 872 * 873 * @param[in,out] mi merchant instance details to define 874 * @return #GNUNET_OK on success, #GNUNET_NO if the same ID is in use already 875 */ 876 enum GNUNET_GenericReturnValue 877 TMH_add_instance (struct TMH_MerchantInstance *mi); 878 879 880 /** 881 * Decrement reference counter of @a mi, and free if it hits zero. 882 * 883 * @param[in,out] mi merchant instance to update and possibly free 884 */ 885 void 886 TMH_instance_decref (struct TMH_MerchantInstance *mi); 887 888 889 /** 890 * Free memory allocated by @a wm. 891 * 892 * @param[in] wm wire method to free 893 */ 894 void 895 TMH_wire_method_free (struct TMH_WireMethod *wm); 896 897 898 /** 899 * Lookup a merchant instance by its instance ID. 900 * 901 * @param instance_id identifier of the instance to resolve 902 * @return NULL if that instance is unknown to us 903 */ 904 struct TMH_MerchantInstance * 905 TMH_lookup_instance (const char *instance_id); 906 907 908 /** 909 * A transaction modified an instance setting 910 * (or created/deleted/purged one). Notify all 911 * backends about the change. 912 * 913 * @param id ID of the instance that changed 914 */ 915 void 916 TMH_reload_instances (const char *id); 917 918 919 /** 920 * Check that @a token hashes to @a hash under @a salt for 921 * merchant instance authentication. 922 * 923 * @param token the token to check 924 * @param salt the salt to use when hashing 925 * @param hash the hash to check against 926 * @return #GNUNET_OK if the @a token matches 927 */ 928 enum GNUNET_GenericReturnValue 929 TMH_check_auth (const char *token, 930 struct TALER_MerchantAuthenticationSaltP *salt, 931 struct TALER_MerchantAuthenticationHashP *hash); 932 933 934 /** 935 * Compute a @a hash from @a token hashes for 936 * merchant instance authentication. 937 * 938 * @param password the password to check 939 * @param[out] salt set to a fresh random salt 940 * @param[out] hash set to the hash of @a token under @a salt 941 */ 942 void 943 TMH_compute_auth (const char *password, 944 struct TALER_MerchantAuthenticationSaltP *salt, 945 struct TALER_MerchantAuthenticationHashP *hash); 946 947 948 /** 949 * Check if @a candidate permissions are a subset of @a as permissions 950 * 951 * @param as scope to check against 952 * @param candidate scope to check if its permissions are a subset of @a as permissions. 953 * @return true if it was a subset, false otherwise. 954 */ 955 bool 956 TMH_scope_is_subset (enum TMH_AuthScope as, 957 enum TMH_AuthScope candidate); 958 959 960 /** 961 * Return the TMH_AuthScope corresponding to @a name. 962 * 963 * @param name the name to look for 964 * @return the scope corresponding to the name, or TMH_AS_NONE. 965 */ 966 enum TMH_AuthScope 967 TMH_get_scope_by_name (const char *name); 968 969 970 /** 971 * Return the name corresponding to @a scop. 972 * 973 * @param scope the scope to look for 974 * @param[out] refreshable outputs if scope value was refreshable 975 * @return the name corresponding to the scope, or NULL. 976 */ 977 const char * 978 TMH_get_name_by_scope (enum TMH_AuthScope scope, 979 bool *refreshable); 980 981 #endif