use token auth - taler-deployment - Deployment scripts and configuration files

commit d9667202ae292f5796567193ef9666ba800015a9
parent d3f99366f69ad2fc8ec9e729008bb312debf01d7
Author: MS <ms@taler.net>
Date:   Tue, 15 Nov 2022 21:30:29 +0100

use token auth

Diffstat:
M docker/demo/config/deployment.conf  | 2 +-
M docker/demo/images/merchant/Dockerfile  | 1 +
M docker/demo/images/merchant/create_instances.sh  | 15 ++++++++-------
M docker/demo/images/merchant/startup.sh  | 29 ++++++++++++++++++++++++-----
A docker/demo/images/merchant/update_instances_auth.sh  | 18 ++++++++++++++++++
A docker/demo/test-docker-localhost.sh  | 10 ++++++++++
D docker/demo/test-docker-mvp.sh  | 9 ---------

7 files changed, 62 insertions(+), 22 deletions(-)
diff --git a/docker/demo/config/deployment.conf b/docker/demo/config/deployment.conf
@@ -1,6 +1,6 @@
 [taler-deployment]
 currency = EUR
-merchant-apikey = secret
+merchant-apikey = secret-token:salt
 merchant-url = http://localhost:5556/
 exchange-nexus-username = exchange-at-nexus
 exchange-nexus-password = secret-at-nexus
diff --git a/docker/demo/images/merchant/Dockerfile b/docker/demo/images/merchant/Dockerfile
@@ -3,5 +3,6 @@ FROM taler_local/taler_base
 COPY taler.conf /config/taler.conf
 COPY startup.sh /
 COPY create_instances.sh /
+COPY update_instances_auth.sh /
 RUN chmod +x /startup.sh
 ENTRYPOINT /startup.sh
diff --git a/docker/demo/images/merchant/create_instances.sh b/docker/demo/images/merchant/create_instances.sh
@@ -1,21 +1,22 @@
 echo -n "Create default instance..."
-curl -s -H "Content-Type: application/json" -X POST -d '{"auth":{"method":"external"},"payto_uris":["payto://iban/SANDBOXX/'$DEFAULT_IBAN'?receiver-name=Merchant43"],"id":"default","name":"default","address":{},"jurisdiction":{},"default_max_wire_fee":"'${CURRENCY}':1", "default_max_deposit_fee":"'${CURRENCY}':1","default_wire_fee_amortization":1,"default_wire_transfer_delay":{"d_us" : 1},"default_pay_delay":{"d_us": 3600000000}}' http://merchant/management/instances
+curl -s -H "Content-Type: application/json" -H "Authorization: Bearer $BACKEND_APIKEY" -X POST -d '{"auth":{"method":"token","token":"'$BACKEND_APIKEY'"},"payto_uris":["payto://iban/SANDBOXX/'$DEFAULT_IBAN'?receiver-name=Merchant43"],"id":"default","name":"default","address":{},"jurisdiction":{},"default_max_wire_fee":"'${CURRENCY}':1", "default_max_deposit_fee":"'${CURRENCY}':1","default_wire_fee_amortization":1,"default_wire_transfer_delay":{"d_us" : 1},"default_pay_delay":{"d_us": 3600000000}}' http://merchant/management/instances
 echo DONE
 echo -n "Create pos instance..."
-curl -s -H "Content-Type: application/json" -X POST -d '{"auth":{"method":"external"},"payto_uris":["payto://iban/SANDBOXX/'$POS_IBAN'?receiver-name=PoS"],"id":"pos","name":"default","address":{},"jurisdiction":{},"default_max_wire_fee":"'${CURRENCY}':1", "default_max_deposit_fee":"'${CURRENCY}':1","default_wire_fee_amortization":1,"default_wire_transfer_delay":{"d_us" : 1000000},"default_pay_delay":{"d_us": 3600000000}}' http://merchant/management/instances
+curl -s -H "Content-Type: application/json" -H "Authorization: Bearer $BACKEND_APIKEY" -X POST -d '{"auth":{"method":"token", "token":"'$BACKEND_APIKEY'"},"payto_uris":["payto://iban/SANDBOXX/'$POS_IBAN'?receiver-name=PoS"],"id":"pos","name":"default","address":{},"jurisdiction":{},"default_max_wire_fee":"'${CURRENCY}':1", "default_max_deposit_fee":"'${CURRENCY}':1","default_wire_fee_amortization":1,"default_wire_transfer_delay":{"d_us" : 1000000},"default_pay_delay":{"d_us": 3600000000}}' http://merchant/management/instances
 echo DONE
 echo -n "Create blog instance..."
-curl -s -H "Content-Type: application/json" -X POST -d '{"auth":{"method":"external"},"payto_uris":["payto://iban/SANDBOXX/'$BLOG_IBAN'?receiver-name=BlogCompany"],"id":"blog","name":"default","address":{},"jurisdiction":{},"default_max_wire_fee":"'${CURRENCY}':1", "default_max_deposit_fee":"'${CURRENCY}':1","default_wire_fee_amortization":1,"default_wire_transfer_delay":{"d_us" : 1000000},"default_pay_delay":{"d_us": 3600000000}}' http://merchant/management/instances
+curl -s -H "Content-Type: application/json" -H "Authorization: Bearer $BACKEND_APIKEY" -X POST -d '{"auth":{"method":"token", "token":"'$BACKEND_APIKEY'"},"payto_uris":["payto://iban/SANDBOXX/'$BLOG_IBAN'?receiver-name=BlogCompany"],"id":"blog","name":"default","address":{},"jurisdiction":{},"default_max_wire_fee":"'${CURRENCY}':1", "default_max_deposit_fee":"'${CURRENCY}':1","default_wire_fee_amortization":1,"default_wire_transfer_delay":{"d_us" : 1000000},"default_pay_delay":{"d_us": 3600000000}}' http://merchant/management/instances
 echo DONE
+
 echo -n "Create GNUnet instance..."
-curl -s -H "Content-Type: application/json" -X POST -d '{"auth":{"method":"external"},"payto_uris":["payto://iban/SANDBOXX/'$GNUNET_IBAN'?receiver-name=GNUnet"],"id":"GNUnet","name":"default","address":{},"jurisdiction":{},"default_max_wire_fee":"'${CURRENCY}':1", "default_max_deposit_fee":"'${CURRENCY}':1","default_wire_fee_amortization":1,"default_wire_transfer_delay":{"d_us" : 1000000},"default_pay_delay":{"d_us": 3600000000}}' http://merchant/management/instances
+curl -s -H "Content-Type: application/json" -H "Authorization: Bearer $BACKEND_APIKEY" -X POST -d '{"auth":{"method":"token", "token":"'$BACKEND_APIKEY'"},"payto_uris":["payto://iban/SANDBOXX/'$GNUNET_IBAN'?receiver-name=GNUnet"],"id":"GNUnet","name":"default","address":{},"jurisdiction":{},"default_max_wire_fee":"'${CURRENCY}':1", "default_max_deposit_fee":"'${CURRENCY}':1","default_wire_fee_amortization":1,"default_wire_transfer_delay":{"d_us" : 1000000},"default_pay_delay":{"d_us": 3600000000}}' http://merchant/management/instances
 echo DONE
 echo -n "Create Taler instance..."
-curl -s -H "Content-Type: application/json" -X POST -d '{"auth":{"method":"external"},"payto_uris":["payto://iban/SANDBOXX/'$TALER_IBAN'?receiver-name=GNUnet"],"id":"Taler","name":"default","address":{},"jurisdiction":{},"default_max_wire_fee":"'${CURRENCY}':1", "default_max_deposit_fee":"'${CURRENCY}':1","default_wire_fee_amortization":1,"default_wire_transfer_delay":{"d_us" : 1000000},"default_pay_delay":{"d_us": 3600000000}}' http://merchant/management/instances
+curl -s -H "Content-Type: application/json" -H "Authorization: Bearer $BACKEND_APIKEY" -X POST -d '{"auth":{"method":"token", "token":"'$BACKEND_APIKEY'"},"payto_uris":["payto://iban/SANDBOXX/'$TALER_IBAN'?receiver-name=GNUnet"],"id":"Taler","name":"default","address":{},"jurisdiction":{},"default_max_wire_fee":"'${CURRENCY}':1", "default_max_deposit_fee":"'${CURRENCY}':1","default_wire_fee_amortization":1,"default_wire_transfer_delay":{"d_us" : 1000000},"default_pay_delay":{"d_us": 3600000000}}' http://merchant/management/instances
 echo DONE
 echo -n "Create Tor instance..."
-curl -s -H "Content-Type: application/json" -X POST -d '{"auth":{"method":"external"},"payto_uris":["payto://iban/SANDBOXX/'$TOR_IBAN'?receiver-name=GNUnet"],"id":"Tor","name":"default","address":{},"jurisdiction":{},"default_max_wire_fee":"'${CURRENCY}':1", "default_max_deposit_fee":"'${CURRENCY}':1","default_wire_fee_amortization":1,"default_wire_transfer_delay":{"d_us" : 1000000},"default_pay_delay":{"d_us": 3600000000}}' http://merchant/management/instances
+curl -s -H "Content-Type: application/json" -H "Authorization: Bearer $BACKEND_APIKEY" -X POST -d '{"auth":{"method":"token", "token":"'$BACKEND_APIKEY'"},"payto_uris":["payto://iban/SANDBOXX/'$TOR_IBAN'?receiver-name=GNUnet"],"id":"Tor","name":"default","address":{},"jurisdiction":{},"default_max_wire_fee":"'${CURRENCY}':1", "default_max_deposit_fee":"'${CURRENCY}':1","default_wire_fee_amortization":1,"default_wire_transfer_delay":{"d_us" : 1000000},"default_pay_delay":{"d_us": 3600000000}}' http://merchant/management/instances
 echo DONE
 echo -n "Create survey instance..."
-curl -s -H "Content-Type: application/json" -X POST -d '{"auth":{"method":"external"},"payto_uris":["payto://iban/SANDBOXX/'$SURVEY_IBAN'?receiver-name=GNUnet"],"id":"survey","name":"default","address":{},"jurisdiction":{},"default_max_wire_fee":"'${CURRENCY}':1", "default_max_deposit_fee":"'${CURRENCY}':1","default_wire_fee_amortization":1,"default_wire_transfer_delay":{"d_us" : 1000000},"default_pay_delay":{"d_us": 3600000000}}' http://merchant/management/instances
+curl -s -H "Content-Type: application/json" -H "Authorization: Bearer $BACKEND_APIKEY" -X POST -d '{"auth":{"method":"token", "token":"'$BACKEND_APIKEY'"},"payto_uris":["payto://iban/SANDBOXX/'$SURVEY_IBAN'?receiver-name=GNUnet"],"id":"survey","name":"default","address":{},"jurisdiction":{},"default_max_wire_fee":"'${CURRENCY}':1", "default_max_deposit_fee":"'${CURRENCY}':1","default_wire_fee_amortization":1,"default_wire_transfer_delay":{"d_us" : 1000000},"default_pay_delay":{"d_us": 3600000000}}' http://merchant/management/instances
 echo DONE
diff --git a/docker/demo/images/merchant/startup.sh b/docker/demo/images/merchant/startup.sh
@@ -89,15 +89,35 @@ echo "Init database... "
 taler-merchant-dbinit -L DEBUG -c /config/taler.conf
 echo DONE
 echo -n "Launch merchant backend..."
-taler-merchant-httpd -c /config/taler.conf 2>&1 | \
+taler-merchant-httpd -a $BACKEND_APIKEY -c /config/taler.conf 2>&1 | \
   rotatelogs -e /logs/taler-merchant-httpd-%Y-%m-%d 86400 &
 echo DONE
 sleep 1
 
 is_serving "${BACKEND_URL}config"
 
-source /create_instances.sh
-
+# If the witness instance exists or has wrong auth,
+# then all the others do.
+echo -n "Checking instances existence..."
+INSTANCES_STATUS=$(curl -s -o /dev/null \
+  -w "%{http_code}" \
+  -H "Authorization: Bearer $BACKEND_APIKEY" \
+  "${BACKEND_URL}instances/Taler/private")
+echo "DONE ($INSTANCES_STATUS)"
+
+case $INSTANCES_STATUS in
+  "404")
+    echo "Taler (witness) instance not found, assuming none is."
+    source /create_instances.sh;
+    ;;
+  "401")
+    echo "Taler (witness) instance had wrong auth, assuming API key is new."
+    source /update_instances_auth.sh;
+    ;;
+  *)
+    echo Default instance found, API key correct, do nothing.
+    ;;
+esac
 export TALER_ENV_URL_MERCHANT_BLOG=`taler-config -c /config/deployment.conf -s taler-deployment -o blog-url`
 export TALER_ENV_URL_MERCHANT_DONATIONS=`taler-config -c /config/deployment.conf -s taler-deployment -o donations-url`
 export TALER_ENV_URL_MERCHANT_SURVEY=`taler-config -c /config/deployment.conf -s taler-deployment -o survey-url`
@@ -118,13 +138,12 @@ ${HOME}/.local/bin/taler-merchant-demos -c /config/taler.conf --http-port 8083 l
 echo DONE
 
 echo -n Creating a reserve for tips...
-
 PAYTO_RESERVE=$(
   taler-merchant-setup-reserve \
     --amount ${CURRENCY}:20 \
     --exchange-url ${EXCHANGE_URL} \
     --merchant-url http://localhost/instances/survey/ \
-    --apikey "Bearer {BACKEND_APIKEY}" \
+    --apikey "Bearer ${BACKEND_APIKEY}" \
     --wire-method iban
 )
 
diff --git a/docker/demo/images/merchant/update_instances_auth.sh b/docker/demo/images/merchant/update_instances_auth.sh
@@ -0,0 +1,18 @@
+echo -n "Change pos auth..."
+curl -s -H "Content-Type: application/json" -H "Authorization: Bearer $BACKEND_APIKEY" -X POST -d '{"method":"token", "token":"'$BACKEND_APIKEY'"}' http://merchant/management/instances/pos/auth
+echo DONE
+echo -n "Change blog auth..."
+curl -s -H "Content-Type: application/json" -H "Authorization: Bearer $BACKEND_APIKEY" -X POST -d '{"method":"token", "token":"'$BACKEND_APIKEY'"}' http://merchant/management/instances/blog/auth
+echo DONE
+echo -n "Change GNUnet auth..."
+curl -s -H "Content-Type: application/json" -H "Authorization: Bearer $BACKEND_APIKEY" -X POST -d '{"method":"token", "token":"'$BACKEND_APIKEY'"}' http://merchant/management/instances/GNUnet/auth
+echo DONE
+echo -n "Change Taler auth..."
+curl -s -H "Content-Type: application/json" -H "Authorization: Bearer $BACKEND_APIKEY" -X POST -d '{"method":"token", "token":"'$BACKEND_APIKEY'"}' http://merchant/management/instances/Taler/auth
+echo DONE
+echo -n "Change Tor auth..."
+curl -s -H "Content-Type: application/json" -H "Authorization: Bearer $BACKEND_APIKEY" -X POST -d '{"method":"token", "token":"'$BACKEND_APIKEY'"}' http://merchant/management/instances/Tor/auth
+echo DONE
+echo -n "Change survey auth..."
+curl -s -H "Content-Type: application/json" -H "Authorization: Bearer $BACKEND_APIKEY" -X POST -d '{"method":"token", "token":"'$BACKEND_APIKEY'"}' http://merchant/management/instances/survey/auth
+echo DONE
diff --git a/docker/demo/test-docker-localhost.sh b/docker/demo/test-docker-localhost.sh
@@ -0,0 +1,10 @@
+#!/bin/bash
+
+taler-wallet-cli --no-throttle api --expect-success 'runIntegrationTest' \
+  '{"amountToSpend":"EUR:10",
+    "amountToWithdraw":"EUR:30",
+    "bankBaseUrl":"http://localhost:15000/demobanks/default/access-api/",
+    "exchangeBaseUrl":"http://localhost:5555/",
+    "merchantBaseUrl":"http://localhost:5556/",
+    "merchantAuthToken": "'${TALER_DOCKER_APIKEY:-secret-token:salt}'"
+  }'
diff --git a/docker/demo/test-docker-mvp.sh b/docker/demo/test-docker-mvp.sh
@@ -1,9 +0,0 @@
-#!/bin/bash
-
-taler-wallet-cli --no-throttle api --expect-success 'runIntegrationTest' \
-  '{"amountToSpend":"EUR:10",
-    "amountToWithdraw":"EUR:30",
-    "bankBaseUrl":"http://localhost:15000/demobanks/default/access-api/",
-    "exchangeBaseUrl":"http://localhost:5555/",
-    "merchantBaseUrl":"http://localhost:5556/"
-  }'

	taler-deployment Deployment scripts and configuration files
	Log \| Files \| Refs \| README

M	docker/demo/config/deployment.conf	\|	2	+-
M	docker/demo/images/merchant/Dockerfile	\|	1	+
M	docker/demo/images/merchant/create_instances.sh	\|	15	++++++++-------
M	docker/demo/images/merchant/startup.sh	\|	29	++++++++++++++++++++++++-----
A	docker/demo/images/merchant/update_instances_auth.sh	\|	18	++++++++++++++++++
A	docker/demo/test-docker-localhost.sh	\|	10	++++++++++
D	docker/demo/test-docker-mvp.sh	\|	9	---------