taler-mailbox

mailbox.go (27836B)

---

 // This file is part of taler-mailbox, the Taler Mailbox implementation.
 // Copyright (C) 2022 Martin Schanzenbach
 //
 // Taler-mailbox is free software: you can redistribute it and/or modify it
 // under the terms of the GNU Affero General Public License as published
 // by the Free Software Foundation, either version 3 of the License,
 // or (at your option) any later version.
 //
 // Taler-mailbox is distributed in the hope that it will be useful, but
 // WITHOUT ANY WARRANTY; without even the implied warranty of
 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 // Affero General Public License for more details.
 //
 // You should have received a copy of the GNU Affero General Public License
 // along with this program.  If not, see <http://www.gnu.org/licenses/>.
 //
 // SPDX-License-Identifier: AGPL3.0-or-later
 
 // Package mailbox is a GNU Taler service. See https://docs.taler.net/core/api-mailbox.html
 package mailbox
 
 import (
 	"crypto/ed25519"
 	"crypto/sha512"
 	"encoding/binary"
 	"encoding/json"
 	"fmt"
 	"io"
 	"log"
 	"net/http"
 	"os"
 	"strconv"
 	"strings"
 	"time"
 
 	"github.com/gorilla/mux"
 	"github.com/schanzen/taler-go/pkg/merchant"
 	tos "github.com/schanzen/taler-go/pkg/rest"
 	talerutil "github.com/schanzen/taler-go/pkg/util"
 	"taler.net/taler-mailbox/internal/gana"
 	"taler.net/taler-mailbox/internal/util"
 )
 
 type LogLevel int
 
 const (
 	LogError LogLevel = iota
 	LogWarning
 	LogInfo
 	LogDebug
 )
 
 var LoglevelStringMap = map[LogLevel]string{
 	LogDebug:   "DEBUG",
 	LogError:   "ERROR",
 	LogWarning: "WARN",
 	LogInfo:    "INFO",
 }
 
 type MailboxConfig struct {
 	// libtool-style representation of the Mailbox protocol version, see
 	// https://www.gnu.org/software/libtool/manual/html_node/Versioning.html#Versioning
 	// The format is "current:revision:age".
 	LibtoolVersion string
 
 	// Version
 	Version string
 
 	// Data home
 	Datahome string
 
 	// Configuration
 	Ini talerutil.TalerConfiguration
 
 	// The database connection to use
 	DB *MailboxDatabase
 
 	// Merchant connection
 	Merchant merchant.Merchant
 
 	// Loglevel
 	Loglevel LogLevel
 }
 
 // Mailbox is the primary object of the Mailbox service
 type Mailbox struct {
 
 	// The main router
 	Router *mux.Router
 
 	// The database connection to use
 	DB *MailboxDatabase
 
 	// Our configuration from the ini
 	Cfg MailboxConfig
 
 	// Fixed size of message bodies
 	MessageBodyBytes int64 `json:"message_body_bytes"`
 
 	// Merchant object
 	Merchant merchant.Merchant
 
 	// Base URL
 	BaseURL string
 
 	// Registration fee for each validity month mailbox
 	MonthlyFee *talerutil.Amount
 
 	// Registration fee for registering or modifying mailbox
 	RegistrationUpdateFee *talerutil.Amount
 
 	// Message fee for receiving a message
 	MessageFee *talerutil.Amount
 
 	// The free message quota
 	FreeMessageQuota uint64
 
 	// How many messages will a single response
 	// contain at maximum.
 	MessageResponseLimit uint64
 
 	// Logger
 	Logger *log.Logger
 
 	// Currency Spec
 	CurrencySpec talerutil.CurrencySpecification
 }
 
 type RelativeTime struct {
 	Microseconds uint64 `json:"d_us"`
 }
 
 // 1 Month as Go duration
 const monthDuration = time.Hour * 24 * 30
 
 // VersionResponse is the JSON response of the /config endpoint
 type VersionResponse struct {
 	// libtool-style representation of the Mailbox protocol version, see
 	// https://www.gnu.org/software/libtool/manual/html_node/Versioning.html#Versioning
 	// The format is "current:revision:age".
 	Version string `json:"version"`
 
 	// Name of the protocol.
 	Name string `json:"name"` // "taler-mailbox"
 
 	// Fixed size of message bodies
 	MessageBodyBytes int64 `json:"message_body_bytes"`
 
 	// How long will the service store a message
 	// before giving up
 	DeliveryPeriod RelativeTime `json:"delivery_period" gorm:"embedded;embeddedPrefix:delivery_period_"`
 
 	// How many messages will a single response
 	// contain at maximum.
 	MessageResponseLimit uint64 `json:"message_response_limit"`
 
 	// How much is the cost of a single
 	// registration (update) of a mailbox
 	// May be 0 for a free update/registration.
 	RegistrationUpdateFee string `json:"registration_update_fee"`
 
 	// How much is the cost of a single
 	// registration period (30 days) of a mailbox
 	// May be 0 for a free registration.
 	MonthlyFee string `json:"monthly_fee"`
 
 	// How much is the cost to send a single
 	// message to a mailbox.
 	// May be 0 for free message sending.
 	MessageFee string `json:"message_fee"`
 
 	// How many messages can be send and
 	// are stored by the service for free.
 	// After the quota is reached, the
 	// regular message_fee applies.
 	// May be 0 for no free quota.
 	FreeMessageQuota string `json:"free_message_quota"`
 }
 
 type MailboxRegistrationRequest struct {
 
 	// Keys to add/update for a mailbox.
 	MailboxMetadata MailboxMetadata `json:"mailbox_metadata"`
 
 	// Signature by the mailbox's signing key affirming
 	// the update of keys, of purpose
 	// TALER_SIGNATURE_WALLET_MAILBOX_KEYS_UPDATE.
 	// The signature is created over the SHA-512 hash
 	// of (encryptionKeyType||encryptionKey||expiration)
 	Signature string `json:"signature"`
 }
 
 // MailboxRateLimitedResponse is the JSON response when a rate limit is hit
 type MailboxRateLimitedResponse struct {
 
 	// Taler error code, TALER_EC_mailbox_REGISTER_RATE_LIMITED.
 	Code int `json:"code"`
 
 	// When the client should retry. Currently: In microseconds
 	RetryDelay int64 `json:"retry_delay"`
 
 	// The human readable error message.
 	Hint string `json:"hint"`
 }
 
 // configResponse returns the service configuration.
 //
 // @Summary     Get service configuration
 // @Description Returns service metadata including fees, message size limits, and delivery period.
 // @Tags        config
 // @Produce     json
 // @Success     200 {object} VersionResponse
 // @Router      /config [get]
 func (m *Mailbox) configResponse(w http.ResponseWriter, r *http.Request) {
 	dp, err := m.Cfg.Ini.GetDuration("mailbox", "delivery_period", 3*24*time.Hour)
 	if err != nil {
 		log.Fatal(err)
 	}
 	cfg := VersionResponse{
 		Version:               m.Cfg.LibtoolVersion,
 		Name:                  "taler-mailbox",
 		MessageBodyBytes:      m.MessageBodyBytes,
 		MessageResponseLimit:  m.MessageResponseLimit,
 		MonthlyFee:            m.MonthlyFee.String(),
 		RegistrationUpdateFee: m.RegistrationUpdateFee.String(),
 		DeliveryPeriod:        RelativeTime{Microseconds: uint64(dp.Microseconds())},
 	}
 	w.Header().Set("Content-Type", "application/json")
 	response, _ := json.Marshal(cfg)
 	w.Write(response)
 }
 
 // getMessagesResponse retrieves pending messages for a mailbox.
 //
 // @Summary     Retrieve messages
 // @Description Returns up to MessageResponseLimit encrypted message bodies for the given mailbox.
 // @Description The ETag response header contains the serial number of the first message.
 // @Tags        mailbox
 // @Produce     application/octet-stream
 // @Param       h_mailbox path   string true "SHA-512 hash of the mailbox signing key (Crockford base32)"
 // @Success     200       "One or more message bodies concatenated"
 // @Success     204       "No messages available"
 // @Failure     404       "Mailbox not found"
 // @Router      /{h_mailbox} [get]
 func (m *Mailbox) getMessagesResponse(w http.ResponseWriter, r *http.Request) {
 	vars := mux.Vars(r)
 	//to, toSet := vars["timeout_ms"]
 	var entries []InboxEntry
 	// FIXME rate limit
 	// FIXME timeout
 	// FIXME possibly limit results here
 	m.checkPendingMailboxRegistrationUpdates(vars["h_mailbox"])
 	entries, err := m.DB.GetMessages(vars["h_mailbox"], int(m.MessageResponseLimit))
 	if err != nil {
 		m.Logf(LogError, "Error getting messages: %v", err)
 		w.WriteHeader(http.StatusNotFound)
 		return
 	}
 	if len(entries) == 0 {
 		w.WriteHeader(http.StatusNoContent)
 		return
 	}
 	// Add ETag of first message ID
 	etag := entries[0].Serial
 	w.Header().Add("ETag", fmt.Sprintf("%d", etag))
 	for _, entry := range entries {
 		w.Write(entry.Body)
 	}
 }
 
 // sendMessageResponse delivers a message to a mailbox.
 //
 // @Summary     Send a message
 // @Description Stores an encrypted message body for the given mailbox. The body must be
 // @Description exactly MessageBodyBytes in size.
 // @Tags        mailbox
 // @Accept      application/octet-stream
 // @Param       h_mailbox path   string true "SHA-512 hash of the mailbox signing key (Crockford base32)"
 // @Param       body       body   string true "Encrypted message body (fixed size)"
 // @Success     204        "Message stored"
 // @Success     304        "Identical message already stored"
 // @Failure     400        "Missing or wrong-size body"
 // @Failure     402        "Payment required (free quota exceeded)"
 // @Failure     500
 // @Router      /{h_mailbox} [post]
 func (m *Mailbox) sendMessageResponse(w http.ResponseWriter, r *http.Request) {
 	vars := mux.Vars(r)
 	var entry InboxEntry
 	if r.Body == nil {
 		http.Error(w, "No request body", http.StatusBadRequest)
 		return
 	}
 	if r.ContentLength != m.MessageBodyBytes {
 		http.Error(w, "Wrong message size", http.StatusBadRequest)
 		return
 	}
 	body, err := io.ReadAll(r.Body)
 	if err != nil {
 		log.Printf("%v", err)
 		http.Error(w, "Cannot read body", http.StatusBadRequest)
 		return
 	}
 	if !m.MessageFee.IsZero() {
 		var count int64
 		count, err = m.DB.GetMessagesCount(vars["h_mailbox"])
 		if nil != err {
 			m.Logf(LogError, "Error getting messages: %v", err)
 			http.Error(w, "Cannot look for entries", http.StatusBadRequest)
 			return
 		}
 		if count >= int64(m.FreeMessageQuota) {
 			w.WriteHeader(http.StatusPaymentRequired)
 			//w.Header().Set("Taler", payto) FIXME generate payto
 			return
 		}
 	}
 	m.checkPendingMailboxRegistrationUpdates(vars["h_mailbox"])
 	err = m.DB.GetInboxEntryBySigningKeyAndBody(&entry, vars["h_mailbox"], body)
 	if err == nil {
 		w.WriteHeader(http.StatusNotModified)
 		return
 	}
 	entry.HashedSigningKey = vars["h_mailbox"]
 	entry.Body = body
 	err = m.DB.InsertInboxEntry(&entry)
 	if err != nil {
 		m.Logf(LogError, "Error storing message: %v", err)
 		w.WriteHeader(http.StatusInternalServerError)
 		return
 	}
 	w.WriteHeader(http.StatusNoContent)
 }
 
 // getKeysResponse returns the public key metadata for a registered mailbox.
 //
 // @Summary     Get mailbox info
 // @Description Returns the signing and encryption key metadata for the given mailbox.
 // @Tags        mailbox
 // @Produce     json
 // @Param       h_mailbox path   string true "SHA-512 hash of the mailbox signing key (Crockford base32)"
 // @Success     200        {object} MailboxMetadata
 // @Failure     404        "Mailbox not found or expired"
 // @Router      /info/{h_mailbox} [get]
 func (m *Mailbox) getKeysResponse(w http.ResponseWriter, r *http.Request) {
 	vars := mux.Vars(r)
 	var keyEntry MailboxMetadata
 	m.checkPendingMailboxRegistrationUpdates(vars["h_mailbox"])
 	err := m.DB.GetMailboxMetadataBySigningKey(&keyEntry, vars["h_mailbox"])
 	if err != nil {
 		m.Logf(LogError, "Error finding mailbox: %v", err)
 		w.WriteHeader(http.StatusNotFound)
 		return
 	}
 	m.Logf(LogDebug, "entry expires at %d, have %d", keyEntry.Expiration, time.Now().Unix())
 	if int64(keyEntry.Expiration.Seconds) < int64(time.Now().Unix()) {
 		w.WriteHeader(http.StatusNotFound)
 		return
 	}
 	response, _ := json.Marshal(keyEntry)
 	w.Write(response)
 }
 
 func (m *Mailbox) validateRegistrationSignature(msg MailboxRegistrationRequest) error {
 	var expNbo [8]byte
 	var signedMsg [72]byte
 	encPk, err := util.Base32CrockfordDecode(msg.MailboxMetadata.EncryptionKey, 32)
 	if err != nil {
 		return fmt.Errorf("unable to decode encryption key")
 	}
 	pkey, err := util.Base32CrockfordDecode(msg.MailboxMetadata.SigningKey, 32)
 	if err != nil {
 		return fmt.Errorf("unable to decode pubkey")
 	}
 	pk := ed25519.PublicKey(pkey)
 	sig, err := util.Base32CrockfordDecode(msg.Signature, 64)
 	if nil != err {
 		return fmt.Errorf("unable to decode signature")
 	}
 	binary.BigEndian.PutUint64(expNbo[:], msg.MailboxMetadata.Expiration.Seconds)
 	size := signedMsg[0:4]
 	binary.BigEndian.PutUint32(size, 64+4+4)
 	purp := signedMsg[4:8]
 	binary.BigEndian.PutUint32(purp, gana.TalerSignaturePurposeMailboxRegister)
 	h := sha512.New()
 	h.Write([]byte(msg.MailboxMetadata.EncryptionKeyType)) // Currently always X25519
 	h.Write(encPk)
 	h.Write(expNbo[:])
 	copy(signedMsg[8:], h.Sum(nil))
 	if !ed25519.Verify(pk, signedMsg[0:], sig) {
 		return fmt.Errorf("signature invalid")
 	}
 	return nil
 }
 
 // Check if this is a non-zero, positive amount
 func calculateCost(sliceCostAmount string, fixedCostAmount string, howLong time.Duration, sliceDuration time.Duration) (*talerutil.Amount, error) {
 	sliceCount := int(float64(howLong.Microseconds()) / float64(sliceDuration.Microseconds()))
 	sliceCost, err := talerutil.ParseAmount(sliceCostAmount)
 	if nil != err {
 		return nil, err
 	}
 	fixedCost, err := talerutil.ParseAmount(fixedCostAmount)
 	if nil != err {
 		return nil, err
 	}
 	sum := &talerutil.Amount{
 		Currency: sliceCost.Currency,
 		Value:    0,
 		Fraction: 0,
 	}
 	for range sliceCount {
 		sum, err = sum.Add(*sliceCost)
 		if nil != err {
 			return nil, err
 		}
 	}
 	sum, err = sum.Add(*fixedCost)
 	if nil != err {
 		return nil, err
 	}
 	return sum, nil
 }
 
 // registerMailboxResponse registers or updates a mailbox.
 //
 // @Summary     Register or update mailbox
 // @Description Registers a new mailbox or updates the keys/expiration of an existing one.
 // @Description A valid EdDSA signature over the key material must be provided.
 // @Tags        mailbox
 // @Accept      json
 // @Param       body body MailboxRegistrationRequest true "Registration request"
 // @Success     204  "Registration confirmed"
 // @Success     304  "Nothing changed"
 // @Failure     400  "Invalid request body or signature"
 // @Failure     402  "Payment required"
 // @Failure     500
 // @Router      /register [post]
 func (m *Mailbox) registerMailboxResponse(w http.ResponseWriter, r *http.Request) {
 	var msg MailboxRegistrationRequest
 	var pendingRegistration PendingMailboxRegistration
 	var registrationEntry MailboxMetadata
 	if r.Body == nil {
 		m.Logf(LogError, "no request body")
 		http.Error(w, "No request body", http.StatusBadRequest)
 		return
 	}
 	err := json.NewDecoder(r.Body).Decode(&msg)
 	if err != nil {
 		http.Error(w, "Malformed request body", http.StatusBadRequest)
 		return
 	}
 	pkey, err := util.Base32CrockfordDecode(msg.MailboxMetadata.SigningKey, 32)
 	if err != nil {
 		http.Error(w, "Public key invalid", http.StatusBadRequest)
 		return
 	}
 	pk := ed25519.PublicKey(pkey)
 	err = m.validateRegistrationSignature(msg)
 	if nil != err {
 		http.Error(w, "Signature verification failed", http.StatusBadRequest)
 		return
 	}
 	h := sha512.New()
 	h.Write(pkey)
 	hMailbox := util.Base32CrockfordEncode(h.Sum(nil))
 	pendingRegistration.HashedSigningKey = hMailbox
 	// Round to the nearest multiple of a month
 	reqExpiration := time.Unix(int64(msg.MailboxMetadata.Expiration.Seconds), 0)
 	now := time.Now()
 	reqDuration := reqExpiration.Sub(now).Round(monthDuration)
 	err = m.DB.GetMailboxMetadataBySigningKey(&registrationEntry, hMailbox)
 	if err == nil {
 		// This probably means the registration is modified or extended or both
 		entryModified := (registrationEntry.EncryptionKey != msg.MailboxMetadata.EncryptionKey)
 		// At least one MonthlyFee
 		if reqDuration.Microseconds() == 0 && !entryModified {
 			// Nothing changed. Return validity
 			w.WriteHeader(http.StatusNotModified)
 			return
 		}
 	} else {
 		// Entry does not yet exist, add but immediately expire it
 		registrationEntry = msg.MailboxMetadata
 		registrationEntry.Expiration.Seconds = uint64(time.Now().Unix() - 1)
 		hAddr := sha512.New()
 		hAddr.Write(pk)
 		registrationEntry.HashedSigningKey = util.Base32CrockfordEncode(hAddr.Sum(nil))
 		err = m.DB.InsertMailboxRegistration(&registrationEntry)
 		if nil != err {
 			m.Logf(LogError, "%v\n", err)
 			w.WriteHeader(http.StatusInternalServerError)
 			return
 		}
 	}
 	err = m.DB.GetPendingMailboxRegistrationBySigningKey(&pendingRegistration, hMailbox)
 	pendingRegistrationExists := (nil == err)
 	if !pendingRegistrationExists {
 		pendingRegistration.HashedSigningKey = hMailbox
 		pendingRegistration.Duration = reqDuration.Microseconds()
 		err = m.DB.InsertPendingMailboxRegistration(&pendingRegistration)
 		if nil != err {
 			m.Logf(LogError, "Error inserting pending registration: %v\n", err)
 			w.WriteHeader(http.StatusInternalServerError)
 			return
 		}
 		err = m.DB.GetPendingMailboxRegistrationBySigningKey(&pendingRegistration, hMailbox)
 		if nil != err {
 			m.Logf(LogError, "Error getting pending registration: %v\n", err)
 			w.WriteHeader(http.StatusInternalServerError)
 			return
 		}
 	}
 	// At least the update fee needs to be paid
 	cost, err := calculateCost(m.MonthlyFee.String(),
 		m.RegistrationUpdateFee.String(),
 		reqDuration,
 		monthDuration)
 	if err != nil {
 		m.Logf(LogError, "Error calculating cost: %v\n", err)
 		w.WriteHeader(http.StatusInternalServerError)
 		return
 	}
 	if !cost.IsZero() {
 		if len(pendingRegistration.OrderID) == 0 {
 			// Add new order
 			orderID, newOrderErr := m.Merchant.AddNewOrder(*cost, "Mailbox registration", m.BaseURL)
 			if newOrderErr != nil {
 				m.Logf(LogError, "Error adding order: %v", newOrderErr)
 				w.WriteHeader(http.StatusInternalServerError)
 				return
 			}
 			m.Logf(LogDebug, "New order ID %s for pending registration for %s", orderID, pendingRegistration.HashedSigningKey)
 			pendingRegistration.OrderID = orderID
 		}
 		// Check if order paid.
 		// FIXME: Remember that it was activated and paid
 		// FIXME: We probably need to handle the return code here (see gns registrar for how)
 		_, _, payto, paytoErr := m.Merchant.IsOrderPaid(pendingRegistration.OrderID)
 		if paytoErr != nil {
 			fmt.Println(paytoErr)
 			w.WriteHeader(http.StatusInternalServerError)
 			m.Logf(LogError, "Error checking if order is paid: %s\n", paytoErr.Error())
 			return
 		}
 		if len(payto) != 0 {
 			err = m.DB.UpdatePendingMailboxRegistrationOrderId(&pendingRegistration)
 			if err != nil {
 				m.Logf(LogError, "Error updating pending registration: %v\n", err)
 				w.WriteHeader(http.StatusInternalServerError)
 				return
 			}
 			w.WriteHeader(http.StatusPaymentRequired)
 			w.Header().Set("Taler", payto)
 			return
 		}
 	}
 	// Update expiration time of registration.
 	registrationEntry.Expiration.Seconds += uint64(reqDuration.Seconds())
 	_, err = m.DB.DeletePendingRegistration(&pendingRegistration)
 	if nil != err {
 		m.Logf(LogError, "Error deleting pending registration: %v\n", err)
 		w.WriteHeader(http.StatusInternalServerError)
 		return
 	}
 	err = m.DB.UpdateMailboxExpiration(&registrationEntry)
 	if nil != err {
 		m.Logf(LogError, "Error updating mailbox registration: %v\n", err)
 		w.WriteHeader(http.StatusInternalServerError)
 		return
 	}
 	w.WriteHeader(http.StatusNoContent)
 }
 
 func (m *Mailbox) checkPendingMailboxRegistrationUpdates(hMailbox string) {
 	var pendingEntry PendingMailboxRegistration
 	var registrationEntry MailboxMetadata
 	err := m.DB.GetPendingMailboxRegistrationBySigningKey(&pendingEntry, hMailbox)
 	if err != nil {
 		return
 	}
 	m.Logf(LogDebug, "Found pending registration for %s, OrderID: %s", hMailbox, pendingEntry.OrderID)
 	rc, orderStatus, _, paytoErr := m.Merchant.IsOrderPaid(pendingEntry.OrderID)
 	if nil != paytoErr {
 		if rc == http.StatusNotFound {
 			m.Logf(LogInfo, "Registration order for `%s' not found, removing\n", hMailbox)
 		}
 		_, err = m.DB.DeletePendingRegistration(&pendingEntry)
 		if nil != err {
 			m.Logf(LogInfo, "Error deleting pending registration: %v\n", err)
 		}
 		return
 	}
 	m.Logf(LogDebug, "Order status for %s is %s", pendingEntry.HashedSigningKey, orderStatus)
 	if merchant.OrderPaid == orderStatus {
 		m.Logf(LogDebug, "Order for %v appears to be paid", pendingEntry)
 		err = m.DB.GetMailboxMetadataBySigningKey(&registrationEntry, hMailbox)
 		if err == nil {
 			m.Logf(LogDebug, "Adding %d seconds to entry expiration", pendingEntry.Duration)
 			registrationEntry.Expiration.Seconds += uint64(pendingEntry.Duration)
 			err = m.DB.UpdateMailboxExpiration(&registrationEntry)
 			if nil != err {
 				m.Logf(LogInfo, "Error updating mailbox expiration: %v\n", err)
 			}
 			_, err = m.DB.DeletePendingRegistration(&pendingEntry)
 			if nil != err {
 				m.Logf(LogInfo, "Error deleting pending registration: %v\n", err)
 			}
 		}
 		return
 	}
 }
 
 // deleteMessagesResponse deletes messages from a mailbox.
 //
 // @Summary     Delete messages
 // @Description Deletes one or more messages starting from the serial given in the If-Match header.
 // @Description Requires a valid EdDSA signature in the Taler-Mailbox-Delete-Signature header.
 // @Tags        mailbox
 // @Param       mailbox    path   string true  "Crockford base32-encoded EdDSA public key of the mailbox"
 // @Param       count      query  int    false "Number of messages to delete (default: 1)"
 // @Param       If-Match   header string true  "Serial number of the first message to delete"
 // @Param       Taler-Mailbox-Delete-Signature header string true "EdDSA signature authorising the deletion"
 // @Success     204 "Messages deleted"
 // @Failure     400 "Missing or malformed headers/parameters"
 // @Failure     403 "Signature invalid"
 // @Failure     404 "Message with given serial not found"
 // @Failure     500
 // @Router      /{mailbox} [delete]
 func (m *Mailbox) deleteMessagesResponse(w http.ResponseWriter, r *http.Request) {
 	vars := mux.Vars(r)
 	etagHeader := r.Header.Get("If-Match")
 	if etagHeader == "" {
 		http.Error(w, "If-Match header missing", 400)
 		return
 	}
 	if strings.Contains(etagHeader, ",") {
 		http.Error(w, "If-Match contains multiple values", 400)
 		return
 	}
 	expectedETag, err := strconv.Atoi(etagHeader)
 	if err != nil {
 		http.Error(w, "If-Match contains malformed etag number", 400)
 		return
 	}
 	pkey, err := util.Base32CrockfordDecode(vars["mailbox"], 32)
 	if err != nil {
 		w.WriteHeader(http.StatusBadRequest)
 		return
 	}
 	count := 1
 	countStr := r.URL.Query().Get("count")
 	if len(countStr) > 0 {
 		count, err = strconv.Atoi(countStr)
 		if err != nil {
 			http.Error(w, "Malformed count parameter", http.StatusBadRequest)
 			w.WriteHeader(http.StatusBadRequest)
 			return
 		}
 	}
 	headerSig := r.Header["Taler-Mailbox-Delete-Signature"]
 	if nil == headerSig {
 		http.Error(w, "Missing signature", http.StatusBadRequest)
 		return
 	}
 	pk := ed25519.PublicKey(pkey)
 	sig, err := util.Base32CrockfordDecode(headerSig[0], 64)
 	if nil != err {
 		w.WriteHeader(http.StatusBadRequest)
 		return
 	}
 	h := sha512.New()
 	h.Write(pkey)
 	hMailbox := util.Base32CrockfordEncode(h.Sum(nil))
 	m.checkPendingMailboxRegistrationUpdates(hMailbox)
 	var signedMsg [4 * 4]byte
 	binary.BigEndian.PutUint32(signedMsg[0:4], 4*4)
 	binary.BigEndian.PutUint32(signedMsg[4:8], gana.TalerSignaturePurposeMailboxMessagesDelete)
 	binary.BigEndian.PutUint32(signedMsg[8:12], uint32(expectedETag))
 	binary.BigEndian.PutUint32(signedMsg[12:16], uint32(count))
 	if !ed25519.Verify(pk, signedMsg[0:], sig) {
 		w.WriteHeader(http.StatusForbidden)
 		return
 	}
 	// Check that expectedETag actually exists
 	var entry InboxEntry
 	err = m.DB.GetInboxEntryBySerial(&entry, hMailbox, int64(expectedETag))
 	if err != nil {
 		m.Logf(LogDebug, "Message to delete not found with ID %d", expectedETag)
 		w.WriteHeader(http.StatusNotFound)
 		return
 	}
 	m.Logf(LogError, "Deleting from entry %v up to %d messages\n", entry, count)
 	num, err := m.DB.DeleteInboxEntryBySerial(&entry, count)
 	if err != nil {
 		m.Logf(LogDebug, "Failed to delete messages: %v", err)
 		w.WriteHeader(http.StatusInternalServerError)
 		return
 	}
 	m.Logf(LogDebug, "Found matching ID (serial: %d), deleted %d messages", entry.Serial, num)
 	w.WriteHeader(http.StatusNoContent)
 }
 
 func (m *Mailbox) termsResponse(w http.ResponseWriter, r *http.Request) {
 	termspath := m.Cfg.Ini.GetFilename("mailbox", "default_terms_path", "terms/", m.Cfg.Datahome)
 	tos.ServiceTermsResponse(w, r, termspath, tos.TalerTosConfig{
 		DefaultFileType:    m.Cfg.Ini.GetString("mailbox", "default_doc_filetype", "text/html"),
 		DefaultLanguage:    m.Cfg.Ini.GetString("mailbox", "default_doc_lang", "en"),
 		SupportedFileTypes: strings.Split(m.Cfg.Ini.GetString("mailbox", "supported_doc_filetypes", ""), " "),
 	})
 }
 
 func (m *Mailbox) privacyResponse(w http.ResponseWriter, r *http.Request) {
 	pppath := m.Cfg.Ini.GetFilename("mailbox", "default_pp_path", "privacy/", m.Cfg.Datahome)
 	tos.PrivacyPolicyResponse(w, r, pppath, tos.TalerTosConfig{
 		DefaultFileType:    m.Cfg.Ini.GetString("mailbox", "default_doc_filetype", "text/html"),
 		DefaultLanguage:    m.Cfg.Ini.GetString("mailbox", "default_doc_lang", "en"),
 		SupportedFileTypes: strings.Split(m.Cfg.Ini.GetString("mailbox", "supported_doc_filetypes", ""), " "),
 	})
 }
 
 func (m *Mailbox) setupHandlers() {
 	m.Router = mux.NewRouter().StrictSlash(true)
 
 	/* ToS API */
 	m.Router.HandleFunc("/terms", m.termsResponse).Methods("GET")
 	m.Router.HandleFunc("/privacy", m.privacyResponse).Methods("GET")
 
 	/* Config API */
 	m.Router.HandleFunc("/config", m.configResponse).Methods("GET")
 
 	/* Mailbox API */
 	m.Router.HandleFunc("/register", m.registerMailboxResponse).Methods("POST")
 	m.Router.HandleFunc("/info/{h_mailbox}", m.getKeysResponse).Methods("GET")
 	m.Router.HandleFunc("/{h_mailbox}", m.sendMessageResponse).Methods("POST")
 	m.Router.HandleFunc("/{h_mailbox}", m.getMessagesResponse).Methods("GET")
 	m.Router.HandleFunc("/{mailbox}", m.deleteMessagesResponse).Methods("DELETE")
 }
 
 func (m *Mailbox) Logf(loglevel LogLevel, fmt string, args ...any) {
 	if loglevel < m.Cfg.Loglevel {
 		return
 	}
 	m.Logger.SetPrefix("taler-mailbox - " + LoglevelStringMap[loglevel] + " ")
 	m.Logger.Printf(fmt, args...)
 }
 
 // Initialize the Mailbox instance with cfgfile
 func (m *Mailbox) Initialize(cfg MailboxConfig) {
 	m.Cfg = cfg
 	m.Logger = log.New(os.Stdout, "taler-mailbox:", log.LstdFlags)
 	m.BaseURL = cfg.Ini.GetString("mailbox", "base_url", "https://example.com")
 	m.MessageBodyBytes = cfg.Ini.GetInt64("mailbox", "message_body_bytes", 256)
 	m.MessageResponseLimit = uint64(cfg.Ini.GetInt64("mailbox", "message_response_limit", 50))
 	monthlyFee, err := cfg.Ini.GetAmount("mailbox", "monthly_fee", &talerutil.Amount{})
 	if err != nil {
 		fmt.Printf("Failed to parse monthly fee: %v", err)
 		os.Exit(1)
 	}
 	m.MonthlyFee = monthlyFee
 	updateFee, err := cfg.Ini.GetAmount("mailbox", "registration_update_fee", &talerutil.Amount{})
 	if err != nil {
 		fmt.Printf("Failed to parse update fee: %v", err)
 		os.Exit(1)
 	}
 	m.RegistrationUpdateFee = updateFee
 	messageFee, err := cfg.Ini.GetAmount("mailbox", "message_fee", &talerutil.Amount{})
 	if err != nil {
 		fmt.Printf("Failed to parse message fee: %v", err)
 		os.Exit(1)
 	}
 	m.MessageFee = messageFee
 	m.FreeMessageQuota = uint64(cfg.Ini.GetInt64("mailbox", "free_message_quota", 0))
 	m.DB = cfg.DB
 	go func() {
 		for {
 			num, err := m.DB.DeleteStaleRegistrations(time.Now())
 			if err != nil {
 				m.Logf(LogDebug, "Error purging stale registrations: `%v'.\n", err)
 			}
 			m.Logf(LogInfo, "Cleaned up %d stale registrations.\n", num)
 			time.Sleep(time.Hour * 24)
 		}
 	}()
 	// Clean up pending
 	pendingExp, err := cfg.Ini.GetDuration("mailbox", "pending_registration_expiration", 24*time.Hour)
 	if err != nil {
 		fmt.Printf("Failed to parse pending registration expiration: %v", err)
 		os.Exit(1)
 	}
 	go func() {
 		for {
 			num, err := m.DB.DeleteStalePendingRegistrations(time.Now().Add(-pendingExp))
 			if err != nil {
 				m.Logf(LogDebug, "Error purging stale registrations: `%v'.\n", err)
 			}
 			m.Logf(LogInfo, "Cleaned up %d stale pending registrations.\n", num)
 			time.Sleep(pendingExp)
 		}
 	}()
 
 	m.Merchant = cfg.Merchant
 	if !monthlyFee.IsZero() {
 		merchConfig, err := m.Merchant.GetConfig()
 		if err != nil {
 			fmt.Printf("Failed to get merchant config: %v", err)
 			os.Exit(1)
 		}
 		currencySpec, currencySupported := merchConfig.Currencies[monthlyFee.Currency]
 		for !currencySupported {
 			fmt.Printf("Currency `%s' not supported by merchant!\n", monthlyFee.Currency)
 			os.Exit(1)
 		}
 		m.CurrencySpec = currencySpec
 	}
 	m.setupHandlers()
 }