taler-rust

GNU Taler code in Rust. Largely core banking integrations.
Log | Files | Refs | Submodules | README | LICENSE
commit 7c0a0e2d06c4179c7f7d49c8b957fd3158b17b4c
parent 668b278dcd9770801f5721f2857499b7958752e2
Author: Antoine A <>
Date:   Tue, 11 Feb 2025 11:05:39 +0100

taler-magnet: default config, dbconfig and better deb

Diffstat:

MCargo.lock | 4++--


Mcommon/taler-test-utils/src/routine.rs | 4++--


Mcontrib/ci/Containerfile | 4+---


Rtaler-magnet-bank.conf -> contrib/magnet-bank.conf | 0


Acontrib/taler-magnet-bank-dbconfig | 132+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


Adebian/etc/apache2/sites-available/taler-magnet-bank.conf | 22++++++++++++++++++++++


Adebian/etc/nginx/sites-available/taler-magnet-bank | 32++++++++++++++++++++++++++++++++


Adebian/etc/taler-magnet-bank/taler-magnet-bank.conf | 2++


Mdebian/taler-magnet-bank.postinst | 9++-------


Mtaler-magnet-bank/Cargo.toml | 26++++++++++++++++++++++++++


10 files changed, 221 insertions(+), 14 deletions(-)

diff --git a/Cargo.lock b/Cargo.lock
@@ -292,9 +292,9 @@ checksum = "f61dac84819c6588b558454b194026eb1f09c293b9036ae9b159e74e73ab6cf9"
 
 [[package]]
 name = "bytesize"
-version = "1.3.0"
+version = "1.3.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "a3e368af43e418a04d52505cf3dbc23dda4e3407ae2fa99fd0e4f308ce546acc"
+checksum = "2d2c12f985c78475a6b8d629afd0c360260ef34cfef52efccdcfd31972f81c2e"
 
 [[package]]
 name = "cast"
diff --git a/common/taler-test-utils/src/routine.rs b/common/taler-test-utils/src/routine.rs
@@ -148,7 +148,7 @@ pub async fn routine_history<
     tokio::join!(
         // Check polling succeed
         assert_time(
-            100..200,
+            100..300,
             assert_history(format!("limit=2&offset={id}&timeout_ms=1000"), 1)
         ),
         assert_time(
@@ -173,7 +173,7 @@ pub async fn routine_history<
         tokio::join!(
             // Check polling succeed
             assert_time(
-                100..200,
+                100..300,
                 assert_history(format!("limit=7&offset={id}&timeout_ms=1000"), 1)
             ),
             async {
diff --git a/contrib/ci/Containerfile b/contrib/ci/Containerfile
@@ -4,9 +4,7 @@ ENV DEBIAN_FRONTEND=noninteractive
 # Persistent cargo cache
 ENV CARGO_HOME=/workdir/.cargo
 
-# Clear cache when using a new version of rust
-RUN rm -R /workdir/.build -f && \
-    apt-get update -yq && \
+RUN apt-get update -yq && \
     apt-get upgrade -yq && \
     apt-get install -yq \
                    sudo \
diff --git a/taler-magnet-bank.conf b/contrib/magnet-bank.conf
diff --git a/contrib/taler-magnet-bank-dbconfig b/contrib/taler-magnet-bank-dbconfig
@@ -0,0 +1,132 @@
+#!/bin/bash
+# This file is part of GNU TALER.
+# Copyright (C) 2025 Taler Systems SA
+#
+# TALER is free software; you can redistribute it and/or modify it under the
+# terms of the GNU Lesser General Public License as published by the Free Software
+# Foundation; either version 2.1, or (at your option) any later version.
+#
+# TALER is distributed in the hope that it will be useful, but WITHOUT ANY
+# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
+# A PARTICULAR PURPOSE.  See the GNU Lesser General Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public License along with
+# TALER; see the file COPYING.  If not, see <http://www.gnu.org/licenses/>
+#
+# @author Christian Grothoff
+# @author Florian Dold
+
+# Error checking on
+set -eu
+
+# 1 is true, 0 is false
+RESET_DB=0
+FORCE_PERMS=0
+SKIP_INIT=0
+DBUSER="taler-magnet-bank-httpd"
+CFGFILE="/etc/taler-magnet-bank/taler-magnet-bank.conf"
+
+# Parse command-line options
+while getopts 'c:g:hprs:' OPTION; do
+  case "$OPTION" in
+  c)
+    CFGFILE="$OPTARG"
+    ;;
+  h)
+    echo 'Supported options:'
+    echo "  -c FILENAME  -- use configuration FILENAME (default: $CFGFILE)"
+    echo "  -h           -- print this help text"
+    echo "  -r           -- reset database (dangerous)"
+    echo "  -p           -- force permission setup even without database initialization"
+    echo "  -s           -- skip database initialization"
+    echo "  -u USER      -- taler-merchant to be run by USER (default: $DBUSER)"
+    exit 0
+    ;;
+  p)
+    FORCE_PERMS="1"
+    ;;
+  r)
+    RESET_DB="1"
+    ;;
+  s)
+    SKIP_DBINIT="1"
+    ;;
+  u)
+    DBUSER="$OPTARG"
+    ;;
+  ?)
+    echo "Unrecognized command line option '$OPTION'" 1 &>2
+    exit 1
+    ;;
+  esac
+done
+
+function exit_fail() {
+  echo "$@" >&2
+  exit 1
+}
+
+if ! id postgres >/dev/null; then
+  exit_fail "Could not find 'postgres' user. Please install Postgresql first"
+fi
+
+if ! taler-magnet-bank -v 2>/dev/null; then
+  exit_fail "Required 'taler-magnet-bank' not found. Please fix your installation."
+fi
+
+if [ "$(id -u)" -ne 0 ]; then
+  exit_fail "This script must be run as root"
+fi
+
+# Check OS users exist
+if ! id "$DBUSER" >/dev/null; then
+  exit_fail "Could not find '$DBUSER' user. Cannot continue"
+fi
+
+# Create DB users matching OS users names
+echo "Setting up database user '$DBUSER'." 1>&2
+if ! sudo -i -u postgres createuser "$DBUSER" 2>/dev/null; then
+  echo "Database user '$DBUSER' already existed. Continuing anyway." 1>&2
+fi
+
+# Check database name
+DBPATH=$(taler-magnet-bank -c "$CFGFILE" config get magnet-bankdb-postgres CONFIG)
+if ! echo "$DBPATH" | grep "postgres://" >/dev/null; then
+  exit_fail "Invalid database configuration value '$DBPATH'." 1>&2
+fi
+DBNAME=$(echo "$DBPATH" | sed -e "s/postgres:\/\/.*\///" -e "s/?.*//")
+
+# Reset database
+if sudo -i -u postgres psql "$DBNAME" </dev/null 2>/dev/null; then
+  if [ 1 = "$RESET_DB" ]; then
+    echo "Deleting existing database '$DBNAME'." 1>&2
+    if ! sudo -i -u postgres dropdb "$DBNAME"; then
+      exit_fail "Failed to delete existing database '$DBNAME'"
+    fi
+    DO_CREATE=1
+  else
+    echo "Database '$DBNAME' already exists, continuing anyway."
+    DO_CREATE=0
+  fi
+else
+  DO_CREATE=1
+fi
+
+# Create database
+if [ 1 = "$DO_CREATE" ]; then
+  echo "Creating database '$DBNAME'." 1>&2
+  if ! sudo -i -u postgres createdb -O "$DBGROUP" "$DBNAME"; then
+    exit_fail "Failed to create database '$DBNAME'"
+  fi
+fi
+
+# Run dbinit
+if [ 0 = "$SKIP_DBINIT" ]; then
+  if ! sudo -u "$DBUSER" taler-magnet-bank dbinit -c "$CFGFILE"; then
+    exit_fail "Failed to initialize database schema"
+  fi
+fi
+
+# TODO set permission explicitly
+
+echo "Database configuration finished." 1>&2
diff --git a/debian/etc/apache2/sites-available/taler-magnet-bank.conf b/debian/etc/apache2/sites-available/taler-magnet-bank.conf
@@ -0,0 +1,22 @@
+# Make sure to enable the following Apache modules before
+# integrating this into your configuration:
+#
+# a2enmod proxy
+# a2enmod proxy_http
+# a2enmod headers
+#
+# NOTE:
+# - consider to adjust the location
+# - consider putting all this into a VirtualHost
+# - strongly consider setting up TLS support
+#
+# For all of the above, please read the respective
+# Apache documentation.
+#
+<Location "/taler-magnet-bank/">
+  ProxyPass "unix:/var/run/taler-magnet-bank/httpd/magnet-bank-http.sock|http://example.com/"
+
+  # NOTE:
+  # - Uncomment this line if you use TLS/HTTPS
+  RequestHeader add "X-Forwarded-Proto" "https"
+</Location>
diff --git a/debian/etc/nginx/sites-available/taler-magnet-bank b/debian/etc/nginx/sites-available/taler-magnet-bank
@@ -0,0 +1,31 @@
+server {
+  # NOTE:
+  # - urgently consider configuring TLS instead
+  # - maybe keep a forwarder from HTTP to HTTPS
+  listen 80;
+
+  # NOTE:
+  # - Comment out this line if you have no IPv6
+  listen [::]:80;
+
+  # NOTE:
+  # - replace with your actual server name
+  server_name localhost;
+
+  access_log /var/log/nginx/magnet-bank.log;
+  error_log /var/log/nginx/magnet-bank.err;
+  
+  location /taler-magnet-bank/ {
+    proxy_pass http://unix:/var/run/taler-magnet-bank/httpd/magnet-bank-http.sock;
+    proxy_redirect off;
+    proxy_set_header Host $host;
+
+    # NOTE:
+    # - put your actual DNS name here
+    proxy_set_header X-Forwarded-Host "localhost";
+
+    # NOTE:
+    # - uncomment the following line if you are using HTTPS
+    # proxy_set_header X-Forwarded-Proto "https";
+  }
+}
+\ No newline at end of file
diff --git a/debian/etc/taler-magnet-bank/taler-magnet-bank.conf b/debian/etc/taler-magnet-bank/taler-magnet-bank.conf
@@ -0,0 +1 @@
+# This is the main configuration entrypoint for taler-magnet-bank.
+\ No newline at end of file
diff --git a/debian/taler-magnet-bank.postinst b/debian/taler-magnet-bank.postinst
@@ -9,17 +9,12 @@ _HTTPDUSER=taler-magnet-bank-httpd
 _WORKERUSER=taler-magnet-bank-worker
 
 if [ "$1" = "configure" ] ; then
-  # Create groups as needed
-  if ! getent group ${_DBGROUP} >/dev/null; then
-    addgroup --quiet --system ${_DBGROUP}
-  fi
-
   # Create users as needed
   if ! getent passwd ${_HTTPDUSER} >/dev/null; then
-    adduser --quiet --system --no-create-home --ingroup ${_DBGROUP} --home ${MAGNET_HOME} ${_HTTPDUSER}
+    adduser --quiet --system --no-create-home --home ${MAGNET_HOME} ${_HTTPDUSER}
   fi
   if ! getent passwd ${_WORKERUSER} >/dev/null; then
-    adduser --quiet --system --no-create-home --ingroup ${_DBGROUP} --home ${MAGNET_HOME} ${_WORKERUSER}
+    adduser --quiet --system --no-create-home --home ${MAGNET_HOME} ${_WORKERUSER}
   fi
 fi
 
diff --git a/taler-magnet-bank/Cargo.toml b/taler-magnet-bank/Cargo.toml
@@ -55,3 +55,29 @@ systemd-units = [
     { unit-name = "taler-magnet-bank-worker", enable = false, start = false, stop-on-upgrade = false },
 ]
 recommends = ["apache2 | nginx | httpd", "postgresql (>= 15.0)"]
+assets = [
+    # Binary
+    [
+        "target/release/taler-magnet-bank",
+        "/usr/bin/",
+        "755",
+    ],
+    # Scripts
+    [
+        "../contrib/taler-magnet-bank-dbconfig",
+        "/usr/bin/",
+        "755",
+    ],
+    # Default config
+    [
+        "../contrib/magnet-bank.conf",
+        "/usr/share/taler-magnet-bank/config.d/",
+        "644",
+    ],
+    # Configs
+    [
+        "../debian/etc/**/*",
+        "/etc",
+        "644",
+    ],
+]