towards recovering from accidental double spends

3 files changed, 78 insertions, 3 deletions

diff --git a/packages/taler-wallet-core/src/operations/pay.ts b/packages/taler-wallet-core/src/operations/pay.ts
index 03bf9e119..3add9bbbf 100644
--- a/packages/taler-wallet-core/src/operations/pay.ts
+++ b/packages/taler-wallet-core/src/operations/pay.ts
@@ -84,6 +84,8 @@ import {
   throwUnexpectedRequestError,
   getHttpResponseErrorDetails,
   readSuccessResponseJsonOrErrorCode,
+  HttpResponseStatus,
+  readTalerErrorResponse,
 } from "../util/http";
 import { TalerErrorCode } from "../TalerErrorCode";
 import { URL } from "../util/url";
@@ -1002,6 +1004,22 @@ async function storePayReplaySuccess(
 }
 
 /**
+ * Handle a 409 Conflict response from the merchant.
+ *
+ * We do this by going through the coin history provided by the exchange and
+ * (1) verifying the signatures from the exchange
+ * (2) adjusting the remaining coin value
+ * (3) re-do coin selection.
+ */
+async function handleInsufficientFunds(
+  ws: InternalWalletState,
+  proposalId: string,
+  err: TalerErrorDetails,
+): Promise<void> {
+  throw Error("payment re-denomination not implemented yet");
+}
+
+/**
  * Submit a payment to the merchant.
  *
  * If the wallet has previously paid, it just transmits the merchant's
@@ -1078,6 +1096,32 @@ async function submitPay(
       };
     }
 
+    if (resp.status === HttpResponseStatus.Conflict) {
+      const err = await readTalerErrorResponse(resp);
+      if (
+        err.code ===
+        TalerErrorCode.MERCHANT_POST_ORDERS_ID_PAY_INSUFFICIENT_FUNDS
+      ) {
+        // Do this in the background, as it might take some time
+        handleInsufficientFunds(ws, proposalId, err).catch(async (e) => {
+          await incrementProposalRetry(ws, proposalId, {
+            code: TalerErrorCode.WALLET_UNEXPECTED_EXCEPTION,
+            message: "unexpected exception",
+            hint: "unexpected exception",
+            details: {
+              exception: e,
+            },
+          });
+        });
+
+        return {
+          type: ConfirmPayResultType.Pending,
+          // FIXME: should we return something better here?
+          lastError: err,
+        };
+      }
+    }
+
     const merchantResp = await readSuccessResponseJsonOrThrow(
       resp,
       codecForMerchantPayResponse(),
diff --git a/packages/taler-wallet-core/src/types/backupTypes.ts b/packages/taler-wallet-core/src/types/backupTypes.ts
index d4b1625f6..7e6ceb04c 100644
--- a/packages/taler-wallet-core/src/types/backupTypes.ts
+++ b/packages/taler-wallet-core/src/types/backupTypes.ts
@@ -21,7 +21,7 @@
  * as the backup schema must remain very stable and should be self-contained.
  *
  * Future:
- * 1. Ghost spends (coin unexpectedly spend by a wallet with shared data)
+ * 1. Ghost spends (coin unexpectedly spent by a wallet with shared data)
  * 2. Ghost withdrawals (reserve unexpectedly emptied by another wallet with shared data)
  * 3. Track losses through re-denomination of payments/refreshes
  * 4. (Feature:) Payments to own bank account and P2P-payments need to be backed up
diff --git a/packages/taler-wallet-core/src/types/dbTypes.ts b/packages/taler-wallet-core/src/types/dbTypes.ts
index 6972744a3..6c37971ad 100644
--- a/packages/taler-wallet-core/src/types/dbTypes.ts
+++ b/packages/taler-wallet-core/src/types/dbTypes.ts
@@ -1464,14 +1464,14 @@ export interface BackupProviderRecord {
 
   /**
    * Proposal that we're currently trying to pay for.
-   * 
+   *
    * (Also included in paymentProposalIds.)
    */
   currentPaymentProposalId?: string;
 
   /**
    * Proposals that were used to pay (or attempt to pay) the provider.
-   * 
+   *
    * Stored to display a history of payments to the provider, and
    * to make sure that the wallet isn't overpaying.
    */
@@ -1541,6 +1541,31 @@ export interface DepositGroupRecord {
   retryInfo: RetryInfo;
 }
 
+/**
+ * Record for a deposits that the wallet observed
+ * as a result of double spending, but which is not
+ * present in the wallet's own database otherwise.
+ */
+export interface GhostDepositGroupRecord {
+  /**
+   * When multiple deposits for the same contract terms hash
+   * have a different timestamp, we choose the earliest one.
+   */
+  timestamp: Timestamp;
+
+  contractTermsHash: string;
+
+  deposits: {
+    coinPub: string;
+    amount: AmountString;
+    timestamp: Timestamp;
+    depositFee: AmountString;
+    merchantPub: string;
+    coinSig: string;
+    wireHash: string;
+  }[];
+}
+
 class ExchangesStore extends Store<"exchanges", ExchangeRecord> {
   constructor() {
     super("exchanges", { keyPath: "baseUrl" });
@@ -1750,6 +1775,12 @@ export const Stores = {
   bankWithdrawUris: new BankWithdrawUrisStore(),
   backupProviders: new BackupProvidersStore(),
   depositGroups: new DepositGroupsStore(),
+  ghostDepositGroups: new Store<"ghostDepositGroups", GhostDepositGroupRecord>(
+    "ghostDepositGroups",
+    {
+      keyPath: "contractTermsHash",
+    },
+  ),
 };
 
 export class MetaConfigStore extends Store<"metaConfig", ConfigRecord<any>> {