implement pg_lookup_kyc_requirement_by_row

9 files changed, 180 insertions, 25 deletions

diff --git a/src/exchangedb/0005-legitimization_measures.sql b/src/exchangedb/0005-legitimization_measures.sql
index e0d3f6ff0..dab6385ab 100644
--- a/src/exchangedb/0005-legitimization_measures.sql
+++ b/src/exchangedb/0005-legitimization_measures.sql
@@ -24,7 +24,7 @@ BEGIN
   PERFORM create_partitioned_table(
     'CREATE TABLE %I'
       '(legitimization_measure_serial_id INT8 GENERATED BY DEFAULT AS IDENTITY'
-      ',target_token BYTEA NOT NULL CHECK (LENGTH(target_token)=32)'
+      ',access_token BYTEA NOT NULL CHECK (LENGTH(access_token)=32)'
       ',start_time INT8 NOT NULL'
       ',jmeasures TEXT NOT NULL'
       ',display_priority INT4 NOT NULL'
@@ -47,7 +47,7 @@ BEGIN
   );
   PERFORM comment_partitioned_column(
      'foreign key linking the entry to the wire_targets table, NOT a primary key (multiple legitimizations are possible per account)'
-    ,'target_token'
+    ,'access_token'
     ,'legitimization_measures'
     ,partition_suffix
   );
@@ -96,9 +96,9 @@ BEGIN
     ' ADD CONSTRAINT ' || table_name || '_serial_id_key'
     ' UNIQUE (legitimization_measure_serial_id)');
   EXECUTE FORMAT (
-    'CREATE INDEX ' || table_name || '_by_target_token'
+    'CREATE INDEX ' || table_name || '_by_access_token'
     ' ON ' || table_name ||
-    ' (target_token)'
+    ' (access_token)'
     ' WHERE NOT is_finished' ||
     ';'
   );
@@ -115,9 +115,10 @@ DECLARE
 BEGIN
   EXECUTE FORMAT (
     'ALTER TABLE ' || table_name ||
-    ' ADD CONSTRAINT ' || table_name || '_foreign_key_target_token'
-    ' FOREIGN KEY (target_token)'
-    ' REFERENCES wire_targets (target_token) ON DELETE CASCADE');
+    ' ADD CONSTRAINT ' || table_name || '_foreign_key_access_token'
+    ' FOREIGN KEY (access_token)'
+    ' REFERENCES wire_targets (access_token)'
+    '  ON DELETE CASCADE');
 END
 $$;
 
diff --git a/src/exchangedb/0005-legitimization_outcomes.sql b/src/exchangedb/0005-legitimization_outcomes.sql
index 642e7441f..d7d337c87 100644
--- a/src/exchangedb/0005-legitimization_outcomes.sql
+++ b/src/exchangedb/0005-legitimization_outcomes.sql
@@ -30,7 +30,7 @@ BEGIN
       ',jproperties TEXT'
       ',to_investigate BOOL NOT NULL'
       ',is_active BOOL NOT NULL DEFAULT(TRUE)'
-      ',jnew_rules TEXT NOT NULL'
+      ',jnew_rules TEXT'
     ') %s ;'
     ,'legitimization_outcomes'
     ,'PARTITION BY HASH (h_payto)'
@@ -84,7 +84,7 @@ BEGIN
     ,partition_suffix
   );
   PERFORM comment_partitioned_column(
-     'JSON object of type LegitimizationRuleSet with rules to apply to the various operation types for this account; all KYC checks should first check if active new rules for a given account exist in this table (and apply specified measures); if not, it should check the default rules to decide if a measure is required'
+     'JSON object of type LegitimizationRuleSet with rules to apply to the various operation types for this account; all KYC checks should first check if active new rules for a given account exist in this table (and apply specified measures); if not, it should check the default rules to decide if a measure is required; NULL if the default rules apply'
     ,'jnew_rules'
     ,'legitimization_outcomes'
     ,partition_suffix
diff --git a/src/exchangedb/Makefile.am b/src/exchangedb/Makefile.am
index e9db91ae3..19e204f35 100644
--- a/src/exchangedb/Makefile.am
+++ b/src/exchangedb/Makefile.am
@@ -199,6 +199,7 @@ libtaler_plugin_exchangedb_postgres_la_SOURCES = \
   pg_select_refreshes_above_serial_id.h pg_select_refreshes_above_serial_id.c \
   pg_select_refunds_above_serial_id.h pg_select_refunds_above_serial_id.c \
   pg_select_reserves_in_above_serial_id.h pg_select_reserves_in_above_serial_id.c \
+  pg_trigger_kyc_rule_for_account.h pg_trigger_kyc_rule_for_account.c \
   pg_select_reserves_in_above_serial_id_by_account.h pg_select_reserves_in_above_serial_id_by_account.c \
   pg_select_withdrawals_above_serial_id.h pg_select_withdrawals_above_serial_id.c \
   pg_select_wire_out_above_serial_id.h pg_select_wire_out_above_serial_id.c \
diff --git a/src/exchangedb/pg_lookup_kyc_requirement_by_row.c b/src/exchangedb/pg_lookup_kyc_requirement_by_row.c
index 53df2f441..8f625b2bf 100644
--- a/src/exchangedb/pg_lookup_kyc_requirement_by_row.c
+++ b/src/exchangedb/pg_lookup_kyc_requirement_by_row.c
@@ -25,6 +25,7 @@
 #include "pg_lookup_kyc_requirement_by_row.h"
 #include "pg_helper.h"
 
+
 enum GNUNET_DB_QueryStatus
 TEH_PG_lookup_kyc_requirement_by_row (
   void *cls,
@@ -42,26 +43,36 @@ TEH_PG_lookup_kyc_requirement_by_row (
     GNUNET_PQ_query_param_end
   };
   struct GNUNET_PQ_ResultSpec rs[] = {
-    GNUNET_PQ_result_spec_string ("required_checks",
-                                  requirements),
-    GNUNET_PQ_result_spec_auto_from_type ("h_payto",
-                                          h_payto),
     GNUNET_PQ_result_spec_allow_null (
-      GNUNET_PQ_result_spec_uint32 ("status",
-                                    &status),
+      GNUNET_PQ_result_spec_auto_from_type ("account_pub",
+                                            account_pub),
+      NULL),
+    GNUNET_PQ_result_spec_auto_from_type ("access_token",
+                                          access_token),
+    GNUNET_PQ_result_spec_allow_null (
+      TALER_PQ_result_spec_json ("jrules",
+                                 jrules),
       NULL),
+    GNUNET_PQ_result_spec_bool ("aml_review",
+                                aml_review),
+    GNUNET_PQ_result_spec_bool ("kyc_required",
+                                kyc_required),
     GNUNET_PQ_result_spec_end
   };
   enum GNUNET_DB_QueryStatus qs;
 
+  *jrules = NULL;
+  memset (account_pub,
+          0,
+          sizeof (*account_pub));
   PREPARE (pg,
-           "lookup_legitimization_requirement_by_row",
+           "lookup_kyc_requirement_by_row",
            "SELECT "
-           " lm.access_token"
-           ",lo.to_investigate AS aml_review" // can be NULL => false!
-           ",lo.jnew_rules AS jrules" // can be NULL! => default rules!
-           ",lm.is_finished AS NOT kyc_required"
-           ",wt.target_pub AS account_pub" // can be NULL!
+           " wt.target_pub AS account_pub"
+           ",lm.access_token"
+           ",lo.jnew_rules AS jrules"
+           ",lo.to_investigate AS aml_review"
+           ",NOT lm.is_finished AS kyc_required"
            " FROM legitimization_measures lm"
            " JOIN wire_targets wt"
            "   USING (access_token)"
@@ -70,7 +81,7 @@ TEH_PG_lookup_kyc_requirement_by_row (
            " WHERE legitimization_measure_serial_id=$1;");
   return GNUNET_PQ_eval_prepared_singleton_select (
     pg->conn,
-    "lookup_legitimization_requirement_by_row",
+    "lookup_kyc_requirement_by_row",
     params,
     rs);
 }
diff --git a/src/exchangedb/pg_lookup_kyc_requirement_by_row.h b/src/exchangedb/pg_lookup_kyc_requirement_by_row.h
index 4f7af9b71..e3cceebbd 100644
--- a/src/exchangedb/pg_lookup_kyc_requirement_by_row.h
+++ b/src/exchangedb/pg_lookup_kyc_requirement_by_row.h
@@ -30,7 +30,17 @@
  * Lookup KYC requirement.
  *
  * @param cls closure
- * @param requirement_row identifies requirement to look up
+ * @param requirement_row identifies requirement to look up (in legitimization_measures table)
+ * @param[out] account_pub set to public key of the account
+ *    needed to authorize access, all zeros if not known
+ * @param[out] access_token set to the access token to begin
+ *    work on KYC processes for this account
+ * @param[out] jrules set to active ``LegitimizationRuleSet``
+ *    of the account impacted by the requirement
+ * @param[out] aml_review set to true if the account is under
+ *    active review by AML staff
+ * @param[out] kyc_required set to true if the user must pass
+ *    some KYC check before some previous operation may continue
  * @return database transaction status
  */
 enum GNUNET_DB_QueryStatus
diff --git a/src/exchangedb/pg_trigger_kyc_rule_for_account.c b/src/exchangedb/pg_trigger_kyc_rule_for_account.c
new file mode 100644
index 000000000..0caabd4d4
--- /dev/null
+++ b/src/exchangedb/pg_trigger_kyc_rule_for_account.c
@@ -0,0 +1,70 @@
+/*
+   This file is part of TALER
+   Copyright (C) 2024 Taler Systems SA
+
+   TALER is free software; you can redistribute it and/or modify it under the
+   terms of the GNU General Public License as published by the Free Software
+   Foundation; either version 3, or (at your option) any later version.
+
+   TALER is distributed in the hope that it will be useful, but WITHOUT ANY
+   WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
+   A PARTICULAR PURPOSE.  See the GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License along with
+   TALER; see the file COPYING.  If not, see <http://www.gnu.org/licenses/>
+ */
+/**
+ * @file exchangedb/pg_trigger_kyc_rule_for_account.c
+ * @brief Implementation of the trigger_kyc_rule_for_account function for Postgres
+ * @author Christian Grothoff
+ */
+#include "platform.h"
+#include "taler_error_codes.h"
+#include "taler_dbevents.h"
+#include "taler_pq_lib.h"
+#include "pg_trigger_kyc_rule_for_account.h"
+#include "pg_helper.h"
+
+
+enum GNUNET_DB_QueryStatus
+TEH_PG_trigger_kyc_rule_for_account (
+  void *cls,
+  const struct TALER_PaytoHashP *h_payto,
+  const json_t *jrule,
+  uint32_t display_priority,
+  uint64_t *requirement_row)
+{
+  struct PostgresClosure *pg = cls;
+  struct GNUNET_TIME_Absolute now
+    = GNUNET_TIME_absolute_get ();
+  struct GNUNET_PQ_QueryParam params[] = {
+    GNUNET_PQ_query_param_auto_from_type (h_payto),
+    GNUNET_PQ_query_param_absolute_time (&now),
+    TALER_PQ_query_param_json (jrule),
+    GNUNET_PQ_query_param_uint32 (&display_priority),
+    GNUNET_PQ_query_param_end
+  };
+  struct GNUNET_PQ_ResultSpec rs[] = {
+    GNUNET_PQ_result_spec_uint64 ("legitimization_measure_serial_id",
+                                  requirement_row),
+    GNUNET_PQ_result_spec_end
+  };
+
+  PREPARE (pg,
+           "trigger_kyc_rule_for_account",
+           "INSERT INTO legitimization_measures"
+           "(access_token"
+           ",start_time"
+           ",jmeasures"
+           ",display_priority)"
+           " SELECT "
+           " access_token,$2,$3,$4"
+           " FROM wire_targets"
+           " WHERE wire_target_h_payto=$1"
+           " RETURNING legitimization_measure_serial_id;");
+  return GNUNET_PQ_eval_prepared_singleton_select (
+    pg->conn,
+    "trigger_kyc_rule_for_account",
+    params,
+    rs);
+}
diff --git a/src/exchangedb/pg_trigger_kyc_rule_for_account.h b/src/exchangedb/pg_trigger_kyc_rule_for_account.h
new file mode 100644
index 000000000..bc3bcc377
--- /dev/null
+++ b/src/exchangedb/pg_trigger_kyc_rule_for_account.h
@@ -0,0 +1,47 @@
+/*
+   This file is part of TALER
+   Copyright (C) 2024 Taler Systems SA
+
+   TALER is free software; you can redistribute it and/or modify it under the
+   terms of the GNU General Public License as published by the Free Software
+   Foundation; either version 3, or (at your option) any later version.
+
+   TALER is distributed in the hope that it will be useful, but WITHOUT ANY
+   WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
+   A PARTICULAR PURPOSE.  See the GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License along with
+   TALER; see the file COPYING.  If not, see <http://www.gnu.org/licenses/>
+ */
+/**
+ * @file exchangedb/pg_trigger_kyc_rule_for_account.h
+ * @brief implementation of the trigger_kyc_rule_for_account function for Postgres
+ * @author Christian Grothoff
+ */
+#ifndef PG_TRIGGER_KYC_RULE_FOR_ACCOUNT_H
+#define PG_TRIGGER_KYC_RULE_FOR_ACCOUNT_H
+
+#include "taler_util.h"
+#include "taler_json_lib.h"
+#include "taler_exchangedb_plugin.h"
+
+
+/**
+ * Insert KYC requirement for @a h_payto account into table.
+ *
+ * @param cls closure
+ * @param h_payto account that must be KYC'ed
+ * @param jrule serialized MeasureSet to put in place
+ * @param display_priority priority of the rule
+ * @param[out] requirement_row set to legitimization requirement row for this check
+ * @return database transaction status
+ */
+enum GNUNET_DB_QueryStatus
+TEH_PG_trigger_kyc_rule_for_account (
+  void *cls,
+  const struct TALER_PaytoHashP *h_payto,
+  const json_t *jrule,
+  uint32_t display_priority,
+  uint64_t *requirement_row);
+
+#endif
diff --git a/src/exchangedb/plugin_exchangedb_postgres.c b/src/exchangedb/plugin_exchangedb_postgres.c
index 5da3ef036..d26db2029 100644
--- a/src/exchangedb/plugin_exchangedb_postgres.c
+++ b/src/exchangedb/plugin_exchangedb_postgres.c
@@ -54,6 +54,7 @@
 #include "pg_select_account_merges_above_serial_id.h"
 #include "pg_select_all_purse_decisions_above_serial_id.h"
 #include "pg_select_purse.h"
+#include "pg_trigger_kyc_rule_for_account.h"
 #include "pg_select_purse_deposits_above_serial_id.h"
 #include "pg_select_purse_merges_above_serial_id.h"
 #include "pg_select_purse_requests_above_serial_id.h"
@@ -214,7 +215,7 @@
 #include "pg_lookup_aml_officer.h"
 #include "pg_trigger_aml_process.h"
 // #include "pg_select_justification_for_missing_wire.h"
-// #include "pg_lookup_kyc_requirement_by_row.h"
+#include "pg_lookup_kyc_requirement_by_row.h"
 // #include "pg_select_aml_history.h"
 // #include "pg_select_aml_process.h"
 // #include "pg_select_aml_threshold.h"
@@ -777,6 +778,10 @@ libtaler_plugin_exchangedb_postgres_init (void *cls)
     = &TEH_PG_trigger_aml_process;
   plugin->insert_aml_decision
     = &TEH_PG_insert_aml_decision;
+  plugin->lookup_kyc_requirement_by_row
+    = &TEH_PG_lookup_kyc_requirement_by_row;
+  plugin->trigger_kyc_rule_for_account
+    = &TEH_PG_trigger_kyc_rule_for_account;
 
   plugin->batch_ensure_coin_known
     = &TEH_PG_batch_ensure_coin_known;
diff --git a/src/include/taler_exchangedb_plugin.h b/src/include/taler_exchangedb_plugin.h
index 84bfcff2b..067f925b1 100644
--- a/src/include/taler_exchangedb_plugin.h
+++ b/src/include/taler_exchangedb_plugin.h
@@ -6803,7 +6803,17 @@ struct TALER_EXCHANGEDB_Plugin
    * Lookup KYC requirement.
    *
    * @param cls closure
-   * @param legi_row identifies requirement to look up
+   * @param requirement_row identifies requirement to look up (in legitimization_measures table)
+ * @param[out] account_pub set to public key of the account
+ *    needed to authorize access, all zeros if not known
+ * @param[out] access_token set to the access token to begin
+ *    work on KYC processes for this account
+ * @param[out] jrules set to active ``LegitimizationRuleSet``
+ *    of the account impacted by the requirement
+ * @param[out] aml_review set to true if the account is under
+ *    active review by AML staff
+ * @param[out] kyc_required set to true if the user must pass
+ *    some KYC check before some previous operation may continue
    * @return database transaction status
    */
   enum GNUNET_DB_QueryStatus