diff options
| author | Christian Grothoff <christian@grothoff.org> | 2024-05-07 22:16:53 +0200 |
|---|---|---|
| committer | Christian Grothoff <christian@grothoff.org> | 2024-07-29 12:18:40 +0200 |
| commit | 56986815357ed562ec8b9fc014eb58f336e83af5 (patch) | |
| tree | 8f6c26478f11e25e09a93a0bab328550de6fdbb0 /src | |
| parent | 7080748524566f05688a3ba99b7bba2e46c5b2f4 (diff) | |
get aml-decisions-get to build
Diffstat (limited to 'src')
| -rw-r--r-- | src/exchange/Makefile.am | 7 | ||||
| -rw-r--r-- | src/exchange/taler-exchange-httpd.c | 4 | ||||
| -rw-r--r-- | src/exchange/taler-exchange-httpd_aml-decision-get.c | 233 | ||||
| -rw-r--r-- | src/exchange/taler-exchange-httpd_aml-decision.c | 52 | ||||
| -rw-r--r-- | src/exchange/taler-exchange-httpd_aml-decision.h | 19 | ||||
| -rw-r--r-- | src/exchange/taler-exchange-httpd_aml-decisions-get.c | 99 |
6 files changed, 59 insertions, 355 deletions
diff --git a/src/exchange/Makefile.am b/src/exchange/Makefile.am index e61c42d39..f730d29b9 100644 --- a/src/exchange/Makefile.am +++ b/src/exchange/Makefile.am @@ -126,6 +126,8 @@ taler_exchange_httpd_SOURCES = \ taler-exchange-httpd.c taler-exchange-httpd.h \ taler-exchange-httpd_age-withdraw.c taler-exchange-httpd_age-withdraw.h \ taler-exchange-httpd_age-withdraw_reveal.c taler-exchange-httpd_age-withdraw_reveal.h \ + taler-exchange-httpd_aml-decision.c taler-exchange-httpd_aml-decision.h \ + taler-exchange-httpd_aml-decisions-get.c \ taler-exchange-httpd_auditors.c taler-exchange-httpd_auditors.h \ taler-exchange-httpd_batch-deposit.c taler-exchange-httpd_batch-deposit.h \ taler-exchange-httpd_batch-withdraw.c taler-exchange-httpd_batch-withdraw.h \ @@ -182,10 +184,7 @@ taler_exchange_httpd_SOURCES = \ taler-exchange-httpd_transfers_get.c taler-exchange-httpd_transfers_get.h \ taler-exchange-httpd_withdraw.c taler-exchange-httpd_withdraw.h -# taler-exchange-httpd_kyc-check.c taler-exchange-httpd_kyc-check.h \ -# taler-exchange-httpd_aml-decision.c taler-exchange-httpd_aml-decision.h \ -# taler-exchange-httpd_aml-decision-get.c \ -# taler-exchange-httpd_aml-decisions-get.c +# taler-exchange-httpd_kyc-check.c taler-exchange-httpd_kyc-check.h taler_exchange_httpd_LDADD = \ $(LIBGCRYPT_LIBS) \ diff --git a/src/exchange/taler-exchange-httpd.c b/src/exchange/taler-exchange-httpd.c index 4165111a9..0ac190974 100644 --- a/src/exchange/taler-exchange-httpd.c +++ b/src/exchange/taler-exchange-httpd.c @@ -558,10 +558,6 @@ handle_get_aml (struct TEH_RequestContext *rc, .handler = &TEH_handler_aml_decisions_get }, { - .op = "decision", - .handler = &TEH_handler_aml_decision_get - }, - { .op = NULL, .handler = NULL }, diff --git a/src/exchange/taler-exchange-httpd_aml-decision-get.c b/src/exchange/taler-exchange-httpd_aml-decision-get.c deleted file mode 100644 index b4f337db1..000000000 --- a/src/exchange/taler-exchange-httpd_aml-decision-get.c +++ /dev/null @@ -1,233 +0,0 @@ -/* - This file is part of TALER - Copyright (C) 2023 Taler Systems SA - - TALER is free software; you can redistribute it and/or modify it under the - terms of the GNU Affero General Public License as published by the Free Software - Foundation; either version 3, or (at your option) any later version. - - TALER is distributed in the hope that it will be useful, but WITHOUT ANY - WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR - A PARTICULAR PURPOSE. See the GNU Affero General Public License for more details. - - You should have received a copy of the GNU Affero General Public License along with - TALER; see the file COPYING. If not, see <http://www.gnu.org/licenses/> -*/ -/** - * @file taler-exchange-httpd_aml-decision-get.c - * @brief Return summary information about AML decision - * @author Christian Grothoff - */ -#include "platform.h" -#include <gnunet/gnunet_util_lib.h> -#include <jansson.h> -#include <microhttpd.h> -#include <pthread.h> -#include "taler_json_lib.h" -#include "taler_mhd_lib.h" -#include "taler_signatures.h" -#include "taler-exchange-httpd.h" -#include "taler_exchangedb_plugin.h" -#include "taler-exchange-httpd_aml-decision.h" -#include "taler-exchange-httpd_metrics.h" - - -/** - * Maximum number of records we return per request. - */ -#define MAX_RECORDS 1024 - -/** - * Callback with KYC attributes about a particular user. - * - * @param[in,out] cls closure with a `json_t *` array to update - * @param h_payto account for which the attribute data is stored - * @param provider_section provider that must be checked - * @param collection_time when was the data collected - * @param expiration_time when does the data expire - * @param enc_attributes_size number of bytes in @a enc_attributes - * @param enc_attributes encrypted attribute data - */ -static void -kyc_attribute_cb ( - void *cls, - const struct TALER_PaytoHashP *h_payto, - const char *provider_section, - struct GNUNET_TIME_Timestamp collection_time, - struct GNUNET_TIME_Timestamp expiration_time, - size_t enc_attributes_size, - const void *enc_attributes) -{ - json_t *kyc_attributes = cls; - json_t *attributes; - - attributes = TALER_CRYPTO_kyc_attributes_decrypt (&TEH_attribute_key, - enc_attributes, - enc_attributes_size); - GNUNET_break (NULL != attributes); - GNUNET_assert ( - 0 == - json_array_append ( - kyc_attributes, - GNUNET_JSON_PACK ( - GNUNET_JSON_pack_string ("provider_section", - provider_section), - GNUNET_JSON_pack_timestamp ("collection_time", - collection_time), - GNUNET_JSON_pack_timestamp ("expiration_time", - expiration_time), - GNUNET_JSON_pack_allow_null ( - GNUNET_JSON_pack_object_steal ("attributes", - attributes)) - ))); -} - - -/** - * Return historic AML decision(s). - * - * @param[in,out] cls closure with a `json_t *` array to update - * @param new_threshold new monthly threshold that would trigger an AML check - * @param new_state AML decision status - * @param decision_time when was the decision made - * @param justification human-readable text justifying the decision - * @param decider_pub public key of the staff member - * @param decider_sig signature of the staff member - */ -static void -aml_history_cb ( - void *cls, - const struct TALER_Amount *new_threshold, - enum TALER_AmlDecisionState new_state, - struct GNUNET_TIME_Timestamp decision_time, - const char *justification, - const struct TALER_AmlOfficerPublicKeyP *decider_pub, - const struct TALER_AmlOfficerSignatureP *decider_sig) -{ - json_t *aml_history = cls; - - GNUNET_assert ( - 0 == - json_array_append ( - aml_history, - GNUNET_JSON_PACK ( - GNUNET_JSON_pack_data_auto ("decider_pub", - decider_pub), - GNUNET_JSON_pack_string ("justification", - justification), - TALER_JSON_pack_amount ("new_threshold", - new_threshold), - GNUNET_JSON_pack_int64 ("new_state", - new_state), - GNUNET_JSON_pack_timestamp ("decision_time", - decision_time) - ))); -} - - -MHD_RESULT -TEH_handler_aml_decision_get ( - struct TEH_RequestContext *rc, - const struct TALER_AmlOfficerPublicKeyP *officer_pub, - const char *const args[]) -{ - struct TALER_PaytoHashP h_payto; - - if ( (NULL == args[0]) || - (GNUNET_OK != - GNUNET_STRINGS_string_to_data (args[0], - strlen (args[0]), - &h_payto, - sizeof (h_payto))) ) - { - GNUNET_break_op (0); - return TALER_MHD_reply_with_error (rc->connection, - MHD_HTTP_BAD_REQUEST, - TALER_EC_GENERIC_PARAMETER_MALFORMED, - "h_payto"); - } - - if (NULL != args[1]) - { - GNUNET_break_op (0); - return TALER_MHD_reply_with_error (rc->connection, - MHD_HTTP_BAD_REQUEST, - TALER_EC_GENERIC_ENDPOINT_UNKNOWN, - args[1]); - } - - { - json_t *aml_history; - json_t *kyc_attributes; - enum GNUNET_DB_QueryStatus qs; - bool none = false; - - aml_history = json_array (); - GNUNET_assert (NULL != aml_history); - qs = TEH_plugin->select_aml_history (TEH_plugin->cls, - &h_payto, - &aml_history_cb, - aml_history); - switch (qs) - { - case GNUNET_DB_STATUS_HARD_ERROR: - case GNUNET_DB_STATUS_SOFT_ERROR: - json_decref (aml_history); - GNUNET_break (0); - return TALER_MHD_reply_with_error (rc->connection, - MHD_HTTP_INTERNAL_SERVER_ERROR, - TALER_EC_GENERIC_DB_FETCH_FAILED, - NULL); - case GNUNET_DB_STATUS_SUCCESS_NO_RESULTS: - none = true; - break; - case GNUNET_DB_STATUS_SUCCESS_ONE_RESULT: - none = false; - break; - } - - kyc_attributes = json_array (); - GNUNET_assert (NULL != kyc_attributes); - qs = TEH_plugin->select_kyc_attributes (TEH_plugin->cls, - &h_payto, - &kyc_attribute_cb, - kyc_attributes); - switch (qs) - { - case GNUNET_DB_STATUS_HARD_ERROR: - case GNUNET_DB_STATUS_SOFT_ERROR: - json_decref (aml_history); - json_decref (kyc_attributes); - GNUNET_break (0); - return TALER_MHD_reply_with_error (rc->connection, - MHD_HTTP_INTERNAL_SERVER_ERROR, - TALER_EC_GENERIC_DB_FETCH_FAILED, - NULL); - case GNUNET_DB_STATUS_SUCCESS_NO_RESULTS: - if (none) - { - json_decref (aml_history); - json_decref (kyc_attributes); - return TALER_MHD_reply_static ( - rc->connection, - MHD_HTTP_NO_CONTENT, - NULL, - NULL, - 0); - } - break; - case GNUNET_DB_STATUS_SUCCESS_ONE_RESULT: - break; - } - return TALER_MHD_REPLY_JSON_PACK ( - rc->connection, - MHD_HTTP_OK, - GNUNET_JSON_pack_array_steal ("aml_history", - aml_history), - GNUNET_JSON_pack_array_steal ("kyc_attributes", - kyc_attributes)); - } -} - - -/* end of taler-exchange-httpd_aml-decision_get.c */ diff --git a/src/exchange/taler-exchange-httpd_aml-decision.c b/src/exchange/taler-exchange-httpd_aml-decision.c index bf43fdbf2..00eaccfba 100644 --- a/src/exchange/taler-exchange-httpd_aml-decision.c +++ b/src/exchange/taler-exchange-httpd_aml-decision.c @@ -47,9 +47,9 @@ struct DecisionContext struct GNUNET_TIME_Timestamp decision_time; /** - * New threshold for revising the decision. + * New rules after the decision. */ - struct TALER_Amount new_threshold; + const json_t *new_rules; /** * Hash of payto://-URI of affected account. @@ -57,11 +57,6 @@ struct DecisionContext struct TALER_PaytoHashP h_payto; /** - * New AML state. - */ - enum TALER_AmlDecisionState new_state; - - /** * Signature affirming the decision. */ struct TALER_AmlOfficerSignatureP officer_sig; @@ -71,11 +66,6 @@ struct DecisionContext */ const struct TALER_AmlOfficerPublicKeyP *officer_pub; - /** - * KYC requirements imposed, NULL for none. - */ - const json_t *kyc_requirements; - }; @@ -100,9 +90,11 @@ make_aml_decision (void *cls, MHD_RESULT *mhd_ret) { struct DecisionContext *dc = cls; - enum GNUNET_DB_QueryStatus qs; struct GNUNET_TIME_Timestamp last_date; - bool invalid_officer; + bool invalid_officer = -1; + +#if FIXME + enum GNUNET_DB_QueryStatus qs; uint64_t requirement_row = 0; if ( (NULL != dc->kyc_requirements) && @@ -154,7 +146,8 @@ make_aml_decision (void *cls, *mhd_ret = TALER_MHD_reply_with_error (connection, MHD_HTTP_INTERNAL_SERVER_ERROR, TALER_EC_GENERIC_DB_FETCH_FAILED, - "select_satisfied_kyc_processes"); + "select_satisfied_kyc_processes") + ; return GNUNET_DB_STATUS_HARD_ERROR; } return qs; @@ -209,6 +202,7 @@ make_aml_decision (void *cls, } return qs; } +#endif if (invalid_officer) { GNUNET_break_op (0); @@ -251,19 +245,12 @@ TEH_handler_post_aml_decision ( &dc.officer_sig), GNUNET_JSON_spec_fixed_auto ("h_payto", &dc.h_payto), - TALER_JSON_spec_amount ("new_threshold", - TEH_currency, - &dc.new_threshold), + GNUNET_JSON_spec_object_const ("new_rules", + &dc.new_rules), GNUNET_JSON_spec_string ("justification", &dc.justification), GNUNET_JSON_spec_timestamp ("decision_time", &dc.decision_time), - TALER_JSON_spec_aml_decision ("new_state", - &dc.new_state), - GNUNET_JSON_spec_mark_optional ( - GNUNET_JSON_spec_array_const ("kyc_requirements", - &dc.kyc_requirements), - NULL), GNUNET_JSON_spec_end () }; @@ -283,14 +270,13 @@ TEH_handler_post_aml_decision ( } TEH_METRICS_num_verifications[TEH_MT_SIGNATURE_EDDSA]++; if (GNUNET_OK != - TALER_officer_aml_decision_verify (dc.justification, - dc.decision_time, - &dc.new_threshold, - &dc.h_payto, - dc.new_state, - dc.kyc_requirements, - dc.officer_pub, - &dc.officer_sig)) + TALER_officer_aml_decision_verify ( + dc.justification, + dc.decision_time, + &dc.h_payto, + dc.new_rules, + dc.officer_pub, + &dc.officer_sig)) { GNUNET_break_op (0); return TALER_MHD_reply_with_error ( @@ -300,6 +286,7 @@ TEH_handler_post_aml_decision ( NULL); } +#if 0 if (NULL != dc.kyc_requirements) { size_t index; @@ -331,6 +318,7 @@ TEH_handler_post_aml_decision ( } } } +#endif { MHD_RESULT mhd_ret; diff --git a/src/exchange/taler-exchange-httpd_aml-decision.h b/src/exchange/taler-exchange-httpd_aml-decision.h index 8af742c0a..10056116d 100644 --- a/src/exchange/taler-exchange-httpd_aml-decision.h +++ b/src/exchange/taler-exchange-httpd_aml-decision.h @@ -43,7 +43,7 @@ TEH_handler_post_aml_decision ( /** - * Handle a GET "/aml/$OFFICER_PUB/decisions/$STATE" request. Parses the request + * Handle a GET "/aml/$OFFICER_PUB/decisions" request. Parses the request * details, checks the signatures and if appropriately authorized returns * the matching decisions. * @@ -59,21 +59,4 @@ TEH_handler_aml_decisions_get ( const char *const args[]); -/** - * Handle a GET "/aml/$OFFICER_PUB/decision/$H_PAYTO" request. Parses the request - * details, checks the signatures and if appropriately authorized returns - * the AML history and KYC attributes for the account. - * - * @param rc request context - * @param officer_pub public key of the AML officer who made the request - * @param args GET arguments (should be one) - * @return MHD result code - */ -MHD_RESULT -TEH_handler_aml_decision_get ( - struct TEH_RequestContext *rc, - const struct TALER_AmlOfficerPublicKeyP *officer_pub, - const char *const args[]); - - #endif diff --git a/src/exchange/taler-exchange-httpd_aml-decisions-get.c b/src/exchange/taler-exchange-httpd_aml-decisions-get.c index 763817cf6..320e9fe4e 100644 --- a/src/exchange/taler-exchange-httpd_aml-decisions-get.c +++ b/src/exchange/taler-exchange-httpd_aml-decisions-get.c @@ -33,26 +33,30 @@ /** - * Maximum number of records we return per request. - */ -#define MAX_RECORDS 1024 - -/** * Return AML status. * * @param cls closure * @param row_id current row in AML status table * @param h_payto account for which the attribute data is stored - * @param threshold currently monthly threshold that would trigger an AML check - * @param status what is the current AML decision + * @param decision_time when was the decision taken + * @param expiration_time when will the rules expire + * @param jproperties properties set for the account, + * NULL if no properties were set + * @param to_investigate true if AML staff should look at the account + * @param is_active true if this is the currently active decision about the account + * @param account_rules current active rules for the account */ static void record_cb ( void *cls, uint64_t row_id, const struct TALER_PaytoHashP *h_payto, - const struct TALER_Amount *threshold, - enum TALER_AmlDecisionState status) + struct GNUNET_TIME_Absolute decision_time, + struct GNUNET_TIME_Absolute expiration_time, + const json_t *jproperties, + bool to_investigate, + bool is_active, + const json_t *account_rules) { json_t *records = cls; @@ -63,10 +67,7 @@ record_cb ( GNUNET_JSON_PACK ( GNUNET_JSON_pack_data_auto ("h_payto", h_payto), - GNUNET_JSON_pack_int64 ("current_state", - status), - TALER_JSON_pack_amount ("threshold", - threshold), + // FIXME: pack other data! GNUNET_JSON_pack_int64 ("rowid", row_id) ))); @@ -79,12 +80,10 @@ TEH_handler_aml_decisions_get ( const struct TALER_AmlOfficerPublicKeyP *officer_pub, const char *const args[]) { - enum TALER_AmlDecisionState decision; - int delta = -20; - unsigned long long start; - const char *state_str = args[0]; + long long limit = -20; + unsigned long long offset; - if (NULL == state_str) + if (NULL != args[0]) { GNUNET_break_op (0); return TALER_MHD_reply_with_error (rc->connection, @@ -92,68 +91,43 @@ TEH_handler_aml_decisions_get ( TALER_EC_GENERIC_ENDPOINT_UNKNOWN, args[0]); } - if (0 == strcmp (state_str, - "pending")) - decision = TALER_AML_PENDING; - else if (0 == strcmp (state_str, - "frozen")) - decision = TALER_AML_FROZEN; - else if (0 == strcmp (state_str, - "normal")) - decision = TALER_AML_NORMAL; - else - { - GNUNET_break_op (0); - return TALER_MHD_reply_with_error (rc->connection, - MHD_HTTP_BAD_REQUEST, - TALER_EC_GENERIC_ENDPOINT_UNKNOWN, - state_str); - } - if (NULL != args[1]) - { - GNUNET_break_op (0); - return TALER_MHD_reply_with_error (rc->connection, - MHD_HTTP_BAD_REQUEST, - TALER_EC_GENERIC_ENDPOINT_UNKNOWN, - args[1]); - } { const char *p; p = MHD_lookup_connection_value (rc->connection, MHD_GET_ARGUMENT_KIND, - "delta"); + "limit"); if (NULL != p) { char dummy; if (1 != sscanf (p, - "%d%c", - &delta, + "%lld%c", + &limit, &dummy)) { GNUNET_break_op (0); return TALER_MHD_reply_with_error (rc->connection, MHD_HTTP_BAD_REQUEST, TALER_EC_GENERIC_PARAMETER_MALFORMED, - "delta"); + "limit"); } } - if (delta > 0) - start = 0; + if (limit > 0) + offset = 0; else - start = INT64_MAX; + offset = INT64_MAX; p = MHD_lookup_connection_value (rc->connection, MHD_GET_ARGUMENT_KIND, - "start"); + "offset"); if (NULL != p) { char dummy; if (1 != sscanf (p, "%llu%c", - &start, + &offset, &dummy)) { GNUNET_break_op (0); @@ -171,18 +145,15 @@ TEH_handler_aml_decisions_get ( records = json_array (); GNUNET_assert (NULL != records); - if (INT_MIN == delta) - delta = INT_MIN + 1; - qs = TEH_plugin->select_aml_process (TEH_plugin->cls, - decision, - start, - GNUNET_MIN (MAX_RECORDS, - delta > 0 - ? delta - : -delta), - delta > 0, - &record_cb, - records); + qs = TEH_plugin->select_aml_decisions ( + TEH_plugin->cls, + NULL /* FIXME! */, + 0, /* FIXME */ + 0, /* FIXME */ + offset, + limit, + &record_cb, + records); switch (qs) { case GNUNET_DB_STATUS_HARD_ERROR: |