diff options
-rw-r--r-- | src/exchange/taler-exchange-httpd_batch-withdraw.c | 734 | ||||
-rw-r--r-- | src/exchange/taler-exchange-httpd_batch-withdraw.h | 48 | ||||
-rw-r--r-- | src/exchange/taler-exchange-httpd_withdraw.c | 4 | ||||
-rw-r--r-- | src/exchange/taler-exchange-httpd_withdraw.h | 2 | ||||
-rw-r--r-- | src/exchangedb/exchange-0001-part.sql | 239 | ||||
-rw-r--r-- | src/exchangedb/plugin_exchangedb_postgres.c | 143 | ||||
-rw-r--r-- | src/include/taler_exchangedb_plugin.h | 53 |
7 files changed, 1222 insertions, 1 deletions
diff --git a/src/exchange/taler-exchange-httpd_batch-withdraw.c b/src/exchange/taler-exchange-httpd_batch-withdraw.c new file mode 100644 index 000000000..a6302aade --- /dev/null +++ b/src/exchange/taler-exchange-httpd_batch-withdraw.c @@ -0,0 +1,734 @@ +/* + This file is part of TALER + Copyright (C) 2014-2022 Taler Systems SA + + TALER is free software; you can redistribute it and/or modify + it under the terms of the GNU Affero General Public License as + published by the Free Software Foundation; either version 3, + or (at your option) any later version. + + TALER is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty + of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. + See the GNU Affero General Public License for more details. + + You should have received a copy of the GNU Affero General + Public License along with TALER; see the file COPYING. If not, + see <http://www.gnu.org/licenses/> +*/ +/** + * @file taler-exchange-httpd_batch-withdraw.c + * @brief Handle /reserves/$RESERVE_PUB/batch-withdraw requests + * @author Florian Dold + * @author Benedikt Mueller + * @author Christian Grothoff + */ +#include "platform.h" +#include <gnunet/gnunet_util_lib.h> +#include <jansson.h> +#include "taler_json_lib.h" +#include "taler_mhd_lib.h" +#include "taler-exchange-httpd_batch-withdraw.h" +#include "taler-exchange-httpd_responses.h" +#include "taler-exchange-httpd_keys.h" + + +/** + * Information per planchet in the batch. + */ +struct PlanchetContext +{ + + /** + * Hash of the (blinded) message to be signed by the Exchange. + */ + struct TALER_BlindedCoinHashP h_coin_envelope; + + /** + * Value of the coin being exchanged (matching the denomination key) + * plus the transaction fee. We include this in what is being + * signed so that we can verify a reserve's remaining total balance + * without needing to access the respective denomination key + * information each time. + */ + struct TALER_Amount amount_with_fee; + + /** + * Blinded planchet. + */ + struct TALER_BlindedPlanchet blinded_planchet; + + /** + * Set to the resulting signed coin data to be returned to the client. + */ + struct TALER_EXCHANGEDB_CollectableBlindcoin collectable; + +}; + +/** + * Context for #batch_withdraw_transaction. + */ +struct BatchWithdrawContext +{ + + /** + * Public key of the reserv. + */ + const struct TALER_ReservePublicKeyP *reserve_pub; + + /** + * KYC status of the reserve used for the operation. + */ + struct TALER_EXCHANGEDB_KycStatus kyc; + + /** + * Array of @e planchets_length planchets we are processing. + */ + struct PlanchetContext *planchets; + + /** + * Total amount from all coins with fees. + */ + struct TALER_Amount batch_total; + + /** + * Length of the @e planchets array. + */ + unsigned int planchets_length; + +}; + + +/** + * Send reserve history information to client with the + * message that we have insufficient funds for the + * requested withdraw operation. + * + * @param connection connection to the client + * @param ebalance expected balance based on our database + * @param withdraw_amount amount that the client requested to withdraw + * @param rh reserve history to return + * @return MHD result code + */ +static MHD_RESULT +reply_withdraw_insufficient_funds ( + struct MHD_Connection *connection, + const struct TALER_Amount *ebalance, + const struct TALER_Amount *withdraw_amount, + const struct TALER_EXCHANGEDB_ReserveHistory *rh) +{ + json_t *json_history; + + json_history = TEH_RESPONSE_compile_reserve_history (rh); + if (NULL == json_history) + return TALER_MHD_reply_with_error (connection, + MHD_HTTP_INTERNAL_SERVER_ERROR, + TALER_EC_EXCHANGE_WITHDRAW_HISTORY_ERROR_INSUFFICIENT_FUNDS, + NULL); + return TALER_MHD_REPLY_JSON_PACK ( + connection, + MHD_HTTP_CONFLICT, + TALER_JSON_pack_ec (TALER_EC_EXCHANGE_WITHDRAW_INSUFFICIENT_FUNDS), + TALER_JSON_pack_amount ("balance", + ebalance), + TALER_JSON_pack_amount ("requested_amount", + withdraw_amount), + GNUNET_JSON_pack_array_steal ("history", + json_history)); +} + + +/** + * Function implementing withdraw transaction. Runs the + * transaction logic; IF it returns a non-error code, the transaction + * logic MUST NOT queue a MHD response. IF it returns an hard error, + * the transaction logic MUST queue a MHD response and set @a mhd_ret. + * IF it returns the soft error code, the function MAY be called again + * to retry and MUST not queue a MHD response. + * + * Note that "wc->collectable.sig" is set before entering this function as we + * signed before entering the transaction. + * + * @param cls a `struct BatchWithdrawContext *` + * @param connection MHD request which triggered the transaction + * @param[out] mhd_ret set to MHD response status for @a connection, + * if transaction failed (!) + * @return transaction status + */ +static enum GNUNET_DB_QueryStatus +batch_withdraw_transaction (void *cls, + struct MHD_Connection *connection, + MHD_RESULT *mhd_ret) +{ + struct BatchWithdrawContext *wc = cls; + struct GNUNET_TIME_Timestamp now; + uint64_t ruuid; + enum GNUNET_DB_QueryStatus qs; + bool balance_ok = false; + bool found = false; + + now = GNUNET_TIME_timestamp_get (); + qs = TEH_plugin->do_batch_withdraw (TEH_plugin->cls, + now, + wc->reserve_pub, + &wc->batch_total, + &balance_ok, + &found, + &wc->kyc, + &ruuid); + if (0 > qs) + { + if (GNUNET_DB_STATUS_HARD_ERROR == qs) + *mhd_ret = TALER_MHD_reply_with_error (connection, + MHD_HTTP_INTERNAL_SERVER_ERROR, + TALER_EC_GENERIC_DB_FETCH_FAILED, + "update_reserve_batch_withdraw"); + return qs; + } + if (! found) + { + *mhd_ret = TALER_MHD_reply_with_error (connection, + MHD_HTTP_NOT_FOUND, + TALER_EC_EXCHANGE_WITHDRAW_RESERVE_UNKNOWN, + NULL); + return GNUNET_DB_STATUS_HARD_ERROR; + } + if (! balance_ok) + { + /* FIXME: logic shared with normal withdraw + => refactor and move to new TEH_responses function! */ + struct TALER_EXCHANGEDB_ReserveHistory *rh; + struct TALER_Amount balance; + + TEH_plugin->rollback (TEH_plugin->cls); + // FIXME: maybe start read-committed here? + if (GNUNET_OK != + TEH_plugin->start (TEH_plugin->cls, + "get_reserve_history on insufficient balance")) + { + GNUNET_break (0); + if (NULL != mhd_ret) + *mhd_ret = TALER_MHD_reply_with_error (connection, + MHD_HTTP_INTERNAL_SERVER_ERROR, + TALER_EC_GENERIC_DB_START_FAILED, + NULL); + return GNUNET_DB_STATUS_HARD_ERROR; + } + /* The reserve does not have the required amount (actual + * amount + withdraw fee) */ + qs = TEH_plugin->get_reserve_history (TEH_plugin->cls, + &wc->collectable.reserve_pub, + &balance, + &rh); + if (NULL == rh) + { + if (GNUNET_DB_STATUS_HARD_ERROR == qs) + *mhd_ret = TALER_MHD_reply_with_error (connection, + MHD_HTTP_INTERNAL_SERVER_ERROR, + TALER_EC_GENERIC_DB_FETCH_FAILED, + "reserve history"); + return GNUNET_DB_STATUS_HARD_ERROR; + } + *mhd_ret = reply_withdraw_insufficient_funds ( + connection, + &balance, + &wc->batch_total, + rh); + TEH_plugin->free_reserve_history (TEH_plugin->cls, + rh); + return GNUNET_DB_STATUS_HARD_ERROR; + } + + if ( (TEH_KYC_NONE != TEH_kyc_config.mode) && + (! wc->kyc.ok) && + (TALER_EXCHANGEDB_KYC_W2W == wc->kyc.type) ) + { + /* Wallet-to-wallet payments _always_ require KYC */ + *mhd_ret = TALER_MHD_REPLY_JSON_PACK ( + connection, + MHD_HTTP_ACCEPTED, + GNUNET_JSON_pack_uint64 ("payment_target_uuid", + wc->kyc.payment_target_uuid)); + return GNUNET_DB_STATUS_HARD_ERROR; + } + if ( (TEH_KYC_NONE != TEH_kyc_config.mode) && + (! wc->kyc.ok) && + (TALER_EXCHANGEDB_KYC_WITHDRAW == wc->kyc.type) && + (! GNUNET_TIME_relative_is_zero (TEH_kyc_config.withdraw_period)) ) + { + /* Withdraws require KYC if above threshold */ + enum GNUNET_DB_QueryStatus qs2; + bool below_limit; + + qs2 = TEH_plugin->do_withdraw_limit_check ( + TEH_plugin->cls, + ruuid, + GNUNET_TIME_absolute_subtract (now.abs_time, + TEH_kyc_config.withdraw_period), + &TEH_kyc_config.withdraw_limit, + &below_limit); + if (0 > qs2) + { + GNUNET_break (GNUNET_DB_STATUS_SOFT_ERROR == qs2); + if (GNUNET_DB_STATUS_HARD_ERROR == qs2) + *mhd_ret = TALER_MHD_reply_with_error (connection, + MHD_HTTP_INTERNAL_SERVER_ERROR, + TALER_EC_GENERIC_DB_FETCH_FAILED, + "do_withdraw_limit_check"); + return qs2; + } + if (! below_limit) + { + *mhd_ret = TALER_MHD_REPLY_JSON_PACK ( + connection, + MHD_HTTP_ACCEPTED, + GNUNET_JSON_pack_uint64 ("payment_target_uuid", + wc->kyc.payment_target_uuid)); + return GNUNET_DB_STATUS_HARD_ERROR; + } + } + + /* Add information about each planchet in the batch */ + for (unsigned int i = 0; i<wc->planchets_length; i++) + { + struct PlanchetContext *pc = &wc->planchets[i]; + const struct TALER_BlindedPlanchet *bp = &pc->blinded_planchet; + const struct TALER_CsNonce *nonce; + bool denom_unknown = true; + bool conflict = true; + bool nonce_reuse = true; + + nonce = (TALER_DENOMINATION_CS == bp->cipher) + ? &bp->details.cs_blinded_planchet.nonce + : NULL; + qs = TEH_plugin->do_batch_withdraw_insert (TEH_plugin->cls, + nonce, + &wc->collectable, + now, + ruuid, + &denom_unknown, + &conflict, + &nonce_reuse); + if (0 > qs) + { + if (GNUNET_DB_STATUS_HARD_ERROR == qs) + *mhd_ret = TALER_MHD_reply_with_error (connection, + MHD_HTTP_INTERNAL_SERVER_ERROR, + TALER_EC_GENERIC_DB_FETCH_FAILED, + "do_withdraw"); + return qs; + } + if (denom_unknown) + { + GNUNET_break (0); + *mhd_ret = TALER_MHD_reply_with_error (connection, + MHD_HTTP_INTERNAL_SERVER_ERROR, + TALER_EC_GENERIC_DB_INVARIANT_FAILURE, + NULL); + return GNUNET_DB_STATUS_HARD_ERROR; + } + if ( (GNUNET_DB_STATUS_SUCCESS_NO_RESULTS == qs) || + (conflict) ) + { + GNUNET_log (GNUNET_ERROR_TYPE_WARNING, + "Idempotent coin in batch, not allowed. Aborting.\n"); + *mhd_ret = TALER_MHD_reply_with_error (connection, + MHD_HTTP_CONFLICT, + TALER_EC_EXCHANGE_BATCH_IDEMPOTENT_PLANCHET, + NULL); + return GNUNET_DB_STATUS_HARD_ERROR; + } + if (nonce_reuse) + { + GNUNET_break_op (0); + *mhd_ret = TALER_MHD_reply_with_error (connection, + MHD_HTTP_BAD_REQUEST, + TALER_EC_EXCHANGE_WITHDRAW_NONCE_REUSE, + NULL); + return GNUNET_DB_STATUS_HARD_ERROR; + } + } + + return GNUNET_DB_STATUS_SUCCESS_ONE_RESULT; +} + + +/** + * Check if the @a rc is replayed and we already have an + * answer. If so, replay the existing answer and return the + * HTTP response. + * + * @param rc request context + * @param[in,out] wc parsed request data + * @param[out] mret HTTP status, set if we return true + * @return true if the request is idempotent with an existing request + * false if we did not find the request in the DB and did not set @a mret + */ +static bool +check_request_idempotent (struct TEH_RequestContext *rc, + struct BatchWithdrawContext *wc, + MHD_RESULT *mret) +{ + /* FIXME: Not yet supported. Do we want to, or simply + generate an error in this case? */ +#if FIXME + enum GNUNET_DB_QueryStatus qs; + + qs = TEH_plugin->get_withdraw_info (TEH_plugin->cls, + &wc->h_coin_envelope, + &wc->collectable); + if (0 > qs) + { + GNUNET_break (GNUNET_DB_STATUS_SOFT_ERROR == qs); + if (GNUNET_DB_STATUS_HARD_ERROR == qs) + *mret = TALER_MHD_reply_with_error (rc->connection, + MHD_HTTP_INTERNAL_SERVER_ERROR, + TALER_EC_GENERIC_DB_FETCH_FAILED, + "get_withdraw_info"); + return true; /* well, kind-of */ + } + if (GNUNET_DB_STATUS_SUCCESS_NO_RESULTS == qs) + return false; + /* generate idempotent reply */ + *mret = TALER_MHD_REPLY_JSON_PACK ( + rc->connection, + MHD_HTTP_OK, + TALER_JSON_pack_blinded_denom_sig ("ev_sig", + &wc->collectable.sig)); + TALER_blinded_denom_sig_free (&wc->collectable.sig); + return true; +#else + return false; +#endif +} + + +/** + * The request was parsed successfully. Prepare + * our side for the main DB transaction. + * + * @param rc request details + * @param wc storage for request processing + * @return MHD result for the @a rc + */ +static MHD_RESULT +prepare_transaction (struct TEH_RequestContext *rc, + struct BatchWithdrawContext *wc) +{ + /* Note: We could check the reserve balance here, + just to be reasonably sure that the reserve has + a sufficient balance before doing the "expensive" + signatures... */ + /* Sign before transaction! */ + for (unsigned int i = 0; i<wc->planchets_length; i++) + { + struct PlanchetContext *pc = &wc->planchets[i]; + enum TALER_ErrorCode ec; + + ec = TEH_keys_denomination_sign_withdraw ( + &pc->collectable.denom_pub_hash, + &pc->blinded_planchet, + &pc->collectable.sig); + if (TALER_EC_NONE != ec) + { + GNUNET_break (0); + return TALER_MHD_reply_with_ec (rc->connection, + ec, + NULL); + } + } + + /* run transaction */ + { + MHD_RESULT mhd_ret; + + if (GNUNET_OK != + TEH_DB_run_transaction (rc->connection, + "run batch withdraw", + TEH_MT_REQUEST_WITHDRAW, + &mhd_ret, + &batch_withdraw_transaction, + wc)) + { + return mhd_ret; + } + } + /* return final positive response */ + { + json_t *sigs; + + sigs = json_array (); + GNUNET_assert (NULL != sigs); + for (unsigned int i = 0; i<wc->planchets_length; i++) + { + struct PlanchetContext *pc = &wc->planchets[i]; + + GNUNET_assert ( + 0 == + json_array_append_new ( + sigs, + GNUNET_JSON_PACK ( + TALER_JSON_pack_blinded_denom_sig ( + "ev_sig", + &pc->collectable.sig)))); + } + return TALER_MHD_REPLY_JSON_PACK ( + rc->connection, + MHD_HTTP_OK, + GNUNET_JSON_pack_array_steal ("ev_sigs", + sigs)); + } +} + + +/** + * Continue processing the request @a rc by parsing the + * @a planchets and then running the transaction. + * + * @param rc request details + * @param wc storage for request processing + * @param planchets array of planchets to parse + * @return MHD result for the @a rc + */ +static MHD_RESULT +parse_planchets (struct TEH_RequestContext *rc, + struct BatchWithdrawContext *wc, + const json_t *planchets) +{ + struct TEH_KeyStateHandle *ksh; + MHD_RESULT mret; + + ksh = TEH_keys_get_state (); + if (NULL == ksh) + { + if (! check_request_idempotent (rc, + wc, + &mret)) + { + return TALER_MHD_reply_with_error (rc->connection, + MHD_HTTP_INTERNAL_SERVER_ERROR, + TALER_EC_EXCHANGE_GENERIC_KEYS_MISSING, + NULL); + } + return mret; + } + for (unsigned int i = 0; i<wc->planchets_length; i++) + { + struct PlanchetContext *pc = &wc->planchets[i]; + struct GNUNET_JSON_Specification ispec[] = { + GNUNET_JSON_spec_fixed_auto ("reserve_sig", + &pc->collectable.reserve_sig), + GNUNET_JSON_spec_fixed_auto ("denom_pub_hash", + &pc->collectable.denom_pub_hash), + TALER_JSON_spec_blinded_planchet ("coin_ev", + &pc->blinded_planchet), + GNUNET_JSON_spec_end () + }; + struct TEH_DenominationKey *dk; + + { + enum GNUNET_GenericReturnValue res; + + res = TALER_MHD_parse_json_data (rc->connection, + json_array_get (planchets, + i), + ispec); + if (GNUNET_OK != res) + return (GNUNET_SYSERR == res) ? MHD_NO : MHD_YES; + } + pc->collectable.reserve_pub = *wc->reserve_pub; + dk = TEH_keys_denomination_by_hash2 (ksh, + &pc->collectable.denom_pub_hash, + NULL, + NULL); + if (NULL == dk) + { + if (! check_request_idempotent (rc, + wc, + &mret)) + { + return TEH_RESPONSE_reply_unknown_denom_pub_hash ( + rc->connection, + &pc->collectable.denom_pub_hash); + } + return mret; + } + if (GNUNET_TIME_absolute_is_past (dk->meta.expire_withdraw.abs_time)) + { + /* This denomination is past the expiration time for withdraws */ + if (! check_request_idempotent (rc, + wc, + &mret)) + { + GNUNET_JSON_parse_free (spec); + return TEH_RESPONSE_reply_expired_denom_pub_hash ( + rc->connection, + &wc->collectable.denom_pub_hash, + TALER_EC_EXCHANGE_GENERIC_DENOMINATION_EXPIRED, + "WITHDRAW"); + } + return mret; + } + if (GNUNET_TIME_absolute_is_future (dk->meta.start.abs_time)) + { + /* This denomination is not yet valid, no need to check + for idempotency! */ + return TEH_RESPONSE_reply_expired_denom_pub_hash ( + rc->connection, + &wc->collectable.denom_pub_hash, + TALER_EC_EXCHANGE_GENERIC_DENOMINATION_VALIDITY_IN_FUTURE, + "WITHDRAW"); + } + if (dk->recoup_possible) + { + /* This denomination has been revoked */ + if (! check_request_idempotent (rc, + wc, + &mret)) + { + return TEH_RESPONSE_reply_expired_denom_pub_hash ( + rc->connection, + &wc->collectable.denom_pub_hash, + TALER_EC_EXCHANGE_GENERIC_DENOMINATION_REVOKED, + "WITHDRAW"); + } + return mret; + } + if (dk->denom_pub.cipher != wc->blinded_planchet.cipher) + { + /* denomination cipher and blinded planchet cipher not the same */ + return TALER_MHD_reply_with_error (rc->connection, + MHD_HTTP_BAD_REQUEST, + TALER_EC_EXCHANGE_GENERIC_CIPHER_MISMATCH, + NULL); + } + if (0 > + TALER_amount_add (&pc->collectable.amount_with_fee, + &dk->meta.value, + &dk->meta.fees.withdraw)) + { + return TALER_MHD_reply_with_error (rc->connection, + MHD_HTTP_INTERNAL_SERVER_ERROR, + TALER_EC_EXCHANGE_WITHDRAW_AMOUNT_FEE_OVERFLOW, + NULL); + } + if (0 > + TALER_amount_add (&wc->batch_total, + &wc->batch_total, + pc->collectable.amount_with_fee)) + { + return TALER_MHD_reply_with_error (rc->connection, + MHD_HTTP_INTERNAL_SERVER_ERROR, + TALER_EC_EXCHANGE_WITHDRAW_AMOUNT_FEE_OVERFLOW, + NULL); + } + + if (GNUNET_OK != + TALER_coin_ev_hash (&pc->blinded_planchet, + &pc->collectable.denom_pub_hash, + &pc->collectable.h_coin_envelope)) + { + GNUNET_break (0); + GNUNET_JSON_parse_free (spec); + return TALER_MHD_reply_with_error (rc->connection, + MHD_HTTP_INTERNAL_SERVER_ERROR, + TALER_EC_GENERIC_INTERNAL_INVARIANT_FAILURE, + NULL); + } + TEH_METRICS_num_verifications[TEH_MT_SIGNATURE_EDDSA]++; + if (GNUNET_OK != + TALER_wallet_withdraw_verify (&pc->collectable.denom_pub_hash, + &pc->collectable.amount_with_fee, + &pc->collectable.h_coin_envelope, + &pc->collectable.reserve_pub, + &pc->collectable.reserve_sig)) + { + GNUNET_break_op (0); + GNUNET_JSON_parse_free (spec); + return TALER_MHD_reply_with_error (rc->connection, + MHD_HTTP_FORBIDDEN, + TALER_EC_EXCHANGE_WITHDRAW_RESERVE_SIGNATURE_INVALID, + NULL); + } + } + /* everything parsed */ + return prepare_transaction (rc, + wc); +} + + +MHD_RESULT +TEH_handler_batch_withdraw (struct TEH_RequestContext *rc, + const struct TALER_ReservePublicKeyP *reserve_pub, + const json_t *root) +{ + struct BatchWithdrawContext wc; + json_t *planchets; + struct GNUNET_JSON_Specification spec[] = { + GNUNET_JSON_spec_json ("planchets", + &planchets), + GNUNET_JSON_spec_end () + }; + + memset (&wc, + 0, + sizeof (wc)); + TALER_amount_set_zero (TEH_currency, + &wc.batch_total); + wc.reserve_pub = reserve_pub; + + { + enum GNUNET_GenericReturnValue res; + + res = TALER_MHD_parse_json_data (rc->connection, + root, + spec); + if (GNUNET_OK != res) + return (GNUNET_SYSERR == res) ? MHD_NO : MHD_YES; + } + if ( (! json_is_array (planchets)) || + (0 == json_array_size (planchets)) ) + { + GNUNET_JSON_parse_free (spec); + GNUNET_break_op (0); + return TALER_MHD_reply_with_error (rc->connection, + MHD_HTTP_BAD_REQUEST, + TALER_EC_GENERIC_PARAMETER_MALFORMED, + "planchets"); + } + wc.planchets_length = json_array_size (planchets); + if (wc.planchets_length > TALER_MAX_FRESH_COINS) + { + GNUNET_JSON_parse_free (spec); + GNUNET_break_op (0); + return TALER_MHD_reply_with_error (rc->connection, + MHD_HTTP_BAD_REQUEST, + TALER_EC_GENERIC_PARAMETER_MALFORMED, + "too many planchets"); + } + { + struct PlanchetContext splanchets[wc.planchets_length]; + MHD_RESULT ret; + + memset (splanchets, + 0, + sizeof (splanchets)); + wc.planchets = splanchets; + ret = parse_planchets (rc, + &wc, + planchets); + /* Clean up */ + for (unsigned int i = 0; i<wc.planchets_length; i++) + { + struct PlanchetContext *pc = &wc->planchets[i]; + + // FIXME: Free more of memory in pc! + TALER_blinded_denom_sig_free (&pc->collectable.sig); + } + GNUNET_JSON_parse_free (spec); + return ret; + } +} + + +/* end of taler-exchange-httpd_batch-withdraw.c */ diff --git a/src/exchange/taler-exchange-httpd_batch-withdraw.h b/src/exchange/taler-exchange-httpd_batch-withdraw.h new file mode 100644 index 000000000..dfc6e5ad8 --- /dev/null +++ b/src/exchange/taler-exchange-httpd_batch-withdraw.h @@ -0,0 +1,48 @@ +/* + This file is part of TALER + Copyright (C) 2014-2022 Taler Systems SA + + TALER is free software; you can redistribute it and/or modify it under the + terms of the GNU Affero General Public License as published by the Free Software + Foundation; either version 3, or (at your option) any later version. + + TALER is distributed in the hope that it will be useful, but WITHOUT ANY + WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR + A PARTICULAR PURPOSE. See the GNU Affero General Public License for more details. + + You should have received a copy of the GNU Affero General Public License along with + TALER; see the file COPYING. If not, see <http://www.gnu.org/licenses/> +*/ +/** + * @file taler-exchange-httpd_batch-withdraw.h + * @brief Handle /reserve/batch-withdraw requests + * @author Florian Dold + * @author Benedikt Mueller + * @author Christian Grothoff + */ +#ifndef TALER_EXCHANGE_HTTPD_BATCH_WITHDRAW_H +#define TALER_EXCHANGE_HTTPD_BATCH_WITHDRAW_H + +#include <microhttpd.h> +#include "taler-exchange-httpd.h" + + +/** + * Handle a "/reserves/$RESERVE_PUB/batch-withdraw" request. Parses the batch of + * requested "denom_pub" which specifies the key/value of the coin to be + * withdrawn, and checks that the signature "reserve_sig" makes this a valid + * withdrawal request from the specified reserve. If so, the envelope with + * the blinded coin "coin_ev" is passed down to execute the withdrawal + * operation. + * + * @param rc request context + * @param root uploaded JSON data + * @param reserve_pub public key of the reserve + * @return MHD result code + */ +MHD_RESULT +TEH_handler_batch_withdraw (struct TEH_RequestContext *rc, + const struct TALER_ReservePublicKeyP *reserve_pub, + const json_t *root); + +#endif diff --git a/src/exchange/taler-exchange-httpd_withdraw.c b/src/exchange/taler-exchange-httpd_withdraw.c index d5ecd3386..0c68b6d49 100644 --- a/src/exchange/taler-exchange-httpd_withdraw.c +++ b/src/exchange/taler-exchange-httpd_withdraw.c @@ -147,6 +147,10 @@ withdraw_transaction (void *cls, (TALER_DENOMINATION_CS == bp->cipher) ? &bp->details.cs_blinded_planchet.nonce : NULL; + // FIXME: what error is returned on nonce reuse? + // Should expand function to return this error + // specifically, and then we should return a + // TALER_EC_EXCHANGE_WITHDRAW_NONCE_REUSE, qs = TEH_plugin->do_withdraw (TEH_plugin->cls, nonce, &wc->collectable, diff --git a/src/exchange/taler-exchange-httpd_withdraw.h b/src/exchange/taler-exchange-httpd_withdraw.h index b754e64fd..2ec76bb92 100644 --- a/src/exchange/taler-exchange-httpd_withdraw.h +++ b/src/exchange/taler-exchange-httpd_withdraw.h @@ -28,7 +28,7 @@ /** - * Handle a "/reserves/$RESERVE_PUB/withdraw" request. Parses the the requested "denom_pub" which + * Handle a "/reserves/$RESERVE_PUB/withdraw" request. Parses the requested "denom_pub" which * specifies the key/value of the coin to be withdrawn, and checks that the * signature "reserve_sig" makes this a valid withdrawal request from the * specified reserve. If so, the envelope with the blinded coin "coin_ev" is diff --git a/src/exchangedb/exchange-0001-part.sql b/src/exchangedb/exchange-0001-part.sql index 9ca66cd4d..56f1df295 100644 --- a/src/exchangedb/exchange-0001-part.sql +++ b/src/exchangedb/exchange-0001-part.sql @@ -1509,6 +1509,245 @@ COMMENT ON FUNCTION exchange_do_withdraw(BYTEA, INT8, INT4, BYTEA, BYTEA, BYTEA, + +CREATE OR REPLACE FUNCTION exchange_do_batch_withdraw( + IN amount_val INT8, + IN amount_frac INT4, + IN rpub BYTEA, + IN now INT8, + IN min_reserve_gc INT8, + OUT reserve_found BOOLEAN, + OUT balance_ok BOOLEAN, + OUT kycok BOOLEAN, + OUT account_uuid INT8, + OUT ruuid INT8) +LANGUAGE plpgsql +AS $$ +DECLARE + reserve_gc INT8; +DECLARE + reserve_val INT8; +DECLARE + reserve_frac INT4; +BEGIN +-- Shards: reserves by reserve_pub (SELECT) +-- reserves_out (INSERT, with CONFLICT detection) by wih +-- reserves by reserve_pub (UPDATE) +-- reserves_in by reserve_pub (SELECT) +-- wire_targets by wire_target_h_payto + +SELECT + current_balance_val + ,current_balance_frac + ,gc_date + ,reserve_uuid + INTO + reserve_val + ,reserve_frac + ,reserve_gc + ,ruuid + FROM reserves + WHERE reserves.reserve_pub=rpub; + +IF NOT FOUND +THEN + -- reserve unknown + reserve_found=FALSE; + balance_ok=FALSE; + kycok=FALSE; + account_uuid=0; + ruuid=2; + RETURN; +END IF; + +-- Check reserve balance is sufficient. +IF (reserve_val > amount_val) +THEN + IF (reserve_frac >= amount_frac) + THEN + reserve_val=reserve_val - amount_val; + reserve_frac=reserve_frac - amount_frac; + ELSE + reserve_val=reserve_val - amount_val - 1; + reserve_frac=reserve_frac + 100000000 - amount_frac; + END IF; +ELSE + IF (reserve_val = amount_val) AND (reserve_frac >= amount_frac) + THEN + reserve_val=0; + reserve_frac=reserve_frac - amount_frac; + ELSE + reserve_found=TRUE; + balance_ok=FALSE; + kycok=FALSE; -- we do not really know or care + account_uuid=0; + RETURN; + END IF; +END IF; + +-- Calculate new expiration dates. +min_reserve_gc=GREATEST(min_reserve_gc,reserve_gc); + +-- Update reserve balance. +UPDATE reserves SET + gc_date=min_reserve_gc + ,current_balance_val=reserve_val + ,current_balance_frac=reserve_frac +WHERE + reserves.reserve_pub=rpub; + +reserve_found=TRUE; +balance_ok=TRUE; + + +-- Obtain KYC status based on the last wire transfer into +-- this reserve. FIXME: likely not adequate for reserves that got P2P transfers! +-- SELECT +-- kyc_ok +-- ,wire_target_serial_id +-- INTO +-- kycok +-- ,account_uuid +-- FROM reserves_in +-- JOIN wire_targets ON (wire_source_h_payto = wire_target_h_payto) +-- WHERE reserve_pub=rpub +-- LIMIT 1; -- limit 1 should not be required (without p2p transfers) + +WITH reserves_in AS materialized ( + SELECT wire_source_h_payto + FROM reserves_in WHERE + reserve_pub=rpub +) +SELECT + kyc_ok + ,wire_target_serial_id +INTO + kycok + ,account_uuid +FROM wire_targets + WHERE wire_target_h_payto = ( + SELECT wire_source_h_payto + FROM reserves_in + ); + +END $$; + +COMMENT ON FUNCTION exchange_do_batch_withdraw(INT8, INT4, BYTEA, INT8, INT8) + IS 'Checks whether the reserve has sufficient balance for a withdraw operation (or the request is repeated and was previously approved) and if so updates the database with the result. Excludes storing the planchets.'; + + + + + +CREATE OR REPLACE FUNCTION exchange_do_batch_withdraw_insert( + IN cs_nonce BYTEA, + IN amount_val INT8, + IN amount_frac INT4, + IN h_denom_pub BYTEA, + IN ruuid INT8, + IN reserve_sig BYTEA, + IN h_coin_envelope BYTEA, + IN denom_sig BYTEA, + IN now INT8, + OUT out_denom_unknown BOOLEAN, + OUT out_nonce_reuse BOOLEAN, + OUT out_conflict BOOLEAN) +LANGUAGE plpgsql +AS $$ +DECLARE + denom_serial INT8; +BEGIN +-- Shards: reserves by reserve_pub (SELECT) +-- reserves_out (INSERT, with CONFLICT detection) by wih +-- reserves by reserve_pub (UPDATE) +-- reserves_in by reserve_pub (SELECT) +-- wire_targets by wire_target_h_payto + +out_denom_unknown=TRUE; +out_conflict=TRUE; +out_nonce_reuse=TRUE; + +SELECT denominations_serial + INTO denom_serial + FROM denominations + WHERE denom_pub_hash=h_denom_pub; + +IF NOT FOUND +THEN + -- denomination unknown, should be impossible! + out_denom_unknown=TRUE; + ASSERT false, 'denomination unknown'; + RETURN; +END IF; +out_denom_unknown=FALSE; + +INSERT INTO reserves_out + (h_blind_ev + ,denominations_serial + ,denom_sig + ,reserve_uuid + ,reserve_sig + ,execution_date + ,amount_with_fee_val + ,amount_with_fee_frac) +VALUES + (h_coin_envelope + ,denom_serial + ,denom_sig + ,ruuid + ,reserve_sig + ,now + ,amount_val + ,amount_frac) +ON CONFLICT DO NOTHING; + +IF NOT FOUND +THEN + out_conflict=TRUE; + RETURN; +END IF; +out_conflict=FALSE; + +-- Special actions needed for a CS withdraw? +out_nonce_reuse=FALSE; +IF NOT NULL cs_nonce +THEN + -- Cache CS signature to prevent replays in the future + -- (and check if cached signature exists at the same time). + INSERT INTO cs_nonce_locks + (nonce + ,max_denomination_serial + ,op_hash) + VALUES + (cs_nonce + ,denom_serial + ,h_coin_envelope) + ON CONFLICT DO NOTHING; + + IF NOT FOUND + THEN + -- See if the existing entry is identical. + SELECT 1 + FROM cs_nonce_locks + WHERE nonce=cs_nonce + AND op_hash=h_coin_envelope; + IF NOT FOUND + THEN + out_nonce_reuse=TRUE; + ASSERT false, 'nonce reuse attempted by client'; + RETURN; + END IF; + END IF; +END IF; + +END $$; + +COMMENT ON FUNCTION exchange_do_batch_withdraw_insert(BYTEA, INT8, INT4, BYTEA, INT8, BYTEA, BYTEA, BYTEA, INT8) + IS 'Stores information about a planchet for a batch withdraw operation. Checks if the planchet already exists, and in that case indicates a conflict'; + + + + CREATE OR REPLACE FUNCTION exchange_do_withdraw_limit_check( IN ruuid INT8, IN start_time INT8, diff --git a/src/exchangedb/plugin_exchangedb_postgres.c b/src/exchangedb/plugin_exchangedb_postgres.c index 238322c93..8d29581dd 100644 --- a/src/exchangedb/plugin_exchangedb_postgres.c +++ b/src/exchangedb/plugin_exchangedb_postgres.c @@ -797,6 +797,31 @@ prepare_statements (struct PostgresClosure *pg) " FROM exchange_do_withdraw" " ($1,$2,$3,$4,$5,$6,$7,$8,$9,$10);", 10), + /* Used in #postgres_do_batch_withdraw() to + update the reserve balance and check its status */ + GNUNET_PQ_make_prepare ( + "call_batch_withdraw", + "SELECT " + " reserve_found" + ",balance_ok" + ",kycok AS kyc_ok" + ",account_uuid AS payment_target_uuid" + ",ruuid" + " FROM exchange_do_batch_withdraw" + " ($1,$2,$3,$4,$5);", + 5), + /* Used in #postgres_do_batch_withdraw_insert() to store + the signature of a blinded coin with the blinded coin's + details. */ + GNUNET_PQ_make_prepare ( + "call_batch_withdraw_insert", + "SELECT " + " out_denom_unknown AS denom_unknown" + ",out_conflict AS conflict" + ",out_nonce_reuse AS nonce_reuse" + " FROM exchange_do_batch_withdraw_insert" + " ($1,$2,$3,$4,$5,$6,$7,$8,$9);", + 9), /* Used in #postgres_do_withdraw_limit_check() to check if the withdrawals remain below the limit under which KYC is not required. */ @@ -5244,6 +5269,122 @@ postgres_do_withdraw ( /** + * Perform reserve update as part of a batch withdraw operation, checking + * for sufficient balance. Persisting the withdrawal details is done + * separately! + * + * @param cls the `struct PostgresClosure` with the plugin-specific state + * @param now current time (rounded) + * @param reserve_pub public key of the reserve to debit + * @param amount total amount to withdraw + * @param[out] found set to true if the reserve was found + * @param[out] balance_ok set to true if the balance was sufficient + * @param[out] kyc set to the KYC status of the reserve + * @param[out] ruuid set to the reserve's UUID (reserves table row) + * @return query execution status + */ +static enum GNUNET_DB_QueryStatus +postgres_do_batch_withdraw ( + void *cls, + struct GNUNET_TIME_Timestamp now, + const struct TALER_ReservePublicKeyP *reserve_pub, + const struct TALER_Amount *amount, + bool *found, + bool *balance_ok, + struct TALER_EXCHANGEDB_KycStatus *kyc, + uint64_t *ruuid) +{ + struct PostgresClosure *pg = cls; + struct GNUNET_TIME_Timestamp gc; + struct GNUNET_PQ_QueryParam params[] = { + TALER_PQ_query_param_amount (amount), + GNUNET_PQ_query_param_auto_from_type (reserve_pub), + GNUNET_PQ_query_param_timestamp (&now), + GNUNET_PQ_query_param_timestamp (&gc), + GNUNET_PQ_query_param_end + }; + struct GNUNET_PQ_ResultSpec rs[] = { + GNUNET_PQ_result_spec_bool ("reserve_found", + found), + GNUNET_PQ_result_spec_bool ("balance_ok", + balance_ok), + GNUNET_PQ_result_spec_bool ("kyc_ok", + &kyc->ok), + GNUNET_PQ_result_spec_uint64 ("payment_target_uuid", + &kyc->payment_target_uuid), + GNUNET_PQ_result_spec_uint64 ("ruuid", + ruuid), + GNUNET_PQ_result_spec_end + }; + + gc = GNUNET_TIME_absolute_to_timestamp ( + GNUNET_TIME_absolute_add (now.abs_time, + pg->legal_reserve_expiration_time)); + kyc->type = TALER_EXCHANGEDB_KYC_WITHDRAW; + return GNUNET_PQ_eval_prepared_singleton_select (pg->conn, + "call_batch_withdraw", + params, + rs); +} + + +/** + * Perform insert as part of a batch withdraw operation, and persisting the + * withdrawal details. + * + * @param cls the `struct PostgresClosure` with the plugin-specific state + * @param nonce client-contributed input for CS denominations that must be checked for idempotency, or NULL for non-CS withdrawals + * @param collectable corresponding collectable coin (blind signature) + * @param now current time (rounded) + * @param ruuid reserve UUID + * @param[out] denom_unknown set if the denomination is unknown in the DB + * @param[out] conflict if the envelope was already in the DB + * @param[out] nonce_reuse if @a nonce was non-NULL and reused + * @return query execution status + */ +static enum GNUNET_DB_QueryStatus +postgres_do_batch_withdraw_insert ( + void *cls, + const struct TALER_CsNonce *nonce, + const struct TALER_EXCHANGEDB_CollectableBlindcoin *collectable, + struct GNUNET_TIME_Timestamp now, + uint64_t ruuid, + bool *denom_unknown, + bool *conflict, + bool *nonce_reuse) +{ + struct PostgresClosure *pg = cls; + struct GNUNET_PQ_QueryParam params[] = { + NULL == nonce + ? GNUNET_PQ_query_param_null () + : GNUNET_PQ_query_param_auto_from_type (nonce), + TALER_PQ_query_param_amount (&collectable->amount_with_fee), + GNUNET_PQ_query_param_auto_from_type (&collectable->denom_pub_hash), + GNUNET_PQ_query_param_uint64 (&ruuid), + GNUNET_PQ_query_param_auto_from_type (&collectable->reserve_sig), + GNUNET_PQ_query_param_auto_from_type (&collectable->h_coin_envelope), + TALER_PQ_query_param_blinded_denom_sig (&collectable->sig), + GNUNET_PQ_query_param_timestamp (&now), + GNUNET_PQ_query_param_end + }; + struct GNUNET_PQ_ResultSpec rs[] = { + GNUNET_PQ_result_spec_bool ("denom_unknown", + denom_unknown), + GNUNET_PQ_result_spec_bool ("conflict", + conflict), + GNUNET_PQ_result_spec_bool ("nonce_reuse", + nonce_reuse), + GNUNET_PQ_result_spec_end + }; + + return GNUNET_PQ_eval_prepared_singleton_select (pg->conn, + "call_batch_withdraw_insert", + params, + rs); +} + + +/** * Check that reserve remains below threshold for KYC * checks after withdraw operation. * @@ -13931,6 +14072,8 @@ libtaler_plugin_exchangedb_postgres_init (void *cls) plugin->reserves_in_insert = &postgres_reserves_in_insert; plugin->get_withdraw_info = &postgres_get_withdraw_info; plugin->do_withdraw = &postgres_do_withdraw; + plugin->do_batch_withdraw = &postgres_do_batch_withdraw; + plugin->do_batch_withdraw_insert = &postgres_do_batch_withdraw_insert; plugin->do_withdraw_limit_check = &postgres_do_withdraw_limit_check; plugin->do_deposit = &postgres_do_deposit; plugin->do_melt = &postgres_do_melt; diff --git a/src/include/taler_exchangedb_plugin.h b/src/include/taler_exchangedb_plugin.h index b347ac56c..9cdbb9448 100644 --- a/src/include/taler_exchangedb_plugin.h +++ b/src/include/taler_exchangedb_plugin.h @@ -2678,6 +2678,59 @@ struct TALER_EXCHANGEDB_Plugin /** + * Perform reserve update as part of a batch withdraw operation, checking + * for sufficient balance. Persisting the withdrawal details is done + * separately! + * + * @param cls the `struct PostgresClosure` with the plugin-specific state + * @param now current time (rounded) + * @param reserve_pub public key of the reserve to debit + * @param amount total amount to withdraw + * @param[out] found set to true if the reserve was found + * @param[out] balance_ok set to true if the balance was sufficient + * @param[out] kyc set to the KYC status of the reserve + * @param[out] ruuid set to the reserve's UUID (reserves table row) + * @return query execution status + */ + enum GNUNET_DB_QueryStatus + (*do_batch_withdraw)( + void *cls, + struct GNUNET_TIME_Timestamp now, + const struct TALER_ReservePublicKeyP *reserve_pub, + const struct TALER_Amount *amount, + bool *found, + bool *balance_ok, + struct TALER_EXCHANGEDB_KycStatus *kyc_ok, + uint64_t *ruuid); + + + /** + * Perform insert as part of a batch withdraw operation, and persisting the + * withdrawal details. + * + * @param cls the `struct PostgresClosure` with the plugin-specific state + * @param nonce client-contributed input for CS denominations that must be checked for idempotency, or NULL for non-CS withdrawals + * @param collectable corresponding collectable coin (blind signature) + * @param now current time (rounded) + * @param ruuid reserve UUID + * @param[out] denom_unknown set if the denomination is unknown in the DB + * @param[out] conflict if the envelope was already in the DB + * @param[out] nonce_reuse if @a nonce was non-NULL and reused + * @return query execution status + */ + enum GNUNET_DB_QueryStatus + (*do_batch_withdraw_insert)( + void *cls, + const struct TALER_CsNonce *nonce, + const struct TALER_EXCHANGEDB_CollectableBlindcoin *collectable, + struct GNUNET_TIME_Timestamp now, + uint64_t ruuid, + bool *denom_unknown, + bool *conflict, + bool *nonce_reuse); + + + /** * Check that reserve remains below threshold for KYC * checks after withdraw operation. * |