diff options
| -rw-r--r-- | src/exchangedb/0005-legitimization_measures.sql | 15 | ||||
| -rw-r--r-- | src/exchangedb/0005-legitimization_outcomes.sql | 4 | ||||
| -rw-r--r-- | src/exchangedb/Makefile.am | 1 | ||||
| -rw-r--r-- | src/exchangedb/pg_lookup_kyc_requirement_by_row.c | 37 | ||||
| -rw-r--r-- | src/exchangedb/pg_lookup_kyc_requirement_by_row.h | 12 | ||||
| -rw-r--r-- | src/exchangedb/pg_trigger_kyc_rule_for_account.c | 70 | ||||
| -rw-r--r-- | src/exchangedb/pg_trigger_kyc_rule_for_account.h | 47 | ||||
| -rw-r--r-- | src/exchangedb/plugin_exchangedb_postgres.c | 7 | ||||
| -rw-r--r-- | src/include/taler_exchangedb_plugin.h | 12 |
9 files changed, 180 insertions, 25 deletions
diff --git a/src/exchangedb/0005-legitimization_measures.sql b/src/exchangedb/0005-legitimization_measures.sql index e0d3f6ff0..dab6385ab 100644 --- a/src/exchangedb/0005-legitimization_measures.sql +++ b/src/exchangedb/0005-legitimization_measures.sql @@ -24,7 +24,7 @@ BEGIN PERFORM create_partitioned_table( 'CREATE TABLE %I' '(legitimization_measure_serial_id INT8 GENERATED BY DEFAULT AS IDENTITY' - ',target_token BYTEA NOT NULL CHECK (LENGTH(target_token)=32)' + ',access_token BYTEA NOT NULL CHECK (LENGTH(access_token)=32)' ',start_time INT8 NOT NULL' ',jmeasures TEXT NOT NULL' ',display_priority INT4 NOT NULL' @@ -47,7 +47,7 @@ BEGIN ); PERFORM comment_partitioned_column( 'foreign key linking the entry to the wire_targets table, NOT a primary key (multiple legitimizations are possible per account)' - ,'target_token' + ,'access_token' ,'legitimization_measures' ,partition_suffix ); @@ -96,9 +96,9 @@ BEGIN ' ADD CONSTRAINT ' || table_name || '_serial_id_key' ' UNIQUE (legitimization_measure_serial_id)'); EXECUTE FORMAT ( - 'CREATE INDEX ' || table_name || '_by_target_token' + 'CREATE INDEX ' || table_name || '_by_access_token' ' ON ' || table_name || - ' (target_token)' + ' (access_token)' ' WHERE NOT is_finished' || ';' ); @@ -115,9 +115,10 @@ DECLARE BEGIN EXECUTE FORMAT ( 'ALTER TABLE ' || table_name || - ' ADD CONSTRAINT ' || table_name || '_foreign_key_target_token' - ' FOREIGN KEY (target_token)' - ' REFERENCES wire_targets (target_token) ON DELETE CASCADE'); + ' ADD CONSTRAINT ' || table_name || '_foreign_key_access_token' + ' FOREIGN KEY (access_token)' + ' REFERENCES wire_targets (access_token)' + ' ON DELETE CASCADE'); END $$; diff --git a/src/exchangedb/0005-legitimization_outcomes.sql b/src/exchangedb/0005-legitimization_outcomes.sql index 642e7441f..d7d337c87 100644 --- a/src/exchangedb/0005-legitimization_outcomes.sql +++ b/src/exchangedb/0005-legitimization_outcomes.sql @@ -30,7 +30,7 @@ BEGIN ',jproperties TEXT' ',to_investigate BOOL NOT NULL' ',is_active BOOL NOT NULL DEFAULT(TRUE)' - ',jnew_rules TEXT NOT NULL' + ',jnew_rules TEXT' ') %s ;' ,'legitimization_outcomes' ,'PARTITION BY HASH (h_payto)' @@ -84,7 +84,7 @@ BEGIN ,partition_suffix ); PERFORM comment_partitioned_column( - 'JSON object of type LegitimizationRuleSet with rules to apply to the various operation types for this account; all KYC checks should first check if active new rules for a given account exist in this table (and apply specified measures); if not, it should check the default rules to decide if a measure is required' + 'JSON object of type LegitimizationRuleSet with rules to apply to the various operation types for this account; all KYC checks should first check if active new rules for a given account exist in this table (and apply specified measures); if not, it should check the default rules to decide if a measure is required; NULL if the default rules apply' ,'jnew_rules' ,'legitimization_outcomes' ,partition_suffix diff --git a/src/exchangedb/Makefile.am b/src/exchangedb/Makefile.am index e9db91ae3..19e204f35 100644 --- a/src/exchangedb/Makefile.am +++ b/src/exchangedb/Makefile.am @@ -199,6 +199,7 @@ libtaler_plugin_exchangedb_postgres_la_SOURCES = \ pg_select_refreshes_above_serial_id.h pg_select_refreshes_above_serial_id.c \ pg_select_refunds_above_serial_id.h pg_select_refunds_above_serial_id.c \ pg_select_reserves_in_above_serial_id.h pg_select_reserves_in_above_serial_id.c \ + pg_trigger_kyc_rule_for_account.h pg_trigger_kyc_rule_for_account.c \ pg_select_reserves_in_above_serial_id_by_account.h pg_select_reserves_in_above_serial_id_by_account.c \ pg_select_withdrawals_above_serial_id.h pg_select_withdrawals_above_serial_id.c \ pg_select_wire_out_above_serial_id.h pg_select_wire_out_above_serial_id.c \ diff --git a/src/exchangedb/pg_lookup_kyc_requirement_by_row.c b/src/exchangedb/pg_lookup_kyc_requirement_by_row.c index 53df2f441..8f625b2bf 100644 --- a/src/exchangedb/pg_lookup_kyc_requirement_by_row.c +++ b/src/exchangedb/pg_lookup_kyc_requirement_by_row.c @@ -25,6 +25,7 @@ #include "pg_lookup_kyc_requirement_by_row.h" #include "pg_helper.h" + enum GNUNET_DB_QueryStatus TEH_PG_lookup_kyc_requirement_by_row ( void *cls, @@ -42,26 +43,36 @@ TEH_PG_lookup_kyc_requirement_by_row ( GNUNET_PQ_query_param_end }; struct GNUNET_PQ_ResultSpec rs[] = { - GNUNET_PQ_result_spec_string ("required_checks", - requirements), - GNUNET_PQ_result_spec_auto_from_type ("h_payto", - h_payto), GNUNET_PQ_result_spec_allow_null ( - GNUNET_PQ_result_spec_uint32 ("status", - &status), + GNUNET_PQ_result_spec_auto_from_type ("account_pub", + account_pub), + NULL), + GNUNET_PQ_result_spec_auto_from_type ("access_token", + access_token), + GNUNET_PQ_result_spec_allow_null ( + TALER_PQ_result_spec_json ("jrules", + jrules), NULL), + GNUNET_PQ_result_spec_bool ("aml_review", + aml_review), + GNUNET_PQ_result_spec_bool ("kyc_required", + kyc_required), GNUNET_PQ_result_spec_end }; enum GNUNET_DB_QueryStatus qs; + *jrules = NULL; + memset (account_pub, + 0, + sizeof (*account_pub)); PREPARE (pg, - "lookup_legitimization_requirement_by_row", + "lookup_kyc_requirement_by_row", "SELECT " - " lm.access_token" - ",lo.to_investigate AS aml_review" // can be NULL => false! - ",lo.jnew_rules AS jrules" // can be NULL! => default rules! - ",lm.is_finished AS NOT kyc_required" - ",wt.target_pub AS account_pub" // can be NULL! + " wt.target_pub AS account_pub" + ",lm.access_token" + ",lo.jnew_rules AS jrules" + ",lo.to_investigate AS aml_review" + ",NOT lm.is_finished AS kyc_required" " FROM legitimization_measures lm" " JOIN wire_targets wt" " USING (access_token)" @@ -70,7 +81,7 @@ TEH_PG_lookup_kyc_requirement_by_row ( " WHERE legitimization_measure_serial_id=$1;"); return GNUNET_PQ_eval_prepared_singleton_select ( pg->conn, - "lookup_legitimization_requirement_by_row", + "lookup_kyc_requirement_by_row", params, rs); } diff --git a/src/exchangedb/pg_lookup_kyc_requirement_by_row.h b/src/exchangedb/pg_lookup_kyc_requirement_by_row.h index 4f7af9b71..e3cceebbd 100644 --- a/src/exchangedb/pg_lookup_kyc_requirement_by_row.h +++ b/src/exchangedb/pg_lookup_kyc_requirement_by_row.h @@ -30,7 +30,17 @@ * Lookup KYC requirement. * * @param cls closure - * @param requirement_row identifies requirement to look up + * @param requirement_row identifies requirement to look up (in legitimization_measures table) + * @param[out] account_pub set to public key of the account + * needed to authorize access, all zeros if not known + * @param[out] access_token set to the access token to begin + * work on KYC processes for this account + * @param[out] jrules set to active ``LegitimizationRuleSet`` + * of the account impacted by the requirement + * @param[out] aml_review set to true if the account is under + * active review by AML staff + * @param[out] kyc_required set to true if the user must pass + * some KYC check before some previous operation may continue * @return database transaction status */ enum GNUNET_DB_QueryStatus diff --git a/src/exchangedb/pg_trigger_kyc_rule_for_account.c b/src/exchangedb/pg_trigger_kyc_rule_for_account.c new file mode 100644 index 000000000..0caabd4d4 --- /dev/null +++ b/src/exchangedb/pg_trigger_kyc_rule_for_account.c @@ -0,0 +1,70 @@ +/* + This file is part of TALER + Copyright (C) 2024 Taler Systems SA + + TALER is free software; you can redistribute it and/or modify it under the + terms of the GNU General Public License as published by the Free Software + Foundation; either version 3, or (at your option) any later version. + + TALER is distributed in the hope that it will be useful, but WITHOUT ANY + WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR + A PARTICULAR PURPOSE. See the GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along with + TALER; see the file COPYING. If not, see <http://www.gnu.org/licenses/> + */ +/** + * @file exchangedb/pg_trigger_kyc_rule_for_account.c + * @brief Implementation of the trigger_kyc_rule_for_account function for Postgres + * @author Christian Grothoff + */ +#include "platform.h" +#include "taler_error_codes.h" +#include "taler_dbevents.h" +#include "taler_pq_lib.h" +#include "pg_trigger_kyc_rule_for_account.h" +#include "pg_helper.h" + + +enum GNUNET_DB_QueryStatus +TEH_PG_trigger_kyc_rule_for_account ( + void *cls, + const struct TALER_PaytoHashP *h_payto, + const json_t *jrule, + uint32_t display_priority, + uint64_t *requirement_row) +{ + struct PostgresClosure *pg = cls; + struct GNUNET_TIME_Absolute now + = GNUNET_TIME_absolute_get (); + struct GNUNET_PQ_QueryParam params[] = { + GNUNET_PQ_query_param_auto_from_type (h_payto), + GNUNET_PQ_query_param_absolute_time (&now), + TALER_PQ_query_param_json (jrule), + GNUNET_PQ_query_param_uint32 (&display_priority), + GNUNET_PQ_query_param_end + }; + struct GNUNET_PQ_ResultSpec rs[] = { + GNUNET_PQ_result_spec_uint64 ("legitimization_measure_serial_id", + requirement_row), + GNUNET_PQ_result_spec_end + }; + + PREPARE (pg, + "trigger_kyc_rule_for_account", + "INSERT INTO legitimization_measures" + "(access_token" + ",start_time" + ",jmeasures" + ",display_priority)" + " SELECT " + " access_token,$2,$3,$4" + " FROM wire_targets" + " WHERE wire_target_h_payto=$1" + " RETURNING legitimization_measure_serial_id;"); + return GNUNET_PQ_eval_prepared_singleton_select ( + pg->conn, + "trigger_kyc_rule_for_account", + params, + rs); +} diff --git a/src/exchangedb/pg_trigger_kyc_rule_for_account.h b/src/exchangedb/pg_trigger_kyc_rule_for_account.h new file mode 100644 index 000000000..bc3bcc377 --- /dev/null +++ b/src/exchangedb/pg_trigger_kyc_rule_for_account.h @@ -0,0 +1,47 @@ +/* + This file is part of TALER + Copyright (C) 2024 Taler Systems SA + + TALER is free software; you can redistribute it and/or modify it under the + terms of the GNU General Public License as published by the Free Software + Foundation; either version 3, or (at your option) any later version. + + TALER is distributed in the hope that it will be useful, but WITHOUT ANY + WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR + A PARTICULAR PURPOSE. See the GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along with + TALER; see the file COPYING. If not, see <http://www.gnu.org/licenses/> + */ +/** + * @file exchangedb/pg_trigger_kyc_rule_for_account.h + * @brief implementation of the trigger_kyc_rule_for_account function for Postgres + * @author Christian Grothoff + */ +#ifndef PG_TRIGGER_KYC_RULE_FOR_ACCOUNT_H +#define PG_TRIGGER_KYC_RULE_FOR_ACCOUNT_H + +#include "taler_util.h" +#include "taler_json_lib.h" +#include "taler_exchangedb_plugin.h" + + +/** + * Insert KYC requirement for @a h_payto account into table. + * + * @param cls closure + * @param h_payto account that must be KYC'ed + * @param jrule serialized MeasureSet to put in place + * @param display_priority priority of the rule + * @param[out] requirement_row set to legitimization requirement row for this check + * @return database transaction status + */ +enum GNUNET_DB_QueryStatus +TEH_PG_trigger_kyc_rule_for_account ( + void *cls, + const struct TALER_PaytoHashP *h_payto, + const json_t *jrule, + uint32_t display_priority, + uint64_t *requirement_row); + +#endif diff --git a/src/exchangedb/plugin_exchangedb_postgres.c b/src/exchangedb/plugin_exchangedb_postgres.c index 5da3ef036..d26db2029 100644 --- a/src/exchangedb/plugin_exchangedb_postgres.c +++ b/src/exchangedb/plugin_exchangedb_postgres.c @@ -54,6 +54,7 @@ #include "pg_select_account_merges_above_serial_id.h" #include "pg_select_all_purse_decisions_above_serial_id.h" #include "pg_select_purse.h" +#include "pg_trigger_kyc_rule_for_account.h" #include "pg_select_purse_deposits_above_serial_id.h" #include "pg_select_purse_merges_above_serial_id.h" #include "pg_select_purse_requests_above_serial_id.h" @@ -214,7 +215,7 @@ #include "pg_lookup_aml_officer.h" #include "pg_trigger_aml_process.h" // #include "pg_select_justification_for_missing_wire.h" -// #include "pg_lookup_kyc_requirement_by_row.h" +#include "pg_lookup_kyc_requirement_by_row.h" // #include "pg_select_aml_history.h" // #include "pg_select_aml_process.h" // #include "pg_select_aml_threshold.h" @@ -777,6 +778,10 @@ libtaler_plugin_exchangedb_postgres_init (void *cls) = &TEH_PG_trigger_aml_process; plugin->insert_aml_decision = &TEH_PG_insert_aml_decision; + plugin->lookup_kyc_requirement_by_row + = &TEH_PG_lookup_kyc_requirement_by_row; + plugin->trigger_kyc_rule_for_account + = &TEH_PG_trigger_kyc_rule_for_account; plugin->batch_ensure_coin_known = &TEH_PG_batch_ensure_coin_known; diff --git a/src/include/taler_exchangedb_plugin.h b/src/include/taler_exchangedb_plugin.h index 84bfcff2b..067f925b1 100644 --- a/src/include/taler_exchangedb_plugin.h +++ b/src/include/taler_exchangedb_plugin.h @@ -6803,7 +6803,17 @@ struct TALER_EXCHANGEDB_Plugin * Lookup KYC requirement. * * @param cls closure - * @param legi_row identifies requirement to look up + * @param requirement_row identifies requirement to look up (in legitimization_measures table) + * @param[out] account_pub set to public key of the account + * needed to authorize access, all zeros if not known + * @param[out] access_token set to the access token to begin + * work on KYC processes for this account + * @param[out] jrules set to active ``LegitimizationRuleSet`` + * of the account impacted by the requirement + * @param[out] aml_review set to true if the account is under + * active review by AML staff + * @param[out] kyc_required set to true if the user must pass + * some KYC check before some previous operation may continue * @return database transaction status */ enum GNUNET_DB_QueryStatus |