store used tokens in database and prevent double using a token

7 files changed, 186 insertions, 8 deletions

diff --git a/src/backend/taler-merchant-httpd_post-orders-ID-pay.c b/src/backend/taler-merchant-httpd_post-orders-ID-pay.c
index d3103725..2407625b 100644
--- a/src/backend/taler-merchant-httpd_post-orders-ID-pay.c
+++ b/src/backend/taler-merchant-httpd_post-orders-ID-pay.c
@@ -30,6 +30,7 @@
 #include <gnunet/gnunet_json_lib.h>
 #include <gnunet/gnunet_time_lib.h>
 #include <jansson.h>
+#include <microhttpd.h>
 #include <stddef.h>
 #include <stdint.h>
 #include <string.h>
@@ -38,6 +39,7 @@
 #include <taler/taler_signatures.h>
 #include <taler/taler_json_lib.h>
 #include <taler/taler_exchange_service.h>
+#include "taler-merchant-httpd.h"
 #include "taler-merchant-httpd_exchanges.h"
 #include "taler-merchant-httpd_contract.h"
 #include "taler-merchant-httpd_helper.h"
@@ -57,13 +59,11 @@
 #define MAX_COIN_ALLOWED_COINS 1024
 
 /**
- * TODO: What is a good value for this?
  * Maximum number of tokens that we allow as inputs per transaction
  */
 #define MAX_TOKEN_ALLOWED_INPUTs 128
 
 /**
- * TODO: What is a good value for this?
  * Maximum number of tokens that we allow as outputs per transaction
  */
 #define MAX_TOKEN_ALLOWED_OUTPUTs 128
@@ -239,11 +239,6 @@ struct TokenUseConfirmation
 {
 
   /**
-   * Slug of the token family this token belongs to.
-   */
-  char *slug;
-
-  /**
    * Signature on the deposit request made using the token use private key.
    */
   struct TALER_TokenUseSignatureP sig;
@@ -2058,6 +2053,48 @@ phase_execute_pay_transaction (struct PayContext *pc)
     return;
   }
 
+  for (size_t i = 0; i<pc->tokens_cnt; i++)
+  {
+    struct TokenUseConfirmation *tuc = &pc->tokens[i];
+
+    enum GNUNET_DB_QueryStatus qs;
+
+    /* Insert used token into database, the unique contraint will
+       case an error if this token was used before. */
+    qs = TMH_db->insert_spent_token (TMH_db->cls,
+                                     &pc->h_contract_terms,
+                                     &tuc->h_issue,
+                                     &tuc->pub,
+                                     &tuc->sig,
+                                     &tuc->unblinded_sig);
+
+    if (0 > qs)
+    {
+      TMH_db->rollback (TMH_db->cls);
+      if (GNUNET_DB_STATUS_SOFT_ERROR == qs)
+        return; /* do it again */
+      /* Always report on hard error as well to enable diagnostics */
+      GNUNET_break (GNUNET_DB_STATUS_HARD_ERROR == qs);
+      pay_end (pc,
+               TALER_MHD_reply_with_error (pc->connection,
+                                           MHD_HTTP_INTERNAL_SERVER_ERROR,
+                                           TALER_EC_GENERIC_DB_FETCH_FAILED,
+                                           "insert used token"));
+      return;
+    }
+    else if (0 == qs)
+    {
+      /* UNIQUE constreaint violation --> Token already used. */
+      pay_end (pc,
+               TALER_MHD_reply_with_error (pc->connection,
+                                           MHD_HTTP_CONFLICT,
+                                           /* TODO: Maybe use a token-specific error code here? */
+                                           TALER_EC_MERCHANT_POST_ORDERS_ID_PAY_INSUFFICIENT_FUNDS,
+                                           "token already used"));
+      return;
+    }
+  }
+
   {
     enum GNUNET_DB_QueryStatus qs;
 
diff --git a/src/backenddb/Makefile.am b/src/backenddb/Makefile.am
index bd0cc211..a05936da 100644
--- a/src/backenddb/Makefile.am
+++ b/src/backenddb/Makefile.am
@@ -177,6 +177,7 @@ libtaler_plugin_merchantdb_postgres_la_SOURCES = \
   pg_update_token_family.h pg_update_token_family.c \
   pg_insert_token_family_key.h pg_insert_token_family_key.c \
   pg_lookup_token_family_key.h pg_lookup_token_family_key.c \
+  pg_insert_spent_token.h pg_insert_spent_token.c \
   plugin_merchantdb_postgres.c \
   pg_helper.h pg_helper.c
 libtaler_plugin_merchantdb_postgres_la_LIBADD = \
diff --git a/src/backenddb/pg_insert_spent_token.c b/src/backenddb/pg_insert_spent_token.c
new file mode 100644
index 00000000..466b0b11
--- /dev/null
+++ b/src/backenddb/pg_insert_spent_token.c
@@ -0,0 +1,70 @@
+/*
+   This file is part of TALER
+   Copyright (C) 2024 Taler Systems SA
+
+   TALER is free software; you can redistribute it and/or modify it under the
+   terms of the GNU General Public License as published by the Free Software
+   Foundation; either version 3, or (at your option) any later version.
+
+   TALER is distributed in the hope that it will be useful, but WITHOUT ANY
+   WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
+   A PARTICULAR PURPOSE.  See the GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License along with
+   TALER; see the file COPYING.  If not, see <http://www.gnu.org/licenses/>
+ */
+/**
+ * @file backenddb/pg_insert_spent_token.c
+ * @brief Implementation of the insert_spent_token function for Postgres
+ * @author Christian Blättler
+ */
+#ifndef PG_INSERT_SPENT_TOKEN_H
+#define PG_INSERT_SPENT_TOKEN_H
+
+#include "platform.h"
+#include <taler/taler_error_codes.h>
+#include <taler/taler_dbevents.h>
+#include <taler/taler_pq_lib.h>
+#include "pg_insert_spent_token.h"
+#include "pg_helper.h"
+
+enum GNUNET_DB_QueryStatus
+TMH_PG_insert_spent_token (void *cls,
+                           const struct TALER_PrivateContractHashP *h_contract_terms,
+                           const struct TALER_TokenIssuePublicKeyHashP *h_issue_pub,
+                           const struct TALER_TokenUsePublicKeyP *use_pub,
+                           const struct TALER_TokenUseSignatureP *use_sig,
+                           const struct TALER_TokenIssueSignatureP *issue_sig)
+{
+  struct PostgresClosure *pg = cls;
+
+  struct GNUNET_PQ_QueryParam params[] = {
+    GNUNET_PQ_query_param_auto_from_type (h_issue_pub),
+    GNUNET_PQ_query_param_auto_from_type (h_contract_terms),
+    GNUNET_PQ_query_param_auto_from_type (use_pub),
+    GNUNET_PQ_query_param_auto_from_type (use_sig),
+    GNUNET_PQ_query_param_unblinded_sig (issue_sig->signature),
+    GNUNET_PQ_query_param_end
+  };
+
+  check_connection (pg);
+  PREPARE (pg,
+           "spent_token_insert",
+           "INSERT INTO merchant_spent_tokens"
+           "(merchant_serial" /* TODO: Remove merchant_serial field from the db, it's already given by token_family.merchant_serial. */
+           ",token_family_key_serial"
+           ",h_contract_terms"
+           ",token_pub"
+           ",token_sig"
+           ",blind_sig)"
+           " SELECT merchant_serial, token_family_key_serial, $2, $3, $4, $5"
+           " FROM merchant_token_families"
+           " JOIN merchant_token_family_keys"
+           "   USING (token_family_serial)"
+           " WHERE h_pub = $1");
+  return GNUNET_PQ_eval_prepared_non_select (pg->conn,
+                                             "spent_token_insert",
+                                             params);
+}
+
+#endif
\ No newline at end of file
diff --git a/src/backenddb/pg_insert_spent_token.h b/src/backenddb/pg_insert_spent_token.h
new file mode 100644
index 00000000..c2857c45
--- /dev/null
+++ b/src/backenddb/pg_insert_spent_token.h
@@ -0,0 +1,46 @@
+/*
+   This file is part of TALER
+   Copyright (C) 2024 Taler Systems SA
+
+   TALER is free software; you can redistribute it and/or modify it under the
+   terms of the GNU General Public License as published by the Free Software
+   Foundation; either version 3, or (at your option) any later version.
+
+   TALER is distributed in the hope that it will be useful, but WITHOUT ANY
+   WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
+   A PARTICULAR PURPOSE.  See the GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License along with
+   TALER; see the file COPYING.  If not, see <http://www.gnu.org/licenses/>
+ */
+/**
+ * @file backenddb/pg_insert_spent_token.h
+ * @brief implementation of the insert_spent_token function for Postgres
+ * @author Christian Blättler
+ */
+#ifndef PG_INSERT_SPENT_TOKEN_H
+#define PG_INSERT_SPENT_TOKEN_H
+
+#include <taler/taler_util.h>
+#include <taler/taler_json_lib.h>
+#include "taler_merchantdb_plugin.h"
+
+
+/**
+ * @param cls closure
+ * @param h_contract_terms hash of the contract the token was used for
+ * @param h_issue_pub hash of the token issue public key
+ * @param use_pub token use public key
+ * @param use_sig token use signature
+ * @param issue_sig token issue signature
+ * @return database result code
+ */
+enum GNUNET_DB_QueryStatus
+TMH_PG_insert_spent_token (void *cls,
+                           const struct TALER_PrivateContractHashP *h_contract_terms,
+                           const struct TALER_TokenIssuePublicKeyHashP *h_issue_pub,
+                           const struct TALER_TokenUsePublicKeyP *use_pub,
+                           const struct TALER_TokenUseSignatureP *use_sig,
+                           const struct TALER_TokenIssueSignatureP *issue_sig);
+
+#endif
diff --git a/src/backenddb/pg_insert_token_family_key.h b/src/backenddb/pg_insert_token_family_key.h
index 00806777..38e35e0b 100644
--- a/src/backenddb/pg_insert_token_family_key.h
+++ b/src/backenddb/pg_insert_token_family_key.h
@@ -16,7 +16,7 @@
 /**
  * @file backenddb/pg_insert_token_family_key.h
  * @brief implementation of the insert_token_family_key function for Postgres
- * @author Christian Grothoff
+ * @author Christian Blättler
  */
 #ifndef PG_INSERT_TOKEN_FAMILY_KEY_H
 #define PG_INSERT_TOKEN_FAMILY_KEY_H
diff --git a/src/backenddb/plugin_merchantdb_postgres.c b/src/backenddb/plugin_merchantdb_postgres.c
index e5f3f2a1..4016a5fa 100644
--- a/src/backenddb/plugin_merchantdb_postgres.c
+++ b/src/backenddb/plugin_merchantdb_postgres.c
@@ -140,6 +140,7 @@
 #include "pg_update_token_family.h"
 #include "pg_insert_token_family_key.h"
 #include "pg_lookup_token_family_key.h"
+#include "pg_insert_spent_token.h"
 
 
 /**
@@ -583,6 +584,9 @@ libtaler_plugin_merchantdb_postgres_init (void *cls)
     = &TMH_PG_lookup_token_family_key;
   plugin->update_deposit_confirmation_status
     = &TMH_PG_update_deposit_confirmation_status;
+  plugin->insert_spent_token
+    = &TMH_PG_insert_spent_token;
+
 
 
   return plugin;
diff --git a/src/include/taler_merchantdb_plugin.h b/src/include/taler_merchantdb_plugin.h
index f39a5a54..46b90af3 100644
--- a/src/include/taler_merchantdb_plugin.h
+++ b/src/include/taler_merchantdb_plugin.h
@@ -2371,6 +2371,26 @@ struct TALER_MERCHANTDB_Plugin
 
 
   /**
+   * Insert used token into the database.
+   *
+   * @param cls closure
+   * @param h_contract_terms hash of the contract the token was used for
+   * @param h_issue_pub hash of the token issue public key
+   * @param use_pub token use public key
+   * @param use_sig token use signature
+   * @param issue_sig token issue signature
+   * @return database result code
+   */
+  enum GNUNET_DB_QueryStatus
+  (*insert_spent_token)(void *cls,
+                        const struct TALER_PrivateContractHashP *h_contract_terms,
+                        const struct TALER_TokenIssuePublicKeyHashP *h_issue_pub,
+                        const struct TALER_TokenUsePublicKeyP *use_pub,
+                        const struct TALER_TokenUseSignatureP *use_sig,
+                        const struct TALER_TokenIssueSignatureP *issue_sig);
+
+
+  /**
    * Lookup refund proof data.
    *
    * @param cls closure