auth token skeleton logic

7 files changed, 206 insertions, 24 deletions

diff --git a/src/backend/Makefile.am b/src/backend/Makefile.am
index 47716422..4a25785c 100644
--- a/src/backend/Makefile.am
+++ b/src/backend/Makefile.am
@@ -35,11 +35,14 @@ taler_merchant_httpd_SOURCES = \
     taler-merchant-httpd_private-get-rewards.h \
   taler-merchant-httpd_private-get-rewards-ID.c \
     taler-merchant-httpd_private-get-rewards-ID.h \
-  taler-merchant-httpd_mhd.c taler-merchant-httpd_mhd.h \
+  taler-merchant-httpd_mhd.c \
+    taler-merchant-httpd_mhd.h \
   taler-merchant-httpd_private-delete-account-ID.c \
     taler-merchant-httpd_private-delete-account-ID.h \
   taler-merchant-httpd_private-delete-instances-ID.c \
     taler-merchant-httpd_private-delete-instances-ID.h \
+  taler-merchant-httpd_private-delete-instances-ID-token.c \
+    taler-merchant-httpd_private-delete-instances-ID-token.h \
   taler-merchant-httpd_private-delete-products-ID.c \
     taler-merchant-httpd_private-delete-products-ID.h \
   taler-merchant-httpd_private-delete-orders-ID.c \
@@ -110,8 +113,8 @@ taler_merchant_httpd_SOURCES = \
     taler-merchant-httpd_private-post-instances.h \
   taler-merchant-httpd_private-post-instances-ID-auth.c \
     taler-merchant-httpd_private-post-instances-ID-auth.h \
-  taler-merchant-httpd_private-post-instances-ID-login.c \
-    taler-merchant-httpd_private-post-instances-ID-login.h \
+  taler-merchant-httpd_private-post-instances-ID-token.c \
+    taler-merchant-httpd_private-post-instances-ID-token.h \
   taler-merchant-httpd_private-post-orders-ID-refund.c \
     taler-merchant-httpd_private-post-orders-ID-refund.h \
   taler-merchant-httpd_private-post-orders.c \
diff --git a/src/backend/taler-merchant-httpd.c b/src/backend/taler-merchant-httpd.c
index c07db1a5..ce9f1e8c 100644
--- a/src/backend/taler-merchant-httpd.c
+++ b/src/backend/taler-merchant-httpd.c
@@ -35,6 +35,7 @@
 #include "taler-merchant-httpd_mhd.h"
 #include "taler-merchant-httpd_private-delete-account-ID.h"
 #include "taler-merchant-httpd_private-delete-instances-ID.h"
+#include "taler-merchant-httpd_private-delete-instances-ID-token.h"
 #include "taler-merchant-httpd_private-delete-products-ID.h"
 #include "taler-merchant-httpd_private-delete-orders-ID.h"
 #include "taler-merchant-httpd_private-delete-otp-devices-ID.h"
@@ -72,7 +73,7 @@
 #include "taler-merchant-httpd_private-post-account.h"
 #include "taler-merchant-httpd_private-post-instances.h"
 #include "taler-merchant-httpd_private-post-instances-ID-auth.h"
-#include "taler-merchant-httpd_private-post-instances-ID-login.h"
+#include "taler-merchant-httpd_private-post-instances-ID-token.h"
 #include "taler-merchant-httpd_private-post-otp-devices.h"
 #include "taler-merchant-httpd_private-post-orders.h"
 #include "taler-merchant-httpd_private-post-orders-ID-refund.h"
@@ -182,6 +183,16 @@ static const struct GNUNET_CONFIGURATION_Handle *cfg;
 char *TMH_default_auth;
 
 
+enum TMH_AuthScope
+TMH_check_token (const char *token,
+                 const char *instance_id)
+{
+  if (NULL == token)
+    return TMH_AS_NONE;
+  GNUNET_break (0); // FIXME: not implemented
+  return TMH_AS_NONE;
+}
+
 enum GNUNET_GenericReturnValue
 TMH_check_auth (const char *token,
                 struct TALER_MerchantAuthenticationSaltP *salt,
@@ -754,6 +765,7 @@ url_handler (void *cls,
     /* POST /token: */
     {
       .url_prefix = "/instances/",
+      .auth_scope = TMH_AS_RENEWABLE,
       .url_suffix = "token",
       .method = MHD_HTTP_METHOD_POST,
       .have_id_segment = true,
@@ -761,6 +773,17 @@ url_handler (void *cls,
       /* Body should be tiny. */
       .max_upload = 1024
     },
+#if FUTURE_FIXME
+    /* DELETE /token: */
+    {
+      .url_prefix = "/instances/",
+      .auth_scope = TMH_AS_READ_ONLY,
+      .url_suffix = "token",
+      .method = MHD_HTTP_METHOD_DELETE,
+      .have_id_segment = true,
+      .handler = &TMH_private_delete_instances_ID_auth,
+    },
+#endif
     /* POST /kyc: */
     {
       .url_prefix = "/instances/",
@@ -1753,14 +1776,16 @@ url_handler (void *cls,
   if (public_handlers != handlers)
   {
     const char *auth;
+    const char *tok;
     bool auth_ok;
     bool auth_malformed = false;
 
     /* PATCHing an instance can alternatively be checked against
        the default instance */
-    auth = MHD_lookup_connection_value (connection,
-                                        MHD_HEADER_KIND,
-                                        MHD_HTTP_HEADER_AUTHORIZATION);
+    tok = MHD_lookup_connection_value (connection,
+                                       MHD_HEADER_KIND,
+                                       MHD_HTTP_HEADER_AUTHORIZATION);
+    auth = tok;
     if (NULL != auth)
     {
       /* We _only_ complain about malformed auth headers if
@@ -1794,9 +1819,23 @@ url_handler (void *cls,
                   (! auth_malformed) &&
                   (0 == strcmp (auth,
                                 TMH_default_auth)) );
-    if (! auth_ok)
-    {
-      if (auth_malformed)
+    hc->auth_scope = auth_ok
+      ? TMH_AS_ALL
+      : TMH_check_token (tok,
+                         hc->instance->settings.id);
+    /* We grant access if:
+       - scope is 'all'
+       - rh has an explicit non-NONE scope that matches
+       - scope is 'read only' and we have a GET request */
+    if (! ( (TMH_AS_ALL == hc->auth_scope) ||
+            ( (TMH_AS_NONE != hc->rh->auth_scope) &&
+              (hc->rh->auth_scope == (hc->rh->auth_scope & hc->auth_scope)) ) ||
+            ( (TMH_AS_READ_ONLY == hc->auth_scope) &&
+              (0 == strcmp (MHD_HTTP_METHOD_GET,
+                            method)) ) ) )
+    {
+      if ( auth_malformed &&
+           (TMH_AS_NONE == hc->auth_scope) )
         return TALER_MHD_reply_with_error (connection,
                                            MHD_HTTP_UNAUTHORIZED,
                                            TALER_EC_GENERIC_PARAMETER_MALFORMED,
diff --git a/src/backend/taler-merchant-httpd.h b/src/backend/taler-merchant-httpd.h
index e1f2eeff..36f04fb9 100644
--- a/src/backend/taler-merchant-httpd.h
+++ b/src/backend/taler-merchant-httpd.h
@@ -408,6 +408,33 @@ struct TMH_HandlerContext;
 
 
 /**
+ * Possible authorization scopes. This is a bit mask.
+ */
+enum TMH_AuthScope {
+  /**
+   * Nothing is authorized.
+   */
+  TMH_AS_NONE = 0,
+
+  /**
+   * Read-only access is OK. Any GET request is
+   * automatically OK.
+   */
+  TMH_AS_READ_ONLY = 1,
+
+  /**
+   * /login access to renew the token is OK. 
+   */
+  TMH_AS_RENEWABLE = 1 << 30,
+
+  /**
+   * Full access is granted to everything.
+   */
+  TMH_AS_ALL = INT32_MAX
+};
+
+
+/**
  * @brief Struct describing an URL and the handler for it.
  *
  * The overall URL is always @e url_prefix, optionally followed by the
@@ -428,6 +455,13 @@ struct TMH_RequestHandler
   const char *url_prefix;
 
   /**
+   * Required authentication scope for this request.  NONE implies that
+   * #TMH_AS_ALL is required unless this is a #MHD_HTTP_GET method, in which
+   * case #TMH_AS_READ_ONLY is sufficient.
+   */
+  enum TMH_AuthScope auth_scope;
+
+  /**
    * Does this request include an identifier segment
    * (product_id, reserve_pub, order_id, reward_id, template_id, webhook_id) in the
    * second segment?
@@ -584,6 +618,12 @@ struct TMH_HandlerContext
   uint64_t total_upload;
 
   /**
+   * Actual authentication scope of this request.
+   * Only set for ``/private/`` requests.
+   */
+  enum TMH_AuthScope auth_scope;
+
+  /**
    * Set to true if this is an #MHD_HTTP_METHOD_POST or #MHD_HTTP_METHOD_PATCH request.
    * (In principle #MHD_HTTP_METHOD_PUT may also belong, but we do not have PUTs
    * in the API today, so we do not test for PUT.)
diff --git a/src/backend/taler-merchant-httpd_private-delete-instances-ID-token.c b/src/backend/taler-merchant-httpd_private-delete-instances-ID-token.c
new file mode 100644
index 00000000..c5e8cc91
--- /dev/null
+++ b/src/backend/taler-merchant-httpd_private-delete-instances-ID-token.c
@@ -0,0 +1,54 @@
+/*
+  This file is part of GNU Taler
+  (C) 2023 Taler Systems SA
+
+  GNU Taler is free software; you can redistribute it and/or modify
+  it under the terms of the GNU Affero General Public License as
+  published by the Free Software Foundation; either version 3,
+  or (at your option) any later version.
+
+  GNU Taler is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+  GNU General Public License for more details.
+
+  You should have received a copy of the GNU General Public
+  License along with TALER; see the file COPYING.  If not,
+  see <http://www.gnu.org/licenses/>
+*/
+
+/**
+ * @file taler-merchant-httpd_private-post-instances-ID-token.c
+ * @brief implementing DELETE /instances/$ID/token request handling
+ * @author Christian Grothoff
+ */
+#include "platform.h"
+#include "taler-merchant-httpd_private-delete-instances-ID-token.h"
+#include "taler-merchant-httpd_helper.h"
+#include <taler/taler_json_lib.h>
+
+
+MHD_RESULT
+TMH_private_delete_instances_ID_token (const struct TMH_RequestHandler *rh,
+                                       struct MHD_Connection *connection,
+                                       struct TMH_HandlerContext *hc)
+{
+  struct TMH_MerchantInstance *mi = hc->instance;
+  const char *tok;
+
+  tok = MHD_lookup_connection_value (connection,
+                                     MHD_HEADER_KIND,
+                                     MHD_HTTP_HEADER_AUTHORIZATION);
+  GNUNET_break (0); // FIXME: not implemented
+  (void) tok;
+  (void) mi;
+
+  return TALER_MHD_reply_static (connection,
+                                 MHD_HTTP_NO_CONTENT,
+                                 NULL,
+                                 NULL,
+                                 0);
+}
+
+
+/* end of taler-merchant-httpd_private-delete-instances-ID-login.c */
diff --git a/src/backend/taler-merchant-httpd_private-delete-instances-ID-token.h b/src/backend/taler-merchant-httpd_private-delete-instances-ID-token.h
new file mode 100644
index 00000000..bccd07ae
--- /dev/null
+++ b/src/backend/taler-merchant-httpd_private-delete-instances-ID-token.h
@@ -0,0 +1,45 @@
+/*
+  This file is part of GNU Taler
+  (C) 2023 Taler Systems SA
+
+  GNU Taler is free software; you can redistribute it and/or modify
+  it under the terms of the GNU Affero General Public License as
+  published by the Free Software Foundation; either version 3,
+  or (at your option) any later version.
+
+  GNU Taler is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+  GNU General Public License for more details.
+
+  You should have received a copy of the GNU General Public
+  License along with TALER; see the file COPYING.  If not,
+  see <http://www.gnu.org/licenses/>
+*/
+
+/**
+ * @file taler-merchant-httpd_private-delete-instances-ID-token.h
+ * @brief implements DELETE /instances/$ID/token request handling
+ * @author Christian Grothoff
+ */
+#ifndef TALER_MERCHANT_HTTPD_PRIVATE_DELETE_INSTANCES_ID_TOKEN_H
+#define TALER_MERCHANT_HTTPD_PRIVATE_DELETE_INSTANCES_ID_TOKEN_H
+#include "taler-merchant-httpd.h"
+
+
+/**
+ * Delete login token for an instance.
+ *
+ * @param rh context of the handler
+ * @param connection the MHD connection to handle
+ * @param[in,out] hc context with further information about the request
+ * @return MHD result code
+ */
+MHD_RESULT
+TMH_private_delete_instances_ID_token (
+  const struct TMH_RequestHandler *rh,
+  struct MHD_Connection *connection,
+  struct TMH_HandlerContext *hc);
+
+
+#endif
diff --git a/src/backend/taler-merchant-httpd_private-post-instances-ID-login.c b/src/backend/taler-merchant-httpd_private-post-instances-ID-token.c
index 80a40693..e5128a56 100644
--- a/src/backend/taler-merchant-httpd_private-post-instances-ID-login.c
+++ b/src/backend/taler-merchant-httpd_private-post-instances-ID-token.c
@@ -18,29 +18,29 @@
 */
 
 /**
- * @file taler-merchant-httpd_private-post-instances-ID-login.c
- * @brief implementing POST /instances/$ID/login request handling
+ * @file taler-merchant-httpd_private-post-instances-ID-token.c
+ * @brief implementing POST /instances/$ID/token request handling
  * @author Christian Grothoff
  */
 #include "platform.h"
-#include "taler-merchant-httpd_private-post-instances-ID-login.h"
+#include "taler-merchant-httpd_private-post-instances-ID-token.h"
 #include "taler-merchant-httpd_helper.h"
 #include <taler/taler_json_lib.h>
 
 
 /**
- * Maximum duration for the validity of a login token.
+ * Maximum duration for the validity of a token token.
  */
 #define MAX_DURATION GNUNET_TIME_UNIT_DAYS
 
 
 MHD_RESULT
-TMH_private_post_instances_ID_login (const struct TMH_RequestHandler *rh,
+TMH_private_post_instances_ID_token (const struct TMH_RequestHandler *rh,
                                      struct MHD_Connection *connection,
                                      struct TMH_HandlerContext *hc)
 {
   struct TMH_MerchantInstance *mi = hc->instance;
-  json_t *jlogin = hc->request_body;
+  json_t *jtoken = hc->request_body;
   const char *scope;
   bool refreshable = false;
   struct GNUNET_TIME_Relative duration
@@ -66,7 +66,7 @@ TMH_private_post_instances_ID_login (const struct TMH_RequestHandler *rh,
     enum GNUNET_GenericReturnValue res;
 
     res = TALER_MHD_parse_json_data (connection,
-                                     jlogin,
+                                     jtoken,
                                      spec);
     if (GNUNET_OK != res)
       return (GNUNET_NO == res) ? MHD_YES : MHD_NO;
@@ -76,7 +76,7 @@ TMH_private_post_instances_ID_login (const struct TMH_RequestHandler *rh,
   expiration_time = GNUNET_TIME_relative_to_timestamp (duration);
   token = GNUNET_strdup ("FIXME-foo");
   (void) mi;
-  
+
   ret = TALER_MHD_REPLY_JSON_PACK (
     connection,
     MHD_HTTP_OK,
@@ -93,4 +93,4 @@ TMH_private_post_instances_ID_login (const struct TMH_RequestHandler *rh,
 }
 
 
-/* end of taler-merchant-httpd_private-post-instances-ID-login.c */
+/* end of taler-merchant-httpd_private-post-instances-ID-token.c */
diff --git a/src/backend/taler-merchant-httpd_private-post-instances-ID-login.h b/src/backend/taler-merchant-httpd_private-post-instances-ID-token.h
index 388fbc7d..884caa24 100644
--- a/src/backend/taler-merchant-httpd_private-post-instances-ID-login.h
+++ b/src/backend/taler-merchant-httpd_private-post-instances-ID-token.h
@@ -18,12 +18,13 @@
 */
 
 /**
- * @file taler-merchant-httpd_private-post-instances-ID-login.h
- * @brief implements POST /instances/$ID/login request handling
+ * @file taler-merchant-httpd_private-post-instances-ID-token.h
+ * @brief implements POST /instances/$ID/token request handling
  * @author Christian Grothoff
  */
-#ifndef TALER_MERCHANT_HTTPD_PRIVATE_POST_INSTANCES_ID_LOGIN_H
-#define TALER_MERCHANT_HTTPD_PRIVATE_POST_INSTANCES_ID_LOGIN_H
+#ifndef TALER_MERCHANT_HTTPD_PRIVATE_POST_INSTANCES_ID_TOKEN_H
+#define TALER_MERCHANT_HTTPD_PRIVATE_POST_INSTANCES_ID_TOKEN_H
+
 #include "taler-merchant-httpd.h"
 
 
@@ -36,7 +37,7 @@
  * @return MHD result code
  */
 MHD_RESULT
-TMH_private_post_instances_ID_login (const struct TMH_RequestHandler *rh,
+TMH_private_post_instances_ID_token (const struct TMH_RequestHandler *rh,
                                      struct MHD_Connection *connection,
                                      struct TMH_HandlerContext *hc);