1 files changed, 44 insertions, 7 deletions

diff --git a/src/backend/taler-merchant-httpd_post-orders-ID-pay.c b/src/backend/taler-merchant-httpd_post-orders-ID-pay.c
index d3103725..2407625b 100644
--- a/src/backend/taler-merchant-httpd_post-orders-ID-pay.c
+++ b/src/backend/taler-merchant-httpd_post-orders-ID-pay.c
@@ -30,6 +30,7 @@
 #include <gnunet/gnunet_json_lib.h>
 #include <gnunet/gnunet_time_lib.h>
 #include <jansson.h>
+#include <microhttpd.h>
 #include <stddef.h>
 #include <stdint.h>
 #include <string.h>
@@ -38,6 +39,7 @@
 #include <taler/taler_signatures.h>
 #include <taler/taler_json_lib.h>
 #include <taler/taler_exchange_service.h>
+#include "taler-merchant-httpd.h"
 #include "taler-merchant-httpd_exchanges.h"
 #include "taler-merchant-httpd_contract.h"
 #include "taler-merchant-httpd_helper.h"
@@ -57,13 +59,11 @@
 #define MAX_COIN_ALLOWED_COINS 1024
 
 /**
- * TODO: What is a good value for this?
  * Maximum number of tokens that we allow as inputs per transaction
  */
 #define MAX_TOKEN_ALLOWED_INPUTs 128
 
 /**
- * TODO: What is a good value for this?
  * Maximum number of tokens that we allow as outputs per transaction
  */
 #define MAX_TOKEN_ALLOWED_OUTPUTs 128
@@ -239,11 +239,6 @@ struct TokenUseConfirmation
 {
 
   /**
-   * Slug of the token family this token belongs to.
-   */
-  char *slug;
-
-  /**
    * Signature on the deposit request made using the token use private key.
    */
   struct TALER_TokenUseSignatureP sig;
@@ -2058,6 +2053,48 @@ phase_execute_pay_transaction (struct PayContext *pc)
     return;
   }
 
+  for (size_t i = 0; i<pc->tokens_cnt; i++)
+  {
+    struct TokenUseConfirmation *tuc = &pc->tokens[i];
+
+    enum GNUNET_DB_QueryStatus qs;
+
+    /* Insert used token into database, the unique contraint will
+       case an error if this token was used before. */
+    qs = TMH_db->insert_spent_token (TMH_db->cls,
+                                     &pc->h_contract_terms,
+                                     &tuc->h_issue,
+                                     &tuc->pub,
+                                     &tuc->sig,
+                                     &tuc->unblinded_sig);
+
+    if (0 > qs)
+    {
+      TMH_db->rollback (TMH_db->cls);
+      if (GNUNET_DB_STATUS_SOFT_ERROR == qs)
+        return; /* do it again */
+      /* Always report on hard error as well to enable diagnostics */
+      GNUNET_break (GNUNET_DB_STATUS_HARD_ERROR == qs);
+      pay_end (pc,
+               TALER_MHD_reply_with_error (pc->connection,
+                                           MHD_HTTP_INTERNAL_SERVER_ERROR,
+                                           TALER_EC_GENERIC_DB_FETCH_FAILED,
+                                           "insert used token"));
+      return;
+    }
+    else if (0 == qs)
+    {
+      /* UNIQUE constreaint violation --> Token already used. */
+      pay_end (pc,
+               TALER_MHD_reply_with_error (pc->connection,
+                                           MHD_HTTP_CONFLICT,
+                                           /* TODO: Maybe use a token-specific error code here? */
+                                           TALER_EC_MERCHANT_POST_ORDERS_ID_PAY_INSUFFICIENT_FUNDS,
+                                           "token already used"));
+      return;
+    }
+  }
+
   {
     enum GNUNET_DB_QueryStatus qs;