From de53505342d3ce479e3bcd03387f658fb8910922 Mon Sep 17 00:00:00 2001
From: Florian Dold <florian.dold@gmail.com>
Date: Wed, 28 Sep 2016 19:37:05 +0200
Subject: break merchant redirect loops

---
 content_scripts/notify.ts |  6 +++++-
 lib/wallet/wxMessaging.ts | 25 ++++++++++++++++++++++---
 2 files changed, 27 insertions(+), 4 deletions(-)

diff --git a/content_scripts/notify.ts b/content_scripts/notify.ts
index 978e7e9a0..abc72616c 100644
--- a/content_scripts/notify.ts
+++ b/content_scripts/notify.ts
@@ -217,11 +217,15 @@ namespace TalerNotify {
       };
 
       chrome.runtime.sendMessage(walletMsg, (resp) => {
+        if (resp.rateLimitExceeded) {
+          console.error("rate limit exceeded, check for redirect loops");
+        }
+
         if (!resp.success) {
           if (msg.offering_url) {
             window.location.href = msg.offering_url;
           } else {
-            console.error("execute-payment failed");
+            console.error("execute-payment failed", resp);
           }
           return;
         }
diff --git a/lib/wallet/wxMessaging.ts b/lib/wallet/wxMessaging.ts
index 9ad2c7f6f..be0e09de7 100644
--- a/lib/wallet/wxMessaging.ts
+++ b/lib/wallet/wxMessaging.ts
@@ -130,7 +130,19 @@ function makeHandlers(db: IDBDatabase,
       }
       return wallet.checkPay(offer);
     },
-    ["execute-payment"]: function(detail, sender) {
+    ["execute-payment"]: function(detail: any, sender: MessageSender) {
+      if (sender.tab && sender.tab.id) {
+        rateLimitCache[sender.tab.id]++;
+        if (rateLimitCache[sender.tab.id] > 10) {
+          console.warn("rate limit for execute payment exceeded");
+          let msg =  {
+            error: "rate limit exceeded for execute-payment",
+            rateLimitExceeded: true,
+            hint: "Check for redirect loops",
+          };
+          return Promise.resolve(msg);
+        }
+      }
       return wallet.executePayment(detail.H_contract);
     },
     ["exchange-info"]: function(detail) {
@@ -287,6 +299,13 @@ function handleHttpPayment(headerList: chrome.webRequest.HttpHeader[],
 export let wallet: Wallet|undefined = undefined;
 export let badge: ChromeBadge|undefined = undefined;
 
+// Rate limit cache for executePayment operations, to break redirect loops
+let rateLimitCache: {[n: number]: number} = {};
+
+function clearRateLimitCache() {
+  rateLimitCache = {};
+}
+
 export function wxMain() {
   chrome.browserAction.setBadgeText({text: ""});
   badge = new ChromeBadge();
@@ -306,6 +325,8 @@ export function wxMain() {
     }
   });
 
+  chrome.extension.getBackgroundPage().setInterval(clearRateLimitCache, 5000);
+
   Promise.resolve()
          .then(() => {
            return openTalerDb();
@@ -349,8 +370,6 @@ export function wxMain() {
                                       details.url,
                                       details.tabId);
            }, {urls: ["<all_urls>"]}, ["responseHeaders", "blocking"]);
-
-
          })
          .catch((e) => {
            console.error("could not initialize wallet messaging");
-- 
cgit v1.2.3