[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[taler-exchange] branch master updated: implement KYC options
|
From: |
gnunet |
|
Subject: |
[taler-exchange] branch master updated: implement KYC options |
|
Date: |
Thu, 14 Oct 2021 11:47:49 +0200 |
This is an automated email from the git hooks/post-receive script.
grothoff pushed a commit to branch master
in repository exchange.
The following commit(s) were added to refs/heads/master by this push:
new 1b119edd implement KYC options
1b119edd is described below
commit 1b119edd6225567419add05e0a92170ebfa457df
Author: Christian Grothoff <christian@grothoff.org>
AuthorDate: Thu Oct 14 11:47:45 2021 +0200
implement KYC options
---
src/exchange/exchange.conf | 17 +++++-
src/exchange/taler-exchange-httpd.c | 114 ++++++++++++++++++++++++++++++++++++
src/exchange/taler-exchange-httpd.h | 62 ++++++++++++++++++++
3 files changed, 192 insertions(+), 1 deletion(-)
diff --git a/src/exchange/exchange.conf b/src/exchange/exchange.conf
index c4115042..2dd934f4 100644
--- a/src/exchange/exchange.conf
+++ b/src/exchange/exchange.conf
@@ -77,9 +77,24 @@ TERMS_DIR = $DATADIR/exchange/tos/
# Etag / filename for the terms of service.
TERMS_ETAG = 0
-
# Directory with our privacy policy.
PRIVACY_DIR = $DATADIR/exchange/pp/
# Etag / filename for the privacy policy.
PRIVACY_ETAG = 0
+
+# Set to NONE to disable KYC checks.
+# Set to "OAUTH2" to use OAuth 2.0 for KYC authorization.
+KYC_MODE = NONE
+
+
+[exchange-kyc-oauth2]
+
+# URL of the OAuth endpoint for KYC checks
+# KYC_OAUTH2_URL =
+
+# KYC Oauth client ID.
+# KYC_OAUTH2_CLIENT_ID =
+
+# KYC Client secret used to obtain access tokens.
+# KYC_OAUTH2_CLIENT_SECRET =
diff --git a/src/exchange/taler-exchange-httpd.c
b/src/exchange/taler-exchange-httpd.c
index 57ca085a..b7845f5a 100644
--- a/src/exchange/taler-exchange-httpd.c
+++ b/src/exchange/taler-exchange-httpd.c
@@ -68,6 +68,11 @@ int TEH_allow_keys_timetravel;
*/
const struct GNUNET_CONFIGURATION_Handle *TEH_cfg;
+/**
+ * Our KYC configuration.
+ */
+struct TEH_KycOptions TEH_kyc_config;
+
/**
* How long is caching /keys allowed at most? (global)
*/
@@ -1070,6 +1075,74 @@ handle_mhd_request (void *cls,
}
+/**
+ * Load OAuth2.0 configuration parameters for the exchange server into the
+ * #TEH_kyc_config variable.
+ *
+ * @return #GNUNET_OK on success
+ */
+static enum GNUNET_GenericReturnValue
+parse_kyc_oauth_cfg (void)
+{
+ char *s;
+
+ if (GNUNET_OK !=
+ GNUNET_CONFIGURATION_get_value_string (TEH_cfg,
+ "exchange-kyc-oauth2",
+ "KYC_OAUTH2_URL",
+ &s))
+ {
+ GNUNET_log_config_missing (GNUNET_ERROR_TYPE_ERROR,
+ "exchange-kyc-oauth2",
+ "KYC_OAUTH2_URL");
+ return GNUNET_SYSERR;
+ }
+ if ( (! TALER_url_valid_charset (s)) ||
+ ( (0 != strncasecmp (s,
+ "http://";,
+ strlen ("http://";))) &&
+ (0 != strncasecmp (s,
+ "https://";,
+ strlen ("https://";))) ) )
+ {
+ GNUNET_log_config_invalid (GNUNET_ERROR_TYPE_ERROR,
+ "exchange-kyc-oauth2",
+ "KYC_OAUTH2_URL",
+ "not a valid URL");
+ GNUNET_free (s);
+ return GNUNET_SYSERR;
+ }
+ TEH_kyc_config.details.oauth2.url = s;
+
+ if (GNUNET_OK !=
+ GNUNET_CONFIGURATION_get_value_string (TEH_cfg,
+ "exchange-kyc-oauth2",
+ "KYC_OAUTH2_CLIENT_ID",
+ &s))
+ {
+ GNUNET_log_config_missing (GNUNET_ERROR_TYPE_ERROR,
+ "exchange-kyc-oauth2",
+ "KYC_OAUTH2_CLIENT_ID");
+ return GNUNET_SYSERR;
+ }
+ TEH_kyc_config.details.oauth2.client_id = s;
+
+ if (GNUNET_OK !=
+ GNUNET_CONFIGURATION_get_value_string (TEH_cfg,
+ "exchange-kyc-oauth2",
+ "KYC_OAUTH2_CLIENT_SECRET",
+ &s))
+ {
+ GNUNET_log_config_missing (GNUNET_ERROR_TYPE_ERROR,
+ "exchange-kyc-oauth2",
+ "KYC_OAUTH2_CLIENT_SECRET");
+ return GNUNET_SYSERR;
+ }
+ TEH_kyc_config.details.oauth2.client_secret = s;
+ return GNUNET_OK;
+}
+
+
/**
* Load configuration parameters for the exchange
* server into the corresponding global variables.
@@ -1079,6 +1152,47 @@ handle_mhd_request (void *cls,
static enum GNUNET_GenericReturnValue
exchange_serve_process_config (void)
{
+ {
+ char *kyc_mode;
+
+ if (GNUNET_OK !=
+ GNUNET_CONFIGURATION_get_value_string (TEH_cfg,
+ "exchange",
+ "KYC_MODE",
+ &kyc_mode))
+ {
+ GNUNET_log_config_missing (GNUNET_ERROR_TYPE_ERROR,
+ "exchange",
+ "KYC_MODE");
+ return GNUNET_SYSERR;
+ }
+ if (0 == strcasecmp (kyc_mode,
+ "NONE"))
+ {
+ TEH_kyc_config.mode = TEH_KYC_NONE;
+ }
+ else if (0 == strcasecmp (kyc_mode,
+ "OAUTH2"))
+ {
+ TEH_kyc_config.mode = TEH_KYC_OAUTH2;
+ if (GNUNET_OK !=
+ parse_kyc_oauth_cfg ())
+ {
+ GNUNET_free (kyc_mode);
+ return GNUNET_SYSERR;
+ }
+ }
+ else
+ {
+ GNUNET_log_config_invalid (GNUNET_ERROR_TYPE_ERROR,
+ "exchange",
+ "KYC_MODE",
+ "Must be 'NONE' or 'OAUTH2'");
+ GNUNET_free (kyc_mode);
+ return GNUNET_SYSERR;
+ }
+ GNUNET_free (kyc_mode);
+ }
if (GNUNET_OK !=
GNUNET_CONFIGURATION_get_value_number (TEH_cfg,
"exchange",
diff --git a/src/exchange/taler-exchange-httpd.h
b/src/exchange/taler-exchange-httpd.h
index e4342648..bf41d227 100644
--- a/src/exchange/taler-exchange-httpd.h
+++ b/src/exchange/taler-exchange-httpd.h
@@ -29,6 +29,68 @@
#include <gnunet/gnunet_mhd_compat.h>
+/**
+ * Enumeration for our KYC modes.
+ */
+enum TEH_KycMode
+{
+ /**
+ * KYC is disabled.
+ */
+ TEH_KYC_NONE = 0,
+
+ /**
+ * We use Oauth2.0.
+ */
+ TEH_KYC_OAUTH2 = 1
+};
+
+
+/**
+ * Structure describing our KYC configuration.
+ */
+struct TEH_KycOptions
+{
+ /**
+ * What KYC mode are we in?
+ */
+ enum TEH_KycMode mode;
+
+ /**
+ * Details depending on @e mode.
+ */
+ union
+ {
+
+ /**
+ * Configuration details if @e mode is #TEH_KYC_OAUTH2.
+ */
+ struct
+ {
+
+ /**
+ * URL of tue OAuth2.0 endpoint for KYC checks.
+ */
+ char *url;
+
+ /**
+ * Our client ID for OAuth2.0.
+ */
+ char *client_id;
+
+ /**
+ * Our client secret for OAuth2.0.
+ */
+ char *client_secret;
+
+ } oauth2;
+
+ } details;
+};
+
+
+extern struct TEH_KycOptions TEH_kyc_config;
+
/**
* How long is caching /keys allowed at most?
*/
--
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [taler-exchange] branch master updated: implement KYC options,
gnunet <=