[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[taler-anastasis] branch master updated: document and shorten default pa
From: |
gnunet |
Subject: |
[taler-anastasis] branch master updated: document and shorten default payment timeout (fixes #7073) |
Date: |
Fri, 31 Dec 2021 18:26:52 +0100 |
This is an automated email from the git hooks/post-receive script.
grothoff pushed a commit to branch master
in repository anastasis.
The following commit(s) were added to refs/heads/master by this push:
new 0919fe8 document and shorten default payment timeout (fixes #7073)
0919fe8 is described below
commit 0919fe8b52588bd8f3adb83817158abc9434ac5b
Author: Christian Grothoff <christian@grothoff.org>
AuthorDate: Fri Dec 31 18:26:49 2021 +0100
document and shorten default payment timeout (fixes #7073)
---
doc/sphinx/rest.rst | 4 ++--
src/backend/anastasis-httpd_policy.c | 7 -------
src/backend/anastasis-httpd_policy_upload.c | 2 +-
src/backend/anastasis-httpd_truth.c | 7 -------
4 files changed, 3 insertions(+), 17 deletions(-)
diff --git a/doc/sphinx/rest.rst b/doc/sphinx/rest.rst
index 9127354..605fc9f 100644
--- a/doc/sphinx/rest.rst
+++ b/doc/sphinx/rest.rst
@@ -216,7 +216,7 @@ In the following, UUID is always defined and used according
to `RFC 4122`_.
:query timeout_ms=NUMBER: *Optional.* If specified, the Anastasis server
will
wait up to ``timeout_ms`` milliseconds for completion of the payment before
sending the HTTP response. A client must never rely on this behavior, as
the
- backend may return a response immediately.
+ backend may return a response immediately. If a ``timeout_ms`` is not
given, the Anastasis server may apply a default timeout (usually 30s) when
talking to the merchant backend.
*If-None-Match*: This header MUST be present and set to the SHA512 hash
(Etag) of the body by the client.
The client SHOULD also set the ``Expect: 100-Continue`` header and wait for
``100 continue``
@@ -227,7 +227,7 @@ In the following, UUID is always defined and used according
to `RFC 4122`_.
*Anastasis-Policy-Signature*: The client must provide Base-32 encoded EdDSA
signature over hash of body with ``$ACCOUNT_PRIV``, affirming desire to upload
an encrypted recovery document.
- *Payment-Identifier*: Base-32 encoded 32-byte payment identifier that was
included in a previous payment (see ``402`` status code). Used to allow the
server to check that the client paid for the upload (to protect the server
against DoS attacks) and that the client knows a real secret of financial value
(as the **kdf_id** might be known to an attacker). If this header is missing in
the client's request (or the associated payment has exceeded the upload limit),
the server must return a [...]
+ *Payment-Identifier*: Base-32 encoded 32-byte payment identifier that was
included in a previous payment (see ``402`` status code). Used to allow the
server to check that the client paid for the upload (to protect the server
against DoS attacks) and that the client knows a real secret of financial value
(as the **kdf_id** might be known to an attacker). If this header is missing in
the client's request (or the associated payment has exceeded the upload limit),
the server must return a [...]
**Response**:
diff --git a/src/backend/anastasis-httpd_policy.c
b/src/backend/anastasis-httpd_policy.c
index 6e206a2..99ed719 100644
--- a/src/backend/anastasis-httpd_policy.c
+++ b/src/backend/anastasis-httpd_policy.c
@@ -30,13 +30,6 @@
#include <taler/taler_merchant_service.h>
#include <taler/taler_signatures.h>
-/**
- * How long do we hold an HTTP client connection if
- * we are awaiting payment before giving up?
- */
-#define CHECK_PAYMENT_GENERIC_TIMEOUT GNUNET_TIME_relative_multiply ( \
- GNUNET_TIME_UNIT_MINUTES, 30)
-
/**
* Return the current recoverydocument of @a account on @a connection
diff --git a/src/backend/anastasis-httpd_policy_upload.c
b/src/backend/anastasis-httpd_policy_upload.c
index 4c86241..11f15e2 100644
--- a/src/backend/anastasis-httpd_policy_upload.c
+++ b/src/backend/anastasis-httpd_policy_upload.c
@@ -35,7 +35,7 @@
* we are awaiting payment before giving up?
*/
#define CHECK_PAYMENT_GENERIC_TIMEOUT GNUNET_TIME_relative_multiply ( \
- GNUNET_TIME_UNIT_MINUTES, 30)
+ GNUNET_TIME_UNIT_SECONDS, 30)
/**
diff --git a/src/backend/anastasis-httpd_truth.c
b/src/backend/anastasis-httpd_truth.c
index 54969bf..2a80cb7 100644
--- a/src/backend/anastasis-httpd_truth.c
+++ b/src/backend/anastasis-httpd_truth.c
@@ -37,13 +37,6 @@
#define MAX_QUESTION_FREQ GNUNET_TIME_relative_multiply ( \
GNUNET_TIME_UNIT_SECONDS, 30)
-/**
- * How long do we hold an HTTP client connection if
- * we are awaiting payment before giving up?
- */
-#define CHECK_PAYMENT_GENERIC_TIMEOUT GNUNET_TIME_relative_multiply ( \
- GNUNET_TIME_UNIT_MINUTES, 30)
-
/**
* How long should the wallet check for auto-refunds before giving up?
*/
--
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [taler-anastasis] branch master updated: document and shorten default payment timeout (fixes #7073),
gnunet <=