token_add_token.c (3035B)
1 /* 2 This file is part of Challenger 3 Copyright (C) 2023 Taler Systems SA 4 5 Challenger is free software; you can redistribute it and/or modify it under the 6 terms of the GNU General Public License as published by the Free Software 7 Foundation; either version 3, or (at your option) any later version. 8 9 Challenger is distributed in the hope that it will be useful, but WITHOUT ANY 10 WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR 11 A PARTICULAR PURPOSE. See the GNU General Public License for more details. 12 13 You should have received a copy of the GNU General Public License along with 14 Challenger; see the file COPYING. If not, see <http://www.gnu.org/licenses/> 15 */ 16 /** 17 * @file src/challengerdb/token_add_token.c 18 * @brief Implementation of the token_add_token function for Postgres 19 * @author Christian Grothoff 20 */ 21 #include "platform.h" 22 #include <taler/taler_error_codes.h> 23 #include <taler/taler_dbevents.h> 24 #include <taler/taler_pq_lib.h> 25 #include "token_add_token.h" 26 #include "pg_helper.h" 27 28 29 enum GNUNET_DB_QueryStatus 30 CHALLENGERDB_token_add_token (struct CHALLENGERDB_PostgresContext *ctx, 31 const struct CHALLENGER_ValidationNonceP *nonce, 32 const struct CHALLENGER_AccessTokenP *token, 33 struct GNUNET_TIME_Relative token_expiration, 34 struct GNUNET_TIME_Relative address_expiration) 35 { 36 struct GNUNET_TIME_Absolute ge 37 = GNUNET_TIME_relative_to_absolute (token_expiration); 38 struct GNUNET_PQ_QueryParam params[] = { 39 GNUNET_PQ_query_param_auto_from_type (nonce), 40 GNUNET_PQ_query_param_auto_from_type (token), 41 GNUNET_PQ_query_param_absolute_time (&ge), 42 GNUNET_PQ_query_param_relative_time (&address_expiration), 43 GNUNET_PQ_query_param_end 44 }; 45 46 /* Redemption must be atomic and one-shot (RFC 6749 4.1.2): consume the 47 validation by deleting it as we mint the token, so the same authorization 48 code cannot be replayed to mint additional tokens. A replay finds no 49 matching validations row and thus inserts no token (NO_RESULTS), which the 50 caller maps to 'invalid_grant'. The 'address IS NOT NULL' guard avoids 51 violating the tokens.address NOT NULL constraint (and only consumes a 52 validation that actually carries a solved address). */ 53 PREPARE (ctx, 54 "token_add_token", 55 "WITH consumed AS (" 56 " DELETE FROM validations" 57 " WHERE nonce=$1" 58 " AND address IS NOT NULL" 59 " RETURNING address, last_tx_time" 60 ") INSERT INTO tokens" 61 " (access_token" 62 " ,address" 63 " ,token_expiration_time" 64 " ,address_expiration_time" 65 ") SELECT" 66 " $2, address, $3, $4 + last_tx_time" 67 " FROM consumed;"); 68 return GNUNET_PQ_eval_prepared_non_select (ctx->conn, 69 "token_add_token", 70 params); 71 }