turnstile

PaivanaController.php (8455B)

---

 <?php
 
 /**
  * @file
  * Location: src/Controller/PaivanaController.php
  *
  * Confirms a paid Paivana-style purchase, validates the contract
  * matches a known fulfillment URL and price category, and on success
  * mints the access cookie and redirects.
  */
 
 namespace Drupal\taler_turnstile\Controller;
 
 use Drupal\Core\Controller\ControllerBase;
 use Drupal\Core\Url;
 use Drupal\node\NodeInterface;
 use Drupal\path_alias\AliasManagerInterface;
 use Drupal\taler_turnstile\Entity\TurnstilePriceCategory;
 use Drupal\taler_turnstile\PaivanaCookie;
 use Drupal\taler_turnstile\TalerMerchantApiService;
 use Symfony\Component\DependencyInjection\ContainerInterface;
 use Symfony\Component\HttpFoundation\JsonResponse;
 use Symfony\Component\HttpFoundation\RedirectResponse;
 use Symfony\Component\HttpFoundation\Request;
 
 /**
  * Controller backing /taler-turnstile/paivana.
  */
 class PaivanaController extends ControllerBase {
 
   /**
    * @var \Drupal\taler_turnstile\TalerMerchantApiService
    */
   protected $apiService;
 
   /**
    * @var \Drupal\taler_turnstile\PaivanaCookie
    */
   protected $cookies;
 
   /**
    * @var \Drupal\path_alias\AliasManagerInterface
    */
   protected $aliasManager;
 
   public function __construct(TalerMerchantApiService $api_service,
                               PaivanaCookie $cookies,
                               AliasManagerInterface $alias_manager) {
     $this->apiService = $api_service;
     $this->cookies = $cookies;
     $this->aliasManager = $alias_manager;
   }
 
   public static function create(ContainerInterface $container) {
     return new static(
       $container->get('taler_turnstile.api_service'),
       $container->get('taler_turnstile.cookie'),
       $container->get('path_alias.manager')
     );
   }
 
 
   /**
    * Reverse $url to the node it canonically points at, so we can
    * load its price category. Returns NULL if no node could be
    * resolved.
    */
   protected function nodeFromUrl(Request $request, string $url): ?NodeInterface {
     $base = $request->getSchemeAndHttpHost();
     if (strpos($url, $base) !== 0) {
       // The fulfillment URL must live on this site, otherwise we
       // have nothing meaningful to validate against.
       return NULL;
     }
     $path = parse_url($url, PHP_URL_PATH) ?: '/';
     // Strip the language prefix (e.g. "/en/node/3" -> "/node/3") so
     // the alias manager, which is language-agnostic, can resolve it.
     foreach ($this->languageManager()->getLanguages() as $language) {
       $prefix = '/' . $language->getId();
       if ($path === $prefix || strpos($path, $prefix . '/') === 0) {
         $path = substr($path, strlen($prefix));
         if ($path === '') {
           $path = '/';
         }
         break;
       }
     }
     // Resolve any path alias (e.g. "/articles/foo") down to "/node/123".
     $internal = $this->aliasManager->getPathByAlias($path);
     if (! preg_match('#^/node/(\d+)$#', $internal, $m)) {
       return NULL;
     }
     $node = $this->entityTypeManager()->getStorage('node')->load($m[1]);
     return $node instanceof NodeInterface ? $node : NULL;
   }
 
 
   /**
    * Decode a Crockford base32-encoded string (GNUnet flavor:
    * alphabet "0123456789ABCDEFGHJKMNPQRSTVWXYZ") into raw bytes.
    * Returns FALSE on malformed input.
    */
   protected static function crock32Decode(string $encoded) {
     static $rmap = NULL;
     if ($rmap === NULL) {
       $rmap = [];
       $table = '0123456789ABCDEFGHJKMNPQRSTVWXYZ';
       for ($i = 0; $i < 32; $i++) {
         $rmap[$table[$i]] = $i;
       }
     }
     $encoded = strtoupper($encoded);
     $bytes = '';
     $buf = 0;
     $bits = 0;
     $len = strlen($encoded);
     for ($i = 0; $i < $len; $i++) {
       $c = $encoded[$i];
       if (!isset($rmap[$c])) {
         return FALSE;
       }
       $buf = ($buf << 5) | $rmap[$c];
       $bits += 5;
       if ($bits >= 8) {
         $bytes .= chr(($buf >> ($bits - 8)) & 0xFF);
         $bits -= 8;
       }
     }
     return $bytes;
   }
 
   /**
    * POST handler. Body: {order_id, nonce, cur_time, website}.
    * On success, returns 303 + Set-Cookie + Location: $website.
    *
    * Wire format follows the canonical Paivana spec (see
    * paivana-httpd_pay.c / paivana-httpd_cookie.c):
    *   - nonce: Crockford base32-encoded 16 binary bytes
    *   - cur_time: GNUnet timestamp object {"t_s": <seconds>}
    *   - paivana_id := <seconds> "-" b64url(SHA256(
    *         nonce_bytes || website_bytes || "\0" || us_BE64))
    */
   public function confirm(Request $request) {
     $payload = json_decode((string) $request->getContent(), TRUE);
     if (! is_array($payload)) {
       return new JsonResponse(['error' => 'malformed_json'], 400);
     }
     $order_id = $payload['order_id'] ?? NULL;
     $nonce = $payload['nonce'] ?? NULL;
     $cur_time_obj = $payload['cur_time'] ?? NULL;
     $website = $payload['website'] ?? NULL;
     if (! is_string($order_id) || ! is_string($nonce) ||
         ! is_array($cur_time_obj) || ! isset($cur_time_obj['t_s']) ||
         ! is_int($cur_time_obj['t_s']) || ! is_string($website)) {
       return new JsonResponse(['error' => 'missing_or_malformed_fields'], 400);
     }
     $cur_time = $cur_time_obj['t_s'];
     if ($cur_time <= time()) {
       return new JsonResponse(['error' => 'expired'], 410);
     }
 
     // Canonical PAIVANA_Nonce is 16 bytes (4 * uint32_t), encoded
     // on the wire as Crockford base32 by GNUNET_JSON_spec_fixed_auto.
     $nonce_bytes = self::crock32Decode($nonce);
     if ($nonce_bytes === FALSE || strlen($nonce_bytes) < 16) {
       return new JsonResponse(['error' => 'bad_nonce'], 400);
     }
     $nonce_bytes = substr($nonce_bytes, 0, 16);
 
     // Reconstruct the paivana ID exactly the same way the JS did.
     // The hash input is: 16-byte binary nonce || website || NUL ||
     // 8-byte big-endian microseconds.
     $cur_time_be = pack('J', $cur_time * 1000000);
     $hash = hash('sha256',
                  $nonce_bytes . $website . "\0" . $cur_time_be,
                  TRUE);
     $paivana_id = $cur_time . '-' . rtrim(strtr(base64_encode($hash), '+/', '-_'), '=');
 
     // Resolve the website to a Drupal node so we can determine the
     // price category and thus the set of acceptable amounts.
     $node = $this->nodeFromUrl($request, $website);
     if (! $node) {
       \Drupal::logger('taler_turnstile')->warning('Confirm: cannot resolve fulfillment URL @url to a node', ['@url' => $website]);
       return new JsonResponse(['error' => 'unknown_fulfillment_url'], 404);
     }
     if (! $node->hasField('field_taler_turnstile_prcat') ||
         $node->get('field_taler_turnstile_prcat')->isEmpty()) {
       return new JsonResponse(['error' => 'no_price_category'], 404);
     }
     /** @var TurnstilePriceCategory $price_category */
     $price_category = $node->get('field_taler_turnstile_prcat')->entity;
     if (! $price_category) {
       return new JsonResponse(['error' => 'no_price_category'], 404);
     }
     // getSubscriptions() always returns a result with at least the
     // "%none%" entry in data, even on backend failure, so the
     // acceptable-amounts list can still be computed for non-subscription
     // prices when the backend is briefly unreachable.
     $subs_result = $this->apiService->getSubscriptions();
     $subscriptions = is_array($subs_result->data) ? $subs_result->data : [];
     $expected_amounts = $price_category->getAcceptableAmounts($subscriptions);
     if (empty($expected_amounts)) {
       return new JsonResponse(['error' => 'no_choices_configured'], 500);
     }
 
     $verified = $this->apiService->verifyPaidOrder(
       $order_id,
       $paivana_id,
       $website,
       $expected_amounts
     );
     if (! $verified) {
       return new JsonResponse(['error' => 'order_not_validated'], 402);
     }
 
     // If the contract bought a subscription, persist that in the
     // session so subsequent visits can short-circuit even when
     // the per-URL cookie expires.
     if (! empty($verified['subscription_slug'])) {
       _taler_turnstile_grant_subscriber_access(
         $verified['subscription_slug'],
         (int) $verified['subscription_expiration']
       );
     }
 
     $cookie = $this->cookies->mint(
       $request,
       $website,
       TalerMerchantApiService::ORDER_VALIDITY_SECONDS
     );
     $response = new RedirectResponse($website, 303);
     $response->headers->setCookie($cookie);
     // The result is per-cookie and short-lived; do not cache.
     $response->headers->set('Cache-Control', 'no-store');
     return $response;
   }
 
 }