From 8a3a76e0d05069ecb76bc90fea02b87831b9464c Mon Sep 17 00:00:00 2001 From: Juerd Waalboer Date: Fri, 20 Jan 2023 18:07:41 +0100 Subject: [PATCH] statiegeld_tokens: implement expiry Done in the _write routine, which means tokens will not expire the exact moment they should, but the first transaction after that. And if that transaction is done by the user, they're in luck as expiry checking happens after using them tokens. --- plugins/statiegeld_tokens | 49 +++++++++++++++++++++++++++++++++++---- 1 file changed, 44 insertions(+), 5 deletions(-) diff --git a/plugins/statiegeld_tokens b/plugins/statiegeld_tokens index 05699fa..24f82cc 100644 --- a/plugins/statiegeld_tokens +++ b/plugins/statiegeld_tokens @@ -1,7 +1,5 @@ #!perl -# TODO: -# expiry of tokens use List::Util; HELP void => "Destroy deposit tokens"; @@ -11,7 +9,8 @@ my $filename = "revbank.statiegeld"; # Token format: token_type,time,expiry_time,product_id,transaction_id,seq # - token_type (also just "type") is the id of the product addon. -# - product_id is recorded but only used for debugging. +# - expiry_time < 0 means the token does not expire. +# - time and product_id is recorded but only used for debugging. # - seq is a 0 based counter per transaction to make tokens unique, # although the uniqueness of tokens is currently neither used nor enforced. # @@ -26,11 +25,32 @@ sub _addon_accounts { return @accounts; } +sub _time_is_reliable() { + state $cache; + state $cached_at; + undef $cache if defined $cached_at and $cached_at <= (time() - 10); + + return $cache if defined $cache; + + $cache = sub { + return 1 if system('ntpstat >/dev/null 2>/dev/null') == 0; + return 1 if `timedatectl show -p NTPSynchronized 2>/dev/null` =~ /=yes/; + + warn "Time/NTP status unknown or bad; deposit tokens will not expire.\n"; + return 0; + }->(); + $cached_at = time; + + return $cache; +} + sub _read { spurt $filename if not -e $filename; my %users_tokens; for (slurp $filename) { + /\S/ or next; + my ($username, @tokens) = split " ", $_; if (exists $users_tokens{$username}) { die "Corrupt data file $filename, $username listed twice"; @@ -47,16 +67,34 @@ sub _read { return \%users_tokens; } +sub _expire_tokens($line, $time) { + $time > 0 or return $line; + defined $line or return $line; + $line =~ / / or return $line; + + # Rewrite line with only non-tokens, invalid tokens, and non-expired tokens + return join(" ", grep { + my ($type, undef, $expiry) = split /,/; + + !defined($expiry) or $expiry < 0 or $expiry > $time + } split " ", $line) . "\n"; +} + sub _write($username, $tokens_by_type, $create) { my @tokens = map @{ $tokens_by_type->{$_} }, sort keys %$tokens_by_type; my $new_line = @tokens == 0 ? undef : join(" ", $username, @tokens) . "\n"; + + my $time = _time_is_reliable ? time() : -1; if ($create) { append $filename, $new_line if defined $new_line; } else { rewrite $filename, sub ($old_line) { + $old_line =~ /\S/ or return $old_line; # keep whitespace-only lines + # removes line from file if $new_line is undef - return /(\S+)/ && $1 eq $username ? $new_line : $old_line; + my $line = /(\S+)/ && $1 eq $username ? $new_line : $old_line; + return _expire_tokens($line, $time); }; } } @@ -108,6 +146,7 @@ sub hook_checkout_prepare($class, $cart, $username, $transaction_id, @) { my $tokens_by_type = _read->{$username}; my $is_new = !defined $tokens_by_type; $tokens_by_type = {} if $is_new; + my $time_is_reliable = _time_is_reliable; my $tokens_changed = 0; @@ -127,7 +166,7 @@ sub hook_checkout_prepare($class, $cart, $username, $transaction_id, @) { my $token = join(",", $addon->{id}, # token_type time(), - time() + $ttl, + ($time_is_reliable ? time() + $ttl : -1), $entry->attribute('product_id'), $transaction_id, $seq++,