997 lines
39 KiB
Bash
Executable file
997 lines
39 KiB
Bash
Executable file
#!/usr/bin/env bash
|
||
# Full withdraw + pay cycle; clear BLOCKERS when the path cannot finish.
|
||
# Skips remaining steps if overall budget exceeded (E2E_TIMEOUT, default 90s).
|
||
set -euo pipefail
|
||
ROOT=$(cd "$(dirname "$0")" && pwd)
|
||
# shellcheck source=lib.sh
|
||
source "$ROOT/lib.sh"
|
||
|
||
: "${E2E_TIMEOUT:=180}" # ATM ladder + wirewatch lag needs room (was 55 — too tight)
|
||
: "${E2E_PAY_SECS:=22}" # hard reserve for handle-uri + settle (do not starve pay)
|
||
: "${E2E_SETTLE_ROUNDS:=18}"
|
||
: "${E2E_SETTLE_SLEEP:=3}"
|
||
E2E_START=$(date +%s)
|
||
BAL_BEFORE="(not captured)"
|
||
BAL_AFTER="(not captured)"
|
||
E2E_REPORTED=0
|
||
e2e_left() { echo $(( E2E_TIMEOUT - ($(date +%s) - E2E_START) )); }
|
||
e2e_over() { [ "$(e2e_left)" -le 0 ]; }
|
||
|
||
# Fixed short timeout — used even when e2e budget is exhausted / on EXIT
|
||
# stdout only for JSON; logs go to stderr file so balance parse stays clean
|
||
wcli_bal_snap() {
|
||
local out="$1"
|
||
if [ -z "${WALLET_CLI:-}" ] || [ ! -f "${WDB:-}" ]; then
|
||
echo "(no wallet)" >"$out"
|
||
return 1
|
||
fi
|
||
local err="${out}.err"
|
||
if command -v perl >/dev/null 2>&1; then
|
||
perl -e 'alarm shift; exec @ARGV' 10 \
|
||
node "$WALLET_CLI" --wallet-db="$WDB" --no-throttle --skip-defaults balance \
|
||
>"$out" 2>"$err" || true
|
||
else
|
||
node "$WALLET_CLI" --wallet-db="$WDB" --no-throttle --skip-defaults balance \
|
||
>"$out" 2>"$err" || true
|
||
fi
|
||
[ -s "$out" ]
|
||
}
|
||
|
||
fmt_bal() {
|
||
python3 -c '
|
||
import json,re,sys
|
||
raw=open(sys.argv[1]).read() if sys.argv[1] else ""
|
||
if not raw.strip() or raw.strip().startswith("(no"):
|
||
print(raw.strip() or "(empty)"); sys.exit(0)
|
||
# extract first JSON object with "balances"
|
||
d=None
|
||
for m in re.finditer(r"\{", raw):
|
||
try:
|
||
d=json.loads(raw[m.start():])
|
||
if isinstance(d, dict) and "balances" in d:
|
||
break
|
||
except Exception:
|
||
d=None
|
||
if not isinstance(d, dict):
|
||
print(re.sub(r"\s+"," ", raw)[:200]); sys.exit(0)
|
||
parts=[]
|
||
for b in d.get("balances") or []:
|
||
cur=(b.get("scopeInfo") or {}).get("currency") or "?"
|
||
parts.append("%s avail=%s pendingIn=%s" % (cur, b.get("available"), b.get("pendingIncoming")))
|
||
print("; ".join(parts) if parts else "(no balances)")
|
||
' "${1:-/dev/null}" 2>/dev/null || echo "(unreadable)"
|
||
}
|
||
|
||
# Numeric available for currency CUR (from balance file or fresh wallet snap)
|
||
wallet_avail_num() {
|
||
local f="${1:-}"
|
||
if [ -z "$f" ] || [ ! -s "$f" ]; then
|
||
f="$SCRATCH/bal-live.out"
|
||
wcli_bal_snap "$f" || wcli balance >"$f" 2>&1 || true
|
||
fi
|
||
python3 -c '
|
||
import json,re,sys
|
||
cur=sys.argv[2]
|
||
raw=open(sys.argv[1]).read() if sys.argv[1] else ""
|
||
d=None
|
||
for m in re.finditer(r"\{", raw):
|
||
try:
|
||
d=json.loads(raw[m.start():])
|
||
if isinstance(d, dict) and "balances" in d: break
|
||
except Exception:
|
||
d=None
|
||
if isinstance(d, dict):
|
||
for b in d.get("balances") or []:
|
||
c=(b.get("scopeInfo") or {}).get("currency") or ""
|
||
av=b.get("available") or ""
|
||
if c==cur or av.startswith(cur+":"):
|
||
try:
|
||
print(float(av.split(":",1)[1])); sys.exit(0)
|
||
except Exception:
|
||
pass
|
||
# text fallback
|
||
m=re.search(r"%s:([0-9]+(?:\.[0-9]+)?)" % re.escape(cur), raw)
|
||
print(float(m.group(1)) if m else 0.0)
|
||
' "${f:-/dev/null}" "${CUR:-GOA}" 2>/dev/null || echo 0
|
||
}
|
||
|
||
# Wait for spendable balance (settlement / wirewatch lag). Returns 0 if avail > min.
|
||
# Emphasizes timing, not hard failure, while waiting.
|
||
wait_wallet_balance() {
|
||
local min_n="${1:-0}"
|
||
local rounds="${2:-15}"
|
||
local sleep_s="${3:-3}"
|
||
local r av
|
||
info "wallet settle wait" "up to ${rounds}×${sleep_s}s for avail>${min_n} ${CUR} (wirewatch lag is common)"
|
||
for r in $(seq 1 "$rounds"); do
|
||
wcli run-until-done >"$SCRATCH/settle-run.out" 2>&1 || true
|
||
wcli_bal_snap "$SCRATCH/bal-live.out" || wcli balance >"$SCRATCH/bal-live.out" 2>&1 || true
|
||
av=$(wallet_avail_num "$SCRATCH/bal-live.out")
|
||
if python3 -c "import sys; sys.exit(0 if float(sys.argv[1]) > float(sys.argv[2]) else 1)" "$av" "$min_n" 2>/dev/null; then
|
||
ok "wallet balance ready" "avail=${CUR}:${av} after ~$((r * sleep_s))s settle wait"
|
||
info "balance" "$(fmt_bal "$SCRATCH/bal-live.out")"
|
||
return 0
|
||
fi
|
||
if [ "$r" = "1" ] || [ "$((r % 3))" = "0" ]; then
|
||
info "settlement lag" "round $r/${rounds}: avail=${CUR}:${av} (still waiting — not an error yet)"
|
||
fi
|
||
# gentle wirewatch nudge mid-wait (local only)
|
||
if [ "$r" = "4" ] || [ "$r" = "8" ]; then
|
||
if [ "${E2E_REMOTE:-0}" != "1" ] && koopa_ssh_ok; then
|
||
koopa_ssh_run 8 \
|
||
'podman exec taler-hacktivism-exchange-ansible systemctl restart taler-exchange-wirewatch 2>/dev/null || true' \
|
||
>/dev/null 2>&1 || true
|
||
fi
|
||
fi
|
||
sleep "$sleep_s"
|
||
done
|
||
av=$(wallet_avail_num "$SCRATCH/bal-live.out")
|
||
warn "settlement lag" "after ${rounds}×${sleep_s}s still avail=${CUR}:${av} — coins may still be in flight"
|
||
return 1
|
||
}
|
||
|
||
print_balances() {
|
||
section "e2e · wallet balances"
|
||
info "BALANCE before" "$BAL_BEFORE"
|
||
# refresh after if we can
|
||
if [ -n "${SCRATCH:-}" ]; then
|
||
wcli_bal_snap "$SCRATCH/bal-end.out" || true
|
||
if [ -s "$SCRATCH/bal-end.out" ]; then
|
||
BAL_AFTER=$(fmt_bal "$SCRATCH/bal-end.out")
|
||
fi
|
||
fi
|
||
info "BALANCE after " "$BAL_AFTER"
|
||
}
|
||
|
||
e2e_finish() {
|
||
local code="${1:-1}"
|
||
if [ "$E2E_REPORTED" = "1" ]; then
|
||
return "$code"
|
||
fi
|
||
E2E_REPORTED=1
|
||
print_balances
|
||
summary || true
|
||
return "$code"
|
||
}
|
||
|
||
e2e_skip_rest() {
|
||
local why="$1"
|
||
warn "e2e timeout" "budget ${E2E_TIMEOUT}s exceeded — $why"
|
||
blocker "e2e-timeout" "skipped remaining steps after ${E2E_TIMEOUT}s ($why)"
|
||
section "e2e · report"
|
||
info "WITHDRAW" "incomplete (timeout)"
|
||
info "PAY" "SKIPPED (timeout)"
|
||
# If we already started a withdrawal, dig inside for missing coins
|
||
if [ -n "${WID:-}" ]; then
|
||
dig_when_no_coins 2>/dev/null || true
|
||
fi
|
||
e2e_finish 1
|
||
exit 1
|
||
}
|
||
|
||
# Area e2e-### — withdraw + pay cycle
|
||
set_area e2e
|
||
section "e2e · prerequisites"
|
||
info "e2e budget" "${E2E_TIMEOUT}s (set E2E_TIMEOUT= to change)"
|
||
|
||
# Remote domains (not koopa): public path only, tiny amounts, abort on login/KYC
|
||
: "${E2E_REMOTE:=0}"
|
||
if [ "${LOCAL_STACK:-1}" != "1" ]; then
|
||
E2E_REMOTE=1
|
||
SKIP_SSH=1
|
||
E2E_FAKE_INCOMING=0
|
||
fi
|
||
|
||
# Currency for amounts / balance checks
|
||
CUR="${EXPECT_CURRENCY:-}"
|
||
if [ -z "$CUR" ]; then
|
||
CUR=$(curl -skS -m 8 "$BANK_PUBLIC/config" 2>/dev/null | python3 -c 'import sys,json
|
||
try: print(json.load(sys.stdin).get("currency") or "")
|
||
except Exception: print("")' 2>/dev/null || true)
|
||
fi
|
||
[ -z "$CUR" ] && CUR=$(curl -skS -m 8 "$EXCHANGE_PUBLIC/config" 2>/dev/null | python3 -c 'import sys,json
|
||
try: print(json.load(sys.stdin).get("currency") or "")
|
||
except Exception: print("")' 2>/dev/null || true)
|
||
[ -z "$CUR" ] && CUR="GOA"
|
||
|
||
# ---------------------------------------------------------------------------
|
||
# Variable amounts
|
||
# Withdraw = typical ATM notes only (Bankomat): 20 / 50 / 100 / 200 …
|
||
# Pay = several smaller purchase amounts
|
||
# Env:
|
||
# E2E_WITHDRAW_VALUES="20 50 100" # bare numbers → prefixed with CUR
|
||
# E2E_PAY_VALUES="0.01 0.05 0.5 1 2 5"
|
||
# E2E_VARIABLE=0 # single fixed WITHDRAW_AMT / PAY_AMT
|
||
# E2E_ATM_MAX=N # try at most N ATM withdraws (budget)
|
||
# ---------------------------------------------------------------------------
|
||
: "${E2E_VARIABLE:=1}"
|
||
: "${E2E_ATM_MAX:=4}"
|
||
if [ "$E2E_REMOTE" = "1" ]; then
|
||
# remote: still ATM-shaped but smaller notes; keep cheap
|
||
: "${E2E_WITHDRAW_VALUES:=10 20 50}"
|
||
: "${E2E_PAY_VALUES:=0.01 0.05 0.1 1}"
|
||
else
|
||
# local GOA: classic ATM denominations
|
||
: "${E2E_WITHDRAW_VALUES:=20 50 100 200}"
|
||
: "${E2E_PAY_VALUES:=0.01 0.05 0.1 0.5 1 2 5 10}"
|
||
fi
|
||
|
||
# Build CUR:amount lists
|
||
build_amt_list() {
|
||
local cur="$1"; shift
|
||
local v out=""
|
||
for v in "$@"; do
|
||
case "$v" in
|
||
*:*) out="${out}${out:+ }$v" ;;
|
||
*) out="${out}${out:+ }${cur}:${v}" ;;
|
||
esac
|
||
done
|
||
printf '%s' "$out"
|
||
}
|
||
# shellcheck disable=SC2086
|
||
WITHDRAW_LIST=$(build_amt_list "$CUR" $E2E_WITHDRAW_VALUES)
|
||
# shellcheck disable=SC2086
|
||
PAY_LIST=$(build_amt_list "$CUR" $E2E_PAY_VALUES)
|
||
|
||
if [ "$E2E_VARIABLE" != "1" ]; then
|
||
if [ "$E2E_REMOTE" = "1" ]; then
|
||
WITHDRAW_LIST="${WITHDRAW_AMT:-${CUR}:20}"
|
||
PAY_LIST="${PAY_AMT:-${CUR}:0.01}"
|
||
else
|
||
WITHDRAW_LIST="${WITHDRAW_AMT:-${CUR}:20}"
|
||
PAY_LIST="${PAY_AMT:-${CUR}:0.01}"
|
||
fi
|
||
fi
|
||
|
||
# Credit = sum of planned ATM withdraws + small buffer for fees
|
||
CREDIT_AMT=$(python3 -c '
|
||
import sys
|
||
cur=sys.argv[1]
|
||
vals=sys.argv[2].split()
|
||
s=0.0
|
||
for a in vals:
|
||
try: s += float(a.split(":",1)[-1])
|
||
except Exception: pass
|
||
buf = max(10.0, s * 0.05)
|
||
print("%s:%g" % (cur, s + buf))
|
||
' "$CUR" "$WITHDRAW_LIST" 2>/dev/null || echo "${CUR}:100")
|
||
|
||
# First withdraw/pay for legacy single-step labels
|
||
WITHDRAW_AMT=$(printf '%s' "$WITHDRAW_LIST" | awk '{print $1}')
|
||
PAY_AMT=$(printf '%s' "$PAY_LIST" | awk '{print $1}')
|
||
|
||
# More wall time when running ATM ladder
|
||
if [ "$E2E_VARIABLE" = "1" ]; then
|
||
n_w=$(printf '%s' "$WITHDRAW_LIST" | wc -w | tr -d ' ')
|
||
n_p=$(printf '%s' "$PAY_LIST" | wc -w | tr -d ' ')
|
||
need=$(( 40 + n_w * 35 + n_p * 20 ))
|
||
if [ "${E2E_TIMEOUT}" -lt "$need" ]; then
|
||
E2E_TIMEOUT=$need
|
||
fi
|
||
# cap ATM attempts
|
||
WITHDRAW_LIST=$(printf '%s' "$WITHDRAW_LIST" | tr ' ' '\n' | head -n "$E2E_ATM_MAX" | tr '\n' ' ' | sed 's/ *$//')
|
||
fi
|
||
|
||
BANK_HOST=$(python3 -c 'from urllib.parse import urlparse; print(urlparse("'"$BANK_PUBLIC"'").hostname or "bank")' 2>/dev/null || echo bank)
|
||
|
||
SCRATCH=$(mktemp -d)
|
||
WDB="$SCRATCH/wallet.sqlite3"
|
||
export PATH="/opt/homebrew/bin:/usr/local/bin:$PATH"
|
||
# Always dump balances on any exit (timeout, blocker, signal, success)
|
||
trap 'ec=$?; e2e_finish "$ec"; rm -rf "$SCRATCH"; exit "$ec"' EXIT
|
||
|
||
# Abort cleanly on login / KYC / registration barriers (esp. remote domains)
|
||
e2e_abort_auth() {
|
||
local step="$1" msg="$2"
|
||
warn "$step" "$msg"
|
||
blocker "$step" "abort (login/KYC): $msg"
|
||
section "e2e · report"
|
||
info "ABORTED" "login or KYC blocked further e2e — not retrying"
|
||
info "hint" "remote e2e needs open bank registration + credit path; set E2E_BANK_ADMIN_PASS / E2E_MERCHANT_TOKEN if you have them"
|
||
e2e_finish 1
|
||
exit 1
|
||
}
|
||
|
||
is_auth_kyc_body() {
|
||
# stdin or file arg: true if looks like login/KYC barrier
|
||
local f="${1:-}"
|
||
local t
|
||
if [ -n "$f" ] && [ -f "$f" ]; then t=$(head -c 800 "$f" 2>/dev/null || true)
|
||
else t=$(cat 2>/dev/null || true); fi
|
||
printf '%s' "$t" | grep -qiE 'kyc|legitim|login required|unauthorized|forbidden|captcha|challenge|tan_|not.?allowed|registration.?disabled|admin.?only|permission.?denied|401|403'
|
||
}
|
||
|
||
WALLET_CLI=$(find_wallet_cli) || {
|
||
blocker "prereq" "taler-wallet-cli not found (set WALLET_CLI=)"
|
||
exit 1
|
||
}
|
||
ok "wallet-cli ($WALLET_CLI)"
|
||
info "e2e mode" "$([ "$E2E_REMOTE" = "1" ] && echo "remote/public domain (no SSH)" || echo "local koopa stack")"
|
||
info "currency" "$CUR"
|
||
info "ATM withdraw ladder" "$WITHDRAW_LIST (credit $CREDIT_AMT)"
|
||
info "pay ladder" "$PAY_LIST"
|
||
info "e2e budget" "${E2E_TIMEOUT}s"
|
||
|
||
# Local stack: koopa secrets. Remote: only explicit env (never leak local passwords to foreign banks).
|
||
if [ "$E2E_REMOTE" = "1" ]; then
|
||
ADMIN_PASS="${E2E_BANK_ADMIN_PASS:-}"
|
||
MPW="${E2E_MERCHANT_TOKEN:-${MERCHANT_TOKEN:-}}"
|
||
else
|
||
ADMIN_PASS="${E2E_BANK_ADMIN_PASS:-$(read_secret "taler-bank/bank-admin-password.txt" || true)}"
|
||
MPW="${E2E_MERCHANT_TOKEN:-${MERCHANT_TOKEN:-$(read_secret "taler-merchant/merchant-goa-demo-cp4zqk-password.txt" || true)}}"
|
||
fi
|
||
if [ -n "$ADMIN_PASS" ]; then
|
||
ok "bank admin secret"
|
||
elif [ "$E2E_REMOTE" = "1" ]; then
|
||
warn "bank admin secret" "missing — will try public registration only"
|
||
else
|
||
blocker "prereq" "bank admin password missing (SECRETS_ROOT or koopa /root)"
|
||
exit 1
|
||
fi
|
||
if [ -n "$MPW" ]; then
|
||
ok "merchant secret (instance ${MERCHANT_INSTANCE})"
|
||
elif [ "$E2E_REMOTE" = "1" ]; then
|
||
warn "merchant secret" "missing — order create may fail (set E2E_MERCHANT_TOKEN)"
|
||
else
|
||
blocker "prereq" "merchant instance password missing"
|
||
exit 1
|
||
fi
|
||
|
||
# Public reachability gates (remote: soft-skip if bank/merchant absent)
|
||
for pair in \
|
||
"bank|$BANK_PUBLIC/config" \
|
||
"exchange|$EXCHANGE_PUBLIC/config" \
|
||
"exchange-keys|$EXCHANGE_PUBLIC/keys" \
|
||
"bank-integration|$BANK_PUBLIC/taler-integration/config" \
|
||
"merchant|$MERCHANT_PUBLIC/config"
|
||
do
|
||
IFS='|' read -r name url <<<"$pair"
|
||
code=$(http_code "$url")
|
||
if [ "$code" = "200" ]; then
|
||
ok "reachable $name"
|
||
else
|
||
if [ "$E2E_REMOTE" = "1" ] && [[ "$name" == bank* || "$name" == merchant ]]; then
|
||
warn "reachable $name" "HTTP $code — e2e may abort"
|
||
else
|
||
blocker "prereq" "$name HTTP $code ($url) — cannot start payment cycle"
|
||
fi
|
||
fi
|
||
done
|
||
# Remote: need at least bank+exchange+merchant for a full cycle
|
||
if [ "$E2E_REMOTE" = "1" ]; then
|
||
bc=$(http_code "$BANK_PUBLIC/config")
|
||
ec=$(http_code "$EXCHANGE_PUBLIC/config")
|
||
mc=$(http_code "$MERCHANT_PUBLIC/config")
|
||
if [ "$bc" != "200" ] || [ "$ec" != "200" ]; then
|
||
e2e_abort_auth "prereq" "bank/exchange not publicly usable (bank=$bc exchange=$ec) — skip e2e"
|
||
fi
|
||
if [ "$mc" != "200" ]; then
|
||
warn "prereq" "merchant HTTP $mc — will try withdraw only if possible"
|
||
fi
|
||
fi
|
||
if [ "${#BLOCKERS[@]}" -gt 0 ]; then
|
||
exit 1
|
||
fi
|
||
|
||
USER="mon$(date +%s | tail -c 6)"
|
||
USER_PW=$(python3 -c 'import secrets;print(secrets.token_urlsafe(10))')
|
||
info "e2e user" "$USER withdraw=$WITHDRAW_AMT pay=$PAY_AMT"
|
||
BANK="$BANK_PUBLIC"
|
||
INST="$MERCHANT_INSTANCE"
|
||
|
||
# $1 = max seconds for this call (optional); rest = wallet-cli args
|
||
wcli() {
|
||
local maxc=12
|
||
if [[ "${1:-}" =~ ^[0-9]+$ ]]; then
|
||
maxc=$1
|
||
shift
|
||
fi
|
||
e2e_over && return 124
|
||
local cap
|
||
cap=$(e2e_left)
|
||
[ "$cap" -gt "$maxc" ] && cap=$maxc
|
||
[ "$cap" -lt 3 ] && return 124
|
||
if command -v perl >/dev/null 2>&1; then
|
||
perl -e 'alarm shift; exec @ARGV' "$cap" \
|
||
node "$WALLET_CLI" --wallet-db="$WDB" --no-throttle --skip-defaults "$@"
|
||
else
|
||
node "$WALLET_CLI" --wallet-db="$WDB" --no-throttle --skip-defaults "$@"
|
||
fi
|
||
}
|
||
|
||
# Pay must not be starved: use reserved seconds even if global budget is tight
|
||
wcli_pay() {
|
||
local cap=$E2E_PAY_SECS
|
||
local left
|
||
left=$(e2e_left)
|
||
if [ "$left" -gt "$cap" ]; then
|
||
cap=$E2E_PAY_SECS
|
||
elif [ "$left" -ge 8 ]; then
|
||
cap=$left
|
||
else
|
||
# still try once with floor 12s so Alarm clock is not the blocker
|
||
cap=12
|
||
fi
|
||
info "pay wallet cap" "${cap}s"
|
||
if command -v perl >/dev/null 2>&1; then
|
||
perl -e 'alarm shift; exec @ARGV' "$cap" \
|
||
node "$WALLET_CLI" --wallet-db="$WDB" --no-throttle --skip-defaults "$@"
|
||
else
|
||
node "$WALLET_CLI" --wallet-db="$WDB" --no-throttle --skip-defaults "$@"
|
||
fi
|
||
}
|
||
|
||
# When coins never become available: run inside + targeted bank/exchange dig
|
||
dig_when_no_coins() {
|
||
section "e2e · coins missing — inside dig"
|
||
info "reason" "wallet empty after withdraw path (often wirewatch timing) — probing bank + exchange"
|
||
if [ -n "${WID:-}" ]; then
|
||
curl -sS -m 6 -o "$SCRATCH/wd-dig.json" \
|
||
"$BANK_PUBLIC/taler-integration/withdrawal-operation/${WID}" 2>/dev/null || true
|
||
info "backend withdrawal-operation" "$(python3 -c '
|
||
import json
|
||
try:
|
||
d=json.load(open("'"$SCRATCH"'/wd-dig.json"))
|
||
print("status=%s transfer_done=%s selection_done=%s amount=%s reserve=%s" % (
|
||
d.get("status"), d.get("transfer_done"), d.get("selection_done"),
|
||
d.get("amount"), (d.get("selected_reserve_pub") or "-")[:24]))
|
||
except Exception as e:
|
||
print("unreadable", e)
|
||
' 2>/dev/null)"
|
||
fi
|
||
# Full component inside report (capped SSH; ignore its exit)
|
||
if [ "${SKIP_SSH}" != "1" ] && [ -x "$ROOT/check_inside.sh" ]; then
|
||
info "inside" "running check_inside.sh …"
|
||
# subshell so its PASS_N/FAIL_N/summary don't poison ours; still print to stdout
|
||
(
|
||
# shellcheck disable=SC2030
|
||
"$ROOT/check_inside.sh" || true
|
||
) || true
|
||
else
|
||
warn "inside" "skipped (SKIP_SSH=1 or check_inside.sh missing)"
|
||
fi
|
||
# Extra targeted: wirewatch + recent journal + bank→exchange path
|
||
if koopa_ssh_ok; then
|
||
section "e2e · coins missing — exchange/bank focus"
|
||
DIG=$(koopa_ssh_bash 15 <<'REMOTE' || true
|
||
set +e
|
||
emit() { printf 'D|%s|%s\n' "$1" "$(printf '%s' "$2" | tr '\n' ' ' | head -c 220)"; }
|
||
EX=$(podman ps --format '{{.Names}}' | grep -i exchange | head -1)
|
||
BANK=$(podman ps --format '{{.Names}}' | grep -iE 'hacktivism-bank|taler-bank' | head -1)
|
||
[ -z "$BANK" ] && BANK=$(podman ps --format '{{.Names}}' | grep -i bank | head -1)
|
||
if [ -n "$EX" ]; then
|
||
podman exec "$EX" pgrep -af taler-exchange-wirewatch 2>/dev/null | head -1 | \
|
||
{ read -r l; [ -n "$l" ] && emit OK "wirewatch: $l" || emit ERROR "wirewatch not running"; }
|
||
podman exec "$EX" pgrep -af taler-exchange-transfer 2>/dev/null | head -1 | \
|
||
{ read -r l; [ -n "$l" ] && emit OK "transfer: $l" || emit WARN "transfer not running"; }
|
||
podman exec "$EX" pgrep -af taler-exchange-aggregator 2>/dev/null | head -1 | \
|
||
{ read -r l; [ -n "$l" ] && emit OK "aggregator: $l" || emit WARN "aggregator not running"; }
|
||
# last wirewatch log lines if journal available
|
||
j=$(podman exec "$EX" bash -c 'journalctl -u "taler-exchange-wirewatch*" -n 8 --no-pager 2>/dev/null | tail -5' 2>/dev/null | tr '\n' ';' | head -c 280)
|
||
[ -n "$j" ] && emit INFO "wirewatch journal: $j"
|
||
# reserve lookup via exchange if tools exist (best-effort)
|
||
c=$(curl -sS -m 3 -o /dev/null -w '%{http_code}' http://127.0.0.1:9011/keys 2>/dev/null || echo 000)
|
||
emit INFO "exchange /keys HTTP $c"
|
||
else
|
||
emit ERROR "no exchange container"
|
||
fi
|
||
if [ -n "$BANK" ]; then
|
||
podman exec "$BANK" pgrep -af 'MainKt serve|libeufin-bank serve' 2>/dev/null | head -1 | \
|
||
{ read -r l; [ -n "$l" ] && emit OK "libeufin: $l" || emit ERROR "libeufin not running"; }
|
||
c=$(curl -sS -m 3 -o /dev/null -w '%{http_code}' http://127.0.0.1:9012/taler-integration/config 2>/dev/null || echo 000)
|
||
emit INFO "bank integration /config HTTP $c"
|
||
else
|
||
emit ERROR "no bank container"
|
||
fi
|
||
REMOTE
|
||
)
|
||
while IFS= read -r line; do
|
||
case "$line" in
|
||
D\|*)
|
||
IFS="|" read -r _ lvl msg <<<"$line"
|
||
case "$lvl" in
|
||
OK) ok "dig $msg" ;;
|
||
ERROR) err "dig" "$msg" ;;
|
||
WARN) warn "dig" "$msg" ;;
|
||
INFO) info "dig" "$msg" ;;
|
||
esac
|
||
;;
|
||
esac
|
||
done <<<"$DIG"
|
||
fi
|
||
}
|
||
|
||
# Baseline wallet balance (empty DB) — always shown even if we abort later
|
||
wcli_bal_snap "$SCRATCH/bal-before.out" || true
|
||
BAL_BEFORE=$(fmt_bal "$SCRATCH/bal-before.out")
|
||
info "BALANCE before" "$BAL_BEFORE"
|
||
|
||
# ---------------------------------------------------------------------------
|
||
section "e2e · bank (account · credit · withdraw)"
|
||
# ---------------------------------------------------------------------------
|
||
AT=""
|
||
if [ -n "${ADMIN_PASS:-}" ]; then
|
||
AT=$(curl -sS -m 15 -u "admin:${ADMIN_PASS}" -H 'Content-Type: application/json' \
|
||
-d '{"scope":"readwrite"}' \
|
||
"$BANK/accounts/admin/token" 2>"$SCRATCH/at.err" | python3 -c 'import sys,json;print(json.load(sys.stdin).get("access_token",""))' 2>/dev/null || true)
|
||
fi
|
||
if [ -n "$AT" ]; then
|
||
ok "admin token"
|
||
elif [ "$E2E_REMOTE" = "1" ]; then
|
||
warn "admin token" "unavailable — trying open registration"
|
||
else
|
||
if is_auth_kyc_body "$SCRATCH/at.err"; then
|
||
e2e_abort_auth "bank-auth" "admin login blocked (KYC/auth) — $(head -c 80 "$SCRATCH/at.err" 2>/dev/null)"
|
||
fi
|
||
blocker "bank-auth" "admin token failed — check admin password / bank up ($(head -c 80 "$SCRATCH/at.err" 2>/dev/null))"
|
||
exit 1
|
||
fi
|
||
|
||
# Create account: with admin bearer if we have it, else unauthenticated registration (demo banks)
|
||
if [ -n "$AT" ]; then
|
||
code=$(curl -sS -m 15 -o "$SCRATCH/acc.json" -w '%{http_code}' -X POST \
|
||
-H "Authorization: Bearer $AT" -H 'Content-Type: application/json' \
|
||
-d "{\"username\":\"${USER}\",\"password\":\"${USER_PW}\",\"name\":\"Monitoring\",\"is_public\":false,\"is_taler_exchange\":false,\"debit_threshold\":\"${CUR}:1000\"}" \
|
||
"$BANK/accounts")
|
||
else
|
||
code=$(curl -sS -m 15 -o "$SCRATCH/acc.json" -w '%{http_code}' -X POST \
|
||
-H 'Content-Type: application/json' \
|
||
-d "{\"username\":\"${USER}\",\"password\":\"${USER_PW}\",\"name\":\"Monitoring\",\"is_public\":false,\"is_taler_exchange\":false,\"debit_threshold\":\"${CUR}:1000\"}" \
|
||
"$BANK/accounts")
|
||
fi
|
||
if [ "$code" = "200" ] || [ "$code" = "201" ]; then
|
||
ok "create account $USER"
|
||
elif [ "$code" = "401" ] || [ "$code" = "403" ] || is_auth_kyc_body "$SCRATCH/acc.json"; then
|
||
e2e_abort_auth "bank-account" "registration/login blocked HTTP $code — $(head -c 100 "$SCRATCH/acc.json" | tr '\n' ' ')"
|
||
else
|
||
if [ "$E2E_REMOTE" = "1" ]; then
|
||
e2e_abort_auth "bank-account" "POST /accounts HTTP $code — cannot open account on this domain"
|
||
fi
|
||
blocker "bank-account" "POST /accounts HTTP $code — $(head -c 100 "$SCRATCH/acc.json" | tr '\n' ' ')"
|
||
exit 1
|
||
fi
|
||
|
||
if [ -n "$AT" ]; then
|
||
export USER_NAME="$USER" CREDIT_AMT="$CREDIT_AMT" OUT="$SCRATCH/credit.json" BANK_HOST="$BANK_HOST"
|
||
python3 - <<'PY'
|
||
import json, os
|
||
ALPH = "0123456789ABCDEFGHJKMNPQRSTVWXYZ"
|
||
def crock32(b):
|
||
bits = val = 0; o = []
|
||
for byte in b:
|
||
val = (val << 8) | byte; bits += 8
|
||
while bits >= 5:
|
||
bits -= 5; o.append(ALPH[(val >> bits) & 31])
|
||
if bits: o.append(ALPH[(val << (5 - bits)) & 31])
|
||
return "".join(o)
|
||
uid = crock32(os.urandom(32))
|
||
user = os.environ["USER_NAME"]
|
||
host = os.environ.get("BANK_HOST") or "bank"
|
||
json.dump({
|
||
"payto_uri": f"payto://x-taler-bank/{host}/{user}?receiver-name={user}&message=mon",
|
||
"amount": os.environ["CREDIT_AMT"],
|
||
"request_uid": uid,
|
||
}, open(os.environ["OUT"], "w"))
|
||
PY
|
||
curl -sS -m 15 -o "$SCRATCH/credit.out" -H "Authorization: Bearer $AT" \
|
||
-H 'Content-Type: application/json' -d @"$SCRATCH/credit.json" \
|
||
"$BANK/accounts/admin/transactions" >/dev/null || true
|
||
if grep -q row_id "$SCRATCH/credit.out" 2>/dev/null; then
|
||
ok "credit $CREDIT_AMT → $USER"
|
||
else
|
||
if is_auth_kyc_body "$SCRATCH/credit.out"; then
|
||
e2e_abort_auth "bank-credit" "admin credit blocked (KYC/auth)"
|
||
fi
|
||
if [ "$E2E_REMOTE" = "1" ]; then
|
||
e2e_abort_auth "bank-credit" "admin transfer failed — no credit path on remote ($(head -c 80 "$SCRATCH/credit.out" | tr '\n' ' '))"
|
||
fi
|
||
blocker "bank-credit" "admin transfer failed — $(head -c 100 "$SCRATCH/credit.out" | tr '\n' ' ')"
|
||
exit 1
|
||
fi
|
||
else
|
||
# No admin: remote demo may start funded or require cash-in — try withdraw later; warn
|
||
warn "bank-credit" "skipped (no admin) — withdraw may fail without balance"
|
||
fi
|
||
|
||
UT=$(curl -sS -m 15 -u "${USER}:${USER_PW}" -H 'Content-Type: application/json' \
|
||
-d '{"scope":"readwrite"}' \
|
||
"$BANK/accounts/${USER}/token" 2>"$SCRATCH/ut.err" | python3 -c 'import sys,json;print(json.load(sys.stdin).get("access_token",""))' 2>/dev/null || true)
|
||
if [ -n "$UT" ]; then
|
||
ok "user token"
|
||
elif is_auth_kyc_body "$SCRATCH/ut.err" || is_auth_kyc_body /dev/null; then
|
||
e2e_abort_auth "bank-auth" "user token failed (login/KYC) for $USER"
|
||
else
|
||
e2e_abort_auth "bank-auth" "user token failed for $USER — $(head -c 80 "$SCRATCH/ut.err" 2>/dev/null)"
|
||
fi
|
||
|
||
# ---------------------------------------------------------------------------
|
||
section "e2e · wallet setup (exchange + ToS once)"
|
||
# ---------------------------------------------------------------------------
|
||
if ! wcli exchanges add "${EXCHANGE_PUBLIC}/" >"$SCRATCH/ex-add.out" 2>&1; then
|
||
if ! grep -qiE 'already|ok' "$SCRATCH/ex-add.out"; then
|
||
blocker "wallet-exchange" "exchanges add failed — $(tail -c 160 "$SCRATCH/ex-add.out" | tr '\n' ' ')"
|
||
else
|
||
ok "wallet exchange known"
|
||
fi
|
||
else
|
||
ok "wallet add exchange"
|
||
fi
|
||
wcli exchanges update "${EXCHANGE_PUBLIC}/" >"$SCRATCH/ex-up.out" 2>&1 || true
|
||
if wcli exchanges accept-tos "${EXCHANGE_PUBLIC}/" >"$SCRATCH/ex-tos.out" 2>&1; then
|
||
ok "wallet accept ToS"
|
||
else
|
||
if grep -qiE 'pending|tos|terms' "$SCRATCH/ex-tos.out"; then
|
||
blocker "wallet-tos" "accept-tos failed — wallet may refuse withdraw ($(tail -c 120 "$SCRATCH/ex-tos.out" | tr '\n' ' '))"
|
||
else
|
||
warn "wallet accept ToS" "$(tail -c 80 "$SCRATCH/ex-tos.out" | tr '\n' ' ')"
|
||
fi
|
||
fi
|
||
|
||
wd_status() {
|
||
curl -sS -m 8 -o "$SCRATCH/wd-st.json" -w '' \
|
||
"$BANK/taler-integration/withdrawal-operation/${WID}" 2>/dev/null || true
|
||
python3 -c 'import json;d=json.load(open("'"$SCRATCH"'/wd-st.json"));print(d.get("status",""))' 2>/dev/null || true
|
||
}
|
||
wd_status_detail() {
|
||
python3 -c 'import json;d=json.load(open("'"$SCRATCH"'/wd-st.json"))
|
||
print("status=%s reserve=%s exchange=%s" % (
|
||
d.get("status"),
|
||
(d.get("selected_reserve_pub") or "-")[:20],
|
||
(d.get("selected_exchange") or d.get("selected_exchange_account") or "-")[:60],
|
||
))' 2>/dev/null || echo "(no status body)"
|
||
}
|
||
|
||
fake_incoming_speedup() {
|
||
[ "${E2E_FAKE_INCOMING}" = "1" ] || return 0
|
||
st=$(wd_status)
|
||
RPUB=$(python3 -c 'import json;d=json.load(open("'"$SCRATCH"'/wd-st.json"));print(d.get("selected_reserve_pub") or "")' 2>/dev/null || true)
|
||
AMT=$(python3 -c 'import json;d=json.load(open("'"$SCRATCH"'/wd-st.json"));print(d.get("amount") or "'"$WITHDRAW_AMT"'")' 2>/dev/null || echo "$WITHDRAW_AMT")
|
||
DEBIT=$(python3 -c 'import json;d=json.load(open("'"$SCRATCH"'/wd-st.json"));print(d.get("sender_wire") or "")' 2>/dev/null || true)
|
||
[ -z "$DEBIT" ] && DEBIT="payto://x-taler-bank/${BANK_HOST}/${USER}?receiver-name=${USER}"
|
||
[ -z "$RPUB" ] && return 0
|
||
[ -z "${AT:-}" ] && return 0
|
||
WG="${BANK}/accounts/exchange/taler-wire-gateway/admin/add-incoming"
|
||
curl -sS -m 10 -o "$SCRATCH/fake-in.json" -w '%{http_code}' -X POST \
|
||
-H "Authorization: Bearer $AT" -H 'Content-Type: application/json' \
|
||
-d "{\"amount\":\"${AMT}\",\"reserve_pub\":\"${RPUB}\",\"debit_account\":\"${DEBIT}\"}" \
|
||
"$WG" >/dev/null || true
|
||
if [ "$E2E_REMOTE" != "1" ] && koopa_ssh_ok; then
|
||
koopa_ssh_run 22 \
|
||
'podman exec taler-hacktivism-exchange-ansible bash -c "runuser -u taler-exchange-wire -- timeout 15 taler-exchange-wirewatch -c /etc/taler-exchange/taler-exchange.conf -t -L INFO 2>&1 | tail -5"' \
|
||
>/dev/null 2>&1 || true
|
||
fi
|
||
}
|
||
|
||
# One ATM-style withdraw: create → accept → select → confirm → settle
|
||
# returns 0 on wallet balance increase, 1 on soft fail (ladder continues)
|
||
e2e_one_withdraw() {
|
||
WITHDRAW_AMT="$1"
|
||
local tag
|
||
tag=$(printf '%s' "$WITHDRAW_AMT" | tr '.:' '__')
|
||
section "e2e · ATM withdraw $WITHDRAW_AMT"
|
||
e2e_over && { warn "ATM withdraw" "budget exhausted — skip $WITHDRAW_AMT"; return 1; }
|
||
|
||
curl -sS -m 15 -o "$SCRATCH/wd-$tag.json" -H "Authorization: Bearer $UT" \
|
||
-H 'Content-Type: application/json' \
|
||
-d "{\"amount\":\"${WITHDRAW_AMT}\",\"exchange_url\":\"${EXCHANGE_PUBLIC}/\"}" \
|
||
"$BANK/accounts/${USER}/withdrawals"
|
||
WID=$(python3 -c 'import json;d=json.load(open("'"$SCRATCH"'/wd-'"$tag"'.json"));print(d.get("withdrawal_id") or d.get("id") or "")' 2>/dev/null || true)
|
||
URI=$(python3 -c 'import json;d=json.load(open("'"$SCRATCH"'/wd-'"$tag"'.json"));print(d.get("taler_withdraw_uri") or "")' 2>/dev/null || true)
|
||
URI_CLEAN=$(python3 -c 'import json;u=json.load(open("'"$SCRATCH"'/wd-'"$tag"'.json")).get("taler_withdraw_uri") or "";print(u.replace(":443/","/"))' 2>/dev/null || true)
|
||
if [ -z "$WID" ] || [ -z "$URI_CLEAN" ]; then
|
||
warn "ATM withdraw $WITHDRAW_AMT" "create failed — $(head -c 80 "$SCRATCH/wd-$tag.json" | tr '\n' ' ')"
|
||
return 1
|
||
fi
|
||
ok "ATM withdrawal created $WITHDRAW_AMT ($WID)"
|
||
cp "$SCRATCH/wd-$tag.json" "$SCRATCH/wd.json"
|
||
|
||
USE_URI="$URI"
|
||
[ -z "$USE_URI" ] && USE_URI="$URI_CLEAN"
|
||
if wcli withdraw accept-uri --exchange "${EXCHANGE_PUBLIC}/" "$USE_URI" >"$SCRATCH/accept-$tag.out" 2>&1; then
|
||
ok "wallet accept $WITHDRAW_AMT"
|
||
elif [ "$USE_URI" != "$URI_CLEAN" ] && [ -n "$URI_CLEAN" ] \
|
||
&& wcli withdraw accept-uri --exchange "${EXCHANGE_PUBLIC}/" "$URI_CLEAN" >"$SCRATCH/accept-$tag.out" 2>&1; then
|
||
ok "wallet accept $WITHDRAW_AMT (no :443)"
|
||
else
|
||
warn "ATM withdraw $WITHDRAW_AMT" "accept-uri failed — $(tail -c 100 "$SCRATCH/accept-$tag.out" | tr '\n' ' ')"
|
||
return 1
|
||
fi
|
||
cp "$SCRATCH/accept-$tag.out" "$SCRATCH/accept.out"
|
||
|
||
st=""
|
||
for i in 1 2 3 4; do
|
||
e2e_over && break
|
||
wcli run-until-done >"$SCRATCH/sel-$tag-$i.out" 2>&1 || true
|
||
st=$(wd_status)
|
||
case "$st" in selected|confirmed|aborted) break ;; esac
|
||
done
|
||
if [ "$st" != "selected" ] && [ "$st" != "confirmed" ]; then
|
||
wcli transactions >"$SCRATCH/tx-pre.json" 2>&1 || true
|
||
RPUB=$(python3 -c '
|
||
import re
|
||
t=open("'"$SCRATCH"'/accept.out").read()+open("'"$SCRATCH"'/tx-pre.json").read()
|
||
m=re.search(r"reserve[_ ]?pub[\"=: ]+([A-Z0-9]{40,})", t, re.I)
|
||
if not m: m=re.search(r"\"reservePub\"\s*:\s*\"([^\"]+)\"", t)
|
||
print(m.group(1) if m else "")
|
||
' 2>/dev/null || true)
|
||
EPAYTO=$(curl -sS -m 12 "$EXCHANGE_PUBLIC/keys" 2>/dev/null | python3 -c '
|
||
import json,sys
|
||
d=json.load(sys.stdin)
|
||
acc=d.get("accounts") or []
|
||
for a in acc:
|
||
p=a.get("payto_uri") or a.get("payto_address") or ""
|
||
if "x-taler-bank" in p or "exchange" in p:
|
||
print(p); break
|
||
else:
|
||
if acc: print(acc[0].get("payto_uri") or "")
|
||
' 2>/dev/null || true)
|
||
if [ -n "$RPUB" ] && [ -n "$EPAYTO" ]; then
|
||
curl -sS -m 12 -o "$SCRATCH/sel.json" -X POST \
|
||
-H 'Content-Type: application/json' \
|
||
-d "{\"reserve_pub\":\"$RPUB\",\"selected_exchange\":\"$EPAYTO\"}" \
|
||
"$BANK/taler-integration/withdrawal-operation/${WID}" >/dev/null || true
|
||
st=$(wd_status)
|
||
fi
|
||
fi
|
||
if [ "$st" != "selected" ] && [ "$st" != "confirmed" ]; then
|
||
warn "ATM withdraw $WITHDRAW_AMT" "not selected (status=${st:-?})"
|
||
return 1
|
||
fi
|
||
if [ "$st" != "confirmed" ]; then
|
||
code=$(curl -sS -m 15 -o "$SCRATCH/conf-$tag.json" -w '%{http_code}' -X POST \
|
||
-H "Authorization: Bearer $UT" -H 'Content-Type: application/json' -d '{}' \
|
||
"$BANK/accounts/${USER}/withdrawals/${WID}/confirm")
|
||
case "$code" in
|
||
200|204) ok "bank confirm $WITHDRAW_AMT" ;;
|
||
*) warn "ATM withdraw $WITHDRAW_AMT" "confirm HTTP $code"; return 1 ;;
|
||
esac
|
||
fi
|
||
fake_incoming_speedup
|
||
|
||
# Short per-ATM poll; full settle wait happens after the ladder (avoids false FAIL)
|
||
local ok_bal=0 r av
|
||
for r in 1 2 3 4 5 6; do
|
||
wcli run-until-done >"$SCRATCH/run-$tag-$r.out" 2>&1 || true
|
||
wcli_bal_snap "$SCRATCH/bal-$tag.out" || wcli balance >"$SCRATCH/bal-$tag.out" 2>&1 || true
|
||
av=$(wallet_avail_num "$SCRATCH/bal-$tag.out")
|
||
if python3 -c "import sys; sys.exit(0 if float(sys.argv[1]) > 0 else 1)" "$av" 2>/dev/null; then
|
||
ok_bal=1
|
||
ok "wallet funded after ATM $WITHDRAW_AMT" "avail=${CUR}:${av}"
|
||
info "balance" "$(fmt_bal "$SCRATCH/bal-$tag.out")"
|
||
break
|
||
fi
|
||
sleep 2
|
||
done
|
||
if [ "$ok_bal" = "1" ]; then
|
||
return 0
|
||
fi
|
||
# Bank side often already confirmed — treat as timing lag, not hard fail
|
||
st=$(wd_status)
|
||
if [ "$st" = "confirmed" ]; then
|
||
warn "ATM withdraw $WITHDRAW_AMT" "bank confirmed; wallet not funded yet (settlement timing — will recheck later)"
|
||
return 2
|
||
fi
|
||
warn "ATM withdraw $WITHDRAW_AMT" "no wallet balance yet (status=${st:-?})"
|
||
return 1
|
||
}
|
||
|
||
# One variable payment amount
|
||
e2e_one_pay() {
|
||
PAY_AMT="$1"
|
||
local tag
|
||
tag=$(printf '%s' "$PAY_AMT" | tr '.:' '__')
|
||
section "e2e · pay $PAY_AMT"
|
||
e2e_over && { warn "pay" "budget exhausted — skip $PAY_AMT"; return 1; }
|
||
if [ -z "${MPW:-}" ]; then
|
||
warn "pay $PAY_AMT" "no merchant token"
|
||
return 1
|
||
fi
|
||
AUTH="Authorization: Bearer secret-token:${MPW}"
|
||
curl -skS -m 15 -o "$SCRATCH/ord-$tag.json" -X POST \
|
||
-H "$AUTH" -H 'Content-Type: application/json' \
|
||
-d "{\"order\":{\"summary\":\"monitoring pay ${PAY_AMT}\",\"amount\":\"${PAY_AMT}\",\"fulfillment_message\":\"ok\"},\"create_token\":true}" \
|
||
"${MERCHANT_PUBLIC}/instances/${INST}/private/orders" 2>"$SCRATCH/ord-$tag.err" || true
|
||
if ! grep -q order_id "$SCRATCH/ord-$tag.json" 2>/dev/null; then
|
||
if [ "$E2E_REMOTE" != "1" ] && koopa_ssh_ok; then
|
||
koopa_ssh_run 20 \
|
||
"curl -skS -m 12 -X POST -H 'Authorization: Bearer secret-token:${MPW}' -H 'Content-Type: application/json' -d '{\"order\":{\"summary\":\"monitoring pay\",\"amount\":\"${PAY_AMT}\",\"fulfillment_message\":\"ok\"},\"create_token\":true}' 'https://127.0.0.1:9010/instances/${INST}/private/orders'" \
|
||
>"$SCRATCH/ord-$tag.json" 2>"$SCRATCH/ord-$tag.err" || true
|
||
fi
|
||
fi
|
||
OID=$(python3 -c 'import json,re,sys;t=open(sys.argv[1]).read()
|
||
try: print(json.loads(t).get("order_id") or "")
|
||
except Exception:
|
||
m=re.search(r"\"order_id\"\s*:\s*\"([^\"]+)\"",t); print(m.group(1) if m else "")
|
||
' "$SCRATCH/ord-$tag.json" 2>/dev/null || true)
|
||
OTOK=$(python3 -c 'import json,re,sys;t=open(sys.argv[1]).read()
|
||
try: print(json.loads(t).get("token") or "")
|
||
except Exception:
|
||
m=re.search(r"\"token\"\s*:\s*\"([^\"]+)\"",t); print(m.group(1) if m else "")
|
||
' "$SCRATCH/ord-$tag.json" 2>/dev/null || true)
|
||
if [ -z "$OID" ]; then
|
||
if is_auth_kyc_body "$SCRATCH/ord-$tag.json"; then
|
||
e2e_abort_auth "merchant-order" "merchant auth/KYC on pay $PAY_AMT"
|
||
fi
|
||
warn "pay $PAY_AMT" "order create failed — $(head -c 80 "$SCRATCH/ord-$tag.json" | tr '\n' ' ')"
|
||
return 1
|
||
fi
|
||
ok "merchant order $OID ($PAY_AMT)"
|
||
curl -skS -m 12 -o "$SCRATCH/ord-det-$tag.json" -H "$AUTH" \
|
||
"${MERCHANT_PUBLIC}/instances/${INST}/private/orders/${OID}" 2>/dev/null || true
|
||
PAYURI=$(python3 -c 'import json,sys
|
||
try: print(json.load(open(sys.argv[1])).get("taler_pay_uri") or "")
|
||
except Exception: print("")
|
||
' "$SCRATCH/ord-det-$tag.json" 2>/dev/null || true)
|
||
if [ -z "$PAYURI" ] && [ -n "$OTOK" ]; then
|
||
MH=$(python3 -c 'from urllib.parse import urlparse; print(urlparse("'"$MERCHANT_PUBLIC"'").hostname or "taler.hacktivism.ch")' 2>/dev/null || echo "taler.hacktivism.ch")
|
||
PAYURI="taler://pay/${MH}/instances/${INST}/${OID}/?c=${OTOK}"
|
||
fi
|
||
if [ -z "$PAYURI" ]; then
|
||
warn "pay $PAY_AMT" "no pay URI for $OID"
|
||
return 1
|
||
fi
|
||
if ! wcli_pay handle-uri --yes "$PAYURI" >"$SCRATCH/pay-$tag.out" 2>&1; then
|
||
warn "pay $PAY_AMT" "handle-uri failed — $(tail -c 100 "$SCRATCH/pay-$tag.out" | tr '\n' ' ')"
|
||
return 1
|
||
fi
|
||
ok "wallet handle pay $PAY_AMT"
|
||
local r
|
||
for r in 1 2 3; do
|
||
wcli_pay run-until-done >"$SCRATCH/pay-run-$tag.out" 2>&1 || true
|
||
wcli_pay transactions >"$SCRATCH/tx-$tag.out" 2>&1 || true
|
||
curl -skS -m 8 -o "$SCRATCH/ord-paid-$tag.json" -H "$AUTH" \
|
||
"${MERCHANT_PUBLIC}/instances/${INST}/private/orders/${OID}" 2>/dev/null || true
|
||
if grep -qiE 'payment|paid|Payment' "$SCRATCH/tx-$tag.out" 2>/dev/null \
|
||
|| grep -qiE 'done|paid|success|Payment' "$SCRATCH/pay-$tag.out" 2>/dev/null \
|
||
|| python3 -c 'import json,sys
|
||
d=json.load(open(sys.argv[1]))
|
||
sys.exit(0 if d.get("paid") is True or str(d.get("order_status","")).lower()=="paid" else 1)
|
||
' "$SCRATCH/ord-paid-$tag.json" 2>/dev/null; then
|
||
ok "payment settled $PAY_AMT (order $OID)"
|
||
return 0
|
||
fi
|
||
done
|
||
warn "pay $PAY_AMT" "not settled for order $OID"
|
||
return 1
|
||
}
|
||
|
||
# ---------------------------------------------------------------------------
|
||
section "e2e · ATM withdraw ladder"
|
||
# ---------------------------------------------------------------------------
|
||
WITHDRAW_OK=0
|
||
WITHDRAW_OK_N=0
|
||
WITHDRAW_LAG_N=0
|
||
WITHDRAW_FAIL_N=0
|
||
WITHDRAW_REPORT=""
|
||
for WITHDRAW_AMT in $WITHDRAW_LIST; do
|
||
e2e_over && { warn "ATM ladder" "time budget low — stopping more ATM withdraws (not a protocol error)"; break; }
|
||
set +e
|
||
e2e_one_withdraw "$WITHDRAW_AMT"
|
||
wc=$?
|
||
set -e
|
||
case "$wc" in
|
||
0)
|
||
WITHDRAW_OK=1
|
||
WITHDRAW_OK_N=$((WITHDRAW_OK_N + 1))
|
||
WITHDRAW_REPORT="${WITHDRAW_REPORT}${WITHDRAW_REPORT:+ }${WITHDRAW_AMT}=OK"
|
||
;;
|
||
2)
|
||
WITHDRAW_LAG_N=$((WITHDRAW_LAG_N + 1))
|
||
WITHDRAW_REPORT="${WITHDRAW_REPORT}${WITHDRAW_REPORT:+ }${WITHDRAW_AMT}=LAG"
|
||
;;
|
||
*)
|
||
WITHDRAW_FAIL_N=$((WITHDRAW_FAIL_N + 1))
|
||
WITHDRAW_REPORT="${WITHDRAW_REPORT}${WITHDRAW_REPORT:+ }${WITHDRAW_AMT}=FAIL"
|
||
;;
|
||
esac
|
||
done
|
||
info "ATM withdraw summary" "$WITHDRAW_REPORT (ok=$WITHDRAW_OK_N lag=$WITHDRAW_LAG_N fail=$WITHDRAW_FAIL_N)"
|
||
|
||
# Settlement catch-up: bank may have confirmed while wallet was still empty
|
||
section "e2e · wallet settlement (timing)"
|
||
if ! wait_wallet_balance 0 "${E2E_SETTLE_ROUNDS}" "${E2E_SETTLE_SLEEP}"; then
|
||
if [ "$WITHDRAW_LAG_N" -gt 0 ] || [ "$WITHDRAW_OK_N" -gt 0 ]; then
|
||
warn "settlement timing" "ATM path reached bank confirm (lag=$WITHDRAW_LAG_N ok=$WITHDRAW_OK_N) but wallet empty after wait — TIME lag, not protocol error"
|
||
fi
|
||
fi
|
||
av_now=$(wallet_avail_num)
|
||
if python3 -c "import sys; sys.exit(0 if float(sys.argv[1]) > 0 else 1)" "$av_now" 2>/dev/null; then
|
||
WITHDRAW_OK=1
|
||
if [ "$WITHDRAW_OK_N" = "0" ]; then
|
||
warn "settlement timing" "coins arrived after ATM ladder (${CUR}:${av_now}) — earlier 'FAIL' was timing lag"
|
||
WITHDRAW_REPORT="${WITHDRAW_REPORT} → late-OK avail=${CUR}:${av_now}"
|
||
fi
|
||
ok "spendable balance for payments" "${CUR}:${av_now}"
|
||
else
|
||
if [ "$WITHDRAW_OK" != "1" ]; then
|
||
warn "withdraw" "still no spendable ${CUR} after settle wait"
|
||
# diagnostic dig only — do not treat as hard stop if we can still see bank state
|
||
if [ "$E2E_REMOTE" != "1" ]; then
|
||
dig_when_no_coins || true
|
||
fi
|
||
# one last balance after dig (dig takes wall time — often enough for wirewatch)
|
||
wait_wallet_balance 0 8 3 || true
|
||
av_now=$(wallet_avail_num)
|
||
if python3 -c "import sys; sys.exit(0 if float(sys.argv[1]) > 0 else 1)" "$av_now" 2>/dev/null; then
|
||
WITHDRAW_OK=1
|
||
warn "settlement timing" "coins present after dig wait (${CUR}:${av_now}) — timing, not blocker"
|
||
else
|
||
blocker "withdraw-settle" "no spendable ${CUR} after ATM ladder + settle wait ($WITHDRAW_LIST)"
|
||
section "e2e · report"
|
||
info "WITHDRAW" "$WITHDRAW_REPORT — no coins after extended wait"
|
||
info "PAY" "SKIPPED (no spendable balance after settle wait)"
|
||
exit 1
|
||
fi
|
||
fi
|
||
fi
|
||
|
||
# ---------------------------------------------------------------------------
|
||
section "e2e · variable payments (if balance allows)"
|
||
# ---------------------------------------------------------------------------
|
||
PAY_OK=0
|
||
PAY_OK_N=0
|
||
PAY_FAIL_N=0
|
||
PAY_SKIP_N=0
|
||
PAY_REPORT=""
|
||
if [ -z "${MPW:-}" ]; then
|
||
if [ "$E2E_REMOTE" = "1" ]; then
|
||
e2e_abort_auth "merchant-order" "no merchant token — set E2E_MERCHANT_TOKEN"
|
||
fi
|
||
blocker "merchant-order" "no merchant token"
|
||
exit 1
|
||
fi
|
||
|
||
for PAY_AMT in $PAY_LIST; do
|
||
e2e_over && { warn "pay ladder" "time budget low — stopping more payments"; break; }
|
||
av_now=$(wallet_avail_num)
|
||
pay_n=$(python3 -c 'import sys; print(float(sys.argv[1].split(":",1)[-1]))' "$PAY_AMT" 2>/dev/null || echo 0)
|
||
if ! python3 -c "import sys; sys.exit(0 if float(sys.argv[1]) + 1e-12 >= float(sys.argv[2]) else 1)" "$av_now" "$pay_n" 2>/dev/null; then
|
||
warn "pay $PAY_AMT" "skip — insufficient avail ${CUR}:${av_now} (need ${pay_n})"
|
||
PAY_SKIP_N=$((PAY_SKIP_N + 1))
|
||
PAY_REPORT="${PAY_REPORT}${PAY_REPORT:+ }${PAY_AMT}=SKIP(bal)"
|
||
continue
|
||
fi
|
||
set +e
|
||
e2e_one_pay "$PAY_AMT"
|
||
pc=$?
|
||
set -e
|
||
if [ "$pc" = "0" ]; then
|
||
PAY_OK=1
|
||
PAY_OK_N=$((PAY_OK_N + 1))
|
||
PAY_REPORT="${PAY_REPORT}${PAY_REPORT:+ }${PAY_AMT}=OK"
|
||
else
|
||
PAY_FAIL_N=$((PAY_FAIL_N + 1))
|
||
PAY_REPORT="${PAY_REPORT}${PAY_REPORT:+ }${PAY_AMT}=FAIL"
|
||
fi
|
||
done
|
||
info "pay summary" "$PAY_REPORT (ok=$PAY_OK_N fail=$PAY_FAIL_N skip=$PAY_SKIP_N)"
|
||
if [ "$PAY_OK" != "1" ]; then
|
||
av_now=$(wallet_avail_num)
|
||
if python3 -c "import sys; sys.exit(0 if float(sys.argv[1]) > 0 else 1)" "$av_now" 2>/dev/null; then
|
||
warn "pay" "balance ${CUR}:${av_now} but no pay amount completed — check merchant/timing (not necessarily empty wallet)"
|
||
else
|
||
blocker "pay-settle" "no payment succeeded and no spendable balance ($PAY_LIST)"
|
||
fi
|
||
fi
|
||
|
||
section "e2e · report"
|
||
info "user" "$USER"
|
||
info "ATM withdraws" "$WITHDRAW_REPORT"
|
||
info "payments" "$PAY_REPORT"
|
||
info "final balance" "$(fmt_bal "$SCRATCH/bal-live.out" 2>/dev/null || echo "(n/a)")"
|
||
info "scratch" "$SCRATCH"
|
||
# Success if we had coins and at least one pay, OR coins + only pay skips (nothing affordable)
|
||
if [ "${#BLOCKERS[@]}" -eq 0 ]; then
|
||
if [ "$WITHDRAW_OK" = "1" ] && [ "$PAY_OK" = "1" ]; then
|
||
exit 0
|
||
fi
|
||
if [ "$WITHDRAW_OK" = "1" ] && [ "$PAY_OK_N" = "0" ] && [ "$PAY_FAIL_N" = "0" ]; then
|
||
warn "pay" "no payment tried/completed — withdraw OK"
|
||
exit 0
|
||
fi
|
||
if [ "$WITHDRAW_OK" = "1" ] && [ "$PAY_OK" != "1" ]; then
|
||
# money there, pays failed → soft exit 1 without inventing blockers if already warned
|
||
exit 1
|
||
fi
|
||
fi
|
||
exit 1
|