Fix whitespace

Sneagan · Sneagan · commit 9d9f526d0ede · 2025-08-13T22:05:23.000-04:00
diff --git a/server/tokens.go b/server/tokens.go
@@ -76,24 +76,28 @@ func (c *Server) BlindedTokenIssuerHandlerV2(w http.ResponseWriter, r *http.Requ
 			)
 			return WrapError(err, "Could not parse the request body", 400)
 		}
+
 		if request.BlindedTokens == nil {
 			c.Logger.Debug("Empty request")
 			return &AppError{
 				Message: "Empty request",
 				Code:    http.StatusBadRequest,
 			}
 		}
+
 		if request.IssuerCohort != 0 && request.IssuerCohort != 1 {
 			c.Logger.Debug("Not supported Cohort")
 			return &AppError{
 				Message: "Not supported Cohort",
 				Code:    http.StatusBadRequest,
 			}
 		}
+
 		issuer, appErr := c.GetLatestIssuer(issuerType, request.IssuerCohort)
 		if appErr != nil {
 			return appErr
 		}
+
 		// get latest signing key from issuer
 		var signingKey *crypto.SigningKey
 		if len(issuer.Keys) > 0 {
@@ -110,6 +114,7 @@ func (c *Server) BlindedTokenIssuerHandlerV2(w http.ResponseWriter, r *http.Requ
 				Code:    http.StatusBadRequest,
 			}
 		}
+
 		signedTokens, proof, err := btd.ApproveTokens(request.BlindedTokens, signingKey)
 		if err != nil {
 			c.Logger.Debug("Could not approve new tokens")
@@ -141,18 +146,22 @@ func (c *Server) blindedTokenIssuerHandler(w http.ResponseWriter, r *http.Reques
 		if appErr != nil {
 			return appErr
 		}
+
 		var request blindedTokenIssueRequest
+
 		if err := json.NewDecoder(http.MaxBytesReader(w, r.Body, maxRequestSize)).Decode(&request); err != nil {
 			c.Logger.Debug("Could not parse the request body")
 			return WrapError(err, "Could not parse the request body", 400)
 		}
+
 		if request.BlindedTokens == nil {
 			c.Logger.Debug("Empty request")
 			return &AppError{
 				Message: "Empty request",
 				Code:    http.StatusBadRequest,
 			}
 		}
+
 		// get latest signing key from issuer
 		var signingKey *crypto.SigningKey
 		if len(issuer.Keys) > 0 {
@@ -169,6 +178,7 @@ func (c *Server) blindedTokenIssuerHandler(w http.ResponseWriter, r *http.Reques
 				Code:    http.StatusBadRequest,
 			}
 		}
+
 		signedTokens, proof, err := btd.ApproveTokens(request.BlindedTokens, signingKey)
 		if err != nil {
 			c.Logger.Debug("Could not approve new tokens")
@@ -216,37 +226,44 @@ func (c *Server) blindedTokenRedeemHandlerV3(w http.ResponseWriter, r *http.Requ
 			}
 		default:
 			c.Logger.Error("error fetching issuer", slog.Any("error", err))
+
 			return &AppError{
 				Cause:   errors.New("internal server error"),
 				Message: "Internal server error could not retrieve issuer",
 				Code:    http.StatusInternalServerError,
 			}
 		}
 	}
+
 	if issuer.Version != 3 {
 		return &AppError{
 			Message: "Issuer must be version 3",
 			Code:    http.StatusBadRequest,
 		}
 	}
+
 	now := time.Now()
+
 	if issuer.HasExpired(now) {
 		return &AppError{
 			Message: "Issuer has expired",
 			Code:    http.StatusBadRequest,
 		}
 	}
+
 	var request blindedTokenRedeemRequest
 	if err := json.NewDecoder(http.MaxBytesReader(w, r.Body, maxRequestSize)).Decode(&request); err != nil {
 		c.Logger.Debug("Could not parse the request body")
 		return WrapError(err, "Could not parse the request body", http.StatusBadRequest)
 	}
+
 	if request.isEmpty() {
 		return &AppError{
 			Message: "Empty request",
 			Code:    http.StatusBadRequest,
 		}
 	}
+
 	skeys, err := issuer.FindSigningKeys(now)
 	if err != nil {
 		switch {
@@ -255,31 +272,37 @@ func (c *Server) blindedTokenRedeemHandlerV3(w http.ResponseWriter, r *http.Requ
 				Message: "Issuer must be version 3",
 				Code:    http.StatusBadRequest,
 			}
+
 		case errors.Is(err, model.ErrInvalidIV3Key):
 			return &AppError{
 				Message: "Issuer has invalid keys for v3",
 				Code:    http.StatusBadRequest,
 			}
+
 		default:
 			return &AppError{
 				Message: "Something went wrong",
 				Code:    http.StatusBadRequest,
 			}
 		}
 	}
+
 	if len(skeys) == 0 {
 		c.Logger.Error("failed to find appropriate key", "at", now)
+
 		return &AppError{
 			Message: "Issuer has no key that corresponds to start < now < end",
 			Code:    http.StatusBadRequest,
 		}
 	}
+
 	if err := btd.VerifyTokenRedemption(request.TokenPreimage, request.Signature, request.Payload, skeys); err != nil {
 		return &AppError{
 			Message: "Could not verify that token redemption is valid",
 			Code:    http.StatusBadRequest,
 		}
 	}
+
 	if err := c.RedeemToken(issuer, request.TokenPreimage, request.Payload, 0); err != nil {
 		c.Logger.Error("error redeeming token")
 		if errors.Is(err, errDuplicateRedemption) {
@@ -294,6 +317,7 @@ func (c *Server) blindedTokenRedeemHandlerV3(w http.ResponseWriter, r *http.Requ
 			Code:    http.StatusInternalServerError,
 		}
 	}
+
 	result := blindedTokenRedeemResponse{issuer.IssuerCohort}
 
 	if err := RenderContent(result, w, http.StatusOK); err != nil {
@@ -314,28 +338,34 @@ func (c *Server) blindedTokenRedeemHandler(w http.ResponseWriter, r *http.Reques
 		if appErr != nil {
 			return appErr
 		}
+
 		var request blindedTokenRedeemRequest
+
 		if err := json.NewDecoder(http.MaxBytesReader(w, r.Body, maxRequestSize)).Decode(&request); err != nil {
 			c.Logger.Debug("Could not parse the request body")
 			return WrapError(err, "Could not parse the request body", 400)
 		}
+
 		if request.TokenPreimage == nil || request.Signature == nil {
 			c.Logger.Error("Empty request")
 			return &AppError{
 				Message: "Empty request",
 				Code:    http.StatusBadRequest,
 			}
 		}
+
 		var (
 			verified       bool
 			verifiedIssuer = &model.Issuer{}
 			verifiedCohort = int16(0)
 			now            = time.Now()
 		)
+
 		for _, issuer := range issuers {
 			if issuer.HasExpired(now) {
 				continue
 			}
+
 			// get latest signing key from issuer
 			var signingKey *crypto.SigningKey
 			if len(issuer.Keys) > 0 {
@@ -352,6 +382,7 @@ func (c *Server) blindedTokenRedeemHandler(w http.ResponseWriter, r *http.Reques
 					Code:    http.StatusBadRequest,
 				}
 			}
+
 			if err := btd.VerifyTokenRedemption(request.TokenPreimage, request.Signature, request.Payload, []*crypto.SigningKey{signingKey}); err != nil {
 				verified = false
 			} else {
@@ -368,6 +399,7 @@ func (c *Server) blindedTokenRedeemHandler(w http.ResponseWriter, r *http.Reques
 				Code:    http.StatusBadRequest,
 			}
 		}
+
 		if err := c.RedeemToken(verifiedIssuer, request.TokenPreimage, request.Payload, 0); err != nil {
 			if errors.Is(err, errDuplicateRedemption) {
 				return &AppError{
@@ -397,31 +429,37 @@ func (c *Server) blindedTokenRedeemHandler(w http.ResponseWriter, r *http.Reques
 func (c *Server) blindedTokenBulkRedeemHandler(w http.ResponseWriter, r *http.Request) *AppError {
 	v1BlindedTokenCallTotal.WithLabelValues("bulkRedeemTokens").Inc()
 	var request BlindedTokenBulkRedeemRequest
+
 	if err := json.NewDecoder(http.MaxBytesReader(w, r.Body, maxRequestSize)).Decode(&request); err != nil {
 		c.Logger.Debug("Could not parse the request body")
 		return WrapError(err, "Could not parse the request body", 400)
 	}
+
 	tx, err := c.db.Begin()
 	if err != nil {
 		c.Logger.Debug("Could not start bulk token redemption db transaction")
 		return WrapError(err, "Could not start bulk token redemption db transaction", 400)
 	}
+
 	for _, token := range request.Tokens {
 		// @TODO: this code seems to be from an old version - we use the `redeemTokenWithDB`, and we have no tests, so I
 		// assume that is no longer used, hence the usage of v1Cohort.
 		issuer, appErr := c.GetLatestIssuer(token.Issuer, v1Cohort)
+
 		if appErr != nil {
 			_ = tx.Rollback()
 			c.Logger.Error(appErr.Error())
 			return appErr
 		}
+
 		if token.TokenPreimage == nil || token.Signature == nil {
 			_ = tx.Rollback()
 			return &AppError{
 				Message: "Missing preimage or signature",
 				Code:    http.StatusBadRequest,
 			}
 		}
+
 		// get latest signing key from issuer
 		var signingKey *crypto.SigningKey
 		if len(issuer.Keys) > 0 {
@@ -438,12 +476,14 @@ func (c *Server) blindedTokenBulkRedeemHandler(w http.ResponseWriter, r *http.Re
 				Code:    http.StatusBadRequest,
 			}
 		}
+
 		err := btd.VerifyTokenRedemption(token.TokenPreimage, token.Signature, request.Payload, []*crypto.SigningKey{signingKey})
 		if err != nil {
 			c.Logger.Error(err.Error())
 			_ = tx.Rollback()
 			return WrapError(err, "Could not verify that token redemption is valid", 400)
 		}
+
 		if err := redeemTokenWithDB(tx, token.Issuer, token.TokenPreimage, request.Payload); err != nil {
 			c.Logger.Error(err.Error())
 			_ = tx.Rollback()
@@ -470,7 +510,7 @@ func (c *Server) blindedTokenBulkRedeemHandler(w http.ResponseWriter, r *http.Re
 		}
 	}
 
-	if err := RenderContent(map[string]interface{}{}, w, http.StatusOK); err != nil {
+	if err := RenderContent(map[string]any{}, w, http.StatusOK); err != nil {
 		return &AppError{
 			Cause:   err,
 			Message: "Error encoding response",
@@ -491,6 +531,7 @@ func (c *Server) blindedTokenRedemptionHandler(w http.ResponseWriter, r *http.Re
 				Code:    http.StatusBadRequest,
 			}
 		}
+
 		tokenID, err := url.PathUnescape(tokenID)
 		if err != nil {
 			c.Logger.Debug("Bad request - incorrect token ID")
@@ -499,6 +540,7 @@ func (c *Server) blindedTokenRedemptionHandler(w http.ResponseWriter, r *http.Re
 				Code:    http.StatusBadRequest,
 			}
 		}
+
 		issuer, err := c.fetchIssuer(issuerID)
 		if err != nil {
 			c.Logger.Debug("Bad request - incorrect issuer ID")
@@ -507,6 +549,7 @@ func (c *Server) blindedTokenRedemptionHandler(w http.ResponseWriter, r *http.Re
 				Code:    http.StatusBadRequest,
 			}
 		}
+
 		if issuer.Version == 2 {
 			redemption, err := c.fetchRedemptionV2(uuid.NewSHA1(*issuer.ID, []byte(tokenID)))
 			if err != nil {

Original file line number	Diff line number	Diff line change
`@@ -76,24 +76,28 @@ func (c Server) BlindedTokenIssuerHandlerV2(w http.ResponseWriter, r http.Requ`
`76`	`76`	`)`
`77`	`77`	`return WrapError(err, "Could not parse the request body", 400)`
`78`	`78`	`}`
	`79`	`+`
`79`	`80`	`if request.BlindedTokens == nil {`
`80`	`81`	`c.Logger.Debug("Empty request")`
`81`	`82`	`return &AppError{`
`82`	`83`	`Message: "Empty request",`
`83`	`84`	`Code: http.StatusBadRequest,`
`84`	`85`	`}`
`85`	`86`	`}`
	`87`	`+`
`86`	`88`	`if request.IssuerCohort != 0 && request.IssuerCohort != 1 {`
`87`	`89`	`c.Logger.Debug("Not supported Cohort")`
`88`	`90`	`return &AppError{`
`89`	`91`	`Message: "Not supported Cohort",`
`90`	`92`	`Code: http.StatusBadRequest,`
`91`	`93`	`}`
`92`	`94`	`}`
	`95`	`+`
`93`	`96`	`issuer, appErr := c.GetLatestIssuer(issuerType, request.IssuerCohort)`
`94`	`97`	`if appErr != nil {`
`95`	`98`	`return appErr`
`96`	`99`	`}`
	`100`	`+`
`97`	`101`	`// get latest signing key from issuer`
`98`	`102`	`var signingKey *crypto.SigningKey`
`99`	`103`	`if len(issuer.Keys) > 0 {`
`@@ -110,6 +114,7 @@ func (c Server) BlindedTokenIssuerHandlerV2(w http.ResponseWriter, r http.Requ`
`110`	`114`	`Code: http.StatusBadRequest,`
`111`	`115`	`}`
`112`	`116`	`}`
	`117`	`+`
`113`	`118`	`signedTokens, proof, err := btd.ApproveTokens(request.BlindedTokens, signingKey)`
`114`	`119`	`if err != nil {`
`115`	`120`	`c.Logger.Debug("Could not approve new tokens")`
`@@ -141,18 +146,22 @@ func (c Server) blindedTokenIssuerHandler(w http.ResponseWriter, r http.Reques`
`141`	`146`	`if appErr != nil {`
`142`	`147`	`return appErr`
`143`	`148`	`}`
	`149`	`+`
`144`	`150`	`var request blindedTokenIssueRequest`
	`151`	`+`
`145`	`152`	`if err := json.NewDecoder(http.MaxBytesReader(w, r.Body, maxRequestSize)).Decode(&request); err != nil {`
`146`	`153`	`c.Logger.Debug("Could not parse the request body")`
`147`	`154`	`return WrapError(err, "Could not parse the request body", 400)`
`148`	`155`	`}`
	`156`	`+`
`149`	`157`	`if request.BlindedTokens == nil {`
`150`	`158`	`c.Logger.Debug("Empty request")`
`151`	`159`	`return &AppError{`
`152`	`160`	`Message: "Empty request",`
`153`	`161`	`Code: http.StatusBadRequest,`
`154`	`162`	`}`
`155`	`163`	`}`
	`164`	`+`
`156`	`165`	`// get latest signing key from issuer`
`157`	`166`	`var signingKey *crypto.SigningKey`
`158`	`167`	`if len(issuer.Keys) > 0 {`
`@@ -169,6 +178,7 @@ func (c Server) blindedTokenIssuerHandler(w http.ResponseWriter, r http.Reques`
`169`	`178`	`Code: http.StatusBadRequest,`
`170`	`179`	`}`
`171`	`180`	`}`
	`181`	`+`
`172`	`182`	`signedTokens, proof, err := btd.ApproveTokens(request.BlindedTokens, signingKey)`
`173`	`183`	`if err != nil {`
`174`	`184`	`c.Logger.Debug("Could not approve new tokens")`
`@@ -216,37 +226,44 @@ func (c Server) blindedTokenRedeemHandlerV3(w http.ResponseWriter, r http.Requ`
`216`	`226`	`}`
`217`	`227`	`default:`
`218`	`228`	`c.Logger.Error("error fetching issuer", slog.Any("error", err))`
	`229`	`+`
`219`	`230`	`return &AppError{`
`220`	`231`	`Cause: errors.New("internal server error"),`
`221`	`232`	`Message: "Internal server error could not retrieve issuer",`
`222`	`233`	`Code: http.StatusInternalServerError,`
`223`	`234`	`}`
`224`	`235`	`}`
`225`	`236`	`}`
	`237`	`+`
`226`	`238`	`if issuer.Version != 3 {`
`227`	`239`	`return &AppError{`
`228`	`240`	`Message: "Issuer must be version 3",`
`229`	`241`	`Code: http.StatusBadRequest,`
`230`	`242`	`}`
`231`	`243`	`}`
	`244`	`+`
`232`	`245`	`now := time.Now()`
	`246`	`+`
`233`	`247`	`if issuer.HasExpired(now) {`
`234`	`248`	`return &AppError{`
`235`	`249`	`Message: "Issuer has expired",`
`236`	`250`	`Code: http.StatusBadRequest,`
`237`	`251`	`}`
`238`	`252`	`}`
	`253`	`+`
`239`	`254`	`var request blindedTokenRedeemRequest`
`240`	`255`	`if err := json.NewDecoder(http.MaxBytesReader(w, r.Body, maxRequestSize)).Decode(&request); err != nil {`
`241`	`256`	`c.Logger.Debug("Could not parse the request body")`
`242`	`257`	`return WrapError(err, "Could not parse the request body", http.StatusBadRequest)`
`243`	`258`	`}`
	`259`	`+`
`244`	`260`	`if request.isEmpty() {`
`245`	`261`	`return &AppError{`
`246`	`262`	`Message: "Empty request",`
`247`	`263`	`Code: http.StatusBadRequest,`
`248`	`264`	`}`
`249`	`265`	`}`
	`266`	`+`
`250`	`267`	`skeys, err := issuer.FindSigningKeys(now)`
`251`	`268`	`if err != nil {`
`252`	`269`	`switch {`
`@@ -255,31 +272,37 @@ func (c Server) blindedTokenRedeemHandlerV3(w http.ResponseWriter, r http.Requ`
`255`	`272`	`Message: "Issuer must be version 3",`
`256`	`273`	`Code: http.StatusBadRequest,`
`257`	`274`	`}`
	`275`	`+`
`258`	`276`	`case errors.Is(err, model.ErrInvalidIV3Key):`
`259`	`277`	`return &AppError{`
`260`	`278`	`Message: "Issuer has invalid keys for v3",`
`261`	`279`	`Code: http.StatusBadRequest,`
`262`	`280`	`}`
	`281`	`+`
`263`	`282`	`default:`
`264`	`283`	`return &AppError{`
`265`	`284`	`Message: "Something went wrong",`
`266`	`285`	`Code: http.StatusBadRequest,`
`267`	`286`	`}`
`268`	`287`	`}`
`269`	`288`	`}`
	`289`	`+`
`270`	`290`	`if len(skeys) == 0 {`
`271`	`291`	`c.Logger.Error("failed to find appropriate key", "at", now)`
	`292`	`+`
`272`	`293`	`return &AppError{`
`273`	`294`	`Message: "Issuer has no key that corresponds to start < now < end",`
`274`	`295`	`Code: http.StatusBadRequest,`
`275`	`296`	`}`
`276`	`297`	`}`
	`298`	`+`
`277`	`299`	`if err := btd.VerifyTokenRedemption(request.TokenPreimage, request.Signature, request.Payload, skeys); err != nil {`
`278`	`300`	`return &AppError{`
`279`	`301`	`Message: "Could not verify that token redemption is valid",`
`280`	`302`	`Code: http.StatusBadRequest,`
`281`	`303`	`}`
`282`	`304`	`}`
	`305`	`+`
`283`	`306`	`if err := c.RedeemToken(issuer, request.TokenPreimage, request.Payload, 0); err != nil {`
`284`	`307`	`c.Logger.Error("error redeeming token")`
`285`	`308`	`if errors.Is(err, errDuplicateRedemption) {`
`@@ -294,6 +317,7 @@ func (c Server) blindedTokenRedeemHandlerV3(w http.ResponseWriter, r http.Requ`
`294`	`317`	`Code: http.StatusInternalServerError,`
`295`	`318`	`}`
`296`	`319`	`}`
	`320`	`+`
`297`	`321`	`result := blindedTokenRedeemResponse{issuer.IssuerCohort}`
`298`	`322`
`299`	`323`	`if err := RenderContent(result, w, http.StatusOK); err != nil {`
`@@ -314,28 +338,34 @@ func (c Server) blindedTokenRedeemHandler(w http.ResponseWriter, r http.Reques`
`314`	`338`	`if appErr != nil {`
`315`	`339`	`return appErr`
`316`	`340`	`}`
	`341`	`+`
`317`	`342`	`var request blindedTokenRedeemRequest`
	`343`	`+`
`318`	`344`	`if err := json.NewDecoder(http.MaxBytesReader(w, r.Body, maxRequestSize)).Decode(&request); err != nil {`
`319`	`345`	`c.Logger.Debug("Could not parse the request body")`
`320`	`346`	`return WrapError(err, "Could not parse the request body", 400)`
`321`	`347`	`}`
	`348`	`+`
`322`	`349`	`if request.TokenPreimage == nil \|\| request.Signature == nil {`
`323`	`350`	`c.Logger.Error("Empty request")`
`324`	`351`	`return &AppError{`
`325`	`352`	`Message: "Empty request",`
`326`	`353`	`Code: http.StatusBadRequest,`
`327`	`354`	`}`
`328`	`355`	`}`
	`356`	`+`
`329`	`357`	`var (`
`330`	`358`	`verified bool`
`331`	`359`	`verifiedIssuer = &model.Issuer{}`
`332`	`360`	`verifiedCohort = int16(0)`
`333`	`361`	`now = time.Now()`
`334`	`362`	`)`
	`363`	`+`
`335`	`364`	`for _, issuer := range issuers {`
`336`	`365`	`if issuer.HasExpired(now) {`
`337`	`366`	`continue`
`338`	`367`	`}`
	`368`	`+`
`339`	`369`	`// get latest signing key from issuer`
`340`	`370`	`var signingKey *crypto.SigningKey`
`341`	`371`	`if len(issuer.Keys) > 0 {`
`@@ -352,6 +382,7 @@ func (c Server) blindedTokenRedeemHandler(w http.ResponseWriter, r http.Reques`
`352`	`382`	`Code: http.StatusBadRequest,`
`353`	`383`	`}`
`354`	`384`	`}`
	`385`	`+`
`355`	`386`	`if err := btd.VerifyTokenRedemption(request.TokenPreimage, request.Signature, request.Payload, []*crypto.SigningKey{signingKey}); err != nil {`
`356`	`387`	`verified = false`
`357`	`388`	`} else {`
`@@ -368,6 +399,7 @@ func (c Server) blindedTokenRedeemHandler(w http.ResponseWriter, r http.Reques`
`368`	`399`	`Code: http.StatusBadRequest,`
`369`	`400`	`}`
`370`	`401`	`}`
	`402`	`+`
`371`	`403`	`if err := c.RedeemToken(verifiedIssuer, request.TokenPreimage, request.Payload, 0); err != nil {`
`372`	`404`	`if errors.Is(err, errDuplicateRedemption) {`
`373`	`405`	`return &AppError{`
`@@ -397,31 +429,37 @@ func (c Server) blindedTokenRedeemHandler(w http.ResponseWriter, r http.Reques`
`397`	`429`	`func (c Server) blindedTokenBulkRedeemHandler(w http.ResponseWriter, r http.Request) *AppError {`
`398`	`430`	`v1BlindedTokenCallTotal.WithLabelValues("bulkRedeemTokens").Inc()`
`399`	`431`	`var request BlindedTokenBulkRedeemRequest`
	`432`	`+`
`400`	`433`	`if err := json.NewDecoder(http.MaxBytesReader(w, r.Body, maxRequestSize)).Decode(&request); err != nil {`
`401`	`434`	`c.Logger.Debug("Could not parse the request body")`
`402`	`435`	`return WrapError(err, "Could not parse the request body", 400)`
`403`	`436`	`}`
	`437`	`+`
`404`	`438`	`tx, err := c.db.Begin()`
`405`	`439`	`if err != nil {`
`406`	`440`	`c.Logger.Debug("Could not start bulk token redemption db transaction")`
`407`	`441`	`return WrapError(err, "Could not start bulk token redemption db transaction", 400)`
`408`	`442`	`}`
	`443`	`+`
`409`	`444`	`for _, token := range request.Tokens {`
`410`	`445`	// @TODO: this code seems to be from an old version - we use the `redeemTokenWithDB`, and we have no tests, so I
`411`	`446`	`// assume that is no longer used, hence the usage of v1Cohort.`
`412`	`447`	`issuer, appErr := c.GetLatestIssuer(token.Issuer, v1Cohort)`
	`448`	`+`
`413`	`449`	`if appErr != nil {`
`414`	`450`	`_ = tx.Rollback()`
`415`	`451`	`c.Logger.Error(appErr.Error())`
`416`	`452`	`return appErr`
`417`	`453`	`}`
	`454`	`+`
`418`	`455`	`if token.TokenPreimage == nil \|\| token.Signature == nil {`
`419`	`456`	`_ = tx.Rollback()`
`420`	`457`	`return &AppError{`
`421`	`458`	`Message: "Missing preimage or signature",`
`422`	`459`	`Code: http.StatusBadRequest,`
`423`	`460`	`}`
`424`	`461`	`}`
	`462`	`+`
`425`	`463`	`// get latest signing key from issuer`
`426`	`464`	`var signingKey *crypto.SigningKey`
`427`	`465`	`if len(issuer.Keys) > 0 {`
`@@ -438,12 +476,14 @@ func (c Server) blindedTokenBulkRedeemHandler(w http.ResponseWriter, r http.Re`
`438`	`476`	`Code: http.StatusBadRequest,`
`439`	`477`	`}`
`440`	`478`	`}`
	`479`	`+`
`441`	`480`	`err := btd.VerifyTokenRedemption(token.TokenPreimage, token.Signature, request.Payload, []*crypto.SigningKey{signingKey})`
`442`	`481`	`if err != nil {`
`443`	`482`	`c.Logger.Error(err.Error())`
`444`	`483`	`_ = tx.Rollback()`
`445`	`484`	`return WrapError(err, "Could not verify that token redemption is valid", 400)`
`446`	`485`	`}`
	`486`	`+`
`447`	`487`	`if err := redeemTokenWithDB(tx, token.Issuer, token.TokenPreimage, request.Payload); err != nil {`
`448`	`488`	`c.Logger.Error(err.Error())`
`449`	`489`	`_ = tx.Rollback()`
`@@ -470,7 +510,7 @@ func (c Server) blindedTokenBulkRedeemHandler(w http.ResponseWriter, r http.Re`
`470`	`510`	`}`
`471`	`511`	`}`
`472`	`512`
`473`		`- if err := RenderContent(map[string]interface{}{}, w, http.StatusOK); err != nil {`
	`513`	`+ if err := RenderContent(map[string]any{}, w, http.StatusOK); err != nil {`
`474`	`514`	`return &AppError{`
`475`	`515`	`Cause: err,`
`476`	`516`	`Message: "Error encoding response",`
`@@ -491,6 +531,7 @@ func (c Server) blindedTokenRedemptionHandler(w http.ResponseWriter, r http.Re`
`491`	`531`	`Code: http.StatusBadRequest,`
`492`	`532`	`}`
`493`	`533`	`}`
	`534`	`+`
`494`	`535`	`tokenID, err := url.PathUnescape(tokenID)`
`495`	`536`	`if err != nil {`
`496`	`537`	`c.Logger.Debug("Bad request - incorrect token ID")`
`@@ -499,6 +540,7 @@ func (c Server) blindedTokenRedemptionHandler(w http.ResponseWriter, r http.Re`
`499`	`540`	`Code: http.StatusBadRequest,`
`500`	`541`	`}`
`501`	`542`	`}`
	`543`	`+`
`502`	`544`	`issuer, err := c.fetchIssuer(issuerID)`
`503`	`545`	`if err != nil {`
`504`	`546`	`c.Logger.Debug("Bad request - incorrect issuer ID")`
`@@ -507,6 +549,7 @@ func (c Server) blindedTokenRedemptionHandler(w http.ResponseWriter, r http.Re`
`507`	`549`	`Code: http.StatusBadRequest,`
`508`	`550`	`}`
`509`	`551`	`}`
	`552`	`+`
`510`	`553`	`if issuer.Version == 2 {`
`511`	`554`	`redemption, err := c.fetchRedemptionV2(uuid.NewSHA1(*issuer.ID, []byte(tokenID)))`
`512`	`555`	`if err != nil {`