architex/lib/matrix_server/schema/server_key_info.ex

defmodule MatrixServer.ServerKeyInfo do
  use Ecto.Schema

  import Ecto.Query

  alias MatrixServer.{Repo, ServerKeyInfo, SigningKey}
  alias MatrixServerWeb.Federation.HTTPClient
  alias MatrixServerWeb.Federation.Request.GetSigningKeys
  alias Ecto.Multi

  @primary_key {:server_name, :string, []}
  schema "server_key_info" do
    field :valid_until, :utc_datetime

    has_many :signing_keys, SigningKey, foreign_key: :server_name
  end

  def with_fresh_signing_keys(server_name) do
    current_time = System.os_time(:millisecond)

    case with_signing_keys(server_name) do
      nil ->
        # We have not encountered this server before, always request keys.
        refresh_signing_keys(server_name)

      %ServerKeyInfo{valid_until: valid_until} when valid_until <= current_time ->
        # Keys are expired; request fresh ones from server.
        refresh_signing_keys(server_name)

      ski ->
        {:ok, ski}
    end
  end

  defp refresh_signing_keys(server_name) do
    # TODO: Handle expired keys.
    in_a_week = DateTime.utc_now() |> DateTime.add(60 * 60 * 24 * 7, :second)
    client = HTTPClient.client(server_name)

    with {:ok,
          %GetSigningKeys{
            server_name: server_name,
            verify_keys: verify_keys,
            valid_until_ts: valid_until_ts
          }} <- HTTPClient.get_signing_keys(client),
         {:ok, valid_until} <- DateTime.from_unix(valid_until_ts) do
      signing_keys =
        Enum.map(verify_keys, fn {key_id, %{"key" => key}} ->
          [server_name: server_name, signing_key_id: key_id, signing_key: key]
        end)

      # Always check every week to prevent misuse.
      ski = %ServerKeyInfo{
        server_name: server_name,
        valid_until: MatrixServer.min_datetime(in_a_week, valid_until)
      }

      case upsert_multi(server_name, ski, signing_keys) |> Repo.transaction() do
        {:ok, %{new_ski: ski}} -> {:ok, ski}
        {:error, _} -> :error
      end
    else
      _ -> :error
    end
  end

  defp upsert_multi(server_name, ski, signing_keys) do
    Multi.new()
    |> Multi.insert(:ski, ski,
      on_conflict: {:replace, [:valid_until]},
      conflict_target: [:server_name]
    )
    |> Multi.insert_all(:insert_keys, SigningKey, signing_keys, on_conflict: :nothing)
    |> Multi.run(:new_ski, fn _, _ ->
      case with_signing_keys(server_name) do
        nil -> {:error, :ski}
        ski -> {:ok, ski}
      end
    end)
  end

  defp with_signing_keys(server_name) do
    ServerKeyInfo
    |> where([ski], ski.server_name == ^server_name)
    |> preload([ski], [:signing_keys])
    |> Repo.one()
  end
end
Add schemas and functions to query signing keys from servers 2021-08-12 22:45:07 +00:00			`defmodule MatrixServer.ServerKeyInfo do`
			`use Ecto.Schema`

			`import Ecto.Query`

			`alias MatrixServer.{Repo, ServerKeyInfo, SigningKey}`
Create tesla middleware for adding signature to federation requests Change repo structure 2021-08-14 13:20:42 +00:00			`alias MatrixServerWeb.Federation.HTTPClient`
Add schemas and functions to query signing keys from servers 2021-08-12 22:45:07 +00:00			`alias MatrixServerWeb.Federation.Request.GetSigningKeys`
			`alias Ecto.Multi`

			`@primary_key {:server_name, :string, []}`
			`schema "server_key_info" do`
Add function to query whether server participates in a room Move from integer timestamps to datetimes 2021-08-16 17:30:47 +00:00			`field :valid_until, :utc_datetime`
Add schemas and functions to query signing keys from servers 2021-08-12 22:45:07 +00:00
			`has_many :signing_keys, SigningKey, foreign_key: :server_name`
			`end`

			`def with_fresh_signing_keys(server_name) do`
			`current_time = System.os_time(:millisecond)`

			`case with_signing_keys(server_name) do`
			`nil ->`
			`# We have not encountered this server before, always request keys.`
			`refresh_signing_keys(server_name)`

			`%ServerKeyInfo{valid_until: valid_until} when valid_until <= current_time ->`
			`# Keys are expired; request fresh ones from server.`
			`refresh_signing_keys(server_name)`

			`ski ->`
			`{:ok, ski}`
			`end`
			`end`

			`defp refresh_signing_keys(server_name) do`
Handle enacl exceptions during signature checks Fix usage of undecoded signing key during server authentication Fix several bugs in profile query endpoint 2021-08-13 15:36:34 +00:00			`# TODO: Handle expired keys.`
Add function to query whether server participates in a room Move from integer timestamps to datetimes 2021-08-16 17:30:47 +00:00			`in_a_week = DateTime.utc_now() \|> DateTime.add(60 * 60 * 24 * 7, :second)`
Create tesla middleware for adding signature to federation requests Change repo structure 2021-08-14 13:20:42 +00:00			`client = HTTPClient.client(server_name)`
Add schemas and functions to query signing keys from servers 2021-08-12 22:45:07 +00:00
Handle enacl exceptions during signature checks Fix usage of undecoded signing key during server authentication Fix several bugs in profile query endpoint 2021-08-13 15:36:34 +00:00			`with {:ok,`
			`%GetSigningKeys{`
			`server_name: server_name,`
			`verify_keys: verify_keys,`
Add function to query whether server participates in a room Move from integer timestamps to datetimes 2021-08-16 17:30:47 +00:00			`valid_until_ts: valid_until_ts`
			`}} <- HTTPClient.get_signing_keys(client),`
			`{:ok, valid_until} <- DateTime.from_unix(valid_until_ts) do`
Add schemas and functions to query signing keys from servers 2021-08-12 22:45:07 +00:00			`signing_keys =`
			`Enum.map(verify_keys, fn {key_id, %{"key" => key}} ->`
			`[server_name: server_name, signing_key_id: key_id, signing_key: key]`
			`end)`

			`# Always check every week to prevent misuse.`
Add function to query whether server participates in a room Move from integer timestamps to datetimes 2021-08-16 17:30:47 +00:00			`ski = %ServerKeyInfo{`
			`server_name: server_name,`
			`valid_until: MatrixServer.min_datetime(in_a_week, valid_until)`
			`}`
Add schemas and functions to query signing keys from servers 2021-08-12 22:45:07 +00:00
			`case upsert_multi(server_name, ski, signing_keys) \|> Repo.transaction() do`
Handle enacl exceptions during signature checks Fix usage of undecoded signing key during server authentication Fix several bugs in profile query endpoint 2021-08-13 15:36:34 +00:00			`{:ok, %{new_ski: ski}} -> {:ok, ski}`
Add schemas and functions to query signing keys from servers 2021-08-12 22:45:07 +00:00			`{:error, _} -> :error`
			`end`
			`else`
Add function to query whether server participates in a room Move from integer timestamps to datetimes 2021-08-16 17:30:47 +00:00			`_ -> :error`
Add schemas and functions to query signing keys from servers 2021-08-12 22:45:07 +00:00			`end`
			`end`

			`defp upsert_multi(server_name, ski, signing_keys) do`
			`Multi.new()`
			`\|> Multi.insert(:ski, ski,`
			`on_conflict: {:replace, [:valid_until]},`
			`conflict_target: [:server_name]`
			`)`
			`\|> Multi.insert_all(:insert_keys, SigningKey, signing_keys, on_conflict: :nothing)`
Handle enacl exceptions during signature checks Fix usage of undecoded signing key during server authentication Fix several bugs in profile query endpoint 2021-08-13 15:36:34 +00:00			`\|> Multi.run(:new_ski, fn _, _ ->`
Add schemas and functions to query signing keys from servers 2021-08-12 22:45:07 +00:00			`case with_signing_keys(server_name) do`
			`nil -> {:error, :ski}`
			`ski -> {:ok, ski}`
			`end`
			`end)`
			`end`

			`defp with_signing_keys(server_name) do`
			`ServerKeyInfo`
			`\|> where([ski], ski.server_name == ^server_name)`
			`\|> preload([ski], [:signing_keys])`
			`\|> Repo.one()`
			`end`
			`end`