Add code for verifying homeservers' signatures on API requests

2021-08-08 19:20:10 +02:00 · 2021-08-08 19:20:10 +02:00 · 33b64d80f5
commit 33b64d80f5
parent f50f08061c
9 changed files with 181 additions and 33 deletions
--- a/lib/matrix_server/schema/event.ex
+++ b/lib/matrix_server/schema/event.ex
@ -5,7 +5,6 @@ defmodule MatrixServer.Event do

  alias MatrixServer.{Repo, Room, Event, Account, OrderedMap, SigningServer}

-  @schema_meta_fields [:__meta__]
  @primary_key {:event_id, :string, []}
  schema "events" do
    field :type, :string
@ -287,7 +286,7 @@ defmodule MatrixServer.Event do
  defp calculate_content_hash(event) do
    result =
      event
-      |> to_map()
+      |> MatrixServer.to_serializable_map()
      |> Map.drop([:unsigned, :signature, :hashes])
      |> OrderedMap.from_map()
      |> Jason.encode()
@ -305,7 +304,7 @@ defmodule MatrixServer.Event do
  defp redact(%Event{type: type, content: content} = event) do
    redacted_event =
      event
-      |> to_map()
+      |> MatrixServer.to_serializable_map()
      |> Map.take([
        :event_id,
        :type,
@ -347,14 +346,4 @@ defmodule MatrixServer.Event do
        "users",
        "users_default"
      ])
-
-  # https://stackoverflow.com/questions/41523762/41671211
-  def to_map(event) do
-    association_fields = event.__struct__.__schema__(:associations)
-    waste_fields = association_fields ++ @schema_meta_fields
-
-    event
-    |> Map.from_struct()
-    |> Map.drop(waste_fields)
-  end
 end
--- a/lib/matrix_server/signing_server.ex
+++ b/lib/matrix_server/signing_server.ex
@ -1,8 +1,6 @@
 defmodule MatrixServer.SigningServer do
  use GenServer

-  alias MatrixServer.OrderedMap
-
  # TODO: only support one signing key for now.
  @signing_key_id "ed25519:1"

@ -16,8 +14,8 @@ defmodule MatrixServer.SigningServer do
    GenServer.call(__MODULE__, {:sign_object, object})
  end

-  def get_signing_keys do
-    GenServer.call(__MODULE__, :get_signing_keys)
+  def get_signing_keys(encoded \\ false) do
+    GenServer.call(__MODULE__, {:get_signing_keys, encoded})
  end

  ## Implementation
@ -35,12 +33,7 @@ defmodule MatrixServer.SigningServer do
        _from,
        %{private_key: private_key} = state
      ) do
-    ordered_map =
-      object
-      |> Map.drop([:signatures, :unsigned])
-      |> OrderedMap.from_map()
-
-    case Jason.encode(ordered_map) do
+    case MatrixServer.encode_canonical_json(object) do
      {:ok, json} ->
        signature =
          json
@ -62,10 +55,10 @@ defmodule MatrixServer.SigningServer do
    end
  end

-  def handle_call(:get_signing_keys, _from, %{public_key: public_key} = state) do
-    encoded_public_key = MatrixServer.encode_unpadded_base64(public_key)
+  def handle_call({:get_signing_keys, encoded}, _from, %{public_key: public_key} = state) do
+    result = if encoded, do: MatrixServer.encode_unpadded_base64(public_key), else: public_key

-    {:reply, [{@signing_key_id, encoded_public_key}], state}
+    {:reply, [{@signing_key_id, result}], state}
  end

  # TODO: not sure if there is a better way to do this...