Implement retrieving a single event over federation

Fix url encoding during homeserver signature check
This commit is contained in:
Pim Kunis 2021-08-21 11:25:36 +02:00
parent 1881b7f3d6
commit e510c3bb6a
14 changed files with 173 additions and 22 deletions

View file

@ -38,7 +38,6 @@ defmodule MatrixServer do
end
end
# TODO Eventually move to regex with named captures.
@spec get_localpart(String.t()) :: String.t() | nil
def get_localpart(id) do
with [part, _] <- String.split(id, ":", parts: 2),
@ -85,17 +84,25 @@ defmodule MatrixServer do
# https://stackoverflow.com/questions/41523762/41671211
@spec to_serializable_map(struct()) :: map()
def to_serializable_map(struct) do
association_fields = struct.__struct__.__schema__(:associations)
association_fields =
if Kernel.function_exported?(struct.__struct__, :__schema__, 1) do
struct.__struct__.__schema__(:associations)
else
[]
end
waste_fields = association_fields ++ [:__meta__]
struct
|> Map.from_struct()
|> Map.drop(waste_fields)
|> Enum.reject(fn {k, v} ->
is_nil(v) or k in waste_fields
end)
|> Enum.into(%{})
end
@spec serialize_and_encode(struct()) :: {:ok, String.t()} | {:error, Jason.EncodeError.t()}
def serialize_and_encode(struct) do
# TODO: handle nil values in struct?
struct
|> to_serializable_map()
|> encode_canonical_json()

View file

@ -1,6 +1,6 @@
# https://github.com/michalmuskala/jason/issues/69
defmodule MatrixServer.EncodableMap do
alias MatrixServer.EncodableMap
alias MatrixServer.{EncodableMap, Event}
alias MatrixServer.Types.{UserId, RoomId, EventId, GroupId, AliasId}
defstruct pairs: []
@ -15,12 +15,10 @@ defmodule MatrixServer.EncodableMap do
pairs =
map
|> Enum.map(fn
{k, v} when is_struct(v, DateTime) ->
{k, DateTime.to_unix(v, :millisecond)}
{k, v}
when is_struct(v, UserId) or is_struct(v, RoomId) or is_struct(v, EventId) or
is_struct(v, GroupId) or is_struct(v, AliasId) ->
# Simply convert IDs to a string.
{k, to_string(v)}
{k, v} when is_map(v) ->

View file

@ -48,6 +48,8 @@ defmodule MatrixServer.KeyServer do
object = Map.drop(object, [:signatures, :unsigned])
with {:ok, json} <- MatrixServer.encode_canonical_json(object) do
IO.puts(json)
signature =
json
|> :enacl.sign_detached(private_key)

View file

@ -18,6 +18,9 @@ defmodule MatrixServer.RoomServer do
GenServer.start_link(__MODULE__, opts, name: name)
end
@spec get_room_server(Room.t()) :: {:error, :not_found} | DynamicSupervisor.on_start_child()
def get_room_server(%Room{id: room_id}), do: get_room_server(room_id)
# Get room server pid, or spin one up for the room.
# If the room does not exist, return an error.
@spec get_room_server(String.t()) :: {:error, :not_found} | DynamicSupervisor.on_start_child()

View file

@ -9,7 +9,7 @@ defmodule MatrixServer.Event do
# TODO: Could refactor to also always set prev_events, but not necessary.
@type t :: %__MODULE__{
type: String.t(),
origin_server_ts: DateTime.t(),
origin_server_ts: integer(),
state_key: String.t(),
sender: UserId.t(),
content: map(),
@ -23,7 +23,7 @@ defmodule MatrixServer.Event do
@primary_key {:event_id, :string, []}
schema "events" do
field :type, :string
field :origin_server_ts, :utc_datetime_usec
field :origin_server_ts, :integer
field :state_key, :string
field :sender, UserId
field :content, :map
@ -36,12 +36,38 @@ defmodule MatrixServer.Event do
belongs_to :room, Room, type: :string
end
defimpl Jason.Encoder, for: Event do
@pdu_keys [
:auth_events,
:content,
:depth,
:hashes,
:origin,
:origin_server_ts,
:prev_events,
:redacts,
:room_id,
:sender,
:signatures,
:state_key,
:type,
:unsigned
]
def encode(event, opts) do
event
|> Map.take(@pdu_keys)
|> Map.update!(:sender, &Kernel.to_string/1)
|> Jason.Encode.map(opts)
end
end
@spec new(Room.t(), Account.t()) :: %Event{}
def new(%Room{id: room_id}, %Account{localpart: localpart}) do
%Event{
room_id: room_id,
sender: %UserId{localpart: localpart, domain: MatrixServer.server_name()},
origin_server_ts: DateTime.utc_now(),
origin_server_ts: DateTime.utc_now() |> DateTime.to_unix(:millisecond),
prev_events: [],
auth_events: []
}

View file

@ -10,7 +10,7 @@ defmodule MatrixServer.ServerKeyInfo do
@primary_key {:server_name, :string, []}
schema "server_key_info" do
field :valid_until, :utc_datetime
field :valid_until, :integer
has_many :signing_keys, SigningKey, foreign_key: :server_name
end
@ -43,7 +43,7 @@ defmodule MatrixServer.ServerKeyInfo do
verify_keys: verify_keys,
valid_until_ts: valid_until_ts
}} <- HTTPClient.get_signing_keys(client),
{:ok, valid_until} <- DateTime.from_unix(valid_until_ts) do
{:ok, valid_until} <- DateTime.from_unix(valid_until_ts, :millisecond) do
signing_keys =
Enum.map(verify_keys, fn {key_id, %{"key" => key}} ->
[server_name: server_name, signing_key_id: key_id, signing_key: key]
@ -52,7 +52,8 @@ defmodule MatrixServer.ServerKeyInfo do
# Always check every week to prevent misuse.
ski = %ServerKeyInfo{
server_name: server_name,
valid_until: MatrixServer.min_datetime(in_a_week, valid_until)
valid_until:
MatrixServer.min_datetime(in_a_week, valid_until) |> DateTime.to_unix(:millisecond)
}
case upsert_multi(server_name, ski, signing_keys) |> Repo.transaction() do

View file

@ -18,6 +18,12 @@ defmodule MatrixServer.Types.UserId do
end
end
defimpl Jason.Encoder, for: UserId do
def encode(user_id, opts) do
Jason.Encode.string(to_string(user_id), opts)
end
end
def type(), do: :string
def cast(s) when is_binary(s) do

View file

@ -12,6 +12,7 @@ defmodule MatrixServerWeb.Error do
invalid_room_state:
{400, "M_INVALID_ROOM_STATE", "The request would leave the room in an invalid state."},
unauthorized: {400, "M_UNAUTHORIZED", "The request was unauthorized."},
invalid_param: {400, "M_INVALID_PARAM", "A request parameter was invalid."},
unknown_token: {401, "M_UNKNOWN_TOKEN", "Invalid access token."},
missing_token: {401, "M_MISSING_TOKEN", "Access token required."},
not_found: {404, "M_NOT_FOUND", "The requested resource was not found."},

View file

@ -12,8 +12,18 @@ defmodule MatrixServerWeb.Federation.AuthenticateServer do
method: method,
query_string: query_string
}) do
# TODO: This will break if request ends with '?'.
uri = URI.decode_www_form(path)
uri =
if String.length(query_string) > 0 do
uri <> "?" <> URI.decode_www_form(query_string)
else
uri
end
object_to_sign = %{
uri: path <> "?" <> URI.decode_www_form(query_string),
uri: uri,
method: method,
destination: MatrixServer.server_name()
}
@ -39,6 +49,7 @@ defmodule MatrixServerWeb.Federation.AuthenticateServer do
ServerKeyInfo.with_fresh_signing_keys(origin) do
Enum.find_value(keys, false, fn %SigningKey{signing_key: signing_key} ->
with {:ok, decoded_key} <- MatrixServer.decode_base64(signing_key) do
IO.puts(encoded_object)
MatrixServer.sign_verify(raw_sig, encoded_object, decoded_key)
else
_ -> false

View file

@ -2,9 +2,44 @@ defmodule MatrixServerWeb.Federation.EventController do
use MatrixServerWeb, :controller
use MatrixServerWeb.Federation.AuthenticateServer
def event(conn, %{"event_id" => _event_id}) do
import MatrixServerWeb.Error
import Ecto.Query
alias MatrixServer.{Repo, Event, RoomServer}
alias MatrixServerWeb.Federation.Transaction
def event(%Plug.Conn{assigns: %{origin: origin}} = conn, %{"event_id" => event_id}) do
query =
Event
|> where([e], e.event_id == ^event_id)
|> preload(:room)
case Repo.one(query) do
%Event{room: room} = event ->
case RoomServer.get_room_server(room) do
{:ok, pid} ->
if RoomServer.server_in_room(pid, origin) do
data = Transaction.new([event])
conn
|> put_status(200)
|> json(%{})
|> json(data)
else
put_error(
conn,
:unauthorized,
"Origin server is not allowed to see requested event."
)
end
_ ->
put_error(conn, :unknown)
end
nil ->
put_error(conn, :not_found, "Event or room not found.")
end
end
def event(conn, _), do: put_error(conn, :bad_json)
end

View file

@ -20,7 +20,7 @@ defmodule MatrixServerWeb.Federation.KeyController do
server_name: MatrixServer.server_name(),
verify_keys: keys,
old_verify_keys: %{},
valid_until_ts: valid_until
valid_until_ts: DateTime.to_unix(valid_until, :millisecond)
}
case KeyServer.sign_object(data) do

View file

@ -29,7 +29,9 @@ defmodule MatrixServerWeb.Federation.HTTPClient do
with {:ok,
%GetSigningKeys{server_name: server_name, verify_keys: verify_keys, signatures: sigs} =
response} <- tesla_request(:get, client, path, GetSigningKeys),
{:ok, encoded_body} <- MatrixServer.serialize_and_encode(response),
serializable_response <- MatrixServer.to_serializable_map(response),
serializable_response <- Map.drop(serializable_response, [:signatures]),
{:ok, encoded_body} <- MatrixServer.encode_canonical_json(serializable_response),
server_sigs when not is_nil(server_sigs) <- sigs[server_name] do
# For each verify key, check if there is a matching signature.
# If not, invalidate the whole response.
@ -58,12 +60,20 @@ defmodule MatrixServerWeb.Federation.HTTPClient do
Tesla.get(client, path)
end
def get_event(client, event_id) do
path = RouteHelpers.event_path(Endpoint, :event, event_id)
Tesla.get(client, path)
end
defp tesla_request(method, client, path, request_schema) do
with {:ok, %Tesla.Env{body: body}} <- Tesla.request(client, url: path, method: method),
%Ecto.Changeset{valid?: true} = cs <- apply(request_schema, :changeset, [body]) do
{:ok, Ecto.Changeset.apply_changes(cs)}
else
_ -> :error
x ->
IO.inspect(x)
:error
end
end
end

View file

@ -0,0 +1,36 @@
defmodule MatrixServerWeb.Federation.Transaction do
alias MatrixServer.Event
alias MatrixServerWeb.Federation.Transaction
# TODO
@type edu :: any()
@type t :: %__MODULE__{
origin: String.t(),
origin_server_ts: integer(),
pdus: [Event.t()],
edus: [edu()] | nil
}
defstruct [:origin, :origin_server_ts, :pdus, :edus]
defimpl Jason.Encoder, for: Transaction do
@fields [:origin, :origin_server_ts, :pdus, :edus]
def encode(transaction, opts) do
transaction
|> Map.take(@fields)
|> Jason.Encode.map(opts)
end
end
@spec new([Event.t()], [edu()] | nil) :: t()
def new(pdu_events, edus \\ nil) do
%Transaction{
origin: MatrixServer.server_name(),
origin_server_ts: System.os_time(:millisecond),
pdus: Enum.map(pdu_events, &MatrixServer.to_serializable_map/1),
edus: edus
}
end
end

View file

@ -0,0 +1,15 @@
defmodule MatrixServer.Repo.Migrations.MoveTimestampsToIntsAgain do
use Ecto.Migration
def change do
alter table(:events) do
remove :origin_server_ts, :utc_datetime_usec, null: false
add :origin_server_ts, :bigint, null: false
end
alter table(:server_key_info) do
remove :valid_until, :utc_datetime_usec, null: false
add :valid_until, :bigint, default: 0, null: false
end
end
end