Add schemas and functions to query signing keys from servers
This commit is contained in:
parent
e6b3c4752d
commit
fb59fee754
13 changed files with 234 additions and 34 deletions
|
|
@ -42,9 +42,7 @@ defmodule MatrixServer.Device do
|
|||
|
||||
def generate_device_id(localpart) do
|
||||
# TODO: use random string instead
|
||||
time_string = System.os_time(:millisecond) |> Integer.to_string()
|
||||
|
||||
"#{localpart}_#{time_string}"
|
||||
"#{localpart}_#{System.os_time(:millisecond)}"
|
||||
end
|
||||
|
||||
def login(%Login{} = input, account) do
|
||||
|
|
|
|||
|
|
@ -3,7 +3,7 @@ defmodule MatrixServer.Event do
|
|||
|
||||
import Ecto.Query
|
||||
|
||||
alias MatrixServer.{Repo, Room, Event, Account, OrderedMap, SigningServer}
|
||||
alias MatrixServer.{Repo, Room, Event, Account, OrderedMap, KeyServer}
|
||||
|
||||
@primary_key {:event_id, :string, []}
|
||||
schema "events" do
|
||||
|
|
@ -280,7 +280,7 @@ defmodule MatrixServer.Event do
|
|||
event
|
||||
|> Map.put(:hashes, %{"sha256" => content_hash})
|
||||
|> redact()
|
||||
|> SigningServer.sign_object()
|
||||
|> KeyServer.sign_object()
|
||||
end
|
||||
|
||||
defp calculate_content_hash(event) do
|
||||
|
|
|
|||
80
lib/matrix_server/schema/server_key_info.ex
Normal file
80
lib/matrix_server/schema/server_key_info.ex
Normal file
|
|
@ -0,0 +1,80 @@
|
|||
defmodule MatrixServer.ServerKeyInfo do
|
||||
use Ecto.Schema
|
||||
|
||||
import Ecto.Query
|
||||
|
||||
alias MatrixServer.{Repo, ServerKeyInfo, SigningKey}
|
||||
alias MatrixServerWeb.FederationClient
|
||||
alias MatrixServerWeb.Federation.Request.GetSigningKeys
|
||||
alias Ecto.Multi
|
||||
|
||||
@primary_key {:server_name, :string, []}
|
||||
schema "server_key_info" do
|
||||
field :valid_until, :integer
|
||||
|
||||
has_many :signing_keys, SigningKey, foreign_key: :server_name
|
||||
end
|
||||
|
||||
def with_fresh_signing_keys(server_name) do
|
||||
current_time = System.os_time(:millisecond)
|
||||
|
||||
case with_signing_keys(server_name) do
|
||||
nil ->
|
||||
# We have not encountered this server before, always request keys.
|
||||
refresh_signing_keys(server_name)
|
||||
|
||||
%ServerKeyInfo{valid_until: valid_until} when valid_until <= current_time ->
|
||||
# Keys are expired; request fresh ones from server.
|
||||
refresh_signing_keys(server_name)
|
||||
|
||||
ski ->
|
||||
{:ok, ski}
|
||||
end
|
||||
end
|
||||
|
||||
defp refresh_signing_keys(server_name) do
|
||||
in_a_week = System.os_time(:millisecond) + 1000 * 60 * 60 * 24 * 7
|
||||
client = FederationClient.client(server_name)
|
||||
|
||||
with {:ok, %GetSigningKeys{verify_keys: verify_keys, valid_until_ts: valid_until}} <-
|
||||
FederationClient.get_signing_keys(client) do
|
||||
signing_keys =
|
||||
Enum.map(verify_keys, fn {key_id, %{"key" => key}} ->
|
||||
[server_name: server_name, signing_key_id: key_id, signing_key: key]
|
||||
end)
|
||||
|
||||
# Always check every week to prevent misuse.
|
||||
ski = %ServerKeyInfo{server_name: server_name, valid_until: min(valid_until, in_a_week)}
|
||||
|
||||
case upsert_multi(server_name, ski, signing_keys) |> Repo.transaction() do
|
||||
{:ok, %{ski: ski}} -> {:ok, ski}
|
||||
{:error, _} -> :error
|
||||
end
|
||||
else
|
||||
:error ->
|
||||
:error
|
||||
end
|
||||
end
|
||||
|
||||
defp upsert_multi(server_name, ski, signing_keys) do
|
||||
Multi.new()
|
||||
|> Multi.insert(:ski, ski,
|
||||
on_conflict: {:replace, [:valid_until]},
|
||||
conflict_target: [:server_name]
|
||||
)
|
||||
|> Multi.insert_all(:insert_keys, SigningKey, signing_keys, on_conflict: :nothing)
|
||||
|> Multi.run(:ski, fn _, _ ->
|
||||
case with_signing_keys(server_name) do
|
||||
nil -> {:error, :ski}
|
||||
ski -> {:ok, ski}
|
||||
end
|
||||
end)
|
||||
end
|
||||
|
||||
defp with_signing_keys(server_name) do
|
||||
ServerKeyInfo
|
||||
|> where([ski], ski.server_name == ^server_name)
|
||||
|> preload([ski], [:signing_keys])
|
||||
|> Repo.one()
|
||||
end
|
||||
end
|
||||
33
lib/matrix_server/schema/signing_key.ex
Normal file
33
lib/matrix_server/schema/signing_key.ex
Normal file
|
|
@ -0,0 +1,33 @@
|
|||
defmodule MatrixServer.SigningKey do
|
||||
use Ecto.Schema
|
||||
|
||||
import Ecto.Changeset
|
||||
import Ecto.Query
|
||||
|
||||
alias MatrixServer.{Repo, SigningKey, ServerKeyInfo}
|
||||
|
||||
@primary_key false
|
||||
schema "signing_keys" do
|
||||
field :signing_key_id, :string, primary_key: true
|
||||
field :signing_key, :binary
|
||||
|
||||
belongs_to :server_key_info, ServerKeyInfo,
|
||||
foreign_key: :server_name,
|
||||
references: :server_name,
|
||||
type: :string,
|
||||
primary_key: true
|
||||
end
|
||||
|
||||
def changeset(signing_key, params \\ %{}) do
|
||||
signing_key
|
||||
|> cast(params, [:server_name, :signing_key_id, :signing_key])
|
||||
|> validate_required([:server_name, :signing_key_id, :signing_key])
|
||||
|> unique_constraint([:server_name, :signing_key_id], name: :signing_keys_pkey)
|
||||
end
|
||||
|
||||
def for_server(server_name) do
|
||||
SigningKey
|
||||
|> where([s], s.server_name == ^server_name)
|
||||
|> Repo.all()
|
||||
end
|
||||
end
|
||||
Loading…
Add table
Add a link
Reference in a new issue