Add MXIDMapping for pseudoID rooms (#3112)

Add `MXIDMapping` on membership events when creating/joining rooms.
2025-07-29 12:42:46 +00:00 · 2023-06-28 20:29:49 +02:00 · 2023-06-28 20:29:49 +02:00 · 23cd7877a1
commit 23cd7877a1
parent 4722f12fab
41 changed files with 593 additions and 177 deletions
--- a/roomserver/internal/perform/perform_backfill.go
+++ b/roomserver/internal/perform/perform_backfill.go
@ -647,7 +647,7 @@ func persistEvents(ctx context.Context, db storage.Database, querier api.QuerySe

 		resolver := state.NewStateResolution(db, roomInfo, querier)

-		_, redactedEvent, err := db.MaybeRedactEvent(ctx, roomInfo, eventNID, ev, &resolver)
+		_, redactedEvent, err := db.MaybeRedactEvent(ctx, roomInfo, eventNID, ev, &resolver, querier)
 		if err != nil {
 			logrus.WithError(err).WithField("event_id", ev.EventID()).Error("Failed to redact event")
 			continue
--- a/roomserver/internal/perform/perform_create_room.go
+++ b/roomserver/internal/perform/perform_create_room.go
@ -31,6 +31,7 @@ import (
 	"github.com/matrix-org/gomatrixserverlib/fclient"
 	"github.com/matrix-org/gomatrixserverlib/spec"
 	"github.com/matrix-org/util"
+	"github.com/sirupsen/logrus"
 )

 const (
@ -64,6 +65,16 @@ func (c *Creator) PerformCreateRoom(ctx context.Context, userID spec.UserID, roo
 			}
 		}
 	}
+
+	_, err = c.DB.AssignRoomNID(ctx, roomID, createRequest.RoomVersion)
+	if err != nil {
+		util.GetLogger(ctx).WithError(err).Error("failed to assign roomNID")
+		return "", &util.JSONResponse{
+			Code: http.StatusInternalServerError,
+			JSON: spec.InternalServerError{},
+		}
+	}
+
 	var senderID spec.SenderID
 	if createRequest.RoomVersion == gomatrixserverlib.RoomVersionPseudoIDs {
 		// create user room key if needed
@ -75,7 +86,7 @@ func (c *Creator) PerformCreateRoom(ctx context.Context, userID spec.UserID, roo
 				JSON: spec.InternalServerError{},
 			}
 		}
-		senderID = spec.SenderID(spec.Base64Bytes(key.Public().(ed25519.PublicKey)).Encode())
+		senderID = spec.SenderIDFromPseudoIDKey(key)
 	} else {
 		senderID = spec.SenderID(userID.String())
 	}
@ -138,13 +149,59 @@ func (c *Creator) PerformCreateRoom(ctx context.Context, userID spec.UserID, roo
 	membershipEvent := gomatrixserverlib.FledglingEvent{
 		Type:     spec.MRoomMember,
 		StateKey: string(senderID),
-		Content: gomatrixserverlib.MemberContent{
-			Membership:  spec.Join,
-			DisplayName: createRequest.UserDisplayName,
-			AvatarURL:   createRequest.UserAvatarURL,
-		},
 	}

+	memberContent := gomatrixserverlib.MemberContent{
+		Membership:  spec.Join,
+		DisplayName: createRequest.UserDisplayName,
+		AvatarURL:   createRequest.UserAvatarURL,
+	}
+
+	// get the signing identity
+	identity, err := c.Cfg.Matrix.SigningIdentityFor(userID.Domain()) // we MUST use the server signing mxid_mapping
+	if err != nil {
+		logrus.WithError(err).WithField("domain", userID.Domain()).Error("unable to find signing identity for domain")
+		return "", &util.JSONResponse{
+			Code: http.StatusInternalServerError,
+			JSON: spec.InternalServerError{},
+		}
+	}
+
+	// If we are creating a room with pseudo IDs, create and sign the MXIDMapping
+	if createRequest.RoomVersion == gomatrixserverlib.RoomVersionPseudoIDs {
+		var pseudoIDKey ed25519.PrivateKey
+		pseudoIDKey, err = c.RSAPI.GetOrCreateUserRoomPrivateKey(ctx, userID, roomID)
+		if err != nil {
+			util.GetLogger(ctx).WithError(err).Error("GetOrCreateUserRoomPrivateKey failed")
+			return "", &util.JSONResponse{
+				Code: http.StatusInternalServerError,
+				JSON: spec.InternalServerError{},
+			}
+		}
+
+		mapping := &gomatrixserverlib.MXIDMapping{
+			UserRoomKey: spec.SenderIDFromPseudoIDKey(pseudoIDKey),
+			UserID:      userID.String(),
+		}
+
+		// Sign the mapping with the server identity
+		if err = mapping.Sign(identity.ServerName, identity.KeyID, identity.PrivateKey); err != nil {
+			return "", &util.JSONResponse{
+				Code: http.StatusInternalServerError,
+				JSON: spec.InternalServerError{},
+			}
+		}
+		memberContent.MXIDMapping = mapping
+
+		// sign all events with the pseudo ID key
+		identity = &fclient.SigningIdentity{
+			ServerName: "self",
+			KeyID:      "ed25519:1",
+			PrivateKey: pseudoIDKey,
+		}
+	}
+	membershipEvent.Content = memberContent
+
 	var nameEvent *gomatrixserverlib.FledglingEvent
 	var topicEvent *gomatrixserverlib.FledglingEvent
 	var guestAccessEvent *gomatrixserverlib.FledglingEvent
@ -322,7 +379,7 @@ func (c *Creator) PerformCreateRoom(ctx context.Context, userID spec.UserID, roo
 				JSON: spec.InternalServerError{},
 			}
 		}
-		ev, err = builder.Build(createRequest.EventTime, userID.Domain(), createRequest.KeyID, createRequest.PrivateKey)
+		ev, err = builder.Build(createRequest.EventTime, identity.ServerName, identity.KeyID, identity.PrivateKey)
 		if err != nil {
 			util.GetLogger(ctx).WithError(err).Error("buildEvent failed")
 			return "", &util.JSONResponse{
@ -363,17 +420,8 @@ func (c *Creator) PerformCreateRoom(ctx context.Context, userID spec.UserID, roo
 		})
 	}

-	// first send the `m.room.create` event, so we have a roomNID
-	if err = api.SendInputRoomEvents(ctx, c.RSAPI, userID.Domain(), inputs[:1], false); err != nil {
-		util.GetLogger(ctx).WithError(err).Error("roomserverAPI.SendInputRoomEvents failed")
-		return "", &util.JSONResponse{
-			Code: http.StatusInternalServerError,
-			JSON: spec.InternalServerError{},
-		}
-	}
-
-	// send the remaining events
-	if err = api.SendInputRoomEvents(ctx, c.RSAPI, userID.Domain(), inputs[1:], false); err != nil {
+	// send the events to the roomserver
+	if err = api.SendInputRoomEvents(ctx, c.RSAPI, userID.Domain(), inputs, false); err != nil {
 		util.GetLogger(ctx).WithError(err).Error("roomserverAPI.SendInputRoomEvents failed")
 		return "", &util.JSONResponse{
 			Code: http.StatusInternalServerError,
@ -483,11 +531,6 @@ func (c *Creator) PerformCreateRoom(ctx context.Context, userID spec.UserID, roo
 			}

 			// Build the invite event.
-			identity := &fclient.SigningIdentity{
-				ServerName: userID.Domain(),
-				KeyID:      createRequest.KeyID,
-				PrivateKey: createRequest.PrivateKey,
-			}
 			inviteEvent, err = eventutil.QueryAndBuildEvent(ctx, &proto, identity, createRequest.EventTime, c.RSAPI, nil)

 			if err != nil {
--- a/roomserver/internal/perform/perform_invite.go
+++ b/roomserver/internal/perform/perform_invite.go
@ -153,6 +153,23 @@ func (r *Inviter) PerformInvite(
 	}
 	isTargetLocal := r.Cfg.Matrix.IsLocalServerName(invitedUser.Domain())

+	// If we're inviting a local user, we can generate the needed pseudoID key here. (if needed)
+	if isTargetLocal {
+		var roomVersion gomatrixserverlib.RoomVersion
+		roomVersion, err = r.DB.GetRoomVersion(ctx, event.RoomID())
+		if err != nil {
+			return err
+		}
+
+		switch roomVersion {
+		case gomatrixserverlib.RoomVersionPseudoIDs:
+			_, err = r.RSAPI.GetOrCreateUserRoomPrivateKey(ctx, *invitedUser, *validRoomID)
+			if err != nil {
+				return err
+			}
+		}
+	}
+
 	invitedSenderID, err := r.RSAPI.QuerySenderIDForUser(ctx, *validRoomID, *invitedUser)
 	if err != nil {
 		return fmt.Errorf("failed looking up senderID for invited user")
--- a/roomserver/internal/perform/perform_join.go
+++ b/roomserver/internal/perform/perform_join.go
@ -16,6 +16,7 @@ package perform

 import (
 	"context"
+	"crypto/ed25519"
 	"database/sql"
 	"errors"
 	"fmt"
@ -24,6 +25,7 @@ import (

 	"github.com/getsentry/sentry-go"
 	"github.com/matrix-org/gomatrixserverlib"
+	"github.com/matrix-org/gomatrixserverlib/fclient"
 	"github.com/matrix-org/gomatrixserverlib/spec"
 	"github.com/matrix-org/util"
 	"github.com/sirupsen/logrus"
@ -202,14 +204,15 @@ func (r *Joiner) performJoinRoomByID(
 			senderID, err = r.Queryer.QuerySenderIDForUser(ctx, *roomID, *userID)
 			if err == nil {
 				checkInvitePending = true
-			} else {
+			}
+			if senderID == "" {
 				// create user room key if needed
 				key, keyErr := r.RSAPI.GetOrCreateUserRoomPrivateKey(ctx, *userID, *roomID)
 				if keyErr != nil {
 					util.GetLogger(ctx).WithError(keyErr).Error("GetOrCreateUserRoomPrivateKey failed")
 					return "", "", fmt.Errorf("GetOrCreateUserRoomPrivateKey failed: %w", keyErr)
 				}
-				senderID = spec.SenderID(spec.Base64Bytes(key).Encode())
+				senderID = spec.SenderIDFromPseudoIDKey(key)
 			}
 		default:
 			checkInvitePending = true
@ -283,11 +286,39 @@ func (r *Joiner) performJoinRoomByID(
 	// but everyone has since left. I suspect it does the wrong thing.

 	var buildRes rsAPI.QueryLatestEventsAndStateResponse
-	identity, err := r.Cfg.Matrix.SigningIdentityFor(userDomain)
+	identity, err := r.RSAPI.SigningIdentityFor(ctx, *roomID, *userID)
 	if err != nil {
 		return "", "", fmt.Errorf("error joining local room: %q", err)
 	}

+	// at this point we know we have an existing room
+	if inRoomRes.RoomVersion == gomatrixserverlib.RoomVersionPseudoIDs {
+		var pseudoIDKey ed25519.PrivateKey
+		pseudoIDKey, err = r.RSAPI.GetOrCreateUserRoomPrivateKey(ctx, *userID, *roomID)
+		if err != nil {
+			util.GetLogger(ctx).WithError(err).Error("GetOrCreateUserRoomPrivateKey failed")
+			return "", "", err
+		}
+
+		mapping := &gomatrixserverlib.MXIDMapping{
+			UserRoomKey: spec.SenderIDFromPseudoIDKey(pseudoIDKey),
+			UserID:      userID.String(),
+		}
+
+		// Sign the mapping with the server identity
+		if err = mapping.Sign(identity.ServerName, identity.KeyID, identity.PrivateKey); err != nil {
+			return "", "", err
+		}
+		req.Content["mxid_mapping"] = mapping
+
+		// sign the event with the pseudo ID key
+		identity = fclient.SigningIdentity{
+			ServerName: "self",
+			KeyID:      "ed25519:1",
+			PrivateKey: pseudoIDKey,
+		}
+	}
+
 	senderIDString := string(senderID)

 	// Prepare the template for the join event.
@ -317,7 +348,7 @@ func (r *Joiner) performJoinRoomByID(
 	if err = proto.SetContent(req.Content); err != nil {
 		return "", "", fmt.Errorf("eb.SetContent: %w", err)
 	}
-	event, err := eventutil.QueryAndBuildEvent(ctx, &proto, identity, time.Now(), r.RSAPI, &buildRes)
+	event, err := eventutil.QueryAndBuildEvent(ctx, &proto, &identity, time.Now(), r.RSAPI, &buildRes)

 	switch err.(type) {
 	case nil:
--- a/roomserver/internal/perform/perform_leave.go
+++ b/roomserver/internal/perform/perform_leave.go
@ -177,12 +177,17 @@ func (r *Leaver) performLeaveRoomByID(
 	// TODO: Check what happens if the room exists on the server
 	// but everyone has since left. I suspect it does the wrong thing.

+	validRoomID, err := spec.NewRoomID(req.RoomID)
+	if err != nil {
+		return nil, err
+	}
+
 	var buildRes rsAPI.QueryLatestEventsAndStateResponse
-	identity, err := r.Cfg.Matrix.SigningIdentityFor(req.Leaver.Domain())
+	identity, err := r.RSAPI.SigningIdentityFor(ctx, *validRoomID, req.Leaver)
 	if err != nil {
 		return nil, fmt.Errorf("SigningIdentityFor: %w", err)
 	}
-	event, err := eventutil.QueryAndBuildEvent(ctx, &proto, identity, time.Now(), r.RSAPI, &buildRes)
+	event, err := eventutil.QueryAndBuildEvent(ctx, &proto, &identity, time.Now(), r.RSAPI, &buildRes)
 	if err != nil {
 		return nil, fmt.Errorf("eventutil.QueryAndBuildEvent: %w", err)
 	}