mirror of
https://github.com/hoernschen/dendrite.git
synced 2025-07-30 21:12:45 +00:00
PDU Sender split (#3100)
Initial cut of splitting PDU Sender into SenderID & looking up UserID where required.
This commit is contained in:
devonh
GitHub
parent
725ff5567d
commit
7a1fd7f512
66 changed files with 580 additions and 189 deletions
|
|
@ -36,6 +36,10 @@ type fedRoomserverAPI struct {
|
|||
queryRoomsForUser func(ctx context.Context, req *rsapi.QueryRoomsForUserRequest, res *rsapi.QueryRoomsForUserResponse) error
|
||||
}
|
||||
|
||||
func (f *fedRoomserverAPI) QueryUserIDForSender(ctx context.Context, roomID string, senderID string) (*spec.UserID, error) {
|
||||
return spec.NewUserID(senderID, true)
|
||||
}
|
||||
|
||||
// PerformJoin will call this function
|
||||
func (f *fedRoomserverAPI) InputRoomEvents(ctx context.Context, req *rsapi.InputRoomEventsRequest, res *rsapi.InputRoomEventsResponse) {
|
||||
if f.inputRoomEvents == nil {
|
||||
|
|
|
|||
|
|
@ -156,15 +156,20 @@ func (r *FederationInternalAPI) performJoinUsingServer(
|
|||
}
|
||||
|
||||
joinInput := gomatrixserverlib.PerformJoinInput{
|
||||
UserID: user,
|
||||
RoomID: room,
|
||||
ServerName: serverName,
|
||||
Content: content,
|
||||
Unsigned: unsigned,
|
||||
PrivateKey: r.cfg.Matrix.PrivateKey,
|
||||
KeyID: r.cfg.Matrix.KeyID,
|
||||
KeyRing: r.keyRing,
|
||||
EventProvider: federatedEventProvider(ctx, r.federation, r.keyRing, user.Domain(), serverName),
|
||||
UserID: user,
|
||||
RoomID: room,
|
||||
ServerName: serverName,
|
||||
Content: content,
|
||||
Unsigned: unsigned,
|
||||
PrivateKey: r.cfg.Matrix.PrivateKey,
|
||||
KeyID: r.cfg.Matrix.KeyID,
|
||||
KeyRing: r.keyRing,
|
||||
EventProvider: federatedEventProvider(ctx, r.federation, r.keyRing, user.Domain(), serverName, func(roomID, senderID string) (*spec.UserID, error) {
|
||||
return r.rsAPI.QueryUserIDForSender(ctx, roomID, senderID)
|
||||
}),
|
||||
UserIDQuerier: func(roomID, senderID string) (*spec.UserID, error) {
|
||||
return r.rsAPI.QueryUserIDForSender(ctx, roomID, senderID)
|
||||
},
|
||||
}
|
||||
response, joinErr := gomatrixserverlib.PerformJoin(ctx, r, joinInput)
|
||||
|
||||
|
|
@ -358,8 +363,11 @@ func (r *FederationInternalAPI) performOutboundPeekUsingServer(
|
|||
|
||||
// authenticate the state returned (check its auth events etc)
|
||||
// the equivalent of CheckSendJoinResponse()
|
||||
userIDProvider := func(roomID, senderID string) (*spec.UserID, error) {
|
||||
return r.rsAPI.QueryUserIDForSender(ctx, roomID, senderID)
|
||||
}
|
||||
authEvents, stateEvents, err := gomatrixserverlib.CheckStateResponse(
|
||||
ctx, &respPeek, respPeek.RoomVersion, r.keyRing, federatedEventProvider(ctx, r.federation, r.keyRing, r.cfg.Matrix.ServerName, serverName),
|
||||
ctx, &respPeek, respPeek.RoomVersion, r.keyRing, federatedEventProvider(ctx, r.federation, r.keyRing, r.cfg.Matrix.ServerName, serverName, userIDProvider), userIDProvider,
|
||||
)
|
||||
if err != nil {
|
||||
return fmt.Errorf("error checking state returned from peeking: %w", err)
|
||||
|
|
@ -509,7 +517,7 @@ func (r *FederationInternalAPI) SendInvite(
|
|||
event gomatrixserverlib.PDU,
|
||||
strippedState []gomatrixserverlib.InviteStrippedState,
|
||||
) (gomatrixserverlib.PDU, error) {
|
||||
_, origin, err := r.cfg.Matrix.SplitLocalID('@', event.Sender())
|
||||
inviter, err := r.rsAPI.QueryUserIDForSender(ctx, event.RoomID(), event.SenderID())
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
|
@ -542,7 +550,7 @@ func (r *FederationInternalAPI) SendInvite(
|
|||
return nil, fmt.Errorf("gomatrixserverlib.NewInviteV2Request: %w", err)
|
||||
}
|
||||
|
||||
inviteRes, err := r.federation.SendInviteV2(ctx, origin, destination, inviteReq)
|
||||
inviteRes, err := r.federation.SendInviteV2(ctx, inviter.Domain(), destination, inviteReq)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("r.federation.SendInviteV2: failed to send invite: %w", err)
|
||||
}
|
||||
|
|
@ -635,6 +643,7 @@ func checkEventsContainCreateEvent(events []gomatrixserverlib.PDU) error {
|
|||
func federatedEventProvider(
|
||||
ctx context.Context, federation fclient.FederationClient,
|
||||
keyRing gomatrixserverlib.JSONVerifier, origin, server spec.ServerName,
|
||||
userIDForSender spec.UserIDForSender,
|
||||
) gomatrixserverlib.EventProvider {
|
||||
// A list of events that we have retried, if they were not included in
|
||||
// the auth events supplied in the send_join.
|
||||
|
|
@ -684,7 +693,7 @@ func federatedEventProvider(
|
|||
}
|
||||
|
||||
// Check the signatures of the event.
|
||||
if err := gomatrixserverlib.VerifyEventSignatures(ctx, ev, keyRing); err != nil {
|
||||
if err := gomatrixserverlib.VerifyEventSignatures(ctx, ev, keyRing, userIDForSender); err != nil {
|
||||
return nil, fmt.Errorf("missingAuth VerifyEventSignatures: %w", err)
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -95,6 +95,9 @@ func InviteV2(
|
|||
StateQuerier: rsAPI.StateQuerier(),
|
||||
InviteEvent: inviteReq.Event(),
|
||||
StrippedState: inviteReq.InviteRoomState(),
|
||||
UserIDQuerier: func(roomID, senderID string) (*spec.UserID, error) {
|
||||
return rsAPI.QueryUserIDForSender(httpReq.Context(), roomID, senderID)
|
||||
},
|
||||
}
|
||||
event, jsonErr := handleInvite(httpReq.Context(), input, rsAPI)
|
||||
if jsonErr != nil {
|
||||
|
|
@ -185,6 +188,9 @@ func InviteV1(
|
|||
StateQuerier: rsAPI.StateQuerier(),
|
||||
InviteEvent: event,
|
||||
StrippedState: strippedState,
|
||||
UserIDQuerier: func(roomID, senderID string) (*spec.UserID, error) {
|
||||
return rsAPI.QueryUserIDForSender(httpReq.Context(), roomID, senderID)
|
||||
},
|
||||
}
|
||||
event, jsonErr := handleInvite(httpReq.Context(), input, rsAPI)
|
||||
if jsonErr != nil {
|
||||
|
|
|
|||
|
|
@ -99,15 +99,18 @@ func MakeJoin(
|
|||
}
|
||||
|
||||
input := gomatrixserverlib.HandleMakeJoinInput{
|
||||
Context: httpReq.Context(),
|
||||
UserID: userID,
|
||||
RoomID: roomID,
|
||||
RoomVersion: roomVersion,
|
||||
RemoteVersions: remoteVersions,
|
||||
RequestOrigin: request.Origin(),
|
||||
LocalServerName: cfg.Matrix.ServerName,
|
||||
LocalServerInRoom: res.RoomExists && res.IsInRoom,
|
||||
RoomQuerier: &roomQuerier,
|
||||
Context: httpReq.Context(),
|
||||
UserID: userID,
|
||||
RoomID: roomID,
|
||||
RoomVersion: roomVersion,
|
||||
RemoteVersions: remoteVersions,
|
||||
RequestOrigin: request.Origin(),
|
||||
LocalServerName: cfg.Matrix.ServerName,
|
||||
LocalServerInRoom: res.RoomExists && res.IsInRoom,
|
||||
RoomQuerier: &roomQuerier,
|
||||
UserIDQuerier: func(roomID, senderID string) (*spec.UserID, error) {
|
||||
return rsAPI.QueryUserIDForSender(httpReq.Context(), roomID, senderID)
|
||||
},
|
||||
BuildEventTemplate: createJoinTemplate,
|
||||
}
|
||||
response, internalErr := gomatrixserverlib.HandleMakeJoin(input)
|
||||
|
|
@ -202,6 +205,9 @@ func SendJoin(
|
|||
PrivateKey: cfg.Matrix.PrivateKey,
|
||||
Verifier: keys,
|
||||
MembershipQuerier: &api.MembershipQuerier{Roomserver: rsAPI},
|
||||
UserIDQuerier: func(roomID, senderID string) (*spec.UserID, error) {
|
||||
return rsAPI.QueryUserIDForSender(httpReq.Context(), roomID, senderID)
|
||||
},
|
||||
}
|
||||
response, joinErr := gomatrixserverlib.HandleSendJoin(input)
|
||||
switch e := joinErr.(type) {
|
||||
|
|
|
|||
|
|
@ -95,6 +95,9 @@ func MakeLeave(
|
|||
LocalServerName: cfg.Matrix.ServerName,
|
||||
LocalServerInRoom: res.RoomExists && res.IsInRoom,
|
||||
BuildEventTemplate: createLeaveTemplate,
|
||||
UserIDQuerier: func(roomID, senderID string) (*spec.UserID, error) {
|
||||
return rsAPI.QueryUserIDForSender(httpReq.Context(), roomID, senderID)
|
||||
},
|
||||
}
|
||||
|
||||
response, internalErr := gomatrixserverlib.HandleMakeLeave(input)
|
||||
|
|
@ -213,7 +216,7 @@ func SendLeave(
|
|||
JSON: spec.BadJSON("No state key was provided in the leave event."),
|
||||
}
|
||||
}
|
||||
if !event.StateKeyEquals(event.Sender()) {
|
||||
if !event.StateKeyEquals(event.SenderID()) {
|
||||
return util.JSONResponse{
|
||||
Code: http.StatusBadRequest,
|
||||
JSON: spec.BadJSON("Event state key must match the event sender."),
|
||||
|
|
@ -223,13 +226,13 @@ func SendLeave(
|
|||
// Check that the sender belongs to the server that is sending us
|
||||
// the request. By this point we've already asserted that the sender
|
||||
// and the state key are equal so we don't need to check both.
|
||||
var serverName spec.ServerName
|
||||
if _, serverName, err = gomatrixserverlib.SplitID('@', event.Sender()); err != nil {
|
||||
sender, err := rsAPI.QueryUserIDForSender(httpReq.Context(), event.RoomID(), event.SenderID())
|
||||
if err != nil {
|
||||
return util.JSONResponse{
|
||||
Code: http.StatusForbidden,
|
||||
JSON: spec.Forbidden("The sender of the join is invalid"),
|
||||
}
|
||||
} else if serverName != request.Origin() {
|
||||
} else if sender.Domain() != request.Origin() {
|
||||
return util.JSONResponse{
|
||||
Code: http.StatusForbidden,
|
||||
JSON: spec.Forbidden("The sender does not match the server that originated the request"),
|
||||
|
|
@ -291,7 +294,7 @@ func SendLeave(
|
|||
}
|
||||
}
|
||||
verifyRequests := []gomatrixserverlib.VerifyJSONRequest{{
|
||||
ServerName: serverName,
|
||||
ServerName: sender.Domain(),
|
||||
Message: redacted,
|
||||
AtTS: event.OriginServerTS(),
|
||||
ValidityCheckingFunc: gomatrixserverlib.StrictValiditySignatureCheck,
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue