mirror of
https://github.com/hoernschen/dendrite.git
synced 2025-08-01 22:02:46 +00:00
PDU Sender split (#3100)
Initial cut of splitting PDU Sender into SenderID & looking up UserID where required.
This commit is contained in:
devonh
GitHub
parent
725ff5567d
commit
7a1fd7f512
66 changed files with 580 additions and 189 deletions
|
|
@ -128,9 +128,13 @@ func (r *Inputer) processRoomEvent(
|
|||
if roomInfo == nil && !isCreateEvent {
|
||||
return fmt.Errorf("room %s does not exist for event %s", event.RoomID(), event.EventID())
|
||||
}
|
||||
_, senderDomain, err := gomatrixserverlib.SplitID('@', event.Sender())
|
||||
sender, err := r.DB.GetUserIDForSender(ctx, event.RoomID(), event.SenderID())
|
||||
if err != nil {
|
||||
return fmt.Errorf("event has invalid sender %q", input.Event.Sender())
|
||||
return fmt.Errorf("failed getting userID for sender %q. %w", event.SenderID(), err)
|
||||
}
|
||||
senderDomain := spec.ServerName("")
|
||||
if sender != nil {
|
||||
senderDomain = sender.Domain()
|
||||
}
|
||||
|
||||
// If we already know about this outlier and it hasn't been rejected
|
||||
|
|
@ -193,7 +197,9 @@ func (r *Inputer) processRoomEvent(
|
|||
serverRes.ServerNames = append(serverRes.ServerNames, input.Origin)
|
||||
delete(servers, input.Origin)
|
||||
}
|
||||
if senderDomain != input.Origin && senderDomain != r.Cfg.Matrix.ServerName {
|
||||
// Only perform this check if the sender mxid_mapping can be resolved.
|
||||
// Don't fail processing the event if we have no mxid_maping.
|
||||
if sender != nil && senderDomain != input.Origin && senderDomain != r.Cfg.Matrix.ServerName {
|
||||
serverRes.ServerNames = append(serverRes.ServerNames, senderDomain)
|
||||
delete(servers, senderDomain)
|
||||
}
|
||||
|
|
@ -276,7 +282,9 @@ func (r *Inputer) processRoomEvent(
|
|||
|
||||
// Check if the event is allowed by its auth events. If it isn't then
|
||||
// we consider the event to be "rejected" — it will still be persisted.
|
||||
if err = gomatrixserverlib.Allowed(event, &authEvents); err != nil {
|
||||
if err = gomatrixserverlib.Allowed(event, &authEvents, func(roomID, senderID string) (*spec.UserID, error) {
|
||||
return r.DB.GetUserIDForSender(ctx, roomID, senderID)
|
||||
}); err != nil {
|
||||
isRejected = true
|
||||
rejectionErr = err
|
||||
logger.WithError(rejectionErr).Warnf("Event %s not allowed by auth events", event.EventID())
|
||||
|
|
@ -493,7 +501,7 @@ func (r *Inputer) processRoomEvent(
|
|||
func (r *Inputer) handleRemoteRoomUpgrade(ctx context.Context, event gomatrixserverlib.PDU) error {
|
||||
oldRoomID := event.RoomID()
|
||||
newRoomID := gjson.GetBytes(event.Content(), "replacement_room").Str
|
||||
return r.DB.UpgradeRoom(ctx, oldRoomID, newRoomID, event.Sender())
|
||||
return r.DB.UpgradeRoom(ctx, oldRoomID, newRoomID, event.SenderID())
|
||||
}
|
||||
|
||||
// processStateBefore works out what the state is before the event and
|
||||
|
|
@ -579,7 +587,9 @@ func (r *Inputer) processStateBefore(
|
|||
stateBeforeAuth := gomatrixserverlib.NewAuthEvents(
|
||||
gomatrixserverlib.ToPDUs(stateBeforeEvent),
|
||||
)
|
||||
if rejectionErr = gomatrixserverlib.Allowed(event, &stateBeforeAuth); rejectionErr != nil {
|
||||
if rejectionErr = gomatrixserverlib.Allowed(event, &stateBeforeAuth, func(roomID, senderID string) (*spec.UserID, error) {
|
||||
return r.DB.GetUserIDForSender(ctx, roomID, senderID)
|
||||
}); rejectionErr != nil {
|
||||
rejectionErr = fmt.Errorf("Allowed() failed for stateBeforeEvent: %w", rejectionErr)
|
||||
return
|
||||
}
|
||||
|
|
@ -690,7 +700,9 @@ nextAuthEvent:
|
|||
// Check the signatures of the event. If this fails then we'll simply
|
||||
// skip it, because gomatrixserverlib.Allowed() will notice a problem
|
||||
// if a critical event is missing anyway.
|
||||
if err := gomatrixserverlib.VerifyEventSignatures(ctx, authEvent, r.FSAPI.KeyRing()); err != nil {
|
||||
if err := gomatrixserverlib.VerifyEventSignatures(ctx, authEvent, r.FSAPI.KeyRing(), func(roomID, senderID string) (*spec.UserID, error) {
|
||||
return r.DB.GetUserIDForSender(ctx, roomID, senderID)
|
||||
}); err != nil {
|
||||
continue nextAuthEvent
|
||||
}
|
||||
|
||||
|
|
@ -706,7 +718,9 @@ nextAuthEvent:
|
|||
}
|
||||
|
||||
// Check if the auth event should be rejected.
|
||||
err := gomatrixserverlib.Allowed(authEvent, auth)
|
||||
err := gomatrixserverlib.Allowed(authEvent, auth, func(roomID, senderID string) (*spec.UserID, error) {
|
||||
return r.DB.GetUserIDForSender(ctx, roomID, senderID)
|
||||
})
|
||||
if isRejected = err != nil; isRejected {
|
||||
logger.WithError(err).Warnf("Auth event %s rejected", authEvent.EventID())
|
||||
}
|
||||
|
|
@ -828,11 +842,13 @@ func (r *Inputer) kickGuests(ctx context.Context, event gomatrixserverlib.PDU, r
|
|||
continue
|
||||
}
|
||||
|
||||
// TODO: pseudoIDs: get userID for room using state key (which is now senderID)
|
||||
localpart, senderDomain, err := gomatrixserverlib.SplitID('@', *memberEvent.StateKey())
|
||||
if err != nil {
|
||||
continue
|
||||
}
|
||||
|
||||
// TODO: pseudoIDs: query account by state key (which is now senderID)
|
||||
accountRes := &userAPI.QueryAccountByLocalpartResponse{}
|
||||
if err = r.UserAPI.QueryAccountByLocalpart(ctx, &userAPI.QueryAccountByLocalpartRequest{
|
||||
Localpart: localpart,
|
||||
|
|
|
|||
|
|
@ -58,7 +58,7 @@ func Test_EventAuth(t *testing.T) {
|
|||
}
|
||||
|
||||
// Finally check that the event is NOT allowed
|
||||
if err := gomatrixserverlib.Allowed(ev.PDU, &allower); err == nil {
|
||||
if err := gomatrixserverlib.Allowed(ev.PDU, &allower, func(roomID, senderID string) (*spec.UserID, error) { return spec.NewUserID(senderID, true) }); err == nil {
|
||||
t.Fatalf("event should not be allowed, but it was")
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -473,14 +473,18 @@ func (t *missingStateReq) resolveStatesAndCheck(ctx context.Context, roomVersion
|
|||
stateEventList = append(stateEventList, state.StateEvents...)
|
||||
}
|
||||
resolvedStateEvents, err := gomatrixserverlib.ResolveConflicts(
|
||||
roomVersion, gomatrixserverlib.ToPDUs(stateEventList), gomatrixserverlib.ToPDUs(authEventList),
|
||||
roomVersion, gomatrixserverlib.ToPDUs(stateEventList), gomatrixserverlib.ToPDUs(authEventList), func(roomID, senderID string) (*spec.UserID, error) {
|
||||
return t.db.GetUserIDForSender(ctx, roomID, senderID)
|
||||
},
|
||||
)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
// apply the current event
|
||||
retryAllowedState:
|
||||
if err = checkAllowedByState(backwardsExtremity, resolvedStateEvents); err != nil {
|
||||
if err = checkAllowedByState(backwardsExtremity, resolvedStateEvents, func(roomID, senderID string) (*spec.UserID, error) {
|
||||
return t.db.GetUserIDForSender(ctx, roomID, senderID)
|
||||
}); err != nil {
|
||||
switch missing := err.(type) {
|
||||
case gomatrixserverlib.MissingAuthEventError:
|
||||
h, err2 := t.lookupEvent(ctx, roomVersion, backwardsExtremity.RoomID(), missing.AuthEventID, true)
|
||||
|
|
@ -565,7 +569,9 @@ func (t *missingStateReq) getMissingEvents(ctx context.Context, e gomatrixserver
|
|||
// will be added and duplicates will be removed.
|
||||
missingEvents := make([]gomatrixserverlib.PDU, 0, len(missingResp.Events))
|
||||
for _, ev := range missingResp.Events.UntrustedEvents(roomVersion) {
|
||||
if err = gomatrixserverlib.VerifyEventSignatures(ctx, ev, t.keys); err != nil {
|
||||
if err = gomatrixserverlib.VerifyEventSignatures(ctx, ev, t.keys, func(roomID, senderID string) (*spec.UserID, error) {
|
||||
return t.db.GetUserIDForSender(ctx, roomID, senderID)
|
||||
}); err != nil {
|
||||
continue
|
||||
}
|
||||
missingEvents = append(missingEvents, t.cacheAndReturn(ev))
|
||||
|
|
@ -654,7 +660,9 @@ func (t *missingStateReq) lookupMissingStateViaState(
|
|||
authEvents, stateEvents, err := gomatrixserverlib.CheckStateResponse(ctx, &fclient.RespState{
|
||||
StateEvents: state.GetStateEvents(),
|
||||
AuthEvents: state.GetAuthEvents(),
|
||||
}, roomVersion, t.keys, nil)
|
||||
}, roomVersion, t.keys, nil, func(roomID, senderID string) (*spec.UserID, error) {
|
||||
return t.db.GetUserIDForSender(ctx, roomID, senderID)
|
||||
})
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
|
@ -889,14 +897,16 @@ func (t *missingStateReq) lookupEvent(ctx context.Context, roomVersion gomatrixs
|
|||
t.log.WithField("missing_event_id", missingEventID).Warnf("Failed to get missing /event for event ID from %d server(s)", len(t.servers))
|
||||
return nil, fmt.Errorf("wasn't able to find event via %d server(s)", len(t.servers))
|
||||
}
|
||||
if err := gomatrixserverlib.VerifyEventSignatures(ctx, event, t.keys); err != nil {
|
||||
if err := gomatrixserverlib.VerifyEventSignatures(ctx, event, t.keys, func(roomID, senderID string) (*spec.UserID, error) {
|
||||
return t.db.GetUserIDForSender(ctx, roomID, senderID)
|
||||
}); err != nil {
|
||||
t.log.WithError(err).Warnf("Couldn't validate signature of event %q from /event", event.EventID())
|
||||
return nil, verifySigError{event.EventID(), err}
|
||||
}
|
||||
return t.cacheAndReturn(event), nil
|
||||
}
|
||||
|
||||
func checkAllowedByState(e gomatrixserverlib.PDU, stateEvents []gomatrixserverlib.PDU) error {
|
||||
func checkAllowedByState(e gomatrixserverlib.PDU, stateEvents []gomatrixserverlib.PDU, userIDForSender spec.UserIDForSender) error {
|
||||
authUsingState := gomatrixserverlib.NewAuthEvents(nil)
|
||||
for i := range stateEvents {
|
||||
err := authUsingState.AddEvent(stateEvents[i])
|
||||
|
|
@ -904,7 +914,7 @@ func checkAllowedByState(e gomatrixserverlib.PDU, stateEvents []gomatrixserverli
|
|||
return err
|
||||
}
|
||||
}
|
||||
return gomatrixserverlib.Allowed(e, &authUsingState)
|
||||
return gomatrixserverlib.Allowed(e, &authUsingState, userIDForSender)
|
||||
}
|
||||
|
||||
func (t *missingStateReq) hadEvent(eventID string) {
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue