From 8b0cf485781dcf67a87a34e872bc0f0773487c6f Mon Sep 17 00:00:00 2001
From: Jason Volk <jason@zemos.net>
Date: Mon, 24 Apr 2023 12:32:59 -0700
Subject: [PATCH] modules/client/keys/signatures: Re-schematize signatures
 uploaded for keys and devices.

---
 modules/client/keys/signatures/upload.cc | 34 ++++++++--------
 modules/client/sync/device_lists.cc      | 18 +++++---
 modules/federation/user_keys_query.cc    | 52 +++++++++++++++++-------
 3 files changed, 68 insertions(+), 36 deletions(-)

diff --git a/modules/client/keys/signatures/upload.cc b/modules/client/keys/signatures/upload.cc
index 6ceb47961..a3d406e2c 100644
--- a/modules/client/keys/signatures/upload.cc
+++ b/modules/client/keys/signatures/upload.cc
@@ -43,6 +43,11 @@ ircd::m::resource::response
 ircd::m::post_keys_signatures_upload(client &client,
                                      const resource::request &request)
 {
+	const auto src_device
+	{
+		m::user::tokens::device(std::nothrow, request.access_token)
+	};
+
 	for(const auto &[_user_id, devices_keys_] : request)
 	{
 		if(!valid(m::id::USER, _user_id))
@@ -58,27 +63,22 @@ ircd::m::post_keys_signatures_upload(client &client,
 			user_id
 		};
 
-		const m::user::devices devices
+		for(const auto &[target_id, device_keys] : json::object(devices_keys_))
 		{
-			user_id
-		};
-
-		const json::object &devices_keys
-		{
-			devices_keys_
-		};
-
-		for(const auto &[_device_id, device_keys_] : devices_keys)
-		{
-			const m::device_keys device_keys
+			char buf[512];
+			const string_view state_key{fmt::sprintf
 			{
-				device_keys_
-			};
+				buf, "%s%s",
+				string_view{target_id},
+				target_id != src_device && src_device?
+					string_view{src_device}:
+					string_view{},
+			}};
 
-			const bool set
+			send(user_room, user_id, "ircd.keys.signatures", state_key, json::object
 			{
-				devices.set(_device_id, "signatures", device_keys_)
-			};
+				device_keys
+			});
 		}
 	}
 
diff --git a/modules/client/sync/device_lists.cc b/modules/client/sync/device_lists.cc
index 89ded343b..90cf2bd1f 100644
--- a/modules/client/sync/device_lists.cc
+++ b/modules/client/sync/device_lists.cc
@@ -38,13 +38,21 @@ ircd::m::sync::device_lists_linear(data &data)
 
 	assert(data.event);
 	const m::event &event{*data.event};
-	if(!startswith(json::get<"type"_>(event), "ircd.device"))
-		return false;
 
-	if(startswith(json::get<"type"_>(event), "ircd.device.signing"))
-		return false;
+	const bool including
+	{
+		false
+		|| startswith(json::get<"type"_>(event), "ircd.device")
+		|| startswith(json::get<"type"_>(event), "ircd.keys.signatures")
+	};
 
-	if(startswith(json::get<"type"_>(event), "ircd.device.one_time_key"))
+	const bool excluding
+	{
+		false
+		|| startswith(json::get<"type"_>(event), "ircd.device.one_time_key")
+	};
+
+	if(!including || excluding)
 		return false;
 
 	const m::user sender
diff --git a/modules/federation/user_keys_query.cc b/modules/federation/user_keys_query.cc
index 956815a58..ae21df608 100644
--- a/modules/federation/user_keys_query.cc
+++ b/modules/federation/user_keys_query.cc
@@ -272,17 +272,22 @@ _query_user_device(client &client,
 	if(!devices.has(device_id, "keys"))
 		return;
 
+	const m::user::room user_room
+	{
+		devices.user.user_id
+	};
+
 	json::stack::object object
 	{
 		out, device_id
 	};
 
-	devices.get(std::nothrow, device_id, "keys", [&devices, &device_id, &object]
-	(const auto &event_idx, const json::object &device_keys)
+	devices.get(std::nothrow, device_id, "keys", [&user_room, &device_id, &object]
+	(const auto &, const json::object &device_keys)
 	{
 		const auto &user_id
 		{
-			devices.user.user_id
+			user_room.user.user_id
 		};
 
 		for(const auto &member : device_keys)
@@ -318,24 +323,43 @@ _query_user_device(client &client,
 				user_sigs, member
 			};
 
-		devices.get(std::nothrow, device_id, "signatures", [&user_id, &user_sigs]
-		(const auto &event_idx, const json::object &device_sigs)
+		const m::room::state state
 		{
-			const json::object device_sigs_sigs
+			user_room
+		};
+
+		state.for_each("ircd.keys.signatures", [&user_id, &user_sigs, &device_id]
+		(const string_view &, const string_view &state_key, const auto &event_idx)
+		{
+			const auto &[target, source]
 			{
-				device_sigs["signatures"]
+				rsplit(state_key, '%')
 			};
 
-			const json::object device_sigs_user_sigs
-			{
-				device_sigs_sigs[user_id]
-			};
+			if(target && target != device_id)
+				return true;
 
-			for(const auto &member : device_sigs_user_sigs)
-				json::stack::member
+			m::get(std::nothrow, event_idx, "content", [&user_id, &user_sigs]
+			(const json::object &device_sigs)
+			{
+				const json::object device_sigs_sigs
 				{
-					user_sigs, member
+					device_sigs["signatures"]
 				};
+
+				const json::object device_sigs_user_sigs
+				{
+					device_sigs_sigs[user_id]
+				};
+
+				for(const auto &member : device_sigs_user_sigs)
+					json::stack::member
+					{
+						user_sigs, member
+					};
+			});
+
+			return true;
 		});
 	});