MirrorHub/construct
0
0
Fork 0
mirror of https://github.com/matrix-construct/construct synced 2024-09-26 18:38:52 +02:00
Code Issues Releases Wiki Activity

modules/media: Remove legacy resources.

Browse source 
modules/federation: Merge invite and invite2 units.

modules/federation: Redact send_join and rooms legacy resources.
This commit is contained in:
Jason Volk 2022-07-14 17:24:45 -07:00
parent 26a4653fb0
commit d4bd109661
16 changed files with 222 additions and 501 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
matrix/matrix.cc
View file

@ -97,7 +97,6 @@ ircd::m::module_names
"federation_get_missing_events",
"federation_hierarchy",
"federation_invite",
"federation_invite2",
"federation_make_join",
"federation_make_leave",
"federation_publicrooms",

2
modules/Makefile.am
View file

@ -203,7 +203,6 @@ federation_federation_version_la_SOURCES = federation/version.cc
federation_federation_sender_la_SOURCES = federation/sender.cc
federation_federation_query_la_SOURCES = federation/query.cc
federation_federation_invite_la_SOURCES = federation/invite.cc
federation_federation_invite2_la_SOURCES = federation/invite2.cc
federation_federation_make_join_la_SOURCES = federation/make_join.cc
federation_federation_send_join_la_SOURCES = federation/send_join.cc
federation_federation_state_la_SOURCES = federation/state.cc
@ -228,7 +227,6 @@ federation_module_LTLIBRARIES = \
federation/federation_sender.la \
federation/federation_query.la \
federation/federation_invite.la \
federation/federation_invite2.la \
federation/federation_make_join.la \
federation/federation_send_join.la \
federation/federation_state.la \

18
modules/client/delete_devices.cc
View file

@ -31,15 +31,6 @@ delete_devices_resource
}
};
ircd::m::resource
delete_devices_resource__unstable
{
"/_matrix/client/unstable/delete_devices/",
{
"14.10.1.5 :Device Management (redirect)"
}
};
m::resource::method
method_post
{
@ -49,15 +40,6 @@ method_post
}
};
m::resource::method
method_post__unstable
{
delete_devices_resource__unstable, "POST", post__delete_devices,
{
method_post.REQUIRES_AUTH
}
};
m::resource::response
post__delete_devices(client &client,
const m::resource::request &request)

18
modules/client/keys/changes.cc
View file

@ -29,15 +29,6 @@ changes_resource
}
};
ircd::m::resource
changes_resource__unstable
{
"/_matrix/client/unstable/keys/changes",
{
"(14.11.5.2.4) Keys changes",
}
};
m::resource::method
method_get
{
@ -47,15 +38,6 @@ method_get
}
};
m::resource::method
method_get__unstable
{
changes_resource__unstable, "GET", get__keys_changes,
{
method_get.REQUIRES_AUTH
}
};
m::resource::response
get__keys_changes(client &client,
const m::resource::request &request)

18
modules/client/keys/claim.cc
View file

@ -70,15 +70,6 @@ claim_resource
}
};
ircd::m::resource
claim_resource__unstable
{
"/_matrix/client/unstable/keys/claim",
{
"(14.11.5.2.2) Keys claim",
}
};
m::resource::method
method_post
{
@ -88,15 +79,6 @@ method_post
}
};
m::resource::method
method_post__unstable
{
claim_resource__unstable, "POST", post__keys_claim,
{
method_post__unstable.REQUIRES_AUTH
}
};
conf::item<milliseconds>
claim_timeout_default
{

20
modules/client/keys/device_signing/upload.cc
View file

@ -13,9 +13,7 @@ namespace ircd::m
extern std::string flows;
static resource::response post_keys_device_signing_upload(client &, const resource::request &);
extern resource::method keys_device_signing_upload_post__unstable;
extern resource::method keys_device_signing_upload_post;
extern resource keys_device_signing_upload__unstable;
extern resource keys_device_signing_upload;
}
@ -34,15 +32,6 @@ ircd::m::keys_device_signing_upload
}
};
decltype(ircd::m::keys_device_signing_upload__unstable)
ircd::m::keys_device_signing_upload__unstable
{
"/_matrix/client/unstable/keys/device_signing/upload",
{
"(undocumented) Keys Device Signing Upload"
}
};
decltype(ircd::m::keys_device_signing_upload_post)
ircd::m::keys_device_signing_upload_post
{
@ -52,15 +41,6 @@ ircd::m::keys_device_signing_upload_post
}
};
decltype(ircd::m::keys_device_signing_upload_post__unstable)
ircd::m::keys_device_signing_upload_post__unstable
{
keys_device_signing_upload__unstable, "POST", post_keys_device_signing_upload,
{
keys_device_signing_upload_post__unstable.REQUIRES_AUTH
}
};
ircd::m::resource::response
ircd::m::post_keys_device_signing_upload(client &client,
const resource::request &request)

18
modules/client/keys/query.cc
View file

@ -71,15 +71,6 @@ query_resource
}
};
ircd::m::resource
query_resource__unstable
{
"/_matrix/client/unstable/keys/query",
{
"(14.11.5.2.2) Keys query",
}
};
m::resource::method
method_post
{
@ -89,15 +80,6 @@ method_post
}
};
m::resource::method
method_post__unstable
{
query_resource__unstable, "POST", post__keys_query,
{
method_post.REQUIRES_AUTH
}
};
conf::item<milliseconds>
query_timeout_default
{

19
modules/client/keys/upload.cc
View file

@ -42,16 +42,6 @@ upload_resource
}
};
ircd::m::resource
upload_resource__unstable
{
"/_matrix/client/unstable/keys/upload",
{
"(14.11.5.2.1) Keys Upload",
resource::DIRECTORY
}
};
m::resource::method
method_post
{
@ -61,15 +51,6 @@ method_post
}
};
m::resource::method
method_post__unstable
{
upload_resource__unstable, "POST", post__keys_upload,
{
method_post.REQUIRES_AUTH
}
};
m::resource::response
post__keys_upload(client &client,
const m::resource::request &request)

32
modules/client/rooms/rooms.cc
View file

@ -28,26 +28,6 @@ rooms_resource
}
};
m::resource
rooms_resource_v1
{
"/_matrix/client/v1/rooms/",
{
"(8.0) Rooms (v1)",
resource::DIRECTORY,
}
};
m::resource
rooms_resource_unstable
{
"/_matrix/client/unstable/rooms/",
{
"(10.0) Rooms (unstable)",
resource::DIRECTORY,
}
};
m::resource::response
get_rooms(client &client,
const m::resource::request &request)
@ -110,18 +90,6 @@ method_get
rooms_resource, "GET", get_rooms
};
m::resource::method
method_get_v1
{
rooms_resource_v1, "GET", get_rooms
};
m::resource::method
method_get_unstable
{
rooms_resource_unstable, "GET", get_rooms
};
m::resource::response
put_rooms(client &client,
const m::resource::request &request)

19
modules/client/send_to_device.cc
View file

@ -38,16 +38,6 @@ send_to_device_resource
}
};
ircd::m::resource
send_to_device_resource__unstable
{
"/_matrix/client/unstable/sendToDevice/",
{
"(14.9.3) Protocol definitions",
resource::DIRECTORY,
}
};
m::resource::method
method_put
{
@ -57,15 +47,6 @@ method_put
}
};
m::resource::method
method_put__unstable
{
send_to_device_resource__unstable, "PUT", put__send_to_device,
{
method_put.REQUIRES_AUTH
}
};
m::resource::response
put__send_to_device(client &client,
const m::resource::request &request)

222
modules/federation/invite.cc
View file

@ -10,10 +10,23 @@
using namespace ircd;
// federation_invite (weak)
extern conf::item<milliseconds>
stream_cross_sleeptime;
static void
check_event(const m::resource::request &request,
const m::event &event);
static void
process(client &,
const m::resource::request &,
const m::event &);
static m::resource::response
put__invite2(client &client,
const m::resource::request &request);
static m::resource::response
put__invite(client &client,
const m::resource::request &request);
@ -247,3 +260,212 @@ check_event(const m::resource::request &request,
"Invite event fails verification for %s", request.node_id
};
}
m::resource::response
put__invite2(client &client,
const m::resource::request &request)
{
if(request.parv.size() < 1)
throw m::NEED_MORE_PARAMS
{
"room_id path parameter required"
};
m::room::id::buf room_id
{
url::decode(room_id, request.parv[0])
};
if(request.parv.size() < 2)
throw m::NEED_MORE_PARAMS
{
"event_id path parameter required"
};
m::event::id::buf event_id
{
url::decode(event_id, request.parv[1])
};
const json::string &room_version
{
request.get("room_version", "1")
};
m::event event
{
request["event"], event_id
};
if(!json::get<"event_id"_>(event))
if(room_version == "1" || room_version == "2")
json::get<"event_id"_>(event) = event_id;
if(!check_id(event, room_version))
throw m::BAD_REQUEST
{
"Claimed event_id %s is incorrect.",
string_view{event_id},
};
if(at<"room_id"_>(event) != room_id)
throw m::error
{
http::NOT_MODIFIED, "M_MISMATCH_ROOM_ID",
"ID of room in request body %s does not match path param %s",
string_view{at<"room_id"_>(event)},
string_view{room_id},
};
if(at<"type"_>(event) != "m.room.member")
throw m::error
{
http::NOT_MODIFIED, "M_INVALID_TYPE",
"event.type must be m.room.member"
};
if(unquote(at<"content"_>(event).at("membership")) != "invite")
throw m::error
{
http::NOT_MODIFIED, "M_INVALID_CONTENT_MEMBERSHIP",
"event.content.membership must be invite."
};
if(at<"origin"_>(event) != request.node_id)
throw m::error
{
http::FORBIDDEN, "M_INVALID_ORIGIN",
"event.origin must be you."
};
const m::user::id &sender
{
at<"sender"_>(event)
};
if(sender.host() != request.node_id)
throw m::error
{
http::FORBIDDEN, "M_INVALID_ORIGIN",
"event.sender must be your user."
};
const m::user::id &target
{
at<"state_key"_>(event)
};
if(!my_host(target.host()))
throw m::error
{
http::FORBIDDEN, "M_INVALID_STATE_KEY",
"event.state_key must be my user."
};
m::event::conforms non_conforms;
const m::event::conforms report
{
event, non_conforms.report
};
if(!report.clean())
throw m::error
{
http::NOT_MODIFIED, "M_INVALID_EVENT",
"Proffered event has the following problems: %s",
string(report)
};
// May conduct disk IO to check ACL
if(m::room::server_acl::enable_write)
if(!m::room::server_acl::check(room_id, request.node_id))
throw m::ACCESS_DENIED
{
"You are not permitted by the room's server access control list."
};
// May conduct network IO to fetch node's key; disk IO to fetch node's key
if(!verify(event, request.node_id))
throw m::ACCESS_DENIED
{
"Invite event fails verification for %s",
string_view{request.node_id},
};
thread_local char sigs[4_KiB];
m::event signed_event
{
signatures(sigs, event, target.host())
};
signed_event.event_id = event_id;
const json::strung signed_json
{
signed_event
};
// Send back the signed event first before eval. If we eval the signed
// event first: the effects will occur before the inviting server has
// the signed event returned from us; they might not consider the user
// invited yet, causing trouble for the eval effects. That may actually
// still happen due to the two separate TCP connections being uncoordinated
// (one for this request, and another when m::eval effects connect to them
// and make any requests). But either way if this call fails then we will
// lose the invite but that may not be such a bad thing.
m::resource::response response
{
client, json::members
{
{ "event", json::object{signed_json} }
}
};
// Synapse needs time to process our response otherwise our eval below may
// complete before this response arrives for them and is processed.
ctx::sleep(milliseconds(stream_cross_sleeptime));
// Post processing, does not throw.
process(client, request, signed_event);
// note: returning a resource response is a symbolic/indicator action to
// the caller and has no real effect at the point of return.
return response;
}
void
process(client &client,
const m::resource::request &request,
const m::event &event)
try
{
// Eval the dual-signed invite event. This will write it locally. This will
// also try to sync the room as best as possible. The invitee will then be
// presented with this invite request in their rooms list.
m::vm::opts vmopts;
vmopts.node_id = request.node_id;
// Synapse may 403 a fetch of the prev_event of the invite event.
vmopts.phase.set(m::vm::phase::FETCH_PREV, false);
vmopts.phase.set(m::vm::phase::EMPTION, false);
// Don't throw an exception for a re-evaluation; this will just be a no-op
vmopts.nothrows |= m::vm::fault::EXISTS;
vmopts.room_version = unquote(request.get("room_version", "1"));
m::vm::eval
{
event, vmopts
};
}
catch(const std::exception &e)
{
log::error
{
m::log, "Processing invite from:%s to:%s :%s",
json::get<"sender"_>(event),
json::get<"state_key"_>(event),
e.what(),
};
return;
}

258
modules/federation/invite2.cc
View file

@ -1,258 +0,0 @@
// Matrix Construct
//
// Copyright (C) Matrix Construct Developers, Authors & Contributors
// Copyright (C) 2016-2019 Jason Volk <jason@zemos.net>
//
// Permission to use, copy, modify, and/or distribute this software for any
// purpose with or without fee is hereby granted, provided that the above
// copyright notice and this permission notice is present in all copies. The
// full license for this software is available in the LICENSE file.
using namespace ircd;
// federation_invite (weak)
extern conf::item<milliseconds>
stream_cross_sleeptime;
static void
process(client &,
const m::resource::request &,
const m::event &);
static m::resource::response
put__invite(client &client,
const m::resource::request &request);
mapi::header
IRCD_MODULE
{
"Federation 12 :Inviting to a room (v2)"
};
m::resource
invite_resource
{
"/_matrix/federation/v2/invite/",
{
"Inviting to a room",
resource::DIRECTORY
}
};
m::resource::method
method_put
{
invite_resource, "PUT", put__invite,
{
method_put.VERIFY_ORIGIN
}
};
m::resource::response
put__invite(client &client,
const m::resource::request &request)
{
if(request.parv.size() < 1)
throw m::NEED_MORE_PARAMS
{
"room_id path parameter required"
};
m::room::id::buf room_id
{
url::decode(room_id, request.parv[0])
};
if(request.parv.size() < 2)
throw m::NEED_MORE_PARAMS
{
"event_id path parameter required"
};
m::event::id::buf event_id
{
url::decode(event_id, request.parv[1])
};
const json::string &room_version
{
request.get("room_version", "1")
};
m::event event
{
request["event"], event_id
};
if(!json::get<"event_id"_>(event))
if(room_version == "1" || room_version == "2")
json::get<"event_id"_>(event) = event_id;
if(!check_id(event, room_version))
throw m::BAD_REQUEST
{
"Claimed event_id %s is incorrect.",
string_view{event_id},
};
if(at<"room_id"_>(event) != room_id)
throw m::error
{
http::NOT_MODIFIED, "M_MISMATCH_ROOM_ID",
"ID of room in request body %s does not match path param %s",
string_view{at<"room_id"_>(event)},
string_view{room_id},
};
if(at<"type"_>(event) != "m.room.member")
throw m::error
{
http::NOT_MODIFIED, "M_INVALID_TYPE",
"event.type must be m.room.member"
};
if(unquote(at<"content"_>(event).at("membership")) != "invite")
throw m::error
{
http::NOT_MODIFIED, "M_INVALID_CONTENT_MEMBERSHIP",
"event.content.membership must be invite."
};
if(at<"origin"_>(event) != request.node_id)
throw m::error
{
http::FORBIDDEN, "M_INVALID_ORIGIN",
"event.origin must be you."
};
const m::user::id &sender
{
at<"sender"_>(event)
};
if(sender.host() != request.node_id)
throw m::error
{
http::FORBIDDEN, "M_INVALID_ORIGIN",
"event.sender must be your user."
};
const m::user::id &target
{
at<"state_key"_>(event)
};
if(!my_host(target.host()))
throw m::error
{
http::FORBIDDEN, "M_INVALID_STATE_KEY",
"event.state_key must be my user."
};
m::event::conforms non_conforms;
const m::event::conforms report
{
event, non_conforms.report
};
if(!report.clean())
throw m::error
{
http::NOT_MODIFIED, "M_INVALID_EVENT",
"Proffered event has the following problems: %s",
string(report)
};
// May conduct disk IO to check ACL
if(m::room::server_acl::enable_write)
if(!m::room::server_acl::check(room_id, request.node_id))
throw m::ACCESS_DENIED
{
"You are not permitted by the room's server access control list."
};
// May conduct network IO to fetch node's key; disk IO to fetch node's key
if(!verify(event, request.node_id))
throw m::ACCESS_DENIED
{
"Invite event fails verification for %s",
string_view{request.node_id},
};
thread_local char sigs[4_KiB];
m::event signed_event
{
signatures(sigs, event, target.host())
};
signed_event.event_id = event_id;
const json::strung signed_json
{
signed_event
};
// Send back the signed event first before eval. If we eval the signed
// event first: the effects will occur before the inviting server has
// the signed event returned from us; they might not consider the user
// invited yet, causing trouble for the eval effects. That may actually
// still happen due to the two separate TCP connections being uncoordinated
// (one for this request, and another when m::eval effects connect to them
// and make any requests). But either way if this call fails then we will
// lose the invite but that may not be such a bad thing.
m::resource::response response
{
client, json::members
{
{ "event", json::object{signed_json} }
}
};
// Synapse needs time to process our response otherwise our eval below may
// complete before this response arrives for them and is processed.
ctx::sleep(milliseconds(stream_cross_sleeptime));
// Post processing, does not throw.
process(client, request, signed_event);
// note: returning a resource response is a symbolic/indicator action to
// the caller and has no real effect at the point of return.
return response;
}
void
process(client &client,
const m::resource::request &request,
const m::event &event)
try
{
// Eval the dual-signed invite event. This will write it locally. This will
// also try to sync the room as best as possible. The invitee will then be
// presented with this invite request in their rooms list.
m::vm::opts vmopts;
vmopts.node_id = request.node_id;
// Synapse may 403 a fetch of the prev_event of the invite event.
vmopts.phase.set(m::vm::phase::FETCH_PREV, false);
vmopts.phase.set(m::vm::phase::EMPTION, false);
// Don't throw an exception for a re-evaluation; this will just be a no-op
vmopts.nothrows |= m::vm::fault::EXISTS;
vmopts.room_version = unquote(request.get("room_version", "1"));
m::vm::eval
{
event, vmopts
};
}
catch(const std::exception &e)
{
log::error
{
m::log, "Processing invite from:%s to:%s :%s",
json::get<"sender"_>(event),
json::get<"state_key"_>(event),
e.what(),
};
return;
}

19
modules/federation/send_join.cc
View file

@ -47,16 +47,6 @@ send_join_resource
}
};
m::resource
send_join_resource_v2
{
"/_matrix/federation/v2/send_join/",
{
send_join_description,
resource::DIRECTORY
}
};
m::resource::method
method_put
{
@ -66,15 +56,6 @@ method_put
}
};
m::resource::method
method_put_v2
{
send_join_resource_v2, "PUT", put__send_join,
{
method_put.VERIFY_ORIGIN
}
};
m::resource::response
put__send_join(client &client,
const m::resource::request &request)

22
modules/media/download.cc
View file

@ -22,16 +22,6 @@ download_resource
}
};
m::resource
download_resource__legacy
{
"/_matrix/media/v1/download/",
{
"(11.7.1.2) download (legacy)",
resource::DIRECTORY,
}
};
static m::resource::response
get__download_local(client &client,
const m::resource::request &request,
@ -180,15 +170,3 @@ method_get
45s, // timeout
}
};
static m::resource::method
method_get__legacy
{
download_resource__legacy,
"GET",
get__download,
{
m::resource::method::flag(0), // flags
45s, // timeout
}
};

22
modules/media/thumbnail.cc
View file

@ -76,16 +76,6 @@ ircd::m::media::thumbnail::mime_blacklist
{ "default", "" },
};
m::resource
thumbnail_resource__legacy
{
"/_matrix/media/v1/thumbnail/",
{
"(11.7.1.4) thumbnails (legacy version)",
resource::DIRECTORY,
}
};
m::resource
thumbnail_resource
{
@ -154,18 +144,6 @@ get__thumbnail(client &client,
return get__thumbnail_local(client, request, mxc, room_id);
}
static m::resource::method
method_get__legacy
{
thumbnail_resource__legacy,
"GET",
get__thumbnail,
{
m::resource::method::flag(0), // flag
45s, // timeout
}
};
static m::resource::method
method_get
{

15
modules/media/upload.cc
View file

@ -12,15 +12,6 @@
using namespace ircd;
m::resource
upload_resource__legacy
{
"/_matrix/media/v1/upload/",
{
"(11.7.1.1) upload (legacy compat)",
}
};
m::resource
upload_resource
{
@ -128,9 +119,3 @@ method_post
{
upload_resource, "POST", post__upload, method_post_opts
};
static m::resource::method
method_post__legacy
{
upload_resource__legacy, "POST", post__upload, method_post_opts
};