From d4bd1096618720a200f6ea31def748752a4e170f Mon Sep 17 00:00:00 2001 From: Jason Volk Date: Thu, 14 Jul 2022 17:24:45 -0700 Subject: [PATCH] modules/media: Remove legacy resources. modules/federation: Merge invite and invite2 units. modules/federation: Redact send_join and rooms legacy resources. --- matrix/matrix.cc | 1 - modules/Makefile.am | 2 - modules/client/delete_devices.cc | 18 -- modules/client/keys/changes.cc | 18 -- modules/client/keys/claim.cc | 18 -- modules/client/keys/device_signing/upload.cc | 20 -- modules/client/keys/query.cc | 18 -- modules/client/keys/upload.cc | 19 -- modules/client/rooms/rooms.cc | 32 --- modules/client/send_to_device.cc | 19 -- modules/federation/invite.cc | 222 ++++++++++++++++ modules/federation/invite2.cc | 258 ------------------- modules/federation/send_join.cc | 19 -- modules/media/download.cc | 22 -- modules/media/thumbnail.cc | 22 -- modules/media/upload.cc | 15 -- 16 files changed, 222 insertions(+), 501 deletions(-) delete mode 100644 modules/federation/invite2.cc diff --git a/matrix/matrix.cc b/matrix/matrix.cc index 208aec567..ceefa1f04 100644 --- a/matrix/matrix.cc +++ b/matrix/matrix.cc @@ -97,7 +97,6 @@ ircd::m::module_names "federation_get_missing_events", "federation_hierarchy", "federation_invite", - "federation_invite2", "federation_make_join", "federation_make_leave", "federation_publicrooms", diff --git a/modules/Makefile.am b/modules/Makefile.am index cea5c17f9..ec4398d58 100644 --- a/modules/Makefile.am +++ b/modules/Makefile.am @@ -203,7 +203,6 @@ federation_federation_version_la_SOURCES = federation/version.cc federation_federation_sender_la_SOURCES = federation/sender.cc federation_federation_query_la_SOURCES = federation/query.cc federation_federation_invite_la_SOURCES = federation/invite.cc -federation_federation_invite2_la_SOURCES = federation/invite2.cc federation_federation_make_join_la_SOURCES = federation/make_join.cc federation_federation_send_join_la_SOURCES = federation/send_join.cc federation_federation_state_la_SOURCES = federation/state.cc @@ -228,7 +227,6 @@ federation_module_LTLIBRARIES = \ federation/federation_sender.la \ federation/federation_query.la \ federation/federation_invite.la \ - federation/federation_invite2.la \ federation/federation_make_join.la \ federation/federation_send_join.la \ federation/federation_state.la \ diff --git a/modules/client/delete_devices.cc b/modules/client/delete_devices.cc index a48dd206b..b55a0c249 100644 --- a/modules/client/delete_devices.cc +++ b/modules/client/delete_devices.cc @@ -31,15 +31,6 @@ delete_devices_resource } }; -ircd::m::resource -delete_devices_resource__unstable -{ - "/_matrix/client/unstable/delete_devices/", - { - "14.10.1.5 :Device Management (redirect)" - } -}; - m::resource::method method_post { @@ -49,15 +40,6 @@ method_post } }; -m::resource::method -method_post__unstable -{ - delete_devices_resource__unstable, "POST", post__delete_devices, - { - method_post.REQUIRES_AUTH - } -}; - m::resource::response post__delete_devices(client &client, const m::resource::request &request) diff --git a/modules/client/keys/changes.cc b/modules/client/keys/changes.cc index 3578935ad..af66fe6f1 100644 --- a/modules/client/keys/changes.cc +++ b/modules/client/keys/changes.cc @@ -29,15 +29,6 @@ changes_resource } }; -ircd::m::resource -changes_resource__unstable -{ - "/_matrix/client/unstable/keys/changes", - { - "(14.11.5.2.4) Keys changes", - } -}; - m::resource::method method_get { @@ -47,15 +38,6 @@ method_get } }; -m::resource::method -method_get__unstable -{ - changes_resource__unstable, "GET", get__keys_changes, - { - method_get.REQUIRES_AUTH - } -}; - m::resource::response get__keys_changes(client &client, const m::resource::request &request) diff --git a/modules/client/keys/claim.cc b/modules/client/keys/claim.cc index 5c406ad8c..e957bb9b2 100644 --- a/modules/client/keys/claim.cc +++ b/modules/client/keys/claim.cc @@ -70,15 +70,6 @@ claim_resource } }; -ircd::m::resource -claim_resource__unstable -{ - "/_matrix/client/unstable/keys/claim", - { - "(14.11.5.2.2) Keys claim", - } -}; - m::resource::method method_post { @@ -88,15 +79,6 @@ method_post } }; -m::resource::method -method_post__unstable -{ - claim_resource__unstable, "POST", post__keys_claim, - { - method_post__unstable.REQUIRES_AUTH - } -}; - conf::item claim_timeout_default { diff --git a/modules/client/keys/device_signing/upload.cc b/modules/client/keys/device_signing/upload.cc index cbf6e85dd..359dc7bfb 100644 --- a/modules/client/keys/device_signing/upload.cc +++ b/modules/client/keys/device_signing/upload.cc @@ -13,9 +13,7 @@ namespace ircd::m extern std::string flows; static resource::response post_keys_device_signing_upload(client &, const resource::request &); - extern resource::method keys_device_signing_upload_post__unstable; extern resource::method keys_device_signing_upload_post; - extern resource keys_device_signing_upload__unstable; extern resource keys_device_signing_upload; } @@ -34,15 +32,6 @@ ircd::m::keys_device_signing_upload } }; -decltype(ircd::m::keys_device_signing_upload__unstable) -ircd::m::keys_device_signing_upload__unstable -{ - "/_matrix/client/unstable/keys/device_signing/upload", - { - "(undocumented) Keys Device Signing Upload" - } -}; - decltype(ircd::m::keys_device_signing_upload_post) ircd::m::keys_device_signing_upload_post { @@ -52,15 +41,6 @@ ircd::m::keys_device_signing_upload_post } }; -decltype(ircd::m::keys_device_signing_upload_post__unstable) -ircd::m::keys_device_signing_upload_post__unstable -{ - keys_device_signing_upload__unstable, "POST", post_keys_device_signing_upload, - { - keys_device_signing_upload_post__unstable.REQUIRES_AUTH - } -}; - ircd::m::resource::response ircd::m::post_keys_device_signing_upload(client &client, const resource::request &request) diff --git a/modules/client/keys/query.cc b/modules/client/keys/query.cc index b35118d57..37498d490 100644 --- a/modules/client/keys/query.cc +++ b/modules/client/keys/query.cc @@ -71,15 +71,6 @@ query_resource } }; -ircd::m::resource -query_resource__unstable -{ - "/_matrix/client/unstable/keys/query", - { - "(14.11.5.2.2) Keys query", - } -}; - m::resource::method method_post { @@ -89,15 +80,6 @@ method_post } }; -m::resource::method -method_post__unstable -{ - query_resource__unstable, "POST", post__keys_query, - { - method_post.REQUIRES_AUTH - } -}; - conf::item query_timeout_default { diff --git a/modules/client/keys/upload.cc b/modules/client/keys/upload.cc index 6c865f9d5..634224b7b 100644 --- a/modules/client/keys/upload.cc +++ b/modules/client/keys/upload.cc @@ -42,16 +42,6 @@ upload_resource } }; -ircd::m::resource -upload_resource__unstable -{ - "/_matrix/client/unstable/keys/upload", - { - "(14.11.5.2.1) Keys Upload", - resource::DIRECTORY - } -}; - m::resource::method method_post { @@ -61,15 +51,6 @@ method_post } }; -m::resource::method -method_post__unstable -{ - upload_resource__unstable, "POST", post__keys_upload, - { - method_post.REQUIRES_AUTH - } -}; - m::resource::response post__keys_upload(client &client, const m::resource::request &request) diff --git a/modules/client/rooms/rooms.cc b/modules/client/rooms/rooms.cc index b0c00e88a..617f8000d 100644 --- a/modules/client/rooms/rooms.cc +++ b/modules/client/rooms/rooms.cc @@ -28,26 +28,6 @@ rooms_resource } }; -m::resource -rooms_resource_v1 -{ - "/_matrix/client/v1/rooms/", - { - "(8.0) Rooms (v1)", - resource::DIRECTORY, - } -}; - -m::resource -rooms_resource_unstable -{ - "/_matrix/client/unstable/rooms/", - { - "(10.0) Rooms (unstable)", - resource::DIRECTORY, - } -}; - m::resource::response get_rooms(client &client, const m::resource::request &request) @@ -110,18 +90,6 @@ method_get rooms_resource, "GET", get_rooms }; -m::resource::method -method_get_v1 -{ - rooms_resource_v1, "GET", get_rooms -}; - -m::resource::method -method_get_unstable -{ - rooms_resource_unstable, "GET", get_rooms -}; - m::resource::response put_rooms(client &client, const m::resource::request &request) diff --git a/modules/client/send_to_device.cc b/modules/client/send_to_device.cc index a99fc2014..2ce072a70 100644 --- a/modules/client/send_to_device.cc +++ b/modules/client/send_to_device.cc @@ -38,16 +38,6 @@ send_to_device_resource } }; -ircd::m::resource -send_to_device_resource__unstable -{ - "/_matrix/client/unstable/sendToDevice/", - { - "(14.9.3) Protocol definitions", - resource::DIRECTORY, - } -}; - m::resource::method method_put { @@ -57,15 +47,6 @@ method_put } }; -m::resource::method -method_put__unstable -{ - send_to_device_resource__unstable, "PUT", put__send_to_device, - { - method_put.REQUIRES_AUTH - } -}; - m::resource::response put__send_to_device(client &client, const m::resource::request &request) diff --git a/modules/federation/invite.cc b/modules/federation/invite.cc index 0a24c8b0f..9cf690f03 100644 --- a/modules/federation/invite.cc +++ b/modules/federation/invite.cc @@ -10,10 +10,23 @@ using namespace ircd; +// federation_invite (weak) +extern conf::item +stream_cross_sleeptime; + static void check_event(const m::resource::request &request, const m::event &event); +static void +process(client &, + const m::resource::request &, + const m::event &); + +static m::resource::response +put__invite2(client &client, + const m::resource::request &request); + static m::resource::response put__invite(client &client, const m::resource::request &request); @@ -247,3 +260,212 @@ check_event(const m::resource::request &request, "Invite event fails verification for %s", request.node_id }; } + +m::resource::response +put__invite2(client &client, + const m::resource::request &request) +{ + if(request.parv.size() < 1) + throw m::NEED_MORE_PARAMS + { + "room_id path parameter required" + }; + + m::room::id::buf room_id + { + url::decode(room_id, request.parv[0]) + }; + + if(request.parv.size() < 2) + throw m::NEED_MORE_PARAMS + { + "event_id path parameter required" + }; + + m::event::id::buf event_id + { + url::decode(event_id, request.parv[1]) + }; + + const json::string &room_version + { + request.get("room_version", "1") + }; + + m::event event + { + request["event"], event_id + }; + + if(!json::get<"event_id"_>(event)) + if(room_version == "1" || room_version == "2") + json::get<"event_id"_>(event) = event_id; + + if(!check_id(event, room_version)) + throw m::BAD_REQUEST + { + "Claimed event_id %s is incorrect.", + string_view{event_id}, + }; + + if(at<"room_id"_>(event) != room_id) + throw m::error + { + http::NOT_MODIFIED, "M_MISMATCH_ROOM_ID", + "ID of room in request body %s does not match path param %s", + string_view{at<"room_id"_>(event)}, + string_view{room_id}, + }; + + if(at<"type"_>(event) != "m.room.member") + throw m::error + { + http::NOT_MODIFIED, "M_INVALID_TYPE", + "event.type must be m.room.member" + }; + + if(unquote(at<"content"_>(event).at("membership")) != "invite") + throw m::error + { + http::NOT_MODIFIED, "M_INVALID_CONTENT_MEMBERSHIP", + "event.content.membership must be invite." + }; + + if(at<"origin"_>(event) != request.node_id) + throw m::error + { + http::FORBIDDEN, "M_INVALID_ORIGIN", + "event.origin must be you." + }; + + const m::user::id &sender + { + at<"sender"_>(event) + }; + + if(sender.host() != request.node_id) + throw m::error + { + http::FORBIDDEN, "M_INVALID_ORIGIN", + "event.sender must be your user." + }; + + const m::user::id &target + { + at<"state_key"_>(event) + }; + + if(!my_host(target.host())) + throw m::error + { + http::FORBIDDEN, "M_INVALID_STATE_KEY", + "event.state_key must be my user." + }; + + m::event::conforms non_conforms; + const m::event::conforms report + { + event, non_conforms.report + }; + + if(!report.clean()) + throw m::error + { + http::NOT_MODIFIED, "M_INVALID_EVENT", + "Proffered event has the following problems: %s", + string(report) + }; + + // May conduct disk IO to check ACL + if(m::room::server_acl::enable_write) + if(!m::room::server_acl::check(room_id, request.node_id)) + throw m::ACCESS_DENIED + { + "You are not permitted by the room's server access control list." + }; + + // May conduct network IO to fetch node's key; disk IO to fetch node's key + if(!verify(event, request.node_id)) + throw m::ACCESS_DENIED + { + "Invite event fails verification for %s", + string_view{request.node_id}, + }; + + thread_local char sigs[4_KiB]; + m::event signed_event + { + signatures(sigs, event, target.host()) + }; + + signed_event.event_id = event_id; + const json::strung signed_json + { + signed_event + }; + + // Send back the signed event first before eval. If we eval the signed + // event first: the effects will occur before the inviting server has + // the signed event returned from us; they might not consider the user + // invited yet, causing trouble for the eval effects. That may actually + // still happen due to the two separate TCP connections being uncoordinated + // (one for this request, and another when m::eval effects connect to them + // and make any requests). But either way if this call fails then we will + // lose the invite but that may not be such a bad thing. + m::resource::response response + { + client, json::members + { + { "event", json::object{signed_json} } + } + }; + + // Synapse needs time to process our response otherwise our eval below may + // complete before this response arrives for them and is processed. + ctx::sleep(milliseconds(stream_cross_sleeptime)); + + // Post processing, does not throw. + process(client, request, signed_event); + + // note: returning a resource response is a symbolic/indicator action to + // the caller and has no real effect at the point of return. + return response; +} + +void +process(client &client, + const m::resource::request &request, + const m::event &event) +try +{ + // Eval the dual-signed invite event. This will write it locally. This will + // also try to sync the room as best as possible. The invitee will then be + // presented with this invite request in their rooms list. + m::vm::opts vmopts; + vmopts.node_id = request.node_id; + + // Synapse may 403 a fetch of the prev_event of the invite event. + vmopts.phase.set(m::vm::phase::FETCH_PREV, false); + vmopts.phase.set(m::vm::phase::EMPTION, false); + + // Don't throw an exception for a re-evaluation; this will just be a no-op + vmopts.nothrows |= m::vm::fault::EXISTS; + vmopts.room_version = unquote(request.get("room_version", "1")); + + m::vm::eval + { + event, vmopts + }; +} +catch(const std::exception &e) +{ + log::error + { + m::log, "Processing invite from:%s to:%s :%s", + json::get<"sender"_>(event), + json::get<"state_key"_>(event), + e.what(), + }; + + return; +} diff --git a/modules/federation/invite2.cc b/modules/federation/invite2.cc deleted file mode 100644 index f71f6acc5..000000000 --- a/modules/federation/invite2.cc +++ /dev/null @@ -1,258 +0,0 @@ -// Matrix Construct -// -// Copyright (C) Matrix Construct Developers, Authors & Contributors -// Copyright (C) 2016-2019 Jason Volk -// -// Permission to use, copy, modify, and/or distribute this software for any -// purpose with or without fee is hereby granted, provided that the above -// copyright notice and this permission notice is present in all copies. The -// full license for this software is available in the LICENSE file. - -using namespace ircd; - -// federation_invite (weak) -extern conf::item -stream_cross_sleeptime; - -static void -process(client &, - const m::resource::request &, - const m::event &); - -static m::resource::response -put__invite(client &client, - const m::resource::request &request); - -mapi::header -IRCD_MODULE -{ - "Federation 12 :Inviting to a room (v2)" -}; - -m::resource -invite_resource -{ - "/_matrix/federation/v2/invite/", - { - "Inviting to a room", - resource::DIRECTORY - } -}; - -m::resource::method -method_put -{ - invite_resource, "PUT", put__invite, - { - method_put.VERIFY_ORIGIN - } -}; - -m::resource::response -put__invite(client &client, - const m::resource::request &request) -{ - if(request.parv.size() < 1) - throw m::NEED_MORE_PARAMS - { - "room_id path parameter required" - }; - - m::room::id::buf room_id - { - url::decode(room_id, request.parv[0]) - }; - - if(request.parv.size() < 2) - throw m::NEED_MORE_PARAMS - { - "event_id path parameter required" - }; - - m::event::id::buf event_id - { - url::decode(event_id, request.parv[1]) - }; - - const json::string &room_version - { - request.get("room_version", "1") - }; - - m::event event - { - request["event"], event_id - }; - - if(!json::get<"event_id"_>(event)) - if(room_version == "1" || room_version == "2") - json::get<"event_id"_>(event) = event_id; - - if(!check_id(event, room_version)) - throw m::BAD_REQUEST - { - "Claimed event_id %s is incorrect.", - string_view{event_id}, - }; - - if(at<"room_id"_>(event) != room_id) - throw m::error - { - http::NOT_MODIFIED, "M_MISMATCH_ROOM_ID", - "ID of room in request body %s does not match path param %s", - string_view{at<"room_id"_>(event)}, - string_view{room_id}, - }; - - if(at<"type"_>(event) != "m.room.member") - throw m::error - { - http::NOT_MODIFIED, "M_INVALID_TYPE", - "event.type must be m.room.member" - }; - - if(unquote(at<"content"_>(event).at("membership")) != "invite") - throw m::error - { - http::NOT_MODIFIED, "M_INVALID_CONTENT_MEMBERSHIP", - "event.content.membership must be invite." - }; - - if(at<"origin"_>(event) != request.node_id) - throw m::error - { - http::FORBIDDEN, "M_INVALID_ORIGIN", - "event.origin must be you." - }; - - const m::user::id &sender - { - at<"sender"_>(event) - }; - - if(sender.host() != request.node_id) - throw m::error - { - http::FORBIDDEN, "M_INVALID_ORIGIN", - "event.sender must be your user." - }; - - const m::user::id &target - { - at<"state_key"_>(event) - }; - - if(!my_host(target.host())) - throw m::error - { - http::FORBIDDEN, "M_INVALID_STATE_KEY", - "event.state_key must be my user." - }; - - m::event::conforms non_conforms; - const m::event::conforms report - { - event, non_conforms.report - }; - - if(!report.clean()) - throw m::error - { - http::NOT_MODIFIED, "M_INVALID_EVENT", - "Proffered event has the following problems: %s", - string(report) - }; - - // May conduct disk IO to check ACL - if(m::room::server_acl::enable_write) - if(!m::room::server_acl::check(room_id, request.node_id)) - throw m::ACCESS_DENIED - { - "You are not permitted by the room's server access control list." - }; - - // May conduct network IO to fetch node's key; disk IO to fetch node's key - if(!verify(event, request.node_id)) - throw m::ACCESS_DENIED - { - "Invite event fails verification for %s", - string_view{request.node_id}, - }; - - thread_local char sigs[4_KiB]; - m::event signed_event - { - signatures(sigs, event, target.host()) - }; - - signed_event.event_id = event_id; - const json::strung signed_json - { - signed_event - }; - - // Send back the signed event first before eval. If we eval the signed - // event first: the effects will occur before the inviting server has - // the signed event returned from us; they might not consider the user - // invited yet, causing trouble for the eval effects. That may actually - // still happen due to the two separate TCP connections being uncoordinated - // (one for this request, and another when m::eval effects connect to them - // and make any requests). But either way if this call fails then we will - // lose the invite but that may not be such a bad thing. - m::resource::response response - { - client, json::members - { - { "event", json::object{signed_json} } - } - }; - - // Synapse needs time to process our response otherwise our eval below may - // complete before this response arrives for them and is processed. - ctx::sleep(milliseconds(stream_cross_sleeptime)); - - // Post processing, does not throw. - process(client, request, signed_event); - - // note: returning a resource response is a symbolic/indicator action to - // the caller and has no real effect at the point of return. - return response; -} - -void -process(client &client, - const m::resource::request &request, - const m::event &event) -try -{ - // Eval the dual-signed invite event. This will write it locally. This will - // also try to sync the room as best as possible. The invitee will then be - // presented with this invite request in their rooms list. - m::vm::opts vmopts; - vmopts.node_id = request.node_id; - - // Synapse may 403 a fetch of the prev_event of the invite event. - vmopts.phase.set(m::vm::phase::FETCH_PREV, false); - vmopts.phase.set(m::vm::phase::EMPTION, false); - - // Don't throw an exception for a re-evaluation; this will just be a no-op - vmopts.nothrows |= m::vm::fault::EXISTS; - vmopts.room_version = unquote(request.get("room_version", "1")); - - m::vm::eval - { - event, vmopts - }; -} -catch(const std::exception &e) -{ - log::error - { - m::log, "Processing invite from:%s to:%s :%s", - json::get<"sender"_>(event), - json::get<"state_key"_>(event), - e.what(), - }; - - return; -} diff --git a/modules/federation/send_join.cc b/modules/federation/send_join.cc index d6f549014..258d53e52 100644 --- a/modules/federation/send_join.cc +++ b/modules/federation/send_join.cc @@ -47,16 +47,6 @@ send_join_resource } }; -m::resource -send_join_resource_v2 -{ - "/_matrix/federation/v2/send_join/", - { - send_join_description, - resource::DIRECTORY - } -}; - m::resource::method method_put { @@ -66,15 +56,6 @@ method_put } }; -m::resource::method -method_put_v2 -{ - send_join_resource_v2, "PUT", put__send_join, - { - method_put.VERIFY_ORIGIN - } -}; - m::resource::response put__send_join(client &client, const m::resource::request &request) diff --git a/modules/media/download.cc b/modules/media/download.cc index 35903ab55..b97bcdab6 100644 --- a/modules/media/download.cc +++ b/modules/media/download.cc @@ -22,16 +22,6 @@ download_resource } }; -m::resource -download_resource__legacy -{ - "/_matrix/media/v1/download/", - { - "(11.7.1.2) download (legacy)", - resource::DIRECTORY, - } -}; - static m::resource::response get__download_local(client &client, const m::resource::request &request, @@ -180,15 +170,3 @@ method_get 45s, // timeout } }; - -static m::resource::method -method_get__legacy -{ - download_resource__legacy, - "GET", - get__download, - { - m::resource::method::flag(0), // flags - 45s, // timeout - } -}; diff --git a/modules/media/thumbnail.cc b/modules/media/thumbnail.cc index 01633e6ab..c8ece86be 100644 --- a/modules/media/thumbnail.cc +++ b/modules/media/thumbnail.cc @@ -76,16 +76,6 @@ ircd::m::media::thumbnail::mime_blacklist { "default", "" }, }; -m::resource -thumbnail_resource__legacy -{ - "/_matrix/media/v1/thumbnail/", - { - "(11.7.1.4) thumbnails (legacy version)", - resource::DIRECTORY, - } -}; - m::resource thumbnail_resource { @@ -154,18 +144,6 @@ get__thumbnail(client &client, return get__thumbnail_local(client, request, mxc, room_id); } -static m::resource::method -method_get__legacy -{ - thumbnail_resource__legacy, - "GET", - get__thumbnail, - { - m::resource::method::flag(0), // flag - 45s, // timeout - } -}; - static m::resource::method method_get { diff --git a/modules/media/upload.cc b/modules/media/upload.cc index 040cc5b38..901dac140 100644 --- a/modules/media/upload.cc +++ b/modules/media/upload.cc @@ -12,15 +12,6 @@ using namespace ircd; -m::resource -upload_resource__legacy -{ - "/_matrix/media/v1/upload/", - { - "(11.7.1.1) upload (legacy compat)", - } -}; - m::resource upload_resource { @@ -128,9 +119,3 @@ method_post { upload_resource, "POST", post__upload, method_post_opts }; - -static m::resource::method -method_post__legacy -{ - upload_resource__legacy, "POST", post__upload, method_post_opts -};