// Matrix Construct // // Copyright (C) Matrix Construct Developers, Authors & Contributors // Copyright (C) 2016-2018 Jason Volk // // Permission to use, copy, modify, and/or distribute this software for any // purpose with or without fee is hereby granted, provided that the above // copyright notice and this permission notice is present in all copies. The // full license for this software is available in the LICENSE file. /////////////////////////////////////////////////////////////////////////////// // // event/pretty.h // std::string ircd::m::pretty(const event &event) { std::string ret; std::stringstream s; pubsetbuf(s, ret, 4096); pretty(s, event); resizebuf(s, ret); return ret; } std::ostream & ircd::m::pretty(std::ostream &s, const event &event) { const auto out{[&s] (const string_view &key, auto&& val) { if(defined(json::value(val))) s << std::setw(16) << std::right << key << " :" << val << std::endl; }}; const string_view top_keys[] { "origin", "event_id", "room_id", "sender", "type", "depth", "state_key", "redacts", }; json::for_each(event, top_keys, out); const auto &ts{json::get<"origin_server_ts"_>(event)}; { thread_local char buf[128]; s << std::setw(16) << std::right << "origin_server_ts" << " :" << timef(buf, ts / 1000L, ircd::localtime) << " (" << ts << ")" << std::endl; } const json::object &contents{json::get<"content"_>(event)}; if(!contents.empty()) s << std::setw(16) << std::right << "content" << " :" << size(contents) << " keys; " << size(string_view{contents}) << " bytes." << std::endl; const auto &hashes{json::get<"hashes"_>(event)}; for(const auto &hash : hashes) { s << std::setw(16) << std::right << "[hash]" << " :" << hash.first << " " << unquote(hash.second) << std::endl; } const auto &signatures{json::get<"signatures"_>(event)}; for(const auto &signature : signatures) { s << std::setw(16) << std::right << "[signature]" << " :" << signature.first << " "; for(const auto &key : json::object{signature.second}) s << key.first << " "; s << std::endl; } const auto &auth_events{json::get<"auth_events"_>(event)}; for(const json::array auth_event : auth_events) { s << std::setw(16) << std::right << "[auth event]" << " :" << unquote(auth_event[0]); for(const auto &hash : json::object{auth_event[1]}) s << " " << unquote(hash.first) << ": " << unquote(hash.second); s << std::endl; } const auto &prev_states{json::get<"prev_state"_>(event)}; for(const json::array prev_state : prev_states) { s << std::setw(16) << std::right << "[prev state]" << " :" << unquote(prev_state[0]); for(const auto &hash : json::object{prev_state[1]}) s << " " << unquote(hash.first) << ": " << unquote(hash.second); s << std::endl; } const auto &prev_events{json::get<"prev_events"_>(event)}; for(const json::array prev_event : prev_events) { s << std::setw(16) << std::right << "[prev_event]" << " :" << unquote(prev_event[0]); for(const auto &hash : json::object{prev_event[1]}) s << " " << unquote(hash.first) << ": " << unquote(hash.second); s << std::endl; } if(!contents.empty()) for(const json::object::member &content : contents) s << std::setw(16) << std::right << "[content]" << " :" << std::setw(7) << std::left << reflect(json::type(content.second)) << " " << std::setw(5) << std::right << size(string_view{content.second}) << " bytes " << ':' << content.first << std::endl; return s; } std::string ircd::m::pretty_oneline(const event &event, const bool &content_keys) { std::string ret; std::stringstream s; pubsetbuf(s, ret, 4096); pretty_oneline(s, event, content_keys); resizebuf(s, ret); return ret; } std::ostream & ircd::m::pretty_oneline(std::ostream &s, const event &event, const bool &content_keys) { if(defined(json::get<"room_id"_>(event))) s << json::get<"room_id"_>(event) << " "; else s << "* "; if(json::get<"depth"_>(event) != json::undefined_number) s << json::get<"depth"_>(event) << " "; else s << "* "; thread_local char sdbuf[48]; if(json::get<"origin_server_ts"_>(event) != json::undefined_number) s << smalldate(sdbuf, json::get<"origin_server_ts"_>(event) / 1000L) << " "; else s << "* "; if(defined(json::get<"origin"_>(event))) s << ':' << json::get<"origin"_>(event) << " "; else s << ":* "; if(defined(json::get<"sender"_>(event))) s << json::get<"sender"_>(event) << " "; else s << "* "; if(defined(json::get<"event_id"_>(event))) s << json::get<"event_id"_>(event) << " "; else s << "* "; const auto &auth_events{json::get<"auth_events"_>(event)}; s << "A:" << auth_events.count() << " "; const auto &prev_states{json::get<"prev_state"_>(event)}; s << "S:" << prev_states.count() << " "; const auto &prev_events{json::get<"prev_events"_>(event)}; s << "E:" << prev_events.count() << " "; const auto &hashes{json::get<"hashes"_>(event)}; s << "[ "; for(const auto &hash : hashes) s << hash.first << " "; s << "] "; const auto &signatures{json::get<"signatures"_>(event)}; s << "[ "; for(const auto &signature : signatures) { s << signature.first << "[ "; for(const auto &key : json::object{signature.second}) s << key.first << " "; s << "] "; } s << "] "; if(defined(json::get<"type"_>(event))) s << json::get<"type"_>(event) << " "; else s << "* "; const auto &state_key { json::get<"state_key"_>(event) }; if(defined(state_key) && empty(state_key)) s << "\"\"" << " "; else if(defined(state_key)) s << state_key << " "; else s << "*" << " "; const string_view &membership { json::get<"type"_>(event) == "m.room.member"? m::membership(event): "*"_sv }; s << membership << " "; if(defined(json::get<"redacts"_>(event))) s << json::get<"redacts"_>(event) << " "; else s << "* "; const json::object &contents { content_keys? json::get<"content"_>(event): json::object{} }; if(!contents.empty()) { s << "+" << string_view{contents}.size() << " bytes :"; for(const auto &content : contents) s << content.first << " "; } return s; } std::string ircd::m::pretty_msgline(const event &event) { std::string ret; std::stringstream s; pubsetbuf(s, ret, 4096); pretty_msgline(s, event); resizebuf(s, ret); return ret; } std::ostream & ircd::m::pretty_msgline(std::ostream &s, const event &event) { s << json::get<"depth"_>(event) << " :"; s << json::get<"type"_>(event) << " "; s << json::get<"sender"_>(event) << " "; s << json::get<"event_id"_>(event) << " "; const auto &state_key { json::get<"state_key"_>(event) }; if(defined(state_key) && empty(state_key)) s << "\"\"" << " "; else if(defined(state_key)) s << state_key << " "; else s << "*" << " "; const json::object &content { json::get<"content"_>(event) }; switch(hash(json::get<"type"_>(event))) { case "m.room.message"_: s << unquote(content.get("msgtype")) << " "; s << unquote(content.get("body")) << " "; break; default: s << string_view{content}; break; } return s; } std::string ircd::m::pretty(const event::prev &prev) { std::string ret; std::stringstream s; pubsetbuf(s, ret, 4096); pretty(s, prev); resizebuf(s, ret); return ret; } std::ostream & ircd::m::pretty(std::ostream &s, const event::prev &prev) { const auto out{[&s] (const string_view &key, auto&& val) { if(json::defined(val)) s << key << " :" << val << std::endl; }}; const auto &auth_events{json::get<"auth_events"_>(prev)}; for(const json::array auth_event : auth_events) { s << std::setw(16) << std::right << "[auth event]" << " :" << unquote(auth_event[0]); for(const auto &hash : json::object{auth_event[1]}) s << " " << unquote(hash.first) << ": " << unquote(hash.second); s << std::endl; } const auto &prev_states{json::get<"prev_state"_>(prev)}; for(const json::array prev_state : prev_states) { s << std::setw(16) << std::right << "[prev state]" << " :" << unquote(prev_state[0]); for(const auto &hash : json::object{prev_state[1]}) s << " " << unquote(hash.first) << ": " << unquote(hash.second); s << std::endl; } const auto &prev_events{json::get<"prev_events"_>(prev)}; for(const json::array prev_event : prev_events) { s << std::setw(16) << std::right << "[prev_event]" << " :" << unquote(prev_event[0]); for(const auto &hash : json::object{prev_event[1]}) s << " " << unquote(hash.first) << ": " << unquote(hash.second); s << std::endl; } return s; } std::ostream & ircd::m::pretty_oneline(std::ostream &s, const event::prev &prev) { const auto &auth_events{json::get<"auth_events"_>(prev)}; s << "A[ "; for(const json::array auth_event : auth_events) s << unquote(auth_event[0]) << " "; s << "] "; const auto &prev_states{json::get<"prev_state"_>(prev)}; s << "S[ "; for(const json::array prev_state : prev_states) s << unquote(prev_state[0]) << " "; s << "] "; const auto &prev_events{json::get<"prev_events"_>(prev)}; s << "E[ "; for(const json::array prev_event : prev_events) s << unquote(prev_event[0]) << " "; s << "] "; return s; } /////////////////////////////////////////////////////////////////////////////// // // event/append.h // void ircd::m::append(json::stack::array &array, const event &event_, const event_append_opts &opts) { json::stack::object object { array }; append(object, event_, opts); } void ircd::m::append(json::stack::object &object, const event &event, const event_append_opts &opts) { const bool has_event_idx { opts.event_idx && *opts.event_idx }; const bool has_client_txnid { opts.client_txnid && *opts.client_txnid }; const bool has_user { opts.user_id && opts.user_room }; const bool sender_is_user { has_user && json::get<"sender"_>(event) == *opts.user_id }; const auto txnid_idx { !has_client_txnid && sender_is_user && opts.query_txnid? opts.user_room->get(std::nothrow, "ircd.client.txnid", at<"event_id"_>(event)): 0UL }; #if defined(RB_DEBUG) && 0 if(!has_client_txnid && !txnid_idx && sender_is_user && opts.query_txnid) log::dwarning { log, "Could not find transaction_id for %s from %s in %s", json::get<"event_id"_>(event), json::get<"sender"_>(event), json::get<"room_id"_>(event) }; #endif if(!json::get<"state_key"_>(event) && has_user) { const m::user::ignores ignores{*opts.user_id}; if(ignores.enforce("events") && ignores.has(json::get<"sender"_>(event))) { log::debug { log, "Not sending event '%s' because '%s' is ignored by '%s'", json::get<"event_id"_>(event), json::get<"sender"_>(event), string_view{*opts.user_id} }; return; } } object.append(event); if(json::get<"state_key"_>(event) && has_event_idx) { const auto prev_idx { room::state::prev(*opts.event_idx) }; if(prev_idx) m::get(std::nothrow, prev_idx, "content", [&object] (const json::object &content) { json::stack::member { object, "prev_content", content }; }); } json::stack::object unsigned_ { object, "unsigned" }; json::stack::member { unsigned_, "age", json::value { opts.age != std::numeric_limits::min()? opts.age: json::get<"depth"_>(event) >= 0 && opts.room_depth && *opts.room_depth >= 0L? ((*opts.room_depth + 1) - json::get<"depth"_>(event)) + 100: !opts.room_depth && json::get<"origin_server_ts"_>(event)? ircd::time() - json::get<"origin_server_ts"_>(event): json::undefined_number } }; if(has_client_txnid) json::stack::member { unsigned_, "transaction_id", *opts.client_txnid }; if(txnid_idx) m::get(std::nothrow, txnid_idx, "content", [&unsigned_] (const json::object &content) { json::stack::member { unsigned_, "transaction_id", unquote(content.get("transaction_id")) }; }); } /////////////////////////////////////////////////////////////////////////////// // // event/conforms.h // namespace ircd::m::vm { extern const m::hookfn issue_missing_auth; extern const m::hookfn conform_check_origin; extern const m::hookfn conform_check_size; extern const m::hookfn conform_report; } /// Check if an eval with a copts structure (indicating this server is /// creating the event) has an origin set to !my_host(). decltype(ircd::m::vm::conform_check_origin) ircd::m::vm::conform_check_origin { { { "_site", "vm.conform" } }, [](const m::event &event, eval &eval) { if(unlikely(eval.copts && !my_host(at<"origin"_>(event)))) throw error { fault::GENERAL, "Issuing event for origin: %s", at<"origin"_>(event) }; } }; /// Check if an event originating from this server exceeds maximum size. decltype(ircd::m::vm::conform_check_size) ircd::m::vm::conform_check_size { { { "_site", "vm.conform" }, { "origin", my_host() } }, [](const m::event &event, eval &eval) { const size_t &event_size { serialized(event) }; if(event_size > size_t(event::max_size)) throw m::BAD_JSON { "Event is %zu bytes which is larger than the maximum %zu bytes", event_size, size_t(event::max_size) }; } }; /// Check if an event originating from this server exceeds maximum size. decltype(ircd::m::vm::conform_report) ircd::m::vm::conform_report { { { "_site", "vm.conform" } }, [](const m::event &event, eval &eval) { assert(eval.opts); auto &opts(*eval.opts); // When opts.conformed is set the report is already generated if(opts.conformed) { eval.report = opts.report; return; } // Generate the report here. eval.report = event::conforms { event, opts.non_conform.report }; // When opts.conforming is false a bad report is not an error. if(!opts.conforming) return; // Otherwise this will kill the eval if(!eval.report.clean()) throw error { fault::INVALID, "Non-conforming event: %s", string(eval.report) }; } }; namespace ircd::m { constexpr size_t event_conforms_num{num_of()}; extern const std::array event_conforms_reflects; } decltype(ircd::m::event_conforms_reflects) ircd::m::event_conforms_reflects { "INVALID_OR_MISSING_EVENT_ID", "INVALID_OR_MISSING_ROOM_ID", "INVALID_OR_MISSING_SENDER_ID", "MISSING_TYPE", "MISSING_ORIGIN", "INVALID_ORIGIN", "INVALID_OR_MISSING_REDACTS_ID", "MISSING_CONTENT_MEMBERSHIP", "INVALID_CONTENT_MEMBERSHIP", "MISSING_MEMBER_STATE_KEY", "INVALID_MEMBER_STATE_KEY", "MISSING_PREV_EVENTS", "MISSING_PREV_STATE", "MISSING_AUTH_EVENTS", "DEPTH_NEGATIVE", "DEPTH_ZERO", "MISSING_SIGNATURES", "MISSING_ORIGIN_SIGNATURE", "MISMATCH_ORIGIN_SENDER", "MISMATCH_ORIGIN_EVENT_ID", "MISMATCH_CREATE_SENDER", "MISMATCH_ALIASES_STATE_KEY", "SELF_REDACTS", "SELF_PREV_EVENT", "SELF_PREV_STATE", "SELF_AUTH_EVENT", "DUP_PREV_EVENT", "DUP_PREV_STATE", "DUP_AUTH_EVENT", }; std::ostream & ircd::m::operator<<(std::ostream &s, const event::conforms &conforms) { thread_local char buf[1024]; s << conforms.string(buf); return s; } ircd::string_view ircd::m::reflect(const event::conforms::code &code) try { return event_conforms_reflects.at(code); } catch(const std::out_of_range &e) { return "??????"_sv; } ircd::m::event::conforms::code ircd::m::event::conforms::reflect(const string_view &name) { const auto it { std::find(begin(event_conforms_reflects), end(event_conforms_reflects), name) }; if(it == end(event_conforms_reflects)) throw std::out_of_range { "There is no event::conforms code by that name." }; return code(std::distance(begin(event_conforms_reflects), it)); } ircd::m::event::conforms::conforms(const event &e, const uint64_t &skip) :conforms{e} { report &= ~skip; } ircd::m::event::conforms::conforms(const event &e) :report{0} { if(!valid(m::id::EVENT, json::get<"event_id"_>(e))) set(INVALID_OR_MISSING_EVENT_ID); if(!valid(m::id::ROOM, json::get<"room_id"_>(e))) set(INVALID_OR_MISSING_ROOM_ID); if(!valid(m::id::USER, json::get<"sender"_>(e))) set(INVALID_OR_MISSING_SENDER_ID); if(empty(json::get<"type"_>(e))) set(MISSING_TYPE); if(empty(json::get<"origin"_>(e))) set(MISSING_ORIGIN); //TODO: XXX if(false) set(INVALID_ORIGIN); if(empty(json::get<"signatures"_>(e))) set(MISSING_SIGNATURES); if(empty(json::object{json::get<"signatures"_>(e).get(json::get<"origin"_>(e))})) set(MISSING_ORIGIN_SIGNATURE); if(!has(INVALID_OR_MISSING_SENDER_ID)) if(json::get<"origin"_>(e) != m::id::user{json::get<"sender"_>(e)}.host()) set(MISMATCH_ORIGIN_SENDER); if(!has(INVALID_OR_MISSING_EVENT_ID)) if(json::get<"origin"_>(e) != m::id::event{json::get<"event_id"_>(e)}.host()) set(MISMATCH_ORIGIN_EVENT_ID); if(json::get<"type"_>(e) == "m.room.create") if(m::room::id(json::get<"room_id"_>(e)).host() != m::user::id(json::get<"sender"_>(e)).host()) set(MISMATCH_CREATE_SENDER); if(json::get<"type"_>(e) == "m.room.aliases") if(m::user::id(json::get<"sender"_>(e)).host() != json::get<"state_key"_>(e)) set(MISMATCH_ALIASES_STATE_KEY); if(json::get<"type"_>(e) == "m.room.redaction") if(!valid(m::id::EVENT, json::get<"redacts"_>(e))) set(INVALID_OR_MISSING_REDACTS_ID); if(json::get<"redacts"_>(e)) if(json::get<"redacts"_>(e) == json::get<"event_id"_>(e)) set(SELF_REDACTS); if(json::get<"type"_>(e) == "m.room.member") if(empty(unquote(json::get<"content"_>(e).get("membership")))) set(MISSING_CONTENT_MEMBERSHIP); if(json::get<"type"_>(e) == "m.room.member") if(!all_of(unquote(json::get<"content"_>(e).get("membership")))) set(INVALID_CONTENT_MEMBERSHIP); if(json::get<"type"_>(e) == "m.room.member") if(empty(json::get<"state_key"_>(e))) set(MISSING_MEMBER_STATE_KEY); if(json::get<"type"_>(e) == "m.room.member") if(!valid(m::id::USER, json::get<"state_key"_>(e))) set(INVALID_MEMBER_STATE_KEY); if(json::get<"type"_>(e) != "m.room.create") if(empty(json::get<"prev_events"_>(e))) set(MISSING_PREV_EVENTS); /* if(json::get<"type"_>(e) != "m.room.create") if(!empty(json::get<"state_key"_>(e))) if(empty(json::get<"prev_state"_>(e))) set(MISSING_PREV_STATE); */ if(json::get<"type"_>(e) != "m.room.create") if(empty(json::get<"auth_events"_>(e))) set(MISSING_AUTH_EVENTS); if(json::get<"depth"_>(e) != json::undefined_number && json::get<"depth"_>(e) < 0) set(DEPTH_NEGATIVE); if(json::get<"type"_>(e) != "m.room.create") if(json::get<"depth"_>(e) == 0) set(DEPTH_ZERO); const prev p{e}; size_t i{0}, j{0}; for(const json::array &pe : json::get<"prev_events"_>(p)) { if(unquote(pe.at(0)) == json::get<"event_id"_>(e)) set(SELF_PREV_EVENT); j = 0; for(const json::array &pe_ : json::get<"prev_events"_>(p)) if(i != j++) if(pe_.at(0) == pe.at(0)) set(DUP_PREV_EVENT); ++i; } i = 0; for(const json::array &ps : json::get<"prev_state"_>(p)) { if(unquote(ps.at(0)) == json::get<"event_id"_>(e)) set(SELF_PREV_STATE); j = 0; for(const json::array &ps_ : json::get<"prev_state"_>(p)) if(i != j++) if(ps_.at(0) == ps.at(0)) set(DUP_PREV_STATE); ++i; } i = 0; for(const json::array &ps : json::get<"auth_events"_>(p)) { if(unquote(ps.at(0)) == json::get<"event_id"_>(e)) set(SELF_AUTH_EVENT); j = 0; for(const json::array &ps_ : json::get<"auth_events"_>(p)) if(i != j++) if(ps_.at(0) == ps.at(0)) set(DUP_AUTH_EVENT); ++i; } } void ircd::m::event::conforms::operator|=(const code &code) & { set(code); } void ircd::m::event::conforms::del(const code &code) { report &= ~(1UL << code); } void ircd::m::event::conforms::set(const code &code) { report |= (1UL << code); } ircd::string_view ircd::m::event::conforms::string(const mutable_buffer &out) const { mutable_buffer buf{out}; for(uint64_t i(0); i < num_of(); ++i) { if(!has(code(i))) continue; if(begin(buf) != begin(out)) consume(buf, copy(buf, " "_sv)); consume(buf, copy(buf, m::reflect(code(i)))); } return { data(out), begin(buf) }; } bool ircd::m::event::conforms::has(const code &code) const { return report & (1UL << code); } bool ircd::m::event::conforms::has(const uint &code) const { return (report & (1UL << code)) == code; } bool ircd::m::event::conforms::operator!() const { return clean(); } ircd::m::event::conforms::operator bool() const { return !clean(); } bool ircd::m::event::conforms::clean() const { return report == 0; } /////////////////////////////////////////////////////////////////////////////// // // event/prefetch.h // void ircd::m::prefetch(const event::id &event_id, const event::fetch::opts &opts) { prefetch(index(event_id), opts); } void ircd::m::prefetch(const event::id &event_id, const string_view &key) { prefetch(index(event_id), key); } void ircd::m::prefetch(const event::idx &event_idx, const event::fetch::opts &opts) { const event::keys keys{opts.keys}; const vector_view cols{keys}; for(const auto &col : cols) if(col) prefetch(event_idx, col); } void ircd::m::prefetch(const event::idx &event_idx, const string_view &key) { const auto &column_idx { json::indexof(key) }; auto &column { dbs::event_column.at(column_idx) }; db::prefetch(column, byte_view{event_idx}); } /////////////////////////////////////////////////////////////////////////////// // // event/cached.h // bool ircd::m::cached(const id::event &event_id) { return cached(event_id, event::fetch::default_opts); } bool ircd::m::cached(const id::event &event_id, const event::fetch::opts &opts) { if(!db::cached(dbs::event_idx, event_id, opts.gopts)) return false; const event::idx event_idx { index(event_id, std::nothrow) }; return event_idx? cached(event_idx, opts.gopts): false; } bool ircd::m::cached(const event::idx &event_idx) { return cached(event_idx, event::fetch::default_opts); } bool ircd::m::cached(const event::idx &event_idx, const event::fetch::opts &opts) { const byte_view &key { event_idx }; if(event::fetch::should_seek_json(opts)) return db::cached(dbs::event_json, key, opts.gopts); const auto &selection { opts.keys }; const auto result { cached_keys(event_idx, opts) }; for(size_t i(0); i < selection.size(); ++i) { auto &column { dbs::event_column.at(i) }; if(column && selection.test(i) && !result.test(i)) { if(!db::has(column, key, opts.gopts)) continue; return false; } } return true; } ircd::m::event::keys::selection ircd::m::cached_keys(const event::idx &event_idx, const event::fetch::opts &opts) { const byte_view &key { event_idx }; event::keys::selection ret(0); const event::keys::selection &selection(opts.keys); for(size_t i(0); i < selection.size(); ++i) { auto &column { dbs::event_column.at(i) }; if(column && db::cached(column, key, opts.gopts)) ret.set(i); } return ret; } /////////////////////////////////////////////////////////////////////////////// // // event/get.h // std::string ircd::m::get(const event::id &event_id, const string_view &key) { std::string ret; get(event_id, key, [&ret] (const string_view &value) { ret = value; }); return ret; } std::string ircd::m::get(const event::idx &event_idx, const string_view &key) { std::string ret; get(event_idx, key, [&ret] (const string_view &value) { ret = value; }); return ret; } std::string ircd::m::get(std::nothrow_t, const event::id &event_id, const string_view &key) { std::string ret; get(std::nothrow, event_id, key, [&ret] (const string_view &value) { ret = value; }); return ret; } std::string ircd::m::get(std::nothrow_t, const event::idx &event_idx, const string_view &key) { std::string ret; get(std::nothrow, event_idx, key, [&ret] (const string_view &value) { ret = value; }); return ret; } ircd::const_buffer ircd::m::get(const event::id &event_id, const string_view &key, const mutable_buffer &out) { const auto &ret { get(std::nothrow, index(event_id), key, out) }; if(!ret) throw m::NOT_FOUND { "%s for %s not found in database", key, string_view{event_id} }; return ret; } ircd::const_buffer ircd::m::get(const event::idx &event_idx, const string_view &key, const mutable_buffer &out) { const const_buffer ret { get(std::nothrow, event_idx, key, out) }; if(!ret) throw m::NOT_FOUND { "%s for event_idx[%lu] not found in database", key, event_idx }; return ret; } ircd::const_buffer ircd::m::get(std::nothrow_t, const event::id &event_id, const string_view &key, const mutable_buffer &buf) { return get(std::nothrow, index(event_id), key, buf); } ircd::const_buffer ircd::m::get(std::nothrow_t, const event::idx &event_idx, const string_view &key, const mutable_buffer &buf) { const_buffer ret; get(std::nothrow, event_idx, key, [&buf, &ret] (const string_view &value) { ret = { data(buf), copy(buf, value) }; }); return ret; } void ircd::m::get(const event::id &event_id, const string_view &key, const event::fetch::view_closure &closure) { if(!get(std::nothrow, index(event_id), key, closure)) throw m::NOT_FOUND { "%s for %s not found in database", key, string_view{event_id} }; } void ircd::m::get(const event::idx &event_idx, const string_view &key, const event::fetch::view_closure &closure) { if(!get(std::nothrow, event_idx, key, closure)) throw m::NOT_FOUND { "%s for event_idx[%lu] not found in database", key, event_idx }; } bool ircd::m::get(std::nothrow_t, const event::id &event_id, const string_view &key, const event::fetch::view_closure &closure) { return get(std::nothrow, index(event_id), key, closure); } bool ircd::m::get(std::nothrow_t, const event::idx &event_idx, const string_view &key, const event::fetch::view_closure &closure) { const string_view &column_key { byte_view{event_idx} }; const auto &column_idx { json::indexof(key) }; auto &column { dbs::event_column.at(column_idx) }; if(column) return column(column_key, std::nothrow, closure); // If the event property being sought doesn't have its own column we // fall back to fetching the full JSON and closing over the property. bool ret{false}; dbs::event_json(column_key, std::nothrow, [&closure, &key, &ret] (const json::object &event) { string_view value { event[key] }; if(!value) return; // The user expects an unquoted string to their closure, the same as // if this value was found in its own column. if(json::type(value) == json::STRING) value = unquote(value); ret = true; closure(value); }); return ret; } /////////////////////////////////////////////////////////////////////////////// // // event/fetch.h // // // seek // void ircd::m::seek(event::fetch &fetch, const event::id &event_id) { if(!seek(fetch, event_id, std::nothrow)) throw m::NOT_FOUND { "%s not found in database", event_id }; } bool ircd::m::seek(event::fetch &fetch, const event::id &event_id, std::nothrow_t) { const auto &event_idx { index(event_id, std::nothrow) }; if(!event_idx) { fetch.valid = false; return fetch.valid; } return seek(fetch, event_idx, std::nothrow); } void ircd::m::seek(event::fetch &fetch, const event::idx &event_idx) { if(!seek(fetch, event_idx, std::nothrow)) throw m::NOT_FOUND { "%lu not found in database", event_idx }; } bool ircd::m::seek(event::fetch &fetch, const event::idx &event_idx, std::nothrow_t) { fetch.event_idx = event_idx; const string_view &key { byte_view(event_idx) }; auto &event { static_cast(fetch) }; assert(fetch.fopts); const auto &opts(*fetch.fopts); if(!fetch.should_seek_json(opts)) if((fetch.valid = db::seek(fetch.row, key, opts.gopts))) if((fetch.valid = fetch.assign_from_row(key))) return fetch.valid; if((fetch.valid = fetch._json.load(key, opts.gopts))) fetch.valid = fetch.assign_from_json(key); return fetch.valid; } // // event::fetch // decltype(ircd::m::event::fetch::default_opts) ircd::m::event::fetch::default_opts {}; void ircd::m::event::fetch::event_id(const idx &idx, const id::closure &closure) { if(!get(std::nothrow, idx, "event_id", closure)) throw m::NOT_FOUND { "%lu not found in database", idx }; } bool ircd::m::event::fetch::event_id(const idx &idx, std::nothrow_t, const id::closure &closure) { return get(std::nothrow, idx, "event_id", closure); } // // event::fetch::fetch // /// Seek to event_id and populate this event from database. /// Throws if event not in database. ircd::m::event::fetch::fetch(const event::id &event_id, const opts &opts) :fetch { index(event_id), opts } { } /// Seek to event_id and populate this event from database. /// Event is not populated if not found in database. ircd::m::event::fetch::fetch(const event::id &event_id, std::nothrow_t, const opts &opts) :fetch { index(event_id, std::nothrow), std::nothrow, opts } { } /// Seek to event_idx and populate this event from database. /// Throws if event not in database. ircd::m::event::fetch::fetch(const event::idx &event_idx, const opts &opts) :fetch { event_idx, std::nothrow, opts } { if(!valid) throw m::NOT_FOUND { "idx %zu not found in database", event_idx }; } /// Seek to event_idx and populate this event from database. /// Event is not populated if not found in database. ircd::m::event::fetch::fetch(const event::idx &event_idx, std::nothrow_t, const opts &opts) :fopts { &opts } ,event_idx { event_idx } ,_json { dbs::event_json, event_idx && should_seek_json(opts)? key(&event_idx): string_view{}, opts.gopts } ,row { *dbs::events, event_idx && !_json.valid(key(&event_idx))? key(&event_idx): string_view{}, event_idx && !_json.valid(key(&event_idx))? event::keys{opts.keys}: event::keys{event::keys::include{}}, cell, opts.gopts } ,valid { event_idx && _json.valid(key(&event_idx))? assign_from_json(key(&event_idx)): assign_from_row(key(&event_idx)) } { } /// Seekless constructor. ircd::m::event::fetch::fetch(const opts &opts) :fopts { &opts } ,_json { dbs::event_json, string_view{}, opts.gopts } ,row { *dbs::events, string_view{}, !should_seek_json(opts)? event::keys{opts.keys}: event::keys{event::keys::include{}}, cell, opts.gopts } ,valid { false } { } bool ircd::m::event::fetch::assign_from_json(const string_view &key) { auto &event { static_cast(*this) }; assert(_json.valid(key)); const json::object source { _json.val() }; assert(fopts); event = { source, fopts->keys }; assert(!empty(source)); assert(data(event.source) == data(source)); return true; } bool ircd::m::event::fetch::assign_from_row(const string_view &key) { auto &event { static_cast(*this) }; if(!row.valid(key)) return false; assign(event, row, key); event.source = {}; return true; } bool ircd::m::event::fetch::should_seek_json(const opts &opts) { // User always wants to make the event_json query regardless // of their keys selection. if(opts.query_json_force) return true; // If and only if selected keys have direct columns we can return // false to seek direct columns. If any other keys are selected we /// must perform the event_json query instead. for(size_t i(0); i < opts.keys.size(); ++i) if(opts.keys.test(i)) if(!dbs::event_column.at(i)) return true; return false; } ircd::string_view ircd::m::event::fetch::key(const event::idx *const &event_idx) { assert(event_idx); return byte_view(*event_idx); } // // event::fetch::opts // ircd::m::event::fetch::opts::opts(const db::gopts &gopts, const event::keys::selection &keys) :opts { keys, gopts } { } ircd::m::event::fetch::opts::opts(const event::keys::selection &keys, const db::gopts &gopts) :keys{keys} ,gopts{gopts} { } /////////////////////////////////////////////////////////////////////////////// // // event/event_id.h // ircd::m::event::id::buf ircd::m::event_id(const event::idx &event_idx) { event::id::buf ret; event_id(event_idx, ret); return ret; } ircd::m::event::id::buf ircd::m::event_id(const event::idx &event_idx, std::nothrow_t) { event::id::buf ret; event_id(event_idx, ret, std::nothrow); return ret; } ircd::m::event::id ircd::m::event_id(const event::idx &event_idx, event::id::buf &buf) { const event::id ret { event_id(event_idx, buf, std::nothrow) }; if(!ret) throw m::NOT_FOUND { "Cannot find event ID from idx[%lu]", event_idx }; return ret; } ircd::m::event::id ircd::m::event_id(const event::idx &event_idx, event::id::buf &buf, std::nothrow_t) { event_id(event_idx, std::nothrow, [&buf] (const event::id &eid) { buf = eid; }); return buf; } bool ircd::m::event_id(const event::idx &event_idx, std::nothrow_t, const event::id::closure &closure) { return get(std::nothrow, event_idx, "event_id", closure); } /////////////////////////////////////////////////////////////////////////////// // // event/index.h // ircd::m::event::idx ircd::m::index(const event &event) try { return index(at<"event_id"_>(event)); } catch(const json::not_found &) { throw m::NOT_FOUND { "Cannot find index for event without an event_id." }; } ircd::m::event::idx ircd::m::index(const event &event, std::nothrow_t) try { return index(at<"event_id"_>(event), std::nothrow); } catch(const json::not_found &) { return 0; } ircd::m::event::idx ircd::m::index(const event::id &event_id) { const auto ret { index(event_id, std::nothrow) }; if(!ret) throw m::NOT_FOUND { "no index found for %s", string_view{event_id} }; return ret; } ircd::m::event::idx ircd::m::index(const event::id &event_id, std::nothrow_t) { event::idx ret{0}; index(event_id, std::nothrow, [&ret] (const event::idx &event_idx) { ret = event_idx; }); return ret; } bool ircd::m::index(const event::id &event_id, std::nothrow_t, const event::closure_idx &closure) { auto &column { dbs::event_idx }; if(!event_id) return false; return column(event_id, std::nothrow, [&closure] (const string_view &value) { const event::idx &event_idx { byte_view(value) }; closure(event_idx); }); } /////////////////////////////////////////////////////////////////////////////// // // event/auth.h // // // event::auth // void ircd::m::event::auth::check(const event &event) { const auto reason { failed(event) }; if(reason) throw m::ACCESS_DENIED { "Authorization of %s failed against its auth_events :%s", json::get<"event_id"_>(event), reason }; } bool ircd::m::event::auth::check(std::nothrow_t, const event &event) { return !failed(event); } ircd::string_view ircd::m::event::auth::failed(const m::event &event) { const m::event::prev refs(event); const auto count(refs.auth_events_count()); if(count > 4) return "Too many auth_events references."; const m::event *authv[4]; const m::event::fetch auth[4] { { count > 0? refs.auth_event(0) : event::id{}, std::nothrow }, { count > 1? refs.auth_event(1) : event::id{}, std::nothrow }, { count > 2? refs.auth_event(2) : event::id{}, std::nothrow }, { count > 3? refs.auth_event(3) : event::id{}, std::nothrow }, }; size_t i(0), j(0); for(; i < 4; ++i) if(auth[i].valid) authv[j++] = &auth[i]; return failed(event, {authv, j}); } ircd::string_view ircd::m::event::auth::failed(const m::event &event, const vector_view &auth_events) { const m::event::prev refs{event}; // 1. If type is m.room.create if(json::get<"type"_>(event) == "m.room.create") { // a. If it has any previous events, reject. if(count(refs) || !empty(auth_events)) return "m.room.create has previous events."; // b. If the domain of the room_id does not match the domain of the // sender, reject. assert(!conforms(event).has(conforms::MISMATCH_CREATE_SENDER)); if(conforms(event).has(conforms::MISMATCH_CREATE_SENDER)) return "m.room.create room_id domain does not match sender domain."; // c. If content.room_version is present and is not a recognised // version, reject. if(json::get<"content"_>(event).has("room_version")) if(unquote(json::get<"content"_>(event).get("room_version")) != "1") return "m.room.create room_version is not recognized."; // d. If content has no creator field, reject. assert(!empty(json::get<"content"_>(event).get("creator"))); if(empty(json::get<"content"_>(event).get("creator"))) return "m.room.create content.creator is missing."; // e. Otherwise, allow. return {}; } // 2. Reject if event has auth_events that: const m::event *auth_create{nullptr}; const m::event *auth_power{nullptr}; const m::event *auth_join_rules{nullptr}; const m::event *auth_member_target{nullptr}; const m::event *auth_member_sender{nullptr}; for(size_t i(0); i < auth_events.size(); ++i) { // a. have duplicate entries for a given type and state_key pair assert(auth_events.at(i)); const m::event &a(*auth_events.at(i)); for(size_t j(0); j < auth_events.size(); ++j) if(i != j) { assert(auth_events.at(j)); const auto &b(*auth_events.at(j)); if(json::get<"type"_>(a) == json::get<"type"_>(b)) if(json::get<"state_key"_>(a) == json::get<"state_key"_>(b)) return "Duplicate (type,state_key) in auth_events."; } // b. have entries whose type and state_key don't match those specified by // the auth events selection algorithm described in the server... const auto &type(json::get<"type"_>(a)); if(type == "m.room.create") { assert(!auth_create); auth_create = &a; continue; } if(type == "m.room.power_levels") { assert(!auth_power); auth_power = &a; continue; } if(type == "m.room.join_rules") { assert(!auth_join_rules); auth_join_rules = &a; continue; } if(type == "m.room.member") { if(json::get<"sender"_>(event) == json::get<"state_key"_>(a)) { assert(!auth_member_sender); auth_member_sender = &a; } if(json::get<"state_key"_>(event) == json::get<"state_key"_>(a)) { assert(!auth_member_target); auth_member_target = &a; } continue; } return "Reference in auth_events is not an auth_event."; } // 3. If event does not have a m.room.create in its auth_events, reject. if(!auth_create) return "Missing m.room.create in auth_events"; const m::room::power power { auth_power? *auth_power : m::event{}, *auth_create }; // 4. If type is m.room.aliases: if(json::get<"type"_>(event) == "m.room.aliases") { // a. If event has no state_key, reject. assert(!conforms(event).has(conforms::MISMATCH_ALIASES_STATE_KEY)); if(empty(json::get<"state_key"_>(event))) return "m.room.aliases event is missing a state_key."; // b. If sender's domain doesn't matches state_key, reject. if(json::get<"state_key"_>(event) != m::user::id(json::get<"sender"_>(event)).host()) return "m.room.aliases event state_key is not the sender's domain."; // c. Otherwise, allow return {}; } // 5. If type is m.room.member: if(json::get<"type"_>(event) == "m.room.member") { // a. If no state_key key ... assert(!conforms(event).has(conforms::MISSING_MEMBER_STATE_KEY)); if(empty(json::get<"state_key"_>(event))) return "m.room.member event is missing a state_key."; // a. ... or membership key in content, reject. assert(!conforms(event).has(conforms::MISSING_CONTENT_MEMBERSHIP)); if(empty(unquote(json::get<"content"_>(event).get("membership")))) return "m.room.member event is missing a content.membership."; assert(!conforms(event).has(conforms::INVALID_MEMBER_STATE_KEY)); if(!valid(m::id::USER, json::get<"state_key"_>(event))) return "m.room.member event state_key is not a valid user mxid."; // b. If membership is join if(membership(event) == "join") { // i. If the only previous event is an m.room.create and the // state_key is the creator, allow. if(refs.prev_events_count() == 1 && refs.auth_events_count() == 1) if(auth_create && at<"event_id"_>(*auth_create) == refs.prev_event(0)) return {}; // ii. If the sender does not match state_key, reject. if(json::get<"sender"_>(event) != json::get<"state_key"_>(event)) return "m.room.member membership=join sender does not match state_key."; // iii. If the sender is banned, reject. if(auth_member_target) if(membership(*auth_member_target) == "ban") return "m.room.member membership=join references membership=ban auth_event."; if(auth_member_sender) if(membership(*auth_member_sender) == "ban") return "m.room.member membership=join references membership=ban auth_event."; if(auth_join_rules) { // iv. If the join_rule is invite then allow if membership state // is invite or join. if(unquote(json::get<"content"_>(*auth_join_rules).get("join_rule")) == "invite") if(auth_member_target) { if(membership(*auth_member_target) == "invite") return {}; if(membership(*auth_member_target) == "join") return {}; } // v. If the join_rule is public, allow. if(unquote(json::get<"content"_>(*auth_join_rules).get("join_rule")) == "public") return {}; } // vi. Otherwise, reject. return "m.room.member membership=join fails authorization."; } // c. If membership is invite if(membership(event) == "invite") { // i. If content has third_party_invite key if(json::get<"content"_>(event).has("third_party_invite")) { //TODO: XXX // 1. If target user is banned, reject. // 2. If content.third_party_invite does not have a signed key, reject. // 3. If signed does not have mxid and token keys, reject. // 4. If mxid does not match state_key, reject. // 5. If there is no m.room.third_party_invite event in the current room state with state_key matching token, reject. // 6. If sender does not match sender of the m.room.third_party_invite, reject. // 7. If any signature in signed matches any public key in the m.room.third_party_invite event, allow. The public keys are in content of m.room.third_party_invite as: // 7.1. A single public key in the public_key field. // 7.2. A list of public keys in the public_keys field. // 8. Otherwise, reject. return "third_party_invite fails authorization."; } // ii. If the sender's current membership state is not join, reject. if(auth_member_sender) if(membership(*auth_member_sender) != "join") return "m.room.member membership=invite sender must have membership=join."; // iii. If target user's current membership state is join or ban, reject. if(auth_member_target) { if(membership(*auth_member_target) == "join") return "m.room.member membership=invite target cannot have membership=join."; if(membership(*auth_member_target) == "ban") return "m.room.member membership=invite target cannot have membership=ban."; } // iv. If the sender's power level is greater than or equal to the invite level, // allow. if(power(at<"sender"_>(event), "invite")) return {}; // v. Otherwise, reject. return "m.room.member membership=invite fails authorization."; } // d. If membership is leave if(membership(event) == "leave") { // i. If the sender matches state_key, allow if and only if that // user's current membership state is invite or join. if(json::get<"sender"_>(event) == json::get<"state_key"_>(event)) { if(auth_member_target && membership(*auth_member_target) == "join") return {}; if(auth_member_target && membership(*auth_member_target) == "invite") return {}; return "m.room.member membership=leave self-target must have membership=join|invite."; } // ii. If the sender's current membership state is not join, reject. if(auth_member_sender) if(membership(*auth_member_sender) != "join") return "m.room.member membership=leave sender must have membership=join."; // iii. If the target user's current membership state is ban, and the sender's // power level is less than the ban level, reject. if(auth_member_target) if(membership(*auth_member_target) == "ban") if(!power(at<"sender"_>(event), "ban")) return "m.room.member membership=ban->leave sender must have ban power to unban."; // iv. If the sender's power level is greater than or equal to the // kick level, and the target user's power level is less than the // sender's power level, allow. if(power(at<"sender"_>(event), "kick")) if(power.level_user(at<"state_key"_>(event)) < power.level_user(at<"sender"_>(event))) return {}; // v. Otherwise, reject. return "m.room.member membership=leave fails authorization."; } // e. If membership is ban if(membership(event) == "ban") { // i. If the sender's current membership state is not join, reject. if(auth_member_sender) if(membership(*auth_member_sender) != "join") return "m.room.member membership=ban sender must have membership=join."; // ii. If the sender's power level is greater than or equal to the // ban level, and the target user's power level is less than the // sender's power level, allow. if(power(at<"sender"_>(event), "ban")) if(power.level_user(at<"state_key"_>(event)) < power.level_user(at<"sender"_>(event))) return {}; // iii. Otherwise, reject. return "m.room.member membership=ban fails authorization."; } // f. Otherwise, the membership is unknown. Reject. return "m.room.member membership=unknown."; } // 6. If the sender's current membership state is not join, reject. if(auth_member_sender) if(membership(*auth_member_sender) != "join") return "sender is not joined to room."; // 7. If type is m.room.third_party_invite: if(json::get<"type"_>(event) == "m.room.third_party_invite") { // a. Allow if and only if sender's current power level is greater // than or equal to the invite level. if(power(at<"sender"_>(event), "invite")) return {}; return "sender has power level less than required for invite."; } // 8. If the event type's required power level is greater than the // sender's power level, reject. if(!power(at<"sender"_>(event), "events", at<"type"_>(event))) return "sender has insufficient power for event type."; // 9. If the event has a state_key that starts with an @ and does not // match the sender, reject. if(startswith(json::get<"state_key"_>(event), '@')) if(at<"state_key"_>(event) != at<"sender"_>(event)) return "sender cannot set another user's mxid in a state_key."; // 10. If type is m.room.power_levels: if(json::get<"type"_>(event) == "m.room.power_levels") { // a. If users key in content is not a dictionary with keys that are // valid user IDs with values that are integers (or a string that is // an integer), reject. if(json::type(json::get<"content"_>(event).get("users")) != json::OBJECT) return "m.room.power_levels content.users is not a json object."; for(const auto &member : json::object(at<"content"_>(event).at("users"))) { if(!m::valid(m::id::USER, member.first)) return "m.room.power_levels content.users key is not a user mxid"; if(!try_lex_cast(unquote(member.second))) return "m.room.power_levels content.users value is not an integer."; } // b. If there is no previous m.room.power_levels event in the room, allow. if(!auth_power) return {}; const m::room::power old_power{*auth_power, *auth_create}; const m::room::power new_power{event, *auth_create}; const int64_t current_level { old_power.level_user(at<"sender"_>(event)) }; // c. For each of the keys users_default, events_default, // state_default, ban, redact, kick, invite, as well as each entry // being changed under the events or users keys: static const string_view keys[] { "users_default", "events_default", "state_default", "ban", "redact", "kick", "invite", }; for(const auto &key : keys) { const int64_t old_level(old_power.level(key)); const int64_t new_level(new_power.level(key)); if(old_level == new_level) continue; // i. If the current value is higher than the sender's current // power level, reject. if(old_level > current_level) return "m.room.power_levels property denied to sender's power level."; // ii. If the new value is higher than the sender's current power // level, reject. if(new_level > current_level) return "m.room.power_levels property exceeds sender's power level."; } string_view ret; using closure = m::room::power::closure_bool; old_power.for_each("users", closure{[&ret, &new_power, ¤t_level] (const string_view &user_id, const int64_t &old_level) { if(new_power.has_user(user_id)) if(new_power.level_user(user_id) == old_level) return true; // i. If the current value is higher than the sender's current // power level, reject. if(old_level > current_level) { ret = "m.room.power_levels user property denied to sender's power level."; return false; }; // ii. If the new value is higher than the sender's current power // level, reject. if(new_power.level_user(user_id) > current_level) { ret = "m.room.power_levels user property exceeds sender's power level."; return false; }; return true; }}); if(ret) return ret; new_power.for_each("users", closure{[&ret, &old_power, ¤t_level] (const string_view &user_id, const int64_t &new_level) { if(old_power.has_user(user_id)) if(old_power.level_user(user_id) == new_level) return true; // i. If the current value is higher than the sender's current // power level, reject. if(new_level > current_level) { ret = "m.room.power_levels user property exceeds sender's power level."; return false; }; return true; }}); if(ret) return ret; old_power.for_each("events", closure{[&ret, &new_power, ¤t_level] (const string_view &type, const int64_t &old_level) { if(new_power.has_event(type)) if(new_power.level_event(type) == old_level) return true; // i. If the current value is higher than the sender's current // power level, reject. if(old_level > current_level) { ret = "m.room.power_levels event property denied to sender's power level."; return false; }; // ii. If the new value is higher than the sender's current power // level, reject. if(new_power.level_event(type) > current_level) { ret = "m.room.power_levels event property exceeds sender's power level."; return false; }; return true; }}); if(ret) return ret; new_power.for_each("events", closure{[&ret, &old_power, ¤t_level] (const string_view &type, const int64_t &new_level) { if(old_power.has_event(type)) if(old_power.level_event(type) == new_level) return true; // i. If the current value is higher than the sender's current // power level, reject. if(new_level > current_level) { ret = "m.room.power_levels event property exceeds sender's power level."; return false; }; return true; }}); // d. For each entry being changed under the users key... old_power.for_each("users", closure{[&ret, &event, &new_power, ¤t_level] (const string_view &user_id, const int64_t &old_level) { // ...other than the sender's own entry: if(user_id == at<"sender"_>(event)) return true; if(new_power.has_user(user_id)) if(new_power.level_user(user_id) == old_level) return true; // i. If the current value is equal to the sender's current power // level, reject. if(old_level == current_level) { ret = "m.room.power_levels user property denied to sender's power level."; return false; }; return true; }}); if(ret) return ret; // e. Otherwise, allow. assert(!ret); return ret; } // 11. If type is m.room.redaction: if(json::get<"type"_>(event) == "m.room.redaction") { // a. If the sender's power level is greater than or equal to the // redact level, allow. if(power(at<"sender"_>(event), "redact")) return {}; // b. If the domain of the event_id of the event being redacted is the // same as the domain of the event_id of the m.room.redaction, allow. if(event::id(json::get<"redacts"_>(event)).host() == event::id(at<"event_id"_>(event)).host()) return {}; // c. Otherwise, reject. return "m.room.redaction fails authorization."; } // 12. Otherwise, allow. return {}; } bool ircd::m::event::auth::is_power_event(const m::event &event) { if(!json::get<"type"_>(event)) return false; if(json::get<"type"_>(event) == "m.room.create") return true; if(json::get<"type"_>(event) == "m.room.power_levels") return true; if(json::get<"type"_>(event) == "m.room.join_rules") return true; if(json::get<"type"_>(event) != "m.room.member") return false; if(!json::get<"sender"_>(event) || !json::get<"state_key"_>(event)) return false; if(json::get<"sender"_>(event) == json::get<"state_key"_>(event)) return false; if(membership(event) == "leave" || membership(event) == "ban") return true; return false; } // // event::auth::refs // size_t ircd::m::event::auth::refs::count() const noexcept { return count(string_view{}); } size_t ircd::m::event::auth::refs::count(const string_view &type) const noexcept { size_t ret(0); for_each(type, [&ret](const auto &) { ++ret; return true; }); return ret; } bool ircd::m::event::auth::refs::has(const event::idx &idx) const noexcept { return !for_each([&idx](const event::idx &ref) { return ref != idx; // true to continue, false to break }); } bool ircd::m::event::auth::refs::has(const string_view &type) const noexcept { bool ret{false}; for_each(type, [&ret](const auto &) { ret = true; return false; }); return ret; } bool ircd::m::event::auth::refs::for_each(const closure_bool &closure) const { return for_each(string_view{}, closure); } bool ircd::m::event::auth::refs::for_each(const string_view &type, const closure_bool &closure) const { assert(idx); const event::refs erefs { idx }; return erefs.for_each(dbs::ref::NEXT_AUTH, [this, &type, &closure] (const event::idx &ref, const dbs::ref &) { bool match; const auto matcher { [&type, &match](const string_view &type_) { match = type == type_; } }; if(type) { if(!m::get(std::nothrow, ref, "type", matcher)) return true; if(!match) return true; } assert(idx != ref); if(!closure(ref)) return false; return true; }); } // // event::auth::chain // size_t ircd::m::event::auth::chain::depth() const noexcept { size_t ret(0); for_each([&ret](const auto &) { ++ret; }); return ret; } bool ircd::m::event::auth::chain::has(const string_view &type) const noexcept { bool ret(false); for_each(closure_bool{[&type, &ret] (const auto &idx) { m::get(std::nothrow, idx, "type", [&type, &ret] (const auto &value) { ret = value == type; }); return !ret; }}); return ret; } bool ircd::m::event::auth::chain::for_each(const closure &closure) const { return for_each(closure_bool{[&closure] (const auto &idx) { closure(idx); return true; }}); } bool ircd::m::event::auth::chain::for_each(const closure_bool &closure) const { return chain::for_each(*this, closure); } bool ircd::m::event::auth::chain::for_each(const auth::chain &c, const closure_bool &closure) { m::event::fetch e, a; std::set ae; std::deque aq {c.idx}; do { const auto idx(aq.front()); aq.pop_front(); if(!seek(e, idx, std::nothrow)) continue; const m::event::prev prev{e}; const auto count(prev.auth_events_count()); for(size_t i(0); i < count && i < 4; ++i) { const auto &auth_event_id(prev.auth_event(i)); const auto &auth_event_idx(index(auth_event_id, std::nothrow)); if(!auth_event_idx) continue; auto it(ae.lower_bound(auth_event_idx)); if(it == end(ae) || *it != auth_event_idx) { seek(a, auth_event_idx, std::nothrow); ae.emplace_hint(it, auth_event_idx); if(a.valid) aq.emplace_back(auth_event_idx); } } } while(!aq.empty()); for(const auto &idx : ae) if(!closure(idx)) return false; return true; } /////////////////////////////////////////////////////////////////////////////// // // event/refs.h // void ircd::m::event::refs::rebuild() { static const size_t pool_size{96}; static const size_t log_interval{8192}; db::txn txn { *m::dbs::events }; auto &column { dbs::event_json }; auto it { column.begin() }; ctx::dock dock; ctx::pool pool; pool.min(pool_size); size_t i(0), j(0); const ctx::uninterruptible::nothrow ui; for(; it; ++it) { if(ctx::interruption_requested()) break; const m::event::idx event_idx { byte_view(it->first) }; std::string event{it->second}; pool([&txn, &dock, &i, &j, event(std::move(event)), event_idx] { m::dbs::write_opts wopts; wopts.event_idx = event_idx; m::dbs::_index_event_refs(txn, json::object{event}, wopts); if(++j % log_interval == 0) log::info { m::log, "Refs builder @%zu:%zu of %lu (@idx: %lu)", i, j, m::vm::sequence::retired, event_idx }; if(j >= i) dock.notify_one(); }); ++i; } dock.wait([&i, &j] { return i == j; }); txn(); } size_t ircd::m::event::refs::count() const noexcept { return count(dbs::ref(-1)); } size_t ircd::m::event::refs::count(const dbs::ref &type) const noexcept { assert(idx); size_t ret(0); for_each(type, [&ret] (const event::idx &ref, const dbs::ref &) { ++ret; return true; }); return ret; } bool ircd::m::event::refs::has(const event::idx &idx) const noexcept { return has(dbs::ref(-1), idx); } bool ircd::m::event::refs::has(const dbs::ref &type, const event::idx &idx) const noexcept { return !for_each(type, [&idx] (const event::idx &ref, const dbs::ref &) { return ref != idx; // true to continue, false to break }); } bool ircd::m::event::refs::for_each(const closure_bool &closure) const { return for_each(dbs::ref(-1), closure); } bool ircd::m::event::refs::for_each(const dbs::ref &type, const closure_bool &closure) const { assert(idx); thread_local char buf[dbs::EVENT_REFS_KEY_MAX_SIZE]; // Allow -1 to iterate through all types by starting // the iteration at type value 0 and then ignoring the // type as a loop continue condition. const bool all_type(type == dbs::ref(uint8_t(-1))); const auto &_type{all_type? dbs::ref::NEXT : type}; assert(uint8_t(dbs::ref::NEXT) == 0); const string_view key { dbs::event_refs_key(buf, idx, _type, 0) }; auto it { dbs::event_refs.begin(key) }; for(; it; ++it) { const auto parts { dbs::event_refs_key(it->first) }; const auto &type { std::get<0>(parts) }; if(!all_type && type != _type) break; const auto &ref { std::get<1>(parts) }; assert(idx != ref); if(!closure(ref, type)) return false; } return true; } /////////////////////////////////////////////////////////////////////////////// // // event/prev.h // bool ircd::m::event::prev::prev_event_exists(const size_t &idx) const { return m::exists(prev_state(idx)); } bool ircd::m::event::prev::prev_state_exists(const size_t &idx) const { return m::exists(prev_state(idx)); } bool ircd::m::event::prev::auth_event_exists(const size_t &idx) const { return m::exists(auth_event(idx)); } bool ircd::m::event::prev::prev_events_has(const event::id &event_id) const { for(const json::array &p : json::get<"prev_events"_>(*this)) if(unquote(p.at(0)) == event_id) return true; return false; } bool ircd::m::event::prev::prev_states_has(const event::id &event_id) const { for(const json::array &p : json::get<"prev_state"_>(*this)) if(unquote(p.at(0)) == event_id) return true; return false; } bool ircd::m::event::prev::auth_events_has(const event::id &event_id) const { for(const json::array &p : json::get<"auth_events"_>(*this)) if(unquote(p.at(0)) == event_id) return true; return false; } size_t ircd::m::event::prev::prev_events_count() const { return json::get<"prev_events"_>(*this).count(); } size_t ircd::m::event::prev::prev_states_count() const { return json::get<"prev_state"_>(*this).count(); } size_t ircd::m::event::prev::auth_events_count() const { return json::get<"auth_events"_>(*this).count(); } ircd::m::event::id ircd::m::event::prev::auth_event(const size_t &idx) const { return std::get<0>(auth_events(idx)); } ircd::m::event::id ircd::m::event::prev::prev_state(const size_t &idx) const { return std::get<0>(prev_states(idx)); } ircd::m::event::id ircd::m::event::prev::prev_event(const size_t &idx) const { return std::get<0>(prev_events(idx)); } std::tuple ircd::m::event::prev::auth_events(const size_t &idx) const { const json::array &auth_event { at<"auth_events"_>(*this).at(idx) }; return { unquote(auth_event.at(0)), unquote(auth_event[1]) }; } std::tuple ircd::m::event::prev::prev_states(const size_t &idx) const { const json::array &state_event { at<"prev_state"_>(*this).at(idx) }; return { unquote(state_event.at(0)), unquote(state_event[1]) }; } std::tuple ircd::m::event::prev::prev_events(const size_t &idx) const { const json::array &prev_event { at<"prev_events"_>(*this).at(idx) }; return { unquote(prev_event.at(0)), unquote(prev_event[1]) }; } void ircd::m::for_each(const event::prev &prev, const event::id::closure &closure) { m::for_each(prev, event::id::closure_bool{[&closure] (const event::id &event_id) { closure(event_id); return true; }}); } bool ircd::m::for_each(const event::prev &prev, const event::id::closure_bool &closure) { return json::until(prev, [&closure] (const auto &key, const json::array &prevs) { for(const json::array &prev : prevs) if(!closure(event::id(unquote(prev.at(0))))) return false; return true; }); } /////////////////////////////////////////////////////////////////////////////// // // event/event.h // namespace ircd::m { static json::object make_hashes(const mutable_buffer &out, const sha256::buf &hash); } /// The maximum size of an event we will create. This may also be used in /// some contexts for what we will accept, but the protocol limit and hard /// worst-case buffer size is still event::MAX_SIZE. decltype(ircd::m::event::max_size) ircd::m::event::max_size { { "name", "m.event.max_size" }, { "default", 65507L }, }; ircd::json::object ircd::m::hashes(const mutable_buffer &out, const event &event) { const sha256::buf hash_ { hash(event) }; return make_hashes(out, hash_); } ircd::json::object ircd::m::event::hashes(const mutable_buffer &out, json::iov &event, const string_view &content) { const sha256::buf hash_ { hash(event, content) }; return make_hashes(out, hash_); } ircd::json::object ircd::m::make_hashes(const mutable_buffer &out, const sha256::buf &hash) { static const auto b64bufsz(b64encode_size(sizeof(hash))); thread_local char hashb64buf[b64bufsz]; const json::members hashes { { "sha256", b64encode_unpadded(hashb64buf, hash) } }; return json::stringify(mutable_buffer{out}, hashes); } ircd::sha256::buf ircd::m::event::hash(const json::object &event) try { static const size_t iov_max{json::iov::max_size}; thread_local std::array member; size_t i(0); for(const auto &m : event) { if(m.first == "signatures" || m.first == "hashes" || m.first == "unsigned" || m.first == "age_ts" || m.first == "outlier" || m.first == "destinations") continue; member.at(i++) = m; } thread_local char buf[event::MAX_SIZE]; const string_view reimage { json::stringify(buf, member.data(), member.data() + i) }; return sha256{reimage}; } catch(const std::out_of_range &e) { throw m::BAD_JSON { "Object has more than %zu member properties.", json::iov::max_size }; } ircd::sha256::buf ircd::m::event::hash(json::iov &event, const string_view &content) { const json::iov::push _content { event, { "content", content } }; return m::hash(event); } ircd::sha256::buf ircd::m::hash(const event &event) { if(event.source) return event::hash(event.source); m::event event_{event}; json::get<"signatures"_>(event_) = {}; json::get<"hashes"_>(event_) = {}; thread_local char buf[event::MAX_SIZE]; const string_view preimage { stringify(buf, event_) }; return sha256{preimage}; } bool ircd::m::verify_hash(const event &event) { const sha256::buf hash { m::hash(event) }; return verify_hash(event, hash); } bool ircd::m::verify_hash(const event &event, const sha256::buf &hash) { static const size_t hashb64sz { size_t(hash.size() * 1.34) + 1 }; thread_local char b64buf[hashb64sz]; return verify_sha256b64(event, b64encode_unpadded(b64buf, hash)); } bool ircd::m::verify_sha256b64(const event &event, const string_view &b64) try { const json::object &object { at<"hashes"_>(event) }; const string_view &hash { unquote(object.at("sha256")) }; return hash == b64; } catch(const json::not_found &) { return false; } ircd::json::object ircd::m::event::signatures(const mutable_buffer &out, json::iov &event, const json::iov &content) { const ed25519::sig sig { sign(event, content) }; thread_local char sigb64buf[b64encode_size(sizeof(sig))]; const json::members sigb64 { { self::public_key_id, b64encode_unpadded(sigb64buf, sig) } }; const json::members sigs { { event.at("origin"), sigb64 } }; return json::stringify(mutable_buffer{out}, sigs); } ircd::m::event ircd::m::signatures(const mutable_buffer &out_, const m::event &event_) { thread_local char content[event::MAX_SIZE]; m::event event { essential(event_, content) }; thread_local char buf[event::MAX_SIZE]; const json::object &preimage { stringify(buf, event) }; const ed25519::sig sig { sign(preimage) }; const auto sig_host { my_host(json::get<"origin"_>(event))? json::get<"origin"_>(event): my_host() }; thread_local char sigb64buf[b64encode_size(sizeof(sig))]; const json::member my_sig { sig_host, json::members { { self::public_key_id, b64encode_unpadded(sigb64buf, sig) } } }; static const size_t SIG_MAX{64}; thread_local std::array sigs; size_t i(0); sigs.at(i++) = my_sig; for(const auto &other : json::get<"signatures"_>(event_)) if(!my_host(unquote(other.first))) sigs.at(i++) = { other.first, other.second }; event = event_; mutable_buffer out{out_}; json::get<"signatures"_>(event) = json::stringify(out, sigs.data(), sigs.data() + i); return event; } ircd::ed25519::sig ircd::m::event::sign(json::iov &event, const json::iov &contents) { return sign(event, contents, self::secret_key); } ircd::ed25519::sig ircd::m::event::sign(json::iov &event, const json::iov &contents, const ed25519::sk &sk) { ed25519::sig sig; essential(event, contents, [&sk, &sig] (json::iov &event) { sig = m::sign(event, sk); }); return sig; } ircd::ed25519::sig ircd::m::sign(const event &event) { return sign(event, self::secret_key); } ircd::ed25519::sig ircd::m::sign(const event &event, const ed25519::sk &sk) { thread_local char buf[event::MAX_SIZE]; const string_view preimage { stringify(buf, event) }; return event::sign(preimage, sk); } ircd::ed25519::sig ircd::m::event::sign(const json::object &event) { return sign(event, self::secret_key); } ircd::ed25519::sig ircd::m::event::sign(const json::object &event, const ed25519::sk &sk) { //TODO: skip rewrite thread_local char buf[event::MAX_SIZE]; const string_view preimage { stringify(buf, event) }; return sign(preimage, sk); } ircd::ed25519::sig ircd::m::event::sign(const string_view &event) { return sign(event, self::secret_key); } ircd::ed25519::sig ircd::m::event::sign(const string_view &event, const ed25519::sk &sk) { const ed25519::sig sig { sk.sign(event) }; return sig; } bool ircd::m::verify(const event &event) { const string_view &origin { at<"origin"_>(event) }; return verify(event, origin); } bool ircd::m::verify(const event &event, const string_view &origin) { const json::object &signatures { at<"signatures"_>(event) }; const json::object &origin_sigs { signatures.at(origin) }; for(const auto &p : origin_sigs) if(verify(event, origin, unquote(p.first))) return true; return false; } bool ircd::m::verify(const event &event, const string_view &origin, const string_view &keyid) try { const m::node::id::buf node_id { m::node::id::origin, origin }; const m::node node { node_id }; bool ret{false}; node.key(keyid, [&ret, &event, &origin, &keyid] (const ed25519::pk &pk) { ret = verify(event, pk, origin, keyid); }); return ret; } catch(const m::NOT_FOUND &e) { log::derror { "Failed to verify %s because key %s for %s :%s", string_view{json::get<"event_id"_>(event)}, keyid, origin, e.what() }; return false; } bool ircd::m::verify(const event &event, const ed25519::pk &pk, const string_view &origin, const string_view &keyid) { const json::object &signatures { at<"signatures"_>(event) }; const json::object &origin_sigs { signatures.at(origin) }; const ed25519::sig sig { [&origin_sigs, &keyid](auto &buf) { b64decode(buf, unquote(origin_sigs.at(keyid))); } }; return verify(event, pk, sig); } bool ircd::m::verify(const event &event_, const ed25519::pk &pk, const ed25519::sig &sig) { thread_local char buf[2][event::MAX_SIZE]; m::event event { essential(event_, buf[0]) }; const json::object &preimage { stringify(buf[1], event) }; return pk.verify(preimage, sig); } bool ircd::m::event::verify(const json::object &event, const ed25519::pk &pk, const ed25519::sig &sig) { thread_local char buf[event::MAX_SIZE]; const string_view preimage { stringify(buf, event) }; return pk.verify(preimage, sig); } void ircd::m::event::essential(json::iov &event, const json::iov &contents, const event::closure_iov_mutable &closure) { const auto &type { event.at("type") }; if(type == "m.room.aliases") { const json::iov::push _content{event, { "content", json::members { { "aliases", contents.at("aliases") } } }}; closure(event); } else if(type == "m.room.create") { const json::iov::push _content{event, { "content", json::members { { "creator", contents.at("creator") } } }}; closure(event); } else if(type == "m.room.history_visibility") { const json::iov::push _content{event, { "content", json::members { { "history_visibility", contents.at("history_visibility") } } }}; closure(event); } else if(type == "m.room.join_rules") { const json::iov::push _content{event, { "content", json::members { { "join_rule", contents.at("join_rule") } } }}; closure(event); } else if(type == "m.room.member") { const json::iov::push _content{event, { "content", json::members { { "membership", contents.at("membership") } } }}; closure(event); } else if(type == "m.room.power_levels") { const json::iov::push _content{event, { "content", json::members { { "ban", contents.at("ban") }, { "events", contents.at("events") }, { "events_default", contents.at("events_default") }, { "kick", contents.at("kick") }, { "redact", contents.at("redact") }, { "state_default", contents.at("state_default") }, { "users", contents.at("users") }, { "users_default", contents.at("users_default") }, } }}; closure(event); } else if(type == "m.room.redaction") { // This simply finds the redacts key and swaps it with jsundefined for // the scope's duration. The redacts key will still be present and // visible in the json::iov which is incorrect if directly serialized. // However, this iov is turned into a json::tuple (m::event) which ends // up being serialized for signing. That serialization is where the // jsundefined redacts value is ignored. auto &redacts{event.at("redacts")}; json::value temp(std::move(redacts)); redacts = json::value{}; const unwind _{[&redacts, &temp] { redacts = std::move(temp); }}; const json::iov::push _content { event, { "content", "{}" } }; closure(event); } else { const json::iov::push _content { event, { "content", "{}" } }; closure(event); } } ircd::m::event ircd::m::essential(m::event event, const mutable_buffer &contentbuf) { const auto &type { json::at<"type"_>(event) }; json::object &content { json::get<"content"_>(event) }; mutable_buffer essential { contentbuf }; if(type == "m.room.aliases") { content = json::stringify(essential, json::members { { "aliases", content.at("aliases") } }); } else if(type == "m.room.create") { content = json::stringify(essential, json::members { { "creator", content.at("creator") } }); } else if(type == "m.room.history_visibility") { content = json::stringify(essential, json::members { { "history_visibility", content.at("history_visibility") } }); } else if(type == "m.room.join_rules") { content = json::stringify(essential, json::members { { "join_rule", content.at("join_rule") } }); } else if(type == "m.room.member") { content = json::stringify(essential, json::members { { "membership", content.at("membership") } }); } else if(type == "m.room.power_levels") { content = json::stringify(essential, json::members { { "ban", content.at("ban") }, { "events", content.at("events") }, { "events_default", content.at("events_default") }, { "kick", content.at("kick") }, { "redact", content.at("redact") }, { "state_default", content.at("state_default") }, { "users", content.at("users") }, { "users_default", content.at("users_default") }, }); } else if(type == "m.room.redaction") { json::get<"redacts"_>(event) = string_view{}; content = "{}"_sv; } else { content = "{}"_sv; } json::get<"signatures"_>(event) = {}; return event; } ircd::m::id::event ircd::m::make_id(const event &event, id::event::buf &buf) { const crh::sha256::buf hash{event}; return make_id(event, buf, hash); } ircd::m::id::event ircd::m::make_id(const event &event, id::event::buf &buf, const const_buffer &hash) { char readable[b58encode_size(sha256::digest_size)]; const id::event ret { buf, b58encode(readable, hash), my_host() }; buf.assigned(ret); return ret; } bool ircd::m::before(const event &a, const event &b) { const event::prev prev{b}; return prev.prev_events_has(at<"event_id"_>(a)); } bool ircd::m::operator>=(const event &a, const event &b) { assert(json::get<"room_id"_>(a) == json::get<"room_id"_>(b)); return at<"depth"_>(a) >= at<"depth"_>(b); } bool ircd::m::operator<=(const event &a, const event &b) { assert(json::get<"room_id"_>(a) == json::get<"room_id"_>(b)); return at<"depth"_>(a) <= at<"depth"_>(b); } bool ircd::m::operator>(const event &a, const event &b) { assert(json::get<"room_id"_>(a) == json::get<"room_id"_>(b)); return at<"depth"_>(a) > at<"depth"_>(b); } bool ircd::m::operator<(const event &a, const event &b) { assert(json::get<"room_id"_>(a) == json::get<"room_id"_>(b)); return at<"depth"_>(a) < at<"depth"_>(b); } bool ircd::m::operator==(const event &a, const event &b) { assert(json::get<"room_id"_>(a) == json::get<"room_id"_>(b)); return at<"event_id"_>(a) == at<"event_id"_>(b); } bool ircd::m::bad(const id::event &event_id) { bool ret {false}; index(event_id, std::nothrow, [&ret] (const event::idx &event_idx) { ret = event_idx == 0; }); return ret; } size_t ircd::m::count(const event::prev &prev) { size_t ret{0}; m::for_each(prev, [&ret](const event::id &event_id) { ++ret; }); return ret; } bool ircd::m::good(const id::event &event_id) { return index(event_id, std::nothrow) != 0; } bool ircd::m::exists(const id::event &event_id, const bool &good) { return good? m::good(event_id): m::exists(event_id); } bool ircd::m::exists(const id::event &event_id) { auto &column { dbs::event_idx }; return has(column, event_id); } ircd::string_view ircd::m::membership(const event &event) { const json::object &content { json::get<"content"_>(event) }; const string_view &membership { json::get<"membership"_>(event) }; if(membership) return membership; const json::string &content_membership { content.get("membership") }; return content_membership; } size_t ircd::m::degree(const event &event) { return degree(event::prev{event}); } size_t ircd::m::degree(const event::prev &prev) { size_t ret{0}; json::for_each(prev, [&ret] (const auto &, const json::array &prevs) { ret += prevs.count(); }); return ret; } bool ircd::m::my(const event &event) { const auto &origin(json::get<"origin"_>(event)); const auto &eid(json::get<"event_id"_>(event)); return origin? my_host(origin): eid? my(event::id(eid)): false; } bool ircd::m::my(const id::event &event_id) { return self::host(event_id.host()); } // // event::event // ircd::m::event::event(const json::object &source) :super_type { source } ,source { source } { } ircd::m::event::event(const json::object &source, const keys &keys) :super_type { source, keys } ,source { source } { }