mirror of
https://mau.dev/maunium/synapse.git
synced 2025-01-23 09:20:05 +01:00
Merge pull request #2352 from matrix-org/erikj/group_server_split
Initial Group Server
This commit is contained in:
commit
28e8c46f29
11 changed files with 1206 additions and 11 deletions
|
@ -471,3 +471,49 @@ class TransportLayerClient(object):
|
||||||
)
|
)
|
||||||
|
|
||||||
defer.returnValue(content)
|
defer.returnValue(content)
|
||||||
|
|
||||||
|
@log_function
|
||||||
|
def invite_to_group_notification(self, destination, group_id, user_id, content):
|
||||||
|
"""Sent by group server to inform a user's server that they have been
|
||||||
|
invited.
|
||||||
|
"""
|
||||||
|
|
||||||
|
path = PREFIX + "/groups/local/%s/users/%s/invite" % (group_id, user_id)
|
||||||
|
|
||||||
|
return self.client.post_json(
|
||||||
|
destination=destination,
|
||||||
|
path=path,
|
||||||
|
data=content,
|
||||||
|
ignore_backoff=True,
|
||||||
|
)
|
||||||
|
|
||||||
|
@log_function
|
||||||
|
def remove_user_from_group_notification(self, destination, group_id, user_id,
|
||||||
|
content):
|
||||||
|
"""Sent by group server to inform a user's server that they have been
|
||||||
|
kicked from the group.
|
||||||
|
"""
|
||||||
|
|
||||||
|
path = PREFIX + "/groups/local/%s/users/%s/remove" % (group_id, user_id)
|
||||||
|
|
||||||
|
return self.client.post_json(
|
||||||
|
destination=destination,
|
||||||
|
path=path,
|
||||||
|
data=content,
|
||||||
|
ignore_backoff=True,
|
||||||
|
)
|
||||||
|
|
||||||
|
@log_function
|
||||||
|
def renew_group_attestation(self, destination, group_id, user_id, content):
|
||||||
|
"""Sent by either a group server or a user's server to periodically update
|
||||||
|
the attestations
|
||||||
|
"""
|
||||||
|
|
||||||
|
path = PREFIX + "/groups/%s/renew_attestation/%s" % (group_id, user_id)
|
||||||
|
|
||||||
|
return self.client.post_json(
|
||||||
|
destination=destination,
|
||||||
|
path=path,
|
||||||
|
data=content,
|
||||||
|
ignore_backoff=True,
|
||||||
|
)
|
||||||
|
|
|
@ -25,7 +25,7 @@ from synapse.http.servlet import (
|
||||||
from synapse.util.ratelimitutils import FederationRateLimiter
|
from synapse.util.ratelimitutils import FederationRateLimiter
|
||||||
from synapse.util.versionstring import get_version_string
|
from synapse.util.versionstring import get_version_string
|
||||||
from synapse.util.logcontext import preserve_fn
|
from synapse.util.logcontext import preserve_fn
|
||||||
from synapse.types import ThirdPartyInstanceID
|
from synapse.types import ThirdPartyInstanceID, get_domain_from_id
|
||||||
|
|
||||||
import functools
|
import functools
|
||||||
import logging
|
import logging
|
||||||
|
@ -609,6 +609,147 @@ class FederationVersionServlet(BaseFederationServlet):
|
||||||
}))
|
}))
|
||||||
|
|
||||||
|
|
||||||
|
class FederationGroupsProfileServlet(BaseFederationServlet):
|
||||||
|
"""Get the basic profile of a group on behalf of a user
|
||||||
|
"""
|
||||||
|
PATH = "/groups/(?P<group_id>[^/]*)/profile$"
|
||||||
|
|
||||||
|
@defer.inlineCallbacks
|
||||||
|
def on_POST(self, origin, content, query, group_id):
|
||||||
|
requester_user_id = content["requester_user_id"]
|
||||||
|
if get_domain_from_id(requester_user_id) != origin:
|
||||||
|
raise SynapseError(403, "requester_user_id doesn't match origin")
|
||||||
|
|
||||||
|
new_content = yield self.handler.get_group_profile(
|
||||||
|
group_id, requester_user_id
|
||||||
|
)
|
||||||
|
|
||||||
|
defer.returnValue((200, new_content))
|
||||||
|
|
||||||
|
|
||||||
|
class FederationGroupsRoomsServlet(BaseFederationServlet):
|
||||||
|
"""Get the rooms in a group on behalf of a user
|
||||||
|
"""
|
||||||
|
PATH = "/groups/(?P<group_id>[^/]*)/rooms$"
|
||||||
|
|
||||||
|
@defer.inlineCallbacks
|
||||||
|
def on_POST(self, origin, content, query, group_id):
|
||||||
|
requester_user_id = content["requester_user_id"]
|
||||||
|
if get_domain_from_id(requester_user_id) != origin:
|
||||||
|
raise SynapseError(403, "requester_user_id doesn't match origin")
|
||||||
|
|
||||||
|
new_content = yield self.handler.get_rooms_in_group(
|
||||||
|
group_id, requester_user_id
|
||||||
|
)
|
||||||
|
|
||||||
|
defer.returnValue((200, new_content))
|
||||||
|
|
||||||
|
|
||||||
|
class FederationGroupsAddRoomsServlet(BaseFederationServlet):
|
||||||
|
"""Add room to group
|
||||||
|
"""
|
||||||
|
PATH = "/groups/(?P<group_id>[^/]*)/room/(?<room_id>)$"
|
||||||
|
|
||||||
|
@defer.inlineCallbacks
|
||||||
|
def on_POST(self, origin, content, query, group_id, room_id):
|
||||||
|
requester_user_id = content["requester_user_id"]
|
||||||
|
if get_domain_from_id(requester_user_id) != origin:
|
||||||
|
raise SynapseError(403, "requester_user_id doesn't match origin")
|
||||||
|
|
||||||
|
new_content = yield self.handler.add_room(
|
||||||
|
group_id, requester_user_id, room_id, content
|
||||||
|
)
|
||||||
|
|
||||||
|
defer.returnValue((200, new_content))
|
||||||
|
|
||||||
|
|
||||||
|
class FederationGroupsUsersServlet(BaseFederationServlet):
|
||||||
|
"""Get the users in a group on behalf of a user
|
||||||
|
"""
|
||||||
|
PATH = "/groups/(?P<group_id>[^/]*)/users$"
|
||||||
|
|
||||||
|
@defer.inlineCallbacks
|
||||||
|
def on_POST(self, origin, content, query, group_id):
|
||||||
|
requester_user_id = content["requester_user_id"]
|
||||||
|
if get_domain_from_id(requester_user_id) != origin:
|
||||||
|
raise SynapseError(403, "requester_user_id doesn't match origin")
|
||||||
|
|
||||||
|
new_content = yield self.handler.get_users_in_group(
|
||||||
|
group_id, requester_user_id
|
||||||
|
)
|
||||||
|
|
||||||
|
defer.returnValue((200, new_content))
|
||||||
|
|
||||||
|
|
||||||
|
class FederationGroupsInviteServlet(BaseFederationServlet):
|
||||||
|
"""Ask a group server to invite someone to the group
|
||||||
|
"""
|
||||||
|
PATH = "/groups/(?P<group_id>[^/]*)/users/(?P<user_id>[^/]*)/invite$"
|
||||||
|
|
||||||
|
@defer.inlineCallbacks
|
||||||
|
def on_POST(self, origin, content, query, group_id, user_id):
|
||||||
|
requester_user_id = content["requester_user_id"]
|
||||||
|
if get_domain_from_id(requester_user_id) != origin:
|
||||||
|
raise SynapseError(403, "requester_user_id doesn't match origin")
|
||||||
|
|
||||||
|
new_content = yield self.handler.invite_to_group(
|
||||||
|
group_id, user_id, requester_user_id, content,
|
||||||
|
)
|
||||||
|
|
||||||
|
defer.returnValue((200, new_content))
|
||||||
|
|
||||||
|
|
||||||
|
class FederationGroupsAcceptInviteServlet(BaseFederationServlet):
|
||||||
|
"""Accept an invitation from the group server
|
||||||
|
"""
|
||||||
|
PATH = "/groups/(?P<group_id>[^/]*)/users/(?P<user_id>[^/]*)/accept_invite$"
|
||||||
|
|
||||||
|
@defer.inlineCallbacks
|
||||||
|
def on_POST(self, origin, content, query, group_id, user_id):
|
||||||
|
if get_domain_from_id(user_id) != origin:
|
||||||
|
raise SynapseError(403, "user_id doesn't match origin")
|
||||||
|
|
||||||
|
new_content = yield self.handler.accept_invite(
|
||||||
|
group_id, user_id, content,
|
||||||
|
)
|
||||||
|
|
||||||
|
defer.returnValue((200, new_content))
|
||||||
|
|
||||||
|
|
||||||
|
class FederationGroupsRemoveUserServlet(BaseFederationServlet):
|
||||||
|
"""Leave or kick a user from the group
|
||||||
|
"""
|
||||||
|
PATH = "/groups/(?P<group_id>[^/]*)/users/(?P<user_id>[^/]*)/remove$"
|
||||||
|
|
||||||
|
@defer.inlineCallbacks
|
||||||
|
def on_POST(self, origin, content, query, group_id, user_id):
|
||||||
|
requester_user_id = content["requester_user_id"]
|
||||||
|
if get_domain_from_id(requester_user_id) != origin:
|
||||||
|
raise SynapseError(403, "requester_user_id doesn't match origin")
|
||||||
|
|
||||||
|
new_content = yield self.handler.remove_user_from_group(
|
||||||
|
group_id, user_id, requester_user_id, content,
|
||||||
|
)
|
||||||
|
|
||||||
|
defer.returnValue((200, new_content))
|
||||||
|
|
||||||
|
|
||||||
|
class FederationGroupsRenewAttestaionServlet(BaseFederationServlet):
|
||||||
|
"""A group or user's server renews their attestation
|
||||||
|
"""
|
||||||
|
PATH = "/groups/(?P<group_id>[^/]*)/renew_attestation/(?P<user_id>[^/]*)$"
|
||||||
|
|
||||||
|
@defer.inlineCallbacks
|
||||||
|
def on_POST(self, origin, content, query, group_id, user_id):
|
||||||
|
# We don't need to check auth here as we check the attestation signatures
|
||||||
|
|
||||||
|
new_content = yield self.handler.on_renew_group_attestation(
|
||||||
|
origin, content, group_id, user_id
|
||||||
|
)
|
||||||
|
|
||||||
|
defer.returnValue((200, new_content))
|
||||||
|
|
||||||
|
|
||||||
FEDERATION_SERVLET_CLASSES = (
|
FEDERATION_SERVLET_CLASSES = (
|
||||||
FederationSendServlet,
|
FederationSendServlet,
|
||||||
FederationPullServlet,
|
FederationPullServlet,
|
||||||
|
@ -635,11 +776,27 @@ FEDERATION_SERVLET_CLASSES = (
|
||||||
FederationVersionServlet,
|
FederationVersionServlet,
|
||||||
)
|
)
|
||||||
|
|
||||||
|
|
||||||
ROOM_LIST_CLASSES = (
|
ROOM_LIST_CLASSES = (
|
||||||
PublicRoomList,
|
PublicRoomList,
|
||||||
)
|
)
|
||||||
|
|
||||||
|
|
||||||
|
GROUP_SERVER_SERVLET_CLASSES = (
|
||||||
|
FederationGroupsProfileServlet,
|
||||||
|
FederationGroupsRoomsServlet,
|
||||||
|
FederationGroupsUsersServlet,
|
||||||
|
FederationGroupsInviteServlet,
|
||||||
|
FederationGroupsAcceptInviteServlet,
|
||||||
|
FederationGroupsRemoveUserServlet,
|
||||||
|
)
|
||||||
|
|
||||||
|
|
||||||
|
GROUP_ATTESTATION_SERVLET_CLASSES = (
|
||||||
|
FederationGroupsRenewAttestaionServlet,
|
||||||
|
)
|
||||||
|
|
||||||
|
|
||||||
def register_servlets(hs, resource, authenticator, ratelimiter):
|
def register_servlets(hs, resource, authenticator, ratelimiter):
|
||||||
for servletclass in FEDERATION_SERVLET_CLASSES:
|
for servletclass in FEDERATION_SERVLET_CLASSES:
|
||||||
servletclass(
|
servletclass(
|
||||||
|
@ -656,3 +813,19 @@ def register_servlets(hs, resource, authenticator, ratelimiter):
|
||||||
ratelimiter=ratelimiter,
|
ratelimiter=ratelimiter,
|
||||||
server_name=hs.hostname,
|
server_name=hs.hostname,
|
||||||
).register(resource)
|
).register(resource)
|
||||||
|
|
||||||
|
for servletclass in GROUP_SERVER_SERVLET_CLASSES:
|
||||||
|
servletclass(
|
||||||
|
handler=hs.get_groups_server_handler(),
|
||||||
|
authenticator=authenticator,
|
||||||
|
ratelimiter=ratelimiter,
|
||||||
|
server_name=hs.hostname,
|
||||||
|
).register(resource)
|
||||||
|
|
||||||
|
for servletclass in GROUP_ATTESTATION_SERVLET_CLASSES:
|
||||||
|
servletclass(
|
||||||
|
handler=hs.get_groups_attestation_renewer(),
|
||||||
|
authenticator=authenticator,
|
||||||
|
ratelimiter=ratelimiter,
|
||||||
|
server_name=hs.hostname,
|
||||||
|
).register(resource)
|
||||||
|
|
0
synapse/groups/__init__.py
Normal file
0
synapse/groups/__init__.py
Normal file
150
synapse/groups/attestations.py
Normal file
150
synapse/groups/attestations.py
Normal file
|
@ -0,0 +1,150 @@
|
||||||
|
# -*- coding: utf-8 -*-
|
||||||
|
# Copyright 2017 Vector Creations Ltd
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
# you may not use this file except in compliance with the License.
|
||||||
|
# You may obtain a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
# See the License for the specific language governing permissions and
|
||||||
|
# limitations under the License.
|
||||||
|
|
||||||
|
from twisted.internet import defer
|
||||||
|
|
||||||
|
from synapse.api.errors import SynapseError
|
||||||
|
from synapse.types import get_domain_from_id
|
||||||
|
from synapse.util.logcontext import preserve_fn
|
||||||
|
|
||||||
|
from signedjson.sign import sign_json
|
||||||
|
|
||||||
|
|
||||||
|
# Default validity duration for new attestations we create
|
||||||
|
DEFAULT_ATTESTATION_LENGTH_MS = 3 * 24 * 60 * 60 * 1000
|
||||||
|
|
||||||
|
# Start trying to update our attestations when they come this close to expiring
|
||||||
|
UPDATE_ATTESTATION_TIME_MS = 1 * 24 * 60 * 60 * 1000
|
||||||
|
|
||||||
|
|
||||||
|
class GroupAttestationSigning(object):
|
||||||
|
"""Creates and verifies group attestations.
|
||||||
|
"""
|
||||||
|
def __init__(self, hs):
|
||||||
|
self.keyring = hs.get_keyring()
|
||||||
|
self.clock = hs.get_clock()
|
||||||
|
self.server_name = hs.hostname
|
||||||
|
self.signing_key = hs.config.signing_key[0]
|
||||||
|
|
||||||
|
@defer.inlineCallbacks
|
||||||
|
def verify_attestation(self, attestation, group_id, user_id, server_name=None):
|
||||||
|
"""Verifies that the given attestation matches the given parameters.
|
||||||
|
|
||||||
|
An optional server_name can be supplied to explicitly set which server's
|
||||||
|
signature is expected. Otherwise assumes that either the group_id or user_id
|
||||||
|
is local and uses the other's server as the one to check.
|
||||||
|
"""
|
||||||
|
|
||||||
|
if not server_name:
|
||||||
|
if get_domain_from_id(group_id) == self.server_name:
|
||||||
|
server_name = get_domain_from_id(user_id)
|
||||||
|
elif get_domain_from_id(user_id) == self.server_name:
|
||||||
|
server_name = get_domain_from_id(group_id)
|
||||||
|
else:
|
||||||
|
raise Exception("Expected either group_id or user_id to be local")
|
||||||
|
|
||||||
|
if user_id != attestation["user_id"]:
|
||||||
|
raise SynapseError(400, "Attestation has incorrect user_id")
|
||||||
|
|
||||||
|
if group_id != attestation["group_id"]:
|
||||||
|
raise SynapseError(400, "Attestation has incorrect group_id")
|
||||||
|
valid_until_ms = attestation["valid_until_ms"]
|
||||||
|
|
||||||
|
# TODO: We also want to check that *new* attestations that people give
|
||||||
|
# us to store are valid for at least a little while.
|
||||||
|
if valid_until_ms < self.clock.time_msec():
|
||||||
|
raise SynapseError(400, "Attestation expired")
|
||||||
|
|
||||||
|
yield self.keyring.verify_json_for_server(server_name, attestation)
|
||||||
|
|
||||||
|
def create_attestation(self, group_id, user_id):
|
||||||
|
"""Create an attestation for the group_id and user_id with default
|
||||||
|
validity length.
|
||||||
|
"""
|
||||||
|
return sign_json({
|
||||||
|
"group_id": group_id,
|
||||||
|
"user_id": user_id,
|
||||||
|
"valid_until_ms": self.clock.time_msec() + DEFAULT_ATTESTATION_LENGTH_MS,
|
||||||
|
}, self.server_name, self.signing_key)
|
||||||
|
|
||||||
|
|
||||||
|
class GroupAttestionRenewer(object):
|
||||||
|
"""Responsible for sending and receiving attestation updates.
|
||||||
|
"""
|
||||||
|
|
||||||
|
def __init__(self, hs):
|
||||||
|
self.clock = hs.get_clock()
|
||||||
|
self.store = hs.get_datastore()
|
||||||
|
self.assestations = hs.get_groups_attestation_signing()
|
||||||
|
self.transport_client = hs.get_federation_transport_client()
|
||||||
|
self.is_mine_id = hs.is_mine_id
|
||||||
|
|
||||||
|
self._renew_attestations_loop = self.clock.looping_call(
|
||||||
|
self._renew_attestations, 30 * 60 * 1000,
|
||||||
|
)
|
||||||
|
|
||||||
|
@defer.inlineCallbacks
|
||||||
|
def on_renew_attestation(self, group_id, user_id, content):
|
||||||
|
"""When a remote updates an attestation
|
||||||
|
"""
|
||||||
|
attestation = content["attestation"]
|
||||||
|
|
||||||
|
if not self.is_mine_id(group_id) and not self.is_mine_id(user_id):
|
||||||
|
raise SynapseError(400, "Neither user not group are on this server")
|
||||||
|
|
||||||
|
yield self.attestations.verify_attestation(
|
||||||
|
attestation,
|
||||||
|
user_id=user_id,
|
||||||
|
group_id=group_id,
|
||||||
|
)
|
||||||
|
|
||||||
|
yield self.store.update_remote_attestion(group_id, user_id, attestation)
|
||||||
|
|
||||||
|
defer.returnValue({})
|
||||||
|
|
||||||
|
@defer.inlineCallbacks
|
||||||
|
def _renew_attestations(self):
|
||||||
|
"""Called periodically to check if we need to update any of our attestations
|
||||||
|
"""
|
||||||
|
|
||||||
|
now = self.clock.time_msec()
|
||||||
|
|
||||||
|
rows = yield self.store.get_attestations_need_renewals(
|
||||||
|
now + UPDATE_ATTESTATION_TIME_MS
|
||||||
|
)
|
||||||
|
|
||||||
|
@defer.inlineCallbacks
|
||||||
|
def _renew_attestation(self, group_id, user_id):
|
||||||
|
attestation = self.attestations.create_attestation(group_id, user_id)
|
||||||
|
|
||||||
|
if self.hs.is_mine_id(group_id):
|
||||||
|
destination = get_domain_from_id(user_id)
|
||||||
|
else:
|
||||||
|
destination = get_domain_from_id(group_id)
|
||||||
|
|
||||||
|
yield self.transport_client.renew_group_attestation(
|
||||||
|
destination, group_id, user_id,
|
||||||
|
content={"attestation": attestation},
|
||||||
|
)
|
||||||
|
|
||||||
|
yield self.store.update_attestation_renewal(
|
||||||
|
group_id, user_id, attestation
|
||||||
|
)
|
||||||
|
|
||||||
|
for row in rows:
|
||||||
|
group_id = row["group_id"]
|
||||||
|
user_id = row["user_id"]
|
||||||
|
|
||||||
|
preserve_fn(_renew_attestation)(group_id, user_id)
|
420
synapse/groups/groups_server.py
Normal file
420
synapse/groups/groups_server.py
Normal file
|
@ -0,0 +1,420 @@
|
||||||
|
# -*- coding: utf-8 -*-
|
||||||
|
# Copyright 2017 Vector Creations Ltd
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
# you may not use this file except in compliance with the License.
|
||||||
|
# You may obtain a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
# See the License for the specific language governing permissions and
|
||||||
|
# limitations under the License.
|
||||||
|
|
||||||
|
from twisted.internet import defer
|
||||||
|
|
||||||
|
from synapse.api.errors import SynapseError
|
||||||
|
from synapse.types import UserID, get_domain_from_id
|
||||||
|
|
||||||
|
|
||||||
|
import logging
|
||||||
|
|
||||||
|
logger = logging.getLogger(__name__)
|
||||||
|
|
||||||
|
|
||||||
|
# TODO: Allow users to "knock" or simpkly join depending on rules
|
||||||
|
# TODO: Federation admin APIs
|
||||||
|
# TODO: is_priveged flag to users and is_public to users and rooms
|
||||||
|
# TODO: Audit log for admins (profile updates, membership changes, users who tried
|
||||||
|
# to join but were rejected, etc)
|
||||||
|
# TODO: Flairs
|
||||||
|
|
||||||
|
|
||||||
|
class GroupsServerHandler(object):
|
||||||
|
def __init__(self, hs):
|
||||||
|
self.hs = hs
|
||||||
|
self.store = hs.get_datastore()
|
||||||
|
self.room_list_handler = hs.get_room_list_handler()
|
||||||
|
self.auth = hs.get_auth()
|
||||||
|
self.clock = hs.get_clock()
|
||||||
|
self.keyring = hs.get_keyring()
|
||||||
|
self.is_mine_id = hs.is_mine_id
|
||||||
|
self.signing_key = hs.config.signing_key[0]
|
||||||
|
self.server_name = hs.hostname
|
||||||
|
self.attestations = hs.get_groups_attestation_signing()
|
||||||
|
self.transport_client = hs.get_federation_transport_client()
|
||||||
|
|
||||||
|
# Ensure attestations get renewed
|
||||||
|
hs.get_groups_attestation_renewer()
|
||||||
|
|
||||||
|
@defer.inlineCallbacks
|
||||||
|
def check_group_is_ours(self, group_id, and_exists=False):
|
||||||
|
"""Check that the group is ours, and optionally if it exists.
|
||||||
|
|
||||||
|
If group does exist then return group.
|
||||||
|
"""
|
||||||
|
if not self.is_mine_id(group_id):
|
||||||
|
raise SynapseError(400, "Group not on this server")
|
||||||
|
|
||||||
|
group = yield self.store.get_group(group_id)
|
||||||
|
if and_exists and not group:
|
||||||
|
raise SynapseError(404, "Unknown group")
|
||||||
|
|
||||||
|
defer.returnValue(group)
|
||||||
|
|
||||||
|
@defer.inlineCallbacks
|
||||||
|
def get_group_profile(self, group_id, requester_user_id):
|
||||||
|
"""Get the group profile as seen by requester_user_id
|
||||||
|
"""
|
||||||
|
|
||||||
|
yield self.check_group_is_ours(group_id)
|
||||||
|
|
||||||
|
group_description = yield self.store.get_group(group_id)
|
||||||
|
|
||||||
|
if group_description:
|
||||||
|
defer.returnValue(group_description)
|
||||||
|
else:
|
||||||
|
raise SynapseError(404, "Unknown group")
|
||||||
|
|
||||||
|
@defer.inlineCallbacks
|
||||||
|
def get_users_in_group(self, group_id, requester_user_id):
|
||||||
|
"""Get the users in group as seen by requester_user_id.
|
||||||
|
|
||||||
|
The ordering is arbitrary at the moment
|
||||||
|
"""
|
||||||
|
|
||||||
|
yield self.check_group_is_ours(group_id, and_exists=True)
|
||||||
|
|
||||||
|
is_user_in_group = yield self.store.is_user_in_group(requester_user_id, group_id)
|
||||||
|
|
||||||
|
user_results = yield self.store.get_users_in_group(
|
||||||
|
group_id, include_private=is_user_in_group,
|
||||||
|
)
|
||||||
|
|
||||||
|
chunk = []
|
||||||
|
for user_result in user_results:
|
||||||
|
g_user_id = user_result["user_id"]
|
||||||
|
is_public = user_result["is_public"]
|
||||||
|
|
||||||
|
entry = {"user_id": g_user_id}
|
||||||
|
|
||||||
|
# TODO: Get profile information
|
||||||
|
|
||||||
|
if not is_public:
|
||||||
|
entry["is_public"] = False
|
||||||
|
|
||||||
|
if not self.is_mine_id(requester_user_id):
|
||||||
|
attestation = yield self.store.get_remote_attestation(group_id, g_user_id)
|
||||||
|
if not attestation:
|
||||||
|
continue
|
||||||
|
|
||||||
|
entry["attestation"] = attestation
|
||||||
|
else:
|
||||||
|
entry["attestation"] = self.attestations.create_attestation(
|
||||||
|
group_id, g_user_id,
|
||||||
|
)
|
||||||
|
|
||||||
|
chunk.append(entry)
|
||||||
|
|
||||||
|
# TODO: If admin add lists of users whose attestations have timed out
|
||||||
|
|
||||||
|
defer.returnValue({
|
||||||
|
"chunk": chunk,
|
||||||
|
"total_user_count_estimate": len(user_results),
|
||||||
|
})
|
||||||
|
|
||||||
|
@defer.inlineCallbacks
|
||||||
|
def get_rooms_in_group(self, group_id, requester_user_id):
|
||||||
|
"""Get the rooms in group as seen by requester_user_id
|
||||||
|
|
||||||
|
This returns rooms in order of decreasing number of joined users
|
||||||
|
"""
|
||||||
|
|
||||||
|
yield self.check_group_is_ours(group_id, and_exists=True)
|
||||||
|
|
||||||
|
is_user_in_group = yield self.store.is_user_in_group(requester_user_id, group_id)
|
||||||
|
|
||||||
|
room_results = yield self.store.get_rooms_in_group(
|
||||||
|
group_id, include_private=is_user_in_group,
|
||||||
|
)
|
||||||
|
|
||||||
|
chunk = []
|
||||||
|
for room_result in room_results:
|
||||||
|
room_id = room_result["room_id"]
|
||||||
|
is_public = room_result["is_public"]
|
||||||
|
|
||||||
|
joined_users = yield self.store.get_users_in_room(room_id)
|
||||||
|
entry = yield self.room_list_handler.generate_room_entry(
|
||||||
|
room_id, len(joined_users),
|
||||||
|
with_alias=False, allow_private=True,
|
||||||
|
)
|
||||||
|
|
||||||
|
if not entry:
|
||||||
|
continue
|
||||||
|
|
||||||
|
if not is_public:
|
||||||
|
entry["is_public"] = False
|
||||||
|
|
||||||
|
chunk.append(entry)
|
||||||
|
|
||||||
|
chunk.sort(key=lambda e: -e["num_joined_members"])
|
||||||
|
|
||||||
|
defer.returnValue({
|
||||||
|
"chunk": chunk,
|
||||||
|
"total_room_count_estimate": len(room_results),
|
||||||
|
})
|
||||||
|
|
||||||
|
@defer.inlineCallbacks
|
||||||
|
def add_room(self, group_id, requester_user_id, room_id, content):
|
||||||
|
"""Add room to group
|
||||||
|
"""
|
||||||
|
|
||||||
|
yield self.check_group_is_ours(group_id, and_exists=True)
|
||||||
|
|
||||||
|
is_admin = yield self.store.is_user_admin_in_group(group_id, requester_user_id)
|
||||||
|
if not is_admin:
|
||||||
|
raise SynapseError(403, "User is not admin in group")
|
||||||
|
|
||||||
|
# TODO: Check if room has already been added
|
||||||
|
|
||||||
|
is_public = _parse_visibility_from_contents(content)
|
||||||
|
|
||||||
|
yield self.store.add_room_to_group(group_id, room_id, is_public=is_public)
|
||||||
|
|
||||||
|
defer.returnValue({})
|
||||||
|
|
||||||
|
@defer.inlineCallbacks
|
||||||
|
def invite_to_group(self, group_id, user_id, requester_user_id, content):
|
||||||
|
"""Invite user to group
|
||||||
|
"""
|
||||||
|
|
||||||
|
group = yield self.check_group_is_ours(group_id, and_exists=True)
|
||||||
|
|
||||||
|
is_admin = yield self.store.is_user_admin_in_group(
|
||||||
|
group_id, requester_user_id
|
||||||
|
)
|
||||||
|
if not is_admin:
|
||||||
|
raise SynapseError(403, "User is not admin in group")
|
||||||
|
|
||||||
|
# TODO: Check if user knocked
|
||||||
|
# TODO: Check if user is already invited
|
||||||
|
|
||||||
|
content = {
|
||||||
|
"profile": {
|
||||||
|
"name": group["name"],
|
||||||
|
"avatar_url": group["avatar_url"],
|
||||||
|
},
|
||||||
|
"inviter": requester_user_id,
|
||||||
|
}
|
||||||
|
|
||||||
|
if self.hs.is_mine_id(user_id):
|
||||||
|
raise NotImplementedError()
|
||||||
|
else:
|
||||||
|
local_attestation = self.attestations.create_attestation(group_id, user_id)
|
||||||
|
content.update({
|
||||||
|
"attestation": local_attestation,
|
||||||
|
})
|
||||||
|
|
||||||
|
res = yield self.transport_client.invite_to_group_notification(
|
||||||
|
get_domain_from_id(user_id), group_id, user_id, content
|
||||||
|
)
|
||||||
|
|
||||||
|
if res["state"] == "join":
|
||||||
|
if not self.hs.is_mine_id(user_id):
|
||||||
|
remote_attestation = res["attestation"]
|
||||||
|
|
||||||
|
yield self.attestations.verify_attestation(
|
||||||
|
remote_attestation,
|
||||||
|
user_id=user_id,
|
||||||
|
group_id=group_id,
|
||||||
|
)
|
||||||
|
else:
|
||||||
|
remote_attestation = None
|
||||||
|
|
||||||
|
yield self.store.add_user_to_group(
|
||||||
|
group_id, user_id,
|
||||||
|
is_admin=False,
|
||||||
|
is_public=False, # TODO
|
||||||
|
local_attestation=local_attestation,
|
||||||
|
remote_attestation=remote_attestation,
|
||||||
|
)
|
||||||
|
elif res["state"] == "invite":
|
||||||
|
yield self.store.add_group_invite(
|
||||||
|
group_id, user_id,
|
||||||
|
)
|
||||||
|
defer.returnValue({
|
||||||
|
"state": "invite"
|
||||||
|
})
|
||||||
|
elif res["state"] == "reject":
|
||||||
|
defer.returnValue({
|
||||||
|
"state": "reject"
|
||||||
|
})
|
||||||
|
else:
|
||||||
|
raise SynapseError(502, "Unknown state returned by HS")
|
||||||
|
|
||||||
|
@defer.inlineCallbacks
|
||||||
|
def accept_invite(self, group_id, user_id, content):
|
||||||
|
"""User tries to accept an invite to the group.
|
||||||
|
|
||||||
|
This is different from them asking to join, and so should error if no
|
||||||
|
invite exists (and they're not a member of the group)
|
||||||
|
"""
|
||||||
|
|
||||||
|
yield self.check_group_is_ours(group_id, and_exists=True)
|
||||||
|
|
||||||
|
if not self.store.is_user_invited_to_local_group(group_id, user_id):
|
||||||
|
raise SynapseError(403, "User not invited to group")
|
||||||
|
|
||||||
|
if not self.hs.is_mine_id(user_id):
|
||||||
|
remote_attestation = content["attestation"]
|
||||||
|
|
||||||
|
yield self.attestations.verify_attestation(
|
||||||
|
remote_attestation,
|
||||||
|
user_id=user_id,
|
||||||
|
group_id=group_id,
|
||||||
|
)
|
||||||
|
else:
|
||||||
|
remote_attestation = None
|
||||||
|
|
||||||
|
local_attestation = self.attestations.create_attestation(group_id, user_id)
|
||||||
|
|
||||||
|
is_public = _parse_visibility_from_contents(content)
|
||||||
|
|
||||||
|
yield self.store.add_user_to_group(
|
||||||
|
group_id, user_id,
|
||||||
|
is_admin=False,
|
||||||
|
is_public=is_public,
|
||||||
|
local_attestation=local_attestation,
|
||||||
|
remote_attestation=remote_attestation,
|
||||||
|
)
|
||||||
|
|
||||||
|
defer.returnValue({
|
||||||
|
"state": "join",
|
||||||
|
"attestation": local_attestation,
|
||||||
|
})
|
||||||
|
|
||||||
|
@defer.inlineCallbacks
|
||||||
|
def knock(self, group_id, user_id, content):
|
||||||
|
"""A user requests becoming a member of the group
|
||||||
|
"""
|
||||||
|
yield self.check_group_is_ours(group_id, and_exists=True)
|
||||||
|
|
||||||
|
raise NotImplementedError()
|
||||||
|
|
||||||
|
@defer.inlineCallbacks
|
||||||
|
def accept_knock(self, group_id, user_id, content):
|
||||||
|
"""Accept a users knock to the room.
|
||||||
|
|
||||||
|
Errors if the user hasn't knocked, rather than inviting them.
|
||||||
|
"""
|
||||||
|
|
||||||
|
yield self.check_group_is_ours(group_id, and_exists=True)
|
||||||
|
|
||||||
|
raise NotImplementedError()
|
||||||
|
|
||||||
|
@defer.inlineCallbacks
|
||||||
|
def remove_user_from_group(self, group_id, user_id, requester_user_id, content):
|
||||||
|
"""Remove a user from the group; either a user is leaving or and admin
|
||||||
|
kicked htem.
|
||||||
|
"""
|
||||||
|
|
||||||
|
yield self.check_group_is_ours(group_id, and_exists=True)
|
||||||
|
|
||||||
|
is_kick = False
|
||||||
|
if requester_user_id != user_id:
|
||||||
|
is_admin = yield self.store.is_user_admin_in_group(
|
||||||
|
group_id, requester_user_id
|
||||||
|
)
|
||||||
|
if not is_admin:
|
||||||
|
raise SynapseError(403, "User is not admin in group")
|
||||||
|
|
||||||
|
is_kick = True
|
||||||
|
|
||||||
|
yield self.store.remove_user_from_group(
|
||||||
|
group_id, user_id,
|
||||||
|
)
|
||||||
|
|
||||||
|
if is_kick:
|
||||||
|
if self.hs.is_mine_id(user_id):
|
||||||
|
raise NotImplementedError()
|
||||||
|
else:
|
||||||
|
yield self.transport_client.remove_user_from_group_notification(
|
||||||
|
get_domain_from_id(user_id), group_id, user_id, {}
|
||||||
|
)
|
||||||
|
|
||||||
|
defer.returnValue({})
|
||||||
|
|
||||||
|
@defer.inlineCallbacks
|
||||||
|
def create_group(self, group_id, user_id, content):
|
||||||
|
group = yield self.check_group_is_ours(group_id)
|
||||||
|
|
||||||
|
logger.info("Attempting to create group with ID: %r", group_id)
|
||||||
|
if group:
|
||||||
|
raise SynapseError(400, "Group already exists")
|
||||||
|
|
||||||
|
# TODO: Add config to enforce that only server admins can create rooms
|
||||||
|
is_admin = yield self.auth.is_server_admin(UserID.from_string(user_id))
|
||||||
|
if not is_admin:
|
||||||
|
raise SynapseError(403, "Only server admin can create group on this server")
|
||||||
|
|
||||||
|
profile = content.get("profile", {})
|
||||||
|
name = profile.get("name")
|
||||||
|
avatar_url = profile.get("avatar_url")
|
||||||
|
short_description = profile.get("short_description")
|
||||||
|
long_description = profile.get("long_description")
|
||||||
|
|
||||||
|
yield self.store.create_group(
|
||||||
|
group_id,
|
||||||
|
user_id,
|
||||||
|
name=name,
|
||||||
|
avatar_url=avatar_url,
|
||||||
|
short_description=short_description,
|
||||||
|
long_description=long_description,
|
||||||
|
)
|
||||||
|
|
||||||
|
if not self.hs.is_mine_id(user_id):
|
||||||
|
remote_attestation = content["attestation"]
|
||||||
|
|
||||||
|
yield self.attestations.verify_attestation(
|
||||||
|
remote_attestation,
|
||||||
|
user_id=user_id,
|
||||||
|
group_id=group_id,
|
||||||
|
)
|
||||||
|
|
||||||
|
local_attestation = self.attestations.create_attestation(group_id, user_id)
|
||||||
|
else:
|
||||||
|
local_attestation = None
|
||||||
|
remote_attestation = None
|
||||||
|
|
||||||
|
yield self.store.add_user_to_group(
|
||||||
|
group_id, user_id,
|
||||||
|
is_admin=True,
|
||||||
|
is_public=True, # TODO
|
||||||
|
local_attestation=local_attestation,
|
||||||
|
remote_attestation=remote_attestation,
|
||||||
|
)
|
||||||
|
|
||||||
|
defer.returnValue({
|
||||||
|
"group_id": group_id,
|
||||||
|
})
|
||||||
|
|
||||||
|
|
||||||
|
def _parse_visibility_from_contents(content):
|
||||||
|
"""Given a content for a request parse out whether the entity should be
|
||||||
|
public or not
|
||||||
|
"""
|
||||||
|
|
||||||
|
visibility = content.get("visibility")
|
||||||
|
if visibility:
|
||||||
|
vis_type = visibility["type"]
|
||||||
|
if vis_type not in ("public", "private"):
|
||||||
|
raise SynapseError(
|
||||||
|
400, "Synapse only supports 'public'/'private' visibility"
|
||||||
|
)
|
||||||
|
is_public = vis_type == "public"
|
||||||
|
else:
|
||||||
|
is_public = True
|
||||||
|
|
||||||
|
return is_public
|
|
@ -276,13 +276,14 @@ class RoomListHandler(BaseHandler):
|
||||||
# We've already got enough, so lets just drop it.
|
# We've already got enough, so lets just drop it.
|
||||||
return
|
return
|
||||||
|
|
||||||
result = yield self._generate_room_entry(room_id, num_joined_users)
|
result = yield self.generate_room_entry(room_id, num_joined_users)
|
||||||
|
|
||||||
if result and _matches_room_entry(result, search_filter):
|
if result and _matches_room_entry(result, search_filter):
|
||||||
chunk.append(result)
|
chunk.append(result)
|
||||||
|
|
||||||
@cachedInlineCallbacks(num_args=1, cache_context=True)
|
@cachedInlineCallbacks(num_args=1, cache_context=True)
|
||||||
def _generate_room_entry(self, room_id, num_joined_users, cache_context):
|
def generate_room_entry(self, room_id, num_joined_users, cache_context,
|
||||||
|
with_alias=True, allow_private=False):
|
||||||
"""Returns the entry for a room
|
"""Returns the entry for a room
|
||||||
"""
|
"""
|
||||||
result = {
|
result = {
|
||||||
|
@ -316,9 +317,10 @@ class RoomListHandler(BaseHandler):
|
||||||
join_rules_event = current_state.get((EventTypes.JoinRules, ""))
|
join_rules_event = current_state.get((EventTypes.JoinRules, ""))
|
||||||
if join_rules_event:
|
if join_rules_event:
|
||||||
join_rule = join_rules_event.content.get("join_rule", None)
|
join_rule = join_rules_event.content.get("join_rule", None)
|
||||||
if join_rule and join_rule != JoinRules.PUBLIC:
|
if not allow_private and join_rule and join_rule != JoinRules.PUBLIC:
|
||||||
defer.returnValue(None)
|
defer.returnValue(None)
|
||||||
|
|
||||||
|
if with_alias:
|
||||||
aliases = yield self.store.get_aliases_for_room(
|
aliases = yield self.store.get_aliases_for_room(
|
||||||
room_id, on_invalidate=cache_context.invalidate
|
room_id, on_invalidate=cache_context.invalidate
|
||||||
)
|
)
|
||||||
|
|
|
@ -145,7 +145,9 @@ def wrap_request_handler(request_handler, include_metrics=False):
|
||||||
"error": "Internal server error",
|
"error": "Internal server error",
|
||||||
"errcode": Codes.UNKNOWN,
|
"errcode": Codes.UNKNOWN,
|
||||||
},
|
},
|
||||||
send_cors=True
|
send_cors=True,
|
||||||
|
pretty_print=_request_user_agent_is_curl(request),
|
||||||
|
version_string=self.version_string,
|
||||||
)
|
)
|
||||||
finally:
|
finally:
|
||||||
try:
|
try:
|
||||||
|
|
|
@ -50,6 +50,8 @@ from synapse.handlers.initial_sync import InitialSyncHandler
|
||||||
from synapse.handlers.receipts import ReceiptsHandler
|
from synapse.handlers.receipts import ReceiptsHandler
|
||||||
from synapse.handlers.read_marker import ReadMarkerHandler
|
from synapse.handlers.read_marker import ReadMarkerHandler
|
||||||
from synapse.handlers.user_directory import UserDirectoyHandler
|
from synapse.handlers.user_directory import UserDirectoyHandler
|
||||||
|
from synapse.groups.groups_server import GroupsServerHandler
|
||||||
|
from synapse.groups.attestations import GroupAttestionRenewer, GroupAttestationSigning
|
||||||
from synapse.http.client import SimpleHttpClient, InsecureInterceptableContextFactory
|
from synapse.http.client import SimpleHttpClient, InsecureInterceptableContextFactory
|
||||||
from synapse.http.matrixfederationclient import MatrixFederationHttpClient
|
from synapse.http.matrixfederationclient import MatrixFederationHttpClient
|
||||||
from synapse.notifier import Notifier
|
from synapse.notifier import Notifier
|
||||||
|
@ -139,6 +141,9 @@ class HomeServer(object):
|
||||||
'read_marker_handler',
|
'read_marker_handler',
|
||||||
'action_generator',
|
'action_generator',
|
||||||
'user_directory_handler',
|
'user_directory_handler',
|
||||||
|
'groups_server_handler',
|
||||||
|
'groups_attestation_signing',
|
||||||
|
'groups_attestation_renewer',
|
||||||
]
|
]
|
||||||
|
|
||||||
def __init__(self, hostname, **kwargs):
|
def __init__(self, hostname, **kwargs):
|
||||||
|
@ -309,6 +314,15 @@ class HomeServer(object):
|
||||||
def build_user_directory_handler(self):
|
def build_user_directory_handler(self):
|
||||||
return UserDirectoyHandler(self)
|
return UserDirectoyHandler(self)
|
||||||
|
|
||||||
|
def build_groups_server_handler(self):
|
||||||
|
return GroupsServerHandler(self)
|
||||||
|
|
||||||
|
def build_groups_attestation_signing(self):
|
||||||
|
return GroupAttestationSigning(self)
|
||||||
|
|
||||||
|
def build_groups_attestation_renewer(self):
|
||||||
|
return GroupAttestionRenewer(self)
|
||||||
|
|
||||||
def remove_pusher(self, app_id, push_key, user_id):
|
def remove_pusher(self, app_id, push_key, user_id):
|
||||||
return self.get_pusherpool().remove_pusher(app_id, push_key, user_id)
|
return self.get_pusherpool().remove_pusher(app_id, push_key, user_id)
|
||||||
|
|
||||||
|
|
|
@ -37,7 +37,7 @@ from .media_repository import MediaRepositoryStore
|
||||||
from .rejections import RejectionsStore
|
from .rejections import RejectionsStore
|
||||||
from .event_push_actions import EventPushActionsStore
|
from .event_push_actions import EventPushActionsStore
|
||||||
from .deviceinbox import DeviceInboxStore
|
from .deviceinbox import DeviceInboxStore
|
||||||
|
from .group_server import GroupServerStore
|
||||||
from .state import StateStore
|
from .state import StateStore
|
||||||
from .signatures import SignatureStore
|
from .signatures import SignatureStore
|
||||||
from .filtering import FilteringStore
|
from .filtering import FilteringStore
|
||||||
|
@ -88,6 +88,7 @@ class DataStore(RoomMemberStore, RoomStore,
|
||||||
DeviceStore,
|
DeviceStore,
|
||||||
DeviceInboxStore,
|
DeviceInboxStore,
|
||||||
UserDirectoryStore,
|
UserDirectoryStore,
|
||||||
|
GroupServerStore,
|
||||||
):
|
):
|
||||||
|
|
||||||
def __init__(self, db_conn, hs):
|
def __init__(self, db_conn, hs):
|
||||||
|
|
306
synapse/storage/group_server.py
Normal file
306
synapse/storage/group_server.py
Normal file
|
@ -0,0 +1,306 @@
|
||||||
|
# -*- coding: utf-8 -*-
|
||||||
|
# Copyright 2017 Vector Creations Ltd
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
# you may not use this file except in compliance with the License.
|
||||||
|
# You may obtain a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
# See the License for the specific language governing permissions and
|
||||||
|
# limitations under the License.
|
||||||
|
|
||||||
|
from twisted.internet import defer
|
||||||
|
|
||||||
|
from ._base import SQLBaseStore
|
||||||
|
|
||||||
|
import ujson as json
|
||||||
|
|
||||||
|
|
||||||
|
class GroupServerStore(SQLBaseStore):
|
||||||
|
def get_group(self, group_id):
|
||||||
|
return self._simple_select_one(
|
||||||
|
table="groups",
|
||||||
|
keyvalues={
|
||||||
|
"group_id": group_id,
|
||||||
|
},
|
||||||
|
retcols=("name", "short_description", "long_description", "avatar_url",),
|
||||||
|
allow_none=True,
|
||||||
|
desc="is_user_in_group",
|
||||||
|
)
|
||||||
|
|
||||||
|
def get_users_in_group(self, group_id, include_private=False):
|
||||||
|
# TODO: Pagination
|
||||||
|
|
||||||
|
keyvalues = {
|
||||||
|
"group_id": group_id,
|
||||||
|
}
|
||||||
|
if not include_private:
|
||||||
|
keyvalues["is_public"] = True
|
||||||
|
|
||||||
|
return self._simple_select_list(
|
||||||
|
table="group_users",
|
||||||
|
keyvalues=keyvalues,
|
||||||
|
retcols=("user_id", "is_public",),
|
||||||
|
desc="get_users_in_group",
|
||||||
|
)
|
||||||
|
|
||||||
|
def get_rooms_in_group(self, group_id, include_private=False):
|
||||||
|
# TODO: Pagination
|
||||||
|
|
||||||
|
keyvalues = {
|
||||||
|
"group_id": group_id,
|
||||||
|
}
|
||||||
|
if not include_private:
|
||||||
|
keyvalues["is_public"] = True
|
||||||
|
|
||||||
|
return self._simple_select_list(
|
||||||
|
table="group_rooms",
|
||||||
|
keyvalues=keyvalues,
|
||||||
|
retcols=("room_id", "is_public",),
|
||||||
|
desc="get_rooms_in_group",
|
||||||
|
)
|
||||||
|
|
||||||
|
def is_user_in_group(self, user_id, group_id):
|
||||||
|
return self._simple_select_one_onecol(
|
||||||
|
table="group_users",
|
||||||
|
keyvalues={
|
||||||
|
"group_id": group_id,
|
||||||
|
"user_id": user_id,
|
||||||
|
},
|
||||||
|
retcol="user_id",
|
||||||
|
allow_none=True,
|
||||||
|
desc="is_user_in_group",
|
||||||
|
).addCallback(lambda r: bool(r))
|
||||||
|
|
||||||
|
def is_user_admin_in_group(self, group_id, user_id):
|
||||||
|
return self._simple_select_one_onecol(
|
||||||
|
table="group_users",
|
||||||
|
keyvalues={
|
||||||
|
"group_id": group_id,
|
||||||
|
"user_id": user_id,
|
||||||
|
},
|
||||||
|
retcol="is_admin",
|
||||||
|
allow_none=True,
|
||||||
|
desc="is_user_adim_in_group",
|
||||||
|
)
|
||||||
|
|
||||||
|
def add_group_invite(self, group_id, user_id):
|
||||||
|
"""Record that the group server has invited a user
|
||||||
|
"""
|
||||||
|
return self._simple_insert(
|
||||||
|
table="group_invites",
|
||||||
|
values={
|
||||||
|
"group_id": group_id,
|
||||||
|
"user_id": user_id,
|
||||||
|
},
|
||||||
|
desc="add_group_invite",
|
||||||
|
)
|
||||||
|
|
||||||
|
def is_user_invited_to_local_group(self, group_id, user_id):
|
||||||
|
"""Has the group server invited a user?
|
||||||
|
"""
|
||||||
|
return self._simple_select_one_onecol(
|
||||||
|
table="group_invites",
|
||||||
|
keyvalues={
|
||||||
|
"group_id": group_id,
|
||||||
|
"user_id": user_id,
|
||||||
|
},
|
||||||
|
retcol="user_id",
|
||||||
|
desc="is_user_invited_to_local_group",
|
||||||
|
allow_none=True,
|
||||||
|
)
|
||||||
|
|
||||||
|
def add_user_to_group(self, group_id, user_id, is_admin=False, is_public=True,
|
||||||
|
local_attestation=None, remote_attestation=None):
|
||||||
|
"""Add a user to the group server.
|
||||||
|
|
||||||
|
Args:
|
||||||
|
group_id (str)
|
||||||
|
user_id (str)
|
||||||
|
is_admin (bool)
|
||||||
|
is_public (bool)
|
||||||
|
local_attestation (dict): The attestation the GS created to give
|
||||||
|
to the remote server. Optional if the user and group are on the
|
||||||
|
same server
|
||||||
|
remote_attestation (dict): The attestation given to GS by remote
|
||||||
|
server. Optional if the user and group are on the same server
|
||||||
|
"""
|
||||||
|
def _add_user_to_group_txn(txn):
|
||||||
|
self._simple_insert_txn(
|
||||||
|
txn,
|
||||||
|
table="group_users",
|
||||||
|
values={
|
||||||
|
"group_id": group_id,
|
||||||
|
"user_id": user_id,
|
||||||
|
"is_admin": is_admin,
|
||||||
|
"is_public": is_public,
|
||||||
|
},
|
||||||
|
)
|
||||||
|
|
||||||
|
self._simple_delete_txn(
|
||||||
|
txn,
|
||||||
|
table="group_invites",
|
||||||
|
keyvalues={
|
||||||
|
"group_id": group_id,
|
||||||
|
"user_id": user_id,
|
||||||
|
},
|
||||||
|
)
|
||||||
|
|
||||||
|
if local_attestation:
|
||||||
|
self._simple_insert_txn(
|
||||||
|
txn,
|
||||||
|
table="group_attestations_renewals",
|
||||||
|
values={
|
||||||
|
"group_id": group_id,
|
||||||
|
"user_id": user_id,
|
||||||
|
"valid_until_ms": local_attestation["valid_until_ms"],
|
||||||
|
},
|
||||||
|
)
|
||||||
|
if remote_attestation:
|
||||||
|
self._simple_insert_txn(
|
||||||
|
txn,
|
||||||
|
table="group_attestations_remote",
|
||||||
|
values={
|
||||||
|
"group_id": group_id,
|
||||||
|
"user_id": user_id,
|
||||||
|
"valid_until_ms": remote_attestation["valid_until_ms"],
|
||||||
|
"attestation_json": json.dumps(remote_attestation),
|
||||||
|
},
|
||||||
|
)
|
||||||
|
|
||||||
|
return self.runInteraction(
|
||||||
|
"add_user_to_group", _add_user_to_group_txn
|
||||||
|
)
|
||||||
|
|
||||||
|
def remove_user_from_group(self, group_id, user_id):
|
||||||
|
def _remove_user_from_group_txn(txn):
|
||||||
|
self._simple_delete_txn(
|
||||||
|
txn,
|
||||||
|
table="group_users",
|
||||||
|
keyvalues={
|
||||||
|
"group_id": group_id,
|
||||||
|
"user_id": user_id,
|
||||||
|
},
|
||||||
|
)
|
||||||
|
self._simple_delete_txn(
|
||||||
|
txn,
|
||||||
|
table="group_invites",
|
||||||
|
keyvalues={
|
||||||
|
"group_id": group_id,
|
||||||
|
"user_id": user_id,
|
||||||
|
},
|
||||||
|
)
|
||||||
|
self._simple_delete_txn(
|
||||||
|
txn,
|
||||||
|
table="group_attestations_renewals",
|
||||||
|
keyvalues={
|
||||||
|
"group_id": group_id,
|
||||||
|
"user_id": user_id,
|
||||||
|
},
|
||||||
|
)
|
||||||
|
self._simple_delete_txn(
|
||||||
|
txn,
|
||||||
|
table="group_attestations_remote",
|
||||||
|
keyvalues={
|
||||||
|
"group_id": group_id,
|
||||||
|
"user_id": user_id,
|
||||||
|
},
|
||||||
|
)
|
||||||
|
return self.runInteraction("remove_user_from_group", _remove_user_from_group_txn)
|
||||||
|
|
||||||
|
def add_room_to_group(self, group_id, room_id, is_public):
|
||||||
|
return self._simple_insert(
|
||||||
|
table="group_rooms",
|
||||||
|
values={
|
||||||
|
"group_id": group_id,
|
||||||
|
"room_id": room_id,
|
||||||
|
"is_public": is_public,
|
||||||
|
},
|
||||||
|
desc="add_room_to_group",
|
||||||
|
)
|
||||||
|
|
||||||
|
@defer.inlineCallbacks
|
||||||
|
def create_group(self, group_id, user_id, name, avatar_url, short_description,
|
||||||
|
long_description,):
|
||||||
|
yield self._simple_insert(
|
||||||
|
table="groups",
|
||||||
|
values={
|
||||||
|
"group_id": group_id,
|
||||||
|
"name": name,
|
||||||
|
"avatar_url": avatar_url,
|
||||||
|
"short_description": short_description,
|
||||||
|
"long_description": long_description,
|
||||||
|
},
|
||||||
|
desc="create_group",
|
||||||
|
)
|
||||||
|
|
||||||
|
def get_attestations_need_renewals(self, valid_until_ms):
|
||||||
|
"""Get all attestations that need to be renewed until givent time
|
||||||
|
"""
|
||||||
|
def _get_attestations_need_renewals_txn(txn):
|
||||||
|
sql = """
|
||||||
|
SELECT group_id, user_id FROM group_attestations_renewals
|
||||||
|
WHERE valid_until_ms <= ?
|
||||||
|
"""
|
||||||
|
txn.execute(sql, (valid_until_ms,))
|
||||||
|
return self.cursor_to_dict(txn)
|
||||||
|
return self.runInteraction(
|
||||||
|
"get_attestations_need_renewals", _get_attestations_need_renewals_txn
|
||||||
|
)
|
||||||
|
|
||||||
|
def update_attestation_renewal(self, group_id, user_id, attestation):
|
||||||
|
"""Update an attestation that we have renewed
|
||||||
|
"""
|
||||||
|
return self._simple_update_one(
|
||||||
|
table="group_attestations_renewals",
|
||||||
|
keyvalues={
|
||||||
|
"group_id": group_id,
|
||||||
|
"user_id": user_id,
|
||||||
|
},
|
||||||
|
updatevalues={
|
||||||
|
"valid_until_ms": attestation["valid_until_ms"],
|
||||||
|
},
|
||||||
|
desc="update_attestation_renewal",
|
||||||
|
)
|
||||||
|
|
||||||
|
def update_remote_attestion(self, group_id, user_id, attestation):
|
||||||
|
"""Update an attestation that a remote has renewed
|
||||||
|
"""
|
||||||
|
return self._simple_update_one(
|
||||||
|
table="group_attestations_remote",
|
||||||
|
keyvalues={
|
||||||
|
"group_id": group_id,
|
||||||
|
"user_id": user_id,
|
||||||
|
},
|
||||||
|
updatevalues={
|
||||||
|
"valid_until_ms": attestation["valid_until_ms"],
|
||||||
|
"attestation_json": json.dumps(attestation)
|
||||||
|
},
|
||||||
|
desc="update_remote_attestion",
|
||||||
|
)
|
||||||
|
|
||||||
|
@defer.inlineCallbacks
|
||||||
|
def get_remote_attestation(self, group_id, user_id):
|
||||||
|
"""Get the attestation that proves the remote agrees that the user is
|
||||||
|
in the group.
|
||||||
|
"""
|
||||||
|
row = yield self._simple_select_one(
|
||||||
|
table="group_attestations_remote",
|
||||||
|
keyvalues={
|
||||||
|
"group_id": group_id,
|
||||||
|
"user_id": user_id,
|
||||||
|
},
|
||||||
|
retcols=("valid_until_ms", "attestation_json"),
|
||||||
|
desc="get_remote_attestation",
|
||||||
|
allow_none=True,
|
||||||
|
)
|
||||||
|
|
||||||
|
now = int(self._clock.time_msec())
|
||||||
|
if row and now < row["valid_until_ms"]:
|
||||||
|
defer.returnValue(json.loads(row["attestation_json"]))
|
||||||
|
|
||||||
|
defer.returnValue(None)
|
81
synapse/storage/schema/delta/43/group_server.sql
Normal file
81
synapse/storage/schema/delta/43/group_server.sql
Normal file
|
@ -0,0 +1,81 @@
|
||||||
|
/* Copyright 2017 Vector Creations Ltd
|
||||||
|
*
|
||||||
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
* you may not use this file except in compliance with the License.
|
||||||
|
* You may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing, software
|
||||||
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
* See the License for the specific language governing permissions and
|
||||||
|
* limitations under the License.
|
||||||
|
*/
|
||||||
|
|
||||||
|
CREATE TABLE groups (
|
||||||
|
group_id TEXT NOT NULL,
|
||||||
|
name TEXT, -- the display name of the room
|
||||||
|
avatar_url TEXT,
|
||||||
|
short_description TEXT,
|
||||||
|
long_description TEXT
|
||||||
|
);
|
||||||
|
|
||||||
|
CREATE UNIQUE INDEX groups_idx ON groups(group_id);
|
||||||
|
|
||||||
|
|
||||||
|
-- list of users the group server thinks are joined
|
||||||
|
CREATE TABLE group_users (
|
||||||
|
group_id TEXT NOT NULL,
|
||||||
|
user_id TEXT NOT NULL,
|
||||||
|
is_admin BOOLEAN NOT NULL,
|
||||||
|
is_public BOOLEAN NOT NULL -- whether the users membership can be seen by everyone
|
||||||
|
);
|
||||||
|
|
||||||
|
|
||||||
|
CREATE INDEX groups_users_g_idx ON group_users(group_id, user_id);
|
||||||
|
CREATE INDEX groups_users_u_idx ON group_users(user_id);
|
||||||
|
|
||||||
|
-- list of users the group server thinks are invited
|
||||||
|
CREATE TABLE group_invites (
|
||||||
|
group_id TEXT NOT NULL,
|
||||||
|
user_id TEXT NOT NULL
|
||||||
|
);
|
||||||
|
|
||||||
|
CREATE INDEX groups_invites_g_idx ON group_invites(group_id, user_id);
|
||||||
|
CREATE INDEX groups_invites_u_idx ON group_invites(user_id);
|
||||||
|
|
||||||
|
|
||||||
|
CREATE TABLE group_rooms (
|
||||||
|
group_id TEXT NOT NULL,
|
||||||
|
room_id TEXT NOT NULL,
|
||||||
|
is_public BOOLEAN NOT NULL -- whether the room can be seen by everyone
|
||||||
|
);
|
||||||
|
|
||||||
|
CREATE INDEX groups_rooms_g_idx ON group_rooms(group_id, room_id);
|
||||||
|
CREATE INDEX groups_rooms_r_idx ON group_rooms(room_id);
|
||||||
|
|
||||||
|
|
||||||
|
-- List of attestations we've given out and need to renew
|
||||||
|
CREATE TABLE group_attestations_renewals (
|
||||||
|
group_id TEXT NOT NULL,
|
||||||
|
user_id TEXT NOT NULL,
|
||||||
|
valid_until_ms BIGINT NOT NULL
|
||||||
|
);
|
||||||
|
|
||||||
|
CREATE INDEX group_attestations_renewals_g_idx ON group_attestations_renewals(group_id, user_id);
|
||||||
|
CREATE INDEX group_attestations_renewals_u_idx ON group_attestations_renewals(user_id);
|
||||||
|
CREATE INDEX group_attestations_renewals_v_idx ON group_attestations_renewals(valid_until_ms);
|
||||||
|
|
||||||
|
|
||||||
|
-- List of attestations we've received from remotes and are interested in.
|
||||||
|
CREATE TABLE group_attestations_remote (
|
||||||
|
group_id TEXT NOT NULL,
|
||||||
|
user_id TEXT NOT NULL,
|
||||||
|
valid_until_ms BIGINT NOT NULL,
|
||||||
|
attestation_json TEXT NOT NULL
|
||||||
|
);
|
||||||
|
|
||||||
|
CREATE INDEX group_attestations_remote_g_idx ON group_attestations_remote(group_id, user_id);
|
||||||
|
CREATE INDEX group_attestations_remote_u_idx ON group_attestations_remote(user_id);
|
||||||
|
CREATE INDEX group_attestations_remote_v_idx ON group_attestations_remote(valid_until_ms);
|
Loading…
Add table
Reference in a new issue