oss/conduit
oss/conduit
1
0
Fork 0
mirror of https://gitlab.com/famedly/conduit.git synced 2025-06-27 16:35:59 +00:00
Code Wiki Activity

chore(crates): bump

Browse source
This commit is contained in:
Matthias Ahouansou 2025-05-08 21:26:55 +01:00
parent bdc6dabe3a
commit 88c95d36a8
No known key found for this signature in database
17 changed files with 1344 additions and 809 deletions
Download patch file Download diff file Expand all files Collapse all files

1704
Cargo.lock generated
View file

File diff suppressed because it is too large Load diff

75
Cargo.toml
View file

@ -28,6 +28,7 @@ workspace = true
[dependencies]
# Web framework
# Can't bump until https://github.com/ruma/ruma/pull/1846 is merged or superseded
axum = { version = "0.7", default-features = false, features = [
"form",
"http1",
@ -37,7 +38,7 @@ axum = { version = "0.7", default-features = false, features = [
], optional = true }
axum-extra = { version = "0.9", features = ["typed-header"] }
axum-server = { version = "0.6", features = ["tls-rustls"] }
tower = { version = "0.4.13", features = ["util"] }
tower = { version = "0.4", features = ["util"] }
tower-http = { version = "0.5", features = [
"add-extension",
"cors",
@ -48,25 +49,25 @@ tower-http = { version = "0.5", features = [
tower-service = "0.3"
# Async runtime and utilities
tokio = { version = "1.28.1", features = ["fs", "macros", "signal", "sync"] }
tokio = { version = "1", features = ["fs", "macros", "signal", "sync"] }
# Used for the http request / response body type for Ruma endpoints used with reqwest
bytes = "1.4.0"
bytes = "1"
http = "1"
# Used to find data directory for default db path
directories = "5"
directories = "6"
# Used for ruma wrapper
serde_json = { version = "1.0.96", features = ["raw_value"] }
serde_json = { version = "1", features = ["raw_value"] }
# Used for appservice registration files
serde_yaml = "0.9.21"
serde_yaml = "0.9"
# Used for pdu definition
serde = { version = "1.0.163", features = ["rc"] }
serde = { version = "1", features = ["rc"] }
# Used for secure identifiers
rand = "0.8.5"
rand = "0.9"
# Used to hash passwords
rust-argon2 = "2"
# Used to send requests
hyper = "1.1"
hyper = "1"
hyper-util = { version = "0.1", features = [
"client",
"client-legacy",
@ -78,7 +79,7 @@ reqwest = { version = "0.12", default-features = false, features = [
"socks",
] }
# Used for conduit::Error type
thiserror = "1.0.40"
thiserror = "2" #TODO: 2
# Used to generate thumbnails for images
image = { version = "0.25", default-features = false, features = [
"gif",
@ -95,40 +96,40 @@ humantime-serde = "1"
# Used to encode server public key
base64 = "0.22"
# Used when hashing the state
ring = "0.17.7"
ring = "0.17"
# Used when querying the SRV record of other servers
hickory-resolver = "0.24"
hickory-resolver = "0.25"
# Used to find matching events for appservices
regex = "1.8.1"
regex = "1"
# jwt jsonwebtokens
jsonwebtoken = "9.2.0"
jsonwebtoken = "9"
# Performance measurements
opentelemetry = "0.22"
opentelemetry-jaeger-propagator = "0.1"
opentelemetry-otlp = "0.15"
opentelemetry_sdk = { version = "0.22", features = ["rt-tokio"] }
tracing = "0.1.37"
opentelemetry = "0.29"
opentelemetry-jaeger-propagator = "0.29"
opentelemetry-otlp = { version = "0.29", features = ["grpc-tonic"] }
opentelemetry_sdk = { version = "0.29", features = ["rt-tokio"] }
tracing = "0.1"
tracing-flame = "0.2.0"
tracing-opentelemetry = "0.23"
tracing-subscriber = { version = "0.3.17", features = ["env-filter"] }
tracing-opentelemetry = "0.30"
tracing-subscriber = { version = "0.3", features = ["env-filter"] }
lru-cache = "0.1.2"
parking_lot = { version = "0.12.1", optional = true }
rusqlite = { version = "0.31", optional = true, features = ["bundled"] }
parking_lot = { version = "0.12", optional = true }
rusqlite = { version = "0.35", optional = true, features = ["bundled"] }
# crossbeam = { version = "0.8.2", optional = true }
num_cpus = "1.15.0"
threadpool = "1.8.1"
num_cpus = "1"
threadpool = "1"
# Used for ruma wrapper
serde_html_form = "0.2.0"
serde_html_form = "0.2"
thread_local = "1.1.7"
thread_local = "1"
# used for TURN server authentication
hmac = "0.12.1"
sha-1 = "0.10.1"
hmac = "0.12"
sha-1 = "0.10"
# used for conduit's CLI and admin room command parsing
chrono = "0.4"
clap = { version = "4.3.0", default-features = false, features = [
clap = { version = "4", default-features = false, features = [
"derive",
"error-context",
"help",
@ -138,19 +139,19 @@ clap = { version = "4.3.0", default-features = false, features = [
] }
humantime = "2"
futures-util = { version = "0.3.28", default-features = false }
futures-util = { version = "0.3", default-features = false }
# Used for reading the configuration from conduit.toml & environment variables
figment = { version = "0.10.8", features = ["env", "toml"] }
figment = { version = "0.10", features = ["env", "toml"] }
# Validating urls in config
url = { version = "2", features = ["serde"] }
async-trait = "0.1.68"
tikv-jemallocator = { version = "0.5.0", features = [
async-trait = "0.1"
tikv-jemallocator = { version = "0.6", features = [
"unprefixed_malloc_on_supported_platforms",
], optional = true }
sd-notify = { version = "0.4.1", optional = true }
sd-notify = { version = "0.4", optional = true }
# Used for matrix spec type definitions and helpers
[dependencies.ruma]
@ -179,10 +180,10 @@ git = "https://github.com/ruma/ruma.git"
features = ["lz4", "multi-threaded-cf", "zstd"]
optional = true
package = "rust-rocksdb"
version = "0.25"
version = "0.41"
[target.'cfg(unix)'.dependencies]
nix = { version = "0.28", features = ["resource"] }
nix = { version = "0.30", features = ["resource"] }
[features]
backend_rocksdb = ["rocksdb"]

4
flake.nix
View file

@ -36,7 +36,7 @@
rocksdb =
let
version = "9.1.1";
version = "10.2.1";
in
pkgs.rocksdb.overrideAttrs (old: {
inherit version;
@ -44,7 +44,7 @@
owner = "facebook";
repo = "rocksdb";
rev = "v${version}";
hash = "sha256-/Xf0bzNJPclH9IP80QNaABfhj4IAR5LycYET18VFCXc=";
hash = "sha256-v8kZShgz0O3nHZwWjTvhcM56qAs/le1XgMVYyvVd4tg=";
};
});

38
src/api/client_server/membership.rs
View file

@ -178,13 +178,25 @@ pub async fn knock_room_route(
info!("make_knock finished");
let room_version_id = knock_template.room_version;
let room_version_id = match knock_template.room_version {
version
if services()
.globals
.supported_room_versions()
.contains(&version) =>
{
version
}
_ => return Err(Error::BadServerResponse("Room version is not supported")),
};
let (event_id, knock_event, _) = services().rooms.helpers.populate_membership_template(
&knock_template.event,
sender_user,
body.reason,
&room_version_id,
&room_version_id
.rules()
.expect("Supported room version has rules"),
MembershipState::Knock,
)?;
@ -716,8 +728,12 @@ pub(crate) async fn invite_helper<'a>(
let pub_key_map = RwLock::new(BTreeMap::new());
// We do not add the event_id field to the pdu here because of signature and hashes checks
let (event_id, value) = match gen_event_id_canonical_json(&response.event, &room_version_id)
{
let (event_id, value) = match gen_event_id_canonical_json(
&response.event,
&room_version_id
.rules()
.expect("Supported room version has rules"),
) {
Ok(t) => t,
Err(_) => {
// Event could not be converted to canonical json
@ -1025,15 +1041,23 @@ async fn remote_leave_room(user_id: &UserId, room_id: &RoomId) -> Result<()> {
services().globals.server_name().as_str(),
services().globals.keypair(),
&mut leave_event_stub,
&room_version_id,
&room_version_id
.rules()
.expect("Supported room version has rules")
.redaction,
)
.expect("event is valid, we just created it");
// Generate event id
let event_id = EventId::parse(format!(
"${}",
ruma::signatures::reference_hash(&leave_event_stub, &room_version_id)
.expect("Event format validated when event was hashed")
ruma::signatures::reference_hash(
&leave_event_stub,
&room_version_id
.rules()
.expect("Supported room version has rules")
)
.expect("Event format validated when event was hashed")
))
.expect("ruma's reference hashes are valid event ids");

2
src/api/client_server/state.rs
View file

@ -12,7 +12,7 @@ use ruma::{
serde::Raw,
EventId, MilliSecondsSinceUnixEpoch, RoomId, UserId,
};
use tracing::log::warn;
use tracing::warn;
/// # `PUT /_matrix/client/r0/rooms/{roomId}/state/{eventType}/{stateKey}`
///

33
src/api/server_server.rs
View file

@ -815,7 +815,12 @@ pub fn parse_incoming_pdu(
let room_version_id = services().rooms.state.get_room_version(&room_id)?;
let (event_id, value) = match gen_event_id_canonical_json(pdu, &room_version_id) {
let (event_id, value) = match gen_event_id_canonical_json(
pdu,
&room_version_id
.rules()
.expect("Supported room version has rules"),
) {
Ok(t) => t,
Err(e) => {
// Event could not be converted to canonical json
@ -1756,7 +1761,12 @@ async fn append_member_pdu(
// We do not add the event_id field to the pdu here because of signature and hashes checks
let room_version_id = services().rooms.state.get_room_version(room_id)?;
let (event_id, mut value) = match gen_event_id_canonical_json(pdu, &room_version_id) {
let (event_id, mut value) = match gen_event_id_canonical_json(
pdu,
&room_version_id
.rules()
.expect("Supported room version has rules"),
) {
Ok(t) => t,
Err(_) => {
// Event could not be converted to canonical json
@ -1845,7 +1855,10 @@ async fn append_member_pdu(
services().globals.server_name().as_str(),
services().globals.keypair(),
&mut value,
&room_version_id,
&room_version_id
.rules()
.expect("Supported room version has rules")
.redaction,
)
.map_err(|_| Error::BadRequest(ErrorKind::InvalidParam, "Failed to sign event."))?;
}
@ -2099,15 +2112,23 @@ pub async fn create_invite_route(
services().globals.server_name().as_str(),
services().globals.keypair(),
&mut signed_event,
&room_version,
&room_version
.rules()
.expect("Supported room version has rules")
.redaction,
)
.map_err(|_| Error::BadRequest(ErrorKind::InvalidParam, "Failed to sign event."))?;
// Generate event id
let event_id = EventId::parse(format!(
"${}",
ruma::signatures::reference_hash(&signed_event, &room_version)
.expect("Event format validated when event was hashed")
ruma::signatures::reference_hash(
&signed_event,
&room_version
.rules()
.expect("Supported room version has rules")
)
.expect("Event format validated when event was hashed")
))
.expect("ruma's reference hashes are valid event ids");

30
src/main.rs
View file

@ -19,6 +19,7 @@ use http::{
header::{self, HeaderName, CONTENT_SECURITY_POLICY},
Method, StatusCode, Uri,
};
use opentelemetry::trace::TracerProvider;
use ruma::api::{
client::{
error::{Error as RumaError, ErrorBody, ErrorKind},
@ -105,15 +106,21 @@ async fn main() {
config.warn_deprecated();
if config.allow_jaeger {
let jaeger = if config.allow_jaeger {
opentelemetry::global::set_text_map_propagator(
opentelemetry_jaeger_propagator::Propagator::new(),
);
let tracer = opentelemetry_otlp::new_pipeline()
.tracing()
.with_exporter(opentelemetry_otlp::new_exporter().tonic())
.install_batch(opentelemetry_sdk::runtime::Tokio)
let exporter = opentelemetry_otlp::SpanExporter::builder()
.with_tonic()
.build()
.unwrap();
let provider = opentelemetry_sdk::trace::SdkTracerProvider::builder()
.with_simple_exporter(exporter)
.build();
let tracer = provider.tracer("");
let telemetry = tracing_opentelemetry::layer().with_tracer(tracer);
let filter_layer = match EnvFilter::try_new(&config.log) {
@ -130,6 +137,8 @@ async fn main() {
.with(filter_layer)
.with(telemetry);
tracing::subscriber::set_global_default(subscriber).unwrap();
Some(provider)
} else if config.tracing_flame {
let registry = tracing_subscriber::Registry::default();
let (flame_layer, _guard) =
@ -140,6 +149,8 @@ async fn main() {
let subscriber = registry.with(filter_layer).with(flame_layer);
tracing::subscriber::set_global_default(subscriber).unwrap();
None
} else {
let registry = tracing_subscriber::Registry::default();
let fmt_layer = tracing_subscriber::fmt::Layer::new();
@ -153,7 +164,9 @@ async fn main() {
let subscriber = registry.with(filter_layer).with(fmt_layer);
tracing::subscriber::set_global_default(subscriber).unwrap();
}
None
};
// This is needed for opening lots of file descriptors, which tends to
// happen more often when using RocksDB and making lots of federation
@ -171,13 +184,12 @@ async fn main() {
std::process::exit(1);
};
let config = &services().globals.config;
info!("Starting server");
run_server().await.unwrap();
if config.allow_jaeger {
opentelemetry::global::shutdown_tracer_provider();
if let Some(provider) = jaeger {
let _ = provider.shutdown();
}
}

6
src/service/admin/mod.rs
View file

@ -32,6 +32,7 @@ use ruma::{
},
TimelineEventType,
},
room_version_rules::RoomVersionRules,
EventId, MilliSecondsSinceUnixEpoch, MxcUri, OwnedMxcUri, OwnedRoomAliasId, OwnedRoomId,
OwnedServerName, RoomAliasId, RoomId, RoomVersionId, ServerName, UserId,
};
@ -685,7 +686,7 @@ impl Service {
let string = body[1..body.len() - 1].join("\n");
match serde_json::from_str(&string) {
Ok(value) => {
match ruma::signatures::reference_hash(&value, &RoomVersionId::V6) {
match ruma::signatures::reference_hash(&value, &RoomVersionRules::V11) {
Ok(hash) => {
let event_id = EventId::parse(format!("${hash}"));
@ -1160,6 +1161,7 @@ impl Service {
thumbnail_info: None,
thumbnail_source: None,
blurhash: None,
thumbhash: None,
})),
})
} else {
@ -1534,7 +1536,7 @@ impl Service {
services().globals.server_name().as_str(),
services().globals.keypair(),
&mut value,
&room_version_id,
&room_version_id.rules().expect("Supported room version has rules").redaction,
) {
RoomMessageEventContent::text_plain(format!("Invalid event: {e}"))
} else {

22
src/service/globals/mod.rs
View file

@ -12,7 +12,7 @@ use crate::{
services, Config, Error, Result,
};
use futures_util::FutureExt;
use hickory_resolver::TokioAsyncResolver;
use hickory_resolver::TokioResolver;
use hyper_util::client::legacy::connect::dns::{GaiResolver, Name as HyperName};
use reqwest::dns::{Addrs, Name, Resolve, Resolving};
use ruma::{
@ -54,7 +54,7 @@ pub struct Service {
pub config: Config,
allow_registration: RwLock<bool>,
keypair: Arc<ruma::signatures::Ed25519KeyPair>,
dns_resolver: TokioAsyncResolver,
dns_resolver: TokioResolver,
jwt_decoding_key: Option<jsonwebtoken::DecodingKey>,
federation_client: reqwest::Client,
default_client: reqwest::Client,
@ -200,13 +200,15 @@ impl Service {
db,
config,
keypair: Arc::new(keypair),
dns_resolver: TokioAsyncResolver::tokio_from_system_conf().map_err(|e| {
error!(
"Failed to set up trust dns resolver with system config: {}",
e
);
Error::bad_config("Failed to set up trust dns resolver with system config.")
})?,
dns_resolver: TokioResolver::builder_tokio()
.map_err(|e| {
error!(
"Failed to set up trust dns resolver with system config: {}",
e
);
Error::bad_config("Failed to set up trust dns resolver with system config.")
})?
.build(),
actual_destination_cache: Arc::new(RwLock::new(WellKnownMap::new())),
tls_name_override,
federation_client,
@ -368,7 +370,7 @@ impl Service {
self.config.well_known.client.clone()
}
pub fn dns_resolver(&self) -> &TokioAsyncResolver {
pub fn dns_resolver(&self) -> &TokioResolver {
&self.dns_resolver
}

11
src/service/pdu.rs
View file

@ -8,9 +8,10 @@ use ruma::{
AnyEphemeralRoomEvent, AnyMessageLikeEvent, AnyStateEvent, AnyStrippedStateEvent,
AnySyncStateEvent, AnySyncTimelineEvent, AnyTimelineEvent, StateEvent, TimelineEventType,
},
room_version_rules::{RedactionRules, RoomVersionRules},
serde::Raw,
state_res, CanonicalJsonObject, CanonicalJsonValue, EventId, MilliSecondsSinceUnixEpoch,
OwnedEventId, OwnedRoomId, OwnedUserId, RoomId, RoomVersionId, UInt, UserId,
OwnedEventId, OwnedRoomId, OwnedUserId, RoomId, UInt, UserId,
};
use serde::{Deserialize, Serialize};
use serde_json::{
@ -54,14 +55,14 @@ impl PduEvent {
#[tracing::instrument(skip(self))]
pub fn redact(
&mut self,
room_version_id: RoomVersionId,
redaction_rules: RedactionRules,
reason: &PduEvent,
) -> crate::Result<()> {
self.unsigned = None;
let mut content = serde_json::from_str(self.content.get())
.map_err(|_| Error::bad_database("PDU in db has invalid content."))?;
redact_content_in_place(&mut content, &room_version_id, self.kind.to_string())
redact_content_in_place(&mut content, &redaction_rules, self.kind.to_string())
.map_err(|e| Error::RedactionError(self.sender.server_name().to_owned(), e))?;
self.unsigned = Some(to_raw_value(&json!({
@ -433,7 +434,7 @@ impl Ord for PduEvent {
/// Returns a tuple of the new `EventId` and the PDU as a `BTreeMap<String, CanonicalJsonValue>`.
pub(crate) fn gen_event_id_canonical_json(
pdu: &RawJsonValue,
room_version_id: &RoomVersionId,
room_version_rules: &RoomVersionRules,
) -> crate::Result<(OwnedEventId, CanonicalJsonObject)> {
let value: CanonicalJsonObject = serde_json::from_str(pdu.get()).map_err(|e| {
warn!("Error parsing incoming event {:?}: {:?}", pdu, e);
@ -443,7 +444,7 @@ pub(crate) fn gen_event_id_canonical_json(
let event_id = format!(
"${}",
// Anything higher than version3 behaves the same
ruma::signatures::reference_hash(&value, room_version_id)
ruma::signatures::reference_hash(&value, room_version_rules)
.map_err(|_| Error::BadRequest(ErrorKind::BadJson, "Invalid PDU format"))?
)
.try_into()

2
src/service/rooms/alias/mod.rs
View file

@ -122,7 +122,7 @@ impl Service {
.await?;
let mut servers = response.servers;
servers.shuffle(&mut rand::thread_rng());
servers.shuffle(&mut rand::rng());
return Ok(get_alias::v3::Response::new(response.room_id, servers));
}

107
src/service/rooms/event_handler/mod.rs
View file

@ -31,7 +31,8 @@ use ruma::{
StateEventType, TimelineEventType,
},
int,
state_res::{self, RoomVersion, StateMap},
room_version_rules::{AuthorizationRules, RoomVersionRules},
state_res::{self, StateMap},
uint, CanonicalJsonObject, CanonicalJsonValue, EventId, MilliSecondsSinceUnixEpoch,
OwnedServerName, OwnedServerSigningKeyId, RoomId, RoomVersionId, ServerName,
};
@ -150,7 +151,9 @@ impl Service {
origin,
&create_event,
room_id,
room_version_id,
&room_version_id
.rules()
.expect("Supported room version has rules"),
pub_key_map,
incoming_pdu.prev_events.clone(),
)
@ -319,8 +322,9 @@ impl Service {
})?;
let room_version_id = &create_event_content.room_version;
let room_version =
RoomVersion::new(room_version_id).expect("room version is supported");
let room_version_rules = room_version_id
.rules()
.expect("Supported room version has rules");
// TODO: For RoomVersion6 we must check that Raw<..> is canonical do we anywhere?: https://matrix.org/docs/spec/rooms/v6#canonical-json
@ -362,7 +366,7 @@ impl Service {
);
let mut val =
match ruma::signatures::verify_event(&filtered_keys, &value, room_version_id) {
match ruma::signatures::verify_event(&filtered_keys, &value, &room_version_rules) {
Err(e) => {
// Drop
warn!("Dropping bad event {}: {}", event_id, e,);
@ -374,7 +378,11 @@ impl Service {
Ok(ruma::signatures::Verified::Signatures) => {
// Redact
warn!("Calculated hash does not match: {}", event_id);
let obj = match ruma::canonical_json::redact(value, room_version_id, None) {
let obj = match ruma::canonical_json::redact(
value,
&room_version_rules.redaction,
None,
) {
Ok(obj) => obj,
Err(_) => {
return Err(Error::BadRequest(
@ -426,7 +434,7 @@ impl Service {
.collect::<Vec<_>>(),
create_event,
room_id,
room_version_id,
&room_version_rules,
pub_key_map,
)
.await;
@ -483,10 +491,12 @@ impl Service {
));
}
if !state_res::event_auth::auth_check(&room_version, &incoming_pdu, |k, s| {
auth_events.get(&(k.to_string().into(), s.to_owned()))
})
.map_err(|_e| Error::BadRequest(ErrorKind::InvalidParam, "Auth check failed"))?
if state_res::event_auth::auth_check(
&room_version_rules.authorization,
&incoming_pdu,
|k, s| auth_events.get(&(k.to_string().into(), s.to_owned())),
)
.is_err()
{
return Err(Error::BadRequest(
ErrorKind::InvalidParam,
@ -543,7 +553,9 @@ impl Service {
})?;
let room_version_id = &create_event_content.room_version;
let room_version = RoomVersion::new(room_version_id).expect("room version is supported");
let room_version_rules = room_version_id
.rules()
.expect("Supported room version has rules");
// 10. Fetch missing state and auth chain events by calling /state_ids at backwards extremities
// doing all the checks in this list starting at 1. These are not timeline events.
@ -674,14 +686,21 @@ impl Service {
let lock = services().globals.stateres_mutex.lock();
let result =
state_res::resolve(room_version_id, &fork_states, auth_chain_sets, |id| {
let result = state_res::resolve(
&room_version_id
.rules()
.expect("Supported room version has rules")
.authorization,
&fork_states,
auth_chain_sets,
|id| {
let res = services().rooms.timeline.get_pdu(id);
if let Err(e) = &res {
error!("LOOK AT ME Failed to fetch event: {}", e);
}
res.ok().flatten()
});
},
);
drop(lock);
state_at_incoming_event = match result {
@ -734,7 +753,7 @@ impl Service {
&collect,
create_event,
room_id,
room_version_id,
&room_version_rules,
pub_key_map,
)
.await;
@ -789,8 +808,10 @@ impl Service {
debug!("Starting auth check");
// 11. Check the auth of the event passes based on the state of the event
let check_result =
state_res::event_auth::auth_check(&room_version, &incoming_pdu, |k, s| {
if state_res::event_auth::auth_check(
&room_version_rules.authorization,
&incoming_pdu,
|k, s| {
services()
.rooms
.short
@ -799,10 +820,10 @@ impl Service {
.flatten()
.and_then(|shortstatekey| state_at_incoming_event.get(&shortstatekey))
.and_then(|event_id| services().rooms.timeline.get_pdu(event_id).ok().flatten())
})
.map_err(|_e| Error::BadRequest(ErrorKind::InvalidParam, "Auth check failed."))?;
if !check_result {
},
)
.is_err()
{
return Err(Error::bad_database(
"Event has failed auth check with state at the event.",
));
@ -816,12 +837,15 @@ impl Service {
&incoming_pdu.sender,
incoming_pdu.state_key.as_deref(),
&incoming_pdu.content,
&room_version_rules.authorization,
)?;
let soft_fail = !state_res::event_auth::auth_check(&room_version, &incoming_pdu, |k, s| {
auth_events.get(&(k.clone(), s.to_owned()))
})
.map_err(|_e| Error::BadRequest(ErrorKind::InvalidParam, "Auth check failed."))?
let soft_fail = state_res::event_auth::auth_check(
&room_version_rules.authorization,
&incoming_pdu,
|k, s| auth_events.get(&(k.clone(), s.to_owned())),
)
.is_err()
|| incoming_pdu.kind == TimelineEventType::RoomRedaction
&& match room_version_id {
RoomVersionId::V1
@ -932,7 +956,7 @@ impl Service {
}
let new_room_state = self
.resolve_state(room_id, room_version_id, state_after)
.resolve_state(room_id, &room_version_rules.authorization, state_after)
.await?;
// Set the new room state to the resolved state
@ -1009,7 +1033,7 @@ impl Service {
async fn resolve_state(
&self,
room_id: &RoomId,
room_version_id: &RoomVersionId,
auth_rules: &AuthorizationRules,
incoming_state: HashMap<u64, Arc<EventId>>,
) -> Result<Arc<HashSet<CompressedStateEvent>>> {
debug!("Loading current room state ids");
@ -1068,12 +1092,8 @@ impl Service {
};
let lock = services().globals.stateres_mutex.lock();
let state = match state_res::resolve(
room_version_id,
&fork_states,
auth_chain_sets,
fetch_event,
) {
let state = match state_res::resolve(auth_rules, &fork_states, auth_chain_sets, fetch_event)
{
Ok(new_state) => new_state,
Err(_) => {
return Err(Error::bad_database("State resolution failed, either an event could not be found or deserialization"));
@ -1118,7 +1138,7 @@ impl Service {
events: &'a [Arc<EventId>],
create_event: &'a PduEvent,
room_id: &'a RoomId,
room_version_id: &'a RoomVersionId,
room_version_rules: &'a RoomVersionRules,
pub_key_map: &'a RwLock<BTreeMap<String, SigningKeys>>,
) -> AsyncRecursiveType<'a, Vec<(Arc<PduEvent>, Option<BTreeMap<String, CanonicalJsonValue>>)>>
{
@ -1207,7 +1227,8 @@ impl Service {
Ok(res) => {
info!("Got {} over federation", next_id);
let (calculated_event_id, value) =
match pdu::gen_event_id_canonical_json(&res.pdu, room_version_id) {
match pdu::gen_event_id_canonical_json(&res.pdu, room_version_rules)
{
Ok(t) => t,
Err(_) => {
back_off((*next_id).to_owned()).await;
@ -1301,7 +1322,7 @@ impl Service {
origin: &ServerName,
create_event: &PduEvent,
room_id: &RoomId,
room_version_id: &RoomVersionId,
room_version_rules: &RoomVersionRules,
pub_key_map: &RwLock<BTreeMap<String, SigningKeys>>,
initial_set: Vec<Arc<EventId>>,
) -> Result<(
@ -1327,7 +1348,7 @@ impl Service {
&[prev_event_id.clone()],
create_event,
room_id,
room_version_id,
room_version_rules,
pub_key_map,
)
.await
@ -1456,7 +1477,7 @@ impl Service {
&self,
pdu: &RawJsonValue,
servers: &mut BTreeMap<OwnedServerName, BTreeMap<OwnedServerSigningKeyId, QueryCriteria>>,
room_version: &RoomVersionId,
room_version_rules: &RoomVersionRules,
pub_key_map: &mut RwLockWriteGuard<'_, BTreeMap<String, SigningKeys>>,
) -> Result<()> {
let value: CanonicalJsonObject = serde_json::from_str(pdu.get()).map_err(|e| {
@ -1466,7 +1487,7 @@ impl Service {
let event_id = format!(
"${}",
ruma::signatures::reference_hash(&value, room_version)
ruma::signatures::reference_hash(&value, room_version_rules)
.map_err(|_| Error::BadRequest(ErrorKind::BadJson, "Invalid PDU format"))?
);
let event_id = <&EventId>::try_from(event_id.as_str())
@ -1548,7 +1569,7 @@ impl Service {
pub(crate) async fn fetch_join_signing_keys(
&self,
event: &create_join_event::v2::Response,
room_version: &RoomVersionId,
room_version_rules: &RoomVersionRules,
pub_key_map: &RwLock<BTreeMap<String, SigningKeys>>,
) -> Result<()> {
let mut servers: BTreeMap<
@ -1563,12 +1584,12 @@ impl Service {
// Servers we couldn't find in the cache will be added to `servers`
for pdu in &event.room_state.state {
let _ = self
.get_server_keys_from_cache(pdu, &mut servers, room_version, &mut pkm)
.get_server_keys_from_cache(pdu, &mut servers, room_version_rules, &mut pkm)
.await;
}
for pdu in &event.room_state.auth_chain {
let _ = self
.get_server_keys_from_cache(pdu, &mut servers, room_version, &mut pkm)
.get_server_keys_from_cache(pdu, &mut servers, room_version_rules, &mut pkm)
.await;
}

67
src/service/rooms/helpers/mod.rs
View file

@ -20,6 +20,7 @@ use ruma::{
},
TimelineEventType,
},
room_version_rules::RoomVersionRules,
state_res, CanonicalJsonObject, CanonicalJsonValue, EventId, MilliSecondsSinceUnixEpoch,
OwnedEventId, OwnedServerName, OwnedUserId, RoomId, RoomVersionId, UserId,
};
@ -91,12 +92,15 @@ impl Service {
}
_ => return Err(Error::BadServerResponse("Room version is not supported")),
};
let room_version_rules = room_version_id
.rules()
.expect("Supported room version has rules");
let (event_id, mut join_event, _) = self.populate_membership_template(
&make_join_response.event,
sender_user,
reason,
&room_version_id,
&room_version_rules,
MembershipState::Join,
)?;
@ -119,7 +123,7 @@ impl Service {
if let Some(signed_raw) = &send_join_response.room_state.event {
info!("There is a signed event. This room is probably using restricted joins. Adding signature to our event");
let (signed_event_id, signed_value) =
match gen_event_id_canonical_json(signed_raw, &room_version_id) {
match gen_event_id_canonical_json(signed_raw, &room_version_rules) {
Ok(t) => t,
Err(_) => {
// Event could not be converted to canonical json
@ -178,7 +182,13 @@ impl Service {
services()
.rooms
.event_handler
.fetch_join_signing_keys(&send_join_response, &room_version_id, &pub_key_map)
.fetch_join_signing_keys(
&send_join_response,
&room_version_id
.rules()
.expect("Supported room version has rules"),
&pub_key_map,
)
.await?;
info!("Going through send_join response room_state");
@ -230,8 +240,11 @@ impl Service {
}
info!("Running send_join auth check");
let authenticated = state_res::event_auth::auth_check(
&state_res::RoomVersion::new(&room_version_id).expect("room version is supported"),
if let Err(e) = state_res::event_auth::auth_check(
&room_version_id
.rules()
.expect("Supported room version has rules")
.authorization,
&parsed_join_pdu,
|k, s| {
services()
@ -248,18 +261,13 @@ impl Service {
)
.ok()?
},
)
.map_err(|e| {
) {
warn!("Auth check failed: {e}");
Error::BadRequest(ErrorKind::InvalidParam, "Auth check failed")
})?;
if !authenticated {
return Err(Error::BadRequest(
ErrorKind::InvalidParam,
"Auth check failed",
));
}
};
info!("Saving state from send_join");
let (statehash_before_join, new, removed) =
@ -424,7 +432,9 @@ impl Service {
&make_join_response.event,
sender_user,
reason,
&room_version_id,
&room_version_id
.rules()
.expect("Supported room version has rules"),
MembershipState::Join,
)?;
@ -442,8 +452,12 @@ impl Service {
.await?;
let pdu = if let Some(signed_raw) = send_join_response.room_state.event {
let (signed_event_id, signed_pdu) =
gen_event_id_canonical_json(&signed_raw, &room_version_id)?;
let (signed_event_id, signed_pdu) = gen_event_id_canonical_json(
&signed_raw,
&room_version_id
.rules()
.expect("Supported room version has rules"),
)?;
if signed_event_id != event_id {
return Err(Error::BadServerResponse(
@ -491,7 +505,7 @@ impl Service {
member_template: &RawJsonValue,
sender_user: &UserId,
reason: Option<String>,
room_version_id: &RoomVersionId,
room_version_rules: &RoomVersionRules,
membership: MembershipState,
) -> Result<(OwnedEventId, BTreeMap<String, CanonicalJsonValue>, bool), Error> {
let mut member_event_stub: CanonicalJsonObject =
@ -545,13 +559,13 @@ impl Service {
services().globals.server_name().as_str(),
services().globals.keypair(),
&mut member_event_stub,
room_version_id,
&room_version_rules.redaction,
)
.expect("event is valid, we just created it");
let event_id = format!(
"${}",
ruma::signatures::reference_hash(&member_event_stub, room_version_id)
ruma::signatures::reference_hash(&member_event_stub, room_version_rules)
.expect("Event format validated when event was hashed")
);
@ -616,8 +630,13 @@ async fn validate_and_add_event_id(
})?;
let event_id = EventId::parse(format!(
"${}",
ruma::signatures::reference_hash(&value, room_version)
.map_err(|_| Error::BadRequest(ErrorKind::BadJson, "Invalid PDU format"))?
ruma::signatures::reference_hash(
&value,
&room_version
.rules()
.expect("Supported room version has rules")
)
.map_err(|_| Error::BadRequest(ErrorKind::BadJson, "Invalid PDU format"))?
))
.expect("ruma's reference hashes are valid event ids");
@ -683,7 +702,13 @@ async fn validate_and_add_event_id(
.globals
.filter_keys_server_map(unfiltered_keys, origin_server_ts, room_version);
if let Err(e) = ruma::signatures::verify_event(&keys, &value, room_version) {
if let Err(e) = ruma::signatures::verify_event(
&keys,
&value,
&room_version
.rules()
.expect("Supported room version has rules"),
) {
warn!("Event {} failed verification {:?} {}", event_id, pdu, e);
back_off(event_id).await;
return Err(Error::BadServerResponse("Event failed verification."));

7
src/service/rooms/state/mod.rs
View file

@ -12,6 +12,7 @@ use ruma::{
AnyStrippedStateEvent, StateEventType, TimelineEventType,
RECOMMENDED_STRIPPED_STATE_EVENT_TYPES,
},
room_version_rules::AuthorizationRules,
serde::Raw,
state_res::{self, StateMap},
EventId, OwnedEventId, RoomId, RoomVersionId, UserId,
@ -338,6 +339,7 @@ impl Service {
sender: &UserId,
state_key: Option<&str>,
content: &serde_json::value::RawValue,
auth_rules: &AuthorizationRules,
) -> Result<StateMap<Arc<PduEvent>>> {
let shortstatehash = if let Some(current_shortstatehash) =
services().rooms.state.get_room_shortstatehash(room_id)?
@ -347,8 +349,9 @@ impl Service {
return Ok(HashMap::new());
};
let auth_events = state_res::auth_types_for_event(kind, sender, state_key, content)
.expect("content is a valid JSON object");
let auth_events =
state_res::auth_types_for_event(kind, sender, state_key, content, auth_rules)
.expect("content is a valid JSON object");
let mut sauthevents = auth_events
.into_iter()

36
src/service/rooms/timeline/mod.rs
View file

@ -21,7 +21,7 @@ use ruma::{
GlobalAccountDataEventType, StateEventType, TimelineEventType,
},
push::{Action, Ruleset, Tweak},
state_res::{self, Event, RoomVersion},
state_res::{self, Event},
uint, user_id, CanonicalJsonObject, CanonicalJsonValue, EventId, MilliSecondsSinceUnixEpoch,
OwnedEventId, OwnedRoomId, OwnedServerName, RoomId, RoomVersionId, ServerName, UserId,
};
@ -701,7 +701,9 @@ impl Service {
}
})?;
let room_version = RoomVersion::new(&room_version_id).expect("room version is supported");
let room_version_rules = room_version_id
.rules()
.expect("Supported room version has rules");
let auth_events = services().rooms.state.get_auth_events(
room_id,
@ -709,6 +711,7 @@ impl Service {
sender,
state_key.as_deref(),
&content,
&room_version_rules.authorization,
)?;
// Our depth is the maximum depth of prev_events + 1
@ -766,15 +769,11 @@ impl Service {
signatures: None,
};
let auth_check = state_res::auth_check(&room_version, &pdu, |k, s| {
if state_res::auth_check(&room_version_rules.authorization, &pdu, |k, s| {
auth_events.get(&(k.clone(), s.to_owned()))
})
.map_err(|e| {
error!("{:?}", e);
Error::bad_database("Auth check failed.")
})?;
if !auth_check {
.is_err()
{
return Err(Error::BadRequest(
ErrorKind::forbidden(),
"Event is not authorized.",
@ -798,7 +797,7 @@ impl Service {
services().globals.server_name().as_str(),
services().globals.keypair(),
&mut pdu_json,
&room_version_id,
&room_version_rules.redaction,
) {
Ok(_) => {}
Err(e) => {
@ -818,8 +817,13 @@ impl Service {
// Generate event id
pdu.event_id = EventId::parse_arc(format!(
"${}",
ruma::signatures::reference_hash(&pdu_json, &room_version_id)
.expect("Event format validated when event was hashed")
ruma::signatures::reference_hash(
&pdu_json,
&room_version_id
.rules()
.expect("Supported room version has rules")
)
.expect("Event format validated when event was hashed")
))
.expect("ruma's reference hashes are valid event ids");
@ -1139,7 +1143,13 @@ impl Service {
}
let room_version_id = services().rooms.state.get_room_version(&pdu.room_id)?;
pdu.redact(room_version_id, reason)?;
pdu.redact(
room_version_id
.rules()
.expect("Supported room version has rules")
.redaction,
reason,
)?;
self.replace_pdu(
&pdu_id,

5
src/utils/error.rs
View file

@ -60,7 +60,7 @@ pub enum Error {
BadDatabase(&'static str),
#[error("uiaa")]
Uiaa(UiaaInfo),
#[error("{}: {1}",.0.errcode())]
#[error("{n}: {1}", n = _0.errcode())]
BadRequest(ErrorKind, &'static str),
#[error("{0}")]
Conflict(&'static str), // This is only needed for when a room alias already exists
@ -70,6 +70,9 @@ pub enum Error {
#[cfg(feature = "conduit_bin")]
#[error("{0}")]
PathError(#[from] axum::extract::rejection::PathRejection),
#[cfg(feature = "conduit_bin")]
#[error("{0}")]
TypedHeaderError(#[from] axum_extra::typed_header::TypedHeaderRejection),
#[error("{0}")]
AdminCommand(&'static str),
#[error("from {0}: {1}")]

4
src/utils/mod.rs
View file

@ -59,8 +59,8 @@ pub fn string_from_bytes(bytes: &[u8]) -> Result<String, std::string::FromUtf8Er
}
pub fn random_string(length: usize) -> String {
thread_rng()
.sample_iter(&rand::distributions::Alphanumeric)
rand::rng()
.sample_iter(&rand::distr::Alphanumeric)
.take(length)
.map(char::from)
.collect()