@unwanted/matrix-sdk-mini 34.12.0-1 → 34.12.0-3

package/src/rust-crypto/DehydratedDeviceManager.ts

@@ -1,306 +0,0 @@
-/*
-Copyright 2024 The Matrix.org Foundation C.I.C.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-    http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-import * as RustSdkCryptoJs from "@matrix-org/matrix-sdk-crypto-wasm";
-
-import { OutgoingRequestProcessor } from "./OutgoingRequestProcessor.ts";
-import { encodeUri } from "../utils.ts";
-import { IHttpOpts, MatrixError, MatrixHttpApi, Method } from "../http-api/index.ts";
-import { IToDeviceEvent } from "../sync-accumulator.ts";
-import { ServerSideSecretStorage } from "../secret-storage.ts";
-import { decodeBase64, encodeUnpaddedBase64 } from "../base64.ts";
-import { Logger } from "../logger.ts";
-
-/**
- * The response body of `GET /_matrix/client/unstable/org.matrix.msc3814.v1/dehydrated_device`.
- */
-interface DehydratedDeviceResp {
-    device_id: string;
-    device_data: {
-        algorithm: string;
-    };
-}
-/**
- * The response body of `POST /_matrix/client/unstable/org.matrix.msc3814.v1/dehydrated_device/events`.
- */
-interface DehydratedDeviceEventsResp {
-    events: IToDeviceEvent[];
-    next_batch: string;
-}
-
-/**
- * The unstable URL prefix for dehydrated device endpoints
- */
-export const UnstablePrefix = "/_matrix/client/unstable/org.matrix.msc3814.v1";
-/**
- * The name used for the dehydration key in Secret Storage
- */
-const SECRET_STORAGE_NAME = "org.matrix.msc3814";
-
-/**
- * The interval between creating dehydrated devices. (one week)
- */
-const DEHYDRATION_INTERVAL = 7 * 24 * 60 * 60 * 1000;
-
-/**
- * Manages dehydrated devices
- *
- * We have one of these per `RustCrypto`.  It's responsible for
- *
- * * determining server support for dehydrated devices
- * * creating new dehydrated devices when requested, including periodically
- *   replacing the dehydrated device with a new one
- * * rehydrating a device when requested, and when present
- *
- * @internal
- */
-export class DehydratedDeviceManager {
-    /** the secret key used for dehydrating and rehydrating */
-    private key?: Uint8Array;
-    /** the ID of the interval for periodically replacing the dehydrated device */
-    private intervalId?: ReturnType<typeof setInterval>;
-
-    public constructor(
-        private readonly logger: Logger,
-        private readonly olmMachine: RustSdkCryptoJs.OlmMachine,
-        private readonly http: MatrixHttpApi<IHttpOpts & { onlyData: true }>,
-        private readonly outgoingRequestProcessor: OutgoingRequestProcessor,
-        private readonly secretStorage: ServerSideSecretStorage,
-    ) {}
-
-    /**
-     * Return whether the server supports dehydrated devices.
-     */
-    public async isSupported(): Promise<boolean> {
-        // call the endpoint to get a dehydrated device.  If it returns an
-        // M_UNRECOGNIZED error, then dehydration is unsupported.  If it returns
-        // a successful response, or an M_NOT_FOUND, then dehydration is supported.
-        // Any other exceptions are passed through.
-        try {
-            await this.http.authedRequest<DehydratedDeviceResp>(
-                Method.Get,
-                "/dehydrated_device",
-                undefined,
-                undefined,
-                {
-                    prefix: UnstablePrefix,
-                },
-            );
-        } catch (error) {
-            const err = error as MatrixError;
-            if (err.errcode === "M_UNRECOGNIZED") {
-                return false;
-            } else if (err.errcode === "M_NOT_FOUND") {
-                return true;
-            }
-            throw error;
-        }
-        return true;
-    }
-
-    /**
-     * Start using device dehydration.
-     *
-     * - Rehydrates a dehydrated device, if one is available.
-     * - Creates a new dehydration key, if necessary, and stores it in Secret
-     *   Storage.
-     *   - If `createNewKey` is set to true, always creates a new key.
-     *   - If a dehydration key is not available, creates a new one.
-     * - Creates a new dehydrated device, and schedules periodically creating
-     *   new dehydrated devices.
-     *
-     * @param createNewKey - whether to force creation of a new dehydration key.
-     *   This can be used, for example, if Secret Storage is being reset.
-     */
-    public async start(createNewKey?: boolean): Promise<void> {
-        this.stop();
-        try {
-            await this.rehydrateDeviceIfAvailable();
-        } catch (e) {
-            // If rehydration fails, there isn't much we can do about it.  Log
-            // the error, and create a new device.
-            this.logger.info("dehydration: Error rehydrating device:", e);
-        }
-        if (createNewKey) {
-            await this.resetKey();
-        }
-        await this.scheduleDeviceDehydration();
-    }
-
-    /**
-     * Return whether the dehydration key is stored in Secret Storage.
-     */
-    public async isKeyStored(): Promise<boolean> {
-        return Boolean(await this.secretStorage.isStored(SECRET_STORAGE_NAME));
-    }
-
-    /**
-     * Reset the dehydration key.
-     *
-     * Creates a new key and stores it in secret storage.
-     */
-    public async resetKey(): Promise<void> {
-        const key = new Uint8Array(32);
-        globalThis.crypto.getRandomValues(key);
-        await this.secretStorage.store(SECRET_STORAGE_NAME, encodeUnpaddedBase64(key));
-        this.key = key;
-    }
-
-    /**
-     * Get and cache the encryption key from secret storage.
-     *
-     * If `create` is `true`, creates a new key if no existing key is present.
-     *
-     * @returns the key, if available, or `null` if no key is available
-     */
-    private async getKey(create: boolean): Promise<Uint8Array | null> {
-        if (this.key === undefined) {
-            const keyB64 = await this.secretStorage.get(SECRET_STORAGE_NAME);
-            if (keyB64 === undefined) {
-                if (!create) {
-                    return null;
-                }
-                await this.resetKey();
-            } else {
-                this.key = decodeBase64(keyB64);
-            }
-        }
-        return this.key!;
-    }
-
-    /**
-     * Rehydrate the dehydrated device stored on the server.
-     *
-     * Checks if there is a dehydrated device on the server.  If so, rehydrates
-     * the device and processes the to-device events.
-     *
-     * Returns whether or not a dehydrated device was found.
-     */
-    public async rehydrateDeviceIfAvailable(): Promise<boolean> {
-        const key = await this.getKey(false);
-        if (!key) {
-            return false;
-        }
-
-        let dehydratedDeviceResp;
-        try {
-            dehydratedDeviceResp = await this.http.authedRequest<DehydratedDeviceResp>(
-                Method.Get,
-                "/dehydrated_device",
-                undefined,
-                undefined,
-                {
-                    prefix: UnstablePrefix,
-                },
-            );
-        } catch (error) {
-            const err = error as MatrixError;
-            // We ignore M_NOT_FOUND (there is no dehydrated device, so nothing
-            // us to do) and M_UNRECOGNIZED (the server does not understand the
-            // endpoint).  We pass through any other errors.
-            if (err.errcode === "M_NOT_FOUND" || err.errcode === "M_UNRECOGNIZED") {
-                this.logger.info("dehydration: No dehydrated device");
-                return false;
-            }
-            throw err;
-        }
-
-        this.logger.info("dehydration: dehydrated device found");
-
-        const rehydratedDevice = await this.olmMachine
-            .dehydratedDevices()
-            .rehydrate(
-                key,
-                new RustSdkCryptoJs.DeviceId(dehydratedDeviceResp.device_id),
-                JSON.stringify(dehydratedDeviceResp.device_data),
-            );
-
-        this.logger.info("dehydration: device rehydrated");
-
-        let nextBatch: string | undefined = undefined;
-        let toDeviceCount = 0;
-        let roomKeyCount = 0;
-        const path = encodeUri("/dehydrated_device/$device_id/events", {
-            $device_id: dehydratedDeviceResp.device_id,
-        });
-        // eslint-disable-next-line no-constant-condition
-        while (true) {
-            const eventResp: DehydratedDeviceEventsResp = await this.http.authedRequest<DehydratedDeviceEventsResp>(
-                Method.Post,
-                path,
-                undefined,
-                nextBatch ? { next_batch: nextBatch } : {},
-                {
-                    prefix: UnstablePrefix,
-                },
-            );
-
-            if (eventResp.events.length === 0) {
-                break;
-            }
-            toDeviceCount += eventResp.events.length;
-            nextBatch = eventResp.next_batch;
-            const roomKeyInfos = await rehydratedDevice.receiveEvents(JSON.stringify(eventResp.events));
-            roomKeyCount += roomKeyInfos.length;
-        }
-        this.logger.info(`dehydration: received ${roomKeyCount} room keys from ${toDeviceCount} to-device events`);
-
-        return true;
-    }
-
-    /**
-     * Creates and uploads a new dehydrated device.
-     *
-     * Creates and stores a new key in secret storage if none is available.
-     */
-    public async createAndUploadDehydratedDevice(): Promise<void> {
-        const key = (await this.getKey(true))!;
-
-        const dehydratedDevice = await this.olmMachine.dehydratedDevices().create();
-        const request = await dehydratedDevice.keysForUpload("Dehydrated device", key);
-
-        await this.outgoingRequestProcessor.makeOutgoingRequest(request);
-
-        this.logger.info("dehydration: uploaded device");
-    }
-
-    /**
-     * Schedule periodic creation of dehydrated devices.
-     */
-    public async scheduleDeviceDehydration(): Promise<void> {
-        // cancel any previously-scheduled tasks
-        this.stop();
-
-        await this.createAndUploadDehydratedDevice();
-        this.intervalId = setInterval(() => {
-            this.createAndUploadDehydratedDevice().catch((error) => {
-                this.logger.error("Error creating dehydrated device:", error);
-            });
-        }, DEHYDRATION_INTERVAL);
-    }
-
-    /**
-     * Stop the dehydrated device manager.
-     *
-     * Cancels any scheduled dehydration tasks.
-     */
-    public stop(): void {
-        if (this.intervalId) {
-            clearInterval(this.intervalId);
-            this.intervalId = undefined;
-        }
-    }
-}

package/src/rust-crypto/KeyClaimManager.ts

@@ -1,86 +0,0 @@
-/*
-Copyright 2023 The Matrix.org Foundation C.I.C.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-    http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-import { OlmMachine, UserId } from "@matrix-org/matrix-sdk-crypto-wasm";
-
-import { OutgoingRequestProcessor } from "./OutgoingRequestProcessor.ts";
-import { LogSpan } from "../logger.ts";
-
-/**
- * KeyClaimManager: linearises calls to OlmMachine.getMissingSessions to avoid races
- *
- * We have one of these per `RustCrypto` (and hence per `MatrixClient`).
- *
- * @internal
- */
-export class KeyClaimManager {
-    private currentClaimPromise: Promise<void>;
-    private stopped = false;
-
-    public constructor(
-        private readonly olmMachine: OlmMachine,
-        private readonly outgoingRequestProcessor: OutgoingRequestProcessor,
-    ) {
-        this.currentClaimPromise = Promise.resolve();
-    }
-
-    /**
-     * Tell the KeyClaimManager to immediately stop processing requests.
-     *
-     * Any further calls, and any still in the queue, will fail with an error.
-     */
-    public stop(): void {
-        this.stopped = true;
-    }
-
-    /**
-     * Given a list of users, attempt to ensure that we have Olm Sessions active with each of their devices
-     *
-     * If we don't have an active olm session, we will claim a one-time key and start one.
-     * @param logger - logger to use
-     * @param userList - list of userIDs to claim
-     */
-    public ensureSessionsForUsers(logger: LogSpan, userList: Array<UserId>): Promise<void> {
-        // The Rust-SDK requires that we only have one getMissingSessions process in flight at once. This little dance
-        // ensures that, by only having one call to ensureSessionsForUsersInner active at once (and making them
-        // queue up in order).
-        const prom = this.currentClaimPromise
-            .catch(() => {
-                // any errors in the previous claim will have been reported already, so there is nothing to do here.
-                // we just throw away the error and start anew.
-            })
-            .then(() => this.ensureSessionsForUsersInner(logger, userList));
-        this.currentClaimPromise = prom;
-        return prom;
-    }
-
-    private async ensureSessionsForUsersInner(logger: LogSpan, userList: Array<UserId>): Promise<void> {
-        // bail out quickly if we've been stopped.
-        if (this.stopped) {
-            throw new Error(`Cannot ensure Olm sessions: shutting down`);
-        }
-        logger.info("Checking for missing Olm sessions");
-        // By passing the userId array to rust we transfer ownership of the items to rust, causing
-        // them to be invalidated on the JS side as soon as the method is called.
-        // As we haven't created the `userList` let's clone the users, to not break the caller from re-using it.
-        const claimRequest = await this.olmMachine.getMissingSessions(userList.map((u) => u.clone()));
-        if (claimRequest) {
-            logger.info("Making /keys/claim request");
-            await this.outgoingRequestProcessor.makeOutgoingRequest(claimRequest);
-        }
-        logger.info("Olm sessions prepared");
-    }
-}

package/src/rust-crypto/OutgoingRequestProcessor.ts

@@ -1,236 +0,0 @@
-/*
-Copyright 2023 The Matrix.org Foundation C.I.C.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-    http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-import {
-    KeysBackupRequest,
-    KeysClaimRequest,
-    KeysQueryRequest,
-    KeysUploadRequest,
-    OlmMachine,
-    PutDehydratedDeviceRequest,
-    RoomMessageRequest,
-    SignatureUploadRequest,
-    ToDeviceRequest,
-    UploadSigningKeysRequest,
-} from "@matrix-org/matrix-sdk-crypto-wasm";
-
-import { logger } from "../logger.ts";
-import { calculateRetryBackoff, IHttpOpts, MatrixHttpApi, Method } from "../http-api/index.ts";
-import { logDuration, QueryDict, sleep } from "../utils.ts";
-import { AuthDict, UIAuthCallback } from "../interactive-auth.ts";
-import { UIAResponse } from "../@types/uia.ts";
-import { ToDeviceMessageId } from "../@types/event.ts";
-import { UnstablePrefix as DehydrationUnstablePrefix } from "./DehydratedDeviceManager.ts";
-
-/**
- * Common interface for all the request types returned by `OlmMachine.outgoingRequests`.
- *
- * @internal
- */
-export interface OutgoingRequest {
-    readonly id: string | undefined;
-    readonly type: number;
-}
-
-/**
- * OutgoingRequestManager: turns `OutgoingRequest`s from the rust sdk into HTTP requests
- *
- * We have one of these per `RustCrypto` (and hence per `MatrixClient`), not that it does anything terribly complicated.
- * It's responsible for:
- *
- *   * holding the reference to the `MatrixHttpApi`
- *   * turning `OutgoingRequest`s from the rust backend into HTTP requests, and sending them
- *   * sending the results of such requests back to the rust backend.
- *
- * @internal
- */
-export class OutgoingRequestProcessor {
-    public constructor(
-        private readonly olmMachine: OlmMachine,
-        private readonly http: MatrixHttpApi<IHttpOpts & { onlyData: true }>,
-    ) {}
-
-    public async makeOutgoingRequest<T>(
-        msg: OutgoingRequest | UploadSigningKeysRequest | PutDehydratedDeviceRequest,
-        uiaCallback?: UIAuthCallback<T>,
-    ): Promise<void> {
-        let resp: string;
-
-        /* refer https://docs.rs/matrix-sdk-crypto/0.6.0/matrix_sdk_crypto/requests/enum.OutgoingRequests.html
-         * for the complete list of request types
-         */
-        if (msg instanceof KeysUploadRequest) {
-            resp = await this.requestWithRetry(Method.Post, "/_matrix/client/v3/keys/upload", {}, msg.body);
-        } else if (msg instanceof KeysQueryRequest) {
-            resp = await this.requestWithRetry(Method.Post, "/_matrix/client/v3/keys/query", {}, msg.body);
-        } else if (msg instanceof KeysClaimRequest) {
-            resp = await this.requestWithRetry(Method.Post, "/_matrix/client/v3/keys/claim", {}, msg.body);
-        } else if (msg instanceof SignatureUploadRequest) {
-            resp = await this.requestWithRetry(Method.Post, "/_matrix/client/v3/keys/signatures/upload", {}, msg.body);
-        } else if (msg instanceof KeysBackupRequest) {
-            resp = await this.requestWithRetry(
-                Method.Put,
-                "/_matrix/client/v3/room_keys/keys",
-                { version: msg.version },
-                msg.body,
-            );
-        } else if (msg instanceof ToDeviceRequest) {
-            resp = await this.sendToDeviceRequest(msg);
-        } else if (msg instanceof RoomMessageRequest) {
-            const path =
-                `/_matrix/client/v3/rooms/${encodeURIComponent(msg.room_id)}/send/` +
-                `${encodeURIComponent(msg.event_type)}/${encodeURIComponent(msg.txn_id)}`;
-            resp = await this.requestWithRetry(Method.Put, path, {}, msg.body);
-        } else if (msg instanceof UploadSigningKeysRequest) {
-            await this.makeRequestWithUIA(
-                Method.Post,
-                "/_matrix/client/v3/keys/device_signing/upload",
-                {},
-                msg.body,
-                uiaCallback,
-            );
-            // SigningKeysUploadRequest does not implement OutgoingRequest and does not need to be marked as sent.
-            return;
-        } else if (msg instanceof PutDehydratedDeviceRequest) {
-            const path = DehydrationUnstablePrefix + "/dehydrated_device";
-            await this.rawJsonRequest(Method.Put, path, {}, msg.body);
-            // PutDehydratedDeviceRequest does not implement OutgoingRequest and does not need to be marked as sent.
-            return;
-        } else {
-            logger.warn("Unsupported outgoing message", Object.getPrototypeOf(msg));
-            resp = "";
-        }
-
-        if (msg.id) {
-            try {
-                await logDuration(logger, `Mark Request as sent ${msg.type}`, async () => {
-                    await this.olmMachine.markRequestAsSent(msg.id!, msg.type, resp);
-                });
-            } catch (e) {
-                // Ignore errors which are caused by the olmMachine having been freed. The exact error message depends
-                // on whether we are using a release or develop build of rust-sdk-crypto-wasm.
-                if (
-                    e instanceof Error &&
-                    (e.message === "Attempt to use a moved value" || e.message === "null pointer passed to rust")
-                ) {
-                    logger.log(`Ignoring error '${e.message}': client is likely shutting down`);
-                } else {
-                    throw e;
-                }
-            }
-        } else {
-            logger.trace(`Outgoing request type:${msg.type} does not have an ID`);
-        }
-    }
-
-    /**
-     * Send the HTTP request for a `ToDeviceRequest`
-     *
-     * @param request - request to send
-     * @returns JSON-serialized body of the response, if successful
-     */
-    private async sendToDeviceRequest(request: ToDeviceRequest): Promise<string> {
-        // a bit of extra logging, to help trace to-device messages through the system
-        const parsedBody: { messages: Record<string, Record<string, Record<string, any>>> } = JSON.parse(request.body);
-
-        const messageList = [];
-        for (const [userId, perUserMessages] of Object.entries(parsedBody.messages)) {
-            for (const [deviceId, message] of Object.entries(perUserMessages)) {
-                messageList.push(`${userId}/${deviceId} (msgid ${message[ToDeviceMessageId]})`);
-            }
-        }
-
-        logger.info(
-            `Sending batch of to-device messages. type=${request.event_type} txnid=${request.txn_id}`,
-            messageList,
-        );
-
-        const path =
-            `/_matrix/client/v3/sendToDevice/${encodeURIComponent(request.event_type)}/` +
-            encodeURIComponent(request.txn_id);
-        return await this.requestWithRetry(Method.Put, path, {}, request.body);
-    }
-
-    private async makeRequestWithUIA<T>(
-        method: Method,
-        path: string,
-        queryParams: QueryDict,
-        body: string,
-        uiaCallback: UIAuthCallback<T> | undefined,
-    ): Promise<string> {
-        if (!uiaCallback) {
-            return await this.requestWithRetry(method, path, queryParams, body);
-        }
-
-        const parsedBody = JSON.parse(body);
-        const makeRequest = async (auth: AuthDict | null): Promise<UIAResponse<T>> => {
-            const newBody: Record<string, any> = {
-                ...parsedBody,
-            };
-            if (auth !== null) {
-                newBody.auth = auth;
-            }
-            const resp = await this.requestWithRetry(method, path, queryParams, JSON.stringify(newBody));
-            return JSON.parse(resp) as T;
-        };
-
-        const resp = await uiaCallback(makeRequest);
-        return JSON.stringify(resp);
-    }
-
-    private async requestWithRetry(
-        method: Method,
-        path: string,
-        queryParams: QueryDict,
-        body: string,
-    ): Promise<string> {
-        let currentRetryCount = 0;
-
-        // eslint-disable-next-line no-constant-condition
-        while (true) {
-            try {
-                return await this.rawJsonRequest(method, path, queryParams, body);
-            } catch (e) {
-                currentRetryCount++;
-                const backoff = calculateRetryBackoff(e, currentRetryCount, true);
-                if (backoff < 0) {
-                    // Max number of retries reached, or error is not retryable. rethrow the error
-                    throw e;
-                }
-                // wait for the specified time and then retry the request
-                await sleep(backoff);
-            }
-        }
-    }
-
-    private async rawJsonRequest(method: Method, path: string, queryParams: QueryDict, body: string): Promise<string> {
-        const opts = {
-            // inhibit the JSON stringification and parsing within HttpApi.
-            json: false,
-
-            // nevertheless, we are sending, and accept, JSON.
-            headers: {
-                "Content-Type": "application/json",
-                "Accept": "application/json",
-            },
-
-            // we use the full prefix
-            prefix: "",
-        };
-
-        return await this.http.authedRequest<string>(method, path, queryParams, body, opts);
-    }
-}