matrix-synapse 1.142.0rc3__cp314-abi3-musllinux_1_2_aarch64.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of matrix-synapse might be problematic. Click here for more details.

Files changed (1057) hide show
  1. matrix_synapse-1.142.0rc3.dist-info/AUTHORS.rst +51 -0
  2. matrix_synapse-1.142.0rc3.dist-info/LICENSE-AGPL-3.0 +661 -0
  3. matrix_synapse-1.142.0rc3.dist-info/LICENSE-COMMERCIAL +6 -0
  4. matrix_synapse-1.142.0rc3.dist-info/METADATA +375 -0
  5. matrix_synapse-1.142.0rc3.dist-info/RECORD +1057 -0
  6. matrix_synapse-1.142.0rc3.dist-info/WHEEL +4 -0
  7. matrix_synapse-1.142.0rc3.dist-info/entry_points.txt +14 -0
  8. matrix_synapse.libs/libgcc_s-2d945d6c.so.1 +0 -0
  9. synapse/__init__.py +97 -0
  10. synapse/_scripts/__init__.py +0 -0
  11. synapse/_scripts/export_signing_key.py +109 -0
  12. synapse/_scripts/generate_config.py +83 -0
  13. synapse/_scripts/generate_log_config.py +56 -0
  14. synapse/_scripts/generate_signing_key.py +55 -0
  15. synapse/_scripts/generate_workers_map.py +318 -0
  16. synapse/_scripts/hash_password.py +95 -0
  17. synapse/_scripts/move_remote_media_to_new_store.py +128 -0
  18. synapse/_scripts/register_new_matrix_user.py +374 -0
  19. synapse/_scripts/review_recent_signups.py +212 -0
  20. synapse/_scripts/synapse_port_db.py +1603 -0
  21. synapse/_scripts/synctl.py +365 -0
  22. synapse/_scripts/update_synapse_database.py +130 -0
  23. synapse/api/__init__.py +20 -0
  24. synapse/api/auth/__init__.py +207 -0
  25. synapse/api/auth/base.py +406 -0
  26. synapse/api/auth/internal.py +299 -0
  27. synapse/api/auth/mas.py +457 -0
  28. synapse/api/auth/msc3861_delegated.py +617 -0
  29. synapse/api/auth_blocking.py +144 -0
  30. synapse/api/constants.py +362 -0
  31. synapse/api/errors.py +907 -0
  32. synapse/api/filtering.py +539 -0
  33. synapse/api/presence.py +104 -0
  34. synapse/api/ratelimiting.py +482 -0
  35. synapse/api/room_versions.py +535 -0
  36. synapse/api/urls.py +119 -0
  37. synapse/app/__init__.py +60 -0
  38. synapse/app/_base.py +866 -0
  39. synapse/app/admin_cmd.py +388 -0
  40. synapse/app/appservice.py +30 -0
  41. synapse/app/client_reader.py +30 -0
  42. synapse/app/complement_fork_starter.py +206 -0
  43. synapse/app/event_creator.py +29 -0
  44. synapse/app/federation_reader.py +30 -0
  45. synapse/app/federation_sender.py +30 -0
  46. synapse/app/frontend_proxy.py +30 -0
  47. synapse/app/generic_worker.py +475 -0
  48. synapse/app/homeserver.py +504 -0
  49. synapse/app/media_repository.py +30 -0
  50. synapse/app/phone_stats_home.py +296 -0
  51. synapse/app/pusher.py +30 -0
  52. synapse/app/synchrotron.py +30 -0
  53. synapse/app/user_dir.py +31 -0
  54. synapse/appservice/__init__.py +461 -0
  55. synapse/appservice/api.py +569 -0
  56. synapse/appservice/scheduler.py +567 -0
  57. synapse/config/__init__.py +27 -0
  58. synapse/config/__main__.py +62 -0
  59. synapse/config/_base.py +1108 -0
  60. synapse/config/_base.pyi +217 -0
  61. synapse/config/_util.py +99 -0
  62. synapse/config/account_validity.py +116 -0
  63. synapse/config/api.py +141 -0
  64. synapse/config/appservice.py +210 -0
  65. synapse/config/auth.py +80 -0
  66. synapse/config/auto_accept_invites.py +43 -0
  67. synapse/config/background_updates.py +44 -0
  68. synapse/config/cache.py +231 -0
  69. synapse/config/captcha.py +90 -0
  70. synapse/config/cas.py +116 -0
  71. synapse/config/consent.py +73 -0
  72. synapse/config/database.py +184 -0
  73. synapse/config/emailconfig.py +367 -0
  74. synapse/config/experimental.py +595 -0
  75. synapse/config/federation.py +114 -0
  76. synapse/config/homeserver.py +141 -0
  77. synapse/config/jwt.py +55 -0
  78. synapse/config/key.py +447 -0
  79. synapse/config/logger.py +390 -0
  80. synapse/config/mas.py +191 -0
  81. synapse/config/matrixrtc.py +66 -0
  82. synapse/config/metrics.py +84 -0
  83. synapse/config/modules.py +40 -0
  84. synapse/config/oembed.py +185 -0
  85. synapse/config/oidc.py +509 -0
  86. synapse/config/password_auth_providers.py +82 -0
  87. synapse/config/push.py +64 -0
  88. synapse/config/ratelimiting.py +254 -0
  89. synapse/config/redis.py +74 -0
  90. synapse/config/registration.py +296 -0
  91. synapse/config/repository.py +311 -0
  92. synapse/config/retention.py +162 -0
  93. synapse/config/room.py +88 -0
  94. synapse/config/room_directory.py +165 -0
  95. synapse/config/saml2.py +251 -0
  96. synapse/config/server.py +1170 -0
  97. synapse/config/server_notices.py +84 -0
  98. synapse/config/spam_checker.py +66 -0
  99. synapse/config/sso.py +121 -0
  100. synapse/config/stats.py +54 -0
  101. synapse/config/third_party_event_rules.py +40 -0
  102. synapse/config/tls.py +192 -0
  103. synapse/config/tracer.py +71 -0
  104. synapse/config/user_directory.py +47 -0
  105. synapse/config/user_types.py +44 -0
  106. synapse/config/voip.py +59 -0
  107. synapse/config/workers.py +642 -0
  108. synapse/crypto/__init__.py +20 -0
  109. synapse/crypto/context_factory.py +278 -0
  110. synapse/crypto/event_signing.py +194 -0
  111. synapse/crypto/keyring.py +931 -0
  112. synapse/event_auth.py +1266 -0
  113. synapse/events/__init__.py +668 -0
  114. synapse/events/auto_accept_invites.py +216 -0
  115. synapse/events/builder.py +387 -0
  116. synapse/events/presence_router.py +245 -0
  117. synapse/events/snapshot.py +559 -0
  118. synapse/events/utils.py +928 -0
  119. synapse/events/validator.py +305 -0
  120. synapse/federation/__init__.py +22 -0
  121. synapse/federation/federation_base.py +383 -0
  122. synapse/federation/federation_client.py +2134 -0
  123. synapse/federation/federation_server.py +1544 -0
  124. synapse/federation/persistence.py +71 -0
  125. synapse/federation/send_queue.py +532 -0
  126. synapse/federation/sender/__init__.py +1165 -0
  127. synapse/federation/sender/per_destination_queue.py +884 -0
  128. synapse/federation/sender/transaction_manager.py +210 -0
  129. synapse/federation/transport/__init__.py +28 -0
  130. synapse/federation/transport/client.py +1201 -0
  131. synapse/federation/transport/server/__init__.py +334 -0
  132. synapse/federation/transport/server/_base.py +429 -0
  133. synapse/federation/transport/server/federation.py +912 -0
  134. synapse/federation/units.py +133 -0
  135. synapse/handlers/__init__.py +20 -0
  136. synapse/handlers/account.py +162 -0
  137. synapse/handlers/account_data.py +362 -0
  138. synapse/handlers/account_validity.py +361 -0
  139. synapse/handlers/admin.py +618 -0
  140. synapse/handlers/appservice.py +991 -0
  141. synapse/handlers/auth.py +2494 -0
  142. synapse/handlers/cas.py +413 -0
  143. synapse/handlers/deactivate_account.py +363 -0
  144. synapse/handlers/delayed_events.py +635 -0
  145. synapse/handlers/device.py +1873 -0
  146. synapse/handlers/devicemessage.py +399 -0
  147. synapse/handlers/directory.py +554 -0
  148. synapse/handlers/e2e_keys.py +1834 -0
  149. synapse/handlers/e2e_room_keys.py +455 -0
  150. synapse/handlers/event_auth.py +390 -0
  151. synapse/handlers/events.py +201 -0
  152. synapse/handlers/federation.py +2043 -0
  153. synapse/handlers/federation_event.py +2420 -0
  154. synapse/handlers/identity.py +812 -0
  155. synapse/handlers/initial_sync.py +528 -0
  156. synapse/handlers/jwt.py +120 -0
  157. synapse/handlers/message.py +2347 -0
  158. synapse/handlers/oidc.py +1803 -0
  159. synapse/handlers/pagination.py +768 -0
  160. synapse/handlers/password_policy.py +102 -0
  161. synapse/handlers/presence.py +2638 -0
  162. synapse/handlers/profile.py +655 -0
  163. synapse/handlers/push_rules.py +164 -0
  164. synapse/handlers/read_marker.py +79 -0
  165. synapse/handlers/receipts.py +351 -0
  166. synapse/handlers/register.py +1060 -0
  167. synapse/handlers/relations.py +624 -0
  168. synapse/handlers/reports.py +98 -0
  169. synapse/handlers/room.py +2447 -0
  170. synapse/handlers/room_list.py +632 -0
  171. synapse/handlers/room_member.py +2365 -0
  172. synapse/handlers/room_member_worker.py +146 -0
  173. synapse/handlers/room_policy.py +186 -0
  174. synapse/handlers/room_summary.py +1057 -0
  175. synapse/handlers/saml.py +524 -0
  176. synapse/handlers/search.py +723 -0
  177. synapse/handlers/send_email.py +209 -0
  178. synapse/handlers/set_password.py +71 -0
  179. synapse/handlers/sliding_sync/__init__.py +1701 -0
  180. synapse/handlers/sliding_sync/extensions.py +970 -0
  181. synapse/handlers/sliding_sync/room_lists.py +2266 -0
  182. synapse/handlers/sliding_sync/store.py +128 -0
  183. synapse/handlers/sso.py +1292 -0
  184. synapse/handlers/state_deltas.py +82 -0
  185. synapse/handlers/stats.py +322 -0
  186. synapse/handlers/sync.py +3109 -0
  187. synapse/handlers/thread_subscriptions.py +190 -0
  188. synapse/handlers/typing.py +606 -0
  189. synapse/handlers/ui_auth/__init__.py +48 -0
  190. synapse/handlers/ui_auth/checkers.py +332 -0
  191. synapse/handlers/user_directory.py +783 -0
  192. synapse/handlers/worker_lock.py +365 -0
  193. synapse/http/__init__.py +106 -0
  194. synapse/http/additional_resource.py +62 -0
  195. synapse/http/client.py +1360 -0
  196. synapse/http/connectproxyclient.py +309 -0
  197. synapse/http/federation/__init__.py +19 -0
  198. synapse/http/federation/matrix_federation_agent.py +490 -0
  199. synapse/http/federation/srv_resolver.py +196 -0
  200. synapse/http/federation/well_known_resolver.py +367 -0
  201. synapse/http/matrixfederationclient.py +1875 -0
  202. synapse/http/proxy.py +290 -0
  203. synapse/http/proxyagent.py +497 -0
  204. synapse/http/replicationagent.py +203 -0
  205. synapse/http/request_metrics.py +309 -0
  206. synapse/http/server.py +1114 -0
  207. synapse/http/servlet.py +1019 -0
  208. synapse/http/site.py +825 -0
  209. synapse/http/types.py +27 -0
  210. synapse/logging/__init__.py +31 -0
  211. synapse/logging/_remote.py +261 -0
  212. synapse/logging/_terse_json.py +95 -0
  213. synapse/logging/context.py +1211 -0
  214. synapse/logging/formatter.py +63 -0
  215. synapse/logging/handlers.py +99 -0
  216. synapse/logging/loggers.py +25 -0
  217. synapse/logging/opentracing.py +1132 -0
  218. synapse/logging/scopecontextmanager.py +161 -0
  219. synapse/media/_base.py +827 -0
  220. synapse/media/filepath.py +417 -0
  221. synapse/media/media_repository.py +1580 -0
  222. synapse/media/media_storage.py +704 -0
  223. synapse/media/oembed.py +277 -0
  224. synapse/media/preview_html.py +559 -0
  225. synapse/media/storage_provider.py +195 -0
  226. synapse/media/thumbnailer.py +833 -0
  227. synapse/media/url_previewer.py +875 -0
  228. synapse/metrics/__init__.py +754 -0
  229. synapse/metrics/_gc.py +219 -0
  230. synapse/metrics/_reactor_metrics.py +171 -0
  231. synapse/metrics/_types.py +38 -0
  232. synapse/metrics/background_process_metrics.py +556 -0
  233. synapse/metrics/common_usage_metrics.py +94 -0
  234. synapse/metrics/jemalloc.py +248 -0
  235. synapse/module_api/__init__.py +2154 -0
  236. synapse/module_api/callbacks/__init__.py +50 -0
  237. synapse/module_api/callbacks/account_validity_callbacks.py +106 -0
  238. synapse/module_api/callbacks/media_repository_callbacks.py +160 -0
  239. synapse/module_api/callbacks/ratelimit_callbacks.py +79 -0
  240. synapse/module_api/callbacks/spamchecker_callbacks.py +1113 -0
  241. synapse/module_api/callbacks/third_party_event_rules_callbacks.py +599 -0
  242. synapse/module_api/errors.py +42 -0
  243. synapse/notifier.py +972 -0
  244. synapse/push/__init__.py +212 -0
  245. synapse/push/bulk_push_rule_evaluator.py +637 -0
  246. synapse/push/clientformat.py +126 -0
  247. synapse/push/emailpusher.py +333 -0
  248. synapse/push/httppusher.py +564 -0
  249. synapse/push/mailer.py +1012 -0
  250. synapse/push/presentable_names.py +216 -0
  251. synapse/push/push_tools.py +114 -0
  252. synapse/push/push_types.py +141 -0
  253. synapse/push/pusher.py +87 -0
  254. synapse/push/pusherpool.py +501 -0
  255. synapse/push/rulekinds.py +33 -0
  256. synapse/py.typed +0 -0
  257. synapse/replication/__init__.py +20 -0
  258. synapse/replication/http/__init__.py +68 -0
  259. synapse/replication/http/_base.py +468 -0
  260. synapse/replication/http/account_data.py +297 -0
  261. synapse/replication/http/deactivate_account.py +81 -0
  262. synapse/replication/http/delayed_events.py +62 -0
  263. synapse/replication/http/devices.py +254 -0
  264. synapse/replication/http/federation.py +334 -0
  265. synapse/replication/http/login.py +106 -0
  266. synapse/replication/http/membership.py +364 -0
  267. synapse/replication/http/presence.py +133 -0
  268. synapse/replication/http/push.py +156 -0
  269. synapse/replication/http/register.py +172 -0
  270. synapse/replication/http/send_events.py +182 -0
  271. synapse/replication/http/state.py +82 -0
  272. synapse/replication/http/streams.py +101 -0
  273. synapse/replication/tcp/__init__.py +56 -0
  274. synapse/replication/tcp/client.py +552 -0
  275. synapse/replication/tcp/commands.py +569 -0
  276. synapse/replication/tcp/context.py +41 -0
  277. synapse/replication/tcp/external_cache.py +156 -0
  278. synapse/replication/tcp/handler.py +942 -0
  279. synapse/replication/tcp/protocol.py +608 -0
  280. synapse/replication/tcp/redis.py +509 -0
  281. synapse/replication/tcp/resource.py +348 -0
  282. synapse/replication/tcp/streams/__init__.py +96 -0
  283. synapse/replication/tcp/streams/_base.py +766 -0
  284. synapse/replication/tcp/streams/events.py +287 -0
  285. synapse/replication/tcp/streams/federation.py +92 -0
  286. synapse/replication/tcp/streams/partial_state.py +80 -0
  287. synapse/res/providers.json +29 -0
  288. synapse/res/templates/_base.html +29 -0
  289. synapse/res/templates/account_previously_renewed.html +6 -0
  290. synapse/res/templates/account_renewed.html +6 -0
  291. synapse/res/templates/add_threepid.html +8 -0
  292. synapse/res/templates/add_threepid.txt +6 -0
  293. synapse/res/templates/add_threepid_failure.html +7 -0
  294. synapse/res/templates/add_threepid_success.html +6 -0
  295. synapse/res/templates/already_in_use.html +12 -0
  296. synapse/res/templates/already_in_use.txt +10 -0
  297. synapse/res/templates/auth_success.html +21 -0
  298. synapse/res/templates/invalid_token.html +6 -0
  299. synapse/res/templates/mail-Element.css +7 -0
  300. synapse/res/templates/mail-Vector.css +7 -0
  301. synapse/res/templates/mail-expiry.css +4 -0
  302. synapse/res/templates/mail.css +156 -0
  303. synapse/res/templates/notice_expiry.html +46 -0
  304. synapse/res/templates/notice_expiry.txt +7 -0
  305. synapse/res/templates/notif.html +51 -0
  306. synapse/res/templates/notif.txt +22 -0
  307. synapse/res/templates/notif_mail.html +59 -0
  308. synapse/res/templates/notif_mail.txt +10 -0
  309. synapse/res/templates/password_reset.html +10 -0
  310. synapse/res/templates/password_reset.txt +7 -0
  311. synapse/res/templates/password_reset_confirmation.html +15 -0
  312. synapse/res/templates/password_reset_failure.html +7 -0
  313. synapse/res/templates/password_reset_success.html +6 -0
  314. synapse/res/templates/recaptcha.html +42 -0
  315. synapse/res/templates/registration.html +12 -0
  316. synapse/res/templates/registration.txt +10 -0
  317. synapse/res/templates/registration_failure.html +6 -0
  318. synapse/res/templates/registration_success.html +6 -0
  319. synapse/res/templates/registration_token.html +18 -0
  320. synapse/res/templates/room.html +33 -0
  321. synapse/res/templates/room.txt +9 -0
  322. synapse/res/templates/sso.css +129 -0
  323. synapse/res/templates/sso_account_deactivated.html +25 -0
  324. synapse/res/templates/sso_auth_account_details.html +186 -0
  325. synapse/res/templates/sso_auth_account_details.js +116 -0
  326. synapse/res/templates/sso_auth_bad_user.html +26 -0
  327. synapse/res/templates/sso_auth_confirm.html +27 -0
  328. synapse/res/templates/sso_auth_success.html +26 -0
  329. synapse/res/templates/sso_error.html +71 -0
  330. synapse/res/templates/sso_footer.html +19 -0
  331. synapse/res/templates/sso_login_idp_picker.html +60 -0
  332. synapse/res/templates/sso_new_user_consent.html +30 -0
  333. synapse/res/templates/sso_partial_profile.html +19 -0
  334. synapse/res/templates/sso_redirect_confirm.html +39 -0
  335. synapse/res/templates/style.css +33 -0
  336. synapse/res/templates/terms.html +27 -0
  337. synapse/rest/__init__.py +197 -0
  338. synapse/rest/admin/__init__.py +390 -0
  339. synapse/rest/admin/_base.py +72 -0
  340. synapse/rest/admin/background_updates.py +171 -0
  341. synapse/rest/admin/devices.py +221 -0
  342. synapse/rest/admin/event_reports.py +173 -0
  343. synapse/rest/admin/events.py +69 -0
  344. synapse/rest/admin/experimental_features.py +137 -0
  345. synapse/rest/admin/federation.py +243 -0
  346. synapse/rest/admin/media.py +540 -0
  347. synapse/rest/admin/registration_tokens.py +358 -0
  348. synapse/rest/admin/rooms.py +1061 -0
  349. synapse/rest/admin/scheduled_tasks.py +70 -0
  350. synapse/rest/admin/server_notice_servlet.py +132 -0
  351. synapse/rest/admin/statistics.py +132 -0
  352. synapse/rest/admin/username_available.py +58 -0
  353. synapse/rest/admin/users.py +1608 -0
  354. synapse/rest/client/__init__.py +20 -0
  355. synapse/rest/client/_base.py +113 -0
  356. synapse/rest/client/account.py +930 -0
  357. synapse/rest/client/account_data.py +319 -0
  358. synapse/rest/client/account_validity.py +103 -0
  359. synapse/rest/client/appservice_ping.py +125 -0
  360. synapse/rest/client/auth.py +218 -0
  361. synapse/rest/client/auth_metadata.py +122 -0
  362. synapse/rest/client/capabilities.py +121 -0
  363. synapse/rest/client/delayed_events.py +111 -0
  364. synapse/rest/client/devices.py +587 -0
  365. synapse/rest/client/directory.py +211 -0
  366. synapse/rest/client/events.py +116 -0
  367. synapse/rest/client/filter.py +112 -0
  368. synapse/rest/client/initial_sync.py +65 -0
  369. synapse/rest/client/keys.py +678 -0
  370. synapse/rest/client/knock.py +104 -0
  371. synapse/rest/client/login.py +754 -0
  372. synapse/rest/client/login_token_request.py +127 -0
  373. synapse/rest/client/logout.py +93 -0
  374. synapse/rest/client/matrixrtc.py +52 -0
  375. synapse/rest/client/media.py +286 -0
  376. synapse/rest/client/mutual_rooms.py +93 -0
  377. synapse/rest/client/notifications.py +137 -0
  378. synapse/rest/client/openid.py +109 -0
  379. synapse/rest/client/password_policy.py +69 -0
  380. synapse/rest/client/presence.py +131 -0
  381. synapse/rest/client/profile.py +291 -0
  382. synapse/rest/client/push_rule.py +331 -0
  383. synapse/rest/client/pusher.py +181 -0
  384. synapse/rest/client/read_marker.py +104 -0
  385. synapse/rest/client/receipts.py +165 -0
  386. synapse/rest/client/register.py +1067 -0
  387. synapse/rest/client/relations.py +138 -0
  388. synapse/rest/client/rendezvous.py +76 -0
  389. synapse/rest/client/reporting.py +207 -0
  390. synapse/rest/client/room.py +1669 -0
  391. synapse/rest/client/room_keys.py +426 -0
  392. synapse/rest/client/room_upgrade_rest_servlet.py +112 -0
  393. synapse/rest/client/sendtodevice.py +85 -0
  394. synapse/rest/client/sync.py +1131 -0
  395. synapse/rest/client/tags.py +129 -0
  396. synapse/rest/client/thirdparty.py +130 -0
  397. synapse/rest/client/thread_subscriptions.py +247 -0
  398. synapse/rest/client/tokenrefresh.py +52 -0
  399. synapse/rest/client/transactions.py +149 -0
  400. synapse/rest/client/user_directory.py +90 -0
  401. synapse/rest/client/versions.py +191 -0
  402. synapse/rest/client/voip.py +88 -0
  403. synapse/rest/consent/__init__.py +0 -0
  404. synapse/rest/consent/consent_resource.py +210 -0
  405. synapse/rest/health.py +38 -0
  406. synapse/rest/key/__init__.py +20 -0
  407. synapse/rest/key/v2/__init__.py +40 -0
  408. synapse/rest/key/v2/local_key_resource.py +125 -0
  409. synapse/rest/key/v2/remote_key_resource.py +302 -0
  410. synapse/rest/media/__init__.py +0 -0
  411. synapse/rest/media/config_resource.py +53 -0
  412. synapse/rest/media/create_resource.py +90 -0
  413. synapse/rest/media/download_resource.py +110 -0
  414. synapse/rest/media/media_repository_resource.py +113 -0
  415. synapse/rest/media/preview_url_resource.py +77 -0
  416. synapse/rest/media/thumbnail_resource.py +142 -0
  417. synapse/rest/media/upload_resource.py +187 -0
  418. synapse/rest/media/v1/__init__.py +39 -0
  419. synapse/rest/media/v1/_base.py +23 -0
  420. synapse/rest/media/v1/media_storage.py +23 -0
  421. synapse/rest/media/v1/storage_provider.py +23 -0
  422. synapse/rest/synapse/__init__.py +20 -0
  423. synapse/rest/synapse/client/__init__.py +93 -0
  424. synapse/rest/synapse/client/federation_whitelist.py +66 -0
  425. synapse/rest/synapse/client/jwks.py +77 -0
  426. synapse/rest/synapse/client/new_user_consent.py +115 -0
  427. synapse/rest/synapse/client/oidc/__init__.py +45 -0
  428. synapse/rest/synapse/client/oidc/backchannel_logout_resource.py +42 -0
  429. synapse/rest/synapse/client/oidc/callback_resource.py +48 -0
  430. synapse/rest/synapse/client/password_reset.py +129 -0
  431. synapse/rest/synapse/client/pick_idp.py +107 -0
  432. synapse/rest/synapse/client/pick_username.py +153 -0
  433. synapse/rest/synapse/client/rendezvous.py +58 -0
  434. synapse/rest/synapse/client/saml2/__init__.py +42 -0
  435. synapse/rest/synapse/client/saml2/metadata_resource.py +46 -0
  436. synapse/rest/synapse/client/saml2/response_resource.py +52 -0
  437. synapse/rest/synapse/client/sso_register.py +56 -0
  438. synapse/rest/synapse/client/unsubscribe.py +88 -0
  439. synapse/rest/synapse/mas/__init__.py +71 -0
  440. synapse/rest/synapse/mas/_base.py +55 -0
  441. synapse/rest/synapse/mas/devices.py +239 -0
  442. synapse/rest/synapse/mas/users.py +469 -0
  443. synapse/rest/well_known.py +148 -0
  444. synapse/server.py +1258 -0
  445. synapse/server_notices/__init__.py +0 -0
  446. synapse/server_notices/consent_server_notices.py +136 -0
  447. synapse/server_notices/resource_limits_server_notices.py +215 -0
  448. synapse/server_notices/server_notices_manager.py +388 -0
  449. synapse/server_notices/server_notices_sender.py +67 -0
  450. synapse/server_notices/worker_server_notices_sender.py +46 -0
  451. synapse/spam_checker_api/__init__.py +31 -0
  452. synapse/state/__init__.py +1022 -0
  453. synapse/state/v1.py +370 -0
  454. synapse/state/v2.py +985 -0
  455. synapse/static/client/login/index.html +47 -0
  456. synapse/static/client/login/js/jquery-3.4.1.min.js +2 -0
  457. synapse/static/client/login/js/login.js +291 -0
  458. synapse/static/client/login/spinner.gif +0 -0
  459. synapse/static/client/login/style.css +79 -0
  460. synapse/static/index.html +63 -0
  461. synapse/storage/__init__.py +43 -0
  462. synapse/storage/_base.py +245 -0
  463. synapse/storage/admin_client_config.py +26 -0
  464. synapse/storage/background_updates.py +1189 -0
  465. synapse/storage/controllers/__init__.py +57 -0
  466. synapse/storage/controllers/persist_events.py +1239 -0
  467. synapse/storage/controllers/purge_events.py +456 -0
  468. synapse/storage/controllers/state.py +954 -0
  469. synapse/storage/controllers/stats.py +119 -0
  470. synapse/storage/database.py +2720 -0
  471. synapse/storage/databases/__init__.py +175 -0
  472. synapse/storage/databases/main/__init__.py +424 -0
  473. synapse/storage/databases/main/account_data.py +1060 -0
  474. synapse/storage/databases/main/appservice.py +473 -0
  475. synapse/storage/databases/main/cache.py +911 -0
  476. synapse/storage/databases/main/censor_events.py +225 -0
  477. synapse/storage/databases/main/client_ips.py +817 -0
  478. synapse/storage/databases/main/delayed_events.py +560 -0
  479. synapse/storage/databases/main/deviceinbox.py +1272 -0
  480. synapse/storage/databases/main/devices.py +2581 -0
  481. synapse/storage/databases/main/directory.py +212 -0
  482. synapse/storage/databases/main/e2e_room_keys.py +690 -0
  483. synapse/storage/databases/main/end_to_end_keys.py +1896 -0
  484. synapse/storage/databases/main/event_federation.py +2509 -0
  485. synapse/storage/databases/main/event_push_actions.py +1937 -0
  486. synapse/storage/databases/main/events.py +3746 -0
  487. synapse/storage/databases/main/events_bg_updates.py +2910 -0
  488. synapse/storage/databases/main/events_forward_extremities.py +126 -0
  489. synapse/storage/databases/main/events_worker.py +2784 -0
  490. synapse/storage/databases/main/experimental_features.py +130 -0
  491. synapse/storage/databases/main/filtering.py +231 -0
  492. synapse/storage/databases/main/keys.py +291 -0
  493. synapse/storage/databases/main/lock.py +553 -0
  494. synapse/storage/databases/main/media_repository.py +1070 -0
  495. synapse/storage/databases/main/metrics.py +460 -0
  496. synapse/storage/databases/main/monthly_active_users.py +443 -0
  497. synapse/storage/databases/main/openid.py +61 -0
  498. synapse/storage/databases/main/presence.py +511 -0
  499. synapse/storage/databases/main/profile.py +541 -0
  500. synapse/storage/databases/main/purge_events.py +511 -0
  501. synapse/storage/databases/main/push_rule.py +972 -0
  502. synapse/storage/databases/main/pusher.py +794 -0
  503. synapse/storage/databases/main/receipts.py +1342 -0
  504. synapse/storage/databases/main/registration.py +3076 -0
  505. synapse/storage/databases/main/rejections.py +38 -0
  506. synapse/storage/databases/main/relations.py +1118 -0
  507. synapse/storage/databases/main/room.py +2781 -0
  508. synapse/storage/databases/main/roommember.py +2112 -0
  509. synapse/storage/databases/main/search.py +941 -0
  510. synapse/storage/databases/main/session.py +151 -0
  511. synapse/storage/databases/main/signatures.py +94 -0
  512. synapse/storage/databases/main/sliding_sync.py +603 -0
  513. synapse/storage/databases/main/state.py +1006 -0
  514. synapse/storage/databases/main/state_deltas.py +329 -0
  515. synapse/storage/databases/main/stats.py +791 -0
  516. synapse/storage/databases/main/stream.py +2580 -0
  517. synapse/storage/databases/main/tags.py +360 -0
  518. synapse/storage/databases/main/task_scheduler.py +225 -0
  519. synapse/storage/databases/main/thread_subscriptions.py +591 -0
  520. synapse/storage/databases/main/transactions.py +681 -0
  521. synapse/storage/databases/main/ui_auth.py +420 -0
  522. synapse/storage/databases/main/user_directory.py +1331 -0
  523. synapse/storage/databases/main/user_erasure_store.py +117 -0
  524. synapse/storage/databases/state/__init__.py +22 -0
  525. synapse/storage/databases/state/bg_updates.py +499 -0
  526. synapse/storage/databases/state/deletion.py +558 -0
  527. synapse/storage/databases/state/store.py +949 -0
  528. synapse/storage/engines/__init__.py +70 -0
  529. synapse/storage/engines/_base.py +154 -0
  530. synapse/storage/engines/postgres.py +261 -0
  531. synapse/storage/engines/sqlite.py +199 -0
  532. synapse/storage/invite_rule.py +112 -0
  533. synapse/storage/keys.py +40 -0
  534. synapse/storage/prepare_database.py +731 -0
  535. synapse/storage/push_rule.py +28 -0
  536. synapse/storage/roommember.py +89 -0
  537. synapse/storage/schema/README.md +4 -0
  538. synapse/storage/schema/__init__.py +182 -0
  539. synapse/storage/schema/common/delta/25/00background_updates.sql +40 -0
  540. synapse/storage/schema/common/delta/35/00background_updates_add_col.sql +36 -0
  541. synapse/storage/schema/common/delta/58/00background_update_ordering.sql +38 -0
  542. synapse/storage/schema/common/full_schemas/72/full.sql.postgres +8 -0
  543. synapse/storage/schema/common/full_schemas/72/full.sql.sqlite +6 -0
  544. synapse/storage/schema/common/schema_version.sql +60 -0
  545. synapse/storage/schema/main/delta/12/v12.sql +82 -0
  546. synapse/storage/schema/main/delta/13/v13.sql +38 -0
  547. synapse/storage/schema/main/delta/14/v14.sql +42 -0
  548. synapse/storage/schema/main/delta/15/appservice_txns.sql +50 -0
  549. synapse/storage/schema/main/delta/15/presence_indices.sql +2 -0
  550. synapse/storage/schema/main/delta/15/v15.sql +24 -0
  551. synapse/storage/schema/main/delta/16/events_order_index.sql +4 -0
  552. synapse/storage/schema/main/delta/16/remote_media_cache_index.sql +2 -0
  553. synapse/storage/schema/main/delta/16/remove_duplicates.sql +9 -0
  554. synapse/storage/schema/main/delta/16/room_alias_index.sql +3 -0
  555. synapse/storage/schema/main/delta/16/unique_constraints.sql +72 -0
  556. synapse/storage/schema/main/delta/16/users.sql +56 -0
  557. synapse/storage/schema/main/delta/17/drop_indexes.sql +37 -0
  558. synapse/storage/schema/main/delta/17/server_keys.sql +43 -0
  559. synapse/storage/schema/main/delta/17/user_threepids.sql +9 -0
  560. synapse/storage/schema/main/delta/18/server_keys_bigger_ints.sql +51 -0
  561. synapse/storage/schema/main/delta/19/event_index.sql +38 -0
  562. synapse/storage/schema/main/delta/20/dummy.sql +1 -0
  563. synapse/storage/schema/main/delta/20/pushers.py +93 -0
  564. synapse/storage/schema/main/delta/21/end_to_end_keys.sql +53 -0
  565. synapse/storage/schema/main/delta/21/receipts.sql +57 -0
  566. synapse/storage/schema/main/delta/22/receipts_index.sql +41 -0
  567. synapse/storage/schema/main/delta/22/user_threepids_unique.sql +19 -0
  568. synapse/storage/schema/main/delta/24/stats_reporting.sql +37 -0
  569. synapse/storage/schema/main/delta/25/fts.py +81 -0
  570. synapse/storage/schema/main/delta/25/guest_access.sql +44 -0
  571. synapse/storage/schema/main/delta/25/history_visibility.sql +44 -0
  572. synapse/storage/schema/main/delta/25/tags.sql +57 -0
  573. synapse/storage/schema/main/delta/26/account_data.sql +36 -0
  574. synapse/storage/schema/main/delta/27/account_data.sql +55 -0
  575. synapse/storage/schema/main/delta/27/forgotten_memberships.sql +45 -0
  576. synapse/storage/schema/main/delta/27/ts.py +61 -0
  577. synapse/storage/schema/main/delta/28/event_push_actions.sql +46 -0
  578. synapse/storage/schema/main/delta/28/events_room_stream.sql +39 -0
  579. synapse/storage/schema/main/delta/28/public_roms_index.sql +39 -0
  580. synapse/storage/schema/main/delta/28/receipts_user_id_index.sql +41 -0
  581. synapse/storage/schema/main/delta/28/upgrade_times.sql +40 -0
  582. synapse/storage/schema/main/delta/28/users_is_guest.sql +41 -0
  583. synapse/storage/schema/main/delta/29/push_actions.sql +54 -0
  584. synapse/storage/schema/main/delta/30/alias_creator.sql +35 -0
  585. synapse/storage/schema/main/delta/30/as_users.py +82 -0
  586. synapse/storage/schema/main/delta/30/deleted_pushers.sql +44 -0
  587. synapse/storage/schema/main/delta/30/presence_stream.sql +49 -0
  588. synapse/storage/schema/main/delta/30/public_rooms.sql +42 -0
  589. synapse/storage/schema/main/delta/30/push_rule_stream.sql +57 -0
  590. synapse/storage/schema/main/delta/30/threepid_guest_access_tokens.sql +43 -0
  591. synapse/storage/schema/main/delta/31/invites.sql +61 -0
  592. synapse/storage/schema/main/delta/31/local_media_repository_url_cache.sql +46 -0
  593. synapse/storage/schema/main/delta/31/pushers_0.py +92 -0
  594. synapse/storage/schema/main/delta/31/pushers_index.sql +41 -0
  595. synapse/storage/schema/main/delta/31/search_update.py +65 -0
  596. synapse/storage/schema/main/delta/32/events.sql +35 -0
  597. synapse/storage/schema/main/delta/32/openid.sql +9 -0
  598. synapse/storage/schema/main/delta/32/pusher_throttle.sql +42 -0
  599. synapse/storage/schema/main/delta/32/remove_indices.sql +52 -0
  600. synapse/storage/schema/main/delta/32/reports.sql +44 -0
  601. synapse/storage/schema/main/delta/33/access_tokens_device_index.sql +36 -0
  602. synapse/storage/schema/main/delta/33/devices.sql +40 -0
  603. synapse/storage/schema/main/delta/33/devices_for_e2e_keys.sql +38 -0
  604. synapse/storage/schema/main/delta/33/devices_for_e2e_keys_clear_unknown_device.sql +39 -0
  605. synapse/storage/schema/main/delta/33/event_fields.py +61 -0
  606. synapse/storage/schema/main/delta/33/remote_media_ts.py +43 -0
  607. synapse/storage/schema/main/delta/33/user_ips_index.sql +36 -0
  608. synapse/storage/schema/main/delta/34/appservice_stream.sql +42 -0
  609. synapse/storage/schema/main/delta/34/cache_stream.py +50 -0
  610. synapse/storage/schema/main/delta/34/device_inbox.sql +43 -0
  611. synapse/storage/schema/main/delta/34/push_display_name_rename.sql +39 -0
  612. synapse/storage/schema/main/delta/34/received_txn_purge.py +36 -0
  613. synapse/storage/schema/main/delta/35/contains_url.sql +36 -0
  614. synapse/storage/schema/main/delta/35/device_outbox.sql +58 -0
  615. synapse/storage/schema/main/delta/35/device_stream_id.sql +40 -0
  616. synapse/storage/schema/main/delta/35/event_push_actions_index.sql +36 -0
  617. synapse/storage/schema/main/delta/35/public_room_list_change_stream.sql +52 -0
  618. synapse/storage/schema/main/delta/35/stream_order_to_extrem.sql +56 -0
  619. synapse/storage/schema/main/delta/36/readd_public_rooms.sql +45 -0
  620. synapse/storage/schema/main/delta/37/remove_auth_idx.py +89 -0
  621. synapse/storage/schema/main/delta/37/user_threepids.sql +71 -0
  622. synapse/storage/schema/main/delta/38/postgres_fts_gist.sql +38 -0
  623. synapse/storage/schema/main/delta/39/appservice_room_list.sql +48 -0
  624. synapse/storage/schema/main/delta/39/device_federation_stream_idx.sql +35 -0
  625. synapse/storage/schema/main/delta/39/event_push_index.sql +36 -0
  626. synapse/storage/schema/main/delta/39/federation_out_position.sql +41 -0
  627. synapse/storage/schema/main/delta/39/membership_profile.sql +39 -0
  628. synapse/storage/schema/main/delta/40/current_state_idx.sql +36 -0
  629. synapse/storage/schema/main/delta/40/device_inbox.sql +40 -0
  630. synapse/storage/schema/main/delta/40/device_list_streams.sql +79 -0
  631. synapse/storage/schema/main/delta/40/event_push_summary.sql +57 -0
  632. synapse/storage/schema/main/delta/40/pushers.sql +58 -0
  633. synapse/storage/schema/main/delta/41/device_list_stream_idx.sql +36 -0
  634. synapse/storage/schema/main/delta/41/device_outbound_index.sql +35 -0
  635. synapse/storage/schema/main/delta/41/event_search_event_id_idx.sql +36 -0
  636. synapse/storage/schema/main/delta/41/ratelimit.sql +41 -0
  637. synapse/storage/schema/main/delta/42/current_state_delta.sql +48 -0
  638. synapse/storage/schema/main/delta/42/device_list_last_id.sql +52 -0
  639. synapse/storage/schema/main/delta/42/event_auth_state_only.sql +36 -0
  640. synapse/storage/schema/main/delta/42/user_dir.py +88 -0
  641. synapse/storage/schema/main/delta/43/blocked_rooms.sql +40 -0
  642. synapse/storage/schema/main/delta/43/quarantine_media.sql +36 -0
  643. synapse/storage/schema/main/delta/43/url_cache.sql +35 -0
  644. synapse/storage/schema/main/delta/43/user_share.sql +52 -0
  645. synapse/storage/schema/main/delta/44/expire_url_cache.sql +60 -0
  646. synapse/storage/schema/main/delta/45/group_server.sql +186 -0
  647. synapse/storage/schema/main/delta/45/profile_cache.sql +47 -0
  648. synapse/storage/schema/main/delta/46/drop_refresh_tokens.sql +36 -0
  649. synapse/storage/schema/main/delta/46/drop_unique_deleted_pushers.sql +54 -0
  650. synapse/storage/schema/main/delta/46/group_server.sql +51 -0
  651. synapse/storage/schema/main/delta/46/local_media_repository_url_idx.sql +43 -0
  652. synapse/storage/schema/main/delta/46/user_dir_null_room_ids.sql +54 -0
  653. synapse/storage/schema/main/delta/46/user_dir_typos.sql +43 -0
  654. synapse/storage/schema/main/delta/47/last_access_media.sql +35 -0
  655. synapse/storage/schema/main/delta/47/postgres_fts_gin.sql +36 -0
  656. synapse/storage/schema/main/delta/47/push_actions_staging.sql +47 -0
  657. synapse/storage/schema/main/delta/48/add_user_consent.sql +37 -0
  658. synapse/storage/schema/main/delta/48/add_user_ips_last_seen_index.sql +36 -0
  659. synapse/storage/schema/main/delta/48/deactivated_users.sql +44 -0
  660. synapse/storage/schema/main/delta/48/group_unique_indexes.py +67 -0
  661. synapse/storage/schema/main/delta/48/groups_joinable.sql +41 -0
  662. synapse/storage/schema/main/delta/49/add_user_consent_server_notice_sent.sql +39 -0
  663. synapse/storage/schema/main/delta/49/add_user_daily_visits.sql +40 -0
  664. synapse/storage/schema/main/delta/49/add_user_ips_last_seen_only_index.sql +36 -0
  665. synapse/storage/schema/main/delta/50/add_creation_ts_users_index.sql +38 -0
  666. synapse/storage/schema/main/delta/50/erasure_store.sql +40 -0
  667. synapse/storage/schema/main/delta/50/make_event_content_nullable.py +102 -0
  668. synapse/storage/schema/main/delta/51/e2e_room_keys.sql +58 -0
  669. synapse/storage/schema/main/delta/51/monthly_active_users.sql +46 -0
  670. synapse/storage/schema/main/delta/52/add_event_to_state_group_index.sql +38 -0
  671. synapse/storage/schema/main/delta/52/device_list_streams_unique_idx.sql +55 -0
  672. synapse/storage/schema/main/delta/52/e2e_room_keys.sql +72 -0
  673. synapse/storage/schema/main/delta/53/add_user_type_to_users.sql +38 -0
  674. synapse/storage/schema/main/delta/53/drop_sent_transactions.sql +35 -0
  675. synapse/storage/schema/main/delta/53/event_format_version.sql +35 -0
  676. synapse/storage/schema/main/delta/53/user_dir_populate.sql +49 -0
  677. synapse/storage/schema/main/delta/53/user_ips_index.sql +49 -0
  678. synapse/storage/schema/main/delta/53/user_share.sql +63 -0
  679. synapse/storage/schema/main/delta/53/user_threepid_id.sql +48 -0
  680. synapse/storage/schema/main/delta/53/users_in_public_rooms.sql +47 -0
  681. synapse/storage/schema/main/delta/54/account_validity_with_renewal.sql +49 -0
  682. synapse/storage/schema/main/delta/54/add_validity_to_server_keys.sql +42 -0
  683. synapse/storage/schema/main/delta/54/delete_forward_extremities.sql +42 -0
  684. synapse/storage/schema/main/delta/54/drop_legacy_tables.sql +49 -0
  685. synapse/storage/schema/main/delta/54/drop_presence_list.sql +35 -0
  686. synapse/storage/schema/main/delta/54/relations.sql +46 -0
  687. synapse/storage/schema/main/delta/54/stats.sql +99 -0
  688. synapse/storage/schema/main/delta/54/stats2.sql +47 -0
  689. synapse/storage/schema/main/delta/55/access_token_expiry.sql +37 -0
  690. synapse/storage/schema/main/delta/55/track_threepid_validations.sql +50 -0
  691. synapse/storage/schema/main/delta/55/users_alter_deactivated.sql +38 -0
  692. synapse/storage/schema/main/delta/56/add_spans_to_device_lists.sql +39 -0
  693. synapse/storage/schema/main/delta/56/current_state_events_membership.sql +41 -0
  694. synapse/storage/schema/main/delta/56/current_state_events_membership_mk2.sql +43 -0
  695. synapse/storage/schema/main/delta/56/delete_keys_from_deleted_backups.sql +44 -0
  696. synapse/storage/schema/main/delta/56/destinations_failure_ts.sql +44 -0
  697. synapse/storage/schema/main/delta/56/destinations_retry_interval_type.sql.postgres +18 -0
  698. synapse/storage/schema/main/delta/56/device_stream_id_insert.sql +39 -0
  699. synapse/storage/schema/main/delta/56/devices_last_seen.sql +43 -0
  700. synapse/storage/schema/main/delta/56/drop_unused_event_tables.sql +39 -0
  701. synapse/storage/schema/main/delta/56/event_expiry.sql +40 -0
  702. synapse/storage/schema/main/delta/56/event_labels.sql +49 -0
  703. synapse/storage/schema/main/delta/56/event_labels_background_update.sql +36 -0
  704. synapse/storage/schema/main/delta/56/fix_room_keys_index.sql +37 -0
  705. synapse/storage/schema/main/delta/56/hidden_devices.sql +37 -0
  706. synapse/storage/schema/main/delta/56/hidden_devices_fix.sql.sqlite +42 -0
  707. synapse/storage/schema/main/delta/56/nuke_empty_communities_from_db.sql +48 -0
  708. synapse/storage/schema/main/delta/56/public_room_list_idx.sql +35 -0
  709. synapse/storage/schema/main/delta/56/redaction_censor.sql +35 -0
  710. synapse/storage/schema/main/delta/56/redaction_censor2.sql +41 -0
  711. synapse/storage/schema/main/delta/56/redaction_censor3_fix_update.sql.postgres +25 -0
  712. synapse/storage/schema/main/delta/56/redaction_censor4.sql +35 -0
  713. synapse/storage/schema/main/delta/56/remove_tombstoned_rooms_from_directory.sql +38 -0
  714. synapse/storage/schema/main/delta/56/room_key_etag.sql +36 -0
  715. synapse/storage/schema/main/delta/56/room_membership_idx.sql +37 -0
  716. synapse/storage/schema/main/delta/56/room_retention.sql +52 -0
  717. synapse/storage/schema/main/delta/56/signing_keys.sql +75 -0
  718. synapse/storage/schema/main/delta/56/signing_keys_nonunique_signatures.sql +41 -0
  719. synapse/storage/schema/main/delta/56/stats_separated.sql +175 -0
  720. synapse/storage/schema/main/delta/56/unique_user_filter_index.py +46 -0
  721. synapse/storage/schema/main/delta/56/user_external_ids.sql +43 -0
  722. synapse/storage/schema/main/delta/56/users_in_public_rooms_idx.sql +36 -0
  723. synapse/storage/schema/main/delta/57/delete_old_current_state_events.sql +41 -0
  724. synapse/storage/schema/main/delta/57/device_list_remote_cache_stale.sql +44 -0
  725. synapse/storage/schema/main/delta/57/local_current_membership.py +111 -0
  726. synapse/storage/schema/main/delta/57/remove_sent_outbound_pokes.sql +40 -0
  727. synapse/storage/schema/main/delta/57/rooms_version_column.sql +43 -0
  728. synapse/storage/schema/main/delta/57/rooms_version_column_2.sql.postgres +35 -0
  729. synapse/storage/schema/main/delta/57/rooms_version_column_2.sql.sqlite +22 -0
  730. synapse/storage/schema/main/delta/57/rooms_version_column_3.sql.postgres +39 -0
  731. synapse/storage/schema/main/delta/57/rooms_version_column_3.sql.sqlite +23 -0
  732. synapse/storage/schema/main/delta/58/02remove_dup_outbound_pokes.sql +41 -0
  733. synapse/storage/schema/main/delta/58/03persist_ui_auth.sql +55 -0
  734. synapse/storage/schema/main/delta/58/05cache_instance.sql.postgres +30 -0
  735. synapse/storage/schema/main/delta/58/06dlols_unique_idx.py +83 -0
  736. synapse/storage/schema/main/delta/58/07add_method_to_thumbnail_constraint.sql.postgres +33 -0
  737. synapse/storage/schema/main/delta/58/07add_method_to_thumbnail_constraint.sql.sqlite +44 -0
  738. synapse/storage/schema/main/delta/58/07persist_ui_auth_ips.sql +44 -0
  739. synapse/storage/schema/main/delta/58/08_media_safe_from_quarantine.sql.postgres +18 -0
  740. synapse/storage/schema/main/delta/58/08_media_safe_from_quarantine.sql.sqlite +18 -0
  741. synapse/storage/schema/main/delta/58/09shadow_ban.sql +37 -0
  742. synapse/storage/schema/main/delta/58/10_pushrules_enabled_delete_obsolete.sql +47 -0
  743. synapse/storage/schema/main/delta/58/10drop_local_rejections_stream.sql +41 -0
  744. synapse/storage/schema/main/delta/58/10federation_pos_instance_name.sql +41 -0
  745. synapse/storage/schema/main/delta/58/11dehydration.sql +39 -0
  746. synapse/storage/schema/main/delta/58/11fallback.sql +43 -0
  747. synapse/storage/schema/main/delta/58/11user_id_seq.py +38 -0
  748. synapse/storage/schema/main/delta/58/12room_stats.sql +51 -0
  749. synapse/storage/schema/main/delta/58/13remove_presence_allow_inbound.sql +36 -0
  750. synapse/storage/schema/main/delta/58/14events_instance_name.sql +35 -0
  751. synapse/storage/schema/main/delta/58/14events_instance_name.sql.postgres +28 -0
  752. synapse/storage/schema/main/delta/58/15_catchup_destination_rooms.sql +61 -0
  753. synapse/storage/schema/main/delta/58/15unread_count.sql +45 -0
  754. synapse/storage/schema/main/delta/58/16populate_stats_process_rooms_fix.sql +41 -0
  755. synapse/storage/schema/main/delta/58/17_catchup_last_successful.sql +40 -0
  756. synapse/storage/schema/main/delta/58/18stream_positions.sql +41 -0
  757. synapse/storage/schema/main/delta/58/19instance_map.sql.postgres +25 -0
  758. synapse/storage/schema/main/delta/58/19txn_id.sql +59 -0
  759. synapse/storage/schema/main/delta/58/20instance_name_event_tables.sql +36 -0
  760. synapse/storage/schema/main/delta/58/20user_daily_visits.sql +37 -0
  761. synapse/storage/schema/main/delta/58/21as_device_stream.sql +36 -0
  762. synapse/storage/schema/main/delta/58/21drop_device_max_stream_id.sql +1 -0
  763. synapse/storage/schema/main/delta/58/22puppet_token.sql +36 -0
  764. synapse/storage/schema/main/delta/58/22users_have_local_media.sql +2 -0
  765. synapse/storage/schema/main/delta/58/23e2e_cross_signing_keys_idx.sql +36 -0
  766. synapse/storage/schema/main/delta/58/24drop_event_json_index.sql +38 -0
  767. synapse/storage/schema/main/delta/58/25user_external_ids_user_id_idx.sql +36 -0
  768. synapse/storage/schema/main/delta/58/26access_token_last_validated.sql +37 -0
  769. synapse/storage/schema/main/delta/58/27local_invites.sql +37 -0
  770. synapse/storage/schema/main/delta/58/28drop_last_used_column.sql.postgres +16 -0
  771. synapse/storage/schema/main/delta/58/28drop_last_used_column.sql.sqlite +62 -0
  772. synapse/storage/schema/main/delta/59/01ignored_user.py +85 -0
  773. synapse/storage/schema/main/delta/59/02shard_send_to_device.sql +37 -0
  774. synapse/storage/schema/main/delta/59/03shard_send_to_device_sequence.sql.postgres +25 -0
  775. synapse/storage/schema/main/delta/59/04_event_auth_chains.sql +71 -0
  776. synapse/storage/schema/main/delta/59/04_event_auth_chains.sql.postgres +16 -0
  777. synapse/storage/schema/main/delta/59/04drop_account_data.sql +36 -0
  778. synapse/storage/schema/main/delta/59/05cache_invalidation.sql +36 -0
  779. synapse/storage/schema/main/delta/59/06chain_cover_index.sql +36 -0
  780. synapse/storage/schema/main/delta/59/06shard_account_data.sql +39 -0
  781. synapse/storage/schema/main/delta/59/06shard_account_data.sql.postgres +32 -0
  782. synapse/storage/schema/main/delta/59/07shard_account_data_fix.sql +37 -0
  783. synapse/storage/schema/main/delta/59/08delete_pushers_for_deactivated_accounts.sql +39 -0
  784. synapse/storage/schema/main/delta/59/08delete_stale_pushers.sql +39 -0
  785. synapse/storage/schema/main/delta/59/09rejected_events_metadata.sql +45 -0
  786. synapse/storage/schema/main/delta/59/10delete_purged_chain_cover.sql +36 -0
  787. synapse/storage/schema/main/delta/59/11add_knock_members_to_stats.sql +39 -0
  788. synapse/storage/schema/main/delta/59/11drop_thumbnail_constraint.sql.postgres +22 -0
  789. synapse/storage/schema/main/delta/59/12account_validity_token_used_ts_ms.sql +37 -0
  790. synapse/storage/schema/main/delta/59/12presence_stream_instance.sql +37 -0
  791. synapse/storage/schema/main/delta/59/12presence_stream_instance_seq.sql.postgres +20 -0
  792. synapse/storage/schema/main/delta/59/13users_to_send_full_presence_to.sql +53 -0
  793. synapse/storage/schema/main/delta/59/14refresh_tokens.sql +53 -0
  794. synapse/storage/schema/main/delta/59/15locks.sql +56 -0
  795. synapse/storage/schema/main/delta/59/16federation_inbound_staging.sql +51 -0
  796. synapse/storage/schema/main/delta/60/01recreate_stream_ordering.sql.postgres +45 -0
  797. synapse/storage/schema/main/delta/60/02change_stream_ordering_columns.sql.postgres +30 -0
  798. synapse/storage/schema/main/delta/61/01change_appservices_txns.sql.postgres +23 -0
  799. synapse/storage/schema/main/delta/61/01insertion_event_lookups.sql +68 -0
  800. synapse/storage/schema/main/delta/61/02drop_redundant_room_depth_index.sql +37 -0
  801. synapse/storage/schema/main/delta/61/03recreate_min_depth.py +74 -0
  802. synapse/storage/schema/main/delta/62/01insertion_event_extremities.sql +43 -0
  803. synapse/storage/schema/main/delta/63/01create_registration_tokens.sql +42 -0
  804. synapse/storage/schema/main/delta/63/02delete_unlinked_email_pushers.sql +39 -0
  805. synapse/storage/schema/main/delta/63/02populate-rooms-creator.sql +36 -0
  806. synapse/storage/schema/main/delta/63/03session_store.sql +42 -0
  807. synapse/storage/schema/main/delta/63/04add_presence_stream_not_offline_index.sql +37 -0
  808. synapse/storage/schema/main/delta/64/01msc2716_chunk_to_batch_rename.sql.postgres +23 -0
  809. synapse/storage/schema/main/delta/64/01msc2716_chunk_to_batch_rename.sql.sqlite +37 -0
  810. synapse/storage/schema/main/delta/65/01msc2716_insertion_event_edges.sql +38 -0
  811. synapse/storage/schema/main/delta/65/03remove_hidden_devices_from_device_inbox.sql +41 -0
  812. synapse/storage/schema/main/delta/65/04_local_group_updates.sql +37 -0
  813. synapse/storage/schema/main/delta/65/05_remove_room_stats_historical_and_user_stats_historical.sql +38 -0
  814. synapse/storage/schema/main/delta/65/06remove_deleted_devices_from_device_inbox.sql +53 -0
  815. synapse/storage/schema/main/delta/65/07_arbitrary_relations.sql +37 -0
  816. synapse/storage/schema/main/delta/65/08_device_inbox_background_updates.sql +37 -0
  817. synapse/storage/schema/main/delta/65/10_expirable_refresh_tokens.sql +47 -0
  818. synapse/storage/schema/main/delta/65/11_devices_auth_provider_session.sql +46 -0
  819. synapse/storage/schema/main/delta/67/01drop_public_room_list_stream.sql +37 -0
  820. synapse/storage/schema/main/delta/68/01event_columns.sql +45 -0
  821. synapse/storage/schema/main/delta/68/02_msc2409_add_device_id_appservice_stream_type.sql +40 -0
  822. synapse/storage/schema/main/delta/68/03_delete_account_data_for_deactivated_accounts.sql +39 -0
  823. synapse/storage/schema/main/delta/68/04_refresh_tokens_index_next_token_id.sql +47 -0
  824. synapse/storage/schema/main/delta/68/04partial_state_rooms.sql +60 -0
  825. synapse/storage/schema/main/delta/68/05_delete_non_strings_from_event_search.sql.sqlite +22 -0
  826. synapse/storage/schema/main/delta/68/05partial_state_rooms_triggers.py +80 -0
  827. synapse/storage/schema/main/delta/68/06_msc3202_add_device_list_appservice_stream_type.sql +42 -0
  828. synapse/storage/schema/main/delta/69/01as_txn_seq.py +54 -0
  829. synapse/storage/schema/main/delta/69/01device_list_oubound_by_room.sql +57 -0
  830. synapse/storage/schema/main/delta/69/02cache_invalidation_index.sql +37 -0
  831. synapse/storage/schema/main/delta/70/01clean_table_purged_rooms.sql +39 -0
  832. synapse/storage/schema/main/delta/71/01rebuild_event_edges.sql.postgres +43 -0
  833. synapse/storage/schema/main/delta/71/01rebuild_event_edges.sql.sqlite +47 -0
  834. synapse/storage/schema/main/delta/71/01remove_noop_background_updates.sql +80 -0
  835. synapse/storage/schema/main/delta/71/02event_push_summary_unique.sql +37 -0
  836. synapse/storage/schema/main/delta/72/01add_room_type_to_state_stats.sql +38 -0
  837. synapse/storage/schema/main/delta/72/01event_push_summary_receipt.sql +54 -0
  838. synapse/storage/schema/main/delta/72/02event_push_actions_index.sql +38 -0
  839. synapse/storage/schema/main/delta/72/03bg_populate_events_columns.py +57 -0
  840. synapse/storage/schema/main/delta/72/03drop_event_reference_hashes.sql +36 -0
  841. synapse/storage/schema/main/delta/72/03remove_groups.sql +50 -0
  842. synapse/storage/schema/main/delta/72/04drop_column_application_services_state_last_txn.sql.postgres +17 -0
  843. synapse/storage/schema/main/delta/72/04drop_column_application_services_state_last_txn.sql.sqlite +40 -0
  844. synapse/storage/schema/main/delta/72/05receipts_event_stream_ordering.sql +38 -0
  845. synapse/storage/schema/main/delta/72/05remove_unstable_private_read_receipts.sql +38 -0
  846. synapse/storage/schema/main/delta/72/06add_consent_ts_to_users.sql +35 -0
  847. synapse/storage/schema/main/delta/72/06thread_notifications.sql +49 -0
  848. synapse/storage/schema/main/delta/72/07force_update_current_state_events_membership.py +67 -0
  849. synapse/storage/schema/main/delta/72/07thread_receipts.sql.postgres +30 -0
  850. synapse/storage/schema/main/delta/72/07thread_receipts.sql.sqlite +70 -0
  851. synapse/storage/schema/main/delta/72/08begin_cache_invalidation_seq_at_2.sql.postgres +23 -0
  852. synapse/storage/schema/main/delta/72/08thread_receipts.sql +39 -0
  853. synapse/storage/schema/main/delta/72/09partial_indices.sql.sqlite +56 -0
  854. synapse/storage/schema/main/delta/73/01event_failed_pull_attempts.sql +48 -0
  855. synapse/storage/schema/main/delta/73/02add_pusher_enabled.sql +35 -0
  856. synapse/storage/schema/main/delta/73/02room_id_indexes_for_purging.sql +41 -0
  857. synapse/storage/schema/main/delta/73/03pusher_device_id.sql +39 -0
  858. synapse/storage/schema/main/delta/73/03users_approved_column.sql +39 -0
  859. synapse/storage/schema/main/delta/73/04partial_join_details.sql +42 -0
  860. synapse/storage/schema/main/delta/73/04pending_device_list_updates.sql +47 -0
  861. synapse/storage/schema/main/delta/73/05old_push_actions.sql.postgres +22 -0
  862. synapse/storage/schema/main/delta/73/05old_push_actions.sql.sqlite +24 -0
  863. synapse/storage/schema/main/delta/73/06thread_notifications_thread_id_idx.sql +42 -0
  864. synapse/storage/schema/main/delta/73/08thread_receipts_non_null.sql.postgres +23 -0
  865. synapse/storage/schema/main/delta/73/08thread_receipts_non_null.sql.sqlite +76 -0
  866. synapse/storage/schema/main/delta/73/09partial_joined_via_destination.sql +37 -0
  867. synapse/storage/schema/main/delta/73/09threads_table.sql +49 -0
  868. synapse/storage/schema/main/delta/73/10_update_sqlite_fts4_tokenizer.py +71 -0
  869. synapse/storage/schema/main/delta/73/10login_tokens.sql +54 -0
  870. synapse/storage/schema/main/delta/73/11event_search_room_id_n_distinct.sql.postgres +33 -0
  871. synapse/storage/schema/main/delta/73/12refactor_device_list_outbound_pokes.sql +72 -0
  872. synapse/storage/schema/main/delta/73/13add_device_lists_index.sql +39 -0
  873. synapse/storage/schema/main/delta/73/20_un_partial_stated_room_stream.sql +51 -0
  874. synapse/storage/schema/main/delta/73/21_un_partial_stated_room_stream_seq.sql.postgres +20 -0
  875. synapse/storage/schema/main/delta/73/22_rebuild_user_dir_stats.sql +48 -0
  876. synapse/storage/schema/main/delta/73/22_un_partial_stated_event_stream.sql +53 -0
  877. synapse/storage/schema/main/delta/73/23_fix_thread_index.sql +52 -0
  878. synapse/storage/schema/main/delta/73/23_un_partial_stated_room_stream_seq.sql.postgres +20 -0
  879. synapse/storage/schema/main/delta/73/24_events_jump_to_date_index.sql +36 -0
  880. synapse/storage/schema/main/delta/73/25drop_presence.sql +36 -0
  881. synapse/storage/schema/main/delta/74/01_user_directory_stale_remote_users.sql +58 -0
  882. synapse/storage/schema/main/delta/74/02_set_device_id_for_pushers_bg_update.sql +38 -0
  883. synapse/storage/schema/main/delta/74/03_membership_tables_event_stream_ordering.sql.postgres +29 -0
  884. synapse/storage/schema/main/delta/74/03_membership_tables_event_stream_ordering.sql.sqlite +23 -0
  885. synapse/storage/schema/main/delta/74/03_room_membership_index.sql +38 -0
  886. synapse/storage/schema/main/delta/74/04_delete_e2e_backup_keys_for_deactivated_users.sql +36 -0
  887. synapse/storage/schema/main/delta/74/04_membership_tables_event_stream_ordering_triggers.py +87 -0
  888. synapse/storage/schema/main/delta/74/05_events_txn_id_device_id.sql +72 -0
  889. synapse/storage/schema/main/delta/74/90COMMENTS_destinations.sql.postgres +52 -0
  890. synapse/storage/schema/main/delta/76/01_add_profiles_full_user_id_column.sql +39 -0
  891. synapse/storage/schema/main/delta/76/02_add_user_filters_full_user_id_column.sql +39 -0
  892. synapse/storage/schema/main/delta/76/03_per_user_experimental_features.sql +46 -0
  893. synapse/storage/schema/main/delta/76/04_add_room_forgetter.sql +43 -0
  894. synapse/storage/schema/main/delta/77/01_add_profiles_not_valid_check.sql.postgres +16 -0
  895. synapse/storage/schema/main/delta/77/02_add_user_filters_not_valid_check.sql.postgres +16 -0
  896. synapse/storage/schema/main/delta/77/03bg_populate_full_user_id_profiles.sql +35 -0
  897. synapse/storage/schema/main/delta/77/04bg_populate_full_user_id_user_filters.sql +35 -0
  898. synapse/storage/schema/main/delta/77/05thread_notifications_backfill.sql +67 -0
  899. synapse/storage/schema/main/delta/77/06thread_notifications_not_null.sql.sqlite +102 -0
  900. synapse/storage/schema/main/delta/77/06thread_notifications_not_null_event_push_actions.sql.postgres +27 -0
  901. synapse/storage/schema/main/delta/77/06thread_notifications_not_null_event_push_actions_staging.sql.postgres +27 -0
  902. synapse/storage/schema/main/delta/77/06thread_notifications_not_null_event_push_summary.sql.postgres +29 -0
  903. synapse/storage/schema/main/delta/77/14bg_indices_event_stream_ordering.sql +39 -0
  904. synapse/storage/schema/main/delta/78/01_validate_and_update_profiles.py +99 -0
  905. synapse/storage/schema/main/delta/78/02_validate_and_update_user_filters.py +100 -0
  906. synapse/storage/schema/main/delta/78/03_remove_unused_indexes_user_filters.py +72 -0
  907. synapse/storage/schema/main/delta/78/03event_extremities_constraints.py +65 -0
  908. synapse/storage/schema/main/delta/78/04_add_full_user_id_index_user_filters.py +32 -0
  909. synapse/storage/schema/main/delta/79/03_read_write_locks_triggers.sql.postgres +102 -0
  910. synapse/storage/schema/main/delta/79/03_read_write_locks_triggers.sql.sqlite +72 -0
  911. synapse/storage/schema/main/delta/79/04_mitigate_stream_ordering_update_race.py +70 -0
  912. synapse/storage/schema/main/delta/79/05_read_write_locks_triggers.sql.postgres +69 -0
  913. synapse/storage/schema/main/delta/79/05_read_write_locks_triggers.sql.sqlite +65 -0
  914. synapse/storage/schema/main/delta/80/01_users_alter_locked.sql +35 -0
  915. synapse/storage/schema/main/delta/80/02_read_write_locks_unlogged.sql.postgres +30 -0
  916. synapse/storage/schema/main/delta/80/02_scheduled_tasks.sql +47 -0
  917. synapse/storage/schema/main/delta/80/03_read_write_locks_triggers.sql.postgres +37 -0
  918. synapse/storage/schema/main/delta/80/04_read_write_locks_deadlock.sql.postgres +71 -0
  919. synapse/storage/schema/main/delta/82/02_scheduled_tasks_index.sql +35 -0
  920. synapse/storage/schema/main/delta/82/04_add_indices_for_purging_rooms.sql +39 -0
  921. synapse/storage/schema/main/delta/82/05gaps.sql +44 -0
  922. synapse/storage/schema/main/delta/83/01_drop_old_tables.sql +43 -0
  923. synapse/storage/schema/main/delta/83/03_instance_name_receipts.sql.sqlite +17 -0
  924. synapse/storage/schema/main/delta/83/05_cross_signing_key_update_grant.sql +34 -0
  925. synapse/storage/schema/main/delta/83/06_event_push_summary_room.sql +36 -0
  926. synapse/storage/schema/main/delta/84/01_auth_links_stats.sql.postgres +20 -0
  927. synapse/storage/schema/main/delta/84/02_auth_links_index.sql +16 -0
  928. synapse/storage/schema/main/delta/84/03_auth_links_analyze.sql.postgres +16 -0
  929. synapse/storage/schema/main/delta/84/04_access_token_index.sql +15 -0
  930. synapse/storage/schema/main/delta/85/01_add_suspended.sql +14 -0
  931. synapse/storage/schema/main/delta/85/02_add_instance_names.sql +27 -0
  932. synapse/storage/schema/main/delta/85/03_new_sequences.sql.postgres +54 -0
  933. synapse/storage/schema/main/delta/85/04_cleanup_device_federation_outbox.sql +15 -0
  934. synapse/storage/schema/main/delta/85/05_add_instance_names_converted_pos.sql +16 -0
  935. synapse/storage/schema/main/delta/85/06_add_room_reports.sql +20 -0
  936. synapse/storage/schema/main/delta/86/01_authenticate_media.sql +15 -0
  937. synapse/storage/schema/main/delta/86/02_receipts_event_id_index.sql +15 -0
  938. synapse/storage/schema/main/delta/87/01_sliding_sync_memberships.sql +169 -0
  939. synapse/storage/schema/main/delta/87/02_per_connection_state.sql +81 -0
  940. synapse/storage/schema/main/delta/87/03_current_state_index.sql +19 -0
  941. synapse/storage/schema/main/delta/88/01_add_delayed_events.sql +43 -0
  942. synapse/storage/schema/main/delta/88/01_custom_profile_fields.sql +15 -0
  943. synapse/storage/schema/main/delta/88/02_fix_sliding_sync_membership_snapshots_forgotten_column.sql +21 -0
  944. synapse/storage/schema/main/delta/88/03_add_otk_ts_added_index.sql +18 -0
  945. synapse/storage/schema/main/delta/88/04_current_state_delta_index.sql +18 -0
  946. synapse/storage/schema/main/delta/88/05_drop_old_otks.sql.postgres +19 -0
  947. synapse/storage/schema/main/delta/88/05_drop_old_otks.sql.sqlite +19 -0
  948. synapse/storage/schema/main/delta/88/05_sliding_sync_room_config_index.sql +20 -0
  949. synapse/storage/schema/main/delta/88/06_events_received_ts_index.sql +17 -0
  950. synapse/storage/schema/main/delta/89/01_sliding_sync_membership_snapshot_index.sql +15 -0
  951. synapse/storage/schema/main/delta/90/01_add_column_participant_room_memberships_table.sql +16 -0
  952. synapse/storage/schema/main/delta/91/01_media_hash.sql +28 -0
  953. synapse/storage/schema/main/delta/92/01_remove_trigger.sql.postgres +16 -0
  954. synapse/storage/schema/main/delta/92/01_remove_trigger.sql.sqlite +16 -0
  955. synapse/storage/schema/main/delta/92/02_remove_populate_participant_bg_update.sql +17 -0
  956. synapse/storage/schema/main/delta/92/04_ss_membership_snapshot_idx.sql +16 -0
  957. synapse/storage/schema/main/delta/92/04_thread_subscriptions.sql +59 -0
  958. synapse/storage/schema/main/delta/92/04_thread_subscriptions_seq.sql.postgres +19 -0
  959. synapse/storage/schema/main/delta/92/05_fixup_max_depth_cap.sql +17 -0
  960. synapse/storage/schema/main/delta/92/05_thread_subscriptions_comments.sql.postgres +18 -0
  961. synapse/storage/schema/main/delta/92/06_device_federation_inbox_index.sql +16 -0
  962. synapse/storage/schema/main/delta/92/06_threads_last_sent_stream_ordering_comments.sql.postgres +24 -0
  963. synapse/storage/schema/main/delta/92/07_add_user_reports.sql +22 -0
  964. synapse/storage/schema/main/delta/92/07_event_txn_id_device_id_txn_id2.sql +15 -0
  965. synapse/storage/schema/main/delta/92/08_room_ban_redactions.sql +21 -0
  966. synapse/storage/schema/main/delta/92/08_thread_subscriptions_seq_fixup.sql.postgres +19 -0
  967. synapse/storage/schema/main/delta/92/09_thread_subscriptions_update.sql +20 -0
  968. synapse/storage/schema/main/delta/92/09_thread_subscriptions_update.sql.postgres +18 -0
  969. synapse/storage/schema/main/full_schemas/72/full.sql.postgres +1344 -0
  970. synapse/storage/schema/main/full_schemas/72/full.sql.sqlite +646 -0
  971. synapse/storage/schema/state/delta/23/drop_state_index.sql +35 -0
  972. synapse/storage/schema/state/delta/32/remove_state_indices.sql +38 -0
  973. synapse/storage/schema/state/delta/35/add_state_index.sql +36 -0
  974. synapse/storage/schema/state/delta/35/state.sql +41 -0
  975. synapse/storage/schema/state/delta/35/state_dedupe.sql +36 -0
  976. synapse/storage/schema/state/delta/47/state_group_seq.py +38 -0
  977. synapse/storage/schema/state/delta/56/state_group_room_idx.sql +36 -0
  978. synapse/storage/schema/state/delta/61/02state_groups_state_n_distinct.sql.postgres +34 -0
  979. synapse/storage/schema/state/delta/70/08_state_group_edges_unique.sql +36 -0
  980. synapse/storage/schema/state/delta/89/01_state_groups_deletion.sql +39 -0
  981. synapse/storage/schema/state/delta/90/02_delete_unreferenced_state_groups.sql +16 -0
  982. synapse/storage/schema/state/delta/90/03_remove_old_deletion_bg_update.sql +15 -0
  983. synapse/storage/schema/state/full_schemas/72/full.sql.postgres +30 -0
  984. synapse/storage/schema/state/full_schemas/72/full.sql.sqlite +20 -0
  985. synapse/storage/types.py +185 -0
  986. synapse/storage/util/__init__.py +20 -0
  987. synapse/storage/util/id_generators.py +909 -0
  988. synapse/storage/util/partial_state_events_tracker.py +194 -0
  989. synapse/storage/util/sequence.py +315 -0
  990. synapse/streams/__init__.py +43 -0
  991. synapse/streams/config.py +92 -0
  992. synapse/streams/events.py +203 -0
  993. synapse/synapse_rust/__init__.pyi +3 -0
  994. synapse/synapse_rust/acl.pyi +20 -0
  995. synapse/synapse_rust/events.pyi +136 -0
  996. synapse/synapse_rust/http_client.pyi +32 -0
  997. synapse/synapse_rust/push.pyi +86 -0
  998. synapse/synapse_rust/rendezvous.pyi +30 -0
  999. synapse/synapse_rust/segmenter.pyi +1 -0
  1000. synapse/synapse_rust.abi3.so +0 -0
  1001. synapse/types/__init__.py +1600 -0
  1002. synapse/types/handlers/__init__.py +93 -0
  1003. synapse/types/handlers/policy_server.py +16 -0
  1004. synapse/types/handlers/sliding_sync.py +909 -0
  1005. synapse/types/rest/__init__.py +25 -0
  1006. synapse/types/rest/client/__init__.py +415 -0
  1007. synapse/types/state.py +635 -0
  1008. synapse/types/storage/__init__.py +66 -0
  1009. synapse/util/__init__.py +170 -0
  1010. synapse/util/async_helpers.py +1067 -0
  1011. synapse/util/batching_queue.py +202 -0
  1012. synapse/util/caches/__init__.py +300 -0
  1013. synapse/util/caches/cached_call.py +143 -0
  1014. synapse/util/caches/deferred_cache.py +530 -0
  1015. synapse/util/caches/descriptors.py +694 -0
  1016. synapse/util/caches/dictionary_cache.py +350 -0
  1017. synapse/util/caches/expiringcache.py +251 -0
  1018. synapse/util/caches/lrucache.py +977 -0
  1019. synapse/util/caches/response_cache.py +323 -0
  1020. synapse/util/caches/stream_change_cache.py +370 -0
  1021. synapse/util/caches/treecache.py +189 -0
  1022. synapse/util/caches/ttlcache.py +197 -0
  1023. synapse/util/cancellation.py +63 -0
  1024. synapse/util/check_dependencies.py +335 -0
  1025. synapse/util/clock.py +500 -0
  1026. synapse/util/constants.py +22 -0
  1027. synapse/util/daemonize.py +165 -0
  1028. synapse/util/distributor.py +159 -0
  1029. synapse/util/events.py +134 -0
  1030. synapse/util/file_consumer.py +164 -0
  1031. synapse/util/frozenutils.py +57 -0
  1032. synapse/util/gai_resolver.py +180 -0
  1033. synapse/util/hash.py +38 -0
  1034. synapse/util/httpresourcetree.py +108 -0
  1035. synapse/util/iterutils.py +189 -0
  1036. synapse/util/json.py +56 -0
  1037. synapse/util/linked_list.py +156 -0
  1038. synapse/util/logcontext.py +46 -0
  1039. synapse/util/logformatter.py +28 -0
  1040. synapse/util/macaroons.py +325 -0
  1041. synapse/util/manhole.py +191 -0
  1042. synapse/util/metrics.py +340 -0
  1043. synapse/util/module_loader.py +116 -0
  1044. synapse/util/msisdn.py +51 -0
  1045. synapse/util/patch_inline_callbacks.py +250 -0
  1046. synapse/util/pydantic_models.py +56 -0
  1047. synapse/util/ratelimitutils.py +420 -0
  1048. synapse/util/retryutils.py +339 -0
  1049. synapse/util/rlimit.py +42 -0
  1050. synapse/util/rust.py +134 -0
  1051. synapse/util/sentinel.py +21 -0
  1052. synapse/util/stringutils.py +293 -0
  1053. synapse/util/task_scheduler.py +493 -0
  1054. synapse/util/templates.py +126 -0
  1055. synapse/util/threepids.py +123 -0
  1056. synapse/util/wheel_timer.py +112 -0
  1057. synapse/visibility.py +836 -0
synapse/storage/databases/main/end_to_end_keys.py ADDED
@@ -0,0 +1,1896 @@
1
+ #
2
+ # This file is licensed under the Affero General Public License (AGPL) version 3.
3
+ #
4
+ # Copyright 2019,2020 The Matrix.org Foundation C.I.C.
5
+ # Copyright 2015, 2016 OpenMarket Ltd
6
+ # Copyright (C) 2023 New Vector, Ltd
7
+ #
8
+ # This program is free software: you can redistribute it and/or modify
9
+ # it under the terms of the GNU Affero General Public License as
10
+ # published by the Free Software Foundation, either version 3 of the
11
+ # License, or (at your option) any later version.
12
+ #
13
+ # See the GNU Affero General Public License for more details:
14
+ # <https://www.gnu.org/licenses/agpl-3.0.html>.
15
+ #
16
+ # Originally licensed under the Apache License, Version 2.0:
17
+ # <http://www.apache.org/licenses/LICENSE-2.0>.
18
+ #
19
+ # [This file includes modifications made by New Vector Limited]
20
+ #
21
+ #
22
+ import abc
23
+ import json
24
+ from typing import (
25
+ TYPE_CHECKING,
26
+ Any,
27
+ Collection,
28
+ Iterable,
29
+ Literal,
30
+ Mapping,
31
+ Optional,
32
+ Sequence,
33
+ Union,
34
+ cast,
35
+ overload,
36
+ )
37
+
38
+ import attr
39
+ from canonicaljson import encode_canonical_json
40
+
41
+ from synapse.api.constants import DeviceKeyAlgorithms
42
+ from synapse.appservice import (
43
+ TransactionOneTimeKeysCount,
44
+ TransactionUnusedFallbackKeys,
45
+ )
46
+ from synapse.logging.opentracing import log_kv, set_tag, trace
47
+ from synapse.replication.tcp.streams._base import DeviceListsStream
48
+ from synapse.storage._base import SQLBaseStore, db_to_json
49
+ from synapse.storage.database import (
50
+ DatabasePool,
51
+ LoggingDatabaseConnection,
52
+ LoggingTransaction,
53
+ make_in_list_sql_clause,
54
+ make_tuple_in_list_sql_clause,
55
+ )
56
+ from synapse.storage.databases.main.cache import CacheInvalidationWorkerStore
57
+ from synapse.storage.engines import PostgresEngine
58
+ from synapse.storage.util.id_generators import MultiWriterIdGenerator
59
+ from synapse.types import JsonDict, JsonMapping, MultiWriterStreamToken
60
+ from synapse.util.caches.descriptors import cached, cachedList
61
+ from synapse.util.cancellation import cancellable
62
+ from synapse.util.iterutils import batch_iter
63
+ from synapse.util.json import json_decoder, json_encoder
64
+
65
+ if TYPE_CHECKING:
66
+ from synapse.handlers.e2e_keys import SignatureListItem
67
+ from synapse.server import HomeServer
68
+
69
+
70
+ @attr.s(slots=True, auto_attribs=True)
71
+ class DeviceKeyLookupResult:
72
+ """The type returned by get_e2e_device_keys_and_signatures"""
73
+
74
+ display_name: Optional[str]
75
+
76
+ # the key data from e2e_device_keys_json. Typically includes fields like
77
+ # "algorithm", "keys" (including the curve25519 identity key and the ed25519 signing
78
+ # key) and "signatures" (a map from (user id) to (key id/device_id) to signature.)
79
+ keys: Optional[JsonDict]
80
+
81
+
82
+ class EndToEndKeyBackgroundStore(SQLBaseStore):
83
+ def __init__(
84
+ self,
85
+ database: DatabasePool,
86
+ db_conn: LoggingDatabaseConnection,
87
+ hs: "HomeServer",
88
+ ):
89
+ super().__init__(database, db_conn, hs)
90
+
91
+ self.db_pool.updates.register_background_index_update(
92
+ "e2e_cross_signing_keys_idx",
93
+ index_name="e2e_cross_signing_keys_stream_idx",
94
+ table="e2e_cross_signing_keys",
95
+ columns=["stream_id"],
96
+ unique=True,
97
+ )
98
+
99
+ self.db_pool.updates.register_background_index_update(
100
+ update_name="add_otk_ts_added_index",
101
+ index_name="e2e_one_time_keys_json_user_id_device_id_algorithm_ts_added_idx",
102
+ table="e2e_one_time_keys_json",
103
+ columns=("user_id", "device_id", "algorithm", "ts_added_ms"),
104
+ )
105
+
106
+
107
+ class EndToEndKeyWorkerStore(EndToEndKeyBackgroundStore, CacheInvalidationWorkerStore):
108
+ def __init__(
109
+ self,
110
+ database: DatabasePool,
111
+ db_conn: LoggingDatabaseConnection,
112
+ hs: "HomeServer",
113
+ ):
114
+ super().__init__(database, db_conn, hs)
115
+
116
+ self._allow_device_name_lookup_over_federation = (
117
+ self.hs.config.federation.allow_device_name_lookup_over_federation
118
+ )
119
+
120
+ self._cross_signing_id_gen = MultiWriterIdGenerator(
121
+ db_conn=db_conn,
122
+ db=database,
123
+ notifier=hs.get_replication_notifier(),
124
+ stream_name="e2e_cross_signing_keys",
125
+ server_name=self.server_name,
126
+ instance_name=self._instance_name,
127
+ tables=[
128
+ ("e2e_cross_signing_keys", "instance_name", "stream_id"),
129
+ ],
130
+ sequence_name="e2e_cross_signing_keys_sequence",
131
+ # No one reads the stream positions, so we're allowed to have an empty list of writers
132
+ writers=[],
133
+ )
134
+
135
+ def process_replication_rows(
136
+ self,
137
+ stream_name: str,
138
+ instance_name: str,
139
+ token: int,
140
+ rows: Iterable[Any],
141
+ ) -> None:
142
+ if stream_name == DeviceListsStream.NAME:
143
+ for row in rows:
144
+ assert isinstance(row, DeviceListsStream.DeviceListsStreamRow)
145
+ if not row.hosts_calculated:
146
+ self._get_e2e_device_keys_for_federation_query_inner.invalidate(
147
+ (row.user_id,)
148
+ )
149
+
150
+ super().process_replication_rows(stream_name, instance_name, token, rows)
151
+
152
+ async def get_e2e_device_keys_for_federation_query(
153
+ self, user_id: str
154
+ ) -> tuple[int, Sequence[JsonMapping]]:
155
+ """Get all devices (with any device keys) for a user
156
+
157
+ Returns:
158
+ (stream_id, devices)
159
+ """
160
+ # Here, we don't use the individual instances positions, as we *need* to
161
+ # give out the stream_id as an integer in the federation API.
162
+ # This means that we'll potentially return the same data twice with a
163
+ # different stream_id, and invalidate cache more often than necessary,
164
+ # which is fine overall.
165
+ now_stream_id = self.get_device_stream_token().stream
166
+
167
+ # We need to be careful with the caching here, as we need to always
168
+ # return *all* persisted devices, however there may be a lag between a
169
+ # new device being persisted and the cache being invalidated.
170
+ cached_results = (
171
+ self._get_e2e_device_keys_for_federation_query_inner.cache.get_immediate(
172
+ user_id, None
173
+ )
174
+ )
175
+ if cached_results is not None:
176
+ # Check that there have been no new devices added by another worker
177
+ # after the cache. This should be quick as there should be few rows
178
+ # with a higher stream ordering.
179
+ #
180
+ # Note that we invalidate based on the device stream, so we only
181
+ # have to check for potential invalidations after the
182
+ # `now_stream_id`.
183
+ sql = """
184
+ SELECT 1
185
+ FROM device_lists_stream
186
+ WHERE stream_id >= ? AND user_id = ?
187
+ LIMIT 1
188
+ """
189
+ rows = await self.db_pool.execute(
190
+ "get_e2e_device_keys_for_federation_query_check",
191
+ sql,
192
+ now_stream_id,
193
+ user_id,
194
+ )
195
+ if not rows:
196
+ # No new rows, so cache is still valid.
197
+ return now_stream_id, cached_results
198
+
199
+ # There has, so let's invalidate the cache and run the query.
200
+ self._get_e2e_device_keys_for_federation_query_inner.invalidate((user_id,))
201
+
202
+ results = await self._get_e2e_device_keys_for_federation_query_inner(user_id)
203
+
204
+ return now_stream_id, results
205
+
206
+ @cached(iterable=True)
207
+ async def _get_e2e_device_keys_for_federation_query_inner(
208
+ self, user_id: str
209
+ ) -> Sequence[JsonMapping]:
210
+ """Get all devices (with any device keys) for a user"""
211
+
212
+ devices = await self.get_e2e_device_keys_and_signatures([(user_id, None)])
213
+
214
+ if devices:
215
+ user_devices = devices[user_id]
216
+ results = []
217
+ for device_id, device in user_devices.items():
218
+ result: JsonDict = {"device_id": device_id}
219
+
220
+ keys = device.keys
221
+ if keys:
222
+ result["keys"] = keys
223
+
224
+ device_display_name = None
225
+ if self._allow_device_name_lookup_over_federation:
226
+ device_display_name = device.display_name
227
+ if device_display_name:
228
+ result["device_display_name"] = device_display_name
229
+
230
+ results.append(result)
231
+
232
+ return results
233
+
234
+ return []
235
+
236
+ @trace
237
+ @cancellable
238
+ async def get_e2e_device_keys_for_cs_api(
239
+ self,
240
+ query_list: Collection[tuple[str, Optional[str]]],
241
+ include_displaynames: bool = True,
242
+ ) -> dict[str, dict[str, JsonDict]]:
243
+ """Fetch a list of device keys, formatted suitably for the C/S API.
244
+ Args:
245
+ query_list: List of pairs of user_ids and device_ids.
246
+ include_displaynames: Whether to include the displayname of returned devices
247
+ (if one exists).
248
+ Returns:
249
+ Dict mapping from user-id to dict mapping from device_id to
250
+ key data. The key data will be a dict in the same format as the
251
+ DeviceKeys type returned by POST /_matrix/client/r0/keys/query.
252
+ """
253
+ set_tag("query_list", str(query_list))
254
+ if not query_list:
255
+ return {}
256
+
257
+ results = await self.get_e2e_device_keys_and_signatures(query_list)
258
+
259
+ # Build the result structure, un-jsonify the results, and add the
260
+ # "unsigned" section
261
+ rv: dict[str, dict[str, JsonDict]] = {}
262
+ for user_id, device_keys in results.items():
263
+ rv[user_id] = {}
264
+ for device_id, device_info in device_keys.items():
265
+ r = device_info.keys
266
+ if r is None:
267
+ continue
268
+
269
+ r["unsigned"] = {}
270
+ if include_displaynames:
271
+ # Include the device's display name in the "unsigned" dictionary
272
+ display_name = device_info.display_name
273
+ if display_name is not None:
274
+ r["unsigned"]["device_display_name"] = display_name
275
+
276
+ rv[user_id][device_id] = r
277
+
278
+ return rv
279
+
280
+ @overload
281
+ async def get_e2e_device_keys_and_signatures(
282
+ self,
283
+ query_list: Collection[tuple[str, Optional[str]]],
284
+ include_all_devices: Literal[False] = False,
285
+ ) -> dict[str, dict[str, DeviceKeyLookupResult]]: ...
286
+
287
+ @overload
288
+ async def get_e2e_device_keys_and_signatures(
289
+ self,
290
+ query_list: Collection[tuple[str, Optional[str]]],
291
+ include_all_devices: bool = False,
292
+ include_deleted_devices: Literal[False] = False,
293
+ ) -> dict[str, dict[str, DeviceKeyLookupResult]]: ...
294
+
295
+ @overload
296
+ async def get_e2e_device_keys_and_signatures(
297
+ self,
298
+ query_list: Collection[tuple[str, Optional[str]]],
299
+ include_all_devices: Literal[True],
300
+ include_deleted_devices: Literal[True],
301
+ ) -> dict[str, dict[str, Optional[DeviceKeyLookupResult]]]: ...
302
+
303
+ @trace
304
+ @cancellable
305
+ async def get_e2e_device_keys_and_signatures(
306
+ self,
307
+ query_list: Collection[tuple[str, Optional[str]]],
308
+ include_all_devices: bool = False,
309
+ include_deleted_devices: bool = False,
310
+ ) -> Union[
311
+ dict[str, dict[str, DeviceKeyLookupResult]],
312
+ dict[str, dict[str, Optional[DeviceKeyLookupResult]]],
313
+ ]:
314
+ """Fetch a list of device keys
315
+
316
+ Any cross-signatures made on the keys by the owner of the device are also
317
+ included.
318
+
319
+ The cross-signatures are added to the `signatures` field within the `keys`
320
+ object in the response.
321
+
322
+ Args:
323
+ query_list: List of pairs of user_ids and device_ids. Device id can be None
324
+ to indicate "all devices for this user"
325
+
326
+ include_all_devices: whether to return devices without device keys
327
+
328
+ include_deleted_devices: whether to include null entries for
329
+ devices which no longer exist (but were in the query_list).
330
+ This option only takes effect if include_all_devices is true.
331
+
332
+ Returns:
333
+ Dict mapping from user-id to dict mapping from device_id to
334
+ key data.
335
+ """
336
+ set_tag("include_all_devices", include_all_devices)
337
+ set_tag("include_deleted_devices", include_deleted_devices)
338
+
339
+ result = await self._get_e2e_device_keys(
340
+ query_list,
341
+ include_all_devices,
342
+ include_deleted_devices,
343
+ )
344
+
345
+ # get the (user_id, device_id) tuples to look up cross-signatures for
346
+ signature_query = (
347
+ (user_id, device_id)
348
+ for user_id, dev in result.items()
349
+ for device_id, d in dev.items()
350
+ if d is not None and d.keys is not None
351
+ )
352
+
353
+ # 1000 is an arbitrary batch size. It helped performance on a very
354
+ # large-scale deployment (matrix.org), but has not been tested against
355
+ # any other setup.
356
+ for batch in batch_iter(signature_query, 1000):
357
+ cross_sigs_result = (
358
+ await self._get_e2e_cross_signing_signatures_for_devices(batch)
359
+ )
360
+
361
+ # add each cross-signing signature to the correct device in the result dict.
362
+ for (
363
+ user_id,
364
+ device_id,
365
+ ), signature_list in cross_sigs_result.items():
366
+ target_device_result = result[user_id][device_id]
367
+
368
+ # We've only looked up cross-signatures for non-deleted devices with key
369
+ # data.
370
+ assert target_device_result is not None
371
+ assert target_device_result.keys is not None
372
+ target_device_signatures = target_device_result.keys.setdefault(
373
+ "signatures", {}
374
+ )
375
+ signing_user_signatures = target_device_signatures.setdefault(
376
+ user_id, {}
377
+ )
378
+
379
+ for key_id, signature in signature_list:
380
+ signing_user_signatures[key_id] = signature
381
+
382
+ log_kv(result)
383
+ return result
384
+
385
+ async def _get_e2e_device_keys(
386
+ self,
387
+ query_list: Collection[tuple[str, Optional[str]]],
388
+ include_all_devices: bool = False,
389
+ include_deleted_devices: bool = False,
390
+ ) -> dict[str, dict[str, Optional[DeviceKeyLookupResult]]]:
391
+ """Get information on devices from the database
392
+
393
+ The results include the device's keys and self-signatures, but *not* any
394
+ cross-signing signatures which have been added subsequently (for which, see
395
+ get_e2e_device_keys_and_signatures)
396
+ """
397
+ query_clauses: list[str] = []
398
+ query_params_list: list[list[object]] = []
399
+
400
+ if include_all_devices is False:
401
+ include_deleted_devices = False
402
+
403
+ if include_deleted_devices:
404
+ deleted_devices = set(query_list)
405
+
406
+ # Split the query list into queries for users and queries for particular
407
+ # devices.
408
+ user_list = []
409
+ user_device_list = []
410
+ for user_id, device_id in query_list:
411
+ if device_id is None:
412
+ user_list.append(user_id)
413
+ else:
414
+ user_device_list.append((user_id, device_id))
415
+
416
+ if user_list:
417
+ user_id_in_list_clause, user_args = make_in_list_sql_clause(
418
+ self.database_engine, "user_id", user_list
419
+ )
420
+ query_clauses.append(user_id_in_list_clause)
421
+ query_params_list.append(user_args)
422
+
423
+ if user_device_list:
424
+ # Divide the device queries into batches, to avoid excessively large
425
+ # queries.
426
+ for user_device_batch in batch_iter(user_device_list, 1024):
427
+ (
428
+ user_device_id_in_list_clause,
429
+ user_device_args,
430
+ ) = make_tuple_in_list_sql_clause(
431
+ self.database_engine, ("user_id", "device_id"), user_device_batch
432
+ )
433
+ query_clauses.append(user_device_id_in_list_clause)
434
+ query_params_list.append(user_device_args)
435
+
436
+ result: dict[str, dict[str, Optional[DeviceKeyLookupResult]]] = {}
437
+
438
+ def get_e2e_device_keys_txn(
439
+ txn: LoggingTransaction, query_clause: str, query_params: list
440
+ ) -> None:
441
+ if include_all_devices:
442
+ sql = f"""
443
+ SELECT user_id, device_id, d.display_name, k.key_json
444
+ FROM devices d
445
+ LEFT JOIN e2e_device_keys_json k USING (user_id, device_id)
446
+ WHERE {query_clause} AND NOT d.hidden
447
+ """
448
+ else:
449
+ # We swap around `e2e_device_keys_json` and `devices`, as we
450
+ # want Postgres to query `e2e_device_keys_json` first as it will
451
+ # have fewer rows in it. This helps *a lot* with accounts with
452
+ # lots of non-e2e devices (such as bots).
453
+ sql = f"""
454
+ SELECT user_id, device_id, d.display_name, k.key_json
455
+ FROM e2e_device_keys_json k
456
+ INNER JOIN devices d USING (user_id, device_id)
457
+ WHERE {query_clause} AND NOT d.hidden
458
+ """
459
+
460
+ txn.execute(sql, query_params)
461
+
462
+ for user_id, device_id, display_name, key_json in txn:
463
+ assert device_id is not None
464
+ if include_deleted_devices:
465
+ deleted_devices.remove((user_id, device_id))
466
+ result.setdefault(user_id, {})[device_id] = DeviceKeyLookupResult(
467
+ display_name, db_to_json(key_json) if key_json else None
468
+ )
469
+
470
+ for query_clause, query_params in zip(query_clauses, query_params_list):
471
+ await self.db_pool.runInteraction(
472
+ "_get_e2e_device_keys",
473
+ get_e2e_device_keys_txn,
474
+ query_clause,
475
+ query_params,
476
+ )
477
+
478
+ if include_deleted_devices:
479
+ for user_id, device_id in deleted_devices:
480
+ if device_id is None:
481
+ continue
482
+ result.setdefault(user_id, {})[device_id] = None
483
+
484
+ return result
485
+
486
+ @cached()
487
+ def _get_e2e_cross_signing_signatures_for_device(
488
+ self,
489
+ user_id_and_device_id: tuple[str, str],
490
+ ) -> Sequence[tuple[str, str]]:
491
+ """
492
+ The single-item version of `_get_e2e_cross_signing_signatures_for_devices`.
493
+ See @cachedList for why a separate method is needed.
494
+ """
495
+ raise NotImplementedError()
496
+
497
+ @cachedList(
498
+ cached_method_name="_get_e2e_cross_signing_signatures_for_device",
499
+ list_name="device_query",
500
+ )
501
+ async def _get_e2e_cross_signing_signatures_for_devices(
502
+ self, device_query: Iterable[tuple[str, str]]
503
+ ) -> Mapping[tuple[str, str], Sequence[tuple[str, str]]]:
504
+ """Get cross-signing signatures for a given list of user IDs and devices.
505
+
506
+ Args:
507
+ An iterable containing tuples of (user ID, device ID).
508
+
509
+ Returns:
510
+ A mapping of results. The keys are the original (user_id, device_id)
511
+ tuple, while the value is the matching list of tuples of
512
+ (key_id, signature). The value will be an empty list if no
513
+ signatures exist for the device.
514
+
515
+ Given this method is annotated with `@cachedList`, the return dict's
516
+ keys match the tuples within `device_query`, so that cache entries can
517
+ be computed from the corresponding values.
518
+
519
+ As results are cached, the return type is immutable.
520
+ """
521
+
522
+ def _get_e2e_cross_signing_signatures_for_devices_txn(
523
+ txn: LoggingTransaction, device_query: Iterable[tuple[str, str]]
524
+ ) -> Mapping[tuple[str, str], Sequence[tuple[str, str]]]:
525
+ where_clause_sql, where_clause_params = make_tuple_in_list_sql_clause(
526
+ self.database_engine,
527
+ columns=("target_user_id", "target_device_id", "user_id"),
528
+ iterable=[
529
+ (user_id, device_id, user_id) for user_id, device_id in device_query
530
+ ],
531
+ )
532
+
533
+ signature_sql = f"""
534
+ SELECT user_id, key_id, target_device_id, signature
535
+ FROM e2e_cross_signing_signatures WHERE {where_clause_sql}
536
+ """
537
+
538
+ txn.execute(signature_sql, where_clause_params)
539
+
540
+ devices_and_signatures: dict[tuple[str, str], list[tuple[str, str]]] = {}
541
+
542
+ # `@cachedList` requires we return one key for every item in `device_query`.
543
+ # Pre-populate `devices_and_signatures` with each key so that none are missing.
544
+ #
545
+ # If any are missing, they will be cached as `None`, which is not
546
+ # what callers expected.
547
+ for user_id, device_id in device_query:
548
+ devices_and_signatures.setdefault((user_id, device_id), [])
549
+
550
+ # Populate the return dictionary with each found key_id and signature.
551
+ for user_id, key_id, target_device_id, signature in txn.fetchall():
552
+ signature_tuple = (key_id, signature)
553
+ devices_and_signatures[(user_id, target_device_id)].append(
554
+ signature_tuple
555
+ )
556
+
557
+ return devices_and_signatures
558
+
559
+ return await self.db_pool.runInteraction(
560
+ "_get_e2e_cross_signing_signatures_for_devices_txn",
561
+ _get_e2e_cross_signing_signatures_for_devices_txn,
562
+ device_query,
563
+ )
564
+
565
+ async def get_e2e_one_time_keys(
566
+ self, user_id: str, device_id: str, key_ids: list[str]
567
+ ) -> dict[tuple[str, str], str]:
568
+ """Retrieve a number of one-time keys for a user
569
+
570
+ Args:
571
+ user_id: id of user to get keys for
572
+ device_id: id of device to get keys for
573
+ key_ids: list of key ids (excluding algorithm) to retrieve
574
+
575
+ Returns:
576
+ A map from (algorithm, key_id) to json string for key
577
+ """
578
+
579
+ rows = cast(
580
+ list[tuple[str, str, str]],
581
+ await self.db_pool.simple_select_many_batch(
582
+ table="e2e_one_time_keys_json",
583
+ column="key_id",
584
+ iterable=key_ids,
585
+ retcols=("algorithm", "key_id", "key_json"),
586
+ keyvalues={"user_id": user_id, "device_id": device_id},
587
+ desc="add_e2e_one_time_keys_check",
588
+ ),
589
+ )
590
+ result = {(algorithm, key_id): key_json for algorithm, key_id, key_json in rows}
591
+ log_kv({"message": "Fetched one time keys for user", "one_time_keys": result})
592
+ return result
593
+
594
+ async def add_e2e_one_time_keys(
595
+ self,
596
+ user_id: str,
597
+ device_id: str,
598
+ time_now: int,
599
+ new_keys: Iterable[tuple[str, str, str]],
600
+ ) -> None:
601
+ """Insert some new one time keys for a device. Errors if any of the
602
+ keys already exist.
603
+
604
+ Args:
605
+ user_id: id of user to get keys for
606
+ device_id: id of device to get keys for
607
+ time_now: insertion time to record (ms since epoch)
608
+ new_keys: keys to add - each a tuple of (algorithm, key_id, key json)
609
+ """
610
+
611
+ await self.db_pool.runInteraction(
612
+ "add_e2e_one_time_keys_insert",
613
+ self._add_e2e_one_time_keys_txn,
614
+ user_id,
615
+ device_id,
616
+ time_now,
617
+ new_keys,
618
+ )
619
+
620
+ def _add_e2e_one_time_keys_txn(
621
+ self,
622
+ txn: LoggingTransaction,
623
+ user_id: str,
624
+ device_id: str,
625
+ time_now: int,
626
+ new_keys: Iterable[tuple[str, str, str]],
627
+ ) -> None:
628
+ """Insert some new one time keys for a device. Errors if any of the keys already exist.
629
+
630
+ Args:
631
+ user_id: id of user to get keys for
632
+ device_id: id of device to get keys for
633
+ time_now: insertion time to record (ms since epoch)
634
+ new_keys: keys to add - each a tuple of (algorithm, key_id, key json) - note
635
+ that the key JSON must be in canonical JSON form
636
+ """
637
+ set_tag("user_id", user_id)
638
+ set_tag("device_id", device_id)
639
+ set_tag("new_keys", str(new_keys))
640
+ # We are protected from race between lookup and insertion due to
641
+ # a unique constraint. If there is a race of two calls to
642
+ # `add_e2e_one_time_keys` then they'll conflict and we will only
643
+ # insert one set.
644
+ self.db_pool.simple_insert_many_txn(
645
+ txn,
646
+ table="e2e_one_time_keys_json",
647
+ keys=(
648
+ "user_id",
649
+ "device_id",
650
+ "algorithm",
651
+ "key_id",
652
+ "ts_added_ms",
653
+ "key_json",
654
+ ),
655
+ values=[
656
+ (user_id, device_id, algorithm, key_id, time_now, json_bytes)
657
+ for algorithm, key_id, json_bytes in new_keys
658
+ ],
659
+ )
660
+ self._invalidate_cache_and_stream(
661
+ txn, self.count_e2e_one_time_keys, (user_id, device_id)
662
+ )
663
+
664
+ @cached(max_entries=10000, tree=True)
665
+ async def count_e2e_one_time_keys(
666
+ self, user_id: str, device_id: str
667
+ ) -> Mapping[str, int]:
668
+ """Count the number of one time keys the server has for a device
669
+ Returns:
670
+ A mapping from algorithm to number of keys for that algorithm.
671
+ """
672
+
673
+ def _count_e2e_one_time_keys(txn: LoggingTransaction) -> dict[str, int]:
674
+ sql = (
675
+ "SELECT algorithm, COUNT(key_id) FROM e2e_one_time_keys_json"
676
+ " WHERE user_id = ? AND device_id = ?"
677
+ " GROUP BY algorithm"
678
+ )
679
+ txn.execute(sql, (user_id, device_id))
680
+
681
+ # Initially set the key count to 0. This ensures that the client will always
682
+ # receive *some count*, even if it's 0.
683
+ result = {DeviceKeyAlgorithms.SIGNED_CURVE25519: 0}
684
+
685
+ # Override entries with the count of any keys we pulled from the database
686
+ for algorithm, key_count in txn:
687
+ result[algorithm] = key_count
688
+
689
+ return result
690
+
691
+ return await self.db_pool.runInteraction(
692
+ "count_e2e_one_time_keys", _count_e2e_one_time_keys
693
+ )
694
+
695
+ async def count_bulk_e2e_one_time_keys_for_as(
696
+ self, user_ids: Collection[str]
697
+ ) -> TransactionOneTimeKeysCount:
698
+ """
699
+ Counts, in bulk, the one-time keys for all the users specified.
700
+ Intended to be used by application services for populating OTK counts in
701
+ transactions.
702
+
703
+ Return structure is of the shape:
704
+ user_id -> device_id -> algorithm -> count
705
+ Empty algorithm -> count dicts are created if needed to represent a
706
+ lack of unused one-time keys.
707
+ """
708
+
709
+ def _count_bulk_e2e_one_time_keys_txn(
710
+ txn: LoggingTransaction,
711
+ ) -> TransactionOneTimeKeysCount:
712
+ user_in_where_clause, user_parameters = make_in_list_sql_clause(
713
+ self.database_engine, "user_id", user_ids
714
+ )
715
+ sql = f"""
716
+ SELECT user_id, device_id, algorithm, COUNT(key_id)
717
+ FROM devices
718
+ LEFT JOIN e2e_one_time_keys_json USING (user_id, device_id)
719
+ WHERE {user_in_where_clause}
720
+ GROUP BY user_id, device_id, algorithm
721
+ """
722
+ txn.execute(sql, user_parameters)
723
+
724
+ result: TransactionOneTimeKeysCount = {}
725
+
726
+ for user_id, device_id, algorithm, count in txn:
727
+ # We deliberately construct empty dictionaries for
728
+ # users and devices without any unused one-time keys.
729
+ # We *could* omit these empty dicts if there have been no
730
+ # changes since the last transaction, but we currently don't
731
+ # do any change tracking!
732
+ device_count_by_algo = result.setdefault(user_id, {}).setdefault(
733
+ device_id, {}
734
+ )
735
+ if algorithm is not None:
736
+ # algorithm will be None if this device has no keys.
737
+ device_count_by_algo[algorithm] = count
738
+
739
+ return result
740
+
741
+ return await self.db_pool.runInteraction(
742
+ "count_bulk_e2e_one_time_keys", _count_bulk_e2e_one_time_keys_txn
743
+ )
744
+
745
+ async def get_e2e_bulk_unused_fallback_key_types(
746
+ self, user_ids: Collection[str]
747
+ ) -> TransactionUnusedFallbackKeys:
748
+ """
749
+ Finds, in bulk, the types of unused fallback keys for all the users specified.
750
+ Intended to be used by application services for populating unused fallback
751
+ keys in transactions.
752
+
753
+ Return structure is of the shape:
754
+ user_id -> device_id -> algorithms
755
+ Empty lists are created for devices if there are no unused fallback
756
+ keys. This matches the response structure of MSC3202.
757
+ """
758
+ if len(user_ids) == 0:
759
+ return {}
760
+
761
+ def _get_bulk_e2e_unused_fallback_keys_txn(
762
+ txn: LoggingTransaction,
763
+ ) -> TransactionUnusedFallbackKeys:
764
+ user_in_where_clause, user_parameters = make_in_list_sql_clause(
765
+ self.database_engine, "devices.user_id", user_ids
766
+ )
767
+ # We can't use USING here because we require the `.used` condition
768
+ # to be part of the JOIN condition so that we generate empty lists
769
+ # when all keys are used (as opposed to just when there are no keys at all).
770
+ sql = f"""
771
+ SELECT devices.user_id, devices.device_id, algorithm
772
+ FROM devices
773
+ LEFT JOIN e2e_fallback_keys_json AS fallback_keys
774
+ ON devices.user_id = fallback_keys.user_id
775
+ AND devices.device_id = fallback_keys.device_id
776
+ AND NOT fallback_keys.used
777
+ WHERE
778
+ {user_in_where_clause}
779
+ """
780
+ txn.execute(sql, user_parameters)
781
+
782
+ result: TransactionUnusedFallbackKeys = {}
783
+
784
+ for user_id, device_id, algorithm in txn:
785
+ # We deliberately construct empty dictionaries and lists for
786
+ # users and devices without any unused fallback keys.
787
+ # We *could* omit these empty dicts if there have been no
788
+ # changes since the last transaction, but we currently don't
789
+ # do any change tracking!
790
+ device_unused_keys = result.setdefault(user_id, {}).setdefault(
791
+ device_id, []
792
+ )
793
+ if algorithm is not None:
794
+ # algorithm will be None if this device has no keys.
795
+ device_unused_keys.append(algorithm)
796
+
797
+ return result
798
+
799
+ return await self.db_pool.runInteraction(
800
+ "_get_bulk_e2e_unused_fallback_keys", _get_bulk_e2e_unused_fallback_keys_txn
801
+ )
802
+
803
+ async def set_e2e_fallback_keys(
804
+ self, user_id: str, device_id: str, fallback_keys: JsonDict
805
+ ) -> None:
806
+ """Set the user's e2e fallback keys.
807
+
808
+ Args:
809
+ user_id: the user whose keys are being set
810
+ device_id: the device whose keys are being set
811
+ fallback_keys: the keys to set. This is a map from key ID (which is
812
+ of the form "algorithm:id") to key data.
813
+ """
814
+ await self.db_pool.runInteraction(
815
+ "set_e2e_fallback_keys_txn",
816
+ self._set_e2e_fallback_keys_txn,
817
+ user_id,
818
+ device_id,
819
+ fallback_keys,
820
+ )
821
+
822
+ await self.invalidate_cache_and_stream(
823
+ "get_e2e_unused_fallback_key_types", (user_id, device_id)
824
+ )
825
+
826
+ def _set_e2e_fallback_keys_txn(
827
+ self,
828
+ txn: LoggingTransaction,
829
+ user_id: str,
830
+ device_id: str,
831
+ fallback_keys: JsonDict,
832
+ ) -> None:
833
+ """Set the user's e2e fallback keys.
834
+
835
+ Args:
836
+ user_id: the user whose keys are being set
837
+ device_id: the device whose keys are being set
838
+ fallback_keys: the keys to set. This is a map from key ID (which is
839
+ of the form "algorithm:id") to key data.
840
+ """
841
+ # fallback_keys will usually only have one item in it, so using a for
842
+ # loop (as opposed to calling simple_upsert_many_txn) won't be too bad
843
+ # FIXME: make sure that only one key per algorithm is uploaded
844
+ for key_id, fallback_key in fallback_keys.items():
845
+ algorithm, key_id = key_id.split(":", 1)
846
+ old_key_json = self.db_pool.simple_select_one_onecol_txn(
847
+ txn,
848
+ table="e2e_fallback_keys_json",
849
+ keyvalues={
850
+ "user_id": user_id,
851
+ "device_id": device_id,
852
+ "algorithm": algorithm,
853
+ },
854
+ retcol="key_json",
855
+ allow_none=True,
856
+ )
857
+
858
+ new_key_json = encode_canonical_json(fallback_key).decode("utf-8")
859
+
860
+ # If the uploaded key is the same as the current fallback key,
861
+ # don't do anything. This prevents marking the key as unused if it
862
+ # was already used.
863
+ if old_key_json != new_key_json:
864
+ self.db_pool.simple_upsert_txn(
865
+ txn,
866
+ table="e2e_fallback_keys_json",
867
+ keyvalues={
868
+ "user_id": user_id,
869
+ "device_id": device_id,
870
+ "algorithm": algorithm,
871
+ },
872
+ values={
873
+ "key_id": key_id,
874
+ "key_json": json_encoder.encode(fallback_key),
875
+ "used": False,
876
+ },
877
+ )
878
+
879
+ @cached(max_entries=10000, tree=True)
880
+ async def get_e2e_unused_fallback_key_types(
881
+ self, user_id: str, device_id: str
882
+ ) -> Sequence[str]:
883
+ """Returns the fallback key types that have an unused key.
884
+
885
+ Args:
886
+ user_id: the user whose keys are being queried
887
+ device_id: the device whose keys are being queried
888
+
889
+ Returns:
890
+ a list of key types
891
+ """
892
+ return await self.db_pool.simple_select_onecol(
893
+ "e2e_fallback_keys_json",
894
+ keyvalues={"user_id": user_id, "device_id": device_id, "used": False},
895
+ retcol="algorithm",
896
+ desc="get_e2e_unused_fallback_key_types",
897
+ )
898
+
899
+ async def get_e2e_cross_signing_key(
900
+ self, user_id: str, key_type: str, from_user_id: Optional[str] = None
901
+ ) -> Optional[JsonMapping]:
902
+ """Returns a user's cross-signing key.
903
+
904
+ Args:
905
+ user_id: the user whose key is being requested
906
+ key_type: the type of key that is being requested: either 'master'
907
+ for a master key, 'self_signing' for a self-signing key, or
908
+ 'user_signing' for a user-signing key
909
+ from_user_id: if specified, signatures made by this user on
910
+ the self-signing key will be included in the result
911
+
912
+ Returns:
913
+ dict of the key data or None if not found
914
+ """
915
+ res = await self.get_e2e_cross_signing_keys_bulk([user_id], from_user_id)
916
+ user_keys = res.get(user_id)
917
+ if not user_keys:
918
+ return None
919
+ return user_keys.get(key_type)
920
+
921
+ @cached(num_args=1)
922
+ def _get_bare_e2e_cross_signing_keys(
923
+ self, user_id: str
924
+ ) -> Mapping[str, JsonMapping]:
925
+ """Dummy function. Only used to make a cache for
926
+ _get_bare_e2e_cross_signing_keys_bulk.
927
+ """
928
+ raise NotImplementedError()
929
+
930
+ @cachedList(
931
+ cached_method_name="_get_bare_e2e_cross_signing_keys",
932
+ list_name="user_ids",
933
+ num_args=1,
934
+ )
935
+ async def _get_bare_e2e_cross_signing_keys_bulk(
936
+ self, user_ids: Iterable[str]
937
+ ) -> Mapping[str, Optional[Mapping[str, JsonMapping]]]:
938
+ """Returns the cross-signing keys for a set of users. The output of this
939
+ function should be passed to _get_e2e_cross_signing_signatures_txn if
940
+ the signatures for the calling user need to be fetched.
941
+
942
+ Args:
943
+ user_ids: the users whose keys are being requested
944
+
945
+ Returns:
946
+ A mapping from user ID to key type to key data. If a user's cross-signing
947
+ keys were not found, either their user ID will not be in the dict, or
948
+ their user ID will map to None.
949
+
950
+ """
951
+ return await self.db_pool.runInteraction(
952
+ "get_bare_e2e_cross_signing_keys_bulk",
953
+ self._get_bare_e2e_cross_signing_keys_bulk_txn,
954
+ user_ids,
955
+ )
956
+
957
+ def _get_bare_e2e_cross_signing_keys_bulk_txn(
958
+ self,
959
+ txn: LoggingTransaction,
960
+ user_ids: Iterable[str],
961
+ ) -> dict[str, dict[str, JsonDict]]:
962
+ """Returns the cross-signing keys for a set of users. The output of this
963
+ function should be passed to _get_e2e_cross_signing_signatures_txn if
964
+ the signatures for the calling user need to be fetched.
965
+
966
+ Args:
967
+ txn: db connection
968
+ user_ids: the users whose keys are being requested
969
+
970
+ Returns:
971
+ Mapping from user ID to key type to key data.
972
+ If a user's cross-signing keys were not found, their user ID will not be in
973
+ the dict.
974
+
975
+ """
976
+ result: dict[str, dict[str, JsonDict]] = {}
977
+
978
+ for user_chunk in batch_iter(user_ids, 100):
979
+ clause, params = make_in_list_sql_clause(
980
+ txn.database_engine, "user_id", user_chunk
981
+ )
982
+
983
+ # Fetch the latest key for each type per user.
984
+ if isinstance(self.database_engine, PostgresEngine):
985
+ # The `DISTINCT ON` clause will pick the *first* row it
986
+ # encounters, so ordering by stream ID desc will ensure we get
987
+ # the latest key.
988
+ sql = """
989
+ SELECT DISTINCT ON (user_id, keytype) user_id, keytype, keydata, stream_id
990
+ FROM e2e_cross_signing_keys
991
+ WHERE %(clause)s
992
+ ORDER BY user_id, keytype, stream_id DESC
993
+ """ % {"clause": clause}
994
+ else:
995
+ # SQLite has special handling for bare columns when using
996
+ # MIN/MAX with a `GROUP BY` clause where it picks the value from
997
+ # a row that matches the MIN/MAX.
998
+ sql = """
999
+ SELECT user_id, keytype, keydata, MAX(stream_id)
1000
+ FROM e2e_cross_signing_keys
1001
+ WHERE %(clause)s
1002
+ GROUP BY user_id, keytype
1003
+ """ % {"clause": clause}
1004
+
1005
+ txn.execute(sql, params)
1006
+
1007
+ for user_id, key_type, key_data, _ in txn:
1008
+ user_keys = result.setdefault(user_id, {})
1009
+ user_keys[key_type] = db_to_json(key_data)
1010
+
1011
+ return result
1012
+
1013
+ def _get_e2e_cross_signing_signatures_txn(
1014
+ self,
1015
+ txn: LoggingTransaction,
1016
+ keys: dict[str, Optional[dict[str, JsonDict]]],
1017
+ from_user_id: str,
1018
+ ) -> dict[str, Optional[dict[str, JsonDict]]]:
1019
+ """Returns the cross-signing signatures made by a user on a set of keys.
1020
+
1021
+ Args:
1022
+ txn: db connection
1023
+ keys: a map of user ID to key type to key data.
1024
+ This dict will be modified to add signatures.
1025
+ from_user_id: fetch the signatures made by this user
1026
+
1027
+ Returns:
1028
+ Mapping from user ID to key type to key data.
1029
+ The return value will be the same as the keys argument, with the
1030
+ modifications included.
1031
+ """
1032
+
1033
+ # find out what cross-signing keys (a.k.a. devices) we need to get
1034
+ # signatures for. This is a map of (user_id, device_id) to key type
1035
+ # (device_id is the key's public part).
1036
+ devices: dict[tuple[str, str], str] = {}
1037
+
1038
+ for user_id, user_keys in keys.items():
1039
+ if user_keys is None:
1040
+ continue
1041
+ for key_type, key in user_keys.items():
1042
+ device_id = None
1043
+ for k in key["keys"].values():
1044
+ device_id = k
1045
+ # `key` ought to be a `CrossSigningKey`, whose .keys property is a
1046
+ # dictionary with a single entry:
1047
+ # "algorithm:base64_public_key": "base64_public_key"
1048
+ # See https://spec.matrix.org/v1.1/client-server-api/#cross-signing
1049
+ assert isinstance(device_id, str)
1050
+ devices[(user_id, device_id)] = key_type
1051
+
1052
+ for batch in batch_iter(devices.keys(), size=100):
1053
+ sql = """
1054
+ SELECT target_user_id, target_device_id, key_id, signature
1055
+ FROM e2e_cross_signing_signatures
1056
+ WHERE user_id = ?
1057
+ AND (%s)
1058
+ """ % (
1059
+ " OR ".join(
1060
+ "(target_user_id = ? AND target_device_id = ?)" for _ in batch
1061
+ )
1062
+ )
1063
+ query_params = [from_user_id]
1064
+ for item in batch:
1065
+ # item is a (user_id, device_id) tuple
1066
+ query_params.extend(item)
1067
+
1068
+ txn.execute(sql, query_params)
1069
+
1070
+ # and add the signatures to the appropriate keys
1071
+ for target_user_id, target_device_id, key_id, signature in txn:
1072
+ key_type = devices[(target_user_id, target_device_id)]
1073
+ # We need to copy everything, because the result may have come
1074
+ # from the cache. dict.copy only does a shallow copy, so we
1075
+ # need to recursively copy the dicts that will be modified.
1076
+ user_keys = keys[target_user_id]
1077
+ # `user_keys` cannot be `None` because we only fetched signatures for
1078
+ # users with keys
1079
+ assert user_keys is not None
1080
+ user_keys = keys[target_user_id] = user_keys.copy()
1081
+
1082
+ target_user_key = user_keys[key_type] = user_keys[key_type].copy()
1083
+ if "signatures" in target_user_key:
1084
+ signatures = target_user_key["signatures"] = target_user_key[
1085
+ "signatures"
1086
+ ].copy()
1087
+ if from_user_id in signatures:
1088
+ user_sigs = signatures[from_user_id] = signatures[from_user_id]
1089
+ user_sigs[key_id] = signature
1090
+ else:
1091
+ signatures[from_user_id] = {key_id: signature}
1092
+ else:
1093
+ target_user_key["signatures"] = {from_user_id: {key_id: signature}}
1094
+
1095
+ return keys
1096
+
1097
+ @cancellable
1098
+ async def get_e2e_cross_signing_keys_bulk(
1099
+ self, user_ids: list[str], from_user_id: Optional[str] = None
1100
+ ) -> Mapping[str, Optional[Mapping[str, JsonMapping]]]:
1101
+ """Returns the cross-signing keys for a set of users.
1102
+
1103
+ Args:
1104
+ user_ids: the users whose keys are being requested
1105
+ from_user_id: if specified, signatures made by this user on
1106
+ the self-signing keys will be included in the result
1107
+
1108
+ Returns:
1109
+ A map of user ID to key type to key data. If a user's cross-signing
1110
+ keys were not found, either their user ID will not be in the dict,
1111
+ or their user ID will map to None.
1112
+ """
1113
+ result = await self._get_bare_e2e_cross_signing_keys_bulk(user_ids)
1114
+
1115
+ if from_user_id:
1116
+ result = cast(
1117
+ dict[str, Optional[Mapping[str, JsonMapping]]],
1118
+ await self.db_pool.runInteraction(
1119
+ "get_e2e_cross_signing_signatures",
1120
+ self._get_e2e_cross_signing_signatures_txn,
1121
+ result,
1122
+ from_user_id,
1123
+ ),
1124
+ )
1125
+
1126
+ return result
1127
+
1128
+ async def get_all_user_signature_changes_for_remotes(
1129
+ self, instance_name: str, last_id: int, current_id: int, limit: int
1130
+ ) -> tuple[list[tuple[int, tuple]], int, bool]:
1131
+ """Get updates for groups replication stream.
1132
+
1133
+ Note that the user signature stream represents when a user signs their
1134
+ device with their user-signing key, which is not published to other
1135
+ users or servers, so no `destination` is needed in the returned
1136
+ list. However, this is needed to poke workers.
1137
+
1138
+ Args:
1139
+ instance_name: The writer we want to fetch updates from. Unused
1140
+ here since there is only ever one writer.
1141
+ last_id: The token to fetch updates from. Exclusive.
1142
+ current_id: The token to fetch updates up to. Inclusive.
1143
+ limit: The requested limit for the number of rows to return. The
1144
+ function may return more or fewer rows.
1145
+
1146
+ Returns:
1147
+ A tuple consisting of: the updates, a token to use to fetch
1148
+ subsequent updates, and whether we returned fewer rows than exists
1149
+ between the requested tokens due to the limit.
1150
+
1151
+ The token returned can be used in a subsequent call to this
1152
+ function to get further updatees.
1153
+
1154
+ The updates are a list of 2-tuples of stream ID and the row data
1155
+ """
1156
+
1157
+ if last_id == current_id:
1158
+ return [], current_id, False
1159
+
1160
+ def _get_all_user_signature_changes_for_remotes_txn(
1161
+ txn: LoggingTransaction,
1162
+ ) -> tuple[list[tuple[int, tuple]], int, bool]:
1163
+ sql = """
1164
+ SELECT stream_id, from_user_id AS user_id
1165
+ FROM user_signature_stream
1166
+ WHERE ? < stream_id AND stream_id <= ?
1167
+ ORDER BY stream_id ASC
1168
+ LIMIT ?
1169
+ """
1170
+ txn.execute(sql, (last_id, current_id, limit))
1171
+
1172
+ updates = [(row[0], (row[1:])) for row in txn]
1173
+
1174
+ limited = False
1175
+ upto_token = current_id
1176
+ if len(updates) >= limit:
1177
+ upto_token = updates[-1][0]
1178
+ limited = True
1179
+
1180
+ return updates, upto_token, limited
1181
+
1182
+ return await self.db_pool.runInteraction(
1183
+ "get_all_user_signature_changes_for_remotes",
1184
+ _get_all_user_signature_changes_for_remotes_txn,
1185
+ )
1186
+
1187
+ @abc.abstractmethod
1188
+ def get_device_stream_token(self) -> MultiWriterStreamToken:
1189
+ """Get the current stream id from the _device_list_id_gen"""
1190
+ ...
1191
+
1192
+ async def claim_e2e_one_time_keys(
1193
+ self, query_list: Collection[tuple[str, str, str, int]]
1194
+ ) -> tuple[
1195
+ dict[str, dict[str, dict[str, JsonDict]]], list[tuple[str, str, str, int]]
1196
+ ]:
1197
+ """Take a list of one time keys out of the database.
1198
+
1199
+ Args:
1200
+ query_list: An iterable of tuples of (user ID, device ID, algorithm, number of keys).
1201
+
1202
+ Returns:
1203
+ A tuple (results, missing) of:
1204
+ A map of user ID -> a map device ID -> a map of key ID -> JSON.
1205
+
1206
+ A copy of the input which has not been fulfilled. The returned counts
1207
+ may be less than the input counts. In this case, the returned counts
1208
+ are the number of claims that were not fulfilled.
1209
+ """
1210
+ results: dict[str, dict[str, dict[str, JsonDict]]] = {}
1211
+ missing: list[tuple[str, str, str, int]] = []
1212
+ if isinstance(self.database_engine, PostgresEngine):
1213
+ # If we can use execute_values we can use a single batch query
1214
+ # in autocommit mode.
1215
+ unfulfilled_claim_counts: dict[tuple[str, str, str], int] = {}
1216
+ for user_id, device_id, algorithm, count in query_list:
1217
+ unfulfilled_claim_counts[user_id, device_id, algorithm] = count
1218
+
1219
+ bulk_claims = await self.db_pool.runInteraction(
1220
+ "claim_e2e_one_time_keys",
1221
+ self._claim_e2e_one_time_keys_bulk,
1222
+ query_list,
1223
+ db_autocommit=True,
1224
+ )
1225
+
1226
+ for user_id, device_id, algorithm, key_id, key_json in bulk_claims:
1227
+ device_results = results.setdefault(user_id, {}).setdefault(
1228
+ device_id, {}
1229
+ )
1230
+ device_results[f"{algorithm}:{key_id}"] = json_decoder.decode(key_json)
1231
+ unfulfilled_claim_counts[(user_id, device_id, algorithm)] -= 1
1232
+
1233
+ # Did we get enough OTKs?
1234
+ missing = [
1235
+ (user, device, alg, count)
1236
+ for (user, device, alg), count in unfulfilled_claim_counts.items()
1237
+ if count > 0
1238
+ ]
1239
+ else:
1240
+ for user_id, device_id, algorithm, count in query_list:
1241
+ claim_rows = await self.db_pool.runInteraction(
1242
+ "claim_e2e_one_time_keys",
1243
+ self._claim_e2e_one_time_key_simple,
1244
+ user_id,
1245
+ device_id,
1246
+ algorithm,
1247
+ count,
1248
+ db_autocommit=False,
1249
+ )
1250
+ if claim_rows:
1251
+ device_results = results.setdefault(user_id, {}).setdefault(
1252
+ device_id, {}
1253
+ )
1254
+ for claim_row in claim_rows:
1255
+ device_results[claim_row[0]] = json_decoder.decode(claim_row[1])
1256
+ # Did we get enough OTKs?
1257
+ count -= len(claim_rows)
1258
+ if count:
1259
+ missing.append((user_id, device_id, algorithm, count))
1260
+
1261
+ return results, missing
1262
+
1263
+ async def claim_e2e_fallback_keys(
1264
+ self, query_list: Iterable[tuple[str, str, str, bool]]
1265
+ ) -> dict[str, dict[str, dict[str, JsonDict]]]:
1266
+ """Take a list of fallback keys out of the database.
1267
+
1268
+ Args:
1269
+ query_list: An iterable of tuples of
1270
+ (user ID, device ID, algorithm, whether the key should be marked as used).
1271
+
1272
+ Returns:
1273
+ A map of user ID -> a map device ID -> a map of key ID -> JSON.
1274
+ """
1275
+ if isinstance(self.database_engine, PostgresEngine):
1276
+ return await self.db_pool.runInteraction(
1277
+ "_claim_e2e_fallback_keys_bulk",
1278
+ self._claim_e2e_fallback_keys_bulk_txn,
1279
+ query_list,
1280
+ db_autocommit=True,
1281
+ )
1282
+ # Use an UPDATE FROM... RETURNING combined with a VALUES block to do
1283
+ # everything in one query. Note: this is also supported in SQLite 3.33.0,
1284
+ # (see https://www.sqlite.org/lang_update.html#update_from), but we do not
1285
+ # have an equivalent of psycopg2's execute_values to do this in one query.
1286
+ else:
1287
+ return await self._claim_e2e_fallback_keys_simple(query_list)
1288
+
1289
+ def _claim_e2e_fallback_keys_bulk_txn(
1290
+ self,
1291
+ txn: LoggingTransaction,
1292
+ query_list: Iterable[tuple[str, str, str, bool]],
1293
+ ) -> dict[str, dict[str, dict[str, JsonDict]]]:
1294
+ """Efficient implementation of claim_e2e_fallback_keys for Postgres.
1295
+
1296
+ Safe to autocommit: this is a single query.
1297
+ """
1298
+ results: dict[str, dict[str, dict[str, JsonDict]]] = {}
1299
+
1300
+ sql = """
1301
+ WITH claims(user_id, device_id, algorithm, mark_as_used) AS (
1302
+ VALUES ?
1303
+ )
1304
+ UPDATE e2e_fallback_keys_json k
1305
+ SET used = used OR mark_as_used
1306
+ FROM claims
1307
+ WHERE (k.user_id, k.device_id, k.algorithm) = (claims.user_id, claims.device_id, claims.algorithm)
1308
+ RETURNING k.user_id, k.device_id, k.algorithm, k.key_id, k.key_json;
1309
+ """
1310
+ claimed_keys = cast(
1311
+ list[tuple[str, str, str, str, str]],
1312
+ txn.execute_values(sql, query_list),
1313
+ )
1314
+
1315
+ seen_user_device: set[tuple[str, str]] = set()
1316
+ for user_id, device_id, algorithm, key_id, key_json in claimed_keys:
1317
+ device_results = results.setdefault(user_id, {}).setdefault(device_id, {})
1318
+ device_results[f"{algorithm}:{key_id}"] = json_decoder.decode(key_json)
1319
+ seen_user_device.add((user_id, device_id))
1320
+
1321
+ self._invalidate_cache_and_stream_bulk(
1322
+ txn, self.get_e2e_unused_fallback_key_types, seen_user_device
1323
+ )
1324
+
1325
+ return results
1326
+
1327
+ async def _claim_e2e_fallback_keys_simple(
1328
+ self,
1329
+ query_list: Iterable[tuple[str, str, str, bool]],
1330
+ ) -> dict[str, dict[str, dict[str, JsonDict]]]:
1331
+ """Naive, inefficient implementation of claim_e2e_fallback_keys for SQLite."""
1332
+ results: dict[str, dict[str, dict[str, JsonDict]]] = {}
1333
+ for user_id, device_id, algorithm, mark_as_used in query_list:
1334
+ row = await self.db_pool.simple_select_one(
1335
+ table="e2e_fallback_keys_json",
1336
+ keyvalues={
1337
+ "user_id": user_id,
1338
+ "device_id": device_id,
1339
+ "algorithm": algorithm,
1340
+ },
1341
+ retcols=("key_id", "key_json", "used"),
1342
+ desc="_get_fallback_key",
1343
+ allow_none=True,
1344
+ )
1345
+ if row is None:
1346
+ continue
1347
+
1348
+ key_id, key_json, used = row
1349
+
1350
+ # Mark fallback key as used if not already.
1351
+ if not used and mark_as_used:
1352
+ await self.db_pool.simple_update_one(
1353
+ table="e2e_fallback_keys_json",
1354
+ keyvalues={
1355
+ "user_id": user_id,
1356
+ "device_id": device_id,
1357
+ "algorithm": algorithm,
1358
+ "key_id": key_id,
1359
+ },
1360
+ updatevalues={"used": True},
1361
+ desc="_get_fallback_key_set_used",
1362
+ )
1363
+ await self.invalidate_cache_and_stream(
1364
+ "get_e2e_unused_fallback_key_types", (user_id, device_id)
1365
+ )
1366
+
1367
+ device_results = results.setdefault(user_id, {}).setdefault(device_id, {})
1368
+ device_results[f"{algorithm}:{key_id}"] = json_decoder.decode(key_json)
1369
+
1370
+ return results
1371
+
1372
+ @trace
1373
+ def _claim_e2e_one_time_key_simple(
1374
+ self,
1375
+ txn: LoggingTransaction,
1376
+ user_id: str,
1377
+ device_id: str,
1378
+ algorithm: str,
1379
+ count: int,
1380
+ ) -> list[tuple[str, str]]:
1381
+ """Claim OTK for device for DBs that don't support RETURNING.
1382
+
1383
+ Returns:
1384
+ A tuple of key name (algorithm + key ID) and key JSON, if an
1385
+ OTK was found.
1386
+ """
1387
+
1388
+ # Return the oldest keys from this device (based on `ts_added_ms`).
1389
+ # Doing so means that keys are issued in the same order they were uploaded,
1390
+ # which reduces the chances of a client expiring its copy of a (private)
1391
+ # key while the public key is still on the server, waiting to be issued.
1392
+ sql = """
1393
+ SELECT key_id, key_json FROM e2e_one_time_keys_json
1394
+ WHERE user_id = ? AND device_id = ? AND algorithm = ?
1395
+ ORDER BY ts_added_ms
1396
+ LIMIT ?
1397
+ """
1398
+
1399
+ txn.execute(sql, (user_id, device_id, algorithm, count))
1400
+ otk_rows = list(txn)
1401
+ if not otk_rows:
1402
+ return []
1403
+
1404
+ self.db_pool.simple_delete_many_txn(
1405
+ txn,
1406
+ table="e2e_one_time_keys_json",
1407
+ column="key_id",
1408
+ values=[otk_row[0] for otk_row in otk_rows],
1409
+ keyvalues={
1410
+ "user_id": user_id,
1411
+ "device_id": device_id,
1412
+ "algorithm": algorithm,
1413
+ },
1414
+ )
1415
+ self._invalidate_cache_and_stream(
1416
+ txn, self.count_e2e_one_time_keys, (user_id, device_id)
1417
+ )
1418
+
1419
+ return [(f"{algorithm}:{key_id}", key_json) for key_id, key_json in otk_rows]
1420
+
1421
+ @trace
1422
+ def _claim_e2e_one_time_keys_bulk(
1423
+ self,
1424
+ txn: LoggingTransaction,
1425
+ query_list: Iterable[tuple[str, str, str, int]],
1426
+ ) -> list[tuple[str, str, str, str, str]]:
1427
+ """Bulk claim OTKs, for DBs that support DELETE FROM... RETURNING.
1428
+
1429
+ Args:
1430
+ query_list: Collection of tuples (user_id, device_id, algorithm, count)
1431
+ as passed to claim_e2e_one_time_keys.
1432
+
1433
+ Returns:
1434
+ A list of tuples (user_id, device_id, algorithm, key_id, key_json)
1435
+ for each OTK claimed.
1436
+ """
1437
+ # Find, delete, and return the oldest keys from each device (based on
1438
+ # `ts_added_ms`).
1439
+ #
1440
+ # Doing so means that keys are issued in the same order they were uploaded,
1441
+ # which reduces the chances of a client expiring its copy of a (private)
1442
+ # key while the public key is still on the server, waiting to be issued.
1443
+ sql = """
1444
+ WITH claims(user_id, device_id, algorithm, claim_count) AS (
1445
+ VALUES ?
1446
+ ), ranked_keys AS (
1447
+ SELECT
1448
+ user_id, device_id, algorithm, key_id, claim_count,
1449
+ ROW_NUMBER() OVER (
1450
+ PARTITION BY (user_id, device_id, algorithm)
1451
+ ORDER BY ts_added_ms
1452
+ ) AS r
1453
+ FROM e2e_one_time_keys_json
1454
+ JOIN claims USING (user_id, device_id, algorithm)
1455
+ )
1456
+ DELETE FROM e2e_one_time_keys_json k
1457
+ WHERE (user_id, device_id, algorithm, key_id) IN (
1458
+ SELECT user_id, device_id, algorithm, key_id
1459
+ FROM ranked_keys
1460
+ WHERE r <= claim_count
1461
+ )
1462
+ RETURNING user_id, device_id, algorithm, key_id, key_json;
1463
+ """
1464
+ otk_rows = cast(
1465
+ list[tuple[str, str, str, str, str]], txn.execute_values(sql, query_list)
1466
+ )
1467
+
1468
+ seen_user_device = {
1469
+ (user_id, device_id) for user_id, device_id, _, _, _ in otk_rows
1470
+ }
1471
+ self._invalidate_cache_and_stream_bulk(
1472
+ txn,
1473
+ self.count_e2e_one_time_keys,
1474
+ seen_user_device,
1475
+ )
1476
+
1477
+ return otk_rows
1478
+
1479
+ async def get_master_cross_signing_key_updatable_before(
1480
+ self, user_id: str
1481
+ ) -> tuple[bool, Optional[int]]:
1482
+ """Get time before which a master cross-signing key may be replaced without UIA.
1483
+
1484
+ (UIA means "User-Interactive Auth".)
1485
+
1486
+ There are three cases to distinguish:
1487
+ (1) No master cross-signing key.
1488
+ (2) The key exists, but there is no replace-without-UI timestamp in the DB.
1489
+ (3) The key exists, and has such a timestamp recorded.
1490
+
1491
+ Returns: a 2-tuple of:
1492
+ - a boolean: is there a master cross-signing key already?
1493
+ - an optional timestamp, directly taken from the DB.
1494
+
1495
+ In terms of the cases above, these are:
1496
+ (1) (False, None).
1497
+ (2) (True, None).
1498
+ (3) (True, <timestamp in ms>).
1499
+
1500
+ """
1501
+
1502
+ def impl(txn: LoggingTransaction) -> tuple[bool, Optional[int]]:
1503
+ # We want to distinguish between three cases:
1504
+ txn.execute(
1505
+ """
1506
+ SELECT updatable_without_uia_before_ms
1507
+ FROM e2e_cross_signing_keys
1508
+ WHERE user_id = ? AND keytype = 'master'
1509
+ ORDER BY stream_id DESC
1510
+ LIMIT 1
1511
+ """,
1512
+ (user_id,),
1513
+ )
1514
+ row = cast(Optional[tuple[Optional[int]]], txn.fetchone())
1515
+ if row is None:
1516
+ return False, None
1517
+ return True, row[0]
1518
+
1519
+ return await self.db_pool.runInteraction(
1520
+ "e2e_cross_signing_keys",
1521
+ impl,
1522
+ )
1523
+
1524
+ async def delete_old_otks_for_next_user_batch(
1525
+ self, after_user_id: str, number_of_users: int
1526
+ ) -> tuple[list[str], int]:
1527
+ """Deletes old OTKs belonging to the next batch of users
1528
+
1529
+ Returns:
1530
+ `(users, rows)`, where:
1531
+ * `users` is the user IDs of the updated users. An empty list if we are done.
1532
+ * `rows` is the number of deleted rows
1533
+ """
1534
+
1535
+ def impl(txn: LoggingTransaction) -> tuple[list[str], int]:
1536
+ # Find a batch of users
1537
+ txn.execute(
1538
+ """
1539
+ SELECT DISTINCT(user_id) FROM e2e_one_time_keys_json
1540
+ WHERE user_id > ?
1541
+ ORDER BY user_id
1542
+ LIMIT ?
1543
+ """,
1544
+ (after_user_id, number_of_users),
1545
+ )
1546
+ users = [row[0] for row in txn.fetchall()]
1547
+ if len(users) == 0:
1548
+ return users, 0
1549
+
1550
+ # Delete any old OTKs belonging to those users.
1551
+ #
1552
+ # We only actually consider OTKs whose key ID is 6 characters long. These
1553
+ # keys were likely made by libolm rather than Vodozemac; libolm only kept
1554
+ # 100 private OTKs, so was far more vulnerable than Vodozemac to throwing
1555
+ # away keys prematurely.
1556
+ clause, args = make_in_list_sql_clause(
1557
+ txn.database_engine, "user_id", users
1558
+ )
1559
+ sql = f"""
1560
+ DELETE FROM e2e_one_time_keys_json
1561
+ WHERE {clause} AND ts_added_ms < ? AND length(key_id) = 6
1562
+ """
1563
+ args.append(self.clock.time_msec() - (7 * 24 * 3600 * 1000))
1564
+ txn.execute(sql, args)
1565
+
1566
+ return users, txn.rowcount
1567
+
1568
+ return await self.db_pool.runInteraction(
1569
+ "delete_old_otks_for_next_user_batch", impl
1570
+ )
1571
+
1572
+ async def allow_master_cross_signing_key_replacement_without_uia(
1573
+ self, user_id: str, duration_ms: int
1574
+ ) -> Optional[int]:
1575
+ """Mark this user's latest master key as being replaceable without UIA.
1576
+
1577
+ Said replacement will only be permitted for a short time after calling this
1578
+ function. That time period is controlled by the duration argument.
1579
+
1580
+ Returns:
1581
+ None, if there is no such key.
1582
+ Otherwise, the timestamp before which replacement is allowed without UIA.
1583
+ """
1584
+ timestamp = self.clock.time_msec() + duration_ms
1585
+
1586
+ def impl(txn: LoggingTransaction) -> Optional[int]:
1587
+ txn.execute(
1588
+ """
1589
+ UPDATE e2e_cross_signing_keys
1590
+ SET updatable_without_uia_before_ms = ?
1591
+ WHERE stream_id = (
1592
+ SELECT stream_id
1593
+ FROM e2e_cross_signing_keys
1594
+ WHERE user_id = ? AND keytype = 'master'
1595
+ ORDER BY stream_id DESC
1596
+ LIMIT 1
1597
+ )
1598
+ """,
1599
+ (timestamp, user_id),
1600
+ )
1601
+ if txn.rowcount == 0:
1602
+ return None
1603
+
1604
+ return timestamp
1605
+
1606
+ return await self.db_pool.runInteraction(
1607
+ "allow_master_cross_signing_key_replacement_without_uia",
1608
+ impl,
1609
+ )
1610
+
1611
+ async def delete_e2e_keys_by_device(self, user_id: str, device_id: str) -> None:
1612
+ def delete_e2e_keys_by_device_txn(txn: LoggingTransaction) -> None:
1613
+ log_kv(
1614
+ {
1615
+ "message": "Deleting keys for device",
1616
+ "device_id": device_id,
1617
+ "user_id": user_id,
1618
+ }
1619
+ )
1620
+ self.db_pool.simple_delete_txn(
1621
+ txn,
1622
+ table="e2e_device_keys_json",
1623
+ keyvalues={"user_id": user_id, "device_id": device_id},
1624
+ )
1625
+ self.db_pool.simple_delete_txn(
1626
+ txn,
1627
+ table="e2e_one_time_keys_json",
1628
+ keyvalues={"user_id": user_id, "device_id": device_id},
1629
+ )
1630
+ self._invalidate_cache_and_stream(
1631
+ txn, self.count_e2e_one_time_keys, (user_id, device_id)
1632
+ )
1633
+ self.db_pool.simple_delete_txn(
1634
+ txn,
1635
+ table="dehydrated_devices",
1636
+ keyvalues={"user_id": user_id, "device_id": device_id},
1637
+ )
1638
+ self.db_pool.simple_delete_txn(
1639
+ txn,
1640
+ table="e2e_fallback_keys_json",
1641
+ keyvalues={"user_id": user_id, "device_id": device_id},
1642
+ )
1643
+ self._invalidate_cache_and_stream(
1644
+ txn, self.get_e2e_unused_fallback_key_types, (user_id, device_id)
1645
+ )
1646
+
1647
+ await self.db_pool.runInteraction(
1648
+ "delete_e2e_keys_by_device", delete_e2e_keys_by_device_txn
1649
+ )
1650
+
1651
+ async def set_e2e_device_keys(
1652
+ self, user_id: str, device_id: str, time_now: int, device_keys: JsonDict
1653
+ ) -> bool:
1654
+ """Stores device keys for a device. Returns whether there was a change
1655
+ or the keys were already in the database.
1656
+
1657
+ Args:
1658
+ user_id: user_id of the user to store keys for
1659
+ device_id: device_id of the device to store keys for
1660
+ time_now: time at the request to store the keys
1661
+ device_keys: the keys to store
1662
+ """
1663
+
1664
+ return await self.db_pool.runInteraction(
1665
+ "set_e2e_device_keys",
1666
+ self._set_e2e_device_keys_txn,
1667
+ user_id,
1668
+ device_id,
1669
+ time_now,
1670
+ device_keys,
1671
+ )
1672
+
1673
+ def _set_e2e_device_keys_txn(
1674
+ self,
1675
+ txn: LoggingTransaction,
1676
+ user_id: str,
1677
+ device_id: str,
1678
+ time_now: int,
1679
+ device_keys: JsonDict,
1680
+ ) -> bool:
1681
+ """Stores device keys for a device. Returns whether there was a change
1682
+ or the keys were already in the database.
1683
+
1684
+ Args:
1685
+ user_id: user_id of the user to store keys for
1686
+ device_id: device_id of the device to store keys for
1687
+ time_now: time at the request to store the keys
1688
+ device_keys: the keys to store
1689
+ """
1690
+ set_tag("user_id", user_id)
1691
+ set_tag("device_id", device_id)
1692
+ set_tag("time_now", time_now)
1693
+ set_tag("device_keys", str(device_keys))
1694
+
1695
+ old_key_json = self.db_pool.simple_select_one_onecol_txn(
1696
+ txn,
1697
+ table="e2e_device_keys_json",
1698
+ keyvalues={"user_id": user_id, "device_id": device_id},
1699
+ retcol="key_json",
1700
+ allow_none=True,
1701
+ )
1702
+
1703
+ # In py3 we need old_key_json to match new_key_json type. The DB
1704
+ # returns unicode while encode_canonical_json returns bytes.
1705
+ new_key_json = encode_canonical_json(device_keys).decode("utf-8")
1706
+
1707
+ if old_key_json == new_key_json:
1708
+ log_kv({"Message": "Device key already stored."})
1709
+ return False
1710
+
1711
+ self.db_pool.simple_upsert_txn(
1712
+ txn,
1713
+ table="e2e_device_keys_json",
1714
+ keyvalues={"user_id": user_id, "device_id": device_id},
1715
+ values={"ts_added_ms": time_now, "key_json": new_key_json},
1716
+ )
1717
+ log_kv({"message": "Device keys stored."})
1718
+ return True
1719
+
1720
+ def _set_e2e_cross_signing_key_txn(
1721
+ self,
1722
+ txn: LoggingTransaction,
1723
+ user_id: str,
1724
+ key_type: str,
1725
+ key: JsonDict,
1726
+ stream_id: int,
1727
+ ) -> None:
1728
+ """Set a user's cross-signing key.
1729
+
1730
+ Args:
1731
+ txn: db connection
1732
+ user_id: the user to set the signing key for
1733
+ key_type: the type of key that is being set: either 'master'
1734
+ for a master key, 'self_signing' for a self-signing key, or
1735
+ 'user_signing' for a user-signing key
1736
+ key: the key data
1737
+ stream_id
1738
+ """
1739
+ # the 'key' dict will look something like:
1740
+ # {
1741
+ # "user_id": "@alice:example.com",
1742
+ # "usage": ["self_signing"],
1743
+ # "keys": {
1744
+ # "ed25519:base64+self+signing+public+key": "base64+self+signing+public+key",
1745
+ # },
1746
+ # "signatures": {
1747
+ # "@alice:example.com": {
1748
+ # "ed25519:base64+master+public+key": "base64+signature"
1749
+ # }
1750
+ # }
1751
+ # }
1752
+ # The "keys" property must only have one entry, which will be the public
1753
+ # key, so we just grab the first value in there
1754
+ pubkey = next(iter(key["keys"].values()))
1755
+
1756
+ # The cross-signing keys need to occupy the same namespace as devices,
1757
+ # since signatures are identified by device ID. So add an entry to the
1758
+ # device table to make sure that we don't have a collision with device
1759
+ # IDs.
1760
+ # We only need to do this for local users, since remote servers should be
1761
+ # responsible for checking this for their own users.
1762
+ if self.hs.is_mine_id(user_id):
1763
+ self.db_pool.simple_insert_txn(
1764
+ txn,
1765
+ "devices",
1766
+ values={
1767
+ "user_id": user_id,
1768
+ "device_id": pubkey,
1769
+ "display_name": key_type + " signing key",
1770
+ "hidden": True,
1771
+ },
1772
+ )
1773
+
1774
+ # and finally, store the key itself
1775
+ self.db_pool.simple_insert_txn(
1776
+ txn,
1777
+ "e2e_cross_signing_keys",
1778
+ values={
1779
+ "user_id": user_id,
1780
+ "keytype": key_type,
1781
+ "keydata": json_encoder.encode(key),
1782
+ "stream_id": stream_id,
1783
+ "instance_name": self._instance_name,
1784
+ },
1785
+ )
1786
+
1787
+ self._invalidate_cache_and_stream(
1788
+ txn, self._get_bare_e2e_cross_signing_keys, (user_id,)
1789
+ )
1790
+
1791
+ async def set_e2e_cross_signing_key(
1792
+ self, user_id: str, key_type: str, key: JsonDict
1793
+ ) -> None:
1794
+ """Set a user's cross-signing key.
1795
+
1796
+ Args:
1797
+ user_id: the user to set the user-signing key for
1798
+ key_type: the type of cross-signing key to set
1799
+ key: the key data
1800
+ """
1801
+
1802
+ async with self._cross_signing_id_gen.get_next() as stream_id:
1803
+ return await self.db_pool.runInteraction(
1804
+ "add_e2e_cross_signing_key",
1805
+ self._set_e2e_cross_signing_key_txn,
1806
+ user_id,
1807
+ key_type,
1808
+ key,
1809
+ stream_id,
1810
+ )
1811
+
1812
+ async def store_e2e_cross_signing_signatures(
1813
+ self, user_id: str, signatures: "Iterable[SignatureListItem]"
1814
+ ) -> None:
1815
+ """Stores cross-signing signatures.
1816
+
1817
+ Args:
1818
+ user_id: the user who made the signatures
1819
+ signatures: signatures to add
1820
+ """
1821
+
1822
+ def _store_e2e_cross_signing_signatures(
1823
+ txn: LoggingTransaction,
1824
+ signatures: "Iterable[SignatureListItem]",
1825
+ ) -> None:
1826
+ self.db_pool.simple_insert_many_txn(
1827
+ txn,
1828
+ "e2e_cross_signing_signatures",
1829
+ keys=(
1830
+ "user_id",
1831
+ "key_id",
1832
+ "target_user_id",
1833
+ "target_device_id",
1834
+ "signature",
1835
+ ),
1836
+ values=[
1837
+ (
1838
+ user_id,
1839
+ item.signing_key_id,
1840
+ item.target_user_id,
1841
+ item.target_device_id,
1842
+ item.signature,
1843
+ )
1844
+ for item in signatures
1845
+ ],
1846
+ )
1847
+
1848
+ to_invalidate = [
1849
+ # Each entry is a tuple of arguments to
1850
+ # `_get_e2e_cross_signing_signatures_for_device`, which
1851
+ # itself takes a tuple. Hence the double-tuple.
1852
+ ((user_id, item.target_device_id),)
1853
+ for item in signatures
1854
+ ]
1855
+
1856
+ if to_invalidate:
1857
+ # Invalidate the local cache of this worker.
1858
+ for cache_key in to_invalidate:
1859
+ txn.call_after(
1860
+ self._get_e2e_cross_signing_signatures_for_device.invalidate,
1861
+ cache_key,
1862
+ )
1863
+
1864
+ # Stream cache invalidate keys over replication.
1865
+ #
1866
+ # We can only send a primitive per function argument across
1867
+ # replication.
1868
+ #
1869
+ # Encode the array of strings as a JSON string, and we'll unpack
1870
+ # it on the other side.
1871
+ to_send = [
1872
+ (json.dumps([user_id, item.target_device_id]),)
1873
+ for item in signatures
1874
+ ]
1875
+
1876
+ self._send_invalidation_to_replication_bulk(
1877
+ txn,
1878
+ cache_name=self._get_e2e_cross_signing_signatures_for_device.__name__,
1879
+ key_tuples=to_send,
1880
+ )
1881
+
1882
+ await self.db_pool.runInteraction(
1883
+ "add_e2e_signing_key",
1884
+ _store_e2e_cross_signing_signatures,
1885
+ signatures,
1886
+ )
1887
+
1888
+
1889
+ class EndToEndKeyStore(EndToEndKeyWorkerStore, SQLBaseStore):
1890
+ def __init__(
1891
+ self,
1892
+ database: DatabasePool,
1893
+ db_conn: LoggingDatabaseConnection,
1894
+ hs: "HomeServer",
1895
+ ):
1896
+ super().__init__(database, db_conn, hs)