matrix-synapse 1.143.0rc2__cp310-abi3-manylinux_2_28_aarch64.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (1058) hide show
  1. matrix_synapse-1.143.0rc2.dist-info/AUTHORS.rst +51 -0
  2. matrix_synapse-1.143.0rc2.dist-info/LICENSE-AGPL-3.0 +661 -0
  3. matrix_synapse-1.143.0rc2.dist-info/LICENSE-COMMERCIAL +6 -0
  4. matrix_synapse-1.143.0rc2.dist-info/METADATA +385 -0
  5. matrix_synapse-1.143.0rc2.dist-info/RECORD +1058 -0
  6. matrix_synapse-1.143.0rc2.dist-info/WHEEL +4 -0
  7. matrix_synapse-1.143.0rc2.dist-info/entry_points.txt +14 -0
  8. synapse/__init__.py +97 -0
  9. synapse/_scripts/__init__.py +0 -0
  10. synapse/_scripts/export_signing_key.py +109 -0
  11. synapse/_scripts/generate_config.py +83 -0
  12. synapse/_scripts/generate_log_config.py +56 -0
  13. synapse/_scripts/generate_signing_key.py +55 -0
  14. synapse/_scripts/generate_workers_map.py +318 -0
  15. synapse/_scripts/hash_password.py +95 -0
  16. synapse/_scripts/move_remote_media_to_new_store.py +128 -0
  17. synapse/_scripts/register_new_matrix_user.py +402 -0
  18. synapse/_scripts/review_recent_signups.py +212 -0
  19. synapse/_scripts/synapse_port_db.py +1604 -0
  20. synapse/_scripts/synctl.py +365 -0
  21. synapse/_scripts/update_synapse_database.py +130 -0
  22. synapse/api/__init__.py +20 -0
  23. synapse/api/auth/__init__.py +207 -0
  24. synapse/api/auth/base.py +406 -0
  25. synapse/api/auth/internal.py +299 -0
  26. synapse/api/auth/mas.py +436 -0
  27. synapse/api/auth/msc3861_delegated.py +617 -0
  28. synapse/api/auth_blocking.py +144 -0
  29. synapse/api/constants.py +362 -0
  30. synapse/api/errors.py +907 -0
  31. synapse/api/filtering.py +537 -0
  32. synapse/api/presence.py +102 -0
  33. synapse/api/ratelimiting.py +480 -0
  34. synapse/api/room_versions.py +535 -0
  35. synapse/api/urls.py +118 -0
  36. synapse/app/__init__.py +60 -0
  37. synapse/app/_base.py +862 -0
  38. synapse/app/admin_cmd.py +388 -0
  39. synapse/app/appservice.py +30 -0
  40. synapse/app/client_reader.py +30 -0
  41. synapse/app/complement_fork_starter.py +206 -0
  42. synapse/app/event_creator.py +29 -0
  43. synapse/app/federation_reader.py +30 -0
  44. synapse/app/federation_sender.py +30 -0
  45. synapse/app/frontend_proxy.py +30 -0
  46. synapse/app/generic_worker.py +474 -0
  47. synapse/app/homeserver.py +505 -0
  48. synapse/app/media_repository.py +30 -0
  49. synapse/app/phone_stats_home.py +296 -0
  50. synapse/app/pusher.py +30 -0
  51. synapse/app/synchrotron.py +30 -0
  52. synapse/app/user_dir.py +31 -0
  53. synapse/appservice/__init__.py +458 -0
  54. synapse/appservice/api.py +567 -0
  55. synapse/appservice/scheduler.py +564 -0
  56. synapse/config/__init__.py +27 -0
  57. synapse/config/__main__.py +62 -0
  58. synapse/config/_base.py +1106 -0
  59. synapse/config/_base.pyi +215 -0
  60. synapse/config/_util.py +99 -0
  61. synapse/config/account_validity.py +116 -0
  62. synapse/config/api.py +141 -0
  63. synapse/config/appservice.py +210 -0
  64. synapse/config/auth.py +80 -0
  65. synapse/config/auto_accept_invites.py +43 -0
  66. synapse/config/background_updates.py +44 -0
  67. synapse/config/cache.py +231 -0
  68. synapse/config/captcha.py +90 -0
  69. synapse/config/cas.py +116 -0
  70. synapse/config/consent.py +73 -0
  71. synapse/config/database.py +184 -0
  72. synapse/config/emailconfig.py +367 -0
  73. synapse/config/experimental.py +595 -0
  74. synapse/config/federation.py +114 -0
  75. synapse/config/homeserver.py +141 -0
  76. synapse/config/jwt.py +55 -0
  77. synapse/config/key.py +447 -0
  78. synapse/config/logger.py +390 -0
  79. synapse/config/mas.py +192 -0
  80. synapse/config/matrixrtc.py +66 -0
  81. synapse/config/metrics.py +84 -0
  82. synapse/config/modules.py +40 -0
  83. synapse/config/oembed.py +185 -0
  84. synapse/config/oidc.py +509 -0
  85. synapse/config/password_auth_providers.py +82 -0
  86. synapse/config/push.py +64 -0
  87. synapse/config/ratelimiting.py +254 -0
  88. synapse/config/redis.py +74 -0
  89. synapse/config/registration.py +296 -0
  90. synapse/config/repository.py +311 -0
  91. synapse/config/retention.py +162 -0
  92. synapse/config/room.py +88 -0
  93. synapse/config/room_directory.py +165 -0
  94. synapse/config/saml2.py +251 -0
  95. synapse/config/server.py +1170 -0
  96. synapse/config/server_notices.py +84 -0
  97. synapse/config/spam_checker.py +66 -0
  98. synapse/config/sso.py +121 -0
  99. synapse/config/stats.py +54 -0
  100. synapse/config/third_party_event_rules.py +40 -0
  101. synapse/config/tls.py +192 -0
  102. synapse/config/tracer.py +71 -0
  103. synapse/config/user_directory.py +47 -0
  104. synapse/config/user_types.py +42 -0
  105. synapse/config/voip.py +59 -0
  106. synapse/config/workers.py +642 -0
  107. synapse/crypto/__init__.py +20 -0
  108. synapse/crypto/context_factory.py +278 -0
  109. synapse/crypto/event_signing.py +194 -0
  110. synapse/crypto/keyring.py +931 -0
  111. synapse/event_auth.py +1266 -0
  112. synapse/events/__init__.py +667 -0
  113. synapse/events/auto_accept_invites.py +216 -0
  114. synapse/events/builder.py +387 -0
  115. synapse/events/presence_router.py +243 -0
  116. synapse/events/snapshot.py +559 -0
  117. synapse/events/utils.py +924 -0
  118. synapse/events/validator.py +305 -0
  119. synapse/federation/__init__.py +22 -0
  120. synapse/federation/federation_base.py +382 -0
  121. synapse/federation/federation_client.py +2132 -0
  122. synapse/federation/federation_server.py +1540 -0
  123. synapse/federation/persistence.py +70 -0
  124. synapse/federation/send_queue.py +531 -0
  125. synapse/federation/sender/__init__.py +1164 -0
  126. synapse/federation/sender/per_destination_queue.py +886 -0
  127. synapse/federation/sender/transaction_manager.py +210 -0
  128. synapse/federation/transport/__init__.py +28 -0
  129. synapse/federation/transport/client.py +1199 -0
  130. synapse/federation/transport/server/__init__.py +334 -0
  131. synapse/federation/transport/server/_base.py +429 -0
  132. synapse/federation/transport/server/federation.py +910 -0
  133. synapse/federation/units.py +133 -0
  134. synapse/handlers/__init__.py +20 -0
  135. synapse/handlers/account.py +162 -0
  136. synapse/handlers/account_data.py +360 -0
  137. synapse/handlers/account_validity.py +361 -0
  138. synapse/handlers/admin.py +615 -0
  139. synapse/handlers/appservice.py +989 -0
  140. synapse/handlers/auth.py +2481 -0
  141. synapse/handlers/cas.py +413 -0
  142. synapse/handlers/deactivate_account.py +363 -0
  143. synapse/handlers/delayed_events.py +599 -0
  144. synapse/handlers/device.py +1870 -0
  145. synapse/handlers/devicemessage.py +399 -0
  146. synapse/handlers/directory.py +545 -0
  147. synapse/handlers/e2e_keys.py +1834 -0
  148. synapse/handlers/e2e_room_keys.py +455 -0
  149. synapse/handlers/event_auth.py +390 -0
  150. synapse/handlers/events.py +201 -0
  151. synapse/handlers/federation.py +2039 -0
  152. synapse/handlers/federation_event.py +2419 -0
  153. synapse/handlers/identity.py +812 -0
  154. synapse/handlers/initial_sync.py +528 -0
  155. synapse/handlers/jwt.py +120 -0
  156. synapse/handlers/message.py +2347 -0
  157. synapse/handlers/oidc.py +1801 -0
  158. synapse/handlers/pagination.py +768 -0
  159. synapse/handlers/password_policy.py +102 -0
  160. synapse/handlers/presence.py +2633 -0
  161. synapse/handlers/profile.py +655 -0
  162. synapse/handlers/push_rules.py +164 -0
  163. synapse/handlers/read_marker.py +79 -0
  164. synapse/handlers/receipts.py +351 -0
  165. synapse/handlers/register.py +1059 -0
  166. synapse/handlers/relations.py +623 -0
  167. synapse/handlers/reports.py +98 -0
  168. synapse/handlers/room.py +2448 -0
  169. synapse/handlers/room_list.py +632 -0
  170. synapse/handlers/room_member.py +2365 -0
  171. synapse/handlers/room_member_worker.py +146 -0
  172. synapse/handlers/room_policy.py +186 -0
  173. synapse/handlers/room_summary.py +1057 -0
  174. synapse/handlers/saml.py +524 -0
  175. synapse/handlers/search.py +723 -0
  176. synapse/handlers/send_email.py +209 -0
  177. synapse/handlers/set_password.py +71 -0
  178. synapse/handlers/sliding_sync/__init__.py +1701 -0
  179. synapse/handlers/sliding_sync/extensions.py +969 -0
  180. synapse/handlers/sliding_sync/room_lists.py +2262 -0
  181. synapse/handlers/sliding_sync/store.py +128 -0
  182. synapse/handlers/sso.py +1291 -0
  183. synapse/handlers/state_deltas.py +82 -0
  184. synapse/handlers/stats.py +321 -0
  185. synapse/handlers/sync.py +3106 -0
  186. synapse/handlers/thread_subscriptions.py +190 -0
  187. synapse/handlers/typing.py +606 -0
  188. synapse/handlers/ui_auth/__init__.py +48 -0
  189. synapse/handlers/ui_auth/checkers.py +332 -0
  190. synapse/handlers/user_directory.py +783 -0
  191. synapse/handlers/worker_lock.py +371 -0
  192. synapse/http/__init__.py +105 -0
  193. synapse/http/additional_resource.py +62 -0
  194. synapse/http/client.py +1373 -0
  195. synapse/http/connectproxyclient.py +316 -0
  196. synapse/http/federation/__init__.py +19 -0
  197. synapse/http/federation/matrix_federation_agent.py +490 -0
  198. synapse/http/federation/srv_resolver.py +196 -0
  199. synapse/http/federation/well_known_resolver.py +367 -0
  200. synapse/http/matrixfederationclient.py +1873 -0
  201. synapse/http/proxy.py +290 -0
  202. synapse/http/proxyagent.py +497 -0
  203. synapse/http/replicationagent.py +202 -0
  204. synapse/http/request_metrics.py +309 -0
  205. synapse/http/server.py +1110 -0
  206. synapse/http/servlet.py +1018 -0
  207. synapse/http/site.py +825 -0
  208. synapse/http/types.py +27 -0
  209. synapse/logging/__init__.py +31 -0
  210. synapse/logging/_remote.py +261 -0
  211. synapse/logging/_terse_json.py +95 -0
  212. synapse/logging/context.py +1209 -0
  213. synapse/logging/formatter.py +62 -0
  214. synapse/logging/handlers.py +99 -0
  215. synapse/logging/loggers.py +25 -0
  216. synapse/logging/opentracing.py +1132 -0
  217. synapse/logging/scopecontextmanager.py +160 -0
  218. synapse/media/_base.py +830 -0
  219. synapse/media/filepath.py +417 -0
  220. synapse/media/media_repository.py +1580 -0
  221. synapse/media/media_storage.py +702 -0
  222. synapse/media/oembed.py +277 -0
  223. synapse/media/preview_html.py +556 -0
  224. synapse/media/storage_provider.py +195 -0
  225. synapse/media/thumbnailer.py +833 -0
  226. synapse/media/url_previewer.py +875 -0
  227. synapse/metrics/__init__.py +748 -0
  228. synapse/metrics/_gc.py +219 -0
  229. synapse/metrics/_reactor_metrics.py +171 -0
  230. synapse/metrics/_types.py +38 -0
  231. synapse/metrics/background_process_metrics.py +555 -0
  232. synapse/metrics/common_usage_metrics.py +94 -0
  233. synapse/metrics/jemalloc.py +248 -0
  234. synapse/module_api/__init__.py +2131 -0
  235. synapse/module_api/callbacks/__init__.py +50 -0
  236. synapse/module_api/callbacks/account_validity_callbacks.py +106 -0
  237. synapse/module_api/callbacks/media_repository_callbacks.py +157 -0
  238. synapse/module_api/callbacks/ratelimit_callbacks.py +78 -0
  239. synapse/module_api/callbacks/spamchecker_callbacks.py +991 -0
  240. synapse/module_api/callbacks/third_party_event_rules_callbacks.py +592 -0
  241. synapse/module_api/errors.py +42 -0
  242. synapse/notifier.py +970 -0
  243. synapse/push/__init__.py +212 -0
  244. synapse/push/bulk_push_rule_evaluator.py +635 -0
  245. synapse/push/clientformat.py +126 -0
  246. synapse/push/emailpusher.py +333 -0
  247. synapse/push/httppusher.py +564 -0
  248. synapse/push/mailer.py +1010 -0
  249. synapse/push/presentable_names.py +216 -0
  250. synapse/push/push_tools.py +114 -0
  251. synapse/push/push_types.py +141 -0
  252. synapse/push/pusher.py +87 -0
  253. synapse/push/pusherpool.py +501 -0
  254. synapse/push/rulekinds.py +33 -0
  255. synapse/py.typed +0 -0
  256. synapse/replication/__init__.py +20 -0
  257. synapse/replication/http/__init__.py +68 -0
  258. synapse/replication/http/_base.py +468 -0
  259. synapse/replication/http/account_data.py +297 -0
  260. synapse/replication/http/deactivate_account.py +81 -0
  261. synapse/replication/http/delayed_events.py +62 -0
  262. synapse/replication/http/devices.py +254 -0
  263. synapse/replication/http/federation.py +334 -0
  264. synapse/replication/http/login.py +106 -0
  265. synapse/replication/http/membership.py +364 -0
  266. synapse/replication/http/presence.py +133 -0
  267. synapse/replication/http/push.py +156 -0
  268. synapse/replication/http/register.py +172 -0
  269. synapse/replication/http/send_events.py +182 -0
  270. synapse/replication/http/state.py +82 -0
  271. synapse/replication/http/streams.py +101 -0
  272. synapse/replication/tcp/__init__.py +56 -0
  273. synapse/replication/tcp/client.py +552 -0
  274. synapse/replication/tcp/commands.py +569 -0
  275. synapse/replication/tcp/context.py +41 -0
  276. synapse/replication/tcp/external_cache.py +156 -0
  277. synapse/replication/tcp/handler.py +922 -0
  278. synapse/replication/tcp/protocol.py +608 -0
  279. synapse/replication/tcp/redis.py +509 -0
  280. synapse/replication/tcp/resource.py +348 -0
  281. synapse/replication/tcp/streams/__init__.py +96 -0
  282. synapse/replication/tcp/streams/_base.py +765 -0
  283. synapse/replication/tcp/streams/events.py +287 -0
  284. synapse/replication/tcp/streams/federation.py +92 -0
  285. synapse/replication/tcp/streams/partial_state.py +80 -0
  286. synapse/res/providers.json +29 -0
  287. synapse/res/templates/_base.html +29 -0
  288. synapse/res/templates/account_previously_renewed.html +6 -0
  289. synapse/res/templates/account_renewed.html +6 -0
  290. synapse/res/templates/add_threepid.html +8 -0
  291. synapse/res/templates/add_threepid.txt +6 -0
  292. synapse/res/templates/add_threepid_failure.html +7 -0
  293. synapse/res/templates/add_threepid_success.html +6 -0
  294. synapse/res/templates/already_in_use.html +12 -0
  295. synapse/res/templates/already_in_use.txt +10 -0
  296. synapse/res/templates/auth_success.html +21 -0
  297. synapse/res/templates/invalid_token.html +6 -0
  298. synapse/res/templates/mail-Element.css +7 -0
  299. synapse/res/templates/mail-Vector.css +7 -0
  300. synapse/res/templates/mail-expiry.css +4 -0
  301. synapse/res/templates/mail.css +156 -0
  302. synapse/res/templates/notice_expiry.html +46 -0
  303. synapse/res/templates/notice_expiry.txt +7 -0
  304. synapse/res/templates/notif.html +51 -0
  305. synapse/res/templates/notif.txt +22 -0
  306. synapse/res/templates/notif_mail.html +59 -0
  307. synapse/res/templates/notif_mail.txt +10 -0
  308. synapse/res/templates/password_reset.html +10 -0
  309. synapse/res/templates/password_reset.txt +7 -0
  310. synapse/res/templates/password_reset_confirmation.html +15 -0
  311. synapse/res/templates/password_reset_failure.html +7 -0
  312. synapse/res/templates/password_reset_success.html +6 -0
  313. synapse/res/templates/recaptcha.html +42 -0
  314. synapse/res/templates/registration.html +12 -0
  315. synapse/res/templates/registration.txt +10 -0
  316. synapse/res/templates/registration_failure.html +6 -0
  317. synapse/res/templates/registration_success.html +6 -0
  318. synapse/res/templates/registration_token.html +18 -0
  319. synapse/res/templates/room.html +33 -0
  320. synapse/res/templates/room.txt +9 -0
  321. synapse/res/templates/sso.css +129 -0
  322. synapse/res/templates/sso_account_deactivated.html +25 -0
  323. synapse/res/templates/sso_auth_account_details.html +186 -0
  324. synapse/res/templates/sso_auth_account_details.js +116 -0
  325. synapse/res/templates/sso_auth_bad_user.html +26 -0
  326. synapse/res/templates/sso_auth_confirm.html +27 -0
  327. synapse/res/templates/sso_auth_success.html +26 -0
  328. synapse/res/templates/sso_error.html +71 -0
  329. synapse/res/templates/sso_footer.html +19 -0
  330. synapse/res/templates/sso_login_idp_picker.html +60 -0
  331. synapse/res/templates/sso_new_user_consent.html +30 -0
  332. synapse/res/templates/sso_partial_profile.html +19 -0
  333. synapse/res/templates/sso_redirect_confirm.html +39 -0
  334. synapse/res/templates/style.css +33 -0
  335. synapse/res/templates/terms.html +27 -0
  336. synapse/rest/__init__.py +197 -0
  337. synapse/rest/admin/__init__.py +390 -0
  338. synapse/rest/admin/_base.py +72 -0
  339. synapse/rest/admin/background_updates.py +171 -0
  340. synapse/rest/admin/devices.py +221 -0
  341. synapse/rest/admin/event_reports.py +173 -0
  342. synapse/rest/admin/events.py +69 -0
  343. synapse/rest/admin/experimental_features.py +137 -0
  344. synapse/rest/admin/federation.py +243 -0
  345. synapse/rest/admin/media.py +540 -0
  346. synapse/rest/admin/registration_tokens.py +358 -0
  347. synapse/rest/admin/rooms.py +1061 -0
  348. synapse/rest/admin/scheduled_tasks.py +70 -0
  349. synapse/rest/admin/server_notice_servlet.py +132 -0
  350. synapse/rest/admin/statistics.py +132 -0
  351. synapse/rest/admin/username_available.py +58 -0
  352. synapse/rest/admin/users.py +1606 -0
  353. synapse/rest/client/__init__.py +20 -0
  354. synapse/rest/client/_base.py +113 -0
  355. synapse/rest/client/account.py +930 -0
  356. synapse/rest/client/account_data.py +319 -0
  357. synapse/rest/client/account_validity.py +103 -0
  358. synapse/rest/client/appservice_ping.py +125 -0
  359. synapse/rest/client/auth.py +218 -0
  360. synapse/rest/client/auth_metadata.py +122 -0
  361. synapse/rest/client/capabilities.py +121 -0
  362. synapse/rest/client/delayed_events.py +165 -0
  363. synapse/rest/client/devices.py +587 -0
  364. synapse/rest/client/directory.py +211 -0
  365. synapse/rest/client/events.py +116 -0
  366. synapse/rest/client/filter.py +112 -0
  367. synapse/rest/client/initial_sync.py +65 -0
  368. synapse/rest/client/keys.py +678 -0
  369. synapse/rest/client/knock.py +104 -0
  370. synapse/rest/client/login.py +750 -0
  371. synapse/rest/client/login_token_request.py +127 -0
  372. synapse/rest/client/logout.py +93 -0
  373. synapse/rest/client/matrixrtc.py +52 -0
  374. synapse/rest/client/media.py +285 -0
  375. synapse/rest/client/mutual_rooms.py +93 -0
  376. synapse/rest/client/notifications.py +137 -0
  377. synapse/rest/client/openid.py +109 -0
  378. synapse/rest/client/password_policy.py +69 -0
  379. synapse/rest/client/presence.py +131 -0
  380. synapse/rest/client/profile.py +291 -0
  381. synapse/rest/client/push_rule.py +331 -0
  382. synapse/rest/client/pusher.py +181 -0
  383. synapse/rest/client/read_marker.py +104 -0
  384. synapse/rest/client/receipts.py +165 -0
  385. synapse/rest/client/register.py +1067 -0
  386. synapse/rest/client/relations.py +138 -0
  387. synapse/rest/client/rendezvous.py +76 -0
  388. synapse/rest/client/reporting.py +207 -0
  389. synapse/rest/client/room.py +1669 -0
  390. synapse/rest/client/room_keys.py +426 -0
  391. synapse/rest/client/room_upgrade_rest_servlet.py +112 -0
  392. synapse/rest/client/sendtodevice.py +85 -0
  393. synapse/rest/client/sync.py +1131 -0
  394. synapse/rest/client/tags.py +129 -0
  395. synapse/rest/client/thirdparty.py +130 -0
  396. synapse/rest/client/thread_subscriptions.py +247 -0
  397. synapse/rest/client/tokenrefresh.py +52 -0
  398. synapse/rest/client/transactions.py +149 -0
  399. synapse/rest/client/user_directory.py +90 -0
  400. synapse/rest/client/versions.py +191 -0
  401. synapse/rest/client/voip.py +88 -0
  402. synapse/rest/consent/__init__.py +0 -0
  403. synapse/rest/consent/consent_resource.py +210 -0
  404. synapse/rest/health.py +38 -0
  405. synapse/rest/key/__init__.py +20 -0
  406. synapse/rest/key/v2/__init__.py +40 -0
  407. synapse/rest/key/v2/local_key_resource.py +125 -0
  408. synapse/rest/key/v2/remote_key_resource.py +302 -0
  409. synapse/rest/media/__init__.py +0 -0
  410. synapse/rest/media/config_resource.py +53 -0
  411. synapse/rest/media/create_resource.py +90 -0
  412. synapse/rest/media/download_resource.py +110 -0
  413. synapse/rest/media/media_repository_resource.py +113 -0
  414. synapse/rest/media/preview_url_resource.py +77 -0
  415. synapse/rest/media/thumbnail_resource.py +142 -0
  416. synapse/rest/media/upload_resource.py +187 -0
  417. synapse/rest/media/v1/__init__.py +39 -0
  418. synapse/rest/media/v1/_base.py +23 -0
  419. synapse/rest/media/v1/media_storage.py +23 -0
  420. synapse/rest/media/v1/storage_provider.py +23 -0
  421. synapse/rest/synapse/__init__.py +20 -0
  422. synapse/rest/synapse/client/__init__.py +93 -0
  423. synapse/rest/synapse/client/federation_whitelist.py +66 -0
  424. synapse/rest/synapse/client/jwks.py +77 -0
  425. synapse/rest/synapse/client/new_user_consent.py +115 -0
  426. synapse/rest/synapse/client/oidc/__init__.py +45 -0
  427. synapse/rest/synapse/client/oidc/backchannel_logout_resource.py +42 -0
  428. synapse/rest/synapse/client/oidc/callback_resource.py +48 -0
  429. synapse/rest/synapse/client/password_reset.py +129 -0
  430. synapse/rest/synapse/client/pick_idp.py +107 -0
  431. synapse/rest/synapse/client/pick_username.py +153 -0
  432. synapse/rest/synapse/client/rendezvous.py +58 -0
  433. synapse/rest/synapse/client/saml2/__init__.py +42 -0
  434. synapse/rest/synapse/client/saml2/metadata_resource.py +46 -0
  435. synapse/rest/synapse/client/saml2/response_resource.py +52 -0
  436. synapse/rest/synapse/client/sso_register.py +56 -0
  437. synapse/rest/synapse/client/unsubscribe.py +88 -0
  438. synapse/rest/synapse/mas/__init__.py +71 -0
  439. synapse/rest/synapse/mas/_base.py +55 -0
  440. synapse/rest/synapse/mas/devices.py +239 -0
  441. synapse/rest/synapse/mas/users.py +469 -0
  442. synapse/rest/well_known.py +148 -0
  443. synapse/server.py +1257 -0
  444. synapse/server_notices/__init__.py +0 -0
  445. synapse/server_notices/consent_server_notices.py +136 -0
  446. synapse/server_notices/resource_limits_server_notices.py +215 -0
  447. synapse/server_notices/server_notices_manager.py +388 -0
  448. synapse/server_notices/server_notices_sender.py +67 -0
  449. synapse/server_notices/worker_server_notices_sender.py +46 -0
  450. synapse/spam_checker_api/__init__.py +31 -0
  451. synapse/state/__init__.py +1022 -0
  452. synapse/state/v1.py +369 -0
  453. synapse/state/v2.py +984 -0
  454. synapse/static/client/login/index.html +47 -0
  455. synapse/static/client/login/js/jquery-3.4.1.min.js +2 -0
  456. synapse/static/client/login/js/login.js +291 -0
  457. synapse/static/client/login/spinner.gif +0 -0
  458. synapse/static/client/login/style.css +79 -0
  459. synapse/static/index.html +63 -0
  460. synapse/storage/__init__.py +43 -0
  461. synapse/storage/_base.py +245 -0
  462. synapse/storage/admin_client_config.py +25 -0
  463. synapse/storage/background_updates.py +1188 -0
  464. synapse/storage/controllers/__init__.py +57 -0
  465. synapse/storage/controllers/persist_events.py +1237 -0
  466. synapse/storage/controllers/purge_events.py +455 -0
  467. synapse/storage/controllers/state.py +950 -0
  468. synapse/storage/controllers/stats.py +119 -0
  469. synapse/storage/database.py +2719 -0
  470. synapse/storage/databases/__init__.py +175 -0
  471. synapse/storage/databases/main/__init__.py +420 -0
  472. synapse/storage/databases/main/account_data.py +1059 -0
  473. synapse/storage/databases/main/appservice.py +473 -0
  474. synapse/storage/databases/main/cache.py +911 -0
  475. synapse/storage/databases/main/censor_events.py +225 -0
  476. synapse/storage/databases/main/client_ips.py +815 -0
  477. synapse/storage/databases/main/delayed_events.py +562 -0
  478. synapse/storage/databases/main/deviceinbox.py +1271 -0
  479. synapse/storage/databases/main/devices.py +2578 -0
  480. synapse/storage/databases/main/directory.py +212 -0
  481. synapse/storage/databases/main/e2e_room_keys.py +689 -0
  482. synapse/storage/databases/main/end_to_end_keys.py +1894 -0
  483. synapse/storage/databases/main/event_federation.py +2508 -0
  484. synapse/storage/databases/main/event_push_actions.py +1933 -0
  485. synapse/storage/databases/main/events.py +3765 -0
  486. synapse/storage/databases/main/events_bg_updates.py +2910 -0
  487. synapse/storage/databases/main/events_forward_extremities.py +126 -0
  488. synapse/storage/databases/main/events_worker.py +2786 -0
  489. synapse/storage/databases/main/experimental_features.py +130 -0
  490. synapse/storage/databases/main/filtering.py +231 -0
  491. synapse/storage/databases/main/keys.py +291 -0
  492. synapse/storage/databases/main/lock.py +553 -0
  493. synapse/storage/databases/main/media_repository.py +1068 -0
  494. synapse/storage/databases/main/metrics.py +460 -0
  495. synapse/storage/databases/main/monthly_active_users.py +443 -0
  496. synapse/storage/databases/main/openid.py +60 -0
  497. synapse/storage/databases/main/presence.py +509 -0
  498. synapse/storage/databases/main/profile.py +539 -0
  499. synapse/storage/databases/main/purge_events.py +521 -0
  500. synapse/storage/databases/main/push_rule.py +970 -0
  501. synapse/storage/databases/main/pusher.py +793 -0
  502. synapse/storage/databases/main/receipts.py +1341 -0
  503. synapse/storage/databases/main/registration.py +3072 -0
  504. synapse/storage/databases/main/rejections.py +37 -0
  505. synapse/storage/databases/main/relations.py +1116 -0
  506. synapse/storage/databases/main/room.py +2779 -0
  507. synapse/storage/databases/main/roommember.py +2110 -0
  508. synapse/storage/databases/main/search.py +939 -0
  509. synapse/storage/databases/main/session.py +151 -0
  510. synapse/storage/databases/main/signatures.py +94 -0
  511. synapse/storage/databases/main/sliding_sync.py +603 -0
  512. synapse/storage/databases/main/state.py +1002 -0
  513. synapse/storage/databases/main/state_deltas.py +329 -0
  514. synapse/storage/databases/main/stats.py +789 -0
  515. synapse/storage/databases/main/stream.py +2577 -0
  516. synapse/storage/databases/main/tags.py +360 -0
  517. synapse/storage/databases/main/task_scheduler.py +225 -0
  518. synapse/storage/databases/main/thread_subscriptions.py +589 -0
  519. synapse/storage/databases/main/transactions.py +675 -0
  520. synapse/storage/databases/main/ui_auth.py +420 -0
  521. synapse/storage/databases/main/user_directory.py +1330 -0
  522. synapse/storage/databases/main/user_erasure_store.py +117 -0
  523. synapse/storage/databases/state/__init__.py +22 -0
  524. synapse/storage/databases/state/bg_updates.py +497 -0
  525. synapse/storage/databases/state/deletion.py +557 -0
  526. synapse/storage/databases/state/store.py +948 -0
  527. synapse/storage/engines/__init__.py +70 -0
  528. synapse/storage/engines/_base.py +154 -0
  529. synapse/storage/engines/postgres.py +261 -0
  530. synapse/storage/engines/sqlite.py +199 -0
  531. synapse/storage/invite_rule.py +112 -0
  532. synapse/storage/keys.py +40 -0
  533. synapse/storage/prepare_database.py +730 -0
  534. synapse/storage/push_rule.py +28 -0
  535. synapse/storage/roommember.py +88 -0
  536. synapse/storage/schema/README.md +4 -0
  537. synapse/storage/schema/__init__.py +186 -0
  538. synapse/storage/schema/common/delta/25/00background_updates.sql +40 -0
  539. synapse/storage/schema/common/delta/35/00background_updates_add_col.sql +36 -0
  540. synapse/storage/schema/common/delta/58/00background_update_ordering.sql +38 -0
  541. synapse/storage/schema/common/full_schemas/72/full.sql.postgres +8 -0
  542. synapse/storage/schema/common/full_schemas/72/full.sql.sqlite +6 -0
  543. synapse/storage/schema/common/schema_version.sql +60 -0
  544. synapse/storage/schema/main/delta/12/v12.sql +82 -0
  545. synapse/storage/schema/main/delta/13/v13.sql +38 -0
  546. synapse/storage/schema/main/delta/14/v14.sql +42 -0
  547. synapse/storage/schema/main/delta/15/appservice_txns.sql +50 -0
  548. synapse/storage/schema/main/delta/15/presence_indices.sql +2 -0
  549. synapse/storage/schema/main/delta/15/v15.sql +24 -0
  550. synapse/storage/schema/main/delta/16/events_order_index.sql +4 -0
  551. synapse/storage/schema/main/delta/16/remote_media_cache_index.sql +2 -0
  552. synapse/storage/schema/main/delta/16/remove_duplicates.sql +9 -0
  553. synapse/storage/schema/main/delta/16/room_alias_index.sql +3 -0
  554. synapse/storage/schema/main/delta/16/unique_constraints.sql +72 -0
  555. synapse/storage/schema/main/delta/16/users.sql +56 -0
  556. synapse/storage/schema/main/delta/17/drop_indexes.sql +37 -0
  557. synapse/storage/schema/main/delta/17/server_keys.sql +43 -0
  558. synapse/storage/schema/main/delta/17/user_threepids.sql +9 -0
  559. synapse/storage/schema/main/delta/18/server_keys_bigger_ints.sql +51 -0
  560. synapse/storage/schema/main/delta/19/event_index.sql +38 -0
  561. synapse/storage/schema/main/delta/20/dummy.sql +1 -0
  562. synapse/storage/schema/main/delta/20/pushers.py +93 -0
  563. synapse/storage/schema/main/delta/21/end_to_end_keys.sql +53 -0
  564. synapse/storage/schema/main/delta/21/receipts.sql +57 -0
  565. synapse/storage/schema/main/delta/22/receipts_index.sql +41 -0
  566. synapse/storage/schema/main/delta/22/user_threepids_unique.sql +19 -0
  567. synapse/storage/schema/main/delta/24/stats_reporting.sql +37 -0
  568. synapse/storage/schema/main/delta/25/fts.py +81 -0
  569. synapse/storage/schema/main/delta/25/guest_access.sql +44 -0
  570. synapse/storage/schema/main/delta/25/history_visibility.sql +44 -0
  571. synapse/storage/schema/main/delta/25/tags.sql +57 -0
  572. synapse/storage/schema/main/delta/26/account_data.sql +36 -0
  573. synapse/storage/schema/main/delta/27/account_data.sql +55 -0
  574. synapse/storage/schema/main/delta/27/forgotten_memberships.sql +45 -0
  575. synapse/storage/schema/main/delta/27/ts.py +61 -0
  576. synapse/storage/schema/main/delta/28/event_push_actions.sql +46 -0
  577. synapse/storage/schema/main/delta/28/events_room_stream.sql +39 -0
  578. synapse/storage/schema/main/delta/28/public_roms_index.sql +39 -0
  579. synapse/storage/schema/main/delta/28/receipts_user_id_index.sql +41 -0
  580. synapse/storage/schema/main/delta/28/upgrade_times.sql +40 -0
  581. synapse/storage/schema/main/delta/28/users_is_guest.sql +41 -0
  582. synapse/storage/schema/main/delta/29/push_actions.sql +54 -0
  583. synapse/storage/schema/main/delta/30/alias_creator.sql +35 -0
  584. synapse/storage/schema/main/delta/30/as_users.py +82 -0
  585. synapse/storage/schema/main/delta/30/deleted_pushers.sql +44 -0
  586. synapse/storage/schema/main/delta/30/presence_stream.sql +49 -0
  587. synapse/storage/schema/main/delta/30/public_rooms.sql +42 -0
  588. synapse/storage/schema/main/delta/30/push_rule_stream.sql +57 -0
  589. synapse/storage/schema/main/delta/30/threepid_guest_access_tokens.sql +43 -0
  590. synapse/storage/schema/main/delta/31/invites.sql +61 -0
  591. synapse/storage/schema/main/delta/31/local_media_repository_url_cache.sql +46 -0
  592. synapse/storage/schema/main/delta/31/pushers_0.py +92 -0
  593. synapse/storage/schema/main/delta/31/pushers_index.sql +41 -0
  594. synapse/storage/schema/main/delta/31/search_update.py +65 -0
  595. synapse/storage/schema/main/delta/32/events.sql +35 -0
  596. synapse/storage/schema/main/delta/32/openid.sql +9 -0
  597. synapse/storage/schema/main/delta/32/pusher_throttle.sql +42 -0
  598. synapse/storage/schema/main/delta/32/remove_indices.sql +52 -0
  599. synapse/storage/schema/main/delta/32/reports.sql +44 -0
  600. synapse/storage/schema/main/delta/33/access_tokens_device_index.sql +36 -0
  601. synapse/storage/schema/main/delta/33/devices.sql +40 -0
  602. synapse/storage/schema/main/delta/33/devices_for_e2e_keys.sql +38 -0
  603. synapse/storage/schema/main/delta/33/devices_for_e2e_keys_clear_unknown_device.sql +39 -0
  604. synapse/storage/schema/main/delta/33/event_fields.py +61 -0
  605. synapse/storage/schema/main/delta/33/remote_media_ts.py +43 -0
  606. synapse/storage/schema/main/delta/33/user_ips_index.sql +36 -0
  607. synapse/storage/schema/main/delta/34/appservice_stream.sql +42 -0
  608. synapse/storage/schema/main/delta/34/cache_stream.py +50 -0
  609. synapse/storage/schema/main/delta/34/device_inbox.sql +43 -0
  610. synapse/storage/schema/main/delta/34/push_display_name_rename.sql +39 -0
  611. synapse/storage/schema/main/delta/34/received_txn_purge.py +36 -0
  612. synapse/storage/schema/main/delta/35/contains_url.sql +36 -0
  613. synapse/storage/schema/main/delta/35/device_outbox.sql +58 -0
  614. synapse/storage/schema/main/delta/35/device_stream_id.sql +40 -0
  615. synapse/storage/schema/main/delta/35/event_push_actions_index.sql +36 -0
  616. synapse/storage/schema/main/delta/35/public_room_list_change_stream.sql +52 -0
  617. synapse/storage/schema/main/delta/35/stream_order_to_extrem.sql +56 -0
  618. synapse/storage/schema/main/delta/36/readd_public_rooms.sql +45 -0
  619. synapse/storage/schema/main/delta/37/remove_auth_idx.py +89 -0
  620. synapse/storage/schema/main/delta/37/user_threepids.sql +71 -0
  621. synapse/storage/schema/main/delta/38/postgres_fts_gist.sql +38 -0
  622. synapse/storage/schema/main/delta/39/appservice_room_list.sql +48 -0
  623. synapse/storage/schema/main/delta/39/device_federation_stream_idx.sql +35 -0
  624. synapse/storage/schema/main/delta/39/event_push_index.sql +36 -0
  625. synapse/storage/schema/main/delta/39/federation_out_position.sql +41 -0
  626. synapse/storage/schema/main/delta/39/membership_profile.sql +39 -0
  627. synapse/storage/schema/main/delta/40/current_state_idx.sql +36 -0
  628. synapse/storage/schema/main/delta/40/device_inbox.sql +40 -0
  629. synapse/storage/schema/main/delta/40/device_list_streams.sql +79 -0
  630. synapse/storage/schema/main/delta/40/event_push_summary.sql +57 -0
  631. synapse/storage/schema/main/delta/40/pushers.sql +58 -0
  632. synapse/storage/schema/main/delta/41/device_list_stream_idx.sql +36 -0
  633. synapse/storage/schema/main/delta/41/device_outbound_index.sql +35 -0
  634. synapse/storage/schema/main/delta/41/event_search_event_id_idx.sql +36 -0
  635. synapse/storage/schema/main/delta/41/ratelimit.sql +41 -0
  636. synapse/storage/schema/main/delta/42/current_state_delta.sql +48 -0
  637. synapse/storage/schema/main/delta/42/device_list_last_id.sql +52 -0
  638. synapse/storage/schema/main/delta/42/event_auth_state_only.sql +36 -0
  639. synapse/storage/schema/main/delta/42/user_dir.py +88 -0
  640. synapse/storage/schema/main/delta/43/blocked_rooms.sql +40 -0
  641. synapse/storage/schema/main/delta/43/quarantine_media.sql +36 -0
  642. synapse/storage/schema/main/delta/43/url_cache.sql +35 -0
  643. synapse/storage/schema/main/delta/43/user_share.sql +52 -0
  644. synapse/storage/schema/main/delta/44/expire_url_cache.sql +60 -0
  645. synapse/storage/schema/main/delta/45/group_server.sql +186 -0
  646. synapse/storage/schema/main/delta/45/profile_cache.sql +47 -0
  647. synapse/storage/schema/main/delta/46/drop_refresh_tokens.sql +36 -0
  648. synapse/storage/schema/main/delta/46/drop_unique_deleted_pushers.sql +54 -0
  649. synapse/storage/schema/main/delta/46/group_server.sql +51 -0
  650. synapse/storage/schema/main/delta/46/local_media_repository_url_idx.sql +43 -0
  651. synapse/storage/schema/main/delta/46/user_dir_null_room_ids.sql +54 -0
  652. synapse/storage/schema/main/delta/46/user_dir_typos.sql +43 -0
  653. synapse/storage/schema/main/delta/47/last_access_media.sql +35 -0
  654. synapse/storage/schema/main/delta/47/postgres_fts_gin.sql +36 -0
  655. synapse/storage/schema/main/delta/47/push_actions_staging.sql +47 -0
  656. synapse/storage/schema/main/delta/48/add_user_consent.sql +37 -0
  657. synapse/storage/schema/main/delta/48/add_user_ips_last_seen_index.sql +36 -0
  658. synapse/storage/schema/main/delta/48/deactivated_users.sql +44 -0
  659. synapse/storage/schema/main/delta/48/group_unique_indexes.py +67 -0
  660. synapse/storage/schema/main/delta/48/groups_joinable.sql +41 -0
  661. synapse/storage/schema/main/delta/49/add_user_consent_server_notice_sent.sql +39 -0
  662. synapse/storage/schema/main/delta/49/add_user_daily_visits.sql +40 -0
  663. synapse/storage/schema/main/delta/49/add_user_ips_last_seen_only_index.sql +36 -0
  664. synapse/storage/schema/main/delta/50/add_creation_ts_users_index.sql +38 -0
  665. synapse/storage/schema/main/delta/50/erasure_store.sql +40 -0
  666. synapse/storage/schema/main/delta/50/make_event_content_nullable.py +102 -0
  667. synapse/storage/schema/main/delta/51/e2e_room_keys.sql +58 -0
  668. synapse/storage/schema/main/delta/51/monthly_active_users.sql +46 -0
  669. synapse/storage/schema/main/delta/52/add_event_to_state_group_index.sql +38 -0
  670. synapse/storage/schema/main/delta/52/device_list_streams_unique_idx.sql +55 -0
  671. synapse/storage/schema/main/delta/52/e2e_room_keys.sql +72 -0
  672. synapse/storage/schema/main/delta/53/add_user_type_to_users.sql +38 -0
  673. synapse/storage/schema/main/delta/53/drop_sent_transactions.sql +35 -0
  674. synapse/storage/schema/main/delta/53/event_format_version.sql +35 -0
  675. synapse/storage/schema/main/delta/53/user_dir_populate.sql +49 -0
  676. synapse/storage/schema/main/delta/53/user_ips_index.sql +49 -0
  677. synapse/storage/schema/main/delta/53/user_share.sql +63 -0
  678. synapse/storage/schema/main/delta/53/user_threepid_id.sql +48 -0
  679. synapse/storage/schema/main/delta/53/users_in_public_rooms.sql +47 -0
  680. synapse/storage/schema/main/delta/54/account_validity_with_renewal.sql +49 -0
  681. synapse/storage/schema/main/delta/54/add_validity_to_server_keys.sql +42 -0
  682. synapse/storage/schema/main/delta/54/delete_forward_extremities.sql +42 -0
  683. synapse/storage/schema/main/delta/54/drop_legacy_tables.sql +49 -0
  684. synapse/storage/schema/main/delta/54/drop_presence_list.sql +35 -0
  685. synapse/storage/schema/main/delta/54/relations.sql +46 -0
  686. synapse/storage/schema/main/delta/54/stats.sql +99 -0
  687. synapse/storage/schema/main/delta/54/stats2.sql +47 -0
  688. synapse/storage/schema/main/delta/55/access_token_expiry.sql +37 -0
  689. synapse/storage/schema/main/delta/55/track_threepid_validations.sql +50 -0
  690. synapse/storage/schema/main/delta/55/users_alter_deactivated.sql +38 -0
  691. synapse/storage/schema/main/delta/56/add_spans_to_device_lists.sql +39 -0
  692. synapse/storage/schema/main/delta/56/current_state_events_membership.sql +41 -0
  693. synapse/storage/schema/main/delta/56/current_state_events_membership_mk2.sql +43 -0
  694. synapse/storage/schema/main/delta/56/delete_keys_from_deleted_backups.sql +44 -0
  695. synapse/storage/schema/main/delta/56/destinations_failure_ts.sql +44 -0
  696. synapse/storage/schema/main/delta/56/destinations_retry_interval_type.sql.postgres +18 -0
  697. synapse/storage/schema/main/delta/56/device_stream_id_insert.sql +39 -0
  698. synapse/storage/schema/main/delta/56/devices_last_seen.sql +43 -0
  699. synapse/storage/schema/main/delta/56/drop_unused_event_tables.sql +39 -0
  700. synapse/storage/schema/main/delta/56/event_expiry.sql +40 -0
  701. synapse/storage/schema/main/delta/56/event_labels.sql +49 -0
  702. synapse/storage/schema/main/delta/56/event_labels_background_update.sql +36 -0
  703. synapse/storage/schema/main/delta/56/fix_room_keys_index.sql +37 -0
  704. synapse/storage/schema/main/delta/56/hidden_devices.sql +37 -0
  705. synapse/storage/schema/main/delta/56/hidden_devices_fix.sql.sqlite +42 -0
  706. synapse/storage/schema/main/delta/56/nuke_empty_communities_from_db.sql +48 -0
  707. synapse/storage/schema/main/delta/56/public_room_list_idx.sql +35 -0
  708. synapse/storage/schema/main/delta/56/redaction_censor.sql +35 -0
  709. synapse/storage/schema/main/delta/56/redaction_censor2.sql +41 -0
  710. synapse/storage/schema/main/delta/56/redaction_censor3_fix_update.sql.postgres +25 -0
  711. synapse/storage/schema/main/delta/56/redaction_censor4.sql +35 -0
  712. synapse/storage/schema/main/delta/56/remove_tombstoned_rooms_from_directory.sql +38 -0
  713. synapse/storage/schema/main/delta/56/room_key_etag.sql +36 -0
  714. synapse/storage/schema/main/delta/56/room_membership_idx.sql +37 -0
  715. synapse/storage/schema/main/delta/56/room_retention.sql +52 -0
  716. synapse/storage/schema/main/delta/56/signing_keys.sql +75 -0
  717. synapse/storage/schema/main/delta/56/signing_keys_nonunique_signatures.sql +41 -0
  718. synapse/storage/schema/main/delta/56/stats_separated.sql +175 -0
  719. synapse/storage/schema/main/delta/56/unique_user_filter_index.py +46 -0
  720. synapse/storage/schema/main/delta/56/user_external_ids.sql +43 -0
  721. synapse/storage/schema/main/delta/56/users_in_public_rooms_idx.sql +36 -0
  722. synapse/storage/schema/main/delta/57/delete_old_current_state_events.sql +41 -0
  723. synapse/storage/schema/main/delta/57/device_list_remote_cache_stale.sql +44 -0
  724. synapse/storage/schema/main/delta/57/local_current_membership.py +111 -0
  725. synapse/storage/schema/main/delta/57/remove_sent_outbound_pokes.sql +40 -0
  726. synapse/storage/schema/main/delta/57/rooms_version_column.sql +43 -0
  727. synapse/storage/schema/main/delta/57/rooms_version_column_2.sql.postgres +35 -0
  728. synapse/storage/schema/main/delta/57/rooms_version_column_2.sql.sqlite +22 -0
  729. synapse/storage/schema/main/delta/57/rooms_version_column_3.sql.postgres +39 -0
  730. synapse/storage/schema/main/delta/57/rooms_version_column_3.sql.sqlite +23 -0
  731. synapse/storage/schema/main/delta/58/02remove_dup_outbound_pokes.sql +41 -0
  732. synapse/storage/schema/main/delta/58/03persist_ui_auth.sql +55 -0
  733. synapse/storage/schema/main/delta/58/05cache_instance.sql.postgres +30 -0
  734. synapse/storage/schema/main/delta/58/06dlols_unique_idx.py +83 -0
  735. synapse/storage/schema/main/delta/58/07add_method_to_thumbnail_constraint.sql.postgres +33 -0
  736. synapse/storage/schema/main/delta/58/07add_method_to_thumbnail_constraint.sql.sqlite +44 -0
  737. synapse/storage/schema/main/delta/58/07persist_ui_auth_ips.sql +44 -0
  738. synapse/storage/schema/main/delta/58/08_media_safe_from_quarantine.sql.postgres +18 -0
  739. synapse/storage/schema/main/delta/58/08_media_safe_from_quarantine.sql.sqlite +18 -0
  740. synapse/storage/schema/main/delta/58/09shadow_ban.sql +37 -0
  741. synapse/storage/schema/main/delta/58/10_pushrules_enabled_delete_obsolete.sql +47 -0
  742. synapse/storage/schema/main/delta/58/10drop_local_rejections_stream.sql +41 -0
  743. synapse/storage/schema/main/delta/58/10federation_pos_instance_name.sql +41 -0
  744. synapse/storage/schema/main/delta/58/11dehydration.sql +39 -0
  745. synapse/storage/schema/main/delta/58/11fallback.sql +43 -0
  746. synapse/storage/schema/main/delta/58/11user_id_seq.py +38 -0
  747. synapse/storage/schema/main/delta/58/12room_stats.sql +51 -0
  748. synapse/storage/schema/main/delta/58/13remove_presence_allow_inbound.sql +36 -0
  749. synapse/storage/schema/main/delta/58/14events_instance_name.sql +35 -0
  750. synapse/storage/schema/main/delta/58/14events_instance_name.sql.postgres +28 -0
  751. synapse/storage/schema/main/delta/58/15_catchup_destination_rooms.sql +61 -0
  752. synapse/storage/schema/main/delta/58/15unread_count.sql +45 -0
  753. synapse/storage/schema/main/delta/58/16populate_stats_process_rooms_fix.sql +41 -0
  754. synapse/storage/schema/main/delta/58/17_catchup_last_successful.sql +40 -0
  755. synapse/storage/schema/main/delta/58/18stream_positions.sql +41 -0
  756. synapse/storage/schema/main/delta/58/19instance_map.sql.postgres +25 -0
  757. synapse/storage/schema/main/delta/58/19txn_id.sql +59 -0
  758. synapse/storage/schema/main/delta/58/20instance_name_event_tables.sql +36 -0
  759. synapse/storage/schema/main/delta/58/20user_daily_visits.sql +37 -0
  760. synapse/storage/schema/main/delta/58/21as_device_stream.sql +36 -0
  761. synapse/storage/schema/main/delta/58/21drop_device_max_stream_id.sql +1 -0
  762. synapse/storage/schema/main/delta/58/22puppet_token.sql +36 -0
  763. synapse/storage/schema/main/delta/58/22users_have_local_media.sql +2 -0
  764. synapse/storage/schema/main/delta/58/23e2e_cross_signing_keys_idx.sql +36 -0
  765. synapse/storage/schema/main/delta/58/24drop_event_json_index.sql +38 -0
  766. synapse/storage/schema/main/delta/58/25user_external_ids_user_id_idx.sql +36 -0
  767. synapse/storage/schema/main/delta/58/26access_token_last_validated.sql +37 -0
  768. synapse/storage/schema/main/delta/58/27local_invites.sql +37 -0
  769. synapse/storage/schema/main/delta/58/28drop_last_used_column.sql.postgres +16 -0
  770. synapse/storage/schema/main/delta/58/28drop_last_used_column.sql.sqlite +62 -0
  771. synapse/storage/schema/main/delta/59/01ignored_user.py +85 -0
  772. synapse/storage/schema/main/delta/59/02shard_send_to_device.sql +37 -0
  773. synapse/storage/schema/main/delta/59/03shard_send_to_device_sequence.sql.postgres +25 -0
  774. synapse/storage/schema/main/delta/59/04_event_auth_chains.sql +71 -0
  775. synapse/storage/schema/main/delta/59/04_event_auth_chains.sql.postgres +16 -0
  776. synapse/storage/schema/main/delta/59/04drop_account_data.sql +36 -0
  777. synapse/storage/schema/main/delta/59/05cache_invalidation.sql +36 -0
  778. synapse/storage/schema/main/delta/59/06chain_cover_index.sql +36 -0
  779. synapse/storage/schema/main/delta/59/06shard_account_data.sql +39 -0
  780. synapse/storage/schema/main/delta/59/06shard_account_data.sql.postgres +32 -0
  781. synapse/storage/schema/main/delta/59/07shard_account_data_fix.sql +37 -0
  782. synapse/storage/schema/main/delta/59/08delete_pushers_for_deactivated_accounts.sql +39 -0
  783. synapse/storage/schema/main/delta/59/08delete_stale_pushers.sql +39 -0
  784. synapse/storage/schema/main/delta/59/09rejected_events_metadata.sql +45 -0
  785. synapse/storage/schema/main/delta/59/10delete_purged_chain_cover.sql +36 -0
  786. synapse/storage/schema/main/delta/59/11add_knock_members_to_stats.sql +39 -0
  787. synapse/storage/schema/main/delta/59/11drop_thumbnail_constraint.sql.postgres +22 -0
  788. synapse/storage/schema/main/delta/59/12account_validity_token_used_ts_ms.sql +37 -0
  789. synapse/storage/schema/main/delta/59/12presence_stream_instance.sql +37 -0
  790. synapse/storage/schema/main/delta/59/12presence_stream_instance_seq.sql.postgres +20 -0
  791. synapse/storage/schema/main/delta/59/13users_to_send_full_presence_to.sql +53 -0
  792. synapse/storage/schema/main/delta/59/14refresh_tokens.sql +53 -0
  793. synapse/storage/schema/main/delta/59/15locks.sql +56 -0
  794. synapse/storage/schema/main/delta/59/16federation_inbound_staging.sql +51 -0
  795. synapse/storage/schema/main/delta/60/01recreate_stream_ordering.sql.postgres +45 -0
  796. synapse/storage/schema/main/delta/60/02change_stream_ordering_columns.sql.postgres +30 -0
  797. synapse/storage/schema/main/delta/61/01change_appservices_txns.sql.postgres +23 -0
  798. synapse/storage/schema/main/delta/61/01insertion_event_lookups.sql +68 -0
  799. synapse/storage/schema/main/delta/61/02drop_redundant_room_depth_index.sql +37 -0
  800. synapse/storage/schema/main/delta/61/03recreate_min_depth.py +74 -0
  801. synapse/storage/schema/main/delta/62/01insertion_event_extremities.sql +43 -0
  802. synapse/storage/schema/main/delta/63/01create_registration_tokens.sql +42 -0
  803. synapse/storage/schema/main/delta/63/02delete_unlinked_email_pushers.sql +39 -0
  804. synapse/storage/schema/main/delta/63/02populate-rooms-creator.sql +36 -0
  805. synapse/storage/schema/main/delta/63/03session_store.sql +42 -0
  806. synapse/storage/schema/main/delta/63/04add_presence_stream_not_offline_index.sql +37 -0
  807. synapse/storage/schema/main/delta/64/01msc2716_chunk_to_batch_rename.sql.postgres +23 -0
  808. synapse/storage/schema/main/delta/64/01msc2716_chunk_to_batch_rename.sql.sqlite +37 -0
  809. synapse/storage/schema/main/delta/65/01msc2716_insertion_event_edges.sql +38 -0
  810. synapse/storage/schema/main/delta/65/03remove_hidden_devices_from_device_inbox.sql +41 -0
  811. synapse/storage/schema/main/delta/65/04_local_group_updates.sql +37 -0
  812. synapse/storage/schema/main/delta/65/05_remove_room_stats_historical_and_user_stats_historical.sql +38 -0
  813. synapse/storage/schema/main/delta/65/06remove_deleted_devices_from_device_inbox.sql +53 -0
  814. synapse/storage/schema/main/delta/65/07_arbitrary_relations.sql +37 -0
  815. synapse/storage/schema/main/delta/65/08_device_inbox_background_updates.sql +37 -0
  816. synapse/storage/schema/main/delta/65/10_expirable_refresh_tokens.sql +47 -0
  817. synapse/storage/schema/main/delta/65/11_devices_auth_provider_session.sql +46 -0
  818. synapse/storage/schema/main/delta/67/01drop_public_room_list_stream.sql +37 -0
  819. synapse/storage/schema/main/delta/68/01event_columns.sql +45 -0
  820. synapse/storage/schema/main/delta/68/02_msc2409_add_device_id_appservice_stream_type.sql +40 -0
  821. synapse/storage/schema/main/delta/68/03_delete_account_data_for_deactivated_accounts.sql +39 -0
  822. synapse/storage/schema/main/delta/68/04_refresh_tokens_index_next_token_id.sql +47 -0
  823. synapse/storage/schema/main/delta/68/04partial_state_rooms.sql +60 -0
  824. synapse/storage/schema/main/delta/68/05_delete_non_strings_from_event_search.sql.sqlite +22 -0
  825. synapse/storage/schema/main/delta/68/05partial_state_rooms_triggers.py +80 -0
  826. synapse/storage/schema/main/delta/68/06_msc3202_add_device_list_appservice_stream_type.sql +42 -0
  827. synapse/storage/schema/main/delta/69/01as_txn_seq.py +54 -0
  828. synapse/storage/schema/main/delta/69/01device_list_oubound_by_room.sql +57 -0
  829. synapse/storage/schema/main/delta/69/02cache_invalidation_index.sql +37 -0
  830. synapse/storage/schema/main/delta/70/01clean_table_purged_rooms.sql +39 -0
  831. synapse/storage/schema/main/delta/71/01rebuild_event_edges.sql.postgres +43 -0
  832. synapse/storage/schema/main/delta/71/01rebuild_event_edges.sql.sqlite +47 -0
  833. synapse/storage/schema/main/delta/71/01remove_noop_background_updates.sql +80 -0
  834. synapse/storage/schema/main/delta/71/02event_push_summary_unique.sql +37 -0
  835. synapse/storage/schema/main/delta/72/01add_room_type_to_state_stats.sql +38 -0
  836. synapse/storage/schema/main/delta/72/01event_push_summary_receipt.sql +54 -0
  837. synapse/storage/schema/main/delta/72/02event_push_actions_index.sql +38 -0
  838. synapse/storage/schema/main/delta/72/03bg_populate_events_columns.py +57 -0
  839. synapse/storage/schema/main/delta/72/03drop_event_reference_hashes.sql +36 -0
  840. synapse/storage/schema/main/delta/72/03remove_groups.sql +50 -0
  841. synapse/storage/schema/main/delta/72/04drop_column_application_services_state_last_txn.sql.postgres +17 -0
  842. synapse/storage/schema/main/delta/72/04drop_column_application_services_state_last_txn.sql.sqlite +40 -0
  843. synapse/storage/schema/main/delta/72/05receipts_event_stream_ordering.sql +38 -0
  844. synapse/storage/schema/main/delta/72/05remove_unstable_private_read_receipts.sql +38 -0
  845. synapse/storage/schema/main/delta/72/06add_consent_ts_to_users.sql +35 -0
  846. synapse/storage/schema/main/delta/72/06thread_notifications.sql +49 -0
  847. synapse/storage/schema/main/delta/72/07force_update_current_state_events_membership.py +67 -0
  848. synapse/storage/schema/main/delta/72/07thread_receipts.sql.postgres +30 -0
  849. synapse/storage/schema/main/delta/72/07thread_receipts.sql.sqlite +70 -0
  850. synapse/storage/schema/main/delta/72/08begin_cache_invalidation_seq_at_2.sql.postgres +23 -0
  851. synapse/storage/schema/main/delta/72/08thread_receipts.sql +39 -0
  852. synapse/storage/schema/main/delta/72/09partial_indices.sql.sqlite +56 -0
  853. synapse/storage/schema/main/delta/73/01event_failed_pull_attempts.sql +48 -0
  854. synapse/storage/schema/main/delta/73/02add_pusher_enabled.sql +35 -0
  855. synapse/storage/schema/main/delta/73/02room_id_indexes_for_purging.sql +41 -0
  856. synapse/storage/schema/main/delta/73/03pusher_device_id.sql +39 -0
  857. synapse/storage/schema/main/delta/73/03users_approved_column.sql +39 -0
  858. synapse/storage/schema/main/delta/73/04partial_join_details.sql +42 -0
  859. synapse/storage/schema/main/delta/73/04pending_device_list_updates.sql +47 -0
  860. synapse/storage/schema/main/delta/73/05old_push_actions.sql.postgres +22 -0
  861. synapse/storage/schema/main/delta/73/05old_push_actions.sql.sqlite +24 -0
  862. synapse/storage/schema/main/delta/73/06thread_notifications_thread_id_idx.sql +42 -0
  863. synapse/storage/schema/main/delta/73/08thread_receipts_non_null.sql.postgres +23 -0
  864. synapse/storage/schema/main/delta/73/08thread_receipts_non_null.sql.sqlite +76 -0
  865. synapse/storage/schema/main/delta/73/09partial_joined_via_destination.sql +37 -0
  866. synapse/storage/schema/main/delta/73/09threads_table.sql +49 -0
  867. synapse/storage/schema/main/delta/73/10_update_sqlite_fts4_tokenizer.py +71 -0
  868. synapse/storage/schema/main/delta/73/10login_tokens.sql +54 -0
  869. synapse/storage/schema/main/delta/73/11event_search_room_id_n_distinct.sql.postgres +33 -0
  870. synapse/storage/schema/main/delta/73/12refactor_device_list_outbound_pokes.sql +72 -0
  871. synapse/storage/schema/main/delta/73/13add_device_lists_index.sql +39 -0
  872. synapse/storage/schema/main/delta/73/20_un_partial_stated_room_stream.sql +51 -0
  873. synapse/storage/schema/main/delta/73/21_un_partial_stated_room_stream_seq.sql.postgres +20 -0
  874. synapse/storage/schema/main/delta/73/22_rebuild_user_dir_stats.sql +48 -0
  875. synapse/storage/schema/main/delta/73/22_un_partial_stated_event_stream.sql +53 -0
  876. synapse/storage/schema/main/delta/73/23_fix_thread_index.sql +52 -0
  877. synapse/storage/schema/main/delta/73/23_un_partial_stated_room_stream_seq.sql.postgres +20 -0
  878. synapse/storage/schema/main/delta/73/24_events_jump_to_date_index.sql +36 -0
  879. synapse/storage/schema/main/delta/73/25drop_presence.sql +36 -0
  880. synapse/storage/schema/main/delta/74/01_user_directory_stale_remote_users.sql +58 -0
  881. synapse/storage/schema/main/delta/74/02_set_device_id_for_pushers_bg_update.sql +38 -0
  882. synapse/storage/schema/main/delta/74/03_membership_tables_event_stream_ordering.sql.postgres +29 -0
  883. synapse/storage/schema/main/delta/74/03_membership_tables_event_stream_ordering.sql.sqlite +23 -0
  884. synapse/storage/schema/main/delta/74/03_room_membership_index.sql +38 -0
  885. synapse/storage/schema/main/delta/74/04_delete_e2e_backup_keys_for_deactivated_users.sql +36 -0
  886. synapse/storage/schema/main/delta/74/04_membership_tables_event_stream_ordering_triggers.py +87 -0
  887. synapse/storage/schema/main/delta/74/05_events_txn_id_device_id.sql +72 -0
  888. synapse/storage/schema/main/delta/74/90COMMENTS_destinations.sql.postgres +52 -0
  889. synapse/storage/schema/main/delta/76/01_add_profiles_full_user_id_column.sql +39 -0
  890. synapse/storage/schema/main/delta/76/02_add_user_filters_full_user_id_column.sql +39 -0
  891. synapse/storage/schema/main/delta/76/03_per_user_experimental_features.sql +46 -0
  892. synapse/storage/schema/main/delta/76/04_add_room_forgetter.sql +43 -0
  893. synapse/storage/schema/main/delta/77/01_add_profiles_not_valid_check.sql.postgres +16 -0
  894. synapse/storage/schema/main/delta/77/02_add_user_filters_not_valid_check.sql.postgres +16 -0
  895. synapse/storage/schema/main/delta/77/03bg_populate_full_user_id_profiles.sql +35 -0
  896. synapse/storage/schema/main/delta/77/04bg_populate_full_user_id_user_filters.sql +35 -0
  897. synapse/storage/schema/main/delta/77/05thread_notifications_backfill.sql +67 -0
  898. synapse/storage/schema/main/delta/77/06thread_notifications_not_null.sql.sqlite +102 -0
  899. synapse/storage/schema/main/delta/77/06thread_notifications_not_null_event_push_actions.sql.postgres +27 -0
  900. synapse/storage/schema/main/delta/77/06thread_notifications_not_null_event_push_actions_staging.sql.postgres +27 -0
  901. synapse/storage/schema/main/delta/77/06thread_notifications_not_null_event_push_summary.sql.postgres +29 -0
  902. synapse/storage/schema/main/delta/77/14bg_indices_event_stream_ordering.sql +39 -0
  903. synapse/storage/schema/main/delta/78/01_validate_and_update_profiles.py +99 -0
  904. synapse/storage/schema/main/delta/78/02_validate_and_update_user_filters.py +100 -0
  905. synapse/storage/schema/main/delta/78/03_remove_unused_indexes_user_filters.py +72 -0
  906. synapse/storage/schema/main/delta/78/03event_extremities_constraints.py +65 -0
  907. synapse/storage/schema/main/delta/78/04_add_full_user_id_index_user_filters.py +32 -0
  908. synapse/storage/schema/main/delta/79/03_read_write_locks_triggers.sql.postgres +102 -0
  909. synapse/storage/schema/main/delta/79/03_read_write_locks_triggers.sql.sqlite +72 -0
  910. synapse/storage/schema/main/delta/79/04_mitigate_stream_ordering_update_race.py +70 -0
  911. synapse/storage/schema/main/delta/79/05_read_write_locks_triggers.sql.postgres +69 -0
  912. synapse/storage/schema/main/delta/79/05_read_write_locks_triggers.sql.sqlite +65 -0
  913. synapse/storage/schema/main/delta/80/01_users_alter_locked.sql +35 -0
  914. synapse/storage/schema/main/delta/80/02_read_write_locks_unlogged.sql.postgres +30 -0
  915. synapse/storage/schema/main/delta/80/02_scheduled_tasks.sql +47 -0
  916. synapse/storage/schema/main/delta/80/03_read_write_locks_triggers.sql.postgres +37 -0
  917. synapse/storage/schema/main/delta/80/04_read_write_locks_deadlock.sql.postgres +71 -0
  918. synapse/storage/schema/main/delta/82/02_scheduled_tasks_index.sql +35 -0
  919. synapse/storage/schema/main/delta/82/04_add_indices_for_purging_rooms.sql +39 -0
  920. synapse/storage/schema/main/delta/82/05gaps.sql +44 -0
  921. synapse/storage/schema/main/delta/83/01_drop_old_tables.sql +43 -0
  922. synapse/storage/schema/main/delta/83/03_instance_name_receipts.sql.sqlite +17 -0
  923. synapse/storage/schema/main/delta/83/05_cross_signing_key_update_grant.sql +34 -0
  924. synapse/storage/schema/main/delta/83/06_event_push_summary_room.sql +36 -0
  925. synapse/storage/schema/main/delta/84/01_auth_links_stats.sql.postgres +20 -0
  926. synapse/storage/schema/main/delta/84/02_auth_links_index.sql +16 -0
  927. synapse/storage/schema/main/delta/84/03_auth_links_analyze.sql.postgres +16 -0
  928. synapse/storage/schema/main/delta/84/04_access_token_index.sql +15 -0
  929. synapse/storage/schema/main/delta/85/01_add_suspended.sql +14 -0
  930. synapse/storage/schema/main/delta/85/02_add_instance_names.sql +27 -0
  931. synapse/storage/schema/main/delta/85/03_new_sequences.sql.postgres +54 -0
  932. synapse/storage/schema/main/delta/85/04_cleanup_device_federation_outbox.sql +15 -0
  933. synapse/storage/schema/main/delta/85/05_add_instance_names_converted_pos.sql +16 -0
  934. synapse/storage/schema/main/delta/85/06_add_room_reports.sql +20 -0
  935. synapse/storage/schema/main/delta/86/01_authenticate_media.sql +15 -0
  936. synapse/storage/schema/main/delta/86/02_receipts_event_id_index.sql +15 -0
  937. synapse/storage/schema/main/delta/87/01_sliding_sync_memberships.sql +169 -0
  938. synapse/storage/schema/main/delta/87/02_per_connection_state.sql +81 -0
  939. synapse/storage/schema/main/delta/87/03_current_state_index.sql +19 -0
  940. synapse/storage/schema/main/delta/88/01_add_delayed_events.sql +43 -0
  941. synapse/storage/schema/main/delta/88/01_custom_profile_fields.sql +15 -0
  942. synapse/storage/schema/main/delta/88/02_fix_sliding_sync_membership_snapshots_forgotten_column.sql +21 -0
  943. synapse/storage/schema/main/delta/88/03_add_otk_ts_added_index.sql +18 -0
  944. synapse/storage/schema/main/delta/88/04_current_state_delta_index.sql +18 -0
  945. synapse/storage/schema/main/delta/88/05_drop_old_otks.sql.postgres +19 -0
  946. synapse/storage/schema/main/delta/88/05_drop_old_otks.sql.sqlite +19 -0
  947. synapse/storage/schema/main/delta/88/05_sliding_sync_room_config_index.sql +20 -0
  948. synapse/storage/schema/main/delta/88/06_events_received_ts_index.sql +17 -0
  949. synapse/storage/schema/main/delta/89/01_sliding_sync_membership_snapshot_index.sql +15 -0
  950. synapse/storage/schema/main/delta/90/01_add_column_participant_room_memberships_table.sql +16 -0
  951. synapse/storage/schema/main/delta/91/01_media_hash.sql +28 -0
  952. synapse/storage/schema/main/delta/92/01_remove_trigger.sql.postgres +16 -0
  953. synapse/storage/schema/main/delta/92/01_remove_trigger.sql.sqlite +16 -0
  954. synapse/storage/schema/main/delta/92/02_remove_populate_participant_bg_update.sql +17 -0
  955. synapse/storage/schema/main/delta/92/04_ss_membership_snapshot_idx.sql +16 -0
  956. synapse/storage/schema/main/delta/92/04_thread_subscriptions.sql +59 -0
  957. synapse/storage/schema/main/delta/92/04_thread_subscriptions_seq.sql.postgres +19 -0
  958. synapse/storage/schema/main/delta/92/05_fixup_max_depth_cap.sql +17 -0
  959. synapse/storage/schema/main/delta/92/05_thread_subscriptions_comments.sql.postgres +18 -0
  960. synapse/storage/schema/main/delta/92/06_device_federation_inbox_index.sql +16 -0
  961. synapse/storage/schema/main/delta/92/06_threads_last_sent_stream_ordering_comments.sql.postgres +24 -0
  962. synapse/storage/schema/main/delta/92/07_add_user_reports.sql +22 -0
  963. synapse/storage/schema/main/delta/92/07_event_txn_id_device_id_txn_id2.sql +15 -0
  964. synapse/storage/schema/main/delta/92/08_room_ban_redactions.sql +21 -0
  965. synapse/storage/schema/main/delta/92/08_thread_subscriptions_seq_fixup.sql.postgres +19 -0
  966. synapse/storage/schema/main/delta/92/09_thread_subscriptions_update.sql +20 -0
  967. synapse/storage/schema/main/delta/92/09_thread_subscriptions_update.sql.postgres +18 -0
  968. synapse/storage/schema/main/delta/93/01_add_delayed_events.sql +15 -0
  969. synapse/storage/schema/main/full_schemas/72/full.sql.postgres +1344 -0
  970. synapse/storage/schema/main/full_schemas/72/full.sql.sqlite +646 -0
  971. synapse/storage/schema/state/delta/23/drop_state_index.sql +35 -0
  972. synapse/storage/schema/state/delta/32/remove_state_indices.sql +38 -0
  973. synapse/storage/schema/state/delta/35/add_state_index.sql +36 -0
  974. synapse/storage/schema/state/delta/35/state.sql +41 -0
  975. synapse/storage/schema/state/delta/35/state_dedupe.sql +36 -0
  976. synapse/storage/schema/state/delta/47/state_group_seq.py +38 -0
  977. synapse/storage/schema/state/delta/56/state_group_room_idx.sql +36 -0
  978. synapse/storage/schema/state/delta/61/02state_groups_state_n_distinct.sql.postgres +34 -0
  979. synapse/storage/schema/state/delta/70/08_state_group_edges_unique.sql +36 -0
  980. synapse/storage/schema/state/delta/89/01_state_groups_deletion.sql +39 -0
  981. synapse/storage/schema/state/delta/90/02_delete_unreferenced_state_groups.sql +16 -0
  982. synapse/storage/schema/state/delta/90/03_remove_old_deletion_bg_update.sql +15 -0
  983. synapse/storage/schema/state/full_schemas/72/full.sql.postgres +30 -0
  984. synapse/storage/schema/state/full_schemas/72/full.sql.sqlite +20 -0
  985. synapse/storage/types.py +183 -0
  986. synapse/storage/util/__init__.py +20 -0
  987. synapse/storage/util/id_generators.py +928 -0
  988. synapse/storage/util/partial_state_events_tracker.py +194 -0
  989. synapse/storage/util/sequence.py +315 -0
  990. synapse/streams/__init__.py +43 -0
  991. synapse/streams/config.py +91 -0
  992. synapse/streams/events.py +203 -0
  993. synapse/synapse_rust/__init__.pyi +3 -0
  994. synapse/synapse_rust/acl.pyi +20 -0
  995. synapse/synapse_rust/events.pyi +136 -0
  996. synapse/synapse_rust/http_client.pyi +32 -0
  997. synapse/synapse_rust/push.pyi +86 -0
  998. synapse/synapse_rust/rendezvous.pyi +30 -0
  999. synapse/synapse_rust/segmenter.pyi +1 -0
  1000. synapse/synapse_rust.abi3.so +0 -0
  1001. synapse/types/__init__.py +1600 -0
  1002. synapse/types/handlers/__init__.py +93 -0
  1003. synapse/types/handlers/policy_server.py +16 -0
  1004. synapse/types/handlers/sliding_sync.py +908 -0
  1005. synapse/types/rest/__init__.py +25 -0
  1006. synapse/types/rest/client/__init__.py +413 -0
  1007. synapse/types/state.py +634 -0
  1008. synapse/types/storage/__init__.py +66 -0
  1009. synapse/util/__init__.py +169 -0
  1010. synapse/util/async_helpers.py +1045 -0
  1011. synapse/util/background_queue.py +142 -0
  1012. synapse/util/batching_queue.py +202 -0
  1013. synapse/util/caches/__init__.py +300 -0
  1014. synapse/util/caches/cached_call.py +143 -0
  1015. synapse/util/caches/deferred_cache.py +530 -0
  1016. synapse/util/caches/descriptors.py +692 -0
  1017. synapse/util/caches/dictionary_cache.py +346 -0
  1018. synapse/util/caches/expiringcache.py +249 -0
  1019. synapse/util/caches/lrucache.py +975 -0
  1020. synapse/util/caches/response_cache.py +322 -0
  1021. synapse/util/caches/stream_change_cache.py +370 -0
  1022. synapse/util/caches/treecache.py +189 -0
  1023. synapse/util/caches/ttlcache.py +197 -0
  1024. synapse/util/cancellation.py +63 -0
  1025. synapse/util/check_dependencies.py +335 -0
  1026. synapse/util/clock.py +567 -0
  1027. synapse/util/constants.py +22 -0
  1028. synapse/util/daemonize.py +165 -0
  1029. synapse/util/distributor.py +157 -0
  1030. synapse/util/events.py +134 -0
  1031. synapse/util/file_consumer.py +164 -0
  1032. synapse/util/frozenutils.py +57 -0
  1033. synapse/util/gai_resolver.py +178 -0
  1034. synapse/util/hash.py +38 -0
  1035. synapse/util/httpresourcetree.py +108 -0
  1036. synapse/util/iterutils.py +189 -0
  1037. synapse/util/json.py +56 -0
  1038. synapse/util/linked_list.py +156 -0
  1039. synapse/util/logcontext.py +46 -0
  1040. synapse/util/logformatter.py +28 -0
  1041. synapse/util/macaroons.py +325 -0
  1042. synapse/util/manhole.py +191 -0
  1043. synapse/util/metrics.py +339 -0
  1044. synapse/util/module_loader.py +116 -0
  1045. synapse/util/msisdn.py +51 -0
  1046. synapse/util/patch_inline_callbacks.py +250 -0
  1047. synapse/util/pydantic_models.py +63 -0
  1048. synapse/util/ratelimitutils.py +419 -0
  1049. synapse/util/retryutils.py +339 -0
  1050. synapse/util/rlimit.py +42 -0
  1051. synapse/util/rust.py +133 -0
  1052. synapse/util/sentinel.py +21 -0
  1053. synapse/util/stringutils.py +293 -0
  1054. synapse/util/task_scheduler.py +493 -0
  1055. synapse/util/templates.py +126 -0
  1056. synapse/util/threepids.py +123 -0
  1057. synapse/util/wheel_timer.py +112 -0
  1058. synapse/visibility.py +835 -0
synapse/storage/databases/main/end_to_end_keys.py ADDED
@@ -0,0 +1,1894 @@
1
+ #
2
+ # This file is licensed under the Affero General Public License (AGPL) version 3.
3
+ #
4
+ # Copyright 2019,2020 The Matrix.org Foundation C.I.C.
5
+ # Copyright 2015, 2016 OpenMarket Ltd
6
+ # Copyright (C) 2023 New Vector, Ltd
7
+ #
8
+ # This program is free software: you can redistribute it and/or modify
9
+ # it under the terms of the GNU Affero General Public License as
10
+ # published by the Free Software Foundation, either version 3 of the
11
+ # License, or (at your option) any later version.
12
+ #
13
+ # See the GNU Affero General Public License for more details:
14
+ # <https://www.gnu.org/licenses/agpl-3.0.html>.
15
+ #
16
+ # Originally licensed under the Apache License, Version 2.0:
17
+ # <http://www.apache.org/licenses/LICENSE-2.0>.
18
+ #
19
+ # [This file includes modifications made by New Vector Limited]
20
+ #
21
+ #
22
+ import abc
23
+ import json
24
+ from typing import (
25
+ TYPE_CHECKING,
26
+ Any,
27
+ Collection,
28
+ Iterable,
29
+ Literal,
30
+ Mapping,
31
+ Sequence,
32
+ cast,
33
+ overload,
34
+ )
35
+
36
+ import attr
37
+ from canonicaljson import encode_canonical_json
38
+
39
+ from synapse.api.constants import DeviceKeyAlgorithms
40
+ from synapse.appservice import (
41
+ TransactionOneTimeKeysCount,
42
+ TransactionUnusedFallbackKeys,
43
+ )
44
+ from synapse.logging.opentracing import log_kv, set_tag, trace
45
+ from synapse.replication.tcp.streams._base import DeviceListsStream
46
+ from synapse.storage._base import SQLBaseStore, db_to_json
47
+ from synapse.storage.database import (
48
+ DatabasePool,
49
+ LoggingDatabaseConnection,
50
+ LoggingTransaction,
51
+ make_in_list_sql_clause,
52
+ make_tuple_in_list_sql_clause,
53
+ )
54
+ from synapse.storage.databases.main.cache import CacheInvalidationWorkerStore
55
+ from synapse.storage.engines import PostgresEngine
56
+ from synapse.storage.util.id_generators import MultiWriterIdGenerator
57
+ from synapse.types import JsonDict, JsonMapping, MultiWriterStreamToken
58
+ from synapse.util.caches.descriptors import cached, cachedList
59
+ from synapse.util.cancellation import cancellable
60
+ from synapse.util.iterutils import batch_iter
61
+ from synapse.util.json import json_decoder, json_encoder
62
+
63
+ if TYPE_CHECKING:
64
+ from synapse.handlers.e2e_keys import SignatureListItem
65
+ from synapse.server import HomeServer
66
+
67
+
68
+ @attr.s(slots=True, auto_attribs=True)
69
+ class DeviceKeyLookupResult:
70
+ """The type returned by get_e2e_device_keys_and_signatures"""
71
+
72
+ display_name: str | None
73
+
74
+ # the key data from e2e_device_keys_json. Typically includes fields like
75
+ # "algorithm", "keys" (including the curve25519 identity key and the ed25519 signing
76
+ # key) and "signatures" (a map from (user id) to (key id/device_id) to signature.)
77
+ keys: JsonDict | None
78
+
79
+
80
+ class EndToEndKeyBackgroundStore(SQLBaseStore):
81
+ def __init__(
82
+ self,
83
+ database: DatabasePool,
84
+ db_conn: LoggingDatabaseConnection,
85
+ hs: "HomeServer",
86
+ ):
87
+ super().__init__(database, db_conn, hs)
88
+
89
+ self.db_pool.updates.register_background_index_update(
90
+ "e2e_cross_signing_keys_idx",
91
+ index_name="e2e_cross_signing_keys_stream_idx",
92
+ table="e2e_cross_signing_keys",
93
+ columns=["stream_id"],
94
+ unique=True,
95
+ )
96
+
97
+ self.db_pool.updates.register_background_index_update(
98
+ update_name="add_otk_ts_added_index",
99
+ index_name="e2e_one_time_keys_json_user_id_device_id_algorithm_ts_added_idx",
100
+ table="e2e_one_time_keys_json",
101
+ columns=("user_id", "device_id", "algorithm", "ts_added_ms"),
102
+ )
103
+
104
+
105
+ class EndToEndKeyWorkerStore(EndToEndKeyBackgroundStore, CacheInvalidationWorkerStore):
106
+ def __init__(
107
+ self,
108
+ database: DatabasePool,
109
+ db_conn: LoggingDatabaseConnection,
110
+ hs: "HomeServer",
111
+ ):
112
+ super().__init__(database, db_conn, hs)
113
+
114
+ self._allow_device_name_lookup_over_federation = (
115
+ self.hs.config.federation.allow_device_name_lookup_over_federation
116
+ )
117
+
118
+ self._cross_signing_id_gen = MultiWriterIdGenerator(
119
+ db_conn=db_conn,
120
+ db=database,
121
+ notifier=hs.get_replication_notifier(),
122
+ stream_name="e2e_cross_signing_keys",
123
+ server_name=self.server_name,
124
+ instance_name=self._instance_name,
125
+ tables=[
126
+ ("e2e_cross_signing_keys", "instance_name", "stream_id"),
127
+ ],
128
+ sequence_name="e2e_cross_signing_keys_sequence",
129
+ # No one reads the stream positions, so we're allowed to have an empty list of writers
130
+ writers=[],
131
+ )
132
+
133
+ def process_replication_rows(
134
+ self,
135
+ stream_name: str,
136
+ instance_name: str,
137
+ token: int,
138
+ rows: Iterable[Any],
139
+ ) -> None:
140
+ if stream_name == DeviceListsStream.NAME:
141
+ for row in rows:
142
+ assert isinstance(row, DeviceListsStream.DeviceListsStreamRow)
143
+ if not row.hosts_calculated:
144
+ self._get_e2e_device_keys_for_federation_query_inner.invalidate(
145
+ (row.user_id,)
146
+ )
147
+
148
+ super().process_replication_rows(stream_name, instance_name, token, rows)
149
+
150
+ async def get_e2e_device_keys_for_federation_query(
151
+ self, user_id: str
152
+ ) -> tuple[int, Sequence[JsonMapping]]:
153
+ """Get all devices (with any device keys) for a user
154
+
155
+ Returns:
156
+ (stream_id, devices)
157
+ """
158
+ # Here, we don't use the individual instances positions, as we *need* to
159
+ # give out the stream_id as an integer in the federation API.
160
+ # This means that we'll potentially return the same data twice with a
161
+ # different stream_id, and invalidate cache more often than necessary,
162
+ # which is fine overall.
163
+ now_stream_id = self.get_device_stream_token().stream
164
+
165
+ # We need to be careful with the caching here, as we need to always
166
+ # return *all* persisted devices, however there may be a lag between a
167
+ # new device being persisted and the cache being invalidated.
168
+ cached_results = (
169
+ self._get_e2e_device_keys_for_federation_query_inner.cache.get_immediate(
170
+ user_id, None
171
+ )
172
+ )
173
+ if cached_results is not None:
174
+ # Check that there have been no new devices added by another worker
175
+ # after the cache. This should be quick as there should be few rows
176
+ # with a higher stream ordering.
177
+ #
178
+ # Note that we invalidate based on the device stream, so we only
179
+ # have to check for potential invalidations after the
180
+ # `now_stream_id`.
181
+ sql = """
182
+ SELECT 1
183
+ FROM device_lists_stream
184
+ WHERE stream_id >= ? AND user_id = ?
185
+ LIMIT 1
186
+ """
187
+ rows = await self.db_pool.execute(
188
+ "get_e2e_device_keys_for_federation_query_check",
189
+ sql,
190
+ now_stream_id,
191
+ user_id,
192
+ )
193
+ if not rows:
194
+ # No new rows, so cache is still valid.
195
+ return now_stream_id, cached_results
196
+
197
+ # There has, so let's invalidate the cache and run the query.
198
+ self._get_e2e_device_keys_for_federation_query_inner.invalidate((user_id,))
199
+
200
+ results = await self._get_e2e_device_keys_for_federation_query_inner(user_id)
201
+
202
+ return now_stream_id, results
203
+
204
+ @cached(iterable=True)
205
+ async def _get_e2e_device_keys_for_federation_query_inner(
206
+ self, user_id: str
207
+ ) -> Sequence[JsonMapping]:
208
+ """Get all devices (with any device keys) for a user"""
209
+
210
+ devices = await self.get_e2e_device_keys_and_signatures([(user_id, None)])
211
+
212
+ if devices:
213
+ user_devices = devices[user_id]
214
+ results = []
215
+ for device_id, device in user_devices.items():
216
+ result: JsonDict = {"device_id": device_id}
217
+
218
+ keys = device.keys
219
+ if keys:
220
+ result["keys"] = keys
221
+
222
+ device_display_name = None
223
+ if self._allow_device_name_lookup_over_federation:
224
+ device_display_name = device.display_name
225
+ if device_display_name:
226
+ result["device_display_name"] = device_display_name
227
+
228
+ results.append(result)
229
+
230
+ return results
231
+
232
+ return []
233
+
234
+ @trace
235
+ @cancellable
236
+ async def get_e2e_device_keys_for_cs_api(
237
+ self,
238
+ query_list: Collection[tuple[str, str | None]],
239
+ include_displaynames: bool = True,
240
+ ) -> dict[str, dict[str, JsonDict]]:
241
+ """Fetch a list of device keys, formatted suitably for the C/S API.
242
+ Args:
243
+ query_list: List of pairs of user_ids and device_ids.
244
+ include_displaynames: Whether to include the displayname of returned devices
245
+ (if one exists).
246
+ Returns:
247
+ Dict mapping from user-id to dict mapping from device_id to
248
+ key data. The key data will be a dict in the same format as the
249
+ DeviceKeys type returned by POST /_matrix/client/r0/keys/query.
250
+ """
251
+ set_tag("query_list", str(query_list))
252
+ if not query_list:
253
+ return {}
254
+
255
+ results = await self.get_e2e_device_keys_and_signatures(query_list)
256
+
257
+ # Build the result structure, un-jsonify the results, and add the
258
+ # "unsigned" section
259
+ rv: dict[str, dict[str, JsonDict]] = {}
260
+ for user_id, device_keys in results.items():
261
+ rv[user_id] = {}
262
+ for device_id, device_info in device_keys.items():
263
+ r = device_info.keys
264
+ if r is None:
265
+ continue
266
+
267
+ r["unsigned"] = {}
268
+ if include_displaynames:
269
+ # Include the device's display name in the "unsigned" dictionary
270
+ display_name = device_info.display_name
271
+ if display_name is not None:
272
+ r["unsigned"]["device_display_name"] = display_name
273
+
274
+ rv[user_id][device_id] = r
275
+
276
+ return rv
277
+
278
+ @overload
279
+ async def get_e2e_device_keys_and_signatures(
280
+ self,
281
+ query_list: Collection[tuple[str, str | None]],
282
+ include_all_devices: Literal[False] = False,
283
+ ) -> dict[str, dict[str, DeviceKeyLookupResult]]: ...
284
+
285
+ @overload
286
+ async def get_e2e_device_keys_and_signatures(
287
+ self,
288
+ query_list: Collection[tuple[str, str | None]],
289
+ include_all_devices: bool = False,
290
+ include_deleted_devices: Literal[False] = False,
291
+ ) -> dict[str, dict[str, DeviceKeyLookupResult]]: ...
292
+
293
+ @overload
294
+ async def get_e2e_device_keys_and_signatures(
295
+ self,
296
+ query_list: Collection[tuple[str, str | None]],
297
+ include_all_devices: Literal[True],
298
+ include_deleted_devices: Literal[True],
299
+ ) -> dict[str, dict[str, DeviceKeyLookupResult | None]]: ...
300
+
301
+ @trace
302
+ @cancellable
303
+ async def get_e2e_device_keys_and_signatures(
304
+ self,
305
+ query_list: Collection[tuple[str, str | None]],
306
+ include_all_devices: bool = False,
307
+ include_deleted_devices: bool = False,
308
+ ) -> (
309
+ dict[str, dict[str, DeviceKeyLookupResult]]
310
+ | dict[str, dict[str, DeviceKeyLookupResult | None]]
311
+ ):
312
+ """Fetch a list of device keys
313
+
314
+ Any cross-signatures made on the keys by the owner of the device are also
315
+ included.
316
+
317
+ The cross-signatures are added to the `signatures` field within the `keys`
318
+ object in the response.
319
+
320
+ Args:
321
+ query_list: List of pairs of user_ids and device_ids. Device id can be None
322
+ to indicate "all devices for this user"
323
+
324
+ include_all_devices: whether to return devices without device keys
325
+
326
+ include_deleted_devices: whether to include null entries for
327
+ devices which no longer exist (but were in the query_list).
328
+ This option only takes effect if include_all_devices is true.
329
+
330
+ Returns:
331
+ Dict mapping from user-id to dict mapping from device_id to
332
+ key data.
333
+ """
334
+ set_tag("include_all_devices", include_all_devices)
335
+ set_tag("include_deleted_devices", include_deleted_devices)
336
+
337
+ result = await self._get_e2e_device_keys(
338
+ query_list,
339
+ include_all_devices,
340
+ include_deleted_devices,
341
+ )
342
+
343
+ # get the (user_id, device_id) tuples to look up cross-signatures for
344
+ signature_query = (
345
+ (user_id, device_id)
346
+ for user_id, dev in result.items()
347
+ for device_id, d in dev.items()
348
+ if d is not None and d.keys is not None
349
+ )
350
+
351
+ # 1000 is an arbitrary batch size. It helped performance on a very
352
+ # large-scale deployment (matrix.org), but has not been tested against
353
+ # any other setup.
354
+ for batch in batch_iter(signature_query, 1000):
355
+ cross_sigs_result = (
356
+ await self._get_e2e_cross_signing_signatures_for_devices(batch)
357
+ )
358
+
359
+ # add each cross-signing signature to the correct device in the result dict.
360
+ for (
361
+ user_id,
362
+ device_id,
363
+ ), signature_list in cross_sigs_result.items():
364
+ target_device_result = result[user_id][device_id]
365
+
366
+ # We've only looked up cross-signatures for non-deleted devices with key
367
+ # data.
368
+ assert target_device_result is not None
369
+ assert target_device_result.keys is not None
370
+ target_device_signatures = target_device_result.keys.setdefault(
371
+ "signatures", {}
372
+ )
373
+ signing_user_signatures = target_device_signatures.setdefault(
374
+ user_id, {}
375
+ )
376
+
377
+ for key_id, signature in signature_list:
378
+ signing_user_signatures[key_id] = signature
379
+
380
+ log_kv(result)
381
+ return result
382
+
383
+ async def _get_e2e_device_keys(
384
+ self,
385
+ query_list: Collection[tuple[str, str | None]],
386
+ include_all_devices: bool = False,
387
+ include_deleted_devices: bool = False,
388
+ ) -> dict[str, dict[str, DeviceKeyLookupResult | None]]:
389
+ """Get information on devices from the database
390
+
391
+ The results include the device's keys and self-signatures, but *not* any
392
+ cross-signing signatures which have been added subsequently (for which, see
393
+ get_e2e_device_keys_and_signatures)
394
+ """
395
+ query_clauses: list[str] = []
396
+ query_params_list: list[list[object]] = []
397
+
398
+ if include_all_devices is False:
399
+ include_deleted_devices = False
400
+
401
+ if include_deleted_devices:
402
+ deleted_devices = set(query_list)
403
+
404
+ # Split the query list into queries for users and queries for particular
405
+ # devices.
406
+ user_list = []
407
+ user_device_list = []
408
+ for user_id, device_id in query_list:
409
+ if device_id is None:
410
+ user_list.append(user_id)
411
+ else:
412
+ user_device_list.append((user_id, device_id))
413
+
414
+ if user_list:
415
+ user_id_in_list_clause, user_args = make_in_list_sql_clause(
416
+ self.database_engine, "user_id", user_list
417
+ )
418
+ query_clauses.append(user_id_in_list_clause)
419
+ query_params_list.append(user_args)
420
+
421
+ if user_device_list:
422
+ # Divide the device queries into batches, to avoid excessively large
423
+ # queries.
424
+ for user_device_batch in batch_iter(user_device_list, 1024):
425
+ (
426
+ user_device_id_in_list_clause,
427
+ user_device_args,
428
+ ) = make_tuple_in_list_sql_clause(
429
+ self.database_engine, ("user_id", "device_id"), user_device_batch
430
+ )
431
+ query_clauses.append(user_device_id_in_list_clause)
432
+ query_params_list.append(user_device_args)
433
+
434
+ result: dict[str, dict[str, DeviceKeyLookupResult | None]] = {}
435
+
436
+ def get_e2e_device_keys_txn(
437
+ txn: LoggingTransaction, query_clause: str, query_params: list
438
+ ) -> None:
439
+ if include_all_devices:
440
+ sql = f"""
441
+ SELECT user_id, device_id, d.display_name, k.key_json
442
+ FROM devices d
443
+ LEFT JOIN e2e_device_keys_json k USING (user_id, device_id)
444
+ WHERE {query_clause} AND NOT d.hidden
445
+ """
446
+ else:
447
+ # We swap around `e2e_device_keys_json` and `devices`, as we
448
+ # want Postgres to query `e2e_device_keys_json` first as it will
449
+ # have fewer rows in it. This helps *a lot* with accounts with
450
+ # lots of non-e2e devices (such as bots).
451
+ sql = f"""
452
+ SELECT user_id, device_id, d.display_name, k.key_json
453
+ FROM e2e_device_keys_json k
454
+ INNER JOIN devices d USING (user_id, device_id)
455
+ WHERE {query_clause} AND NOT d.hidden
456
+ """
457
+
458
+ txn.execute(sql, query_params)
459
+
460
+ for user_id, device_id, display_name, key_json in txn:
461
+ assert device_id is not None
462
+ if include_deleted_devices:
463
+ deleted_devices.remove((user_id, device_id))
464
+ result.setdefault(user_id, {})[device_id] = DeviceKeyLookupResult(
465
+ display_name, db_to_json(key_json) if key_json else None
466
+ )
467
+
468
+ for query_clause, query_params in zip(query_clauses, query_params_list):
469
+ await self.db_pool.runInteraction(
470
+ "_get_e2e_device_keys",
471
+ get_e2e_device_keys_txn,
472
+ query_clause,
473
+ query_params,
474
+ )
475
+
476
+ if include_deleted_devices:
477
+ for user_id, device_id in deleted_devices:
478
+ if device_id is None:
479
+ continue
480
+ result.setdefault(user_id, {})[device_id] = None
481
+
482
+ return result
483
+
484
+ @cached()
485
+ def _get_e2e_cross_signing_signatures_for_device(
486
+ self,
487
+ user_id_and_device_id: tuple[str, str],
488
+ ) -> Sequence[tuple[str, str]]:
489
+ """
490
+ The single-item version of `_get_e2e_cross_signing_signatures_for_devices`.
491
+ See @cachedList for why a separate method is needed.
492
+ """
493
+ raise NotImplementedError()
494
+
495
+ @cachedList(
496
+ cached_method_name="_get_e2e_cross_signing_signatures_for_device",
497
+ list_name="device_query",
498
+ )
499
+ async def _get_e2e_cross_signing_signatures_for_devices(
500
+ self, device_query: Iterable[tuple[str, str]]
501
+ ) -> Mapping[tuple[str, str], Sequence[tuple[str, str]]]:
502
+ """Get cross-signing signatures for a given list of user IDs and devices.
503
+
504
+ Args:
505
+ An iterable containing tuples of (user ID, device ID).
506
+
507
+ Returns:
508
+ A mapping of results. The keys are the original (user_id, device_id)
509
+ tuple, while the value is the matching list of tuples of
510
+ (key_id, signature). The value will be an empty list if no
511
+ signatures exist for the device.
512
+
513
+ Given this method is annotated with `@cachedList`, the return dict's
514
+ keys match the tuples within `device_query`, so that cache entries can
515
+ be computed from the corresponding values.
516
+
517
+ As results are cached, the return type is immutable.
518
+ """
519
+
520
+ def _get_e2e_cross_signing_signatures_for_devices_txn(
521
+ txn: LoggingTransaction, device_query: Iterable[tuple[str, str]]
522
+ ) -> Mapping[tuple[str, str], Sequence[tuple[str, str]]]:
523
+ where_clause_sql, where_clause_params = make_tuple_in_list_sql_clause(
524
+ self.database_engine,
525
+ columns=("target_user_id", "target_device_id", "user_id"),
526
+ iterable=[
527
+ (user_id, device_id, user_id) for user_id, device_id in device_query
528
+ ],
529
+ )
530
+
531
+ signature_sql = f"""
532
+ SELECT user_id, key_id, target_device_id, signature
533
+ FROM e2e_cross_signing_signatures WHERE {where_clause_sql}
534
+ """
535
+
536
+ txn.execute(signature_sql, where_clause_params)
537
+
538
+ devices_and_signatures: dict[tuple[str, str], list[tuple[str, str]]] = {}
539
+
540
+ # `@cachedList` requires we return one key for every item in `device_query`.
541
+ # Pre-populate `devices_and_signatures` with each key so that none are missing.
542
+ #
543
+ # If any are missing, they will be cached as `None`, which is not
544
+ # what callers expected.
545
+ for user_id, device_id in device_query:
546
+ devices_and_signatures.setdefault((user_id, device_id), [])
547
+
548
+ # Populate the return dictionary with each found key_id and signature.
549
+ for user_id, key_id, target_device_id, signature in txn.fetchall():
550
+ signature_tuple = (key_id, signature)
551
+ devices_and_signatures[(user_id, target_device_id)].append(
552
+ signature_tuple
553
+ )
554
+
555
+ return devices_and_signatures
556
+
557
+ return await self.db_pool.runInteraction(
558
+ "_get_e2e_cross_signing_signatures_for_devices_txn",
559
+ _get_e2e_cross_signing_signatures_for_devices_txn,
560
+ device_query,
561
+ )
562
+
563
+ async def get_e2e_one_time_keys(
564
+ self, user_id: str, device_id: str, key_ids: list[str]
565
+ ) -> dict[tuple[str, str], str]:
566
+ """Retrieve a number of one-time keys for a user
567
+
568
+ Args:
569
+ user_id: id of user to get keys for
570
+ device_id: id of device to get keys for
571
+ key_ids: list of key ids (excluding algorithm) to retrieve
572
+
573
+ Returns:
574
+ A map from (algorithm, key_id) to json string for key
575
+ """
576
+
577
+ rows = cast(
578
+ list[tuple[str, str, str]],
579
+ await self.db_pool.simple_select_many_batch(
580
+ table="e2e_one_time_keys_json",
581
+ column="key_id",
582
+ iterable=key_ids,
583
+ retcols=("algorithm", "key_id", "key_json"),
584
+ keyvalues={"user_id": user_id, "device_id": device_id},
585
+ desc="add_e2e_one_time_keys_check",
586
+ ),
587
+ )
588
+ result = {(algorithm, key_id): key_json for algorithm, key_id, key_json in rows}
589
+ log_kv({"message": "Fetched one time keys for user", "one_time_keys": result})
590
+ return result
591
+
592
+ async def add_e2e_one_time_keys(
593
+ self,
594
+ user_id: str,
595
+ device_id: str,
596
+ time_now: int,
597
+ new_keys: Iterable[tuple[str, str, str]],
598
+ ) -> None:
599
+ """Insert some new one time keys for a device. Errors if any of the
600
+ keys already exist.
601
+
602
+ Args:
603
+ user_id: id of user to get keys for
604
+ device_id: id of device to get keys for
605
+ time_now: insertion time to record (ms since epoch)
606
+ new_keys: keys to add - each a tuple of (algorithm, key_id, key json)
607
+ """
608
+
609
+ await self.db_pool.runInteraction(
610
+ "add_e2e_one_time_keys_insert",
611
+ self._add_e2e_one_time_keys_txn,
612
+ user_id,
613
+ device_id,
614
+ time_now,
615
+ new_keys,
616
+ )
617
+
618
+ def _add_e2e_one_time_keys_txn(
619
+ self,
620
+ txn: LoggingTransaction,
621
+ user_id: str,
622
+ device_id: str,
623
+ time_now: int,
624
+ new_keys: Iterable[tuple[str, str, str]],
625
+ ) -> None:
626
+ """Insert some new one time keys for a device. Errors if any of the keys already exist.
627
+
628
+ Args:
629
+ user_id: id of user to get keys for
630
+ device_id: id of device to get keys for
631
+ time_now: insertion time to record (ms since epoch)
632
+ new_keys: keys to add - each a tuple of (algorithm, key_id, key json) - note
633
+ that the key JSON must be in canonical JSON form
634
+ """
635
+ set_tag("user_id", user_id)
636
+ set_tag("device_id", device_id)
637
+ set_tag("new_keys", str(new_keys))
638
+ # We are protected from race between lookup and insertion due to
639
+ # a unique constraint. If there is a race of two calls to
640
+ # `add_e2e_one_time_keys` then they'll conflict and we will only
641
+ # insert one set.
642
+ self.db_pool.simple_insert_many_txn(
643
+ txn,
644
+ table="e2e_one_time_keys_json",
645
+ keys=(
646
+ "user_id",
647
+ "device_id",
648
+ "algorithm",
649
+ "key_id",
650
+ "ts_added_ms",
651
+ "key_json",
652
+ ),
653
+ values=[
654
+ (user_id, device_id, algorithm, key_id, time_now, json_bytes)
655
+ for algorithm, key_id, json_bytes in new_keys
656
+ ],
657
+ )
658
+ self._invalidate_cache_and_stream(
659
+ txn, self.count_e2e_one_time_keys, (user_id, device_id)
660
+ )
661
+
662
+ @cached(max_entries=10000, tree=True)
663
+ async def count_e2e_one_time_keys(
664
+ self, user_id: str, device_id: str
665
+ ) -> Mapping[str, int]:
666
+ """Count the number of one time keys the server has for a device
667
+ Returns:
668
+ A mapping from algorithm to number of keys for that algorithm.
669
+ """
670
+
671
+ def _count_e2e_one_time_keys(txn: LoggingTransaction) -> dict[str, int]:
672
+ sql = (
673
+ "SELECT algorithm, COUNT(key_id) FROM e2e_one_time_keys_json"
674
+ " WHERE user_id = ? AND device_id = ?"
675
+ " GROUP BY algorithm"
676
+ )
677
+ txn.execute(sql, (user_id, device_id))
678
+
679
+ # Initially set the key count to 0. This ensures that the client will always
680
+ # receive *some count*, even if it's 0.
681
+ result = {DeviceKeyAlgorithms.SIGNED_CURVE25519: 0}
682
+
683
+ # Override entries with the count of any keys we pulled from the database
684
+ for algorithm, key_count in txn:
685
+ result[algorithm] = key_count
686
+
687
+ return result
688
+
689
+ return await self.db_pool.runInteraction(
690
+ "count_e2e_one_time_keys", _count_e2e_one_time_keys
691
+ )
692
+
693
+ async def count_bulk_e2e_one_time_keys_for_as(
694
+ self, user_ids: Collection[str]
695
+ ) -> TransactionOneTimeKeysCount:
696
+ """
697
+ Counts, in bulk, the one-time keys for all the users specified.
698
+ Intended to be used by application services for populating OTK counts in
699
+ transactions.
700
+
701
+ Return structure is of the shape:
702
+ user_id -> device_id -> algorithm -> count
703
+ Empty algorithm -> count dicts are created if needed to represent a
704
+ lack of unused one-time keys.
705
+ """
706
+
707
+ def _count_bulk_e2e_one_time_keys_txn(
708
+ txn: LoggingTransaction,
709
+ ) -> TransactionOneTimeKeysCount:
710
+ user_in_where_clause, user_parameters = make_in_list_sql_clause(
711
+ self.database_engine, "user_id", user_ids
712
+ )
713
+ sql = f"""
714
+ SELECT user_id, device_id, algorithm, COUNT(key_id)
715
+ FROM devices
716
+ LEFT JOIN e2e_one_time_keys_json USING (user_id, device_id)
717
+ WHERE {user_in_where_clause}
718
+ GROUP BY user_id, device_id, algorithm
719
+ """
720
+ txn.execute(sql, user_parameters)
721
+
722
+ result: TransactionOneTimeKeysCount = {}
723
+
724
+ for user_id, device_id, algorithm, count in txn:
725
+ # We deliberately construct empty dictionaries for
726
+ # users and devices without any unused one-time keys.
727
+ # We *could* omit these empty dicts if there have been no
728
+ # changes since the last transaction, but we currently don't
729
+ # do any change tracking!
730
+ device_count_by_algo = result.setdefault(user_id, {}).setdefault(
731
+ device_id, {}
732
+ )
733
+ if algorithm is not None:
734
+ # algorithm will be None if this device has no keys.
735
+ device_count_by_algo[algorithm] = count
736
+
737
+ return result
738
+
739
+ return await self.db_pool.runInteraction(
740
+ "count_bulk_e2e_one_time_keys", _count_bulk_e2e_one_time_keys_txn
741
+ )
742
+
743
+ async def get_e2e_bulk_unused_fallback_key_types(
744
+ self, user_ids: Collection[str]
745
+ ) -> TransactionUnusedFallbackKeys:
746
+ """
747
+ Finds, in bulk, the types of unused fallback keys for all the users specified.
748
+ Intended to be used by application services for populating unused fallback
749
+ keys in transactions.
750
+
751
+ Return structure is of the shape:
752
+ user_id -> device_id -> algorithms
753
+ Empty lists are created for devices if there are no unused fallback
754
+ keys. This matches the response structure of MSC3202.
755
+ """
756
+ if len(user_ids) == 0:
757
+ return {}
758
+
759
+ def _get_bulk_e2e_unused_fallback_keys_txn(
760
+ txn: LoggingTransaction,
761
+ ) -> TransactionUnusedFallbackKeys:
762
+ user_in_where_clause, user_parameters = make_in_list_sql_clause(
763
+ self.database_engine, "devices.user_id", user_ids
764
+ )
765
+ # We can't use USING here because we require the `.used` condition
766
+ # to be part of the JOIN condition so that we generate empty lists
767
+ # when all keys are used (as opposed to just when there are no keys at all).
768
+ sql = f"""
769
+ SELECT devices.user_id, devices.device_id, algorithm
770
+ FROM devices
771
+ LEFT JOIN e2e_fallback_keys_json AS fallback_keys
772
+ ON devices.user_id = fallback_keys.user_id
773
+ AND devices.device_id = fallback_keys.device_id
774
+ AND NOT fallback_keys.used
775
+ WHERE
776
+ {user_in_where_clause}
777
+ """
778
+ txn.execute(sql, user_parameters)
779
+
780
+ result: TransactionUnusedFallbackKeys = {}
781
+
782
+ for user_id, device_id, algorithm in txn:
783
+ # We deliberately construct empty dictionaries and lists for
784
+ # users and devices without any unused fallback keys.
785
+ # We *could* omit these empty dicts if there have been no
786
+ # changes since the last transaction, but we currently don't
787
+ # do any change tracking!
788
+ device_unused_keys = result.setdefault(user_id, {}).setdefault(
789
+ device_id, []
790
+ )
791
+ if algorithm is not None:
792
+ # algorithm will be None if this device has no keys.
793
+ device_unused_keys.append(algorithm)
794
+
795
+ return result
796
+
797
+ return await self.db_pool.runInteraction(
798
+ "_get_bulk_e2e_unused_fallback_keys", _get_bulk_e2e_unused_fallback_keys_txn
799
+ )
800
+
801
+ async def set_e2e_fallback_keys(
802
+ self, user_id: str, device_id: str, fallback_keys: JsonDict
803
+ ) -> None:
804
+ """Set the user's e2e fallback keys.
805
+
806
+ Args:
807
+ user_id: the user whose keys are being set
808
+ device_id: the device whose keys are being set
809
+ fallback_keys: the keys to set. This is a map from key ID (which is
810
+ of the form "algorithm:id") to key data.
811
+ """
812
+ await self.db_pool.runInteraction(
813
+ "set_e2e_fallback_keys_txn",
814
+ self._set_e2e_fallback_keys_txn,
815
+ user_id,
816
+ device_id,
817
+ fallback_keys,
818
+ )
819
+
820
+ await self.invalidate_cache_and_stream(
821
+ "get_e2e_unused_fallback_key_types", (user_id, device_id)
822
+ )
823
+
824
+ def _set_e2e_fallback_keys_txn(
825
+ self,
826
+ txn: LoggingTransaction,
827
+ user_id: str,
828
+ device_id: str,
829
+ fallback_keys: JsonDict,
830
+ ) -> None:
831
+ """Set the user's e2e fallback keys.
832
+
833
+ Args:
834
+ user_id: the user whose keys are being set
835
+ device_id: the device whose keys are being set
836
+ fallback_keys: the keys to set. This is a map from key ID (which is
837
+ of the form "algorithm:id") to key data.
838
+ """
839
+ # fallback_keys will usually only have one item in it, so using a for
840
+ # loop (as opposed to calling simple_upsert_many_txn) won't be too bad
841
+ # FIXME: make sure that only one key per algorithm is uploaded
842
+ for key_id, fallback_key in fallback_keys.items():
843
+ algorithm, key_id = key_id.split(":", 1)
844
+ old_key_json = self.db_pool.simple_select_one_onecol_txn(
845
+ txn,
846
+ table="e2e_fallback_keys_json",
847
+ keyvalues={
848
+ "user_id": user_id,
849
+ "device_id": device_id,
850
+ "algorithm": algorithm,
851
+ },
852
+ retcol="key_json",
853
+ allow_none=True,
854
+ )
855
+
856
+ new_key_json = encode_canonical_json(fallback_key).decode("utf-8")
857
+
858
+ # If the uploaded key is the same as the current fallback key,
859
+ # don't do anything. This prevents marking the key as unused if it
860
+ # was already used.
861
+ if old_key_json != new_key_json:
862
+ self.db_pool.simple_upsert_txn(
863
+ txn,
864
+ table="e2e_fallback_keys_json",
865
+ keyvalues={
866
+ "user_id": user_id,
867
+ "device_id": device_id,
868
+ "algorithm": algorithm,
869
+ },
870
+ values={
871
+ "key_id": key_id,
872
+ "key_json": json_encoder.encode(fallback_key),
873
+ "used": False,
874
+ },
875
+ )
876
+
877
+ @cached(max_entries=10000, tree=True)
878
+ async def get_e2e_unused_fallback_key_types(
879
+ self, user_id: str, device_id: str
880
+ ) -> Sequence[str]:
881
+ """Returns the fallback key types that have an unused key.
882
+
883
+ Args:
884
+ user_id: the user whose keys are being queried
885
+ device_id: the device whose keys are being queried
886
+
887
+ Returns:
888
+ a list of key types
889
+ """
890
+ return await self.db_pool.simple_select_onecol(
891
+ "e2e_fallback_keys_json",
892
+ keyvalues={"user_id": user_id, "device_id": device_id, "used": False},
893
+ retcol="algorithm",
894
+ desc="get_e2e_unused_fallback_key_types",
895
+ )
896
+
897
+ async def get_e2e_cross_signing_key(
898
+ self, user_id: str, key_type: str, from_user_id: str | None = None
899
+ ) -> JsonMapping | None:
900
+ """Returns a user's cross-signing key.
901
+
902
+ Args:
903
+ user_id: the user whose key is being requested
904
+ key_type: the type of key that is being requested: either 'master'
905
+ for a master key, 'self_signing' for a self-signing key, or
906
+ 'user_signing' for a user-signing key
907
+ from_user_id: if specified, signatures made by this user on
908
+ the self-signing key will be included in the result
909
+
910
+ Returns:
911
+ dict of the key data or None if not found
912
+ """
913
+ res = await self.get_e2e_cross_signing_keys_bulk([user_id], from_user_id)
914
+ user_keys = res.get(user_id)
915
+ if not user_keys:
916
+ return None
917
+ return user_keys.get(key_type)
918
+
919
+ @cached(num_args=1)
920
+ def _get_bare_e2e_cross_signing_keys(
921
+ self, user_id: str
922
+ ) -> Mapping[str, JsonMapping]:
923
+ """Dummy function. Only used to make a cache for
924
+ _get_bare_e2e_cross_signing_keys_bulk.
925
+ """
926
+ raise NotImplementedError()
927
+
928
+ @cachedList(
929
+ cached_method_name="_get_bare_e2e_cross_signing_keys",
930
+ list_name="user_ids",
931
+ num_args=1,
932
+ )
933
+ async def _get_bare_e2e_cross_signing_keys_bulk(
934
+ self, user_ids: Iterable[str]
935
+ ) -> Mapping[str, Mapping[str, JsonMapping] | None]:
936
+ """Returns the cross-signing keys for a set of users. The output of this
937
+ function should be passed to _get_e2e_cross_signing_signatures_txn if
938
+ the signatures for the calling user need to be fetched.
939
+
940
+ Args:
941
+ user_ids: the users whose keys are being requested
942
+
943
+ Returns:
944
+ A mapping from user ID to key type to key data. If a user's cross-signing
945
+ keys were not found, either their user ID will not be in the dict, or
946
+ their user ID will map to None.
947
+
948
+ """
949
+ return await self.db_pool.runInteraction(
950
+ "get_bare_e2e_cross_signing_keys_bulk",
951
+ self._get_bare_e2e_cross_signing_keys_bulk_txn,
952
+ user_ids,
953
+ )
954
+
955
+ def _get_bare_e2e_cross_signing_keys_bulk_txn(
956
+ self,
957
+ txn: LoggingTransaction,
958
+ user_ids: Iterable[str],
959
+ ) -> dict[str, dict[str, JsonDict]]:
960
+ """Returns the cross-signing keys for a set of users. The output of this
961
+ function should be passed to _get_e2e_cross_signing_signatures_txn if
962
+ the signatures for the calling user need to be fetched.
963
+
964
+ Args:
965
+ txn: db connection
966
+ user_ids: the users whose keys are being requested
967
+
968
+ Returns:
969
+ Mapping from user ID to key type to key data.
970
+ If a user's cross-signing keys were not found, their user ID will not be in
971
+ the dict.
972
+
973
+ """
974
+ result: dict[str, dict[str, JsonDict]] = {}
975
+
976
+ for user_chunk in batch_iter(user_ids, 100):
977
+ clause, params = make_in_list_sql_clause(
978
+ txn.database_engine, "user_id", user_chunk
979
+ )
980
+
981
+ # Fetch the latest key for each type per user.
982
+ if isinstance(self.database_engine, PostgresEngine):
983
+ # The `DISTINCT ON` clause will pick the *first* row it
984
+ # encounters, so ordering by stream ID desc will ensure we get
985
+ # the latest key.
986
+ sql = """
987
+ SELECT DISTINCT ON (user_id, keytype) user_id, keytype, keydata, stream_id
988
+ FROM e2e_cross_signing_keys
989
+ WHERE %(clause)s
990
+ ORDER BY user_id, keytype, stream_id DESC
991
+ """ % {"clause": clause}
992
+ else:
993
+ # SQLite has special handling for bare columns when using
994
+ # MIN/MAX with a `GROUP BY` clause where it picks the value from
995
+ # a row that matches the MIN/MAX.
996
+ sql = """
997
+ SELECT user_id, keytype, keydata, MAX(stream_id)
998
+ FROM e2e_cross_signing_keys
999
+ WHERE %(clause)s
1000
+ GROUP BY user_id, keytype
1001
+ """ % {"clause": clause}
1002
+
1003
+ txn.execute(sql, params)
1004
+
1005
+ for user_id, key_type, key_data, _ in txn:
1006
+ user_keys = result.setdefault(user_id, {})
1007
+ user_keys[key_type] = db_to_json(key_data)
1008
+
1009
+ return result
1010
+
1011
+ def _get_e2e_cross_signing_signatures_txn(
1012
+ self,
1013
+ txn: LoggingTransaction,
1014
+ keys: dict[str, dict[str, JsonDict] | None],
1015
+ from_user_id: str,
1016
+ ) -> dict[str, dict[str, JsonDict] | None]:
1017
+ """Returns the cross-signing signatures made by a user on a set of keys.
1018
+
1019
+ Args:
1020
+ txn: db connection
1021
+ keys: a map of user ID to key type to key data.
1022
+ This dict will be modified to add signatures.
1023
+ from_user_id: fetch the signatures made by this user
1024
+
1025
+ Returns:
1026
+ Mapping from user ID to key type to key data.
1027
+ The return value will be the same as the keys argument, with the
1028
+ modifications included.
1029
+ """
1030
+
1031
+ # find out what cross-signing keys (a.k.a. devices) we need to get
1032
+ # signatures for. This is a map of (user_id, device_id) to key type
1033
+ # (device_id is the key's public part).
1034
+ devices: dict[tuple[str, str], str] = {}
1035
+
1036
+ for user_id, user_keys in keys.items():
1037
+ if user_keys is None:
1038
+ continue
1039
+ for key_type, key in user_keys.items():
1040
+ device_id = None
1041
+ for k in key["keys"].values():
1042
+ device_id = k
1043
+ # `key` ought to be a `CrossSigningKey`, whose .keys property is a
1044
+ # dictionary with a single entry:
1045
+ # "algorithm:base64_public_key": "base64_public_key"
1046
+ # See https://spec.matrix.org/v1.1/client-server-api/#cross-signing
1047
+ assert isinstance(device_id, str)
1048
+ devices[(user_id, device_id)] = key_type
1049
+
1050
+ for batch in batch_iter(devices.keys(), size=100):
1051
+ sql = """
1052
+ SELECT target_user_id, target_device_id, key_id, signature
1053
+ FROM e2e_cross_signing_signatures
1054
+ WHERE user_id = ?
1055
+ AND (%s)
1056
+ """ % (
1057
+ " OR ".join(
1058
+ "(target_user_id = ? AND target_device_id = ?)" for _ in batch
1059
+ )
1060
+ )
1061
+ query_params = [from_user_id]
1062
+ for item in batch:
1063
+ # item is a (user_id, device_id) tuple
1064
+ query_params.extend(item)
1065
+
1066
+ txn.execute(sql, query_params)
1067
+
1068
+ # and add the signatures to the appropriate keys
1069
+ for target_user_id, target_device_id, key_id, signature in txn:
1070
+ key_type = devices[(target_user_id, target_device_id)]
1071
+ # We need to copy everything, because the result may have come
1072
+ # from the cache. dict.copy only does a shallow copy, so we
1073
+ # need to recursively copy the dicts that will be modified.
1074
+ user_keys = keys[target_user_id]
1075
+ # `user_keys` cannot be `None` because we only fetched signatures for
1076
+ # users with keys
1077
+ assert user_keys is not None
1078
+ user_keys = keys[target_user_id] = user_keys.copy()
1079
+
1080
+ target_user_key = user_keys[key_type] = user_keys[key_type].copy()
1081
+ if "signatures" in target_user_key:
1082
+ signatures = target_user_key["signatures"] = target_user_key[
1083
+ "signatures"
1084
+ ].copy()
1085
+ if from_user_id in signatures:
1086
+ user_sigs = signatures[from_user_id] = signatures[from_user_id]
1087
+ user_sigs[key_id] = signature
1088
+ else:
1089
+ signatures[from_user_id] = {key_id: signature}
1090
+ else:
1091
+ target_user_key["signatures"] = {from_user_id: {key_id: signature}}
1092
+
1093
+ return keys
1094
+
1095
+ @cancellable
1096
+ async def get_e2e_cross_signing_keys_bulk(
1097
+ self, user_ids: list[str], from_user_id: str | None = None
1098
+ ) -> Mapping[str, Mapping[str, JsonMapping] | None]:
1099
+ """Returns the cross-signing keys for a set of users.
1100
+
1101
+ Args:
1102
+ user_ids: the users whose keys are being requested
1103
+ from_user_id: if specified, signatures made by this user on
1104
+ the self-signing keys will be included in the result
1105
+
1106
+ Returns:
1107
+ A map of user ID to key type to key data. If a user's cross-signing
1108
+ keys were not found, either their user ID will not be in the dict,
1109
+ or their user ID will map to None.
1110
+ """
1111
+ result = await self._get_bare_e2e_cross_signing_keys_bulk(user_ids)
1112
+
1113
+ if from_user_id:
1114
+ result = cast(
1115
+ dict[str, Mapping[str, JsonMapping] | None],
1116
+ await self.db_pool.runInteraction(
1117
+ "get_e2e_cross_signing_signatures",
1118
+ self._get_e2e_cross_signing_signatures_txn,
1119
+ result,
1120
+ from_user_id,
1121
+ ),
1122
+ )
1123
+
1124
+ return result
1125
+
1126
+ async def get_all_user_signature_changes_for_remotes(
1127
+ self, instance_name: str, last_id: int, current_id: int, limit: int
1128
+ ) -> tuple[list[tuple[int, tuple]], int, bool]:
1129
+ """Get updates for groups replication stream.
1130
+
1131
+ Note that the user signature stream represents when a user signs their
1132
+ device with their user-signing key, which is not published to other
1133
+ users or servers, so no `destination` is needed in the returned
1134
+ list. However, this is needed to poke workers.
1135
+
1136
+ Args:
1137
+ instance_name: The writer we want to fetch updates from. Unused
1138
+ here since there is only ever one writer.
1139
+ last_id: The token to fetch updates from. Exclusive.
1140
+ current_id: The token to fetch updates up to. Inclusive.
1141
+ limit: The requested limit for the number of rows to return. The
1142
+ function may return more or fewer rows.
1143
+
1144
+ Returns:
1145
+ A tuple consisting of: the updates, a token to use to fetch
1146
+ subsequent updates, and whether we returned fewer rows than exists
1147
+ between the requested tokens due to the limit.
1148
+
1149
+ The token returned can be used in a subsequent call to this
1150
+ function to get further updatees.
1151
+
1152
+ The updates are a list of 2-tuples of stream ID and the row data
1153
+ """
1154
+
1155
+ if last_id == current_id:
1156
+ return [], current_id, False
1157
+
1158
+ def _get_all_user_signature_changes_for_remotes_txn(
1159
+ txn: LoggingTransaction,
1160
+ ) -> tuple[list[tuple[int, tuple]], int, bool]:
1161
+ sql = """
1162
+ SELECT stream_id, from_user_id AS user_id
1163
+ FROM user_signature_stream
1164
+ WHERE ? < stream_id AND stream_id <= ?
1165
+ ORDER BY stream_id ASC
1166
+ LIMIT ?
1167
+ """
1168
+ txn.execute(sql, (last_id, current_id, limit))
1169
+
1170
+ updates = [(row[0], (row[1:])) for row in txn]
1171
+
1172
+ limited = False
1173
+ upto_token = current_id
1174
+ if len(updates) >= limit:
1175
+ upto_token = updates[-1][0]
1176
+ limited = True
1177
+
1178
+ return updates, upto_token, limited
1179
+
1180
+ return await self.db_pool.runInteraction(
1181
+ "get_all_user_signature_changes_for_remotes",
1182
+ _get_all_user_signature_changes_for_remotes_txn,
1183
+ )
1184
+
1185
+ @abc.abstractmethod
1186
+ def get_device_stream_token(self) -> MultiWriterStreamToken:
1187
+ """Get the current stream id from the _device_list_id_gen"""
1188
+ ...
1189
+
1190
+ async def claim_e2e_one_time_keys(
1191
+ self, query_list: Collection[tuple[str, str, str, int]]
1192
+ ) -> tuple[
1193
+ dict[str, dict[str, dict[str, JsonDict]]], list[tuple[str, str, str, int]]
1194
+ ]:
1195
+ """Take a list of one time keys out of the database.
1196
+
1197
+ Args:
1198
+ query_list: An iterable of tuples of (user ID, device ID, algorithm, number of keys).
1199
+
1200
+ Returns:
1201
+ A tuple (results, missing) of:
1202
+ A map of user ID -> a map device ID -> a map of key ID -> JSON.
1203
+
1204
+ A copy of the input which has not been fulfilled. The returned counts
1205
+ may be less than the input counts. In this case, the returned counts
1206
+ are the number of claims that were not fulfilled.
1207
+ """
1208
+ results: dict[str, dict[str, dict[str, JsonDict]]] = {}
1209
+ missing: list[tuple[str, str, str, int]] = []
1210
+ if isinstance(self.database_engine, PostgresEngine):
1211
+ # If we can use execute_values we can use a single batch query
1212
+ # in autocommit mode.
1213
+ unfulfilled_claim_counts: dict[tuple[str, str, str], int] = {}
1214
+ for user_id, device_id, algorithm, count in query_list:
1215
+ unfulfilled_claim_counts[user_id, device_id, algorithm] = count
1216
+
1217
+ bulk_claims = await self.db_pool.runInteraction(
1218
+ "claim_e2e_one_time_keys",
1219
+ self._claim_e2e_one_time_keys_bulk,
1220
+ query_list,
1221
+ db_autocommit=True,
1222
+ )
1223
+
1224
+ for user_id, device_id, algorithm, key_id, key_json in bulk_claims:
1225
+ device_results = results.setdefault(user_id, {}).setdefault(
1226
+ device_id, {}
1227
+ )
1228
+ device_results[f"{algorithm}:{key_id}"] = json_decoder.decode(key_json)
1229
+ unfulfilled_claim_counts[(user_id, device_id, algorithm)] -= 1
1230
+
1231
+ # Did we get enough OTKs?
1232
+ missing = [
1233
+ (user, device, alg, count)
1234
+ for (user, device, alg), count in unfulfilled_claim_counts.items()
1235
+ if count > 0
1236
+ ]
1237
+ else:
1238
+ for user_id, device_id, algorithm, count in query_list:
1239
+ claim_rows = await self.db_pool.runInteraction(
1240
+ "claim_e2e_one_time_keys",
1241
+ self._claim_e2e_one_time_key_simple,
1242
+ user_id,
1243
+ device_id,
1244
+ algorithm,
1245
+ count,
1246
+ db_autocommit=False,
1247
+ )
1248
+ if claim_rows:
1249
+ device_results = results.setdefault(user_id, {}).setdefault(
1250
+ device_id, {}
1251
+ )
1252
+ for claim_row in claim_rows:
1253
+ device_results[claim_row[0]] = json_decoder.decode(claim_row[1])
1254
+ # Did we get enough OTKs?
1255
+ count -= len(claim_rows)
1256
+ if count:
1257
+ missing.append((user_id, device_id, algorithm, count))
1258
+
1259
+ return results, missing
1260
+
1261
+ async def claim_e2e_fallback_keys(
1262
+ self, query_list: Iterable[tuple[str, str, str, bool]]
1263
+ ) -> dict[str, dict[str, dict[str, JsonDict]]]:
1264
+ """Take a list of fallback keys out of the database.
1265
+
1266
+ Args:
1267
+ query_list: An iterable of tuples of
1268
+ (user ID, device ID, algorithm, whether the key should be marked as used).
1269
+
1270
+ Returns:
1271
+ A map of user ID -> a map device ID -> a map of key ID -> JSON.
1272
+ """
1273
+ if isinstance(self.database_engine, PostgresEngine):
1274
+ return await self.db_pool.runInteraction(
1275
+ "_claim_e2e_fallback_keys_bulk",
1276
+ self._claim_e2e_fallback_keys_bulk_txn,
1277
+ query_list,
1278
+ db_autocommit=True,
1279
+ )
1280
+ # Use an UPDATE FROM... RETURNING combined with a VALUES block to do
1281
+ # everything in one query. Note: this is also supported in SQLite 3.33.0,
1282
+ # (see https://www.sqlite.org/lang_update.html#update_from), but we do not
1283
+ # have an equivalent of psycopg2's execute_values to do this in one query.
1284
+ else:
1285
+ return await self._claim_e2e_fallback_keys_simple(query_list)
1286
+
1287
+ def _claim_e2e_fallback_keys_bulk_txn(
1288
+ self,
1289
+ txn: LoggingTransaction,
1290
+ query_list: Iterable[tuple[str, str, str, bool]],
1291
+ ) -> dict[str, dict[str, dict[str, JsonDict]]]:
1292
+ """Efficient implementation of claim_e2e_fallback_keys for Postgres.
1293
+
1294
+ Safe to autocommit: this is a single query.
1295
+ """
1296
+ results: dict[str, dict[str, dict[str, JsonDict]]] = {}
1297
+
1298
+ sql = """
1299
+ WITH claims(user_id, device_id, algorithm, mark_as_used) AS (
1300
+ VALUES ?
1301
+ )
1302
+ UPDATE e2e_fallback_keys_json k
1303
+ SET used = used OR mark_as_used
1304
+ FROM claims
1305
+ WHERE (k.user_id, k.device_id, k.algorithm) = (claims.user_id, claims.device_id, claims.algorithm)
1306
+ RETURNING k.user_id, k.device_id, k.algorithm, k.key_id, k.key_json;
1307
+ """
1308
+ claimed_keys = cast(
1309
+ list[tuple[str, str, str, str, str]],
1310
+ txn.execute_values(sql, query_list),
1311
+ )
1312
+
1313
+ seen_user_device: set[tuple[str, str]] = set()
1314
+ for user_id, device_id, algorithm, key_id, key_json in claimed_keys:
1315
+ device_results = results.setdefault(user_id, {}).setdefault(device_id, {})
1316
+ device_results[f"{algorithm}:{key_id}"] = json_decoder.decode(key_json)
1317
+ seen_user_device.add((user_id, device_id))
1318
+
1319
+ self._invalidate_cache_and_stream_bulk(
1320
+ txn, self.get_e2e_unused_fallback_key_types, seen_user_device
1321
+ )
1322
+
1323
+ return results
1324
+
1325
+ async def _claim_e2e_fallback_keys_simple(
1326
+ self,
1327
+ query_list: Iterable[tuple[str, str, str, bool]],
1328
+ ) -> dict[str, dict[str, dict[str, JsonDict]]]:
1329
+ """Naive, inefficient implementation of claim_e2e_fallback_keys for SQLite."""
1330
+ results: dict[str, dict[str, dict[str, JsonDict]]] = {}
1331
+ for user_id, device_id, algorithm, mark_as_used in query_list:
1332
+ row = await self.db_pool.simple_select_one(
1333
+ table="e2e_fallback_keys_json",
1334
+ keyvalues={
1335
+ "user_id": user_id,
1336
+ "device_id": device_id,
1337
+ "algorithm": algorithm,
1338
+ },
1339
+ retcols=("key_id", "key_json", "used"),
1340
+ desc="_get_fallback_key",
1341
+ allow_none=True,
1342
+ )
1343
+ if row is None:
1344
+ continue
1345
+
1346
+ key_id, key_json, used = row
1347
+
1348
+ # Mark fallback key as used if not already.
1349
+ if not used and mark_as_used:
1350
+ await self.db_pool.simple_update_one(
1351
+ table="e2e_fallback_keys_json",
1352
+ keyvalues={
1353
+ "user_id": user_id,
1354
+ "device_id": device_id,
1355
+ "algorithm": algorithm,
1356
+ "key_id": key_id,
1357
+ },
1358
+ updatevalues={"used": True},
1359
+ desc="_get_fallback_key_set_used",
1360
+ )
1361
+ await self.invalidate_cache_and_stream(
1362
+ "get_e2e_unused_fallback_key_types", (user_id, device_id)
1363
+ )
1364
+
1365
+ device_results = results.setdefault(user_id, {}).setdefault(device_id, {})
1366
+ device_results[f"{algorithm}:{key_id}"] = json_decoder.decode(key_json)
1367
+
1368
+ return results
1369
+
1370
+ @trace
1371
+ def _claim_e2e_one_time_key_simple(
1372
+ self,
1373
+ txn: LoggingTransaction,
1374
+ user_id: str,
1375
+ device_id: str,
1376
+ algorithm: str,
1377
+ count: int,
1378
+ ) -> list[tuple[str, str]]:
1379
+ """Claim OTK for device for DBs that don't support RETURNING.
1380
+
1381
+ Returns:
1382
+ A tuple of key name (algorithm + key ID) and key JSON, if an
1383
+ OTK was found.
1384
+ """
1385
+
1386
+ # Return the oldest keys from this device (based on `ts_added_ms`).
1387
+ # Doing so means that keys are issued in the same order they were uploaded,
1388
+ # which reduces the chances of a client expiring its copy of a (private)
1389
+ # key while the public key is still on the server, waiting to be issued.
1390
+ sql = """
1391
+ SELECT key_id, key_json FROM e2e_one_time_keys_json
1392
+ WHERE user_id = ? AND device_id = ? AND algorithm = ?
1393
+ ORDER BY ts_added_ms
1394
+ LIMIT ?
1395
+ """
1396
+
1397
+ txn.execute(sql, (user_id, device_id, algorithm, count))
1398
+ otk_rows = list(txn)
1399
+ if not otk_rows:
1400
+ return []
1401
+
1402
+ self.db_pool.simple_delete_many_txn(
1403
+ txn,
1404
+ table="e2e_one_time_keys_json",
1405
+ column="key_id",
1406
+ values=[otk_row[0] for otk_row in otk_rows],
1407
+ keyvalues={
1408
+ "user_id": user_id,
1409
+ "device_id": device_id,
1410
+ "algorithm": algorithm,
1411
+ },
1412
+ )
1413
+ self._invalidate_cache_and_stream(
1414
+ txn, self.count_e2e_one_time_keys, (user_id, device_id)
1415
+ )
1416
+
1417
+ return [(f"{algorithm}:{key_id}", key_json) for key_id, key_json in otk_rows]
1418
+
1419
+ @trace
1420
+ def _claim_e2e_one_time_keys_bulk(
1421
+ self,
1422
+ txn: LoggingTransaction,
1423
+ query_list: Iterable[tuple[str, str, str, int]],
1424
+ ) -> list[tuple[str, str, str, str, str]]:
1425
+ """Bulk claim OTKs, for DBs that support DELETE FROM... RETURNING.
1426
+
1427
+ Args:
1428
+ query_list: Collection of tuples (user_id, device_id, algorithm, count)
1429
+ as passed to claim_e2e_one_time_keys.
1430
+
1431
+ Returns:
1432
+ A list of tuples (user_id, device_id, algorithm, key_id, key_json)
1433
+ for each OTK claimed.
1434
+ """
1435
+ # Find, delete, and return the oldest keys from each device (based on
1436
+ # `ts_added_ms`).
1437
+ #
1438
+ # Doing so means that keys are issued in the same order they were uploaded,
1439
+ # which reduces the chances of a client expiring its copy of a (private)
1440
+ # key while the public key is still on the server, waiting to be issued.
1441
+ sql = """
1442
+ WITH claims(user_id, device_id, algorithm, claim_count) AS (
1443
+ VALUES ?
1444
+ ), ranked_keys AS (
1445
+ SELECT
1446
+ user_id, device_id, algorithm, key_id, claim_count,
1447
+ ROW_NUMBER() OVER (
1448
+ PARTITION BY (user_id, device_id, algorithm)
1449
+ ORDER BY ts_added_ms
1450
+ ) AS r
1451
+ FROM e2e_one_time_keys_json
1452
+ JOIN claims USING (user_id, device_id, algorithm)
1453
+ )
1454
+ DELETE FROM e2e_one_time_keys_json k
1455
+ WHERE (user_id, device_id, algorithm, key_id) IN (
1456
+ SELECT user_id, device_id, algorithm, key_id
1457
+ FROM ranked_keys
1458
+ WHERE r <= claim_count
1459
+ )
1460
+ RETURNING user_id, device_id, algorithm, key_id, key_json;
1461
+ """
1462
+ otk_rows = cast(
1463
+ list[tuple[str, str, str, str, str]], txn.execute_values(sql, query_list)
1464
+ )
1465
+
1466
+ seen_user_device = {
1467
+ (user_id, device_id) for user_id, device_id, _, _, _ in otk_rows
1468
+ }
1469
+ self._invalidate_cache_and_stream_bulk(
1470
+ txn,
1471
+ self.count_e2e_one_time_keys,
1472
+ seen_user_device,
1473
+ )
1474
+
1475
+ return otk_rows
1476
+
1477
+ async def get_master_cross_signing_key_updatable_before(
1478
+ self, user_id: str
1479
+ ) -> tuple[bool, int | None]:
1480
+ """Get time before which a master cross-signing key may be replaced without UIA.
1481
+
1482
+ (UIA means "User-Interactive Auth".)
1483
+
1484
+ There are three cases to distinguish:
1485
+ (1) No master cross-signing key.
1486
+ (2) The key exists, but there is no replace-without-UI timestamp in the DB.
1487
+ (3) The key exists, and has such a timestamp recorded.
1488
+
1489
+ Returns: a 2-tuple of:
1490
+ - a boolean: is there a master cross-signing key already?
1491
+ - an optional timestamp, directly taken from the DB.
1492
+
1493
+ In terms of the cases above, these are:
1494
+ (1) (False, None).
1495
+ (2) (True, None).
1496
+ (3) (True, <timestamp in ms>).
1497
+
1498
+ """
1499
+
1500
+ def impl(txn: LoggingTransaction) -> tuple[bool, int | None]:
1501
+ # We want to distinguish between three cases:
1502
+ txn.execute(
1503
+ """
1504
+ SELECT updatable_without_uia_before_ms
1505
+ FROM e2e_cross_signing_keys
1506
+ WHERE user_id = ? AND keytype = 'master'
1507
+ ORDER BY stream_id DESC
1508
+ LIMIT 1
1509
+ """,
1510
+ (user_id,),
1511
+ )
1512
+ row = cast(tuple[int | None] | None, txn.fetchone())
1513
+ if row is None:
1514
+ return False, None
1515
+ return True, row[0]
1516
+
1517
+ return await self.db_pool.runInteraction(
1518
+ "e2e_cross_signing_keys",
1519
+ impl,
1520
+ )
1521
+
1522
+ async def delete_old_otks_for_next_user_batch(
1523
+ self, after_user_id: str, number_of_users: int
1524
+ ) -> tuple[list[str], int]:
1525
+ """Deletes old OTKs belonging to the next batch of users
1526
+
1527
+ Returns:
1528
+ `(users, rows)`, where:
1529
+ * `users` is the user IDs of the updated users. An empty list if we are done.
1530
+ * `rows` is the number of deleted rows
1531
+ """
1532
+
1533
+ def impl(txn: LoggingTransaction) -> tuple[list[str], int]:
1534
+ # Find a batch of users
1535
+ txn.execute(
1536
+ """
1537
+ SELECT DISTINCT(user_id) FROM e2e_one_time_keys_json
1538
+ WHERE user_id > ?
1539
+ ORDER BY user_id
1540
+ LIMIT ?
1541
+ """,
1542
+ (after_user_id, number_of_users),
1543
+ )
1544
+ users = [row[0] for row in txn.fetchall()]
1545
+ if len(users) == 0:
1546
+ return users, 0
1547
+
1548
+ # Delete any old OTKs belonging to those users.
1549
+ #
1550
+ # We only actually consider OTKs whose key ID is 6 characters long. These
1551
+ # keys were likely made by libolm rather than Vodozemac; libolm only kept
1552
+ # 100 private OTKs, so was far more vulnerable than Vodozemac to throwing
1553
+ # away keys prematurely.
1554
+ clause, args = make_in_list_sql_clause(
1555
+ txn.database_engine, "user_id", users
1556
+ )
1557
+ sql = f"""
1558
+ DELETE FROM e2e_one_time_keys_json
1559
+ WHERE {clause} AND ts_added_ms < ? AND length(key_id) = 6
1560
+ """
1561
+ args.append(self.clock.time_msec() - (7 * 24 * 3600 * 1000))
1562
+ txn.execute(sql, args)
1563
+
1564
+ return users, txn.rowcount
1565
+
1566
+ return await self.db_pool.runInteraction(
1567
+ "delete_old_otks_for_next_user_batch", impl
1568
+ )
1569
+
1570
+ async def allow_master_cross_signing_key_replacement_without_uia(
1571
+ self, user_id: str, duration_ms: int
1572
+ ) -> int | None:
1573
+ """Mark this user's latest master key as being replaceable without UIA.
1574
+
1575
+ Said replacement will only be permitted for a short time after calling this
1576
+ function. That time period is controlled by the duration argument.
1577
+
1578
+ Returns:
1579
+ None, if there is no such key.
1580
+ Otherwise, the timestamp before which replacement is allowed without UIA.
1581
+ """
1582
+ timestamp = self.clock.time_msec() + duration_ms
1583
+
1584
+ def impl(txn: LoggingTransaction) -> int | None:
1585
+ txn.execute(
1586
+ """
1587
+ UPDATE e2e_cross_signing_keys
1588
+ SET updatable_without_uia_before_ms = ?
1589
+ WHERE stream_id = (
1590
+ SELECT stream_id
1591
+ FROM e2e_cross_signing_keys
1592
+ WHERE user_id = ? AND keytype = 'master'
1593
+ ORDER BY stream_id DESC
1594
+ LIMIT 1
1595
+ )
1596
+ """,
1597
+ (timestamp, user_id),
1598
+ )
1599
+ if txn.rowcount == 0:
1600
+ return None
1601
+
1602
+ return timestamp
1603
+
1604
+ return await self.db_pool.runInteraction(
1605
+ "allow_master_cross_signing_key_replacement_without_uia",
1606
+ impl,
1607
+ )
1608
+
1609
+ async def delete_e2e_keys_by_device(self, user_id: str, device_id: str) -> None:
1610
+ def delete_e2e_keys_by_device_txn(txn: LoggingTransaction) -> None:
1611
+ log_kv(
1612
+ {
1613
+ "message": "Deleting keys for device",
1614
+ "device_id": device_id,
1615
+ "user_id": user_id,
1616
+ }
1617
+ )
1618
+ self.db_pool.simple_delete_txn(
1619
+ txn,
1620
+ table="e2e_device_keys_json",
1621
+ keyvalues={"user_id": user_id, "device_id": device_id},
1622
+ )
1623
+ self.db_pool.simple_delete_txn(
1624
+ txn,
1625
+ table="e2e_one_time_keys_json",
1626
+ keyvalues={"user_id": user_id, "device_id": device_id},
1627
+ )
1628
+ self._invalidate_cache_and_stream(
1629
+ txn, self.count_e2e_one_time_keys, (user_id, device_id)
1630
+ )
1631
+ self.db_pool.simple_delete_txn(
1632
+ txn,
1633
+ table="dehydrated_devices",
1634
+ keyvalues={"user_id": user_id, "device_id": device_id},
1635
+ )
1636
+ self.db_pool.simple_delete_txn(
1637
+ txn,
1638
+ table="e2e_fallback_keys_json",
1639
+ keyvalues={"user_id": user_id, "device_id": device_id},
1640
+ )
1641
+ self._invalidate_cache_and_stream(
1642
+ txn, self.get_e2e_unused_fallback_key_types, (user_id, device_id)
1643
+ )
1644
+
1645
+ await self.db_pool.runInteraction(
1646
+ "delete_e2e_keys_by_device", delete_e2e_keys_by_device_txn
1647
+ )
1648
+
1649
+ async def set_e2e_device_keys(
1650
+ self, user_id: str, device_id: str, time_now: int, device_keys: JsonDict
1651
+ ) -> bool:
1652
+ """Stores device keys for a device. Returns whether there was a change
1653
+ or the keys were already in the database.
1654
+
1655
+ Args:
1656
+ user_id: user_id of the user to store keys for
1657
+ device_id: device_id of the device to store keys for
1658
+ time_now: time at the request to store the keys
1659
+ device_keys: the keys to store
1660
+ """
1661
+
1662
+ return await self.db_pool.runInteraction(
1663
+ "set_e2e_device_keys",
1664
+ self._set_e2e_device_keys_txn,
1665
+ user_id,
1666
+ device_id,
1667
+ time_now,
1668
+ device_keys,
1669
+ )
1670
+
1671
+ def _set_e2e_device_keys_txn(
1672
+ self,
1673
+ txn: LoggingTransaction,
1674
+ user_id: str,
1675
+ device_id: str,
1676
+ time_now: int,
1677
+ device_keys: JsonDict,
1678
+ ) -> bool:
1679
+ """Stores device keys for a device. Returns whether there was a change
1680
+ or the keys were already in the database.
1681
+
1682
+ Args:
1683
+ user_id: user_id of the user to store keys for
1684
+ device_id: device_id of the device to store keys for
1685
+ time_now: time at the request to store the keys
1686
+ device_keys: the keys to store
1687
+ """
1688
+ set_tag("user_id", user_id)
1689
+ set_tag("device_id", device_id)
1690
+ set_tag("time_now", time_now)
1691
+ set_tag("device_keys", str(device_keys))
1692
+
1693
+ old_key_json = self.db_pool.simple_select_one_onecol_txn(
1694
+ txn,
1695
+ table="e2e_device_keys_json",
1696
+ keyvalues={"user_id": user_id, "device_id": device_id},
1697
+ retcol="key_json",
1698
+ allow_none=True,
1699
+ )
1700
+
1701
+ # In py3 we need old_key_json to match new_key_json type. The DB
1702
+ # returns unicode while encode_canonical_json returns bytes.
1703
+ new_key_json = encode_canonical_json(device_keys).decode("utf-8")
1704
+
1705
+ if old_key_json == new_key_json:
1706
+ log_kv({"Message": "Device key already stored."})
1707
+ return False
1708
+
1709
+ self.db_pool.simple_upsert_txn(
1710
+ txn,
1711
+ table="e2e_device_keys_json",
1712
+ keyvalues={"user_id": user_id, "device_id": device_id},
1713
+ values={"ts_added_ms": time_now, "key_json": new_key_json},
1714
+ )
1715
+ log_kv({"message": "Device keys stored."})
1716
+ return True
1717
+
1718
+ def _set_e2e_cross_signing_key_txn(
1719
+ self,
1720
+ txn: LoggingTransaction,
1721
+ user_id: str,
1722
+ key_type: str,
1723
+ key: JsonDict,
1724
+ stream_id: int,
1725
+ ) -> None:
1726
+ """Set a user's cross-signing key.
1727
+
1728
+ Args:
1729
+ txn: db connection
1730
+ user_id: the user to set the signing key for
1731
+ key_type: the type of key that is being set: either 'master'
1732
+ for a master key, 'self_signing' for a self-signing key, or
1733
+ 'user_signing' for a user-signing key
1734
+ key: the key data
1735
+ stream_id
1736
+ """
1737
+ # the 'key' dict will look something like:
1738
+ # {
1739
+ # "user_id": "@alice:example.com",
1740
+ # "usage": ["self_signing"],
1741
+ # "keys": {
1742
+ # "ed25519:base64+self+signing+public+key": "base64+self+signing+public+key",
1743
+ # },
1744
+ # "signatures": {
1745
+ # "@alice:example.com": {
1746
+ # "ed25519:base64+master+public+key": "base64+signature"
1747
+ # }
1748
+ # }
1749
+ # }
1750
+ # The "keys" property must only have one entry, which will be the public
1751
+ # key, so we just grab the first value in there
1752
+ pubkey = next(iter(key["keys"].values()))
1753
+
1754
+ # The cross-signing keys need to occupy the same namespace as devices,
1755
+ # since signatures are identified by device ID. So add an entry to the
1756
+ # device table to make sure that we don't have a collision with device
1757
+ # IDs.
1758
+ # We only need to do this for local users, since remote servers should be
1759
+ # responsible for checking this for their own users.
1760
+ if self.hs.is_mine_id(user_id):
1761
+ self.db_pool.simple_insert_txn(
1762
+ txn,
1763
+ "devices",
1764
+ values={
1765
+ "user_id": user_id,
1766
+ "device_id": pubkey,
1767
+ "display_name": key_type + " signing key",
1768
+ "hidden": True,
1769
+ },
1770
+ )
1771
+
1772
+ # and finally, store the key itself
1773
+ self.db_pool.simple_insert_txn(
1774
+ txn,
1775
+ "e2e_cross_signing_keys",
1776
+ values={
1777
+ "user_id": user_id,
1778
+ "keytype": key_type,
1779
+ "keydata": json_encoder.encode(key),
1780
+ "stream_id": stream_id,
1781
+ "instance_name": self._instance_name,
1782
+ },
1783
+ )
1784
+
1785
+ self._invalidate_cache_and_stream(
1786
+ txn, self._get_bare_e2e_cross_signing_keys, (user_id,)
1787
+ )
1788
+
1789
+ async def set_e2e_cross_signing_key(
1790
+ self, user_id: str, key_type: str, key: JsonDict
1791
+ ) -> None:
1792
+ """Set a user's cross-signing key.
1793
+
1794
+ Args:
1795
+ user_id: the user to set the user-signing key for
1796
+ key_type: the type of cross-signing key to set
1797
+ key: the key data
1798
+ """
1799
+
1800
+ async with self._cross_signing_id_gen.get_next() as stream_id:
1801
+ return await self.db_pool.runInteraction(
1802
+ "add_e2e_cross_signing_key",
1803
+ self._set_e2e_cross_signing_key_txn,
1804
+ user_id,
1805
+ key_type,
1806
+ key,
1807
+ stream_id,
1808
+ )
1809
+
1810
+ async def store_e2e_cross_signing_signatures(
1811
+ self, user_id: str, signatures: "Iterable[SignatureListItem]"
1812
+ ) -> None:
1813
+ """Stores cross-signing signatures.
1814
+
1815
+ Args:
1816
+ user_id: the user who made the signatures
1817
+ signatures: signatures to add
1818
+ """
1819
+
1820
+ def _store_e2e_cross_signing_signatures(
1821
+ txn: LoggingTransaction,
1822
+ signatures: "Iterable[SignatureListItem]",
1823
+ ) -> None:
1824
+ self.db_pool.simple_insert_many_txn(
1825
+ txn,
1826
+ "e2e_cross_signing_signatures",
1827
+ keys=(
1828
+ "user_id",
1829
+ "key_id",
1830
+ "target_user_id",
1831
+ "target_device_id",
1832
+ "signature",
1833
+ ),
1834
+ values=[
1835
+ (
1836
+ user_id,
1837
+ item.signing_key_id,
1838
+ item.target_user_id,
1839
+ item.target_device_id,
1840
+ item.signature,
1841
+ )
1842
+ for item in signatures
1843
+ ],
1844
+ )
1845
+
1846
+ to_invalidate = [
1847
+ # Each entry is a tuple of arguments to
1848
+ # `_get_e2e_cross_signing_signatures_for_device`, which
1849
+ # itself takes a tuple. Hence the double-tuple.
1850
+ ((user_id, item.target_device_id),)
1851
+ for item in signatures
1852
+ ]
1853
+
1854
+ if to_invalidate:
1855
+ # Invalidate the local cache of this worker.
1856
+ for cache_key in to_invalidate:
1857
+ txn.call_after(
1858
+ self._get_e2e_cross_signing_signatures_for_device.invalidate,
1859
+ cache_key,
1860
+ )
1861
+
1862
+ # Stream cache invalidate keys over replication.
1863
+ #
1864
+ # We can only send a primitive per function argument across
1865
+ # replication.
1866
+ #
1867
+ # Encode the array of strings as a JSON string, and we'll unpack
1868
+ # it on the other side.
1869
+ to_send = [
1870
+ (json.dumps([user_id, item.target_device_id]),)
1871
+ for item in signatures
1872
+ ]
1873
+
1874
+ self._send_invalidation_to_replication_bulk(
1875
+ txn,
1876
+ cache_name=self._get_e2e_cross_signing_signatures_for_device.__name__,
1877
+ key_tuples=to_send,
1878
+ )
1879
+
1880
+ await self.db_pool.runInteraction(
1881
+ "add_e2e_signing_key",
1882
+ _store_e2e_cross_signing_signatures,
1883
+ signatures,
1884
+ )
1885
+
1886
+
1887
+ class EndToEndKeyStore(EndToEndKeyWorkerStore, SQLBaseStore):
1888
+ def __init__(
1889
+ self,
1890
+ database: DatabasePool,
1891
+ db_conn: LoggingDatabaseConnection,
1892
+ hs: "HomeServer",
1893
+ ):
1894
+ super().__init__(database, db_conn, hs)