| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234 |
- # -*- coding: utf-8 -*-
- # Copyright 2015, 2016 OpenMarket Ltd
- #
- # Licensed under the Apache License, Version 2.0 (the "License");
- # you may not use this file except in compliance with the License.
- # You may obtain a copy of the License at
- #
- # http://www.apache.org/licenses/LICENSE-2.0
- #
- # Unless required by applicable law or agreed to in writing, software
- # distributed under the License is distributed on an "AS IS" BASIS,
- # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- # See the License for the specific language governing permissions and
- # limitations under the License.
- import logging
- from twisted.internet import defer
- from synapse.api.errors import SynapseError
- from synapse.http.servlet import (
- RestServlet,
- parse_integer,
- parse_json_object_from_request,
- parse_string,
- )
- from synapse.types import StreamToken
- from ._base import client_patterns
- logger = logging.getLogger(__name__)
- class KeyUploadServlet(RestServlet):
- """
- POST /keys/upload HTTP/1.1
- Content-Type: application/json
- {
- "device_keys": {
- "user_id": "<user_id>",
- "device_id": "<device_id>",
- "valid_until_ts": <millisecond_timestamp>,
- "algorithms": [
- "m.olm.curve25519-aes-sha256",
- ]
- "keys": {
- "<algorithm>:<device_id>": "<key_base64>",
- },
- "signatures:" {
- "<user_id>" {
- "<algorithm>:<device_id>": "<signature_base64>"
- } } },
- "one_time_keys": {
- "<algorithm>:<key_id>": "<key_base64>"
- },
- }
- """
- PATTERNS = client_patterns("/keys/upload(/(?P<device_id>[^/]+))?$")
- def __init__(self, hs):
- """
- Args:
- hs (synapse.server.HomeServer): server
- """
- super(KeyUploadServlet, self).__init__()
- self.auth = hs.get_auth()
- self.e2e_keys_handler = hs.get_e2e_keys_handler()
- @defer.inlineCallbacks
- def on_POST(self, request, device_id):
- requester = yield self.auth.get_user_by_req(request, allow_guest=True)
- user_id = requester.user.to_string()
- body = parse_json_object_from_request(request)
- if device_id is not None:
- # passing the device_id here is deprecated; however, we allow it
- # for now for compatibility with older clients.
- if requester.device_id is not None and device_id != requester.device_id:
- logger.warning(
- "Client uploading keys for a different device "
- "(logged in as %s, uploading for %s)",
- requester.device_id,
- device_id,
- )
- else:
- device_id = requester.device_id
- if device_id is None:
- raise SynapseError(
- 400, "To upload keys, you must pass device_id when authenticating"
- )
- result = yield self.e2e_keys_handler.upload_keys_for_user(
- user_id, device_id, body
- )
- return (200, result)
- class KeyQueryServlet(RestServlet):
- """
- POST /keys/query HTTP/1.1
- Content-Type: application/json
- {
- "device_keys": {
- "<user_id>": ["<device_id>"]
- } }
- HTTP/1.1 200 OK
- {
- "device_keys": {
- "<user_id>": {
- "<device_id>": {
- "user_id": "<user_id>", // Duplicated to be signed
- "device_id": "<device_id>", // Duplicated to be signed
- "valid_until_ts": <millisecond_timestamp>,
- "algorithms": [ // List of supported algorithms
- "m.olm.curve25519-aes-sha256",
- ],
- "keys": { // Must include a ed25519 signing key
- "<algorithm>:<key_id>": "<key_base64>",
- },
- "signatures:" {
- // Must be signed with device's ed25519 key
- "<user_id>/<device_id>": {
- "<algorithm>:<key_id>": "<signature_base64>"
- }
- // Must be signed by this server.
- "<server_name>": {
- "<algorithm>:<key_id>": "<signature_base64>"
- } } } } } }
- """
- PATTERNS = client_patterns("/keys/query$")
- def __init__(self, hs):
- """
- Args:
- hs (synapse.server.HomeServer):
- """
- super(KeyQueryServlet, self).__init__()
- self.auth = hs.get_auth()
- self.e2e_keys_handler = hs.get_e2e_keys_handler()
- @defer.inlineCallbacks
- def on_POST(self, request):
- yield self.auth.get_user_by_req(request, allow_guest=True)
- timeout = parse_integer(request, "timeout", 10 * 1000)
- body = parse_json_object_from_request(request)
- result = yield self.e2e_keys_handler.query_devices(body, timeout)
- return (200, result)
- class KeyChangesServlet(RestServlet):
- """Returns the list of changes of keys between two stream tokens (may return
- spurious extra results, since we currently ignore the `to` param).
- GET /keys/changes?from=...&to=...
- 200 OK
- { "changed": ["@foo:example.com"] }
- """
- PATTERNS = client_patterns("/keys/changes$")
- def __init__(self, hs):
- """
- Args:
- hs (synapse.server.HomeServer):
- """
- super(KeyChangesServlet, self).__init__()
- self.auth = hs.get_auth()
- self.device_handler = hs.get_device_handler()
- @defer.inlineCallbacks
- def on_GET(self, request):
- requester = yield self.auth.get_user_by_req(request, allow_guest=True)
- from_token_string = parse_string(request, "from")
- # We want to enforce they do pass us one, but we ignore it and return
- # changes after the "to" as well as before.
- parse_string(request, "to")
- from_token = StreamToken.from_string(from_token_string)
- user_id = requester.user.to_string()
- results = yield self.device_handler.get_user_ids_changed(user_id, from_token)
- return (200, results)
- class OneTimeKeyServlet(RestServlet):
- """
- POST /keys/claim HTTP/1.1
- {
- "one_time_keys": {
- "<user_id>": {
- "<device_id>": "<algorithm>"
- } } }
- HTTP/1.1 200 OK
- {
- "one_time_keys": {
- "<user_id>": {
- "<device_id>": {
- "<algorithm>:<key_id>": "<key_base64>"
- } } } }
- """
- PATTERNS = client_patterns("/keys/claim$")
- def __init__(self, hs):
- super(OneTimeKeyServlet, self).__init__()
- self.auth = hs.get_auth()
- self.e2e_keys_handler = hs.get_e2e_keys_handler()
- @defer.inlineCallbacks
- def on_POST(self, request):
- yield self.auth.get_user_by_req(request, allow_guest=True)
- timeout = parse_integer(request, "timeout", 10 * 1000)
- body = parse_json_object_from_request(request)
- result = yield self.e2e_keys_handler.claim_one_time_keys(body, timeout)
- return (200, result)
- def register_servlets(hs, http_server):
- KeyUploadServlet(hs).register(http_server)
- KeyQueryServlet(hs).register(http_server)
- KeyChangesServlet(hs).register(http_server)
- OneTimeKeyServlet(hs).register(http_server)
|
