Skip to content
This repository has been archived by the owner on Apr 26, 2024. It is now read-only.

Commit

Permalink
Start implementing auth chains
Browse files Browse the repository at this point in the history
  • Loading branch information
@erikjohnston
erikjohnston committed Nov 7, 2014
1 parent 8421cab commit bf6b72e
Show file tree
Hide file tree
Showing 8 changed files with 115 additions and 6 deletions.
3 changes: 1 addition & 2 deletions synapse/api/auth.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,8 +21,7 @@
from synapse.api.errors import AuthError, StoreError, Codes, SynapseError
from synapse.api.events.room import (
RoomMemberEvent, RoomPowerLevelsEvent, RoomRedactionEvent,
RoomJoinRulesEvent, InviteJoinEvent,
RoomCreateEvent,
RoomJoinRulesEvent, RoomCreateEvent,
)
from synapse.util.logutils import log_function

Expand Down
2 changes: 1 addition & 1 deletion synapse/api/events/__init__.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -61,7 +61,7 @@ class SynapseEvent(JsonEncodedObject):
"replaces_state",
"redacted_because",
"origin_server_ts",
"auth_chains",
"auth_events",
]

internal_keys = [
Expand Down
59 changes: 57 additions & 2 deletions synapse/handlers/_base.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,11 +14,15 @@
# limitations under the License.

from twisted.internet import defer
from synapse.api.errors import LimitExceededError

from synapse.api.errors import LimitExceededError
from synapse.util.async import run_on_reactor

from synapse.crypto.event_signing import add_hashes_and_signatures
from synapse.api.events.room import (
RoomCreateEvent, RoomMemberEvent, RoomPowerLevelsEvent, RoomJoinRulesEvent,
)
from synapse.api.constants import Membership, JoinRules
from syutil.base64util import encode_base64

import logging

Expand Down Expand Up @@ -55,6 +59,53 @@ def ratelimit(self, user_id):
retry_after_ms=int(1000*(time_allowed - time_now)),
)

@defer.inlineCallbacks
def _add_auth(self, event):
if event.type == RoomCreateEvent.TYPE:
event.auth_events = []
return

auth_events = []

key = (RoomPowerLevelsEvent.TYPE, "", )
power_level_event = event.old_state_events.get(key)

if power_level_event:
auth_events.append(power_level_event.event_id)

key = (RoomJoinRulesEvent.TYPE, "", )
join_rule_event = event.old_state_events.get(key)

key = (RoomMemberEvent.TYPE, event.user_id, )
member_event = event.old_state_events.get(key)

if join_rule_event:
join_rule = join_rule_event.content.get("join_rule")
is_public = join_rule == JoinRules.PUBLIC if join_rule else False

if event.type == RoomMemberEvent.TYPE:
if event.content["membership"] == Membership.JOIN:
if is_public:
auth_events.append(join_rule_event.event_id)
elif member_event:
auth_events.append(member_event.event_id)

if member_event:
if member_event.content["membership"] == Membership.JOIN:
auth_events.append(member_event.event_id)

hashes = yield self.store.get_event_reference_hashes(
auth_events
)
hashes = [
{
k: encode_base64(v) for k, v in h.items()
if k == "sha256"
}
for h in hashes
]
event.auth_events = zip(auth_events, hashes)

@defer.inlineCallbacks
def _on_new_room_event(self, event, snapshot, extra_destinations=[],
extra_users=[], suppress_auth=False):
Expand All @@ -64,6 +115,8 @@ def _on_new_room_event(self, event, snapshot, extra_destinations=[],

yield self.state_handler.annotate_state_groups(event)

yield self._add_auth(event)

logger.debug("Signing event...")

add_hashes_and_signatures(
Expand All @@ -76,6 +129,8 @@ def _on_new_room_event(self, event, snapshot, extra_destinations=[],
logger.debug("Authing...")
self.auth.check(event, raises=True)
logger.debug("Authed")
else:
logger.debug("Suppressed auth.")

yield self.store.persist_event(event)

Expand Down
12 changes: 11 additions & 1 deletion synapse/storage/__init__.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,6 @@
RoomMemberEvent, RoomTopicEvent, FeedbackEvent,
RoomNameEvent,
RoomJoinRulesEvent,
RoomPowerLevelsEvent,
RoomRedactionEvent,
)

Expand Down Expand Up @@ -302,6 +301,17 @@ def _persist_event_txn(self, txn, event, backfilled, stream_ordering=None,
txn, event.event_id, prev_event_id, alg, hash_bytes
)

for auth_id, _ in event.auth_events:
self._simple_insert_txn(
txn,
table="event_auth",
values={
"event_id": event.event_id,
"room_id": event.room_id,
"auth_id": auth_id,
},
)

(ref_alg, ref_hash_bytes) = compute_event_reference_hash(event)
self._store_event_reference_hash_txn(
txn, event.event_id, ref_alg, ref_hash_bytes
Expand Down
2 changes: 2 additions & 0 deletions synapse/storage/_base.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -474,6 +474,8 @@ def _parse_events_txn(self, txn, rows):
if is_state == 0
]

ev.auth_events = self._get_auth_events(txn, ev.event_id)

if hasattr(ev, "state_key"):
ev.prev_state = [
(e_id, h)
Expand Down
21 changes: 21 additions & 0 deletions synapse/storage/event_federation.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -139,6 +139,27 @@ def _get_prev_events_and_state(self, txn, event_id, is_state=None):

return results

def _get_auth_events(self, txn, event_id):
auth_ids = self._simple_select_onecol_txn(
txn,
table="event_auth",
keyvalues={
"event_id": event_id,
},
retcol="auth_id",
)

results = []
for auth_id in auth_ids:
hashes = self._get_event_reference_hashes_txn(txn, auth_id)
prev_hashes = {
k: encode_base64(v) for k, v in hashes.items()
if k == "sha256"
}
results.append((auth_id, prev_hashes))

return results

def get_min_depth(self, room_id):
return self.runInteraction(
"get_min_depth",
Expand Down
10 changes: 10 additions & 0 deletions synapse/storage/schema/event_edges.sql
View file
Original file line number Diff line number Diff line change
Expand Up @@ -63,3 +63,13 @@ CREATE INDEX IF NOT EXISTS st_extrem_keys ON state_forward_extremities(
);
CREATE INDEX IF NOT EXISTS st_extrem_id ON state_forward_extremities(event_id);


CREATE TABLE IF NOT EXISTS event_auth(
event_id TEXT NOT NULL,
auth_id TEXT NOT NULL,
room_id TEXT NOT NULL,
CONSTRAINT uniqueness UNIQUE (event_id, auth_id, room_id)
);

CREATE INDEX IF NOT EXISTS evauth_edges_id ON event_auth(event_id);
CREATE INDEX IF NOT EXISTS evauth_edges_auth_id ON event_auth(auth_id);
12 changes: 12 additions & 0 deletions synapse/storage/signatures.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -55,6 +55,18 @@ def _store_event_content_hash_txn(self, txn, event_id, algorithm,
or_ignore=True,
)

def get_event_reference_hashes(self, event_ids):
def f(txn):
return [
self._get_event_reference_hashes_txn(txn, ev)
for ev in event_ids
]

return self.runInteraction(
"get_event_reference_hashes",
f
)

def _get_event_reference_hashes_txn(self, txn, event_id):
"""Get all the hashes for a given PDU.
Args:
Expand Down

0 comments on commit bf6b72e

Please sign in to comment.