conduit/src/client_server/device.rs

use crate::{database::DatabaseGuard, utils, ConduitResult, Error, Ruma};
use ruma::api::client::{
    error::ErrorKind,
    r0::{
        device::{self, delete_device, delete_devices, get_device, get_devices, update_device},
        uiaa::{AuthFlow, UiaaInfo},
    },
};

use super::SESSION_ID_LENGTH;
#[cfg(feature = "conduit_bin")]
use rocket::{delete, get, post, put};

#[cfg_attr(
    feature = "conduit_bin",
    get("/_matrix/client/r0/devices", data = "<body>")
)]
#[tracing::instrument(skip(db, body))]
pub async fn get_devices_route(
    db: DatabaseGuard,
    body: Ruma<get_devices::Request>,
) -> ConduitResult<get_devices::Response> {
    let sender_user = body.sender_user.as_ref().expect("user is authenticated");

    let devices = db
        .users
        .all_devices_metadata(sender_user)
        .filter_map(|r| r.ok()) // Filter out buggy devices
        .collect::<Vec<device::Device>>();

    Ok(get_devices::Response { devices }.into())
}

#[cfg_attr(
    feature = "conduit_bin",
    get("/_matrix/client/r0/devices/<_>", data = "<body>")
)]
#[tracing::instrument(skip(db, body))]
pub async fn get_device_route(
    db: DatabaseGuard,
    body: Ruma<get_device::Request<'_>>,
) -> ConduitResult<get_device::Response> {
    let sender_user = body.sender_user.as_ref().expect("user is authenticated");

    let device = db
        .users
        .get_device_metadata(&sender_user, &body.body.device_id)?
        .ok_or(Error::BadRequest(ErrorKind::NotFound, "Device not found."))?;

    Ok(get_device::Response { device }.into())
}

#[cfg_attr(
    feature = "conduit_bin",
    put("/_matrix/client/r0/devices/<_>", data = "<body>")
)]
#[tracing::instrument(skip(db, body))]
pub async fn update_device_route(
    db: DatabaseGuard,
    body: Ruma<update_device::Request<'_>>,
) -> ConduitResult<update_device::Response> {
    let sender_user = body.sender_user.as_ref().expect("user is authenticated");

    let mut device = db
        .users
        .get_device_metadata(&sender_user, &body.device_id)?
        .ok_or(Error::BadRequest(ErrorKind::NotFound, "Device not found."))?;

    device.display_name = body.display_name.clone();

    db.users
        .update_device_metadata(&sender_user, &body.device_id, &device)?;

    db.flush().await?;

    Ok(update_device::Response.into())
}

#[cfg_attr(
    feature = "conduit_bin",
    delete("/_matrix/client/r0/devices/<_>", data = "<body>")
)]
#[tracing::instrument(skip(db, body))]
pub async fn delete_device_route(
    db: DatabaseGuard,
    body: Ruma<delete_device::Request<'_>>,
) -> ConduitResult<delete_device::Response> {
    let sender_user = body.sender_user.as_ref().expect("user is authenticated");
    let sender_device = body.sender_device.as_ref().expect("user is authenticated");

    // UIAA
    let mut uiaainfo = UiaaInfo {
        flows: vec![AuthFlow {
            stages: vec!["m.login.password".to_owned()],
        }],
        completed: Vec::new(),
        params: Default::default(),
        session: None,
        auth_error: None,
    };

    if let Some(auth) = &body.auth {
        let (worked, uiaainfo) = db.uiaa.try_auth(
            &sender_user,
            &sender_device,
            auth,
            &uiaainfo,
            &db.users,
            &db.globals,
        )?;
        if !worked {
            return Err(Error::Uiaa(uiaainfo));
        }
    // Success!
    } else {
        if let Some(json) = body.json_body {
            uiaainfo.session = Some(utils::random_string(SESSION_ID_LENGTH));
            db.uiaa
                .create(&sender_user, &sender_device, &uiaainfo, &json)?;
            return Err(Error::Uiaa(uiaainfo));
        } else {
            return Err(Error::BadRequest(ErrorKind::NotJson, "Not json."));
        }
    }

    db.users.remove_device(&sender_user, &body.device_id)?;

    db.flush().await?;

    Ok(delete_device::Response.into())
}

#[cfg_attr(
    feature = "conduit_bin",
    post("/_matrix/client/r0/delete_devices", data = "<body>")
)]
#[tracing::instrument(skip(db, body))]
pub async fn delete_devices_route(
    db: DatabaseGuard,
    body: Ruma<delete_devices::Request<'_>>,
) -> ConduitResult<delete_devices::Response> {
    let sender_user = body.sender_user.as_ref().expect("user is authenticated");
    let sender_device = body.sender_device.as_ref().expect("user is authenticated");

    // UIAA
    let mut uiaainfo = UiaaInfo {
        flows: vec![AuthFlow {
            stages: vec!["m.login.password".to_owned()],
        }],
        completed: Vec::new(),
        params: Default::default(),
        session: None,
        auth_error: None,
    };

    if let Some(auth) = &body.auth {
        let (worked, uiaainfo) = db.uiaa.try_auth(
            &sender_user,
            &sender_device,
            auth,
            &uiaainfo,
            &db.users,
            &db.globals,
        )?;
        if !worked {
            return Err(Error::Uiaa(uiaainfo));
        }
    // Success!
    } else {
        if let Some(json) = body.json_body {
            uiaainfo.session = Some(utils::random_string(SESSION_ID_LENGTH));
            db.uiaa
                .create(&sender_user, &sender_device, &uiaainfo, &json)?;
            return Err(Error::Uiaa(uiaainfo));
        } else {
            return Err(Error::BadRequest(ErrorKind::NotJson, "Not json."));
        }
    }

    for device_id in &body.devices {
        db.users.remove_device(&sender_user, &device_id)?
    }

    db.flush().await?;

    Ok(delete_devices::Response.into())
}
Sqlite 2021-07-14 07:07:08 +00:00			`use crate::{database::DatabaseGuard, utils, ConduitResult, Error, Ruma};`
refactor: put endpoints into modules 2020-07-30 16:14:47 +00:00			`use ruma::api::client::{`
			`error::ErrorKind,`
			`r0::{`
			`device::{self, delete_device, delete_devices, get_device, get_devices, update_device},`
			`uiaa::{AuthFlow, UiaaInfo},`
			`},`
			`};`

			`use super::SESSION_ID_LENGTH;`
			`#[cfg(feature = "conduit_bin")]`
			`use rocket::{delete, get, post, put};`

			`#[cfg_attr(`
			`feature = "conduit_bin",`
			`get("/_matrix/client/r0/devices", data = "<body>")`
			`)]`
feat: opentelemetry/jaeger support 2021-02-28 11:41:03 +00:00			`#[tracing::instrument(skip(db, body))]`
improvement: flush after every request that manipulates the db 2020-10-21 19:28:02 +00:00			`pub async fn get_devices_route(`
Sqlite 2021-07-14 07:07:08 +00:00			`db: DatabaseGuard,`
refactor: put endpoints into modules 2020-07-30 16:14:47 +00:00			`body: Ruma<get_devices::Request>,`
			`) -> ConduitResult<get_devices::Response> {`
fix: use device_id when registering TIL body.device_id != (*body).device_id, which is pretty bad, so I renamed body.device_id to body.sender_device 2020-10-18 18:33:12 +00:00			`let sender_user = body.sender_user.as_ref().expect("user is authenticated");`
refactor: put endpoints into modules 2020-07-30 16:14:47 +00:00
			`let devices = db`
			`.users`
fix: use device_id when registering TIL body.device_id != (*body).device_id, which is pretty bad, so I renamed body.device_id to body.sender_device 2020-10-18 18:33:12 +00:00			`.all_devices_metadata(sender_user)`
refactor: put endpoints into modules 2020-07-30 16:14:47 +00:00			`.filter_map(\|r\| r.ok()) // Filter out buggy devices`
			`.collect::<Vec<device::Device>>();`

			`Ok(get_devices::Response { devices }.into())`
			`}`

			`#[cfg_attr(`
			`feature = "conduit_bin",`
fix: use device_id when registering TIL body.device_id != (*body).device_id, which is pretty bad, so I renamed body.device_id to body.sender_device 2020-10-18 18:33:12 +00:00			`get("/_matrix/client/r0/devices/<_>", data = "<body>")`
refactor: put endpoints into modules 2020-07-30 16:14:47 +00:00			`)]`
feat: opentelemetry/jaeger support 2021-02-28 11:41:03 +00:00			`#[tracing::instrument(skip(db, body))]`
improvement: flush after every request that manipulates the db 2020-10-21 19:28:02 +00:00			`pub async fn get_device_route(`
Sqlite 2021-07-14 07:07:08 +00:00			`db: DatabaseGuard,`
Update ruma version 2020-09-08 15:32:03 +00:00			`body: Ruma<get_device::Request<'_>>,`
refactor: put endpoints into modules 2020-07-30 16:14:47 +00:00			`) -> ConduitResult<get_device::Response> {`
fix: use device_id when registering TIL body.device_id != (*body).device_id, which is pretty bad, so I renamed body.device_id to body.sender_device 2020-10-18 18:33:12 +00:00			`let sender_user = body.sender_user.as_ref().expect("user is authenticated");`
refactor: put endpoints into modules 2020-07-30 16:14:47 +00:00
			`let device = db`
			`.users`
fix: use device_id when registering TIL body.device_id != (*body).device_id, which is pretty bad, so I renamed body.device_id to body.sender_device 2020-10-18 18:33:12 +00:00			`.get_device_metadata(&sender_user, &body.body.device_id)?`
refactor: put endpoints into modules 2020-07-30 16:14:47 +00:00			`.ok_or(Error::BadRequest(ErrorKind::NotFound, "Device not found."))?;`

			`Ok(get_device::Response { device }.into())`
			`}`

			`#[cfg_attr(`
			`feature = "conduit_bin",`
fix: use device_id when registering TIL body.device_id != (*body).device_id, which is pretty bad, so I renamed body.device_id to body.sender_device 2020-10-18 18:33:12 +00:00			`put("/_matrix/client/r0/devices/<_>", data = "<body>")`
refactor: put endpoints into modules 2020-07-30 16:14:47 +00:00			`)]`
feat: opentelemetry/jaeger support 2021-02-28 11:41:03 +00:00			`#[tracing::instrument(skip(db, body))]`
improvement: flush after every request that manipulates the db 2020-10-21 19:28:02 +00:00			`pub async fn update_device_route(`
Sqlite 2021-07-14 07:07:08 +00:00			`db: DatabaseGuard,`
Update ruma version 2020-09-08 15:32:03 +00:00			`body: Ruma<update_device::Request<'_>>,`
refactor: put endpoints into modules 2020-07-30 16:14:47 +00:00			`) -> ConduitResult<update_device::Response> {`
fix: use device_id when registering TIL body.device_id != (*body).device_id, which is pretty bad, so I renamed body.device_id to body.sender_device 2020-10-18 18:33:12 +00:00			`let sender_user = body.sender_user.as_ref().expect("user is authenticated");`
refactor: put endpoints into modules 2020-07-30 16:14:47 +00:00
			`let mut device = db`
			`.users`
fix: use device_id when registering TIL body.device_id != (*body).device_id, which is pretty bad, so I renamed body.device_id to body.sender_device 2020-10-18 18:33:12 +00:00			`.get_device_metadata(&sender_user, &body.device_id)?`
refactor: put endpoints into modules 2020-07-30 16:14:47 +00:00			`.ok_or(Error::BadRequest(ErrorKind::NotFound, "Device not found."))?;`

			`device.display_name = body.display_name.clone();`

			`db.users`
fix: use device_id when registering TIL body.device_id != (*body).device_id, which is pretty bad, so I renamed body.device_id to body.sender_device 2020-10-18 18:33:12 +00:00			`.update_device_metadata(&sender_user, &body.device_id, &device)?;`
refactor: put endpoints into modules 2020-07-30 16:14:47 +00:00
improvement: flush after every request that manipulates the db 2020-10-21 19:28:02 +00:00			`db.flush().await?;`

refactor: put endpoints into modules 2020-07-30 16:14:47 +00:00			`Ok(update_device::Response.into())`
			`}`

			`#[cfg_attr(`
			`feature = "conduit_bin",`
fix: use device_id when registering TIL body.device_id != (*body).device_id, which is pretty bad, so I renamed body.device_id to body.sender_device 2020-10-18 18:33:12 +00:00			`delete("/_matrix/client/r0/devices/<_>", data = "<body>")`
refactor: put endpoints into modules 2020-07-30 16:14:47 +00:00			`)]`
feat: opentelemetry/jaeger support 2021-02-28 11:41:03 +00:00			`#[tracing::instrument(skip(db, body))]`
improvement: flush after every request that manipulates the db 2020-10-21 19:28:02 +00:00			`pub async fn delete_device_route(`
Sqlite 2021-07-14 07:07:08 +00:00			`db: DatabaseGuard,`
Update ruma version 2020-09-08 15:32:03 +00:00			`body: Ruma<delete_device::Request<'_>>,`
refactor: put endpoints into modules 2020-07-30 16:14:47 +00:00			`) -> ConduitResult<delete_device::Response> {`
fix: use device_id when registering TIL body.device_id != (*body).device_id, which is pretty bad, so I renamed body.device_id to body.sender_device 2020-10-18 18:33:12 +00:00			`let sender_user = body.sender_user.as_ref().expect("user is authenticated");`
			`let sender_device = body.sender_device.as_ref().expect("user is authenticated");`
refactor: put endpoints into modules 2020-07-30 16:14:47 +00:00
			`// UIAA`
			`let mut uiaainfo = UiaaInfo {`
			`flows: vec![AuthFlow {`
			`stages: vec!["m.login.password".to_owned()],`
			`}],`
			`completed: Vec::new(),`
			`params: Default::default(),`
			`session: None,`
			`auth_error: None,`
			`};`

			`if let Some(auth) = &body.auth {`
			`let (worked, uiaainfo) = db.uiaa.try_auth(`
fix: use device_id when registering TIL body.device_id != (*body).device_id, which is pretty bad, so I renamed body.device_id to body.sender_device 2020-10-18 18:33:12 +00:00			`&sender_user,`
			`&sender_device,`
refactor: put endpoints into modules 2020-07-30 16:14:47 +00:00			`auth,`
			`&uiaainfo,`
			`&db.users,`
			`&db.globals,`
			`)?;`
			`if !worked {`
			`return Err(Error::Uiaa(uiaainfo));`
			`}`
			`// Success!`
			`} else {`
Return proper error in case of invalid UTF-8 in json_body json_body is used in places that need authentication. In case an unknown field is set, Ruma doesn't parse the field and so doesn't give an error on invalid UTF-8. But Conduit has parsed and on error makes json_body None. Return an error to the client instead of generating an internal error. 2021-06-30 21:12:22 +00:00			`if let Some(json) = body.json_body {`
			`uiaainfo.session = Some(utils::random_string(SESSION_ID_LENGTH));`
			`db.uiaa`
			`.create(&sender_user, &sender_device, &uiaainfo, &json)?;`
			`return Err(Error::Uiaa(uiaainfo));`
			`} else {`
			`return Err(Error::BadRequest(ErrorKind::NotJson, "Not json."));`
			`}`
refactor: put endpoints into modules 2020-07-30 16:14:47 +00:00			`}`

fix: use device_id when registering TIL body.device_id != (*body).device_id, which is pretty bad, so I renamed body.device_id to body.sender_device 2020-10-18 18:33:12 +00:00			`db.users.remove_device(&sender_user, &body.device_id)?;`
refactor: put endpoints into modules 2020-07-30 16:14:47 +00:00
improvement: flush after every request that manipulates the db 2020-10-21 19:28:02 +00:00			`db.flush().await?;`

refactor: put endpoints into modules 2020-07-30 16:14:47 +00:00			`Ok(delete_device::Response.into())`
			`}`

			`#[cfg_attr(`
			`feature = "conduit_bin",`
			`post("/_matrix/client/r0/delete_devices", data = "<body>")`
			`)]`
feat: opentelemetry/jaeger support 2021-02-28 11:41:03 +00:00			`#[tracing::instrument(skip(db, body))]`
improvement: flush after every request that manipulates the db 2020-10-21 19:28:02 +00:00			`pub async fn delete_devices_route(`
Sqlite 2021-07-14 07:07:08 +00:00			`db: DatabaseGuard,`
Update ruma version 2020-09-08 15:32:03 +00:00			`body: Ruma<delete_devices::Request<'_>>,`
refactor: put endpoints into modules 2020-07-30 16:14:47 +00:00			`) -> ConduitResult<delete_devices::Response> {`
fix: use device_id when registering TIL body.device_id != (*body).device_id, which is pretty bad, so I renamed body.device_id to body.sender_device 2020-10-18 18:33:12 +00:00			`let sender_user = body.sender_user.as_ref().expect("user is authenticated");`
			`let sender_device = body.sender_device.as_ref().expect("user is authenticated");`
refactor: put endpoints into modules 2020-07-30 16:14:47 +00:00
			`// UIAA`
			`let mut uiaainfo = UiaaInfo {`
			`flows: vec![AuthFlow {`
			`stages: vec!["m.login.password".to_owned()],`
			`}],`
			`completed: Vec::new(),`
			`params: Default::default(),`
			`session: None,`
			`auth_error: None,`
			`};`

			`if let Some(auth) = &body.auth {`
			`let (worked, uiaainfo) = db.uiaa.try_auth(`
fix: use device_id when registering TIL body.device_id != (*body).device_id, which is pretty bad, so I renamed body.device_id to body.sender_device 2020-10-18 18:33:12 +00:00			`&sender_user,`
			`&sender_device,`
refactor: put endpoints into modules 2020-07-30 16:14:47 +00:00			`auth,`
			`&uiaainfo,`
			`&db.users,`
			`&db.globals,`
			`)?;`
			`if !worked {`
			`return Err(Error::Uiaa(uiaainfo));`
			`}`
			`// Success!`
			`} else {`
Return proper error in case of invalid UTF-8 in json_body json_body is used in places that need authentication. In case an unknown field is set, Ruma doesn't parse the field and so doesn't give an error on invalid UTF-8. But Conduit has parsed and on error makes json_body None. Return an error to the client instead of generating an internal error. 2021-06-30 21:12:22 +00:00			`if let Some(json) = body.json_body {`
			`uiaainfo.session = Some(utils::random_string(SESSION_ID_LENGTH));`
			`db.uiaa`
			`.create(&sender_user, &sender_device, &uiaainfo, &json)?;`
			`return Err(Error::Uiaa(uiaainfo));`
			`} else {`
			`return Err(Error::BadRequest(ErrorKind::NotJson, "Not json."));`
			`}`
refactor: put endpoints into modules 2020-07-30 16:14:47 +00:00			`}`

			`for device_id in &body.devices {`
fix: use device_id when registering TIL body.device_id != (*body).device_id, which is pretty bad, so I renamed body.device_id to body.sender_device 2020-10-18 18:33:12 +00:00			`db.users.remove_device(&sender_user, &device_id)?`
refactor: put endpoints into modules 2020-07-30 16:14:47 +00:00			`}`

improvement: flush after every request that manipulates the db 2020-10-21 19:28:02 +00:00			`db.flush().await?;`

refactor: put endpoints into modules 2020-07-30 16:14:47 +00:00			`Ok(delete_devices::Response.into())`
			`}`