dendrite/clientapi/auth/storage/devices/storage.go

// Copyright 2017 Vector Creations Ltd
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
//     http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.

package devices

import (
	"context"
	"crypto/rand"
	"database/sql"
	"encoding/base64"

	"github.com/matrix-org/dendrite/clientapi/auth/authtypes"
	"github.com/matrix-org/dendrite/common"
	"github.com/matrix-org/gomatrixserverlib"
)

// The length of generated device IDs
var deviceIDByteLength = 6

// Database represents a device database.
type Database struct {
	db      *sql.DB
	devices devicesStatements
}

// NewDatabase creates a new device database
func NewDatabase(dataSourceName string, serverName gomatrixserverlib.ServerName) (*Database, error) {
	var db *sql.DB
	var err error
	if db, err = sql.Open("postgres", dataSourceName); err != nil {
		return nil, err
	}
	d := devicesStatements{}
	if err = d.prepare(db, serverName); err != nil {
		return nil, err
	}
	return &Database{db, d}, nil
}

// GetDeviceByAccessToken returns the device matching the given access token.
// Returns sql.ErrNoRows if no matching device was found.
func (d *Database) GetDeviceByAccessToken(
	ctx context.Context, token string,
) (*authtypes.Device, error) {
	return d.devices.selectDeviceByToken(ctx, token)
}

// GetDeviceByID returns the device matching the given ID.
// Returns sql.ErrNoRows if no matching device was found.
func (d *Database) GetDeviceByID(
	ctx context.Context, localpart, deviceID string,
) (*authtypes.Device, error) {
	return d.devices.selectDeviceByID(ctx, localpart, deviceID)
}

// GetDevicesByLocalpart returns the devices matching the given localpart.
func (d *Database) GetDevicesByLocalpart(
	ctx context.Context, localpart string,
) ([]authtypes.Device, error) {
	return d.devices.selectDevicesByLocalpart(ctx, localpart)
}

// CreateDevice makes a new device associated with the given user ID localpart.
// If there is already a device with the same device ID for this user, that access token will be revoked
// and replaced with the given accessToken. If the given accessToken is already in use for another device,
// an error will be returned.
// If no device ID is given one is generated.
// Returns the device on success.
func (d *Database) CreateDevice(
	ctx context.Context, localpart string, deviceID *string, accessToken string,
	displayName *string,
) (dev *authtypes.Device, returnErr error) {
	if deviceID != nil {
		returnErr = common.WithTransaction(d.db, func(txn *sql.Tx) error {
			var err error
			// Revoke existing token for this device
			if err = d.devices.deleteDevice(ctx, txn, *deviceID, localpart); err != nil {
				return err
			}

			dev, err = d.devices.insertDevice(ctx, txn, *deviceID, localpart, accessToken, displayName)
			return err
		})
	} else {
		// We generate device IDs in a loop in case its already taken.
		// We cap this at going round 5 times to ensure we don't spin forever
		var newDeviceID string
		for i := 1; i <= 5; i++ {
			newDeviceID, returnErr = generateDeviceID()
			if returnErr != nil {
				return
			}

			returnErr = common.WithTransaction(d.db, func(txn *sql.Tx) error {
				var err error
				dev, err = d.devices.insertDevice(ctx, txn, newDeviceID, localpart, accessToken, displayName)
				return err
			})
			if returnErr == nil {
				return
			}
		}
	}
	return
}

// generateDeviceID creates a new device id. Returns an error if failed to generate
// random bytes.
func generateDeviceID() (string, error) {
	b := make([]byte, deviceIDByteLength)
	_, err := rand.Read(b)
	if err != nil {
		return "", err
	}
	// url-safe no padding
	return base64.RawURLEncoding.EncodeToString(b), nil
}

// UpdateDevice updates the given device with the display name.
// Returns SQL error if there are problems and nil on success.
func (d *Database) UpdateDevice(
	ctx context.Context, localpart, deviceID string, displayName *string,
) error {
	return common.WithTransaction(d.db, func(txn *sql.Tx) error {
		return d.devices.updateDeviceName(ctx, txn, localpart, deviceID, displayName)
	})
}

// RemoveDevice revokes a device by deleting the entry in the database
// matching with the given device ID and user ID localpart.
// If the device doesn't exist, it will not return an error
// If something went wrong during the deletion, it will return the SQL error.
func (d *Database) RemoveDevice(
	ctx context.Context, deviceID, localpart string,
) error {
	return common.WithTransaction(d.db, func(txn *sql.Tx) error {
		if err := d.devices.deleteDevice(ctx, txn, deviceID, localpart); err != sql.ErrNoRows {
			return err
		}
		return nil
	})
}

// RemoveAllDevices revokes devices by deleting the entry in the
// database matching the given user ID localpart.
// If something went wrong during the deletion, it will return the SQL error.
func (d *Database) RemoveAllDevices(
	ctx context.Context, localpart string,
) error {
	return common.WithTransaction(d.db, func(txn *sql.Tx) error {
		if err := d.devices.deleteDevicesByLocalpart(ctx, txn, localpart); err != sql.ErrNoRows {
			return err
		}
		return nil
	})
}
Rename packages under /auth (#114) Previously, all database stuff was under the helpfully named package 'storage'. However, this convention is used throughout all of dendrite, which will clash the moment we want to add auth to all the CS API endpoints. To prevent the package name clash, add sub-directories which represent what is being stored so the final usage ends up being: ``` func doThing(db storage.SyncServerDatabase, authDB accounts.Database) { // ... } ``` 2017-05-22 15:49:32 +00:00			`// Copyright 2017 Vector Creations Ltd`
			`//`
			`// Licensed under the Apache License, Version 2.0 (the "License");`
			`// you may not use this file except in compliance with the License.`
			`// You may obtain a copy of the License at`
			`//`
			`// http://www.apache.org/licenses/LICENSE-2.0`
			`//`
			`// Unless required by applicable law or agreed to in writing, software`
			`// distributed under the License is distributed on an "AS IS" BASIS,`
			`// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.`
			`// See the License for the specific language governing permissions and`
			`// limitations under the License.`

			`package devices`

Glue together devices and auth with the current HTTP code (#117) - Renamed `clientapi/auth/types` to `clientapi/auth/authtypes` for the same horrible namespace clashing reasons as `storage`. - Factored out `makeAPI` to `common`. - Added in `makeAuthAPI`. 2017-05-23 16:43:05 +00:00			`import (`
Add contexts to device database (#233) * Add contexts to device database * Remove spurious whitespace 2017-09-18 14:51:26 +00:00			`"context"`
Add app service authentication functions (#433) * Add support for AS ?user= parameter in auth Signed-off-by: Anant Prakash <anantprakashjsr@gmail.com> * Fix typo 2018-06-01 11:16:19 +00:00			`"crypto/rand"`
Add in devices_table to store device information (#118) 2017-05-25 12:33:50 +00:00			`"database/sql"`
Add app service authentication functions (#433) * Add support for AS ?user= parameter in auth Signed-off-by: Anant Prakash <anantprakashjsr@gmail.com> * Fix typo 2018-06-01 11:16:19 +00:00			`"encoding/base64"`
Add in devices_table to store device information (#118) 2017-05-25 12:33:50 +00:00
Glue together devices and auth with the current HTTP code (#117) - Renamed `clientapi/auth/types` to `clientapi/auth/authtypes` for the same horrible namespace clashing reasons as `storage`. - Factored out `makeAPI` to `common`. - Added in `makeAuthAPI`. 2017-05-23 16:43:05 +00:00			`"github.com/matrix-org/dendrite/clientapi/auth/authtypes"`
Factor out runTransaction to common code (#162) 2017-07-17 16:20:57 +00:00			`"github.com/matrix-org/dendrite/common"`
Add in devices_table to store device information (#118) 2017-05-25 12:33:50 +00:00			`"github.com/matrix-org/gomatrixserverlib"`
Glue together devices and auth with the current HTTP code (#117) - Renamed `clientapi/auth/types` to `clientapi/auth/authtypes` for the same horrible namespace clashing reasons as `storage`. - Factored out `makeAPI` to `common`. - Added in `makeAuthAPI`. 2017-05-23 16:43:05 +00:00			`)`

Add app service authentication functions (#433) * Add support for AS ?user= parameter in auth Signed-off-by: Anant Prakash <anantprakashjsr@gmail.com> * Fix typo 2018-06-01 11:16:19 +00:00			`// The length of generated device IDs`
			`var deviceIDByteLength = 6`

Rename packages under /auth (#114) Previously, all database stuff was under the helpfully named package 'storage'. However, this convention is used throughout all of dendrite, which will clash the moment we want to add auth to all the CS API endpoints. To prevent the package name clash, add sub-directories which represent what is being stored so the final usage ends up being: ``` func doThing(db storage.SyncServerDatabase, authDB accounts.Database) { // ... } ``` 2017-05-22 15:49:32 +00:00			`// Database represents a device database.`
			`type Database struct {`
Add in devices_table to store device information (#118) 2017-05-25 12:33:50 +00:00			`db *sql.DB`
			`devices devicesStatements`
Rename packages under /auth (#114) Previously, all database stuff was under the helpfully named package 'storage'. However, this convention is used throughout all of dendrite, which will clash the moment we want to add auth to all the CS API endpoints. To prevent the package name clash, add sub-directories which represent what is being stored so the final usage ends up being: ``` func doThing(db storage.SyncServerDatabase, authDB accounts.Database) { // ... } ``` 2017-05-22 15:49:32 +00:00			`}`

			`// NewDatabase creates a new device database`
Add in devices_table to store device information (#118) 2017-05-25 12:33:50 +00:00			`func NewDatabase(dataSourceName string, serverName gomatrixserverlib.ServerName) (*Database, error) {`
			`var db *sql.DB`
			`var err error`
			`if db, err = sql.Open("postgres", dataSourceName); err != nil {`
			`return nil, err`
			`}`
			`d := devicesStatements{}`
			`if err = d.prepare(db, serverName); err != nil {`
			`return nil, err`
			`}`
			`return &Database{db, d}, nil`
Glue together devices and auth with the current HTTP code (#117) - Renamed `clientapi/auth/types` to `clientapi/auth/authtypes` for the same horrible namespace clashing reasons as `storage`. - Factored out `makeAPI` to `common`. - Added in `makeAuthAPI`. 2017-05-23 16:43:05 +00:00			`}`

			`// GetDeviceByAccessToken returns the device matching the given access token.`
Add in devices_table to store device information (#118) 2017-05-25 12:33:50 +00:00			`// Returns sql.ErrNoRows if no matching device was found.`
Add contexts to device database (#233) * Add contexts to device database * Remove spurious whitespace 2017-09-18 14:51:26 +00:00			`func (d *Database) GetDeviceByAccessToken(`
			`ctx context.Context, token string,`
			`) (*authtypes.Device, error) {`
			`return d.devices.selectDeviceByToken(ctx, token)`
Rename packages under /auth (#114) Previously, all database stuff was under the helpfully named package 'storage'. However, this convention is used throughout all of dendrite, which will clash the moment we want to add auth to all the CS API endpoints. To prevent the package name clash, add sub-directories which represent what is being stored so the final usage ends up being: ``` func doThing(db storage.SyncServerDatabase, authDB accounts.Database) { // ... } ``` 2017-05-22 15:49:32 +00:00			`}`
Add in devices_table to store device information (#118) 2017-05-25 12:33:50 +00:00
Add /devices/ and /device/{deviceID} (#313) Signed-off-by: Paul Tötterman <paul.totterman@iki.fi> 2017-10-17 18:12:54 +00:00			`// GetDeviceByID returns the device matching the given ID.`
			`// Returns sql.ErrNoRows if no matching device was found.`
			`func (d *Database) GetDeviceByID(`
			`ctx context.Context, localpart, deviceID string,`
			`) (*authtypes.Device, error) {`
			`return d.devices.selectDeviceByID(ctx, localpart, deviceID)`
			`}`

			`// GetDevicesByLocalpart returns the devices matching the given localpart.`
			`func (d *Database) GetDevicesByLocalpart(`
			`ctx context.Context, localpart string,`
			`) ([]authtypes.Device, error) {`
			`return d.devices.selectDevicesByLocalpart(ctx, localpart)`
			`}`

Add in devices_table to store device information (#118) 2017-05-25 12:33:50 +00:00			`// CreateDevice makes a new device associated with the given user ID localpart.`
			`// If there is already a device with the same device ID for this user, that access token will be revoked`
cmd: Add create test accounts command (#119) 2017-05-25 16:41:45 +00:00			`// and replaced with the given accessToken. If the given accessToken is already in use for another device,`
			`// an error will be returned.`
Generate new devices for each new /login (#281) 2017-10-10 09:40:52 +00:00			`// If no device ID is given one is generated.`
Add in devices_table to store device information (#118) 2017-05-25 12:33:50 +00:00			`// Returns the device on success.`
Add contexts to device database (#233) * Add contexts to device database * Remove spurious whitespace 2017-09-18 14:51:26 +00:00			`func (d *Database) CreateDevice(`
Generate new devices for each new /login (#281) 2017-10-10 09:40:52 +00:00			`ctx context.Context, localpart string, deviceID *string, accessToken string,`
Add device display names (#319) 2017-11-14 09:59:02 +00:00			`displayName *string,`
Add contexts to device database (#233) * Add contexts to device database * Remove spurious whitespace 2017-09-18 14:51:26 +00:00			`) (dev *authtypes.Device, returnErr error) {`
Generate new devices for each new /login (#281) 2017-10-10 09:40:52 +00:00			`if deviceID != nil {`
			`returnErr = common.WithTransaction(d.db, func(txn *sql.Tx) error {`
			`var err error`
			`// Revoke existing token for this device`
			`if err = d.devices.deleteDevice(ctx, txn, *deviceID, localpart); err != nil {`
			`return err`
			`}`

Add device display names (#319) 2017-11-14 09:59:02 +00:00			`dev, err = d.devices.insertDevice(ctx, txn, *deviceID, localpart, accessToken, displayName)`
Add in devices_table to store device information (#118) 2017-05-25 12:33:50 +00:00			`return err`
Generate new devices for each new /login (#281) 2017-10-10 09:40:52 +00:00			`})`
			`} else {`
			`// We generate device IDs in a loop in case its already taken.`
			`// We cap this at going round 5 times to ensure we don't spin forever`
			`var newDeviceID string`
			`for i := 1; i <= 5; i++ {`
Add app service authentication functions (#433) * Add support for AS ?user= parameter in auth Signed-off-by: Anant Prakash <anantprakashjsr@gmail.com> * Fix typo 2018-06-01 11:16:19 +00:00			`newDeviceID, returnErr = generateDeviceID()`
Generate new devices for each new /login (#281) 2017-10-10 09:40:52 +00:00			`if returnErr != nil {`
			`return`
			`}`
Add in devices_table to store device information (#118) 2017-05-25 12:33:50 +00:00
Generate new devices for each new /login (#281) 2017-10-10 09:40:52 +00:00			`returnErr = common.WithTransaction(d.db, func(txn *sql.Tx) error {`
			`var err error`
Add device display names (#319) 2017-11-14 09:59:02 +00:00			`dev, err = d.devices.insertDevice(ctx, txn, newDeviceID, localpart, accessToken, displayName)`
Generate new devices for each new /login (#281) 2017-10-10 09:40:52 +00:00			`return err`
			`})`
			`if returnErr == nil {`
			`return`
			`}`
			`}`
			`}`
Add in devices_table to store device information (#118) 2017-05-25 12:33:50 +00:00			`return`
			`}`

Add app service authentication functions (#433) * Add support for AS ?user= parameter in auth Signed-off-by: Anant Prakash <anantprakashjsr@gmail.com> * Fix typo 2018-06-01 11:16:19 +00:00			`// generateDeviceID creates a new device id. Returns an error if failed to generate`
			`// random bytes.`
			`func generateDeviceID() (string, error) {`
			`b := make([]byte, deviceIDByteLength)`
			`_, err := rand.Read(b)`
			`if err != nil {`
			`return "", err`
			`}`
			`// url-safe no padding`
			`return base64.RawURLEncoding.EncodeToString(b), nil`
			`}`

Add device display names (#319) 2017-11-14 09:59:02 +00:00			`// UpdateDevice updates the given device with the display name.`
			`// Returns SQL error if there are problems and nil on success.`
			`func (d *Database) UpdateDevice(`
			`ctx context.Context, localpart, deviceID string, displayName *string,`
			`) error {`
			`return common.WithTransaction(d.db, func(txn *sql.Tx) error {`
			`return d.devices.updateDeviceName(ctx, txn, localpart, deviceID, displayName)`
			`})`
			`}`

Implemented logout (#154) 2017-07-11 15:04:34 +00:00			`// RemoveDevice revokes a device by deleting the entry in the database`
Send Application Service Events (#477) * Prevent sql scanning into nil value in accounts_table Signed-off-by: Andrew Morgan <andrewm@matrix.org> * Remove uneccessary logging, null checking * Don't forget to set the localpart * Simplify error checking * Store And Send Application Service Events * Modify INSTALL.md and dendrite-config.yaml for the new appservice database * Correct all instances of casing on 'application service' to align with spec * Store incoming events that an app service is interested in in the database to be later read by transaction workers. * Retrieve these events from transaction workers, one per AS. * Minimal transaction ID data is stored as well to recover after server failure. * Send events to AS and exponentially backoff on failure. Signed-off-by: Andrew Morgan <andrewm@matrix.org> * Finish my own sentences. * Fix up database interaction * Change to event-based AS sending * Reduce cyclomatic complexity * Appease the errcheck gods * Delete by int ID instead of string. This was causing some events to not be deleted, as < an eventID doesn't really make much sense. * Check if there are more events to send before sleeping * Send same transaction if last send attempt failed * Don't backoff on non-200s, tight send loop, 1 event query * Remove tight send loop. Fix events not being deleted * Additionally order by event id, track main.go * Return the last txnID, which our events are using * Remove old main.go file * Prevent duplicate events from being sent... * Strip event content if it doesn't contain anything Signed-off-by: Andrew Morgan <andrewm@matrix.org> * Update gomatrixserverlib and use Unsigned AS event prop * Fixes * Fix sync server comment * Remove unnecessary printlns * Use logrus Fields * Worker state methods * Remove sillyness * Fix up event filtering * Handle transaction event limit in loop * Switch to using a sequence for transaction IDs * Don't verify self-signed AS certificates * Fix logging * Use gmsl.Event instead of AS-only event in transactions Also clear up the logic on lookupStateEvents a little bit. * Change invalid_txn_id to global (for efficiency) * Use a bool for EventsReady instead of an int 2018-07-05 16:34:59 +00:00			`// matching with the given device ID and user ID localpart.`
Implemented logout (#154) 2017-07-11 15:04:34 +00:00			`// If the device doesn't exist, it will not return an error`
Send Application Service Events (#477) * Prevent sql scanning into nil value in accounts_table Signed-off-by: Andrew Morgan <andrewm@matrix.org> * Remove uneccessary logging, null checking * Don't forget to set the localpart * Simplify error checking * Store And Send Application Service Events * Modify INSTALL.md and dendrite-config.yaml for the new appservice database * Correct all instances of casing on 'application service' to align with spec * Store incoming events that an app service is interested in in the database to be later read by transaction workers. * Retrieve these events from transaction workers, one per AS. * Minimal transaction ID data is stored as well to recover after server failure. * Send events to AS and exponentially backoff on failure. Signed-off-by: Andrew Morgan <andrewm@matrix.org> * Finish my own sentences. * Fix up database interaction * Change to event-based AS sending * Reduce cyclomatic complexity * Appease the errcheck gods * Delete by int ID instead of string. This was causing some events to not be deleted, as < an eventID doesn't really make much sense. * Check if there are more events to send before sleeping * Send same transaction if last send attempt failed * Don't backoff on non-200s, tight send loop, 1 event query * Remove tight send loop. Fix events not being deleted * Additionally order by event id, track main.go * Return the last txnID, which our events are using * Remove old main.go file * Prevent duplicate events from being sent... * Strip event content if it doesn't contain anything Signed-off-by: Andrew Morgan <andrewm@matrix.org> * Update gomatrixserverlib and use Unsigned AS event prop * Fixes * Fix sync server comment * Remove unnecessary printlns * Use logrus Fields * Worker state methods * Remove sillyness * Fix up event filtering * Handle transaction event limit in loop * Switch to using a sequence for transaction IDs * Don't verify self-signed AS certificates * Fix logging * Use gmsl.Event instead of AS-only event in transactions Also clear up the logic on lookupStateEvents a little bit. * Change invalid_txn_id to global (for efficiency) * Use a bool for EventsReady instead of an int 2018-07-05 16:34:59 +00:00			`// If something went wrong during the deletion, it will return the SQL error.`
Add contexts to device database (#233) * Add contexts to device database * Remove spurious whitespace 2017-09-18 14:51:26 +00:00			`func (d *Database) RemoveDevice(`
			`ctx context.Context, deviceID, localpart string,`
			`) error {`
Factor out runTransaction to common code (#162) 2017-07-17 16:20:57 +00:00			`return common.WithTransaction(d.db, func(txn *sql.Tx) error {`
Add contexts to device database (#233) * Add contexts to device database * Remove spurious whitespace 2017-09-18 14:51:26 +00:00			`if err := d.devices.deleteDevice(ctx, txn, deviceID, localpart); err != sql.ErrNoRows {`
Implemented logout (#154) 2017-07-11 15:04:34 +00:00			`return err`
			`}`
			`return nil`
			`})`
			`}`
Implement /logout/all (#307) Signed-off-by: Remi Reuvekamp <git@remireuvekamp.nl> 2017-10-15 10:29:47 +00:00
			`// RemoveAllDevices revokes devices by deleting the entry in the`
			`// database matching the given user ID localpart.`
			`// If something went wrong during the deletion, it will return the SQL error.`
			`func (d *Database) RemoveAllDevices(`
			`ctx context.Context, localpart string,`
			`) error {`
			`return common.WithTransaction(d.db, func(txn *sql.Tx) error {`
			`if err := d.devices.deleteDevicesByLocalpart(ctx, txn, localpart); err != sql.ErrNoRows {`
			`return err`
			`}`
			`return nil`
			`})`
			`}`