use crate::{client_server, utils, ConduitResult, Database, Error, PduEvent, Result, Ruma}; use get_profile_information::v1::ProfileField; use http::header::{HeaderValue, AUTHORIZATION, HOST}; use log::{info, warn}; use rocket::{get, post, put, response::content::Json, State}; use ruma::{ api::{ federation::{ directory::{get_public_rooms, get_public_rooms_filtered}, discovery::{ get_server_keys, get_server_version::v1 as get_server_version, ServerSigningKeys, VerifyKey, }, event::get_missing_events, query::get_profile_information, transactions::send_transaction_message, }, OutgoingRequest, }, directory::{IncomingFilter, IncomingRoomNetwork}, EventId, RoomId, ServerName, ServerSigningKeyId, UserId, }; use std::{ collections::BTreeMap, convert::TryFrom, fmt::Debug, net::{IpAddr, SocketAddr}, time::{Duration, SystemTime}, }; pub async fn send_request( globals: &crate::database::globals::Globals, destination: Box, request: T, ) -> Result where T: Debug, { if globals.federation_disabled() { return Err(Error::bad_config("Federation is disabled.")); } let maybe_result = globals .actual_destination_cache .read() .unwrap() .get(&destination) .cloned(); let (actual_destination, host) = if let Some(result) = maybe_result { result } else { let result = find_actual_destination(globals, &destination).await; globals .actual_destination_cache .write() .unwrap() .insert(destination.clone(), result.clone()); result }; let mut http_request = request .try_into_http_request(&actual_destination, Some("")) .map_err(|e| { warn!("Failed to find destination {}: {}", actual_destination, e); Error::BadServerResponse("Invalid destination") })?; let mut request_map = serde_json::Map::new(); if !http_request.body().is_empty() { request_map.insert( "content".to_owned(), serde_json::from_slice(http_request.body()) .expect("body is valid json, we just created it"), ); }; request_map.insert("method".to_owned(), T::METADATA.method.to_string().into()); request_map.insert( "uri".to_owned(), http_request .uri() .path_and_query() .expect("all requests have a path") .to_string() .into(), ); request_map.insert("origin".to_owned(), globals.server_name().as_str().into()); request_map.insert("destination".to_owned(), destination.as_str().into()); let mut request_json = serde_json::from_value(request_map.into()).expect("valid JSON is valid BTreeMap"); ruma::signatures::sign_json( globals.server_name().as_str(), globals.keypair(), &mut request_json, ) .expect("our request json is what ruma expects"); let request_json: serde_json::Map = serde_json::from_slice(&serde_json::to_vec(&request_json).unwrap()).unwrap(); let signatures = request_json["signatures"] .as_object() .unwrap() .values() .map(|v| { v.as_object() .unwrap() .iter() .map(|(k, v)| (k, v.as_str().unwrap())) }); for signature_server in signatures { for s in signature_server { http_request.headers_mut().insert( AUTHORIZATION, HeaderValue::from_str(&format!( "X-Matrix origin={},key=\"{}\",sig=\"{}\"", globals.server_name(), s.0, s.1 )) .unwrap(), ); } } if let Some(host) = host { http_request .headers_mut() .insert(HOST, HeaderValue::from_str(&host).unwrap()); } let mut reqwest_request = reqwest::Request::try_from(http_request) .expect("all http requests are valid reqwest requests"); *reqwest_request.timeout_mut() = Some(Duration::from_secs(30)); let url = reqwest_request.url().clone(); let reqwest_response = globals.reqwest_client().execute(reqwest_request).await; // Because reqwest::Response -> http::Response is complicated: match reqwest_response { Ok(mut reqwest_response) => { let status = reqwest_response.status(); let mut http_response = http::Response::builder().status(status); let headers = http_response.headers_mut().unwrap(); for (k, v) in reqwest_response.headers_mut().drain() { if let Some(key) = k { headers.insert(key, v); } } let status = reqwest_response.status(); let body = reqwest_response .bytes() .await .unwrap_or_else(|e| { warn!("server error {}", e); Vec::new().into() }) // TODO: handle timeout .into_iter() .collect::>(); if status != 200 { info!( "Server returned bad response {} {}\n{}\n{:?}", destination, status, url, utils::string_from_bytes(&body) ); } let response = T::IncomingResponse::try_from( http_response .body(body) .expect("reqwest body is valid http body"), ); response.map_err(|_| { info!( "Server returned invalid response bytes {}\n{}", destination, url ); Error::BadServerResponse("Server returned bad response.") }) } Err(e) => Err(e.into()), } } fn get_ip_with_port(destination_str: String) -> Option { if destination_str.parse::().is_ok() { Some(destination_str) } else if let Ok(ip_addr) = destination_str.parse::() { Some(SocketAddr::new(ip_addr, 8448).to_string()) } else { None } } fn add_port_to_hostname(destination_str: String) -> String { match destination_str.find(':') { None => destination_str.to_owned() + ":8448", Some(_) => destination_str.to_string(), } } /// Returns: actual_destination, host header /// Implemented according to the specification at https://matrix.org/docs/spec/server_server/r0.1.4#resolving-server-names /// Numbers in comments below refer to bullet points in linked section of specification async fn find_actual_destination( globals: &crate::database::globals::Globals, destination: &Box, ) -> (String, Option) { let mut host = None; let destination_str = destination.as_str().to_owned(); let actual_destination = "https://".to_owned() + &match get_ip_with_port(destination_str.clone()) { Some(host_port) => { // 1: IP literal with provided or default port host_port } None => { if destination_str.find(':').is_some() { // 2: Hostname with included port destination_str } else { match request_well_known(globals, &destination.as_str()).await { // 3: A .well-known file is available Some(delegated_hostname) => { match get_ip_with_port(delegated_hostname.clone()) { Some(host_and_port) => host_and_port, // 3.1: IP literal in .well-known file None => { if destination_str.find(':').is_some() { // 3.2: Hostname with port in .well-known file destination_str } else { match query_srv_record(globals, &delegated_hostname).await { // 3.3: SRV lookup successful Some(hostname) => hostname, // 3.4: No SRV records, just use the hostname from .well-known None => add_port_to_hostname(delegated_hostname), } } } } } // 4: No .well-known or an error occured None => { match query_srv_record(globals, &destination_str).await { // 4: SRV record found Some(hostname) => { host = Some(destination_str.to_owned()); hostname } // 5: No SRV record found None => add_port_to_hostname(destination_str.to_string()), } } } } } }; (actual_destination, host) } async fn query_srv_record<'a>( globals: &crate::database::globals::Globals, hostname: &'a str, ) -> Option { if let Ok(Some(host_port)) = globals .dns_resolver() .srv_lookup(format!("_matrix._tcp.{}", hostname)) .await .map(|srv| { srv.iter().next().map(|result| { format!( "{}:{}", result.target().to_string().trim_end_matches('.'), result.port().to_string() ) }) }) { Some(host_port) } else { None } } pub async fn request_well_known( globals: &crate::database::globals::Globals, destination: &str, ) -> Option { let body: serde_json::Value = serde_json::from_str( &globals .reqwest_client() .get(&format!( "https://{}/.well-known/matrix/server", destination )) .send() .await .ok()? .text() .await .ok()?, ) .ok()?; Some(body.get("m.server")?.as_str()?.to_owned()) } #[cfg_attr(feature = "conduit_bin", get("/_matrix/federation/v1/version"))] pub fn get_server_version_route( db: State<'_, Database>, ) -> ConduitResult { if db.globals.federation_disabled() { return Err(Error::bad_config("Federation is disabled.")); } Ok(get_server_version::Response { server: Some(get_server_version::Server { name: Some("Conduit".to_owned()), version: Some(env!("CARGO_PKG_VERSION").to_owned()), }), } .into()) } #[cfg_attr(feature = "conduit_bin", get("/_matrix/key/v2/server"))] pub fn get_server_keys_route(db: State<'_, Database>) -> Json { if db.globals.federation_disabled() { // TODO: Use proper types return Json("Federation is disabled.".to_owned()); } let mut verify_keys = BTreeMap::new(); verify_keys.insert( ServerSigningKeyId::try_from( format!("ed25519:{}", db.globals.keypair().version()).as_str(), ) .expect("found invalid server signing keys in DB"), VerifyKey { key: base64::encode_config(db.globals.keypair().public_key(), base64::STANDARD_NO_PAD), }, ); let mut response = serde_json::from_slice( http::Response::try_from(get_server_keys::v2::Response { server_key: ServerSigningKeys { server_name: db.globals.server_name().to_owned(), verify_keys, old_verify_keys: BTreeMap::new(), signatures: BTreeMap::new(), valid_until_ts: SystemTime::now() + Duration::from_secs(60 * 2), }, }) .unwrap() .body(), ) .unwrap(); ruma::signatures::sign_json( db.globals.server_name().as_str(), db.globals.keypair(), &mut response, ) .unwrap(); Json(ruma::serde::to_canonical_json_string(&response).expect("JSON is canonical")) } #[cfg_attr(feature = "conduit_bin", get("/_matrix/key/v2/server/<_>"))] pub fn get_server_keys_deprecated_route(db: State<'_, Database>) -> Json { get_server_keys_route(db) } #[cfg_attr( feature = "conduit_bin", post("/_matrix/federation/v1/publicRooms", data = "") )] pub async fn get_public_rooms_filtered_route( db: State<'_, Database>, body: Ruma>, ) -> ConduitResult { if db.globals.federation_disabled() { return Err(Error::bad_config("Federation is disabled.")); } let response = client_server::get_public_rooms_filtered_helper( &db, None, body.limit, body.since.as_deref(), &body.filter, &body.room_network, ) .await? .0; Ok(get_public_rooms_filtered::v1::Response { chunk: response .chunk .into_iter() .map(|c| { // Convert ruma::api::federation::directory::get_public_rooms::v1::PublicRoomsChunk // to ruma::api::client::r0::directory::PublicRoomsChunk Ok::<_, Error>( serde_json::from_str( &serde_json::to_string(&c) .expect("PublicRoomsChunk::to_string always works"), ) .expect("federation and client-server PublicRoomsChunk are the same type"), ) }) .filter_map(|r| r.ok()) .collect(), prev_batch: response.prev_batch, next_batch: response.next_batch, total_room_count_estimate: response.total_room_count_estimate, } .into()) } #[cfg_attr( feature = "conduit_bin", get("/_matrix/federation/v1/publicRooms", data = "") )] pub async fn get_public_rooms_route( db: State<'_, Database>, body: Ruma>, ) -> ConduitResult { if db.globals.federation_disabled() { return Err(Error::bad_config("Federation is disabled.")); } let response = client_server::get_public_rooms_filtered_helper( &db, None, body.limit, body.since.as_deref(), &IncomingFilter::default(), &IncomingRoomNetwork::Matrix, ) .await? .0; Ok(get_public_rooms::v1::Response { chunk: response .chunk .into_iter() .map(|c| { // Convert ruma::api::federation::directory::get_public_rooms::v1::PublicRoomsChunk // to ruma::api::client::r0::directory::PublicRoomsChunk Ok::<_, Error>( serde_json::from_str( &serde_json::to_string(&c) .expect("PublicRoomsChunk::to_string always works"), ) .expect("federation and client-server PublicRoomsChunk are the same type"), ) }) .filter_map(|r| r.ok()) .collect(), prev_batch: response.prev_batch, next_batch: response.next_batch, total_room_count_estimate: response.total_room_count_estimate, } .into()) } #[cfg_attr( feature = "conduit_bin", put("/_matrix/federation/v1/send/<_>", data = "") )] pub async fn send_transaction_message_route<'a>( db: State<'a, Database>, body: Ruma>, ) -> ConduitResult { if db.globals.federation_disabled() { return Err(Error::bad_config("Federation is disabled.")); } for edu in &body.edus { match serde_json::from_str::(edu.json().get()) { Ok(edu) => match edu.edu_type.as_str() { "m.typing" => { if let Some(typing) = edu.content.get("typing") { if typing.as_bool().unwrap_or_default() { db.rooms.edus.typing_add( &UserId::try_from(edu.content["user_id"].as_str().unwrap()) .unwrap(), &RoomId::try_from(edu.content["room_id"].as_str().unwrap()) .unwrap(), 3000 + utils::millis_since_unix_epoch(), &db.globals, )?; } else { db.rooms.edus.typing_remove( &UserId::try_from(edu.content["user_id"].as_str().unwrap()) .unwrap(), &RoomId::try_from(edu.content["room_id"].as_str().unwrap()) .unwrap(), &db.globals, )?; } } } "m.presence" => {} "m.receipt" => {} _ => {} }, Err(_err) => { continue; } } } // TODO: For RoomVersion6 we must check that Raw<..> is canonical do we anywhere? // SPEC: // Servers MUST strictly enforce the JSON format specified in the appendices. // This translates to a 400 M_BAD_JSON error on most endpoints, or discarding of // events over federation. For example, the Federation API's /send endpoint would // discard the event whereas the Client Server API's /send/{eventType} endpoint // would return a M_BAD_JSON error. let mut resolved_map = BTreeMap::new(); for pdu in &body.pdus { // Ruma/PduEvent/StateEvent satisfies - 1. Is a valid event, otherwise it is dropped. // state-res checks signatures - 2. Passes signature checks, otherwise event is dropped. // 3. Passes hash checks, otherwise it is redacted before being processed further. // TODO: redact event if hashing fails let (event_id, value) = crate::pdu::process_incoming_pdu(pdu); let pdu = serde_json::from_value::( serde_json::to_value(&value).expect("CanonicalJsonObj is a valid JsonValue"), ) .expect("all ruma pdus are conduit pdus"); let room_id = &pdu.room_id; // If we have no idea about this room skip the PDU if !db.rooms.exists(room_id)? { resolved_map.insert(event_id, Err("Room is unknown to this server".into())); continue; } let count = db.globals.next_count()?; let mut pdu_id = room_id.as_bytes().to_vec(); pdu_id.push(0xff); pdu_id.extend_from_slice(&count.to_be_bytes()); db.rooms.append_to_state(&pdu_id, &pdu, &db.globals)?; db.rooms.append_pdu( &pdu, value, count, pdu_id.clone().into(), &db.globals, &db.account_data, &db.admin, )?; for appservice in db.appservice.iter_all().filter_map(|r| r.ok()) { db.sending.send_pdu_appservice(&appservice.0, &pdu_id)?; } resolved_map.insert(event_id, Ok::<(), String>(())); } Ok(send_transaction_message::v1::Response { pdus: resolved_map }.into()) } #[cfg_attr( feature = "conduit_bin", post("/_matrix/federation/v1/get_missing_events/<_>", data = "") )] pub fn get_missing_events_route<'a>( db: State<'a, Database>, body: Ruma>, ) -> ConduitResult { if db.globals.federation_disabled() { return Err(Error::bad_config("Federation is disabled.")); } let mut queued_events = body.latest_events.clone(); let mut events = Vec::new(); let mut i = 0; while i < queued_events.len() && events.len() < u64::from(body.limit) as usize { if let Some(pdu) = db.rooms.get_pdu_json(&queued_events[i])? { if body.earliest_events.contains( &serde_json::from_value( pdu.get("event_id") .cloned() .ok_or_else(|| Error::bad_database("Event in db has no event_id field."))?, ) .map_err(|_| Error::bad_database("Invalid event_id field in pdu in db."))?, ) { i += 1; continue; } queued_events.extend_from_slice( &serde_json::from_value::>( pdu.get("prev_events").cloned().ok_or_else(|| { Error::bad_database("Invalid prev_events field of pdu in db.") })?, ) .map_err(|_| Error::bad_database("Invalid prev_events content in pdu in db."))?, ); events.push(serde_json::from_value(pdu).expect("Raw<..> is always valid")); } i += 1; } Ok(get_missing_events::v1::Response { events }.into()) } #[cfg_attr( feature = "conduit_bin", get("/_matrix/federation/v1/query/profile", data = "") )] pub fn get_profile_information_route<'a>( db: State<'a, Database>, body: Ruma>, ) -> ConduitResult { if db.globals.federation_disabled() { return Err(Error::bad_config("Federation is disabled.")); } let mut displayname = None; let mut avatar_url = None; match &body.field { // TODO: what to do with custom Some(ProfileField::_Custom(_s)) => {} Some(ProfileField::DisplayName) => displayname = db.users.displayname(&body.user_id)?, Some(ProfileField::AvatarUrl) => avatar_url = db.users.avatar_url(&body.user_id)?, None => { displayname = db.users.displayname(&body.user_id)?; avatar_url = db.users.avatar_url(&body.user_id)?; } } Ok(get_profile_information::v1::Response { displayname, avatar_url, } .into()) } /* #[cfg_attr( feature = "conduit_bin", get("/_matrix/federation/v2/invite/<_>/<_>", data = "") )] pub fn get_user_devices_route<'a>( db: State<'a, Database>, body: Ruma>, ) -> ConduitResult { if db.globals.federation_disabled() { return Err(Error::bad_config("Federation is disabled.")); } let mut displayname = None; let mut avatar_url = None; match body.field { Some(ProfileField::DisplayName) => displayname = db.users.displayname(&body.user_id)?, Some(ProfileField::AvatarUrl) => avatar_url = db.users.avatar_url(&body.user_id)?, None => { displayname = db.users.displayname(&body.user_id)?; avatar_url = db.users.avatar_url(&body.user_id)?; } } Ok(get_profile_information::v1::Response { displayname, avatar_url, } .into()) } */ #[cfg(test)] mod tests { use super::{add_port_to_hostname, get_ip_with_port}; #[test] fn ips_get_default_ports() { assert_eq!( get_ip_with_port(String::from("1.1.1.1")), Some(String::from("1.1.1.1:8448")) ); assert_eq!( get_ip_with_port(String::from("dead:beef::")), Some(String::from("[dead:beef::]:8448")) ); } #[test] fn ips_keep_custom_ports() { assert_eq!( get_ip_with_port(String::from("1.1.1.1:1234")), Some(String::from("1.1.1.1:1234")) ); assert_eq!( get_ip_with_port(String::from("[dead::beef]:8933")), Some(String::from("[dead::beef]:8933")) ); } #[test] fn hostnames_get_default_ports() { assert_eq!( add_port_to_hostname(String::from("example.com")), "example.com:8448" ) } #[test] fn hostnames_keep_custom_ports() { assert_eq!( add_port_to_hostname(String::from("example.com:1337")), "example.com:1337" ) } }