diff --git a/synapse/api/auth.py b/synapse/api/auth.py
index 2b0475543d..50d4be113f 100644
--- a/synapse/api/auth.py
+++ b/synapse/api/auth.py
@@ -351,7 +351,7 @@ class Auth(object):
return self.store.is_server_admin(user)
@defer.inlineCallbacks
- def add_auth_events(self, event):
+ def get_auth_events(self, event, current_state):
if event.type == RoomCreateEvent.TYPE:
event.auth_events = []
return
@@ -359,19 +359,19 @@ class Auth(object):
auth_events = []
key = (RoomPowerLevelsEvent.TYPE, "", )
- power_level_event = event.old_state_events.get(key)
+ power_level_event = current_state.get(key)
if power_level_event:
auth_events.append(power_level_event.event_id)
key = (RoomJoinRulesEvent.TYPE, "", )
- join_rule_event = event.old_state_events.get(key)
+ join_rule_event = current_state.get(key)
key = (RoomMemberEvent.TYPE, event.user_id, )
- member_event = event.old_state_events.get(key)
+ member_event = current_state.get(key)
key = (RoomCreateEvent.TYPE, "", )
- create_event = event.old_state_events.get(key)
+ create_event = current_state.get(key)
if create_event:
auth_events.append(create_event.event_id)
@@ -403,7 +403,8 @@ class Auth(object):
}
for h in hashes
]
- event.auth_events = zip(auth_events, hashes)
+
+ defer.returnValue(zip(auth_events, hashes))
@log_function
def _can_send_event(self, event, auth_events):
diff --git a/synapse/api/constants.py b/synapse/api/constants.py
index 3cafff0e32..acf50e42ab 100644
--- a/synapse/api/constants.py
+++ b/synapse/api/constants.py
@@ -59,3 +59,12 @@ class LoginType(object):
EMAIL_URL = u"m.login.email.url"
EMAIL_IDENTITY = u"m.login.email.identity"
RECAPTCHA = u"m.login.recaptcha"
+
+
+class EventTypes(object):
+ Member = "m.room.member"
+ Create = "m.room.create"
+ JoinRules = "m.room.join_rules"
+ PowerLevels = "m.room.power_levels"
+ Aliases = "m.room.aliases"
+ Redaction = "m.room.redaction"
\ No newline at end of file
diff --git a/synapse/crypto/event_signing.py b/synapse/crypto/event_signing.py
index a9d8953239..209f9d73fe 100644
--- a/synapse/crypto/event_signing.py
+++ b/synapse/crypto/event_signing.py
@@ -29,17 +29,17 @@ logger = logging.getLogger(__name__)
def check_event_content_hash(event, hash_algorithm=hashlib.sha256):
"""Check whether the hash for this PDU matches the contents"""
- computed_hash = _compute_content_hash(event, hash_algorithm)
- logger.debug("Expecting hash: %s", encode_base64(computed_hash.digest()))
- if computed_hash.name not in event.hashes:
+ name, expected_hash = compute_content_hash(event, hash_algorithm)
+ logger.debug("Expecting hash: %s", encode_base64(expected_hash))
+ if name not in event.hashes:
raise SynapseError(
400,
"Algorithm %s not in hashes %s" % (
- computed_hash.name, list(event.hashes),
+ name, list(event.hashes),
),
Codes.UNAUTHORIZED,
)
- message_hash_base64 = event.hashes[computed_hash.name]
+ message_hash_base64 = event.hashes[name.name]
try:
message_hash_bytes = decode_base64(message_hash_base64)
except:
@@ -48,10 +48,10 @@ def check_event_content_hash(event, hash_algorithm=hashlib.sha256):
"Invalid base64: %s" % (message_hash_base64,),
Codes.UNAUTHORIZED,
)
- return message_hash_bytes == computed_hash.digest()
+ return message_hash_bytes == expected_hash
-def _compute_content_hash(event, hash_algorithm):
+def compute_content_hash(event, hash_algorithm):
event_json = event.get_pdu_json()
event_json.pop("age_ts", None)
event_json.pop("unsigned", None)
@@ -59,8 +59,11 @@ def _compute_content_hash(event, hash_algorithm):
event_json.pop("hashes", None)
event_json.pop("outlier", None)
event_json.pop("destinations", None)
+
event_json_bytes = encode_canonical_json(event_json)
- return hash_algorithm(event_json_bytes)
+
+ hashed = hash_algorithm(event_json_bytes)
+ return (hashed.name, hashed.digest())
def compute_event_reference_hash(event, hash_algorithm=hashlib.sha256):
@@ -86,20 +89,20 @@ def compute_event_signature(event, signature_name, signing_key):
def add_hashes_and_signatures(event, signature_name, signing_key,
hash_algorithm=hashlib.sha256):
- if hasattr(event, "old_state_events"):
- state_json_bytes = encode_canonical_json(
- [e.event_id for e in event.old_state_events.values()]
- )
- hashed = hash_algorithm(state_json_bytes)
- event.state_hash = {
- hashed.name: encode_base64(hashed.digest())
- }
+ # if hasattr(event, "old_state_events"):
+ # state_json_bytes = encode_canonical_json(
+ # [e.event_id for e in event.old_state_events.values()]
+ # )
+ # hashed = hash_algorithm(state_json_bytes)
+ # event.state_hash = {
+ # hashed.name: encode_base64(hashed.digest())
+ # }
- hashed = _compute_content_hash(event, hash_algorithm=hash_algorithm)
+ name, digest = compute_content_hash(event, hash_algorithm=hash_algorithm)
if not hasattr(event, "hashes"):
event.hashes = {}
- event.hashes[hashed.name] = encode_base64(hashed.digest())
+ event.hashes[name] = encode_base64(digest)
event.signatures = compute_event_signature(
event,
diff --git a/synapse/events/__init__.py b/synapse/events/__init__.py
index eefc9d3b30..6748198917 100644
--- a/synapse/events/__init__.py
+++ b/synapse/events/__init__.py
@@ -16,6 +16,21 @@
from frozendict import frozendict
+def _freeze(o):
+ if isinstance(o, dict):
+ return frozendict({k: _freeze(v) for k,v in o.items()})
+
+ if isinstance(o, basestring):
+ return o
+
+ try:
+ return tuple([_freeze(i) for i in o])
+ except TypeError:
+ pass
+
+ return o
+
+
class _EventInternalMetadata(object):
def __init__(self, internal_metadata_dict):
self.__dict__ = internal_metadata_dict
@@ -24,78 +39,47 @@ class _EventInternalMetadata(object):
return dict(self.__dict__)
-class Event(object):
- def __init__(self, event_dict, internal_metadata_dict={}):
- self._signatures = event_dict.get("signatures", {})
- self._unsigned = event_dict.get("unsigned", {})
+def _event_dict_property(key):
+ def getter(self):
+ return self._event_dict[key]
- self._original = {
- k: v
- for k, v in event_dict.items()
- if k not in ["signatures", "unsigned"]
- }
+ def setter(self, v):
+ self._event_dict[key] = v
- self._event_dict = frozendict(self._original)
+ def delete(self):
+ del self._event_dict[key]
- self.internal_metadata = _EventInternalMetadata(
- internal_metadata_dict
+ return property(
+ getter,
+ setter,
+ delete,
)
- @property
- def auth_events(self):
- return self._event_dict["auth_events"]
-
- @property
- def content(self):
- return self._event_dict["content"]
-
- @property
- def event_id(self):
- return self._event_dict["event_id"]
-
- @property
- def hashes(self):
- return self._event_dict["hashes"]
-
- @property
- def origin(self):
- return self._event_dict["origin"]
-
- @property
- def prev_events(self):
- return self._event_dict["prev_events"]
-
- @property
- def prev_state(self):
- return self._event_dict["prev_state"]
-
- @property
- def room_id(self):
- return self._event_dict["room_id"]
-
- @property
- def signatures(self):
- return self._signatures
- @property
- def state_key(self):
- return self._event_dict["state_key"]
+class EventBase(object):
+ def __init__(self, event_dict, signatures={}, unsigned={},
+ internal_metadata_dict={}):
+ self.signatures = signatures
+ self.unsigned = unsigned
- @property
- def type(self):
- return self._event_dict["type"]
+ self._event_dict = event_dict
- @property
- def unsigned(self):
- return self._unsigned
-
- @property
- def user_id(self):
- return self._event_dict["sender"]
+ self.internal_metadata = _EventInternalMetadata(
+ internal_metadata_dict
+ )
- @property
- def sender(self):
- return self._event_dict["sender"]
+ auth_events = _event_dict_property("auth_events")
+ content = _event_dict_property("content")
+ event_id = _event_dict_property("event_id")
+ hashes = _event_dict_property("hashes")
+ origin = _event_dict_property("origin")
+ prev_events = _event_dict_property("prev_events")
+ prev_state = _event_dict_property("prev_state")
+ room_id = _event_dict_property("room_id")
+ sender = _event_dict_property("sender")
+ state_key = _event_dict_property("state_key")
+ type = _event_dict_property("type")
+ user_id = _event_dict_property("sender")
def get_dict(self):
d = dict(self._original)
@@ -117,4 +101,33 @@ class Event(object):
pdu_json.setdefault("unsigned", {})["age"] = int(age)
del pdu_json["unsigned"]["age_ts"]
- return pdu_json
\ No newline at end of file
+ return pdu_json
+
+ def __set__(self, instance, value):
+ raise AttributeError("Unrecognized attribute %s" % (instance,))
+
+
+class FrozenEvent(EventBase):
+ def __init__(self, event_dict, signatures={}, unsigned={}):
+ event_dict = dict(event_dict)
+
+ signatures.update(event_dict.pop("signatures", {}))
+ unsigned.update(event_dict.pop("unsigned", {}))
+
+ frozen_dict = _freeze(event_dict)
+
+ super(FrozenEvent, self).__init__(
+ frozen_dict,
+ signatures=signatures,
+ unsigned=unsigned
+ )
+
+ @staticmethod
+ def from_event(event):
+ e = FrozenEvent(
+ event.event_dict()
+ )
+
+ e.internal_metadata = event.internal_metadata
+
+ return e
diff --git a/synapse/events/builder.py b/synapse/events/builder.py
index d741795bc5..39b4d2a2ab 100644
--- a/synapse/events/builder.py
+++ b/synapse/events/builder.py
@@ -13,32 +13,24 @@
# See the License for the specific language governing permissions and
# limitations under the License.
-from . import Event
+from . import EventBase, FrozenEvent
from synapse.types import EventID
from synapse.util.stringutils import random_string
-class EventBuilder(object):
+class EventBuilder(EventBase):
def __init__(self, key_values={}):
- self._event_dict = dict(key_values)
- self._metadata = {}
-
- def update_event_key(self, key, value):
- self._event_dict[key] = value
+ super(FrozenEvent, self).__init__(
+ key_values,
+ )
def update_event_keys(self, other_dict):
self._event_dict.update(other_dict)
- def update_internal_key(self, key, value):
- self._metadata[key] = value
-
def build(self):
- return Event(
- self._event_dict,
- self._metadata,
- )
+ return FrozenEvent.from_event(self)
class EventBuilderFactory(object):
diff --git a/synapse/events/snapshot.py b/synapse/events/snapshot.py
new file mode 100644
index 0000000000..ca15ec09ae
--- /dev/null
+++ b/synapse/events/snapshot.py
@@ -0,0 +1,63 @@
+# -*- coding: utf-8 -*-
+# Copyright 2014 OpenMarket Ltd
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+from twisted.internet import defer
+
+
+class EventSnapshot(object):
+ def __init__(self, prev_events, depth, current_state,
+ current_state_group):
+ self._prev_events = prev_events
+ self._depth = depth
+ self._current_state = current_state
+ self._current_state_group = current_state_group
+
+
+class EventCache(object):
+ def __init__(self, store):
+ self._store = store
+
+ self._cache = {}
+
+ @defer.inlineCallbacks
+ def load_event(self, event_id):
+ event = self._cache.get(event_id, None)
+
+ if not event:
+ event = yield self._store.get_event(
+ event_id,
+ allow_none=True
+ )
+
+ if event:
+ self._cache[event_id] = event
+
+ defer.returnValue(event)
+
+ def load_event_from_cache(self, event_id):
+ return self._cache.get(event_id, None)
+
+ def add_to_cache(self, *events):
+ self._cache.update({
+ event.event_id: event
+ for event in events
+ })
+
+
+class EventContext(object):
+
+ def __init__(self, current_state, auth_events):
+ self.current_state = current_state
+ self.auth_events = auth_events
diff --git a/synapse/events/utils.py b/synapse/events/utils.py
new file mode 100644
index 0000000000..412f690f08
--- /dev/null
+++ b/synapse/events/utils.py
@@ -0,0 +1,82 @@
+# -*- coding: utf-8 -*-
+# Copyright 2014 OpenMarket Ltd
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+from synapse.api.constants import EventTypes
+
+
+def prune_event(event):
+ """ Returns a pruned version of the given event, which removes all keys we
+ don't know about or think could potentially be dodgy.
+
+ This is used when we "redact" an event. We want to remove all fields that
+ the user has specified, but we do want to keep necessary information like
+ type, state_key etc.
+ """
+ event_type = event.type
+
+ allowed_keys = [
+ "event_id",
+ "sender",
+ "room_id",
+ "hashes",
+ "signatures",
+ "content",
+ "type",
+ "state_key",
+ "depth",
+ "prev_events",
+ "prev_state",
+ "auth_events",
+ "origin",
+ "origin_server_ts",
+ ]
+
+ new_content = {}
+
+ def add_fields(*fields):
+ for field in fields:
+ if field in event.content:
+ new_content[field] = event.content[field]
+
+ if event_type == EventTypes.Member:
+ add_fields("membership")
+ elif event_type == EventTypes.Create:
+ add_fields("creator")
+ elif event_type == EventTypes.JoinRules:
+ add_fields("join_rule")
+ elif event_type == EventTypes.PowerLevels:
+ add_fields(
+ "users",
+ "users_default",
+ "events",
+ "events_default",
+ "events_default",
+ "state_default",
+ "ban",
+ "kick",
+ "redact",
+ )
+ elif event_type == EventTypes.Aliases:
+ add_fields("aliases")
+
+ allowed_fields = {
+ k: v
+ for k, v in event.get_dict().items()
+ if k in allowed_keys
+ }
+
+ allowed_fields["content"] = new_content
+
+ return type(event)(allowed_fields)
diff --git a/synapse/events/validator.py b/synapse/events/validator.py
new file mode 100644
index 0000000000..7dc9506ec4
--- /dev/null
+++ b/synapse/events/validator.py
@@ -0,0 +1,58 @@
+# -*- coding: utf-8 -*-
+# Copyright 2014 OpenMarket Ltd
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+from synapse.types import EventID, RoomID, UserID
+from synapse.api.errors import SynapseError
+
+
+class EventValidator(object):
+
+ def validate(self, event):
+ EventID.from_string(event.event_id)
+ RoomID.from_string(event.room_id)
+
+ hasattr(event, "auth_events")
+ hasattr(event, "content")
+ hasattr(event, "hashes")
+ hasattr(event, "origin")
+ hasattr(event, "prev_events")
+ hasattr(event, "prev_events")
+ hasattr(event, "sender")
+ hasattr(event, "type")
+
+ # Check that the following keys have string values
+ strings = [
+ "origin",
+ "sender",
+ "type",
+ ]
+
+ if hasattr(event, "state_key"):
+ strings.append("state_key")
+
+ for s in strings:
+ if not isinstance(getattr(event, s), basestring):
+ raise SynapseError(400, "Not '%s' a string type" % (s,))
+
+ # Check that the following keys have dictionary values
+ # TODO
+
+ # Check that the following keys have the correct format for DAGs
+ # TODO
+
+ def validate_new(self, event):
+ self.validate(event)
+
+ UserID.from_string(event.sender)
\ No newline at end of file
diff --git a/synapse/handlers/_base.py b/synapse/handlers/_base.py
index 15adc9dc2c..a45715bf60 100644
--- a/synapse/handlers/_base.py
+++ b/synapse/handlers/_base.py
@@ -21,6 +21,8 @@ from synapse.crypto.event_signing import add_hashes_and_signatures
from synapse.api.events.room import RoomMemberEvent
from synapse.api.constants import Membership
+from synapse.events.snapshot import EventSnapshot, EventContext
+
import logging
@@ -57,6 +59,55 @@ class BaseHandler(object):
)
@defer.inlineCallbacks
+ def _handle_new_client_event(self, builder):
+ latest_ret = yield self.store.get_latest_events_in_room(
+ builder.room_id,
+ )
+
+ depth = max([d for _, _, d in latest_ret])
+ prev_events = [(e, h) for e, h, _ in latest_ret]
+
+ group, curr_state = yield self.state_handler.resolve_state_groups(
+ [e for e, _ in prev_events]
+ )
+
+ snapshot = EventSnapshot(
+ prev_events=prev_events,
+ depth=depth,
+ current_state=curr_state,
+ current_state_group=group,
+ )
+
+ builder.prev_events = prev_events
+ builder.depth = depth
+
+ auth_events = yield self.auth.get_event_auth(builder, curr_state)
+
+ builder.update_event_key("auth_events", auth_events)
+
+ add_hashes_and_signatures(
+ builder, self.server_name, self.signing_key
+ )
+
+ event = builder.build()
+
+ auth_ids = zip(*auth_events)[0]
+ curr_auth_events = {
+ k: v
+ for k, v in curr_state
+ if v.event_id in auth_ids
+ }
+
+ context = EventContext(
+ current_state=curr_state,
+ auth_events=curr_auth_events,
+ )
+
+ self.auth.check(event, auth_events=context.auth_events)
+
+
+
+ @defer.inlineCallbacks
def _on_new_room_event(self, event, snapshot, extra_destinations=[],
extra_users=[], suppress_auth=False,
do_invite_host=None):
|
