From 8538b2186008c5298cba3765afb541b2b9fc50cd Mon Sep 17 00:00:00 2001 From: timedout Date: Thu, 18 Dec 2025 19:03:06 +0000 Subject: [PATCH] feat: Check for incoming signatures --- Cargo.lock | 22 ++++++++-------- Cargo.toml | 2 +- .../rooms/event_handler/policy_server.rs | 25 ++++++++++++++----- 3 files changed, 31 insertions(+), 18 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 4d903bb6..c0d4f64e 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -4063,7 +4063,7 @@ checksum = "88f8660c1ff60292143c98d08fc6e2f654d722db50410e3f3797d40baaf9d8f3" [[package]] name = "ruma" version = "0.10.1" -source = "git+https://forgejo.ellis.link/continuwuation/ruwuma?rev=c091171279f76d34e530f7b7d7008d12e7429b1a#c091171279f76d34e530f7b7d7008d12e7429b1a" +source = "git+https://forgejo.ellis.link/continuwuation/ruwuma?rev=27abe0dcd33fd4056efc94bab3582646b31b6ce9#27abe0dcd33fd4056efc94bab3582646b31b6ce9" dependencies = [ "assign", "js_int", @@ -4083,7 +4083,7 @@ dependencies = [ [[package]] name = "ruma-appservice-api" version = "0.10.0" -source = "git+https://forgejo.ellis.link/continuwuation/ruwuma?rev=c091171279f76d34e530f7b7d7008d12e7429b1a#c091171279f76d34e530f7b7d7008d12e7429b1a" +source = "git+https://forgejo.ellis.link/continuwuation/ruwuma?rev=27abe0dcd33fd4056efc94bab3582646b31b6ce9#27abe0dcd33fd4056efc94bab3582646b31b6ce9" dependencies = [ "js_int", "ruma-common", @@ -4095,7 +4095,7 @@ dependencies = [ [[package]] name = "ruma-client-api" version = "0.18.0" -source = "git+https://forgejo.ellis.link/continuwuation/ruwuma?rev=c091171279f76d34e530f7b7d7008d12e7429b1a#c091171279f76d34e530f7b7d7008d12e7429b1a" +source = "git+https://forgejo.ellis.link/continuwuation/ruwuma?rev=27abe0dcd33fd4056efc94bab3582646b31b6ce9#27abe0dcd33fd4056efc94bab3582646b31b6ce9" dependencies = [ "as_variant", "assign", @@ -4118,7 +4118,7 @@ dependencies = [ [[package]] name = "ruma-common" version = "0.13.0" -source = "git+https://forgejo.ellis.link/continuwuation/ruwuma?rev=c091171279f76d34e530f7b7d7008d12e7429b1a#c091171279f76d34e530f7b7d7008d12e7429b1a" +source = "git+https://forgejo.ellis.link/continuwuation/ruwuma?rev=27abe0dcd33fd4056efc94bab3582646b31b6ce9#27abe0dcd33fd4056efc94bab3582646b31b6ce9" dependencies = [ "as_variant", "base64 0.22.1", @@ -4150,7 +4150,7 @@ dependencies = [ [[package]] name = "ruma-events" version = "0.28.1" -source = "git+https://forgejo.ellis.link/continuwuation/ruwuma?rev=c091171279f76d34e530f7b7d7008d12e7429b1a#c091171279f76d34e530f7b7d7008d12e7429b1a" +source = "git+https://forgejo.ellis.link/continuwuation/ruwuma?rev=27abe0dcd33fd4056efc94bab3582646b31b6ce9#27abe0dcd33fd4056efc94bab3582646b31b6ce9" dependencies = [ "as_variant", "indexmap", @@ -4175,7 +4175,7 @@ dependencies = [ [[package]] name = "ruma-federation-api" version = "0.9.0" -source = "git+https://forgejo.ellis.link/continuwuation/ruwuma?rev=c091171279f76d34e530f7b7d7008d12e7429b1a#c091171279f76d34e530f7b7d7008d12e7429b1a" +source = "git+https://forgejo.ellis.link/continuwuation/ruwuma?rev=27abe0dcd33fd4056efc94bab3582646b31b6ce9#27abe0dcd33fd4056efc94bab3582646b31b6ce9" dependencies = [ "bytes", "headers", @@ -4197,7 +4197,7 @@ dependencies = [ [[package]] name = "ruma-identifiers-validation" version = "0.9.5" -source = "git+https://forgejo.ellis.link/continuwuation/ruwuma?rev=c091171279f76d34e530f7b7d7008d12e7429b1a#c091171279f76d34e530f7b7d7008d12e7429b1a" +source = "git+https://forgejo.ellis.link/continuwuation/ruwuma?rev=27abe0dcd33fd4056efc94bab3582646b31b6ce9#27abe0dcd33fd4056efc94bab3582646b31b6ce9" dependencies = [ "js_int", "thiserror 2.0.17", @@ -4206,7 +4206,7 @@ dependencies = [ [[package]] name = "ruma-identity-service-api" version = "0.9.0" -source = "git+https://forgejo.ellis.link/continuwuation/ruwuma?rev=c091171279f76d34e530f7b7d7008d12e7429b1a#c091171279f76d34e530f7b7d7008d12e7429b1a" +source = "git+https://forgejo.ellis.link/continuwuation/ruwuma?rev=27abe0dcd33fd4056efc94bab3582646b31b6ce9#27abe0dcd33fd4056efc94bab3582646b31b6ce9" dependencies = [ "js_int", "ruma-common", @@ -4216,7 +4216,7 @@ dependencies = [ [[package]] name = "ruma-macros" version = "0.13.0" -source = "git+https://forgejo.ellis.link/continuwuation/ruwuma?rev=c091171279f76d34e530f7b7d7008d12e7429b1a#c091171279f76d34e530f7b7d7008d12e7429b1a" +source = "git+https://forgejo.ellis.link/continuwuation/ruwuma?rev=27abe0dcd33fd4056efc94bab3582646b31b6ce9#27abe0dcd33fd4056efc94bab3582646b31b6ce9" dependencies = [ "cfg-if", "proc-macro-crate", @@ -4231,7 +4231,7 @@ dependencies = [ [[package]] name = "ruma-push-gateway-api" version = "0.9.0" -source = "git+https://forgejo.ellis.link/continuwuation/ruwuma?rev=c091171279f76d34e530f7b7d7008d12e7429b1a#c091171279f76d34e530f7b7d7008d12e7429b1a" +source = "git+https://forgejo.ellis.link/continuwuation/ruwuma?rev=27abe0dcd33fd4056efc94bab3582646b31b6ce9#27abe0dcd33fd4056efc94bab3582646b31b6ce9" dependencies = [ "js_int", "ruma-common", @@ -4243,7 +4243,7 @@ dependencies = [ [[package]] name = "ruma-signatures" version = "0.15.0" -source = "git+https://forgejo.ellis.link/continuwuation/ruwuma?rev=c091171279f76d34e530f7b7d7008d12e7429b1a#c091171279f76d34e530f7b7d7008d12e7429b1a" +source = "git+https://forgejo.ellis.link/continuwuation/ruwuma?rev=27abe0dcd33fd4056efc94bab3582646b31b6ce9#27abe0dcd33fd4056efc94bab3582646b31b6ce9" dependencies = [ "base64 0.22.1", "ed25519-dalek", diff --git a/Cargo.toml b/Cargo.toml index a657e198..2bb70d3b 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -351,7 +351,7 @@ version = "0.1.2" # Used for matrix spec type definitions and helpers [workspace.dependencies.ruma] git = "https://forgejo.ellis.link/continuwuation/ruwuma" -rev = "c091171279f76d34e530f7b7d7008d12e7429b1a" +rev = "27abe0dcd33fd4056efc94bab3582646b31b6ce9" features = [ "compat", "rand", diff --git a/src/service/rooms/event_handler/policy_server.rs b/src/service/rooms/event_handler/policy_server.rs index 6f626326..31c12655 100644 --- a/src/service/rooms/event_handler/policy_server.rs +++ b/src/service/rooms/event_handler/policy_server.rs @@ -10,7 +10,7 @@ use conduwuit::{ warn, }; use ruma::{ - CanonicalJsonObject, CanonicalJsonValue, KeyId, RoomId, ServerName, + CanonicalJsonObject, CanonicalJsonValue, KeyId, RoomId, ServerName, SigningKeyId, api::federation::room::{ policy_check::unstable::Request as PolicyCheckRequest, policy_sign::unstable::Request as PolicySignRequest, @@ -31,7 +31,7 @@ use serde_json::value::RawValue; /// contacted for whatever reason, Err(e) is returned, which generally is a /// fail-open operation. #[implement(super::Service)] -#[tracing::instrument(skip(self, pdu, pdu_json))] +#[tracing::instrument(skip(self, pdu, pdu_json, room_id))] pub async fn ask_policy_server( &self, pdu: &PduEvent, @@ -109,9 +109,22 @@ pub async fn ask_policy_server( .fetch_policy_server_signature(pdu, pdu_json, via, outgoing, room_id) .await; } - debug!("Event is not local, performing legacy spam check"); - // TODO: this should probably be marking it as failed, but for now fall - // thru + // for incoming events, is it signed by with the key + // "ed25519:policy_server"? + if let Some(CanonicalJsonValue::Object(sigs)) = pdu_json.get("signatures") { + if let Some(CanonicalJsonValue::Object(server_sigs)) = sigs.get(via.as_str()) { + let wanted_key_id: &KeyId = + SigningKeyId::parse("ed25519:policy_server")?; + if let Some(CanonicalJsonValue::String(_sig_value)) = + server_sigs.get(wanted_key_id.as_str()) + { + // TODO: verify signature + } + } + }; + debug!( + "Event is not local and has no policy server signature, performing legacy spam check" + ); } debug_info!( via = %via, @@ -171,7 +184,7 @@ pub async fn ask_policy_server( /// Asks a remote policy server for a signature on this event. /// If the policy server signs this event, the original data is mutated. #[implement(super::Service)] -#[tracing::instrument(skip_all)] +#[tracing::instrument(skip_all, fields(event_id=%pdu.event_id(), via=%via))] pub async fn fetch_policy_server_signature( &self, pdu: &PduEvent,