Correct invite signing

2025-12-17 03:43:11 -06:00 · 2020-05-06 16:47:55 +01:00 · 2020-05-06 16:47:55 +01:00 · c9dc2bcd9b
parent 63775d5b1b
commit c9dc2bcd9b
4 changed files with 21 additions and 25 deletions
--- a/federationsender/federationsender.go
+++ b/federationsender/federationsender.go
@ -43,7 +43,9 @@ func SetupFederationSenderComponent(
 		logrus.WithError(err).Panic("failed to connect to federation sender db")
 	}

-	roomserverProducer := producers.NewRoomserverProducer(rsAPI, base.Cfg.Matrix.ServerName)
+	roomserverProducer := producers.NewRoomserverProducer(
+		rsAPI, base.Cfg.Matrix.ServerName, base.Cfg.Matrix.KeyID, base.Cfg.Matrix.PrivateKey,
+	)

 	statistics := &types.Statistics{}
 	queues := queue.NewOutgoingQueues(
--- a/federationsender/producers/roomserver.go
+++ b/federationsender/producers/roomserver.go
@ -16,6 +16,7 @@ package producers

 import (
 	"context"
+	"crypto/ed25519"

 	"github.com/matrix-org/dendrite/roomserver/api"
 	"github.com/matrix-org/gomatrixserverlib"
@ -25,15 +26,20 @@ import (
 type RoomserverProducer struct {
 	InputAPI   api.RoomserverInternalAPI
 	serverName gomatrixserverlib.ServerName
+	keyID      gomatrixserverlib.KeyID
+	privateKey ed25519.PrivateKey
 }

 // NewRoomserverProducer creates a new RoomserverProducer
 func NewRoomserverProducer(
 	rsAPI api.RoomserverInternalAPI, serverName gomatrixserverlib.ServerName,
+	keyID gomatrixserverlib.KeyID, privateKey ed25519.PrivateKey,
 ) *RoomserverProducer {
 	return &RoomserverProducer{
 		InputAPI:   rsAPI,
 		serverName: serverName,
+		keyID:      keyID,
+		privateKey: privateKey,
 	}
 }

@ -43,7 +49,7 @@ func NewRoomserverProducer(
 func (c *RoomserverProducer) SendInviteResponse(
 	ctx context.Context, res gomatrixserverlib.RespInviteV2, roomVersion gomatrixserverlib.RoomVersion,
 ) (string, error) {
-	ev := res.Event.Headered(roomVersion)
+	ev := res.Event.Sign(string(c.serverName), c.keyID, c.privateKey).Headered(roomVersion)
 	ire := api.InputRoomEvent{
 		Kind:          api.KindNew,
 		Event:         ev,
--- a/roomserver/internal/input.go
+++ b/roomserver/internal/input.go
@ -54,27 +54,15 @@ func (r *RoomserverInternalAPI) InputRoomEvents(
 	ctx context.Context,
 	request *api.InputRoomEventsRequest,
 	response *api.InputRoomEventsResponse,
-) error {
+) (err error) {
 	// We lock as processRoomEvent can only be called once at a time
 	r.mutex.Lock()
 	defer r.mutex.Unlock()
 	for i := range request.InputInviteEvents {
-		if event, err := processInviteEvent(ctx, r.DB, r, request.InputInviteEvents[i]); err != nil {
+		if err = processInviteEvent(ctx, r.DB, r, request.InputInviteEvents[i]); err != nil {
 			return err
-		} else {
-			// If the room is one that we know about then append the invite
-			// event to the list of room events to process.
-			if nid, err := r.DB.RoomNIDExcludingStubs(ctx, event.RoomID()); err == nil && nid > 0 {
-				request.InputRoomEvents = append(request.InputRoomEvents, api.InputRoomEvent{
-					Kind:         api.KindNew,
-					Event:        *event,
-					AuthEventIDs: event.AuthEventIDs(),
-					SendAsServer: string(r.Cfg.Matrix.ServerName),
-				})
-			}
 		}
 	}
-	var err error
 	for i := range request.InputRoomEvents {
 		if response.EventID, err = processRoomEvent(ctx, r.DB, r, request.InputRoomEvents[i]); err != nil {
 			return err
--- a/roomserver/internal/input_events.go
+++ b/roomserver/internal/input_events.go
@ -134,9 +134,9 @@ func processInviteEvent(
 	db storage.Database,
 	ow OutputRoomEventWriter,
 	input api.InputInviteEvent,
-) (returned *gomatrixserverlib.HeaderedEvent, err error) {
+) (err error) {
 	if input.Event.StateKey() == nil {
-		return nil, fmt.Errorf("invite must be a state event")
+		return fmt.Errorf("invite must be a state event")
 	}

 	roomID := input.Event.RoomID()
@ -151,7 +151,7 @@ func processInviteEvent(

 	updater, err := db.MembershipUpdater(ctx, roomID, targetUserID, input.RoomVersion)
 	if err != nil {
-		return nil, err
+		return err
 	}
 	succeeded := false
 	defer func() {
@ -189,7 +189,7 @@ func processInviteEvent(
 		// For now we will implement option 2. Since in the abesence of a retry
 		// mechanism it will be equivalent to option 1, and we don't have a
 		// signalling mechanism to implement option 3.
-		return nil, nil
+		return nil
 	}

 	event := input.Event.Unwrap()
@ -199,7 +199,7 @@ func processInviteEvent(
 		// most likely to be if the event came in over federation) then use
 		// that.
 		if err = event.SetUnsignedField("invite_room_state", input.InviteRoomState); err != nil {
-			return nil, err
+			return err
 		}
 	} else {
 		// There's no invite room state, so let's have a go at building it
@ -208,22 +208,22 @@ func processInviteEvent(
 		// the invite room state, if we don't then we just fail quietly.
 		if irs, ierr := buildInviteStrippedState(ctx, db, input); ierr == nil {
 			if err = event.SetUnsignedField("invite_room_state", irs); err != nil {
-				return nil, err
+				return err
 			}
 		}
 	}

 	outputUpdates, err := updateToInviteMembership(updater, &event, nil, input.Event.RoomVersion)
 	if err != nil {
-		return nil, err
+		return err
 	}

 	if err = ow.WriteOutputEvents(roomID, outputUpdates); err != nil {
-		return nil, err
+		return err
 	}

 	succeeded = true
-	return &input.Event, nil
+	return nil
 }

 func buildInviteStrippedState(