69c29172c3
* Use utility methods from gomatrixserverlib, rather than reimplementing them * Return string rather than pointer to string * Update gomatrixserverlib
308 lines
10 KiB
Go
308 lines
10 KiB
Go
package gomatrixserverlib
|
|
|
|
import (
|
|
"bytes"
|
|
"encoding/json"
|
|
"fmt"
|
|
"github.com/matrix-org/util"
|
|
"golang.org/x/crypto/ed25519"
|
|
"io"
|
|
"io/ioutil"
|
|
"net/http"
|
|
"strings"
|
|
"time"
|
|
)
|
|
|
|
// A FederationRequest is a request to send to a remote server or a request
|
|
// received from a remote server.
|
|
// Federation requests are signed by building a JSON object and signing it
|
|
type FederationRequest struct {
|
|
// fields implement the JSON format needed for signing
|
|
// specified in https://matrix.org/docs/spec/server_server/unstable.html#request-authentication
|
|
fields struct {
|
|
Content rawJSON `json:"content,omitempty"`
|
|
Destination ServerName `json:"destination"`
|
|
Method string `json:"method"`
|
|
Origin ServerName `json:"origin"`
|
|
RequestURI string `json:"uri"`
|
|
Signatures map[ServerName]map[KeyID]string `json:"signatures,omitempty"`
|
|
}
|
|
}
|
|
|
|
// NewFederationRequest creates a matrix request. Takes an HTTP method, a
|
|
// destination homeserver and a request path which can have a query string.
|
|
// The destination is the name of a matrix homeserver.
|
|
// The request path must begin with a slash.
|
|
// Eg. NewFederationRequest("GET", "matrix.org", "/_matrix/federation/v1/send/123")
|
|
func NewFederationRequest(method string, destination ServerName, requestURI string) FederationRequest {
|
|
var r FederationRequest
|
|
r.fields.Destination = destination
|
|
r.fields.Method = strings.ToUpper(method)
|
|
r.fields.RequestURI = requestURI
|
|
return r
|
|
}
|
|
|
|
// SetContent sets the JSON content for the request.
|
|
// Returns an error if there already is JSON content present on the request.
|
|
func (r *FederationRequest) SetContent(content interface{}) error {
|
|
if r.fields.Content != nil {
|
|
return fmt.Errorf("gomatrixserverlib: content already set on the request")
|
|
}
|
|
if r.fields.Signatures != nil {
|
|
return fmt.Errorf("gomatrixserverlib: the request is signed and cannot be modified")
|
|
}
|
|
data, err := json.Marshal(content)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
r.fields.Content = rawJSON(data)
|
|
return nil
|
|
}
|
|
|
|
// Method returns the JSON method for the request.
|
|
func (r *FederationRequest) Method() string {
|
|
return r.fields.Method
|
|
}
|
|
|
|
// Content returns the JSON content for the request.
|
|
func (r *FederationRequest) Content() []byte {
|
|
return []byte(r.fields.Content)
|
|
}
|
|
|
|
// Origin returns the server that the request originated on.
|
|
func (r *FederationRequest) Origin() ServerName {
|
|
return r.fields.Origin
|
|
}
|
|
|
|
// RequestURI returns the path and query sections of the HTTP request URL.
|
|
func (r *FederationRequest) RequestURI() string {
|
|
return r.fields.RequestURI
|
|
}
|
|
|
|
// Sign the matrix request with an ed25519 key.
|
|
// Uses the algorithm specified https://matrix.org/docs/spec/server_server/unstable.html#request-authentication
|
|
// Updates the request with the signature in place.
|
|
// Returns an error if there was a problem signing the request.
|
|
func (r *FederationRequest) Sign(serverName ServerName, keyID KeyID, privateKey ed25519.PrivateKey) error {
|
|
if r.fields.Origin != "" && r.fields.Origin != serverName {
|
|
return fmt.Errorf("gomatrixserverlib: the request is already signed by a different server")
|
|
}
|
|
r.fields.Origin = serverName
|
|
// The request fields are already in the form required by the specification
|
|
// So we can just serialise the request fields using the default marshaller
|
|
data, err := json.Marshal(r.fields)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
signedData, err := SignJSON(string(serverName), keyID, privateKey, data)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
// Now we can deserialise the signed request back into the request structure
|
|
// to set the Signatures field, (This will clobber the other fields but they
|
|
// will all round-trip through an encode/decode.)
|
|
return json.Unmarshal(signedData, &r.fields)
|
|
}
|
|
|
|
// HTTPRequest constructs an net/http.Request for this matrix request.
|
|
// The request can be passed to net/http.Client.Do().
|
|
func (r *FederationRequest) HTTPRequest() (*http.Request, error) {
|
|
urlStr := fmt.Sprintf("matrix://%s%s", r.fields.Destination, r.fields.RequestURI)
|
|
|
|
var content io.Reader
|
|
if r.fields.Content != nil {
|
|
content = bytes.NewReader([]byte(r.fields.Content))
|
|
}
|
|
|
|
httpReq, err := http.NewRequest(r.fields.Method, urlStr, content)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
// Sanity check that the request fields will round-trip properly.
|
|
if httpReq.URL.RequestURI() != r.fields.RequestURI {
|
|
return nil, fmt.Errorf(
|
|
"gomatrixserverlib: Request URI didn't encode properly. Wanted %q. Got %q",
|
|
r.fields.RequestURI, httpReq.URL.RequestURI(),
|
|
)
|
|
}
|
|
|
|
if r.fields.Content != nil {
|
|
httpReq.Header.Set("Content-Type", "application/json")
|
|
}
|
|
|
|
for keyID, sig := range r.fields.Signatures[r.fields.Origin] {
|
|
// Check that we can safely include the origin and key ID in the header.
|
|
// We don't need to check the signature since we already know that it is
|
|
// base64.
|
|
if !isSafeInHTTPQuotedString(string(r.fields.Origin)) {
|
|
return nil, fmt.Errorf("gomatrixserverlib: Request Origin isn't safe to include in an HTTP header")
|
|
}
|
|
if !isSafeInHTTPQuotedString(string(keyID)) {
|
|
return nil, fmt.Errorf("gomatrixserverlib: Request key ID isn't safe to include in an HTTP header")
|
|
}
|
|
httpReq.Header.Add("Authorization", fmt.Sprintf(
|
|
"X-Matrix origin=\"%s\",key=\"%s\",sig=\"%s\"", r.fields.Origin, keyID, sig,
|
|
))
|
|
}
|
|
|
|
return httpReq, nil
|
|
}
|
|
|
|
// isSafeInHTTPQuotedString checks whether the string is safe to include
|
|
// in an HTTP quoted-string without escaping.
|
|
// According to https://tools.ietf.org/html/rfc7230#section-3.2.6 the safe
|
|
// charcters are:
|
|
//
|
|
// qdtext = HTAB / SP / %x21 / %x23-5B / %x5D-7E / %x80-FF
|
|
//
|
|
func isSafeInHTTPQuotedString(text string) bool {
|
|
for i := 0; i < len(text); i++ {
|
|
c := text[i]
|
|
switch {
|
|
case c == '\t':
|
|
continue
|
|
case c == ' ':
|
|
continue
|
|
case c == 0x21:
|
|
continue
|
|
case 0x23 <= c && c <= 0x5B:
|
|
continue
|
|
case 0x5D <= c && c <= 0x7E:
|
|
continue
|
|
case 0x80 <= c && c <= 0xFF:
|
|
continue
|
|
default:
|
|
return false
|
|
}
|
|
}
|
|
return true
|
|
}
|
|
|
|
// VerifyHTTPRequest extracts and verifies the contents of a net/http.Request.
|
|
// It consumes the body of the request.
|
|
// The JSON content can be accessed using FederationRequest.Content()
|
|
// Returns an 400 error if there was a problem parsing the request.
|
|
// It authenticates the request using an ed25519 signature using the KeyRing.
|
|
// The origin server can be accessed using FederationRequest.Origin()
|
|
// Returns a 401 error if there was a problem authenticating the request.
|
|
// HTTP handlers using this should be careful that they only use the parts of
|
|
// the request that have been authenticated: the method, the request path,
|
|
// the query parameters, and the JSON content. In particular the version of
|
|
// HTTP and the headers aren't protected by the signature.
|
|
func VerifyHTTPRequest(
|
|
req *http.Request, now time.Time, destination ServerName, keys KeyRing,
|
|
) (*FederationRequest, util.JSONResponse) {
|
|
request, err := readHTTPRequest(req)
|
|
if err != nil {
|
|
util.GetLogger(req.Context()).WithError(err).Print("Error parsing HTTP headers")
|
|
return nil, util.MessageResponse(400, "Bad Request")
|
|
}
|
|
request.fields.Destination = destination
|
|
|
|
// The request fields are already in the form required by the specification
|
|
// So we can just serialise the request fields using the default marshaller
|
|
toVerify, err := json.Marshal(request.fields)
|
|
if err != nil {
|
|
util.GetLogger(req.Context()).WithError(err).Print("Error parsing JSON")
|
|
return nil, util.MessageResponse(400, "Invalid JSON")
|
|
}
|
|
|
|
if request.Origin() == "" {
|
|
message := "Missing \"Authorization: X-Matrix ...\" HTTP header"
|
|
util.GetLogger(req.Context()).WithError(err).Print(message)
|
|
return nil, util.MessageResponse(401, message)
|
|
}
|
|
|
|
results, err := keys.VerifyJSONs([]VerifyJSONRequest{{
|
|
ServerName: request.Origin(),
|
|
AtTS: AsTimestamp(now),
|
|
Message: toVerify,
|
|
}})
|
|
if err != nil {
|
|
message := "Error authenticating request"
|
|
util.GetLogger(req.Context()).WithError(err).Print(message)
|
|
return nil, util.MessageResponse(500, message)
|
|
}
|
|
if results[0].Error != nil {
|
|
message := "Invalid request signature"
|
|
util.GetLogger(req.Context()).WithError(results[0].Error).Print(message)
|
|
return nil, util.MessageResponse(401, message)
|
|
}
|
|
|
|
return request, util.JSONResponse{Code: 200, JSON: struct{}{}}
|
|
}
|
|
|
|
// Returns an error if there was a problem reading the content of the request
|
|
func readHTTPRequest(req *http.Request) (*FederationRequest, error) {
|
|
var result FederationRequest
|
|
|
|
result.fields.Method = req.Method
|
|
result.fields.RequestURI = req.URL.RequestURI()
|
|
|
|
content, err := ioutil.ReadAll(req.Body)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
if len(content) != 0 {
|
|
if req.Header.Get("Content-Type") != "application/json" {
|
|
return nil, fmt.Errorf(
|
|
"gomatrixserverlib: The request must be \"application/json\" not %q",
|
|
req.Header.Get("Content-Type"),
|
|
)
|
|
}
|
|
result.fields.Content = rawJSON(content)
|
|
}
|
|
|
|
for _, authorization := range req.Header["Authorization"] {
|
|
scheme, origin, key, sig := parseAuthorization(authorization)
|
|
if scheme != "X-Matrix" {
|
|
// Ignore unknown types of Authorization.
|
|
continue
|
|
}
|
|
if origin == "" || key == "" || sig == "" {
|
|
return nil, fmt.Errorf("gomatrixserverlib: invalid X-Matrix authorization header")
|
|
}
|
|
if result.fields.Origin != "" && result.fields.Origin != origin {
|
|
return nil, fmt.Errorf("gomatrixserverlib: different origins in X-Matrix authorization headers")
|
|
}
|
|
result.fields.Origin = origin
|
|
if result.fields.Signatures == nil {
|
|
result.fields.Signatures = map[ServerName]map[KeyID]string{origin: {key: sig}}
|
|
} else {
|
|
result.fields.Signatures[origin][key] = sig
|
|
}
|
|
}
|
|
|
|
return &result, nil
|
|
}
|
|
|
|
func parseAuthorization(header string) (scheme string, origin ServerName, key KeyID, sig string) {
|
|
parts := strings.SplitN(header, " ", 2)
|
|
scheme = parts[0]
|
|
if scheme != "X-Matrix" {
|
|
return
|
|
}
|
|
if len(parts) != 2 {
|
|
return
|
|
}
|
|
for _, data := range strings.Split(parts[1], ",") {
|
|
pair := strings.SplitN(data, "=", 2)
|
|
if len(pair) != 2 {
|
|
continue
|
|
}
|
|
name := pair[0]
|
|
value := strings.Trim(pair[1], "\"")
|
|
if name == "origin" {
|
|
origin = ServerName(value)
|
|
}
|
|
if name == "key" {
|
|
key = KeyID(value)
|
|
}
|
|
if name == "sig" {
|
|
sig = value
|
|
}
|
|
}
|
|
return
|
|
}
|