dendrite/clientapi/auth/storage/devices/sqlite3/storage.go

// Copyright 2017 Vector Creations Ltd
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
//     http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.

package sqlite3

import (
	"context"
	"crypto/rand"
	"database/sql"
	"encoding/base64"

	"github.com/matrix-org/dendrite/clientapi/auth/authtypes"
	"github.com/matrix-org/dendrite/common"
	"github.com/matrix-org/gomatrixserverlib"

	_ "github.com/mattn/go-sqlite3"
)

// The length of generated device IDs
var deviceIDByteLength = 6

// Database represents a device database.
type Database struct {
	db      *sql.DB
	devices devicesStatements
}

// NewDatabase creates a new device database
func NewDatabase(dataSourceName string, serverName gomatrixserverlib.ServerName) (*Database, error) {
	var db *sql.DB
	var err error
	if db, err = sql.Open(common.SQLiteDriverName(), dataSourceName); err != nil {
		return nil, err
	}
	d := devicesStatements{}
	if err = d.prepare(db, serverName); err != nil {
		return nil, err
	}
	return &Database{db, d}, nil
}

// GetDeviceByAccessToken returns the device matching the given access token.
// Returns sql.ErrNoRows if no matching device was found.
func (d *Database) GetDeviceByAccessToken(
	ctx context.Context, token string,
) (*authtypes.Device, error) {
	return d.devices.selectDeviceByToken(ctx, token)
}

// GetDeviceByID returns the device matching the given ID.
// Returns sql.ErrNoRows if no matching device was found.
func (d *Database) GetDeviceByID(
	ctx context.Context, localpart, deviceID string,
) (*authtypes.Device, error) {
	return d.devices.selectDeviceByID(ctx, localpart, deviceID)
}

// GetDevicesByLocalpart returns the devices matching the given localpart.
func (d *Database) GetDevicesByLocalpart(
	ctx context.Context, localpart string,
) ([]authtypes.Device, error) {
	return d.devices.selectDevicesByLocalpart(ctx, localpart)
}

// CreateDevice makes a new device associated with the given user ID localpart.
// If there is already a device with the same device ID for this user, that access token will be revoked
// and replaced with the given accessToken. If the given accessToken is already in use for another device,
// an error will be returned.
// If no device ID is given one is generated.
// Returns the device on success.
func (d *Database) CreateDevice(
	ctx context.Context, localpart string, deviceID *string, accessToken string,
	displayName *string,
) (dev *authtypes.Device, returnErr error) {
	if deviceID != nil {
		returnErr = common.WithTransaction(d.db, func(txn *sql.Tx) error {
			var err error
			// Revoke existing tokens for this device
			if err = d.devices.deleteDevice(ctx, txn, *deviceID, localpart); err != nil {
				return err
			}

			dev, err = d.devices.insertDevice(ctx, txn, *deviceID, localpart, accessToken, displayName)
			return err
		})
	} else {
		// We generate device IDs in a loop in case its already taken.
		// We cap this at going round 5 times to ensure we don't spin forever
		var newDeviceID string
		for i := 1; i <= 5; i++ {
			newDeviceID, returnErr = generateDeviceID()
			if returnErr != nil {
				return
			}

			returnErr = common.WithTransaction(d.db, func(txn *sql.Tx) error {
				var err error
				dev, err = d.devices.insertDevice(ctx, txn, newDeviceID, localpart, accessToken, displayName)
				return err
			})
			if returnErr == nil {
				return
			}
		}
	}
	return
}

// generateDeviceID creates a new device id. Returns an error if failed to generate
// random bytes.
func generateDeviceID() (string, error) {
	b := make([]byte, deviceIDByteLength)
	_, err := rand.Read(b)
	if err != nil {
		return "", err
	}
	// url-safe no padding
	return base64.RawURLEncoding.EncodeToString(b), nil
}

// UpdateDevice updates the given device with the display name.
// Returns SQL error if there are problems and nil on success.
func (d *Database) UpdateDevice(
	ctx context.Context, localpart, deviceID string, displayName *string,
) error {
	return common.WithTransaction(d.db, func(txn *sql.Tx) error {
		return d.devices.updateDeviceName(ctx, txn, localpart, deviceID, displayName)
	})
}

// RemoveDevice revokes a device by deleting the entry in the database
// matching with the given device ID and user ID localpart.
// If the device doesn't exist, it will not return an error
// If something went wrong during the deletion, it will return the SQL error.
func (d *Database) RemoveDevice(
	ctx context.Context, deviceID, localpart string,
) error {
	return common.WithTransaction(d.db, func(txn *sql.Tx) error {
		if err := d.devices.deleteDevice(ctx, txn, deviceID, localpart); err != sql.ErrNoRows {
			return err
		}
		return nil
	})
}

// RemoveDevices revokes one or more devices by deleting the entry in the database
// matching with the given device IDs and user ID localpart.
// If the devices don't exist, it will not return an error
// If something went wrong during the deletion, it will return the SQL error.
func (d *Database) RemoveDevices(
	ctx context.Context, localpart string, devices []string,
) error {
	return common.WithTransaction(d.db, func(txn *sql.Tx) error {
		if err := d.devices.deleteDevices(ctx, txn, localpart, devices); err != sql.ErrNoRows {
			return err
		}
		return nil
	})
}

// RemoveAllDevices revokes devices by deleting the entry in the
// database matching the given user ID localpart.
// If something went wrong during the deletion, it will return the SQL error.
func (d *Database) RemoveAllDevices(
	ctx context.Context, localpart string,
) error {
	return common.WithTransaction(d.db, func(txn *sql.Tx) error {
		if err := d.devices.deleteDevicesByLocalpart(ctx, txn, localpart); err != sql.ErrNoRows {
			return err
		}
		return nil
	})
}
Support sqlite in addition to postgres (#869) * Move current work into single branch * Initial massaging of clientapi etc (not working yet) * Interfaces for accounts/devices databases * Duplicate postgres package for sqlite3 (no changes made to it yet) * Some keydb, accountdb, devicedb, common partition fixes, some more syncapi tweaking * Fix accounts DB, device DB * Update naffka dependency for SQLite * Naffka SQLite * Update naffka to latest master * SQLite support for federationsender * Mostly not-bad support for SQLite in syncapi (although there are problems where lots of events get classed incorrectly as backward extremities, probably because of IN/ANY clauses that are badly supported) * Update Dockerfile -> Go 1.13.7, add build-base (as gcc and friends are needed for SQLite) * Implement GET endpoints for account_data in clientapi * Nuke filtering for now... * Revert "Implement GET endpoints for account_data in clientapi" This reverts commit 4d80dff4583d278620d9b3ed437e9fcd8d4674ee. * Implement GET endpoints for account_data in clientapi (#861) * Implement GET endpoints for account_data in clientapi * Fix accountDB parameter * Remove fmt.Println * Fix insertAccountData SQLite query * Fix accountDB storage interfaces * Add empty push rules into account data on account creation (#862) * Put SaveAccountData into the right function this time * Not sure if roomserver is better or worse now * sqlite work * Allow empty last sent ID for the first event * sqlite: room creation works * Support sending messages * Nuke fmt.println * Move QueryVariadic etc into common, other device fixes * Fix some linter issues * Fix bugs * Fix some linting errors * Fix errcheck lint errors * Make naffka use postgres as fallback, fix couple of compile errors * What on earth happened to the /rooms/{roomID}/send/{eventType} routing Co-authored-by: Neil Alexander <neilalexander@users.noreply.github.com> 2020-02-13 17:27:33 +00:00			`// Copyright 2017 Vector Creations Ltd`
			`//`
			`// Licensed under the Apache License, Version 2.0 (the "License");`
			`// you may not use this file except in compliance with the License.`
			`// You may obtain a copy of the License at`
			`//`
			`// http://www.apache.org/licenses/LICENSE-2.0`
			`//`
			`// Unless required by applicable law or agreed to in writing, software`
			`// distributed under the License is distributed on an "AS IS" BASIS,`
			`// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.`
			`// See the License for the specific language governing permissions and`
			`// limitations under the License.`

			`package sqlite3`

			`import (`
			`"context"`
			`"crypto/rand"`
			`"database/sql"`
			`"encoding/base64"`

			`"github.com/matrix-org/dendrite/clientapi/auth/authtypes"`
			`"github.com/matrix-org/dendrite/common"`
			`"github.com/matrix-org/gomatrixserverlib"`

			`_ "github.com/mattn/go-sqlite3"`
			`)`

			`// The length of generated device IDs`
			`var deviceIDByteLength = 6`

			`// Database represents a device database.`
			`type Database struct {`
			`db *sql.DB`
			`devices devicesStatements`
			`}`

			`// NewDatabase creates a new device database`
			`func NewDatabase(dataSourceName string, serverName gomatrixserverlib.ServerName) (*Database, error) {`
			`var db *sql.DB`
			`var err error`
Add peer-to-peer support into Dendrite via libp2p and fetch (#880) * Use a fork of pq which supports userCurrent on wasm * Use sqlite3_js driver when running in JS * Add cmd/dendritejs to pull in sqlite3_js driver for wasm only * Update to latest go-sqlite-js version * Replace prometheus with a stub. sigh * Hard-code a config and don't use opentracing * Latest go-sqlite3-js version * Generate a key for now * Listen for fetch traffic rather than HTTP * Latest hacks for js * libp2p support * More libp2p * Fork gjson to allow us to enforce auth checks as before Previously, all events would come down redacted because the hash checks would fail. They would fail because sjson.DeleteBytes didn't remove keys not used for hashing. This didn't work because of a build tag which included a file which no-oped the index returned. See https://github.com/tidwall/gjson/issues/157 When it's resolved, let's go back to mainline. * Use gjson@1.6.0 as it fixes https://github.com/tidwall/gjson/issues/157 * Use latest gomatrixserverlib for sig checks * Fix a bug which could cause exclude_from_sync to not be set Caused when sending events over federation. * Use query variadic to make lookups actually work! * Latest gomatrixserverlib * Add notes on getting p2p up and running Partly so I don't forget myself! * refactor: Move p2p specific stuff to cmd/dendritejs This is important or else the normal build of dendrite will fail because the p2p libraries depend on syscall/js which doesn't work on normal builds. Also, clean up main.go to read a bit better. * Update ho-http-js-libp2p to return errors from RoundTrip * Add an LRU cache around the key DB We actually need this for P2P because otherwise we can segfault with things like: "runtime: unexpected return pc for runtime.handleEvent" where the event is a `syscall/js` event, caused by spamming sql.js caused by "Checking event signatures for 14 events of room state" which hammers the key DB repeatedly in quick succession. Using a cache fixes this, though the underlying cause is probably a bug in the version of Go I'm on (1.13.7) * breaking: Add Tracing.Enabled to toggle whether we do opentracing Defaults to false, which is why this is a breaking change. We need this flag because WASM builds cannot do opentracing. * Start adding conditional builds for wasm to handle lib/pq The general idea here is to have the wasm build have a `NewXXXDatabase` that doesn't import any postgres package and hence we never import `lib/pq`, which doesn't work under WASM (undefined `userCurrent`). * Remove lib/pq for wasm for syncapi * Add conditional building to remaining storage APIs * Update build script to set env vars correctly for dendritejs * sqlite bug fixes * Docs * Add a no-op main for dendritejs when not building under wasm * Use the real prometheus, even for WASM Instead, the dendrite-sw.js must mock out `process.pid` and `fs.stat` - which must invoke the callback with an error (e.g `EINVAL`) in order for it to work: ``` global.process = { pid: 1, }; global.fs.stat = function(path, cb) { cb({ code: "EINVAL", }); } ``` * Linting 2020-03-06 10:23:55 +00:00			`if db, err = sql.Open(common.SQLiteDriverName(), dataSourceName); err != nil {`
Support sqlite in addition to postgres (#869) * Move current work into single branch * Initial massaging of clientapi etc (not working yet) * Interfaces for accounts/devices databases * Duplicate postgres package for sqlite3 (no changes made to it yet) * Some keydb, accountdb, devicedb, common partition fixes, some more syncapi tweaking * Fix accounts DB, device DB * Update naffka dependency for SQLite * Naffka SQLite * Update naffka to latest master * SQLite support for federationsender * Mostly not-bad support for SQLite in syncapi (although there are problems where lots of events get classed incorrectly as backward extremities, probably because of IN/ANY clauses that are badly supported) * Update Dockerfile -> Go 1.13.7, add build-base (as gcc and friends are needed for SQLite) * Implement GET endpoints for account_data in clientapi * Nuke filtering for now... * Revert "Implement GET endpoints for account_data in clientapi" This reverts commit 4d80dff4583d278620d9b3ed437e9fcd8d4674ee. * Implement GET endpoints for account_data in clientapi (#861) * Implement GET endpoints for account_data in clientapi * Fix accountDB parameter * Remove fmt.Println * Fix insertAccountData SQLite query * Fix accountDB storage interfaces * Add empty push rules into account data on account creation (#862) * Put SaveAccountData into the right function this time * Not sure if roomserver is better or worse now * sqlite work * Allow empty last sent ID for the first event * sqlite: room creation works * Support sending messages * Nuke fmt.println * Move QueryVariadic etc into common, other device fixes * Fix some linter issues * Fix bugs * Fix some linting errors * Fix errcheck lint errors * Make naffka use postgres as fallback, fix couple of compile errors * What on earth happened to the /rooms/{roomID}/send/{eventType} routing Co-authored-by: Neil Alexander <neilalexander@users.noreply.github.com> 2020-02-13 17:27:33 +00:00			`return nil, err`
			`}`
			`d := devicesStatements{}`
			`if err = d.prepare(db, serverName); err != nil {`
			`return nil, err`
			`}`
			`return &Database{db, d}, nil`
			`}`

			`// GetDeviceByAccessToken returns the device matching the given access token.`
			`// Returns sql.ErrNoRows if no matching device was found.`
			`func (d *Database) GetDeviceByAccessToken(`
			`ctx context.Context, token string,`
			`) (*authtypes.Device, error) {`
			`return d.devices.selectDeviceByToken(ctx, token)`
			`}`

			`// GetDeviceByID returns the device matching the given ID.`
			`// Returns sql.ErrNoRows if no matching device was found.`
			`func (d *Database) GetDeviceByID(`
			`ctx context.Context, localpart, deviceID string,`
			`) (*authtypes.Device, error) {`
			`return d.devices.selectDeviceByID(ctx, localpart, deviceID)`
			`}`

			`// GetDevicesByLocalpart returns the devices matching the given localpart.`
			`func (d *Database) GetDevicesByLocalpart(`
			`ctx context.Context, localpart string,`
			`) ([]authtypes.Device, error) {`
			`return d.devices.selectDevicesByLocalpart(ctx, localpart)`
			`}`

			`// CreateDevice makes a new device associated with the given user ID localpart.`
			`// If there is already a device with the same device ID for this user, that access token will be revoked`
			`// and replaced with the given accessToken. If the given accessToken is already in use for another device,`
			`// an error will be returned.`
			`// If no device ID is given one is generated.`
			`// Returns the device on success.`
			`func (d *Database) CreateDevice(`
			`ctx context.Context, localpart string, deviceID *string, accessToken string,`
			`displayName *string,`
			`) (dev *authtypes.Device, returnErr error) {`
			`if deviceID != nil {`
			`returnErr = common.WithTransaction(d.db, func(txn *sql.Tx) error {`
			`var err error`
			`// Revoke existing tokens for this device`
			`if err = d.devices.deleteDevice(ctx, txn, *deviceID, localpart); err != nil {`
			`return err`
			`}`

			`dev, err = d.devices.insertDevice(ctx, txn, *deviceID, localpart, accessToken, displayName)`
			`return err`
			`})`
			`} else {`
			`// We generate device IDs in a loop in case its already taken.`
			`// We cap this at going round 5 times to ensure we don't spin forever`
			`var newDeviceID string`
			`for i := 1; i <= 5; i++ {`
			`newDeviceID, returnErr = generateDeviceID()`
			`if returnErr != nil {`
			`return`
			`}`

			`returnErr = common.WithTransaction(d.db, func(txn *sql.Tx) error {`
			`var err error`
			`dev, err = d.devices.insertDevice(ctx, txn, newDeviceID, localpart, accessToken, displayName)`
			`return err`
			`})`
			`if returnErr == nil {`
			`return`
			`}`
			`}`
			`}`
			`return`
			`}`

			`// generateDeviceID creates a new device id. Returns an error if failed to generate`
			`// random bytes.`
			`func generateDeviceID() (string, error) {`
			`b := make([]byte, deviceIDByteLength)`
			`_, err := rand.Read(b)`
			`if err != nil {`
			`return "", err`
			`}`
			`// url-safe no padding`
			`return base64.RawURLEncoding.EncodeToString(b), nil`
			`}`

			`// UpdateDevice updates the given device with the display name.`
			`// Returns SQL error if there are problems and nil on success.`
			`func (d *Database) UpdateDevice(`
			`ctx context.Context, localpart, deviceID string, displayName *string,`
			`) error {`
			`return common.WithTransaction(d.db, func(txn *sql.Tx) error {`
			`return d.devices.updateDeviceName(ctx, txn, localpart, deviceID, displayName)`
			`})`
			`}`

			`// RemoveDevice revokes a device by deleting the entry in the database`
			`// matching with the given device ID and user ID localpart.`
			`// If the device doesn't exist, it will not return an error`
			`// If something went wrong during the deletion, it will return the SQL error.`
			`func (d *Database) RemoveDevice(`
			`ctx context.Context, deviceID, localpart string,`
			`) error {`
			`return common.WithTransaction(d.db, func(txn *sql.Tx) error {`
			`if err := d.devices.deleteDevice(ctx, txn, deviceID, localpart); err != sql.ErrNoRows {`
			`return err`
			`}`
			`return nil`
			`})`
			`}`

			`// RemoveDevices revokes one or more devices by deleting the entry in the database`
			`// matching with the given device IDs and user ID localpart.`
			`// If the devices don't exist, it will not return an error`
			`// If something went wrong during the deletion, it will return the SQL error.`
			`func (d *Database) RemoveDevices(`
			`ctx context.Context, localpart string, devices []string,`
			`) error {`
			`return common.WithTransaction(d.db, func(txn *sql.Tx) error {`
			`if err := d.devices.deleteDevices(ctx, txn, localpart, devices); err != sql.ErrNoRows {`
			`return err`
			`}`
			`return nil`
			`})`
			`}`

			`// RemoveAllDevices revokes devices by deleting the entry in the`
			`// database matching the given user ID localpart.`
			`// If something went wrong during the deletion, it will return the SQL error.`
			`func (d *Database) RemoveAllDevices(`
			`ctx context.Context, localpart string,`
			`) error {`
			`return common.WithTransaction(d.db, func(txn *sql.Tx) error {`
			`if err := d.devices.deleteDevicesByLocalpart(ctx, txn, localpart); err != sql.ErrNoRows {`
			`return err`
			`}`
			`return nil`
			`})`
			`}`