Mirror
/
go-neb
mirror of https://github.com/matrix-org/go-neb.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Control which users can start a SAS verification with Neb through regexes in the config 

Signed-off-by: Nikos Filippakis <me@nfil.dev>
pull/333/head
Nikos Filippakis 5 years ago
parent
76b0987c5e
commit
b48a9b4396
No known key found for this signature in database GPG Key ID: 7110E4356101F017
5 changed files with 31 additions and 6 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 6
      api/api.go
  2. 4
      api/handlers/client.go
  3. 20
      clients/bot_client.go
  4. 3
      clients/clients.go
  5. 2
      config.sample.yaml

6
api/api.go
View File

@ -78,11 +78,15 @@ type ClientConfig struct {
// The desired display name for this client. // The desired display name for this client.
// This does not automatically set the display name for this client. See /configureClient. // This does not automatically set the display name for this client. See /configureClient.
DisplayName string DisplayName string
// A list of regexes that control which users are allowed to start a SAS verification with this client.
// When a user starts a new SAS verification with us, their user ID has to match one of these regexes
// for the verification process to start.
AcceptVerificationFromUsers []string
} }
// A IncomingDecimalSAS contains the decimal SAS as displayed on another device. The SAS consists of three numbers. // A IncomingDecimalSAS contains the decimal SAS as displayed on another device. The SAS consists of three numbers.
type IncomingDecimalSAS struct { type IncomingDecimalSAS struct {
// The matrix User ID of the user that Neb uses in the verification process. E.g. @alice:matrix.org
// The matrix User ID of the user that Neb uses in the verification process. E.g. @neb:localhost
UserID id.UserID UserID id.UserID
// The three numbers that the SAS consists of. // The three numbers that the SAS consists of.
SAS [3]uint SAS [3]uint

4
api/handlers/client.go
View File

@ -100,11 +100,11 @@ func (s *VerifySAS) OnIncomingRequest(req *http.Request) util.JSONResponse {
var body api.IncomingDecimalSAS var body api.IncomingDecimalSAS
if err := json.NewDecoder(req.Body).Decode(&body); err != nil { if err := json.NewDecoder(req.Body).Decode(&body); err != nil {
return util.MessageResponse(400, "Error parsing request JSON")
return util.MessageResponse(400, "Error parsing request JSON: "+err.Error())
} }
if err := body.Check(); err != nil { if err := body.Check(); err != nil {
return util.MessageResponse(400, "Error parsing client config")
return util.MessageResponse(400, "Request error: "+err.Error())
} }
client, err := s.Clients.Client(body.UserID) client, err := s.Clients.Client(body.UserID)

20
clients/bot_client.go
View File

@ -2,6 +2,7 @@ package clients
import ( import (
"errors" "errors"
"regexp"
"sync" "sync"
"time" "time"
@ -59,9 +60,26 @@ func (botClient *BotClient) InitOlmMachine(client *mautrix.Client, nebStore *mat
botClient.stateStore = &NebStateStore{&nebStore.InMemoryStore} botClient.stateStore = &NebStateStore{&nebStore.InMemoryStore}
olmMachine := crypto.NewOlmMachine(client, cryptoLogger, cryptoStore, botClient.stateStore) olmMachine := crypto.NewOlmMachine(client, cryptoLogger, cryptoStore, botClient.stateStore)
olmMachine.AcceptVerificationFrom = func(_ string, _ *crypto.DeviceIdentity) (crypto.VerificationRequestResponse, crypto.VerificationHooks) {
regexes := make([]*regexp.Regexp, 0, len(botClient.config.AcceptVerificationFromUsers))
for _, userRegex := range botClient.config.AcceptVerificationFromUsers {
regex, err := regexp.Compile(userRegex)
if err != nil {
cryptoLogger.Error("Error compiling regex %v: %v", userRegex, err)
} else {
regexes = append(regexes, regex)
}
}
olmMachine.AcceptVerificationFrom = func(_ string, otherDevice *crypto.DeviceIdentity) (crypto.VerificationRequestResponse, crypto.VerificationHooks) {
for _, regex := range regexes {
if regex.MatchString(otherDevice.UserID.String()) {
cryptoLogger.Trace("User ID %v matches regex %v, accepting SAS request", otherDevice.UserID, regex)
return crypto.AcceptRequest, botClient return crypto.AcceptRequest, botClient
} }
}
cryptoLogger.Trace("User ID %v does not match any regex, rejecting SAS request", otherDevice.UserID)
return crypto.RejectRequest, botClient
}
if err = olmMachine.Load(); err != nil { if err = olmMachine.Load(); err != nil {
return return
} }

3
clients/clients.go
View File

@ -4,6 +4,7 @@ import (
"database/sql" "database/sql"
"fmt" "fmt"
"net/http" "net/http"
"reflect"
"strings" "strings"
"sync" "sync"
@ -111,7 +112,7 @@ func (c *Clients) updateClientInDB(newConfig api.ClientConfig) (new, old BotClie
defer c.dbMutex.Unlock() defer c.dbMutex.Unlock()
old = c.getClient(newConfig.UserID) old = c.getClient(newConfig.UserID)
if old.Client != nil && old.config == newConfig {
if old.Client != nil && reflect.DeepEqual(old.config, newConfig) {
// Already have a client with that config. // Already have a client with that config.
new = old new = old
return return

2
config.sample.yaml
View File

@ -26,6 +26,7 @@ clients:
Sync: true Sync: true
AutoJoinRooms: true AutoJoinRooms: true
DisplayName: "Go-NEB!" DisplayName: "Go-NEB!"
AcceptVerificationFromUsers: [":localhost:8008"]
- UserID: "@another_goneb:localhost" - UserID: "@another_goneb:localhost"
AccessToken: "MDASDASJDIASDJASDAFGFRGER" AccessToken: "MDASDASJDIASDJASDAFGFRGER"
@ -34,6 +35,7 @@ clients:
Sync: false Sync: false
AutoJoinRooms: false AutoJoinRooms: false
DisplayName: "Go-NEB!" DisplayName: "Go-NEB!"
AcceptVerificationFromUsers: ["^@admin:localhost:8008$"]
# The list of realms which Go-NEB is aware of. # The list of realms which Go-NEB is aware of.
# Delete or modify this list as appropriate. # Delete or modify this list as appropriate.

Write Preview
Loading…
Cancel
Save