user inbox endpoint

Author: Jeff

api.yaml

@@ -755,6 +755,74 @@ paths:
           $ref: "#/paths/~1room~1%7BroomToken%7D~1file~1%7BfileId%7D/get/responses/403"
         404:
           $ref: "#/paths/~1room~1%7BroomToken%7D~1file~1%7BfileId%7D/get/responses/404"
+  /inbox:
+    get:
+      tags: [Users]
+      summary: get all of the current user's inbox messages
+      parameters:
+        - $ref: "#/components/parameters/queryMessagesLimit"
+      responses:
+        200:
+          description: successful operation, returns all of the user's direct messages.  Returns an empty array if there are none.
+          content:
+            application/json:
+              schema:
+                type: array
+                items:
+                  $ref: "#/components/schemas/DirectMessage"
+
+  /inbox/since/{messageId}:
+    get:
+      tags: [Users]
+      summary: Poll the current user's inbox for messages sent since the given message id.
+      parameters:
+        - $ref: "#/components/parameters/pathMessageId"
+        - $ref: "#/components/parameters/queryMessagesLimit"
+      responses:
+        200:
+          description: One or more new messages found.
+          content:
+            application/json:
+              schema:
+                type: array
+                items:
+                  $ref: "#/components/schemas/DirectMessage"
+        304:
+          description: No direct messages received since the given message id.
+
+  /inbox/{sessionId}:
+    post:
+      tags: [Users]
+      summary: Submit a direct message to another user
+      parameters:
+      - $ref: "#/components/parameters/pathSessionId"
+      requestBody:
+        required: true
+        content:
+          application/json:
+            schema:
+              type: object
+              required: [message, signature]
+              properties:
+                message:
+                  type: string
+                  format: byte
+                  description: "Base64-encoded message data."
+                signature:
+                  type: string
+                  format: byte
+                  description: >
+                    Base64-encoded message data XEd25519 signature, signed by the poster's X25519
+                    key contained in the session ID.
+      responses:
+        201:
+          description: Message was accepted for the given user
+        400:
+          description: Invalid request (i.e. missing or malformed message or signature parameters).
+        404:
+          description: The given session id is not a user known to this sogs (or has been globally banned from the server).
+        406:
+          description: Message signature verification failed.
 
   /user/{sessionId}/ban:
     post:
@@ -1675,6 +1743,42 @@ components:
             An XEd25519 signature of the data contained in `data`, signed using the X25519 pubkey
             contained in the user's Session ID.  This field is omitted when `data` is omitted (i.e.
             for deleted messages.)
+
+    DirectMessage:
+      title: The content of a direct message sent through this server
+      type: object
+      properties:
+        id:
+          type: integer
+          format: int64
+          description: The numeric message id.
+        data:
+          type: string
+          format: byte
+          description: >
+            The direct message data, encoded in base64.
+        signature:
+          type: string
+          format: byte
+          description: >
+            An XEd25519 signature of the data contained in `data`, signed using the X25519 pubkey
+            contained in the user's Session ID.
+        expires_at:
+          type: number
+          format: double
+          description: >
+            Unix timestamp of when the message is scheduled to expire from the server.
+        sender:
+          allOf:
+            - $ref: "#/components/schemas/SessionID"
+            - type: object
+              description: "The session ID of the user who sent this message."
+        recipient:
+          allOf:
+            - $ref: "#/components/schemas/SessionID"
+            - type: object
+              description: "The session ID to which this message was sent."
+
   parameters:
     pathRoomToken:
       name: roomToken

sogs/config.py

@@ -18,6 +18,7 @@
 OMQ_LISTEN = 'tcp://*:22028'
 OMQ_INTERNAL = 'ipc://./omq.sock'
 LOG_LEVEL = 'WARNING'
+DM_EXPIRY_DAYS = 15
 UPLOAD_DEFAULT_EXPIRY_DAYS = 15
 UPLOAD_FILENAME_MAX = 60
 UPLOAD_FILENAME_KEEP_PREFIX = 40
@@ -31,6 +32,7 @@
 PROFANITY_FILTER = False
 PROFANITY_SILENT = True
 PROFANITY_CUSTOM = None
+REQUIRE_BLIND_KEYS = False
 TEMPLATE_PATH = 'templates'
 STATIC_PATH = 'static'
 
@@ -94,6 +96,8 @@ def load_config():
             'active_threshold': ('ROOM_DEFAULT_ACTIVE_THRESHOLD', None, float),
             'active_prune_threshold': ('ROOM_ACTIVE_PRUNE_THRESHOLD', None, float),
         },
+        'direct_messages': {'expiry': ('DM_EXPIRY_DAYS', None, float)},
+        'users': {'require_blind_keys': bool_opt('REQUIRE_BLIND_KEYS')},
         'messages': {
             'history_prune_threshold': ('MESSAGE_HISTORY_PRUNE_THRESHOLD', None, float),
             'profanity_filter': bool_opt('PROFANITY_FILTER'),

sogs/crypto.py

@@ -5,12 +5,19 @@
 from nacl.public import PrivateKey
 from nacl.signing import SigningKey, VerifyKey
 from nacl.encoding import Base64Encoder, HexEncoder
+from nacl.bindings import crypto_scalarmult
+
 
 from cryptography.hazmat.primitives.ciphers.aead import AESGCM
 from cryptography.hazmat.primitives.asymmetric.x25519 import X25519PrivateKey, X25519PublicKey
 
+from .utils import decode_hex_or_b64
+from .hashing import blake2b
+
+import binascii
 import secrets
 import hmac
+import functools
 
 import pyonionreq
 
@@ -25,6 +32,8 @@
 server_pubkey = _privkey.public_key
 
 server_pubkey_bytes = server_pubkey.encode()
+server_pubkey_hash_bytes = blake2b(server_pubkey_bytes)
+
 server_pubkey_hex = server_pubkey.encode(HexEncoder).decode('ascii')
 server_pubkey_base64 = server_pubkey.encode(Base64Encoder).decode('ascii')
 
@@ -49,3 +58,21 @@ def server_encrypt(pk, data):
     sk = X25519PrivateKey.from_private_bytes(_privkey.encode())
     secret = hmac.digest(b'LOKI', sk.exchange(pk), 'SHA256')
     return nonce + AESGCM(secret).encrypt(nonce, data, None)
+
+
+xed25519_sign = pyonionreq.xed25519.sign
+xed25519_verify = pyonionreq.xed25519.verify
+xed25519_pubkey = pyonionreq.xed25519.pubkey
+
+
+@functools.lru_cache(maxsize=1024)
+def compute_derived_key_bytes(pk_bytes):
+    """ compute derived key as bytes with no prefix """
+    return crypto_scalarmult(server_pubkey_hash_bytes, pk_bytes)
+
+
+def compute_derived_id(session_id, prefix='15'):
+    """ compute derived session """
+    return prefix + binascii.hexlify(
+        compute_derived_key_bytes(decode_hex_or_b64(session_id[2:], 32))
+    ).decode('ascii')

sogs/db.py

@@ -67,7 +67,7 @@ def transaction(dbconn=None):
 have_returning = True
 
 
-def insert_and_get_pk(insert, pk, *, dbconn=None, **params):
+def insert_and_get_pk(insert, _pk, *, dbconn=None, **params):
     """
     Performs an insert and returns the value of the primary key by appending a RETURNING clause, if
     supported, and otherwise falling back to using .lastrowid.
@@ -79,14 +79,35 @@ def insert_and_get_pk(insert, pk, *, dbconn=None, **params):
     """
 
     if have_returning:
-        insert += f" RETURNING {pk}"
+        insert += f" RETURNING {_pk}"
 
     result = query(insert, dbconn=dbconn, **params)
     if have_returning:
         return result.first()[0]
     return result.lastrowid
 
 
+def insert_and_get_row(insert, _table, _pk, *, dbconn=None, **params):
+    """
+    Performs an insert and returned the row by appending a `RETURNING *` clause, if supported, and
+    otherwise fetching the row immediately after the insertion.
+
+    Takes the query, table name, and primary key column name (the latter two are needed for the
+    SELECT query when the db doesn't support RETURNING), and any parameters to bind.
+
+    Can optionally take the database connection by passing as a dbconn parameter (note that you may
+    not use "dbconn" as a bind parameter).  If omitted uses web.appdb.
+    """
+
+    if have_returning:
+        insert += " RETURNING *"
+        return query(insert, dbconn=dbconn, **params).first()
+
+    with transaction(dbconn):
+        pkval = insert_and_get_pk(insert, _pk, dbconn=dbconn, **params)
+        return query(f"SELECT * FROM {_table} WHERE {_pk} = :pk", pk=pkval).first()
+
+
 def database_init():
     """
     Perform database initialization: constructs the schema, if necessary, and performs any required
@@ -222,7 +243,35 @@ def add_new_tables(conn):
             conn.execute("CREATE INDEX user_request_nonces_expiry ON user_request_nonces(expiry)")
 
         added = True
-
+    if 'inbox' not in metadata.tables:
+        if engine.name == 'sqlite':
+            conn.execute(
+                """
+CREATE TABLE inbox (
+    id INTEGER PRIMARY KEY,
+    recipient INTEGER NOT NULL REFERENCES users(id) ON DELETE CASCADE,
+    sender INTEGER NOT NULL REFERENCES users(id) ON DELETE CASCADE,
+    body BLOB NOT NULL,
+    posted_at FLOAT DEFAULT ((julianday('now') - 2440587.5)*86400.0),
+    expiry FLOAT DEFAULT ((julianday('now') - 2440587.5 + 1.0)*86400.0) /* now + 24h */)
+                """
+            )
+            conn.execute("CREATE INDEX inbox_recipient ON inbox(recipient)")
+        else:
+            conn.execute(
+                """
+CREATE TABLE inbox (
+    id BIGINT GENERATED BY DEFAULT AS IDENTITY PRIMARY KEY,
+    recipient BIGINT NOT NULL REFERENCES users ON DELETE CASCADE,
+    sender BIGINT NOT NULL REFERENCES users ON DELETE CASCADE,
+    body BYTEA NOT NULL,
+    posted_at FLOAT DEFAULT (extract(epoch from now())),
+    expiry FLOAT DEFAULT (extract(epoch from now() + '15 days'))
+)
+"""
+            )
+            conn.execute("CREATE INDEX inbox_recipient ON inbox(recipient)")
+        added = True
     return added
 
 

sogs/http.py

@@ -2,6 +2,9 @@
 OK = 200
 CREATED = 201
 
+# 3xx codes:
+NOT_MODIFIED = 304
+
 # error status codes:
 BAD_REQUEST = 400
 UNAUTHORIZED = 401

sogs/model/__init__.py

@@ -16,3 +16,7 @@
     'sogs',  # Basic sogs capabilities
     # 'newcap',  # Add here
 }
+
+if config.REQUIRE_BLIND_KEYS:
+    # indicate blinding required if configured to do so
+    capabilities.add('blind')

sogs/model/message.py

@@ -0,0 +1,88 @@
+from .. import config
+from ..db import insert_and_get_row, query
+
+from .user import User
+
+import time
+
+
+class Message:
+    """Class representing a DM between users
+
+    Properties:
+        sender: sender user of the message
+        recip: recipant user of the message
+        data: opaque message data
+        signature: signature of data
+    """
+
+    def __init__(self, row=None, *, sender=None, recip=None, data=None):
+        """
+        Constructs a Message from a pre-retrieved row *or* sender recipient and data.
+        """
+        if row is None:
+            if None in (sender, recip, data):
+                raise ValueError("Message() error: no row or data provided")
+            if not all(isinstance(arg, User) for arg in (sender, recip)):
+                raise ValueError("Message() error: sender or recipient was not a User model")
+
+            row = insert_and_get_row(
+                """
+                INSERT INTO inbox (sender, recipient, body, expiry)
+                VALUES (:sender, :recipient, :data, :expiry)
+                """,
+                "inbox",
+                "id",
+                sender=sender.id,
+                recipient=recip.id,
+                data=data,
+                expiry=time.time() + config.DM_EXPIRY_DAYS * 86400,
+            )
+        # sanity check
+        assert row is not None
+        self._row = row
+
+    @staticmethod
+    def to(user, since=None, limit=None):
+        """get all message for a user, returns a generator"""
+        rows = query(
+            f"""
+            SELECT * FROM inbox WHERE recipient = :recip
+            {'AND id > :since_id' if since else ''}
+            ORDER BY id
+            {'LIMIT :limit' if limit else ''}
+            """,
+            recip=user.id,
+            since_id=since,
+            limit=limit,
+        )
+        for row in rows:
+            yield Message(row=row)
+
+    @property
+    def id(self):
+        return self._row["id"]
+
+    @property
+    def posted_at(self):
+        return self._row["posted_at"]
+
+    @property
+    def expires_at(self):
+        return self._row["expiry"]
+
+    @property
+    def data(self):
+        return self._row['body']
+
+    @property
+    def sender(self):
+        if not hasattr(self, "_sender"):
+            self._sender = User(id=self._row['sender'], autovivify=False)
+        return self._sender
+
+    @property
+    def recipient(self):
+        if not hasattr(self, "_recip"):
+            self._recip = User(id=self._row['recipient'], autovivify=False)
+        return self._recip