skylord123/node-red-contrib-matrix-chat
1
0
Fork 0
mirror of https://github.com/Skylar-Tech/node-red-contrib-matrix-chat.git synced 2025-04-20 21:13:08 -06:00
Code Issues Releases Wiki Activity

- WIP

Browse Source
This commit is contained in:
Skylar Sadlier 2022-02-03 09:34:05 -07:00
parent 2993dea974
commit 5119bc42d4
4 changed files with 188 additions and 51 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

41
src/matrix-device-verify.js
View File

@ -39,8 +39,12 @@ module.exports = function(RED) {
* rejected. * rejected.
*/ */
node.server.matrixClient.on("crypto.verification.request", async function(data){ node.server.matrixClient.on("crypto.verification.request", async function(data){
console.log("[######### crypto.verification.request #########]", data.phase, data.methods); console.log("[######### crypto.verification.request #########]", data.phase, data);
if(data.isSelfVerification) {
if(data.phase === 5 || data.phase === 6) {
return;
}
if(data.requested || true) { if(data.requested || true) {
let verifyRequestId = data.targetDevice.userId + ':' + data.targetDevice.deviceId; let verifyRequestId = data.targetDevice.userId + ':' + data.targetDevice.deviceId;
verificationRequests.set(verifyRequestId, data); verificationRequests.set(verifyRequestId, data);
@ -50,34 +54,8 @@ module.exports = function(RED) {
userId: data.targetDevice.userId, userId: data.targetDevice.userId,
deviceId: data.targetDevice.deviceId, deviceId: data.targetDevice.deviceId,
type: 'crypto.verification.request', type: 'crypto.verification.request',
selfVerification: data.isSelfVerification
}); });
// data.on('change', async function() {
// console.log("VerificationRequest.change", this, this.phase);
//
// if(this.phase === 4) {
// data._verifier.on('show_sas', function(e) {
// // e = {
// // sas: {
// // decimal: [ 8641, 3153, 2357 ],
// // emoji: [
// // [Array], [Array],
// // [Array], [Array],
// // [Array], [Array],
// // [Array]
// // ]
// // },
// // confirm: [AsyncFunction: confirm],
// // cancel: [Function: cancel],
// // mismatch: [Function: mismatch]
// // }
// console.log("show_sas event", e);
// })
// await data._verifier.verify();
// }
// });
//
// await data.accept();
}
} }
}); });
} }
@ -132,7 +110,7 @@ module.exports = function(RED) {
var that = this; var that = this;
console.log("[##### VERIFICATION PHASE CHANGE #######]", this.phase); console.log("[##### VERIFICATION PHASE CHANGE #######]", this.phase);
if(this.phase === 4) { if(this.phase === 4) {
var verifierCancel = function(){ let verifierCancel = function(){
let verifyRequestId = that.targetDevice.userId + ':' + that.targetDevice.deviceId; let verifyRequestId = that.targetDevice.userId + ':' + that.targetDevice.deviceId;
if(verificationRequests.has(verifyRequestId)) { if(verificationRequests.has(verifyRequestId)) {
verificationRequests.delete(verifyRequestId); verificationRequests.delete(verifyRequestId);
@ -279,6 +257,9 @@ module.exports = function(RED) {
data._verifier.sasEvent.confirm() data._verifier.sasEvent.confirm()
.then(function(e){ .then(function(e){
console.log("!!!!!!!! CONFIRMED VERIFY", e); console.log("!!!!!!!! CONFIRMED VERIFY", e);
})
.catch(function(e) {
console.log("!!!!!!!! CONFIRMED VERIFY FAILED", e);
}); });
} else { } else {
console.log("Verification must be started", data); console.log("Verification must be started", data);

6
src/matrix-secret-storage.js
View File

@ -59,11 +59,11 @@ module.exports = function(RED) {
// maybe we can skip this? // maybe we can skip this?
// authUploadDeviceSigningKeys: this._doBootstrapUIAuth, // authUploadDeviceSigningKeys: this._doBootstrapUIAuth,
}); });
const backupState = await node.server.matrixClient.getKeyBackupVersion(); const backupInfo = await node.server.matrixClient.getKeyBackupVersion();
await node.server.matrixClient.bootstrapSecretStorage({ await node.server.matrixClient.bootstrapSecretStorage({
createSecretStorageKey: async () => this._recoveryKey, createSecretStorageKey: async () => this._recoveryKey,
keyBackupInfo: backupState.backupInfo, keyBackupInfo: backupInfo,
setupNewKeyBackup: !backupState.backupInfo, setupNewKeyBackup: !backupInfo,
getKeyBackupPassphrase: () => { getKeyBackupPassphrase: () => {
// We may already have the backup key if we earlier went // We may already have the backup key if we earlier went
// through the restore backup path, so pass it along // through the restore backup path, so pass it along

17
src/matrix-server-config.html
View File

@ -29,7 +29,8 @@
userId: { type: "text", required: true }, userId: { type: "text", required: true },
deviceLabel: { type: "text", required: false }, deviceLabel: { type: "text", required: false },
accessToken: { type: "password", required: true }, accessToken: { type: "password", required: true },
deviceId: { type: "text", required: false }, deviceId: { type: "text", required: true },
secureStoragePassphrase: { type: "text", required: false },
url: { type: "text", required: true } url: { type: "text", required: true }
}, },
defaults: { defaults: {
@ -95,6 +96,14 @@
WARNING: If you change this after the client has already initialized you will break encryption. Your Device ID is tied to your encryption keys. WARNING: If you change this after the client has already initialized you will break encryption. Your Device ID is tied to your encryption keys.
</div> </div>
<div class="form-row">
<label for="node-config-input-secureStoragePassphrase"><i class="fa fa-key"></i> Secure Storage Passphrase</label>
<input type="text" id="node-config-input-secureStoragePassphrase">
</div>
<div class="form-tips" style="margin-bottom: 12px;">
If set secure storage will be setup with this passphrase. If secure storage already exists on the account it will attempt to decrypt it. Leave blank to skip.
</div>
<div class="form-row"> <div class="form-row">
<input <input
type="checkbox" type="checkbox"
@ -198,6 +207,12 @@
} }
); );
}); });
$(function(){
$("#node-config-input-enableE2ee").on('change', function(e){
$("#node-config-input-secureStoragePassphrase").attr('disabled', !$(this).is(':checked'));
}).change();
});
</script> </script>
</script> </script>

149
src/matrix-server-config.js
View File

@ -4,6 +4,7 @@ const sdk = require("matrix-js-sdk");
const { resolve } = require('path'); const { resolve } = require('path');
const { LocalStorage } = require('node-localstorage'); const { LocalStorage } = require('node-localstorage');
const { LocalStorageCryptoStore } = require('matrix-js-sdk/lib/crypto/store/localStorage-crypto-store'); const { LocalStorageCryptoStore } = require('matrix-js-sdk/lib/crypto/store/localStorage-crypto-store');
const {deriveKey} = require("matrix-js-sdk/lib/crypto/key_passphrase");
module.exports = function(RED) { module.exports = function(RED) {
function MatrixFolderNameFromUserId(name) { function MatrixFolderNameFromUserId(name) {
@ -27,6 +28,7 @@ module.exports = function(RED) {
this.userId = this.credentials.userId; this.userId = this.credentials.userId;
this.deviceLabel = this.credentials.deviceLabel || null; this.deviceLabel = this.credentials.deviceLabel || null;
this.deviceId = this.credentials.deviceId || null; this.deviceId = this.credentials.deviceId || null;
this.secureStoragePassphrase = this.credentials.secureStoragePassphrase || null;
this.url = this.credentials.url; this.url = this.credentials.url;
this.autoAcceptRoomInvites = n.autoAcceptRoomInvites; this.autoAcceptRoomInvites = n.autoAcceptRoomInvites;
this.enableE2ee = n.enableE2ee || false; this.enableE2ee = n.enableE2ee || false;
@ -50,7 +52,7 @@ module.exports = function(RED) {
} else if(!this.url) { } else if(!this.url) {
node.error("Matrix connection failed: missing server URL in configuration."); node.error("Matrix connection failed: missing server URL in configuration.");
} else { } else {
node.setConnected = function(connected, cb) { node.setConnected = async function(connected, cb) {
if (node.connected !== connected) { if (node.connected !== connected) {
node.connected = connected; node.connected = connected;
if(typeof cb === 'function') { if(typeof cb === 'function') {
@ -92,6 +94,13 @@ module.exports = function(RED) {
); );
} }
try {
await accessSecretStorage(function(){});
} catch(e) {
node.error("secret storage bootstrap failure: " + e);
console.log("secret storage bootstrap failure: ", e);
}
initialSetup = true; initialSetup = true;
} }
} else { } else {
@ -107,14 +116,70 @@ module.exports = function(RED) {
fs.ensureDirSync(storageDir); // create storage directory if it doesn't exist fs.ensureDirSync(storageDir); // create storage directory if it doesn't exist
upgradeDirectoryIfNecessary(node, storageDir); upgradeDirectoryIfNecessary(node, storageDir);
node.matrixClient = sdk.createClient({ node.matrixClient = sdk.createClient({
baseUrl: this.url, baseUrl: this.url,
accessToken: this.credentials.accessToken, accessToken: this.credentials.accessToken,
sessionStore: new sdk.WebStorageSessionStore(localStorage), sessionStore: new sdk.WebStorageSessionStore(localStorage),
cryptoStore: new LocalStorageCryptoStore(localStorage), cryptoStore: new LocalStorageCryptoStore(localStorage),
userId: this.userId, userId: this.userId,
deviceId: (this.deviceId || getStoredDeviceId(localStorage)) || undefined deviceId: (this.deviceId || getStoredDeviceId(localStorage)) || undefined,
verificationMethods: ["m.sas.v1"] verificationMethods: ["m.sas.v1"],
// cryptoCallbacks: {
// getSecretStorageKey: async function(
// { keys: keyInfos },
// ssssItemName,
// ){
// const cli = node.matrixClient;
// let keyId = await cli.getDefaultSecretStorageKeyId();
// // console.log("DEFAULT SECRET STORAGE KEY ID: " + keyId, keyInfos);
// //
// // let decodeBase64 = function(base64) {
// // return Buffer.from(base64, "base64");
// // }
// // return await this.crypto.getSecretStorageKey(keyId);
// let keyInfo;
// if (keyId) {
// // use the default SSSS key if set
// keyInfo = keyInfos[keyId];
// if (!keyInfo) {
// // if the default key is not available, pretend the default key
// // isn't set
// keyId = undefined;
// }
// }
// if (!keyId) {
// // if no default SSSS key is set, fall back to a heuristic of using the
// // only available key, if only one key is set
// const keyInfoEntries = Object.entries(keyInfos);
// if (keyInfoEntries.length > 1) {
// throw new Error("Multiple storage key requests not implemented");
// }
// [keyId, keyInfo] = keyInfoEntries[0];
// }
//
// // Check the in-memory cache
// // if (isCachingAllowed() && secretStorageKeys[keyId]) {
// // return [keyId, secretStorageKeys[keyId]];
// // }
//
// // if (dehydrationCache.key) {
// // if (await MatrixClientPeg.get().checkSecretStorageKey(dehydrationCache.key, keyInfo)) {
// // cacheSecretStorageKey(keyId, keyInfo, dehydrationCache.key);
// // return [keyId, dehydrationCache.key];
// // }
// // }
//
// // const backupInfo = await node.matrixClient.getKeyBackupVersion();
// const backupInfo = await node.matrixClient.getAccountDataFromServer(
// "m.secret_storage.key." + keyId
// );
//
// // if(await cli.checkSecretStorageKey(key, keyInfo)) {
// // }
// return [keyId, await node.matrixClient.keyBackupKeyFromPassword(node.secureStoragePassphrase, backupInfo)] ;
// }
// }
}); });
// set globally if configured to do so // set globally if configured to do so
@ -304,13 +369,88 @@ module.exports = function(RED) {
stopClient(); stopClient();
}); });
/**
* This helper should be used whenever you need to access secret storage. It
* ensures that secret storage (and also cross-signing since they each depend on
* each other in a cycle of sorts) have been bootstrapped before running the
* provided function.
*
* Bootstrapping secret storage may take one of these paths:
* 1. Create secret storage from a passphrase and store cross-signing keys
* in secret storage.
* 2. Access existing secret storage by requesting passphrase and accessing
* cross-signing keys as needed.
* 3. All keys are loaded and there's nothing to do.
*
* @param {Function} [func] An operation to perform once secret storage has been
* bootstrapped. Optional.
* @param {boolean} [forceReset] Reset secret storage even if it's already set up
*/
let accessSecretStorage = async function(func = async () => { }, forceReset = false) {
// only do this if we have a secure storage password
if(!node.secureStoragePassphrase) {
return;
}
const recoveryKey = await node.matrixClient.createRecoveryKeyFromPassphrase(node.secureStoragePassphrase);
const cli = node.matrixClient;
try {
if (!(await cli.hasSecretStorageKey()) || forceReset) {
// For password authentication users after 2020-09, this cross-signing
// step will be a no-op since it is now setup during registration or login
// when needed. We should keep this here to cover other cases such as:
// * Users with existing sessions prior to 2020-09 changes
// * SSO authentication users which require interactive auth to upload
// keys (and also happen to skip all post-authentication flows at the
// moment via token login)
if(!await node.matrixClient.isCrossSigningReady()) {
await node.matrixClient.bootstrapCrossSigning({
// maybe we can skip this?
authUploadDeviceSigningKeys: () => {
return true;
}
});
}
const backupInfo = await node.matrixClient.getKeyBackupVersion();
await node.matrixClient.bootstrapSecretStorage({
createSecretStorageKey: async () => recoveryKey,
keyBackupInfo: backupInfo,
setupNewKeyBackup: !backupInfo,
getKeyBackupPassphrase: () => {
return recoveryKey;
},
});
} else {
await node.matrixClient.bootstrapSecretStorage({
getKeyBackupPassphrase: async () => recoveryKey,
});
}
// `return await` needed here to ensure `finally` block runs after the
// inner operation completes.
return await func();
} catch (e) {
node.error("Secret storage init failure: " + e);
}
};
async function run() { async function run() {
try { try {
if(node.e2ee){ if(node.e2ee && node.matrixClient.initCrypto){
node.log("Initializing crypto..."); node.log("Initializing crypto...");
try {
await node.matrixClient.initCrypto(); await node.matrixClient.initCrypto();
node.matrixClient.setGlobalErrorOnUnknownDevices(false); node.matrixClient.setGlobalErrorOnUnknownDevices(false);
node.matrixClient.setCryptoTrustCrossSignedDevices(true); // false = manually verify sessions
// await tryToUnlockSecretStorageWithDehydrationKey(this.matrixClient);
} catch (e) {
node.error("Failed to initialize crypto: " + e);
console.log(e);
} }
}
node.log("Connecting to Matrix server..."); node.log("Connecting to Matrix server...");
await node.matrixClient.startClient({ await node.matrixClient.startClient({
initialSyncLimit: 8 initialSyncLimit: 8
@ -350,6 +490,7 @@ module.exports = function(RED) {
userId: { type: "text", required: true }, userId: { type: "text", required: true },
accessToken: { type: "text", required: true }, accessToken: { type: "text", required: true },
deviceId: { type: "text", required: false }, deviceId: { type: "text", required: false },
secureStoragePassphrase: { type: "text", required: false },
url: { type: "text", required: true } url: { type: "text", required: true }
} }
}); });