Created
March 26, 2024 16:01
-
-
Save marcinwasowicz/deb80232dd533caaffa908fbf5050c8f to your computer and use it in GitHub Desktop.
Enable notifs from multiple keyservers
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
diff --git a/keyserver/docker-compose.yml b/keyserver/docker-compose.yml | |
index b9a0528e8f..7e79cb454a 100644 | |
--- a/keyserver/docker-compose.yml | |
+++ b/keyserver/docker-compose.yml | |
@@ -10,10 +10,13 @@ services: | |
- COMM_JSONCONFIG_secrets_alchemy=${COMM_JSONCONFIG_secrets_alchemy} | |
- COMM_JSONCONFIG_secrets_walletconnect=${COMM_JSONCONFIG_secrets_walletconnect} | |
- COMM_JSONCONFIG_secrets_geoip_license=${COMM_JSONCONFIG_secrets_geoip_license} | |
+ - COMM_JSONCONFIG_secrets_comm_apn_config=${COMM_JSONCONFIG_secrets_comm_apn_config} | |
image: commapp/node-keyserver:1.0 | |
+ volumes: | |
+ - ./secrets/comm_apn.p8:/home/comm/app/keyserver/secrets/comm_apn.p8 | |
restart: always | |
ports: | |
- - '3000:3000' | |
+ - '3001:3000' | |
env_file: | |
- .env | |
environment: | |
diff --git a/keyserver/src/utils/olm-utils.js b/keyserver/src/utils/olm-utils.js | |
index 13cecf2a6d..24486affd0 100644 | |
--- a/keyserver/src/utils/olm-utils.js | |
+++ b/keyserver/src/utils/olm-utils.js | |
@@ -6,6 +6,7 @@ import type { | |
Utility as OlmUtility, | |
Session as OlmSession, | |
} from '@commapp/olm'; | |
+import invariant from 'invariant'; | |
import { getRustAPI } from 'rust-node-addon'; | |
import uuid from 'uuid'; | |
@@ -111,32 +112,42 @@ async function uploadNewOneTimeKeys(numberOfKeys: number) { | |
throw new ServerError('missing_identity_info'); | |
} | |
- await fetchCallUpdateOlmAccount('content', (contentAccount: OlmAccount) => { | |
- contentAccount.generate_one_time_keys(numberOfKeys); | |
- const contentOneTimeKeys = getOneTimeKeyValuesFromBlob( | |
- contentAccount.one_time_keys(), | |
- ); | |
+ let contentOneTimeKeys: ?$ReadOnlyArray<string>; | |
+ let notifOneTimeKeys: ?$ReadOnlyArray<string>; | |
+ | |
+ await Promise.all([ | |
+ fetchCallUpdateOlmAccount('content', (contentAccount: OlmAccount) => { | |
+ contentAccount.generate_one_time_keys(numberOfKeys); | |
+ contentOneTimeKeys = getOneTimeKeyValuesFromBlob( | |
+ contentAccount.one_time_keys(), | |
+ ); | |
+ contentAccount.mark_keys_as_published(); | |
+ }), | |
+ fetchCallUpdateOlmAccount('notifications', (notifAccount: OlmAccount) => { | |
+ notifAccount.generate_one_time_keys(numberOfKeys); | |
+ notifOneTimeKeys = getOneTimeKeyValuesFromBlob( | |
+ notifAccount.one_time_keys(), | |
+ ); | |
+ notifAccount.mark_keys_as_published(); | |
+ }), | |
+ ]); | |
- return fetchCallUpdateOlmAccount( | |
- 'notifications', | |
- async (notifAccount: OlmAccount) => { | |
- notifAccount.generate_one_time_keys(numberOfKeys); | |
- const notifOneTimeKeys = getOneTimeKeyValuesFromBlob( | |
- notifAccount.one_time_keys(), | |
- ); | |
- await rustAPI.uploadOneTimeKeys( | |
- identityInfo.userId, | |
- deviceID, | |
- identityInfo.accessToken, | |
- contentOneTimeKeys, | |
- notifOneTimeKeys, | |
- ); | |
- | |
- notifAccount.mark_keys_as_published(); | |
- contentAccount.mark_keys_as_published(); | |
- }, | |
- ); | |
- }); | |
+ invariant( | |
+ contentOneTimeKeys, | |
+ 'content one-time keys not set after fetchCallUpdateOlmAccount', | |
+ ); | |
+ invariant( | |
+ notifOneTimeKeys, | |
+ 'notif one-time keys not set after fetchCallUpdateOlmAccount', | |
+ ); | |
+ | |
+ await rustAPI.uploadOneTimeKeys( | |
+ identityInfo.userId, | |
+ deviceID, | |
+ identityInfo.accessToken, | |
+ contentOneTimeKeys, | |
+ notifOneTimeKeys, | |
+ ); | |
} | |
async function getContentSigningKey(): Promise<string> { | |
diff --git a/keyserver/src/utils/validation-utils.js b/keyserver/src/utils/validation-utils.js | |
index 05aa49b9b1..a4348b6382 100644 | |
--- a/keyserver/src/utils/validation-utils.js | |
+++ b/keyserver/src/utils/validation-utils.js | |
@@ -216,11 +216,11 @@ async function policiesValidator( | |
policies, | |
); | |
- if (notAcknowledgedPolicies.length) { | |
- throw new ServerError('policies_not_accepted', { | |
- notAcknowledgedPolicies, | |
- }); | |
- } | |
+ // if (notAcknowledgedPolicies.length) { | |
+ // throw new ServerError('policies_not_accepted', { | |
+ // notAcknowledgedPolicies, | |
+ // }); | |
+ // } | |
} | |
export { | |
diff --git a/lib/utils/services-utils.js b/lib/utils/services-utils.js | |
index 684f444314..c22609665e 100644 | |
--- a/lib/utils/services-utils.js | |
+++ b/lib/utils/services-utils.js | |
@@ -7,7 +7,7 @@ import type { AuthMetadata } from '../shared/identity-client-context.js'; | |
// If this is true then we're using the identity service for auth. After we | |
// auth, the identity service gives us a CSAT, which we can use to auth with | |
// other Comm services. | |
-const usingCommServicesAccessToken = false; | |
+const usingCommServicesAccessToken = true; | |
// If this is true, then the app is able to support multiple keyservers. This | |
// requires the use of Tunnelbroker and the backup service to persist and sync | |
diff --git a/native/account/log-in-panel.react.js b/native/account/log-in-panel.react.js | |
index 3cd27f963b..2a73dc102e 100644 | |
--- a/native/account/log-in-panel.react.js | |
+++ b/native/account/log-in-panel.react.js | |
@@ -45,6 +45,7 @@ import { PanelButton, Panel } from './panel-components.react.js'; | |
import PasswordInput from './password-input.react.js'; | |
import { authoritativeKeyserverID } from '../authoritative-keyserver.js'; | |
import SWMansionIcon from '../components/swmansion-icon.react.js'; | |
+import { commCoreModule } from '../native-modules.js'; | |
import { useSelector } from '../redux/redux-utils.js'; | |
import { nativeLogInExtraInfoSelector } from '../selectors/account-selectors.js'; | |
import type { KeyPressEvent } from '../types/react-native.js'; | |
@@ -54,6 +55,7 @@ import { | |
UserNotFoundAlertDetails, | |
} from '../utils/alert-messages.js'; | |
import Alert from '../utils/alert.js'; | |
+import { getContentSigningKey } from '../utils/crypto-utils.js'; | |
import type { StateContainer } from '../utils/state-container.js'; | |
export type LogInState = { | |
@@ -322,6 +324,13 @@ class LogInPanel extends React.PureComponent<Props> { | |
username: this.usernameInputText, | |
password: this.passwordInputText, | |
}); | |
+ | |
+ const ed25519 = await getContentSigningKey(); | |
+ await commCoreModule.setCommServicesAuthMetadata( | |
+ result.userID, | |
+ ed25519, | |
+ result.accessToken, | |
+ ); | |
return result; | |
} catch (e) { | |
if (e.message === 'user not found') { | |
diff --git a/native/account/registration/registration-server-call.js b/native/account/registration/registration-server-call.js | |
index 625ccfd389..ad93523e7d 100644 | |
--- a/native/account/registration/registration-server-call.js | |
+++ b/native/account/registration/registration-server-call.js | |
@@ -25,6 +25,7 @@ import { | |
useNativeSetUserAvatar, | |
useUploadSelectedMedia, | |
} from '../../avatars/avatar-hooks.js'; | |
+import { commCoreModule } from '../../native-modules.js'; | |
import { useSelector } from '../../redux/redux-utils.js'; | |
import { nativeLogInExtraInfoSelector } from '../../selectors/account-selectors.js'; | |
import { | |
@@ -34,6 +35,7 @@ import { | |
UnknownErrorAlertDetails, | |
} from '../../utils/alert-messages.js'; | |
import Alert from '../../utils/alert.js'; | |
+import { getContentSigningKey } from '../../utils/crypto-utils.js'; | |
import { setNativeCredentials } from '../native-credentials.js'; | |
import { | |
useLegacySIWEServerCall, | |
@@ -85,6 +87,14 @@ function useRegistrationServerCall(): RegistrationServerCallInput => Promise<voi | |
username: accountSelection.username, | |
password: accountSelection.password, | |
}); | |
+ | |
+ const ed25519 = await getContentSigningKey(); | |
+ await commCoreModule.setCommServicesAuthMetadata( | |
+ result.userID, | |
+ ed25519, | |
+ result.accessToken, | |
+ ); | |
+ | |
return result; | |
} catch (e) { | |
if (e.message === 'username reserved') { | |
diff --git a/native/cpp/CommonCpp/Notifications/BackgroundDataStorage/NotificationsCryptoModule.cpp b/native/cpp/CommonCpp/Notifications/BackgroundDataStorage/NotificationsCryptoModule.cpp | |
index c5414cc27b..e0a5158f50 100644 | |
--- a/native/cpp/CommonCpp/Notifications/BackgroundDataStorage/NotificationsCryptoModule.cpp | |
+++ b/native/cpp/CommonCpp/Notifications/BackgroundDataStorage/NotificationsCryptoModule.cpp | |
@@ -194,7 +194,7 @@ NotificationsCryptoModule::fetchNotificationsSession( | |
throw std::runtime_error( | |
"Missing notifications session for keyserver: " + keyserverID); | |
} | |
- | |
+ comm::Logger::log("NSE: used session for key: " + keyserverNotificationsSessionKey); | |
return NotificationsCryptoModule::deserializeNotificationsSession( | |
serializedSession.value()); | |
} | |
diff --git a/web/redux/action-types.js b/web/redux/action-types.js | |
index c9dad5d54f..09c6c594f6 100644 | |
--- a/web/redux/action-types.js | |
+++ b/web/redux/action-types.js | |
@@ -45,18 +45,6 @@ const getInitialReduxState = | |
const threadKeyserverID = thread ? extractKeyserverIDFromID(thread) : null; | |
for (const keyserverID of allKeyserverIDs) { | |
- // As of Nov 2023, the only validation we have for adding a new keyserver | |
- // is we check if the keyserver URL is valid. This is not a very | |
- // extensive check, and gives the user the feeling of a false sucesses | |
- // when they add new keyservers to the keyserver store. ENG-5371 tracks | |
- // the task for initialzing a proper connection with the newly added | |
- // keyserver, and at that point we can make the validation checks | |
- // for adding a new keyserver more extensive. However, for the time being | |
- // we need to add this check below so that we aren't trying to make calls | |
- // to nonexistant keyservers that are in our keyserver store. | |
- if (keyserverID !== authoritativeKeyserverID) { | |
- continue; | |
- } | |
const clientUpdatesCurrentAsOf = allUpdatesCurrentAsOf[keyserverID]; | |
const keyserverExcludedData: ExcludedData = { | |
threadStore: !!excludedData.threadStore && !!clientUpdatesCurrentAsOf, |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment