Switch to mautrix-python crypto

2020-07-08 23:05:39 +03:00
parent bbfcc9d7d8
commit 4e670a8cbe
11 changed files with 99 additions and 26 deletions
@@ -14,4 +14,5 @@ __pycache__
 /registration.yaml
 *.log*
 *.db
+*.pickle
 *.bak
@@ -30,26 +30,18 @@ RUN apk add --no-cache \
        py3-pysocks \
        # cryptg
          py3-cffi \
+	  py3-qrcode@edge \
      py3-brotli \
      # Other dependencies
      ffmpeg \
      ca-certificates \
      su-exec \
      netcat-openbsd \
-      # olm
+      # encryption
      olm-dev \
-      # matrix-nio?
-      py3-future \
-      py3-atomicwrites \
      py3-pycryptodome \
-      py3-peewee \
-      py3-pyrsistent \
-      py3-jsonschema \
-      #py3-aiofiles \ # (too new)
-      py3-cachetools \
      py3-unpaddedbase64 \
-      py3-h2@edge \
-      py3-logbook@edge
+      py3-future

 COPY requirements.txt /opt/mautrix-telegram/requirements.txt
 COPY optional-requirements.txt /opt/mautrix-telegram/optional-requirements.txt
@@ -0,0 +1,71 @@
+"""Switch to mautrix-python crypto
+
+Revision ID: ccbaff858240
+Revises: 3e3745baa458
+Create Date: 2020-07-08 19:06:12.588047
+
+"""
+from alembic import op
+import sqlalchemy as sa
+from sqlalchemy.dialects import postgresql
+
+# revision identifiers, used by Alembic.
+revision = 'ccbaff858240'
+down_revision = '3e3745baa458'
+branch_labels = None
+depends_on = None
+
+
+def upgrade():
+    # ### commands auto generated by Alembic - please adjust! ###
+    op.drop_table('nio_account')
+    op.drop_table('nio_device_key')
+    op.drop_table('nio_outgoing_key_request')
+    op.drop_table('nio_olm_session')
+    op.drop_table('nio_megolm_inbound_session')
+    # ### end Alembic commands ###
+
+
+def downgrade():
+    # ### commands auto generated by Alembic - please adjust! ###
+    op.create_table('nio_megolm_inbound_session',
+    sa.Column('session_id', sa.VARCHAR(length=255), autoincrement=False, nullable=False),
+    sa.Column('sender_key', sa.VARCHAR(length=255), autoincrement=False, nullable=False),
+    sa.Column('fp_key', sa.VARCHAR(length=255), autoincrement=False, nullable=False),
+    sa.Column('room_id', sa.VARCHAR(length=255), autoincrement=False, nullable=False),
+    sa.Column('session', postgresql.BYTEA(), autoincrement=False, nullable=False),
+    sa.Column('forwarded_chains', postgresql.BYTEA(), autoincrement=False, nullable=False),
+    sa.PrimaryKeyConstraint('session_id', name='nio_megolm_inbound_session_pkey')
+    )
+    op.create_table('nio_olm_session',
+    sa.Column('session_id', sa.VARCHAR(length=255), autoincrement=False, nullable=False),
+    sa.Column('sender_key', sa.VARCHAR(length=255), autoincrement=False, nullable=False),
+    sa.Column('session', postgresql.BYTEA(), autoincrement=False, nullable=False),
+    sa.Column('created_at', postgresql.TIMESTAMP(), autoincrement=False, nullable=False),
+    sa.Column('last_used', postgresql.TIMESTAMP(), autoincrement=False, nullable=False),
+    sa.PrimaryKeyConstraint('session_id', name='nio_olm_session_pkey')
+    )
+    op.create_table('nio_outgoing_key_request',
+    sa.Column('request_id', sa.VARCHAR(length=255), autoincrement=False, nullable=False),
+    sa.Column('session_id', sa.VARCHAR(length=255), autoincrement=False, nullable=False),
+    sa.Column('room_id', sa.VARCHAR(length=255), autoincrement=False, nullable=False),
+    sa.Column('algorithm', sa.VARCHAR(length=255), autoincrement=False, nullable=False),
+    sa.PrimaryKeyConstraint('request_id', name='nio_outgoing_key_request_pkey')
+    )
+    op.create_table('nio_device_key',
+    sa.Column('user_id', sa.VARCHAR(length=255), autoincrement=False, nullable=False),
+    sa.Column('device_id', sa.VARCHAR(length=255), autoincrement=False, nullable=False),
+    sa.Column('display_name', sa.VARCHAR(length=255), autoincrement=False, nullable=False),
+    sa.Column('deleted', sa.BOOLEAN(), autoincrement=False, nullable=False),
+    sa.Column('keys', postgresql.BYTEA(), autoincrement=False, nullable=False),
+    sa.PrimaryKeyConstraint('user_id', 'device_id', name='nio_device_key_pkey')
+    )
+    op.create_table('nio_account',
+    sa.Column('user_id', sa.VARCHAR(length=255), autoincrement=False, nullable=False),
+    sa.Column('device_id', sa.VARCHAR(length=255), autoincrement=False, nullable=False),
+    sa.Column('shared', sa.BOOLEAN(), autoincrement=False, nullable=False),
+    sa.Column('sync_token', sa.TEXT(), autoincrement=False, nullable=False),
+    sa.Column('account', postgresql.BYTEA(), autoincrement=False, nullable=False),
+    sa.PrimaryKeyConstraint('user_id', 'device_id', name='nio_account_pkey')
+    )
+    # ### end Alembic commands ###
@@ -108,6 +108,7 @@ class Config(BaseBridgeConfig):
        copy("bridge.animated_sticker.args")
        copy("bridge.encryption.allow")
        copy("bridge.encryption.default")
+        copy("bridge.encryption.database")
        copy("bridge.private_chat_portal_meta")
        copy("bridge.delivery_receipts")
        copy("bridge.delivery_error_reports")
@@ -211,6 +211,15 @@ bridge:
        # Default to encryption, force-enable encryption in all portals the bridge creates
        # This will cause the bridge bot to be in private chats for the encryption to work properly.
        default: false
+        # Database for the encryption data. Currently only supports Postgres and an in-memory
+        # store that's persisted as a pickle.
+        # If set to `default`, will use the appservice postgres database
+        # or a pickle file if the appservice database is sqlite.
+        #
+        # Format examples:
+        #   Pickle:   pickle://filename.pickle
+        #   Postgres: postgres://username:password@hostname/dbname
+        database: default
    # Whether or not to explicitly set the avatar and room name for private
    # chat portal rooms. This will be implicitly enabled if encryption.default is true.
    private_chat_portal_meta: false
@@ -52,7 +52,7 @@ if TYPE_CHECKING:
    from ..config import Config

 try:
-    from nio.crypto import decrypt_attachment
+    from mautrix.crypto.attachments import decrypt_attachment
 except ImportError:
    decrypt_attachment = None

@@ -411,17 +411,13 @@ class PortalMetadata(BasePortal, ABC):
        if not room_id:
            raise Exception(f"Failed to create room")

-        if self.encrypted and self.matrix.e2ee:
-            members = [self.main_intent.mxid]
-            if direct:
-                try:
-                    await self.az.intent.join_room_by_id(room_id)
-                    members += [self.az.intent.mxid]
-                except Exception:
-                    self.log.warning(f"Failed to add bridge bot to new private chat {room_id}")
-            await self.matrix.e2ee.add_room(room_id, members=members, encrypted=True)
+        if self.encrypted and self.matrix.e2ee and direct:
+            try:
+                await self.az.intent.ensure_joined(room_id)
+            except Exception:
+                self.log.warning(f"Failed to add bridge bot to new private chat {room_id}")

-        self.mxid = RoomID(room_id)
+        self.mxid = room_id
        self.by_mxid[self.mxid] = self
        self.save()
        self.az.state_store.set_power_levels(self.mxid, power_levels)
@@ -49,7 +49,7 @@ except ImportError:
    VideoFileClip = None

 try:
-    from nio.crypto import encrypt_attachment
+    from mautrix.crypto.attachments import encrypt_attachment
 except ImportError:
    encrypt_attachment = None

@@ -41,7 +41,7 @@ from ..tgclient import MautrixTelegramClient
 from ..db import TelegramFile as DBTelegramFile

 try:
-    from nio.crypto import async_encrypt_attachment
+    from mautrix.crypto.attachments import async_encrypt_attachment
 except ImportError:
    async_encrypt_attachment = None

@@ -24,4 +24,7 @@ prometheus_client>=0.6,<0.9
 psycopg2-binary>=2,<3

 #/e2be
-matrix-nio[e2e]>=0.9,<0.14
+asyncpg>=0.20,<0.21
+python-olm>=3,<4
+pycryptodome>=3,<4
+unpaddedbase64>=1,<2
@@ -4,6 +4,6 @@ ruamel.yaml>=0.15.35,<0.17
 python-magic>=0.4,<0.5
 commonmark>=0.8,<0.10
 aiohttp>=3,<4
-mautrix==0.6.0.alpha4
+mautrix==0.6.0.beta4
 telethon>=1.13,<1.16
 telethon-session-sqlalchemy>=0.2.14,<0.3