hydrogen-web/src/matrix/net/HomeServerApi.js

/*
Copyright 2020 Bruno Windels <bruno@windels.cloud>
Copyright 2020 The Matrix.org Foundation C.I.C.

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

    http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/

import {encodeQueryParams, encodeBody} from "./common.js";
import {HomeServerRequest} from "./HomeServerRequest.js";

export class HomeServerApi {
    constructor({homeServer, accessToken, request, createTimeout, reconnector}) {
        // store these both in a closure somehow so it's harder to get at in case of XSS?
        // one could change the homeserver as well so the token gets sent there, so both must be protected from read/write
        this._homeserver = homeServer;
        this._accessToken = accessToken;
        this._requestFn = request;
        this._createTimeout = createTimeout;
        this._reconnector = reconnector;
    }

    _url(csPath) {
        return `${this._homeserver}/_matrix/client/r0${csPath}`;
    }

    _baseRequest(method, url, queryParams, body, options, accessToken) {
        const queryString = encodeQueryParams(queryParams);
        url = `${url}?${queryString}`;
        let log;
        if (options?.log) {
            const parent = options?.log;
            log = parent.child({
                t: "network",
                url,
                method,
            }, parent.level.Info);
        }
        let encodedBody;
        const headers = new Map();
        if (accessToken) {
            headers.set("Authorization", `Bearer ${accessToken}`);
        }
        headers.set("Accept", "application/json");
        if (body) {
            const encoded = encodeBody(body);
            headers.set("Content-Type", encoded.mimeType);
            headers.set("Content-Length", encoded.length);
            encodedBody = encoded.body;
        }

        const requestResult = this._requestFn(url, {
            method,
            headers,
            body: encodedBody,
            timeout: options?.timeout,
            uploadProgress: options?.uploadProgress,
            format: "json"  // response format
        });

        const hsRequest = new HomeServerRequest(method, url, requestResult, log);
        
        if (this._reconnector) {
            hsRequest.response().catch(err => {
                // Some endpoints such as /sync legitimately time-out
                // (which is also reported as a ConnectionError) and will re-attempt,
                // but spinning up the reconnector in this case is ok,
                // as all code ran on session and sync start should be reentrant
                if (err.name === "ConnectionError") {
                    this._reconnector.onRequestFailed(this);
                }
            });
        }

        return hsRequest;
    }

    _unauthedRequest(method, url, queryParams, body, options) {
        return this._baseRequest(method, url, queryParams, body, options, null);
    }

    _authedRequest(method, url, queryParams, body, options) {
        return this._baseRequest(method, url, queryParams, body, options, this._accessToken);
    }

    _post(csPath, queryParams, body, options) {
        return this._authedRequest("POST", this._url(csPath), queryParams, body, options);
    }

    _put(csPath, queryParams, body, options) {
        return this._authedRequest("PUT", this._url(csPath), queryParams, body, options);
    }

    _get(csPath, queryParams, body, options) {
        return this._authedRequest("GET", this._url(csPath), queryParams, body, options);
    }

    sync(since, filter, timeout, options = null) {
        return this._get("/sync", {since, timeout, filter}, null, options);
    }

    // params is from, dir and optionally to, limit, filter.
    messages(roomId, params, options = null) {
        return this._get(`/rooms/${encodeURIComponent(roomId)}/messages`, params, null, options);
    }

    // params is at, membership and not_membership
    members(roomId, params, options = null) {
        return this._get(`/rooms/${encodeURIComponent(roomId)}/members`, params, null, options);
    }

    send(roomId, eventType, txnId, content, options = null) {
        return this._put(`/rooms/${encodeURIComponent(roomId)}/send/${encodeURIComponent(eventType)}/${encodeURIComponent(txnId)}`, {}, content, options);
    }

    receipt(roomId, receiptType, eventId, options = null) {
        return this._post(`/rooms/${encodeURIComponent(roomId)}/receipt/${encodeURIComponent(receiptType)}/${encodeURIComponent(eventId)}`,
            {}, {}, options);
    }

    passwordLogin(username, password, initialDeviceDisplayName, options = null) {
        return this._unauthedRequest("POST", this._url("/login"), null, {
          "type": "m.login.password",
          "identifier": {
            "type": "m.id.user",
            "user": username
          },
          "password": password,
          "initial_device_display_name": initialDeviceDisplayName
        }, options);
    }

    createFilter(userId, filter, options = null) {
        return this._post(`/user/${encodeURIComponent(userId)}/filter`, null, filter, options);
    }

    versions(options = null) {
        return this._unauthedRequest("GET", `${this._homeserver}/_matrix/client/versions`, null, null, options);
    }

    uploadKeys(payload, options = null) {
        return this._post("/keys/upload", null, payload, options);
    }

    queryKeys(queryRequest, options = null) {
        return this._post("/keys/query", null, queryRequest, options);
    }

    claimKeys(payload, options = null) {
        return this._post("/keys/claim", null, payload, options);
    }

    sendToDevice(type, payload, txnId, options = null) {
        return this._put(`/sendToDevice/${encodeURIComponent(type)}/${encodeURIComponent(txnId)}`, null, payload, options);
    }
    
    roomKeysVersion(version = null, options = null) {
        let versionPart = "";
        if (version) {
            versionPart = `/${encodeURIComponent(version)}`;
        }
        return this._get(`/room_keys/version${versionPart}`, null, null, options);
    }

    roomKeyForRoomAndSession(version, roomId, sessionId, options = null) {
        return this._get(`/room_keys/keys/${encodeURIComponent(roomId)}/${encodeURIComponent(sessionId)}`, {version}, null, options);
    }

    uploadAttachment(blob, filename, options = null) {
        return this._authedRequest("POST", `${this._homeserver}/_matrix/media/r0/upload`, {filename}, blob, options);
    }

    setPusher(pusher, options = null) {
        return this._post("/pushers/set", null, pusher, options);
    }

    getPushers(options = null) {
        return this._get("/pushers", null, null, options);
    }
}

import {Request as MockRequest} from "../../mocks/Request.js";

export function tests() {
    return {
        "superficial happy path for GET": async assert => {
            const hsApi = new HomeServerApi({
                request: () => new MockRequest().respond(200, 42),
                homeServer: "https://hs.tld"
            });
            const result = await hsApi._get("foo", null, null, null).response();
            assert.strictEqual(result, 42);
        }
    }
}
add license header in all source files 2020-08-05 22:08:55 +05:30			`/*`
			`Copyright 2020 Bruno Windels <bruno@windels.cloud>`
move MediaRepository out of HomeServerApi so HomeServerApi becomes easier to wrap, only having methods that return a RequestResult. 2020-09-22 17:10:38 +05:30			`Copyright 2020 The Matrix.org Foundation C.I.C.`
add license header in all source files 2020-08-05 22:08:55 +05:30
			`Licensed under the Apache License, Version 2.0 (the "License");`
			`you may not use this file except in compliance with the License.`
			`You may obtain a copy of the License at`

			`http://www.apache.org/licenses/LICENSE-2.0`

			`Unless required by applicable law or agreed to in writing, software`
			`distributed under the License is distributed on an "AS IS" BASIS,`
			`WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.`
			`See the License for the specific language governing permissions and`
			`limitations under the License.`
			`*/`

move RequestWrapper to own file and add tests, improve comments, and and don't use timeout connection error as that's not what happens if aborted request from service worker is reported as TypeError either. 2021-04-09 18:45:28 +05:30			`import {encodeQueryParams, encodeBody} from "./common.js";`
			`import {HomeServerRequest} from "./HomeServerRequest.js";`
support uploading blobs in hs api 2020-11-11 15:15:23 +05:30
stop using default exports because it becomes hard to remember where you used them and where not 2020-04-21 00:56:39 +05:30			`export class HomeServerApi {`
WIP2 2020-04-05 18:41:15 +05:30			`constructor({homeServer, accessToken, request, createTimeout, reconnector}) {`
some comments 2019-03-09 00:33:47 +05:30			`// store these both in a closure somehow so it's harder to get at in case of XSS?`
			`// one could change the homeserver as well so the token gets sent there, so both must be protected from read/write`
pull fetch code out of homeserverapi 2019-12-23 18:58:27 +05:30			`this._homeserver = homeServer;`
convert tabs to spaces where needed 2019-06-27 02:01:36 +05:30			`this._accessToken = accessToken;`
pull fetch code out of homeserverapi 2019-12-23 18:58:27 +05:30			`this._requestFn = request;`
WIP2 2020-04-05 18:41:15 +05:30			`this._createTimeout = createTimeout;`
			`this._reconnector = reconnector;`
convert tabs to spaces where needed 2019-06-27 02:01:36 +05:30			`}`
WIP 2018-12-21 19:05:24 +05:30
convert tabs to spaces where needed 2019-06-27 02:01:36 +05:30			`_url(csPath) {`
			return `${this._homeserver}/_matrix/client/r0${csPath}`;
			`}`
WIP 2018-12-21 19:05:24 +05:30
don't send access token on /versions as it's not a good idea, and some CORS configs might not be happy with an Authorization header on that path 2020-09-18 21:43:20 +05:30			`_baseRequest(method, url, queryParams, body, options, accessToken) {`
move mxcUrl functions to media repo class 2020-08-20 19:10:43 +05:30			`const queryString = encodeQueryParams(queryParams);`
WIP 2020-03-31 03:26:03 +05:30			url = `${url}?${queryString}`;
support logging in hsApi 2021-02-12 23:05:33 +05:30			`let log;`
			`if (options?.log) {`
			`const parent = options?.log;`
			`log = parent.child({`
use (t)ype rather than kind 2021-02-17 23:15:12 +05:30			`t: "network",`
support logging in hsApi 2021-02-12 23:05:33 +05:30			`url,`
			`method,`
			`}, parent.level.Info);`
			`}`
support uploading blobs in hs api 2020-11-11 15:15:23 +05:30			`let encodedBody;`
Headers is a DOM specific class, use Map instead in HomeServerApi 2020-04-23 00:16:47 +05:30			`const headers = new Map();`
don't send access token on /versions as it's not a good idea, and some CORS configs might not be happy with an Authorization header on that path 2020-09-18 21:43:20 +05:30			`if (accessToken) {`
			headers.set("Authorization", `Bearer ${accessToken}`);
convert tabs to spaces where needed 2019-06-27 02:01:36 +05:30			`}`
Headers is a DOM specific class, use Map instead in HomeServerApi 2020-04-23 00:16:47 +05:30			`headers.set("Accept", "application/json");`
convert tabs to spaces where needed 2019-06-27 02:01:36 +05:30			`if (body) {`
support uploading blobs in hs api 2020-11-11 15:15:23 +05:30			`const encoded = encodeBody(body);`
			`headers.set("Content-Type", encoded.mimeType);`
			`headers.set("Content-Length", encoded.length);`
			`encodedBody = encoded.body;`
convert tabs to spaces where needed 2019-06-27 02:01:36 +05:30			`}`
support logging in hsApi 2021-02-12 23:05:33 +05:30
pull fetch code out of homeserverapi 2019-12-23 18:58:27 +05:30			`const requestResult = this._requestFn(url, {`
convert tabs to spaces where needed 2019-06-27 02:01:36 +05:30			`method,`
			`headers,`
support uploading blobs in hs api 2020-11-11 15:15:23 +05:30			`body: encodedBody,`
basic PoC of image decryption working needs looooaaads of cleanup still 2020-10-23 20:48:11 +05:30			`timeout: options?.timeout,`
report attachment upload progress 2020-11-16 15:15:46 +05:30			`uploadProgress: options?.uploadProgress,`
support uploading blobs in hs api 2020-11-11 15:15:23 +05:30			`format: "json" // response format`
convert tabs to spaces where needed 2019-06-27 02:01:36 +05:30			`});`
WIP2 2020-04-05 18:41:15 +05:30
move RequestWrapper to own file and add tests, improve comments, and and don't use timeout connection error as that's not what happens if aborted request from service worker is reported as TypeError either. 2021-04-09 18:45:28 +05:30			`const hsRequest = new HomeServerRequest(method, url, requestResult, log);`
WIP2 2020-04-05 18:41:15 +05:30
			`if (this._reconnector) {`
move RequestWrapper to own file and add tests, improve comments, and and don't use timeout connection error as that's not what happens if aborted request from service worker is reported as TypeError either. 2021-04-09 18:45:28 +05:30			`hsRequest.response().catch(err => {`
add comment how timeouts interact with the reconnector 2020-09-25 14:15:41 +05:30			`// Some endpoints such as /sync legitimately time-out`
			`// (which is also reported as a ConnectionError) and will re-attempt,`
			`// but spinning up the reconnector in this case is ok,`
			`// as all code ran on session and sync start should be reentrant`
fix timeouts not working and also not being handled in the Reconnector 2020-05-06 23:08:33 +05:30			`if (err.name === "ConnectionError") {`
WIP2 2020-04-05 18:41:15 +05:30			`this._reconnector.onRequestFailed(this);`
			`}`
			`});`
			`}`

move RequestWrapper to own file and add tests, improve comments, and and don't use timeout connection error as that's not what happens if aborted request from service worker is reported as TypeError either. 2021-04-09 18:45:28 +05:30			`return hsRequest;`
convert tabs to spaces where needed 2019-06-27 02:01:36 +05:30			`}`
fix errors & support login in network 2019-02-05 03:56:24 +05:30
don't send access token on /versions as it's not a good idea, and some CORS configs might not be happy with an Authorization header on that path 2020-09-18 21:43:20 +05:30			`_unauthedRequest(method, url, queryParams, body, options) {`
			`return this._baseRequest(method, url, queryParams, body, options, null);`
			`}`

			`_authedRequest(method, url, queryParams, body, options) {`
			`return this._baseRequest(method, url, queryParams, body, options, this._accessToken);`
			`}`

WIP2 2020-04-05 18:41:15 +05:30			`_post(csPath, queryParams, body, options) {`
don't send access token on /versions as it's not a good idea, and some CORS configs might not be happy with an Authorization header on that path 2020-09-18 21:43:20 +05:30			`return this._authedRequest("POST", this._url(csPath), queryParams, body, options);`
convert tabs to spaces where needed 2019-06-27 02:01:36 +05:30			`}`
fix errors & support login in network 2019-02-05 03:56:24 +05:30
WIP2 2020-04-05 18:41:15 +05:30			`_put(csPath, queryParams, body, options) {`
don't send access token on /versions as it's not a good idea, and some CORS configs might not be happy with an Authorization header on that path 2020-09-18 21:43:20 +05:30			`return this._authedRequest("PUT", this._url(csPath), queryParams, body, options);`
more WIP 2019-07-27 01:33:57 +05:30			`}`

WIP2 2020-04-05 18:41:15 +05:30			`_get(csPath, queryParams, body, options) {`
don't send access token on /versions as it's not a good idea, and some CORS configs might not be happy with an Authorization header on that path 2020-09-18 21:43:20 +05:30			`return this._authedRequest("GET", this._url(csPath), queryParams, body, options);`
convert tabs to spaces where needed 2019-06-27 02:01:36 +05:30			`}`
WIP 2018-12-21 19:05:24 +05:30
WIP2 2020-04-05 18:41:15 +05:30			`sync(since, filter, timeout, options = null) {`
			`return this._get("/sync", {since, timeout, filter}, null, options);`
convert tabs to spaces where needed 2019-06-27 02:01:36 +05:30			`}`
fix errors & support login in network 2019-02-05 03:56:24 +05:30
work on filling gaps 2019-03-09 05:11:06 +05:30			`// params is from, dir and optionally to, limit, filter.`
WIP2 2020-04-05 18:41:15 +05:30			`messages(roomId, params, options = null) {`
			return this._get(`/rooms/${encodeURIComponent(roomId)}/messages`, params, null, options);
work on filling gaps 2019-03-09 05:11:06 +05:30			`}`

members hs api call 2020-08-19 19:41:33 +05:30			`// params is at, membership and not_membership`
			`members(roomId, params, options = null) {`
			return this._get(`/rooms/${encodeURIComponent(roomId)}/members`, params, null, options);
			`}`

WIP2 2020-04-05 18:41:15 +05:30			`send(roomId, eventType, txnId, content, options = null) {`
			return this._put(`/rooms/${encodeURIComponent(roomId)}/send/${encodeURIComponent(eventType)}/${encodeURIComponent(txnId)}`, {}, content, options);
more WIP 2019-07-27 01:33:57 +05:30			`}`

send receipt to server when clearing unread state so notif count clears 2020-08-21 18:46:57 +05:30			`receipt(roomId, receiptType, eventId, options = null) {`
			return this._post(`/rooms/${encodeURIComponent(roomId)}/receipt/${encodeURIComponent(receiptType)}/${encodeURIComponent(eventId)}`,
			`{}, {}, options);`
			`}`

name devices at login "Hydrogen" so you can somewhat identify them in a device list 2020-09-08 14:23:15 +05:30			`passwordLogin(username, password, initialDeviceDisplayName, options = null) {`
don't send access token on /versions as it's not a good idea, and some CORS configs might not be happy with an Authorization header on that path 2020-09-18 21:43:20 +05:30			`return this._unauthedRequest("POST", this._url("/login"), null, {`
fix errors & support login in network 2019-02-05 03:56:24 +05:30			`"type": "m.login.password",`
			`"identifier": {`
			`"type": "m.id.user",`
			`"user": username`
			`},`
name devices at login "Hydrogen" so you can somewhat identify them in a device list 2020-09-08 14:23:15 +05:30			`"password": password,`
			`"initial_device_display_name": initialDeviceDisplayName`
WIP2 2020-04-05 18:41:15 +05:30			`}, options);`
convert tabs to spaces where needed 2019-06-27 02:01:36 +05:30			`}`
very basic support for lazy loading 2019-10-12 23:54:09 +05:30
WIP2 2020-04-05 18:41:15 +05:30			`createFilter(userId, filter, options = null) {`
			return this._post(`/user/${encodeURIComponent(userId)}/filter`, null, filter, options);
very basic support for lazy loading 2019-10-12 23:54:09 +05:30			`}`
WIP 2020-03-31 03:26:03 +05:30
WIP2 2020-04-05 18:41:15 +05:30			`versions(options = null) {`
don't send access token on /versions as it's not a good idea, and some CORS configs might not be happy with an Authorization header on that path 2020-09-18 21:43:20 +05:30			return this._unauthedRequest("GET", `${this._homeserver}/_matrix/client/versions`, null, null, options);
WIP 2020-03-31 03:26:03 +05:30			`}`
show images intimeline 2020-05-09 23:32:08 +05:30
upload identity and one-time keys 2020-08-27 22:43:24 +05:30			`uploadKeys(payload, options = null) {`
			`return this._post("/keys/upload", null, payload, options);`
			`}`

implement hsapi /keys/query method 2020-08-31 17:54:09 +05:30			`queryKeys(queryRequest, options = null) {`
			`return this._post("/keys/query", null, queryRequest, options);`
			`}`

implement hsapi /keys/claim endpoint 2020-09-03 19:03:23 +05:30			`claimKeys(payload, options = null) {`
			`return this._post("/keys/claim", null, payload, options);`
			`}`

add RoomEncryption to room 2020-09-03 19:06:17 +05:30			`sendToDevice(type, payload, txnId, options = null) {`
			return this._put(`/sendToDevice/${encodeURIComponent(type)}/${encodeURIComponent(txnId)}`, null, payload, options);
			`}`
more impl of SessionBackup 2020-09-17 17:49:57 +05:30
			`roomKeysVersion(version = null, options = null) {`
fixes 2020-09-17 21:27:12 +05:30			`let versionPart = "";`
			`if (version) {`
			versionPart = `/${encodeURIComponent(version)}`;
more impl of SessionBackup 2020-09-17 17:49:57 +05:30			`}`
fixes 2020-09-17 21:27:12 +05:30			return this._get(`/room_keys/version${versionPart}`, null, null, options);
more impl of SessionBackup 2020-09-17 17:49:57 +05:30			`}`

			`roomKeyForRoomAndSession(version, roomId, sessionId, options = null) {`
			return this._get(`/room_keys/keys/${encodeURIComponent(roomId)}/${encodeURIComponent(sessionId)}`, {version}, null, options);
			`}`
implement attachment uploading in hs api rather than media repo as we need the access token 2020-11-11 15:15:44 +05:30
			`uploadAttachment(blob, filename, options = null) {`
/upload is on /media/r0, not /client/r0 2020-11-11 16:20:40 +05:30			return this._authedRequest("POST", `${this._homeserver}/_matrix/media/r0/upload`, {filename}, blob, options);
implement attachment uploading in hs api rather than media repo as we need the access token 2020-11-11 15:15:44 +05:30			`}`
put pusher bits in separate class to enable and disable on the HS 2021-03-19 01:12:46 +05:30
			`setPusher(pusher, options = null) {`
			`return this._post("/pushers/set", null, pusher, options);`
			`}`
support checking if pusher is still present on server 2021-04-01 18:29:46 +05:30
			`getPushers(options = null) {`
			`return this._get("/pushers", null, null, options);`
			`}`
throw NetworkError from HomeServerApi 2019-03-08 16:56:59 +05:30			`}`
simple unit test for hsApi 2020-04-23 00:17:31 +05:30
move RequestWrapper to own file and add tests, improve comments, and and don't use timeout connection error as that's not what happens if aborted request from service worker is reported as TypeError either. 2021-04-09 18:45:28 +05:30			`import {Request as MockRequest} from "../../mocks/Request.js";`
simple unit test for hsApi 2020-04-23 00:17:31 +05:30
move RequestWrapper to own file and add tests, improve comments, and and don't use timeout connection error as that's not what happens if aborted request from service worker is reported as TypeError either. 2021-04-09 18:45:28 +05:30			`export function tests() {`
simple unit test for hsApi 2020-04-23 00:17:31 +05:30			`return {`
			`"superficial happy path for GET": async assert => {`
			`const hsApi = new HomeServerApi({`
move RequestWrapper to own file and add tests, improve comments, and and don't use timeout connection error as that's not what happens if aborted request from service worker is reported as TypeError either. 2021-04-09 18:45:28 +05:30			`request: () => new MockRequest().respond(200, 42),`
simple unit test for hsApi 2020-04-23 00:17:31 +05:30			`homeServer: "https://hs.tld"`
			`});`
			`const result = await hsApi._get("foo", null, null, null).response();`
			`assert.strictEqual(result, 42);`
			`}`
			`}`
			`}`