hydrogen-web/src/matrix/net/HomeServerApi.js

/*
Copyright 2020 Bruno Windels <bruno@windels.cloud>
Copyright 2020 The Matrix.org Foundation C.I.C.

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

    http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/

import {HomeServerError, ConnectionError} from "../error.js";
import {encodeQueryParams} from "./common.js";

class RequestWrapper {
    constructor(method, url, requestResult) {
        this._requestResult = requestResult;
        this._promise = requestResult.response().then(response => {
            // ok?
            if (response.status >= 200 && response.status < 300) {
                return response.body;
            } else {
                if (response.status >= 400 && !response.body?.errcode) {
                    throw new ConnectionError(`HTTP error status ${response.status} without errcode in body, assume this is a load balancer complaining the server is offline.`);
                } else {
                    throw new HomeServerError(method, url, response.body, response.status);
                }
            }
        }, err => {
            // if this._requestResult is still set, the abort error came not from calling abort here
            if (err.name === "AbortError" && this._requestResult) {
                throw new Error(`Request ${method} ${url} was unexpectedly aborted, see #187.`);
            } else {
                throw err;
            }
        });
    }

    abort() {
        if (this._requestResult) {
            this._requestResult.abort();
            // to mark that it was on purpose in above rejection handler
            this._requestResult = null;
        }
    }

    response() {
        return this._promise;
    }
}

export class HomeServerApi {
    constructor({homeServer, accessToken, request, createTimeout, reconnector}) {
        // store these both in a closure somehow so it's harder to get at in case of XSS?
        // one could change the homeserver as well so the token gets sent there, so both must be protected from read/write
        this._homeserver = homeServer;
        this._accessToken = accessToken;
        this._requestFn = request;
        this._createTimeout = createTimeout;
        this._reconnector = reconnector;
    }

    _url(csPath) {
        return `${this._homeserver}/_matrix/client/r0${csPath}`;
    }

    _baseRequest(method, url, queryParams, body, options, accessToken) {
        const queryString = encodeQueryParams(queryParams);
        url = `${url}?${queryString}`;
        let bodyString;
        const headers = new Map();
        if (accessToken) {
            headers.set("Authorization", `Bearer ${accessToken}`);
        }
        headers.set("Accept", "application/json");
        if (body) {
            headers.set("Content-Type", "application/json");
            bodyString = JSON.stringify(body);
        }
        const requestResult = this._requestFn(url, {
            method,
            headers,
            body: bodyString,
            timeout: options?.timeout,
            format: "json"
        });

        const wrapper = new RequestWrapper(method, url, requestResult);
        
        if (this._reconnector) {
            wrapper.response().catch(err => {
                // Some endpoints such as /sync legitimately time-out
                // (which is also reported as a ConnectionError) and will re-attempt,
                // but spinning up the reconnector in this case is ok,
                // as all code ran on session and sync start should be reentrant
                if (err.name === "ConnectionError") {
                    this._reconnector.onRequestFailed(this);
                }
            });
        }

        return wrapper;
    }

    _unauthedRequest(method, url, queryParams, body, options) {
        return this._baseRequest(method, url, queryParams, body, options, null);
    }

    _authedRequest(method, url, queryParams, body, options) {
        return this._baseRequest(method, url, queryParams, body, options, this._accessToken);
    }

    _post(csPath, queryParams, body, options) {
        return this._authedRequest("POST", this._url(csPath), queryParams, body, options);
    }

    _put(csPath, queryParams, body, options) {
        return this._authedRequest("PUT", this._url(csPath), queryParams, body, options);
    }

    _get(csPath, queryParams, body, options) {
        return this._authedRequest("GET", this._url(csPath), queryParams, body, options);
    }

    sync(since, filter, timeout, options = null) {
        return this._get("/sync", {since, timeout, filter}, null, options);
    }

    // params is from, dir and optionally to, limit, filter.
    messages(roomId, params, options = null) {
        return this._get(`/rooms/${encodeURIComponent(roomId)}/messages`, params, null, options);
    }

    // params is at, membership and not_membership
    members(roomId, params, options = null) {
        return this._get(`/rooms/${encodeURIComponent(roomId)}/members`, params, null, options);
    }

    send(roomId, eventType, txnId, content, options = null) {
        return this._put(`/rooms/${encodeURIComponent(roomId)}/send/${encodeURIComponent(eventType)}/${encodeURIComponent(txnId)}`, {}, content, options);
    }

    receipt(roomId, receiptType, eventId, options = null) {
        return this._post(`/rooms/${encodeURIComponent(roomId)}/receipt/${encodeURIComponent(receiptType)}/${encodeURIComponent(eventId)}`,
            {}, {}, options);
    }

    passwordLogin(username, password, initialDeviceDisplayName, options = null) {
        return this._unauthedRequest("POST", this._url("/login"), null, {
          "type": "m.login.password",
          "identifier": {
            "type": "m.id.user",
            "user": username
          },
          "password": password,
          "initial_device_display_name": initialDeviceDisplayName
        }, options);
    }

    createFilter(userId, filter, options = null) {
        return this._post(`/user/${encodeURIComponent(userId)}/filter`, null, filter, options);
    }

    versions(options = null) {
        return this._unauthedRequest("GET", `${this._homeserver}/_matrix/client/versions`, null, null, options);
    }

    uploadKeys(payload, options = null) {
        return this._post("/keys/upload", null, payload, options);
    }

    queryKeys(queryRequest, options = null) {
        return this._post("/keys/query", null, queryRequest, options);
    }

    claimKeys(payload, options = null) {
        return this._post("/keys/claim", null, payload, options);
    }

    sendToDevice(type, payload, txnId, options = null) {
        return this._put(`/sendToDevice/${encodeURIComponent(type)}/${encodeURIComponent(txnId)}`, null, payload, options);
    }
    
    roomKeysVersion(version = null, options = null) {
        let versionPart = "";
        if (version) {
            versionPart = `/${encodeURIComponent(version)}`;
        }
        return this._get(`/room_keys/version${versionPart}`, null, null, options);
    }

    roomKeyForRoomAndSession(version, roomId, sessionId, options = null) {
        return this._get(`/room_keys/keys/${encodeURIComponent(roomId)}/${encodeURIComponent(sessionId)}`, {version}, null, options);
    }
}

export function tests() {
    function createRequestMock(result) {
        return function() {
            return {
                abort() {},
                response() {
                    return Promise.resolve(result);
                }
            }
        }
    }

    return {
        "superficial happy path for GET": async assert => {
            const hsApi = new HomeServerApi({
                request: createRequestMock({body: 42, status: 200}),
                homeServer: "https://hs.tld"
            });
            const result = await hsApi._get("foo", null, null, null).response();
            assert.strictEqual(result, 42);
        }
    }
}
add license header in all source files 2020-08-05 22:08:55 +05:30			`/*`
			`Copyright 2020 Bruno Windels <bruno@windels.cloud>`
move MediaRepository out of HomeServerApi so HomeServerApi becomes easier to wrap, only having methods that return a RequestResult. 2020-09-22 17:10:38 +05:30			`Copyright 2020 The Matrix.org Foundation C.I.C.`
add license header in all source files 2020-08-05 22:08:55 +05:30
			`Licensed under the Apache License, Version 2.0 (the "License");`
			`you may not use this file except in compliance with the License.`
			`You may obtain a copy of the License at`

			`http://www.apache.org/licenses/LICENSE-2.0`

			`Unless required by applicable law or agreed to in writing, software`
			`distributed under the License is distributed on an "AS IS" BASIS,`
			`WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.`
			`See the License for the specific language governing permissions and`
			`limitations under the License.`
			`*/`

fix #48 2020-11-06 01:54:14 +05:30			`import {HomeServerError, ConnectionError} from "../error.js";`
move MediaRepository out of HomeServerApi so HomeServerApi becomes easier to wrap, only having methods that return a RequestResult. 2020-09-22 17:10:38 +05:30			`import {encodeQueryParams} from "./common.js";`
its syncing, sort off 2019-02-11 01:55:29 +05:30
fix errors & support login in network 2019-02-05 03:56:24 +05:30			`class RequestWrapper {`
Move timeout to fetch, as XHR has native timeout support 2020-08-05 21:06:44 +05:30			`constructor(method, url, requestResult) {`
pull fetch code out of homeserverapi 2019-12-23 18:58:27 +05:30			`this._requestResult = requestResult;`
Move timeout to fetch, as XHR has native timeout support 2020-08-05 21:06:44 +05:30			`this._promise = requestResult.response().then(response => {`
pull fetch code out of homeserverapi 2019-12-23 18:58:27 +05:30			`// ok?`
			`if (response.status >= 200 && response.status < 300) {`
			`return response.body;`
			`} else {`
fix #48 2020-11-06 01:54:14 +05:30			`if (response.status >= 400 && !response.body?.errcode) {`
			throw new ConnectionError(`HTTP error status ${response.status} without errcode in body, assume this is a load balancer complaining the server is offline.`);
			`} else {`
			`throw new HomeServerError(method, url, response.body, response.status);`
pull fetch code out of homeserverapi 2019-12-23 18:58:27 +05:30			`}`
			`}`
try to call out when #187 happens 2020-11-06 03:09:32 +05:30			`}, err => {`
			`// if this._requestResult is still set, the abort error came not from calling abort here`
			`if (err.name === "AbortError" && this._requestResult) {`
			throw new Error(`Request ${method} ${url} was unexpectedly aborted, see #187.`);
			`} else {`
			`throw err;`
			`}`
pull fetch code out of homeserverapi 2019-12-23 18:58:27 +05:30			`});`
convert tabs to spaces where needed 2019-06-27 02:01:36 +05:30			`}`
WIP 2018-12-21 19:05:24 +05:30
convert tabs to spaces where needed 2019-06-27 02:01:36 +05:30			`abort() {`
try to call out when #187 happens 2020-11-06 03:09:32 +05:30			`if (this._requestResult) {`
			`this._requestResult.abort();`
			`// to mark that it was on purpose in above rejection handler`
			`this._requestResult = null;`
			`}`
convert tabs to spaces where needed 2019-06-27 02:01:36 +05:30			`}`
WIP 2018-12-21 19:05:24 +05:30
convert tabs to spaces where needed 2019-06-27 02:01:36 +05:30			`response() {`
			`return this._promise;`
			`}`
WIP 2018-12-21 19:05:24 +05:30			`}`

stop using default exports because it becomes hard to remember where you used them and where not 2020-04-21 00:56:39 +05:30			`export class HomeServerApi {`
WIP2 2020-04-05 18:41:15 +05:30			`constructor({homeServer, accessToken, request, createTimeout, reconnector}) {`
some comments 2019-03-09 00:33:47 +05:30			`// store these both in a closure somehow so it's harder to get at in case of XSS?`
			`// one could change the homeserver as well so the token gets sent there, so both must be protected from read/write`
pull fetch code out of homeserverapi 2019-12-23 18:58:27 +05:30			`this._homeserver = homeServer;`
convert tabs to spaces where needed 2019-06-27 02:01:36 +05:30			`this._accessToken = accessToken;`
pull fetch code out of homeserverapi 2019-12-23 18:58:27 +05:30			`this._requestFn = request;`
WIP2 2020-04-05 18:41:15 +05:30			`this._createTimeout = createTimeout;`
			`this._reconnector = reconnector;`
convert tabs to spaces where needed 2019-06-27 02:01:36 +05:30			`}`
WIP 2018-12-21 19:05:24 +05:30
convert tabs to spaces where needed 2019-06-27 02:01:36 +05:30			`_url(csPath) {`
			return `${this._homeserver}/_matrix/client/r0${csPath}`;
			`}`
WIP 2018-12-21 19:05:24 +05:30
don't send access token on /versions as it's not a good idea, and some CORS configs might not be happy with an Authorization header on that path 2020-09-18 21:43:20 +05:30			`_baseRequest(method, url, queryParams, body, options, accessToken) {`
move mxcUrl functions to media repo class 2020-08-20 19:10:43 +05:30			`const queryString = encodeQueryParams(queryParams);`
WIP 2020-03-31 03:26:03 +05:30			url = `${url}?${queryString}`;
convert tabs to spaces where needed 2019-06-27 02:01:36 +05:30			`let bodyString;`
Headers is a DOM specific class, use Map instead in HomeServerApi 2020-04-23 00:16:47 +05:30			`const headers = new Map();`
don't send access token on /versions as it's not a good idea, and some CORS configs might not be happy with an Authorization header on that path 2020-09-18 21:43:20 +05:30			`if (accessToken) {`
			headers.set("Authorization", `Bearer ${accessToken}`);
convert tabs to spaces where needed 2019-06-27 02:01:36 +05:30			`}`
Headers is a DOM specific class, use Map instead in HomeServerApi 2020-04-23 00:16:47 +05:30			`headers.set("Accept", "application/json");`
convert tabs to spaces where needed 2019-06-27 02:01:36 +05:30			`if (body) {`
Headers is a DOM specific class, use Map instead in HomeServerApi 2020-04-23 00:16:47 +05:30			`headers.set("Content-Type", "application/json");`
convert tabs to spaces where needed 2019-06-27 02:01:36 +05:30			`bodyString = JSON.stringify(body);`
			`}`
pull fetch code out of homeserverapi 2019-12-23 18:58:27 +05:30			`const requestResult = this._requestFn(url, {`
convert tabs to spaces where needed 2019-06-27 02:01:36 +05:30			`method,`
			`headers,`
			`body: bodyString,`
basic PoC of image decryption working needs looooaaads of cleanup still 2020-10-23 20:48:11 +05:30			`timeout: options?.timeout,`
			`format: "json"`
convert tabs to spaces where needed 2019-06-27 02:01:36 +05:30			`});`
WIP2 2020-04-05 18:41:15 +05:30
Move timeout to fetch, as XHR has native timeout support 2020-08-05 21:06:44 +05:30			`const wrapper = new RequestWrapper(method, url, requestResult);`
WIP2 2020-04-05 18:41:15 +05:30
			`if (this._reconnector) {`
			`wrapper.response().catch(err => {`
add comment how timeouts interact with the reconnector 2020-09-25 14:15:41 +05:30			`// Some endpoints such as /sync legitimately time-out`
			`// (which is also reported as a ConnectionError) and will re-attempt,`
			`// but spinning up the reconnector in this case is ok,`
			`// as all code ran on session and sync start should be reentrant`
fix timeouts not working and also not being handled in the Reconnector 2020-05-06 23:08:33 +05:30			`if (err.name === "ConnectionError") {`
WIP2 2020-04-05 18:41:15 +05:30			`this._reconnector.onRequestFailed(this);`
			`}`
			`});`
			`}`

			`return wrapper;`
convert tabs to spaces where needed 2019-06-27 02:01:36 +05:30			`}`
fix errors & support login in network 2019-02-05 03:56:24 +05:30
don't send access token on /versions as it's not a good idea, and some CORS configs might not be happy with an Authorization header on that path 2020-09-18 21:43:20 +05:30			`_unauthedRequest(method, url, queryParams, body, options) {`
			`return this._baseRequest(method, url, queryParams, body, options, null);`
			`}`

			`_authedRequest(method, url, queryParams, body, options) {`
			`return this._baseRequest(method, url, queryParams, body, options, this._accessToken);`
			`}`

WIP2 2020-04-05 18:41:15 +05:30			`_post(csPath, queryParams, body, options) {`
don't send access token on /versions as it's not a good idea, and some CORS configs might not be happy with an Authorization header on that path 2020-09-18 21:43:20 +05:30			`return this._authedRequest("POST", this._url(csPath), queryParams, body, options);`
convert tabs to spaces where needed 2019-06-27 02:01:36 +05:30			`}`
fix errors & support login in network 2019-02-05 03:56:24 +05:30
WIP2 2020-04-05 18:41:15 +05:30			`_put(csPath, queryParams, body, options) {`
don't send access token on /versions as it's not a good idea, and some CORS configs might not be happy with an Authorization header on that path 2020-09-18 21:43:20 +05:30			`return this._authedRequest("PUT", this._url(csPath), queryParams, body, options);`
more WIP 2019-07-27 01:33:57 +05:30			`}`

WIP2 2020-04-05 18:41:15 +05:30			`_get(csPath, queryParams, body, options) {`
don't send access token on /versions as it's not a good idea, and some CORS configs might not be happy with an Authorization header on that path 2020-09-18 21:43:20 +05:30			`return this._authedRequest("GET", this._url(csPath), queryParams, body, options);`
convert tabs to spaces where needed 2019-06-27 02:01:36 +05:30			`}`
WIP 2018-12-21 19:05:24 +05:30
WIP2 2020-04-05 18:41:15 +05:30			`sync(since, filter, timeout, options = null) {`
			`return this._get("/sync", {since, timeout, filter}, null, options);`
convert tabs to spaces where needed 2019-06-27 02:01:36 +05:30			`}`
fix errors & support login in network 2019-02-05 03:56:24 +05:30
work on filling gaps 2019-03-09 05:11:06 +05:30			`// params is from, dir and optionally to, limit, filter.`
WIP2 2020-04-05 18:41:15 +05:30			`messages(roomId, params, options = null) {`
			return this._get(`/rooms/${encodeURIComponent(roomId)}/messages`, params, null, options);
work on filling gaps 2019-03-09 05:11:06 +05:30			`}`

members hs api call 2020-08-19 19:41:33 +05:30			`// params is at, membership and not_membership`
			`members(roomId, params, options = null) {`
			return this._get(`/rooms/${encodeURIComponent(roomId)}/members`, params, null, options);
			`}`

WIP2 2020-04-05 18:41:15 +05:30			`send(roomId, eventType, txnId, content, options = null) {`
			return this._put(`/rooms/${encodeURIComponent(roomId)}/send/${encodeURIComponent(eventType)}/${encodeURIComponent(txnId)}`, {}, content, options);
more WIP 2019-07-27 01:33:57 +05:30			`}`

send receipt to server when clearing unread state so notif count clears 2020-08-21 18:46:57 +05:30			`receipt(roomId, receiptType, eventId, options = null) {`
			return this._post(`/rooms/${encodeURIComponent(roomId)}/receipt/${encodeURIComponent(receiptType)}/${encodeURIComponent(eventId)}`,
			`{}, {}, options);`
			`}`

name devices at login "Hydrogen" so you can somewhat identify them in a device list 2020-09-08 14:23:15 +05:30			`passwordLogin(username, password, initialDeviceDisplayName, options = null) {`
don't send access token on /versions as it's not a good idea, and some CORS configs might not be happy with an Authorization header on that path 2020-09-18 21:43:20 +05:30			`return this._unauthedRequest("POST", this._url("/login"), null, {`
fix errors & support login in network 2019-02-05 03:56:24 +05:30			`"type": "m.login.password",`
			`"identifier": {`
			`"type": "m.id.user",`
			`"user": username`
			`},`
name devices at login "Hydrogen" so you can somewhat identify them in a device list 2020-09-08 14:23:15 +05:30			`"password": password,`
			`"initial_device_display_name": initialDeviceDisplayName`
WIP2 2020-04-05 18:41:15 +05:30			`}, options);`
convert tabs to spaces where needed 2019-06-27 02:01:36 +05:30			`}`
very basic support for lazy loading 2019-10-12 23:54:09 +05:30
WIP2 2020-04-05 18:41:15 +05:30			`createFilter(userId, filter, options = null) {`
			return this._post(`/user/${encodeURIComponent(userId)}/filter`, null, filter, options);
very basic support for lazy loading 2019-10-12 23:54:09 +05:30			`}`
WIP 2020-03-31 03:26:03 +05:30
WIP2 2020-04-05 18:41:15 +05:30			`versions(options = null) {`
don't send access token on /versions as it's not a good idea, and some CORS configs might not be happy with an Authorization header on that path 2020-09-18 21:43:20 +05:30			return this._unauthedRequest("GET", `${this._homeserver}/_matrix/client/versions`, null, null, options);
WIP 2020-03-31 03:26:03 +05:30			`}`
show images intimeline 2020-05-09 23:32:08 +05:30
upload identity and one-time keys 2020-08-27 22:43:24 +05:30			`uploadKeys(payload, options = null) {`
			`return this._post("/keys/upload", null, payload, options);`
			`}`

implement hsapi /keys/query method 2020-08-31 17:54:09 +05:30			`queryKeys(queryRequest, options = null) {`
			`return this._post("/keys/query", null, queryRequest, options);`
			`}`

implement hsapi /keys/claim endpoint 2020-09-03 19:03:23 +05:30			`claimKeys(payload, options = null) {`
			`return this._post("/keys/claim", null, payload, options);`
			`}`

add RoomEncryption to room 2020-09-03 19:06:17 +05:30			`sendToDevice(type, payload, txnId, options = null) {`
			return this._put(`/sendToDevice/${encodeURIComponent(type)}/${encodeURIComponent(txnId)}`, null, payload, options);
			`}`
more impl of SessionBackup 2020-09-17 17:49:57 +05:30
			`roomKeysVersion(version = null, options = null) {`
fixes 2020-09-17 21:27:12 +05:30			`let versionPart = "";`
			`if (version) {`
			versionPart = `/${encodeURIComponent(version)}`;
more impl of SessionBackup 2020-09-17 17:49:57 +05:30			`}`
fixes 2020-09-17 21:27:12 +05:30			return this._get(`/room_keys/version${versionPart}`, null, null, options);
more impl of SessionBackup 2020-09-17 17:49:57 +05:30			`}`

			`roomKeyForRoomAndSession(version, roomId, sessionId, options = null) {`
			return this._get(`/room_keys/keys/${encodeURIComponent(roomId)}/${encodeURIComponent(sessionId)}`, {version}, null, options);
			`}`
throw NetworkError from HomeServerApi 2019-03-08 16:56:59 +05:30			`}`
simple unit test for hsApi 2020-04-23 00:17:31 +05:30
			`export function tests() {`
			`function createRequestMock(result) {`
			`return function() {`
			`return {`
			`abort() {},`
			`response() {`
			`return Promise.resolve(result);`
			`}`
			`}`
			`}`
			`}`

			`return {`
			`"superficial happy path for GET": async assert => {`
			`const hsApi = new HomeServerApi({`
			`request: createRequestMock({body: 42, status: 200}),`
			`homeServer: "https://hs.tld"`
			`});`
			`const result = await hsApi._get("foo", null, null, null).response();`
			`assert.strictEqual(result, 42);`
			`}`
			`}`
			`}`