From d255ce1a21323aae369347b7f2b39d7a9a34f93e Mon Sep 17 00:00:00 2001 From: Jordan Bancino Date: Thu, 16 Feb 2023 17:22:59 +0000 Subject: [PATCH] Begin working on refresh route. --- src/Routes/RouteMatrix.c | 4 ++ src/Routes/RouteRefresh.c | 126 +++++++++++++++++++++++++++++++++++++ src/Routes/RouteRegister.c | 4 +- src/include/Routes.h | 2 + 4 files changed, 133 insertions(+), 3 deletions(-) create mode 100644 src/Routes/RouteRefresh.c diff --git a/src/Routes/RouteMatrix.c b/src/Routes/RouteMatrix.c index cca46c6..124799f 100644 --- a/src/Routes/RouteMatrix.c +++ b/src/Routes/RouteMatrix.c @@ -72,6 +72,10 @@ ROUTE_IMPL(RouteMatrix, args) { response = RouteRegister(args); } + else if (MATRIX_PATH_EQUALS(pathPart, "refresh")) + { + response = RouteRefresh(args); + } else { HttpResponseStatus(args->context, HTTP_NOT_FOUND); diff --git a/src/Routes/RouteRefresh.c b/src/Routes/RouteRefresh.c new file mode 100644 index 0000000..0cd99d8 --- /dev/null +++ b/src/Routes/RouteRefresh.c @@ -0,0 +1,126 @@ +/* + * Copyright (C) 2022-2023 Jordan Bancino <@jordan:bancino.net> + * + * Permission is hereby granted, free of charge, to any person + * obtaining a copy of this software and associated documentation files + * (the "Software"), to deal in the Software without restriction, + * including without limitation the rights to use, copy, modify, merge, + * publish, distribute, sublicense, and/or sell copies of the Software, + * and to permit persons to whom the Software is furnished to do so, + * subject to the following conditions: + * + * The above copyright notice and this permission notice shall be + * included in all copies or portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, + * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF + * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND + * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS + * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN + * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN + * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE + * SOFTWARE. + */ +#include + +#include + +#include +#include +#include +#include + +ROUTE_IMPL(RouteRefresh, args) +{ + HashMap *request; + HashMap *response = NULL; + + JsonValue *val; + char *refreshToken; + + char *oldAccessToken; + char *newAccessToken; + char *deviceId; + + Db *db = args->matrixArgs->db; + LogConfig *lc = args->matrixArgs->lc; + + DbRef *rtRef; + DbRef * oAtRef; + DbRef * nAtRef; + + if (MATRIX_PATH_PARTS(args->path) > 0) + { + HttpResponseStatus(args->context, HTTP_NOT_FOUND); + return MatrixErrorCreate(M_NOT_FOUND); + } + + if (HttpRequestMethodGet(args->context) != HTTP_POST) + { + HttpResponseStatus(args->context, HTTP_BAD_REQUEST); + return MatrixErrorCreate(M_UNRECOGNIZED); + } + + request = JsonDecode(HttpStream(args->context)); + if (!request) + { + HttpResponseStatus(args->context, HTTP_BAD_REQUEST); + return MatrixErrorCreate(M_NOT_JSON); + } + + val = HashMapGet(request, "refresh_token"); + if (!val || JsonValueType(val) != JSON_STRING) + { + HttpResponseStatus(args->context, HTTP_BAD_REQUEST); + response = MatrixErrorCreate(M_BAD_JSON); + goto finish; + } + + refreshToken = JsonValueAsString(val); + + /* Get the refresh token object */ + rtRef = DbLock(db, 3, "tokens", "refresh", refreshToken); + + if (!rtRef) + { + HttpResponseStatus(args->context, HTTP_BAD_REQUEST); + response = MatrixErrorCreate(M_UNKNOWN_TOKEN); + goto finish; + } + + /* Get the access token and device the refresh token refreshes */ + oldAccessToken = JsonValueAsString(HashMapGet(DbJson(rtRef), "refreshes")); + oAtRef = DbLock(db, 3, "tokens", "access", oldAccessToken); + + if (!oAtRef) + { + Log(lc, LOG_ERR, "Refresh token '%s' points to an access token that doesn't exist.", + refreshToken); + Log(lc, LOG_WARNING, "This refresh token will be deleted."); + HttpResponseStatus(args->context, HTTP_INTERNAL_SERVER_ERROR); + response = MatrixErrorCreate(M_UNKNOWN); + + DbUnlock(db, rtRef); + DbDelete(db, 3, "tokens", "refresh", refreshToken); + + goto finish; + } + + /* Get the user associated with the access token and device */ + + /* Generate a new access token associated with the device and user. */ + + /* Replace old access token in User */ + + /* Delete old access token */ + + /* Update the refresh token to point to the new access token */ + + /* Return the new access token and expiration timestamp to the client */ + response = HashMapCreate(); + +finish: + JsonFree(request); + DbUnlock(db, rtRef); + return response; +} diff --git a/src/Routes/RouteRegister.c b/src/Routes/RouteRegister.c index 8c346c5..e35369c 100644 --- a/src/Routes/RouteRegister.c +++ b/src/Routes/RouteRegister.c @@ -38,8 +38,6 @@ ROUTE_IMPL(RouteRegister, args) HashMap *request = NULL; HashMap *response = NULL; - char *pathPart = NULL; - JsonValue *val; char *kind; @@ -242,7 +240,7 @@ finish: } else { - pathPart = MATRIX_PATH_POP(args->path); + char *pathPart = MATRIX_PATH_POP(args->path); if (HttpRequestMethodGet(args->context) == HTTP_GET && MATRIX_PATH_EQUALS(pathPart, "available")) diff --git a/src/include/Routes.h b/src/include/Routes.h index 05ecbcc..eba3a00 100644 --- a/src/include/Routes.h +++ b/src/include/Routes.h @@ -60,8 +60,10 @@ typedef struct RouteArgs ROUTE(RouteMainPage); /* / */ ROUTE(RouteWellKnown); /* /.well-known */ ROUTE(RouteMatrix); /* /_matrix */ + ROUTE(RouteLogin); /* /_matrix/client/(r0|v3)/login */ ROUTE(RouteRegister); /* /_matrix/client/(r0|v3)/register */ +ROUTE(RouteRefresh); /* /_matrix/client/(r0|v3)/refresh */ #undef ROUTE