session-desktop/ts/session/apis/open_group_api/opengroupV2/ApiAuth.ts

import { getV2OpenGroupRoomByRoomId, saveV2OpenGroupRoom } from '../../../../data/opengroups';
import { callUtilsWorker } from '../../../../webworker/workers/util_worker_interface';
import { allowOnlyOneAtATime } from '../../../utils/Promise';
import { toHex } from '../../../utils/String';
import { getIdentityKeyPair, getOurPubKeyStrFromCache } from '../../../utils/User';
import { OpenGroupRequestCommonType, OpenGroupV2Request } from './ApiUtil';
import { sendApiV2Request } from './OpenGroupAPIV2';
import { parseStatusCodeFromOnionRequest } from './OpenGroupAPIV2Parser';

async function claimAuthToken(
  authToken: string,
  serverUrl: string,
  roomId: string
): Promise<string | null> {
  // Set explicitly here because is isn't in the database yet at this point
  const headers = { Authorization: authToken };
  const request: OpenGroupV2Request = {
    method: 'POST',
    headers,
    room: roomId,
    server: serverUrl,
    queryParams: { public_key: getOurPubKeyStrFromCache() },
    isAuthRequired: false,
    endpoint: 'claim_auth_token',
  };
  const result = await sendApiV2Request(request);
  const statusCode = parseStatusCodeFromOnionRequest(result);
  if (statusCode !== 200) {
    window?.log?.warn(`Could not claim token, status code: ${statusCode}`);
    return null;
  }
  return authToken;
}

async function oneAtATimeGetAuth({ serverUrl, roomId }: OpenGroupRequestCommonType) {
  return allowOnlyOneAtATime(`getAuthToken${serverUrl}:${roomId}`, async () => {
    try {
      // first try to fetch from db a saved token.
      const roomDetails = await getV2OpenGroupRoomByRoomId({ serverUrl, roomId });
      if (!roomDetails) {
        window?.log?.warn('getAuthToken Room does not exist.');
        return null;
      }

      if (roomDetails?.token) {
        return roomDetails.token;
      }

      window?.log?.info(
        `Triggering getAuthToken with serverUrl:'${serverUrl}'; roomId: '${roomId}'`
      );
      const token = await requestNewAuthToken({ serverUrl, roomId });

      if (!token) {
        window?.log?.warn('invalid new auth token', token);
        return;
      }

      window?.log?.info(`Got AuthToken for serverUrl:'${serverUrl}'; roomId: '${roomId}'`);
      const claimedToken = await claimAuthToken(token, serverUrl, roomId);

      if (!claimedToken) {
        window?.log?.warn('Failed to claim token', claimedToken);
      } else {
        window?.log?.info(`Claimed AuthToken for serverUrl:'${serverUrl}'; roomId: '${roomId}'`);
      }
      // still save it to the db. just to mark it as to be refreshed later
      roomDetails.token = claimedToken || '';
      await saveV2OpenGroupRoom(roomDetails);

      window?.log?.info(`AuthToken saved to DB for serverUrl:'${serverUrl}'; roomId: '${roomId}'`);

      return claimedToken;
    } catch (e) {
      window?.log?.error('Failed to getAuthToken', e);
      throw e;
    }
  });
}

export async function getAuthToken({
  serverUrl,
  roomId,
}: OpenGroupRequestCommonType): Promise<string | null> {
  return oneAtATimeGetAuth({ roomId, serverUrl });
}

// tslint:disable: member-ordering
export async function requestNewAuthToken({
  serverUrl,
  roomId,
}: OpenGroupRequestCommonType): Promise<string | null> {
  const userKeyPair = await getIdentityKeyPair();
  if (!userKeyPair) {
    throw new Error('Failed to fetch user keypair');
  }

  const ourPubkey = getOurPubKeyStrFromCache();
  const parameters = {} as Record<string, string>;
  parameters.public_key = ourPubkey;
  const request: OpenGroupV2Request = {
    method: 'GET',
    room: roomId,
    server: serverUrl,
    queryParams: parameters,
    isAuthRequired: false,
    endpoint: 'auth_token_challenge',
  };
  const json = (await sendApiV2Request(request)) as any;
  // parse the json
  if (!json || !json?.result?.challenge) {
    window?.log?.warn('Parsing failed');
    return null;
  }
  const {
    ciphertext: base64EncodedCiphertext,
    ephemeral_public_key: base64EncodedEphemeralPublicKey,
  } = json?.result?.challenge;

  if (!base64EncodedCiphertext || !base64EncodedEphemeralPublicKey) {
    window?.log?.warn('Parsing failed');
    return null;
  }
  const ciphertext = (await callUtilsWorker(
    'fromBase64ToArrayBuffer',
    base64EncodedCiphertext
  )) as ArrayBuffer;
  const ephemeralPublicKey = (await callUtilsWorker(
    'fromBase64ToArrayBuffer',
    base64EncodedEphemeralPublicKey
  )) as ArrayBuffer;
  try {
    const symmetricKey = (await callUtilsWorker(
      'deriveSymmetricKey',
      new Uint8Array(ephemeralPublicKey),
      new Uint8Array(userKeyPair.privKey)
    )) as ArrayBuffer;

    const plaintextBuffer = await callUtilsWorker(
      'DecryptAESGCM',
      new Uint8Array(symmetricKey),
      new Uint8Array(ciphertext)
    );

    const token = toHex(plaintextBuffer);

    return token;
  } catch (e) {
    window?.log?.error('Failed to decrypt token open group v2');
    return null;
  }
}
refactor most of the components to outside of their Session folder (#2072) * refactor most of the components to outside of their Session folder * finish moving overlay and memberListItem to react hook * fix bug with kicked member len >2 not being displayed also sort admins first in UpdateGroupMembers dialog * fix admin leaving text of groupNotification * add a useFocusMount hook to focus input fields on mount * make click avatar convo item open only user dialog * cleanup config default.json * make sure to use convoController to build sync message * disable showing pubkey on opengroups * add a pause on audio playback Fixes #2079 3 years ago			`import { getV2OpenGroupRoomByRoomId, saveV2OpenGroupRoom } from '../../../../data/opengroups';`
mostly working but need to improve perfs 3 years ago			`import { callUtilsWorker } from '../../../../webworker/workers/util_worker_interface';`
refactor most of the components to outside of their Session folder (#2072) * refactor most of the components to outside of their Session folder * finish moving overlay and memberListItem to react hook * fix bug with kicked member len >2 not being displayed also sort admins first in UpdateGroupMembers dialog * fix admin leaving text of groupNotification * add a useFocusMount hook to focus input fields on mount * make click avatar convo item open only user dialog * cleanup config default.json * make sure to use convoController to build sync message * disable showing pubkey on opengroups * add a pause on audio playback Fixes #2079 3 years ago			`import { allowOnlyOneAtATime } from '../../../utils/Promise';`
			`import { toHex } from '../../../utils/String';`
			`import { getIdentityKeyPair, getOurPubKeyStrFromCache } from '../../../utils/User';`
allow fileserverv2 attachments to be downloaded, upload disabled 4 years ago			`import { OpenGroupRequestCommonType, OpenGroupV2Request } from './ApiUtil';`
			`import { sendApiV2Request } from './OpenGroupAPIV2';`
			`import { parseStatusCodeFromOnionRequest } from './OpenGroupAPIV2Parser';`

			`async function claimAuthToken(`
			`authToken: string,`
			`serverUrl: string,`
			`roomId: string`
			`): Promise<string \| null> {`
			`// Set explicitly here because is isn't in the database yet at this point`
			`const headers = { Authorization: authToken };`
			`const request: OpenGroupV2Request = {`
			`method: 'POST',`
			`headers,`
			`room: roomId,`
			`server: serverUrl,`
			`queryParams: { public_key: getOurPubKeyStrFromCache() },`
			`isAuthRequired: false,`
			`endpoint: 'claim_auth_token',`
			`};`
			`const result = await sendApiV2Request(request);`
			`const statusCode = parseStatusCodeFromOnionRequest(result);`
			`if (statusCode !== 200) {`
add some test for partial path rebuilding 4 years ago			window?.log?.warn(`Could not claim token, status code: ${statusCode}`);
allow fileserverv2 attachments to be downloaded, upload disabled 4 years ago			`return null;`
			`}`
			`return authToken;`
			`}`

fix slow app while removing v1 convoss 4 years ago			`async function oneAtATimeGetAuth({ serverUrl, roomId }: OpenGroupRequestCommonType) {`
WIP 4 years ago			return allowOnlyOneAtATime(`getAuthToken${serverUrl}:${roomId}`, async () => {
allow fileserverv2 attachments to be downloaded, upload disabled 4 years ago			`try {`
fix slow app while removing v1 convoss 4 years ago			`// first try to fetch from db a saved token.`
			`const roomDetails = await getV2OpenGroupRoomByRoomId({ serverUrl, roomId });`
			`if (!roomDetails) {`
			`window?.log?.warn('getAuthToken Room does not exist.');`
			`return null;`
			`}`

			`if (roomDetails?.token) {`
			`return roomDetails.token;`
			`}`

add some logs when fetching a new token opengroupv2 4 years ago			`window?.log?.info(`
add some logs to opengroup retry 4 years ago			`Triggering getAuthToken with serverUrl:'${serverUrl}'; roomId: '${roomId}'`
add some logs when fetching a new token opengroupv2 4 years ago			`);`
allow fileserverv2 attachments to be downloaded, upload disabled 4 years ago			`const token = await requestNewAuthToken({ serverUrl, roomId });`
fix slow app while removing v1 convoss 4 years ago
allow fileserverv2 attachments to be downloaded, upload disabled 4 years ago			`if (!token) {`
add some test for partial path rebuilding 4 years ago			`window?.log?.warn('invalid new auth token', token);`
allow fileserverv2 attachments to be downloaded, upload disabled 4 years ago			`return;`
			`}`
WIP 4 years ago
add some logs to opengroup retry 4 years ago			window?.log?.info(`Got AuthToken for serverUrl:'${serverUrl}'; roomId: '${roomId}'`);
allow fileserverv2 attachments to be downloaded, upload disabled 4 years ago			`const claimedToken = await claimAuthToken(token, serverUrl, roomId);`
fix slow app while removing v1 convoss 4 years ago
allow fileserverv2 attachments to be downloaded, upload disabled 4 years ago			`if (!claimedToken) {`
add some logs when fetching a new token opengroupv2 4 years ago			`window?.log?.warn('Failed to claim token', claimedToken);`
			`} else {`
add some logs to opengroup retry 4 years ago			window?.log?.info(`Claimed AuthToken for serverUrl:'${serverUrl}'; roomId: '${roomId}'`);
allow fileserverv2 attachments to be downloaded, upload disabled 4 years ago			`}`
			`// still save it to the db. just to mark it as to be refreshed later`
			`roomDetails.token = claimedToken \|\| '';`
			`await saveV2OpenGroupRoom(roomDetails);`
WIP 4 years ago
add some logs to opengroup retry 4 years ago			window?.log?.info(`AuthToken saved to DB for serverUrl:'${serverUrl}'; roomId: '${roomId}'`);
fix slow app while removing v1 convoss 4 years ago
WIP 4 years ago			`return claimedToken;`
allow fileserverv2 attachments to be downloaded, upload disabled 4 years ago			`} catch (e) {`
add some test for partial path rebuilding 4 years ago			`window?.log?.error('Failed to getAuthToken', e);`
allow fileserverv2 attachments to be downloaded, upload disabled 4 years ago			`throw e;`
			`}`
			`});`
WIP 4 years ago			`}`

			`export async function getAuthToken({`
			`serverUrl,`
			`roomId,`
			`}: OpenGroupRequestCommonType): Promise<string \| null> {`
fix slow app while removing v1 convoss 4 years ago			`return oneAtATimeGetAuth({ roomId, serverUrl });`
allow fileserverv2 attachments to be downloaded, upload disabled 4 years ago			`}`

			`// tslint:disable: member-ordering`
			`export async function requestNewAuthToken({`
			`serverUrl,`
			`roomId,`
			`}: OpenGroupRequestCommonType): Promise<string \| null> {`
			`const userKeyPair = await getIdentityKeyPair();`
			`if (!userKeyPair) {`
			`throw new Error('Failed to fetch user keypair');`
			`}`

			`const ourPubkey = getOurPubKeyStrFromCache();`
			`const parameters = {} as Record<string, string>;`
			`parameters.public_key = ourPubkey;`
			`const request: OpenGroupV2Request = {`
			`method: 'GET',`
			`room: roomId,`
			`server: serverUrl,`
			`queryParams: parameters,`
			`isAuthRequired: false,`
			`endpoint: 'auth_token_challenge',`
			`};`
			`const json = (await sendApiV2Request(request)) as any;`
			`// parse the json`
			`if (!json \|\| !json?.result?.challenge) {`
add some test for partial path rebuilding 4 years ago			`window?.log?.warn('Parsing failed');`
allow fileserverv2 attachments to be downloaded, upload disabled 4 years ago			`return null;`
			`}`
			`const {`
			`ciphertext: base64EncodedCiphertext,`
			`ephemeral_public_key: base64EncodedEphemeralPublicKey,`
			`} = json?.result?.challenge;`

			`if (!base64EncodedCiphertext \|\| !base64EncodedEphemeralPublicKey) {`
add some test for partial path rebuilding 4 years ago			`window?.log?.warn('Parsing failed');`
allow fileserverv2 attachments to be downloaded, upload disabled 4 years ago			`return null;`
			`}`
mostly working but need to improve perfs 3 years ago			`const ciphertext = (await callUtilsWorker(`
move libloki to webworker and remove unused stuff in it 4 years ago			`'fromBase64ToArrayBuffer',`
			`base64EncodedCiphertext`
			`)) as ArrayBuffer;`
mostly working but need to improve perfs 3 years ago			`const ephemeralPublicKey = (await callUtilsWorker(`
WIP 4 years ago			`'fromBase64ToArrayBuffer',`
			`base64EncodedEphemeralPublicKey`
move libloki to webworker and remove unused stuff in it 4 years ago			`)) as ArrayBuffer;`
allow fileserverv2 attachments to be downloaded, upload disabled 4 years ago			`try {`
mostly working but need to improve perfs 3 years ago			`const symmetricKey = (await callUtilsWorker(`
move libloki to webworker and remove unused stuff in it 4 years ago			`'deriveSymmetricKey',`
			`new Uint8Array(ephemeralPublicKey),`
			`new Uint8Array(userKeyPair.privKey)`
			`)) as ArrayBuffer;`

mostly working but need to improve perfs 3 years ago			`const plaintextBuffer = await callUtilsWorker(`
move libloki to webworker and remove unused stuff in it 4 years ago			`'DecryptAESGCM',`
			`new Uint8Array(symmetricKey),`
			`new Uint8Array(ciphertext)`
allow fileserverv2 attachments to be downloaded, upload disabled 4 years ago			`);`

			`const token = toHex(plaintextBuffer);`

			`return token;`
			`} catch (e) {`
add some test for partial path rebuilding 4 years ago			`window?.log?.error('Failed to decrypt token open group v2');`
allow fileserverv2 attachments to be downloaded, upload disabled 4 years ago			`return null;`
			`}`
			`}`