Merge pull request #92 from loki-project/security

Don't Include an Auth Token with Encrypted File Uploads

Pods

@@ -1 +1 @@
-Subproject commit 9aa5aae61fd7223a84239fc521184396aa3bedb7
+Subproject commit edac100a2bda084edbba3291b080615aa26e5948

Signal/Signal-Info.plist

@@ -76,6 +76,13 @@
 				<key>NSIncludesSubdomains</key>
 				<true/>
 			</dict>
+			<key>file-dev.lokinet.org</key>
+			<dict>
+				<key>NSExceptionAllowsInsecureHTTPLoads</key>
+				<true/>
+				<key>NSIncludesSubdomains</key>
+				<true/>
+			</dict>
 			<key>imaginary.stream</key>
 			<dict>
 				<key>NSExceptionAllowsInsecureHTTPLoads</key>

Signal/src/AppDelegate.m

@@ -777,7 +777,7 @@ static NSTimeInterval launchStartedAt;
             [self startLongPollerIfNeeded];
 
             // Loki: Get device links
-            [LKStorageAPI getDeviceLinksAssociatedWith:self.tsAccountManager.localNumber];
+            [LKFileServerAPI getDeviceLinksAssociatedWith:self.tsAccountManager.localNumber];
             
             if (![UIApplication sharedApplication].isRegisteredForRemoteNotifications) {
                 OWSLogInfo(@"Retrying to register for remote notifications since user hasn't registered yet.");
@@ -1448,7 +1448,7 @@ static NSTimeInterval launchStartedAt;
         [self startLongPollerIfNeeded];
 
         // Loki: Get device links
-        [LKStorageAPI getDeviceLinksAssociatedWith:self.tsAccountManager.localNumber];
+        [LKFileServerAPI getDeviceLinksAssociatedWith:self.tsAccountManager.localNumber];
     }
 }
 

Signal/src/Loki/View Controllers/DeviceLinkingModal.swift

@@ -175,7 +175,7 @@ final class DeviceLinkingModal : Modal, DeviceLinkingSessionDelegate {
         dismiss(animated: true, completion: nil)
         let master = DeviceLink.Device(hexEncodedPublicKey: deviceLink.master.hexEncodedPublicKey, signature: linkingAuthorizationMessage.masterSignature)
         let signedDeviceLink = DeviceLink(between: master, and: deviceLink.slave)
-        LokiStorageAPI.addDeviceLink(signedDeviceLink).done {
+        LokiFileServerAPI.addDeviceLink(signedDeviceLink).done {
             self.delegate?.handleDeviceLinkAuthorized(signedDeviceLink) // Intentionally capture self strongly
         }.catch { error in
             print("[Loki] Failed to add device link due to error: \(error).")
@@ -191,7 +191,7 @@ final class DeviceLinkingModal : Modal, DeviceLinkingSessionDelegate {
         subtitleLabel.text = NSLocalizedString("Your device has been linked successfully", comment: "")
         mnemonicLabel.isHidden = true
         buttonStackView.isHidden = true
-        LokiStorageAPI.addDeviceLink(deviceLink).catch { error in
+        LokiFileServerAPI.addDeviceLink(deviceLink).catch { error in
             print("[Loki] Failed to add device link due to error: \(error).")
         }
         Timer.scheduledTimer(withTimeInterval: 2, repeats: false) { _ in

Signal/src/Loki/View Controllers/DeviceLinksVC.swift

@@ -152,7 +152,7 @@ final class DeviceLinksVC : UIViewController, UITableViewDataSource, UITableView
     }
     
     private func removeDeviceLink(_ deviceLink: DeviceLink) {
-        LokiStorageAPI.removeDeviceLink(deviceLink).done { [weak self] in
+        LokiFileServerAPI.removeDeviceLink(deviceLink).done { [weak self] in
             let linkedDeviceHexEncodedPublicKey = deviceLink.other.hexEncodedPublicKey
             guard let thread = TSContactThread.fetch(uniqueId: TSContactThread.threadId(fromContactId: linkedDeviceHexEncodedPublicKey)) else { return }
             let unlinkDeviceMessage = UnlinkDeviceMessage(thread: thread)!

Signal/src/Loki/View Controllers/LandingVC.swift

@@ -157,7 +157,7 @@ final class LandingVC : UIViewController, LinkDeviceVCDelegate, DeviceLinkingMod
         TSAccountManager.sharedInstance().phoneNumberAwaitingVerification = keyPair.hexEncodedPublicKey
         TSAccountManager.sharedInstance().didRegister()
         setUserInteractionEnabled(false)
-        let _ = LokiStorageAPI.getDeviceLinks(associatedWith: hexEncodedPublicKey).done(on: DispatchQueue.main) { [weak self] deviceLinks in
+        let _ = LokiFileServerAPI.getDeviceLinks(associatedWith: hexEncodedPublicKey).done(on: DispatchQueue.main) { [weak self] deviceLinks in
             guard let self = self else { return }
             defer { self.setUserInteractionEnabled(true) }
             guard deviceLinks.count < 2 else {

Signal/src/ViewControllers/ConversationView/Cells/OWSMessageCell.m

@@ -302,7 +302,7 @@ NS_ASSUME_NONNULL_BEGIN
             publicChat = [LKDatabaseUtilities getPublicChatForThreadID:self.viewItem.interaction.uniqueThreadId transaction: transaction];
         }];
         if (publicChat != nil) {
-            BOOL isModerator = [LKPublicChatAPI isUserModerator:incomingMessage.authorId forGroup:publicChat.channel onServer:publicChat.server];
+            BOOL isModerator = [LKPublicChatAPI isUserModerator:incomingMessage.authorId forChannel:publicChat.channel onServer:publicChat.server];
             UIImage *moderatorIcon = [UIImage imageNamed:@"Crown"];
             self.moderatorIconImageView.image = moderatorIcon;
             self.moderatorIconImageView.hidden = !isModerator;

Signal/src/ViewControllers/ConversationView/ConversationViewItem.m

@@ -1271,7 +1271,7 @@ NSString *NSStringForOWSMessageCellType(OWSMessageCellType cellType)
     
     if (interationType == OWSInteractionType_IncomingMessage) {
         // Only allow deletion on incoming messages if the user has moderation permission
-        return [LKPublicChatAPI isUserModerator:self.userHexEncodedPublicKey forGroup:publicChat.channel onServer:publicChat.server];
+        return [LKPublicChatAPI isUserModerator:self.userHexEncodedPublicKey forChannel:publicChat.channel onServer:publicChat.server];
     }
     
     // Only allow deletion on outgoing messages if the user was the sender (i.e. it was not sent from another linked device)

SignalMessaging/profiles/OWSProfileManager.m

@@ -411,7 +411,7 @@ typedef void (^ProfileManagerFailureBlock)(NSError *error);
             NSData *encryptedAvatarData = [self encryptProfileData:avatarData profileKey:newProfileKey];
             OWSAssertDebug(encryptedAvatarData.length > 0);
             
-            [[LKStorageAPI setProfilePicture:encryptedAvatarData]
+            [[LKFileServerAPI setProfilePicture:encryptedAvatarData]
             .thenOn(dispatch_get_main_queue(), ^(NSString *url) {
                 [self.localUserProfile updateWithProfileKey:newProfileKey dbConnection:self.dbConnection completion:^{
                    successBlock(url);

SignalServiceKit/src/Loki/API/LokiAPI.swift

@@ -132,7 +132,7 @@ public final class LokiAPI : NSObject {
         if timeSinceLastUpdate > deviceLinkUpdateInterval {
             storage.dbReadConnection.read { transaction in
                 let masterHexEncodedPublicKey = storage.getMasterHexEncodedPublicKey(for: hexEncodedPublicKey, in: transaction) ?? hexEncodedPublicKey
-                LokiStorageAPI.getDeviceLinks(associatedWith: masterHexEncodedPublicKey).done(on: DispatchQueue.global()) { _ in
+                LokiFileServerAPI.getDeviceLinks(associatedWith: masterHexEncodedPublicKey).done(on: DispatchQueue.global()) { _ in
                     getDestinations()
                     lastDeviceLinkUpdate[hexEncodedPublicKey] = Date()
                 }.catch(on: DispatchQueue.global()) { error in

SignalServiceKit/src/Loki/API/LokiDotNetAPI.swift

@@ -1,6 +1,6 @@
 import PromiseKit
 
-/// Base class for `LokiStorageAPI` and `LokiPublicChatAPI`.
+/// Base class for `LokiFileServerAPI` and `LokiPublicChatAPI`.
 public class LokiDotNetAPI : NSObject {
 
     // MARK: Convenience
@@ -39,12 +39,13 @@ public class LokiDotNetAPI : NSObject {
 
     // MARK: Attachments (Public API)
     public static func uploadAttachment(_ attachment: TSAttachmentStream, with attachmentID: String, to server: String) -> Promise<Void> {
-        let isEncryptionRequired = (server == LokiStorageAPI.server)
+        let isEncryptionRequired = (server == LokiFileServerAPI.server)
         return Promise<Void>() { seal in
-            getAuthToken(for: server).done(on: DispatchQueue.global()) { token in
+            func proceed(with token: String) {
+                // Get the attachment
                 let data: Data
                 guard let unencryptedAttachmentData = try? attachment.readDataFromFile() else {
-                    print("[Loki] Couldn't read attachment data from disk.")
+                    print("[Loki] Couldn't read attachment from disk.")
                     return seal.reject(Error.generic)
                 }
                 // Encrypt the attachment if needed
@@ -71,7 +72,7 @@ public class LokiDotNetAPI : NSObject {
                 request.addValue("Bearer \(token)", forHTTPHeaderField: "Authorization")
                 if let error = error {
                     print("[Loki] Couldn't upload attachment due to error: \(error).")
-                    throw error
+                    return seal.reject(error)
                 }
                 // Send the request
                 func parseResponse(_ response: Any) {
@@ -87,7 +88,7 @@ public class LokiDotNetAPI : NSObject {
                     attachment.save()
                     seal.fulfill(())
                 }
-                let isProxyingRequired = (server == LokiStorageAPI.server) // Don't proxy open group requests for now
+                let isProxyingRequired = (server == LokiFileServerAPI.server) // Don't proxy open group requests for now
                 if isProxyingRequired {
                     let _ = LokiFileServerProxy(for: server).performLokiFileServerNSURLRequest(request as NSURLRequest).done { responseObject in
                         parseResponse(responseObject)
@@ -117,9 +118,16 @@ public class LokiDotNetAPI : NSObject {
                     })
                     task.resume()
                 }
-            }.catch(on: DispatchQueue.global()) { error in
-                print("[Loki] Couldn't upload attachment.")
-                seal.reject(error)
+            }
+            if server == LokiFileServerAPI.server {
+                proceed(with: "loki") // Uploads to the Loki File Server shouldn't include any personally identifiable information so use a dummy auth token
+            } else {
+                getAuthToken(for: server).done(on: DispatchQueue.global()) { token in
+                    proceed(with: token)
+                }.catch(on: DispatchQueue.global()) { error in
+                    print("[Loki] Couldn't upload attachment due to error: \(error).")
+                    seal.reject(error)
+                }
             }
         }
     }
@@ -148,7 +156,7 @@ public class LokiDotNetAPI : NSObject {
                 throw Error.parsingFailed
             }
             // Discard the "05" prefix if needed
-            if (serverPublicKey.count == 33) {
+            if serverPublicKey.count == 33 {
                 let hexEncodedServerPublicKey = serverPublicKey.toHexString()
                 serverPublicKey = Data.data(fromHex: hexEncodedServerPublicKey.substring(from: 2))!
             }

SignalServiceKit/src/Loki/API/LokiFileServerAPI.swift

@@ -1,14 +1,14 @@
 import PromiseKit
 
-@objc(LKStorageAPI)
-public final class LokiStorageAPI : LokiDotNetAPI {
+@objc(LKFileServerAPI)
+public final class LokiFileServerAPI : LokiDotNetAPI {
 
     // MARK: Settings
-//    #if DEBUG
-//    private static let server = "http://file-dev.lokinet.org"
-//    #else
+    #if DEBUG
+    @objc public static let server = "http://file-dev.lokinet.org"
+    #else
     @objc public static let server = "https://file.getsession.org"
-//    #endif
+    #endif
     private static let deviceLinkType = "network.loki.messenger.devicemapping"
     private static let attachmentType = "net.app.core.oembed"
 
@@ -168,7 +168,7 @@ public final class LokiStorageAPI : LokiDotNetAPI {
                 })
                 task.resume()
             }.catch { error in
-                print("[Loki] Couldn't upload profile picture.")
+                print("[Loki] Couldn't upload profile picture due to error: \(error).")
                 seal.reject(error)
             }
         }

SignalServiceKit/src/Loki/API/LokiFileServerProxy.swift

@@ -37,7 +37,7 @@ internal class LokiFileServerProxy : LokiHTTPClient {
 
     // MARK: Proxying
     override internal func perform(_ request: TSRequest, withCompletionQueue queue: DispatchQueue = DispatchQueue.main) -> LokiAPI.RawResponsePromise {
-        let isLokiFileServer = (server == LokiStorageAPI.server)
+        let isLokiFileServer = (server == LokiFileServerAPI.server)
         guard isLokiFileServer else { return super.perform(request, withCompletionQueue: queue) } // Don't proxy open group requests for now
         return performLokiFileServerNSURLRequest(request, withCompletionQueue: queue)
     }

SignalServiceKit/src/Loki/API/LokiRSSFeedProxy.swift

@@ -13,7 +13,7 @@ public enum LokiRSSFeedProxy {
     }
 
     public static func fetchContent(for url: String) -> Promise<String> {
-        let server = LokiStorageAPI.server
+        let server = LokiFileServerAPI.server
         let endpoints = [ "messenger-updates/feed" : "loki/v1/rss/messenger", "loki.network/feed" : "loki/v1/rss/loki" ]
         let endpoint = endpoints.first { url.lowercased().contains($0.key) }!.value
         let url = URL(string: server + "/" + endpoint)!

SignalServiceKit/src/Loki/API/Public Chat/LokiPublicChatAPI.swift

@@ -12,13 +12,10 @@ public final class LokiPublicChatAPI : LokiDotNetAPI {
     // MARK: Public Chat
     private static let channelInfoType = "net.patter-app.settings"
     private static let attachmentType = "net.app.core.oembed"
-    public static let avatarType = "network.loki.messenger.avatar"
+    public static let profilePictureType = "network.loki.messenger.avatar"
     @objc public static let publicChatMessageType = "network.loki.messenger.publicChat"
     
-    @objc public static let defaultChats: [LokiPublicChat] = {
-        var result: [LokiPublicChat] = []
-        return result
-    }()
+    @objc public static let defaultChats: [LokiPublicChat] = [] // Currently unused
     
     // MARK: Convenience
     private static var userDisplayName: String {
@@ -70,6 +67,11 @@ public final class LokiPublicChatAPI : LokiDotNetAPI {
         }
     }
     
+    public static func clearCaches(for channel: UInt64, on server: String) {
+        removeLastMessageServerID(for: channel, on: server)
+        removeLastDeletionServerID(for: channel, on: server)
+    }
+    
     // MARK: Public API
     public static func getMessages(for channel: UInt64, on server: String) -> Promise<[LokiPublicChatMessage]> {
         var queryParameters = "include_annotations=1"
@@ -97,23 +99,26 @@ public final class LokiPublicChatAPI : LokiDotNetAPI {
                 }
                 var avatar: LokiPublicChatMessage.Avatar? = nil
                 let displayName = user["name"] as? String ?? NSLocalizedString("Anonymous", comment: "")
-                if let userAnnotations = user["annotations"] as? [JSON], let avatarAnnotation = userAnnotations.first(where: { $0["type"] as? String == avatarType }),
+                if let userAnnotations = user["annotations"] as? [JSON], let avatarAnnotation = userAnnotations.first(where: { $0["type"] as? String == profilePictureType }),
                     let avatarValue = avatarAnnotation["value"] as? JSON, let profileKeyString = avatarValue["profileKey"] as? String, let profileKey = Data(base64Encoded: profileKeyString), let url = avatarValue["url"] as? String {
                     avatar = LokiPublicChatMessage.Avatar(profileKey: profileKey, url: url)
                 }
                 let lastMessageServerID = getLastMessageServerID(for: channel, on: server)
                 if serverID > (lastMessageServerID ?? 0) { setLastMessageServerID(for: channel, on: server, to: serverID) }
                 let quote: LokiPublicChatMessage.Quote?
-                if let quoteAsJSON = value["quote"] as? JSON, let quotedMessageTimestamp = quoteAsJSON["id"] as? UInt64, let quoteeHexEncodedPublicKey = quoteAsJSON["author"] as? String, let quotedMessageBody = quoteAsJSON["text"] as? String {
+                if let quoteAsJSON = value["quote"] as? JSON, let quotedMessageTimestamp = quoteAsJSON["id"] as? UInt64, let quoteeHexEncodedPublicKey = quoteAsJSON["author"] as? String,
+                    let quotedMessageBody = quoteAsJSON["text"] as? String {
                     let quotedMessageServerID = message["reply_to"] as? UInt64
-                    quote = LokiPublicChatMessage.Quote(quotedMessageTimestamp: quotedMessageTimestamp, quoteeHexEncodedPublicKey: quoteeHexEncodedPublicKey, quotedMessageBody: quotedMessageBody, quotedMessageServerID: quotedMessageServerID)
+                    quote = LokiPublicChatMessage.Quote(quotedMessageTimestamp: quotedMessageTimestamp, quoteeHexEncodedPublicKey: quoteeHexEncodedPublicKey, quotedMessageBody: quotedMessageBody,
+                        quotedMessageServerID: quotedMessageServerID)
                 } else {
                     quote = nil
                 }
                 let signature = LokiPublicChatMessage.Signature(data: Data(hex: hexEncodedSignatureData), version: signatureVersion)
                 let attachmentsAsJSON = annotations.filter { $0["type"] as? String == attachmentType }
                 let attachments: [LokiPublicChatMessage.Attachment] = attachmentsAsJSON.compactMap { attachmentAsJSON in
-                    guard let value = attachmentAsJSON["value"] as? JSON, let kindAsString = value["lokiType"] as? String, let kind = LokiPublicChatMessage.Attachment.Kind(rawValue: kindAsString), let serverID = value["id"] as? UInt64, let contentType = value["contentType"] as? String, let size = value["size"] as? UInt, let url = value["url"] as? String else { return nil }
+                    guard let value = attachmentAsJSON["value"] as? JSON, let kindAsString = value["lokiType"] as? String, let kind = LokiPublicChatMessage.Attachment.Kind(rawValue: kindAsString),
+                        let serverID = value["id"] as? UInt64, let contentType = value["contentType"] as? String, let size = value["size"] as? UInt, let url = value["url"] as? String else { return nil }
                     let fileName = value["fileName"] as? String ?? UUID().description
                     let width = value["width"] as? UInt ?? 0
                     let height = value["height"] as? UInt ?? 0
@@ -127,9 +132,11 @@ public final class LokiPublicChatAPI : LokiDotNetAPI {
                             return nil
                         }
                     }
-                    return LokiPublicChatMessage.Attachment(kind: kind, server: server, serverID: serverID, contentType: contentType, size: size, fileName: fileName, flags: flags, width: width, height: height, caption: caption, url: url, linkPreviewURL: linkPreviewURL, linkPreviewTitle: linkPreviewTitle)
+                    return LokiPublicChatMessage.Attachment(kind: kind, server: server, serverID: serverID, contentType: contentType, size: size, fileName: fileName, flags: flags,
+                        width: width, height: height, caption: caption, url: url, linkPreviewURL: linkPreviewURL, linkPreviewTitle: linkPreviewTitle)
                 }
-                let result = LokiPublicChatMessage(serverID: serverID, hexEncodedPublicKey: hexEncodedPublicKey, displayName: displayName, avatar: avatar, body: body, type: publicChatMessageType, timestamp: timestamp, quote: quote, attachments: attachments, signature: signature)
+                let result = LokiPublicChatMessage(serverID: serverID, hexEncodedPublicKey: hexEncodedPublicKey, displayName: displayName, avatar: avatar,
+                    body: body, type: publicChatMessageType, timestamp: timestamp, quote: quote, attachments: attachments, signature: signature)
                 guard result.hasValidSignature() else {
                     print("[Loki] Ignoring public chat message with invalid signature.")
                     return nil
@@ -260,7 +267,7 @@ public final class LokiPublicChatAPI : LokiDotNetAPI {
     
     public static func getUserCount(for channel: UInt64, on server: String) -> Promise<Int> {
         return getAuthToken(for: server).then(on: DispatchQueue.global()) { token -> Promise<Int> in
-            let queryParameters = "count=2500"
+            let queryParameters = "count=200"
             let url = URL(string: "\(server)/channels/\(channel)/subscribers?\(queryParameters)")!
             let request = TSRequest(url: url)
             request.allHTTPHeaderFields = [ "Content-Type" : "application/json", "Authorization" : "Bearer \(token)" ]
@@ -306,7 +313,7 @@ public final class LokiPublicChatAPI : LokiDotNetAPI {
         }
     }
     
-    @objc (isUserModerator:forGroup:onServer:)
+    @objc(isUserModerator:forChannel:onServer:)
     public static func isUserModerator(_ hexEncodedPublicString: String, for channel: UInt64, on server: String) -> Bool {
         return moderators[server]?[channel]?.contains(hexEncodedPublicString) ?? false
     }
@@ -322,13 +329,13 @@ public final class LokiPublicChatAPI : LokiDotNetAPI {
                 print("Couldn't update display name due to error: \(error).")
                 throw error
             }
-        }.retryingIfNeeded(maxRetryCount: 3)
+        }.retryingIfNeeded(maxRetryCount: maxRetryCount)
     }
     
     public static func setProfilePictureURL(to url: String?, using profileKey: Data, on server: String) -> Promise<Void> {
         print("[Loki] Updating profile picture on server: \(server).")
         return getAuthToken(for: server).then(on: DispatchQueue.global()) { token -> Promise<Void> in
-            var annotation: JSON = [ "type" : avatarType ]
+            var annotation: JSON = [ "type" : profilePictureType ]
             if let url = url {
                 annotation["value"] = [ "profileKey" : profileKey.base64EncodedString(), "url" : url ]
             }
@@ -340,7 +347,7 @@ public final class LokiPublicChatAPI : LokiDotNetAPI {
                 print("[Loki] Couldn't update profile picture due to error: \(error).")
                 throw error
             }
-        }.retryingIfNeeded(maxRetryCount: 3)
+        }.retryingIfNeeded(maxRetryCount: maxRetryCount)
     }
     
     public static func getInfo(for channel: UInt64, on server: String) -> Promise<LokiPublicChatInfo> {
@@ -366,11 +373,6 @@ public final class LokiPublicChatAPI : LokiDotNetAPI {
         return LokiFileServerProxy(for: server).perform(request).map { _ in }
     }
     
-    @objc public static func clearCaches(for channel: UInt64, on server: String) {
-        removeLastMessageServerID(for: channel, on: server)
-        removeLastDeletionServerID(for: channel, on: server)
-    }
-    
     // MARK: Public API (Obj-C)
     @objc(getMessagesForGroup:onServer:)
     public static func objc_getMessages(for group: UInt64, on server: String) -> AnyPromise {

SignalServiceKit/src/Loki/API/Public Chat/LokiPublicChatPoller.swift

@@ -192,7 +192,7 @@ public final class LokiPublicChatPoller : NSObject {
             if !hexEncodedPublicKeysToUpdate.isEmpty {
                 let storage = OWSPrimaryStorage.shared()
                 storage.dbReadConnection.read { transaction in
-                    LokiStorageAPI.getDeviceLinks(associatedWith: hexEncodedPublicKeysToUpdate).done(on: DispatchQueue.global()) { _ in
+                    LokiFileServerAPI.getDeviceLinks(associatedWith: hexEncodedPublicKeysToUpdate).done(on: DispatchQueue.global()) { _ in
                         proceed()
                         hexEncodedPublicKeysToUpdate.forEach {
                             LokiAPI.lastDeviceLinkUpdate[$0] = Date()

SignalServiceKit/src/Messages/OWSMessageManager.m

@@ -1249,7 +1249,7 @@ NS_ASSUME_NONNULL_BEGIN
     }]) {
         return;
     }
-    [LKStorageAPI getDeviceLinksAssociatedWith:userHexEncodedPublicKey].thenOn(dispatch_get_main_queue(), ^(NSSet<LKDeviceLink *> *deviceLinks) {
+    [LKFileServerAPI getDeviceLinksAssociatedWith:userHexEncodedPublicKey].thenOn(dispatch_get_main_queue(), ^(NSSet<LKDeviceLink *> *deviceLinks) {
         if ([deviceLinks contains:^BOOL(LKDeviceLink *deviceLink) {
             return [deviceLink.master.hexEncodedPublicKey isEqual:senderHexEncodedPublicKey] && [deviceLink.slave.hexEncodedPublicKey isEqual:userHexEncodedPublicKey];
         }]) {

SignalServiceKit/src/Messages/OWSMessageSender.m

@@ -484,9 +484,6 @@ NSString *const OWSMessageSenderRateLimitedException = @"RateLimitedException";
             });
         }
         failure:^(NSError *error) {
-            OWSLogError(@"Could not obtain UD sender certificate: %@", error);
-
-            // Proceed using non-UD message sends.
             dispatch_async([OWSDispatch sendingQueue], ^{
                 [self sendMessageToService:message senderCertificate:nil success:success failure:failure];
             });

SignalServiceKit/src/Network/API/OWSUploadOperation.m

@@ -65,14 +65,13 @@ static const CGFloat kAttachmentUploadProgressTheta = 0.001f;
 - (void)run
 {
     __block TSAttachmentStream *attachmentStream;
-    [self.dbConnection readWithBlock:^(YapDatabaseReadTransaction *_Nonnull transaction) {
+    [self.dbConnection readWithBlock:^(YapDatabaseReadTransaction *transaction) {
         attachmentStream = [TSAttachmentStream fetchObjectWithUniqueID:self.attachmentId transaction:transaction];
     }];
 
     if (!attachmentStream) {
-        OWSProdError([OWSAnalyticsEvents messageSenderErrorCouldNotLoadAttachment]);
         NSError *error = OWSErrorMakeFailedToSendOutgoingMessageError();
-        // Not finding local attachment is a terminal failure.
+        // Not finding a local attachment is a terminal failure
         error.isRetryable = NO;
         [self reportError:error];
         return;
@@ -90,9 +89,9 @@ static const CGFloat kAttachmentUploadProgressTheta = 0.001f;
     [self.dbConnection readWithBlock:^(YapDatabaseReadTransaction *transaction) {
         publicChat = [LKDatabaseUtilities getPublicChatForThreadID:self.threadID transaction:transaction];
     }];
-    NSString *server = (publicChat != nil) ? publicChat.server : LKStorageAPI.server;
+    NSString *server = (publicChat != nil) ? publicChat.server : LKFileServerAPI.server;
     
-    [[LKStorageAPI uploadAttachment:attachmentStream withID:self.attachmentId toServer:server]
+    [[LKFileServerAPI uploadAttachment:attachmentStream withID:self.attachmentId toServer:server]
     .thenOn(dispatch_get_main_queue(), ^() {
         [self reportSuccess];
     })

SignalShareExtension/Info.plist

@@ -26,6 +26,13 @@
 	<dict>
 		<key>NSExceptionDomains</key>
 		<dict>
+			<key>file-dev.lokinet.org</key>
+			<dict>
+				<key>NSExceptionAllowsInsecureHTTPLoads</key>
+				<true/>
+				<key>NSIncludesSubdomains</key>
+				<true/>
+			</dict>
 			<key>149.56.148.124</key>
 			<dict>
 				<key>NSExceptionAllowsInsecureHTTPLoads</key>