Matrix
/
node-red-contrib-matrix-chat-jw
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #58 from Skylar-Tech/48-key-sharing

Browse Source 
48 key sharing
e2ee-wip
Skylar Sadlier 3 years ago committed by GitHub
parent ed146e98d8 fef40f4ea9
commit 848fd0ec9d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
9 changed files with 679 additions and 2 deletions
Show Stats Download Patch File Download Diff File

4
README.md
Unescape View File

@ -48,7 +48,9 @@ You are not limited by just the nodes we have created. If you turn on global acc
View an example [here](https://github.com/Skylar-Tech/node-red-contrib-matrix-chat/tree/master/examples#use-function-node-to-run-any-command)
### End-to-End Encryption Notes
Currently, this module has no way of getting encryption keys from other devices on the same account. Therefore it is recommended you use the bot exclusively with Node-RED after it's creation. Failure to do so will lead to your bot being unable to receive messages from e2ee rooms it joined from another client. Shared secret registration makes this super easy since it returns a token and device ID.
It is recommended you use the bot exclusively with Node-RED after it's creation if using e2ee. Failure to do so will lead to your bot being unable to receive messages from e2ee rooms it joined from another client. Shared secret registration makes this super easy since it returns a token and device ID.
We now have a device verification node that will help in sharing keys (check the [examples](https://github.com/Skylar-Tech/node-red-contrib-matrix-chat/tree/master/examples#readme) for more info). This node is currently in beta and is still experimental.
This module stores a folder in your Node-RED directory called `matrix-client-storage` and is it vital that you periodically back this up if you are using e2ee. This is where the client stores all the keys necessary to decrypt messages and if lost you will lose access to e2e rooms. If you move your client to another NR install make sure to migrate this folder as well (and do not let both the old and new client run at same time).

24
examples/README.md
Unescape View File

@ -10,6 +10,8 @@ Build something cool with these nodes? Feel free to submit a pull request to sha
- [Create User with Shared Secret Registration](#create-user-with-shared-secret-registration)
- [Create/Edit Synapse User](#createedit-synapse-user)
- [Use function node to run any command](#use-function-node-to-run-any-command)
- [Start and accept device verification from specific user](#start-and-accept-device-verification-from-specific-user)
- [Request device verification & immediately accept](#request-device-verification--immediately-accept)
- [Respond to "ping" with "pong"](#respond-to-ping-with-pong)
- [Respond to "html" with an HTML message](#respond-to-html-with-an-html-message)
- [Respond to "image" with an uploaded image](#respond-to-image-with-an-uploaded-image)
@ -53,7 +55,7 @@ Allows an administrator to create or modify a user account with a specified `msg
[View JSON](custom-redact-function-node.json)
If we do not have a node for something you want to do (such as redacting events/messages) you can do this manually with a function node.
If we do not have a node for something you want to do you can do this manually with a function node. We now have a node for removing events but this is still a good example.
**Note:** You should make sure to catch any errors in your function node otherwise you could cause Node-RED to crash.
@ -61,6 +63,26 @@ To view what sort of functions you have access to check out the `client.ts` file
![custom-redact-function-node.png](custom-redact-function-node.png)
### Request device verification & immediately accept
[View JSON](request-device-verification.json)
Edit the inject node to match the details of a user & device you would like to request verification from.
After the end user starts verification the bot automatically accepts the result (note: you should be validating the result and not just blindly accepting them, this is just an example)
![add-user-with-admin-user.png](request-device-verification.png)
### Start and accept device verification from specific user
[View JSON](start-accept-verification-from-user.json)
Edit the switch node labeled "is from me" to match whatever user ID you would like to accept verification requests from.
After verification starts the bot automatically accepts the result (note: you should be validating the result and not just blindly accepting them, this is just an example)
![add-user-with-admin-user.png](start-accept-verification-from-user.png)
### Respond to "ping" with "pong"
[View JSON](respond-ping-pong.json)

92
examples/request-device-verification.json
Unescape View File

@ -0,0 +1,92 @@
[
{
"id": "9345e8c42e327dba",
"type": "matrix-device-verification",
"z": "f025a8b9fbd1b054",
"name": "",
"server": null,
"mode": "request",
"inputs": 1,
"outputs": 2,
"x": 480,
"y": 1660,
"wires": [
[
"b676082d56430aec"
],
[]
]
},
{
"id": "b676082d56430aec",
"type": "matrix-device-verification",
"z": "f025a8b9fbd1b054",
"name": "",
"server": null,
"mode": "start",
"inputs": 1,
"outputs": 1,
"x": 740,
"y": 1660,
"wires": [
[
"23a0225f2f2615a3"
]
]
},
{
"id": "23a0225f2f2615a3",
"type": "matrix-device-verification",
"z": "f025a8b9fbd1b054",
"name": "",
"server": null,
"mode": "accept",
"inputs": 1,
"outputs": 1,
"x": 970,
"y": 1660,
"wires": [
[]
]
},
{
"id": "3eced60b58c999eb",
"type": "inject",
"z": "f025a8b9fbd1b054",
"name": "",
"props": [
{
"p": "userId",
"v": "@bot:example.com",
"vt": "str"
},
{
"p": "devices",
"v": "[\"ZRRJKASJDUK\"]",
"vt": "json"
}
],
"repeat": "",
"crontab": "",
"once": false,
"onceDelay": 0.1,
"topic": "",
"x": 290,
"y": 1660,
"wires": [
[
"9345e8c42e327dba"
]
]
},
{
"id": "f58ceba2a8819c09",
"type": "comment",
"z": "f025a8b9fbd1b054",
"name": "Request verification from a specific userId and device",
"info": "",
"x": 440,
"y": 1620,
"wires": []
}
]

BIN
examples/request-device-verification.png
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 17 KiB

86
examples/start-accept-verification-from-user.json
Unescape View File

@ -0,0 +1,86 @@
[
{
"id": "5073ca88b21abfb4",
"type": "matrix-device-verification",
"z": "f025a8b9fbd1b054",
"name": "",
"server": null,
"mode": "receive",
"inputs": 0,
"outputs": 1,
"x": 350,
"y": 1540,
"wires": [
[
"b76c1d185c2793a0"
]
]
},
{
"id": "05947740ced04e2c",
"type": "matrix-device-verification",
"z": "f025a8b9fbd1b054",
"name": "",
"server": null,
"mode": "start",
"inputs": 1,
"outputs": 1,
"x": 740,
"y": 1540,
"wires": [
[
"b3158c0779b72b41"
]
]
},
{
"id": "b76c1d185c2793a0",
"type": "switch",
"z": "f025a8b9fbd1b054",
"name": "is from me",
"property": "userId",
"propertyType": "msg",
"rules": [
{
"t": "eq",
"v": "@skylord123:skylar.tech",
"vt": "str"
}
],
"checkall": "true",
"repair": false,
"outputs": 1,
"x": 550,
"y": 1540,
"wires": [
[
"05947740ced04e2c"
]
]
},
{
"id": "b3158c0779b72b41",
"type": "matrix-device-verification",
"z": "f025a8b9fbd1b054",
"name": "",
"server": null,
"mode": "accept",
"inputs": 1,
"outputs": 1,
"x": 970,
"y": 1540,
"wires": [
[]
]
},
{
"id": "eb8ba0741df1b365",
"type": "comment",
"z": "f025a8b9fbd1b054",
"name": "Accept all device validation from a user",
"info": "",
"x": 390,
"y": 1500,
"wires": []
}
]

BIN
examples/start-accept-verification-from-user.png
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 15 KiB

1
package.json
Unescape View File

@ -27,6 +27,7 @@
"matrix-crypt-file": "src/matrix-crypt-file.js",
"matrix-room-kick": "src/matrix-room-kick.js",
"matrix-room-ban": "src/matrix-room-ban.js",
"matrix-device-verification": "src/matrix-device-verification.js",
"matrix-synapse-users": "src/matrix-synapse-users.js",
"matrix-synapse-register": "src/matrix-synapse-register.js",
"matrix-synapse-create-edit-user": "src/matrix-synapse-create-edit-user.js",

240
src/matrix-device-verification.html
Unescape View File

@ -0,0 +1,240 @@
<script type="text/javascript">
let computeInputAndOutputCounts = function(node){
switch($("#node-input-mode").val()) {
default:
node.outputs = node.inputs = 0;
break;
case 'receive':
node.outputs = 1;
node.inputs = 0;
break;
case 'request':
case 'start':
case 'accept':
case 'cancel':
node.outputs = 2;
node.inputs = 1;
break;
}
};
RED.nodes.registerType('matrix-device-verification', {
category: 'matrix',
color: '#00b7ca',
icon: "matrix.png",
inputs: 0,
outputs: 0,
outputLabels: ["success", "error"],
defaults: {
name: { value: null },
server: { value: "", type: "matrix-server-config" },
mode: { value: null, type: "text", required: true },
inputs: { value: 0 },
outputs: { value: 0 }
},
oneditprepare: function () {
computeInputAndOutputCounts(this);
},
oneditsave: function () {
computeInputAndOutputCounts(this);
},
label: function() {
if(this.name) {
return this.name;
}
switch(this.mode) {
default:
return 'Device Verification';
case 'receive':
return 'Receive Device Verification';
case 'request':
return 'Request Device Verification';
case 'start':
return 'Start Device Verification';
case 'accept':
return 'Accept Device Verification';
case 'cancel':
return 'Cancel Device Verification';
}
return this.name || "Device Verify Request";
},
paletteLabel: function(){
return "Device Verification";
}
});
</script>
<script type="text/html" data-template-name="matrix-device-verification">
<div class="form-row">
<label for="node-input-name"><i class="fa fa-tag"></i> Name</label>
<input type="text" id="node-input-name" placeholder="Name">
</div>
<div class="form-row">
<label for="node-input-server"><i class="fa fa-user"></i> Matrix Server Config</label>
<input type="text" id="node-input-server">
</div>
<div class="form-row">
<label for="node-input-mode"><i class="fa fa-user"></i> Mode</label>
<select id="node-input-mode" style="width:70%;">
<option value="">Unconfigured</option>
<option value="receive">Receive Verification Request</option>
<option value="request">Request Verification</option>
<option value="start">Verification Start</option>
<option value="accept">Verification Accept</option>
<option value="cancel">Verification Cancel</option>
</select>
</div>
</script>
<script type="text/html" data-help-name="matrix-device-verification">
<h3>Details</h3>
<p>
Handle device verification. Check out the <a href="https://github.com/Skylar-Tech/node-red-contrib-matrix-chat/tree/master/examples#readme" target="_blank">examples</a> page for a good understanding of how this works.
<br />
General flow:
<ol>
<li>Request/Receive device verification</li>
<li>Start Verification</li>
<li>Compare Emojis</li>
<li>Accept/Cancel Verification</li>
</ol>
<br />
THIS NODE IS IN BETA. There is a good chance that we will change how this node works later down the road. Make sure to read the release notes before upgrading.
</p>
<a href="https://matrix-org.github.io/synapse/develop/admin_api/room_membership.html#edit-room-membership-api" target="_blank">Synapse API Endpoint Information</a>
<h3>Inputs</h3>
<ul class="node-inputs">
<li><code>mode</code> set to '<strong>Receive Verification Request</strong>'
<div class="form-tips" style="margin-bottom: 12px;">
Doesn't take an input
</div>
</li>
<li><code>mode</code> set to '<strong>Request Verification</strong>'
<dl class="message-properties">
<dt>msg.userId <span class="property-type">string</span></dt>
<dd>
ID of the user to request device verification from
</dd>
</dl>
<dl class="message-properties">
<dt>msg.devices <span class="property-type">array[string]|null</span></dt>
<dd> list of <code>msg.userId</code>'s devices IDs to request verification from. If empty it will request from all known devices.</dd>
</dl>
</li>
<li><code>mode</code> set to '<strong>Verification Start</strong>'
<dl class="message-properties">
<dt>msg.verifyRequestId <span class="property-type">string</span></dt>
<dd>
Internal ID to reference the verification request throughout the flows
</dd>
</dl>
<dl class="message-properties">
<dt>msg.cancel <span class="property-type">bool</span></dt>
<dd>
If set and is true the verification request will be cancelled
</dd>
</dl>
</li>
<li><code>mode</code> set to '<strong>Verification Accept</strong>'
<dl class="message-properties">
<dt>msg.verifyRequestId <span class="property-type">string</span></dt>
<dd>
Internal ID to reference the verification request throughout the flows
</dd>
</dl>
</li>
<li><code>mode</code> set to '<strong>Verification Cancel</strong>'
<dl class="message-properties">
<dt>msg.verifyRequestId <span class="property-type">string</span></dt>
<dd>
Internal ID to reference the verification request throughout the flows
</dd>
</dl>
</li>
</ul>
<h3>Outputs</h3>
<ul class="node-outputs">
<li><code>mode</code> set to '<strong>Receive Verification Request</strong>' or '<strong>Request Verification</strong>'
<dl class="message-properties">
<dt>msg.verifyRequestId <span class="property-type">string</span></dt>
<dd>
Internal ID to reference the verification request throughout the flows
</dd>
</dl>
<dl class="message-properties">
<dt>msg.verifyMethods <span class="property-type">string</span></dt>
<dd>
Common verification methods supported by both sides
</dd>
</dl>
<dl class="message-properties">
<dt>msg.userId <span class="property-type">string</span></dt>
<dd>
ID of the user to request device verification from
</dd>
</dl>
<dl class="message-properties">
<dt>msg.deviceIds <span class="property-type">array[string]</span></dt>
<dd>
List of devices we are verifying
</dd>
</dl>
<dl class="message-properties">
<dt>msg.selfVerification <span class="property-type">bool</span></dt>
<dd>
true if we are verifying one of our own devices
</dd>
</dl>
<dl class="message-properties">
<dt>msg.phase <span class="property-type">string</span></dt>
<dd>
what phase of verification we are in
</dd>
</dl>
</li>
<li><code>mode</code> set to '<strong>Verification Start</strong>'
<dl class="message-properties">
<dt>msg.payload <span class="property-type">string</span></dt>
<dd>
sas verification payload
</dd>
</dl>
<dl class="message-properties">
<dt>msg.emojis <span class="property-type">array[string]</span></dt>
<dd>
array of emojis for verification request
</dd>
</dl>
<dl class="message-properties">
<dt>msg.emojis_text <span class="property-type">array[string]</span></dt>
<dd>
array of emojis in text form for verification request
</dd>
</dl>
</li>
<li><code>mode</code> set to '<strong>Verification Accept</strong>' or '<strong>Verification Cancel</strong>'
<div class="form-tips" style="margin-bottom: 12px;">
Passes input straight to output on success. If an error occurs it goes to the second output.
</div>
</li>
</ul>
</script>

234
src/matrix-device-verification.js
Unescape View File

@ -0,0 +1,234 @@
const {Phase} = require("matrix-js-sdk/lib/crypto/verification/request/VerificationRequest");
const {CryptoEvent} = require("matrix-js-sdk/lib/crypto");
module.exports = function(RED) {
const verificationRequests = new Map();
function MatrixDeviceVerification(n) {
RED.nodes.createNode(this, n);
var node = this;
this.name = n.name;
this.server = RED.nodes.getNode(n.server);
this.mode = n.mode;
if (!node.server) {
node.warn("No configuration node");
return;
}
if(!node.server.e2ee) {
node.error("End-to-end encryption needs to be enabled to use this.");
}
node.status({ fill: "red", shape: "ring", text: "disconnected" });
node.server.on("disconnected", function(){
node.status({ fill: "red", shape: "ring", text: "disconnected" });
});
node.server.on("connected", function() {
node.status({ fill: "green", shape: "ring", text: "connected" });
});
function getKeyByValue(object, value) {
return Object.keys(object).find(key => object[key] === value);
}
switch(node.mode) {
default:
node.error("Node not configured with a mode");
break;
case 'request':
node.on('input', async function(msg){
if(!msg.userId) {
node.error("msg.userId is required for start verification mode");
}
node.server.matrixClient.requestVerification(msg.userId, msg.devices || null)
.then(function(e) {
node.log("Successfully requested verification");
let verifyRequestId = msg.userId + ':' + e.channel.deviceId;
verificationRequests.set(verifyRequestId, e);
node.send({
verifyRequestId: verifyRequestId, // internally used to reference between nodes
verifyMethods: e.methods,
userId: msg.userId,
deviceIds: e.channel.devices,
selfVerification: e.isSelfVerification,
phase: getKeyByValue(Phase, e.phase)
});
})
.catch(function(e){
node.warn("Error requesting device verification: " + e);
msg.error = e;
node.send([null, msg]);
});
});
break;
case 'receive':
/**
* Fires when a key verification is requested.
* @event module:client~MatrixClient#"crypto.verification.request"
* @param {object} data
* @param {MatrixEvent} data.event the original verification request message
* @param {Array} data.methods the verification methods that can be used
* @param {Number} data.timeout the amount of milliseconds that should be waited
* before cancelling the request automatically.
* @param {Function} data.beginKeyVerification a function to call if a key
* verification should be performed. The function takes one argument: the
* name of the key verification method (taken from data.methods) to use.
* @param {Function} data.cancel a function to call if the key verification is
* rejected.
*/
node.server.matrixClient.on(CryptoEvent.VerificationRequest, async function(data){
if(data.phase === Phase.Cancelled || data.phase === Phase.Done) {
return;
}
if(data.requested || true) {
let verifyRequestId = data.targetDevice.userId + ':' + data.targetDevice.deviceId;
verificationRequests.set(verifyRequestId, data);
node.send({
verifyRequestId: verifyRequestId, // internally used to reference between nodes
verifyMethods: data.methods,
userId: data.targetDevice.userId,
deviceId: data.targetDevice.deviceId,
selfVerification: data.isSelfVerification,
phase: getKeyByValue(Phase, data.phase)
});
}
});
node.on('close', function(done) {
// clear verification requests
verificationRequests.clear();
done();
});
break;
case 'start':
node.on('input', async function(msg){
if(!msg.verifyRequestId || !verificationRequests.has(msg.verifyRequestId)) {
// if(msg.userId && msg.deviceId) {
// node.server.beginKeyVerification("m.sas.v1", msg.userId, msg.deviceId);
// }
node.error("invalid verification request (invalid msg.verifyRequestId): " + (msg.verifyRequestId || null));
}
var data = verificationRequests.get(msg.verifyRequestId);
if(msg.cancel) {
await data._verifier.cancel();
verificationRequests.delete(msg.verifyRequestId);
} else {
try {
data.on('change', async function() {
var that = this;
if(this.phase === Phase.Started) {
let verifierCancel = function(){
let verifyRequestId = that.targetDevice.userId + ':' + that.targetDevice.deviceId;
if(verificationRequests.has(verifyRequestId)) {
verificationRequests.delete(verifyRequestId);
}
};
data._verifier.on('cancel', function(e){
node.warn("Device verification cancelled " + e);
verifierCancel();
});
let show_sas = function(e) {
// e = {
// sas: {
// decimal: [ 8641, 3153, 2357 ],
// emoji: [
// [Array], [Array],
// [Array], [Array],
// [Array], [Array],
// [Array]
// ]
// },
// confirm: [AsyncFunction: confirm],
// cancel: [Function: cancel],
// mismatch: [Function: mismatch]
// }
msg.payload = e.sas;
msg.emojis = e.sas.emoji.map(function(emoji, i) {
return emoji[0];
});
msg.emojis_text = e.sas.emoji.map(function(emoji, i) {
return emoji[1];
});
node.send(msg);
};
data._verifier.on('show_sas', show_sas);
data._verifier.verify()
.then(function(e){
data._verifier.off('show_sas', show_sas);
data._verifier.done();
}, function(e) {
verifierCancel();
node.warn(e);
// @todo return over second output
});
}
});
data.emit("change");
await data.accept();
} catch(e) {
console.log("ERROR", e);
}
}
});
break;
case 'cancel':
node.on('input', async function(msg){
if(!msg.verifyRequestId || !verificationRequests.has(msg.verifyRequestId)) {
node.error("Invalid verification request: " + (msg.verifyRequestId || null));
}
var data = verificationRequests.get(msg.verifyRequestId);
if(data) {
data.cancel()
.then(function(e){
node.send([msg, null]);
})
.catch(function(e) {
msg.error = e;
node.send([null, msg]);
});
}
});
break;
case 'accept':
node.on('input', async function(msg){
if(!msg.verifyRequestId || !verificationRequests.has(msg.verifyRequestId)) {
node.error("Invalid verification request: " + (msg.verifyRequestId || null));
}
var data = verificationRequests.get(msg.verifyRequestId);
if(data._verifier && data._verifier.sasEvent) {
data._verifier.sasEvent.confirm()
.then(function(e){
node.send([msg, null]);
})
.catch(function(e) {
msg.error = e;
node.send([null, msg]);
});
} else {
node.error("Verification must be started");
}
});
break;
}
}
RED.nodes.registerType("matrix-device-verification", MatrixDeviceVerification);
}
Write Preview
Loading…
Cancel
Save