Page MenuHomePhabricator
Differential D12525

[proto][Tunnelbroker] add RPC to delete device data from Tunnelbroker
ClosedPublic
Actions

Authored by kamil on Jun 20 2024, 3:33 PM.
Tags
None
Referenced Files
Unknown Object (File)
Tue, Mar 4, 11:29 AM
Unknown Object (File)
Sun, Mar 2, 6:14 PM
Unknown Object (File)
Feb 21 2025, 1:11 AM
Unknown Object (File)
Feb 21 2025, 1:11 AM
Unknown Object (File)
Feb 21 2025, 1:11 AM
Unknown Object (File)
Feb 3 2025, 1:31 PM
Unknown Object (File)
Feb 2 2025, 4:15 PM
Unknown Object (File)
Jan 30 2025, 1:57 PM
View All 80 Files
Subscribers
tomek

Details

Reviewers
bartek
marcin
ashoat
Commits
rCOMM0de42f6fa609: [proto][Tunnelbroker] add RPC to delete device data from Tunnelbroker
Summary

ENG-8400 (see point 5. Logout).

This RPC will be used by Identity to inform Tunnelbroker about device logout.

Now remove the device token. Creating a follow-up task to delete persisted messages to device (ENG-8495).

Test Plan

Tested in next diff

Diff Detail

Repository
rCOMM Comm
Branch
land-token
Lint
No Lint Coverage
Unit
No Test Coverage

Event Timeline

kamil created this revision.Jun 20 2024, 3:33 PM
kamil held this revision as a draft.
Herald added a subscriber: tomek. · View Herald TranscriptJun 20 2024, 3:33 PM
kamil edited the summary of this revision. (Show Details)Jun 20 2024, 3:35 PM
kamil added a parent revision: D12520: [Tunnelbroker] implement setting device token.
kamil added a child revision: D12526: [Identity] remove Tunnelbroker data on device removal.Jun 20 2024, 3:36 PM
Harbormaster completed remote builds in B29847: Diff 41582.Jun 20 2024, 3:50 PM
kamil published this revision for review.Jun 20 2024, 4:10 PM
kamil mentioned this in D12538: [lib] introduce Tunnelbroker device token handler.Jun 21 2024, 2:45 AM
bartek added a comment.Jun 21 2024, 11:02 PM

What about undelivered_messages? Are they considered a "device data" too?

kamil added a comment.Jun 24 2024, 3:19 AM
In D12525#355420, @bartek wrote:

What about undelivered_messages? Are they considered a "device data" too?

Yes, I created a follow-up task to implement this too: ENG-8495.

kamil edited the summary of this revision. (Show Details)Jun 24 2024, 3:19 AM
bartek accepted this revision.Jun 25 2024, 12:00 AM
ashoat accepted this revision.Jun 30 2024, 5:55 PM

Can you remind me how we make sure that only Comm services can call DeleteDeviceData?

shared/protos/tunnelbroker.proto
30 ↗(On Diff #41582)

Typo: extra space after message

This revision is now accepted and ready to land.Jun 30 2024, 5:55 PM
bartek added a comment.Jul 1 2024, 2:58 AM
In D12525#357103, @ashoat wrote:

Can you remind me how we make sure that only Comm services can call DeleteDeviceData?

Tunnelbroker gRPC port is exposed only to services

kamil updated this revision to Diff 41840.Jul 1 2024, 3:25 AM

remove extra space

Harbormaster completed remote builds in B30022: Diff 41840.Jul 1 2024, 3:42 AM
Closed by commit rCOMM0de42f6fa609: [proto][Tunnelbroker] add RPC to delete device data from Tunnelbroker (authored by kamil). · Explain WhyJul 1 2024, 4:02 AM
This revision was automatically updated to reflect the committed changes.
kamil added a commit: rCOMM0de42f6fa609: [proto][Tunnelbroker] add RPC to delete device data from Tunnelbroker.
kamil mentioned this in rCOMM73cd11959193: [lib] introduce Tunnelbroker device token handler.Jul 1 2024, 6:33 AM

Revision Contents
Changeset List

PathSize
services/
tunnelbroker/
src/
grpc/
18 lines
shared/
protos/
8 lines

Diff 41840

View Options

services/tunnelbroker/src/grpc/mod.rs

// @flow // @flow
import invariant from 'invariant'; import invariant from 'invariant';
import * as React from 'react'; import * as React from 'react';
import { logOutActionTypes, useLogOut } from '../actions/user-actions.js'; import {
keyserverAuthActionTypes,
logOutActionTypes,
useKeyserverAuth,
useLogOut,
} from '../actions/user-actions.js';
import { extractKeyserverIDFromID } from '../keyserver-conn/keyserver-call-utils.js';
import { filterThreadIDsInFilterList } from '../reducers/calendar-filters-reducer.js';
import { import {
connectionSelector, connectionSelector,
cookieSelector, cookieSelector,
deviceTokenSelector,
} from '../selectors/keyserver-selectors.js'; } from '../selectors/keyserver-selectors.js';
import { IdentityClientContext } from '../shared/identity-client-context.js'; import { IdentityClientContext } from '../shared/identity-client-context.js';
import { OlmSessionCreatorContext } from '../shared/olm-session-creator-context.js'; import { OlmSessionCreatorContext } from '../shared/olm-session-creator-context.js';
import type { BaseSocketProps } from '../socket/socket.react.js'; import type { BaseSocketProps } from '../socket/socket.react.js';
import { logInActionSources } from '../types/account-types.js';
import { useDispatchActionPromise } from '../utils/redux-promise-utils.js'; import { useDispatchActionPromise } from '../utils/redux-promise-utils.js';
import { useSelector } from '../utils/redux-utils.js'; import { useSelector } from '../utils/redux-utils.js';
import { usingCommServicesAccessToken } from '../utils/services-utils.js'; import { usingCommServicesAccessToken } from '../utils/services-utils.js';
import { ashoatKeyserverID } from '../utils/validation-utils.js'; import { ashoatKeyserverID } from '../utils/validation-utils.js';
type Props = { type Props = {
...BaseSocketProps, ...BaseSocketProps,
+keyserverID: string, +keyserverID: string,
+socketComponent: React.ComponentType<BaseSocketProps>, +socketComponent: React.ComponentType<BaseSocketProps>,
}; };
function KeyserverConnectionHandler(props: Props) { function KeyserverConnectionHandler(props: Props) {
const { socketComponent: Socket, keyserverID, ...rest } = props; const { socketComponent: Socket, keyserverID, ...rest } = props;
const dispatchActionPromise = useDispatchActionPromise(); const dispatchActionPromise = useDispatchActionPromise();
const callLogOut = useLogOut(); const callLogOut = useLogOut();
const keyserverAuth = useKeyserverAuth();
const hasConnectionIssue = useSelector( const hasConnectionIssue = useSelector(
state => !!connectionSelector(keyserverID)(state)?.connectionIssue, state => !!connectionSelector(keyserverID)(state)?.connectionIssue,
); );
const cookie = useSelector(cookieSelector(keyserverID)); const cookie = useSelector(cookieSelector(keyserverID));
const keyserverDeviceToken = useSelector(deviceTokenSelector(keyserverID));
// We have an assumption that we should be always connected to Ashoat's
// keyserver. It is possible that a token which it has is correct, so we can
// try to use it. In worst case it is invalid and our push-handler will try
// to fix it.
ashoatUnsubmitted
Not Done
Inline Actions

This logic is a bit confusing.

I guess the reason we decided to store a separate deviceToken per keyserver is because we want to know if we've shared our deviceToken to that keyserver yet, not because we expect to have a different deviceToken per keyserver.

It would probably make more sense if we have a deviceTokenHasBeenUploaded: boolean in KeyserverInfo, and a deviceToken field at the top level of Redux. But we'll likely end up removing deviceTokens from keyservers soon anyways...

ashoat: This logic is a bit confusing. I guess the reason we decided to store a separate `deviceToken`…
tomekAuthorUnsubmitted
Done
Inline Actions

It would probably make more sense if we have a deviceTokenHasBeenUploaded: boolean in KeyserverInfo, and a deviceToken field at the top level of Redux. But we'll likely end up removing deviceTokens from keyservers soon anyways...

Agree. But moving the token to Tunnelbroker will simplify it even more. For now, I don't think it is worth fixing now.

tomek: > It would probably make more sense if we have a deviceTokenHasBeenUploaded: boolean in…
const ashoatKeyserverDeviceToken = useSelector(
deviceTokenSelector(ashoatKeyserverID),
);
const deviceToken = keyserverDeviceToken ?? ashoatKeyserverDeviceToken;
const navInfo = useSelector(state => state.navInfo);
const calendarFilters = useSelector(state => state.calendarFilters);
const calendarQuery = React.useMemo(() => {
const filters = filterThreadIDsInFilterList(
calendarFilters,
(threadID: string) => extractKeyserverIDFromID(threadID) === keyserverID,
);
return {
startDate: navInfo.startDate,
endDate: navInfo.endDate,
filters,
};
}, [calendarFilters, keyserverID, navInfo.endDate, navInfo.startDate]);
React.useEffect(() => { React.useEffect(() => {
if (hasConnectionIssue) { if (hasConnectionIssue) {
void dispatchActionPromise(logOutActionTypes, callLogOut()); void dispatchActionPromise(logOutActionTypes, callLogOut());
} }
}, [callLogOut, hasConnectionIssue, dispatchActionPromise]); }, [callLogOut, hasConnectionIssue, dispatchActionPromise]);
const identityContext = React.useContext(IdentityClientContext); const identityContext = React.useContext(IdentityClientContext);
invariant(identityContext, 'Identity context should be set'); invariant(identityContext, 'Identity context should be set');
const { identityClient } = identityContext; const { identityClient, getAuthMetadata } = identityContext;
const olmSessionCreator = React.useContext(OlmSessionCreatorContext); const olmSessionCreator = React.useContext(OlmSessionCreatorContext);
invariant(olmSessionCreator, 'Olm session creator should be set'); invariant(olmSessionCreator, 'Olm session creator should be set');
React.useEffect(() => { React.useEffect(() => {
if (!usingCommServicesAccessToken) { if (!usingCommServicesAccessToken) {
return; return;
} }
void (async () => { void (async () => {
try { try {
const keyserverKeys = const keyserverKeys =
await identityClient.getKeyserverKeys(keyserverID); await identityClient.getKeyserverKeys(keyserverID);
// eslint-disable-next-line no-unused-vars
const [notifsSession, contentSession] = await Promise.all([ const [notifsSession, contentSession] = await Promise.all([
olmSessionCreator.notificationsSessionCreator( olmSessionCreator.notificationsSessionCreator(
cookie, cookie,
keyserverKeys.identityKeysBlob.notificationIdentityPublicKeys, keyserverKeys.identityKeysBlob.notificationIdentityPublicKeys,
keyserverKeys.notifInitializationInfo, keyserverKeys.notifInitializationInfo,
keyserverID, keyserverID,
), ),
olmSessionCreator.contentSessionCreator( olmSessionCreator.contentSessionCreator(
keyserverKeys.identityKeysBlob.primaryIdentityPublicKeys, keyserverKeys.identityKeysBlob.primaryIdentityPublicKeys,
keyserverKeys.contentInitializationInfo, keyserverKeys.contentInitializationInfo,
), ),
]); ]);
const { userID, deviceID } = await getAuthMetadata();
invariant(userID, 'userID should be set');
invariant(deviceID, 'deviceID should be set');
const deviceTokenUpdateInput = deviceToken
? { [keyserverID]: { deviceToken } }
: {};
await dispatchActionPromise(
keyserverAuthActionTypes,
keyserverAuth({
userID,
deviceID,
doNotRegister: false,
calendarQuery,
deviceTokenUpdateInput,
logInActionSource: process.env.BROWSER
? logInActionSources.keyserverAuthFromWeb
: logInActionSources.keyserverAuthFromNative,
keyserverData: {
[keyserverID]: {
initialContentEncryptedMessage: contentSession,
initialNotificationsEncryptedMessage: notifsSession,
},
},
}),
);
} catch (e) { } catch (e) {
console.log( console.log(
`Error getting keys for keyserver with id ${keyserverID}`, `Error while authenticating to keyserver with id ${keyserverID}`,
e, e,
); );
} }
})(); })();
}, [keyserverID, identityClient, olmSessionCreator, cookie]); }, [
keyserverID,
identityClient,
olmSessionCreator,
cookie,
getAuthMetadata,
dispatchActionPromise,
keyserverAuth,
deviceToken,
calendarQuery,
]);
if (keyserverID !== ashoatKeyserverID) { if (keyserverID !== ashoatKeyserverID) {
return null; return null;
} }
return <Socket {...rest} />; return <Socket {...rest} />;
} }
const Handler: React.ComponentType<Props> = React.memo<Props>( const Handler: React.ComponentType<Props> = React.memo<Props>(
KeyserverConnectionHandler, KeyserverConnectionHandler,
); );
export default Handler; export default Handler;
View Options

shared/protos/tunnelbroker.proto

// @flow // @flow
import invariant from 'invariant'; import invariant from 'invariant';
import * as React from 'react'; import * as React from 'react';
import { logOutActionTypes, useLogOut } from '../actions/user-actions.js'; import {
keyserverAuthActionTypes,
logOutActionTypes,
useKeyserverAuth,
useLogOut,
} from '../actions/user-actions.js';
import { extractKeyserverIDFromID } from '../keyserver-conn/keyserver-call-utils.js';
import { filterThreadIDsInFilterList } from '../reducers/calendar-filters-reducer.js';
import { import {
connectionSelector, connectionSelector,
cookieSelector, cookieSelector,
deviceTokenSelector,
} from '../selectors/keyserver-selectors.js'; } from '../selectors/keyserver-selectors.js';
import { IdentityClientContext } from '../shared/identity-client-context.js'; import { IdentityClientContext } from '../shared/identity-client-context.js';
import { OlmSessionCreatorContext } from '../shared/olm-session-creator-context.js'; import { OlmSessionCreatorContext } from '../shared/olm-session-creator-context.js';
import type { BaseSocketProps } from '../socket/socket.react.js'; import type { BaseSocketProps } from '../socket/socket.react.js';
import { logInActionSources } from '../types/account-types.js';
import { useDispatchActionPromise } from '../utils/redux-promise-utils.js'; import { useDispatchActionPromise } from '../utils/redux-promise-utils.js';
import { useSelector } from '../utils/redux-utils.js'; import { useSelector } from '../utils/redux-utils.js';
import { usingCommServicesAccessToken } from '../utils/services-utils.js'; import { usingCommServicesAccessToken } from '../utils/services-utils.js';
import { ashoatKeyserverID } from '../utils/validation-utils.js'; import { ashoatKeyserverID } from '../utils/validation-utils.js';
type Props = { type Props = {
...BaseSocketProps, ...BaseSocketProps,
+keyserverID: string, +keyserverID: string,
+socketComponent: React.ComponentType<BaseSocketProps>, +socketComponent: React.ComponentType<BaseSocketProps>,
}; };
function KeyserverConnectionHandler(props: Props) { function KeyserverConnectionHandler(props: Props) {
const { socketComponent: Socket, keyserverID, ...rest } = props; const { socketComponent: Socket, keyserverID, ...rest } = props;
const dispatchActionPromise = useDispatchActionPromise(); const dispatchActionPromise = useDispatchActionPromise();
const callLogOut = useLogOut(); const callLogOut = useLogOut();
const keyserverAuth = useKeyserverAuth();
const hasConnectionIssue = useSelector( const hasConnectionIssue = useSelector(
state => !!connectionSelector(keyserverID)(state)?.connectionIssue, state => !!connectionSelector(keyserverID)(state)?.connectionIssue,
); );
const cookie = useSelector(cookieSelector(keyserverID)); const cookie = useSelector(cookieSelector(keyserverID));
const keyserverDeviceToken = useSelector(deviceTokenSelector(keyserverID));
// We have an assumption that we should be always connected to Ashoat's
// keyserver. It is possible that a token which it has is correct, so we can
// try to use it. In worst case it is invalid and our push-handler will try
// to fix it.
ashoatUnsubmitted
Not Done
Inline Actions

This logic is a bit confusing.

I guess the reason we decided to store a separate deviceToken per keyserver is because we want to know if we've shared our deviceToken to that keyserver yet, not because we expect to have a different deviceToken per keyserver.

It would probably make more sense if we have a deviceTokenHasBeenUploaded: boolean in KeyserverInfo, and a deviceToken field at the top level of Redux. But we'll likely end up removing deviceTokens from keyservers soon anyways...

ashoat: This logic is a bit confusing. I guess the reason we decided to store a separate `deviceToken`…
tomekAuthorUnsubmitted
Done
Inline Actions

It would probably make more sense if we have a deviceTokenHasBeenUploaded: boolean in KeyserverInfo, and a deviceToken field at the top level of Redux. But we'll likely end up removing deviceTokens from keyservers soon anyways...

Agree. But moving the token to Tunnelbroker will simplify it even more. For now, I don't think it is worth fixing now.

tomek: > It would probably make more sense if we have a deviceTokenHasBeenUploaded: boolean in…
const ashoatKeyserverDeviceToken = useSelector(
deviceTokenSelector(ashoatKeyserverID),
);
const deviceToken = keyserverDeviceToken ?? ashoatKeyserverDeviceToken;
const navInfo = useSelector(state => state.navInfo);
const calendarFilters = useSelector(state => state.calendarFilters);
const calendarQuery = React.useMemo(() => {
const filters = filterThreadIDsInFilterList(
calendarFilters,
(threadID: string) => extractKeyserverIDFromID(threadID) === keyserverID,
);
return {
startDate: navInfo.startDate,
endDate: navInfo.endDate,
filters,
};
}, [calendarFilters, keyserverID, navInfo.endDate, navInfo.startDate]);
React.useEffect(() => { React.useEffect(() => {
if (hasConnectionIssue) { if (hasConnectionIssue) {
void dispatchActionPromise(logOutActionTypes, callLogOut()); void dispatchActionPromise(logOutActionTypes, callLogOut());
} }
}, [callLogOut, hasConnectionIssue, dispatchActionPromise]); }, [callLogOut, hasConnectionIssue, dispatchActionPromise]);
const identityContext = React.useContext(IdentityClientContext); const identityContext = React.useContext(IdentityClientContext);
invariant(identityContext, 'Identity context should be set'); invariant(identityContext, 'Identity context should be set');
const { identityClient } = identityContext; const { identityClient, getAuthMetadata } = identityContext;
const olmSessionCreator = React.useContext(OlmSessionCreatorContext); const olmSessionCreator = React.useContext(OlmSessionCreatorContext);
invariant(olmSessionCreator, 'Olm session creator should be set'); invariant(olmSessionCreator, 'Olm session creator should be set');
React.useEffect(() => { React.useEffect(() => {
if (!usingCommServicesAccessToken) { if (!usingCommServicesAccessToken) {
return; return;
} }
void (async () => { void (async () => {
try { try {
const keyserverKeys = const keyserverKeys =
await identityClient.getKeyserverKeys(keyserverID); await identityClient.getKeyserverKeys(keyserverID);
// eslint-disable-next-line no-unused-vars
const [notifsSession, contentSession] = await Promise.all([ const [notifsSession, contentSession] = await Promise.all([
olmSessionCreator.notificationsSessionCreator( olmSessionCreator.notificationsSessionCreator(
cookie, cookie,
keyserverKeys.identityKeysBlob.notificationIdentityPublicKeys, keyserverKeys.identityKeysBlob.notificationIdentityPublicKeys,
keyserverKeys.notifInitializationInfo, keyserverKeys.notifInitializationInfo,
keyserverID, keyserverID,
), ),
olmSessionCreator.contentSessionCreator( olmSessionCreator.contentSessionCreator(
keyserverKeys.identityKeysBlob.primaryIdentityPublicKeys, keyserverKeys.identityKeysBlob.primaryIdentityPublicKeys,
keyserverKeys.contentInitializationInfo, keyserverKeys.contentInitializationInfo,
), ),
]); ]);
const { userID, deviceID } = await getAuthMetadata();
invariant(userID, 'userID should be set');
invariant(deviceID, 'deviceID should be set');
const deviceTokenUpdateInput = deviceToken
? { [keyserverID]: { deviceToken } }
: {};
await dispatchActionPromise(
keyserverAuthActionTypes,
keyserverAuth({
userID,
deviceID,
doNotRegister: false,
calendarQuery,
deviceTokenUpdateInput,
logInActionSource: process.env.BROWSER
? logInActionSources.keyserverAuthFromWeb
: logInActionSources.keyserverAuthFromNative,
keyserverData: {
[keyserverID]: {
initialContentEncryptedMessage: contentSession,
initialNotificationsEncryptedMessage: notifsSession,
},
},
}),
);
} catch (e) { } catch (e) {
console.log( console.log(
`Error getting keys for keyserver with id ${keyserverID}`, `Error while authenticating to keyserver with id ${keyserverID}`,
e, e,
); );
} }
})(); })();
}, [keyserverID, identityClient, olmSessionCreator, cookie]); }, [
keyserverID,
identityClient,
olmSessionCreator,
cookie,
getAuthMetadata,
dispatchActionPromise,
keyserverAuth,
deviceToken,
calendarQuery,
]);
if (keyserverID !== ashoatKeyserverID) { if (keyserverID !== ashoatKeyserverID) {
return null; return null;
} }
return <Socket {...rest} />; return <Socket {...rest} />;
} }
const Handler: React.ComponentType<Props> = React.memo<Props>( const Handler: React.ComponentType<Props> = React.memo<Props>(
KeyserverConnectionHandler, KeyserverConnectionHandler,
); );
export default Handler; export default Handler;