Commit Graph

125 Commits

Author SHA1 Message Date
Pascal Precht 7938297606 feat: introduce `CheckChannelPermissions` API
Similar to `CheckPermissionToJoin()` we now get
a `CheckChannelPermissions()` API.

It will rely on the same `PermissionResponse` types, but gives
information about both `ViewOnlyPermissions` and
`ViewAndPostPermissions`.
2023-06-20 09:42:10 +02:00
Pascal Precht f702b54d08 fix: don't check permissions if revealed accounts aren't legit
This seems to be a bug that was introduced when two features, admin
permissions and "always reveal wallet accounts" where merged.

We need to make sure we **first** check the revealed accounts and only
**then** do we perform permission checks on them. Otherwise we can run
into scenarios where fake addresses are used and users will be accepted
to the community.
2023-06-19 15:27:10 +02:00
Pascal Precht a36202ff30 fix: don't return with error in permissions check when no chain IDs are
found

Turns out that, when we return with an error, instead of
a non-statisfied check permissions response, we can run into cases where
members that should be kicked are not kicked.
2023-06-19 15:26:42 +02:00
Boris Melnik 1eb92a19a2
feat(communities): Adds muting interval to community (#3549) 2023-06-17 11:19:05 +03:00
Mikhail Rogachev 51e3d800bb
fix: save revealed accounts regardless of permissions granted (#3609) 2023-06-16 11:10:32 +04:00
Michal Iskierko ccde92377d feat(BurnCollectibles): Add burn collectibles functionality
Change smart contract with new API.
Update gas amount for deployment.
Add Burn() and EstimateBurn() functions.
Add RemainingSupply() functions.

Issue #10816
2023-06-15 15:38:19 +02:00
Mykhailo Prakhov e058b50a2e
feat: community admin permission functionality (#3569)
* feat: community admin implementation

* fix: code review fixes

* chore: request admin permissions in CheckPermissionToJoin, unit test fix
2023-06-14 10:15:46 -04:00
Pascal Precht 1a2ca21070 Add chainIds to revealed accounts in memberhsip requests
This commit does a few things:

- Adds a migration that adds chainids to communities_request_to_join_revealed_addresses
- Removes RevealedAddress in favor of RevealedAccount which is now a struct that contains the revealed address, as well as the signature and a list of chain IDs on which to check for user funds
- Changes the logic of sending requests to join a community, such that after creating address signatures, the user node will also check which of the addresses has funds on which networks for the community's token permissions, and add the chainds to the RevealedAccount
- Updates checkPermissionToJoin() such that only relevant chainids are used when checking user's funds. Chain IDs are retrieved from RevealedAccounts and matched against token permission criteria chain IDs
2023-06-12 10:49:29 +02:00
Alex Jbanca e8c4b7647f
chore(upgradeSQLCipher): Upgrading SQLCipher to version 5.4.5 (#3559)
* chore(upgradeSQLCipher): Upgrading SQLCipher to version 5.4.5

Changes:
### github.com/mutecomm/go-sqlcipher
1. The improved crypto argorighms from go-sqlcipher v3 are merged in v4
	Tags:
	v4.4.2-status.1 - merge `burn_stack` improvement
	v4.4.2-status.2 - merge `SHA1` improvement
	v4.4.2-status.4- merge 'AES' improvement
2. Fixed `go-sqlcipher` to support v3 database in compatibility mode (`sqlcipher` already supports this) (Tag: v4.4.2-status.3)
3. Upgrade `sqlcipher` to v5.4.5 (Tag: v4.5.4-status.1)

### github.com/status-im/migrate/v4
1. Upgrade `go-sqlcipher` version in `github.com/status-im/migrate/v4`

### status-go
1. Upgrade `go-sqlcipher` and `migrate` modules in status-go
2. Configure the DB connections to open the DB in v3 compatibility mode

* chore(upgradeSQLCipher): Use sqlcipher v3 configuration to encrypt a plain text database

* chore(upgradeSQLCipher): Scanning NULL BLOB value should return nil

Fixing failing tests: TestSyncDeviceSuite/TestPairingSyncDeviceClientAsReceiver;  TestSyncDeviceSuite/TestPairingSyncDeviceClientAsSender

Considering the following configuration:
1. Table with BLOB column has 1 NULL value
2. Query the value
3. Rows.Scan(&dest sql.NullString)

Expected: dest.Valid == false; dest.String == nil
Actual: dest.Valid == true; dest.String == ""

* chore: Bump go-sqlcipher version to include NULL BLOB fix
2023-06-07 08:58:01 +03:00
Patryk Osmaczko 15d2b4fe80 feat: add configurable throttling mechanism for importing msgs
part of: status-im/status-desktop#10815
2023-06-06 08:49:02 +02:00
Pascal Precht ffc1006953 Add permission checks for ENS token permissions
Also add tests for creating and editing token permissions
as well as a test for checking ENS ownership.
2023-06-05 13:10:48 +02:00
Jonathan Rainville a6285cc827
Fix chats reseting when a Sync signal comes for communities (#3539)
* fix(community): stop re-joining comm when receiving a sync community msg

Fixes an issue with chats being reset. Since joining a community resaves the chats with the synced default value, it resets the sate of the chats, losing the unread messages, the muted state and more.
The solution is to block the re-joining of the community. In the case of the sync, we catch that error and just continue on.

* fix(import): fix HandleImport not saving the chat

Doesn't change much, but it could have caused issues in the future, so since we might have modified the chat, we make sure to save them
Also adds a test

* fix tests
2023-05-29 13:57:05 -04:00
Andrea Maria Piana 6acb34bab7 Allow setting up wallet with new config
This commit does a few things:

1) Extend create/import account endpoint to get wallet config, some of
   which has been moved to the backend
2) Set up a loop for retrieving balances every 10 minutes, caching the
   balances
3) Return information about which checks are not passing when trying to
   join a token gated community
4) Add tests to the token gated communities
5) Fixes an issue with addresses not matching when checking for
   permissions

The move to the wallet as a background task is not yet complete, I need
to publish a signal, and most likely I will disable it before merging
for now, as it's currently not used by desktop/mobile, but the PR was
  getting to big
2023-05-19 13:23:21 +01:00
Jonathan Rainville edf8869ff2
fix(communities/manager): use sync.map to fix concurrent map writes err (#3445) 2023-05-05 14:13:55 -04:00
Jonathan Rainville b7767ea63c
fix(communities/manager): make historyArchiveTasks a SyncMap (#3448)
Fixes #3447
2023-05-05 12:40:18 -04:00
Michal Iskierko 4935848287 fix(GetAllCommunityTokens): Add GetAllCommunityTokens function
Issue #10254
2023-05-05 18:14:55 +02:00
osmaczko 83998272dd
feat: add featured communities (#3459) 2023-05-05 11:55:32 -04:00
mprakhov 57b2432290 Community encryption should automatically be enabled/disabled depending on community permissions (closed/open) 2023-05-05 17:32:39 +02:00
Boris Melnik ebf997bf63
fix(communities): Ignore requests to join from banned user (#3030) 2023-05-03 18:01:55 +03:00
Mohamed Javid 0eff61c57a
Community request to join changes for pending and declined states (#3387)
* Community request to join changes

* Fix read state for request to join notification

* Bring back deleted notification when updated with response

* Update Request timeout to 7 days

* Update VERSION
2023-04-21 14:48:47 +05:30
Anthony Laibe 0c8ce79941 feat: returns tokens even when error 2023-03-31 19:22:53 +02:00
Andrea Maria Piana 522c578a35 Set keystore dir & network id 2023-03-30 13:39:54 +01:00
Pascal Precht 9267ad46c5 Check ownership of collectibles in community permissions
This adds an additional check for collectibles when community
permissions are validated.

Specifically this uses opensea to request all NFTs given an
owner wallet and a list of contract addresses (collectibles).
2023-03-29 18:20:09 +02:00
Patryk Osmaczko 8dd8b1ae45 feat: implement community members count
iterates: status-im/status-desktop#8016
2023-03-29 17:08:41 +02:00
Jonathan Rainville 329f5c8316 fix(community): only checkPermissions if the community has permissions 2023-03-27 10:31:12 -04:00
Jonathan Rainville 79365ef576 fix(community-requests): block community requests from rejected users 2023-03-27 10:29:12 -04:00
Pascal Precht 7bc03e22f7 Do not automatically decline requests in manual accept
When community owners accept pending requests manually, they would be
declined in that process if the request doesn't fullfill the required
token permission criteria.

We don't want this to automatically reject those requests anymore,
instead, owners have to manually reject the requests.
2023-03-23 12:04:59 +01:00
Pascal Precht 5ec9e1ac46 feat: check member permission funds periodically
This adds a periodic member permission check for every admin community
such that member funds are checked every hour.
2023-03-23 12:04:59 +01:00
Pascal Precht 128f82df09 Perform token criteria checks on existing members
When a community permission is edited, we need to revalidate
the token criteria with the existing member list, as members might
no longer fulfill the requirements.

This commit runs the checks in a go routine after the permission has
been updated.
2023-03-23 08:53:43 +01:00
Pascal Precht 2cbced95c5 Check token funds when handling community requests to join
This adds checks to `HandleCommunityRequestToJoin` and
`AcceptRequestToJoinCommunity` that ensure a given user's revealed
wallet addresses own the token funds required by a community.

When community has token permissions of type `BECOME_MEMBER`, the
following happens when the owner receives a request:

1. Upon verifying provided wallet addresses by the requester, the owner
   node accumulates all token funds related to the given wallets that
   match the token criteria in the configured permissions
2. If the requester does not meet the necessary requirements, the
   request to join will be declined. If the requester does have the
   funds, he'll either be automatically accepted to the community, or
   enters the next stage where an owner needs to manually accept the
   request.
3. The the community does not automatically accept users, then the funds
   check will happen again, when the owner tries to manually accept the
   request. If the necessary funds do not exist at this stage, the
   request will be declined
4. Upon accepting, whether automatically or manually, the owner adds the
   requester's wallet addresses to the `CommunityDescription`, such that
   they can be retrieved later when doing periodic checks or when
   permissions have changed.
2023-03-23 08:40:31 +01:00
Pascal Precht 051314aad0 feat: add verified wallet accounts to community requests
This commit extends the `CommunityRequestToJoin` with `RevealedAddresses` which represent wallet addresses and signatures provided by the sender, to proof a community owner ownership of those wallet addresses.

**Note: This only works with keystore files maanged by status-go**

At high level, the follwing happens:

1. User instructs Status to send a request to join to a community. By adding a password hash to the instruction, Status will try to unlock the users keystore and verify each wallet account.
2. For every verified wallet account, a signature is created for the following payload, using each wallet's private key

   ``` keccak256(chatkey + communityID + requestToJoinID) ``` A map of walletAddress->signature is then attached to the community request to join, which will be sent to the community owner
3. The owner node receives the request, and if the community requires users to hold tokens to become a member, it will check and verify whether the given wallet addresses are indeed owned by the sender. If any signature provided by the request cannot be recovered, the request is immediately declined by the owner.
4. The verified addresses are then added to the owner node's database such that, once the request should be accepted, the addresses can be used to check on chain whether they own the necessary funds to fulfill the community's permissions

The checking of required funds is **not** part of this commit. It will be added in a follow-up commit.
2023-03-22 13:50:25 +01:00
Michal Iskierko 736766ec37 fix(AddCommunityToken): Change AddCommunityToken API call
The function returns object with image converted to base64 format.

Issue #9866
2023-03-22 13:45:53 +01:00
Andrea Maria Piana 5d81866957 Add request to response when canceling request 2023-03-14 13:50:18 +00:00
Pascal Precht f5475ed45c fix: add missing `Name` property to `CommunityTokensMetadata` 2023-03-07 16:37:36 +01:00
Pascal Precht a6194ffad4 fix: don't expect `CommunityTokensMetadata` in `EditCommunity()`
The `Edit()` method on `Community` merely updates "primitive" values
that live inside a community description. For any data that is more complex,
we typically have dedicated methods.

Because `Edit()` was expecting `CommunityTokensMetadata`, it would
override it with empty data every time we would edit a community.
This is because we typically don't update that kind of data as part
of `Edit()`.

In addition, `CommunityTokensMetadata` is append-only anyways,
so there wouldn't be any other way to update that field, other than
adding new items to it, which is done in a dedicated method.
2023-03-07 16:07:48 +01:00
Michal Iskierko 1b24342a75 feat(CommunityTokenMetadata): Keep token metadata in CommunityDescription
Community tokens has some metadata (image, description) which must be kept in waku(CommunityDescription).
Add CommunityTokenMetadata message to communities.proto.
Add []CommunityTokenMetadata to CommunityDescription.

Issue #9545
2023-03-07 08:40:47 +01:00
Michal Iskierko 8a296407f3 fix(GetCommunityTokens): Change API call - use only communityId param
Fix #9725
2023-03-06 10:46:41 +01:00
Pascal Precht 596660c110 feat: add CommunityTokenPermission to community description
This adds token permission capabilities to CommunityDescription such that token permissions can be created, updated and deleted.
2023-03-03 09:46:49 +01:00
Richard Ramos e1ea1ccab5 chore: find free port for torrent if set as 0 2023-03-02 08:50:41 -04:00
Michal Iskierko d0cc036d48 feat(CommunityTokens): Keep community token details in database
New table for community tokens.
API for get,add, update community token.

Issue #9233
2023-02-27 10:37:54 +01:00
Andrea Maria Piana c38ec00a2d Add community request to response when a response handled
In general, any time a piece of state is updated in the backend, that
should be propagated to the client through signals.

In this case, when a request was accepted, the client wasn't notified,
requiring them to re-fetch the accepted requests and causing
inconsistent state between status-go and client.
2023-02-07 13:17:19 +00:00
Pascal Precht f31e40264e refactor(import-tool): process import data in chunks
This commit refactors the discord import tool such that,
instead of loading all data to be imported into memory at
once, it will now perform the import on a per file basis.

This improves the memory pressure for the node performing
the import and seems to increase its performance as well.
2023-01-30 12:23:56 +01:00
Pascal Precht b5964348a1 fix(communities): ensure archive import is only cancelled if not already marked as such
There were cases where this caused a crash, as handling magnetlinks would try to close
an already closed tasked channel

See https://github.com/status-im/status-desktop/issues/8996 for more information.

This commit extends the task struct such that it can be marked as cancelled and safely
read and written by multiple go routines.
2023-01-24 08:58:40 +01:00
Pascal Precht eb2b4b7cdc refactor(Communities): ensure generated archives don't exceed max cap
This introduces an addition constraint to archive generation, in which the payload + signature size of all partitioned message that go into an archive should not exceed a certain
threshold.

This is to ensure that archives won't get too big when they are later read into memory.
2023-01-20 17:09:00 +01:00
Pascal Precht 1bab7ae056 refactor(communities): improve archive handling memory pressure
Instead of loading the entire torrent file into memory when trying
to extrract active messages, we now only read the chunks that are
necessary to decode any individual archive and then process
extracted messages in chunks.

This doesn't introduce a max cap of allowed memory yet, since the
chunk size depends entirely on the size of the archive, but this
will be done soon.
2023-01-18 15:45:13 +01:00
Andrea Maria Piana ed9ca8392c Upgrade linter to 1.50.0 2023-01-13 17:52:03 +00:00
Jonathan Rainville e98e6b61af fix: use the uncompressed community pubkey as topic to receive requests 2023-01-11 13:41:29 -04:00
Pascal Precht b4bdfd3df6 Keep track of last seen magnetlink
This is to prevent processing magnetlinks if they haven't changed
2022-12-20 15:16:08 +01:00
Pascal Precht f5dfa58602 refactor(communities): better archive download handling
This commit makes a few changes to the community history archive
download routine to make it more robust:

1. Prior to this commit, even when there were no archives to be
   downloaded, we were still trying to extract messages from archive
   data.
2. Logs have been improved as they were sometimes showing confusing
   information
3. We now handle interruption of ongoing download + data import much
   better in case of multiple magnetlinks being processed in roughly the
   same time.
4. We now keep track of which archive has been successfully imported
   into the database. Without this, Status would consider any downloaded
   archives as "done" even though they haven't actually been imported
   into the database yet. This way Status should be able to pick up its
   work were it left of the last time, in case a user closes the app, or
   another magnetlink interrupts the ongoing process.
2022-12-13 16:13:15 +01:00
Pascal Precht 4bddfbd466 chore: better community archive protocol logs 2022-12-13 16:13:15 +01:00