package communities import ( "bytes" "crypto/ecdsa" "encoding/json" "errors" "fmt" "sync" "time" "github.com/golang/protobuf/proto" "go.uber.org/zap" "github.com/status-im/status-go/eth-node/crypto" "github.com/status-im/status-go/eth-node/types" "github.com/status-im/status-go/images" "github.com/status-im/status-go/protocol/common" "github.com/status-im/status-go/protocol/protobuf" "github.com/status-im/status-go/protocol/requests" "github.com/status-im/status-go/protocol/v1" "github.com/status-im/status-go/services/wallet/bigint" ) const signatureLength = 65 type Config struct { PrivateKey *ecdsa.PrivateKey CommunityDescription *protobuf.CommunityDescription MarshaledCommunityDescription []byte ID *ecdsa.PublicKey Joined bool Requested bool Verified bool Spectated bool Muted bool MuteTill time.Time Logger *zap.Logger RequestedToJoinAt uint64 RequestsToJoin []*RequestToJoin MemberIdentity *ecdsa.PublicKey SyncedAt uint64 } type Community struct { config *Config mutex sync.Mutex } func New(config Config) (*Community, error) { if config.MemberIdentity == nil { return nil, errors.New("no member identity") } if config.Logger == nil { logger, err := zap.NewDevelopment() if err != nil { return nil, err } config.Logger = logger } community := &Community{config: &config} community.initialize() return community, nil } type CommunityAdminSettings struct { PinMessageAllMembersEnabled bool `json:"pinMessageAllMembersEnabled"` } type CommunityChat struct { ID string `json:"id"` Name string `json:"name"` Color string `json:"color"` Emoji string `json:"emoji"` Description string `json:"description"` Members map[string]*protobuf.CommunityMember `json:"members"` Permissions *protobuf.CommunityPermissions `json:"permissions"` CanPost bool `json:"canPost"` Position int `json:"position"` CategoryID string `json:"categoryID"` } type CommunityCategory struct { ID string `json:"id"` Name string `json:"name"` Position int `json:"position"` // Position is used to sort the categories } type CommunityTag struct { Name string `json:"name"` Emoji string `json:"emoji"` } func (o *Community) MarshalPublicAPIJSON() ([]byte, error) { if o.config.MemberIdentity == nil { return nil, errors.New("member identity not set") } communityItem := struct { ID types.HexBytes `json:"id"` Verified bool `json:"verified"` Chats map[string]CommunityChat `json:"chats"` Categories map[string]CommunityCategory `json:"categories"` Name string `json:"name"` Description string `json:"description"` IntroMessage string `json:"introMessage"` OutroMessage string `json:"outroMessage"` Tags []CommunityTag `json:"tags"` Images map[string]images.IdentityImage `json:"images"` Color string `json:"color"` MembersCount int `json:"membersCount"` EnsName string `json:"ensName"` Link string `json:"link"` CommunityAdminSettings CommunityAdminSettings `json:"adminSettings"` Encrypted bool `json:"encrypted"` BanList []string `json:"banList"` TokenPermissions map[string]*protobuf.CommunityTokenPermission `json:"tokenPermissions"` CommunityTokensMetadata []*protobuf.CommunityTokenMetadata `json:"communityTokensMetadata"` ActiveMembersCount uint64 `json:"activeMembersCount"` }{ ID: o.ID(), Verified: o.config.Verified, Chats: make(map[string]CommunityChat), Categories: make(map[string]CommunityCategory), Tags: o.Tags(), } if o.config.CommunityDescription != nil { for id, c := range o.config.CommunityDescription.Categories { category := CommunityCategory{ ID: id, Name: c.Name, Position: int(c.Position), } communityItem.Categories[id] = category communityItem.Encrypted = o.config.CommunityDescription.Encrypted } for id, c := range o.config.CommunityDescription.Chats { canPost, err := o.CanPost(o.config.MemberIdentity, id, nil) if err != nil { return nil, err } chat := CommunityChat{ ID: id, Name: c.Identity.DisplayName, Color: c.Identity.Color, Emoji: c.Identity.Emoji, Description: c.Identity.Description, Permissions: c.Permissions, Members: c.Members, CanPost: canPost, CategoryID: c.CategoryId, Position: int(c.Position), } communityItem.Chats[id] = chat } communityItem.TokenPermissions = o.config.CommunityDescription.TokenPermissions communityItem.MembersCount = len(o.config.CommunityDescription.Members) communityItem.Link = fmt.Sprintf("https://join.status.im/c/0x%x", o.ID()) communityItem.IntroMessage = o.config.CommunityDescription.IntroMessage communityItem.OutroMessage = o.config.CommunityDescription.OutroMessage communityItem.BanList = o.config.CommunityDescription.BanList communityItem.CommunityTokensMetadata = o.config.CommunityDescription.CommunityTokensMetadata communityItem.ActiveMembersCount = o.config.CommunityDescription.ActiveMembersCount if o.config.CommunityDescription.Identity != nil { communityItem.Name = o.Name() communityItem.Color = o.config.CommunityDescription.Identity.Color communityItem.Description = o.config.CommunityDescription.Identity.Description for t, i := range o.config.CommunityDescription.Identity.Images { if communityItem.Images == nil { communityItem.Images = make(map[string]images.IdentityImage) } communityItem.Images[t] = images.IdentityImage{Name: t, Payload: i.Payload} } } communityItem.CommunityAdminSettings = CommunityAdminSettings{ PinMessageAllMembersEnabled: false, } if o.config.CommunityDescription.AdminSettings != nil { communityItem.CommunityAdminSettings.PinMessageAllMembersEnabled = o.config.CommunityDescription.AdminSettings.PinMessageAllMembersEnabled } } return json.Marshal(communityItem) } func (o *Community) MarshalJSON() ([]byte, error) { if o.config.MemberIdentity == nil { return nil, errors.New("member identity not set") } communityItem := struct { ID types.HexBytes `json:"id"` MemberRole protobuf.CommunityMember_Roles `json:"memberRole"` Verified bool `json:"verified"` Joined bool `json:"joined"` Spectated bool `json:"spectated"` RequestedAccessAt int `json:"requestedAccessAt"` Name string `json:"name"` Description string `json:"description"` IntroMessage string `json:"introMessage"` OutroMessage string `json:"outroMessage"` Tags []CommunityTag `json:"tags"` Chats map[string]CommunityChat `json:"chats"` Categories map[string]CommunityCategory `json:"categories"` Images map[string]images.IdentityImage `json:"images"` Permissions *protobuf.CommunityPermissions `json:"permissions"` Members map[string]*protobuf.CommunityMember `json:"members"` CanRequestAccess bool `json:"canRequestAccess"` CanManageUsers bool `json:"canManageUsers"` //TODO: we can remove this CanDeleteMessageForEveryone bool `json:"canDeleteMessageForEveryone"` //TODO: we can remove this CanJoin bool `json:"canJoin"` Color string `json:"color"` RequestedToJoinAt uint64 `json:"requestedToJoinAt,omitempty"` IsMember bool `json:"isMember"` Muted bool `json:"muted"` MuteTill time.Time `json:"muteTill,omitempty"` CommunityAdminSettings CommunityAdminSettings `json:"adminSettings"` Encrypted bool `json:"encrypted"` BanList []string `json:"banList"` TokenPermissions map[string]*protobuf.CommunityTokenPermission `json:"tokenPermissions"` CommunityTokensMetadata []*protobuf.CommunityTokenMetadata `json:"communityTokensMetadata"` ActiveMembersCount uint64 `json:"activeMembersCount"` }{ ID: o.ID(), MemberRole: o.MemberRole(o.MemberIdentity()), Verified: o.config.Verified, Chats: make(map[string]CommunityChat), Categories: make(map[string]CommunityCategory), Joined: o.config.Joined, Spectated: o.config.Spectated, CanRequestAccess: o.CanRequestAccess(o.config.MemberIdentity), CanJoin: o.canJoin(), CanManageUsers: o.CanManageUsers(o.config.MemberIdentity), CanDeleteMessageForEveryone: o.CanDeleteMessageForEveryone(o.config.MemberIdentity), RequestedToJoinAt: o.RequestedToJoinAt(), IsMember: o.isMember(), Muted: o.config.Muted, MuteTill: o.config.MuteTill, Tags: o.Tags(), Encrypted: o.Encrypted(), } if o.config.CommunityDescription != nil { for id, c := range o.config.CommunityDescription.Categories { category := CommunityCategory{ ID: id, Name: c.Name, Position: int(c.Position), } communityItem.Encrypted = o.config.CommunityDescription.Encrypted communityItem.Categories[id] = category } for id, c := range o.config.CommunityDescription.Chats { canPost, err := o.CanPost(o.config.MemberIdentity, id, nil) if err != nil { return nil, err } chat := CommunityChat{ ID: id, Name: c.Identity.DisplayName, Emoji: c.Identity.Emoji, Color: c.Identity.Color, Description: c.Identity.Description, Permissions: c.Permissions, Members: c.Members, CanPost: canPost, CategoryID: c.CategoryId, Position: int(c.Position), } communityItem.Chats[id] = chat } communityItem.TokenPermissions = o.config.CommunityDescription.TokenPermissions communityItem.Members = o.config.CommunityDescription.Members communityItem.Permissions = o.config.CommunityDescription.Permissions communityItem.IntroMessage = o.config.CommunityDescription.IntroMessage communityItem.OutroMessage = o.config.CommunityDescription.OutroMessage communityItem.BanList = o.config.CommunityDescription.BanList communityItem.CommunityTokensMetadata = o.config.CommunityDescription.CommunityTokensMetadata communityItem.ActiveMembersCount = o.config.CommunityDescription.ActiveMembersCount if o.config.CommunityDescription.Identity != nil { communityItem.Name = o.Name() communityItem.Color = o.config.CommunityDescription.Identity.Color communityItem.Description = o.config.CommunityDescription.Identity.Description for t, i := range o.config.CommunityDescription.Identity.Images { if communityItem.Images == nil { communityItem.Images = make(map[string]images.IdentityImage) } communityItem.Images[t] = images.IdentityImage{Name: t, Payload: i.Payload} } } communityItem.CommunityAdminSettings = CommunityAdminSettings{ PinMessageAllMembersEnabled: false, } if o.config.CommunityDescription.AdminSettings != nil { communityItem.CommunityAdminSettings.PinMessageAllMembersEnabled = o.config.CommunityDescription.AdminSettings.PinMessageAllMembersEnabled } } return json.Marshal(communityItem) } func (o *Community) Identity() *protobuf.ChatIdentity { return o.config.CommunityDescription.Identity } func (o *Community) Permissions() *protobuf.CommunityPermissions { return o.config.CommunityDescription.Permissions } func (o *Community) AdminSettings() *protobuf.CommunityAdminSettings { return o.config.CommunityDescription.AdminSettings } func (o *Community) Name() string { if o != nil && o.config != nil && o.config.CommunityDescription != nil && o.config.CommunityDescription.Identity != nil { return o.config.CommunityDescription.Identity.DisplayName } return "" } func (o *Community) DescriptionText() string { if o != nil && o.config != nil && o.config.CommunityDescription != nil && o.config.CommunityDescription.Identity != nil { return o.config.CommunityDescription.Identity.Description } return "" } func (o *Community) IntroMessage() string { if o != nil && o.config != nil && o.config.CommunityDescription != nil { return o.config.CommunityDescription.IntroMessage } return "" } func (o *Community) CommunityTokensMetadata() []*protobuf.CommunityTokenMetadata { if o != nil && o.config != nil && o.config.CommunityDescription != nil { return o.config.CommunityDescription.CommunityTokensMetadata } return nil } func (o *Community) Tags() []CommunityTag { if o != nil && o.config != nil && o.config.CommunityDescription != nil { var result []CommunityTag for _, t := range o.config.CommunityDescription.Tags { result = append(result, CommunityTag{ Name: t, Emoji: requests.TagsEmojies[t], }) } return result } return nil } func (o *Community) TagsRaw() []string { return o.config.CommunityDescription.Tags } func (o *Community) TagsIndices() []uint32 { var indices []uint32 for _, t := range o.config.CommunityDescription.Tags { i := uint32(0) for k := range requests.TagsEmojies { if k == t { indices = append(indices, i) } i++ } } return indices } func (o *Community) OutroMessage() string { if o != nil && o.config != nil && o.config.CommunityDescription != nil { return o.config.CommunityDescription.OutroMessage } return "" } func (o *Community) Color() string { if o != nil && o.config != nil && o.config.CommunityDescription != nil && o.config.CommunityDescription.Identity != nil { return o.config.CommunityDescription.Identity.Color } return "" } func (o *Community) Members() map[string]*protobuf.CommunityMember { if o != nil && o.config != nil && o.config.CommunityDescription != nil { return o.config.CommunityDescription.Members } return nil } func (o *Community) MembersCount() int { if o != nil && o.config != nil && o.config.CommunityDescription != nil { return len(o.config.CommunityDescription.Members) } return 0 } func (o *Community) GetMemberPubkeys() []*ecdsa.PublicKey { if o != nil && o.config != nil && o.config.CommunityDescription != nil { pubkeys := make([]*ecdsa.PublicKey, len(o.config.CommunityDescription.Members)) i := 0 for hex := range o.config.CommunityDescription.Members { pubkeys[i], _ = common.HexToPubkey(hex) i++ } return pubkeys } return nil } func (o *Community) initialize() { if o.config.CommunityDescription == nil { o.config.CommunityDescription = &protobuf.CommunityDescription{} } } type DeployState uint8 const ( Failed DeployState = iota InProgress Deployed ) type CommunityToken struct { TokenType protobuf.CommunityTokenType `json:"tokenType"` CommunityID string `json:"communityId"` Address string `json:"address"` Name string `json:"name"` Symbol string `json:"symbol"` Description string `json:"description"` Supply *bigint.BigInt `json:"supply"` InfiniteSupply bool `json:"infiniteSupply"` Transferable bool `json:"transferable"` RemoteSelfDestruct bool `json:"remoteSelfDestruct"` ChainID int `json:"chainId"` DeployState DeployState `json:"deployState"` Base64Image string `json:"image"` Decimals int `json:"decimals"` } type CommunitySettings struct { CommunityID string `json:"communityId"` HistoryArchiveSupportEnabled bool `json:"historyArchiveSupportEnabled"` Clock uint64 `json:"clock"` } type CommunityChatChanges struct { ChatModified *protobuf.CommunityChat MembersAdded map[string]*protobuf.CommunityMember MembersRemoved map[string]*protobuf.CommunityMember CategoryModified string PositionModified int FirstMessageTimestampModified uint32 } type CommunityChanges struct { Community *Community `json:"community"` MembersAdded map[string]*protobuf.CommunityMember `json:"membersAdded"` MembersRemoved map[string]*protobuf.CommunityMember `json:"membersRemoved"` TokenPermissionsAdded map[string]*protobuf.CommunityTokenPermission `json:"tokenPermissionsAdded"` TokenPermissionsModified map[string]*protobuf.CommunityTokenPermission `json:"tokenPermissionsModified"` TokenPermissionsRemoved []string `json:"tokenPermissionsRemoved"` ChatsRemoved map[string]*protobuf.CommunityChat `json:"chatsRemoved"` ChatsAdded map[string]*protobuf.CommunityChat `json:"chatsAdded"` ChatsModified map[string]*CommunityChatChanges `json:"chatsModified"` CategoriesRemoved []string `json:"categoriesRemoved"` CategoriesAdded map[string]*protobuf.CommunityCategory `json:"categoriesAdded"` CategoriesModified map[string]*protobuf.CommunityCategory `json:"categoriesModified"` MemberWalletsRemoved []string `json:"memberWalletsRemoved"` MemberWalletsAdded map[string][]*protobuf.RevealedAccount `json:"memberWalletsAdded"` // ShouldMemberJoin indicates whether the user should join this community // automatically ShouldMemberJoin bool `json:"memberAdded"` // ShouldMemberJoin indicates whether the user should leave this community // automatically ShouldMemberLeave bool `json:"memberRemoved"` } // `CommunityAdminEventChanges contain additional changes that don't live on // a `Community` but still have to be propagated to other admin and control nodes type CommunityAdminEventChanges struct { *CommunityChanges // `RejectedRequestsToJoin` is a map of signer keys to requests to join RejectedRequestsToJoin map[string]*protobuf.CommunityRequestToJoin `json:"rejectedRequestsToJoin"` // `AcceptedRequestsToJoin` is a map of signer keys to requests to join AcceptedRequestsToJoin map[string]*protobuf.CommunityRequestToJoin `json:"acceptedRequestsToJoin"` } func (c *CommunityChanges) HasNewMember(identity string) bool { if len(c.MembersAdded) == 0 { return false } _, ok := c.MembersAdded[identity] return ok } func (c *CommunityChanges) HasMemberLeft(identity string) bool { if len(c.MembersRemoved) == 0 { return false } _, ok := c.MembersRemoved[identity] return ok } func (o *Community) emptyCommunityChanges() *CommunityChanges { changes := emptyCommunityChanges() changes.Community = o return changes } func (o *Community) CreateChat(chatID string, chat *protobuf.CommunityChat) (*CommunityChanges, error) { o.mutex.Lock() defer o.mutex.Unlock() if !o.IsOwnerOrAdmin() { return nil, ErrNotAdmin } err := o.createChat(chatID, chat) if err != nil { return nil, err } o.increaseClock() changes := o.emptyCommunityChanges() changes.ChatsAdded[chatID] = chat return changes, nil } func (o *Community) EditChat(chatID string, chat *protobuf.CommunityChat) (*CommunityChanges, error) { o.mutex.Lock() defer o.mutex.Unlock() if !o.IsOwnerOrAdmin() { return nil, ErrNotAdmin } err := o.editChat(chatID, chat) if err != nil { return nil, err } o.increaseClock() changes := o.emptyCommunityChanges() changes.ChatsModified[chatID] = &CommunityChatChanges{ ChatModified: chat, } return changes, nil } func (o *Community) DeleteChat(chatID string) (*CommunityChanges, error) { o.mutex.Lock() defer o.mutex.Unlock() if !o.IsOwnerOrAdmin() { return nil, ErrNotAdmin } changes := o.deleteChat(chatID) o.increaseClock() return changes, nil } func (o *Community) InviteUserToOrg(pk *ecdsa.PublicKey) (*protobuf.CommunityInvitation, error) { o.mutex.Lock() defer o.mutex.Unlock() if o.config.PrivateKey == nil { return nil, ErrNotAdmin } _, err := o.AddMember(pk, []protobuf.CommunityMember_Roles{}) if err != nil { return nil, err } response := &protobuf.CommunityInvitation{} marshaledCommunity, err := o.toBytes() if err != nil { return nil, err } response.CommunityDescription = marshaledCommunity grant, err := o.buildGrant(pk, "") if err != nil { return nil, err } response.Grant = grant response.PublicKey = crypto.CompressPubkey(pk) return response, nil } func (o *Community) InviteUserToChat(pk *ecdsa.PublicKey, chatID string) (*protobuf.CommunityInvitation, error) { o.mutex.Lock() defer o.mutex.Unlock() if o.config.PrivateKey == nil { return nil, ErrNotAdmin } memberKey := common.PubkeyToHex(pk) if _, ok := o.config.CommunityDescription.Members[memberKey]; !ok { o.config.CommunityDescription.Members[memberKey] = &protobuf.CommunityMember{} } chat, ok := o.config.CommunityDescription.Chats[chatID] if !ok { return nil, ErrChatNotFound } if chat.Members == nil { chat.Members = make(map[string]*protobuf.CommunityMember) } chat.Members[memberKey] = &protobuf.CommunityMember{} o.increaseClock() response := &protobuf.CommunityInvitation{} marshaledCommunity, err := o.toBytes() if err != nil { return nil, err } response.CommunityDescription = marshaledCommunity grant, err := o.buildGrant(pk, chatID) if err != nil { return nil, err } response.Grant = grant response.ChatId = chatID return response, nil } func (o *Community) getMember(pk *ecdsa.PublicKey) *protobuf.CommunityMember { key := common.PubkeyToHex(pk) member := o.config.CommunityDescription.Members[key] return member } func (o *Community) GetMember(pk *ecdsa.PublicKey) *protobuf.CommunityMember { return o.getMember(pk) } func (o *Community) hasMember(pk *ecdsa.PublicKey) bool { member := o.getMember(pk) return member != nil } func (o *Community) IsBanned(pk *ecdsa.PublicKey) bool { o.mutex.Lock() defer o.mutex.Unlock() return o.isBanned(pk) } func (o *Community) isBanned(pk *ecdsa.PublicKey) bool { key := common.PubkeyToHex(pk) for _, k := range o.config.CommunityDescription.BanList { if k == key { return true } } return false } func (o *Community) hasMemberPermission(member *protobuf.CommunityMember, permissions map[protobuf.CommunityMember_Roles]bool) bool { for _, r := range member.Roles { if permissions[r] { return true } } return false } func (o *Community) hasPermission(pk *ecdsa.PublicKey, roles map[protobuf.CommunityMember_Roles]bool) bool { if pk == nil || o.config.ID == nil { return false } if common.IsPubKeyEqual(pk, o.config.ID) { return true } member := o.getMember(pk) if member == nil { return false } return o.hasMemberPermission(member, roles) } func (o *Community) HasMember(pk *ecdsa.PublicKey) bool { o.mutex.Lock() defer o.mutex.Unlock() return o.hasMember(pk) } func (o *Community) IsMemberInChat(pk *ecdsa.PublicKey, chatID string) bool { o.mutex.Lock() defer o.mutex.Unlock() if !o.hasMember(pk) { return false } chat, ok := o.config.CommunityDescription.Chats[chatID] if !ok { return false } key := common.PubkeyToHex(pk) _, ok = chat.Members[key] return ok } func (o *Community) RemoveUserFromChat(pk *ecdsa.PublicKey, chatID string) (*protobuf.CommunityDescription, error) { o.mutex.Lock() defer o.mutex.Unlock() if o.config.PrivateKey == nil { return nil, ErrNotAdmin } if !o.hasMember(pk) { return o.config.CommunityDescription, nil } chat, ok := o.config.CommunityDescription.Chats[chatID] if !ok { return o.config.CommunityDescription, nil } key := common.PubkeyToHex(pk) delete(chat.Members, key) return o.config.CommunityDescription, nil } func (o *Community) removeMemberFromOrg(pk *ecdsa.PublicKey) { if !o.hasMember(pk) { return } key := common.PubkeyToHex(pk) // Remove from org delete(o.config.CommunityDescription.Members, key) // Remove from chats for _, chat := range o.config.CommunityDescription.Chats { delete(chat.Members, key) } } func (o *Community) RemoveOurselvesFromOrg(pk *ecdsa.PublicKey) { o.mutex.Lock() defer o.mutex.Unlock() o.removeMemberFromOrg(pk) o.increaseClock() } func (o *Community) RemoveUserFromOrg(pk *ecdsa.PublicKey) (*protobuf.CommunityDescription, error) { o.mutex.Lock() defer o.mutex.Unlock() if !o.IsOwnerOrAdmin() { return nil, ErrNotAdmin } if o.IsAdmin() && o.IsMemberOwnerOrAdmin(pk) { return nil, ErrCannotRemoveOwnerOrAdmin } o.removeMemberFromOrg(pk) o.increaseClock() return o.config.CommunityDescription, nil } func (o *Community) AddCommunityTokensMetadata(token *protobuf.CommunityTokenMetadata) (*protobuf.CommunityDescription, error) { o.mutex.Lock() defer o.mutex.Unlock() if o.config.PrivateKey == nil { return nil, ErrNotAdmin } o.config.CommunityDescription.CommunityTokensMetadata = append(o.config.CommunityDescription.CommunityTokensMetadata, token) o.increaseClock() return o.config.CommunityDescription, nil } func (o *Community) UnbanUserFromCommunity(pk *ecdsa.PublicKey) (*protobuf.CommunityDescription, error) { o.mutex.Lock() defer o.mutex.Unlock() if !o.IsOwnerOrAdmin() { return nil, ErrNotAdmin } o.unbanUserFromCommunity(pk) o.increaseClock() return o.config.CommunityDescription, nil } func (o *Community) BanUserFromCommunity(pk *ecdsa.PublicKey) (*protobuf.CommunityDescription, error) { o.mutex.Lock() defer o.mutex.Unlock() if !o.IsOwnerOrAdmin() { return nil, ErrNotAdmin } if o.IsAdmin() && o.IsMemberOwnerOrAdmin(pk) { return nil, ErrCannotBanOwnerOrAdmin } o.banUserFromCommunity(pk) o.increaseClock() return o.config.CommunityDescription, nil } func (o *Community) AddRoleToMember(pk *ecdsa.PublicKey, role protobuf.CommunityMember_Roles) (*protobuf.CommunityDescription, error) { o.mutex.Lock() defer o.mutex.Unlock() if o.config.PrivateKey == nil { return nil, ErrNotAdmin } updated := false member := o.getMember(pk) if member != nil { roles := make(map[protobuf.CommunityMember_Roles]bool) roles[role] = true if !o.hasMemberPermission(member, roles) { member.Roles = append(member.Roles, role) o.config.CommunityDescription.Members[common.PubkeyToHex(pk)] = member updated = true } } if updated { o.increaseClock() } return o.config.CommunityDescription, nil } func (o *Community) RemoveRoleFromMember(pk *ecdsa.PublicKey, role protobuf.CommunityMember_Roles) (*protobuf.CommunityDescription, error) { o.mutex.Lock() defer o.mutex.Unlock() if o.config.PrivateKey == nil { return nil, ErrNotAdmin } updated := false member := o.getMember(pk) if member != nil { roles := make(map[protobuf.CommunityMember_Roles]bool) roles[role] = true if o.hasMemberPermission(member, roles) { var newRoles []protobuf.CommunityMember_Roles for _, r := range member.Roles { if r != role { newRoles = append(newRoles, r) } } member.Roles = newRoles o.config.CommunityDescription.Members[common.PubkeyToHex(pk)] = member updated = true } } if updated { o.increaseClock() } return o.config.CommunityDescription, nil } func (o *Community) Edit(description *protobuf.CommunityDescription) { o.config.CommunityDescription.Identity.DisplayName = description.Identity.DisplayName o.config.CommunityDescription.Identity.Description = description.Identity.Description o.config.CommunityDescription.Identity.Color = description.Identity.Color o.config.CommunityDescription.Tags = description.Tags o.config.CommunityDescription.Identity.Emoji = description.Identity.Emoji o.config.CommunityDescription.Identity.Images = description.Identity.Images o.config.CommunityDescription.IntroMessage = description.IntroMessage o.config.CommunityDescription.OutroMessage = description.OutroMessage if o.config.CommunityDescription.AdminSettings == nil { o.config.CommunityDescription.AdminSettings = &protobuf.CommunityAdminSettings{} } o.config.CommunityDescription.Permissions = description.Permissions o.config.CommunityDescription.AdminSettings.PinMessageAllMembersEnabled = description.AdminSettings.PinMessageAllMembersEnabled o.increaseClock() } func (o *Community) Join() { o.config.Joined = true o.config.Spectated = false } func (o *Community) Leave() { o.config.Joined = false o.config.Spectated = false } func (o *Community) Spectate() { o.config.Spectated = true } func (o *Community) Encrypted() bool { return o.config.CommunityDescription.Encrypted } func (o *Community) SetEncrypted(encrypted bool) { o.config.CommunityDescription.Encrypted = encrypted } func (o *Community) Joined() bool { return o.config.Joined } func (o *Community) Spectated() bool { return o.config.Spectated } func (o *Community) Verified() bool { return o.config.Verified } func (o *Community) Muted() bool { return o.config.Muted } func (o *Community) MuteTill() time.Time { return o.config.MuteTill } func (o *Community) MemberIdentity() *ecdsa.PublicKey { return o.config.MemberIdentity } // UpdateCommunityDescription will update the community to the new community description and return a list of changes func (o *Community) UpdateCommunityDescription(description *protobuf.CommunityDescription, rawMessage []byte) (*CommunityChanges, error) { o.mutex.Lock() defer o.mutex.Unlock() // This is done in case tags are updated and a client sends unknown tags description.Tags = requests.RemoveUnknownAndDeduplicateTags(description.Tags) err := ValidateCommunityDescription(description) if err != nil { return nil, err } response := o.emptyCommunityChanges() if description.Clock <= o.config.CommunityDescription.Clock { return response, nil } // We only calculate changes if we joined/spectated the community or we requested access, otherwise not interested if o.config.Joined || o.config.Spectated || o.config.RequestedToJoinAt > 0 { // Check for new members at the org level for pk, member := range description.Members { if _, ok := o.config.CommunityDescription.Members[pk]; !ok { if response.MembersAdded == nil { response.MembersAdded = make(map[string]*protobuf.CommunityMember) } response.MembersAdded[pk] = member } } // Check for removed members at the org level for pk, member := range o.config.CommunityDescription.Members { if _, ok := description.Members[pk]; !ok { if response.MembersRemoved == nil { response.MembersRemoved = make(map[string]*protobuf.CommunityMember) } response.MembersRemoved[pk] = member } } // check for removed chats for chatID, chat := range o.config.CommunityDescription.Chats { if description.Chats == nil { description.Chats = make(map[string]*protobuf.CommunityChat) } if _, ok := description.Chats[chatID]; !ok { if response.ChatsRemoved == nil { response.ChatsRemoved = make(map[string]*protobuf.CommunityChat) } response.ChatsRemoved[chatID] = chat } } for chatID, chat := range description.Chats { if o.config.CommunityDescription.Chats == nil { o.config.CommunityDescription.Chats = make(map[string]*protobuf.CommunityChat) } if _, ok := o.config.CommunityDescription.Chats[chatID]; !ok { if response.ChatsAdded == nil { response.ChatsAdded = make(map[string]*protobuf.CommunityChat) } response.ChatsAdded[chatID] = chat } else { // Check for members added for pk, member := range description.Chats[chatID].Members { if _, ok := o.config.CommunityDescription.Chats[chatID].Members[pk]; !ok { if response.ChatsModified[chatID] == nil { response.ChatsModified[chatID] = &CommunityChatChanges{ MembersAdded: make(map[string]*protobuf.CommunityMember), MembersRemoved: make(map[string]*protobuf.CommunityMember), } } response.ChatsModified[chatID].MembersAdded[pk] = member } } // check for members removed for pk, member := range o.config.CommunityDescription.Chats[chatID].Members { if _, ok := description.Chats[chatID].Members[pk]; !ok { if response.ChatsModified[chatID] == nil { response.ChatsModified[chatID] = &CommunityChatChanges{ MembersAdded: make(map[string]*protobuf.CommunityMember), MembersRemoved: make(map[string]*protobuf.CommunityMember), } } response.ChatsModified[chatID].MembersRemoved[pk] = member } } // check if first message timestamp was modified if o.config.CommunityDescription.Chats[chatID].Identity.FirstMessageTimestamp != description.Chats[chatID].Identity.FirstMessageTimestamp { if response.ChatsModified[chatID] == nil { response.ChatsModified[chatID] = &CommunityChatChanges{ MembersAdded: make(map[string]*protobuf.CommunityMember), MembersRemoved: make(map[string]*protobuf.CommunityMember), } } response.ChatsModified[chatID].FirstMessageTimestampModified = description.Chats[chatID].Identity.FirstMessageTimestamp } } } // Check for categories that were removed for categoryID := range o.config.CommunityDescription.Categories { if description.Categories == nil { description.Categories = make(map[string]*protobuf.CommunityCategory) } if description.Chats == nil { description.Chats = make(map[string]*protobuf.CommunityChat) } if _, ok := description.Categories[categoryID]; !ok { response.CategoriesRemoved = append(response.CategoriesRemoved, categoryID) } if o.config.CommunityDescription.Chats == nil { o.config.CommunityDescription.Chats = make(map[string]*protobuf.CommunityChat) } } // Check for categories that were added for categoryID, category := range description.Categories { if o.config.CommunityDescription.Categories == nil { o.config.CommunityDescription.Categories = make(map[string]*protobuf.CommunityCategory) } if _, ok := o.config.CommunityDescription.Categories[categoryID]; !ok { if response.CategoriesAdded == nil { response.CategoriesAdded = make(map[string]*protobuf.CommunityCategory) } response.CategoriesAdded[categoryID] = category } else { if o.config.CommunityDescription.Categories[categoryID].Name != category.Name || o.config.CommunityDescription.Categories[categoryID].Position != category.Position { response.CategoriesModified[categoryID] = category } } } // Check for chat categories that were modified for chatID, chat := range description.Chats { if o.config.CommunityDescription.Chats == nil { o.config.CommunityDescription.Chats = make(map[string]*protobuf.CommunityChat) } if _, ok := o.config.CommunityDescription.Chats[chatID]; !ok { continue // It's a new chat } if o.config.CommunityDescription.Chats[chatID].CategoryId != chat.CategoryId { if response.ChatsModified[chatID] == nil { response.ChatsModified[chatID] = &CommunityChatChanges{ MembersAdded: make(map[string]*protobuf.CommunityMember), MembersRemoved: make(map[string]*protobuf.CommunityMember), } } response.ChatsModified[chatID].CategoryModified = chat.CategoryId } } // Check for removed token permissions for id := range o.config.CommunityDescription.TokenPermissions { if _, ok := description.TokenPermissions[id]; !ok { if response.TokenPermissionsRemoved == nil { response.TokenPermissionsRemoved = make([]string, 0) } response.TokenPermissionsRemoved = append(response.TokenPermissionsRemoved, id) } } for id, permission := range description.TokenPermissions { if _, ok := o.config.CommunityDescription.TokenPermissions[id]; !ok { if response.TokenPermissionsAdded == nil { response.TokenPermissionsAdded = make(map[string]*protobuf.CommunityTokenPermission) } response.TokenPermissionsAdded[id] = permission } } } o.config.CommunityDescription = description o.config.MarshaledCommunityDescription = rawMessage return response, nil } func (o *Community) UpdateChatFirstMessageTimestamp(chatID string, timestamp uint32) (*CommunityChanges, error) { if !o.IsOwner() { return nil, ErrNotOwner } chat, ok := o.config.CommunityDescription.Chats[chatID] if !ok { return nil, ErrChatNotFound } chat.Identity.FirstMessageTimestamp = timestamp communityChanges := o.emptyCommunityChanges() communityChanges.ChatsModified[chatID] = &CommunityChatChanges{ FirstMessageTimestampModified: timestamp, } return communityChanges, nil } // ValidateRequestToJoin validates a request, checks that the right permissions are applied func (o *Community) ValidateRequestToJoin(signer *ecdsa.PublicKey, request *protobuf.CommunityRequestToJoin) error { o.mutex.Lock() defer o.mutex.Unlock() // If we are not admin, fuggetaboutit if !o.IsOwnerOrAdmin() { return ErrNotAdmin } // If the org is ens name only, then reject if not present if o.config.CommunityDescription.Permissions.EnsOnly && len(request.EnsName) == 0 { return ErrCantRequestAccess } if len(request.ChatId) != 0 { return o.validateRequestToJoinWithChatID(request) } err := o.validateRequestToJoinWithoutChatID(request) if err != nil { return err } return nil } // ValidateRequestToJoin validates a request, checks that the right permissions are applied func (o *Community) ValidateEditSharedAddresses(signer *ecdsa.PublicKey, request *protobuf.CommunityEditRevealedAccounts) error { o.mutex.Lock() defer o.mutex.Unlock() // If we are not admin, fuggetaboutit if !o.IsOwnerOrAdmin() { return ErrNotAdmin } if len(request.RevealedAccounts) == 0 { return errors.New("no addresses were shared") } if request.Clock < o.config.CommunityDescription.Members[common.PubkeyToHex(signer)].LastUpdateClock { return errors.New("edit request is older than the last one we have. Ignore") } return nil } func (o *Community) IsOwner() bool { return o.config.PrivateKey != nil || o.IsMemberOwner(o.config.MemberIdentity) } func (o *Community) IsAdmin() bool { return o.IsMemberAdmin(o.config.MemberIdentity) } func (o *Community) IsOwnerOrAdmin() bool { return o.IsOwner() || o.IsAdmin() } func (o *Community) IsMemberOwner(publicKey *ecdsa.PublicKey) bool { return o.hasPermission(publicKey, ownerRolePermission()) } func (o *Community) IsMemberAdmin(publicKey *ecdsa.PublicKey) bool { return o.hasPermission(publicKey, adminRolePermissions()) } func (o *Community) IsMemberOwnerOrAdmin(publicKey *ecdsa.PublicKey) bool { return o.hasPermission(publicKey, ownerOrAdminRolePermissions()) } func canManageUsersRolePermissions() map[protobuf.CommunityMember_Roles]bool { roles := ownerOrAdminRolePermissions() roles[protobuf.CommunityMember_ROLE_MANAGE_USERS] = true return roles } func ownerRolePermission() map[protobuf.CommunityMember_Roles]bool { roles := make(map[protobuf.CommunityMember_Roles]bool) roles[protobuf.CommunityMember_ROLE_OWNER] = true return roles } func adminRolePermissions() map[protobuf.CommunityMember_Roles]bool { roles := make(map[protobuf.CommunityMember_Roles]bool) roles[protobuf.CommunityMember_ROLE_ADMIN] = true return roles } func ownerOrAdminRolePermissions() map[protobuf.CommunityMember_Roles]bool { roles := make(map[protobuf.CommunityMember_Roles]bool) roles[protobuf.CommunityMember_ROLE_OWNER] = true roles[protobuf.CommunityMember_ROLE_ADMIN] = true return roles } func (o *Community) MemberRole(pubKey *ecdsa.PublicKey) protobuf.CommunityMember_Roles { if o.IsMemberOwner(pubKey) { return protobuf.CommunityMember_ROLE_OWNER } else if o.IsMemberAdmin(pubKey) { return protobuf.CommunityMember_ROLE_ADMIN } else if o.CanManageUsers(pubKey) { return protobuf.CommunityMember_ROLE_MANAGE_USERS } else if o.CanDeleteMessageForEveryone(pubKey) { return protobuf.CommunityMember_ROLE_MODERATE_CONTENT } return protobuf.CommunityMember_ROLE_NONE } func canDeleteMessageForEveryonePermissions() map[protobuf.CommunityMember_Roles]bool { roles := ownerOrAdminRolePermissions() roles[protobuf.CommunityMember_ROLE_MODERATE_CONTENT] = true return roles } func (o *Community) GetMemberAdmins() []*ecdsa.PublicKey { admins := make([]*ecdsa.PublicKey, 0) members := o.GetMemberPubkeys() for _, member := range members { if o.IsMemberAdmin(member) { admins = append(admins, member) } } return admins } func (o *Community) validateRequestToJoinWithChatID(request *protobuf.CommunityRequestToJoin) error { chat, ok := o.config.CommunityDescription.Chats[request.ChatId] if !ok { return ErrChatNotFound } // If chat is no permissions, access should not have been requested if chat.Permissions.Access != protobuf.CommunityPermissions_ON_REQUEST { return ErrCantRequestAccess } if chat.Permissions.EnsOnly && len(request.EnsName) == 0 { return ErrCantRequestAccess } return nil } func (o *Community) OnRequest() bool { return o.config.CommunityDescription.Permissions.Access == protobuf.CommunityPermissions_ON_REQUEST } func (o *Community) InvitationOnly() bool { return o.config.CommunityDescription.Permissions.Access == protobuf.CommunityPermissions_INVITATION_ONLY } func (o *Community) AcceptRequestToJoinAutomatically() bool { // We no longer have the notion of "no membership", but for historical reasons // we use `NO_MEMBERSHIP` to determine wether requests to join should be automatically // accepted or not. return o.config.CommunityDescription.Permissions.Access == protobuf.CommunityPermissions_NO_MEMBERSHIP } func (o *Community) validateRequestToJoinWithoutChatID(request *protobuf.CommunityRequestToJoin) error { // Previously, requests to join a community where only necessary when the community // permissions were indeed set to `ON_REQUEST`. // Now, users always have to request access but can get accepted automatically // (if permissions are set to NO_MEMBERSHIP). // // Hence, not only do we check whether the community permissions are ON_REQUEST but // also NO_MEMBERSHIP. if o.config.CommunityDescription.Permissions.Access != protobuf.CommunityPermissions_ON_REQUEST && o.config.CommunityDescription.Permissions.Access != protobuf.CommunityPermissions_NO_MEMBERSHIP { return ErrCantRequestAccess } return nil } func (o *Community) ID() types.HexBytes { return crypto.CompressPubkey(o.config.ID) } func (o *Community) IDString() string { return types.EncodeHex(o.ID()) } func (o *Community) StatusUpdatesChannelID() string { return o.IDString() + "-ping" } func (o *Community) MagnetlinkMessageChannelID() string { return o.IDString() + "-magnetlinks" } func (o *Community) MemberUpdateChannelID() string { return o.IDString() + "-memberUpdate" } func (o *Community) DefaultFilters() []string { cID := o.IDString() uncompressedPubKey := common.PubkeyToHex(o.config.ID)[2:] updatesChannelID := o.StatusUpdatesChannelID() mlChannelID := o.MagnetlinkMessageChannelID() memberUpdateChannelID := o.MemberUpdateChannelID() return []string{cID, uncompressedPubKey, updatesChannelID, mlChannelID, memberUpdateChannelID} } func (o *Community) PrivateKey() *ecdsa.PrivateKey { return o.config.PrivateKey } func (o *Community) PublicKey() *ecdsa.PublicKey { return o.config.ID } func (o *Community) Description() *protobuf.CommunityDescription { return o.config.CommunityDescription } func (o *Community) marshaledDescription() ([]byte, error) { return proto.Marshal(o.config.CommunityDescription) } func (o *Community) MarshaledDescription() ([]byte, error) { o.mutex.Lock() defer o.mutex.Unlock() return o.marshaledDescription() } func (o *Community) toBytes() ([]byte, error) { // This should not happen, as we can only serialize on our side if we // created the community if o.config.PrivateKey == nil && len(o.config.MarshaledCommunityDescription) == 0 { return nil, ErrNotAdmin } //We are not owner or admin, use the received serialized version if !o.IsOwnerOrAdmin() { return o.config.MarshaledCommunityDescription, nil } // serialize and sign payload, err := o.marshaledDescription() if err != nil { return nil, err } return protocol.WrapMessageV1(payload, protobuf.ApplicationMetadataMessage_COMMUNITY_DESCRIPTION, o.config.PrivateKey) } // ToBytes returns the community in a wrapped & signed protocol message func (o *Community) ToBytes() ([]byte, error) { o.mutex.Lock() defer o.mutex.Unlock() return o.toBytes() } func (o *Community) Chats() map[string]*protobuf.CommunityChat { response := make(map[string]*protobuf.CommunityChat) // Why are we checking here for nil, it should be the responsibility of the caller if o == nil { return response } o.mutex.Lock() defer o.mutex.Unlock() if o.config != nil && o.config.CommunityDescription != nil { for k, v := range o.config.CommunityDescription.Chats { response[k] = v } } return response } func (o *Community) Images() map[string]*protobuf.IdentityImage { response := make(map[string]*protobuf.IdentityImage) // Why are we checking here for nil, it should be the responsibility of the caller if o == nil { return response } o.mutex.Lock() defer o.mutex.Unlock() if o.config != nil && o.config.CommunityDescription != nil && o.config.CommunityDescription.Identity != nil { for k, v := range o.config.CommunityDescription.Identity.Images { response[k] = v } } return response } func (o *Community) Categories() map[string]*protobuf.CommunityCategory { response := make(map[string]*protobuf.CommunityCategory) if o == nil { return response } o.mutex.Lock() defer o.mutex.Unlock() if o.config != nil && o.config.CommunityDescription != nil { for k, v := range o.config.CommunityDescription.Categories { response[k] = v } } return response } func (o *Community) TokenPermissions() map[string]*protobuf.CommunityTokenPermission { return o.config.CommunityDescription.TokenPermissions } func (o *Community) HasTokenPermissions() bool { return len(o.config.CommunityDescription.TokenPermissions) > 0 } func (o *Community) TokenPermissionsByType(permissionType protobuf.CommunityTokenPermission_Type) []*protobuf.CommunityTokenPermission { permissions := make([]*protobuf.CommunityTokenPermission, 0) for _, tokenPermission := range o.TokenPermissions() { if tokenPermission.Type == permissionType { permissions = append(permissions, tokenPermission) } } return permissions } func (o *Community) ChannelTokenPermissionsByType(channelID string, permissionType protobuf.CommunityTokenPermission_Type) []*protobuf.CommunityTokenPermission { permissions := make([]*protobuf.CommunityTokenPermission, 0) for _, tokenPermission := range o.TokenPermissions() { if tokenPermission.Type == permissionType && includes(tokenPermission.ChatIds, channelID) { permissions = append(permissions, tokenPermission) } } return permissions } func includes(channelIDs []string, channelID string) bool { for _, id := range channelIDs { if id == channelID { return true } } return false } func (o *Community) AddTokenPermission(permission *protobuf.CommunityTokenPermission) (*CommunityChanges, error) { o.mutex.Lock() defer o.mutex.Unlock() if !o.IsOwnerOrAdmin() || (o.IsAdmin() && permission.Type == protobuf.CommunityTokenPermission_BECOME_ADMIN) { return nil, ErrNotEnoughPermissions } if o.config.CommunityDescription.TokenPermissions == nil { o.config.CommunityDescription.TokenPermissions = make(map[string]*protobuf.CommunityTokenPermission) } if _, exists := o.config.CommunityDescription.TokenPermissions[permission.Id]; exists { return nil, ErrTokenPermissionAlreadyExists } o.config.CommunityDescription.TokenPermissions[permission.Id] = permission o.increaseClock() changes := o.emptyCommunityChanges() if changes.TokenPermissionsAdded == nil { changes.TokenPermissionsAdded = make(map[string]*protobuf.CommunityTokenPermission) } changes.TokenPermissionsAdded[permission.Id] = permission return changes, nil } func (o *Community) UpdateTokenPermission(permissionID string, tokenPermission *protobuf.CommunityTokenPermission) (*CommunityChanges, error) { o.mutex.Lock() defer o.mutex.Unlock() if !o.IsOwnerOrAdmin() || (o.IsAdmin() && tokenPermission.Type == protobuf.CommunityTokenPermission_BECOME_ADMIN) { return nil, ErrNotEnoughPermissions } if o.config.CommunityDescription.TokenPermissions == nil { o.config.CommunityDescription.TokenPermissions = make(map[string]*protobuf.CommunityTokenPermission) } if _, ok := o.config.CommunityDescription.TokenPermissions[permissionID]; !ok { return nil, ErrTokenPermissionNotFound } changes := o.emptyCommunityChanges() o.config.CommunityDescription.TokenPermissions[permissionID] = tokenPermission o.increaseClock() if changes.TokenPermissionsModified == nil { changes.TokenPermissionsModified = make(map[string]*protobuf.CommunityTokenPermission) } changes.TokenPermissionsModified[permissionID] = o.config.CommunityDescription.TokenPermissions[tokenPermission.Id] return changes, nil } func (o *Community) DeleteTokenPermission(permissionID string) (*CommunityChanges, error) { o.mutex.Lock() defer o.mutex.Unlock() permission, exists := o.config.CommunityDescription.TokenPermissions[permissionID] if !exists { return nil, ErrTokenPermissionNotFound } if !o.IsOwnerOrAdmin() || (o.IsAdmin() && permission.Type == protobuf.CommunityTokenPermission_BECOME_ADMIN) { return nil, ErrNotEnoughPermissions } delete(o.config.CommunityDescription.TokenPermissions, permissionID) changes := o.emptyCommunityChanges() changes.TokenPermissionsRemoved = append(changes.TokenPermissionsRemoved, permissionID) o.increaseClock() return changes, nil } func (o *Community) VerifyGrantSignature(data []byte) (*protobuf.Grant, error) { if len(data) <= signatureLength { return nil, ErrInvalidGrant } signature := data[:signatureLength] payload := data[signatureLength:] grant := &protobuf.Grant{} err := proto.Unmarshal(payload, grant) if err != nil { return nil, err } if grant.Clock == 0 { return nil, ErrInvalidGrant } if grant.MemberId == nil { return nil, ErrInvalidGrant } if !bytes.Equal(grant.CommunityId, o.ID()) { return nil, ErrInvalidGrant } extractedPublicKey, err := crypto.SigToPub(crypto.Keccak256(payload), signature) if err != nil { return nil, err } if !common.IsPubKeyEqual(o.config.ID, extractedPublicKey) { return nil, ErrInvalidGrant } return grant, nil } func (o *Community) CanPost(pk *ecdsa.PublicKey, chatID string, grantBytes []byte) (bool, error) { if o.config.CommunityDescription.Chats == nil { o.config.Logger.Debug("canPost, no-chats") return false, nil } chat, ok := o.config.CommunityDescription.Chats[chatID] if !ok { o.config.Logger.Debug("canPost, no chat with id", zap.String("chat-id", chatID)) return false, nil } // creator can always post if common.IsPubKeyEqual(pk, o.config.ID) { return true, nil } // if banned cannot post if o.isBanned(pk) { return false, nil } // If both the chat & the org have no permissions, the user is allowed to post if o.config.CommunityDescription.Permissions.Access == protobuf.CommunityPermissions_NO_MEMBERSHIP && chat.Permissions.Access == protobuf.CommunityPermissions_NO_MEMBERSHIP { return true, nil } if chat.Permissions.Access != protobuf.CommunityPermissions_NO_MEMBERSHIP { if chat.Members == nil { o.config.Logger.Debug("canPost, no members in chat", zap.String("chat-id", chatID)) return false, nil } _, ok := chat.Members[common.PubkeyToHex(pk)] // If member, we stop here if ok { return true, nil } // If not a member, and not grant, we return if !ok && grantBytes == nil { o.config.Logger.Debug("canPost, not a member in chat", zap.String("chat-id", chatID)) return false, nil } // Otherwise we verify the grant return o.canPostWithGrant(pk, chatID, grantBytes) } // Chat has no membership, check org permissions if o.config.CommunityDescription.Members == nil { o.config.Logger.Debug("canPost, no members in org", zap.String("chat-id", chatID)) return false, nil } // If member, they can post _, ok = o.config.CommunityDescription.Members[common.PubkeyToHex(pk)] if ok { return true, nil } // Not a member and no grant, can't post if !ok && grantBytes == nil { o.config.Logger.Debug("canPost, not a member in org", zap.String("chat-id", chatID), zap.String("pubkey", common.PubkeyToHex(pk))) return false, nil } return o.canPostWithGrant(pk, chatID, grantBytes) } func (o *Community) canPostWithGrant(pk *ecdsa.PublicKey, chatID string, grantBytes []byte) (bool, error) { grant, err := o.VerifyGrantSignature(grantBytes) if err != nil { return false, err } // If the clock is lower or equal is invalid if grant.Clock <= o.config.CommunityDescription.Clock { return false, nil } if grant.MemberId == nil { return false, nil } grantPk, err := crypto.DecompressPubkey(grant.MemberId) if err != nil { return false, nil } if !common.IsPubKeyEqual(grantPk, pk) { return false, nil } if chatID != grant.ChatId { return false, nil } return true, nil } func (o *Community) BuildGrant(key *ecdsa.PublicKey, chatID string) ([]byte, error) { return o.buildGrant(key, chatID) } func (o *Community) buildGrant(key *ecdsa.PublicKey, chatID string) ([]byte, error) { bytes := make([]byte, 0) if o.config.PrivateKey != nil { grant := &protobuf.Grant{ CommunityId: o.ID(), MemberId: crypto.CompressPubkey(key), ChatId: chatID, Clock: o.config.CommunityDescription.Clock, } marshaledGrant, err := proto.Marshal(grant) if err != nil { return nil, err } signatureMaterial := crypto.Keccak256(marshaledGrant) signature, err := crypto.Sign(signatureMaterial, o.config.PrivateKey) if err != nil { return nil, err } bytes = append(signature, marshaledGrant...) } return bytes, nil } func (o *Community) increaseClock() { o.config.CommunityDescription.Clock = o.nextClock() } func (o *Community) Clock() uint64 { return o.config.CommunityDescription.Clock } func (o *Community) CanRequestAccess(pk *ecdsa.PublicKey) bool { if o.hasMember(pk) { return false } if o.config.CommunityDescription == nil { return false } if o.config.CommunityDescription.Permissions == nil { return false } return o.config.CommunityDescription.Permissions.Access == protobuf.CommunityPermissions_ON_REQUEST } func (o *Community) CanManageUsers(pk *ecdsa.PublicKey) bool { o.mutex.Lock() defer o.mutex.Unlock() if o.IsOwner() { return true } if !o.hasMember(pk) { return false } roles := canManageUsersRolePermissions() return o.hasPermission(pk, roles) } func (o *Community) CanDeleteMessageForEveryone(pk *ecdsa.PublicKey) bool { o.mutex.Lock() defer o.mutex.Unlock() if o.IsOwner() { return true } if !o.hasMember(pk) { return false } roles := canDeleteMessageForEveryonePermissions() return o.hasPermission(pk, roles) } func (o *Community) isMember() bool { return o.hasMember(o.config.MemberIdentity) } func (o *Community) CanMemberIdentityPost(chatID string) (bool, error) { return o.CanPost(o.config.MemberIdentity, chatID, nil) } // CanJoin returns whether a user can join the community, only if it's func (o *Community) canJoin() bool { if o.config.Joined { return false } if o.IsOwner() { return true } if o.config.CommunityDescription.Permissions.Access == protobuf.CommunityPermissions_NO_MEMBERSHIP { return true } return o.isMember() } func (o *Community) RequestedToJoinAt() uint64 { return o.config.RequestedToJoinAt } func (o *Community) nextClock() uint64 { return o.config.CommunityDescription.Clock + 1 } func (o *Community) CanManageUsersPublicKeys() ([]*ecdsa.PublicKey, error) { var response []*ecdsa.PublicKey roles := canManageUsersRolePermissions() for pkString, member := range o.config.CommunityDescription.Members { if o.hasMemberPermission(member, roles) { pk, err := common.HexToPubkey(pkString) if err != nil { return nil, err } response = append(response, pk) } } return response, nil } func (o *Community) AddRequestToJoin(request *RequestToJoin) { o.config.RequestsToJoin = append(o.config.RequestsToJoin, request) } func (o *Community) RequestsToJoin() []*RequestToJoin { return o.config.RequestsToJoin } func (o *Community) AddMember(publicKey *ecdsa.PublicKey, roles []protobuf.CommunityMember_Roles) (*CommunityChanges, error) { if !o.IsOwnerOrAdmin() { return nil, ErrNotAdmin } memberKey := common.PubkeyToHex(publicKey) changes := o.emptyCommunityChanges() if o.config.CommunityDescription.Members == nil { o.config.CommunityDescription.Members = make(map[string]*protobuf.CommunityMember) } if _, ok := o.config.CommunityDescription.Members[memberKey]; !ok { o.config.CommunityDescription.Members[memberKey] = &protobuf.CommunityMember{Roles: roles} changes.MembersAdded[memberKey] = o.config.CommunityDescription.Members[memberKey] } o.increaseClock() return changes, nil } func (o *Community) ChatIDs() (chatIDs []string) { for id := range o.config.CommunityDescription.Chats { chatIDs = append(chatIDs, o.IDString()+id) } return chatIDs } func (o *Community) AllowsAllMembersToPinMessage() bool { return o.config.CommunityDescription.AdminSettings != nil && o.config.CommunityDescription.AdminSettings.PinMessageAllMembersEnabled } func (o *Community) AddMemberRevealedAccounts(memberID string, accounts []*protobuf.RevealedAccount, clock uint64) (*CommunityChanges, error) { o.mutex.Lock() defer o.mutex.Unlock() if !o.IsOwnerOrAdmin() { return nil, ErrNotAdmin } if _, ok := o.config.CommunityDescription.Members[memberID]; !ok { return nil, ErrMemberNotFound } o.config.CommunityDescription.Members[memberID].RevealedAccounts = accounts o.config.CommunityDescription.Members[memberID].LastUpdateClock = clock o.increaseClock() changes := o.emptyCommunityChanges() changes.MemberWalletsAdded[memberID] = o.config.CommunityDescription.Members[memberID].RevealedAccounts return changes, nil } func (o *Community) createDeepCopy() Community { return Community{ config: &Config{ PrivateKey: o.config.PrivateKey, CommunityDescription: proto.Clone(o.config.CommunityDescription).(*protobuf.CommunityDescription), MarshaledCommunityDescription: o.config.MarshaledCommunityDescription, ID: o.config.ID, Joined: o.config.Joined, Requested: o.config.Requested, Verified: o.config.Verified, Spectated: o.config.Spectated, Muted: o.config.Muted, Logger: o.config.Logger, RequestedToJoinAt: o.config.RequestedToJoinAt, RequestsToJoin: o.config.RequestsToJoin, MemberIdentity: o.config.MemberIdentity, SyncedAt: o.config.SyncedAt, }, } } func (o *Community) SetActiveMembersCount(activeMembersCount uint64) (updated bool, err error) { o.mutex.Lock() defer o.mutex.Unlock() if o.config.PrivateKey == nil { return false, ErrNotAdmin } if activeMembersCount == o.config.CommunityDescription.ActiveMembersCount { return false, nil } o.config.CommunityDescription.ActiveMembersCount = activeMembersCount o.increaseClock() return true, nil } func emptyCommunityChanges() *CommunityChanges { return &CommunityChanges{ MembersAdded: make(map[string]*protobuf.CommunityMember), MembersRemoved: make(map[string]*protobuf.CommunityMember), ChatsRemoved: make(map[string]*protobuf.CommunityChat), ChatsAdded: make(map[string]*protobuf.CommunityChat), ChatsModified: make(map[string]*CommunityChatChanges), CategoriesRemoved: []string{}, CategoriesAdded: make(map[string]*protobuf.CommunityCategory), CategoriesModified: make(map[string]*protobuf.CommunityCategory), MemberWalletsRemoved: []string{}, MemberWalletsAdded: make(map[string][]*protobuf.RevealedAccount), } } type sortSlice []sorterHelperIdx type sorterHelperIdx struct { pos int32 catID string chatID string } func (d sortSlice) Len() int { return len(d) } func (d sortSlice) Swap(i, j int) { d[i], d[j] = d[j], d[i] } func (d sortSlice) Less(i, j int) bool { return d[i].pos < d[j].pos } func (o *Community) unbanUserFromCommunity(pk *ecdsa.PublicKey) { key := common.PubkeyToHex(pk) for i, v := range o.config.CommunityDescription.BanList { if v == key { o.config.CommunityDescription.BanList = append(o.config.CommunityDescription.BanList[:i], o.config.CommunityDescription.BanList[i+1:]...) break } } } func (o *Community) banUserFromCommunity(pk *ecdsa.PublicKey) { key := common.PubkeyToHex(pk) if o.hasMember(pk) { // Remove from org delete(o.config.CommunityDescription.Members, key) // Remove from chats for _, chat := range o.config.CommunityDescription.Chats { delete(chat.Members, key) } } for _, u := range o.config.CommunityDescription.BanList { if u == key { return } } o.config.CommunityDescription.BanList = append(o.config.CommunityDescription.BanList, key) } func (o *Community) editChat(chatID string, chat *protobuf.CommunityChat) error { err := validateCommunityChat(o.config.CommunityDescription, chat) if err != nil { return err } if o.config.CommunityDescription.Chats == nil { o.config.CommunityDescription.Chats = make(map[string]*protobuf.CommunityChat) } if _, exists := o.config.CommunityDescription.Chats[chatID]; !exists { return ErrChatNotFound } o.config.CommunityDescription.Chats[chatID] = chat return nil } func (o *Community) createChat(chatID string, chat *protobuf.CommunityChat) error { err := validateCommunityChat(o.config.CommunityDescription, chat) if err != nil { return err } if o.config.CommunityDescription.Chats == nil { o.config.CommunityDescription.Chats = make(map[string]*protobuf.CommunityChat) } if _, ok := o.config.CommunityDescription.Chats[chatID]; ok { return ErrChatAlreadyExists } for _, c := range o.config.CommunityDescription.Chats { if chat.Identity.DisplayName == c.Identity.DisplayName { return ErrInvalidCommunityDescriptionDuplicatedName } } // Sets the chat position to be the last within its category chat.Position = 0 for _, c := range o.config.CommunityDescription.Chats { if c.CategoryId == chat.CategoryId { chat.Position++ } } o.config.CommunityDescription.Chats[chatID] = chat return nil } func (o *Community) deleteChat(chatID string) *CommunityChanges { if o.config.CommunityDescription.Chats == nil { o.config.CommunityDescription.Chats = make(map[string]*protobuf.CommunityChat) } changes := o.emptyCommunityChanges() if chat, exists := o.config.CommunityDescription.Chats[chatID]; exists { tmpCatID := chat.CategoryId chat.CategoryId = "" o.SortCategoryChats(changes, tmpCatID) changes.ChatsRemoved[chatID] = chat } delete(o.config.CommunityDescription.Chats, chatID) return changes } func (o *Community) deleteBecomeMemberTokenPermissions(newPermissions map[string]*protobuf.CommunityTokenPermission) { if len(newPermissions) == 0 { o.config.CommunityDescription.TokenPermissions = make(map[string]*protobuf.CommunityTokenPermission) return } prevPermissions := o.TokenPermissionsByType(protobuf.CommunityTokenPermission_BECOME_MEMBER) if len(newPermissions) < len(prevPermissions) { for _, permission := range newPermissions { if permissionExists(permission.Id, prevPermissions) { delete(o.config.CommunityDescription.TokenPermissions, permission.Id) } } } } func (o *Community) addBecomeMemberTokenPermissions(newPermissions map[string]*protobuf.CommunityTokenPermission) { if o.config.CommunityDescription.TokenPermissions == nil { o.config.CommunityDescription.TokenPermissions = make(map[string]*protobuf.CommunityTokenPermission) } prevPermissions := o.TokenPermissionsByType(protobuf.CommunityTokenPermission_BECOME_MEMBER) for _, permission := range newPermissions { if !permissionExists(permission.Id, prevPermissions) { o.config.CommunityDescription.TokenPermissions[permission.Id] = permission } } } func (o *Community) updateTokenPermissions(newPermissions map[string]*protobuf.CommunityTokenPermission) { if o.config.CommunityDescription.TokenPermissions == nil { o.config.CommunityDescription.TokenPermissions = make(map[string]*protobuf.CommunityTokenPermission) } for _, newPermission := range newPermissions { o.config.CommunityDescription.TokenPermissions[newPermission.Id] = newPermission } } func (o *Community) addCommunityMember(pk *ecdsa.PublicKey, member *protobuf.CommunityMember) { if o.config.CommunityDescription.Members == nil { o.config.CommunityDescription.Members = make(map[string]*protobuf.CommunityMember) } memberKey := common.PubkeyToHex(pk) o.config.CommunityDescription.Members[memberKey] = member } func permissionExists(id string, prevPermissions []*protobuf.CommunityTokenPermission) bool { for _, prevPermission := range prevPermissions { if prevPermission.Id == id { return true } } return false }