0xf8/scam-police
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
scam-police/src/matrix.rs
0xf8 db61e1b78d
SSO is working now
2023-04-21 16:22:14 -04:00

332 lines
9.9 KiB
Rust
Raw Permalink Blame History

use matrix_sdk::{
config::SyncSettings, ruma::api::client::{filter::FilterDefinition, session::get_login_types::v3::{IdentityProvider, LoginType}}, Client, Session,
};
use rand::{distributions::Alphanumeric, thread_rng, Rng};
use reqwest::Client as http;
use rpassword::prompt_password;
use serde::{Deserialize, Serialize};
use serde_json::{from_str, Value};
use std::path::{Path, PathBuf};
use tokio::fs;
#[derive(Debug, Serialize, Deserialize)]
pub struct ClientSession {
homeserver: String,
db_path: PathBuf,
passphrase: String,
}
#[derive(Debug, Serialize, Deserialize)]
pub struct FullSession {
client_session: ClientSession,
user_session: Session,
#[serde(skip_serializing_if = "Option::is_none")]
sync_token: Option<String>,
}
#[derive(Debug, Clone)]
enum LoginChoice {
Password,
Sso,
SsoIdp(IdentityProvider),
}
impl LoginChoice {
pub async fn login(&self, client: &Client, user: String, hs: String) -> anyhow::Result<()> {
match self {
LoginChoice::Password => Self::login_password(client, user, hs).await,
LoginChoice::Sso => Self::login_sso(client, None).await,
LoginChoice::SsoIdp(idp) => Self::login_sso(client, Some(idp.to_owned())).await,
}
}
async fn login_password(client: &Client, user: String, _hs: String) -> anyhow::Result<()> {
loop {
let password = prompt_password("Password\n> ")?;
match client
.login_username(&user, &password)
.initial_device_display_name("scam-police")
.send()
.await
{
Ok(_) => {
println!("[*] Logged in as {user}");
break;
}
Err(e) => {
println!("[!] Error logging in: {e}");
println!("[!] Please try again\n");
}
}
}
Ok(())
}
async fn login_sso(client: &Client, idp: Option<IdentityProvider>) -> anyhow::Result<()> {
let mut login_builder = client.login_sso(|url| async move {
open::that_in_background(url);
println!("[*] Waiting for SSO token...");
Ok(())
}).initial_device_display_name("scam-police");
if let Some(idp) = idp.to_owned() {
login_builder = login_builder.identity_provider_id(&idp.id);
login_builder.send().await?;
} else {
login_builder.send().await?;
}
println!("[+] Got SSO token!");
Ok(())
}
}
//
// Matrix Login & Init
//
pub async fn login(data_dir: &Path, session_file: &Path, mxid: String) -> anyhow::Result<Client> {
println!("[*] Logging in as {mxid}...");
let (user, hs) = resolve_mxid(mxid).await?;
let (client, client_session) = build_client(data_dir, hs.to_owned()).await?;
let mut login_choices = Vec::new();
for login_type in client.get_login_types().await?.flows {
match login_type {
LoginType::Password(_) => {
login_choices.push(LoginChoice::Password);
},
LoginType::Sso(sso) => {
if sso.identity_providers.is_empty() {
login_choices.push(LoginChoice::Sso);
} else {
login_choices.extend(sso.identity_providers.into_iter().map(LoginChoice::SsoIdp));
}
},
// Ignore all other types
_ => {},
}
}
match login_choices.to_owned().len() {
0 => anyhow::bail!("No supported login types"),
1 => login_choices.to_owned().get(0).unwrap().login(&client, user, hs.to_owned()).await,
_ => {
use terminal_menu::*;
let mut menu_items = vec![label("----- Scam Police Login -----")];
let choices: Vec<(LoginChoice, String)> = login_choices.into_iter().map(|a| (a.to_owned(), match a {
LoginChoice::Password => format!("Password"),
LoginChoice::Sso => format!("SSO"),
LoginChoice::SsoIdp(idp) => format!("SSO via {}", idp.name),
})).collect();
for choice in choices.to_owned() {
menu_items.push(button(choice.1));
}
menu_items.push(button("Abort login"));
menu_items.push(label("-----------------------------"));
let menu = menu(menu_items);
run(&menu);
let menu = mut_menu(&menu);
let mut selected: Option<LoginChoice> = None;
let name = menu.selected_item_name().to_string();
if name == "Abort login" {
selected = None;
} else {
for c in choices {
if c.1 == name {
selected = Some(c.0.to_owned());
}
}
}
match selected {
Some(s) => s.login(&client, user, hs.to_owned()).await,
None => anyhow::bail!("Aborting login")
}
}
}?;
let user_session = client
.session()
.expect("A logged-in client should have a session");
let serialized_session = serde_json::to_string(&FullSession {
client_session,
user_session,
sync_token: None,
})?;
fs::write(session_file, serialized_session).await?;
Ok(client)
}
pub async fn build_client(data_dir: &Path, hs: String) -> anyhow::Result<(Client, ClientSession)> {
let mut rng = thread_rng();
let db_subfolder: String = (&mut rng)
.sample_iter(Alphanumeric)
.take(7)
.map(char::from)
.collect();
let db_path = data_dir.join(db_subfolder);
let passphrase: String = (&mut rng)
.sample_iter(Alphanumeric)
.take(32)
.map(char::from)
.collect();
match Client::builder()
.homeserver_url(&hs)
.sled_store(&db_path, Some(&passphrase))?
.build()
.await
{
Ok(client) => {
println!("[+] Homeserver OK");
return Ok((
client,
ClientSession {
homeserver: hs,
db_path,
passphrase,
},
));
}
Err(error) => match &error {
matrix_sdk::ClientBuildError::AutoDiscovery(_)
| matrix_sdk::ClientBuildError::Url(_)
| matrix_sdk::ClientBuildError::Http(_) => {
anyhow::bail!("[!] {error:?}");
}
_ => {
return Err(error.into());
}
},
}
}
//
// Helper Functions
//
// Resolve mxid into user and hs
pub async fn resolve_mxid(mxid: String) -> anyhow::Result<(String, String)> {
if mxid.get(0..1).unwrap() != "@" || !mxid.contains(":") {
anyhow::bail!("Invalid mxid");
}
let sep = mxid.find(":").unwrap();
let user = mxid.get(1..sep).unwrap().to_string();
let hs = resolve_homeserver(mxid.get((sep + 1)..).unwrap().to_string()).await?;
Ok((user, hs))
}
// Resolve homeserver
pub async fn resolve_homeserver(homeserver: String) -> anyhow::Result<String> {
let mut hs = homeserver;
if !hs.contains("://") {
hs = format!("https://{hs}");
}
if hs.chars().last().unwrap().to_string() == "/" {
hs.pop();
}
let ident = http::new()
.get(format!("{hs}/.well-known/matrix/client"))
.send()
.await;
match ident {
Ok(r) => {
let body = r.text().await?;
let json: Value = from_str(&body)?;
let discovered = json["m.homeserver"]["base_url"].as_str().unwrap();
Ok(discovered.to_string())
}
Err(e) => Err(e.into()),
}
}
//
// Persistence
//
pub async fn sync<'a>(
client: Client,
initial_sync_token: Option<String>,
) -> anyhow::Result<(Client, SyncSettings<'a>)> {
println!("[*] Running initial sync...");
let filter = FilterDefinition::empty();
let mut sync_settings = SyncSettings::default().filter(filter.into());
if let Some(sync_token) = initial_sync_token {
sync_settings = sync_settings.token(sync_token);
}
loop {
match client.sync_once(sync_settings.clone()).await {
Ok(response) => {
sync_settings = sync_settings.token(response.next_batch.clone());
persist_sync_token(response.next_batch).await?;
break;
}
Err(error) => {
println!("[!] An error occurred during initial sync: {error}");
if error.to_string().contains("[401 / M_UNKNOWN_TOKEN]") {
anyhow::bail!("Unknown token. You need to login again");
}
println!("[!] Trying again…");
}
}
}
println!("[*] Scam police is now running!");
Ok((client, sync_settings))
}
pub async fn persist_sync_token(sync_token: String) -> anyhow::Result<()> {
let serialized_session = fs::read_to_string(crate::SESSION_FILE.to_owned()).await?;
let mut full_session: FullSession = from_str(&serialized_session)?;
full_session.sync_token = Some(sync_token);
let serialized_session = serde_json::to_string(&full_session)?;
fs::write(crate::SESSION_FILE.to_owned(), serialized_session).await?;
Ok(())
}
pub async fn restore_session(session_file: &Path) -> anyhow::Result<(Client, Option<String>)> {
let serialized_session = fs::read_to_string(session_file).await?;
let FullSession {
client_session,
user_session,
sync_token,
} = from_str(&serialized_session)?;
let client = Client::builder()
.homeserver_url(client_session.homeserver)
.sled_store(client_session.db_path, Some(&client_session.passphrase))?
.build()
.await?;
println!("[*] Restoring session for {}", user_session.user_id);
client.restore_login(user_session).await?;
Ok((client, sync_token))
}
Reference in New Issue View Git Blame Copy Permalink