Merge branch 'dev' into msg-delivery

2026-03-01 08:16:44 +00:00 · 2026-01-12 21:17:38 -08:00
parent eba25fcc4d 552adf3200
commit eb0cdda0f9
105 changed files with 3217 additions and 545 deletions
--- a/server/routers/olm/archiveUserOlm.ts
+++ b/server/routers/olm/archiveUserOlm.ts
@@ -0,0 +1,81 @@
+import { NextFunction, Request, Response } from "express";
+import { db } from "@server/db";
+import { olms, clients } from "@server/db";
+import { eq } from "drizzle-orm";
+import HttpCode from "@server/types/HttpCode";
+import createHttpError from "http-errors";
+import response from "@server/lib/response";
+import { z } from "zod";
+import { fromError } from "zod-validation-error";
+import logger from "@server/logger";
+import { rebuildClientAssociationsFromClient } from "@server/lib/rebuildClientAssociations";
+import { sendTerminateClient } from "../client/terminate";
+
+const paramsSchema = z
+    .object({
+        userId: z.string(),
+        olmId: z.string()
+    })
+    .strict();
+
+export async function archiveUserOlm(
+    req: Request,
+    res: Response,
+    next: NextFunction
+): Promise<any> {
+    try {
+        const parsedParams = paramsSchema.safeParse(req.params);
+        if (!parsedParams.success) {
+            return next(
+                createHttpError(
+                    HttpCode.BAD_REQUEST,
+                    fromError(parsedParams.error).toString()
+                )
+            );
+        }
+
+        const { olmId } = parsedParams.data;
+
+        // Archive the OLM and disconnect associated clients in a transaction
+        await db.transaction(async (trx) => {
+            // Find all clients associated with this OLM
+            const associatedClients = await trx
+                .select()
+                .from(clients)
+                .where(eq(clients.olmId, olmId));
+
+            // Disconnect clients from the OLM (set olmId to null)
+            for (const client of associatedClients) {
+                await trx
+                    .update(clients)
+                    .set({ olmId: null })
+                    .where(eq(clients.clientId, client.clientId));
+
+                await rebuildClientAssociationsFromClient(client, trx);
+                await sendTerminateClient(client.clientId, olmId);
+            }
+
+            // Archive the OLM (set archived to true)
+            await trx
+                .update(olms)
+                .set({ archived: true })
+                .where(eq(olms.olmId, olmId));
+        });
+
+        return response(res, {
+            data: null,
+            success: true,
+            error: false,
+            message: "Device archived successfully",
+            status: HttpCode.OK
+        });
+    } catch (error) {
+        logger.error(error);
+        return next(
+            createHttpError(
+                HttpCode.INTERNAL_SERVER_ERROR,
+                "Failed to archive device"
+            )
+        );
+    }
+}
--- a/server/routers/olm/handleOlmPingMessage.ts
+++ b/server/routers/olm/handleOlmPingMessage.ts
@@ -1,7 +1,7 @@
 import { db } from "@server/db";
 import { disconnectClient } from "#dynamic/routers/ws";
 import { getClientConfigVersion, MessageHandler } from "@server/routers/ws";
-import { clients, Olm } from "@server/db";
+import { clients, olms, Olm } from "@server/db";
 import { eq, lt, isNull, and, or } from "drizzle-orm";
 import logger from "@server/logger";
 import { validateSessionToken } from "@server/auth/sessions/app";
@@ -109,29 +109,17 @@ export const handleOlmPingMessage: MessageHandler = async (context) => {
        return;
    }

-    if (olm.userId) {
-        // we need to check a user token to make sure its still valid
-        const { session: userSession, user } =
-            await validateSessionToken(userToken);
-        if (!userSession || !user) {
-            logger.warn("Invalid user session for olm ping");
-            return; // by returning here we just ignore the ping and the setInterval will force it to disconnect
-        }
-        if (user.userId !== olm.userId) {
-            logger.warn("User ID mismatch for olm ping");
-            return;
-        }
+    if (!olm.clientId) {
+        logger.warn("Olm has no client ID!");
+        return;
+    }

+    try {
        // get the client
        const [client] = await db
            .select()
            .from(clients)
-            .where(
-                and(
-                    eq(clients.olmId, olm.olmId),
-                    eq(clients.userId, olm.userId)
-                )
-            )
+            .where(eq(clients.clientId, olm.clientId))
            .limit(1);

        if (!client) {
@@ -139,39 +127,48 @@ export const handleOlmPingMessage: MessageHandler = async (context) => {
            return;
        }

-        const sessionId = encodeHexLowerCase(
-            sha256(new TextEncoder().encode(userToken))
-        );
-
-        const policyCheck = await checkOrgAccessPolicy({
-            orgId: client.orgId,
-            userId: olm.userId,
-            sessionId // this is the user token passed in the message
-        });
-
-        if (!policyCheck.allowed) {
-            logger.warn(
-                `Olm user ${olm.userId} does not pass access policies for org ${client.orgId}: ${policyCheck.error}`
+        if (client.blocked) {
+            // NOTE: by returning we dont update the lastPing, so the offline checker will eventually disconnect them
+            logger.debug(
+                `Blocked client ${client.clientId} attempted olm ping`
            );
            return;
        }
-    }

-    if (!olm.clientId) {
-        logger.warn("Olm has no client ID!");
-        return;
-    }
+        if (olm.userId) {
+            // we need to check a user token to make sure its still valid
+            const { session: userSession, user } =
+                await validateSessionToken(userToken);
+            if (!userSession || !user) {
+                logger.warn("Invalid user session for olm ping");
+                return; // by returning here we just ignore the ping and the setInterval will force it to disconnect
+            }
+            if (user.userId !== olm.userId) {
+                logger.warn("User ID mismatch for olm ping");
+                return;
+            }
+            if (user.userId !== client.userId) {
+                logger.warn("Client user ID mismatch for olm ping");
+                return;
+            }

-    try {
-        // Update the client's last ping timestamp
-        const [client] = await db
-            .update(clients)
-            .set({
-                lastPing: Math.floor(Date.now() / 1000),
-                online: true
-            })
-            .where(eq(clients.clientId, olm.clientId))
-            .returning();
+            const sessionId = encodeHexLowerCase(
+                sha256(new TextEncoder().encode(userToken))
+            );
+
+            const policyCheck = await checkOrgAccessPolicy({
+                orgId: client.orgId,
+                userId: olm.userId,
+                sessionId // this is the user token passed in the message
+            });
+
+            if (!policyCheck.allowed) {
+                logger.warn(
+                    `Olm user ${olm.userId} does not pass access policies for org ${client.orgId}: ${policyCheck.error}`
+                );
+                return;
+            }
+        }

        // get the version
        const configVersion = await getClientConfigVersion(olm.olmId);
@@ -182,6 +179,23 @@ export const handleOlmPingMessage: MessageHandler = async (context) => {
            );
            await sendOlmSyncMessage(olm, client);
        }
+
+        // Update the client's last ping timestamp
+        await db
+            .update(clients)
+            .set({
+                lastPing: Math.floor(Date.now() / 1000),
+                online: true,
+                archived: false
+            })
+            .where(eq(clients.clientId, olm.clientId));
+
+        if (olm.archived) {
+            await db
+                .update(olms)
+                .set({ archived: false })
+                .where(eq(olms.olmId, olm.olmId));
+        }
    } catch (error) {
        logger.error("Error handling ping message", { error });
    }
--- a/server/routers/olm/handleOlmRegisterMessage.ts
+++ b/server/routers/olm/handleOlmRegisterMessage.ts
@@ -57,6 +57,11 @@ export const handleOlmRegisterMessage: MessageHandler = async (context) => {
        return;
    }

+    if (client.blocked) {
+        logger.debug(`Client ${client.clientId} is blocked. Ignoring register.`);
+        return;
+    }
+
    const [org] = await db
        .select()
        .from(orgs)
@@ -114,18 +119,20 @@ export const handleOlmRegisterMessage: MessageHandler = async (context) => {

    if (
        (olmVersion && olm.version !== olmVersion) ||
-        (olmAgent && olm.agent !== olmAgent)
+        (olmAgent && olm.agent !== olmAgent) ||
+        olm.archived
    ) {
        await db
            .update(olms)
            .set({
                version: olmVersion,
-                agent: olmAgent
+                agent: olmAgent,
+                archived: false
            })
            .where(eq(olms.olmId, olm.olmId));
    }

-    if (client.pubKey !== publicKey) {
+    if (client.pubKey !== publicKey || client.archived) {
        logger.info(
            "Public key mismatch. Updating public key and clearing session info..."
        );
@@ -133,7 +140,8 @@ export const handleOlmRegisterMessage: MessageHandler = async (context) => {
        await db
            .update(clients)
            .set({
-                pubKey: publicKey
+                pubKey: publicKey,
+                archived: false,
            })
            .where(eq(clients.clientId, client.clientId));

--- a/server/routers/olm/index.ts
+++ b/server/routers/olm/index.ts
@@ -3,9 +3,9 @@ export * from "./getOlmToken";
 export * from "./createUserOlm";
 export * from "./handleOlmRelayMessage";
 export * from "./handleOlmPingMessage";
-export * from "./deleteUserOlm";
+export * from "./archiveUserOlm";
+export * from "./unarchiveUserOlm";
 export * from "./listUserOlms";
-export * from "./deleteUserOlm";
 export * from "./getUserOlm";
 export * from "./handleOlmServerPeerAddMessage";
 export * from "./handleOlmUnRelayMessage";
--- a/server/routers/olm/listUserOlms.ts
+++ b/server/routers/olm/listUserOlms.ts
@@ -51,6 +51,7 @@ export type ListUserOlmsResponse = {
        name: string | null;
        clientId: number | null;
        userId: string | null;
+        archived: boolean;
    }>;
    pagination: {
        total: number;
@@ -89,7 +90,7 @@ export async function listUserOlms(

        const { userId } = parsedParams.data;

-        // Get total count
+        // Get total count (including archived OLMs)
        const [totalCountResult] = await db
            .select({ count: count() })
            .from(olms)
@@ -97,7 +98,7 @@ export async function listUserOlms(

        const total = totalCountResult?.count || 0;

-        // Get OLMs for the current user
+        // Get OLMs for the current user (including archived OLMs)
        const userOlms = await db
            .select({
                olmId: olms.olmId,
@@ -105,7 +106,8 @@ export async function listUserOlms(
                version: olms.version,
                name: olms.name,
                clientId: olms.clientId,
-                userId: olms.userId
+                userId: olms.userId,
+                archived: olms.archived
            })
            .from(olms)
            .where(eq(olms.userId, userId))
--- a/server/routers/olm/unarchiveUserOlm.ts
+++ b/server/routers/olm/unarchiveUserOlm.ts
@@ -0,0 +1,84 @@
+import { NextFunction, Request, Response } from "express";
+import { db } from "@server/db";
+import { olms } from "@server/db";
+import { eq } from "drizzle-orm";
+import HttpCode from "@server/types/HttpCode";
+import createHttpError from "http-errors";
+import response from "@server/lib/response";
+import { z } from "zod";
+import { fromError } from "zod-validation-error";
+import logger from "@server/logger";
+
+const paramsSchema = z
+    .object({
+        userId: z.string(),
+        olmId: z.string()
+    })
+    .strict();
+
+export async function unarchiveUserOlm(
+    req: Request,
+    res: Response,
+    next: NextFunction
+): Promise<any> {
+    try {
+        const parsedParams = paramsSchema.safeParse(req.params);
+        if (!parsedParams.success) {
+            return next(
+                createHttpError(
+                    HttpCode.BAD_REQUEST,
+                    fromError(parsedParams.error).toString()
+                )
+            );
+        }
+
+        const { olmId } = parsedParams.data;
+
+        // Check if OLM exists and is archived
+        const [olm] = await db
+            .select()
+            .from(olms)
+            .where(eq(olms.olmId, olmId))
+            .limit(1);
+
+        if (!olm) {
+            return next(
+                createHttpError(
+                    HttpCode.NOT_FOUND,
+                    `OLM with ID ${olmId} not found`
+                )
+            );
+        }
+
+        if (!olm.archived) {
+            return next(
+                createHttpError(
+                    HttpCode.BAD_REQUEST,
+                    `OLM with ID ${olmId} is not archived`
+                )
+            );
+        }
+
+        // Unarchive the OLM (set archived to false)
+        await db
+            .update(olms)
+            .set({ archived: false })
+            .where(eq(olms.olmId, olmId));
+
+        return response(res, {
+            data: null,
+            success: true,
+            error: false,
+            message: "Device unarchived successfully",
+            status: HttpCode.OK
+        });
+    } catch (error) {
+        logger.error(error);
+        return next(
+            createHttpError(
+                HttpCode.INTERNAL_SERVER_ERROR,
+                "Failed to unarchive device"
+            )
+        );
+    }
+}