Allow remote conversations in mls-message endpoint

Author: pcapriotti

libs/wire-api-federation/src/Wire/API/Federation/API/Galley.hs

@@ -275,8 +275,8 @@ data MLSWelcomeRequest = MLSWelcomeRequest
 
 data MLSMessageResponse
   = MLSMessageResponseError GalleyError
-  | MLSProtocolError Text
-  | MLSProposalFailure Wai.Error
+  | MLSMessageResponseProtocolError Text
+  | MLSMessageResponseProposalFailure Wai.Error
   | MLSMessageResponseUpdates [ConversationUpdate]
   deriving stock (Show, Generic)
   deriving

libs/wire-api/src/Wire/API/Routes/Public/Galley.hs

@@ -103,7 +103,7 @@ instance
 
   fromUnion (Z (I c)) = CodeAlreadyExisted c
   fromUnion (S (Z (I e))) = CodeAdded e
-  fromUnion (S (S x)) = case x of
+  fromUnion (S (S x)) = case x of {}
 
 type ConvUpdateResponses = UpdateResponses "Conversation unchanged" "Conversation updated" Event
 
@@ -1284,6 +1284,7 @@ type MLSMessagingAPI =
     :<|> Named
            "mls-message"
            ( Summary "Post an MLS message"
+               :> CanThrow 'ConvAccessDenied
                :> CanThrow 'ConvNotFound
                :> CanThrow 'MLSKeyPackageRefNotFound
                :> CanThrow 'MLSClientMismatch

services/galley/src/Galley/API/Action.hs

@@ -671,14 +671,14 @@ notifyRemoteConversationAction ::
        ExternalAccess,
        GundeckAccess,
        MemberStore,
-       Input (Local ()),
        P.TinyLog
      ]
     r =>
+  Local x ->
   Remote ConversationUpdate ->
-  ConnId ->
+  Maybe ConnId ->
   Sem r Event
-notifyRemoteConversationAction rconvUpdate con = do
+notifyRemoteConversationAction loc rconvUpdate con = do
   let convUpdate = tUnqualified rconvUpdate
       rconvId = qualifyAs rconvUpdate . cuConvId $ convUpdate
 
@@ -692,7 +692,6 @@ notifyRemoteConversationAction rconvUpdate con = do
   -- backend.
   (presentUsers, allUsersArePresent) <-
     E.selectRemoteMembers (cuAlreadyPresentUsers convUpdate) rconvId
-  loc <- qualifyLocal ()
   let localPresentUsers = qualifyAs loc presentUsers
 
   unless allUsersArePresent $
@@ -709,4 +708,4 @@ notifyRemoteConversationAction rconvUpdate con = do
   -- implemented.
   let bots = []
 
-  pushConversationEvent (Just con) event localPresentUsers bots $> event
+  pushConversationEvent con event localPresentUsers bots $> event

services/galley/src/Galley/API/Federation.hs

@@ -543,11 +543,11 @@ sendMLSMessage ::
   F.MessageSendRequest ->
   Sem r F.MLSMessageResponse
 sendMLSMessage remoteDomain msr =
-  fmap (either F.MLSProtocolError id)
+  fmap (either F.MLSMessageResponseProtocolError id)
     . runError
     . fmap (either F.MLSMessageResponseError id)
     . runError
-    . fmap (either (F.MLSProposalFailure . pfInner) id)
+    . fmap (either (F.MLSMessageResponseProposalFailure . pfInner) id)
     . runError
     $ do
       loc <- qualifyLocal ()

services/galley/src/Galley/API/MLS/Message.hs

@@ -27,6 +27,7 @@ import Control.Arrow
 import Control.Comonad
 import Control.Lens (preview, to)
 import Data.Id
+import Data.Json.Util
 import Data.List.NonEmpty (NonEmpty, nonEmpty)
 import qualified Data.Map as Map
 import Data.Qualified
@@ -42,6 +43,7 @@ import qualified Galley.Data.Conversation.Types as Data
 import Galley.Effects
 import Galley.Effects.BrigAccess
 import Galley.Effects.ConversationStore
+import Galley.Effects.FederatorAccess
 import Galley.Effects.MemberStore
 import Galley.Options
 import Galley.Types
@@ -55,6 +57,8 @@ import Wire.API.Conversation.Protocol
 import Wire.API.Conversation.Role
 import Wire.API.Error
 import Wire.API.Error.Galley
+import Wire.API.Federation.API
+import Wire.API.Federation.API.Galley
 import Wire.API.Federation.Error
 import Wire.API.MLS.CipherSuite
 import Wire.API.MLS.Commit
@@ -65,7 +69,8 @@ import Wire.API.MLS.Proposal
 import Wire.API.MLS.Serialisation
 
 type MLSMessageStaticErrors =
-  '[ ErrorS 'ConvNotFound,
+  '[ ErrorS 'ConvAccessDenied,
+     ErrorS 'ConvNotFound,
      ErrorS 'MLSUnsupportedMessage,
      ErrorS 'MLSStaleMessage,
      ErrorS 'MLSProposalNotFound,
@@ -93,6 +98,7 @@ postMLSMessage ::
   ( HasProposalEffects r,
     Members
       '[ Error FederationError,
+         ErrorS 'ConvAccessDenied,
          ErrorS 'ConvNotFound,
          ErrorS 'MLSUnsupportedMessage,
          ErrorS 'MLSStaleMessage,
@@ -108,17 +114,42 @@ postMLSMessage ::
   RawMLS SomeMessage ->
   Sem r [LocalConversationUpdate]
 postMLSMessage loc qusr con smsg = case rmValue smsg of
-  SomeMessage tag msg -> do
-    -- fetch conversation
+  SomeMessage _ msg -> do
+    -- fetch conversation ID
     qcnv <- getConversationIdByGroupId (msgGroupId msg) >>= noteS @'ConvNotFound
-    lcnv <- ensureLocal loc qcnv -- FUTUREWORK: allow remote conversations
+    foldQualified
+      loc
+      (postMLSMessageToLocalConv qusr con smsg)
+      (postMLSMessageToRemoteConv loc qusr con smsg)
+      qcnv
+
+postMLSMessageToLocalConv ::
+  ( HasProposalEffects r,
+    Members
+      '[ Error FederationError,
+         ErrorS 'ConvNotFound,
+         ErrorS 'MLSUnsupportedMessage,
+         ErrorS 'MLSStaleMessage,
+         ErrorS 'MLSProposalNotFound,
+         ErrorS 'MissingLegalholdConsent,
+         TinyLog
+       ]
+      r
+  ) =>
+  Qualified UserId ->
+  Maybe ConnId ->
+  RawMLS SomeMessage ->
+  Local ConvId ->
+  Sem r [LocalConversationUpdate]
+postMLSMessageToLocalConv qusr con smsg lcnv = case rmValue smsg of
+  SomeMessage tag msg -> do
     conv <- getConversation (tUnqualified lcnv) >>= noteS @'ConvNotFound
 
     -- validate message
     events <- case tag of
       SMLSPlainText -> case msgTBS (msgPayload msg) of
         CommitMessage c ->
-          processCommit qusr con (qualifyAs loc conv) (msgEpoch msg) c
+          processCommit qusr con (qualifyAs lcnv conv) (msgEpoch msg) c
         ApplicationMessage _ -> throwS @'MLSUnsupportedMessage
         ProposalMessage _ -> pure mempty -- FUTUREWORK: handle proposals
       SMLSCipherText -> case toMLSEnum' (msgContentType (msgPayload msg)) of
@@ -128,10 +159,42 @@ postMLSMessage loc qusr con smsg = case rmValue smsg of
         Left _ -> throwS @'MLSUnsupportedMessage
 
     -- forward message
-    propagateMessage loc qusr conv con (rmRaw smsg)
+    propagateMessage lcnv qusr conv con (rmRaw smsg)
 
     pure events
 
+postMLSMessageToRemoteConv ::
+  ( Members MLSMessageStaticErrors r,
+    Members '[Error FederationError, TinyLog] r,
+    HasProposalEffects r
+  ) =>
+  Local x ->
+  Qualified UserId ->
+  Maybe ConnId ->
+  RawMLS SomeMessage ->
+  Remote ConvId ->
+  Sem r [LocalConversationUpdate]
+postMLSMessageToRemoteConv loc qusr con smsg rcnv = do
+  -- only local users can send messages to remote conversations
+  lusr <- foldQualified loc pure (\_ -> throwS @'ConvAccessDenied) qusr
+  resp <-
+    runFederated rcnv $
+      fedClient @'Galley @"send-mls-message" $
+        MessageSendRequest
+          { msrConvId = tUnqualified rcnv,
+            msrSender = tUnqualified lusr,
+            msrRawMessage = Base64ByteString (rmRaw smsg)
+          }
+  updates <- case resp of
+    MLSMessageResponseError e -> rethrowErrors @MLSMessageStaticErrors e
+    MLSMessageResponseProtocolError e -> throw (mlsProtocolError e)
+    MLSMessageResponseProposalFailure e -> throw (MLSProposalFailure e)
+    MLSMessageResponseUpdates updates -> pure updates
+
+  for updates $ \update -> do
+    e <- notifyRemoteConversationAction loc (qualifyAs rcnv update) con
+    pure (LocalConversationUpdate e update)
+
 type HasProposalEffects r =
   ( Member BrigAccess r,
     Member ConversationStore r,

services/galley/src/Galley/API/Update.hs

@@ -77,7 +77,6 @@ import qualified Data.Map.Strict as Map
 import Data.Qualified
 import qualified Data.Set as Set
 import Data.Singletons
-import qualified Data.Text as T
 import Data.Time
 import Galley.API.Action
 import Galley.API.Error
@@ -377,27 +376,7 @@ updateRemoteConversation rcnv lusr conn action = getUpdateResult $ do
     ConversationUpdateResponseUpdate convUpdate -> pure convUpdate
 
   onConversationUpdated (tDomain rcnv) convUpdate
-  notifyRemoteConversationAction (qualifyAs rcnv convUpdate) conn
-
-class RethrowErrors (effs :: EffectRow) r where
-  rethrowErrors :: GalleyError -> Sem r a
-
-instance (Member (Error FederationError) r) => RethrowErrors '[] r where
-  rethrowErrors :: GalleyError -> Sem r a
-  rethrowErrors err' = throw (FederationUnexpectedError (T.pack . show $ err'))
-
-instance
-  ( SingI (e :: GalleyError),
-    Member (ErrorS e) r,
-    RethrowErrors effs r
-  ) =>
-  RethrowErrors (ErrorS e ': effs) r
-  where
-  rethrowErrors :: GalleyError -> Sem r a
-  rethrowErrors err' =
-    if err' == demote @e
-      then throwS @e
-      else rethrowErrors @effs @r err'
+  notifyRemoteConversationAction lusr (qualifyAs rcnv convUpdate) (Just conn)
 
 updateConversationReceiptModeUnqualified ::
   Members

services/galley/src/Galley/API/Util.hs

@@ -36,6 +36,7 @@ import Data.Misc (PlainTextPassword (..))
 import Data.Qualified
 import qualified Data.Set as Set
 import Data.Singletons
+import qualified Data.Text as T
 import Data.Time
 import Galley.API.Error
 import qualified Galley.Data.Conversation as Data
@@ -824,3 +825,26 @@ ensureMemberLimit old new = do
   let maxSize = fromIntegral (o ^. optSettings . setMaxConvSize)
   when (length old + length new > maxSize) $
     throwS @'TooManyMembers
+
+--------------------------------------------------------------------------------
+-- Handling remote errors
+
+class RethrowErrors (effs :: EffectRow) r where
+  rethrowErrors :: GalleyError -> Sem r a
+
+instance (Member (Error FederationError) r) => RethrowErrors '[] r where
+  rethrowErrors :: GalleyError -> Sem r a
+  rethrowErrors err' = throw (FederationUnexpectedError (T.pack . show $ err'))
+
+instance
+  ( SingI (e :: GalleyError),
+    Member (ErrorS e) r,
+    RethrowErrors effs r
+  ) =>
+  RethrowErrors (ErrorS e ': effs) r
+  where
+  rethrowErrors :: GalleyError -> Sem r a
+  rethrowErrors err' =
+    if err' == demote @e
+      then throwS @e
+      else rethrowErrors @effs @r err'