mas: added "admin's replacement without uia" endpoint

i.e. /_synapse/admin/v1/users/{userID}/_allow_cross_signing_replacement_without_uia
2025-09-13 21:02:25 +03:00 · 2024-12-30 02:11:30 +00:00 · 2024-12-30 02:11:30 +00:00 · 9d9841d02e
commit 9d9841d02e
parent 63a199cec3
10 changed files with 168 additions and 29 deletions
--- a/userapi/storage/postgres/cross_signing_keys_table.go
+++ b/userapi/storage/postgres/cross_signing_keys_table.go
@ -10,6 +10,7 @@ import (
 	"context"
 	"database/sql"
 	"fmt"
+	"time"

 	"github.com/element-hq/dendrite/internal"
 	"github.com/element-hq/dendrite/internal/sqlutil"
@ -42,11 +43,17 @@ const upsertCrossSigningKeysForUserSQL = "" +
 	" VALUES($1, $2, $3)" +
 	" ON CONFLICT (user_id, key_type) DO UPDATE SET key_data = $3"

+const updateMasterCrossSigningKeyAllowReplacementWithoutUiaSQL = "" +
+	"UPDATE keyserver_cross_signing_keys" +
+	" SET updatable_without_uia_before_ms = $3" +
+	" WHERE user_id = $1 AND key_type = $2"
+
 type crossSigningKeysStatements struct {
-	db                                          *sql.DB
-	selectCrossSigningKeysForUserStmt           *sql.Stmt
-	selectCrossSigningKeysForUserAndKeyTypeStmt *sql.Stmt
-	upsertCrossSigningKeysForUserStmt           *sql.Stmt
+	db                                                        *sql.DB
+	selectCrossSigningKeysForUserStmt                         *sql.Stmt
+	selectCrossSigningKeysForUserAndKeyTypeStmt               *sql.Stmt
+	upsertCrossSigningKeysForUserStmt                         *sql.Stmt
+	updateMasterCrossSigningKeyAllowReplacementWithoutUiaStmt *sql.Stmt
 }

 func NewPostgresCrossSigningKeysTable(db *sql.DB) (tables.CrossSigningKeys, error) {
@ -61,6 +68,7 @@ func NewPostgresCrossSigningKeysTable(db *sql.DB) (tables.CrossSigningKeys, erro
 		{&s.selectCrossSigningKeysForUserStmt, selectCrossSigningKeysForUserSQL},
 		{&s.selectCrossSigningKeysForUserAndKeyTypeStmt, selectCrossSigningKeysForUserAndKeyTypeSQL},
 		{&s.upsertCrossSigningKeysForUserStmt, upsertCrossSigningKeysForUserSQL},
+		{&s.updateMasterCrossSigningKeyAllowReplacementWithoutUiaStmt, updateMasterCrossSigningKeyAllowReplacementWithoutUiaSQL},
 	}.Prepare(db)
 }

@ -138,3 +146,16 @@ func (s *crossSigningKeysStatements) UpsertCrossSigningKeysForUser(
 	}
 	return nil
 }
+
+func (s *crossSigningKeysStatements) UpdateMasterCrossSigningKeyAllowReplacementWithoutUIA(ctx context.Context, txn *sql.Tx, userID string, duration time.Duration) (int64, error) {
+	keyTypeInt, _ := types.KeyTypePurposeToInt[fclient.CrossSigningKeyPurposeMaster]
+	ts := time.Now().Add(duration).UnixMilli()
+	result, err := sqlutil.TxStmt(txn, s.updateMasterCrossSigningKeyAllowReplacementWithoutUiaStmt).ExecContext(ctx, userID, keyTypeInt, ts)
+	if err != nil {
+		return -1, err
+	}
+	if n, _ := result.RowsAffected(); n == 0 {
+		return -1, sql.ErrNoRows
+	}
+	return ts, nil
+}