element-desktop/src/media-auth.ts

/*
Copyright 2024 New Vector Ltd.

SPDX-License-Identifier: AGPL-3.0-only OR GPL-3.0-only
Please see LICENSE files in the repository root for full details.
*/

import { BrowserWindow, ipcMain, session } from "electron";

/**
 * Check for feature support from the server.
 * This requires asking the renderer process for supported versions.
 */
async function getSupportedVersions(window: BrowserWindow): Promise<string[]> {
    return new Promise((resolve) => {
        ipcMain.once("serverSupportedVersions", (_, versionsResponse) => {
            resolve(versionsResponse?.versions || []);
        });
        window.webContents.send("serverSupportedVersions"); // ping now that the listener exists
    });
}

/**
 * Get the access token for the user.
 * This requires asking the renderer process for the access token.
 */
async function getAccessToken(window: BrowserWindow): Promise<string | undefined> {
    return new Promise((resolve) => {
        ipcMain.once("userAccessToken", (_, accessToken) => {
            resolve(accessToken);
        });
        window.webContents.send("userAccessToken"); // ping now that the listener exists
    });
}

/**
 * Get the homeserver url
 * This requires asking the renderer process for the homeserver url.
 */
async function getHomeserverUrl(window: BrowserWindow): Promise<string> {
    return new Promise((resolve) => {
        ipcMain.once("homeserverUrl", (_, homeserver) => {
            resolve(homeserver);
        });
        window.webContents.send("homeserverUrl"); // ping now that the listener exists
    });
}

export function setupMediaAuth(window: BrowserWindow): void {
    session.defaultSession.webRequest.onBeforeRequest(async (req, callback) => {
        // This handler emulates the element-web service worker, where URLs are rewritten late in the request
        // for backwards compatibility. As authenticated media becomes more prevalent, this should be replaced
        // by the app using authenticated URLs from the outset.
        try {
            const url = new URL(req.url);
            if (
                !url.pathname.startsWith("/_matrix/media/v3/download") &&
                !url.pathname.startsWith("/_matrix/media/v3/thumbnail")
            ) {
                return callback({}); // not a URL we care about
            }

            const supportedVersions = await getSupportedVersions(window);
            // We have to check that the access token is truthy otherwise we'd be intercepting pre-login media request too,
            // e.g. those required for SSO button icons.
            const accessToken = await getAccessToken(window);
            if (supportedVersions.includes("v1.11") && accessToken) {
                url.href = url.href.replace(/\/media\/v3\/(.*)\//, "/client/v1/media/$1/");
                return callback({ redirectURL: url.toString() });
            } else {
                return callback({}); // no support == no modification
            }
        } catch (e) {
            console.error(e);
        }
    });

    session.defaultSession.webRequest.onBeforeSendHeaders(async (req, callback) => {
        try {
            const url = new URL(req.url);
            if (!url.pathname.startsWith("/_matrix/client/v1/media")) {
                return callback({}); // invoke unmodified
            }

            // Is this request actually going to the homeserver?
            // We don't combine this check with the one above on purpose.
            // We're fetching the homeserver url through IPC and should do so
            // as sparingly as possible.
            const homeserver = await getHomeserverUrl(window);
            const isRequestToHomeServer = homeserver && url.origin === new URL(homeserver).origin;
            if (!isRequestToHomeServer) {
                return callback({}); // invoke unmodified
            }

            // Only add authorization header to authenticated media URLs. This emulates the service worker
            // behaviour in element-web.
            const accessToken = await getAccessToken(window);
            // `accessToken` can be falsy, but if we're trying to download media without authentication
            // then we should expect failure anyway.
            const headers = { ...req.requestHeaders, Authorization: `Bearer ${accessToken}` };
            return callback({ requestHeaders: headers });
        } catch (e) {
            console.error(e);
        }
    });
}
Refactor media auth redirects to not kick in if the user is not logged in (#1817) 2024-08-07 09:44:18 +01:00			`/*`
Updated Copyright headers 2024-09-06 17:56:18 +01:00			`Copyright 2024 New Vector Ltd.`
Refactor media auth redirects to not kick in if the user is not logged in (#1817) 2024-08-07 09:44:18 +01:00
Updated Copyright headers 2024-09-06 17:56:18 +01:00			`SPDX-License-Identifier: AGPL-3.0-only OR GPL-3.0-only`
			`Please see LICENSE files in the repository root for full details.`
Refactor media auth redirects to not kick in if the user is not logged in (#1817) 2024-08-07 09:44:18 +01:00			`*/`

			`import { BrowserWindow, ipcMain, session } from "electron";`

			`/**`
			`* Check for feature support from the server.`
			`* This requires asking the renderer process for supported versions.`
			`*/`
			`async function getSupportedVersions(window: BrowserWindow): Promise<string[]> {`
			`return new Promise((resolve) => {`
			`ipcMain.once("serverSupportedVersions", (_, versionsResponse) => {`
			`resolve(versionsResponse?.versions \|\| []);`
			`});`
			`window.webContents.send("serverSupportedVersions"); // ping now that the listener exists`
			`});`
			`}`

			`/**`
			`* Get the access token for the user.`
			`* This requires asking the renderer process for the access token.`
			`*/`
			`async function getAccessToken(window: BrowserWindow): Promise<string \| undefined> {`
			`return new Promise((resolve) => {`
			`ipcMain.once("userAccessToken", (_, accessToken) => {`
			`resolve(accessToken);`
			`});`
			`window.webContents.send("userAccessToken"); // ping now that the listener exists`
			`});`
			`}`

Merge commit from fork * Check url with homeserver * Move check to where access-token is added * Do IPC comm sparingly Before, the code would fetch the hs for every request. Since this needs the whole event-handler dance, it's best we do it only for the requests that match the media endpoints. Also added some try..catch since we create URL objects that could potentially throw * Check origin instead of just hostname 2024-10-15 17:21:06 +05:30			`/**`
			`* Get the homeserver url`
			`* This requires asking the renderer process for the homeserver url.`
			`*/`
			`async function getHomeserverUrl(window: BrowserWindow): Promise<string> {`
			`return new Promise((resolve) => {`
			`ipcMain.once("homeserverUrl", (_, homeserver) => {`
			`resolve(homeserver);`
			`});`
			`window.webContents.send("homeserverUrl"); // ping now that the listener exists`
			`});`
			`}`

Refactor media auth redirects to not kick in if the user is not logged in (#1817) 2024-08-07 09:44:18 +01:00			`export function setupMediaAuth(window: BrowserWindow): void {`
			`session.defaultSession.webRequest.onBeforeRequest(async (req, callback) => {`
			`// This handler emulates the element-web service worker, where URLs are rewritten late in the request`
			`// for backwards compatibility. As authenticated media becomes more prevalent, this should be replaced`
			`// by the app using authenticated URLs from the outset.`
Merge commit from fork * Check url with homeserver * Move check to where access-token is added * Do IPC comm sparingly Before, the code would fetch the hs for every request. Since this needs the whole event-handler dance, it's best we do it only for the requests that match the media endpoints. Also added some try..catch since we create URL objects that could potentially throw * Check origin instead of just hostname 2024-10-15 17:21:06 +05:30			`try {`
			`const url = new URL(req.url);`
			`if (`
			`!url.pathname.startsWith("/_matrix/media/v3/download") &&`
			`!url.pathname.startsWith("/_matrix/media/v3/thumbnail")`
			`) {`
			`return callback({}); // not a URL we care about`
			`}`
Refactor media auth redirects to not kick in if the user is not logged in (#1817) 2024-08-07 09:44:18 +01:00
Merge commit from fork * Check url with homeserver * Move check to where access-token is added * Do IPC comm sparingly Before, the code would fetch the hs for every request. Since this needs the whole event-handler dance, it's best we do it only for the requests that match the media endpoints. Also added some try..catch since we create URL objects that could potentially throw * Check origin instead of just hostname 2024-10-15 17:21:06 +05:30			`const supportedVersions = await getSupportedVersions(window);`
			`// We have to check that the access token is truthy otherwise we'd be intercepting pre-login media request too,`
			`// e.g. those required for SSO button icons.`
			`const accessToken = await getAccessToken(window);`
			`if (supportedVersions.includes("v1.11") && accessToken) {`
			`url.href = url.href.replace(/\/media\/v3\/(.*)\//, "/client/v1/media/$1/");`
			`return callback({ redirectURL: url.toString() });`
			`} else {`
			`return callback({}); // no support == no modification`
			`}`
			`} catch (e) {`
			`console.error(e);`
Refactor media auth redirects to not kick in if the user is not logged in (#1817) 2024-08-07 09:44:18 +01:00			`}`
			`});`

			`session.defaultSession.webRequest.onBeforeSendHeaders(async (req, callback) => {`
Merge commit from fork * Check url with homeserver * Move check to where access-token is added * Do IPC comm sparingly Before, the code would fetch the hs for every request. Since this needs the whole event-handler dance, it's best we do it only for the requests that match the media endpoints. Also added some try..catch since we create URL objects that could potentially throw * Check origin instead of just hostname 2024-10-15 17:21:06 +05:30			`try {`
			`const url = new URL(req.url);`
			`if (!url.pathname.startsWith("/_matrix/client/v1/media")) {`
			`return callback({}); // invoke unmodified`
			`}`
Refactor media auth redirects to not kick in if the user is not logged in (#1817) 2024-08-07 09:44:18 +01:00
Merge commit from fork * Check url with homeserver * Move check to where access-token is added * Do IPC comm sparingly Before, the code would fetch the hs for every request. Since this needs the whole event-handler dance, it's best we do it only for the requests that match the media endpoints. Also added some try..catch since we create URL objects that could potentially throw * Check origin instead of just hostname 2024-10-15 17:21:06 +05:30			`// Is this request actually going to the homeserver?`
			`// We don't combine this check with the one above on purpose.`
			`// We're fetching the homeserver url through IPC and should do so`
			`// as sparingly as possible.`
			`const homeserver = await getHomeserverUrl(window);`
			`const isRequestToHomeServer = homeserver && url.origin === new URL(homeserver).origin;`
			`if (!isRequestToHomeServer) {`
			`return callback({}); // invoke unmodified`
			`}`

			`// Only add authorization header to authenticated media URLs. This emulates the service worker`
			`// behaviour in element-web.`
			`const accessToken = await getAccessToken(window);`
			// `accessToken` can be falsy, but if we're trying to download media without authentication
			`// then we should expect failure anyway.`
			const headers = { ...req.requestHeaders, Authorization: `Bearer ${accessToken}` };
			`return callback({ requestHeaders: headers });`
			`} catch (e) {`
			`console.error(e);`
			`}`
Refactor media auth redirects to not kick in if the user is not logged in (#1817) 2024-08-07 09:44:18 +01:00			`});`
			`}`