Start Matrix client authentication

2025-11-05 16:30:06 +01:00
parent a44327ddb0
commit 3dab9f41d2
13 changed files with 2960 additions and 10 deletions
--- a/matrixgw_backend/src/app_config.rs
+++ b/matrixgw_backend/src/app_config.rs
@@ -1,7 +1,11 @@
 use crate::users::{APITokenID, UserEmail};
 use crate::utils::crypt_utils::sha256str;
 use clap::Parser;
+use matrix_sdk::authentication::oauth::registration::{
+    ApplicationType, ClientMetadata, Localized, OAuthGrantType,
+};
 use std::path::{Path, PathBuf};
+use url::Url;

 /// Matrix gateway backend API
 #[derive(Parser, Debug, Clone)]
@@ -76,6 +80,10 @@ pub struct AppConfig {
    #[arg(long, env, default_value = "APP_ORIGIN/oidc_cb")]
    oidc_redirect_url: String,

+    /// Matrix oauth redirect URL
+    #[arg(long, env, default_value = "APP_ORIGIN/matrix_auth_cb")]
+    matrix_oauth_redirect_url: String,
+
    /// Application storage path
    #[arg(long, env, default_value = "app_storage")]
    storage_path: String,
@@ -146,6 +154,38 @@ impl AppConfig {
        }
    }

+    /// Matrix OAuth redirect URL
+    pub fn matrix_oauth_redirect_url(&self) -> String {
+        self.matrix_oauth_redirect_url
+            .replace("APP_ORIGIN", &self.website_origin)
+    }
+
+    /// Get Matrix client metadata information
+    pub fn matrix_client_metadata(&self) -> ClientMetadata {
+        let client_uri = Localized::new(
+            Url::parse(&self.website_origin).expect("Invalid website origin!"),
+            [],
+        );
+        ClientMetadata {
+            application_type: ApplicationType::Native,
+            grant_types: vec![OAuthGrantType::AuthorizationCode {
+                redirect_uris: vec![
+                    Url::parse(&self.matrix_oauth_redirect_url())
+                        .expect("Failed to parse matrix auth redirect URI!"),
+                ],
+            }],
+            client_name: Some(Localized::new("MatrixGW".to_string(), [])),
+            logo_uri: Some(Localized::new(
+                Url::parse(&format!("{}/favicon.png", self.website_origin))
+                    .expect("Invalid website origin!"),
+                [],
+            )),
+            policy_uri: Some(client_uri.clone()),
+            tos_uri: Some(client_uri.clone()),
+            client_uri,
+        }
+    }
+
    /// Get storage path
    pub fn storage_path(&self) -> &Path {
        Path::new(self.storage_path.as_str())
@@ -170,6 +210,16 @@ impl AppConfig {
    pub fn user_api_token_metadata_file(&self, mail: &UserEmail, id: &APITokenID) -> PathBuf {
        self.user_api_token_directory(mail).join(id.0.to_string())
    }
+
+    /// Get user Matrix database path
+    pub fn user_matrix_db_path(&self, mail: &UserEmail) -> PathBuf {
+        self.user_directory(mail).join("matrix-db")
+    }
+
+    /// Get user Matrix database passphrase path
+    pub fn user_matrix_passphrase_path(&self, mail: &UserEmail) -> PathBuf {
+        self.user_directory(mail).join("matrix-db-passphrase")
+    }
 }

 #[derive(Debug, Clone, serde::Serialize)]