signal-desktop/ts/services/username.ts

// Copyright 2021 Signal Messenger, LLC
// SPDX-License-Identifier: AGPL-3.0-only

import {
  usernames,
  LibSignalErrorBase,
  ErrorCode,
} from '@signalapp/libsignal-client';

import { singleProtoJobQueue } from '../jobs/singleProtoJobQueue';
import { strictAssert } from '../util/assert';
import { sleep } from '../util/sleep';
import { getMinNickname, getMaxNickname } from '../util/Username';
import { bytesToUuid, uuidToBytes } from '../util/uuidToBytes';
import type { UsernameReservationType } from '../types/Username';
import { ReserveUsernameError, ConfirmUsernameResult } from '../types/Username';
import * as Errors from '../types/errors';
import * as log from '../logging/log';
import MessageSender from '../textsecure/SendMessage';
import { HTTPError } from '../textsecure/Errors';
import { findRetryAfterTimeFromError } from '../jobs/helpers/findRetryAfterTimeFromError';
import * as Bytes from '../Bytes';
import { storageServiceUploadJob } from './storage';

export type WriteUsernameOptionsType = Readonly<
  | {
      reservation: UsernameReservationType;
    }
  | {
      username: undefined;
      previousUsername: string | undefined;
      reservation?: undefined;
    }
>;

export type ReserveUsernameOptionsType = Readonly<{
  nickname: string;
  previousUsername: string | undefined;
  abortSignal?: AbortSignal;
}>;

export type ReserveUsernameResultType = Readonly<
  | {
      ok: true;
      reservation: UsernameReservationType;
      error?: void;
    }
  | {
      ok: false;
      reservation?: void;
      error: ReserveUsernameError;
    }
>;

export async function reserveUsername(
  options: ReserveUsernameOptionsType
): Promise<ReserveUsernameResultType> {
  const { server } = window.textsecure;
  if (!server) {
    throw new Error('server interface is not available!');
  }

  const { nickname, previousUsername, abortSignal } = options;

  const me = window.ConversationController.getOurConversationOrThrow();

  if (me.get('username') !== previousUsername) {
    throw new Error('reserveUsername: Username has changed on another device');
  }

  try {
    const candidates = usernames.generateCandidates(
      nickname,
      getMinNickname(),
      getMaxNickname()
    );
    const hashes = candidates.map(username => usernames.hash(username));

    const { usernameHash } = await server.reserveUsername({
      hashes,
      abortSignal,
    });

    const index = hashes.findIndex(hash => hash.equals(usernameHash));
    if (index === -1) {
      log.warn('reserveUsername: failed to find username hash in the response');
      return { ok: false, error: ReserveUsernameError.Unprocessable };
    }

    const username = candidates[index];

    return {
      ok: true,
      reservation: { previousUsername, username, hash: usernameHash },
    };
  } catch (error) {
    if (error instanceof HTTPError) {
      if (error.code === 422) {
        return { ok: false, error: ReserveUsernameError.Unprocessable };
      }
      if (error.code === 409) {
        return { ok: false, error: ReserveUsernameError.Conflict };
      }
      if (error.code === 413 || error.code === 429) {
        const time = findRetryAfterTimeFromError(error);
        log.warn(`reserveUsername: got ${error.code}, waiting ${time}ms`);
        await sleep(time, abortSignal);

        return reserveUsername(options);
      }
    }
    if (error instanceof LibSignalErrorBase) {
      if (
        error.code === ErrorCode.CannotBeEmpty ||
        error.code === ErrorCode.NicknameTooShort
      ) {
        return {
          ok: false,
          error: ReserveUsernameError.NotEnoughCharacters,
        };
      }
      if (error.code === ErrorCode.NicknameTooLong) {
        return {
          ok: false,
          error: ReserveUsernameError.TooManyCharacters,
        };
      }
      if (error.code === ErrorCode.CannotStartWithDigit) {
        return {
          ok: false,
          error: ReserveUsernameError.CheckStartingCharacter,
        };
      }
      if (error.code === ErrorCode.BadNicknameCharacter) {
        return {
          ok: false,
          error: ReserveUsernameError.CheckCharacters,
        };
      }
    }
    throw error;
  }
}

async function updateUsernameAndSyncProfile(
  username: string | undefined
): Promise<void> {
  const me = window.ConversationController.getOurConversationOrThrow();

  // Update backbone, update DB, then tell linked devices about profile update
  await me.updateUsername(username);

  try {
    await singleProtoJobQueue.add(
      MessageSender.getFetchLocalProfileSyncMessage()
    );
  } catch (error) {
    log.error(
      'updateUsernameAndSyncProfile: Failed to queue sync message',
      Errors.toLogFormat(error)
    );
  }
}

export async function confirmUsername(
  reservation: UsernameReservationType,
  abortSignal?: AbortSignal
): Promise<ConfirmUsernameResult> {
  const { server } = window.textsecure;
  if (!server) {
    throw new Error('server interface is not available!');
  }

  const { previousUsername, username, hash } = reservation;

  const me = window.ConversationController.getOurConversationOrThrow();

  if (me.get('username') !== previousUsername) {
    throw new Error('Username has changed on another device');
  }
  const proof = usernames.generateProof(username);
  strictAssert(usernames.hash(username).equals(hash), 'username hash mismatch');

  try {
    const { entropy, encryptedUsername } =
      usernames.createUsernameLink(username);

    await window.storage.remove('usernameLink');

    const { usernameLinkHandle: serverIdString } = await server.confirmUsername(
      {
        hash,
        proof,
        encryptedUsername,
        abortSignal,
      }
    );

    await window.storage.put('usernameLink', {
      entropy,
      serverId: uuidToBytes(serverIdString),
    });

    await updateUsernameAndSyncProfile(username);
  } catch (error) {
    if (error instanceof HTTPError) {
      if (error.code === 413 || error.code === 429) {
        const time = findRetryAfterTimeFromError(error);
        log.warn(`confirmUsername: got ${error.code}, waiting ${time}ms`);
        await sleep(time, abortSignal);

        return confirmUsername(reservation, abortSignal);
      }

      if (error.code === 409 || error.code === 410) {
        return ConfirmUsernameResult.ConflictOrGone;
      }
    }
    throw error;
  }

  return ConfirmUsernameResult.Ok;
}

export async function deleteUsername(
  previousUsername: string,
  abortSignal?: AbortSignal
): Promise<void> {
  const { server } = window.textsecure;
  if (!server) {
    throw new Error('server interface is not available!');
  }

  const me = window.ConversationController.getOurConversationOrThrow();

  if (me.get('username') !== previousUsername) {
    throw new Error('Username has changed on another device');
  }

  await window.storage.remove('usernameLink');
  await server.deleteUsername(abortSignal);
  await updateUsernameAndSyncProfile(undefined);
}

export async function resetLink(username: string): Promise<void> {
  const { server } = window.textsecure;
  if (!server) {
    throw new Error('server interface is not available!');
  }

  const me = window.ConversationController.getOurConversationOrThrow();

  if (me.get('username') !== username) {
    throw new Error('Username has changed on another device');
  }

  const { entropy, encryptedUsername } = usernames.createUsernameLink(username);

  await window.storage.remove('usernameLink');

  const { usernameLinkHandle: serverIdString } =
    await server.replaceUsernameLink({ encryptedUsername });

  await window.storage.put('usernameLink', {
    entropy,
    serverId: uuidToBytes(serverIdString),
  });

  me.captureChange('usernameLink');
  storageServiceUploadJob();
}

const USERNAME_LINK_ENTROPY_SIZE = 32;

export async function resolveUsernameByLinkBase64(
  base64: string
): Promise<string> {
  const { server } = window.textsecure;
  if (!server) {
    throw new Error('server interface is not available!');
  }

  const content = Bytes.fromBase64(base64);
  const entropy = content.slice(0, USERNAME_LINK_ENTROPY_SIZE);
  const serverIdBytes = content.slice(USERNAME_LINK_ENTROPY_SIZE);

  const serverId = bytesToUuid(serverIdBytes);
  strictAssert(serverId, 'Failed to re-encode server id as uuid');

  strictAssert(window.textsecure.server, 'WebAPI must be available');
  const { usernameLinkEncryptedValue } = await server.resolveUsernameLink(
    serverId
  );

  return usernames.decryptUsernameLink({
    entropy: Buffer.from(entropy),
    encryptedUsername: Buffer.from(usernameLinkEncryptedValue),
  });
}
Remove end year from licenses 2023-01-03 19:55:46 +00:00			`// Copyright 2021 Signal Messenger, LLC`
Discriminator in username 2022-10-18 17:12:02 +00:00			`// SPDX-License-Identifier: AGPL-3.0-only`

Use libsignal-client validation for nicknames 2023-03-09 00:58:54 +00:00			`import {`
			`usernames,`
			`LibSignalErrorBase,`
			`ErrorCode,`
			`} from '@signalapp/libsignal-client';`
Username hashing 2023-02-08 17:14:59 +00:00
Discriminator in username 2022-10-18 17:12:02 +00:00			`import { singleProtoJobQueue } from '../jobs/singleProtoJobQueue';`
Username hashing 2023-02-08 17:14:59 +00:00			`import { strictAssert } from '../util/assert';`
Discriminator in username 2022-10-18 17:12:02 +00:00			`import { sleep } from '../util/sleep';`
Username hashing 2023-02-08 17:14:59 +00:00			`import { getMinNickname, getMaxNickname } from '../util/Username';`
Calls Tab & Group Call Disposition 2023-08-09 00:53:06 +00:00			`import { bytesToUuid, uuidToBytes } from '../util/uuidToBytes';`
Discriminator in username 2022-10-18 17:12:02 +00:00			`import type { UsernameReservationType } from '../types/Username';`
Handle 409/410 when confirming username 2023-02-14 17:39:47 +00:00			`import { ReserveUsernameError, ConfirmUsernameResult } from '../types/Username';`
Discriminator in username 2022-10-18 17:12:02 +00:00			`import * as Errors from '../types/errors';`
			`import * as log from '../logging/log';`
			`import MessageSender from '../textsecure/SendMessage';`
			`import { HTTPError } from '../textsecure/Errors';`
			`import { findRetryAfterTimeFromError } from '../jobs/helpers/findRetryAfterTimeFromError';`
Username Link QR Code 2023-07-20 03:14:08 +00:00			`import * as Bytes from '../Bytes';`
			`import { storageServiceUploadJob } from './storage';`
Discriminator in username 2022-10-18 17:12:02 +00:00
			`export type WriteUsernameOptionsType = Readonly<`
			`\| {`
			`reservation: UsernameReservationType;`
			`}`
			`\| {`
			`username: undefined;`
			`previousUsername: string \| undefined;`
			`reservation?: undefined;`
			`}`
			`>;`

			`export type ReserveUsernameOptionsType = Readonly<{`
			`nickname: string;`
			`previousUsername: string \| undefined;`
			`abortSignal?: AbortSignal;`
			`}>;`

			`export type ReserveUsernameResultType = Readonly<`
			`\| {`
			`ok: true;`
			`reservation: UsernameReservationType;`
			`error?: void;`
			`}`
			`\| {`
			`ok: false;`
			`reservation?: void;`
			`error: ReserveUsernameError;`
			`}`
			`>;`

			`export async function reserveUsername(`
			`options: ReserveUsernameOptionsType`
			`): Promise<ReserveUsernameResultType> {`
			`const { server } = window.textsecure;`
			`if (!server) {`
			`throw new Error('server interface is not available!');`
			`}`

			`const { nickname, previousUsername, abortSignal } = options;`

			`const me = window.ConversationController.getOurConversationOrThrow();`

			`if (me.get('username') !== previousUsername) {`
			`throw new Error('reserveUsername: Username has changed on another device');`
			`}`

			`try {`
Username hashing 2023-02-08 17:14:59 +00:00			`const candidates = usernames.generateCandidates(`
Discriminator in username 2022-10-18 17:12:02 +00:00			`nickname,`
Username hashing 2023-02-08 17:14:59 +00:00			`getMinNickname(),`
			`getMaxNickname()`
			`);`
			`const hashes = candidates.map(username => usernames.hash(username));`

			`const { usernameHash } = await server.reserveUsername({`
			`hashes,`
Discriminator in username 2022-10-18 17:12:02 +00:00			`abortSignal,`
			`});`

Username hashing 2023-02-08 17:14:59 +00:00			`const index = hashes.findIndex(hash => hash.equals(usernameHash));`
			`if (index === -1) {`
			`log.warn('reserveUsername: failed to find username hash in the response');`
			`return { ok: false, error: ReserveUsernameError.Unprocessable };`
			`}`

			`const username = candidates[index];`

Discriminator in username 2022-10-18 17:12:02 +00:00			`return {`
			`ok: true,`
Username hashing 2023-02-08 17:14:59 +00:00			`reservation: { previousUsername, username, hash: usernameHash },`
Discriminator in username 2022-10-18 17:12:02 +00:00			`};`
			`} catch (error) {`
			`if (error instanceof HTTPError) {`
			`if (error.code === 422) {`
			`return { ok: false, error: ReserveUsernameError.Unprocessable };`
			`}`
			`if (error.code === 409) {`
			`return { ok: false, error: ReserveUsernameError.Conflict };`
			`}`
Treat 413 and 429 as rate limits everywhere 2023-01-05 22:29:02 +00:00			`if (error.code === 413 \|\| error.code === 429) {`
Discriminator in username 2022-10-18 17:12:02 +00:00			`const time = findRetryAfterTimeFromError(error);`
Treat 413 and 429 as rate limits everywhere 2023-01-05 22:29:02 +00:00			log.warn(`reserveUsername: got ${error.code}, waiting ${time}ms`);
Discriminator in username 2022-10-18 17:12:02 +00:00			`await sleep(time, abortSignal);`

			`return reserveUsername(options);`
			`}`
			`}`
Use libsignal-client validation for nicknames 2023-03-09 00:58:54 +00:00			`if (error instanceof LibSignalErrorBase) {`
			`if (`
			`error.code === ErrorCode.CannotBeEmpty \|\|`
			`error.code === ErrorCode.NicknameTooShort`
			`) {`
			`return {`
			`ok: false,`
			`error: ReserveUsernameError.NotEnoughCharacters,`
			`};`
			`}`
			`if (error.code === ErrorCode.NicknameTooLong) {`
			`return {`
			`ok: false,`
			`error: ReserveUsernameError.TooManyCharacters,`
			`};`
			`}`
			`if (error.code === ErrorCode.CannotStartWithDigit) {`
			`return {`
			`ok: false,`
			`error: ReserveUsernameError.CheckStartingCharacter,`
			`};`
			`}`
			`if (error.code === ErrorCode.BadNicknameCharacter) {`
			`return {`
			`ok: false,`
			`error: ReserveUsernameError.CheckCharacters,`
			`};`
			`}`
			`}`
Discriminator in username 2022-10-18 17:12:02 +00:00			`throw error;`
			`}`
			`}`

			`async function updateUsernameAndSyncProfile(`
			`username: string \| undefined`
			`): Promise<void> {`
			`const me = window.ConversationController.getOurConversationOrThrow();`

			`// Update backbone, update DB, then tell linked devices about profile update`
Process username changes in storage service 2023-02-02 18:03:51 +00:00			`await me.updateUsername(username);`
Discriminator in username 2022-10-18 17:12:02 +00:00
			`try {`
			`await singleProtoJobQueue.add(`
			`MessageSender.getFetchLocalProfileSyncMessage()`
			`);`
			`} catch (error) {`
			`log.error(`
			`'updateUsernameAndSyncProfile: Failed to queue sync message',`
			`Errors.toLogFormat(error)`
			`);`
			`}`
			`}`

			`export async function confirmUsername(`
			`reservation: UsernameReservationType,`
			`abortSignal?: AbortSignal`
Handle 409/410 when confirming username 2023-02-14 17:39:47 +00:00			`): Promise<ConfirmUsernameResult> {`
Discriminator in username 2022-10-18 17:12:02 +00:00			`const { server } = window.textsecure;`
			`if (!server) {`
			`throw new Error('server interface is not available!');`
			`}`

Username hashing 2023-02-08 17:14:59 +00:00			`const { previousUsername, username, hash } = reservation;`
Discriminator in username 2022-10-18 17:12:02 +00:00
			`const me = window.ConversationController.getOurConversationOrThrow();`

			`if (me.get('username') !== previousUsername) {`
			`throw new Error('Username has changed on another device');`
			`}`
Username hashing 2023-02-08 17:14:59 +00:00			`const proof = usernames.generateProof(username);`
			`strictAssert(usernames.hash(username).equals(hash), 'username hash mismatch');`
Discriminator in username 2022-10-18 17:12:02 +00:00
			`try {`
Use combined username link API 2023-07-20 23:19:32 +00:00			`const { entropy, encryptedUsername } =`
			`usernames.createUsernameLink(username);`

			`await window.storage.remove('usernameLink');`

			`const { usernameLinkHandle: serverIdString } = await server.confirmUsername(`
			`{`
			`hash,`
			`proof,`
			`encryptedUsername,`
			`abortSignal,`
			`}`
			`);`

			`await window.storage.put('usernameLink', {`
			`entropy,`
			`serverId: uuidToBytes(serverIdString),`
Discriminator in username 2022-10-18 17:12:02 +00:00			`});`

			`await updateUsernameAndSyncProfile(username);`
			`} catch (error) {`
			`if (error instanceof HTTPError) {`
Treat 413 and 429 as rate limits everywhere 2023-01-05 22:29:02 +00:00			`if (error.code === 413 \|\| error.code === 429) {`
Discriminator in username 2022-10-18 17:12:02 +00:00			`const time = findRetryAfterTimeFromError(error);`
Treat 413 and 429 as rate limits everywhere 2023-01-05 22:29:02 +00:00			log.warn(`confirmUsername: got ${error.code}, waiting ${time}ms`);
Discriminator in username 2022-10-18 17:12:02 +00:00			`await sleep(time, abortSignal);`

			`return confirmUsername(reservation, abortSignal);`
			`}`
Handle 409/410 when confirming username 2023-02-14 17:39:47 +00:00
			`if (error.code === 409 \|\| error.code === 410) {`
			`return ConfirmUsernameResult.ConflictOrGone;`
			`}`
Discriminator in username 2022-10-18 17:12:02 +00:00			`}`
			`throw error;`
			`}`
Handle 409/410 when confirming username 2023-02-14 17:39:47 +00:00
			`return ConfirmUsernameResult.Ok;`
Discriminator in username 2022-10-18 17:12:02 +00:00			`}`

			`export async function deleteUsername(`
			`previousUsername: string,`
			`abortSignal?: AbortSignal`
			`): Promise<void> {`
			`const { server } = window.textsecure;`
			`if (!server) {`
			`throw new Error('server interface is not available!');`
			`}`

			`const me = window.ConversationController.getOurConversationOrThrow();`

			`if (me.get('username') !== previousUsername) {`
			`throw new Error('Username has changed on another device');`
			`}`

Username Link QR Code 2023-07-20 03:14:08 +00:00			`await window.storage.remove('usernameLink');`
Discriminator in username 2022-10-18 17:12:02 +00:00			`await server.deleteUsername(abortSignal);`
			`await updateUsernameAndSyncProfile(undefined);`
			`}`
Username Link QR Code 2023-07-20 03:14:08 +00:00
			`export async function resetLink(username: string): Promise<void> {`
			`const { server } = window.textsecure;`
			`if (!server) {`
			`throw new Error('server interface is not available!');`
			`}`

			`const me = window.ConversationController.getOurConversationOrThrow();`

			`if (me.get('username') !== username) {`
			`throw new Error('Username has changed on another device');`
			`}`

Use combined username link API 2023-07-20 23:19:32 +00:00			`const { entropy, encryptedUsername } = usernames.createUsernameLink(username);`
Username Link QR Code 2023-07-20 03:14:08 +00:00
			`await window.storage.remove('usernameLink');`

			`const { usernameLinkHandle: serverIdString } =`
Use combined username link API 2023-07-20 23:19:32 +00:00			`await server.replaceUsernameLink({ encryptedUsername });`
Username Link QR Code 2023-07-20 03:14:08 +00:00
			`await window.storage.put('usernameLink', {`
Use combined username link API 2023-07-20 23:19:32 +00:00			`entropy,`
Username Link QR Code 2023-07-20 03:14:08 +00:00			`serverId: uuidToBytes(serverIdString),`
			`});`

			`me.captureChange('usernameLink');`
			`storageServiceUploadJob();`
			`}`

			`const USERNAME_LINK_ENTROPY_SIZE = 32;`

			`export async function resolveUsernameByLinkBase64(`
			`base64: string`
			`): Promise<string> {`
			`const { server } = window.textsecure;`
			`if (!server) {`
			`throw new Error('server interface is not available!');`
			`}`

			`const content = Bytes.fromBase64(base64);`
			`const entropy = content.slice(0, USERNAME_LINK_ENTROPY_SIZE);`
			`const serverIdBytes = content.slice(USERNAME_LINK_ENTROPY_SIZE);`

			`const serverId = bytesToUuid(serverIdBytes);`
			`strictAssert(serverId, 'Failed to re-encode server id as uuid');`

			`strictAssert(window.textsecure.server, 'WebAPI must be available');`
			`const { usernameLinkEncryptedValue } = await server.resolveUsernameLink(`
			`serverId`
			`);`

Use combined username link API 2023-07-20 23:19:32 +00:00			`return usernames.decryptUsernameLink({`
			`entropy: Buffer.from(entropy),`
			`encryptedUsername: Buffer.from(usernameLinkEncryptedValue),`
			`});`
Username Link QR Code 2023-07-20 03:14:08 +00:00			`}`