feat(membership): room discovery — GET /members/{endpoint}/rooms + ListMyRooms
A peer invited to an encrypted room needs to find it: the control plane is
pull-based (no server push of invitations), so add a discovery endpoint that
lists every room an endpoint belongs to, with the room's metadata and the
endpoint's role.
- store.ListRoomsForEndpoint: JOIN members+rooms, ordered by room id, empty
slice (not error) for an endpoint in no rooms.
- membershipd: GET /members/{endpoint}/rooms returns {room_id, subject, epoch,
policy, role}[].
- client.ListMyRooms + RoomRef: a bot polls this to discover and then Join +
Subscribe rooms it was invited to.
Tests: store-level (owner in N rooms, member in one, unknown endpoint → []) and
client-level e2e through the embedded harness (B discovers a room A invited it
to, without prior knowledge of the room id; owner sees role=owner).
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This commit is contained in:
@@ -45,6 +45,7 @@ func (s *Server) routes() {
|
||||
s.mux.HandleFunc("POST /rooms/{id}/invite", s.handleInvite)
|
||||
s.mux.HandleFunc("GET /rooms/{id}/key", s.handleGetKey)
|
||||
s.mux.HandleFunc("GET /rooms/{id}/members", s.handleListMembers)
|
||||
s.mux.HandleFunc("GET /members/{endpoint}/rooms", s.handleListMemberRooms)
|
||||
s.mux.HandleFunc("POST /rooms/{id}/rekey", s.handleRekey)
|
||||
s.mux.HandleFunc("GET /rooms/{id}", s.handleGetRoom)
|
||||
s.mux.HandleFunc("POST /blobs", s.handlePutBlob)
|
||||
@@ -101,6 +102,14 @@ type roomResp struct {
|
||||
Policy policyJSON `json:"policy"`
|
||||
}
|
||||
|
||||
type memberRoomJSON struct {
|
||||
RoomID string `json:"room_id"`
|
||||
Subject string `json:"subject"`
|
||||
Epoch int `json:"epoch"`
|
||||
Policy policyJSON `json:"policy"`
|
||||
Role string `json:"role"`
|
||||
}
|
||||
|
||||
type rekeyKey struct {
|
||||
Endpoint string `json:"endpoint"`
|
||||
SealedKey []byte `json:"sealed_key"`
|
||||
@@ -262,6 +271,30 @@ func (s *Server) handleListMembers(w http.ResponseWriter, r *http.Request) {
|
||||
writeJSON(w, http.StatusOK, out)
|
||||
}
|
||||
|
||||
func (s *Server) handleListMemberRooms(w http.ResponseWriter, r *http.Request) {
|
||||
endpoint := r.PathValue("endpoint")
|
||||
if endpoint == "" {
|
||||
writeErr(w, http.StatusBadRequest, "endpoint required")
|
||||
return
|
||||
}
|
||||
rooms, err := s.store.ListRoomsForEndpoint(endpoint)
|
||||
if err != nil {
|
||||
writeErr(w, http.StatusInternalServerError, err.Error())
|
||||
return
|
||||
}
|
||||
out := make([]memberRoomJSON, 0, len(rooms))
|
||||
for _, rm := range rooms {
|
||||
out = append(out, memberRoomJSON{
|
||||
RoomID: rm.RoomID,
|
||||
Subject: rm.Subject,
|
||||
Epoch: rm.Epoch,
|
||||
Policy: policyJSON{Encrypt: rm.Encrypt, Persist: rm.Persist, SignMsgs: rm.SignMsgs},
|
||||
Role: rm.Role,
|
||||
})
|
||||
}
|
||||
writeJSON(w, http.StatusOK, out)
|
||||
}
|
||||
|
||||
func (s *Server) handleGetRoom(w http.ResponseWriter, r *http.Request) {
|
||||
roomID := r.PathValue("id")
|
||||
info, err := s.store.GetRoom(roomID)
|
||||
|
||||
@@ -219,6 +219,42 @@ func (s *Store) ListMembers(roomID string) ([]Member, error) {
|
||||
return out, rows.Err()
|
||||
}
|
||||
|
||||
// RoomMembership is a room an endpoint belongs to, with that endpoint's role.
|
||||
// It is the per-endpoint view used for room discovery (a peer asking "which
|
||||
// rooms am I in?") so a freshly-invited member can find and join its rooms.
|
||||
type RoomMembership struct {
|
||||
RoomInfo
|
||||
Role string
|
||||
}
|
||||
|
||||
// ListRoomsForEndpoint returns every room the given endpoint is a member of,
|
||||
// with the room's current metadata and the endpoint's role, ordered by room id.
|
||||
// An endpoint that is in no rooms yields an empty slice (not an error).
|
||||
func (s *Store) ListRoomsForEndpoint(endpoint string) ([]RoomMembership, error) {
|
||||
rows, err := s.db.Query(
|
||||
`SELECT r.room_id, r.subject, r.key_epoch, r.encrypt, r.persist, r.sign_msgs, r.owner_endpoint, m.role
|
||||
FROM members m JOIN rooms r ON r.room_id = m.room_id
|
||||
WHERE m.endpoint = ? ORDER BY r.room_id`,
|
||||
endpoint,
|
||||
)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("membership: list rooms for endpoint %q: %w", endpoint, err)
|
||||
}
|
||||
defer rows.Close()
|
||||
|
||||
var out []RoomMembership
|
||||
for rows.Next() {
|
||||
var rm RoomMembership
|
||||
var enc, per, sgn int
|
||||
if err := rows.Scan(&rm.RoomID, &rm.Subject, &rm.Epoch, &enc, &per, &sgn, &rm.OwnerEndpoint, &rm.Role); err != nil {
|
||||
return nil, fmt.Errorf("membership: scan room membership: %w", err)
|
||||
}
|
||||
rm.Encrypt, rm.Persist, rm.SignMsgs = enc != 0, per != 0, sgn != 0
|
||||
out = append(out, rm)
|
||||
}
|
||||
return out, rows.Err()
|
||||
}
|
||||
|
||||
// GetSealedKey returns the sealed room key for an endpoint at a given epoch.
|
||||
// If epoch <= 0, the latest epoch for that endpoint is returned.
|
||||
func (s *Store) GetSealedKey(roomID, endpoint string, epoch int) (int, []byte, error) {
|
||||
|
||||
@@ -35,6 +35,58 @@ func TestMigrationsCreateSchema(t *testing.T) {
|
||||
}
|
||||
}
|
||||
|
||||
func TestListRoomsForEndpoint(t *testing.T) {
|
||||
s := openTestStore(t)
|
||||
|
||||
// Owner of two rooms; a member in only the first.
|
||||
owner, member := "owner-ep", "member-ep"
|
||||
mk := func(id, subj string) RoomInfo {
|
||||
return RoomInfo{RoomID: id, Subject: subj, Encrypt: true, Persist: true, SignMsgs: true, OwnerEndpoint: owner}
|
||||
}
|
||||
if err := s.CreateRoom(mk("room-a", "room.a"), []byte("os"), []byte("ok"), []byte("k")); err != nil {
|
||||
t.Fatalf("CreateRoom a: %v", err)
|
||||
}
|
||||
if err := s.CreateRoom(mk("room-b", "room.b"), []byte("os"), []byte("ok"), []byte("k")); err != nil {
|
||||
t.Fatalf("CreateRoom b: %v", err)
|
||||
}
|
||||
if err := s.AddMember("room-a", Member{Endpoint: member, Role: "member", SignPub: []byte("s"), KexPub: []byte("k")}, 1, []byte("mk")); err != nil {
|
||||
t.Fatalf("AddMember: %v", err)
|
||||
}
|
||||
|
||||
// Owner is in both rooms, as owner, ordered by room id.
|
||||
ownerRooms, err := s.ListRoomsForEndpoint(owner)
|
||||
if err != nil {
|
||||
t.Fatalf("ListRoomsForEndpoint owner: %v", err)
|
||||
}
|
||||
if len(ownerRooms) != 2 {
|
||||
t.Fatalf("owner: expected 2 rooms, got %d", len(ownerRooms))
|
||||
}
|
||||
if ownerRooms[0].RoomID != "room-a" || ownerRooms[1].RoomID != "room-b" {
|
||||
t.Fatalf("owner rooms not ordered: %+v", ownerRooms)
|
||||
}
|
||||
if ownerRooms[0].Role != "owner" || !ownerRooms[0].Encrypt || ownerRooms[0].Subject != "room.a" {
|
||||
t.Fatalf("owner room metadata wrong: %+v", ownerRooms[0])
|
||||
}
|
||||
|
||||
// Member is in exactly one room, as member.
|
||||
memberRooms, err := s.ListRoomsForEndpoint(member)
|
||||
if err != nil {
|
||||
t.Fatalf("ListRoomsForEndpoint member: %v", err)
|
||||
}
|
||||
if len(memberRooms) != 1 || memberRooms[0].RoomID != "room-a" || memberRooms[0].Role != "member" {
|
||||
t.Fatalf("member rooms wrong: %+v", memberRooms)
|
||||
}
|
||||
|
||||
// An unknown endpoint yields an empty slice, not an error.
|
||||
none, err := s.ListRoomsForEndpoint("nobody")
|
||||
if err != nil {
|
||||
t.Fatalf("ListRoomsForEndpoint nobody: %v", err)
|
||||
}
|
||||
if len(none) != 0 {
|
||||
t.Fatalf("expected no rooms for unknown endpoint, got %+v", none)
|
||||
}
|
||||
}
|
||||
|
||||
func TestRoomMemberKeyRoundTrip(t *testing.T) {
|
||||
s := openTestStore(t)
|
||||
|
||||
|
||||
Reference in New Issue
Block a user