client,bridgev2: add support for MSC4190

Closes #288

appservice/registration.go

@@ -29,6 +29,7 @@ type Registration struct {
 	SoruEphemeralEvents bool `yaml:"de.sorunome.msc2409.push_ephemeral,omitempty" json:"de.sorunome.msc2409.push_ephemeral,omitempty"`
 	EphemeralEvents     bool `yaml:"receive_ephemeral,omitempty" json:"receive_ephemeral,omitempty"`
 	MSC3202             bool `yaml:"org.matrix.msc3202,omitempty" json:"org.matrix.msc3202,omitempty"`
+	MSC4190             bool `yaml:"io.element.msc4190,omitempty" json:"io.element.msc4190,omitempty"`
 }
 
 // CreateRegistration creates a Registration with random appservice and homeserver tokens.

bridgev2/bridgeconfig/appservice.go

@@ -34,6 +34,7 @@ type AppserviceConfig struct {
 
 	EphemeralEvents   bool `yaml:"ephemeral_events"`
 	AsyncTransactions bool `yaml:"async_transactions"`
+	MSC4190           bool `yaml:"msc4190"`
 
 	UsernameTemplate string             `yaml:"username_template"`
 	usernameTemplate *template.Template `yaml:"-"`
@@ -77,6 +78,7 @@ func (asc *AppserviceConfig) copyToRegistration(registration *appservice.Registr
 	registration.RateLimited = &falseVal
 	registration.EphemeralEvents = asc.EphemeralEvents
 	registration.SoruEphemeralEvents = asc.EphemeralEvents
+	registration.MSC4190 = asc.MSC4190
 }
 
 // GenerateRegistration generates a registration file for the homeserver.

bridgev2/bridgeconfig/upgrade.go

@@ -82,6 +82,7 @@ func doUpgrade(helper up.Helper) {
 	helper.Copy(up.Str, "appservice", "bot", "avatar")
 	helper.Copy(up.Bool, "appservice", "ephemeral_events")
 	helper.Copy(up.Bool, "appservice", "async_transactions")
+	helper.Copy(up.Bool, "appservice", "msc4190")
 	helper.Copy(up.Str, "appservice", "as_token")
 	helper.Copy(up.Str, "appservice", "hs_token")
 	helper.Copy(up.Str, "appservice", "username_template")

bridgev2/matrix/crypto.go

@@ -241,23 +241,34 @@ func (helper *CryptoHelper) loginBot(ctx context.Context) (*mautrix.Client, bool
 	// Create a new client instance with the default AS settings (including as_token),
 	// the Login call will then override the access token in the client.
 	client := helper.bridge.AS.NewMautrixClient(helper.bridge.AS.BotMXID())
+
+	initialDeviceDisplayName := fmt.Sprintf("%s bridge", helper.bridge.Bridge.Network.GetName().DisplayName)
+	if helper.bridge.Config.AppService.MSC4190 {
+		helper.log.Debug().Msg("Creating bot device with MSC4190")
+		err = client.CreateDeviceMSC4190(ctx, deviceID, initialDeviceDisplayName)
+		if err != nil {
+			return nil, deviceID != "", fmt.Errorf("failed to create device for bridge bot: %w", err)
+		}
+		helper.store.DeviceID = client.DeviceID
+		return client, deviceID != "", nil
+	}
+
 	flows, err := client.GetLoginFlows(ctx)
 	if err != nil {
 		return nil, deviceID != "", fmt.Errorf("failed to get supported login flows: %w", err)
 	} else if !flows.HasFlow(mautrix.AuthTypeAppservice) {
 		return nil, deviceID != "", fmt.Errorf("homeserver does not support appservice login")
 	}
+
 	resp, err := client.Login(ctx, &mautrix.ReqLogin{
 		Type: mautrix.AuthTypeAppservice,
 		Identifier: mautrix.UserIdentifier{
 			Type: mautrix.IdentifierTypeUser,
 			User: string(helper.bridge.AS.BotMXID()),
 		},
-		DeviceID:         deviceID,
-		StoreCredentials: true,
-
-		// TODO find proper bridge name
-		InitialDeviceDisplayName: "Megabridge", // fmt.Sprintf("%s bridge", helper.bridge.ProtocolName),
+		DeviceID:                 deviceID,
+		StoreCredentials:         true,
+		InitialDeviceDisplayName: initialDeviceDisplayName,
 	})
 	if err != nil {
 		return nil, deviceID != "", fmt.Errorf("failed to log in as bridge bot: %w", err)

bridgev2/matrix/mxmain/example-config.yaml

@@ -193,6 +193,10 @@ appservice:
     # However, messages will not be guaranteed to be bridged in the same order they were sent in.
     # This value doesn't affect the registration file.
     async_transactions: false
+    # Whether to use MSC4190 instead of appservice login to create the bridge bot device.
+    # Requires the homeserver to support MSC4190 and the device masquerading parts of MSC3202.
+    # Only relevant when using end-to-bridge encryption, required when using encryption with next-gen auth (MSC3861).
+    msc4190: false
 
     # Authentication tokens for AS <-> HS communication. Autogenerated; do not modify.
     as_token: "This value is generated when generating the registration"

client.go

@@ -21,6 +21,7 @@ import (
 
 	"github.com/rs/zerolog"
 	"go.mau.fi/util/ptr"
+	"go.mau.fi/util/random"
 	"go.mau.fi/util/retryafter"
 	"golang.org/x/exp/maps"
 
@@ -901,6 +902,22 @@ func (cli *Client) Login(ctx context.Context, req *ReqLogin) (resp *RespLogin, e
 	return
 }
 
+// Create a device for an appservice user using MSC4190.
+func (cli *Client) CreateDeviceMSC4190(ctx context.Context, deviceID id.DeviceID, initialDisplayName string) error {
+	if len(deviceID) == 0 {
+		deviceID = id.DeviceID(strings.ToUpper(random.String(10)))
+	}
+	_, err := cli.MakeRequest(ctx, http.MethodPut, cli.BuildClientURL("v3", "devices", deviceID), &ReqPutDevice{
+		DisplayName: initialDisplayName,
+	}, nil)
+	if err != nil {
+		return err
+	}
+	cli.DeviceID = deviceID
+	cli.SetAppServiceDeviceID = true
+	return nil
+}
+
 // Logout the current user. See https://spec.matrix.org/v1.2/client-server-api/#post_matrixclientv3logout
 // This does not clear the credentials from the client instance. See ClearCredentials() instead.
 func (cli *Client) Logout(ctx context.Context) (resp *RespLogout, err error) {

requests.go

@@ -91,6 +91,10 @@ type ReqLogin struct {
 	StoreHomeserverURL bool `json:"-"`
 }
 
+type ReqPutDevice struct {
+	DisplayName string `json:"display_name,omitempty"`
+}
+
 type ReqUIAuthFallback struct {
 	Session string `json:"session"`
 	User    string `json:"user"`