ONE COMMIT TO RULE THEM ALL

src/globals.py

@@ -2,11 +2,12 @@ import nacl.signing
 import hashlib
 import base64
 import config
+import copy
 import json
 import re
 import os
 
-vona_version = "1.2.5"
+vona_version = "1.3.0"
 
 
 def canonical_json(value):
@@ -28,6 +29,35 @@ def sign_json(data):
 	decoded_key = base64.b64decode(base64_key)
 	signing_key = nacl.signing.SigningKey(decoded_key)
 
+	signed_message = signing_key.sign(canonical_json(data))
+
+	signature = signed_message.signature
+
+	key_version = parts[1]
+	signature_base64 = base64.b64encode(signature).decode("utf-8").rstrip("=")
+
+	signed_json = {
+		**data,
+		"signatures": {
+			config.server_name: {
+				f"{parts[0]}:{key_version}": signature_base64,
+			},
+		},
+	}
+
+	return signed_json
+
+
+def sign_json_without_discard(data):
+	parts = config.signing_key.split()
+	base64_key = parts[2]
+
+	while len(base64_key) % 4 != 0:
+		base64_key += "="
+
+	decoded_key = base64.b64decode(base64_key)
+	signing_key = nacl.signing.SigningKey(decoded_key)
+
 	unsigned_keys = {key: data[key] for key in list(data.keys()) if key == "unsigned"}
 	for key in unsigned_keys:
 		del data[key]
@@ -48,23 +78,35 @@ def sign_json(data):
 	else:
 		data["signatures"] = {config.server_name: new_signature}
 
-	data.update(unsigned_keys)
-
 	return data
 
 
 def make_event_id():
-	return re.sub(r"[\/+=]", "_", base64.b64encode(os.urandom(32)).decode("utf-8"))[:44]
+	event_id = "$"
+
+	event_id += re.sub(
+		r"[\/+=]",
+		"_",
+		base64.b64encode(
+			os.urandom(32),
+		).decode("utf-8"),
+	).rstrip("=")[:44]
+
+	event_id += ":" + config.server_name
+
+	return event_id
 
 
-def hash_event(input) -> str:
-	input.pop("signatures", None)
-	input.pop("unsigned", None)
+def event_hash(event_object):
+	event_object = dict(event_object)
 
-	sha256_hash = hashlib.sha256(canonical_json(input)).digest()
-	base64_encoded = base64.b64encode(sha256_hash)
+	event_object.pop("unsigned", None)
+	event_object.pop("signatures", None)
+	event_object.pop("hashes", None)
 
-	return base64_encoded.decode().rstrip("=")
+	event_json_bytes = canonical_json(event_object)
+
+	return base64.b64encode(hashlib.sha256(event_json_bytes).digest()).decode("utf-8")
 
 
 def pubkey() -> str:
@@ -107,8 +149,75 @@ def make_auth_header(destination, method, path, content=None) -> str:
 					key,
 					sig,
 				),
-				'utf-8'
+				"utf-8",
 			)
 		)
 
-	return authorization_headers[0].decode('utf-8')
+	return authorization_headers[0].decode("utf-8")
+
+
+def redact_event(event):
+	# Returns a redacted event as per
+	# the algorithm for v1 rooms.
+
+	allowed_keys = [
+		"event_id",
+		"type",
+		"room_id",
+		"sender",
+		"state_key",
+		"content",
+		"hashes",
+		"signatures",
+		"depth",
+		"prev_events",
+		"prev_state",
+		"auth_events",
+		"origin",
+		"origin_server_ts",
+		"membership",
+	]
+
+	redacted_event = {k: v for k, v in event.items() if k in allowed_keys}
+
+	if "type" in redacted_event and "content" in redacted_event:
+		event_type = redacted_event["type"]
+
+		content_key_rules = {
+			"m.room.member": ["membership"],
+			"m.room.create": ["creator"],
+			"m.room.join_rules": ["join_rule"],
+			"m.room.power_levels": [
+				"ban",
+				"events",
+				"events_default",
+				"kick",
+				"redact",
+				"state_default",
+				"users",
+				"users_default",
+			],
+			"m.room.aliases": ["aliases"],
+			"m.room.history_visibility": ["history_visibility"],
+		}
+
+		if event_type in content_key_rules:
+			allowed_content_keys = content_key_rules[event_type]
+			redacted_event["content"] = {
+				k: v
+				for k, v in redacted_event["content"].items()
+				if k in allowed_content_keys
+			}
+		else:
+			redacted_event["content"] = {}
+
+	return redacted_event
+
+
+def hash_and_sign_event(event_object):
+	content_hash = event_hash(event_object)
+	event_object["hashes"] = {"sha256": content_hash}
+	stripped_object = redact_event(event_object)
+	signed_object = sign_json(stripped_object)
+	event_object["signatures"] = signed_object["signatures"]
+	return event_object