Check for X-Signal-Alert header, and report it in a callback

jrose-signal · web-flow · commit 2ebd7cd2b31e · 2025-03-04T15:07:23.000-08:00
This on-connect header will be used for lightweight "alerts" from the
server to an authenticated client. For now, it's only threaded through
to the Node implementation; the iOS and Android ones will come later.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Cargo.toml b/Cargo.toml
@@ -107,6 +107,7 @@ derive-where = "1.2.5"
 derive_more = "1.0.0"
 displaydoc = "0.2"
 ed25519-dalek = "2.1.0"
+either = "1.10.0"
 env_logger = "0.11.4"
 futures = "0.3"
 futures-util = "0.3"
diff --git a/RELEASE_NOTES.md b/RELEASE_NOTES.md
@@ -5,3 +5,4 @@ v0.67.2
 - Switch message chain key storage to store seed value rather than IV/MAC-key/key.
 - Abstract Server(Private/Public)Params from endorsements. Reduces dependencies in clients and issuing servers.
 - Add EndorsementPublicRootKey accessor to ServerPublicParams.
+- Node: ChatListener has a new optional callback for server alerts. (iOS and Android coming later.)
diff --git a/java/client/proguard-usage.txt.expected b/java/client/proguard-usage.txt.expected
@@ -6,10 +6,10 @@ org.signal.libsignal.metadata.SealedSessionCipher:
 org.signal.libsignal.metadata.certificate.CertificateValidator:
     41:48:void validate(org.signal.libsignal.metadata.certificate.ServerCertificate)
 org.signal.libsignal.net.AuthenticatedChatConnection$FakeChatRemote:
-    104:111:public org.signal.libsignal.internal.CompletableFuture getNextIncomingRequest()
-    114:121:private static synthetic org.signal.libsignal.protocol.util.Pair lambda$getNextIncomingRequest$2(java.lang.Long)
-    107:107:private synthetic org.signal.libsignal.internal.CompletableFuture lambda$getNextIncomingRequest$1(long)
-    109:109:private static synthetic org.signal.libsignal.internal.CompletableFuture lambda$getNextIncomingRequest$0(long,long)
+    115:122:public org.signal.libsignal.internal.CompletableFuture getNextIncomingRequest()
+    125:132:private static synthetic org.signal.libsignal.protocol.util.Pair lambda$getNextIncomingRequest$2(java.lang.Long)
+    118:118:private synthetic org.signal.libsignal.internal.CompletableFuture lambda$getNextIncomingRequest$1(long)
+    120:120:private static synthetic org.signal.libsignal.internal.CompletableFuture lambda$getNextIncomingRequest$0(long,long)
 org.signal.libsignal.net.CdsiLookup:
     18:18:public static org.signal.libsignal.internal.CompletableFuture start(org.signal.libsignal.net.Network,java.lang.String,java.lang.String,org.signal.libsignal.net.CdsiLookupRequest)
 org.signal.libsignal.protocol.ServiceId:
diff --git a/java/client/src/main/java/org/signal/libsignal/net/AuthenticatedChatConnection.java b/java/client/src/main/java/org/signal/libsignal/net/AuthenticatedChatConnection.java
@@ -70,12 +70,23 @@ void setChat(ChatConnection chat) {
    */
   public static Pair<AuthenticatedChatConnection, FakeChatRemote> fakeConnect(
       final TokioAsyncContext tokioAsyncContext, ChatConnectionListener listener) {
+    return fakeConnect(tokioAsyncContext, listener, new String[0]);
+  }
+
+  /**
+   * Test-only method to create a {@code AuthenticatedChatConnection} connected to a fake remote.
+   *
+   * <p>The returned {@link FakeChatRemote} can be used to send messages to the connection.
+   */
+  public static Pair<AuthenticatedChatConnection, FakeChatRemote> fakeConnect(
+      final TokioAsyncContext tokioAsyncContext, ChatConnectionListener listener, String[] alerts) {
 
     return tokioAsyncContext.guardedMap(
         asyncContextHandle -> {
           SetChatLaterListenerBridge bridgeListener = new SetChatLaterListenerBridge();
           long fakeChatConnection =
-              NativeTesting.TESTING_FakeChatConnection_Create(asyncContextHandle, bridgeListener);
+              NativeTesting.TESTING_FakeChatConnection_Create(
+                  asyncContextHandle, bridgeListener, String.join("\n", alerts));
           AuthenticatedChatConnection chat =
               new AuthenticatedChatConnection(
                   tokioAsyncContext,
diff --git a/java/shared/java/org/signal/libsignal/internal/NativeTesting.java b/java/shared/java/org/signal/libsignal/internal/NativeTesting.java
@@ -67,7 +67,7 @@ private NativeTesting() {}
   public static native Object TESTING_ErrorOnReturnAsync(Object needsCleanup);
   public static native CompletableFuture<Object> TESTING_ErrorOnReturnIo(long asyncRuntime, Object needsCleanup);
   public static native Object TESTING_ErrorOnReturnSync(Object needsCleanup);
-  public static native long TESTING_FakeChatConnection_Create(long tokio, BridgeChatListener listener);
+  public static native long TESTING_FakeChatConnection_Create(long tokio, BridgeChatListener listener, String alertsJoinedByNewlines);
   public static native long TESTING_FakeChatConnection_TakeAuthenticatedChat(long chat);
   public static native long TESTING_FakeChatConnection_TakeRemote(long chat);
   public static native void TESTING_FakeChatRemoteEnd_InjectConnectionInterrupted(long chat);
diff --git a/node/Native.d.ts b/node/Native.d.ts
@@ -123,6 +123,7 @@ type ChatListener = {
     ack: ServerMessageAck
   ): void;
   _queue_empty(): void;
+  _received_alerts(alerts: string[]): void;
   _connection_interrupted(
     // A LibSignalError or null, but not naming the type to avoid circular import dependencies.
     reason: Error | null
@@ -532,7 +533,7 @@ export function TESTING_ErrorOnBorrowSync(_input: null): void;
 export function TESTING_ErrorOnReturnAsync(_needsCleanup: null): Promise<null>;
 export function TESTING_ErrorOnReturnIo(asyncRuntime: Wrapper<NonSuspendingBackgroundThreadRuntime>, _needsCleanup: null): CancellablePromise<null>;
 export function TESTING_ErrorOnReturnSync(_needsCleanup: null): null;
-export function TESTING_FakeChatConnection_Create(tokio: Wrapper<TokioAsyncContext>, listener: ChatListener): FakeChatConnection;
+export function TESTING_FakeChatConnection_Create(tokio: Wrapper<TokioAsyncContext>, listener: ChatListener, alertsJoinedByNewlines: string): FakeChatConnection;
 export function TESTING_FakeChatConnection_TakeAuthenticatedChat(chat: Wrapper<FakeChatConnection>): AuthenticatedChatConnection;
 export function TESTING_FakeChatConnection_TakeRemote(chat: Wrapper<FakeChatConnection>): FakeChatRemoteEnd;
 export function TESTING_FakeChatRemoteEnd_InjectConnectionInterrupted(chat: Wrapper<FakeChatRemoteEnd>): void;
diff --git a/node/ts/net/Chat.ts b/node/ts/net/Chat.ts
@@ -62,6 +62,13 @@ export interface ChatServiceListener extends ConnectionEventsListener {
    * were in the queue *when the connection was established* have been delivered.
    */
   onQueueEmpty(): void;
+
+  /**
+   * Called when the server has alerts for the current device.
+   *
+   * In practice this happens as part of the connecting process.
+   */
+  onReceivedAlerts?(alerts: string[]): void;
 }
 
 /**
@@ -229,18 +236,22 @@ export class AuthenticatedChatConnection implements ChatConnection {
    *
    * @param asyncContext the async runtime to use
    * @param listener the listener to send events to
+   * @param alerts alerts to send immediately upon connect
    * @returns an {@link AuthenticatedChatConnection} and handle for the remote
    * end of the fake connection.
    */
   public static fakeConnect(
     asyncContext: TokioAsyncContext,
-    listener: ChatServiceListener
+    listener: ChatServiceListener,
+    alerts?: ReadonlyArray<string>
   ): [AuthenticatedChatConnection, Wrapper<Native.FakeChatRemoteEnd>] {
     const nativeChatListener = makeNativeChatListener(asyncContext, listener);
+
     const fakeChat = newNativeHandle(
       Native.TESTING_FakeChatConnection_Create(
         asyncContext,
-        new WeakListenerWrapper(nativeChatListener)
+        new WeakListenerWrapper(nativeChatListener),
+        alerts?.join('\n') ?? ''
       )
     );
 
@@ -326,6 +337,9 @@ class WeakListenerWrapper implements Native.ChatListener {
   _queue_empty(): void {
     this.listener.deref()?._queue_empty();
   }
+  _received_alerts(alerts: string[]): void {
+    this.listener.deref()?._received_alerts(alerts);
+  }
 }
 
 function makeNativeChatListener(
@@ -348,6 +362,9 @@ function makeNativeChatListener(
       _queue_empty(): void {
         listener.onQueueEmpty();
       },
+      _received_alerts(alerts: string[]): void {
+        listener.onReceivedAlerts?.(alerts);
+      },
       _connection_interrupted(cause: Error | null): void {
         listener.onConnectionInterrupted(cause as LibSignalError | null);
       },
@@ -365,6 +382,9 @@ function makeNativeChatListener(
     _queue_empty(): void {
       throw new Error('Event not supported on unauthenticated connection');
     },
+    _received_alerts(_alerts: string[]): void {
+      throw new Error('Event not supported on unauthenticated connection');
+    },
     _connection_interrupted(cause: LibSignalError | null): void {
       listener.onConnectionInterrupted(cause);
     },
diff --git a/node/ts/test/ChatTest.ts b/node/ts/test/ChatTest.ts
@@ -128,6 +128,7 @@ describe('chat connection to mock server', () => {
             _ack: ChatServerMessageAck
           ) => {},
           onQueueEmpty: () => {},
+          onReceivedAlerts: (_alerts: string[]) => {},
           ...listener,
         };
         const device = chatServer.device?.device;
diff --git a/node/ts/test/NetTest.ts b/node/ts/test/NetTest.ts
@@ -421,12 +421,25 @@ describe('chat service api', () => {
       const listener = {
         onIncomingMessage: sinon.stub(),
         onQueueEmpty: sinon.stub(),
+        onReceivedAlerts: sinon.stub(),
         onConnectionInterrupted: sinon.stub(),
       };
+
+      // We have to set this up ahead of time because the callback is scheduled as part of the
+      // connect action.
+      const receivedAlerts = new CompletablePromise();
+      listener.onReceivedAlerts.callsFake(receivedAlerts.resolve);
+
       const tokio = new TokioAsyncContext(Native.TokioAsyncContext_new());
       const [_chat, fakeRemote] = AuthenticatedChatConnection.fakeConnect(
         tokio,
-        listener
+        listener,
+        ['UPPERcase', 'lowercase']
+      );
+
+      await receivedAlerts.done();
+      expect(listener.onReceivedAlerts).to.have.been.calledOnceWith(
+        sinon.match.array.deepEquals(['UPPERcase', 'lowercase'])
       );
 
       // a helper function to check that the message has been passed to the listener
@@ -475,6 +488,9 @@ describe('chat service api', () => {
         onQueueEmpty(): void {
           recordCall('_queue_empty');
         },
+        onReceivedAlerts(alerts: string[]): void {
+          recordCall('_received_alerts', alerts);
+        },
         onConnectionInterrupted(cause: object | null): void {
           recordCall('_connection_interrupted', cause);
         },
@@ -499,6 +515,10 @@ describe('chat service api', () => {
       ];
       const callsReceived: [string, (object | null)[]][] = [];
       const callsExpected: [string, ((value: object | null) => void)[]][] = [
+        [
+          '_received_alerts',
+          [(value: object | null) => expect(value).deep.equals([])],
+        ],
         ['_incoming_message', []],
         ['_queue_empty', []],
         ['_incoming_message', []],
@@ -550,6 +570,9 @@ describe('chat service api', () => {
         onQueueEmpty(): void {
           fail('unexpected call');
         },
+        onReceivedAlerts(_alerts: string[]): void {
+          fail('unexpected call');
+        },
         onConnectionInterrupted(cause: object | null): void {
           connectionInterruptedReasons.push(cause);
           completable.complete();
@@ -571,6 +594,7 @@ describe('chat service api', () => {
     const [chat, fakeRemote] = AuthenticatedChatConnection.fakeConnect(tokio, {
       onIncomingMessage: () => {},
       onQueueEmpty: () => {},
+      onReceivedAlerts() {},
       onConnectionInterrupted: () => {},
     });
 
diff --git a/rust/bridge/node/bin/Native.d.ts.in b/rust/bridge/node/bin/Native.d.ts.in
@@ -123,6 +123,7 @@ type ChatListener = {
     ack: ServerMessageAck
   ): void;
   _queue_empty(): void;
+  _received_alerts(alerts: string[]): void;
   _connection_interrupted(
     // A LibSignalError or null, but not naming the type to avoid circular import dependencies.
     reason: Error | null
diff --git a/rust/bridge/shared/testing/Cargo.toml b/rust/bridge/shared/testing/Cargo.toml
@@ -25,6 +25,7 @@ libsignal-net = { workspace = true }
 libsignal-protocol = { workspace = true }
 
 const-str = { workspace = true, features = ["std"] }
+either = { workspace = true }
 futures-util = { workspace = true }
 hex-literal = { workspace = true }
 http = { workspace = true }
diff --git a/rust/bridge/shared/testing/src/net/chat.rs b/rust/bridge/shared/testing/src/net/chat.rs
@@ -3,6 +3,7 @@
 // SPDX-License-Identifier: AGPL-3.0-only
 //
 
+use either::Either;
 use http::{HeaderMap, HeaderName, HeaderValue, StatusCode};
 use libsignal_bridge_macros::*;
 use libsignal_bridge_types::net::chat::{AuthenticatedChatConnection, ChatListener, HttpRequest};
@@ -39,8 +40,17 @@ impl std::panic::RefUnwindSafe for FakeChatRemoteEnd {}
 fn TESTING_FakeChatConnection_Create(
     tokio: &TokioAsyncContext,
     listener: Box<dyn ChatListener>,
+    alerts_joined_by_newlines: String,
 ) -> FakeChatConnection {
-    let (chat, remote) = AuthenticatedChatConnection::new_fake(tokio.handle(), listener);
+    let (chat, remote) = AuthenticatedChatConnection::new_fake(
+        tokio.handle(),
+        listener,
+        if alerts_joined_by_newlines.is_empty() {
+            Either::Left(std::iter::empty())
+        } else {
+            Either::Right(alerts_joined_by_newlines.split('\n'))
+        },
+    );
     FakeChatConnection {
         chat: Some(chat).into(),
         remote_end: Some(remote).into(),
diff --git a/rust/bridge/shared/types/src/ffi/chat.rs b/rust/bridge/shared/types/src/ffi/chat.rs
@@ -107,6 +107,13 @@ impl ChatListener for ChatListenerStruct {
         (self.0.received_queue_empty)(self.0.ctx)
     }
 
+    fn received_alerts(&mut self, alerts: Vec<String>) {
+        // TODO: Implement this for iOS.
+        if !alerts.is_empty() {
+            log::warn!("discarding {} alerts from the server", alerts.len());
+        }
+    }
+
     fn connection_interrupted(&mut self, disconnect_cause: DisconnectCause) {
         let error = match disconnect_cause {
             DisconnectCause::LocalDisconnect => None,
diff --git a/rust/bridge/shared/types/src/jni/chat.rs b/rust/bridge/shared/types/src/jni/chat.rs
@@ -86,6 +86,13 @@ impl ChatListener for JniChatListener {
         });
     }
 
+    fn received_alerts(&mut self, alerts: Vec<String>) {
+        // TODO: Implement this for Android.
+        if !alerts.is_empty() {
+            log::warn!("discarding {} alerts from the server", alerts.len());
+        }
+    }
+
     fn connection_interrupted(&mut self, disconnect_cause: DisconnectCause) {
         let listener = &self.listener;
         self.attach_and_log_on_error("connection interrupted", move |env| {
diff --git a/rust/bridge/shared/types/src/net/chat.rs b/rust/bridge/shared/types/src/net/chat.rs
@@ -105,12 +105,13 @@ impl AuthenticatedChatConnection {
         })
     }
 
-    pub fn new_fake(
+    pub fn new_fake<'a>(
         tokio_runtime: tokio::runtime::Handle,
         listener: Box<dyn ChatListener>,
+        alerts: impl IntoIterator<Item = &'a str>,
     ) -> (Self, FakeChatRemote) {
         let (inner, remote) =
-            ChatConnection::new_fake(tokio_runtime, listener.into_event_listener());
+            ChatConnection::new_fake(tokio_runtime, listener.into_event_listener(), alerts);
         (
             Self {
                 inner: MaybeChatConnection::Running(inner).into(),
@@ -343,6 +344,7 @@ pub trait ChatListener: Send {
         ack: ServerMessageAck,
     );
     fn received_queue_empty(&mut self);
+    fn received_alerts(&mut self, alerts: Vec<String>);
     fn connection_interrupted(&mut self, disconnect_cause: DisconnectCause);
 }
 
@@ -362,6 +364,7 @@ impl dyn ChatListener {
                 ServerMessageAck::new(send_ack),
             ),
             chat::server_requests::ServerEvent::QueueEmpty => self.received_queue_empty(),
+            chat::server_requests::ServerEvent::Alerts(alerts) => self.received_alerts(alerts),
             chat::server_requests::ServerEvent::Stopped(error) => {
                 self.connection_interrupted(error)
             }
diff --git a/rust/bridge/shared/types/src/node/chat.rs b/rust/bridge/shared/types/src/node/chat.rs
@@ -64,6 +64,25 @@ impl ChatListener for NodeChatListener {
         });
     }
 
+    fn received_alerts(&mut self, alerts: Vec<String>) {
+        let roots_shared = self.roots.clone();
+        self.js_channel.send(move |mut cx| {
+            let callback_object_shared = &roots_shared.callback_object;
+            let callback = callback_object_shared.to_inner(&mut cx);
+            let js_alerts = cx.empty_array();
+            // We use zip instead of enumerate here so that i is a u32 rather than usize.
+            for (alert, i) in alerts.into_iter().zip(0..) {
+                let js_alert = cx
+                    .try_string(alert)
+                    .unwrap_or_else(|_| cx.string("[invalid alert]"));
+                js_alerts.set(&mut cx, i, js_alert)?;
+            }
+            let _result = call_method(&mut cx, callback, "_received_alerts", [js_alerts.upcast()])?;
+            roots_shared.finalize(&mut cx);
+            Ok(())
+        });
+    }
+
     fn connection_interrupted(&mut self, disconnect_cause: DisconnectCause) {
         let disconnect_cause = match disconnect_cause {
             DisconnectCause::LocalDisconnect => None,
diff --git a/rust/net/Cargo.toml b/rust/net/Cargo.toml
@@ -28,7 +28,7 @@ const-str = { workspace = true, features = ["std"] }
 derive-where = { workspace = true }
 derive_more = { workspace = true, features = ["from"] }
 displaydoc = { workspace = true }
-either = "1.10.0"
+either = { workspace = true }
 futures-util = { workspace = true }
 hex = { workspace = true }
 hex-literal = { workspace = true }
diff --git a/rust/net/infra/Cargo.toml b/rust/net/infra/Cargo.toml
@@ -26,7 +26,7 @@ const-str = { workspace = true, features = ["std"] }
 derive-where = { workspace = true }
 derive_more = { workspace = true, features = ["from", "into", "into_iterator"] }
 displaydoc = { workspace = true }
-either = "1.10.0"
+either = { workspace = true }
 futures-util = { workspace = true }
 http = { workspace = true }
 http-body-util = "0.1.1"
diff --git a/rust/net/infra/src/route/connect/throttle.rs b/rust/net/infra/src/route/connect/throttle.rs
@@ -62,6 +62,13 @@ impl<C> ThrottlingConnector<C> {
 #[pin_project]
 pub struct ThrottledConnection<S>(#[pin] S, OwnedSemaphorePermit);
 
+impl<S> ThrottledConnection<S> {
+    /// Returns the inner connection, **discarding the semaphore permit.**
+    pub fn into_inner(self) -> S {
+        self.0
+    }
+}
+
 impl<C, R, Inner> Connector<R, Inner> for ThrottlingConnector<C>
 where
     R: Send,
diff --git a/rust/net/infra/src/ws.rs b/rust/net/infra/src/ws.rs
diff --git a/rust/net/src/chat.rs b/rust/net/src/chat.rs
diff --git a/rust/net/src/chat/fake.rs b/rust/net/src/chat/fake.rs
diff --git a/rust/net/src/chat/server_requests.rs b/rust/net/src/chat/server_requests.rs
diff --git a/rust/net/src/chat/ws2.rs b/rust/net/src/chat/ws2.rs
diff --git a/rust/net/src/env.rs b/rust/net/src/env.rs
diff --git a/swift/Sources/LibSignalClient/ChatConnection+Fake.swift b/swift/Sources/LibSignalClient/ChatConnection+Fake.swift
diff --git a/swift/Sources/SignalFfi/signal_ffi_testing.h b/swift/Sources/SignalFfi/signal_ffi_testing.h
