Introduce spam report tokens

2026-04-22 02:08:12 +01:00 · 2023-01-19 11:13:43 -05:00
parent ee5aaf5383
commit ab26a65b6a
9 changed files with 325 additions and 57 deletions
--- a/service/src/main/java/org/whispersystems/textsecuregcm/WhisperServerService.java
+++ b/service/src/main/java/org/whispersystems/textsecuregcm/WhisperServerService.java
@@ -73,6 +73,8 @@ import org.whispersystems.dispatch.DispatchManager;
 import org.whispersystems.textsecuregcm.abuse.AbusiveMessageFilter;
 import org.whispersystems.textsecuregcm.abuse.FilterAbusiveMessages;
 import org.whispersystems.textsecuregcm.abuse.RateLimitChallengeListener;
+import org.whispersystems.textsecuregcm.abuse.ReportSpamTokenHandler;
+import org.whispersystems.textsecuregcm.abuse.ReportSpamTokenProvider;
 import org.whispersystems.textsecuregcm.auth.AccountAuthenticator;
 import org.whispersystems.textsecuregcm.auth.AuthenticatedAccount;
 import org.whispersystems.textsecuregcm.auth.CertificateGenerator;
@@ -678,50 +680,29 @@ public class WhisperServerService extends Application<WhisperServerConfiguration

    environment.jersey().register(new KeysController(rateLimiters, keys, accountsManager));

-    final List<Object> commonControllers = Lists.newArrayList(
-        new ArtController(rateLimiters, artCredentialsGenerator),
-        new AttachmentControllerV2(rateLimiters, config.getAwsAttachmentsConfiguration().getAccessKey(), config.getAwsAttachmentsConfiguration().getAccessSecret(), config.getAwsAttachmentsConfiguration().getRegion(), config.getAwsAttachmentsConfiguration().getBucket()),
-        new AttachmentControllerV3(rateLimiters, config.getGcpAttachmentsConfiguration().getDomain(), config.getGcpAttachmentsConfiguration().getEmail(), config.getGcpAttachmentsConfiguration().getMaxSizeInBytes(), config.getGcpAttachmentsConfiguration().getPathPrefix(), config.getGcpAttachmentsConfiguration().getRsaSigningKey()),
-        new CertificateController(new CertificateGenerator(config.getDeliveryCertificate().getCertificate(), config.getDeliveryCertificate().getPrivateKey(), config.getDeliveryCertificate().getExpiresDays()), zkAuthOperations, clock),
-        new ChallengeController(rateLimitChallengeManager),
-        new DeviceController(pendingDevicesManager, accountsManager, messagesManager, keys, rateLimiters, config.getMaxDevices()),
-        new DirectoryController(directoryCredentialsGenerator),
-        new DirectoryV2Controller(directoryV2CredentialsGenerator),
-        new DonationController(clock, zkReceiptOperations, redeemedReceiptsManager, accountsManager, config.getBadges(),
-            ReceiptCredentialPresentation::new),
-        new MessageController(rateLimiters, messageSender, receiptSender, accountsManager, deletedAccountsManager, messagesManager, pushNotificationManager, reportMessageManager, multiRecipientMessageExecutor),
-        new PaymentsController(currencyManager, paymentsCredentialsGenerator),
-        new ProfileController(clock, rateLimiters, accountsManager, profilesManager, dynamicConfigurationManager,
-            profileBadgeConverter, config.getBadges(), cdnS3Client, profileCdnPolicyGenerator, profileCdnPolicySigner,
-            config.getCdnConfiguration().getBucket(), zkProfileOperations, batchIdentityCheckExecutor),
-        new ProvisioningController(rateLimiters, provisioningManager),
-        new RemoteConfigController(remoteConfigsManager, adminEventLogger,
-            config.getRemoteConfigConfiguration().getAuthorizedTokens(),
-            config.getRemoteConfigConfiguration().getGlobalConfig()),
-        new SecureBackupController(backupCredentialsGenerator),
-        new SecureStorageController(storageCredentialsGenerator),
-        new StickerController(rateLimiters, config.getCdnConfiguration().getAccessKey(),
-            config.getCdnConfiguration().getAccessSecret(), config.getCdnConfiguration().getRegion(),
-            config.getCdnConfiguration().getBucket())
-    );
-    if (config.getSubscription() != null && config.getOneTimeDonations() != null) {
-      commonControllers.add(new SubscriptionController(clock, config.getSubscription(), config.getOneTimeDonations(),
-          subscriptionManager, stripeManager, braintreeManager, zkReceiptOperations, issuedReceiptsManager, profileBadgeConverter,
-          resourceBundleLevelTranslator));
-    }
-
-    for (Object controller : commonControllers) {
-      environment.jersey().register(controller);
-      webSocketEnvironment.jersey().register(controller);
-    }
-
    boolean registeredAbusiveMessageFilter = false;
+    ReportSpamTokenProvider reportSpamTokenProvider = null;
+    ReportSpamTokenHandler reportSpamTokenHandler = null;

    for (final AbusiveMessageFilter filter : ServiceLoader.load(AbusiveMessageFilter.class)) {
      if (filter.getClass().isAnnotationPresent(FilterAbusiveMessages.class)) {
        try {
          filter.configure(config.getAbusiveMessageFilterConfiguration().getEnvironment());

+          ReportSpamTokenProvider thisProvider = filter.getReportSpamTokenProvider();
+          if (reportSpamTokenProvider == null) {
+            reportSpamTokenProvider = thisProvider;
+          } else if (thisProvider != null) {
+            log.info("Multiple spam report token providers found. Using the first.");
+          }
+
+          ReportSpamTokenHandler thisHandler = filter.getReportSpamTokenHandler();
+          if (reportSpamTokenHandler == null) {
+            reportSpamTokenHandler = thisHandler;
+          } else if (thisProvider != null) {
+            log.info("Multiple spam report token handlers found. Using the first.");
+          }
+
          environment.lifecycle().manage(filter);
          environment.jersey().register(filter);
          webSocketEnvironment.jersey().register(filter);
@@ -746,6 +727,52 @@ public class WhisperServerService extends Application<WhisperServerConfiguration
      log.warn("No abusive message filters installed");
    }

+    if (reportSpamTokenProvider == null) {
+      reportSpamTokenProvider = ReportSpamTokenProvider.noop();
+    }
+
+    if (reportSpamTokenHandler == null) {
+      reportSpamTokenHandler = ReportSpamTokenHandler.noop();
+    }
+
+    final List<Object> commonControllers = Lists.newArrayList(
+        new ArtController(rateLimiters, artCredentialsGenerator),
+        new AttachmentControllerV2(rateLimiters, config.getAwsAttachmentsConfiguration().getAccessKey(), config.getAwsAttachmentsConfiguration().getAccessSecret(), config.getAwsAttachmentsConfiguration().getRegion(), config.getAwsAttachmentsConfiguration().getBucket()),
+        new AttachmentControllerV3(rateLimiters, config.getGcpAttachmentsConfiguration().getDomain(), config.getGcpAttachmentsConfiguration().getEmail(), config.getGcpAttachmentsConfiguration().getMaxSizeInBytes(), config.getGcpAttachmentsConfiguration().getPathPrefix(), config.getGcpAttachmentsConfiguration().getRsaSigningKey()),
+        new CertificateController(new CertificateGenerator(config.getDeliveryCertificate().getCertificate(), config.getDeliveryCertificate().getPrivateKey(), config.getDeliveryCertificate().getExpiresDays()), zkAuthOperations, clock),
+        new ChallengeController(rateLimitChallengeManager),
+        new DeviceController(pendingDevicesManager, accountsManager, messagesManager, keys, rateLimiters, config.getMaxDevices()),
+        new DirectoryController(directoryCredentialsGenerator),
+        new DirectoryV2Controller(directoryV2CredentialsGenerator),
+        new DonationController(clock, zkReceiptOperations, redeemedReceiptsManager, accountsManager, config.getBadges(),
+            ReceiptCredentialPresentation::new),
+        new MessageController(rateLimiters, messageSender, receiptSender, accountsManager, deletedAccountsManager, messagesManager, pushNotificationManager, reportMessageManager, multiRecipientMessageExecutor,
+            reportSpamTokenProvider, reportSpamTokenHandler),
+        new PaymentsController(currencyManager, paymentsCredentialsGenerator),
+        new ProfileController(clock, rateLimiters, accountsManager, profilesManager, dynamicConfigurationManager,
+            profileBadgeConverter, config.getBadges(), cdnS3Client, profileCdnPolicyGenerator, profileCdnPolicySigner,
+            config.getCdnConfiguration().getBucket(), zkProfileOperations, batchIdentityCheckExecutor),
+        new ProvisioningController(rateLimiters, provisioningManager),
+        new RemoteConfigController(remoteConfigsManager, adminEventLogger,
+            config.getRemoteConfigConfiguration().getAuthorizedTokens(),
+            config.getRemoteConfigConfiguration().getGlobalConfig()),
+        new SecureBackupController(backupCredentialsGenerator),
+        new SecureStorageController(storageCredentialsGenerator),
+        new StickerController(rateLimiters, config.getCdnConfiguration().getAccessKey(),
+            config.getCdnConfiguration().getAccessSecret(), config.getCdnConfiguration().getRegion(),
+            config.getCdnConfiguration().getBucket())
+    );
+    if (config.getSubscription() != null && config.getOneTimeDonations() != null) {
+      commonControllers.add(new SubscriptionController(clock, config.getSubscription(), config.getOneTimeDonations(),
+          subscriptionManager, stripeManager, braintreeManager, zkReceiptOperations, issuedReceiptsManager, profileBadgeConverter,
+          resourceBundleLevelTranslator));
+    }
+
+    for (Object controller : commonControllers) {
+      environment.jersey().register(controller);
+      webSocketEnvironment.jersey().register(controller);
+    }
+
    WebSocketEnvironment<AuthenticatedAccount> provisioningEnvironment = new WebSocketEnvironment<>(environment,
        webSocketEnvironment.getRequestLog(), 60000);
    provisioningEnvironment.jersey().register(new WebsocketRefreshApplicationEventListener(accountsManager, clientPresenceManager));
--- a/service/src/main/java/org/whispersystems/textsecuregcm/abuse/AbusiveMessageFilter.java
+++ b/service/src/main/java/org/whispersystems/textsecuregcm/abuse/AbusiveMessageFilter.java
@@ -30,4 +30,19 @@ public interface AbusiveMessageFilter extends ContainerRequestFilter, Managed {
   * @throws IOException if the filter could not read its configuration source for any reason
   */
  void configure(String environmentName) throws IOException;
+
+  /**
+   * Builds a spam report token provider. This will generate tokens used by the spam reporting system.
+   *
+   * @return the configured spam report token provider.
+   */
+  ReportSpamTokenProvider getReportSpamTokenProvider();
+
+  /**
+   * Builds a spam report token handler. This will handle tokens received by the spam reporting system.
+   *
+   * @return the configured spam report token handler
+   */
+  ReportSpamTokenHandler getReportSpamTokenHandler();
+
 }
--- a/service/src/main/java/org/whispersystems/textsecuregcm/abuse/ReportSpamTokenHandler.java
+++ b/service/src/main/java/org/whispersystems/textsecuregcm/abuse/ReportSpamTokenHandler.java
@@ -0,0 +1,47 @@
+package org.whispersystems.textsecuregcm.abuse;
+
+import java.util.Optional;
+import java.util.UUID;
+import java.util.concurrent.CompletableFuture;
+
+/**
+ * Handles ReportSpamTokens during spam reports.
+ */
+public interface ReportSpamTokenHandler {
+
+  /**
+   * Handle spam reports using the given ReportSpamToken and other provided parameters.
+   *
+   * @param reportSpamToken binary data representing a spam report token.
+   * @return true if the token could be handled (and was), false otherwise.
+   */
+  CompletableFuture<Boolean> handle(
+      Optional<String> sourceNumber,
+      Optional<UUID> sourceAci,
+      Optional<UUID> sourcePni,
+      UUID messageGuid,
+      UUID spamReporterUuid,
+      byte[] reportSpamToken);
+
+  /**
+   * Handler which does nothing.
+   *
+   * @return the handler
+   */
+  static ReportSpamTokenHandler noop() {
+    return new ReportSpamTokenHandler() {
+      @Override
+      public CompletableFuture<Boolean> handle(
+          final Optional<String> sourceNumber,
+          final Optional<UUID> sourceAci,
+          final Optional<UUID> sourcePni,
+          final UUID messageGuid,
+          final UUID spamReporterUuid,
+          final byte[] reportSpamToken) {
+        return CompletableFuture.completedFuture(false);
+      }
+    };
+  }
+
+
+}
--- a/service/src/main/java/org/whispersystems/textsecuregcm/abuse/ReportSpamTokenProvider.java
+++ b/service/src/main/java/org/whispersystems/textsecuregcm/abuse/ReportSpamTokenProvider.java
@@ -0,0 +1,38 @@
+package org.whispersystems.textsecuregcm.abuse;
+
+import javax.ws.rs.container.ContainerRequestContext;
+import java.util.Optional;
+import java.util.function.Function;
+
+/**
+ * Generates ReportSpamTokens to be used for spam reports.
+ */
+public interface ReportSpamTokenProvider {
+
+  /**
+   * Generate a new ReportSpamToken
+   *
+   * @param context the message request context
+   * @return either a generated token or nothing
+   */
+  Optional<byte[]> makeReportSpamToken(ContainerRequestContext context);
+
+  /**
+   * Provider which generates nothing
+   *
+   * @return the provider
+   */
+  static ReportSpamTokenProvider noop() {
+    return create(c -> Optional.empty());
+  }
+
+  /**
+   * Provider which generates ReportSpamTokens using the given function
+   *
+   * @param fn function from message requests to optional tokens
+   * @return the provider
+   */
+  static ReportSpamTokenProvider create(Function<ContainerRequestContext, Optional<byte[]>> fn) {
+    return fn::apply;
+  }
+}
--- a/service/src/main/java/org/whispersystems/textsecuregcm/controllers/MessageController.java
+++ b/service/src/main/java/org/whispersystems/textsecuregcm/controllers/MessageController.java
@@ -55,12 +55,16 @@ import javax.ws.rs.PathParam;
 import javax.ws.rs.Produces;
 import javax.ws.rs.QueryParam;
 import javax.ws.rs.WebApplicationException;
+import javax.ws.rs.container.ContainerRequestContext;
+import javax.ws.rs.core.Context;
 import javax.ws.rs.core.MediaType;
 import javax.ws.rs.core.Response;
 import javax.ws.rs.core.Response.Status;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.whispersystems.textsecuregcm.abuse.FilterAbusiveMessages;
+import org.whispersystems.textsecuregcm.abuse.ReportSpamTokenHandler;
+import org.whispersystems.textsecuregcm.abuse.ReportSpamTokenProvider;
 import org.whispersystems.textsecuregcm.auth.Anonymous;
 import org.whispersystems.textsecuregcm.auth.AuthenticatedAccount;
 import org.whispersystems.textsecuregcm.auth.CombinedUnidentifiedSenderAccessKeys;
@@ -78,6 +82,7 @@ import org.whispersystems.textsecuregcm.entities.OutgoingMessageEntity;
 import org.whispersystems.textsecuregcm.entities.OutgoingMessageEntityList;
 import org.whispersystems.textsecuregcm.entities.SendMessageResponse;
 import org.whispersystems.textsecuregcm.entities.SendMultiRecipientMessageResponse;
+import org.whispersystems.textsecuregcm.entities.SpamReport;
 import org.whispersystems.textsecuregcm.entities.StaleDevices;
 import org.whispersystems.textsecuregcm.limits.RateLimiters;
 import org.whispersystems.textsecuregcm.metrics.MessageMetrics;
@@ -117,6 +122,8 @@ public class MessageController {
  private final PushNotificationManager pushNotificationManager;
  private final ReportMessageManager reportMessageManager;
  private final ExecutorService multiRecipientMessageExecutor;
+  private final ReportSpamTokenProvider reportSpamTokenProvider;
+  private final ReportSpamTokenHandler reportSpamTokenHandler;

  private static final String REJECT_OVERSIZE_MESSAGE_COUNTER = name(MessageController.class, "rejectOversizeMessage");
  private static final String SENT_MESSAGE_COUNTER_NAME = name(MessageController.class, "sentMessages");
@@ -147,7 +154,9 @@ public class MessageController {
      MessagesManager messagesManager,
      PushNotificationManager pushNotificationManager,
      ReportMessageManager reportMessageManager,
-      @Nonnull ExecutorService multiRecipientMessageExecutor) {
+      @Nonnull ExecutorService multiRecipientMessageExecutor,
+      @Nonnull ReportSpamTokenProvider reportSpamTokenProvider,
+      @Nonnull ReportSpamTokenHandler reportSpamTokenHandler) {
    this.rateLimiters = rateLimiters;
    this.messageSender = messageSender;
    this.receiptSender = receiptSender;
@@ -157,6 +166,9 @@ public class MessageController {
    this.pushNotificationManager = pushNotificationManager;
    this.reportMessageManager = reportMessageManager;
    this.multiRecipientMessageExecutor = Objects.requireNonNull(multiRecipientMessageExecutor);
+    this.reportSpamTokenProvider = reportSpamTokenProvider;
+    this.reportSpamTokenHandler = reportSpamTokenHandler;
+
  }

  @Timed
@@ -171,7 +183,9 @@ public class MessageController {
      @HeaderParam(HttpHeaders.X_FORWARDED_FOR) String forwardedFor,
      @PathParam("destination") UUID destinationUuid,
      @QueryParam("story") boolean isStory,
-      @NotNull @Valid IncomingMessageList messages)
+      @NotNull @Valid IncomingMessageList messages,
+      @Context ContainerRequestContext context
+  )
      throws RateLimitExceededException {

    if (source.isEmpty() && accessKey.isEmpty() && !isStory) {
@@ -190,6 +204,13 @@ public class MessageController {
      senderType = SENDER_TYPE_UNIDENTIFIED;
    }

+    final Optional<byte[]> spamReportToken;
+    if (senderType.equals(SENDER_TYPE_IDENTIFIED)) {
+      spamReportToken = reportSpamTokenProvider.makeReportSpamToken(context);
+    } else {
+      spamReportToken = Optional.empty();
+    }
+
    for (final IncomingMessage message : messages.messages()) {

      int contentLength = 0;
@@ -267,7 +288,18 @@ public class MessageController {

        if (destinationDevice.isPresent()) {
          Metrics.counter(SENT_MESSAGE_COUNTER_NAME, tags).increment();
-          sendIndividualMessage(source, destination.get(), destinationDevice.get(), destinationUuid, messages.timestamp(), messages.online(), isStory, messages.urgent(), incomingMessage, userAgent);
+          sendIndividualMessage(
+              source,
+              destination.get(),
+              destinationDevice.get(),
+              destinationUuid,
+              messages.timestamp(),
+              messages.online(),
+              isStory,
+              messages.urgent(),
+              incomingMessage,
+              userAgent,
+              spamReportToken);
        }
      }

@@ -570,9 +602,14 @@ public class MessageController {

  @Timed
  @POST
+  @Consumes(MediaType.APPLICATION_JSON)
  @Path("/report/{source}/{messageGuid}")
-  public Response reportMessage(@Auth AuthenticatedAccount auth, @PathParam("source") String source,
-      @PathParam("messageGuid") UUID messageGuid) {
+  public Response reportSpamMessage(
+      @Auth AuthenticatedAccount auth,
+      @PathParam("source") String source,
+      @PathParam("messageGuid") UUID messageGuid,
+      @Nullable @Valid SpamReport spamReport
+  ) {

    final Optional<String> sourceNumber;
    final Optional<UUID> sourceAci;
@@ -602,13 +639,30 @@ public class MessageController {
      }
    }

-    reportMessageManager.report(sourceNumber, sourceAci, sourcePni, messageGuid, auth.getAccount().getUuid());
+    UUID spamReporterUuid = auth.getAccount().getUuid();
+
+    // spam report token is optional, but if provided ensure it is valid base64.
+    byte[] spamReportToken = null;
+    if (spamReport != null) {
+      try {
+        spamReportToken = Base64.getDecoder().decode(spamReport.token());
+      } catch (IllegalArgumentException e) {
+        throw new WebApplicationException(Response.status(400).build());
+      }
+    }
+
+    // fire-and-forget: we don't want to block the response on this action.
+    CompletableFuture<Boolean> ignored =
+      reportSpamTokenHandler.handle(sourceNumber, sourceAci, sourcePni, messageGuid, spamReporterUuid, spamReportToken);
+
+    reportMessageManager.report(sourceNumber, sourceAci, sourcePni, messageGuid, spamReporterUuid);

    return Response.status(Status.ACCEPTED)
        .build();
  }

-  private void sendIndividualMessage(Optional<AuthenticatedAccount> source,
+  private void sendIndividualMessage(
+      Optional<AuthenticatedAccount> source,
      Account destinationAccount,
      Device destinationDevice,
      UUID destinationUuid,
@@ -617,18 +671,23 @@ public class MessageController {
      boolean story,
      boolean urgent,
      IncomingMessage incomingMessage,
-      String userAgentString)
+      String userAgentString,
+      Optional<byte[]> spamReportToken)
      throws NoSuchUserException {
    try {
      final Envelope envelope;

      try {
-        envelope = incomingMessage.toEnvelope(destinationUuid,
-            source.map(AuthenticatedAccount::getAccount).orElse(null),
-            source.map(authenticatedAccount -> authenticatedAccount.getAuthenticatedDevice().getId()).orElse(null),
+        Account sourceAccount = source.map(AuthenticatedAccount::getAccount).orElse(null);
+        Long sourceDeviceId = source.map(account -> account.getAuthenticatedDevice().getId()).orElse(null);
+        envelope = incomingMessage.toEnvelope(
+            destinationUuid,
+            sourceAccount,
+            sourceDeviceId,
            timestamp == 0 ? System.currentTimeMillis() : timestamp,
            story,
-            urgent);
+            urgent,
+            spamReportToken.orElse(null));
      } catch (final IllegalArgumentException e) {
        logger.warn("Received bad envelope type {} from {}", incomingMessage.type(), userAgentString);
        throw new BadRequestException(e);
--- a/service/src/main/java/org/whispersystems/textsecuregcm/entities/IncomingMessage.java
+++ b/service/src/main/java/org/whispersystems/textsecuregcm/entities/IncomingMessage.java
@@ -18,7 +18,8 @@ public record IncomingMessage(int type, long destinationDeviceId, int destinatio
      @Nullable Long sourceDeviceId,
      final long timestamp,
      final boolean story,
-      final boolean urgent) {
+      final boolean urgent,
+      @Nullable byte[] reportSpamToken) {

    final MessageProtos.Envelope.Type envelopeType = MessageProtos.Envelope.Type.forNumber(type());

@@ -36,10 +37,15 @@ public record IncomingMessage(int type, long destinationDeviceId, int destinatio
        .setUrgent(urgent);

    if (sourceAccount != null && sourceDeviceId != null) {
-      envelopeBuilder.setSourceUuid(sourceAccount.getUuid().toString())
+      envelopeBuilder
+          .setSourceUuid(sourceAccount.getUuid().toString())
          .setSourceDevice(sourceDeviceId.intValue());
    }

+    if (reportSpamToken != null) {
+      envelopeBuilder.setReportSpamToken(ByteString.copyFrom(reportSpamToken));
+    }
+
    if (StringUtils.isNotEmpty(content())) {
      envelopeBuilder.setContent(ByteString.copyFrom(Base64.getDecoder().decode(content())));
    }
--- a/service/src/main/java/org/whispersystems/textsecuregcm/entities/SpamReport.java
+++ b/service/src/main/java/org/whispersystems/textsecuregcm/entities/SpamReport.java
@@ -0,0 +1,7 @@
+package org.whispersystems.textsecuregcm.entities;
+
+import com.fasterxml.jackson.annotation.JsonProperty;
+import javax.validation.Valid;
+import javax.validation.constraints.NotEmpty;
+
+public record SpamReport(@JsonProperty("token") @NotEmpty String token) {}