Allow rotating a single backup-id at a time

2026-04-20 15:38:07 +01:00 · 2025-10-06 12:18:31 -05:00
parent e0eaa76ebf
commit d6c15ef1d5
7 changed files with 165 additions and 115 deletions
--- a/service/src/main/java/org/whispersystems/textsecuregcm/controllers/ArchiveController.java
+++ b/service/src/main/java/org/whispersystems/textsecuregcm/controllers/ArchiveController.java
@@ -114,19 +114,20 @@ public class ArchiveController {
      @Schema(description = """
          A BackupAuthCredentialRequest containing a blinded encrypted backup-id, encoded in standard padded base64.
          This backup-id should be used for message backups only, and must have the message backup type set on the
-          credential.
+          credential. If absent, the message credential request will not be updated.
          """, implementation = String.class)
      @JsonDeserialize(using = BackupAuthCredentialAdapter.CredentialRequestDeserializer.class)
      @JsonSerialize(using = BackupAuthCredentialAdapter.CredentialRequestSerializer.class)
-      @NotNull BackupAuthCredentialRequest messagesBackupAuthCredentialRequest,
+      BackupAuthCredentialRequest messagesBackupAuthCredentialRequest,

      @Schema(description = """
          A BackupAuthCredentialRequest containing a blinded encrypted backup-id, encoded in standard padded base64.
-          This backup-id should be used for media only, and must have the media type set on the credential.
+          This backup-id should be used for media only, and must have the media type set on the credential. If absent,
+          only the media credential request will not be updated.
          """, implementation = String.class)
      @JsonDeserialize(using = BackupAuthCredentialAdapter.CredentialRequestDeserializer.class)
      @JsonSerialize(using = BackupAuthCredentialAdapter.CredentialRequestSerializer.class)
-      @NotNull BackupAuthCredentialRequest mediaBackupAuthCredentialRequest) {}
+      BackupAuthCredentialRequest mediaBackupAuthCredentialRequest) {}


  @PUT
@@ -136,11 +137,13 @@ public class ArchiveController {
  @Operation(
      summary = "Set backup id",
      description = """
-          Set a (blinded) backup-id for the account. Each account may have a single active backup-id that can be used
-          to store and retrieve backups. Once the backup-id is set, BackupAuthCredentials can be generated
-          using /v1/archives/auth.
+          Set (blinded) backup-id(s) for the account. Each account may have a single active backup-id for each
+          credential type that can be used to store and retrieve backups. Once the backup-id is set,
+          BackupAuthCredentials can be generated using /v1/archives/auth.

          The blinded backup-id and the key-pair used to blind it should be derived from a recoverable secret.
+          
+          At least one of `messagesBackupAuthCredentialRequest`, `mediaBackupAuthCredentialRequest` must be set.
          """)
  @ApiResponse(responseCode = "204", description = "The backup-id was set")
  @ApiResponse(responseCode = "400", description = "The provided backup auth credential request was invalid")
@@ -159,8 +162,9 @@ public class ArchiveController {
              .orElseThrow(() -> new WebApplicationException(Response.Status.UNAUTHORIZED));

          return backupAuthManager
-              .commitBackupId(account, device, setBackupIdRequest.messagesBackupAuthCredentialRequest,
-                  setBackupIdRequest.mediaBackupAuthCredentialRequest)
+              .commitBackupId(account, device,
+                  Optional.ofNullable(setBackupIdRequest.messagesBackupAuthCredentialRequest),
+                  Optional.ofNullable(setBackupIdRequest.mediaBackupAuthCredentialRequest))
              .thenApply(Util.ASYNC_EMPTY_RESPONSE);
        });
  }