Improve security

2026-03-07 15:34:23 +00:00
parent add685a326
commit 611de57bf8
31 changed files with 3617 additions and 58 deletions
--- a/core/migrations/0038_userxmppomemostate_and_more.py
+++ b/core/migrations/0038_userxmppomemostate_and_more.py
@@ -0,0 +1,33 @@
+# Generated by Django 5.2.11 on 2026-03-06 20:42
+
+from django.conf import settings
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('core', '0037_derivedtask_due_date_assignee_identifier'),
+    ]
+
+    operations = [
+        migrations.CreateModel(
+            name='UserXmppOmemoState',
+            fields=[
+                ('id', models.BigAutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
+                ('status', models.CharField(choices=[('pending', 'Pending'), ('detected', 'Detected'), ('no_omemo', 'No OMEMO'), ('error', 'Error')], default='pending', max_length=32)),
+                ('latest_client_key', models.CharField(blank=True, default='', max_length=255)),
+                ('last_sender_jid', models.CharField(blank=True, default='', max_length=255)),
+                ('last_target_jid', models.CharField(blank=True, default='', max_length=255)),
+                ('status_reason', models.TextField(blank=True, default='')),
+                ('details', models.JSONField(blank=True, default=dict)),
+                ('last_seen_at', models.DateTimeField(blank=True, null=True)),
+                ('created_at', models.DateTimeField(auto_now_add=True)),
+                ('updated_at', models.DateTimeField(auto_now=True)),
+                ('user', models.OneToOneField(on_delete=models.deletion.CASCADE, related_name='xmpp_omemo_state', to=settings.AUTH_USER_MODEL)),
+            ],
+            options={
+                'indexes': [models.Index(fields=['status', 'updated_at'], name='core_userxm_status_133ead_idx')],
+            },
+        ),
+    ]
--- a/core/migrations/0039_userxmppsecuritysettings.py
+++ b/core/migrations/0039_userxmppsecuritysettings.py
@@ -0,0 +1,27 @@
+from django.conf import settings
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('core', '0038_userxmppomemostate_and_more'),
+        migrations.swappable_dependency(settings.AUTH_USER_MODEL),
+    ]
+
+    operations = [
+        migrations.CreateModel(
+            name='UserXmppSecuritySettings',
+            fields=[
+                ('id', models.BigAutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
+                ('require_omemo', models.BooleanField(default=False)),
+                ('created_at', models.DateTimeField(auto_now_add=True)),
+                ('updated_at', models.DateTimeField(auto_now=True)),
+                ('user', models.OneToOneField(
+                    on_delete=models.deletion.CASCADE,
+                    related_name='xmpp_security_settings',
+                    to=settings.AUTH_USER_MODEL,
+                )),
+            ],
+        ),
+    ]
--- a/core/migrations/0040_commandsecuritypolicy_gatewaycommandevent.py
+++ b/core/migrations/0040_commandsecuritypolicy_gatewaycommandevent.py
@@ -0,0 +1,100 @@
+# Generated by Django 4.2.19 on 2026-03-07 00:00
+
+from django.conf import settings
+from django.db import migrations, models
+import django.db.models.deletion
+
+
+class Migration(migrations.Migration):
+    dependencies = [
+        ("core", "0039_userxmppsecuritysettings"),
+    ]
+
+    operations = [
+        migrations.CreateModel(
+            name="CommandSecurityPolicy",
+            fields=[
+                ("id", models.BigAutoField(auto_created=True, primary_key=True, serialize=False, verbose_name="ID")),
+                ("scope_key", models.CharField(default="gateway.tasks", max_length=64)),
+                ("enabled", models.BooleanField(default=True)),
+                ("require_omemo", models.BooleanField(default=False)),
+                ("require_trusted_omemo_fingerprint", models.BooleanField(default=False)),
+                ("allowed_services", models.JSONField(blank=True, default=list)),
+                ("allowed_channels", models.JSONField(blank=True, default=dict)),
+                ("settings", models.JSONField(blank=True, default=dict)),
+                ("created_at", models.DateTimeField(auto_now_add=True)),
+                ("updated_at", models.DateTimeField(auto_now=True)),
+                (
+                    "user",
+                    models.ForeignKey(
+                        on_delete=django.db.models.deletion.CASCADE,
+                        related_name="command_security_policies",
+                        to=settings.AUTH_USER_MODEL,
+                    ),
+                ),
+            ],
+            options={
+                "indexes": [
+                    models.Index(fields=["user", "scope_key"], name="core_comman_user_id_701379_idx"),
+                    models.Index(
+                        fields=["user", "enabled", "updated_at"],
+                        name="core_comman_user_id_82e21d_idx",
+                    ),
+                ],
+                "constraints": [
+                    models.UniqueConstraint(
+                        fields=("user", "scope_key"),
+                        name="unique_command_security_policy_per_scope",
+                    )
+                ],
+            },
+        ),
+        migrations.CreateModel(
+            name="GatewayCommandEvent",
+            fields=[
+                ("id", models.BigAutoField(auto_created=True, primary_key=True, serialize=False, verbose_name="ID")),
+                ("service", models.CharField(choices=[("signal", "Signal"), ("whatsapp", "WhatsApp"), ("xmpp", "XMPP"), ("instagram", "Instagram"), ("web", "Web")], max_length=255)),
+                ("channel_identifier", models.CharField(blank=True, default="", max_length=255)),
+                ("sender_identifier", models.CharField(blank=True, default="", max_length=255)),
+                ("scope_key", models.CharField(blank=True, default="", max_length=64)),
+                ("command_name", models.CharField(blank=True, default="", max_length=64)),
+                ("command_text", models.TextField(blank=True, default="")),
+                ("status", models.CharField(choices=[("pending", "Pending"), ("blocked", "Blocked"), ("ok", "OK"), ("failed", "Failed"), ("ignored", "Ignored")], default="pending", max_length=32)),
+                ("error", models.TextField(blank=True, default="")),
+                ("request_meta", models.JSONField(blank=True, default=dict)),
+                ("response_meta", models.JSONField(blank=True, default=dict)),
+                ("created_at", models.DateTimeField(auto_now_add=True)),
+                ("updated_at", models.DateTimeField(auto_now=True)),
+                (
+                    "source_message",
+                    models.ForeignKey(
+                        blank=True,
+                        null=True,
+                        on_delete=django.db.models.deletion.SET_NULL,
+                        related_name="gateway_command_events",
+                        to="core.message",
+                    ),
+                ),
+                (
+                    "user",
+                    models.ForeignKey(
+                        on_delete=django.db.models.deletion.CASCADE,
+                        related_name="gateway_command_events",
+                        to=settings.AUTH_USER_MODEL,
+                    ),
+                ),
+            ],
+            options={
+                "indexes": [
+                    models.Index(
+                        fields=["user", "scope_key", "created_at"],
+                        name="core_gatewa_user_id_d997cf_idx",
+                    ),
+                    models.Index(
+                        fields=["user", "status", "created_at"],
+                        name="core_gatewa_user_id_639afe_idx",
+                    ),
+                ],
+            },
+        ),
+    ]