Improve security

2026-03-07 15:34:23 +00:00
parent add685a326
commit 611de57bf8
31 changed files with 3617 additions and 58 deletions
--- a/core/models.py
+++ b/core/models.py
@@ -2100,6 +2100,76 @@ class CommandRun(models.Model):
        indexes = [models.Index(fields=["user", "status", "updated_at"])]


+class CommandSecurityPolicy(models.Model):
+    user = models.ForeignKey(
+        User,
+        on_delete=models.CASCADE,
+        related_name="command_security_policies",
+    )
+    scope_key = models.CharField(max_length=64, default="gateway.tasks")
+    enabled = models.BooleanField(default=True)
+    require_omemo = models.BooleanField(default=False)
+    require_trusted_omemo_fingerprint = models.BooleanField(default=False)
+    allowed_services = models.JSONField(default=list, blank=True)
+    allowed_channels = models.JSONField(default=dict, blank=True)
+    settings = models.JSONField(default=dict, blank=True)
+    created_at = models.DateTimeField(auto_now_add=True)
+    updated_at = models.DateTimeField(auto_now=True)
+
+    class Meta:
+        constraints = [
+            models.UniqueConstraint(
+                fields=["user", "scope_key"],
+                name="unique_command_security_policy_per_scope",
+            )
+        ]
+        indexes = [
+            models.Index(fields=["user", "scope_key"]),
+            models.Index(fields=["user", "enabled", "updated_at"]),
+        ]
+
+
+class GatewayCommandEvent(models.Model):
+    STATUS_CHOICES = (
+        ("pending", "Pending"),
+        ("blocked", "Blocked"),
+        ("ok", "OK"),
+        ("failed", "Failed"),
+        ("ignored", "Ignored"),
+    )
+
+    user = models.ForeignKey(
+        User,
+        on_delete=models.CASCADE,
+        related_name="gateway_command_events",
+    )
+    source_message = models.ForeignKey(
+        Message,
+        on_delete=models.SET_NULL,
+        null=True,
+        blank=True,
+        related_name="gateway_command_events",
+    )
+    service = models.CharField(max_length=255, choices=CHANNEL_SERVICE_CHOICES)
+    channel_identifier = models.CharField(max_length=255, blank=True, default="")
+    sender_identifier = models.CharField(max_length=255, blank=True, default="")
+    scope_key = models.CharField(max_length=64, blank=True, default="")
+    command_name = models.CharField(max_length=64, blank=True, default="")
+    command_text = models.TextField(blank=True, default="")
+    status = models.CharField(max_length=32, choices=STATUS_CHOICES, default="pending")
+    error = models.TextField(blank=True, default="")
+    request_meta = models.JSONField(default=dict, blank=True)
+    response_meta = models.JSONField(default=dict, blank=True)
+    created_at = models.DateTimeField(auto_now_add=True)
+    updated_at = models.DateTimeField(auto_now=True)
+
+    class Meta:
+        indexes = [
+            models.Index(fields=["user", "scope_key", "created_at"]),
+            models.Index(fields=["user", "status", "created_at"]),
+        ]
+
+
 class TranslationBridge(models.Model):
    DIRECTION_CHOICES = (
        ("a_to_b", "A To B"),
@@ -2815,6 +2885,46 @@ class ExternalChatLink(models.Model):
        ]


+class UserXmppOmemoState(models.Model):
+    STATUS_CHOICES = (
+        ("pending", "Pending"),
+        ("detected", "Detected"),
+        ("no_omemo", "No OMEMO"),
+        ("error", "Error"),
+    )
+
+    user = models.OneToOneField(
+        User,
+        on_delete=models.CASCADE,
+        related_name="xmpp_omemo_state",
+    )
+    status = models.CharField(max_length=32, choices=STATUS_CHOICES, default="pending")
+    latest_client_key = models.CharField(max_length=255, blank=True, default="")
+    last_sender_jid = models.CharField(max_length=255, blank=True, default="")
+    last_target_jid = models.CharField(max_length=255, blank=True, default="")
+    status_reason = models.TextField(blank=True, default="")
+    details = models.JSONField(blank=True, default=dict)
+    last_seen_at = models.DateTimeField(blank=True, null=True)
+    created_at = models.DateTimeField(auto_now_add=True)
+    updated_at = models.DateTimeField(auto_now=True)
+
+    class Meta:
+        indexes = [
+            models.Index(fields=["status", "updated_at"], name="core_userxm_status_133ead_idx"),
+        ]
+
+
+class UserXmppSecuritySettings(models.Model):
+    user = models.OneToOneField(
+        User,
+        on_delete=models.CASCADE,
+        related_name="xmpp_security_settings",
+    )
+    require_omemo = models.BooleanField(default=False)
+    created_at = models.DateTimeField(auto_now_add=True)
+    updated_at = models.DateTimeField(auto_now=True)
+
+
 class TaskCompletionPattern(models.Model):
    id = models.UUIDField(primary_key=True, default=uuid.uuid4, editable=False)
    user = models.ForeignKey(User, on_delete=models.CASCADE, related_name="task_completion_patterns")