Authenticated media : makes usage of API when server supports it

Author: ganfra

matrix-sdk-android/src/main/java/org/matrix/android/sdk/api/session/Session.kt

@@ -296,6 +296,11 @@ interface Session {
      */
     fun getOkHttpClient(): OkHttpClient
 
+    /**
+     * Same as [getOkHttpClient] but will add the access token to the request.
+     */
+    fun getAuthenticatedOkHttpClient(): OkHttpClient
+
     /**
      * A global session listener to get notified for some events.
      */

matrix-sdk-android/src/main/java/org/matrix/android/sdk/api/session/content/ContentUrlResolver.kt

@@ -61,6 +61,8 @@ interface ContentUrlResolver {
      */
     fun resolveThumbnail(contentUrl: String?, width: Int, height: Int, method: ThumbnailMethod): String?
 
+    fun requiresAuthentication(resolvedUrl: String): Boolean
+
     sealed class ResolvedMethod {
         data class GET(val url: String) : ResolvedMethod()
         data class POST(val url: String, val jsonBody: String) : ResolvedMethod()

matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/auth/login/DefaultLoginWizard.kt

@@ -35,6 +35,7 @@ import org.matrix.android.sdk.internal.auth.registration.RegisterAddThreePidTask
 import org.matrix.android.sdk.internal.network.executeRequest
 import org.matrix.android.sdk.internal.session.content.DefaultContentUrlResolver
 import org.matrix.android.sdk.internal.session.contentscanner.DisabledContentScannerService
+import org.matrix.android.sdk.internal.session.media.IsAuthenticatedMediaSupported
 
 internal class DefaultLoginWizard(
         private val authAPI: AuthAPI,
@@ -45,8 +46,14 @@ internal class DefaultLoginWizard(
     private var pendingSessionData: PendingSessionData = pendingSessionStore.getPendingSessionData() ?: error("Pending session data should exist here")
 
     private val getProfileTask: GetProfileTask = DefaultGetProfileTask(
-            authAPI,
-            DefaultContentUrlResolver(pendingSessionData.homeServerConnectionConfig, DisabledContentScannerService())
+            authAPI = authAPI,
+            contentUrlResolver = DefaultContentUrlResolver(
+                    homeServerConnectionConfig = pendingSessionData.homeServerConnectionConfig,
+                    scannerService = DisabledContentScannerService(),
+                    isAuthenticatedMediaSupported = object : IsAuthenticatedMediaSupported {
+                        override fun invoke() = false
+                    }
+            )
     )
 
     override suspend fun getProfileInfo(matrixId: String): LoginProfileInfo {

matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/network/AccessTokenInterceptor.kt

@@ -18,6 +18,7 @@ package org.matrix.android.sdk.internal.network
 
 import okhttp3.Interceptor
 import okhttp3.Response
+import org.matrix.android.sdk.internal.network.httpclient.addAuthenticationHeader
 import org.matrix.android.sdk.internal.network.token.AccessTokenProvider
 
 internal class AccessTokenInterceptor(private val accessTokenProvider: AccessTokenProvider) : Interceptor {
@@ -28,7 +29,7 @@ internal class AccessTokenInterceptor(private val accessTokenProvider: AccessTok
         // Add the access token to all requests if it is set
         accessTokenProvider.getToken()?.let { token ->
             val newRequestBuilder = request.newBuilder()
-            newRequestBuilder.header(HttpHeaders.Authorization, "Bearer $token")
+            newRequestBuilder.addAuthenticationHeader(token)
             request = newRequestBuilder.build()
         }
 

matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/network/httpclient/OkHttpClientUtil.kt

@@ -17,9 +17,11 @@
 package org.matrix.android.sdk.internal.network.httpclient
 
 import okhttp3.OkHttpClient
+import okhttp3.Request
 import org.matrix.android.sdk.api.MatrixConfiguration
 import org.matrix.android.sdk.api.auth.data.HomeServerConnectionConfig
 import org.matrix.android.sdk.internal.network.AccessTokenInterceptor
+import org.matrix.android.sdk.internal.network.HttpHeaders
 import org.matrix.android.sdk.internal.network.interceptors.CurlLoggingInterceptor
 import org.matrix.android.sdk.internal.network.ssl.CertUtil
 import org.matrix.android.sdk.internal.network.token.AccessTokenProvider
@@ -66,3 +68,10 @@ internal fun OkHttpClient.Builder.applyMatrixConfiguration(matrixConfiguration:
 
     return this
 }
+
+fun Request.Builder.addAuthenticationHeader(accessToken: String?): Request.Builder {
+    if (accessToken != null) {
+        header(HttpHeaders.Authorization, "Bearer $accessToken")
+    }
+    return this
+}

matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/session/DefaultFileService.kt

@@ -34,8 +34,11 @@ import org.matrix.android.sdk.api.session.crypto.attachments.ElementToDecrypt
 import org.matrix.android.sdk.api.session.file.FileService
 import org.matrix.android.sdk.api.util.md5
 import org.matrix.android.sdk.internal.crypto.attachments.MXEncryptedAttachments
+import org.matrix.android.sdk.internal.di.Authenticated
 import org.matrix.android.sdk.internal.di.SessionDownloadsDirectory
 import org.matrix.android.sdk.internal.di.UnauthenticatedWithCertificateWithProgress
+import org.matrix.android.sdk.internal.network.httpclient.addAuthenticationHeader
+import org.matrix.android.sdk.internal.network.token.AccessTokenProvider
 import org.matrix.android.sdk.internal.session.download.DownloadProgressInterceptor.Companion.DOWNLOAD_PROGRESS_INTERCEPTOR_HEADER
 import org.matrix.android.sdk.internal.util.file.AtomicFileCreator
 import org.matrix.android.sdk.internal.util.time.Clock
@@ -54,6 +57,7 @@ internal class DefaultFileService @Inject constructor(
         private val okHttpClient: OkHttpClient,
         private val coroutineDispatchers: MatrixCoroutineDispatchers,
         private val clock: Clock,
+        @Authenticated private val accessTokenProvider: AccessTokenProvider,
 ) : FileService {
 
     // Legacy folder, will be deleted
@@ -124,21 +128,26 @@ internal class DefaultFileService @Inject constructor(
                 val cachedFiles = getFiles(url, fileName, mimeType, elementToDecrypt != null)
 
                 if (!cachedFiles.file.exists()) {
-                    val resolvedUrl = contentUrlResolver.resolveForDownload(url, elementToDecrypt) ?: throw IllegalArgumentException("url is null")
+                    val resolvedMethod = contentUrlResolver.resolveForDownload(url, elementToDecrypt) ?: throw IllegalArgumentException("url is null")
 
-                    val request = when (resolvedUrl) {
+                    val request = when (resolvedMethod) {
                         is ContentUrlResolver.ResolvedMethod.GET -> {
-                            Request.Builder()
-                                    .url(resolvedUrl.url)
+                            val requestBuilder = Request.Builder()
+                                    .url(resolvedMethod.url)
                                     .header(DOWNLOAD_PROGRESS_INTERCEPTOR_HEADER, url)
-                                    .build()
+
+                            if (contentUrlResolver.requiresAuthentication(resolvedMethod.url)) {
+                                val accessToken = accessTokenProvider.getToken()
+                                requestBuilder.addAuthenticationHeader(accessToken)
+                            }
+                            requestBuilder.build()
                         }
 
                         is ContentUrlResolver.ResolvedMethod.POST -> {
                             Request.Builder()
-                                    .url(resolvedUrl.url)
+                                    .url(resolvedMethod.url)
                                     .header(DOWNLOAD_PROGRESS_INTERCEPTOR_HEADER, url)
-                                    .post(resolvedUrl.jsonBody.toRequestBody("application/json".toMediaType()))
+                                    .post(resolvedMethod.jsonBody.toRequestBody("application/json".toMediaType()))
                                     .build()
                         }
                     }

matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/session/DefaultSession.kt

@@ -67,6 +67,7 @@ import org.matrix.android.sdk.api.util.appendParamToUrl
 import org.matrix.android.sdk.internal.auth.SSO_UIA_FALLBACK_PATH
 import org.matrix.android.sdk.internal.auth.SessionParamsStore
 import org.matrix.android.sdk.internal.database.tools.RealmDebugTools
+import org.matrix.android.sdk.internal.di.Authenticated
 import org.matrix.android.sdk.internal.di.ContentScannerDatabase
 import org.matrix.android.sdk.internal.di.CryptoDatabase
 import org.matrix.android.sdk.internal.di.IdentityDatabase
@@ -131,6 +132,8 @@ internal class DefaultSession @Inject constructor(
         private val eventStreamService: Lazy<EventStreamService>,
         @UnauthenticatedWithCertificate
         private val unauthenticatedWithCertificateOkHttpClient: Lazy<OkHttpClient>,
+        @Authenticated
+        private val authenticatedOkHttpClient: Lazy<OkHttpClient>,
         private val sessionState: SessionState,
 ) : Session,
         GlobalErrorHandler.Listener {
@@ -234,6 +237,10 @@ internal class DefaultSession @Inject constructor(
         return unauthenticatedWithCertificateOkHttpClient.get()
     }
 
+    override fun getAuthenticatedOkHttpClient(): OkHttpClient {
+        return authenticatedOkHttpClient.get()
+    }
+
     override fun addListener(listener: Session.Listener) {
         sessionListeners.addListener(listener)
     }

matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/session/content/DefaultContentUrlResolver.kt

@@ -25,16 +25,18 @@ import org.matrix.android.sdk.api.session.crypto.attachments.ElementToDecrypt
 import org.matrix.android.sdk.internal.network.NetworkConstants
 import org.matrix.android.sdk.internal.session.contentscanner.ScanEncryptorUtils
 import org.matrix.android.sdk.internal.session.contentscanner.model.toJson
+import org.matrix.android.sdk.internal.session.media.IsAuthenticatedMediaSupported
 import org.matrix.android.sdk.internal.util.ensureTrailingSlash
 import javax.inject.Inject
 
 internal class DefaultContentUrlResolver @Inject constructor(
         homeServerConnectionConfig: HomeServerConnectionConfig,
-        private val scannerService: ContentScannerService
+        private val scannerService: ContentScannerService,
+        private val isAuthenticatedMediaSupported: IsAuthenticatedMediaSupported,
 ) : ContentUrlResolver {
 
     private val baseUrl = homeServerConnectionConfig.homeServerUriBase.toString().ensureTrailingSlash()
-
+    private val authenticatedMediaApiPath = baseUrl + NetworkConstants.URI_API_PREFIX_PATH_V1 + "media/"
     override val uploadUrl = baseUrl + NetworkConstants.URI_API_MEDIA_PREFIX_PATH_R0 + "upload"
 
     override fun resolveForDownload(contentUrl: String?, elementToDecrypt: ElementToDecrypt?): ContentUrlResolver.ResolvedMethod? {
@@ -80,15 +82,20 @@ internal class DefaultContentUrlResolver @Inject constructor(
                 }
     }
 
+    override fun requiresAuthentication(resolvedUrl: String): Boolean {
+        return resolvedUrl.startsWith(authenticatedMediaApiPath)
+    }
+
     private fun resolve(
             contentUrl: String,
             toThumbnail: Boolean,
             params: String = ""
     ): String {
         var serverAndMediaId = contentUrl.removeMxcPrefix()
-
         val apiPath = if (scannerService.isScannerEnabled()) {
             NetworkConstants.URI_API_PREFIX_PATH_MEDIA_PROXY_UNSTABLE
+        } else if (isAuthenticatedMediaSupported()) {
+            NetworkConstants.URI_API_PREFIX_PATH_V1 + "media/"
         } else {
             NetworkConstants.URI_API_MEDIA_PREFIX_PATH_R0
         }

matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/session/homeserver/GetHomeServerCapabilitiesTask.kt

@@ -40,7 +40,8 @@ import org.matrix.android.sdk.internal.network.GlobalErrorReceiver
 import org.matrix.android.sdk.internal.network.executeRequest
 import org.matrix.android.sdk.internal.session.integrationmanager.IntegrationManagerConfigExtractor
 import org.matrix.android.sdk.internal.session.media.GetMediaConfigResult
-import org.matrix.android.sdk.internal.session.media.MediaAPI
+import org.matrix.android.sdk.internal.session.media.MediaAPIProvider
+import org.matrix.android.sdk.internal.session.media.UnauthenticatedMediaAPI
 import org.matrix.android.sdk.internal.task.Task
 import org.matrix.android.sdk.internal.util.awaitTransaction
 import org.matrix.android.sdk.internal.wellknown.GetWellknownTask
@@ -56,7 +57,7 @@ internal interface GetHomeServerCapabilitiesTask : Task<GetHomeServerCapabilitie
 
 internal class DefaultGetHomeServerCapabilitiesTask @Inject constructor(
         private val capabilitiesAPI: CapabilitiesAPI,
-        private val mediaAPI: MediaAPI,
+        private val mediaAPIProvider: MediaAPIProvider,
         @SessionDatabase private val monarchy: Monarchy,
         private val globalErrorReceiver: GlobalErrorReceiver,
         private val getWellknownTask: GetWellknownTask,
@@ -71,7 +72,6 @@ internal class DefaultGetHomeServerCapabilitiesTask @Inject constructor(
         if (!doRequest) {
             monarchy.awaitTransaction { realm ->
                 val homeServerCapabilitiesEntity = HomeServerCapabilitiesEntity.getOrCreate(realm)
-
                 doRequest = homeServerCapabilitiesEntity.lastUpdatedTimestamp + MIN_DELAY_BETWEEN_TWO_REQUEST_MILLIS < Date().time
             }
         }
@@ -88,7 +88,7 @@ internal class DefaultGetHomeServerCapabilitiesTask @Inject constructor(
 
         val mediaConfig = runCatching {
             executeRequest(globalErrorReceiver) {
-                mediaAPI.getMediaConfig()
+                mediaAPIProvider.getMediaAPI().getMediaConfig()
             }
         }.getOrNull()
 

matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/session/media/AuthenticatedMediaAPI.kt

@@ -0,0 +1,45 @@
+/*
+ * Copyright (c) 2024 New Vector Ltd
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.matrix.android.sdk.internal.session.media
+
+import org.matrix.android.sdk.api.util.JsonDict
+import org.matrix.android.sdk.internal.network.NetworkConstants
+import retrofit2.http.GET
+import retrofit2.http.Query
+
+/**
+ * Implementation of the media repository API using the new Authenticated media API.
+ */
+internal interface AuthenticatedMediaAPI : MediaAPI {
+    /**
+     * Retrieve the configuration of the content repository
+     * Ref: https://spec.matrix.org/v1.11/client-server-api/#get_matrixclientv1mediaconfig
+     */
+    @GET(NetworkConstants.URI_API_PREFIX_PATH_V1 + "media/config")
+    override suspend fun getMediaConfig(): GetMediaConfigResult
+
+    /**
+     * Get information about a URL for the client. Typically this is called when a client
+     * sees a URL in a message and wants to render a preview for the user.
+     * Ref: https://spec.matrix.org/v1.11/client-server-api/#get_matrixclientv1mediapreview_url
+     * @param url Required. The URL to get a preview of.
+     * @param ts The preferred point in time to return a preview for. The server may return a newer version
+     * if it does not have the requested version available.
+     */
+    @GET(NetworkConstants.URI_API_PREFIX_PATH_V1 + "media/preview_url")
+    override suspend fun getPreviewUrlData(@Query("url") url: String, @Query("ts") ts: Long?): JsonDict
+}