Merge pull request 'Enable per-contact file sharing permissions' (#554) from ep into master

Reviewed-on: #554
Reviewed-by: Dan Ballard <dan@openprivacy.ca>

.drone.yml

@@ -5,27 +5,29 @@ name: linux-test
 
 steps:
   - name: fetch
-    image: golang:1.19.1
+    image: golang:1.21.5
     volumes:
       - name: deps
         path: /go
     commands:
       - go install honnef.co/go/tools/cmd/staticcheck@latest
-      - wget https://git.openprivacy.ca/openprivacy/buildfiles/raw/master/tor/tor
-      - wget https://git.openprivacy.ca/openprivacy/buildfiles/raw/master/tor/torrc
-      - chmod a+x tor
-      - go get -u golang.org/x/lint/golint
+      - go install go.uber.org/nilaway/cmd/nilaway@latest
+      - wget https://git.openprivacy.ca/openprivacy/buildfiles/raw/branch/master/tor/tor-0.4.8.9-linux-x86_64.tar.gz -O tor.tar.gz
+      - tar -xzf tor.tar.gz
+      - chmod a+x Tor/tor
+      - export PATH=$PWD/Tor/:$PATH
+      - export LD_LIBRARY_PATH=$PWD/Tor/
+      - tor --version
       - export GO111MODULE=on
-      - go mod vendor
   - name: quality
-    image: golang:1.19.1
+    image: golang:1.21.5
     volumes:
       - name: deps
         path: /go
     commands:
-      - staticcheck ./...
+      - ./testing/quality.sh
   - name: units-tests
-    image: golang:1.19.1
+    image: golang:1.21.5
     volumes:
       - name: deps
         path: /go
@@ -33,28 +35,32 @@ steps:
       - export PATH=`pwd`:$PATH
       - sh testing/tests.sh
   - name: integ-test
-    image: golang:1.19.1
+    image: golang:1.21.5
     volumes:
       - name: deps
         path: /go
     commands:
-      - export PATH=`pwd`:$PATH
+      - export PATH=$PWD/Tor/:$PATH
+      - export LD_LIBRARY_PATH=$PWD/Tor/
+      - tor --version
       - go test -timeout=30m -race -v cwtch.im/cwtch/testing/
   - name: filesharing-integ-test
-    image: golang:1.19.1
+    image: golang:1.21.5
     volumes:
       - name: deps
         path: /go
     commands:
-      - export PATH=`pwd`:$PATH
+      - export PATH=$PWD/Tor/:$PATH
+      - export LD_LIBRARY_PATH=$PWD/Tor/
       - go test -timeout=20m -race -v cwtch.im/cwtch/testing/filesharing
   - name: filesharing-autodownload-integ-test
-    image: golang:1.19.1
+    image: golang:1.21.5
     volumes:
       - name: deps
         path: /go
     commands:
-      - export PATH=`pwd`:$PATH
+      - export PATH=$PWD/Tor/:$PATH
+      - export LD_LIBRARY_PATH=$PWD/Tor/
       - go test -timeout=20m -race -v cwtch.im/cwtch/testing/autodownload
   - name: notify-gogs
     image: openpriv/drone-gogs

.gitignore

@@ -33,4 +33,6 @@ data-dir-cwtchtool/
 tokens
 tordir/
 testing/autodownload/download_dir
-testing/autodownload/storage
+testing/autodownload/storage
+*.swp
+testing/managerstorage/*

app/app.go

@@ -63,7 +63,7 @@ type Application interface {
 	QueryACNStatus()
 	QueryACNVersion()
 
-	ActivateEngines(doListn, doPeers, doServers bool)
+	ConfigureConnections(onion string, doListn, doPeers, doServers bool)
 	ActivatePeerEngine(onion string)
 	DeactivatePeerEngine(onion string)
 
@@ -217,7 +217,7 @@ func (app *application) setupPeer(profile peer.CwtchPeer) {
 
 	// Initialize the Peer with the Given Event Bus
 	app.peers[profile.GetOnion()] = profile
-	profile.Init(app.eventBuses[profile.GetOnion()])
+	profile.Init(eventBus)
 
 	// Update the Peer with the Most Recent Experiment State...
 	globalSettings := app.settings.ReadGlobalSettings()
@@ -259,7 +259,8 @@ func (app *application) DeleteProfile(onion string, password string) {
 	defer app.appmutex.Unlock()
 
 	// short circuit to prevent nil-pointer panic if this function is called twice (or incorrectly)
-	if app.peers[onion] == nil {
+	peer := app.peers[onion]
+	if peer == nil {
 		log.Errorf("shutdownPeer called with invalid onion %v", onion)
 		return
 	}
@@ -269,11 +270,11 @@ func (app *application) DeleteProfile(onion string, password string) {
 		password = DefactoPasswordForUnencryptedProfiles
 	}
 
-	if app.peers[onion].CheckPassword(password) {
+	if peer.CheckPassword(password) {
 		// soft-shutdown
-		app.peers[onion].Shutdown()
+		peer.Shutdown()
 		// delete the underlying storage
-		app.peers[onion].Delete()
+		peer.Delete()
 		// hard shutdown / remove from app
 		app.shutdownPeer(onion)
 
@@ -341,6 +342,7 @@ func (app *application) LoadProfiles(password string) {
 			cps, err := peer.CreateEncryptedStore(profileDirectory, password)
 			if err != nil {
 				log.Errorf("error creating encrypted store: %v", err)
+				continue
 			}
 			profile := peer.ImportLegacyProfile(legacyProfile, cps)
 			loaded = app.installProfile(profile)
@@ -361,6 +363,7 @@ func (app *application) LoadProfiles(password string) {
 func (app *application) registerHooks(profile peer.CwtchPeer) {
 	// Register Hooks
 	profile.RegisterHook(extensions.ProfileValueExtension{})
+	profile.RegisterHook(extensions.SendWhenOnlineExtension{})
 	profile.RegisterHook(new(filesharing.Functionality))
 	profile.RegisterHook(new(filesharing.ImagePreviewsFunctionality))
 	profile.RegisterHook(new(servers.Functionality))
@@ -385,45 +388,57 @@ func (app *application) installProfile(profile peer.CwtchPeer) bool {
 	return false
 }
 
-// ActivateEngines launches all peer engines
-func (app *application) ActivateEngines(doListen, doPeers, doServers bool) {
-	log.Debugf("ActivateEngines")
-
-	for _, profile := range app.peers {
-		app.engines[profile.GetOnion()], _ = profile.GenerateProtocolEngine(app.acn, app.eventBuses[profile.GetOnion()], app.engineHooks)
-		app.eventBuses[profile.GetOnion()].Publish(event.NewEventList(event.ProtocolEngineCreated))
-	}
-	app.QueryACNStatus()
-
-	if doListen {
-		for _, profile := range app.peers {
-			log.Debugf("  Listen for %v", profile.GetOnion())
-			profile.Listen()
-		}
-	}
-
-	if doPeers || doServers {
-		for _, profile := range app.peers {
-			log.Debugf("  Start Connections for %v doPeers:%v doServers:%v", profile.GetOnion(), doPeers, doServers)
-			profile.StartConnections(doPeers, doServers)
-		}
-	}
-}
-
 // ActivatePeerEngine creates a peer engine for use with an ACN, should be called once the underlying ACN is online
 func (app *application) ActivatePeerEngine(onion string) {
 	profile := app.GetPeer(onion)
 	if profile != nil {
 		if _, exists := app.engines[onion]; !exists {
-			log.Debugf("restartFlow: Creating a New Protocol Engine...")
-			app.engines[profile.GetOnion()], _ = profile.GenerateProtocolEngine(app.acn, app.eventBuses[profile.GetOnion()], app.engineHooks)
-			app.eventBuses[profile.GetOnion()].Publish(event.NewEventList(event.ProtocolEngineCreated))
-			app.QueryACNStatus()
-			if true {
+			eventBus, exists := app.eventBuses[profile.GetOnion()]
+
+			if !exists {
+				// todo handle this case?
+				log.Errorf("cannot activate peer engine without an event bus")
+				return
+			}
+
+			engine, err := profile.GenerateProtocolEngine(app.acn, eventBus, app.engineHooks)
+			if err == nil {
+				log.Debugf("restartFlow: Creating a New Protocol Engine...")
+				app.engines[profile.GetOnion()] = engine
+				eventBus.Publish(event.NewEventList(event.ProtocolEngineCreated))
+				app.QueryACNStatus()
+			} else {
+				log.Errorf("corrupted profile detected for %v", onion)
+			}
+		}
+	}
+}
+
+// ConfigureConnections autostarts the given kinds of connections.
+func (app *application) ConfigureConnections(onion string, listen bool, peers bool, servers bool) {
+	profile := app.GetPeer(onion)
+	if profile != nil {
+
+		profileBus, exists := app.eventBuses[profile.GetOnion()]
+		if exists {
+			// if we are making a decision to ignore
+			if !peers || !servers {
+				profileBus.Publish(event.NewEventList(event.PurgeRetries))
+			}
+
+			// enable the engine if it doesn't exist...
+			// note: this function is idempotent
+			app.ActivatePeerEngine(onion)
+			if listen {
 				profile.Listen()
 			}
-			profile.StartConnections(true, true)
+
+			profileBus.Publish(event.NewEventList(event.ResumeRetries))
+			// do this in the background, for large contact lists it can take a long time...
+			go profile.StartConnections(peers, servers)
 		}
+	} else {
+		log.Errorf("profile does not exist %v", onion)
 	}
 }
 
@@ -494,9 +509,17 @@ func (app *application) eventHandler() {
 						profile := app.GetPeer(onion)
 						if profile != nil {
 							autostart, exists := profile.GetScopedZonedAttribute(attr.LocalScope, attr.ProfileZone, constants.PeerAutostart)
+							appearOffline, appearOfflineExists := profile.GetScopedZonedAttribute(attr.LocalScope, attr.ProfileZone, constants.PeerAppearOffline)
 							if !exists || autostart == "true" {
-								app.ActivatePeerEngine(onion)
+								if appearOfflineExists && appearOffline == "true" {
+									// don't configure any connections...
+									log.Infof("peer appearing offline, not launching listen threads or connecting jobs")
+									app.ConfigureConnections(onion, false, false, false)
+								} else {
+									app.ConfigureConnections(onion, true, true, true)
+								}
 							}
+
 						}
 					}
 				}
@@ -528,21 +551,26 @@ func (app *application) ShutdownPeer(onion string) {
 }
 
 // shutdownPeer mutex unlocked helper shutdown peer
+//
+//nolint:nilaway
 func (app *application) shutdownPeer(onion string) {
 
 	// short circuit to prevent nil-pointer panic if this function is called twice (or incorrectly)
-	if app.eventBuses[onion] == nil || app.peers[onion] == nil {
+	onionEventBus := app.eventBuses[onion]
+	onionPeer := app.peers[onion]
+	if onionEventBus == nil || onionPeer == nil {
 		log.Errorf("shutdownPeer called with invalid onion %v", onion)
 		return
 	}
+	// we are an internal locked method, app.eventBuses[onion] cannot fail...
+	onionEventBus.Publish(event.NewEventList(event.ShutdownPeer, event.Identity, onion))
+	onionEventBus.Shutdown()
 
-	app.eventBuses[onion].Publish(event.NewEventList(event.ShutdownPeer, event.Identity, onion))
-	app.eventBuses[onion].Shutdown()
 	delete(app.eventBuses, onion)
-	app.peers[onion].Shutdown()
+	onionPeer.Shutdown()
 	delete(app.peers, onion)
-	if _, ok := app.engines[onion]; ok {
-		app.engines[onion].Shutdown()
+	if onionEngine, ok := app.engines[onion]; ok {
+		onionEngine.Shutdown()
 		delete(app.engines, onion)
 	}
 	log.Debugf("shutting down plugins for %v", onion)

app/plugins/contactRetry.go

@@ -3,6 +3,7 @@ package plugins
 import (
 	"cwtch.im/cwtch/event"
 	"cwtch.im/cwtch/protocol/connections"
+	"git.openprivacy.ca/openprivacy/connectivity/tor"
 	"git.openprivacy.ca/openprivacy/log"
 	"math"
 	"strconv"
@@ -120,14 +121,16 @@ type contactRetry struct {
 	lastCheck      time.Time
 	acnProgress    int
 
-	connections   sync.Map //[string]*contact
-	pendingQueue  *connectionQueue
-	priorityQueue *connectionQueue
+	connections     sync.Map //[string]*contact
+	pendingQueue    *connectionQueue
+	priorityQueue   *connectionQueue
+	authorizedPeers sync.Map
+	stallRetries    bool
 }
 
 // NewConnectionRetry returns a Plugin that when started will retry connecting to contacts with a failedCount timing
 func NewConnectionRetry(bus event.Manager, onion string) Plugin {
-	cr := &contactRetry{bus: bus, queue: event.NewQueue(), breakChan: make(chan bool, 1), connections: sync.Map{}, ACNUp: false, ACNUpTime: time.Now(), protocolEngine: false, onion: onion, pendingQueue: newConnectionQueue(), priorityQueue: newConnectionQueue()}
+	cr := &contactRetry{bus: bus, queue: event.NewQueue(), breakChan: make(chan bool, 1), authorizedPeers: sync.Map{}, connections: sync.Map{}, stallRetries: true, ACNUp: false, ACNUpTime: time.Now(), protocolEngine: false, onion: onion, pendingQueue: newConnectionQueue(), priorityQueue: newConnectionQueue()}
 	return cr
 }
 
@@ -175,13 +178,18 @@ func (cr *contactRetry) run() {
 	cr.bus.Subscribe(event.ServerStateChange, cr.queue)
 	cr.bus.Subscribe(event.QueuePeerRequest, cr.queue)
 	cr.bus.Subscribe(event.QueueJoinServer, cr.queue)
+	cr.bus.Subscribe(event.DisconnectPeerRequest, cr.queue)
+	cr.bus.Subscribe(event.DisconnectServerRequest, cr.queue)
 	cr.bus.Subscribe(event.ProtocolEngineShutdown, cr.queue)
 	cr.bus.Subscribe(event.ProtocolEngineCreated, cr.queue)
-
+	cr.bus.Subscribe(event.DeleteContact, cr.queue)
+	cr.bus.Subscribe(event.UpdateConversationAuthorization, cr.queue)
+	cr.bus.Subscribe(event.PurgeRetries, cr.queue)
+	cr.bus.Subscribe(event.ResumeRetries, cr.queue)
 	for {
 		// Only attempt connection if both the ACN and the Protocol Engines are Online...
 		log.Debugf("restartFlow checking state")
-		if cr.ACNUp && cr.protocolEngine {
+		if cr.ACNUp && cr.protocolEngine && !cr.stallRetries {
 			log.Debugf("restartFlow time to queue!!")
 			cr.requeueReady()
 			connectingCount := cr.connectingCount()
@@ -226,16 +234,53 @@ func (cr *contactRetry) run() {
 		select {
 		case e := <-cr.queue.OutChan():
 			switch e.EventType {
+			case event.PurgeRetries:
+				// Purge All Authorized Peers
+				cr.authorizedPeers.Range(func(key interface{}, value interface{}) bool {
+					cr.authorizedPeers.Delete(key)
+					return true
+				})
+				// Purge All Connection States
+				cr.connections.Range(func(key interface{}, value interface{}) bool {
+					cr.connections.Delete(key)
+					return true
+				})
+			case event.ResumeRetries:
+				log.Infof("resuming retries...")
+				cr.stallRetries = false
+			case event.DisconnectPeerRequest:
+				peer := e.Data[event.RemotePeer]
+				cr.authorizedPeers.Delete(peer)
+			case event.DisconnectServerRequest:
+				peer := e.Data[event.GroupServer]
+				cr.authorizedPeers.Delete(peer)
+			case event.DeleteContact:
+				// this case covers both servers and peers (servers are peers, and go through the
+				// same delete conversation flow)
+				peer := e.Data[event.RemotePeer]
+				cr.authorizedPeers.Delete(peer)
+			case event.UpdateConversationAuthorization:
+				// if we update the conversation authorization then we need to check if
+				// we need to remove blocked conversations from the regular flow.
+				peer := e.Data[event.RemotePeer]
+				blocked := e.Data[event.Blocked]
+				if blocked == "true" {
+					cr.authorizedPeers.Delete(peer)
+				}
 			case event.PeerStateChange:
 				state := connections.ConnectionStateToType()[e.Data[event.ConnectionState]]
 				peer := e.Data[event.RemotePeer]
-				cr.handleEvent(peer, state, peerConn)
-
+				// only handle state change events from pre-authorized peers;
+				if _, exists := cr.authorizedPeers.Load(peer); exists {
+					cr.handleEvent(peer, state, peerConn)
+				}
 			case event.ServerStateChange:
 				state := connections.ConnectionStateToType()[e.Data[event.ConnectionState]]
 				server := e.Data[event.GroupServer]
-				cr.handleEvent(server, state, serverConn)
-
+				// only handle state change events from pre-authorized servers;
+				if _, exists := cr.authorizedPeers.Load(server); exists {
+					cr.handleEvent(server, state, serverConn)
+				}
 			case event.QueueJoinServer:
 				fallthrough
 			case event.QueuePeerRequest:
@@ -252,11 +297,12 @@ func (cr *contactRetry) run() {
 					id = server
 					cr.addConnection(server, connections.DISCONNECTED, serverConn, lastSeen)
 				}
-
+				// this was an authorized event, and so we store this peer.
+				log.Debugf("authorizing id: %v", id)
+				cr.authorizedPeers.Store(id, true)
 				if c, ok := cr.connections.Load(id); ok {
 					contact := c.(*contact)
-					if contact.state == connections.DISCONNECTED && !contact.queued {
-
+					if contact.state == connections.DISCONNECTED {
 						// prioritize connections made in the last week
 						if time.Since(contact.lastSeen).Hours() < PriorityQueueTimeSinceQualifierHours {
 							cr.priorityQueue.insert(contact)
@@ -269,7 +315,7 @@ func (cr *contactRetry) run() {
 			case event.ProtocolEngineShutdown:
 				cr.ACNUp = false
 				cr.protocolEngine = false
-
+				cr.stallRetries = true
 				cr.connections.Range(func(k, v interface{}) bool {
 					p := v.(*contact)
 					if p.state == connections.AUTHENTICATED || p.state == connections.SYNCED {
@@ -319,14 +365,17 @@ func (cr *contactRetry) processStatus() {
 		// Loop through connections. Reset state, and requeue...
 		cr.connections.Range(func(k, v interface{}) bool {
 			p := v.(*contact)
-			p.queued = true
 
-			// prioritize connections made recently...
-			log.Debugf("adding %v to queue", p.id)
-			if time.Since(p.lastSeen).Hours() < PriorityQueueTimeSinceQualifierHours {
-				cr.priorityQueue.insert(p)
-			} else {
-				cr.pendingQueue.insert(p)
+			// only reload connections if they are on the authorized peers list
+			if _, exists := cr.authorizedPeers.Load(p.id); exists {
+				p.queued = true
+				// prioritize connections made recently...
+				log.Debugf("adding %v to queue", p.id)
+				if time.Since(p.lastSeen).Hours() < PriorityQueueTimeSinceQualifierHours {
+					cr.priorityQueue.insert(p)
+				} else {
+					cr.pendingQueue.insert(p)
+				}
 			}
 
 			return true
@@ -367,10 +416,14 @@ func (cr *contactRetry) requeueReady() {
 
 	cr.connections.Range(func(k, v interface{}) bool {
 		p := v.(*contact)
-		if p.state == connections.DISCONNECTED && !p.queued {
-			timeout := time.Duration((math.Pow(2, float64(p.failedCount)))*float64(adjustedBaseTimeout /*baseTimeoutSec*/)) * time.Second
-			if time.Since(p.lastAttempt) > timeout {
-				retryable = append(retryable, p)
+
+		// Don't retry anyone who isn't on the authorized peers list
+		if _, exists := cr.authorizedPeers.Load(p.id); exists {
+			if p.state == connections.DISCONNECTED && !p.queued {
+				timeout := time.Duration((math.Pow(2, float64(p.failedCount)))*float64(adjustedBaseTimeout /*baseTimeoutSec*/)) * time.Second
+				if time.Since(p.lastAttempt) > timeout {
+					retryable = append(retryable, p)
+				}
 			}
 		}
 		return true
@@ -407,10 +460,10 @@ func (cr *contactRetry) addConnection(id string, state connections.ConnectionSta
 		cr.connections.Store(id, p)
 		return
 	} else {
-		// we have rerequested this connnection. Force set the queued parameter to true.
-		p, _ := cr.connections.Load(id)
-		if !p.(*contact).queued {
-			p.(*contact).queued = true
+		// we have rerequested this connnection, probably via an explicit ask, update it's state
+		if c, ok := cr.connections.Load(id); ok {
+			contact := c.(*contact)
+			contact.state = state
 		}
 	}
 }
@@ -423,6 +476,12 @@ func (cr *contactRetry) handleEvent(id string, state connections.ConnectionState
 		return
 	}
 
+	// reject events that contain invalid hostnames...we cannot connect to them
+	// and they could result in spurious connection attempts...
+	if !tor.IsValidHostname(id) {
+		return
+	}
+
 	if _, exists := cr.connections.Load(id); !exists {
 		// We have an event for something we don't know about...
 		// The only reason this should happen is if a *new* Peer/Server connection has changed.

app/plugins/contactRetry_test.go

@@ -21,34 +21,41 @@ func TestContactRetryQueue(t *testing.T) {
 	cr := NewConnectionRetry(bus, "").(*contactRetry)
 	cr.ACNUp = true          // fake an ACN connection...
 	cr.protocolEngine = true // fake protocol engine
+	cr.stallRetries = false  // fake not being in offline mode...
 	go cr.run()
 
+	testOnion := "2wgvbza2mbuc72a4u6r6k4hc2blcvrmk4q26bfvlwbqxv2yq5k52fcqd"
+
 	t.Logf("contact plugin up and running..sending peer connection...")
 	// Assert that there is a peer connection identified as "test"
-	bus.Publish(event.NewEvent(event.QueuePeerRequest, map[event.Field]string{event.RemotePeer: "test", event.LastSeen: "test"}))
+	bus.Publish(event.NewEvent(event.QueuePeerRequest, map[event.Field]string{event.RemotePeer: testOnion, event.LastSeen: "test"}))
 
 	// Wait until the test actually exists, and is queued
 	// This is the worst part of this test setup. Ideally we would sleep, or some other yielding, but
 	// go test scheduling doesn't like that and even sleeping long periods won't cause the event thread to make
 	// progress...
-	for {
-		if pinf, exists := cr.connections.Load("test"); exists {
-			if pinf.(*contact).queued {
-				break
+	setup := false
+	for !setup {
+		if _, exists := cr.connections.Load(testOnion); exists {
+			if _, exists := cr.authorizedPeers.Load(testOnion); exists {
+				t.Logf("authorized")
+				setup = true
 			}
 		}
 	}
 
-	pinf, _ := cr.connections.Load("test")
-	if pinf.(*contact).queued == false {
-		t.Fatalf("test connection should be queued, actually: %v", pinf.(*contact).queued)
+	// We should very quickly become connecting...
+	time.Sleep(time.Second)
+	pinf, _ := cr.connections.Load(testOnion)
+	if pinf.(*contact).state != 1 {
+		t.Fatalf("test connection should be in connecting after update, actually: %v", pinf.(*contact).state)
 	}
 
 	// Asset that "test" is authenticated
-	cr.handleEvent("test", connections.AUTHENTICATED, peerConn)
+	cr.handleEvent(testOnion, connections.AUTHENTICATED, peerConn)
 
 	// Assert that "test has a valid state"
-	pinf, _ = cr.connections.Load("test")
+	pinf, _ = cr.connections.Load(testOnion)
 	if pinf.(*contact).state != 3 {
 		t.Fatalf("test connection should be in authenticated after update, actually: %v", pinf.(*contact).state)
 	}
@@ -56,19 +63,12 @@ func TestContactRetryQueue(t *testing.T) {
 	// Publish an unrelated event to trigger the Plugin to go through a queuing cycle
 	// If we didn't do this we would have to wait 30 seconds for a check-in
 	bus.Publish(event.NewEvent(event.PeerStateChange, map[event.Field]string{event.RemotePeer: "test2", event.ConnectionState: "Disconnected"}))
+	bus.Publish(event.NewEvent(event.QueuePeerRequest, map[event.Field]string{event.RemotePeer: testOnion, event.LastSeen: time.Now().Format(time.RFC3339Nano)}))
+
 	time.Sleep(time.Second)
-	if pinf.(*contact).queued != false {
-		t.Fatalf("test connection should not be queued, actually: %v", pinf.(*contact).queued)
-	}
-
-	// Publish a  new peer request...
-	bus.Publish(event.NewEvent(event.QueuePeerRequest, map[event.Field]string{event.RemotePeer: "test"}))
-	time.Sleep(time.Second) // yield for a second so the event can catch up...
-
-	// Peer test should be forced to queue....
-	pinf, _ = cr.connections.Load("test")
-	if pinf.(*contact).queued != true {
-		t.Fatalf("test connection should be forced to queue after new queue peer request")
+	pinf, _ = cr.connections.Load(testOnion)
+	if pinf.(*contact).state != 1 {
+		t.Fatalf("test connection should be in connecting after update, actually: %v", pinf.(*contact).state)
 	}
 
 	cr.Shutdown()

app/utils.go

@@ -15,6 +15,9 @@ func WaitGetPeer(app Application, name string) peer.CwtchPeer {
 	for {
 		for _, handle := range app.ListProfiles() {
 			peer := app.GetPeer(handle)
+			if peer == nil {
+				continue
+			}
 			localName, _ := peer.GetScopedZonedAttribute(attr.PublicScope, attr.ProfileZone, constants.Name)
 			if localName == name {
 				return peer

event/common.go

@@ -25,6 +25,15 @@ const (
 	//		GroupServer
 	QueuePeerRequest = Type("QueuePeerRequest")
 
+	// Disconnect*Request
+	// Close active connections and prevent new connections
+	DisconnectPeerRequest   = Type("DisconnectPeerRequest")
+	DisconnectServerRequest = Type("DisconnectServerRequest")
+
+	// Events to Manage Retry Contacts
+	PurgeRetries  = Type("PurgeRetries")
+	ResumeRetries = Type("ResumeRetries")
+
 	// RetryServerRequest
 	// Asks CwtchPeer to retry a server connection...
 	// GroupServer: [eg "chpr7qm6op5vfcg2pi4vllco3h6aa7exexc4rqwnlupqhoogx2zgd6qd"

event/eventmanager.go

@@ -95,6 +95,11 @@ func (em *manager) initialize() {
 func (em *manager) Subscribe(eventType Type, queue Queue) {
 	em.mapMutex.Lock()
 	defer em.mapMutex.Unlock()
+	for _, sub := range em.subscribers[eventType] {
+		if sub == queue {
+			return // don't add the same queue for the same event twice...
+		}
+	}
 	em.subscribers[eventType] = append(em.subscribers[eventType], queue)
 }
 

event/infinitechannel.go

@@ -1,3 +1,4 @@
+// nolint:nilaway - the infiniteBuffer function causes issues with static analysis because it is very unidomatic.
 package event
 
 /*

extensions/profile_value.go

@@ -104,6 +104,15 @@ func (pne ProfileValueExtension) OnContactRequestValue(profile peer.CwtchPeer, c
 			val, exists = profile.GetScopedZonedAttribute(attr.PublicScope, attr.ProfileZone, constants.Name)
 		}
 
+		// NOTE: Cwtch 1.15+ requires that profiles be able to restrict file downloading to specific contacts. As such we need an ACL check here
+		// on the fileshareing zone.
+		// TODO: Split this functionality into FilesharingFunctionality, and restrict this function to only considering Profile zoned attributes?
+		if zone == attr.FilesharingZone {
+			if !conversation.GetPeerAC().ShareFiles {
+				return
+			}
+		}
+
 		// Construct a Response
 		resp := event.NewEvent(event.SendRetValMessageToPeer, map[event.Field]string{event.ConversationID: strconv.Itoa(conversation.ID), event.RemotePeer: conversation.Handle, event.Exists: strconv.FormatBool(exists)})
 		resp.EventID = eventID

extensions/send_when_online.go

@@ -0,0 +1,66 @@
+package extensions
+
+import (
+	"strconv"
+
+	"cwtch.im/cwtch/event"
+	"cwtch.im/cwtch/model"
+	"cwtch.im/cwtch/model/attr"
+	"cwtch.im/cwtch/model/constants"
+	"cwtch.im/cwtch/peer"
+	"cwtch.im/cwtch/protocol/connections"
+	"cwtch.im/cwtch/settings"
+	"git.openprivacy.ca/openprivacy/log"
+)
+
+// SendWhenOnlineExtension implements automatic sending
+// Some Considerations:
+//   - There are race conditions inherant in this approach e.g. a peer could go offline just after recieving a message and never sending an ack
+//   - In that case the next time we connect we will send a duplicate message.
+//   - Currently we do not include metadata like sent time in raw peer protocols (however Overlay does now have support for that information)
+type SendWhenOnlineExtension struct {
+}
+
+func (soe SendWhenOnlineExtension) NotifySettingsUpdate(_ settings.GlobalSettings) {
+}
+
+func (soe SendWhenOnlineExtension) EventsToRegister() []event.Type {
+	return []event.Type{event.PeerStateChange}
+}
+
+func (soe SendWhenOnlineExtension) ExperimentsToRegister() []string {
+	return nil
+}
+
+func (soe SendWhenOnlineExtension) OnEvent(ev event.Event, profile peer.CwtchPeer) {
+	switch ev.EventType {
+	case event.PeerStateChange:
+		ci, err := profile.FetchConversationInfo(ev.Data["RemotePeer"])
+		if err == nil {
+			// if we have re-authenticated with thie peer then request their profile image...
+			if connections.ConnectionStateToType()[ev.Data[event.ConnectionState]] == connections.AUTHENTICATED {
+				// Check the last 100 messages, if any of them are pending, then send them now...
+				messsages, _ := profile.GetMostRecentMessages(ci.ID, 0, 0, uint(100))
+				for _, message := range messsages {
+					if message.Attr[constants.AttrAck] == constants.False {
+						body := message.Body
+						ev := event.NewEvent(event.SendMessageToPeer, map[event.Field]string{event.ConversationID: strconv.Itoa(ci.ID), event.RemotePeer: ci.Handle, event.Data: body})
+						ev.EventID = message.Signature // we need this ensure that we correctly ack this in the db when it comes back
+						// TODO: The EventBus is becoming very noisy...we may want to consider a one-way shortcut to Engine i.e. profile.Engine.SendMessageToPeer
+						log.Debugf("resending message that was sent when peer was offline")
+						profile.PublishEvent(ev)
+					}
+				}
+			}
+		}
+	}
+}
+
+// OnContactReceiveValue is nop for SendWhenOnnlineExtension
+func (soe SendWhenOnlineExtension) OnContactReceiveValue(profile peer.CwtchPeer, conversation model.Conversation, szp attr.ScopedZonedPath, value string, exists bool) {
+}
+
+// OnContactRequestValue is nop for SendWhenOnnlineExtension
+func (soe SendWhenOnlineExtension) OnContactRequestValue(profile peer.CwtchPeer, conversation model.Conversation, eventID string, szp attr.ScopedZonedPath) {
+
+}

functionality/filesharing/filesharing_functionality.go

@@ -45,6 +45,8 @@ func (f *Functionality) ExperimentsToRegister() []string {
 func (f *Functionality) OnEvent(ev event.Event, profile peer.CwtchPeer) {
 	if profile.IsFeatureEnabled(constants.FileSharingExperiment) {
 		switch ev.EventType {
+		case event.ProtocolEngineCreated:
+			f.ReShareFiles(profile)
 		case event.ManifestReceived:
 			log.Debugf("Manifest Received Event!: %v", ev)
 			handle := ev.Data[event.Handle]
@@ -208,7 +210,7 @@ func (f *Functionality) VerifyOrResumeDownload(profile peer.CwtchPeer, conversat
 	return errors.New("file download metadata does not exist, or is corrupted")
 }
 
-func (f *Functionality) CheckDownloadStatus(profile peer.CwtchPeer, fileKey string) {
+func (f *Functionality) CheckDownloadStatus(profile peer.CwtchPeer, fileKey string) error {
 	path, _ := profile.GetScopedZonedAttribute(attr.LocalScope, attr.FilesharingZone, fmt.Sprintf("%s.path", fileKey))
 	if value, exists := profile.GetScopedZonedAttribute(attr.LocalScope, attr.FilesharingZone, fmt.Sprintf("%s.complete", fileKey)); exists && value == event.True {
 		profile.PublishEvent(event.NewEvent(event.FileDownloaded, map[event.Field]string{
@@ -227,6 +229,7 @@ func (f *Functionality) CheckDownloadStatus(profile peer.CwtchPeer, fileKey stri
 			event.FilePath:         path,
 		}))
 	}
+	return nil // cannot fail
 }
 
 func (f *Functionality) EnhancedShareFile(profile peer.CwtchPeer, conversationID int, sharefilepath string) string {
@@ -269,15 +272,21 @@ func (f *Functionality) DownloadFile(profile peer.CwtchPeer, conversationID int,
 	}
 
 	// Don't download files if the download file directory does not exist
-	if _, err := os.Stat(path.Dir(downloadFilePath)); os.IsNotExist(err) {
-		return errors.New("download directory does not exist")
-	}
+	// Unless we are on Android where the kernel wishes to keep us ignorant of the
+	// actual path and/or existence of the file. We handle this case further down
+	// the line when the manifest is received and protocol engine and the Android layer
+	// negotiate a temporary local file -> final file copy. We don't want to worry
+	// about that here...
+	if runtime.GOOS != "android" {
+		if _, err := os.Stat(path.Dir(downloadFilePath)); os.IsNotExist(err) {
+			return errors.New("download directory does not exist")
+		}
 
-	// Don't download files if the manifest file directory does not exist
-	if _, err := os.Stat(path.Dir(manifestFilePath)); os.IsNotExist(err) {
-		return errors.New("manifest directory does not exist")
+		// Don't download files if the manifest file directory does not exist
+		if _, err := os.Stat(path.Dir(manifestFilePath)); os.IsNotExist(err) {
+			return errors.New("manifest directory does not exist")
+		}
 	}
-
 	// Store local.filesharing.filekey.manifest as the location of the manifest
 	profile.SetScopedZonedAttribute(attr.LocalScope, attr.FilesharingZone, fmt.Sprintf("%s.manifest", key), manifestFilePath)
 
@@ -294,9 +303,10 @@ func (f *Functionality) DownloadFile(profile peer.CwtchPeer, conversationID int,
 }
 
 // startFileShare is a private method used to finalize a file share and publish it to the protocol engine for processing.
-func (f *Functionality) startFileShare(profile peer.CwtchPeer, filekey string, manifest string) error {
+// if force is set to true, this function will ignore timestamp checks...
+func (f *Functionality) startFileShare(profile peer.CwtchPeer, filekey string, manifest string, force bool) error {
 	tsStr, exists := profile.GetScopedZonedAttribute(attr.LocalScope, attr.FilesharingZone, fmt.Sprintf("%s.ts", filekey))
-	if exists {
+	if exists && !force {
 		ts, err := strconv.ParseInt(tsStr, 10, 64)
 		if err != nil || ts < time.Now().Unix()-2592000 {
 			log.Errorf("ignoring request to download a file offered more than 30 days ago")
@@ -306,12 +316,22 @@ func (f *Functionality) startFileShare(profile peer.CwtchPeer, filekey string, m
 
 	// set the filekey status to active
 	profile.SetScopedZonedAttribute(attr.LocalScope, attr.FilesharingZone, fmt.Sprintf("%s.active", filekey), constants.True)
+	// reset the timestamp...
+	profile.SetScopedZonedAttribute(attr.LocalScope, attr.FilesharingZone, fmt.Sprintf("%s.ts", filekey), strconv.FormatInt(time.Now().Unix(), 10))
+	// share the manifest
 	profile.PublishEvent(event.NewEvent(event.ShareManifest, map[event.Field]string{event.FileKey: filekey, event.SerializedManifest: manifest}))
 	return nil
 }
 
 // RestartFileShare takes in an existing filekey and, assuming the manifest exists, restarts sharing of the manifest
+// by default this function always forces a file share, even if the file has timed out.
 func (f *Functionality) RestartFileShare(profile peer.CwtchPeer, filekey string) error {
+	return f.restartFileShareAdvanced(profile, filekey, true)
+}
+
+// RestartFileShareAdvanced takes in an existing filekey and, assuming the manifest exists, restarts sharing of the manifest in addition
+// to a set of parameters
+func (f *Functionality) restartFileShareAdvanced(profile peer.CwtchPeer, filekey string, force bool) error {
 
 	// assert that we are allowed to restart filesharing
 	if !profile.IsFeatureEnabled(constants.FileSharingExperiment) {
@@ -323,7 +343,7 @@ func (f *Functionality) RestartFileShare(profile peer.CwtchPeer, filekey string)
 	if manifestExists {
 		// everything is in order, so reshare this file with the engine
 		log.Debugf("restarting file share: %v", filekey)
-		return f.startFileShare(profile, filekey, manifest)
+		return f.startFileShare(profile, filekey, manifest, force)
 	}
 	return fmt.Errorf("manifest does not exist for filekey: %v", filekey)
 }
@@ -357,12 +377,10 @@ func (f *Functionality) ReShareFiles(profile peer.CwtchPeer) error {
 				filekey := strings.Join(keyparts[:2], ".")
 				sharedFile, err := f.GetFileShareInfo(profile, filekey)
 
-				// If we haven't explicitly stopped sharing the file AND
-				// If fewer than 30 days have passed since we originally shared this file,
-				// Then attempt to share this file again...
-				// TODO: In the future this would be the point to change the timestamp and reshare the file...
+				// If we haven't explicitly stopped sharing the file then attempt a reshare
 				if err == nil && sharedFile.Active {
-					err := f.RestartFileShare(profile, filekey)
+					// this reshare can fail because we don't force sharing of files older than 30 days...
+					err := f.restartFileShareAdvanced(profile, filekey, false)
 					if err != nil {
 						log.Debugf("could not reshare file: %v", err)
 					}
@@ -456,7 +474,7 @@ func (f *Functionality) ShareFile(filepath string, profile peer.CwtchPeer) (stri
 	profile.SetScopedZonedAttribute(attr.ConversationScope, attr.FilesharingZone, fmt.Sprintf("%s.manifest", key), string(serializedManifest))
 	profile.SetScopedZonedAttribute(attr.ConversationScope, attr.FilesharingZone, fmt.Sprintf("%s.manifest.size", key), strconv.Itoa(int(math.Ceil(float64(len(serializedManifest)-lenDiff)/float64(files.DefaultChunkSize)))))
 
-	err = f.startFileShare(profile, key, string(serializedManifest))
+	err = f.startFileShare(profile, key, string(serializedManifest), false)
 
 	return key, string(wrapperJSON), err
 }
@@ -558,11 +576,12 @@ func GenerateDownloadPath(basePath, fileName string, overwrite bool) (filePath,
 }
 
 // StopFileShare sends a message to the ProtocolEngine to cease sharing a particular file
-func (f *Functionality) StopFileShare(profile peer.CwtchPeer, fileKey string) {
+func (f *Functionality) StopFileShare(profile peer.CwtchPeer, fileKey string) error {
 	// Note we do not do a permissions check here, as we are *always* permitted to stop sharing files.
 	// set the filekey status to inactive
 	profile.SetScopedZonedAttribute(attr.LocalScope, attr.FilesharingZone, fmt.Sprintf("%s.active", fileKey), constants.False)
 	profile.PublishEvent(event.NewEvent(event.StopFileShare, map[event.Field]string{event.FileKey: fileKey}))
+	return nil // cannot fail
 }
 
 // StopAllFileShares sends a message to the ProtocolEngine to cease sharing all files

functionality/filesharing/image_previews.go

@@ -38,14 +38,14 @@ func (i *ImagePreviewsFunctionality) OnEvent(ev event.Event, profile peer.CwtchP
 		case event.NewMessageFromPeer:
 			ci, err := profile.FetchConversationInfo(ev.Data["RemotePeer"])
 			if err == nil {
-				if ci.Accepted {
+				if ci.GetPeerAC().RenderImages {
 					i.handleImagePreviews(profile, &ev, ci.ID, ci.ID)
 				}
 			}
 		case event.NewMessageFromGroup:
 			ci, err := profile.FetchConversationInfo(ev.Data["RemotePeer"])
 			if err == nil {
-				if ci.Accepted {
+				if ci.GetPeerAC().RenderImages {
 					i.handleImagePreviews(profile, &ev, ci.ID, ci.ID)
 				}
 			}
@@ -62,7 +62,15 @@ func (i *ImagePreviewsFunctionality) OnEvent(ev event.Event, profile peer.CwtchP
 			if err == nil {
 				for _, ci := range conversations {
 					if profile.GetPeerState(ci.Handle) == connections.AUTHENTICATED {
-						profile.SendScopedZonedGetValToContact(ci.ID, attr.PublicScope, attr.ProfileZone, constants.CustomProfileImageKey)
+						// if we have enabled file shares for this contact, then send them our profile image
+						// NOTE: In the past, Cwtch treated "profile image" as a public file share. As such, anyone with the file key and who is able
+						// to authenticate with the profile (i.e. non-blocked peers) can download the file (if the global profile images experiment is enabled)
+						// To better allow for fine-grained permissions (and to support hybrid group permissions), we want to enable per-conversation file
+						// sharing permissions. As such, profile images are now only shared with contacts with that permission enabled.
+						// (i.e. all previous accepted contacts, new accepted contacts, and contacts who have this toggle set explictly)
+						if ci.GetPeerAC().ShareFiles {
+							profile.SendScopedZonedGetValToContact(ci.ID, attr.PublicScope, attr.ProfileZone, constants.CustomProfileImageKey)
+						}
 					}
 				}
 			}
@@ -75,10 +83,9 @@ func (i *ImagePreviewsFunctionality) OnEvent(ev event.Event, profile peer.CwtchP
 				// we reset the profile image here so that it is always available.
 				profile.SetScopedZonedAttribute(attr.LocalScope, attr.FilesharingZone, fmt.Sprintf("%s.ts", key), strconv.FormatInt(time.Now().Unix(), 10))
 				log.Debugf("Custom Profile Image: %v %s", key, serializedManifest)
+				f := Functionality{}
+				f.RestartFileShare(profile, key)
 			}
-			// If file sharing is enabled then reshare all active files...
-			fsf := FunctionalityGate()
-			_ = fsf.ReShareFiles(profile)
 		}
 	}
 }
@@ -91,7 +98,7 @@ func (i *ImagePreviewsFunctionality) OnContactReceiveValue(profile peer.CwtchPee
 		_, zone, path := path.GetScopeZonePath()
 		if exists && zone == attr.ProfileZone && path == constants.CustomProfileImageKey {
 			// We only download from accepted conversations
-			if conversation.Accepted {
+			if conversation.GetPeerAC().RenderImages {
 				fileKey := value
 				basepath := i.downloadFolder
 				fsf := FunctionalityGate()
@@ -124,6 +131,16 @@ func (i *ImagePreviewsFunctionality) OnContactReceiveValue(profile peer.CwtchPee
 // handleImagePreviews checks settings and, if appropriate, auto-downloads any images
 func (i *ImagePreviewsFunctionality) handleImagePreviews(profile peer.CwtchPeer, ev *event.Event, conversationID, senderID int) {
 	if profile.IsFeatureEnabled(constants.FileSharingExperiment) && profile.IsFeatureEnabled(constants.ImagePreviewsExperiment) {
+		ci, err := profile.GetConversationInfo(senderID)
+		if err != nil {
+			log.Errorf("attempted to call handleImagePreviews with unknown conversation: %v", senderID)
+			return
+		}
+
+		if !ci.GetPeerAC().ShareFiles || !ci.GetPeerAC().RenderImages {
+			log.Infof("refusing to autodownload files from sender: %v. conversation AC does not permit image rendering", senderID)
+			return
+		}
 
 		// Short-circuit failures
 		// Don't auto-download images if the download path does not exist.
@@ -143,7 +160,7 @@ func (i *ImagePreviewsFunctionality) handleImagePreviews(profile peer.CwtchPeer,
 
 		// Now look at the image preview experiment
 		var cm model.MessageWrapper
-		err := json.Unmarshal([]byte(ev.Data[event.Data]), &cm)
+		err = json.Unmarshal([]byte(ev.Data[event.Data]), &cm)
 		if err == nil && cm.Overlay == model.OverlayFileSharing {
 			log.Debugf("Received File Sharing Message")
 			var fm OverlayMessage

functionality/servers/servers_functionality.go

@@ -9,6 +9,8 @@ import (
 	"cwtch.im/cwtch/protocol/connections"
 	"cwtch.im/cwtch/settings"
 	"encoding/json"
+	"errors"
+	"git.openprivacy.ca/openprivacy/log"
 )
 
 const (
@@ -30,7 +32,7 @@ func (f *Functionality) NotifySettingsUpdate(settings settings.GlobalSettings) {
 }
 
 func (f *Functionality) EventsToRegister() []event.Type {
-	return []event.Type{event.Heartbeat}
+	return []event.Type{event.QueueJoinServer}
 }
 
 func (f *Functionality) ExperimentsToRegister() []string {
@@ -42,8 +44,9 @@ func (f *Functionality) OnEvent(ev event.Event, profile peer.CwtchPeer) {
 	if profile.IsFeatureEnabled(constants.GroupsExperiment) {
 		switch ev.EventType {
 		// keep the UI in sync with the current backend server updates...
-		// TODO: do we need a secondary heartbeat for less common updates?
-		case event.Heartbeat:
+		// queue join server gets triggered on load and on new servers so it's a nice
+		// low-noise event to hook into...
+		case event.QueueJoinServer:
 			f.PublishServerUpdate(profile)
 		}
 	}
@@ -86,17 +89,23 @@ type Server struct {
 }
 
 // PublishServerUpdate serializes the current list of group servers and publishes an event with this information
-func (f *Functionality) PublishServerUpdate(profile peer.CwtchPeer) {
+func (f *Functionality) PublishServerUpdate(profile peer.CwtchPeer) error {
 	serverListForOnion := f.GetServerInfoList(profile)
-	serversListBytes, _ := json.Marshal(serverListForOnion)
+	serversListBytes, err := json.Marshal(serverListForOnion)
 	profile.PublishEvent(event.NewEvent(UpdateServerInfo, map[event.Field]string{"ProfileOnion": profile.GetOnion(), ServerList: string(serversListBytes)}))
+	return err
 }
 
 // GetServerInfoList compiles all the information the UI might need regarding all servers..
 func (f *Functionality) GetServerInfoList(profile peer.CwtchPeer) []Server {
 	var servers []Server
 	for _, server := range profile.GetServers() {
-		servers = append(servers, f.GetServerInfo(profile, server))
+		server, err := f.GetServerInfo(profile, server)
+		if err != nil {
+			log.Errorf("profile server list is corrupted: %v", err)
+			continue
+		}
+		servers = append(servers, server)
 	}
 	return servers
 }
@@ -118,8 +127,11 @@ func (f *Functionality) DeleteServerInfo(profile peer.CwtchPeer, serverOnion str
 
 // GetServerInfo compiles all the information the UI might need regarding a particular server including any verified
 // cryptographic keys
-func (f *Functionality) GetServerInfo(profile peer.CwtchPeer, serverOnion string) Server {
-	serverInfo, _ := profile.FetchConversationInfo(serverOnion)
+func (f *Functionality) GetServerInfo(profile peer.CwtchPeer, serverOnion string) (Server, error) {
+	serverInfo, err := profile.FetchConversationInfo(serverOnion)
+	if err != nil {
+		return Server{}, errors.New("server not found")
+	}
 	keyTypes := []model.KeyType{model.KeyTypeServerOnion, model.KeyTypeTokenOnion, model.KeyTypePrivacyPass}
 	var serverKeys []ServerKey
 
@@ -134,5 +146,5 @@ func (f *Functionality) GetServerInfo(profile peer.CwtchPeer, serverOnion string
 	recentTimeStr := serverInfo.Attributes[attr.LocalScope.ConstructScopedZonedPath(attr.LegacyGroupZone.ConstructZonedPath(constants.SyncMostRecentMessageTime)).ToString()]
 	syncStatus := SyncStatus{startTimeStr, recentTimeStr}
 
-	return Server{Onion: serverOnion, Identifier: serverInfo.ID, Status: connections.ConnectionStateName[profile.GetPeerState(serverInfo.Handle)], Keys: serverKeys, Description: description, SyncProgress: syncStatus}
+	return Server{Onion: serverOnion, Identifier: serverInfo.ID, Status: connections.ConnectionStateName[profile.GetPeerState(serverInfo.Handle)], Keys: serverKeys, Description: description, SyncProgress: syncStatus}, nil
 }

go.mod

@@ -1,6 +1,6 @@
 module cwtch.im/cwtch
 
-go 1.17
+go 1.20
 
 require (
 	git.openprivacy.ca/cwtch.im/tapir v0.6.0

go.sum

@@ -1,48 +1,23 @@
-filippo.io/edwards25519 v1.0.0-rc.1/go.mod h1:N1IkdkCkiLB6tki+MYJoSx2JTY9NUlxZE7eHn5EwJns=
 filippo.io/edwards25519 v1.0.0 h1:0wAIcmJUqRdI8IJ/3eGi5/HwXZWPujYXXlkrQogz0Ek=
 filippo.io/edwards25519 v1.0.0/go.mod h1:N1IkdkCkiLB6tki+MYJoSx2JTY9NUlxZE7eHn5EwJns=
 git.openprivacy.ca/cwtch.im/tapir v0.6.0 h1:TtnKjxitkIDMM7Qn0n/u+mOHRLJzuQUYjYRu5n0/QFY=
 git.openprivacy.ca/cwtch.im/tapir v0.6.0/go.mod h1:iQIq4y7N+DuP3CxyG66WNEC/d6vzh+wXvvOmelB+KoY=
-git.openprivacy.ca/openprivacy/bine v0.0.4/go.mod h1:13ZqhKyqakDsN/ZkQkIGNULsmLyqtXc46XBcnuXm/mU=
 git.openprivacy.ca/openprivacy/bine v0.0.5 h1:DJs5gqw3SkvLSgRDvroqJxZ7F+YsbxbBRg5t0rU5gYE=
 git.openprivacy.ca/openprivacy/bine v0.0.5/go.mod h1:fwdeq6RO08WDkV0k7HfArsjRvurVULoUQmT//iaABZM=
-git.openprivacy.ca/openprivacy/connectivity v1.8.6/go.mod h1:Hn1gpOx/bRZp5wvCtPQVJPXrfeUH0EGiG/Aoa0vjGLg=
 git.openprivacy.ca/openprivacy/connectivity v1.11.0 h1:roASjaFtQLu+HdH5fa2wx6F00NL3YsUTlmXBJh8aLZk=
 git.openprivacy.ca/openprivacy/connectivity v1.11.0/go.mod h1:OQO1+7OIz/jLxDrorEMzvZA6SEbpbDyLGpjoFqT3z1Y=
 git.openprivacy.ca/openprivacy/log v1.0.3 h1:E/PMm4LY+Q9s3aDpfySfEDq/vYQontlvNj/scrPaga0=
 git.openprivacy.ca/openprivacy/log v1.0.3/go.mod h1:gGYK8xHtndRLDymFtmjkG26GaMQNgyhioNS82m812Iw=
-github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI=
-github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI=
-github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
-github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo=
-github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ=
-github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0/go.mod h1:fyg7847qk6SyHyPtNmDHnmrv/HOrqktSC+C9fM+CJOE=
-github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
-github.com/golang/protobuf v1.4.0-rc.1/go.mod h1:ceaxUfeHdC40wWswd/P6IGgMaK3YpKi5j83Wpe3EHw8=
-github.com/golang/protobuf v1.4.0-rc.1.0.20200221234624-67d41d38c208/go.mod h1:xKAWHe0F5eneWXFV3EuXVDTCmh+JuBKY0li0aMyXATA=
-github.com/golang/protobuf v1.4.0-rc.2/go.mod h1:LlEzMj4AhA7rCAGe4KMBDvJI+AwstrUpVNzEA03Pprs=
-github.com/golang/protobuf v1.4.0-rc.4.0.20200313231945-b860323f09d0/go.mod h1:WU3c8KckQ9AFe+yFwt9sWVRKCVIyN9cPHBJSNnbL67w=
-github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvqG2KuDX0=
-github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI=
-github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk=
 github.com/golang/protobuf v1.5.2 h1:ROPKBNFfQgOUMifHyP+KYbvpjbdoFNs+aK7DXlji0Tw=
-github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
-github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
-github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
-github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.8 h1:e6P7q2lk1O+qJJb4BtCQXlK8vWEO8V1ZeuEdJNOqZyg=
 github.com/google/go-cmp v0.5.8/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
-github.com/google/pprof v0.0.0-20210407192527-94a9f03dee38/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
 github.com/gtank/merlin v0.1.1 h1:eQ90iG7K9pOhtereWsmyRJ6RAwcP4tHTDBHXNg+u5is=
 github.com/gtank/merlin v0.1.1/go.mod h1:T86dnYJhcGOh5BjZFCJWTDeTK7XW8uE+E21Cy/bIQ+s=
 github.com/gtank/ristretto255 v0.1.3-0.20210930101514-6bb39798585c h1:gkfmnY4Rlt3VINCo4uKdpvngiibQyoENVj5Q88sxXhE=
 github.com/gtank/ristretto255 v0.1.3-0.20210930101514-6bb39798585c/go.mod h1:tDPFhGdt3hJWqtKwx57i9baiB1Cj0yAg22VOPUqm5vY=
-github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU=
-github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
 github.com/kr/pretty v0.2.1 h1:Fmg33tUaq4/8ym9TJN1x7sLJnHVwhP33CNkpYV/7rwI=
 github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI=
 github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
@@ -53,115 +28,43 @@ github.com/mimoo/StrobeGo v0.0.0-20220103164710-9a04d6ca976b h1:QrHweqAtyJ9EwCaG
 github.com/mimoo/StrobeGo v0.0.0-20220103164710-9a04d6ca976b/go.mod h1:xxLb2ip6sSUts3g1irPVHyk/DGslwQsNOo9I7smJfNU=
 github.com/mutecomm/go-sqlcipher/v4 v4.4.2 h1:eM10bFtI4UvibIsKr10/QT7Yfz+NADfjZYh0GKrXUNc=
 github.com/mutecomm/go-sqlcipher/v4 v4.4.2/go.mod h1:mF2UmIpBnzFeBdu/ypTDb/LdbS0nk0dfSN1WUsWTjMA=
-github.com/nxadm/tail v1.4.4/go.mod h1:kenIhsEOeOJmVchQTgglprH7qJGnHDVpk1VPCcaMI8A=
-github.com/nxadm/tail v1.4.8/go.mod h1:+ncqLTQzXmGhMZNUePPaPqPvBxHAIsmXswZKocGu+AU=
-github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
-github.com/onsi/ginkgo v1.12.1/go.mod h1:zj2OWP4+oCPe1qIXoGWkgMRwljMUYCdkwsT2108oapk=
-github.com/onsi/ginkgo v1.16.4 h1:29JGrr5oVBm5ulCWet69zQkzWipVXIol6ygQUe/EzNc=
-github.com/onsi/ginkgo v1.16.4/go.mod h1:dX+/inL/fNMqNlz0e9LfyB9TswhZpCVdJM/Z6Vvnwo0=
-github.com/onsi/ginkgo/v2 v2.1.3/go.mod h1:vw5CSIxN1JObi/U8gcbwft7ZxR2dgaR70JSE3/PpL4c=
 github.com/onsi/ginkgo/v2 v2.1.4 h1:GNapqRSid3zijZ9H77KrgVG4/8KqiyRsxcSxe+7ApXY=
 github.com/onsi/ginkgo/v2 v2.1.4/go.mod h1:um6tUpWM/cxCK3/FK8BXqEiUMUwRgSM4JXG47RKZmLU=
-github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY=
-github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo=
-github.com/onsi/gomega v1.17.0/go.mod h1:HnhC7FXeEQY45zxNK3PPoIUhzk/80Xly9PcubAlGdZY=
-github.com/onsi/gomega v1.19.0/go.mod h1:LY+I3pBVzYsTBU1AnDwOSxaYi9WoWiqgwooUqq9yPro=
 github.com/onsi/gomega v1.20.1 h1:PA/3qinGoukvymdIDV8pii6tiZgC8kbmJO6Z5+b002Q=
 github.com/onsi/gomega v1.20.1/go.mod h1:DtrZpjmvpn2mPm4YWQa0/ALMDj9v4YxLgojwPeREyVo=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
-github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA=
 github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.7.0 h1:nwc3DEeHmmLAfoZucVR881uASk0Mfjw8xYJ99tb5CcY=
 github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
-github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
-github.com/yuin/goldmark v1.4.1/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k=
 go.etcd.io/bbolt v1.3.6 h1:/ecaJf0sk1l4l6V4awd65v2C3ILy7MSj+s/x1ADCIMU=
 go.etcd.io/bbolt v1.3.6/go.mod h1:qXsaaIqmgQH0T+OPdb99Bf+PKfBBQVAdyD6TY9G8XM4=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
-golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20201012173705-84dcc777aaee/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
-golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
 golang.org/x/crypto v0.0.0-20220826181053-bd7e27e6170d h1:3qF+Z8Hkrw9sOhrFHti9TlB1Hkac1x+DNRkv0XQiFjo=
 golang.org/x/crypto v0.0.0-20220826181053-bd7e27e6170d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
-golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
-golang.org/x/mod v0.6.0-dev.0.20220106191415-9b9b3d81d5e3/go.mod h1:3p9vT2HGsQu2K1YbXdKPJLVgG5VJdoTa1poYQBtP1AY=
-golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
-golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20200520004742-59133d7f0dd7/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
 golang.org/x/net v0.0.0-20201010224723-4f7140c49acb/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
-golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
-golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
-golang.org/x/net v0.0.0-20210428140749-89ef3d95e781/go.mod h1:OJAsFXCWl8Ukc7SiCT/9KSuxbyM7479/AVlXFRxuMCk=
-golang.org/x/net v0.0.0-20211015210444-4f30a5c0130f/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
-golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
-golang.org/x/net v0.0.0-20220225172249-27dd8689420f/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
-golang.org/x/net v0.0.0-20220425223048-2871e0cb64e4/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
 golang.org/x/net v0.0.0-20220826154423-83b083e8dc8b h1:ZmngSVLe/wycRns9MKikG9OWIEjGcGAkacif7oYQaUY=
 golang.org/x/net v0.0.0-20220826154423-83b083e8dc8b/go.mod h1:YDH+HFinaLZZlnHAfSS6ZXJJ9M9t4Dl22yv3iI2vPwk=
-golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190904154756-749cb33beabd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20191005200804-aed5e4c7ecf9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20191120155948-bd437916bb0e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20191204072324-ce4227a45e2e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200923182605-d9f96fdee20d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210112080510-489259a85091/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20211019181941-9d821ace8654/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20220319134239-a9b59b0215f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20220422013727-9388b58f7150/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20220728004956-3c1f35247d10/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220825204002-c680a09ffe64 h1:UiNENfZ8gDvpiWw7IpOMQ27spWmThO1RwwdQVbJahJM=
 golang.org/x/sys v0.0.0-20220825204002-c680a09ffe64/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
-golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
-golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.7 h1:olpwvP2KacW1ZWvsR7uQhoyTYvKAupfQrRGBFM352Gk=
 golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
-golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20201224043029-2b0845dc783e/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
-golang.org/x/tools v0.1.10/go.mod h1:Uh6Zz+xoGYZom868N8YTex3t7RhtHDBrE8Gzo9bV56E=
-golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=
-google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0=
-google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM=
-google.golang.org/protobuf v1.20.1-0.20200309200217-e05f789c0967/go.mod h1:A+miEFZTKqfCUM6K7xSMQL9OKL/b6hQv+e19PK+JZNE=
-google.golang.org/protobuf v1.21.0/go.mod h1:47Nbq4nVaFHyn7ilMalzfO3qCViNmqZ2kzikPIcrTAo=
-google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
-google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw=
-google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
 google.golang.org/protobuf v1.28.0 h1:w43yiav+6bVFTBQFZX0r7ipe9JQ1QsbMgHwbBziscLw=
-google.golang.org/protobuf v1.28.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=
-gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys=
-gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw=
-gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
-gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
-gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
-gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=
 gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
 gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=

model/constants/attributes.go

@@ -57,6 +57,7 @@ const SyncMostRecentMessageTime = "SyncMostRecentMessageTime"
 
 const AttrLastConnectionTime = "last-connection-time"
 const PeerAutostart = "autostart"
+const PeerAppearOffline = "appear-offline"
 const Archived = "archived"
 
 const ProfileStatus = "profile-status"
@@ -66,3 +67,8 @@ const ProfileAttribute3 = "profile-attribute-3"
 
 // Description is used on server contacts,
 const Description = "description"
+
+// Used to store the status of acl migrations
+const ACLVersion = "acl-version"
+const ACLVersionOne = "acl-v1"
+const ACLVersionTwo = "acl-v2"

model/conversation.go

@@ -1,22 +1,36 @@
 package model
 
 import (
-	"cwtch.im/cwtch/model/attr"
-	"cwtch.im/cwtch/model/constants"
 	"encoding/json"
 	"time"
+
+	"cwtch.im/cwtch/model/attr"
+	"cwtch.im/cwtch/model/constants"
+	"git.openprivacy.ca/openprivacy/connectivity/tor"
+	"git.openprivacy.ca/openprivacy/log"
 )
 
 // AccessControl is a type determining client assigned authorization to a peer
+// for a given conversation
 type AccessControl struct {
-	Blocked bool // Any attempts from this handle to connect are blocked
-	Read    bool // Allows a handle to access the conversation
-	Append  bool // Allows a handle to append new messages to the conversation
+	Blocked bool // Any attempts from this handle to connect are blocked overrides all other settings
+
+	// Basic Conversation Rights
+	Read   bool // Allows a handle to access the conversation
+	Append bool // Allows a handle to append new messages to the conversation
+
+	AutoConnect        bool // Profile should automatically try to connect with peer
+	ExchangeAttributes bool // Profile should automatically exchange attributes like Name, Profile Image, etc.
+
+	// Extension Related Permissions
+	ShareFiles   bool // Allows a handle to share files to a conversation
+	RenderImages bool // Indicates that certain filetypes should be autodownloaded and rendered when shared by this contact
 }
 
-// DefaultP2PAccessControl - because in the year 2021, go does not support constant structs...
+// DefaultP2PAccessControl defaults to a semi-trusted peer with no access to special extensions.
 func DefaultP2PAccessControl() AccessControl {
-	return AccessControl{Read: true, Append: true, Blocked: false}
+	return AccessControl{Read: true, Append: true, ExchangeAttributes: true, Blocked: false,
+		AutoConnect: true, ShareFiles: false, RenderImages: false}
 }
 
 // AccessControlList represents an access control list for a conversation. Mapping handles to conversation
@@ -30,10 +44,10 @@ func (acl *AccessControlList) Serialize() []byte {
 }
 
 // DeserializeAccessControlList takes in JSON and returns an AccessControlList
-func DeserializeAccessControlList(data []byte) AccessControlList {
+func DeserializeAccessControlList(data []byte) (AccessControlList, error) {
 	var acl AccessControlList
-	json.Unmarshal(data, &acl)
-	return acl
+	err := json.Unmarshal(data, &acl)
+	return acl, err
 }
 
 // Attributes a type-driven encapsulation of an Attribute map.
@@ -47,8 +61,12 @@ func (a *Attributes) Serialize() []byte {
 
 // DeserializeAttributes converts a JSON struct into an Attributes map
 func DeserializeAttributes(data []byte) Attributes {
-	var attributes Attributes
-	json.Unmarshal(data, &attributes)
+	attributes := make(Attributes)
+	err := json.Unmarshal(data, &attributes)
+	if err != nil {
+		log.Error("error deserializing attributes (this is likely a programming error): %v", err)
+		return make(Attributes)
+	}
 	return attributes
 }
 
@@ -60,7 +78,9 @@ type Conversation struct {
 	Handle     string
 	Attributes Attributes
 	ACL        AccessControlList
-	Accepted   bool
+
+	// Deprecated, please use ACL for permissions related functions
+	Accepted bool
 }
 
 // GetAttribute is a helper function that fetches a conversation attribute by scope, zone and key
@@ -71,6 +91,21 @@ func (ci *Conversation) GetAttribute(scope attr.Scope, zone attr.Zone, key strin
 	return "", false
 }
 
+// GetPeerAC returns a suitable Access Control object for a the given peer conversation
+// If this is called for a group conversation, this method will error and return a safe default AC.
+func (ci *Conversation) GetPeerAC() AccessControl {
+	if acl, exists := ci.ACL[ci.Handle]; exists {
+		return acl
+	}
+	log.Errorf("attempted to access a Peer Access Control object from %v but peer ACL is undefined. This is likely a programming error", ci.Handle)
+	return DefaultP2PAccessControl()
+}
+
+// IsCwtchPeer is a helper attribute that identifies whether a conversation is a cwtch peer
+func (ci *Conversation) IsCwtchPeer() bool {
+	return tor.IsValidHostname(ci.Handle)
+}
+
 // IsGroup is a helper attribute that identifies whether a conversation is a legacy group
 func (ci *Conversation) IsGroup() bool {
 	if _, exists := ci.Attributes[attr.LocalScope.ConstructScopedZonedPath(attr.LegacyGroupZone.ConstructZonedPath(constants.GroupID)).ToString()]; exists {

model/group.go

@@ -59,21 +59,26 @@ func NewGroup(server string) (*Group, error) {
 
 	// Derive Group ID from the group key and the server public key. This binds the group to a particular server
 	// and key.
-	group.GroupID = deriveGroupID(groupKey[:], server)
-	return group, nil
+	var err error
+	group.GroupID, err = deriveGroupID(groupKey[:], server)
+	return group, err
 }
 
 // CheckGroup returns true only if the ID of the group is cryptographically valid.
 func (g *Group) CheckGroup() bool {
-	return g.GroupID == deriveGroupID(g.GroupKey[:], g.GroupServer)
+	id, _ := deriveGroupID(g.GroupKey[:], g.GroupServer)
+	return g.GroupID == id
 }
 
 // deriveGroupID hashes together the key and the hostname to create a bound identifier that can later
 // be referenced and checked by profiles when they receive invites and messages.
-func deriveGroupID(groupKey []byte, serverHostname string) string {
-	data, _ := base32.StdEncoding.DecodeString(strings.ToUpper(serverHostname))
+func deriveGroupID(groupKey []byte, serverHostname string) (string, error) {
+	data, err := base32.StdEncoding.DecodeString(strings.ToUpper(serverHostname))
+	if err != nil {
+		return "", err
+	}
 	pubkey := data[0:ed25519.PublicKeySize]
-	return hex.EncodeToString(pbkdf2.Key(groupKey, pubkey, 4096, 16, sha512.New))
+	return hex.EncodeToString(pbkdf2.Key(groupKey, pubkey, 4096, 16, sha512.New)), nil
 }
 
 // Invite generates a invitation that can be sent to a cwtch peer
@@ -148,7 +153,7 @@ func ValidateInvite(invite string) (*groups.GroupInvite, error) {
 
 				// Derive the servers public key (we can ignore the error checking here because it's already been
 				// done by IsValidHostname, and check that we derive the same groupID...
-				derivedGroupID := deriveGroupID(gci.SharedKey, gci.ServerHost)
+				derivedGroupID, _ := deriveGroupID(gci.SharedKey, gci.ServerHost)
 				if derivedGroupID != gci.GroupID {
 					return nil, errors.New("group id is invalid")
 				}
@@ -166,7 +171,9 @@ func ValidateInvite(invite string) (*groups.GroupInvite, error) {
 // If successful, adds the message to the group's timeline
 func (g *Group) AttemptDecryption(ciphertext []byte, signature []byte) (bool, *groups.DecryptedGroupMessage) {
 	success, dgm := g.DecryptMessage(ciphertext)
-	if success {
+	// the second check here is not needed, but DecryptMessage violates the usual
+	// go calling convention and we want static analysis tools to pick it up
+	if success && dgm != nil {
 
 		// Attempt to serialize this message
 		serialized, err := json.Marshal(dgm)

model/group_test.go

@@ -9,7 +9,10 @@ import (
 )
 
 func TestGroup(t *testing.T) {
-	g, _ := NewGroup("2c3kmoobnyghj2zw6pwv7d57yzld753auo3ugauezzpvfak3ahc4bdyd")
+	g, err := NewGroup("2c3kmoobnyghj2zw6pwv7d57yzld753auo3ugauezzpvfak3ahc4bdyd")
+	if err != nil {
+		t.Fatalf("Group with real group server should not fail")
+	}
 	dgm := &groups.DecryptedGroupMessage{
 		Onion:              "onion",
 		Text:               "Hello World!",
@@ -37,7 +40,7 @@ func TestGroup(t *testing.T) {
 
 	encMessage, _ := g.EncryptMessage(dgm)
 	ok, message := g.DecryptMessage(encMessage)
-	if !ok || message.Text != "Hello World!" {
+	if (!ok || message == nil) || message.Text != "Hello World!" {
 		t.Errorf("group encryption was invalid, or returned wrong message decrypted:%v message:%v", ok, message)
 		return
 	}
@@ -73,7 +76,10 @@ func TestGroupValidation(t *testing.T) {
 	t.Logf("Error: %v", err)
 
 	// Generate a valid group but replace the group server...
-	group, _ = NewGroup("2c3kmoobnyghj2zw6pwv7d57yzld753auo3ugauezzpvfak3ahc4bdyd")
+	group, err = NewGroup("2c3kmoobnyghj2zw6pwv7d57yzld753auo3ugauezzpvfak3ahc4bdyd")
+	if err != nil {
+		t.Fatalf("Group with real group server should not fail")
+	}
 	group.GroupServer = "tcnkoch4nyr3cldkemejtkpqok342rbql6iclnjjs3ndgnjgufzyxvqd"
 	invite, _ = group.Invite()
 	_, err = ValidateInvite(invite)
@@ -84,7 +90,10 @@ func TestGroupValidation(t *testing.T) {
 	t.Logf("Error: %v", err)
 
 	// Generate a valid group but replace the group key...
-	group, _ = NewGroup("2c3kmoobnyghj2zw6pwv7d57yzld753auo3ugauezzpvfak3ahc4bdyd")
+	group, err = NewGroup("2c3kmoobnyghj2zw6pwv7d57yzld753auo3ugauezzpvfak3ahc4bdyd")
+	if err != nil {
+		t.Fatalf("Group with real group server should not fail")
+	}
 	group.GroupKey = sha256.Sum256([]byte{})
 	invite, _ = group.Invite()
 	_, err = ValidateInvite(invite)

model/message_utils.go

@@ -3,6 +3,7 @@ package model
 import (
 	"crypto/sha256"
 	"encoding/base64"
+	"encoding/json"
 )
 
 // CalculateContentHash derives a hash using the author and the message body. It is intended to be
@@ -12,3 +13,13 @@ func CalculateContentHash(author string, messageBody string) string {
 	contentBasedHash := sha256.Sum256(content)
 	return base64.StdEncoding.EncodeToString(contentBasedHash[:])
 }
+
+func DeserializeMessage(message string) (*MessageWrapper, error) {
+	var cm MessageWrapper
+	err := json.Unmarshal([]byte(message), &cm)
+
+	if err != nil {
+		return nil, err
+	}
+	return &cm, err
+}

model/overlay.go

@@ -1,9 +1,40 @@
 package model
 
+import (
+	"time"
+)
+
 // MessageWrapper is the canonical Cwtch overlay wrapper
 type MessageWrapper struct {
 	Overlay int    `json:"o"`
 	Data    string `json:"d"`
+
+	// when the data was assembled
+	SendTime *time.Time `json:"s,omitempty"`
+
+	// when the data was transmitted (by protocol engine e.g. over Tor)
+	TransitTime *time.Time `json:"t,omitempty"`
+
+	// when the data was received
+	RecvTime *time.Time `json:"r,omitempty"`
+}
+
+// Channel is defined as being the last 3 bits of the overlay id
+// Channel 0 is reserved for the main conversation
+// Channel 2 is reserved for conversation admin (managed groups)
+// Channel 7 is reserved for streams (no ack, no store)
+func (mw MessageWrapper) Channel() int {
+	if mw.Overlay > 1024 {
+		return mw.Overlay & 0x07
+	}
+	// for backward compatibilty all overlays less than 0x400 i.e. 1024 are
+	// mapped to channel 0 regardless of their channel status.
+	return 0
+}
+
+// If Overlay is a Stream Message it should not be ackd, or stored.
+func (mw MessageWrapper) IsStream() bool {
+	return mw.Channel() == 0x07
 }
 
 // OverlayChat is the canonical identifier for chat overlays

model/profile.go

@@ -80,11 +80,19 @@ func (p *Profile) GetCopy(timeline bool) *Profile {
 
 	if timeline {
 		for groupID := range newp.Groups {
-			newp.Groups[groupID].Timeline = *p.Groups[groupID].Timeline.GetCopy()
+			if group, exists := newp.Groups[groupID]; exists {
+				if pGroup, exists := p.Groups[groupID]; exists {
+					group.Timeline = *(pGroup).Timeline.GetCopy()
+				}
+			}
 		}
 
 		for peerID := range newp.Contacts {
-			newp.Contacts[peerID].Timeline = *p.Contacts[peerID].Timeline.GetCopy()
+			if peer, exists := newp.Contacts[peerID]; exists {
+				if pPeer, exists := p.Contacts[peerID]; exists {
+					peer.Timeline = *(pPeer).Timeline.GetCopy()
+				}
+			}
 		}
 	}
 

peer/cwtch_peer.go

@@ -3,11 +3,20 @@ package peer
 import (
 	"context"
 	"crypto/rand"
+	"cwtch.im/cwtch/model"
+	"cwtch.im/cwtch/model/constants"
+	"cwtch.im/cwtch/protocol/groups"
+	"cwtch.im/cwtch/settings"
 	"encoding/base64"
 	"encoding/hex"
 	"encoding/json"
 	"errors"
 	"fmt"
+	"git.openprivacy.ca/cwtch.im/tapir/primitives"
+	"git.openprivacy.ca/cwtch.im/tapir/primitives/privacypass"
+	"git.openprivacy.ca/openprivacy/connectivity"
+	"git.openprivacy.ca/openprivacy/connectivity/tor"
+	"golang.org/x/crypto/ed25519"
 	"os"
 	path "path/filepath"
 	"sort"
@@ -16,17 +25,7 @@ import (
 	"sync"
 	"time"
 
-	"cwtch.im/cwtch/model/constants"
-	"cwtch.im/cwtch/protocol/groups"
-	"cwtch.im/cwtch/settings"
-	"git.openprivacy.ca/cwtch.im/tapir/primitives"
-	"git.openprivacy.ca/cwtch.im/tapir/primitives/privacypass"
-	"git.openprivacy.ca/openprivacy/connectivity"
-	"git.openprivacy.ca/openprivacy/connectivity/tor"
-	"golang.org/x/crypto/ed25519"
-
 	"cwtch.im/cwtch/event"
-	"cwtch.im/cwtch/model"
 	"cwtch.im/cwtch/model/attr"
 	"cwtch.im/cwtch/protocol/connections"
 	"git.openprivacy.ca/openprivacy/log"
@@ -94,7 +93,7 @@ func (cp *cwtchPeer) EnhancedImportBundle(importString string) string {
 	return cp.ImportBundle(importString).Error()
 }
 
-func (cp *cwtchPeer) EnhancedGetMessages(conversation int, index int, count int) string {
+func (cp *cwtchPeer) EnhancedGetMessages(conversation int, index int, count uint) string {
 	var emessages = make([]EnhancedMessage, count)
 
 	messages, err := cp.GetMostRecentMessages(conversation, 0, index, count)
@@ -145,7 +144,7 @@ func (cp *cwtchPeer) EnhancedGetMessageByContentHash(conversation int, contentHa
 	offset, err := cp.GetChannelMessageByContentHash(conversation, 0, contentHash)
 	if err == nil {
 		messages, err := cp.GetMostRecentMessages(conversation, 0, offset, 1)
-		if err == nil {
+		if len(messages) > 0 && err == nil {
 			sentTime, _ := time.Parse(time.RFC3339Nano, messages[0].Attr[constants.AttrSentTimestamp])
 			message.Message = model.Message{
 				Message:      messages[0].Body,
@@ -310,7 +309,33 @@ func (cp *cwtchPeer) GenerateProtocolEngine(acn connectivity.ACN, bus event.Mana
 
 	authorizations := make(map[string]model.Authorization)
 	for _, conversation := range conversations {
-		if tor.IsValidHostname(conversation.Handle) {
+
+		// Only perform the following actions for Peer-type Conversaions...
+		if conversation.IsCwtchPeer() {
+			// if this profile does not have an ACL version, and the profile is accepted (OR the acl version is v1 and the profile is accepted...)
+			// then migrate the permissions to the v2 ACL
+			// migrate the old accepted AC to a new fine-grained one
+			// we only do this for previously trusted connections
+			// NOTE: this does not supercede global cwthch experiments settings
+			// if share files is turned off globally then acl.ShareFiles will be ignored
+			// Note: There was a bug in the original EP code that meant that some acl-v1 profiles did not get ShareFiles or RenderImages - this corrects that.
+			if version, exists := conversation.GetAttribute(attr.LocalScope, attr.ProfileZone, constants.ACLVersion); !exists || version == constants.ACLVersionOne {
+				if conversation.Accepted {
+					if ac, exists := conversation.ACL[conversation.Handle]; exists {
+						ac.ShareFiles = true
+						ac.RenderImages = true
+						ac.AutoConnect = true
+						ac.ExchangeAttributes = true
+						conversation.ACL[conversation.Handle] = ac
+					}
+
+					// Update the ACL Version
+					cp.storage.SetConversationAttribute(conversation.ID, attr.LocalScope.ConstructScopedZonedPath(attr.ProfileZone.ConstructZonedPath(constants.ACLVersion)), constants.ACLVersionTwo)
+					// Store the updated ACL
+					cp.storage.SetConversationACL(conversation.ID, conversation.ACL)
+				}
+			}
+
 			if conversation.ACL[conversation.Handle].Blocked {
 				authorizations[conversation.Handle] = model.AuthBlocked
 			} else {
@@ -410,12 +435,19 @@ func (cp *cwtchPeer) SendMessage(conversation int, message string) (int, error)
 		if tor.IsValidHostname(conversationInfo.Handle) {
 			ev := event.NewEvent(event.SendMessageToPeer, map[event.Field]string{event.ConversationID: strconv.Itoa(conversationInfo.ID), event.RemotePeer: conversationInfo.Handle, event.Data: message})
 			onion, _ := cp.storage.LoadProfileKeyValue(TypeAttribute, attr.PublicScope.ConstructScopedZonedPath(attr.ProfileZone.ConstructZonedPath(constants.Onion)).ToString())
+			id := -1
 
-			// For p2p messages we store the event id of the message as the "signature" we can then look this up in the database later for acks
-			id, err := cp.storage.InsertMessage(conversationInfo.ID, 0, message, model.Attributes{constants.AttrAuthor: string(onion), constants.AttrAck: event.False, constants.AttrSentTimestamp: time.Now().Format(time.RFC3339Nano)}, ev.EventID, model.CalculateContentHash(string(onion), message))
-			if err != nil {
-				return -1, err
+			// check if we should store this message locally...
+			if cm, err := model.DeserializeMessage(message); err == nil {
+				if !cm.IsStream() {
+					// For p2p messages we store the event id of the message as the "signature" we can then look this up in the database later for acks
+					id, err = cp.storage.InsertMessage(conversationInfo.ID, 0, message, model.Attributes{constants.AttrAuthor: string(onion), constants.AttrAck: event.False, constants.AttrSentTimestamp: time.Now().Format(time.RFC3339Nano)}, ev.EventID, model.CalculateContentHash(string(onion), message))
+					if err != nil {
+						return -1, err
+					}
+				}
 			}
+
 			cp.eventBus.Publish(ev)
 			return id, nil
 		} else {
@@ -670,7 +702,7 @@ func (cp *cwtchPeer) ImportGroup(exportedInvite string) (int, error) {
 		cp.SetConversationAttribute(groupConversationID, attr.LocalScope.ConstructScopedZonedPath(attr.LegacyGroupZone.ConstructZonedPath(constants.GroupKey)), base64.StdEncoding.EncodeToString(gci.SharedKey))
 		cp.SetConversationAttribute(groupConversationID, attr.LocalScope.ConstructScopedZonedPath(attr.ProfileZone.ConstructZonedPath(constants.Name)), gci.GroupName)
 		cp.eventBus.Publish(event.NewEvent(event.NewGroup, map[event.Field]string{event.ConversationID: strconv.Itoa(groupConversationID), event.GroupServer: gci.ServerHost, event.GroupInvite: exportedInvite, event.GroupName: gci.GroupName}))
-		cp.JoinServer(gci.ServerHost)
+		cp.QueueJoinServer(gci.ServerHost)
 	}
 	return groupConversationID, err
 }
@@ -682,13 +714,60 @@ func (cp *cwtchPeer) NewContactConversation(handle string, acl model.AccessContr
 	conversationInfo, _ := cp.storage.GetConversationByHandle(handle)
 	if conversationInfo == nil {
 		conversationID, err := cp.storage.NewConversation(handle, model.Attributes{event.SaveHistoryKey: event.DeleteHistoryDefault}, model.AccessControlList{handle: acl}, accepted)
+		if err != nil {
+			log.Errorf("unable to create a new contact conversation: %v", err)
+			return -1, err
+		}
 		cp.SetConversationAttribute(conversationID, attr.LocalScope.ConstructScopedZonedPath(attr.ProfileZone.ConstructZonedPath(constants.AttrLastConnectionTime)), time.Now().Format(time.RFC3339Nano))
+		if accepted {
+			// If this call came from a trusted action (i.e. import bundle or accept button then accept the conversation)
+			// This assigns all permissions (and in v2 is currently the default state of trusted contacts)
+			// Accept conversation does PeerWithOnion
+			cp.AcceptConversation(conversationID)
+		}
+		cp.SetConversationAttribute(conversationID, attr.LocalScope.ConstructScopedZonedPath(attr.ProfileZone.ConstructZonedPath(constants.ACLVersion)), constants.ACLVersionTwo)
 		cp.eventBus.Publish(event.NewEvent(event.ContactCreated, map[event.Field]string{event.ConversationID: strconv.Itoa(conversationID), event.RemotePeer: handle}))
 		return conversationID, err
 	}
 	return -1, fmt.Errorf("contact conversation already exists")
 }
 
+// UpdateConversationAccessControlList is a genric ACL update method
+func (cp *cwtchPeer) UpdateConversationAccessControlList(id int, acl model.AccessControlList) error {
+	return cp.storage.SetConversationACL(id, acl)
+}
+
+// EnhancedUpdateConversationAccessControlList wraps UpdateConversationAccessControlList and allows updating via a serialized JSON struct
+func (cp *cwtchPeer) EnhancedUpdateConversationAccessControlList(id int, json string) error {
+	_, err := cp.GetConversationInfo(id)
+	if err == nil {
+		acl, err := model.DeserializeAccessControlList([]byte(json))
+		if err == nil {
+			return cp.UpdateConversationAccessControlList(id, acl)
+		}
+		return err
+	}
+	return err
+}
+
+// GetConversationAccessControlList returns the access control list associated with the conversation
+func (cp *cwtchPeer) GetConversationAccessControlList(id int) (model.AccessControlList, error) {
+	ci, err := cp.GetConversationInfo(id)
+	if err == nil {
+		return ci.ACL, nil
+	}
+	return nil, err
+}
+
+// EnhancedGetConversationAccessControlList serialzies the access control list associated with the conversation
+func (cp *cwtchPeer) EnhancedGetConversationAccessControlList(id int) (string, error) {
+	ci, err := cp.GetConversationInfo(id)
+	if err == nil {
+		return string(ci.ACL.Serialize()), nil
+	}
+	return "", err
+}
+
 // AcceptConversation looks up a conversation by `handle` and sets the Accepted status to `true`
 // This will cause Cwtch to auto connect to this conversation on start up
 func (cp *cwtchPeer) AcceptConversation(id int) error {
@@ -701,6 +780,21 @@ func (cp *cwtchPeer) AcceptConversation(id int) error {
 			log.Errorf("Could not get conversation for %v: %v", id, err)
 			return err
 		}
+
+		if ac, exists := ci.ACL[ci.Handle]; exists {
+			ac.ShareFiles = true
+			ac.AutoConnect = true
+			ac.RenderImages = true
+			ac.ExchangeAttributes = true
+			ci.ACL[ci.Handle] = ac
+		}
+		err = cp.storage.SetConversationACL(id, ci.ACL)
+
+		if err != nil {
+			log.Errorf("Could not set conversation acl for %v: %v", id, err)
+			return err
+		}
+
 		if !ci.IsGroup() && !ci.IsServer() {
 			cp.sendUpdateAuth(id, ci.Handle, ci.Accepted, ci.ACL[ci.Handle].Blocked)
 			cp.PeerWithOnion(ci.Handle)
@@ -748,7 +842,7 @@ func (cp *cwtchPeer) UnblockConversation(id int) error {
 	// TODO at some point in the future engine needs to understand ACLs not just legacy auth status
 	cp.sendUpdateAuth(id, ci.Handle, ci.Accepted, ci.ACL[ci.Handle].Blocked)
 
-	if !ci.IsGroup() && !ci.IsServer() && ci.Accepted {
+	if !ci.IsGroup() && !ci.IsServer() && ci.GetPeerAC().AutoConnect {
 		cp.PeerWithOnion(ci.Handle)
 	}
 
@@ -888,7 +982,7 @@ func (cp *cwtchPeer) GetChannelMessageCount(conversation int, channel int) (int,
 }
 
 // GetMostRecentMessages returns a selection of messages, ordered by most recently inserted
-func (cp *cwtchPeer) GetMostRecentMessages(conversation int, channel int, offset int, limit int) ([]model.ConversationMessage, error) {
+func (cp *cwtchPeer) GetMostRecentMessages(conversation int, channel int, offset int, limit uint) ([]model.ConversationMessage, error) {
 	return cp.storage.GetMostRecentMessages(conversation, channel, offset, limit)
 }
 
@@ -993,7 +1087,7 @@ func (cp *cwtchPeer) AddServer(serverSpecification string) (string, error) {
 				cp.SetConversationAttribute(conversationInfo.ID, attr.PublicScope.ConstructScopedZonedPath(attr.ServerKeyZone.ConstructZonedPath(k)), v)
 			}
 			cp.SetConversationAttribute(conversationInfo.ID, attr.PublicScope.ConstructScopedZonedPath(attr.ServerKeyZone.ConstructZonedPath(string(model.BundleType))), serverSpecification)
-			cp.JoinServer(onion)
+			cp.QueueJoinServer(onion)
 			return onion, err
 		}
 		return "", err
@@ -1042,16 +1136,23 @@ func (cp *cwtchPeer) PeerWithOnion(onion string) {
 	cp.eventBus.Publish(event.NewEvent(event.QueuePeerRequest, map[event.Field]string{event.RemotePeer: onion, event.LastSeen: lastSeen.Format(time.RFC3339Nano)}))
 }
 
+func (cp *cwtchPeer) DisconnectFromPeer(onion string) {
+	cp.eventBus.Publish(event.NewEvent(event.DisconnectPeerRequest, map[event.Field]string{event.RemotePeer: onion}))
+}
+
+func (cp *cwtchPeer) DisconnectFromServer(onion string) {
+	cp.eventBus.Publish(event.NewEvent(event.DisconnectServerRequest, map[event.Field]string{event.GroupServer: onion}))
+}
+
 // QueuePeeringWithOnion sends the request to peer with an onion directly to the contact retry queue; this is a mechanism to not flood tor with circuit requests
 // Status: Ready for 1.10
 func (cp *cwtchPeer) QueuePeeringWithOnion(handle string) {
-	lastSeen := event.CwtchEpoch
 	ci, err := cp.FetchConversationInfo(handle)
 	if err == nil {
-		lastSeen = cp.GetConversationLastSeenTime(ci.ID)
-	}
-	if !ci.ACL[ci.Handle].Blocked && ci.Accepted {
-		cp.eventBus.Publish(event.NewEvent(event.QueuePeerRequest, map[event.Field]string{event.RemotePeer: handle, event.LastSeen: lastSeen.Format(time.RFC3339Nano)}))
+		lastSeen := cp.GetConversationLastSeenTime(ci.ID)
+		if !ci.ACL[ci.Handle].Blocked {
+			cp.eventBus.Publish(event.NewEvent(event.QueuePeerRequest, map[event.Field]string{event.RemotePeer: handle, event.LastSeen: lastSeen.Format(time.RFC3339Nano)}))
+		}
 	}
 }
 
@@ -1167,9 +1268,9 @@ func (cp *cwtchPeer) ImportBundle(importString string) error {
 		return ConstructResponse(constants.ImportBundlePrefix, "success")
 	} else if tor.IsValidHostname(importString) {
 		_, err := cp.NewContactConversation(importString, model.DefaultP2PAccessControl(), true)
+		// NOTE: Not NewContactConversation implictly does AcceptConversation AND PeerWithOnion if relevant so
+		// we no longer need to do it here...
 		if err == nil {
-			// Assuming all is good, we should peer with this contact.
-			cp.PeerWithOnion(importString)
 			return ConstructResponse(constants.ImportBundlePrefix, "success")
 		}
 		return ConstructResponse(constants.ImportBundlePrefix, err.Error())
@@ -1179,28 +1280,38 @@ func (cp *cwtchPeer) ImportBundle(importString string) error {
 
 // JoinServer manages a new server connection with the given onion address
 func (cp *cwtchPeer) JoinServer(onion string) error {
-	ci, err := cp.FetchConversationInfo(onion)
-	if ci == nil || err != nil {
+
+	// only connect to servers if the group experiment is enabled.
+	// note: there are additional checks throughout the app that minimize server interaction
+	// regardless, and we can only reach this point if groups experiment was at one point enabled
+	// TODO: this really belongs in an extension, but for legacy reasons groups are more tightly
+	// integrated into Cwtch. At some point, probably during hybrid groups implementation this
+	// API should be deprecated in favor of one with much stronger protections.
+	if cp.IsFeatureEnabled(constants.GroupsExperiment) {
+		ci, err := cp.FetchConversationInfo(onion)
+		if ci == nil || err != nil {
+			return errors.New("no keys found for server connection")
+		}
+
+		//if cp.GetContact(onion) != nil {
+		tokenY, yExists := ci.Attributes[attr.PublicScope.ConstructScopedZonedPath(attr.ServerKeyZone.ConstructZonedPath(string(model.KeyTypePrivacyPass))).ToString()]
+		tokenOnion, onionExists := ci.Attributes[attr.PublicScope.ConstructScopedZonedPath(attr.ServerKeyZone.ConstructZonedPath(string(model.KeyTypeTokenOnion))).ToString()]
+		if yExists && onionExists {
+			signature, exists := ci.Attributes[attr.LocalScope.ConstructScopedZonedPath(attr.ProfileZone.ConstructZonedPath(lastReceivedSignature)).ToString()]
+			if !exists {
+				signature = base64.StdEncoding.EncodeToString([]byte{})
+			}
+			cachedTokensJson, hasCachedTokens := ci.GetAttribute(attr.LocalScope, attr.ServerZone, "tokens")
+			if hasCachedTokens {
+				log.Debugf("using cached tokens for %v", ci.Handle)
+			}
+
+			cp.eventBus.Publish(event.NewEvent(event.JoinServer, map[event.Field]string{event.GroupServer: onion, event.ServerTokenY: tokenY, event.ServerTokenOnion: tokenOnion, event.Signature: signature, event.CachedTokens: cachedTokensJson}))
+			return nil
+		}
 		return errors.New("no keys found for server connection")
 	}
-
-	//if cp.GetContact(onion) != nil {
-	tokenY, yExists := ci.Attributes[attr.PublicScope.ConstructScopedZonedPath(attr.ServerKeyZone.ConstructZonedPath(string(model.KeyTypePrivacyPass))).ToString()]
-	tokenOnion, onionExists := ci.Attributes[attr.PublicScope.ConstructScopedZonedPath(attr.ServerKeyZone.ConstructZonedPath(string(model.KeyTypeTokenOnion))).ToString()]
-	if yExists && onionExists {
-		signature, exists := ci.Attributes[attr.LocalScope.ConstructScopedZonedPath(attr.ProfileZone.ConstructZonedPath(lastReceivedSignature)).ToString()]
-		if !exists {
-			signature = base64.StdEncoding.EncodeToString([]byte{})
-		}
-		cachedTokensJson, hasCachedTokens := ci.GetAttribute(attr.LocalScope, attr.ServerZone, "tokens")
-		if hasCachedTokens {
-			log.Debugf("using cached tokens for %v", ci.Handle)
-		}
-
-		cp.eventBus.Publish(event.NewEvent(event.JoinServer, map[event.Field]string{event.GroupServer: onion, event.ServerTokenY: tokenY, event.ServerTokenOnion: tokenOnion, event.Signature: signature, event.CachedTokens: cachedTokensJson}))
-		return nil
-	}
-	return errors.New("no keys found for server connection")
+	return errors.New("group experiment is not enabled")
 }
 
 // MakeAntispamPayment allows a peer to retrigger antispam, important if the initial connection somehow fails...
@@ -1299,7 +1410,7 @@ func (cp *cwtchPeer) getConnectionsSortedByLastSeen(doPeers, doServers bool) []*
 					continue
 				}
 			} else {
-				if !doPeers || !conversation.Accepted {
+				if !doPeers {
 					continue
 				}
 			}
@@ -1316,12 +1427,15 @@ func (cp *cwtchPeer) StartConnections(doPeers, doServers bool) {
 	byRecent := cp.getConnectionsSortedByLastSeen(doPeers, doServers)
 	log.Infof("StartConnections for %v", cp.GetOnion())
 	for _, conversation := range byRecent {
-		if conversation.model.IsServer() {
+		// only bother tracking servers if the experiment is enabled...
+		if conversation.model.IsServer() && cp.IsFeatureEnabled(constants.GroupsExperiment) {
 			log.Debugf("  QueueJoinServer(%v)", conversation.model.Handle)
 			cp.QueueJoinServer(conversation.model.Handle)
 		} else {
 			log.Debugf("  QueuePeerWithOnion(%v)", conversation.model.Handle)
-			cp.QueuePeeringWithOnion(conversation.model.Handle)
+			if conversation.model.GetPeerAC().AutoConnect {
+				cp.QueuePeeringWithOnion(conversation.model.Handle)
+			}
 		}
 		time.Sleep(50 * time.Millisecond)
 	}
@@ -1385,6 +1499,13 @@ func (cp *cwtchPeer) storeMessage(handle string, message string, sent time.Time)
 		}
 	}
 
+	// Don't store messages in channel 7
+	if cm, err := model.DeserializeMessage(message); err == nil {
+		if cm.IsStream() {
+			return -1, nil
+		}
+	}
+
 	// Generate a random number and use it as the signature
 	signature := event.GetRandNumber().String()
 	return cp.storage.InsertMessage(ci.ID, 0, message, model.Attributes{constants.AttrAuthor: handle, constants.AttrAck: event.True, constants.AttrSentTimestamp: sent.Format(time.RFC3339Nano)}, signature, model.CalculateContentHash(handle, message))
@@ -1489,8 +1610,7 @@ func (cp *cwtchPeer) eventHandler() {
 			conversationInfo, err := cp.FetchConversationInfo(onion)
 
 			log.Debugf("confo info lookup newgetval %v %v %v", onion, conversationInfo, err)
-			// only accepted contacts can look up information
-			if conversationInfo != nil && conversationInfo.Accepted {
+			if conversationInfo != nil && conversationInfo.GetPeerAC().ExchangeAttributes {
 				// Type Safe Scoped/Zoned Path
 				zscope := attr.IntoScope(scope)
 				zone, zpath := attr.ParseZone(zpath)
@@ -1522,7 +1642,7 @@ func (cp *cwtchPeer) eventHandler() {
 
 			conversationInfo, _ := cp.FetchConversationInfo(handle)
 			// only accepted contacts can look up information
-			if conversationInfo != nil && conversationInfo.Accepted {
+			if conversationInfo != nil && conversationInfo.GetPeerAC().ExchangeAttributes {
 				// Type Safe Scoped/Zoned Path
 				zscope := attr.IntoScope(scope)
 				zone, zpath := attr.ParseZone(zpath)
@@ -1562,6 +1682,7 @@ func (cp *cwtchPeer) eventHandler() {
 
 				timestamp := time.Now().Format(time.RFC3339Nano)
 				cp.SetConversationAttribute(cid, attr.LocalScope.ConstructScopedZonedPath(attr.ProfileZone.ConstructZonedPath(constants.AttrLastConnectionTime)), timestamp)
+
 			} else if connections.ConnectionStateToType()[ev.Data[event.ConnectionState]] == connections.DISCONNECTED {
 				ci, err := cp.FetchConversationInfo(handle)
 				if err == nil {

peer/cwtchprofilestorage.go

@@ -376,7 +376,12 @@ func (cps *CwtchProfileStorage) GetConversationByHandle(handle string) (*model.C
 	}
 	rows.Close()
 
-	return &model.Conversation{ID: id, Handle: handle, ACL: model.DeserializeAccessControlList(acl), Attributes: model.DeserializeAttributes(attributes), Accepted: accepted}, nil
+	cacl, err := model.DeserializeAccessControlList(acl)
+	if err != nil {
+		log.Errorf("error deserializing ACL from database, database maybe corrupted: %v", err)
+		return nil, err
+	}
+	return &model.Conversation{ID: id, Handle: handle, ACL: cacl, Attributes: model.DeserializeAttributes(attributes), Accepted: accepted}, nil
 }
 
 // FetchConversations returns *all* active conversations. This method should only be called
@@ -412,7 +417,13 @@ func (cps *CwtchProfileStorage) FetchConversations() ([]*model.Conversation, err
 			rows.Close()
 			return nil, err
 		}
-		conversations = append(conversations, &model.Conversation{ID: id, Handle: handle, ACL: model.DeserializeAccessControlList(acl), Attributes: model.DeserializeAttributes(attributes), Accepted: accepted})
+
+		cacl, err := model.DeserializeAccessControlList(acl)
+		if err != nil {
+			log.Errorf("error deserializing ACL from database, database maybe corrupted: %v", err)
+			return nil, err
+		}
+		conversations = append(conversations, &model.Conversation{ID: id, Handle: handle, ACL: cacl, Attributes: model.DeserializeAttributes(attributes), Accepted: accepted})
 
 	}
 }
@@ -445,7 +456,12 @@ func (cps *CwtchProfileStorage) GetConversation(id int) (*model.Conversation, er
 	}
 	rows.Close()
 
-	return &model.Conversation{ID: id, Handle: handle, ACL: model.DeserializeAccessControlList(acl), Attributes: model.DeserializeAttributes(attributes), Accepted: accepted}, nil
+	cacl, err := model.DeserializeAccessControlList(acl)
+	if err != nil {
+		log.Errorf("error deserializing ACL from database, database maybe corrupted: %v", err)
+		return nil, err
+	}
+	return &model.Conversation{ID: id, Handle: handle, ACL: cacl, Attributes: model.DeserializeAttributes(attributes), Accepted: accepted}, nil
 }
 
 // AcceptConversation sets the accepted status of a conversation to true in the backing datastore
@@ -781,7 +797,7 @@ func (cps *CwtchProfileStorage) SearchMessages(conversation int, channel int, pa
 }
 
 // GetMostRecentMessages returns the most recent messages in a channel up to a given limit at a given offset
-func (cps *CwtchProfileStorage) GetMostRecentMessages(conversation int, channel int, offset int, limit int) ([]model.ConversationMessage, error) {
+func (cps *CwtchProfileStorage) GetMostRecentMessages(conversation int, channel int, offset int, limit uint) ([]model.ConversationMessage, error) {
 	channelID := ChannelID{Conversation: conversation, Channel: channel}
 
 	cps.mutex.Lock()

peer/profile_interface.go

@@ -20,7 +20,9 @@ type ModifyPeeringState interface {
 	BlockUnknownConnections()
 	AllowUnknownConnections()
 	PeerWithOnion(string)
-	JoinServer(string) error
+	QueueJoinServer(string)
+	DisconnectFromPeer(string)
+	DisconnectFromServer(string)
 }
 
 // ModifyContactsAndPeers is a meta-interface intended to restrict a call to reading and modifying contacts
@@ -118,9 +120,19 @@ type CwtchPeer interface {
 	ArchiveConversation(conversation int)
 	GetConversationInfo(conversation int) (*model.Conversation, error)
 	FetchConversationInfo(handle string) (*model.Conversation, error)
+
+	// API-level management of conversation access control
+	UpdateConversationAccessControlList(id int, acl model.AccessControlList) error
+	EnhancedUpdateConversationAccessControlList(conversation int, acjson string) error
+
+	GetConversationAccessControlList(conversation int) (model.AccessControlList, error)
+	EnhancedGetConversationAccessControlList(conversation int) (string, error)
+
+	// Convieniance Functions for ACL Management
 	AcceptConversation(conversation int) error
 	BlockConversation(conversation int) error
 	UnblockConversation(conversation int) error
+
 	SetConversationAttribute(conversation int, path attr.ScopedZonedPath, value string) error
 	GetConversationAttribute(conversation int, path attr.ScopedZonedPath) (string, error)
 	DeleteConversation(conversation int) error
@@ -129,7 +141,7 @@ type CwtchPeer interface {
 	GetChannelMessage(conversation int, channel int, id int) (string, model.Attributes, error)
 	GetChannelMessageCount(conversation int, channel int) (int, error)
 	GetChannelMessageByContentHash(conversation int, channel int, contenthash string) (int, error)
-	GetMostRecentMessages(conversation int, channel int, offset int, limit int) ([]model.ConversationMessage, error)
+	GetMostRecentMessages(conversation int, channel int, offset int, limit uint) ([]model.ConversationMessage, error)
 	UpdateMessageAttribute(conversation int, channel int, id int, key string, value string) error
 	SearchConversations(pattern string) string
 
@@ -140,7 +152,7 @@ type CwtchPeer interface {
 	EnhancedGetMessageByContentHash(conversation int, hash string) string
 
 	// EnhancedGetMessages returns a set of json-encoded enhanced messages, suitable for rendering in a UI
-	EnhancedGetMessages(conversation int, index int, count int) string
+	EnhancedGetMessages(conversation int, index int, count uint) string
 
 	// Server Token APIS
 	// TODO move these to feature protected interfaces

protocol/connections/engine.go

@@ -122,6 +122,8 @@ func NewProtocolEngine(identity primitives.Identity, privateKey ed25519.PrivateK
 	engine.eventManager.Subscribe(event.UpdateConversationAuthorization, engine.queue)
 	engine.eventManager.Subscribe(event.BlockUnknownPeers, engine.queue)
 	engine.eventManager.Subscribe(event.AllowUnknownPeers, engine.queue)
+	engine.eventManager.Subscribe(event.DisconnectPeerRequest, engine.queue)
+	engine.eventManager.Subscribe(event.DisconnectServerRequest, engine.queue)
 
 	// File Handling
 	engine.eventManager.Subscribe(event.ShareManifest, engine.queue)
@@ -194,6 +196,10 @@ func (e *engine) eventHandler() {
 			// We remove this peer from out blocklist which will prevent them from contacting us if we have "block unknown peers" turned on.
 			e.authorizations.Delete(ev.Data[event.RemotePeer])
 			e.deleteConnection(onion)
+		case event.DisconnectPeerRequest:
+			e.deleteConnection(ev.Data[event.RemotePeer])
+		case event.DisconnectServerRequest:
+			e.leaveServer(ev.Data[event.GroupServer])
 		case event.SendMessageToGroup:
 			ciphertext, _ := base64.StdEncoding.DecodeString(ev.Data[event.Ciphertext])
 			signature, _ := base64.StdEncoding.DecodeString(ev.Data[event.Signature])
@@ -743,6 +749,16 @@ func (e *engine) handlePeerMessage(hostname string, eventID string, context stri
 		// Fall through handler for the default text conversation.
 		e.eventManager.Publish(event.NewEvent(event.NewMessageFromPeerEngine, map[event.Field]string{event.TimestampReceived: time.Now().Format(time.RFC3339Nano), event.RemotePeer: hostname, event.Data: string(message)}))
 
+		// Don't ack messages in channel 7
+		// Note: this code explictly doesn't care about malformed messages, we deal with them
+		// later on...we still want to ack the original send...(as some "malformed" messages
+		// may be future-ok)
+		if cm, err := model.DeserializeMessage(string(message)); err == nil {
+			if cm.IsStream() {
+				return
+			}
+		}
+
 		// Send an explicit acknowledgement
 		// Every other protocol should have an explicit acknowledgement message e.g. value lookups have responses, and file handling has an explicit flow
 		if err := e.sendPeerMessage(hostname, pmodel.PeerMessage{ID: eventID, Context: event.ContextAck, Data: []byte{}}); err != nil {

protocol/connections/peerapp.go

@@ -2,12 +2,14 @@ package connections
 
 import (
 	"cwtch.im/cwtch/event"
+	"cwtch.im/cwtch/model"
 	model2 "cwtch.im/cwtch/protocol/model"
 	"encoding/json"
 	"git.openprivacy.ca/cwtch.im/tapir"
 	"git.openprivacy.ca/cwtch.im/tapir/applications"
 	"git.openprivacy.ca/openprivacy/log"
 	"sync/atomic"
+	"time"
 )
 
 const cwtchCapability = tapir.Capability("cwtchCapability")
@@ -133,6 +135,14 @@ func (pa *PeerApp) listen() {
 						pa.version.Store(Version2)
 					}
 				} else {
+					if cm, err := model.DeserializeMessage(string(packet.Data)); err == nil {
+						if cm.TransitTime != nil {
+							rt := time.Now().UTC()
+							cm.RecvTime = &rt
+							data, _ := json.Marshal(cm)
+							packet.Data = data
+						}
+					}
 					pa.MessageHandler(pa.connection.Hostname(), packet.ID, packet.Context, packet.Data)
 				}
 			}
@@ -148,6 +158,15 @@ func (pa *PeerApp) SendMessage(message model2.PeerMessage) error {
 	var serialized []byte
 	var err error
 
+	if cm, err := model.DeserializeMessage(string(message.Data)); err == nil {
+		if cm.SendTime != nil {
+			tt := time.Now().UTC()
+			cm.TransitTime = &tt
+			data, _ := json.Marshal(cm)
+			message.Data = data
+		}
+	}
+
 	if pa.version.Load() == Version2 {
 		// treat data as a pre-serialized string, not as a byte array (which will be base64 encoded and bloat the packet size)
 		serialized = message.Serialize()

protocol/files/chunkspec.go

@@ -13,7 +13,7 @@ type ChunkSpec []uint64
 // CreateChunkSpec given a full list of chunks with their downloaded status (true for downloaded, false otherwise)
 // derives a list of identifiers of chunks that have not been downloaded yet
 func CreateChunkSpec(progress []bool) ChunkSpec {
-	var chunks ChunkSpec
+	chunks := ChunkSpec{}
 	for i, p := range progress {
 		if !p {
 			chunks = append(chunks, uint64(i))

protocol/files/manifest_test.go

@@ -93,7 +93,12 @@ func TestManifestLarge(t *testing.T) {
 	}
 
 	// Prepare Download
-	cwtchPngOutManifest, _ := LoadManifest("testdata/cwtch.png.manifest")
+	cwtchPngOutManifest, err := LoadManifest("testdata/cwtch.png.manifest")
+
+	if err != nil {
+		t.Fatalf("could not prepare download %v", err)
+	}
+
 	cwtchPngOutManifest.FileName = "testdata/cwtch.out.png"
 
 	defer cwtchPngOutManifest.Close()

settings/settings.go

@@ -35,6 +35,7 @@ type GlobalSettings struct {
 	Locale                  string
 	Theme                   string
 	ThemeMode               string
+	ThemeImages             bool
 	PreviousPid             int64
 	ExperimentsEnabled      bool
 	Experiments             map[string]bool
@@ -62,7 +63,9 @@ type GlobalSettings struct {
 
 var DefaultGlobalSettings = GlobalSettings{
 	Locale:                  "en",
-	Theme:                   "dark",
+	Theme:                   "cwtch",
+	ThemeMode:               "dark",
+	ThemeImages:             false,
 	PreviousPid:             -1,
 	ExperimentsEnabled:      false,
 	Experiments:             map[string]bool{constants.MessageFormattingExperiment: true},

storage/v1/profile_store.go

@@ -67,7 +67,9 @@ func (ps *ProfileStoreV1) load() error {
 
 			if contact.Attributes[event.SaveHistoryKey] == event.SaveHistoryConfirmed {
 				ss := NewStreamStore(ps.directory, contact.LocalID, ps.key)
-				cp.Contacts[contact.Onion].Timeline.SetMessages(ss.Read())
+				if contact, exists := cp.Contacts[contact.Onion]; exists {
+					contact.Timeline.SetMessages(ss.Read())
+				}
 			}
 		}
 
@@ -78,8 +80,10 @@ func (ps *ProfileStoreV1) load() error {
 				continue
 			}
 			ss := NewStreamStore(ps.directory, group.LocalID, ps.key)
-			cp.Groups[gid].Timeline.SetMessages(ss.Read())
-			cp.Groups[gid].Timeline.Sort()
+			if group, exists := cp.Groups[gid]; exists {
+				group.Timeline.SetMessages(ss.Read())
+				group.Timeline.Sort()
+			}
 		}
 	}
 

testing/autodownload/file_sharing_integration_test.go

@@ -64,7 +64,6 @@ func TestFileSharing(t *testing.T) {
 	os.MkdirAll(dataDir, 0700)
 
 	// we don't need real randomness for the port, just to avoid a possible conflict...
-	mrand.Seed(int64(time.Now().Nanosecond()))
 	socksPort := mrand.Intn(1000) + 9051
 	controlPort := mrand.Intn(1000) + 9052
 
@@ -99,7 +98,10 @@ func TestFileSharing(t *testing.T) {
 
 	app := app2.NewApp(acn, "./storage", app2.LoadAppSettings("./storage"))
 
-	usr, _ := user.Current()
+	usr, err := user.Current()
+	if err != nil {
+		t.Fatalf("current user is undefined")
+	}
 	cwtchDir := path.Join(usr.HomeDir, ".cwtch")
 	os.Mkdir(cwtchDir, 0700)
 	os.RemoveAll(path.Join(cwtchDir, "testing"))
@@ -114,8 +116,10 @@ func TestFileSharing(t *testing.T) {
 	t.Logf("** Waiting for Alice, Bob...")
 	alice := app2.WaitGetPeer(app, "alice")
 	app.ActivatePeerEngine(alice.GetOnion())
+	app.ConfigureConnections(alice.GetOnion(), true, true, true)
 	bob := app2.WaitGetPeer(app, "bob")
 	app.ActivatePeerEngine(bob.GetOnion())
+	app.ConfigureConnections(bob.GetOnion(), true, true, true)
 
 	alice.AutoHandleEvents([]event.Type{event.PeerStateChange, event.NewRetValMessageFromPeer})
 	bob.AutoHandleEvents([]event.Type{event.PeerStateChange, event.NewRetValMessageFromPeer})
@@ -141,10 +145,23 @@ func TestFileSharing(t *testing.T) {
 	alice.NewContactConversation(bob.GetOnion(), model.DefaultP2PAccessControl(), true)
 	alice.PeerWithOnion(bob.GetOnion())
 
+	json, err := alice.EnhancedGetConversationAccessControlList(1)
+	if err != nil {
+		t.Fatalf("Error!: %v", err)
+	}
+	t.Logf("alice<->bob ACL: %s", json)
+
 	t.Logf("Waiting for alice and Bob to peer...")
 	waitForPeerPeerConnection(t, alice, bob)
-	alice.AcceptConversation(1)
-	bob.AcceptConversation(1)
+	err = alice.AcceptConversation(1)
+	if err != nil {
+		t.Fatalf("Error!: %v", err)
+	}
+	err = bob.AcceptConversation(1)
+	if err != nil {
+		t.Fatalf("Error!: %v", err)
+	}
+
 	t.Logf("Alice and Bob are Connected!!")
 
 	filesharingFunctionality := filesharing.FunctionalityGate()
@@ -165,7 +182,7 @@ func TestFileSharing(t *testing.T) {
 
 	if _, err := os.Stat(path.Join(settings.DownloadPath, "cwtch.png")); errors.Is(err, os.ErrNotExist) {
 		// path/to/whatever does not exist
-		t.Fatalf("cwthc.png should have been automatically downloadeded...")
+		t.Fatalf("cwtch.png should have been automatically downloaded...")
 	}
 
 	app.Shutdown()

testing/cwtch_peer_server_integration_test.go

@@ -99,7 +99,6 @@ func TestCwtchPeerIntegration(t *testing.T) {
 	os.MkdirAll(dataDir, 0700)
 
 	// we don't need real randomness for the port, just to avoid a possible conflict...
-	mrand.Seed(int64(time.Now().Nanosecond()))
 	socksPort := mrand.Intn(1000) + 9051
 	controlPort := mrand.Intn(1000) + 9052
 
@@ -150,6 +149,11 @@ func TestCwtchPeerIntegration(t *testing.T) {
 	numGoRoutinesPostAppStart := runtime.NumGoroutine()
 
 	// ***** cwtchPeer setup *****
+	// Turn on Groups Experiment...
+	settings := app.ReadSettings()
+	settings.ExperimentsEnabled = true
+	settings.Experiments[constants.GroupsExperiment] = true
+	app.UpdateSettings(settings)
 
 	log.Infoln("Creating Alice...")
 	app.CreateProfile("Alice", "asdfasdf", true)
@@ -163,6 +167,7 @@ func TestCwtchPeerIntegration(t *testing.T) {
 	alice := app2.WaitGetPeer(app, "Alice")
 	aliceBus := app.GetEventBus(alice.GetOnion())
 	app.ActivatePeerEngine(alice.GetOnion())
+	app.ConfigureConnections(alice.GetOnion(), true, true, true)
 	log.Infoln("Alice created:", alice.GetOnion())
 	// alice.SetScopedZonedAttribute(attr.PublicScope, attr.ProfileZone, constants.Name, "Alice") <- This is now done automatically by ProfileValueExtension, keeping this here for clarity
 	alice.AutoHandleEvents([]event.Type{event.PeerStateChange, event.ServerStateChange, event.NewGroupInvite, event.NewRetValMessageFromPeer})
@@ -170,6 +175,7 @@ func TestCwtchPeerIntegration(t *testing.T) {
 	bob := app2.WaitGetPeer(app, "Bob")
 	bobBus := app.GetEventBus(bob.GetOnion())
 	app.ActivatePeerEngine(bob.GetOnion())
+	app.ConfigureConnections(bob.GetOnion(), true, true, true)
 	log.Infoln("Bob created:", bob.GetOnion())
 	// bob.SetScopedZonedAttribute(attr.PublicScope, attr.ProfileZone, constants.Name, "Bob")  <- This is now done automatically by ProfileValueExtension, keeping this here for clarity
 	bob.AutoHandleEvents([]event.Type{event.PeerStateChange, event.ServerStateChange, event.NewGroupInvite, event.NewRetValMessageFromPeer})
@@ -177,6 +183,7 @@ func TestCwtchPeerIntegration(t *testing.T) {
 	carol := app2.WaitGetPeer(app, "Carol")
 	carolBus := app.GetEventBus(carol.GetOnion())
 	app.ActivatePeerEngine(carol.GetOnion())
+	app.ConfigureConnections(carol.GetOnion(), true, true, true)
 	log.Infoln("Carol created:", carol.GetOnion())
 	// carol.SetScopedZonedAttribute(attr.PublicScope, attr.ProfileZone, constants.Name, "Carol")  <- This is now done automatically by ProfileValueExtension, keeping this here for clarity
 	carol.AutoHandleEvents([]event.Type{event.PeerStateChange, event.ServerStateChange, event.NewGroupInvite, event.NewRetValMessageFromPeer})

testing/encryptedstorage/encrypted_storage_integration_test.go

@@ -29,7 +29,6 @@ func TestEncryptedStorage(t *testing.T) {
 	os.MkdirAll(dataDir, 0700)
 
 	// we don't need real randomness for the port, just to avoid a possible conflict...
-	mrand.Seed(int64(time.Now().Nanosecond()))
 	socksPort := mrand.Intn(1000) + 9051
 	controlPort := mrand.Intn(1000) + 9052
 
@@ -99,6 +98,10 @@ func TestEncryptedStorage(t *testing.T) {
 		ci, err = bob.FetchConversationInfo(alice.GetOnion())
 	}
 
+	if ci == nil {
+		t.Fatalf("could not fetch bobs conversation")
+	}
+
 	body, _, err := bob.GetChannelMessage(ci.ID, 0, 1)
 	if body != "Hello Bob" || err != nil {
 		t.Fatalf("unexpected message in conversation channel %v %v", body, err)

testing/filesharing/file_sharing_integration_test.go

@@ -58,7 +58,7 @@ func TestFileSharing(t *testing.T) {
 	os.RemoveAll("cwtch.out.png")
 	os.RemoveAll("cwtch.out.png.manifest")
 
-	log.SetLevel(log.LevelInfo)
+	log.SetLevel(log.LevelDebug)
 	log.ExcludeFromPattern("tapir")
 
 	os.Mkdir("tordir", 0700)
@@ -66,7 +66,6 @@ func TestFileSharing(t *testing.T) {
 	os.MkdirAll(dataDir, 0700)
 
 	// we don't need real randomness for the port, just to avoid a possible conflict...
-	mrand.Seed(int64(time.Now().Nanosecond()))
 	socksPort := mrand.Intn(1000) + 9051
 	controlPort := mrand.Intn(1000) + 9052
 
@@ -101,7 +100,10 @@ func TestFileSharing(t *testing.T) {
 
 	app := app2.NewApp(acn, "./storage", app2.LoadAppSettings("./storage"))
 
-	usr, _ := user.Current()
+	usr, err := user.Current()
+	if err != nil {
+		t.Fatalf("current user is undefined")
+	}
 	cwtchDir := path.Join(usr.HomeDir, ".cwtch")
 	os.Mkdir(cwtchDir, 0700)
 	os.RemoveAll(path.Join(cwtchDir, "testing"))
@@ -116,16 +118,25 @@ func TestFileSharing(t *testing.T) {
 	t.Logf("** Waiting for Alice, Bob...")
 	alice := app2.WaitGetPeer(app, "alice")
 	app.ActivatePeerEngine(alice.GetOnion())
+	app.ConfigureConnections(alice.GetOnion(), true, true, true)
 	bob := app2.WaitGetPeer(app, "bob")
 	app.ActivatePeerEngine(bob.GetOnion())
-
+	app.ConfigureConnections(bob.GetOnion(), true, true, true)
 	alice.AutoHandleEvents([]event.Type{event.PeerStateChange, event.NewRetValMessageFromPeer})
 	bob.AutoHandleEvents([]event.Type{event.PeerStateChange, event.NewRetValMessageFromPeer})
 
 	aliceQueueOracle := event.NewQueue()
-	app.GetEventBus(alice.GetOnion()).Subscribe(event.SearchResult, aliceQueueOracle)
+	aliceEb := app.GetEventBus(alice.GetOnion())
+	if aliceEb == nil {
+		t.Fatalf("alice's eventbus is undefined")
+	}
+	aliceEb.Subscribe(event.SearchResult, aliceQueueOracle)
 	queueOracle := event.NewQueue()
-	app.GetEventBus(bob.GetOnion()).Subscribe(event.FileDownloaded, queueOracle)
+	bobEb := app.GetEventBus(bob.GetOnion())
+	if bobEb == nil {
+		t.Fatalf("bob's eventbus is undefined")
+	}
+	bobEb.Subscribe(event.FileDownloaded, queueOracle)
 
 	// Turn on File Sharing Experiment...
 	settings := app.ReadSettings()
@@ -140,13 +151,6 @@ func TestFileSharing(t *testing.T) {
 
 	bob.NewContactConversation(alice.GetOnion(), model.DefaultP2PAccessControl(), true)
 	alice.NewContactConversation(bob.GetOnion(), model.DefaultP2PAccessControl(), true)
-	alice.PeerWithOnion(bob.GetOnion())
-
-	t.Logf("Waiting for alice and Bob to peer...")
-	waitForPeerPeerConnection(t, alice, bob)
-	alice.AcceptConversation(1)
-
-	t.Logf("Alice and Bob are Connected!!")
 
 	filesharingFunctionality := filesharing.FunctionalityGate()
 
@@ -156,10 +160,10 @@ func TestFileSharing(t *testing.T) {
 	}
 
 	alice.SendMessage(1, fileSharingMessage)
-	bob.AcceptConversation(1)
 
-	// Wait for the messages to arrive...
-	time.Sleep(time.Second * 10)
+	// Ok this is fun...we just Sent a Message we may not have a connection yet...
+	// so this test will only pass if sending offline works...
+	waitForPeerPeerConnection(t, bob, alice)
 
 	bob.SendMessage(1, "this is a test message")
 	bob.SendMessage(1, "this is another  test message")

testing/quality.sh

@@ -4,18 +4,25 @@ echo "Checking code quality (you want to see no output here)"
 echo ""
 
 echo ""
-echo "Linting:"
+echo "Running staticcheck..."
 
 staticcheck ./...
 
+# In the future we should remove include-pkgs. However, there are a few false positives in the overall go stdlib that make this
+# too noisy right now, specifically assigning nil to initialize slices (safe), and using go internal context channels assigned
+# nil (also safe).
+# We also have one file infinite_channel.go written in a way that static analysis cannot reason about easily. So it is explictly
+# ignored.
+echo "Running nilaway..."
+nilaway -include-pkgs="cwtch.im/cwtch,cwtch.im/tapir,git.openprivacy.ca/openprivacy/connectivity" -exclude-file-docstrings="nolint:nilaway" ./...
 
 echo "Time to format"
 gofmt -l -s -w .
 
 # ineffassign (https://github.com/gordonklaus/ineffassign)
-echo "Checking for ineffectual assignment of errors (unchecked errors...)"
-ineffassign ./..
+# echo "Checking for ineffectual assignment of errors (unchecked errors...)"
+# ineffassign .
 
 # misspell (https://github.com/client9/misspell/cmd/misspell)
-echo "Checking for misspelled words..."
-misspell . | grep -v "testing/" | grep -v "vendor/" | grep -v "go.sum" | grep -v ".idea"
+# echo "Checking for misspelled words..."
+# misspell . | grep -v "testing/" | grep -v "vendor/" | grep -v "go.sum" | grep -v ".idea"

tools/cwtch_tools.go

@@ -18,7 +18,6 @@ import (
 	"os"
 	path "path/filepath"
 	"strings"
-	"time"
 )
 
 var tool = flag.String("tool", "", "the tool to use")
@@ -86,7 +85,6 @@ func getTokens(bundle string) {
 	os.MkdirAll(dataDir, 0700)
 
 	// we don't need real randomness for the port, just to avoid a possible conflict...
-	mrand.Seed(int64(time.Now().Nanosecond()))
 	socksPort := mrand.Intn(1000) + 9051
 	controlPort := mrand.Intn(1000) + 9052
 

utils/timeoutpolicy.go

@@ -1,3 +1,4 @@
+// nolint:nilaway - the context timeout here is reported as an error, even though it is a by-the-doc example
 package utils
 
 import (