Mirrors/chatmail-core
1
0
Fork 0
mirror of https://github.com/chatmail/core.git synced 2026-04-17 21:46:35 +03:00
Code Issues Packages Projects Releases Wiki Activity
Files
5f248954dcf3257ea8588eb1749ef98f2d451b62
chatmail-core/deltachat-jsonrpc
History
Hocuri c724e2981c feat: Securejoin v3, encrypt all securejoin messages (#7754) 
Close https://github.com/chatmail/core/issues/7396. Before reviewing,
you should read the issue description of
https://github.com/chatmail/core/issues/7396.
I recommend to review with hidden whitespace changes.

TODO:
- [x] Implement the new protocol
- [x] Make Rust tests pass
- [x] Make Python tests pass
- [x] Test it manually on a phone
- [x] Print the sent messages, and check that they look how they should:
[test_secure_join_group_with_mime_printed.txt](https://github.com/user-attachments/files/24800556/test_secure_join_group.txt)
- [x] Fix bug: If Alice has a second device, then Bob's chat won't be
shown yet on that second device. Also, Bob's contact isn't shown in her
contact list. As soon as either party writes something into the chat,
the that shows up and everything is fine. All of this is still a way
better UX than in WhatsApp, where Bob always has to write first 😂
Still, I should fix that.
- This is actually caused by a larger bug: AUTH tokens aren't synced if
there is no corresponding INVITE token.
  - Fixed by 6b658a0e0
- [x] Either make a new `auth_tokens` table with a proper UNIQUE bound,
or put a UNIQUE bound on the `tokens` table
- [x] Benchmarking
- [x] TODOs in the code, maybe change naming of the new functions
- [x] Write test for interop with older DC (esp. that the original
securejoin runs if you remove the &v=3 param)
- [x] From a cryptography perspective, is it fine that vc-request is
encrypted with AUTH, rather than a separate secret (like INVITE)?
- [x] Make sure that QR codes without INVITE work, so that we can remove
it eventually
- [x] Self-review, and comment on some of my code changes to explain
what they do
- [x] ~~Maybe use a new table rather than reusing AUTH token.~~ See
https://github.com/chatmail/core/pull/7754#discussion_r2728544725
- [ ] Update documentation; I'll do that in a separate PR. All necessary
information is in the https://github.com/chatmail/core/issues/7396 issue
description
- [ ] Update tests and other code to use the new names (e.g.
`request-pubkey` rather than `request` and `pubkey` rather than
`auth-required`); I'll do that in a follow-up PR

**Backwards compatibility:**
Everything works seamlessly in my tests. If both devices are updated,
then the new protocol is used; otherwise, the old protocol is used. If
there is a not-yet-updated second device, it will correctly observe the
protocol, and mark the chat partner as verified.

Note that I removed the `Auto-Submitted: auto-replied` header from
securejoin messages. We don't need it ourselves, it's a cleartext header
that leaks too much information, and I can't see any reason to have it.

---------

Co-authored-by: iequidoo <117991069+iequidoo@users.noreply.github.com>
2026-03-02 16:37:14 +00:00
..
src
feat: Securejoin v3, encrypt all securejoin messages (#7754)
2026-03-02 16:37:14 +00:00
typescript
chore: bump version to 2.44.0-dev
2026-02-27 01:16:34 +00:00
.gitignore
chore: add openrpc.json to .gitignore
2023-06-16 14:32:09 +00:00
Cargo.toml
chore: bump version to 2.44.0-dev
2026-02-27 01:16:34 +00:00
README.md
build: remove websocket support from deltachat-jsonrpc
2025-03-16 09:04:26 +00:00

README.md

deltachat-jsonrpc

This crate provides a JSON-RPC 2.0 interface to DeltaChat.

The JSON-RPC API is exposed in two fashions:

  • A executable deltachat-rpc-server that exposes the JSON-RPC API through stdio.
  • The JSON-RPC API can also be called through the C FFI. It exposes the functions dc_jsonrpc_init, dc_jsonrpc_request, dc_jsonrpc_next_response and dc_jsonrpc_unref. See the docs in the header file for details.

We also include a JavaScript and TypeScript client for the JSON-RPC API. The source for this is in the typescript folder.

Usage

Using the TypeScript/JavaScript client

The package includes a JavaScript/TypeScript client which is partially auto-generated through the JSON-RPC library used by this crate (yerpc). Find the source in the typescript folder.

To use it locally, first install the dependencies and compile the TypeScript code to JavaScript:

cd typescript
npm install
npm run build

The JavaScript client is published on NPM.

A script is included to build autogenerated documentation, which includes all RPC methods:

cd typescript
npm run docs

Then open the typescript/docs folder in a web browser.

Development

Running the example app

Testing

The crate includes both a basic Rust smoke test and more featureful integration tests that use the TypeScript client.

Rust tests

To run the Rust test, use this command:

cargo test

TypeScript tests

cd typescript
npm run test

This will build the deltachat-jsonrpc-server binary and then run a test suite.

The test suite includes some tests that need online connectivity and a way to create test email accounts. To run these tests, set the CHATMAIL_DOMAIN environment variable to your testing email server domain.

CHATMAIL_DOMAIN=ci-chatmail.testrun.org npm run test

Test Coverage

Running npm run test will report test coverage. For the coverage to be accurate the online tests need to be run.

If you are offline and want to see the coverage results anyway (even though they are inaccurate), you can bypass the errors of the online tests by setting the COVERAGE_OFFLINE=1 environment variable.

A summary of the coverage will be reported in the terminal after the test run. Open coverage/index.html in a web browser for a detailed report.