feat(common): Add TimelineEvent::timestamp.

This patch adds the `timestamp` field to `TimelineEvent`.
It's a copy of the `origin_server_ts` value, parsed as an
`Option<MilliSecondsSinceUnixEpoch>`. It's `None` if the parsing failed,
or if the `TimelineEvent` was deserialised from a version before this
new field was added.

A new `extract_timestamp` function is added for this purpose. It
protects against malicious `origin_server_ts` where the value can be
set to year 2100 for example. The only protection we are adding here is
to take the `min(origin_server_ts, now())`, so that the event can never
been “in the future”.

It doesn't protect against a malicious value like 0. It's non-trivial to
define a minimum timestamp for an event.

When a `TimelineEvent` is mapped from one kind to another kind, the
`timestamp` is carried over. To achieve that, new `to_decrypted` and
`to_utd` methods are added.

The rest of the code is updated accordingly.

Author: Hywan

crates/matrix-sdk-base/src/latest_event.rs

@@ -790,6 +790,7 @@ mod tests {
                             }
                         },
                         "thread_summary": "None",
+                        "timestamp": null,
                     }
                 }
             })

crates/matrix-sdk-base/src/response_processors/e2ee/decrypt.rs

@@ -14,7 +14,7 @@
 
 use matrix_sdk_common::deserialized_responses::TimelineEvent;
 use matrix_sdk_crypto::RoomEventDecryptionResult;
-use ruma::{RoomId, events::AnySyncTimelineEvent, serde::Raw};
+use ruma::RoomId;
 
 use super::{super::verification, E2EE};
 use crate::Result;
@@ -26,31 +26,36 @@ use crate::Result;
 /// application, returns `Err`.
 ///
 /// Returns `Ok(None)` if encryption is not configured.
+///
+/// The returned [`TimelineEvent`] has no push actions set up. It's the
+/// responsibility of the caller to set them.
 pub async fn sync_timeline_event(
     e2ee: E2EE<'_>,
-    event: &Raw<AnySyncTimelineEvent>,
+    event: &TimelineEvent,
     room_id: &RoomId,
 ) -> Result<Option<TimelineEvent>> {
     let Some(olm) = e2ee.olm_machine else { return Ok(None) };
 
     Ok(Some(
         match olm
-            .try_decrypt_room_event(event.cast_ref_unchecked(), room_id, e2ee.decryption_settings)
+            .try_decrypt_room_event(
+                event.raw().cast_ref_unchecked(),
+                room_id,
+                e2ee.decryption_settings,
+            )
             .await?
         {
             RoomEventDecryptionResult::Decrypted(decrypted) => {
                 // Note: the push actions are set by the caller.
-                let timeline_event = TimelineEvent::from_decrypted(decrypted, None);
+                let timeline_event = event.to_decrypted(decrypted, None);
 
                 if let Ok(sync_timeline_event) = timeline_event.raw().deserialize() {
                     verification::process_if_relevant(&sync_timeline_event, e2ee, room_id).await?;
                 }
 
                 timeline_event
             }
-            RoomEventDecryptionResult::UnableToDecrypt(utd_info) => {
-                TimelineEvent::from_utd(event.clone(), utd_info)
-            }
+            RoomEventDecryptionResult::UnableToDecrypt(utd_info) => event.to_utd(utd_info),
         },
     ))
 }

crates/matrix-sdk-base/src/response_processors/latest_event.rs

@@ -116,6 +116,10 @@ async fn decrypt_sync_room_event(
     {
         RoomEventDecryptionResult::Decrypted(decrypted) => {
             // We're fine not setting the push actions for the latest event.
+
+            // TODO: we should use `TimelineEvent::to_decrypted`
+            // but this whole code is about to get soon removed by
+            // https://github.com/matrix-org/matrix-rust-sdk/pull/5624.
             let event = TimelineEvent::from_decrypted(decrypted, None);
 
             if let Ok(sync_timeline_event) = event.raw().deserialize() {
@@ -127,6 +131,9 @@ async fn decrypt_sync_room_event(
         }
 
         RoomEventDecryptionResult::UnableToDecrypt(utd_info) => {
+            // TODO: we should use `TimelineEvent::to_utd`
+            // but this whole code is about to get soon removed by
+            // https://github.com/matrix-org/matrix-rust-sdk/pull/5624.
             TimelineEvent::from_utd(event.clone(), utd_info)
         }
     };

crates/matrix-sdk-base/src/response_processors/timeline.rs

@@ -16,7 +16,7 @@ use matrix_sdk_common::{deserialized_responses::TimelineEvent, timer};
 #[cfg(feature = "e2e-encryption")]
 use ruma::events::SyncMessageLikeEvent;
 use ruma::{
-    UInt, UserId, assign,
+    MilliSecondsSinceUnixEpoch, UInt, UserId, assign,
     events::{AnySyncMessageLikeEvent, AnySyncTimelineEvent},
     push::{Action, PushConditionRoomCtx},
 };
@@ -31,6 +31,7 @@ use crate::{Result, Room, RoomInfo, sync::Timeline};
 ///
 /// For each event:
 /// - will try to decrypt it,
+/// - will fix the `origin_server_ts` if considered invalid,
 /// - will process verification,
 /// - will process redaction,
 /// - will process notification.
@@ -46,14 +47,15 @@ pub async fn build<'notification, 'e2ee>(
 ) -> Result<Timeline> {
     let _timer = timer!(tracing::Level::TRACE, "build a timeline from sync");
 
+    let now = MilliSecondsSinceUnixEpoch::now();
     let mut timeline = Timeline::new(timeline_inputs.limited, timeline_inputs.prev_batch);
     let mut push_condition_room_ctx = get_push_room_context(context, room, room_info).await?;
     let room_id = room.room_id();
 
     for raw_event in timeline_inputs.raw_events {
         // Start by assuming we have a plaintext event. We'll replace it with a
         // decrypted or UTD event below if necessary.
-        let mut timeline_event = TimelineEvent::from_plaintext(raw_event);
+        let mut timeline_event = TimelineEvent::from_plaintext_with_max_timestamp(raw_event, now);
 
         // Do some special stuff on the `timeline_event` before collecting it.
         match timeline_event.raw().deserialize() {
@@ -94,7 +96,7 @@ pub async fn build<'notification, 'e2ee>(
                                 if let Some(decrypted_timeline_event) =
                                     Box::pin(e2ee::decrypt::sync_timeline_event(
                                         e2ee.clone(),
-                                        timeline_event.raw(),
+                                        &timeline_event,
                                         room_id,
                                     ))
                                     .await?

crates/matrix-sdk-base/src/room/room_info.rs

@@ -1369,7 +1369,8 @@ mod tests {
             "latest_event": {
                 "event": {
                     "kind": {"PlainText": {"event": {"sender": "@u:i.uk"}}},
-                    "thread_summary": "None"
+                    "thread_summary": "None",
+                    "timestamp": null,
                 },
             },
             "new_latest_event": "None",