Use Ruma XMatrix type instead of rolling our own

Both the hand-rolled parser and serialization were wrong in countless
ways. The current Ruma parser is much better, and the Ruma serialization
will be fixed by https://github.com/ruma/ruma/pull/1830.

src/api/ruma_wrapper/axum.rs

@@ -8,10 +8,7 @@ use axum::{
     RequestExt, RequestPartsExt,
 };
 use axum_extra::{
-    headers::{
-        authorization::{Bearer, Credentials},
-        Authorization,
-    },
+    headers::{authorization::Bearer, Authorization},
     typed_header::TypedHeaderRejectionReason,
     TypedHeader,
 };
@@ -23,6 +20,7 @@ use ruma::{
         client::error::ErrorKind, AuthScheme, IncomingRequest, Metadata,
         OutgoingResponse,
     },
+    server_util::authorization::XMatrix,
     CanonicalJsonValue, OwnedDeviceId, OwnedServerName, OwnedUserId, UserId,
 };
 use serde::Deserialize;
@@ -199,7 +197,7 @@ async fn ar_from_request_inner(
                     })?;
 
                 let origin_signatures = BTreeMap::from_iter([(
-                    x_matrix.key.clone(),
+                    x_matrix.key.to_string(),
                     CanonicalJsonValue::String(x_matrix.sig),
                 )]);
 
@@ -248,7 +246,7 @@ async fn ar_from_request_inner(
                     .event_handler
                     .fetch_signing_keys(
                         &x_matrix.origin,
-                        vec![x_matrix.key.clone()],
+                        vec![x_matrix.key.to_string()],
                     )
                     .await;
 
@@ -400,67 +398,6 @@ where
         })
     }
 }
-
-struct XMatrix {
-    origin: OwnedServerName,
-    // KeyName?
-    key: String,
-    sig: String,
-}
-
-impl Credentials for XMatrix {
-    const SCHEME: &'static str = "X-Matrix";
-
-    fn decode(value: &http::HeaderValue) -> Option<Self> {
-        debug_assert!(
-            value.as_bytes().starts_with(b"X-Matrix "),
-            "HeaderValue to decode should start with \"X-Matrix ..\", \
-             received = {value:?}",
-        );
-
-        let parameters = str::from_utf8(&value.as_bytes()["X-Matrix ".len()..])
-            .ok()?
-            .trim_start();
-
-        let mut origin = None;
-        let mut key = None;
-        let mut sig = None;
-
-        for entry in parameters.split_terminator(',') {
-            let (name, value) = entry.split_once('=')?;
-
-            // It's not at all clear why some fields are quoted and others not
-            // in the spec, let's simply accept either form for
-            // every field.
-            let value = value
-                .strip_prefix('"')
-                .and_then(|rest| rest.strip_suffix('"'))
-                .unwrap_or(value);
-
-            // FIXME: Catch multiple fields of the same name
-            match name {
-                "origin" => origin = Some(value.try_into().ok()?),
-                "key" => key = Some(value.to_owned()),
-                "sig" => sig = Some(value.to_owned()),
-                _ => debug!(
-                    "Unexpected field `{}` in X-Matrix Authorization header",
-                    name
-                ),
-            }
-        }
-
-        Some(Self {
-            origin: origin?,
-            key: key?,
-            sig: sig?,
-        })
-    }
-
-    fn encode(&self) -> http::HeaderValue {
-        todo!()
-    }
-}
-
 impl<T: OutgoingResponse> IntoResponse for Ra<T> {
     fn into_response(self) -> Response {
         match self.0.try_into_http_response::<BytesMut>() {

src/api/server_server.rs

@@ -10,8 +10,8 @@ use std::{
 };
 
 use axum::{response::IntoResponse, Json};
+use axum_extra::headers::{Authorization, HeaderMapExt};
 use get_profile_information::v1::ProfileField;
-use http::header::{HeaderValue, AUTHORIZATION};
 use ruma::{
     api::{
         client::error::{Error as RumaError, ErrorKind},
@@ -54,10 +54,12 @@ use ruma::{
         StateEventType, TimelineEventType,
     },
     serde::{Base64, JsonObject, Raw},
+    server_util::authorization::XMatrix,
     to_device::DeviceIdOrAllDevices,
     uint, user_id, CanonicalJsonObject, CanonicalJsonValue, EventId,
     MilliSecondsSinceUnixEpoch, OwnedEventId, OwnedRoomId, OwnedServerName,
-    OwnedServerSigningKeyId, OwnedUserId, RoomId, ServerName,
+    OwnedServerSigningKeyId, OwnedSigningKeyId, OwnedUserId, RoomId,
+    ServerName,
 };
 use serde_json::value::{to_raw_value, RawValue as RawJsonValue};
 use tokio::sync::RwLock;
@@ -225,25 +227,25 @@ where
         serde_json::from_slice(&serde_json::to_vec(&request_json).unwrap())
             .unwrap();
 
-    let signatures =
-        request_json["signatures"].as_object().unwrap().values().map(|v| {
-            v.as_object().unwrap().iter().map(|(k, v)| (k, v.as_str().unwrap()))
-        });
+    // There's exactly the one signature we just created, fish it back out again
+    let (key_id, signature) = request_json["signatures"]
+        .get(services().globals.server_name().as_str())
+        .unwrap()
+        .as_object()
+        .unwrap()
+        .iter()
+        .next()
+        .unwrap();
 
-    for signature_server in signatures {
-        for s in signature_server {
-            http_request.headers_mut().insert(
-                AUTHORIZATION,
-                HeaderValue::from_str(&format!(
-                    "X-Matrix origin={},key=\"{}\",sig=\"{}\"",
-                    services().globals.server_name(),
-                    s.0,
-                    s.1
-                ))
-                .unwrap(),
-            );
-        }
-    }
+    let key_id = OwnedSigningKeyId::try_from(key_id.clone()).unwrap();
+    let signature = signature.as_str().unwrap().to_owned();
+
+    http_request.headers_mut().typed_insert(Authorization(XMatrix::new(
+        services().globals.server_name().to_owned(),
+        None,
+        key_id,
+        signature,
+    )));
 
     let reqwest_request = reqwest::Request::try_from(http_request)?;