sync: Avoid crash on invalid state events

[timokoesters]

The problem was in matrix_sdk_sqlite::state_store::SqliteStateStore save_changes, which saved the RoomInfo to the disk by serializing it.

• Public API changes documented in changelogs (optional)

Fixes #2949

[timokoesters]

The bad events will now be saved as None, which falls back to the default for the event type. For example JoinRule::_Custom("test") falls back to JoinRule::Public. This may or may not be the correct behavior...

Here is the code where it falls back to the default:

matrix-rust-sdk/crates/matrix-sdk-base/src/rooms/normal.rs

Lines 1141 to 1146 in 7493176

	fn join_rule(&self) -> &JoinRule {
	match &self.base_info.join_rules {
	Some(MinimalStateEvent::Original(ev)) => &ev.content.join_rule,
	_ => &JoinRule::Public,
	}
	}

[codecov]

Codecov Report

Attention: 8 lines in your changes are missing coverage. Please review.

Comparison is base (060eaef) 83.85% compared to head (39ea904) 83.83%.
Report is 33 commits behind head on main.

❗ Current head 39ea904 differs from pull request most recent head 6701933. Consider uploading reports for the commit 6701933 to get more accurate results

Files	Patch %	Lines
crates/matrix-sdk-base/src/rooms/mod.rs	55.55%	8 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #3124      +/-   ##
==========================================
- Coverage   83.85%   83.83%   -0.03%     
==========================================
  Files         229      229              
  Lines       23706    23718      +12     
==========================================
+ Hits        19879    19884       +5     
- Misses       3827     3834       +7     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[bnjbvr]

Thanks for writing a fix. The approach isn't great, in the sense that the lib user might have been able to do something with the custom event, and we're losing it here.

Instead, could we try to serialize the Raw<Event>s in the BaseRoomInfo, have getters that automatically deserialize them, please? It shouldn't require a migration, in theory (because a serialized Raw<T> is the same as the serialize T, when the serialization mechanism is JSON). If it does require a migration, that would result in a logout in the EX apps, so it would be an easy way to try it out and make sure no migration is needed.

[timokoesters]

This test is currently not testing what it's supposed to, because it runs in-memory instead of on sqlite or indexeddb. How can I change that?

[bnjbvr]

make_room below likely creates and configures the Client; you'd need another Client that is configured to use sqlite or indexeddb.

[bnjbvr]

Did you address this comment? ^

[timokoesters]

I removed the lazy loading to make it simpler while implementing, but I should add it back in. The approach from the sqlite make_room_version closure doesn't work here because it's async

[timokoesters]

With the last set of changes, I had to make the sqlite version non-async too, to allow passing the room version into the base_info.handle_redaction function.

[timokoesters]

This PR is ready for another review. I've changed the fundamental approach, so now the raw events are stored in the database. I did a quick test using element x android (sqlite), but I could not test indexeddb yet and I haven't tested redactions yet.

[bnjbvr]

make_room below likely creates and configures the Client; you'd need another Client that is configured to use sqlite or indexeddb.

[bnjbvr]

Instead of all those annotations, can we use something like #[serde(into = "RawRoomInfo", from = "RawRoomInfo")], so that the (de)serialization of this struct goes through that of RawRoomInfo instead, and we don't have to worry about redacting events?

[bnjbvr]

nit: doc comment for the whole struct please

[bnjbvr]

also, question: does it need to be public so that downstream implementations of the state store trait can reuse it? (If so, please indicate so in the comment.)

I wonder if it still needs that, with my suggestion above to use serde(from / into).

[bnjbvr]

Why do we need this at all? 😨 Do we need something similar for edits? If we actually have to keep this, can we commonize the code with the indexeddb implementation?

[bnjbvr]

I don't think you'd need a new table, in both cases; the justification being that serializing Raw<T> with serde_json is the same as serializing T with serde_json. So you should be able to reuse the same table.

[codecov-commenter]

Codecov Report

Attention: Patch coverage is 55.55556% with 8 lines in your changes are missing coverage. Please review.

Project coverage is 83.83%. Comparing base (59c468c) to head (39ea904).
Report is 49 commits behind head on main.

❗ Current head 39ea904 differs from pull request most recent head 17c4201. Consider uploading reports for the commit 17c4201 to get more accurate results

Files	Patch %	Lines
crates/matrix-sdk-base/src/rooms/mod.rs	55.55%	8 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #3124      +/-   ##
==========================================
- Coverage   83.86%   83.83%   -0.03%     
==========================================
  Files         231      229       -2     
  Lines       23856    23718     -138     
==========================================
- Hits        20006    19884     -122     
+ Misses       3850     3834      -16     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[bnjbvr]

Thanks for the new version of the PR! Here's another round of comments. I'm a bit scared by the code duplication, so let's see if we can lower it a bit.

[bnjbvr]

nit: can we avoid deserializing twice here? Maybe call deserialize_as and check against the target event_id instead?

[bnjbvr]

ditto, the event is deserialized twice here: can we deserialize it once with deserialize_as and then check the event_id matches later, instead?

[bnjbvr]

Can you use a match and log the error message instead?

[bnjbvr]

ditto here

[bnjbvr]

style nit: please let the code breath 😁

Suggested change

	},
	// Clean up rtc_members
	&|map| {
	},
	// Clean up rtc_members
	&|map| {

[bnjbvr]

What's the motivation behind this change?

[bnjbvr]

Ditto?

[bnjbvr]

Did you address this comment? ^

[bnjbvr]

It seems it would be much simpler to throw away the previous RawRoomInfo and convert the RoomInfo struct into a RawRoomInfo struct, instead of applying a diff of changes to the previously-serialized RawRoomInfo? That way maybe we wouldn't even need extend_with_changes at all.

[bnjbvr]

I don't understand why we need this :/ It seems that a redaction would cause a change to the RoomInfo, so we'd convert it into a RawRoomInfo before persisting it, and we wouldn't need any special handling of redacted events?

[bnjbvr]

Sorry, I think I understand it now. So as I've suggested in a private channel, the duplication of the code applying the redaction to events both in BaseRoomInfo and RawRoomInfo is a bit problematic, and a hindrance in the long term. I wonder if we could regenerate a BaseRoomInfo from the RawRoomInfo every time we received an update to the RawRoomInfo, instead? That would keep the redaction code in a single place and avoid duplication of concerns.

[bnjbvr]

This wasn't the path we wanted to take with this, so closing, we can revisit the approach later, as we still have an issue open describing the issue.