Sketch (just TODO comments) for prevent-online-leak

Author: Hocuri

src/chat.rs

@@ -431,6 +431,9 @@ impl ChatId {
             context.emit_event(EventType::ChatModified(self));
         }
 
+        // TODO Check in the sql table `alicestate` whether we need to resume the securejoin protocol.
+        // If so, remember to also update the `alicestate` table.
+
         Ok(())
     }
 

src/securejoin.rs

@@ -326,6 +326,14 @@ pub(crate) async fn handle_securejoin_handshake(
                 ChatId::create_for_contact(context, contact_id).await?;
             }
 
+            // TODO Here we need to check that the token isn't too old (no more than 2 days)
+            // and if it is too old, then we need to put the chat into "Request" state.
+            // Except if `get_config(Config::IsBot)` is true, in this case we just continue normally.
+
+            // When the "Request" state is accepted (`ChatId::accept()`), we need to continue here. Also, we need to
+            // remember in the database that the user accepted a securejoin and the current timestamp.
+            // This probably needs to go into a new table `alicestate` or similar
+
             // Alice -> Bob
             send_alice_handshake_msg(
                 context,
@@ -432,6 +440,17 @@ pub(crate) async fn handle_securejoin_handshake(
             info!(context, "Auth verified.",);
             context.emit_event(EventType::ContactsChanged(Some(contact_id)));
             inviter_progress!(context, contact_id, 600);
+
+            // TODO Here we need to check that the token isn't too old
+            // and if it is too old, then we need to put the chat into "Request" state.
+
+            // Except if `get_config(Config::IsBot)` is true, in this case we just continue normally.
+
+            // Except if the user already accepted the securejoin above in the last 2 days,
+            // in this case we just continue normally.
+
+            // When the "Request" state is accepted (in `ChatId::accept()`), we need to continue here.
+
             if join_vg {
                 // the vg-member-added message is special:
                 // this is a normal Chat-Group-Member-Added message

src/sql/migrations.rs

@@ -749,6 +749,13 @@ CREATE INDEX smtp_messageid ON imap(rfc724_mid);
         )
         .await?;
     }
+    // TODO we need a new table called `alicestate` or similar for alice's state, which can be (for each chat):
+    // - Paused at step 3 because the invite code was too old.
+    // - Resumed by the user clicking "accept" after step 3. We need to save the timestamp when the user clicked "accept".
+    // - Paused at step 6 because the auth code was too old.
+    // I think that if it's none of these 3 states, there is no need to save it.
+
+    // See https://countermitm.readthedocs.io/en/latest/new.html#setup-contact-protocol
 
     let new_version = sql
         .get_raw_config_int(VERSION_CFG)