From 46b1eeb2c87f4a83264f17f2508f98293e74ba62 Mon Sep 17 00:00:00 2001
From: Jade Ellis <jade@ellis.link>
Date: Wed, 28 May 2025 02:07:56 +0100
Subject: [PATCH] feat: Allow retrieving redacted message content (msc2815)

Still to do:
- Handling the difference between content that we have deleted and
content we never received
- Deleting the original content on command or expiry

Another question is if we have to store the full original content?
Can we get by with just storing the 'content' field?
---
 src/api/client/room/event.rs       | 51 ++++++++++++++++++++++++++++--
 src/api/client/unversioned.rs      |  1 +
 src/service/rooms/timeline/data.rs |  8 +++++
 src/service/rooms/timeline/mod.rs  |  9 ++++++
 4 files changed, 67 insertions(+), 2 deletions(-)

diff --git a/src/api/client/room/event.rs b/src/api/client/room/event.rs
index 2b115b5c..61f8b88c 100644
--- a/src/api/client/room/event.rs
+++ b/src/api/client/room/event.rs
@@ -1,7 +1,7 @@
 use axum::extract::State;
-use conduwuit::{Err, Event, Result, err};
+use conduwuit::{Err, Event, PduEvent, Result, err};
 use futures::{FutureExt, TryFutureExt, future::try_join};
-use ruma::api::client::room::get_room_event;
+use ruma::api::client::{error::ErrorKind, room::get_room_event};
 
 use crate::{Ruma, client::is_ignored_pdu};
 
@@ -14,6 +14,7 @@ pub(crate) async fn get_room_event_route(
 ) -> Result<get_room_event::v3::Response> {
 	let event_id = &body.event_id;
 	let room_id = &body.room_id;
+	let sender_user = body.sender_user();
 
 	let event = services
 		.rooms
@@ -33,6 +34,52 @@ pub(crate) async fn get_room_event_route(
 		return Err!(Request(Forbidden("You don't have permission to view this event.")));
 	}
 
+	let include_unredacted_content = body
+		.include_unredacted_content // User's file has this field name
+		.unwrap_or(false);
+
+	if include_unredacted_content && event.is_redacted() {
+		let is_server_admin = services
+			.users
+			.is_admin(sender_user)
+			.map(|is_admin| Ok(is_admin));
+		let can_redact_privilege = services
+			.rooms
+			.state_accessor
+			.user_can_redact(event_id, sender_user, room_id, false) // federation=false for local check
+			;
+		let (is_server_admin, can_redact_privilege) =
+			try_join(is_server_admin, can_redact_privilege).await?;
+
+		if !is_server_admin && !can_redact_privilege {
+			return Err!(Request(Forbidden(
+				"You don't have permission to view redacted content.",
+			)));
+		}
+
+		let pdu_id = match services.rooms.timeline.get_pdu_id(event_id).await {
+			| Ok(id) => id,
+			| Err(e) => {
+				return Err(e);
+			},
+		};
+		let original_content = services
+			.rooms
+			.timeline
+			.get_original_pdu_content(&pdu_id)
+			.await?;
+		if let Some(original_content) = original_content {
+			// If the original content is available, we can return it.
+			// event.content = to_raw_value(&original_content)?;
+			event = PduEvent::from_id_val(event_id, original_content)?;
+		} else {
+			return Err(conduwuit::Error::BadRequest(
+				ErrorKind::UnredactedContentDeleted { content_keep_ms: None },
+				"The original unredacted content is not in the database.",
+			));
+		}
+	}
+
 	debug_assert!(
 		event.event_id() == event_id && event.room_id() == room_id,
 		"Fetched PDU must match requested"
diff --git a/src/api/client/unversioned.rs b/src/api/client/unversioned.rs
index 232d5b28..98976522 100644
--- a/src/api/client/unversioned.rs
+++ b/src/api/client/unversioned.rs
@@ -40,6 +40,7 @@ pub(crate) async fn get_supported_versions_route(
 			"v1.11".to_owned(),
 		],
 		unstable_features: BTreeMap::from_iter([
+			("fi.mau.msc2815".to_owned(), true),
 			("org.matrix.e2e_cross_signing".to_owned(), true),
 			("org.matrix.msc2285.stable".to_owned(), true), /* private read receipts (https://github.com/matrix-org/matrix-spec-proposals/pull/2285) */
 			("uk.half-shot.msc2666.query_mutual_rooms".to_owned(), true), /* query mutual rooms (https://github.com/matrix-org/matrix-spec-proposals/pull/2666) */
diff --git a/src/service/rooms/timeline/data.rs b/src/service/rooms/timeline/data.rs
index a0b407d6..e5baf3b3 100644
--- a/src/service/rooms/timeline/data.rs
+++ b/src/service/rooms/timeline/data.rs
@@ -190,6 +190,14 @@ impl Data {
 		Ok(())
 	}
 
+	/// Returns the original content of a redacted PDU.
+	pub(super) async fn get_original_pdu_content(
+		&self,
+		pdu_id: &RawPduId,
+	) -> Result<Option<CanonicalJsonObject>> {
+		self.pduid_originalcontent.get(pdu_id).await.deserialized()
+	}
+
 	pub(super) async fn append_pdu(
 		&self,
 		pdu_id: &RawPduId,
diff --git a/src/service/rooms/timeline/mod.rs b/src/service/rooms/timeline/mod.rs
index dee12a41..a09f5ec6 100644
--- a/src/service/rooms/timeline/mod.rs
+++ b/src/service/rooms/timeline/mod.rs
@@ -270,6 +270,15 @@ impl Service {
 		self.db.store_redacted_pdu_content(pdu_id, pdu_json).await
 	}
 
+	/// Returns the original content of a redacted PDU.
+	#[tracing::instrument(skip(self), level = "debug")]
+	pub async fn get_original_pdu_content(
+		&self,
+		pdu_id: &RawPduId,
+	) -> Result<Option<CanonicalJsonObject>> {
+		self.db.get_original_pdu_content(pdu_id).await
+	}
+
 	/// Creates a new persisted data unit and adds it to a room.
 	///
 	/// By this point the incoming event should be fully authenticated, no auth