Add new endpoint to allow admins to evacuate the local server from the room

2026-01-01 03:03:10 -06:00 · 2022-04-28 12:31:42 +01:00 · 2022-04-28 12:31:42 +01:00 · 87c1dae4ae
parent 65034d1f22
commit 87c1dae4ae
17 changed files with 195 additions and 16 deletions
--- a/build/gobind-pinecone/monolith.go
+++ b/build/gobind-pinecone/monolith.go
@ -314,6 +314,7 @@ func (m *DendriteMonolith) Start() {
 		base.PublicWellKnownAPIMux,
 		base.PublicMediaAPIMux,
 		base.SynapseAdminMux,
+		base.DendriteAdminMux,
 	)

 	httpRouter := mux.NewRouter().SkipClean(true).UseEncodedPath()
--- a/build/gobind-yggdrasil/monolith.go
+++ b/build/gobind-yggdrasil/monolith.go
@ -152,6 +152,7 @@ func (m *DendriteMonolith) Start() {
 		base.PublicWellKnownAPIMux,
 		base.PublicMediaAPIMux,
 		base.SynapseAdminMux,
+		base.DendriteAdminMux,
 	)

 	httpRouter := mux.NewRouter()
--- a/clientapi/clientapi.go
+++ b/clientapi/clientapi.go
@ -36,6 +36,7 @@ func AddPublicRoutes(
 	process *process.ProcessContext,
 	router *mux.Router,
 	synapseAdminRouter *mux.Router,
+	dendriteAdminRouter *mux.Router,
 	cfg *config.ClientAPI,
 	federation *gomatrixserverlib.FederationClient,
 	rsAPI roomserverAPI.RoomserverInternalAPI,
@ -62,7 +63,8 @@ func AddPublicRoutes(
 	}

 	routing.Setup(
-		router, synapseAdminRouter, cfg, rsAPI, asAPI,
+		router, synapseAdminRouter, dendriteAdminRouter,
+		cfg, rsAPI, asAPI,
 		userAPI, userDirectoryProvider, federation,
 		syncProducer, transactionsCache, fsAPI, keyAPI,
 		extRoomsProvider, mscCfg, natsClient,
--- a/clientapi/routing/routing.go
+++ b/clientapi/routing/routing.go
@ -48,7 +48,8 @@ import (
 // applied:
 // nolint: gocyclo
 func Setup(
-	publicAPIMux, synapseAdminRouter *mux.Router, cfg *config.ClientAPI,
+	publicAPIMux, synapseAdminRouter, dendriteAdminRouter *mux.Router,
+	cfg *config.ClientAPI,
 	rsAPI roomserverAPI.RoomserverInternalAPI,
 	asAPI appserviceAPI.AppServiceQueryAPI,
 	userAPI userapi.UserInternalAPI,
@ -119,6 +120,29 @@ func Setup(
 		).Methods(http.MethodGet, http.MethodPost, http.MethodOptions)
 	}

+	synapseAdminRouter.Handle("/admin/evacuateRoom",
+		httputil.MakeExternalAPI("admin_evacuate_room", func(req *http.Request) util.JSONResponse {
+			vars, err := httputil.URLDecodeMapValues(mux.Vars(req))
+			if err != nil {
+				return util.ErrorResponse(err)
+			}
+			res := &roomserverAPI.PerformAdminEvacuateRoomResponse{}
+			rsAPI.PerformAdminEvacuateRoom(
+				req.Context(),
+				&roomserverAPI.PerformAdminEvacuateRoomRequest{
+					RoomID: vars["room_id"],
+				},
+				res,
+			)
+			if err := res.Error; err != nil {
+				return err.JSONResponse()
+			}
+			return util.JSONResponse{
+				Code: 200,
+			}
+		}),
+	).Methods(http.MethodGet, http.MethodOptions)
+
 	// server notifications
 	if cfg.Matrix.ServerNotices.Enabled {
 		logrus.Info("Enabling server notices at /_synapse/admin/v1/send_server_notice")
--- a/cmd/dendrite-demo-pinecone/main.go
+++ b/cmd/dendrite-demo-pinecone/main.go
@ -193,6 +193,7 @@ func main() {
 		base.PublicWellKnownAPIMux,
 		base.PublicMediaAPIMux,
 		base.SynapseAdminMux,
+		base.DendriteAdminMux,
 	)

 	wsUpgrader := websocket.Upgrader{
--- a/cmd/dendrite-demo-yggdrasil/main.go
+++ b/cmd/dendrite-demo-yggdrasil/main.go
@ -150,6 +150,7 @@ func main() {
 		base.PublicWellKnownAPIMux,
 		base.PublicMediaAPIMux,
 		base.SynapseAdminMux,
+		base.DendriteAdminMux,
 	)
 	if err := mscs.Enable(base, &monolith); err != nil {
 		logrus.WithError(err).Fatalf("Failed to enable MSCs")
--- a/cmd/dendrite-monolith-server/main.go
+++ b/cmd/dendrite-monolith-server/main.go
@ -153,6 +153,7 @@ func main() {
 		base.PublicWellKnownAPIMux,
 		base.PublicMediaAPIMux,
 		base.SynapseAdminMux,
+		base.DendriteAdminMux,
 	)

 	if len(base.Cfg.MSCs.MSCs) > 0 {
--- a/cmd/dendrite-polylith-multi/personalities/clientapi.go
+++ b/cmd/dendrite-polylith-multi/personalities/clientapi.go
@ -31,8 +31,10 @@ func ClientAPI(base *basepkg.BaseDendrite, cfg *config.Dendrite) {
 	keyAPI := base.KeyServerHTTPClient()

 	clientapi.AddPublicRoutes(
-		base.ProcessContext, base.PublicClientAPIMux, base.SynapseAdminMux, &base.Cfg.ClientAPI,
-		federation, rsAPI, asQuery, transactions.New(), fsAPI, userAPI, userAPI,
+		base.ProcessContext, base.PublicClientAPIMux,
+		base.SynapseAdminMux, base.DendriteAdminMux,
+		&base.Cfg.ClientAPI, federation, rsAPI, asQuery,
+		transactions.New(), fsAPI, userAPI, userAPI,
 		keyAPI, nil, &cfg.MSCs,
 	)

--- a/cmd/dendritejs-pinecone/main.go
+++ b/cmd/dendritejs-pinecone/main.go
@ -220,6 +220,7 @@ func startup() {
 		base.PublicWellKnownAPIMux,
 		base.PublicMediaAPIMux,
 		base.SynapseAdminMux,
+		base.DendriteAdminMux,
 	)

 	httpRouter := mux.NewRouter().SkipClean(true).UseEncodedPath()
--- a/roomserver/api/api.go
+++ b/roomserver/api/api.go
@ -66,6 +66,12 @@ type RoomserverInternalAPI interface {
 		res *PerformInboundPeekResponse,
 	) error

+	PerformAdminEvacuateRoom(
+		ctx context.Context,
+		req *PerformAdminEvacuateRoomRequest,
+		res *PerformAdminEvacuateRoomResponse,
+	)
+
 	QueryPublishedRooms(
 		ctx context.Context,
 		req *QueryPublishedRoomsRequest,
--- a/roomserver/api/api_trace.go
+++ b/roomserver/api/api_trace.go
@ -104,6 +104,15 @@ func (t *RoomserverInternalAPITrace) PerformPublish(
 	util.GetLogger(ctx).Infof("PerformPublish req=%+v res=%+v", js(req), js(res))
 }

+func (t *RoomserverInternalAPITrace) PerformAdminEvacuateRoom(
+	ctx context.Context,
+	req *PerformAdminEvacuateRoomRequest,
+	res *PerformAdminEvacuateRoomResponse,
+) {
+	t.Impl.PerformAdminEvacuateRoom(ctx, req, res)
+	util.GetLogger(ctx).Infof("PerformAdminEvacuateRoom req=%+v res=%+v", js(req), js(res))
+}
+
 func (t *RoomserverInternalAPITrace) PerformInboundPeek(
 	ctx context.Context,
 	req *PerformInboundPeekRequest,
--- a/roomserver/api/perform.go
+++ b/roomserver/api/perform.go
@ -214,3 +214,11 @@ type PerformRoomUpgradeResponse struct {
 	NewRoomID string
 	Error     *PerformError
 }
+
+type PerformAdminEvacuateRoomRequest struct {
+	RoomID string `json:"room_id"`
+}
+
+type PerformAdminEvacuateRoomResponse struct {
+	Error *PerformError
+}
--- a/roomserver/internal/api.go
+++ b/roomserver/internal/api.go
@ -35,6 +35,7 @@ type RoomserverInternalAPI struct {
 	*perform.Backfiller
 	*perform.Forgetter
 	*perform.Upgrader
+	*perform.Admin
 	ProcessContext         *process.ProcessContext
 	DB                     storage.Database
 	Cfg                    *config.RoomServer
@ -164,6 +165,10 @@ func (r *RoomserverInternalAPI) SetFederationAPI(fsAPI fsAPI.FederationInternalA
 		Cfg:    r.Cfg,
 		URSAPI: r,
 	}
+	r.Admin = &perform.Admin{
+		DB:     r.DB,
+		Leaver: r.Leaver,
+	}

 	if err := r.Inputer.Start(); err != nil {
 		logrus.WithError(err).Panic("failed to start roomserver input API")
--- a/roomserver/internal/perform/perform_admin.go
+++ b/roomserver/internal/perform/perform_admin.go
@ -0,0 +1,88 @@
+// Copyright 2022 The Matrix.org Foundation C.I.C.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package perform
+
+import (
+	"context"
+	"fmt"
+
+	"github.com/matrix-org/dendrite/roomserver/api"
+	"github.com/matrix-org/dendrite/roomserver/storage"
+)
+
+type Admin struct {
+	DB     storage.Database
+	Leaver *Leaver
+}
+
+// PerformEvacuateRoom will remove all local users from the given room.
+func (r *Admin) PerformAdminEvacuateRoom(
+	ctx context.Context,
+	req *api.PerformAdminEvacuateRoomRequest,
+	res *api.PerformAdminEvacuateRoomResponse,
+) {
+	roomInfo, err := r.DB.RoomInfo(ctx, req.RoomID)
+	if err != nil {
+		res.Error = &api.PerformError{
+			Code: api.PerformErrorBadRequest,
+			Msg:  fmt.Sprintf("r.DB.RoomInfo: %s", err),
+		}
+		return
+	}
+	if roomInfo.IsStub {
+		res.Error = &api.PerformError{
+			Code: api.PerformErrorBadRequest,
+			Msg:  "room is stub",
+		}
+		return
+	}
+
+	memberNIDs, err := r.DB.GetMembershipEventNIDsForRoom(ctx, roomInfo.RoomNID, true, true)
+	if err != nil {
+		res.Error = &api.PerformError{
+			Code: api.PerformErrorBadRequest,
+			Msg:  fmt.Sprintf("r.DB.GetMembershipEventNIDsForRoom: %s", err),
+		}
+		return
+	}
+
+	memberEvents, err := r.DB.Events(ctx, memberNIDs)
+	if err != nil {
+		res.Error = &api.PerformError{
+			Code: api.PerformErrorBadRequest,
+			Msg:  fmt.Sprintf("r.DB.Events: %s", err),
+		}
+		return
+	}
+
+	for _, memberEvent := range memberEvents {
+		if memberEvent.StateKey() == nil {
+			continue
+		}
+		userID := *memberEvent.StateKey()
+		leaveReq := &api.PerformLeaveRequest{
+			RoomID: req.RoomID,
+			UserID: userID,
+		}
+		leaveRes := &api.PerformLeaveResponse{}
+		if _, err = r.Leaver.PerformLeave(ctx, leaveReq, leaveRes); err != nil {
+			res.Error = &api.PerformError{
+				Code: api.PerformErrorBadRequest,
+				Msg:  fmt.Sprintf("r.Leaver.PerformLeave (%s): %s", userID, err),
+			}
+			return
+		}
+	}
+}
--- a/roomserver/inthttp/client.go
+++ b/roomserver/inthttp/client.go
@ -29,16 +29,17 @@ const (
 	RoomserverInputRoomEventsPath = "/roomserver/inputRoomEvents"

 	// Perform operations
-	RoomserverPerformInvitePath      = "/roomserver/performInvite"
-	RoomserverPerformPeekPath        = "/roomserver/performPeek"
-	RoomserverPerformUnpeekPath      = "/roomserver/performUnpeek"
-	RoomserverPerformRoomUpgradePath = "/roomserver/performRoomUpgrade"
-	RoomserverPerformJoinPath        = "/roomserver/performJoin"
-	RoomserverPerformLeavePath       = "/roomserver/performLeave"
-	RoomserverPerformBackfillPath    = "/roomserver/performBackfill"
-	RoomserverPerformPublishPath     = "/roomserver/performPublish"
-	RoomserverPerformInboundPeekPath = "/roomserver/performInboundPeek"
-	RoomserverPerformForgetPath      = "/roomserver/performForget"
+	RoomserverPerformInvitePath        = "/roomserver/performInvite"
+	RoomserverPerformPeekPath          = "/roomserver/performPeek"
+	RoomserverPerformUnpeekPath        = "/roomserver/performUnpeek"
+	RoomserverPerformRoomUpgradePath   = "/roomserver/performRoomUpgrade"
+	RoomserverPerformJoinPath          = "/roomserver/performJoin"
+	RoomserverPerformLeavePath         = "/roomserver/performLeave"
+	RoomserverPerformBackfillPath      = "/roomserver/performBackfill"
+	RoomserverPerformPublishPath       = "/roomserver/performPublish"
+	RoomserverPerformInboundPeekPath   = "/roomserver/performInboundPeek"
+	RoomserverPerformForgetPath        = "/roomserver/performForget"
+	RoomserverPerformAdminEvacuateRoom = "/roomserver/performAdminEvacuateRoom"

 	// Query operations
 	RoomserverQueryLatestEventsAndStatePath    = "/roomserver/queryLatestEventsAndState"
@ -299,6 +300,23 @@ func (h *httpRoomserverInternalAPI) PerformPublish(
 	}
 }

+func (h *httpRoomserverInternalAPI) PerformAdminEvacuateRoom(
+	ctx context.Context,
+	req *api.PerformAdminEvacuateRoomRequest,
+	res *api.PerformAdminEvacuateRoomResponse,
+) {
+	span, ctx := opentracing.StartSpanFromContext(ctx, "PerformAdminEvacuateRoom")
+	defer span.Finish()
+
+	apiURL := h.roomserverURL + RoomserverPerformAdminEvacuateRoom
+	err := httputil.PostJSON(ctx, span, h.httpClient, apiURL, req, res)
+	if err != nil {
+		res.Error = &api.PerformError{
+			Msg: fmt.Sprintf("failed to communicate with roomserver: %s", err),
+		}
+	}
+}
+
 // QueryLatestEventsAndState implements RoomserverQueryAPI
 func (h *httpRoomserverInternalAPI) QueryLatestEventsAndState(
 	ctx context.Context,
--- a/roomserver/inthttp/server.go
+++ b/roomserver/inthttp/server.go
@ -118,6 +118,17 @@ func AddRoutes(r api.RoomserverInternalAPI, internalAPIMux *mux.Router) {
 			return util.JSONResponse{Code: http.StatusOK, JSON: &response}
 		}),
 	)
+	internalAPIMux.Handle(RoomserverPerformAdminEvacuateRoom,
+		httputil.MakeInternalAPI("performAdminEvacuateRoom", func(req *http.Request) util.JSONResponse {
+			var request api.PerformAdminEvacuateRoomRequest
+			var response api.PerformAdminEvacuateRoomResponse
+			if err := json.NewDecoder(req.Body).Decode(&request); err != nil {
+				return util.MessageResponse(http.StatusBadRequest, err.Error())
+			}
+			r.PerformAdminEvacuateRoom(req.Context(), &request, &response)
+			return util.JSONResponse{Code: http.StatusOK, JSON: &response}
+		}),
+	)
 	internalAPIMux.Handle(
 		RoomserverQueryPublishedRoomsPath,
 		httputil.MakeInternalAPI("queryPublishedRooms", func(req *http.Request) util.JSONResponse {
--- a/setup/monolith.go
+++ b/setup/monolith.go
@ -54,13 +54,13 @@ type Monolith struct {
 }

 // AddAllPublicRoutes attaches all public paths to the given router
-func (m *Monolith) AddAllPublicRoutes(process *process.ProcessContext, csMux, ssMux, keyMux, wkMux, mediaMux, synapseMux *mux.Router) {
+func (m *Monolith) AddAllPublicRoutes(process *process.ProcessContext, csMux, ssMux, keyMux, wkMux, mediaMux, synapseMux, dendriteMux *mux.Router) {
 	userDirectoryProvider := m.ExtUserDirectoryProvider
 	if userDirectoryProvider == nil {
 		userDirectoryProvider = m.UserAPI
 	}
 	clientapi.AddPublicRoutes(
-		process, csMux, synapseMux, &m.Config.ClientAPI,
+		process, csMux, synapseMux, dendriteMux, &m.Config.ClientAPI,
 		m.FedClient, m.RoomserverAPI,
 		m.AppserviceAPI, transactions.New(),
 		m.FederationAPI, m.UserAPI, userDirectoryProvider, m.KeyAPI,