c7193e24d0
There are cases where a dendrite instance is unaware of a pseudo ID for a user, the user is not a member of that room. To represent this case, we currently use the 'zero' value, which is often not checked and so causes errors later down the line. To make this case more explict, and to be consistent with `QueryUserIDForSender`, this PR changes this to use a pointer (and `nil` to mean no sender ID). Signed-off-by: `Sam Wedgwood <sam@wedgwood.dev>`
492 lines
15 KiB
Go
492 lines
15 KiB
Go
// Copyright 2020 The Matrix.org Foundation C.I.C.
|
|
//
|
|
// Licensed under the Apache License, Version 2.0 (the "License");
|
|
// you may not use this file except in compliance with the License.
|
|
// You may obtain a copy of the License at
|
|
//
|
|
// http://www.apache.org/licenses/LICENSE-2.0
|
|
//
|
|
// Unless required by applicable law or agreed to in writing, software
|
|
// distributed under the License is distributed on an "AS IS" BASIS,
|
|
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
// See the License for the specific language governing permissions and
|
|
// limitations under the License.
|
|
|
|
package routing
|
|
|
|
import (
|
|
"fmt"
|
|
"net/http"
|
|
|
|
"github.com/matrix-org/gomatrixserverlib"
|
|
"github.com/matrix-org/gomatrixserverlib/fclient"
|
|
"github.com/matrix-org/gomatrixserverlib/spec"
|
|
"github.com/matrix-org/util"
|
|
|
|
"github.com/matrix-org/dendrite/clientapi/httputil"
|
|
federationAPI "github.com/matrix-org/dendrite/federationapi/api"
|
|
roomserverAPI "github.com/matrix-org/dendrite/roomserver/api"
|
|
"github.com/matrix-org/dendrite/setup/config"
|
|
userapi "github.com/matrix-org/dendrite/userapi/api"
|
|
)
|
|
|
|
type roomDirectoryResponse struct {
|
|
RoomID string `json:"room_id"`
|
|
Servers []string `json:"servers"`
|
|
}
|
|
|
|
func (r *roomDirectoryResponse) fillServers(servers []spec.ServerName) {
|
|
r.Servers = make([]string, len(servers))
|
|
for i, s := range servers {
|
|
r.Servers[i] = string(s)
|
|
}
|
|
}
|
|
|
|
// DirectoryRoom looks up a room alias
|
|
func DirectoryRoom(
|
|
req *http.Request,
|
|
roomAlias string,
|
|
federation fclient.FederationClient,
|
|
cfg *config.ClientAPI,
|
|
rsAPI roomserverAPI.ClientRoomserverAPI,
|
|
fedSenderAPI federationAPI.ClientFederationAPI,
|
|
) util.JSONResponse {
|
|
_, domain, err := gomatrixserverlib.SplitID('#', roomAlias)
|
|
if err != nil {
|
|
return util.JSONResponse{
|
|
Code: http.StatusBadRequest,
|
|
JSON: spec.BadJSON("Room alias must be in the form '#localpart:domain'"),
|
|
}
|
|
}
|
|
|
|
var res roomDirectoryResponse
|
|
|
|
// Query the roomserver API to check if the alias exists locally.
|
|
queryReq := &roomserverAPI.GetRoomIDForAliasRequest{
|
|
Alias: roomAlias,
|
|
IncludeAppservices: true,
|
|
}
|
|
queryRes := &roomserverAPI.GetRoomIDForAliasResponse{}
|
|
if err = rsAPI.GetRoomIDForAlias(req.Context(), queryReq, queryRes); err != nil {
|
|
util.GetLogger(req.Context()).WithError(err).Error("rsAPI.GetRoomIDForAlias failed")
|
|
return util.JSONResponse{
|
|
Code: http.StatusInternalServerError,
|
|
JSON: spec.InternalServerError{},
|
|
}
|
|
}
|
|
|
|
res.RoomID = queryRes.RoomID
|
|
|
|
if res.RoomID == "" {
|
|
// If we don't know it locally, do a federation query.
|
|
// But don't send the query to ourselves.
|
|
if !cfg.Matrix.IsLocalServerName(domain) {
|
|
fedRes, fedErr := federation.LookupRoomAlias(req.Context(), cfg.Matrix.ServerName, domain, roomAlias)
|
|
if fedErr != nil {
|
|
// TODO: Return 502 if the remote server errored.
|
|
// TODO: Return 504 if the remote server timed out.
|
|
util.GetLogger(req.Context()).WithError(fedErr).Error("federation.LookupRoomAlias failed")
|
|
return util.JSONResponse{
|
|
Code: http.StatusInternalServerError,
|
|
JSON: spec.InternalServerError{},
|
|
}
|
|
}
|
|
res.RoomID = fedRes.RoomID
|
|
res.fillServers(fedRes.Servers)
|
|
}
|
|
|
|
if res.RoomID == "" {
|
|
return util.JSONResponse{
|
|
Code: http.StatusNotFound,
|
|
JSON: spec.NotFound(
|
|
fmt.Sprintf("Room alias %s not found", roomAlias),
|
|
),
|
|
}
|
|
}
|
|
} else {
|
|
joinedHostsReq := federationAPI.QueryJoinedHostServerNamesInRoomRequest{RoomID: res.RoomID}
|
|
var joinedHostsRes federationAPI.QueryJoinedHostServerNamesInRoomResponse
|
|
if err = fedSenderAPI.QueryJoinedHostServerNamesInRoom(req.Context(), &joinedHostsReq, &joinedHostsRes); err != nil {
|
|
util.GetLogger(req.Context()).WithError(err).Error("fedSenderAPI.QueryJoinedHostServerNamesInRoom failed")
|
|
return util.JSONResponse{
|
|
Code: http.StatusInternalServerError,
|
|
JSON: spec.InternalServerError{},
|
|
}
|
|
}
|
|
res.fillServers(joinedHostsRes.ServerNames)
|
|
}
|
|
|
|
return util.JSONResponse{
|
|
Code: http.StatusOK,
|
|
JSON: res,
|
|
}
|
|
}
|
|
|
|
// SetLocalAlias implements PUT /directory/room/{roomAlias}
|
|
func SetLocalAlias(
|
|
req *http.Request,
|
|
device *userapi.Device,
|
|
alias string,
|
|
cfg *config.ClientAPI,
|
|
rsAPI roomserverAPI.ClientRoomserverAPI,
|
|
) util.JSONResponse {
|
|
_, domain, err := gomatrixserverlib.SplitID('#', alias)
|
|
if err != nil {
|
|
return util.JSONResponse{
|
|
Code: http.StatusBadRequest,
|
|
JSON: spec.BadJSON("Room alias must be in the form '#localpart:domain'"),
|
|
}
|
|
}
|
|
|
|
if !cfg.Matrix.IsLocalServerName(domain) {
|
|
return util.JSONResponse{
|
|
Code: http.StatusForbidden,
|
|
JSON: spec.Forbidden("Alias must be on local homeserver"),
|
|
}
|
|
}
|
|
|
|
// Check that the alias does not fall within an exclusive namespace of an
|
|
// application service
|
|
// TODO: This code should eventually be refactored with:
|
|
// 1. The new method for checking for things matching an AS's namespace
|
|
// 2. Using an overall Regex object for all AS's just like we did for usernames
|
|
reqUserID, _, err := gomatrixserverlib.SplitID('@', device.UserID)
|
|
if err != nil {
|
|
return util.JSONResponse{
|
|
Code: http.StatusBadRequest,
|
|
JSON: spec.BadJSON("User ID must be in the form '@localpart:domain'"),
|
|
}
|
|
}
|
|
for _, appservice := range cfg.Derived.ApplicationServices {
|
|
// Don't prevent AS from creating aliases in its own namespace
|
|
// Note that Dendrite uses SenderLocalpart as UserID for AS users
|
|
if reqUserID != appservice.SenderLocalpart {
|
|
if aliasNamespaces, ok := appservice.NamespaceMap["aliases"]; ok {
|
|
for _, namespace := range aliasNamespaces {
|
|
if namespace.Exclusive && namespace.RegexpObject.MatchString(alias) {
|
|
return util.JSONResponse{
|
|
Code: http.StatusBadRequest,
|
|
JSON: spec.ASExclusive("Alias is reserved by an application service"),
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
var r struct {
|
|
RoomID string `json:"room_id"`
|
|
}
|
|
if resErr := httputil.UnmarshalJSONRequest(req, &r); resErr != nil {
|
|
return *resErr
|
|
}
|
|
|
|
roomID, err := spec.NewRoomID(r.RoomID)
|
|
if err != nil {
|
|
return util.JSONResponse{
|
|
Code: http.StatusBadRequest,
|
|
JSON: spec.InvalidParam("invalid room ID"),
|
|
}
|
|
}
|
|
|
|
userID, err := spec.NewUserID(device.UserID, true)
|
|
if err != nil {
|
|
return util.JSONResponse{
|
|
Code: http.StatusInternalServerError,
|
|
JSON: spec.Unknown("internal server error"),
|
|
}
|
|
}
|
|
|
|
senderID, err := rsAPI.QuerySenderIDForUser(req.Context(), *roomID, *userID)
|
|
if err != nil {
|
|
util.GetLogger(req.Context()).WithError(err).Error("QuerySenderIDForUser failed")
|
|
return util.JSONResponse{
|
|
Code: http.StatusInternalServerError,
|
|
JSON: spec.Unknown("internal server error"),
|
|
}
|
|
} else if senderID == nil {
|
|
util.GetLogger(req.Context()).WithField("roomID", *roomID).WithField("userID", *userID).Error("Sender ID not found")
|
|
return util.JSONResponse{
|
|
Code: http.StatusInternalServerError,
|
|
JSON: spec.Unknown("internal server error"),
|
|
}
|
|
}
|
|
|
|
aliasAlreadyExists, err := rsAPI.SetRoomAlias(req.Context(), *senderID, *roomID, alias)
|
|
if err != nil {
|
|
util.GetLogger(req.Context()).WithError(err).Error("aliasAPI.SetRoomAlias failed")
|
|
return util.JSONResponse{
|
|
Code: http.StatusInternalServerError,
|
|
JSON: spec.InternalServerError{},
|
|
}
|
|
}
|
|
|
|
if aliasAlreadyExists {
|
|
return util.JSONResponse{
|
|
Code: http.StatusConflict,
|
|
JSON: spec.Unknown("The alias " + alias + " already exists."),
|
|
}
|
|
}
|
|
|
|
return util.JSONResponse{
|
|
Code: http.StatusOK,
|
|
JSON: struct{}{},
|
|
}
|
|
}
|
|
|
|
// RemoveLocalAlias implements DELETE /directory/room/{roomAlias}
|
|
func RemoveLocalAlias(
|
|
req *http.Request,
|
|
device *userapi.Device,
|
|
alias string,
|
|
rsAPI roomserverAPI.ClientRoomserverAPI,
|
|
) util.JSONResponse {
|
|
userID, err := spec.NewUserID(device.UserID, true)
|
|
if err != nil {
|
|
return util.JSONResponse{
|
|
Code: http.StatusInternalServerError,
|
|
JSON: spec.InternalServerError{Err: "UserID for device is invalid"},
|
|
}
|
|
}
|
|
|
|
roomIDReq := roomserverAPI.GetRoomIDForAliasRequest{Alias: alias}
|
|
roomIDRes := roomserverAPI.GetRoomIDForAliasResponse{}
|
|
err = rsAPI.GetRoomIDForAlias(req.Context(), &roomIDReq, &roomIDRes)
|
|
if err != nil {
|
|
return util.JSONResponse{
|
|
Code: http.StatusNotFound,
|
|
JSON: spec.NotFound("The alias does not exist."),
|
|
}
|
|
}
|
|
|
|
validRoomID, err := spec.NewRoomID(roomIDRes.RoomID)
|
|
if err != nil {
|
|
return util.JSONResponse{
|
|
Code: http.StatusNotFound,
|
|
JSON: spec.NotFound("The alias does not exist."),
|
|
}
|
|
}
|
|
|
|
// This seems like the kind of auth check that should be done in the roomserver, but
|
|
// if this check fails (user is not in the room), then there will be no SenderID for the user
|
|
// for pseudo-ID rooms - it will just return "". However, we can't use lack of a sender ID
|
|
// as meaning they are not in the room, since lacking a sender ID could be caused by other bugs.
|
|
// TODO: maybe have QuerySenderIDForUser return richer errors?
|
|
var queryResp roomserverAPI.QueryMembershipForUserResponse
|
|
err = rsAPI.QueryMembershipForUser(req.Context(), &roomserverAPI.QueryMembershipForUserRequest{
|
|
RoomID: validRoomID.String(),
|
|
UserID: *userID,
|
|
}, &queryResp)
|
|
if err != nil {
|
|
util.GetLogger(req.Context()).WithError(err).Error("roomserverAPI.QueryMembershipForUser failed")
|
|
return util.JSONResponse{
|
|
Code: http.StatusInternalServerError,
|
|
JSON: spec.Unknown("internal server error"),
|
|
}
|
|
}
|
|
if !queryResp.IsInRoom {
|
|
return util.JSONResponse{
|
|
Code: http.StatusForbidden,
|
|
JSON: spec.Forbidden("You do not have permission to remove this alias."),
|
|
}
|
|
}
|
|
|
|
deviceSenderID, err := rsAPI.QuerySenderIDForUser(req.Context(), *validRoomID, *userID)
|
|
if err != nil {
|
|
return util.JSONResponse{
|
|
Code: http.StatusNotFound,
|
|
JSON: spec.NotFound("The alias does not exist."),
|
|
}
|
|
}
|
|
// TODO: how to handle this case? missing user/room keys seem to be a whole new class of errors
|
|
if deviceSenderID == nil {
|
|
return util.JSONResponse{
|
|
Code: http.StatusInternalServerError,
|
|
JSON: spec.Unknown("internal server error"),
|
|
}
|
|
}
|
|
|
|
aliasFound, aliasRemoved, err := rsAPI.RemoveRoomAlias(req.Context(), *deviceSenderID, alias)
|
|
if err != nil {
|
|
util.GetLogger(req.Context()).WithError(err).Error("aliasAPI.RemoveRoomAlias failed")
|
|
return util.JSONResponse{
|
|
Code: http.StatusInternalServerError,
|
|
JSON: spec.Unknown("internal server error"),
|
|
}
|
|
}
|
|
|
|
if !aliasFound {
|
|
return util.JSONResponse{
|
|
Code: http.StatusNotFound,
|
|
JSON: spec.NotFound("The alias does not exist."),
|
|
}
|
|
}
|
|
|
|
if !aliasRemoved {
|
|
return util.JSONResponse{
|
|
Code: http.StatusForbidden,
|
|
JSON: spec.Forbidden("You do not have permission to remove this alias."),
|
|
}
|
|
}
|
|
|
|
return util.JSONResponse{
|
|
Code: http.StatusOK,
|
|
JSON: struct{}{},
|
|
}
|
|
}
|
|
|
|
type roomVisibility struct {
|
|
Visibility string `json:"visibility"`
|
|
}
|
|
|
|
// GetVisibility implements GET /directory/list/room/{roomID}
|
|
func GetVisibility(
|
|
req *http.Request, rsAPI roomserverAPI.ClientRoomserverAPI,
|
|
roomID string,
|
|
) util.JSONResponse {
|
|
var res roomserverAPI.QueryPublishedRoomsResponse
|
|
err := rsAPI.QueryPublishedRooms(req.Context(), &roomserverAPI.QueryPublishedRoomsRequest{
|
|
RoomID: roomID,
|
|
}, &res)
|
|
if err != nil {
|
|
util.GetLogger(req.Context()).WithError(err).Error("QueryPublishedRooms failed")
|
|
return util.JSONResponse{
|
|
Code: http.StatusInternalServerError,
|
|
JSON: spec.InternalServerError{},
|
|
}
|
|
}
|
|
|
|
var v roomVisibility
|
|
if len(res.RoomIDs) == 1 {
|
|
v.Visibility = spec.Public
|
|
} else {
|
|
v.Visibility = "private"
|
|
}
|
|
|
|
return util.JSONResponse{
|
|
Code: http.StatusOK,
|
|
JSON: v,
|
|
}
|
|
}
|
|
|
|
// SetVisibility implements PUT /directory/list/room/{roomID}
|
|
// TODO: Allow admin users to edit the room visibility
|
|
func SetVisibility(
|
|
req *http.Request, rsAPI roomserverAPI.ClientRoomserverAPI, dev *userapi.Device,
|
|
roomID string,
|
|
) util.JSONResponse {
|
|
deviceUserID, err := spec.NewUserID(dev.UserID, true)
|
|
if err != nil {
|
|
return util.JSONResponse{
|
|
Code: http.StatusBadRequest,
|
|
JSON: spec.BadJSON("userID for this device is invalid"),
|
|
}
|
|
}
|
|
validRoomID, err := spec.NewRoomID(roomID)
|
|
if err != nil {
|
|
util.GetLogger(req.Context()).WithError(err).Error("roomID is invalid")
|
|
return util.JSONResponse{
|
|
Code: http.StatusBadRequest,
|
|
JSON: spec.BadJSON("RoomID is invalid"),
|
|
}
|
|
}
|
|
senderID, err := rsAPI.QuerySenderIDForUser(req.Context(), *validRoomID, *deviceUserID)
|
|
if err != nil || senderID == nil {
|
|
return util.JSONResponse{
|
|
Code: http.StatusBadRequest,
|
|
JSON: spec.Unknown("failed to find senderID for this user"),
|
|
}
|
|
}
|
|
|
|
resErr := checkMemberInRoom(req.Context(), rsAPI, *deviceUserID, roomID)
|
|
if resErr != nil {
|
|
return *resErr
|
|
}
|
|
|
|
queryEventsReq := roomserverAPI.QueryLatestEventsAndStateRequest{
|
|
RoomID: roomID,
|
|
StateToFetch: []gomatrixserverlib.StateKeyTuple{{
|
|
EventType: spec.MRoomPowerLevels,
|
|
StateKey: "",
|
|
}},
|
|
}
|
|
var queryEventsRes roomserverAPI.QueryLatestEventsAndStateResponse
|
|
err = rsAPI.QueryLatestEventsAndState(req.Context(), &queryEventsReq, &queryEventsRes)
|
|
if err != nil || len(queryEventsRes.StateEvents) == 0 {
|
|
util.GetLogger(req.Context()).WithError(err).Error("could not query events from room")
|
|
return util.JSONResponse{
|
|
Code: http.StatusInternalServerError,
|
|
JSON: spec.InternalServerError{},
|
|
}
|
|
}
|
|
|
|
// NOTSPEC: Check if the user's power is greater than power required to change m.room.canonical_alias event
|
|
power, _ := gomatrixserverlib.NewPowerLevelContentFromEvent(queryEventsRes.StateEvents[0].PDU)
|
|
if power.UserLevel(*senderID) < power.EventLevel(spec.MRoomCanonicalAlias, true) {
|
|
return util.JSONResponse{
|
|
Code: http.StatusForbidden,
|
|
JSON: spec.Forbidden("userID doesn't have power level to change visibility"),
|
|
}
|
|
}
|
|
|
|
var v roomVisibility
|
|
if reqErr := httputil.UnmarshalJSONRequest(req, &v); reqErr != nil {
|
|
return *reqErr
|
|
}
|
|
|
|
if err = rsAPI.PerformPublish(req.Context(), &roomserverAPI.PerformPublishRequest{
|
|
RoomID: roomID,
|
|
Visibility: v.Visibility,
|
|
}); err != nil {
|
|
util.GetLogger(req.Context()).WithError(err).Error("failed to publish room")
|
|
return util.JSONResponse{
|
|
Code: http.StatusInternalServerError,
|
|
JSON: spec.InternalServerError{},
|
|
}
|
|
}
|
|
|
|
return util.JSONResponse{
|
|
Code: http.StatusOK,
|
|
JSON: struct{}{},
|
|
}
|
|
}
|
|
|
|
func SetVisibilityAS(
|
|
req *http.Request, rsAPI roomserverAPI.ClientRoomserverAPI, dev *userapi.Device,
|
|
networkID, roomID string,
|
|
) util.JSONResponse {
|
|
if dev.AccountType != userapi.AccountTypeAppService {
|
|
return util.JSONResponse{
|
|
Code: http.StatusForbidden,
|
|
JSON: spec.Forbidden("Only appservice may use this endpoint"),
|
|
}
|
|
}
|
|
var v roomVisibility
|
|
|
|
// If the method is delete, we simply mark the visibility as private
|
|
if req.Method == http.MethodDelete {
|
|
v.Visibility = "private"
|
|
} else {
|
|
if reqErr := httputil.UnmarshalJSONRequest(req, &v); reqErr != nil {
|
|
return *reqErr
|
|
}
|
|
}
|
|
if err := rsAPI.PerformPublish(req.Context(), &roomserverAPI.PerformPublishRequest{
|
|
RoomID: roomID,
|
|
Visibility: v.Visibility,
|
|
NetworkID: networkID,
|
|
AppserviceID: dev.AppserviceID,
|
|
}); err != nil {
|
|
util.GetLogger(req.Context()).WithError(err).Error("failed to publish room")
|
|
return util.JSONResponse{
|
|
Code: http.StatusInternalServerError,
|
|
JSON: spec.InternalServerError{},
|
|
}
|
|
}
|
|
|
|
return util.JSONResponse{
|
|
Code: http.StatusOK,
|
|
JSON: struct{}{},
|
|
}
|
|
}
|