mirror of
https://github.com/matrix-org/dendrite
synced 2024-11-14 13:51:20 +01:00
9510fa00cc
Part of https://github.com/matrix-org/dendrite/issues/3223 (https://github.com/matrix-org/matrix-spec/pull/1286) (For `DELETE` we don't validate the alias, but just return a 404 if we can't find it)
491 lines
15 KiB
Go
491 lines
15 KiB
Go
// Copyright 2020 The Matrix.org Foundation C.I.C.
|
|
//
|
|
// Licensed under the Apache License, Version 2.0 (the "License");
|
|
// you may not use this file except in compliance with the License.
|
|
// You may obtain a copy of the License at
|
|
//
|
|
// http://www.apache.org/licenses/LICENSE-2.0
|
|
//
|
|
// Unless required by applicable law or agreed to in writing, software
|
|
// distributed under the License is distributed on an "AS IS" BASIS,
|
|
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
// See the License for the specific language governing permissions and
|
|
// limitations under the License.
|
|
|
|
package routing
|
|
|
|
import (
|
|
"fmt"
|
|
"net/http"
|
|
|
|
"github.com/matrix-org/gomatrixserverlib"
|
|
"github.com/matrix-org/gomatrixserverlib/fclient"
|
|
"github.com/matrix-org/gomatrixserverlib/spec"
|
|
"github.com/matrix-org/util"
|
|
|
|
"github.com/matrix-org/dendrite/clientapi/httputil"
|
|
federationAPI "github.com/matrix-org/dendrite/federationapi/api"
|
|
roomserverAPI "github.com/matrix-org/dendrite/roomserver/api"
|
|
"github.com/matrix-org/dendrite/setup/config"
|
|
userapi "github.com/matrix-org/dendrite/userapi/api"
|
|
)
|
|
|
|
type roomDirectoryResponse struct {
|
|
RoomID string `json:"room_id"`
|
|
Servers []string `json:"servers"`
|
|
}
|
|
|
|
func (r *roomDirectoryResponse) fillServers(servers []spec.ServerName) {
|
|
r.Servers = make([]string, len(servers))
|
|
for i, s := range servers {
|
|
r.Servers[i] = string(s)
|
|
}
|
|
}
|
|
|
|
// DirectoryRoom looks up a room alias
|
|
func DirectoryRoom(
|
|
req *http.Request,
|
|
roomAlias string,
|
|
federation fclient.FederationClient,
|
|
cfg *config.ClientAPI,
|
|
rsAPI roomserverAPI.ClientRoomserverAPI,
|
|
fedSenderAPI federationAPI.ClientFederationAPI,
|
|
) util.JSONResponse {
|
|
_, domain, err := gomatrixserverlib.SplitID('#', roomAlias)
|
|
if err != nil {
|
|
return util.JSONResponse{
|
|
Code: http.StatusBadRequest,
|
|
JSON: spec.InvalidParam("Room alias must be in the form '#localpart:domain'"),
|
|
}
|
|
}
|
|
|
|
var res roomDirectoryResponse
|
|
|
|
// Query the roomserver API to check if the alias exists locally.
|
|
queryReq := &roomserverAPI.GetRoomIDForAliasRequest{
|
|
Alias: roomAlias,
|
|
IncludeAppservices: true,
|
|
}
|
|
queryRes := &roomserverAPI.GetRoomIDForAliasResponse{}
|
|
if err = rsAPI.GetRoomIDForAlias(req.Context(), queryReq, queryRes); err != nil {
|
|
util.GetLogger(req.Context()).WithError(err).Error("rsAPI.GetRoomIDForAlias failed")
|
|
return util.JSONResponse{
|
|
Code: http.StatusInternalServerError,
|
|
JSON: spec.InternalServerError{},
|
|
}
|
|
}
|
|
|
|
res.RoomID = queryRes.RoomID
|
|
|
|
if res.RoomID == "" {
|
|
// If we don't know it locally, do a federation query.
|
|
// But don't send the query to ourselves.
|
|
if !cfg.Matrix.IsLocalServerName(domain) {
|
|
fedRes, fedErr := federation.LookupRoomAlias(req.Context(), cfg.Matrix.ServerName, domain, roomAlias)
|
|
if fedErr != nil {
|
|
// TODO: Return 502 if the remote server errored.
|
|
// TODO: Return 504 if the remote server timed out.
|
|
util.GetLogger(req.Context()).WithError(fedErr).Error("federation.LookupRoomAlias failed")
|
|
return util.JSONResponse{
|
|
Code: http.StatusInternalServerError,
|
|
JSON: spec.InternalServerError{},
|
|
}
|
|
}
|
|
res.RoomID = fedRes.RoomID
|
|
res.fillServers(fedRes.Servers)
|
|
}
|
|
|
|
if res.RoomID == "" {
|
|
return util.JSONResponse{
|
|
Code: http.StatusNotFound,
|
|
JSON: spec.NotFound(
|
|
fmt.Sprintf("Room alias %s not found", roomAlias),
|
|
),
|
|
}
|
|
}
|
|
} else {
|
|
joinedHostsReq := federationAPI.QueryJoinedHostServerNamesInRoomRequest{RoomID: res.RoomID}
|
|
var joinedHostsRes federationAPI.QueryJoinedHostServerNamesInRoomResponse
|
|
if err = fedSenderAPI.QueryJoinedHostServerNamesInRoom(req.Context(), &joinedHostsReq, &joinedHostsRes); err != nil {
|
|
util.GetLogger(req.Context()).WithError(err).Error("fedSenderAPI.QueryJoinedHostServerNamesInRoom failed")
|
|
return util.JSONResponse{
|
|
Code: http.StatusInternalServerError,
|
|
JSON: spec.InternalServerError{},
|
|
}
|
|
}
|
|
res.fillServers(joinedHostsRes.ServerNames)
|
|
}
|
|
|
|
return util.JSONResponse{
|
|
Code: http.StatusOK,
|
|
JSON: res,
|
|
}
|
|
}
|
|
|
|
// SetLocalAlias implements PUT /directory/room/{roomAlias}
|
|
func SetLocalAlias(
|
|
req *http.Request,
|
|
device *userapi.Device,
|
|
alias string,
|
|
cfg *config.ClientAPI,
|
|
rsAPI roomserverAPI.ClientRoomserverAPI,
|
|
) util.JSONResponse {
|
|
_, domain, err := gomatrixserverlib.SplitID('#', alias)
|
|
if err != nil {
|
|
return util.JSONResponse{
|
|
Code: http.StatusBadRequest,
|
|
JSON: spec.InvalidParam("Room alias must be in the form '#localpart:domain'"),
|
|
}
|
|
}
|
|
|
|
if !cfg.Matrix.IsLocalServerName(domain) {
|
|
return util.JSONResponse{
|
|
Code: http.StatusForbidden,
|
|
JSON: spec.Forbidden("Alias must be on local homeserver"),
|
|
}
|
|
}
|
|
|
|
// Check that the alias does not fall within an exclusive namespace of an
|
|
// application service
|
|
// TODO: This code should eventually be refactored with:
|
|
// 1. The new method for checking for things matching an AS's namespace
|
|
// 2. Using an overall Regex object for all AS's just like we did for usernames
|
|
reqUserID, _, err := gomatrixserverlib.SplitID('@', device.UserID)
|
|
if err != nil {
|
|
return util.JSONResponse{
|
|
Code: http.StatusBadRequest,
|
|
JSON: spec.BadJSON("User ID must be in the form '@localpart:domain'"),
|
|
}
|
|
}
|
|
for _, appservice := range cfg.Derived.ApplicationServices {
|
|
// Don't prevent AS from creating aliases in its own namespace
|
|
// Note that Dendrite uses SenderLocalpart as UserID for AS users
|
|
if reqUserID != appservice.SenderLocalpart {
|
|
if aliasNamespaces, ok := appservice.NamespaceMap["aliases"]; ok {
|
|
for _, namespace := range aliasNamespaces {
|
|
if namespace.Exclusive && namespace.RegexpObject.MatchString(alias) {
|
|
return util.JSONResponse{
|
|
Code: http.StatusBadRequest,
|
|
JSON: spec.ASExclusive("Alias is reserved by an application service"),
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
var r struct {
|
|
RoomID string `json:"room_id"`
|
|
}
|
|
if resErr := httputil.UnmarshalJSONRequest(req, &r); resErr != nil {
|
|
return *resErr
|
|
}
|
|
|
|
roomID, err := spec.NewRoomID(r.RoomID)
|
|
if err != nil {
|
|
return util.JSONResponse{
|
|
Code: http.StatusBadRequest,
|
|
JSON: spec.InvalidParam("invalid room ID"),
|
|
}
|
|
}
|
|
|
|
userID, err := spec.NewUserID(device.UserID, true)
|
|
if err != nil {
|
|
return util.JSONResponse{
|
|
Code: http.StatusInternalServerError,
|
|
JSON: spec.Unknown("internal server error"),
|
|
}
|
|
}
|
|
|
|
senderID, err := rsAPI.QuerySenderIDForUser(req.Context(), *roomID, *userID)
|
|
if err != nil {
|
|
util.GetLogger(req.Context()).WithError(err).Error("QuerySenderIDForUser failed")
|
|
return util.JSONResponse{
|
|
Code: http.StatusInternalServerError,
|
|
JSON: spec.Unknown("internal server error"),
|
|
}
|
|
} else if senderID == nil {
|
|
util.GetLogger(req.Context()).WithField("roomID", *roomID).WithField("userID", *userID).Error("Sender ID not found")
|
|
return util.JSONResponse{
|
|
Code: http.StatusInternalServerError,
|
|
JSON: spec.Unknown("internal server error"),
|
|
}
|
|
}
|
|
|
|
aliasAlreadyExists, err := rsAPI.SetRoomAlias(req.Context(), *senderID, *roomID, alias)
|
|
if err != nil {
|
|
util.GetLogger(req.Context()).WithError(err).Error("aliasAPI.SetRoomAlias failed")
|
|
return util.JSONResponse{
|
|
Code: http.StatusInternalServerError,
|
|
JSON: spec.InternalServerError{},
|
|
}
|
|
}
|
|
|
|
if aliasAlreadyExists {
|
|
return util.JSONResponse{
|
|
Code: http.StatusConflict,
|
|
JSON: spec.Unknown("The alias " + alias + " already exists."),
|
|
}
|
|
}
|
|
|
|
return util.JSONResponse{
|
|
Code: http.StatusOK,
|
|
JSON: struct{}{},
|
|
}
|
|
}
|
|
|
|
// RemoveLocalAlias implements DELETE /directory/room/{roomAlias}
|
|
func RemoveLocalAlias(
|
|
req *http.Request,
|
|
device *userapi.Device,
|
|
alias string,
|
|
rsAPI roomserverAPI.ClientRoomserverAPI,
|
|
) util.JSONResponse {
|
|
userID, err := spec.NewUserID(device.UserID, true)
|
|
if err != nil {
|
|
return util.JSONResponse{
|
|
Code: http.StatusInternalServerError,
|
|
JSON: spec.InternalServerError{Err: "UserID for device is invalid"},
|
|
}
|
|
}
|
|
|
|
roomIDReq := roomserverAPI.GetRoomIDForAliasRequest{Alias: alias}
|
|
roomIDRes := roomserverAPI.GetRoomIDForAliasResponse{}
|
|
err = rsAPI.GetRoomIDForAlias(req.Context(), &roomIDReq, &roomIDRes)
|
|
if err != nil {
|
|
return util.JSONResponse{
|
|
Code: http.StatusNotFound,
|
|
JSON: spec.NotFound("The alias does not exist."),
|
|
}
|
|
}
|
|
|
|
validRoomID, err := spec.NewRoomID(roomIDRes.RoomID)
|
|
if err != nil {
|
|
return util.JSONResponse{
|
|
Code: http.StatusNotFound,
|
|
JSON: spec.NotFound("The alias does not exist."),
|
|
}
|
|
}
|
|
|
|
// This seems like the kind of auth check that should be done in the roomserver, but
|
|
// if this check fails (user is not in the room), then there will be no SenderID for the user
|
|
// for pseudo-ID rooms - it will just return "". However, we can't use lack of a sender ID
|
|
// as meaning they are not in the room, since lacking a sender ID could be caused by other bugs.
|
|
// TODO: maybe have QuerySenderIDForUser return richer errors?
|
|
var queryResp roomserverAPI.QueryMembershipForUserResponse
|
|
err = rsAPI.QueryMembershipForUser(req.Context(), &roomserverAPI.QueryMembershipForUserRequest{
|
|
RoomID: validRoomID.String(),
|
|
UserID: *userID,
|
|
}, &queryResp)
|
|
if err != nil {
|
|
util.GetLogger(req.Context()).WithError(err).Error("roomserverAPI.QueryMembershipForUser failed")
|
|
return util.JSONResponse{
|
|
Code: http.StatusInternalServerError,
|
|
JSON: spec.Unknown("internal server error"),
|
|
}
|
|
}
|
|
if !queryResp.IsInRoom {
|
|
return util.JSONResponse{
|
|
Code: http.StatusForbidden,
|
|
JSON: spec.Forbidden("You do not have permission to remove this alias."),
|
|
}
|
|
}
|
|
|
|
deviceSenderID, err := rsAPI.QuerySenderIDForUser(req.Context(), *validRoomID, *userID)
|
|
if err != nil {
|
|
return util.JSONResponse{
|
|
Code: http.StatusNotFound,
|
|
JSON: spec.NotFound("The alias does not exist."),
|
|
}
|
|
}
|
|
// TODO: how to handle this case? missing user/room keys seem to be a whole new class of errors
|
|
if deviceSenderID == nil {
|
|
return util.JSONResponse{
|
|
Code: http.StatusInternalServerError,
|
|
JSON: spec.Unknown("internal server error"),
|
|
}
|
|
}
|
|
|
|
aliasFound, aliasRemoved, err := rsAPI.RemoveRoomAlias(req.Context(), *deviceSenderID, alias)
|
|
if err != nil {
|
|
util.GetLogger(req.Context()).WithError(err).Error("aliasAPI.RemoveRoomAlias failed")
|
|
return util.JSONResponse{
|
|
Code: http.StatusInternalServerError,
|
|
JSON: spec.Unknown("internal server error"),
|
|
}
|
|
}
|
|
|
|
if !aliasFound {
|
|
return util.JSONResponse{
|
|
Code: http.StatusNotFound,
|
|
JSON: spec.NotFound("The alias does not exist."),
|
|
}
|
|
}
|
|
|
|
if !aliasRemoved {
|
|
return util.JSONResponse{
|
|
Code: http.StatusForbidden,
|
|
JSON: spec.Forbidden("You do not have permission to remove this alias."),
|
|
}
|
|
}
|
|
|
|
return util.JSONResponse{
|
|
Code: http.StatusOK,
|
|
JSON: struct{}{},
|
|
}
|
|
}
|
|
|
|
type roomVisibility struct {
|
|
Visibility string `json:"visibility"`
|
|
}
|
|
|
|
// GetVisibility implements GET /directory/list/room/{roomID}
|
|
func GetVisibility(
|
|
req *http.Request, rsAPI roomserverAPI.ClientRoomserverAPI,
|
|
roomID string,
|
|
) util.JSONResponse {
|
|
var res roomserverAPI.QueryPublishedRoomsResponse
|
|
err := rsAPI.QueryPublishedRooms(req.Context(), &roomserverAPI.QueryPublishedRoomsRequest{
|
|
RoomID: roomID,
|
|
}, &res)
|
|
if err != nil {
|
|
util.GetLogger(req.Context()).WithError(err).Error("QueryPublishedRooms failed")
|
|
return util.JSONResponse{
|
|
Code: http.StatusInternalServerError,
|
|
JSON: spec.InternalServerError{},
|
|
}
|
|
}
|
|
|
|
var v roomVisibility
|
|
if len(res.RoomIDs) == 1 {
|
|
v.Visibility = spec.Public
|
|
} else {
|
|
v.Visibility = "private"
|
|
}
|
|
|
|
return util.JSONResponse{
|
|
Code: http.StatusOK,
|
|
JSON: v,
|
|
}
|
|
}
|
|
|
|
// SetVisibility implements PUT /directory/list/room/{roomID}
|
|
// TODO: Allow admin users to edit the room visibility
|
|
func SetVisibility(
|
|
req *http.Request, rsAPI roomserverAPI.ClientRoomserverAPI, dev *userapi.Device,
|
|
roomID string,
|
|
) util.JSONResponse {
|
|
deviceUserID, err := spec.NewUserID(dev.UserID, true)
|
|
if err != nil {
|
|
return util.JSONResponse{
|
|
Code: http.StatusBadRequest,
|
|
JSON: spec.BadJSON("userID for this device is invalid"),
|
|
}
|
|
}
|
|
validRoomID, err := spec.NewRoomID(roomID)
|
|
if err != nil {
|
|
util.GetLogger(req.Context()).WithError(err).Error("roomID is invalid")
|
|
return util.JSONResponse{
|
|
Code: http.StatusBadRequest,
|
|
JSON: spec.BadJSON("RoomID is invalid"),
|
|
}
|
|
}
|
|
senderID, err := rsAPI.QuerySenderIDForUser(req.Context(), *validRoomID, *deviceUserID)
|
|
if err != nil || senderID == nil {
|
|
return util.JSONResponse{
|
|
Code: http.StatusBadRequest,
|
|
JSON: spec.Unknown("failed to find senderID for this user"),
|
|
}
|
|
}
|
|
|
|
resErr := checkMemberInRoom(req.Context(), rsAPI, *deviceUserID, roomID)
|
|
if resErr != nil {
|
|
return *resErr
|
|
}
|
|
|
|
queryEventsReq := roomserverAPI.QueryLatestEventsAndStateRequest{
|
|
RoomID: roomID,
|
|
StateToFetch: []gomatrixserverlib.StateKeyTuple{{
|
|
EventType: spec.MRoomPowerLevels,
|
|
StateKey: "",
|
|
}},
|
|
}
|
|
var queryEventsRes roomserverAPI.QueryLatestEventsAndStateResponse
|
|
err = rsAPI.QueryLatestEventsAndState(req.Context(), &queryEventsReq, &queryEventsRes)
|
|
if err != nil || len(queryEventsRes.StateEvents) == 0 {
|
|
util.GetLogger(req.Context()).WithError(err).Error("could not query events from room")
|
|
return util.JSONResponse{
|
|
Code: http.StatusInternalServerError,
|
|
JSON: spec.InternalServerError{},
|
|
}
|
|
}
|
|
|
|
// NOTSPEC: Check if the user's power is greater than power required to change m.room.canonical_alias event
|
|
power, _ := gomatrixserverlib.NewPowerLevelContentFromEvent(queryEventsRes.StateEvents[0].PDU)
|
|
if power.UserLevel(*senderID) < power.EventLevel(spec.MRoomCanonicalAlias, true) {
|
|
return util.JSONResponse{
|
|
Code: http.StatusForbidden,
|
|
JSON: spec.Forbidden("userID doesn't have power level to change visibility"),
|
|
}
|
|
}
|
|
|
|
var v roomVisibility
|
|
if reqErr := httputil.UnmarshalJSONRequest(req, &v); reqErr != nil {
|
|
return *reqErr
|
|
}
|
|
|
|
if err = rsAPI.PerformPublish(req.Context(), &roomserverAPI.PerformPublishRequest{
|
|
RoomID: roomID,
|
|
Visibility: v.Visibility,
|
|
}); err != nil {
|
|
util.GetLogger(req.Context()).WithError(err).Error("failed to publish room")
|
|
return util.JSONResponse{
|
|
Code: http.StatusInternalServerError,
|
|
JSON: spec.InternalServerError{},
|
|
}
|
|
}
|
|
|
|
return util.JSONResponse{
|
|
Code: http.StatusOK,
|
|
JSON: struct{}{},
|
|
}
|
|
}
|
|
|
|
func SetVisibilityAS(
|
|
req *http.Request, rsAPI roomserverAPI.ClientRoomserverAPI, dev *userapi.Device,
|
|
networkID, roomID string,
|
|
) util.JSONResponse {
|
|
if dev.AccountType != userapi.AccountTypeAppService {
|
|
return util.JSONResponse{
|
|
Code: http.StatusForbidden,
|
|
JSON: spec.Forbidden("Only appservice may use this endpoint"),
|
|
}
|
|
}
|
|
var v roomVisibility
|
|
|
|
// If the method is delete, we simply mark the visibility as private
|
|
if req.Method == http.MethodDelete {
|
|
v.Visibility = "private"
|
|
} else {
|
|
if reqErr := httputil.UnmarshalJSONRequest(req, &v); reqErr != nil {
|
|
return *reqErr
|
|
}
|
|
}
|
|
if err := rsAPI.PerformPublish(req.Context(), &roomserverAPI.PerformPublishRequest{
|
|
RoomID: roomID,
|
|
Visibility: v.Visibility,
|
|
NetworkID: networkID,
|
|
AppserviceID: dev.AppserviceID,
|
|
}); err != nil {
|
|
util.GetLogger(req.Context()).WithError(err).Error("failed to publish room")
|
|
return util.JSONResponse{
|
|
Code: http.StatusInternalServerError,
|
|
JSON: spec.InternalServerError{},
|
|
}
|
|
}
|
|
|
|
return util.JSONResponse{
|
|
Code: http.StatusOK,
|
|
JSON: struct{}{},
|
|
}
|
|
}
|