mirror of
https://github.com/hoernschen/dendrite.git
synced 2025-07-29 12:42:46 +00:00
Make userapi responsible for checking access tokens (#1133)
* Make userapi responsible for checking access tokens There's still plenty of dependencies on account/device DBs, but this is a start. This is a breaking change as it adds a required config value `listen.user_api`. * Cleanup * Review comments and test fix
This commit is contained in:
Kegsay
GitHub
parent
57b7fa3db8
commit
9c77022513
66 changed files with 421 additions and 400 deletions
|
|
@ -241,6 +241,7 @@ type Dendrite struct {
|
|||
ServerKeyAPI Address `yaml:"server_key_api"`
|
||||
AppServiceAPI Address `yaml:"appservice_api"`
|
||||
SyncAPI Address `yaml:"sync_api"`
|
||||
UserAPI Address `yaml:"user_api"`
|
||||
RoomServer Address `yaml:"room_server"`
|
||||
FederationSender Address `yaml:"federation_sender"`
|
||||
PublicRoomsAPI Address `yaml:"public_rooms_api"`
|
||||
|
|
@ -610,6 +611,7 @@ func (config *Dendrite) checkListen(configErrs *configErrors) {
|
|||
checkNotEmpty(configErrs, "listen.room_server", string(config.Listen.RoomServer))
|
||||
checkNotEmpty(configErrs, "listen.edu_server", string(config.Listen.EDUServer))
|
||||
checkNotEmpty(configErrs, "listen.server_key_api", string(config.Listen.EDUServer))
|
||||
checkNotEmpty(configErrs, "listen.user_api", string(config.Listen.UserAPI))
|
||||
}
|
||||
|
||||
// checkLogging verifies the parameters logging.* are valid.
|
||||
|
|
@ -723,6 +725,15 @@ func (config *Dendrite) RoomServerURL() string {
|
|||
return "http://" + string(config.Listen.RoomServer)
|
||||
}
|
||||
|
||||
// UserAPIURL returns an HTTP URL for where the userapi is listening.
|
||||
func (config *Dendrite) UserAPIURL() string {
|
||||
// Hard code the userapi to talk HTTP for now.
|
||||
// If we support HTTPS we need to think of a practical way to do certificate validation.
|
||||
// People setting up servers shouldn't need to get a certificate valid for the public
|
||||
// internet for an internal API.
|
||||
return "http://" + string(config.Listen.UserAPI)
|
||||
}
|
||||
|
||||
// EDUServerURL returns an HTTP URL for where the EDU server is listening.
|
||||
func (config *Dendrite) EDUServerURL() string {
|
||||
// Hard code the EDU server to talk HTTP for now.
|
||||
|
|
|
|||
|
|
@ -63,6 +63,7 @@ listen:
|
|||
media_api: "localhost:7774"
|
||||
appservice_api: "localhost:7777"
|
||||
edu_server: "localhost:7778"
|
||||
user_api: "localhost:7779"
|
||||
logging:
|
||||
- type: "file"
|
||||
level: "info"
|
||||
|
|
|
|||
|
|
@ -27,9 +27,9 @@ import (
|
|||
|
||||
"github.com/gorilla/mux"
|
||||
"github.com/matrix-org/dendrite/clientapi/auth"
|
||||
"github.com/matrix-org/dendrite/clientapi/auth/authtypes"
|
||||
federationsenderAPI "github.com/matrix-org/dendrite/federationsender/api"
|
||||
"github.com/matrix-org/dendrite/internal/config"
|
||||
userapi "github.com/matrix-org/dendrite/userapi/api"
|
||||
"github.com/matrix-org/gomatrixserverlib"
|
||||
"github.com/matrix-org/util"
|
||||
opentracing "github.com/opentracing/opentracing-go"
|
||||
|
|
@ -48,11 +48,11 @@ type BasicAuth struct {
|
|||
|
||||
// MakeAuthAPI turns a util.JSONRequestHandler function into an http.Handler which authenticates the request.
|
||||
func MakeAuthAPI(
|
||||
metricsName string, data auth.Data,
|
||||
f func(*http.Request, *authtypes.Device) util.JSONResponse,
|
||||
metricsName string, userAPI userapi.UserInternalAPI,
|
||||
f func(*http.Request, *userapi.Device) util.JSONResponse,
|
||||
) http.Handler {
|
||||
h := func(req *http.Request) util.JSONResponse {
|
||||
device, err := auth.VerifyUserFromRequest(req, data)
|
||||
device, err := auth.VerifyUserFromRequest(req, userAPI)
|
||||
if err != nil {
|
||||
return *err
|
||||
}
|
||||
|
|
|
|||
|
|
@ -46,6 +46,8 @@ import (
|
|||
rsinthttp "github.com/matrix-org/dendrite/roomserver/inthttp"
|
||||
serverKeyAPI "github.com/matrix-org/dendrite/serverkeyapi/api"
|
||||
skinthttp "github.com/matrix-org/dendrite/serverkeyapi/inthttp"
|
||||
userapi "github.com/matrix-org/dendrite/userapi/api"
|
||||
userapiinthttp "github.com/matrix-org/dendrite/userapi/inthttp"
|
||||
"github.com/sirupsen/logrus"
|
||||
|
||||
_ "net/http/pprof"
|
||||
|
|
@ -160,6 +162,15 @@ func (b *BaseDendrite) RoomserverHTTPClient() roomserverAPI.RoomserverInternalAP
|
|||
return rsAPI
|
||||
}
|
||||
|
||||
// UserAPIClient returns UserInternalAPI for hitting the userapi over HTTP.
|
||||
func (b *BaseDendrite) UserAPIClient() userapi.UserInternalAPI {
|
||||
userAPI, err := userapiinthttp.NewUserAPIClient(b.Cfg.UserAPIURL(), b.httpClient)
|
||||
if err != nil {
|
||||
logrus.WithError(err).Panic("UserAPIClient failed", b.httpClient)
|
||||
}
|
||||
return userAPI
|
||||
}
|
||||
|
||||
// EDUServerClient returns EDUServerInputAPI for hitting the EDU server over HTTP
|
||||
func (b *BaseDendrite) EDUServerClient() eduServerAPI.EDUServerInputAPI {
|
||||
e, err := eduinthttp.NewEDUServerClient(b.Cfg.EDUServerURL(), b.httpClient)
|
||||
|
|
|
|||
|
|
@ -34,6 +34,7 @@ import (
|
|||
roomserverAPI "github.com/matrix-org/dendrite/roomserver/api"
|
||||
serverKeyAPI "github.com/matrix-org/dendrite/serverkeyapi/api"
|
||||
"github.com/matrix-org/dendrite/syncapi"
|
||||
userapi "github.com/matrix-org/dendrite/userapi/api"
|
||||
"github.com/matrix-org/gomatrixserverlib"
|
||||
)
|
||||
|
||||
|
|
@ -53,6 +54,7 @@ type Monolith struct {
|
|||
FederationSenderAPI federationSenderAPI.FederationSenderInternalAPI
|
||||
RoomserverAPI roomserverAPI.RoomserverInternalAPI
|
||||
ServerKeyAPI serverKeyAPI.ServerKeyInternalAPI
|
||||
UserAPI userapi.UserInternalAPI
|
||||
|
||||
// TODO: can we remove this? It's weird that we are required the database
|
||||
// yet every other component can do that on its own. libp2p-demo uses a custom
|
||||
|
|
@ -69,21 +71,21 @@ func (m *Monolith) AddAllPublicRoutes(publicMux *mux.Router) {
|
|||
publicMux, m.Config, m.KafkaConsumer, m.KafkaProducer, m.DeviceDB, m.AccountDB,
|
||||
m.FedClient, m.RoomserverAPI,
|
||||
m.EDUInternalAPI, m.AppserviceAPI, transactions.New(),
|
||||
m.FederationSenderAPI,
|
||||
m.FederationSenderAPI, m.UserAPI,
|
||||
)
|
||||
|
||||
keyserver.AddPublicRoutes(publicMux, m.Config, m.DeviceDB, m.AccountDB)
|
||||
keyserver.AddPublicRoutes(publicMux, m.Config, m.UserAPI)
|
||||
federationapi.AddPublicRoutes(
|
||||
publicMux, m.Config, m.AccountDB, m.DeviceDB, m.FedClient,
|
||||
m.KeyRing, m.RoomserverAPI, m.AppserviceAPI, m.FederationSenderAPI,
|
||||
m.EDUInternalAPI,
|
||||
)
|
||||
mediaapi.AddPublicRoutes(publicMux, m.Config, m.DeviceDB)
|
||||
mediaapi.AddPublicRoutes(publicMux, m.Config, m.UserAPI)
|
||||
publicroomsapi.AddPublicRoutes(
|
||||
publicMux, m.Config, m.KafkaConsumer, m.DeviceDB, m.PublicRoomsDB, m.RoomserverAPI, m.FedClient,
|
||||
publicMux, m.Config, m.KafkaConsumer, m.UserAPI, m.PublicRoomsDB, m.RoomserverAPI, m.FedClient,
|
||||
m.ExtPublicRoomsProvider,
|
||||
)
|
||||
syncapi.AddPublicRoutes(
|
||||
publicMux, m.KafkaConsumer, m.DeviceDB, m.AccountDB, m.RoomserverAPI, m.FedClient, m.Config,
|
||||
publicMux, m.KafkaConsumer, m.UserAPI, m.AccountDB, m.RoomserverAPI, m.FedClient, m.Config,
|
||||
)
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue