Make userapi responsible for checking access tokens (#1133)

* Make userapi responsible for checking access tokens There's still plenty of dependencies on account/device DBs, but this is a start. This is a breaking change as it adds a required config value `listen.user_api`. * Cleanup * Review comments and test fix
2025-07-31 13:22:46 +00:00 · 2020-06-16 14:10:55 +01:00 · 2020-06-16 14:10:55 +01:00 · 9c77022513
commit 9c77022513
parent 57b7fa3db8
66 changed files with 421 additions and 400 deletions
--- a/syncapi/routing/routing.go
+++ b/syncapi/routing/routing.go
@ -18,14 +18,12 @@ import (
 	"net/http"

 	"github.com/gorilla/mux"
-	"github.com/matrix-org/dendrite/clientapi/auth"
-	"github.com/matrix-org/dendrite/clientapi/auth/authtypes"
-	"github.com/matrix-org/dendrite/clientapi/auth/storage/devices"
 	"github.com/matrix-org/dendrite/internal/config"
 	"github.com/matrix-org/dendrite/internal/httputil"
 	"github.com/matrix-org/dendrite/roomserver/api"
 	"github.com/matrix-org/dendrite/syncapi/storage"
 	"github.com/matrix-org/dendrite/syncapi/sync"
+	userapi "github.com/matrix-org/dendrite/userapi/api"
 	"github.com/matrix-org/gomatrixserverlib"
 	"github.com/matrix-org/util"
 )
@ -39,24 +37,18 @@ const pathPrefixR0 = "/client/r0"
 // nolint: gocyclo
 func Setup(
 	publicAPIMux *mux.Router, srp *sync.RequestPool, syncDB storage.Database,
-	deviceDB devices.Database, federation *gomatrixserverlib.FederationClient,
+	userAPI userapi.UserInternalAPI, federation *gomatrixserverlib.FederationClient,
 	rsAPI api.RoomserverInternalAPI,
 	cfg *config.Dendrite,
 ) {
 	r0mux := publicAPIMux.PathPrefix(pathPrefixR0).Subrouter()

-	authData := auth.Data{
-		AccountDB:   nil,
-		DeviceDB:    deviceDB,
-		AppServices: nil,
-	}
-
 	// TODO: Add AS support for all handlers below.
-	r0mux.Handle("/sync", httputil.MakeAuthAPI("sync", authData, func(req *http.Request, device *authtypes.Device) util.JSONResponse {
+	r0mux.Handle("/sync", httputil.MakeAuthAPI("sync", userAPI, func(req *http.Request, device *userapi.Device) util.JSONResponse {
 		return srp.OnIncomingSyncRequest(req, device)
 	})).Methods(http.MethodGet, http.MethodOptions)

-	r0mux.Handle("/rooms/{roomID}/messages", httputil.MakeAuthAPI("room_messages", authData, func(req *http.Request, device *authtypes.Device) util.JSONResponse {
+	r0mux.Handle("/rooms/{roomID}/messages", httputil.MakeAuthAPI("room_messages", userAPI, func(req *http.Request, device *userapi.Device) util.JSONResponse {
 		vars, err := httputil.URLDecodeMapValues(mux.Vars(req))
 		if err != nil {
 			return util.ErrorResponse(err)
--- a/syncapi/storage/interface.go
+++ b/syncapi/storage/interface.go
@ -18,11 +18,11 @@ import (
 	"context"
 	"time"

-	"github.com/matrix-org/dendrite/clientapi/auth/authtypes"
 	"github.com/matrix-org/dendrite/eduserver/cache"
 	"github.com/matrix-org/dendrite/internal"
 	"github.com/matrix-org/dendrite/roomserver/api"
 	"github.com/matrix-org/dendrite/syncapi/types"
+	userapi "github.com/matrix-org/dendrite/userapi/api"
 	"github.com/matrix-org/gomatrixserverlib"
 )

@ -57,10 +57,10 @@ type Database interface {
 	// from when the device sent the event via an API that included a transaction
 	// ID. A response object must be provided for IncrementaSync to populate - it
 	// will not create one.
-	IncrementalSync(ctx context.Context, res *types.Response, device authtypes.Device, fromPos, toPos types.StreamingToken, numRecentEventsPerRoom int, wantFullState bool) (*types.Response, error)
+	IncrementalSync(ctx context.Context, res *types.Response, device userapi.Device, fromPos, toPos types.StreamingToken, numRecentEventsPerRoom int, wantFullState bool) (*types.Response, error)
 	// CompleteSync returns a complete /sync API response for the given user. A response object
 	// must be provided for CompleteSync to populate - it will not create one.
-	CompleteSync(ctx context.Context, res *types.Response, device authtypes.Device, numRecentEventsPerRoom int) (*types.Response, error)
+	CompleteSync(ctx context.Context, res *types.Response, device userapi.Device, numRecentEventsPerRoom int) (*types.Response, error)
 	// GetAccountDataInRange returns all account data for a given user inserted or
 	// updated between two given positions
 	// Returns a map following the format data[roomID] = []dataTypes
@ -103,7 +103,7 @@ type Database interface {
 	// StreamEventsToEvents converts streamEvent to Event. If device is non-nil and
 	// matches the streamevent.transactionID device then the transaction ID gets
 	// added to the unsigned section of the output event.
-	StreamEventsToEvents(device *authtypes.Device, in []types.StreamEvent) []gomatrixserverlib.HeaderedEvent
+	StreamEventsToEvents(device *userapi.Device, in []types.StreamEvent) []gomatrixserverlib.HeaderedEvent
 	// SyncStreamPosition returns the latest position in the sync stream. Returns 0 if there are no events yet.
 	SyncStreamPosition(ctx context.Context) (types.StreamPosition, error)
 	// AddSendToDevice increases the EDU position in the cache and returns the stream position.
--- a/syncapi/storage/shared/syncserver.go
+++ b/syncapi/storage/shared/syncserver.go
@ -21,7 +21,8 @@ import (
 	"fmt"
 	"time"

-	"github.com/matrix-org/dendrite/clientapi/auth/authtypes"
+	userapi "github.com/matrix-org/dendrite/userapi/api"
+
 	"github.com/matrix-org/dendrite/eduserver/cache"
 	"github.com/matrix-org/dendrite/internal/sqlutil"
 	"github.com/matrix-org/dendrite/roomserver/api"
@ -214,7 +215,7 @@ func (d *Database) UpsertAccountData(
 	return
 }

-func (d *Database) StreamEventsToEvents(device *authtypes.Device, in []types.StreamEvent) []gomatrixserverlib.HeaderedEvent {
+func (d *Database) StreamEventsToEvents(device *userapi.Device, in []types.StreamEvent) []gomatrixserverlib.HeaderedEvent {
 	out := make([]gomatrixserverlib.HeaderedEvent, len(in))
 	for i := 0; i < len(in); i++ {
 		out[i] = in[i].HeaderedEvent
@ -442,7 +443,7 @@ func (d *Database) syncPositionTx(
 // IDs of all rooms the user joined are returned so EDU deltas can be added for them.
 func (d *Database) addPDUDeltaToResponse(
 	ctx context.Context,
-	device authtypes.Device,
+	device userapi.Device,
 	r types.Range,
 	numRecentEventsPerRoom int,
 	wantFullState bool,
@ -549,7 +550,7 @@ func (d *Database) addEDUDeltaToResponse(

 func (d *Database) IncrementalSync(
 	ctx context.Context, res *types.Response,
-	device authtypes.Device,
+	device userapi.Device,
 	fromPos, toPos types.StreamingToken,
 	numRecentEventsPerRoom int,
 	wantFullState bool,
@ -687,7 +688,7 @@ func (d *Database) getResponseWithPDUsForCompleteSync(

 func (d *Database) CompleteSync(
 	ctx context.Context, res *types.Response,
-	device authtypes.Device, numRecentEventsPerRoom int,
+	device userapi.Device, numRecentEventsPerRoom int,
 ) (*types.Response, error) {
 	toPos, joinedRoomIDs, err := d.getResponseWithPDUsForCompleteSync(
 		ctx, res, device.UserID, numRecentEventsPerRoom,
@ -758,7 +759,7 @@ func (d *Database) getBackwardTopologyPos(
 // addRoomDeltaToResponse adds a room state delta to a sync response
 func (d *Database) addRoomDeltaToResponse(
 	ctx context.Context,
-	device *authtypes.Device,
+	device *userapi.Device,
 	txn *sql.Tx,
 	r types.Range,
 	delta stateDelta,
@ -904,7 +905,7 @@ func (d *Database) fetchMissingStateEvents(
 // the user has new membership events.
 // A list of joined room IDs is also returned in case the caller needs it.
 func (d *Database) getStateDeltas(
-	ctx context.Context, device *authtypes.Device, txn *sql.Tx,
+	ctx context.Context, device *userapi.Device, txn *sql.Tx,
 	r types.Range, userID string,
 	stateFilter *gomatrixserverlib.StateFilter,
 ) ([]stateDelta, []string, error) {
@ -979,7 +980,7 @@ func (d *Database) getStateDeltas(
 // Fetches full state for all joined rooms and uses selectStateInRange to get
 // updates for other rooms.
 func (d *Database) getStateDeltasForFullStateSync(
-	ctx context.Context, device *authtypes.Device, txn *sql.Tx,
+	ctx context.Context, device *userapi.Device, txn *sql.Tx,
 	r types.Range, userID string,
 	stateFilter *gomatrixserverlib.StateFilter,
 ) ([]stateDelta, []string, error) {
--- a/syncapi/storage/storage_test.go
+++ b/syncapi/storage/storage_test.go
@ -8,10 +8,10 @@ import (
 	"testing"
 	"time"

-	"github.com/matrix-org/dendrite/clientapi/auth/authtypes"
 	"github.com/matrix-org/dendrite/syncapi/storage"
 	"github.com/matrix-org/dendrite/syncapi/storage/sqlite3"
 	"github.com/matrix-org/dendrite/syncapi/types"
+	userapi "github.com/matrix-org/dendrite/userapi/api"
 	"github.com/matrix-org/gomatrixserverlib"
 )

@ -22,7 +22,7 @@ var (
 	testRoomID      = fmt.Sprintf("!hallownest:%s", testOrigin)
 	testUserIDA     = fmt.Sprintf("@hornet:%s", testOrigin)
 	testUserIDB     = fmt.Sprintf("@paleking:%s", testOrigin)
-	testUserDeviceA = authtypes.Device{
+	testUserDeviceA = userapi.Device{
 		UserID:      testUserIDA,
 		ID:          "device_id_A",
 		DisplayName: "Device A",
--- a/syncapi/sync/notifier_test.go
+++ b/syncapi/sync/notifier_test.go
@ -22,9 +22,8 @@ import (
 	"testing"
 	"time"

-	"github.com/matrix-org/dendrite/clientapi/auth/authtypes"
-
 	"github.com/matrix-org/dendrite/syncapi/types"
+	userapi "github.com/matrix-org/dendrite/userapi/api"
 	"github.com/matrix-org/gomatrixserverlib"
 	"github.com/matrix-org/util"
 )
@ -357,7 +356,7 @@ func lockedFetchUserStream(n *Notifier, userID, deviceID string) *UserDeviceStre

 func newTestSyncRequest(userID, deviceID string, since types.StreamingToken) syncRequest {
 	return syncRequest{
-		device: authtypes.Device{
+		device: userapi.Device{
 			UserID: userID,
 			ID:     deviceID,
 		},
--- a/syncapi/sync/request.go
+++ b/syncapi/sync/request.go
@ -21,9 +21,8 @@ import (
 	"strconv"
 	"time"

-	"github.com/matrix-org/dendrite/clientapi/auth/authtypes"
-
 	"github.com/matrix-org/dendrite/syncapi/types"
+	userapi "github.com/matrix-org/dendrite/userapi/api"
 	"github.com/matrix-org/util"
 	log "github.com/sirupsen/logrus"
 )
@ -42,7 +41,7 @@ type filter struct {
 // syncRequest represents a /sync request, with sensible defaults/sanity checks applied.
 type syncRequest struct {
 	ctx           context.Context
-	device        authtypes.Device
+	device        userapi.Device
 	limit         int
 	timeout       time.Duration
 	since         *types.StreamingToken // nil means that no since token was supplied
@ -50,7 +49,7 @@ type syncRequest struct {
 	log           *log.Entry
 }

-func newSyncRequest(req *http.Request, device authtypes.Device) (*syncRequest, error) {
+func newSyncRequest(req *http.Request, device userapi.Device) (*syncRequest, error) {
 	timeout := getTimeout(req.URL.Query().Get("timeout"))
 	fullState := req.URL.Query().Get("full_state")
 	wantFullState := fullState != "" && fullState != "false"
--- a/syncapi/sync/requestpool.go
+++ b/syncapi/sync/requestpool.go
@ -21,11 +21,11 @@ import (
 	"net/http"
 	"time"

-	"github.com/matrix-org/dendrite/clientapi/auth/authtypes"
 	"github.com/matrix-org/dendrite/clientapi/auth/storage/accounts"
 	"github.com/matrix-org/dendrite/clientapi/jsonerror"
 	"github.com/matrix-org/dendrite/syncapi/storage"
 	"github.com/matrix-org/dendrite/syncapi/types"
+	userapi "github.com/matrix-org/dendrite/userapi/api"
 	"github.com/matrix-org/gomatrixserverlib"
 	"github.com/matrix-org/util"
 	log "github.com/sirupsen/logrus"
@ -46,7 +46,7 @@ func NewRequestPool(db storage.Database, n *Notifier, adb accounts.Database) *Re
 // OnIncomingSyncRequest is called when a client makes a /sync request. This function MUST be
 // called in a dedicated goroutine for this request. This function will block the goroutine
 // until a response is ready, or it times out.
-func (rp *RequestPool) OnIncomingSyncRequest(req *http.Request, device *authtypes.Device) util.JSONResponse {
+func (rp *RequestPool) OnIncomingSyncRequest(req *http.Request, device *userapi.Device) util.JSONResponse {
 	var syncData *types.Response

 	// Extract values from request
--- a/syncapi/syncapi.go
+++ b/syncapi/syncapi.go
@ -24,9 +24,9 @@ import (
 	"github.com/matrix-org/dendrite/clientapi/auth/storage/accounts"
 	"github.com/matrix-org/dendrite/internal/config"
 	"github.com/matrix-org/dendrite/roomserver/api"
+	userapi "github.com/matrix-org/dendrite/userapi/api"
 	"github.com/matrix-org/gomatrixserverlib"

-	"github.com/matrix-org/dendrite/clientapi/auth/storage/devices"
 	"github.com/matrix-org/dendrite/syncapi/consumers"
 	"github.com/matrix-org/dendrite/syncapi/routing"
 	"github.com/matrix-org/dendrite/syncapi/storage"
@ -38,7 +38,7 @@ import (
 func AddPublicRoutes(
 	router *mux.Router,
 	consumer sarama.Consumer,
-	deviceDB devices.Database,
+	userAPI userapi.UserInternalAPI,
 	accountsDB accounts.Database,
 	rsAPI api.RoomserverInternalAPI,
 	federation *gomatrixserverlib.FederationClient,
@ -90,5 +90,5 @@ func AddPublicRoutes(
 		logrus.WithError(err).Panicf("failed to start send-to-device consumer")
 	}

-	routing.Setup(router, requestPool, syncDB, deviceDB, federation, rsAPI, cfg)
+	routing.Setup(router, requestPool, syncDB, userAPI, federation, rsAPI, cfg)
 }