Separate muxes for public and internal APIs (#1056)

* Separate muxes for public and internal APIs * Update client-api-proxy and federation-api-proxy so they don't add /api to the path * Tidy up * Consistent HTTP setup * Set up prefixes properly
2025-07-30 04:52:46 +00:00 · 2020-05-22 11:43:17 +01:00 · 2020-05-22 11:43:17 +01:00 · fe82e1f725
commit fe82e1f725
parent f223da2f35
29 changed files with 131 additions and 119 deletions
--- a/internal/basecomponent/base.go
+++ b/internal/basecomponent/base.go
@ -56,8 +56,9 @@ type BaseDendrite struct {
 	componentName string
 	tracerCloser  io.Closer

-	// APIMux should be used to register new public matrix api endpoints
-	APIMux         *mux.Router
+	// PublicAPIMux should be used to register new public matrix api endpoints
+	PublicAPIMux   *mux.Router
+	InternalAPIMux *mux.Router
 	EnableHTTPAPIs bool
 	httpClient     *http.Client
 	Cfg            *config.Dendrite
@ -95,13 +96,15 @@ func NewBaseDendrite(cfg *config.Dendrite, componentName string, enableHTTPAPIs
 		logrus.WithError(err).Warnf("Failed to create cache")
 	}

+	httpmux := mux.NewRouter()
 	return &BaseDendrite{
 		componentName:  componentName,
 		EnableHTTPAPIs: enableHTTPAPIs,
 		tracerCloser:   closer,
 		Cfg:            cfg,
 		ImmutableCache: cache,
-		APIMux:         mux.NewRouter().UseEncodedPath(),
+		PublicAPIMux:   httpmux.PathPrefix(internal.HTTPPublicPathPrefix).Subrouter().UseEncodedPath(),
+		InternalAPIMux: httpmux.PathPrefix(internal.HTTPInternalPathPrefix).Subrouter().UseEncodedPath(),
 		httpClient:     &http.Client{Timeout: HTTPClientTimeout},
 		KafkaConsumer:  kafkaConsumer,
 		KafkaProducer:  kafkaProducer,
@ -221,7 +224,13 @@ func (b *BaseDendrite) SetupAndServeHTTP(bindaddr string, listenaddr string) {
 		WriteTimeout: HTTPServerTimeout,
 	}

-	internal.SetupHTTPAPI(http.DefaultServeMux, internal.WrapHandlerInCORS(b.APIMux), b.Cfg)
+	internal.SetupHTTPAPI(
+		http.DefaultServeMux,
+		b.PublicAPIMux,
+		b.InternalAPIMux,
+		b.Cfg,
+		b.EnableHTTPAPIs,
+	)
 	logrus.Infof("Starting %s server on %s", b.componentName, serv.Addr)

 	err := serv.ListenAndServe()
--- a/internal/httpapi.go
+++ b/internal/httpapi.go
@ -9,6 +9,7 @@ import (
 	"strings"
 	"time"

+	"github.com/gorilla/mux"
 	"github.com/matrix-org/dendrite/clientapi/auth"
 	"github.com/matrix-org/dendrite/clientapi/auth/authtypes"
 	"github.com/matrix-org/dendrite/internal/config"
@ -22,6 +23,11 @@ import (
 	"github.com/sirupsen/logrus"
 )

+const (
+	HTTPPublicPathPrefix   = "/_matrix/"
+	HTTPInternalPathPrefix = "/api/"
+)
+
 // BasicAuth is used for authorization on /metrics handlers
 type BasicAuth struct {
 	Username string `yaml:"username"`
@ -184,11 +190,14 @@ func MakeFedAPI(

 // SetupHTTPAPI registers an HTTP API mux under /api and sets up a metrics
 // listener.
-func SetupHTTPAPI(servMux *http.ServeMux, apiMux http.Handler, cfg *config.Dendrite) {
+func SetupHTTPAPI(servMux *http.ServeMux, publicApiMux *mux.Router, internalApiMux *mux.Router, cfg *config.Dendrite, enableHTTPAPIs bool) {
 	if cfg.Metrics.Enabled {
 		servMux.Handle("/metrics", WrapHandlerInBasicAuth(promhttp.Handler(), cfg.Metrics.BasicAuth))
 	}
-	servMux.Handle("/api/", http.StripPrefix("/api", apiMux))
+	if enableHTTPAPIs {
+		servMux.Handle(HTTPInternalPathPrefix, internalApiMux)
+	}
+	servMux.Handle(HTTPPublicPathPrefix, WrapHandlerInCORS(publicApiMux))
 }

 // WrapHandlerInBasicAuth adds basic auth to a handler. Only used for /metrics