445 lines
		
	
	
		
			16 KiB
		
	
	
	
		
			Python
		
	
	
			
		
		
	
	
			445 lines
		
	
	
		
			16 KiB
		
	
	
	
		
			Python
		
	
	
| # -*- coding: utf-8 -*-
 | |
| # Copyright 2014-2016 OpenMarket Ltd
 | |
| #
 | |
| # Licensed under the Apache License, Version 2.0 (the "License");
 | |
| # you may not use this file except in compliance with the License.
 | |
| # You may obtain a copy of the License at
 | |
| #
 | |
| #     http://www.apache.org/licenses/LICENSE-2.0
 | |
| #
 | |
| # Unless required by applicable law or agreed to in writing, software
 | |
| # distributed under the License is distributed on an "AS IS" BASIS,
 | |
| # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 | |
| # See the License for the specific language governing permissions and
 | |
| # limitations under the License.
 | |
| 
 | |
| 
 | |
| import logging
 | |
| import string
 | |
| 
 | |
| from twisted.internet import defer
 | |
| 
 | |
| from synapse.api.constants import MAX_ALIAS_LENGTH, EventTypes
 | |
| from synapse.api.errors import (
 | |
|     AuthError,
 | |
|     CodeMessageException,
 | |
|     Codes,
 | |
|     NotFoundError,
 | |
|     StoreError,
 | |
|     SynapseError,
 | |
| )
 | |
| from synapse.types import RoomAlias, UserID, get_domain_from_id
 | |
| 
 | |
| from ._base import BaseHandler
 | |
| 
 | |
| logger = logging.getLogger(__name__)
 | |
| 
 | |
| 
 | |
| class DirectoryHandler(BaseHandler):
 | |
|     def __init__(self, hs):
 | |
|         super(DirectoryHandler, self).__init__(hs)
 | |
| 
 | |
|         self.state = hs.get_state_handler()
 | |
|         self.appservice_handler = hs.get_application_service_handler()
 | |
|         self.event_creation_handler = hs.get_event_creation_handler()
 | |
|         self.store = hs.get_datastore()
 | |
|         self.config = hs.config
 | |
|         self.enable_room_list_search = hs.config.enable_room_list_search
 | |
|         self.require_membership = hs.config.require_membership_for_aliases
 | |
| 
 | |
|         self.federation = hs.get_federation_client()
 | |
|         hs.get_federation_registry().register_query_handler(
 | |
|             "directory", self.on_directory_query
 | |
|         )
 | |
| 
 | |
|         self.spam_checker = hs.get_spam_checker()
 | |
| 
 | |
|     @defer.inlineCallbacks
 | |
|     def _create_association(self, room_alias, room_id, servers=None, creator=None):
 | |
|         # general association creation for both human users and app services
 | |
| 
 | |
|         for wchar in string.whitespace:
 | |
|             if wchar in room_alias.localpart:
 | |
|                 raise SynapseError(400, "Invalid characters in room alias")
 | |
| 
 | |
|         if not self.hs.is_mine(room_alias):
 | |
|             raise SynapseError(400, "Room alias must be local")
 | |
|             # TODO(erikj): Change this.
 | |
| 
 | |
|         # TODO(erikj): Add transactions.
 | |
|         # TODO(erikj): Check if there is a current association.
 | |
|         if not servers:
 | |
|             users = yield self.state.get_current_users_in_room(room_id)
 | |
|             servers = set(get_domain_from_id(u) for u in users)
 | |
| 
 | |
|         if not servers:
 | |
|             raise SynapseError(400, "Failed to get server list")
 | |
| 
 | |
|         yield self.store.create_room_alias_association(
 | |
|             room_alias, room_id, servers, creator=creator
 | |
|         )
 | |
| 
 | |
|     @defer.inlineCallbacks
 | |
|     def create_association(
 | |
|         self,
 | |
|         requester,
 | |
|         room_alias,
 | |
|         room_id,
 | |
|         servers=None,
 | |
|         send_event=True,
 | |
|         check_membership=True,
 | |
|     ):
 | |
|         """Attempt to create a new alias
 | |
| 
 | |
|         Args:
 | |
|             requester (Requester)
 | |
|             room_alias (RoomAlias)
 | |
|             room_id (str)
 | |
|             servers (list[str]|None): List of servers that others servers
 | |
|                 should try and join via
 | |
|             send_event (bool): Whether to send an updated m.room.aliases event
 | |
|             check_membership (bool): Whether to check if the user is in the room
 | |
|                 before the alias can be set (if the server's config requires it).
 | |
| 
 | |
|         Returns:
 | |
|             Deferred
 | |
|         """
 | |
| 
 | |
|         user_id = requester.user.to_string()
 | |
| 
 | |
|         if len(room_alias.to_string()) > MAX_ALIAS_LENGTH:
 | |
|             raise SynapseError(
 | |
|                 400,
 | |
|                 "Can't create aliases longer than %s characters" % MAX_ALIAS_LENGTH,
 | |
|                 Codes.INVALID_PARAM,
 | |
|             )
 | |
| 
 | |
|         service = requester.app_service
 | |
|         if service:
 | |
|             if not service.is_interested_in_alias(room_alias.to_string()):
 | |
|                 raise SynapseError(
 | |
|                     400,
 | |
|                     "This application service has not reserved this kind of alias.",
 | |
|                     errcode=Codes.EXCLUSIVE,
 | |
|                 )
 | |
|         else:
 | |
|             if self.require_membership and check_membership:
 | |
|                 rooms_for_user = yield self.store.get_rooms_for_user(user_id)
 | |
|                 if room_id not in rooms_for_user:
 | |
|                     raise AuthError(
 | |
|                         403, "You must be in the room to create an alias for it"
 | |
|                     )
 | |
| 
 | |
|             if not self.spam_checker.user_may_create_room_alias(user_id, room_alias):
 | |
|                 raise AuthError(403, "This user is not permitted to create this alias")
 | |
| 
 | |
|             if not self.config.is_alias_creation_allowed(
 | |
|                 user_id, room_id, room_alias.to_string()
 | |
|             ):
 | |
|                 # Lets just return a generic message, as there may be all sorts of
 | |
|                 # reasons why we said no. TODO: Allow configurable error messages
 | |
|                 # per alias creation rule?
 | |
|                 raise SynapseError(403, "Not allowed to create alias")
 | |
| 
 | |
|             can_create = yield self.can_modify_alias(room_alias, user_id=user_id)
 | |
|             if not can_create:
 | |
|                 raise AuthError(
 | |
|                     400,
 | |
|                     "This alias is reserved by an application service.",
 | |
|                     errcode=Codes.EXCLUSIVE,
 | |
|                 )
 | |
| 
 | |
|         yield self._create_association(room_alias, room_id, servers, creator=user_id)
 | |
|         if send_event:
 | |
|             yield self.send_room_alias_update_event(requester, room_id)
 | |
| 
 | |
|     @defer.inlineCallbacks
 | |
|     def delete_association(self, requester, room_alias, send_event=True):
 | |
|         """Remove an alias from the directory
 | |
| 
 | |
|         (this is only meant for human users; AS users should call
 | |
|         delete_appservice_association)
 | |
| 
 | |
|         Args:
 | |
|             requester (Requester):
 | |
|             room_alias (RoomAlias):
 | |
|             send_event (bool): Whether to send an updated m.room.aliases event.
 | |
|                 Note that, if we delete the canonical alias, we will always attempt
 | |
|                 to send an m.room.canonical_alias event
 | |
| 
 | |
|         Returns:
 | |
|             Deferred[unicode]: room id that the alias used to point to
 | |
| 
 | |
|         Raises:
 | |
|             NotFoundError: if the alias doesn't exist
 | |
| 
 | |
|             AuthError: if the user doesn't have perms to delete the alias (ie, the user
 | |
|                 is neither the creator of the alias, nor a server admin.
 | |
| 
 | |
|             SynapseError: if the alias belongs to an AS
 | |
|         """
 | |
|         user_id = requester.user.to_string()
 | |
| 
 | |
|         try:
 | |
|             can_delete = yield self._user_can_delete_alias(room_alias, user_id)
 | |
|         except StoreError as e:
 | |
|             if e.code == 404:
 | |
|                 raise NotFoundError("Unknown room alias")
 | |
|             raise
 | |
| 
 | |
|         if not can_delete:
 | |
|             raise AuthError(403, "You don't have permission to delete the alias.")
 | |
| 
 | |
|         can_delete = yield self.can_modify_alias(room_alias, user_id=user_id)
 | |
|         if not can_delete:
 | |
|             raise SynapseError(
 | |
|                 400,
 | |
|                 "This alias is reserved by an application service.",
 | |
|                 errcode=Codes.EXCLUSIVE,
 | |
|             )
 | |
| 
 | |
|         room_id = yield self._delete_association(room_alias)
 | |
| 
 | |
|         try:
 | |
|             if send_event:
 | |
|                 yield self.send_room_alias_update_event(requester, room_id)
 | |
| 
 | |
|             yield self._update_canonical_alias(
 | |
|                 requester, requester.user.to_string(), room_id, room_alias
 | |
|             )
 | |
|         except AuthError as e:
 | |
|             logger.info("Failed to update alias events: %s", e)
 | |
| 
 | |
|         return room_id
 | |
| 
 | |
|     @defer.inlineCallbacks
 | |
|     def delete_appservice_association(self, service, room_alias):
 | |
|         if not service.is_interested_in_alias(room_alias.to_string()):
 | |
|             raise SynapseError(
 | |
|                 400,
 | |
|                 "This application service has not reserved this kind of alias",
 | |
|                 errcode=Codes.EXCLUSIVE,
 | |
|             )
 | |
|         yield self._delete_association(room_alias)
 | |
| 
 | |
|     @defer.inlineCallbacks
 | |
|     def _delete_association(self, room_alias):
 | |
|         if not self.hs.is_mine(room_alias):
 | |
|             raise SynapseError(400, "Room alias must be local")
 | |
| 
 | |
|         room_id = yield self.store.delete_room_alias(room_alias)
 | |
| 
 | |
|         return room_id
 | |
| 
 | |
|     @defer.inlineCallbacks
 | |
|     def get_association(self, room_alias):
 | |
|         room_id = None
 | |
|         if self.hs.is_mine(room_alias):
 | |
|             result = yield self.get_association_from_room_alias(room_alias)
 | |
| 
 | |
|             if result:
 | |
|                 room_id = result.room_id
 | |
|                 servers = result.servers
 | |
|         else:
 | |
|             try:
 | |
|                 result = yield self.federation.make_query(
 | |
|                     destination=room_alias.domain,
 | |
|                     query_type="directory",
 | |
|                     args={"room_alias": room_alias.to_string()},
 | |
|                     retry_on_dns_fail=False,
 | |
|                     ignore_backoff=True,
 | |
|                 )
 | |
|             except CodeMessageException as e:
 | |
|                 logging.warning("Error retrieving alias")
 | |
|                 if e.code == 404:
 | |
|                     result = None
 | |
|                 else:
 | |
|                     raise
 | |
| 
 | |
|             if result and "room_id" in result and "servers" in result:
 | |
|                 room_id = result["room_id"]
 | |
|                 servers = result["servers"]
 | |
| 
 | |
|         if not room_id:
 | |
|             raise SynapseError(
 | |
|                 404,
 | |
|                 "Room alias %s not found" % (room_alias.to_string(),),
 | |
|                 Codes.NOT_FOUND,
 | |
|             )
 | |
| 
 | |
|         users = yield self.state.get_current_users_in_room(room_id)
 | |
|         extra_servers = set(get_domain_from_id(u) for u in users)
 | |
|         servers = set(extra_servers) | set(servers)
 | |
| 
 | |
|         # If this server is in the list of servers, return it first.
 | |
|         if self.server_name in servers:
 | |
|             servers = [self.server_name] + [s for s in servers if s != self.server_name]
 | |
|         else:
 | |
|             servers = list(servers)
 | |
| 
 | |
|         return {"room_id": room_id, "servers": servers}
 | |
| 
 | |
|     @defer.inlineCallbacks
 | |
|     def on_directory_query(self, args):
 | |
|         room_alias = RoomAlias.from_string(args["room_alias"])
 | |
|         if not self.hs.is_mine(room_alias):
 | |
|             raise SynapseError(400, "Room Alias is not hosted on this homeserver")
 | |
| 
 | |
|         result = yield self.get_association_from_room_alias(room_alias)
 | |
| 
 | |
|         if result is not None:
 | |
|             return {"room_id": result.room_id, "servers": result.servers}
 | |
|         else:
 | |
|             raise SynapseError(
 | |
|                 404,
 | |
|                 "Room alias %r not found" % (room_alias.to_string(),),
 | |
|                 Codes.NOT_FOUND,
 | |
|             )
 | |
| 
 | |
|     @defer.inlineCallbacks
 | |
|     def send_room_alias_update_event(self, requester, room_id):
 | |
|         aliases = yield self.store.get_aliases_for_room(room_id)
 | |
| 
 | |
|         yield self.event_creation_handler.create_and_send_nonmember_event(
 | |
|             requester,
 | |
|             {
 | |
|                 "type": EventTypes.Aliases,
 | |
|                 "state_key": self.hs.hostname,
 | |
|                 "room_id": room_id,
 | |
|                 "sender": requester.user.to_string(),
 | |
|                 "content": {"aliases": aliases},
 | |
|             },
 | |
|             ratelimit=False,
 | |
|         )
 | |
| 
 | |
|     @defer.inlineCallbacks
 | |
|     def _update_canonical_alias(self, requester, user_id, room_id, room_alias):
 | |
|         alias_event = yield self.state.get_current_state(
 | |
|             room_id, EventTypes.CanonicalAlias, ""
 | |
|         )
 | |
| 
 | |
|         alias_str = room_alias.to_string()
 | |
|         if not alias_event or alias_event.content.get("alias", "") != alias_str:
 | |
|             return
 | |
| 
 | |
|         yield self.event_creation_handler.create_and_send_nonmember_event(
 | |
|             requester,
 | |
|             {
 | |
|                 "type": EventTypes.CanonicalAlias,
 | |
|                 "state_key": "",
 | |
|                 "room_id": room_id,
 | |
|                 "sender": user_id,
 | |
|                 "content": {},
 | |
|             },
 | |
|             ratelimit=False,
 | |
|         )
 | |
| 
 | |
|     @defer.inlineCallbacks
 | |
|     def get_association_from_room_alias(self, room_alias):
 | |
|         result = yield self.store.get_association_from_room_alias(room_alias)
 | |
|         if not result:
 | |
|             # Query AS to see if it exists
 | |
|             as_handler = self.appservice_handler
 | |
|             result = yield as_handler.query_room_alias_exists(room_alias)
 | |
|         return result
 | |
| 
 | |
|     def can_modify_alias(self, alias, user_id=None):
 | |
|         # Any application service "interested" in an alias they are regexing on
 | |
|         # can modify the alias.
 | |
|         # Users can only modify the alias if ALL the interested services have
 | |
|         # non-exclusive locks on the alias (or there are no interested services)
 | |
|         services = self.store.get_app_services()
 | |
|         interested_services = [
 | |
|             s for s in services if s.is_interested_in_alias(alias.to_string())
 | |
|         ]
 | |
| 
 | |
|         for service in interested_services:
 | |
|             if user_id == service.sender:
 | |
|                 # this user IS the app service so they can do whatever they like
 | |
|                 return defer.succeed(True)
 | |
|             elif service.is_exclusive_alias(alias.to_string()):
 | |
|                 # another service has an exclusive lock on this alias.
 | |
|                 return defer.succeed(False)
 | |
|         # either no interested services, or no service with an exclusive lock
 | |
|         return defer.succeed(True)
 | |
| 
 | |
|     @defer.inlineCallbacks
 | |
|     def _user_can_delete_alias(self, alias, user_id):
 | |
|         creator = yield self.store.get_room_alias_creator(alias.to_string())
 | |
| 
 | |
|         if creator is not None and creator == user_id:
 | |
|             return True
 | |
| 
 | |
|         is_admin = yield self.auth.is_server_admin(UserID.from_string(user_id))
 | |
|         return is_admin
 | |
| 
 | |
|     @defer.inlineCallbacks
 | |
|     def edit_published_room_list(self, requester, room_id, visibility):
 | |
|         """Edit the entry of the room in the published room list.
 | |
| 
 | |
|         requester
 | |
|         room_id (str)
 | |
|         visibility (str): "public" or "private"
 | |
|         """
 | |
|         user_id = requester.user.to_string()
 | |
| 
 | |
|         if not self.spam_checker.user_may_publish_room(user_id, room_id):
 | |
|             raise AuthError(
 | |
|                 403, "This user is not permitted to publish rooms to the room list"
 | |
|             )
 | |
| 
 | |
|         if requester.is_guest:
 | |
|             raise AuthError(403, "Guests cannot edit the published room list")
 | |
| 
 | |
|         if visibility not in ["public", "private"]:
 | |
|             raise SynapseError(400, "Invalid visibility setting")
 | |
| 
 | |
|         if visibility == "public" and not self.enable_room_list_search:
 | |
|             # The room list has been disabled.
 | |
|             raise AuthError(
 | |
|                 403, "This user is not permitted to publish rooms to the room list"
 | |
|             )
 | |
| 
 | |
|         room = yield self.store.get_room(room_id)
 | |
|         if room is None:
 | |
|             raise SynapseError(400, "Unknown room")
 | |
| 
 | |
|         yield self.auth.check_can_change_room_list(room_id, requester.user)
 | |
| 
 | |
|         making_public = visibility == "public"
 | |
|         if making_public:
 | |
|             room_aliases = yield self.store.get_aliases_for_room(room_id)
 | |
|             canonical_alias = yield self.store.get_canonical_alias_for_room(room_id)
 | |
|             if canonical_alias:
 | |
|                 room_aliases.append(canonical_alias)
 | |
| 
 | |
|             if not self.config.is_publishing_room_allowed(
 | |
|                 user_id, room_id, room_aliases
 | |
|             ):
 | |
|                 # Lets just return a generic message, as there may be all sorts of
 | |
|                 # reasons why we said no. TODO: Allow configurable error messages
 | |
|                 # per alias creation rule?
 | |
|                 raise SynapseError(403, "Not allowed to publish room")
 | |
| 
 | |
|         yield self.store.set_room_is_public(room_id, making_public)
 | |
| 
 | |
|     @defer.inlineCallbacks
 | |
|     def edit_published_appservice_room_list(
 | |
|         self, appservice_id, network_id, room_id, visibility
 | |
|     ):
 | |
|         """Add or remove a room from the appservice/network specific public
 | |
|         room list.
 | |
| 
 | |
|         Args:
 | |
|             appservice_id (str): ID of the appservice that owns the list
 | |
|             network_id (str): The ID of the network the list is associated with
 | |
|             room_id (str)
 | |
|             visibility (str): either "public" or "private"
 | |
|         """
 | |
|         if visibility not in ["public", "private"]:
 | |
|             raise SynapseError(400, "Invalid visibility setting")
 | |
| 
 | |
|         yield self.store.set_room_is_public_appservice(
 | |
|             room_id, appservice_id, network_id, visibility == "public"
 | |
|         )
 |