aichafellouss
diff --git a/‎.github/workflows/mjolnir.yml‎
Lines changed: 22 additions & 0 deletions b/‎.github/workflows/mjolnir.yml‎
Lines changed: 22 additions & 0 deletions
diff --git a/‎Dockerfile‎
Lines changed: 5 additions & 2 deletions b/‎Dockerfile‎
Lines changed: 5 additions & 2 deletions
diff --git a/‎docs/appservice.md‎
Lines changed: 32 additions & 0 deletions b/‎docs/appservice.md‎
Lines changed: 32 additions & 0 deletions
diff --git a/‎mjolnir-entrypoint.sh‎
Lines changed: 14 additions & 0 deletions b/‎mjolnir-entrypoint.sh‎
Lines changed: 14 additions & 0 deletions
diff --git a/‎mx-tester.yml‎
Lines changed: 13 additions & 1 deletion b/‎mx-tester.yml‎
Lines changed: 13 additions & 1 deletion
diff --git a/‎package.json‎
Lines changed: 9 additions & 2 deletions b/‎package.json‎
Lines changed: 9 additions & 2 deletions
diff --git a/‎src/appservice/AccessControl.ts‎
Lines changed: 66 additions & 0 deletions b/‎src/appservice/AccessControl.ts‎
Lines changed: 66 additions & 0 deletions
@@ -56,3 +56,25 @@ jobs:
       run: RUST_LOG=debug,hyper=info,rusttls=info mx-tester run
     - name: Cleanup
       run: mx-tester down
+  appservice-integration:
+    name: Application Service Integration tests
+    runs-on: ubuntu-latest
+    timeout-minutes: 30
+    steps:
+    - uses: actions/checkout@v3
+    - uses: actions/setup-node@v3
+      with:
+        node-version: '16'
+    - name: Fetch and build mx-tester (cached across runs)
+      uses: baptiste0928/cargo-install@v1
+      with:
+        crate: mx-tester
+        version: "0.3.3"
+    - name: Setup image
+      run: RUST_LOG=debug,hyper=info,rusttls=info mx-tester build up
+    - name: Setup dependencies
+      run: yarn install
+    - name: Run tests
+      run: yarn test:appservice:integration
+    - name: Cleanup
+      run: mx-tester down
@@ -1,15 +1,18 @@
-FROM node:16-alpine
+# We can't use alpine anymore because crypto has rust deps.
+FROM node:16-slim
 COPY . /tmp/src
 RUN cd /tmp/src \
     && yarn install \
     && yarn build \
     && mv lib/ /mjolnir/ \
     && mv node_modules / \
+    && mv mjolnir-entrypoint.sh / \
     && cd / \
     && rm -rf /tmp/*
 
 ENV NODE_ENV=production
 ENV NODE_CONFIG_DIR=/data/config
 
-CMD node /mjolnir/index.js
+CMD ["bot"]
+ENTRYPOINT ["./mjolnir-entrypoint.sh"]
 VOLUME ["/data"]
@@ -0,0 +1,32 @@
+Mjolnir can be run as an appservice, allowing users you trust or on your homeserver to run their own Mjolnir without hosting anything themselves.
+This module is currently alpha quality and is subject to rapid changes,
+it is not recommended currently and support will be limited.
+
+# Prerequisites
+
+This guide assumes you will be using Docker and that you are able to provide a postgres database for Mjolnir to connect to in application service mode.
+
+# Setup
+
+1. Create a new Matrix room that will act as a policy list for who can use the appservice.
+   FIXME: Currently required to be aliased.
+   FIXME: Should really be created and managed by the admin room, but waiting for command refactor before doing that. 
+
+2. Decide on a spare local TCP port number to use that will listen for messages from the matrix homeserver. Take care to configure firewalls appropriately. We will call this port `$MATRIX_PORT` in the remaining instructions.
+
+3. Create a `config/config.appservice.yaml` file that can be copied from the example in `src/appservice/config/config.example.yaml`. Your config file needs to be accessible to the docker container later on. To do this you could create a directory called `mjolnir-data` so we can map it to a volume when we launch the container later on.
+
+4. Generate the appservice registration file. This will be used by both the appservice and your homeserver.
+   Here, you must specify the direct link the Matrix Homeserver can use to access the appservice, including the Matrix port it will send messages through (if this bridge runs on the same machine you can use `localhost` as the `$HOST` name):
+   
+   `docker run -rm -v /your/path/to/mjolnir-data:/data matrixdotorg/mjolnir appservice -r -u "http://$HOST:$MATRIX_PORT" -f /data/config/mjolnir-registration.yaml`
+
+5. Step 4 created an application service bot. This will be a bot iwth the mxid specified in `mjolnir-registration.yaml` under `sender_localpart`. You now need to invite it in the access control room that you have created in Step 1.
+   
+6. Start the application service `docker run -v /your/path/to/mjolnir-data/:/data/ matrixdotorg/mjolnir appservice -c /data/config/config.appservice.yaml -f /data/config/mjolnir-registration.yaml -p $MATRIX_PORT`
+
+7. Copy the `mjolnir-registration.yaml` to your matrix homeserver and refer to it in `homeserver.yaml` like so:
+```
+  app_service_config_files:
+    - "/data/mjolnir-registration.yaml"
+```
@@ -0,0 +1,14 @@
+#!/bin/sh
+
+# This is used as the entrypoint in the mjolnir Dockerfile.
+# We want to transition away form people running the image without specifying `bot` or `appservice`.
+# So if eventually cli arguments are provided for the bot version, we want this to be the opportunity to move to `bot`.
+# Therefore using arguments without specifying `bot` (or appservice) is unsupported.
+# We maintain the behaviour where if it looks like someone is providing an executable to `docker run`, then we will execute that instead.
+# This aids configuration and debugging of the image if for example node needed to be started via another method.
+case "$1" in
+  bot) shift; set -- node /mjolnir/index.js "$@";;
+  appservice) shift; set -- node /mjolnir/appservice/cli.js "$@";;
+esac
+
+exec "$@";
@@ -2,8 +2,16 @@ name: mjolnir
 
 up:
   before:
+    - docker run --rm --network $MX_TEST_NETWORK_NAME --name mjolnir-test-postgres --domainname mjolnir-test-postgres -e POSTGRES_PASSWORD=mjolnir-test -e POSTGRES_USER=mjolnir-tester -e POSTGRES_DB=mjolnir-test-db -d -p 127.0.0.1:8083:5432 postgres
+    # Wait until postgresql is ready
+    - until psql postgres://mjolnir-tester:mjolnir-test@localhost:8083/mjolnir-test-db -c ""; do echo "Waiting for psql..."; sleep 1s; done
+    # Make table in postgres
+    - psql postgres://mjolnir-tester:mjolnir-test@localhost:8083/mjolnir-test-db -c "CREATE TABLE mjolnir (local_part VARCHAR(255), owner VARCHAR(255), management_room TEXT)"
     # Launch the reverse proxy, listening for connections *only* on the local host.
     - docker run --rm --network host --name mjolnir-test-reverse-proxy -p 127.0.0.1:8081:80 -v $MX_TEST_CWD/test/nginx.conf:/etc/nginx/nginx.conf:ro -d nginx
+    - yarn install
+    - npx ts-node src/appservice/cli.ts -r -u "http://host.docker.internal:9000"
+    - cp mjolnir-registration.yaml $MX_TEST_SYNAPSE_DIR/data/
   after:
     # Wait until Synapse is ready
     - until curl localhost:9999 --stderr /dev/null > /dev/null; do echo "Waiting for Synapse..."; sleep 1s; done
@@ -14,12 +22,13 @@ run:
 
 down:
   finally:
+    - docker stop mjolnir-test-postgres || true
     - docker stop mjolnir-test-reverse-proxy || true
 
 modules:
   - name: mjolnir
     build:
-      - cp -r synapse_antispam $MX_TEST_MODULE_DIR
+      - cp -r synapse_antispam $MX_TEST_MODULE_DIR/
     config:
       module: mjolnir.Module
       config: {}
@@ -34,6 +43,9 @@ homeserver:
   enable_registration: true
   enable_registration_without_verification: true
 
+  app_service_config_files:
+    - "/data/mjolnir-registration.yaml"
+
   # We remove rc_message so we can test rate limiting,
   # but we keep the others because of https://github.com/matrix-org/synapse/issues/11785
   # and we don't want to slow integration tests down.
 
@@ -14,37 +14,44 @@
     "start:dev": "yarn build && node --async-stack-traces lib/index.js",
     "test": "ts-mocha --project ./tsconfig.json test/commands/**/*.ts",
     "test:integration": "NODE_ENV=harness ts-mocha --async-stack-traces --require test/integration/fixtures.ts --timeout 300000 --project ./tsconfig.json \"test/integration/**/*Test.ts\"",
+    "test:appservice:integration": "NODE_ENV=harness ts-mocha --async-stack-traces --timeout 300000 --project ./tsconfig.json \"test/appservice/integration/**/*Test.ts\"",
     "test:manual": "NODE_ENV=harness ts-node test/integration/manualLaunchScript.ts",
     "version": "sed -i '/# version automated/s/[0-9][0-9]*\\.[0-9][0-9]*\\.[0-9][0-9]*/'$npm_package_version'/' synapse_antispam/setup.py && git add synapse_antispam/setup.py && cat synapse_antispam/setup.py"
   },
   "devDependencies": {
     "@types/crypto-js": "^4.0.2",
+    "@types/express": "^4.17.13",
     "@types/html-to-text": "^8.0.1",
     "@types/humanize-duration": "^3.27.1",
     "@types/js-yaml": "^4.0.5",
     "@types/jsdom": "^16.2.11",
     "@types/mocha": "^9.0.0",
+    "@types/nedb": "^1.8.12",
     "@types/node": "^16.7.10",
+    "@types/pg": "^8.6.5",
+    "@types/request": "^2.48.8",
     "@types/shell-quote": "1.7.1",
     "crypto-js": "^4.1.1",
     "eslint": "^7.32",
     "expect": "^27.0.6",
     "mocha": "^9.0.1",
     "ts-mocha": "^9.0.2",
     "tslint": "^6.1.3",
-    "typescript": "^4.3.5",
+    "typescript": "^4.8.4",
     "typescript-formatter": "^7.2"
   },
   "dependencies": {
     "await-lock": "^2.2.2",
+    "body-parser": "^1.20.1",
     "express": "^4.17",
     "html-to-text": "^8.0.0",
     "humanize-duration": "^3.27.1",
     "humanize-duration-ts": "^2.1.1",
     "js-yaml": "^4.1.0",
     "jsdom": "^16.6.0",
-    "matrix-bot-sdk": "^0.5.19",
+    "matrix-appservice-bridge": "^5.0.0",
     "parse-duration": "^1.0.2",
+    "pg": "^8.8.0",
     "shell-quote": "^1.7.3",
     "yaml": "^2.1.1"
   },
 
@@ -0,0 +1,66 @@
+/*
+Copyright 2022 The Matrix.org Foundation C.I.C.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+import { Bridge } from "matrix-appservice-bridge";
+import AccessControlUnit, { EntityAccess } from "../models/AccessControlUnit";
+import PolicyList from "../models/PolicyList";
+import { Permalinks } from "matrix-bot-sdk";
+
+/**
+ * Utility to manage which users have access to the application service,
+ * meaning whether a user is able to provision a mjolnir or continue to use one.
+ * Internally we use a policy list within matrix to determine who has access via the `AccessControlUnit`.
+ */
+export class AccessControl {
+
+    private constructor(
+        private readonly accessControlList: PolicyList,
+        private readonly accessControlUnit: AccessControlUnit
+        ) {
+    }
+
+    /**
+     * Construct and initialize access control for the `MjolnirAppService`.
+     * @param accessControlListId The room id of a policy list used to manage access to the appservice (who can provision & use mjolniren)
+     * @param bridge The matrix-appservice-bridge, used to get the appservice bot.
+     * @returns A new instance of `AccessControl` to be used by `MjolnirAppService`.
+     */
+    public static async setupAccessControl(
+        /** The room id for the access control list. */
+        accessControlListId: string,
+        bridge: Bridge,
+    ): Promise<AccessControl> {
+        await bridge.getBot().getClient().joinRoom(accessControlListId);
+        const accessControlList = new PolicyList(
+            accessControlListId,
+            Permalinks.forRoom(accessControlListId),
+            bridge.getBot().getClient()
+        );
+        const accessControlUnit = new AccessControlUnit([accessControlList]);
+        await accessControlList.updateList();
+        return new AccessControl(accessControlList, accessControlUnit);
+    }
+
+    public handleEvent(roomId: string, event: any) {
+        if (roomId === this.accessControlList.roomId) {
+            this.accessControlList.updateForEvent(event);
+        }
+    }
+
+    public getUserAccess(mxid: string): EntityAccess {
+        return this.accessControlUnit.getAccessForUser(mxid, "CHECK_SERVER");
+    }
+}