[TODO: REMOVE replace DIRECTIVE] Fix NewAuthEvents call-sites for GMSL update

neilalexander · neilalexander · commit afcb910253fa · 2024-12-13T15:48:27.000Z
diff --git a/clientapi/routing/sendevent.go b/clientapi/routing/sendevent.go
@@ -414,8 +414,14 @@ func generateSendEvent(
 	for i := range queryRes.StateEvents {
 		stateEvents[i] = queryRes.StateEvents[i].PDU
 	}
-	provider := gomatrixserverlib.NewAuthEvents(gomatrixserverlib.ToPDUs(stateEvents))
-	if err = gomatrixserverlib.Allowed(e.PDU, &provider, func(roomID spec.RoomID, senderID spec.SenderID) (*spec.UserID, error) {
+	provider, err := gomatrixserverlib.NewAuthEvents(gomatrixserverlib.ToPDUs(stateEvents))
+	if err != nil {
+		return nil, &util.JSONResponse{
+			Code: http.StatusForbidden,
+			JSON: spec.Forbidden(err.Error()),
+		}
+	}
+	if err = gomatrixserverlib.Allowed(e.PDU, provider, func(roomID spec.RoomID, senderID spec.SenderID) (*spec.UserID, error) {
 		return rsAPI.QueryUserIDForSender(ctx, *validRoomID, senderID)
 	}); err != nil {
 		return nil, &util.JSONResponse{
diff --git a/federationapi/routing/threepid.go b/federationapi/routing/threepid.go
@@ -344,7 +344,7 @@ func buildMembershipEvent(
 	protoEvent.Depth = queryRes.Depth
 	protoEvent.PrevEvents = queryRes.LatestEvents
 
-	authEvents := gomatrixserverlib.NewAuthEvents(nil)
+	authEvents, _ := gomatrixserverlib.NewAuthEvents(nil)
 
 	for i := range queryRes.StateEvents {
 		err = authEvents.AddEvent(queryRes.StateEvents[i].PDU)
@@ -357,7 +357,7 @@ func buildMembershipEvent(
 		return nil, err
 	}
 
-	refs, err := eventsNeeded.AuthEventReferences(&authEvents)
+	refs, err := eventsNeeded.AuthEventReferences(authEvents)
 	if err != nil {
 		return nil, err
 	}
@@ -421,7 +421,7 @@ func sendToRemoteServer(
 // found. Returning an error isn't necessary in this case as the event will be
 // rejected by gomatrixserverlib.
 func fillDisplayName(
-	builder *gomatrixserverlib.ProtoEvent, authEvents gomatrixserverlib.AuthEvents,
+	builder *gomatrixserverlib.ProtoEvent, authEvents *gomatrixserverlib.AuthEvents,
 ) error {
 	var content gomatrixserverlib.MemberContent
 	if err := json.Unmarshal(builder.Content, &content); err != nil {
diff --git a/go.mod b/go.mod
@@ -1,5 +1,7 @@
 module github.com/element-hq/dendrite
 
+replace github.com/matrix-org/gomatrixserverlib => github.com/neilalexander/gomatrixserverlib v0.0.0-20241213120227-3d48766ed855
+
 require (
 	github.com/Arceliar/phony v0.0.0-20220903101357-530938a4b13d
 	github.com/DATA-DOG/go-sqlmock v1.5.0
diff --git a/go.sum b/go.sum
@@ -237,8 +237,6 @@ github.com/matrix-org/go-sqlite3-js v0.0.0-20220419092513-28aa791a1c91 h1:s7fexw
 github.com/matrix-org/go-sqlite3-js v0.0.0-20220419092513-28aa791a1c91/go.mod h1:e+cg2q7C7yE5QnAXgzo512tgFh1RbQLC0+jozuegKgo=
 github.com/matrix-org/gomatrix v0.0.0-20220926102614-ceba4d9f7530 h1:kHKxCOLcHH8r4Fzarl4+Y3K5hjothkVW5z7T1dUM11U=
 github.com/matrix-org/gomatrix v0.0.0-20220926102614-ceba4d9f7530/go.mod h1:/gBX06Kw0exX1HrwmoBibFA98yBk/jxKpGVeyQbff+s=
-github.com/matrix-org/gomatrixserverlib v0.0.0-20240910190622-2c764912ce93 h1:FbyZ/xkeBVYHi2xfwAVaNmDhP+4HNbt9e6ucOR+jvBk=
-github.com/matrix-org/gomatrixserverlib v0.0.0-20240910190622-2c764912ce93/go.mod h1:HZGsVJ3bUE+DkZtufkH9H0mlsvbhEGK5CpX0Zlavylg=
 github.com/matrix-org/pinecone v0.11.1-0.20230810010612-ea4c33717fd7 h1:6t8kJr8i1/1I5nNttw6nn1ryQJgzVlBmSGgPiiaTdw4=
 github.com/matrix-org/pinecone v0.11.1-0.20230810010612-ea4c33717fd7/go.mod h1:ReWMS/LoVnOiRAdq9sNUC2NZnd1mZkMNB52QhpTRWjg=
 github.com/matrix-org/util v0.0.0-20221111132719-399730281e66 h1:6z4KxomXSIGWqhHcfzExgkH3Z3UkIXry4ibJS4Aqz2Y=
@@ -281,6 +279,8 @@ github.com/nats-io/nuid v1.0.1 h1:5iA8DT8V7q8WK2EScv2padNa/rTESc1KdnPw4TC2paw=
 github.com/nats-io/nuid v1.0.1/go.mod h1:19wcPz3Ph3q0Jbyiqsd0kePYG7A95tJPxeL+1OSON2c=
 github.com/ncruces/go-strftime v0.1.9 h1:bY0MQC28UADQmHmaF5dgpLmImcShSi2kHU9XLdhx/f4=
 github.com/ncruces/go-strftime v0.1.9/go.mod h1:Fwc5htZGVVkseilnfgOVb9mKy6w1naJmn9CehxcKcls=
+github.com/neilalexander/gomatrixserverlib v0.0.0-20241213120227-3d48766ed855 h1:CEeYH/JKmR1twVV6DKOHspk2aEibg2CyHK+cPBXkUmI=
+github.com/neilalexander/gomatrixserverlib v0.0.0-20241213120227-3d48766ed855/go.mod h1:qil34SWn6VB6gO5312rzziCUcZtgROPjrLE+4ly/0os=
 github.com/nfnt/resize v0.0.0-20180221191011-83c6a9932646 h1:zYyBkD/k9seD2A7fsi6Oo2LfFZAehjjQMERAvZLEDnQ=
 github.com/nfnt/resize v0.0.0-20180221191011-83c6a9932646/go.mod h1:jpp1/29i3P1S/RLdc7JQKbRpFeM1dOBd8T9ki5s+AY8=
 github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno=
diff --git a/internal/eventutil/events.go b/internal/eventutil/events.go
@@ -123,7 +123,10 @@ func addPrevEventsToEvent(
 
 	builder.Depth = queryRes.Depth
 
-	authEvents := gomatrixserverlib.NewAuthEvents(nil)
+	authEvents, err := gomatrixserverlib.NewAuthEvents(nil)
+	if err != nil {
+		return fmt.Errorf("gomatrixserverlib.NewAuthEvents: %w", err)
+	}
 
 	for i := range queryRes.StateEvents {
 		err := authEvents.AddEvent(queryRes.StateEvents[i].PDU)
@@ -132,7 +135,7 @@ func addPrevEventsToEvent(
 		}
 	}
 
-	refs, err := eventsNeeded.AuthEventReferences(&authEvents)
+	refs, err := eventsNeeded.AuthEventReferences(authEvents)
 	if err != nil {
 		return fmt.Errorf("eventsNeeded.AuthEventReferences: %w", err)
 	}
diff --git a/roomserver/internal/input/input_events.go b/roomserver/internal/input/input_events.go
@@ -285,15 +285,15 @@ func (r *Inputer) processRoomEvent(
 
 	// Check that the auth events of the event are known.
 	// If they aren't then we will ask the federation API for them.
-	authEvents := gomatrixserverlib.NewAuthEvents(nil)
+	authEvents, _ := gomatrixserverlib.NewAuthEvents(nil)
 	knownEvents := map[string]*types.Event{}
-	if err = r.fetchAuthEvents(ctx, logger, roomInfo, virtualHost, headered, &authEvents, knownEvents, serverRes.ServerNames); err != nil {
+	if err = r.fetchAuthEvents(ctx, logger, roomInfo, virtualHost, headered, authEvents, knownEvents, serverRes.ServerNames); err != nil {
 		return fmt.Errorf("r.fetchAuthEvents: %w", err)
 	}
 
 	// Check if the event is allowed by its auth events. If it isn't then
 	// we consider the event to be "rejected" — it will still be persisted.
-	if err = gomatrixserverlib.Allowed(event, &authEvents, func(roomID spec.RoomID, senderID spec.SenderID) (*spec.UserID, error) {
+	if err = gomatrixserverlib.Allowed(event, authEvents, func(roomID spec.RoomID, senderID spec.SenderID) (*spec.UserID, error) {
 		return r.Queryer.QueryUserIDForSender(ctx, roomID, senderID)
 	}); err != nil {
 		isRejected = true
@@ -640,10 +640,14 @@ func (r *Inputer) processStateBefore(
 	// At this point, stateBeforeEvent should be populated either by
 	// the supplied state in the input request, or from the prev events.
 	// Check whether the event is allowed or not.
-	stateBeforeAuth := gomatrixserverlib.NewAuthEvents(
+	stateBeforeAuth, err := gomatrixserverlib.NewAuthEvents(
 		gomatrixserverlib.ToPDUs(stateBeforeEvent),
 	)
-	if rejectionErr = gomatrixserverlib.Allowed(event, &stateBeforeAuth, func(roomID spec.RoomID, senderID spec.SenderID) (*spec.UserID, error) {
+	if err != nil {
+		rejectionErr = fmt.Errorf("NewAuthEvents failed: %w", err)
+		return
+	}
+	if rejectionErr = gomatrixserverlib.Allowed(event, stateBeforeAuth, func(roomID spec.RoomID, senderID spec.SenderID) (*spec.UserID, error) {
 		return r.Queryer.QueryUserIDForSender(ctx, roomID, senderID)
 	}); rejectionErr != nil {
 		rejectionErr = fmt.Errorf("Allowed() failed for stateBeforeEvent: %w", rejectionErr)
diff --git a/roomserver/internal/input/input_events_test.go b/roomserver/internal/input/input_events_test.go
@@ -50,15 +50,15 @@ func Test_EventAuth(t *testing.T) {
 	}, test.WithStateKey(bob.ID), test.WithAuthIDs(authEventIDs))
 
 	// Add the auth events to the allower
-	allower := gomatrixserverlib.NewAuthEvents(nil)
+	allower, _ := gomatrixserverlib.NewAuthEvents(nil)
 	for _, a := range authEvents {
 		if err := allower.AddEvent(a); err != nil {
 			t.Fatalf("allower.AddEvent failed: %v", err)
 		}
 	}
 
 	// Finally check that the event is NOT allowed
-	if err := gomatrixserverlib.Allowed(ev.PDU, &allower, func(roomID spec.RoomID, senderID spec.SenderID) (*spec.UserID, error) {
+	if err := gomatrixserverlib.Allowed(ev.PDU, allower, func(roomID spec.RoomID, senderID spec.SenderID) (*spec.UserID, error) {
 		return spec.NewUserID(string(senderID), true)
 	}); err == nil {
 		t.Fatalf("event should not be allowed, but it was")
diff --git a/roomserver/internal/input/input_missing.go b/roomserver/internal/input/input_missing.go
@@ -961,14 +961,14 @@ serverLoop:
 }
 
 func checkAllowedByState(e gomatrixserverlib.PDU, stateEvents []gomatrixserverlib.PDU, userIDForSender spec.UserIDForSender) error {
-	authUsingState := gomatrixserverlib.NewAuthEvents(nil)
+	authUsingState, _ := gomatrixserverlib.NewAuthEvents(nil)
 	for i := range stateEvents {
 		err := authUsingState.AddEvent(stateEvents[i])
 		if err != nil {
 			return err
 		}
 	}
-	return gomatrixserverlib.Allowed(e, &authUsingState, userIDForSender)
+	return gomatrixserverlib.Allowed(e, authUsingState, userIDForSender)
 }
 
 func (t *missingStateReq) hadEvent(eventID string) {
diff --git a/roomserver/internal/perform/perform_create_room.go b/roomserver/internal/perform/perform_create_room.go
@@ -343,7 +343,7 @@ func (c *Creator) PerformCreateRoom(ctx context.Context, userID spec.UserID, roo
 	// TODO: 3pid invite events
 
 	var builtEvents []*types.HeaderedEvent
-	authEvents := gomatrixserverlib.NewAuthEvents(nil)
+	authEvents, _ := gomatrixserverlib.NewAuthEvents(nil)
 	if err != nil {
 		util.GetLogger(ctx).WithError(err).Error("rsapi.QuerySenderIDForUser failed")
 		return "", &util.JSONResponse{
@@ -373,7 +373,7 @@ func (c *Creator) PerformCreateRoom(ctx context.Context, userID spec.UserID, roo
 			builder.PrevEvents = []string{builtEvents[i-1].EventID()}
 		}
 		var ev gomatrixserverlib.PDU
-		if err = builder.AddAuthEvents(&authEvents); err != nil {
+		if err = builder.AddAuthEvents(authEvents); err != nil {
 			util.GetLogger(ctx).WithError(err).Error("AddAuthEvents failed")
 			return "", &util.JSONResponse{
 				Code: http.StatusInternalServerError,
@@ -389,7 +389,7 @@ func (c *Creator) PerformCreateRoom(ctx context.Context, userID spec.UserID, roo
 			}
 		}
 
-		if err = gomatrixserverlib.Allowed(ev, &authEvents, func(roomID spec.RoomID, senderID spec.SenderID) (*spec.UserID, error) {
+		if err = gomatrixserverlib.Allowed(ev, authEvents, func(roomID spec.RoomID, senderID spec.SenderID) (*spec.UserID, error) {
 			return c.RSAPI.QueryUserIDForSender(ctx, roomID, senderID)
 		}); err != nil {
 			util.GetLogger(ctx).WithError(err).Error("gomatrixserverlib.Allowed failed")
diff --git a/roomserver/internal/perform/perform_upgrade.go b/roomserver/internal/perform/perform_upgrade.go
@@ -470,7 +470,7 @@ func (r *Upgrader) generateInitialEvents(ctx context.Context, oldRoom *api.Query
 func (r *Upgrader) sendInitialEvents(ctx context.Context, evTime time.Time, senderID spec.SenderID, userDomain spec.ServerName, newRoomID string, newVersion gomatrixserverlib.RoomVersion, eventsToMake []gomatrixserverlib.FledglingEvent) error {
 	var err error
 	var builtEvents []*types.HeaderedEvent
-	authEvents := gomatrixserverlib.NewAuthEvents(nil)
+	authEvents, _ := gomatrixserverlib.NewAuthEvents(nil)
 	for i, e := range eventsToMake {
 		depth := i + 1 // depth starts at 1
 
@@ -495,7 +495,7 @@ func (r *Upgrader) sendInitialEvents(ctx context.Context, evTime time.Time, send
 			return err
 		}
 		builder := verImpl.NewEventBuilderFromProtoEvent(&proto)
-		if err = builder.AddAuthEvents(&authEvents); err != nil {
+		if err = builder.AddAuthEvents(authEvents); err != nil {
 			return err
 		}
 
@@ -506,7 +506,7 @@ func (r *Upgrader) sendInitialEvents(ctx context.Context, evTime time.Time, send
 
 		}
 
-		if err = gomatrixserverlib.Allowed(event, &authEvents, func(roomID spec.RoomID, senderID spec.SenderID) (*spec.UserID, error) {
+		if err = gomatrixserverlib.Allowed(event, authEvents, func(roomID spec.RoomID, senderID spec.SenderID) (*spec.UserID, error) {
 			return r.URSAPI.QueryUserIDForSender(ctx, roomID, senderID)
 		}); err != nil {
 			return fmt.Errorf("Failed to auth new %q event: %w", builder.Type, err)
@@ -586,8 +586,11 @@ func (r *Upgrader) makeHeaderedEvent(ctx context.Context, evTime time.Time, send
 	for i := range queryRes.StateEvents {
 		stateEvents[i] = queryRes.StateEvents[i].PDU
 	}
-	provider := gomatrixserverlib.NewAuthEvents(stateEvents)
-	if err = gomatrixserverlib.Allowed(headeredEvent.PDU, &provider, func(roomID spec.RoomID, senderID spec.SenderID) (*spec.UserID, error) {
+	provider, err := gomatrixserverlib.NewAuthEvents(stateEvents)
+	if err != nil {
+		return nil, err
+	}
+	if err = gomatrixserverlib.Allowed(headeredEvent.PDU, provider, func(roomID spec.RoomID, senderID spec.SenderID) (*spec.UserID, error) {
 		return r.URSAPI.QueryUserIDForSender(ctx, roomID, senderID)
 	}); err != nil {
 		return nil, api.ErrNotAllowed{Err: fmt.Errorf("failed to auth new %q event: %w", proto.Type, err)} // TODO: Is this error string comprehensible to the client?
diff --git a/test/room.go b/test/room.go
@@ -43,7 +43,7 @@ type Room struct {
 	visibility   gomatrixserverlib.HistoryVisibility
 	creator      *User
 
-	authEvents   gomatrixserverlib.AuthEvents
+	authEvents   *gomatrixserverlib.AuthEvents
 	currentState map[string]*rstypes.HeaderedEvent
 	events       []*rstypes.HeaderedEvent
 }
@@ -55,10 +55,11 @@ func NewRoom(t *testing.T, creator *User, modifiers ...roomModifier) *Room {
 	if creator.srvName == "" {
 		t.Fatalf("NewRoom: creator doesn't belong to a server: %+v", *creator)
 	}
+	authEvents, _ := gomatrixserverlib.NewAuthEvents(nil)
 	r := &Room{
 		ID:           fmt.Sprintf("!%d:%s", counter, creator.srvName),
 		creator:      creator,
-		authEvents:   gomatrixserverlib.NewAuthEvents(nil),
+		authEvents:   authEvents,
 		preset:       PresetPublicChat,
 		Version:      gomatrixserverlib.RoomVersionV9,
 		currentState: make(map[string]*rstypes.HeaderedEvent),
@@ -73,7 +74,7 @@ func NewRoom(t *testing.T, creator *User, modifiers ...roomModifier) *Room {
 
 func (r *Room) MustGetAuthEventRefsForEvent(t *testing.T, needed gomatrixserverlib.StateNeeded) []string {
 	t.Helper()
-	a, err := needed.AuthEventReferences(&r.authEvents)
+	a, err := needed.AuthEventReferences(r.authEvents)
 	if err != nil {
 		t.Fatalf("MustGetAuthEvents: %v", err)
 	}
@@ -175,7 +176,7 @@ func (r *Room) CreateEvent(t *testing.T, creator *User, eventType string, conten
 		builder.PrevEvents = []string{r.events[len(r.events)-1].EventID()}
 	}
 
-	err = builder.AddAuthEvents(&r.authEvents)
+	err = builder.AddAuthEvents(r.authEvents)
 	if err != nil {
 		t.Fatalf("CreateEvent[%s]: failed to AuthEventReferences: %s", eventType, err)
 	}
@@ -191,7 +192,7 @@ func (r *Room) CreateEvent(t *testing.T, creator *User, eventType string, conten
 	if err != nil {
 		t.Fatalf("CreateEvent[%s]: failed to build event: %s", eventType, err)
 	}
-	if err = gomatrixserverlib.Allowed(ev, &r.authEvents, UserIDForSender); err != nil {
+	if err = gomatrixserverlib.Allowed(ev, r.authEvents, UserIDForSender); err != nil {
 		t.Fatalf("CreateEvent[%s]: failed to verify event was allowed: %s", eventType, err)
 	}
 	headeredEvent := &rstypes.HeaderedEvent{PDU: ev}

Original file line number	Diff line number	Diff line change
`@@ -123,7 +123,10 @@ func addPrevEventsToEvent(`
`123`	`123`
`124`	`124`	`builder.Depth = queryRes.Depth`
`125`	`125`
`126`		`- authEvents := gomatrixserverlib.NewAuthEvents(nil)`
	`126`	`+ authEvents, err := gomatrixserverlib.NewAuthEvents(nil)`
	`127`	`+ if err != nil {`
	`128`	`+ return fmt.Errorf("gomatrixserverlib.NewAuthEvents: %w", err)`
	`129`	`+ }`
`127`	`130`
`128`	`131`	`for i := range queryRes.StateEvents {`
`129`	`132`	`err := authEvents.AddEvent(queryRes.StateEvents[i].PDU)`
`@@ -132,7 +135,7 @@ func addPrevEventsToEvent(`
`132`	`135`	`}`
`133`	`136`	`}`
`134`	`137`
`135`		`- refs, err := eventsNeeded.AuthEventReferences(&authEvents)`
	`138`	`+ refs, err := eventsNeeded.AuthEventReferences(authEvents)`
`136`	`139`	`if err != nil {`
`137`	`140`	`return fmt.Errorf("eventsNeeded.AuthEventReferences: %w", err)`
`138`	`141`	`}`
Original file line number	Diff line number	Diff line change
`@@ -961,14 +961,14 @@ serverLoop:`
`961`	`961`	`}`
`962`	`962`
`963`	`963`	`func checkAllowedByState(e gomatrixserverlib.PDU, stateEvents []gomatrixserverlib.PDU, userIDForSender spec.UserIDForSender) error {`
`964`		`- authUsingState := gomatrixserverlib.NewAuthEvents(nil)`
	`964`	`+ authUsingState, _ := gomatrixserverlib.NewAuthEvents(nil)`
`965`	`965`	`for i := range stateEvents {`
`966`	`966`	`err := authUsingState.AddEvent(stateEvents[i])`
`967`	`967`	`if err != nil {`
`968`	`968`	`return err`
`969`	`969`	`}`
`970`	`970`	`}`
`971`		`- return gomatrixserverlib.Allowed(e, &authUsingState, userIDForSender)`
	`971`	`+ return gomatrixserverlib.Allowed(e, authUsingState, userIDForSender)`
`972`	`972`	`}`
`973`	`973`
`974`	`974`	`func (t *missingStateReq) hadEvent(eventID string) {`