Actualy read appservice users, but don't insert them

sandhose · sandhose · commit af9924372e13 · 2025-02-18T11:20:15.000+01:00
diff --git a/crates/syn2mas/src/migration.rs b/crates/syn2mas/src/migration.rs
@@ -84,6 +84,7 @@ bitflags::bitflags! {
         const IS_SYNAPSE_ADMIN = 0b0000_0001;
         const IS_DEACTIVATED = 0b0000_0010;
         const IS_GUEST = 0b0000_0100;
+        const IS_APPSERVICE = 0b0000_1000;
     }
 }
 
@@ -99,6 +100,10 @@ impl UserFlags {
     const fn is_synapse_admin(self) -> bool {
         self.contains(UserFlags::IS_SYNAPSE_ADMIN)
     }
+
+    const fn is_appservice(self) -> bool {
+        self.contains(UserFlags::IS_APPSERVICE)
+    }
 }
 
 #[derive(Debug, Clone, Copy)]
@@ -254,6 +259,21 @@ async fn migrate_users(
                     flags |= UserFlags::IS_GUEST;
                 }
 
+                if user.appservice_id.is_some() {
+                    flags |= UserFlags::IS_APPSERVICE;
+
+                    // Special case for appservice users: we don't insert them into the database
+                    // We just record the user's information in the state and continue
+                    state.users.insert(
+                        CompactString::new(&mas_user.username),
+                        UserInfo {
+                            mas_user_id: Uuid::nil(),
+                            flags,
+                        },
+                    );
+                    continue;
+                }
+
                 state.users.insert(
                     CompactString::new(&mas_user.username),
                     UserInfo {
@@ -349,10 +369,6 @@ async fn migrate_threepids(
             continue;
         };
         let Some(user_infos) = state.users.get(username.as_str()).copied() else {
-            if is_likely_appservice(&username) {
-                continue;
-            }
-
             // HACK(matrix.org): we seem to have many threepids for unknown users
             if state.users.contains_key(username.to_lowercase().as_str()) {
                 tracing::warn!(mxid = %synapse_user_id, "Threepid found in the database matching an MXID with the wrong casing");
@@ -365,6 +381,10 @@ async fn migrate_threepids(
             });
         };
 
+        if user_infos.flags.is_appservice() {
+            continue;
+        }
+
         if medium == "email" {
             email_buffer
                 .write(
@@ -444,15 +464,16 @@ async fn migrate_external_ids(
             .into_extract_localpart(synapse_user_id.clone())?
             .to_owned();
         let Some(user_infos) = state.users.get(username.as_str()).copied() else {
-            if is_likely_appservice(&username) {
-                continue;
-            }
             return Err(Error::MissingUserFromDependentTable {
                 table: "user_external_ids".to_owned(),
                 user: synapse_user_id,
             });
         };
 
+        if user_infos.flags.is_appservice() {
+            continue;
+        }
+
         let Some(&upstream_provider_id) = state.provider_id_mapping.get(&auth_provider) else {
             return Err(Error::MissingAuthProviderMapping {
                 synapse_id: auth_provider,
@@ -534,16 +555,16 @@ async fn migrate_devices(
                     .into_extract_localpart(synapse_user_id.clone())?
                     .to_owned();
                 let Some(user_infos) = state.users.get(username.as_str()).copied() else {
-                    if is_likely_appservice(&username) {
-                        continue;
-                    }
                     return Err(Error::MissingUserFromDependentTable {
                         table: "devices".to_owned(),
                         user: synapse_user_id,
                     });
                 };
 
-                if user_infos.flags.is_deactivated() || user_infos.flags.is_guest() {
+                if user_infos.flags.is_deactivated()
+                    || user_infos.flags.is_guest()
+                    || user_infos.flags.is_appservice()
+                {
                     continue;
                 }
 
@@ -663,16 +684,16 @@ async fn migrate_unrefreshable_access_tokens(
                     .into_extract_localpart(synapse_user_id.clone())?
                     .to_owned();
                 let Some(user_infos) = state.users.get(username.as_str()).copied() else {
-                    if is_likely_appservice(&username) {
-                        continue;
-                    }
                     return Err(Error::MissingUserFromDependentTable {
                         table: "access_tokens".to_owned(),
                         user: synapse_user_id,
                     });
                 };
 
-                if user_infos.flags.is_deactivated() || user_infos.flags.is_guest() {
+                if user_infos.flags.is_deactivated()
+                    || user_infos.flags.is_guest()
+                    || user_infos.flags.is_appservice()
+                {
                     continue;
                 }
 
@@ -806,16 +827,16 @@ async fn migrate_refreshable_token_pairs(
             .into_extract_localpart(synapse_user_id.clone())?
             .to_owned();
         let Some(user_infos) = state.users.get(username.as_str()).copied() else {
-            if is_likely_appservice(&username) {
-                continue;
-            }
             return Err(Error::MissingUserFromDependentTable {
                 table: "refresh_tokens".to_owned(),
                 user: synapse_user_id,
             });
         };
 
-        if user_infos.flags.is_deactivated() || user_infos.flags.is_guest() {
+        if user_infos.flags.is_deactivated()
+            || user_infos.flags.is_guest()
+            || user_infos.flags.is_appservice()
+        {
             continue;
         }
 
@@ -917,33 +938,3 @@ fn transform_user(
 
     Ok((new_user, mas_password))
 }
-
-/// Returns true if and only if the given localpart looks like it would belong
-/// to an application service user.
-/// The rule here is that it must start with an underscore.
-/// Synapse reserves these by default, but there is no hard rule prohibiting
-/// other namespaces from being reserved, so this is not a robust check.
-// TODO replace with a more robust mechanism, if we even care about this sanity check
-// e.g. read application service registration files.
-#[inline]
-fn is_likely_appservice(localpart: &str) -> bool {
-    // HACK(matrix.org): These are the namespaces we use on matrix.org
-    localpart.starts_with('_')
-        || localpart.starts_with("freenode_") // Freenode IRC bridge
-        || localpart.starts_with("slack_") // Slack bridge
-        || localpart.starts_with("torn_") // Torn IRC bridge
-        || localpart.starts_with("gitter_") // Gitter bridge
-        || localpart.starts_with("mozilla_") // Mozilla IRC bridge
-        || localpart.starts_with("w3c_") // W3C IRC bridge
-        || localpart.starts_with("fs_") // VoIP conference AS
-        // HACK(matrix.org): Sender localparts of those appservices
-        || localpart == "bifrost"
-        || localpart == "appservice-irc"
-        || localpart == "oftc-irc"
-        || localpart == "slackbot"
-        || localpart == "snoonet-irc"
-        || localpart == "torn-irc"
-        || localpart == "scalar"
-        || localpart == "gitterbot"
-        || localpart == "mozilla-irc"
-}
diff --git a/crates/syn2mas/src/synapse_reader/mod.rs b/crates/syn2mas/src/synapse_reader/mod.rs
@@ -192,6 +192,8 @@ pub struct SynapseUser {
     /// account!
     pub is_guest: SynapseBool,
     // TODO do we care about upgrade_ts (users who upgraded from guest accounts to real accounts)
+    /// The ID of the appservice that created this user, if any.
+    pub appservice_id: Option<String>,
 }
 
 /// Row of the `user_threepids` table in Synapse.
@@ -436,9 +438,8 @@ impl<'conn> SynapseReader<'conn> {
         sqlx::query_as(
             "
             SELECT
-              name, password_hash, admin, deactivated, creation_ts, is_guest
+              name, password_hash, admin, deactivated, creation_ts, is_guest, appservice_id
             FROM users
-            WHERE appservice_id IS NULL
             ",
         )
         .fetch(&mut *self.txn)
diff --git a/crates/syn2mas/src/synapse_reader/snapshots/syn2mas__synapse_reader__test__read_users.snap b/crates/syn2mas/src/synapse_reader/snapshots/syn2mas__synapse_reader__test__read_users.snap
@@ -22,5 +22,6 @@ expression: users
         is_guest: SynapseBool(
             false,
         ),
+        appservice_id: None,
     },
 }

Original file line number	Diff line number	Diff line change
`@@ -192,6 +192,8 @@ pub struct SynapseUser {`
`192`	`192`	`/// account!`
`193`	`193`	`pub is_guest: SynapseBool,`
`194`	`194`	`// TODO do we care about upgrade_ts (users who upgraded from guest accounts to real accounts)`
	`195`	`+ /// The ID of the appservice that created this user, if any.`
	`196`	`+ pub appservice_id: Option<String>,`
`195`	`197`	`}`
`196`	`198`
`197`	`199`	/// Row of the `user_threepids` table in Synapse.
`@@ -436,9 +438,8 @@ impl<'conn> SynapseReader<'conn> {`
`436`	`438`	`sqlx::query_as(`
`437`	`439`	`"`
`438`	`440`	`SELECT`
`439`		`- name, password_hash, admin, deactivated, creation_ts, is_guest`
	`441`	`+ name, password_hash, admin, deactivated, creation_ts, is_guest, appservice_id`
`440`	`442`	`FROM users`
`441`		`- WHERE appservice_id IS NULL`
`442`	`443`	`",`
`443`	`444`	`)`
`444`	`445`	`.fetch(&mut *self.txn)`
Original file line number	Diff line number	Diff line change
`@@ -22,5 +22,6 @@ expression: users`
`22`	`22`	`is_guest: SynapseBool(`
`23`	`23`	`false,`
`24`	`24`	`),`
	`25`	`+ appservice_id: None,`
`25`	`26`	`},`
`26`	`27`	`}`