Tidy up the web API

Gnuxie · Gnuxie · commit e26c847a4534 · 2022-11-04T13:02:09.000Z
diff --git a/src/appservice/Api.ts b/src/appservice/Api.ts
@@ -4,6 +4,9 @@ import * as bodyParser from "body-parser";
 import { MjolnirManager } from "./MjolnirManager";
 import * as http from "http";
 
+/**
+ * This provides a web api that is designed to power the mjolnir widget https://github.com/matrix-org/mjolnir-widget.
+ */
 export class Api {
     private httpdConfig: express.Express = express();
     private httpServer?: http.Server;
@@ -59,44 +62,58 @@ export class Api {
         this.httpServer = this.httpdConfig.listen(port);
     }
 
+    /**
+     * Finds the management room for a mjolnir.
+     * @param req.body.openId An OpenID token to verify the send of the request with.
+     * @param req.body.mxid   The mjolnir we want to find the management room for.
+     */
     private async pathGet(req: express.Request, response: express.Response) {
-        const accessToken = req.query["openId"];
+        const accessToken = req.body["openId"];
         if (accessToken === undefined) {
             response.status(401).send("unauthorised");
             return;
         }
 
-        const mjolnirId = req.query["mxid"];
+        const userId = await this.resolveAccessToken(accessToken);
+        if (userId === null) {
+            response.status(401).send("unauthorised");
+            return;
+        }
+
+        const mjolnirId = req.body["mxid"];
         if (mjolnirId === undefined) {
             response.status(400).send("invalid request");
             return;
         }
 
-        //const userId = await this.resolveAccessToken(accessToken);
-        // doesn't exist yet
-        //if (!this.appService.canSeeMjolnir(userId, mjolnirId)) {
-        if (false) {
-            response.status(403);
+        // TODO: getMjolnir can fail if the ownerId doesn't match the requesting userId.
+        const mjolnir = this.mjolnirManager.getMjolnir(mjolnirId, userId);
+        if (mjolnir === undefined) {
+            response.status(400).send("unknown mjolnir mxid");
             return;
         }
 
-        // doesn't exist yet
-        //const managementRoom = this.appService.managementRoomFor(mjolnirId);
-        const managementRoom = "!123456:matrix.org";
-        response.status(200).json({ managementRoom: managementRoom });
+        response.status(200).json({ managementRoom: mjolnir.managementRoomId });
     }
 
+    /**
+     * Return the mxids of mjolnirs that this user has provisioned.
+     * @param req.body.openId An OpenID token to verify the send of the request with.
+     */
     private async pathList(req: express.Request, response: express.Response) {
-        const accessToken = req.query["openId"];
+        const accessToken = req.body["openId"];
         if (accessToken === undefined) {
             response.status(401).send("unauthorised");
             return;
         }
 
-        //const userId = await this.resolveAccessToken(accessToken);
-        // doesn't exist yet
-        //const existing = this.appService.listForUser(userId);
-        const existing = ["@mjolnir_12345:matrix.org", "@mjolnir_12346:matrix.org"];
+        const userId = await this.resolveAccessToken(accessToken);
+        if (userId === null) {
+            response.status(401).send("unauthorised");
+            return;
+        }
+
+        const existing = this.mjolnirManager.getOwnedMjolnirs(userId)
         response.status(200).json(existing);
     }
 
@@ -131,6 +148,12 @@ export class Api {
         response.status(200).json({ mxid: mjolnirId, roomId: managementRoom });
     }
 
+    /**
+     * Request a mjolnir to join and protect a room.
+     * @param req.body.openId An OpenID token to verify the send of the request with.
+     * @param req.body.mxid   The mjolnir that should join the room.
+     * @param req.body.roomId The room that this mjolnir should join and protect.
+     */
     private async pathJoin(req: express.Request, response: express.Response) {
         const accessToken = req.body["openId"];
         if (accessToken === undefined) {
@@ -156,7 +179,8 @@ export class Api {
             return;
         }
 
-        const mjolnir = this.mjolnirManager.mjolnirs.get(mjolnirId);
+        // TODO: getMjolnir can fail if the ownerId doesn't match the requesting userId.
+        const mjolnir = this.mjolnirManager.getMjolnir(mjolnirId, userId);
         if (mjolnir === undefined) {
             response.status(400).send("unknown mjolnir mxid");
             return;
diff --git a/src/appservice/MjolnirManager.ts b/src/appservice/MjolnirManager.ts
@@ -15,7 +15,7 @@ import { randomUUID } from "crypto";
  * * Informing mjolnirs about new events.
  */
 export class MjolnirManager {
-    public readonly mjolnirs: Map</*the user id of the mjolnir*/string, ManagedMjolnir> = new Map();
+    private readonly mjolnirs: Map</*the user id of the mjolnir*/string, ManagedMjolnir> = new Map();
 
     private constructor(
         private readonly dataStore: DataStore,
@@ -39,11 +39,33 @@ export class MjolnirManager {
     }
 
     public async makeInstance(requestingUserId: string, managementRoomId: string, client: MatrixClient): Promise<ManagedMjolnir> {
-        const managedMjolnir = new ManagedMjolnir(await Mjolnir.setupMjolnirFromConfig(client, this.getDefaultMjolnirConfig(managementRoomId)));
+        const managedMjolnir = new ManagedMjolnir(
+            requestingUserId,
+            await Mjolnir.setupMjolnirFromConfig(client, this.getDefaultMjolnirConfig(managementRoomId))
+        );
         this.mjolnirs.set(await client.getUserId(), managedMjolnir);
         return managedMjolnir;
     }
 
+    public getMjolnir(mjolnirId: string, ownerId: string): ManagedMjolnir|undefined {
+        const mjolnir = this.mjolnirs.get(mjolnirId);
+        if (mjolnir) {
+            if (mjolnir.ownerId !== ownerId) {
+                throw new Error(`${mjolnirId} is owned by a different user to ${ownerId}`);
+            } else {
+                return mjolnir;
+            }
+        } else {
+            return undefined;
+        }
+    }
+
+    public getOwnedMjolnirs(ownerId: string): ManagedMjolnir[] {
+        // TODO we need to use the database for this but also provide the utility
+        // for going from a MjolnirRecord to a ManagedMjolnir.
+        return [...this.mjolnirs.values()].filter(mjolnir => mjolnir.ownerId !== ownerId);
+    }
+
     public onEvent(request: Request<WeakEvent>, context: BridgeContext) {
         // We honestly don't know how we're going to map from bridge to user
         // https://github.com/matrix-org/matrix-appservice-bridge/blob/6046d31c54d461ad53e6d6e244ce2d944b62f890/src/components/room-bridge-store.ts
@@ -111,7 +133,10 @@ export class MjolnirManager {
 // Isolating this mjolnir is going to require provisioning an access token just for this user to be useful.
 // We can use fork and node's IPC to inform the process of matrix evnets.
 export class ManagedMjolnir {
-    public constructor(private readonly mjolnir: Mjolnir) { }
+    public constructor(
+        public readonly ownerId: string,
+        private readonly mjolnir: Mjolnir,
+    ) { }
 
     public async onEvent(request: Request<WeakEvent>) {
         // phony sync.
@@ -147,4 +172,8 @@ export class ManagedMjolnir {
         const roomRef = Permalinks.forRoom(listRoomId);
         return await this.mjolnir.watchList(roomRef);
     }
+
+    public get managementRoomId(): string {
+        return this.mjolnir.managementRoomId;
+    }
 }
