Merge pull request #79 from matrix-org/travis/server-communities/02-text-api

Support server-centric communities being able to check text content against filters

Author: turt2live

api/api.go

@@ -1,9 +1,12 @@
 package api
 
 import (
+	"context"
 	"log"
 	"net/http"
+	"time"
 
+	"github.com/matrix-org/policyserv/community"
 	"github.com/matrix-org/policyserv/homeserver"
 	"github.com/matrix-org/policyserv/metrics"
 	"github.com/matrix-org/policyserv/storage"
@@ -16,18 +19,20 @@ type Config struct {
 }
 
 type Api struct {
-	storage       storage.PersistentStorage
-	hs            *homeserver.Homeserver
-	apiKey        string
-	joinViaServer string
+	storage          storage.PersistentStorage
+	hs               *homeserver.Homeserver
+	communityManager *community.Manager
+	apiKey           string
+	joinViaServer    string
 }
 
-func NewApi(config *Config, storage storage.PersistentStorage, hs *homeserver.Homeserver) (*Api, error) {
+func NewApi(config *Config, storage storage.PersistentStorage, hs *homeserver.Homeserver, communityManager *community.Manager) (*Api, error) {
 	return &Api{
-		storage:       storage,
-		hs:            hs,
-		apiKey:        config.ApiKey,
-		joinViaServer: config.JoinViaServer,
+		storage:          storage,
+		hs:               hs,
+		communityManager: communityManager,
+		apiKey:           config.ApiKey,
+		joinViaServer:    config.JoinViaServer,
 	}, nil
 }
 
@@ -49,11 +54,46 @@ func (a *Api) httpAuthenticatedRequestHandler(upstream func(api *Api, w http.Res
 	})
 }
 
+func (a *Api) httpCommunityAuthenticatedRequestHandler(upstream func(api *Api, community *storage.StoredCommunity, w http.ResponseWriter, r *http.Request)) http.Handler {
+	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		authHeader := r.Header.Get("Authorization")
+		if len(authHeader) <= len("Bearer ") {
+			defer metrics.RecordHttpResponse(r.Method, "httpCommunityAuthenticatedRequestHandler", http.StatusUnauthorized)
+			homeserver.MatrixHttpError(w, http.StatusUnauthorized, "M_UNAUTHORIZED", "Not allowed")
+			return
+		}
+
+		// Set a quick timeout that only affects the community lookup/authentication
+		fastContext, cancel := context.WithTimeout(r.Context(), 2*time.Second)
+		defer cancel()
+
+		accessToken := authHeader[len("Bearer "):]
+		community, err := a.storage.GetCommunityByAccessToken(fastContext, accessToken)
+		if err != nil {
+			log.Println(err)
+			defer metrics.RecordHttpResponse(r.Method, "httpCommunityAuthenticatedRequestHandler", http.StatusInternalServerError)
+			homeserver.MatrixHttpError(w, http.StatusInternalServerError, "M_UNKNOWN", "Server error")
+			return
+		}
+		if community == nil {
+			defer metrics.RecordHttpResponse(r.Method, "httpCommunityAuthenticatedRequestHandler", http.StatusUnauthorized)
+			homeserver.MatrixHttpError(w, http.StatusUnauthorized, "M_UNAUTHORIZED", "Not allowed")
+			return
+		}
+
+		upstream(a, community, w, r)
+	})
+}
+
 func (a *Api) BindTo(mux *http.ServeMux) error {
 	mux.Handle("/", a.httpRequestHandler(httpCatchAll))
 	mux.Handle("/health", a.httpRequestHandler(httpHealth))
 	mux.Handle("/ready", a.httpRequestHandler(httpReady))
 
+	// Server-centric community API
+	mux.Handle("/_policyserv/v1/check/text", a.httpCommunityAuthenticatedRequestHandler(httpCheckTextCommunityApi))
+
+	// Admin API
 	if a.apiKey != "" {
 		log.Println("Enabling policyserv API")
 		mux.Handle("/api/v1/rooms", a.httpAuthenticatedRequestHandler(httpGetRoomsApi))
@@ -63,6 +103,7 @@ func (a *Api) BindTo(mux *http.ServeMux) error {
 		mux.Handle("/api/v1/communities/new", a.httpAuthenticatedRequestHandler(httpCreateCommunityApi))
 		mux.Handle("/api/v1/communities/{id}", a.httpAuthenticatedRequestHandler(httpGetCommunityApi))
 		mux.Handle("/api/v1/communities/{id}/config", a.httpAuthenticatedRequestHandler(httpSetCommunityConfigApi))
+		mux.Handle("/api/v1/communities/{id}/rotate_access_token", a.httpAuthenticatedRequestHandler(httpRotateCommunityAccessTokenApi))
 		mux.Handle("/api/v1/instance/community_config", a.httpAuthenticatedRequestHandler(httpGetInstanceConfigApi))
 		mux.Handle("/api/v1/sources/muninn/set_member_directory_event", a.httpAuthenticatedRequestHandler(httpSetMuninnSourceData))
 		mux.Handle("/api/v1/keyword_templates/{name}", a.httpAuthenticatedRequestHandler(httpKeywordTemplates))

api/api_test.go

@@ -1,6 +1,7 @@
 package api
 
 import (
+	"context"
 	"crypto/ed25519"
 	"net/http"
 	"net/http/httptest"
@@ -9,7 +10,9 @@ import (
 	"github.com/matrix-org/policyserv/community"
 	"github.com/matrix-org/policyserv/config"
 	"github.com/matrix-org/policyserv/homeserver"
+	"github.com/matrix-org/policyserv/internal"
 	"github.com/matrix-org/policyserv/queue"
+	"github.com/matrix-org/policyserv/storage"
 	"github.com/matrix-org/policyserv/test"
 	"github.com/stretchr/testify/assert"
 )
@@ -53,7 +56,7 @@ func makeApi(t *testing.T) *Api {
 
 	api, err := NewApi(&Config{
 		ApiKey: testApiKey,
-	}, db, hs)
+	}, db, hs, communityManager)
 	assert.NoError(t, err)
 	assert.NotNil(t, api)
 
@@ -112,3 +115,68 @@ func TestAuthenticatedApi(t *testing.T) {
 	assert.Equal(t, w.Code, http.StatusOK)
 	assert.True(t, called)
 }
+
+func TestCommunityAuthenticatedApiNoAuth(t *testing.T) {
+	t.Parallel()
+
+	api := makeApi(t)
+
+	w := httptest.NewRecorder()
+	r := httptest.NewRequest(http.MethodGet, "/example", nil)
+	//r.Header.Set("Authorization", "Bearer WRONG_TOKEN") // we don't want auth on this test, so don't set it
+	upstream := func(a *Api, c *storage.StoredCommunity, w http.ResponseWriter, r *http.Request) {
+		assert.Fail(t, "should not be called")
+	}
+	handler := api.httpCommunityAuthenticatedRequestHandler(upstream)
+	handler.ServeHTTP(w, r)
+	assert.Equal(t, w.Code, http.StatusUnauthorized)
+	test.AssertApiError(t, w, "M_UNAUTHORIZED", "Not allowed")
+}
+
+func TestCommunityAuthenticatedApiWrongAuth(t *testing.T) {
+	t.Parallel()
+
+	api := makeApi(t)
+
+	w := httptest.NewRecorder()
+	r := httptest.NewRequest(http.MethodGet, "/example", nil)
+	r.Header.Set("Authorization", "Bearer WRONG_TOKEN")
+	upstream := func(a *Api, c *storage.StoredCommunity, w http.ResponseWriter, r *http.Request) {
+		assert.Fail(t, "should not be called")
+	}
+	handler := api.httpCommunityAuthenticatedRequestHandler(upstream)
+	handler.ServeHTTP(w, r)
+	assert.Equal(t, w.Code, http.StatusUnauthorized)
+	test.AssertApiError(t, w, "M_UNAUTHORIZED", "Not allowed")
+}
+
+func createCommunityWithAccessToken(t *testing.T, api *Api) *storage.StoredCommunity {
+	serverCommunity, err := api.storage.CreateCommunity(context.Background(), "Test Community")
+	assert.NoError(t, err)
+	assert.NotNil(t, serverCommunity)
+	serverCommunity.ApiAccessToken = internal.Pointer("pst_TESTING_COMMUNITY")
+	err = api.storage.UpsertCommunity(context.Background(), serverCommunity)
+	assert.NoError(t, err)
+	return serverCommunity
+}
+
+func TestCommunityAuthenticatedApi(t *testing.T) {
+	t.Parallel()
+
+	api := makeApi(t)
+	serverCommunity := createCommunityWithAccessToken(t, api)
+
+	w := httptest.NewRecorder()
+	r := httptest.NewRequest(http.MethodGet, "/example", nil)
+	r.Header.Set("Authorization", "Bearer "+internal.Dereference(serverCommunity.ApiAccessToken))
+	called := false
+	upstream := func(a *Api, c *storage.StoredCommunity, w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, serverCommunity, c)
+		called = true
+		w.WriteHeader(http.StatusOK)
+	}
+	handler := api.httpCommunityAuthenticatedRequestHandler(upstream)
+	handler.ServeHTTP(w, r)
+	assert.Equal(t, w.Code, http.StatusOK)
+	assert.True(t, called)
+}

api/http_api_communities.go

@@ -1,10 +1,13 @@
 package api
 
 import (
+	"crypto/rand"
+	"fmt"
 	"net/http"
 	"strings"
 
 	"github.com/matrix-org/policyserv/config"
+	"github.com/matrix-org/policyserv/internal"
 	"github.com/matrix-org/policyserv/metrics"
 )
 
@@ -124,3 +127,46 @@ func httpSetCommunityConfigApi(api *Api, w http.ResponseWriter, r *http.Request)
 		return
 	}
 }
+
+func httpRotateCommunityAccessTokenApi(api *Api, w http.ResponseWriter, r *http.Request) {
+	metrics.RecordHttpRequest(r.Method, "httpRotateCommunityAccessTokenApi")
+	t := metrics.StartRequestTimer(r.Method, "httpRotateCommunityAccessTokenApi")
+	defer t.ObserveDuration()
+
+	errs := newErrorResponder("httpRotateCommunityAccessTokenApi", w, r)
+
+	if r.Method != http.MethodPost {
+		errs.text(http.StatusMethodNotAllowed, "M_UNRECOGNIZED", "Method not allowed")
+		return
+	}
+
+	id := r.PathValue("id")
+	community, err := api.storage.GetCommunity(r.Context(), id)
+	if err != nil {
+		errs.err(http.StatusInternalServerError, "M_UNKNOWN", err)
+		return
+	}
+	if community == nil {
+		errs.text(http.StatusNotFound, "M_NOT_FOUND", "Community not found")
+		return
+	}
+
+	oldAccessToken := internal.Dereference(community.ApiAccessToken)
+
+	newAccessToken := fmt.Sprintf("pst_%s", rand.Text())
+	community.ApiAccessToken = internal.Pointer(newAccessToken)
+	err = api.storage.UpsertCommunity(r.Context(), community)
+	if err != nil {
+		errs.err(http.StatusInternalServerError, "M_UNKNOWN", err)
+		return
+	}
+
+	err = respondJson("httpRotateCommunityAccessTokenApi", r, w, map[string]string{
+		"old_access_token": oldAccessToken,
+		"new_access_token": newAccessToken,
+	})
+	if err != nil {
+		errs.err(http.StatusInternalServerError, "M_UNKNOWN", err)
+		return
+	}
+}

api/http_api_communities_test.go

@@ -9,6 +9,7 @@ import (
 	"testing"
 
 	"github.com/matrix-org/policyserv/config"
+	"github.com/matrix-org/policyserv/internal"
 	"github.com/matrix-org/policyserv/storage"
 	"github.com/matrix-org/policyserv/test"
 	"github.com/stretchr/testify/assert"
@@ -75,13 +76,15 @@ func TestCreateCommunityCreate(t *testing.T) {
 	assert.Equal(t, communityName, community.Name)
 	assert.NotEmpty(t, community.CommunityId)
 	assert.NotNil(t, community.Config)
+	assert.Nil(t, community.ApiAccessToken) // no access token should be set on creation
 
 	// Ensure it was also stored
 	fromDb, err := api.storage.GetCommunity(context.Background(), community.CommunityId)
 	assert.NoError(t, err)
 	assert.NotNil(t, fromDb)
 	assert.Equal(t, communityName, fromDb.Name)
 	assert.Equal(t, community.CommunityId, fromDb.CommunityId)
+	assert.Nil(t, fromDb.ApiAccessToken) // no access token should be set on creation
 
 	// Note: we can't (currently) test that errors during database calls and HTTP responses are handled. A future test
 	// case *should* cover this.
@@ -124,6 +127,12 @@ func TestGetCommunity(t *testing.T) {
 	assert.NotEmpty(t, community.CommunityId)
 	assert.Equal(t, name, community.Name)
 
+	// Set an access token for the community. This is to ensure we don't leak it through the request.
+	community.ApiAccessToken = internal.Pointer("pst_TESTING")
+	err = api.storage.UpsertCommunity(context.Background(), community)
+	assert.NoError(t, err)
+	community.ApiAccessToken = nil // so the assert.Equal() passes later
+
 	w := httptest.NewRecorder()
 	r := httptest.NewRequest(http.MethodGet, "/api/v1/communities/"+community.CommunityId, nil)
 	r.SetPathValue("id", community.CommunityId)
@@ -178,6 +187,12 @@ func TestSetCommunityConfig(t *testing.T) {
 	assert.NotEmpty(t, community.CommunityId)
 	assert.Equal(t, name, community.Name)
 
+	// Set an access token for the community. This is to ensure we don't leak it through the request.
+	community.ApiAccessToken = internal.Pointer("pst_TESTING")
+	err = api.storage.UpsertCommunity(context.Background(), community)
+	assert.NoError(t, err)
+	community.ApiAccessToken = nil // so the assert.Equal() passes later
+
 	cnf := &config.CommunityConfig{
 		KeywordFilterKeywords: &[]string{"keyword1", "keyword2"},
 	}
@@ -196,3 +211,74 @@ func TestSetCommunityConfig(t *testing.T) {
 	// Note: we can't (currently) test that errors during database calls and HTTP responses are handled. A future test
 	// case *should* cover this.
 }
+
+func TestRotateCommunityAccessTokenWrongMethod(t *testing.T) {
+	t.Parallel()
+
+	api := makeApi(t)
+
+	w := httptest.NewRecorder()
+	r := httptest.NewRequest(http.MethodGet /*this should be POST*/, "/api/v1/communities/not_a_real_id/rotate_access_token", nil)
+	httpSetCommunityConfigApi(api, w, r)
+	assert.Equal(t, http.StatusMethodNotAllowed, w.Code)
+	test.AssertApiError(t, w, "M_UNRECOGNIZED", "Method not allowed")
+}
+
+func TestRotateCommunityAccessTokenNotFound(t *testing.T) {
+	t.Parallel()
+
+	api := makeApi(t)
+
+	cnf := &config.CommunityConfig{
+		KeywordFilterKeywords: &[]string{"keyword1", "keyword2"},
+	}
+	w := httptest.NewRecorder()
+	r := httptest.NewRequest(http.MethodPost, "/api/v1/communities/not_a_real_id/rotate_access_token", test.MakeJsonBody(t, cnf))
+	r.SetPathValue("id", "not_a_real_id")
+	httpSetCommunityConfigApi(api, w, r)
+	assert.Equal(t, http.StatusNotFound, w.Code)
+	test.AssertApiError(t, w, "M_NOT_FOUND", "Community not found")
+}
+
+func TestRotateCommunityAccessToken(t *testing.T) {
+	t.Parallel()
+
+	api := makeApi(t)
+
+	name := "Test Community"
+	community, err := api.storage.CreateCommunity(context.Background(), name)
+	assert.NoError(t, err)
+	assert.NotNil(t, community)
+	assert.NotEmpty(t, community.CommunityId)
+	assert.Equal(t, name, community.Name)
+	assert.Nil(t, community.ApiAccessToken) // should be created without an access token
+
+	// First rotation should have an empty "old_access_token" and a non-empty "new_access_token"
+	w := httptest.NewRecorder()
+	r := httptest.NewRequest(http.MethodPost, "/api/v1/communities/"+community.CommunityId+"/rotate_access_token", nil)
+	r.SetPathValue("id", community.CommunityId)
+	httpRotateCommunityAccessTokenApi(api, w, r)
+	assert.Equal(t, http.StatusOK, w.Code)
+	fromRes := make(map[string]string)
+	err = json.Unmarshal(w.Body.Bytes(), &fromRes)
+	assert.NoError(t, err)
+	assert.Empty(t, fromRes["old_access_token"])
+	assert.NotEmpty(t, fromRes["new_access_token"])
+
+	// Verify the access token was persisted by the HTTP handler
+	accessToken := fromRes["new_access_token"]
+	fromDb, err := api.storage.GetCommunity(context.Background(), community.CommunityId)
+	assert.NoError(t, err)
+	assert.NotNil(t, fromDb)
+	assert.Equal(t, accessToken, internal.Dereference(fromDb.ApiAccessToken))
+
+	// Second rotation should reference what was the last request's "new" access token and generate yet another new one
+	w = httptest.NewRecorder()
+	httpRotateCommunityAccessTokenApi(api, w, r)
+	assert.Equal(t, http.StatusOK, w.Code)
+	fromRes = make(map[string]string)
+	err = json.Unmarshal(w.Body.Bytes(), &fromRes)
+	assert.NoError(t, err)
+	assert.Equal(t, accessToken, fromRes["old_access_token"]) // old token should match previous rotation
+	assert.NotEmpty(t, fromRes["new_access_token"])
+}