Merge pull request #761 from the-draupnir-project/gnuxie/room-takedown

Support for room policies with hashed entity  and `org.matrix.msc4204.takedown` recommendation in Synapse

Story: the-draupnir-project/planning#41
documentation: https://the-draupnir-project.github.io/draupnir-documentation/protections/room-takedown-protection

This PR introduces room takedown functionality into Draupnir.
A new `draupnir takedown` command is added similar to the ban command, but marks entities to be taken down. Because the content is illegal or intolerable. To begin with we only allow takedown of rooms. These takedown policies are sharable with policy lists just like normal bans.

Draupnir responds to takedown policies on Synapse by calling the [room shutdown](https://element-hq.github.io/synapse/latest/admin_api/rooms.html#version-2-new-version) API with the options `block` and `purge`.

The policies that are created by the takedown command are hashed, and this is in order to prevent the room id's being shared directly, and so that we do not create a directory of intolerable content. To be able to use the policies, draupnir therefore needs to be aware of all the rooms that the homeserver is participating in, in order to calculate their hashes and find matching policies, and then takedown the marked rooms.

As part of this process, Draupnir has to "discover" the rooms your server is participating in. This is done via the [synapse-http-antispam](https://the-draupnir-project.github.io/draupnir-documentation/bot/synapse-http-antispam) recently added to draupnir. When draupnir discovers rooms, it will prompt the management room with a notification with some details of the title, room description, and creator. This functionality will be toggleable but will be strongly recommended for servers that have public registration

Author: Gnuxie

package.json

@@ -53,7 +53,7 @@
     "@sentry/node": "^7.17.2",
     "@sinclair/typebox": "0.34.13",
     "@the-draupnir-project/interface-manager": "4.0.2",
-    "@the-draupnir-project/matrix-basic-types": "1.2.0",
+    "@the-draupnir-project/matrix-basic-types": "1.3.0",
     "better-sqlite3": "^9.4.3",
     "body-parser": "^1.20.2",
     "config": "^3.3.9",
@@ -63,8 +63,8 @@
     "jsdom": "^24.0.0",
     "matrix-appservice-bridge": "^10.3.1",
     "matrix-bot-sdk": "npm:@vector-im/matrix-bot-sdk@^0.7.1-element.6",
-    "matrix-protection-suite": "npm:@gnuxie/matrix-protection-suite@2.10.0",
-    "matrix-protection-suite-for-matrix-bot-sdk": "npm:@gnuxie/matrix-protection-suite-for-matrix-bot-sdk@2.10.1",
+    "matrix-protection-suite": "npm:@gnuxie/matrix-protection-suite@3.0.0",
+    "matrix-protection-suite-for-matrix-bot-sdk": "npm:@gnuxie/matrix-protection-suite-for-matrix-bot-sdk@3.0.0",
     "pg": "^8.8.0",
     "yaml": "^2.3.2"
   },

src/Draupnir.ts

@@ -82,6 +82,7 @@ import {
   makeConfirmationPromptListener,
 } from "./commands/interface-manager/MatrixPromptForConfirmation";
 import { SynapseHttpAntispam } from "./webapis/SynapseHTTPAntispam/SynapseHttpAntispam";
+import { DraupnirStores } from "./backingstore/DraupnirStores";
 const log = new Logger("Draupnir");
 
 // webAPIS should not be included on the Draupnir class.
@@ -145,6 +146,7 @@ export class Draupnir implements Client, MatrixAdaptorContext {
     public readonly acceptInvitesFromRoom: MatrixRoomID,
     public readonly acceptInvitesFromRoomIssuer: RoomMembershipRevisionIssuer,
     public readonly safeModeToggle: SafeModeToggle,
+    public readonly stores: DraupnirStores,
     public readonly synapseAdminClient: SynapseAdminClient | undefined,
     public readonly synapseHTTPAntispam: SynapseHttpAntispam | undefined
   ) {
@@ -212,6 +214,7 @@ export class Draupnir implements Client, MatrixAdaptorContext {
     config: IConfig,
     loggableConfigTracker: LoggableConfigTracker,
     safeModeToggle: SafeModeToggle,
+    stores: DraupnirStores,
     synapseHTTPAntispam: SynapseHttpAntispam | undefined
   ): Promise<ActionResult<Draupnir>> {
     const acceptInvitesFromRoom = await (async () => {
@@ -270,6 +273,7 @@ export class Draupnir implements Client, MatrixAdaptorContext {
       acceptInvitesFromRoom.ok,
       acceptInvitesFromRoomIssuer.ok,
       safeModeToggle,
+      stores,
       new SynapseAdminClient(client, clientUserID),
       synapseHTTPAntispam
     );
@@ -388,6 +392,7 @@ export class Draupnir implements Client, MatrixAdaptorContext {
     this.clientRooms.off("timeline", this.timelineEventListener);
     this.reportPoller?.stop();
     this.protectedRoomsSet.unregisterListeners();
+    this.stores.dispose();
   }
 
   public createRoomReference(roomID: StringRoomID): MatrixRoomID {

src/DraupnirBotMode.ts

@@ -11,7 +11,6 @@
 import {
   StandardClientsInRoomMap,
   DefaultEventDecoder,
-  RoomStateBackingStore,
   ClientsInRoomMap,
   Task,
   Logger,
@@ -48,12 +47,16 @@ import { SafeModeDraupnir } from "./safemode/DraupnirSafeMode";
 import { ResultError } from "@gnuxie/typescript-result";
 import { SafeModeCause, SafeModeReason } from "./safemode/SafeModeCause";
 import { SafeModeBootOption } from "./safemode/BootOption";
-import { SynapseHttpAntispam } from "./webapis/SynapseHTTPAntispam/SynapseHttpAntispam";
+import { TopLevelStores } from "./backingstore/DraupnirStores";
 
 const log = new Logger("DraupnirBotMode");
 
 export function constructWebAPIs(draupnir: Draupnir): WebAPIs {
-  return new WebAPIs(draupnir.reportManager, draupnir.config);
+  return new WebAPIs(
+    draupnir.reportManager,
+    draupnir.config,
+    draupnir.synapseHTTPAntispam
+  );
 }
 
 /**
@@ -74,20 +77,13 @@ interface BotModeTogle extends SafeModeToggle {
     error: ResultError,
     options?: SafeModeToggleOptions
   ): Promise<Result<SafeModeDraupnir>>;
-  // The SynapseHTTPAntispam listeners, if available.
-  // Which they won't be for some bot mode and all application service users.
-  readonly synapseHTTPAntispam: SynapseHttpAntispam | undefined;
 }
 
 export class DraupnirBotModeToggle implements BotModeTogle {
   private draupnir: Draupnir | null = null;
   private safeModeDraupnir: SafeModeDraupnir | null = null;
   private webAPIs: WebAPIs | null = null;
 
-  public get synapseHTTPAntispam() {
-    return this.webAPIs?.synapseHTTPAntispam ?? undefined;
-  }
-
   private constructor(
     private readonly clientUserID: StringUserID,
     private readonly managementRoom: MatrixRoomID,
@@ -113,7 +109,7 @@ export class DraupnirBotModeToggle implements BotModeTogle {
     client: MatrixSendClient,
     matrixEmitter: SafeMatrixEmitter,
     config: IConfig,
-    backingStore?: RoomStateBackingStore
+    stores: TopLevelStores
   ): Promise<DraupnirBotModeToggle> {
     const clientUserID = await client.getUserId();
     if (!isStringUserID(clientUserID)) {
@@ -163,13 +159,15 @@ export class DraupnirBotModeToggle implements BotModeTogle {
       clientsInRoomMap,
       clientProvider,
       DefaultEventDecoder,
-      backingStore
+      stores.roomStateBackingStore,
+      stores.hashStore
     );
     const draupnirFactory = new DraupnirFactory(
       clientsInRoomMap,
       clientCapabilityFactory,
       clientProvider,
-      roomStateManagerFactory
+      roomStateManagerFactory,
+      stores
     );
     return new DraupnirBotModeToggle(
       clientUserID,

src/appservice/AppService.ts

@@ -35,7 +35,6 @@ import {
   ClientsInRoomMap,
   DefaultEventDecoder,
   EventDecoder,
-  RoomStateBackingStore,
   StandardClientsInRoomMap,
   Task,
   isError,
@@ -49,6 +48,7 @@ import {
   StringUserID,
 } from "@the-draupnir-project/matrix-basic-types";
 import { SqliteRoomStateBackingStore } from "../backingstore/better-sqlite3/SqliteRoomStateBackingStore";
+import { TopLevelStores } from "../backingstore/DraupnirStores";
 
 const log = new Logger("AppService");
 /**
@@ -100,7 +100,7 @@ export class MjolnirAppService {
     dataStore: DataStore,
     eventDecoder: EventDecoder,
     registrationFilePath: string,
-    backingStore?: RoomStateBackingStore
+    stores: TopLevelStores
   ) {
     const bridge = new Bridge({
       homeserverUrl: config.homeserver.url,
@@ -128,7 +128,8 @@ export class MjolnirAppService {
       clientsInRoomMap,
       clientProvider,
       eventDecoder,
-      backingStore
+      stores.roomStateBackingStore,
+      stores.hashStore
     );
     const clientCapabilityFactory = new ClientCapabilityFactory(
       clientsInRoomMap,
@@ -190,6 +191,7 @@ export class MjolnirAppService {
       bridge,
       accessControl,
       roomStateManagerFactory,
+      stores,
       clientCapabilityFactory,
       clientProvider,
       instanceCountGauge
@@ -239,7 +241,7 @@ export class MjolnirAppService {
       dataStore,
       DefaultEventDecoder,
       registrationFilePath,
-      backingStore
+      { roomStateBackingStore: backingStore } // we don't support any stores in appservice atm except backing store.
     );
     // The call to `start` MUST happen last. As it needs the datastore, and the mjolnir manager to be initialized before it can process events from the homeserver.
     await service.start(port);

src/appservice/AppServiceDraupnirManager.ts

@@ -45,6 +45,7 @@ import {
   userLocalpart,
   isStringRoomID,
 } from "@the-draupnir-project/matrix-basic-types";
+import { TopLevelStores } from "../backingstore/DraupnirStores";
 
 const log = new Logger("AppServiceDraupnirManager");
 
@@ -63,6 +64,7 @@ export class AppServiceDraupnirManager {
     private readonly bridge: Bridge,
     private readonly accessControl: AccessControl,
     private readonly roomStateManagerFactory: RoomStateManagerFactory,
+    stores: TopLevelStores,
     private readonly clientCapabilityFactory: ClientCapabilityFactory,
     clientProvider: ClientForUserID,
     private readonly instanceCountGauge: Gauge<"status" | "uuid">
@@ -71,7 +73,8 @@ export class AppServiceDraupnirManager {
       this.roomStateManagerFactory.clientsInRoomMap,
       this.clientCapabilityFactory,
       clientProvider,
-      this.roomStateManagerFactory
+      this.roomStateManagerFactory,
+      stores
     );
     this.baseManager = new StandardDraupnirManager(draupnirFactory);
   }
@@ -93,6 +96,7 @@ export class AppServiceDraupnirManager {
     bridge: Bridge,
     accessControl: AccessControl,
     roomStateManagerFactory: RoomStateManagerFactory,
+    stores: TopLevelStores,
     clientCapabilityFactory: ClientCapabilityFactory,
     clientProvider: ClientForUserID,
     instanceCountGauge: Gauge<"status" | "uuid">
@@ -103,6 +107,7 @@ export class AppServiceDraupnirManager {
       bridge,
       accessControl,
       roomStateManagerFactory,
+      stores,
       clientCapabilityFactory,
       clientProvider,
       instanceCountGauge

src/backingstore/DraupnirStores.ts

@@ -0,0 +1,61 @@
+// SPDX-FileCopyrightText: 2025 Gnuxie <[email protected]>
+//
+// SPDX-License-Identifier: Apache-2.0
+
+import { EventDecoder, SHA256HashStore } from "matrix-protection-suite";
+import { RoomAuditLog } from "../protections/RoomTakedown/RoomAuditLog";
+import { SqliteRoomStateBackingStore } from "./better-sqlite3/SqliteRoomStateBackingStore";
+import { SqliteHashReversalStore } from "./better-sqlite3/HashStore";
+import { SqliteRoomAuditLog } from "../protections/RoomTakedown/SqliteRoomAuditLog";
+
+export type TopLevelStores = {
+  hashStore?: SHA256HashStore;
+  roomAuditLog?: RoomAuditLog | undefined;
+  roomStateBackingStore?: SqliteRoomStateBackingStore | undefined;
+};
+
+/**
+ * These stores will usually be created at the entrypoint of the draupnir
+ * application or attenuated for each draupnir.
+ *
+ * No i don't like it. Some of these stores ARE specific to the draupnir
+ * such as the hasStore's event emitter... that just can't be mixed.
+ *
+ * We could create a wrapper that disposes of only the stores that
+ * have been attenuated... but i don't know about it.
+ */
+export type DraupnirStores = {
+  hashStore?: SHA256HashStore | undefined;
+  roomAuditLog?: RoomAuditLog | undefined;
+  /**
+   * Dispose of stores relevant to a specific draupnir instance.
+   * For example, the hash store is usually specific to a single draupnir.
+   */
+  dispose(): void;
+};
+
+export function createDraupnirStores(
+  topLevelStores: TopLevelStores
+): DraupnirStores {
+  return Object.freeze({
+    roomAuditLog: topLevelStores.roomAuditLog,
+    hashStore: topLevelStores.hashStore,
+    dispose() {},
+  } satisfies DraupnirStores);
+}
+
+export function makeTopLevelStores(
+  storagePath: string,
+  eventDecoder: EventDecoder,
+  {
+    isRoomStateBackingStoreEnabled,
+  }: { isRoomStateBackingStoreEnabled: boolean }
+): TopLevelStores {
+  return Object.freeze({
+    roomStateBackingStore: isRoomStateBackingStoreEnabled
+      ? SqliteRoomStateBackingStore.create(storagePath, eventDecoder)
+      : undefined,
+    hashStore: SqliteHashReversalStore.createToplevel(storagePath),
+    roomAuditLog: SqliteRoomAuditLog.createToplevel(storagePath),
+  } satisfies TopLevelStores);
+}