summary refs log tree commit diff
path: root/synapse
diff options
context:
space:
mode:
Diffstat (limited to 'synapse')
-rw-r--r--synapse/config/experimental.py12
-rw-r--r--synapse/http/server.py5
-rw-r--r--synapse/rest/client/rendezvous.py16
-rw-r--r--synapse/rest/client/versions.py9
-rw-r--r--synapse/rest/synapse/client/__init__.py4
-rw-r--r--synapse/rest/synapse/client/rendezvous.py58
-rw-r--r--synapse/server.py5
-rw-r--r--synapse/synapse_rust/rendezvous.pyi30
8 files changed, 134 insertions, 5 deletions
diff --git a/synapse/config/experimental.py b/synapse/config/experimental.py
index 353ae23f91..baa3580f29 100644
--- a/synapse/config/experimental.py
+++ b/synapse/config/experimental.py
@@ -413,12 +413,22 @@ class ExperimentalConfig(Config):
         )
 
         # MSC4108: Mechanism to allow OIDC sign in and E2EE set up via QR code
+        self.msc4108_enabled = experimental.get("msc4108_enabled", False)
+
         self.msc4108_delegation_endpoint: Optional[str] = experimental.get(
             "msc4108_delegation_endpoint", None
         )
 
-        if self.msc4108_delegation_endpoint is not None and not self.msc3861.enabled:
+        if (
+            self.msc4108_enabled or self.msc4108_delegation_endpoint is not None
+        ) and not self.msc3861.enabled:
             raise ConfigError(
                 "MSC4108 requires MSC3861 to be enabled",
                 ("experimental", "msc4108_delegation_endpoint"),
             )
+
+        if self.msc4108_delegation_endpoint is not None and self.msc4108_enabled:
+            raise ConfigError(
+                "You cannot have MSC4108 both enabled and delegated at the same time",
+                ("experimental", "msc4108_delegation_endpoint"),
+            )
diff --git a/synapse/http/server.py b/synapse/http/server.py
index 45b2cbffcd..211795dc39 100644
--- a/synapse/http/server.py
+++ b/synapse/http/server.py
@@ -909,8 +909,9 @@ def set_cors_headers(request: "SynapseRequest") -> None:
     request.setHeader(
         b"Access-Control-Allow-Methods", b"GET, HEAD, POST, PUT, DELETE, OPTIONS"
     )
-    if request.path is not None and request.path.startswith(
-        b"/_matrix/client/unstable/org.matrix.msc4108/rendezvous"
+    if request.path is not None and (
+        request.path == b"/_matrix/client/unstable/org.matrix.msc4108/rendezvous"
+        or request.path.startswith(b"/_synapse/client/rendezvous")
     ):
         request.setHeader(
             b"Access-Control-Allow-Headers",
diff --git a/synapse/rest/client/rendezvous.py b/synapse/rest/client/rendezvous.py
index ed06a29987..143f057651 100644
--- a/synapse/rest/client/rendezvous.py
+++ b/synapse/rest/client/rendezvous.py
@@ -97,9 +97,25 @@ class MSC4108DelegationRendezvousServlet(RestServlet):
         )
 
 
+class MSC4108RendezvousServlet(RestServlet):
+    PATTERNS = client_patterns(
+        "/org.matrix.msc4108/rendezvous$", releases=[], v1=False, unstable=True
+    )
+
+    def __init__(self, hs: "HomeServer") -> None:
+        super().__init__()
+        self._handler = hs.get_rendezvous_handler()
+
+    def on_POST(self, request: SynapseRequest) -> None:
+        self._handler.handle_post(request)
+
+
 def register_servlets(hs: "HomeServer", http_server: HttpServer) -> None:
     if hs.config.experimental.msc3886_endpoint is not None:
         MSC3886RendezvousServlet(hs).register(http_server)
 
+    if hs.config.experimental.msc4108_enabled:
+        MSC4108RendezvousServlet(hs).register(http_server)
+
     if hs.config.experimental.msc4108_delegation_endpoint is not None:
         MSC4108DelegationRendezvousServlet(hs).register(http_server)
diff --git a/synapse/rest/client/versions.py b/synapse/rest/client/versions.py
index 638d4c45ae..fa453a3b02 100644
--- a/synapse/rest/client/versions.py
+++ b/synapse/rest/client/versions.py
@@ -141,8 +141,13 @@ class VersionsRestServlet(RestServlet):
                     # Allows clients to handle push for encrypted events.
                     "org.matrix.msc4028": self.config.experimental.msc4028_push_encrypted_events,
                     # MSC4108: Mechanism to allow OIDC sign in and E2EE set up via QR code
-                    "org.matrix.msc4108": self.config.experimental.msc4108_delegation_endpoint
-                    is not None,
+                    "org.matrix.msc4108": (
+                        self.config.experimental.msc4108_enabled
+                        or (
+                            self.config.experimental.msc4108_delegation_endpoint
+                            is not None
+                        )
+                    ),
                 },
             },
         )
diff --git a/synapse/rest/synapse/client/__init__.py b/synapse/rest/synapse/client/__init__.py
index 31544867d4..ba6576d4db 100644
--- a/synapse/rest/synapse/client/__init__.py
+++ b/synapse/rest/synapse/client/__init__.py
@@ -26,6 +26,7 @@ from twisted.web.resource import Resource
 from synapse.rest.synapse.client.new_user_consent import NewUserConsentResource
 from synapse.rest.synapse.client.pick_idp import PickIdpResource
 from synapse.rest.synapse.client.pick_username import pick_username_resource
+from synapse.rest.synapse.client.rendezvous import MSC4108RendezvousSessionResource
 from synapse.rest.synapse.client.sso_register import SsoRegisterResource
 from synapse.rest.synapse.client.unsubscribe import UnsubscribeResource
 
@@ -76,6 +77,9 @@ def build_synapse_client_resource_tree(hs: "HomeServer") -> Mapping[str, Resourc
         # To be removed in Synapse v1.32.0.
         resources["/_matrix/saml2"] = res
 
+    if hs.config.experimental.msc4108_enabled:
+        resources["/_synapse/client/rendezvous"] = MSC4108RendezvousSessionResource(hs)
+
     return resources
 
 
diff --git a/synapse/rest/synapse/client/rendezvous.py b/synapse/rest/synapse/client/rendezvous.py
new file mode 100644
index 0000000000..5216d30d1f
--- /dev/null
+++ b/synapse/rest/synapse/client/rendezvous.py
@@ -0,0 +1,58 @@
+#
+# This file is licensed under the Affero General Public License (AGPL) version 3.
+#
+# Copyright (C) 2024 New Vector, Ltd
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as
+# published by the Free Software Foundation, either version 3 of the
+# License, or (at your option) any later version.
+#
+# See the GNU Affero General Public License for more details:
+# <https://www.gnu.org/licenses/agpl-3.0.html>.
+#
+#
+
+import logging
+from typing import TYPE_CHECKING, List
+
+from synapse.api.errors import UnrecognizedRequestError
+from synapse.http.server import DirectServeJsonResource
+from synapse.http.site import SynapseRequest
+
+if TYPE_CHECKING:
+    from synapse.server import HomeServer
+
+logger = logging.getLogger(__name__)
+
+
+class MSC4108RendezvousSessionResource(DirectServeJsonResource):
+    isLeaf = True
+
+    def __init__(self, hs: "HomeServer") -> None:
+        super().__init__()
+        self._handler = hs.get_rendezvous_handler()
+
+    async def _async_render_GET(self, request: SynapseRequest) -> None:
+        postpath: List[bytes] = request.postpath  # type: ignore
+        if len(postpath) != 1:
+            raise UnrecognizedRequestError()
+        session_id = postpath[0].decode("ascii")
+
+        self._handler.handle_get(request, session_id)
+
+    def _async_render_PUT(self, request: SynapseRequest) -> None:
+        postpath: List[bytes] = request.postpath  # type: ignore
+        if len(postpath) != 1:
+            raise UnrecognizedRequestError()
+        session_id = postpath[0].decode("ascii")
+
+        self._handler.handle_put(request, session_id)
+
+    def _async_render_DELETE(self, request: SynapseRequest) -> None:
+        postpath: List[bytes] = request.postpath  # type: ignore
+        if len(postpath) != 1:
+            raise UnrecognizedRequestError()
+        session_id = postpath[0].decode("ascii")
+
+        self._handler.handle_delete(request, session_id)
diff --git a/synapse/server.py b/synapse/server.py
index 6d5a18fb1d..95e319d2e6 100644
--- a/synapse/server.py
+++ b/synapse/server.py
@@ -143,6 +143,7 @@ from synapse.state import StateHandler, StateResolutionHandler
 from synapse.storage import Databases
 from synapse.storage.controllers import StorageControllers
 from synapse.streams.events import EventSources
+from synapse.synapse_rust.rendezvous import RendezvousHandler
 from synapse.types import DomainSpecificString, ISynapseReactor
 from synapse.util import Clock
 from synapse.util.distributor import Distributor
@@ -860,6 +861,10 @@ class HomeServer(metaclass=abc.ABCMeta):
         return RoomForgetterHandler(self)
 
     @cache_in_self
+    def get_rendezvous_handler(self) -> RendezvousHandler:
+        return RendezvousHandler(self)
+
+    @cache_in_self
     def get_outbound_redis_connection(self) -> "ConnectionHandler":
         """
         The Redis connection used for replication.
diff --git a/synapse/synapse_rust/rendezvous.pyi b/synapse/synapse_rust/rendezvous.pyi
new file mode 100644
index 0000000000..03eae3a196
--- /dev/null
+++ b/synapse/synapse_rust/rendezvous.pyi
@@ -0,0 +1,30 @@
+# This file is licensed under the Affero General Public License (AGPL) version 3.
+#
+# Copyright (C) 2024 New Vector, Ltd
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as
+# published by the Free Software Foundation, either version 3 of the
+# License, or (at your option) any later version.
+#
+# See the GNU Affero General Public License for more details:
+# <https://www.gnu.org/licenses/agpl-3.0.html>.
+
+from twisted.web.iweb import IRequest
+
+from synapse.server import HomeServer
+
+class RendezvousHandler:
+    def __init__(
+        self,
+        homeserver: HomeServer,
+        /,
+        capacity: int = 100,
+        max_content_length: int = 4 * 1024,  # MSC4108 specifies 4KB
+        eviction_interval: int = 60 * 1000,
+        ttl: int = 60 * 1000,
+    ) -> None: ...
+    def handle_post(self, request: IRequest) -> None: ...
+    def handle_get(self, request: IRequest, session_id: str) -> None: ...
+    def handle_put(self, request: IRequest, session_id: str) -> None: ...
+    def handle_delete(self, request: IRequest, session_id: str) -> None: ...