From c5b72e6f002a637d542068be88d70936150c8818 Mon Sep 17 00:00:00 2001
From: Rory& <root@rory.gay>
Date: Sun, 31 Dec 2023 12:00:40 +0100
Subject: Add auth, start of commit script

---
 ModAS.Server/Attributes/UserAuthAttribute.cs       |  27 +++++
 ModAS.Server/Authentication/AuthMiddleware.cs      |  82 +++++++++++++
 ModAS.Server/Authentication/AuthUser.cs            |   9 ++
 .../Controllers/Admin/RoomQueryController.cs       | 135 +++++++++++++++++++++
 .../Controllers/AppService/PingController.cs       |  73 +++++++++++
 .../AppService/TransactionsController.cs           |  23 ++--
 ModAS.Server/Controllers/Debug/DebugController.cs  | 120 ++++++++++++++++++
 ModAS.Server/Controllers/DebugController.cs        | 104 ----------------
 ModAS.Server/Controllers/HomeController.cs         |  11 +-
 ModAS.Server/Controllers/RoomQueryController.cs    | 135 ---------------------
 ModAS.Server/Extensions/RequestHeaderExtensinos.cs |  17 +++
 ModAS.Server/ModAS.Server.csproj                   |   1 +
 ModAS.Server/Program.cs                            |   8 +-
 ModAS.Server/Services/AuthenticationService.cs     |  31 +++--
 ModAS.Server/Services/ModASConfiguration.cs        |   5 +
 ModAS.Server/Services/PingTask.cs                  |   9 ++
 ModAS.Server/Version.cs                            |   5 +
 ModAS.Server/appsettings.Development.json          |   3 +-
 commit                                             |  11 ++
 19 files changed, 532 insertions(+), 277 deletions(-)
 create mode 100644 ModAS.Server/Attributes/UserAuthAttribute.cs
 create mode 100644 ModAS.Server/Authentication/AuthMiddleware.cs
 create mode 100644 ModAS.Server/Authentication/AuthUser.cs
 create mode 100644 ModAS.Server/Controllers/Admin/RoomQueryController.cs
 create mode 100644 ModAS.Server/Controllers/AppService/PingController.cs
 create mode 100644 ModAS.Server/Controllers/Debug/DebugController.cs
 delete mode 100644 ModAS.Server/Controllers/DebugController.cs
 delete mode 100644 ModAS.Server/Controllers/RoomQueryController.cs
 create mode 100644 ModAS.Server/Extensions/RequestHeaderExtensinos.cs
 create mode 100644 ModAS.Server/Services/PingTask.cs
 create mode 100644 ModAS.Server/Version.cs
 create mode 100755 commit

diff --git a/ModAS.Server/Attributes/UserAuthAttribute.cs b/ModAS.Server/Attributes/UserAuthAttribute.cs
new file mode 100644
index 0000000..ef8295a
--- /dev/null
+++ b/ModAS.Server/Attributes/UserAuthAttribute.cs
@@ -0,0 +1,27 @@
+using System.Text.Json;
+using System.Text.Json.Serialization;
+
+namespace ModAS.Server.Attributes;
+
+public class UserAuthAttribute : Attribute {
+    public AuthType AuthType { get; set; }
+    public AuthRoles AnyRoles { get; set; }
+
+    public string ToJson() => JsonSerializer.Serialize(new {
+        AuthType,
+        AnyRoles
+    });
+}
+
+[JsonConverter(typeof(JsonStringEnumConverter))]
+public enum AuthType {
+    User,
+    Server
+}
+
+[JsonConverter(typeof(JsonStringEnumConverter))]
+[Flags]
+public enum AuthRoles {
+    Administrator = 1 << 0,
+    Developer = 1 << 1,
+}
\ No newline at end of file
diff --git a/ModAS.Server/Authentication/AuthMiddleware.cs b/ModAS.Server/Authentication/AuthMiddleware.cs
new file mode 100644
index 0000000..8b7266f
--- /dev/null
+++ b/ModAS.Server/Authentication/AuthMiddleware.cs
@@ -0,0 +1,82 @@
+using System.Net.Http.Headers;
+using System.Text.Json;
+using LibMatrix;
+using LibMatrix.Homeservers;
+using LibMatrix.Services;
+using ModAS.Server.Attributes;
+using MxApiExtensions.Services;
+
+namespace ModAS.Server.Authentication;
+
+public class AuthMiddleware(RequestDelegate next, ILogger<AuthMiddleware> logger, ModASConfiguration config, HomeserverProviderService hsProvider, AppServiceRegistration asr) {
+    public async Task InvokeAsync(HttpContext context) {
+        context.Request.Query.TryGetValue("access_token", out var queryAccessToken);
+        var accessToken = queryAccessToken.FirstOrDefault();
+        accessToken ??= context.Request.GetTypedHeaders().Get<AuthenticationHeaderValue>("Authorization")?.Parameter;
+
+        //get UserAuth custom attribute
+        var endpoint = context.GetEndpoint();
+        if (endpoint is null) {
+            Console.WriteLine($"Ignoring authentication, endpoint is null!");
+            await next(context);
+            return;
+        }
+
+        var authAttribute = endpoint?.Metadata.GetMetadata<UserAuthAttribute>();
+        if (authAttribute is not null)
+            logger.LogInformation($"{nameof(Route)} authorization: {authAttribute.ToJson()}");
+        else if (string.IsNullOrWhiteSpace(accessToken)) {
+            // auth is optional if auth attribute isnt set
+            Console.WriteLine($"Allowing unauthenticated request, AuthAttribute is not set!");
+            await next(context);
+            return;
+        }
+
+        if (string.IsNullOrWhiteSpace(accessToken))
+            if (authAttribute is not null) {
+                context.Response.StatusCode = 401;
+                await context.Response.WriteAsJsonAsync(new MatrixException() {
+                    ErrorCode = "M_UNAUTHORIZED",
+                    Error = "Missing access token"
+                }.GetAsObject());
+                return;
+            }
+
+        try {
+            switch (authAttribute.AuthType) {
+                case AuthType.User:
+                    var authUser = await GetAuthUser(accessToken);
+                    context.Items.Add("AuthUser", authUser);
+                    break;
+                case AuthType.Server:
+                    if (asr.HomeserverToken != accessToken)
+                        throw new MatrixException() {
+                            ErrorCode = "M_UNAUTHORIZED",
+                            Error = "Invalid access token"
+                        };
+
+                    break;
+                default:
+                    throw new ArgumentOutOfRangeException();
+            }
+        }
+        catch (MatrixException e) {
+            context.Response.StatusCode = 401;
+            await context.Response.WriteAsJsonAsync(e.GetAsObject());
+            return;
+        }
+
+        await next(context);
+    }
+
+    private async Task<AuthUser> GetAuthUser(string accessToken) {
+        AuthenticatedHomeserverGeneric? homeserver;
+        homeserver = await hsProvider.GetAuthenticatedWithToken(config.ServerName, accessToken, config.HomeserverUrl);
+
+        return new AuthUser() {
+            Homeserver = homeserver,
+            AccessToken = accessToken,
+            Roles = config.Roles.Where(r => r.Value.Contains(homeserver.WhoAmI.UserId)).Select(r => r.Key).ToList()
+        };
+    }
+}
\ No newline at end of file
diff --git a/ModAS.Server/Authentication/AuthUser.cs b/ModAS.Server/Authentication/AuthUser.cs
new file mode 100644
index 0000000..f91656f
--- /dev/null
+++ b/ModAS.Server/Authentication/AuthUser.cs
@@ -0,0 +1,9 @@
+using LibMatrix.Homeservers;
+
+namespace ModAS.Server.Authentication;
+
+public class AuthUser {
+    public required string AccessToken { get; set; }
+    public required List<string> Roles { get; set; }
+    public required AuthenticatedHomeserverGeneric Homeserver { get; set; }
+}
\ No newline at end of file
diff --git a/ModAS.Server/Controllers/Admin/RoomQueryController.cs b/ModAS.Server/Controllers/Admin/RoomQueryController.cs
new file mode 100644
index 0000000..a49e5c0
--- /dev/null
+++ b/ModAS.Server/Controllers/Admin/RoomQueryController.cs
@@ -0,0 +1,135 @@
+using System.Collections.Frozen;
+using ArcaneLibs.Extensions;
+using Elastic.Apm;
+using Elastic.Apm.Api;
+using LibMatrix;
+using LibMatrix.EventTypes.Spec.State;
+using LibMatrix.EventTypes.Spec.State.RoomInfo;
+using LibMatrix.Responses.ModAS;
+using LibMatrix.RoomTypes;
+using Microsoft.AspNetCore.Mvc;
+using ModAS.Classes;
+using ModAS.Server.Services;
+using MxApiExtensions.Services;
+
+namespace ModAS.Server.Controllers;
+
+[ApiController]
+public class RoomQueryController(UserProviderService ahsProvider, ModASConfiguration config, RoomStateCacheService stateCacheService, UserProviderService userProviderService) : ControllerBase {
+    [HttpGet("/_matrix/_modas/room_query")]
+    public async IAsyncEnumerable<ModASRoomQueryResult> RoomQuery() {
+        var fetchRoomQueryDataSpan = currentTransaction.StartSpan("fetchRoomQueryData", ApiConstants.TypeApp);
+        List<string> processedRooms = new();
+        var getUsersSpan = currentTransaction.StartSpan("getUsers", ApiConstants.TypeApp);
+        var validUsers = await ahsProvider.GetValidUsers();
+        getUsersSpan.End();
+
+        var collectRoomsSpan = currentTransaction.StartSpan("collectRooms", ApiConstants.TypeApp);
+        // var userRoomLists = validUsers.Values.Select(ahs => ahs.GetJoinedRooms()).ToList();
+        // await Task.WhenAll(userRoomLists);
+        // var rooms = userRoomLists.SelectMany(r => r.Result).DistinctBy(x => x.RoomId).ToFrozenSet();
+        var roomsTasks = validUsers.Values.Select(u => userProviderService.GetUserRoomsCached(u.WhoAmI.UserId)).ToList();
+        await Task.WhenAll(roomsTasks);
+        var rooms = roomsTasks.SelectMany(r => r.Result).DistinctBy(x => x.RoomId).ToFrozenSet();
+        collectRoomsSpan.End();
+
+        var collectRoomStateSpan = currentTransaction.StartSpan("collectRoomState", ApiConstants.TypeApp);
+        //make sure we lock!!!!
+        await stateCacheService.EnsureCachedFromRoomList(rooms);
+        var roomStateTasks = rooms.Select(GetRoomState).ToAsyncEnumerable();
+        var awaitRoomStateSpan = currentTransaction.StartSpan("fetchRoomState", ApiConstants.TypeApp);
+        await foreach (var (room, roomState) in roomStateTasks) {
+            awaitRoomStateSpan.Name = $"awaitRoomState {room.RoomId}";
+            awaitRoomStateSpan.End();
+
+            var filterStateEventsSpan = currentTransaction.StartSpan($"filterStateEvents {room.RoomId}", ApiConstants.TypeApp);
+            var roomMembers = roomState.Where(r => r.Type == RoomMemberEventContent.EventId).ToFrozenSet();
+            var localRoomMembers = roomMembers.Where(x => x.StateKey.EndsWith(':' + config.ServerName)).ToFrozenSet();
+            var nonMemberState = roomState.Where(x => !roomMembers.Contains(x)).ToFrozenSet();
+            filterStateEventsSpan.End();
+            var buildResultSpan = currentTransaction.StartSpan($"buildResult {room.RoomId}", ApiConstants.TypeApp);
+
+            // forgive me for raw json access... attempt at optimisation -emma
+            yield return new ModASRoomQueryResult {
+                RoomId = room.RoomId,
+                StateEvents = roomState.Count,
+                //members
+                TotalMembers = roomMembers.Count,
+                TotalLocalMembers = localRoomMembers.Count,
+                JoinedMembers = roomMembers.Count(x => (x.TypedContent as RoomMemberEventContent)?.Membership == "join"),
+                JoinedLocalMembers = localRoomMembers.Count(x => (x.TypedContent as RoomMemberEventContent)?.Membership == "join"),
+                //-members
+                //creation event
+                Creator = nonMemberState.FirstOrDefault(r => r.Type == RoomCreateEventContent.EventId)?.Sender,
+                Version = nonMemberState.FirstOrDefault(r => r.Type == RoomCreateEventContent.EventId)?.RawContent?["room_version"]?.GetValue<string>(),
+                Type = nonMemberState.FirstOrDefault(r => r.Type == RoomCreateEventContent.EventId)?.RawContent?["type"]?.GetValue<string>(),
+                Federatable = nonMemberState.FirstOrDefault(r => r.Type == RoomCreateEventContent.EventId)?.RawContent?["m.federate"]?.GetValue<bool>() ?? true,
+                //-creation event
+                Name = nonMemberState.FirstOrDefault(r => r.Type == RoomNameEventContent.EventId)?.RawContent?["name"]?.GetValue<string>(),
+                CanonicalAlias = nonMemberState.FirstOrDefault(r => r.Type == RoomCanonicalAliasEventContent.EventId)?.RawContent?["alias"]?.GetValue<string>(),
+                JoinRules = nonMemberState.FirstOrDefault(r => r.Type == RoomJoinRulesEventContent.EventId)?.RawContent?["join_rule"]?.GetValue<string>(),
+                GuestAccess = nonMemberState.FirstOrDefault(r => r.Type == RoomGuestAccessEventContent.EventId)?.RawContent?["guest_access"]?.GetValue<string>(),
+                HistoryVisibility =
+                    nonMemberState.FirstOrDefault(r => r.Type == RoomHistoryVisibilityEventContent.EventId)?.RawContent?["history_visibility"]?.GetValue<string>(),
+                Public = nonMemberState.FirstOrDefault(r => r.Type == RoomJoinRulesEventContent.EventId)?.RawContent?["join_rule"]?.GetValue<string>() == "public",
+                Encryption = nonMemberState.FirstOrDefault(r => r.Type == RoomEncryptionEventContent.EventId)?.RawContent?["algorithm"]?.GetValue<string>(),
+                AvatarUrl = nonMemberState.FirstOrDefault(r => r.Type == RoomAvatarEventContent.EventId)?.RawContent?["url"]?.GetValue<string>(),
+                RoomTopic = nonMemberState.FirstOrDefault(r => r.Type == RoomTopicEventContent.EventId)?.RawContent?["topic"]?.GetValue<string>()
+            };
+            buildResultSpan.End();
+            awaitRoomStateSpan = currentTransaction.StartSpan("fetchRoomState", ApiConstants.TypeApp);
+        }
+
+        collectRoomStateSpan.End();
+        fetchRoomQueryDataSpan.End();
+    }
+
+    [HttpPost("/_matrix/_modas/room_query")]
+    public async IAsyncEnumerable<ModASRoomQueryResult> RoomQuery([FromBody] RoomQueryFilter request) {
+        await foreach (var room in RoomQuery()) {
+            if (!string.IsNullOrWhiteSpace(request.RoomIdContains) && !room.RoomId.Contains(request.RoomIdContains)) continue;
+
+            if (!string.IsNullOrWhiteSpace(request.NameContains) && room.Name?.Contains(request.NameContains) != true) continue;
+
+            if (!string.IsNullOrWhiteSpace(request.CanonicalAliasContains) && room.CanonicalAlias?.Contains(request.CanonicalAliasContains) != true) continue;
+
+            if (!string.IsNullOrWhiteSpace(request.VersionContains) && room.Version?.Contains(request.VersionContains) != true) continue;
+
+            if (!string.IsNullOrWhiteSpace(request.CreatorContains) && room.Creator?.Contains(request.CreatorContains) != true) continue;
+
+            if (!string.IsNullOrWhiteSpace(request.EncryptionContains) && room.Encryption?.Contains(request.EncryptionContains) != true) continue;
+
+            if (!string.IsNullOrWhiteSpace(request.JoinRulesContains) && room.JoinRules?.Contains(request.JoinRulesContains) != true) continue;
+
+            if (!string.IsNullOrWhiteSpace(request.GuestAccessContains) && room.GuestAccess?.Contains(request.GuestAccessContains) != true) continue;
+
+            if (!string.IsNullOrWhiteSpace(request.HistoryVisibilityContains) && room.HistoryVisibility?.Contains(request.HistoryVisibilityContains) != true) continue;
+
+            if (!string.IsNullOrWhiteSpace(request.AvatarUrlContains) && room.AvatarUrl?.Contains(request.AvatarUrlContains) != true) continue;
+
+            if (!string.IsNullOrWhiteSpace(request.RoomTopicContains) && room.RoomTopic?.Contains(request.RoomTopicContains) != true) continue;
+
+            if (request.JoinedMembersMin.HasValue && room.JoinedMembers < request.JoinedMembersMin.Value) continue;
+            if (request.JoinedMembersMax.HasValue && room.JoinedMembers > request.JoinedMembersMax.Value) continue;
+
+            if (request.JoinedLocalMembersMin.HasValue && room.JoinedLocalMembers < request.JoinedLocalMembersMin.Value) continue;
+            if (request.JoinedLocalMembersMax.HasValue && room.JoinedLocalMembers > request.JoinedLocalMembersMax.Value) continue;
+
+            if (request.StateEventsMin.HasValue && room.StateEvents < request.StateEventsMin.Value) continue;
+            if (request.StateEventsMax.HasValue && room.StateEvents > request.StateEventsMax.Value) continue;
+
+            if (request.IsFederatable.HasValue && room.Federatable != request.IsFederatable.Value) continue;
+
+            if (request.IsPublic.HasValue && room.Public != request.IsPublic.Value) continue;
+
+            yield return room;
+        }
+    }
+
+    private async Task<KeyValuePair<GenericRoom, FrozenSet<StateEventResponse>>> GetRoomState(GenericRoom room) {
+        var roomState = await stateCacheService.GetRoomState(room.RoomId, room);
+        return new(room, roomState);
+    }
+
+    private static ITransaction currentTransaction => Agent.Tracer.CurrentTransaction;
+}
\ No newline at end of file
diff --git a/ModAS.Server/Controllers/AppService/PingController.cs b/ModAS.Server/Controllers/AppService/PingController.cs
new file mode 100644
index 0000000..7b073c1
--- /dev/null
+++ b/ModAS.Server/Controllers/AppService/PingController.cs
@@ -0,0 +1,73 @@
+using System.IO.Pipelines;
+using System.Net;
+using System.Net.Http.Headers;
+using System.Text.Json;
+using ArcaneLibs;
+using LibMatrix;
+using LibMatrix.EventTypes.Spec;
+using Microsoft.AspNetCore.Mvc;
+using Microsoft.Extensions.Configuration.Json;
+using ModAS.Server;
+using ModAS.Server.Attributes;
+using ModAS.Server.Services;
+using MxApiExtensions.Services;
+
+namespace ModAS.Server.Controllers.AppService;
+
+[ApiController]
+public class PingController(
+    AppServiceRegistration asr,
+    ModASConfiguration config,
+    UserProviderService userProvider,
+    RoomContextService roomContextService,
+    RoomStateCacheService stateCacheService) : ControllerBase {
+    private static List<string> _ignoredInvalidationEvents { get; set; } = [
+        RoomMessageEventContent.EventId,
+        RoomMessageReactionEventContent.EventId
+    ];
+
+    [HttpPut("/_matrix/app/v1/transactions/{txnId}")]
+    [UserAuth(AuthType = AuthType.Server)]
+    public async Task<IActionResult> PutTransactions(string txnId) {
+        var data = await JsonSerializer.DeserializeAsync<EventList>(Request.Body);
+        Console.WriteLine(
+            $"PutTransaction: {txnId}: {data.Events.Count} events, {Util.BytesToString(Request.Headers.ContentLength ?? Request.ContentLength ?? Request.Body.Length)}");
+
+        if (!Directory.Exists("data"))
+            Directory.CreateDirectory("data");
+        Directory.CreateDirectory($"data/{txnId}");
+        // var pipe = PipeReader.Create(Request.Body);
+        // await using var file = System.IO.File.OpenWrite($"data/{txnId}");
+        // await pipe.CopyToAsync(file);
+        // await pipe.CompleteAsync();
+        //
+        // Console.WriteLine($"PutTransaction: {txnId}: {Util.BytesToString(file.Length)}");
+        for (var i = 0; i < data.Events.Count; i++) {
+            var evt = data.Events[i];
+            Console.WriteLine($"PutTransaction: {txnId}/{i}: {evt.Type} {evt.StateKey} {evt.Sender}");
+            await System.IO.File.WriteAllTextAsync($"data/{txnId}/{i}-{evt.Type.Replace("/", "")}-{evt.StateKey.Replace("/", "")}-{evt.Sender?.Replace("/", "")}.json",
+                JsonSerializer.Serialize(evt));
+
+            if (evt.Sender.EndsWith(':' + config.ServerName)) {
+                Console.WriteLine("PutTransaction: sender is local user, updating data...");
+                try {
+                    var user = await userProvider.GetImpersonatedHomeserver(evt.Sender);
+                    var rooms = await user.GetJoinedRooms();
+                    foreach (var room in rooms) {
+                        await roomContextService.GetRoomContext(room);
+                    }
+                }
+                catch (Exception e) {
+                    Console.WriteLine($"PutTransaction: failed to update data: {e}");
+                }
+            }
+            else
+                Console.WriteLine("PutTransaction: sender is remote user");
+
+            if (!string.IsNullOrWhiteSpace(evt.RoomId) && !_ignoredInvalidationEvents.Contains(evt.Type))
+                await stateCacheService.InvalidateRoomState(evt.RoomId);
+        }
+
+        return Ok(new { });
+    }
+}
\ No newline at end of file
diff --git a/ModAS.Server/Controllers/AppService/TransactionsController.cs b/ModAS.Server/Controllers/AppService/TransactionsController.cs
index b74e1e1..53bfaf5 100644
--- a/ModAS.Server/Controllers/AppService/TransactionsController.cs
+++ b/ModAS.Server/Controllers/AppService/TransactionsController.cs
@@ -8,6 +8,7 @@ using LibMatrix.EventTypes.Spec;
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.Extensions.Configuration.Json;
 using ModAS.Server;
+using ModAS.Server.Attributes;
 using ModAS.Server.Services;
 using MxApiExtensions.Services;
 
@@ -26,16 +27,17 @@ public class TransactionsController(
     ];
 
     [HttpPut("/_matrix/app/v1/transactions/{txnId}")]
+    [UserAuth(AuthType = AuthType.Server)]
     public async Task<IActionResult> PutTransactions(string txnId) {
-        if (!Request.Headers.ContainsKey("Authorization")) {
-            Console.WriteLine("PutTransaction: missing authorization header");
-            return Unauthorized();
-        }
-
-        if (Request.GetTypedHeaders().Get<AuthenticationHeaderValue>("Authorization")?.Parameter != asr.HomeserverToken) {
-            Console.WriteLine($"PutTransaction: invalid authorization header: {Request.Headers["Authorization"]}");
-            return Unauthorized();
-        }
+        // if (!Request.Headers.ContainsKey("Authorization")) {
+        //     Console.WriteLine("PutTransaction: missing authorization header");
+        //     return Unauthorized();
+        // }
+        //
+        // if (Request.GetTypedHeaders().Get<AuthenticationHeaderValue>("Authorization")?.Parameter != asr.HomeserverToken) {
+        //     Console.WriteLine($"PutTransaction: invalid authorization header: {Request.Headers["Authorization"]}");
+        //     return Unauthorized();
+        // }
 
         var data = await JsonSerializer.DeserializeAsync<EventList>(Request.Body);
         Console.WriteLine(
@@ -53,7 +55,8 @@ public class TransactionsController(
         for (var i = 0; i < data.Events.Count; i++) {
             var evt = data.Events[i];
             Console.WriteLine($"PutTransaction: {txnId}/{i}: {evt.Type} {evt.StateKey} {evt.Sender}");
-            await System.IO.File.WriteAllTextAsync($"data/{txnId}/{i}-{evt.Type}-{evt.StateKey}-{evt.Sender}.json", JsonSerializer.Serialize(evt));
+            await System.IO.File.WriteAllTextAsync($"data/{txnId}/{i}-{evt.Type.Replace("/", "")}-{evt.StateKey.Replace("/", "")}-{evt.Sender?.Replace("/", "")}.json",
+                JsonSerializer.Serialize(evt));
 
             if (evt.Sender.EndsWith(':' + config.ServerName)) {
                 Console.WriteLine("PutTransaction: sender is local user, updating data...");
diff --git a/ModAS.Server/Controllers/Debug/DebugController.cs b/ModAS.Server/Controllers/Debug/DebugController.cs
new file mode 100644
index 0000000..7bec3e5
--- /dev/null
+++ b/ModAS.Server/Controllers/Debug/DebugController.cs
@@ -0,0 +1,120 @@
+using System.Collections.Frozen;
+using ArcaneLibs.Extensions;
+using Elastic.Apm;
+using Elastic.Apm.Api;
+using LibMatrix.Homeservers;
+using Microsoft.AspNetCore.Authorization;
+using Microsoft.AspNetCore.Mvc;
+using ModAS.Server.Attributes;
+using ModAS.Server.Services;
+using MxApiExtensions.Services;
+
+namespace ModAS.Server.Controllers.Debug;
+
+/// <summary>
+///   Provides debugging endpoints.
+/// </summary>
+/// <param name="config"><inheritdoc cref="ModASConfiguration"/></param>
+/// <param name="authHsProvider"><inheritdoc cref="UserProviderService"/></param>
+/// <param name="roomContextService"><inheritdoc cref="RoomContextService"/></param>
+[ApiController]
+[UserAuth(AnyRoles = AuthRoles.Developer | AuthRoles.Administrator)]
+public class DebugController(ModASConfiguration config, UserProviderService authHsProvider, RoomContextService roomContextService) : ControllerBase {
+    /// <summary>
+    ///  Returns a JSON object containing the request and response headers.
+    /// </summary>
+    /// <returns>JSON object with request and partial response headers.</returns>
+    [HttpGet("/_matrix/_modas/debug")]
+    public IActionResult Index() {
+        return Ok(new {
+            Request = Request.Headers,
+            Response = Response.Headers
+        });
+    }
+
+    /// <summary>
+    ///  Returns a JSON object containing the configuration.
+    /// </summary>
+    /// <returns></returns>
+    [HttpGet("/_matrix/_modas/debug/config")]
+    public IActionResult Config() {
+        return Ok(config);
+    }
+
+    [HttpGet("/_matrix/_modas/debug/known_users")]
+    public IActionResult KnownUsers() {
+        return Ok(authHsProvider.KnownUsers.Keys);
+    }
+
+    [HttpGet("/_matrix/_modas/debug/test_locate_users")]
+    public async IAsyncEnumerable<string> TestLocateUsers([FromQuery] string startUser) {
+        List<AuthenticatedHomeserverGeneric> foundUsers = (await authHsProvider.GetValidUsers()).Select(x => x.Value).ToList();
+        if (!foundUsers.Any(x => x.WhoAmI.UserId == startUser)) {
+            foundUsers.Add(await authHsProvider.GetImpersonatedHomeserver(startUser));
+        }
+
+        List<string> processedRooms = [], processedUsers = [];
+        var foundNew = true;
+        while (foundNew) {
+            var span1 = currentTransaction.StartSpan("iterateUsers", ApiConstants.TypeApp);
+            foundNew = false;
+            var usersToProcess = foundUsers.Where(x => !processedUsers.Any(y => x.WhoAmI.UserId == y)).ToFrozenSet();
+            Console.WriteLine($"Got {usersToProcess.Count} users: {string.Join(", ", usersToProcess)}");
+
+            var rooms = usersToProcess.Select(async x => await x.GetJoinedRooms());
+            var roomLists = rooms.ToAsyncEnumerable();
+            await foreach (var roomList in roomLists) {
+                if (roomList is null) continue;
+                foreach (var room in roomList) {
+                    if (processedRooms.Contains(room.RoomId)) continue;
+                    processedRooms.Add(room.RoomId);
+                    var roomMembers = await room.GetMembersListAsync(false);
+                    foreach (var roomMember in roomMembers) {
+                        if (roomMember.StateKey.EndsWith(':' + config.ServerName) && !foundUsers.Any(x => x.WhoAmI.UserId == roomMember.StateKey)) {
+                            foundUsers.Add(await authHsProvider.GetImpersonatedHomeserver(roomMember.StateKey));
+                            foundNew = true;
+                            yield return roomMember.StateKey;
+                        }
+                    }
+                }
+            }
+
+            // await foreach (var task in tasks) {
+            //     if (task is null) continue;
+            //     foreach (var user in task) {
+            //         if (foundUsers.Contains(user)) continue;
+            //         foundUsers.Add(user);
+            //         foundNew = true;
+            //         yield return user;
+            //     }
+            // }
+
+            span1.End();
+        }
+    }
+
+    [HttpGet("/_matrix/_modas/debug/room_contexts")]
+    public IActionResult RoomContexts() {
+        return Ok(roomContextService.RoomContexts.Values);
+    }
+
+    [HttpGet("/_matrix/_modas/debug/room_contexts/{roomId}")]
+    public async Task<IActionResult> RoomContext(string roomId) {
+        var roomContext = await roomContextService.GetRoomContext(roomId);
+        if (roomContext is null) return NotFound("Room not found");
+        return Ok(roomContext);
+    }
+
+    [HttpGet("/_matrix/_modas/debug/room_contexts/by_user/{userId}")]
+    public async IAsyncEnumerable<RoomContextService.RoomContext> RoomContextByUser(string userId) {
+        var user = await authHsProvider.GetImpersonatedHomeserver(userId);
+        var rooms = await user.GetJoinedRooms();
+        var contexts = rooms.Select(x => roomContextService.GetRoomContext(x.RoomId)).ToAsyncEnumerable();
+        await foreach (var context in contexts) {
+            if (context is null) continue;
+            yield return context;
+        }
+    }
+
+    private static ITransaction currentTransaction => Agent.Tracer.CurrentTransaction;
+}
\ No newline at end of file
diff --git a/ModAS.Server/Controllers/DebugController.cs b/ModAS.Server/Controllers/DebugController.cs
deleted file mode 100644
index f0fe91e..0000000
--- a/ModAS.Server/Controllers/DebugController.cs
+++ /dev/null
@@ -1,104 +0,0 @@
-using System.Collections.Frozen;
-using ArcaneLibs.Extensions;
-using Elastic.Apm;
-using Elastic.Apm.Api;
-using LibMatrix;
-using LibMatrix.Homeservers;
-using Microsoft.AspNetCore.Mvc;
-using ModAS.Server.Services;
-using MxApiExtensions.Services;
-
-namespace ModAS.Server.Controllers;
-
-[ApiController]
-public class DebugController(ModASConfiguration config, UserProviderService authHsProvider, RoomContextService roomContextService) : ControllerBase {
-    [HttpGet("/_matrix/_modas/debug")]
-    public IActionResult Index() {
-        return Ok(new {
-            Request = Request.Headers,
-            Response = Response.Headers
-        });
-    }
-
-    [HttpGet("/_matrix/_modas/debug/config")]
-    public IActionResult Config() {
-        return Ok(config);
-    }
-
-    [HttpGet("/_matrix/_modas/debug/known_users")]
-    public IActionResult KnownUsers() {
-        return Ok(authHsProvider.KnownUsers.Keys);
-    }
-
-    [HttpGet("/_matrix/_modas/debug/test_locate_users")]
-    public async IAsyncEnumerable<string> TestLocateUsers([FromQuery] string startUser) {
-        List<AuthenticatedHomeserverGeneric> foundUsers = (await authHsProvider.GetValidUsers()).Select(x=>x.Value).ToList();
-        if(!foundUsers.Any(x=>x.WhoAmI.UserId == startUser)) {
-            foundUsers.Add(await authHsProvider.GetImpersonatedHomeserver(startUser));
-        }
-        
-        List<string> processedRooms = [], processedUsers = [];
-        var foundNew = true;
-        while (foundNew) {
-            var span1 = currentTransaction.StartSpan("iterateUsers", ApiConstants.TypeApp);
-            foundNew = false;
-            var usersToProcess = foundUsers.Where(x => !processedUsers.Any(y=>x.WhoAmI.UserId == y)).ToFrozenSet();
-            Console.WriteLine($"Got {usersToProcess.Count} users: {string.Join(", ", usersToProcess)}");
-
-            var rooms = usersToProcess.Select(async x => await x.GetJoinedRooms());
-            var roomLists = rooms.ToAsyncEnumerable();
-            await foreach (var roomList in roomLists) {
-                if (roomList is null) continue;
-                foreach (var room in roomList) {
-                    if (processedRooms.Contains(room.RoomId)) continue;
-                    processedRooms.Add(room.RoomId);
-                    var roomMembers = await room.GetMembersListAsync(false);
-                    foreach (var roomMember in roomMembers) {
-                        if (roomMember.StateKey.EndsWith(':' + config.ServerName) && !foundUsers.Any(x=>x.WhoAmI.UserId == roomMember.StateKey)) {
-                            foundUsers.Add(await authHsProvider.GetImpersonatedHomeserver(roomMember.StateKey));
-                            foundNew = true;
-                            yield return roomMember.StateKey;
-                        }
-                    }
-                }
-            }
-
-            // await foreach (var task in tasks) {
-            //     if (task is null) continue;
-            //     foreach (var user in task) {
-            //         if (foundUsers.Contains(user)) continue;
-            //         foundUsers.Add(user);
-            //         foundNew = true;
-            //         yield return user;
-            //     }
-            // }
-
-            span1.End();
-        }
-    }
-
-    [HttpGet("/_matrix/_modas/debug/room_contexts")]
-    public IActionResult RoomContexts() {
-        return Ok(roomContextService.RoomContexts.Values);
-    }
-
-    [HttpGet("/_matrix/_modas/debug/room_contexts/{roomId}")]
-    public async Task<IActionResult> RoomContext(string roomId) {
-        var roomContext = await roomContextService.GetRoomContext(roomId);
-        if (roomContext is null) return NotFound("Room not found");
-        return Ok(roomContext);
-    }
-
-    [HttpGet("/_matrix/_modas/debug/room_contexts/by_user/{userId}")]
-    public async IAsyncEnumerable<RoomContextService.RoomContext> RoomContextByUser(string userId) {
-        var user = await authHsProvider.GetImpersonatedHomeserver(userId);
-        var rooms = await user.GetJoinedRooms();
-        var contexts = rooms.Select(x => roomContextService.GetRoomContext(x.RoomId)).ToAsyncEnumerable();
-        await foreach (var context in contexts) {
-            if (context is null) continue;
-            yield return context;
-        }
-    }
-
-    private static ITransaction currentTransaction => Agent.Tracer.CurrentTransaction;
-}
\ No newline at end of file
diff --git a/ModAS.Server/Controllers/HomeController.cs b/ModAS.Server/Controllers/HomeController.cs
index 5fd309f..eb17966 100644
--- a/ModAS.Server/Controllers/HomeController.cs
+++ b/ModAS.Server/Controllers/HomeController.cs
@@ -3,17 +3,14 @@ using Microsoft.AspNetCore.Mvc;
 
 namespace ModAS.Server.Controllers;
 
+/// <summary>
+///    Manages the visual homepage.
+/// </summary>
 [ApiController]
 public class HomeController : Controller {
-    private readonly ILogger<HomeController> _logger;
-
-    public HomeController(ILogger<HomeController> logger) {
-        _logger = logger;
-    }
-
+    /// <inheritdoc cref="HomeController"/>
     [HttpGet("/_matrix/_modas")]
     public IActionResult Index() {
-        //return wwwroot/index.html
         return LocalRedirect("/index.html");
     }
 }
\ No newline at end of file
diff --git a/ModAS.Server/Controllers/RoomQueryController.cs b/ModAS.Server/Controllers/RoomQueryController.cs
deleted file mode 100644
index a49e5c0..0000000
--- a/ModAS.Server/Controllers/RoomQueryController.cs
+++ /dev/null
@@ -1,135 +0,0 @@
-using System.Collections.Frozen;
-using ArcaneLibs.Extensions;
-using Elastic.Apm;
-using Elastic.Apm.Api;
-using LibMatrix;
-using LibMatrix.EventTypes.Spec.State;
-using LibMatrix.EventTypes.Spec.State.RoomInfo;
-using LibMatrix.Responses.ModAS;
-using LibMatrix.RoomTypes;
-using Microsoft.AspNetCore.Mvc;
-using ModAS.Classes;
-using ModAS.Server.Services;
-using MxApiExtensions.Services;
-
-namespace ModAS.Server.Controllers;
-
-[ApiController]
-public class RoomQueryController(UserProviderService ahsProvider, ModASConfiguration config, RoomStateCacheService stateCacheService, UserProviderService userProviderService) : ControllerBase {
-    [HttpGet("/_matrix/_modas/room_query")]
-    public async IAsyncEnumerable<ModASRoomQueryResult> RoomQuery() {
-        var fetchRoomQueryDataSpan = currentTransaction.StartSpan("fetchRoomQueryData", ApiConstants.TypeApp);
-        List<string> processedRooms = new();
-        var getUsersSpan = currentTransaction.StartSpan("getUsers", ApiConstants.TypeApp);
-        var validUsers = await ahsProvider.GetValidUsers();
-        getUsersSpan.End();
-
-        var collectRoomsSpan = currentTransaction.StartSpan("collectRooms", ApiConstants.TypeApp);
-        // var userRoomLists = validUsers.Values.Select(ahs => ahs.GetJoinedRooms()).ToList();
-        // await Task.WhenAll(userRoomLists);
-        // var rooms = userRoomLists.SelectMany(r => r.Result).DistinctBy(x => x.RoomId).ToFrozenSet();
-        var roomsTasks = validUsers.Values.Select(u => userProviderService.GetUserRoomsCached(u.WhoAmI.UserId)).ToList();
-        await Task.WhenAll(roomsTasks);
-        var rooms = roomsTasks.SelectMany(r => r.Result).DistinctBy(x => x.RoomId).ToFrozenSet();
-        collectRoomsSpan.End();
-
-        var collectRoomStateSpan = currentTransaction.StartSpan("collectRoomState", ApiConstants.TypeApp);
-        //make sure we lock!!!!
-        await stateCacheService.EnsureCachedFromRoomList(rooms);
-        var roomStateTasks = rooms.Select(GetRoomState).ToAsyncEnumerable();
-        var awaitRoomStateSpan = currentTransaction.StartSpan("fetchRoomState", ApiConstants.TypeApp);
-        await foreach (var (room, roomState) in roomStateTasks) {
-            awaitRoomStateSpan.Name = $"awaitRoomState {room.RoomId}";
-            awaitRoomStateSpan.End();
-
-            var filterStateEventsSpan = currentTransaction.StartSpan($"filterStateEvents {room.RoomId}", ApiConstants.TypeApp);
-            var roomMembers = roomState.Where(r => r.Type == RoomMemberEventContent.EventId).ToFrozenSet();
-            var localRoomMembers = roomMembers.Where(x => x.StateKey.EndsWith(':' + config.ServerName)).ToFrozenSet();
-            var nonMemberState = roomState.Where(x => !roomMembers.Contains(x)).ToFrozenSet();
-            filterStateEventsSpan.End();
-            var buildResultSpan = currentTransaction.StartSpan($"buildResult {room.RoomId}", ApiConstants.TypeApp);
-
-            // forgive me for raw json access... attempt at optimisation -emma
-            yield return new ModASRoomQueryResult {
-                RoomId = room.RoomId,
-                StateEvents = roomState.Count,
-                //members
-                TotalMembers = roomMembers.Count,
-                TotalLocalMembers = localRoomMembers.Count,
-                JoinedMembers = roomMembers.Count(x => (x.TypedContent as RoomMemberEventContent)?.Membership == "join"),
-                JoinedLocalMembers = localRoomMembers.Count(x => (x.TypedContent as RoomMemberEventContent)?.Membership == "join"),
-                //-members
-                //creation event
-                Creator = nonMemberState.FirstOrDefault(r => r.Type == RoomCreateEventContent.EventId)?.Sender,
-                Version = nonMemberState.FirstOrDefault(r => r.Type == RoomCreateEventContent.EventId)?.RawContent?["room_version"]?.GetValue<string>(),
-                Type = nonMemberState.FirstOrDefault(r => r.Type == RoomCreateEventContent.EventId)?.RawContent?["type"]?.GetValue<string>(),
-                Federatable = nonMemberState.FirstOrDefault(r => r.Type == RoomCreateEventContent.EventId)?.RawContent?["m.federate"]?.GetValue<bool>() ?? true,
-                //-creation event
-                Name = nonMemberState.FirstOrDefault(r => r.Type == RoomNameEventContent.EventId)?.RawContent?["name"]?.GetValue<string>(),
-                CanonicalAlias = nonMemberState.FirstOrDefault(r => r.Type == RoomCanonicalAliasEventContent.EventId)?.RawContent?["alias"]?.GetValue<string>(),
-                JoinRules = nonMemberState.FirstOrDefault(r => r.Type == RoomJoinRulesEventContent.EventId)?.RawContent?["join_rule"]?.GetValue<string>(),
-                GuestAccess = nonMemberState.FirstOrDefault(r => r.Type == RoomGuestAccessEventContent.EventId)?.RawContent?["guest_access"]?.GetValue<string>(),
-                HistoryVisibility =
-                    nonMemberState.FirstOrDefault(r => r.Type == RoomHistoryVisibilityEventContent.EventId)?.RawContent?["history_visibility"]?.GetValue<string>(),
-                Public = nonMemberState.FirstOrDefault(r => r.Type == RoomJoinRulesEventContent.EventId)?.RawContent?["join_rule"]?.GetValue<string>() == "public",
-                Encryption = nonMemberState.FirstOrDefault(r => r.Type == RoomEncryptionEventContent.EventId)?.RawContent?["algorithm"]?.GetValue<string>(),
-                AvatarUrl = nonMemberState.FirstOrDefault(r => r.Type == RoomAvatarEventContent.EventId)?.RawContent?["url"]?.GetValue<string>(),
-                RoomTopic = nonMemberState.FirstOrDefault(r => r.Type == RoomTopicEventContent.EventId)?.RawContent?["topic"]?.GetValue<string>()
-            };
-            buildResultSpan.End();
-            awaitRoomStateSpan = currentTransaction.StartSpan("fetchRoomState", ApiConstants.TypeApp);
-        }
-
-        collectRoomStateSpan.End();
-        fetchRoomQueryDataSpan.End();
-    }
-
-    [HttpPost("/_matrix/_modas/room_query")]
-    public async IAsyncEnumerable<ModASRoomQueryResult> RoomQuery([FromBody] RoomQueryFilter request) {
-        await foreach (var room in RoomQuery()) {
-            if (!string.IsNullOrWhiteSpace(request.RoomIdContains) && !room.RoomId.Contains(request.RoomIdContains)) continue;
-
-            if (!string.IsNullOrWhiteSpace(request.NameContains) && room.Name?.Contains(request.NameContains) != true) continue;
-
-            if (!string.IsNullOrWhiteSpace(request.CanonicalAliasContains) && room.CanonicalAlias?.Contains(request.CanonicalAliasContains) != true) continue;
-
-            if (!string.IsNullOrWhiteSpace(request.VersionContains) && room.Version?.Contains(request.VersionContains) != true) continue;
-
-            if (!string.IsNullOrWhiteSpace(request.CreatorContains) && room.Creator?.Contains(request.CreatorContains) != true) continue;
-
-            if (!string.IsNullOrWhiteSpace(request.EncryptionContains) && room.Encryption?.Contains(request.EncryptionContains) != true) continue;
-
-            if (!string.IsNullOrWhiteSpace(request.JoinRulesContains) && room.JoinRules?.Contains(request.JoinRulesContains) != true) continue;
-
-            if (!string.IsNullOrWhiteSpace(request.GuestAccessContains) && room.GuestAccess?.Contains(request.GuestAccessContains) != true) continue;
-
-            if (!string.IsNullOrWhiteSpace(request.HistoryVisibilityContains) && room.HistoryVisibility?.Contains(request.HistoryVisibilityContains) != true) continue;
-
-            if (!string.IsNullOrWhiteSpace(request.AvatarUrlContains) && room.AvatarUrl?.Contains(request.AvatarUrlContains) != true) continue;
-
-            if (!string.IsNullOrWhiteSpace(request.RoomTopicContains) && room.RoomTopic?.Contains(request.RoomTopicContains) != true) continue;
-
-            if (request.JoinedMembersMin.HasValue && room.JoinedMembers < request.JoinedMembersMin.Value) continue;
-            if (request.JoinedMembersMax.HasValue && room.JoinedMembers > request.JoinedMembersMax.Value) continue;
-
-            if (request.JoinedLocalMembersMin.HasValue && room.JoinedLocalMembers < request.JoinedLocalMembersMin.Value) continue;
-            if (request.JoinedLocalMembersMax.HasValue && room.JoinedLocalMembers > request.JoinedLocalMembersMax.Value) continue;
-
-            if (request.StateEventsMin.HasValue && room.StateEvents < request.StateEventsMin.Value) continue;
-            if (request.StateEventsMax.HasValue && room.StateEvents > request.StateEventsMax.Value) continue;
-
-            if (request.IsFederatable.HasValue && room.Federatable != request.IsFederatable.Value) continue;
-
-            if (request.IsPublic.HasValue && room.Public != request.IsPublic.Value) continue;
-
-            yield return room;
-        }
-    }
-
-    private async Task<KeyValuePair<GenericRoom, FrozenSet<StateEventResponse>>> GetRoomState(GenericRoom room) {
-        var roomState = await stateCacheService.GetRoomState(room.RoomId, room);
-        return new(room, roomState);
-    }
-
-    private static ITransaction currentTransaction => Agent.Tracer.CurrentTransaction;
-}
\ No newline at end of file
diff --git a/ModAS.Server/Extensions/RequestHeaderExtensinos.cs b/ModAS.Server/Extensions/RequestHeaderExtensinos.cs
new file mode 100644
index 0000000..e40ed8e
--- /dev/null
+++ b/ModAS.Server/Extensions/RequestHeaderExtensinos.cs
@@ -0,0 +1,17 @@
+using Microsoft.AspNetCore.Http.Headers;
+
+namespace MxApiExtensions.Extensions;
+
+public static class RequestHeaderExtensions {
+    public static bool TryGet<T>(this RequestHeaders headers, string name, out T? value) {
+        try {
+            value = headers.Get<T>(name);
+            return true;
+        }
+        catch (Exception) {
+            value = default;
+        }
+
+        return false;
+    }
+}
\ No newline at end of file
diff --git a/ModAS.Server/ModAS.Server.csproj b/ModAS.Server/ModAS.Server.csproj
index 07cc67c..5bda8c0 100644
--- a/ModAS.Server/ModAS.Server.csproj
+++ b/ModAS.Server/ModAS.Server.csproj
@@ -12,6 +12,7 @@
         <StripSymbols>true</StripSymbols>
         <OptimizationPreference>Speed</OptimizationPreference>
         <TieredPGO>true</TieredPGO>
+        <EmitCompilerGeneratedFiles>true</EmitCompilerGeneratedFiles>
     </PropertyGroup>
 
     <ItemGroup>
diff --git a/ModAS.Server/Program.cs b/ModAS.Server/Program.cs
index 0b3d121..248243f 100644
--- a/ModAS.Server/Program.cs
+++ b/ModAS.Server/Program.cs
@@ -9,6 +9,7 @@ using Elastic.Apm.AspNetCore;
 using Elastic.Apm.NetCoreAll;
 using LibMatrix;
 using LibMatrix.Services;
+using ModAS.Server.Authentication;
 using ModAS.Server.Services;
 using MxApiExtensions.Services;
 
@@ -114,13 +115,14 @@ Agent.AddFilter((ISpan span) => {
     return span;
 });
 
-///wwwroot
 app.UseFileServer();
-// app.UseStaticFiles();
-// app.UseDirectoryBrowser();
+
+app.UseRouting();
 
 app.UseCors("Open");
 
 app.MapControllers();
 
+app.UseMiddleware<AuthMiddleware>();
+
 app.Run();
\ No newline at end of file
diff --git a/ModAS.Server/Services/AuthenticationService.cs b/ModAS.Server/Services/AuthenticationService.cs
index 27e12ad..8efc08c 100644
--- a/ModAS.Server/Services/AuthenticationService.cs
+++ b/ModAS.Server/Services/AuthenticationService.cs
@@ -1,20 +1,28 @@
+using System.Net.Http.Headers;
 using LibMatrix;
 using LibMatrix.Services;
+using MxApiExtensions.Extensions;
 using MxApiExtensions.Services;
 
 namespace ModAS.Server.Services;
 
-public class AuthenticationService(ILogger<AuthenticationService> logger, ModASConfiguration config, IHttpContextAccessor request, HomeserverProviderService homeserverProviderService) {
+public class AuthenticationService(
+    ILogger<AuthenticationService> logger,
+    ModASConfiguration config,
+    IHttpContextAccessor request,
+    HomeserverProviderService homeserverProviderService) {
     private readonly HttpRequest _request = request.HttpContext!.Request;
 
     private static Dictionary<string, string> _tokenMap = new();
 
     internal string? GetToken(bool fail = true) {
-        string? token;
-        if (_request.Headers.TryGetValue("Authorization", out var tokens)) {
-            token = tokens.FirstOrDefault()?[7..];
+        //_request.GetTypedHeaders().Get<AuthenticationHeaderValue>("Authorization")?.Parameter != asr.HomeserverToken
+
+        string? token = null;
+        if (_request.GetTypedHeaders().TryGet<AuthenticationHeaderValue>("Authorization", out var authHeader) && !string.IsNullOrWhiteSpace(authHeader?.Parameter)) {
+            token = authHeader.Parameter;
         }
-        else {
+        else if (_request.Query.ContainsKey("access_token")) {
             token = _request.Query["access_token"];
         }
 
@@ -47,18 +55,13 @@ public class AuthenticationService(ILogger<AuthenticationService> logger, ModASC
                 .ToDictionary(l => l[0], l => l[1]);
         }
 
-
         if (_tokenMap.TryGetValue(token, out var mxid)) return mxid;
 
-        var lookupTasks = new Dictionary<string, Task<string?>>();
-        
-        
         logger.LogInformation("Looking up mxid for token {}", token);
         var hs = await homeserverProviderService.GetAuthenticatedWithToken(config.ServerName, token, config.HomeserverUrl);
         try {
             var res = hs.WhoAmI.UserId;
             logger.LogInformation("Got mxid {} for token {}", res, token);
-            await SaveMxidForToken(token, mxid);
 
             return res;
         }
@@ -70,10 +73,4 @@ public class AuthenticationService(ILogger<AuthenticationService> logger, ModASC
             throw;
         }
     }
-
-
-    public async Task SaveMxidForToken(string token, string mxid) {
-        _tokenMap.Add(token, mxid);
-        await File.AppendAllLinesAsync("token_map", new[] { $"{token}\t{mxid}" });
-    }
-}
+}
\ No newline at end of file
diff --git a/ModAS.Server/Services/ModASConfiguration.cs b/ModAS.Server/Services/ModASConfiguration.cs
index 063e838..90f8e9e 100644
--- a/ModAS.Server/Services/ModASConfiguration.cs
+++ b/ModAS.Server/Services/ModASConfiguration.cs
@@ -1,5 +1,8 @@
 namespace MxApiExtensions.Services;
 
+/// <summary>
+///    Configuration for ModAS.
+/// </summary>
 public class ModASConfiguration {
     public ModASConfiguration(IConfiguration configuration) {
         configuration.GetRequiredSection("ModAS").Bind(this);
@@ -7,4 +10,6 @@ public class ModASConfiguration {
 
     public string ServerName { get; set; }
     public string HomeserverUrl { get; set; }
+
+    public Dictionary<string, List<string>> Roles { get; set; }
 }
\ No newline at end of file
diff --git a/ModAS.Server/Services/PingTask.cs b/ModAS.Server/Services/PingTask.cs
new file mode 100644
index 0000000..99a8f40
--- /dev/null
+++ b/ModAS.Server/Services/PingTask.cs
@@ -0,0 +1,9 @@
+namespace ModAS.Server.Services;
+
+public class PingTask : IHostedService, IDisposable {
+    public Task StartAsync(CancellationToken cancellationToken) => throw new NotImplementedException();
+
+    public Task StopAsync(CancellationToken cancellationToken) => throw new NotImplementedException();
+
+    public void Dispose() => throw new NotImplementedException();
+}
\ No newline at end of file
diff --git a/ModAS.Server/Version.cs b/ModAS.Server/Version.cs
new file mode 100644
index 0000000..19aa81c
--- /dev/null
+++ b/ModAS.Server/Version.cs
@@ -0,0 +1,5 @@
+namespace Modas.Server;
+public static class Version
+{
+    public const string Text = "master@v0+";
+}
diff --git a/ModAS.Server/appsettings.Development.json b/ModAS.Server/appsettings.Development.json
index ef51c09..f9b6b0f 100644
--- a/ModAS.Server/appsettings.Development.json
+++ b/ModAS.Server/appsettings.Development.json
@@ -6,6 +6,7 @@
     }
   },
   "ModAS": {
-    
+    "ServerName": "rory.gay",
+    "HomeserverUrl": "https://matrix.rory.gay"
   }
 }
diff --git a/commit b/commit
new file mode 100755
index 0000000..69f5cc8
--- /dev/null
+++ b/commit
@@ -0,0 +1,11 @@
+#!/usr/bin/env bash
+
+cat <<EOF > ModAS.Server/Version.cs
+namespace Modas.Server;
+public static class Version
+{
+    public const string Text = "$(git rev-parse --abbrev-ref HEAD)@$(git describe --tags --abbrev=0)+`git log $(git describe --tags --abbrev=0)..HEAD --oneline`";
+}
+EOF
+
+#git log $(git describe --tags --abbrev=0)..HEAD --oneline
\ No newline at end of file
-- 
cgit 1.4.1