nbuechner/synapse-invite-checker
nbuechner/synapse-invite-checker
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
synapse-invite-checker/synapse_invite_checker/invite_checker.py
Nils Büchner 7580c687e2 cache policy lists and increase general cache time
2024-09-15 00:19:00 +02:00

214 lines
9.4 KiB
Python
Raw Blame History

import treq
import json
import time
from twisted.internet.defer import inlineCallbacks, returnValue
from synapse.module_api import ModuleApi, errors
from synapse.types import UserID
import logging
logger = logging.getLogger(__name__)
class InviteCheckerConfig:
def __init__(self, config):
self.use_allowlist = config.get("use_allowlist", True)
self.use_blocklist = config.get("use_blocklist", True)
self.blocklist_allowlist_url = config.get("blocklist_allowlist_url", None)
self.blocklist_rooms = config.get("blocklist_rooms", []) # Blocklist for room names
self.policy_room_ids = config.get("policy_room_ids", []) # List of policy room IDs
@staticmethod
def parse_config(config):
return InviteCheckerConfig(config)
class InviteChecker:
def __init__(self, config, api: ModuleApi):
self.api = api
self.config = InviteCheckerConfig.parse_config(config)
self.use_allowlist = self.config.use_allowlist
self.use_blocklist = self.config.use_blocklist
self.cache_expiry_time = 300
self.cache_timestamp = 0
self.blocklist = set()
self.allowlist = set()
self.allow_all_invites_on_error = False
self.room_id_cache = {}
self.blocklist_room_ids = set()
self.api.register_spam_checker_callbacks(user_may_invite=self.user_may_invite)
logger.info("InviteChecker initialized")
@inlineCallbacks
def fetch_json(self, url):
logger.info(f"Fetching JSON data from: {url}")
try:
response = yield treq.get(url)
if response.code == 200:
try:
content = yield response.content()
data = json.loads(content.decode('utf-8'))
logger.debug(f"Received JSON data: {data}")
returnValue(data)
except Exception as json_error:
logger.error(f"Failed to decode JSON data: {json_error}")
returnValue(None)
else:
logger.error(f"Failed to fetch JSON data. Status code: {response.code}")
returnValue(None)
except Exception as e:
logger.error(f"Error while fetching JSON: {str(e)}")
returnValue(None)
@inlineCallbacks
def fetch_policy_room_banlist(self):
"""Fetches the ban lists from multiple policy rooms using Synapse API."""
if not self.config.policy_room_ids:
return set() # No policy rooms configured, return an empty set
logger.info(f"Fetching ban lists from policy rooms: {self.config.policy_room_ids}")
banned_entities = set()
banned_entities_by_room = set()
for room_id in self.config.policy_room_ids:
logger.info(f"Fetching ban list from policy room: {room_id}")
try:
# Fetch all state events from the policy room
state_events = yield self.api.get_room_state(room_id)
if isinstance(state_events, dict):
logger.info(f"Received state events in dict format from room {room_id} with {len(state_events)} entries.")
# Loop over the dictionary of state events
for key, event in state_events.items():
event_type = event.get("type", "")
content = event.get("content", {})
# Check for ban events of type 'm.policy.rule.user' and 'm.policy.rule.server'
if event_type in ["m.policy.rule.user", "m.policy.rule.server"]:
entity = content.get('entity', '')
if entity:
banned_entities_by_room.add(entity)
#else:
# logger.warning(f"Missing 'entity' in event: {event}")
logger.info(f"Fetched {len(banned_entities_by_room)} banned entities from policy room {room_id}.")
banned_entities = banned_entities_by_room.union(banned_entities)
banned_entities_by_room = set()
else:
logger.error(f"Unexpected response format from room {room_id}: {type(state_events)}")
except Exception as e:
logger.error(f"Failed to fetch policy room ban list from room {room_id}. Error: {str(e)}")
logger.info(f"Total banned entities from all policy rooms: {len(banned_entities)}")
return banned_entities
@inlineCallbacks
def update_blocklist_allowlist(self):
"""Fetch and update the blocklist, allowlist, and blocklisted room IDs."""
logger.info("Updating blocklist, allowlist, and room blocklist")
json_data = yield self.fetch_json(self.config.blocklist_allowlist_url)
if json_data:
self.allow_all_invites_on_error = False
self.use_allowlist = json_data.get('use_allowlist', True)
self.use_blocklist = json_data.get('use_blocklist', True)
self.blocklist = set(json_data.get('blocklist', []))
self.allowlist = set(json_data.get('allowlist', []))
# Fetch and cache the policy room ban lists
policy_banlist = yield self.fetch_policy_room_banlist()
self.blocklist.update(policy_banlist) # Merge policy bans into blocklist
self.blocklist_room_ids = set()
for room_entry in json_data.get('blocklist_rooms', []):
if room_entry.startswith('!'):
logger.info(f"Blocklisting room ID directly: {room_entry}")
self.blocklist_room_ids.add(room_entry)
else:
room_id = yield self.resolve_room_id(room_entry)
if room_id:
logger.info(f"Blocklisting room: {room_entry} -> {room_id}")
self.blocklist_room_ids.add(room_id)
else:
logger.error(f"Failed to blocklist room: {room_entry}")
# Update the cache timestamp
self.cache_timestamp = time.time()
logger.info(f"Updated blocklist with {len(self.blocklist)} entries and {len(self.blocklist_room_ids)} room IDs.")
else:
logger.error("Failed to update allowlist/blocklist due to missing JSON data.")
self.allow_all_invites_on_error = True
@inlineCallbacks
def resolve_room_id(self, room_alias):
"""Resolve a room alias to a room_id and cache the result."""
if room_alias in self.room_id_cache:
returnValue(self.room_id_cache[room_alias])
logger.info(f"Resolving room alias to room_id: {room_alias}")
try:
room_id = yield self.api.resolve_room_alias(room_alias)
self.room_id_cache[room_alias] = room_id
returnValue(room_id)
except Exception as e:
logger.error(f"Failed to resolve room alias {room_alias}: {e}")
returnValue(None)
@inlineCallbacks
def get_blocklist_allowlist(self):
current_time = time.time()
# Update cache if expired
if current_time - self.cache_timestamp > self.cache_expiry_time:
yield self.update_blocklist_allowlist()
if self.allow_all_invites_on_error:
logger.info("Skipping allowlist/blocklist checks because of previous JSON fetch failure.")
returnValue((set(), set(), set()))
# Return cached blocklist, allowlist, and blocklist room IDs
returnValue((self.blocklist, self.allowlist, self.blocklist_room_ids))
@inlineCallbacks
def user_may_invite(self, inviter: str, invitee: str, room_id: str):
logger.info(f"Checking invite from {inviter} to {invitee} for room {room_id}")
if self.allow_all_invites_on_error:
logger.info(f"Allowing invite from {inviter} to {invitee} due to previous JSON fetch failure.")
returnValue("NOT_SPAM")
blocklist, allowlist, blocklist_room_ids = yield self.get_blocklist_allowlist()
inviter_domain = UserID.from_string(inviter).domain
logger.debug(f"Blocklist: {blocklist}, Allowlist: {allowlist}, Blocklist Room IDs: {blocklist_room_ids}")
if self.use_allowlist:
logger.info(f"Allowlist enabled. Checking domain: {inviter_domain}")
if inviter_domain in allowlist:
logger.info(f"Invite allowed: {inviter_domain} is on the allowlist")
returnValue("NOT_SPAM")
if room_id in blocklist_room_ids:
logger.info(f"Invite blocked: room {room_id} is blocklisted")
returnValue(errors.Codes.FORBIDDEN)
if self.use_blocklist:
logger.info(f"Blocklist enabled. Checking {inviter}")
if inviter_domain in blocklist:
logger.info(f"Invite blocked: {inviter_domain} is on the blocklist")
returnValue(errors.Codes.FORBIDDEN)
if inviter in blocklist:
logger.info(f"Invite blocked: {inviter} is on the blocklist")
returnValue(errors.Codes.FORBIDDEN)
elif self.use_allowlist and inviter_domain not in allowlist:
logger.info(f"Invite blocked: {inviter_domain} is not on the allowlist")
returnValue(errors.Codes.FORBIDDEN)
logger.info(f"Invite allowed by default: {inviter}")
returnValue("NOT_SPAM")
Reference in a new issue View git blame Copy permalink