Skip to content
This repository has been archived by the owner on Nov 14, 2024. It is now read-only.

Implement MSC3916 #3397

Merged
merged 17 commits into from
Aug 16, 2024
Merged

Implement MSC3916 #3397

merged 17 commits into from
Aug 16, 2024

Conversation

S7evinK
Copy link
Contributor

@S7evinK S7evinK commented Jul 27, 2024

@S7evinK S7evinK requested a review from a team as a code owner July 27, 2024 18:40
Copy link

codecov bot commented Jul 27, 2024

Codecov Report

Attention: Patch coverage is 32.92683% with 110 lines in your changes missing coverage. Please review.

Project coverage is 68.10%. Comparing base (c876790) to head (6f17931).
Report is 4 commits behind head on main.

Files Patch % Lines
mediaapi/routing/download.go 31.76% 46 Missing and 12 partials ⚠️
federationapi/routing/routing.go 8.00% 22 Missing and 1 partial ⚠️
mediaapi/routing/routing.go 58.82% 14 Missing ⚠️
internal/httputil/httpapi.go 13.33% 12 Missing and 1 partial ⚠️
clientapi/routing/routing.go 50.00% 0 Missing and 1 partial ⚠️
userapi/internal/key_api.go 0.00% 0 Missing and 1 partial ⚠️
Additional details and impacted files
@@            Coverage Diff             @@
##             main    #3397      +/-   ##
==========================================
- Coverage   68.24%   68.10%   -0.15%     
==========================================
  Files         513      513              
  Lines       46865    47176     +311     
==========================================
+ Hits        31983    32127     +144     
- Misses      10891    11045     +154     
- Partials     3991     4004      +13     
Flag Coverage Δ
unittests 53.26% <32.92%> (-0.13%) ⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@S7evinK
Copy link
Contributor Author

S7evinK commented Jul 27, 2024

Complement PR: matrix-org/complement#731

@S7evinK S7evinK mentioned this pull request Aug 3, 2024
2 tasks
mediaapi/routing/download.go Outdated Show resolved Hide resolved
mediaapi/routing/download.go Outdated Show resolved Hide resolved
mediaapi/routing/download.go Outdated Show resolved Hide resolved
mediaapi/routing/download.go Outdated Show resolved Hide resolved
clientapi/routing/routing.go Outdated Show resolved Hide resolved
// create request for remote file
resp, err := client.CreateMediaDownloadRequest(ctx, r.MediaMetadata.Origin, string(r.MediaMetadata.MediaID))
// Attempt to download via authenticated media endpoint
isMultiPart := true
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I find the name isMutiPart a bit confusing. After some digging in the spec I think I understand where it comes from, but a `isAuthed' or something would be easier to understand.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Agreed. It's an implementation detail that the authed endpoint needs multipart, so prefer isAuthed right up until you're forced to process the response.

if resp != nil && resp.StatusCode == http.StatusNotFound {
return "", false, fmt.Errorf("File with media ID %q does not exist on %s", r.MediaMetadata.MediaID, r.MediaMetadata.Origin)
isMultiPart = false
// try again on the unauthed endpoint
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

fallback to unauthed download should only be done when status code is 404 according to the spec. Here it is done on all errors. Status code can also be 429, 502 or 504, They should probably be handled in their own ways.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

True, but what if e.g. matrix.org (or CF in that matter), returns a 520? (or whatever the response was for "CF is upset").
Going to revisit this in another PR, though.

Copy link
Member

@kegsay kegsay left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

A few things:

  • restructure the download functions to make the fallback logic clearer,
  • double check error handling / messages as numerous ones aren't logging the right thing,
  • add tests, at the very least for the multipart stuff as it seems pretty complex and fiddly. There's examples in the MSC itself, so I suggest you use them for the tests.

@@ -678,6 +679,53 @@ func MakeFedAPI(
return httputil.MakeExternalAPI(metricsName, h)
}

// MakeFedAPI makes an http.Handler that checks matrix federation authentication.
func MakeFedAPIHTML(
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It ain't HTML though?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

While true, we also have MakeHTMLAPI, with basically the same function signature. That's why I named it that way, could be MakeFedHTMLAPI, though.

@@ -61,6 +64,9 @@ type downloadRequest struct {
ThumbnailSize types.ThumbnailSize
Logger *log.Entry
DownloadFilename string
forFederation bool // whether we need to return a multipart/mixed response
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Flag is unclear. Is this implying that the download is over fed? Or the response will be sent via fed?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That it's the response for an incoming federation request.

// create request for remote file
resp, err := client.CreateMediaDownloadRequest(ctx, r.MediaMetadata.Origin, string(r.MediaMetadata.MediaID))
// Attempt to download via authenticated media endpoint
isMultiPart := true
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Agreed. It's an implementation detail that the authed endpoint needs multipart, so prefer isAuthed right up until you're forced to process the response.

mediaapi/routing/download.go Outdated Show resolved Hide resolved
@@ -767,19 +826,94 @@ func (r *downloadRequest) fetchRemoteFile(
) (types.Path, bool, error) {
r.Logger.Debug("Fetching remote file")

// create request for remote file
resp, err := client.CreateMediaDownloadRequest(ctx, r.MediaMetadata.Origin, string(r.MediaMetadata.MediaID))
// Attempt to download via authenticated media endpoint
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I would have structured this differently, and instead spun off from fetchRemoteFile into fetchRemoteFileUnauthenticated and fetchRemteFileAuthenticated. Then the fallback becomes a lot clearer to read. At present, it's all mixed up in the impl.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That would be an exercise when refactoring/rewriting the entire MediaAPI, imho.

mediaapi/routing/download.go Outdated Show resolved Hide resolved
mediaapi/routing/download.go Outdated Show resolved Hide resolved
mediaapi/routing/download.go Outdated Show resolved Hide resolved
mediaapi/routing/download.go Outdated Show resolved Hide resolved
@S7evinK S7evinK requested a review from kegsay August 9, 2024 06:18
Copy link
Member

@kegsay kegsay left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Still needs tests. Unit tests for new code is not a big ask here and should land before this PR does. Ideally we'd test control flow here as it's complex, but that is a bigger ask and would need more refactoring to do correctly.

internal/httputil/httpapi.go Outdated Show resolved Hide resolved
federationapi/routing/routing.go Outdated Show resolved Hide resolved
mediaapi/routing/routing.go Outdated Show resolved Hide resolved
mediaapi/routing/routing.go Outdated Show resolved Hide resolved
mediaapi/routing/routing.go Outdated Show resolved Hide resolved
mediaapi/routing/routing.go Show resolved Hide resolved
mediaapi/routing/download.go Outdated Show resolved Hide resolved
mediaapi/routing/download.go Outdated Show resolved Hide resolved
@S7evinK S7evinK merged commit 7a4ef24 into main Aug 16, 2024
18 of 20 checks passed
@S7evinK S7evinK deleted the s7evink/authed-media branch August 16, 2024 10:38
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants