|
@@ -27,7 +27,7 @@ from twisted.internet import defer
|
|
|
|
|
|
import synapse
|
|
|
from synapse.api.constants import Membership, UserTypes
|
|
|
-from synapse.api.errors import AuthError, Codes, NotFoundError, SynapseError
|
|
|
+from synapse.api.errors import Codes, NotFoundError, SynapseError
|
|
|
from synapse.http.server import JsonResource
|
|
|
from synapse.http.servlet import (
|
|
|
RestServlet,
|
|
@@ -36,7 +36,12 @@ from synapse.http.servlet import (
|
|
|
parse_json_object_from_request,
|
|
|
parse_string,
|
|
|
)
|
|
|
-from synapse.rest.admin._base import assert_requester_is_admin, assert_user_is_admin
|
|
|
+from synapse.rest.admin._base import (
|
|
|
+ assert_requester_is_admin,
|
|
|
+ assert_user_is_admin,
|
|
|
+ historical_admin_path_patterns,
|
|
|
+)
|
|
|
+from synapse.rest.admin.media import register_servlets_for_media_repo
|
|
|
from synapse.rest.admin.server_notice_servlet import SendServerNoticeServlet
|
|
|
from synapse.types import UserID, create_requester
|
|
|
from synapse.util.versionstring import get_version_string
|
|
@@ -44,28 +49,6 @@ from synapse.util.versionstring import get_version_string
|
|
|
logger = logging.getLogger(__name__)
|
|
|
|
|
|
|
|
|
-def historical_admin_path_patterns(path_regex):
|
|
|
- """Returns the list of patterns for an admin endpoint, including historical ones
|
|
|
-
|
|
|
- This is a backwards-compatibility hack. Previously, the Admin API was exposed at
|
|
|
- various paths under /_matrix/client. This function returns a list of patterns
|
|
|
- matching those paths (as well as the new one), so that existing scripts which rely
|
|
|
- on the endpoints being available there are not broken.
|
|
|
-
|
|
|
- Note that this should only be used for existing endpoints: new ones should just
|
|
|
- register for the /_synapse/admin path.
|
|
|
- """
|
|
|
- return list(
|
|
|
- re.compile(prefix + path_regex)
|
|
|
- for prefix in (
|
|
|
- "^/_synapse/admin/v1",
|
|
|
- "^/_matrix/client/api/v1/admin",
|
|
|
- "^/_matrix/client/unstable/admin",
|
|
|
- "^/_matrix/client/r0/admin",
|
|
|
- )
|
|
|
- )
|
|
|
-
|
|
|
-
|
|
|
class UsersRestServlet(RestServlet):
|
|
|
PATTERNS = historical_admin_path_patterns("/users/(?P<user_id>[^/]*)")
|
|
|
|
|
@@ -255,25 +238,6 @@ class WhoisRestServlet(RestServlet):
|
|
|
return (200, ret)
|
|
|
|
|
|
|
|
|
-class PurgeMediaCacheRestServlet(RestServlet):
|
|
|
- PATTERNS = historical_admin_path_patterns("/purge_media_cache")
|
|
|
-
|
|
|
- def __init__(self, hs):
|
|
|
- self.media_repository = hs.get_media_repository()
|
|
|
- self.auth = hs.get_auth()
|
|
|
-
|
|
|
- @defer.inlineCallbacks
|
|
|
- def on_POST(self, request):
|
|
|
- yield assert_requester_is_admin(self.auth, request)
|
|
|
-
|
|
|
- before_ts = parse_integer(request, "before_ts", required=True)
|
|
|
- logger.info("before_ts: %r", before_ts)
|
|
|
-
|
|
|
- ret = yield self.media_repository.delete_old_remote_media(before_ts)
|
|
|
-
|
|
|
- return (200, ret)
|
|
|
-
|
|
|
-
|
|
|
class PurgeHistoryRestServlet(RestServlet):
|
|
|
PATTERNS = historical_admin_path_patterns(
|
|
|
"/purge_history/(?P<room_id>[^/]*)(/(?P<event_id>[^/]+))?"
|
|
@@ -542,50 +506,6 @@ class ShutdownRoomRestServlet(RestServlet):
|
|
|
)
|
|
|
|
|
|
|
|
|
-class QuarantineMediaInRoom(RestServlet):
|
|
|
- """Quarantines all media in a room so that no one can download it via
|
|
|
- this server.
|
|
|
- """
|
|
|
-
|
|
|
- PATTERNS = historical_admin_path_patterns("/quarantine_media/(?P<room_id>[^/]+)")
|
|
|
-
|
|
|
- def __init__(self, hs):
|
|
|
- self.store = hs.get_datastore()
|
|
|
- self.auth = hs.get_auth()
|
|
|
-
|
|
|
- @defer.inlineCallbacks
|
|
|
- def on_POST(self, request, room_id):
|
|
|
- requester = yield self.auth.get_user_by_req(request)
|
|
|
- yield assert_user_is_admin(self.auth, requester.user)
|
|
|
-
|
|
|
- num_quarantined = yield self.store.quarantine_media_ids_in_room(
|
|
|
- room_id, requester.user.to_string()
|
|
|
- )
|
|
|
-
|
|
|
- return (200, {"num_quarantined": num_quarantined})
|
|
|
-
|
|
|
-
|
|
|
-class ListMediaInRoom(RestServlet):
|
|
|
- """Lists all of the media in a given room.
|
|
|
- """
|
|
|
-
|
|
|
- PATTERNS = historical_admin_path_patterns("/room/(?P<room_id>[^/]+)/media")
|
|
|
-
|
|
|
- def __init__(self, hs):
|
|
|
- self.store = hs.get_datastore()
|
|
|
-
|
|
|
- @defer.inlineCallbacks
|
|
|
- def on_GET(self, request, room_id):
|
|
|
- requester = yield self.auth.get_user_by_req(request)
|
|
|
- is_admin = yield self.auth.is_server_admin(requester.user)
|
|
|
- if not is_admin:
|
|
|
- raise AuthError(403, "You are not a server admin")
|
|
|
-
|
|
|
- local_mxcs, remote_mxcs = yield self.store.get_media_mxcs_in_room(room_id)
|
|
|
-
|
|
|
- return (200, {"local": local_mxcs, "remote": remote_mxcs})
|
|
|
-
|
|
|
-
|
|
|
class ResetPasswordRestServlet(RestServlet):
|
|
|
"""Post request to allow an administrator reset password for a user.
|
|
|
This needs user to have administrator access in Synapse.
|
|
@@ -825,7 +745,6 @@ def register_servlets(hs, http_server):
|
|
|
def register_servlets_for_client_rest_resource(hs, http_server):
|
|
|
"""Register only the servlets which need to be exposed on /_matrix/client/xxx"""
|
|
|
WhoisRestServlet(hs).register(http_server)
|
|
|
- PurgeMediaCacheRestServlet(hs).register(http_server)
|
|
|
PurgeHistoryStatusRestServlet(hs).register(http_server)
|
|
|
DeactivateAccountRestServlet(hs).register(http_server)
|
|
|
PurgeHistoryRestServlet(hs).register(http_server)
|
|
@@ -834,10 +753,13 @@ def register_servlets_for_client_rest_resource(hs, http_server):
|
|
|
GetUsersPaginatedRestServlet(hs).register(http_server)
|
|
|
SearchUsersRestServlet(hs).register(http_server)
|
|
|
ShutdownRoomRestServlet(hs).register(http_server)
|
|
|
- QuarantineMediaInRoom(hs).register(http_server)
|
|
|
- ListMediaInRoom(hs).register(http_server)
|
|
|
UserRegisterServlet(hs).register(http_server)
|
|
|
DeleteGroupAdminRestServlet(hs).register(http_server)
|
|
|
AccountValidityRenewServlet(hs).register(http_server)
|
|
|
+
|
|
|
+ # Load the media repo ones if we're using them.
|
|
|
+ if hs.config.can_load_media_repo:
|
|
|
+ register_servlets_for_media_repo(hs, http_server)
|
|
|
+
|
|
|
# don't add more things here: new servlets should only be exposed on
|
|
|
# /_synapse/admin so should not go here. Instead register them in AdminRestResource.
|