Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

MSC3266: Room summary API #3266

Open
wants to merge 27 commits into
base: old_master
Choose a base branch
from

Conversation

deepbluev7
Copy link
Contributor

@deepbluev7 deepbluev7 commented Jul 4, 2021

Rendered.

Somewhat related to MSC2946 this provides an API to get a summary for a specific room either from the local server or over federation.

Useful for a few cases, where you need to show a summary for a room like matrix.to, traveler bots, showing spaces, lightweight clients, etc.

Open design questions looking for feedback: see this comment chain: #3266 (comment) resolved as of 2021/10/06

Implementations:

Signed-off-by: Nicolas Werner nicolas.werner@hotmail.de


SCT stuff:

Checklist: #3266 (comment)

Signed-off-by: Nicolas Werner <nicolas.werner@hotmail.de>
@deepbluev7 deepbluev7 changed the title Room summary proposal MSC3266: Room summary proposal Jul 4, 2021
@deepbluev7 deepbluev7 changed the title MSC3266: Room summary proposal MSC3266: Room summary Jul 4, 2021
@turt2live turt2live added client-server Client-Server API kind:feature MSC for not-core and not-maintenance stuff needs-implementation This MSC does not have a qualifying implementation for the SCT to review. The MSC cannot enter FCP. proposal A matrix spec change proposal proposal-in-review labels Jul 5, 2021
@deepbluev7 deepbluev7 changed the title MSC3266: Room summary MSC3266: Room summary API Jul 11, 2021
Signed-off-by: Nicolas Werner <nicolas.werner@hotmail.de>
Comment on lines 154 to 156
- The `/state` API could be used, but the response is much bigger than needed,
can't be cached as easily and may need more requests. This also doesn't work
over federation (yet).
Copy link
Member

@t3chguy t3chguy Jul 14, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Also the /state API also doesn't return stripped state events so would not have access to said data based on the Stripped State MSC https://matrix.org/docs/spec/client_server/r0.6.1#get-matrix-client-r0-rooms-roomid-state

The specific state API does return stripped state (because consistency, what's that) https://matrix.org/docs/spec/client_server/r0.6.1#get-matrix-client-r0-rooms-roomid-state-eventtype-statekey

But would require MANY API hits and not be able to reach all the data (e.g num_joined_members would not be possible)

Signed-off-by: Nicolas Werner <nicolas.werner@hotmail.de>
…est of the path separate

Signed-off-by: Nicolas Werner <nicolas.werner@hotmail.de>
That way the requesting server knows, if any user would have access to
that room and it can forward the room to the user.

Signed-off-by: Nicolas Werner <nicolas.werner@hotmail.de>
@t3chguy
Copy link
Member

t3chguy commented Oct 24, 2022

An interesting future consumer of this work could be shields.io - https://github.com/badges/shields/blob/master/services/matrix/matrix.service.js currently registers a bunch of guests and uses the /state/ API so a dedicated API which doesn't require auth would be ideal.

@richvdh
Copy link
Member

richvdh commented Dec 13, 2022

Still lots of outstanding questions from previous reviews here. @deepbluev7 are you still interested in pursuing this?

@deepbluev7
Copy link
Contributor Author

Yeah, I am still pursuing this, but I need to update it to work with the new room join rule, since there knocking and restricted joins are not distinguishable, so the allowed roomids need to be exposed, possibly prefiltered. But since my clients now need the unstable endpoint anyway in a few released versions, I am not as much in a hurry anymore.

@turt2live
Copy link
Member

I'm going to take this off the SCT's priority list in that case. There is a bit of a problem if clients are relying on the unstable endpoint existing (as we're seeing happen outside of just your clients) - ideally, the MSC moves forward at a more hurried pace to avoid problems related to defacto spec.

For reference, how we'd likely avoid defacto spec being an issue here is recommend the feature for removal from Synapse, forcing clients to treat the functionality as unstable.

@deepbluev7
Copy link
Contributor Author

Well, the spec team told me to prioritize #3664, so that's what I did. Now that is stuck again. Before that, this MSC was stuck because there weren't enough implementations and half of the comments are nitpicking about wording or names, instead of actually being helpful to the content of the MSC, so it simply takes a bit of time to work on things. I changed some sentences 3 or more times. It simply takes a bit of time to please everyone with the wording, since if you react quickly, you end up just changing it back again on the next comment.

I think the 2 open points, that are actually important for the functionality of the MSC are:

  • error codes
  • No information about if you can join a restricted_knock room

The rest, in my opinion, is arguing about how specific things are worded or if a specific sentence "is important".

Co-authored-by: Alexey Rusakov <Kitsune-Ral@users.sf.net>
@melroy89
Copy link

Also still not merged? We have a lot of users now complaining they can't see the rooms in the Matrix space. Most likely people are using Dendrite. Please consider making it out of beta this year...

@deepbluev7
Copy link
Contributor Author

@melroy89 Previewing rooms in a space is already part of the spec. This is for rooms outside the space hierarchy.

@melroy89
Copy link

@melroy89 Previewing rooms in a space is already part of the spec. This is for rooms outside the space hierarchy.

Ah I see, since that still needs to be enabled manually in Dendrite?
https://github.com/matrix-org/dendrite/blob/main/docs/FAQ.md#does-dendrite-support-space-summaries

@deepbluev7
Copy link
Contributor Author

That's because the devs didn't get around to stabilizing it and has little to do with the spec.

@aine-etke
Copy link

yingziwu added a commit to yingziwu/synapse that referenced this pull request May 15, 2024
Synapse 1.107.0 (2024-05-14)
============================

No significant changes since 1.107.0rc1.

- Add preliminary support for [MSC3823: Account Suspension](matrix-org/matrix-spec-proposals#3823). ([\#17051](element-hq/synapse#17051))
- Declare support for [Matrix v1.10](https://matrix.org/blog/2024/03/22/matrix-v1.10-release/). Contributed by @clokep. ([\#17082](element-hq/synapse#17082))
- Add support for [MSC4115: membership metadata on events](matrix-org/matrix-spec-proposals#4115). ([\#17104](element-hq/synapse#17104), [\#17137](element-hq/synapse#17137))

- Fixed search feature of Element Android on homesevers using SQLite by returning search terms as search highlights. ([\#17000](element-hq/synapse#17000))
- Fixes a bug introduced in v1.52.0 where the `destination` query parameter for the  [Destination Rooms Admin API](https://element-hq.github.io/synapse/v1.105/usage/administration/admin_api/federation.html#destination-rooms) failed to actually filter returned rooms. ([\#17077](element-hq/synapse#17077))
- For MSC3266 room summaries, support queries at the recommended endpoint of `/_matrix/client/unstable/im.nheko.summary/summary/{roomIdOrAlias}`. The existing endpoint of `/_matrix/client/unstable/im.nheko.summary/rooms/{roomIdOrAlias}/summary` is deprecated. ([\#17078](element-hq/synapse#17078))
- Apply user email & picture during OIDC registration if present & selected. ([\#17120](element-hq/synapse#17120))
- Improve error message for cross signing reset with [MSC3861](matrix-org/matrix-spec-proposals#3861) enabled. ([\#17121](element-hq/synapse#17121))
- Fix a bug which meant that to-device messages received over federation could be dropped when the server was under load or networking problems caused problems between Synapse processes or the database. ([\#17127](element-hq/synapse#17127))
- Fix bug where `StreamChangeCache` would not respect configured cache factors. ([\#17152](element-hq/synapse#17152))

- Correct licensing metadata on Docker image. ([\#17141](element-hq/synapse#17141))

- Update the `event_cache_size` and `global_factor` configuration options' documentation. ([\#17071](element-hq/synapse#17071))
- Remove broken sphinx docs. ([\#17073](element-hq/synapse#17073), [\#17148](element-hq/synapse#17148))
- Add RuntimeDirectory to example matrix-synapse.service systemd unit. ([\#17084](element-hq/synapse#17084))
- Fix various small typos throughout the docs. ([\#17114](element-hq/synapse#17114))
- Update enable_notifs configuration documentation. ([\#17116](element-hq/synapse#17116))
- Update the Upgrade Notes with the latest minimum supported Rust version of 1.66.0. Contributed by @jahway603. ([\#17140](element-hq/synapse#17140))

- Enable [MSC3266](matrix-org/matrix-spec-proposals#3266) by default in the Synapse Complement image. ([\#17105](element-hq/synapse#17105))
- Add optimisation to `StreamChangeCache.get_entities_changed(..)`. ([\#17130](element-hq/synapse#17130))

* Bump furo from 2024.1.29 to 2024.4.27. ([\#17133](element-hq/synapse#17133))
* Bump idna from 3.6 to 3.7. ([\#17136](element-hq/synapse#17136))
* Bump jsonschema from 4.21.1 to 4.22.0. ([\#17157](element-hq/synapse#17157))
* Bump lxml from 5.1.0 to 5.2.1. ([\#17158](element-hq/synapse#17158))
* Bump phonenumbers from 8.13.29 to 8.13.35. ([\#17106](element-hq/synapse#17106))
- Bump pillow from 10.2.0 to 10.3.0. ([\#17146](element-hq/synapse#17146))
* Bump pydantic from 2.6.4 to 2.7.0. ([\#17107](element-hq/synapse#17107))
* Bump pydantic from 2.7.0 to 2.7.1. ([\#17160](element-hq/synapse#17160))
* Bump pyicu from 2.12 to 2.13. ([\#17109](element-hq/synapse#17109))
* Bump serde from 1.0.197 to 1.0.198. ([\#17111](element-hq/synapse#17111))
* Bump serde from 1.0.198 to 1.0.199. ([\#17132](element-hq/synapse#17132))
* Bump serde from 1.0.199 to 1.0.200. ([\#17161](element-hq/synapse#17161))
* Bump serde_json from 1.0.115 to 1.0.116. ([\#17112](element-hq/synapse#17112))
- Update `tornado` Python dependency from 6.2 to 6.4. ([\#17131](element-hq/synapse#17131))
* Bump twisted from 23.10.0 to 24.3.0. ([\#17135](element-hq/synapse#17135))
* Bump types-bleach from 6.1.0.1 to 6.1.0.20240331. ([\#17110](element-hq/synapse#17110))
* Bump types-pillow from 10.2.0.20240415 to 10.2.0.20240423. ([\#17159](element-hq/synapse#17159))
* Bump types-setuptools from 69.0.0.20240125 to 69.5.0.20240423. ([\#17134](element-hq/synapse#17134))
| num_joined_members | Required. Member count of the room | Copied from `publicRooms`. |
| topic | Optional. Topic of the room | Copied from `publicRooms`. |
| world_readable | Required. If the room history can be read without joining. | Copied from `publicRooms`. |
| join_rule | Optional. Join rules of the room | Copied from `publicRooms`. |
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

With the introduction of knock_restricted, knowing the join rule isn't sufficient to know which method the room can be joined via. As such the response should also include the allowedRoomIds, that the user is joined to or so.

Comment on lines +33 to +35
The API returns a summary of the given room, provided the user is either already
a member, or has the necessary permissions to join. (For example, the user may
be a member of a room mentioned in an `allow` condition in the join rules of a
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's not clear if this includes invites. It probably should, but that should be explicitly mentioned in the MSC.

This API could also be used for denial of service type attacks. Appropriate
ratelimiting and caching should be able to mitigate that.

## Unstable prefix
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This should also define a new unstable_features flag for GET /_matrix/client/versions.

For example, adapting from MSC3026:

servers implementing this MSC must expose a flag in GET /_matrix/client/versions responses, under unstable_features, named im.nheko.msc3266, which is set to true.

Other MSCs that define an unstable_features are MSC2432, MSC2666, MSC2285, MSC3827, and MSC3440.

@turt2live
Copy link
Member

The SCT is aiming to ensure MSCs actually pass the checklist before FCP is proposed. This comment is that checklist tracking.

  • Are appropriate implementation(s) specified in the MSC’s PR description?
  • Are all MSCs that this MSC depends on already accepted?
  • For each new endpoint that is introduced:
    • Have authentication requirements been specified?
    • Have rate-limiting requirements been specified?
    • Have guest access requirements been specified?
    • Are error responses specified?
      • Does each error case have a specified errcode (e.g. M_FORBIDDEN) and HTTP status code?
        • If a new errcode is introduced, is it clear that it is new?
  • Will the MSC require a new room version, and if so, has that been made clear?
    • Is the reason for a new room version clearly stated? For example, modifying the set of redacted fields changes how event IDs are calculated, thus requiring a new room version.
  • Are backwards-compatibility concerns appropriately addressed?
  • Are the endpoint conventions honoured?
    • Do HTTP endpoints use_underscores_like_this?
    • Will the endpoint return unbounded data? If so, has pagination been considered?
    • If the endpoint utilises pagination, is it consistent with the appendices?
  • An introduction exists and clearly outlines the problem being solved. Ideally, the first paragraph should be understandable by a non-technical audience.
  • All outstanding threads are resolved
    • All feedback is incorporated into the proposal text itself, either as a fix or noted as an alternative
  • While the exact sections do not need to be present, the details implied by the proposal template are covered. Namely:
    • Introduction
    • Proposal text
    • Potential issues
    • Alternatives
    • Dependencies
  • Stable identifiers are used throughout the proposal, except for the unstable prefix section
    • Unstable prefixes consider the awkward accepted-but-not-merged state
    • Chosen unstable prefixes do not pollute any global namespace (use “org.matrix.mscXXXX”, not “org.matrix”).
  • Changes have applicable Sign Off from all authors/editors/contributors
  • There is a dedicated "Security Considerations" section which detail any possible attacks/vulnerabilities this proposal may introduce, even if this is "None.". See RFC3552 for things to think about, but in particular pay attention to the OWASP Top Ten.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
client-server Client-Server API kind:feature MSC for not-core and not-maintenance stuff proposal A matrix spec change proposal
Projects
None yet
Development

Successfully merging this pull request may close these issues.