refactor: address code review feedback for auth and pagination improvements

- Extract duplicated thread/message pagination functions to shared utils module - Refactor pagination token parsing to use Option combinators instead of defaults - Split access token generation from assignment for clearer error handling - Add appservice token collision detection at startup and registration - Allow appservice re-registration with same token (for config updates) - Simplify thread relation chunk building using iterator chaining - Fix saturating_inc edge case in relation queries with explicit filtering - Add concise comments explaining non-obvious behaviour choices
2025-09-11 04:13:03 +02:00 · 2025-08-11 06:24:29 +01:00 · 2025-08-11 06:24:29 +01:00 · 583cb924f1
commit 583cb924f1
parent 9286838d23
9 changed files with 149 additions and 151 deletions
--- a/src/api/client/message.rs
+++ b/src/api/client/message.rs
@ -1,9 +1,9 @@
 use axum::extract::State;
 use conduwuit::{
-	Err, Result, at, err,
+	Err, Result, at,
 	matrix::{
 		event::{Event, Matches},
-		pdu::{PduCount, ShortEventId},
+		pdu::PduCount,
 	},
 	ref_at,
 	utils::{
@ -35,6 +35,7 @@ use ruma::{
 };
 use tracing::warn;

+use super::utils::{count_to_token, parse_pagination_token as parse_token};
 use crate::Ruma;

 /// list of safe and common non-state events to ignore if the user is ignored
@ -61,39 +62,6 @@ const IGNORED_MESSAGE_TYPES: &[TimelineEventType] = &[
 const LIMIT_MAX: usize = 100;
 const LIMIT_DEFAULT: usize = 10;

-/// Parse a pagination token, trying ShortEventId first, then falling back to
-/// PduCount
-async fn parse_pagination_token(
-	_services: &Services,
-	_room_id: &RoomId,
-	token: Option<&str>,
-	default: PduCount,
-) -> Result<PduCount> {
-	let Some(token) = token else {
-		return Ok(default);
-	};
-
-	// Try parsing as ShortEventId first
-	if let Ok(shorteventid) = token.parse::<ShortEventId>() {
-		// ShortEventId maps directly to a PduCount in our database
-		Ok(PduCount::Normal(shorteventid))
-	} else if let Ok(count) = token.parse::<u64>() {
-		// Fallback to PduCount for backwards compatibility
-		Ok(PduCount::Normal(count))
-	} else if let Ok(count) = token.parse::<i64>() {
-		// Also handle negative counts for backfilled events
-		Ok(PduCount::from_signed(count))
-	} else {
-		Err(err!(Request(InvalidParam("Invalid pagination token"))))
-	}
-}
-
-/// Convert a PduCount to a token string (using the underlying ShortEventId)
-fn count_to_token(count: PduCount) -> String {
-	// The PduCount's unsigned value IS the ShortEventId
-	count.into_unsigned().to_string()
-}
-
 /// # `GET /_matrix/client/r0/rooms/{roomId}/messages`
 ///
 /// Allows paginating through room history.
@ -114,18 +82,17 @@ pub(crate) async fn get_message_events_route(
 		return Err!(Request(Forbidden("Room does not exist to this server")));
 	}

-	let from: PduCount =
-		parse_pagination_token(&services, room_id, body.from.as_deref(), match body.dir {
+	let from: PduCount = body
+		.from
+		.as_deref()
+		.map(parse_token)
+		.transpose()?
+		.unwrap_or_else(|| match body.dir {
 			| Direction::Forward => PduCount::min(),
 			| Direction::Backward => PduCount::max(),
-		})
-		.await?;
+		});

-	let to: Option<PduCount> = if let Some(to_str) = body.to.as_deref() {
-		Some(parse_pagination_token(&services, room_id, Some(to_str), PduCount::min()).await?)
-	} else {
-		None
-	};
+	let to: Option<PduCount> = body.to.as_deref().map(parse_token).transpose()?;

 	let limit: usize = body
 		.limit
--- a/src/api/client/mod.rs
+++ b/src/api/client/mod.rs
@ -36,6 +36,7 @@ pub(super) mod typing;
 pub(super) mod unstable;
 pub(super) mod unversioned;
 pub(super) mod user_directory;
+pub(super) mod utils;
 pub(super) mod voip;
 pub(super) mod well_known;

--- a/src/api/client/relations.rs
+++ b/src/api/client/relations.rs
@ -1,11 +1,7 @@
 use axum::extract::State;
 use conduwuit::{
-	Result, at, err,
-	matrix::{
-		Event,
-		event::RelationTypeEqual,
-		pdu::{PduCount, ShortEventId},
-	},
+	Result, at,
+	matrix::{Event, event::RelationTypeEqual, pdu::PduCount},
 	utils::{IterStream, ReadyExt, result::FlatOk, stream::WidebandExt},
 };
 use conduwuit_service::Services;
@ -22,42 +18,9 @@ use ruma::{
 	events::{TimelineEventType, relation::RelationType},
 };

+use super::utils::{count_to_token, parse_pagination_token as parse_token};
 use crate::Ruma;

-/// Parse a pagination token, trying ShortEventId first, then falling back to
-/// PduCount
-async fn parse_pagination_token(
-	_services: &Services,
-	_room_id: &RoomId,
-	token: Option<&str>,
-	default: PduCount,
-) -> Result<PduCount> {
-	let Some(token) = token else {
-		return Ok(default);
-	};
-
-	// Try parsing as ShortEventId first
-	if let Ok(shorteventid) = token.parse::<ShortEventId>() {
-		// ShortEventId maps directly to a PduCount in our database
-		// The shorteventid IS the count value, just need to wrap it
-		Ok(PduCount::Normal(shorteventid))
-	} else if let Ok(count) = token.parse::<u64>() {
-		// Fallback to PduCount for backwards compatibility
-		Ok(PduCount::Normal(count))
-	} else if let Ok(count) = token.parse::<i64>() {
-		// Also handle negative counts for backfilled events
-		Ok(PduCount::from_signed(count))
-	} else {
-		Err(err!(Request(InvalidParam("Invalid pagination token"))))
-	}
-}
-
-/// Convert a PduCount to a token string (using the underlying ShortEventId)
-fn count_to_token(count: PduCount) -> String {
-	// The PduCount's unsigned value IS the ShortEventId
-	count.into_unsigned().to_string()
-}
-
 /// # `GET /_matrix/client/r0/rooms/{roomId}/relations/{eventId}/{relType}/{eventType}`
 pub(crate) async fn get_relating_events_with_rel_type_and_event_type_route(
 	State(services): State<crate::State>,
@ -147,17 +110,15 @@ async fn paginate_relations_with_filter(
 	recurse: bool,
 	dir: Direction,
 ) -> Result<get_relating_events::v1::Response> {
-	let start: PduCount = parse_pagination_token(services, room_id, from, match dir {
-		| Direction::Forward => PduCount::min(),
-		| Direction::Backward => PduCount::max(),
-	})
-	.await?;
+	let start: PduCount = from
+		.map(parse_token)
+		.transpose()?
+		.unwrap_or_else(|| match dir {
+			| Direction::Forward => PduCount::min(),
+			| Direction::Backward => PduCount::max(),
+		});

-	let to: Option<PduCount> = if let Some(to_str) = to {
-		Some(parse_pagination_token(services, room_id, Some(to_str), PduCount::min()).await?)
-	} else {
-		None
-	};
+	let to: Option<PduCount> = to.map(parse_token).transpose()?;

 	// Use limit or else 30, with maximum 100
 	let limit: usize = limit
@ -238,18 +199,11 @@ async fn paginate_relations_with_filter(
 	};

 	// Build the response chunk with thread root if needed
-	let chunk: Vec<_> = if let Some(root) = root_event {
-		// Add root event at the beginning for backward pagination
-		std::iter::once(root.into_format())
-			.chain(events.into_iter().map(at!(1)).map(Event::into_format))
-			.collect()
-	} else {
-		events
-			.into_iter()
-			.map(at!(1))
-			.map(Event::into_format)
-			.collect()
-	};
+	let chunk: Vec<_> = root_event
+		.into_iter()
+		.map(Event::into_format)
+		.chain(events.into_iter().map(at!(1)).map(Event::into_format))
+		.collect();

 	Ok(get_relating_events::v1::Response {
 		next_batch,
--- a/src/api/client/session.rs
+++ b/src/api/client/session.rs
@ -198,8 +198,8 @@ pub(crate) async fn login_route(
 		.clone()
 		.unwrap_or_else(|| utils::random_string(DEVICE_ID_LENGTH).into());

-	// Generate a new token for the device
-	let token = utils::random_string(TOKEN_LENGTH);
+	// Generate a new token for the device (ensuring no collisions)
+	let token = services.users.generate_unique_token().await;

 	// Determine if device_id was provided and exists in the db for this user
 	let device_exists = if body.device_id.is_some() {
--- a/src/api/client/utils.rs
+++ b/src/api/client/utils.rs
@ -0,0 +1,28 @@
+use conduwuit::{
+	Result, err,
+	matrix::pdu::{PduCount, ShortEventId},
+};
+
+/// Parse a pagination token, trying ShortEventId first, then falling back to
+/// PduCount
+pub(crate) fn parse_pagination_token(token: &str) -> Result<PduCount> {
+	// Try parsing as ShortEventId first
+	if let Ok(shorteventid) = token.parse::<ShortEventId>() {
+		// ShortEventId maps directly to a PduCount in our database
+		Ok(PduCount::Normal(shorteventid))
+	} else if let Ok(count) = token.parse::<u64>() {
+		// Fallback to PduCount for backwards compatibility
+		Ok(PduCount::Normal(count))
+	} else if let Ok(count) = token.parse::<i64>() {
+		// Also handle negative counts for backfilled events
+		Ok(PduCount::from_signed(count))
+	} else {
+		Err(err!(Request(InvalidParam("Invalid pagination token"))))
+	}
+}
+
+/// Convert a PduCount to a token string (using the underlying ShortEventId)
+pub(crate) fn count_to_token(count: PduCount) -> String {
+	// The PduCount's unsigned value IS the ShortEventId
+	count.into_unsigned().to_string()
+}
--- a/src/api/router/auth.rs
+++ b/src/api/router/auth.rs
@ -355,6 +355,7 @@ async fn find_token(services: &Services, token: Option<&str>) -> Result<Token> {
 		.map_ok(Token::Appservice);

 	pin_mut!(user_token, appservice_token);
+	// Returns Ok if either token type succeeds, Err only if both fail
 	match select_ok([Left(user_token), Right(appservice_token)]).await {
 		| Err(e) if !e.is_not_found() => Err(e),
 		| Ok((token, _)) => Ok(token),