Add application service support to blueprints (#74)

* Add application service support to blueprints

Split out from #68

* Revert always showing logs

* Add comment doc

* Some nits and remove the volume paths

 - Seems like the `Volumes` syntax is to create an anonymous volume, https://stackoverflow.com/a/58916037/796832
 - And lots of people not knowing what `Volumes` syntax is or what to do. Seems like Mounts is the thing to use
    - fsouza/go-dockerclient#155
    - https://stackoverflow.com/questions/55718603/golang-docker-library-mounting-host-directory-volumes
    - https://stackoverflow.com/questions/48470194/defining-a-mount-point-for-volumes-in-golang-docker-sdk

* Address review and add comment docs

* Revert lint change already in other PR #73

* Path escape AS IDs to avoid directory traversal attacks

Co-authored-by: Kegan Dougal <[email protected]>

Author: MadLittleMods

dockerfiles/synapse/homeserver.yaml

@@ -92,6 +92,13 @@ rc_joins:
 
 federation_rr_transactions_per_room_per_second: 9999
 
+## API Configuration ##
+
+# A list of application service config files to use
+#
+app_service_config_files:
+AS_REGISTRATION_FILES  
+
 ## Experimental Features ##
 
 experimental_features:

dockerfiles/synapse/start.sh

@@ -1,9 +1,22 @@
-#!/bin/sh
+#!/bin/bash
 
 set -e
 
 sed -i "s/SERVER_NAME/${SERVER_NAME}/g" /conf/homeserver.yaml
 
+# Add the application service registration files to the homeserver.yaml config
+for filename in /appservices/*.yaml; do
+  [ -f "$filename" ] || break
+
+  as_id=$(basename "$filename" .yaml)
+
+  # Insert the path to the registration file and the AS_REGISTRATION_FILES marker after 
+  # so we can add the next application service in the next iteration of this for loop
+  sed -i "s/AS_REGISTRATION_FILES/  - \/appservices\/${as_id}.yaml\nAS_REGISTRATION_FILES/g" /conf/homeserver.yaml
+done
+# Remove the AS_REGISTRATION_FILES entry
+sed -i "s/AS_REGISTRATION_FILES//g" /conf/homeserver.yaml
+
 # generate an ssl cert for the server, signed by our dummy CA
 openssl req -new -key /conf/server.tls.key -out /conf/server.tls.csr \
   -subj "/CN=${SERVER_NAME}"

internal/b/blueprints.go

@@ -15,6 +15,8 @@
 package b
 
 import (
+	"crypto/rand"
+	"encoding/hex"
 	"fmt"
 	"strconv"
 	"strings"
@@ -26,6 +28,7 @@ var KnownBlueprints = map[string]*Blueprint{
 	BlueprintAlice.Name:                       &BlueprintAlice,
 	BlueprintFederationOneToOneRoom.Name:      &BlueprintFederationOneToOneRoom,
 	BlueprintFederationTwoLocalOneRemote.Name: &BlueprintFederationTwoLocalOneRemote,
+	BlueprintHSWithApplicationService.Name:    &BlueprintHSWithApplicationService,
 	BlueprintOneToOneRoom.Name:                &BlueprintOneToOneRoom,
 	BlueprintPerfManyMessages.Name:            &BlueprintPerfManyMessages,
 	BlueprintPerfManyRooms.Name:               &BlueprintPerfManyRooms,
@@ -46,6 +49,8 @@ type Homeserver struct {
 	Users []User
 	// The list of rooms to create on this homeserver
 	Rooms []Room
+	// The list of application services to create on the homeserver
+	ApplicationServices []ApplicationService
 }
 
 type User struct {
@@ -68,6 +73,15 @@ type Room struct {
 	Events     []Event
 }
 
+type ApplicationService struct {
+	ID              string
+	HSToken         string
+	ASToken         string
+	URL             string
+	SenderLocalpart string
+	RateLimited     bool
+}
+
 type Event struct {
 	Type     string
 	Sender   string
@@ -107,7 +121,14 @@ func Validate(bp Blueprint) (Blueprint, error) {
 				return bp, err
 			}
 		}
+		for i, as := range hs.ApplicationServices {
+			hs.ApplicationServices[i], err = normalizeApplicationService(as)
+			if err != nil {
+				return bp, err
+			}
+		}
 	}
+
 	return bp, nil
 }
 
@@ -152,6 +173,25 @@ func normaliseUser(u string, hsName string) (string, error) {
 	return u, nil
 }
 
+func normalizeApplicationService(as ApplicationService) (ApplicationService, error) {
+	hsToken := make([]byte, 32)
+	_, err := rand.Read(hsToken)
+	if err != nil {
+		return as, err
+	}
+
+	asToken := make([]byte, 32)
+	_, err = rand.Read(asToken)
+	if err != nil {
+		return as, err
+	}
+
+	as.HSToken = hex.EncodeToString(hsToken)
+	as.ASToken = hex.EncodeToString(asToken)
+
+	return as, err
+}
+
 // Ptr returns a pointer to `in`, because Go doesn't allow you to inline this.
 func Ptr(in string) *string {
 	return &in

internal/b/hs_with_application_service.go

@@ -0,0 +1,25 @@
+package b
+
+// BlueprintHSWithApplicationService who has an application service to interact with
+var BlueprintHSWithApplicationService = MustValidate(Blueprint{
+	Name: "alice",
+	Homeservers: []Homeserver{
+		{
+			Name: "hs1",
+			Users: []User{
+				{
+					Localpart:   "@alice",
+					DisplayName: "Alice",
+				},
+			},
+			ApplicationServices: []ApplicationService{
+				{
+					ID:              "my_as_id",
+					URL:             "http://localhost:9000",
+					SenderLocalpart: "the-bridge-user",
+					RateLimited:     false,
+				},
+			},
+		},
+	},
+})