Implementation of MSC2938 #9207
Conversation
|
@Yoric asked for some early feedback on this. |
|
This relates to matrix-org/matrix-spec-proposals#2938. |
There was a problem hiding this comment.
I put some thoughts down on the code here. I think my main concern is how different reporting to a room moderator vs. a server admin is (one stores in the db, the other sends a notices message). I'm also a bit concerned that this might not make sense on other homeserver implementations or for all Synapse configs.
There was a problem hiding this comment.
Please add docstrings and type hints.
This seems very different than how we handle the ones for homeserver admins. Does this behavior make sense?
In particular note that the server notices system is disabled by default in Synapse.
In particular is there need for any more state to be kept of these reports (e.g. the admin one gets stored into a table).
There was a problem hiding this comment.
Please add docstrings and type hints.
This seems very different than how we handle the ones for homeserver admins. Does this behavior make sense?
Well, this is being summarized/discussed here. It seems to be the best way for moderators to actually receive the info.
In particular note that the server notices system is disabled by default in Synapse.
It is enabled on matrix.org and EMS, though, right?
In particular is there need for any more state to be kept of these reports (e.g. the admin one gets stored into a table).
Not as far as I can tell. It's a simple message. We can't do that for the homeserver admin because the homeserver admin doesn't have an account, but in the future, we could imagine changing how it works for admins.
|
Continuing thoughts from matrix-org/matrix-spec-proposals#2938, maybe the best course of actions would be to send EDUs to target servers (which're more likely to be dropped safely if the remote server does not support this), and add a hook into the federation receiving mechanism to check for these EDUs, and then add them to an internal database? Afterwards, when a potential MSC for homeserver-to-homeserver rooms is made ready, the mechanism can switch to that approach, while keeping the database and federation scoop. This makes the federation-injection approach a glass-cannon hotfix for now (since it's fairly urgent), with the downside of it not being resilient to server downtime of the other side, while in the future a better approach can be steamrolled. |
|
Ok, ready for a new round of review. |
Yoric
force-pushed
the
develop-msc2938
branch
2 times, most recently
from
06d07f8 to
2a7ac22
Compare
|
@clokep Review ping? |
There was a problem hiding this comment.
@Yoric what are you looking for here? Feedback on the MSC? Feedback on whether the impl matches the MSC? Are there particular parts of the impl you have questions on?
The impl looks generally plausible, though as I point out I'd like to see part of it split out to a Handler class.
I'm a little worried about DoS vectors: it seems like it would be easy for a malicious client or federated server to spew hundreds of abuse reports which stack up into server notices. (Of course, that vector exists today, but it's hard to turn into a proper DoS.) Maybe we should apply some pre-emptive rate-limiting?
Essentially, I'd like to land this at some point during the next few weeks and then start experimenting with using this in the front-end. So, I'm looking for anything that can bring me closer to that end! (I will apply your feedback asap) |
Yoric
force-pushed
the
develop-msc2938
branch
2 times, most recently
from
5b1c536 to
7113dc1
Compare
Done. |
Yoric
force-pushed
the
develop-msc2938
branch
3 times, most recently
from
2b164b9 to
09ddd87
Compare
|
Note: I still need to write sytests. |
|
[looks like your tests are failing] |
There was a problem hiding this comment.
the diff (https://github.com/matrix-org/synapse/pull/9207/files) seems to contain a bunch of unrelated changes: can you fix that so that this can be reviewed, please?
As a matter of general principle, in future please avoid rebasing PR branches once they have received a review, so that it's possible to see how it has changed since the previous review.
|
Apologies, looks like a merge error.
I'm not sure how I can do that when the review process has started 4 months ago and the work on typing has changed much of the underlying code since then. What's the policy in such cases? |
Signed-off-by: David Teller <[email protected]>
I agree if it's a complete rewrite then there's not much value in a merge rather than a rebase, but I'm assuming it hasn't completely changed since I first reviewed this (11 days ago). |
I believe that we're using different meanings of the word "rebase". I'll try and avoid overwriting history in the future! |
|
I'm referring to |
| self.federation_sender = None | ||
| if hs.should_send_federation(): | ||
| self.federation_sender = hs.get_federation_sender() | ||
| hs.get_federation_registry().register_edu_handler( | ||
| "org.matrix.m.content_report", self.on_receive_report_through_federation | ||
| ) |
There was a problem hiding this comment.
I think this stuff probably isn't going to work right in a multi-worker synapse deployment, though I think fixing that is out of scope for this PR review...
| retry_after_ms=int(1000 * (time_allowed - time_now_s)) | ||
| ) | ||
| """ | ||
| Report an event as abuse. |
There was a problem hiding this comment.
| Report an event as abuse. | |
| Handle a request from a client to report an event as abuse. |
| room_id: The room in which the event took place. | ||
| reason: The human-readable reason provided by the user. | ||
| content: A JSON dictionary `{reason: String?, score: Number?}`. | ||
| score Optionally, a "badness" score where -100 is "really bad" and 0 is "acceptable". |
There was a problem hiding this comment.
| score Optionally, a "badness" score where -100 is "really bad" and 0 is "acceptable". | |
| score: Optionally, a "badness" score where -100 is "really bad" and 0 is "acceptable". |
| room_id: The room in which the event took place. | ||
| reason: The human-readable reason provided by the user. | ||
| content: A JSON dictionary `{reason: String?, score: Number?}`. | ||
| score Optionally, a "badness" score where -100 is "really bad" and 0 is "acceptable". |
There was a problem hiding this comment.
in what way is it optional? the type declaration is int, not Optional.
| reason: The human-readable reason provided by the user. | ||
| content: A JSON dictionary `{reason: String?, score: Number?}`. | ||
| score Optionally, a "badness" score where -100 is "really bad" and 0 is "acceptable". | ||
| nature An optional flag to aid classification and prioritization of abuse reports, e.g. "m.abuse.spam". |
There was a problem hiding this comment.
| nature An optional flag to aid classification and prioritization of abuse reports, e.g. "m.abuse.spam". | |
| nature: An optional flag to aid classification and prioritization of abuse reports, e.g. "m.abuse.spam". |
| self.msc3026_enabled = experimental.get("msc3026_enabled", False) # type: bool | ||
|
|
||
| # MSC2938 (report to moderator) | ||
| self.msc2938_enabled = experimental.get("msc2938_enabled", False) # type: bool |
There was a problem hiding this comment.
I don't think this is actually used?
| room_id The room in which the event took place. | ||
| event_id The event to report. We do not check whether the event took place in that room. | ||
| user_id The user who reported the event. We do not check whether the user can actually witness the event. | ||
| reason The human-readable reason provided by the user. | ||
| nature An optional flag to aid classification and prioritization of abuse reports, e.g. "abuse.spam". | ||
| score Optionally, a "badness" score where -100 is "really bad" and 0 is "acceptable". |
There was a problem hiding this comment.
(also, could they be in the right order, please?)
|
|
||
| # A little sanity check on the event itself. | ||
| event = await self.store.get_event(event_id=event_id, check_room_id=None) | ||
| if event.room_id != room_id.to_string(): |
There was a problem hiding this comment.
again I ask: why not let get_event do this check for you?
Generally it's a pretty poor use of your time and mine for me to make the same review comment multiple times. If something I've written is unclear, just comment on the thread and I'll do my best to clarify.
| request, requester.user, body, room_id, event_id | ||
| await self._rate_limiter.ratelimit(requester=requester) | ||
|
|
||
| if not isinstance(body["reason"], str): |
There was a problem hiding this comment.
this will 500 if there is no reason property.
| if not isinstance(body["reason"], str): | |
| reason = body.get("reason") | |
| if not isinstance(reason, str): |
likewise below for score.
erikjohnston
added
the
X-Awaiting-Changes
|
Yes, let's close it. |
5 participants
Context
This patch implements (a subset of) MSC 2938, i.e. the ability for users to report content to room moderators instead of system administrators.
Pull Request Checklist
EventStoretoEventWorkerStore.".code blocks.