From 25f39e20d0b6c182ac773fbb94ce653d7299e596 Mon Sep 17 00:00:00 2001 From: gnuxie Date: Wed, 12 Mar 2025 15:46:24 +0000 Subject: [PATCH] Start plumbing up RoomTakedownProtection into Draupnir. There are a couple of FIXME's to address. Such as plumbing up the stores into draupnir and how to poll for new rooms. --- src/protections/RoomTakedown/RoomTakedown.ts | 2 + .../RoomTakedown/RoomTakedownProtection.ts | 94 +++++++++++++++++++ 2 files changed, 96 insertions(+) create mode 100644 src/protections/RoomTakedown/RoomTakedownProtection.ts diff --git a/src/protections/RoomTakedown/RoomTakedown.ts b/src/protections/RoomTakedown/RoomTakedown.ts index d63edabd..206bc27a 100644 --- a/src/protections/RoomTakedown/RoomTakedown.ts +++ b/src/protections/RoomTakedown/RoomTakedown.ts @@ -67,6 +67,8 @@ export class StandardRoomTakedown implements RoomTakedown { if (isError(takedownResult)) { return takedownResult; } else { + // FIXME: we should probably audit as simulated if the capability is simulated. + // or not audit at all because the protection preview might show things otherwise. return await this.auditLog.takedownRoom(rule); } } diff --git a/src/protections/RoomTakedown/RoomTakedownProtection.ts b/src/protections/RoomTakedown/RoomTakedownProtection.ts new file mode 100644 index 00000000..ae6b60c5 --- /dev/null +++ b/src/protections/RoomTakedown/RoomTakedownProtection.ts @@ -0,0 +1,94 @@ +// SPDX-FileCopyrightText: 2025 Gnuxie +// +// SPDX-License-Identifier: Apache-2.0 + +import { + AbstractProtection, + ActionResult, + describeProtection, + Ok, + PolicyListRevision, + PolicyRuleChange, + ProtectedRoomsSet, + Protection, + ProtectionDescription, + SHA256RoomHashStore, + Task, + UnknownConfig, +} from "matrix-protection-suite"; +import { RoomTakedownCapability } from "../../capabilities/RoomTakedownCapability"; +import { Draupnir } from "../../Draupnir"; +import { StandardRoomTakedown } from "./RoomTakedown"; +import { RoomAuditLog } from "./RoomAuditLog"; +import { SynapseAdminRoomTakedownCapability } from "../../capabilities/SynapseAdminRoomTakedown/SynapseAdminRoomTakedown"; + +// FIXME: We still haven't figured out how to poll for new rooms via the +// Synapse admin API. + +// FIXME: We need to add the stores to draupnir somehow. +// probably from the toplevel. + +type RoomTakedownProtectionCapabilities = { + roomTakedownCapability: RoomTakedownCapability; +}; + +type RoomTakedownProtectionDescription = ProtectionDescription< + Draupnir, + UnknownConfig, + RoomTakedownProtectionCapabilities +>; + +export class RoomTakedownProtection + extends AbstractProtection + implements Protection +{ + private readonly roomTakedown: StandardRoomTakedown; + constructor( + description: RoomTakedownProtectionDescription, + capabilities: RoomTakedownProtectionCapabilities, + protectedRoomsSet: ProtectedRoomsSet, + hashStore: SHA256RoomHashStore, + auditLog: RoomAuditLog + ) { + super(description, capabilities, protectedRoomsSet, {}); + this.roomTakedown = new StandardRoomTakedown( + hashStore, + auditLog, + capabilities.roomTakedownCapability + ); + void Task( + this.roomTakedown.checkAllRooms( + this.protectedRoomsSet.watchedPolicyRooms.currentRevision + ) + ); + } + + handlePolicyChange( + revision: PolicyListRevision, + changes: PolicyRuleChange[] + ): Promise> { + return this.roomTakedown.handlePolicyChange(revision, changes); + } +} + +describeProtection({ + name: RoomTakedownProtection.name, + description: `A protection to shutdown rooms matching policies from watched lists`, + capabilityInterfaces: { + roomTakedownCapability: "RoomTakedownCapability", + }, + defaultCapabilities: { + roomTakedownCapability: SynapseAdminRoomTakedownCapability.name, + }, + factory(description, protectedRoomsSet, draupnir, capabilitySet, _settings) { + return Ok( + new RoomTakedownProtection( + description, + capabilitySet, + protectedRoomsSet, + draupnir.hashStore, + draupnir.auditLog + ) + ); + }, +});