Fix NewAuthEvents call-sites for GMSL update

clientapi/routing/sendevent.go

@@ -414,8 +414,14 @@ func generateSendEvent(
 	for i := range queryRes.StateEvents {
 		stateEvents[i] = queryRes.StateEvents[i].PDU
 	}
-	provider := gomatrixserverlib.NewAuthEvents(gomatrixserverlib.ToPDUs(stateEvents))
+	provider, err := gomatrixserverlib.NewAuthEvents(gomatrixserverlib.ToPDUs(stateEvents))
-	if err = gomatrixserverlib.Allowed(e.PDU, &provider, func(roomID spec.RoomID, senderID spec.SenderID) (*spec.UserID, error) {
+	if err != nil {
+		return nil, &util.JSONResponse{
+			Code: http.StatusForbidden,
+			JSON: spec.Forbidden(err.Error()),
+		}
+	}
+	if err = gomatrixserverlib.Allowed(e.PDU, provider, func(roomID spec.RoomID, senderID spec.SenderID) (*spec.UserID, error) {
 		return rsAPI.QueryUserIDForSender(ctx, *validRoomID, senderID)
 	}); err != nil {
 		return nil, &util.JSONResponse{

federationapi/routing/threepid.go

@@ -344,7 +344,7 @@ func buildMembershipEvent(
 	protoEvent.Depth = queryRes.Depth
 	protoEvent.PrevEvents = queryRes.LatestEvents
 
-	authEvents := gomatrixserverlib.NewAuthEvents(nil)
+	authEvents, _ := gomatrixserverlib.NewAuthEvents(nil)
 
 	for i := range queryRes.StateEvents {
 		err = authEvents.AddEvent(queryRes.StateEvents[i].PDU)
@@ -357,7 +357,7 @@ func buildMembershipEvent(
 		return nil, err
 	}
 
-	refs, err := eventsNeeded.AuthEventReferences(&authEvents)
+	refs, err := eventsNeeded.AuthEventReferences(authEvents)
 	if err != nil {
 		return nil, err
 	}
@@ -421,7 +421,7 @@ func sendToRemoteServer(
 // found. Returning an error isn't necessary in this case as the event will be
 // rejected by gomatrixserverlib.
 func fillDisplayName(
-	builder *gomatrixserverlib.ProtoEvent, authEvents gomatrixserverlib.AuthEvents,
+	builder *gomatrixserverlib.ProtoEvent, authEvents *gomatrixserverlib.AuthEvents,
 ) error {
 	var content gomatrixserverlib.MemberContent
 	if err := json.Unmarshal(builder.Content, &content); err != nil {

go.mod

@@ -24,7 +24,7 @@ require (
 	github.com/matrix-org/dugong v0.0.0-20210921133753-66e6b1c67e2e
 	github.com/matrix-org/go-sqlite3-js v0.0.0-20220419092513-28aa791a1c91
 	github.com/matrix-org/gomatrix v0.0.0-20220926102614-ceba4d9f7530
-	github.com/matrix-org/gomatrixserverlib v0.0.0-20240910190622-2c764912ce93
+	github.com/matrix-org/gomatrixserverlib v0.0.0-20241215094829-e86ab16eabe8
 	github.com/matrix-org/pinecone v0.11.1-0.20230810010612-ea4c33717fd7
 	github.com/matrix-org/util v0.0.0-20221111132719-399730281e66
 	github.com/mattn/go-sqlite3 v1.14.24

go.sum

@@ -237,8 +237,8 @@ github.com/matrix-org/go-sqlite3-js v0.0.0-20220419092513-28aa791a1c91 h1:s7fexw
 github.com/matrix-org/go-sqlite3-js v0.0.0-20220419092513-28aa791a1c91/go.mod h1:e+cg2q7C7yE5QnAXgzo512tgFh1RbQLC0+jozuegKgo=
 github.com/matrix-org/gomatrix v0.0.0-20220926102614-ceba4d9f7530 h1:kHKxCOLcHH8r4Fzarl4+Y3K5hjothkVW5z7T1dUM11U=
 github.com/matrix-org/gomatrix v0.0.0-20220926102614-ceba4d9f7530/go.mod h1:/gBX06Kw0exX1HrwmoBibFA98yBk/jxKpGVeyQbff+s=
-github.com/matrix-org/gomatrixserverlib v0.0.0-20240910190622-2c764912ce93 h1:FbyZ/xkeBVYHi2xfwAVaNmDhP+4HNbt9e6ucOR+jvBk=
+github.com/matrix-org/gomatrixserverlib v0.0.0-20241215094829-e86ab16eabe8 h1:nC998SaawQwbZ16/V70Pil3pY3rSQwTaeLOpHWp7ZTo=
-github.com/matrix-org/gomatrixserverlib v0.0.0-20240910190622-2c764912ce93/go.mod h1:HZGsVJ3bUE+DkZtufkH9H0mlsvbhEGK5CpX0Zlavylg=
+github.com/matrix-org/gomatrixserverlib v0.0.0-20241215094829-e86ab16eabe8/go.mod h1:qil34SWn6VB6gO5312rzziCUcZtgROPjrLE+4ly/0os=
 github.com/matrix-org/pinecone v0.11.1-0.20230810010612-ea4c33717fd7 h1:6t8kJr8i1/1I5nNttw6nn1ryQJgzVlBmSGgPiiaTdw4=
 github.com/matrix-org/pinecone v0.11.1-0.20230810010612-ea4c33717fd7/go.mod h1:ReWMS/LoVnOiRAdq9sNUC2NZnd1mZkMNB52QhpTRWjg=
 github.com/matrix-org/util v0.0.0-20221111132719-399730281e66 h1:6z4KxomXSIGWqhHcfzExgkH3Z3UkIXry4ibJS4Aqz2Y=

internal/eventutil/events.go

@@ -123,7 +123,7 @@ func addPrevEventsToEvent(
 
 	builder.Depth = queryRes.Depth
 
-	authEvents := gomatrixserverlib.NewAuthEvents(nil)
+	authEvents, _ := gomatrixserverlib.NewAuthEvents(nil)
 
 	for i := range queryRes.StateEvents {
 		err := authEvents.AddEvent(queryRes.StateEvents[i].PDU)
@@ -132,7 +132,7 @@ func addPrevEventsToEvent(
 		}
 	}
 
-	refs, err := eventsNeeded.AuthEventReferences(&authEvents)
+	refs, err := eventsNeeded.AuthEventReferences(authEvents)
 	if err != nil {
 		return fmt.Errorf("eventsNeeded.AuthEventReferences: %w", err)
 	}

roomserver/internal/input/input_events.go

@@ -285,15 +285,15 @@ func (r *Inputer) processRoomEvent(
 
 	// Check that the auth events of the event are known.
 	// If they aren't then we will ask the federation API for them.
-	authEvents := gomatrixserverlib.NewAuthEvents(nil)
+	authEvents, _ := gomatrixserverlib.NewAuthEvents(nil)
 	knownEvents := map[string]*types.Event{}
-	if err = r.fetchAuthEvents(ctx, logger, roomInfo, virtualHost, headered, &authEvents, knownEvents, serverRes.ServerNames); err != nil {
+	if err = r.fetchAuthEvents(ctx, logger, roomInfo, virtualHost, headered, authEvents, knownEvents, serverRes.ServerNames); err != nil {
 		return fmt.Errorf("r.fetchAuthEvents: %w", err)
 	}
 
 	// Check if the event is allowed by its auth events. If it isn't then
 	// we consider the event to be "rejected" — it will still be persisted.
-	if err = gomatrixserverlib.Allowed(event, &authEvents, func(roomID spec.RoomID, senderID spec.SenderID) (*spec.UserID, error) {
+	if err = gomatrixserverlib.Allowed(event, authEvents, func(roomID spec.RoomID, senderID spec.SenderID) (*spec.UserID, error) {
 		return r.Queryer.QueryUserIDForSender(ctx, roomID, senderID)
 	}); err != nil {
 		isRejected = true
@@ -640,10 +640,15 @@ func (r *Inputer) processStateBefore(
 	// At this point, stateBeforeEvent should be populated either by
 	// the supplied state in the input request, or from the prev events.
 	// Check whether the event is allowed or not.
-	stateBeforeAuth := gomatrixserverlib.NewAuthEvents(
+	var stateBeforeAuth *gomatrixserverlib.AuthEvents
+	stateBeforeAuth, err = gomatrixserverlib.NewAuthEvents(
 		gomatrixserverlib.ToPDUs(stateBeforeEvent),
 	)
-	if rejectionErr = gomatrixserverlib.Allowed(event, &stateBeforeAuth, func(roomID spec.RoomID, senderID spec.SenderID) (*spec.UserID, error) {
+	if err != nil {
+		rejectionErr = fmt.Errorf("NewAuthEvents failed: %w", err)
+		return
+	}
+	if rejectionErr = gomatrixserverlib.Allowed(event, stateBeforeAuth, func(roomID spec.RoomID, senderID spec.SenderID) (*spec.UserID, error) {
 		return r.Queryer.QueryUserIDForSender(ctx, roomID, senderID)
 	}); rejectionErr != nil {
 		rejectionErr = fmt.Errorf("Allowed() failed for stateBeforeEvent: %w", rejectionErr)

roomserver/internal/input/input_events_test.go

@@ -50,7 +50,7 @@ func Test_EventAuth(t *testing.T) {
 	}, test.WithStateKey(bob.ID), test.WithAuthIDs(authEventIDs))
 
 	// Add the auth events to the allower
-	allower := gomatrixserverlib.NewAuthEvents(nil)
+	allower, _ := gomatrixserverlib.NewAuthEvents(nil)
 	for _, a := range authEvents {
 		if err := allower.AddEvent(a); err != nil {
 			t.Fatalf("allower.AddEvent failed: %v", err)
@@ -58,7 +58,7 @@ func Test_EventAuth(t *testing.T) {
 	}
 
 	// Finally check that the event is NOT allowed
-	if err := gomatrixserverlib.Allowed(ev.PDU, &allower, func(roomID spec.RoomID, senderID spec.SenderID) (*spec.UserID, error) {
+	if err := gomatrixserverlib.Allowed(ev.PDU, allower, func(roomID spec.RoomID, senderID spec.SenderID) (*spec.UserID, error) {
 		return spec.NewUserID(string(senderID), true)
 	}); err == nil {
 		t.Fatalf("event should not be allowed, but it was")

roomserver/internal/input/input_missing.go

@@ -961,14 +961,14 @@ serverLoop:
 }
 
 func checkAllowedByState(e gomatrixserverlib.PDU, stateEvents []gomatrixserverlib.PDU, userIDForSender spec.UserIDForSender) error {
-	authUsingState := gomatrixserverlib.NewAuthEvents(nil)
+	authUsingState, _ := gomatrixserverlib.NewAuthEvents(nil)
 	for i := range stateEvents {
 		err := authUsingState.AddEvent(stateEvents[i])
 		if err != nil {
 			return err
 		}
 	}
-	return gomatrixserverlib.Allowed(e, &authUsingState, userIDForSender)
+	return gomatrixserverlib.Allowed(e, authUsingState, userIDForSender)
 }
 
 func (t *missingStateReq) hadEvent(eventID string) {

roomserver/internal/perform/perform_create_room.go

@@ -343,7 +343,7 @@ func (c *Creator) PerformCreateRoom(ctx context.Context, userID spec.UserID, roo
 	// TODO: 3pid invite events
 
 	var builtEvents []*types.HeaderedEvent
-	authEvents := gomatrixserverlib.NewAuthEvents(nil)
+	authEvents, _ := gomatrixserverlib.NewAuthEvents(nil)
 	if err != nil {
 		util.GetLogger(ctx).WithError(err).Error("rsapi.QuerySenderIDForUser failed")
 		return "", &util.JSONResponse{
@@ -373,7 +373,7 @@ func (c *Creator) PerformCreateRoom(ctx context.Context, userID spec.UserID, roo
 			builder.PrevEvents = []string{builtEvents[i-1].EventID()}
 		}
 		var ev gomatrixserverlib.PDU
-		if err = builder.AddAuthEvents(&authEvents); err != nil {
+		if err = builder.AddAuthEvents(authEvents); err != nil {
 			util.GetLogger(ctx).WithError(err).Error("AddAuthEvents failed")
 			return "", &util.JSONResponse{
 				Code: http.StatusInternalServerError,
@@ -389,7 +389,7 @@ func (c *Creator) PerformCreateRoom(ctx context.Context, userID spec.UserID, roo
 			}
 		}
 
-		if err = gomatrixserverlib.Allowed(ev, &authEvents, func(roomID spec.RoomID, senderID spec.SenderID) (*spec.UserID, error) {
+		if err = gomatrixserverlib.Allowed(ev, authEvents, func(roomID spec.RoomID, senderID spec.SenderID) (*spec.UserID, error) {
 			return c.RSAPI.QueryUserIDForSender(ctx, roomID, senderID)
 		}); err != nil {
 			util.GetLogger(ctx).WithError(err).Error("gomatrixserverlib.Allowed failed")

roomserver/internal/perform/perform_upgrade.go

@@ -470,7 +470,7 @@ func (r *Upgrader) generateInitialEvents(ctx context.Context, oldRoom *api.Query
 func (r *Upgrader) sendInitialEvents(ctx context.Context, evTime time.Time, senderID spec.SenderID, userDomain spec.ServerName, newRoomID string, newVersion gomatrixserverlib.RoomVersion, eventsToMake []gomatrixserverlib.FledglingEvent) error {
 	var err error
 	var builtEvents []*types.HeaderedEvent
-	authEvents := gomatrixserverlib.NewAuthEvents(nil)
+	authEvents, _ := gomatrixserverlib.NewAuthEvents(nil)
 	for i, e := range eventsToMake {
 		depth := i + 1 // depth starts at 1
 
@@ -495,7 +495,7 @@ func (r *Upgrader) sendInitialEvents(ctx context.Context, evTime time.Time, send
 			return err
 		}
 		builder := verImpl.NewEventBuilderFromProtoEvent(&proto)
-		if err = builder.AddAuthEvents(&authEvents); err != nil {
+		if err = builder.AddAuthEvents(authEvents); err != nil {
 			return err
 		}
 
@@ -506,7 +506,7 @@ func (r *Upgrader) sendInitialEvents(ctx context.Context, evTime time.Time, send
 
 		}
 
-		if err = gomatrixserverlib.Allowed(event, &authEvents, func(roomID spec.RoomID, senderID spec.SenderID) (*spec.UserID, error) {
+		if err = gomatrixserverlib.Allowed(event, authEvents, func(roomID spec.RoomID, senderID spec.SenderID) (*spec.UserID, error) {
 			return r.URSAPI.QueryUserIDForSender(ctx, roomID, senderID)
 		}); err != nil {
 			return fmt.Errorf("Failed to auth new %q event: %w", builder.Type, err)
@@ -586,8 +586,11 @@ func (r *Upgrader) makeHeaderedEvent(ctx context.Context, evTime time.Time, send
 	for i := range queryRes.StateEvents {
 		stateEvents[i] = queryRes.StateEvents[i].PDU
 	}
-	provider := gomatrixserverlib.NewAuthEvents(stateEvents)
+	provider, err := gomatrixserverlib.NewAuthEvents(stateEvents)
-	if err = gomatrixserverlib.Allowed(headeredEvent.PDU, &provider, func(roomID spec.RoomID, senderID spec.SenderID) (*spec.UserID, error) {
+	if err != nil {
+		return nil, err
+	}
+	if err = gomatrixserverlib.Allowed(headeredEvent.PDU, provider, func(roomID spec.RoomID, senderID spec.SenderID) (*spec.UserID, error) {
 		return r.URSAPI.QueryUserIDForSender(ctx, roomID, senderID)
 	}); err != nil {
 		return nil, api.ErrNotAllowed{Err: fmt.Errorf("failed to auth new %q event: %w", proto.Type, err)} // TODO: Is this error string comprehensible to the client?

test/room.go

@@ -43,7 +43,7 @@ type Room struct {
 	visibility   gomatrixserverlib.HistoryVisibility
 	creator      *User
 
-	authEvents   gomatrixserverlib.AuthEvents
+	authEvents   *gomatrixserverlib.AuthEvents
 	currentState map[string]*rstypes.HeaderedEvent
 	events       []*rstypes.HeaderedEvent
 }
@@ -55,10 +55,11 @@ func NewRoom(t *testing.T, creator *User, modifiers ...roomModifier) *Room {
 	if creator.srvName == "" {
 		t.Fatalf("NewRoom: creator doesn't belong to a server: %+v", *creator)
 	}
+	authEvents, _ := gomatrixserverlib.NewAuthEvents(nil)
 	r := &Room{
 		ID:           fmt.Sprintf("!%d:%s", counter, creator.srvName),
 		creator:      creator,
-		authEvents:   gomatrixserverlib.NewAuthEvents(nil),
+		authEvents:   authEvents,
 		preset:       PresetPublicChat,
 		Version:      gomatrixserverlib.RoomVersionV9,
 		currentState: make(map[string]*rstypes.HeaderedEvent),
@@ -73,7 +74,7 @@ func NewRoom(t *testing.T, creator *User, modifiers ...roomModifier) *Room {
 
 func (r *Room) MustGetAuthEventRefsForEvent(t *testing.T, needed gomatrixserverlib.StateNeeded) []string {
 	t.Helper()
-	a, err := needed.AuthEventReferences(&r.authEvents)
+	a, err := needed.AuthEventReferences(r.authEvents)
 	if err != nil {
 		t.Fatalf("MustGetAuthEvents: %v", err)
 	}
@@ -175,7 +176,7 @@ func (r *Room) CreateEvent(t *testing.T, creator *User, eventType string, conten
 		builder.PrevEvents = []string{r.events[len(r.events)-1].EventID()}
 	}
 
-	err = builder.AddAuthEvents(&r.authEvents)
+	err = builder.AddAuthEvents(r.authEvents)
 	if err != nil {
 		t.Fatalf("CreateEvent[%s]: failed to AuthEventReferences: %s", eventType, err)
 	}
@@ -191,7 +192,7 @@ func (r *Room) CreateEvent(t *testing.T, creator *User, eventType string, conten
 	if err != nil {
 		t.Fatalf("CreateEvent[%s]: failed to build event: %s", eventType, err)
 	}
-	if err = gomatrixserverlib.Allowed(ev, &r.authEvents, UserIDForSender); err != nil {
+	if err = gomatrixserverlib.Allowed(ev, r.authEvents, UserIDForSender); err != nil {
 		t.Fatalf("CreateEvent[%s]: failed to verify event was allowed: %s", eventType, err)
 	}
 	headeredEvent := &rstypes.HeaderedEvent{PDU: ev}