**Does not yet work!** Currently, state resolution does not correctly resolve conflicting states. Everything else appears to work as expected, so stateres will be fixed soon, then we should be clear for takeoff.
Also: a lot of things currently accept a nullable room ID that really just don't need to. This will need tidying up before merge. Some authentication checks have also been disabled temporarily but nothing important.
A lot of things are tagged with `TODO(hydra)`, those need resolving before merge. External contributors should PR to the `hydra/public` branch, *not* ` main`.
---
This PR should be squash merged.
Reviewed-on: https://forgejo.ellis.link/continuwuation/continuwuity/pulls/943
Co-authored-by: nexy7574 <git@nexy7574.co.uk>
Co-committed-by: nexy7574 <git@nexy7574.co.uk>
* reporting rooms now always returns 200 OK
* reporting an event returns OK if we don't know about the reported event
* removed the score parameter (needs a followup ruwuma update)
Replace unreliable PduCount pagination tokens with ShortEventId throughout
the relations and messages endpoints. ShortEventId provides stable, unique
identifiers that persist across server restarts and database operations.
Key improvements:
- Add token parsing helpers that try ShortEventId first, fall back to
PduCount for backwards compatibility
- Include thread root event when paginating backwards to thread start
- Fix off-by-one error in get_relations that was returning the starting
event in results
- Only return next_batch/prev_batch tokens when more events are available,
preventing clients from making unnecessary requests at thread boundaries
- Ensure consistent token format between /relations, /messages, and /sync
endpoints for interoperability
This fixes duplicate events when scrolling at thread boundaries and ensures
the thread root message is visible when viewing a thread, matching expected
client behaviour.
Ensures access tokens are unique across both user and appservice tables to
prevent authentication ambiguity and potential security issues.
Changes:
- On startup, automatically logout any user devices using tokens that
conflict with appservice tokens (resolves in favour of appservices)
and log a warning with affected user/device details
- When creating new user tokens, check for conflicts with appservice tokens
and generate a new token if a collision would occur
- When registering new appservices, reject registration if the token is
already in use by a user device
- Use futures::select_ok to race token lookups concurrently for better
performance (adapted from tuwunel commit 066097a8)
This fix-forward approach resolves existing token collisions on startup
whilst preventing new ones from being created, without breaking existing
valid authentications.
The find_token optimisation is adapted from tuwunel (matrix-construct/tuwunel)
commit 066097a8: "Optimize user and appservice token queries" by Jason Volk.
