-
Notifications
You must be signed in to change notification settings - Fork 371
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[WIP] MSC2356: Bulk /joined_members endpoint #2356
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Seems fairly straightforward, just a couple changes.
Should this deprecate the old endpoint?
|
||
`joined["room_id"]` follows the same format as `joined` in `/rooms/{roomId}/joined_members`. | ||
|
||
Any rooms where membership could not be fetched MUST be returned as null. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We could also just not send anything back for these rooms? So instead of:
{
"!foo:bar": {...},
"!not:real": null,
"!not2:real": null,
"!not3:real": null,
"!not4:real": null
}
just have:
{
"!foo:bar": {...}
}
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yeah, I guess you can make the assumption that the room isn't readable if it's not in the set.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
yea, let's just not include the room. We do this elsewhere (though I can't remember where).
spelling fixes Co-Authored-By: Andrew Morgan <1342360+anoadragon453@users.noreply.github.com>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
seems straightforward as an API which could benefit from other technologies, but those technologies don't exist in the spec yet :(
|
||
This proposal covers the creation of a bulk room membership endpoint. | ||
|
||
The new endpoint will be called `POST /_matrix/client/r0/joined_members` and will not |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This makes it sound like you can change the members of the room. /get_joined_members
instead to make it sound like an action?
|
||
``` | ||
{ | ||
"rooms": [ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We're sending IDs, not rooms.
"rooms": [ | |
"room_ids": [ |
|
||
`joined["room_id"]` follows the same format as `joined` in `/rooms/{roomId}/joined_members`. | ||
|
||
Any rooms where membership could not be fetched MUST be returned as null. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
yea, let's just not include the room. We do this elsewhere (though I can't remember where).
## Potential issues | ||
|
||
If an implementation is done poorly, it's possible to use this request to wedge | ||
a homeserver by requesting membership from a huge number of rooms. Homeservers COULD |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
we don't have a keyword for COULD. Lowercase it to avoid my complaining:
a homeserver by requesting membership from a huge number of rooms. Homeservers COULD | |
a homeserver by requesting membership from a huge number of rooms. Homeservers could |
or use SHOULD:
a homeserver by requesting membership from a huge number of rooms. Homeservers COULD | |
a homeserver by requesting membership from a huge number of rooms. Homeservers SHOULD |
allow for large payloads. | ||
|
||
The time taken to serve this request may exceed the timeout of the request, so similiar semantics | ||
COULD be applied as they are in /sync where the request continues to run on the homeserver |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
COULD be applied as they are in /sync where the request continues to run on the homeserver | |
SHOULD be applied as they are in /sync where the request continues to run on the homeserver |
|
||
## Security considerations | ||
|
||
None. The endpoint should follow the same authorisation checks that the `/joined_members` endpoint makes. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
would be good to reinforce this up above by saying the requesting user must be in the room in order to get results, and whatever other appservice-specific semantics (if any beyond impersonation) apply.
COULD be applied as they are in /sync where the request continues to run on the homeserver | ||
and is resumed when the next call to the endpoint is made. | ||
|
||
## Alternatives |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can we just fix filtering in Synapse and make /sync faster? (which also introduces a use case for appservices to sync...)
Another alternative would be GraphQL.
@@ -0,0 +1,105 @@ | |||
# MSC2356 - Bulk /joined_members endpoint |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yep, this serves a different use case.
Having thought about this, I don't think this is useful. It's basically only saving HTTP hits to the server at this point, which feels like an over-optimisation for the spec. |
Rendered