media/create: add /create endpoint

See matrix-org/matrix-spec-proposals#2246 for details

Signed-off-by: Sumner Evans <[email protected]>

Author: sumnerevans

synapse/media/media_repository.py

@@ -77,6 +77,7 @@ def __init__(self, hs: "HomeServer"):
         self.store = hs.get_datastores().main
         self.max_upload_size = hs.config.media.max_upload_size
         self.max_image_pixels = hs.config.media.max_image_pixels
+        self.unused_expiration_time = hs.config.media.unused_expiration_time
 
         Thumbnailer.set_limits(self.max_image_pixels)
 
@@ -175,6 +176,28 @@ def mark_recently_accessed(self, server_name: Optional[str], media_id: str) -> N
         else:
             self.recently_accessed_locals.add(media_id)
 
+    @trace
+    async def create_media_id(self, auth_user: UserID) -> Tuple[str, int]:
+        """Create and store a media ID for a local user and return the MXC URI and its
+        expiration.
+        Args:
+            auth_user: The user_id of the uploader
+        Returns:
+            A tuple containing the MXC URI of the stored content and the timestamp at
+            which the MXC URI expires.
+        """
+        media_id = random_string(24)
+        now = self.clock.time_msec()
+        # After the configured amount of time, don't allow the upload to start.
+        unused_expires_at = now + self.unused_expiration_time
+        await self.store.store_local_media_id(
+            media_id=media_id,
+            time_now_ms=now,
+            user_id=auth_user,
+            unused_expires_at=unused_expires_at,
+        )
+        return f"mxc://{self.server_name}/{media_id}", unused_expires_at
+
     @trace
     async def create_content(
         self,

synapse/rest/media/create_resource.py

@@ -0,0 +1,81 @@
+# Copyright 2023 Beeper Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+import logging
+from typing import TYPE_CHECKING
+
+from synapse.api.errors import LimitExceededError
+from synapse.api.ratelimiting import Ratelimiter
+from synapse.http.server import DirectServeJsonResource, respond_with_json
+from synapse.http.site import SynapseRequest
+
+if TYPE_CHECKING:
+    from synapse.media.media_repository import MediaRepository
+    from synapse.server import HomeServer
+
+logger = logging.getLogger(__name__)
+
+
+class CreateResource(DirectServeJsonResource):
+    isLeaf = True
+
+    def __init__(self, hs: "HomeServer", media_repo: "MediaRepository"):
+        super().__init__()
+
+        self.media_repo = media_repo
+        self.clock = hs.get_clock()
+        self.auth = hs.get_auth()
+
+        # A rate limiter for creating new media IDs.
+        self._create_media_rate_limiter = Ratelimiter(
+            store=hs.get_datastores().main,
+            clock=self.clock,
+            rate_hz=hs.config.ratelimiting.rc_media_create.per_second,
+            burst_count=hs.config.ratelimiting.rc_media_create.burst_count,
+        )
+
+    async def _async_render_OPTIONS(self, request: SynapseRequest) -> None:
+        respond_with_json(request, 200, {}, send_cors=True)
+
+    async def _async_render_POST(self, request: SynapseRequest) -> None:
+        requester = await self.auth.get_user_by_req(request)
+
+        # If the create media requests for the user are over the limit, drop them.
+        allowed, time_allowed = await self._create_media_rate_limiter.can_do_action(
+            requester
+        )
+        if not allowed:
+            time_now_s = self.clock.time()
+            raise LimitExceededError(
+                retry_after_ms=int(1000 * (time_allowed - time_now_s))
+            )
+
+        content_uri, unused_expires_at = await self.media_repo.create_media_id(
+            requester.user
+        )
+
+        logger.info(
+            "Created Media URI %r that if unused will expire at %d",
+            content_uri,
+            unused_expires_at,
+        )
+        respond_with_json(
+            request,
+            200,
+            {
+                "content_uri": content_uri,
+                "unused_expires_at": unused_expires_at,
+            },
+            send_cors=True,
+        )

synapse/rest/media/media_repository_resource.py

@@ -18,6 +18,7 @@
 from synapse.http.server import UnrecognizedRequestResource
 
 from .config_resource import MediaConfigResource
+from .create_resource import CreateResource
 from .download_resource import DownloadResource
 from .preview_url_resource import PreviewUrlResource
 from .thumbnail_resource import ThumbnailResource
@@ -80,6 +81,7 @@ def __init__(self, hs: "HomeServer"):
         super().__init__()
         media_repo = hs.get_media_repository()
 
+        self.putChild(b"create", CreateResource(hs, media_repo))
         self.putChild(b"upload", UploadResource(hs, media_repo))
         self.putChild(b"download", DownloadResource(hs, media_repo))
         self.putChild(

synapse/storage/databases/main/media_repository.py

@@ -329,6 +329,25 @@ def _get_local_media_ids_txn(txn: LoggingTransaction) -> List[str]:
             "get_local_media_ids", _get_local_media_ids_txn
         )
 
+    @trace
+    async def store_local_media_id(
+        self,
+        media_id: str,
+        time_now_ms: int,
+        user_id: UserID,
+        unused_expires_at: int,
+    ) -> None:
+        await self.db_pool.simple_insert(
+            "local_media_repository",
+            {
+                "media_id": media_id,
+                "created_ts": time_now_ms,
+                "user_id": user_id.to_string(),
+                "unused_expires_at": unused_expires_at,
+            },
+            desc="store_local_media_id",
+        )
+
     @trace
     async def store_local_media(
         self,

synapse/storage/schema/main/delta/80/02_add_unused_expires_at_for_media.sql

@@ -0,0 +1,22 @@
+/* Copyright 2023 Beeper Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+-- Add new colums to the `local_media_repository` to keep track of when the
+-- media ID must be used by. This is to support async uploads (see MSC2246).
+
+ALTER TABLE local_media_repository
+  ADD COLUMN unused_expires_at BIGINT DEFAULT NULL;
+
+CREATE INDEX CONCURRENTLY ON local_media_repository (unused_expires_at);