Admin API for reported events

changelog.d/8217.feature

@@ -0,0 +1 @@
+Add an admin API `GET /_synapse/admin/v1/event_reports` to read entries of table `event_reports`. Contributed by @dklimpel.

docs/admin_api/event_reports.rst

@@ -0,0 +1,57 @@
+Shows reported events
+====================
+
+This API returns information about reported events.
+
+The api is::
+
+    GET /_synapse/admin/v1/event_reports?from=0&limit=10
+
+To use it, you will need to authenticate by providing an ``access_token`` for a
+server admin: see `README.rst <README.rst>`_.
+
+It returns a JSON body like the following:
+
+.. code:: json
+
+    {
+        "event_reports": [
+            {
+                "content": "{\"reason\": \"foo\", \"score\": -100}",
+                "event_id": "$bNUFCwGzWca1meCGkjp-zwslF-GfVcXukvRLI1_FaVY",
+                "id": 2,
+                "reason": "foo",
+                "received_ts": 1570897107409,
+                "room_id": "!ERAgBpSOcCCuTJqQPk:matrix.org",
+                "user_id": "@foo:matrix.org"
+            },
+            {
+                "content": "{\"score\":-100,\"reason\":\"bar\"}",
+                "event_id": "$3IcdZsDaN_En-S1DF4EMCy3v4gNRKeOJs8W5qTOKj4I",
+                "id": 3,
+                "reason": "bar",
+                "received_ts": 1598889612059,
+                "room_id": "!eGvUQuTCkHGVwNMOjv:matrix.org",
+                "user_id": "@bar:matrix.org"
+            }
+        ],
+        "next_token": "2",
+        "total": 4
+}
+
+To paginate, check for ``next_token`` and if present, call the endpoint again
+with from set to the value of ``next_token``. This will return a new page.
+
+If the endpoint does not return a ``next_token`` then there are no more
+users to paginate through.
+
+**URL parameters:**
+
+- ``limit``: Is optional but is used for pagination,
+  denoting the maximum number of items to return in this call. Defaults to ``100``.
+- ``from``: Is optional but used for pagination,
+  denoting the offset in the returned results. This should be treated as an opaque value and
+  not explicitly set to anything other than the return value of next_token from a previous call.
+  Defaults to ``0``.
+- ``user_id``: Is optional and filters to only return users with user IDs that contain this value.
+- ``room_id``: Is optional and filters to only return rooms with room IDs that contain this value.

synapse/rest/admin/__init__.py

@@ -13,7 +13,6 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
-
 import logging
 import platform
 import re
@@ -31,6 +30,7 @@
     DeviceRestServlet,
     DevicesRestServlet,
 )
+from synapse.rest.admin.event_reports import EventReportsRestServlet
 from synapse.rest.admin.groups import DeleteGroupAdminRestServlet
 from synapse.rest.admin.media import ListMediaInRoom, register_servlets_for_media_repo
 from synapse.rest.admin.purge_room_servlet import PurgeRoomServlet
@@ -214,6 +214,7 @@ def register_servlets(hs, http_server):
     DeviceRestServlet(hs).register(http_server)
     DevicesRestServlet(hs).register(http_server)
     DeleteDevicesRestServlet(hs).register(http_server)
+    EventReportsRestServlet(hs).register(http_server)
 
 
 def register_servlets_for_client_rest_resource(hs, http_server):

synapse/rest/admin/event_reports.py

@@ -0,0 +1,65 @@
+# -*- coding: utf-8 -*-
+# Copyright 2020 Dirk Klimpel
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+import logging
+
+from synapse.http.servlet import RestServlet, parse_integer, parse_string
+from synapse.rest.admin._base import admin_patterns, assert_requester_is_admin
+
+logger = logging.getLogger(__name__)
+
+
+class EventReportsRestServlet(RestServlet):
+    """
+    List all reported events that are known to the homeserver. Results are returned
+    in a dictionary containing report information. Supports pagination.
+    This needs user to have administrator access in Synapse.
+
+    GET /_synapse/admin/v1/event_reports?from=0&limit=10
+    returns:
+        200 OK with list of reports if success otherwise an error.
+
+    Args
+        The parameters `from` and `limit` are required only for pagination.
+        By default, a `limit` of 100 is used.
+        The parameter `user_id` can be used to filter by user id.
+        The parameter `room_id` can be used to filter by room id.
+    Returns:
+        A list of reported events and an integer representing the total number of
+        reported events that exist given this query
+    """
+
+    PATTERNS = admin_patterns("/event_reports$")
+
+    def __init__(self, hs):
+        self.hs = hs
+        self.auth = hs.get_auth()
+        self.store = hs.get_datastore()
+
+    async def on_GET(self, request):
+        await assert_requester_is_admin(self.auth, request)
+
+        start = parse_integer(request, "from", default=0)
+        limit = parse_integer(request, "limit", default=100)
+        user_id = parse_string(request, "user_id", default=None)
+        room_id = parse_string(request, "room_id", default=None)
+
+        event_reports, total = await self.store.get_event_reports_paginate(
+            start, limit, user_id, room_id
+        )
+        ret = {"event_reports": event_reports, "total": total}
+        if len(event_reports) >= limit:
+            ret["next_token"] = str(start + len(event_reports))
+
+        return 200, ret

synapse/storage/databases/main/room.py

@@ -1320,6 +1320,58 @@ async def add_event_report(
             desc="add_event_report",
         )
 
+    async def get_event_reports_paginate(
+        self, start: int, limit: int, user_id: str = None, room_id: str = None
+    ) -> Tuple[List[Dict[str, Any]], int]:
+        """Function to retrieve a paginated list of event reports
+        This will return a json list of event reports and the
+        total number of event reports matching the filter criteria.
+
+        Args:
+            start: start number to begin the query from
+            limit: number of rows to retrieve
+            user_id: search for user_id. ignored if name is not None
+            room_id: search for room_id. ignored if name is not None
+        """
+
+        def _get_event_reports_paginate_txn(txn):
+            filters = []
+            args = []
+
+            if user_id:
+                filters.append("user_id LIKE ?")
+                args.extend(["%" + user_id + "%"])
+            if room_id:
+                filters.append("room_id LIKE ?")
+                args.extend(["%" + room_id + "%"])
+
+            where_clause = "WHERE " + " AND ".join(filters) if len(filters) > 0 else ""
+
+            sql_base = """
+                FROM event_reports
+                {}
+                """.format(
+                where_clause
+            )
+            logger.warning("sql_base: %s ", sql_base)
+            sql = "SELECT COUNT(*) as total_event_reports " + sql_base
+            txn.execute(sql, args)
+            count = txn.fetchone()[0]
+
+            sql = (
+                "SELECT id, received_ts, room_id, event_id, user_id, reason, content "
+                + sql_base
+                + " ORDER BY received_ts LIMIT ? OFFSET ?"
+            )
+            args += [limit, start]
+            txn.execute(sql, args)
+            event_reports = self.db_pool.cursor_to_dict(txn)
+            return event_reports, count
+
+        return await self.db_pool.runInteraction(
+            "get_event_reports_paginate", _get_event_reports_paginate_txn
+        )
+
     def get_current_public_room_stream_id(self):
         return self._public_room_id_gen.get_current_token()