99 lines
3.3 KiB
PHP
99 lines
3.3 KiB
PHP
<?php
|
|
|
|
/**
|
|
* SynapseHelper
|
|
*
|
|
* Resolves local (SSO) usernames → Matrix user IDs by querying the
|
|
* Synapse Admin REST API directly. No caching — every call is live
|
|
* so results never go stale.
|
|
*
|
|
* Required config (.env) keys:
|
|
* MATRIX_DOMAIN e.g. matrix.lotusguild.org
|
|
* SYNAPSE_ADMIN_URL e.g. http://10.10.10.29:8008 (internal client-API URL)
|
|
* SYNAPSE_ADMIN_TOKEN a Synapse admin access token
|
|
*/
|
|
class SynapseHelper
|
|
{
|
|
/**
|
|
* Resolve a local SSO username to its Matrix user ID.
|
|
*
|
|
* Uses the Synapse Admin API v2 endpoint:
|
|
* GET /_synapse/admin/v2/users/@{username}:{domain}
|
|
*
|
|
* If the account exists in Synapse the method returns the Matrix ID string.
|
|
* If the account does not exist, or if Synapse is unreachable / not configured,
|
|
* it returns null silently (notifications are best-effort).
|
|
*
|
|
* @param string $username Local username (e.g. "jared")
|
|
* @return string|null Matrix user ID (e.g. "@jared:matrix.lotusguild.org") or null
|
|
*/
|
|
public static function resolveUsername(string $username): ?string
|
|
{
|
|
$baseUrl = $GLOBALS['config']['SYNAPSE_ADMIN_URL'] ?? null;
|
|
$token = $GLOBALS['config']['SYNAPSE_ADMIN_TOKEN'] ?? null;
|
|
$domain = $GLOBALS['config']['MATRIX_DOMAIN'] ?? null;
|
|
|
|
if (!$baseUrl || !$token || !$domain) {
|
|
return null;
|
|
}
|
|
|
|
// Build the Matrix user ID and percent-encode it once for the URL path.
|
|
// rawurlencode($username) here would double-encode any special chars when
|
|
// the full $matrixId string is encoded again below.
|
|
$matrixId = '@' . $username . ':' . $domain;
|
|
$url = rtrim($baseUrl, '/') . '/_synapse/admin/v2/users/' . rawurlencode($matrixId);
|
|
|
|
$ch = curl_init($url);
|
|
curl_setopt($ch, CURLOPT_HTTPHEADER, [
|
|
'Authorization: Bearer ' . $token,
|
|
'Accept: application/json',
|
|
]);
|
|
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
|
|
curl_setopt($ch, CURLOPT_TIMEOUT, 5);
|
|
|
|
$body = curl_exec($ch);
|
|
$httpCode = curl_getinfo($ch, CURLINFO_HTTP_CODE);
|
|
$curlError = curl_error($ch);
|
|
curl_close($ch);
|
|
|
|
if ($curlError) {
|
|
error_log("SynapseHelper: cURL error resolving '{$username}': {$curlError}");
|
|
return null;
|
|
}
|
|
|
|
if ($httpCode === 200) {
|
|
$data = json_decode($body, true);
|
|
// Confirm the response contains the name we expect
|
|
if (!empty($data['name'])) {
|
|
return $data['name']; // e.g. "@jared:matrix.lotusguild.org"
|
|
}
|
|
}
|
|
|
|
// 404 = user not found in Synapse; other codes = error
|
|
if ($httpCode !== 404) {
|
|
error_log("SynapseHelper: unexpected HTTP {$httpCode} resolving '{$username}'");
|
|
}
|
|
|
|
return null;
|
|
}
|
|
|
|
/**
|
|
* Resolve multiple usernames to Matrix IDs.
|
|
* Returns only those that were successfully confirmed in Synapse.
|
|
*
|
|
* @param string[] $usernames
|
|
* @return string[] Matrix user IDs
|
|
*/
|
|
public static function resolveUsernames(array $usernames): array
|
|
{
|
|
$ids = [];
|
|
foreach ($usernames as $username) {
|
|
$id = self::resolveUsername($username);
|
|
if ($id !== null) {
|
|
$ids[] = $id;
|
|
}
|
|
}
|
|
return $ids;
|
|
}
|
|
}
|