Implement MSC3916

[S7evinK]

Needs matrix-org/gomatrixserverlib#437

[codecov]

Codecov Report

Attention: Patch coverage is 32.92683% with 110 lines in your changes missing coverage. Please review.

Project coverage is 68.10%. Comparing base (c876790) to head (6f17931).
Report is 4 commits behind head on main.

Files	Patch %	Lines
mediaapi/routing/download.go	31.76%	46 Missing and 12 partials ⚠️
federationapi/routing/routing.go	8.00%	22 Missing and 1 partial ⚠️
mediaapi/routing/routing.go	58.82%	14 Missing ⚠️
internal/httputil/httpapi.go	13.33%	12 Missing and 1 partial ⚠️
clientapi/routing/routing.go	50.00%	0 Missing and 1 partial ⚠️
userapi/internal/key_api.go	0.00%	0 Missing and 1 partial ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #3397      +/-   ##
==========================================
- Coverage   68.24%   68.10%   -0.15%     
==========================================
  Files         513      513              
  Lines       46865    47176     +311     
==========================================
+ Hits        31983    32127     +144     
- Misses      10891    11045     +154     
- Partials     3991     4004      +13     

Flag	Coverage Δ
unittests	53.26% <32.92%> (-0.13%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[S7evinK]

Complement PR: matrix-org/complement#731

[HenrikSolver]

I find the name isMutiPart a bit confusing. After some digging in the spec I think I understand where it comes from, but a `isAuthed' or something would be easier to understand.

[kegsay]

Agreed. It's an implementation detail that the authed endpoint needs multipart, so prefer isAuthed right up until you're forced to process the response.

[HenrikSolver]

fallback to unauthed download should only be done when status code is 404 according to the spec. Here it is done on all errors. Status code can also be 429, 502 or 504, They should probably be handled in their own ways.

[S7evinK]

True, but what if e.g. matrix.org (or CF in that matter), returns a 520? (or whatever the response was for "CF is upset").
Going to revisit this in another PR, though.

[kegsay]

A few things:

• restructure the download functions to make the fallback logic clearer,
• double check error handling / messages as numerous ones aren't logging the right thing,
• add tests, at the very least for the multipart stuff as it seems pretty complex and fiddly. There's examples in the MSC itself, so I suggest you use them for the tests.

[kegsay]

It ain't HTML though?

[S7evinK]

While true, we also have MakeHTMLAPI, with basically the same function signature. That's why I named it that way, could be MakeFedHTMLAPI, though.

[kegsay]

Flag is unclear. Is this implying that the download is over fed? Or the response will be sent via fed?

[S7evinK]

That it's the response for an incoming federation request.

[kegsay]

Agreed. It's an implementation detail that the authed endpoint needs multipart, so prefer isAuthed right up until you're forced to process the response.

[kegsay]

I would have structured this differently, and instead spun off from fetchRemoteFile into fetchRemoteFileUnauthenticated and fetchRemteFileAuthenticated. Then the fallback becomes a lot clearer to read. At present, it's all mixed up in the impl.

[S7evinK]

That would be an exercise when refactoring/rewriting the entire MediaAPI, imho.

[kegsay]

Still needs tests. Unit tests for new code is not a big ask here and should land before this PR does. Ideally we'd test control flow here as it's complex, but that is a bigger ask and would need more refactoring to do correctly.