From b141488f16d4e72804b4432bb89a0bc67da2116c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Henrik=20H=C3=BCttemann?= <henrik.huettemann@verdigado.com>
Date: Thu, 14 Sep 2023 16:14:22 +0200
Subject: [PATCH] Add creation of admin user mapping

---
 .env.example               |  1 +
 src/handlers/users.test.ts |  7 ++++---
 src/handlers/users.ts      | 39 ++++++++++++++++++++++++--------------
 3 files changed, 30 insertions(+), 17 deletions(-)

diff --git a/.env.example b/.env.example
index 0142512..de2cf7a 100644
--- a/.env.example
+++ b/.env.example
@@ -1,3 +1,4 @@
 REGISTRATION_SHARED_SECRET='look in your synapses homeserver.yaml'
 AS_TOKEN='look in the app-service.yaml'
 EXCLUDED_USERS='rocket.cat' # Comma-separated list of usernames or IDs
+ADMIN_USERNAME='admin' # The login name of the Rocket.Chat admin
diff --git a/src/handlers/users.test.ts b/src/handlers/users.test.ts
index 612aad2..9e8d0af 100644
--- a/src/handlers/users.test.ts
+++ b/src/handlers/users.test.ts
@@ -1,8 +1,10 @@
 process.env.REGISTRATION_SHARED_SECRET = 'ThisIsSoSecretWow'
 process.env.EXCLUDED_USERS = 'excludedUser1,excludedUser2'
+process.env.ADMIN_USERNAME = 'testAdmin'
 import { expect, jest, test } from '@jest/globals'
 import axios from 'axios'
-import * as storage from '../helpers/storage'
+import { Entity, entities } from '../Entities'
+import { IdMapping } from '../entity/IdMapping'
 import {
   MatrixUser,
   RcUser,
@@ -12,8 +14,7 @@ import {
   mapUser,
   userIsExcluded,
 } from '../handlers/users'
-import { IdMapping } from '../entity/IdMapping'
-import { Entity, entities } from '../Entities'
+import * as storage from '../helpers/storage'
 
 jest.mock('axios')
 const mockedAxios = axios as jest.Mocked<typeof axios>
diff --git a/src/handlers/users.ts b/src/handlers/users.ts
index 9c3ae1c..be4f073 100644
--- a/src/handlers/users.ts
+++ b/src/handlers/users.ts
@@ -1,9 +1,10 @@
 import { createHmac } from 'node:crypto'
-import log from '../helpers/logger'
-import { axios } from '../helpers/synapse'
-import { createMembership, getUserId, save } from '../helpers/storage'
-import { IdMapping } from '../entity/IdMapping'
 import { Entity, entities } from '../Entities'
+import adminAccessToken from '../config/synapse_access_token.json'
+import { IdMapping } from '../entity/IdMapping'
+import log from '../helpers/logger'
+import { createMembership, getUserId, save } from '../helpers/storage'
+import { axios } from '../helpers/synapse'
 
 export type RcUser = {
   _id: string
@@ -41,15 +42,22 @@ export function mapUser(rcUser: RcUser): MatrixUser {
   }
 }
 
-const registration_shared_secret = process.env.REGISTRATION_SHARED_SECRET || ''
-if (!registration_shared_secret) {
+const registrationSharedSecret = process.env.REGISTRATION_SHARED_SECRET || ''
+if (!registrationSharedSecret) {
   const message = 'No REGISTRATION_SHARED_SECRET found in .env.'
   log.error(message)
   throw new Error(message)
 }
 
+const adminUsername = process.env.ADMIN_USERNAME || ''
+if (!adminUsername) {
+  const message = 'No ADMIN_USERNAME found in .env.'
+  log.error(message)
+  throw new Error(message)
+}
+
 export function generateHmac(user: MatrixUser): string {
-  const hmac = createHmac('sha1', registration_shared_secret)
+  const hmac = createHmac('sha1', registrationSharedSecret)
   hmac.write(
     `${user.nonce}\0${user.username}\0${user.password}\0${
       user.admin ? 'admin' : 'notadmin'
@@ -87,7 +95,7 @@ export function userIsExcluded(rcUser: RcUser): boolean {
     reasons.push(`username "${rcUser.username}" is on exclusion list`)
 
   if (reasons.length > 0) {
-    log.debug(`User ${rcUser.name} is excluded: ${reasons.join(', ')}`)
+    log.warn(`User ${rcUser.name} is excluded: ${reasons.join(', ')}`)
     return true
   }
   return false
@@ -124,15 +132,18 @@ export async function createUser(rcUser: RcUser): Promise<MatrixUser> {
 export async function handle(rcUser: RcUser): Promise<void> {
   log.info(`Parsing user: ${rcUser.name}: ${rcUser._id}`)
 
-  if (userIsExcluded(rcUser)) {
-    return undefined
-  }
-
   const matrixId = await getUserId(rcUser._id)
   if (matrixId) {
     log.debug(`Mapping exists: ${rcUser._id} -> ${matrixId}`)
   } else {
-    const matrixUser = await createUser(rcUser)
-    await createMapping(rcUser._id, matrixUser)
+    if (rcUser.username === adminUsername) {
+      log.info(
+        `User ${rcUser.username} is defined as admin in ENV, mapping as such`
+      )
+      await createMapping(rcUser._id, adminAccessToken as unknown as MatrixUser)
+    } else if (!userIsExcluded(rcUser)) {
+      const matrixUser = await createUser(rcUser)
+      await createMapping(rcUser._id, matrixUser)
+    }
   }
 }