Integrate MAS with Synapse

mas/share/templates/swagger/doc.html

@@ -0,0 +1,27 @@
+{#
+Copyright 2024, 2025 New Vector Ltd.
+Copyright 2024 The Matrix.org Foundation C.I.C.
+
+SPDX-License-Identifier: AGPL-3.0-only OR LicenseRef-Element-Commercial
+Please see LICENSE files in the repository root for full details.
+-#}
+
+<!DOCTYPE html>
+<html lang="en">
+  <head>
+    <meta charset="UTF-8" />
+    <meta name="viewport" content="width=device-width, initial-scale=1.0" />
+    <title>API documentation</title>
+    <script>
+      window.API_CONFIG = {
+        openapiUrl: "{{ openapi_url | add_slashes | safe }}",
+        callbackUrl: "{{ callback_url | add_slashes | safe }}",
+      };
+    </script>
+    {{ include_asset('src/entrypoints/swagger.ts') | indent(4) | safe }}
+  </head>
+
+  <body>
+    <div id="swagger-ui"></div>
+  </body>
+</html>

mas/share/templates/swagger/oauth2-redirect.html

@@ -0,0 +1,89 @@
+{#
+Copyright 2024, 2025 New Vector Ltd.
+Copyright 2024 The Matrix.org Foundation C.I.C.
+
+SPDX-License-Identifier: AGPL-3.0-only OR LicenseRef-Element-Commercial
+Please see LICENSE files in the repository root for full details.
+-#}
+
+{# This is taken from the swagger-ui/dist/oauth2-redirect.html file #}
+
+<!DOCTYPE html>
+<html lang="en">
+  <head>
+    <title>API documentation: OAuth2 Redirect</title>
+  </head>
+  <body>
+    <script>
+      'use strict';
+      function run () {
+        var oauth2 = window.opener.swaggerUIRedirectOauth2;
+        var sentState = oauth2.state;
+        var redirectUrl = oauth2.redirectUrl;
+        var isValid, qp, arr;
+
+        if (/code|token|error/.test(window.location.hash)) {
+          qp = window.location.hash.substring(1).replace('?', '&');
+        } else {
+          qp = location.search.substring(1);
+        }
+
+        arr = qp.split("&");
+        arr.forEach(function (v,i,_arr) { _arr[i] = '"' + v.replace('=', '":"') + '"';});
+        qp = qp ? JSON.parse('{' + arr.join() + '}',
+            function (key, value) {
+              return key === "" ? value : decodeURIComponent(value);
+            }
+        ) : {};
+
+        isValid = qp.state === sentState;
+
+        if ((
+        oauth2.auth.schema.get("flow") === "accessCode" ||
+        oauth2.auth.schema.get("flow") === "authorizationCode" ||
+        oauth2.auth.schema.get("flow") === "authorization_code"
+        ) && !oauth2.auth.code) {
+          if (!isValid) {
+            oauth2.errCb({
+              authId: oauth2.auth.name,
+              source: "auth",
+              level: "warning",
+              message: "Authorization may be unsafe, passed state was changed in server. The passed state wasn't returned from auth server."
+            });
+          }
+
+          if (qp.code) {
+            delete oauth2.state;
+            oauth2.auth.code = qp.code;
+            oauth2.callback({auth: oauth2.auth, redirectUrl: redirectUrl});
+          } else {
+            let oauthErrorMsg;
+            if (qp.error) {
+              oauthErrorMsg = "["+qp.error+"]: " +
+                (qp.error_description ? qp.error_description+ ". " : "no accessCode received from the server. ") +
+                (qp.error_uri ? "More info: "+qp.error_uri : "");
+            }
+
+            oauth2.errCb({
+              authId: oauth2.auth.name,
+              source: "auth",
+              level: "error",
+              message: oauthErrorMsg || "[Authorization failed]: no accessCode received from the server."
+            });
+          }
+        } else {
+          oauth2.callback({auth: oauth2.auth, token: qp, isValid: isValid, redirectUrl: redirectUrl});
+        }
+        window.close();
+      }
+
+      if (document.readyState !== 'loading') {
+        run();
+      } else {
+        document.addEventListener('DOMContentLoaded', function () {
+          run();
+        });
+      }
+    </script>
+  </body>
+</html>