Fix #2084 - incorrect /event_auth response (#2085)

* Fix #2084

* Return early

* Linting

3 files changed, 52 insertions, 5 deletions

diff --git a/federationapi/routing/eventauth.go b/federationapi/routing/eventauth.go
index 34eaad1c..d92b66f4 100644
--- a/federationapi/routing/eventauth.go
+++ b/federationapi/routing/eventauth.go
@@ -16,6 +16,7 @@ import (
 	"context"
 	"net/http"
 
+	"github.com/matrix-org/dendrite/clientapi/jsonerror"
 	"github.com/matrix-org/dendrite/roomserver/api"
 	"github.com/matrix-org/gomatrixserverlib"
 	"github.com/matrix-org/util"
@@ -29,15 +30,42 @@ func GetEventAuth(
 	roomID string,
 	eventID string,
 ) util.JSONResponse {
-	// TODO: Optimisation: we shouldn't be querying all the room state
-	// that is in state.StateEvents - we just ignore it.
-	state, err := getState(ctx, request, rsAPI, roomID, eventID)
+	event, resErr := fetchEvent(ctx, rsAPI, eventID)
+	if resErr != nil {
+		return *resErr
+	}
+
+	if event.RoomID() != roomID {
+		return util.JSONResponse{Code: http.StatusNotFound, JSON: jsonerror.NotFound("event does not belong to this room")}
+	}
+	resErr = allowedToSeeEvent(ctx, request.Origin(), rsAPI, eventID)
+	if resErr != nil {
+		return *resErr
+	}
+
+	var response api.QueryStateAndAuthChainResponse
+	err := rsAPI.QueryStateAndAuthChain(
+		ctx,
+		&api.QueryStateAndAuthChainRequest{
+			RoomID:             roomID,
+			PrevEventIDs:       []string{eventID},
+			AuthEventIDs:       event.AuthEventIDs(),
+			OnlyFetchAuthChain: true,
+		},
+		&response,
+	)
 	if err != nil {
-		return *err
+		return util.ErrorResponse(err)
+	}
+
+	if !response.RoomExists {
+		return util.JSONResponse{Code: http.StatusNotFound, JSON: nil}
 	}
 
 	return util.JSONResponse{
 		Code: http.StatusOK,
-		JSON: gomatrixserverlib.RespEventAuth{AuthEvents: state.AuthEvents},
+		JSON: gomatrixserverlib.RespEventAuth{
+			AuthEvents: gomatrixserverlib.UnwrapEventHeaders(response.AuthChainEvents),
+		},
 	}
 }
diff --git a/roomserver/api/query.go b/roomserver/api/query.go
index 599156bb..28321715 100644
--- a/roomserver/api/query.go
+++ b/roomserver/api/query.go
@@ -226,6 +226,10 @@ type QueryStateAndAuthChainRequest struct {
 	PrevEventIDs []string `json:"prev_event_ids"`
 	// The list of auth events for the event. Used to calculate the auth chain
 	AuthEventIDs []string `json:"auth_event_ids"`
+	// If true, the auth chain events for the auth event IDs given will be fetched only. Prev event IDs are ignored.
+	// If false, state and auth chain events for the prev event IDs and entire current state will be included.
+	// TODO: not a great API shape. It serves 2 main uses: false=>response for send_join, true=>response for /event_auth
+	OnlyFetchAuthChain bool `json:"only_fetch_auth_chain"`
 	// Should state resolution be ran on the result events?
 	// TODO: check call sites and remove if we always want to do state res
 	ResolveState bool `json:"resolve_state"`
diff --git a/roomserver/internal/query/query.go b/roomserver/internal/query/query.go
index b80f08ab..28b140c7 100644
--- a/roomserver/internal/query/query.go
+++ b/roomserver/internal/query/query.go
@@ -457,6 +457,21 @@ func (r *Queryer) QueryStateAndAuthChain(
 	response.RoomExists = true
 	response.RoomVersion = info.RoomVersion
 
+	// handle this entirely separately to the other case so we don't have to pull out
+	// the entire current state of the room
+	// TODO: this probably means it should be a different query operation...
+	if request.OnlyFetchAuthChain {
+		var authEvents []*gomatrixserverlib.Event
+		authEvents, err = GetAuthChain(ctx, r.DB.EventsFromIDs, request.AuthEventIDs)
+		if err != nil {
+			return err
+		}
+		for _, event := range authEvents {
+			response.AuthChainEvents = append(response.AuthChainEvents, event.Headered(info.RoomVersion))
+		}
+		return nil
+	}
+
 	var stateEvents []*gomatrixserverlib.Event
 	stateEvents, err = r.loadStateAtEventIDs(ctx, *info, request.PrevEventIDs)
 	if err != nil {