fix: get_missing_events endpoint payload according to spec

[sampaiodiego]

Summary by CodeRabbit

• New Features

  • Added federation endpoints for user key queries and device queries; expanded route metadata and responses.

• Bug Fixes

  • Made limit and min_depth optional for missing-events requests.
  • Lowered max limit to 20 and default min_depth to 0.

• Chores

  • Changed missing-events route from GET to POST with updated request shape and defaults.
  • Cleaned up service routing so missing-events now uses the event service path.

[coderabbitai]

Walkthrough

The PR removes the composed makeGetMissingEventsProcedure from core, drops getMissingEvents from ProfilesService and its EventService dependency, re-routes FederationSDK.getMissingEvents to call EventService directly, and refactors federation profiles controller routes and DTO constraints for get_missing_events.

Changes

Cohort / File(s)	Summary
Core procedure removal packages/core/src/index.ts, packages/core/src/procedures/getMissingEvents.ts	Removed exported makeGetMissingEventsProcedure that composed depth resolution and event retrieval.
SDK delegation rerouting packages/federation-sdk/src/sdk.ts	getMissingEvents now delegates to eventService.getMissingEvents and its parameter typing was updated accordingly.
Service layer cleanup packages/federation-sdk/src/services/profiles.service.ts	Removed EventService constructor parameter, related private field/logger, and the getMissingEvents method from ProfilesService.
Federation controller restructuring packages/homeserver/src/controllers/federation/profiles.controller.ts	Flattened route definitions, added detailed metadata, changed /get_missing_events from GET to POST (body parsing, defaults), added user keys query and devices endpoints, and adjusted make_join/event_auth routes.
DTO field constraints packages/homeserver/src/dtos/federation/profiles.dto.ts	GetMissingEventsBodyDto updated: limit and min_depth made optional; limit max lowered to 20; min_depth minimum lowered to 0 and default set to 0.

Sequence Diagram(s)

sequenceDiagram
    participant Client
    participant SDK as FederationSDK
    participant PS as ProfilesService
    participant ES as EventService

    rect `#dfefff`
    Note over Client,PS: Previous flow (via ProfilesService)
    Client->>SDK: getMissingEvents(...)
    SDK->>PS: getMissingEvents(...)
    PS->>ES: getMissingEvents(...)
    ES-->>PS: events
    PS-->>SDK: events
    SDK-->>Client: events
    end

    rect `#e8ffe6`
    Note over Client,ES: New flow (direct to EventService)
    Client->>SDK: getMissingEvents(...)
    SDK->>ES: getMissingEvents(...)
    ES-->>SDK: events
    SDK-->>Client: events
    end

Loading

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~45 minutes

• Pay extra attention to packages/homeserver/src/controllers/federation/profiles.controller.ts (route semantics, method changes, body parsing, response codes).
• Validate DTO changes in packages/homeserver/src/dtos/federation/profiles.dto.ts (validation/default behaviors).
• Ensure the SDK/service delegation change preserves authorization/validation previously performed by ProfilesService.

Possibly related PRs

• chore: state management DTOs and update profiles controller types #195 — Modifies federation profiles controller and make_join handling; overlaps with controller refactor and DTO changes.
• fix: load missed events not working properly #276 — Touches getMissingEvents responsibilities and FederationService integration; relates to removal/rerouting of getMissingEvents.

Suggested reviewers

• rodrigok
• ggazzo

Poem

🐰 I hopped through code, removed the middle link,
Events now go where deeper roots sink.
Routes reshaped, POSTs in a row,
Limits softened, depths set low —
I nibble bugs and then I blink. 🥕

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately describes the main change: updating the get_missing_events endpoint payload to conform to specification requirements.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch fix-get-missing-events

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[codecov-commenter]

Codecov Report

❌ Patch coverage is 50.00000% with 1 line in your changes missing coverage. Please review.
✅ Project coverage is 52.82%. Comparing base (5cc3127) to head (d0b77f9).

Files with missing lines	Patch %	Lines
packages/federation-sdk/src/sdk.ts	50.00%	1 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main     #301      +/-   ##
==========================================
- Coverage   53.03%   52.82%   -0.22%     
==========================================
  Files          96       96              
  Lines       12571    12551      -20     
==========================================
- Hits         6667     6630      -37     
- Misses       5904     5921      +17     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (1)

packages/homeserver/src/controllers/federation/profiles.controller.ts (1)

98-122: Query parameter handling needs clarification.

The ver query parameter is extracted but unused (line 103), yet the route accepts query: t.Any(). Additionally, the room version is hardcoded as ['10'] (line 105-106).

Consider either:

• Implementing the ver query parameter to support version negotiation
• Removing the unused destructuring if version negotiation isn't needed yet

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

Disabled knowledge base sources:

• Jira integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between 5cc3127 and d0b77f9.

📒 Files selected for processing (6)

• packages/core/src/index.ts (0 hunks)
• packages/core/src/procedures/getMissingEvents.ts (0 hunks)
• packages/federation-sdk/src/sdk.ts (1 hunks)
• packages/federation-sdk/src/services/profiles.service.ts (0 hunks)
• packages/homeserver/src/controllers/federation/profiles.controller.ts (1 hunks)
• packages/homeserver/src/dtos/federation/profiles.dto.ts (1 hunks)

💤 Files with no reviewable changes (3)

• packages/core/src/procedures/getMissingEvents.ts
• packages/core/src/index.ts
• packages/federation-sdk/src/services/profiles.service.ts

🧰 Additional context used

🧬 Code graph analysis (1)

packages/homeserver/src/controllers/federation/profiles.controller.ts (5)

packages/homeserver/src/middlewares/isAuthenticated.ts (1)

• isAuthenticatedMiddleware (4-69)

packages/federation-sdk/src/index.ts (4)

• federationSDK (207-207)
• UserID (36-36)
• RoomID (37-37)
• EventID (35-35)

packages/room/src/types/_common.ts (3)

• UserID (20-20)
• RoomID (16-16)
• EventID (8-8)

packages/homeserver/src/dtos/federation/profiles.dto.ts (7)

• MakeJoinParamsDto (52-55)
• MakeJoinResponseDto (87-122)
• GetMissingEventsParamsDto (124-126)
• GetMissingEventsBodyDto (128-146)
• GetMissingEventsResponseDto (148-152)
• EventAuthParamsDto (154-157)
• EventAuthResponseDto (159-163)

packages/homeserver/src/middlewares/canAccessResource.ts (1)

• canAccessResourceMiddleware (25-69)

🔇 Additional comments (6)

packages/federation-sdk/src/sdk.ts (1)

273-277: LGTM! Delegation to EventService is correct.

The delegation from profilesService to eventService aligns with the architectural changes in this PR. The parameter typing is correctly updated.

Note: Codecov indicates line 276 lacks test coverage. Consider adding a test case that exercises this delegation path.

packages/homeserver/src/controllers/federation/profiles.controller.ts (4)

24-27: LGTM! Improved route structure.

The refactoring to a returning style with explicit route grouping enhances readability and maintainability.

---

45-95: LGTM! Proper E2EE endpoint stubs.

The keys and devices endpoints are correctly stubbed with 501 status codes and clear error messages indicating E2EE is not implemented. The request/response typing is complete.

---

124-147: LGTM! Endpoint correctly implements Matrix spec.

The change from GET to POST aligns with the Matrix Server-Server API specification (v1.16). The default value handling (body.limit || 10, body.min_depth || 0) correctly compensates for optional DTO fields that don't auto-populate.

---

148-166: LGTM! Clean event_auth endpoint implementation.

The endpoint is properly structured with correct parameter validation and response typing.

packages/homeserver/src/dtos/federation/profiles.dto.ts (1)

131-145: Based on the specification search results, I can confirm part of the changes but cannot definitively verify the limit maximum.

Constraint changes verified against Matrix specification.

The Matrix federation specification example shows "limit": 10, "min_depth": 0. The changes to min_depth are correct: the previous defaults and minimums (min: 1, default: 1) violated the spec, and the new values (min: 0, default: 0) align with it.

However, the specification examples do not explicitly define a maximum constraint for the limit parameter. The change from 100 → 20 cannot be verified as spec-compliant or non-compliant based on available documentation. Consider documenting whether this reduction to 20 is:

• A deliberate implementation-specific limit for resource protection
• Aligned with recommendations from federated server implementations (e.g., Synapse)

The defaults and minimum constraints are now spec-compliant.