Drop support for legacy query param auth for appservices

CHANGELOG.md

@@ -2,6 +2,9 @@
 
 * *(appservice)* Dropped support for legacy non-prefixed appservice paths
   (e.g. `/transactions` instead of `/_matrix/app/v1/transactions`).
+* *(appservice)* Dropped support for legacy `access_token` authorization in
+  appservice endpoints.
+* *(bridge)* Bumped minimum Matrix spec version to v1.4.
 
 ## v0.17.0 (2024-01-16)
 

appservice/http.go

@@ -82,27 +82,20 @@ func (as *AppService) Stop() {
 // CheckServerToken checks if the given request originated from the Matrix homeserver.
 func (as *AppService) CheckServerToken(w http.ResponseWriter, r *http.Request) (isValid bool) {
 	authHeader := r.Header.Get("Authorization")
-	if len(authHeader) > 0 && strings.HasPrefix(authHeader, "Bearer ") {
-		isValid = authHeader[len("Bearer "):] == as.Registration.ServerToken
-	} else {
-		queryToken := r.URL.Query().Get("access_token")
-		if len(queryToken) > 0 {
-			isValid = queryToken == as.Registration.ServerToken
-		} else {
-			Error{
-				ErrorCode:  ErrUnknownToken,
-				HTTPStatus: http.StatusForbidden,
-				Message:    "Missing access token",
-			}.Write(w)
-			return
-		}
-	}
-	if !isValid {
+	if !strings.HasPrefix(authHeader, "Bearer ") {
+		Error{
+			ErrorCode:  ErrUnknownToken,
+			HTTPStatus: http.StatusForbidden,
+			Message:    "Missing access token",
+		}.Write(w)
+	} else if authHeader[len("Bearer "):] != as.Registration.ServerToken {
 		Error{
 			ErrorCode:  ErrUnknownToken,
 			HTTPStatus: http.StatusForbidden,
 			Message:    "Incorrect access token",
 		}.Write(w)
+	} else {
+		isValid = true
 	}
 	return
 }

bridge/bridge.go

@@ -291,7 +291,7 @@ func (br *Bridge) InitVersion(tag, commit, buildTime string) {
 	br.BuildTime = buildTime
 }
 
-var MinSpecVersion = mautrix.SpecV11
+var MinSpecVersion = mautrix.SpecV14
 
 func (br *Bridge) ensureConnection(ctx context.Context) {
 	for {