Validate data passed to REST api endpoints

This issue has been migrated from [#13147](https://github.com/matrix-org/synapse/issues/13147).

---

Tracking issue for https://github.com/matrix-org/synapse/milestone/9
 
List files which contain rest endpoints as follows:

As with https://github.com/matrix-org/synapse/issues/12651#issue-1227817405, we should concentrate on finding something which provides good error messages first, and good type information second. I think Pydantic is the best choice; I've had a go with it in https://github.com/matrix-org/synapse/commits/dmr/oidc-config-pydantic for validating some of our config. The rest endpoint payloads should be considerably simpler to validate.

```
$ rg -l --case-sensitive "def .*(POST|PUT|DELETE|GET).*$" synapse | sort | sed -e 's/^/- [ ] /'
```

To generate todo lists for each individual file, use the following write-only program:

```
sed -n -e 's/.*class \(.*$(.*Servlet):.*/- [ ] \1/p' -e 's/.*def on_$.*$(.*/  - \1/p' synapse/rest/client/devices.py
```

### app

- [ ] synapse/app/generic_worker.py

### federation

- [ ] synapse/federation/transport/server/federation.py
- [ ] synapse/federation/transport/server/__init__.py

### http

- [ ] synapse/http/server.py

### metrics

- [ ] synapse/metrics/_exposition.py

### rest/admin

- [ ] synapse/rest/admin/background_updates.py
- [ ] synapse/rest/admin/devices.py
- [ ] synapse/rest/admin/event_reports.py
- [ ] synapse/rest/admin/federation.py
- [ ] synapse/rest/admin/__init__.py
- [ ] synapse/rest/admin/media.py
- [ ] synapse/rest/admin/registration_tokens.py
- [ ] synapse/rest/admin/rooms.py
- [ ] synapse/rest/admin/server_notice_servlet.py
- [ ] synapse/rest/admin/statistics.py
- [ ] synapse/rest/admin/username_available.py
- [ ] synapse/rest/admin/users.py

### rest/client

- [x] synapse/rest/client/account_data.py, #13148
- [x] #13183
- [x] #13184
- [ ] synapse/rest/client/auth.py
- [ ] synapse/rest/client/_base.py
- [x] synapse/rest/client/capabilities.py (nothing to validate)
- [x] #14052
- [x] #14176
- [ ] synapse/rest/client/events.py
- [ ] #14265
- [ ] synapse/rest/client/initial_sync.py
- [ ] #14266
- [ ] synapse/rest/client/knock.py
- [ ] synapse/rest/client/login.py
- [ ] synapse/rest/client/logout.py
- [ ] synapse/rest/client/mutual_rooms.py
- [ ] synapse/rest/client/notifications.py
- [ ] synapse/rest/client/openid.py
- [ ] synapse/rest/client/password_policy.py
- [ ] synapse/rest/client/presence.py
- [ ] synapse/rest/client/profile.py
- [ ] synapse/rest/client/pusher.py
- [ ] synapse/rest/client/push_rule.py
- [ ] synapse/rest/client/read_marker.py
- [ ] synapse/rest/client/receipts.py
- [ ] synapse/rest/client/register.py
- [x] synapse/rest/client/relations.py (nothing to validate)
- [ ] synapse/rest/client/report_event.py
- [ ] synapse/rest/client/room_keys.py
- [ ] synapse/rest/client/room.py
- [ ] synapse/rest/client/room_upgrade_rest_servlet.py
- [ ] synapse/rest/client/sendtodevice.py
- [ ] synapse/rest/client/sync.py
- [ ] synapse/rest/client/tags.py
- [ ] synapse/rest/client/thirdparty.py
- [ ] synapse/rest/client/tokenrefresh.py
- [ ] synapse/rest/client/user_directory.py
- [x] synapse/rest/client/versions.py (nothing to validate)
- [x] synapse/rest/client/voip.py (nothing to validate)


### rest/key

- [x] synapse/rest/key/v2/local_key_resource.py (nothing to validate)
- [x] synapse/rest/key/v2/remote_key_resource.py #16183

### rest/media

- [x] synapse/rest/media/v1/config_resource.py (nothing to validate)
- [ ] synapse/rest/media/v1/download_resource.py
- [ ] synapse/rest/media/v1/preview_url_resource.py
- [ ] synapse/rest/media/v1/thumbnail_resource.py
- [ ] synapse/rest/media/v1/upload_resource.py

### rest/synapse/client

- [ ] synapse/rest/synapse/client/new_user_consent.py
- [ ] synapse/rest/synapse/client/oidc/callback_resource.py
- [ ] synapse/rest/synapse/client/password_reset.py
- [ ] synapse/rest/synapse/client/pick_idp.py
- [ ] synapse/rest/synapse/client/pick_username.py
- [ ] synapse/rest/synapse/client/saml2/metadata_resource.py
- [ ] synapse/rest/synapse/client/saml2/response_resource.py
- [ ] synapse/rest/synapse/client/sso_register.py
- [ ] synapse/rest/synapse/client/unsubscribe.py

### rest miscellaneous

- [ ] synapse/rest/consent/consent_resource.py
- [x] synapse/rest/well_known.py (nothing to validate)
- [x] synapse/rest/health.py (nothing to validate)

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Validate data passed to REST api endpoints #13147

app

federation

http

metrics

rest/admin

rest/client

rest/key

rest/media

rest/synapse/client

rest miscellaneous

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Validate data passed to REST api endpoints #13147

Description

app

federation

http

metrics

rest/admin

rest/client

rest/key

rest/media

rest/synapse/client

rest miscellaneous

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions