TudbuT/conduit
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fix: only allow the server user to set the admin alias

Browse source 
Should make it safer to move the alias if the admin room broke on a public server.

Signed-off-by: strawberry <strawberry@puppygock.gay>
This commit is contained in:
Matthias Ahouansou 2024-06-12 02:13:27 -04:00 committed by June 🍓🦴
parent 8fff7ea706
commit 556e78214a
1 changed files with 8 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
src/service/rooms/alias/mod.rs
View file

@ -21,7 +21,14 @@ pub struct Service {
impl Service {
#[tracing::instrument(skip(self))]
pub fn set_alias(&self, alias: &RoomAliasId, room_id: &RoomId, user_id: &UserId) -> Result<()> {
self.db.set_alias(alias, room_id, user_id)
if alias == services().globals.admin_alias && user_id != services().globals.server_user {
Err(Error::BadRequest(
ErrorKind::forbidden(),
"Only the server user can set this alias",
))
} else {
self.db.set_alias(alias, room_id, user_id)
}
}
#[tracing::instrument(skip(self))]