From 7a38c12e5d5d4fd2932fd1eca84a7b6f55ece428 Mon Sep 17 00:00:00 2001
From: strawberry <strawberry@puppygock.gay>
Date: Sun, 26 May 2024 16:38:31 -0400
Subject: [PATCH] check for member event type at /send_leave

Signed-off-by: strawberry <strawberry@puppygock.gay>
---
 src/api/server_server.rs | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/src/api/server_server.rs b/src/api/server_server.rs
index 677d07f5..d87451c0 100644
--- a/src/api/server_server.rs
+++ b/src/api/server_server.rs
@@ -1502,6 +1502,22 @@ async fn create_leave_event(origin: &ServerName, room_id: &RoomId, pdu: &RawJson
 		));
 	}
 
+	let event_type: StateEventType = serde_json::from_value(
+		value
+			.get("type")
+			.ok_or_else(|| Error::BadRequest(ErrorKind::InvalidParam, "Leave event does not have state event type"))?
+			.clone()
+			.into(),
+	)
+	.map_err(|_| Error::BadRequest(ErrorKind::BadJson, "Leave event does not have a valid state event type"))?;
+
+	if event_type != StateEventType::RoomMember {
+		return Err(Error::BadRequest(
+			ErrorKind::InvalidParam,
+			"Not allowed to send non-membership state event at leave endpoint",
+		));
+	}
+
 	let origin: OwnedServerName = serde_json::from_value(
 		serde_json::to_value(
 			value