From 8e0f7b0d0ae3954f0eb28676f49005943f76c2f5 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Timo=20K=C3=B6sters?= <timo@koesters.xyz>
Date: Thu, 1 Feb 2024 12:05:59 +0100
Subject: [PATCH] Avoid federation when it is not necessary

---
 src/api/server_server.rs | 31 ++++++++++++++++++++++++++++++-
 1 file changed, 30 insertions(+), 1 deletion(-)

diff --git a/src/api/server_server.rs b/src/api/server_server.rs
index fafc52a6..0393f7fa 100644
--- a/src/api/server_server.rs
+++ b/src/api/server_server.rs
@@ -1963,6 +1963,13 @@ pub async fn get_devices_route(
         return Err(Error::bad_config("Federation is disabled."));
     }
 
+    if body.user_id.server_name() != services().globals.server_name() {
+        return Err(Error::BadRequest(
+            ErrorKind::InvalidParam,
+            "Tried to access user from other server.",
+        ));
+    }
+
     let sender_servername = body
         .sender_servername
         .as_ref()
@@ -2044,7 +2051,7 @@ pub async fn get_profile_information_route(
 
     if body.user_id.server_name() != services().globals.server_name() {
         return Err(Error::BadRequest(
-            ErrorKind::NotFound,
+            ErrorKind::InvalidParam,
             "User does not belong to this server",
         ));
     }
@@ -2085,6 +2092,17 @@ pub async fn get_keys_route(body: Ruma<get_keys::v1::Request>) -> Result<get_key
         return Err(Error::bad_config("Federation is disabled."));
     }
 
+    if body
+        .device_keys
+        .iter()
+        .any(|(u, _)| u.server_name() != services().globals.server_name())
+    {
+        return Err(Error::BadRequest(
+            ErrorKind::InvalidParam,
+            "User does not belong to this server.",
+        ));
+    }
+
     let result = get_keys_helper(
         None,
         &body.device_keys,
@@ -2110,6 +2128,17 @@ pub async fn claim_keys_route(
         return Err(Error::bad_config("Federation is disabled."));
     }
 
+    if body
+        .one_time_keys
+        .iter()
+        .any(|(u, _)| u.server_name() != services().globals.server_name())
+    {
+        return Err(Error::BadRequest(
+            ErrorKind::InvalidParam,
+            "Tried to access user from other server.",
+        ));
+    }
+
     let result = claim_keys_helper(&body.one_time_keys).await?;
 
     Ok(claim_keys::v1::Response {