From a85ebdeaa0bcca4a7df782359f071a27489f0a74 Mon Sep 17 00:00:00 2001
From: strawberry <strawberry@puppygock.gay>
Date: Tue, 16 Jan 2024 19:47:40 -0500
Subject: [PATCH] require sender_user being in the reporting room for /report
 events

Matrix 1.8 change:
https://spec.matrix.org/v1.9/client-server-api/#post_matrixclientv3roomsroomidreporteventid

Signed-off-by: strawberry <strawberry@puppygock.gay>
---
 src/api/client_server/account.rs    |  2 +-
 src/api/client_server/membership.rs |  2 +-
 src/api/client_server/report.rs     | 16 +++++++++++++++-
 3 files changed, 17 insertions(+), 3 deletions(-)

diff --git a/src/api/client_server/account.rs b/src/api/client_server/account.rs
index ac3324db..71580d7a 100644
--- a/src/api/client_server/account.rs
+++ b/src/api/client_server/account.rs
@@ -19,7 +19,7 @@ use register::RegistrationKind;
 
 const RANDOM_USER_ID_LENGTH: usize = 10;
 
-/// # `GET /_matrix/client/r0/register/available`
+/// # `GET /_matrix/client/v3/register/available`
 ///
 /// Checks if a username is valid and available on this server.
 ///
diff --git a/src/api/client_server/membership.rs b/src/api/client_server/membership.rs
index df7980ff..deb31e4b 100644
--- a/src/api/client_server/membership.rs
+++ b/src/api/client_server/membership.rs
@@ -361,7 +361,7 @@ pub async fn unban_user_route(
     Ok(unban_user::v3::Response::new())
 }
 
-/// # `POST /_matrix/client/r0/rooms/{roomId}/forget`
+/// # `POST /_matrix/client/v3/rooms/{roomId}/forget`
 ///
 /// Forgets about a room.
 ///
diff --git a/src/api/client_server/report.rs b/src/api/client_server/report.rs
index 412590ba..e7503eac 100644
--- a/src/api/client_server/report.rs
+++ b/src/api/client_server/report.rs
@@ -5,7 +5,7 @@ use ruma::{
     int,
 };
 
-/// # `POST /_matrix/client/r0/rooms/{roomId}/report/{eventId}`
+/// # `POST /_matrix/client/v3/rooms/{roomId}/report/{eventId}`
 ///
 /// Reports an inappropriate event to homeserver admins
 ///
@@ -24,6 +24,20 @@ pub async fn report_event_route(
         }
     };
 
+    // check if reporting user is in the reporting room
+    if !services()
+        .rooms
+        .state_cache
+        .room_members(&pdu.room_id)
+        .filter_map(|r| r.ok())
+        .any(|user_id| user_id == *sender_user)
+    {
+        return Err(Error::BadRequest(
+            ErrorKind::NotFound,
+            "You are not in the room you are reporting.",
+        ));
+    }
+
     if let Some(true) = body.score.map(|s| s > int!(0) || s < int!(-100)) {
         return Err(Error::BadRequest(
             ErrorKind::InvalidParam,