TudbuT/conduit
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

dont allow admin room to be made world readable

Browse source 
Signed-off-by: strawberry <strawberry@puppygock.gay>
This commit is contained in:
strawberry 2024-04-22 02:54:06 -04:00 committed by June
parent 9297c642aa
commit b8a748815a
1 changed files with 18 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

18
src/api/client_server/state.rs
View file

@ -8,6 +8,7 @@ use ruma::{
events::{ events::{
room::{ room::{
canonical_alias::RoomCanonicalAliasEventContent, canonical_alias::RoomCanonicalAliasEventContent,
history_visibility::{HistoryVisibility, RoomHistoryVisibilityEventContent},
join_rules::{JoinRule, RoomJoinRulesEventContent}, join_rules::{JoinRule, RoomJoinRulesEventContent},
}, },
AnyStateEventContent, StateEventType, AnyStateEventContent, StateEventType,
@ -251,6 +252,23 @@ async fn send_state_event_for_key_helper(
} }
} }
}, },
// admin room is a sensitive room, it should not ever be made world readable
StateEventType::RoomHistoryVisibility => {
if let Some(admin_room_id) = service::admin::Service::get_admin_room()? {
if admin_room_id == room_id {
if let Ok(visibility_content) =
serde_json::from_str::<RoomHistoryVisibilityEventContent>(json.json().get())
{
if visibility_content.history_visibility == HistoryVisibility::WorldReadable {
return Err(Error::BadRequest(
ErrorKind::forbidden(),
"Admin room is not allowed to be made world readable (public room history).",
));
}
}
}
}
},
// TODO: allow alias if it previously existed // TODO: allow alias if it previously existed
StateEventType::RoomCanonicalAlias => { StateEventType::RoomCanonicalAlias => {
if let Ok(canonical_alias) = serde_json::from_str::<RoomCanonicalAliasEventContent>(json.json().get()) { if let Ok(canonical_alias) = serde_json::from_str::<RoomCanonicalAliasEventContent>(json.json().get()) {