TudbuT/conduit
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

better event_type checks for send_state_event_for_key_helper

Browse source 
Signed-off-by: strawberry <strawberry@puppygock.gay>
This commit is contained in:
strawberry 2024-04-03 17:14:14 -04:00 committed by June
parent 0214caeaea
commit c803891634
1 changed files with 49 additions and 61 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

110
src/api/client_server/state.rs
View file

@ -35,21 +35,6 @@ pub async fn send_state_event_for_key_route(
) -> Result<send_state_event::v3::Response> { ) -> Result<send_state_event::v3::Response> {
let sender_user = body.sender_user.as_ref().expect("user is authenticated"); let sender_user = body.sender_user.as_ref().expect("user is authenticated");
if body.event_type == StateEventType::RoomJoinRules {
if let Some(admin_room_id) = service::admin::Service::get_admin_room()? {
if admin_room_id == body.room_id {
if let Ok(join_rule) = serde_json::from_str::<RoomJoinRulesEventContent>(body.body.body.json().get()) {
if join_rule.join_rule == JoinRule::Public {
return Err(Error::BadRequest(
ErrorKind::forbidden(),
"Admin room is not allowed to be public.",
));
}
}
}
}
}
let event_id = send_state_event_for_key_helper( let event_id = send_state_event_for_key_helper(
sender_user, sender_user,
&body.room_id, &body.room_id,
@ -78,26 +63,6 @@ pub async fn send_state_event_for_empty_key_route(
) -> Result<RumaResponse<send_state_event::v3::Response>> { ) -> Result<RumaResponse<send_state_event::v3::Response>> {
let sender_user = body.sender_user.as_ref().expect("user is authenticated"); let sender_user = body.sender_user.as_ref().expect("user is authenticated");
// Forbid m.room.encryption if encryption is disabled
if body.event_type == StateEventType::RoomEncryption && !services().globals.allow_encryption() {
return Err(Error::BadRequest(ErrorKind::forbidden(), "Encryption has been disabled"));
}
if body.event_type == StateEventType::RoomJoinRules {
if let Some(admin_room_id) = service::admin::Service::get_admin_room()? {
if admin_room_id == body.room_id {
if let Ok(join_rule) = serde_json::from_str::<RoomJoinRulesEventContent>(body.body.body.json().get()) {
if join_rule.join_rule == JoinRule::Public {
return Err(Error::BadRequest(
ErrorKind::forbidden(),
"Admin room is not allowed to be public.",
));
}
}
}
}
}
let event_id = send_state_event_for_key_helper( let event_id = send_state_event_for_key_helper(
sender_user, sender_user,
&body.room_id, &body.room_id,
@ -264,32 +229,55 @@ pub async fn get_state_events_for_empty_key_route(
async fn send_state_event_for_key_helper( async fn send_state_event_for_key_helper(
sender: &UserId, room_id: &RoomId, event_type: &StateEventType, json: &Raw<AnyStateEventContent>, state_key: String, sender: &UserId, room_id: &RoomId, event_type: &StateEventType, json: &Raw<AnyStateEventContent>, state_key: String,
) -> Result<Arc<EventId>> { ) -> Result<Arc<EventId>> {
let sender_user = sender; match *event_type {
// Forbid m.room.encryption if encryption is disabled
// TODO: Review this check, error if event is unparsable, use event type, allow StateEventType::RoomEncryption => {
// alias if it previously existed if !services().globals.allow_encryption() {
if let Ok(canonical_alias) = serde_json::from_str::<RoomCanonicalAliasEventContent>(json.json().get()) { return Err(Error::BadRequest(ErrorKind::forbidden(), "Encryption has been disabled"));
let mut aliases = canonical_alias.alt_aliases.clone();
if let Some(alias) = canonical_alias.alias {
aliases.push(alias);
}
for alias in aliases {
if alias.server_name() != services().globals.server_name()
|| services()
.rooms
.alias
.resolve_local_alias(&alias)?
.filter(|room| room == room_id) // Make sure it's the right room
.is_none()
{
return Err(Error::BadRequest(
ErrorKind::forbidden(),
"You are only allowed to send canonical_alias events when its aliases already exist",
));
} }
} },
// admin room is a sensitive room, it should not ever be made public
StateEventType::RoomJoinRules => {
if let Some(admin_room_id) = service::admin::Service::get_admin_room()? {
if admin_room_id == room_id {
if let Ok(join_rule) = serde_json::from_str::<RoomJoinRulesEventContent>(json.json().get()) {
if join_rule.join_rule == JoinRule::Public {
return Err(Error::BadRequest(
ErrorKind::forbidden(),
"Admin room is not allowed to be public.",
));
}
}
}
}
},
// TODO: allow alias if it previously existed
StateEventType::RoomCanonicalAlias => {
if let Ok(canonical_alias) = serde_json::from_str::<RoomCanonicalAliasEventContent>(json.json().get()) {
let mut aliases = canonical_alias.alt_aliases.clone();
if let Some(alias) = canonical_alias.alias {
aliases.push(alias);
}
for alias in aliases {
if alias.server_name() != services().globals.server_name()
|| services()
.rooms
.alias
.resolve_local_alias(&alias)?
.filter(|room| room == room_id) // Make sure it's the right room
.is_none()
{
return Err(Error::BadRequest(
ErrorKind::forbidden(),
"You are only allowed to send canonical_alias events when its aliases already exist",
));
}
}
}
},
_ => {},
} }
let mutex_state = Arc::clone( let mutex_state = Arc::clone(
@ -314,7 +302,7 @@ async fn send_state_event_for_key_helper(
state_key: Some(state_key), state_key: Some(state_key),
redacts: None, redacts: None,
}, },
sender_user, sender,
room_id, room_id,
&state_lock, &state_lock,
) )