1
0
Fork 0
mirror of https://forgejo.ellis.link/continuwuation/continuwuity.git synced 2025-10-21 19:42:00 +00:00

add some m.room.member checks on putting direct state events

Signed-off-by: strawberry <strawberry@puppygock.gay>
This commit is contained in:
strawberry 2025-01-02 18:16:00 -05:00
parent 50cadbee96
commit a5d70f7356
No known key found for this signature in database
6 changed files with 117 additions and 60 deletions

View file

@ -4,12 +4,9 @@ use std::{
time::Instant,
};
use conduwuit::{debug, err, implement, warn, Error, Result};
use conduwuit::{debug, err, implement, warn, Err, Result};
use futures::{FutureExt, TryFutureExt};
use ruma::{
api::client::error::ErrorKind, events::StateEventType, CanonicalJsonValue, EventId, RoomId,
ServerName, UserId,
};
use ruma::{events::StateEventType, CanonicalJsonValue, EventId, RoomId, ServerName, UserId};
use super::{check_room_id, get_room_version_id};
use crate::rooms::timeline::RawPduId;
@ -58,15 +55,14 @@ pub async fn handle_incoming_pdu<'a>(
// 1.1 Check the server is in the room
if !self.services.metadata.exists(room_id).await {
return Err(Error::BadRequest(ErrorKind::NotFound, "Room is unknown to this server"));
return Err!(Request(NotFound("Room is unknown to this server")));
}
// 1.2 Check if the room is disabled
if self.services.metadata.is_disabled(room_id).await {
return Err(Error::BadRequest(
ErrorKind::forbidden(),
"Federation of this room is currently disabled on this server.",
));
return Err!(Request(Forbidden(
"Federation of this room is currently disabled on this server."
)));
}
// 1.3.1 Check room ACL on origin field/server

View file

@ -68,7 +68,7 @@ pub(super) async fn handle_outlier_pdu<'a>(
let incoming_pdu = serde_json::from_value::<PduEvent>(
serde_json::to_value(&val).expect("CanonicalJsonObj is a valid JsonValue"),
)
.map_err(|_| Error::bad_database("Event is not a valid PDU."))?;
.map_err(|e| err!(Request(BadJson(debug_warn!("Event is not a valid PDU: {e}")))))?;
check_room_id(room_id, &incoming_pdu)?;

View file

@ -901,6 +901,29 @@ impl Service {
}
};
if pdu.kind == TimelineEventType::RoomMember {
let content: RoomMemberEventContent = pdu.get_content()?;
if content.join_authorized_via_users_server.is_some()
&& content.membership != MembershipState::Join
{
return Err!(Request(BadJson(
"join_authorised_via_users_server is only for member joins"
)));
}
if content
.join_authorized_via_users_server
.as_ref()
.is_some_and(|authorising_user| {
!self.services.globals.user_is_local(authorising_user)
}) {
return Err!(Request(InvalidParam(
"Authorising user does not belong to this homeserver"
)));
}
}
// We append to state before appending the pdu, so we don't have a moment in
// time with the pdu without it's state. This is okay because append_pdu can't
// fail.

View file

@ -739,7 +739,12 @@ impl Service {
));
};
let mut pdus = Vec::new();
let mut pdus = Vec::with_capacity(
events
.iter()
.filter(|event| matches!(event, SendingEvent::Pdu(_)))
.count(),
);
for event in &events {
match event {
| SendingEvent::Pdu(pdu_id) => {