fix(policy-server): Call the PS later in the PDU creation process

This avoids accidentally sending partially built PDUs to the policy server, which may cause issues with some implementations
2025-08-04 11:43:58 +00:00 · 2025-08-02 00:19:33 +01:00 · 2025-08-02 00:19:33 +01:00 · e4a43b1a5b
commit e4a43b1a5b
parent 5775e0ad9d
1 changed files with 19 additions and 19 deletions
--- a/src/service/rooms/timeline/create.rs
+++ b/src/service/rooms/timeline/create.rs
@ -165,25 +165,6 @@ pub async fn create_hash_and_sign_event(
 		return Err!(Request(Forbidden("Event is not authorized.")));
 	}

-	// Check with the policy server
-	match self
-		.services
-		.event_handler
-		.ask_policy_server(&pdu, room_id)
-		.await
-	{
-		| Ok(true) => {},
-		| Ok(false) => {
-			return Err!(Request(Forbidden(debug_warn!(
-				"Policy server marked this event as spam"
-			))));
-		},
-		| Err(e) => {
-			// fail open
-			warn!("Failed to check event with policy server: {e}");
-		},
-	}
-
 	// Hash and sign
 	let mut pdu_json = utils::to_canonical_object(&pdu).map_err(|e| {
 		err!(Request(BadJson(warn!("Failed to convert PDU to canonical JSON: {e}"))))
@ -222,6 +203,25 @@ pub async fn create_hash_and_sign_event(

 	pdu_json.insert("event_id".into(), CanonicalJsonValue::String(pdu.event_id.clone().into()));

+	// Check with the policy server
+	match self
+		.services
+		.event_handler
+		.ask_policy_server(&pdu, room_id)
+		.await
+	{
+		| Ok(true) => {},
+		| Ok(false) => {
+			return Err!(Request(Forbidden(debug_warn!(
+				"Policy server marked this event as spam"
+			))));
+		},
+		| Err(e) => {
+			// fail open
+			warn!("Failed to check event with policy server: {e}");
+		},
+	}
+
 	// Generate short event id
 	let _shorteventid = self
 		.services