Implement history visibility checks for /backfill

Required for p2p to show history correctly.
2025-12-17 03:43:11 -06:00 · 2020-03-19 15:03:13 +00:00 · 2020-03-19 15:03:13 +00:00 · 4f5d4c92ee
parent ad5849d222
commit 4f5d4c92ee
4 changed files with 127 additions and 13 deletions
--- a/go.sum
+++ b/go.sum
@ -276,6 +276,8 @@ github.com/matrix-org/gomatrixserverlib v0.0.0-20200318145320-bc896516d72a h1:7+
 github.com/matrix-org/gomatrixserverlib v0.0.0-20200318145320-bc896516d72a/go.mod h1:FsKa2pWE/bpQql9H7U4boOPXFoJX/QcqaZZ6ijLkaZI=
 github.com/matrix-org/gomatrixserverlib v0.0.0-20200318150006-bc27294f9203 h1:7HkL6bF7/M2cYteNFVtvGW5qjD4wHIiR0HsdCm2Rqao=
 github.com/matrix-org/gomatrixserverlib v0.0.0-20200318150006-bc27294f9203/go.mod h1:FsKa2pWE/bpQql9H7U4boOPXFoJX/QcqaZZ6ijLkaZI=
 github.com/matrix-org/gomatrixserverlib v0.0.0-20200318180716-bc4ff56961e2 h1:y4DOMbhgPAnATHJ4lNxTWxIlJG0SlIPhvukx1sQkty4=
 github.com/matrix-org/gomatrixserverlib v0.0.0-20200318180716-bc4ff56961e2/go.mod h1:FsKa2pWE/bpQql9H7U4boOPXFoJX/QcqaZZ6ijLkaZI=
 github.com/matrix-org/naffka v0.0.0-20200127221512-0716baaabaf1 h1:osLoFdOy+ChQqVUn2PeTDETFftVkl4w9t/OW18g3lnk=
 github.com/matrix-org/naffka v0.0.0-20200127221512-0716baaabaf1/go.mod h1:cXoYQIENbdWIQHt1SyCo6Bl3C3raHwJ0wgVrXHSqf+A=
 github.com/matrix-org/util v0.0.0-20171127121716-2e2df66af2f5 h1:W7l5CP4V7wPyPb4tYE11dbmeAOwtFQBTW0rf4OonOS8=
@ -470,6 +472,8 @@ go.uber.org/atomic v1.3.0 h1:vs7fgriifsPbGdK3bNuMWapNn3qnZhCRXc19NRdq010=
 go.uber.org/atomic v1.3.0/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE=
 go.uber.org/atomic v1.4.0 h1:cxzIVoETapQEqDhQu3QfnvXAV4AlzcvUCxkVUFw3+EU=
 go.uber.org/atomic v1.4.0/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE=
 go.uber.org/atomic v1.6.0 h1:Ezj3JGmsOnG1MoRWQkPBsKLe9DwWD9QeXzTRzzldNVk=
 go.uber.org/atomic v1.6.0/go.mod h1:sABNBOSYdrvTF6hTgEIbc7YasKWGhgEQZyfxyTvoXHQ=
 go.uber.org/multierr v1.1.0/go.mod h1:wR5kodmAFQ0UK8QlbwjlSNy0Z68gJhDJUG5sjR94q/0=
 go.uber.org/zap v1.10.0/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q=
 golang.org/x/crypto v0.0.0-20170930174604-9419663f5a44/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
@ -491,6 +495,7 @@ golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL
 golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
 golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU=
 golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
 golang.org/x/lint v0.0.0-20190930215403-16217165b5de/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
 golang.org/x/mod v0.0.0-20190513183733-4bf6d317e70e/go.mod h1:mXi4GBBbnImb6dmsKGUJ2LatrhH/nqhxcFungHvyanc=
 golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
@ -559,6 +564,7 @@ golang.org/x/tools v0.0.0-20190910044552-dd2b5c81c578/go.mod h1:b+2E5dAYhXwXZwtn
 golang.org/x/tools v0.0.0-20190911230505-6bfd74cf029c/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.0.0-20190912215617-3720d1ec3678 h1:rM1Udd0CgtYI3KUIhu9ROz0QCqjW+n/ODp/hH7c60Xc=
 golang.org/x/tools v0.0.0-20190912215617-3720d1ec3678/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.0.0-20191029041327-9cc4af7d6b2c/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543 h1:E7g+9GITq07hpfrRu66IVDexMakfv52eLZ2CXBWiKr4=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
--- a/roomserver/auth/auth.go
+++ b/roomserver/auth/auth.go
@ -12,18 +12,76 @@
 package auth
-import "github.com/matrix-org/gomatrixserverlib"
+import (
 	"encoding/json"
-// IsServerAllowed returns true if there exists a event in authEvents
+	"github.com/matrix-org/gomatrixserverlib"
-// which allows server to view this event. That is true when a client on the server
+)
-// can view the event. Otherwise returns false.
+
 // TODO: This logic should live in gomatrixserverlib
 // IsServerAllowed returns true if the server is allowed to see events in the room
 // at this particular state. This function implements https://matrix.org/docs/spec/client_server/r0.6.0#id87
 func IsServerAllowed(
 	serverName gomatrixserverlib.ServerName,
 	serverCurrentlyInRoom bool,
 	authEvents []gomatrixserverlib.Event,
 ) bool {
 	historyVisibility := historyVisibilityForRoom(authEvents)
 	// 1. If the history_visibility was set to world_readable, allow.
 	if historyVisibility == "world_readable" {
 		return true
 	}
 	// 2. If the user's membership was join, allow.
 	joinedUserExists := IsAnyUserOnServerWithMembership(serverName, authEvents, gomatrixserverlib.Join)
 	if joinedUserExists {
 		return true
 	}
 	// 3. If history_visibility was set to shared, and the user joined the room at any point after the event was sent, allow.
 	if historyVisibility == "shared" && serverCurrentlyInRoom {
 		return true
 	}
 	// 4. If the user's membership was invite, and the history_visibility was set to invited, allow.
 	invitedUserExists := IsAnyUserOnServerWithMembership(serverName, authEvents, gomatrixserverlib.Invite)
 	if invitedUserExists && historyVisibility == "invited" {
 		return true
 	}
 	// 5. Otherwise, deny.
 	return false
 }
 func historyVisibilityForRoom(authEvents []gomatrixserverlib.Event) string {
 	// https://matrix.org/docs/spec/client_server/r0.6.0#id87
 	// By default if no history_visibility is set, or if the value is not understood, the visibility is assumed to be shared.
 	visibility := "shared"
 	knownStates := []string{"invited", "joined", "shared", "world_readable"}
 	for _, ev := range authEvents {
 		if ev.Type() != gomatrixserverlib.MRoomHistoryVisibility {
 			continue
 		}
 		// TODO: This should be HistoryVisibilityContent to match things like 'MemberContent'. Do this when moving to GMSL
 		content := struct {
 			HistoryVisibility string `json:"history_visibility"`
 		}{}
 		if err := json.Unmarshal(ev.Content(), &content); err != nil {
 			break // value is not understood
 		}
 		for _, s := range knownStates {
 			if s == content.HistoryVisibility {
 				visibility = s
 				break
 			}
 		}
 	}
 	return visibility
 }
 func IsAnyUserOnServerWithMembership(serverName gomatrixserverlib.ServerName, authEvents []gomatrixserverlib.Event, wantMembership string) bool {
 	for _, ev := range authEvents {
 		membership, err := ev.Membership()
-		if err != nil || membership != gomatrixserverlib.Join {
+		if err != nil || membership != wantMembership {
 			continue
 		}
@ -41,7 +99,5 @@ func IsServerAllowed(
 			return true
 		}
 	}
 	// TODO: Check if history visibility is shared and if the server is currently in the room
 	return false
 }
--- a/roomserver/query/query.go
+++ b/roomserver/query/query.go
@ -455,14 +455,26 @@ func (r *RoomserverQueryAPI) QueryServerAllowedToSeeEvent(
 	request *api.QueryServerAllowedToSeeEventRequest,
 	response *api.QueryServerAllowedToSeeEventResponse,
 ) (err error) {
 	events, err := r.DB.EventsFromIDs(ctx, []string{request.EventID})
 	if err != nil {
 		return
 	}
 	if len(events) == 0 {
 		response.AllowedToSeeEvent = false // event doesn't exist so not allowed to see
 		return
 	}
 	isServerInRoom, err := r.isServerCurrentlyInRoom(ctx, request.ServerName, events[0].RoomID())
 	if err != nil {
 		return
 	}
 	response.AllowedToSeeEvent, err = r.checkServerAllowedToSeeEvent(
-		ctx, request.EventID, request.ServerName,
+		ctx, request.EventID, request.ServerName, isServerInRoom,
 	)
 	return
 }
 func (r *RoomserverQueryAPI) checkServerAllowedToSeeEvent(
-	ctx context.Context, eventID string, serverName gomatrixserverlib.ServerName,
+	ctx context.Context, eventID string, serverName gomatrixserverlib.ServerName, isServerInRoom bool,
 ) (bool, error) {
 	// TODO: get the correct room version
 	roomState, err := state.GetStateResolutionAlgorithm(state.StateResolutionAlgorithmV1, r.DB)
@ -482,7 +494,7 @@ func (r *RoomserverQueryAPI) checkServerAllowedToSeeEvent(
 		return false, err
 	}
-	return auth.IsServerAllowed(serverName, stateAtEvent), nil
+	return auth.IsServerAllowed(serverName, isServerInRoom, stateAtEvent), nil
 }
 // QueryMissingEvents implements api.RoomserverQueryAPI
@ -577,6 +589,28 @@ func (r *RoomserverQueryAPI) QueryBackfill(
 	return err
 }
 func (r *RoomserverQueryAPI) isServerCurrentlyInRoom(ctx context.Context, serverName gomatrixserverlib.ServerName, roomID string) (bool, error) {
 	roomNID, err := r.DB.RoomNID(ctx, roomID)
 	if err != nil {
 		return false, err
 	}
 	eventNIDs, err := r.DB.GetMembershipEventNIDsForRoom(ctx, roomNID, true)
 	if err != nil {
 		return false, err
 	}
 	events, err := r.DB.Events(ctx, eventNIDs)
 	if err != nil {
 		return false, err
 	}
 	gmslEvents := make([]gomatrixserverlib.Event, len(events))
 	for i := range events {
 		gmslEvents[i] = events[i].Event
 	}
 	return auth.IsAnyUserOnServerWithMembership(serverName, gmslEvents, gomatrixserverlib.Join), nil
 }
 func (r *RoomserverQueryAPI) scanEventTree(
 	ctx context.Context, front []string, visited map[string]bool, limit int,
 	serverName gomatrixserverlib.ServerName,
@ -588,6 +622,9 @@ func (r *RoomserverQueryAPI) scanEventTree(
 	resultNIDs = make([]types.EventNID, 0, limit)
 	var checkedServerInRoom bool
 	var isServerInRoom bool
 	// Loop through the event IDs to retrieve the requested events and go
 	// through the whole tree (up to the provided limit) using the events'
 	// "prev_event" key.
@ -603,6 +640,17 @@ BFSLoop:
 			return
 		}
 		if !checkedServerInRoom && len(events) > 0 {
 			// It's nasty that we have to extract the room ID from an event, but many federation requests
 			// only talk in event IDs, no room IDs at all (!!!)
 			ev := events[0]
 			isServerInRoom, err = r.isServerCurrentlyInRoom(ctx, serverName, ev.RoomID())
 			if err != nil {
 				util.GetLogger(ctx).WithError(err).Error("Failed to check if server is currently in room, assuming not.")
 			}
 			checkedServerInRoom = true
 		}
 		for _, ev := range events {
 			// Break out of the loop if the provided limit is reached.
 			if len(resultNIDs) == limit {
@ -616,8 +664,11 @@ BFSLoop:
 				// hasn't been seen before.
 				if !visited[pre] {
 					visited[pre] = true
-					allowed, err = r.checkServerAllowedToSeeEvent(ctx, pre, serverName)
+					allowed, err = r.checkServerAllowedToSeeEvent(ctx, pre, serverName, isServerInRoom)
 					if err != nil {
 						util.GetLogger(ctx).WithField("server", serverName).WithField("event_id", pre).WithError(err).Error(
 							"Error checking if allowed to see event",
 						)
 						return
 					}
@ -626,6 +677,8 @@ BFSLoop:
 					// the list of events to retrieve.
 					if allowed {
 						next = append(next, pre)
 					} else {
 						util.GetLogger(ctx).WithField("server", serverName).WithField("event_id", pre).Info("Not allowed to see event")
 					}
 				}
 			}
--- a/syncapi/routing/messages.go
+++ b/syncapi/routing/messages.go
@ -28,7 +28,6 @@ import (
 	"github.com/matrix-org/dendrite/syncapi/types"
 	"github.com/matrix-org/gomatrixserverlib"
 	"github.com/matrix-org/util"
 	log "github.com/sirupsen/logrus"
 )
 type messagesReq struct {
@ -424,7 +423,7 @@ func (r *messagesReq) backfill(fromEventIDs []string, limit int) ([]gomatrixserv
 			srvToBackfillFrom = serversResponse.Servers[1]
 		} else {
 			srvToBackfillFrom = gomatrixserverlib.ServerName("")
-			log.Warn("Not enough servers to backfill from")
+			util.GetLogger(r.ctx).Info("Not enough servers to backfill from")
 		}
 	}