From 6ff98829313e5526acc30672115e35829bfe148b Mon Sep 17 00:00:00 2001 From: Prateek Sachan Date: Thu, 26 Mar 2020 14:46:10 +0530 Subject: [PATCH] Authenticate user while fetching rooms from other server --- publicroomsapi/directory/public_rooms.go | 11 +++++++++-- publicroomsapi/routing/routing.go | 4 ++-- 2 files changed, 11 insertions(+), 4 deletions(-) diff --git a/publicroomsapi/directory/public_rooms.go b/publicroomsapi/directory/public_rooms.go index 65fac10de..75761802d 100644 --- a/publicroomsapi/directory/public_rooms.go +++ b/publicroomsapi/directory/public_rooms.go @@ -21,6 +21,8 @@ import ( "sync" "time" + "github.com/matrix-org/dendrite/clientapi/auth" + "github.com/matrix-org/dendrite/common/config" "github.com/matrix-org/dendrite/clientapi/httputil" @@ -44,14 +46,19 @@ type filter struct { // GetPostPublicRooms implements GET and POST /publicRooms func GetPostPublicRooms( req *http.Request, cfg *config.Dendrite, server gomatrixserverlib.ServerName, - publicRoomDatabase storage.Database, fedClient *gomatrixserverlib.FederationClient, + publicRoomDatabase storage.Database, fedClient *gomatrixserverlib.FederationClient, data auth.Data, ) util.JSONResponse { var request PublicRoomReq if fillErr := fillPublicRoomsReq(req, &request); fillErr != nil { return *fillErr } if server != "" && server != cfg.Matrix.ServerName { - //TODO Authenticate user before serving rooms from other server + // We require requests to be authenticated in order + // to serve public rooms from other server + _, jsonerr := auth.VerifyUserFromRequest(req, data) + if jsonerr != nil { + return *jsonerr + } fres, err := fedClient.GetPublicRooms(req.Context(), server, int(request.Limit), request.Since, false, "") if err != nil { diff --git a/publicroomsapi/routing/routing.go b/publicroomsapi/routing/routing.go index 6a9d0e605..e77aeef97 100644 --- a/publicroomsapi/routing/routing.go +++ b/publicroomsapi/routing/routing.go @@ -75,14 +75,14 @@ func Setup( return directory.GetPostPublicRoomsWithExternal(req, publicRoomsDB, fedClient, extRoomsProvider) } server := gomatrixserverlib.ServerName(req.URL.Query().Get("server")) - return directory.GetPostPublicRooms(req, cfg, server, publicRoomsDB, fedClient) + return directory.GetPostPublicRooms(req, cfg, server, publicRoomsDB, fedClient, authData) }), ).Methods(http.MethodGet, http.MethodPost, http.MethodOptions) // Federation - TODO: should this live here or in federation API? It's sure easier if it's here so here it is. apiMux.Handle("/_matrix/federation/v1/publicRooms", common.MakeExternalAPI("federation_public_rooms", func(req *http.Request) util.JSONResponse { - return directory.GetPostPublicRooms(req, cfg, cfg.Matrix.ServerName, publicRoomsDB, fedClient) + return directory.GetPostPublicRooms(req, cfg, cfg.Matrix.ServerName, publicRoomsDB, fedClient, authData) }), ).Methods(http.MethodGet) }