From dafcd3110c5af421e7c9a4c923ec6df8af42853c Mon Sep 17 00:00:00 2001
From: Neil Alexander <neilalexander@users.noreply.github.com>
Date: Thu, 3 Dec 2020 10:21:43 +0000
Subject: [PATCH] Don't allow peeks into encrypted rooms

---
 roomserver/internal/perform/perform_peek.go | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/roomserver/internal/perform/perform_peek.go b/roomserver/internal/perform/perform_peek.go
index 66d1bdb21..2f4694c86 100644
--- a/roomserver/internal/perform/perform_peek.go
+++ b/roomserver/internal/perform/perform_peek.go
@@ -163,8 +163,7 @@ func (r *Peeker) performPeekRoomByID(
 	// XXX: we should probably factor out history_visibility checks into a common utility method somewhere
 	// which handles the default value etc.
 	var worldReadable = false
-	ev, _ := r.DB.GetStateEvent(ctx, roomID, "m.room.history_visibility", "")
-	if ev != nil {
+	if ev, _ := r.DB.GetStateEvent(ctx, roomID, "m.room.history_visibility", ""); ev != nil {
 		content := map[string]string{}
 		if err = json.Unmarshal(ev.Content(), &content); err != nil {
 			util.GetLogger(ctx).WithError(err).Error("json.Unmarshal for history visibility failed")
@@ -182,6 +181,13 @@ func (r *Peeker) performPeekRoomByID(
 		}
 	}
 
+	if ev, _ := r.DB.GetStateEvent(ctx, roomID, "m.room.encryption", ""); ev != nil {
+		return "", &api.PerformError{
+			Code: api.PerformErrorNotAllowed,
+			Msg:  "Cannot peek into an encrypted room",
+		}
+	}
+
 	// TODO: handle federated peeks
 
 	err = r.Inputer.WriteOutputEvents(roomID, []api.OutputEvent{