mirror of
https://github.com/matrix-org/dendrite.git
synced 2025-12-14 18:33:09 -06:00
Remove redundant federation request verification
This commit is contained in:
Anant Prakash
parent
78440083df
commit
f8c12095c7
|
|
@ -17,9 +17,7 @@ package routing
|
||||||
import (
|
import (
|
||||||
"context"
|
"context"
|
||||||
"net/http"
|
"net/http"
|
||||||
"time"
|
|
||||||
|
|
||||||
"github.com/matrix-org/dendrite/common/config"
|
|
||||||
"github.com/matrix-org/dendrite/roomserver/api"
|
"github.com/matrix-org/dendrite/roomserver/api"
|
||||||
"github.com/matrix-org/gomatrixserverlib"
|
"github.com/matrix-org/gomatrixserverlib"
|
||||||
"github.com/matrix-org/util"
|
"github.com/matrix-org/util"
|
||||||
|
|
@ -29,10 +27,7 @@ import (
|
||||||
func GetEvent(
|
func GetEvent(
|
||||||
ctx context.Context,
|
ctx context.Context,
|
||||||
request *gomatrixserverlib.FederationRequest,
|
request *gomatrixserverlib.FederationRequest,
|
||||||
_ config.Dendrite,
|
|
||||||
query api.RoomserverQueryAPI,
|
query api.RoomserverQueryAPI,
|
||||||
_ time.Time,
|
|
||||||
_ gomatrixserverlib.KeyRing,
|
|
||||||
eventID string,
|
eventID string,
|
||||||
) util.JSONResponse {
|
) util.JSONResponse {
|
||||||
var authResponse api.QueryServerAllowedToSeeEventResponse
|
var authResponse api.QueryServerAllowedToSeeEventResponse
|
||||||
|
|
|
||||||
|
|
@ -34,7 +34,6 @@ func Invite(
|
||||||
eventID string,
|
eventID string,
|
||||||
cfg config.Dendrite,
|
cfg config.Dendrite,
|
||||||
producer *producers.RoomserverProducer,
|
producer *producers.RoomserverProducer,
|
||||||
keys gomatrixserverlib.KeyRing,
|
|
||||||
) util.JSONResponse {
|
) util.JSONResponse {
|
||||||
|
|
||||||
// Decode the event JSON from the request.
|
// Decode the event JSON from the request.
|
||||||
|
|
@ -70,30 +69,13 @@ func Invite(
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// Check that the event is signed by the server sending the request.
|
|
||||||
verifyRequests := []gomatrixserverlib.VerifyJSONRequest{{
|
|
||||||
ServerName: event.Origin(),
|
|
||||||
Message: event.Redact().JSON(),
|
|
||||||
AtTS: event.OriginServerTS(),
|
|
||||||
}}
|
|
||||||
verifyResults, err := keys.VerifyJSONs(httpReq.Context(), verifyRequests)
|
|
||||||
if err != nil {
|
|
||||||
return httputil.LogThenError(httpReq, err)
|
|
||||||
}
|
|
||||||
if verifyResults[0].Error != nil {
|
|
||||||
return util.JSONResponse{
|
|
||||||
Code: http.StatusForbidden,
|
|
||||||
JSON: jsonerror.Forbidden("The invite must be signed by the server it originated on"),
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
// Sign the event so that other servers will know that we have received the invite.
|
// Sign the event so that other servers will know that we have received the invite.
|
||||||
signedEvent := event.Sign(
|
signedEvent := event.Sign(
|
||||||
string(cfg.Matrix.ServerName), cfg.Matrix.KeyID, cfg.Matrix.PrivateKey,
|
string(cfg.Matrix.ServerName), cfg.Matrix.KeyID, cfg.Matrix.PrivateKey,
|
||||||
)
|
)
|
||||||
|
|
||||||
// Add the invite event to the roomserver.
|
// Add the invite event to the roomserver.
|
||||||
if err = producer.SendInvite(httpReq.Context(), signedEvent); err != nil {
|
if err := producer.SendInvite(httpReq.Context(), signedEvent); err != nil {
|
||||||
return httputil.LogThenError(httpReq, err)
|
return httputil.LogThenError(httpReq, err)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -102,7 +102,6 @@ func SendJoin(
|
||||||
cfg config.Dendrite,
|
cfg config.Dendrite,
|
||||||
query api.RoomserverQueryAPI,
|
query api.RoomserverQueryAPI,
|
||||||
producer *producers.RoomserverProducer,
|
producer *producers.RoomserverProducer,
|
||||||
keys gomatrixserverlib.KeyRing,
|
|
||||||
roomID, eventID string,
|
roomID, eventID string,
|
||||||
) util.JSONResponse {
|
) util.JSONResponse {
|
||||||
var event gomatrixserverlib.Event
|
var event gomatrixserverlib.Event
|
||||||
|
|
@ -137,27 +136,10 @@ func SendJoin(
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// Check that the event is signed by the server sending the request.
|
|
||||||
verifyRequests := []gomatrixserverlib.VerifyJSONRequest{{
|
|
||||||
ServerName: event.Origin(),
|
|
||||||
Message: event.Redact().JSON(),
|
|
||||||
AtTS: event.OriginServerTS(),
|
|
||||||
}}
|
|
||||||
verifyResults, err := keys.VerifyJSONs(ctx, verifyRequests)
|
|
||||||
if err != nil {
|
|
||||||
return httputil.LogThenError(httpReq, err)
|
|
||||||
}
|
|
||||||
if verifyResults[0].Error != nil {
|
|
||||||
return util.JSONResponse{
|
|
||||||
Code: http.StatusForbidden,
|
|
||||||
JSON: jsonerror.Forbidden("The join must be signed by the server it originated on"),
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
// Fetch the state and auth chain. We do this before we send the events
|
// Fetch the state and auth chain. We do this before we send the events
|
||||||
// on, in case this fails.
|
// on, in case this fails.
|
||||||
var stateAndAuthChainRepsonse api.QueryStateAndAuthChainResponse
|
var stateAndAuthChainRepsonse api.QueryStateAndAuthChainResponse
|
||||||
err = query.QueryStateAndAuthChain(ctx, &api.QueryStateAndAuthChainRequest{
|
err := query.QueryStateAndAuthChain(ctx, &api.QueryStateAndAuthChainRequest{
|
||||||
PrevEventIDs: event.PrevEventIDs(),
|
PrevEventIDs: event.PrevEventIDs(),
|
||||||
AuthEventIDs: event.AuthEventIDs(),
|
AuthEventIDs: event.AuthEventIDs(),
|
||||||
RoomID: roomID,
|
RoomID: roomID,
|
||||||
|
|
|
||||||
|
|
@ -16,7 +16,6 @@ package routing
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"net/http"
|
"net/http"
|
||||||
"time"
|
|
||||||
|
|
||||||
"github.com/gorilla/mux"
|
"github.com/gorilla/mux"
|
||||||
"github.com/matrix-org/dendrite/clientapi/auth/storage/accounts"
|
"github.com/matrix-org/dendrite/clientapi/auth/storage/accounts"
|
||||||
|
|
@ -75,7 +74,7 @@ func Setup(
|
||||||
vars := mux.Vars(httpReq)
|
vars := mux.Vars(httpReq)
|
||||||
return Invite(
|
return Invite(
|
||||||
httpReq, request, vars["roomID"], vars["eventID"],
|
httpReq, request, vars["roomID"], vars["eventID"],
|
||||||
cfg, producer, keys,
|
cfg, producer,
|
||||||
)
|
)
|
||||||
},
|
},
|
||||||
)).Methods(http.MethodPut, http.MethodOptions)
|
)).Methods(http.MethodPut, http.MethodOptions)
|
||||||
|
|
@ -101,7 +100,7 @@ func Setup(
|
||||||
func(httpReq *http.Request, request *gomatrixserverlib.FederationRequest) util.JSONResponse {
|
func(httpReq *http.Request, request *gomatrixserverlib.FederationRequest) util.JSONResponse {
|
||||||
vars := mux.Vars(httpReq)
|
vars := mux.Vars(httpReq)
|
||||||
return GetEvent(
|
return GetEvent(
|
||||||
httpReq.Context(), request, cfg, query, time.Now(), keys, vars["eventID"],
|
httpReq.Context(), request, query, vars["eventID"],
|
||||||
)
|
)
|
||||||
},
|
},
|
||||||
)).Methods(http.MethodGet)
|
)).Methods(http.MethodGet)
|
||||||
|
|
@ -143,7 +142,7 @@ func Setup(
|
||||||
roomID := vars["roomID"]
|
roomID := vars["roomID"]
|
||||||
userID := vars["userID"]
|
userID := vars["userID"]
|
||||||
return SendJoin(
|
return SendJoin(
|
||||||
httpReq.Context(), httpReq, request, cfg, query, producer, keys, roomID, userID,
|
httpReq.Context(), httpReq, request, cfg, query, producer, roomID, userID,
|
||||||
)
|
)
|
||||||
},
|
},
|
||||||
)).Methods(http.MethodPut)
|
)).Methods(http.MethodPut)
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue