Make StrictValidityChecking
a function (#3092)
Companion PR to https://github.com/matrix-org/gomatrixserverlib/pull/388
This commit is contained in:
parent
d11da6ec7c
commit
725ff5567d
|
@ -170,7 +170,7 @@ func (s *FederationInternalAPI) handleDatabaseKeys(
|
||||||
// in that case. If the key isn't valid right now, then by
|
// in that case. If the key isn't valid right now, then by
|
||||||
// leaving it in the 'requests' map, we'll try to update the
|
// leaving it in the 'requests' map, we'll try to update the
|
||||||
// key using the fetchers in handleFetcherKeys.
|
// key using the fetchers in handleFetcherKeys.
|
||||||
if res.WasValidAt(now, true) {
|
if res.WasValidAt(now, gomatrixserverlib.StrictValiditySignatureCheck) {
|
||||||
delete(requests, req)
|
delete(requests, req)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -95,7 +95,7 @@ func Backfill(
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// Query the roomserver.
|
// Query the Roomserver.
|
||||||
if err = rsAPI.PerformBackfill(httpReq.Context(), &req, &res); err != nil {
|
if err = rsAPI.PerformBackfill(httpReq.Context(), &req, &res); err != nil {
|
||||||
util.GetLogger(httpReq.Context()).WithError(err).Error("query.PerformBackfill failed")
|
util.GetLogger(httpReq.Context()).WithError(err).Error("query.PerformBackfill failed")
|
||||||
return util.JSONResponse{
|
return util.JSONResponse{
|
||||||
|
|
|
@ -15,7 +15,6 @@
|
||||||
package routing
|
package routing
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"context"
|
|
||||||
"fmt"
|
"fmt"
|
||||||
"net/http"
|
"net/http"
|
||||||
"sort"
|
"sort"
|
||||||
|
@ -33,53 +32,6 @@ import (
|
||||||
"github.com/matrix-org/dendrite/setup/config"
|
"github.com/matrix-org/dendrite/setup/config"
|
||||||
)
|
)
|
||||||
|
|
||||||
type JoinRoomQuerier struct {
|
|
||||||
roomserver api.FederationRoomserverAPI
|
|
||||||
}
|
|
||||||
|
|
||||||
func (rq *JoinRoomQuerier) CurrentStateEvent(ctx context.Context, roomID spec.RoomID, eventType string, stateKey string) (gomatrixserverlib.PDU, error) {
|
|
||||||
return rq.roomserver.CurrentStateEvent(ctx, roomID, eventType, stateKey)
|
|
||||||
}
|
|
||||||
|
|
||||||
func (rq *JoinRoomQuerier) InvitePending(ctx context.Context, roomID spec.RoomID, userID spec.UserID) (bool, error) {
|
|
||||||
return rq.roomserver.InvitePending(ctx, roomID, userID)
|
|
||||||
}
|
|
||||||
|
|
||||||
func (rq *JoinRoomQuerier) RestrictedRoomJoinInfo(ctx context.Context, roomID spec.RoomID, userID spec.UserID, localServerName spec.ServerName) (*gomatrixserverlib.RestrictedRoomJoinInfo, error) {
|
|
||||||
roomInfo, err := rq.roomserver.QueryRoomInfo(ctx, roomID)
|
|
||||||
if err != nil || roomInfo == nil || roomInfo.IsStub() {
|
|
||||||
return nil, err
|
|
||||||
}
|
|
||||||
|
|
||||||
req := api.QueryServerJoinedToRoomRequest{
|
|
||||||
ServerName: localServerName,
|
|
||||||
RoomID: roomID.String(),
|
|
||||||
}
|
|
||||||
res := api.QueryServerJoinedToRoomResponse{}
|
|
||||||
if err = rq.roomserver.QueryServerJoinedToRoom(ctx, &req, &res); err != nil {
|
|
||||||
util.GetLogger(ctx).WithError(err).Error("rsAPI.QueryServerJoinedToRoom failed")
|
|
||||||
return nil, fmt.Errorf("InternalServerError: Failed to query room: %w", err)
|
|
||||||
}
|
|
||||||
|
|
||||||
userJoinedToRoom, err := rq.roomserver.UserJoinedToRoom(ctx, types.RoomNID(roomInfo.RoomNID), userID)
|
|
||||||
if err != nil {
|
|
||||||
util.GetLogger(ctx).WithError(err).Error("rsAPI.UserJoinedToRoom failed")
|
|
||||||
return nil, fmt.Errorf("InternalServerError: %w", err)
|
|
||||||
}
|
|
||||||
|
|
||||||
locallyJoinedUsers, err := rq.roomserver.LocallyJoinedUsers(ctx, roomInfo.RoomVersion, types.RoomNID(roomInfo.RoomNID))
|
|
||||||
if err != nil {
|
|
||||||
util.GetLogger(ctx).WithError(err).Error("rsAPI.GetLocallyJoinedUsers failed")
|
|
||||||
return nil, fmt.Errorf("InternalServerError: %w", err)
|
|
||||||
}
|
|
||||||
|
|
||||||
return &gomatrixserverlib.RestrictedRoomJoinInfo{
|
|
||||||
LocalServerInRoom: res.RoomExists && res.IsInRoom,
|
|
||||||
UserJoinedToRoom: userJoinedToRoom,
|
|
||||||
JoinedUsers: locallyJoinedUsers,
|
|
||||||
}, nil
|
|
||||||
}
|
|
||||||
|
|
||||||
// MakeJoin implements the /make_join API
|
// MakeJoin implements the /make_join API
|
||||||
func MakeJoin(
|
func MakeJoin(
|
||||||
httpReq *http.Request,
|
httpReq *http.Request,
|
||||||
|
@ -142,8 +94,8 @@ func MakeJoin(
|
||||||
return event, stateEvents, nil
|
return event, stateEvents, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
roomQuerier := JoinRoomQuerier{
|
roomQuerier := api.JoinRoomQuerier{
|
||||||
roomserver: rsAPI,
|
Roomserver: rsAPI,
|
||||||
}
|
}
|
||||||
|
|
||||||
input := gomatrixserverlib.HandleMakeJoinInput{
|
input := gomatrixserverlib.HandleMakeJoinInput{
|
||||||
|
|
|
@ -294,7 +294,7 @@ func SendLeave(
|
||||||
ServerName: serverName,
|
ServerName: serverName,
|
||||||
Message: redacted,
|
Message: redacted,
|
||||||
AtTS: event.OriginServerTS(),
|
AtTS: event.OriginServerTS(),
|
||||||
StrictValidityChecking: true,
|
ValidityCheckingFunc: gomatrixserverlib.StrictValiditySignatureCheck,
|
||||||
}}
|
}}
|
||||||
verifyResults, err := keys.VerifyJSONs(httpReq.Context(), verifyRequests)
|
verifyResults, err := keys.VerifyJSONs(httpReq.Context(), verifyRequests)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
|
|
@ -34,7 +34,7 @@ import (
|
||||||
)
|
)
|
||||||
|
|
||||||
const (
|
const (
|
||||||
// Event was passed to the roomserver
|
// Event was passed to the Roomserver
|
||||||
MetricsOutcomeOK = "ok"
|
MetricsOutcomeOK = "ok"
|
||||||
// Event failed to be processed
|
// Event failed to be processed
|
||||||
MetricsOutcomeFail = "fail"
|
MetricsOutcomeFail = "fail"
|
||||||
|
|
|
@ -223,7 +223,7 @@ func ExchangeThirdPartyInvite(
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// Send the event to the roomserver
|
// Send the event to the Roomserver
|
||||||
if err = api.SendEvents(
|
if err = api.SendEvents(
|
||||||
httpReq.Context(), rsAPI,
|
httpReq.Context(), rsAPI,
|
||||||
api.KindNew,
|
api.KindNew,
|
||||||
|
@ -324,7 +324,7 @@ func buildMembershipEvent(
|
||||||
return nil, errors.New("expecting state tuples for event builder, got none")
|
return nil, errors.New("expecting state tuples for event builder, got none")
|
||||||
}
|
}
|
||||||
|
|
||||||
// Ask the roomserver for information about this room
|
// Ask the Roomserver for information about this room
|
||||||
queryReq := api.QueryLatestEventsAndStateRequest{
|
queryReq := api.QueryLatestEventsAndStateRequest{
|
||||||
RoomID: protoEvent.RoomID,
|
RoomID: protoEvent.RoomID,
|
||||||
StateToFetch: eventsNeeded.Tuples(),
|
StateToFetch: eventsNeeded.Tuples(),
|
||||||
|
|
2
go.mod
2
go.mod
|
@ -22,7 +22,7 @@ require (
|
||||||
github.com/matrix-org/dugong v0.0.0-20210921133753-66e6b1c67e2e
|
github.com/matrix-org/dugong v0.0.0-20210921133753-66e6b1c67e2e
|
||||||
github.com/matrix-org/go-sqlite3-js v0.0.0-20220419092513-28aa791a1c91
|
github.com/matrix-org/go-sqlite3-js v0.0.0-20220419092513-28aa791a1c91
|
||||||
github.com/matrix-org/gomatrix v0.0.0-20220926102614-ceba4d9f7530
|
github.com/matrix-org/gomatrix v0.0.0-20220926102614-ceba4d9f7530
|
||||||
github.com/matrix-org/gomatrixserverlib v0.0.0-20230531155817-0e3adf17bee6
|
github.com/matrix-org/gomatrixserverlib v0.0.0-20230606112941-1c41e92ddf9e
|
||||||
github.com/matrix-org/pinecone v0.11.1-0.20230210171230-8c3b24f2649a
|
github.com/matrix-org/pinecone v0.11.1-0.20230210171230-8c3b24f2649a
|
||||||
github.com/matrix-org/util v0.0.0-20221111132719-399730281e66
|
github.com/matrix-org/util v0.0.0-20221111132719-399730281e66
|
||||||
github.com/mattn/go-sqlite3 v1.14.16
|
github.com/mattn/go-sqlite3 v1.14.16
|
||||||
|
|
4
go.sum
4
go.sum
|
@ -323,8 +323,8 @@ github.com/matrix-org/go-sqlite3-js v0.0.0-20220419092513-28aa791a1c91 h1:s7fexw
|
||||||
github.com/matrix-org/go-sqlite3-js v0.0.0-20220419092513-28aa791a1c91/go.mod h1:e+cg2q7C7yE5QnAXgzo512tgFh1RbQLC0+jozuegKgo=
|
github.com/matrix-org/go-sqlite3-js v0.0.0-20220419092513-28aa791a1c91/go.mod h1:e+cg2q7C7yE5QnAXgzo512tgFh1RbQLC0+jozuegKgo=
|
||||||
github.com/matrix-org/gomatrix v0.0.0-20220926102614-ceba4d9f7530 h1:kHKxCOLcHH8r4Fzarl4+Y3K5hjothkVW5z7T1dUM11U=
|
github.com/matrix-org/gomatrix v0.0.0-20220926102614-ceba4d9f7530 h1:kHKxCOLcHH8r4Fzarl4+Y3K5hjothkVW5z7T1dUM11U=
|
||||||
github.com/matrix-org/gomatrix v0.0.0-20220926102614-ceba4d9f7530/go.mod h1:/gBX06Kw0exX1HrwmoBibFA98yBk/jxKpGVeyQbff+s=
|
github.com/matrix-org/gomatrix v0.0.0-20220926102614-ceba4d9f7530/go.mod h1:/gBX06Kw0exX1HrwmoBibFA98yBk/jxKpGVeyQbff+s=
|
||||||
github.com/matrix-org/gomatrixserverlib v0.0.0-20230531155817-0e3adf17bee6 h1:Kh1TNvJDhWN5CdgtICNUC4G0wV2km51LGr46Dvl153A=
|
github.com/matrix-org/gomatrixserverlib v0.0.0-20230606112941-1c41e92ddf9e h1:I3Sfr8gZvVtLHOeI8lgc62kgLuzpMhBZ6EQOMyexXEA=
|
||||||
github.com/matrix-org/gomatrixserverlib v0.0.0-20230531155817-0e3adf17bee6/go.mod h1:H9V9N3Uqn1bBJqYJNGK1noqtgJTaCEhtTdcH/mp50uU=
|
github.com/matrix-org/gomatrixserverlib v0.0.0-20230606112941-1c41e92ddf9e/go.mod h1:H9V9N3Uqn1bBJqYJNGK1noqtgJTaCEhtTdcH/mp50uU=
|
||||||
github.com/matrix-org/pinecone v0.11.1-0.20230210171230-8c3b24f2649a h1:awrPDf9LEFySxTLKYBMCiObelNx/cBuv/wzllvCCH3A=
|
github.com/matrix-org/pinecone v0.11.1-0.20230210171230-8c3b24f2649a h1:awrPDf9LEFySxTLKYBMCiObelNx/cBuv/wzllvCCH3A=
|
||||||
github.com/matrix-org/pinecone v0.11.1-0.20230210171230-8c3b24f2649a/go.mod h1:HchJX9oKMXaT2xYFs0Ha/6Zs06mxLU8k6F1ODnrGkeQ=
|
github.com/matrix-org/pinecone v0.11.1-0.20230210171230-8c3b24f2649a/go.mod h1:HchJX9oKMXaT2xYFs0Ha/6Zs06mxLU8k6F1ODnrGkeQ=
|
||||||
github.com/matrix-org/util v0.0.0-20221111132719-399730281e66 h1:6z4KxomXSIGWqhHcfzExgkH3Z3UkIXry4ibJS4Aqz2Y=
|
github.com/matrix-org/util v0.0.0-20221111132719-399730281e66 h1:6z4KxomXSIGWqhHcfzExgkH3Z3UkIXry4ibJS4Aqz2Y=
|
||||||
|
|
|
@ -28,7 +28,7 @@ func (c Caches) GetServerKey(
|
||||||
) (gomatrixserverlib.PublicKeyLookupResult, bool) {
|
) (gomatrixserverlib.PublicKeyLookupResult, bool) {
|
||||||
key := fmt.Sprintf("%s/%s", request.ServerName, request.KeyID)
|
key := fmt.Sprintf("%s/%s", request.ServerName, request.KeyID)
|
||||||
val, found := c.ServerKeys.Get(key)
|
val, found := c.ServerKeys.Get(key)
|
||||||
if found && !val.WasValidAt(timestamp, true) {
|
if found && !val.WasValidAt(timestamp, gomatrixserverlib.StrictValiditySignatureCheck) {
|
||||||
// The key wasn't valid at the requested timestamp so don't
|
// The key wasn't valid at the requested timestamp so don't
|
||||||
// return it. The caller will have to work out what to do.
|
// return it. The caller will have to work out what to do.
|
||||||
c.ServerKeys.Unset(key)
|
c.ServerKeys.Unset(key)
|
||||||
|
|
|
@ -32,6 +32,16 @@ func (e ErrNotAllowed) Error() string {
|
||||||
return e.Err.Error()
|
return e.Err.Error()
|
||||||
}
|
}
|
||||||
|
|
||||||
|
type RestrictedJoinAPI interface {
|
||||||
|
CurrentStateEvent(ctx context.Context, roomID spec.RoomID, eventType string, stateKey string) (gomatrixserverlib.PDU, error)
|
||||||
|
InvitePending(ctx context.Context, roomID spec.RoomID, userID spec.UserID) (bool, error)
|
||||||
|
RestrictedRoomJoinInfo(ctx context.Context, roomID spec.RoomID, userID spec.UserID, localServerName spec.ServerName) (*gomatrixserverlib.RestrictedRoomJoinInfo, error)
|
||||||
|
QueryRoomInfo(ctx context.Context, roomID spec.RoomID) (*types.RoomInfo, error)
|
||||||
|
QueryServerJoinedToRoom(ctx context.Context, req *QueryServerJoinedToRoomRequest, res *QueryServerJoinedToRoomResponse) error
|
||||||
|
UserJoinedToRoom(ctx context.Context, roomID types.RoomNID, userID spec.UserID) (bool, error)
|
||||||
|
LocallyJoinedUsers(ctx context.Context, roomVersion gomatrixserverlib.RoomVersion, roomNID types.RoomNID) ([]gomatrixserverlib.PDU, error)
|
||||||
|
}
|
||||||
|
|
||||||
// RoomserverInputAPI is used to write events to the room server.
|
// RoomserverInputAPI is used to write events to the room server.
|
||||||
type RoomserverInternalAPI interface {
|
type RoomserverInternalAPI interface {
|
||||||
SyncRoomserverAPI
|
SyncRoomserverAPI
|
||||||
|
@ -199,6 +209,7 @@ type UserRoomserverAPI interface {
|
||||||
}
|
}
|
||||||
|
|
||||||
type FederationRoomserverAPI interface {
|
type FederationRoomserverAPI interface {
|
||||||
|
RestrictedJoinAPI
|
||||||
InputRoomEventsAPI
|
InputRoomEventsAPI
|
||||||
QueryLatestEventsAndStateAPI
|
QueryLatestEventsAndStateAPI
|
||||||
QueryBulkStateContentAPI
|
QueryBulkStateContentAPI
|
||||||
|
@ -223,7 +234,7 @@ type FederationRoomserverAPI interface {
|
||||||
// Query whether a server is allowed to see an event
|
// Query whether a server is allowed to see an event
|
||||||
QueryServerAllowedToSeeEvent(ctx context.Context, serverName spec.ServerName, eventID string) (allowed bool, err error)
|
QueryServerAllowedToSeeEvent(ctx context.Context, serverName spec.ServerName, eventID string) (allowed bool, err error)
|
||||||
QueryRoomsForUser(ctx context.Context, req *QueryRoomsForUserRequest, res *QueryRoomsForUserResponse) error
|
QueryRoomsForUser(ctx context.Context, req *QueryRoomsForUserRequest, res *QueryRoomsForUserResponse) error
|
||||||
QueryRestrictedJoinAllowed(ctx context.Context, req *QueryRestrictedJoinAllowedRequest, res *QueryRestrictedJoinAllowedResponse) error
|
QueryRestrictedJoinAllowed(ctx context.Context, roomID spec.RoomID, userID spec.UserID) (string, error)
|
||||||
PerformInboundPeek(ctx context.Context, req *PerformInboundPeekRequest, res *PerformInboundPeekResponse) error
|
PerformInboundPeek(ctx context.Context, req *PerformInboundPeekRequest, res *PerformInboundPeekResponse) error
|
||||||
HandleInvite(ctx context.Context, event *types.HeaderedEvent) error
|
HandleInvite(ctx context.Context, event *types.HeaderedEvent) error
|
||||||
|
|
||||||
|
|
|
@ -24,6 +24,7 @@ import (
|
||||||
|
|
||||||
"github.com/matrix-org/gomatrixserverlib"
|
"github.com/matrix-org/gomatrixserverlib"
|
||||||
"github.com/matrix-org/gomatrixserverlib/spec"
|
"github.com/matrix-org/gomatrixserverlib/spec"
|
||||||
|
"github.com/matrix-org/util"
|
||||||
|
|
||||||
"github.com/matrix-org/dendrite/clientapi/auth/authtypes"
|
"github.com/matrix-org/dendrite/clientapi/auth/authtypes"
|
||||||
"github.com/matrix-org/dendrite/roomserver/types"
|
"github.com/matrix-org/dendrite/roomserver/types"
|
||||||
|
@ -351,26 +352,6 @@ type QueryServerBannedFromRoomResponse struct {
|
||||||
Banned bool `json:"banned"`
|
Banned bool `json:"banned"`
|
||||||
}
|
}
|
||||||
|
|
||||||
type QueryRestrictedJoinAllowedRequest struct {
|
|
||||||
UserID string `json:"user_id"`
|
|
||||||
RoomID string `json:"room_id"`
|
|
||||||
}
|
|
||||||
|
|
||||||
type QueryRestrictedJoinAllowedResponse struct {
|
|
||||||
// True if the room membership is restricted by the join rule being set to "restricted"
|
|
||||||
Restricted bool `json:"restricted"`
|
|
||||||
// True if our local server is joined to all of the allowed rooms specified in the "allow"
|
|
||||||
// key of the join rule, false if we are missing from some of them and therefore can't
|
|
||||||
// reliably decide whether or not we can satisfy the join
|
|
||||||
Resident bool `json:"resident"`
|
|
||||||
// True if the restricted join is allowed because we found the membership in one of the
|
|
||||||
// allowed rooms from the join rule, false if not
|
|
||||||
Allowed bool `json:"allowed"`
|
|
||||||
// Contains the user ID of the selected user ID that has power to issue invites, this will
|
|
||||||
// get populated into the "join_authorised_via_users_server" content in the membership
|
|
||||||
AuthorisedVia string `json:"authorised_via,omitempty"`
|
|
||||||
}
|
|
||||||
|
|
||||||
// MarshalJSON stringifies the room ID and StateKeyTuple keys so they can be sent over the wire in HTTP API mode.
|
// MarshalJSON stringifies the room ID and StateKeyTuple keys so they can be sent over the wire in HTTP API mode.
|
||||||
func (r *QueryBulkStateContentResponse) MarshalJSON() ([]byte, error) {
|
func (r *QueryBulkStateContentResponse) MarshalJSON() ([]byte, error) {
|
||||||
se := make(map[string]string)
|
se := make(map[string]string)
|
||||||
|
@ -459,6 +440,53 @@ type QueryLeftUsersResponse struct {
|
||||||
LeftUsers []string `json:"user_ids"`
|
LeftUsers []string `json:"user_ids"`
|
||||||
}
|
}
|
||||||
|
|
||||||
|
type JoinRoomQuerier struct {
|
||||||
|
Roomserver RestrictedJoinAPI
|
||||||
|
}
|
||||||
|
|
||||||
|
func (rq *JoinRoomQuerier) CurrentStateEvent(ctx context.Context, roomID spec.RoomID, eventType string, stateKey string) (gomatrixserverlib.PDU, error) {
|
||||||
|
return rq.Roomserver.CurrentStateEvent(ctx, roomID, eventType, stateKey)
|
||||||
|
}
|
||||||
|
|
||||||
|
func (rq *JoinRoomQuerier) InvitePending(ctx context.Context, roomID spec.RoomID, userID spec.UserID) (bool, error) {
|
||||||
|
return rq.Roomserver.InvitePending(ctx, roomID, userID)
|
||||||
|
}
|
||||||
|
|
||||||
|
func (rq *JoinRoomQuerier) RestrictedRoomJoinInfo(ctx context.Context, roomID spec.RoomID, userID spec.UserID, localServerName spec.ServerName) (*gomatrixserverlib.RestrictedRoomJoinInfo, error) {
|
||||||
|
roomInfo, err := rq.Roomserver.QueryRoomInfo(ctx, roomID)
|
||||||
|
if err != nil || roomInfo == nil || roomInfo.IsStub() {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
|
||||||
|
req := QueryServerJoinedToRoomRequest{
|
||||||
|
ServerName: localServerName,
|
||||||
|
RoomID: roomID.String(),
|
||||||
|
}
|
||||||
|
res := QueryServerJoinedToRoomResponse{}
|
||||||
|
if err = rq.Roomserver.QueryServerJoinedToRoom(ctx, &req, &res); err != nil {
|
||||||
|
util.GetLogger(ctx).WithError(err).Error("rsAPI.QueryServerJoinedToRoom failed")
|
||||||
|
return nil, fmt.Errorf("InternalServerError: Failed to query room: %w", err)
|
||||||
|
}
|
||||||
|
|
||||||
|
userJoinedToRoom, err := rq.Roomserver.UserJoinedToRoom(ctx, types.RoomNID(roomInfo.RoomNID), userID)
|
||||||
|
if err != nil {
|
||||||
|
util.GetLogger(ctx).WithError(err).Error("rsAPI.UserJoinedToRoom failed")
|
||||||
|
return nil, fmt.Errorf("InternalServerError: %w", err)
|
||||||
|
}
|
||||||
|
|
||||||
|
locallyJoinedUsers, err := rq.Roomserver.LocallyJoinedUsers(ctx, roomInfo.RoomVersion, types.RoomNID(roomInfo.RoomNID))
|
||||||
|
if err != nil {
|
||||||
|
util.GetLogger(ctx).WithError(err).Error("rsAPI.GetLocallyJoinedUsers failed")
|
||||||
|
return nil, fmt.Errorf("InternalServerError: %w", err)
|
||||||
|
}
|
||||||
|
|
||||||
|
return &gomatrixserverlib.RestrictedRoomJoinInfo{
|
||||||
|
LocalServerInRoom: res.RoomExists && res.IsInRoom,
|
||||||
|
UserJoinedToRoom: userJoinedToRoom,
|
||||||
|
JoinedUsers: locallyJoinedUsers,
|
||||||
|
}, nil
|
||||||
|
}
|
||||||
|
|
||||||
type MembershipQuerier struct {
|
type MembershipQuerier struct {
|
||||||
Roomserver FederationRoomserverAPI
|
Roomserver FederationRoomserverAPI
|
||||||
}
|
}
|
||||||
|
|
|
@ -94,6 +94,7 @@ func NewRoomserverAPI(
|
||||||
Cache: caches,
|
Cache: caches,
|
||||||
IsLocalServerName: dendriteCfg.Global.IsLocalServerName,
|
IsLocalServerName: dendriteCfg.Global.IsLocalServerName,
|
||||||
ServerACLs: serverACLs,
|
ServerACLs: serverACLs,
|
||||||
|
Cfg: dendriteCfg,
|
||||||
},
|
},
|
||||||
enableMetrics: enableMetrics,
|
enableMetrics: enableMetrics,
|
||||||
// perform-er structs get initialised when we have a federation sender to use
|
// perform-er structs get initialised when we have a federation sender to use
|
||||||
|
|
|
@ -372,22 +372,14 @@ func (r *Joiner) populateAuthorisedViaUserForRestrictedJoin(
|
||||||
ctx context.Context,
|
ctx context.Context,
|
||||||
joinReq *rsAPI.PerformJoinRequest,
|
joinReq *rsAPI.PerformJoinRequest,
|
||||||
) (string, error) {
|
) (string, error) {
|
||||||
req := &api.QueryRestrictedJoinAllowedRequest{
|
roomID, err := spec.NewRoomID(joinReq.RoomIDOrAlias)
|
||||||
UserID: joinReq.UserID,
|
if err != nil {
|
||||||
RoomID: joinReq.RoomIDOrAlias,
|
return "", err
|
||||||
}
|
}
|
||||||
res := &api.QueryRestrictedJoinAllowedResponse{}
|
userID, err := spec.NewUserID(joinReq.UserID, true)
|
||||||
if err := r.Queryer.QueryRestrictedJoinAllowed(ctx, req, res); err != nil {
|
if err != nil {
|
||||||
return "", fmt.Errorf("r.Queryer.QueryRestrictedJoinAllowed: %w", err)
|
return "", err
|
||||||
}
|
}
|
||||||
if !res.Restricted {
|
|
||||||
return "", nil
|
return r.Queryer.QueryRestrictedJoinAllowed(ctx, *roomID, *userID)
|
||||||
}
|
|
||||||
if !res.Resident {
|
|
||||||
return "", nil
|
|
||||||
}
|
|
||||||
if !res.Allowed {
|
|
||||||
return "", rsAPI.ErrNotAllowed{Err: fmt.Errorf("the join to room %s was not allowed", joinReq.RoomIDOrAlias)}
|
|
||||||
}
|
|
||||||
return res.AuthorisedVia, nil
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -17,10 +17,11 @@ package query
|
||||||
import (
|
import (
|
||||||
"context"
|
"context"
|
||||||
"database/sql"
|
"database/sql"
|
||||||
"encoding/json"
|
|
||||||
"errors"
|
"errors"
|
||||||
"fmt"
|
"fmt"
|
||||||
|
|
||||||
|
//"github.com/matrix-org/dendrite/roomserver/internal"
|
||||||
|
"github.com/matrix-org/dendrite/setup/config"
|
||||||
"github.com/matrix-org/gomatrixserverlib"
|
"github.com/matrix-org/gomatrixserverlib"
|
||||||
"github.com/matrix-org/gomatrixserverlib/spec"
|
"github.com/matrix-org/gomatrixserverlib/spec"
|
||||||
"github.com/matrix-org/util"
|
"github.com/matrix-org/util"
|
||||||
|
@ -44,6 +45,42 @@ type Queryer struct {
|
||||||
Cache caching.RoomServerCaches
|
Cache caching.RoomServerCaches
|
||||||
IsLocalServerName func(spec.ServerName) bool
|
IsLocalServerName func(spec.ServerName) bool
|
||||||
ServerACLs *acls.ServerACLs
|
ServerACLs *acls.ServerACLs
|
||||||
|
Cfg *config.Dendrite
|
||||||
|
}
|
||||||
|
|
||||||
|
func (r *Queryer) RestrictedRoomJoinInfo(ctx context.Context, roomID spec.RoomID, userID spec.UserID, localServerName spec.ServerName) (*gomatrixserverlib.RestrictedRoomJoinInfo, error) {
|
||||||
|
roomInfo, err := r.QueryRoomInfo(ctx, roomID)
|
||||||
|
if err != nil || roomInfo == nil || roomInfo.IsStub() {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
|
||||||
|
req := api.QueryServerJoinedToRoomRequest{
|
||||||
|
ServerName: localServerName,
|
||||||
|
RoomID: roomID.String(),
|
||||||
|
}
|
||||||
|
res := api.QueryServerJoinedToRoomResponse{}
|
||||||
|
if err = r.QueryServerJoinedToRoom(ctx, &req, &res); err != nil {
|
||||||
|
util.GetLogger(ctx).WithError(err).Error("rsAPI.QueryServerJoinedToRoom failed")
|
||||||
|
return nil, fmt.Errorf("InternalServerError: Failed to query room: %w", err)
|
||||||
|
}
|
||||||
|
|
||||||
|
userJoinedToRoom, err := r.UserJoinedToRoom(ctx, types.RoomNID(roomInfo.RoomNID), userID)
|
||||||
|
if err != nil {
|
||||||
|
util.GetLogger(ctx).WithError(err).Error("rsAPI.UserJoinedToRoom failed")
|
||||||
|
return nil, fmt.Errorf("InternalServerError: %w", err)
|
||||||
|
}
|
||||||
|
|
||||||
|
locallyJoinedUsers, err := r.LocallyJoinedUsers(ctx, roomInfo.RoomVersion, types.RoomNID(roomInfo.RoomNID))
|
||||||
|
if err != nil {
|
||||||
|
util.GetLogger(ctx).WithError(err).Error("rsAPI.GetLocallyJoinedUsers failed")
|
||||||
|
return nil, fmt.Errorf("InternalServerError: %w", err)
|
||||||
|
}
|
||||||
|
|
||||||
|
return &gomatrixserverlib.RestrictedRoomJoinInfo{
|
||||||
|
LocalServerInRoom: res.RoomExists && res.IsInRoom,
|
||||||
|
UserJoinedToRoom: userJoinedToRoom,
|
||||||
|
JoinedUsers: locallyJoinedUsers,
|
||||||
|
}, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
// QueryLatestEventsAndState implements api.RoomserverInternalAPI
|
// QueryLatestEventsAndState implements api.RoomserverInternalAPI
|
||||||
|
@ -906,131 +943,20 @@ func (r *Queryer) LocallyJoinedUsers(ctx context.Context, roomVersion gomatrixse
|
||||||
}
|
}
|
||||||
|
|
||||||
// nolint:gocyclo
|
// nolint:gocyclo
|
||||||
func (r *Queryer) QueryRestrictedJoinAllowed(ctx context.Context, req *api.QueryRestrictedJoinAllowedRequest, res *api.QueryRestrictedJoinAllowedResponse) error {
|
func (r *Queryer) QueryRestrictedJoinAllowed(ctx context.Context, roomID spec.RoomID, userID spec.UserID) (string, error) {
|
||||||
// Look up if we know anything about the room. If it doesn't exist
|
// Look up if we know anything about the room. If it doesn't exist
|
||||||
// or is a stub entry then we can't do anything.
|
// or is a stub entry then we can't do anything.
|
||||||
roomInfo, err := r.DB.RoomInfo(ctx, req.RoomID)
|
roomInfo, err := r.DB.RoomInfo(ctx, roomID.String())
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return fmt.Errorf("r.DB.RoomInfo: %w", err)
|
return "", fmt.Errorf("r.DB.RoomInfo: %w", err)
|
||||||
}
|
}
|
||||||
if roomInfo == nil || roomInfo.IsStub() {
|
if roomInfo == nil || roomInfo.IsStub() {
|
||||||
return nil // fmt.Errorf("room %q doesn't exist or is stub room", req.RoomID)
|
return "", nil // fmt.Errorf("room %q doesn't exist or is stub room", req.RoomID)
|
||||||
}
|
}
|
||||||
verImpl, err := gomatrixserverlib.GetRoomVersion(roomInfo.RoomVersion)
|
verImpl, err := gomatrixserverlib.GetRoomVersion(roomInfo.RoomVersion)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return "", err
|
||||||
}
|
}
|
||||||
// If the room version doesn't allow restricted joins then don't
|
|
||||||
// try to process any further.
|
return verImpl.CheckRestrictedJoin(ctx, r.Cfg.Global.ServerName, &api.JoinRoomQuerier{Roomserver: r}, roomID, userID)
|
||||||
allowRestrictedJoins := verImpl.MayAllowRestrictedJoinsInEventAuth()
|
|
||||||
if !allowRestrictedJoins {
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
// Start off by populating the "resident" flag in the response. If we
|
|
||||||
// come across any rooms in the request that are missing, we will unset
|
|
||||||
// the flag.
|
|
||||||
res.Resident = true
|
|
||||||
// Get the join rules to work out if the join rule is "restricted".
|
|
||||||
joinRulesEvent, err := r.DB.GetStateEvent(ctx, req.RoomID, spec.MRoomJoinRules, "")
|
|
||||||
if err != nil {
|
|
||||||
return fmt.Errorf("r.DB.GetStateEvent: %w", err)
|
|
||||||
}
|
|
||||||
if joinRulesEvent == nil {
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
var joinRules gomatrixserverlib.JoinRuleContent
|
|
||||||
if err = json.Unmarshal(joinRulesEvent.Content(), &joinRules); err != nil {
|
|
||||||
return fmt.Errorf("json.Unmarshal: %w", err)
|
|
||||||
}
|
|
||||||
// If the join rule isn't "restricted" or "knock_restricted" then there's nothing more to do.
|
|
||||||
res.Restricted = joinRules.JoinRule == spec.Restricted || joinRules.JoinRule == spec.KnockRestricted
|
|
||||||
if !res.Restricted {
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
// If the user is already invited to the room then the join is allowed
|
|
||||||
// but we don't specify an authorised via user, since the event auth
|
|
||||||
// will allow the join anyway.
|
|
||||||
var pending bool
|
|
||||||
if pending, _, _, _, err = helpers.IsInvitePending(ctx, r.DB, req.RoomID, req.UserID); err != nil {
|
|
||||||
return fmt.Errorf("helpers.IsInvitePending: %w", err)
|
|
||||||
} else if pending {
|
|
||||||
res.Allowed = true
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
// We need to get the power levels content so that we can determine which
|
|
||||||
// users in the room are entitled to issue invites. We need to use one of
|
|
||||||
// these users as the authorising user.
|
|
||||||
powerLevelsEvent, err := r.DB.GetStateEvent(ctx, req.RoomID, spec.MRoomPowerLevels, "")
|
|
||||||
if err != nil {
|
|
||||||
return fmt.Errorf("r.DB.GetStateEvent: %w", err)
|
|
||||||
}
|
|
||||||
powerLevels, err := powerLevelsEvent.PowerLevels()
|
|
||||||
if err != nil {
|
|
||||||
return fmt.Errorf("unable to get powerlevels: %w", err)
|
|
||||||
}
|
|
||||||
// Step through the join rules and see if the user matches any of them.
|
|
||||||
for _, rule := range joinRules.Allow {
|
|
||||||
// We only understand "m.room_membership" rules at this point in
|
|
||||||
// time, so skip any rule that doesn't match those.
|
|
||||||
if rule.Type != spec.MRoomMembership {
|
|
||||||
continue
|
|
||||||
}
|
|
||||||
// See if the room exists. If it doesn't exist or if it's a stub
|
|
||||||
// room entry then we can't check memberships.
|
|
||||||
targetRoomInfo, err := r.DB.RoomInfo(ctx, rule.RoomID)
|
|
||||||
if err != nil || targetRoomInfo == nil || targetRoomInfo.IsStub() {
|
|
||||||
res.Resident = false
|
|
||||||
continue
|
|
||||||
}
|
|
||||||
// First of all work out if *we* are still in the room, otherwise
|
|
||||||
// it's possible that the memberships will be out of date.
|
|
||||||
isIn, err := r.DB.GetLocalServerInRoom(ctx, targetRoomInfo.RoomNID)
|
|
||||||
if err != nil || !isIn {
|
|
||||||
// If we aren't in the room, we can no longer tell if the room
|
|
||||||
// memberships are up-to-date.
|
|
||||||
res.Resident = false
|
|
||||||
continue
|
|
||||||
}
|
|
||||||
// At this point we're happy that we are in the room, so now let's
|
|
||||||
// see if the target user is in the room.
|
|
||||||
_, isIn, _, err = r.DB.GetMembership(ctx, targetRoomInfo.RoomNID, req.UserID)
|
|
||||||
if err != nil {
|
|
||||||
continue
|
|
||||||
}
|
|
||||||
// If the user is not in the room then we will skip them.
|
|
||||||
if !isIn {
|
|
||||||
continue
|
|
||||||
}
|
|
||||||
// The user is in the room, so now we will need to authorise the
|
|
||||||
// join using the user ID of one of our own users in the room. Pick
|
|
||||||
// one.
|
|
||||||
joinNIDs, err := r.DB.GetMembershipEventNIDsForRoom(ctx, targetRoomInfo.RoomNID, true, true)
|
|
||||||
if err != nil || len(joinNIDs) == 0 {
|
|
||||||
// There should always be more than one join NID at this point
|
|
||||||
// because we are gated behind GetLocalServerInRoom, but y'know,
|
|
||||||
// sometimes strange things happen.
|
|
||||||
continue
|
|
||||||
}
|
|
||||||
// For each of the joined users, let's see if we can get a valid
|
|
||||||
// membership event.
|
|
||||||
for _, joinNID := range joinNIDs {
|
|
||||||
events, err := r.DB.Events(ctx, roomInfo.RoomVersion, []types.EventNID{joinNID})
|
|
||||||
if err != nil || len(events) != 1 {
|
|
||||||
continue
|
|
||||||
}
|
|
||||||
event := events[0]
|
|
||||||
if event.Type() != spec.MRoomMember || event.StateKey() == nil {
|
|
||||||
continue // shouldn't happen
|
|
||||||
}
|
|
||||||
// Only users that have the power to invite should be chosen.
|
|
||||||
if powerLevels.UserLevel(*event.StateKey()) < powerLevels.Invite {
|
|
||||||
continue
|
|
||||||
}
|
|
||||||
res.Resident = true
|
|
||||||
res.Allowed = true
|
|
||||||
res.AuthorisedVia = *event.StateKey()
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
}
|
|
||||||
return nil
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -598,16 +598,15 @@ func TestQueryRestrictedJoinAllowed(t *testing.T) {
|
||||||
testCases := []struct {
|
testCases := []struct {
|
||||||
name string
|
name string
|
||||||
prepareRoomFunc func(t *testing.T) *test.Room
|
prepareRoomFunc func(t *testing.T) *test.Room
|
||||||
wantResponse api.QueryRestrictedJoinAllowedResponse
|
wantResponse string
|
||||||
|
wantError bool
|
||||||
}{
|
}{
|
||||||
{
|
{
|
||||||
name: "public room unrestricted",
|
name: "public room unrestricted",
|
||||||
prepareRoomFunc: func(t *testing.T) *test.Room {
|
prepareRoomFunc: func(t *testing.T) *test.Room {
|
||||||
return test.NewRoom(t, alice)
|
return test.NewRoom(t, alice)
|
||||||
},
|
},
|
||||||
wantResponse: api.QueryRestrictedJoinAllowedResponse{
|
wantResponse: "",
|
||||||
Resident: true,
|
|
||||||
},
|
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
name: "room version without restrictions",
|
name: "room version without restrictions",
|
||||||
|
@ -624,10 +623,7 @@ func TestQueryRestrictedJoinAllowed(t *testing.T) {
|
||||||
}, test.WithStateKey(""))
|
}, test.WithStateKey(""))
|
||||||
return r
|
return r
|
||||||
},
|
},
|
||||||
wantResponse: api.QueryRestrictedJoinAllowedResponse{
|
wantError: true,
|
||||||
Resident: true,
|
|
||||||
Restricted: true,
|
|
||||||
},
|
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
name: "knock_restricted",
|
name: "knock_restricted",
|
||||||
|
@ -638,10 +634,7 @@ func TestQueryRestrictedJoinAllowed(t *testing.T) {
|
||||||
}, test.WithStateKey(""))
|
}, test.WithStateKey(""))
|
||||||
return r
|
return r
|
||||||
},
|
},
|
||||||
wantResponse: api.QueryRestrictedJoinAllowedResponse{
|
wantError: true,
|
||||||
Resident: true,
|
|
||||||
Restricted: true,
|
|
||||||
},
|
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
name: "restricted with pending invite", // bob should be allowed to join
|
name: "restricted with pending invite", // bob should be allowed to join
|
||||||
|
@ -655,11 +648,7 @@ func TestQueryRestrictedJoinAllowed(t *testing.T) {
|
||||||
}, test.WithStateKey(bob.ID))
|
}, test.WithStateKey(bob.ID))
|
||||||
return r
|
return r
|
||||||
},
|
},
|
||||||
wantResponse: api.QueryRestrictedJoinAllowedResponse{
|
wantResponse: "",
|
||||||
Resident: true,
|
|
||||||
Restricted: true,
|
|
||||||
Allowed: true,
|
|
||||||
},
|
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
name: "restricted with allowed room_id, but missing room", // bob should not be allowed to join, as we don't know about the room
|
name: "restricted with allowed room_id, but missing room", // bob should not be allowed to join, as we don't know about the room
|
||||||
|
@ -680,9 +669,7 @@ func TestQueryRestrictedJoinAllowed(t *testing.T) {
|
||||||
}, test.WithStateKey(bob.ID))
|
}, test.WithStateKey(bob.ID))
|
||||||
return r
|
return r
|
||||||
},
|
},
|
||||||
wantResponse: api.QueryRestrictedJoinAllowedResponse{
|
wantError: true,
|
||||||
Restricted: true,
|
|
||||||
},
|
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
name: "restricted with allowed room_id", // bob should be allowed to join, as we know about the room
|
name: "restricted with allowed room_id", // bob should be allowed to join, as we know about the room
|
||||||
|
@ -703,12 +690,7 @@ func TestQueryRestrictedJoinAllowed(t *testing.T) {
|
||||||
}, test.WithStateKey(bob.ID))
|
}, test.WithStateKey(bob.ID))
|
||||||
return r
|
return r
|
||||||
},
|
},
|
||||||
wantResponse: api.QueryRestrictedJoinAllowedResponse{
|
wantResponse: alice.ID,
|
||||||
Resident: true,
|
|
||||||
Restricted: true,
|
|
||||||
Allowed: true,
|
|
||||||
AuthorisedVia: alice.ID,
|
|
||||||
},
|
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -738,16 +720,17 @@ func TestQueryRestrictedJoinAllowed(t *testing.T) {
|
||||||
t.Errorf("failed to send events: %v", err)
|
t.Errorf("failed to send events: %v", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
req := api.QueryRestrictedJoinAllowedRequest{
|
roomID, _ := spec.NewRoomID(testRoom.ID)
|
||||||
UserID: bob.ID,
|
userID, _ := spec.NewUserID(bob.ID, true)
|
||||||
RoomID: testRoom.ID,
|
got, err := rsAPI.QueryRestrictedJoinAllowed(processCtx.Context(), *roomID, *userID)
|
||||||
|
if tc.wantError && err == nil {
|
||||||
|
t.Fatal("expected error, got none")
|
||||||
}
|
}
|
||||||
res := api.QueryRestrictedJoinAllowedResponse{}
|
if !tc.wantError && err != nil {
|
||||||
if err := rsAPI.QueryRestrictedJoinAllowed(processCtx.Context(), &req, &res); err != nil {
|
|
||||||
t.Fatal(err)
|
t.Fatal(err)
|
||||||
}
|
}
|
||||||
if !reflect.DeepEqual(tc.wantResponse, res) {
|
if !reflect.DeepEqual(tc.wantResponse, got) {
|
||||||
t.Fatalf("unexpected response, want %#v - got %#v", tc.wantResponse, res)
|
t.Fatalf("unexpected response, want %#v - got %#v", tc.wantResponse, got)
|
||||||
}
|
}
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue