From 7fc62d8178bfc362231436746457d14c44d238ff Mon Sep 17 00:00:00 2001 From: Neil Alexander Date: Fri, 4 Mar 2022 10:24:26 +0000 Subject: [PATCH 1/2] Fix a panic in `OnIncomingMessagesRequest` (#2250) It's possible for `GetStateEvent` to return `nil` if there was no error but the state event wasn't found. Therefore we need to be prepared for that case. This should fix #2247. --- syncapi/routing/messages.go | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/syncapi/routing/messages.go b/syncapi/routing/messages.go index 7cd54eef0..9aef5db14 100644 --- a/syncapi/routing/messages.go +++ b/syncapi/routing/messages.go @@ -184,16 +184,18 @@ func OnIncomingMessagesRequest( // at least fetch the membership events for the users returned in chunk if LazyLoadMembers is set state := []gomatrixserverlib.ClientEvent{} if filter.LazyLoadMembers { - memberShipToUser := make(map[string]*gomatrixserverlib.HeaderedEvent) + membershipToUser := make(map[string]*gomatrixserverlib.HeaderedEvent) for _, evt := range clientEvents { - memberShip, err := db.GetStateEvent(req.Context(), roomID, gomatrixserverlib.MRoomMember, evt.Sender) + membership, err := db.GetStateEvent(req.Context(), roomID, gomatrixserverlib.MRoomMember, evt.Sender) if err != nil { util.GetLogger(req.Context()).WithError(err).Error("failed to get membership event for user") continue } - memberShipToUser[evt.Sender] = memberShip + if membership != nil { + membershipToUser[evt.Sender] = membership + } } - for _, evt := range memberShipToUser { + for _, evt := range membershipToUser { state = append(state, gomatrixserverlib.HeaderedToClientEvent(evt, gomatrixserverlib.FormatAll)) } } From 5e694cd362ed21fa824f219cd0058fb57897e079 Mon Sep 17 00:00:00 2001 From: S7evinK <2353100+S7evinK@users.noreply.github.com> Date: Fri, 4 Mar 2022 12:03:51 +0100 Subject: [PATCH 2/2] Un-ratelimit calls to /thumbnail (#2251) --- mediaapi/routing/routing.go | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/mediaapi/routing/routing.go b/mediaapi/routing/routing.go index fc2136bb6..0e1583991 100644 --- a/mediaapi/routing/routing.go +++ b/mediaapi/routing/routing.go @@ -120,13 +120,16 @@ func makeDownloadAPI( w.Header().Set("Content-Type", "application/json") // Ratelimit requests - if r := rateLimits.Limit(req); r != nil { - if err := json.NewEncoder(w).Encode(r); err != nil { - w.WriteHeader(http.StatusInternalServerError) + // NOTSPEC: The spec says everything at /media/ should be rate limited, but this causes issues with thumbnails (#2243) + if name != "thumbnail" { + if r := rateLimits.Limit(req); r != nil { + if err := json.NewEncoder(w).Encode(r); err != nil { + w.WriteHeader(http.StatusInternalServerError) + return + } + w.WriteHeader(http.StatusTooManyRequests) return } - w.WriteHeader(http.StatusTooManyRequests) - return } vars, _ := httputil.URLDecodeMapValues(mux.Vars(req))