magmaus3/continuwuity
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

tiny refactoring, split out report_event_route a bit

Browse source 
Signed-off-by: strawberry <strawberry@puppygock.gay>
This commit is contained in:
strawberry 2024-04-28 22:36:39 -04:00 committed by June
parent d32ea6ec20
commit 0b39bb813e
2 changed files with 71 additions and 54 deletions
Download patch file Download diff file Expand all files Collapse all files

6
src/api/client_server/context.rs
View file

@ -188,14 +188,12 @@ pub(crate) async fn get_context_route(body: Ruma<get_context::v3::Request>) -> R
} }
} }
let resp = get_context::v3::Response { Ok(get_context::v3::Response {
start: Some(start_token), start: Some(start_token),
end: Some(end_token), end: Some(end_token),
events_before, events_before,
event: Some(base_event), event: Some(base_event),
events_after, events_after,
state, state,
}; })
Ok(resp)
} }

119
src/api/client_server/report.rs
View file

@ -4,12 +4,12 @@ use rand::Rng;
use ruma::{ use ruma::{
api::client::{error::ErrorKind, room::report_content}, api::client::{error::ErrorKind, room::report_content},
events::room::message, events::room::message,
int, int, EventId, RoomId, UserId,
}; };
use tokio::time::sleep; use tokio::time::sleep;
use tracing::{debug, info}; use tracing::info;
use crate::{services, utils::HtmlEscape, Error, Result, Ruma}; use crate::{debug_info, service::pdu::PduEvent, services, utils::HtmlEscape, Error, Result, Ruma};
/// # `POST /_matrix/client/v3/rooms/{roomId}/report/{eventId}` /// # `POST /_matrix/client/v3/rooms/{roomId}/report/{eventId}`
/// ///
@ -20,7 +20,10 @@ pub(crate) async fn report_event_route(
// user authentication // user authentication
let sender_user = body.sender_user.as_ref().expect("user is authenticated"); let sender_user = body.sender_user.as_ref().expect("user is authenticated");
info!("Received /report request by user {}", sender_user); info!(
"Received /report request by user {sender_user} for room {} and event ID {}",
body.room_id, body.event_id
);
// check if we know about the reported event ID or if it's invalid // check if we know about the reported event ID or if it's invalid
let Some(pdu) = services().rooms.timeline.get_pdu(&body.event_id)? else { let Some(pdu) = services().rooms.timeline.get_pdu(&body.event_id)? else {
@ -30,43 +33,7 @@ pub(crate) async fn report_event_route(
)); ));
}; };
// check if the room ID from the URI matches the PDU's room ID is_report_valid(&pdu.event_id, &body.room_id, sender_user, &body.reason, body.score, &pdu)?;
if body.room_id != pdu.room_id {
return Err(Error::BadRequest(
ErrorKind::NotFound,
"Event ID does not belong to the reported room",
));
}
// check if reporting user is in the reporting room
if !services()
.rooms
.state_cache
.room_members(&pdu.room_id)
.filter_map(Result::ok)
.any(|user_id| user_id == *sender_user)
{
return Err(Error::BadRequest(
ErrorKind::NotFound,
"You are not in the room you are reporting.",
));
}
// check if score is in valid range
if let Some(true) = body.score.map(|s| s > int!(0) || s < int!(-100)) {
return Err(Error::BadRequest(
ErrorKind::InvalidParam,
"Invalid score, must be within 0 to -100",
));
};
// check if report reasoning is less than or equal to 750 characters
if let Some(true) = body.reason.clone().map(|s| s.chars().count() >= 750) {
return Err(Error::BadRequest(
ErrorKind::InvalidParam,
"Reason too long, should be 750 characters or fewer",
));
};
// send admin room message that we received the report with an @room ping for // send admin room message that we received the report with an @room ping for
// urgency // urgency
@ -100,15 +67,67 @@ pub(crate) async fn report_event_route(
)) ))
.await; .await;
// even though this is kinda security by obscurity, let's still make a small delay_response().await?;
// random delay sending a successful response per spec suggestion regarding
// enumerating for potential events existing in our server.
let time_to_wait = rand::thread_rng().gen_range(8..21);
debug!(
"Got successful /report request, waiting {} seconds before sending successful response.",
time_to_wait
);
sleep(Duration::from_secs(time_to_wait)).await;
Ok(report_content::v3::Response {}) Ok(report_content::v3::Response {})
} }
/// in the following order:
///
/// check if the room ID from the URI matches the PDU's room ID
/// check if reporting user is in the reporting room
/// check if score is in valid range
/// check if report reasoning is less than or equal to 750 characters
fn is_report_valid(
event_id: &EventId, room_id: &RoomId, sender_user: &UserId, reason: &Option<String>, score: Option<ruma::Int>,
pdu: &std::sync::Arc<PduEvent>,
) -> Result<bool> {
debug_info!("Checking if report from user {sender_user} for event {event_id} in room {room_id} is valid");
if room_id != pdu.room_id {
return Err(Error::BadRequest(
ErrorKind::NotFound,
"Event ID does not belong to the reported room",
));
}
if services()
.rooms
.state_cache
.room_members(&pdu.room_id)
.filter_map(Result::ok)
.any(|user_id| user_id != *sender_user)
{
return Err(Error::BadRequest(
ErrorKind::NotFound,
"You are not in the room you are reporting.",
));
}
if let Some(true) = score.map(|s| s > int!(0) || s < int!(-100)) {
return Err(Error::BadRequest(
ErrorKind::InvalidParam,
"Invalid score, must be within 0 to -100",
));
};
if let Some(true) = reason.clone().map(|s| s.len() >= 750) {
return Err(Error::BadRequest(
ErrorKind::InvalidParam,
"Reason too long, should be 750 characters or fewer",
));
};
Ok(true)
}
/// even though this is kinda security by obscurity, let's still make a small
/// random delay sending a successful response per spec suggestion regarding
/// enumerating for potential events existing in our server.
async fn delay_response() -> Result<()> {
let time_to_wait = rand::thread_rng().gen_range(8..21);
debug_info!("Got successful /report request, waiting {time_to_wait} seconds before sending successful response.");
sleep(Duration::from_secs(time_to_wait)).await;
Ok(())
}