feat: respect history visibility

2023-02-22 15:49:55 +01:00 · 2023-02-22 15:49:55 +01:00 · 10fa686c77
commit 10fa686c77
parent 2a16a5e967
8 changed files with 166 additions and 98 deletions
--- a/src/api/client_server/context.rs
+++ b/src/api/client_server/context.rs
@ -50,12 +50,12 @@ pub async fn get_context_route(

    if !services()
        .rooms
-        .state_cache
-        .is_joined(sender_user, &room_id)?
+        .state_accessor
+        .user_can_see_event(sender_user, &room_id, &body.event_id)?
    {
        return Err(Error::BadRequest(
            ErrorKind::Forbidden,
-            "You don't have permission to view this room.",
+            "You don't have permission to view this event.",
        ));
    }

@ -82,6 +82,13 @@ pub async fn get_context_route(
                / 2,
        )
        .filter_map(|r| r.ok()) // Remove buggy events
+        .filter(|(_, pdu)| {
+            services()
+                .rooms
+                .state_accessor
+                .user_can_see_event(sender_user, &room_id, &pdu.event_id)
+                .unwrap_or(false)
+        })
        .collect();

    for (_, event) in &events_before {
@ -114,6 +121,13 @@ pub async fn get_context_route(
                / 2,
        )
        .filter_map(|r| r.ok()) // Remove buggy events
+        .filter(|(_, pdu)| {
+            services()
+                .rooms
+                .state_accessor
+                .user_can_see_event(sender_user, &room_id, &pdu.event_id)
+                .unwrap_or(false)
+        })
        .collect();

    for (_, event) in &events_after {
--- a/src/api/client_server/message.rs
+++ b/src/api/client_server/message.rs
@ -113,17 +113,6 @@ pub async fn get_message_events_route(
    let sender_user = body.sender_user.as_ref().expect("user is authenticated");
    let sender_device = body.sender_device.as_ref().expect("user is authenticated");

-    if !services()
-        .rooms
-        .state_cache
-        .is_joined(sender_user, &body.room_id)?
-    {
-        return Err(Error::BadRequest(
-            ErrorKind::Forbidden,
-            "You don't have permission to view this room.",
-        ));
-    }
-
    let from = match body.from.clone() {
        Some(from) => PduCount::try_from_string(&from)?,
        None => match body.dir {
@ -161,6 +150,13 @@ pub async fn get_message_events_route(
                .pdus_after(sender_user, &body.room_id, from)?
                .take(limit)
                .filter_map(|r| r.ok()) // Filter out buggy events
+                .filter(|(_, pdu)| {
+                    services()
+                        .rooms
+                        .state_accessor
+                        .user_can_see_event(sender_user, &body.room_id, &pdu.event_id)
+                        .unwrap_or(false)
+                })
                .take_while(|&(k, _)| Some(k) != to) // Stop at `to`
                .collect();

@ -203,6 +199,13 @@ pub async fn get_message_events_route(
                .pdus_until(sender_user, &body.room_id, from)?
                .take(limit)
                .filter_map(|r| r.ok()) // Filter out buggy events
+                .filter(|(_, pdu)| {
+                    services()
+                        .rooms
+                        .state_accessor
+                        .user_can_see_event(sender_user, &body.room_id, &pdu.event_id)
+                        .unwrap_or(false)
+                })
                .take_while(|&(k, _)| Some(k) != to) // Stop at `to`
                .collect();

--- a/src/api/client_server/room.rs
+++ b/src/api/client_server/room.rs
@ -425,24 +425,25 @@ pub async fn get_room_event_route(
 ) -> Result<get_room_event::v3::Response> {
    let sender_user = body.sender_user.as_ref().expect("user is authenticated");

-    if !services()
+    let event = services()
        .rooms
-        .state_cache
-        .is_joined(sender_user, &body.room_id)?
-    {
+        .timeline
+        .get_pdu(&body.event_id)?
+        .ok_or(Error::BadRequest(ErrorKind::NotFound, "Event not found."))?;
+
+    if !services().rooms.state_accessor.user_can_see_event(
+        sender_user,
+        &event.room_id,
+        &body.event_id,
+    )? {
        return Err(Error::BadRequest(
            ErrorKind::Forbidden,
-            "You don't have permission to view this room.",
+            "You don't have permission to view this event.",
        ));
    }

    Ok(get_room_event::v3::Response {
-        event: services()
-            .rooms
-            .timeline
-            .get_pdu(&body.event_id)?
-            .ok_or(Error::BadRequest(ErrorKind::NotFound, "Event not found."))?
-            .to_room_event(),
+        event: event.to_room_event(),
    })
 }

--- a/src/api/client_server/search.rs
+++ b/src/api/client_server/search.rs
@ -87,6 +87,13 @@ pub async fn search_events_route(
                .timeline
                .get_pdu_from_id(result)
                .ok()?
+                .filter(|pdu| {
+                    services()
+                        .rooms
+                        .state_accessor
+                        .user_can_see_event(sender_user, &pdu.room_id, &pdu.event_id)
+                        .unwrap_or(false)
+                })
                .map(|pdu| pdu.to_room_event())
        })
        .map(|result| {
--- a/src/api/client_server/state.rs
+++ b/src/api/client_server/state.rs
@ -7,11 +7,7 @@ use ruma::{
        state::{get_state_events, get_state_events_for_key, send_state_event},
    },
    events::{
-        room::{
-            canonical_alias::RoomCanonicalAliasEventContent,
-            history_visibility::{HistoryVisibility, RoomHistoryVisibilityEventContent},
-        },
-        AnyStateEventContent, StateEventType,
+        room::canonical_alias::RoomCanonicalAliasEventContent, AnyStateEventContent, StateEventType,
    },
    serde::Raw,
    EventId, RoomId, UserId,
@ -85,29 +81,10 @@ pub async fn get_state_events_route(
 ) -> Result<get_state_events::v3::Response> {
    let sender_user = body.sender_user.as_ref().expect("user is authenticated");

-    #[allow(clippy::blocks_in_if_conditions)]
-    // Users not in the room should not be able to access the state unless history_visibility is
-    // WorldReadable
-    if !services()
+    if services()
        .rooms
-        .state_cache
-        .is_joined(sender_user, &body.room_id)?
-        && !matches!(
-            services()
-                .rooms
-                .state_accessor
-                .room_state_get(&body.room_id, &StateEventType::RoomHistoryVisibility, "")?
-                .map(|event| {
-                    serde_json::from_str(event.content.get())
-                        .map(|e: RoomHistoryVisibilityEventContent| e.history_visibility)
-                        .map_err(|_| {
-                            Error::bad_database(
-                                "Invalid room history visibility event in database.",
-                            )
-                        })
-                }),
-            Some(Ok(HistoryVisibility::WorldReadable))
-        )
+        .state_accessor
+        .user_can_see_state_events(&sender_user, &body.room_id)?
    {
        return Err(Error::BadRequest(
            ErrorKind::Forbidden,
@ -137,29 +114,10 @@ pub async fn get_state_events_for_key_route(
 ) -> Result<get_state_events_for_key::v3::Response> {
    let sender_user = body.sender_user.as_ref().expect("user is authenticated");

-    #[allow(clippy::blocks_in_if_conditions)]
-    // Users not in the room should not be able to access the state unless history_visibility is
-    // WorldReadable
-    if !services()
+    if services()
        .rooms
-        .state_cache
-        .is_joined(sender_user, &body.room_id)?
-        && !matches!(
-            services()
-                .rooms
-                .state_accessor
-                .room_state_get(&body.room_id, &StateEventType::RoomHistoryVisibility, "")?
-                .map(|event| {
-                    serde_json::from_str(event.content.get())
-                        .map(|e: RoomHistoryVisibilityEventContent| e.history_visibility)
-                        .map_err(|_| {
-                            Error::bad_database(
-                                "Invalid room history visibility event in database.",
-                            )
-                        })
-                }),
-            Some(Ok(HistoryVisibility::WorldReadable))
-        )
+        .state_accessor
+        .user_can_see_state_events(&sender_user, &body.room_id)?
    {
        return Err(Error::BadRequest(
            ErrorKind::Forbidden,
@ -192,29 +150,10 @@ pub async fn get_state_events_for_empty_key_route(
 ) -> Result<RumaResponse<get_state_events_for_key::v3::Response>> {
    let sender_user = body.sender_user.as_ref().expect("user is authenticated");

-    #[allow(clippy::blocks_in_if_conditions)]
-    // Users not in the room should not be able to access the state unless history_visibility is
-    // WorldReadable
-    if !services()
+    if services()
        .rooms
-        .state_cache
-        .is_joined(sender_user, &body.room_id)?
-        && !matches!(
-            services()
-                .rooms
-                .state_accessor
-                .room_state_get(&body.room_id, &StateEventType::RoomHistoryVisibility, "")?
-                .map(|event| {
-                    serde_json::from_str(event.content.get())
-                        .map(|e: RoomHistoryVisibilityEventContent| e.history_visibility)
-                        .map_err(|_| {
-                            Error::bad_database(
-                                "Invalid room history visibility event in database.",
-                            )
-                        })
-                }),
-            Some(Ok(HistoryVisibility::WorldReadable))
-        )
+        .state_accessor
+        .user_can_see_state_events(&sender_user, &body.room_id)?
    {
        return Err(Error::BadRequest(
            ErrorKind::Forbidden,
--- a/src/api/server_server.rs
+++ b/src/api/server_server.rs
@ -954,6 +954,17 @@ pub async fn get_event_route(
        ));
    }

+    if !services().rooms.state_accessor.server_can_see_event(
+        sender_servername,
+        &room_id,
+        &body.event_id,
+    )? {
+        return Err(Error::BadRequest(
+            ErrorKind::Forbidden,
+            "Server is not allowed to see event.",
+        ));
+    }
+
    Ok(get_event::v1::Response {
        origin: services().globals.server_name().to_owned(),
        origin_server_ts: MilliSecondsSinceUnixEpoch::now(),
@ -1098,6 +1109,16 @@ pub async fn get_missing_events_route(
                i += 1;
                continue;
            }
+
+            if !services().rooms.state_accessor.server_can_see_event(
+                sender_servername,
+                &body.room_id,
+                &queued_events[i],
+            )? {
+                i += 1;
+                continue;
+            }
+
            queued_events.extend_from_slice(
                &serde_json::from_value::<Vec<OwnedEventId>>(
                    serde_json::to_value(pdu.get("prev_events").cloned().ok_or_else(|| {