magmaus3/continuwuity
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat(appservice): ensure users/aliases outside of namespaces are not accessed

Browse source 
Signed-off-by: strawberry <strawberry@puppygock.gay>
This commit is contained in:
Matthias Ahouansou 2024-04-16 22:39:49 -04:00 committed by June
parent b303a774d8
commit 19e4befcb8
7 changed files with 154 additions and 61 deletions
Download patch file Download diff file Expand all files Collapse all files

15
src/api/client_server/room.rs
View file

@ -50,7 +50,10 @@ pub async fn create_room_route(body: Ruma<create_room::v3::Request>) -> Result<c
let sender_user = body.sender_user.as_ref().expect("user is authenticated");
if !services().globals.allow_room_creation() && !&body.from_appservice && !services().users.is_admin(sender_user)? {
if !services().globals.allow_room_creation()
&& body.appservice_info.is_none()
&& !services().users.is_admin(sender_user)?
{
return Err(Error::BadRequest(ErrorKind::forbidden(), "Room creation has been disabled."));
}
@ -184,6 +187,16 @@ pub async fn create_room_route(body: Ruma<create_room::v3::Request>) -> Result<c
}
})?;
if let Some(ref alias) = alias {
if let Some(ref info) = body.appservice_info {
if !info.aliases.is_match(alias.as_str()) {
return Err(Error::BadRequest(ErrorKind::Exclusive, "Room alias is not in namespace."));
}
} else if services().appservice.is_exclusive_alias(alias).await {
return Err(Error::BadRequest(ErrorKind::Exclusive, "Room alias reserved by appservice."));
}
}
let room_version = match body.room_version.clone() {
Some(room_version) => {
if services()