feat(appservice): ensure users/aliases outside of namespaces are not accessed
Signed-off-by: strawberry <strawberry@puppygock.gay>
This commit is contained in:
Matthias Ahouansou
June
parent
b303a774d8
commit
19e4befcb8
7 changed files with 154 additions and 61 deletions
|
|
@ -5,7 +5,10 @@ use std::collections::BTreeMap;
|
|||
pub(crate) use data::Data;
|
||||
use futures_util::Future;
|
||||
use regex::RegexSet;
|
||||
use ruma::api::appservice::{Namespace, Registration};
|
||||
use ruma::{
|
||||
api::appservice::{Namespace, Registration},
|
||||
RoomAliasId, RoomId, UserId,
|
||||
};
|
||||
use tokio::sync::RwLock;
|
||||
|
||||
use crate::{services, Result};
|
||||
|
|
@ -43,6 +46,16 @@ impl NamespaceRegex {
|
|||
}
|
||||
}
|
||||
|
||||
impl RegistrationInfo {
|
||||
pub fn is_user_match(&self, user_id: &UserId) -> bool {
|
||||
self.users.is_match(user_id.as_str()) || self.registration.sender_localpart == user_id.localpart()
|
||||
}
|
||||
|
||||
pub fn is_exclusive_user_match(&self, user_id: &UserId) -> bool {
|
||||
self.users.is_exclusive_match(user_id.as_str()) || self.registration.sender_localpart == user_id.localpart()
|
||||
}
|
||||
}
|
||||
|
||||
impl TryFrom<Vec<Namespace>> for NamespaceRegex {
|
||||
type Error = regex::Error;
|
||||
|
||||
|
|
@ -122,6 +135,7 @@ impl Service {
|
|||
|
||||
/// Registers an appservice and returns the ID to the caller
|
||||
pub async fn register_appservice(&self, yaml: Registration) -> Result<String> {
|
||||
//TODO: Check for collisions between exclusive appservice namespaces
|
||||
services()
|
||||
.appservice
|
||||
.registration_info
|
||||
|
|
@ -175,6 +189,30 @@ impl Service {
|
|||
.cloned()
|
||||
}
|
||||
|
||||
/// Checks if a given user id matches any exclusive appservice regex
|
||||
pub async fn is_exclusive_user_id(&self, user_id: &UserId) -> bool {
|
||||
self.read()
|
||||
.await
|
||||
.values()
|
||||
.any(|info| info.is_exclusive_user_match(user_id))
|
||||
}
|
||||
|
||||
/// Checks if a given room alias matches any exclusive appservice regex
|
||||
pub async fn is_exclusive_alias(&self, alias: &RoomAliasId) -> bool {
|
||||
self.read()
|
||||
.await
|
||||
.values()
|
||||
.any(|info| info.aliases.is_exclusive_match(alias.as_str()))
|
||||
}
|
||||
|
||||
/// Checks if a given room id matches any exclusive appservice regex
|
||||
pub async fn is_exclusive_room_id(&self, room_id: &RoomId) -> bool {
|
||||
self.read()
|
||||
.await
|
||||
.values()
|
||||
.any(|info| info.rooms.is_exclusive_match(room_id.as_str()))
|
||||
}
|
||||
|
||||
pub fn read(&self) -> impl Future<Output = tokio::sync::RwLockReadGuard<'_, BTreeMap<String, RegistrationInfo>>> {
|
||||
self.registration_info.read()
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue