split event_handler service

Signed-off-by: Jason Volk <jason@zemos.net>
2024-11-08 07:30:52 +00:00 · 2024-11-08 07:30:52 +00:00 · 1ce3db727f
commit 1ce3db727f
parent 6eba36d788
12 changed files with 1437 additions and 1331 deletions
--- a/src/service/rooms/event_handler/acl_check.rs
+++ b/src/service/rooms/event_handler/acl_check.rs
@ -0,0 +1,35 @@
+use conduit::{debug, implement, trace, warn, Err, Result};
+use ruma::{
+	events::{room::server_acl::RoomServerAclEventContent, StateEventType},
+	RoomId, ServerName,
+};
+
+/// Returns Ok if the acl allows the server
+#[implement(super::Service)]
+#[tracing::instrument(skip_all)]
+pub async fn acl_check(&self, server_name: &ServerName, room_id: &RoomId) -> Result {
+	let Ok(acl_event_content) = self
+		.services
+		.state_accessor
+		.room_state_get_content(room_id, &StateEventType::RoomServerAcl, "")
+		.await
+		.map(|c: RoomServerAclEventContent| c)
+		.inspect(|acl| trace!("ACL content found: {acl:?}"))
+		.inspect_err(|e| trace!("No ACL content found: {e:?}"))
+	else {
+		return Ok(());
+	};
+
+	if acl_event_content.allow.is_empty() {
+		warn!("Ignoring broken ACL event (allow key is empty)");
+		return Ok(());
+	}
+
+	if acl_event_content.is_allowed(server_name) {
+		trace!("server {server_name} is allowed by ACL");
+		Ok(())
+	} else {
+		debug!("Server {server_name} was denied by room ACL in {room_id}");
+		Err!(Request(Forbidden("Server was denied by room ACL")))
+	}
+}