knocking implementation

Signed-off-by: strawberry <strawberry@puppygock.gay> add sync bit of knocking Signed-off-by: strawberry <strawberry@puppygock.gay>
2025-01-11 18:43:54 -05:00 · 2025-01-11 18:43:54 -05:00 · 5a1c41e66b
commit 5a1c41e66b
parent fabd3cf567
14 changed files with 978 additions and 117 deletions
--- a/src/api/server/invite.rs
+++ b/src/api/server/invite.rs
@ -6,8 +6,9 @@ use ruma::{
 	api::{client::error::ErrorKind, federation::membership::create_invite},
 	events::room::member::{MembershipState, RoomMemberEventContent},
 	serde::JsonObject,
-	CanonicalJsonValue, OwnedEventId, OwnedUserId, UserId,
+	CanonicalJsonValue, OwnedUserId, UserId,
 };
+use service::pdu::gen_event_id;

 use crate::Ruma;

@ -86,12 +87,7 @@ pub(crate) async fn create_invite_route(
 		.map_err(|e| err!(Request(InvalidParam("Failed to sign event: {e}"))))?;

 	// Generate event id
-	let event_id = OwnedEventId::parse(format!(
-		"${}",
-		ruma::signatures::reference_hash(&signed_event, &body.room_version)
-			.expect("ruma can calculate reference hashes")
-	))
-	.expect("ruma's reference hashes are valid event ids");
+	let event_id = gen_event_id(&signed_event, &body.room_version)?;

 	// Add event_id back
 	signed_event.insert("event_id".to_owned(), CanonicalJsonValue::String(event_id.to_string()));
@ -115,12 +111,12 @@ pub(crate) async fn create_invite_route(
 	let mut invite_state = body.invite_room_state.clone();

 	let mut event: JsonObject = serde_json::from_str(body.event.get())
-		.map_err(|_| Error::BadRequest(ErrorKind::InvalidParam, "Invalid invite event bytes."))?;
+		.map_err(|e| err!(Request(BadJson("Invalid invite event PDU: {e}"))))?;

 	event.insert("event_id".to_owned(), "$placeholder".into());

 	let pdu: PduEvent = serde_json::from_value(event.into())
-		.map_err(|_| Error::BadRequest(ErrorKind::InvalidParam, "Invalid invite event."))?;
+		.map_err(|e| err!(Request(BadJson("Invalid invite event PDU: {e}"))))?;

 	invite_state.push(pdu.to_stripped_state_event());

--- a/src/api/server/make_knock.rs
+++ b/src/api/server/make_knock.rs
@ -1,5 +1,5 @@
 use axum::extract::State;
-use conduwuit::Err;
+use conduwuit::{debug_warn, Err};
 use ruma::{
 	api::{client::error::ErrorKind, federation::knock::create_knock_event_template},
 	events::room::member::{MembershipState, RoomMemberEventContent},
@ -15,7 +15,8 @@ use crate::{service::pdu::PduBuilder, Error, Result, Ruma};
 ///
 /// Creates a knock template.
 pub(crate) async fn create_knock_event_template_route(
-	State(services): State<crate::State>, body: Ruma<create_knock_event_template::v1::Request>,
+	State(services): State<crate::State>,
+	body: Ruma<create_knock_event_template::v1::Request>,
 ) -> Result<create_knock_event_template::v1::Response> {
 	if !services.rooms.metadata.exists(&body.room_id).await {
 		return Err!(Request(NotFound("Room is unknown to this server.")));
@ -39,8 +40,8 @@ pub(crate) async fn create_knock_event_template_route(
 		.contains(body.origin())
 	{
 		warn!(
-			"Server {} for remote user {} tried knocking room ID {} which has a server name that is globally \
-			 forbidden. Rejecting.",
+			"Server {} for remote user {} tried knocking room ID {} which has a server name \
+			 that is globally forbidden. Rejecting.",
 			body.origin(),
 			&body.user_id,
 			&body.room_id,
@ -63,29 +64,44 @@ pub(crate) async fn create_knock_event_template_route(

 	if matches!(room_version_id, V1 | V2 | V3 | V4 | V5 | V6) {
 		return Err(Error::BadRequest(
-			ErrorKind::IncompatibleRoomVersion {
-				room_version: room_version_id,
-			},
+			ErrorKind::IncompatibleRoomVersion { room_version: room_version_id },
 			"Room version does not support knocking.",
 		));
 	}

 	if !body.ver.contains(&room_version_id) {
 		return Err(Error::BadRequest(
-			ErrorKind::IncompatibleRoomVersion {
-				room_version: room_version_id,
-			},
+			ErrorKind::IncompatibleRoomVersion { room_version: room_version_id },
 			"Your homeserver does not support the features required to knock on this room.",
 		));
 	}

 	let state_lock = services.rooms.state.mutex.lock(&body.room_id).await;

+	if let Ok(membership) = services
+		.rooms
+		.state_accessor
+		.get_member(&body.room_id, &body.user_id)
+		.await
+	{
+		if membership.membership == MembershipState::Ban {
+			debug_warn!(
+				"Remote user {} is banned from {} but attempted to knock",
+				&body.user_id,
+				&body.room_id
+			);
+			return Err!(Request(Forbidden("You cannot knock on a room you are banned from.")));
+		}
+	}
+
 	let (_pdu, mut pdu_json) = services
 		.rooms
 		.timeline
 		.create_hash_and_sign_event(
-			PduBuilder::state(body.user_id.to_string(), &RoomMemberEventContent::new(MembershipState::Knock)),
+			PduBuilder::state(
+				body.user_id.to_string(),
+				&RoomMemberEventContent::new(MembershipState::Knock),
+			),
 			&body.user_id,
 			&body.room_id,
 			&state_lock,
--- a/src/api/server/make_leave.rs
+++ b/src/api/server/make_leave.rs
@ -9,7 +9,7 @@ use serde_json::value::to_raw_value;
 use super::make_join::maybe_strip_event_id;
 use crate::{service::pdu::PduBuilder, Ruma};

-/// # `PUT /_matrix/federation/v1/make_leave/{roomId}/{eventId}`
+/// # `GET /_matrix/federation/v1/make_leave/{roomId}/{eventId}`
 ///
 /// Creates a leave template.
 pub(crate) async fn create_leave_event_template_route(
@ -21,7 +21,9 @@ pub(crate) async fn create_leave_event_template_route(
 	}

 	if body.user_id.server_name() != body.origin() {
-		return Err!(Request(BadJson("Not allowed to leave on behalf of another server/user.")));
+		return Err!(Request(Forbidden(
+			"Not allowed to leave on behalf of another server/user."
+		)));
 	}

 	// ACL check origin
--- a/src/api/server/mod.rs
+++ b/src/api/server/mod.rs
@ -6,6 +6,7 @@ pub(super) mod hierarchy;
 pub(super) mod invite;
 pub(super) mod key;
 pub(super) mod make_join;
+pub(super) mod make_knock;
 pub(super) mod make_leave;
 pub(super) mod media;
 pub(super) mod openid;
@ -13,6 +14,7 @@ pub(super) mod publicrooms;
 pub(super) mod query;
 pub(super) mod send;
 pub(super) mod send_join;
+pub(super) mod send_knock;
 pub(super) mod send_leave;
 pub(super) mod state;
 pub(super) mod state_ids;
@ -28,6 +30,7 @@ pub(super) use hierarchy::*;
 pub(super) use invite::*;
 pub(super) use key::*;
 pub(super) use make_join::*;
+pub(super) use make_knock::*;
 pub(super) use make_leave::*;
 pub(super) use media::*;
 pub(super) use openid::*;
@ -35,6 +38,7 @@ pub(super) use publicrooms::*;
 pub(super) use query::*;
 pub(super) use send::*;
 pub(super) use send_join::*;
+pub(super) use send_knock::*;
 pub(super) use send_leave::*;
 pub(super) use state::*;
 pub(super) use state_ids::*;
--- a/src/api/server/send_join.rs
+++ b/src/api/server/send_join.rs
@ -186,14 +186,13 @@ async fn create_join_event(
 		.map_err(|e| err!(Request(InvalidParam(warn!("Failed to sign send_join event: {e}")))))?;

 	let origin: OwnedServerName = serde_json::from_value(
-		serde_json::to_value(
-			value
-				.get("origin")
-				.ok_or_else(|| err!(Request(BadJson("Event missing origin property."))))?,
-		)
-		.expect("CanonicalJson is valid json value"),
+		value
+			.get("origin")
+			.ok_or_else(|| err!(Request(BadJson("Event does not have an origin server name."))))?
+			.clone()
+			.into(),
 	)
-	.map_err(|e| err!(Request(BadJson(warn!("origin field is not a valid server name: {e}")))))?;
+	.map_err(|e| err!(Request(BadJson("Event has an invalid origin server name: {e}"))))?;

 	let mutex_lock = services
 		.rooms
--- a/src/api/server/send_knock.rs
+++ b/src/api/server/send_knock.rs
@ -1,7 +1,8 @@
 use axum::extract::State;
-use conduwuit::{err, pdu::gen_event_id_canonical_json, warn, Err, Error, PduEvent, Result};
+use conduwuit::{err, pdu::gen_event_id_canonical_json, warn, Err, PduEvent, Result};
+use futures::FutureExt;
 use ruma::{
-	api::{client::error::ErrorKind, federation::knock::send_knock},
+	api::federation::knock::send_knock,
 	events::{
 		room::member::{MembershipState, RoomMemberEventContent},
 		StateEventType,
@ -17,7 +18,8 @@ use crate::Ruma;
 ///
 /// Submits a signed knock event.
 pub(crate) async fn create_knock_event_v1_route(
-	State(services): State<crate::State>, body: Ruma<send_knock::v1::Request>,
+	State(services): State<crate::State>,
+	body: Ruma<send_knock::v1::Request>,
 ) -> Result<send_knock::v1::Response> {
 	if services
 		.globals
@ -26,7 +28,8 @@ pub(crate) async fn create_knock_event_v1_route(
 		.contains(body.origin())
 	{
 		warn!(
-			"Server {} tried knocking room ID {} who has a server name that is globally forbidden. Rejecting.",
+			"Server {} tried knocking room ID {} who has a server name that is globally \
+			 forbidden. Rejecting.",
 			body.origin(),
 			&body.room_id,
 		);
@ -41,7 +44,8 @@ pub(crate) async fn create_knock_event_v1_route(
 			.contains(&server.to_owned())
 		{
 			warn!(
-				"Server {} tried knocking room ID {} which has a server name that is globally forbidden. Rejecting.",
+				"Server {} tried knocking room ID {} which has a server name that is globally \
+				 forbidden. Rejecting.",
 				body.origin(),
 				&body.room_id,
 			);
@ -50,7 +54,7 @@ pub(crate) async fn create_knock_event_v1_route(
 	}

 	if !services.rooms.metadata.exists(&body.room_id).await {
-		return Err(Error::BadRequest(ErrorKind::NotFound, "Room is unknown to this server."));
+		return Err!(Request(NotFound("Room is unknown to this server.")));
 	}

 	// ACL check origin server
@ -74,44 +78,42 @@ pub(crate) async fn create_knock_event_v1_route(
 	let event_type: StateEventType = serde_json::from_value(
 		value
 			.get("type")
-			.ok_or_else(|| Error::BadRequest(ErrorKind::InvalidParam, "Event missing type property."))?
+			.ok_or_else(|| err!(Request(InvalidParam("Event has no event type."))))?
 			.clone()
 			.into(),
 	)
-	.map_err(|_| Error::BadRequest(ErrorKind::InvalidParam, "Event has invalid event type."))?;
+	.map_err(|e| err!(Request(InvalidParam("Event has invalid event type: {e}"))))?;

 	if event_type != StateEventType::RoomMember {
-		return Err(Error::BadRequest(
-			ErrorKind::InvalidParam,
+		return Err!(Request(InvalidParam(
 			"Not allowed to send non-membership state event to knock endpoint.",
-		));
+		)));
 	}

 	let content: RoomMemberEventContent = serde_json::from_value(
 		value
 			.get("content")
-			.ok_or_else(|| Error::BadRequest(ErrorKind::InvalidParam, "Event missing content property"))?
+			.ok_or_else(|| err!(Request(InvalidParam("Membership event has no content"))))?
 			.clone()
 			.into(),
 	)
-	.map_err(|_| Error::BadRequest(ErrorKind::InvalidParam, "Event content is empty or invalid"))?;
+	.map_err(|e| err!(Request(InvalidParam("Event has invalid membership content: {e}"))))?;

 	if content.membership != MembershipState::Knock {
-		return Err(Error::BadRequest(
-			ErrorKind::InvalidParam,
-			"Not allowed to send a non-knock membership event to knock endpoint.",
-		));
+		return Err!(Request(InvalidParam(
+			"Not allowed to send a non-knock membership event to knock endpoint."
+		)));
 	}

 	// ACL check sender server name
 	let sender: OwnedUserId = serde_json::from_value(
 		value
 			.get("sender")
-			.ok_or_else(|| Error::BadRequest(ErrorKind::InvalidParam, "Event missing sender property."))?
+			.ok_or_else(|| err!(Request(InvalidParam("Event has no sender user ID."))))?
 			.clone()
 			.into(),
 	)
-	.map_err(|_| Error::BadRequest(ErrorKind::BadJson, "sender is not a valid user ID."))?;
+	.map_err(|e| err!(Request(BadJson("Event sender is not a valid user ID: {e}"))))?;

 	services
 		.rooms
@ -127,36 +129,32 @@ pub(crate) async fn create_knock_event_v1_route(
 	let state_key: OwnedUserId = serde_json::from_value(
 		value
 			.get("state_key")
-			.ok_or_else(|| Error::BadRequest(ErrorKind::InvalidParam, "Event missing state_key property."))?
+			.ok_or_else(|| err!(Request(InvalidParam("Event does not have a state_key"))))?
 			.clone()
 			.into(),
 	)
-	.map_err(|_| Error::BadRequest(ErrorKind::BadJson, "state_key is invalid or not a user ID."))?;
+	.map_err(|e| err!(Request(BadJson("Event does not have a valid state_key: {e}"))))?;

 	if state_key != sender {
-		return Err(Error::BadRequest(
-			ErrorKind::InvalidParam,
-			"State key does not match sender user",
-		));
+		return Err!(Request(InvalidParam("state_key does not match sender user of event.")));
 	};

 	let origin: OwnedServerName = serde_json::from_value(
-		serde_json::to_value(
-			value
-				.get("origin")
-				.ok_or_else(|| Error::BadRequest(ErrorKind::InvalidParam, "Event missing origin property."))?,
-		)
-		.expect("CanonicalJson is valid json value"),
+		value
+			.get("origin")
+			.ok_or_else(|| err!(Request(BadJson("Event does not have an origin server name."))))?
+			.clone()
+			.into(),
 	)
-	.map_err(|_| Error::BadRequest(ErrorKind::InvalidParam, "origin is not a server name."))?;
+	.map_err(|e| err!(Request(BadJson("Event has an invalid origin server name: {e}"))))?;

 	let mut event: JsonObject = serde_json::from_str(body.pdu.get())
-		.map_err(|_| Error::BadRequest(ErrorKind::InvalidParam, "Invalid knock event PDU."))?;
+		.map_err(|e| err!(Request(InvalidParam("Invalid knock event PDU: {e}"))))?;

 	event.insert("event_id".to_owned(), "$placeholder".into());

 	let pdu: PduEvent = serde_json::from_value(event.into())
-		.map_err(|_| Error::BadRequest(ErrorKind::InvalidParam, "Invalid knock event PDU."))?;
+		.map_err(|e| err!(Request(InvalidParam("Invalid knock event PDU: {e}"))))?;

 	let mutex_lock = services
 		.rooms
@ -169,19 +167,18 @@ pub(crate) async fn create_knock_event_v1_route(
 		.rooms
 		.event_handler
 		.handle_incoming_pdu(&origin, &body.room_id, &event_id, value.clone(), true)
+		.boxed()
 		.await?
 		.ok_or_else(|| err!(Request(InvalidParam("Could not accept as timeline event."))))?;

 	drop(mutex_lock);

-	let knock_room_state = services.rooms.state.summary_stripped(&pdu).await;
-
 	services
 		.sending
 		.send_pdu_room(&body.room_id, &pdu_id)
 		.await?;

-	Ok(send_knock::v1::Response {
-		knock_room_state,
-	})
+	let knock_room_state = services.rooms.state.summary_stripped(&pdu).await;
+
+	Ok(send_knock::v1::Response { knock_room_state })
 }
--- a/src/api/server/utils.rs
+++ b/src/api/server/utils.rs
@ -1,6 +1,6 @@
 use conduwuit::{implement, is_false, Err, Result};
 use conduwuit_service::Services;
-use futures::{future::OptionFuture, join, FutureExt};
+use futures::{future::OptionFuture, join, FutureExt, StreamExt};
 use ruma::{EventId, RoomId, ServerName};

 pub(super) struct AccessCheck<'a> {
@ -31,6 +31,15 @@ pub(super) async fn check(&self) -> Result {
 		.state_cache
 		.server_in_room(self.origin, self.room_id);

+	// if any user on our homeserver is trying to knock this room, we'll need to
+	// acknowledge bans or leaves
+	let user_is_knocking = self
+		.services
+		.rooms
+		.state_cache
+		.room_members_knocked(self.room_id)
+		.count();
+
 	let server_can_see: OptionFuture<_> = self
 		.event_id
 		.map(|event_id| {
@ -42,14 +51,14 @@ pub(super) async fn check(&self) -> Result {
 		})
 		.into();

-	let (world_readable, server_in_room, server_can_see, acl_check) =
-		join!(world_readable, server_in_room, server_can_see, acl_check);
+	let (world_readable, server_in_room, server_can_see, acl_check, user_is_knocking) =
+		join!(world_readable, server_in_room, server_can_see, acl_check, user_is_knocking);

 	if !acl_check {
 		return Err!(Request(Forbidden("Server access denied.")));
 	}

-	if !world_readable && !server_in_room {
+	if !world_readable && !server_in_room && user_is_knocking == 0 {
 		return Err!(Request(Forbidden("Server is not in room.")));
 	}