forbid admin room from being made public

Signed-off-by: strawberry <strawberry@puppygock.gay>

Cargo.toml

@@ -508,6 +508,8 @@ used_underscore_binding = "warn"
 needless_pass_by_value = "warn"
 too_many_lines = "warn"
 let_underscore_untyped = "warn"
+single_match = "warn"
+single_match_else = "warn"
 
 # some sadness
 missing_errors_doc = "allow"

src/api/client_server/state.rs

@@ -5,15 +5,24 @@ use ruma::{
 		error::ErrorKind,
 		state::{get_state_events, get_state_events_for_key, send_state_event},
 	},
-	events::{room::canonical_alias::RoomCanonicalAliasEventContent, AnyStateEventContent, StateEventType},
+	events::{
+		room::{
+			canonical_alias::RoomCanonicalAliasEventContent,
+			join_rules::{JoinRule, RoomJoinRulesEventContent},
+		},
+		AnyStateEventContent, StateEventType,
+	},
 	serde::Raw,
 	EventId, RoomId, UserId,
 };
 use tracing::{error, log::warn};
 
-use crate::{service::pdu::PduBuilder, services, Error, Result, Ruma, RumaResponse};
+use crate::{
+	service::{self, pdu::PduBuilder},
+	services, Error, Result, Ruma, RumaResponse,
+};
 
-/// # `PUT /_matrix/client/r0/rooms/{roomId}/state/{eventType}/{stateKey}`
+/// # `PUT /_matrix/client/*/rooms/{roomId}/state/{eventType}/{stateKey}`
 ///
 /// Sends a state event into the room.
 ///
@@ -26,6 +35,21 @@ pub async fn send_state_event_for_key_route(
 ) -> Result<send_state_event::v3::Response> {
 	let sender_user = body.sender_user.as_ref().expect("user is authenticated");
 
+	if body.event_type == StateEventType::RoomJoinRules {
+		if let Some(admin_room_id) = service::admin::Service::get_admin_room()? {
+			if admin_room_id == body.room_id {
+				if let Ok(join_rule) = serde_json::from_str::<RoomJoinRulesEventContent>(body.body.body.json().get()) {
+					if join_rule.join_rule == JoinRule::Public {
+						return Err(Error::BadRequest(
+							ErrorKind::Forbidden,
+							"Admin room is not allowed to be public.",
+						));
+					}
+				}
+			}
+		}
+	}
+
 	let event_id = send_state_event_for_key_helper(
 		sender_user,
 		&body.room_id,
@@ -41,7 +65,7 @@ pub async fn send_state_event_for_key_route(
 	})
 }
 
-/// # `PUT /_matrix/client/r0/rooms/{roomId}/state/{eventType}`
+/// # `PUT /_matrix/client/*/rooms/{roomId}/state/{eventType}`
 ///
 /// Sends a state event into the room.
 ///
@@ -59,6 +83,21 @@ pub async fn send_state_event_for_empty_key_route(
 		return Err(Error::BadRequest(ErrorKind::Forbidden, "Encryption has been disabled"));
 	}
 
+	if body.event_type == StateEventType::RoomJoinRules {
+		if let Some(admin_room_id) = service::admin::Service::get_admin_room()? {
+			if admin_room_id == body.room_id {
+				if let Ok(join_rule) = serde_json::from_str::<RoomJoinRulesEventContent>(body.body.body.json().get()) {
+					if join_rule.join_rule == JoinRule::Public {
+						return Err(Error::BadRequest(
+							ErrorKind::Forbidden,
+							"Admin room is not allowed to be public.",
+						));
+					}
+				}
+			}
+		}
+	}
+
 	let event_id = send_state_event_for_key_helper(
 		sender_user,
 		&body.room_id,
@@ -247,7 +286,7 @@ async fn send_state_event_for_key_helper(
 			{
 				return Err(Error::BadRequest(
 					ErrorKind::Forbidden,
-					"You are only allowed to send canonical_alias events when it's aliases already exists",
+					"You are only allowed to send canonical_alias events when its aliases already exist",
 				));
 			}
 		}