magmaus3/continuwuity
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

bump ruwuma, implement MSC4076, add more pusher HTTP URL validation

Browse source 
Signed-off-by: strawberry <strawberry@puppygock.gay>
This commit is contained in:
strawberry 2024-12-15 14:05:28 -05:00
parent c8349988aa
commit 9c6908b8c1
No known key found for this signature in database
3 changed files with 83 additions and 18 deletions
Download patch file Download diff file Expand all files Collapse all files

26
Cargo.lock generated
View file

@ -3162,7 +3162,7 @@ dependencies = [
[[package]] [[package]]
name = "ruma" name = "ruma"
version = "0.10.1" version = "0.10.1"
source = "git+https://github.com/girlbossceo/ruwuma?rev=08f58cd3236fdf175913b2bcaf8865359696d94d#08f58cd3236fdf175913b2bcaf8865359696d94d" source = "git+https://github.com/girlbossceo/ruwuma?rev=5a826d31a32b6473671a5b9f813ad2e4b47676b4#5a826d31a32b6473671a5b9f813ad2e4b47676b4"
dependencies = [ dependencies = [
"assign", "assign",
"js_int", "js_int",
@ -3184,7 +3184,7 @@ dependencies = [
[[package]] [[package]]
name = "ruma-appservice-api" name = "ruma-appservice-api"
version = "0.10.0" version = "0.10.0"
source = "git+https://github.com/girlbossceo/ruwuma?rev=08f58cd3236fdf175913b2bcaf8865359696d94d#08f58cd3236fdf175913b2bcaf8865359696d94d" source = "git+https://github.com/girlbossceo/ruwuma?rev=5a826d31a32b6473671a5b9f813ad2e4b47676b4#5a826d31a32b6473671a5b9f813ad2e4b47676b4"
dependencies = [ dependencies = [
"js_int", "js_int",
"ruma-common", "ruma-common",
@ -3196,7 +3196,7 @@ dependencies = [
[[package]] [[package]]
name = "ruma-client-api" name = "ruma-client-api"
version = "0.18.0" version = "0.18.0"
source = "git+https://github.com/girlbossceo/ruwuma?rev=08f58cd3236fdf175913b2bcaf8865359696d94d#08f58cd3236fdf175913b2bcaf8865359696d94d" source = "git+https://github.com/girlbossceo/ruwuma?rev=5a826d31a32b6473671a5b9f813ad2e4b47676b4#5a826d31a32b6473671a5b9f813ad2e4b47676b4"
dependencies = [ dependencies = [
"as_variant", "as_variant",
"assign", "assign",
@ -3219,7 +3219,7 @@ dependencies = [
[[package]] [[package]]
name = "ruma-common" name = "ruma-common"
version = "0.13.0" version = "0.13.0"
source = "git+https://github.com/girlbossceo/ruwuma?rev=08f58cd3236fdf175913b2bcaf8865359696d94d#08f58cd3236fdf175913b2bcaf8865359696d94d" source = "git+https://github.com/girlbossceo/ruwuma?rev=5a826d31a32b6473671a5b9f813ad2e4b47676b4#5a826d31a32b6473671a5b9f813ad2e4b47676b4"
dependencies = [ dependencies = [
"as_variant", "as_variant",
"base64 0.22.1", "base64 0.22.1",
@ -3249,7 +3249,7 @@ dependencies = [
[[package]] [[package]]
name = "ruma-events" name = "ruma-events"
version = "0.28.1" version = "0.28.1"
source = "git+https://github.com/girlbossceo/ruwuma?rev=08f58cd3236fdf175913b2bcaf8865359696d94d#08f58cd3236fdf175913b2bcaf8865359696d94d" source = "git+https://github.com/girlbossceo/ruwuma?rev=5a826d31a32b6473671a5b9f813ad2e4b47676b4#5a826d31a32b6473671a5b9f813ad2e4b47676b4"
dependencies = [ dependencies = [
"as_variant", "as_variant",
"indexmap 2.7.0", "indexmap 2.7.0",
@ -3273,7 +3273,7 @@ dependencies = [
[[package]] [[package]]
name = "ruma-federation-api" name = "ruma-federation-api"
version = "0.9.0" version = "0.9.0"
source = "git+https://github.com/girlbossceo/ruwuma?rev=08f58cd3236fdf175913b2bcaf8865359696d94d#08f58cd3236fdf175913b2bcaf8865359696d94d" source = "git+https://github.com/girlbossceo/ruwuma?rev=5a826d31a32b6473671a5b9f813ad2e4b47676b4#5a826d31a32b6473671a5b9f813ad2e4b47676b4"
dependencies = [ dependencies = [
"bytes", "bytes",
"http", "http",
@ -3291,7 +3291,7 @@ dependencies = [
[[package]] [[package]]
name = "ruma-identifiers-validation" name = "ruma-identifiers-validation"
version = "0.9.5" version = "0.9.5"
source = "git+https://github.com/girlbossceo/ruwuma?rev=08f58cd3236fdf175913b2bcaf8865359696d94d#08f58cd3236fdf175913b2bcaf8865359696d94d" source = "git+https://github.com/girlbossceo/ruwuma?rev=5a826d31a32b6473671a5b9f813ad2e4b47676b4#5a826d31a32b6473671a5b9f813ad2e4b47676b4"
dependencies = [ dependencies = [
"js_int", "js_int",
"thiserror 2.0.7", "thiserror 2.0.7",
@ -3300,7 +3300,7 @@ dependencies = [
[[package]] [[package]]
name = "ruma-identity-service-api" name = "ruma-identity-service-api"
version = "0.9.0" version = "0.9.0"
source = "git+https://github.com/girlbossceo/ruwuma?rev=08f58cd3236fdf175913b2bcaf8865359696d94d#08f58cd3236fdf175913b2bcaf8865359696d94d" source = "git+https://github.com/girlbossceo/ruwuma?rev=5a826d31a32b6473671a5b9f813ad2e4b47676b4#5a826d31a32b6473671a5b9f813ad2e4b47676b4"
dependencies = [ dependencies = [
"js_int", "js_int",
"ruma-common", "ruma-common",
@ -3310,7 +3310,7 @@ dependencies = [
[[package]] [[package]]
name = "ruma-macros" name = "ruma-macros"
version = "0.13.0" version = "0.13.0"
source = "git+https://github.com/girlbossceo/ruwuma?rev=08f58cd3236fdf175913b2bcaf8865359696d94d#08f58cd3236fdf175913b2bcaf8865359696d94d" source = "git+https://github.com/girlbossceo/ruwuma?rev=5a826d31a32b6473671a5b9f813ad2e4b47676b4#5a826d31a32b6473671a5b9f813ad2e4b47676b4"
dependencies = [ dependencies = [
"cfg-if", "cfg-if",
"proc-macro-crate", "proc-macro-crate",
@ -3325,7 +3325,7 @@ dependencies = [
[[package]] [[package]]
name = "ruma-push-gateway-api" name = "ruma-push-gateway-api"
version = "0.9.0" version = "0.9.0"
source = "git+https://github.com/girlbossceo/ruwuma?rev=08f58cd3236fdf175913b2bcaf8865359696d94d#08f58cd3236fdf175913b2bcaf8865359696d94d" source = "git+https://github.com/girlbossceo/ruwuma?rev=5a826d31a32b6473671a5b9f813ad2e4b47676b4#5a826d31a32b6473671a5b9f813ad2e4b47676b4"
dependencies = [ dependencies = [
"js_int", "js_int",
"ruma-common", "ruma-common",
@ -3337,7 +3337,7 @@ dependencies = [
[[package]] [[package]]
name = "ruma-server-util" name = "ruma-server-util"
version = "0.3.0" version = "0.3.0"
source = "git+https://github.com/girlbossceo/ruwuma?rev=08f58cd3236fdf175913b2bcaf8865359696d94d#08f58cd3236fdf175913b2bcaf8865359696d94d" source = "git+https://github.com/girlbossceo/ruwuma?rev=5a826d31a32b6473671a5b9f813ad2e4b47676b4#5a826d31a32b6473671a5b9f813ad2e4b47676b4"
dependencies = [ dependencies = [
"headers", "headers",
"http", "http",
@ -3350,7 +3350,7 @@ dependencies = [
[[package]] [[package]]
name = "ruma-signatures" name = "ruma-signatures"
version = "0.15.0" version = "0.15.0"
source = "git+https://github.com/girlbossceo/ruwuma?rev=08f58cd3236fdf175913b2bcaf8865359696d94d#08f58cd3236fdf175913b2bcaf8865359696d94d" source = "git+https://github.com/girlbossceo/ruwuma?rev=5a826d31a32b6473671a5b9f813ad2e4b47676b4#5a826d31a32b6473671a5b9f813ad2e4b47676b4"
dependencies = [ dependencies = [
"base64 0.22.1", "base64 0.22.1",
"ed25519-dalek", "ed25519-dalek",
@ -3366,7 +3366,7 @@ dependencies = [
[[package]] [[package]]
name = "ruma-state-res" name = "ruma-state-res"
version = "0.11.0" version = "0.11.0"
source = "git+https://github.com/girlbossceo/ruwuma?rev=08f58cd3236fdf175913b2bcaf8865359696d94d#08f58cd3236fdf175913b2bcaf8865359696d94d" source = "git+https://github.com/girlbossceo/ruwuma?rev=5a826d31a32b6473671a5b9f813ad2e4b47676b4#5a826d31a32b6473671a5b9f813ad2e4b47676b4"
dependencies = [ dependencies = [
"futures-util", "futures-util",
"js_int", "js_int",

2
Cargo.toml
View file

@ -334,7 +334,7 @@ version = "0.1.2"
[workspace.dependencies.ruma] [workspace.dependencies.ruma]
git = "https://github.com/girlbossceo/ruwuma" git = "https://github.com/girlbossceo/ruwuma"
#branch = "conduwuit-changes" #branch = "conduwuit-changes"
rev = "08f58cd3236fdf175913b2bcaf8865359696d94d" rev = "5a826d31a32b6473671a5b9f813ad2e4b47676b4"
features = [ features = [
"compat", "compat",
"rand", "rand",

73
src/service/pusher/mod.rs
View file

@ -92,6 +92,36 @@ impl Service {
))); )));
} }
// add some validation to the pusher URL
let pusher_kind = &data.pusher.kind;
if let PusherKind::Http(http) = pusher_kind {
let url = &http.url;
let url = url::Url::parse(&http.url).map_err(|e| {
err!(Request(InvalidParam(
warn!(%url, "HTTP pusher URL is not a valid URL: {e}")
)))
})?;
if ["http", "https"]
.iter()
.all(|&scheme| scheme != url.scheme().to_lowercase())
{
return Err!(Request(InvalidParam(
warn!(%url, "HTTP pusher URL is not a valid HTTP/HTTPS URL")
)));
}
if let Ok(ip) =
IPAddress::parse(url.host_str().expect("URL previously validated"))
{
if !self.services.client.valid_cidr_range(&ip) {
return Err!(Request(InvalidParam(
warn!(%url, "HTTP pusher URL is a forbidden remote address")
)));
}
}
}
let key = (sender, data.pusher.ids.pushkey.as_str()); let key = (sender, data.pusher.ids.pushkey.as_str());
self.db.senderkey_pusher.put(key, Json(pusher)); self.db.senderkey_pusher.put(key, Json(pusher));
}, },
@ -330,16 +360,42 @@ impl Service {
pusher: &Pusher, pusher: &Pusher,
tweaks: Vec<Tweak>, tweaks: Vec<Tweak>,
event: &PduEvent, event: &PduEvent,
) -> Result<()> { ) -> Result {
// TODO: email // TODO: email
match &pusher.kind { match &pusher.kind {
| PusherKind::Http(http) => { | PusherKind::Http(http) => {
let url = &http.url;
let url = url::Url::parse(&http.url).map_err(|e| {
err!(Request(InvalidParam(
warn!(%url, "HTTP pusher URL is not a valid URL: {e}")
)))
})?;
if ["http", "https"]
.iter()
.all(|&scheme| scheme != url.scheme().to_lowercase())
{
return Err!(Request(InvalidParam(
warn!(%url, "HTTP pusher URL is not a valid HTTP/HTTPS URL")
)));
}
if let Ok(ip) =
IPAddress::parse(url.host_str().expect("URL previously validated"))
{
if !self.services.client.valid_cidr_range(&ip) {
return Err!(Request(InvalidParam(
warn!(%url, "HTTP pusher URL is a forbidden remote address")
)));
}
}
// TODO (timo): can pusher/devices have conflicting formats // TODO (timo): can pusher/devices have conflicting formats
let event_id_only = http.format == Some(PushFormat::EventIdOnly); let event_id_only = http.format == Some(PushFormat::EventIdOnly);
let mut device = let mut device =
Device::new(pusher.ids.app_id.clone(), pusher.ids.pushkey.clone()); Device::new(pusher.ids.app_id.clone(), pusher.ids.pushkey.clone());
device.data.default_payload = http.default_payload.clone(); device.data.data.clone_from(&http.data);
device.data.format.clone_from(&http.format); device.data.format.clone_from(&http.format);
// Tweaks are only added if the format is NOT event_id_only // Tweaks are only added if the format is NOT event_id_only
@ -352,8 +408,17 @@ impl Service {
notifi.event_id = Some((*event.event_id).to_owned()); notifi.event_id = Some((*event.event_id).to_owned());
notifi.room_id = Some((*event.room_id).to_owned()); notifi.room_id = Some((*event.room_id).to_owned());
// TODO: missed calls if http
notifi.counts = NotificationCounts::new(unread, uint!(0)); .data
.get("org.matrix.msc4076.disable_badge_count")
.is_none() && http.data.get("disable_badge_count").is_none()
{
notifi.counts = NotificationCounts::new(unread, uint!(0));
} else {
// counts will not be serialised if it's the default (0, 0)
// skip_serializing_if = "NotificationCounts::is_default"
notifi.counts = NotificationCounts::default();
}
if event_id_only { if event_id_only {
self.send_request( self.send_request(