add server-side command escape w/ public echo for admins
Signed-off-by: Jason Volk <jason@zemos.net>
This commit is contained in:
Jason Volk
parent
571ab6ac2b
commit
d4775f0763
5 changed files with 134 additions and 55 deletions
|
|
@ -8,7 +8,10 @@ use conduit::{Error, Result};
|
|||
pub use create::create_admin_room;
|
||||
pub use grant::make_user_admin;
|
||||
use ruma::{
|
||||
events::{room::message::RoomMessageEventContent, TimelineEventType},
|
||||
events::{
|
||||
room::message::{Relation, RoomMessageEventContent},
|
||||
TimelineEventType,
|
||||
},
|
||||
EventId, OwnedRoomId, RoomId, UserId,
|
||||
};
|
||||
use serde_json::value::to_raw_value;
|
||||
|
|
@ -18,7 +21,7 @@ use tokio::{
|
|||
};
|
||||
use tracing::error;
|
||||
|
||||
use crate::{pdu::PduBuilder, services};
|
||||
use crate::{pdu::PduBuilder, services, PduEvent};
|
||||
|
||||
pub type HandlerResult = Pin<Box<dyn Future<Output = Result<AdminEvent, Error>> + Send>>;
|
||||
pub type Handler = fn(AdminEvent) -> HandlerResult;
|
||||
|
|
@ -156,11 +159,11 @@ impl Service {
|
|||
|
||||
/// Checks whether a given user is an admin of this server
|
||||
pub async fn user_is_admin(&self, user_id: &UserId) -> Result<bool> {
|
||||
let Ok(Some(admin_room)) = Self::get_admin_room() else {
|
||||
return Ok(false);
|
||||
};
|
||||
|
||||
services().rooms.state_cache.is_joined(user_id, &admin_room)
|
||||
if let Ok(Some(admin_room)) = Self::get_admin_room() {
|
||||
services().rooms.state_cache.is_joined(user_id, &admin_room)
|
||||
} else {
|
||||
Ok(false)
|
||||
}
|
||||
}
|
||||
|
||||
/// Gets the room ID of the admin room
|
||||
|
|
@ -168,25 +171,52 @@ impl Service {
|
|||
/// Errors are propagated from the database, and will have None if there is
|
||||
/// no admin room
|
||||
pub fn get_admin_room() -> Result<Option<OwnedRoomId>> {
|
||||
services()
|
||||
if let Some(room_id) = services()
|
||||
.rooms
|
||||
.alias
|
||||
.resolve_local_alias(&services().globals.admin_alias)
|
||||
.resolve_local_alias(&services().globals.admin_alias)?
|
||||
{
|
||||
if services()
|
||||
.rooms
|
||||
.state_cache
|
||||
.is_joined(&services().globals.server_user, &room_id)?
|
||||
{
|
||||
return Ok(Some(room_id));
|
||||
}
|
||||
}
|
||||
|
||||
Ok(None)
|
||||
}
|
||||
}
|
||||
|
||||
async fn handle_response(content: Option<RoomMessageEventContent>) {
|
||||
if let Some(content) = content {
|
||||
if let Err(e) = respond_to_room(content).await {
|
||||
error!("{e}");
|
||||
if let Some(content) = content.as_ref() {
|
||||
if let Some(Relation::Reply {
|
||||
in_reply_to,
|
||||
}) = content.relates_to.as_ref()
|
||||
{
|
||||
if let Ok(Some(pdu)) = services().rooms.timeline.get_pdu(&in_reply_to.event_id) {
|
||||
let response_sender = if is_admin_room(&pdu.room_id) {
|
||||
&services().globals.server_user
|
||||
} else {
|
||||
&pdu.sender
|
||||
};
|
||||
|
||||
respond_to_room(content, &pdu.room_id, response_sender).await;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
async fn respond_to_room(output_content: RoomMessageEventContent) -> Result<()> {
|
||||
let Ok(Some(admin_room)) = Service::get_admin_room() else {
|
||||
return Ok(());
|
||||
};
|
||||
async fn respond_to_room(content: &RoomMessageEventContent, room_id: &RoomId, user_id: &UserId) {
|
||||
assert!(
|
||||
services()
|
||||
.admin
|
||||
.user_is_admin(user_id)
|
||||
.await
|
||||
.expect("checked user is admin"),
|
||||
"sender is not admin"
|
||||
);
|
||||
|
||||
let mutex_state = Arc::clone(
|
||||
services()
|
||||
|
|
@ -194,34 +224,33 @@ async fn respond_to_room(output_content: RoomMessageEventContent) -> Result<()>
|
|||
.roomid_mutex_state
|
||||
.write()
|
||||
.await
|
||||
.entry(admin_room.clone())
|
||||
.entry(room_id.to_owned())
|
||||
.or_default(),
|
||||
);
|
||||
let state_lock = mutex_state.lock().await;
|
||||
|
||||
let response_pdu = PduBuilder {
|
||||
event_type: TimelineEventType::RoomMessage,
|
||||
content: to_raw_value(&output_content).expect("event is valid, we just created it"),
|
||||
content: to_raw_value(content).expect("event is valid, we just created it"),
|
||||
unsigned: None,
|
||||
state_key: None,
|
||||
redacts: None,
|
||||
};
|
||||
|
||||
let server_user = &services().globals.server_user;
|
||||
if let Err(e) = services()
|
||||
.rooms
|
||||
.timeline
|
||||
.build_and_append_pdu(response_pdu, server_user, &admin_room, &state_lock)
|
||||
.build_and_append_pdu(response_pdu, user_id, room_id, &state_lock)
|
||||
.await
|
||||
{
|
||||
handle_response_error(&e, &admin_room, server_user, &state_lock).await?;
|
||||
if let Err(e) = handle_response_error(&e, room_id, user_id, &state_lock).await {
|
||||
error!("{e}");
|
||||
}
|
||||
}
|
||||
|
||||
Ok(())
|
||||
}
|
||||
|
||||
async fn handle_response_error(
|
||||
e: &Error, admin_room: &RoomId, server_user: &UserId, state_lock: &MutexGuard<'_, ()>,
|
||||
e: &Error, room_id: &RoomId, user_id: &UserId, state_lock: &MutexGuard<'_, ()>,
|
||||
) -> Result<()> {
|
||||
error!("Failed to build and append admin room response PDU: \"{e}\"");
|
||||
let error_room_message = RoomMessageEventContent::text_plain(format!(
|
||||
|
|
@ -240,8 +269,63 @@ async fn handle_response_error(
|
|||
services()
|
||||
.rooms
|
||||
.timeline
|
||||
.build_and_append_pdu(response_pdu, server_user, admin_room, state_lock)
|
||||
.build_and_append_pdu(response_pdu, user_id, room_id, state_lock)
|
||||
.await?;
|
||||
|
||||
Ok(())
|
||||
}
|
||||
|
||||
pub async fn is_admin_command(pdu: &PduEvent, body: &str) -> bool {
|
||||
// Server-side command-escape with public echo
|
||||
let is_escape = body.starts_with('\\');
|
||||
let is_public_escape = is_escape && body.trim_start_matches('\\').starts_with("!admin");
|
||||
|
||||
// Admin command with public echo (in admin room)
|
||||
let server_user = &services().globals.server_user;
|
||||
let is_public_prefix = body.starts_with("!admin") || body.starts_with(server_user.as_str());
|
||||
|
||||
// Expected backward branch
|
||||
if !is_public_escape && !is_public_prefix {
|
||||
return false;
|
||||
}
|
||||
|
||||
// Check if server-side command-escape is disabled by configuration
|
||||
if is_public_escape && !services().globals.config.admin_escape_commands {
|
||||
return false;
|
||||
}
|
||||
|
||||
// Prevent unescaped !admin from being used outside of the admin room
|
||||
if is_public_prefix && !is_admin_room(&pdu.room_id) {
|
||||
return false;
|
||||
}
|
||||
|
||||
// Only senders who are admin can proceed
|
||||
if !services()
|
||||
.admin
|
||||
.user_is_admin(&pdu.sender)
|
||||
.await
|
||||
.unwrap_or(false)
|
||||
{
|
||||
return false;
|
||||
}
|
||||
|
||||
// This will evaluate to false if the emergency password is set up so that
|
||||
// the administrator can execute commands as conduit
|
||||
let emergency_password_set = services().globals.emergency_password().is_some();
|
||||
let from_server = pdu.sender == *server_user && !emergency_password_set;
|
||||
if from_server && is_admin_room(&pdu.room_id) {
|
||||
return false;
|
||||
}
|
||||
|
||||
// Authentic admin command
|
||||
true
|
||||
}
|
||||
|
||||
#[must_use]
|
||||
pub fn is_admin_room(room_id: &RoomId) -> bool {
|
||||
if let Ok(Some(admin_room_id)) = Service::get_admin_room() {
|
||||
admin_room_id == room_id
|
||||
} else {
|
||||
false
|
||||
}
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue