magmaus3/continuwuity
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

add ignored user checks on /context and /event, misc cleanup

Browse source 
Signed-off-by: strawberry <strawberry@puppygock.gay>
This commit is contained in:
strawberry 2024-12-04 18:33:12 -05:00
parent ad0c5ceda4
commit fe1ce521aa
No known key found for this signature in database
2 changed files with 46 additions and 27 deletions
Download patch file Download diff file Expand all files Collapse all files

8
src/api/client/context.rs
View file

@ -79,11 +79,15 @@ pub(crate) async fn get_context_route(
let (base_token, base_event, visible) = try_join!(base_token, base_event, visible)?; let (base_token, base_event, visible) = try_join!(base_token, base_event, visible)?;
if base_event.room_id != body.room_id { if base_event.room_id != body.room_id || base_event.event_id != body.event_id {
return Err!(Request(NotFound("Base event not found."))); return Err!(Request(NotFound("Base event not found.")));
} }
if !visible { if !visible
|| ignored_filter(&services, (base_token, base_event.clone()), sender_user)
.await
.is_none()
{
return Err!(Request(Forbidden("You don't have permission to view this event."))); return Err!(Request(Forbidden("You don't have permission to view this event.")));
} }

53
src/api/client/room/event.rs
View file

@ -1,38 +1,53 @@
use axum::extract::State; use axum::extract::State;
use conduit::{err, Result}; use conduit::{err, Err, Event, Result};
use futures::TryFutureExt; use futures::{try_join, FutureExt, TryFutureExt};
use ruma::api::client::room::get_room_event; use ruma::api::client::room::get_room_event;
use crate::Ruma; use crate::{client::ignored_filter, Ruma};
/// # `GET /_matrix/client/r0/rooms/{roomId}/event/{eventId}` /// # `GET /_matrix/client/r0/rooms/{roomId}/event/{eventId}`
/// ///
/// Gets a single event. /// Gets a single event.
///
/// - You have to currently be joined to the room (TODO: Respect history
/// visibility)
pub(crate) async fn get_room_event_route( pub(crate) async fn get_room_event_route(
State(services): State<crate::State>, ref body: Ruma<get_room_event::v3::Request>, State(services): State<crate::State>, ref body: Ruma<get_room_event::v3::Request>,
) -> Result<get_room_event::v3::Response> { ) -> Result<get_room_event::v3::Response> {
Ok(get_room_event::v3::Response { let event = services
event: services
.rooms .rooms
.timeline .timeline
.get_pdu(&body.event_id) .get_pdu(&body.event_id)
.map_err(|_| err!(Request(NotFound("Event {} not found.", &body.event_id)))) .map_err(|_| err!(Request(NotFound("Event {} not found.", &body.event_id))));
.and_then(|event| async move {
services let token = services
.rooms
.timeline
.get_pdu_count(&body.event_id)
.map_err(|_| err!(Request(NotFound("Event not found."))));
let visible = services
.rooms .rooms
.state_accessor .state_accessor
.user_can_see_event(body.sender_user(), &event.room_id, &body.event_id) .user_can_see_event(body.sender_user(), &body.room_id, &body.event_id)
.map(Ok);
let (token, mut event, visible) = try_join!(token, event, visible)?;
if !visible
|| ignored_filter(&services, (token, event.clone()), body.sender_user())
.await .await
.then_some(event) .is_none()
.ok_or_else(|| err!(Request(Forbidden("You don't have permission to view this event.")))) {
}) return Err!(Request(Forbidden("You don't have permission to view this event.")));
.map_ok(|mut event| { }
if event.event_id() != &body.event_id || event.room_id() != body.room_id {
return Err!(Request(NotFound("Event not found")));
}
event.add_age().ok(); event.add_age().ok();
event.to_room_event()
}) let event = event.to_room_event();
.await?,
Ok(get_room_event::v3::Response {
event,
}) })
} }