mirror of
https://forgejo.ellis.link/continuwuation/continuwuity/
synced 2026-07-18 10:46:20 +00:00
Compare commits
87
Commits
| Author | SHA1 | Date | |
|---|---|---|---|
|
|
a805848b16 | ||
|
|
153ef3a173 | ||
|
|
2441dfe436 | ||
|
|
d149833b7a | ||
|
|
b1632ee60b | ||
|
|
789589ef37 | ||
|
|
1e47090f5d | ||
|
|
3e55d08488 | ||
|
|
3a74ce6151 | ||
|
|
eff454218c | ||
|
|
e2eb980b5e | ||
|
|
8945cc9e10 | ||
|
|
78adeccda1 | ||
|
|
8195373d81 | ||
|
|
1ac05838dd | ||
|
|
7ecd2aa5e2 | ||
|
|
69a3145983 | ||
|
|
73b7553b1e | ||
|
|
232ec3f620 | ||
|
|
e52bbeaf94 | ||
|
|
ad1c194fb0 | ||
|
|
5e2dcd8e79 | ||
|
|
24c6474bd1 | ||
|
|
642d05048b | ||
|
|
446ae93ad7 | ||
|
|
9ca0774b2d | ||
|
|
ce494eb0c0 | ||
|
|
1f5e178c3f | ||
|
|
ddd050d402 | ||
|
|
6ad3e679bc | ||
|
|
65812bb246 | ||
|
|
9f3a7994c7 | ||
|
|
baef3289fe | ||
|
|
9a94b93ddd | ||
|
|
0ac0bd93ae | ||
|
|
fe9f718c6e | ||
|
|
e333f5a8e5 | ||
|
|
b8c64a68d4 | ||
|
|
163f049757 | ||
|
|
f48125c37a | ||
|
|
4001b99261 | ||
|
|
b6e5a106ff | ||
|
|
e1eea45fd6 | ||
|
|
7cb53f41d6 | ||
|
|
fbf81fcdeb | ||
|
|
87030a3a22 | ||
|
|
4f509fa113 | ||
|
|
aa7ed885c0 | ||
|
|
d5e6e617d1 | ||
|
|
1f7680ad5f | ||
|
|
0c37a542d4 | ||
|
|
efd07da0d7 | ||
|
|
f0590e882a | ||
|
|
7225bf25ae | ||
|
|
e52bb5db69 | ||
|
|
995726923b | ||
|
|
556141b404 | ||
|
|
6858e1b893 | ||
|
|
07e241f616 | ||
|
|
cfbe590f1c | ||
|
|
d9c2f04d73 | ||
|
|
ada0b3184b | ||
|
|
1d6ad485f6 | ||
|
|
9d2ce72f73 | ||
|
|
13bcb5af13 | ||
|
|
5868510df1 | ||
|
|
c34d1fe76e | ||
|
|
838764b0ac | ||
|
|
b51a34c1c1 | ||
|
|
2fbb779d12 | ||
|
|
e16a62e1ed | ||
|
|
64a08262ca | ||
|
|
70a3905761 | ||
|
|
cf9179e8f6 | ||
|
|
6b899b7f80 | ||
|
|
ad57fa06fc | ||
|
|
ec9efbada5 | ||
|
|
318d2b205a | ||
|
|
99a5f2a9fb | ||
|
|
ace0d52074 | ||
|
|
0b1e24a9ad | ||
|
|
f55207d5c7 | ||
|
|
3f2fae4ca7 | ||
|
|
081f865705 | ||
|
|
0d6608a2f8 | ||
|
|
abf96140b2 | ||
|
|
35fb56aafd |
@@ -71,7 +71,7 @@ runs:
|
||||
|
||||
- name: Install timelord-cli and git-warp-time
|
||||
if: steps.check-binaries.outputs.need-install == 'true'
|
||||
uses: https://github.com/taiki-e/install-action@50414676f9f5d50a65992c6dd2ed02641263226c # v2
|
||||
uses: https://github.com/taiki-e/install-action@43aecc8d72668fbcfe75c31400bc4f890f1c5853 # v2
|
||||
with:
|
||||
tool: git-warp-time,timelord-cli@3.0.1
|
||||
|
||||
|
||||
@@ -65,7 +65,7 @@ jobs:
|
||||
path: binaries
|
||||
merge-multiple: true
|
||||
- name: Create Release and Upload
|
||||
uses: https://github.com/softprops/action-gh-release@718ea10b132b3b2eba29c1007bb80653f286566b # v3
|
||||
uses: https://github.com/softprops/action-gh-release@3d0d9888cb7fd7b750713d6e236d1fcb99157228 # v3
|
||||
with:
|
||||
draft: true
|
||||
files: binaries/*
|
||||
|
||||
@@ -32,7 +32,7 @@ jobs:
|
||||
|
||||
- name: Setup Node.js
|
||||
if: steps.runner-env.outputs.node_major == '' || steps.runner-env.outputs.node_major < '20'
|
||||
uses: https://github.com/actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6
|
||||
uses: https://github.com/actions/setup-node@249970729cb0ef3589644e2896645e5dc5ba9c38 # v6
|
||||
with:
|
||||
node-version: 22
|
||||
|
||||
|
||||
@@ -24,7 +24,7 @@ jobs:
|
||||
|
||||
steps:
|
||||
- name: 📦 Setup Node.js
|
||||
uses: https://github.com/actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6
|
||||
uses: https://github.com/actions/setup-node@249970729cb0ef3589644e2896645e5dc5ba9c38 # v6
|
||||
with:
|
||||
node-version: "22"
|
||||
|
||||
|
||||
@@ -218,7 +218,7 @@ jobs:
|
||||
path: binaries
|
||||
merge-multiple: true
|
||||
- name: Create Release and Upload
|
||||
uses: https://github.com/softprops/action-gh-release@718ea10b132b3b2eba29c1007bb80653f286566b # v3
|
||||
uses: https://github.com/softprops/action-gh-release@3d0d9888cb7fd7b750713d6e236d1fcb99157228 # v3
|
||||
with:
|
||||
draft: true
|
||||
files: binaries/*
|
||||
|
||||
@@ -43,7 +43,7 @@ jobs:
|
||||
name: Renovate
|
||||
runs-on: ubuntu-latest
|
||||
container:
|
||||
image: ghcr.io/renovatebot/renovate:43.252.1@sha256:121eb04ef758537019fb58f587aa53c99e5fda4e703993ce2ca01bd4b3926bd4
|
||||
image: ghcr.io/renovatebot/renovate:43.260.2@sha256:60d830108d9ff6408d11a55d5f110ee0976bed78a6b82b08211e3ddb72f72952
|
||||
options: --tmpfs /tmp:exec
|
||||
steps:
|
||||
- name: Checkout
|
||||
|
||||
@@ -1,3 +1,27 @@
|
||||
# Continuwuity 26.6.2 (2026-07-12)
|
||||
|
||||
## Bugfixes
|
||||
|
||||
- Fixed the server returning 500 errors if `admin_console_automatic` is enabled and no TTY is available. Contributed by @s1lv3r. (#1975)
|
||||
- Fixed `global.oauth.compatibility_mode` being required, despite being ignored, when the `[global.oauth.oidc]` config section is provided.
|
||||
- Fixed an issue with a migration that could cause user accounts imported from an identity provider to be marked as deactivated when the server started. If you have accounts affected by this issue, use `!admin users reset-password --convert-to-local-account` to reactivate them.
|
||||
|
||||
|
||||
# Continuwuity 26.6.1 (2026-07-12)
|
||||
|
||||
## Features
|
||||
|
||||
- Added enforcement for new federated invite checks and corrected a bunch of related spec compliance issues along the way. Contributed by @nex. (#1952)
|
||||
|
||||
## Bugfixes
|
||||
|
||||
- Fixed existing accounts failing to link when logging in with OIDC if `prompt_for_localpart` was `false`. (#1942)
|
||||
- Authentication is no longer required on the `/_matrix/client/v3/account/3pid/email/requestToken` endpoint. (#1953)
|
||||
- Fixed newly created rooms failing to sync properly in clients using legacy sync.
|
||||
- Stopped appservice users from being erroneously marked as deactivated during a 26.6 database migration.
|
||||
- Whitespace will now automatically be trimmed from the start and end of the `global.oauth.oidc.client_secret_file`.
|
||||
|
||||
|
||||
# Continuwuity 26.6.0 (2026-07-10)
|
||||
|
||||
## Features
|
||||
|
||||
+2
-2
@@ -26,7 +26,7 @@ ### Pre-commit Checks
|
||||
|
||||
|
||||
```bash
|
||||
# Install prek using cargo-binstall
|
||||
# Install prek using cargo-binstall https://github.com/cargo-bins/cargo-binstall
|
||||
cargo binstall prek
|
||||
|
||||
# Install git hooks to run checks automatically
|
||||
@@ -155,7 +155,7 @@ ### Creating pull requests
|
||||
|
||||
Before submitting a pull request, please ensure:
|
||||
1. Your code passes all CI checks (formatting, linting, typo detection, etc.)
|
||||
2. Your code follows the [code style guide](/development/code_style.md)
|
||||
2. Your code follows the [code style guide](docs/development/code_style.mdx)
|
||||
3. Your commit messages follow the conventional commits format
|
||||
4. Tests are added for new functionality
|
||||
5. Documentation is updated if needed
|
||||
|
||||
Generated
+159
-256
File diff suppressed because it is too large
Load Diff
+4
-10
@@ -12,7 +12,7 @@ license = "Apache-2.0"
|
||||
# See also `rust-toolchain.toml`
|
||||
readme = "README.md"
|
||||
repository = "https://forgejo.ellis.link/continuwuation/continuwuity"
|
||||
version = "26.6.0"
|
||||
version = "26.6.2"
|
||||
|
||||
[workspace.metadata.crane]
|
||||
name = "conduwuit"
|
||||
@@ -141,12 +141,6 @@ features = [
|
||||
version = "0.23.25"
|
||||
default-features = false
|
||||
|
||||
[workspace.dependencies.aws-lc-sys]
|
||||
version = "0.41.0"
|
||||
|
||||
[workspace.dependencies.aws-lc-rs]
|
||||
version = "1.17.0"
|
||||
|
||||
[workspace.dependencies.reqwest]
|
||||
version = "0.13.2"
|
||||
default-features = false
|
||||
@@ -350,7 +344,7 @@ version = "1.1.1"
|
||||
[workspace.dependencies.ruma]
|
||||
# version = "0.14.1"
|
||||
git = "https://github.com/ruma/ruma.git"
|
||||
rev = "fca1dbc060f730c1aaf84c9c2fb1e8a587455be8"
|
||||
rev = "9b6a2e7323649af926e4b5363d87239ee4247f4a"
|
||||
features = [
|
||||
"appservice-api-c",
|
||||
"client-api",
|
||||
@@ -502,7 +496,7 @@ version = "0.4.9"
|
||||
default-features = false
|
||||
|
||||
[workspace.dependencies.termimad]
|
||||
version = "0.34.0"
|
||||
version = "0.35.0"
|
||||
default-features = false
|
||||
|
||||
[workspace.dependencies.checked_ops]
|
||||
@@ -570,7 +564,7 @@ features = ["std"]
|
||||
version = "0.3.0"
|
||||
|
||||
[workspace.dependencies.resolvematrix]
|
||||
version = "1.1.0"
|
||||
version = "1.2.0"
|
||||
|
||||
[workspace.dependencies.serde_urlencoded]
|
||||
version = "0.7.1"
|
||||
|
||||
@@ -0,0 +1 @@
|
||||
Fixed requests returning `500 Internal Server Error` when the header selected by `request_ip_source` is absent, duplicated, or malformed (for example Envoy omitting `X-Envoy-External-Address` on internal requests). The client IP now falls back to the connection peer address instead of failing the request. Contributed by @eleboucher
|
||||
@@ -0,0 +1 @@
|
||||
Appservices are now properly able to create devices for E2EE.
|
||||
@@ -0,0 +1 @@
|
||||
Resolve alias service by correct name for auto-join. Contributed by @eleboucher
|
||||
@@ -0,0 +1 @@
|
||||
Fixed newly created rooms failing to sync properly in clients using legacy sync.
|
||||
@@ -0,0 +1 @@
|
||||
Fixed newly joined rooms failing to sync their full state (including the room name) to clients using legacy sync.
|
||||
@@ -0,0 +1 @@
|
||||
Appservices may now specify both the unstable and stable `device_id` query parameters in a request. The stable parameter will take priority. Contributed by @ginger.
|
||||
@@ -0,0 +1 @@
|
||||
Fixed the deeplink redirect for deleting devices. Contributed by @koen
|
||||
@@ -0,0 +1 @@
|
||||
Fix status code for oauth registration. Contributed by @n00byking
|
||||
@@ -0,0 +1 @@
|
||||
Exempt m.room.create from auth_events check. Contributed by @eleboucher
|
||||
@@ -0,0 +1 @@
|
||||
Fixed `create` being returned as a supported prompt value regardless of if registration is enabled or not. Contributed by @ginger
|
||||
@@ -0,0 +1 @@
|
||||
Updated an out-of-date statement about Oracle Linux release cadences.
|
||||
@@ -0,0 +1 @@
|
||||
Fixed high CPU usage when multiple clients from the same account were connected at once. Each sync woke the account's other sync loops, causing them to wake each other in a loop.
|
||||
@@ -0,0 +1 @@
|
||||
Fix joining restricted rooms over federation failing with signature verification error.
|
||||
+3
-1
@@ -171,6 +171,7 @@ RUN --mount=type=cache,target=/usr/local/cargo/registry \
|
||||
--mount=type=cache,target=/usr/local/cargo/git/db \
|
||||
--mount=type=cache,target=/app/target,id=continuwuity-cargo-target-${TARGET_CPU}-${TARGETPLATFORM}-${RUST_PROFILE} \
|
||||
bash <<'EOF'
|
||||
set -euo pipefail
|
||||
set -o allexport
|
||||
set -o xtrace
|
||||
. /etc/environment
|
||||
@@ -191,7 +192,7 @@ RUN --mount=type=cache,target=/usr/local/cargo/registry \
|
||||
jq -r ".target_directory"))
|
||||
mkdir /out/sbin
|
||||
PACKAGE=conduwuit
|
||||
xx-cargo build --locked --profile ${RUST_PROFILE} \
|
||||
CARGO_LOG=debug xx-cargo build --locked --profile ${RUST_PROFILE} \
|
||||
--no-default-features --features ${CARGO_FEATURES} \
|
||||
-p $PACKAGE;
|
||||
BINARIES=($(cargo metadata --no-deps --format-version 1 | \
|
||||
@@ -207,6 +208,7 @@ EOF
|
||||
RUN --mount=type=cache,target=/usr/local/cargo/registry \
|
||||
--mount=type=cache,target=/usr/local/cargo/git/db \
|
||||
bash <<'EOF'
|
||||
set -euo pipefail
|
||||
set -o xtrace
|
||||
mkdir /out/sbom
|
||||
typeset -A PACKAGES
|
||||
|
||||
@@ -15,8 +15,8 @@ ## Overview
|
||||
|
||||
:::warning Oracle Linux support
|
||||
Due to upstream limitations, Terra is only usable on Oracle Linux if you use [upstream EPEL](https://docs.fedoraproject.org/en-US/epel/getting-started/)
|
||||
rather than Oracle's rebuilds of EPEL. Oracle tends to lag behind on new EL versions, both major and minor—for example, as of the time of writing, 10.2 has been
|
||||
available for over a month through other ELs, but Oracle has not yet released corresponding updates—so you may encounter further compatibility issues with EPEL.
|
||||
rather than Oracle's rebuilds of EPEL. Oracle tends to lag behind on new EL versions, both major and minor—for example, Oracle's release of 10.2 lagged
|
||||
approximately 1.5 months behind other ELs—so you may encounter further compatibility issues with EPEL.
|
||||
**For this reason, it is recommended that you use another EL distribution if at all possible.**
|
||||
:::
|
||||
|
||||
|
||||
@@ -6,10 +6,10 @@
|
||||
"message": "Welcome to Continuwuity! Important announcements about the project will appear here."
|
||||
},
|
||||
{
|
||||
"id": 15,
|
||||
"id": 16,
|
||||
"mention_room": true,
|
||||
"date": "2026-07-10",
|
||||
"message": "[Continuwuity 26.6.0](https://forgejo.ellis.link/continuwuation/continuwuity/releases/tag/v26.6.0) is finally out! This is by far our largest release yet, and it wouldn't have been possible without our community. Thank you so much for all of your patience, support, and/or development time over the last three months <3"
|
||||
"date": "2026-07-13",
|
||||
"message": "[Continuwuity 26.6.2](https://forgejo.ellis.link/continuwuation/continuwuity/releases/tag/v26.6.1) has just been released! This release fixes a severe bug with OIDC that could cause users' accounts to be flagged as deactivated. If you use OIDC, please update as soon as possible."
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@@ -27,3 +27,7 @@ ## `!admin appservices show-appservice-config`
|
||||
## `!admin appservices list-registered`
|
||||
|
||||
List all the currently registered appservices
|
||||
|
||||
## `!admin appservices ensure-puppets-active`
|
||||
|
||||
Ensure no appservice puppets are marked as deactivated. This is a debug command to fix issues caused by a faulty database migration in Continuwuity 26.6.0
|
||||
|
||||
@@ -146,6 +146,10 @@ ## `!admin debug send-test-email`
|
||||
|
||||
Send a test email to the invoking admin's email address
|
||||
|
||||
## `!admin debug rooms-by-extremity-count`
|
||||
|
||||
Lists room IDs by forward extremity count in descending order
|
||||
|
||||
## `!admin debug tester`
|
||||
|
||||
Developer test stubs
|
||||
|
||||
@@ -106,9 +106,7 @@ ## `!admin query resolver`
|
||||
|
||||
### `!admin query resolver cache`
|
||||
|
||||
Query the destinations or overrides cache
|
||||
|
||||
Shows entire cache by default, but can be narrowed to only show overrides with `-o/--overrides true`, or to exclude them with `false`
|
||||
Query the destinations or overrides cache, depending on the value of the `overrides` flag (default false)
|
||||
|
||||
### `!admin query resolver flush-cache`
|
||||
|
||||
|
||||
Generated
+21
-21
@@ -3,11 +3,11 @@
|
||||
"advisory-db": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1781566179,
|
||||
"narHash": "sha256-Tqv8I586fYzWpEW/Smq/JqESFa3DVVzVWsnAMtvhy/I=",
|
||||
"lastModified": 1783840254,
|
||||
"narHash": "sha256-XjyvZk0f3YiinVHmkGOotmLBAzvK+LwEJYj2QqJ5pn8=",
|
||||
"owner": "rustsec",
|
||||
"repo": "advisory-db",
|
||||
"rev": "74e084413d979d52d2f93b1d93b1ab7b9ee648f5",
|
||||
"rev": "6e3286f4efa8c142fb33e5ea4342c8db6693cf34",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@@ -18,11 +18,11 @@
|
||||
},
|
||||
"crane": {
|
||||
"locked": {
|
||||
"lastModified": 1780532242,
|
||||
"narHash": "sha256-D+BsdpxmtUwtqGoY0IXPhHgTlmqgcZKCEo1oMyn7ep0=",
|
||||
"lastModified": 1783203018,
|
||||
"narHash": "sha256-G6R9IT/xwFuu+CYBWDUAok6AdC4ERC4ZfPPFtEpxnZE=",
|
||||
"owner": "ipetkov",
|
||||
"repo": "crane",
|
||||
"rev": "59a82a1222dd3b2080b5cc52a1a2e8d5f1b77f37",
|
||||
"rev": "80db5bdc391be8a1794f6d8a2d56e3a84ebcede2",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@@ -39,11 +39,11 @@
|
||||
"rust-analyzer-src": "rust-analyzer-src"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1781527054,
|
||||
"narHash": "sha256-1fX9ev2Fh5QoKQ41G9dYutjo5j/jywu6tZse5Eb1Ck4=",
|
||||
"lastModified": 1783844668,
|
||||
"narHash": "sha256-3MOpw4y3reoErRLvFBDz0t9aG6FWXUj7leKvUns5eQA=",
|
||||
"owner": "nix-community",
|
||||
"repo": "fenix",
|
||||
"rev": "8c2e51dffefc040a21975da7abf6f252c8c9b783",
|
||||
"rev": "4e49ef62eedaa5c149d62b63b3f53844e1cc45d7",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@@ -74,11 +74,11 @@
|
||||
"nixpkgs-lib": "nixpkgs-lib"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1778716662,
|
||||
"narHash": "sha256-m1Yf0wZ8j1OHjTc2UwHwyQRSnNeSgLJOd7q5Y45hzi4=",
|
||||
"lastModified": 1782949081,
|
||||
"narHash": "sha256-vp6Y/Grm98ESt6ceOkWiHWyZRDV3J1RID4w+6NWK9yA=",
|
||||
"owner": "hercules-ci",
|
||||
"repo": "flake-parts",
|
||||
"rev": "f7c1a2d347e4c52d5fb8d10cb4d94b5884e546fb",
|
||||
"rev": "17c9d6cdfc60c64f4ee8d306f9bc0b4ccb51481e",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@@ -89,11 +89,11 @@
|
||||
},
|
||||
"nixpkgs": {
|
||||
"locked": {
|
||||
"lastModified": 1781074563,
|
||||
"narHash": "sha256-md8WlXOlfnIeHeOScMTTHFyf2d6iaTwPl2apR5EQ3P4=",
|
||||
"lastModified": 1783776592,
|
||||
"narHash": "sha256-UgCQzxeWI75XM8G+hPrPh+MKzEPjG3SpAj7dtqSbksA=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "9ae611a455b90cf061d8f332b977e387bda8e1ca",
|
||||
"rev": "e7a3ca8092b61ff85b6a45bf863ea2b2d6a661b3",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@@ -105,11 +105,11 @@
|
||||
},
|
||||
"nixpkgs-lib": {
|
||||
"locked": {
|
||||
"lastModified": 1777168982,
|
||||
"narHash": "sha256-GOkGPcboWE9BmGCRMLX3worL4EMnsnG8MyKmXNeYuhQ=",
|
||||
"lastModified": 1782614948,
|
||||
"narHash": "sha256-ePjCwr1sNm9NYUqywL7QfK3JnlS015msC+eBu2zKlp8=",
|
||||
"owner": "nix-community",
|
||||
"repo": "nixpkgs.lib",
|
||||
"rev": "f5901329dade4a6ea039af1433fb087bd9c1fe14",
|
||||
"rev": "db3f255737b94216eb71cce308e2912cf6bc2d7c",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@@ -132,11 +132,11 @@
|
||||
"rust-analyzer-src": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1781453968,
|
||||
"narHash": "sha256-+V3nK4pCngbmgyVGXY6Kkrlevp4ocPkJJLf2aqwkDNA=",
|
||||
"lastModified": 1783779020,
|
||||
"narHash": "sha256-vpm418WZa9l1KUl6HRs+Ga+SIfE+D2/sV4olwTlilYc=",
|
||||
"owner": "rust-lang",
|
||||
"repo": "rust-analyzer",
|
||||
"rev": "cc272809a173c2c11d0e479d639c811c1eacf049",
|
||||
"rev": "5be5e89cf0145d73a85c805726821b4adfc3af48",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
||||
@@ -43,8 +43,8 @@ let
|
||||
env = {
|
||||
CARGO_PROFILE = profile;
|
||||
RUSTFLAGS = rustflags;
|
||||
GIT_COMMIT_HASH = self.rev or self.dirtyRev;
|
||||
GIT_COMMIT_HASH_SHORT = self.shortRev or self.dirtyShortRev;
|
||||
GIT_COMMIT_HASH = self.rev or self.dirtyRev or "";
|
||||
GIT_COMMIT_HASH_SHORT = self.shortRev or self.dirtyShortRev or "";
|
||||
}
|
||||
// (lib.optionalAttrs (rocksdb != null) {
|
||||
ROCKSDB_INCLUDE_DIR = "${rocksdb}/include";
|
||||
|
||||
+1
-1
@@ -12,7 +12,7 @@
|
||||
target:
|
||||
target.fromToolchainName {
|
||||
name = (lib.importTOML "${inputs.self}/rust-toolchain.toml").toolchain.channel;
|
||||
sha256 = "sha256-h+t2xTBz5yt2YIO+1VMIIGlCU7gyp2LYOFvaV1nwOXU=";
|
||||
sha256 = "sha256-A1abGIbOtcBSdrUMhDGrER3pRM1hQP4fp9gh3Y4PKc8=";
|
||||
};
|
||||
in
|
||||
{
|
||||
|
||||
Generated
+429
-68
@@ -12,7 +12,7 @@
|
||||
"@rspress/core": "^2.0.0",
|
||||
"@rspress/plugin-client-redirects": "^2.0.0",
|
||||
"@rspress/plugin-sitemap": "^2.0.0",
|
||||
"typescript": "^6.0.0"
|
||||
"typescript": "^7.0.0"
|
||||
}
|
||||
},
|
||||
"node_modules/@emnapi/core": {
|
||||
@@ -419,9 +419,9 @@
|
||||
}
|
||||
},
|
||||
"node_modules/@rspress/core": {
|
||||
"version": "2.0.17",
|
||||
"resolved": "https://registry.npmjs.org/@rspress/core/-/core-2.0.17.tgz",
|
||||
"integrity": "sha512-oynYHE2aBj7BFzD/UgqKnrj/PyYxfWGrmRPlTmjLL22UPcocdUdFYLb/6nijyseAST59VMr5Gj4wOfFUeJT5vw==",
|
||||
"version": "2.0.18",
|
||||
"resolved": "https://registry.npmjs.org/@rspress/core/-/core-2.0.18.tgz",
|
||||
"integrity": "sha512-DBpsr/6XAItQkZPL5FSjthLGuzdG9ks/7EOxkqaaXp93uAT54LO0PD5Dkoy6ydup1PnvkpHyiHpUyDcnHHTVhg==",
|
||||
"dev": true,
|
||||
"license": "MIT",
|
||||
"dependencies": {
|
||||
@@ -429,7 +429,7 @@
|
||||
"@mdx-js/react": "^3.1.1",
|
||||
"@rsbuild/core": "^2.1.5",
|
||||
"@rsbuild/plugin-react": "~2.1.0",
|
||||
"@rspress/shared": "2.0.17",
|
||||
"@rspress/shared": "2.0.18",
|
||||
"@shikijs/rehype": "^4.2.0",
|
||||
"@types/unist": "^3.0.3",
|
||||
"@unhead/react": "^2.1.15",
|
||||
@@ -472,9 +472,9 @@
|
||||
}
|
||||
},
|
||||
"node_modules/@rspress/plugin-client-redirects": {
|
||||
"version": "2.0.17",
|
||||
"resolved": "https://registry.npmjs.org/@rspress/plugin-client-redirects/-/plugin-client-redirects-2.0.17.tgz",
|
||||
"integrity": "sha512-HJMlW5xsQe2cAFYNHw3LhMy8WcuqRb4l0ey3E3OIu121ymbSLqIQJVPS/IF/NuoyPoxCAmV58LYIaCxGEriUww==",
|
||||
"version": "2.0.18",
|
||||
"resolved": "https://registry.npmjs.org/@rspress/plugin-client-redirects/-/plugin-client-redirects-2.0.18.tgz",
|
||||
"integrity": "sha512-q70ufN0S125kl0QlucO7JuiZ0WJaxFOtPPoGu7eWwam9fb+i4YsWnOWtAKSKGH4JP5+897mgpDPP+dmfl9DPCw==",
|
||||
"dev": true,
|
||||
"license": "MIT",
|
||||
"engines": {
|
||||
@@ -485,9 +485,9 @@
|
||||
}
|
||||
},
|
||||
"node_modules/@rspress/plugin-sitemap": {
|
||||
"version": "2.0.17",
|
||||
"resolved": "https://registry.npmjs.org/@rspress/plugin-sitemap/-/plugin-sitemap-2.0.17.tgz",
|
||||
"integrity": "sha512-MpNxF+hFK7zsk8t+Ta7KYI/Py6Csjyw0AMGrWf3XG/kr0+fisVxbT/jUanXRLSoj2m9VX9CVsi180rPnezUpbQ==",
|
||||
"version": "2.0.18",
|
||||
"resolved": "https://registry.npmjs.org/@rspress/plugin-sitemap/-/plugin-sitemap-2.0.18.tgz",
|
||||
"integrity": "sha512-XfaXzZx+ASN9OMTc0fOvW8QmbmyCyDWkO8xJj4XF4E0YJtsu7j/65+v8/KXXdwpywOfUIQ6M94/meRTy2urNmQ==",
|
||||
"dev": true,
|
||||
"license": "MIT",
|
||||
"engines": {
|
||||
@@ -498,9 +498,9 @@
|
||||
}
|
||||
},
|
||||
"node_modules/@rspress/shared": {
|
||||
"version": "2.0.17",
|
||||
"resolved": "https://registry.npmjs.org/@rspress/shared/-/shared-2.0.17.tgz",
|
||||
"integrity": "sha512-ZzpZ4hm5svgwU0w5CpTLZy4vFD3uPo8+gXtWMOREYMzwfzJeHqwOyXwxHf6byGpx85mVK5DQqMDi61meAS7ZUw==",
|
||||
"version": "2.0.18",
|
||||
"resolved": "https://registry.npmjs.org/@rspress/shared/-/shared-2.0.18.tgz",
|
||||
"integrity": "sha512-GJswqJQCPSxvBt5r+gJzz8Em8EEK/sOmCQjTpemTvldvxr1Lva85BGVnSQZOgofnM0nrjt18kn4mmnuuSstbpA==",
|
||||
"dev": true,
|
||||
"license": "MIT",
|
||||
"dependencies": {
|
||||
@@ -510,14 +510,14 @@
|
||||
}
|
||||
},
|
||||
"node_modules/@shikijs/core": {
|
||||
"version": "4.2.0",
|
||||
"resolved": "https://registry.npmjs.org/@shikijs/core/-/core-4.2.0.tgz",
|
||||
"integrity": "sha512-Hc87Ab1Ld/vEbZRCbwx344I5v+4RU8CVToUTRkqXL1+TjbuOp9U5Xa0M23V4GEWHxVn+yO5otb+HkQVm3ptWQQ==",
|
||||
"version": "4.3.1",
|
||||
"resolved": "https://registry.npmjs.org/@shikijs/core/-/core-4.3.1.tgz",
|
||||
"integrity": "sha512-ANMDxuaPsNMdDC1m4vfvhlDmJweMwkE5XitTwrq2rWHx5jM+dlm4MmHt2PP6t0uejfR77SuhrhJ0zEijIF/uhA==",
|
||||
"dev": true,
|
||||
"license": "MIT",
|
||||
"dependencies": {
|
||||
"@shikijs/primitive": "4.2.0",
|
||||
"@shikijs/types": "4.2.0",
|
||||
"@shikijs/primitive": "4.3.1",
|
||||
"@shikijs/types": "4.3.1",
|
||||
"@shikijs/vscode-textmate": "^10.0.2",
|
||||
"@types/hast": "^3.0.4",
|
||||
"hast-util-to-html": "^9.0.5"
|
||||
@@ -527,13 +527,13 @@
|
||||
}
|
||||
},
|
||||
"node_modules/@shikijs/engine-javascript": {
|
||||
"version": "4.2.0",
|
||||
"resolved": "https://registry.npmjs.org/@shikijs/engine-javascript/-/engine-javascript-4.2.0.tgz",
|
||||
"integrity": "sha512-fjETeq1k5ffyXqRgS6+3hpvqseLalp1kjNfRbXpUgWR8FpZ1CmQfiNHovc5lncYjt/Vg5JK/WJEmLahjwMa0og==",
|
||||
"version": "4.3.1",
|
||||
"resolved": "https://registry.npmjs.org/@shikijs/engine-javascript/-/engine-javascript-4.3.1.tgz",
|
||||
"integrity": "sha512-JBItcnPuYq7jVJdZo/vMj94r+szT7XEjHFX+mvFDGSEIbVAXAGyHAHzhbWzpGOwYidCZrErJLLgn2PVeiokHnQ==",
|
||||
"dev": true,
|
||||
"license": "MIT",
|
||||
"dependencies": {
|
||||
"@shikijs/types": "4.2.0",
|
||||
"@shikijs/types": "4.3.1",
|
||||
"@shikijs/vscode-textmate": "^10.0.2",
|
||||
"oniguruma-to-es": "^4.3.6"
|
||||
},
|
||||
@@ -542,13 +542,13 @@
|
||||
}
|
||||
},
|
||||
"node_modules/@shikijs/engine-oniguruma": {
|
||||
"version": "4.2.0",
|
||||
"resolved": "https://registry.npmjs.org/@shikijs/engine-oniguruma/-/engine-oniguruma-4.2.0.tgz",
|
||||
"integrity": "sha512-hTorK1dffPkpbMUk6Z+828PgRo7d07HbnizoP0hNPFjhxMHctj0Px/qoHeGMYafc6ju+u9iMldN4JbVzNQM++g==",
|
||||
"version": "4.3.1",
|
||||
"resolved": "https://registry.npmjs.org/@shikijs/engine-oniguruma/-/engine-oniguruma-4.3.1.tgz",
|
||||
"integrity": "sha512-OXyNMzg0pews+msMj4cHeqT4xiYKKvbnn6VbdAXxfoFl3SSx4fJTc8FadECuc5/H9p3BzhNAoAUXKwAu9rWYhg==",
|
||||
"dev": true,
|
||||
"license": "MIT",
|
||||
"dependencies": {
|
||||
"@shikijs/types": "4.2.0",
|
||||
"@shikijs/types": "4.3.1",
|
||||
"@shikijs/vscode-textmate": "^10.0.2"
|
||||
},
|
||||
"engines": {
|
||||
@@ -556,26 +556,26 @@
|
||||
}
|
||||
},
|
||||
"node_modules/@shikijs/langs": {
|
||||
"version": "4.2.0",
|
||||
"resolved": "https://registry.npmjs.org/@shikijs/langs/-/langs-4.2.0.tgz",
|
||||
"integrity": "sha512-bwrVRlJ0wUhZxAbVdvBbv2TTC9yLsh4C/IO5Ofz0T8MQntgDvyVnkbjw9vi50r1kx7RCIJdnJnjZAwmAsXFLZQ==",
|
||||
"version": "4.3.1",
|
||||
"resolved": "https://registry.npmjs.org/@shikijs/langs/-/langs-4.3.1.tgz",
|
||||
"integrity": "sha512-m0l9nsDqgBHvbZbk7A0/kXz/impK3uB/c6rAn6Gpg/uPtdZRQ+alsN/17MU5thb68XTj/4DxkZAotrM0GGSpDQ==",
|
||||
"dev": true,
|
||||
"license": "MIT",
|
||||
"dependencies": {
|
||||
"@shikijs/types": "4.2.0"
|
||||
"@shikijs/types": "4.3.1"
|
||||
},
|
||||
"engines": {
|
||||
"node": ">=20"
|
||||
}
|
||||
},
|
||||
"node_modules/@shikijs/primitive": {
|
||||
"version": "4.2.0",
|
||||
"resolved": "https://registry.npmjs.org/@shikijs/primitive/-/primitive-4.2.0.tgz",
|
||||
"integrity": "sha512-NOq+DtUkVBJtZMVXL5A0vI0Xk8nvDYaXetFHSJFlOqjDZIVhIPRYFdGkSoElDqNuegikcc3A76SNUa8dTqtAYA==",
|
||||
"version": "4.3.1",
|
||||
"resolved": "https://registry.npmjs.org/@shikijs/primitive/-/primitive-4.3.1.tgz",
|
||||
"integrity": "sha512-CXQRQOYy1leqQ8ceTeJdmXv/bsUY++6QyLpXJ94LZAAYj5X2SKRdc5ipguv4NPyGVKItB2PPwUpRNe0Sjh5S1A==",
|
||||
"dev": true,
|
||||
"license": "MIT",
|
||||
"dependencies": {
|
||||
"@shikijs/types": "4.2.0",
|
||||
"@shikijs/types": "4.3.1",
|
||||
"@shikijs/vscode-textmate": "^10.0.2",
|
||||
"@types/hast": "^3.0.4"
|
||||
},
|
||||
@@ -584,16 +584,16 @@
|
||||
}
|
||||
},
|
||||
"node_modules/@shikijs/rehype": {
|
||||
"version": "4.2.0",
|
||||
"resolved": "https://registry.npmjs.org/@shikijs/rehype/-/rehype-4.2.0.tgz",
|
||||
"integrity": "sha512-ST3EWye/dwF1gWskczJNBnwFtDzEQ9ceytXZtyc/GfwR5V0qJrkoSGZO55O3SAKDDsXkTDcsfwd9pVe7ROlAHg==",
|
||||
"version": "4.3.1",
|
||||
"resolved": "https://registry.npmjs.org/@shikijs/rehype/-/rehype-4.3.1.tgz",
|
||||
"integrity": "sha512-oshrlfUF3VPUJfnp5K1lLwsS/SRBKrIxONpdWebSKZXdBE3UsZnxgqpvRUA8UsofS7vmjFOCAHIT71ECbmOxTw==",
|
||||
"dev": true,
|
||||
"license": "MIT",
|
||||
"dependencies": {
|
||||
"@shikijs/types": "4.2.0",
|
||||
"@shikijs/types": "4.3.1",
|
||||
"@types/hast": "^3.0.4",
|
||||
"hast-util-to-string": "^3.0.1",
|
||||
"shiki": "4.2.0",
|
||||
"shiki": "4.3.1",
|
||||
"unified": "^11.0.5",
|
||||
"unist-util-visit": "^5.1.0"
|
||||
},
|
||||
@@ -602,22 +602,22 @@
|
||||
}
|
||||
},
|
||||
"node_modules/@shikijs/themes": {
|
||||
"version": "4.2.0",
|
||||
"resolved": "https://registry.npmjs.org/@shikijs/themes/-/themes-4.2.0.tgz",
|
||||
"integrity": "sha512-RX8IHYeLv8Cu2W6ruc3RxUqWn0IYCqSrMBzi/uRGAmfyDNOnNO5BF/Px7o97n4XTpmFTo5GbRaazuOWj+2ak2w==",
|
||||
"version": "4.3.1",
|
||||
"resolved": "https://registry.npmjs.org/@shikijs/themes/-/themes-4.3.1.tgz",
|
||||
"integrity": "sha512-dgpoJ4WqNi2yTmizQHBJ5zcX6j2lE6icN/0yt4l1kkf16jrY/pwPLoTb1ETsWMz0OBLf9ZNvwmxft+cH+N9qSA==",
|
||||
"dev": true,
|
||||
"license": "MIT",
|
||||
"dependencies": {
|
||||
"@shikijs/types": "4.2.0"
|
||||
"@shikijs/types": "4.3.1"
|
||||
},
|
||||
"engines": {
|
||||
"node": ">=20"
|
||||
}
|
||||
},
|
||||
"node_modules/@shikijs/types": {
|
||||
"version": "4.2.0",
|
||||
"resolved": "https://registry.npmjs.org/@shikijs/types/-/types-4.2.0.tgz",
|
||||
"integrity": "sha512-VT/MKtlpOhEPZloSH3Pb9WCZEBDoQVMa9jedp5UAwmJOar1DVc9DRODAxmYPW9M93IK4ryuqRejFfmlvlVDemw==",
|
||||
"version": "4.3.1",
|
||||
"resolved": "https://registry.npmjs.org/@shikijs/types/-/types-4.3.1.tgz",
|
||||
"integrity": "sha512-CHFxE0jztBIZRHH6gxXE7DXUCFXjReEGxZ/j0rfSLGKZuwp2xBYycEP14875DSa9KLL/6700oxIq6oO6ef9K2g==",
|
||||
"dev": true,
|
||||
"license": "MIT",
|
||||
"dependencies": {
|
||||
@@ -684,9 +684,9 @@
|
||||
}
|
||||
},
|
||||
"node_modules/@types/hast": {
|
||||
"version": "3.0.4",
|
||||
"resolved": "https://registry.npmjs.org/@types/hast/-/hast-3.0.4.tgz",
|
||||
"integrity": "sha512-WPs+bbQw5aCj+x6laNGWLH3wviHtoCv/P3+otBhbOhJgG8qtpdAMlTCxLtsTWA7LH1Oh/bFCHsBn0TPS5m30EQ==",
|
||||
"version": "3.0.5",
|
||||
"resolved": "https://registry.npmjs.org/@types/hast/-/hast-3.0.5.tgz",
|
||||
"integrity": "sha512-rp/ezSWaD1m44dPKICGhiskI13nVr7qTloFwDa/IYkhhf5nzwP+zIQcIJh3WIFSBOy/H1PzB40jPjMDksN4F+g==",
|
||||
"dev": true,
|
||||
"license": "MIT",
|
||||
"dependencies": {
|
||||
@@ -735,10 +735,350 @@
|
||||
"dev": true,
|
||||
"license": "MIT"
|
||||
},
|
||||
"node_modules/@typescript/typescript-aix-ppc64": {
|
||||
"version": "7.0.2",
|
||||
"resolved": "https://registry.npmjs.org/@typescript/typescript-aix-ppc64/-/typescript-aix-ppc64-7.0.2.tgz",
|
||||
"integrity": "sha512-MTKKkWB7p/0E9xi1d1tHtZ5PiLkGEMIq88pK2CubZjOsLtYTLqhgIgi6zepFa+9GHZ6h05NMCkQxGKiPXMxXtQ==",
|
||||
"cpu": [
|
||||
"ppc64"
|
||||
],
|
||||
"dev": true,
|
||||
"license": "Apache-2.0",
|
||||
"optional": true,
|
||||
"os": [
|
||||
"aix"
|
||||
],
|
||||
"engines": {
|
||||
"node": ">=16.20.0"
|
||||
}
|
||||
},
|
||||
"node_modules/@typescript/typescript-darwin-arm64": {
|
||||
"version": "7.0.2",
|
||||
"resolved": "https://registry.npmjs.org/@typescript/typescript-darwin-arm64/-/typescript-darwin-arm64-7.0.2.tgz",
|
||||
"integrity": "sha512-gowzar9MwS/aRWp6f3a4KUqzRjAZjOsmGNCM6LcTgXum+dBfgsBVMN+AgvOCCbguXyick6LJhpBszxMebJ8syA==",
|
||||
"cpu": [
|
||||
"arm64"
|
||||
],
|
||||
"dev": true,
|
||||
"license": "Apache-2.0",
|
||||
"optional": true,
|
||||
"os": [
|
||||
"darwin"
|
||||
],
|
||||
"engines": {
|
||||
"node": ">=16.20.0"
|
||||
}
|
||||
},
|
||||
"node_modules/@typescript/typescript-darwin-x64": {
|
||||
"version": "7.0.2",
|
||||
"resolved": "https://registry.npmjs.org/@typescript/typescript-darwin-x64/-/typescript-darwin-x64-7.0.2.tgz",
|
||||
"integrity": "sha512-SZ9xZInqApNlNGc9s0W1VSsktYSOe9cFqNOIqmN1Gs8SmkjKZYFt017G4VwPxASInODuAdbTW7sXiFUf893RgA==",
|
||||
"cpu": [
|
||||
"x64"
|
||||
],
|
||||
"dev": true,
|
||||
"license": "Apache-2.0",
|
||||
"optional": true,
|
||||
"os": [
|
||||
"darwin"
|
||||
],
|
||||
"engines": {
|
||||
"node": ">=16.20.0"
|
||||
}
|
||||
},
|
||||
"node_modules/@typescript/typescript-freebsd-arm64": {
|
||||
"version": "7.0.2",
|
||||
"resolved": "https://registry.npmjs.org/@typescript/typescript-freebsd-arm64/-/typescript-freebsd-arm64-7.0.2.tgz",
|
||||
"integrity": "sha512-W5NH4y/J0plIIS5b2xvTEkU7JFxyqdMAOgf+Ilhl0vHQXKO5dZoxd+C/jEtq56c4F3wk71RB4BMRQ2XdI+bwYQ==",
|
||||
"cpu": [
|
||||
"arm64"
|
||||
],
|
||||
"dev": true,
|
||||
"license": "Apache-2.0",
|
||||
"optional": true,
|
||||
"os": [
|
||||
"freebsd"
|
||||
],
|
||||
"engines": {
|
||||
"node": ">=16.20.0"
|
||||
}
|
||||
},
|
||||
"node_modules/@typescript/typescript-freebsd-x64": {
|
||||
"version": "7.0.2",
|
||||
"resolved": "https://registry.npmjs.org/@typescript/typescript-freebsd-x64/-/typescript-freebsd-x64-7.0.2.tgz",
|
||||
"integrity": "sha512-UMGDx5sTpzNw3WiPebH7l90IWfJggEd+egHt/q6p7/Cm3zqoV7VxkGXt+3DxPIw8CcmvAB0j3sVVfbhX+M4Tpw==",
|
||||
"cpu": [
|
||||
"x64"
|
||||
],
|
||||
"dev": true,
|
||||
"license": "Apache-2.0",
|
||||
"optional": true,
|
||||
"os": [
|
||||
"freebsd"
|
||||
],
|
||||
"engines": {
|
||||
"node": ">=16.20.0"
|
||||
}
|
||||
},
|
||||
"node_modules/@typescript/typescript-linux-arm": {
|
||||
"version": "7.0.2",
|
||||
"resolved": "https://registry.npmjs.org/@typescript/typescript-linux-arm/-/typescript-linux-arm-7.0.2.tgz",
|
||||
"integrity": "sha512-gffT3xPz9sR7j/YJExkyPntrI0P2EP9XbOyWzth2/Gs0RstK+90RBcO0ncXoXy/beYll1SXw846Nf2zdnEz0QQ==",
|
||||
"cpu": [
|
||||
"arm"
|
||||
],
|
||||
"dev": true,
|
||||
"license": "Apache-2.0",
|
||||
"optional": true,
|
||||
"os": [
|
||||
"linux"
|
||||
],
|
||||
"engines": {
|
||||
"node": ">=16.20.0"
|
||||
}
|
||||
},
|
||||
"node_modules/@typescript/typescript-linux-arm64": {
|
||||
"version": "7.0.2",
|
||||
"resolved": "https://registry.npmjs.org/@typescript/typescript-linux-arm64/-/typescript-linux-arm64-7.0.2.tgz",
|
||||
"integrity": "sha512-Qh4eU4/y3yDjnfjjyPYihMj5/ODIlmt+Bzu17OI+fiSRDW57QmU5SiN63exPRNJPKUzcc1INa1NXdrJ+MqHjUQ==",
|
||||
"cpu": [
|
||||
"arm64"
|
||||
],
|
||||
"dev": true,
|
||||
"license": "Apache-2.0",
|
||||
"optional": true,
|
||||
"os": [
|
||||
"linux"
|
||||
],
|
||||
"engines": {
|
||||
"node": ">=16.20.0"
|
||||
}
|
||||
},
|
||||
"node_modules/@typescript/typescript-linux-loong64": {
|
||||
"version": "7.0.2",
|
||||
"resolved": "https://registry.npmjs.org/@typescript/typescript-linux-loong64/-/typescript-linux-loong64-7.0.2.tgz",
|
||||
"integrity": "sha512-uEHck9i8hoAzXPiYRib1O7miOnz23SxIeVl6F4LXox+qov1K35jHcEW6VHKvZI+pyvl7fZEP4MCU5LYvIq1GuQ==",
|
||||
"cpu": [
|
||||
"loong64"
|
||||
],
|
||||
"dev": true,
|
||||
"license": "Apache-2.0",
|
||||
"optional": true,
|
||||
"os": [
|
||||
"linux"
|
||||
],
|
||||
"engines": {
|
||||
"node": ">=16.20.0"
|
||||
}
|
||||
},
|
||||
"node_modules/@typescript/typescript-linux-mips64el": {
|
||||
"version": "7.0.2",
|
||||
"resolved": "https://registry.npmjs.org/@typescript/typescript-linux-mips64el/-/typescript-linux-mips64el-7.0.2.tgz",
|
||||
"integrity": "sha512-R4KvAMnE43W5Qeqb0Ly56O3mWMWIAgsMyz36DCaycd5nbg/9kzm0liw3JocfRqyJY0KPmzFjbswozXyW0DnIYA==",
|
||||
"cpu": [
|
||||
"mips64el"
|
||||
],
|
||||
"dev": true,
|
||||
"license": "Apache-2.0",
|
||||
"optional": true,
|
||||
"os": [
|
||||
"linux"
|
||||
],
|
||||
"engines": {
|
||||
"node": ">=16.20.0"
|
||||
}
|
||||
},
|
||||
"node_modules/@typescript/typescript-linux-ppc64": {
|
||||
"version": "7.0.2",
|
||||
"resolved": "https://registry.npmjs.org/@typescript/typescript-linux-ppc64/-/typescript-linux-ppc64-7.0.2.tgz",
|
||||
"integrity": "sha512-DORx5b3sd/4S7eayxm4FQv+A7CrkUIGRaHiwI8oiHTAI1fAPWhF4J0vAlkC8biAlHSVVwxMQ3tjZ2/DVbnQiiA==",
|
||||
"cpu": [
|
||||
"ppc64"
|
||||
],
|
||||
"dev": true,
|
||||
"license": "Apache-2.0",
|
||||
"optional": true,
|
||||
"os": [
|
||||
"linux"
|
||||
],
|
||||
"engines": {
|
||||
"node": ">=16.20.0"
|
||||
}
|
||||
},
|
||||
"node_modules/@typescript/typescript-linux-riscv64": {
|
||||
"version": "7.0.2",
|
||||
"resolved": "https://registry.npmjs.org/@typescript/typescript-linux-riscv64/-/typescript-linux-riscv64-7.0.2.tgz",
|
||||
"integrity": "sha512-wf0jqEDOjrPRnKwYRyyJDRo11KMbvMFrU+q4zqKyChODBzvlkbhNQfKvLxQCcwTpdDaXSHZTVuh0JoCrKCUMHQ==",
|
||||
"cpu": [
|
||||
"riscv64"
|
||||
],
|
||||
"dev": true,
|
||||
"license": "Apache-2.0",
|
||||
"optional": true,
|
||||
"os": [
|
||||
"linux"
|
||||
],
|
||||
"engines": {
|
||||
"node": ">=16.20.0"
|
||||
}
|
||||
},
|
||||
"node_modules/@typescript/typescript-linux-s390x": {
|
||||
"version": "7.0.2",
|
||||
"resolved": "https://registry.npmjs.org/@typescript/typescript-linux-s390x/-/typescript-linux-s390x-7.0.2.tgz",
|
||||
"integrity": "sha512-IkwJc3L7yhytWd/ewjyxNDfOmswCm9GWMJT/ue/dU4aZNbwZeYAetq42VyLmsmSjvoX7z74X6ZaYCtzAr0EuGw==",
|
||||
"cpu": [
|
||||
"s390x"
|
||||
],
|
||||
"dev": true,
|
||||
"license": "Apache-2.0",
|
||||
"optional": true,
|
||||
"os": [
|
||||
"linux"
|
||||
],
|
||||
"engines": {
|
||||
"node": ">=16.20.0"
|
||||
}
|
||||
},
|
||||
"node_modules/@typescript/typescript-linux-x64": {
|
||||
"version": "7.0.2",
|
||||
"resolved": "https://registry.npmjs.org/@typescript/typescript-linux-x64/-/typescript-linux-x64-7.0.2.tgz",
|
||||
"integrity": "sha512-EYdf2cNg7rgCWJnxCdJ+F3V39O8ihb37eHAu1LK8oAFizgTQbPOK7zHHXbPt8rX24COqODXeI3sIf0fCXG7H/A==",
|
||||
"cpu": [
|
||||
"x64"
|
||||
],
|
||||
"dev": true,
|
||||
"license": "Apache-2.0",
|
||||
"optional": true,
|
||||
"os": [
|
||||
"linux"
|
||||
],
|
||||
"engines": {
|
||||
"node": ">=16.20.0"
|
||||
}
|
||||
},
|
||||
"node_modules/@typescript/typescript-netbsd-arm64": {
|
||||
"version": "7.0.2",
|
||||
"resolved": "https://registry.npmjs.org/@typescript/typescript-netbsd-arm64/-/typescript-netbsd-arm64-7.0.2.tgz",
|
||||
"integrity": "sha512-+polYF4MF04aPpO5FTkHran9yUQDSXqy5GiSDKpsll5jy3l3+g9QLhpf39T+ePtefhXLOGrLl0QIjkQP6VnelA==",
|
||||
"cpu": [
|
||||
"arm64"
|
||||
],
|
||||
"dev": true,
|
||||
"license": "Apache-2.0",
|
||||
"optional": true,
|
||||
"os": [
|
||||
"netbsd"
|
||||
],
|
||||
"engines": {
|
||||
"node": ">=16.20.0"
|
||||
}
|
||||
},
|
||||
"node_modules/@typescript/typescript-netbsd-x64": {
|
||||
"version": "7.0.2",
|
||||
"resolved": "https://registry.npmjs.org/@typescript/typescript-netbsd-x64/-/typescript-netbsd-x64-7.0.2.tgz",
|
||||
"integrity": "sha512-8YIT0EHM/3dq10ZOVF/A7pc/YSMtbcecct4rWtexrnSCHOPcpC2KTLXfTCR6vDpnSiY12heNb1GiN/wu+T/FyA==",
|
||||
"cpu": [
|
||||
"x64"
|
||||
],
|
||||
"dev": true,
|
||||
"license": "Apache-2.0",
|
||||
"optional": true,
|
||||
"os": [
|
||||
"netbsd"
|
||||
],
|
||||
"engines": {
|
||||
"node": ">=16.20.0"
|
||||
}
|
||||
},
|
||||
"node_modules/@typescript/typescript-openbsd-arm64": {
|
||||
"version": "7.0.2",
|
||||
"resolved": "https://registry.npmjs.org/@typescript/typescript-openbsd-arm64/-/typescript-openbsd-arm64-7.0.2.tgz",
|
||||
"integrity": "sha512-APT8+ClYnuYm1u9+kgGXoMj2VzWzcymwh2gNSQVySHfkRDGOTVkoWLjCmOQSaO+PoqQ57B0flRp9SA+7GnnkzQ==",
|
||||
"cpu": [
|
||||
"arm64"
|
||||
],
|
||||
"dev": true,
|
||||
"license": "Apache-2.0",
|
||||
"optional": true,
|
||||
"os": [
|
||||
"openbsd"
|
||||
],
|
||||
"engines": {
|
||||
"node": ">=16.20.0"
|
||||
}
|
||||
},
|
||||
"node_modules/@typescript/typescript-openbsd-x64": {
|
||||
"version": "7.0.2",
|
||||
"resolved": "https://registry.npmjs.org/@typescript/typescript-openbsd-x64/-/typescript-openbsd-x64-7.0.2.tgz",
|
||||
"integrity": "sha512-yX7s+Q0Dln0Dt9tEzZsAjXXR/+ytBM7AlglaqyeMPxQszJ1JhlJdZ6jLA+IzldHtflX81em7lDao1xXu+aRRkg==",
|
||||
"cpu": [
|
||||
"x64"
|
||||
],
|
||||
"dev": true,
|
||||
"license": "Apache-2.0",
|
||||
"optional": true,
|
||||
"os": [
|
||||
"openbsd"
|
||||
],
|
||||
"engines": {
|
||||
"node": ">=16.20.0"
|
||||
}
|
||||
},
|
||||
"node_modules/@typescript/typescript-sunos-x64": {
|
||||
"version": "7.0.2",
|
||||
"resolved": "https://registry.npmjs.org/@typescript/typescript-sunos-x64/-/typescript-sunos-x64-7.0.2.tgz",
|
||||
"integrity": "sha512-dLJDGaLZ1D4HPQn62u1n8mBDkJREwMsAkCdkwd4Ieqw+x3TUyTsqY0YiBCtE6H6OzzgGk3iuZ3vFWRS+E8/d1g==",
|
||||
"cpu": [
|
||||
"x64"
|
||||
],
|
||||
"dev": true,
|
||||
"license": "Apache-2.0",
|
||||
"optional": true,
|
||||
"os": [
|
||||
"sunos"
|
||||
],
|
||||
"engines": {
|
||||
"node": ">=16.20.0"
|
||||
}
|
||||
},
|
||||
"node_modules/@typescript/typescript-win32-arm64": {
|
||||
"version": "7.0.2",
|
||||
"resolved": "https://registry.npmjs.org/@typescript/typescript-win32-arm64/-/typescript-win32-arm64-7.0.2.tgz",
|
||||
"integrity": "sha512-Gyl1Vy6OsWesLzmq+EP0Fb7b4Nid5232AvcA2SFcdYreldpNtYFFofPjnt62y9hQy7VTaZp65ICJjuAQRaVcIQ==",
|
||||
"cpu": [
|
||||
"arm64"
|
||||
],
|
||||
"dev": true,
|
||||
"license": "Apache-2.0",
|
||||
"optional": true,
|
||||
"os": [
|
||||
"win32"
|
||||
],
|
||||
"engines": {
|
||||
"node": ">=16.20.0"
|
||||
}
|
||||
},
|
||||
"node_modules/@typescript/typescript-win32-x64": {
|
||||
"version": "7.0.2",
|
||||
"resolved": "https://registry.npmjs.org/@typescript/typescript-win32-x64/-/typescript-win32-x64-7.0.2.tgz",
|
||||
"integrity": "sha512-0BQ3HkAHHlKLSp1qRvf3SUhGpGsDuhB/jgFw75guyqbxJqEaS0Cw/VFO8i2nHglJUzQCRtMMR/IBAKE3ETMC4g==",
|
||||
"cpu": [
|
||||
"x64"
|
||||
],
|
||||
"dev": true,
|
||||
"license": "Apache-2.0",
|
||||
"optional": true,
|
||||
"os": [
|
||||
"win32"
|
||||
],
|
||||
"engines": {
|
||||
"node": ">=16.20.0"
|
||||
}
|
||||
},
|
||||
"node_modules/@ungap/structured-clone": {
|
||||
"version": "1.3.1",
|
||||
"resolved": "https://registry.npmjs.org/@ungap/structured-clone/-/structured-clone-1.3.1.tgz",
|
||||
"integrity": "sha512-mUFwbeTqrVgDQxFveS+df2yfap6iuP20NAKAsBt5jDEoOTDew+zwLAOilHCeQJOVSvmgCX4ogqIrA0mnyr08yQ==",
|
||||
"version": "1.3.3",
|
||||
"resolved": "https://registry.npmjs.org/@ungap/structured-clone/-/structured-clone-1.3.3.tgz",
|
||||
"integrity": "sha512-60YRaenCQcVjYEKOcG824+DRGGIQ3VKErcBoAEDJZz5bKIs2ZG+X/H9Nk+Q6EVkwJk5QNApxbrc5QtBSwtrXAg==",
|
||||
"dev": true,
|
||||
"license": "ISC"
|
||||
},
|
||||
@@ -3249,18 +3589,18 @@
|
||||
"license": "MIT"
|
||||
},
|
||||
"node_modules/shiki": {
|
||||
"version": "4.2.0",
|
||||
"resolved": "https://registry.npmjs.org/shiki/-/shiki-4.2.0.tgz",
|
||||
"integrity": "sha512-hjNax6o/ylDy9lefQEaSDtzaT3iVNtZ3WmpQnbuQNoG4xvnSKf2kSKbihZVO4JRG1TTMejs7CmNRYlWgAL66pQ==",
|
||||
"version": "4.3.1",
|
||||
"resolved": "https://registry.npmjs.org/shiki/-/shiki-4.3.1.tgz",
|
||||
"integrity": "sha512-oR+qDVi2OjX1tmDpyv+3KviX01KzO6Af+0NNnKnsp9491UEGz2YpxTuJboS/6VhYpTdqzmuJBuiTlrAWWJAssw==",
|
||||
"dev": true,
|
||||
"license": "MIT",
|
||||
"dependencies": {
|
||||
"@shikijs/core": "4.2.0",
|
||||
"@shikijs/engine-javascript": "4.2.0",
|
||||
"@shikijs/engine-oniguruma": "4.2.0",
|
||||
"@shikijs/langs": "4.2.0",
|
||||
"@shikijs/themes": "4.2.0",
|
||||
"@shikijs/types": "4.2.0",
|
||||
"@shikijs/core": "4.3.1",
|
||||
"@shikijs/engine-javascript": "4.3.1",
|
||||
"@shikijs/engine-oniguruma": "4.3.1",
|
||||
"@shikijs/langs": "4.3.1",
|
||||
"@shikijs/themes": "4.3.1",
|
||||
"@shikijs/types": "4.3.1",
|
||||
"@shikijs/vscode-textmate": "^10.0.2",
|
||||
"@types/hast": "^3.0.4"
|
||||
},
|
||||
@@ -3361,17 +3701,38 @@
|
||||
"license": "0BSD"
|
||||
},
|
||||
"node_modules/typescript": {
|
||||
"version": "6.0.3",
|
||||
"resolved": "https://registry.npmjs.org/typescript/-/typescript-6.0.3.tgz",
|
||||
"integrity": "sha512-y2TvuxSZPDyQakkFRPZHKFm+KKVqIisdg9/CZwm9ftvKXLP8NRWj38/ODjNbr43SsoXqNuAisEf1GdCxqWcdBw==",
|
||||
"version": "7.0.2",
|
||||
"resolved": "https://registry.npmjs.org/typescript/-/typescript-7.0.2.tgz",
|
||||
"integrity": "sha512-8FYau96o3NKOhbjKi/qNvG/W5jhzxkbdm5sj9AbZ/5T5sWqn3hJgLfGx27sRKZWTvyzCP8dLRBTf5tBTSRVUNA==",
|
||||
"dev": true,
|
||||
"license": "Apache-2.0",
|
||||
"bin": {
|
||||
"tsc": "bin/tsc",
|
||||
"tsserver": "bin/tsserver"
|
||||
"tsc": "bin/tsc"
|
||||
},
|
||||
"engines": {
|
||||
"node": ">=14.17"
|
||||
"node": ">=16.20.0"
|
||||
},
|
||||
"optionalDependencies": {
|
||||
"@typescript/typescript-aix-ppc64": "7.0.2",
|
||||
"@typescript/typescript-darwin-arm64": "7.0.2",
|
||||
"@typescript/typescript-darwin-x64": "7.0.2",
|
||||
"@typescript/typescript-freebsd-arm64": "7.0.2",
|
||||
"@typescript/typescript-freebsd-x64": "7.0.2",
|
||||
"@typescript/typescript-linux-arm": "7.0.2",
|
||||
"@typescript/typescript-linux-arm64": "7.0.2",
|
||||
"@typescript/typescript-linux-loong64": "7.0.2",
|
||||
"@typescript/typescript-linux-mips64el": "7.0.2",
|
||||
"@typescript/typescript-linux-ppc64": "7.0.2",
|
||||
"@typescript/typescript-linux-riscv64": "7.0.2",
|
||||
"@typescript/typescript-linux-s390x": "7.0.2",
|
||||
"@typescript/typescript-linux-x64": "7.0.2",
|
||||
"@typescript/typescript-netbsd-arm64": "7.0.2",
|
||||
"@typescript/typescript-netbsd-x64": "7.0.2",
|
||||
"@typescript/typescript-openbsd-arm64": "7.0.2",
|
||||
"@typescript/typescript-openbsd-x64": "7.0.2",
|
||||
"@typescript/typescript-sunos-x64": "7.0.2",
|
||||
"@typescript/typescript-win32-arm64": "7.0.2",
|
||||
"@typescript/typescript-win32-x64": "7.0.2"
|
||||
}
|
||||
},
|
||||
"node_modules/unhead": {
|
||||
|
||||
+1
-1
@@ -25,6 +25,6 @@
|
||||
"@rspress/core": "^2.0.0",
|
||||
"@rspress/plugin-client-redirects": "^2.0.0",
|
||||
"@rspress/plugin-sitemap": "^2.0.0",
|
||||
"typescript": "^6.0.0"
|
||||
"typescript": "^7.0.0"
|
||||
}
|
||||
}
|
||||
|
||||
@@ -60,6 +60,13 @@
|
||||
"matchPackageNames": ["rust", "rustc", "cargo"],
|
||||
"groupName": "rust-toolchain"
|
||||
},
|
||||
{
|
||||
"description": "Delay major rust toolchain updates",
|
||||
"matchManagers": ["custom.regex"],
|
||||
"matchPackageNames": ["rust", "rustc", "cargo"],
|
||||
"matchUpdateTypes": ["major"],
|
||||
"minimumReleaseAge": "30 days"
|
||||
},
|
||||
{
|
||||
"description": "Batch minor and patch GitHub Actions updates",
|
||||
"matchManagers": ["github-actions"],
|
||||
|
||||
+1
-1
@@ -10,7 +10,7 @@
|
||||
|
||||
[toolchain]
|
||||
profile = "minimal"
|
||||
channel = "1.96.1"
|
||||
channel = "1.97.1"
|
||||
components = [
|
||||
# For rust-analyzer
|
||||
"rust-src",
|
||||
|
||||
@@ -73,4 +73,29 @@ pub(super) async fn list_registered(&self) -> Result {
|
||||
})
|
||||
.await
|
||||
}
|
||||
|
||||
pub(super) async fn ensure_puppets_active(&self) -> Result {
|
||||
self.services
|
||||
.users
|
||||
.stream_local_users()
|
||||
.filter_map(async |user_id| {
|
||||
if self.services.appservice.is_user_id(&user_id).await {
|
||||
Some(user_id)
|
||||
} else {
|
||||
None
|
||||
}
|
||||
})
|
||||
.for_each(async |user_id| {
|
||||
self.services
|
||||
.users
|
||||
.convert_to_shadow_account(&user_id)
|
||||
.await
|
||||
.expect("should be able to convert to shadow");
|
||||
})
|
||||
.await;
|
||||
|
||||
write!(self, "All appservice puppets have been marked as active.").await?;
|
||||
|
||||
Ok(())
|
||||
}
|
||||
}
|
||||
|
||||
@@ -37,4 +37,10 @@ pub enum AppserviceCommand {
|
||||
/// List all the currently registered appservices
|
||||
#[clap(alias("list"))]
|
||||
ListRegistered,
|
||||
|
||||
/// Ensure no appservice puppets are marked as deactivated.
|
||||
/// This is a debug command to fix issues caused by a faulty database
|
||||
/// migration in Continuwuity 26.6.0.
|
||||
#[clap(hide = true)]
|
||||
EnsurePuppetsActive,
|
||||
}
|
||||
|
||||
@@ -486,7 +486,7 @@ pub(super) async fn get_remote_pdu(
|
||||
.services
|
||||
.rooms
|
||||
.event_handler
|
||||
.parse_incoming_pdu(&response.pdu)
|
||||
.parse_incoming_pdu(&response.pdu, None)
|
||||
.boxed()
|
||||
.await;
|
||||
|
||||
@@ -832,7 +832,7 @@ pub(super) async fn force_set_room_state_from_server(
|
||||
.services
|
||||
.rooms
|
||||
.event_handler
|
||||
.parse_incoming_pdu(&pdu)
|
||||
.parse_incoming_pdu(&pdu, Some(&room_version_rules))
|
||||
.await
|
||||
{
|
||||
| Ok(t) => t,
|
||||
@@ -1014,7 +1014,7 @@ pub(super) async fn resolve_true_destination(
|
||||
let resolver: &MatrixResolver = if no_cache {
|
||||
&MatrixResolverBuilder::new()
|
||||
.dangerous_tls_accept_invalid_certs(self.services.server.config.allow_invalid_tls_certificates_yes_i_know_what_the_fuck_i_am_doing_with_this_and_i_know_this_is_insecure)
|
||||
.http_client(self.services.client.default.clone())
|
||||
.http_client(self.services.client.dns.clone())
|
||||
.build()?
|
||||
} else {
|
||||
&self.services.client.matrix_resolver
|
||||
|
||||
@@ -54,7 +54,7 @@ pub(super) async fn fetch_support_well_known(&self, server_name: OwnedServerName
|
||||
let response = self
|
||||
.services
|
||||
.client
|
||||
.default
|
||||
.external_resource
|
||||
.get(format!("https://{server_name}/.well-known/matrix/support"))
|
||||
.send()
|
||||
.await?;
|
||||
|
||||
@@ -1,5 +1,4 @@
|
||||
use axum::extract::State;
|
||||
use axum_client_ip::ClientIp;
|
||||
use conduwuit::{
|
||||
Err, Result, err, info,
|
||||
pdu::PartialPdu,
|
||||
@@ -26,8 +25,8 @@
|
||||
};
|
||||
use service::{mailer::messages, uiaa::UiaaInitiator, users::HashedPassword};
|
||||
|
||||
use super::{DEVICE_ID_LENGTH, TOKEN_LENGTH};
|
||||
use crate::{Ruma, router::ClientIdentity};
|
||||
use super::DEVICE_ID_LENGTH;
|
||||
use crate::{Ruma, client_ip::ClientIp, router::ClientIdentity};
|
||||
|
||||
pub(crate) mod register;
|
||||
pub(crate) mod threepid;
|
||||
@@ -43,10 +42,9 @@
|
||||
///
|
||||
/// Note: This will not reserve the username, so the username might become
|
||||
/// invalid when trying to register
|
||||
#[tracing::instrument(skip_all, fields(%client), name = "register_available", level = "info")]
|
||||
#[tracing::instrument(skip_all, name = "register_available", level = "info")]
|
||||
pub(crate) async fn get_register_available_route(
|
||||
State(services): State<crate::State>,
|
||||
ClientIp(client): ClientIp,
|
||||
body: Ruma<get_username_availability::v3::Request>,
|
||||
) -> Result<get_username_availability::v3::Response> {
|
||||
let _ = services
|
||||
@@ -80,10 +78,9 @@ pub(crate) async fn get_register_available_route(
|
||||
/// last seen ts)
|
||||
/// - Forgets to-device events
|
||||
/// - Triggers device list updates
|
||||
#[tracing::instrument(skip_all, fields(%client), name = "change_password", level = "info")]
|
||||
#[tracing::instrument(skip_all, name = "change_password", level = "info")]
|
||||
pub(crate) async fn change_password_route(
|
||||
State(services): State<crate::State>,
|
||||
ClientIp(client): ClientIp,
|
||||
body: Ruma<change_password::v3::Request>,
|
||||
) -> Result<change_password::v3::Response> {
|
||||
let identity = if let Some(identity) = body.identity.as_ref() {
|
||||
@@ -248,10 +245,9 @@ pub(crate) async fn whoami_route(
|
||||
/// - Forgets all to-device events
|
||||
/// - Triggers device list updates
|
||||
/// - Removes ability to log in again
|
||||
#[tracing::instrument(skip_all, fields(%client), name = "deactivate", level = "info")]
|
||||
#[tracing::instrument(skip_all, name = "deactivate", level = "info")]
|
||||
pub(crate) async fn deactivate_route(
|
||||
State(services): State<crate::State>,
|
||||
ClientIp(client): ClientIp,
|
||||
body: Ruma<deactivate::v3::Request>,
|
||||
) -> Result<deactivate::v3::Response> {
|
||||
// Authentication for this endpoint is technically optional,
|
||||
|
||||
@@ -1,7 +1,6 @@
|
||||
use std::collections::HashMap;
|
||||
|
||||
use axum::extract::State;
|
||||
use axum_client_ip::ClientIp;
|
||||
use conduwuit::{
|
||||
Err, Result, debug_info, info,
|
||||
utils::{self},
|
||||
@@ -20,10 +19,13 @@
|
||||
assign,
|
||||
};
|
||||
use serde_json::value::RawValue;
|
||||
use service::{mailer::messages, users::HashedPassword};
|
||||
use service::{
|
||||
mailer::messages,
|
||||
users::{DeviceToken, HashedPassword},
|
||||
};
|
||||
|
||||
use super::{DEVICE_ID_LENGTH, TOKEN_LENGTH};
|
||||
use crate::Ruma;
|
||||
use super::DEVICE_ID_LENGTH;
|
||||
use crate::{Ruma, client_ip::ClientIp};
|
||||
|
||||
/// # `POST /_matrix/client/v3/register`
|
||||
///
|
||||
@@ -33,10 +35,10 @@
|
||||
/// /_matrix/client/v3/register/available`](fn.get_register_available_route.
|
||||
/// html) to check if the user id is valid and available.
|
||||
#[allow(clippy::doc_markdown)]
|
||||
#[tracing::instrument(skip_all, fields(%client), name = "register", level = "info")]
|
||||
#[tracing::instrument(skip_all, name = "register", level = "info")]
|
||||
pub(crate) async fn register_route(
|
||||
State(services): State<crate::State>,
|
||||
ClientIp(client): ClientIp,
|
||||
ClientIp(client): ClientIp, // NOTE: Required for metadata.
|
||||
body: Ruma<register::v3::Request>,
|
||||
) -> Result<register::v3::Response> {
|
||||
if body.kind != RegistrationKind::User {
|
||||
@@ -119,7 +121,7 @@ pub(crate) async fn register_route(
|
||||
.unwrap_or_else(|| utils::random_string(DEVICE_ID_LENGTH).into());
|
||||
|
||||
// Generate new token for the device
|
||||
let new_token = utils::random_string(TOKEN_LENGTH);
|
||||
let new_token = DeviceToken::new_random();
|
||||
|
||||
// Create device for this account
|
||||
services
|
||||
@@ -127,8 +129,7 @@ pub(crate) async fn register_route(
|
||||
.create_device(
|
||||
&user_id,
|
||||
&device_id,
|
||||
&new_token,
|
||||
None,
|
||||
Some(new_token.clone()),
|
||||
body.initial_device_display_name.clone(),
|
||||
Some(client.to_string()),
|
||||
)
|
||||
@@ -142,7 +143,7 @@ pub(crate) async fn register_route(
|
||||
debug_info!(%user_id, ?device, "New account created via legacy registration");
|
||||
|
||||
Ok(assign!(register::v3::Response::new(user_id), {
|
||||
access_token: token,
|
||||
access_token: token.map(DeviceToken::into_token),
|
||||
device_id: device,
|
||||
refresh_token: None,
|
||||
expires_in: None,
|
||||
|
||||
@@ -57,13 +57,11 @@ pub(crate) async fn request_3pid_management_token_via_email_route(
|
||||
State(services): State<crate::State>,
|
||||
body: Ruma<request_3pid_management_token_via_email::v3::Request>,
|
||||
) -> Result<request_3pid_management_token_via_email::v3::Response> {
|
||||
// Authentication for this endpoint is technically optional,
|
||||
// but we require the user to be logged in
|
||||
let sender_user = body
|
||||
.identity
|
||||
.as_ref()
|
||||
.map(ClientIdentity::expect_sender_user)
|
||||
.ok_or_else(|| err!(Request(MissingToken("Missing access token."))))??;
|
||||
.transpose()?;
|
||||
|
||||
if !services.threepid.email_requirement().may_change() {
|
||||
return Err!(Request(Forbidden("You may not change your email address.")));
|
||||
@@ -88,7 +86,7 @@ pub(crate) async fn request_3pid_management_token_via_email_route(
|
||||
Mailbox::new(None, email),
|
||||
|verification_link| messages::ChangeEmail {
|
||||
server_name: services.config.server_name.as_str(),
|
||||
user_id: Some(sender_user),
|
||||
user_id: sender_user,
|
||||
verification_link,
|
||||
},
|
||||
&body.client_secret,
|
||||
|
||||
@@ -1,5 +1,4 @@
|
||||
use axum::extract::State;
|
||||
use axum_client_ip::ClientIp;
|
||||
use conduwuit::{Err, Result, at};
|
||||
use futures::StreamExt;
|
||||
use ruma::{
|
||||
@@ -12,17 +11,16 @@
|
||||
assign,
|
||||
};
|
||||
|
||||
use crate::Ruma;
|
||||
use crate::{Ruma, client_ip::ClientIp};
|
||||
|
||||
const MAX_BATCH_EVENTS: usize = 50;
|
||||
|
||||
/// # `PUT /_matrix/client/../dehydrated_device`
|
||||
///
|
||||
/// Creates or overwrites the user's dehydrated device.
|
||||
#[tracing::instrument(skip_all, fields(%client))]
|
||||
#[tracing::instrument(skip_all)]
|
||||
pub(crate) async fn put_dehydrated_device_route(
|
||||
State(services): State<crate::State>,
|
||||
ClientIp(client): ClientIp,
|
||||
body: Ruma<put_dehydrated_device::Request>,
|
||||
) -> Result<put_dehydrated_device::Response> {
|
||||
let device_id = body.device_id.clone();
|
||||
@@ -38,10 +36,9 @@ pub(crate) async fn put_dehydrated_device_route(
|
||||
/// # `DELETE /_matrix/client/../dehydrated_device`
|
||||
///
|
||||
/// Deletes the user's dehydrated device without replacement.
|
||||
#[tracing::instrument(skip_all, fields(%client))]
|
||||
#[tracing::instrument(skip_all)]
|
||||
pub(crate) async fn delete_dehydrated_device_route(
|
||||
State(services): State<crate::State>,
|
||||
ClientIp(client): ClientIp,
|
||||
body: Ruma<delete_dehydrated_device::Request>,
|
||||
) -> Result<delete_dehydrated_device::Response> {
|
||||
let sender_user = body.identity.expect_sender_user()?;
|
||||
@@ -56,10 +53,9 @@ pub(crate) async fn delete_dehydrated_device_route(
|
||||
/// # `GET /_matrix/client/../dehydrated_device`
|
||||
///
|
||||
/// Gets the user's dehydrated device
|
||||
#[tracing::instrument(skip_all, fields(%client))]
|
||||
#[tracing::instrument(skip_all)]
|
||||
pub(crate) async fn get_dehydrated_device_route(
|
||||
State(services): State<crate::State>,
|
||||
ClientIp(client): ClientIp,
|
||||
body: Ruma<get_dehydrated_device::Request>,
|
||||
) -> Result<get_dehydrated_device::Response> {
|
||||
let sender_user = body.identity.expect_sender_user()?;
|
||||
@@ -72,10 +68,9 @@ pub(crate) async fn get_dehydrated_device_route(
|
||||
/// # `GET /_matrix/client/../dehydrated_device/{device_id}/events`
|
||||
///
|
||||
/// Paginates the events of the dehydrated device.
|
||||
#[tracing::instrument(skip_all, fields(%client))]
|
||||
#[tracing::instrument(skip_all)]
|
||||
pub(crate) async fn get_dehydrated_events_route(
|
||||
State(services): State<crate::State>,
|
||||
ClientIp(client): ClientIp,
|
||||
body: Ruma<get_events::Request>,
|
||||
) -> Result<get_events::Response> {
|
||||
let sender_user = body.identity.expect_sender_user()?;
|
||||
|
||||
@@ -1,5 +1,4 @@
|
||||
use axum::extract::State;
|
||||
use axum_client_ip::ClientIp;
|
||||
use conduwuit::{Err, Result, debug, err, utils};
|
||||
use futures::StreamExt;
|
||||
use ruma::{
|
||||
@@ -9,7 +8,7 @@
|
||||
},
|
||||
};
|
||||
|
||||
use crate::{Ruma, client::DEVICE_ID_LENGTH};
|
||||
use crate::{Ruma, client::DEVICE_ID_LENGTH, client_ip::ClientIp};
|
||||
|
||||
/// # `GET /_matrix/client/r0/devices`
|
||||
///
|
||||
@@ -46,10 +45,10 @@ pub(crate) async fn get_device_route(
|
||||
/// # `PUT /_matrix/client/r0/devices/{deviceId}`
|
||||
///
|
||||
/// Updates the metadata on a given device of the sender user.
|
||||
#[tracing::instrument(skip_all, fields(%client), name = "update_device", level = "debug")]
|
||||
#[tracing::instrument(skip_all, name = "update_device", level = "debug")]
|
||||
pub(crate) async fn update_device_route(
|
||||
State(services): State<crate::State>,
|
||||
ClientIp(client): ClientIp,
|
||||
ClientIp(client): ClientIp, // NOTE: Required for updating device metadata
|
||||
body: Ruma<update_device::v3::Request>,
|
||||
) -> Result<update_device::v3::Response> {
|
||||
let sender_user = body.identity.expect_sender_user()?;
|
||||
@@ -89,14 +88,7 @@ pub(crate) async fn update_device_route(
|
||||
|
||||
services
|
||||
.users
|
||||
.create_device(
|
||||
sender_user,
|
||||
&device_id,
|
||||
&appservice.registration.as_token,
|
||||
None,
|
||||
None,
|
||||
Some(client.to_string()),
|
||||
)
|
||||
.create_device(sender_user, &device_id, None, None, Some(client.to_string()))
|
||||
.await?;
|
||||
|
||||
return Ok(update_device::v3::Response::new());
|
||||
|
||||
@@ -1,5 +1,4 @@
|
||||
use axum::extract::State;
|
||||
use axum_client_ip::ClientIp;
|
||||
use conduwuit::{
|
||||
Err, Result, err, info,
|
||||
utils::{
|
||||
@@ -28,17 +27,16 @@
|
||||
};
|
||||
use tokio::join;
|
||||
|
||||
use crate::Ruma;
|
||||
use crate::{Ruma, client_ip::ClientIp};
|
||||
|
||||
/// # `POST /_matrix/client/v3/publicRooms`
|
||||
///
|
||||
/// Lists the public rooms on this server.
|
||||
///
|
||||
/// - Rooms are ordered by the number of joined members
|
||||
#[tracing::instrument(skip_all, fields(%client), name = "publicrooms", level = "info")]
|
||||
#[tracing::instrument(skip_all, name = "publicrooms", level = "info")]
|
||||
pub(crate) async fn get_public_rooms_filtered_route(
|
||||
State(services): State<crate::State>,
|
||||
ClientIp(client): ClientIp,
|
||||
body: Ruma<get_public_rooms_filtered::v3::Request>,
|
||||
) -> Result<get_public_rooms_filtered::v3::Response> {
|
||||
if let Some(server) = &body.server {
|
||||
@@ -71,10 +69,9 @@ pub(crate) async fn get_public_rooms_filtered_route(
|
||||
/// Lists the public rooms on this server.
|
||||
///
|
||||
/// - Rooms are ordered by the number of joined members
|
||||
#[tracing::instrument(skip_all, fields(%client), name = "publicrooms", level = "info")]
|
||||
#[tracing::instrument(skip_all, name = "publicrooms", level = "info")]
|
||||
pub(crate) async fn get_public_rooms_route(
|
||||
State(services): State<crate::State>,
|
||||
ClientIp(client): ClientIp,
|
||||
body: Ruma<get_public_rooms::v3::Request>,
|
||||
) -> Result<get_public_rooms::v3::Response> {
|
||||
if let Some(server) = &body.server {
|
||||
@@ -106,10 +103,9 @@ pub(crate) async fn get_public_rooms_route(
|
||||
/// # `PUT /_matrix/client/r0/directory/list/room/{roomId}`
|
||||
///
|
||||
/// Sets the visibility of a given room in the room directory.
|
||||
#[tracing::instrument(skip_all, fields(%client), name = "room_directory", level = "info")]
|
||||
#[tracing::instrument(skip_all, name = "room_directory", level = "info")]
|
||||
pub(crate) async fn set_room_visibility_route(
|
||||
State(services): State<crate::State>,
|
||||
ClientIp(client): ClientIp,
|
||||
body: Ruma<set_room_visibility::v3::Request>,
|
||||
) -> Result<set_room_visibility::v3::Response> {
|
||||
let sender_user = body.identity.expect_sender_user()?;
|
||||
|
||||
+1
-37
@@ -1,7 +1,6 @@
|
||||
use std::time::Duration;
|
||||
|
||||
use axum::extract::State;
|
||||
use axum_client_ip::ClientIp;
|
||||
use conduwuit::{
|
||||
Err, Result, err,
|
||||
utils::{self, content_disposition::make_content_disposition, math::ruma_from_usize},
|
||||
@@ -24,7 +23,7 @@
|
||||
};
|
||||
use service::media::mxc::Mxc;
|
||||
|
||||
use crate::Ruma;
|
||||
use crate::{Ruma, client_ip::ClientIp};
|
||||
|
||||
/// # `GET /_matrix/client/v1/media/config`
|
||||
pub(crate) async fn get_media_config_route(
|
||||
@@ -42,15 +41,8 @@ pub(crate) async fn get_media_config_route(
|
||||
///
|
||||
/// - Some metadata will be saved in the database
|
||||
/// - Media will be saved in the media/ directory
|
||||
#[tracing::instrument(
|
||||
name = "media_upload",
|
||||
level = "debug",
|
||||
skip_all,
|
||||
fields(%client),
|
||||
)]
|
||||
pub(crate) async fn create_content_route(
|
||||
State(services): State<crate::State>,
|
||||
ClientIp(client): ClientIp,
|
||||
body: Ruma<create_content::v3::Request>,
|
||||
) -> Result<create_content::v3::Response> {
|
||||
let user = body.identity.expect_sender_user()?;
|
||||
@@ -81,15 +73,8 @@ pub(crate) async fn create_content_route(
|
||||
/// # `GET /_matrix/client/v1/media/thumbnail/{serverName}/{mediaId}`
|
||||
///
|
||||
/// Load media thumbnail from our server or over federation.
|
||||
#[tracing::instrument(
|
||||
name = "media_thumbnail_get",
|
||||
level = "debug",
|
||||
skip_all,
|
||||
fields(%client),
|
||||
)]
|
||||
pub(crate) async fn get_content_thumbnail_route(
|
||||
State(services): State<crate::State>,
|
||||
ClientIp(client): ClientIp,
|
||||
body: Ruma<get_content_thumbnail::v1::Request>,
|
||||
) -> Result<get_content_thumbnail::v1::Response> {
|
||||
let user = body.identity.expect_sender_user()?;
|
||||
@@ -131,15 +116,8 @@ pub(crate) async fn get_content_thumbnail_route(
|
||||
/// # `GET /_matrix/client/v1/media/download/{serverName}/{mediaId}`
|
||||
///
|
||||
/// Load media from our server or over federation.
|
||||
#[tracing::instrument(
|
||||
name = "media_get",
|
||||
level = "debug",
|
||||
skip_all,
|
||||
fields(%client),
|
||||
)]
|
||||
pub(crate) async fn get_content_route(
|
||||
State(services): State<crate::State>,
|
||||
ClientIp(client): ClientIp,
|
||||
body: Ruma<get_content::v1::Request>,
|
||||
) -> Result<get_content::v1::Response> {
|
||||
let user = body.identity.expect_sender_user()?;
|
||||
@@ -178,15 +156,8 @@ pub(crate) async fn get_content_route(
|
||||
/// # `GET /_matrix/client/v1/media/download/{serverName}/{mediaId}/{fileName}`
|
||||
///
|
||||
/// Load media from our server or over federation as fileName.
|
||||
#[tracing::instrument(
|
||||
name = "media_get_af",
|
||||
level = "debug",
|
||||
skip_all,
|
||||
fields(%client),
|
||||
)]
|
||||
pub(crate) async fn get_content_as_filename_route(
|
||||
State(services): State<crate::State>,
|
||||
ClientIp(client): ClientIp,
|
||||
body: Ruma<get_content_as_filename::v1::Request>,
|
||||
) -> Result<get_content_as_filename::v1::Response> {
|
||||
let user = body.identity.expect_sender_user()?;
|
||||
@@ -229,15 +200,8 @@ pub(crate) async fn get_content_as_filename_route(
|
||||
/// # `GET /_matrix/client/v1/media/preview_url`
|
||||
///
|
||||
/// Returns URL preview.
|
||||
#[tracing::instrument(
|
||||
name = "url_preview",
|
||||
level = "debug",
|
||||
skip_all,
|
||||
fields(%client),
|
||||
)]
|
||||
pub(crate) async fn get_media_preview_route(
|
||||
State(services): State<crate::State>,
|
||||
ClientIp(client): ClientIp,
|
||||
body: Ruma<get_media_preview::v1::Request>,
|
||||
) -> Result<get_media_preview::v1::Response> {
|
||||
let sender_user = body.identity.expect_sender_user()?;
|
||||
|
||||
@@ -1,7 +1,6 @@
|
||||
#![allow(deprecated)]
|
||||
|
||||
use axum::extract::State;
|
||||
use axum_client_ip::ClientIp;
|
||||
use conduwuit::{
|
||||
Err, Result, err,
|
||||
utils::{content_disposition::make_content_disposition, math::ruma_from_usize},
|
||||
@@ -17,7 +16,7 @@
|
||||
};
|
||||
use service::media::mxc::Mxc;
|
||||
|
||||
use crate::{Ruma, RumaResponse, client::create_content_route};
|
||||
use crate::{Ruma, RumaResponse, client::create_content_route, client_ip::ClientIp};
|
||||
|
||||
/// # `GET /_matrix/media/v3/config`
|
||||
///
|
||||
@@ -50,10 +49,8 @@ pub(crate) async fn get_media_config_legacy_legacy_route(
|
||||
/// # `GET /_matrix/media/v3/preview_url`
|
||||
///
|
||||
/// Returns URL preview.
|
||||
#[tracing::instrument(skip_all, fields(%client), name = "url_preview_legacy", level = "debug")]
|
||||
pub(crate) async fn get_media_preview_legacy_route(
|
||||
State(services): State<crate::State>,
|
||||
ClientIp(client): ClientIp,
|
||||
body: Ruma<get_media_preview::v3::Request>,
|
||||
) -> Result<get_media_preview::v3::Response> {
|
||||
let sender_user = body.identity.expect_sender_user()?;
|
||||
@@ -95,10 +92,9 @@ pub(crate) async fn get_media_preview_legacy_route(
|
||||
/// Returns URL preview.
|
||||
pub(crate) async fn get_media_preview_legacy_legacy_route(
|
||||
State(services): State<crate::State>,
|
||||
ClientIp(client): ClientIp,
|
||||
body: Ruma<get_media_preview::v3::Request>,
|
||||
) -> Result<RumaResponse<get_media_preview::v3::Response>> {
|
||||
get_media_preview_legacy_route(State(services), ClientIp(client), body)
|
||||
get_media_preview_legacy_route(State(services), body)
|
||||
.await
|
||||
.map(RumaResponse)
|
||||
}
|
||||
@@ -115,10 +111,9 @@ pub(crate) async fn get_media_preview_legacy_legacy_route(
|
||||
/// - Media will be saved in the media/ directory
|
||||
pub(crate) async fn create_content_legacy_route(
|
||||
State(services): State<crate::State>,
|
||||
ClientIp(client): ClientIp,
|
||||
body: Ruma<create_content::v3::Request>,
|
||||
) -> Result<RumaResponse<create_content::v3::Response>> {
|
||||
create_content_route(State(services), ClientIp(client), body)
|
||||
create_content_route(State(services), body)
|
||||
.await
|
||||
.map(RumaResponse)
|
||||
}
|
||||
@@ -131,10 +126,8 @@ pub(crate) async fn create_content_legacy_route(
|
||||
/// - Only redirects if `allow_redirect` is true
|
||||
/// - Uses client-provided `timeout_ms` if available, else defaults to 20
|
||||
/// seconds
|
||||
#[tracing::instrument(skip_all, fields(%client), name = "media_get_legacy", level = "debug")]
|
||||
pub(crate) async fn get_content_legacy_route(
|
||||
State(services): State<crate::State>,
|
||||
ClientIp(client): ClientIp,
|
||||
body: Ruma<get_content::v3::Request>,
|
||||
) -> Result<get_content::v3::Response> {
|
||||
let mxc = Mxc {
|
||||
@@ -209,13 +202,11 @@ pub(crate) async fn get_content_legacy_route(
|
||||
/// - Only redirects if `allow_redirect` is true
|
||||
/// - Uses client-provided `timeout_ms` if available, else defaults to 20
|
||||
/// seconds
|
||||
#[tracing::instrument(skip_all, fields(%client), name = "media_get_legacy", level = "debug")]
|
||||
pub(crate) async fn get_content_legacy_legacy_route(
|
||||
State(services): State<crate::State>,
|
||||
ClientIp(client): ClientIp,
|
||||
body: Ruma<get_content::v3::Request>,
|
||||
) -> Result<RumaResponse<get_content::v3::Response>> {
|
||||
get_content_legacy_route(State(services), ClientIp(client), body)
|
||||
get_content_legacy_route(State(services), body)
|
||||
.await
|
||||
.map(RumaResponse)
|
||||
}
|
||||
@@ -228,10 +219,8 @@ pub(crate) async fn get_content_legacy_legacy_route(
|
||||
/// - Only redirects if `allow_redirect` is true
|
||||
/// - Uses client-provided `timeout_ms` if available, else defaults to 20
|
||||
/// seconds
|
||||
#[tracing::instrument(skip_all, fields(%client), name = "media_get_legacy", level = "debug")]
|
||||
pub(crate) async fn get_content_as_filename_legacy_route(
|
||||
State(services): State<crate::State>,
|
||||
ClientIp(client): ClientIp,
|
||||
body: Ruma<get_content_as_filename::v3::Request>,
|
||||
) -> Result<get_content_as_filename::v3::Response> {
|
||||
let mxc = Mxc {
|
||||
@@ -307,10 +296,9 @@ pub(crate) async fn get_content_as_filename_legacy_route(
|
||||
/// seconds
|
||||
pub(crate) async fn get_content_as_filename_legacy_legacy_route(
|
||||
State(services): State<crate::State>,
|
||||
ClientIp(client): ClientIp,
|
||||
body: Ruma<get_content_as_filename::v3::Request>,
|
||||
) -> Result<RumaResponse<get_content_as_filename::v3::Response>> {
|
||||
get_content_as_filename_legacy_route(State(services), ClientIp(client), body)
|
||||
get_content_as_filename_legacy_route(State(services), body)
|
||||
.await
|
||||
.map(RumaResponse)
|
||||
}
|
||||
@@ -323,10 +311,8 @@ pub(crate) async fn get_content_as_filename_legacy_legacy_route(
|
||||
/// - Only redirects if `allow_redirect` is true
|
||||
/// - Uses client-provided `timeout_ms` if available, else defaults to 20
|
||||
/// seconds
|
||||
#[tracing::instrument(skip_all, fields(%client), name = "media_thumbnail_get_legacy", level = "debug")]
|
||||
pub(crate) async fn get_content_thumbnail_legacy_route(
|
||||
State(services): State<crate::State>,
|
||||
ClientIp(client): ClientIp,
|
||||
body: Ruma<get_content_thumbnail::v3::Request>,
|
||||
) -> Result<get_content_thumbnail::v3::Response> {
|
||||
let mxc = Mxc {
|
||||
@@ -404,10 +390,9 @@ pub(crate) async fn get_content_thumbnail_legacy_route(
|
||||
/// seconds
|
||||
pub(crate) async fn get_content_thumbnail_legacy_legacy_route(
|
||||
State(services): State<crate::State>,
|
||||
ClientIp(client): ClientIp,
|
||||
body: Ruma<get_content_thumbnail::v3::Request>,
|
||||
) -> Result<RumaResponse<get_content_thumbnail::v3::Response>> {
|
||||
get_content_thumbnail_legacy_route(State(services), ClientIp(client), body)
|
||||
get_content_thumbnail_legacy_route(State(services), body)
|
||||
.await
|
||||
.map(RumaResponse)
|
||||
}
|
||||
|
||||
@@ -1,9 +1,8 @@
|
||||
use axum::extract::State;
|
||||
use axum_client_ip::ClientIp;
|
||||
use conduwuit::{
|
||||
Err, Result, debug_error, err, info,
|
||||
matrix::{event::gen_event_id_canonical_json, pdu::PartialPdu},
|
||||
warn,
|
||||
trace, warn,
|
||||
};
|
||||
use futures::FutureExt;
|
||||
use ruma::{
|
||||
@@ -18,15 +17,14 @@
|
||||
use service::Services;
|
||||
|
||||
use super::banned_room_check;
|
||||
use crate::Ruma;
|
||||
use crate::{Ruma, client_ip::ClientIp};
|
||||
|
||||
/// # `POST /_matrix/client/r0/rooms/{roomId}/invite`
|
||||
///
|
||||
/// Tries to send an invite event into the room.
|
||||
#[tracing::instrument(skip_all, fields(%client), name = "invite", level = "info")]
|
||||
#[tracing::instrument(skip_all, name = "invite", level = "info")]
|
||||
pub(crate) async fn invite_user_route(
|
||||
State(services): State<crate::State>,
|
||||
ClientIp(client): ClientIp,
|
||||
body: Ruma<invite_user::v3::Request>,
|
||||
) -> Result<invite_user::v3::Response> {
|
||||
let sender_user = body.identity.expect_sender_user()?;
|
||||
@@ -42,14 +40,8 @@ pub(crate) async fn invite_user_route(
|
||||
return Err!(Request(Forbidden("Invites are not allowed on this server.")));
|
||||
}
|
||||
|
||||
banned_room_check(
|
||||
&services,
|
||||
sender_user,
|
||||
Some(&body.room_id),
|
||||
body.room_id.server_name(),
|
||||
client,
|
||||
)
|
||||
.await?;
|
||||
banned_room_check(&services, sender_user, Some(&body.room_id), body.room_id.server_name())
|
||||
.await?;
|
||||
|
||||
match &body.recipient {
|
||||
| invite_user::v3::InvitationRecipient::UserId(InviteUserId {
|
||||
@@ -166,7 +158,7 @@ pub(crate) async fn invite_helper(
|
||||
let invite_room_state = services
|
||||
.rooms
|
||||
.state
|
||||
.summary_stripped(&pdu, room_id, recipient_user)
|
||||
.summary_stripped(&pdu, room_id, recipient_user, true)
|
||||
.await;
|
||||
|
||||
drop(state_lock);
|
||||
@@ -193,6 +185,7 @@ pub(crate) async fn invite_helper(
|
||||
.await
|
||||
.ok();
|
||||
|
||||
trace!(?request, "Sending invite");
|
||||
let response = services
|
||||
.sending
|
||||
.send_federation_request(recipient_user.server_name(), request)
|
||||
@@ -221,7 +214,7 @@ pub(crate) async fn invite_helper(
|
||||
let pdu_id = services
|
||||
.rooms
|
||||
.event_handler
|
||||
.handle_incoming_pdu(recipient_user.server_name(), room_id, &event_id, value, true)
|
||||
.handle_incoming_pdu(recipient_user.server_name(), room_id, &event_id, value, false)
|
||||
.boxed()
|
||||
.await?
|
||||
.ok_or_else(|| {
|
||||
|
||||
@@ -1,5 +1,4 @@
|
||||
use axum::extract::State;
|
||||
use axum_client_ip::ClientIp;
|
||||
use conduwuit::{
|
||||
Err, Result, debug,
|
||||
result::FlatOk,
|
||||
@@ -12,7 +11,7 @@
|
||||
};
|
||||
|
||||
use super::banned_room_check;
|
||||
use crate::Ruma;
|
||||
use crate::{Ruma, client_ip::ClientIp};
|
||||
|
||||
/// # `POST /_matrix/client/r0/rooms/{roomId}/join`
|
||||
///
|
||||
@@ -22,10 +21,9 @@
|
||||
/// rules locally
|
||||
/// - If the server does not know about the room: asks other servers over
|
||||
/// federation
|
||||
#[tracing::instrument(skip_all, fields(%client), name = "join", level = "info")]
|
||||
#[tracing::instrument(skip_all, name = "join", level = "info")]
|
||||
pub(crate) async fn join_room_by_id_route(
|
||||
State(services): State<crate::State>,
|
||||
ClientIp(client): ClientIp,
|
||||
body: Ruma<join_room_by_id::v3::Request>,
|
||||
) -> Result<join_room_by_id::v3::Response> {
|
||||
let sender_user = body.identity.expect_sender_user()?;
|
||||
@@ -33,14 +31,8 @@ pub(crate) async fn join_room_by_id_route(
|
||||
return Err!(Request(UserSuspended("You cannot perform this action while suspended.")));
|
||||
}
|
||||
|
||||
banned_room_check(
|
||||
&services,
|
||||
sender_user,
|
||||
Some(&body.room_id),
|
||||
body.room_id.server_name(),
|
||||
client,
|
||||
)
|
||||
.await?;
|
||||
banned_room_check(&services, sender_user, Some(&body.room_id), body.room_id.server_name())
|
||||
.await?;
|
||||
|
||||
// There is no body.server_name for /roomId/join
|
||||
let mut servers: Vec<_> = services
|
||||
@@ -91,10 +83,9 @@ pub(crate) async fn join_room_by_id_route(
|
||||
/// - If the server does not know about the room: use the server name query
|
||||
/// param if specified. if not specified, asks other servers over federation
|
||||
/// via room alias server name and room ID server name
|
||||
#[tracing::instrument(skip_all, fields(%client), name = "join", level = "info")]
|
||||
#[tracing::instrument(skip_all, name = "join", level = "info")]
|
||||
pub(crate) async fn join_room_by_id_or_alias_route(
|
||||
State(services): State<crate::State>,
|
||||
ClientIp(client): ClientIp,
|
||||
body: Ruma<join_room_by_id_or_alias::v3::Request>,
|
||||
) -> Result<join_room_by_id_or_alias::v3::Response> {
|
||||
let sender_user = body.identity.expect_sender_user()?;
|
||||
@@ -105,15 +96,9 @@ pub(crate) async fn join_room_by_id_or_alias_route(
|
||||
|
||||
let (servers, room_id) = match OwnedRoomId::try_from(body.room_id_or_alias.clone()) {
|
||||
| Ok(room_id) => {
|
||||
banned_room_check(
|
||||
&services,
|
||||
sender_user,
|
||||
Some(&room_id),
|
||||
room_id.server_name(),
|
||||
client,
|
||||
)
|
||||
.boxed()
|
||||
.await?;
|
||||
banned_room_check(&services, sender_user, Some(&room_id), room_id.server_name())
|
||||
.boxed()
|
||||
.await?;
|
||||
|
||||
let mut servers = body.via.clone();
|
||||
if servers.is_empty() {
|
||||
@@ -159,7 +144,6 @@ pub(crate) async fn join_room_by_id_or_alias_route(
|
||||
sender_user,
|
||||
Some(&room_id),
|
||||
Some(room_alias.server_name()),
|
||||
client,
|
||||
)
|
||||
.await?;
|
||||
|
||||
|
||||
@@ -1,7 +1,6 @@
|
||||
use std::{borrow::Borrow, collections::HashMap, iter::once, sync::Arc};
|
||||
|
||||
use axum::extract::State;
|
||||
use axum_client_ip::ClientIp;
|
||||
use conduwuit::{
|
||||
Err, Result, debug, debug_info, debug_warn, err, info,
|
||||
matrix::{
|
||||
@@ -40,15 +39,14 @@
|
||||
};
|
||||
|
||||
use super::banned_room_check;
|
||||
use crate::Ruma;
|
||||
use crate::{Ruma, client_ip::ClientIp};
|
||||
|
||||
/// # `POST /_matrix/client/*/knock/{roomIdOrAlias}`
|
||||
///
|
||||
/// Tries to knock the room to ask permission to join for the sender user.
|
||||
#[tracing::instrument(skip_all, fields(%client), name = "knock", level = "info")]
|
||||
#[tracing::instrument(skip_all, name = "knock", level = "info")]
|
||||
pub(crate) async fn knock_room_route(
|
||||
State(services): State<crate::State>,
|
||||
ClientIp(client): ClientIp,
|
||||
body: Ruma<knock_room::v3::Request>,
|
||||
) -> Result<knock_room::v3::Response> {
|
||||
let sender_user = body.identity.expect_sender_user()?;
|
||||
@@ -59,14 +57,8 @@ pub(crate) async fn knock_room_route(
|
||||
|
||||
let (servers, room_id) = match OwnedRoomId::try_from(body.room_id_or_alias.clone()) {
|
||||
| Ok(room_id) => {
|
||||
banned_room_check(
|
||||
&services,
|
||||
sender_user,
|
||||
Some(&room_id),
|
||||
room_id.server_name(),
|
||||
client,
|
||||
)
|
||||
.await?;
|
||||
banned_room_check(&services, sender_user, Some(&room_id), room_id.server_name())
|
||||
.await?;
|
||||
|
||||
let mut servers = body.via.clone();
|
||||
servers.extend(
|
||||
@@ -109,7 +101,6 @@ pub(crate) async fn knock_room_route(
|
||||
sender_user,
|
||||
Some(&room_id),
|
||||
Some(room_alias.server_name()),
|
||||
client,
|
||||
)
|
||||
.await?;
|
||||
|
||||
|
||||
@@ -8,8 +8,6 @@
|
||||
mod members;
|
||||
mod unban;
|
||||
|
||||
use std::net::IpAddr;
|
||||
|
||||
use axum::extract::State;
|
||||
use conduwuit::{Err, Result, warn};
|
||||
use futures::{FutureExt, StreamExt};
|
||||
@@ -58,7 +56,6 @@ pub(crate) async fn banned_room_check(
|
||||
user_id: &UserId,
|
||||
room_id: Option<&RoomId>,
|
||||
server_name: Option<&ServerName>,
|
||||
client_ip: IpAddr,
|
||||
) -> Result {
|
||||
if services.users.is_admin(user_id).await {
|
||||
return Ok(());
|
||||
@@ -85,7 +82,7 @@ pub(crate) async fn banned_room_check(
|
||||
.admin
|
||||
.send_text(&format!(
|
||||
"Automatically deactivating user {user_id} due to attempted banned \
|
||||
room join from IP {client_ip}"
|
||||
room join"
|
||||
))
|
||||
.await;
|
||||
}
|
||||
@@ -121,7 +118,7 @@ pub(crate) async fn banned_room_check(
|
||||
.admin
|
||||
.send_text(&format!(
|
||||
"Automatically deactivating user {user_id} due to attempted banned \
|
||||
room join from IP {client_ip}"
|
||||
room join"
|
||||
))
|
||||
.await;
|
||||
}
|
||||
|
||||
@@ -1,5 +1,4 @@
|
||||
use axum::extract::State;
|
||||
use axum_client_ip::ClientIp;
|
||||
use conduwuit::{
|
||||
Err, Error, Result, at, debug_warn,
|
||||
matrix::{
|
||||
@@ -38,7 +37,7 @@
|
||||
};
|
||||
use ruminuwuity::invite_permission_config::FilterLevel;
|
||||
|
||||
use crate::Ruma;
|
||||
use crate::{Ruma, client_ip::ClientIp};
|
||||
|
||||
/// list of safe and common non-state events to ignore if the user is ignored
|
||||
const IGNORED_MESSAGE_TYPES: &[TimelineEventType] = &[
|
||||
@@ -72,7 +71,7 @@
|
||||
/// where the user was joined, depending on `history_visibility`)
|
||||
pub(crate) async fn get_message_events_route(
|
||||
State(services): State<crate::State>,
|
||||
ClientIp(client_ip): ClientIp,
|
||||
ClientIp(client_ip): ClientIp, // NOTE: Required for updating device metadata
|
||||
body: Ruma<get_message_events::v3::Request>,
|
||||
) -> Result<get_message_events::v3::Response> {
|
||||
let sender_user = body.identity.expect_sender_user()?;
|
||||
|
||||
@@ -24,5 +24,5 @@ pub(crate) async fn register_client_route(
|
||||
.await
|
||||
.map_err(|err| (StatusCode::BAD_REQUEST, Json(err)).into_response())?;
|
||||
|
||||
Ok(Json(RegisteredClient { client_id, metadata }).into_response())
|
||||
Ok((StatusCode::CREATED, Json(RegisteredClient { client_id, metadata })).into_response())
|
||||
}
|
||||
|
||||
@@ -37,6 +37,17 @@ pub(crate) async fn authorization_server_metadata(services: &Services) -> Value
|
||||
.join(super::BASE_PATH)
|
||||
.unwrap();
|
||||
|
||||
let prompt_values_supported = if services
|
||||
.uiaa
|
||||
.registration_flow_status()
|
||||
.await
|
||||
.any_available()
|
||||
{
|
||||
json!(["create"])
|
||||
} else {
|
||||
json!([])
|
||||
};
|
||||
|
||||
json!({
|
||||
"account_management_uri": endpoint_base.join(ACCOUNT_MANAGEMENT_PATH).unwrap(),
|
||||
"account_management_actions_supported": [
|
||||
@@ -52,7 +63,7 @@ pub(crate) async fn authorization_server_metadata(services: &Services) -> Value
|
||||
"grant_types_supported": ["authorization_code", "refresh_token"],
|
||||
"issuer": services.config.get_client_domain(),
|
||||
"jwks_uri": endpoint_base.join(JWKS_URI_PATH).unwrap(),
|
||||
"prompt_values_supported": ["create"],
|
||||
"prompt_values_supported": prompt_values_supported,
|
||||
"registration_endpoint": endpoint_base.join(CLIENT_REGISTER_PATH).unwrap(),
|
||||
"response_modes_supported": ["query", "fragment"],
|
||||
"response_types_supported": ["code"],
|
||||
|
||||
@@ -1,7 +1,6 @@
|
||||
use std::collections::BTreeMap;
|
||||
|
||||
use axum::extract::State;
|
||||
use axum_client_ip::ClientIp;
|
||||
use conduwuit::{Err, PduCount, Result, err};
|
||||
use ruma::{
|
||||
MilliSecondsSinceUnixEpoch,
|
||||
@@ -13,7 +12,7 @@
|
||||
},
|
||||
};
|
||||
|
||||
use crate::Ruma;
|
||||
use crate::{Ruma, client_ip::ClientIp};
|
||||
|
||||
/// # `POST /_matrix/client/r0/rooms/{roomId}/read_markers`
|
||||
///
|
||||
@@ -117,7 +116,7 @@ pub(crate) async fn set_read_marker_route(
|
||||
/// Sets private read marker and public read receipt EDU.
|
||||
pub(crate) async fn create_receipt_route(
|
||||
State(services): State<crate::State>,
|
||||
ClientIp(client_ip): ClientIp,
|
||||
ClientIp(client_ip): ClientIp, // NOTE: Required for updating device metadata
|
||||
body: Ruma<create_receipt::v3::Request>,
|
||||
) -> Result<create_receipt::v3::Response> {
|
||||
let sender_user = body.identity.expect_sender_user()?;
|
||||
|
||||
@@ -1,11 +1,10 @@
|
||||
use axum::extract::State;
|
||||
use axum_client_ip::ClientIp;
|
||||
use conduwuit::{Err, Result, matrix::pdu::PartialPdu};
|
||||
use ruma::{
|
||||
api::client::redact::redact_event, assign, events::room::redaction::RoomRedactionEventContent,
|
||||
};
|
||||
|
||||
use crate::Ruma;
|
||||
use crate::{Ruma, client_ip::ClientIp};
|
||||
|
||||
/// # `PUT /_matrix/client/r0/rooms/{roomId}/redact/{eventId}/{txnId}`
|
||||
///
|
||||
@@ -14,7 +13,7 @@
|
||||
/// - TODO: Handle txn id
|
||||
pub(crate) async fn redact_event_route(
|
||||
State(services): State<crate::State>,
|
||||
ClientIp(client_ip): ClientIp,
|
||||
ClientIp(client_ip): ClientIp, // NOTE: required for updating device metadata
|
||||
body: Ruma<redact_event::v3::Request>,
|
||||
) -> Result<redact_event::v3::Response> {
|
||||
let sender_user = body.identity.expect_sender_user()?;
|
||||
|
||||
@@ -1,7 +1,6 @@
|
||||
use std::{fmt::Write as _, time::Duration};
|
||||
|
||||
use axum::extract::State;
|
||||
use axum_client_ip::ClientIp;
|
||||
use conduwuit::{Err, Event, Result, debug_info, info, matrix::pdu::PduEvent, utils::ReadyExt};
|
||||
use conduwuit_service::Services;
|
||||
use ruma::{
|
||||
@@ -14,7 +13,7 @@
|
||||
};
|
||||
use tokio::time::sleep;
|
||||
|
||||
use crate::Ruma;
|
||||
use crate::{Ruma, client_ip::ClientIp};
|
||||
|
||||
struct Report {
|
||||
sender: OwnedUserId,
|
||||
@@ -30,10 +29,9 @@ struct Report {
|
||||
/// # `POST /_matrix/client/v3/rooms/{roomId}/report`
|
||||
///
|
||||
/// Reports an abusive room to homeserver admins
|
||||
#[tracing::instrument(skip_all, fields(%client), name = "report_room", level = "info")]
|
||||
#[tracing::instrument(skip_all, name = "report_room", level = "info")]
|
||||
pub(crate) async fn report_room_route(
|
||||
State(services): State<crate::State>,
|
||||
ClientIp(client): ClientIp,
|
||||
body: Ruma<report_room::v3::Request>,
|
||||
) -> Result<report_room::v3::Response> {
|
||||
let sender_user = body.identity.expect_sender_user()?;
|
||||
@@ -85,10 +83,9 @@ pub(crate) async fn report_room_route(
|
||||
/// # `POST /_matrix/client/v3/rooms/{roomId}/report/{eventId}`
|
||||
///
|
||||
/// Reports an inappropriate event to homeserver admins
|
||||
#[tracing::instrument(skip_all, fields(%client), name = "report_event", level = "info")]
|
||||
#[tracing::instrument(skip_all, name = "report_event", level = "info")]
|
||||
pub(crate) async fn report_event_route(
|
||||
State(services): State<crate::State>,
|
||||
ClientIp(client): ClientIp,
|
||||
body: Ruma<report_content::v3::Request>,
|
||||
) -> Result<report_content::v3::Response> {
|
||||
// user authentication
|
||||
@@ -129,10 +126,9 @@ pub(crate) async fn report_event_route(
|
||||
Ok(report_content::v3::Response::new())
|
||||
}
|
||||
|
||||
#[tracing::instrument(skip_all, fields(%client), name = "report_user", level = "info")]
|
||||
#[tracing::instrument(skip_all, name = "report_user", level = "info")]
|
||||
pub(crate) async fn report_user_route(
|
||||
State(services): State<crate::State>,
|
||||
ClientIp(client): ClientIp,
|
||||
body: Ruma<report_user::v3::Request>,
|
||||
) -> Result<report_user::v3::Response> {
|
||||
let sender_user = body.identity.expect_sender_user()?;
|
||||
|
||||
@@ -1,18 +1,16 @@
|
||||
use axum::extract::State;
|
||||
use axum_client_ip::ClientIp;
|
||||
use conduwuit::{Err, Result};
|
||||
use ruma::api::client::room::get_summary;
|
||||
use service::rooms::summary::Accessibility;
|
||||
|
||||
use crate::{Ruma, router::ClientIdentity};
|
||||
use crate::{Ruma, client_ip::ClientIp, router::ClientIdentity};
|
||||
|
||||
/// # `GET /_matrix/client/v1/room_summary/{roomIdOrAlias}`
|
||||
///
|
||||
/// Returns a short description of the state of a room.
|
||||
#[tracing::instrument(skip_all, fields(%client), name = "room_summary", level = "info")]
|
||||
#[tracing::instrument(skip_all, name = "room_summary", level = "info")]
|
||||
pub(crate) async fn get_room_summary(
|
||||
State(services): State<crate::State>,
|
||||
ClientIp(client): ClientIp,
|
||||
body: Ruma<get_summary::v1::Request>,
|
||||
) -> Result<get_summary::v1::Response> {
|
||||
let (room_id, servers) = services
|
||||
|
||||
@@ -1,12 +1,11 @@
|
||||
use std::collections::BTreeMap;
|
||||
|
||||
use axum::extract::State;
|
||||
use axum_client_ip::ClientIp;
|
||||
use conduwuit::{Err, Result, err, matrix::pdu::PartialPdu, utils};
|
||||
use ruma::{api::client::message::send_message_event, events::MessageLikeEventType};
|
||||
use serde_json::from_str;
|
||||
|
||||
use crate::Ruma;
|
||||
use crate::{Ruma, client_ip::ClientIp};
|
||||
|
||||
/// # `PUT /_matrix/client/v3/rooms/{roomId}/send/{eventType}/{txnId}`
|
||||
///
|
||||
@@ -19,7 +18,7 @@
|
||||
/// allowed
|
||||
pub(crate) async fn send_message_event_route(
|
||||
State(services): State<crate::State>,
|
||||
ClientIp(client_ip): ClientIp,
|
||||
ClientIp(client_ip): ClientIp, // NOTE: required for updating device metadata
|
||||
body: Ruma<send_message_event::v3::Request>,
|
||||
) -> Result<send_message_event::v3::Response> {
|
||||
let sender_user = body.identity.expect_sender_user()?;
|
||||
|
||||
+15
-20
@@ -1,7 +1,6 @@
|
||||
use std::time::Duration;
|
||||
|
||||
use axum::extract::State;
|
||||
use axum_client_ip::ClientIp;
|
||||
use conduwuit::{
|
||||
Err, Result, debug, err, info,
|
||||
utils::{self, ReadyExt, stream::BroadbandExt},
|
||||
@@ -29,18 +28,18 @@
|
||||
},
|
||||
assign,
|
||||
};
|
||||
use service::users::DeviceToken;
|
||||
|
||||
use super::{DEVICE_ID_LENGTH, TOKEN_LENGTH};
|
||||
use crate::Ruma;
|
||||
use super::DEVICE_ID_LENGTH;
|
||||
use crate::{Ruma, client_ip::ClientIp};
|
||||
|
||||
/// # `GET /_matrix/client/v3/login`
|
||||
///
|
||||
/// Get the supported login types of this server. One of these should be used as
|
||||
/// the `type` field when logging in.
|
||||
#[tracing::instrument(skip_all, fields(%client), name = "login", level = "info")]
|
||||
#[tracing::instrument(skip_all, name = "login", level = "info")]
|
||||
pub(crate) async fn get_login_types_route(
|
||||
State(services): State<crate::State>,
|
||||
ClientIp(client): ClientIp,
|
||||
_body: Ruma<get_login_types::v3::Request>,
|
||||
) -> Result<get_login_types::v3::Response> {
|
||||
if !services.config.oauth.compatibility_mode().uiaa_available() {
|
||||
@@ -114,10 +113,10 @@ pub async fn handle_login(
|
||||
/// Note: You can use [`GET
|
||||
/// /_matrix/client/r0/login`](fn.get_supported_versions_route.html) to see
|
||||
/// supported login types.
|
||||
#[tracing::instrument(skip_all, fields(%client), name = "login", level = "info")]
|
||||
#[tracing::instrument(skip_all, name = "login", level = "info")]
|
||||
pub(crate) async fn login_route(
|
||||
State(services): State<crate::State>,
|
||||
ClientIp(client): ClientIp,
|
||||
ClientIp(client): ClientIp, // NOTE: Required for device metadata
|
||||
body: Ruma<login::v3::Request>,
|
||||
) -> Result<login::v3::Response> {
|
||||
if !services.config.oauth.compatibility_mode().uiaa_available() {
|
||||
@@ -196,8 +195,8 @@ pub(crate) async fn login_route(
|
||||
.clone()
|
||||
.unwrap_or_else(|| utils::random_string(DEVICE_ID_LENGTH).into());
|
||||
|
||||
// Generate a new token for the device (ensuring no collisions)
|
||||
let token = services.users.generate_unique_token().await;
|
||||
// Generate a new token for the device
|
||||
let token = DeviceToken::new_random();
|
||||
|
||||
// Determine if device_id was provided and exists in the db for this user
|
||||
let device_exists = if body.device_id.is_some() {
|
||||
@@ -213,7 +212,7 @@ pub(crate) async fn login_route(
|
||||
if device_exists {
|
||||
services
|
||||
.users
|
||||
.set_token(&user_id, &device_id, &token, None)
|
||||
.set_token(&user_id, &device_id, token.clone())
|
||||
.await?;
|
||||
} else {
|
||||
services
|
||||
@@ -221,8 +220,7 @@ pub(crate) async fn login_route(
|
||||
.create_device(
|
||||
&user_id,
|
||||
&device_id,
|
||||
&token,
|
||||
None,
|
||||
Some(token.clone()),
|
||||
body.initial_device_display_name.clone(),
|
||||
Some(client.to_string()),
|
||||
)
|
||||
@@ -241,7 +239,7 @@ pub(crate) async fn login_route(
|
||||
info!("{user_id} logged in");
|
||||
|
||||
#[allow(deprecated)]
|
||||
Ok(assign!(login::v3::Response::new(user_id, token, device_id), {
|
||||
Ok(assign!(login::v3::Response::new(user_id, token.into_token(), device_id), {
|
||||
well_known: client_discovery_info,
|
||||
expires_in: None,
|
||||
home_server: Some(services.config.server_name.clone()),
|
||||
@@ -255,10 +253,9 @@ pub(crate) async fn login_route(
|
||||
/// to log in with the m.login.token flow.
|
||||
///
|
||||
/// <https://spec.matrix.org/v1.13/client-server-api/#post_matrixclientv1loginget_token>
|
||||
#[tracing::instrument(skip_all, fields(%client), name = "login_token", level = "info")]
|
||||
#[tracing::instrument(skip_all, name = "login_token", level = "info")]
|
||||
pub(crate) async fn login_token_route(
|
||||
State(services): State<crate::State>,
|
||||
ClientIp(client): ClientIp,
|
||||
body: Ruma<get_login_token::v1::Request>,
|
||||
) -> Result<get_login_token::v1::Response> {
|
||||
if !services.config.login_via_existing_session {
|
||||
@@ -273,7 +270,7 @@ pub(crate) async fn login_token_route(
|
||||
.authenticate_password(&body.auth, sender_user, body.identity.sender_device(), None)
|
||||
.await?;
|
||||
|
||||
let login_token = utils::random_string(TOKEN_LENGTH);
|
||||
let login_token = DeviceToken::new_random().into_token();
|
||||
let expires_in = services.users.create_login_token(sender_user, &login_token);
|
||||
|
||||
Ok(get_login_token::v1::Response::new(
|
||||
@@ -291,10 +288,9 @@ pub(crate) async fn login_token_route(
|
||||
/// last seen ts)
|
||||
/// - Forgets to-device events
|
||||
/// - Triggers device list updates
|
||||
#[tracing::instrument(skip_all, fields(%client), name = "logout", level = "info")]
|
||||
#[tracing::instrument(skip_all, name = "logout", level = "info")]
|
||||
pub(crate) async fn logout_route(
|
||||
State(services): State<crate::State>,
|
||||
ClientIp(client): ClientIp,
|
||||
body: Ruma<logout::v3::Request>,
|
||||
) -> Result<logout::v3::Response> {
|
||||
let sender_user = body.identity.expect_sender_user()?;
|
||||
@@ -339,10 +335,9 @@ pub(crate) async fn logout_route(
|
||||
/// Note: This is equivalent to calling [`GET
|
||||
/// /_matrix/client/r0/logout`](fn.logout_route.html) from each device of this
|
||||
/// user.
|
||||
#[tracing::instrument(skip_all, fields(%client), name = "logout", level = "info")]
|
||||
#[tracing::instrument(skip_all, name = "logout", level = "info")]
|
||||
pub(crate) async fn logout_all_route(
|
||||
State(services): State<crate::State>,
|
||||
ClientIp(client): ClientIp,
|
||||
body: Ruma<logout_all::v3::Request>,
|
||||
) -> Result<logout_all::v3::Response> {
|
||||
let sender_user = body.identity.expect_sender_user()?;
|
||||
|
||||
@@ -1,7 +1,6 @@
|
||||
#[cfg(test)]
|
||||
mod tests;
|
||||
use axum::extract::State;
|
||||
use axum_client_ip::ClientIp;
|
||||
use conduwuit::{
|
||||
Err, Result, err,
|
||||
matrix::{Event, pdu::PartialPdu},
|
||||
@@ -28,14 +27,14 @@
|
||||
};
|
||||
use serde_json::{json, value::to_raw_value};
|
||||
|
||||
use crate::{Ruma, RumaResponse};
|
||||
use crate::{Ruma, RumaResponse, client_ip::ClientIp};
|
||||
|
||||
/// # `PUT /_matrix/client/*/rooms/{roomId}/state/{eventType}/{stateKey}`
|
||||
///
|
||||
/// Sends a state event into the room.
|
||||
pub(crate) async fn send_state_event_for_key_route(
|
||||
State(services): State<crate::State>,
|
||||
ClientIp(ip): ClientIp,
|
||||
ClientIp(ip): ClientIp, // NOTE: Required for updating device metadata
|
||||
body: Ruma<send_state_event::v3::Request>,
|
||||
) -> Result<send_state_event::v3::Response> {
|
||||
let sender_user = body.identity.expect_sender_user()?;
|
||||
@@ -72,7 +71,7 @@ pub(crate) async fn send_state_event_for_key_route(
|
||||
/// Sends a state event into the room.
|
||||
pub(crate) async fn send_state_event_for_empty_key_route(
|
||||
State(services): State<crate::State>,
|
||||
ClientIp(ip): ClientIp,
|
||||
ClientIp(ip): ClientIp, // NOTE: Required for updating device metadata
|
||||
body: Ruma<send_state_event::v3::Request>,
|
||||
) -> Result<RumaResponse<send_state_event::v3::Response>> {
|
||||
send_state_event_for_key_route(State(services), ClientIp(ip), body)
|
||||
|
||||
@@ -269,13 +269,22 @@ async fn build_state_and_timeline(
|
||||
)
|
||||
.await?;
|
||||
|
||||
let (state_events, notification_counts, joined_since_last_sync) = try_join3(
|
||||
build_state_events(services, sync_context, room_id, shortstatehashes, &timeline),
|
||||
let (notification_counts, joined_since_last_sync) = try_join(
|
||||
build_notification_counts(services, sync_context, room_id, &timeline),
|
||||
check_joined_since_last_sync(services, shortstatehashes, sync_context),
|
||||
)
|
||||
.await?;
|
||||
|
||||
let state_events = build_state_events(
|
||||
services,
|
||||
sync_context,
|
||||
room_id,
|
||||
shortstatehashes,
|
||||
&timeline,
|
||||
joined_since_last_sync,
|
||||
)
|
||||
.await?;
|
||||
|
||||
// the timeline should always include at least one PDU if the syncing user
|
||||
// joined since the last sync, that being the syncing user's join event. if
|
||||
// it's empty something is wrong.
|
||||
@@ -381,16 +390,21 @@ async fn fetch_shortstatehashes(
|
||||
| Some((_, pdu_after_last_sync_end)) => {
|
||||
trace!(?pdu_after_last_sync_end.event_id, "pdu at last sync end");
|
||||
|
||||
Some(
|
||||
services
|
||||
.rooms
|
||||
.state_accessor
|
||||
.pdu_shortstatehash(&pdu_after_last_sync_end.event_id)
|
||||
.await
|
||||
.map_err(|err| {
|
||||
err!("Last sync end PDU has no shortstatehash: {err}")
|
||||
}),
|
||||
)
|
||||
if pdu_after_last_sync_end.kind == RoomCreate {
|
||||
// Room create events have no previous state
|
||||
None
|
||||
} else {
|
||||
Some(
|
||||
services
|
||||
.rooms
|
||||
.state_accessor
|
||||
.pdu_shortstatehash(&pdu_after_last_sync_end.event_id)
|
||||
.await
|
||||
.map_err(|err| {
|
||||
err!("Last sync end PDU has no shortstatehash: {err}")
|
||||
}),
|
||||
)
|
||||
}
|
||||
},
|
||||
| None => {
|
||||
// No events have been sent since the last sync, or we just joined this room
|
||||
@@ -454,6 +468,7 @@ async fn build_state_events(
|
||||
room_id: &RoomId,
|
||||
shortstatehashes: ShortStateHashes,
|
||||
timeline: &TimelinePdus,
|
||||
joined_since_last_sync: bool,
|
||||
) -> Result<Vec<PduEvent>> {
|
||||
let SyncContext {
|
||||
syncing_user,
|
||||
@@ -483,9 +498,10 @@ async fn build_state_events(
|
||||
/*
|
||||
if `last_sync_end_count` is Some (meaning this is an incremental sync), and `last_sync_end_shortstatehash`
|
||||
is Some (meaning the syncing user didn't just join this room for the first time ever), and `full_state` is false,
|
||||
then use `build_state_incremental`.
|
||||
and the user didn't just join the room since the last sync, then use `build_state_incremental`.
|
||||
*/
|
||||
| (Some(_), Some(last_sync_end_shortstatehash)) if !full_state =>
|
||||
| (Some(_), Some(last_sync_end_shortstatehash))
|
||||
if !full_state && !joined_since_last_sync =>
|
||||
build_state_incremental(
|
||||
services,
|
||||
syncing_user,
|
||||
|
||||
@@ -9,7 +9,6 @@
|
||||
};
|
||||
|
||||
use axum::extract::State;
|
||||
use axum_client_ip::ClientIp;
|
||||
use conduwuit::{
|
||||
Err, Result, at, error, extract_variant,
|
||||
utils::{
|
||||
@@ -48,6 +47,7 @@
|
||||
is_ignored_invite,
|
||||
sync::v3::{joined::load_joined_room, left::load_left_room},
|
||||
},
|
||||
client_ip::ClientIp,
|
||||
};
|
||||
|
||||
/// The default maximum number of events to return in the `timeline` key of
|
||||
@@ -181,7 +181,7 @@ fn lazy_loading_enabled(&self) -> bool {
|
||||
)]
|
||||
pub(crate) async fn sync_events_route(
|
||||
State(services): State<crate::State>,
|
||||
ClientIp(client_ip): ClientIp,
|
||||
ClientIp(client_ip): ClientIp, // NOTE: Required for updating device metadata
|
||||
body: Ruma<sync_events::v3::Request>,
|
||||
) -> Result<sync_events::v3::Response> {
|
||||
let sender_user = body.identity.expect_sender_user()?;
|
||||
|
||||
@@ -6,7 +6,6 @@
|
||||
};
|
||||
|
||||
use axum::extract::State;
|
||||
use axum_client_ip::ClientIp;
|
||||
use conduwuit::{
|
||||
Err, Error, Result, at, error, extract_variant, is_equal_to,
|
||||
matrix::{Event, TypeStateKey, pdu::PduCount},
|
||||
@@ -49,6 +48,7 @@
|
||||
client::{
|
||||
DEFAULT_BUMP_TYPES, TimelinePdus, ignored_filter, is_ignored_invite, sync::load_timeline,
|
||||
},
|
||||
client_ip::ClientIp,
|
||||
};
|
||||
|
||||
type SyncInfo<'a> = (&'a UserId, &'a DeviceId, u64, &'a sync_events::v5::Request);
|
||||
@@ -67,7 +67,7 @@
|
||||
/// [MSC4186]: https://github.com/matrix-org/matrix-spec-proposals/pull/4186
|
||||
pub(crate) async fn sync_events_v5_route(
|
||||
State(ref services): State<crate::State>,
|
||||
ClientIp(client_ip): ClientIp,
|
||||
ClientIp(client_ip): ClientIp, // NOTE: Required for updating device metadata
|
||||
body: Ruma<sync_events::v5::Request>,
|
||||
) -> Result<sync_events::v5::Response> {
|
||||
let sender_user = body.identity.expect_sender_user()?;
|
||||
|
||||
@@ -1,16 +1,15 @@
|
||||
use axum::extract::State;
|
||||
use axum_client_ip::ClientIp;
|
||||
use conduwuit::{Err, Result, utils, utils::math::Tried};
|
||||
use ruma::api::client::typing::create_typing_event::{self, v3::TypingInfo};
|
||||
|
||||
use crate::Ruma;
|
||||
use crate::{Ruma, client_ip::ClientIp};
|
||||
|
||||
/// # `PUT /_matrix/client/r0/rooms/{roomId}/typing/{userId}`
|
||||
///
|
||||
/// Sets the typing state of the sender user.
|
||||
pub(crate) async fn create_typing_event_route(
|
||||
State(services): State<crate::State>,
|
||||
ClientIp(ip): ClientIp,
|
||||
ClientIp(ip): ClientIp, // NOTE: Required for updating device metadata
|
||||
body: Ruma<create_typing_event::v3::Request>,
|
||||
) -> Result<create_typing_event::v3::Response> {
|
||||
use create_typing_event::v3::Typing;
|
||||
|
||||
@@ -0,0 +1,135 @@
|
||||
use std::{
|
||||
convert::Infallible,
|
||||
net::{IpAddr, Ipv4Addr, SocketAddr},
|
||||
};
|
||||
|
||||
use axum::extract::{ConnectInfo, FromRequestParts};
|
||||
use axum_client_ip::ClientIp as SourcedClientIp;
|
||||
use conduwuit::debug_warn;
|
||||
use http::request::Parts;
|
||||
|
||||
const UNKNOWN_IP: IpAddr = IpAddr::V4(Ipv4Addr::UNSPECIFIED);
|
||||
|
||||
/// [`ClientIp`] extractor that falls back to the connection peer address
|
||||
/// instead of rejecting the request when `request_ip_source` can't be resolved.
|
||||
#[derive(Debug, Clone, Copy)]
|
||||
pub(crate) struct ClientIp(pub IpAddr);
|
||||
|
||||
impl<S> FromRequestParts<S> for ClientIp
|
||||
where
|
||||
S: Sync,
|
||||
{
|
||||
type Rejection = Infallible;
|
||||
|
||||
async fn from_request_parts(parts: &mut Parts, state: &S) -> Result<Self, Self::Rejection> {
|
||||
let ip = match SourcedClientIp::from_request_parts(parts, state).await {
|
||||
| Ok(SourcedClientIp(ip)) => ip,
|
||||
| Err(rejection) => {
|
||||
debug_warn!(
|
||||
%rejection,
|
||||
"Could not resolve client IP from request_ip_source; using peer address"
|
||||
);
|
||||
parts
|
||||
.extensions
|
||||
.get::<ConnectInfo<SocketAddr>>()
|
||||
.map_or(UNKNOWN_IP, |ConnectInfo(addr)| addr.ip())
|
||||
},
|
||||
};
|
||||
|
||||
Ok(Self(ip))
|
||||
}
|
||||
}
|
||||
|
||||
#[cfg(test)]
|
||||
mod tests {
|
||||
use std::net::Ipv6Addr;
|
||||
|
||||
use axum_client_ip::ClientIpSource;
|
||||
|
||||
use super::*;
|
||||
|
||||
const PEER: SocketAddr = SocketAddr::new(IpAddr::V4(Ipv4Addr::new(198, 51, 100, 7)), 8448);
|
||||
const PEER_V6: SocketAddr =
|
||||
SocketAddr::new(IpAddr::V6(Ipv6Addr::new(0x2001, 0xDB8, 0, 0, 0, 0, 0, 1)), 8448);
|
||||
|
||||
fn parts(
|
||||
source: Option<ClientIpSource>,
|
||||
peer: Option<SocketAddr>,
|
||||
headers: &[(&str, &str)],
|
||||
) -> Parts {
|
||||
let mut builder = http::Request::builder();
|
||||
for (name, value) in headers {
|
||||
builder = builder.header(*name, *value);
|
||||
}
|
||||
|
||||
let (mut parts, ()) = builder.body(()).unwrap().into_parts();
|
||||
if let Some(source) = source {
|
||||
parts.extensions.insert(source);
|
||||
}
|
||||
if let Some(peer) = peer {
|
||||
parts.extensions.insert(ConnectInfo(peer));
|
||||
}
|
||||
|
||||
parts
|
||||
}
|
||||
|
||||
async fn extract(mut parts: Parts) -> IpAddr {
|
||||
let ClientIp(ip) = ClientIp::from_request_parts(&mut parts, &()).await.unwrap();
|
||||
ip
|
||||
}
|
||||
|
||||
#[tokio::test]
|
||||
async fn resolves_from_configured_source() {
|
||||
let parts =
|
||||
parts(Some(ClientIpSource::XRealIp), Some(PEER), &[("x-real-ip", "203.0.113.5")]);
|
||||
|
||||
assert_eq!(extract(parts).await, IpAddr::V4(Ipv4Addr::new(203, 0, 113, 5)));
|
||||
}
|
||||
|
||||
#[tokio::test]
|
||||
async fn resolves_ipv6_from_configured_source() {
|
||||
let parts =
|
||||
parts(Some(ClientIpSource::XRealIp), Some(PEER), &[("x-real-ip", "2001:db8::2")]);
|
||||
|
||||
assert_eq!(
|
||||
extract(parts).await,
|
||||
IpAddr::V6(Ipv6Addr::new(0x2001, 0xDB8, 0, 0, 0, 0, 0, 2))
|
||||
);
|
||||
}
|
||||
|
||||
#[tokio::test]
|
||||
async fn falls_back_to_peer_when_header_missing() {
|
||||
let parts = parts(Some(ClientIpSource::XRealIp), Some(PEER), &[]);
|
||||
|
||||
assert_eq!(extract(parts).await, PEER.ip());
|
||||
}
|
||||
|
||||
#[tokio::test]
|
||||
async fn falls_back_to_ipv6_peer_when_header_missing() {
|
||||
let parts = parts(Some(ClientIpSource::XRealIp), Some(PEER_V6), &[]);
|
||||
|
||||
assert_eq!(extract(parts).await, PEER_V6.ip());
|
||||
}
|
||||
|
||||
#[tokio::test]
|
||||
async fn falls_back_to_peer_when_header_unparsable() {
|
||||
let parts =
|
||||
parts(Some(ClientIpSource::XRealIp), Some(PEER), &[("x-real-ip", "not-an-ip")]);
|
||||
|
||||
assert_eq!(extract(parts).await, PEER.ip());
|
||||
}
|
||||
|
||||
#[tokio::test]
|
||||
async fn falls_back_to_peer_when_source_unset() {
|
||||
let parts = parts(None, Some(PEER), &[("x-real-ip", "203.0.113.5")]);
|
||||
|
||||
assert_eq!(extract(parts).await, PEER.ip());
|
||||
}
|
||||
|
||||
#[tokio::test]
|
||||
async fn falls_back_to_unspecified_without_peer() {
|
||||
let parts = parts(Some(ClientIpSource::XRealIp), None, &[]);
|
||||
|
||||
assert_eq!(extract(parts).await, UNKNOWN_IP);
|
||||
}
|
||||
}
|
||||
@@ -11,6 +11,8 @@
|
||||
pub mod router;
|
||||
pub mod server;
|
||||
|
||||
pub(crate) mod client_ip;
|
||||
|
||||
pub mod admin;
|
||||
|
||||
pub(crate) use self::router::{Ruma, RumaResponse, State};
|
||||
|
||||
@@ -15,10 +15,9 @@
|
||||
#[derive(Deserialize)]
|
||||
pub(crate) struct AuthQueryParams {
|
||||
pub(super) user_id: Option<String>,
|
||||
/// Device ID for appservice device masquerading (MSC3202/MSC4190).
|
||||
/// Can be provided as `device_id` or `org.matrix.msc3202.device_id`.
|
||||
#[serde(alias = "org.matrix.msc3202.device_id")]
|
||||
pub(super) device_id: Option<String>,
|
||||
#[serde(rename = "org.matrix.msc3202.device_id")]
|
||||
pub(super) legacy_device_id: Option<String>,
|
||||
}
|
||||
|
||||
/// Extractor for Ruma request structs
|
||||
|
||||
+22
-18
@@ -219,25 +219,29 @@ async fn verify<B: AsRef<[u8]> + Sync>(
|
||||
// MSC3202/MSC4190: Handle device_id masquerading for appservices.
|
||||
// The device_id can be provided via `device_id` or
|
||||
// `org.matrix.msc3202.device_id` query parameter.
|
||||
let sender_device =
|
||||
if let Some(device_id) = query.device_id.as_deref().map(Into::into) {
|
||||
// Verify the device exists for this user
|
||||
if services
|
||||
.users
|
||||
.get_device_metadata(&sender_user, device_id)
|
||||
.await
|
||||
.is_err()
|
||||
{
|
||||
return Err!(Request(Forbidden(
|
||||
"Device does not exist for user or appservice cannot masquerade as \
|
||||
this device."
|
||||
)));
|
||||
}
|
||||
let sender_device = if let Some(device_id) = query
|
||||
.device_id
|
||||
.or(query.legacy_device_id)
|
||||
.as_deref()
|
||||
.map(Into::into)
|
||||
{
|
||||
// Verify the device exists for this user
|
||||
if services
|
||||
.users
|
||||
.get_device_metadata(&sender_user, device_id)
|
||||
.await
|
||||
.is_err()
|
||||
{
|
||||
return Err!(Request(Forbidden(
|
||||
"Device does not exist for user or appservice cannot masquerade as this \
|
||||
device."
|
||||
)));
|
||||
}
|
||||
|
||||
Some(device_id.to_owned())
|
||||
} else {
|
||||
None
|
||||
};
|
||||
Some(device_id.to_owned())
|
||||
} else {
|
||||
None
|
||||
};
|
||||
|
||||
Ok(ClientIdentity::Appservice {
|
||||
sender_user,
|
||||
|
||||
+295
-113
@@ -1,57 +1,47 @@
|
||||
use std::collections::{HashMap, hash_map::Entry};
|
||||
|
||||
use axum::extract::State;
|
||||
use axum_client_ip::ClientIp;
|
||||
use base64::{Engine as _, engine::general_purpose};
|
||||
use conduwuit::{
|
||||
Err, Error, PduEvent, Result, err, error,
|
||||
matrix::{Event, event::gen_event_id},
|
||||
utils::{self, hash::sha256},
|
||||
Err, Error, EventTypeExt, PduEvent, Result, debug, err, error,
|
||||
matrix::{Event, StateKey},
|
||||
result::FlatOk,
|
||||
state_res, trace,
|
||||
utils::hash::sha256,
|
||||
warn,
|
||||
};
|
||||
use ruma::{
|
||||
CanonicalJsonValue, UserId,
|
||||
CanonicalJsonObject, CanonicalJsonValue, OwnedEventId, OwnedRoomId, OwnedUserId, ServerName,
|
||||
UserId,
|
||||
api::{
|
||||
error::{ErrorKind, IncompatibleRoomVersionErrorData},
|
||||
federation::membership::{RawStrippedState, create_invite},
|
||||
},
|
||||
events::room::member::{MembershipState, RoomMemberEventContent},
|
||||
serde::JsonObject,
|
||||
events::{StateEventType, room::member::MembershipState},
|
||||
room_version_rules::RoomVersionRules,
|
||||
};
|
||||
use serde::Deserialize;
|
||||
|
||||
use crate::Ruma;
|
||||
use crate::{Ruma, client_ip::ClientIp, server::utils::validate_any_membership_event};
|
||||
|
||||
/// # `PUT /_matrix/federation/v2/invite/{roomId}/{eventId}`
|
||||
///
|
||||
/// Invites a remote user to a room.
|
||||
#[tracing::instrument(skip_all, fields(%client), name = "invite", level = "info")]
|
||||
#[tracing::instrument(skip_all, name = "invite", level = "info")]
|
||||
pub(crate) async fn create_invite_route(
|
||||
State(services): State<crate::State>,
|
||||
ClientIp(client): ClientIp,
|
||||
body: Ruma<create_invite::v2::Request>,
|
||||
) -> Result<create_invite::v2::Response> {
|
||||
// ACL check origin
|
||||
services
|
||||
.rooms
|
||||
.event_handler
|
||||
.acl_check(&body.identity, &body.room_id)
|
||||
.await?;
|
||||
|
||||
if !services.server.supported_room_version(&body.room_version) {
|
||||
return Err(Error::BadRequest(
|
||||
ErrorKind::IncompatibleRoomVersion(IncompatibleRoomVersionErrorData::new(
|
||||
body.room_version.clone(),
|
||||
)),
|
||||
"Server does not support this room version.",
|
||||
"This server does not support that room version",
|
||||
));
|
||||
}
|
||||
|
||||
let room_version_rules = body.room_version.rules().unwrap();
|
||||
|
||||
if let Some(server) = body.room_id.server_name() {
|
||||
if services.moderation.is_remote_server_forbidden(server) {
|
||||
return Err!(Request(Forbidden("Server is banned on this homeserver.")));
|
||||
}
|
||||
}
|
||||
|
||||
if services
|
||||
.moderation
|
||||
.is_remote_server_forbidden(&body.identity)
|
||||
@@ -61,90 +51,61 @@ pub(crate) async fn create_invite_route(
|
||||
body.identity, body.room_id
|
||||
);
|
||||
|
||||
return Err!(Request(Forbidden("Server is banned on this homeserver.")));
|
||||
return Err!(Request(Forbidden("Federation denied with {}", body.identity)));
|
||||
}
|
||||
|
||||
let mut signed_event = utils::to_canonical_object(&body.event)
|
||||
.map_err(|_| err!(Request(InvalidParam("Invite event is invalid."))))?;
|
||||
|
||||
// Ensure this is a membership event
|
||||
if signed_event
|
||||
.get("type")
|
||||
.expect("event must have a type")
|
||||
.as_str()
|
||||
.expect("type must be a string")
|
||||
!= "m.room.member"
|
||||
{
|
||||
return Err!(Request(BadJson(
|
||||
"Not allowed to send non-membership event to invite endpoint."
|
||||
)));
|
||||
}
|
||||
|
||||
let content: RoomMemberEventContent = serde_json::from_value(
|
||||
signed_event
|
||||
.get("content")
|
||||
.ok_or_else(|| err!(Request(BadJson("Event missing content property"))))?
|
||||
.clone()
|
||||
.into(),
|
||||
// First, validate the invite room state, so we can compare with the create
|
||||
// event.
|
||||
debug!(
|
||||
event_id=%body.event_id,
|
||||
room_id=%body.room_id,
|
||||
room_version=?body.room_version,
|
||||
via=?body.via,
|
||||
"Validating invite room state for invite request"
|
||||
);
|
||||
let (create_event_id, state) = validate_invite_state(
|
||||
&services,
|
||||
&body.invite_room_state,
|
||||
&room_version_rules,
|
||||
body.room_id.clone(),
|
||||
)
|
||||
.map_err(|e| err!(Request(BadJson(warn!("Event content is empty or invalid: {e}")))))?;
|
||||
.await?;
|
||||
let create_event_json = state
|
||||
.get(&StateEventType::RoomCreate.with_state_key(""))
|
||||
.expect("must have create event in invite state by this point");
|
||||
|
||||
// Ensure this is an invite membership event
|
||||
if content.membership != MembershipState::Invite {
|
||||
return Err!(Request(BadJson(
|
||||
"Not allowed to send a non-invite membership event to invite endpoint."
|
||||
)));
|
||||
}
|
||||
|
||||
// Ensure the sending user isn't a lying bozo
|
||||
let sender_user = signed_event
|
||||
// We can now perform the banned remote server check with the create event.
|
||||
// N.B. this checks the sender field, which is technically incorrect for rooms
|
||||
// v10 and below. This usually isn't the case though so sue me
|
||||
let creator = create_event_json
|
||||
.get("sender")
|
||||
.and_then(|v| v.as_str())
|
||||
.map(UserId::parse)
|
||||
.and_then(Result::ok)
|
||||
.ok_or_else(|| err!(Request(InvalidParam("Invalid sender property"))))?;
|
||||
|
||||
if sender_user.server_name() != body.identity {
|
||||
return Err!(Request(Forbidden("Sender's server does not match the origin server.",)));
|
||||
}
|
||||
|
||||
// Ensure the target user belongs to this server
|
||||
let recipient_user = signed_event
|
||||
.get("state_key")
|
||||
.and_then(|v| v.as_str())
|
||||
.map(UserId::parse)
|
||||
.and_then(Result::ok)
|
||||
.ok_or_else(|| err!(Request(InvalidParam("Invalid state_key property"))))?;
|
||||
|
||||
if !services
|
||||
.globals
|
||||
.server_is_ours(recipient_user.server_name())
|
||||
.flat_ok()
|
||||
.expect("must have valid sender in create event");
|
||||
if services
|
||||
.moderation
|
||||
.is_remote_server_forbidden(creator.server_name())
|
||||
{
|
||||
return Err!(Request(InvalidParam("User does not belong to this homeserver.")));
|
||||
return Err!(Request(Forbidden("Server is banned on this homeserver.")));
|
||||
}
|
||||
|
||||
// Make sure we're not ACL'ed from their room.
|
||||
services
|
||||
.rooms
|
||||
.event_handler
|
||||
.acl_check(recipient_user.server_name(), &body.room_id)
|
||||
.await?;
|
||||
|
||||
services
|
||||
.server_keys
|
||||
.hash_and_sign_event(&mut signed_event, &room_version_rules)
|
||||
.map_err(|e| err!(Request(InvalidParam("Failed to sign event: {e}"))))?;
|
||||
|
||||
// Generate event id
|
||||
let event_id = gen_event_id(&signed_event, &room_version_rules)?;
|
||||
|
||||
// Add event_id back
|
||||
signed_event.insert("event_id".to_owned(), CanonicalJsonValue::String(event_id.to_string()));
|
||||
// And then we can validate the member event itself
|
||||
let (mut signed_event, sender_user, recipient_user) = validate_invite_membership_event(
|
||||
&services,
|
||||
&body.event,
|
||||
&room_version_rules,
|
||||
&body.identity,
|
||||
create_event_id.clone(),
|
||||
body.room_id.clone(),
|
||||
body.event_id.clone(),
|
||||
)
|
||||
.await?;
|
||||
|
||||
if services.rooms.metadata.is_banned(&body.room_id).await
|
||||
&& !services.users.is_admin(&recipient_user).await
|
||||
{
|
||||
return Err!(Request(Forbidden("This room is banned on this homeserver.")));
|
||||
return Err!(Request(Forbidden("That room is banned on this homeserver.")));
|
||||
}
|
||||
|
||||
if services.config.block_non_admin_invites && !services.users.is_admin(&recipient_user).await
|
||||
@@ -161,30 +122,57 @@ pub(crate) async fn create_invite_route(
|
||||
return Err!(Request(Forbidden("Invite rejected by antispam service.")));
|
||||
}
|
||||
|
||||
// If we're already in the room, ensure that neither the origin nor ourselves
|
||||
// are ACL'd.
|
||||
let resident = services
|
||||
.rooms
|
||||
.state_cache
|
||||
.server_in_room(services.globals.server_name(), &body.room_id)
|
||||
.await;
|
||||
if resident {
|
||||
services
|
||||
.rooms
|
||||
.event_handler
|
||||
.acl_check(&body.identity, &body.room_id)
|
||||
.await?;
|
||||
services
|
||||
.rooms
|
||||
.event_handler
|
||||
.acl_check(recipient_user.server_name(), &body.room_id)
|
||||
.await
|
||||
.map_err(|_| err!(Request(Forbidden("This server is ACL'd from that room"))))?;
|
||||
}
|
||||
|
||||
services
|
||||
.server_keys
|
||||
.hash_and_sign_event(&mut signed_event, &room_version_rules)
|
||||
.map_err(|e| err!(Request(InvalidParam("Failed to sign event: {e}"))))?;
|
||||
|
||||
// Add event_id back
|
||||
signed_event
|
||||
.insert("event_id".to_owned(), CanonicalJsonValue::String(body.event_id.to_string()));
|
||||
|
||||
let mut invite_state = body.invite_room_state.clone();
|
||||
|
||||
let mut event: JsonObject = serde_json::from_str(body.event.get())
|
||||
.map_err(|e| err!(Request(BadJson("Invalid invite event PDU: {e}"))))?;
|
||||
|
||||
event.insert("event_id".to_owned(), "$placeholder".into());
|
||||
|
||||
let pdu: PduEvent = serde_json::from_value(event.into())
|
||||
.map_err(|e| err!(Request(BadJson("Invalid invite event PDU: {e}"))))?;
|
||||
|
||||
invite_state.push(RawStrippedState::Pdu(
|
||||
serde_json::value::to_raw_value(&pdu).expect("PDU was just created, it must be valid"),
|
||||
));
|
||||
let pdu = PduEvent::from_id_val(&body.event_id, signed_event.clone())
|
||||
.expect("must be able to create PDU object");
|
||||
invite_state.push(RawStrippedState::Pdu(serde_json::value::to_raw_value(&signed_event)?));
|
||||
|
||||
// If we are active in the room, the remote server will notify us about the
|
||||
// join/invite through /send. If we are not in the room, we need to manually
|
||||
// record the invited state for client /sync through update_membership(), and
|
||||
// send the invite PDU to the relevant appservices.
|
||||
if !services
|
||||
.rooms
|
||||
.state_cache
|
||||
.server_in_room(services.globals.server_name(), &body.room_id)
|
||||
.await
|
||||
{
|
||||
if !resident {
|
||||
// We will start by recording the room's create event as an outlier.
|
||||
// This will allow us to recognise it later in case the sender revokes the
|
||||
// invite over federation later. We could store more state from the invite
|
||||
// request, but we will get that during send_join anyway.
|
||||
// This is safe to just add directly as an outlier as we already auth checked it
|
||||
// during validation.
|
||||
services
|
||||
.rooms
|
||||
.outlier
|
||||
.add_pdu_outlier(&create_event_id, create_event_json);
|
||||
|
||||
services
|
||||
.rooms
|
||||
.state_cache
|
||||
@@ -240,3 +228,197 @@ pub(crate) async fn create_invite_route(
|
||||
.await,
|
||||
))
|
||||
}
|
||||
|
||||
/// Validates the *membership event* in the invite request, per the steps listed
|
||||
/// under the invite endpoint's [spec].
|
||||
///
|
||||
/// Returns the validated JSON body, sender user ID, and recipient user ID.
|
||||
///
|
||||
/// Since this function performs a PDU format check, the create event must be
|
||||
/// known ahead of time. This implies validating the invite state before the
|
||||
/// invite event itself.
|
||||
///
|
||||
/// [spec]: https://spec.matrix.org/v1.19/server-server-api/#put_matrixfederationv2inviteroomideventid
|
||||
async fn validate_invite_membership_event(
|
||||
services: &crate::State,
|
||||
body: &serde_json::value::RawValue,
|
||||
room_version_rules: &RoomVersionRules,
|
||||
origin: &ServerName,
|
||||
create_event_id: OwnedEventId,
|
||||
room_id: OwnedRoomId,
|
||||
event_id: OwnedEventId,
|
||||
) -> Result<(CanonicalJsonObject, OwnedUserId, OwnedUserId)> {
|
||||
trace!(?body, "Invite membership event");
|
||||
let (pdu, target_membership, sender_user, recipient_user) = validate_any_membership_event(
|
||||
services,
|
||||
body,
|
||||
room_version_rules,
|
||||
create_event_id,
|
||||
room_id,
|
||||
event_id,
|
||||
)
|
||||
.await?;
|
||||
|
||||
// Ensure the sender belongs to the remote that is sending the invite
|
||||
if sender_user.server_name() != origin {
|
||||
return Err!(Request(Forbidden("Sender belongs to a different server")));
|
||||
}
|
||||
|
||||
// Ensure the target user belongs to this server
|
||||
if !services
|
||||
.globals
|
||||
.server_is_ours(recipient_user.server_name())
|
||||
{
|
||||
return Err!(Request(InvalidParam("Recipient does not belong to this homeserver")));
|
||||
}
|
||||
|
||||
if target_membership != MembershipState::Invite {
|
||||
return Err!(Request(BadJson("Invalid membership (expected `invite`)")));
|
||||
}
|
||||
|
||||
Ok((pdu, sender_user, recipient_user))
|
||||
}
|
||||
|
||||
/// Validates the *invite state* of an invite request, per the steps listed
|
||||
/// under the endpoint's [spec].
|
||||
///
|
||||
/// Returns the create event's event ID, and the partial state map.
|
||||
///
|
||||
/// [spec]: https://spec.matrix.org/v1.19/server-server-api/#put_matrixfederationv2inviteroomideventid
|
||||
async fn validate_invite_state(
|
||||
services: &crate::State,
|
||||
invite_state: &[RawStrippedState],
|
||||
room_version_rules: &RoomVersionRules,
|
||||
room_id: OwnedRoomId,
|
||||
) -> Result<(OwnedEventId, HashMap<(StateEventType, StateKey), CanonicalJsonObject>)> {
|
||||
trace!(?invite_state, "Raw invite state");
|
||||
let mut invite_state_map: HashMap<(StateEventType, StateKey), _> =
|
||||
HashMap::with_capacity(invite_state.len());
|
||||
let mut create_event_id: Option<OwnedEventId> = None;
|
||||
|
||||
for (idx, invite_state_event) in invite_state.iter().cloned().enumerate() {
|
||||
trace!(%idx, ?invite_state_event, "Invite state event");
|
||||
// Stripped state hasn't been sent over federation since v1.16.
|
||||
let RawStrippedState::Pdu(raw_pdu) = invite_state_event else {
|
||||
debug!(%idx, "Invite state event is not a PDU");
|
||||
return Err!(Request(InvalidParam(
|
||||
"PDU in invite state (index {idx}) violates the room event format"
|
||||
)));
|
||||
};
|
||||
let (state_event_room_id, state_event_id, state_event_json) = services
|
||||
.rooms
|
||||
.event_handler
|
||||
.parse_incoming_pdu(&raw_pdu, Some(room_version_rules))
|
||||
.await
|
||||
.map_err(|e| {
|
||||
err!(Request(InvalidParam(debug_warn!("Invalid PDU in invite state: {e}"))))
|
||||
})?;
|
||||
|
||||
if state_event_room_id != room_id {
|
||||
return Err!(Request(InvalidParam(debug_warn!(
|
||||
%state_event_room_id,
|
||||
%room_id,
|
||||
"PDU in invite state ({state_event_id}) belongs to the wrong room"
|
||||
))));
|
||||
}
|
||||
|
||||
services
|
||||
.server_keys
|
||||
.verify_event(&state_event_json, room_version_rules)
|
||||
.await
|
||||
.map_err(|e| {
|
||||
err!(Request(InvalidParam("Signature verification failed on invite event: {e}")))
|
||||
})?;
|
||||
|
||||
let Some(state_key) = state_event_json.get("state_key").and_then(|k| k.as_str()) else {
|
||||
return Err!(Request(InvalidParam(debug_info!(
|
||||
"PDU in invite state ({state_event_id}) is not a state event"
|
||||
))));
|
||||
};
|
||||
let Some(event_type) = state_event_json.get("type").and_then(|k| k.as_str()) else {
|
||||
return Err!(Request(InvalidParam(debug_warn!(
|
||||
"PDU in invite state ({state_event_id}) is not an event?"
|
||||
))));
|
||||
};
|
||||
|
||||
let key = StateEventType::from(event_type).with_state_key(state_key);
|
||||
match invite_state_map.entry(key) {
|
||||
| Entry::Occupied(entry) =>
|
||||
return Err!(Request(InvalidParam(
|
||||
"Duplicate state events in invite state for state key: {:?}",
|
||||
entry.key(),
|
||||
))),
|
||||
| Entry::Vacant(entry) => {
|
||||
if entry.key().0 == StateEventType::RoomCreate {
|
||||
// Ensure this is a legal create event.
|
||||
let pdu_event =
|
||||
PduEvent::from_id_val(&state_event_id, state_event_json.clone())
|
||||
.expect("must be able to create pdu event from event json");
|
||||
debug!("Validating discovered create event in invite room state");
|
||||
validate_invite_create_event(&pdu_event, room_version_rules).await?;
|
||||
create_event_id = Some(state_event_id);
|
||||
}
|
||||
entry.insert(state_event_json);
|
||||
},
|
||||
}
|
||||
}
|
||||
let Some(create_event_id) = create_event_id else {
|
||||
return Err!(Request(InvalidParam(debug_warn!(
|
||||
parsed_state=?invite_state_map,
|
||||
"Invite state does not contain the m.room.create event"
|
||||
))));
|
||||
};
|
||||
invite_state_map.iter().try_for_each(|(key, event_json)| {
|
||||
service::rooms::event_handler::Service::pdu_format_check_1(
|
||||
event_json,
|
||||
room_version_rules,
|
||||
&create_event_id,
|
||||
)
|
||||
.map_err(|e| {
|
||||
err!(Request(InvalidParam(
|
||||
"PDU in invite state for {key:?} violates the room event format: {e}"
|
||||
)))
|
||||
})
|
||||
})?;
|
||||
|
||||
Ok((create_event_id, invite_state_map))
|
||||
}
|
||||
|
||||
#[derive(Deserialize)]
|
||||
struct MFederate {
|
||||
#[serde(rename = "m.federate")]
|
||||
mfederate: Option<bool>,
|
||||
}
|
||||
|
||||
/// Validates that a create event is suitable for the invite, namely:
|
||||
///
|
||||
/// 1. It passes auth checks (aka is valid)
|
||||
/// 2. The room is federated (there's no point persisting unfederated rooms)
|
||||
async fn validate_invite_create_event(
|
||||
pdu: &PduEvent,
|
||||
room_version_rules: &RoomVersionRules,
|
||||
) -> Result {
|
||||
if !state_res::auth_check(
|
||||
room_version_rules,
|
||||
pdu,
|
||||
None,
|
||||
|_, _| async {
|
||||
unreachable!("No state should be fetched when processing a lone create event");
|
||||
},
|
||||
pdu,
|
||||
)
|
||||
.await
|
||||
.unwrap_or_default()
|
||||
{
|
||||
return Err!(Request(InvalidParam("m.room.create event fails auth check")));
|
||||
}
|
||||
|
||||
let can_federate = pdu.get_content::<MFederate>()?.mfederate;
|
||||
if !can_federate.unwrap_or(true) {
|
||||
return Err!(Request(InvalidParam(
|
||||
"Cannot receive invites to a room with m.federate=false"
|
||||
)));
|
||||
}
|
||||
|
||||
Ok(())
|
||||
}
|
||||
|
||||
@@ -75,14 +75,6 @@ pub(crate) async fn create_join_event_template_route(
|
||||
return Err!(Request(Forbidden("Server is banned on this homeserver.")));
|
||||
}
|
||||
|
||||
if let Some(server) = body.room_id.server_name() {
|
||||
if services.moderation.is_remote_server_forbidden(server) {
|
||||
return Err!(Request(Forbidden(warn!(
|
||||
"Room ID server name {server} is banned on this homeserver."
|
||||
))));
|
||||
}
|
||||
}
|
||||
|
||||
let room_version = services.rooms.state.get_room_version(&body.room_id).await?;
|
||||
let room_version_rules = room_version.rules().unwrap();
|
||||
if !body.ver.contains(&room_version) {
|
||||
|
||||
@@ -58,12 +58,6 @@ pub(crate) async fn create_knock_event_template_route(
|
||||
return Err!(Request(Forbidden("Server is banned on this homeserver.")));
|
||||
}
|
||||
|
||||
if let Some(server) = body.room_id.server_name() {
|
||||
if services.moderation.is_remote_server_forbidden(server) {
|
||||
return Err!(Request(Forbidden("Server is banned on this homeserver.")));
|
||||
}
|
||||
}
|
||||
|
||||
let room_version = services.rooms.state.get_room_version(&body.room_id).await?;
|
||||
let room_version_rules = room_version.rules().unwrap();
|
||||
|
||||
|
||||
@@ -27,6 +27,7 @@ pub(crate) async fn create_leave_event_template_route(
|
||||
{
|
||||
info!(
|
||||
origin = body.identity.as_str(),
|
||||
room_id = %body.room_id,
|
||||
"Refusing to serve make_leave for room we aren't participating in"
|
||||
);
|
||||
return Err!(Request(NotFound("This server is not participating in that room.")));
|
||||
|
||||
+3
-16
@@ -1,5 +1,4 @@
|
||||
use axum::extract::State;
|
||||
use axum_client_ip::ClientIp;
|
||||
use conduwuit::{Err, Result, utils::content_disposition::make_content_disposition};
|
||||
use conduwuit_service::media::{Dim, FileMeta};
|
||||
use ruma::api::federation::authenticated_media::{
|
||||
@@ -7,20 +6,14 @@
|
||||
};
|
||||
use service::media::mxc::Mxc;
|
||||
|
||||
use crate::Ruma;
|
||||
use crate::{Ruma, client_ip::ClientIp};
|
||||
|
||||
/// # `GET /_matrix/federation/v1/media/download/{mediaId}`
|
||||
///
|
||||
/// Load media from our server.
|
||||
#[tracing::instrument(
|
||||
name = "media_get",
|
||||
level = "debug",
|
||||
skip_all,
|
||||
fields(%client)
|
||||
)]
|
||||
#[tracing::instrument(name = "media_get", level = "debug", skip_all)]
|
||||
pub(crate) async fn get_content_route(
|
||||
State(services): State<crate::State>,
|
||||
ClientIp(client): ClientIp,
|
||||
body: Ruma<get_content::v1::Request>,
|
||||
) -> Result<get_content::v1::Response> {
|
||||
let mxc = Mxc {
|
||||
@@ -54,15 +47,9 @@ pub(crate) async fn get_content_route(
|
||||
/// # `GET /_matrix/federation/v1/media/thumbnail/{mediaId}`
|
||||
///
|
||||
/// Load media thumbnail from our server.
|
||||
#[tracing::instrument(
|
||||
name = "media_thumbnail_get",
|
||||
level = "debug",
|
||||
skip_all,
|
||||
fields(%client)
|
||||
)]
|
||||
#[tracing::instrument(name = "media_thumbnail_get", level = "debug", skip_all)]
|
||||
pub(crate) async fn get_content_thumbnail_route(
|
||||
State(services): State<crate::State>,
|
||||
ClientIp(client): ClientIp,
|
||||
body: Ruma<get_content_thumbnail::v1::Request>,
|
||||
) -> Result<get_content_thumbnail::v1::Response> {
|
||||
let dim = Dim::from_ruma(body.width, body.height, body.method.clone())?;
|
||||
|
||||
@@ -1,5 +1,4 @@
|
||||
use axum::extract::State;
|
||||
use axum_client_ip::ClientIp;
|
||||
use conduwuit::{Err, Result, err};
|
||||
use ruma::{
|
||||
api::federation::directory::{get_public_rooms, get_public_rooms_filtered},
|
||||
@@ -7,15 +6,14 @@
|
||||
directory::Filter,
|
||||
};
|
||||
|
||||
use crate::Ruma;
|
||||
use crate::{Ruma, client_ip::ClientIp};
|
||||
|
||||
/// # `POST /_matrix/federation/v1/publicRooms`
|
||||
///
|
||||
/// Lists the public rooms on this server.
|
||||
#[tracing::instrument(name = "publicrooms", level = "debug", skip_all, fields(%client))]
|
||||
#[tracing::instrument(name = "publicrooms", level = "debug", skip_all)]
|
||||
pub(crate) async fn get_public_rooms_filtered_route(
|
||||
State(services): State<crate::State>,
|
||||
ClientIp(client): ClientIp,
|
||||
body: Ruma<get_public_rooms_filtered::v1::Request>,
|
||||
) -> Result<get_public_rooms_filtered::v1::Response> {
|
||||
if !services
|
||||
@@ -48,10 +46,9 @@ pub(crate) async fn get_public_rooms_filtered_route(
|
||||
/// # `GET /_matrix/federation/v1/publicRooms`
|
||||
///
|
||||
/// Lists the public rooms on this server.
|
||||
#[tracing::instrument(name = "publicrooms", level = "debug", skip_all, fields(%client))]
|
||||
#[tracing::instrument(name = "publicrooms", level = "debug", skip_all)]
|
||||
pub(crate) async fn get_public_rooms_route(
|
||||
State(services): State<crate::State>,
|
||||
ClientIp(client): ClientIp,
|
||||
body: Ruma<get_public_rooms::v1::Request>,
|
||||
) -> Result<get_public_rooms::v1::Response> {
|
||||
if !services
|
||||
|
||||
+25
-53
@@ -1,11 +1,9 @@
|
||||
use std::{
|
||||
collections::{BTreeMap, HashMap},
|
||||
net::IpAddr,
|
||||
time::{Duration, Instant},
|
||||
};
|
||||
|
||||
use axum::extract::State;
|
||||
use axum_client_ip::ClientIp;
|
||||
use conduwuit::{
|
||||
Err, Error, Result, debug, debug_error, debug_warn, err, error,
|
||||
result::LogErr,
|
||||
@@ -47,7 +45,7 @@
|
||||
use tokio::sync::watch::{Receiver, Sender};
|
||||
use tracing::instrument;
|
||||
|
||||
use crate::Ruma;
|
||||
use crate::{Ruma, client_ip::ClientIp};
|
||||
|
||||
type ResolvedMap = BTreeMap<OwnedEventId, Result>;
|
||||
type Pdu = (OwnedRoomId, OwnedEventId, CanonicalJsonObject);
|
||||
@@ -57,7 +55,6 @@
|
||||
/// Push EDUs and PDUs to this server.
|
||||
pub(crate) async fn send_transaction_message_route(
|
||||
State(services): State<crate::State>,
|
||||
ClientIp(client): ClientIp,
|
||||
body: Ruma<send_transaction_message::v1::Request>,
|
||||
) -> Result<send_transaction_message::v1::Response> {
|
||||
if body.identity != body.body.origin {
|
||||
@@ -98,7 +95,7 @@ pub(crate) async fn send_transaction_message_route(
|
||||
services
|
||||
.server
|
||||
.runtime()
|
||||
.spawn(process_inbound_transaction(services, body, client, txn_key, sender));
|
||||
.spawn(process_inbound_transaction(services, body, txn_key, sender));
|
||||
// and wait for it
|
||||
wait_for_result(receiver).await
|
||||
},
|
||||
@@ -141,7 +138,6 @@ async fn wait_for_result(
|
||||
async fn process_inbound_transaction(
|
||||
services: crate::State,
|
||||
body: Ruma<send_transaction_message::v1::Request>,
|
||||
client: IpAddr,
|
||||
txn_key: TxnKey,
|
||||
sender: Sender<WrappedTransactionResponse>,
|
||||
) {
|
||||
@@ -150,7 +146,7 @@ async fn process_inbound_transaction(
|
||||
.pdus
|
||||
.iter()
|
||||
.stream()
|
||||
.broad_then(|pdu| services.rooms.event_handler.parse_incoming_pdu(pdu))
|
||||
.broad_then(|pdu| services.rooms.event_handler.parse_incoming_pdu(pdu, None))
|
||||
.inspect_err(|e| warn!("Could not parse incoming PDU: {e}"))
|
||||
.ready_filter_map(Result::ok);
|
||||
|
||||
@@ -163,7 +159,7 @@ async fn process_inbound_transaction(
|
||||
.stream();
|
||||
|
||||
debug!(pdus = body.pdus.len(), edus = body.edus.len(), "Processing transaction",);
|
||||
let results = match handle(&services, &client, &body.identity, pdus, edus).await {
|
||||
let results = match handle(&services, &body.identity, pdus, edus).await {
|
||||
| Ok(results) => results,
|
||||
| Err(err) => {
|
||||
fail_federation_txn(services, &txn_key, &sender, err);
|
||||
@@ -236,12 +232,11 @@ fn transaction_error_to_response(err: &TransactionError) -> Error {
|
||||
}
|
||||
async fn handle(
|
||||
services: &Services,
|
||||
client: &IpAddr,
|
||||
origin: &ServerName,
|
||||
pdus: impl Stream<Item = Pdu> + Send,
|
||||
edus: impl Stream<Item = Edu> + Send,
|
||||
) -> std::result::Result<ResolvedMap, TransactionError> {
|
||||
// group pdus by room
|
||||
// Group PDUs by room for parallel processing
|
||||
let pdus = pdus
|
||||
.collect()
|
||||
.map(|mut pdus: Vec<_>| {
|
||||
@@ -252,12 +247,12 @@ async fn handle(
|
||||
})
|
||||
.await;
|
||||
|
||||
// we can evaluate rooms concurrently
|
||||
// Evaluate rooms in parallel
|
||||
let results: ResolvedMap = pdus
|
||||
.into_iter()
|
||||
.try_stream()
|
||||
.broad_and_then(|(room_id, pdus): (_, Vec<_>)| {
|
||||
handle_room(services, client, origin, room_id, pdus.into_iter())
|
||||
handle_room(services, origin, room_id, pdus.into_iter())
|
||||
.map_ok(Vec::into_iter)
|
||||
.map_ok(IterStream::try_stream)
|
||||
})
|
||||
@@ -266,8 +261,8 @@ async fn handle(
|
||||
.boxed()
|
||||
.await?;
|
||||
|
||||
// evaluate edus after pdus, at least for now.
|
||||
edus.for_each_concurrent(automatic_width(), |edu| handle_edu(services, client, origin, edu))
|
||||
// Evaluate EDUs after PDUs in case some of the PDUs then forbid some EDUs.
|
||||
edus.for_each_concurrent(automatic_width(), |edu| handle_edu(services, origin, edu))
|
||||
.boxed()
|
||||
.await;
|
||||
|
||||
@@ -276,7 +271,6 @@ async fn handle(
|
||||
|
||||
async fn handle_room(
|
||||
services: &Services,
|
||||
_client: &IpAddr,
|
||||
origin: &ServerName,
|
||||
room_id: OwnedRoomId,
|
||||
pdus: impl Iterator<Item = Pdu> + Send,
|
||||
@@ -296,20 +290,12 @@ async fn handle_room(
|
||||
// Try to sort PDUs by their dependencies, but fall back to arbitrary order on
|
||||
// failure (e.g., cycles). This is best-effort; proper ordering is the sender's
|
||||
// responsibility.
|
||||
let sorted_event_ids = if pdu_map.len() >= 2 {
|
||||
let refmap = pdu_map
|
||||
.iter()
|
||||
.map(|(event_id, obj)| (event_id.clone(), obj))
|
||||
.collect();
|
||||
build_local_dag(&refmap, DagBuilderTree::PrevEvents)
|
||||
.await
|
||||
.unwrap_or_else(|e| {
|
||||
debug_warn!("Failed to build local DAG for room {room_id}: {e}");
|
||||
pdu_map.keys().cloned().collect()
|
||||
})
|
||||
} else {
|
||||
pdu_map.keys().cloned().collect()
|
||||
};
|
||||
let sorted_event_ids = build_local_dag(&pdu_map, DagBuilderTree::PrevEvents)
|
||||
.await
|
||||
.unwrap_or_else(|e| {
|
||||
debug_warn!("Failed to build local DAG for room {room_id}: {e}");
|
||||
pdu_map.keys().cloned().collect()
|
||||
});
|
||||
let mut results = Vec::with_capacity(sorted_event_ids.len());
|
||||
for event_id in sorted_event_ids {
|
||||
let value = pdu_map
|
||||
@@ -322,7 +308,7 @@ async fn handle_room(
|
||||
let result = services
|
||||
.rooms
|
||||
.event_handler
|
||||
.handle_incoming_pdu(origin, room_id, &event_id, value.clone(), true)
|
||||
.handle_incoming_pdu(origin, room_id, &event_id, value, false)
|
||||
.boxed()
|
||||
.await
|
||||
.map(|_| ());
|
||||
@@ -331,25 +317,25 @@ async fn handle_room(
|
||||
Ok(results)
|
||||
}
|
||||
|
||||
async fn handle_edu(services: &Services, client: &IpAddr, origin: &ServerName, edu: Edu) {
|
||||
async fn handle_edu(services: &Services, origin: &ServerName, edu: Edu) {
|
||||
match edu {
|
||||
| Edu::Presence(presence) if services.server.config.allow_incoming_presence =>
|
||||
handle_edu_presence(services, client, origin, presence).await,
|
||||
handle_edu_presence(services, origin, presence).await,
|
||||
|
||||
| Edu::Receipt(receipt) if services.server.config.allow_incoming_read_receipts =>
|
||||
handle_edu_receipt(services, client, origin, receipt).await,
|
||||
handle_edu_receipt(services, origin, receipt).await,
|
||||
|
||||
| Edu::Typing(typing) if services.server.config.allow_incoming_typing =>
|
||||
handle_edu_typing(services, client, origin, typing).await,
|
||||
handle_edu_typing(services, origin, typing).await,
|
||||
|
||||
| Edu::DeviceListUpdate(content) =>
|
||||
handle_edu_device_list_update(services, client, origin, content).await,
|
||||
handle_edu_device_list_update(services, origin, content).await,
|
||||
|
||||
| Edu::DirectToDevice(content) =>
|
||||
handle_edu_direct_to_device(services, client, origin, content).await,
|
||||
handle_edu_direct_to_device(services, origin, content).await,
|
||||
|
||||
| Edu::SigningKeyUpdate(content) =>
|
||||
handle_edu_signing_key_update(services, client, origin, content).await,
|
||||
handle_edu_signing_key_update(services, origin, content).await,
|
||||
|
||||
| Edu::_Custom(ref _custom) => debug_warn!(?edu, "received custom/unknown EDU"),
|
||||
|
||||
@@ -359,7 +345,6 @@ async fn handle_edu(services: &Services, client: &IpAddr, origin: &ServerName, e
|
||||
|
||||
async fn handle_edu_presence(
|
||||
services: &Services,
|
||||
_client: &IpAddr,
|
||||
origin: &ServerName,
|
||||
presence: PresenceContent,
|
||||
) {
|
||||
@@ -400,12 +385,7 @@ async fn handle_edu_presence_update(
|
||||
.ok();
|
||||
}
|
||||
|
||||
async fn handle_edu_receipt(
|
||||
services: &Services,
|
||||
_client: &IpAddr,
|
||||
origin: &ServerName,
|
||||
receipt: ReceiptContent,
|
||||
) {
|
||||
async fn handle_edu_receipt(services: &Services, origin: &ServerName, receipt: ReceiptContent) {
|
||||
receipt
|
||||
.receipts
|
||||
.into_iter()
|
||||
@@ -500,12 +480,7 @@ async fn handle_edu_receipt_room_user(
|
||||
.await;
|
||||
}
|
||||
|
||||
async fn handle_edu_typing(
|
||||
services: &Services,
|
||||
_client: &IpAddr,
|
||||
origin: &ServerName,
|
||||
typing: TypingContent,
|
||||
) {
|
||||
async fn handle_edu_typing(services: &Services, origin: &ServerName, typing: TypingContent) {
|
||||
if typing.user_id.server_name() != origin {
|
||||
debug_warn!(
|
||||
%typing.user_id, %origin,
|
||||
@@ -565,7 +540,6 @@ async fn handle_edu_typing(
|
||||
|
||||
async fn handle_edu_device_list_update(
|
||||
services: &Services,
|
||||
_client: &IpAddr,
|
||||
origin: &ServerName,
|
||||
content: DeviceListUpdateContent,
|
||||
) {
|
||||
@@ -584,7 +558,6 @@ async fn handle_edu_device_list_update(
|
||||
|
||||
async fn handle_edu_direct_to_device(
|
||||
services: &Services,
|
||||
_client: &IpAddr,
|
||||
origin: &ServerName,
|
||||
content: DirectDeviceContent,
|
||||
) {
|
||||
@@ -704,7 +677,6 @@ async fn handle_edu_direct_to_device_event(
|
||||
|
||||
async fn handle_edu_signing_key_update(
|
||||
services: &Services,
|
||||
_client: &IpAddr,
|
||||
origin: &ServerName,
|
||||
content: SigningKeyUpdateContent,
|
||||
) {
|
||||
|
||||
+67
-115
@@ -2,34 +2,36 @@
|
||||
|
||||
use axum::extract::State;
|
||||
use conduwuit::{
|
||||
Err, Event, Result, at, debug, err, info,
|
||||
matrix::event::gen_event_id_canonical_json,
|
||||
trace,
|
||||
Err, Event, Result, at, debug, err, info, trace,
|
||||
utils::stream::{BroadbandExt, IterStream, TryBroadbandExt},
|
||||
warn,
|
||||
};
|
||||
use conduwuit_service::Services;
|
||||
use futures::{FutureExt, StreamExt, TryStreamExt};
|
||||
use ruma::{
|
||||
CanonicalJsonValue, OwnedEventId, OwnedRoomId, OwnedUserId, RoomId, ServerName,
|
||||
CanonicalJsonObject, CanonicalJsonValue, EventId, OwnedEventId, RoomId, ServerName, UserId,
|
||||
api::federation::membership::create_join_event,
|
||||
assign,
|
||||
events::{
|
||||
StateEventType, TimelineEventType,
|
||||
TimelineEventType,
|
||||
room::member::{MembershipState, RoomMemberEventContent},
|
||||
},
|
||||
room_version_rules::RoomVersionRules,
|
||||
};
|
||||
use serde_json::value::{RawValue as RawJsonValue, to_raw_value};
|
||||
use serde_json::value::to_raw_value;
|
||||
|
||||
use crate::Ruma;
|
||||
use crate::{Ruma, server::utils::validate_any_membership_event};
|
||||
|
||||
/// helper method for /send_join v1 and v2
|
||||
/// Creates a join membership event for the target, returning a computed
|
||||
/// response with room state, auth chains, etc.
|
||||
#[tracing::instrument(skip(services, pdu, omit_members), fields(room_id = room_id.as_str(), origin = origin.as_str()), level = "info")]
|
||||
async fn create_join_event(
|
||||
services: &Services,
|
||||
origin: &ServerName,
|
||||
room_id: &RoomId,
|
||||
pdu: &RawJsonValue,
|
||||
event_id: &EventId,
|
||||
room_version_rules: &RoomVersionRules,
|
||||
mut pdu: CanonicalJsonObject,
|
||||
omit_members: bool,
|
||||
) -> Result<create_join_event::v2::RoomState> {
|
||||
if !services.rooms.metadata.exists(room_id).await {
|
||||
@@ -43,6 +45,7 @@ async fn create_join_event(
|
||||
{
|
||||
info!(
|
||||
origin = origin.as_str(),
|
||||
room_id = %room_id,
|
||||
"Refusing to serve send_join for room we aren't participating in"
|
||||
);
|
||||
return Err!(Request(NotFound("This server is not participating in that room.")));
|
||||
@@ -64,94 +67,25 @@ async fn create_join_event(
|
||||
.await
|
||||
.map_err(|e| err!(Request(NotFound(error!("Room has no state: {e}")))))?;
|
||||
|
||||
// We do not add the event_id field to the pdu here because of signature and
|
||||
// hashes checks
|
||||
trace!("Getting room version");
|
||||
let room_version = services.rooms.state.get_room_version(room_id).await?;
|
||||
let room_version_rules = room_version.rules().unwrap();
|
||||
|
||||
trace!("Generating event ID and converting to canonical json");
|
||||
let Ok((event_id, mut value)) = gen_event_id_canonical_json(pdu, &room_version_rules) else {
|
||||
// Event could not be converted to canonical json
|
||||
return Err!(Request(BadJson("Could not convert event to canonical json.")));
|
||||
};
|
||||
|
||||
let event_room_id: OwnedRoomId = serde_json::from_value(
|
||||
value
|
||||
.get("room_id")
|
||||
.ok_or_else(|| err!(Request(BadJson("Event missing room_id property."))))?
|
||||
.clone()
|
||||
.into(),
|
||||
)
|
||||
.map_err(|e| err!(Request(BadJson(warn!("room_id field is not a valid room ID: {e}")))))?;
|
||||
|
||||
if event_room_id != room_id {
|
||||
return Err!(Request(BadJson("Event room_id does not match request path room ID.")));
|
||||
}
|
||||
|
||||
let event_type: StateEventType = serde_json::from_value(
|
||||
value
|
||||
.get("type")
|
||||
.ok_or_else(|| err!(Request(BadJson("Event missing type property."))))?
|
||||
.clone()
|
||||
.into(),
|
||||
)
|
||||
.map_err(|e| err!(Request(BadJson(warn!("Event has invalid state event type: {e}")))))?;
|
||||
|
||||
if event_type != StateEventType::RoomMember {
|
||||
return Err!(Request(BadJson(
|
||||
"Not allowed to send non-membership state event to join endpoint."
|
||||
)));
|
||||
}
|
||||
let sender = pdu
|
||||
.get("sender")
|
||||
.and_then(|v| v.as_str())
|
||||
.map(UserId::parse)
|
||||
.and_then(Result::ok)
|
||||
.expect("sender was already validated");
|
||||
|
||||
let content: RoomMemberEventContent = serde_json::from_value(
|
||||
value
|
||||
.get("content")
|
||||
pdu.get("content")
|
||||
.ok_or_else(|| err!(Request(BadJson("Event missing content property"))))?
|
||||
.clone()
|
||||
.into(),
|
||||
)
|
||||
.map_err(|e| err!(Request(BadJson(warn!("Event content is empty or invalid: {e}")))))?;
|
||||
|
||||
if content.membership != MembershipState::Join {
|
||||
return Err!(Request(BadJson(
|
||||
"Not allowed to send a non-join membership event to join endpoint."
|
||||
)));
|
||||
}
|
||||
|
||||
let sender: OwnedUserId = serde_json::from_value(
|
||||
value
|
||||
.get("sender")
|
||||
.ok_or_else(|| err!(Request(BadJson("Event missing sender property."))))?
|
||||
.clone()
|
||||
.into(),
|
||||
)
|
||||
.map_err(|e| err!(Request(BadJson(warn!("sender property is not a valid user ID: {e}")))))?;
|
||||
|
||||
// check if origin server is trying to send for another server
|
||||
if sender.server_name() != origin {
|
||||
return Err!(Request(Forbidden("Not allowed to join on behalf of another server.")));
|
||||
}
|
||||
|
||||
let state_key: OwnedUserId = serde_json::from_value(
|
||||
value
|
||||
.get("state_key")
|
||||
.ok_or_else(|| err!(Request(BadJson("Event missing state_key property."))))?
|
||||
.clone()
|
||||
.into(),
|
||||
)
|
||||
.map_err(|e| err!(Request(BadJson(warn!("State key is not a valid user ID: {e}")))))?;
|
||||
|
||||
if state_key != sender {
|
||||
return Err!(Request(BadJson("State key does not match sender user.")));
|
||||
}
|
||||
|
||||
if let Some(authorising_user) = content.join_authorized_via_users_server {
|
||||
use ruma::RoomVersionId::*;
|
||||
|
||||
if matches!(room_version, V1 | V2 | V3 | V4 | V5 | V6 | V7) {
|
||||
if !room_version_rules.authorization.restricted_join_rule {
|
||||
return Err!(Request(InvalidParam(
|
||||
"Room version {room_version} does not support restricted rooms but \
|
||||
"Room version does not support restricted rooms but \
|
||||
join_authorised_via_users_server ({authorising_user}) was found in the event."
|
||||
)));
|
||||
}
|
||||
@@ -174,8 +108,7 @@ async fn create_join_event(
|
||||
they cannot authorise your join."
|
||||
)));
|
||||
}
|
||||
|
||||
if !super::user_can_perform_restricted_join(services, &state_key, room_id).await? {
|
||||
if !super::user_can_perform_restricted_join(services, &sender, room_id).await? {
|
||||
return Err!(Request(UnableToAuthorizeJoin(
|
||||
"Joining user did not pass restricted room's rules."
|
||||
)));
|
||||
@@ -183,7 +116,7 @@ async fn create_join_event(
|
||||
|
||||
services
|
||||
.server_keys
|
||||
.hash_and_sign_event(&mut value, &room_version_rules)
|
||||
.hash_and_sign_event(&mut pdu, room_version_rules)
|
||||
.map_err(|e| {
|
||||
err!(Request(InvalidParam(warn!("Failed to sign send_join event: {e}"))))
|
||||
})?;
|
||||
@@ -200,7 +133,7 @@ async fn create_join_event(
|
||||
let pdu_id = services
|
||||
.rooms
|
||||
.event_handler
|
||||
.handle_incoming_pdu(sender.server_name(), room_id, &event_id, value.clone(), true)
|
||||
.handle_incoming_pdu(sender.server_name(), room_id, event_id, pdu.clone(), false)
|
||||
.boxed()
|
||||
.await?
|
||||
.ok_or_else(|| err!(Request(InvalidParam("Could not accept as timeline event."))))?;
|
||||
@@ -220,14 +153,12 @@ async fn create_join_event(
|
||||
.iter()
|
||||
.try_stream()
|
||||
.broad_filter_map(|event_id| async move {
|
||||
if omit_members {
|
||||
if let Ok(e) = event_id.as_ref() {
|
||||
let pdu = services.rooms.timeline.get_pdu(e).await;
|
||||
if pdu.is_ok_and(|p| *p.kind() == TimelineEventType::RoomMember) {
|
||||
trace!("omitting member event {e:?} from returned state");
|
||||
// skip members
|
||||
return None;
|
||||
}
|
||||
if omit_members && let Ok(e) = event_id.as_ref() {
|
||||
let pdu = services.rooms.timeline.get_pdu(e).await;
|
||||
if pdu.is_ok_and(|p| *p.kind() == TimelineEventType::RoomMember) {
|
||||
trace!("omitting member event {e:?} from returned state");
|
||||
// skip members
|
||||
return None;
|
||||
}
|
||||
}
|
||||
Some(event_id)
|
||||
@@ -289,7 +220,7 @@ async fn create_join_event(
|
||||
Ok(assign!(create_join_event::v2::RoomState::new(), {
|
||||
auth_chain,
|
||||
state,
|
||||
event: to_raw_value(&CanonicalJsonValue::Object(value)).ok(),
|
||||
event: to_raw_value(&CanonicalJsonValue::Object(pdu)).ok(),
|
||||
members_omitted: omit_members,
|
||||
servers_in_room,
|
||||
}))
|
||||
@@ -309,24 +240,45 @@ pub(crate) async fn create_join_event_v2_route(
|
||||
return Err!(Request(Forbidden("Server is banned on this homeserver.")));
|
||||
}
|
||||
|
||||
if let Some(server) = body.room_id.server_name() {
|
||||
if services.moderation.is_remote_server_forbidden(server) {
|
||||
warn!(
|
||||
"Server {} tried joining room ID {} through us which has a server name that is \
|
||||
globally forbidden. Rejecting.",
|
||||
body.identity, &body.room_id,
|
||||
);
|
||||
return Err!(Request(Forbidden(warn!(
|
||||
"Room ID server name {server} is banned on this homeserver."
|
||||
))));
|
||||
}
|
||||
let room_version = services.rooms.state.get_room_version(&body.room_id).await?;
|
||||
let create_event = services
|
||||
.rooms
|
||||
.state_accessor
|
||||
.get_room_create_event(&body.room_id)
|
||||
.await;
|
||||
let room_version_rules = room_version.rules().unwrap();
|
||||
|
||||
let (value, membership, sender, target) = validate_any_membership_event(
|
||||
&services,
|
||||
&body.pdu,
|
||||
&room_version_rules,
|
||||
create_event.event_id.clone(),
|
||||
body.room_id.clone(),
|
||||
body.event_id.clone(),
|
||||
)
|
||||
.await?;
|
||||
if membership != MembershipState::Join {
|
||||
return Err!(Request(InvalidParam("Invalid membership (expected `join`)")));
|
||||
}
|
||||
if sender.server_name() != body.identity {
|
||||
return Err!(Request(InvalidParam("Sender belongs to a different server")));
|
||||
}
|
||||
if sender != target {
|
||||
return Err!(Request(InvalidParam("Sender does not match state key")));
|
||||
}
|
||||
|
||||
let now = Instant::now();
|
||||
let room_state =
|
||||
create_join_event(&services, &body.identity, &body.room_id, &body.pdu, body.omit_members)
|
||||
.boxed()
|
||||
.await?;
|
||||
let room_state = create_join_event(
|
||||
&services,
|
||||
&body.identity,
|
||||
&body.room_id,
|
||||
&body.event_id,
|
||||
&room_version_rules,
|
||||
value,
|
||||
body.omit_members,
|
||||
)
|
||||
.boxed()
|
||||
.await?;
|
||||
info!(
|
||||
"Finished sending a join for {} in {} in {:?}",
|
||||
body.identity,
|
||||
|
||||
@@ -1,21 +1,11 @@
|
||||
use axum::extract::State;
|
||||
use conduwuit::{
|
||||
Err, Result, err, info,
|
||||
matrix::{event::gen_event_id_canonical_json, pdu::PduEvent},
|
||||
warn,
|
||||
};
|
||||
use conduwuit::{Err, Event, Result, debug_info, err, matrix::pdu::PduEvent, warn};
|
||||
use futures::FutureExt;
|
||||
use ruma::{
|
||||
OwnedUserId,
|
||||
api::federation::membership::create_knock_event,
|
||||
events::{
|
||||
StateEventType,
|
||||
room::member::{MembershipState, RoomMemberEventContent},
|
||||
},
|
||||
serde::JsonObject,
|
||||
api::federation::membership::create_knock_event, events::room::member::MembershipState,
|
||||
};
|
||||
|
||||
use crate::Ruma;
|
||||
use crate::{Ruma, server::utils::validate_any_membership_event};
|
||||
|
||||
/// # `PUT /_matrix/federation/v1/send_knock/{roomId}/{eventId}`
|
||||
///
|
||||
@@ -33,18 +23,7 @@ pub(crate) async fn create_knock_event_v1_route(
|
||||
forbidden. Rejecting.",
|
||||
body.identity, &body.room_id,
|
||||
);
|
||||
return Err!(Request(Forbidden("Server is banned on this homeserver.")));
|
||||
}
|
||||
|
||||
if let Some(server) = body.room_id.server_name() {
|
||||
if services.moderation.is_remote_server_forbidden(server) {
|
||||
warn!(
|
||||
"Server {} tried knocking room ID {} which has a server name that is globally \
|
||||
forbidden. Rejecting.",
|
||||
body.identity, &body.room_id,
|
||||
);
|
||||
return Err!(Request(Forbidden("Server is banned on this homeserver.")));
|
||||
}
|
||||
return Err!(Request(Forbidden("Federation denied with {}", body.identity)));
|
||||
}
|
||||
|
||||
if !services.rooms.metadata.exists(&body.room_id).await {
|
||||
@@ -57,8 +36,9 @@ pub(crate) async fn create_knock_event_v1_route(
|
||||
.server_in_room(services.globals.server_name(), &body.room_id)
|
||||
.await
|
||||
{
|
||||
info!(
|
||||
debug_info!(
|
||||
origin = body.identity.as_str(),
|
||||
room_id = %body.room_id,
|
||||
"Refusing to serve send_knock for room we aren't participating in"
|
||||
);
|
||||
return Err!(Request(NotFound("This server is not participating in that room.")));
|
||||
@@ -72,88 +52,40 @@ pub(crate) async fn create_knock_event_v1_route(
|
||||
.await?;
|
||||
|
||||
let room_version = services.rooms.state.get_room_version(&body.room_id).await?;
|
||||
let create_event = services
|
||||
.rooms
|
||||
.state_accessor
|
||||
.get_room_create_event(&body.room_id)
|
||||
.await;
|
||||
let room_version_rules = room_version.rules().unwrap();
|
||||
|
||||
if !room_version_rules.authorization.knocking {
|
||||
return Err!(Request(Forbidden("Room version does not support knocking.")));
|
||||
}
|
||||
|
||||
let Ok((event_id, value)) = gen_event_id_canonical_json(&body.pdu, &room_version_rules)
|
||||
else {
|
||||
// Event could not be converted to canonical json
|
||||
return Err!(Request(InvalidParam("Could not convert event to canonical json.")));
|
||||
};
|
||||
|
||||
let event_type: StateEventType = serde_json::from_value(
|
||||
value
|
||||
.get("type")
|
||||
.ok_or_else(|| err!(Request(InvalidParam("Event has no event type."))))?
|
||||
.clone()
|
||||
.into(),
|
||||
let (mut event, target_membership, sender, target) = validate_any_membership_event(
|
||||
&services,
|
||||
&body.pdu,
|
||||
&room_version_rules,
|
||||
create_event.event_id().to_owned(),
|
||||
body.room_id.clone(),
|
||||
body.event_id.clone(),
|
||||
)
|
||||
.map_err(|e| err!(Request(InvalidParam("Event has invalid event type: {e}"))))?;
|
||||
.await?;
|
||||
|
||||
if event_type != StateEventType::RoomMember {
|
||||
return Err!(Request(InvalidParam(
|
||||
"Not allowed to send non-membership state event to knock endpoint.",
|
||||
)));
|
||||
if target_membership != MembershipState::Knock {
|
||||
return Err!(Request(InvalidParam("Invalid membership (expected `knock`)")));
|
||||
}
|
||||
|
||||
let content: RoomMemberEventContent = serde_json::from_value(
|
||||
value
|
||||
.get("content")
|
||||
.ok_or_else(|| err!(Request(InvalidParam("Membership event has no content"))))?
|
||||
.clone()
|
||||
.into(),
|
||||
)
|
||||
.map_err(|e| err!(Request(InvalidParam("Event has invalid membership content: {e}"))))?;
|
||||
|
||||
if content.membership != MembershipState::Knock {
|
||||
return Err!(Request(InvalidParam(
|
||||
"Not allowed to send a non-knock membership event to knock endpoint."
|
||||
)));
|
||||
}
|
||||
|
||||
// ACL check sender server name
|
||||
let sender: OwnedUserId = serde_json::from_value(
|
||||
value
|
||||
.get("sender")
|
||||
.ok_or_else(|| err!(Request(InvalidParam("Event has no sender user ID."))))?
|
||||
.clone()
|
||||
.into(),
|
||||
)
|
||||
.map_err(|e| err!(Request(BadJson("Event sender is not a valid user ID: {e}"))))?;
|
||||
|
||||
services
|
||||
.rooms
|
||||
.event_handler
|
||||
.acl_check(sender.server_name(), &body.room_id)
|
||||
.await?;
|
||||
|
||||
// check if origin server is trying to send for another server
|
||||
if sender.server_name() != body.identity {
|
||||
return Err!(Request(BadJson("Not allowed to knock on behalf of another server/user.")));
|
||||
return Err!(Request(InvalidParam("Sender belongs to a different server")));
|
||||
}
|
||||
if sender != target {
|
||||
return Err!(Request(InvalidParam("Sender does not match state key")));
|
||||
}
|
||||
|
||||
let state_key: OwnedUserId = serde_json::from_value(
|
||||
value
|
||||
.get("state_key")
|
||||
.ok_or_else(|| err!(Request(InvalidParam("Event does not have a state_key"))))?
|
||||
.clone()
|
||||
.into(),
|
||||
)
|
||||
.map_err(|e| err!(Request(BadJson("Event does not have a valid state_key: {e}"))))?;
|
||||
event.insert("event_id".to_owned(), body.event_id.as_str().into());
|
||||
|
||||
if state_key != sender {
|
||||
return Err!(Request(InvalidParam("state_key does not match sender user of event.")));
|
||||
}
|
||||
|
||||
let mut event: JsonObject = serde_json::from_str(body.pdu.get())
|
||||
.map_err(|e| err!(Request(InvalidParam("Invalid knock event PDU: {e}"))))?;
|
||||
|
||||
event.insert("event_id".to_owned(), "$placeholder".into());
|
||||
|
||||
let pdu: PduEvent = serde_json::from_value(event.into())
|
||||
let pdu = PduEvent::from_id_val(&body.event_id, event.clone())
|
||||
.map_err(|e| err!(Request(InvalidParam("Invalid knock event PDU: {e}"))))?;
|
||||
|
||||
let mutex_lock = services
|
||||
@@ -166,7 +98,7 @@ pub(crate) async fn create_knock_event_v1_route(
|
||||
let pdu_id = services
|
||||
.rooms
|
||||
.event_handler
|
||||
.handle_incoming_pdu(sender.server_name(), &body.room_id, &event_id, value.clone(), true)
|
||||
.handle_incoming_pdu(sender.server_name(), &body.room_id, &body.event_id, event, false)
|
||||
.boxed()
|
||||
.await?
|
||||
.ok_or_else(|| err!(Request(InvalidParam("Could not accept as timeline event."))))?;
|
||||
@@ -181,7 +113,7 @@ pub(crate) async fn create_knock_event_v1_route(
|
||||
let knock_room_state = services
|
||||
.rooms
|
||||
.state
|
||||
.summary_stripped(&pdu, &body.room_id, &sender)
|
||||
.summary_stripped(&pdu, &body.room_id, &sender, true)
|
||||
.await;
|
||||
|
||||
Ok(create_knock_event::v1::Response::new(knock_room_state))
|
||||
|
||||
+31
-104
@@ -1,18 +1,11 @@
|
||||
use axum::extract::State;
|
||||
use conduwuit::{Err, Result, err, info, matrix::event::gen_event_id_canonical_json};
|
||||
use conduwuit_service::Services;
|
||||
use conduwuit::{Err, Result, debug_info, err};
|
||||
use futures::FutureExt;
|
||||
use ruma::{
|
||||
OwnedRoomId, OwnedUserId, RoomId, ServerName,
|
||||
api::federation::membership::create_leave_event,
|
||||
events::{
|
||||
StateEventType,
|
||||
room::member::{MembershipState, RoomMemberEventContent},
|
||||
},
|
||||
api::federation::membership::create_leave_event, events::room::member::MembershipState,
|
||||
};
|
||||
use serde_json::value::RawValue as RawJsonValue;
|
||||
|
||||
use crate::Ruma;
|
||||
use crate::{Ruma, server::utils::validate_any_membership_event};
|
||||
|
||||
/// # `PUT /_matrix/federation/v2/send_leave/{roomId}/{eventId}`
|
||||
///
|
||||
@@ -21,17 +14,8 @@ pub(crate) async fn create_leave_event_v2_route(
|
||||
State(services): State<crate::State>,
|
||||
body: Ruma<create_leave_event::v2::Request>,
|
||||
) -> Result<create_leave_event::v2::Response> {
|
||||
create_leave_event(&services, &body.identity, &body.room_id, &body.pdu).await?;
|
||||
|
||||
Ok(create_leave_event::v2::Response::new())
|
||||
}
|
||||
|
||||
async fn create_leave_event(
|
||||
services: &Services,
|
||||
origin: &ServerName,
|
||||
room_id: &RoomId,
|
||||
pdu: &RawJsonValue,
|
||||
) -> Result {
|
||||
let room_id = body.room_id.as_ref();
|
||||
let origin = &body.identity;
|
||||
if !services.rooms.metadata.exists(room_id).await {
|
||||
return Err!(Request(NotFound("Room is unknown to this server.")));
|
||||
}
|
||||
@@ -42,9 +26,10 @@ async fn create_leave_event(
|
||||
.server_in_room(services.globals.server_name(), room_id)
|
||||
.await
|
||||
{
|
||||
info!(
|
||||
debug_info!(
|
||||
origin = origin.as_str(),
|
||||
"Refusing to serve backfill for room we aren't participating in"
|
||||
room_id = %room_id,
|
||||
"Refusing to send_leave for room we aren't participating in"
|
||||
);
|
||||
return Err!(Request(NotFound("This server is not participating in that room.")));
|
||||
}
|
||||
@@ -56,91 +41,31 @@ async fn create_leave_event(
|
||||
.acl_check(origin, room_id)
|
||||
.await?;
|
||||
|
||||
// We do not add the event_id field to the pdu here because of signature and
|
||||
// hashes checks
|
||||
let room_version = services.rooms.state.get_room_version(room_id).await?;
|
||||
let create_event = services
|
||||
.rooms
|
||||
.state_accessor
|
||||
.get_room_create_event(room_id)
|
||||
.await;
|
||||
let room_version_rules = room_version.rules().unwrap();
|
||||
|
||||
let Ok((event_id, value)) = gen_event_id_canonical_json(pdu, &room_version_rules) else {
|
||||
// Event could not be converted to canonical json
|
||||
return Err!(Request(BadJson("Could not convert event to canonical json.")));
|
||||
};
|
||||
|
||||
let event_room_id: OwnedRoomId = serde_json::from_value(
|
||||
serde_json::to_value(
|
||||
value
|
||||
.get("room_id")
|
||||
.ok_or_else(|| err!(Request(BadJson("Event missing room_id property."))))?,
|
||||
)
|
||||
.expect("CanonicalJson is valid json value"),
|
||||
let (value, membership, sender, target) = validate_any_membership_event(
|
||||
&services,
|
||||
&body.pdu,
|
||||
&room_version_rules,
|
||||
create_event.event_id.clone(),
|
||||
body.room_id.clone(),
|
||||
body.event_id.clone(),
|
||||
)
|
||||
.map_err(|e| err!(Request(BadJson(warn!("room_id field is not a valid room ID: {e}")))))?;
|
||||
|
||||
if event_room_id != room_id {
|
||||
return Err!(Request(BadJson("Event room_id does not match request path room ID.")));
|
||||
.await?;
|
||||
if membership != MembershipState::Leave {
|
||||
return Err!(Request(InvalidParam("Invalid membership (expected `leave`)")));
|
||||
}
|
||||
|
||||
let content: RoomMemberEventContent = serde_json::from_value(
|
||||
value
|
||||
.get("content")
|
||||
.ok_or_else(|| err!(Request(BadJson("Event missing content property."))))?
|
||||
.clone()
|
||||
.into(),
|
||||
)
|
||||
.map_err(|e| err!(Request(BadJson(warn!("Event content is empty or invalid: {e}")))))?;
|
||||
|
||||
if content.membership != MembershipState::Leave {
|
||||
return Err!(Request(BadJson(
|
||||
"Not allowed to send a non-leave membership event to leave endpoint."
|
||||
)));
|
||||
if sender.server_name() != body.identity {
|
||||
return Err!(Request(InvalidParam("Sender belongs to a different server")));
|
||||
}
|
||||
|
||||
let event_type: StateEventType = serde_json::from_value(
|
||||
value
|
||||
.get("type")
|
||||
.ok_or_else(|| err!(Request(BadJson("Event missing type property."))))?
|
||||
.clone()
|
||||
.into(),
|
||||
)
|
||||
.map_err(|e| err!(Request(BadJson(warn!("Event has invalid state event type: {e}")))))?;
|
||||
|
||||
if event_type != StateEventType::RoomMember {
|
||||
return Err!(Request(BadJson(
|
||||
"Not allowed to send non-membership state event to leave endpoint."
|
||||
)));
|
||||
}
|
||||
|
||||
// ACL check sender server name
|
||||
let sender: OwnedUserId = serde_json::from_value(
|
||||
value
|
||||
.get("sender")
|
||||
.ok_or_else(|| err!(Request(BadJson("Event missing sender property."))))?
|
||||
.clone()
|
||||
.into(),
|
||||
)
|
||||
.map_err(|e| err!(Request(BadJson(warn!("sender property is not a valid user ID: {e}")))))?;
|
||||
|
||||
services
|
||||
.rooms
|
||||
.event_handler
|
||||
.acl_check(sender.server_name(), room_id)
|
||||
.await?;
|
||||
|
||||
if sender.server_name() != origin {
|
||||
return Err!(Request(BadJson("Not allowed to leave on behalf of another server/user.")));
|
||||
}
|
||||
|
||||
let state_key: OwnedUserId = serde_json::from_value(
|
||||
value
|
||||
.get("state_key")
|
||||
.ok_or_else(|| err!(Request(BadJson("Event missing state_key property."))))?
|
||||
.clone()
|
||||
.into(),
|
||||
)
|
||||
.map_err(|e| err!(Request(BadJson(warn!("State key is not a valid user ID: {e}")))))?;
|
||||
|
||||
if state_key != sender {
|
||||
return Err!(Request(BadJson("State key does not match sender user.")));
|
||||
if sender != target {
|
||||
return Err!(Request(InvalidParam("Sender does not match state key")));
|
||||
}
|
||||
|
||||
let mutex_lock = services
|
||||
@@ -153,7 +78,7 @@ async fn create_leave_event(
|
||||
let pdu_id = services
|
||||
.rooms
|
||||
.event_handler
|
||||
.handle_incoming_pdu(origin, room_id, &event_id, value, true)
|
||||
.handle_incoming_pdu(origin, room_id, &body.event_id, value, false)
|
||||
.boxed()
|
||||
.await?
|
||||
.ok_or_else(|| err!(Request(InvalidParam("Could not accept as timeline event."))))?;
|
||||
@@ -164,5 +89,7 @@ async fn create_leave_event(
|
||||
.sending
|
||||
.send_pdu_room(room_id, &pdu_id)
|
||||
.boxed()
|
||||
.await
|
||||
.await?;
|
||||
|
||||
Ok(create_leave_event::v2::Response::new())
|
||||
}
|
||||
|
||||
+136
-2
@@ -1,7 +1,10 @@
|
||||
use conduwuit::{Err, Result, is_false};
|
||||
use conduwuit::{Err, Result, err, is_false};
|
||||
use conduwuit_service::Services;
|
||||
use futures::{FutureExt, future::OptionFuture, join};
|
||||
use ruma::{EventId, RoomId, ServerName};
|
||||
use ruma::{
|
||||
CanonicalJsonObject, EventId, OwnedEventId, OwnedRoomId, OwnedUserId, RoomId, ServerName,
|
||||
UserId, events::room::member::MembershipState, room_version_rules::RoomVersionRules,
|
||||
};
|
||||
|
||||
pub(super) struct AccessCheck<'a> {
|
||||
pub(super) services: &'a Services,
|
||||
@@ -63,3 +66,134 @@ pub(super) async fn assert(&self) -> Result {
|
||||
Ok(())
|
||||
}
|
||||
}
|
||||
|
||||
/// Performs validation on a membership event that should be run on any event a
|
||||
/// remote is trying to send via us.
|
||||
///
|
||||
/// ## Checks performed
|
||||
///
|
||||
/// 1. PDU room ID matches request path room ID
|
||||
/// 2. PDU event ID matches request path event ID
|
||||
/// 3. Signature check
|
||||
/// 4. Event type check
|
||||
/// 5. `sender` field presence (and parsing)
|
||||
/// 6. `state_key` field presence (and parsing)
|
||||
/// 7. PDU room format check (PDU check 1)
|
||||
///
|
||||
/// ## Returns
|
||||
///
|
||||
/// A resulting tuple of (PDU JSON, target membership state, sender, recipient).
|
||||
pub(crate) async fn validate_any_membership_event(
|
||||
services: &crate::State,
|
||||
body: &serde_json::value::RawValue,
|
||||
room_version_rules: &RoomVersionRules,
|
||||
create_event_id: OwnedEventId,
|
||||
expected_room_id: OwnedRoomId,
|
||||
expected_event_id: OwnedEventId,
|
||||
) -> Result<(CanonicalJsonObject, MembershipState, OwnedUserId, OwnedUserId)> {
|
||||
let (template_room_id, template_event_id, mut pdu) = services
|
||||
.rooms
|
||||
.event_handler
|
||||
.parse_incoming_pdu(body, Some(room_version_rules))
|
||||
.await
|
||||
.map_err(|e| err!(Request(BadJson("Invalid membership PDU: {e}"))))?;
|
||||
|
||||
if template_room_id != expected_room_id {
|
||||
return Err!(Request(InvalidParam("Membership event does not belong to requested room")));
|
||||
}
|
||||
if template_event_id != expected_event_id {
|
||||
return Err!(Request(InvalidParam(debug_warn!(
|
||||
%template_event_id,
|
||||
%expected_event_id,
|
||||
"Membership event ID does not match provided event ID"
|
||||
))));
|
||||
}
|
||||
|
||||
// Only `join` events carry `join_authorised_via_users_server`; co-sign
|
||||
// restricted joins so verification passes. Authorisation is enforced in
|
||||
// create_join_event.
|
||||
let membership_is_join = pdu
|
||||
.get("content")
|
||||
.and_then(|v| v.as_object())
|
||||
.and_then(|c| c.get("membership"))
|
||||
.and_then(|v| v.as_str())
|
||||
.is_some_and(|m| m == "join");
|
||||
|
||||
let authorising_user = pdu
|
||||
.get("content")
|
||||
.and_then(|v| v.as_object())
|
||||
.and_then(|c| c.get("join_authorised_via_users_server"))
|
||||
.and_then(|v| v.as_str())
|
||||
.map(UserId::parse)
|
||||
.and_then(Result::ok);
|
||||
|
||||
if room_version_rules.authorization.restricted_join_rule
|
||||
&& membership_is_join
|
||||
&& let Some(authorising_user) = authorising_user
|
||||
&& services.globals.user_is_local(&authorising_user)
|
||||
{
|
||||
services
|
||||
.server_keys
|
||||
.hash_and_sign_event(&mut pdu, room_version_rules)
|
||||
.map_err(|e| {
|
||||
err!(Request(InvalidParam("Failed to sign restricted join event: {e}")))
|
||||
})?;
|
||||
}
|
||||
|
||||
services
|
||||
.server_keys
|
||||
.verify_event(&pdu, room_version_rules)
|
||||
.await
|
||||
.map_err(|e| {
|
||||
err!(Request(InvalidParam("Signature verification failed on membership event: {e}")))
|
||||
})?;
|
||||
|
||||
// Ensure this is a membership event
|
||||
if pdu
|
||||
.get("type")
|
||||
.expect("event must have a type")
|
||||
.as_str()
|
||||
.expect("type must be a string")
|
||||
!= "m.room.member"
|
||||
{
|
||||
return Err!(Request(BadJson(
|
||||
"Not allowed to send non-membership event to this endpoint"
|
||||
)));
|
||||
}
|
||||
let membership = pdu
|
||||
.get("content")
|
||||
.ok_or_else(|| err!(Request(BadJson("Event missing content property"))))?
|
||||
.as_object()
|
||||
.ok_or_else(|| err!(Request(BadJson("Event content is not an object"))))?
|
||||
.get("membership")
|
||||
.ok_or_else(|| err!(Request(BadJson("Event missing membership property"))))?
|
||||
.as_str()
|
||||
.ok_or_else(|| err!(Request(BadJson("Event is not a string"))))?
|
||||
.to_owned();
|
||||
|
||||
let sender_user = pdu
|
||||
.get("sender")
|
||||
.and_then(|v| v.as_str())
|
||||
.map(UserId::parse)
|
||||
.and_then(Result::ok)
|
||||
.ok_or_else(|| err!(Request(InvalidParam("Invalid sender property"))))?;
|
||||
let recipient_user = pdu
|
||||
.get("state_key")
|
||||
.and_then(|v| v.as_str())
|
||||
.map(UserId::parse)
|
||||
.and_then(Result::ok)
|
||||
.ok_or_else(|| err!(Request(InvalidParam("Invalid state_key property"))))?;
|
||||
|
||||
// Do a quick format check. The spec doesn't suggest this, but it's probably
|
||||
// a good idea nonetheless.
|
||||
service::rooms::event_handler::Service::pdu_format_check_1(
|
||||
&pdu,
|
||||
room_version_rules,
|
||||
&create_event_id,
|
||||
)
|
||||
.map_err(|e| {
|
||||
err!(Request(InvalidParam("Membership event violates the room event format: {e}")))
|
||||
})?;
|
||||
|
||||
Ok((pdu, membership.into(), sender_user, recipient_user))
|
||||
}
|
||||
|
||||
@@ -2442,6 +2442,7 @@ pub struct OauthConfig {
|
||||
/// legacy authentication will be unable to log in.
|
||||
///
|
||||
/// default: "hybrid"
|
||||
#[serde(default)]
|
||||
compatibility_mode: OAuthMode,
|
||||
|
||||
/// display: hidden
|
||||
|
||||
@@ -149,6 +149,14 @@ macro_rules! err_log {
|
||||
#[macro_export]
|
||||
#[collapse_debuginfo(yes)]
|
||||
macro_rules! err_lev {
|
||||
(debug_info) => {
|
||||
if $crate::debug::logging() {
|
||||
$crate::tracing::Level::INFO
|
||||
} else {
|
||||
$crate::tracing::Level::DEBUG
|
||||
}
|
||||
};
|
||||
|
||||
(debug_warn) => {
|
||||
if $crate::debug::logging() {
|
||||
$crate::tracing::Level::WARN
|
||||
|
||||
+22
-8
@@ -1,10 +1,10 @@
|
||||
use std::{any::Any, sync::Arc, time::Duration};
|
||||
|
||||
use axum::{
|
||||
Router,
|
||||
extract::{DefaultBodyLimit, MatchedPath},
|
||||
Router, extract,
|
||||
extract::{DefaultBodyLimit, FromRequestParts, MatchedPath},
|
||||
};
|
||||
use axum_client_ip::ClientIpSource;
|
||||
use axum_client_ip::{ClientIp, ClientIpSource};
|
||||
use conduwuit::{Result, Server, debug, error};
|
||||
use conduwuit_service::{Services, state::Guard};
|
||||
use http::{
|
||||
@@ -20,7 +20,6 @@
|
||||
timeout::{RequestBodyTimeoutLayer, ResponseBodyTimeoutLayer, TimeoutLayer},
|
||||
trace::{DefaultOnFailure, DefaultOnRequest, DefaultOnResponse, TraceLayer},
|
||||
};
|
||||
use tracing::Level;
|
||||
|
||||
use crate::{request, router};
|
||||
|
||||
@@ -67,15 +66,16 @@ pub(crate) fn build(services: &Arc<Services>) -> Result<(Router, Guard)> {
|
||||
let services_ = services.clone();
|
||||
let layers = layers
|
||||
.layer(SetSensitiveHeadersLayer::new([header::AUTHORIZATION]))
|
||||
.layer(client_ip_layer.into_extension())
|
||||
.layer(
|
||||
TraceLayer::new_for_http()
|
||||
.make_span_with(tracing_span::<_>)
|
||||
.on_failure(DefaultOnFailure::new().level(Level::ERROR))
|
||||
.on_request(DefaultOnRequest::new().level(Level::TRACE))
|
||||
.on_response(DefaultOnResponse::new().level(Level::DEBUG)),
|
||||
.on_failure(DefaultOnFailure::new().level(tracing::Level::ERROR))
|
||||
.on_request(DefaultOnRequest::new().level(tracing::Level::TRACE))
|
||||
.on_response(DefaultOnResponse::new().level(tracing::Level::DEBUG)),
|
||||
)
|
||||
.layer(axum::middleware::from_fn(request_ip))
|
||||
.layer(axum::middleware::from_fn_with_state(Arc::clone(services), request::handle))
|
||||
.layer(client_ip_layer.into_extension())
|
||||
.layer(ResponseBodyTimeoutLayer::new(Duration::from_secs(
|
||||
server.config.client_response_timeout,
|
||||
)))
|
||||
@@ -230,11 +230,25 @@ fn tracing_span<T>(request: &http::Request<T>) -> tracing::Span {
|
||||
parent: None,
|
||||
debug::INFO_SPAN_LEVEL,
|
||||
"router",
|
||||
ip=tracing::field::Empty,
|
||||
method = %request.method(),
|
||||
%path,
|
||||
}
|
||||
}
|
||||
|
||||
/// Annotates the tracing span with the client IP
|
||||
async fn request_ip(
|
||||
request: extract::Request,
|
||||
next: axum::middleware::Next,
|
||||
) -> axum::response::Response {
|
||||
let (mut parts, body) = request.into_parts();
|
||||
if let Ok(ip) = ClientIp::from_request_parts(&mut parts, &()).await {
|
||||
let span = tracing::Span::current();
|
||||
span.record("ip", ip.0.to_string());
|
||||
}
|
||||
next.run(extract::Request::from_parts(parts, body)).await
|
||||
}
|
||||
|
||||
fn request_path_str<T>(request: &http::Request<T>) -> &str {
|
||||
request
|
||||
.uri()
|
||||
|
||||
@@ -219,7 +219,7 @@ fn configure_output_err(mut output: MadSkin) -> MadSkin {
|
||||
use termimad::{Alignment, CompoundStyle, LineStyle, crossterm::style::Color};
|
||||
|
||||
let code_style = CompoundStyle::with_fgbg(Color::AnsiValue(196), Color::AnsiValue(234));
|
||||
output.inline_code = code_style.clone();
|
||||
output.inline_code = code_style;
|
||||
output.code_block = LineStyle {
|
||||
left_margin: 0,
|
||||
right_margin: 0,
|
||||
@@ -234,7 +234,7 @@ fn configure_output(mut output: MadSkin) -> MadSkin {
|
||||
use termimad::{Alignment, CompoundStyle, LineStyle, crossterm::style::Color};
|
||||
|
||||
let code_style = CompoundStyle::with_fgbg(Color::AnsiValue(40), Color::AnsiValue(234));
|
||||
output.inline_code = code_style.clone();
|
||||
output.inline_code = code_style;
|
||||
output.code_block = LineStyle {
|
||||
left_margin: 0,
|
||||
right_margin: 0,
|
||||
|
||||
@@ -1,4 +1,6 @@
|
||||
use conduwuit::{Err, Result, debug, debug_info, error, info};
|
||||
use std::io::IsTerminal;
|
||||
|
||||
use conduwuit::{Err, Result, debug, debug_info, error, info, warn};
|
||||
use ruma::events::room::message::RoomMessageEventContent;
|
||||
use tokio::time::{Duration, sleep};
|
||||
|
||||
@@ -7,10 +9,16 @@
|
||||
pub(super) const SIGNAL: &str = "SIGUSR2";
|
||||
|
||||
impl super::Service {
|
||||
/// Possibly spawn the terminal console at startup if configured.
|
||||
/// Possibly spawn the terminal console at startup if configured and a TTY
|
||||
/// is available.
|
||||
pub(super) async fn console_auto_start(&self) {
|
||||
#[cfg(feature = "console")]
|
||||
if self.services.server.config.admin_console_automatic {
|
||||
if !std::io::stdin().is_terminal() {
|
||||
warn!("Console enabled without a tty available; Not enabling console");
|
||||
return;
|
||||
}
|
||||
|
||||
// Allow more of the startup sequence to execute before spawning
|
||||
tokio::task::yield_now().await;
|
||||
self.console.start().await;
|
||||
|
||||
@@ -134,7 +134,7 @@ async fn check(&self) -> Result<()> {
|
||||
let response = self
|
||||
.services
|
||||
.client
|
||||
.default
|
||||
.external_resource
|
||||
.get(CHECK_FOR_ANNOUNCEMENTS_URL)
|
||||
.send()
|
||||
.await?
|
||||
|
||||
@@ -224,6 +224,15 @@ pub async fn is_exclusive_user_id(&self, user_id: &UserId) -> bool {
|
||||
.any(|info| info.is_exclusive_user_match(user_id))
|
||||
}
|
||||
|
||||
/// Checks if a given user id matches any appservice regex, exclusive or
|
||||
/// otherwise
|
||||
pub async fn is_user_id(&self, user_id: &UserId) -> bool {
|
||||
self.read()
|
||||
.await
|
||||
.values()
|
||||
.any(|info| info.is_user_match(user_id))
|
||||
}
|
||||
|
||||
/// Checks if a given room alias matches any exclusive appservice regex
|
||||
pub async fn is_exclusive_alias(&self, alias: &RoomAliasId) -> bool {
|
||||
self.read()
|
||||
|
||||
+14
-19
@@ -16,9 +16,9 @@ pub struct Service {
|
||||
pub matrix_resolver: Arc<MatrixResolver>,
|
||||
pub dns_resolver: Arc<TokioResolver>,
|
||||
|
||||
pub default: reqwest::Client,
|
||||
pub dns: reqwest::Client,
|
||||
pub url_preview: reqwest::Client,
|
||||
pub extern_media: reqwest::Client,
|
||||
pub external_resource: reqwest::Client,
|
||||
pub federation: reqwest::Client,
|
||||
pub federation_slow: reqwest::Client,
|
||||
pub sender: reqwest::Client,
|
||||
@@ -35,17 +35,17 @@ fn build(args: crate::Args<'_>) -> Result<Arc<Self>> {
|
||||
|
||||
let dns_resolver = get_dns_resolver(args.server)?;
|
||||
|
||||
let dns_client = base(&args.server.config)?
|
||||
.connect_timeout(Duration::from_secs(args.server.config.well_known_conn_timeout))
|
||||
.read_timeout(Duration::from_secs(args.server.config.well_known_timeout))
|
||||
.timeout(Duration::from_secs(args.server.config.well_known_timeout))
|
||||
.pool_max_idle_per_host(0)
|
||||
.redirect(redirect::Policy::limited(4))
|
||||
.build()?;
|
||||
|
||||
let matrix_resolver = Arc::new(MatrixResolverBuilder::new()
|
||||
.dangerous_tls_accept_invalid_certs(args.server.config.allow_invalid_tls_certificates_yes_i_know_what_the_fuck_i_am_doing_with_this_and_i_know_this_is_insecure)
|
||||
.http_client(
|
||||
base(&args.server.config)?
|
||||
.connect_timeout(Duration::from_secs(args.server.config.well_known_conn_timeout))
|
||||
.read_timeout(Duration::from_secs(args.server.config.well_known_timeout))
|
||||
.timeout(Duration::from_secs(args.server.config.well_known_timeout))
|
||||
.pool_max_idle_per_host(0)
|
||||
.redirect(redirect::Policy::limited(4))
|
||||
.build()?
|
||||
)
|
||||
.http_client(dns_client.clone())
|
||||
.dns_resolver(dns_resolver.clone())
|
||||
.build()?);
|
||||
let matrix_dns_resolver = matrix_resolver.create_dns_resolver();
|
||||
@@ -69,23 +69,19 @@ fn build(args: crate::Args<'_>) -> Result<Arc<Self>> {
|
||||
matrix_resolver,
|
||||
dns_resolver,
|
||||
|
||||
default: base(config)?
|
||||
.dns_resolver(matrix_dns_resolver.clone())
|
||||
.build()?,
|
||||
dns: dns_client,
|
||||
|
||||
url_preview: base(config)
|
||||
.and_then(|builder| {
|
||||
builder_interface(builder, url_preview_bind_iface.as_deref())
|
||||
})?
|
||||
.local_address(url_preview_bind_addr)
|
||||
.dns_resolver(matrix_dns_resolver.clone())
|
||||
.timeout(Duration::from_secs(config.url_preview_timeout))
|
||||
.redirect(redirect::Policy::limited(3))
|
||||
.user_agent(url_preview_user_agent)
|
||||
.build()?,
|
||||
|
||||
extern_media: base(config)?
|
||||
.dns_resolver(matrix_dns_resolver.clone())
|
||||
external_resource: base(config)?
|
||||
.redirect(redirect::Policy::limited(3))
|
||||
.build()?,
|
||||
|
||||
@@ -128,7 +124,7 @@ fn build(args: crate::Args<'_>) -> Result<Arc<Self>> {
|
||||
.build()?,
|
||||
|
||||
appservice: base(config)?
|
||||
.dns_resolver(matrix_dns_resolver.clone())
|
||||
.dns_resolver(matrix_dns_resolver)
|
||||
.connect_timeout(Duration::from_secs(5))
|
||||
.read_timeout(Duration::from_secs(config.appservice_timeout))
|
||||
.timeout(Duration::from_secs(config.appservice_timeout))
|
||||
@@ -138,7 +134,6 @@ fn build(args: crate::Args<'_>) -> Result<Arc<Self>> {
|
||||
.build()?,
|
||||
|
||||
pusher: base(config)?
|
||||
.dns_resolver(matrix_dns_resolver)
|
||||
.connect_timeout(Duration::from_secs(config.pusher_conn_timeout))
|
||||
.timeout(Duration::from_secs(config.pusher_timeout))
|
||||
.pool_max_idle_per_host(1)
|
||||
|
||||
@@ -260,7 +260,7 @@ async fn location_request(&self, location: &str) -> Result<FileMeta> {
|
||||
let response = self
|
||||
.services
|
||||
.client
|
||||
.extern_media
|
||||
.external_resource
|
||||
.get(location)
|
||||
.send()
|
||||
.await?;
|
||||
|
||||
@@ -829,7 +829,7 @@ async fn fix_local_invite_state(services: &Services) -> Result {
|
||||
&& services.globals.user_is_local(&membership_event.sender) {
|
||||
|
||||
// build and save stripped state for their invite in the database
|
||||
let stripped_state = services.rooms.state.summary_stripped(&membership_event, &room_id, &user_id).await;
|
||||
let stripped_state = services.rooms.state.summary_stripped(&membership_event, &room_id, &user_id, false).await;
|
||||
userroomid_invitestate.put((&user_id, &room_id), Json(stripped_state));
|
||||
fixed = fixed.saturating_add(1);
|
||||
}
|
||||
@@ -867,7 +867,7 @@ async fn split_userid_password(services: &Services) -> Result {
|
||||
userid_password.remove(&user_id);
|
||||
remote_users = remote_users.saturating_add(1);
|
||||
} else if hash.is_empty() {
|
||||
if !(services.appservice.is_exclusive_user_id(&user_id).await
|
||||
if !(services.appservice.is_user_id(&user_id).await
|
||||
|| user_id == services.globals.server_user)
|
||||
{
|
||||
info!("Marking {user_id} as deactivated");
|
||||
@@ -882,7 +882,7 @@ async fn split_userid_password(services: &Services) -> Result {
|
||||
drop(cork);
|
||||
info!(?remote_users, "Split userid_password.");
|
||||
|
||||
db["global"].insert(FIXED_LOCAL_INVITE_STATE_MARKER, []);
|
||||
db["global"].insert(SPLIT_USERID_PASSWORD, []);
|
||||
db.db.sort()?;
|
||||
Ok(())
|
||||
}
|
||||
@@ -895,5 +895,7 @@ async fn obliterate_roomsynctoken_shortstatehash_with_extreme_prejudice(
|
||||
|
||||
info!("Cleared roomsynctoken_shortstatehash.");
|
||||
|
||||
services.db["global"].insert(DROP_ROOMSYNCTOKEN_SHORTSTATEHASH, []);
|
||||
|
||||
Ok(())
|
||||
}
|
||||
|
||||
@@ -25,7 +25,7 @@
|
||||
OAuthError, ResponseMode, Scope, TokenRequest, TokenResponse, TokenType,
|
||||
},
|
||||
},
|
||||
users,
|
||||
users::{self, DeviceToken},
|
||||
};
|
||||
|
||||
pub mod client_metadata;
|
||||
@@ -343,7 +343,7 @@ async fn create_session(
|
||||
client_name: Option<String>,
|
||||
client_id: String,
|
||||
) -> Result<TokenResponse, OAuthError> {
|
||||
let access_token = Self::generate_token();
|
||||
let access_token = DeviceToken::new_random().with_max_age(Self::ACCESS_TOKEN_MAX_AGE);
|
||||
let refresh_token = Self::generate_token();
|
||||
|
||||
let device_id = requested_scopes
|
||||
@@ -376,8 +376,7 @@ async fn create_session(
|
||||
.create_device(
|
||||
&authorizing_user,
|
||||
device_id,
|
||||
&access_token,
|
||||
Some(Self::ACCESS_TOKEN_MAX_AGE),
|
||||
Some(access_token.clone()),
|
||||
client_name,
|
||||
None,
|
||||
)
|
||||
@@ -413,7 +412,7 @@ async fn create_session(
|
||||
);
|
||||
|
||||
Ok(TokenResponse {
|
||||
access_token,
|
||||
access_token: access_token.into_token(),
|
||||
token_type: TokenType::Bearer,
|
||||
expires_in: Self::ACCESS_TOKEN_MAX_AGE.as_secs(),
|
||||
scope: requested_scopes.iter().join(" "),
|
||||
@@ -449,7 +448,7 @@ async fn refresh_session(
|
||||
|
||||
assert_eq!(&client_id, &session_info.client_id, "session info client id mismatch");
|
||||
|
||||
let new_access_token = Self::generate_token();
|
||||
let new_access_token = DeviceToken::new_random().with_max_age(Self::ACCESS_TOKEN_MAX_AGE);
|
||||
let new_refresh_token = Self::generate_token();
|
||||
let scope = session_info.scopes.iter().join(" ");
|
||||
session_info
|
||||
@@ -461,8 +460,7 @@ async fn refresh_session(
|
||||
.set_token(
|
||||
&refresh_token_info.user_id,
|
||||
&refresh_token_info.device_id,
|
||||
&new_access_token,
|
||||
Some(Self::ACCESS_TOKEN_MAX_AGE),
|
||||
new_access_token.clone(),
|
||||
)
|
||||
.await
|
||||
.expect("should be able to set token");
|
||||
@@ -479,7 +477,7 @@ async fn refresh_session(
|
||||
.raw_put(&new_refresh_token, Json(refresh_token_info));
|
||||
|
||||
Ok(TokenResponse {
|
||||
access_token: new_access_token,
|
||||
access_token: new_access_token.into_token(),
|
||||
token_type: TokenType::Bearer,
|
||||
expires_in: Self::ACCESS_TOKEN_MAX_AGE.as_secs(),
|
||||
scope,
|
||||
|
||||
+39
-6
@@ -115,6 +115,21 @@ pub enum SessionCompletionStatus {
|
||||
Complete(OwnedUserId),
|
||||
}
|
||||
|
||||
pub enum ClaimedLocalUser {
|
||||
/// The claim refers to an existing user.
|
||||
Existing(OwnedUserId),
|
||||
/// The claim refers to a new user ID which should be registered.
|
||||
New(OwnedUserId),
|
||||
}
|
||||
|
||||
impl ClaimedLocalUser {
|
||||
fn into_user_id(self) -> OwnedUserId {
|
||||
match self {
|
||||
| Self::Existing(user_id) | Self::New(user_id) => user_id,
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
#[async_trait]
|
||||
impl crate::Service for Service {
|
||||
fn build(args: crate::Args<'_>) -> Result<Arc<Self>> {
|
||||
@@ -136,6 +151,7 @@ fn build(args: crate::Args<'_>) -> Result<Arc<Self>> {
|
||||
config: config.clone(),
|
||||
client_secret: if let Some(client_secret_file) = &config.client_secret_file {
|
||||
std::fs::read_to_string(client_secret_file)
|
||||
.map(|client_secret| client_secret.trim().to_owned())
|
||||
.map(ClientSecret::new)
|
||||
.map_err(|err| err!("Failed to read OIDC client secret file: {err}"))?
|
||||
} else if let Some(client_secret) = &config.client_secret {
|
||||
@@ -303,7 +319,7 @@ pub async fn complete_session(
|
||||
.expect("claims should be an object")
|
||||
.to_owned();
|
||||
|
||||
debug!(?all_claims);
|
||||
debug!(?all_claims, "Got claims from the identity provider");
|
||||
|
||||
let subject = claims.subject().as_str();
|
||||
|
||||
@@ -326,14 +342,13 @@ pub async fn complete_session(
|
||||
.get(&config.preferred_username_claim)
|
||||
.and_then(|claim| claim.as_str())
|
||||
{
|
||||
self.services
|
||||
.users
|
||||
.determine_registration_user_id(Some(preferred_username.to_owned()), None, None)
|
||||
self.identify_claimed_local_user(preferred_username)
|
||||
.await
|
||||
.map(ClaimedLocalUser::into_user_id)
|
||||
.map_err(|err| {
|
||||
error!("Preferred username claim is not a valid localpart: {err}");
|
||||
"Your preferred username is not a valid Matrix user ID localpart. Contact \
|
||||
your homeserver's administrator."
|
||||
"Your preferred username could not be converted to a valid Matrix user ID. \
|
||||
Contact your homeserver's administrator."
|
||||
})?
|
||||
} else {
|
||||
error!("Preferred username claim was not present or was not a string");
|
||||
@@ -482,4 +497,22 @@ pub fn link_user(&self, user_id: &UserId, subject: &str) {
|
||||
}
|
||||
|
||||
pub fn unlink_user(&self, subject: &str) { self.db.openidsubject_localpart.remove(subject); }
|
||||
|
||||
/// Determine what user ID a localpart claim refers to.
|
||||
pub async fn identify_claimed_local_user(&self, claim: &str) -> Result<ClaimedLocalUser> {
|
||||
if let Ok(user_id) =
|
||||
UserId::parse(format!("@{}:{}", claim, self.services.globals.server_name()))
|
||||
&& self.services.users.status(&user_id).await.is_active()
|
||||
{
|
||||
Ok(ClaimedLocalUser::Existing(user_id))
|
||||
} else {
|
||||
let user_id = self
|
||||
.services
|
||||
.users
|
||||
.determine_registration_user_id(Some(claim.to_owned()), None, None)
|
||||
.await?;
|
||||
|
||||
Ok(ClaimedLocalUser::New(user_id))
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -14,6 +14,7 @@ pub async fn acl_check(&self, server_name: &ServerName, room_id: &RoomId) -> Res
|
||||
.await
|
||||
.map(|c: RoomServerAclEventContent| c)
|
||||
else {
|
||||
trace!("Room has no ACL, allowing");
|
||||
return Ok(());
|
||||
};
|
||||
|
||||
|
||||
@@ -1,5 +1,6 @@
|
||||
use std::{
|
||||
collections::{HashMap, HashSet, VecDeque},
|
||||
fmt::{Display, Formatter},
|
||||
time::Instant,
|
||||
};
|
||||
|
||||
@@ -33,6 +34,20 @@ pub enum DagBuilderTree {
|
||||
AuthEvents,
|
||||
}
|
||||
|
||||
impl DagBuilderTree {
|
||||
#[must_use]
|
||||
pub fn as_str(&self) -> &str {
|
||||
match self {
|
||||
| Self::AuthEvents => "auth_events",
|
||||
| Self::PrevEvents => "prev_events",
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
impl Display for DagBuilderTree {
|
||||
fn fmt(&self, f: &mut Formatter<'_>) -> std::fmt::Result { f.write_str(self.as_str()) }
|
||||
}
|
||||
|
||||
/// Attempts to build a localised directed acyclic graph out of the given PDUs,
|
||||
/// returning them in a topologically sorted order.
|
||||
///
|
||||
@@ -42,23 +57,22 @@ pub enum DagBuilderTree {
|
||||
/// not account for power levels or other tie breaks.
|
||||
#[allow(clippy::implicit_hasher)]
|
||||
pub async fn build_local_dag(
|
||||
pdu_map: &HashMap<OwnedEventId, &CanonicalJsonObject>,
|
||||
pdu_map: &HashMap<OwnedEventId, CanonicalJsonObject>,
|
||||
tree: DagBuilderTree,
|
||||
) -> Result<Vec<OwnedEventId>> {
|
||||
debug_assert!(pdu_map.len() >= 2, "needless call to build_local_dag with less than 2 PDUs");
|
||||
if pdu_map.len() <= 1 {
|
||||
return Ok(pdu_map.keys().cloned().collect());
|
||||
}
|
||||
|
||||
let mut dag: HashMap<OwnedEventId, HashSet<OwnedEventId>> =
|
||||
HashMap::with_capacity(pdu_map.len());
|
||||
let mut id_origin_ts: HashMap<OwnedEventId, _> = HashMap::with_capacity(pdu_map.len());
|
||||
let tree = match tree {
|
||||
| DagBuilderTree::AuthEvents => "auth_events",
|
||||
| DagBuilderTree::PrevEvents => "prev_events",
|
||||
};
|
||||
|
||||
for (event_id, value) in pdu_map {
|
||||
// Parse all prev events as event IDs - if they are missing, return an error (we
|
||||
// can't sanely continue in this case), otherwise skip invalid prev events.
|
||||
let prev_events = value
|
||||
.get(tree)
|
||||
.get(tree.as_str())
|
||||
.and_then(CanonicalJsonValue::as_array)
|
||||
.ok_or_else(|| err!(Request(BadJson("event JSON for {event_id} is missing {tree}"))))?
|
||||
.iter()
|
||||
@@ -227,7 +241,7 @@ pub async fn get_missing_events(
|
||||
|
||||
latest_events.clear();
|
||||
for raw_event in response.events {
|
||||
let (_, event_id, pdu_json) = self.parse_incoming_pdu(&raw_event).await?;
|
||||
let (_, event_id, pdu_json) = self.parse_incoming_pdu(&raw_event, None).await?;
|
||||
let pdu = PduEvent::from_id_val(&event_id, pdu_json).map_err(|e| {
|
||||
err!(Request(BadJson("Failed to parse gapfilled event {event_id}: {e}")))
|
||||
})?;
|
||||
@@ -370,8 +384,8 @@ async fn fetch_event_via(
|
||||
.send_federation_request(&remote, get_event::v1::Request::new(event_id.clone()))
|
||||
.await?;
|
||||
|
||||
let (calculated_event_id, value) = self
|
||||
.parse_incoming_pdu_with_known_room(&res.pdu, room_version_rules)
|
||||
let (_, calculated_event_id, value) = self
|
||||
.parse_incoming_pdu(&res.pdu, Some(room_version_rules))
|
||||
.await?;
|
||||
|
||||
if calculated_event_id != event_id {
|
||||
@@ -538,11 +552,7 @@ pub(super) async fn fetch_and_handle_auth_events<Pdu>(
|
||||
}
|
||||
}
|
||||
|
||||
let refmap: HashMap<OwnedEventId, &CanonicalJsonObject> = discovered_events
|
||||
.iter()
|
||||
.map(|(id, data)| (id.clone(), data))
|
||||
.collect();
|
||||
let seeded_ordered = build_local_dag(&refmap, DagBuilderTree::AuthEvents)
|
||||
let seeded_ordered = build_local_dag(&discovered_events, DagBuilderTree::AuthEvents)
|
||||
.await
|
||||
.expect("failed to build local DAG");
|
||||
let mut pdus = HashMap::with_capacity(seeded_ordered.len());
|
||||
|
||||
@@ -1,9 +1,8 @@
|
||||
use std::collections::{HashMap, hash_map};
|
||||
|
||||
use conduwuit::{Err, Event, EventTypeExt, PduEvent, Result, err};
|
||||
use conduwuit::{Err, Event, EventTypeExt, PduEvent, Result, err, warn};
|
||||
use ruma::{
|
||||
CanonicalJsonObject, OwnedEventId, ServerName,
|
||||
api::federation::authorization::get_event_authorization,
|
||||
OwnedEventId, ServerName, api::federation::authorization::get_event_authorization,
|
||||
room_version_rules::RoomVersionRules,
|
||||
};
|
||||
use tokio::join;
|
||||
@@ -49,17 +48,52 @@ pub(super) async fn fetch_and_persist_event_auth<Pdu>(
|
||||
let mut auth_chain_map = HashMap::with_capacity(event_auth.auth_chain.len());
|
||||
|
||||
for auth_pdu_json in event_auth.auth_chain {
|
||||
let (auth_event_room_id, auth_event_id, auth_pdu_json) =
|
||||
self.parse_incoming_pdu(&auth_pdu_json).await?;
|
||||
let (auth_event_room_id, auth_event_id, auth_pdu_json) = match self
|
||||
.parse_incoming_pdu(&auth_pdu_json, Some(room_version_rules))
|
||||
.await
|
||||
{
|
||||
| Ok(parsed) => parsed,
|
||||
| Err(e) => {
|
||||
warn!(error=?e, "Dropping auth chain event as it could not be parsed");
|
||||
continue;
|
||||
},
|
||||
};
|
||||
if let Err(e) = Self::pdu_format_check_1(
|
||||
&auth_pdu_json,
|
||||
room_version_rules,
|
||||
create_event.event_id(),
|
||||
) {
|
||||
// drop this PDU
|
||||
warn!(%auth_event_id, error=?e, "Dropping auth chain event as it violates the room event format");
|
||||
continue;
|
||||
}
|
||||
let auth_pdu_json = match self
|
||||
.signature_hash_check_2_3(auth_pdu_json, room_version_rules)
|
||||
.await
|
||||
{
|
||||
| Ok(pdu_json) => pdu_json,
|
||||
| Err(e) => {
|
||||
// drop this PDU
|
||||
warn!(
|
||||
%auth_event_id,
|
||||
error=?e,
|
||||
"Dropping auth chain event as it has an invalid signature"
|
||||
);
|
||||
continue;
|
||||
},
|
||||
};
|
||||
|
||||
// PDU check 4 is done when we've finished aggregating
|
||||
if auth_event_room_id != incoming_event.room_id_or_hash() {
|
||||
return Err!(Request(Forbidden(
|
||||
"Auth event {auth_event_id} is in {auth_event_room_id}, not {}.",
|
||||
"Auth chain event {auth_event_id} is in {auth_event_room_id}, not {}.",
|
||||
incoming_event.room_id_or_hash()
|
||||
)));
|
||||
}
|
||||
let auth_pdu = PduEvent::from_id_val(&auth_event_id, auth_pdu_json).map_err(|e| {
|
||||
err!(Request(BadJson("Invalid PDU {auth_event_id} in auth chain: {e}")))
|
||||
})?;
|
||||
|
||||
if auth_pdu.state_key().is_none() {
|
||||
return Err!(Request(BadJson(
|
||||
"Invalid PDU {auth_event_id} in auth_chain: not a state event"
|
||||
@@ -97,17 +131,11 @@ async fn authorise_remote_auth_chain<Pdu>(
|
||||
where
|
||||
Pdu: Event + Send + Sync,
|
||||
{
|
||||
// TODO(nex): build_local_dag's signature needs changing because all callsites
|
||||
// seem to do this refmap hack.
|
||||
let pdu_objects = auth_chain_map
|
||||
.iter()
|
||||
.map(|(event_id, pdu)| (event_id, pdu.to_canonical_object()))
|
||||
.map(|(event_id, pdu)| (event_id.clone(), pdu.to_canonical_object()))
|
||||
.collect::<HashMap<_, _>>();
|
||||
let refmap: HashMap<OwnedEventId, &CanonicalJsonObject> = pdu_objects
|
||||
.iter()
|
||||
.map(|(id, data)| ((*id).to_owned(), data))
|
||||
.collect();
|
||||
let auth_chain_topo = build_local_dag(&refmap, DagBuilderTree::AuthEvents)
|
||||
let auth_chain_topo = build_local_dag(&pdu_objects, DagBuilderTree::AuthEvents)
|
||||
.await?
|
||||
.into_iter()
|
||||
.map(|event_id| (event_id.clone(), auth_chain_map.get(&event_id).unwrap().to_owned()))
|
||||
@@ -127,6 +155,12 @@ async fn authorise_remote_auth_chain<Pdu>(
|
||||
continue;
|
||||
}
|
||||
|
||||
// IMPORTANT: We can't use the handy dandy `handle_outlier_pdu` function here
|
||||
// because it may then try to fetch missing auth events, resulting in deep
|
||||
// recursion. We will do the minimum required steps to validate the PDU here.
|
||||
// Checks 1-3 were already done before this function is called, so we only need
|
||||
// to do check 4.
|
||||
|
||||
let mut auth_events_by_key: HashMap<_, _> =
|
||||
HashMap::with_capacity(pdu.auth_events.len());
|
||||
|
||||
@@ -150,24 +184,21 @@ async fn authorise_remote_auth_chain<Pdu>(
|
||||
},
|
||||
| hash_map::Entry::Occupied(_) => {
|
||||
// Duplicate auth events by key are not allowed.
|
||||
self.services
|
||||
.pdu_metadata
|
||||
.mark_event_rejected(auth_event_id);
|
||||
self.services.pdu_metadata.mark_event_rejected(&event_id);
|
||||
self.reject_and_persist(&event_id, &pdu.to_canonical_object());
|
||||
continue 'outer;
|
||||
},
|
||||
}
|
||||
}
|
||||
if !self
|
||||
.is_event_self_authorised(
|
||||
.auth_state_check_4(
|
||||
&pdu,
|
||||
room_version_rules,
|
||||
create_event.as_pdu(),
|
||||
&auth_events_by_key,
|
||||
)
|
||||
.await
|
||||
.await?
|
||||
{
|
||||
self.services.pdu_metadata.mark_event_rejected(&event_id);
|
||||
self.reject_and_persist(&event_id, &pdu.to_canonical_object());
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -5,13 +5,13 @@
|
||||
utils::{BoolExt, IterStream, stream::BroadbandExt},
|
||||
};
|
||||
use futures::StreamExt;
|
||||
use ruma::{CanonicalJsonObject, MilliSecondsSinceUnixEpoch, OwnedEventId, RoomId, ServerName};
|
||||
use ruma::{MilliSecondsSinceUnixEpoch, RoomId, ServerName};
|
||||
|
||||
use crate::rooms::event_handler::{build_local_dag, fetch_and_handle_outliers::DagBuilderTree};
|
||||
|
||||
impl super::Service {
|
||||
/// Fetches any missing prev_events for this event and persists them before
|
||||
/// returning.
|
||||
/// returning. The caller is responsible for then handling the incoming PDU.
|
||||
pub(super) async fn fetch_prevs(
|
||||
&self,
|
||||
room_id: &RoomId,
|
||||
@@ -84,13 +84,7 @@ pub(super) async fn fetch_prevs(
|
||||
})
|
||||
.collect::<HashMap<_, _>>();
|
||||
|
||||
let to_persist = if mapped.len() <= 1 {
|
||||
mapped.keys().map(ToOwned::to_owned).collect()
|
||||
} else {
|
||||
let refmap: HashMap<OwnedEventId, &CanonicalJsonObject> =
|
||||
mapped.iter().map(|(id, data)| (id.clone(), data)).collect();
|
||||
build_local_dag(&refmap, DagBuilderTree::PrevEvents).await?
|
||||
};
|
||||
let to_persist = build_local_dag(&mapped, DagBuilderTree::PrevEvents).await?;
|
||||
|
||||
let job_start = Instant::now();
|
||||
trace!("Starting to persist {} prev events", to_persist.len());
|
||||
|
||||
@@ -314,7 +314,7 @@ pub(super) async fn fetch_full_state(
|
||||
.iter()
|
||||
.stream()
|
||||
.broad_filter_map(|raw_event_json| async {
|
||||
if let Some(parsed) = self.parse_incoming_pdu(raw_event_json).await.ok()
|
||||
if let Some(parsed) = self.parse_incoming_pdu(raw_event_json, None).await.ok()
|
||||
&& parsed.0 == room_id
|
||||
{
|
||||
Some(parsed)
|
||||
@@ -351,7 +351,7 @@ pub(super) async fn fetch_full_state(
|
||||
.iter()
|
||||
.stream()
|
||||
.broad_filter_map(|raw_event_json| async {
|
||||
if let Some(parsed) = self.parse_incoming_pdu(raw_event_json).await.ok()
|
||||
if let Some(parsed) = self.parse_incoming_pdu(raw_event_json, None).await.ok()
|
||||
&& parsed.0 == room_id
|
||||
{
|
||||
Some(parsed)
|
||||
|
||||
@@ -4,46 +4,37 @@
|
||||
};
|
||||
|
||||
use conduwuit::{
|
||||
Err, Event, Result, debug, debug_error, debug_warn, defer, err, error, info,
|
||||
matrix::PartialPdu, result::DebugInspect, trace, utils::time::jitter, warn,
|
||||
Err, Event, Result, debug, debug_error, debug_warn, defer, matrix::PartialPdu, trace,
|
||||
utils::time::jitter,
|
||||
};
|
||||
use futures::{
|
||||
FutureExt, StreamExt,
|
||||
future::{OptionFuture, try_join4},
|
||||
};
|
||||
use ruma::{CanonicalJsonValue, EventId, OwnedUserId, RoomId, ServerName, UserId};
|
||||
use futures::{FutureExt, StreamExt, future::try_join3};
|
||||
use ruma::{CanonicalJsonValue, EventId, RoomId, ServerName, UserId};
|
||||
use tokio::sync::mpsc;
|
||||
|
||||
use crate::rooms::timeline::{RawPduId, pdu_fits};
|
||||
use crate::rooms::timeline::RawPduId;
|
||||
|
||||
impl super::Service {
|
||||
/// When receiving an event one needs to:
|
||||
/// 0. Check the server is in the room
|
||||
/// 1. Skip the PDU if we already know about it
|
||||
/// 1.1. Remove unsigned field
|
||||
/// 2. Check signatures, otherwise drop
|
||||
/// 3. Check content hash, redact if doesn't match
|
||||
/// 4. Fetch any missing auth events doing all checks listed here starting
|
||||
/// at 1. These are not timeline events
|
||||
/// 5. Reject "due to auth events" if can't get all the auth events or some
|
||||
/// of the auth events are also rejected "due to auth events"
|
||||
/// 6. Reject "due to auth events" if the event doesn't pass auth based on
|
||||
/// the auth events
|
||||
/// 7. Persist this event as an outlier
|
||||
/// 8. If not timeline event: stop
|
||||
/// 9. Fetch any missing prev events doing all checks listed here starting
|
||||
/// at 1. These are timeline events
|
||||
/// 10. Fetch missing state and auth chain events by calling `/state_ids` at
|
||||
/// backwards extremities doing all the checks in this list starting at
|
||||
/// 1. These are not timeline events
|
||||
/// 11. Check the auth of the event passes based on the state of the event
|
||||
/// 12. Ensure that the state is derived from the previous current state
|
||||
/// (i.e. we calculated by doing state res where one of the inputs was a
|
||||
/// previously trusted set of state, don't just trust a set of state we
|
||||
/// got from a remote)
|
||||
/// 13. Use state resolution to find new room state
|
||||
/// 14. Check if the event passes auth based on the "current state" of the
|
||||
/// room, if not soft fail it
|
||||
/// Handles an incoming PDU from federation.
|
||||
///
|
||||
/// First checks that we want to receive this PDU. If we already have it as
|
||||
/// a timeline PDU, or we don't want to receive the PDU (e.g. origin ACL'd,
|
||||
/// room disabled/unknown), abort.
|
||||
///
|
||||
/// The PDU is then handled as an outlier event, which performs [PDU checks]
|
||||
/// 1 through 4. See: `handle_outlier_pdu`.
|
||||
///
|
||||
/// Once handled as an outlier, any missing prev events are fetched, and
|
||||
/// then the PDU will be promoted/upgraded from an outlier to a timeline
|
||||
/// event clients can see. See: `upgrade_outlier_to_timeline_pdu`. After
|
||||
/// this finishes, the PDU is either accepted or left as an outlier.
|
||||
///
|
||||
/// If the PDU is successfully upgraded, the remaining extremity count of
|
||||
/// the room is checked. If there are a potentially problematic number of
|
||||
/// forward extremities, a squasher task is started with a debounce period,
|
||||
/// which will eventually send a dummy event that ties up as many DAG forks
|
||||
/// as possible.
|
||||
///
|
||||
/// [PDU checks]: https://spec.matrix.org/v1.19/server-server-api/#checks-performed-on-receipt-of-a-pdu
|
||||
#[tracing::instrument(
|
||||
name = "pdu",
|
||||
skip_all,
|
||||
@@ -55,51 +46,33 @@ pub async fn handle_incoming_pdu<'a>(
|
||||
room_id: &'a RoomId,
|
||||
event_id: &'a EventId,
|
||||
value: BTreeMap<String, CanonicalJsonValue>,
|
||||
is_timeline_event: bool,
|
||||
is_backfilled_event: bool,
|
||||
) -> Result<Option<RawPduId>> {
|
||||
// 1. Skip the PDU if we already have it as a timeline event
|
||||
// Skip the PDU if we already have it as a timeline event. We still re-process
|
||||
// outliers in this scenario.
|
||||
if let Ok(pdu_id) = self.services.timeline.get_pdu_id(event_id).await {
|
||||
debug!("Database hit for incoming PDU, skipping processing");
|
||||
return Ok(Some(pdu_id));
|
||||
}
|
||||
if !pdu_fits(&mut value.clone()) {
|
||||
warn!(
|
||||
"dropping incoming PDU {event_id} in room {room_id} from {origin} because it \
|
||||
exceeds 65535 bytes or is otherwise too large."
|
||||
);
|
||||
return Err!(Request(TooLarge("PDU is too large")));
|
||||
}
|
||||
trace!(
|
||||
"processing incoming PDU from {origin} for room {room_id} with event id {event_id}"
|
||||
);
|
||||
|
||||
// 1.1 Check we even know about the room
|
||||
let meta_exists = self.services.metadata.exists(room_id).map(Ok);
|
||||
// If this is a membership state event for a local user, we will be interested
|
||||
// in this event even if we aren't in the room. This allows us to process things
|
||||
// like revoking invites over federation, without being in the room.
|
||||
let is_interesting_member_event = value.get("type").and_then(|t| t.as_str())
|
||||
== Some("m.room.member")
|
||||
&& value
|
||||
.get("state_key")
|
||||
.and_then(|s| s.as_str())
|
||||
.and_then(|s| UserId::parse(s).ok())
|
||||
.is_some_and(|u| self.services.globals.user_is_local(&u));
|
||||
|
||||
// 1.2 Check if the room is disabled
|
||||
let is_disabled = self.services.metadata.is_disabled(room_id).map(Ok);
|
||||
|
||||
// 1.3.1 Check room ACL on origin field/server
|
||||
let origin_acl_check = self.acl_check(origin, room_id);
|
||||
|
||||
// 1.3.2 Check room ACL on sender's server name
|
||||
let sender: OwnedUserId = value
|
||||
.get("sender")
|
||||
.and_then(|v| v.as_str())
|
||||
.ok_or_else(|| err!("No sender in object"))
|
||||
.and_then(|v| Ok(UserId::parse(v)?))
|
||||
.map_err(|e| err!(Request(BadJson("PDU does not have a valid sender key: {e}"))))?;
|
||||
|
||||
let sender_acl_check: OptionFuture<_> = sender
|
||||
.server_name()
|
||||
.ne(origin)
|
||||
.then(|| self.acl_check(sender.server_name(), room_id))
|
||||
.into();
|
||||
|
||||
let (meta_exists, is_disabled, (), ()) = try_join4(
|
||||
meta_exists,
|
||||
is_disabled,
|
||||
origin_acl_check,
|
||||
sender_acl_check.map(|o| o.unwrap_or(Ok(()))),
|
||||
let (room_exists, is_disabled, ()) = try_join3(
|
||||
self.services.metadata.exists(room_id).map(Ok),
|
||||
self.services.metadata.is_disabled(room_id).map(Ok),
|
||||
self.acl_check(origin, room_id),
|
||||
)
|
||||
.await
|
||||
.inspect_err(
|
||||
@@ -112,21 +85,11 @@ pub async fn handle_incoming_pdu<'a>(
|
||||
)));
|
||||
}
|
||||
|
||||
if !self
|
||||
.services
|
||||
.state_cache
|
||||
.server_in_room(self.services.globals.server_name(), room_id)
|
||||
.await
|
||||
{
|
||||
info!(
|
||||
%origin,
|
||||
%room_id,
|
||||
"Dropping inbound PDU for room we aren't participating in"
|
||||
);
|
||||
return Err!(Request(NotFound("This server is not participating in that room.")));
|
||||
}
|
||||
|
||||
if !meta_exists {
|
||||
if !room_exists {
|
||||
if is_interesting_member_event {
|
||||
// TODO: handle interesting membership events where we aren't in
|
||||
// the room
|
||||
}
|
||||
return Err!(Request(NotFound("Room is unknown to this server")));
|
||||
}
|
||||
|
||||
@@ -152,8 +115,10 @@ pub async fn handle_incoming_pdu<'a>(
|
||||
.handle_outlier_pdu(origin, create_event, event_id, room_id, value)
|
||||
.await?;
|
||||
|
||||
// 8. if not timeline event: stop
|
||||
if !is_timeline_event {
|
||||
// If this event is being processed as part of backfill, we don't want to end up
|
||||
// *appending* it during the upgrade process, so we return early.
|
||||
if is_backfilled_event {
|
||||
debug!("Not promoting incoming event as it is being backfilled");
|
||||
return Ok(None);
|
||||
}
|
||||
|
||||
@@ -166,11 +131,16 @@ pub async fn handle_incoming_pdu<'a>(
|
||||
.await?
|
||||
.origin_server_ts();
|
||||
if incoming_pdu.origin_server_ts() < first_ts_in_room {
|
||||
debug_warn!(
|
||||
"Not promoting incoming event as it is sent before we joined the room (but was \
|
||||
not backfilled)"
|
||||
);
|
||||
return Ok(None);
|
||||
}
|
||||
|
||||
// 9. Fetch any missing prev events doing all checks listed here starting at 1.
|
||||
// These are timeline events
|
||||
// Fetch any missing prev events doing all checks listed here starting at 1.
|
||||
// These are timeline events.
|
||||
// TODO: This part needs to be done in a background queue somewhere.
|
||||
|
||||
debug!("Fetching and persisting any missing prev events");
|
||||
Box::pin(self.fetch_prevs(
|
||||
@@ -181,13 +151,14 @@ pub async fn handle_incoming_pdu<'a>(
|
||||
first_ts_in_room,
|
||||
))
|
||||
.await
|
||||
.debug_inspect_err(|e| {
|
||||
error!("Failed to fetch and persist incoming event's prev_events: {e:?}");
|
||||
.inspect_err(|e| {
|
||||
debug_error!("Failed to fetch and persist incoming event's prev_events: {e:?}");
|
||||
})?;
|
||||
|
||||
let is_dummy_event = incoming_pdu.event_type().to_string() == "org.matrix.dummy_event";
|
||||
let is_dummy_event = incoming_pdu.event_type().to_string() == "org.matrix.dummy_event"
|
||||
&& incoming_pdu.state_key().is_none();
|
||||
|
||||
// Done with prev events, now handling the incoming event
|
||||
// Done with prev events, now we can handle promoting the PDU
|
||||
let pdu_id = Box::pin(self.upgrade_outlier_to_timeline_pdu(
|
||||
incoming_pdu,
|
||||
val,
|
||||
|
||||
@@ -1,24 +1,25 @@
|
||||
use std::collections::{BTreeMap, HashMap, hash_map};
|
||||
|
||||
use conduwuit::{
|
||||
Err, Event, EventTypeExt, PduEvent, Result, debug, debug_info, debug_warn, err, info,
|
||||
matrix::StateKey, state_res::auth_check, trace, warn,
|
||||
};
|
||||
use futures::future::ready;
|
||||
use ruma::{
|
||||
CanonicalJsonObject, CanonicalJsonValue, EventId, OwnedEventId, RoomId, ServerName,
|
||||
canonical_json::redact, events::StateEventType, room_version_rules::RoomVersionRules,
|
||||
Err, Event, EventTypeExt, PduEvent, Result, debug, debug_warn, err, info, trace,
|
||||
};
|
||||
use ruma::{CanonicalJsonObject, CanonicalJsonValue, EventId, OwnedEventId, RoomId, ServerName};
|
||||
|
||||
use super::{check_room_id, get_room_version_rules};
|
||||
use crate::rooms::timeline::pdu_fits;
|
||||
use super::get_room_version_rules;
|
||||
|
||||
impl super::Service {
|
||||
/// Handles a PDU as an outlier, performing basic checks like signatures and
|
||||
/// hashes, proclaimed event auth, and then adding it to the outlier tree.
|
||||
///
|
||||
/// This performs steps 1 through 4 of [S-S section 5.1][spec], returning
|
||||
/// the parsed PDU and modified JSON object.
|
||||
///
|
||||
/// **External callers likely want `handle_incoming_pdu` instead.**
|
||||
///
|
||||
/// [spec]: https://spec.matrix.org/v1.19/server-server-api/#checks-performed-on-receipt-of-a-pdu
|
||||
#[allow(clippy::too_many_arguments)]
|
||||
#[tracing::instrument(name="handle_outlier", skip_all, fields(%event_id))]
|
||||
pub(super) async fn handle_outlier_pdu<'a, Pdu>(
|
||||
#[tracing::instrument(name = "handle_outlier", skip_all)]
|
||||
pub async fn handle_outlier_pdu<'a, Pdu>(
|
||||
&self,
|
||||
origin: &'a ServerName,
|
||||
create_event: &'a Pdu,
|
||||
@@ -29,61 +30,38 @@ pub(super) async fn handle_outlier_pdu<'a, Pdu>(
|
||||
where
|
||||
Pdu: Event + Send + Sync,
|
||||
{
|
||||
if !pdu_fits(&mut value.clone()) {
|
||||
warn!(
|
||||
"dropping incoming PDU {event_id} in room {room_id} from {origin} because it \
|
||||
exceeds 65535 bytes or is otherwise too large."
|
||||
// Skip outlier handling if we already have this event as either a timeline or
|
||||
// outlier PDU.
|
||||
if let Ok(pdu_event) = self.services.timeline.get_pdu(event_id).await {
|
||||
debug!(
|
||||
"Database hit for {event_id} (event is either an outlier or already promoted), \
|
||||
skipping outlier handling"
|
||||
);
|
||||
return Err!(Request(TooLarge("PDU is too large")));
|
||||
value.insert(
|
||||
"event_id".to_owned(),
|
||||
CanonicalJsonValue::String(event_id.as_str().to_owned()),
|
||||
);
|
||||
return Ok((pdu_event, value));
|
||||
}
|
||||
// 1. Remove unsigned field
|
||||
|
||||
// 1. Check that the PDU follows the format for the room version
|
||||
// (in this case, just size check)
|
||||
let room_version_rules = get_room_version_rules(create_event)?;
|
||||
Self::pdu_format_check_1(&value, &room_version_rules, create_event.event_id())
|
||||
.inspect_err(|e| {
|
||||
info!(
|
||||
err=?e,
|
||||
"Dropping incoming PDU from {origin} because it violates the room event format"
|
||||
);
|
||||
})?;
|
||||
|
||||
value.remove("unsigned");
|
||||
|
||||
// 2. Check signatures, otherwise drop
|
||||
// 3. check content hash, redact if doesn't match
|
||||
let room_version_rules = get_room_version_rules(create_event)?;
|
||||
let mut incoming_pdu = match self
|
||||
.services
|
||||
.server_keys
|
||||
.verify_event(&value, &room_version_rules)
|
||||
.await
|
||||
{
|
||||
| Ok(ruma::signatures::Verified::All) => {
|
||||
if let Ok(pdu_event) = self.services.timeline.get_pdu(event_id).await {
|
||||
debug!(
|
||||
"Already have event {event_id} as an outlier or timeline event, not \
|
||||
re-processing"
|
||||
);
|
||||
value.insert(
|
||||
"event_id".to_owned(),
|
||||
CanonicalJsonValue::String(event_id.as_str().to_owned()),
|
||||
);
|
||||
check_room_id(room_id, &pdu_event)?;
|
||||
return Ok((pdu_event, value));
|
||||
}
|
||||
value
|
||||
},
|
||||
| Ok(ruma::signatures::Verified::Signatures) => {
|
||||
if let Ok(pdu_event) = self.services.timeline.get_pdu(event_id).await {
|
||||
debug!(
|
||||
"Received a redacted copy of {event_id}, but we already knew about it. \
|
||||
Re-using known content instead."
|
||||
);
|
||||
check_room_id(room_id, &pdu_event)?;
|
||||
let obj = pdu_event.to_canonical_object();
|
||||
return Ok((pdu_event, obj));
|
||||
}
|
||||
|
||||
debug_info!("Calculated hash does not match (redaction): {event_id}");
|
||||
redact(value, &room_version_rules.redaction, None)
|
||||
.map_err(|e| err!(Request(BadJson("Failed to redact {event_id}: {e}"))))?
|
||||
},
|
||||
| Err(e) => {
|
||||
return Err!(Request(Forbidden(debug_error!(
|
||||
"Signature verification failed for {event_id}: {e}"
|
||||
))));
|
||||
},
|
||||
};
|
||||
// 2. Check signatures, otherwise drop.
|
||||
// 3. Check content hash, redacting the event if it fails.
|
||||
let mut incoming_pdu = self
|
||||
.signature_hash_check_2_3(value, &room_version_rules)
|
||||
.await?;
|
||||
|
||||
// Now that we have checked the signature and hashes we can add the eventID and
|
||||
// convert to our PduEvent type
|
||||
@@ -91,14 +69,11 @@ pub(super) async fn handle_outlier_pdu<'a, Pdu>(
|
||||
"event_id".to_owned(),
|
||||
CanonicalJsonValue::String(event_id.as_str().to_owned()),
|
||||
);
|
||||
|
||||
let pdu_event = serde_json::from_value::<PduEvent>(
|
||||
serde_json::to_value(&incoming_pdu).expect("CanonicalJsonObj is a valid JsonValue"),
|
||||
)
|
||||
.map_err(|e| err!(Request(BadJson(debug_warn!("Event is not a valid PDU: {e}")))))?;
|
||||
|
||||
check_room_id(room_id, &pdu_event)?;
|
||||
|
||||
// TODO(nex): From hereon the event is not dropped, and thus always added as an
|
||||
// outlier. However, we only do that at the end of this function, which means
|
||||
// several duplicated calls to add_pdu_outlier. Shouldn't we just do it here
|
||||
@@ -116,7 +91,6 @@ pub(super) async fn handle_outlier_pdu<'a, Pdu>(
|
||||
|
||||
for auth_event_id in pdu_event.auth_events() {
|
||||
if let Ok(auth_event) = self.services.timeline.get_pdu(auth_event_id).await {
|
||||
check_room_id(room_id, &auth_event)?;
|
||||
trace!("Found auth event {auth_event_id} for outlier event {event_id} locally");
|
||||
auth_events.insert(auth_event_id.to_owned(), auth_event);
|
||||
} else {
|
||||
@@ -154,7 +128,7 @@ pub(super) async fn handle_outlier_pdu<'a, Pdu>(
|
||||
}
|
||||
|
||||
// Ensure none of the auth events are rejected - if they are, reject too.
|
||||
for auth_event_id in auth_events.keys() {
|
||||
for (auth_event_id, auth_event) in &auth_events {
|
||||
if self
|
||||
.services
|
||||
.pdu_metadata
|
||||
@@ -166,15 +140,27 @@ pub(super) async fn handle_outlier_pdu<'a, Pdu>(
|
||||
{auth_event_id}",
|
||||
event_id,
|
||||
);
|
||||
self.services.pdu_metadata.mark_event_rejected(event_id);
|
||||
self.reject_and_persist(event_id, &incoming_pdu);
|
||||
return Err!(Request(Forbidden(
|
||||
"Event has rejected auth event: {auth_event_id}"
|
||||
)));
|
||||
}
|
||||
if auth_event.room_id_or_hash() != room_id {
|
||||
debug_warn!(
|
||||
%auth_event_id,
|
||||
auth_event_room_id=%auth_event.room_id_or_hash(),
|
||||
expected_room_id=%room_id,
|
||||
"Rejecting incoming event which depends on an auth event in another room.",
|
||||
);
|
||||
self.reject_and_persist(event_id, &incoming_pdu);
|
||||
return Err!(Request(Forbidden(
|
||||
"Event depends on a cross-room auth event: {auth_event_id}"
|
||||
)));
|
||||
}
|
||||
}
|
||||
|
||||
// 6. Reject "due to auth events" if the event doesn't pass auth based on the
|
||||
// auth events
|
||||
// 4. Reject "due to auth events" if the event doesn't pass auth based on the
|
||||
// claimed auth events
|
||||
debug!("Checking based on auth events");
|
||||
let mut auth_events_by_key: HashMap<_, _> = HashMap::with_capacity(auth_events.len());
|
||||
// Build map of auth events
|
||||
@@ -184,8 +170,6 @@ pub(super) async fn handle_outlier_pdu<'a, Pdu>(
|
||||
.expect("we just checked that we have all auth events")
|
||||
.to_owned();
|
||||
|
||||
check_room_id(room_id, &auth_event)?;
|
||||
|
||||
let key = auth_event.kind().with_state_key(
|
||||
auth_event
|
||||
.state_key
|
||||
@@ -197,98 +181,45 @@ pub(super) async fn handle_outlier_pdu<'a, Pdu>(
|
||||
v.insert(auth_event);
|
||||
},
|
||||
| hash_map::Entry::Occupied(_) => {
|
||||
self.services
|
||||
.outlier
|
||||
.add_pdu_outlier(pdu_event.event_id(), &incoming_pdu);
|
||||
self.services.pdu_metadata.mark_event_rejected(event_id);
|
||||
return Err!(Request(Forbidden(
|
||||
self.reject_and_persist(event_id, &incoming_pdu);
|
||||
return Err!(Request(Forbidden(debug_warn!(
|
||||
"Auth event's type and state_key combination exists multiple times: {}, \
|
||||
{}",
|
||||
auth_event.kind,
|
||||
auth_event.state_key().unwrap_or("")
|
||||
)));
|
||||
))));
|
||||
},
|
||||
}
|
||||
}
|
||||
|
||||
if !self
|
||||
.is_event_self_authorised(
|
||||
.auth_state_check_4(
|
||||
&pdu_event,
|
||||
&room_version_rules,
|
||||
create_event.as_pdu(),
|
||||
&auth_events_by_key,
|
||||
)
|
||||
.await
|
||||
.await?
|
||||
{
|
||||
self.services.pdu_metadata.mark_event_rejected(event_id);
|
||||
self.services
|
||||
.outlier
|
||||
.add_pdu_outlier(pdu_event.event_id(), &incoming_pdu);
|
||||
return Err!(Request(Forbidden(
|
||||
self.reject_and_persist(event_id, &incoming_pdu);
|
||||
return Err!(Request(Forbidden(debug_warn!(
|
||||
"Event authorisation fails based on event's claimed auth events"
|
||||
)));
|
||||
))));
|
||||
}
|
||||
|
||||
trace!("Validation successful.");
|
||||
|
||||
// 7. Persist the event as an outlier.
|
||||
self.services
|
||||
.outlier
|
||||
.add_pdu_outlier(pdu_event.event_id(), &incoming_pdu);
|
||||
|
||||
trace!("Added pdu as outlier.");
|
||||
debug!("PDU passed checks and has been persisted as an outlier");
|
||||
|
||||
Ok((pdu_event, incoming_pdu))
|
||||
}
|
||||
|
||||
/// Helper method that turns the return value of `is_event_self_authorised`
|
||||
/// into a `Result` depending on the value.
|
||||
///
|
||||
/// If the event is not authorised, a Forbidden error is returned.
|
||||
/// Otherwise, an empty `Ok`.
|
||||
pub(super) async fn is_event_self_authorised(
|
||||
&self,
|
||||
pdu: &PduEvent,
|
||||
room_version_rules: &RoomVersionRules,
|
||||
create_event: &PduEvent,
|
||||
auth_events_by_key: &HashMap<(StateEventType, StateKey), PduEvent>,
|
||||
) -> bool {
|
||||
self.expect_event_is_self_authorised(
|
||||
pdu,
|
||||
room_version_rules,
|
||||
create_event,
|
||||
auth_events_by_key,
|
||||
)
|
||||
.await
|
||||
.is_ok()
|
||||
}
|
||||
|
||||
/// Checks PDU check 4: Passes authorisation rules based on the event's auth
|
||||
/// events ([spec]).
|
||||
///
|
||||
/// If the auth check fails, false is returned, otherwise true.
|
||||
///
|
||||
/// [spec]: https://spec.matrix.org/v1.19/server-server-api/#checks-performed-on-receipt-of-a-pdu
|
||||
pub(super) async fn expect_event_is_self_authorised(
|
||||
&self,
|
||||
pdu: &PduEvent,
|
||||
room_version_rules: &RoomVersionRules,
|
||||
create_event: &PduEvent,
|
||||
auth_events_by_key: &HashMap<(StateEventType, StateKey), PduEvent>,
|
||||
) -> Result<bool> {
|
||||
let state_fetch = |ty: &StateEventType, sk: &str| {
|
||||
let key = (ty.to_owned(), sk.into());
|
||||
ready(auth_events_by_key.get(&key).map(ToOwned::to_owned))
|
||||
};
|
||||
|
||||
auth_check(
|
||||
room_version_rules,
|
||||
pdu,
|
||||
None, // TODO: third party invite
|
||||
state_fetch,
|
||||
create_event,
|
||||
)
|
||||
.await
|
||||
.map_err(|e| err!("Event self-authentication failed: {e:?}"))
|
||||
/// Marks the event as rejected and then saves it as an outlier.
|
||||
pub(super) fn reject_and_persist(&self, event_id: &EventId, pdu: &CanonicalJsonObject) {
|
||||
self.services.pdu_metadata.mark_event_rejected(event_id);
|
||||
self.services.outlier.add_pdu_outlier(event_id, pdu);
|
||||
}
|
||||
}
|
||||
|
||||
Some files were not shown because too many files have changed in this diff Show More
Reference in New Issue
Block a user