diff --git a/src/api/server_server.rs b/src/api/server_server.rs index 548199c9..903b925b 100644 --- a/src/api/server_server.rs +++ b/src/api/server_server.rs @@ -904,6 +904,16 @@ pub async fn send_transaction_message_route( } for update in presence.push { + if !services() + .acl + .is_federation_with_allowed_server_name(update.user_id.server_name()) + { + info!( + "blocked Presence EDU from {} due to server ACL", + update.user_id + ); + continue; + } for room_id in services().rooms.state_cache.rooms_joined(&update.user_id) { services().rooms.edus.presence.set_presence( &room_id?, @@ -919,6 +929,13 @@ pub async fn send_transaction_message_route( Edu::Receipt(receipt) => { for (room_id, room_updates) in receipt.receipts { for (user_id, user_updates) in room_updates.read { + if !services() + .acl + .is_federation_with_allowed_server_name(user_id.server_name()) + { + info!("blocked Receipt EDU from {} due to server ACL", user_id); + continue; + } if let Some((event_id, _)) = user_updates .event_ids .iter() @@ -964,6 +981,16 @@ pub async fn send_transaction_message_route( .state_cache .is_joined(&typing.user_id, &typing.room_id)? { + if !services() + .acl + .is_federation_with_allowed_server_name(typing.user_id.server_name()) + { + info!( + "blocked Typing EDU from {} due to server ACL", + typing.user_id + ); + continue; + } if typing.typing { services().rooms.edus.typing.typing_add( &typing.user_id, @@ -980,6 +1007,16 @@ pub async fn send_transaction_message_route( } } Edu::DeviceListUpdate(DeviceListUpdateContent { user_id, .. }) => { + if !services() + .acl + .is_federation_with_allowed_server_name(user_id.server_name()) + { + info!( + "blocked DeviceListUpdate EDU from {} due to server ACL", + user_id + ); + continue; + } services().users.mark_device_key_update(&user_id)?; } Edu::DirectToDevice(DirectDeviceContent { @@ -988,6 +1025,16 @@ pub async fn send_transaction_message_route( message_id, messages, }) => { + if !services() + .acl + .is_federation_with_allowed_server_name(sender.server_name()) + { + info!( + "blocked DirectToDevice EDU from {} due to server ACL", + sender + ); + continue; + } // Check if this is a new transaction id if services() .transaction_ids @@ -1051,6 +1098,16 @@ pub async fn send_transaction_message_route( if user_id.server_name() != sender_servername { continue; } + if !services() + .acl + .is_federation_with_allowed_server_name(user_id.server_name()) + { + info!( + "blocked SigningKeyUpdate EDU from {} due to server ACL", + user_id.server_name() + ); + continue; + } if let Some(master_key) = master_key { services().users.add_cross_signing_keys( &user_id,