git-mirrors/continuwuity
1
0
Fork 0
mirror of https://forgejo.ellis.link/continuwuation/continuwuity.git synced 2025-07-09 14:06:42 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

feat: added EDU blocking to ACL capabilities

Browse source
This commit is contained in:
NinekoTheCat 2023-12-25 18:18:23 +01:00
parent d1c0a76a12
commit 886b8ef052
No known key found for this signature in database
GPG key ID: 700DB3F678A4AB66
1 changed files with 57 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

57
src/api/server_server.rs
View file

@ -904,6 +904,16 @@ pub async fn send_transaction_message_route(
} }
for update in presence.push { for update in presence.push {
if !services()
.acl
.is_federation_with_allowed_server_name(update.user_id.server_name())
{
info!(
"blocked Presence EDU from {} due to server ACL",
update.user_id
);
continue;
}
for room_id in services().rooms.state_cache.rooms_joined(&update.user_id) { for room_id in services().rooms.state_cache.rooms_joined(&update.user_id) {
services().rooms.edus.presence.set_presence( services().rooms.edus.presence.set_presence(
&room_id?, &room_id?,
@ -919,6 +929,13 @@ pub async fn send_transaction_message_route(
Edu::Receipt(receipt) => { Edu::Receipt(receipt) => {
for (room_id, room_updates) in receipt.receipts { for (room_id, room_updates) in receipt.receipts {
for (user_id, user_updates) in room_updates.read { for (user_id, user_updates) in room_updates.read {
if !services()
.acl
.is_federation_with_allowed_server_name(user_id.server_name())
{
info!("blocked Receipt EDU from {} due to server ACL", user_id);
continue;
}
if let Some((event_id, _)) = user_updates if let Some((event_id, _)) = user_updates
.event_ids .event_ids
.iter() .iter()
@ -964,6 +981,16 @@ pub async fn send_transaction_message_route(
.state_cache .state_cache
.is_joined(&typing.user_id, &typing.room_id)? .is_joined(&typing.user_id, &typing.room_id)?
{ {
if !services()
.acl
.is_federation_with_allowed_server_name(typing.user_id.server_name())
{
info!(
"blocked Typing EDU from {} due to server ACL",
typing.user_id
);
continue;
}
if typing.typing { if typing.typing {
services().rooms.edus.typing.typing_add( services().rooms.edus.typing.typing_add(
&typing.user_id, &typing.user_id,
@ -980,6 +1007,16 @@ pub async fn send_transaction_message_route(
} }
} }
Edu::DeviceListUpdate(DeviceListUpdateContent { user_id, .. }) => { Edu::DeviceListUpdate(DeviceListUpdateContent { user_id, .. }) => {
if !services()
.acl
.is_federation_with_allowed_server_name(user_id.server_name())
{
info!(
"blocked DeviceListUpdate EDU from {} due to server ACL",
user_id
);
continue;
}
services().users.mark_device_key_update(&user_id)?; services().users.mark_device_key_update(&user_id)?;
} }
Edu::DirectToDevice(DirectDeviceContent { Edu::DirectToDevice(DirectDeviceContent {
@ -988,6 +1025,16 @@ pub async fn send_transaction_message_route(
message_id, message_id,
messages, messages,
}) => { }) => {
if !services()
.acl
.is_federation_with_allowed_server_name(sender.server_name())
{
info!(
"blocked DirectToDevice EDU from {} due to server ACL",
sender
);
continue;
}
// Check if this is a new transaction id // Check if this is a new transaction id
if services() if services()
.transaction_ids .transaction_ids
@ -1051,6 +1098,16 @@ pub async fn send_transaction_message_route(
if user_id.server_name() != sender_servername { if user_id.server_name() != sender_servername {
continue; continue;
} }
if !services()
.acl
.is_federation_with_allowed_server_name(user_id.server_name())
{
info!(
"blocked SigningKeyUpdate EDU from {} due to server ACL",
user_id.server_name()
);
continue;
}
if let Some(master_key) = master_key { if let Some(master_key) = master_key {
services().users.add_cross_signing_keys( services().users.add_cross_signing_keys(
&user_id, &user_id,