git-mirrors/continuwuity
1
0
Fork 0
mirror of https://forgejo.ellis.link/continuwuation/continuwuity.git synced 2025-06-27 10:54:51 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions
continuwuity/src/api/server/utils.rs
Jason Volk e49aee61c1 consolidate and parallelize api/server access check prologues 
Signed-off-by: Jason Volk <jason@zemos.net>
2024-11-03 08:03:25 +00:00

60 lines
1.4 KiB
Rust
Raw Blame History

use conduit::{implement, is_false, Err, Result};
use conduit_service::Services;
use futures::{future::OptionFuture, join, FutureExt};
use ruma::{EventId, RoomId, ServerName};
pub(super) struct AccessCheck<'a> {
pub(super) services: &'a Services,
pub(super) origin: &'a ServerName,
pub(super) room_id: &'a RoomId,
pub(super) event_id: Option<&'a EventId>,
}
#[implement(AccessCheck, params = "<'_>")]
pub(super) async fn check(&self) -> Result {
let acl_check = self
.services
.rooms
.event_handler
.acl_check(self.origin, self.room_id)
.map(|result| result.is_ok());
let world_readable = self
.services
.rooms
.state_accessor
.is_world_readable(self.room_id);
let server_in_room = self
.services
.rooms
.state_cache
.server_in_room(self.origin, self.room_id);
let server_can_see: OptionFuture<_> = self
.event_id
.map(|event_id| {
self.services
.rooms
.state_accessor
.server_can_see_event(self.origin, self.room_id, event_id)
})
.into();
let (world_readable, server_in_room, server_can_see, acl_check) =
join!(world_readable, server_in_room, server_can_see, acl_check);
if !acl_check {
return Err!(Request(Forbidden("Server access denied.")));
}
if !world_readable && !server_in_room {
return Err!(Request(Forbidden("Server is not in room.")));
}
if server_can_see.is_some_and(is_false!()) {
return Err!(Request(Forbidden("Server is not allowed to see event.")));
}
Ok(())
}
Reference in a new issue View git blame Copy permalink