mirror of
https://forgejo.ellis.link/continuwuation/continuwuity.git
synced 2025-06-26 16:26:37 +02:00
946ca364e0
combine service/users data w/ mod unit split sliding sync related out of service/users instrument database entry points remove increment crap from database interface de-wrap all database get() calls de-wrap all database insert() calls de-wrap all database remove() calls refactor database interface for async streaming add query key serializer for database implement Debug for result handle add query deserializer for database add deserialization trait for option handle start a stream utils suite de-wrap/asyncify/type-query count_one_time_keys() de-wrap/asyncify users count add admin query users command suite de-wrap/asyncify users exists de-wrap/partially asyncify user filter related asyncify/de-wrap users device/keys related asyncify/de-wrap user auth/misc related asyncify/de-wrap users blurhash asyncify/de-wrap account_data get; merge Data into Service partial asyncify/de-wrap uiaa; merge Data into Service partially asyncify/de-wrap transaction_ids get; merge Data into Service partially asyncify/de-wrap key_backups; merge Data into Service asyncify/de-wrap pusher service getters; merge Data into Service asyncify/de-wrap rooms alias getters/some iterators asyncify/de-wrap rooms directory getters/iterator partially asyncify/de-wrap rooms lazy-loading partially asyncify/de-wrap rooms metadata asyncify/dewrap rooms outlier asyncify/dewrap rooms pdu_metadata dewrap/partially asyncify rooms read receipt de-wrap rooms search service de-wrap/partially asyncify rooms user service partial de-wrap rooms state_compressor de-wrap rooms state_cache de-wrap room state et al de-wrap rooms timeline service additional users device/keys related de-wrap/asyncify sender asyncify services refactor database to TryFuture/TryStream refactor services for TryFuture/TryStream asyncify api handlers additional asyncification for admin module abstract stream related; support reverse streams additional stream conversions asyncify state-res related Signed-off-by: Jason Volk <jason@zemos.net>
325 lines
8.5 KiB
Rust
325 lines
8.5 KiB
Rust
#![allow(deprecated)]
|
|
|
|
use std::collections::BTreeMap;
|
|
|
|
use axum::extract::State;
|
|
use conduit::{err, pdu::gen_event_id_canonical_json, utils::IterStream, warn, Error, Result};
|
|
use futures::{FutureExt, StreamExt, TryStreamExt};
|
|
use ruma::{
|
|
api::{client::error::ErrorKind, federation::membership::create_join_event},
|
|
events::{
|
|
room::member::{MembershipState, RoomMemberEventContent},
|
|
StateEventType,
|
|
},
|
|
CanonicalJsonValue, OwnedServerName, OwnedUserId, RoomId, ServerName,
|
|
};
|
|
use serde_json::value::{to_raw_value, RawValue as RawJsonValue};
|
|
use service::Services;
|
|
use tokio::sync::RwLock;
|
|
|
|
use crate::Ruma;
|
|
|
|
/// helper method for /send_join v1 and v2
|
|
async fn create_join_event(
|
|
services: &Services, origin: &ServerName, room_id: &RoomId, pdu: &RawJsonValue,
|
|
) -> Result<create_join_event::v1::RoomState> {
|
|
if !services.rooms.metadata.exists(room_id).await {
|
|
return Err(Error::BadRequest(ErrorKind::NotFound, "Room is unknown to this server."));
|
|
}
|
|
|
|
// ACL check origin server
|
|
services
|
|
.rooms
|
|
.event_handler
|
|
.acl_check(origin, room_id)
|
|
.await?;
|
|
|
|
// We need to return the state prior to joining, let's keep a reference to that
|
|
// here
|
|
let shortstatehash = services
|
|
.rooms
|
|
.state
|
|
.get_room_shortstatehash(room_id)
|
|
.await
|
|
.map_err(|_| err!(Request(NotFound("Event state not found."))))?;
|
|
|
|
let pub_key_map = RwLock::new(BTreeMap::new());
|
|
// let mut auth_cache = EventMap::new();
|
|
|
|
// We do not add the event_id field to the pdu here because of signature and
|
|
// hashes checks
|
|
let room_version_id = services.rooms.state.get_room_version(room_id).await?;
|
|
|
|
let Ok((event_id, mut value)) = gen_event_id_canonical_json(pdu, &room_version_id) else {
|
|
// Event could not be converted to canonical json
|
|
return Err(Error::BadRequest(
|
|
ErrorKind::InvalidParam,
|
|
"Could not convert event to canonical json.",
|
|
));
|
|
};
|
|
|
|
let event_type: StateEventType = serde_json::from_value(
|
|
value
|
|
.get("type")
|
|
.ok_or_else(|| Error::BadRequest(ErrorKind::InvalidParam, "Event missing type property."))?
|
|
.clone()
|
|
.into(),
|
|
)
|
|
.map_err(|_| Error::BadRequest(ErrorKind::InvalidParam, "Event has invalid event type."))?;
|
|
|
|
if event_type != StateEventType::RoomMember {
|
|
return Err(Error::BadRequest(
|
|
ErrorKind::InvalidParam,
|
|
"Not allowed to send non-membership state event to join endpoint.",
|
|
));
|
|
}
|
|
|
|
let content: RoomMemberEventContent = serde_json::from_value(
|
|
value
|
|
.get("content")
|
|
.ok_or_else(|| Error::BadRequest(ErrorKind::InvalidParam, "Event missing content property"))?
|
|
.clone()
|
|
.into(),
|
|
)
|
|
.map_err(|_| Error::BadRequest(ErrorKind::InvalidParam, "Event content is empty or invalid"))?;
|
|
|
|
if content.membership != MembershipState::Join {
|
|
return Err(Error::BadRequest(
|
|
ErrorKind::InvalidParam,
|
|
"Not allowed to send a non-join membership event to join endpoint.",
|
|
));
|
|
}
|
|
|
|
// ACL check sender server name
|
|
let sender: OwnedUserId = serde_json::from_value(
|
|
value
|
|
.get("sender")
|
|
.ok_or_else(|| Error::BadRequest(ErrorKind::InvalidParam, "Event missing sender property."))?
|
|
.clone()
|
|
.into(),
|
|
)
|
|
.map_err(|_| Error::BadRequest(ErrorKind::BadJson, "sender is not a valid user ID."))?;
|
|
|
|
services
|
|
.rooms
|
|
.event_handler
|
|
.acl_check(sender.server_name(), room_id)
|
|
.await?;
|
|
|
|
// check if origin server is trying to send for another server
|
|
if sender.server_name() != origin {
|
|
return Err(Error::BadRequest(
|
|
ErrorKind::InvalidParam,
|
|
"Not allowed to join on behalf of another server.",
|
|
));
|
|
}
|
|
|
|
let state_key: OwnedUserId = serde_json::from_value(
|
|
value
|
|
.get("state_key")
|
|
.ok_or_else(|| Error::BadRequest(ErrorKind::InvalidParam, "Event missing state_key property."))?
|
|
.clone()
|
|
.into(),
|
|
)
|
|
.map_err(|_| Error::BadRequest(ErrorKind::BadJson, "state_key is invalid or not a user ID."))?;
|
|
|
|
if state_key != sender {
|
|
return Err(Error::BadRequest(
|
|
ErrorKind::InvalidParam,
|
|
"State key does not match sender user",
|
|
));
|
|
};
|
|
|
|
if content
|
|
.join_authorized_via_users_server
|
|
.is_some_and(|user| services.globals.user_is_local(&user))
|
|
&& super::user_can_perform_restricted_join(services, &sender, room_id, &room_version_id)
|
|
.await
|
|
.unwrap_or_default()
|
|
{
|
|
ruma::signatures::hash_and_sign_event(
|
|
services.globals.server_name().as_str(),
|
|
services.globals.keypair(),
|
|
&mut value,
|
|
&room_version_id,
|
|
)
|
|
.map_err(|_| Error::BadRequest(ErrorKind::InvalidParam, "Failed to sign event."))?;
|
|
}
|
|
|
|
services
|
|
.server_keys
|
|
.fetch_required_signing_keys([&value], &pub_key_map)
|
|
.await?;
|
|
|
|
let origin: OwnedServerName = serde_json::from_value(
|
|
serde_json::to_value(
|
|
value
|
|
.get("origin")
|
|
.ok_or_else(|| Error::BadRequest(ErrorKind::InvalidParam, "Event missing origin property."))?,
|
|
)
|
|
.expect("CanonicalJson is valid json value"),
|
|
)
|
|
.map_err(|_| Error::BadRequest(ErrorKind::InvalidParam, "origin is not a server name."))?;
|
|
|
|
let mutex_lock = services
|
|
.rooms
|
|
.event_handler
|
|
.mutex_federation
|
|
.lock(room_id)
|
|
.await;
|
|
|
|
let pdu_id: Vec<u8> = services
|
|
.rooms
|
|
.event_handler
|
|
.handle_incoming_pdu(&origin, room_id, &event_id, value.clone(), true, &pub_key_map)
|
|
.await?
|
|
.ok_or_else(|| Error::BadRequest(ErrorKind::InvalidParam, "Could not accept as timeline event."))?;
|
|
|
|
drop(mutex_lock);
|
|
|
|
let state_ids = services
|
|
.rooms
|
|
.state_accessor
|
|
.state_full_ids(shortstatehash)
|
|
.await?;
|
|
|
|
let state = state_ids
|
|
.iter()
|
|
.try_stream()
|
|
.and_then(|(_, event_id)| services.rooms.timeline.get_pdu_json(event_id))
|
|
.and_then(|pdu| {
|
|
services
|
|
.sending
|
|
.convert_to_outgoing_federation_event(pdu)
|
|
.map(Ok)
|
|
})
|
|
.try_collect()
|
|
.await?;
|
|
|
|
let auth_chain = services
|
|
.rooms
|
|
.auth_chain
|
|
.event_ids_iter(room_id, state_ids.values().cloned().collect())
|
|
.await?
|
|
.map(Ok)
|
|
.and_then(|event_id| async move { services.rooms.timeline.get_pdu_json(&event_id).await })
|
|
.and_then(|pdu| {
|
|
services
|
|
.sending
|
|
.convert_to_outgoing_federation_event(pdu)
|
|
.map(Ok)
|
|
})
|
|
.try_collect()
|
|
.await?;
|
|
|
|
services.sending.send_pdu_room(room_id, &pdu_id).await?;
|
|
|
|
Ok(create_join_event::v1::RoomState {
|
|
auth_chain,
|
|
state,
|
|
// Event field is required if the room version supports restricted join rules.
|
|
event: to_raw_value(&CanonicalJsonValue::Object(value)).ok(),
|
|
})
|
|
}
|
|
|
|
/// # `PUT /_matrix/federation/v1/send_join/{roomId}/{eventId}`
|
|
///
|
|
/// Submits a signed join event.
|
|
pub(crate) async fn create_join_event_v1_route(
|
|
State(services): State<crate::State>, body: Ruma<create_join_event::v1::Request>,
|
|
) -> Result<create_join_event::v1::Response> {
|
|
let origin = body.origin.as_ref().expect("server is authenticated");
|
|
|
|
if services
|
|
.globals
|
|
.config
|
|
.forbidden_remote_server_names
|
|
.contains(origin)
|
|
{
|
|
warn!(
|
|
"Server {origin} tried joining room ID {} who has a server name that is globally forbidden. Rejecting.",
|
|
&body.room_id,
|
|
);
|
|
return Err(Error::BadRequest(
|
|
ErrorKind::forbidden(),
|
|
"Server is banned on this homeserver.",
|
|
));
|
|
}
|
|
|
|
if let Some(server) = body.room_id.server_name() {
|
|
if services
|
|
.globals
|
|
.config
|
|
.forbidden_remote_server_names
|
|
.contains(&server.to_owned())
|
|
{
|
|
warn!(
|
|
"Server {origin} tried joining room ID {} which has a server name that is globally forbidden. \
|
|
Rejecting.",
|
|
&body.room_id,
|
|
);
|
|
return Err(Error::BadRequest(
|
|
ErrorKind::forbidden(),
|
|
"Server is banned on this homeserver.",
|
|
));
|
|
}
|
|
}
|
|
|
|
let room_state = create_join_event(&services, origin, &body.room_id, &body.pdu).await?;
|
|
|
|
Ok(create_join_event::v1::Response {
|
|
room_state,
|
|
})
|
|
}
|
|
|
|
/// # `PUT /_matrix/federation/v2/send_join/{roomId}/{eventId}`
|
|
///
|
|
/// Submits a signed join event.
|
|
pub(crate) async fn create_join_event_v2_route(
|
|
State(services): State<crate::State>, body: Ruma<create_join_event::v2::Request>,
|
|
) -> Result<create_join_event::v2::Response> {
|
|
let origin = body.origin.as_ref().expect("server is authenticated");
|
|
|
|
if services
|
|
.globals
|
|
.config
|
|
.forbidden_remote_server_names
|
|
.contains(origin)
|
|
{
|
|
return Err(Error::BadRequest(
|
|
ErrorKind::forbidden(),
|
|
"Server is banned on this homeserver.",
|
|
));
|
|
}
|
|
|
|
if let Some(server) = body.room_id.server_name() {
|
|
if services
|
|
.globals
|
|
.config
|
|
.forbidden_remote_server_names
|
|
.contains(&server.to_owned())
|
|
{
|
|
return Err(Error::BadRequest(
|
|
ErrorKind::forbidden(),
|
|
"Server is banned on this homeserver.",
|
|
));
|
|
}
|
|
}
|
|
|
|
let create_join_event::v1::RoomState {
|
|
auth_chain,
|
|
state,
|
|
event,
|
|
} = create_join_event(&services, origin, &body.room_id, &body.pdu).await?;
|
|
let room_state = create_join_event::v2::RoomState {
|
|
members_omitted: false,
|
|
auth_chain,
|
|
state,
|
|
event,
|
|
servers_in_room: None,
|
|
};
|
|
|
|
Ok(create_join_event::v2::Response {
|
|
room_state,
|
|
})
|
|
}
|