mirror of
https://github.com/girlbossceo/conduwuit.git
synced 2025-03-14 18:55:37 +00:00
1791 lines
46 KiB
Rust
1791 lines
46 KiB
Rust
use std::{
|
|
collections::{BTreeMap, HashMap, HashSet},
|
|
net::IpAddr,
|
|
sync::Arc,
|
|
};
|
|
|
|
use axum::extract::State;
|
|
use axum_client_ip::InsecureClientIp;
|
|
use conduwuit::{
|
|
debug, debug_info, debug_warn, err, error, info,
|
|
pdu::{self, gen_event_id_canonical_json, PduBuilder},
|
|
result::FlatOk,
|
|
trace,
|
|
utils::{self, shuffle, IterStream, ReadyExt},
|
|
warn, Err, PduEvent, Result,
|
|
};
|
|
use futures::{join, FutureExt, StreamExt};
|
|
use ruma::{
|
|
api::{
|
|
client::{
|
|
error::ErrorKind,
|
|
membership::{
|
|
ban_user, forget_room, get_member_events, invite_user, join_room_by_id,
|
|
join_room_by_id_or_alias,
|
|
joined_members::{self, v3::RoomMember},
|
|
joined_rooms, kick_user, leave_room, unban_user, ThirdPartySigned,
|
|
},
|
|
},
|
|
federation::{self, membership::create_invite},
|
|
},
|
|
canonical_json::to_canonical_value,
|
|
events::{
|
|
room::{
|
|
join_rules::{AllowRule, JoinRule, RoomJoinRulesEventContent},
|
|
member::{MembershipState, RoomMemberEventContent},
|
|
message::RoomMessageEventContent,
|
|
},
|
|
StateEventType,
|
|
},
|
|
state_res, CanonicalJsonObject, CanonicalJsonValue, OwnedRoomId, OwnedServerName,
|
|
OwnedUserId, RoomId, RoomVersionId, ServerName, UserId,
|
|
};
|
|
use service::{
|
|
appservice::RegistrationInfo,
|
|
rooms::{state::RoomMutexGuard, state_compressor::HashSetCompressStateEvent},
|
|
Services,
|
|
};
|
|
|
|
use crate::{client::full_user_deactivate, Ruma};
|
|
|
|
/// Checks if the room is banned in any way possible and the sender user is not
|
|
/// an admin.
|
|
///
|
|
/// Performs automatic deactivation if `auto_deactivate_banned_room_attempts` is
|
|
/// enabled
|
|
#[tracing::instrument(skip(services))]
|
|
async fn banned_room_check(
|
|
services: &Services,
|
|
user_id: &UserId,
|
|
room_id: Option<&RoomId>,
|
|
server_name: Option<&ServerName>,
|
|
client_ip: IpAddr,
|
|
) -> Result {
|
|
if services.users.is_admin(user_id).await {
|
|
return Ok(());
|
|
}
|
|
|
|
if let Some(room_id) = room_id {
|
|
if services.rooms.metadata.is_banned(room_id).await
|
|
|| services
|
|
.globals
|
|
.config
|
|
.forbidden_remote_server_names
|
|
.contains(&room_id.server_name().unwrap().to_owned())
|
|
{
|
|
warn!(
|
|
"User {user_id} who is not an admin attempted to send an invite for or \
|
|
attempted to join a banned room or banned room server name: {room_id}"
|
|
);
|
|
|
|
if services.globals.config.auto_deactivate_banned_room_attempts {
|
|
warn!(
|
|
"Automatically deactivating user {user_id} due to attempted banned room join"
|
|
);
|
|
|
|
if services.globals.config.admin_room_notices {
|
|
services
|
|
.admin
|
|
.send_message(RoomMessageEventContent::text_plain(format!(
|
|
"Automatically deactivating user {user_id} due to attempted banned \
|
|
room join from IP {client_ip}"
|
|
)))
|
|
.await
|
|
.ok();
|
|
}
|
|
|
|
let all_joined_rooms: Vec<OwnedRoomId> = services
|
|
.rooms
|
|
.state_cache
|
|
.rooms_joined(user_id)
|
|
.map(Into::into)
|
|
.collect()
|
|
.await;
|
|
|
|
full_user_deactivate(services, user_id, &all_joined_rooms).await?;
|
|
}
|
|
|
|
return Err!(Request(Forbidden("This room is banned on this homeserver.")));
|
|
}
|
|
} else if let Some(server_name) = server_name {
|
|
if services
|
|
.globals
|
|
.config
|
|
.forbidden_remote_server_names
|
|
.contains(&server_name.to_owned())
|
|
{
|
|
warn!(
|
|
"User {user_id} who is not an admin tried joining a room which has the server \
|
|
name {server_name} that is globally forbidden. Rejecting.",
|
|
);
|
|
|
|
if services.globals.config.auto_deactivate_banned_room_attempts {
|
|
warn!(
|
|
"Automatically deactivating user {user_id} due to attempted banned room join"
|
|
);
|
|
|
|
if services.globals.config.admin_room_notices {
|
|
services
|
|
.admin
|
|
.send_message(RoomMessageEventContent::text_plain(format!(
|
|
"Automatically deactivating user {user_id} due to attempted banned \
|
|
room join from IP {client_ip}"
|
|
)))
|
|
.await
|
|
.ok();
|
|
}
|
|
|
|
let all_joined_rooms: Vec<OwnedRoomId> = services
|
|
.rooms
|
|
.state_cache
|
|
.rooms_joined(user_id)
|
|
.map(Into::into)
|
|
.collect()
|
|
.await;
|
|
|
|
full_user_deactivate(services, user_id, &all_joined_rooms).await?;
|
|
}
|
|
|
|
return Err!(Request(Forbidden("This remote server is banned on this homeserver.")));
|
|
}
|
|
}
|
|
|
|
Ok(())
|
|
}
|
|
|
|
/// # `POST /_matrix/client/r0/rooms/{roomId}/join`
|
|
///
|
|
/// Tries to join the sender user into a room.
|
|
///
|
|
/// - If the server knowns about this room: creates the join event and does auth
|
|
/// rules locally
|
|
/// - If the server does not know about the room: asks other servers over
|
|
/// federation
|
|
#[tracing::instrument(skip_all, fields(%client), name = "join")]
|
|
pub(crate) async fn join_room_by_id_route(
|
|
State(services): State<crate::State>,
|
|
InsecureClientIp(client): InsecureClientIp,
|
|
body: Ruma<join_room_by_id::v3::Request>,
|
|
) -> Result<join_room_by_id::v3::Response> {
|
|
let sender_user = body.sender_user();
|
|
|
|
banned_room_check(
|
|
&services,
|
|
sender_user,
|
|
Some(&body.room_id),
|
|
body.room_id.server_name(),
|
|
client,
|
|
)
|
|
.await?;
|
|
|
|
// There is no body.server_name for /roomId/join
|
|
let mut servers: Vec<_> = services
|
|
.rooms
|
|
.state_cache
|
|
.servers_invite_via(&body.room_id)
|
|
.map(ToOwned::to_owned)
|
|
.collect()
|
|
.await;
|
|
|
|
servers.extend(
|
|
services
|
|
.rooms
|
|
.state_cache
|
|
.invite_state(sender_user, &body.room_id)
|
|
.await
|
|
.unwrap_or_default()
|
|
.iter()
|
|
.filter_map(|event| event.get_field("sender").ok().flatten())
|
|
.filter_map(|sender: &str| UserId::parse(sender).ok())
|
|
.map(|user| user.server_name().to_owned()),
|
|
);
|
|
|
|
if let Some(server) = body.room_id.server_name() {
|
|
servers.push(server.into());
|
|
}
|
|
|
|
servers.sort_unstable();
|
|
servers.dedup();
|
|
shuffle(&mut servers);
|
|
|
|
join_room_by_id_helper(
|
|
&services,
|
|
sender_user,
|
|
&body.room_id,
|
|
body.reason.clone(),
|
|
&servers,
|
|
body.third_party_signed.as_ref(),
|
|
&body.appservice_info,
|
|
)
|
|
.boxed()
|
|
.await
|
|
}
|
|
|
|
/// # `POST /_matrix/client/r0/join/{roomIdOrAlias}`
|
|
///
|
|
/// Tries to join the sender user into a room.
|
|
///
|
|
/// - If the server knowns about this room: creates the join event and does auth
|
|
/// rules locally
|
|
/// - If the server does not know about the room: use the server name query
|
|
/// param if specified. if not specified, asks other servers over federation
|
|
/// via room alias server name and room ID server name
|
|
#[tracing::instrument(skip_all, fields(%client), name = "join")]
|
|
pub(crate) async fn join_room_by_id_or_alias_route(
|
|
State(services): State<crate::State>,
|
|
InsecureClientIp(client): InsecureClientIp,
|
|
body: Ruma<join_room_by_id_or_alias::v3::Request>,
|
|
) -> Result<join_room_by_id_or_alias::v3::Response> {
|
|
let sender_user = body.sender_user.as_deref().expect("user is authenticated");
|
|
let appservice_info = &body.appservice_info;
|
|
let body = body.body;
|
|
|
|
let (servers, room_id) = match OwnedRoomId::try_from(body.room_id_or_alias) {
|
|
| Ok(room_id) => {
|
|
banned_room_check(
|
|
&services,
|
|
sender_user,
|
|
Some(&room_id),
|
|
room_id.server_name(),
|
|
client,
|
|
)
|
|
.await?;
|
|
|
|
let mut servers = body.via.clone();
|
|
servers.extend(
|
|
services
|
|
.rooms
|
|
.state_cache
|
|
.servers_invite_via(&room_id)
|
|
.map(ToOwned::to_owned)
|
|
.collect::<Vec<_>>()
|
|
.await,
|
|
);
|
|
|
|
servers.extend(
|
|
services
|
|
.rooms
|
|
.state_cache
|
|
.invite_state(sender_user, &room_id)
|
|
.await
|
|
.unwrap_or_default()
|
|
.iter()
|
|
.filter_map(|event| event.get_field("sender").ok().flatten())
|
|
.filter_map(|sender: &str| UserId::parse(sender).ok())
|
|
.map(|user| user.server_name().to_owned()),
|
|
);
|
|
|
|
if let Some(server) = room_id.server_name() {
|
|
servers.push(server.to_owned());
|
|
}
|
|
|
|
servers.sort_unstable();
|
|
servers.dedup();
|
|
shuffle(&mut servers);
|
|
|
|
(servers, room_id)
|
|
},
|
|
| Err(room_alias) => {
|
|
let (room_id, mut servers) = services
|
|
.rooms
|
|
.alias
|
|
.resolve_alias(&room_alias, Some(body.via.clone()))
|
|
.await?;
|
|
|
|
banned_room_check(
|
|
&services,
|
|
sender_user,
|
|
Some(&room_id),
|
|
Some(room_alias.server_name()),
|
|
client,
|
|
)
|
|
.await?;
|
|
|
|
let addl_via_servers = services
|
|
.rooms
|
|
.state_cache
|
|
.servers_invite_via(&room_id)
|
|
.map(ToOwned::to_owned);
|
|
|
|
let addl_state_servers = services
|
|
.rooms
|
|
.state_cache
|
|
.invite_state(sender_user, &room_id)
|
|
.await
|
|
.unwrap_or_default();
|
|
|
|
let mut addl_servers: Vec<_> = addl_state_servers
|
|
.iter()
|
|
.map(|event| event.get_field("sender"))
|
|
.filter_map(FlatOk::flat_ok)
|
|
.map(|user: &UserId| user.server_name().to_owned())
|
|
.stream()
|
|
.chain(addl_via_servers)
|
|
.collect()
|
|
.await;
|
|
|
|
addl_servers.sort_unstable();
|
|
addl_servers.dedup();
|
|
shuffle(&mut addl_servers);
|
|
servers.append(&mut addl_servers);
|
|
|
|
(servers, room_id)
|
|
},
|
|
};
|
|
|
|
let join_room_response = join_room_by_id_helper(
|
|
&services,
|
|
sender_user,
|
|
&room_id,
|
|
body.reason.clone(),
|
|
&servers,
|
|
body.third_party_signed.as_ref(),
|
|
appservice_info,
|
|
)
|
|
.boxed()
|
|
.await?;
|
|
|
|
Ok(join_room_by_id_or_alias::v3::Response { room_id: join_room_response.room_id })
|
|
}
|
|
|
|
/// # `POST /_matrix/client/v3/rooms/{roomId}/leave`
|
|
///
|
|
/// Tries to leave the sender user from a room.
|
|
///
|
|
/// - This should always work if the user is currently joined.
|
|
pub(crate) async fn leave_room_route(
|
|
State(services): State<crate::State>,
|
|
body: Ruma<leave_room::v3::Request>,
|
|
) -> Result<leave_room::v3::Response> {
|
|
leave_room(&services, body.sender_user(), &body.room_id, body.reason.clone()).await?;
|
|
|
|
Ok(leave_room::v3::Response::new())
|
|
}
|
|
|
|
/// # `POST /_matrix/client/r0/rooms/{roomId}/invite`
|
|
///
|
|
/// Tries to send an invite event into the room.
|
|
#[tracing::instrument(skip_all, fields(%client), name = "invite")]
|
|
pub(crate) async fn invite_user_route(
|
|
State(services): State<crate::State>,
|
|
InsecureClientIp(client): InsecureClientIp,
|
|
body: Ruma<invite_user::v3::Request>,
|
|
) -> Result<invite_user::v3::Response> {
|
|
let sender_user = body.sender_user();
|
|
|
|
if !services.users.is_admin(sender_user).await && services.globals.block_non_admin_invites() {
|
|
info!(
|
|
"User {sender_user} is not an admin and attempted to send an invite to room {}",
|
|
&body.room_id
|
|
);
|
|
return Err!(Request(Forbidden("Invites are not allowed on this server.")));
|
|
}
|
|
|
|
banned_room_check(
|
|
&services,
|
|
sender_user,
|
|
Some(&body.room_id),
|
|
body.room_id.server_name(),
|
|
client,
|
|
)
|
|
.await?;
|
|
|
|
if let invite_user::v3::InvitationRecipient::UserId { user_id } = &body.recipient {
|
|
let sender_ignored_recipient = services.users.user_is_ignored(sender_user, user_id);
|
|
let recipient_ignored_by_sender = services.users.user_is_ignored(user_id, sender_user);
|
|
|
|
let (sender_ignored_recipient, recipient_ignored_by_sender) =
|
|
join!(sender_ignored_recipient, recipient_ignored_by_sender);
|
|
|
|
if sender_ignored_recipient {
|
|
return Err!(Request(Forbidden(
|
|
"You cannot invite users you have ignored to rooms."
|
|
)));
|
|
}
|
|
|
|
if recipient_ignored_by_sender {
|
|
// silently drop the invite to the recipient if they've been ignored by the
|
|
// sender, pretend it worked
|
|
return Ok(invite_user::v3::Response {});
|
|
}
|
|
|
|
invite_helper(&services, sender_user, user_id, &body.room_id, body.reason.clone(), false)
|
|
.boxed()
|
|
.await?;
|
|
|
|
Ok(invite_user::v3::Response {})
|
|
} else {
|
|
Err!(Request(NotFound("User not found.")))
|
|
}
|
|
}
|
|
|
|
/// # `POST /_matrix/client/r0/rooms/{roomId}/kick`
|
|
///
|
|
/// Tries to send a kick event into the room.
|
|
pub(crate) async fn kick_user_route(
|
|
State(services): State<crate::State>,
|
|
body: Ruma<kick_user::v3::Request>,
|
|
) -> Result<kick_user::v3::Response> {
|
|
let state_lock = services.rooms.state.mutex.lock(&body.room_id).await;
|
|
|
|
let Ok(event) = services
|
|
.rooms
|
|
.state_accessor
|
|
.get_member(&body.room_id, &body.user_id)
|
|
.await
|
|
else {
|
|
// copy synapse's behaviour of returning 200 without any change to the state
|
|
// instead of erroring on left users
|
|
return Ok(kick_user::v3::Response::new());
|
|
};
|
|
|
|
services
|
|
.rooms
|
|
.timeline
|
|
.build_and_append_pdu(
|
|
PduBuilder::state(body.user_id.to_string(), &RoomMemberEventContent {
|
|
membership: MembershipState::Leave,
|
|
reason: body.reason.clone(),
|
|
is_direct: None,
|
|
join_authorized_via_users_server: None,
|
|
third_party_invite: None,
|
|
..event
|
|
}),
|
|
body.sender_user(),
|
|
&body.room_id,
|
|
&state_lock,
|
|
)
|
|
.await?;
|
|
|
|
drop(state_lock);
|
|
|
|
Ok(kick_user::v3::Response::new())
|
|
}
|
|
|
|
/// # `POST /_matrix/client/r0/rooms/{roomId}/ban`
|
|
///
|
|
/// Tries to send a ban event into the room.
|
|
pub(crate) async fn ban_user_route(
|
|
State(services): State<crate::State>,
|
|
body: Ruma<ban_user::v3::Request>,
|
|
) -> Result<ban_user::v3::Response> {
|
|
let sender_user = body.sender_user();
|
|
|
|
if sender_user == body.user_id {
|
|
return Err!(Request(Forbidden("You cannot ban yourself.")));
|
|
}
|
|
|
|
let state_lock = services.rooms.state.mutex.lock(&body.room_id).await;
|
|
|
|
let current_member_content = services
|
|
.rooms
|
|
.state_accessor
|
|
.get_member(&body.room_id, &body.user_id)
|
|
.await
|
|
.unwrap_or_else(|_| RoomMemberEventContent::new(MembershipState::Ban));
|
|
|
|
services
|
|
.rooms
|
|
.timeline
|
|
.build_and_append_pdu(
|
|
PduBuilder::state(body.user_id.to_string(), &RoomMemberEventContent {
|
|
membership: MembershipState::Ban,
|
|
reason: body.reason.clone(),
|
|
displayname: None, // display name may be offensive
|
|
avatar_url: None, // avatar may be offensive
|
|
is_direct: None,
|
|
join_authorized_via_users_server: None,
|
|
third_party_invite: None,
|
|
..current_member_content
|
|
}),
|
|
sender_user,
|
|
&body.room_id,
|
|
&state_lock,
|
|
)
|
|
.await?;
|
|
|
|
drop(state_lock);
|
|
|
|
Ok(ban_user::v3::Response::new())
|
|
}
|
|
|
|
/// # `POST /_matrix/client/r0/rooms/{roomId}/unban`
|
|
///
|
|
/// Tries to send an unban event into the room.
|
|
pub(crate) async fn unban_user_route(
|
|
State(services): State<crate::State>,
|
|
body: Ruma<unban_user::v3::Request>,
|
|
) -> Result<unban_user::v3::Response> {
|
|
let state_lock = services.rooms.state.mutex.lock(&body.room_id).await;
|
|
|
|
let current_member_content = services
|
|
.rooms
|
|
.state_accessor
|
|
.get_member(&body.room_id, &body.user_id)
|
|
.await
|
|
.unwrap_or_else(|_| RoomMemberEventContent::new(MembershipState::Leave));
|
|
|
|
if current_member_content.membership != MembershipState::Ban {
|
|
return Err!(Request(Forbidden(
|
|
"Cannot ban a user who is not banned (current membership: {})",
|
|
current_member_content.membership
|
|
)));
|
|
}
|
|
|
|
services
|
|
.rooms
|
|
.timeline
|
|
.build_and_append_pdu(
|
|
PduBuilder::state(body.user_id.to_string(), &RoomMemberEventContent {
|
|
membership: MembershipState::Leave,
|
|
reason: body.reason.clone(),
|
|
join_authorized_via_users_server: None,
|
|
third_party_invite: None,
|
|
is_direct: None,
|
|
..current_member_content
|
|
}),
|
|
body.sender_user(),
|
|
&body.room_id,
|
|
&state_lock,
|
|
)
|
|
.await?;
|
|
|
|
drop(state_lock);
|
|
|
|
Ok(unban_user::v3::Response::new())
|
|
}
|
|
|
|
/// # `POST /_matrix/client/v3/rooms/{roomId}/forget`
|
|
///
|
|
/// Forgets about a room.
|
|
///
|
|
/// - If the sender user currently left the room: Stops sender user from
|
|
/// receiving information about the room
|
|
///
|
|
/// Note: Other devices of the user have no way of knowing the room was
|
|
/// forgotten, so this has to be called from every device
|
|
pub(crate) async fn forget_room_route(
|
|
State(services): State<crate::State>,
|
|
body: Ruma<forget_room::v3::Request>,
|
|
) -> Result<forget_room::v3::Response> {
|
|
let sender_user = body.sender_user();
|
|
|
|
if services
|
|
.rooms
|
|
.state_cache
|
|
.is_joined(sender_user, &body.room_id)
|
|
.await
|
|
{
|
|
return Err!(Request(Unknown("You must leave the room before forgetting it")));
|
|
}
|
|
|
|
services
|
|
.rooms
|
|
.state_cache
|
|
.forget(&body.room_id, sender_user);
|
|
|
|
Ok(forget_room::v3::Response::new())
|
|
}
|
|
|
|
/// # `POST /_matrix/client/r0/joined_rooms`
|
|
///
|
|
/// Lists all rooms the user has joined.
|
|
pub(crate) async fn joined_rooms_route(
|
|
State(services): State<crate::State>,
|
|
body: Ruma<joined_rooms::v3::Request>,
|
|
) -> Result<joined_rooms::v3::Response> {
|
|
Ok(joined_rooms::v3::Response {
|
|
joined_rooms: services
|
|
.rooms
|
|
.state_cache
|
|
.rooms_joined(body.sender_user())
|
|
.map(ToOwned::to_owned)
|
|
.collect()
|
|
.await,
|
|
})
|
|
}
|
|
|
|
/// # `POST /_matrix/client/r0/rooms/{roomId}/members`
|
|
///
|
|
/// Lists all joined users in a room (TODO: at a specific point in time, with a
|
|
/// specific membership).
|
|
///
|
|
/// - Only works if the user is currently joined
|
|
pub(crate) async fn get_member_events_route(
|
|
State(services): State<crate::State>,
|
|
body: Ruma<get_member_events::v3::Request>,
|
|
) -> Result<get_member_events::v3::Response> {
|
|
let sender_user = body.sender_user();
|
|
|
|
if !services
|
|
.rooms
|
|
.state_accessor
|
|
.user_can_see_state_events(sender_user, &body.room_id)
|
|
.await
|
|
{
|
|
return Err!(Request(Forbidden("You don't have permission to view this room.")));
|
|
}
|
|
|
|
Ok(get_member_events::v3::Response {
|
|
chunk: services
|
|
.rooms
|
|
.state_accessor
|
|
.room_state_full(&body.room_id)
|
|
.await?
|
|
.iter()
|
|
.filter(|(key, _)| key.0 == StateEventType::RoomMember)
|
|
.map(|(_, pdu)| pdu.to_member_event())
|
|
.collect(),
|
|
})
|
|
}
|
|
|
|
/// # `POST /_matrix/client/r0/rooms/{roomId}/joined_members`
|
|
///
|
|
/// Lists all members of a room.
|
|
///
|
|
/// - The sender user must be in the room
|
|
/// - TODO: An appservice just needs a puppet joined
|
|
pub(crate) async fn joined_members_route(
|
|
State(services): State<crate::State>,
|
|
body: Ruma<joined_members::v3::Request>,
|
|
) -> Result<joined_members::v3::Response> {
|
|
let sender_user = body.sender_user();
|
|
|
|
if !services
|
|
.rooms
|
|
.state_accessor
|
|
.user_can_see_state_events(sender_user, &body.room_id)
|
|
.await
|
|
{
|
|
return Err!(Request(Forbidden("You don't have permission to view this room.")));
|
|
}
|
|
|
|
let joined: BTreeMap<OwnedUserId, RoomMember> = services
|
|
.rooms
|
|
.state_cache
|
|
.room_members(&body.room_id)
|
|
.map(ToOwned::to_owned)
|
|
.then(|user| async move {
|
|
(user.clone(), RoomMember {
|
|
display_name: services.users.displayname(&user).await.ok(),
|
|
avatar_url: services.users.avatar_url(&user).await.ok(),
|
|
})
|
|
})
|
|
.collect()
|
|
.await;
|
|
|
|
Ok(joined_members::v3::Response { joined })
|
|
}
|
|
|
|
pub async fn join_room_by_id_helper(
|
|
services: &Services,
|
|
sender_user: &UserId,
|
|
room_id: &RoomId,
|
|
reason: Option<String>,
|
|
servers: &[OwnedServerName],
|
|
third_party_signed: Option<&ThirdPartySigned>,
|
|
appservice_info: &Option<RegistrationInfo>,
|
|
) -> Result<join_room_by_id::v3::Response> {
|
|
let state_lock = services.rooms.state.mutex.lock(room_id).await;
|
|
|
|
let user_is_guest = services
|
|
.users
|
|
.is_deactivated(sender_user)
|
|
.await
|
|
.unwrap_or(false)
|
|
&& appservice_info.is_none();
|
|
|
|
if user_is_guest && !services.rooms.state_accessor.guest_can_join(room_id).await {
|
|
return Err!(Request(Forbidden("Guests are not allowed to join this room")));
|
|
}
|
|
|
|
if services
|
|
.rooms
|
|
.state_cache
|
|
.is_joined(sender_user, room_id)
|
|
.await
|
|
{
|
|
debug_warn!("{sender_user} is already joined in {room_id}");
|
|
return Ok(join_room_by_id::v3::Response { room_id: room_id.into() });
|
|
}
|
|
|
|
if let Ok(membership) = services
|
|
.rooms
|
|
.state_accessor
|
|
.get_member(room_id, sender_user)
|
|
.await
|
|
{
|
|
if membership.membership == MembershipState::Ban {
|
|
debug_warn!("{sender_user} is banned from {room_id} but attempted to join");
|
|
return Err!(Request(Forbidden("You are banned from the room.")));
|
|
}
|
|
}
|
|
|
|
let server_in_room = services
|
|
.rooms
|
|
.state_cache
|
|
.server_in_room(services.globals.server_name(), room_id)
|
|
.await;
|
|
|
|
let local_join = server_in_room
|
|
|| servers.is_empty()
|
|
|| (servers.len() == 1 && services.globals.server_is_ours(&servers[0]));
|
|
|
|
if local_join {
|
|
join_room_by_id_helper_local(
|
|
services,
|
|
sender_user,
|
|
room_id,
|
|
reason,
|
|
servers,
|
|
third_party_signed,
|
|
state_lock,
|
|
)
|
|
.boxed()
|
|
.await?;
|
|
} else {
|
|
// Ask a remote server if we are not participating in this room
|
|
join_room_by_id_helper_remote(
|
|
services,
|
|
sender_user,
|
|
room_id,
|
|
reason,
|
|
servers,
|
|
third_party_signed,
|
|
state_lock,
|
|
)
|
|
.boxed()
|
|
.await?;
|
|
}
|
|
|
|
Ok(join_room_by_id::v3::Response::new(room_id.to_owned()))
|
|
}
|
|
|
|
#[tracing::instrument(skip_all, fields(%sender_user, %room_id), name = "join_remote")]
|
|
async fn join_room_by_id_helper_remote(
|
|
services: &Services,
|
|
sender_user: &UserId,
|
|
room_id: &RoomId,
|
|
reason: Option<String>,
|
|
servers: &[OwnedServerName],
|
|
_third_party_signed: Option<&ThirdPartySigned>,
|
|
state_lock: RoomMutexGuard,
|
|
) -> Result {
|
|
info!("Joining {room_id} over federation.");
|
|
|
|
let (make_join_response, remote_server) =
|
|
make_join_request(services, sender_user, room_id, servers).await?;
|
|
|
|
info!("make_join finished");
|
|
|
|
let Some(room_version_id) = make_join_response.room_version else {
|
|
return Err!(BadServerResponse("Remote room version is not supported by conduwuit"));
|
|
};
|
|
|
|
if !services.server.supported_room_version(&room_version_id) {
|
|
return Err!(BadServerResponse(
|
|
"Remote room version {room_version_id} is not supported by conduwuit"
|
|
));
|
|
}
|
|
|
|
let mut join_event_stub: CanonicalJsonObject =
|
|
serde_json::from_str(make_join_response.event.get()).map_err(|e| {
|
|
err!(BadServerResponse(warn!(
|
|
"Invalid make_join event json received from server: {e:?}"
|
|
)))
|
|
})?;
|
|
|
|
let join_authorized_via_users_server = {
|
|
use RoomVersionId::*;
|
|
if !matches!(room_version_id, V1 | V2 | V3 | V4 | V5 | V6 | V7) {
|
|
join_event_stub
|
|
.get("content")
|
|
.map(|s| {
|
|
s.as_object()?
|
|
.get("join_authorised_via_users_server")?
|
|
.as_str()
|
|
})
|
|
.and_then(|s| OwnedUserId::try_from(s.unwrap_or_default()).ok())
|
|
} else {
|
|
None
|
|
}
|
|
};
|
|
|
|
join_event_stub.insert(
|
|
"origin".to_owned(),
|
|
CanonicalJsonValue::String(services.globals.server_name().as_str().to_owned()),
|
|
);
|
|
join_event_stub.insert(
|
|
"origin_server_ts".to_owned(),
|
|
CanonicalJsonValue::Integer(
|
|
utils::millis_since_unix_epoch()
|
|
.try_into()
|
|
.expect("Timestamp is valid js_int value"),
|
|
),
|
|
);
|
|
join_event_stub.insert(
|
|
"content".to_owned(),
|
|
to_canonical_value(RoomMemberEventContent {
|
|
displayname: services.users.displayname(sender_user).await.ok(),
|
|
avatar_url: services.users.avatar_url(sender_user).await.ok(),
|
|
blurhash: services.users.blurhash(sender_user).await.ok(),
|
|
reason,
|
|
join_authorized_via_users_server: join_authorized_via_users_server.clone(),
|
|
..RoomMemberEventContent::new(MembershipState::Join)
|
|
})
|
|
.expect("event is valid, we just created it"),
|
|
);
|
|
|
|
// We keep the "event_id" in the pdu only in v1 or
|
|
// v2 rooms
|
|
match room_version_id {
|
|
| RoomVersionId::V1 | RoomVersionId::V2 => {},
|
|
| _ => {
|
|
join_event_stub.remove("event_id");
|
|
},
|
|
};
|
|
|
|
// In order to create a compatible ref hash (EventID) the `hashes` field needs
|
|
// to be present
|
|
services
|
|
.server_keys
|
|
.hash_and_sign_event(&mut join_event_stub, &room_version_id)?;
|
|
|
|
// Generate event id
|
|
let event_id = pdu::gen_event_id(&join_event_stub, &room_version_id)?;
|
|
|
|
// Add event_id back
|
|
join_event_stub
|
|
.insert("event_id".to_owned(), CanonicalJsonValue::String(event_id.clone().into()));
|
|
|
|
// It has enough fields to be called a proper event now
|
|
let mut join_event = join_event_stub;
|
|
|
|
info!("Asking {remote_server} for send_join in room {room_id}");
|
|
let send_join_request = federation::membership::create_join_event::v2::Request {
|
|
room_id: room_id.to_owned(),
|
|
event_id: event_id.clone(),
|
|
omit_members: false,
|
|
pdu: services
|
|
.sending
|
|
.convert_to_outgoing_federation_event(join_event.clone())
|
|
.await,
|
|
};
|
|
|
|
let send_join_response = services
|
|
.sending
|
|
.send_synapse_request(&remote_server, send_join_request)
|
|
.await?;
|
|
|
|
info!("send_join finished");
|
|
|
|
if join_authorized_via_users_server.is_some() {
|
|
if let Some(signed_raw) = &send_join_response.room_state.event {
|
|
debug_info!(
|
|
"There is a signed event with join_authorized_via_users_server. This room is \
|
|
probably using restricted joins. Adding signature to our event"
|
|
);
|
|
|
|
let (signed_event_id, signed_value) =
|
|
gen_event_id_canonical_json(signed_raw, &room_version_id).map_err(|e| {
|
|
err!(Request(BadJson(warn!(
|
|
"Could not convert event to canonical JSON: {e}"
|
|
))))
|
|
})?;
|
|
|
|
if signed_event_id != event_id {
|
|
return Err!(Request(BadJson(
|
|
warn!(%signed_event_id, %event_id, "Server {remote_server} sent event with wrong event ID")
|
|
)));
|
|
}
|
|
|
|
match signed_value["signatures"]
|
|
.as_object()
|
|
.ok_or_else(|| {
|
|
err!(BadServerResponse(warn!(
|
|
"Server {remote_server} sent invalid signatures type"
|
|
)))
|
|
})
|
|
.and_then(|e| {
|
|
e.get(remote_server.as_str()).ok_or_else(|| {
|
|
err!(BadServerResponse(warn!(
|
|
"Server {remote_server} did not send its signature for a restricted \
|
|
room"
|
|
)))
|
|
})
|
|
}) {
|
|
| Ok(signature) => {
|
|
join_event
|
|
.get_mut("signatures")
|
|
.expect("we created a valid pdu")
|
|
.as_object_mut()
|
|
.expect("we created a valid pdu")
|
|
.insert(remote_server.to_string(), signature.clone());
|
|
},
|
|
| Err(e) => {
|
|
warn!(
|
|
"Server {remote_server} sent invalid signature in send_join signatures \
|
|
for event {signed_value:?}: {e:?}",
|
|
);
|
|
},
|
|
}
|
|
}
|
|
}
|
|
|
|
services
|
|
.rooms
|
|
.short
|
|
.get_or_create_shortroomid(room_id)
|
|
.await;
|
|
|
|
info!("Parsing join event");
|
|
let parsed_join_pdu = PduEvent::from_id_val(&event_id, join_event.clone())
|
|
.map_err(|e| err!(BadServerResponse("Invalid join event PDU: {e:?}")))?;
|
|
|
|
info!("Acquiring server signing keys for response events");
|
|
let resp_events = &send_join_response.room_state;
|
|
let resp_state = &resp_events.state;
|
|
let resp_auth = &resp_events.auth_chain;
|
|
services
|
|
.server_keys
|
|
.acquire_events_pubkeys(resp_auth.iter().chain(resp_state.iter()))
|
|
.await;
|
|
|
|
info!("Going through send_join response room_state");
|
|
let cork = services.db.cork_and_flush();
|
|
let state = send_join_response
|
|
.room_state
|
|
.state
|
|
.iter()
|
|
.stream()
|
|
.then(|pdu| {
|
|
services
|
|
.server_keys
|
|
.validate_and_add_event_id_no_fetch(pdu, &room_version_id)
|
|
})
|
|
.ready_filter_map(Result::ok)
|
|
.fold(HashMap::new(), |mut state, (event_id, value)| async move {
|
|
let pdu = match PduEvent::from_id_val(&event_id, value.clone()) {
|
|
| Ok(pdu) => pdu,
|
|
| Err(e) => {
|
|
debug_warn!("Invalid PDU in send_join response: {e:?}: {value:#?}");
|
|
return state;
|
|
},
|
|
};
|
|
|
|
services.rooms.outlier.add_pdu_outlier(&event_id, &value);
|
|
if let Some(state_key) = &pdu.state_key {
|
|
let shortstatekey = services
|
|
.rooms
|
|
.short
|
|
.get_or_create_shortstatekey(&pdu.kind.to_string().into(), state_key)
|
|
.await;
|
|
|
|
state.insert(shortstatekey, pdu.event_id.clone());
|
|
}
|
|
|
|
state
|
|
})
|
|
.await;
|
|
|
|
drop(cork);
|
|
|
|
info!("Going through send_join response auth_chain");
|
|
let cork = services.db.cork_and_flush();
|
|
send_join_response
|
|
.room_state
|
|
.auth_chain
|
|
.iter()
|
|
.stream()
|
|
.then(|pdu| {
|
|
services
|
|
.server_keys
|
|
.validate_and_add_event_id_no_fetch(pdu, &room_version_id)
|
|
})
|
|
.ready_filter_map(Result::ok)
|
|
.ready_for_each(|(event_id, value)| {
|
|
services.rooms.outlier.add_pdu_outlier(&event_id, &value);
|
|
})
|
|
.await;
|
|
|
|
drop(cork);
|
|
|
|
debug!("Running send_join auth check");
|
|
let fetch_state = &state;
|
|
let state_fetch = |k: &'static StateEventType, s: String| async move {
|
|
let shortstatekey = services.rooms.short.get_shortstatekey(k, &s).await.ok()?;
|
|
|
|
let event_id = fetch_state.get(&shortstatekey)?;
|
|
services.rooms.timeline.get_pdu(event_id).await.ok()
|
|
};
|
|
|
|
let auth_check = state_res::event_auth::auth_check(
|
|
&state_res::RoomVersion::new(&room_version_id).expect("room version is supported"),
|
|
&parsed_join_pdu,
|
|
None, // TODO: third party invite
|
|
|k, s| state_fetch(k, s.to_owned()),
|
|
)
|
|
.await
|
|
.map_err(|e| err!(Request(Forbidden(warn!("Auth check failed: {e:?}")))))?;
|
|
|
|
if !auth_check {
|
|
return Err!(Request(Forbidden("Auth check failed")));
|
|
}
|
|
|
|
info!("Compressing state from send_join");
|
|
let compressed = state
|
|
.iter()
|
|
.stream()
|
|
.then(|(&k, id)| services.rooms.state_compressor.compress_state_event(k, id))
|
|
.collect()
|
|
.await;
|
|
|
|
debug!("Saving compressed state");
|
|
let HashSetCompressStateEvent {
|
|
shortstatehash: statehash_before_join,
|
|
added,
|
|
removed,
|
|
} = services
|
|
.rooms
|
|
.state_compressor
|
|
.save_state(room_id, Arc::new(compressed))
|
|
.await?;
|
|
|
|
debug!("Forcing state for new room");
|
|
services
|
|
.rooms
|
|
.state
|
|
.force_state(room_id, statehash_before_join, added, removed, &state_lock)
|
|
.await?;
|
|
|
|
info!("Updating joined counts for new room");
|
|
services
|
|
.rooms
|
|
.state_cache
|
|
.update_joined_count(room_id)
|
|
.await;
|
|
|
|
// We append to state before appending the pdu, so we don't have a moment in
|
|
// time with the pdu without it's state. This is okay because append_pdu can't
|
|
// fail.
|
|
let statehash_after_join = services
|
|
.rooms
|
|
.state
|
|
.append_to_state(&parsed_join_pdu)
|
|
.await?;
|
|
|
|
info!("Appending new room join event");
|
|
services
|
|
.rooms
|
|
.timeline
|
|
.append_pdu(
|
|
&parsed_join_pdu,
|
|
join_event,
|
|
vec![(*parsed_join_pdu.event_id).to_owned()],
|
|
&state_lock,
|
|
)
|
|
.await?;
|
|
|
|
info!("Setting final room state for new room");
|
|
// We set the room state after inserting the pdu, so that we never have a moment
|
|
// in time where events in the current room state do not exist
|
|
services
|
|
.rooms
|
|
.state
|
|
.set_room_state(room_id, statehash_after_join, &state_lock);
|
|
|
|
Ok(())
|
|
}
|
|
|
|
#[tracing::instrument(skip_all, fields(%sender_user, %room_id), name = "join_local")]
|
|
async fn join_room_by_id_helper_local(
|
|
services: &Services,
|
|
sender_user: &UserId,
|
|
room_id: &RoomId,
|
|
reason: Option<String>,
|
|
servers: &[OwnedServerName],
|
|
_third_party_signed: Option<&ThirdPartySigned>,
|
|
state_lock: RoomMutexGuard,
|
|
) -> Result {
|
|
debug_info!("We can join locally");
|
|
|
|
let join_rules_event_content = services
|
|
.rooms
|
|
.state_accessor
|
|
.room_state_get_content::<RoomJoinRulesEventContent>(
|
|
room_id,
|
|
&StateEventType::RoomJoinRules,
|
|
"",
|
|
)
|
|
.await;
|
|
|
|
let restriction_rooms = match join_rules_event_content {
|
|
| Ok(RoomJoinRulesEventContent {
|
|
join_rule: JoinRule::Restricted(restricted) | JoinRule::KnockRestricted(restricted),
|
|
}) => restricted
|
|
.allow
|
|
.into_iter()
|
|
.filter_map(|a| match a {
|
|
| AllowRule::RoomMembership(r) => Some(r.room_id),
|
|
| _ => None,
|
|
})
|
|
.collect(),
|
|
| _ => Vec::new(),
|
|
};
|
|
|
|
let join_authorized_via_users_server: Option<OwnedUserId> = {
|
|
if restriction_rooms
|
|
.iter()
|
|
.stream()
|
|
.any(|restriction_room_id| {
|
|
services
|
|
.rooms
|
|
.state_cache
|
|
.is_joined(sender_user, restriction_room_id)
|
|
})
|
|
.await
|
|
{
|
|
services
|
|
.rooms
|
|
.state_cache
|
|
.local_users_in_room(room_id)
|
|
.filter(|user| {
|
|
services.rooms.state_accessor.user_can_invite(
|
|
room_id,
|
|
user,
|
|
sender_user,
|
|
&state_lock,
|
|
)
|
|
})
|
|
.boxed()
|
|
.next()
|
|
.await
|
|
.map(ToOwned::to_owned)
|
|
} else {
|
|
None
|
|
}
|
|
};
|
|
|
|
let content = RoomMemberEventContent {
|
|
displayname: services.users.displayname(sender_user).await.ok(),
|
|
avatar_url: services.users.avatar_url(sender_user).await.ok(),
|
|
blurhash: services.users.blurhash(sender_user).await.ok(),
|
|
reason: reason.clone(),
|
|
join_authorized_via_users_server,
|
|
..RoomMemberEventContent::new(MembershipState::Join)
|
|
};
|
|
|
|
// Try normal join first
|
|
let Err(error) = services
|
|
.rooms
|
|
.timeline
|
|
.build_and_append_pdu(
|
|
PduBuilder::state(sender_user.to_string(), &content),
|
|
sender_user,
|
|
room_id,
|
|
&state_lock,
|
|
)
|
|
.await
|
|
else {
|
|
return Ok(());
|
|
};
|
|
|
|
if restriction_rooms.is_empty()
|
|
&& (servers.is_empty()
|
|
|| servers.len() == 1 && services.globals.server_is_ours(&servers[0]))
|
|
{
|
|
return Err(error);
|
|
}
|
|
|
|
warn!(
|
|
"We couldn't do the join locally, maybe federation can help to satisfy the restricted \
|
|
join requirements"
|
|
);
|
|
let Ok((make_join_response, remote_server)) =
|
|
make_join_request(services, sender_user, room_id, servers).await
|
|
else {
|
|
return Err(error);
|
|
};
|
|
|
|
let Some(room_version_id) = make_join_response.room_version else {
|
|
return Err!(BadServerResponse("Remote room version is not supported by conduwuit"));
|
|
};
|
|
|
|
if !services.server.supported_room_version(&room_version_id) {
|
|
return Err!(BadServerResponse(
|
|
"Remote room version {room_version_id} is not supported by conduwuit"
|
|
));
|
|
}
|
|
|
|
let mut join_event_stub: CanonicalJsonObject =
|
|
serde_json::from_str(make_join_response.event.get()).map_err(|e| {
|
|
err!(BadServerResponse("Invalid make_join event json received from server: {e:?}"))
|
|
})?;
|
|
|
|
let join_authorized_via_users_server = join_event_stub
|
|
.get("content")
|
|
.map(|s| {
|
|
s.as_object()?
|
|
.get("join_authorised_via_users_server")?
|
|
.as_str()
|
|
})
|
|
.and_then(|s| OwnedUserId::try_from(s.unwrap_or_default()).ok());
|
|
|
|
join_event_stub.insert(
|
|
"origin".to_owned(),
|
|
CanonicalJsonValue::String(services.globals.server_name().as_str().to_owned()),
|
|
);
|
|
join_event_stub.insert(
|
|
"origin_server_ts".to_owned(),
|
|
CanonicalJsonValue::Integer(
|
|
utils::millis_since_unix_epoch()
|
|
.try_into()
|
|
.expect("Timestamp is valid js_int value"),
|
|
),
|
|
);
|
|
join_event_stub.insert(
|
|
"content".to_owned(),
|
|
to_canonical_value(RoomMemberEventContent {
|
|
displayname: services.users.displayname(sender_user).await.ok(),
|
|
avatar_url: services.users.avatar_url(sender_user).await.ok(),
|
|
blurhash: services.users.blurhash(sender_user).await.ok(),
|
|
reason,
|
|
join_authorized_via_users_server,
|
|
..RoomMemberEventContent::new(MembershipState::Join)
|
|
})
|
|
.expect("event is valid, we just created it"),
|
|
);
|
|
|
|
// We keep the "event_id" in the pdu only in v1 or
|
|
// v2 rooms
|
|
match room_version_id {
|
|
| RoomVersionId::V1 | RoomVersionId::V2 => {},
|
|
| _ => {
|
|
join_event_stub.remove("event_id");
|
|
},
|
|
};
|
|
|
|
// In order to create a compatible ref hash (EventID) the `hashes` field needs
|
|
// to be present
|
|
services
|
|
.server_keys
|
|
.hash_and_sign_event(&mut join_event_stub, &room_version_id)?;
|
|
|
|
// Generate event id
|
|
let event_id = pdu::gen_event_id(&join_event_stub, &room_version_id)?;
|
|
|
|
// Add event_id back
|
|
join_event_stub
|
|
.insert("event_id".to_owned(), CanonicalJsonValue::String(event_id.clone().into()));
|
|
|
|
// It has enough fields to be called a proper event now
|
|
let join_event = join_event_stub;
|
|
|
|
let send_join_response = services
|
|
.sending
|
|
.send_synapse_request(
|
|
&remote_server,
|
|
federation::membership::create_join_event::v2::Request {
|
|
room_id: room_id.to_owned(),
|
|
event_id: event_id.clone(),
|
|
omit_members: false,
|
|
pdu: services
|
|
.sending
|
|
.convert_to_outgoing_federation_event(join_event.clone())
|
|
.await,
|
|
},
|
|
)
|
|
.await?;
|
|
|
|
if let Some(signed_raw) = send_join_response.room_state.event {
|
|
let (signed_event_id, signed_value) =
|
|
gen_event_id_canonical_json(&signed_raw, &room_version_id).map_err(|e| {
|
|
err!(Request(BadJson(warn!("Could not convert event to canonical JSON: {e}"))))
|
|
})?;
|
|
|
|
if signed_event_id != event_id {
|
|
return Err!(Request(BadJson(
|
|
warn!(%signed_event_id, %event_id, "Server {remote_server} sent event with wrong event ID")
|
|
)));
|
|
}
|
|
|
|
drop(state_lock);
|
|
services
|
|
.rooms
|
|
.event_handler
|
|
.handle_incoming_pdu(&remote_server, room_id, &signed_event_id, signed_value, true)
|
|
.await?;
|
|
} else {
|
|
return Err(error);
|
|
}
|
|
|
|
Ok(())
|
|
}
|
|
|
|
async fn make_join_request(
|
|
services: &Services,
|
|
sender_user: &UserId,
|
|
room_id: &RoomId,
|
|
servers: &[OwnedServerName],
|
|
) -> Result<(federation::membership::prepare_join_event::v1::Response, OwnedServerName)> {
|
|
let mut make_join_response_and_server =
|
|
Err!(BadServerResponse("No server available to assist in joining."));
|
|
|
|
let mut make_join_counter: usize = 0;
|
|
let mut incompatible_room_version_count: usize = 0;
|
|
|
|
for remote_server in servers {
|
|
if services.globals.server_is_ours(remote_server) {
|
|
continue;
|
|
}
|
|
info!("Asking {remote_server} for make_join ({make_join_counter})");
|
|
let make_join_response = services
|
|
.sending
|
|
.send_federation_request(
|
|
remote_server,
|
|
federation::membership::prepare_join_event::v1::Request {
|
|
room_id: room_id.to_owned(),
|
|
user_id: sender_user.to_owned(),
|
|
ver: services.server.supported_room_versions().collect(),
|
|
},
|
|
)
|
|
.await;
|
|
|
|
trace!("make_join response: {:?}", make_join_response);
|
|
make_join_counter = make_join_counter.saturating_add(1);
|
|
|
|
if let Err(ref e) = make_join_response {
|
|
if matches!(
|
|
e.kind(),
|
|
ErrorKind::IncompatibleRoomVersion { .. } | ErrorKind::UnsupportedRoomVersion
|
|
) {
|
|
incompatible_room_version_count =
|
|
incompatible_room_version_count.saturating_add(1);
|
|
}
|
|
|
|
if incompatible_room_version_count > 15 {
|
|
info!(
|
|
"15 servers have responded with M_INCOMPATIBLE_ROOM_VERSION or \
|
|
M_UNSUPPORTED_ROOM_VERSION, assuming that conduwuit does not support the \
|
|
room version {room_id}: {e}"
|
|
);
|
|
make_join_response_and_server =
|
|
Err!(BadServerResponse("Room version is not supported by Conduwuit"));
|
|
return make_join_response_and_server;
|
|
}
|
|
|
|
if make_join_counter > 40 {
|
|
warn!(
|
|
"40 servers failed to provide valid make_join response, assuming no server \
|
|
can assist in joining."
|
|
);
|
|
make_join_response_and_server =
|
|
Err!(BadServerResponse("No server available to assist in joining."));
|
|
return make_join_response_and_server;
|
|
}
|
|
}
|
|
|
|
make_join_response_and_server = make_join_response.map(|r| (r, remote_server.clone()));
|
|
|
|
if make_join_response_and_server.is_ok() {
|
|
break;
|
|
}
|
|
}
|
|
|
|
make_join_response_and_server
|
|
}
|
|
|
|
pub(crate) async fn invite_helper(
|
|
services: &Services,
|
|
sender_user: &UserId,
|
|
user_id: &UserId,
|
|
room_id: &RoomId,
|
|
reason: Option<String>,
|
|
is_direct: bool,
|
|
) -> Result {
|
|
if !services.users.is_admin(sender_user).await && services.globals.block_non_admin_invites() {
|
|
info!(
|
|
"User {sender_user} is not an admin and attempted to send an invite to room \
|
|
{room_id}"
|
|
);
|
|
return Err!(Request(Forbidden("Invites are not allowed on this server.")));
|
|
}
|
|
|
|
if !services.globals.user_is_local(user_id) {
|
|
let (pdu, pdu_json, invite_room_state) = {
|
|
let state_lock = services.rooms.state.mutex.lock(room_id).await;
|
|
|
|
let content = RoomMemberEventContent {
|
|
avatar_url: services.users.avatar_url(user_id).await.ok(),
|
|
is_direct: Some(is_direct),
|
|
reason,
|
|
..RoomMemberEventContent::new(MembershipState::Invite)
|
|
};
|
|
|
|
let (pdu, pdu_json) = services
|
|
.rooms
|
|
.timeline
|
|
.create_hash_and_sign_event(
|
|
PduBuilder::state(user_id.to_string(), &content),
|
|
sender_user,
|
|
room_id,
|
|
&state_lock,
|
|
)
|
|
.await?;
|
|
|
|
let invite_room_state = services.rooms.state.summary_stripped(&pdu).await;
|
|
|
|
drop(state_lock);
|
|
|
|
(pdu, pdu_json, invite_room_state)
|
|
};
|
|
|
|
let room_version_id = services.rooms.state.get_room_version(room_id).await?;
|
|
|
|
let response = services
|
|
.sending
|
|
.send_federation_request(user_id.server_name(), create_invite::v2::Request {
|
|
room_id: room_id.to_owned(),
|
|
event_id: (*pdu.event_id).to_owned(),
|
|
room_version: room_version_id.clone(),
|
|
event: services
|
|
.sending
|
|
.convert_to_outgoing_federation_event(pdu_json.clone())
|
|
.await,
|
|
invite_room_state,
|
|
via: services
|
|
.rooms
|
|
.state_cache
|
|
.servers_route_via(room_id)
|
|
.await
|
|
.ok(),
|
|
})
|
|
.await?;
|
|
|
|
// We do not add the event_id field to the pdu here because of signature and
|
|
// hashes checks
|
|
let (event_id, value) = gen_event_id_canonical_json(&response.event, &room_version_id)
|
|
.map_err(|e| {
|
|
err!(Request(BadJson(warn!("Could not convert event to canonical JSON: {e}"))))
|
|
})?;
|
|
|
|
if pdu.event_id != event_id {
|
|
return Err!(Request(BadJson(
|
|
warn!(%pdu.event_id, %event_id, "Server {} sent event with wrong event ID", user_id.server_name())
|
|
)));
|
|
}
|
|
|
|
let origin: OwnedServerName = serde_json::from_value(
|
|
serde_json::to_value(
|
|
value
|
|
.get("origin")
|
|
.ok_or_else(|| err!(Request(BadJson("Event missing origin field."))))?,
|
|
)
|
|
.expect("CanonicalJson is valid json value"),
|
|
)
|
|
.map_err(|e| {
|
|
err!(Request(BadJson(warn!("Origin field in event is not a valid server name: {e}"))))
|
|
})?;
|
|
|
|
let pdu_id = services
|
|
.rooms
|
|
.event_handler
|
|
.handle_incoming_pdu(&origin, room_id, &event_id, value, true)
|
|
.await?
|
|
.ok_or_else(|| {
|
|
err!(Request(InvalidParam("Could not accept incoming PDU as timeline event.")))
|
|
})?;
|
|
|
|
return services.sending.send_pdu_room(room_id, &pdu_id).await;
|
|
}
|
|
|
|
if !services
|
|
.rooms
|
|
.state_cache
|
|
.is_joined(sender_user, room_id)
|
|
.await
|
|
{
|
|
return Err!(Request(Forbidden(
|
|
"You must be joined in the room you are trying to invite from."
|
|
)));
|
|
}
|
|
|
|
let state_lock = services.rooms.state.mutex.lock(room_id).await;
|
|
|
|
let content = RoomMemberEventContent {
|
|
displayname: services.users.displayname(user_id).await.ok(),
|
|
avatar_url: services.users.avatar_url(user_id).await.ok(),
|
|
blurhash: services.users.blurhash(user_id).await.ok(),
|
|
is_direct: Some(is_direct),
|
|
reason,
|
|
..RoomMemberEventContent::new(MembershipState::Invite)
|
|
};
|
|
|
|
services
|
|
.rooms
|
|
.timeline
|
|
.build_and_append_pdu(
|
|
PduBuilder::state(user_id.to_string(), &content),
|
|
sender_user,
|
|
room_id,
|
|
&state_lock,
|
|
)
|
|
.await?;
|
|
|
|
drop(state_lock);
|
|
|
|
Ok(())
|
|
}
|
|
|
|
// Make a user leave all their joined rooms, forgets all rooms, and ignores
|
|
// errors
|
|
pub async fn leave_all_rooms(services: &Services, user_id: &UserId) {
|
|
let rooms_joined = services
|
|
.rooms
|
|
.state_cache
|
|
.rooms_joined(user_id)
|
|
.map(ToOwned::to_owned);
|
|
|
|
let rooms_invited = services
|
|
.rooms
|
|
.state_cache
|
|
.rooms_invited(user_id)
|
|
.map(|(r, _)| r);
|
|
|
|
let all_rooms: Vec<_> = rooms_joined.chain(rooms_invited).collect().await;
|
|
|
|
for room_id in all_rooms {
|
|
// ignore errors
|
|
if let Err(e) = leave_room(services, user_id, &room_id, None).await {
|
|
warn!(%room_id, %user_id, %e, "Failed to leave room");
|
|
}
|
|
|
|
services.rooms.state_cache.forget(&room_id, user_id);
|
|
}
|
|
}
|
|
|
|
pub async fn leave_room(
|
|
services: &Services,
|
|
user_id: &UserId,
|
|
room_id: &RoomId,
|
|
reason: Option<String>,
|
|
) -> Result<()> {
|
|
//use conduwuit::utils::stream::OptionStream;
|
|
use futures::TryFutureExt;
|
|
|
|
// Ask a remote server if we don't have this room
|
|
if !services
|
|
.rooms
|
|
.state_cache
|
|
.server_in_room(services.globals.server_name(), room_id)
|
|
.await
|
|
{
|
|
if let Err(e) = remote_leave_room(services, user_id, room_id).await {
|
|
warn!(%user_id, "Failed to leave room {room_id} remotely: {e}");
|
|
// Don't tell the client about this error
|
|
}
|
|
|
|
let last_state = services
|
|
.rooms
|
|
.state_cache
|
|
.invite_state(user_id, room_id)
|
|
.map_err(|_| services.rooms.state_cache.left_state(user_id, room_id))
|
|
.await
|
|
.ok();
|
|
|
|
// We always drop the invite, we can't rely on other servers
|
|
services
|
|
.rooms
|
|
.state_cache
|
|
.update_membership(
|
|
room_id,
|
|
user_id,
|
|
RoomMemberEventContent::new(MembershipState::Leave),
|
|
user_id,
|
|
last_state,
|
|
None,
|
|
true,
|
|
)
|
|
.await?;
|
|
} else {
|
|
let state_lock = services.rooms.state.mutex.lock(room_id).await;
|
|
|
|
let Ok(event) = services
|
|
.rooms
|
|
.state_accessor
|
|
.room_state_get_content::<RoomMemberEventContent>(
|
|
room_id,
|
|
&StateEventType::RoomMember,
|
|
user_id.as_str(),
|
|
)
|
|
.await
|
|
else {
|
|
// Fix for broken rooms
|
|
error!("Trying to leave a room you are not a member of.");
|
|
|
|
services
|
|
.rooms
|
|
.state_cache
|
|
.update_membership(
|
|
room_id,
|
|
user_id,
|
|
RoomMemberEventContent::new(MembershipState::Leave),
|
|
user_id,
|
|
None,
|
|
None,
|
|
true,
|
|
)
|
|
.await?;
|
|
|
|
return Ok(());
|
|
};
|
|
|
|
services
|
|
.rooms
|
|
.timeline
|
|
.build_and_append_pdu(
|
|
PduBuilder::state(user_id.to_string(), &RoomMemberEventContent {
|
|
membership: MembershipState::Leave,
|
|
reason,
|
|
..event
|
|
}),
|
|
user_id,
|
|
room_id,
|
|
&state_lock,
|
|
)
|
|
.await?;
|
|
}
|
|
|
|
Ok(())
|
|
}
|
|
|
|
async fn remote_leave_room(
|
|
services: &Services,
|
|
user_id: &UserId,
|
|
room_id: &RoomId,
|
|
) -> Result<()> {
|
|
let mut make_leave_response_and_server =
|
|
Err!(BadServerResponse("No server available to assist in leaving."));
|
|
|
|
let invite_state = services
|
|
.rooms
|
|
.state_cache
|
|
.invite_state(user_id, room_id)
|
|
.await
|
|
.map_err(|_| err!(Request(BadState("User is not invited."))))?;
|
|
|
|
let mut servers: HashSet<OwnedServerName> = services
|
|
.rooms
|
|
.state_cache
|
|
.servers_invite_via(room_id)
|
|
.map(ToOwned::to_owned)
|
|
.collect()
|
|
.await;
|
|
|
|
servers.extend(
|
|
invite_state
|
|
.iter()
|
|
.filter_map(|event| event.get_field("sender").ok().flatten())
|
|
.filter_map(|sender: &str| UserId::parse(sender).ok())
|
|
.map(|user| user.server_name().to_owned()),
|
|
);
|
|
|
|
if let Some(room_id_server_name) = room_id.server_name() {
|
|
servers.insert(room_id_server_name.to_owned());
|
|
}
|
|
|
|
debug_info!("servers in remote_leave_room: {servers:?}");
|
|
|
|
for remote_server in servers {
|
|
let make_leave_response = services
|
|
.sending
|
|
.send_federation_request(
|
|
&remote_server,
|
|
federation::membership::prepare_leave_event::v1::Request {
|
|
room_id: room_id.to_owned(),
|
|
user_id: user_id.to_owned(),
|
|
},
|
|
)
|
|
.await;
|
|
|
|
make_leave_response_and_server = make_leave_response.map(|r| (r, remote_server));
|
|
|
|
if make_leave_response_and_server.is_ok() {
|
|
break;
|
|
}
|
|
}
|
|
|
|
let (make_leave_response, remote_server) = make_leave_response_and_server?;
|
|
|
|
let Some(room_version_id) = make_leave_response.room_version else {
|
|
return Err!(BadServerResponse("Remote room version is not supported by conduwuit"));
|
|
};
|
|
|
|
if !services.server.supported_room_version(&room_version_id) {
|
|
return Err!(BadServerResponse(
|
|
"Remote room version {room_version_id} is not supported by conduwuit"
|
|
));
|
|
}
|
|
|
|
let mut leave_event_stub = serde_json::from_str::<CanonicalJsonObject>(
|
|
make_leave_response.event.get(),
|
|
)
|
|
.map_err(|e| {
|
|
err!(BadServerResponse("Invalid make_leave event json received from server: {e:?}"))
|
|
})?;
|
|
|
|
// TODO: Is origin needed?
|
|
leave_event_stub.insert(
|
|
"origin".to_owned(),
|
|
CanonicalJsonValue::String(services.globals.server_name().as_str().to_owned()),
|
|
);
|
|
leave_event_stub.insert(
|
|
"origin_server_ts".to_owned(),
|
|
CanonicalJsonValue::Integer(
|
|
utils::millis_since_unix_epoch()
|
|
.try_into()
|
|
.expect("Timestamp is valid js_int value"),
|
|
),
|
|
);
|
|
|
|
// room v3 and above removed the "event_id" field from remote PDU format
|
|
match room_version_id {
|
|
| RoomVersionId::V1 | RoomVersionId::V2 => {},
|
|
| _ => {
|
|
leave_event_stub.remove("event_id");
|
|
},
|
|
};
|
|
|
|
// In order to create a compatible ref hash (EventID) the `hashes` field needs
|
|
// to be present
|
|
services
|
|
.server_keys
|
|
.hash_and_sign_event(&mut leave_event_stub, &room_version_id)?;
|
|
|
|
// Generate event id
|
|
let event_id = pdu::gen_event_id(&leave_event_stub, &room_version_id)?;
|
|
|
|
// Add event_id back
|
|
leave_event_stub
|
|
.insert("event_id".to_owned(), CanonicalJsonValue::String(event_id.clone().into()));
|
|
|
|
// It has enough fields to be called a proper event now
|
|
let leave_event = leave_event_stub;
|
|
|
|
services
|
|
.sending
|
|
.send_federation_request(
|
|
&remote_server,
|
|
federation::membership::create_leave_event::v2::Request {
|
|
room_id: room_id.to_owned(),
|
|
event_id,
|
|
pdu: services
|
|
.sending
|
|
.convert_to_outgoing_federation_event(leave_event.clone())
|
|
.await,
|
|
},
|
|
)
|
|
.await?;
|
|
|
|
Ok(())
|
|
}
|