diff options
author | devonh <devon.dmytro@gmail.com> | 2023-06-07 17:14:35 +0000 |
---|---|---|
committer | GitHub <noreply@github.com> | 2023-06-07 17:14:35 +0000 |
commit | 8ea1a11105ea7e66aa459537bcbef0de606147cd (patch) | |
tree | 62a539b761d078978226752c8d3ef23f1a80e677 /clientapi | |
parent | 7a1fd7f512ce06a472a2051ee63eae4a270eb71a (diff) |
Use SenderID Type (#3105)
Diffstat (limited to 'clientapi')
-rw-r--r-- | clientapi/routing/directory.go | 16 | ||||
-rw-r--r-- | clientapi/routing/membership.go | 36 | ||||
-rw-r--r-- | clientapi/routing/profile.go | 15 | ||||
-rw-r--r-- | clientapi/routing/redaction.go | 27 | ||||
-rw-r--r-- | clientapi/routing/sendevent.go | 21 | ||||
-rw-r--r-- | clientapi/threepid/invites.go | 12 |
6 files changed, 107 insertions, 20 deletions
diff --git a/clientapi/routing/directory.go b/clientapi/routing/directory.go index 0c842e6a..034296f4 100644 --- a/clientapi/routing/directory.go +++ b/clientapi/routing/directory.go @@ -338,7 +338,21 @@ func SetVisibility( // NOTSPEC: Check if the user's power is greater than power required to change m.room.canonical_alias event power, _ := gomatrixserverlib.NewPowerLevelContentFromEvent(queryEventsRes.StateEvents[0].PDU) - if power.UserLevel(dev.UserID) < power.EventLevel(spec.MRoomCanonicalAlias, true) { + fullUserID, err := spec.NewUserID(dev.UserID, true) + if err != nil { + return util.JSONResponse{ + Code: http.StatusForbidden, + JSON: spec.Forbidden("userID doesn't have power level to change visibility"), + } + } + senderID, err := rsAPI.QuerySenderIDForUser(req.Context(), roomID, *fullUserID) + if err != nil { + return util.JSONResponse{ + Code: http.StatusForbidden, + JSON: spec.Forbidden("userID doesn't have power level to change visibility"), + } + } + if power.UserLevel(senderID) < power.EventLevel(spec.MRoomCanonicalAlias, true) { return util.JSONResponse{ Code: http.StatusForbidden, JSON: spec.Forbidden("userID doesn't have power level to change visibility"), diff --git a/clientapi/routing/membership.go b/clientapi/routing/membership.go index 0fe0a4ad..78829bec 100644 --- a/clientapi/routing/membership.go +++ b/clientapi/routing/membership.go @@ -66,7 +66,21 @@ func SendBan( if errRes != nil { return *errRes } - allowedToBan := pl.UserLevel(device.UserID) >= pl.Ban + fullUserID, err := spec.NewUserID(device.UserID, true) + if err != nil { + return util.JSONResponse{ + Code: http.StatusForbidden, + JSON: spec.Forbidden("You don't have permission to ban this user, bad userID"), + } + } + senderID, err := rsAPI.QuerySenderIDForUser(req.Context(), roomID, *fullUserID) + if err != nil { + return util.JSONResponse{ + Code: http.StatusForbidden, + JSON: spec.Forbidden("You don't have permission to ban this user, unknown senderID"), + } + } + allowedToBan := pl.UserLevel(senderID) >= pl.Ban if !allowedToBan { return util.JSONResponse{ Code: http.StatusForbidden, @@ -142,7 +156,21 @@ func SendKick( if errRes != nil { return *errRes } - allowedToKick := pl.UserLevel(device.UserID) >= pl.Kick + fullUserID, err := spec.NewUserID(device.UserID, true) + if err != nil { + return util.JSONResponse{ + Code: http.StatusForbidden, + JSON: spec.Forbidden("You don't have permission to kick this user, bad userID"), + } + } + senderID, err := rsAPI.QuerySenderIDForUser(req.Context(), roomID, *fullUserID) + if err != nil { + return util.JSONResponse{ + Code: http.StatusForbidden, + JSON: spec.Forbidden("You don't have permission to kick this user, unknown senderID"), + } + } + allowedToKick := pl.UserLevel(senderID) >= pl.Kick if !allowedToKick { return util.JSONResponse{ Code: http.StatusForbidden, @@ -151,7 +179,7 @@ func SendKick( } var queryRes roomserverAPI.QueryMembershipForUserResponse - err := rsAPI.QueryMembershipForUser(req.Context(), &roomserverAPI.QueryMembershipForUserRequest{ + err = rsAPI.QueryMembershipForUser(req.Context(), &roomserverAPI.QueryMembershipForUserRequest{ RoomID: roomID, UserID: body.UserID, }, &queryRes) @@ -319,7 +347,7 @@ func buildMembershipEventDirect( rsAPI roomserverAPI.ClientRoomserverAPI, ) (*types.HeaderedEvent, error) { proto := gomatrixserverlib.ProtoEvent{ - Sender: sender, + SenderID: sender, RoomID: roomID, Type: "m.room.member", StateKey: &targetUserID, diff --git a/clientapi/routing/profile.go b/clientapi/routing/profile.go index 2c9d0cbb..e734e2e4 100644 --- a/clientapi/routing/profile.go +++ b/clientapi/routing/profile.go @@ -363,12 +363,21 @@ func buildMembershipEvents( ) ([]*types.HeaderedEvent, error) { evs := []*types.HeaderedEvent{} + fullUserID, err := spec.NewUserID(userID, true) + if err != nil { + return nil, err + } for _, roomID := range roomIDs { + senderID, err := rsAPI.QuerySenderIDForUser(ctx, roomID, *fullUserID) + if err != nil { + return nil, err + } + senderIDString := string(senderID) proto := gomatrixserverlib.ProtoEvent{ - Sender: userID, + SenderID: senderIDString, RoomID: roomID, Type: "m.room.member", - StateKey: &userID, + StateKey: &senderIDString, } content := gomatrixserverlib.MemberContent{ @@ -378,7 +387,7 @@ func buildMembershipEvents( content.DisplayName = newProfile.DisplayName content.AvatarURL = newProfile.AvatarURL - if err := proto.SetContent(content); err != nil { + if err = proto.SetContent(content); err != nil { return nil, err } diff --git a/clientapi/routing/redaction.go b/clientapi/routing/redaction.go index e94c7748..22474fc0 100644 --- a/clientapi/routing/redaction.go +++ b/clientapi/routing/redaction.go @@ -73,10 +73,25 @@ func SendRedaction( } } + fullUserID, userIDErr := spec.NewUserID(device.UserID, true) + if userIDErr != nil { + return util.JSONResponse{ + Code: http.StatusForbidden, + JSON: spec.Forbidden("userID doesn't have power level to redact"), + } + } + senderID, queryErr := rsAPI.QuerySenderIDForUser(req.Context(), roomID, *fullUserID) + if queryErr != nil { + return util.JSONResponse{ + Code: http.StatusForbidden, + JSON: spec.Forbidden("userID doesn't have power level to redact"), + } + } + // "Users may redact their own events, and any user with a power level greater than or equal // to the redact power level of the room may redact events there" // https://matrix.org/docs/spec/client_server/r0.6.1#put-matrix-client-r0-rooms-roomid-redact-eventid-txnid - allowedToRedact := ev.SenderID() == device.UserID // TODO: Should replace device.UserID with device...PerRoomKey + allowedToRedact := ev.SenderID() == senderID // TODO: Should replace device.UserID with device...PerRoomKey if !allowedToRedact { plEvent := roomserverAPI.GetStateEvent(req.Context(), rsAPI, roomID, gomatrixserverlib.StateKeyTuple{ EventType: spec.MRoomPowerLevels, @@ -97,7 +112,7 @@ func SendRedaction( ), } } - allowedToRedact = pl.UserLevel(device.UserID) >= pl.Redact + allowedToRedact = pl.UserLevel(senderID) >= pl.Redact } if !allowedToRedact { return util.JSONResponse{ @@ -114,10 +129,10 @@ func SendRedaction( // create the new event and set all the fields we can proto := gomatrixserverlib.ProtoEvent{ - Sender: device.UserID, - RoomID: roomID, - Type: spec.MRoomRedaction, - Redacts: eventID, + SenderID: string(senderID), + RoomID: roomID, + Type: spec.MRoomRedaction, + Redacts: eventID, } err := proto.SetContent(r) if err != nil { diff --git a/clientapi/routing/sendevent.go b/clientapi/routing/sendevent.go index 8b09f399..4d0a9f24 100644 --- a/clientapi/routing/sendevent.go +++ b/clientapi/routing/sendevent.go @@ -266,16 +266,29 @@ func generateSendEvent( evTime time.Time, ) (gomatrixserverlib.PDU, *util.JSONResponse) { // parse the incoming http request - userID := device.UserID + fullUserID, err := spec.NewUserID(device.UserID, true) + if err != nil { + return nil, &util.JSONResponse{ + Code: http.StatusBadRequest, + JSON: spec.BadJSON("Bad userID"), + } + } + senderID, err := rsAPI.QuerySenderIDForUser(ctx, roomID, *fullUserID) + if err != nil { + return nil, &util.JSONResponse{ + Code: http.StatusNotFound, + JSON: spec.NotFound("Unable to find senderID for user"), + } + } // create the new event and set all the fields we can proto := gomatrixserverlib.ProtoEvent{ - Sender: userID, + SenderID: string(senderID), RoomID: roomID, Type: eventType, StateKey: stateKey, } - err := proto.SetContent(r) + err = proto.SetContent(r) if err != nil { util.GetLogger(ctx).WithError(err).Error("proto.SetContent failed") return nil, &util.JSONResponse{ @@ -331,7 +344,7 @@ func generateSendEvent( stateEvents[i] = queryRes.StateEvents[i].PDU } provider := gomatrixserverlib.NewAuthEvents(gomatrixserverlib.ToPDUs(stateEvents)) - if err = gomatrixserverlib.Allowed(e.PDU, &provider, func(roomID, senderID string) (*spec.UserID, error) { + if err = gomatrixserverlib.Allowed(e.PDU, &provider, func(roomID string, senderID spec.SenderID) (*spec.UserID, error) { return rsAPI.QueryUserIDForSender(ctx, roomID, senderID) }); err != nil { return nil, &util.JSONResponse{ diff --git a/clientapi/threepid/invites.go b/clientapi/threepid/invites.go index 9f4f62e4..e7ffbac2 100644 --- a/clientapi/threepid/invites.go +++ b/clientapi/threepid/invites.go @@ -355,8 +355,16 @@ func emit3PIDInviteEvent( rsAPI api.ClientRoomserverAPI, evTime time.Time, ) error { + userID, err := spec.NewUserID(device.UserID, true) + if err != nil { + return err + } + sender, err := rsAPI.QuerySenderIDForUser(ctx, roomID, *userID) + if err != nil { + return err + } proto := &gomatrixserverlib.ProtoEvent{ - Sender: device.UserID, + SenderID: string(sender), RoomID: roomID, Type: "m.room.third_party_invite", StateKey: &res.Token, @@ -370,7 +378,7 @@ func emit3PIDInviteEvent( PublicKeys: res.PublicKeys, } - if err := proto.SetContent(content); err != nil { + if err = proto.SetContent(content); err != nil { return err } |