diff options
| author | Neil Alexander <neilalexander@users.noreply.github.com> | 2022-05-25 10:05:30 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-05-25 10:05:30 +0100 |
| commit | 81843e8836e6f8f334c7b5fd1433c427c10a9443 (patch) | |
| tree | da86bc862d46103b955431961df95fab90c199b6 /roomserver/api | |
| parent | d621dd2986fa0b8cce9d164a7249456d0be47c81 (diff) | |
Restricted join support on `/make_join`, `/send_join` (#2478)
* Add `QueryRestrictedJoinAllowed`
* Add `Resident` flag to `QueryRestrictedJoinAllowedResponse`
* Check restricted joins on federation API
* Return `Restricted` to determine if the room was restricted or not
* Populate `AuthorisedVia` properly
* Sign the event on `/send_join`, return it in the `/send_join` response in the `"event"` key
* Kick back joins with invalid authorising user IDs, use event from `"event"` key if returned in `RespSendJoin`
* Use invite helper in `QueryRestrictedJoinAllowed`
* Only use users with the power to invite, change error bubbling a bit
* Placate the almighty linter
One day I will nuke `gocyclo` from orbit and everything in the world will be much better for it.
* Review comments
Diffstat (limited to 'roomserver/api')
| -rw-r--r-- | roomserver/api/api.go | 1 | ||||
| -rw-r--r-- | roomserver/api/api_trace.go | 10 | ||||
| -rw-r--r-- | roomserver/api/query.go | 20 |
3 files changed, 31 insertions, 0 deletions
diff --git a/roomserver/api/api.go b/roomserver/api/api.go index 80e7aed6..f87ff296 100644 --- a/roomserver/api/api.go +++ b/roomserver/api/api.go @@ -184,6 +184,7 @@ type FederationRoomserverAPI interface { // Query whether a server is allowed to see an event QueryServerAllowedToSeeEvent(ctx context.Context, req *QueryServerAllowedToSeeEventRequest, res *QueryServerAllowedToSeeEventResponse) error QueryRoomsForUser(ctx context.Context, req *QueryRoomsForUserRequest, res *QueryRoomsForUserResponse) error + QueryRestrictedJoinAllowed(ctx context.Context, req *QueryRestrictedJoinAllowedRequest, res *QueryRestrictedJoinAllowedResponse) error PerformInboundPeek(ctx context.Context, req *PerformInboundPeekRequest, res *PerformInboundPeekResponse) error PerformInvite(ctx context.Context, req *PerformInviteRequest, res *PerformInviteResponse) error // Query a given amount (or less) of events prior to a given set of events. diff --git a/roomserver/api/api_trace.go b/roomserver/api/api_trace.go index 71132464..92c5c1b1 100644 --- a/roomserver/api/api_trace.go +++ b/roomserver/api/api_trace.go @@ -354,6 +354,16 @@ func (t *RoomserverInternalAPITrace) QueryAuthChain( return err } +func (t *RoomserverInternalAPITrace) QueryRestrictedJoinAllowed( + ctx context.Context, + request *QueryRestrictedJoinAllowedRequest, + response *QueryRestrictedJoinAllowedResponse, +) error { + err := t.Impl.QueryRestrictedJoinAllowed(ctx, request, response) + util.GetLogger(ctx).WithError(err).Infof("QueryRestrictedJoinAllowed req=%+v res=%+v", js(request), js(response)) + return err +} + func js(thing interface{}) string { b, err := json.Marshal(thing) if err != nil { diff --git a/roomserver/api/query.go b/roomserver/api/query.go index afafb87c..f157a902 100644 --- a/roomserver/api/query.go +++ b/roomserver/api/query.go @@ -348,6 +348,26 @@ type QueryServerBannedFromRoomResponse struct { Banned bool `json:"banned"` } +type QueryRestrictedJoinAllowedRequest struct { + UserID string `json:"user_id"` + RoomID string `json:"room_id"` +} + +type QueryRestrictedJoinAllowedResponse struct { + // True if the room membership is restricted by the join rule being set to "restricted" + Restricted bool `json:"restricted"` + // True if our local server is joined to all of the allowed rooms specified in the "allow" + // key of the join rule, false if we are missing from some of them and therefore can't + // reliably decide whether or not we can satisfy the join + Resident bool `json:"resident"` + // True if the restricted join is allowed because we found the membership in one of the + // allowed rooms from the join rule, false if not + Allowed bool `json:"allowed"` + // Contains the user ID of the selected user ID that has power to issue invites, this will + // get populated into the "join_authorised_via_users_server" content in the membership + AuthorisedVia string `json:"authorised_via,omitempty"` +} + // MarshalJSON stringifies the room ID and StateKeyTuple keys so they can be sent over the wire in HTTP API mode. func (r *QueryBulkStateContentResponse) MarshalJSON() ([]byte, error) { se := make(map[string]string) |