Support for server ACLs (#1261)

* First pass at server ACLs (not efficient)

* Use transaction origin, update whitelist

* Fix federation API test

It's sufficient for us to return nothing in response to current state, so that the server ACL check returns no ACLs.

* More efficient server ACLs - hopefully

* Fix queries

* Fix queries

* Avoid panics by nil pointers

* Bug fixes

* Fix state event type

* Fix mutex

* Update logging

* Ignore port when matching servername

* Use read mutex

* Fix bugs

* Fix sync API test

* Comments

* Add tests, tweaks to behaviour

* Fix test output

1 files changed, 12 insertions, 0 deletions

diff --git a/sytest-whitelist b/sytest-whitelist
index 875cc092..e92e883c 100644
--- a/sytest-whitelist
+++ b/sytest-whitelist
@@ -436,3 +436,15 @@ User directory correctly update on display name change
 User in shared private room does appear in user directory
 User in dir while user still shares private rooms
 Can get 'm.room.name' state for a departed room (SPEC-216)
+Banned servers cannot send events
+Banned servers cannot /make_join
+Banned servers cannot /send_join
+Banned servers cannot /make_leave
+Banned servers cannot /send_leave
+Banned servers cannot /invite
+Banned servers cannot get room state
+Banned servers cannot /event_auth
+Banned servers cannot get missing events
+Banned servers cannot get room state ids
+Banned servers cannot backfill
+Inbound /v1/send_leave rejects leaves from other servers