aboutsummaryrefslogtreecommitdiff
path: root/clientapi/routing/sendevent.go
diff options
context:
space:
mode:
Diffstat (limited to 'clientapi/routing/sendevent.go')
-rw-r--r--clientapi/routing/sendevent.go13
1 files changed, 10 insertions, 3 deletions
diff --git a/clientapi/routing/sendevent.go b/clientapi/routing/sendevent.go
index 4d0a9f24..d51a570d 100644
--- a/clientapi/routing/sendevent.go
+++ b/clientapi/routing/sendevent.go
@@ -273,7 +273,14 @@ func generateSendEvent(
JSON: spec.BadJSON("Bad userID"),
}
}
- senderID, err := rsAPI.QuerySenderIDForUser(ctx, roomID, *fullUserID)
+ validRoomID, err := spec.NewRoomID(roomID)
+ if err != nil {
+ return nil, &util.JSONResponse{
+ Code: http.StatusBadRequest,
+ JSON: spec.BadJSON("RoomID is invalid"),
+ }
+ }
+ senderID, err := rsAPI.QuerySenderIDForUser(ctx, *validRoomID, *fullUserID)
if err != nil {
return nil, &util.JSONResponse{
Code: http.StatusNotFound,
@@ -344,8 +351,8 @@ func generateSendEvent(
stateEvents[i] = queryRes.StateEvents[i].PDU
}
provider := gomatrixserverlib.NewAuthEvents(gomatrixserverlib.ToPDUs(stateEvents))
- if err = gomatrixserverlib.Allowed(e.PDU, &provider, func(roomID string, senderID spec.SenderID) (*spec.UserID, error) {
- return rsAPI.QueryUserIDForSender(ctx, roomID, senderID)
+ if err = gomatrixserverlib.Allowed(e.PDU, &provider, func(roomID spec.RoomID, senderID spec.SenderID) (*spec.UserID, error) {
+ return rsAPI.QueryUserIDForSender(ctx, *validRoomID, senderID)
}); err != nil {
return nil, &util.JSONResponse{
Code: http.StatusForbidden,
generated by cgit v1.2.3 (git 2.26.2) at 2025-03-19 11:22:17 +0000