From a04ff7d4af7287026143909ae56633497d5dd893 Mon Sep 17 00:00:00 2001
From: strawberry <strawberry@puppygock.gay>
Date: Fri, 7 Jun 2024 01:48:05 -0400
Subject: [PATCH] fix(fed): dont reject `/state_ids/` on world readable rooms

Signed-off-by: strawberry <strawberry@puppygock.gay>
---
 src/api/server/state_ids.rs | 23 ++++++++++++++---------
 1 file changed, 14 insertions(+), 9 deletions(-)

diff --git a/src/api/server/state_ids.rs b/src/api/server/state_ids.rs
index b56f7cfa..9fe695dc 100644
--- a/src/api/server/state_ids.rs
+++ b/src/api/server/state_ids.rs
@@ -6,25 +6,30 @@ use crate::{services, Error, Result, Ruma};
 
 /// # `GET /_matrix/federation/v1/state_ids/{roomId}`
 ///
-/// Retrieves the current state of the room.
+/// Retrieves a snapshot of a room's state at a given event, in the form of
+/// event IDs.
 pub(crate) async fn get_room_state_ids_route(
 	body: Ruma<get_room_state_ids::v1::Request>,
 ) -> Result<get_room_state_ids::v1::Response> {
 	let origin = body.origin.as_ref().expect("server is authenticated");
 
-	if !services()
-		.rooms
-		.state_cache
-		.server_in_room(origin, &body.room_id)?
-	{
-		return Err(Error::BadRequest(ErrorKind::forbidden(), "Server is not in room."));
-	}
-
 	services()
 		.rooms
 		.event_handler
 		.acl_check(origin, &body.room_id)?;
 
+	if !services()
+		.rooms
+		.state_accessor
+		.is_world_readable(&body.room_id)?
+		&& !services()
+			.rooms
+			.state_cache
+			.server_in_room(origin, &body.room_id)?
+	{
+		return Err(Error::BadRequest(ErrorKind::forbidden(), "Server is not in room."));
+	}
+
 	let shortstatehash = services()
 		.rooms
 		.state_accessor