dolysis
/
conduwuit
mirror of https://github.com/girlbossceo/conduwuit.git
3
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

fix(fed): dont reject `/event_auth/` on world readable rooms 

Signed-off-by: strawberry <strawberry@puppygock.gay>
This commit is contained in:
strawberry 2024-06-07 01:47:06 -04:00
parent 197a02bf8d
commit d10bc67c9d
1 changed files with 12 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
src/api/server/event_auth.rs
View File

@ -17,19 +17,23 @@ pub(crate) async fn get_event_authorization_route(
) -> Result<get_event_authorization::v1::Response> { ) -> Result<get_event_authorization::v1::Response> {
let origin = body.origin.as_ref().expect("server is authenticated"); let origin = body.origin.as_ref().expect("server is authenticated");
if !services()
.rooms
.state_cache
.server_in_room(origin, &body.room_id)?
{
return Err(Error::BadRequest(ErrorKind::forbidden(), "Server is not in room."));
}
services() services()
.rooms .rooms
.event_handler .event_handler
.acl_check(origin, &body.room_id)?; .acl_check(origin, &body.room_id)?;
if !services()
.rooms
.state_accessor
.is_world_readable(&body.room_id)?
&& !services()
.rooms
.state_cache
.server_in_room(origin, &body.room_id)?
{
return Err(Error::BadRequest(ErrorKind::forbidden(), "Server is not in room."));
}
let event = services() let event = services()
.rooms .rooms
.timeline .timeline