|
|
|
|
@ -3,7 +3,7 @@ use std::{collections::BTreeMap, iter::FromIterator, str};
|
|
|
|
|
use axum::{ |
|
|
|
|
async_trait, |
|
|
|
|
body::{Full, HttpBody}, |
|
|
|
|
extract::{FromRequest, RequestParts, TypedHeader}, |
|
|
|
|
extract::{rejection::TypedHeaderRejectionReason, FromRequest, RequestParts, TypedHeader}, |
|
|
|
|
headers::{ |
|
|
|
|
authorization::{Bearer, Credentials}, |
|
|
|
|
Authorization, |
|
|
|
|
@ -97,7 +97,10 @@ where
|
|
|
|
|
); |
|
|
|
|
|
|
|
|
|
if !db.users.exists(&user_id).unwrap() { |
|
|
|
|
return Err(forbidden()); |
|
|
|
|
return Err(Error::BadRequest( |
|
|
|
|
ErrorKind::Forbidden, |
|
|
|
|
"User does not exist.", |
|
|
|
|
)); |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
// TODO: Check if appservice is allowed to be that user
|
|
|
|
|
@ -111,11 +114,21 @@ where
|
|
|
|
|
AuthScheme::AccessToken | AuthScheme::QueryOnlyAccessToken => { |
|
|
|
|
let token = match token { |
|
|
|
|
Some(token) => token, |
|
|
|
|
_ => return Err(missing_token()), |
|
|
|
|
_ => { |
|
|
|
|
return Err(Error::BadRequest( |
|
|
|
|
ErrorKind::MissingToken, |
|
|
|
|
"Missing access token.", |
|
|
|
|
)) |
|
|
|
|
} |
|
|
|
|
}; |
|
|
|
|
|
|
|
|
|
match db.users.find_from_token(token).unwrap() { |
|
|
|
|
None => return Err(unknown_token()), |
|
|
|
|
None => { |
|
|
|
|
return Err(Error::BadRequest( |
|
|
|
|
ErrorKind::UnknownToken { soft_logout: false }, |
|
|
|
|
"Unknown access token.", |
|
|
|
|
)) |
|
|
|
|
} |
|
|
|
|
Some((user_id, device_id)) => ( |
|
|
|
|
Some(user_id), |
|
|
|
|
Some(Box::<DeviceId>::from(device_id)), |
|
|
|
|
@ -130,7 +143,17 @@ where
|
|
|
|
|
.await |
|
|
|
|
.map_err(|e| { |
|
|
|
|
warn!("Missing or invalid Authorization header: {}", e); |
|
|
|
|
forbidden() |
|
|
|
|
|
|
|
|
|
let msg = match e.reason() { |
|
|
|
|
TypedHeaderRejectionReason::Missing => { |
|
|
|
|
"Missing Authorization header." |
|
|
|
|
} |
|
|
|
|
TypedHeaderRejectionReason::Error(_) => { |
|
|
|
|
"Invalid X-Matrix signatures." |
|
|
|
|
} |
|
|
|
|
}; |
|
|
|
|
|
|
|
|
|
Error::BadRequest(ErrorKind::Forbidden, msg) |
|
|
|
|
})?; |
|
|
|
|
|
|
|
|
|
let origin_signatures = BTreeMap::from_iter([( |
|
|
|
|
@ -183,7 +206,10 @@ where
|
|
|
|
|
Ok(b) => b, |
|
|
|
|
Err(e) => { |
|
|
|
|
warn!("Failed to fetch signing keys: {}", e); |
|
|
|
|
return Err(forbidden()); |
|
|
|
|
return Err(Error::BadRequest( |
|
|
|
|
ErrorKind::Forbidden, |
|
|
|
|
"Failed to fetch signing keys.", |
|
|
|
|
)); |
|
|
|
|
} |
|
|
|
|
}; |
|
|
|
|
|
|
|
|
|
@ -206,7 +232,10 @@ where
|
|
|
|
|
); |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
return Err(forbidden()); |
|
|
|
|
return Err(Error::BadRequest( |
|
|
|
|
ErrorKind::Forbidden, |
|
|
|
|
"Failed to verify X-Matrix signatures.", |
|
|
|
|
)); |
|
|
|
|
} |
|
|
|
|
} |
|
|
|
|
} |
|
|
|
|
@ -255,7 +284,7 @@ where
|
|
|
|
|
let body = |
|
|
|
|
<T::Incoming as IncomingRequest>::try_from_http_request(http_request).map_err(|e| { |
|
|
|
|
warn!("{:?}", e); |
|
|
|
|
bad_json() |
|
|
|
|
Error::BadRequest(ErrorKind::BadJson, "Failed to deserialize request.") |
|
|
|
|
})?; |
|
|
|
|
|
|
|
|
|
Ok(Ruma { |
|
|
|
|
@ -269,25 +298,6 @@ where
|
|
|
|
|
} |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
fn forbidden() -> Error { |
|
|
|
|
Error::BadRequest(ErrorKind::Forbidden, "Forbidden.") |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
fn unknown_token() -> Error { |
|
|
|
|
Error::BadRequest( |
|
|
|
|
ErrorKind::UnknownToken { soft_logout: false }, |
|
|
|
|
"Unknown token.", |
|
|
|
|
) |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
fn missing_token() -> Error { |
|
|
|
|
Error::BadRequest(ErrorKind::MissingToken, "Missing token.") |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
fn bad_json() -> Error { |
|
|
|
|
Error::BadRequest(ErrorKind::BadJson, "Bad json.") |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
struct XMatrix { |
|
|
|
|
origin: Box<ServerName>, |
|
|
|
|
key: String, // KeyName?
|
|
|
|
|
|
Jonas Platte
4 years ago