|
|
|
|
@ -22,6 +22,7 @@ use ruma::{
|
|
|
|
|
}, |
|
|
|
|
push::{Action, Ruleset, Tweak}, |
|
|
|
|
state_res, |
|
|
|
|
state_res::Event, |
|
|
|
|
state_res::RoomVersion, |
|
|
|
|
uint, CanonicalJsonObject, CanonicalJsonValue, EventId, OwnedEventId, OwnedRoomId, |
|
|
|
|
OwnedServerName, RoomAliasId, RoomId, UserId, |
|
|
|
|
@ -683,6 +684,92 @@ impl Service {
|
|
|
|
|
let (pdu, pdu_json) = |
|
|
|
|
self.create_hash_and_sign_event(pdu_builder, sender, room_id, state_lock)?; |
|
|
|
|
|
|
|
|
|
let admin_room = services().rooms.alias.resolve_local_alias( |
|
|
|
|
<&RoomAliasId>::try_from( |
|
|
|
|
format!("#admins:{}", services().globals.server_name()).as_str(), |
|
|
|
|
) |
|
|
|
|
.expect("#admins:server_name is a valid room alias"), |
|
|
|
|
)?; |
|
|
|
|
if admin_room.filter(|v| v == room_id).is_some() { |
|
|
|
|
match pdu.event_type() { |
|
|
|
|
RoomEventType::RoomEncryption => { |
|
|
|
|
warn!("Encryption is not allowed in the admins room"); |
|
|
|
|
return Err(Error::BadRequest( |
|
|
|
|
ErrorKind::Forbidden, |
|
|
|
|
"Encryption is not allowed in the admins room.", |
|
|
|
|
)); |
|
|
|
|
} |
|
|
|
|
RoomEventType::RoomMember => { |
|
|
|
|
#[derive(Deserialize)] |
|
|
|
|
struct ExtractMembership { |
|
|
|
|
membership: MembershipState, |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
let target = pdu |
|
|
|
|
.state_key() |
|
|
|
|
.filter(|v| v.starts_with("@")) |
|
|
|
|
.unwrap_or(sender.as_str()); |
|
|
|
|
let server_name = services().globals.server_name(); |
|
|
|
|
let server_user = format!("@conduit:{}", server_name); |
|
|
|
|
let content = serde_json::from_str::<ExtractMembership>(pdu.content.get()) |
|
|
|
|
.map_err(|_| Error::bad_database("Invalid content in pdu."))?; |
|
|
|
|
|
|
|
|
|
if content.membership == MembershipState::Leave { |
|
|
|
|
if target == &server_user { |
|
|
|
|
warn!("Conduit user cannot leave from admins room"); |
|
|
|
|
return Err(Error::BadRequest( |
|
|
|
|
ErrorKind::Forbidden, |
|
|
|
|
"Conduit user cannot leave from admins room.", |
|
|
|
|
)); |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
let count = services() |
|
|
|
|
.rooms |
|
|
|
|
.state_cache |
|
|
|
|
.room_members(room_id) |
|
|
|
|
.filter_map(|m| m.ok()) |
|
|
|
|
.filter(|m| m.server_name() == server_name) |
|
|
|
|
.filter(|m| m != target) |
|
|
|
|
.count(); |
|
|
|
|
if count < 2 { |
|
|
|
|
warn!("Last admin cannot leave from admins room"); |
|
|
|
|
return Err(Error::BadRequest( |
|
|
|
|
ErrorKind::Forbidden, |
|
|
|
|
"Last admin cannot leave from admins room.", |
|
|
|
|
)); |
|
|
|
|
} |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
if content.membership == MembershipState::Ban && pdu.state_key().is_some() { |
|
|
|
|
if target == &server_user { |
|
|
|
|
warn!("Conduit user cannot be banned in admins room"); |
|
|
|
|
return Err(Error::BadRequest( |
|
|
|
|
ErrorKind::Forbidden, |
|
|
|
|
"Conduit user cannot be banned in admins room.", |
|
|
|
|
)); |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
let count = services() |
|
|
|
|
.rooms |
|
|
|
|
.state_cache |
|
|
|
|
.room_members(room_id) |
|
|
|
|
.filter_map(|m| m.ok()) |
|
|
|
|
.filter(|m| m.server_name() == server_name) |
|
|
|
|
.filter(|m| m != target) |
|
|
|
|
.count(); |
|
|
|
|
if count < 2 { |
|
|
|
|
warn!("Last admin cannot be banned in admins room"); |
|
|
|
|
return Err(Error::BadRequest( |
|
|
|
|
ErrorKind::Forbidden, |
|
|
|
|
"Last admin cannot be banned in admins room.", |
|
|
|
|
)); |
|
|
|
|
} |
|
|
|
|
} |
|
|
|
|
} |
|
|
|
|
_ => {} |
|
|
|
|
} |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
// We append to state before appending the pdu, so we don't have a moment in time with the
|
|
|
|
|
// pdu without it's state. This is okay because append_pdu can't fail.
|
|
|
|
|
let statehashid = services().rooms.state.append_to_state(&pdu)?; |
|
|
|
|
|
Timo Kösters
3 years ago