studio/tuwunel
2
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

feat(appservice): ensure users/aliases outside of namespaces are not accessed

Browse Source 
Signed-off-by: strawberry <strawberry@puppygock.gay>
This commit is contained in:
Matthias Ahouansou
2024-04-16 22:39:49 -04:00
committed by June
parent b303a774d8
commit 19e4befcb8
7 changed files with 154 additions and 61 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
src/api/client_server/alias.rs
View File

@@ -29,6 +29,18 @@ pub async fn create_alias_route(body: Ruma<create_alias::v3::Request>) -> Result
return Err(Error::BadRequest(ErrorKind::Unknown, "Room alias is forbidden."));
}
if let Some(ref info) = body.appservice_info {
if !info.aliases.is_match(body.room_alias.as_str()) {
return Err(Error::BadRequest(ErrorKind::Exclusive, "Room alias is not in namespace."));
}
} else if services()
.appservice
.is_exclusive_alias(&body.room_alias)
.await
{
return Err(Error::BadRequest(ErrorKind::Exclusive, "Room alias reserved by appservice."));
}
if services()
.rooms
.alias
@@ -73,6 +85,18 @@ pub async fn delete_alias_route(body: Ruma<delete_alias::v3::Request>) -> Result
return Err(Error::BadRequest(ErrorKind::NotFound, "Alias does not exist."));
}
if let Some(ref info) = body.appservice_info {
if !info.aliases.is_match(body.room_alias.as_str()) {
return Err(Error::BadRequest(ErrorKind::Exclusive, "Room alias is not in namespace."));
}
} else if services()
.appservice
.is_exclusive_alias(&body.room_alias)
.await
{
return Err(Error::BadRequest(ErrorKind::Exclusive, "Room alias reserved by appservice."));
}
if services()
.rooms
.alias