State-reset and security mitigations.
Upgrade Ruma to present. The following are intentionally benign for activation in a later commit: - Hydra backports not default. - Room version 12 not default. - Room version 12 not listed as stable. Do not enable them manually or you can brick your database. Signed-off-by: Jason Volk <jason@zemos.net>
This commit is contained in:
Jason Volk
@@ -64,17 +64,18 @@ pub(crate) async fn get_hierarchy_route(
|
||||
})
|
||||
.unzip()
|
||||
.map(|(children, inaccessible_children): (Vec<_>, Vec<_>)| {
|
||||
(
|
||||
children
|
||||
.into_iter()
|
||||
.flatten()
|
||||
.map(Into::into)
|
||||
.collect(),
|
||||
inaccessible_children
|
||||
.into_iter()
|
||||
.flatten()
|
||||
.collect(),
|
||||
)
|
||||
let children = children
|
||||
.into_iter()
|
||||
.flatten()
|
||||
.map(|parent| parent.summary)
|
||||
.collect();
|
||||
|
||||
let inaccessible_children = inaccessible_children
|
||||
.into_iter()
|
||||
.flatten()
|
||||
.collect();
|
||||
|
||||
(children, inaccessible_children)
|
||||
})
|
||||
.await;
|
||||
|
||||
|
||||
@@ -3,12 +3,15 @@ use axum_client_ip::InsecureClientIp;
|
||||
use base64::{Engine as _, engine::general_purpose};
|
||||
use ruma::{
|
||||
CanonicalJsonValue, OwnedUserId, UserId,
|
||||
api::{client::error::ErrorKind, federation::membership::create_invite},
|
||||
api::{
|
||||
client::error::ErrorKind,
|
||||
federation::membership::{RawStrippedState, create_invite},
|
||||
},
|
||||
events::room::member::{MembershipState, RoomMemberEventContent},
|
||||
serde::JsonObject,
|
||||
};
|
||||
use tuwunel_core::{
|
||||
Err, Error, Result, err,
|
||||
Err, Error, Result, err, extract_variant,
|
||||
matrix::{Event, PduEvent, event::gen_event_id},
|
||||
utils,
|
||||
utils::hash::sha256,
|
||||
@@ -119,7 +122,12 @@ pub(crate) async fn create_invite_route(
|
||||
return Err!(Request(Forbidden("This server does not allow room invites.")));
|
||||
}
|
||||
|
||||
let mut invite_state = body.invite_room_state.clone();
|
||||
let mut invite_state: Vec<_> = body
|
||||
.invite_room_state
|
||||
.clone()
|
||||
.into_iter()
|
||||
.filter_map(|s| extract_variant!(s, RawStrippedState::Stripped))
|
||||
.collect();
|
||||
|
||||
let mut event: JsonObject = serde_json::from_str(body.event.get())
|
||||
.map_err(|e| err!(Request(BadJson("Invalid invite event PDU: {e}"))))?;
|
||||
|
||||
@@ -2,7 +2,7 @@ use RoomVersionId::*;
|
||||
use axum::extract::State;
|
||||
use ruma::{
|
||||
RoomVersionId,
|
||||
api::{client::error::ErrorKind, federation::knock::create_knock_event_template},
|
||||
api::{client::error::ErrorKind, federation::membership::prepare_knock_event},
|
||||
events::room::member::{MembershipState, RoomMemberEventContent},
|
||||
};
|
||||
use serde_json::value::to_raw_value;
|
||||
@@ -15,8 +15,8 @@ use crate::Ruma;
|
||||
/// Creates a knock template.
|
||||
pub(crate) async fn create_knock_event_template_route(
|
||||
State(services): State<crate::State>,
|
||||
body: Ruma<create_knock_event_template::v1::Request>,
|
||||
) -> Result<create_knock_event_template::v1::Response> {
|
||||
body: Ruma<prepare_knock_event::v1::Request>,
|
||||
) -> Result<prepare_knock_event::v1::Response> {
|
||||
if !services
|
||||
.rooms
|
||||
.metadata
|
||||
@@ -124,7 +124,7 @@ pub(crate) async fn create_knock_event_template_route(
|
||||
// room v3 and above removed the "event_id" field from remote PDU format
|
||||
super::maybe_strip_event_id(&mut pdu_json, &room_version_id)?;
|
||||
|
||||
Ok(create_knock_event_template::v1::Response {
|
||||
Ok(prepare_knock_event::v1::Response {
|
||||
room_version: room_version_id,
|
||||
event: to_raw_value(&pdu_json).expect("CanonicalJson can be serialized to JSON"),
|
||||
})
|
||||
|
||||
@@ -354,6 +354,7 @@ pub(crate) async fn create_join_event_v2_route(
|
||||
create_join_event(&services, body.origin(), &body.room_id, &body.pdu)
|
||||
.boxed()
|
||||
.await?;
|
||||
|
||||
let room_state = create_join_event::v2::RoomState {
|
||||
members_omitted: false,
|
||||
auth_chain,
|
||||
|
||||
@@ -3,7 +3,7 @@ use futures::FutureExt;
|
||||
use ruma::{
|
||||
OwnedServerName, OwnedUserId,
|
||||
RoomVersionId::*,
|
||||
api::federation::knock::send_knock,
|
||||
api::federation::membership::create_knock_event,
|
||||
events::{
|
||||
StateEventType,
|
||||
room::member::{MembershipState, RoomMemberEventContent},
|
||||
@@ -23,8 +23,8 @@ use crate::Ruma;
|
||||
/// Submits a signed knock event.
|
||||
pub(crate) async fn create_knock_event_v1_route(
|
||||
State(services): State<crate::State>,
|
||||
body: Ruma<send_knock::v1::Request>,
|
||||
) -> Result<send_knock::v1::Response> {
|
||||
body: Ruma<create_knock_event::v1::Request>,
|
||||
) -> Result<create_knock_event::v1::Response> {
|
||||
if services
|
||||
.config
|
||||
.forbidden_remote_server_names
|
||||
@@ -189,7 +189,14 @@ pub(crate) async fn create_knock_event_v1_route(
|
||||
.send_pdu_room(&body.room_id, &pdu_id)
|
||||
.await?;
|
||||
|
||||
let knock_room_state = services.rooms.state.summary_stripped(&pdu).await;
|
||||
|
||||
Ok(send_knock::v1::Response { knock_room_state })
|
||||
Ok(create_knock_event::v1::Response {
|
||||
knock_room_state: services
|
||||
.rooms
|
||||
.state
|
||||
.summary_stripped(&pdu)
|
||||
.await
|
||||
.into_iter()
|
||||
.map(Into::into)
|
||||
.collect(),
|
||||
})
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user