char/conduit
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Merge pull request 'Access control' (#22) from control into master

Browse source
This commit is contained in:
Timo Kösters 2020-05-25 16:59:40 +02:00
commit 1096c2847b
3 changed files with 896 additions and 466 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

940
src/client_server.rs
View file

File diff suppressed because it is too large Load diff

413
src/database/rooms.rs
View file

@ -3,11 +3,18 @@ mod edus;
pub use edus::RoomEdus;
use crate::{utils, Error, PduEvent, Result};
use ruma_events::{room::power_levels::PowerLevelsEventContent, EventJson, EventType};
use log::error;
use ruma_events::{
room::{
join_rules, member,
power_levels::{self, PowerLevelsEventContent},
},
EventJson, EventType,
};
use ruma_identifiers::{EventId, RoomId, UserId};
use serde_json::json;
use std::{
collections::HashMap,
collections::{BTreeMap, HashMap},
convert::{TryFrom, TryInto},
mem,
};
@ -112,6 +119,20 @@ impl Rooms {
})
}
/// Returns the pdu.
pub fn get_pdu(&self, event_id: &EventId) -> Result<Option<PduEvent>> {
self.eventid_pduid
.get(event_id.to_string().as_bytes())?
.map_or(Ok(None), |pdu_id| {
Ok(serde_json::from_slice(
&self.pduid_pdu.get(pdu_id)?.ok_or(Error::BadDatabase(
"eventid_pduid points to nonexistent pdu",
))?,
)?)
.map(Some)
})
}
/// Returns the leaf pdus of a room.
pub fn get_pdu_leaves(&self, room_id: &RoomId) -> Result<Vec<EventId>> {
let mut prefix = room_id.to_string().as_bytes().to_vec();
@ -158,41 +179,227 @@ impl Rooms {
state_key: Option<String>,
globals: &super::globals::Globals,
) -> Result<EventId> {
// TODO: Make sure this isn't called twice in parallel
let prev_events = self.get_pdu_leaves(&room_id)?;
// Is the event authorized?
if state_key.is_some() {
if let Some(pdu) = self
if let Some(state_key) = &state_key {
let power_levels = self
.room_state(&room_id)?
.get(&(EventType::RoomPowerLevels, "".to_owned()))
.map_or_else(
|| {
Ok::<_, Error>(power_levels::PowerLevelsEventContent {
ban: 50.into(),
events: BTreeMap::new(),
events_default: 0.into(),
invite: 50.into(),
kick: 50.into(),
redact: 50.into(),
state_default: 0.into(),
users: BTreeMap::new(),
users_default: 0.into(),
notifications:
ruma_events::room::power_levels::NotificationPowerLevels {
room: 50.into(),
},
})
},
|power_levels| {
Ok(
serde_json::from_value::<EventJson<PowerLevelsEventContent>>(
power_levels.content.clone(),
)?
.deserialize()?,
)
},
)?;
{
let power_levels = serde_json::from_value::<EventJson<PowerLevelsEventContent>>(
pdu.content.clone(),
)?
.deserialize()?;
let sender_membership = self
.room_state(&room_id)?
.get(&(EventType::RoomMember, sender.to_string()))
.map_or(Ok::<_, Error>(member::MembershipState::Leave), |pdu| {
Ok(
serde_json::from_value::<EventJson<member::MemberEventContent>>(
pdu.content.clone(),
)?
.deserialize()?
.membership,
)
})?;
match event_type {
let sender_power = power_levels.users.get(&sender).map_or_else(
|| {
if sender_membership != member::MembershipState::Join {
None
} else {
Some(&power_levels.users_default)
}
},
// If it's okay, wrap with Some(_)
Some,
);
if !match event_type {
EventType::RoomMember => {
// Member events are okay for now (TODO)
let target_user_id = UserId::try_from(&**state_key)?;
let current_membership = self
.room_state(&room_id)?
.get(&(EventType::RoomMember, target_user_id.to_string()))
.map_or(Ok::<_, Error>(member::MembershipState::Leave), |pdu| {
Ok(serde_json::from_value::<
EventJson<member::MemberEventContent>,
>(pdu.content.clone())?
.deserialize()?
.membership)
})?;
let target_membership = serde_json::from_value::<
EventJson<member::MemberEventContent>,
>(content.clone())?
.deserialize()?
.membership;
let target_power = power_levels.users.get(&target_user_id).map_or_else(
|| {
if target_membership != member::MembershipState::Join {
None
} else {
Some(&power_levels.users_default)
}
},
// If it's okay, wrap with Some(_)
Some,
);
let join_rules = self
.room_state(&room_id)?
.get(&(EventType::RoomJoinRules, "".to_owned()))
.map_or(join_rules::JoinRule::Public, |pdu| {
serde_json::from_value::<
EventJson<join_rules::JoinRulesEventContent>,
>(pdu.content.clone())
.unwrap()
.deserialize()
.unwrap()
.join_rule
});
if target_membership == member::MembershipState::Join {
let mut prev_events = prev_events.iter();
let prev_event = self
.get_pdu(prev_events.next().ok_or(Error::BadRequest(
"membership can't be the first event",
))?)?
.ok_or(Error::BadDatabase("pdu leave points to valid event"))?;
if prev_event.kind == EventType::RoomCreate
&& prev_event.prev_events.is_empty()
{
true
} else if sender != target_user_id {
false
} else if let member::MembershipState::Ban = current_membership {
false
} else if join_rules == join_rules::JoinRule::Invite
&& (current_membership == member::MembershipState::Join
|| current_membership == member::MembershipState::Invite)
{
true
} else if join_rules == join_rules::JoinRule::Public {
true
} else {
false
}
} else if target_membership == member::MembershipState::Invite {
if let Some(third_party_invite_json) = content.get("third_party_invite")
{
if current_membership == member::MembershipState::Ban {
false
} else {
let _third_party_invite =
serde_json::from_value::<member::ThirdPartyInvite>(
third_party_invite_json.clone(),
)?;
todo!("handle third party invites");
}
} else if sender_membership != member::MembershipState::Join {
false
} else if current_membership == member::MembershipState::Join
|| current_membership == member::MembershipState::Ban
{
false
} else if sender_power
.filter(|&p| p >= &power_levels.invite)
.is_some()
{
true
} else {
false
}
} else if target_membership == member::MembershipState::Leave {
if sender == target_user_id {
current_membership == member::MembershipState::Join
|| current_membership == member::MembershipState::Invite
} else if sender_membership != member::MembershipState::Join {
false
} else if current_membership == member::MembershipState::Ban
&& sender_power.filter(|&p| p < &power_levels.ban).is_some()
{
false
} else if sender_power.filter(|&p| p >= &power_levels.kick).is_some()
&& target_power < sender_power
{
true
} else {
false
}
} else if target_membership == member::MembershipState::Ban {
if sender_membership != member::MembershipState::Join {
false
} else if sender_power.filter(|&p| p >= &power_levels.ban).is_some()
&& target_power < sender_power
{
true
} else {
false
}
} else {
false
}
}
_ if power_levels
.users
.get(&sender)
.unwrap_or(&power_levels.users_default)
<= &0.into() =>
{
// Not authorized
return Err(Error::BadRequest("event not authorized"));
EventType::RoomCreate => prev_events.is_empty(),
_ if sender_membership == member::MembershipState::Join => {
// TODO
sender_power.unwrap_or(&power_levels.users_default)
>= &power_levels.state_default
}
// User has sufficient power
_ => {}
_ => false,
} {
error!("Unauthorized");
// Not authorized
return Err(Error::BadRequest("event not authorized"));
}
if event_type == EventType::RoomMember {
// TODO: Don't get this twice
let target_user_id = UserId::try_from(&**state_key)?;
self.update_membership(
&room_id,
&target_user_id,
&serde_json::from_value::<EventJson<member::MemberEventContent>>(
content.clone(),
)?
.deserialize()?
.membership,
)?;
}
}
} else if !self.is_joined(&sender, &room_id)? {
return Err(Error::BadRequest("event not authorized"));
}
// prev_events are the leaves of the current graph. This method removes all leaves from the
// room and replaces them with our event
// TODO: Make sure this isn't called twice in parallel
let prev_events = self.get_pdu_leaves(&room_id)?;
// Our depth is the maximum depth of prev_events + 1
let depth = prev_events
.iter()
@ -206,7 +413,7 @@ impl Rooms {
if let Some(state_key) = &state_key {
if let Some(prev_pdu) = self
.room_state(&room_id)?
.get(&(event_type.clone(), state_key.clone()))
.get(&(event_type.clone(), state_key.to_owned()))
{
unsigned.insert("prev_content".to_owned(), prev_pdu.content.clone());
}
@ -348,63 +555,12 @@ impl Rooms {
.map(|(_, v)| Ok(serde_json::from_slice(&v)?))
}
/// Makes a user join a room.
pub fn join(
/// Makes a user join a room. Only call this if the membership is Join already
fn update_membership(
&self,
room_id: &RoomId,
user_id: &UserId,
users: &super::users::Users,
globals: &super::globals::Globals,
) -> Result<()> {
if !self.exists(room_id)? {
return Err(Error::BadRequest("room does not exist"));
}
let mut userroom_id = user_id.to_string().as_bytes().to_vec();
userroom_id.push(0xff);
userroom_id.extend_from_slice(room_id.to_string().as_bytes());
let mut roomuser_id = room_id.to_string().as_bytes().to_vec();
roomuser_id.push(0xff);
roomuser_id.extend_from_slice(user_id.to_string().as_bytes());
self.userroomid_joined.insert(&userroom_id, &[])?;
self.roomuserid_joined.insert(&roomuser_id, &[])?;
self.userroomid_invited.remove(&userroom_id)?;
self.roomuserid_invited.remove(&roomuser_id)?;
self.userroomid_left.remove(&userroom_id)?;
let mut json = serde_json::Map::new();
json.insert("membership".to_owned(), "join".into());
if let Some(displayname) = users.displayname(&user_id).unwrap() {
json.insert("displayname".to_owned(), displayname.into());
}
if let Some(avatar_url) = users.avatar_url(&user_id).unwrap() {
json.insert("avatar_url".to_owned(), avatar_url.into());
}
self.append_pdu(
room_id.clone(),
user_id.clone(),
EventType::RoomMember,
json.into(),
None,
Some(user_id.to_string()),
globals,
)?;
Ok(())
}
/// Makes a user leave a room.
pub fn leave(
&self,
sender: &UserId,
room_id: &RoomId,
user_id: &UserId,
globals: &super::globals::Globals,
membership: &member::MembershipState,
) -> Result<()> {
let mut userroom_id = user_id.to_string().as_bytes().to_vec();
userroom_id.push(0xff);
@ -414,21 +570,30 @@ impl Rooms {
roomuser_id.push(0xff);
roomuser_id.extend_from_slice(user_id.to_string().as_bytes());
self.userroomid_joined.remove(&userroom_id)?;
self.roomuserid_joined.remove(&roomuser_id)?;
self.userroomid_invited.remove(&userroom_id)?;
self.roomuserid_invited.remove(&userroom_id)?;
self.userroomid_left.insert(&userroom_id, &[])?;
self.append_pdu(
room_id.clone(),
sender.clone(),
EventType::RoomMember,
json!({"membership": "leave"}),
None,
Some(user_id.to_string()),
globals,
)?;
match &membership {
member::MembershipState::Join => {
self.userroomid_joined.insert(&userroom_id, &[])?;
self.roomuserid_joined.insert(&roomuser_id, &[])?;
self.userroomid_invited.remove(&userroom_id)?;
self.roomuserid_invited.remove(&roomuser_id)?;
self.userroomid_left.remove(&userroom_id)?;
}
member::MembershipState::Invite => {
self.userroomid_invited.insert(&userroom_id, &[])?;
self.roomuserid_invited.insert(&roomuser_id, &[])?;
self.userroomid_joined.remove(&userroom_id)?;
self.roomuserid_joined.remove(&roomuser_id)?;
self.userroomid_left.remove(&userroom_id)?;
}
member::MembershipState::Leave | member::MembershipState::Ban => {
self.userroomid_left.insert(&userroom_id, &[])?;
self.userroomid_joined.remove(&userroom_id)?;
self.roomuserid_joined.remove(&roomuser_id)?;
self.userroomid_invited.remove(&userroom_id)?;
self.roomuserid_invited.remove(&roomuser_id)?;
}
_ => {}
}
Ok(())
}
@ -444,38 +609,6 @@ impl Rooms {
Ok(())
}
/// Makes a user invite another user into room.
pub fn invite(
&self,
sender: &UserId,
room_id: &RoomId,
user_id: &UserId,
globals: &super::globals::Globals,
) -> Result<()> {
let mut userroom_id = user_id.to_string().as_bytes().to_vec();
userroom_id.push(0xff);
userroom_id.extend_from_slice(room_id.to_string().as_bytes());
let mut roomuser_id = room_id.to_string().as_bytes().to_vec();
roomuser_id.push(0xff);
roomuser_id.extend_from_slice(user_id.to_string().as_bytes());
self.userroomid_invited.insert(userroom_id, &[])?;
self.roomuserid_invited.insert(roomuser_id, &[])?;
self.append_pdu(
room_id.clone(),
sender.clone(),
EventType::RoomMember,
json!({"membership": "invite"}),
None,
Some(user_id.to_string()),
globals,
)?;
Ok(())
}
/// Returns an iterator over all rooms a user joined.
pub fn room_members(&self, room_id: &RoomId) -> impl Iterator<Item = Result<UserId>> {
self.roomuserid_joined
@ -550,4 +683,28 @@ impl Rooms {
)?)?)
})
}
pub fn is_joined(&self, user_id: &UserId, room_id: &RoomId) -> Result<bool> {
let mut userroom_id = user_id.to_string().as_bytes().to_vec();
userroom_id.push(0xff);
userroom_id.extend_from_slice(room_id.to_string().as_bytes());
Ok(self.userroomid_joined.get(userroom_id)?.is_some())
}
pub fn is_invited(&self, user_id: &UserId, room_id: &RoomId) -> Result<bool> {
let mut userroom_id = user_id.to_string().as_bytes().to_vec();
userroom_id.push(0xff);
userroom_id.extend_from_slice(room_id.to_string().as_bytes());
Ok(self.userroomid_invited.get(userroom_id)?.is_some())
}
pub fn is_left(&self, user_id: &UserId, room_id: &RoomId) -> Result<bool> {
let mut userroom_id = user_id.to_string().as_bytes().to_vec();
userroom_id.push(0xff);
userroom_id.extend_from_slice(room_id.to_string().as_bytes());
Ok(self.userroomid_left.get(userroom_id)?.is_some())
}
}

9
src/ruma_wrapper.rs
View file

@ -1,3 +1,4 @@
use crate::utils;
use log::warn;
use rocket::{
data::{Data, FromData, FromDataFuture, Transform, TransformFuture, Transformed},
@ -16,10 +17,10 @@ const MESSAGE_LIMIT: u64 = 20 * 1024 * 1024; // 20 MB
/// This struct converts rocket requests into ruma structs by converting them into http requests
/// first.
pub struct Ruma<T> {
body: T,
pub body: T,
pub user_id: Option<UserId>,
pub device_id: Option<String>,
pub json_body: Option<serde_json::Value>, // This is None if parsing failed (for raw byte bodies)
pub json_body: Option<Box<serde_json::value::RawValue>>, // This is None when body is not a valid string
}
impl<'a, T: Endpoint> FromData<'a> for Ruma<T> {
@ -86,7 +87,9 @@ impl<'a, T: Endpoint> FromData<'a> for Ruma<T> {
user_id,
device_id,
// TODO: Can we avoid parsing it again? (We only need this for append_pdu)
json_body: serde_json::from_slice(&body).ok()
json_body: utils::string_from_bytes(&body)
.ok()
.and_then(|s| serde_json::value::RawValue::from_string(s).ok()),
}),
Err(e) => {
warn!("{:?}", e);