From 34e8fd38cf91e6350b564697fcbb953e6a3e2036 Mon Sep 17 00:00:00 2001
From: strawberry <strawberry@puppygock.gay>
Date: Sat, 2 Mar 2024 21:49:04 -0500
Subject: [PATCH] extend room banning to local+remote room invites
Signed-off-by: strawberry <strawberry@puppygock.gay>
---
src/api/client_server/membership.rs | 21 +++++++++++++++++++++
src/api/server_server.rs | 12 ++++++++++++
src/service/admin/mod.rs | 2 +-
3 files changed, 34 insertions(+), 1 deletion(-)
diff --git a/src/api/client_server/membership.rs b/src/api/client_server/membership.rs
index 1081a6fda..ba3fdae79 100644
--- a/src/api/client_server/membership.rs
+++ b/src/api/client_server/membership.rs
@@ -201,6 +201,17 @@ pub async fn invite_user_route(
));
}
+ if services().rooms.metadata.is_banned(&body.room_id)? && !services().users.is_admin(sender_user)? {
+ info!(
+ "Local user {} who is not an admin attempted to send an invite for banned room {}.",
+ &sender_user, &body.room_id
+ );
+ return Err(Error::BadRequest(
+ ErrorKind::Forbidden,
+ "This room is banned on this homeserver.",
+ ));
+ }
+
if let invite_user::v3::InvitationRecipient::UserId { user_id } = &body.recipient {
invite_helper(
sender_user,
@@ -1285,6 +1296,16 @@ pub(crate) async fn invite_helper(
reason: Option<String>,
is_direct: bool,
) -> Result<()> {
+ if !services().users.is_admin(user_id)? && services().globals.block_non_admin_invites() {
+ info!(
+ "User {sender_user} is not an admin and attempted to send an invite to room {room_id}"
+ );
+ return Err(Error::BadRequest(
+ ErrorKind::Forbidden,
+ "Invites are not allowed on this server.",
+ ));
+ }
+
if user_id.server_name() != services().globals.server_name() {
let (pdu, pdu_json, invite_room_state) = {
let mutex_state = Arc::clone(
diff --git a/src/api/server_server.rs b/src/api/server_server.rs
index 7c1480d1a..69c625628 100644
--- a/src/api/server_server.rs
+++ b/src/api/server_server.rs
@@ -1852,6 +1852,7 @@ pub async fn create_invite_route(
"This server does not allow room invites.",
));
}
+
services()
.rooms
.event_handler
@@ -1921,6 +1922,17 @@ pub async fn create_invite_route(
)
.map_err(|_| Error::BadRequest(ErrorKind::InvalidParam, "state_key is not a user id."))?;
+ if services().rooms.metadata.is_banned(&body.room_id)? && !services().users.is_admin(&invited_user)? {
+ info!(
+ "Received remote invite from server {} for room {} and for user {invited_user}, but room is banned by us.",
+ &sender_servername, &body.room_id
+ );
+ return Err(Error::BadRequest(
+ ErrorKind::Forbidden,
+ "This room is banned on this homeserver.",
+ ));
+ }
+
let mut invite_state = body.invite_room_state.clone();
let mut event: JsonObject = serde_json::from_str(body.event.get())
diff --git a/src/service/admin/mod.rs b/src/service/admin/mod.rs
index d69603c77..1cb08bb21 100644
--- a/src/service/admin/mod.rs
+++ b/src/service/admin/mod.rs
@@ -212,7 +212,7 @@ enum RoomCommand {
#[cfg_attr(test, derive(Debug))]
#[derive(Subcommand)]
enum RoomModeration {
- /// - Bans a room from local users joining and evicts all our local users from the room.
+ /// - Bans a room from local users joining and evicts all our local users from the room. Also blocks any invites (local and remote) for the banned room.
///
/// Server admins (users in the conduwuit admin room) will not be evicted and server admins can still join the room.
/// To evict admins too, use --force (also ignores errors)
--
GitLab