perf: Don't handle expensive requests for rooms we aren't in
Mostly borrowed from dendrite: https://github.com/element-hq/dendrite/blob/a042861/federationapi/routing/routing.go#L601
This commit is contained in:
timedout
Ellis Git
parent
a047199fb4
commit
c4a9f7a6d1
8 changed files with 109 additions and 7 deletions
|
|
@ -2,7 +2,7 @@ use std::cmp;
|
|||
|
||||
use axum::extract::State;
|
||||
use conduwuit::{
|
||||
Event, PduCount, Result,
|
||||
Err, Event, PduCount, Result, debug_warn,
|
||||
result::LogErr,
|
||||
utils::{IterStream, ReadyExt, stream::TryTools},
|
||||
};
|
||||
|
|
@ -34,6 +34,18 @@ pub(crate) async fn get_backfill_route(
|
|||
}
|
||||
.check()
|
||||
.await?;
|
||||
if !services
|
||||
.rooms
|
||||
.state_cache
|
||||
.server_in_room(services.globals.server_name(), &body.room_id)
|
||||
.await
|
||||
{
|
||||
debug_warn!(
|
||||
origin = body.origin().as_str(),
|
||||
"Refusing to serve backfill for room we aren't participating in"
|
||||
);
|
||||
return Err!(Request(NotFound("This server is not participating in that room.")));
|
||||
}
|
||||
|
||||
let limit = body
|
||||
.limit
|
||||
|
|
|
|||
|
|
@ -1,7 +1,9 @@
|
|||
use std::borrow::ToOwned;
|
||||
|
||||
use axum::extract::State;
|
||||
use conduwuit::{Err, Error, Result, debug, debug_info, info, matrix::pdu::PduBuilder, warn};
|
||||
use conduwuit::{
|
||||
Err, Error, Result, debug, debug_info, debug_warn, info, matrix::pdu::PduBuilder, warn,
|
||||
};
|
||||
use conduwuit_service::Services;
|
||||
use futures::StreamExt;
|
||||
use ruma::{
|
||||
|
|
@ -30,6 +32,18 @@ pub(crate) async fn create_join_event_template_route(
|
|||
if !services.rooms.metadata.exists(&body.room_id).await {
|
||||
return Err!(Request(NotFound("Room is unknown to this server.")));
|
||||
}
|
||||
if !services
|
||||
.rooms
|
||||
.state_cache
|
||||
.server_in_room(services.globals.server_name(), &body.room_id)
|
||||
.await
|
||||
{
|
||||
debug_warn!(
|
||||
origin = body.origin().as_str(),
|
||||
"Refusing to serve make_join for room we aren't participating in"
|
||||
);
|
||||
return Err!(Request(NotFound("This server is not participating in that room.")));
|
||||
}
|
||||
|
||||
if body.user_id.server_name() != body.origin() {
|
||||
return Err!(Request(BadJson("Not allowed to join on behalf of another server/user.")));
|
||||
|
|
|
|||
|
|
@ -20,6 +20,18 @@ pub(crate) async fn create_knock_event_template_route(
|
|||
if !services.rooms.metadata.exists(&body.room_id).await {
|
||||
return Err!(Request(NotFound("Room is unknown to this server.")));
|
||||
}
|
||||
if !services
|
||||
.rooms
|
||||
.state_cache
|
||||
.server_in_room(services.globals.server_name(), &body.room_id)
|
||||
.await
|
||||
{
|
||||
debug_warn!(
|
||||
origin = body.origin().as_str(),
|
||||
"Refusing to serve make_knock for room we aren't participating in"
|
||||
);
|
||||
return Err!(Request(NotFound("This server is not participating in that room.")));
|
||||
}
|
||||
|
||||
if body.user_id.server_name() != body.origin() {
|
||||
return Err!(Request(BadJson("Not allowed to knock on behalf of another server/user.")));
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
use axum::extract::State;
|
||||
use conduwuit::{Err, Result, matrix::pdu::PduBuilder};
|
||||
use conduwuit::{Err, Result, debug_warn, matrix::pdu::PduBuilder};
|
||||
use ruma::{
|
||||
api::federation::membership::prepare_leave_event,
|
||||
events::room::member::{MembershipState, RoomMemberEventContent},
|
||||
|
|
@ -20,6 +20,19 @@ pub(crate) async fn create_leave_event_template_route(
|
|||
return Err!(Request(NotFound("Room is unknown to this server.")));
|
||||
}
|
||||
|
||||
if !services
|
||||
.rooms
|
||||
.state_cache
|
||||
.server_in_room(services.globals.server_name(), &body.room_id)
|
||||
.await
|
||||
{
|
||||
debug_warn!(
|
||||
origin = body.origin().as_str(),
|
||||
"Refusing to serve make_leave for room we aren't participating in"
|
||||
);
|
||||
return Err!(Request(NotFound("This server is not participating in that room.")));
|
||||
}
|
||||
|
||||
if body.user_id.server_name() != body.origin() {
|
||||
return Err!(Request(Forbidden(
|
||||
"Not allowed to leave on behalf of another server/user."
|
||||
|
|
|
|||
|
|
@ -4,7 +4,7 @@ use std::{borrow::Borrow, time::Instant, vec};
|
|||
|
||||
use axum::extract::State;
|
||||
use conduwuit::{
|
||||
Err, Event, Result, at, debug, err, info,
|
||||
Err, Event, Result, at, debug, debug_warn, err, info,
|
||||
matrix::event::gen_event_id_canonical_json,
|
||||
trace,
|
||||
utils::stream::{BroadbandExt, IterStream, TryBroadbandExt},
|
||||
|
|
@ -36,6 +36,18 @@ async fn create_join_event(
|
|||
if !services.rooms.metadata.exists(room_id).await {
|
||||
return Err!(Request(NotFound("Room is unknown to this server.")));
|
||||
}
|
||||
if !services
|
||||
.rooms
|
||||
.state_cache
|
||||
.server_in_room(services.globals.server_name(), room_id)
|
||||
.await
|
||||
{
|
||||
debug_warn!(
|
||||
origin = origin.as_str(),
|
||||
"Refusing to serve send_join for room we aren't participating in"
|
||||
);
|
||||
return Err!(Request(NotFound("This server is not participating in that room.")));
|
||||
}
|
||||
|
||||
// ACL check origin server
|
||||
services
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
use axum::extract::State;
|
||||
use conduwuit::{
|
||||
Err, Result, err,
|
||||
Err, Result, debug_warn, err,
|
||||
matrix::{event::gen_event_id_canonical_json, pdu::PduEvent},
|
||||
warn,
|
||||
};
|
||||
|
|
@ -54,6 +54,19 @@ pub(crate) async fn create_knock_event_v1_route(
|
|||
return Err!(Request(NotFound("Room is unknown to this server.")));
|
||||
}
|
||||
|
||||
if !services
|
||||
.rooms
|
||||
.state_cache
|
||||
.server_in_room(services.globals.server_name(), &body.room_id)
|
||||
.await
|
||||
{
|
||||
debug_warn!(
|
||||
origin = body.origin().as_str(),
|
||||
"Refusing to serve send_knock for room we aren't participating in"
|
||||
);
|
||||
return Err!(Request(NotFound("This server is not participating in that room.")));
|
||||
}
|
||||
|
||||
// ACL check origin server
|
||||
services
|
||||
.rooms
|
||||
|
|
|
|||
|
|
@ -1,7 +1,7 @@
|
|||
#![allow(deprecated)]
|
||||
|
||||
use axum::extract::State;
|
||||
use conduwuit::{Err, Result, err, matrix::event::gen_event_id_canonical_json};
|
||||
use conduwuit::{Err, Result, debug_warn, err, matrix::event::gen_event_id_canonical_json};
|
||||
use conduwuit_service::Services;
|
||||
use futures::FutureExt;
|
||||
use ruma::{
|
||||
|
|
@ -50,6 +50,19 @@ async fn create_leave_event(
|
|||
return Err!(Request(NotFound("Room is unknown to this server.")));
|
||||
}
|
||||
|
||||
if !services
|
||||
.rooms
|
||||
.state_cache
|
||||
.server_in_room(services.globals.server_name(), room_id)
|
||||
.await
|
||||
{
|
||||
debug_warn!(
|
||||
origin = origin.as_str(),
|
||||
"Refusing to serve backfill for room we aren't participating in"
|
||||
);
|
||||
return Err!(Request(NotFound("This server is not participating in that room.")));
|
||||
}
|
||||
|
||||
// ACL check origin
|
||||
services
|
||||
.rooms
|
||||
|
|
|
|||
|
|
@ -1,7 +1,7 @@
|
|||
use std::{borrow::Borrow, iter::once};
|
||||
|
||||
use axum::extract::State;
|
||||
use conduwuit::{Result, at, err, utils::IterStream};
|
||||
use conduwuit::{Err, Result, at, debug_warn, err, utils::IterStream};
|
||||
use futures::{FutureExt, StreamExt, TryStreamExt};
|
||||
use ruma::{OwnedEventId, api::federation::event::get_room_state};
|
||||
|
||||
|
|
@ -24,6 +24,19 @@ pub(crate) async fn get_room_state_route(
|
|||
.check()
|
||||
.await?;
|
||||
|
||||
if !services
|
||||
.rooms
|
||||
.state_cache
|
||||
.server_in_room(services.globals.server_name(), &body.room_id)
|
||||
.await
|
||||
{
|
||||
debug_warn!(
|
||||
origin = body.origin().as_str(),
|
||||
"Refusing to serve state for room we aren't participating in"
|
||||
);
|
||||
return Err!(Request(NotFound("This server is not participating in that room.")));
|
||||
}
|
||||
|
||||
let shortstatehash = services
|
||||
.rooms
|
||||
.state_accessor
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue