diff --git a/src/api/server/backfill.rs b/src/api/server/backfill.rs index ba3fb8a4..dc3520ed 100644 --- a/src/api/server/backfill.rs +++ b/src/api/server/backfill.rs @@ -2,7 +2,7 @@ use std::cmp; use axum::extract::State; use conduwuit::{ - Event, PduCount, Result, + Err, Event, PduCount, Result, debug_warn, result::LogErr, utils::{IterStream, ReadyExt, stream::TryTools}, }; @@ -34,6 +34,18 @@ pub(crate) async fn get_backfill_route( } .check() .await?; + if !services + .rooms + .state_cache + .server_in_room(services.globals.server_name(), &body.room_id) + .await + { + debug_warn!( + origin = body.origin().as_str(), + "Refusing to serve backfill for room we aren't participating in" + ); + return Err!(Request(NotFound("This server is not participating in that room."))); + } let limit = body .limit diff --git a/src/api/server/make_join.rs b/src/api/server/make_join.rs index 956af53b..a4b28bb8 100644 --- a/src/api/server/make_join.rs +++ b/src/api/server/make_join.rs @@ -1,7 +1,9 @@ use std::borrow::ToOwned; use axum::extract::State; -use conduwuit::{Err, Error, Result, debug, debug_info, info, matrix::pdu::PduBuilder, warn}; +use conduwuit::{ + Err, Error, Result, debug, debug_info, debug_warn, info, matrix::pdu::PduBuilder, warn, +}; use conduwuit_service::Services; use futures::StreamExt; use ruma::{ @@ -30,6 +32,18 @@ pub(crate) async fn create_join_event_template_route( if !services.rooms.metadata.exists(&body.room_id).await { return Err!(Request(NotFound("Room is unknown to this server."))); } + if !services + .rooms + .state_cache + .server_in_room(services.globals.server_name(), &body.room_id) + .await + { + debug_warn!( + origin = body.origin().as_str(), + "Refusing to serve make_join for room we aren't participating in" + ); + return Err!(Request(NotFound("This server is not participating in that room."))); + } if body.user_id.server_name() != body.origin() { return Err!(Request(BadJson("Not allowed to join on behalf of another server/user."))); diff --git a/src/api/server/make_knock.rs b/src/api/server/make_knock.rs index 847b99bb..23a680a6 100644 --- a/src/api/server/make_knock.rs +++ b/src/api/server/make_knock.rs @@ -20,6 +20,18 @@ pub(crate) async fn create_knock_event_template_route( if !services.rooms.metadata.exists(&body.room_id).await { return Err!(Request(NotFound("Room is unknown to this server."))); } + if !services + .rooms + .state_cache + .server_in_room(services.globals.server_name(), &body.room_id) + .await + { + debug_warn!( + origin = body.origin().as_str(), + "Refusing to serve make_knock for room we aren't participating in" + ); + return Err!(Request(NotFound("This server is not participating in that room."))); + } if body.user_id.server_name() != body.origin() { return Err!(Request(BadJson("Not allowed to knock on behalf of another server/user."))); diff --git a/src/api/server/make_leave.rs b/src/api/server/make_leave.rs index 6640f8a1..c4e10b41 100644 --- a/src/api/server/make_leave.rs +++ b/src/api/server/make_leave.rs @@ -1,5 +1,5 @@ use axum::extract::State; -use conduwuit::{Err, Result, matrix::pdu::PduBuilder}; +use conduwuit::{Err, Result, debug_warn, matrix::pdu::PduBuilder}; use ruma::{ api::federation::membership::prepare_leave_event, events::room::member::{MembershipState, RoomMemberEventContent}, @@ -20,6 +20,19 @@ pub(crate) async fn create_leave_event_template_route( return Err!(Request(NotFound("Room is unknown to this server."))); } + if !services + .rooms + .state_cache + .server_in_room(services.globals.server_name(), &body.room_id) + .await + { + debug_warn!( + origin = body.origin().as_str(), + "Refusing to serve make_leave for room we aren't participating in" + ); + return Err!(Request(NotFound("This server is not participating in that room."))); + } + if body.user_id.server_name() != body.origin() { return Err!(Request(Forbidden( "Not allowed to leave on behalf of another server/user." diff --git a/src/api/server/send_join.rs b/src/api/server/send_join.rs index 2b9c5c5a..ab99ec03 100644 --- a/src/api/server/send_join.rs +++ b/src/api/server/send_join.rs @@ -4,7 +4,7 @@ use std::{borrow::Borrow, time::Instant, vec}; use axum::extract::State; use conduwuit::{ - Err, Event, Result, at, debug, err, info, + Err, Event, Result, at, debug, debug_warn, err, info, matrix::event::gen_event_id_canonical_json, trace, utils::stream::{BroadbandExt, IterStream, TryBroadbandExt}, @@ -36,6 +36,18 @@ async fn create_join_event( if !services.rooms.metadata.exists(room_id).await { return Err!(Request(NotFound("Room is unknown to this server."))); } + if !services + .rooms + .state_cache + .server_in_room(services.globals.server_name(), room_id) + .await + { + debug_warn!( + origin = origin.as_str(), + "Refusing to serve send_join for room we aren't participating in" + ); + return Err!(Request(NotFound("This server is not participating in that room."))); + } // ACL check origin server services diff --git a/src/api/server/send_knock.rs b/src/api/server/send_knock.rs index 2f4a9ae6..cbe3ed57 100644 --- a/src/api/server/send_knock.rs +++ b/src/api/server/send_knock.rs @@ -1,6 +1,6 @@ use axum::extract::State; use conduwuit::{ - Err, Result, err, + Err, Result, debug_warn, err, matrix::{event::gen_event_id_canonical_json, pdu::PduEvent}, warn, }; @@ -54,6 +54,19 @@ pub(crate) async fn create_knock_event_v1_route( return Err!(Request(NotFound("Room is unknown to this server."))); } + if !services + .rooms + .state_cache + .server_in_room(services.globals.server_name(), &body.room_id) + .await + { + debug_warn!( + origin = body.origin().as_str(), + "Refusing to serve send_knock for room we aren't participating in" + ); + return Err!(Request(NotFound("This server is not participating in that room."))); + } + // ACL check origin server services .rooms diff --git a/src/api/server/send_leave.rs b/src/api/server/send_leave.rs index b6336e1a..2842fd2f 100644 --- a/src/api/server/send_leave.rs +++ b/src/api/server/send_leave.rs @@ -1,7 +1,7 @@ #![allow(deprecated)] use axum::extract::State; -use conduwuit::{Err, Result, err, matrix::event::gen_event_id_canonical_json}; +use conduwuit::{Err, Result, debug_warn, err, matrix::event::gen_event_id_canonical_json}; use conduwuit_service::Services; use futures::FutureExt; use ruma::{ @@ -50,6 +50,19 @@ async fn create_leave_event( return Err!(Request(NotFound("Room is unknown to this server."))); } + if !services + .rooms + .state_cache + .server_in_room(services.globals.server_name(), room_id) + .await + { + debug_warn!( + origin = origin.as_str(), + "Refusing to serve backfill for room we aren't participating in" + ); + return Err!(Request(NotFound("This server is not participating in that room."))); + } + // ACL check origin services .rooms diff --git a/src/api/server/state.rs b/src/api/server/state.rs index 8c786815..39b908a0 100644 --- a/src/api/server/state.rs +++ b/src/api/server/state.rs @@ -1,7 +1,7 @@ use std::{borrow::Borrow, iter::once}; use axum::extract::State; -use conduwuit::{Result, at, err, utils::IterStream}; +use conduwuit::{Err, Result, at, debug_warn, err, utils::IterStream}; use futures::{FutureExt, StreamExt, TryStreamExt}; use ruma::{OwnedEventId, api::federation::event::get_room_state}; @@ -24,6 +24,19 @@ pub(crate) async fn get_room_state_route( .check() .await?; + if !services + .rooms + .state_cache + .server_in_room(services.globals.server_name(), &body.room_id) + .await + { + debug_warn!( + origin = body.origin().as_str(), + "Refusing to serve state for room we aren't participating in" + ); + return Err!(Request(NotFound("This server is not participating in that room."))); + } + let shortstatehash = services .rooms .state_accessor