Support for server ACLs (#1261)

* First pass at server ACLs (not efficient) * Use transaction origin, update whitelist * Fix federation API test It's sufficient for us to return nothing in response to current state, so that the server ACL check returns no ACLs. * More efficient server ACLs - hopefully * Fix queries * Fix queries * Avoid panics by nil pointers * Bug fixes * Fix state event type * Fix mutex * Update logging * Ignore port when matching servername * Use read mutex * Fix bugs * Fix sync API test * Comments * Add tests, tweaks to behaviour * Fix test output
2025-08-01 13:52:46 +00:00 · 2020-08-11 18:19:11 +01:00 · 2020-08-11 18:19:11 +01:00 · bcdf9577a3
commit bcdf9577a3
parent 8b6ab272fb
20 changed files with 581 additions and 16 deletions
--- a/currentstateserver/internal/api.go
+++ b/currentstateserver/internal/api.go
@ -16,15 +16,18 @@ package internal

 import (
 	"context"
+	"errors"

 	"github.com/matrix-org/dendrite/clientapi/auth/authtypes"
+	"github.com/matrix-org/dendrite/currentstateserver/acls"
 	"github.com/matrix-org/dendrite/currentstateserver/api"
 	"github.com/matrix-org/dendrite/currentstateserver/storage"
 	"github.com/matrix-org/gomatrixserverlib"
 )

 type CurrentStateInternalAPI struct {
-	DB storage.Database
+	DB         storage.Database
+	ServerACLs *acls.ServerACLs
 }

 func (a *CurrentStateInternalAPI) QueryCurrentState(ctx context.Context, req *api.QueryCurrentStateRequest, res *api.QueryCurrentStateResponse) error {
@ -112,3 +115,11 @@ func (a *CurrentStateInternalAPI) QuerySharedUsers(ctx context.Context, req *api
 	res.UserIDsToCount = users
 	return nil
 }
+
+func (a *CurrentStateInternalAPI) QueryServerBannedFromRoom(ctx context.Context, req *api.QueryServerBannedFromRoomRequest, res *api.QueryServerBannedFromRoomResponse) error {
+	if a.ServerACLs == nil {
+		return errors.New("no server ACL tracking")
+	}
+	res.Banned = a.ServerACLs.IsServerBannedFromRoom(req.ServerName, req.RoomID)
+	return nil
+}