diff --git a/roomserver/auth/history_visibility.go b/roomserver/auth/history_visibility.go index badd5c50..24e0edd2 100644 --- a/roomserver/auth/history_visibility.go +++ b/roomserver/auth/history_visibility.go @@ -94,8 +94,8 @@ func HistoryVisibilityForRoom(hisVisEvent *gomatrixserverlib.Event) (string, err return visibility, nil } -func IsAnyUserOnServerWithMembership(serverName gomatrixserverlib.ServerName, authEvents []gomatrixserverlib.Event, wantMembership string) bool { - for _, ev := range authEvents { +func IsAnyUserOnServerWithMembership(serverName gomatrixserverlib.ServerName, membershipEvents []gomatrixserverlib.Event, wantMembership string) bool { + for _, ev := range membershipEvents { membership, err := ev.Membership() if err != nil || membership != wantMembership { continue diff --git a/roomserver/internal/perform/perform_backfill.go b/roomserver/internal/perform/perform_backfill.go index ef89d3c6..eda6348f 100644 --- a/roomserver/internal/perform/perform_backfill.go +++ b/roomserver/internal/perform/perform_backfill.go @@ -491,24 +491,28 @@ func joinEventsFromHistoryVisibility( break } } - if historyVisibilityNID == 0 { - return nil, fmt.Errorf("no history visibility event for room %s", roomID) - } - stateEvents, err := db.Events(ctx, []types.EventNID{historyVisibilityNID}) - if err != nil { - return nil, err - } - if len(stateEvents) != 1 { - return nil, fmt.Errorf("failed to load history visibility event nid %d", historyVisibilityNID) - } - var hisVisEvent *gomatrixserverlib.Event - if stateEvents[0].Type() == gomatrixserverlib.MRoomHistoryVisibility && stateEvents[0].StateKeyEquals("") { - hisVisEvent = &stateEvents[0].Event - } - visibility, err := auth.HistoryVisibilityForRoom(hisVisEvent) - if err != nil { - return nil, err + + // by default visibility is shared if there is no history visibility event + visibility := "shared" + if historyVisibilityNID != 0 { + // load the event and check it + stateEvents, err := db.Events(ctx, []types.EventNID{historyVisibilityNID}) + if err != nil { + return nil, err + } + if len(stateEvents) != 1 { + return nil, fmt.Errorf("failed to load history visibility event nid %d", historyVisibilityNID) + } + var hisVisEvent *gomatrixserverlib.Event + if stateEvents[0].Type() == gomatrixserverlib.MRoomHistoryVisibility && stateEvents[0].StateKeyEquals("") { + hisVisEvent = &stateEvents[0].Event + } + visibility, err = auth.HistoryVisibilityForRoom(hisVisEvent) + if err != nil { + return nil, err + } } + if visibility != "shared" { logrus.Infof("ServersAtEvent history visibility not shared: %s", visibility) return nil, nil diff --git a/syncapi/internal/history_visibility.go b/syncapi/internal/history_visibility.go new file mode 100644 index 00000000..0e5e031e --- /dev/null +++ b/syncapi/internal/history_visibility.go @@ -0,0 +1,29 @@ +// Copyright 2020 The Matrix.org Foundation C.I.C. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package internal + +import ( + "context" + + "github.com/matrix-org/gomatrixserverlib" +) + +// ApplyHistoryVisibilityChecks removes items from the input slice if the user is not allowed +// to see these events. +func ApplyHistoryVisibilityChecks( + ctx context.Context, userID string, events []gomatrixserverlib.HeaderedEvent, +) []gomatrixserverlib.HeaderedEvent { + return events +} diff --git a/syncapi/routing/messages.go b/syncapi/routing/messages.go index 0999d3e8..16ad8a91 100644 --- a/syncapi/routing/messages.go +++ b/syncapi/routing/messages.go @@ -24,8 +24,10 @@ import ( "github.com/matrix-org/dendrite/clientapi/jsonerror" "github.com/matrix-org/dendrite/internal/config" "github.com/matrix-org/dendrite/roomserver/api" + "github.com/matrix-org/dendrite/syncapi/internal" "github.com/matrix-org/dendrite/syncapi/storage" "github.com/matrix-org/dendrite/syncapi/types" + userapi "github.com/matrix-org/dendrite/userapi/api" "github.com/matrix-org/gomatrixserverlib" "github.com/matrix-org/util" "github.com/sirupsen/logrus" @@ -44,6 +46,7 @@ type messagesReq struct { wasToProvided bool limit int backwardOrdering bool + requester string // user ID } type messagesResp struct { @@ -58,7 +61,7 @@ const defaultMessagesLimit = 10 // client-server API. // See: https://matrix.org/docs/spec/client_server/latest.html#get-matrix-client-r0-rooms-roomid-messages func OnIncomingMessagesRequest( - req *http.Request, db storage.Database, roomID string, + req *http.Request, device *userapi.Device, db storage.Database, roomID string, federation *gomatrixserverlib.FederationClient, rsAPI api.RoomserverInternalAPI, cfg *config.SyncAPI, @@ -151,6 +154,7 @@ func OnIncomingMessagesRequest( wasToProvided: wasToProvided, limit: limit, backwardOrdering: backwardOrdering, + requester: device.UserID, } clientEvents, start, end, err := mReq.retrieveEvents() @@ -239,6 +243,8 @@ func (r *messagesReq) retrieveEvents() ( events = reversed(events) } + events = internal.ApplyHistoryVisibilityChecks(r.ctx, r.requester, events) + // Convert all of the events into client events. clientEvents = gomatrixserverlib.HeaderedToClientEvents(events, gomatrixserverlib.FormatAll) // Get the position of the first and the last event in the room's topology. diff --git a/syncapi/routing/routing.go b/syncapi/routing/routing.go index f42679c6..fb9f272a 100644 --- a/syncapi/routing/routing.go +++ b/syncapi/routing/routing.go @@ -51,7 +51,7 @@ func Setup( if err != nil { return util.ErrorResponse(err) } - return OnIncomingMessagesRequest(req, syncDB, vars["roomID"], federation, rsAPI, cfg) + return OnIncomingMessagesRequest(req, device, syncDB, vars["roomID"], federation, rsAPI, cfg) })).Methods(http.MethodGet, http.MethodOptions) r0mux.Handle("/user/{userId}/filter",