From eda84cd915e7e9bb5481e495d2caba17c32d59f9 Mon Sep 17 00:00:00 2001
From: Matthew Hodgson <matthew@matrix.org>
Date: Thu, 3 Sep 2020 22:15:30 +0100
Subject: [PATCH] reject peeks for non-worldreadable rooms

---
 roomserver/internal/perform_peek.go | 26 ++++++++++++++++++++++++++
 1 file changed, 26 insertions(+)

diff --git a/roomserver/internal/perform_peek.go b/roomserver/internal/perform_peek.go
index 4f080737..670752b0 100644
--- a/roomserver/internal/perform_peek.go
+++ b/roomserver/internal/perform_peek.go
@@ -16,12 +16,14 @@ package internal
 
 import (
 	"context"
+	"encoding/json"
 	"fmt"
 	"strings"
 
 	fsAPI "github.com/matrix-org/dendrite/federationsender/api"
 	"github.com/matrix-org/dendrite/roomserver/api"
 	"github.com/matrix-org/gomatrixserverlib"
+	"github.com/matrix-org/util"
 	"github.com/sirupsen/logrus"
 )
 
@@ -144,6 +146,30 @@ func (r *RoomserverInternalAPI) performPeekRoomByID(
 		req.ServerNames = append(req.ServerNames, domain)
 	}
 
+	// If this room isn't world_readable, we reject.
+	// XXX: would be nicer to call this with NIDs
+	// XXX: we should probably factor out history_visibility checks into a common utility method somewhere
+	// which handles the default value etc.
+	var worldReadable = false
+	ev, err := r.DB.GetStateEvent(ctx, roomID, "m.room.history_visibility", "")
+	if ev != nil {
+		content := map[string]string{}
+		if err = json.Unmarshal(ev.Content(), &content); err != nil {
+			util.GetLogger(ctx).WithError(err).Error("json.Unmarshal for history visibility failed")
+			return
+		}
+		if visibility, ok := content["history_visibility"]; ok {
+			worldReadable = visibility == "world_readable"
+		}
+	}
+
+	if !worldReadable {
+		return "", &api.PerformError{
+			Code: api.PerformErrorNotAllowed,
+			Msg: "Room is not world-readable",
+		}
+	}
+
 	// TODO: handle federated peeks
 
 	err = r.WriteOutputEvents(roomID, []api.OutputEvent{