diff options
author | Timo Kösters <timo@koesters.xyz> | 2023-02-22 15:49:55 +0100 |
---|---|---|
committer | Timo Kösters <timo@koesters.xyz> | 2023-03-13 10:39:18 +0100 |
commit | 10fa686c77637ed2837ff6348ccbdebeff9dcae3 (patch) | |
tree | fff17030d14501815eaab45ea1bc40748ba7fe24 /src/api/server_server.rs | |
parent | 2a16a5e967ff15052fe03313711dda89d0f95232 (diff) | |
download | conduit-10fa686c77637ed2837ff6348ccbdebeff9dcae3.zip |
feat: respect history visibility
Diffstat (limited to 'src/api/server_server.rs')
-rw-r--r-- | src/api/server_server.rs | 21 |
1 files changed, 21 insertions, 0 deletions
diff --git a/src/api/server_server.rs b/src/api/server_server.rs index adf4bc2..0247369 100644 --- a/src/api/server_server.rs +++ b/src/api/server_server.rs @@ -954,6 +954,17 @@ pub async fn get_event_route( )); } + if !services().rooms.state_accessor.server_can_see_event( + sender_servername, + &room_id, + &body.event_id, + )? { + return Err(Error::BadRequest( + ErrorKind::Forbidden, + "Server is not allowed to see event.", + )); + } + Ok(get_event::v1::Response { origin: services().globals.server_name().to_owned(), origin_server_ts: MilliSecondsSinceUnixEpoch::now(), @@ -1098,6 +1109,16 @@ pub async fn get_missing_events_route( i += 1; continue; } + + if !services().rooms.state_accessor.server_can_see_event( + sender_servername, + &body.room_id, + &queued_events[i], + )? { + i += 1; + continue; + } + queued_events.extend_from_slice( &serde_json::from_value::<Vec<OwnedEventId>>( serde_json::to_value(pdu.get("prev_events").cloned().ok_or_else(|| { |