Merge branch 'nyaaori/admin-check' into 'next'

Implement admin check and add config option for allowing room creation

See merge request famedly/conduit!211
This commit is contained in:
Timo Kösters 2021-10-15 10:47:55 +00:00
commit 335027e739
4 changed files with 34 additions and 1 deletions

View file

@ -61,6 +61,16 @@ pub async fn create_room_route(
);
let state_lock = mutex_state.lock().await;
if !db.globals.allow_room_creation()
&& !body.from_appservice
&& !db.users.is_admin(sender_user, &db.rooms, &db.globals)?
{
return Err(Error::BadRequest(
ErrorKind::Forbidden,
"Room creation has been disabled.",
));
}
let alias: Option<RoomAliasId> =
body.room_alias_name
.as_ref()

View file

@ -61,6 +61,8 @@ pub struct Config {
allow_encryption: bool,
#[serde(default = "false_fn")]
allow_federation: bool,
#[serde(default = "true_fn")]
allow_room_creation: bool,
#[serde(default = "false_fn")]
pub allow_jaeger: bool,
#[serde(default = "false_fn")]

View file

@ -211,6 +211,10 @@ impl Globals {
self.config.allow_federation
}
pub fn allow_room_creation(&self) -> bool {
self.config.allow_room_creation
}
pub fn trusted_servers(&self) -> &[Box<ServerName>] {
&self.config.trusted_servers
}

View file

@ -5,7 +5,8 @@ use ruma::{
events::{AnyToDeviceEvent, EventType},
identifiers::MxcUri,
serde::Raw,
DeviceId, DeviceKeyAlgorithm, DeviceKeyId, MilliSecondsSinceUnixEpoch, UInt, UserId,
DeviceId, DeviceKeyAlgorithm, DeviceKeyId, MilliSecondsSinceUnixEpoch, RoomAliasId, UInt,
UserId,
};
use std::{collections::BTreeMap, convert::TryFrom, mem, sync::Arc};
use tracing::warn;
@ -53,6 +54,22 @@ impl Users {
.is_empty())
}
/// Check if a user is an admin
#[tracing::instrument(skip(self, user_id, rooms, globals))]
pub fn is_admin(
&self,
user_id: &UserId,
rooms: &super::rooms::Rooms,
globals: &super::globals::Globals,
) -> Result<bool> {
let admin_room_alias_id =
RoomAliasId::try_from(format!("#admins:{}", globals.server_name()))
.map_err(|_| Error::BadRequest(ErrorKind::InvalidParam, "Invalid alias."))?;
let admin_room_id = rooms.id_from_alias(&admin_room_alias_id)?.unwrap();
Ok(rooms.is_joined(user_id, &admin_room_id)?)
}
/// Create a new user account on this homeserver.
#[tracing::instrument(skip(self, user_id, password))]
pub fn create(&self, user_id: &UserId, password: Option<&str>) -> Result<()> {