From 8fb5b0f335b3dc54962aea102c71a7e449497487 Mon Sep 17 00:00:00 2001
From: Shay <hillerys@element.io>
Date: Tue, 19 Mar 2024 10:52:53 -0700
Subject: Improve event validation (#16908)

As the title states.
---
 synapse/api/constants.py    |  2 ++
 synapse/handlers/message.py | 13 +++++++++++++
 synapse/handlers/sync.py    | 12 +++++++++++-
 3 files changed, 26 insertions(+), 1 deletion(-)

(limited to 'synapse')

diff --git a/synapse/api/constants.py b/synapse/api/constants.py
index d25aff98ff..98884b4967 100644
--- a/synapse/api/constants.py
+++ b/synapse/api/constants.py
@@ -129,6 +129,8 @@ class EventTypes:
 
     Reaction: Final = "m.reaction"
 
+    CallInvite: Final = "m.call.invite"
+
 
 class ToDeviceEventTypes:
     RoomKeyRequest: Final = "m.room_key_request"
diff --git a/synapse/handlers/message.py b/synapse/handlers/message.py
index 0ce6eeee15..ccaa5508ff 100644
--- a/synapse/handlers/message.py
+++ b/synapse/handlers/message.py
@@ -34,6 +34,7 @@ from synapse.api.constants import (
     EventTypes,
     GuestAccess,
     HistoryVisibility,
+    JoinRules,
     Membership,
     RelationTypes,
     UserTypes,
@@ -1325,6 +1326,18 @@ class EventCreationHandler:
 
         self.validator.validate_new(event, self.config)
         await self._validate_event_relation(event)
+
+        if event.type == EventTypes.CallInvite:
+            room_id = event.room_id
+            room_info = await self.store.get_room_with_stats(room_id)
+            assert room_info is not None
+
+            if room_info.join_rules == JoinRules.PUBLIC:
+                raise SynapseError(
+                    403,
+                    "Call invites are not allowed in public rooms.",
+                    Codes.FORBIDDEN,
+                )
         logger.debug("Created event %s", event.event_id)
 
         return event, context
diff --git a/synapse/handlers/sync.py b/synapse/handlers/sync.py
index 0aedb37f16..3aa2e2b7ba 100644
--- a/synapse/handlers/sync.py
+++ b/synapse/handlers/sync.py
@@ -41,6 +41,7 @@ from synapse.api.constants import (
     AccountDataTypes,
     EventContentFields,
     EventTypes,
+    JoinRules,
     Membership,
 )
 from synapse.api.filtering import FilterCollection
@@ -675,13 +676,22 @@ class SyncHandler:
                         )
                     )
 
-                loaded_recents = await filter_events_for_client(
+                filtered_recents = await filter_events_for_client(
                     self._storage_controllers,
                     sync_config.user.to_string(),
                     loaded_recents,
                     always_include_ids=current_state_ids,
                 )
 
+                loaded_recents = []
+                for event in filtered_recents:
+                    if event.type == EventTypes.CallInvite:
+                        room_info = await self.store.get_room_with_stats(event.room_id)
+                        assert room_info is not None
+                        if room_info.join_rules == JoinRules.PUBLIC:
+                            continue
+                    loaded_recents.append(event)
+
                 log_kv({"loaded_recents_after_client_filtering": len(loaded_recents)})
 
                 loaded_recents.extend(recents)
-- 
cgit 1.4.1