diff options
author | kaiyou <pierre@jaury.eu> | 2018-04-08 17:56:44 +0200 |
---|---|---|
committer | kaiyou <pierre@jaury.eu> | 2018-04-08 17:56:44 +0200 |
commit | a13b7860c6570ad1bb9003e94ad67c761f0cf312 (patch) | |
tree | d08b2c50d1c1a6e570c59396660cd83836aa9f14 /synapse/federation/transport/server.py | |
parent | Merge remote-tracking branch 'upstream/master' into feat-dockerfile (diff) | |
parent | Update README.rst (diff) | |
download | synapse-a13b7860c6570ad1bb9003e94ad67c761f0cf312.tar.xz |
Merge remote-tracking branch 'upstream/master' into feat-dockerfile
Diffstat (limited to 'synapse/federation/transport/server.py')
-rw-r--r-- | synapse/federation/transport/server.py | 11 |
1 files changed, 9 insertions, 2 deletions
diff --git a/synapse/federation/transport/server.py b/synapse/federation/transport/server.py index 2b02b021ec..a66a6b0692 100644 --- a/synapse/federation/transport/server.py +++ b/synapse/federation/transport/server.py @@ -16,7 +16,7 @@ from twisted.internet import defer from synapse.api.urls import FEDERATION_PREFIX as PREFIX -from synapse.api.errors import Codes, SynapseError +from synapse.api.errors import Codes, SynapseError, FederationDeniedError from synapse.http.server import JsonResource from synapse.http.servlet import ( parse_json_object_from_request, parse_integer_from_args, parse_string_from_args, @@ -81,6 +81,7 @@ class Authenticator(object): self.keyring = hs.get_keyring() self.server_name = hs.hostname self.store = hs.get_datastore() + self.federation_domain_whitelist = hs.config.federation_domain_whitelist # A method just so we can pass 'self' as the authenticator to the Servlets @defer.inlineCallbacks @@ -92,6 +93,12 @@ class Authenticator(object): "signatures": {}, } + if ( + self.federation_domain_whitelist is not None and + self.server_name not in self.federation_domain_whitelist + ): + raise FederationDeniedError(self.server_name) + if content is not None: json_request["content"] = content @@ -1183,7 +1190,7 @@ GROUP_ATTESTATION_SERVLET_CLASSES = ( def register_servlets(hs, resource, authenticator, ratelimiter): for servletclass in FEDERATION_SERVLET_CLASSES: servletclass( - handler=hs.get_replication_layer(), + handler=hs.get_federation_server(), authenticator=authenticator, ratelimiter=ratelimiter, server_name=hs.hostname, |