diff options
author | Shay <hillerys@element.io> | 2024-03-19 10:52:53 -0700 |
---|---|---|
committer | GitHub <noreply@github.com> | 2024-03-19 17:52:53 +0000 |
commit | 8fb5b0f335b3dc54962aea102c71a7e449497487 (patch) | |
tree | 698b5e92f822198a51131108a15fe61ac1501358 /synapse/handlers | |
parent | Bump pydantic from 2.6.0 to 2.6.4 (#17004) (diff) | |
download | synapse-8fb5b0f335b3dc54962aea102c71a7e449497487.tar.xz |
Improve event validation (#16908)
As the title states.
Diffstat (limited to 'synapse/handlers')
-rw-r--r-- | synapse/handlers/message.py | 13 | ||||
-rw-r--r-- | synapse/handlers/sync.py | 12 |
2 files changed, 24 insertions, 1 deletions
diff --git a/synapse/handlers/message.py b/synapse/handlers/message.py index 0ce6eeee15..ccaa5508ff 100644 --- a/synapse/handlers/message.py +++ b/synapse/handlers/message.py @@ -34,6 +34,7 @@ from synapse.api.constants import ( EventTypes, GuestAccess, HistoryVisibility, + JoinRules, Membership, RelationTypes, UserTypes, @@ -1325,6 +1326,18 @@ class EventCreationHandler: self.validator.validate_new(event, self.config) await self._validate_event_relation(event) + + if event.type == EventTypes.CallInvite: + room_id = event.room_id + room_info = await self.store.get_room_with_stats(room_id) + assert room_info is not None + + if room_info.join_rules == JoinRules.PUBLIC: + raise SynapseError( + 403, + "Call invites are not allowed in public rooms.", + Codes.FORBIDDEN, + ) logger.debug("Created event %s", event.event_id) return event, context diff --git a/synapse/handlers/sync.py b/synapse/handlers/sync.py index 0aedb37f16..3aa2e2b7ba 100644 --- a/synapse/handlers/sync.py +++ b/synapse/handlers/sync.py @@ -41,6 +41,7 @@ from synapse.api.constants import ( AccountDataTypes, EventContentFields, EventTypes, + JoinRules, Membership, ) from synapse.api.filtering import FilterCollection @@ -675,13 +676,22 @@ class SyncHandler: ) ) - loaded_recents = await filter_events_for_client( + filtered_recents = await filter_events_for_client( self._storage_controllers, sync_config.user.to_string(), loaded_recents, always_include_ids=current_state_ids, ) + loaded_recents = [] + for event in filtered_recents: + if event.type == EventTypes.CallInvite: + room_info = await self.store.get_room_with_stats(event.room_id) + assert room_info is not None + if room_info.join_rules == JoinRules.PUBLIC: + continue + loaded_recents.append(event) + log_kv({"loaded_recents_after_client_filtering": len(loaded_recents)}) loaded_recents.extend(recents) |