summary refs log tree commit diff
path: root/synapse/rest/media
diff options
context:
space:
mode:
authorTravis Ralston <travpc@gmail.com>2018-02-01 18:05:47 -0700
committerGitHub <noreply@github.com>2018-02-01 18:05:47 -0700
commit6e87b34f7b7c595d4e5b96e4a0281b8327e5b8b7 (patch)
tree35701fcc0456593d736a3405f72a5dfd624b1cad /synapse/rest/media
parentpep8 (diff)
parentMerge pull request #2837 from matrix-org/rav/fix_quarantine_media (diff)
downloadsynapse-6e87b34f7b7c595d4e5b96e4a0281b8327e5b8b7.tar.xz
Merge branch 'develop' into travis/admin-list-media
Diffstat (limited to 'synapse/rest/media')
-rw-r--r--synapse/rest/media/v1/media_repository.py19
1 files changed, 17 insertions, 2 deletions
diff --git a/synapse/rest/media/v1/media_repository.py b/synapse/rest/media/v1/media_repository.py
index 4f56bcf577..485db8577a 100644
--- a/synapse/rest/media/v1/media_repository.py
+++ b/synapse/rest/media/v1/media_repository.py
@@ -32,8 +32,9 @@ from .media_storage import MediaStorage
 
 from synapse.http.matrixfederationclient import MatrixFederationHttpClient
 from synapse.util.stringutils import random_string
-from synapse.api.errors import SynapseError, HttpResponseException, \
-    NotFoundError
+from synapse.api.errors import (
+    SynapseError, HttpResponseException, NotFoundError, FederationDeniedError,
+)
 
 from synapse.util.async import Linearizer
 from synapse.util.stringutils import is_ascii
@@ -75,6 +76,8 @@ class MediaRepository(object):
         self.recently_accessed_remotes = set()
         self.recently_accessed_locals = set()
 
+        self.federation_domain_whitelist = hs.config.federation_domain_whitelist
+
         # List of StorageProviders where we should search for media and
         # potentially upload to.
         storage_providers = []
@@ -216,6 +219,12 @@ class MediaRepository(object):
             Deferred: Resolves once a response has successfully been written
                 to request
         """
+        if (
+            self.federation_domain_whitelist is not None and
+            server_name not in self.federation_domain_whitelist
+        ):
+            raise FederationDeniedError(server_name)
+
         self.mark_recently_accessed(server_name, media_id)
 
         # We linearize here to ensure that we don't try and download remote
@@ -250,6 +259,12 @@ class MediaRepository(object):
         Returns:
             Deferred[dict]: The media_info of the file
         """
+        if (
+            self.federation_domain_whitelist is not None and
+            server_name not in self.federation_domain_whitelist
+        ):
+            raise FederationDeniedError(server_name)
+
         # We linearize here to ensure that we don't try and download remote
         # media multiple times concurrently
         key = (server_name, media_id)