From 12f2f89f81cc9343b317058a2ff4d9be1b4bb37a Mon Sep 17 00:00:00 2001 From: Charles Hall Date: Fri, 27 Sep 2024 13:12:14 -0700 Subject: [PATCH] remove admin room membership checks All of these states can be recovered from by logging in as the admin bot, so there's no point in preventing these things from happening. Also it will cause problems when the admin bot user ID can change. --- src/service/rooms/timeline.rs | 116 +++------------------------------- 1 file changed, 8 insertions(+), 108 deletions(-) diff --git a/src/service/rooms/timeline.rs b/src/service/rooms/timeline.rs index c70c7033..eefab68d 100644 --- a/src/service/rooms/timeline.rs +++ b/src/service/rooms/timeline.rs @@ -884,114 +884,14 @@ impl Service { let (pdu, pdu_json) = self.create_hash_and_sign_event(pdu_builder, sender, room_id)?; - if let Some(admin_room) = services().admin.get_admin_room()? { - if admin_room == **room_id { - match pdu.event_type() { - TimelineEventType::RoomEncryption => { - warn!("Encryption is not allowed in the admins room"); - return Err(Error::BadRequest( - ErrorKind::forbidden(), - "Encryption is not allowed in the admins room.", - )); - } - TimelineEventType::RoomMember => { - #[derive(Deserialize)] - struct ExtractMembership { - membership: MembershipState, - } - - let target = pdu - .state_key() - .filter(|v| v.starts_with('@')) - .unwrap_or(sender.as_str()); - let server_name = services().globals.server_name(); - let server_user = format!( - "@{}:{server_name}", - if services().globals.config.conduit_compat { - "conduit" - } else { - "grapevine" - }, - ); - let content = - serde_json::from_str::( - pdu.content.get(), - ) - .map_err(|_| { - Error::bad_database("Invalid content in pdu.") - })?; - - if content.membership == MembershipState::Leave { - if target == server_user { - warn!( - "Grapevine user cannot leave from admins \ - room" - ); - return Err(Error::BadRequest( - ErrorKind::forbidden(), - "Grapevine user cannot leave from admins \ - room.", - )); - } - - let count = services() - .rooms - .state_cache - .room_members(room_id) - .filter_map(Result::ok) - .filter(|m| m.server_name() == server_name) - .filter(|m| m != target) - .count(); - if count < 2 { - warn!( - "Last admin cannot leave from admins room" - ); - return Err(Error::BadRequest( - ErrorKind::forbidden(), - "Last admin cannot leave from admins room.", - )); - } - } - - if content.membership == MembershipState::Ban - && pdu.state_key().is_some() - { - if target == server_user { - warn!( - "Grapevine user cannot be banned in \ - admins room" - ); - return Err(Error::BadRequest( - ErrorKind::forbidden(), - "Grapevine user cannot be banned in \ - admins room.", - )); - } - - let count = services() - .rooms - .state_cache - .room_members(room_id) - .filter_map(Result::ok) - .filter(|m| m.server_name() == server_name) - .filter(|m| m != target) - .count(); - if count < 2 { - warn!( - "Last admin cannot be banned in admins \ - room" - ); - return Err(Error::BadRequest( - ErrorKind::forbidden(), - "Last admin cannot be banned in admins \ - room.", - )); - } - } - } - _ => {} - } - } + if services().admin.get_admin_room()?.is_some_and(|x| x == **room_id) + && pdu.event_type() == &TimelineEventType::RoomEncryption + { + warn!("Encryption is not allowed in the admins room"); + return Err(Error::BadRequest( + ErrorKind::forbidden(), + "Encryption is not allowed in the admins room.", + )); } // If redaction event is not authorized, do not append it to the