From 5c39c7c5fff0e1a59999f0c13bf4aa48cb159129 Mon Sep 17 00:00:00 2001 From: Lambda Date: Mon, 3 Jun 2024 16:35:00 +0000 Subject: [PATCH] Use destination field in X-Matrix Authorization header Both validating and sending it is a MUST since Matrix v1.3. --- src/api/ruma_wrapper/axum.rs | 13 +++++++++++++ src/api/server_server.rs | 2 +- 2 files changed, 14 insertions(+), 1 deletion(-) diff --git a/src/api/ruma_wrapper/axum.rs b/src/api/ruma_wrapper/axum.rs index 451b6fda..14655976 100644 --- a/src/api/ruma_wrapper/axum.rs +++ b/src/api/ruma_wrapper/axum.rs @@ -196,6 +196,19 @@ async fn ar_from_request_inner( Error::BadRequest(ErrorKind::forbidden(), msg) })?; + if let Some(destination) = x_matrix.destination { + if destination != services().globals.server_name() { + warn!( + %destination, + "Incorrect destination in X-Matrix header" + ); + return Err(Error::BadRequest( + ErrorKind::Unauthorized, + "Incorrect destination in X-Matrix header", + )); + } + } + let origin_signatures = BTreeMap::from_iter([( x_matrix.key.to_string(), CanonicalJsonValue::String(x_matrix.sig), diff --git a/src/api/server_server.rs b/src/api/server_server.rs index b936b1e7..38e37304 100644 --- a/src/api/server_server.rs +++ b/src/api/server_server.rs @@ -242,7 +242,7 @@ where http_request.headers_mut().typed_insert(Authorization(XMatrix::new( services().globals.server_name().to_owned(), - None, + Some(destination.to_owned()), key_id, signature, )));