shruub
/
conduit
mirror of https://gitlab.com/famedly/conduit
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

fix: don't allow unjoined users to send typing notifications

Browse Source
merge-requests/257/head
Timo Kösters 2 years ago
parent 3573d40027
commit b6b27b66c8
No known key found for this signature in database
GPG Key ID: 24DA7517711A2BA4
2 changed files with 24 additions and 13 deletions
Show Stats Download Patch File Download Diff File

11
src/client_server/typing.rs
Unescape Escape View File

@ -1,5 +1,5 @@
use crate::{database::DatabaseGuard, utils, Result, Ruma}; use crate::{database::DatabaseGuard, Error, utils, Result, Ruma};
use ruma::api::client::typing::create_typing_event; use ruma::api::client::{typing::create_typing_event, error::ErrorKind};
/// # `PUT /_matrix/client/r0/rooms/{roomId}/typing/{userId}` /// # `PUT /_matrix/client/r0/rooms/{roomId}/typing/{userId}`
/// ///
@ -12,6 +12,13 @@ pub async fn create_typing_event_route(
let sender_user = body.sender_user.as_ref().expect("user is authenticated"); let sender_user = body.sender_user.as_ref().expect("user is authenticated");
if !db.rooms.is_joined(sender_user, &body.room_id)? {
return Err(Error::BadRequest(
ErrorKind::Forbidden,
"You are not in this room.",
));
}
if let Typing::Yes(duration) = body.state { if let Typing::Yes(duration) = body.state {
db.rooms.edus.typing_add( db.rooms.edus.typing_add(
sender_user, sender_user,

26
src/server_server.rs
Unescape Escape View File

@ -770,17 +770,21 @@ pub async fn send_transaction_message_route(
} }
} }
Edu::Typing(typing) => { Edu::Typing(typing) => {
if typing.typing { if db.rooms.is_joined(&typing.user_id, &typing.room_id)? {
db.rooms.edus.typing_add( if typing.typing {
&typing.user_id, db.rooms.edus.typing_add(
&typing.room_id, &typing.user_id,
3000 + utils::millis_since_unix_epoch(), &typing.room_id,
&db.globals, 3000 + utils::millis_since_unix_epoch(),
)?; &db.globals,
} else { )?;
db.rooms } else {
.edus db.rooms.edus.typing_remove(
.typing_remove(&typing.user_id, &typing.room_id, &db.globals)?; &typing.user_id,
&typing.room_id,
&db.globals,
)?;
}
} }
} }
Edu::DeviceListUpdate(DeviceListUpdateContent { user_id, .. }) => { Edu::DeviceListUpdate(DeviceListUpdateContent { user_id, .. }) => {

Write Preview
Loading…
Cancel
Save