diff --git a/clientapi/routing/sendevent.go b/clientapi/routing/sendevent.go index a1a0300d..ac8b2d7e 100644 --- a/clientapi/routing/sendevent.go +++ b/clientapi/routing/sendevent.go @@ -414,8 +414,14 @@ func generateSendEvent( for i := range queryRes.StateEvents { stateEvents[i] = queryRes.StateEvents[i].PDU } - provider := gomatrixserverlib.NewAuthEvents(gomatrixserverlib.ToPDUs(stateEvents)) - if err = gomatrixserverlib.Allowed(e.PDU, &provider, func(roomID spec.RoomID, senderID spec.SenderID) (*spec.UserID, error) { + provider, err := gomatrixserverlib.NewAuthEvents(gomatrixserverlib.ToPDUs(stateEvents)) + if err != nil { + return nil, &util.JSONResponse{ + Code: http.StatusForbidden, + JSON: spec.Forbidden(err.Error()), + } + } + if err = gomatrixserverlib.Allowed(e.PDU, provider, func(roomID spec.RoomID, senderID spec.SenderID) (*spec.UserID, error) { return rsAPI.QueryUserIDForSender(ctx, *validRoomID, senderID) }); err != nil { return nil, &util.JSONResponse{ diff --git a/federationapi/routing/threepid.go b/federationapi/routing/threepid.go index 4e3dfdd5..c2b4fa04 100644 --- a/federationapi/routing/threepid.go +++ b/federationapi/routing/threepid.go @@ -344,7 +344,7 @@ func buildMembershipEvent( protoEvent.Depth = queryRes.Depth protoEvent.PrevEvents = queryRes.LatestEvents - authEvents := gomatrixserverlib.NewAuthEvents(nil) + authEvents, _ := gomatrixserverlib.NewAuthEvents(nil) for i := range queryRes.StateEvents { err = authEvents.AddEvent(queryRes.StateEvents[i].PDU) @@ -357,7 +357,7 @@ func buildMembershipEvent( return nil, err } - refs, err := eventsNeeded.AuthEventReferences(&authEvents) + refs, err := eventsNeeded.AuthEventReferences(authEvents) if err != nil { return nil, err } @@ -421,7 +421,7 @@ func sendToRemoteServer( // found. Returning an error isn't necessary in this case as the event will be // rejected by gomatrixserverlib. func fillDisplayName( - builder *gomatrixserverlib.ProtoEvent, authEvents gomatrixserverlib.AuthEvents, + builder *gomatrixserverlib.ProtoEvent, authEvents *gomatrixserverlib.AuthEvents, ) error { var content gomatrixserverlib.MemberContent if err := json.Unmarshal(builder.Content, &content); err != nil { diff --git a/go.mod b/go.mod index d335b3cd..32added3 100644 --- a/go.mod +++ b/go.mod @@ -1,5 +1,7 @@ module github.com/element-hq/dendrite +replace github.com/matrix-org/gomatrixserverlib => github.com/neilalexander/gomatrixserverlib v0.0.0-20241213120227-3d48766ed855 + require ( github.com/Arceliar/phony v0.0.0-20220903101357-530938a4b13d github.com/DATA-DOG/go-sqlmock v1.5.0 diff --git a/go.sum b/go.sum index 5eb0b3af..fdd2d553 100644 --- a/go.sum +++ b/go.sum @@ -237,8 +237,6 @@ github.com/matrix-org/go-sqlite3-js v0.0.0-20220419092513-28aa791a1c91 h1:s7fexw github.com/matrix-org/go-sqlite3-js v0.0.0-20220419092513-28aa791a1c91/go.mod h1:e+cg2q7C7yE5QnAXgzo512tgFh1RbQLC0+jozuegKgo= github.com/matrix-org/gomatrix v0.0.0-20220926102614-ceba4d9f7530 h1:kHKxCOLcHH8r4Fzarl4+Y3K5hjothkVW5z7T1dUM11U= github.com/matrix-org/gomatrix v0.0.0-20220926102614-ceba4d9f7530/go.mod h1:/gBX06Kw0exX1HrwmoBibFA98yBk/jxKpGVeyQbff+s= -github.com/matrix-org/gomatrixserverlib v0.0.0-20240910190622-2c764912ce93 h1:FbyZ/xkeBVYHi2xfwAVaNmDhP+4HNbt9e6ucOR+jvBk= -github.com/matrix-org/gomatrixserverlib v0.0.0-20240910190622-2c764912ce93/go.mod h1:HZGsVJ3bUE+DkZtufkH9H0mlsvbhEGK5CpX0Zlavylg= github.com/matrix-org/pinecone v0.11.1-0.20230810010612-ea4c33717fd7 h1:6t8kJr8i1/1I5nNttw6nn1ryQJgzVlBmSGgPiiaTdw4= github.com/matrix-org/pinecone v0.11.1-0.20230810010612-ea4c33717fd7/go.mod h1:ReWMS/LoVnOiRAdq9sNUC2NZnd1mZkMNB52QhpTRWjg= github.com/matrix-org/util v0.0.0-20221111132719-399730281e66 h1:6z4KxomXSIGWqhHcfzExgkH3Z3UkIXry4ibJS4Aqz2Y= @@ -281,6 +279,8 @@ github.com/nats-io/nuid v1.0.1 h1:5iA8DT8V7q8WK2EScv2padNa/rTESc1KdnPw4TC2paw= github.com/nats-io/nuid v1.0.1/go.mod h1:19wcPz3Ph3q0Jbyiqsd0kePYG7A95tJPxeL+1OSON2c= github.com/ncruces/go-strftime v0.1.9 h1:bY0MQC28UADQmHmaF5dgpLmImcShSi2kHU9XLdhx/f4= github.com/ncruces/go-strftime v0.1.9/go.mod h1:Fwc5htZGVVkseilnfgOVb9mKy6w1naJmn9CehxcKcls= +github.com/neilalexander/gomatrixserverlib v0.0.0-20241213120227-3d48766ed855 h1:CEeYH/JKmR1twVV6DKOHspk2aEibg2CyHK+cPBXkUmI= +github.com/neilalexander/gomatrixserverlib v0.0.0-20241213120227-3d48766ed855/go.mod h1:qil34SWn6VB6gO5312rzziCUcZtgROPjrLE+4ly/0os= github.com/nfnt/resize v0.0.0-20180221191011-83c6a9932646 h1:zYyBkD/k9seD2A7fsi6Oo2LfFZAehjjQMERAvZLEDnQ= github.com/nfnt/resize v0.0.0-20180221191011-83c6a9932646/go.mod h1:jpp1/29i3P1S/RLdc7JQKbRpFeM1dOBd8T9ki5s+AY8= github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno= diff --git a/internal/eventutil/events.go b/internal/eventutil/events.go index 852caab2..694196b5 100644 --- a/internal/eventutil/events.go +++ b/internal/eventutil/events.go @@ -123,7 +123,10 @@ func addPrevEventsToEvent( builder.Depth = queryRes.Depth - authEvents := gomatrixserverlib.NewAuthEvents(nil) + authEvents, err := gomatrixserverlib.NewAuthEvents(nil) + if err != nil { + return fmt.Errorf("gomatrixserverlib.NewAuthEvents: %w", err) + } for i := range queryRes.StateEvents { err := authEvents.AddEvent(queryRes.StateEvents[i].PDU) @@ -132,7 +135,7 @@ func addPrevEventsToEvent( } } - refs, err := eventsNeeded.AuthEventReferences(&authEvents) + refs, err := eventsNeeded.AuthEventReferences(authEvents) if err != nil { return fmt.Errorf("eventsNeeded.AuthEventReferences: %w", err) } diff --git a/roomserver/internal/input/input_events.go b/roomserver/internal/input/input_events.go index b84db345..249e07a8 100644 --- a/roomserver/internal/input/input_events.go +++ b/roomserver/internal/input/input_events.go @@ -285,15 +285,15 @@ func (r *Inputer) processRoomEvent( // Check that the auth events of the event are known. // If they aren't then we will ask the federation API for them. - authEvents := gomatrixserverlib.NewAuthEvents(nil) + authEvents, _ := gomatrixserverlib.NewAuthEvents(nil) knownEvents := map[string]*types.Event{} - if err = r.fetchAuthEvents(ctx, logger, roomInfo, virtualHost, headered, &authEvents, knownEvents, serverRes.ServerNames); err != nil { + if err = r.fetchAuthEvents(ctx, logger, roomInfo, virtualHost, headered, authEvents, knownEvents, serverRes.ServerNames); err != nil { return fmt.Errorf("r.fetchAuthEvents: %w", err) } // Check if the event is allowed by its auth events. If it isn't then // we consider the event to be "rejected" — it will still be persisted. - if err = gomatrixserverlib.Allowed(event, &authEvents, func(roomID spec.RoomID, senderID spec.SenderID) (*spec.UserID, error) { + if err = gomatrixserverlib.Allowed(event, authEvents, func(roomID spec.RoomID, senderID spec.SenderID) (*spec.UserID, error) { return r.Queryer.QueryUserIDForSender(ctx, roomID, senderID) }); err != nil { isRejected = true @@ -640,10 +640,14 @@ func (r *Inputer) processStateBefore( // At this point, stateBeforeEvent should be populated either by // the supplied state in the input request, or from the prev events. // Check whether the event is allowed or not. - stateBeforeAuth := gomatrixserverlib.NewAuthEvents( + stateBeforeAuth, err := gomatrixserverlib.NewAuthEvents( gomatrixserverlib.ToPDUs(stateBeforeEvent), ) - if rejectionErr = gomatrixserverlib.Allowed(event, &stateBeforeAuth, func(roomID spec.RoomID, senderID spec.SenderID) (*spec.UserID, error) { + if err != nil { + rejectionErr = fmt.Errorf("NewAuthEvents failed: %w", err) + return + } + if rejectionErr = gomatrixserverlib.Allowed(event, stateBeforeAuth, func(roomID spec.RoomID, senderID spec.SenderID) (*spec.UserID, error) { return r.Queryer.QueryUserIDForSender(ctx, roomID, senderID) }); rejectionErr != nil { rejectionErr = fmt.Errorf("Allowed() failed for stateBeforeEvent: %w", rejectionErr) diff --git a/roomserver/internal/input/input_events_test.go b/roomserver/internal/input/input_events_test.go index 05dc842e..3376a79c 100644 --- a/roomserver/internal/input/input_events_test.go +++ b/roomserver/internal/input/input_events_test.go @@ -50,7 +50,7 @@ func Test_EventAuth(t *testing.T) { }, test.WithStateKey(bob.ID), test.WithAuthIDs(authEventIDs)) // Add the auth events to the allower - allower := gomatrixserverlib.NewAuthEvents(nil) + allower, _ := gomatrixserverlib.NewAuthEvents(nil) for _, a := range authEvents { if err := allower.AddEvent(a); err != nil { t.Fatalf("allower.AddEvent failed: %v", err) @@ -58,7 +58,7 @@ func Test_EventAuth(t *testing.T) { } // Finally check that the event is NOT allowed - if err := gomatrixserverlib.Allowed(ev.PDU, &allower, func(roomID spec.RoomID, senderID spec.SenderID) (*spec.UserID, error) { + if err := gomatrixserverlib.Allowed(ev.PDU, allower, func(roomID spec.RoomID, senderID spec.SenderID) (*spec.UserID, error) { return spec.NewUserID(string(senderID), true) }); err == nil { t.Fatalf("event should not be allowed, but it was") diff --git a/roomserver/internal/input/input_missing.go b/roomserver/internal/input/input_missing.go index fdc37eee..ea1b5010 100644 --- a/roomserver/internal/input/input_missing.go +++ b/roomserver/internal/input/input_missing.go @@ -961,14 +961,14 @@ serverLoop: } func checkAllowedByState(e gomatrixserverlib.PDU, stateEvents []gomatrixserverlib.PDU, userIDForSender spec.UserIDForSender) error { - authUsingState := gomatrixserverlib.NewAuthEvents(nil) + authUsingState, _ := gomatrixserverlib.NewAuthEvents(nil) for i := range stateEvents { err := authUsingState.AddEvent(stateEvents[i]) if err != nil { return err } } - return gomatrixserverlib.Allowed(e, &authUsingState, userIDForSender) + return gomatrixserverlib.Allowed(e, authUsingState, userIDForSender) } func (t *missingStateReq) hadEvent(eventID string) { diff --git a/roomserver/internal/perform/perform_create_room.go b/roomserver/internal/perform/perform_create_room.go index 73ae9ff6..020e7495 100644 --- a/roomserver/internal/perform/perform_create_room.go +++ b/roomserver/internal/perform/perform_create_room.go @@ -343,7 +343,7 @@ func (c *Creator) PerformCreateRoom(ctx context.Context, userID spec.UserID, roo // TODO: 3pid invite events var builtEvents []*types.HeaderedEvent - authEvents := gomatrixserverlib.NewAuthEvents(nil) + authEvents, _ := gomatrixserverlib.NewAuthEvents(nil) if err != nil { util.GetLogger(ctx).WithError(err).Error("rsapi.QuerySenderIDForUser failed") return "", &util.JSONResponse{ @@ -373,7 +373,7 @@ func (c *Creator) PerformCreateRoom(ctx context.Context, userID spec.UserID, roo builder.PrevEvents = []string{builtEvents[i-1].EventID()} } var ev gomatrixserverlib.PDU - if err = builder.AddAuthEvents(&authEvents); err != nil { + if err = builder.AddAuthEvents(authEvents); err != nil { util.GetLogger(ctx).WithError(err).Error("AddAuthEvents failed") return "", &util.JSONResponse{ Code: http.StatusInternalServerError, @@ -389,7 +389,7 @@ func (c *Creator) PerformCreateRoom(ctx context.Context, userID spec.UserID, roo } } - if err = gomatrixserverlib.Allowed(ev, &authEvents, func(roomID spec.RoomID, senderID spec.SenderID) (*spec.UserID, error) { + if err = gomatrixserverlib.Allowed(ev, authEvents, func(roomID spec.RoomID, senderID spec.SenderID) (*spec.UserID, error) { return c.RSAPI.QueryUserIDForSender(ctx, roomID, senderID) }); err != nil { util.GetLogger(ctx).WithError(err).Error("gomatrixserverlib.Allowed failed") diff --git a/roomserver/internal/perform/perform_upgrade.go b/roomserver/internal/perform/perform_upgrade.go index cf18924e..8b28e78b 100644 --- a/roomserver/internal/perform/perform_upgrade.go +++ b/roomserver/internal/perform/perform_upgrade.go @@ -470,7 +470,7 @@ func (r *Upgrader) generateInitialEvents(ctx context.Context, oldRoom *api.Query func (r *Upgrader) sendInitialEvents(ctx context.Context, evTime time.Time, senderID spec.SenderID, userDomain spec.ServerName, newRoomID string, newVersion gomatrixserverlib.RoomVersion, eventsToMake []gomatrixserverlib.FledglingEvent) error { var err error var builtEvents []*types.HeaderedEvent - authEvents := gomatrixserverlib.NewAuthEvents(nil) + authEvents, _ := gomatrixserverlib.NewAuthEvents(nil) for i, e := range eventsToMake { depth := i + 1 // depth starts at 1 @@ -495,7 +495,7 @@ func (r *Upgrader) sendInitialEvents(ctx context.Context, evTime time.Time, send return err } builder := verImpl.NewEventBuilderFromProtoEvent(&proto) - if err = builder.AddAuthEvents(&authEvents); err != nil { + if err = builder.AddAuthEvents(authEvents); err != nil { return err } @@ -506,7 +506,7 @@ func (r *Upgrader) sendInitialEvents(ctx context.Context, evTime time.Time, send } - if err = gomatrixserverlib.Allowed(event, &authEvents, func(roomID spec.RoomID, senderID spec.SenderID) (*spec.UserID, error) { + if err = gomatrixserverlib.Allowed(event, authEvents, func(roomID spec.RoomID, senderID spec.SenderID) (*spec.UserID, error) { return r.URSAPI.QueryUserIDForSender(ctx, roomID, senderID) }); err != nil { return fmt.Errorf("Failed to auth new %q event: %w", builder.Type, err) @@ -586,8 +586,11 @@ func (r *Upgrader) makeHeaderedEvent(ctx context.Context, evTime time.Time, send for i := range queryRes.StateEvents { stateEvents[i] = queryRes.StateEvents[i].PDU } - provider := gomatrixserverlib.NewAuthEvents(stateEvents) - if err = gomatrixserverlib.Allowed(headeredEvent.PDU, &provider, func(roomID spec.RoomID, senderID spec.SenderID) (*spec.UserID, error) { + provider, err := gomatrixserverlib.NewAuthEvents(stateEvents) + if err != nil { + return nil, err + } + if err = gomatrixserverlib.Allowed(headeredEvent.PDU, provider, func(roomID spec.RoomID, senderID spec.SenderID) (*spec.UserID, error) { return r.URSAPI.QueryUserIDForSender(ctx, roomID, senderID) }); err != nil { return nil, api.ErrNotAllowed{Err: fmt.Errorf("failed to auth new %q event: %w", proto.Type, err)} // TODO: Is this error string comprehensible to the client? diff --git a/test/room.go b/test/room.go index 51e56379..cfafaac1 100644 --- a/test/room.go +++ b/test/room.go @@ -43,7 +43,7 @@ type Room struct { visibility gomatrixserverlib.HistoryVisibility creator *User - authEvents gomatrixserverlib.AuthEvents + authEvents *gomatrixserverlib.AuthEvents currentState map[string]*rstypes.HeaderedEvent events []*rstypes.HeaderedEvent } @@ -55,10 +55,11 @@ func NewRoom(t *testing.T, creator *User, modifiers ...roomModifier) *Room { if creator.srvName == "" { t.Fatalf("NewRoom: creator doesn't belong to a server: %+v", *creator) } + authEvents, _ := gomatrixserverlib.NewAuthEvents(nil) r := &Room{ ID: fmt.Sprintf("!%d:%s", counter, creator.srvName), creator: creator, - authEvents: gomatrixserverlib.NewAuthEvents(nil), + authEvents: authEvents, preset: PresetPublicChat, Version: gomatrixserverlib.RoomVersionV9, currentState: make(map[string]*rstypes.HeaderedEvent), @@ -73,7 +74,7 @@ func NewRoom(t *testing.T, creator *User, modifiers ...roomModifier) *Room { func (r *Room) MustGetAuthEventRefsForEvent(t *testing.T, needed gomatrixserverlib.StateNeeded) []string { t.Helper() - a, err := needed.AuthEventReferences(&r.authEvents) + a, err := needed.AuthEventReferences(r.authEvents) if err != nil { t.Fatalf("MustGetAuthEvents: %v", err) } @@ -175,7 +176,7 @@ func (r *Room) CreateEvent(t *testing.T, creator *User, eventType string, conten builder.PrevEvents = []string{r.events[len(r.events)-1].EventID()} } - err = builder.AddAuthEvents(&r.authEvents) + err = builder.AddAuthEvents(r.authEvents) if err != nil { t.Fatalf("CreateEvent[%s]: failed to AuthEventReferences: %s", eventType, err) } @@ -191,7 +192,7 @@ func (r *Room) CreateEvent(t *testing.T, creator *User, eventType string, conten if err != nil { t.Fatalf("CreateEvent[%s]: failed to build event: %s", eventType, err) } - if err = gomatrixserverlib.Allowed(ev, &r.authEvents, UserIDForSender); err != nil { + if err = gomatrixserverlib.Allowed(ev, r.authEvents, UserIDForSender); err != nil { t.Fatalf("CreateEvent[%s]: failed to verify event was allowed: %s", eventType, err) } headeredEvent := &rstypes.HeaderedEvent{PDU: ev}