feat: respect history visibility

2023-02-22 15:49:55 +01:00 · 2023-02-22 15:49:55 +01:00 · 10fa686c77
commit 10fa686c77
parent 2a16a5e967
8 changed files with 166 additions and 98 deletions
--- a/src/service/mod.rs
+++ b/src/service/mod.rs
@ -82,6 +82,9 @@ impl Services {
                    server_visibility_cache: Mutex::new(LruCache::new(
                        (100.0 * config.conduit_cache_capacity_modifier) as usize,
                    )),
+                    user_visibility_cache: Mutex::new(LruCache::new(
+                        (100.0 * config.conduit_cache_capacity_modifier) as usize,
+                    )),
                },
                state_cache: rooms::state_cache::Service { db },
                state_compressor: rooms::state_compressor::Service {
--- a/src/service/rooms/state_accessor/mod.rs
+++ b/src/service/rooms/state_accessor/mod.rs
@ -14,7 +14,7 @@ use ruma::{
        },
        StateEventType,
    },
-    EventId, OwnedServerName, RoomId, ServerName, UserId,
+    EventId, OwnedServerName, OwnedUserId, RoomId, ServerName, UserId,
 };
 use tracing::error;

@ -23,6 +23,7 @@ use crate::{services, Error, PduEvent, Result};
 pub struct Service {
    pub db: &'static dyn Data,
    pub server_visibility_cache: Mutex<LruCache<(OwnedServerName, u64), bool>>,
+    pub user_visibility_cache: Mutex<LruCache<(OwnedUserId, u64), bool>>,
 }

 impl Service {
@ -92,7 +93,7 @@ impl Service {

    /// Whether a server is allowed to see an event through federation, based on
    /// the room's history_visibility at that event's state.
-    #[tracing::instrument(skip(self))]
+    #[tracing::instrument(skip(self, origin, room_id, event_id))]
    pub fn server_can_see_event(
        &self,
        origin: &ServerName,
@ -154,6 +155,85 @@ impl Service {
        Ok(visibility)
    }

+    /// Whether a user is allowed to see an event, based on
+    /// the room's history_visibility at that event's state.
+    #[tracing::instrument(skip(self, user_id, room_id, event_id))]
+    pub fn user_can_see_event(
+        &self,
+        user_id: &UserId,
+        room_id: &RoomId,
+        event_id: &EventId,
+    ) -> Result<bool> {
+        let shortstatehash = match self.pdu_shortstatehash(event_id)? {
+            Some(shortstatehash) => shortstatehash,
+            None => return Ok(true),
+        };
+
+        if let Some(visibility) = self
+            .user_visibility_cache
+            .lock()
+            .unwrap()
+            .get_mut(&(user_id.to_owned(), shortstatehash))
+        {
+            return Ok(*visibility);
+        }
+
+        let currently_member = services().rooms.state_cache.is_joined(&user_id, &room_id)?;
+
+        let history_visibility = self
+            .state_get(shortstatehash, &StateEventType::RoomHistoryVisibility, "")?
+            .map_or(Ok(HistoryVisibility::Shared), |s| {
+                serde_json::from_str(s.content.get())
+                    .map(|c: RoomHistoryVisibilityEventContent| c.history_visibility)
+                    .map_err(|_| {
+                        Error::bad_database("Invalid history visibility event in database.")
+                    })
+            })?;
+
+        let visibility = match history_visibility {
+            HistoryVisibility::WorldReadable => true,
+            HistoryVisibility::Shared => currently_member,
+            HistoryVisibility::Invited => {
+                // Allow if any member on requesting server was AT LEAST invited, else deny
+                self.user_was_invited(shortstatehash, &user_id)
+            }
+            HistoryVisibility::Joined => {
+                // Allow if any member on requested server was joined, else deny
+                self.user_was_joined(shortstatehash, &user_id)
+            }
+            _ => {
+                error!("Unknown history visibility {history_visibility}");
+                false
+            }
+        };
+
+        self.user_visibility_cache
+            .lock()
+            .unwrap()
+            .insert((user_id.to_owned(), shortstatehash), visibility);
+
+        Ok(visibility)
+    }
+
+    /// Whether a user is allowed to see an event, based on
+    /// the room's history_visibility at that event's state.
+    #[tracing::instrument(skip(self, user_id, room_id))]
+    pub fn user_can_see_state_events(&self, user_id: &UserId, room_id: &RoomId) -> Result<bool> {
+        let currently_member = services().rooms.state_cache.is_joined(&user_id, &room_id)?;
+
+        let history_visibility = self
+            .room_state_get(&room_id, &StateEventType::RoomHistoryVisibility, "")?
+            .map_or(Ok(HistoryVisibility::Shared), |s| {
+                serde_json::from_str(s.content.get())
+                    .map(|c: RoomHistoryVisibilityEventContent| c.history_visibility)
+                    .map_err(|_| {
+                        Error::bad_database("Invalid history visibility event in database.")
+                    })
+            })?;
+
+        Ok(currently_member || history_visibility == HistoryVisibility::WorldReadable)
+    }
+
    /// Returns the state hash for this pdu.
    pub fn pdu_shortstatehash(&self, event_id: &EventId) -> Result<Option<u64>> {
        self.db.pdu_shortstatehash(event_id)