mirror of
https://github.com/Nheko-Reborn/nheko.git
synced 2024-11-29 14:18:49 +03:00
Evaluate ACLs when calculating vias
This commit is contained in:
parent
3c950ce26a
commit
4bf6e58511
3 changed files with 54 additions and 4 deletions
|
@ -598,7 +598,7 @@ if(USE_BUNDLED_MTXCLIENT)
|
||||||
FetchContent_Declare(
|
FetchContent_Declare(
|
||||||
MatrixClient
|
MatrixClient
|
||||||
GIT_REPOSITORY https://github.com/Nheko-Reborn/mtxclient.git
|
GIT_REPOSITORY https://github.com/Nheko-Reborn/mtxclient.git
|
||||||
GIT_TAG e1a24f3752543d4264cb012a20d84fc9d7229709
|
GIT_TAG c8849cd033bb59bee39f3fb2eaca953853731eb2
|
||||||
)
|
)
|
||||||
set(BUILD_LIB_EXAMPLES OFF CACHE INTERNAL "")
|
set(BUILD_LIB_EXAMPLES OFF CACHE INTERNAL "")
|
||||||
set(BUILD_LIB_TESTS OFF CACHE INTERNAL "")
|
set(BUILD_LIB_TESTS OFF CACHE INTERNAL "")
|
||||||
|
|
|
@ -213,7 +213,7 @@ modules:
|
||||||
buildsystem: cmake-ninja
|
buildsystem: cmake-ninja
|
||||||
name: mtxclient
|
name: mtxclient
|
||||||
sources:
|
sources:
|
||||||
- commit: e1a24f3752543d4264cb012a20d84fc9d7229709
|
- commit: c8849cd033bb59bee39f3fb2eaca953853731eb2
|
||||||
#tag: v0.9.2
|
#tag: v0.9.2
|
||||||
type: git
|
type: git
|
||||||
url: https://github.com/Nheko-Reborn/mtxclient.git
|
url: https://github.com/Nheko-Reborn/mtxclient.git
|
||||||
|
|
|
@ -1273,6 +1273,51 @@ utils::roomVias(const std::string &roomid)
|
||||||
auto powerlevels =
|
auto powerlevels =
|
||||||
cache::client()->getStateEvent<mtx::events::state::PowerLevels>(roomid).value_or(
|
cache::client()->getStateEvent<mtx::events::state::PowerLevels>(roomid).value_or(
|
||||||
mtx::events::StateEvent<mtx::events::state::PowerLevels>{});
|
mtx::events::StateEvent<mtx::events::state::PowerLevels>{});
|
||||||
|
auto acls = cache::client()->getStateEvent<mtx::events::state::ServerAcl>(roomid);
|
||||||
|
|
||||||
|
std::vector<QRegularExpression> allowedServers;
|
||||||
|
std::vector<QRegularExpression> deniedServers;
|
||||||
|
|
||||||
|
if (acls) {
|
||||||
|
auto globToRegexp = [](const std::string &globExp) {
|
||||||
|
auto rawReg = QRegularExpression::escape(QString::fromStdString(globExp))
|
||||||
|
.replace("\\*", ".*")
|
||||||
|
.replace("\\?", ".");
|
||||||
|
return QRegularExpression(QRegularExpression::anchoredPattern(rawReg),
|
||||||
|
QRegularExpression::DotMatchesEverythingOption |
|
||||||
|
QRegularExpression::DontCaptureOption);
|
||||||
|
};
|
||||||
|
|
||||||
|
allowedServers.reserve(acls->content.allow.size());
|
||||||
|
for (const auto &s : acls->content.allow)
|
||||||
|
allowedServers.push_back(globToRegexp(s));
|
||||||
|
deniedServers.reserve(acls->content.deny.size());
|
||||||
|
for (const auto &s : acls->content.deny)
|
||||||
|
allowedServers.push_back(globToRegexp(s));
|
||||||
|
|
||||||
|
nhlog::ui()->critical("ACL: {}", nlohmann::json(acls->content).dump(2));
|
||||||
|
}
|
||||||
|
|
||||||
|
auto isHostAllowed = [&acls, &allowedServers, &deniedServers](const std::string &host) {
|
||||||
|
if (!acls)
|
||||||
|
return true;
|
||||||
|
|
||||||
|
auto url = QUrl::fromEncoded(
|
||||||
|
"https://" + QByteArray::fromRawData(host.data(), host.size()), QUrl::StrictMode);
|
||||||
|
if (url.hasQuery() || url.hasFragment())
|
||||||
|
return false;
|
||||||
|
|
||||||
|
auto hostname = url.host();
|
||||||
|
|
||||||
|
for (const auto &d : deniedServers)
|
||||||
|
if (d.match(hostname).hasMatch())
|
||||||
|
return false;
|
||||||
|
for (const auto &a : allowedServers)
|
||||||
|
if (a.match(hostname).hasMatch())
|
||||||
|
return true;
|
||||||
|
|
||||||
|
return false;
|
||||||
|
};
|
||||||
|
|
||||||
std::unordered_set<std::string> users_with_high_pl;
|
std::unordered_set<std::string> users_with_high_pl;
|
||||||
std::set<std::string> users_with_high_pl_in_room;
|
std::set<std::string> users_with_high_pl_in_room;
|
||||||
|
@ -1281,6 +1326,9 @@ utils::roomVias(const std::string &roomid)
|
||||||
for (const auto &user : powerlevels.content.users) {
|
for (const auto &user : powerlevels.content.users) {
|
||||||
if (user.second >= powerlevels.content.events_default &&
|
if (user.second >= powerlevels.content.events_default &&
|
||||||
user.second >= powerlevels.content.state_default) {
|
user.second >= powerlevels.content.state_default) {
|
||||||
|
auto host =
|
||||||
|
mtx::identifiers::parse<mtx::identifiers::User>(user.first).hostname();
|
||||||
|
if (isHostAllowed(host))
|
||||||
users_with_high_pl.insert(user.first);
|
users_with_high_pl.insert(user.first);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -1294,7 +1342,9 @@ utils::roomVias(const std::string &roomid)
|
||||||
users_with_high_pl_in_room.insert(m);
|
users_with_high_pl_in_room.insert(m);
|
||||||
}
|
}
|
||||||
|
|
||||||
// TODO(Nico): remove acled servers
|
std::erase_if(usercount_by_server, [&isHostAllowed](const auto &item) {
|
||||||
|
return !isHostAllowed(item.first);
|
||||||
|
});
|
||||||
|
|
||||||
// add the highest powerlevel user
|
// add the highest powerlevel user
|
||||||
auto max_pl_user = std::max_element(
|
auto max_pl_user = std::max_element(
|
||||||
|
|
Loading…
Reference in a new issue