Merge branch 'admincommands' into 'next'

improvement: more forgiving admin command syntax See merge request famedly/conduit!535
2023-08-10 15:36:29 +00:00 · 2023-08-10 15:36:29 +00:00 · 9db87550fd
commit 9db87550fd
parent 0a0f227601 606b25b9e7
3 changed files with 22 additions and 2 deletions
--- a/src/service/admin/mod.rs
+++ b/src/service/admin/mod.rs
@ -287,7 +287,7 @@ impl Service {

    // Parse and process a message from the admin room
    async fn process_admin_message(&self, room_message: String) -> RoomMessageEventContent {
-        let mut lines = room_message.lines();
+        let mut lines = room_message.lines().filter(|l| !l.trim().is_empty());
        let command_line = lines.next().expect("each string has at least one line");
        let body: Vec<_> = lines.collect();

--- a/src/service/rooms/event_handler/mod.rs
+++ b/src/service/rooms/event_handler/mod.rs
@ -119,6 +119,7 @@ impl Service {
        let (incoming_pdu, val) = self
            .handle_outlier_pdu(origin, &create_event, event_id, room_id, value, pub_key_map)
            .await?;
+        self.check_room_id(room_id, &incoming_pdu)?;

        // 8. if not timeline event: stop
        if !is_timeline_event {
@ -338,6 +339,8 @@ impl Service {
            )
            .map_err(|_| Error::bad_database("Event is not a valid PDU."))?;

+            self.check_room_id(room_id, &incoming_pdu)?;
+
            // 4. fetch any missing auth events doing all checks listed here starting at 1. These are not timeline events
            // 5. Reject "due to auth events" if can't get all the auth events or some of the auth events are also rejected "due to auth events"
            // NOTE: Step 5 is not applied anymore because it failed too often
@ -373,6 +376,8 @@ impl Service {
                    }
                };

+                self.check_room_id(room_id, &auth_event)?;
+
                match auth_events.entry((
                    auth_event.kind.to_string().into(),
                    auth_event
@ -1178,6 +1183,8 @@ impl Service {
                .await
                .pop()
            {
+                self.check_room_id(room_id, &pdu)?;
+
                if amount > services().globals.max_fetch_prev_events() {
                    // Max limit reached
                    warn!("Max prev event limit reached!");
@ -1702,4 +1709,15 @@ impl Service {
            "Failed to find public key for server",
        ))
    }
+
+    fn check_room_id(&self, room_id: &RoomId, pdu: &PduEvent) -> Result<()> {
+        if pdu.room_id != room_id {
+            warn!("Found event from room {} in room {}", pdu.room_id, room_id);
+            return Err(Error::BadRequest(
+                ErrorKind::InvalidParam,
+                "Event has wrong room id",
+            ));
+        }
+        Ok(())
+    }
 }
--- a/src/service/rooms/timeline/mod.rs
+++ b/src/service/rooms/timeline/mod.rs
@ -456,7 +456,9 @@ impl Service {
                    let server_user = format!("@conduit:{}", services().globals.server_name());

                    let to_conduit = body.starts_with(&format!("{server_user}: "))
-                        || body.starts_with(&format!("{server_user} "));
+                        || body.starts_with(&format!("{server_user} "))
+                        || body == format!("{server_user}:")
+                        || body == format!("{server_user}");

                    // This will evaluate to false if the emergency password is set up so that
                    // the administrator can execute commands as conduit