0
0
Fork 0
mirror of https://github.com/matrix-construct/construct synced 2024-12-27 07:54:05 +01:00

ircd:Ⓜ️:fetch: Add result check opts to request interface opts; feature authoritative_redactions.

This commit is contained in:
Jason Volk 2020-10-03 03:53:58 -07:00
parent 6179c511d4
commit e362a509d8
2 changed files with 52 additions and 13 deletions

View file

@ -106,6 +106,29 @@ struct ircd::m::fetch::opts
/// by the user here. The default of 0 will be replaced by some internal /// by the user here. The default of 0 will be replaced by some internal
/// configured limit like 8 or 16 etc. /// configured limit like 8 or 16 etc.
size_t backfill_limit {0}; size_t backfill_limit {0};
/// Whether to hash the result for event_id (ignored for v1/v2); this is
/// important to ignore poisonous results and continuing.
bool check_event_id {true};
/// Whether to run the conforms checks on the result; this is important
/// to screen out poisonous results while continuing to try other servers.
bool check_conforms {true};
/// Whether to check if the content hash matches. This might not match if
/// the event is redacted (or junk), so other servers will then be tried.
/// Note the case of authoriative redactions below; and if true that may
/// allow a condition for forcing check_hashes=false.
bool check_hashes {true};
/// Whether to allow content hash mismatch iff the result was received from
/// the event's origin. If the origin of the event wants to redact the
/// event we accept; otherwise we continue to look for an unredacted copy.
bool authoritative_redaction {true};
/// Whether to verify signature of result before accepting; this is
/// important to ignore poisonous results and continuing.
bool check_signature {true};
}; };
struct ircd::m::fetch::result struct ircd::m::fetch::result

View file

@ -728,7 +728,8 @@ namespace ircd::m::fetch
extern conf::item<bool> check_event_id; extern conf::item<bool> check_event_id;
extern conf::item<bool> check_conforms; extern conf::item<bool> check_conforms;
extern conf::item<bool> check_signature; extern conf::item<bool> check_signature;
extern conf::item<bool> check_redacted; extern conf::item<bool> check_hashes;
extern conf::item<bool> check_authoritative_redaction;
} }
decltype(ircd::m::fetch::check_event_id) decltype(ircd::m::fetch::check_event_id)
@ -745,10 +746,17 @@ ircd::m::fetch::check_conforms
{ "default", true }, { "default", true },
}; };
decltype(ircd::m::fetch::check_redacted) decltype(ircd::m::fetch::check_hashes)
ircd::m::fetch::check_redacted ircd::m::fetch::check_hashes
{ {
{ "name", "ircd.m.fetch.check.redacted" }, { "name", "ircd.m.fetch.check.hashes" },
{ "default", true },
};
decltype(ircd::m::fetch::check_authoritative_redaction)
ircd::m::fetch::check_authoritative_redaction
{
{ "name", "ircd.m.fetch.check.authoritative_redaction" },
{ "default", true }, { "default", true },
}; };
@ -861,7 +869,7 @@ void
ircd::m::fetch::_check_event(const request &request, ircd::m::fetch::_check_event(const request &request,
const m::event &event) const m::event &event)
{ {
if(check_event_id && !m::check_id(event)) if(request.opts.check_event_id && check_event_id && !m::check_id(event))
{ {
event::id::buf buf; event::id::buf buf;
const m::event &claim const m::event &claim
@ -877,21 +885,29 @@ ircd::m::fetch::_check_event(const request &request,
}; };
} }
if(check_conforms) if(request.opts.check_conforms && check_conforms)
{ {
m::event::conforms conforms m::event::conforms conforms
{ {
event event
}; };
const bool redacted const bool mismatch_hashes
{ {
check_redacted && conforms.has(m::event::conforms::MISMATCH_HASHES)? check_hashes
bool(m::redacted(request.opts.event_id)): && request.opts.check_hashes
false && conforms.has(m::event::conforms::MISMATCH_HASHES)
}; };
if(redacted || !check_redacted) const bool authoritative_redaction
{
check_authoritative_redaction
&& request.opts.authoritative_redaction
&& mismatch_hashes
&& json::get<"origin"_>(event) == request.origin
};
if(authoritative_redaction)
conforms.del(m::event::conforms::MISMATCH_HASHES); conforms.del(m::event::conforms::MISMATCH_HASHES);
thread_local char buf[128]; thread_local char buf[128];
@ -910,7 +926,7 @@ ircd::m::fetch::_check_event(const request &request,
} }
// only check signature for v1 events // only check signature for v1 events
if(check_signature && request.opts.event_id.version() == "1") if(request.opts.check_signature && check_signature && request.opts.event_id.version() == "1")
{ {
const string_view &server const string_view &server
{ {