Reject ghost user invites from non-logged-in users

This commit is contained in:
Tulir Asokan 2022-01-15 13:59:20 +02:00
parent 7d23d87d0a
commit b3e0d7afbb
4 changed files with 53 additions and 43 deletions

4
go.mod
View file

@ -9,13 +9,13 @@ require (
github.com/mattn/go-sqlite3 v1.14.10 github.com/mattn/go-sqlite3 v1.14.10
github.com/prometheus/client_golang v1.11.0 github.com/prometheus/client_golang v1.11.0
github.com/skip2/go-qrcode v0.0.0-20200617195104-da1b6568686e github.com/skip2/go-qrcode v0.0.0-20200617195104-da1b6568686e
go.mau.fi/whatsmeow v0.0.0-20220110120209-05fd944cc01e go.mau.fi/whatsmeow v0.0.0-20220111203410-b078a9e90863
golang.org/x/image v0.0.0-20211028202545-6944b10bf410 golang.org/x/image v0.0.0-20211028202545-6944b10bf410
google.golang.org/protobuf v1.27.1 google.golang.org/protobuf v1.27.1
gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b
maunium.net/go/mauflag v1.0.0 maunium.net/go/mauflag v1.0.0
maunium.net/go/maulogger/v2 v2.3.2 maunium.net/go/maulogger/v2 v2.3.2
maunium.net/go/mautrix v0.10.9 maunium.net/go/mautrix v0.10.10-0.20220115114638-0b31804ef8af
) )
require ( require (

8
go.sum
View file

@ -139,8 +139,8 @@ github.com/tidwall/sjson v1.2.3 h1:5+deguEhHSEjmuICXZ21uSSsXotWMA0orU783+Z7Cp8=
github.com/tidwall/sjson v1.2.3/go.mod h1:5WdjKx3AQMvCJ4RG6/2UYT7dLrGvJUV1x4jdTAyGvZs= github.com/tidwall/sjson v1.2.3/go.mod h1:5WdjKx3AQMvCJ4RG6/2UYT7dLrGvJUV1x4jdTAyGvZs=
go.mau.fi/libsignal v0.0.0-20211109153248-a67163214910 h1:9FFhG0OmkuMau5UEaTgiUQ+7cSbtbOQ7hiWKdN8OI3I= go.mau.fi/libsignal v0.0.0-20211109153248-a67163214910 h1:9FFhG0OmkuMau5UEaTgiUQ+7cSbtbOQ7hiWKdN8OI3I=
go.mau.fi/libsignal v0.0.0-20211109153248-a67163214910/go.mod h1:AufGrvVh+00Nc07Jm4hTquh7yleZyn20tKJI2wCPAKg= go.mau.fi/libsignal v0.0.0-20211109153248-a67163214910/go.mod h1:AufGrvVh+00Nc07Jm4hTquh7yleZyn20tKJI2wCPAKg=
go.mau.fi/whatsmeow v0.0.0-20220110120209-05fd944cc01e h1:UCjeeGSVCEA7L1P9LcFzuiATL8pG/NSwdXgM1Vg1UXI= go.mau.fi/whatsmeow v0.0.0-20220111203410-b078a9e90863 h1:5xGt9ghwG3XvlCAnq1WJuJ4mdOR6u/Ho5oYR0Ql9uFw=
go.mau.fi/whatsmeow v0.0.0-20220110120209-05fd944cc01e/go.mod h1:8jUjOAi3xtGubxcZgG8uSHpAdyQXBRbWAfxkctX/4y4= go.mau.fi/whatsmeow v0.0.0-20220111203410-b078a9e90863/go.mod h1:8jUjOAi3xtGubxcZgG8uSHpAdyQXBRbWAfxkctX/4y4=
golang.org/x/crypto v0.0.0-20170930174604-9419663f5a44/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20170930174604-9419663f5a44/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
@ -222,5 +222,5 @@ maunium.net/go/mauflag v1.0.0 h1:YiaRc0tEI3toYtJMRIfjP+jklH45uDHtT80nUamyD4M=
maunium.net/go/mauflag v1.0.0/go.mod h1:nLivPOpTpHnpzEh8jEdSL9UqO9+/KBJFmNRlwKfkPeA= maunium.net/go/mauflag v1.0.0/go.mod h1:nLivPOpTpHnpzEh8jEdSL9UqO9+/KBJFmNRlwKfkPeA=
maunium.net/go/maulogger/v2 v2.3.2 h1:1XmIYmMd3PoQfp9J+PaHhpt80zpfmMqaShzUTC7FwY0= maunium.net/go/maulogger/v2 v2.3.2 h1:1XmIYmMd3PoQfp9J+PaHhpt80zpfmMqaShzUTC7FwY0=
maunium.net/go/maulogger/v2 v2.3.2/go.mod h1:TYWy7wKwz/tIXTpsx8G3mZseIRiC5DoMxSZazOHy68A= maunium.net/go/maulogger/v2 v2.3.2/go.mod h1:TYWy7wKwz/tIXTpsx8G3mZseIRiC5DoMxSZazOHy68A=
maunium.net/go/mautrix v0.10.9 h1:Xb2lBpjSoMazsSlvsDEqJnuHZDJpYpxwza2N0w60UV0= maunium.net/go/mautrix v0.10.10-0.20220115114638-0b31804ef8af h1:hrHq1iJK9mrEvhvTUMb3YBxoNL5kdHGWCpg+XAcBMM4=
maunium.net/go/mautrix v0.10.9/go.mod h1:4XljZZGZiIlpfbQ+Tt2ykjapskJ8a7Z2i9y/+YaceF8= maunium.net/go/mautrix v0.10.10-0.20220115114638-0b31804ef8af/go.mod h1:4XljZZGZiIlpfbQ+Tt2ykjapskJ8a7Z2i9y/+YaceF8=

View file

@ -208,15 +208,31 @@ func (mx *MatrixHandler) createPrivatePortalFromInvite(roomID id.RoomID, inviter
portal.Update() portal.Update()
portal.UpdateBridgeInfo() portal.UpdateBridgeInfo()
_, _ = intent.SendNotice(roomID, "Private chat portal created") _, _ = intent.SendNotice(roomID, "Private chat portal created")
//err := portal.FillInitialHistory(inviter)
//if err != nil {
// portal.log.Errorln("Failed to fill history:", err)
//}
} }
func (mx *MatrixHandler) HandlePuppetInvite(evt *event.Event, inviter *User, puppet *Puppet) { func (mx *MatrixHandler) HandlePuppetInvite(evt *event.Event, inviter *User, puppet *Puppet) {
intent := puppet.DefaultIntent() intent := puppet.DefaultIntent()
if !inviter.Whitelisted {
puppet.log.Debugfln("Rejecting invite from %s to %s: user is not whitelisted", evt.Sender, evt.RoomID)
_, err := intent.LeaveRoom(evt.RoomID, &mautrix.ReqLeave{
Reason: "You're not whitelisted to use this bridge",
})
if err != nil {
puppet.log.Warnfln("Failed to reject invite from %s to %s: %v", evt.Sender, evt.RoomID, err)
}
return
} else if !inviter.IsLoggedIn() {
puppet.log.Debugfln("Rejecting invite from %s to %s: user is not logged in", evt.Sender, evt.RoomID)
_, err := intent.LeaveRoom(evt.RoomID, &mautrix.ReqLeave{
Reason: "You're not logged into this bridge",
})
if err != nil {
puppet.log.Warnfln("Failed to reject invite from %s to %s: %v", evt.Sender, evt.RoomID, err)
}
return
}
members := mx.joinAndCheckMembers(evt, intent) members := mx.joinAndCheckMembers(evt, intent)
if members == nil { if members == nil {
return return
@ -264,21 +280,21 @@ func (mx *MatrixHandler) HandleMembership(evt *event.Event) {
} }
user := mx.bridge.GetUserByMXID(evt.Sender) user := mx.bridge.GetUserByMXID(evt.Sender)
if user == nil || !user.Whitelisted || !user.IsLoggedIn() { if user == nil {
return return
} }
isSelf := id.UserID(evt.GetStateKey()) == evt.Sender
puppet := mx.bridge.GetPuppetByMXID(id.UserID(evt.GetStateKey()))
portal := mx.bridge.GetPortalByMXID(evt.RoomID) portal := mx.bridge.GetPortalByMXID(evt.RoomID)
if portal == nil { if portal == nil {
puppet := mx.bridge.GetPuppetByMXID(id.UserID(evt.GetStateKey())) if puppet != nil && content.Membership == event.MembershipInvite {
if content.Membership == event.MembershipInvite && puppet != nil {
mx.HandlePuppetInvite(evt, user, puppet) mx.HandlePuppetInvite(evt, user, puppet)
} }
return return
} else if !user.Whitelisted || !user.IsLoggedIn() {
return
} }
isSelf := id.UserID(evt.GetStateKey()) == evt.Sender
if content.Membership == event.MembershipLeave { if content.Membership == event.MembershipLeave {
if evt.Unsigned.PrevContent != nil { if evt.Unsigned.PrevContent != nil {
_ = evt.Unsigned.PrevContent.ParseRaw(evt.Type) _ = evt.Unsigned.PrevContent.ParseRaw(evt.Type)
@ -289,11 +305,11 @@ func (mx *MatrixHandler) HandleMembership(evt *event.Event) {
} }
if isSelf { if isSelf {
portal.HandleMatrixLeave(user) portal.HandleMatrixLeave(user)
} else { } else if puppet != nil {
portal.HandleMatrixKick(user, evt) portal.HandleMatrixKick(user, puppet)
} }
} else if content.Membership == event.MembershipInvite && !isSelf { } else if content.Membership == event.MembershipInvite && !isSelf && puppet != nil {
portal.HandleMatrixInvite(user, evt) portal.HandleMatrixInvite(user, puppet)
} }
} }

View file

@ -2621,32 +2621,26 @@ func (portal *Portal) HandleMatrixLeave(sender *User) {
portal.CleanupIfEmpty() portal.CleanupIfEmpty()
} }
func (portal *Portal) HandleMatrixKick(sender *User, evt *event.Event) { func (portal *Portal) HandleMatrixKick(sender *User, target *Puppet) {
puppet := portal.bridge.GetPuppetByMXID(id.UserID(evt.GetStateKey())) _, err := sender.Client.UpdateGroupParticipants(portal.Key.JID, map[types.JID]whatsmeow.ParticipantChange{
if puppet != nil { target.JID: whatsmeow.ParticipantChangeRemove,
_, err := sender.Client.UpdateGroupParticipants(portal.Key.JID, map[types.JID]whatsmeow.ParticipantChange{ })
puppet.JID: whatsmeow.ParticipantChangeRemove, if err != nil {
}) portal.log.Errorfln("Failed to kick %s from group as %s: %v", target.JID, sender.MXID, err)
if err != nil { return
portal.log.Errorfln("Failed to kick %s from group as %s: %v", puppet.JID, sender.MXID, err)
return
}
//portal.log.Infoln("Kick %s response: %s", puppet.JID, <-resp)
} }
//portal.log.Infoln("Kick %s response: %s", puppet.JID, <-resp)
} }
func (portal *Portal) HandleMatrixInvite(sender *User, evt *event.Event) { func (portal *Portal) HandleMatrixInvite(sender *User, target *Puppet) {
puppet := portal.bridge.GetPuppetByMXID(id.UserID(evt.GetStateKey())) _, err := sender.Client.UpdateGroupParticipants(portal.Key.JID, map[types.JID]whatsmeow.ParticipantChange{
if puppet != nil { target.JID: whatsmeow.ParticipantChangeAdd,
_, err := sender.Client.UpdateGroupParticipants(portal.Key.JID, map[types.JID]whatsmeow.ParticipantChange{ })
puppet.JID: whatsmeow.ParticipantChangeAdd, if err != nil {
}) portal.log.Errorfln("Failed to add %s to group as %s: %v", target.JID, sender.MXID, err)
if err != nil { return
portal.log.Errorfln("Failed to add %s to group as %s: %v", puppet.JID, sender.MXID, err)
return
}
//portal.log.Infofln("Add %s response: %s", puppet.JID, <-resp)
} }
//portal.log.Infofln("Add %s response: %s", puppet.JID, <-resp)
} }
func (portal *Portal) HandleMatrixMeta(sender *User, evt *event.Event) { func (portal *Portal) HandleMatrixMeta(sender *User, evt *event.Event) {