From b3e0d7afbb24cbc088bb78051cf9b7c8b697c955 Mon Sep 17 00:00:00 2001 From: Tulir Asokan Date: Sat, 15 Jan 2022 13:59:20 +0200 Subject: [PATCH] Reject ghost user invites from non-logged-in users --- go.mod | 4 ++-- go.sum | 8 ++++---- matrix.go | 46 +++++++++++++++++++++++++++++++--------------- portal.go | 38 ++++++++++++++++---------------------- 4 files changed, 53 insertions(+), 43 deletions(-) diff --git a/go.mod b/go.mod index 1f1e4f3..28d9c6f 100644 --- a/go.mod +++ b/go.mod @@ -9,13 +9,13 @@ require ( github.com/mattn/go-sqlite3 v1.14.10 github.com/prometheus/client_golang v1.11.0 github.com/skip2/go-qrcode v0.0.0-20200617195104-da1b6568686e - go.mau.fi/whatsmeow v0.0.0-20220110120209-05fd944cc01e + go.mau.fi/whatsmeow v0.0.0-20220111203410-b078a9e90863 golang.org/x/image v0.0.0-20211028202545-6944b10bf410 google.golang.org/protobuf v1.27.1 gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b maunium.net/go/mauflag v1.0.0 maunium.net/go/maulogger/v2 v2.3.2 - maunium.net/go/mautrix v0.10.9 + maunium.net/go/mautrix v0.10.10-0.20220115114638-0b31804ef8af ) require ( diff --git a/go.sum b/go.sum index 60be244..71542a4 100644 --- a/go.sum +++ b/go.sum @@ -139,8 +139,8 @@ github.com/tidwall/sjson v1.2.3 h1:5+deguEhHSEjmuICXZ21uSSsXotWMA0orU783+Z7Cp8= github.com/tidwall/sjson v1.2.3/go.mod h1:5WdjKx3AQMvCJ4RG6/2UYT7dLrGvJUV1x4jdTAyGvZs= go.mau.fi/libsignal v0.0.0-20211109153248-a67163214910 h1:9FFhG0OmkuMau5UEaTgiUQ+7cSbtbOQ7hiWKdN8OI3I= go.mau.fi/libsignal v0.0.0-20211109153248-a67163214910/go.mod h1:AufGrvVh+00Nc07Jm4hTquh7yleZyn20tKJI2wCPAKg= -go.mau.fi/whatsmeow v0.0.0-20220110120209-05fd944cc01e h1:UCjeeGSVCEA7L1P9LcFzuiATL8pG/NSwdXgM1Vg1UXI= -go.mau.fi/whatsmeow v0.0.0-20220110120209-05fd944cc01e/go.mod h1:8jUjOAi3xtGubxcZgG8uSHpAdyQXBRbWAfxkctX/4y4= +go.mau.fi/whatsmeow v0.0.0-20220111203410-b078a9e90863 h1:5xGt9ghwG3XvlCAnq1WJuJ4mdOR6u/Ho5oYR0Ql9uFw= +go.mau.fi/whatsmeow v0.0.0-20220111203410-b078a9e90863/go.mod h1:8jUjOAi3xtGubxcZgG8uSHpAdyQXBRbWAfxkctX/4y4= golang.org/x/crypto v0.0.0-20170930174604-9419663f5a44/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= @@ -222,5 +222,5 @@ maunium.net/go/mauflag v1.0.0 h1:YiaRc0tEI3toYtJMRIfjP+jklH45uDHtT80nUamyD4M= maunium.net/go/mauflag v1.0.0/go.mod h1:nLivPOpTpHnpzEh8jEdSL9UqO9+/KBJFmNRlwKfkPeA= maunium.net/go/maulogger/v2 v2.3.2 h1:1XmIYmMd3PoQfp9J+PaHhpt80zpfmMqaShzUTC7FwY0= maunium.net/go/maulogger/v2 v2.3.2/go.mod h1:TYWy7wKwz/tIXTpsx8G3mZseIRiC5DoMxSZazOHy68A= -maunium.net/go/mautrix v0.10.9 h1:Xb2lBpjSoMazsSlvsDEqJnuHZDJpYpxwza2N0w60UV0= -maunium.net/go/mautrix v0.10.9/go.mod h1:4XljZZGZiIlpfbQ+Tt2ykjapskJ8a7Z2i9y/+YaceF8= +maunium.net/go/mautrix v0.10.10-0.20220115114638-0b31804ef8af h1:hrHq1iJK9mrEvhvTUMb3YBxoNL5kdHGWCpg+XAcBMM4= +maunium.net/go/mautrix v0.10.10-0.20220115114638-0b31804ef8af/go.mod h1:4XljZZGZiIlpfbQ+Tt2ykjapskJ8a7Z2i9y/+YaceF8= diff --git a/matrix.go b/matrix.go index b1b5894..9f3d18d 100644 --- a/matrix.go +++ b/matrix.go @@ -208,15 +208,31 @@ func (mx *MatrixHandler) createPrivatePortalFromInvite(roomID id.RoomID, inviter portal.Update() portal.UpdateBridgeInfo() _, _ = intent.SendNotice(roomID, "Private chat portal created") - - //err := portal.FillInitialHistory(inviter) - //if err != nil { - // portal.log.Errorln("Failed to fill history:", err) - //} } func (mx *MatrixHandler) HandlePuppetInvite(evt *event.Event, inviter *User, puppet *Puppet) { intent := puppet.DefaultIntent() + + if !inviter.Whitelisted { + puppet.log.Debugfln("Rejecting invite from %s to %s: user is not whitelisted", evt.Sender, evt.RoomID) + _, err := intent.LeaveRoom(evt.RoomID, &mautrix.ReqLeave{ + Reason: "You're not whitelisted to use this bridge", + }) + if err != nil { + puppet.log.Warnfln("Failed to reject invite from %s to %s: %v", evt.Sender, evt.RoomID, err) + } + return + } else if !inviter.IsLoggedIn() { + puppet.log.Debugfln("Rejecting invite from %s to %s: user is not logged in", evt.Sender, evt.RoomID) + _, err := intent.LeaveRoom(evt.RoomID, &mautrix.ReqLeave{ + Reason: "You're not logged into this bridge", + }) + if err != nil { + puppet.log.Warnfln("Failed to reject invite from %s to %s: %v", evt.Sender, evt.RoomID, err) + } + return + } + members := mx.joinAndCheckMembers(evt, intent) if members == nil { return @@ -264,21 +280,21 @@ func (mx *MatrixHandler) HandleMembership(evt *event.Event) { } user := mx.bridge.GetUserByMXID(evt.Sender) - if user == nil || !user.Whitelisted || !user.IsLoggedIn() { + if user == nil { return } - + isSelf := id.UserID(evt.GetStateKey()) == evt.Sender + puppet := mx.bridge.GetPuppetByMXID(id.UserID(evt.GetStateKey())) portal := mx.bridge.GetPortalByMXID(evt.RoomID) if portal == nil { - puppet := mx.bridge.GetPuppetByMXID(id.UserID(evt.GetStateKey())) - if content.Membership == event.MembershipInvite && puppet != nil { + if puppet != nil && content.Membership == event.MembershipInvite { mx.HandlePuppetInvite(evt, user, puppet) } return + } else if !user.Whitelisted || !user.IsLoggedIn() { + return } - isSelf := id.UserID(evt.GetStateKey()) == evt.Sender - if content.Membership == event.MembershipLeave { if evt.Unsigned.PrevContent != nil { _ = evt.Unsigned.PrevContent.ParseRaw(evt.Type) @@ -289,11 +305,11 @@ func (mx *MatrixHandler) HandleMembership(evt *event.Event) { } if isSelf { portal.HandleMatrixLeave(user) - } else { - portal.HandleMatrixKick(user, evt) + } else if puppet != nil { + portal.HandleMatrixKick(user, puppet) } - } else if content.Membership == event.MembershipInvite && !isSelf { - portal.HandleMatrixInvite(user, evt) + } else if content.Membership == event.MembershipInvite && !isSelf && puppet != nil { + portal.HandleMatrixInvite(user, puppet) } } diff --git a/portal.go b/portal.go index 1b700f6..1eb4c83 100644 --- a/portal.go +++ b/portal.go @@ -2621,32 +2621,26 @@ func (portal *Portal) HandleMatrixLeave(sender *User) { portal.CleanupIfEmpty() } -func (portal *Portal) HandleMatrixKick(sender *User, evt *event.Event) { - puppet := portal.bridge.GetPuppetByMXID(id.UserID(evt.GetStateKey())) - if puppet != nil { - _, err := sender.Client.UpdateGroupParticipants(portal.Key.JID, map[types.JID]whatsmeow.ParticipantChange{ - puppet.JID: whatsmeow.ParticipantChangeRemove, - }) - if err != nil { - portal.log.Errorfln("Failed to kick %s from group as %s: %v", puppet.JID, sender.MXID, err) - return - } - //portal.log.Infoln("Kick %s response: %s", puppet.JID, <-resp) +func (portal *Portal) HandleMatrixKick(sender *User, target *Puppet) { + _, err := sender.Client.UpdateGroupParticipants(portal.Key.JID, map[types.JID]whatsmeow.ParticipantChange{ + target.JID: whatsmeow.ParticipantChangeRemove, + }) + if err != nil { + portal.log.Errorfln("Failed to kick %s from group as %s: %v", target.JID, sender.MXID, err) + return } + //portal.log.Infoln("Kick %s response: %s", puppet.JID, <-resp) } -func (portal *Portal) HandleMatrixInvite(sender *User, evt *event.Event) { - puppet := portal.bridge.GetPuppetByMXID(id.UserID(evt.GetStateKey())) - if puppet != nil { - _, err := sender.Client.UpdateGroupParticipants(portal.Key.JID, map[types.JID]whatsmeow.ParticipantChange{ - puppet.JID: whatsmeow.ParticipantChangeAdd, - }) - if err != nil { - portal.log.Errorfln("Failed to add %s to group as %s: %v", puppet.JID, sender.MXID, err) - return - } - //portal.log.Infofln("Add %s response: %s", puppet.JID, <-resp) +func (portal *Portal) HandleMatrixInvite(sender *User, target *Puppet) { + _, err := sender.Client.UpdateGroupParticipants(portal.Key.JID, map[types.JID]whatsmeow.ParticipantChange{ + target.JID: whatsmeow.ParticipantChangeAdd, + }) + if err != nil { + portal.log.Errorfln("Failed to add %s to group as %s: %v", target.JID, sender.MXID, err) + return } + //portal.log.Infofln("Add %s response: %s", puppet.JID, <-resp) } func (portal *Portal) HandleMatrixMeta(sender *User, evt *event.Event) {