Add plugin APIs for implementations of custom event rules.

2025-05-03 02:44:53 -04:00 · 2019-06-12 10:31:37 +01:00 · 2019-06-12 10:31:37 +01:00 · f874b16b2e
commit f874b16b2e
parent 6bac9ca6d7
9 changed files with 284 additions and 4 deletions
--- a/synapse/handlers/federation.py
+++ b/synapse/handlers/federation.py
@ -1,6 +1,7 @@
 # -*- coding: utf-8 -*-
 # Copyright 2014-2016 OpenMarket Ltd
-# Copyright 2018 New Vector Ltd
+# Copyright 2017-2018 New Vector Ltd
+# Copyright 2019 The Matrix.org Foundation C.I.C.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@ -33,6 +34,7 @@ from synapse.api.constants import EventTypes, Membership, RejectedReason
 from synapse.api.errors import (
    AuthError,
    CodeMessageException,
+    Codes,
    FederationDeniedError,
    FederationError,
    RequestSendFailed,
@ -127,6 +129,8 @@ class FederationHandler(BaseHandler):
        self.room_queues = {}
        self._room_pdu_linearizer = Linearizer("fed_room_pdu")

+        self.third_party_event_rules = hs.get_third_party_event_rules()
+
    @defer.inlineCallbacks
    def on_receive_pdu(
            self, origin, pdu, sent_to_us_directly=False,
@ -1258,6 +1262,15 @@ class FederationHandler(BaseHandler):
            logger.warn("Failed to create join %r because %s", event, e)
            raise e

+        event_allowed = yield self.third_party_event_rules.check_event_allowed(
+            event, context,
+        )
+        if not event_allowed:
+            logger.info("Creation of join %s forbidden by third-party rules", event)
+            raise SynapseError(
+                403, "This event is not allowed in this context", Codes.FORBIDDEN,
+            )
+
        # The remote hasn't signed it yet, obviously. We'll do the full checks
        # when we get the event back in `on_send_join_request`
        yield self.auth.check_from_context(
@ -1300,6 +1313,15 @@ class FederationHandler(BaseHandler):
            origin, event
        )

+        event_allowed = yield self.third_party_event_rules.check_event_allowed(
+            event, context,
+        )
+        if not event_allowed:
+            logger.info("Sending of join %s forbidden by third-party rules", event)
+            raise SynapseError(
+                403, "This event is not allowed in this context", Codes.FORBIDDEN,
+            )
+
        logger.debug(
            "on_send_join_request: After _handle_new_event: %s, sigs: %s",
            event.event_id,
@ -1458,6 +1480,15 @@ class FederationHandler(BaseHandler):
            builder=builder,
        )

+        event_allowed = yield self.third_party_event_rules.check_event_allowed(
+            event, context,
+        )
+        if not event_allowed:
+            logger.warning("Creation of leave %s forbidden by third-party rules", event)
+            raise SynapseError(
+                403, "This event is not allowed in this context", Codes.FORBIDDEN,
+            )
+
        try:
            # The remote hasn't signed it yet, obviously. We'll do the full checks
            # when we get the event back in `on_send_leave_request`
@ -1484,10 +1515,19 @@ class FederationHandler(BaseHandler):

        event.internal_metadata.outlier = False

-        yield self._handle_new_event(
+        context = yield self._handle_new_event(
            origin, event
        )

+        event_allowed = yield self.third_party_event_rules.check_event_allowed(
+            event, context,
+        )
+        if not event_allowed:
+            logger.info("Sending of leave %s forbidden by third-party rules", event)
+            raise SynapseError(
+                403, "This event is not allowed in this context", Codes.FORBIDDEN,
+            )
+
        logger.debug(
            "on_send_leave_request: After _handle_new_event: %s, sigs: %s",
            event.event_id,
@ -2550,6 +2590,18 @@ class FederationHandler(BaseHandler):
                builder=builder
            )

+            event_allowed = yield self.third_party_event_rules.check_event_allowed(
+                event, context,
+            )
+            if not event_allowed:
+                logger.info(
+                    "Creation of threepid invite %s forbidden by third-party rules",
+                    event,
+                )
+                raise SynapseError(
+                    403, "This event is not allowed in this context", Codes.FORBIDDEN,
+                )
+
            event, context = yield self.add_display_name_to_third_party_invite(
                room_version, event_dict, event, context
            )
@ -2598,6 +2650,18 @@ class FederationHandler(BaseHandler):
            builder=builder,
        )

+        event_allowed = yield self.third_party_event_rules.check_event_allowed(
+            event, context,
+        )
+        if not event_allowed:
+            logger.warning(
+                "Exchange of threepid invite %s forbidden by third-party rules",
+                event,
+            )
+            raise SynapseError(
+                403, "This event is not allowed in this context", Codes.FORBIDDEN,
+            )
+
        event, context = yield self.add_display_name_to_third_party_invite(
            room_version, event_dict, event, context
        )