diff --git a/changelog.d/5474.feature b/changelog.d/5474.feature new file mode 100644 index 000000000..63d9b5873 --- /dev/null +++ b/changelog.d/5474.feature @@ -0,0 +1 @@ +Allow server admins to define implementations of extra rules for allowing or denying incoming events. diff --git a/synapse/events/third_party_rules.py b/synapse/events/third_party_rules.py index 9f98d5152..ee7b97ad3 100644 --- a/synapse/events/third_party_rules.py +++ b/synapse/events/third_party_rules.py @@ -17,8 +17,8 @@ from twisted.internet import defer class ThirdPartyEventRules(object): - """Allows server admins to provide a Python module implementing an extra set of rules - to apply when processing events. + """Allows server admins to provide a Python module implementing an extra + set of rules to apply when processing events. This is designed to help admins of closed federations with enforcing custom behaviours. @@ -46,7 +46,7 @@ class ThirdPartyEventRules(object): context (synapse.events.snapshot.EventContext): The context of the event. Returns: - defer.Deferred(bool), True if the event should be allowed, False if not. + defer.Deferred[bool]: True if the event should be allowed, False if not. """ if self.third_party_rules is None: defer.returnValue(True) @@ -60,3 +60,24 @@ class ThirdPartyEventRules(object): ret = yield self.third_party_rules.check_event_allowed(event, state_events) defer.returnValue(ret) + + @defer.inlineCallbacks + def on_create_room(self, requester, config, is_requester_admin): + """Intercept requests to create room to allow, deny or update the + request config. + + Args: + requester (Requester) + config (dict): The creation config from the client. + is_requester_admin (bool): If the requester is an admin + + Returns: + defer.Deferred + """ + + if self.third_party_rules is None: + return + + yield self.third_party_rules.on_create_room( + requester, config, is_requester_admin + ) diff --git a/synapse/handlers/room.py b/synapse/handlers/room.py index dbcfb8990..7c24f9aac 100644 --- a/synapse/handlers/room.py +++ b/synapse/handlers/room.py @@ -79,6 +79,8 @@ class RoomCreationHandler(BaseHandler): self._server_notices_mxid = hs.config.server_notices_mxid + self.third_party_event_rules = hs.get_third_party_event_rules() + @defer.inlineCallbacks def upgrade_room(self, requester, old_room_id, new_version): """Replace a room with a new room with a different version @@ -489,9 +491,6 @@ class RoomCreationHandler(BaseHandler): yield self.auth.check_auth_blocking(user_id) - invite_list = config.get("invite", []) - invite_3pid_list = config.get("invite_3pid", []) - if (self._server_notices_mxid is not None and requester.user.to_string() == self._server_notices_mxid): # allow the server notices mxid to create rooms @@ -501,6 +500,17 @@ class RoomCreationHandler(BaseHandler): requester.user, ) + # Check whether the third party rules allows/changes the room create + # request. + yield self.third_party_event_rules.on_create_room( + requester, + config, + is_requester_admin=is_requester_admin, + ) + + invite_list = config.get("invite", []) + invite_3pid_list = config.get("invite_3pid", []) + if not is_requester_admin and not self.spam_checker.user_may_create_room( user_id, invite_list=invite_list,