From a1ce95076ecd80c880028691feeced8d28cacad9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Damir=20Jeli=C4=87?= Date: Wed, 24 Jun 2020 15:04:37 +0200 Subject: [PATCH] daemon: Catch POST requests that try to send out messages. Synapse seems to accept a POST requests on the _matrix/client/r0/rooms/$ROOM/send/m.room.message path. While this is not specced in any way people might shoot themselves in the foot by sending unencrypted messages to a room if they, by accident, use the wrong HTTP method. This fixes: #56 --- pantalaimon/daemon.py | 3 ++- pantalaimon/main.py | 4 ++++ 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/pantalaimon/daemon.py b/pantalaimon/daemon.py index 637e373..8ad2b93 100755 --- a/pantalaimon/daemon.py +++ b/pantalaimon/daemon.py @@ -19,6 +19,7 @@ import urllib.parse import concurrent.futures from json import JSONDecodeError from typing import Any, Dict +from uuid import uuid4 import aiohttp import attr @@ -817,7 +818,7 @@ class ProxyDaemon: return await self.forward_to_web(request, token=client.access_token) msgtype = request.match_info["event_type"] - txnid = request.match_info["txnid"] + txnid = request.match_info.get("txnid", uuid4()) try: content = await request.json() diff --git a/pantalaimon/main.py b/pantalaimon/main.py index 99387aa..a3ef545 100644 --- a/pantalaimon/main.py +++ b/pantalaimon/main.py @@ -69,6 +69,10 @@ async def init(data_dir, server_conf, send_queue, recv_queue): r"/_matrix/client/r0/rooms/{room_id}/send/{event_type}/{txnid}", proxy.send_message, ), + web.post( + r"/_matrix/client/r0/rooms/{room_id}/send/{event_type}", + proxy.send_message, + ), web.post("/_matrix/client/r0/user/{user_id}/filter", proxy.filter), web.post("/.well-known/matrix/client", proxy.well_known), web.get("/.well-known/matrix/client", proxy.well_known),