nodejs/hookshot
nodejs/hookshot
1
0
Fork 0
mirror of https://github.com/matrix-org/matrix-hookshot.git synced 2025-03-10 21:19:13 +00:00
Code Issues Packages Projects Releases Wiki Activity

Prevent users without permissions from inviting the bot (#561)

Browse Source 
* Add filter

* tweak

* changelog

* Kick the right user

* Update src/Bridge.ts

Co-authored-by: Andrew Ferrazzutti <andrewf@element.io>

* Update src/Bridge.ts

Co-authored-by: Andrew Ferrazzutti <andrewf@element.io>

* Update changelog.d/561.bugfix

Co-authored-by: Andrew Ferrazzutti <andrewf@element.io>

* Cleanup underlyingClient

Co-authored-by: Andrew Ferrazzutti <andrewf@element.io>
This commit is contained in:
Will Hunt 2022-11-03 12:55:48 +00:00 committed by GitHub
parent cf10cf47a2
commit 28235547d2
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 13 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
changelog.d/561.bugfix Normal file
View File

@ -0,0 +1 @@
The bot no longer accepts invites from users who do not have permission to use it.

18
src/Bridge.ts
View File

@ -97,7 +97,7 @@ export class Bridge {
while(joinedRooms === undefined) { while(joinedRooms === undefined) {
try { try {
log.info("Connecting to homeserver and fetching joined rooms.."); log.info("Connecting to homeserver and fetching joined rooms..");
joinedRooms = await this.as.botIntent.underlyingClient.getJoinedRooms(); joinedRooms = await this.as.botClient.getJoinedRooms();
log.debug(`Bridge bot is joined to ${joinedRooms.length} rooms`); log.debug(`Bridge bot is joined to ${joinedRooms.length} rooms`);
} catch (ex) { } catch (ex) {
// This is our first interaction with the homeserver, so wait if it's not ready yet. // This is our first interaction with the homeserver, so wait if it's not ready yet.
@ -683,11 +683,11 @@ export class Bridge {
// TODO: Refactor this to be a connection // TODO: Refactor this to be a connection
try { try {
let accountData = await this.as.botIntent.underlyingClient.getSafeRoomAccountData<AdminAccountData>( let accountData = await this.as.botClient.getSafeRoomAccountData<AdminAccountData>(
BRIDGE_ROOM_TYPE, roomId, BRIDGE_ROOM_TYPE, roomId,
); );
if (!accountData) { if (!accountData) {
accountData = await this.as.botIntent.underlyingClient.getSafeRoomAccountData<AdminAccountData>( accountData = await this.as.botClient.getSafeRoomAccountData<AdminAccountData>(
LEGACY_BRIDGE_ROOM_TYPE, roomId, LEGACY_BRIDGE_ROOM_TYPE, roomId,
); );
if (!accountData) { if (!accountData) {
@ -701,12 +701,12 @@ export class Bridge {
let notifContent; let notifContent;
try { try {
notifContent = await this.as.botIntent.underlyingClient.getRoomStateEvent( notifContent = await this.as.botClient.getRoomStateEvent(
roomId, NotifFilter.StateType, "", roomId, NotifFilter.StateType, "",
); );
} catch (ex) { } catch (ex) {
try { try {
notifContent = await this.as.botIntent.underlyingClient.getRoomStateEvent( notifContent = await this.as.botClient.getRoomStateEvent(
roomId, NotifFilter.LegacyStateType, "", roomId, NotifFilter.LegacyStateType, "",
); );
} }
@ -779,8 +779,14 @@ export class Bridge {
log.info(`Got invite roomId=${roomId} from=${event.sender} to=${event.state_key}`); log.info(`Got invite roomId=${roomId} from=${event.sender} to=${event.state_key}`);
// Room joins can fail over federation // Room joins can fail over federation
if (event.state_key !== this.as.botUserId) { if (event.state_key !== this.as.botUserId) {
return this.as.botIntent.underlyingClient.kickUser(this.as.botUserId, roomId, "Bridge does not support DMing ghosts"); return this.as.botClient.kickUser(event.state_key, roomId, "Bridge does not support DMing ghosts");
} }
// Don't accept invites from people who can't do anything
if (!this.config.checkPermissionAny(event.sender, BridgePermissionLevel.login)) {
return this.as.botClient.kickUser(this.as.botUserId, roomId, "You do not have permission to invite this bot.");
}
await retry(() => this.as.botIntent.joinRoom(roomId), 5); await retry(() => this.as.botIntent.joinRoom(roomId), 5);
if (event.content.is_direct) { if (event.content.is_direct) {
const room = await this.setUpAdminRoom(roomId, {admin_user: event.sender}, NotifFilter.getDefaultContent()); const room = await this.setUpAdminRoom(roomId, {admin_user: event.sender}, NotifFilter.getDefaultContent());