Merge pull request #5479 from matrix-org/erikj/add_create_room_hook_develop

Add third party rules hook into create room
This commit is contained in:
Erik Johnston 2019-06-17 17:30:05 +01:00 committed by GitHub
commit 8353ddd951
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 49 additions and 4 deletions

1
changelog.d/5474.feature Normal file
View File

@ -0,0 +1 @@
Allow server admins to define implementations of extra rules for allowing or denying incoming events.

View File

@ -17,8 +17,8 @@ from twisted.internet import defer
class ThirdPartyEventRules(object): class ThirdPartyEventRules(object):
"""Allows server admins to provide a Python module implementing an extra set of rules """Allows server admins to provide a Python module implementing an extra
to apply when processing events. set of rules to apply when processing events.
This is designed to help admins of closed federations with enforcing custom This is designed to help admins of closed federations with enforcing custom
behaviours. behaviours.
@ -46,7 +46,7 @@ class ThirdPartyEventRules(object):
context (synapse.events.snapshot.EventContext): The context of the event. context (synapse.events.snapshot.EventContext): The context of the event.
Returns: Returns:
defer.Deferred(bool), True if the event should be allowed, False if not. defer.Deferred[bool]: True if the event should be allowed, False if not.
""" """
if self.third_party_rules is None: if self.third_party_rules is None:
defer.returnValue(True) defer.returnValue(True)
@ -60,3 +60,24 @@ class ThirdPartyEventRules(object):
ret = yield self.third_party_rules.check_event_allowed(event, state_events) ret = yield self.third_party_rules.check_event_allowed(event, state_events)
defer.returnValue(ret) defer.returnValue(ret)
@defer.inlineCallbacks
def on_create_room(self, requester, config, is_requester_admin):
"""Intercept requests to create room to allow, deny or update the
request config.
Args:
requester (Requester)
config (dict): The creation config from the client.
is_requester_admin (bool): If the requester is an admin
Returns:
defer.Deferred
"""
if self.third_party_rules is None:
return
yield self.third_party_rules.on_create_room(
requester, config, is_requester_admin
)

View File

@ -75,6 +75,10 @@ class RoomCreationHandler(BaseHandler):
# linearizer to stop two upgrades happening at once # linearizer to stop two upgrades happening at once
self._upgrade_linearizer = Linearizer("room_upgrade_linearizer") self._upgrade_linearizer = Linearizer("room_upgrade_linearizer")
self._server_notices_mxid = hs.config.server_notices_mxid
self.third_party_event_rules = hs.get_third_party_event_rules()
@defer.inlineCallbacks @defer.inlineCallbacks
def upgrade_room(self, requester, old_room_id, new_version): def upgrade_room(self, requester, old_room_id, new_version):
"""Replace a room with a new room with a different version """Replace a room with a new room with a different version
@ -470,7 +474,26 @@ class RoomCreationHandler(BaseHandler):
yield self.auth.check_auth_blocking(user_id) yield self.auth.check_auth_blocking(user_id)
if not self.spam_checker.user_may_create_room(user_id): if (self._server_notices_mxid is not None and
requester.user.to_string() == self._server_notices_mxid):
# allow the server notices mxid to create rooms
is_requester_admin = True
else:
is_requester_admin = yield self.auth.is_server_admin(
requester.user,
)
# Check whether the third party rules allows/changes the room create
# request.
yield self.third_party_event_rules.on_create_room(
requester,
config,
is_requester_admin=is_requester_admin,
)
if not is_requester_admin and not self.spam_checker.user_may_create_room(
user_id,
):
raise SynapseError(403, "You are not permitted to create rooms") raise SynapseError(403, "You are not permitted to create rooms")
if ratelimit: if ratelimit: