Add trusted_servers, filter servers to query keys by trusted_servers

This commit is contained in:
Devin Ragotzy 2021-03-01 09:17:53 -05:00
parent c9f4ff5cf8
commit 79c9de98cd
3 changed files with 19 additions and 3 deletions

View File

@ -39,6 +39,8 @@ pub struct Config {
#[serde(default = "false_fn")] #[serde(default = "false_fn")]
allow_federation: bool, allow_federation: bool,
jwt_secret: Option<String>, jwt_secret: Option<String>,
#[serde(default = "Vec::new")]
trusted_servers: Vec<Box<ServerName>>,
} }
fn false_fn() -> bool { fn false_fn() -> bool {

View File

@ -139,6 +139,10 @@ impl Globals {
self.config.allow_federation self.config.allow_federation
} }
pub fn trusted_servers(&self) -> &[Box<ServerName>] {
&self.config.trusted_servers
}
pub fn dns_resolver(&self) -> &TokioAsyncResolver { pub fn dns_resolver(&self) -> &TokioAsyncResolver {
&self.dns_resolver &self.dns_resolver
} }

View File

@ -1138,7 +1138,9 @@ pub(crate) async fn fetch_signing_keys(
Ok(keys.server_key.verify_keys) Ok(keys.server_key.verify_keys)
} }
_ => { _ => {
for server in db.rooms.room_servers(room_id) { for server in db.rooms.room_servers(room_id).filter(
|ser| matches!(ser, Ok(s) if db.globals.trusted_servers().contains(s)),
) {
let server = server?; let server = server?;
if let Ok(keys) = db if let Ok(keys) = db
.sending .sending
@ -1154,8 +1156,9 @@ pub(crate) async fn fetch_signing_keys(
) )
.await .await
{ {
let mut trust = 0;
let keys: Vec<ServerSigningKeys> = keys.server_keys; let keys: Vec<ServerSigningKeys> = keys.server_keys;
let key = keys.into_iter().fold(None, |mut key, next| { let key = keys.iter().fold(None, |mut key, next| {
if let Some(verified) = &key { if let Some(verified) = &key {
// rustc cannot elide this type for some reason // rustc cannot elide this type for some reason
let v: &ServerSigningKeys = verified; let v: &ServerSigningKeys = verified;
@ -1164,12 +1167,19 @@ pub(crate) async fn fetch_signing_keys(
.zip(next.verify_keys.iter()) .zip(next.verify_keys.iter())
.all(|(a, b)| a.1.key == b.1.key) .all(|(a, b)| a.1.key == b.1.key)
{ {
trust += 1;
} }
} else { } else {
key = Some(next) key = Some(next.clone())
} }
key key
}); });
if trust == (keys.len() - 1) && key.is_some() {
let k = key.unwrap();
db.globals.add_signing_key(origin, &k)?;
return Ok(k.verify_keys);
}
} }
} }
Err(Error::BadServerResponse( Err(Error::BadServerResponse(