Measure Auth.check
parent
c53f9d561e
commit
0f2ca8cde1
|
@ -25,6 +25,7 @@ from synapse.api.errors import AuthError, Codes, SynapseError, EventSizeError
|
||||||
from synapse.types import Requester, RoomID, UserID, EventID
|
from synapse.types import Requester, RoomID, UserID, EventID
|
||||||
from synapse.util.logutils import log_function
|
from synapse.util.logutils import log_function
|
||||||
from synapse.util.logcontext import preserve_context_over_fn
|
from synapse.util.logcontext import preserve_context_over_fn
|
||||||
|
from synapse.util.metrics import Measure
|
||||||
from unpaddedbase64 import decode_base64
|
from unpaddedbase64 import decode_base64
|
||||||
|
|
||||||
import logging
|
import logging
|
||||||
|
@ -44,6 +45,7 @@ class Auth(object):
|
||||||
|
|
||||||
def __init__(self, hs):
|
def __init__(self, hs):
|
||||||
self.hs = hs
|
self.hs = hs
|
||||||
|
self.clock = hs.get_clock()
|
||||||
self.store = hs.get_datastore()
|
self.store = hs.get_datastore()
|
||||||
self.state = hs.get_state_handler()
|
self.state = hs.get_state_handler()
|
||||||
self.TOKEN_NOT_FOUND_HTTP_STATUS = 401
|
self.TOKEN_NOT_FOUND_HTTP_STATUS = 401
|
||||||
|
@ -66,66 +68,67 @@ class Auth(object):
|
||||||
Returns:
|
Returns:
|
||||||
True if the auth checks pass.
|
True if the auth checks pass.
|
||||||
"""
|
"""
|
||||||
self.check_size_limits(event)
|
with Measure(self.clock, "auth.check"):
|
||||||
|
self.check_size_limits(event)
|
||||||
|
|
||||||
if not hasattr(event, "room_id"):
|
if not hasattr(event, "room_id"):
|
||||||
raise AuthError(500, "Event has no room_id: %s" % event)
|
raise AuthError(500, "Event has no room_id: %s" % event)
|
||||||
if auth_events is None:
|
if auth_events is None:
|
||||||
# Oh, we don't know what the state of the room was, so we
|
# Oh, we don't know what the state of the room was, so we
|
||||||
# are trusting that this is allowed (at least for now)
|
# are trusting that this is allowed (at least for now)
|
||||||
logger.warn("Trusting event: %s", event.event_id)
|
logger.warn("Trusting event: %s", event.event_id)
|
||||||
return True
|
return True
|
||||||
|
|
||||||
if event.type == EventTypes.Create:
|
if event.type == EventTypes.Create:
|
||||||
# FIXME
|
# FIXME
|
||||||
return True
|
return True
|
||||||
|
|
||||||
creation_event = auth_events.get((EventTypes.Create, ""), None)
|
creation_event = auth_events.get((EventTypes.Create, ""), None)
|
||||||
|
|
||||||
if not creation_event:
|
if not creation_event:
|
||||||
raise SynapseError(
|
raise SynapseError(
|
||||||
403,
|
|
||||||
"Room %r does not exist" % (event.room_id,)
|
|
||||||
)
|
|
||||||
|
|
||||||
creating_domain = RoomID.from_string(event.room_id).domain
|
|
||||||
originating_domain = UserID.from_string(event.sender).domain
|
|
||||||
if creating_domain != originating_domain:
|
|
||||||
if not self.can_federate(event, auth_events):
|
|
||||||
raise AuthError(
|
|
||||||
403,
|
403,
|
||||||
"This room has been marked as unfederatable."
|
"Room %r does not exist" % (event.room_id,)
|
||||||
)
|
)
|
||||||
|
|
||||||
# FIXME: Temp hack
|
creating_domain = RoomID.from_string(event.room_id).domain
|
||||||
if event.type == EventTypes.Aliases:
|
originating_domain = UserID.from_string(event.sender).domain
|
||||||
return True
|
if creating_domain != originating_domain:
|
||||||
|
if not self.can_federate(event, auth_events):
|
||||||
|
raise AuthError(
|
||||||
|
403,
|
||||||
|
"This room has been marked as unfederatable."
|
||||||
|
)
|
||||||
|
|
||||||
logger.debug(
|
# FIXME: Temp hack
|
||||||
"Auth events: %s",
|
if event.type == EventTypes.Aliases:
|
||||||
[a.event_id for a in auth_events.values()]
|
return True
|
||||||
)
|
|
||||||
|
|
||||||
if event.type == EventTypes.Member:
|
logger.debug(
|
||||||
allowed = self.is_membership_change_allowed(
|
"Auth events: %s",
|
||||||
event, auth_events
|
[a.event_id for a in auth_events.values()]
|
||||||
)
|
)
|
||||||
if allowed:
|
|
||||||
logger.debug("Allowing! %s", event)
|
|
||||||
else:
|
|
||||||
logger.debug("Denying! %s", event)
|
|
||||||
return allowed
|
|
||||||
|
|
||||||
self.check_event_sender_in_room(event, auth_events)
|
if event.type == EventTypes.Member:
|
||||||
self._can_send_event(event, auth_events)
|
allowed = self.is_membership_change_allowed(
|
||||||
|
event, auth_events
|
||||||
|
)
|
||||||
|
if allowed:
|
||||||
|
logger.debug("Allowing! %s", event)
|
||||||
|
else:
|
||||||
|
logger.debug("Denying! %s", event)
|
||||||
|
return allowed
|
||||||
|
|
||||||
if event.type == EventTypes.PowerLevels:
|
self.check_event_sender_in_room(event, auth_events)
|
||||||
self._check_power_levels(event, auth_events)
|
self._can_send_event(event, auth_events)
|
||||||
|
|
||||||
if event.type == EventTypes.Redaction:
|
if event.type == EventTypes.PowerLevels:
|
||||||
self.check_redaction(event, auth_events)
|
self._check_power_levels(event, auth_events)
|
||||||
|
|
||||||
logger.debug("Allowing! %s", event)
|
if event.type == EventTypes.Redaction:
|
||||||
|
self.check_redaction(event, auth_events)
|
||||||
|
|
||||||
|
logger.debug("Allowing! %s", event)
|
||||||
|
|
||||||
def check_size_limits(self, event):
|
def check_size_limits(self, event):
|
||||||
def too_big(field):
|
def too_big(field):
|
||||||
|
|
Loading…
Reference in New Issue