ruma_state_res/
event_auth.rs

1use std::{
2    borrow::Borrow,
3    collections::{BTreeMap, BTreeSet, HashSet},
4};
5
6use js_int::Int;
7use ruma_common::{
8    room::JoinRuleKind, room_version_rules::AuthorizationRules, EventId, OwnedUserId, UserId,
9};
10use ruma_events::{
11    room::{member::MembershipState, power_levels::UserPowerLevel},
12    StateEventType, TimelineEventType,
13};
14use serde_json::value::RawValue as RawJsonValue;
15use tracing::{debug, info, instrument, warn};
16
17mod room_member;
18#[cfg(test)]
19mod tests;
20
21use self::room_member::check_room_member;
22use crate::{
23    events::{
24        member::{RoomMemberEventContent, RoomMemberEventOptionExt},
25        power_levels::{RoomPowerLevelsEventOptionExt, RoomPowerLevelsIntField},
26        RoomCreateEvent, RoomJoinRulesEvent, RoomMemberEvent, RoomPowerLevelsEvent,
27        RoomThirdPartyInviteEvent,
28    },
29    utils::RoomIdExt,
30    Event,
31};
32
33/// Get the list of [relevant auth events] required to authorize the event of the given type.
34///
35/// Returns a list of `(event_type, state_key)` tuples.
36///
37/// # Errors
38///
39/// Returns an `Err(_)` if a field could not be deserialized because `content` does not respect the
40/// expected format for the `event_type`.
41///
42/// [relevant auth events]: https://spec.matrix.org/latest/server-server-api/#auth-events-selection
43pub fn auth_types_for_event(
44    event_type: &TimelineEventType,
45    sender: &UserId,
46    state_key: Option<&str>,
47    content: &RawJsonValue,
48    rules: &AuthorizationRules,
49) -> Result<Vec<(StateEventType, String)>, String> {
50    // The `auth_events` for the `m.room.create` event in a room is empty.
51    if event_type == &TimelineEventType::RoomCreate {
52        return Ok(vec![]);
53    }
54
55    // For other events, it should be the following subset of the room state:
56    //
57    // - The current `m.room.power_levels` event, if any.
58    // - The sender’s current `m.room.member` event, if any.
59    let mut auth_types = vec![
60        (StateEventType::RoomPowerLevels, "".to_owned()),
61        (StateEventType::RoomMember, sender.to_string()),
62    ];
63
64    // v1-v11, the `m.room.create` event.
65    if !rules.room_create_event_id_as_room_id {
66        auth_types.push((StateEventType::RoomCreate, "".to_owned()));
67    }
68
69    // If type is `m.room.member`:
70    if event_type == &TimelineEventType::RoomMember {
71        // The target’s current `m.room.member` event, if any.
72        let Some(state_key) = state_key else {
73            return Err("missing `state_key` field for `m.room.member` event".to_owned());
74        };
75        let key = (StateEventType::RoomMember, state_key.to_owned());
76        if !auth_types.contains(&key) {
77            auth_types.push(key);
78        }
79
80        let content = RoomMemberEventContent::new(content);
81        let membership = content.membership()?;
82
83        // If `membership` is `join`, `invite` or `knock`, the current `m.room.join_rules` event, if
84        // any.
85        if matches!(
86            membership,
87            MembershipState::Join | MembershipState::Invite | MembershipState::Knock
88        ) {
89            let key = (StateEventType::RoomJoinRules, "".to_owned());
90            if !auth_types.contains(&key) {
91                auth_types.push(key);
92            }
93        }
94
95        // If `membership` is `invite` and `content` contains a `third_party_invite` property, the
96        // current `m.room.third_party_invite` event with `state_key` matching
97        // `content.third_party_invite.signed.token`, if any.
98        if membership == MembershipState::Invite {
99            let third_party_invite = content.third_party_invite()?;
100
101            if let Some(third_party_invite) = third_party_invite {
102                let token = third_party_invite.token()?.to_owned();
103                let key = (StateEventType::RoomThirdPartyInvite, token);
104                if !auth_types.contains(&key) {
105                    auth_types.push(key);
106                }
107            }
108        }
109
110        // If `content.join_authorised_via_users_server` is present, and the room version supports
111        // restricted rooms, then the `m.room.member` event with `state_key` matching
112        // `content.join_authorised_via_users_server`.
113        //
114        // Note: And the membership is join (https://github.com/matrix-org/matrix-spec/pull/2100)
115        if membership == MembershipState::Join && rules.restricted_join_rule {
116            let join_authorised_via_users_server = content.join_authorised_via_users_server()?;
117            if let Some(user_id) = join_authorised_via_users_server {
118                let key = (StateEventType::RoomMember, user_id.to_string());
119                if !auth_types.contains(&key) {
120                    auth_types.push(key);
121                }
122            }
123        }
124    }
125
126    Ok(auth_types)
127}
128
129/// Check whether the incoming event passes the state-independent [authorization rules] for the
130/// given room version rules.
131///
132/// The state-independent rules are the first few authorization rules that check an incoming
133/// `m.room.create` event (which cannot have `auth_events`), and the list of `auth_events` of other
134/// events.
135///
136/// This method only needs to be called once, when the event is received.
137///
138/// # Errors
139///
140/// If the check fails, this returns an `Err(_)` with a description of the check that failed.
141///
142/// [authorization rules]: https://spec.matrix.org/latest/server-server-api/#authorization-rules
143#[instrument(skip_all, fields(event_id = incoming_event.event_id().borrow().as_str()))]
144pub fn check_state_independent_auth_rules<E: Event>(
145    rules: &AuthorizationRules,
146    incoming_event: impl Event,
147    fetch_event: impl Fn(&EventId) -> Option<E>,
148) -> Result<(), String> {
149    debug!("starting state-independent auth check");
150
151    // Since v1, if type is m.room.create:
152    if *incoming_event.event_type() == TimelineEventType::RoomCreate {
153        let room_create_event = RoomCreateEvent::new(incoming_event);
154
155        return check_room_create(room_create_event, rules);
156    }
157
158    let expected_auth_types = auth_types_for_event(
159        incoming_event.event_type(),
160        incoming_event.sender(),
161        incoming_event.state_key(),
162        incoming_event.content(),
163        rules,
164    )?
165    .into_iter()
166    .map(|(event_type, state_key)| (TimelineEventType::from(event_type), state_key))
167    .collect::<HashSet<_>>();
168
169    let Some(room_id) = incoming_event.room_id() else {
170        return Err("missing `room_id` field for event".to_owned());
171    };
172
173    let mut seen_auth_types: HashSet<(TimelineEventType, String)> =
174        HashSet::with_capacity(expected_auth_types.len());
175
176    // Since v1, considering auth_events:
177    for auth_event_id in incoming_event.auth_events() {
178        let event_id = auth_event_id.borrow();
179
180        let Some(auth_event) = fetch_event(event_id) else {
181            return Err(format!("failed to find auth event {event_id}"));
182        };
183
184        // The auth event must be in the same room as the incoming event.
185        if auth_event.room_id().is_none_or(|auth_room_id| auth_room_id != room_id) {
186            return Err(format!("auth event {event_id} not in the same room"));
187        }
188
189        let event_type = auth_event.event_type();
190        let state_key = auth_event
191            .state_key()
192            .ok_or_else(|| format!("auth event {event_id} has no `state_key`"))?;
193        let key = (event_type.clone(), state_key.to_owned());
194
195        // Since v1, if there are duplicate entries for a given type and state_key pair, reject.
196        if seen_auth_types.contains(&key) {
197            return Err(format!(
198                "duplicate auth event {event_id} for ({event_type}, {state_key}) pair"
199            ));
200        }
201
202        // Since v1, if there are entries whose type and state_key don’t match those specified by
203        // the auth events selection algorithm described in the server specification, reject.
204        if !expected_auth_types.contains(&key) {
205            return Err(format!(
206                "unexpected auth event {event_id} with ({event_type}, {state_key}) pair"
207            ));
208        }
209
210        // Since v1, if there are entries which were themselves rejected under the checks performed
211        // on receipt of a PDU, reject.
212        if auth_event.rejected() {
213            return Err(format!("rejected auth event {event_id}"));
214        }
215
216        seen_auth_types.insert(key);
217    }
218
219    // v1-v11, if there is no m.room.create event among the entries, reject.
220    if !rules.room_create_event_id_as_room_id
221        && !seen_auth_types
222            .iter()
223            .any(|(event_type, _)| *event_type == TimelineEventType::RoomCreate)
224    {
225        return Err("no `m.room.create` event in auth events".to_owned());
226    }
227
228    // Since v12, the room_id must be the reference hash of an accepted m.room.create event.
229    if rules.room_create_event_id_as_room_id {
230        let room_create_event_id = room_id.room_create_event_id().map_err(|error| {
231            format!("could not construct `m.room.create` event ID from room ID: {error}")
232        })?;
233
234        let room_create_event = fetch_event(&room_create_event_id).ok_or_else(|| {
235            format!("failed to find `m.room.create` event {room_create_event_id}")
236        })?;
237
238        if room_create_event.rejected() {
239            return Err(format!("rejected `m.room.create` event {room_create_event_id}"));
240        }
241    }
242
243    Ok(())
244}
245
246/// Check whether the incoming event passes the state-dependent [authorization rules] for the given
247/// room version rules.
248///
249/// The state-dependent rules are all the remaining rules not checked by
250/// [`check_state_independent_auth_rules()`].
251///
252/// This method should be called several times for an event, to perform the [checks on receipt of a
253/// PDU].
254///
255/// The `fetch_state` closure should gather state from a state snapshot. We need to know if the
256/// event passes auth against some state not a recursive collection of auth_events fields.
257///
258/// This assumes that `ruma_signatures::verify_event()` was called previously, as some authorization
259/// rules depend on the signatures being valid on the event.
260///
261/// # Errors
262///
263/// If the check fails, this returns an `Err(_)` with a description of the check that failed.
264///
265/// [authorization rules]: https://spec.matrix.org/latest/server-server-api/#authorization-rules
266/// [checks on receipt of a PDU]: https://spec.matrix.org/latest/server-server-api/#checks-performed-on-receipt-of-a-pdu
267#[instrument(skip_all, fields(event_id = incoming_event.event_id().borrow().as_str()))]
268pub fn check_state_dependent_auth_rules<E: Event>(
269    rules: &AuthorizationRules,
270    incoming_event: impl Event,
271    fetch_state: impl Fn(&StateEventType, &str) -> Option<E>,
272) -> Result<(), String> {
273    debug!("starting state-dependent auth check");
274
275    // There are no state-dependent auth rules for create events.
276    if *incoming_event.event_type() == TimelineEventType::RoomCreate {
277        debug!("allowing `m.room.create` event");
278        return Ok(());
279    }
280
281    let room_create_event = fetch_state.room_create_event()?;
282
283    // Since v1, if the create event content has the field m.federate set to false and the sender
284    // domain of the event does not match the sender domain of the create event, reject.
285    let federate = room_create_event.federate()?;
286    if !federate
287        && room_create_event.sender().server_name() != incoming_event.sender().server_name()
288    {
289        return Err("\
290            room is not federated and event's sender domain \
291            does not match `m.room.create` event's sender domain"
292            .to_owned());
293    }
294
295    let sender = incoming_event.sender();
296
297    // v1-v5, if type is m.room.aliases:
298    if rules.special_case_room_aliases
299        && *incoming_event.event_type() == TimelineEventType::RoomAliases
300    {
301        debug!("starting m.room.aliases check");
302        // v1-v5, if event has no state_key, reject.
303        //
304        // v1-v5, if sender's domain doesn't match state_key, reject.
305        if incoming_event.state_key() != Some(sender.server_name().as_str()) {
306            return Err("\
307                server name of the `state_key` of `m.room.aliases` event \
308                does not match the server name of the sender"
309                .to_owned());
310        }
311
312        // Otherwise, allow.
313        info!("`m.room.aliases` event was allowed");
314        return Ok(());
315    }
316
317    // Since v1, if type is m.room.member:
318    if *incoming_event.event_type() == TimelineEventType::RoomMember {
319        let room_member_event = RoomMemberEvent::new(incoming_event);
320        return check_room_member(room_member_event, rules, room_create_event, fetch_state);
321    }
322
323    // Since v1, if the sender's current membership state is not join, reject.
324    let sender_membership = fetch_state.user_membership(sender)?;
325
326    if sender_membership != MembershipState::Join {
327        return Err("sender's membership is not `join`".to_owned());
328    }
329
330    let creators = room_create_event.creators(rules)?;
331    let current_room_power_levels_event = fetch_state.room_power_levels_event();
332
333    let sender_power_level =
334        current_room_power_levels_event.user_power_level(sender, &creators, rules)?;
335
336    // Since v1, if type is m.room.third_party_invite:
337    if *incoming_event.event_type() == TimelineEventType::RoomThirdPartyInvite {
338        // Since v1, allow if and only if sender's current power level is greater than
339        // or equal to the invite level.
340        let invite_power_level = current_room_power_levels_event
341            .get_as_int_or_default(RoomPowerLevelsIntField::Invite, rules)?;
342
343        if sender_power_level < invite_power_level {
344            return Err("sender does not have enough power to send invites in this room".to_owned());
345        }
346
347        info!("`m.room.third_party_invite` event was allowed");
348        return Ok(());
349    }
350
351    // Since v1, if the event type's required power level is greater than the sender's power level,
352    // reject.
353    let event_type_power_level = current_room_power_levels_event.event_power_level(
354        incoming_event.event_type(),
355        incoming_event.state_key(),
356        rules,
357    )?;
358    if sender_power_level < event_type_power_level {
359        return Err(format!(
360            "sender does not have enough power to send event of type `{}`",
361            incoming_event.event_type()
362        ));
363    }
364
365    // Since v1, if the event has a state_key that starts with an @ and does not match the sender,
366    // reject.
367    if incoming_event.state_key().is_some_and(|k| k.starts_with('@'))
368        && incoming_event.state_key() != Some(incoming_event.sender().as_str())
369    {
370        return Err(
371            "sender cannot send event with `state_key` matching another user's ID".to_owned()
372        );
373    }
374
375    // If type is m.room.power_levels
376    if *incoming_event.event_type() == TimelineEventType::RoomPowerLevels {
377        let room_power_levels_event = RoomPowerLevelsEvent::new(incoming_event);
378        return check_room_power_levels(
379            room_power_levels_event,
380            current_room_power_levels_event,
381            rules,
382            sender_power_level,
383            &creators,
384        );
385    }
386
387    // v1-v2, if type is m.room.redaction:
388    if rules.special_case_room_redaction
389        && *incoming_event.event_type() == TimelineEventType::RoomRedaction
390    {
391        return check_room_redaction(
392            incoming_event,
393            current_room_power_levels_event,
394            rules,
395            sender_power_level,
396        );
397    }
398
399    // Otherwise, allow.
400    info!("allowing event passed all checks");
401    Ok(())
402}
403
404/// Check whether the given event passes the `m.room.create` authorization rules.
405fn check_room_create(
406    room_create_event: RoomCreateEvent<impl Event>,
407    rules: &AuthorizationRules,
408) -> Result<(), String> {
409    debug!("start `m.room.create` check");
410
411    // Since v1, if it has any previous events, reject.
412    if room_create_event.prev_events().next().is_some() {
413        return Err("`m.room.create` event cannot have previous events".into());
414    }
415
416    if rules.room_create_event_id_as_room_id {
417        // Since v12, if the create event has a room_id, reject.
418        if room_create_event.room_id().is_some() {
419            return Err("`m.room.create` event cannot have a `room_id` field".into());
420        }
421    } else {
422        // v1-v11, if the domain of the room_id does not match the domain of the sender, reject.
423        let Some(room_id) = room_create_event.room_id() else {
424            return Err("missing `room_id` field in `m.room.create` event".into());
425        };
426        let Some(room_id_server_name) = room_id.server_name() else {
427            return Err(
428                "invalid `room_id` field in `m.room.create` event: could not parse server name"
429                    .into(),
430            );
431        };
432
433        if room_id_server_name != room_create_event.sender().server_name() {
434            return Err("invalid `room_id` field in `m.room.create` event: server name does not match sender's server name".into());
435        }
436    }
437
438    // Since v1, if `content.room_version` is present and is not a recognized version, reject.
439    //
440    // This check is assumed to be done before calling auth_check because we have an
441    // AuthorizationRules, which means that we recognized the version.
442
443    // v1-v10, if content has no creator field, reject.
444    if !rules.use_room_create_sender && !room_create_event.has_creator()? {
445        return Err("missing `creator` field in `m.room.create` event".into());
446    }
447
448    // Since v12, if the `additional_creators` field is present and is not an array of strings
449    // where each string passes the same user ID validation that is applied to the sender, reject.
450    room_create_event.additional_creators(rules)?;
451
452    // Otherwise, allow.
453    info!("`m.room.create` event was allowed");
454    Ok(())
455}
456
457/// Check whether the given event passes the `m.room.power_levels` authorization rules.
458fn check_room_power_levels(
459    room_power_levels_event: RoomPowerLevelsEvent<impl Event>,
460    current_room_power_levels_event: Option<RoomPowerLevelsEvent<impl Event>>,
461    rules: &AuthorizationRules,
462    sender_power_level: UserPowerLevel,
463    room_creators: &HashSet<OwnedUserId>,
464) -> Result<(), String> {
465    debug!("starting m.room.power_levels check");
466
467    // Since v10, if any of the properties users_default, events_default, state_default, ban,
468    // redact, kick, or invite in content are present and not an integer, reject.
469    let new_int_fields = room_power_levels_event.int_fields_map(rules)?;
470
471    // Since v10, if either of the properties events or notifications in content are present and not
472    // a dictionary with values that are integers, reject.
473    let new_events = room_power_levels_event.events(rules)?;
474    let new_notifications = room_power_levels_event.notifications(rules)?;
475
476    // v1-v9, If the users property in content is not an object with keys that are valid user IDs
477    // with values that are integers (or a string that is an integer), reject.
478    // Since v10, if the users property in content is not an object with keys that are valid user
479    // IDs with values that are integers, reject.
480    let new_users = room_power_levels_event.users(rules)?;
481
482    // Since v12, if the `users` property in `content` contains the `sender` of the `m.room.create`
483    // event or any of the user IDs in the create event's `content.additional_creators`, reject.
484    if rules.explicitly_privilege_room_creators
485        && new_users.is_some_and(|new_users| {
486            room_creators.iter().any(|creator| new_users.contains_key(creator))
487        })
488    {
489        return Err("creator user IDs are not allowed in the `users` field".to_owned());
490    }
491
492    debug!("validation of power event finished");
493
494    // Since v1, if there is no previous m.room.power_levels event in the room, allow.
495    let Some(current_room_power_levels_event) = current_room_power_levels_event else {
496        info!("initial m.room.power_levels event allowed");
497        return Ok(());
498    };
499
500    // Since v1, for the properties users_default, events_default, state_default, ban, redact, kick,
501    // invite check if they were added, changed or removed. For each found alteration:
502    for field in RoomPowerLevelsIntField::ALL {
503        let current_power_level = current_room_power_levels_event.get_as_int(*field, rules)?;
504        let new_power_level = new_int_fields.get(field).copied();
505
506        if current_power_level == new_power_level {
507            continue;
508        }
509
510        // Since v1, if the current value is higher than the sender’s current power level,
511        // reject.
512        let current_power_level_too_big =
513            current_power_level.unwrap_or_else(|| field.default_value()) > sender_power_level;
514        // Since v1, if the new value is higher than the sender’s current power level, reject.
515        let new_power_level_too_big =
516            new_power_level.unwrap_or_else(|| field.default_value()) > sender_power_level;
517
518        if current_power_level_too_big || new_power_level_too_big {
519            return Err(format!(
520                "sender does not have enough power to change the power level of `{field}`"
521            ));
522        }
523    }
524
525    // Since v1, for each entry being added to, or changed in, the events property:
526    // - Since v1, if the new value is higher than the sender's current power level, reject.
527    let current_events = current_room_power_levels_event.events(rules)?;
528    check_power_level_maps(
529        current_events.as_ref(),
530        new_events.as_ref(),
531        &sender_power_level,
532        |_, current_power_level| {
533            // Since v1, for each entry being changed in, or removed from, the events property:
534            // - Since v1, if the current value is higher than the sender's current power level,
535            //   reject.
536            current_power_level > sender_power_level
537        },
538        |ev_type| {
539            format!(
540                "sender does not have enough power to change the `{ev_type}` event type power level"
541            )
542        },
543    )?;
544
545    // Since v6, for each entry being added to, or changed in, the notifications property:
546    // - Since v6, if the new value is higher than the sender's current power level, reject.
547    if rules.limit_notifications_power_levels {
548        let current_notifications = current_room_power_levels_event.notifications(rules)?;
549        check_power_level_maps(
550            current_notifications.as_ref(),
551            new_notifications.as_ref(),
552            &sender_power_level,
553            |_, current_power_level| {
554                // Since v6, for each entry being changed in, or removed from, the notifications
555                // property:
556                // - Since v6, if the current value is higher than the sender's current power level,
557                //   reject.
558                current_power_level > sender_power_level
559            },
560            |key| {
561                format!(
562                    "sender does not have enough power to change the `{key}` notification power level"
563                )
564            },
565        )?;
566    }
567
568    // Since v1, for each entry being added to, or changed in, the users property:
569    // - Since v1, if the new value is greater than the sender’s current power level, reject.
570    let current_users = current_room_power_levels_event.users(rules)?;
571    check_power_level_maps(
572        current_users,
573        new_users,
574        &sender_power_level,
575        |user_id, current_power_level| {
576            // Since v1, for each entry being changed in, or removed from, the users property, other
577            // than the sender’s own entry:
578            // - Since v1, if the current value is greater than or equal to the sender’s current
579            //   power level, reject.
580            user_id != room_power_levels_event.sender() && current_power_level >= sender_power_level
581        },
582        |user_id| format!("sender does not have enough power to change `{user_id}`'s  power level"),
583    )?;
584
585    // Otherwise, allow.
586    info!("m.room.power_levels event allowed");
587    Ok(())
588}
589
590/// Check the power levels changes between the current and the new maps.
591///
592/// # Arguments
593///
594/// * `current`: the map with the current power levels.
595/// * `new`: the map with the new power levels.
596/// * `sender_power_level`: the power level of the sender of the new map.
597/// * `reject_current_power_level_change_fn`: the function to check if a power level change or
598///   removal must be rejected given its current value.
599///
600///   The arguments to the method are the key of the power level and the current value of the power
601///   level. It must return `true` if the change or removal is rejected.
602///
603///   Note that another check is done after this one to check if the change is allowed given the new
604///   value of the power level.
605/// * `error_fn`: the function to generate an error when the change for the given key is not
606///   allowed.
607fn check_power_level_maps<K: Ord>(
608    current: Option<&BTreeMap<K, Int>>,
609    new: Option<&BTreeMap<K, Int>>,
610    sender_power_level: &UserPowerLevel,
611    reject_current_power_level_change_fn: impl FnOnce(&K, Int) -> bool + Copy,
612    error_fn: impl FnOnce(&K) -> String,
613) -> Result<(), String> {
614    let keys_to_check = current
615        .iter()
616        .flat_map(|m| m.keys())
617        .chain(new.iter().flat_map(|m| m.keys()))
618        .collect::<BTreeSet<_>>();
619
620    for key in keys_to_check {
621        let current_power_level = current.as_ref().and_then(|m| m.get(key));
622        let new_power_level = new.as_ref().and_then(|m| m.get(key));
623
624        if current_power_level == new_power_level {
625            continue;
626        }
627
628        // For each entry being changed in, or removed from, the property.
629        let current_power_level_change_rejected = current_power_level
630            .is_some_and(|power_level| reject_current_power_level_change_fn(key, *power_level));
631
632        // For each entry being added to, or changed in, the property:
633        // - If the new value is higher than the sender's current power level, reject.
634        let new_power_level_too_big = new_power_level.is_some_and(|pl| pl > sender_power_level);
635
636        if current_power_level_change_rejected || new_power_level_too_big {
637            return Err(error_fn(key));
638        }
639    }
640
641    Ok(())
642}
643
644/// Check whether the given event passes the `m.room.redaction` authorization rules.
645fn check_room_redaction(
646    room_redaction_event: impl Event,
647    current_room_power_levels_event: Option<RoomPowerLevelsEvent<impl Event>>,
648    rules: &AuthorizationRules,
649    sender_level: UserPowerLevel,
650) -> Result<(), String> {
651    let redact_level = current_room_power_levels_event
652        .get_as_int_or_default(RoomPowerLevelsIntField::Redact, rules)?;
653
654    // v1-v2, if the sender’s power level is greater than or equal to the redact level, allow.
655    if sender_level >= redact_level {
656        info!("`m.room.redaction` event allowed via power levels");
657        return Ok(());
658    }
659
660    // v1-v2, if the domain of the event_id of the event being redacted is the same as the
661    // domain of the event_id of the m.room.redaction, allow.
662    if room_redaction_event.event_id().borrow().server_name()
663        == room_redaction_event.redacts().as_ref().and_then(|&id| id.borrow().server_name())
664    {
665        info!("`m.room.redaction` event allowed via room version 1 rules");
666        return Ok(());
667    }
668
669    // Otherwise, reject.
670    Err("`m.room.redaction` event did not pass any of the allow rules".to_owned())
671}
672
673trait FetchStateExt<E: Event> {
674    fn room_create_event(&self) -> Result<RoomCreateEvent<E>, String>;
675
676    fn user_membership(&self, user_id: &UserId) -> Result<MembershipState, String>;
677
678    fn room_power_levels_event(&self) -> Option<RoomPowerLevelsEvent<E>>;
679
680    fn join_rule(&self) -> Result<JoinRuleKind, String>;
681
682    fn room_third_party_invite_event(&self, token: &str) -> Option<RoomThirdPartyInviteEvent<E>>;
683}
684
685impl<E, F> FetchStateExt<E> for F
686where
687    F: Fn(&StateEventType, &str) -> Option<E>,
688    E: Event,
689{
690    fn room_create_event(&self) -> Result<RoomCreateEvent<E>, String> {
691        self(&StateEventType::RoomCreate, "")
692            .map(RoomCreateEvent::new)
693            .ok_or_else(|| "no `m.room.create` event in current state".to_owned())
694    }
695
696    fn user_membership(&self, user_id: &UserId) -> Result<MembershipState, String> {
697        self(&StateEventType::RoomMember, user_id.as_str()).map(RoomMemberEvent::new).membership()
698    }
699
700    fn room_power_levels_event(&self) -> Option<RoomPowerLevelsEvent<E>> {
701        self(&StateEventType::RoomPowerLevels, "").map(RoomPowerLevelsEvent::new)
702    }
703
704    fn join_rule(&self) -> Result<JoinRuleKind, String> {
705        self(&StateEventType::RoomJoinRules, "")
706            .map(RoomJoinRulesEvent::new)
707            .ok_or_else(|| "no `m.room.join_rules` event in current state".to_owned())?
708            .join_rule()
709    }
710
711    fn room_third_party_invite_event(&self, token: &str) -> Option<RoomThirdPartyInviteEvent<E>> {
712        self(&StateEventType::RoomThirdPartyInvite, token).map(RoomThirdPartyInviteEvent::new)
713    }
714}