Skip to content

refactor: add isAuthenticated and canAccessResource middlewares #224

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
sampaiodiego merged 20 commits into from
Oct 10, 2025
Merged

refactor: add isAuthenticated and canAccessResource middlewares #224

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
20 commits
Select commit Hold shift + click to select a range
1b3fcfe
add canAccessResource and isAuthenticated middlewares
ricardogarim Sep 25, 2025
937051e
remove barrel imports from middlewares
ricardogarim Sep 30, 2025
fabfc70
refactor canAccessResource middleware
ricardogarim Sep 30, 2025
cbc6112
add room invite check on canAccessResource validation
ricardogarim Oct 1, 2025
431eb40
lint
ricardogarim Oct 6, 2025
f18dfa0
handle missing room state before accessing ACLs
ricardogarim Oct 6, 2025
e58f2a0
fix naming inconsistency in Elysia plugin name
ricardogarim Oct 6, 2025
936710a
do not drain the request body in isAuthenticated middleware
ricardogarim Oct 6, 2025
bc00895
fix path prefix duplication
ricardogarim Oct 6, 2025
d4e5883
apply authentication middleware to the config endpoint
ricardogarim Oct 6, 2025
2416a28
mitigate potential Regular Expression Denial of Service (ReDoS) vulne…
ricardogarim Oct 6, 2025
ef5e6af
improve error handling and parameter validation in extractEntityId
ricardogarim Oct 6, 2025
73896fd
invite loop leaks when membership events are missing fields
ricardogarim Oct 6, 2025
7757d6b
enforce server-to-server authentication on publicRooms endpoints
ricardogarim Oct 6, 2025
af92e16
invite route checking by just auth instead of resource
ricardogarim Oct 7, 2025
489b4c3
getFullRoomState -> getLatestRoomState
ricardogarim Oct 7, 2025
af1b0cc
add m.room.server_acl event support
ricardogarim Oct 8, 2025
bfbdaef
pair route middlewares with rc and matrix protocol
ricardogarim Oct 8, 2025
3d8449a
remove pino dep
sampaiodiego Oct 10, 2025
31467d4
include membership for acl
sampaiodiego Oct 10, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 4 additions & 0 deletions packages/federation-sdk/src/index.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -283,6 +283,10 @@ export type HomeserverEventSignatures = {
user_id: string; // user who changed the topic
topic: string; // new topic of the room
};
'homeserver.matrix.room.server_acl': {
event_id: EventID;
event: PduForType<'m.room.server_acl'>;
};
'homeserver.matrix.room.power_levels': {
event_id: EventID;
event: PduForType<'m.room.power_levels'>;
Expand Down
1 change: 1 addition & 0 deletions packages/federation-sdk/src/repositories/event.repository.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -80,6 +80,7 @@ export class EventRepository {
case 'm.room.member':
case 'm.room.power_levels':
case 'm.room.topic':
case 'm.room.server_acl':
queries = [
baseQueries.create,
baseQueries.powerLevels,
Expand Down
4 changes: 1 addition & 3 deletions packages/federation-sdk/src/server-discovery/discovery.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,5 @@
import { isIPv4, isIPv6 } from 'node:net';
import memoize from 'memoize';
import type { Logger } from 'pino';
import { MultiError } from './_multi-error';
import { resolver } from './_resolver';
import { _URL } from './_url';
Expand Down Expand Up @@ -85,10 +84,9 @@ export async function resolveHostname(
* Server names are resolved to an IP address and port to connect to, and have various conditions affecting which certificates and Host headers to send.
*/

// TODO remove logger from here. need to convert this into a service (?)
async function getHomeserverFinalAddressInternal(
addr: AddressString,
logger?: Logger,
logger?: any, // TODO remove logger from here. need to convert this into a service (?)
): Promise<[IP4or6WithPortAndProtocolString, HostHeaders]> {
const url = new _URL(addr);

Expand Down
Loading