From a5b34fb4a88a1200b235209ffe4ead34a3534c06 Mon Sep 17 00:00:00 2001 From: Kierre Date: Wed, 5 Nov 2025 12:30:51 -0500 Subject: [PATCH] Only permit the v1 send_join endpoint for v1/v2 rooms --- vona/federation/__init__.py | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/vona/federation/__init__.py b/vona/federation/__init__.py index c6b7aa9..6a2fdf9 100644 --- a/vona/federation/__init__.py +++ b/vona/federation/__init__.py @@ -10,6 +10,7 @@ from flask import ( Response, request, Blueprint, + abort, ) server = Blueprint("federation", __name__) @@ -37,6 +38,7 @@ async def version(): } }) + @server.route("/_matrix/key/v2/server") async def keys(): return jsonify(globals.sign_json({ @@ -50,6 +52,7 @@ async def keys(): } })) + @server.route("/_matrix/federation/v1/query/directory") async def room_query(): return jsonify({ @@ -57,6 +60,7 @@ async def room_query(): "servers": [config.server_name] }) + @server.route("/_matrix/federation/v1/media/download/") async def download_media(media_id): # Auth media requires this to be @@ -80,6 +84,7 @@ async def download_media(media_id): return response + @server.route("/_matrix/federation/v1/media/thumbnail/") async def thumbnail_media(media_id): return jsonify({ @@ -101,6 +106,10 @@ async def send_join_v1(room, eventId): @server.route("/_matrix/federation/v2/send_join//", methods=["PUT"]) async def send_join_v2(room, eventId): + if globals.room_version_from_id(room) in ["1", "2"]: + # Spec says to fallback to the v1 send_join endpoint if this fails + abort(404) + return jsonify(send_join(request, room)) @@ -184,7 +193,6 @@ async def room_directory(): return jsonify(globals.room_dir) -# https://spec.matrix.org/latest/server-server-api/#transactions @server.route("/_matrix/federation/v1/send/", methods=["PUT"]) async def receive_txn(txnId): # We will need to implement a way to store every