x

Author: ricardogarim

.husky/pre-commit

@@ -0,0 +1,3 @@
+bun lint
+bunx tsc
+bun test

package.json

@@ -26,7 +26,7 @@
 	},
 	"husky": {
 		"hooks": {
-			"pre-commit": "echo 'pre-commit'"
+			"pre-commit": "bun test"
 		}
 	},
 	"scripts": {

packages/homeserver/src/routes/federation/README.md

@@ -1,9 +1,3 @@
-/**
- * Extracts the server name from a Matrix ID (e.g., @user:example.com -> example.com)
- * 
- * @param matrixId The Matrix ID to extract the server name from
- * @returns The server name part of the Matrix ID
- */
 export const extractOrigin = (matrixId: string): string => {
   return matrixId.split(':').pop() as string;
 }; 

packages/homeserver/src/utils/extractOrigin.ts

@@ -24,8 +24,8 @@ export function createEventValidationPipeline() {
 
   const validateAuthEvents = new SequentialPipeline<AuthorizedEvent>()
     .add(fetchAuthEvents)
-    // .add(validateAuthChain)
-    // .add(validateRoomRules);
+    .add(validateAuthChain)
+    .add(validateRoomRules);
 
   return new SequentialPipeline<Event>()
     .add(canonicalizeEvent)

packages/homeserver/src/validation/EventValidationPipeline.ts

@@ -25,15 +25,13 @@ export const validateAuthChain = createValidator<AuthorizedEvent>(async (event,
       // Special case for m.room.create which doesn't need auth events
       if (event.event.type === 'm.room.create' && event.event.state_key === '') {
         logger.debug(`Create event ${eventId} doesn't need auth events`);
-        // Continue to type-specific validation for create events
       } else {
         logger.warn(`Event ${eventId} missing auth_event_objects`);
         return failure('M_MISSING_AUTH_EVENTS', 'Event missing auth event objects');
       }
     }
 
     const hasIncompleteChain = authorizedEvent.incomplete_chain === true;
-    
     logger.debug(`Validating auth chain for event ${eventId} with ${authorizedEvent.auth_event_objects?.length || 0} auth events${hasIncompleteChain ? ' (incomplete chain)' : ''}`);
 
     const authEvents = new Map();

packages/homeserver/src/validation/validators/AuthChainValidator.ts

@@ -1,4 +1,4 @@
-import { createValidator, success, failure } from '../Validator';
+import { createValidator, success, failure, ValidationResult } from '../Validator';
 import { AuthorizedEvent } from './index';
 import { Logger } from '../../routes/federation/logger';
 
@@ -16,14 +16,6 @@ interface PowerLevels {
   invite?: number;
 }
 
-/**
- * Validates room authorization rules
- * 
- * Matrix rooms have specific authorization rules that determine
- * who can send what types of events, based on power levels and
- * room state. This validator enforces these rules according to
- * the Matrix specification.
- */
 export const validateRoomRules = createValidator<AuthorizedEvent>(async (event, _, eventId) => {
   try {
     logger.debug(`Validating room rules for event ${eventId}`);
@@ -35,11 +27,9 @@ export const validateRoomRules = createValidator<AuthorizedEvent>(async (event,
       return failure('M_MISSING_AUTH_EVENTS', 'Event missing auth event objects');
     }
 
-    // Create a map of auth events for easy access
     const authEvents = new Map();
     authorizedEvent.auth_event_objects.forEach(authEvent => {
       if (authEvent.event && authEvent.event.type) {
-        // For state events, use type + state_key as the key
         if (authEvent.event.state_key !== undefined) {
           authEvents.set(`${authEvent.event.type}|${authEvent.event.state_key}`, authEvent.event);
         } else {
@@ -48,7 +38,6 @@ export const validateRoomRules = createValidator<AuthorizedEvent>(async (event,
       }
     });
 
-    // Get required auth events for the rules check
     const createEvent = authEvents.get('m.room.create|');
     if (!createEvent) {
       logger.error(`Missing required create event for rules validation`);
@@ -70,7 +59,6 @@ export const validateRoomRules = createValidator<AuthorizedEvent>(async (event,
     const eventType = event.event.type;
     const stateKey = event.event.state_key;
 
-    // Check if the sender's event is allowed based on auth rules
     // 1. Check room creator for create events
     if (eventType === 'm.room.create') {
       // Create events must have the sender match the creator
@@ -82,15 +70,11 @@ export const validateRoomRules = createValidator<AuthorizedEvent>(async (event,
 
     // 2. For member events, validate based on membership type
     else if (eventType === 'm.room.member') {
-      // For self-membership changes
       if (stateKey === sender) {
-        // For joins, check join rules
         if (event.event.content?.membership === 'join') {
           const joinRulesEvent = authEvents.get('m.room.join_rules|');
 
-          // Only enforce join rules if they are specified
           if (joinRulesEvent && joinRulesEvent.content?.join_rule === 'invite') {
-            // For invite-only rooms, check if user was invited
             const memberEvent = authEvents.get(`m.room.member|${sender}`);
             const existingMembership = memberEvent?.content?.membership;
 
@@ -103,9 +87,7 @@ export const validateRoomRules = createValidator<AuthorizedEvent>(async (event,
           }
         }
       } 
-      // For changing others' membership
       else {
-        // For invites, check that the inviter has permission
         if (event.event.content?.membership === 'invite') {
           const userPowerLevel = getUserPowerLevel(sender, powerLevels);
           if (userPowerLevel < (powerLevels.invite ?? 50)) {
@@ -114,7 +96,6 @@ export const validateRoomRules = createValidator<AuthorizedEvent>(async (event,
           }
         }
 
-        // For kick/ban, check appropriate permissions
         else if (['ban', 'kick'].includes(event.event.content?.membership || '')) {
           const targetUser = stateKey;
           const action = event.event.content?.membership;
@@ -141,13 +122,11 @@ export const validateRoomRules = createValidator<AuthorizedEvent>(async (event,
     else if (eventType === 'm.room.power_levels') {
       const userPowerLevel = getUserPowerLevel(sender, powerLevels);
 
-      // Check sender has required power level to change power levels
       if (userPowerLevel < (powerLevels.events?.['m.room.power_levels'] ?? powerLevels.state_default ?? 50)) {
         logger.error(`User ${sender} doesn't have permission to change power levels (power level: ${userPowerLevel})`);
         return failure('M_FORBIDDEN', 'User doesn\'t have permission to change power levels');
       }
 
-      // Prevent privilege escalation
       const newPowerLevels = event.event.content as PowerLevels;
       if (newPowerLevels && newPowerLevels.users) {
         for (const [user, level] of Object.entries(newPowerLevels.users)) {
@@ -173,7 +152,6 @@ export const validateRoomRules = createValidator<AuthorizedEvent>(async (event,
 
     // 5. For normal message events, check event power levels
     else {
-      // First check that the sender is actually in the room
       const memberEvent = authEvents.get(`m.room.member|${sender}`);
       if (!memberEvent || memberEvent.content?.membership !== 'join') {
         logger.error(`User ${sender} tried to send message without being in the room`);
@@ -198,8 +176,6 @@ export const validateRoomRules = createValidator<AuthorizedEvent>(async (event,
   }
 });
 
-// Helper functions for power level checks
-
 function getUserPowerLevel(userId: string, powerLevels: PowerLevels): number {
   if (powerLevels.users && powerLevels.users[userId] !== undefined) {
     return powerLevels.users[userId];