Reject ghost user invites from non-logged-in users

go.mod

@@ -9,13 +9,13 @@ require (
 	github.com/mattn/go-sqlite3 v1.14.10
 	github.com/prometheus/client_golang v1.11.0
 	github.com/skip2/go-qrcode v0.0.0-20200617195104-da1b6568686e
-	go.mau.fi/whatsmeow v0.0.0-20220110120209-05fd944cc01e
+	go.mau.fi/whatsmeow v0.0.0-20220111203410-b078a9e90863
 	golang.org/x/image v0.0.0-20211028202545-6944b10bf410
 	google.golang.org/protobuf v1.27.1
 	gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b
 	maunium.net/go/mauflag v1.0.0
 	maunium.net/go/maulogger/v2 v2.3.2
-	maunium.net/go/mautrix v0.10.9
+	maunium.net/go/mautrix v0.10.10-0.20220115114638-0b31804ef8af
 )
 
 require (

go.sum

@@ -139,8 +139,8 @@ github.com/tidwall/sjson v1.2.3 h1:5+deguEhHSEjmuICXZ21uSSsXotWMA0orU783+Z7Cp8=
 github.com/tidwall/sjson v1.2.3/go.mod h1:5WdjKx3AQMvCJ4RG6/2UYT7dLrGvJUV1x4jdTAyGvZs=
 go.mau.fi/libsignal v0.0.0-20211109153248-a67163214910 h1:9FFhG0OmkuMau5UEaTgiUQ+7cSbtbOQ7hiWKdN8OI3I=
 go.mau.fi/libsignal v0.0.0-20211109153248-a67163214910/go.mod h1:AufGrvVh+00Nc07Jm4hTquh7yleZyn20tKJI2wCPAKg=
-go.mau.fi/whatsmeow v0.0.0-20220110120209-05fd944cc01e h1:UCjeeGSVCEA7L1P9LcFzuiATL8pG/NSwdXgM1Vg1UXI=
-go.mau.fi/whatsmeow v0.0.0-20220110120209-05fd944cc01e/go.mod h1:8jUjOAi3xtGubxcZgG8uSHpAdyQXBRbWAfxkctX/4y4=
+go.mau.fi/whatsmeow v0.0.0-20220111203410-b078a9e90863 h1:5xGt9ghwG3XvlCAnq1WJuJ4mdOR6u/Ho5oYR0Ql9uFw=
+go.mau.fi/whatsmeow v0.0.0-20220111203410-b078a9e90863/go.mod h1:8jUjOAi3xtGubxcZgG8uSHpAdyQXBRbWAfxkctX/4y4=
 golang.org/x/crypto v0.0.0-20170930174604-9419663f5a44/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
 golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
@@ -222,5 +222,5 @@ maunium.net/go/mauflag v1.0.0 h1:YiaRc0tEI3toYtJMRIfjP+jklH45uDHtT80nUamyD4M=
 maunium.net/go/mauflag v1.0.0/go.mod h1:nLivPOpTpHnpzEh8jEdSL9UqO9+/KBJFmNRlwKfkPeA=
 maunium.net/go/maulogger/v2 v2.3.2 h1:1XmIYmMd3PoQfp9J+PaHhpt80zpfmMqaShzUTC7FwY0=
 maunium.net/go/maulogger/v2 v2.3.2/go.mod h1:TYWy7wKwz/tIXTpsx8G3mZseIRiC5DoMxSZazOHy68A=
-maunium.net/go/mautrix v0.10.9 h1:Xb2lBpjSoMazsSlvsDEqJnuHZDJpYpxwza2N0w60UV0=
-maunium.net/go/mautrix v0.10.9/go.mod h1:4XljZZGZiIlpfbQ+Tt2ykjapskJ8a7Z2i9y/+YaceF8=
+maunium.net/go/mautrix v0.10.10-0.20220115114638-0b31804ef8af h1:hrHq1iJK9mrEvhvTUMb3YBxoNL5kdHGWCpg+XAcBMM4=
+maunium.net/go/mautrix v0.10.10-0.20220115114638-0b31804ef8af/go.mod h1:4XljZZGZiIlpfbQ+Tt2ykjapskJ8a7Z2i9y/+YaceF8=

matrix.go

@@ -208,15 +208,31 @@ func (mx *MatrixHandler) createPrivatePortalFromInvite(roomID id.RoomID, inviter
 	portal.Update()
 	portal.UpdateBridgeInfo()
 	_, _ = intent.SendNotice(roomID, "Private chat portal created")
-
-	//err := portal.FillInitialHistory(inviter)
-	//if err != nil {
-	//	portal.log.Errorln("Failed to fill history:", err)
-	//}
 }
 
 func (mx *MatrixHandler) HandlePuppetInvite(evt *event.Event, inviter *User, puppet *Puppet) {
 	intent := puppet.DefaultIntent()
+
+	if !inviter.Whitelisted {
+		puppet.log.Debugfln("Rejecting invite from %s to %s: user is not whitelisted", evt.Sender, evt.RoomID)
+		_, err := intent.LeaveRoom(evt.RoomID, &mautrix.ReqLeave{
+			Reason: "You're not whitelisted to use this bridge",
+		})
+		if err != nil {
+			puppet.log.Warnfln("Failed to reject invite from %s to %s: %v", evt.Sender, evt.RoomID, err)
+		}
+		return
+	} else if !inviter.IsLoggedIn() {
+		puppet.log.Debugfln("Rejecting invite from %s to %s: user is not logged in", evt.Sender, evt.RoomID)
+		_, err := intent.LeaveRoom(evt.RoomID, &mautrix.ReqLeave{
+			Reason: "You're not logged into this bridge",
+		})
+		if err != nil {
+			puppet.log.Warnfln("Failed to reject invite from %s to %s: %v", evt.Sender, evt.RoomID, err)
+		}
+		return
+	}
+
 	members := mx.joinAndCheckMembers(evt, intent)
 	if members == nil {
 		return
@@ -264,21 +280,21 @@ func (mx *MatrixHandler) HandleMembership(evt *event.Event) {
 	}
 
 	user := mx.bridge.GetUserByMXID(evt.Sender)
-	if user == nil || !user.Whitelisted || !user.IsLoggedIn() {
+	if user == nil {
 		return
 	}
-
+	isSelf := id.UserID(evt.GetStateKey()) == evt.Sender
+	puppet := mx.bridge.GetPuppetByMXID(id.UserID(evt.GetStateKey()))
 	portal := mx.bridge.GetPortalByMXID(evt.RoomID)
 	if portal == nil {
-		puppet := mx.bridge.GetPuppetByMXID(id.UserID(evt.GetStateKey()))
-		if content.Membership == event.MembershipInvite && puppet != nil {
+		if puppet != nil && content.Membership == event.MembershipInvite {
 			mx.HandlePuppetInvite(evt, user, puppet)
 		}
 		return
+	} else if !user.Whitelisted || !user.IsLoggedIn() {
+		return
 	}
 
-	isSelf := id.UserID(evt.GetStateKey()) == evt.Sender
-
 	if content.Membership == event.MembershipLeave {
 		if evt.Unsigned.PrevContent != nil {
 			_ = evt.Unsigned.PrevContent.ParseRaw(evt.Type)
@@ -289,11 +305,11 @@ func (mx *MatrixHandler) HandleMembership(evt *event.Event) {
 		}
 		if isSelf {
 			portal.HandleMatrixLeave(user)
-		} else {
-			portal.HandleMatrixKick(user, evt)
+		} else if puppet != nil {
+			portal.HandleMatrixKick(user, puppet)
 		}
-	} else if content.Membership == event.MembershipInvite && !isSelf {
-		portal.HandleMatrixInvite(user, evt)
+	} else if content.Membership == event.MembershipInvite && !isSelf && puppet != nil {
+		portal.HandleMatrixInvite(user, puppet)
 	}
 }
 

portal.go

@@ -2621,32 +2621,26 @@ func (portal *Portal) HandleMatrixLeave(sender *User) {
 	portal.CleanupIfEmpty()
 }
 
-func (portal *Portal) HandleMatrixKick(sender *User, evt *event.Event) {
-	puppet := portal.bridge.GetPuppetByMXID(id.UserID(evt.GetStateKey()))
-	if puppet != nil {
-		_, err := sender.Client.UpdateGroupParticipants(portal.Key.JID, map[types.JID]whatsmeow.ParticipantChange{
-			puppet.JID: whatsmeow.ParticipantChangeRemove,
-		})
-		if err != nil {
-			portal.log.Errorfln("Failed to kick %s from group as %s: %v", puppet.JID, sender.MXID, err)
-			return
-		}
-		//portal.log.Infoln("Kick %s response: %s", puppet.JID, <-resp)
+func (portal *Portal) HandleMatrixKick(sender *User, target *Puppet) {
+	_, err := sender.Client.UpdateGroupParticipants(portal.Key.JID, map[types.JID]whatsmeow.ParticipantChange{
+		target.JID: whatsmeow.ParticipantChangeRemove,
+	})
+	if err != nil {
+		portal.log.Errorfln("Failed to kick %s from group as %s: %v", target.JID, sender.MXID, err)
+		return
 	}
+	//portal.log.Infoln("Kick %s response: %s", puppet.JID, <-resp)
 }
 
-func (portal *Portal) HandleMatrixInvite(sender *User, evt *event.Event) {
-	puppet := portal.bridge.GetPuppetByMXID(id.UserID(evt.GetStateKey()))
-	if puppet != nil {
-		_, err := sender.Client.UpdateGroupParticipants(portal.Key.JID, map[types.JID]whatsmeow.ParticipantChange{
-			puppet.JID: whatsmeow.ParticipantChangeAdd,
-		})
-		if err != nil {
-			portal.log.Errorfln("Failed to add %s to group as %s: %v", puppet.JID, sender.MXID, err)
-			return
-		}
-		//portal.log.Infofln("Add %s response: %s", puppet.JID, <-resp)
+func (portal *Portal) HandleMatrixInvite(sender *User, target *Puppet) {
+	_, err := sender.Client.UpdateGroupParticipants(portal.Key.JID, map[types.JID]whatsmeow.ParticipantChange{
+		target.JID: whatsmeow.ParticipantChangeAdd,
+	})
+	if err != nil {
+		portal.log.Errorfln("Failed to add %s to group as %s: %v", target.JID, sender.MXID, err)
+		return
 	}
+	//portal.log.Infofln("Add %s response: %s", puppet.JID, <-resp)
 }
 
 func (portal *Portal) HandleMatrixMeta(sender *User, evt *event.Event) {