commit 001eef30e198b6e78793684b0e61d37a121d87cf
parent 5b3a83374e6ac7583c2ec3f936ccd8a57c84d869
Author: n0tr1v <n0tr1v@protonmail.com>
Date: Wed, 24 May 2023 23:30:13 -0700
streamline msg auth verification
Diffstat:
1 file changed, 22 insertions(+), 11 deletions(-)
diff --git a/pkg/web/handlers/handlers.go b/pkg/web/handlers/handlers.go
@@ -4955,6 +4955,27 @@ func closeSignalChan(c echo.Context) <-chan struct{} {
return ctx.Done()
}
+func verifyMsgAuth(db *database.DkfDB, authUser *database.User, msg *database.ChatMessage) bool {
+ // Verify moderators channel authorization
+ if msg.Moderators && !authUser.IsModerator() {
+ return false
+ }
+ // Verify group authorization
+ if msg.GroupID != nil {
+ userGroupsIDs, _ := db.GetUserRoomGroupsIDs(authUser.ID, msg.RoomID)
+ if !utils.InArr(*msg.GroupID, userGroupsIDs) {
+ return false
+ }
+ }
+ // verify PM authorization
+ if msg.ToUserID != nil {
+ if msg.UserID != authUser.ID && *msg.ToUserID != authUser.ID {
+ return false
+ }
+ }
+ return true
+}
+
func ChatStreamMessagesHandler(c echo.Context) error {
db := c.Get("database").(*database.DkfDB)
authUser := c.Get("authUser").(*database.User)
@@ -5069,17 +5090,11 @@ Loop:
msg := msgTyp.Msg
- // Verify moderators channel authorization
- if msg.Moderators && !authUser.IsModerator() {
+ if !verifyMsgAuth(db, authUser, msg) {
continue
}
if msg.GroupID != nil {
- // Verify group authorization
- userGroupsIDs, _ := db.GetUserRoomGroupsIDs(authUser.ID, msg.RoomID)
- if !utils.InArr(*msg.GroupID, userGroupsIDs) {
- continue
- }
if msg.Group == nil {
group, _ := db.GetRoomGroupByID(msg.RoomID, *msg.GroupID)
msg.Group = &group
@@ -5090,10 +5105,6 @@ Loop:
toUser, _ := db.GetUserByID(*msg.ToUserID)
msg.ToUser = &toUser
}
- // Skip PMs that are not for the auth user
- if msg.UserID != authUser.ID && msg.ToUser.ID != authUser.ID {
- continue
- }
}
if msg.User.ID == 0 {
msg.User, _ = db.GetUserByID(msg.UserID)
