Optionally allow local homeserver admins to quarantine their media

We won't allow local administrators to quarantine other media (local or remote) unless they are an admin on that server.

Optionally allow local homeserver admins to quarantine their media
ba3f1acc · Travis Ralston · 5637b47a · ba3f1acc · ba3f1acc · ba3f1acc
Commit ba3f1acc authored 7 years ago by Travis Ralston
--- a/config.sample.yaml
+++ b/config.sample.yaml
@@ -183,4 +183,9 @@ quarantine:
  replaceThumbnails: true
  # If provided, the given image will be returned as a thumbnail for media that is quarantined.
  #thumbnailPath: "/path/to/thumbnail.png"
\ No newline at end of file
+  # If true, administrators of the configured homeservers may quarantine media for their server
+  # only. Global administrators can quarantine any media (local or remote) regardless of this
+  # flag.
+  allowLocalAdmins: true
--- a/docs/admin.md
+++ b/docs/admin.md
@@ -21,3 +21,5 @@ The quarantine media API allows administrators to quarantine media that may not
 Remote media that has been quarantined will not be purged either. This is so that the media remains flagged as quarantined. It is safe to delete the file on your disk, but not delete the media from the database.
 Quarantining media will also quarantine any media with the same file hash.
+This API is unique in that it can allow administrators of configured homeservers to quarantine media on their homeserver only. This will not allow local administrators to quarantine remote media or media on other homeservers though, just on theirs.
--- a/src/github.com/turt2live/matrix-media-repo/client/r0/quarantine.go
+++ b/src/github.com/turt2live/matrix-media-repo/client/r0/quarantine.go
@@ -6,6 +6,7 @@ import (
 	"github.com/gorilla/mux"
 	"github.com/sirupsen/logrus"
 	"github.com/turt2live/matrix-media-repo/client"
+	"github.com/turt2live/matrix-media-repo/config"
 	"github.com/turt2live/matrix-media-repo/matrix"
 	"github.com/turt2live/matrix-media-repo/services/media_service"
 	"github.com/turt2live/matrix-media-repo/util"
@@ -24,9 +25,30 @@ func QuarantineMedia(w http.ResponseWriter, r *http.Request, log *logrus.Entry)
 		}
 		return client.AuthFailed()
 	}
-	isAdmin := util.IsGlobalAdmin(userId)
+	isGlobalAdmin := util.IsGlobalAdmin(userId)
-	if !isAdmin {
+	canQuarantine := isGlobalAdmin
-		log.Warn("User " + userId + " is not a repository administrator")
+	allowOtherHosts := isGlobalAdmin
+	isLocalAdmin := false
+	if !isGlobalAdmin {
+		if config.Get().Quarantine.AllowLocalAdmins {
+			isLocalAdmin, err = matrix.IsUserAdmin(r.Context(), r.Host, accessToken)
+			if err != nil {
+				log.Error("Error verifying local admin: " + err.Error())
+				return client.AuthFailed()
+			}
+			if !isLocalAdmin {
+				log.Warn(userId + " tried to quarantine media on another server")
+				return client.AuthFailed()
+			}
+			// They have local admin status and we allow local admins to quarantine
+			canQuarantine = true
+		}
+	}
+	if !canQuarantine {
+		log.Warn(userId + " tried to quarantine media")
 		return client.AuthFailed()
 	}
@@ -36,11 +58,17 @@ func QuarantineMedia(w http.ResponseWriter, r *http.Request, log *logrus.Entry)
 	mediaId := params["mediaId"]
 	log = log.WithFields(logrus.Fields{
-		"server":  server,
+		"server":      server,
-		"mediaId": mediaId,
+		"mediaId":     mediaId,
-		"userId":  userId,
+		"userId":      userId,
+		"localAdmin":  isLocalAdmin,
+		"globalAdmin": isGlobalAdmin,
 	})
+	if !allowOtherHosts && r.Host != server {
+		return client.BadRequest("unable to quarantine media on other homeservers")
+	}
 	// We don't bother clearing the cache because it's still probably useful there
 	mediaSvc := media_service.New(r.Context(), log)
 	media, err := mediaSvc.GetMediaDirect(server, mediaId)
@@ -49,7 +77,7 @@ func QuarantineMedia(w http.ResponseWriter, r *http.Request, log *logrus.Entry)
 		return client.BadRequest("media not found or other error encountered - see logs")
 	}
-	err = mediaSvc.SetMediaQuarantined(media, true, isAdmin)
+	err = mediaSvc.SetMediaQuarantined(media, true, allowOtherHosts)
 	if err != nil {
 		log.Error("Error quarantining media: " + err.Error())
 		return client.InternalServerError("Error quarantining media")

--- a/src/github.com/turt2live/matrix-media-repo/config/config.go
+++ b/src/github.com/turt2live/matrix-media-repo/config/config.go
@@ -91,6 +91,7 @@ type CacheConfig struct {
 type QuarantineConfig struct {
 	ReplaceThumbnails bool   `yaml:"replaceThumbnails"`
 	ThumbnailPath     string `yaml:"thumbnailPath"`
+	AllowLocalAdmins  bool   `yaml:"allowLocalAdmins"`
 }
 type MediaRepoConfig struct {