tuwunel_api/router/auth/
appservice.rs

1use ruma::{OwnedDeviceId, OwnedUserId};
2use tuwunel_core::{Err, Result, err};
3use tuwunel_service::{Services, appservice::RegistrationInfo};
4
5use super::{Auth, Request};
6
7pub(super) async fn auth_appservice(
8	services: &Services,
9	request: &Request,
10	info: Box<RegistrationInfo>,
11) -> Result<Auth> {
12	let user_id = request
13		.query
14		.user_id
15		.as_deref()
16		.map(OwnedUserId::parse)
17		.transpose()
18		.map_err(|_| err!(Request(InvalidUsername("Username is invalid."))))?
19		.unwrap_or_else(|| info.sender.clone());
20
21	if !info.is_user_match(&user_id) {
22		return Err!(Request(Exclusive("User is not in namespace.")));
23	}
24
25	// MSC4326: appservices may assert a device_id alongside user_id.
26	let sender_device = request.query.device_id().map(OwnedDeviceId::from);
27
28	if let Some(device_id) = sender_device.as_deref()
29		&& !services
30			.users
31			.device_exists(&user_id, device_id)
32			.await
33	{
34		return Err!(Request(InvalidParam("Unknown device for user.")));
35	}
36
37	Ok(Auth {
38		sender_user: Some(user_id),
39		sender_device,
40		appservice_info: Some(*info),
41		..Auth::default()
42	})
43}
tuwunel_api/router/auth/appservice.rs

tuwunel_api/router/auth/
appservice.rs
