src/api/client/user_directory.rs

use axum::extract::State;
use futures::{pin_mut, StreamExt};
use ruma::{
	api::client::user_directory::search_users,
	events::{
		room::join_rules::{JoinRule, RoomJoinRulesEventContent},
		StateEventType,
	},
};

use crate::{Result, Ruma};

/// # `POST /_matrix/client/r0/user_directory/search`
///
/// Searches all known users for a match.
///
/// - Hides any local users that aren't in any public rooms (i.e. those that
///   have the join rule set to public) and don't share a room with the sender
pub(crate) async fn search_users_route(
	State(services): State<crate::State>, body: Ruma<search_users::v3::Request>,
) -> Result<search_users::v3::Response> {
	let sender_user = body.sender_user.as_ref().expect("user is authenticated");
	let limit = usize::try_from(body.limit).unwrap_or(10); // default limit is 10

	let users = services.users.stream().filter_map(|user_id| async {
		// Filter out buggy users (they should not exist, but you never know...)
		let user = search_users::v3::User {
			user_id: user_id.to_owned(),
			display_name: services.users.displayname(user_id).await.ok(),
			avatar_url: services.users.avatar_url(user_id).await.ok(),
		};

		let user_id_matches = user
			.user_id
			.to_string()
			.to_lowercase()
			.contains(&body.search_term.to_lowercase());

		let user_displayname_matches = user
			.display_name
			.as_ref()
			.filter(|name| {
				name.to_lowercase()
					.contains(&body.search_term.to_lowercase())
			})
			.is_some();

		if !user_id_matches && !user_displayname_matches {
			return None;
		}

		// It's a matching user, but is the sender allowed to see them?
		let mut user_visible = false;

		let user_is_in_public_rooms = services
			.rooms
			.state_cache
			.rooms_joined(&user.user_id)
			.any(|room| async move {
				services
					.rooms
					.state_accessor
					.room_state_get(room, &StateEventType::RoomJoinRules, "")
					.await
					.map_or(false, |event| {
						serde_json::from_str(event.content.get())
							.map_or(false, |r: RoomJoinRulesEventContent| r.join_rule == JoinRule::Public)
					})
			})
			.await;

		if user_is_in_public_rooms {
			user_visible = true;
		} else {
			let user_is_in_shared_rooms = services
				.rooms
				.user
				.has_shared_rooms(sender_user, &user.user_id)
				.await;

			if user_is_in_shared_rooms {
				user_visible = true;
			}
		}

		user_visible.then_some(user)
	});

	pin_mut!(users);

	let limited = users.by_ref().next().await.is_some();

	let results = users.take(limit).collect().await;

	Ok(search_users::v3::Response {
		results,
		limited,
	})
}
de-global services() from api 2024-07-16 08:05:25 +00:00			`use axum::extract::State;`
Database Refactor 2024-08-08 17:18:30 +00:00			`use futures::{pin_mut, StreamExt};`
Hide users from user directory if they are only in private rooms and they don't share a room 2022-06-18 11:17:09 +00:00			`use ruma::{`
			`api::client::user_directory::search_users,`
			`events::{`
			`room::join_rules::{JoinRule, RoomJoinRulesEventContent},`
			`StateEventType,`
			`},`
			`};`
refactor: put endpoints into modules 2020-07-30 18:14:47 +02:00
de-global services() from api 2024-07-16 08:05:25 +00:00			`use crate::{Result, Ruma};`
add rustfmt.toml, format entire codebase 2024-03-05 19:48:54 -05:00
docs: documentation for every endpoint 2021-08-31 19:14:37 +02:00			/// # `POST /_matrix/client/r0/user_directory/search`
			`///`
			`/// Searches all known users for a match.`
			`///`
Hide users from user directory if they are only in private rooms and they don't share a room 2022-06-18 11:17:09 +00:00			`/// - Hides any local users that aren't in any public rooms (i.e. those that`
fix doc-lazy-continuation 2024-06-16 00:36:49 +00:00			`/// have the join rule set to public) and don't share a room with the sender`
de-global services() from api 2024-07-16 08:05:25 +00:00			`pub(crate) async fn search_users_route(`
			`State(services): State<crate::State>, body: Ruma<search_users::v3::Request>,`
			`) -> Result<search_users::v3::Response> {`
Hide users from user directory if they are only in private rooms and they don't share a room 2022-06-18 11:17:09 +00:00			`let sender_user = body.sender_user.as_ref().expect("user is authenticated");`
resolve almost all as_conversions lints 2024-05-04 09:45:37 -04:00			`let limit = usize::try_from(body.limit).unwrap_or(10); // default limit is 10`
refactor: put endpoints into modules 2020-07-30 18:14:47 +02:00
Database Refactor 2024-08-08 17:18:30 +00:00			`let users = services.users.stream().filter_map(\|user_id\| async {`
refactor: put endpoints into modules 2020-07-30 18:14:47 +02:00			`// Filter out buggy users (they should not exist, but you never know...)`
update ruma 2022-02-18 15:33:14 +01:00			`let user = search_users::v3::User {`
Database Refactor 2024-08-08 17:18:30 +00:00			`user_id: user_id.to_owned(),`
			`display_name: services.users.displayname(user_id).await.ok(),`
			`avatar_url: services.users.avatar_url(user_id).await.ok(),`
refactor: put endpoints into modules 2020-07-30 18:14:47 +02:00			`};`

use chain_width 60 2024-03-25 17:05:11 -04:00			`let user_id_matches = user`
			`.user_id`
			`.to_string()`
			`.to_lowercase()`
			`.contains(&body.search_term.to_lowercase());`
apply lint suggestions and version bump 2021-07-14 12:31:38 +02:00
			`let user_displayname_matches = user`
			`.display_name`
			`.as_ref()`
use chain_width 60 2024-03-25 17:05:11 -04:00			`.filter(\|name\| {`
			`name.to_lowercase()`
			`.contains(&body.search_term.to_lowercase())`
			`})`
apply lint suggestions and version bump 2021-07-14 12:31:38 +02:00			`.is_some();`

			`if !user_id_matches && !user_displayname_matches {`
refactor: put endpoints into modules 2020-07-30 18:14:47 +02:00			`return None;`
			`}`

dont leak users in room directory if sender is not allowed to see them 2024-03-13 11:37:28 -04:00			`// It's a matching user, but is the sender allowed to see them?`
			`let mut user_visible = false;`

de-global services() from api 2024-07-16 08:05:25 +00:00			`let user_is_in_public_rooms = services`
use chain_width 60 2024-03-25 17:05:11 -04:00			`.rooms`
			`.state_cache`
Database Refactor 2024-08-08 17:18:30 +00:00			`.rooms_joined(&user.user_id)`
			`.any(\|room\| async move {`
de-global services() from api 2024-07-16 08:05:25 +00:00			`services`
use chain_width 60 2024-03-25 17:05:11 -04:00			`.rooms`
			`.state_accessor`
Database Refactor 2024-08-08 17:18:30 +00:00			`.room_state_get(room, &StateEventType::RoomJoinRules, "")`
			`.await`
use chain_width 60 2024-03-25 17:05:11 -04:00			`.map_or(false, \|event\| {`
Database Refactor 2024-08-08 17:18:30 +00:00			`serde_json::from_str(event.content.get())`
			`.map_or(false, \|r: RoomJoinRulesEventContent\| r.join_rule == JoinRule::Public)`
use chain_width 60 2024-03-25 17:05:11 -04:00			`})`
Database Refactor 2024-08-08 17:18:30 +00:00			`})`
			`.await;`
Hide users from user directory if they are only in private rooms and they don't share a room 2022-06-18 11:17:09 +00:00
			`if user_is_in_public_rooms {`
dont leak users in room directory if sender is not allowed to see them 2024-03-13 11:37:28 -04:00			`user_visible = true;`
			`} else {`
de-global services() from api 2024-07-16 08:05:25 +00:00			`let user_is_in_shared_rooms = services`
use chain_width 60 2024-03-25 17:05:11 -04:00			`.rooms`
			`.user`
Database Refactor 2024-08-08 17:18:30 +00:00			`.has_shared_rooms(sender_user, &user.user_id)`
			`.await;`
Hide users from user directory if they are only in private rooms and they don't share a room 2022-06-18 11:17:09 +00:00
dont leak users in room directory if sender is not allowed to see them 2024-03-13 11:37:28 -04:00			`if user_is_in_shared_rooms {`
			`user_visible = true;`
			`}`
			`}`
Hide users from user directory if they are only in private rooms and they don't share a room 2022-06-18 11:17:09 +00:00
Database Refactor 2024-08-08 17:18:30 +00:00			`user_visible.then_some(user)`
refactor: put endpoints into modules 2020-07-30 18:14:47 +02:00			`});`

Database Refactor 2024-08-08 17:18:30 +00:00			`pin_mut!(users);`

			`let limited = users.by_ref().next().await.is_some();`

			`let results = users.take(limit).collect().await;`
refactor: put endpoints into modules 2020-07-30 18:14:47 +02:00
update ruma 2022-02-18 15:33:14 +01:00			`Ok(search_users::v3::Response {`
			`results,`
			`limited,`
			`})`
refactor: put endpoints into modules 2020-07-30 18:14:47 +02:00			`}`