Add validation of auth events for events

lib/matrix_server/room_server.ex

@@ -1,7 +1,9 @@
 defmodule MatrixServer.RoomServer do
   use GenServer
 
-  alias MatrixServer.{Repo, Room, Event, Account}
+  import Ecto.Query
+
+  alias MatrixServer.{Repo, Room, Event, Account, StateResolution}
   alias MatrixServerWeb.API.CreateRoom
 
   @registry MatrixServer.RoomServer.Registry
@@ -43,11 +45,33 @@ defmodule MatrixServer.RoomServer do
          %CreateRoom{room_version: room_version},
          room_id
        ) do
-    state_set =
-      Event.create_room(room_id, MatrixServer.get_mxid(localpart), room_version)
-      |> Repo.insert!()
-      |> MatrixServer.StateResolution.resolve(true)
+    create_room_event = Event.create_room(room_id, MatrixServer.get_mxid(localpart), room_version)
+    verify_event(create_room_event)
+    |> IO.inspect()
 
-    {:ok, state_set}
+    {:ok, %{}}
+  end
+
+  defp verify_event(%Event{auth_events: auth_event_ids} = event) do
+    # Check the following things:
+    # 1. TODO: Is a valid event, otherwise it is dropped.
+    # 2. TODO: Passes signature checks, otherwise it is dropped.
+    # 3. TODO: Passes hash checks, otherwise it is redacted before being processed further.
+    # 4. Passes authorization rules based on the event's auth events, otherwise it is rejected.
+    # 5. Passes authorization rules based on the state at the event, otherwise it is rejected.
+    # 6. TODO: Passes authorization rules based on the current state of the room, otherwise it is "soft failed".
+    if StateResolution.is_authorized_by_auth_events(event) do
+      auth_events =
+        Event
+        |> where([e], e.event_id in ^auth_event_ids)
+        |> select([e], {e.event_id, e})
+        |> Repo.all()
+        |> Enum.into(%{})
+      # TODO: make the state set a mapping to Event struct.
+      state_set = StateResolution.resolve(event, false)
+      StateResolution.is_authorized(event, state_set, auth_events)
+    else
+      false
+    end
   end
 end