Ergo sending `BATCH` to the client without previous negotiation - Githubissues

ergochat / ergo

A modern IRC server (daemon/ircd) written in Go.

https://ergo.chat/

MIT License

2.27k stars 180 forks source link

Ergo sending `BATCH` to the client without previous negotiation #2066

Closed julio-b closed 1 year ago

julio-b commented 1 year ago

Steps to reproduce

request draft/chathistory but do not request batch

Actual behavior

trimmed down a bit

C: CAP REQ :draft/chathistory
...
C: CHATHISTORY TARGETS timestamp=2023-01-01T00:00:00.000Z timestamp=2023-01-02T00:00:00.000Z 50
S: ergo BATCH +1 draft/chathistory-targets
S: ergo BATCH -1

Expected behavior

server should never send BATCH to the client because it was never requested

Code

As you can see in irc/handlers.go:657 batch is used without checking client's capabilities.

slingamn commented 1 year ago

Thanks! It looks like for normal chathistory subcommands (LATEST, AFTER, etc.), this is properly gated on the capability:

https://github.com/ergochat/ergo/blob/bf33fba33a7a5326510dd643ddf92a57cfaec841/irc/responsebuffer.go#L224-L233

but I forgot to do it for TARGETS.