deny invite consumption for banned keys

web/errors/badrequest.go

@@ -34,3 +34,5 @@ func (f ErrForbidden) Error() string {
 }
 
 var ErrNotAuthorized = errors.New("rooms/web: not authorized")
+
+var ErrDenied = errors.New("rooms: this key has been banned")

web/handlers/http.go

@@ -309,6 +309,7 @@ func New(
 		config:        dbs.Config,
 		pinnedNotices: dbs.PinnedNotices,
 		invites:       dbs.Invites,
+		deniedKeys:    dbs.DeniedKeys,
 
 		networkInfo: netInfo,
 	}

web/handlers/invites.go

@@ -30,6 +30,7 @@ type inviteHandler struct {
 	invites       roomdb.InvitesService
 	pinnedNotices roomdb.PinnedNoticesService
 	config        roomdb.RoomConfig
+	deniedKeys    roomdb.DeniedKeysService
 
 	networkInfo network.ServerEndpointDetails
 }
@@ -151,9 +152,9 @@ func (h inviteHandler) consume(rw http.ResponseWriter, req *http.Request) {
 	var (
 		token     string
 		newMember refs.FeedRef
-
-		resp inviteConsumeResponder
+		resp      inviteConsumeResponder
 	)
+
 	ct := req.Header.Get("Content-Type")
 	switch ct {
 	case "application/json":
@@ -171,7 +172,6 @@ func (h inviteHandler) consume(rw http.ResponseWriter, req *http.Request) {
 
 		newMember = body.ID
 		token = body.Invite
-
 	case "application/x-www-form-urlencoded":
 		resp = newinviteConsumeHTMLResponder(h.render, rw, req)
 
@@ -190,11 +190,17 @@ func (h inviteHandler) consume(rw http.ResponseWriter, req *http.Request) {
 			return
 		}
 		newMember = *parsedID
-
 	default:
 		http.Error(rw, fmt.Sprintf("unhandled Content-Type (%q)", ct), http.StatusBadRequest)
 		return
 	}
+
+	// before consuming the invite: check if the invitee is banned
+	if h.deniedKeys.HasFeed(req.Context(), newMember) {
+		resp.SendError(weberrors.ErrDenied)
+		return
+	}
+
 	resp.UpdateMultiserverAddr(h.networkInfo.MultiserverAddress())
 
 	inv, err := h.invites.Consume(req.Context(), token, newMember)