From da6106db8e6abae46e172181e68f4713b8b675ae Mon Sep 17 00:00:00 2001
From: Antonio Scandurra <me@as-cii.com>
Date: Mon, 3 Oct 2022 15:54:20 +0200
Subject: [PATCH] Prevent calls from users who aren't contacts

---
 crates/collab/src/rpc.rs | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/crates/collab/src/rpc.rs b/crates/collab/src/rpc.rs
index 31f99759cd12a8bdb816f7b54cdc7838ef8f71b4..64d81b51d7ffea4f20c96ddf65c7d0da33f7eab8 100644
--- a/crates/collab/src/rpc.rs
+++ b/crates/collab/src/rpc.rs
@@ -654,7 +654,20 @@ impl Server {
         request: TypedEnvelope<proto::Call>,
         response: Response<proto::Call>,
     ) -> Result<()> {
+        let caller_user_id = self
+            .store()
+            .await
+            .user_id_for_connection(request.sender_id)?;
         let recipient_user_id = UserId::from_proto(request.payload.recipient_user_id);
+        if !self
+            .app_state
+            .db
+            .has_contact(caller_user_id, recipient_user_id)
+            .await?
+        {
+            return Err(anyhow!("cannot call a user who isn't a contact"))?;
+        }
+
         let room_id = request.payload.room_id;
         let mut calls = {
             let mut store = self.store().await;