From d2852fdba4f334996f3d29c4b73519209e551522 Mon Sep 17 00:00:00 2001
From: ansuz <git@ansuz.xyz>
Date: Wed, 26 Jan 2022 03:58:29 +0530
Subject: [PATCH] perform extra validation for private message rpc

---
 lib/commands/channel.js | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/lib/commands/channel.js b/lib/commands/channel.js
index 5f8216434..1e4f698ae 100644
--- a/lib/commands/channel.js
+++ b/lib/commands/channel.js
@@ -258,6 +258,11 @@ Channel.writePrivateMessage = function (Env, args, _cb, Server, netfluxId) {
                 return void cb('METADATA_ERR');
             }
 
+            // treat the broadcast channel as write-protected
+            if (channelId.length === HK.ADMIN_CHANNEL_LENGTH) {
+                metadata.restricted = true;
+            }
+
             if (!metadata || !metadata.restricted) {
                 return;
             }
@@ -265,10 +270,6 @@ Channel.writePrivateMessage = function (Env, args, _cb, Server, netfluxId) {
             var session = HK.getNetfluxSession(Env, netfluxId);
             var allowed = HK.listAllowedUsers(metadata);
 
-            // Special broadcast channel
-            if (channelId.length === HK.ADMIN_CHANNEL_LENGTH) {
-                allowed = Env.admins;
-            }
 
             if (HK.isUserSessionAllowed(allowed, session)) { return; }