From 065396f8f502e1b206c37b0d7dea92f79bfd8634 Mon Sep 17 00:00:00 2001 From: strawberry Date: Sun, 27 Oct 2024 12:37:44 -0400 Subject: [PATCH] better document allow_inbound_profile_lookup_federation_requests Signed-off-by: strawberry --- src/api/server/publicrooms.rs | 3 ++- src/api/server/query.rs | 6 +++++- src/core/config/mod.rs | 21 ++++++++++++++++----- src/service/globals/mod.rs | 4 ---- 4 files changed, 23 insertions(+), 11 deletions(-) diff --git a/src/api/server/publicrooms.rs b/src/api/server/publicrooms.rs index af8a5846..f6c41859 100644 --- a/src/api/server/publicrooms.rs +++ b/src/api/server/publicrooms.rs @@ -20,7 +20,8 @@ pub(crate) async fn get_public_rooms_filtered_route( ) -> Result { if !services .globals - .allow_public_room_directory_over_federation() + .config + .allow_public_room_directory_over_federation { return Err(Error::BadRequest(ErrorKind::forbidden(), "Room directory is not public")); } diff --git a/src/api/server/query.rs b/src/api/server/query.rs index 348b8c6e..bf515b3c 100644 --- a/src/api/server/query.rs +++ b/src/api/server/query.rs @@ -63,7 +63,11 @@ pub(crate) async fn get_room_information_route( pub(crate) async fn get_profile_information_route( State(services): State, body: Ruma, ) -> Result { - if !services.globals.allow_profile_lookup_federation_requests() { + if !services + .globals + .config + .allow_inbound_profile_lookup_federation_requests + { return Err(Error::BadRequest( ErrorKind::forbidden(), "Profile lookup over federation is not allowed on this homeserver.", diff --git a/src/core/config/mod.rs b/src/core/config/mod.rs index 04e44fd7..7a5c6d08 100644 --- a/src/core/config/mod.rs +++ b/src/core/config/mod.rs @@ -458,11 +458,16 @@ pub struct Config { /// obtain the profiles of our local users from /// `/_matrix/federation/v1/query/profile` /// - /// This is inherently false if `allow_federation` is disabled + /// Increases privacy of your local user's such as display names, but some + /// remote users may get a false "this user does not exist" error when they + /// try to invite you to a DM or room. Also can protect against profile + /// spiders. /// - /// Defaults to true - #[serde(default = "true_fn")] - pub allow_profile_lookup_federation_requests: bool, + /// Defaults to true. + /// + /// This is inherently false if `allow_federation` is disabled + #[serde(default = "true_fn", alias = "allow_profile_lookup_federation_requests")] + pub allow_inbound_profile_lookup_federation_requests: bool, /// controls whether users are allowed to create rooms. /// appservices and admins are always allowed to create rooms @@ -1530,6 +1535,10 @@ impl fmt::Display for Config { line("Allow encryption", &self.allow_encryption.to_string()); line("Allow federation", &self.allow_federation.to_string()); line("Federation loopback", &self.federation_loopback.to_string()); + line( + "Require authentication for profile requests", + &self.require_auth_for_profile_requests.to_string(), + ); line( "Allow incoming federated presence requests (updates)", &self.allow_incoming_presence.to_string(), @@ -1577,7 +1586,9 @@ impl fmt::Display for Config { line("Allow device name federation", &self.allow_device_name_federation.to_string()); line( "Allow incoming profile lookup federation requests", - &self.allow_profile_lookup_federation_requests.to_string(), + &self + .allow_inbound_profile_lookup_federation_requests + .to_string(), ); line( "Auto deactivate banned room join attempts", diff --git a/src/service/globals/mod.rs b/src/service/globals/mod.rs index 157c3944..0a7dda9f 100644 --- a/src/service/globals/mod.rs +++ b/src/service/globals/mod.rs @@ -212,10 +212,6 @@ impl Service { pub fn turn_username(&self) -> &String { &self.config.turn_username } - pub fn allow_profile_lookup_federation_requests(&self) -> bool { - self.config.allow_profile_lookup_federation_requests - } - pub fn notification_push_path(&self) -> &String { &self.config.notification_push_path } pub fn emergency_password(&self) -> &Option { &self.config.emergency_password }