add lockdown_public_room_directory config option
Signed-off-by: strawberry <strawberry@puppygock.gay>
This commit is contained in:
strawberry
June
parent
00ddc1c88e
commit
72b60c4770
|
|
@ -217,6 +217,12 @@ allow_public_room_directory_over_federation = false
|
|||
# authentication (access token) through the Client APIs. Set this to false to protect against /publicRooms spiders.
|
||||
allow_public_room_directory_without_auth = false
|
||||
|
||||
# Set this to true to lock down your server's public room directory and only allow admins to publish rooms to the room directory.
|
||||
# Unpublishing is still allowed by all users with this enabled.
|
||||
#
|
||||
# Defaults to false
|
||||
lockdown_public_room_directory = false
|
||||
|
||||
# Set this to true to allow federating device display names / allow external users to see your device display name.
|
||||
# If federation is disabled entirely (`allow_federation`), this is inherently false. For privacy, this is best disabled.
|
||||
allow_device_name_federation = false
|
||||
|
|
|
|||
|
|
@ -102,8 +102,21 @@ pub async fn set_room_visibility_route(
|
|||
|
||||
match &body.visibility {
|
||||
room::Visibility::Public => {
|
||||
if services().globals.config.lockdown_public_room_directory && !services().users.is_admin(sender_user)? {
|
||||
info!(
|
||||
"Non-admin user {sender_user} tried to publish {0} to the room directory while \
|
||||
\"lockdown_public_room_directory\" is enabled",
|
||||
body.room_id
|
||||
);
|
||||
|
||||
return Err(Error::BadRequest(
|
||||
ErrorKind::Forbidden,
|
||||
"Publishing rooms to the room directory is not allowed",
|
||||
));
|
||||
}
|
||||
|
||||
services().rooms.directory.set_public(&body.room_id)?;
|
||||
info!("{} made {} public", sender_user, body.room_id);
|
||||
info!("{sender_user} made {0} public", body.room_id);
|
||||
},
|
||||
room::Visibility::Private => services().rooms.directory.set_not_public(&body.room_id)?,
|
||||
_ => {
|
||||
|
|
|
|||
|
|
@ -117,6 +117,8 @@ pub struct Config {
|
|||
#[serde(default)]
|
||||
pub allow_public_room_directory_without_auth: bool,
|
||||
#[serde(default)]
|
||||
pub lockdown_public_room_directory: bool,
|
||||
#[serde(default)]
|
||||
pub allow_device_name_federation: bool,
|
||||
#[serde(default = "true_fn")]
|
||||
pub allow_room_creation: bool,
|
||||
|
|
@ -420,6 +422,10 @@ impl fmt::Display for Config {
|
|||
"Allow public room directory without authentication",
|
||||
&self.allow_public_room_directory_without_auth.to_string(),
|
||||
),
|
||||
(
|
||||
"Lockdown public room directory (only allow admins to publish)",
|
||||
&self.lockdown_public_room_directory.to_string(),
|
||||
),
|
||||
(
|
||||
"JWT secret",
|
||||
match self.jwt_secret {
|
||||
|
|
|
|||
Loading…
Reference in New Issue