add config option to control sending admin notices of alerts

Signed-off-by: strawberry <strawberry@puppygock.gay>
This commit is contained in:
strawberry 2024-10-24 22:19:18 -04:00
parent 0760150822
commit 75be68fa61
No known key found for this signature in database
6 changed files with 128 additions and 76 deletions

View File

@ -351,6 +351,14 @@ allow_profile_lookup_federation_requests = true
# defaults to true
#admin_escape_commands = true
# Controls whether admin room notices like account registrations, password changes, account deactivations,
# room directory publications, etc will be sent to the admin room.
#
# Update notices and normal admin command responses will still be sent.
#
# defaults to true
#admin_room_notices = true
### Misc

View File

@ -310,6 +310,8 @@ pub(crate) async fn register_route(
if body.appservice_info.is_none() && !is_guest {
if !device_display_name.is_empty() {
info!("New user \"{user_id}\" registered on this server with device display name: {device_display_name}");
if services.globals.config.admin_room_notices {
services
.admin
.send_message(RoomMessageEventContent::notice_plain(format!(
@ -317,8 +319,11 @@ pub(crate) async fn register_route(
\"{device_display_name}\""
)))
.await;
}
} else {
info!("New user \"{user_id}\" registered on this server.");
if services.globals.config.admin_room_notices {
services
.admin
.send_message(RoomMessageEventContent::notice_plain(format!(
@ -327,28 +332,35 @@ pub(crate) async fn register_route(
.await;
}
}
}
// log in conduit admin channel if a guest registered
if body.appservice_info.is_none() && is_guest && services.globals.log_guest_registrations() {
info!("New guest user \"{user_id}\" registered on this server.");
if !device_display_name.is_empty() {
if services.globals.config.admin_room_notices {
services
.admin
.send_message(RoomMessageEventContent::notice_plain(format!(
"Guest user \"{user_id}\" with device display name \"{device_display_name}\" registered on this \
server from IP {client}"
"Guest user \"{user_id}\" with device display name \"{device_display_name}\" registered on \
this server from IP {client}"
)))
.await;
}
} else {
#[allow(clippy::collapsible_else_if)]
if services.globals.config.admin_room_notices {
services
.admin
.send_message(RoomMessageEventContent::notice_plain(format!(
"Guest user \"{user_id}\" with no device display name registered on this server from IP {client}",
"Guest user \"{user_id}\" with no device display name registered on this server from IP \
{client}",
)))
.await;
}
}
}
// If this is the first real user, grant them admin privileges except for guest
// users Note: the server user, @conduit:servername, is generated first
@ -481,12 +493,15 @@ pub(crate) async fn change_password_route(
}
info!("User {sender_user} changed their password.");
if services.globals.config.admin_room_notices {
services
.admin
.send_message(RoomMessageEventContent::notice_plain(format!(
"User {sender_user} changed their password."
)))
.await;
}
Ok(change_password::v3::Response {})
}
@ -572,12 +587,15 @@ pub(crate) async fn deactivate_route(
full_user_deactivate(&services, sender_user, all_joined_rooms).await?;
info!("User {sender_user} deactivated their account.");
if services.globals.config.admin_room_notices {
services
.admin
.send_message(RoomMessageEventContent::notice_plain(format!(
"User {sender_user} deactivated their account."
)))
.await;
}
Ok(deactivate::v3::Response {
id_server_unbind_result: ThirdPartyIdRemovalStatus::NoSupport,

View File

@ -146,6 +146,8 @@ pub(crate) async fn set_room_visibility_route(
\"lockdown_public_room_directory\" is enabled",
body.room_id
);
if services.globals.config.admin_room_notices {
services
.admin
.send_text(&format!(
@ -154,6 +156,7 @@ pub(crate) async fn set_room_visibility_route(
body.room_id
))
.await;
}
return Err(Error::BadRequest(
ErrorKind::forbidden(),
@ -162,10 +165,13 @@ pub(crate) async fn set_room_visibility_route(
}
services.rooms.directory.set_public(&body.room_id)?;
if services.globals.config.admin_room_notices {
services
.admin
.send_text(&format!("{sender_user} made {} public to the room directory", body.room_id))
.await;
}
info!("{sender_user} made {0} public to the room directory", body.room_id);
},
room::Visibility::Private => services.rooms.directory.set_not_public(&body.room_id)?,

View File

@ -71,6 +71,8 @@ async fn banned_room_check(
if services.globals.config.auto_deactivate_banned_room_attempts {
warn!("Automatically deactivating user {user_id} due to attempted banned room join");
if services.globals.config.admin_room_notices {
services
.admin
.send_message(RoomMessageEventContent::text_plain(format!(
@ -78,6 +80,7 @@ async fn banned_room_check(
{client_ip}"
)))
.await;
}
let all_joined_rooms: Vec<OwnedRoomId> = services
.rooms
@ -108,6 +111,8 @@ async fn banned_room_check(
if services.globals.config.auto_deactivate_banned_room_attempts {
warn!("Automatically deactivating user {user_id} due to attempted banned room join");
if services.globals.config.admin_room_notices {
services
.admin
.send_message(RoomMessageEventContent::text_plain(format!(
@ -115,6 +120,7 @@ async fn banned_room_check(
{client_ip}"
)))
.await;
}
let all_joined_rooms: Vec<OwnedRoomId> = services
.rooms

View File

@ -103,6 +103,8 @@ pub(crate) async fn create_room_route(
\"lockdown_public_room_directory\" is enabled",
&room_id
);
if services.globals.config.admin_room_notices {
services
.admin
.send_text(&format!(
@ -111,6 +113,7 @@ pub(crate) async fn create_room_route(
&room_id
))
.await;
}
return Err!(Request(Forbidden("Publishing rooms to the room directory is not allowed")));
}
@ -473,10 +476,13 @@ pub(crate) async fn create_room_route(
if body.visibility == room::Visibility::Public {
services.rooms.directory.set_public(&room_id)?;
if services.globals.config.admin_room_notices {
services
.admin
.send_text(&format!("{sender_user} made {} public to the room directory", &room_id))
.await;
}
info!("{sender_user} made {0} public to the room directory", &room_id);
}

View File

@ -377,6 +377,13 @@ pub struct Config {
#[serde(default)]
pub test: BTreeSet<String>,
/// Controls whether admin room notices like account registrations, password
/// changes, account deactivations, room directory publications, etc will
/// be sent to the admin room. Update notices and normal admin command
/// responses will still be sent.
#[serde(default = "true_fn")]
pub admin_room_notices: bool,
#[serde(flatten)]
#[allow(clippy::zero_sized_map_values)] // this is a catchall, the map shouldn't be zero at runtime
catchall: BTreeMap<String, IgnoredAny>,
@ -867,6 +874,7 @@ impl fmt::Display for Config {
.map_or("", |url| url.as_str()),
);
line("Enable the tokio-console", &self.tokio_console.to_string());
line("Admin room notices", &self.admin_room_notices.to_string());
Ok(())
}