dolysis/conduwuit
3
0
Fork 0
mirror of https://github.com/girlbossceo/conduwuit.git synced 2024-12-02 20:54:41 +00:00
Code Issues Packages Projects Releases Wiki Activity
4219 commits 28 branches 14 tags 16 MiB
Commit graph

679 commits

Author SHA1 Message Date
strawberry 197a02bf8d fix(fed): dont reject /event/ on world readable rooms 
Signed-off-by: strawberry <strawberry@puppygock.gay>
 2024-06-07 15:10:00 -04:00
strawberry 8103bd7310 fix(fed): dont reject /backfill/ on world readable rooms 
Signed-off-by: strawberry <strawberry@puppygock.gay>
 2024-06-07 15:10:00 -04:00
strawberry 81487e3f07 fix(fed): dont reject /get_missing_events on world readable rooms 
Signed-off-by: strawberry <strawberry@puppygock.gay>
 2024-06-07 15:10:00 -04:00
strawberry bfbb29dded add is_world_readable state_accessor func, use self instead of services() 
Signed-off-by: strawberry <strawberry@puppygock.gay>
 2024-06-07 15:10:00 -04:00
strawberry 1cc7cf54a7 add config option to allow guests to access TURN server 
`turn_allow_guests`

Signed-off-by: strawberry <strawberry@puppygock.gay>
 2024-06-07 15:09:59 -04:00
Jason Volk 3ada847570 extract client ip from connection state 
Signed-off-by: Jason Volk <jason@zemos.net>
 2024-06-07 02:00:28 +00:00
Jason Volk aebae11c82 reintroduce the variadic macro for ruma handler. 
Signed-off-by: Jason Volk <jason@zemos.net>
 2024-06-07 02:00:28 +00:00
Jason Volk f871d8fd4e move impl FromRequest for Ruma up one level; some cleanup 
Signed-off-by: Jason Volk <jason@zemos.net>
 2024-06-07 02:00:28 +00:00
Jason Volk 73718a1208 elminate generic argument in ruma_wrapper::auth 
Signed-off-by: Jason Volk <jason@zemos.net>
 2024-06-06 18:21:40 +00:00
Jason Volk f32380772f rename api::client_server to api::client 
Signed-off-by: Jason Volk <jason@zemos.net>
 2024-06-06 18:21:40 +00:00
Jason Volk 3af153f5ae split s2s into units 
Signed-off-by: Jason Volk <jason@zemos.net>
 2024-06-06 04:41:27 -04:00
strawberry b781771a9b media: drop Content-Type detection support 
Signed-off-by: strawberry <strawberry@puppygock.gay>
 2024-06-05 16:33:53 -04:00
strawberry df8ba04e31 media: trust client Content-Type again 
Signed-off-by: strawberry <strawberry@puppygock.gay>
 2024-06-05 16:33:53 -04:00
Jason Volk 732e8b82aa Abstract password hashing into util. 
Signed-off-by: Jason Volk <jason@zemos.net>
 2024-06-05 03:00:23 +00:00
strawberry 919735b4ce remove usages of &String and &Owned[..] 
Signed-off-by: strawberry <strawberry@puppygock.gay>
 2024-06-03 14:17:42 -04:00
strawberry f6fa2a4f65 use swap_remove instead of remove in a few places 
`swap_remove` is faster if we don't care about the order (O(1))

Signed-off-by: strawberry <strawberry@puppygock.gay>
 2024-06-03 00:10:28 -04:00
strawberry 9a5f1dac57 drop unnecessarily verbose get_alias_helper logging 
Signed-off-by: strawberry <strawberry@puppygock.gay>
 2024-06-03 00:10:28 -04:00
strawberry 9b096cc67b fix: check if you've left the room before forgetting it 
Signed-off-by: strawberry <strawberry@puppygock.gay>
 2024-06-02 23:53:31 -04:00
strawberry f0533e07ef fed: remove unnecessary mutables, use with_capacity in couple more places 
Signed-off-by: strawberry <strawberry@puppygock.gay>
 2024-06-02 23:53:31 -04:00
strawberry 68f42f5a2f fed: relax read receipt EDU check 
so in theory: guest users, peaking over federation,
and world readable rooms should be allowed to send
read receipts even if they're not joined.

relaxing this check to only allow the read receipt if
the server has at least 1 member in the room makes
some of this still work

Signed-off-by: strawberry <strawberry@puppygock.gay>
 2024-06-02 23:53:31 -04:00
strawberry 4aead5de7a reflax a couple restrictions on custom room IDs and aliases 
🙃

Signed-off-by: strawberry <strawberry@puppygock.gay>
 2024-06-02 23:53:31 -04:00
Jason Volk 887496d040 consolidate default cargo features 
Signed-off-by: Jason Volk <jason@zemos.net>
 2024-06-02 23:01:12 +00:00
Jason Volk c2586737ae accept receipts prior to events 
Signed-off-by: Jason Volk <jason@zemos.net>
 2024-06-02 23:01:12 +00:00
Jason Volk 102bd1b4a6 use debug_warn for parse_incoming_pdu err results. 
Signed-off-by: Jason Volk <jason@zemos.net>
 2024-06-02 23:01:12 +00:00
Jason Volk 90d9a997a5 split / cleanup core utils. 
Signed-off-by: Jason Volk <jason@zemos.net>
 2024-06-02 20:17:45 +00:00
Jason Volk 5fe5ab279c split RouterExt impl related into ruma_wrapper unit. 
slightly restrict client_server mod index.

Signed-off-by: Jason Volk <jason@zemos.net>
 2024-06-02 20:17:45 +00:00
Jason Volk 68cbf19154 Fix items-after-statements 
Signed-off-by: Jason Volk <jason@zemos.net>
 2024-06-02 12:34:05 -04:00
Jason Volk 02081b66c4 Fix some unnecessary-unwraps w/ addl cleanup/simplification. 
Signed-off-by: Jason Volk <jason@zemos.net>
 2024-06-02 12:34:05 -04:00
Jason Volk b3fc8516ed Fix unnested-or-patterns 
Signed-off-by: Jason Volk <jason@zemos.net>
 2024-06-02 12:34:05 -04:00
Jason Volk eed8a2a801 add and sort incomplete package metadata 
Signed-off-by: Jason Volk <jason@zemos.net>
 2024-06-02 12:34:05 -04:00
strawberry a41a60ef07 media: dont ignore requested filename on /download for Content-Disposition 
Signed-off-by: strawberry <strawberry@puppygock.gay>
 2024-05-27 18:16:23 -04:00
Jason Volk b94045a468 dissolve key_value/* 
Signed-off-by: Jason Volk <jason@zemos.net>
 2024-05-27 18:16:23 -04:00
Jason Volk 3122648767 split ruma_wrapper from_request() related. 
Signed-off-by: Jason Volk <jason@zemos.net>
 2024-05-27 18:16:23 -04:00
Jason Volk 3f5349ad76 simplify RumaHandler for Router building. 
Signed-off-by: Jason Volk <jason@zemos.net>
 2024-05-27 18:16:23 -04:00
Jason Volk 27dcf213f1 tweak error strings. 
Signed-off-by: Jason Volk <jason@zemos.net>
 2024-05-27 18:16:23 -04:00
Jason Volk a1b526b3b7 tweak log levels 
Signed-off-by: Jason Volk <jason@zemos.net>
 2024-05-27 18:16:23 -04:00
Jason Volk dc614e11d6 check invite target is our server. 
Signed-off-by: Jason Volk <jason@zemos.net>
 2024-05-27 18:16:23 -04:00
Jason Volk c5569b4c6e dedup acl checks 
Signed-off-by: Jason Volk <jason@zemos.net>
 2024-05-27 18:16:23 -04:00
Jason Volk 71a1285c7b hoist receipt ACL check 
Signed-off-by: Jason Volk <jason@zemos.net>
 2024-05-27 18:16:23 -04:00
strawberry abdda6cf32 check invited user's server against ACLs on /invite 
Signed-off-by: strawberry <strawberry@puppygock.gay>
 2024-05-27 18:16:23 -04:00
strawberry 4d21f9d962 use ok_or_else instead of ok_or for function calls in server_server.rs 
Signed-off-by: strawberry <strawberry@puppygock.gay>
 2024-05-27 18:16:23 -04:00
strawberry 1013fe5a42 check for membership join state at /send_join 
Signed-off-by: strawberry <strawberry@puppygock.gay>
 2024-05-27 18:16:23 -04:00
strawberry f31b7b9420 ignore inbound EDUs for users that dont belong to origin server 
Signed-off-by: strawberry <strawberry@puppygock.gay>
 2024-05-27 18:16:23 -04:00
strawberry e5e358cc68 compare X-Matrix origin + body origin and check PDU/EDU length at /send txn 
Signed-off-by: strawberry <strawberry@puppygock.gay>
 2024-05-27 18:16:23 -04:00
strawberry 50bc7cc005 check state_key matches sender user at /send_leave 
Signed-off-by: strawberry <strawberry@puppygock.gay>
 2024-05-27 18:16:23 -04:00
strawberry 445015e9ea check user ID server against ACLs at /send_leave 
Signed-off-by: strawberry <strawberry@puppygock.gay>
 2024-05-27 18:16:23 -04:00
strawberry 7a38c12e5d check for member event type at /send_leave 
Signed-off-by: strawberry <strawberry@puppygock.gay>
 2024-05-27 18:16:23 -04:00
strawberry 2a77951152 check for membership leave state at /send_leave 
Signed-off-by: strawberry <strawberry@puppygock.gay>
 2024-05-27 18:16:23 -04:00
strawberry 0256c27363 check if we know about room at /make_leave 
Signed-off-by: strawberry <strawberry@puppygock.gay>
 2024-05-27 18:16:23 -04:00
strawberry 826edc0a3a check state_key matches sender user at /send_join 
Signed-off-by: strawberry <strawberry@puppygock.gay>
 2024-05-27 18:16:23 -04:00
strawberry a5043a38e1 only allow membership event types at /send_join 
Signed-off-by: strawberry <strawberry@puppygock.gay>
 2024-05-27 18:16:23 -04:00
strawberry bfd471a863 check user ID server against ACLs for /send_join 
Signed-off-by: strawberry <strawberry@puppygock.gay>
 2024-05-27 18:16:23 -04:00
strawberry 3981e77ec6 check user ID server against ACLs for /make_join 
Signed-off-by: strawberry <strawberry@puppygock.gay>
 2024-05-27 18:16:23 -04:00
strawberry 81bf4b7150 check user ID server against ACLs for /make_leave 
Signed-off-by: strawberry <strawberry@puppygock.gay>
 2024-05-27 18:16:23 -04:00
strawberry b8ec763a7c ignore read receipts from ACL'd servers and users not joined 
Signed-off-by: strawberry <strawberry@puppygock.gay>
 2024-05-27 18:16:23 -04:00
strawberry 003d4edbfa debug log receiving typing EDUs for users not in room 
Signed-off-by: strawberry <strawberry@puppygock.gay>
 2024-05-27 18:16:23 -04:00
strawberry 4f0006d18a ignore typing EDUs from ACL'd user's servers 
Signed-off-by: strawberry <strawberry@puppygock.gay>
 2024-05-27 18:16:23 -04:00
strawberry 7328ed7509 rename misleading sender_servername to origin 
this is the X-Matrix origin/server, NOT the `"sender"``
user's server name.

Signed-off-by: strawberry <strawberry@puppygock.gay>
 2024-05-27 18:16:23 -04:00
strawberry 6269822613 actually fix all let_underscore_must_use lints 
CI caught some more

Signed-off-by: strawberry <strawberry@puppygock.gay>
 2024-05-25 22:28:43 -04:00
strawberry dc9fe657d5 fix guest accounts being logged still 
Signed-off-by: strawberry <strawberry@puppygock.gay>
 2024-05-25 22:28:43 -04:00
strawberry 1c7c5bc09c feat: add /_conduwuit/local_user_count endpoint 
only enabled if federation is enabled

Signed-off-by: strawberry <strawberry@puppygock.gay>
 2024-05-25 22:28:43 -04:00
strawberry 32161801ed use/enable let_underscore_must_use lint 
Signed-off-by: strawberry <strawberry@puppygock.gay>
 2024-05-25 22:28:43 -04:00
strawberry e098448b9d init a few vecs in event_handler using with_capacity 
Signed-off-by: strawberry <strawberry@puppygock.gay>
 2024-05-25 22:28:43 -04:00
strawberry cb73ae3732 add registration token validity endpoint as per matrix 1.2 
Signed-off-by: strawberry <strawberry@puppygock.gay>
 2024-05-25 22:28:43 -04:00
strawberry 06bec40591 fix: add missing fetch_required_signing_keys for remote send_leave 
Signed-off-by: strawberry <strawberry@puppygock.gay>
 2024-05-25 22:28:43 -04:00
strawberry 9a7ba94ccf explicity define unstable support for sliding sync 
this matrix-react-sdk PR (and the cited sliding sync MSC)
says that they will intend on checking sliding sync support
from this unstable feature flag at /versions until the CORS
header stuff is specced

https://github.com/matrix-org/matrix-react-sdk/pull/12498

Signed-off-by: strawberry <strawberry@puppygock.gay>
 2024-05-25 22:28:43 -04:00
Jason Volk 6c1434c165 Hot-Reloading Refactor 
Signed-off-by: Jason Volk <jason@zemos.net>
 2024-05-21 20:22:17 -04:00
Benjamin Lee 9eb0784f6f don't return extra member count or e2ee device updates from sync 
Previously, we were returning redundant member count updates or encrypted
device updates from the /sync endpoint in some cases. The extra member
count updates are spec-compliant, but unnecessary, while the extra
encrypted device updates violate the spec.

The refactor necessary to fix this bug is also necessary to support
filtering on state events in sync.

Details:

Joined room incremental sync needs to examine state events for four
purposes:

 1. determining whether we need to return an update to room member counts
 2. determining the set of left/joined devices for encrypted rooms
    (returned in `device_lists`)
 3. returning state events to the client (in `rooms.joined.*.state`)
 4. tracking which member events we have sent to the client, so they can
    be omitted on future requests when lazy-loading is enabled.

The state events that we need to examine for the first two cases is member
events in the delta between `since` and the end of `timeline`. For the
second two cases, we need the delta between `since` and the start of
`timeline`, plus contextual member events for any senders that occur in
`timeline`. The second list is subject to filtering, while the first is
not.

Before this change, we were using the same set of state events that we are
returning to the client (cases 3/4) to do the analysis for cases 1/2.
In a compliant implementation, this would result in us missing some
relevant member events in 1/2 in addition to seeing redundant member
events. In current conduwuit this is not the case because the set of
events that we return to the client is always a superset of the set that
is needed for cases 1/2. This is because we don't support filtering, and
we have an existing bug[1] where we are returning the delta between
`since` and the end of `timeline` rather than the start.

[1]: https://github.com/girlbossceo/conduwuit/issues/361

Fixing this is necessary to implement filtering because otherwise
we would start missing some member events for member count or encrypted
device updates if the relevant member events are rejected by the filter.
This would be much worse than our current behavior.
 2024-05-20 20:55:56 -04:00
Benjamin Lee 8bffcfe82b remove sync response cache 
This cache can serve invalid responses, and has an extremely low hit
rate.

It serves invalid responses because because it's only keyed off
the `since` parameter, but many of the other request parameters also
affect the response or it's side effects. This will become worse once we
implement filtering, because there will be a wider space of parameters
with different responses. This problem is fixable, but not worth it
because of the low hit rate.

The low hit rate is because normal clients will always issue the next
sync request with `since` set to the `prev_batch` value of the previous
response. The only time we expect to see multiple requests with the same
`since` is when the response is empty, but we don't cache empty
responses.

This was confirmed experimentally by logging cache hits and misses over
15 minutes with a wide variety of clients. This test was run on
matrix.computer.surgery, which has only a few active users, but a
large volume of sync traffic from many rooms. Over the test period, we
had 3 hits and 5309 misses. All hits occurred in the first minute, so I
suspect that they had something to do with client recovery from an
offline state. The clients that were connected during the test are:

 - element web
 - schildichat web
 - iamb
 - gomuks
 - nheko
 - fractal
 - fluffychat web
 - fluffychat android
 - cinny web
 - element android
 - element X android

Fixes: #336
 2024-05-17 18:13:11 -04:00
strawberry f5864afb52 remove namespace check on username login, code simplification on login route 
the namespace check on username login is unnecessary, hashes aren't ever
going to match, and axum auth handles this kind of stuff already

Signed-off-by: strawberry <strawberry@puppygock.gay>
 2024-05-15 14:31:35 -04:00
strawberry 434b5118cc media: return our detected MIME type for Content-Type 
Signed-off-by: strawberry <strawberry@puppygock.gay>
 2024-05-12 15:54:22 -04:00
morguldir 9f19a2025d Revert "feat(membership): check if user already has the membership that is requested to be set" 
This reverts commit 321a6ca0fe.

These checks were not working as intended, resulting in the unban button not working

The join check gets kept since it slightly reduces the amount of sent joins in some cases
This check will probably be replaced soon for a more universal solution to the "made no change" issue

Signed-off-by: morguldir <morguldir@protonmail.com>
 2024-05-10 22:52:44 -04:00
strawberry 328502c1cd dont send avatar url or display name for ban membership events 
the display name or avatar may be offensive

Signed-off-by: strawberry <strawberry@puppygock.gay>
 2024-05-09 17:44:15 -04:00
strawberry d15e461303 config option to auto-remediate bad users joining bad rooms or servers 
also forgets all rooms upon leave_all_rooms

Signed-off-by: strawberry <strawberry@puppygock.gay>
 2024-05-09 17:44:15 -04:00
strawberry 3504e6e724 fix broken reports 
Signed-off-by: strawberry <strawberry@puppygock.gay>
 2024-05-09 12:33:46 -04:00
strawberry 154b2ab490 media: additional sanitisation on the Content-Disposition filename 
Signed-off-by: strawberry <strawberry@puppygock.gay>
 2024-05-09 09:53:04 -04:00
strawberry 2231ccf118 return inline Content-Disposition based on the detected file type (e.g. image/video) 
Signed-off-by: strawberry <strawberry@puppygock.gay>
 2024-05-09 09:53:04 -04:00
strawberry d4d9f92ade add security response HTTP headers if not present 
Signed-off-by: strawberry <strawberry@puppygock.gay>
 2024-05-09 09:53:04 -04:00
strawberry 7b25ef2e6c make next_batch token a variable in search, revert threads_until change 
Signed-off-by: strawberry <strawberry@puppygock.gay>
 2024-05-06 03:45:10 -04:00
strawberry 321e197d8c correct arithmetic adjustments 
Signed-off-by: strawberry <strawberry@puppygock.gay>
 2024-05-06 03:45:10 -04:00
Xiretza bbdced9c90 Fix appservice namespace check for room aliases 
Only normal users should be prevented from creating an alias within an
exclusive namespace, not the appservice itself. This mirrors the
behaviour in api/client_server/room.rs on room creation.
 2024-05-06 03:45:10 -04:00
strawberry 0ebb323490 resolve almost all as_conversions lints 
may need further opinion from others on these

Signed-off-by: strawberry <strawberry@puppygock.gay>
 2024-05-06 03:45:10 -04:00
strawberry f8e1255994 presence: set empty string status msg to None 
Signed-off-by: strawberry <strawberry@puppygock.gay>
 2024-05-06 03:45:10 -04:00
strawberry b5c0c30a5e resolve half of the integer_arithmetic lints, couple misc changes 
Signed-off-by: strawberry <strawberry@puppygock.gay>
 2024-05-06 03:45:10 -04:00
strawberry bfb827a418 send Cache-Control and CORS header for remote thumbnail responses 
Signed-off-by: strawberry <strawberry@puppygock.gay>
 2024-05-05 16:28:21 -04:00
strawberry e2fb588a8c sent attachment content-disposition on thumbnails too 
Signed-off-by: strawberry <strawberry@puppygock.gay>
 2024-05-05 16:28:21 -04:00
strawberry 43c4dfc5df set content-disposition to attachment instead of inline 
Signed-off-by: strawberry <strawberry@puppygock.gay>
 2024-05-05 16:28:21 -04:00
strawberry de26bf22dc adjust a couple error codes for room alias getting 
Signed-off-by: strawberry <strawberry@puppygock.gay>
 2024-05-03 01:52:29 -04:00
strawberry 49078aa836 fix: get the presence of the requested user instead of ourselves 
after getting the shared rooms with the target user, we actually only
get the presence of ourselves instead of the requested user

Signed-off-by: strawberry <strawberry@puppygock.gay>
 2024-05-03 01:52:29 -04:00
strawberry a7f8c848aa refactor and simplify room creation route a bit 
removes a couple unnecessary checks, uses our room_id ruma request field

Signed-off-by: strawberry <strawberry@puppygock.gay>
 2024-05-03 01:52:29 -04:00
strawberry 0223386243 remove this unnecessary log, use debug_warn 
Signed-off-by: strawberry <strawberry@puppygock.gay>
 2024-05-03 01:52:29 -04:00
strawberry a496cc4705 dedupe version getting code, rename to CONDUWUIT_VERSION_EXTRA 
Signed-off-by: strawberry <strawberry@puppygock.gay>
 2024-05-03 01:52:29 -04:00
Charles Hall a01a7e1219 improve "Leave event has no state" log 
To include the user, room, and event ID.

Signed-off-by: strawberry <strawberry@puppygock.gay>
 2024-05-03 01:52:29 -04:00
strawberry 1464b30433 add workaround for room creation initial_state event content as {}, slight refactor 
this will simply skip over the events

Signed-off-by: strawberry <strawberry@puppygock.gay>
 2024-05-03 01:52:29 -04:00
strawberry f4a2b39d55 split up alias.rs a bit (alias checks and room alias server name stuff) 
Signed-off-by: strawberry <strawberry@puppygock.gay>
 2024-05-03 01:52:29 -04:00
strawberry e00b65b0e0 use ok_or_else instead of ok_or for backup.rs 
Signed-off-by: strawberry <strawberry@puppygock.gay>
 2024-05-03 01:52:29 -04:00
strawberry beeacd4ef1 initialise capabilities with default constructor 
Signed-off-by: strawberry <strawberry@puppygock.gay>
 2024-05-03 01:52:29 -04:00
strawberry e5735c81ed dedupe half of account/room data config.rs code 
Signed-off-by: strawberry <strawberry@puppygock.gay>
 2024-05-03 01:52:29 -04:00
strawberry b17ccdadd2 dedupe some code in state.rs 
Signed-off-by: strawberry <strawberry@puppygock.gay>
 2024-05-03 01:52:29 -04:00
strawberry 6021cb0a1f partially revert this 
Signed-off-by: strawberry <strawberry@puppygock.gay>
 2024-05-03 01:52:29 -04:00
strawberry 0b39bb813e tiny refactoring, split out report_event_route a bit 
Signed-off-by: strawberry <strawberry@puppygock.gay>
 2024-05-03 01:52:29 -04:00
strawberry ed86a4aa9e slight misc adjustments 
Signed-off-by: strawberry <strawberry@puppygock.gay>
 2024-05-03 01:52:29 -04:00
strawberry 76c5942b4f use user_is_local and server_is_ours more, remove few double filters 
Signed-off-by: strawberry <strawberry@puppygock.gay>
 2024-05-03 01:52:29 -04:00
strawberry 9931e60050 use single global function for server name local and user local checking 
Signed-off-by: strawberry <strawberry@puppygock.gay>
 2024-05-03 01:52:29 -04:00
strawberry 450f15df4f admin debug command to fetch a server's true destination 
Signed-off-by: strawberry <strawberry@puppygock.gay>
 2024-05-03 01:52:29 -04:00
Jason Volk a124122dd4 daily logging improvements 
Signed-off-by: Jason Volk <jason@zemos.net>
 2024-04-26 02:03:40 -04:00
Jason Volk 00ce43d739 remove redundant timers 
Signed-off-by: Jason Volk <jason@zemos.net>
 2024-04-26 02:03:40 -04:00
Jason Volk b01d25277d fix remote media error propagation 
Signed-off-by: Jason Volk <jason@zemos.net>
 2024-04-26 02:03:40 -04:00
Jason Volk b3984f5337 deduplicate cache control into constant 
Signed-off-by: Jason Volk <jason@zemos.net>
 2024-04-26 02:03:40 -04:00
Jason Volk 7e5ed199c9 deduplicate media handler bodies; minor reorg 
Signed-off-by: Jason Volk <jason@zemos.net>
 2024-04-26 02:03:40 -04:00
strawberry a81563244f restricted room join typo 
Signed-off-by: strawberry <strawberry@puppygock.gay>
 2024-04-26 02:03:40 -04:00
Jason Volk 15a990dc25 improve various logging 
Signed-off-by: Jason Volk <jason@zemos.net>
 2024-04-26 02:03:40 -04:00
strawberry 1b41e35f1d use HTTP 403 (forbidden) instead of HTTP 400 for membership failed auth checks 
Signed-off-by: strawberry <strawberry@puppygock.gay>
 2024-04-26 02:03:40 -04:00
strawberry eb10e7d39b fix(appservices): don't perform identity assertion when auth is optional 
Signed-off-by: strawberry <strawberry@puppygock.gay>
 2024-04-26 02:03:40 -04:00
strawberry 66bb88a03a make everything pub(crate) instead of pub 
conduwuit is not a library

Signed-off-by: strawberry <strawberry@puppygock.gay>
 2024-04-26 02:03:40 -04:00
strawberry 472c32f453 conduit "library" delete, resolve some warnings from that 
Signed-off-by: strawberry <strawberry@puppygock.gay>
 2024-04-26 02:03:40 -04:00
strawberry b8a748815a dont allow admin room to be made world readable 
Signed-off-by: strawberry <strawberry@puppygock.gay>
 2024-04-26 02:03:40 -04:00
strawberry acbe3bfbda use global valid_cidr_range everywhere else 
Signed-off-by: strawberry <strawberry@puppygock.gay>
 2024-04-26 02:03:40 -04:00
Jason Volk 22bebb9b74 various logging improvements. 
Signed-off-by: Jason Volk <jason@zemos.net>
 2024-04-26 02:03:40 -04:00
strawberry 93c3e6dec8 forgor is_err check too 
Signed-off-by: strawberry <strawberry@puppygock.gay>
 2024-04-26 02:03:40 -04:00
strawberry ebc59e6f15 some more room alias helper logging 
Signed-off-by: strawberry <strawberry@puppygock.gay>
 2024-04-26 02:03:40 -04:00
strawberry 5acb110f2b remove unnecessary continue 
Signed-off-by: strawberry <strawberry@puppygock.gay>
 2024-04-26 02:03:40 -04:00
strawberry 69968b94ea flip this 
Signed-off-by: strawberry <strawberry@puppygock.gay>
 2024-04-26 02:03:40 -04:00
strawberry 8a767c4b10 on room alias joins, attempt to find the room ID through *more* servers if available 
Signed-off-by: strawberry <strawberry@puppygock.gay>
 2024-04-26 02:03:40 -04:00
strawberry 8ad42a85ef dont eat the ?server_name= param for join room by ID or alias 
Signed-off-by: strawberry <strawberry@puppygock.gay>
 2024-04-26 02:03:40 -04:00
strawberry 19255c0c14 use max_request_size in axum.rs 
Signed-off-by: strawberry <strawberry@puppygock.gay>
 2024-04-26 02:03:40 -04:00
Jason Volk 05477150a2 Upgrade hyper/axum/tower/http stack. 
Signed-off-by: Jason Volk <jason@zemos.net>
 2024-04-26 02:03:40 -04:00
strawberry a3c53036d5 cargo fmt 
Signed-off-by: strawberry <strawberry@puppygock.gay>
 2024-04-26 02:03:40 -04:00
strawberry a64cbd0304 fix wrong warn message 
Signed-off-by: strawberry <strawberry@puppygock.gay>
 2024-04-26 02:03:40 -04:00
strawberry 7300103796 check if user is allowed to invite for restricted room join 
Signed-off-by: strawberry <strawberry@puppygock.gay>
 2024-04-17 14:51:08 -04:00
Matthias Ahouansou 19e4befcb8 feat(appservice): ensure users/aliases outside of namespaces are not accessed 
Signed-off-by: strawberry <strawberry@puppygock.gay>
 2024-04-17 14:51:08 -04:00
strawberry 641399e900 dont auto join rooms if registrations are from appservices 
Signed-off-by: strawberry <strawberry@puppygock.gay>
 2024-04-17 14:51:08 -04:00
strawberry c5c8934db7 default to shared room history visibility if invalid (per spec) 
Signed-off-by: strawberry <strawberry@puppygock.gay>
 2024-04-17 14:51:08 -04:00
Jason Volk 33cc3d56c1 lazy-construct presence; avoids useless db queries in sender and syncer. 
Signed-off-by: Jason Volk <jason@zemos.net>
 2024-04-17 14:51:08 -04:00
strawberry 97c63604fd "global" ACLs config option, block room directory requests to forbidden servers 
Signed-off-by: strawberry <strawberry@puppygock.gay>
 2024-04-17 14:51:08 -04:00
Matthias Ahouansou 59be0b3ddc sync upstream token/appservice auth code 
Signed-off-by: strawberry <strawberry@puppygock.gay>
 2024-04-17 14:51:08 -04:00
strawberry 527a5cbd73 don't allow moderators dangerous permissions, fix pl 100 state_default 
Signed-off-by: strawberry <strawberry@puppygock.gay>
 2024-04-14 23:05:26 -04:00
strawberry d1c139de26 add config option for url_preview_domain_explicit_denylist 
Signed-off-by: strawberry <strawberry@puppygock.gay>
 2024-04-14 22:35:23 -04:00
Jason Volk cdb2dff7dd federation incoming logging/tracing related 
Signed-off-by: Jason Volk <jason@zemos.net>
 2024-04-14 22:35:23 -04:00
Jason Volk dba0575e75 some optimizations to get_auth_chain() 
Signed-off-by: Jason Volk <jason@zemos.net>
 2024-04-14 22:35:23 -04:00
Jason Volk c4ebc2f1d1 fix double-deserialization in federation transaction handler. 
Signed-off-by: Jason Volk <jason@zemos.net>
 2024-04-14 22:35:23 -04:00
strawberry 878dcd71bb fix invalid database code for servers_invite_via 
Signed-off-by: strawberry <strawberry@puppygock.gay>
 2024-04-14 22:35:23 -04:00
strawberry 59ba3e3190 only allow admins to send room state events by default (e.g. ACLs) 
Signed-off-by: strawberry <strawberry@puppygock.gay>
 2024-04-14 22:35:23 -04:00
strawberry 27f8c5b63d don't debug log device display name for guest registrations 
Signed-off-by: strawberry <strawberry@puppygock.gay>
 2024-04-14 22:35:23 -04:00
strawberry eceef5efa2 add config option for allowing guests to auto join rooms 
Signed-off-by: strawberry <strawberry@puppygock.gay>
 2024-04-14 22:35:23 -04:00
strawberry d95c02f575 add config option for logging guest regs in admin room 
Signed-off-by: strawberry <strawberry@puppygock.gay>
 2024-04-14 22:35:23 -04:00
strawberry f263630ac1 fix: use path_and_query() for "uri" in request_map for signatures 
resolves X-Matrix signatures being invalid in some edge-cases,
and fixes Complement/Sytest federation tests

Signed-off-by: strawberry <strawberry@puppygock.gay>
 2024-04-14 22:35:23 -04:00
strawberry 168858c8de port room directory auth to new auth stuff 
Signed-off-by: strawberry <strawberry@puppygock.gay>
 2024-04-14 22:35:23 -04:00
Matthias Ahouansou a0b65eda1e merge the huge authentication MR mess (reject requests with authentication when not used) 
and (fix: allow invalid auth when no auth is required)

Signed-off-by: strawberry <strawberry@puppygock.gay>
 2024-04-14 22:35:23 -04:00
Matthias Ahouansou 8eda3be9ce disable federation at the router level too 
Signed-off-by: strawberry <strawberry@puppygock.gay>
 2024-04-14 22:35:23 -04:00
strawberry 0d21d70d4a remove two unnecessary matches 
Signed-off-by: strawberry <strawberry@puppygock.gay>
 2024-04-14 22:35:23 -04:00
strawberry e5307d44ca log error for /publicRooms requests, simplify it a bit 
Signed-off-by: strawberry <strawberry@puppygock.gay>
 2024-04-14 22:35:23 -04:00
Matthias Ahouansou 2d4877f9a5 feat(federation): implement /make_leave and /send_leave 
also fixed some clippy lints, and added "event_id" field
removal check for room v1 and 2

Signed-off-by: strawberry <strawberry@puppygock.gay>
 2024-04-14 22:35:23 -04:00
strawberry bfa68e7bc5 refactor well-known stuff to use proper ruma types, config types, etc 
this does deprecate the original `well_known_` prefixed config options
with a dedicated/proper config sub-block (`[config.well_known]`)

Signed-off-by: strawberry <strawberry@puppygock.gay>
 2024-04-14 22:35:23 -04:00
strawberry 993c0102d9 add unstable support for MSC4125 
from https://gitlab.com/famedly/conduit/-/merge_requests/626 with code fixes and clippy lint fixes

MSC4125: https://github.com/matrix-org/matrix-spec-proposals/pull/4125

Co-authored-by: Matthias Ahouansou <matthias@ahouansou.cz>
Signed-off-by: strawberry <strawberry@puppygock.gay>
 2024-04-14 22:35:23 -04:00
Jason Volk 2cc72de80e fix lossy origin regression 12a8c9badd 
Signed-off-by: Jason Volk <jason@zemos.net>
 2024-04-09 15:26:45 -04:00
strawberry 839a89c968 remove some unnecessary loops 
Signed-off-by: strawberry <strawberry@puppygock.gay>
 2024-04-09 15:26:45 -04:00
strawberry 40596634c4 respond with actual servers for /_matrix/federation/v1/query/directory requests instead of just us 
aka be spec compliant

Signed-off-by: strawberry <strawberry@puppygock.gay>
 2024-04-09 15:26:45 -04:00
strawberry 973fed155e config option to allow/disallow federation profile requests 
allow_profile_lookup_federation_requests

Signed-off-by: strawberry <strawberry@puppygock.gay>
 2024-04-09 15:26:45 -04:00
strawberry 85814e96e3 implement unstable MSC2666 support for querying mutual rooms 
https://github.com/matrix-org/matrix-spec-proposals/pull/2666

Signed-off-by: strawberry <strawberry@puppygock.gay>
 2024-04-09 15:26:45 -04:00
strawberry 9be072181c remove unneeded url preview function 
Signed-off-by: strawberry <strawberry@puppygock.gay>
 2024-04-09 15:26:45 -04:00
strawberry c82c548cbf bump ruma and cargo.lock 
Signed-off-by: strawberry <strawberry@puppygock.gay>
 2024-04-09 15:26:45 -04:00
strawberry 39946beda8 add server-side support for /.well-known/matrix/support 
Signed-off-by: strawberry <strawberry@puppygock.gay>
 2024-04-09 15:26:45 -04:00
Matthias Ahouansou c946352e7f fix(sync): send phoney leave event where room state is unknown on invite rejection 
Signed-off-by: strawberry <strawberry@puppygock.gay>
 2024-04-09 15:26:45 -04:00
Matthias Ahouansou 3b5794b5bd fix(membership): check if server is in room to decide whether to do remote leaves 
Signed-off-by: strawberry <strawberry@puppygock.gay>
 2024-04-09 15:26:45 -04:00
Matthias Ahouansou 6078b5ee9d fixup! feat: support /make_join and /send_join for restricted rooms 
Signed-off-by: strawberry <strawberry@puppygock.gay>
 2024-04-09 15:26:45 -04:00
strawberry 2516d44cb1 dont 404 and respond+update with default push rules if non-existent 
Signed-off-by: strawberry <strawberry@puppygock.gay>
 2024-04-05 22:15:16 -04:00
strawberry e4a987cf80 bump ruma and declare support for unstable MSC3026 (busy presence state) 
a938640491

Signed-off-by: strawberry <strawberry@puppygock.gay>
 2024-04-05 22:15:16 -04:00
strawberry db8e7e5382 TEMP: remove user_is_invited stuff 
this is clearly unfinished right now

Signed-off-by: strawberry <strawberry@puppygock.gay>
 2024-04-05 22:15:16 -04:00
Matthias Ahouansou 321a6ca0fe feat(membership): check if user already has the membership that is requested to be set 
Signed-off-by: strawberry <strawberry@puppygock.gay>
 2024-04-05 22:15:16 -04:00
Jason Volk ebb71b7d7c add contains_url filter to /messages; also split out visibility filter. 
Signed-off-by: Jason Volk <jason@zemos.net>
 2024-04-05 22:15:16 -04:00
Jason Volk cde06125b8 immutable cache-control for media 
Signed-off-by: Jason Volk <jason@zemos.net>
 2024-04-05 22:15:16 -04:00
Jason Volk ca1c77d76b refactor presence to not involve rooms. 
Signed-off-by: Jason Volk <jason@zemos.net>
 2024-04-05 22:15:16 -04:00
Matthias Ahouansou 5c30d2b2b0 fix(membership): perform stricter checks when choosing an authorized user 
Signed-off-by: strawberry <strawberry@puppygock.gay>
 2024-04-05 22:15:16 -04:00
Matthias Ahouansou 68e64392f0 fix(membership): remove join_authorized_via_users_server field on state update 
Signed-off-by: strawberry <strawberry@puppygock.gay>
 2024-04-05 22:15:16 -04:00
strawberry c803891634 better event_type checks for send_state_event_for_key_helper 
Signed-off-by: strawberry <strawberry@puppygock.gay>
 2024-04-05 22:15:16 -04:00
strawberry 0214caeaea always allow count to be filled in search response 
i fail to see any reason why we would always want
this to be None

Signed-off-by: strawberry <strawberry@puppygock.gay>
 2024-04-05 22:15:16 -04:00
strawberry a2ee6b410e add another element_hacks feature check 
Signed-off-by: strawberry <strawberry@puppygock.gay>
 2024-04-05 22:15:16 -04:00
strawberry ab0182ace4 check if user is allowed to invite for join_authorized_via_users_server in join_room_by_id_helper 
Signed-off-by: strawberry <strawberry@puppygock.gay>
 2024-04-05 22:15:16 -04:00
strawberry ddcf43f1b8 replace ErrorKind::Forbidden with forbidden() non-exhaustive constructor 
917584e0ca

Signed-off-by: strawberry <strawberry@puppygock.gay>
 2024-04-05 22:15:16 -04:00
Matthias Ahouansou 49eb418786 feat: support /make_join and /send_join for restricted rooms 
from https://gitlab.com/famedly/conduit/-/merge_requests/618

Signed-off-by: strawberry <strawberry@puppygock.gay>
 2024-04-05 22:15:16 -04:00
Matthias Ahouansou ed960f41ac feat: recurse relationships (and fix some lints) 
from https://gitlab.com/famedly/conduit/-/merge_requests/613

Signed-off-by: strawberry <strawberry@puppygock.gay>
 2024-04-05 22:15:16 -04:00
K900 8134dd9151 Reduce number of separate sources of truth for presence disabled-ness 
Instead of checking if we should update every time we want to update,
call the updater every time and decide internally.
 2024-04-03 12:52:46 -04:00
Matthias Ahouansou c31fb7134a fix: do not expect that all http requests are valid reqwest requests 
Signed-off-by: strawberry <strawberry@puppygock.gay>
 2024-04-02 00:32:41 -04:00
Jason Volk 0ba8d1318d move presence up two levels out of rooms.edus and rooms. 
Signed-off-by: Jason Volk <jason@zemos.net>
 2024-04-02 00:32:41 -04:00
Jason Volk 9790477b0e move typing feature up one level out of rooms.edus. 
Signed-off-by: Jason Volk <jason@zemos.net>
 2024-04-02 00:32:41 -04:00
Jason Volk 89a919ce75 move read_receipt feature up one level out of rooms.edus. 
Signed-off-by: Jason Volk <jason@zemos.net>
 2024-04-02 00:32:41 -04:00
Jason Volk 3c09313f79 move and reorganize sending codepaths; no functional changes 
Signed-off-by: Jason Volk <jason@zemos.net>
 2024-04-02 00:32:41 -04:00
strawberry fec4b3c953 delete conduit_bin feature 
i dont know what's the point of this

Signed-off-by: strawberry <strawberry@puppygock.gay>
 2024-04-02 00:32:41 -04:00
strawberry a0ad911688 stop sending make_join requests after 50 failures 
this is a very generous number

Signed-off-by: strawberry <strawberry@puppygock.gay>
 2024-04-02 00:32:41 -04:00
strawberry af6c72fa84 stop sending make_join if 15 servers responded with unsupported/invalid room version 
Signed-off-by: strawberry <strawberry@puppygock.gay>
 2024-04-02 00:32:41 -04:00
Matthias Ahouansou c61aee4f1c fix: reject /register requests when there is no token and the type is appservice 
Signed-off-by: strawberry <strawberry@puppygock.gay>
 2024-04-02 00:32:41 -04:00
strawberry 7a1a271518 dont allow m.call.invite timeline events in public rooms 
also simplifies the encrypted event check (we dont
need to convert anything here)

Signed-off-by: strawberry <strawberry@puppygock.gay>
 2024-04-02 00:32:41 -04:00
strawberry ff3bc3fb09 on new room creations: only allow moderators to call public rooms 
Signed-off-by: strawberry <strawberry@puppygock.gay>
 2024-04-02 00:32:41 -04:00
strawberry 72b60c4770 add lockdown_public_room_directory config option 
Signed-off-by: strawberry <strawberry@puppygock.gay>
 2024-04-02 00:32:41 -04:00
Jason Volk 18c34434bc add outgoing federation typing and conf items 
Signed-off-by: Jason Volk <jason@zemos.net>
 2024-03-30 22:06:18 -04:00
Jason Volk 4becbed2a7 refactor sending interface stack 
Signed-off-by: Jason Volk <jason@zemos.net>
 2024-03-30 22:06:18 -04:00
Jason Volk f956e8c3b5 move and deduplicate read receipt flusher. 
Signed-off-by: Jason Volk <jason@zemos.net>
 2024-03-30 22:06:18 -04:00
strawberry b36c397702 mark msc2285 (private read receipts) as supported 
Signed-off-by: strawberry <strawberry@puppygock.gay>
 2024-03-30 22:06:18 -04:00
strawberry 60623cd14b dont return bad_config for private room directory requests 
this would log as an error and as HTTP 500

Signed-off-by: strawberry <strawberry@puppygock.gay>
 2024-03-30 22:06:18 -04:00