Commit graph

249 commits

Author SHA1 Message Date
sininenkissa e71855cd0b
make conduwuit show up as the server software name on /_matrix/federation/v1/version (#186)
conduwuit > /_matrix/federation/v1/version

Co-authored-by: June <june@girlboss.ceo>
2024-03-01 19:29:21 -05:00
Timo Kösters f0ae99125a fix: avoid panic when client is confused about rooms 2024-02-28 13:56:19 -05:00
Timo Kösters 8e0f7b0d0a Avoid federation when it is not necessary 2024-02-28 13:56:19 -05:00
strawberry 24625e9659 resolve nightly rust warnings
Signed-off-by: strawberry <strawberry@puppygock.gay>
2024-02-26 00:40:15 -05:00
strawberry ca42ec338b replace accidental unwraps with if let's
this provides not only some future compatibility with MSC4051,
but it just makes sense to not crash/error if we can't get a server_name
from the room ID and should just use the server_name from the sender
user's invite event. there is already code ahead that accounts for
an empty vector so this is safe.

Signed-off-by: strawberry <strawberry@puppygock.gay>
2024-02-24 13:04:13 -05:00
strawberry 1ecad225be feat: custom text for user displayname suffix upon registration
replaces the lightning bolt emoji option with support for
your own text or emojis

Signed-off-by: strawberry <strawberry@puppygock.gay>
2024-02-24 13:04:13 -05:00
strawberry c9364dc077 dont evict admins from room, allow admins to join banned rooms
Signed-off-by: strawberry <strawberry@puppygock.gay>
2024-02-20 07:06:57 -05:00
strawberry ed0c8e86f7 initial implementation of banning room IDs
takes a full room ID, evicts all our users from that room,
adds room ID to banned room IDs metadata db table, and
forbids any new local users from attempting to join it.

Signed-off-by: strawberry <strawberry@puppygock.gay>
2024-02-20 07:06:57 -05:00
strawberry a92f291bbf feat: query param to return full state event or event content
query parameter `?format=event|content`

defaults to normal behaviour which is the event's content.

ruma impl: 788ea6b00f

Signed-off-by: strawberry <strawberry@puppygock.gay>
2024-02-20 07:06:57 -05:00
strawberry a0205cd41d implement deprecated user field for login requests
Signed-off-by: strawberry <strawberry@puppygock.gay>
2024-02-20 07:06:57 -05:00
strawberry 0ea8657070 default to Undefined if room avatar URL was not found despite checking if its Some
Signed-off-by: strawberry <strawberry@puppygock.gay>
2024-02-11 21:56:55 -05:00
strawberry 244c1f7190 config option to check root domain with URL previews
Signed-off-by: strawberry <strawberry@puppygock.gay>
2024-02-11 21:56:55 -05:00
strawberry 48e4b71dd1 remove hardcoded 300kb limit on spider size with config option of 1MB default
modern websites are sadly massive, 300kb is pretty low. 1MB should be enough.

Signed-off-by: strawberry <strawberry@puppygock.gay>
2024-02-11 21:56:55 -05:00
strawberry 2ea895199a dont drop true error with url str parse, fix url contains logic order, clarify config comment
Signed-off-by: strawberry <strawberry@puppygock.gay>
2024-02-11 21:56:55 -05:00
strawberry 8e6d52e7dd dont follow more than 2 redirects for URL previews for security reasons
Signed-off-by: strawberry <strawberry@puppygock.gay>
2024-02-11 21:56:55 -05:00
Reiner Herrmann c0dd5b1cc2 feat: URL preview support
from upstream MR https://gitlab.com/famedly/conduit/-/merge_requests/347
with the following changes (so far):
- remove hardcoded list of allowed hosts (strongly disagree with this,
even if it is desired, it should not be harcoded)
- add more allow config options for granularity via URL contains,
host contains, and domain is (explicit match) for security
- warn if a user is allowing all URLs to be previewed for security reasons
- replace an expect with proper error handling
- bump webpage to 2.0
- improved code style a tad

Co-authored-by: rooot <hey@rooot.gay>
Signed-off-by: rooot <hey@rooot.gay>
Signed-off-by: strawberry <strawberry@puppygock.gay>
2024-02-11 21:56:55 -05:00
strawberry 6f26be1c6e eat less /ban endpoint fields, fix ban reason not consistently applied
Signed-off-by: strawberry <strawberry@puppygock.gay>
2024-02-11 21:56:55 -05:00
strawberry d4d8c6eb21 check if custom room ID is apart of forbidden room alias
Signed-off-by: strawberry <strawberry@puppygock.gay>
2024-02-11 21:56:55 -05:00
Matthias Ahouansou fc93b29abe feat: forbid certain usernames & room aliases
squashed from https://gitlab.com/famedly/conduit/-/merge_requests/582

Signed-off-by: strawberry <strawberry@puppygock.gay>
2024-02-11 21:56:55 -05:00
Matthias Ahouansou 784d307425 revamp appservice registration to ruma's Registration type
squashed from https://gitlab.com/famedly/conduit/-/merge_requests/583

Signed-off-by: strawberry <strawberry@puppygock.gay>
2024-02-11 21:56:55 -05:00
strawberry 4ac568769b improvement: registration token now only works when registration is enabled
Co-authored-by: Timo Kösters <timo@koesters.xyz>
Signed-off-by: strawberry <strawberry@puppygock.gay>
2024-01-25 19:28:33 -05:00
strawberry 0e8267656f fix room ID messages, remove comments
Signed-off-by: strawberry <strawberry@puppygock.gay>
2024-01-25 19:28:33 -05:00
strawberry 08a183e8c7 assume well-known is None if text length exceeds 10000 chars
Signed-off-by: strawberry <strawberry@puppygock.gay>
2024-01-25 19:28:33 -05:00
strawberry 1536f08d81 use both is_ip_literal and IPAddress is_valid checks
Signed-off-by: strawberry <strawberry@puppygock.gay>
2024-01-25 19:28:33 -05:00
strawberry 9858b33b37 just remove double quotes if found instead
Signed-off-by: strawberry <strawberry@puppygock.gay>
2024-01-25 19:28:33 -05:00
strawberry e0419d9c5d custom room ID checks, dont use format! macro due to quotes being added
Signed-off-by: strawberry <strawberry@puppygock.gay>
2024-01-25 19:28:33 -05:00
strawberry 7eff572e77 check if room ID already exists instead of erroring on auth check
Signed-off-by: strawberry <strawberry@puppygock.gay>
2024-01-25 19:28:33 -05:00
strawberry 8754f0e2a5 additional character check on room alias
Signed-off-by: strawberry <strawberry@puppygock.gay>
2024-01-25 19:28:33 -05:00
strawberry 89d9cdeb3a IP range denylist logging, and fix logic error
Signed-off-by: strawberry <strawberry@puppygock.gay>
2024-01-25 19:28:33 -05:00
strawberry 382347353e add custom room ID support using room_id field
Signed-off-by: strawberry <strawberry@puppygock.gay>
2024-01-25 19:28:33 -05:00
strawberry 2980af6490 move room creation config check higher up
dont bother wasting resources if we know we
arent even allowed to make the room to begin with

Signed-off-by: strawberry <strawberry@puppygock.gay>
2024-01-25 19:28:33 -05:00
strawberry ead9a58dce dont crash failing to deserialise room creation content
Signed-off-by: strawberry <strawberry@puppygock.gay>
2024-01-25 19:28:33 -05:00
strawberry 3453dcc344 add error checking to room aliases
length, colon, and spaces. also dont crash.

Signed-off-by: strawberry <strawberry@puppygock.gay>
2024-01-25 19:28:33 -05:00
strawberry 6c1358d0c8 send home_server on login response again
a 6+ year old deprecated field that isnt even spelled
right, and no clients use it must still be sent
according to spec

Signed-off-by: strawberry <strawberry@puppygock.gay>
2024-01-25 19:28:33 -05:00
strawberry fa0c083555 don't send requests to specified list of IP CIDRs
this can most definitely be improved but this is a decent attempt.
the only annoying this is i couldn't just use a Vec<IPAddress> which
would have significantly simplified all of this, but serde can't
deserialise it on the config side i guess.

i may find a better way to do this in the future, but this should cover
most areas anyways.

Signed-off-by: strawberry <strawberry@puppygock.gay>
2024-01-25 19:28:33 -05:00
strawberry 71d247232d oops forgot that endpoint too
Signed-off-by: strawberry <strawberry@puppygock.gay>
2024-01-25 19:28:33 -05:00
strawberry 6c75087863 eat less of client parameters for media requests
still cantt respect allow_redirect yet

Signed-off-by: strawberry <strawberry@puppygock.gay>
2024-01-25 19:28:33 -05:00
strawberry ab6cb4ad2d switch back to expect for sender_user
as far as i can tell, it will return a normal
error in the auth token handling code so this is fine.
we also shouldnt assume all errors from this are
access_token related.

Signed-off-by: strawberry <strawberry@puppygock.gay>
2024-01-25 19:28:33 -05:00
strawberry 02bc818633 match explicit URI to see if we should authenticate the user
first attempt at forcing an endpoint to be authenticated

Signed-off-by: strawberry <strawberry@puppygock.gay>
2024-01-25 19:28:33 -05:00
strawberry 9d0c85ab17 use ruma JsOption, bump figment
Signed-off-by: strawberry <strawberry@puppygock.gay>
2024-01-25 19:28:33 -05:00
strawberry 34bac4d1d9 support sending well_known client response in /login using well_known_client
Signed-off-by: strawberry <strawberry@puppygock.gay>
2024-01-25 19:28:33 -05:00
strawberry cf62cb0d0a send avatar_url on invite member events like synapse
Signed-off-by: strawberry <strawberry@puppygock.gay>
2024-01-25 19:28:33 -05:00
strawberry f275a0dfbe fix obvious copy-paste error
Signed-off-by: strawberry <strawberry@puppygock.gay>
2024-01-25 19:28:33 -05:00
strawberry 6ffc54e241 support blocking servers from fetching remote media from
akin to synapse's `prevent_media_downloads_from`

Signed-off-by: strawberry <strawberry@puppygock.gay>
2024-01-17 23:57:45 -05:00
strawberry 1a06c8c9d3 more error checking for deserialising events and canonical JSON
Signed-off-by: strawberry <strawberry@puppygock.gay>
2024-01-17 23:57:45 -05:00
strawberry 3ffca25f6f update few endpoint docs versions
Signed-off-by: strawberry <strawberry@puppygock.gay>
2024-01-17 23:57:45 -05:00
strawberry 2bbc75d68e why did i have to run cargo fmt twice
Signed-off-by: strawberry <strawberry@puppygock.gay>
2024-01-17 14:26:26 -05:00
strawberry 40f5345586 fix formatting and links of user reports more
Signed-off-by: strawberry <strawberry@puppygock.gay>
2024-01-17 14:26:26 -05:00
strawberry e944ed5eb4 fix /report endpoint a lot
in short, the `/report` endpoint now checks if:
- the reporting room in the URI matches the PDU/event reported
- sender user is in the room reported
- raises report reasoning to 750 characters (spec doesn't say to limit
these, but thorough and informative reports for server admins are not
a bad thing)
- (hopefully) fixes some broken formatting
- add a random short delay before sending a successful response to the
client to make it more annoying to enumerate for events on our server
(security by obscurity but spec suggests it)

basically, secure reports better lol

see https://spec.matrix.org/v1.9/client-server-api/#post_matrixclientv3roomsroomidreporteventid

Signed-off-by: strawberry <strawberry@puppygock.gay>
2024-01-17 14:26:26 -05:00
strawberry 7eb57a9fd5 explicitly fallback to None for invalid/empty room topics
Signed-off-by: strawberry <strawberry@puppygock.gay>
2024-01-17 14:26:26 -05:00