feat: Allow controlling client message filtering

2025-04-24 00:40:36 +01:00 · 2025-04-24 00:40:36 +01:00 · 0c5e4fdc20
commit 0c5e4fdc20
parent 2c043cfabf
4 changed files with 91 additions and 31 deletions
--- a/conduwuit-example.toml
+++ b/conduwuit-example.toml
@ -1182,23 +1182,13 @@
 #
 #prune_missing_media = false
 # Vector list of regex patterns of server names that conduwuit will refuse
 # to download remote media from.
 #
 # example: ["badserver\.tld$", "badphrase", "19dollarfortnitecards"]
 #
 #prevent_media_downloads_from = []
 # List of forbidden server names via regex patterns that we will block
 # incoming AND outgoing federation with, and block client room joins /
 # remote user invites.
 #
 # Additionally, it will hide messages from these servers for all users
 # on this server.
 #
 # Note that your messages can still make it to forbidden servers through
-# backfilling. Events we receive from forbidden servers via backfill will
+# backfilling. Events we receive from forbidden servers via backfill
-# be stored in the database, but will not be sent to the client.
+# from servers we *do* federate with will be stored in the database.
 #
 # This check is applied on the room ID, room alias, sender server name,
 # sender user's server name, inbound federation X-Matrix origin, and
@ -1220,6 +1210,13 @@
 #
 #allowed_remote_server_names = []
 # Vector list of regex patterns of server names that conduwuit will refuse
 # to download remote media from.
 #
 # example: ["badserver\.tld$", "badphrase", "19dollarfortnitecards"]
 #
 #prevent_media_downloads_from = []
 # List of forbidden server names via regex patterns that we will block all
 # outgoing federated room directory requests for. Useful for preventing
 # our users from wandering into bad servers or spaces.
@ -1228,6 +1225,29 @@
 #
 #forbidden_remote_room_directory_server_names = []
 # Vector list of regex patterns of server names that conduwuit will not
 # send messages to the client from.
 #
 # Note that there is no way for clients to receive messages once a server
 # has become unignored without doing a full sync. This is a protocol
 # limitation with the current sync protocols. This means this is somewhat
 # of a nuclear option.
 #
 # example: ["reallybadserver\.tld$", "reallybadphrase",
 # "69dollarfortnitecards"]
 #
 #ignore_messages_from_server_names = []
 # Send messages from users that the user has ignored to the client.
 #
 # There is no way for clients to receive messages sent while a user was
 # ignored without doing a full sync. This is a protocol limitation with
 # the current sync protocols. Disabling this option will move
 # responsibility of ignoring messages to the client, which can avoid this
 # limitation.
 #
 #send_messages_from_ignored_users_to_client = false
 # Vector list of IPv4 and IPv6 CIDR ranges / subnets *in quotes* that you
 # do not want conduwuit to send outbound requests to. Defaults to
 # RFC1918, unroutable, loopback, multicast, and testnet addresses for
--- a/src/api/client/message.rs
+++ b/src/api/client/message.rs
@ -275,10 +275,12 @@ pub(crate) async fn is_ignored_pdu(
 	let ignored_server = services
 		.moderation
-		.is_remote_server_forbidden(pdu.sender().server_name());
+		.is_remote_server_ignored(pdu.sender().server_name());
 	if ignored_type
-		&& (ignored_server || services.users.user_is_ignored(&pdu.sender, user_id).await)
+		&& (ignored_server
 			|| (!services.config.send_messages_from_ignored_users_to_client
 				&& services.users.user_is_ignored(&pdu.sender, user_id).await))
 	{
 		return true;
 	}
--- a/src/core/config/mod.rs
+++ b/src/core/config/mod.rs
@ -1359,25 +1359,13 @@ pub struct Config {
 	#[serde(default)]
 	pub prune_missing_media: bool,
 	/// Vector list of regex patterns of server names that conduwuit will refuse
 	/// to download remote media from.
 	///
 	/// example: ["badserver\.tld$", "badphrase", "19dollarfortnitecards"]
 	///
 	/// default: []
 	#[serde(default, with = "serde_regex")]
 	pub prevent_media_downloads_from: RegexSet,
 	/// List of forbidden server names via regex patterns that we will block
 	/// incoming AND outgoing federation with, and block client room joins /
 	/// remote user invites.
 	///
 	/// Additionally, it will hide messages from these servers for all users
 	/// on this server.
 	///
 	/// Note that your messages can still make it to forbidden servers through
-	/// backfilling. Events we receive from forbidden servers via backfill will
+	/// backfilling. Events we receive from forbidden servers via backfill
-	/// be stored in the database, but will not be sent to the client.
+	/// from servers we *do* federate with will be stored in the database.
 	///
 	/// This check is applied on the room ID, room alias, sender server name,
 	/// sender user's server name, inbound federation X-Matrix origin, and
@ -1403,6 +1391,15 @@ pub struct Config {
 	#[serde(default, with = "serde_regex")]
 	pub allowed_remote_server_names: RegexSet,
 	/// Vector list of regex patterns of server names that conduwuit will refuse
 	/// to download remote media from.
 	///
 	/// example: ["badserver\.tld$", "badphrase", "19dollarfortnitecards"]
 	///
 	/// default: []
 	#[serde(default, with = "serde_regex")]
 	pub prevent_media_downloads_from: RegexSet,
 	/// List of forbidden server names via regex patterns that we will block all
 	/// outgoing federated room directory requests for. Useful for preventing
 	/// our users from wandering into bad servers or spaces.
@ -1413,6 +1410,31 @@ pub struct Config {
 	#[serde(default, with = "serde_regex")]
 	pub forbidden_remote_room_directory_server_names: RegexSet,
 	/// Vector list of regex patterns of server names that conduwuit will not
 	/// send messages to the client from.
 	///
 	/// Note that there is no way for clients to receive messages once a server
 	/// has become unignored without doing a full sync. This is a protocol
 	/// limitation with the current sync protocols. This means this is somewhat
 	/// of a nuclear option.
 	///
 	/// example: ["reallybadserver\.tld$", "reallybadphrase",
 	/// "69dollarfortnitecards"]
 	///
 	/// default: []
 	#[serde(default, with = "serde_regex")]
 	pub ignore_messages_from_server_names: RegexSet,
 	/// Send messages from users that the user has ignored to the client.
 	///
 	/// There is no way for clients to receive messages sent while a user was
 	/// ignored without doing a full sync. This is a protocol limitation with
 	/// the current sync protocols. Disabling this option will move
 	/// responsibility of ignoring messages to the client, which can avoid this
 	/// limitation.
 	#[serde(default)]
 	pub send_messages_from_ignored_users_to_client: bool,
 	/// Vector list of IPv4 and IPv6 CIDR ranges / subnets *in quotes* that you
 	/// do not want conduwuit to send outbound requests to. Defaults to
 	/// RFC1918, unroutable, loopback, multicast, and testnet addresses for
--- a/src/service/moderation.rs
+++ b/src/service/moderation.rs
@ -10,14 +10,16 @@ pub struct Service {
 }
 struct Services {
-	pub config: Dep<config::Service>
+	// pub server: Arc<Server>,
 	pub config: Dep<config::Service>,
 }
 impl crate::Service for Service {
 	fn build(args: crate::Args<'_>) -> Result<Arc<Self>> {
 		Ok(Arc::new(Self {
 			services: Services {
-				config: args.depend::<config::Service>("config")
+				// server: args.server.clone(),
 				config: args.depend::<config::Service>("config"),
 			},
 		}))
 	}
@ -25,6 +27,20 @@ impl crate::Service for Service {
 	fn name(&self) -> &str { crate::service::make_name(std::module_path!()) }
 }
 #[implement(Service)]
 #[must_use]
 pub fn is_remote_server_ignored(&self, server_name: &ServerName) -> bool {
 	// We must never block federating with ourselves
 	if server_name == self.services.config.server_name {
 		return false;
 	}
 	self.services
 		.config
 		.ignore_messages_from_server_names
 		.is_match(server_name.host())
 }
 #[implement(Service)]
 #[must_use]
 pub fn is_remote_server_forbidden(&self, server_name: &ServerName) -> bool {