feat: Allow controlling client message filtering

2025-04-24 00:40:36 +01:00 · 2025-04-24 00:40:36 +01:00 · 0c5e4fdc20
commit 0c5e4fdc20
parent 2c043cfabf
4 changed files with 91 additions and 31 deletions
--- a/conduwuit-example.toml
+++ b/conduwuit-example.toml
@ -1182,23 +1182,13 @@
 #
 #prune_missing_media = false

-# Vector list of regex patterns of server names that conduwuit will refuse
-# to download remote media from.
-#
-# example: ["badserver\.tld$", "badphrase", "19dollarfortnitecards"]
-#
-#prevent_media_downloads_from = []
-
 # List of forbidden server names via regex patterns that we will block
 # incoming AND outgoing federation with, and block client room joins /
 # remote user invites.
 #
-# Additionally, it will hide messages from these servers for all users
-# on this server.
-#
 # Note that your messages can still make it to forbidden servers through
-# backfilling. Events we receive from forbidden servers via backfill will
-# be stored in the database, but will not be sent to the client.
+# backfilling. Events we receive from forbidden servers via backfill
+# from servers we *do* federate with will be stored in the database.
 #
 # This check is applied on the room ID, room alias, sender server name,
 # sender user's server name, inbound federation X-Matrix origin, and
@ -1220,6 +1210,13 @@
 #
 #allowed_remote_server_names = []

+# Vector list of regex patterns of server names that conduwuit will refuse
+# to download remote media from.
+#
+# example: ["badserver\.tld$", "badphrase", "19dollarfortnitecards"]
+#
+#prevent_media_downloads_from = []
+
 # List of forbidden server names via regex patterns that we will block all
 # outgoing federated room directory requests for. Useful for preventing
 # our users from wandering into bad servers or spaces.
@ -1228,6 +1225,29 @@
 #
 #forbidden_remote_room_directory_server_names = []

+# Vector list of regex patterns of server names that conduwuit will not
+# send messages to the client from.
+#
+# Note that there is no way for clients to receive messages once a server
+# has become unignored without doing a full sync. This is a protocol
+# limitation with the current sync protocols. This means this is somewhat
+# of a nuclear option.
+#
+# example: ["reallybadserver\.tld$", "reallybadphrase",
+# "69dollarfortnitecards"]
+#
+#ignore_messages_from_server_names = []
+
+# Send messages from users that the user has ignored to the client.
+#
+# There is no way for clients to receive messages sent while a user was
+# ignored without doing a full sync. This is a protocol limitation with
+# the current sync protocols. Disabling this option will move
+# responsibility of ignoring messages to the client, which can avoid this
+# limitation.
+#
+#send_messages_from_ignored_users_to_client = false
+
 # Vector list of IPv4 and IPv6 CIDR ranges / subnets *in quotes* that you
 # do not want conduwuit to send outbound requests to. Defaults to
 # RFC1918, unroutable, loopback, multicast, and testnet addresses for
--- a/src/api/client/message.rs
+++ b/src/api/client/message.rs
@ -275,10 +275,12 @@ pub(crate) async fn is_ignored_pdu(

 	let ignored_server = services
 		.moderation
-		.is_remote_server_forbidden(pdu.sender().server_name());
+		.is_remote_server_ignored(pdu.sender().server_name());

 	if ignored_type
-		&& (ignored_server || services.users.user_is_ignored(&pdu.sender, user_id).await)
+		&& (ignored_server
+			|| (!services.config.send_messages_from_ignored_users_to_client
+				&& services.users.user_is_ignored(&pdu.sender, user_id).await))
 	{
 		return true;
 	}
--- a/src/core/config/mod.rs
+++ b/src/core/config/mod.rs
@ -1359,25 +1359,13 @@ pub struct Config {
 	#[serde(default)]
 	pub prune_missing_media: bool,

-	/// Vector list of regex patterns of server names that conduwuit will refuse
-	/// to download remote media from.
-	///
-	/// example: ["badserver\.tld$", "badphrase", "19dollarfortnitecards"]
-	///
-	/// default: []
-	#[serde(default, with = "serde_regex")]
-	pub prevent_media_downloads_from: RegexSet,
-
 	/// List of forbidden server names via regex patterns that we will block
 	/// incoming AND outgoing federation with, and block client room joins /
 	/// remote user invites.
 	///
-	/// Additionally, it will hide messages from these servers for all users
-	/// on this server.
-	///
 	/// Note that your messages can still make it to forbidden servers through
-	/// backfilling. Events we receive from forbidden servers via backfill will
-	/// be stored in the database, but will not be sent to the client.
+	/// backfilling. Events we receive from forbidden servers via backfill
+	/// from servers we *do* federate with will be stored in the database.
 	///
 	/// This check is applied on the room ID, room alias, sender server name,
 	/// sender user's server name, inbound federation X-Matrix origin, and
@ -1403,6 +1391,15 @@ pub struct Config {
 	#[serde(default, with = "serde_regex")]
 	pub allowed_remote_server_names: RegexSet,

+	/// Vector list of regex patterns of server names that conduwuit will refuse
+	/// to download remote media from.
+	///
+	/// example: ["badserver\.tld$", "badphrase", "19dollarfortnitecards"]
+	///
+	/// default: []
+	#[serde(default, with = "serde_regex")]
+	pub prevent_media_downloads_from: RegexSet,
+
 	/// List of forbidden server names via regex patterns that we will block all
 	/// outgoing federated room directory requests for. Useful for preventing
 	/// our users from wandering into bad servers or spaces.
@ -1413,6 +1410,31 @@ pub struct Config {
 	#[serde(default, with = "serde_regex")]
 	pub forbidden_remote_room_directory_server_names: RegexSet,

+	/// Vector list of regex patterns of server names that conduwuit will not
+	/// send messages to the client from.
+	///
+	/// Note that there is no way for clients to receive messages once a server
+	/// has become unignored without doing a full sync. This is a protocol
+	/// limitation with the current sync protocols. This means this is somewhat
+	/// of a nuclear option.
+	///
+	/// example: ["reallybadserver\.tld$", "reallybadphrase",
+	/// "69dollarfortnitecards"]
+	///
+	/// default: []
+	#[serde(default, with = "serde_regex")]
+	pub ignore_messages_from_server_names: RegexSet,
+
+	/// Send messages from users that the user has ignored to the client.
+	///
+	/// There is no way for clients to receive messages sent while a user was
+	/// ignored without doing a full sync. This is a protocol limitation with
+	/// the current sync protocols. Disabling this option will move
+	/// responsibility of ignoring messages to the client, which can avoid this
+	/// limitation.
+	#[serde(default)]
+	pub send_messages_from_ignored_users_to_client: bool,
+
 	/// Vector list of IPv4 and IPv6 CIDR ranges / subnets *in quotes* that you
 	/// do not want conduwuit to send outbound requests to. Defaults to
 	/// RFC1918, unroutable, loopback, multicast, and testnet addresses for
--- a/src/service/moderation.rs
+++ b/src/service/moderation.rs
@ -10,14 +10,16 @@ pub struct Service {
 }

 struct Services {
-	pub config: Dep<config::Service>
+	// pub server: Arc<Server>,
+	pub config: Dep<config::Service>,
 }

 impl crate::Service for Service {
 	fn build(args: crate::Args<'_>) -> Result<Arc<Self>> {
 		Ok(Arc::new(Self {
 			services: Services {
-				config: args.depend::<config::Service>("config")
+				// server: args.server.clone(),
+				config: args.depend::<config::Service>("config"),
 			},
 		}))
 	}
@ -25,6 +27,20 @@ impl crate::Service for Service {
 	fn name(&self) -> &str { crate::service::make_name(std::module_path!()) }
 }

+#[implement(Service)]
+#[must_use]
+pub fn is_remote_server_ignored(&self, server_name: &ServerName) -> bool {
+	// We must never block federating with ourselves
+	if server_name == self.services.config.server_name {
+		return false;
+	}
+
+	self.services
+		.config
+		.ignore_messages_from_server_names
+		.is_match(server_name.host())
+}
+
 #[implement(Service)]
 #[must_use]
 pub fn is_remote_server_forbidden(&self, server_name: &ServerName) -> bool {