magmaus3/continuwuity
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

refactor: Centralize server forbidden checks into moderation module

Browse source 
This moves all checks related to `forbidden_remote_server_names`,
`forbidden_remote_room_directory_server_names` and
`prevent_media_downloads_from` to a new `moderation` module.
This is useful for implementing more complicated logic globally.
Mostly the changes from #673, but is also relevant for #750
This commit is contained in:
Jade Ellis 2025-04-19 23:02:43 +01:00
parent e71138ab6f
commit 0eb9e4f3d2
No known key found for this signature in database
GPG key ID: 8705A2A3EBF77BD2
18 changed files with 109 additions and 97 deletions
Download patch file Download diff file Expand all files Collapse all files

19
src/api/client/directory.rs
View file

@ -52,13 +52,8 @@ pub(crate) async fn get_public_rooms_filtered_route(
) -> Result<get_public_rooms_filtered::v3::Response> {
if let Some(server) = &body.server {
if services
.config
.forbidden_remote_room_directory_server_names
.is_match(server.host())
|| services
.config
.forbidden_remote_server_names
.is_match(server.host())
.moderation
.is_remote_server_room_directory_forbidden(server)
{
return Err!(Request(Forbidden("Server is banned on this homeserver.")));
}
@ -92,15 +87,7 @@ pub(crate) async fn get_public_rooms_route(
body: Ruma<get_public_rooms::v3::Request>,
) -> Result<get_public_rooms::v3::Response> {
if let Some(server) = &body.server {
if services
.config
.forbidden_remote_room_directory_server_names
.is_match(server.host())
|| services
.config
.forbidden_remote_server_names
.is_match(server.host())
{
if services.moderation.is_remote_server_forbidden(server) {
return Err!(Request(Forbidden("Server is banned on this homeserver.")));
}
}

5
src/api/client/membership.rs
View file

@ -83,9 +83,8 @@ async fn banned_room_check(
if let Some(room_id) = room_id {
if services.rooms.metadata.is_banned(room_id).await
|| services
.config
.forbidden_remote_server_names
.is_match(room_id.server_name().expect("legacy room mxid").host())
.moderation
.is_remote_server_forbidden(room_id.server_name().expect("legacy room mxid"))
{
warn!(
"User {user_id} who is not an admin attempted to send an invite for or \

5
src/api/client/message.rs
View file

@ -274,9 +274,8 @@ pub(crate) async fn is_ignored_pdu(
let ignored_type = IGNORED_MESSAGE_TYPES.binary_search(&pdu.kind).is_ok();
let ignored_server = services
.config
.forbidden_remote_server_names
.is_match(pdu.sender().server_name().host());
.moderation
.is_remote_server_forbidden(pdu.sender().server_name());
if ignored_type
&& (ignored_server || services.users.user_is_ignored(&pdu.sender, user_id).await)

8
src/api/router/auth.rs
View file

@ -306,7 +306,7 @@ async fn auth_server(
}
fn auth_server_checks(services: &Services, x_matrix: &XMatrix) -> Result<()> {
if !services.server.config.allow_federation {
if !services.config.allow_federation {
return Err!(Config("allow_federation", "Federation is disabled."));
}
@ -316,11 +316,7 @@ fn auth_server_checks(services: &Services, x_matrix: &XMatrix) -> Result<()> {
}
let origin = &x_matrix.origin;
if services
.config
.forbidden_remote_server_names
.is_match(origin.host())
{
if services.moderation.is_remote_server_forbidden(origin) {
return Err!(Request(Forbidden(debug_warn!(
"Federation requests from {origin} denied."
))));

11
src/api/server/invite.rs
View file

@ -37,19 +37,14 @@ pub(crate) async fn create_invite_route(
}
if let Some(server) = body.room_id.server_name() {
if services
.config
.forbidden_remote_server_names
.is_match(server.host())
{
if services.moderation.is_remote_server_forbidden(server) {
return Err!(Request(Forbidden("Server is banned on this homeserver.")));
}
}
if services
.config
.forbidden_remote_server_names
.is_match(body.origin().host())
.moderation
.is_remote_server_forbidden(body.origin())
{
warn!(
"Received federated/remote invite from banned server {} for room ID {}. Rejecting.",

11
src/api/server/make_join.rs
View file

@ -42,9 +42,8 @@ pub(crate) async fn create_join_event_template_route(
.await?;
if services
.config
.forbidden_remote_server_names
.is_match(body.origin().host())
.moderation
.is_remote_server_forbidden(body.origin())
{
warn!(
"Server {} for remote user {} tried joining room ID {} which has a server name that \
@ -57,11 +56,7 @@ pub(crate) async fn create_join_event_template_route(
}
if let Some(server) = body.room_id.server_name() {
if services
.config
.forbidden_remote_server_names
.is_match(server.host())
{
if services.moderation.is_remote_server_forbidden(server) {
return Err!(Request(Forbidden(warn!(
"Room ID server name {server} is banned on this homeserver."
))));

11
src/api/server/make_knock.rs
View file

@ -33,9 +33,8 @@ pub(crate) async fn create_knock_event_template_route(
.await?;
if services
.config
.forbidden_remote_server_names
.is_match(body.origin().host())
.moderation
.is_remote_server_forbidden(body.origin())
{
warn!(
"Server {} for remote user {} tried knocking room ID {} which has a server name \
@ -48,11 +47,7 @@ pub(crate) async fn create_knock_event_template_route(
}
if let Some(server) = body.room_id.server_name() {
if services
.config
.forbidden_remote_server_names
.is_match(server.host())
{
if services.moderation.is_remote_server_forbidden(server) {
return Err!(Request(Forbidden("Server is banned on this homeserver.")));
}
}

22
src/api/server/send_join.rs
View file

@ -268,9 +268,8 @@ pub(crate) async fn create_join_event_v1_route(
body: Ruma<create_join_event::v1::Request>,
) -> Result<create_join_event::v1::Response> {
if services
.config
.forbidden_remote_server_names
.is_match(body.origin().host())
.moderation
.is_remote_server_forbidden(body.origin())
{
warn!(
"Server {} tried joining room ID {} through us who has a server name that is \
@ -282,11 +281,7 @@ pub(crate) async fn create_join_event_v1_route(
}
if let Some(server) = body.room_id.server_name() {
if services
.config
.forbidden_remote_server_names
.is_match(server.host())
{
if services.moderation.is_remote_server_forbidden(server) {
warn!(
"Server {} tried joining room ID {} through us which has a server name that is \
globally forbidden. Rejecting.",
@ -314,19 +309,14 @@ pub(crate) async fn create_join_event_v2_route(
body: Ruma<create_join_event::v2::Request>,
) -> Result<create_join_event::v2::Response> {
if services
.config
.forbidden_remote_server_names
.is_match(body.origin().host())
.moderation
.is_remote_server_forbidden(body.origin())
{
return Err!(Request(Forbidden("Server is banned on this homeserver.")));
}
if let Some(server) = body.room_id.server_name() {
if services
.config
.forbidden_remote_server_names
.is_match(server.host())
{
if services.moderation.is_remote_server_forbidden(server) {
warn!(
"Server {} tried joining room ID {} through us which has a server name that is \
globally forbidden. Rejecting.",

11
src/api/server/send_knock.rs
View file

@ -26,9 +26,8 @@ pub(crate) async fn create_knock_event_v1_route(
body: Ruma<send_knock::v1::Request>,
) -> Result<send_knock::v1::Response> {
if services
.config
.forbidden_remote_server_names
.is_match(body.origin().host())
.moderation
.is_remote_server_forbidden(body.origin())
{
warn!(
"Server {} tried knocking room ID {} who has a server name that is globally \
@ -40,11 +39,7 @@ pub(crate) async fn create_knock_event_v1_route(
}
if let Some(server) = body.room_id.server_name() {
if services
.config
.forbidden_remote_server_names
.is_match(server.host())
{
if services.moderation.is_remote_server_forbidden(server) {
warn!(
"Server {} tried knocking room ID {} which has a server name that is globally \
forbidden. Rejecting.",