refactor: Centralize server forbidden checks into moderation module

This moves all checks related to `forbidden_remote_server_names`, `forbidden_remote_room_directory_server_names` and `prevent_media_downloads_from` to a new `moderation` module. This is useful for implementing more complicated logic globally. Mostly the changes from #673, but is also relevant for #750
2025-04-19 23:02:43 +01:00 · 2025-04-19 23:02:43 +01:00 · 0eb9e4f3d2
commit 0eb9e4f3d2
parent e71138ab6f
18 changed files with 109 additions and 97 deletions
--- a/src/api/client/directory.rs
+++ b/src/api/client/directory.rs
@ -52,13 +52,8 @@ pub(crate) async fn get_public_rooms_filtered_route(
 ) -> Result<get_public_rooms_filtered::v3::Response> {
 	if let Some(server) = &body.server {
 		if services
-			.config
-			.forbidden_remote_room_directory_server_names
-			.is_match(server.host())
-			|| services
-				.config
-				.forbidden_remote_server_names
-				.is_match(server.host())
+			.moderation
+			.is_remote_server_room_directory_forbidden(server)
 		{
 			return Err!(Request(Forbidden("Server is banned on this homeserver.")));
 		}
@ -92,15 +87,7 @@ pub(crate) async fn get_public_rooms_route(
 	body: Ruma<get_public_rooms::v3::Request>,
 ) -> Result<get_public_rooms::v3::Response> {
 	if let Some(server) = &body.server {
-		if services
-			.config
-			.forbidden_remote_room_directory_server_names
-			.is_match(server.host())
-			|| services
-				.config
-				.forbidden_remote_server_names
-				.is_match(server.host())
-		{
+		if services.moderation.is_remote_server_forbidden(server) {
 			return Err!(Request(Forbidden("Server is banned on this homeserver.")));
 		}
 	}
--- a/src/api/client/membership.rs
+++ b/src/api/client/membership.rs
@ -83,9 +83,8 @@ async fn banned_room_check(
 	if let Some(room_id) = room_id {
 		if services.rooms.metadata.is_banned(room_id).await
 			|| services
-				.config
-				.forbidden_remote_server_names
-				.is_match(room_id.server_name().expect("legacy room mxid").host())
+				.moderation
+				.is_remote_server_forbidden(room_id.server_name().expect("legacy room mxid"))
 		{
 			warn!(
 				"User {user_id} who is not an admin attempted to send an invite for or \
--- a/src/api/client/message.rs
+++ b/src/api/client/message.rs
@ -274,9 +274,8 @@ pub(crate) async fn is_ignored_pdu(
 	let ignored_type = IGNORED_MESSAGE_TYPES.binary_search(&pdu.kind).is_ok();

 	let ignored_server = services
-		.config
-		.forbidden_remote_server_names
-		.is_match(pdu.sender().server_name().host());
+		.moderation
+		.is_remote_server_forbidden(pdu.sender().server_name());

 	if ignored_type
 		&& (ignored_server || services.users.user_is_ignored(&pdu.sender, user_id).await)