magmaus3/continuwuity
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

refactor: Centralize server forbidden checks into moderation module

Browse source 
This moves all checks related to `forbidden_remote_server_names`,
`forbidden_remote_room_directory_server_names` and
`prevent_media_downloads_from` to a new `moderation` module.
This is useful for implementing more complicated logic globally.
Mostly the changes from #673, but is also relevant for #750
This commit is contained in:
Jade Ellis 2025-04-19 23:02:43 +01:00
parent e71138ab6f
commit 0eb9e4f3d2
No known key found for this signature in database
GPG key ID: 8705A2A3EBF77BD2
18 changed files with 109 additions and 97 deletions
Download patch file Download diff file Expand all files Collapse all files

8
src/api/router/auth.rs
View file

@ -306,7 +306,7 @@ async fn auth_server(
}
fn auth_server_checks(services: &Services, x_matrix: &XMatrix) -> Result<()> {
if !services.server.config.allow_federation {
if !services.config.allow_federation {
return Err!(Config("allow_federation", "Federation is disabled."));
}
@ -316,11 +316,7 @@ fn auth_server_checks(services: &Services, x_matrix: &XMatrix) -> Result<()> {
}
let origin = &x_matrix.origin;
if services
.config
.forbidden_remote_server_names
.is_match(origin.host())
{
if services.moderation.is_remote_server_forbidden(origin) {
return Err!(Request(Forbidden(debug_warn!(
"Federation requests from {origin} denied."
))));