make everything pub(crate) instead of pub

conduwuit is not a library Signed-off-by: strawberry <strawberry@puppygock.gay>
2024-04-22 23:48:57 -04:00 · 2024-04-22 23:48:57 -04:00 · 66bb88a03a
commit 66bb88a03a
parent 472c32f453
135 changed files with 1366 additions and 1247 deletions
--- a/src/api/client_server/account.rs
+++ b/src/api/client_server/account.rs
@ -34,7 +34,7 @@ const RANDOM_USER_ID_LENGTH: usize = 10;
 ///
 /// Note: This will not reserve the username, so the username might become
 /// invalid when trying to register
-pub async fn get_register_available_route(
+pub(crate) async fn get_register_available_route(
 	body: Ruma<get_username_availability::v3::Request>,
 ) -> Result<get_username_availability::v3::Response> {
 	// Validate user id
@ -82,7 +82,7 @@ pub async fn get_register_available_route(
 /// - If `inhibit_login` is false: Creates a device and returns device id and
 ///   access_token
 #[allow(clippy::doc_markdown)]
-pub async fn register_route(body: Ruma<register::v3::Request>) -> Result<register::v3::Response> {
+pub(crate) async fn register_route(body: Ruma<register::v3::Request>) -> Result<register::v3::Response> {
 	if !services().globals.allow_registration() && body.appservice_info.is_none() {
 		info!(
 			"Registration disabled and request not from known appservice, rejecting registration attempt for username \
@ -406,7 +406,9 @@ pub async fn register_route(body: Ruma<register::v3::Request>) -> Result<registe
 ///   last seen ts)
 /// - Forgets to-device events
 /// - Triggers device list updates
-pub async fn change_password_route(body: Ruma<change_password::v3::Request>) -> Result<change_password::v3::Response> {
+pub(crate) async fn change_password_route(
+	body: Ruma<change_password::v3::Request>,
+) -> Result<change_password::v3::Response> {
 	let sender_user = body.sender_user.as_ref().expect("user is authenticated");
 	let sender_device = body.sender_device.as_ref().expect("user is authenticated");

@ -469,7 +471,7 @@ pub async fn change_password_route(body: Ruma<change_password::v3::Request>) ->
 /// Get `user_id` of the sender user.
 ///
 /// Note: Also works for Application Services
-pub async fn whoami_route(body: Ruma<whoami::v3::Request>) -> Result<whoami::v3::Response> {
+pub(crate) async fn whoami_route(body: Ruma<whoami::v3::Request>) -> Result<whoami::v3::Response> {
 	let sender_user = body.sender_user.as_ref().expect("user is authenticated");
 	let device_id = body.sender_device.clone();

@ -491,7 +493,7 @@ pub async fn whoami_route(body: Ruma<whoami::v3::Request>) -> Result<whoami::v3:
 /// - Forgets all to-device events
 /// - Triggers device list updates
 /// - Removes ability to log in again
-pub async fn deactivate_route(body: Ruma<deactivate::v3::Request>) -> Result<deactivate::v3::Response> {
+pub(crate) async fn deactivate_route(body: Ruma<deactivate::v3::Request>) -> Result<deactivate::v3::Response> {
 	let sender_user = body.sender_user.as_ref().expect("user is authenticated");
 	let sender_device = body.sender_device.as_ref().expect("user is authenticated");

@ -546,7 +548,7 @@ pub async fn deactivate_route(body: Ruma<deactivate::v3::Request>) -> Result<dea
 /// Get a list of third party identifiers associated with this account.
 ///
 /// - Currently always returns empty list
-pub async fn third_party_route(body: Ruma<get_3pids::v3::Request>) -> Result<get_3pids::v3::Response> {
+pub(crate) async fn third_party_route(body: Ruma<get_3pids::v3::Request>) -> Result<get_3pids::v3::Response> {
 	let _sender_user = body.sender_user.as_ref().expect("user is authenticated");

 	Ok(get_3pids::v3::Response::new(Vec::new()))
@ -559,7 +561,7 @@ pub async fn third_party_route(body: Ruma<get_3pids::v3::Request>) -> Result<get
 ///
 /// - 403 signals that The homeserver does not allow the third party identifier
 ///   as a contact option.
-pub async fn request_3pid_management_token_via_email_route(
+pub(crate) async fn request_3pid_management_token_via_email_route(
 	_body: Ruma<request_3pid_management_token_via_email::v3::Request>,
 ) -> Result<request_3pid_management_token_via_email::v3::Response> {
 	Err(Error::BadRequest(
@ -575,7 +577,7 @@ pub async fn request_3pid_management_token_via_email_route(
 ///
 /// - 403 signals that The homeserver does not allow the third party identifier
 ///   as a contact option.
-pub async fn request_3pid_management_token_via_msisdn_route(
+pub(crate) async fn request_3pid_management_token_via_msisdn_route(
 	_body: Ruma<request_3pid_management_token_via_msisdn::v3::Request>,
 ) -> Result<request_3pid_management_token_via_msisdn::v3::Response> {
 	Err(Error::BadRequest(
--- a/src/api/client_server/alias.rs
+++ b/src/api/client_server/alias.rs
@ -17,7 +17,7 @@ use crate::{debug_info, debug_warn, services, Error, Result, Ruma};
 /// # `PUT /_matrix/client/v3/directory/room/{roomAlias}`
 ///
 /// Creates a new room alias on this server.
-pub async fn create_alias_route(body: Ruma<create_alias::v3::Request>) -> Result<create_alias::v3::Response> {
+pub(crate) async fn create_alias_route(body: Ruma<create_alias::v3::Request>) -> Result<create_alias::v3::Response> {
 	if body.room_alias.server_name() != services().globals.server_name() {
 		return Err(Error::BadRequest(ErrorKind::InvalidParam, "Alias is from another server."));
 	}
@ -72,7 +72,7 @@ pub async fn create_alias_route(body: Ruma<create_alias::v3::Request>) -> Result
 ///
 /// - TODO: additional access control checks
 /// - TODO: Update canonical alias event
-pub async fn delete_alias_route(body: Ruma<delete_alias::v3::Request>) -> Result<delete_alias::v3::Response> {
+pub(crate) async fn delete_alias_route(body: Ruma<delete_alias::v3::Request>) -> Result<delete_alias::v3::Response> {
 	if body.room_alias.server_name() != services().globals.server_name() {
 		return Err(Error::BadRequest(ErrorKind::InvalidParam, "Alias is from another server."));
 	}
@ -118,7 +118,7 @@ pub async fn delete_alias_route(body: Ruma<delete_alias::v3::Request>) -> Result
 /// # `GET /_matrix/client/v3/directory/room/{roomAlias}`
 ///
 /// Resolve an alias locally or over federation.
-pub async fn get_alias_route(body: Ruma<get_alias::v3::Request>) -> Result<get_alias::v3::Response> {
+pub(crate) async fn get_alias_route(body: Ruma<get_alias::v3::Request>) -> Result<get_alias::v3::Response> {
 	get_alias_helper(body.body.room_alias, None).await
 }

--- a/src/api/client_server/backup.rs
+++ b/src/api/client_server/backup.rs
@ -13,7 +13,7 @@ use crate::{services, Error, Result, Ruma};
 /// # `POST /_matrix/client/r0/room_keys/version`
 ///
 /// Creates a new backup.
-pub async fn create_backup_version_route(
+pub(crate) async fn create_backup_version_route(
 	body: Ruma<create_backup_version::v3::Request>,
 ) -> Result<create_backup_version::v3::Response> {
 	let sender_user = body.sender_user.as_ref().expect("user is authenticated");
@ -30,7 +30,7 @@ pub async fn create_backup_version_route(
 ///
 /// Update information about an existing backup. Only `auth_data` can be
 /// modified.
-pub async fn update_backup_version_route(
+pub(crate) async fn update_backup_version_route(
 	body: Ruma<update_backup_version::v3::Request>,
 ) -> Result<update_backup_version::v3::Response> {
 	let sender_user = body.sender_user.as_ref().expect("user is authenticated");
@ -44,7 +44,7 @@ pub async fn update_backup_version_route(
 /// # `GET /_matrix/client/r0/room_keys/version`
 ///
 /// Get information about the latest backup version.
-pub async fn get_latest_backup_info_route(
+pub(crate) async fn get_latest_backup_info_route(
 	body: Ruma<get_latest_backup_info::v3::Request>,
 ) -> Result<get_latest_backup_info::v3::Response> {
 	let sender_user = body.sender_user.as_ref().expect("user is authenticated");
@ -65,7 +65,9 @@ pub async fn get_latest_backup_info_route(
 /// # `GET /_matrix/client/r0/room_keys/version`
 ///
 /// Get information about an existing backup.
-pub async fn get_backup_info_route(body: Ruma<get_backup_info::v3::Request>) -> Result<get_backup_info::v3::Response> {
+pub(crate) async fn get_backup_info_route(
+	body: Ruma<get_backup_info::v3::Request>,
+) -> Result<get_backup_info::v3::Response> {
 	let sender_user = body.sender_user.as_ref().expect("user is authenticated");
 	let algorithm = services()
 		.key_backups
@ -91,7 +93,7 @@ pub async fn get_backup_info_route(body: Ruma<get_backup_info::v3::Request>) ->
 ///
 /// - Deletes both information about the backup, as well as all key data related
 ///   to the backup
-pub async fn delete_backup_version_route(
+pub(crate) async fn delete_backup_version_route(
 	body: Ruma<delete_backup_version::v3::Request>,
 ) -> Result<delete_backup_version::v3::Response> {
 	let sender_user = body.sender_user.as_ref().expect("user is authenticated");
@ -111,7 +113,9 @@ pub async fn delete_backup_version_route(
 ///   allowed
 /// - Adds the keys to the backup
 /// - Returns the new number of keys in this backup and the etag
-pub async fn add_backup_keys_route(body: Ruma<add_backup_keys::v3::Request>) -> Result<add_backup_keys::v3::Response> {
+pub(crate) async fn add_backup_keys_route(
+	body: Ruma<add_backup_keys::v3::Request>,
+) -> Result<add_backup_keys::v3::Response> {
 	let sender_user = body.sender_user.as_ref().expect("user is authenticated");

 	if Some(&body.version)
@ -153,7 +157,7 @@ pub async fn add_backup_keys_route(body: Ruma<add_backup_keys::v3::Request>) ->
 ///   allowed
 /// - Adds the keys to the backup
 /// - Returns the new number of keys in this backup and the etag
-pub async fn add_backup_keys_for_room_route(
+pub(crate) async fn add_backup_keys_for_room_route(
 	body: Ruma<add_backup_keys_for_room::v3::Request>,
 ) -> Result<add_backup_keys_for_room::v3::Response> {
 	let sender_user = body.sender_user.as_ref().expect("user is authenticated");
@ -195,7 +199,7 @@ pub async fn add_backup_keys_for_room_route(
 ///   allowed
 /// - Adds the keys to the backup
 /// - Returns the new number of keys in this backup and the etag
-pub async fn add_backup_keys_for_session_route(
+pub(crate) async fn add_backup_keys_for_session_route(
 	body: Ruma<add_backup_keys_for_session::v3::Request>,
 ) -> Result<add_backup_keys_for_session::v3::Response> {
 	let sender_user = body.sender_user.as_ref().expect("user is authenticated");
@ -230,7 +234,9 @@ pub async fn add_backup_keys_for_session_route(
 /// # `GET /_matrix/client/r0/room_keys/keys`
 ///
 /// Retrieves all keys from the backup.
-pub async fn get_backup_keys_route(body: Ruma<get_backup_keys::v3::Request>) -> Result<get_backup_keys::v3::Response> {
+pub(crate) async fn get_backup_keys_route(
+	body: Ruma<get_backup_keys::v3::Request>,
+) -> Result<get_backup_keys::v3::Response> {
 	let sender_user = body.sender_user.as_ref().expect("user is authenticated");

 	let rooms = services().key_backups.get_all(sender_user, &body.version)?;
@ -243,7 +249,7 @@ pub async fn get_backup_keys_route(body: Ruma<get_backup_keys::v3::Request>) ->
 /// # `GET /_matrix/client/r0/room_keys/keys/{roomId}`
 ///
 /// Retrieves all keys from the backup for a given room.
-pub async fn get_backup_keys_for_room_route(
+pub(crate) async fn get_backup_keys_for_room_route(
 	body: Ruma<get_backup_keys_for_room::v3::Request>,
 ) -> Result<get_backup_keys_for_room::v3::Response> {
 	let sender_user = body.sender_user.as_ref().expect("user is authenticated");
@ -260,7 +266,7 @@ pub async fn get_backup_keys_for_room_route(
 /// # `GET /_matrix/client/r0/room_keys/keys/{roomId}/{sessionId}`
 ///
 /// Retrieves a key from the backup.
-pub async fn get_backup_keys_for_session_route(
+pub(crate) async fn get_backup_keys_for_session_route(
 	body: Ruma<get_backup_keys_for_session::v3::Request>,
 ) -> Result<get_backup_keys_for_session::v3::Response> {
 	let sender_user = body.sender_user.as_ref().expect("user is authenticated");
@ -281,7 +287,7 @@ pub async fn get_backup_keys_for_session_route(
 /// # `DELETE /_matrix/client/r0/room_keys/keys`
 ///
 /// Delete the keys from the backup.
-pub async fn delete_backup_keys_route(
+pub(crate) async fn delete_backup_keys_route(
 	body: Ruma<delete_backup_keys::v3::Request>,
 ) -> Result<delete_backup_keys::v3::Response> {
 	let sender_user = body.sender_user.as_ref().expect("user is authenticated");
@ -304,7 +310,7 @@ pub async fn delete_backup_keys_route(
 /// # `DELETE /_matrix/client/r0/room_keys/keys/{roomId}`
 ///
 /// Delete the keys from the backup for a given room.
-pub async fn delete_backup_keys_for_room_route(
+pub(crate) async fn delete_backup_keys_for_room_route(
 	body: Ruma<delete_backup_keys_for_room::v3::Request>,
 ) -> Result<delete_backup_keys_for_room::v3::Response> {
 	let sender_user = body.sender_user.as_ref().expect("user is authenticated");
@ -327,7 +333,7 @@ pub async fn delete_backup_keys_for_room_route(
 /// # `DELETE /_matrix/client/r0/room_keys/keys/{roomId}/{sessionId}`
 ///
 /// Delete a key from the backup.
-pub async fn delete_backup_keys_for_session_route(
+pub(crate) async fn delete_backup_keys_for_session_route(
 	body: Ruma<delete_backup_keys_for_session::v3::Request>,
 ) -> Result<delete_backup_keys_for_session::v3::Response> {
 	let sender_user = body.sender_user.as_ref().expect("user is authenticated");
--- a/src/api/client_server/capabilities.rs
+++ b/src/api/client_server/capabilities.rs
@ -11,7 +11,7 @@ use crate::{services, Result, Ruma};
 ///
 /// Get information on the supported feature set and other relevent capabilities
 /// of this server.
-pub async fn get_capabilities_route(
+pub(crate) async fn get_capabilities_route(
 	_body: Ruma<get_capabilities::v3::Request>,
 ) -> Result<get_capabilities::v3::Response> {
 	let mut available = BTreeMap::new();
--- a/src/api/client_server/config.rs
+++ b/src/api/client_server/config.rs
@ -14,7 +14,7 @@ use crate::{services, Error, Result, Ruma};
 /// # `PUT /_matrix/client/r0/user/{userId}/account_data/{type}`
 ///
 /// Sets some account data for the sender user.
-pub async fn set_global_account_data_route(
+pub(crate) async fn set_global_account_data_route(
 	body: Ruma<set_global_account_data::v3::Request>,
 ) -> Result<set_global_account_data::v3::Response> {
 	let sender_user = body.sender_user.as_ref().expect("user is authenticated");
@ -40,7 +40,7 @@ pub async fn set_global_account_data_route(
 /// # `PUT /_matrix/client/r0/user/{userId}/rooms/{roomId}/account_data/{type}`
 ///
 /// Sets some room account data for the sender user.
-pub async fn set_room_account_data_route(
+pub(crate) async fn set_room_account_data_route(
 	body: Ruma<set_room_account_data::v3::Request>,
 ) -> Result<set_room_account_data::v3::Response> {
 	let sender_user = body.sender_user.as_ref().expect("user is authenticated");
@ -66,7 +66,7 @@ pub async fn set_room_account_data_route(
 /// # `GET /_matrix/client/r0/user/{userId}/account_data/{type}`
 ///
 /// Gets some account data for the sender user.
-pub async fn get_global_account_data_route(
+pub(crate) async fn get_global_account_data_route(
 	body: Ruma<get_global_account_data::v3::Request>,
 ) -> Result<get_global_account_data::v3::Response> {
 	let sender_user = body.sender_user.as_ref().expect("user is authenticated");
@ -88,7 +88,7 @@ pub async fn get_global_account_data_route(
 /// # `GET /_matrix/client/r0/user/{userId}/rooms/{roomId}/account_data/{type}`
 ///
 /// Gets some room account data for the sender user.
-pub async fn get_room_account_data_route(
+pub(crate) async fn get_room_account_data_route(
 	body: Ruma<get_room_account_data::v3::Request>,
 ) -> Result<get_room_account_data::v3::Response> {
 	let sender_user = body.sender_user.as_ref().expect("user is authenticated");
--- a/src/api/client_server/context.rs
+++ b/src/api/client_server/context.rs
@ -15,7 +15,7 @@ use crate::{services, Error, Result, Ruma};
 /// - Only works if the user is joined (TODO: always allow, but only show events
 ///   if the user was
 /// joined, depending on history_visibility)
-pub async fn get_context_route(body: Ruma<get_context::v3::Request>) -> Result<get_context::v3::Response> {
+pub(crate) async fn get_context_route(body: Ruma<get_context::v3::Request>) -> Result<get_context::v3::Response> {
 	let sender_user = body.sender_user.as_ref().expect("user is authenticated");
 	let sender_device = body.sender_device.as_ref().expect("user is authenticated");

--- a/src/api/client_server/device.rs
+++ b/src/api/client_server/device.rs
@ -10,7 +10,7 @@ use crate::{services, utils, Error, Result, Ruma};
 /// # `GET /_matrix/client/r0/devices`
 ///
 /// Get metadata on all devices of the sender user.
-pub async fn get_devices_route(body: Ruma<get_devices::v3::Request>) -> Result<get_devices::v3::Response> {
+pub(crate) async fn get_devices_route(body: Ruma<get_devices::v3::Request>) -> Result<get_devices::v3::Response> {
 	let sender_user = body.sender_user.as_ref().expect("user is authenticated");

 	let devices: Vec<device::Device> = services()
@ -27,7 +27,7 @@ pub async fn get_devices_route(body: Ruma<get_devices::v3::Request>) -> Result<g
 /// # `GET /_matrix/client/r0/devices/{deviceId}`
 ///
 /// Get metadata on a single device of the sender user.
-pub async fn get_device_route(body: Ruma<get_device::v3::Request>) -> Result<get_device::v3::Response> {
+pub(crate) async fn get_device_route(body: Ruma<get_device::v3::Request>) -> Result<get_device::v3::Response> {
 	let sender_user = body.sender_user.as_ref().expect("user is authenticated");

 	let device = services()
@ -43,7 +43,7 @@ pub async fn get_device_route(body: Ruma<get_device::v3::Request>) -> Result<get
 /// # `PUT /_matrix/client/r0/devices/{deviceId}`
 ///
 /// Updates the metadata on a given device of the sender user.
-pub async fn update_device_route(body: Ruma<update_device::v3::Request>) -> Result<update_device::v3::Response> {
+pub(crate) async fn update_device_route(body: Ruma<update_device::v3::Request>) -> Result<update_device::v3::Response> {
 	let sender_user = body.sender_user.as_ref().expect("user is authenticated");

 	let mut device = services()
@ -70,7 +70,7 @@ pub async fn update_device_route(body: Ruma<update_device::v3::Request>) -> Resu
 ///   last seen ts)
 /// - Forgets to-device events
 /// - Triggers device list updates
-pub async fn delete_device_route(body: Ruma<delete_device::v3::Request>) -> Result<delete_device::v3::Response> {
+pub(crate) async fn delete_device_route(body: Ruma<delete_device::v3::Request>) -> Result<delete_device::v3::Response> {
 	let sender_user = body.sender_user.as_ref().expect("user is authenticated");
 	let sender_device = body.sender_device.as_ref().expect("user is authenticated");

@ -122,7 +122,9 @@ pub async fn delete_device_route(body: Ruma<delete_device::v3::Request>) -> Resu
 ///   last seen ts)
 /// - Forgets to-device events
 /// - Triggers device list updates
-pub async fn delete_devices_route(body: Ruma<delete_devices::v3::Request>) -> Result<delete_devices::v3::Response> {
+pub(crate) async fn delete_devices_route(
+	body: Ruma<delete_devices::v3::Request>,
+) -> Result<delete_devices::v3::Response> {
 	let sender_user = body.sender_user.as_ref().expect("user is authenticated");
 	let sender_device = body.sender_device.as_ref().expect("user is authenticated");

--- a/src/api/client_server/directory.rs
+++ b/src/api/client_server/directory.rs
@ -31,7 +31,7 @@ use crate::{services, Error, Result, Ruma};
 /// Lists the public rooms on this server.
 ///
 /// - Rooms are ordered by the number of joined members
-pub async fn get_public_rooms_filtered_route(
+pub(crate) async fn get_public_rooms_filtered_route(
 	body: Ruma<get_public_rooms_filtered::v3::Request>,
 ) -> Result<get_public_rooms_filtered::v3::Response> {
 	if let Some(server) = &body.server {
@ -68,7 +68,7 @@ pub async fn get_public_rooms_filtered_route(
 /// Lists the public rooms on this server.
 ///
 /// - Rooms are ordered by the number of joined members
-pub async fn get_public_rooms_route(
+pub(crate) async fn get_public_rooms_route(
 	body: Ruma<get_public_rooms::v3::Request>,
 ) -> Result<get_public_rooms::v3::Response> {
 	if let Some(server) = &body.server {
@ -110,7 +110,7 @@ pub async fn get_public_rooms_route(
 /// Sets the visibility of a given room in the room directory.
 ///
 /// - TODO: Access control checks
-pub async fn set_room_visibility_route(
+pub(crate) async fn set_room_visibility_route(
 	body: Ruma<set_room_visibility::v3::Request>,
 ) -> Result<set_room_visibility::v3::Response> {
 	let sender_user = body.sender_user.as_ref().expect("user is authenticated");
@ -153,7 +153,7 @@ pub async fn set_room_visibility_route(
 /// # `GET /_matrix/client/r0/directory/list/room/{roomId}`
 ///
 /// Gets the visibility of a given room in the room directory.
-pub async fn get_room_visibility_route(
+pub(crate) async fn get_room_visibility_route(
 	body: Ruma<get_room_visibility::v3::Request>,
 ) -> Result<get_room_visibility::v3::Response> {
 	if !services().rooms.metadata.exists(&body.room_id)? {
--- a/src/api/client_server/filter.rs
+++ b/src/api/client_server/filter.rs
@ -10,7 +10,7 @@ use crate::{services, Error, Result, Ruma};
 /// Loads a filter that was previously created.
 ///
 /// - A user can only access their own filters
-pub async fn get_filter_route(body: Ruma<get_filter::v3::Request>) -> Result<get_filter::v3::Response> {
+pub(crate) async fn get_filter_route(body: Ruma<get_filter::v3::Request>) -> Result<get_filter::v3::Response> {
 	let sender_user = body.sender_user.as_ref().expect("user is authenticated");
 	let Some(filter) = services().users.get_filter(sender_user, &body.filter_id)? else {
 		return Err(Error::BadRequest(ErrorKind::NotFound, "Filter not found."));
@ -22,7 +22,7 @@ pub async fn get_filter_route(body: Ruma<get_filter::v3::Request>) -> Result<get
 /// # `PUT /_matrix/client/r0/user/{userId}/filter`
 ///
 /// Creates a new filter to be used by other endpoints.
-pub async fn create_filter_route(body: Ruma<create_filter::v3::Request>) -> Result<create_filter::v3::Response> {
+pub(crate) async fn create_filter_route(body: Ruma<create_filter::v3::Request>) -> Result<create_filter::v3::Response> {
 	let sender_user = body.sender_user.as_ref().expect("user is authenticated");
 	Ok(create_filter::v3::Response::new(
 		services().users.create_filter(sender_user, &body.filter)?,
--- a/src/api/client_server/keys.rs
+++ b/src/api/client_server/keys.rs
@ -29,7 +29,7 @@ use crate::{services, utils, Error, Result, Ruma};
 /// - Adds one time keys
 /// - If there are no device keys yet: Adds device keys (TODO: merge with
 ///   existing keys?)
-pub async fn upload_keys_route(body: Ruma<upload_keys::v3::Request>) -> Result<upload_keys::v3::Response> {
+pub(crate) async fn upload_keys_route(body: Ruma<upload_keys::v3::Request>) -> Result<upload_keys::v3::Response> {
 	let sender_user = body.sender_user.as_ref().expect("user is authenticated");
 	let sender_device = body.sender_device.as_ref().expect("user is authenticated");

@ -68,7 +68,7 @@ pub async fn upload_keys_route(body: Ruma<upload_keys::v3::Request>) -> Result<u
 /// - Gets master keys, self-signing keys, user signing keys and device keys.
 /// - The master and self-signing keys contain signatures that the user is
 ///   allowed to see
-pub async fn get_keys_route(body: Ruma<get_keys::v3::Request>) -> Result<get_keys::v3::Response> {
+pub(crate) async fn get_keys_route(body: Ruma<get_keys::v3::Request>) -> Result<get_keys::v3::Response> {
 	let sender_user = body.sender_user.as_ref().expect("user is authenticated");

 	let response = get_keys_helper(
@ -85,7 +85,7 @@ pub async fn get_keys_route(body: Ruma<get_keys::v3::Request>) -> Result<get_key
 /// # `POST /_matrix/client/r0/keys/claim`
 ///
 /// Claims one-time keys
-pub async fn claim_keys_route(body: Ruma<claim_keys::v3::Request>) -> Result<claim_keys::v3::Response> {
+pub(crate) async fn claim_keys_route(body: Ruma<claim_keys::v3::Request>) -> Result<claim_keys::v3::Response> {
 	let response = claim_keys_helper(&body.one_time_keys).await?;

 	Ok(response)
@ -96,7 +96,7 @@ pub async fn claim_keys_route(body: Ruma<claim_keys::v3::Request>) -> Result<cla
 /// Uploads end-to-end key information for the sender user.
 ///
 /// - Requires UIAA to verify password
-pub async fn upload_signing_keys_route(
+pub(crate) async fn upload_signing_keys_route(
 	body: Ruma<upload_signing_keys::v3::Request>,
 ) -> Result<upload_signing_keys::v3::Response> {
 	let sender_user = body.sender_user.as_ref().expect("user is authenticated");
@ -147,7 +147,7 @@ pub async fn upload_signing_keys_route(
 /// # `POST /_matrix/client/r0/keys/signatures/upload`
 ///
 /// Uploads end-to-end key signatures from the sender user.
-pub async fn upload_signatures_route(
+pub(crate) async fn upload_signatures_route(
 	body: Ruma<upload_signatures::v3::Request>,
 ) -> Result<upload_signatures::v3::Response> {
 	let sender_user = body.sender_user.as_ref().expect("user is authenticated");
@ -193,7 +193,9 @@ pub async fn upload_signatures_route(
 /// previous sync token.
 ///
 /// - TODO: left users
-pub async fn get_key_changes_route(body: Ruma<get_key_changes::v3::Request>) -> Result<get_key_changes::v3::Response> {
+pub(crate) async fn get_key_changes_route(
+	body: Ruma<get_key_changes::v3::Request>,
+) -> Result<get_key_changes::v3::Response> {
 	let sender_user = body.sender_user.as_ref().expect("user is authenticated");

 	let mut device_list_updates = HashSet::new();
--- a/src/api/client_server/media.rs
+++ b/src/api/client_server/media.rs
@ -24,7 +24,7 @@ const MXC_LENGTH: usize = 32;
 /// # `GET /_matrix/media/v3/config`
 ///
 /// Returns max upload size.
-pub async fn get_media_config_route(
+pub(crate) async fn get_media_config_route(
 	_body: Ruma<get_media_config::v3::Request>,
 ) -> Result<get_media_config::v3::Response> {
 	Ok(get_media_config::v3::Response {
@ -39,7 +39,7 @@ pub async fn get_media_config_route(
 /// See <https://spec.matrix.org/legacy/legacy/#id27>
 ///
 /// Returns max upload size.
-pub async fn get_media_config_v1_route(
+pub(crate) async fn get_media_config_v1_route(
 	_body: Ruma<get_media_config::v3::Request>,
 ) -> Result<RumaResponse<get_media_config::v3::Response>> {
 	Ok(get_media_config::v3::Response {
@ -51,7 +51,7 @@ pub async fn get_media_config_v1_route(
 /// # `GET /_matrix/media/v3/preview_url`
 ///
 /// Returns URL preview.
-pub async fn get_media_preview_route(
+pub(crate) async fn get_media_preview_route(
 	body: Ruma<get_media_preview::v3::Request>,
 ) -> Result<get_media_preview::v3::Response> {
 	let url = &body.url;
@ -95,7 +95,7 @@ pub async fn get_media_preview_route(
 /// See <https://spec.matrix.org/legacy/legacy/#id27>
 ///
 /// Returns URL preview.
-pub async fn get_media_preview_v1_route(
+pub(crate) async fn get_media_preview_v1_route(
 	body: Ruma<get_media_preview::v3::Request>,
 ) -> Result<RumaResponse<get_media_preview::v3::Response>> {
 	let url = &body.url;
@ -138,7 +138,9 @@ pub async fn get_media_preview_v1_route(
 ///
 /// - Some metadata will be saved in the database
 /// - Media will be saved in the media/ directory
-pub async fn create_content_route(body: Ruma<create_content::v3::Request>) -> Result<create_content::v3::Response> {
+pub(crate) async fn create_content_route(
+	body: Ruma<create_content::v3::Request>,
+) -> Result<create_content::v3::Response> {
 	let sender_user = body.sender_user.as_ref().expect("user is authenticated");

 	let mxc = format!(
@ -179,7 +181,7 @@ pub async fn create_content_route(body: Ruma<create_content::v3::Request>) -> Re
 ///
 /// - Some metadata will be saved in the database
 /// - Media will be saved in the media/ directory
-pub async fn create_content_v1_route(
+pub(crate) async fn create_content_v1_route(
 	body: Ruma<create_content::v3::Request>,
 ) -> Result<RumaResponse<create_content::v3::Response>> {
 	let sender_user = body.sender_user.as_ref().expect("user is authenticated");
@ -214,7 +216,7 @@ pub async fn create_content_v1_route(
 }

 /// helper method to fetch remote media from other servers over federation
-pub async fn get_remote_content(
+pub(crate) async fn get_remote_content(
 	mxc: &str, server_name: &ruma::ServerName, media_id: String, allow_redirect: bool, timeout_ms: Duration,
 ) -> Result<get_content::v3::Response, Error> {
 	// we'll lie to the client and say the blocked server's media was not found and
@ -267,7 +269,7 @@ pub async fn get_remote_content(
 /// - Only redirects if `allow_redirect` is true
 /// - Uses client-provided `timeout_ms` if available, else defaults to 20
 ///   seconds
-pub async fn get_content_route(body: Ruma<get_content::v3::Request>) -> Result<get_content::v3::Response> {
+pub(crate) async fn get_content_route(body: Ruma<get_content::v3::Request>) -> Result<get_content::v3::Response> {
 	let mxc = format!("mxc://{}/{}", body.server_name, body.media_id);

 	if let Some(FileMeta {
@ -310,7 +312,7 @@ pub async fn get_content_route(body: Ruma<get_content::v3::Request>) -> Result<g
 /// - Only redirects if `allow_redirect` is true
 /// - Uses client-provided `timeout_ms` if available, else defaults to 20
 ///   seconds
-pub async fn get_content_v1_route(
+pub(crate) async fn get_content_v1_route(
 	body: Ruma<get_content::v3::Request>,
 ) -> Result<RumaResponse<get_content::v3::Response>> {
 	let mxc = format!("mxc://{}/{}", body.server_name, body.media_id);
@ -352,7 +354,7 @@ pub async fn get_content_v1_route(
 /// - Only redirects if `allow_redirect` is true
 /// - Uses client-provided `timeout_ms` if available, else defaults to 20
 ///   seconds
-pub async fn get_content_as_filename_route(
+pub(crate) async fn get_content_as_filename_route(
 	body: Ruma<get_content_as_filename::v3::Request>,
 ) -> Result<get_content_as_filename::v3::Response> {
 	let mxc = format!("mxc://{}/{}", body.server_name, body.media_id);
@ -404,7 +406,7 @@ pub async fn get_content_as_filename_route(
 /// - Only redirects if `allow_redirect` is true
 /// - Uses client-provided `timeout_ms` if available, else defaults to 20
 ///   seconds
-pub async fn get_content_as_filename_v1_route(
+pub(crate) async fn get_content_as_filename_v1_route(
 	body: Ruma<get_content_as_filename::v3::Request>,
 ) -> Result<RumaResponse<get_content_as_filename::v3::Response>> {
 	let mxc = format!("mxc://{}/{}", body.server_name, body.media_id);
@ -454,7 +456,7 @@ pub async fn get_content_as_filename_v1_route(
 /// - Only redirects if `allow_redirect` is true
 /// - Uses client-provided `timeout_ms` if available, else defaults to 20
 ///   seconds
-pub async fn get_content_thumbnail_route(
+pub(crate) async fn get_content_thumbnail_route(
 	body: Ruma<get_content_thumbnail::v3::Request>,
 ) -> Result<get_content_thumbnail::v3::Response> {
 	let mxc = format!("mxc://{}/{}", body.server_name, body.media_id);
@ -545,7 +547,7 @@ pub async fn get_content_thumbnail_route(
 /// - Only redirects if `allow_redirect` is true
 /// - Uses client-provided `timeout_ms` if available, else defaults to 20
 ///   seconds
-pub async fn get_content_thumbnail_v1_route(
+pub(crate) async fn get_content_thumbnail_v1_route(
 	body: Ruma<get_content_thumbnail::v3::Request>,
 ) -> Result<RumaResponse<get_content_thumbnail::v3::Response>> {
 	let mxc = format!("mxc://{}/{}", body.server_name, body.media_id);
--- a/src/api/client_server/membership.rs
+++ b/src/api/client_server/membership.rs
@ -45,7 +45,9 @@ use crate::{
 ///   rules locally
 /// - If the server does not know about the room: asks other servers over
 ///   federation
-pub async fn join_room_by_id_route(body: Ruma<join_room_by_id::v3::Request>) -> Result<join_room_by_id::v3::Response> {
+pub(crate) async fn join_room_by_id_route(
+	body: Ruma<join_room_by_id::v3::Request>,
+) -> Result<join_room_by_id::v3::Response> {
 	let sender_user = body.sender_user.as_ref().expect("user is authenticated");

 	if services().rooms.metadata.is_banned(&body.room_id)? && !services().users.is_admin(sender_user)? {
@ -118,7 +120,7 @@ pub async fn join_room_by_id_route(body: Ruma<join_room_by_id::v3::Request>) ->
 /// - If the server does not know about the room: use the server name query
 ///   param if specified. if not specified, asks other servers over federation
 ///   via room alias server name and room ID server name
-pub async fn join_room_by_id_or_alias_route(
+pub(crate) async fn join_room_by_id_or_alias_route(
 	body: Ruma<join_room_by_id_or_alias::v3::Request>,
 ) -> Result<join_room_by_id_or_alias::v3::Response> {
 	let sender_user = body.sender_user.as_deref().expect("user is authenticated");
@ -291,7 +293,7 @@ pub async fn join_room_by_id_or_alias_route(
 /// Tries to leave the sender user from a room.
 ///
 /// - This should always work if the user is currently joined.
-pub async fn leave_room_route(body: Ruma<leave_room::v3::Request>) -> Result<leave_room::v3::Response> {
+pub(crate) async fn leave_room_route(body: Ruma<leave_room::v3::Request>) -> Result<leave_room::v3::Response> {
 	let sender_user = body.sender_user.as_ref().expect("user is authenticated");

 	leave_room(sender_user, &body.room_id, body.reason.clone()).await?;
@ -302,7 +304,7 @@ pub async fn leave_room_route(body: Ruma<leave_room::v3::Request>) -> Result<lea
 /// # `POST /_matrix/client/r0/rooms/{roomId}/invite`
 ///
 /// Tries to send an invite event into the room.
-pub async fn invite_user_route(body: Ruma<invite_user::v3::Request>) -> Result<invite_user::v3::Response> {
+pub(crate) async fn invite_user_route(body: Ruma<invite_user::v3::Request>) -> Result<invite_user::v3::Response> {
 	let sender_user = body.sender_user.as_ref().expect("user is authenticated");

 	if !services().users.is_admin(sender_user)? && services().globals.block_non_admin_invites() {
@ -355,7 +357,7 @@ pub async fn invite_user_route(body: Ruma<invite_user::v3::Request>) -> Result<i
 /// # `POST /_matrix/client/r0/rooms/{roomId}/kick`
 ///
 /// Tries to send a kick event into the room.
-pub async fn kick_user_route(body: Ruma<kick_user::v3::Request>) -> Result<kick_user::v3::Response> {
+pub(crate) async fn kick_user_route(body: Ruma<kick_user::v3::Request>) -> Result<kick_user::v3::Response> {
 	let sender_user = body.sender_user.as_ref().expect("user is authenticated");

 	if let Ok(true) = services()
@ -420,7 +422,7 @@ pub async fn kick_user_route(body: Ruma<kick_user::v3::Request>) -> Result<kick_
 /// # `POST /_matrix/client/r0/rooms/{roomId}/ban`
 ///
 /// Tries to send a ban event into the room.
-pub async fn ban_user_route(body: Ruma<ban_user::v3::Request>) -> Result<ban_user::v3::Response> {
+pub(crate) async fn ban_user_route(body: Ruma<ban_user::v3::Request>) -> Result<ban_user::v3::Response> {
 	let sender_user = body.sender_user.as_ref().expect("user is authenticated");

 	if let Ok(Some(membership_event)) = services()
@ -506,7 +508,7 @@ pub async fn ban_user_route(body: Ruma<ban_user::v3::Request>) -> Result<ban_use
 /// # `POST /_matrix/client/r0/rooms/{roomId}/unban`
 ///
 /// Tries to send an unban event into the room.
-pub async fn unban_user_route(body: Ruma<unban_user::v3::Request>) -> Result<unban_user::v3::Response> {
+pub(crate) async fn unban_user_route(body: Ruma<unban_user::v3::Request>) -> Result<unban_user::v3::Response> {
 	let sender_user = body.sender_user.as_ref().expect("user is authenticated");

 	if let Ok(Some(membership_event)) = services()
@ -577,7 +579,7 @@ pub async fn unban_user_route(body: Ruma<unban_user::v3::Request>) -> Result<unb
 ///
 /// Note: Other devices of the user have no way of knowing the room was
 /// forgotten, so this has to be called from every device
-pub async fn forget_room_route(body: Ruma<forget_room::v3::Request>) -> Result<forget_room::v3::Response> {
+pub(crate) async fn forget_room_route(body: Ruma<forget_room::v3::Request>) -> Result<forget_room::v3::Response> {
 	let sender_user = body.sender_user.as_ref().expect("user is authenticated");

 	services()
@ -591,7 +593,7 @@ pub async fn forget_room_route(body: Ruma<forget_room::v3::Request>) -> Result<f
 /// # `POST /_matrix/client/r0/joined_rooms`
 ///
 /// Lists all rooms the user has joined.
-pub async fn joined_rooms_route(body: Ruma<joined_rooms::v3::Request>) -> Result<joined_rooms::v3::Response> {
+pub(crate) async fn joined_rooms_route(body: Ruma<joined_rooms::v3::Request>) -> Result<joined_rooms::v3::Response> {
 	let sender_user = body.sender_user.as_ref().expect("user is authenticated");

 	Ok(joined_rooms::v3::Response {
@ -610,7 +612,7 @@ pub async fn joined_rooms_route(body: Ruma<joined_rooms::v3::Request>) -> Result
 /// specific membership).
 ///
 /// - Only works if the user is currently joined
-pub async fn get_member_events_route(
+pub(crate) async fn get_member_events_route(
 	body: Ruma<get_member_events::v3::Request>,
 ) -> Result<get_member_events::v3::Response> {
 	let sender_user = body.sender_user.as_ref().expect("user is authenticated");
@ -645,7 +647,9 @@ pub async fn get_member_events_route(
 ///
 /// - The sender user must be in the room
 /// - TODO: An appservice just needs a puppet joined
-pub async fn joined_members_route(body: Ruma<joined_members::v3::Request>) -> Result<joined_members::v3::Response> {
+pub(crate) async fn joined_members_route(
+	body: Ruma<joined_members::v3::Request>,
+) -> Result<joined_members::v3::Response> {
 	let sender_user = body.sender_user.as_ref().expect("user is authenticated");

 	if !services()
@ -1600,7 +1604,7 @@ pub(crate) async fn invite_helper(
 }

 // Make a user leave all their joined rooms
-pub async fn leave_all_rooms(user_id: &UserId) -> Result<()> {
+pub(crate) async fn leave_all_rooms(user_id: &UserId) -> Result<()> {
 	let all_rooms = services()
 		.rooms
 		.state_cache
@ -1626,7 +1630,7 @@ pub async fn leave_all_rooms(user_id: &UserId) -> Result<()> {
 	Ok(())
 }

-pub async fn leave_room(user_id: &UserId, room_id: &RoomId, reason: Option<String>) -> Result<()> {
+pub(crate) async fn leave_room(user_id: &UserId, room_id: &RoomId, reason: Option<String>) -> Result<()> {
 	// Ask a remote server if we don't have this room
 	if !services()
 		.rooms
--- a/src/api/client_server/message.rs
+++ b/src/api/client_server/message.rs
@ -28,7 +28,7 @@ use crate::{
 /// - The only requirement for the content is that it has to be valid json
 /// - Tries to send the event into the room, auth rules will determine if it is
 ///   allowed
-pub async fn send_message_event_route(
+pub(crate) async fn send_message_event_route(
 	body: Ruma<send_message_event::v3::Request>,
 ) -> Result<send_message_event::v3::Response> {
 	let sender_user = body.sender_user.as_ref().expect("user is authenticated");
@ -119,7 +119,7 @@ pub async fn send_message_event_route(
 /// - Only works if the user is joined (TODO: always allow, but only show events
 ///   where the user was
 /// joined, depending on `history_visibility`)
-pub async fn get_message_events_route(
+pub(crate) async fn get_message_events_route(
 	body: Ruma<get_message_events::v3::Request>,
 ) -> Result<get_message_events::v3::Response> {
 	let sender_user = body.sender_user.as_ref().expect("user is authenticated");
--- a/src/api/client_server/mod.rs
+++ b/src/api/client_server/mod.rs
@ -34,50 +34,50 @@ mod unversioned;
 mod user_directory;
 mod voip;

-pub use account::*;
-pub use alias::*;
-pub use backup::*;
-pub use capabilities::*;
-pub use config::*;
-pub use context::*;
-pub use device::*;
-pub use directory::*;
-pub use filter::*;
-pub use keys::*;
-pub use media::*;
-pub use membership::*;
-pub use message::*;
-pub use presence::*;
-pub use profile::*;
-pub use push::*;
-pub use read_marker::*;
-pub use redact::*;
-pub use relations::*;
-pub use report::*;
-pub use room::*;
-pub use search::*;
-pub use session::*;
-pub use space::*;
-pub use state::*;
-pub use sync::*;
-pub use tag::*;
-pub use thirdparty::*;
-pub use threads::*;
-pub use to_device::*;
-pub use typing::*;
-pub use unstable::*;
-pub use unversioned::*;
-pub use user_directory::*;
-pub use voip::*;
+pub(crate) use account::*;
+pub(crate) use alias::*;
+pub(crate) use backup::*;
+pub(crate) use capabilities::*;
+pub(crate) use config::*;
+pub(crate) use context::*;
+pub(crate) use device::*;
+pub(crate) use directory::*;
+pub(crate) use filter::*;
+pub(crate) use keys::*;
+pub(crate) use media::*;
+pub(crate) use membership::*;
+pub(crate) use message::*;
+pub(crate) use presence::*;
+pub(crate) use profile::*;
+pub(crate) use push::*;
+pub(crate) use read_marker::*;
+pub(crate) use redact::*;
+pub(crate) use relations::*;
+pub(crate) use report::*;
+pub(crate) use room::*;
+pub(crate) use search::*;
+pub(crate) use session::*;
+pub(crate) use space::*;
+pub(crate) use state::*;
+pub(crate) use sync::*;
+pub(crate) use tag::*;
+pub(crate) use thirdparty::*;
+pub(crate) use threads::*;
+pub(crate) use to_device::*;
+pub(crate) use typing::*;
+pub(crate) use unstable::*;
+pub(crate) use unversioned::*;
+pub(crate) use user_directory::*;
+pub(crate) use voip::*;

 /// generated device ID length
-pub const DEVICE_ID_LENGTH: usize = 10;
+const DEVICE_ID_LENGTH: usize = 10;

 /// generated user access token length
-pub const TOKEN_LENGTH: usize = 32;
+const TOKEN_LENGTH: usize = 32;

 /// generated user session ID length
-pub const SESSION_ID_LENGTH: usize = 32;
+pub(crate) const SESSION_ID_LENGTH: usize = 32;

 /// auto-generated password length
-pub const AUTO_GEN_PASSWORD_LENGTH: usize = 25;
+pub(crate) const AUTO_GEN_PASSWORD_LENGTH: usize = 25;
--- a/src/api/client_server/presence.rs
+++ b/src/api/client_server/presence.rs
@ -10,7 +10,7 @@ use crate::{services, Error, Result, Ruma};
 /// # `PUT /_matrix/client/r0/presence/{userId}/status`
 ///
 /// Sets the presence state of the sender user.
-pub async fn set_presence_route(body: Ruma<set_presence::v3::Request>) -> Result<set_presence::v3::Response> {
+pub(crate) async fn set_presence_route(body: Ruma<set_presence::v3::Request>) -> Result<set_presence::v3::Response> {
 	if !services().globals.allow_local_presence() {
 		return Err(Error::BadRequest(ErrorKind::forbidden(), "Presence is disabled on this server"));
 	}
@ -28,7 +28,7 @@ pub async fn set_presence_route(body: Ruma<set_presence::v3::Request>) -> Result
 /// Gets the presence state of the given user.
 ///
 /// - Only works if you share a room with the user
-pub async fn get_presence_route(body: Ruma<get_presence::v3::Request>) -> Result<get_presence::v3::Response> {
+pub(crate) async fn get_presence_route(body: Ruma<get_presence::v3::Request>) -> Result<get_presence::v3::Response> {
 	if !services().globals.allow_local_presence() {
 		return Err(Error::BadRequest(ErrorKind::forbidden(), "Presence is disabled on this server"));
 	}
--- a/src/api/client_server/profile.rs
+++ b/src/api/client_server/profile.rs
@ -20,7 +20,7 @@ use crate::{service::pdu::PduBuilder, services, Error, Result, Ruma};
 /// Updates the displayname.
 ///
 /// - Also makes sure other users receive the update using presence EDUs
-pub async fn set_displayname_route(
+pub(crate) async fn set_displayname_route(
 	body: Ruma<set_display_name::v3::Request>,
 ) -> Result<set_display_name::v3::Response> {
 	let sender_user = body.sender_user.as_ref().expect("user is authenticated");
@ -102,7 +102,7 @@ pub async fn set_displayname_route(
 ///
 /// - If user is on another server and we do not have a local copy already
 /// fetch displayname over federation
-pub async fn get_displayname_route(
+pub(crate) async fn get_displayname_route(
 	body: Ruma<get_display_name::v3::Request>,
 ) -> Result<get_display_name::v3::Response> {
 	if body.user_id.server_name() != services().globals.server_name() {
@ -157,7 +157,9 @@ pub async fn get_displayname_route(
 /// Updates the `avatar_url` and `blurhash`.
 ///
 /// - Also makes sure other users receive the update using presence EDUs
-pub async fn set_avatar_url_route(body: Ruma<set_avatar_url::v3::Request>) -> Result<set_avatar_url::v3::Response> {
+pub(crate) async fn set_avatar_url_route(
+	body: Ruma<set_avatar_url::v3::Request>,
+) -> Result<set_avatar_url::v3::Response> {
 	let sender_user = body.sender_user.as_ref().expect("user is authenticated");

 	services()
@ -242,7 +244,9 @@ pub async fn set_avatar_url_route(body: Ruma<set_avatar_url::v3::Request>) -> Re
 ///
 /// - If user is on another server and we do not have a local copy already
 /// fetch `avatar_url` and blurhash over federation
-pub async fn get_avatar_url_route(body: Ruma<get_avatar_url::v3::Request>) -> Result<get_avatar_url::v3::Response> {
+pub(crate) async fn get_avatar_url_route(
+	body: Ruma<get_avatar_url::v3::Request>,
+) -> Result<get_avatar_url::v3::Response> {
 	if body.user_id.server_name() != services().globals.server_name() {
 		// Create and update our local copy of the user
 		if let Ok(response) = services()
@ -298,7 +302,7 @@ pub async fn get_avatar_url_route(body: Ruma<get_avatar_url::v3::Request>) -> Re
 ///
 /// - If user is on another server and we do not have a local copy already,
 /// fetch profile over federation.
-pub async fn get_profile_route(body: Ruma<get_profile::v3::Request>) -> Result<get_profile::v3::Response> {
+pub(crate) async fn get_profile_route(body: Ruma<get_profile::v3::Request>) -> Result<get_profile::v3::Response> {
 	if body.user_id.server_name() != services().globals.server_name() {
 		// Create and update our local copy of the user
 		if let Ok(response) = services()
--- a/src/api/client_server/push.rs
+++ b/src/api/client_server/push.rs
@ -15,7 +15,7 @@ use crate::{services, Error, Result, Ruma};
 /// # `GET /_matrix/client/r0/pushrules/`
 ///
 /// Retrieves the push rules event for this user.
-pub async fn get_pushrules_all_route(
+pub(crate) async fn get_pushrules_all_route(
 	body: Ruma<get_pushrules_all::v3::Request>,
 ) -> Result<get_pushrules_all::v3::Response> {
 	let sender_user = body.sender_user.as_ref().expect("user is authenticated");
@ -55,7 +55,7 @@ pub async fn get_pushrules_all_route(
 /// # `GET /_matrix/client/r0/pushrules/{scope}/{kind}/{ruleId}`
 ///
 /// Retrieves a single specified push rule for this user.
-pub async fn get_pushrule_route(body: Ruma<get_pushrule::v3::Request>) -> Result<get_pushrule::v3::Response> {
+pub(crate) async fn get_pushrule_route(body: Ruma<get_pushrule::v3::Request>) -> Result<get_pushrule::v3::Response> {
 	let sender_user = body.sender_user.as_ref().expect("user is authenticated");

 	let event = services()
@ -84,7 +84,7 @@ pub async fn get_pushrule_route(body: Ruma<get_pushrule::v3::Request>) -> Result
 /// # `PUT /_matrix/client/r0/pushrules/{scope}/{kind}/{ruleId}`
 ///
 /// Creates a single specified push rule for this user.
-pub async fn set_pushrule_route(body: Ruma<set_pushrule::v3::Request>) -> Result<set_pushrule::v3::Response> {
+pub(crate) async fn set_pushrule_route(body: Ruma<set_pushrule::v3::Request>) -> Result<set_pushrule::v3::Response> {
 	let sender_user = body.sender_user.as_ref().expect("user is authenticated");
 	let body = body.body;

@ -147,7 +147,7 @@ pub async fn set_pushrule_route(body: Ruma<set_pushrule::v3::Request>) -> Result
 /// # `GET /_matrix/client/r0/pushrules/{scope}/{kind}/{ruleId}/actions`
 ///
 /// Gets the actions of a single specified push rule for this user.
-pub async fn get_pushrule_actions_route(
+pub(crate) async fn get_pushrule_actions_route(
 	body: Ruma<get_pushrule_actions::v3::Request>,
 ) -> Result<get_pushrule_actions::v3::Response> {
 	let sender_user = body.sender_user.as_ref().expect("user is authenticated");
@ -182,7 +182,7 @@ pub async fn get_pushrule_actions_route(
 /// # `PUT /_matrix/client/r0/pushrules/{scope}/{kind}/{ruleId}/actions`
 ///
 /// Sets the actions of a single specified push rule for this user.
-pub async fn set_pushrule_actions_route(
+pub(crate) async fn set_pushrule_actions_route(
 	body: Ruma<set_pushrule_actions::v3::Request>,
 ) -> Result<set_pushrule_actions::v3::Response> {
 	let sender_user = body.sender_user.as_ref().expect("user is authenticated");
@ -224,7 +224,7 @@ pub async fn set_pushrule_actions_route(
 /// # `GET /_matrix/client/r0/pushrules/{scope}/{kind}/{ruleId}/enabled`
 ///
 /// Gets the enabled status of a single specified push rule for this user.
-pub async fn get_pushrule_enabled_route(
+pub(crate) async fn get_pushrule_enabled_route(
 	body: Ruma<get_pushrule_enabled::v3::Request>,
 ) -> Result<get_pushrule_enabled::v3::Response> {
 	let sender_user = body.sender_user.as_ref().expect("user is authenticated");
@ -258,7 +258,7 @@ pub async fn get_pushrule_enabled_route(
 /// # `PUT /_matrix/client/r0/pushrules/{scope}/{kind}/{ruleId}/enabled`
 ///
 /// Sets the enabled status of a single specified push rule for this user.
-pub async fn set_pushrule_enabled_route(
+pub(crate) async fn set_pushrule_enabled_route(
 	body: Ruma<set_pushrule_enabled::v3::Request>,
 ) -> Result<set_pushrule_enabled::v3::Response> {
 	let sender_user = body.sender_user.as_ref().expect("user is authenticated");
@ -300,7 +300,9 @@ pub async fn set_pushrule_enabled_route(
 /// # `DELETE /_matrix/client/r0/pushrules/{scope}/{kind}/{ruleId}`
 ///
 /// Deletes a single specified push rule for this user.
-pub async fn delete_pushrule_route(body: Ruma<delete_pushrule::v3::Request>) -> Result<delete_pushrule::v3::Response> {
+pub(crate) async fn delete_pushrule_route(
+	body: Ruma<delete_pushrule::v3::Request>,
+) -> Result<delete_pushrule::v3::Response> {
 	let sender_user = body.sender_user.as_ref().expect("user is authenticated");

 	if body.scope != RuleScope::Global {
@ -347,7 +349,7 @@ pub async fn delete_pushrule_route(body: Ruma<delete_pushrule::v3::Request>) ->
 /// # `GET /_matrix/client/r0/pushers`
 ///
 /// Gets all currently active pushers for the sender user.
-pub async fn get_pushers_route(body: Ruma<get_pushers::v3::Request>) -> Result<get_pushers::v3::Response> {
+pub(crate) async fn get_pushers_route(body: Ruma<get_pushers::v3::Request>) -> Result<get_pushers::v3::Response> {
 	let sender_user = body.sender_user.as_ref().expect("user is authenticated");

 	Ok(get_pushers::v3::Response {
@ -360,7 +362,7 @@ pub async fn get_pushers_route(body: Ruma<get_pushers::v3::Request>) -> Result<g
 /// Adds a pusher for the sender user.
 ///
 /// - TODO: Handle `append`
-pub async fn set_pushers_route(body: Ruma<set_pusher::v3::Request>) -> Result<set_pusher::v3::Response> {
+pub(crate) async fn set_pushers_route(body: Ruma<set_pusher::v3::Request>) -> Result<set_pusher::v3::Response> {
 	let sender_user = body.sender_user.as_ref().expect("user is authenticated");

 	services()
--- a/src/api/client_server/read_marker.rs
+++ b/src/api/client_server/read_marker.rs
@ -18,7 +18,9 @@ use crate::{service::rooms::timeline::PduCount, services, Error, Result, Ruma};
 /// - Updates fully-read account data event to `fully_read`
 /// - If `read_receipt` is set: Update private marker and public read receipt
 ///   EDU
-pub async fn set_read_marker_route(body: Ruma<set_read_marker::v3::Request>) -> Result<set_read_marker::v3::Response> {
+pub(crate) async fn set_read_marker_route(
+	body: Ruma<set_read_marker::v3::Request>,
+) -> Result<set_read_marker::v3::Response> {
 	let sender_user = body.sender_user.as_ref().expect("user is authenticated");

 	if let Some(fully_read) = &body.fully_read {
@ -95,7 +97,9 @@ pub async fn set_read_marker_route(body: Ruma<set_read_marker::v3::Request>) ->
 /// # `POST /_matrix/client/r0/rooms/{roomId}/receipt/{receiptType}/{eventId}`
 ///
 /// Sets private read marker and public read receipt EDU.
-pub async fn create_receipt_route(body: Ruma<create_receipt::v3::Request>) -> Result<create_receipt::v3::Response> {
+pub(crate) async fn create_receipt_route(
+	body: Ruma<create_receipt::v3::Request>,
+) -> Result<create_receipt::v3::Response> {
 	let sender_user = body.sender_user.as_ref().expect("user is authenticated");

 	if matches!(
--- a/src/api/client_server/redact.rs
+++ b/src/api/client_server/redact.rs
@ -13,7 +13,7 @@ use crate::{service::pdu::PduBuilder, services, Result, Ruma};
 /// Tries to send a redaction event into the room.
 ///
 /// - TODO: Handle txn id
-pub async fn redact_event_route(body: Ruma<redact_event::v3::Request>) -> Result<redact_event::v3::Response> {
+pub(crate) async fn redact_event_route(body: Ruma<redact_event::v3::Request>) -> Result<redact_event::v3::Response> {
 	let sender_user = body.sender_user.as_ref().expect("user is authenticated");
 	let body = body.body;

--- a/src/api/client_server/relations.rs
+++ b/src/api/client_server/relations.rs
@ -5,7 +5,7 @@ use ruma::api::client::relations::{
 use crate::{services, Result, Ruma};

 /// # `GET /_matrix/client/r0/rooms/{roomId}/relations/{eventId}/{relType}/{eventType}`
-pub async fn get_relating_events_with_rel_type_and_event_type_route(
+pub(crate) async fn get_relating_events_with_rel_type_and_event_type_route(
 	body: Ruma<get_relating_events_with_rel_type_and_event_type::v1::Request>,
 ) -> Result<get_relating_events_with_rel_type_and_event_type::v1::Response> {
 	let sender_user = body.sender_user.as_ref().expect("user is authenticated");
@ -35,7 +35,7 @@ pub async fn get_relating_events_with_rel_type_and_event_type_route(
 }

 /// # `GET /_matrix/client/r0/rooms/{roomId}/relations/{eventId}/{relType}`
-pub async fn get_relating_events_with_rel_type_route(
+pub(crate) async fn get_relating_events_with_rel_type_route(
 	body: Ruma<get_relating_events_with_rel_type::v1::Request>,
 ) -> Result<get_relating_events_with_rel_type::v1::Response> {
 	let sender_user = body.sender_user.as_ref().expect("user is authenticated");
@ -65,7 +65,7 @@ pub async fn get_relating_events_with_rel_type_route(
 }

 /// # `GET /_matrix/client/r0/rooms/{roomId}/relations/{eventId}`
-pub async fn get_relating_events_route(
+pub(crate) async fn get_relating_events_route(
 	body: Ruma<get_relating_events::v1::Request>,
 ) -> Result<get_relating_events::v1::Response> {
 	let sender_user = body.sender_user.as_ref().expect("user is authenticated");
--- a/src/api/client_server/report.rs
+++ b/src/api/client_server/report.rs
@ -14,7 +14,9 @@ use crate::{services, utils::HtmlEscape, Error, Result, Ruma};
 /// # `POST /_matrix/client/v3/rooms/{roomId}/report/{eventId}`
 ///
 /// Reports an inappropriate event to homeserver admins
-pub async fn report_event_route(body: Ruma<report_content::v3::Request>) -> Result<report_content::v3::Response> {
+pub(crate) async fn report_event_route(
+	body: Ruma<report_content::v3::Request>,
+) -> Result<report_content::v3::Response> {
 	// user authentication
 	let sender_user = body.sender_user.as_ref().expect("user is authenticated");

--- a/src/api/client_server/room.rs
+++ b/src/api/client_server/room.rs
@ -45,7 +45,7 @@ use crate::{api::client_server::invite_helper, service::pdu::PduBuilder, service
 /// - Send events listed in initial state
 /// - Send events implied by `name` and `topic`
 /// - Send invite events
-pub async fn create_room_route(body: Ruma<create_room::v3::Request>) -> Result<create_room::v3::Response> {
+pub(crate) async fn create_room_route(body: Ruma<create_room::v3::Request>) -> Result<create_room::v3::Response> {
 	use create_room::v3::RoomPreset;

 	let sender_user = body.sender_user.as_ref().expect("user is authenticated");
@ -603,7 +603,9 @@ pub async fn create_room_route(body: Ruma<create_room::v3::Request>) -> Result<c
 ///
 /// - You have to currently be joined to the room (TODO: Respect history
 ///   visibility)
-pub async fn get_room_event_route(body: Ruma<get_room_event::v3::Request>) -> Result<get_room_event::v3::Response> {
+pub(crate) async fn get_room_event_route(
+	body: Ruma<get_room_event::v3::Request>,
+) -> Result<get_room_event::v3::Response> {
 	let sender_user = body.sender_user.as_ref().expect("user is authenticated");

 	let event = services()
@ -640,7 +642,7 @@ pub async fn get_room_event_route(body: Ruma<get_room_event::v3::Request>) -> Re
 ///
 /// - Only users joined to the room are allowed to call this, or if
 ///   `history_visibility` is world readable in the room
-pub async fn get_room_aliases_route(body: Ruma<aliases::v3::Request>) -> Result<aliases::v3::Response> {
+pub(crate) async fn get_room_aliases_route(body: Ruma<aliases::v3::Request>) -> Result<aliases::v3::Response> {
 	let sender_user = body.sender_user.as_ref().expect("user is authenticated");

 	if !services()
@ -674,7 +676,7 @@ pub async fn get_room_aliases_route(body: Ruma<aliases::v3::Request>) -> Result<
 /// - Transfers some state events
 /// - Moves local aliases
 /// - Modifies old room power levels to prevent users from speaking
-pub async fn upgrade_room_route(body: Ruma<upgrade_room::v3::Request>) -> Result<upgrade_room::v3::Response> {
+pub(crate) async fn upgrade_room_route(body: Ruma<upgrade_room::v3::Request>) -> Result<upgrade_room::v3::Response> {
 	let sender_user = body.sender_user.as_ref().expect("user is authenticated");

 	if !services()
--- a/src/api/client_server/search.rs
+++ b/src/api/client_server/search.rs
@ -22,7 +22,7 @@ use crate::{services, Error, Result, Ruma};
 ///
 /// - Only works if the user is currently joined to the room (TODO: Respect
 ///   history visibility)
-pub async fn search_events_route(body: Ruma<search_events::v3::Request>) -> Result<search_events::v3::Response> {
+pub(crate) async fn search_events_route(body: Ruma<search_events::v3::Request>) -> Result<search_events::v3::Response> {
 	let sender_user = body.sender_user.as_ref().expect("user is authenticated");

 	let search_criteria = body.search_categories.room_events.as_ref().unwrap();
--- a/src/api/client_server/session.rs
+++ b/src/api/client_server/session.rs
@ -33,7 +33,9 @@ struct Claims {
 ///
 /// Get the supported login types of this server. One of these should be used as
 /// the `type` field when logging in.
-pub async fn get_login_types_route(_body: Ruma<get_login_types::v3::Request>) -> Result<get_login_types::v3::Response> {
+pub(crate) async fn get_login_types_route(
+	_body: Ruma<get_login_types::v3::Request>,
+) -> Result<get_login_types::v3::Response> {
 	Ok(get_login_types::v3::Response::new(vec![
 		get_login_types::v3::LoginType::Password(PasswordLoginType::default()),
 		get_login_types::v3::LoginType::ApplicationService(ApplicationServiceLoginType::default()),
@ -54,7 +56,7 @@ pub async fn get_login_types_route(_body: Ruma<get_login_types::v3::Request>) ->
 /// Note: You can use [`GET
 /// /_matrix/client/r0/login`](fn.get_supported_versions_route.html) to see
 /// supported login types.
-pub async fn login_route(body: Ruma<login::v3::Request>) -> Result<login::v3::Response> {
+pub(crate) async fn login_route(body: Ruma<login::v3::Request>) -> Result<login::v3::Response> {
 	// Validate login method
 	// TODO: Other login methods
 	let user_id = match &body.login_info {
@ -235,7 +237,7 @@ pub async fn login_route(body: Ruma<login::v3::Request>) -> Result<login::v3::Re
 ///   last seen ts)
 /// - Forgets to-device events
 /// - Triggers device list updates
-pub async fn logout_route(body: Ruma<logout::v3::Request>) -> Result<logout::v3::Response> {
+pub(crate) async fn logout_route(body: Ruma<logout::v3::Request>) -> Result<logout::v3::Response> {
 	let sender_user = body.sender_user.as_ref().expect("user is authenticated");
 	let sender_device = body.sender_device.as_ref().expect("user is authenticated");

@ -260,7 +262,7 @@ pub async fn logout_route(body: Ruma<logout::v3::Request>) -> Result<logout::v3:
 /// Note: This is equivalent to calling [`GET
 /// /_matrix/client/r0/logout`](fn.logout_route.html) from each device of this
 /// user.
-pub async fn logout_all_route(body: Ruma<logout_all::v3::Request>) -> Result<logout_all::v3::Response> {
+pub(crate) async fn logout_all_route(body: Ruma<logout_all::v3::Request>) -> Result<logout_all::v3::Response> {
 	let sender_user = body.sender_user.as_ref().expect("user is authenticated");

 	for device_id in services().users.all_device_ids(sender_user).flatten() {
--- a/src/api/client_server/space.rs
+++ b/src/api/client_server/space.rs
@ -11,7 +11,7 @@ use crate::{service::rooms::spaces::PagnationToken, services, Error, Result, Rum
 ///
 /// Paginates over the space tree in a depth-first manner to locate child rooms
 /// of a given space.
-pub async fn get_hierarchy_route(body: Ruma<get_hierarchy::v1::Request>) -> Result<get_hierarchy::v1::Response> {
+pub(crate) async fn get_hierarchy_route(body: Ruma<get_hierarchy::v1::Request>) -> Result<get_hierarchy::v1::Response> {
 	let sender_user = body.sender_user.as_ref().expect("user is authenticated");

 	let limit = body
--- a/src/api/client_server/state.rs
+++ b/src/api/client_server/state.rs
@ -31,7 +31,7 @@ use crate::{
 /// - Tries to send the event into the room, auth rules will determine if it is
 ///   allowed
 /// - If event is new `canonical_alias`: Rejects if alias is incorrect
-pub async fn send_state_event_for_key_route(
+pub(crate) async fn send_state_event_for_key_route(
 	body: Ruma<send_state_event::v3::Request>,
 ) -> Result<send_state_event::v3::Response> {
 	let sender_user = body.sender_user.as_ref().expect("user is authenticated");
@ -59,7 +59,7 @@ pub async fn send_state_event_for_key_route(
 /// - Tries to send the event into the room, auth rules will determine if it is
 ///   allowed
 /// - If event is new `canonical_alias`: Rejects if alias is incorrect
-pub async fn send_state_event_for_empty_key_route(
+pub(crate) async fn send_state_event_for_empty_key_route(
 	body: Ruma<send_state_event::v3::Request>,
 ) -> Result<RumaResponse<send_state_event::v3::Response>> {
 	let sender_user = body.sender_user.as_ref().expect("user is authenticated");
@ -86,7 +86,7 @@ pub async fn send_state_event_for_empty_key_route(
 ///
 /// - If not joined: Only works if current room history visibility is world
 ///   readable
-pub async fn get_state_events_route(
+pub(crate) async fn get_state_events_route(
 	body: Ruma<get_state_events::v3::Request>,
 ) -> Result<get_state_events::v3::Response> {
 	let sender_user = body.sender_user.as_ref().expect("user is authenticated");
@ -122,7 +122,7 @@ pub async fn get_state_events_route(
 ///
 /// - If not joined: Only works if current room history visibility is world
 ///   readable
-pub async fn get_state_events_for_key_route(
+pub(crate) async fn get_state_events_for_key_route(
 	body: Ruma<get_state_events_for_key::v3::Request>,
 ) -> Result<get_state_events_for_key::v3::Response> {
 	let sender_user = body.sender_user.as_ref().expect("user is authenticated");
@ -177,7 +177,7 @@ pub async fn get_state_events_for_key_route(
 ///
 /// - If not joined: Only works if current room history visibility is world
 ///   readable
-pub async fn get_state_events_for_empty_key_route(
+pub(crate) async fn get_state_events_for_empty_key_route(
 	body: Ruma<get_state_events_for_key::v3::Request>,
 ) -> Result<RumaResponse<get_state_events_for_key::v3::Response>> {
 	let sender_user = body.sender_user.as_ref().expect("user is authenticated");
--- a/src/api/client_server/sync.rs
+++ b/src/api/client_server/sync.rs
@ -77,7 +77,7 @@ use crate::{
 /// - Sync is handled in an async task, multiple requests from the same device
 ///   with the same
 /// `since` will be cached
-pub async fn sync_events_route(
+pub(crate) async fn sync_events_route(
 	body: Ruma<sync_events::v3::Request>,
 ) -> Result<sync_events::v3::Response, RumaResponse<UiaaResponse>> {
 	let sender_user = body.sender_user.expect("user is authenticated");
@ -1172,7 +1172,7 @@ fn share_encrypted_room(sender_user: &UserId, user_id: &UserId, ignore_room: &Ro
 /// POST `/_matrix/client/unstable/org.matrix.msc3575/sync`
 ///
 /// Sliding Sync endpoint (future endpoint: `/_matrix/client/v4/sync`)
-pub async fn sync_events_v4_route(
+pub(crate) async fn sync_events_v4_route(
 	body: Ruma<sync_events::v4::Request>,
 ) -> Result<sync_events::v4::Response, RumaResponse<UiaaResponse>> {
 	let sender_user = body.sender_user.expect("user is authenticated");
--- a/src/api/client_server/tag.rs
+++ b/src/api/client_server/tag.rs
@ -15,7 +15,7 @@ use crate::{services, Error, Result, Ruma};
 /// Adds a tag to the room.
 ///
 /// - Inserts the tag into the tag event of the room account data.
-pub async fn update_tag_route(body: Ruma<create_tag::v3::Request>) -> Result<create_tag::v3::Response> {
+pub(crate) async fn update_tag_route(body: Ruma<create_tag::v3::Request>) -> Result<create_tag::v3::Response> {
 	let sender_user = body.sender_user.as_ref().expect("user is authenticated");

 	let event = services()
@ -53,7 +53,7 @@ pub async fn update_tag_route(body: Ruma<create_tag::v3::Request>) -> Result<cre
 /// Deletes a tag from the room.
 ///
 /// - Removes the tag from the tag event of the room account data.
-pub async fn delete_tag_route(body: Ruma<delete_tag::v3::Request>) -> Result<delete_tag::v3::Response> {
+pub(crate) async fn delete_tag_route(body: Ruma<delete_tag::v3::Request>) -> Result<delete_tag::v3::Response> {
 	let sender_user = body.sender_user.as_ref().expect("user is authenticated");

 	let event = services()
@ -88,7 +88,7 @@ pub async fn delete_tag_route(body: Ruma<delete_tag::v3::Request>) -> Result<del
 /// Returns tags on the room.
 ///
 /// - Gets the tag event of the room account data.
-pub async fn get_tags_route(body: Ruma<get_tags::v3::Request>) -> Result<get_tags::v3::Response> {
+pub(crate) async fn get_tags_route(body: Ruma<get_tags::v3::Request>) -> Result<get_tags::v3::Response> {
 	let sender_user = body.sender_user.as_ref().expect("user is authenticated");

 	let event = services()
--- a/src/api/client_server/thirdparty.rs
+++ b/src/api/client_server/thirdparty.rs
@ -7,7 +7,9 @@ use crate::{Result, Ruma};
 /// # `GET /_matrix/client/r0/thirdparty/protocols`
 ///
 /// TODO: Fetches all metadata about protocols supported by the homeserver.
-pub async fn get_protocols_route(_body: Ruma<get_protocols::v3::Request>) -> Result<get_protocols::v3::Response> {
+pub(crate) async fn get_protocols_route(
+	_body: Ruma<get_protocols::v3::Request>,
+) -> Result<get_protocols::v3::Response> {
 	// TODO
 	Ok(get_protocols::v3::Response {
 		protocols: BTreeMap::new(),
--- a/src/api/client_server/threads.rs
+++ b/src/api/client_server/threads.rs
@ -3,7 +3,7 @@ use ruma::api::client::{error::ErrorKind, threads::get_threads};
 use crate::{services, Error, Result, Ruma};

 /// # `GET /_matrix/client/r0/rooms/{roomId}/threads`
-pub async fn get_threads_route(body: Ruma<get_threads::v1::Request>) -> Result<get_threads::v1::Response> {
+pub(crate) async fn get_threads_route(body: Ruma<get_threads::v1::Request>) -> Result<get_threads::v1::Response> {
 	let sender_user = body.sender_user.as_ref().expect("user is authenticated");

 	// Use limit or else 10, with maximum 100
--- a/src/api/client_server/to_device.rs
+++ b/src/api/client_server/to_device.rs
@ -13,7 +13,7 @@ use crate::{services, Error, Result, Ruma};
 /// # `PUT /_matrix/client/r0/sendToDevice/{eventType}/{txnId}`
 ///
 /// Send a to-device event to a set of client devices.
-pub async fn send_event_to_device_route(
+pub(crate) async fn send_event_to_device_route(
 	body: Ruma<send_event_to_device::v3::Request>,
 ) -> Result<send_event_to_device::v3::Response> {
 	let sender_user = body.sender_user.as_ref().expect("user is authenticated");
--- a/src/api/client_server/typing.rs
+++ b/src/api/client_server/typing.rs
@ -5,7 +5,7 @@ use crate::{services, utils, Error, Result, Ruma};
 /// # `PUT /_matrix/client/r0/rooms/{roomId}/typing/{userId}`
 ///
 /// Sets the typing state of the sender user.
-pub async fn create_typing_event_route(
+pub(crate) async fn create_typing_event_route(
 	body: Ruma<create_typing_event::v3::Request>,
 ) -> Result<create_typing_event::v3::Response> {
 	use create_typing_event::v3::Typing;
--- a/src/api/client_server/unstable.rs
+++ b/src/api/client_server/unstable.rs
@ -12,7 +12,7 @@ use crate::{services, Error, Result, Ruma};
 /// TODO: Implement pagination, currently this just returns everything
 ///
 /// An implementation of [MSC2666](https://github.com/matrix-org/matrix-spec-proposals/pull/2666)
-pub async fn get_mutual_rooms_route(
+pub(crate) async fn get_mutual_rooms_route(
 	body: Ruma<mutual_rooms::unstable::Request>,
 ) -> Result<mutual_rooms::unstable::Response> {
 	let sender_user = body.sender_user.as_ref().expect("user is authenticated");
--- a/src/api/client_server/unversioned.rs
+++ b/src/api/client_server/unversioned.rs
@ -24,7 +24,7 @@ use crate::{services, Error, Result, Ruma};
 ///
 /// Note: Unstable features are used while developing new features. Clients
 /// should avoid using unstable features in their stable releases
-pub async fn get_supported_versions_route(
+pub(crate) async fn get_supported_versions_route(
 	_body: Ruma<get_supported_versions::Request>,
 ) -> Result<get_supported_versions::Response> {
 	let resp = get_supported_versions::Response {
@ -60,7 +60,9 @@ pub async fn get_supported_versions_route(
 /// # `GET /.well-known/matrix/client`
 ///
 /// Returns the .well-known URL if it is configured, otherwise returns 404.
-pub async fn well_known_client(_body: Ruma<discover_homeserver::Request>) -> Result<discover_homeserver::Response> {
+pub(crate) async fn well_known_client(
+	_body: Ruma<discover_homeserver::Request>,
+) -> Result<discover_homeserver::Response> {
 	let client_url = match services().globals.well_known_client() {
 		Some(url) => url.to_string(),
 		None => return Err(Error::BadRequest(ErrorKind::NotFound, "Not found.")),
@ -81,7 +83,7 @@ pub async fn well_known_client(_body: Ruma<discover_homeserver::Request>) -> Res
 /// # `GET /.well-known/matrix/support`
 ///
 /// Server support contact and support page of a homeserver's domain.
-pub async fn well_known_support(_body: Ruma<discover_support::Request>) -> Result<discover_support::Response> {
+pub(crate) async fn well_known_support(_body: Ruma<discover_support::Request>) -> Result<discover_support::Response> {
 	let support_page = services()
 		.globals
 		.well_known_support_page()
@ -131,7 +133,7 @@ pub async fn well_known_support(_body: Ruma<discover_support::Request>) -> Resul
 ///
 /// Endpoint provided by sliding sync proxy used by some clients such as Element
 /// Web as a non-standard health check.
-pub async fn syncv3_client_server_json() -> Result<impl IntoResponse> {
+pub(crate) async fn syncv3_client_server_json() -> Result<impl IntoResponse> {
 	let server_url = match services().globals.well_known_client() {
 		Some(url) => url.to_string(),
 		None => match services().globals.well_known_server() {
@ -155,7 +157,7 @@ pub async fn syncv3_client_server_json() -> Result<impl IntoResponse> {
 ///
 /// Conduwuit-specific API to get the server version, results akin to
 /// `/_matrix/federation/v1/version`
-pub async fn conduwuit_server_version() -> Result<impl IntoResponse> {
+pub(crate) async fn conduwuit_server_version() -> Result<impl IntoResponse> {
 	let version = match option_env!("CONDUIT_VERSION_EXTRA") {
 		Some(extra) => format!("{} ({})", env!("CARGO_PKG_VERSION"), extra),
 		None => env!("CARGO_PKG_VERSION").to_owned(),
--- a/src/api/client_server/user_directory.rs
+++ b/src/api/client_server/user_directory.rs
@ -15,7 +15,7 @@ use crate::{services, Result, Ruma};
 /// - Hides any local users that aren't in any public rooms (i.e. those that
 ///   have the join rule set to public)
 /// and don't share a room with the sender
-pub async fn search_users_route(body: Ruma<search_users::v3::Request>) -> Result<search_users::v3::Response> {
+pub(crate) async fn search_users_route(body: Ruma<search_users::v3::Request>) -> Result<search_users::v3::Response> {
 	let sender_user = body.sender_user.as_ref().expect("user is authenticated");
 	let limit = u64::from(body.limit) as usize;

--- a/src/api/client_server/voip.rs
+++ b/src/api/client_server/voip.rs
@ -12,7 +12,7 @@ type HmacSha1 = Hmac<Sha1>;
 /// # `GET /_matrix/client/r0/voip/turnServer`
 ///
 /// TODO: Returns information about the recommended turn server.
-pub async fn turn_server_route(
+pub(crate) async fn turn_server_route(
 	body: Ruma<get_turn_server_info::v3::Request>,
 ) -> Result<get_turn_server_info::v3::Response> {
 	let sender_user = body.sender_user.as_ref().expect("user is authenticated");
--- a/src/api/mod.rs
+++ b/src/api/mod.rs
@ -1,3 +1,3 @@
-pub mod client_server;
-pub mod ruma_wrapper;
-pub mod server_server;
+pub(crate) mod client_server;
+pub(crate) mod ruma_wrapper;
+pub(crate) mod server_server;
--- a/src/api/ruma_wrapper/mod.rs
+++ b/src/api/ruma_wrapper/mod.rs
@ -7,14 +7,13 @@ use crate::{service::appservice::RegistrationInfo, Error};
 mod axum;

 /// Extractor for Ruma request structs
-pub struct Ruma<T> {
-	pub body: T,
-	pub sender_user: Option<OwnedUserId>,
-	pub sender_device: Option<OwnedDeviceId>,
-	pub sender_servername: Option<OwnedServerName>,
-	// This is None when body is not a valid string
-	pub json_body: Option<CanonicalJsonValue>,
-	pub appservice_info: Option<RegistrationInfo>,
+pub(crate) struct Ruma<T> {
+	pub(crate) body: T,
+	pub(crate) sender_user: Option<OwnedUserId>,
+	pub(crate) sender_device: Option<OwnedDeviceId>,
+	pub(crate) sender_servername: Option<OwnedServerName>,
+	pub(crate) json_body: Option<CanonicalJsonValue>, // This is None when body is not a valid string
+	pub(crate) appservice_info: Option<RegistrationInfo>,
 }

 impl<T> Deref for Ruma<T> {
@ -24,7 +23,7 @@ impl<T> Deref for Ruma<T> {
 }

 #[derive(Clone)]
-pub struct RumaResponse<T>(pub T);
+pub(crate) struct RumaResponse<T>(pub(crate) T);

 impl<T> From<T> for RumaResponse<T> {
 	fn from(t: T) -> Self { Self(t) }
--- a/src/api/server_server.rs
+++ b/src/api/server_server.rs
@ -60,7 +60,7 @@ use crate::{
 /// # `GET /_matrix/federation/v1/version`
 ///
 /// Get version information on this server.
-pub async fn get_server_version_route(
+pub(crate) async fn get_server_version_route(
 	_body: Ruma<get_server_version::v1::Request>,
 ) -> Result<get_server_version::v1::Response> {
 	let version = match option_env!("CONDUIT_VERSION_EXTRA") {
@ -85,7 +85,7 @@ pub async fn get_server_version_route(
 /// forever.
 // Response type for this endpoint is Json because we need to calculate a
 // signature for the response
-pub async fn get_server_keys_route() -> Result<impl IntoResponse> {
+pub(crate) async fn get_server_keys_route() -> Result<impl IntoResponse> {
 	let mut verify_keys: BTreeMap<OwnedServerSigningKeyId, VerifyKey> = BTreeMap::new();
 	verify_keys.insert(
 		format!("ed25519:{}", services().globals.keypair().version())
@ -132,12 +132,12 @@ pub async fn get_server_keys_route() -> Result<impl IntoResponse> {
 /// - Matrix does not support invalidating public keys, so the key returned by
 ///   this will be valid
 /// forever.
-pub async fn get_server_keys_deprecated_route() -> impl IntoResponse { get_server_keys_route().await }
+pub(crate) async fn get_server_keys_deprecated_route() -> impl IntoResponse { get_server_keys_route().await }

 /// # `POST /_matrix/federation/v1/publicRooms`
 ///
 /// Lists the public rooms on this server.
-pub async fn get_public_rooms_filtered_route(
+pub(crate) async fn get_public_rooms_filtered_route(
 	body: Ruma<get_public_rooms_filtered::v1::Request>,
 ) -> Result<get_public_rooms_filtered::v1::Response> {
 	if !services()
@ -171,7 +171,7 @@ pub async fn get_public_rooms_filtered_route(
 /// # `GET /_matrix/federation/v1/publicRooms`
 ///
 /// Lists the public rooms on this server.
-pub async fn get_public_rooms_route(
+pub(crate) async fn get_public_rooms_route(
 	body: Ruma<get_public_rooms::v1::Request>,
 ) -> Result<get_public_rooms::v1::Response> {
 	if !services()
@ -202,7 +202,7 @@ pub async fn get_public_rooms_route(
 	})
 }

-pub fn parse_incoming_pdu(pdu: &RawJsonValue) -> Result<(OwnedEventId, CanonicalJsonObject, OwnedRoomId)> {
+pub(crate) fn parse_incoming_pdu(pdu: &RawJsonValue) -> Result<(OwnedEventId, CanonicalJsonObject, OwnedRoomId)> {
 	let value: CanonicalJsonObject = serde_json::from_str(pdu.get()).map_err(|e| {
 		warn!("Error parsing incoming event {:?}: {:?}", pdu, e);
 		Error::BadServerResponse("Invalid PDU in server response")
@ -231,7 +231,7 @@ pub fn parse_incoming_pdu(pdu: &RawJsonValue) -> Result<(OwnedEventId, Canonical
 /// # `PUT /_matrix/federation/v1/send/{txnId}`
 ///
 /// Push EDUs and PDUs to this server.
-pub async fn send_transaction_message_route(
+pub(crate) async fn send_transaction_message_route(
 	body: Ruma<send_transaction_message::v1::Request>,
 ) -> Result<send_transaction_message::v1::Response> {
 	let sender_servername = body
@ -522,7 +522,7 @@ pub async fn send_transaction_message_route(
 ///
 /// - Only works if a user of this server is currently invited or joined the
 ///   room
-pub async fn get_event_route(body: Ruma<get_event::v1::Request>) -> Result<get_event::v1::Response> {
+pub(crate) async fn get_event_route(body: Ruma<get_event::v1::Request>) -> Result<get_event::v1::Response> {
 	let sender_servername = body
 		.sender_servername
 		.as_ref()
@ -572,7 +572,7 @@ pub async fn get_event_route(body: Ruma<get_event::v1::Request>) -> Result<get_e
 ///
 /// Retrieves events from before the sender joined the room, if the room's
 /// history visibility allows.
-pub async fn get_backfill_route(body: Ruma<get_backfill::v1::Request>) -> Result<get_backfill::v1::Response> {
+pub(crate) async fn get_backfill_route(body: Ruma<get_backfill::v1::Request>) -> Result<get_backfill::v1::Response> {
 	let sender_servername = body
 		.sender_servername
 		.as_ref()
@ -635,7 +635,7 @@ pub async fn get_backfill_route(body: Ruma<get_backfill::v1::Request>) -> Result
 /// # `POST /_matrix/federation/v1/get_missing_events/{roomId}`
 ///
 /// Retrieves events that the sender is missing.
-pub async fn get_missing_events_route(
+pub(crate) async fn get_missing_events_route(
 	body: Ruma<get_missing_events::v1::Request>,
 ) -> Result<get_missing_events::v1::Response> {
 	let sender_servername = body
@ -718,7 +718,7 @@ pub async fn get_missing_events_route(
 /// Retrieves the auth chain for a given event.
 ///
 /// - This does not include the event itself
-pub async fn get_event_authorization_route(
+pub(crate) async fn get_event_authorization_route(
 	body: Ruma<get_event_authorization::v1::Request>,
 ) -> Result<get_event_authorization::v1::Response> {
 	let sender_servername = body
@ -773,7 +773,9 @@ pub async fn get_event_authorization_route(
 /// # `GET /_matrix/federation/v1/state/{roomId}`
 ///
 /// Retrieves the current state of the room.
-pub async fn get_room_state_route(body: Ruma<get_room_state::v1::Request>) -> Result<get_room_state::v1::Response> {
+pub(crate) async fn get_room_state_route(
+	body: Ruma<get_room_state::v1::Request>,
+) -> Result<get_room_state::v1::Response> {
 	let sender_servername = body
 		.sender_servername
 		.as_ref()
@ -840,7 +842,7 @@ pub async fn get_room_state_route(body: Ruma<get_room_state::v1::Request>) -> Re
 /// # `GET /_matrix/federation/v1/state_ids/{roomId}`
 ///
 /// Retrieves the current state of the room.
-pub async fn get_room_state_ids_route(
+pub(crate) async fn get_room_state_ids_route(
 	body: Ruma<get_room_state_ids::v1::Request>,
 ) -> Result<get_room_state_ids::v1::Response> {
 	let sender_servername = body
@ -891,7 +893,7 @@ pub async fn get_room_state_ids_route(
 /// # `GET /_matrix/federation/v1/make_join/{roomId}/{userId}`
 ///
 /// Creates a join template.
-pub async fn create_join_event_template_route(
+pub(crate) async fn create_join_event_template_route(
 	body: Ruma<prepare_join_event::v1::Request>,
 ) -> Result<prepare_join_event::v1::Response> {
 	if !services().rooms.metadata.exists(&body.room_id)? {
@ -1224,7 +1226,7 @@ async fn create_join_event(
 /// # `PUT /_matrix/federation/v1/send_join/{roomId}/{eventId}`
 ///
 /// Submits a signed join event.
-pub async fn create_join_event_v1_route(
+pub(crate) async fn create_join_event_v1_route(
 	body: Ruma<create_join_event::v1::Request>,
 ) -> Result<create_join_event::v1::Response> {
 	let sender_servername = body
@ -1278,7 +1280,7 @@ pub async fn create_join_event_v1_route(
 /// # `PUT /_matrix/federation/v2/send_join/{roomId}/{eventId}`
 ///
 /// Submits a signed join event.
-pub async fn create_join_event_v2_route(
+pub(crate) async fn create_join_event_v2_route(
 	body: Ruma<create_join_event::v2::Request>,
 ) -> Result<create_join_event::v2::Response> {
 	let sender_servername = body
@ -1338,7 +1340,7 @@ pub async fn create_join_event_v2_route(
 /// # `PUT /_matrix/federation/v1/make_leave/{roomId}/{eventId}`
 ///
 /// Creates a leave template.
-pub async fn create_leave_event_template_route(
+pub(crate) async fn create_leave_event_template_route(
 	body: Ruma<prepare_leave_event::v1::Request>,
 ) -> Result<prepare_leave_event::v1::Response> {
 	let sender_servername = body
@ -1490,7 +1492,7 @@ async fn create_leave_event(sender_servername: &ServerName, room_id: &RoomId, pd
 /// # `PUT /_matrix/federation/v1/send_leave/{roomId}/{eventId}`
 ///
 /// Submits a signed leave event.
-pub async fn create_leave_event_v1_route(
+pub(crate) async fn create_leave_event_v1_route(
 	body: Ruma<create_leave_event::v1::Request>,
 ) -> Result<create_leave_event::v1::Response> {
 	let sender_servername = body
@ -1506,7 +1508,7 @@ pub async fn create_leave_event_v1_route(
 /// # `PUT /_matrix/federation/v2/send_leave/{roomId}/{eventId}`
 ///
 /// Submits a signed leave event.
-pub async fn create_leave_event_v2_route(
+pub(crate) async fn create_leave_event_v2_route(
 	body: Ruma<create_leave_event::v2::Request>,
 ) -> Result<create_leave_event::v2::Response> {
 	let sender_servername = body
@ -1522,7 +1524,7 @@ pub async fn create_leave_event_v2_route(
 /// # `PUT /_matrix/federation/v2/invite/{roomId}/{eventId}`
 ///
 /// Invites a remote user to a room.
-pub async fn create_invite_route(body: Ruma<create_invite::v2::Request>) -> Result<create_invite::v2::Response> {
+pub(crate) async fn create_invite_route(body: Ruma<create_invite::v2::Request>) -> Result<create_invite::v2::Response> {
 	let sender_servername = body
 		.sender_servername
 		.as_ref()
@ -1692,7 +1694,7 @@ pub async fn create_invite_route(body: Ruma<create_invite::v2::Request>) -> Resu
 /// # `GET /_matrix/federation/v1/user/devices/{userId}`
 ///
 /// Gets information on all devices of the user.
-pub async fn get_devices_route(body: Ruma<get_devices::v1::Request>) -> Result<get_devices::v1::Response> {
+pub(crate) async fn get_devices_route(body: Ruma<get_devices::v1::Request>) -> Result<get_devices::v1::Response> {
 	if body.user_id.server_name() != services().globals.server_name() {
 		return Err(Error::BadRequest(
 			ErrorKind::InvalidParam,
@ -1746,7 +1748,7 @@ pub async fn get_devices_route(body: Ruma<get_devices::v1::Request>) -> Result<g
 /// # `GET /_matrix/federation/v1/query/directory`
 ///
 /// Resolve a room alias to a room id.
-pub async fn get_room_information_route(
+pub(crate) async fn get_room_information_route(
 	body: Ruma<get_room_information::v1::Request>,
 ) -> Result<get_room_information::v1::Response> {
 	let room_id = services()
@ -1786,7 +1788,7 @@ pub async fn get_room_information_route(
 ///
 ///
 /// Gets information on a profile.
-pub async fn get_profile_information_route(
+pub(crate) async fn get_profile_information_route(
 	body: Ruma<get_profile_information::v1::Request>,
 ) -> Result<get_profile_information::v1::Response> {
 	if !services()
@ -1837,7 +1839,7 @@ pub async fn get_profile_information_route(
 /// # `POST /_matrix/federation/v1/user/keys/query`
 ///
 /// Gets devices and identity keys for the given users.
-pub async fn get_keys_route(body: Ruma<get_keys::v1::Request>) -> Result<get_keys::v1::Response> {
+pub(crate) async fn get_keys_route(body: Ruma<get_keys::v1::Request>) -> Result<get_keys::v1::Response> {
 	if body
 		.device_keys
 		.iter()
@ -1867,7 +1869,7 @@ pub async fn get_keys_route(body: Ruma<get_keys::v1::Request>) -> Result<get_key
 /// # `POST /_matrix/federation/v1/user/keys/claim`
 ///
 /// Claims one-time keys.
-pub async fn claim_keys_route(body: Ruma<claim_keys::v1::Request>) -> Result<claim_keys::v1::Response> {
+pub(crate) async fn claim_keys_route(body: Ruma<claim_keys::v1::Request>) -> Result<claim_keys::v1::Response> {
 	if body
 		.one_time_keys
 		.iter()
@ -1889,7 +1891,9 @@ pub async fn claim_keys_route(body: Ruma<claim_keys::v1::Request>) -> Result<cla
 /// # `GET /.well-known/matrix/server`
 ///
 /// Returns the .well-known URL if it is configured, otherwise returns 404.
-pub async fn well_known_server(_body: Ruma<discover_homeserver::Request>) -> Result<discover_homeserver::Response> {
+pub(crate) async fn well_known_server(
+	_body: Ruma<discover_homeserver::Request>,
+) -> Result<discover_homeserver::Response> {
 	Ok(discover_homeserver::Response {
 		server: match services().globals.well_known_server() {
 			Some(server_name) => server_name.to_owned(),
@ -1902,7 +1906,7 @@ pub async fn well_known_server(_body: Ruma<discover_homeserver::Request>) -> Res
 ///
 /// Gets the space tree in a depth-first manner to locate child rooms of a given
 /// space.
-pub async fn get_hierarchy_route(body: Ruma<get_hierarchy::v1::Request>) -> Result<get_hierarchy::v1::Response> {
+pub(crate) async fn get_hierarchy_route(body: Ruma<get_hierarchy::v1::Request>) -> Result<get_hierarchy::v1::Response> {
 	let sender_servername = body
 		.sender_servername
 		.as_ref()