magmaus3/continuwuity
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

add lockdown_public_room_directory config option

Browse source 
Signed-off-by: strawberry <strawberry@puppygock.gay>
This commit is contained in:
strawberry 2024-03-30 22:58:20 -04:00 committed by June
parent 00ddc1c88e
commit 72b60c4770
3 changed files with 26 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

6
conduwuit-example.toml
View file

@ -217,6 +217,12 @@ allow_public_room_directory_over_federation = false
# authentication (access token) through the Client APIs. Set this to false to protect against /publicRooms spiders. # authentication (access token) through the Client APIs. Set this to false to protect against /publicRooms spiders.
allow_public_room_directory_without_auth = false allow_public_room_directory_without_auth = false
# Set this to true to lock down your server's public room directory and only allow admins to publish rooms to the room directory.
# Unpublishing is still allowed by all users with this enabled.
#
# Defaults to false
lockdown_public_room_directory = false
# Set this to true to allow federating device display names / allow external users to see your device display name. # Set this to true to allow federating device display names / allow external users to see your device display name.
# If federation is disabled entirely (`allow_federation`), this is inherently false. For privacy, this is best disabled. # If federation is disabled entirely (`allow_federation`), this is inherently false. For privacy, this is best disabled.
allow_device_name_federation = false allow_device_name_federation = false

15
src/api/client_server/directory.rs
View file

@ -102,8 +102,21 @@ pub async fn set_room_visibility_route(
match &body.visibility { match &body.visibility {
room::Visibility::Public => { room::Visibility::Public => {
if services().globals.config.lockdown_public_room_directory && !services().users.is_admin(sender_user)? {
info!(
"Non-admin user {sender_user} tried to publish {0} to the room directory while \
\"lockdown_public_room_directory\" is enabled",
body.room_id
);
return Err(Error::BadRequest(
ErrorKind::Forbidden,
"Publishing rooms to the room directory is not allowed",
));
}
services().rooms.directory.set_public(&body.room_id)?; services().rooms.directory.set_public(&body.room_id)?;
info!("{} made {} public", sender_user, body.room_id); info!("{sender_user} made {0} public", body.room_id);
}, },
room::Visibility::Private => services().rooms.directory.set_not_public(&body.room_id)?, room::Visibility::Private => services().rooms.directory.set_not_public(&body.room_id)?,
_ => { _ => {

6
src/config/mod.rs
View file

@ -117,6 +117,8 @@ pub struct Config {
#[serde(default)] #[serde(default)]
pub allow_public_room_directory_without_auth: bool, pub allow_public_room_directory_without_auth: bool,
#[serde(default)] #[serde(default)]
pub lockdown_public_room_directory: bool,
#[serde(default)]
pub allow_device_name_federation: bool, pub allow_device_name_federation: bool,
#[serde(default = "true_fn")] #[serde(default = "true_fn")]
pub allow_room_creation: bool, pub allow_room_creation: bool,
@ -420,6 +422,10 @@ impl fmt::Display for Config {
"Allow public room directory without authentication", "Allow public room directory without authentication",
&self.allow_public_room_directory_without_auth.to_string(), &self.allow_public_room_directory_without_auth.to_string(),
), ),
(
"Lockdown public room directory (only allow admins to publish)",
&self.lockdown_public_room_directory.to_string(),
),
( (
"JWT secret", "JWT secret",
match self.jwt_secret { match self.jwt_secret {