From 81a797945b19e94cfcbfeb5699133003c05db025 Mon Sep 17 00:00:00 2001
From: Jade Ellis <jade@ellis.link>
Date: Sat, 18 Jan 2025 15:40:43 +0000
Subject: [PATCH] forbid requesting room directories or media of forbidden
 servers

---
 src/api/client/directory.rs | 2 ++
 src/core/config/mod.rs      | 4 ++++
 src/service/media/mod.rs    | 4 +++-
 src/service/media/remote.rs | 4 ++++
 4 files changed, 13 insertions(+), 1 deletion(-)

diff --git a/src/api/client/directory.rs b/src/api/client/directory.rs
index 9166eed9..1018469d 100644
--- a/src/api/client/directory.rs
+++ b/src/api/client/directory.rs
@@ -45,6 +45,7 @@ pub(crate) async fn get_public_rooms_filtered_route(
 			.config
 			.forbidden_remote_room_directory_server_names
 			.contains(server)
+			|| services.moderation.is_remote_server_forbidden(server)
 		{
 			return Err!(Request(Forbidden("Server is banned on this homeserver.")));
 		}
@@ -87,6 +88,7 @@ pub(crate) async fn get_public_rooms_route(
 			.config
 			.forbidden_remote_room_directory_server_names
 			.contains(server)
+			|| services.moderation.is_remote_server_forbidden(server)
 		{
 			return Err!(Request(Forbidden("Server is banned on this homeserver.")));
 		}
diff --git a/src/core/config/mod.rs b/src/core/config/mod.rs
index f6b08bc0..b1ad4562 100644
--- a/src/core/config/mod.rs
+++ b/src/core/config/mod.rs
@@ -1324,6 +1324,8 @@ pub struct Config {
 	/// Vector list of servers that conduwuit will refuse to download remote
 	/// media from.
 	///
+	/// This is in addition to `forbidden_remote_server_names`.
+	///
 	/// default: []
 	#[serde(default)]
 	pub prevent_media_downloads_from: HashSet<OwnedServerName>,
@@ -1355,6 +1357,8 @@ pub struct Config {
 	/// room directory requests for. Useful for preventing our users from
 	/// wandering into bad servers or spaces.
 	///
+	/// This is in addition to `forbidden_remote_server_names`.
+	///
 	/// default: []
 	#[serde(default = "HashSet::new")]
 	pub forbidden_remote_room_directory_server_names: HashSet<OwnedServerName>,
diff --git a/src/service/media/mod.rs b/src/service/media/mod.rs
index 0d98853d..66638e4b 100644
--- a/src/service/media/mod.rs
+++ b/src/service/media/mod.rs
@@ -22,7 +22,7 @@ use tokio::{
 
 use self::data::{Data, Metadata};
 pub use self::thumbnail::Dim;
-use crate::{client, globals, sending, Dep};
+use crate::{client, globals, moderation, sending, Dep};
 
 #[derive(Debug)]
 pub struct FileMeta {
@@ -42,6 +42,7 @@ struct Services {
 	client: Dep<client::Service>,
 	globals: Dep<globals::Service>,
 	sending: Dep<sending::Service>,
+	moderation: Dep<moderation::Service>,
 }
 
 /// generated MXC ID (`media-id`) length
@@ -64,6 +65,7 @@ impl crate::Service for Service {
 				client: args.depend::<client::Service>("client"),
 				globals: args.depend::<globals::Service>("globals"),
 				sending: args.depend::<sending::Service>("sending"),
+				moderation: args.depend::<moderation::Service>("moderation"),
 			},
 		}))
 	}
diff --git a/src/service/media/remote.rs b/src/service/media/remote.rs
index ca73c3ef..089c028d 100644
--- a/src/service/media/remote.rs
+++ b/src/service/media/remote.rs
@@ -427,6 +427,10 @@ fn check_fetch_authorized(&self, mxc: &Mxc<'_>) -> Result<()> {
 		.config
 		.prevent_media_downloads_from
 		.contains(mxc.server_name)
+		|| self
+			.services
+			.moderation
+			.is_remote_server_forbidden(mxc.server_name)
 	{
 		// we'll lie to the client and say the blocked server's media was not found and
 		// log. the client has no way of telling anyways so this is a security bonus.