add option for explicit opt-in allow open registration and make it clear

Signed-off-by: strawberry <strawberry@puppygock.gay>
2023-12-24 00:36:14 -05:00 · 2023-12-24 00:36:14 -05:00 · d214371423
commit d214371423
parent 5e641e2886
4 changed files with 43 additions and 3 deletions
--- a/src/config/mod.rs
+++ b/src/config/mod.rs
@ -50,6 +50,8 @@ pub struct Config {
    pub max_fetch_prev_events: u16,
    #[serde(default = "false_fn")]
    pub allow_registration: bool,
+    #[serde(default = "false_fn")]
+    pub yes_i_am_very_very_sure_i_want_an_open_registration_server_prone_to_abuse: bool,
    pub registration_token: Option<String>,
    #[serde(default = "true_fn")]
    pub allow_encryption: bool,
@ -197,7 +199,10 @@ impl fmt::Display for Config {
                "Maximum concurrent requests",
                &self.max_concurrent_requests.to_string(),
            ),
-            ("Allow registration", &self.allow_registration.to_string()),
+            (
+                "Allow registration (open registration)",
+                &self.allow_registration.to_string(),
+            ),
            (
                "Allow guest registration",
                &self.allow_guest_registration.to_string(),
--- a/src/main.rs
+++ b/src/main.rs
@ -156,6 +156,23 @@ async fn main() {
    };
    let config = &services().globals.config;

+    if config.allow_registration
+        && !config.yes_i_am_very_very_sure_i_want_an_open_registration_server_prone_to_abuse
+    {
+        error!("!! WARNING: You have `allow_registration` enabled in your config which means you are allowing ANYONE to register on your conduwuit instance without any 2nd-step (e.g. registration token).\n
+        If this is not the intended behaviour, please disable `allow_registration` and set a registration token.\n
+        For security and safety reasons, conduwuit will shut down. If you are extra sure this is the desired behaviour you want, please set the following config option to true:
+        `yes_i_am_very_very_sure_i_want_an_open_registration_server_prone_to_abuse`");
+        return;
+    }
+
+    if config.allow_registration
+        && config.yes_i_am_very_very_sure_i_want_an_open_registration_server_prone_to_abuse
+    {
+        error!("Open registration is enabled via setting `yes_i_am_very_very_sure_i_want_an_open_registration_server_prone_to_abuse` and `allow_registration` to true. You are expected to be aware of the risks now.\n
+        If this is not the desired behaviour, please disable `allow_registration` and set a registration token.");
+    }
+
    info!("Starting server");
    run_server().await.unwrap();

--- a/src/service/globals/mod.rs
+++ b/src/service/globals/mod.rs
@ -307,6 +307,13 @@ impl Service<'_> {
        self.config.allow_guest_registration
    }

+    pub fn yes_i_am_very_very_sure_i_want_an_open_registration_server_prone_to_abuse(
+        &self,
+    ) -> bool {
+        self.config
+            .yes_i_am_very_very_sure_i_want_an_open_registration_server_prone_to_abuse
+    }
+
    pub fn allow_encryption(&self) -> bool {
        self.config.allow_encryption
    }