feat: Allow controlling client message filtering

conduwuit-example.toml

@@ -1182,23 +1182,13 @@
 #
 #prune_missing_media = false
 
-# Vector list of regex patterns of server names that conduwuit will refuse
-# to download remote media from.
-#
-# example: ["badserver\.tld$", "badphrase", "19dollarfortnitecards"]
-#
-#prevent_media_downloads_from = []
-
 # List of forbidden server names via regex patterns that we will block
 # incoming AND outgoing federation with, and block client room joins /
 # remote user invites.
 #
-# Additionally, it will hide messages from these servers for all users
-# on this server.
-#
 # Note that your messages can still make it to forbidden servers through
-# backfilling. Events we receive from forbidden servers via backfill will
-# be stored in the database, but will not be sent to the client.
+# backfilling. Events we receive from forbidden servers via backfill
+# from servers we *do* federate with will be stored in the database.
 #
 # This check is applied on the room ID, room alias, sender server name,
 # sender user's server name, inbound federation X-Matrix origin, and
@@ -1220,6 +1210,13 @@
 #
 #allowed_remote_server_names = []
 
+# Vector list of regex patterns of server names that conduwuit will refuse
+# to download remote media from.
+#
+# example: ["badserver\.tld$", "badphrase", "19dollarfortnitecards"]
+#
+#prevent_media_downloads_from = []
+
 # List of forbidden server names via regex patterns that we will block all
 # outgoing federated room directory requests for. Useful for preventing
 # our users from wandering into bad servers or spaces.
@@ -1228,6 +1225,29 @@
 #
 #forbidden_remote_room_directory_server_names = []
 
+# Vector list of regex patterns of server names that conduwuit will not
+# send messages to the client from.
+#
+# Note that there is no way for clients to receive messages once a server
+# has become unignored without doing a full sync. This is a protocol
+# limitation with the current sync protocols. This means this is somewhat
+# of a nuclear option.
+#
+# example: ["reallybadserver\.tld$", "reallybadphrase",
+# "69dollarfortnitecards"]
+#
+#ignore_messages_from_server_names = []
+
+# Send messages from users that the user has ignored to the client.
+#
+# There is no way for clients to receive messages sent while a user was
+# ignored without doing a full sync. This is a protocol limitation with
+# the current sync protocols. Disabling this option will move
+# responsibility of ignoring messages to the client, which can avoid this
+# limitation.
+#
+#send_messages_from_ignored_users_to_client = false
+
 # Vector list of IPv4 and IPv6 CIDR ranges / subnets *in quotes* that you
 # do not want conduwuit to send outbound requests to. Defaults to
 # RFC1918, unroutable, loopback, multicast, and testnet addresses for

src/api/client/message.rs

@@ -275,10 +275,12 @@ pub(crate) async fn is_ignored_pdu(
 
 	let ignored_server = services
 		.moderation
-		.is_remote_server_forbidden(pdu.sender().server_name());
+		.is_remote_server_ignored(pdu.sender().server_name());
 
 	if ignored_type
-		&& (ignored_server || services.users.user_is_ignored(&pdu.sender, user_id).await)
+		&& (ignored_server
+			|| (!services.config.send_messages_from_ignored_users_to_client
+				&& services.users.user_is_ignored(&pdu.sender, user_id).await))
 	{
 		return true;
 	}

src/core/config/mod.rs

@@ -1359,25 +1359,13 @@ pub struct Config {
 	#[serde(default)]
 	pub prune_missing_media: bool,
 
-	/// Vector list of regex patterns of server names that conduwuit will refuse
-	/// to download remote media from.
-	///
-	/// example: ["badserver\.tld$", "badphrase", "19dollarfortnitecards"]
-	///
-	/// default: []
-	#[serde(default, with = "serde_regex")]
-	pub prevent_media_downloads_from: RegexSet,
-
 	/// List of forbidden server names via regex patterns that we will block
 	/// incoming AND outgoing federation with, and block client room joins /
 	/// remote user invites.
 	///
-	/// Additionally, it will hide messages from these servers for all users
-	/// on this server.
-	///
 	/// Note that your messages can still make it to forbidden servers through
-	/// backfilling. Events we receive from forbidden servers via backfill will
-	/// be stored in the database, but will not be sent to the client.
+	/// backfilling. Events we receive from forbidden servers via backfill
+	/// from servers we *do* federate with will be stored in the database.
 	///
 	/// This check is applied on the room ID, room alias, sender server name,
 	/// sender user's server name, inbound federation X-Matrix origin, and
@@ -1403,6 +1391,15 @@ pub struct Config {
 	#[serde(default, with = "serde_regex")]
 	pub allowed_remote_server_names: RegexSet,
 
+	/// Vector list of regex patterns of server names that conduwuit will refuse
+	/// to download remote media from.
+	///
+	/// example: ["badserver\.tld$", "badphrase", "19dollarfortnitecards"]
+	///
+	/// default: []
+	#[serde(default, with = "serde_regex")]
+	pub prevent_media_downloads_from: RegexSet,
+
 	/// List of forbidden server names via regex patterns that we will block all
 	/// outgoing federated room directory requests for. Useful for preventing
 	/// our users from wandering into bad servers or spaces.
@@ -1413,6 +1410,31 @@ pub struct Config {
 	#[serde(default, with = "serde_regex")]
 	pub forbidden_remote_room_directory_server_names: RegexSet,
 
+	/// Vector list of regex patterns of server names that conduwuit will not
+	/// send messages to the client from.
+	///
+	/// Note that there is no way for clients to receive messages once a server
+	/// has become unignored without doing a full sync. This is a protocol
+	/// limitation with the current sync protocols. This means this is somewhat
+	/// of a nuclear option.
+	///
+	/// example: ["reallybadserver\.tld$", "reallybadphrase",
+	/// "69dollarfortnitecards"]
+	///
+	/// default: []
+	#[serde(default, with = "serde_regex")]
+	pub ignore_messages_from_server_names: RegexSet,
+
+	/// Send messages from users that the user has ignored to the client.
+	///
+	/// There is no way for clients to receive messages sent while a user was
+	/// ignored without doing a full sync. This is a protocol limitation with
+	/// the current sync protocols. Disabling this option will move
+	/// responsibility of ignoring messages to the client, which can avoid this
+	/// limitation.
+	#[serde(default)]
+	pub send_messages_from_ignored_users_to_client: bool,
+
 	/// Vector list of IPv4 and IPv6 CIDR ranges / subnets *in quotes* that you
 	/// do not want conduwuit to send outbound requests to. Defaults to
 	/// RFC1918, unroutable, loopback, multicast, and testnet addresses for

src/service/moderation.rs

@@ -1,6 +1,6 @@
 use std::sync::Arc;
 
-use conduwuit::{Result, Server, implement};
+use conduwuit::{Result, implement};
 use ruma::ServerName;
 
 use crate::{Dep, config};
@@ -10,7 +10,7 @@ pub struct Service {
 }
 
 struct Services {
-	pub server: Arc<Server>,
+	// pub server: Arc<Server>,
 	pub config: Dep<config::Service>,
 }
 
@@ -18,7 +18,7 @@ impl crate::Service for Service {
 	fn build(args: crate::Args<'_>) -> Result<Arc<Self>> {
 		Ok(Arc::new(Self {
 			services: Services {
-				server: args.server.clone(),
+				// server: args.server.clone(),
 				config: args.depend::<config::Service>("config"),
 			},
 		}))
@@ -27,6 +27,20 @@ impl crate::Service for Service {
 	fn name(&self) -> &str { crate::service::make_name(std::module_path!()) }
 }
 
+#[implement(Service)]
+#[must_use]
+pub fn is_remote_server_ignored(&self, server_name: &ServerName) -> bool {
+	// We must never block federating with ourselves
+	if server_name == self.services.config.server_name {
+		return false;
+	}
+
+	self.services
+		.config
+		.ignore_messages_from_server_names
+		.is_match(server_name.host())
+}
+
 #[implement(Service)]
 #[must_use]
 pub fn is_remote_server_forbidden(&self, server_name: &ServerName) -> bool {