config option to block non-admin room invites

works just like block_non_admin_invites from synapse

Signed-off-by: strawberry <strawberry@puppygock.gay>

conduwuit-example.toml

@@ -152,6 +152,11 @@ registration_token = "change this token for something specific to your server"
 # defaults to true
 # allow_room_creation = true
 
+# controls whether non-admin local users are forbidden from sending room invites (local and remote),
+# AND rejects all incoming remote/federation room invites for all users (including admins).
+# defaults to false
+# block_non_admin_invites = falsse
+
 # Set this to true to allow your server's public room directory to be federated.
 # Set this to false to protect against /publicRooms spiders, but will forbid external users
 # from viewing your server's public room directory. If federation is disabled entirely

src/api/client_server/membership.rs

@@ -190,6 +190,17 @@ pub async fn invite_user_route(
 ) -> Result<invite_user::v3::Response> {
     let sender_user = body.sender_user.as_ref().expect("user is authenticated");
 
+    if !services().users.is_admin(sender_user)? && services().globals.block_non_admin_invites() {
+        info!(
+            "User {sender_user} is not an admin and attempted to send an invite to room {}",
+            &body.room_id
+        );
+        return Err(Error::BadRequest(
+            ErrorKind::Forbidden,
+            "Invites are not allowed on this server.",
+        ));
+    }
+
     if let invite_user::v3::InvitationRecipient::UserId { user_id } = &body.recipient {
         invite_helper(
             sender_user,

src/api/server_server.rs

@@ -1845,6 +1845,13 @@ pub async fn create_invite_route(
         .as_ref()
         .expect("server is authenticated");
 
+    if services().globals.block_non_admin_invites() {
+        info!("Received remote invite from server {} for room {}, but \"block_non_admin_invites\" is enabled, rejecting.", &sender_servername, &body.room_id);
+        return Err(Error::BadRequest(
+            ErrorKind::Forbidden,
+            "This server does not allow room invites.",
+        ));
+    }
     services()
         .rooms
         .event_handler

src/config/mod.rs

@@ -163,6 +163,9 @@ pub struct Config {
     #[serde(with = "serde_regex")]
     pub forbidden_usernames: RegexSet,
 
+    #[serde(default)]
+    pub block_non_admin_invites: bool,
+
     #[serde(flatten)]
     pub catchall: BTreeMap<String, IgnoredAny>,
 }
@@ -277,6 +280,10 @@ impl fmt::Display for Config {
                 "Allow local presence requests (updates)",
                 &self.allow_local_presence.to_string(),
             ),
+            (
+                "Block non-admin room invites (local and remote) and block all incoming remote invites",
+                &self.block_non_admin_invites.to_string(),
+            ),
             (
                 "Allow device name federation",
                 &self.allow_device_name_federation.to_string(),

src/service/globals/mod.rs

@@ -471,6 +471,10 @@ impl Service<'_> {
         &self.config.ip_range_denylist
     }
 
+    pub fn block_non_admin_invites(&self) -> bool {
+        self.config.block_non_admin_invites
+    }
+
     pub fn supported_room_versions(&self) -> Vec<RoomVersionId> {
         let mut room_versions: Vec<RoomVersionId> = vec![];
         room_versions.extend(self.stable_room_versions.clone());