options to control public room directory visibility

Signed-off-by: girlbossceo <june@girlboss.ceo>
This commit is contained in:
girlbossceo 2023-09-10 02:32:37 -04:00
parent 76c00283de
commit 81e8df3102
5 changed files with 65 additions and 0 deletions

View file

@ -55,3 +55,12 @@ trusted_servers = ["matrix.org"]
address = "127.0.0.1" # This makes sure Conduit can only be reached using the reverse proxy
#address = "0.0.0.0" # If Conduit is running in a container, make sure the reverse proxy (ie. Traefik) can reach it.
# Set this to true to allow your server's public room directory to be federated.
# Set this to false to protect against /publicRooms spiders, but will forbid external users from viewing your server's public room directory.
# If federation is disabled entirely (`allow_federation`), this is inherently false.
allow_public_room_directory_over_federation = false
# Set this to true to allow your server's public room directory to be queried without client authentication (access token) through the Client APIs.
# Set this to false to protect against /publicRooms spiders.
allow_public_room_directory_without_auth = false

View file

@ -36,6 +36,17 @@ use tracing::{error, info, warn};
pub async fn get_public_rooms_filtered_route(
body: Ruma<get_public_rooms_filtered::v3::Request>,
) -> Result<get_public_rooms_filtered::v3::Response> {
if !services()
.globals
.config
.allow_public_room_directory_without_auth
{
let _sender_user = body
.sender_user
.as_ref()
.ok_or_else(|| Error::BadRequest(ErrorKind::MissingToken, "Missing access token."))?;
}
get_public_rooms_filtered_helper(
body.server.as_deref(),
body.limit,
@ -54,6 +65,17 @@ pub async fn get_public_rooms_filtered_route(
pub async fn get_public_rooms_route(
body: Ruma<get_public_rooms::v3::Request>,
) -> Result<get_public_rooms::v3::Response> {
if !services()
.globals
.config
.allow_public_room_directory_without_auth
{
let _sender_user = body
.sender_user
.as_ref()
.ok_or_else(|| Error::BadRequest(ErrorKind::MissingToken, "Missing access token."))?;
}
let response = get_public_rooms_filtered_helper(
body.server.as_deref(),
body.limit,

View file

@ -621,6 +621,13 @@ pub async fn get_public_rooms_filtered_route(
return Err(Error::bad_config("Federation is disabled."));
}
if !services()
.globals
.allow_public_room_directory_over_federation()
{
return Err(Error::bad_config("Room directory is not public."));
}
let response = client_server::get_public_rooms_filtered_helper(
None,
body.limit,
@ -648,6 +655,13 @@ pub async fn get_public_rooms_route(
return Err(Error::bad_config("Federation is disabled."));
}
if !services()
.globals
.allow_public_room_directory_over_federation()
{
return Err(Error::bad_config("Room directory is not public."));
}
let response = client_server::get_public_rooms_filtered_helper(
None,
body.limit,

View file

@ -51,6 +51,10 @@ pub struct Config {
pub allow_encryption: bool,
#[serde(default = "false_fn")]
pub allow_federation: bool,
#[serde(default = "false_fn")]
pub allow_public_room_directory_over_federation: bool,
#[serde(default = "false_fn")]
pub allow_public_room_directory_without_auth: bool,
#[serde(default = "true_fn")]
pub allow_room_creation: bool,
#[serde(default = "true_fn")]
@ -150,6 +154,14 @@ impl fmt::Display for Config {
("Allow encryption", &self.allow_encryption.to_string()),
("Allow federation", &self.allow_federation.to_string()),
("Allow room creation", &self.allow_room_creation.to_string()),
(
"Allow public room directory over federation",
&self.allow_public_room_directory_over_federation.to_string(),
),
(
"Allow public room directory without authentication",
&self.allow_public_room_directory_without_auth.to_string(),
),
(
"JWT secret",
match self.jwt_secret {

View file

@ -299,6 +299,14 @@ impl Service {
self.config.allow_federation
}
pub fn allow_public_room_directory_over_federation(&self) -> bool {
self.config.allow_public_room_directory_over_federation
}
pub fn allow_public_room_directory_without_auth(&self) -> bool {
self.config.allow_public_room_directory_without_auth
}
pub fn allow_room_creation(&self) -> bool {
self.config.allow_room_creation
}