diff --git a/conduwuit-example.toml b/conduwuit-example.toml index 619b01c5..8128d150 100644 --- a/conduwuit-example.toml +++ b/conduwuit-example.toml @@ -255,6 +255,14 @@ url_preview_check_root_domain = false #well_known_support_email = "" #well_known_support_mxid = "" +# Config option to allow or disallow incoming federation requests that obtain the profiles +# of our local users from `/_matrix/federation/v1/query/profile` +# +# This is inherently false if `allow_federation` is disabled +# +# Defaults to true +allow_profile_lookup_federation_requests = true + ### Misc diff --git a/src/api/server_server.rs b/src/api/server_server.rs index b07c9314..d54959aa 100644 --- a/src/api/server_server.rs +++ b/src/api/server_server.rs @@ -1425,16 +1425,27 @@ pub async fn get_room_information_route( Ok(get_room_information::v1::Response { room_id, - servers: vec![services().globals.server_name().to_owned()], + servers: vec![services().globals.server_name().to_owned()], // TODO: add more than just us }) } /// # `GET /_matrix/federation/v1/query/profile` /// +/// /// Gets information on a profile. pub async fn get_profile_information_route( body: Ruma, ) -> Result { + if !services() + .globals + .allow_profile_lookup_federation_requests() + { + return Err(Error::BadRequest( + ErrorKind::forbidden(), + "Profile lookup over federation is not allowed on this homeserver.", + )); + } + if body.user_id.server_name() != services().globals.server_name() { return Err(Error::BadRequest( ErrorKind::InvalidParam, diff --git a/src/config/mod.rs b/src/config/mod.rs index e32eafcb..d57bdcc8 100644 --- a/src/config/mod.rs +++ b/src/config/mod.rs @@ -151,6 +151,8 @@ pub struct Config { #[serde(default)] pub allow_device_name_federation: bool, #[serde(default = "true_fn")] + pub allow_profile_lookup_federation_requests: bool, + #[serde(default = "true_fn")] pub allow_room_creation: bool, #[serde(default = "true_fn")] pub allow_unstable_room_versions: bool, @@ -525,6 +527,10 @@ impl fmt::Display for Config { ("Client typing timeout minimum", &self.typing_client_timeout_min_s.to_string()), ("Client typing timeout maxmimum", &self.typing_client_timeout_max_s.to_string()), ("Allow device name federation", &self.allow_device_name_federation.to_string()), + ( + "Allow incoming profile lookup federation requests", + &self.allow_profile_lookup_federation_requests.to_string(), + ), ("Notification push path", &self.notification_push_path), ("Allow room creation", &self.allow_room_creation.to_string()), ( diff --git a/src/service/globals/mod.rs b/src/service/globals/mod.rs index d01e22cd..be0bd3cf 100644 --- a/src/service/globals/mod.rs +++ b/src/service/globals/mod.rs @@ -260,6 +260,10 @@ impl Service<'_> { pub fn auto_join_rooms(&self) -> &[OwnedRoomId] { &self.config.auto_join_rooms } + pub fn allow_profile_lookup_federation_requests(&self) -> bool { + self.config.allow_profile_lookup_federation_requests + } + pub fn notification_push_path(&self) -> &String { &self.config.notification_push_path } pub fn emergency_password(&self) -> &Option { &self.config.emergency_password }