diff --git a/Rocket-example.toml b/Rocket-example.toml index 30a3c3a0..677b8e10 100644 --- a/Rocket-example.toml +++ b/Rocket-example.toml @@ -1,6 +1,7 @@ [global] server_name = "your.server.name" #registration_disabled = true +#encryption_disabled = true # Default path is in this user's data #database_path = "/home/timo/MyConduitServer" @@ -8,6 +9,7 @@ server_name = "your.server.name" port = 14004 address = "0.0.0.0" +# Not necessary when using a reverse proxy #[global.tls] #certs = "/etc/letsencrypt/live/your.server.name/fullchain.pem" #key = "/etc/letsencrypt/live/your.server.name/privkey.pem" diff --git a/src/client_server.rs b/src/client_server.rs index c8f264c7..e6a2c23e 100644 --- a/src/client_server.rs +++ b/src/client_server.rs @@ -1341,6 +1341,11 @@ pub fn create_room_route( content, } in &body.initial_state { + // Silently skip encryption events if they are not allowed + if event_type == &EventType::RoomEncryption && db.globals.encryption_disabled() { + continue + } + db.rooms.append_pdu( room_id.clone(), user_id.clone(), diff --git a/src/database/globals.rs b/src/database/globals.rs index 45786054..3a257a54 100644 --- a/src/database/globals.rs +++ b/src/database/globals.rs @@ -10,6 +10,7 @@ pub struct Globals { reqwest_client: reqwest::Client, server_name: Box, registration_disabled: bool, + encryption_disabled: bool, } impl Globals { @@ -33,6 +34,7 @@ impl Globals { .try_into() .map_err(|_| Error::BadConfig("Invalid server name found."))?, registration_disabled: config.get_bool("registration_disabled").unwrap_or(false), + encryption_disabled: config.get_bool("encryption_disabled").unwrap_or(false), }) } @@ -70,4 +72,8 @@ impl Globals { pub fn registration_disabled(&self) -> bool { self.registration_disabled } + + pub fn encryption_disabled(&self) -> bool { + self.encryption_disabled + } } diff --git a/src/database/rooms.rs b/src/database/rooms.rs index 3ef4f3f1..298212d4 100644 --- a/src/database/rooms.rs +++ b/src/database/rooms.rs @@ -319,7 +319,12 @@ impl Rooms { Some, ); + // Is the event allowed? if !match event_type { + EventType::RoomEncryption => { + // Don't allow encryption events when it's disabled + !globals.encryption_disabled() + } EventType::RoomMember => { let target_user_id = UserId::try_from(&**state_key).map_err(|_| { Error::BadRequest(