Commit graph

1451 commits

Author SHA1 Message Date
strawberry
89d9cdeb3a IP range denylist logging, and fix logic error
Signed-off-by: strawberry <strawberry@puppygock.gay>
2024-01-25 19:28:33 -05:00
strawberry
382347353e add custom room ID support using room_id field
Signed-off-by: strawberry <strawberry@puppygock.gay>
2024-01-25 19:28:33 -05:00
strawberry
2980af6490 move room creation config check higher up
dont bother wasting resources if we know we
arent even allowed to make the room to begin with

Signed-off-by: strawberry <strawberry@puppygock.gay>
2024-01-25 19:28:33 -05:00
strawberry
ead9a58dce dont crash failing to deserialise room creation content
Signed-off-by: strawberry <strawberry@puppygock.gay>
2024-01-25 19:28:33 -05:00
strawberry
3453dcc344 add error checking to room aliases
length, colon, and spaces. also dont crash.

Signed-off-by: strawberry <strawberry@puppygock.gay>
2024-01-25 19:28:33 -05:00
strawberry
b51d148899 remove random space
Signed-off-by: strawberry <strawberry@puppygock.gay>
2024-01-25 19:28:33 -05:00
strawberry
6c1358d0c8 send home_server on login response again
a 6+ year old deprecated field that isnt even spelled
right, and no clients use it must still be sent
according to spec

Signed-off-by: strawberry <strawberry@puppygock.gay>
2024-01-25 19:28:33 -05:00
strawberry
fa0c083555 don't send requests to specified list of IP CIDRs
this can most definitely be improved but this is a decent attempt.
the only annoying this is i couldn't just use a Vec<IPAddress> which
would have significantly simplified all of this, but serde can't
deserialise it on the config side i guess.

i may find a better way to do this in the future, but this should cover
most areas anyways.

Signed-off-by: strawberry <strawberry@puppygock.gay>
2024-01-25 19:28:33 -05:00
strawberry
71d247232d oops forgot that endpoint too
Signed-off-by: strawberry <strawberry@puppygock.gay>
2024-01-25 19:28:33 -05:00
strawberry
6c75087863 eat less of client parameters for media requests
still cantt respect allow_redirect yet

Signed-off-by: strawberry <strawberry@puppygock.gay>
2024-01-25 19:28:33 -05:00
strawberry
ab6cb4ad2d switch back to expect for sender_user
as far as i can tell, it will return a normal
error in the auth token handling code so this is fine.
we also shouldnt assume all errors from this are
access_token related.

Signed-off-by: strawberry <strawberry@puppygock.gay>
2024-01-25 19:28:33 -05:00
strawberry
02bc818633 match explicit URI to see if we should authenticate the user
first attempt at forcing an endpoint to be authenticated

Signed-off-by: strawberry <strawberry@puppygock.gay>
2024-01-25 19:28:33 -05:00
strawberry
9d0c85ab17 use ruma JsOption, bump figment
Signed-off-by: strawberry <strawberry@puppygock.gay>
2024-01-25 19:28:33 -05:00
strawberry
4e8823dedb add warning about outgoing presence PDU/EDU relationship
Signed-off-by: strawberry <strawberry@puppygock.gay>
2024-01-25 19:28:33 -05:00
strawberry
11bc725268 return joined member count of room for pushrules instead of hardcoded 10
im not sure what the TODO is trying to say here,
but since it's many years old and conduwuit is
fast, i dont see an issue with this.

Signed-off-by: strawberry <strawberry@puppygock.gay>
2024-01-25 19:28:33 -05:00
strawberry
b50c47e1c2 silence loud tower_http errors (move to info)
these are benign errors that are from things like
conduwuit fetching remote media from dead servers

Signed-off-by: strawberry <strawberry@puppygock.gay>
2024-01-25 19:28:33 -05:00
strawberry
34bac4d1d9 support sending well_known client response in /login using well_known_client
Signed-off-by: strawberry <strawberry@puppygock.gay>
2024-01-25 19:28:33 -05:00
strawberry
cf62cb0d0a send avatar_url on invite member events like synapse
Signed-off-by: strawberry <strawberry@puppygock.gay>
2024-01-25 19:28:33 -05:00
strawberry
f275a0dfbe fix obvious copy-paste error
Signed-off-by: strawberry <strawberry@puppygock.gay>
2024-01-25 19:28:33 -05:00
strawberry
fae00e5136 remove rocksdb_max_open_files option
default for RocksDB is -1 and conduwuit already raises the
soft and hard nofile limits at startup.

Signed-off-by: strawberry <strawberry@puppygock.gay>
2024-01-25 19:28:33 -05:00
strawberry
6ffc54e241 support blocking servers from fetching remote media from
akin to synapse's `prevent_media_downloads_from`

Signed-off-by: strawberry <strawberry@puppygock.gay>
2024-01-17 23:57:45 -05:00
strawberry
1a06c8c9d3 more error checking for deserialising events and canonical JSON
Signed-off-by: strawberry <strawberry@puppygock.gay>
2024-01-17 23:57:45 -05:00
strawberry
c83acabfb0 return proper error if we fail to convert to canonical JSON
Signed-off-by: strawberry <strawberry@puppygock.gay>
2024-01-17 23:57:45 -05:00
strawberry
3d6b499b88 log error and PDU for failed auth checks
Signed-off-by: strawberry <strawberry@puppygock.gay>
2024-01-17 23:57:45 -05:00
strawberry
3ffca25f6f update few endpoint docs versions
Signed-off-by: strawberry <strawberry@puppygock.gay>
2024-01-17 23:57:45 -05:00
strawberry
2bbc75d68e why did i have to run cargo fmt twice
Signed-off-by: strawberry <strawberry@puppygock.gay>
2024-01-17 14:26:26 -05:00
strawberry
40f5345586 fix formatting and links of user reports more
Signed-off-by: strawberry <strawberry@puppygock.gay>
2024-01-17 14:26:26 -05:00
strawberry
e944ed5eb4 fix /report endpoint a lot
in short, the `/report` endpoint now checks if:
- the reporting room in the URI matches the PDU/event reported
- sender user is in the room reported
- raises report reasoning to 750 characters (spec doesn't say to limit
these, but thorough and informative reports for server admins are not
a bad thing)
- (hopefully) fixes some broken formatting
- add a random short delay before sending a successful response to the
client to make it more annoying to enumerate for events on our server
(security by obscurity but spec suggests it)

basically, secure reports better lol

see https://spec.matrix.org/v1.9/client-server-api/#post_matrixclientv3roomsroomidreporteventid

Signed-off-by: strawberry <strawberry@puppygock.gay>
2024-01-17 14:26:26 -05:00
strawberry
7eb57a9fd5 explicitly fallback to None for invalid/empty room topics
Signed-off-by: strawberry <strawberry@puppygock.gay>
2024-01-17 14:26:26 -05:00
strawberry
9a3866afff return M_INVALID_PARAM instead of M_BAD_JSON for bad room aliases
Signed-off-by: strawberry <strawberry@puppygock.gay>
2024-01-17 14:26:26 -05:00
strawberry
92641d0628 first of many small code documentation
Signed-off-by: strawberry <strawberry@puppygock.gay>
2024-01-17 14:26:26 -05:00
strawberry
ad1d272e2a fix blocks_in_conditions clippy lint
Signed-off-by: strawberry <strawberry@puppygock.gay>
2024-01-17 14:26:26 -05:00
strawberry
8d42351e34 add presence options to show-config admin cmd
Signed-off-by: strawberry <strawberry@puppygock.gay>
2024-01-17 14:26:26 -05:00
strawberry
a85ebdeaa0 require sender_user being in the reporting room for /report events
Matrix 1.8 change:
https://spec.matrix.org/v1.9/client-server-api/#post_matrixclientv3roomsroomidreporteventid

Signed-off-by: strawberry <strawberry@puppygock.gay>
2024-01-17 14:26:26 -05:00
strawberry
bfc738d80e default to None for room topic event in spaces or /publicRooms
Signed-off-by: strawberry <strawberry@puppygock.gay>
2024-01-17 14:26:26 -05:00
strawberry
59c7f93656 fix more clippy lints (part 1)
Signed-off-by: strawberry <strawberry@puppygock.gay>
2024-01-17 14:26:26 -05:00
strawberry
2074e36aa4 add missing ban reason to ban events
Signed-off-by: strawberry <strawberry@puppygock.gay>
2024-01-14 20:55:56 -05:00
strawberry
2f16726bac raise generated passwords to 25 chars
Signed-off-by: strawberry <strawberry@puppygock.gay>
2024-01-14 20:55:56 -05:00
strawberry
2b031e40a2 partially revert keeping track of remote user profiles
this seems to require some more work to properly ignore
dead server errors without breaking the entire room join

Signed-off-by: strawberry <strawberry@puppygock.gay>
2024-01-14 20:55:56 -05:00
strawberry
149d22eef7 make set avatar, displayname, and blurhash async and forgot another let _
Signed-off-by: strawberry <strawberry@puppygock.gay>
2024-01-14 20:55:56 -05:00
strawberry
9ec1532580 ignore potential errors when updating user profiles
Signed-off-by: strawberry <strawberry@puppygock.gay>
2024-01-14 20:55:56 -05:00
strawberry
0297cfe307 remove cached destination for a destination if request fails
this can help if users change their well-known or such and we don't want
to keep on hitting the old destination.

from 11357d1f1a

Co-authored-by: Jacob Taylor <jacob@explodie.org>
Signed-off-by: strawberry <strawberry@puppygock.gay>
2024-01-14 20:55:56 -05:00
strawberry
ad792f4565 oops dedup only works on consecutive elements
Signed-off-by: strawberry <strawberry@puppygock.gay>
2024-01-14 20:55:56 -05:00
strawberry
52884abff6 don't validate or add signature if room is not v8 or above or not using restricted joins
should resolve https://github.com/matrix-org/matrix-spec/issues/1708 on
for conduwuit until spec clarifies.

Signed-off-by: strawberry <strawberry@puppygock.gay>
2024-01-14 20:55:56 -05:00
strawberry
5c4b8ad7a3 replace panics on unknown room versions with errors
Signed-off-by: strawberry <strawberry@puppygock.gay>
2024-01-14 20:55:56 -05:00
strawberry
c70ce49ec0 don't allow non-local users to have their creds modified in Deactivate admin cmds
Signed-off-by: strawberry <strawberry@puppygock.gay>
2024-01-14 20:55:56 -05:00
strawberry
edd74efbf2 dedup servers in get_alias_helper
Signed-off-by: strawberry <strawberry@puppygock.gay>
2024-01-14 20:55:56 -05:00
strawberry
da539efb98 only follow up to 6 redirects in default reqwest ClientBuilder
Signed-off-by: strawberry <strawberry@puppygock.gay>
2024-01-14 20:55:56 -05:00
strawberry
ae11e378d2 debug log well-known response body and text
Signed-off-by: strawberry <strawberry@puppygock.gay>
2024-01-14 20:55:56 -05:00
strawberry
14a0d12002 declare support for Matrix 1.5 in our federation requests
Signed-off-by: strawberry <strawberry@puppygock.gay>
2024-01-14 20:55:56 -05:00
strawberry
0b0b52c33b add all possible workspace clippy lints (with commenting out most for now)
this will be a major pain to work through. for now, let's
just add them and overtime work through these.

Signed-off-by: strawberry <strawberry@puppygock.gay>
2024-01-14 20:55:56 -05:00
strawberry
49b6f338fd feat: suggest servers to join at /_matrix/client/v3/directory/room/{roomAlias}
Signed-off-by: strawberry <strawberry@puppygock.gay>
2024-01-14 20:55:56 -05:00
strawberry
ee2f1c3084 the great persy, sled, and heed purge (and bump MSRV to 1.74.1)
these database backends are either unmaintained, broken in conduit, or
incredibly niche for something like conduwuit.

also i want to bump the MSRV.

Signed-off-by: strawberry <strawberry@puppygock.gay>
2024-01-14 20:55:56 -05:00
strawberry
b28a2fad97 feat: keep track of remote profiles for user directory and local requests
Signed-off-by: strawberry <strawberry@puppygock.gay>
2024-01-14 20:55:56 -05:00
strawberry
ef8dcdfe3c declare explicit support for room filtering (MSC3827)
conduit has supported this for a while now and is a Matrix 1.4 feature

Signed-off-by: strawberry <strawberry@puppygock.gay>
2024-01-14 20:55:56 -05:00
strawberry
c75674faf5 bump default_presence_offline_timeout to 30 minutes (too low imo)
Signed-off-by: strawberry <strawberry@puppygock.gay>
2024-01-14 20:55:56 -05:00
strawberry
85b2c6681b allow HEAD HTTP requests in CORS
Signed-off-by: strawberry <strawberry@puppygock.gay>
2024-01-14 20:55:56 -05:00
strawberry
20aa2cfca6 update device lists for user upon logout
Signed-off-by: strawberry <strawberry@puppygock.gay>
2024-01-14 20:55:56 -05:00
strawberry
7021c52c9b send a User-Agent on all requests
amazing that this wasn't done in the first place. a lack of a UA is
suspicious and some providers may block our requests just for the sake
of no UA.

Signed-off-by: strawberry <strawberry@puppygock.gay>
2024-01-07 22:26:27 -05:00
strawberry
8586b15e1a add support for serving client+server well-known and /client/server.json endpoints from conduwuit
the last endpoint is a non-standard health check endpoint used by at
least Element Web as a weird way to determine if syncv3 is available

there can also be some valid use-cases for serving well-knowns from the
application itself

Signed-off-by: strawberry <strawberry@puppygock.gay>
2024-01-07 22:26:27 -05:00
strawberry
bb2f213ac3 more helpful panic msg on failing to increase soft/hard FD limits
this can be caused by security policies, hardening, etc

Signed-off-by: strawberry <strawberry@puppygock.gay>
2024-01-07 22:26:27 -05:00
strawberry
1308574db0 bump ruma to latest commit (syncv3 JsOption and push optional power levels)
Signed-off-by: strawberry <strawberry@puppygock.gay>
2024-01-07 22:26:27 -05:00
strawberry
5422d0cedd declare support for various missing matrix versions
this is another one of those things that upstream has neglected

Signed-off-by: strawberry <strawberry@puppygock.gay>
2024-01-07 22:26:27 -05:00
strawberry
2161630b54 raise reqwest client timeout to 300 seconds
Signed-off-by: strawberry <strawberry@puppygock.gay>
2024-01-06 16:16:44 -05:00
strawberry
3ba129e80c remove unnecessary else logic in sha256_media db migration
Signed-off-by: strawberry <strawberry@puppygock.gay>
2024-01-06 16:16:44 -05:00
strawberry
3723d37b14 raise report reason limit to 500 (though spec doesnt say to limit these)
Signed-off-by: strawberry <strawberry@puppygock.gay>
2024-01-06 16:16:44 -05:00
strawberry
d56e76c23e raise various timeouts, make exp backoff consistent
Signed-off-by: strawberry <strawberry@puppygock.gay>
2024-01-06 16:16:44 -05:00
strawberry
06e0360142 change welcome message
Signed-off-by: strawberry <strawberry@puppygock.gay>
2023-12-25 17:07:24 -05:00
strawberry
91c7c15bb3 log where we are listening at/on
Signed-off-by: strawberry <strawberry@puppygock.gay>
2023-12-25 17:07:24 -05:00
strawberry
7e447765fe remove warning in error message, drop 2nd error down to warn
Signed-off-by: strawberry <strawberry@puppygock.gay>
2023-12-25 17:07:24 -05:00
strawberry
09d0c13d6f remove unused config global function
Signed-off-by: strawberry <strawberry@puppygock.gay>
2023-12-25 17:07:24 -05:00
strawberry
d4c360c135 replace run_server() unwrap just to be safe
Signed-off-by: strawberry <strawberry@puppygock.gay>
2023-12-25 17:07:24 -05:00
strawberry
757ba60ff9 add comment about the blocking await above this config check
comment saying this would have been nice. moved the config checks above
that blocking call.

Signed-off-by: strawberry <strawberry@puppygock.gay>
2023-12-25 17:07:24 -05:00
strawberry
071f9959a6 remove false_fn as just default alone always evaluates to false
ideally we could just do true/false but it is almost 2024 and this is
not possible in serde.

Signed-off-by: strawberry <strawberry@puppygock.gay>
2023-12-25 17:07:24 -05:00
strawberry
d214371423 add option for explicit opt-in allow open registration and make it clear
Signed-off-by: strawberry <strawberry@puppygock.gay>
2023-12-25 17:07:24 -05:00
strawberry
5e641e2886 move default rocksdb logging from info to warn
info is still logging useless database statistics and metrics that will
accumulate, less I/O activity.

Signed-off-by: strawberry <strawberry@puppygock.gay>
2023-12-25 17:07:24 -05:00
strawberry
14fc20e31e cargo fmt
Signed-off-by: strawberry <strawberry@puppygock.gay>
2023-12-25 11:09:19 -05:00
Val Lorentz
89c3679e9a Add missing pub key in send_join handling 2023-12-25 11:09:19 -05:00
Val Lorentz
33cae7eaab Explicitly match RoomVersionId::V11 2023-12-25 11:09:19 -05:00
Val Lorentz
f3045be622 Reuse existing get_room_version 2023-12-25 11:09:19 -05:00
Nineko
fdc3e07be6
feat: replaced flaky argon2 with better argon2 crate (#37)
* feat: replaced flaky argon2 with better argon2 crate

* fix: applied cargo fmt nightly

* docs: added comment specifying what the settings for Argon2 mean

* fix: made hashing error a bit more descriptive

* fix: fixed incorrect value for Kib
2023-12-25 10:28:56 -05:00
Charles Hall
629efaa910 use constructor to avoid deprecation warnings 2023-12-24 01:05:13 -05:00
strawberry
5bb6128149 remove wrong else logic
Signed-off-by: strawberry <strawberry@puppygock.gay>
2023-12-23 11:49:14 -05:00
strawberry
dd8a6ede09 dont allow guest registration if registration disabled with token configured
Signed-off-by: strawberry <strawberry@puppygock.gay>
2023-12-23 11:49:14 -05:00
strawberry
6664259e64 forbid guest users from registering if no real admin user exists
Signed-off-by: strawberry <strawberry@puppygock.gay>
2023-12-23 11:49:14 -05:00
strawberry
01a8f6323d log next steps if a guest account registered and attempted to get admin
this might be an unreachable state with the next commit, but let's be
extra sure here just in case a guest still managed to register before
a real admin was created.

Signed-off-by: strawberry <strawberry@puppygock.gay>
2023-12-23 11:49:14 -05:00
strawberry
dc73df763a don't grant guest users admin, slight user + guest logging improvements
Signed-off-by: strawberry <strawberry@puppygock.gay>
2023-12-23 11:49:14 -05:00
strawberry
b0fdc1351b add config option for guest registration, make guest registration respect allow_registration
Signed-off-by: strawberry <strawberry@puppygock.gay>
2023-12-23 11:49:14 -05:00
Charles Hall
d76ea86909 update opentelemetry things
Upstream's changelogs are unhelpful :/
2023-12-22 18:24:03 -05:00
Jakub Kubík
cc4e6e213f fix(sync): correctly update presence properties 2023-12-20 21:50:18 -05:00
Jakub Kubík
69025d30f7 style(presence): use flat_map instead of matching Results in filter 2023-12-20 21:50:13 -05:00
strawberry
e93b4aa08e fix typo
Signed-off-by: strawberry <strawberry@puppygock.gay>
2023-12-20 21:46:54 -05:00
Charles Hall
311c7d83ca fix rustdoc warnings
Also removed all instances of `#[command(verbatim_doc_comment)]` because
I'm pretty sure it's not necessary anymore. The `[commandbody]` things
were making rustdoc upset about broken link syntax. I also normalized
"code-block" to "code block" in that file since the latter appears more
often.
2023-12-20 21:46:54 -05:00
strawberry
8454773275 log rejected sendjoin, remove unnecessary clone
Signed-off-by: strawberry <strawberry@puppygock.gay>
2023-12-03 20:20:25 -05:00
strawberry
d9d1ce3cb5 fix refering uninit static, use upstream rocksdb again, don't compile debug info
even rust-analyzer themselves don't compile with debug info because it
makes cargo checks and builds in general a lot longer. helps speed
things up and we mainly care about panics/stacktraces and compiler
errors.

https://github.com/rust-lang/rust-analyzer/blob/master/Cargo.toml#L12-L15

upstream rust-rocksdb is active again finally

Signed-off-by: strawberry <strawberry@puppygock.gay>
2023-12-03 01:00:23 -05:00
strawberry
4d52dd2f44 use puppy check for updates endpoint
Signed-off-by: strawberry <strawberry@puppygock.gay>
2023-12-02 21:45:09 -05:00
strawberry
f62f641545 add rocksdb configurable options and tweaks, logging improvements, exp. room v11 support
split out the spinning disk focused options into a configurable option, current
conduwuit users are NVMe/SSDs anyways so those options are just hindering performance.

rocksdb logging builds up overtime with no cleanup or anything, adds support for
configuring the amount of logging, size of files, log rotate, etc.
fixes https://gitlab.com/girlbossceo/conduwuit/-/issues/1

misc conduit logging improvements for help debugging issues and maybe a future feature

experimental Room V11 support from https://gitlab.com/famedly/conduit/-/merge_requests/562

Signed-off-by: strawberry <strawberry@puppygock.gay>
2023-12-02 21:30:06 -05:00
strawberry
56e4166ee8 never let clippy fail, use CARGO_PKG_NAME, allow issues on gh, simplify regex a tad
Signed-off-by: strawberry <strawberry@puppygock.gay>
2023-11-29 23:19:53 -05:00
strawberry
87d6a17f0a fix all the warnings!!!! (0 clippy and rustc warnings now)
too many changes to list, codebase significantly better than it was a few weeks ago though

Signed-off-by: strawberry <june@girlboss.ceo>
2023-11-29 21:36:02 -05:00
strawberry
20b686cac5 add some ruma features, fix futures warning
Signed-off-by: strawberry <june@girlboss.ceo>
2023-11-27 21:34:45 -05:00