fix: Properly check forbidden_remote_server_names for incoming requests

src/api/client/membership/mod.rs

@@ -105,11 +105,7 @@ pub(crate) async fn banned_room_check(
 			return Err!(Request(Forbidden("This room is banned on this homeserver.")));
 		}
 	} else if let Some(server_name) = server_name {
-		if services
-			.config
-			.forbidden_remote_server_names
-			.is_match(server_name.host())
-		{
+		if services.moderation.is_remote_server_forbidden(server_name) {
 			warn!(
 				"User {user_id} who is not an admin tried joining a room which has the server \
 				 name {server_name} that is globally forbidden. Rejecting.",

src/api/router/auth.rs

@@ -86,10 +86,21 @@ impl CheckAuth for ServerSignatures {
 		let keys: PubKeyMap = [(output.origin.as_str().into(), keys)].into();
 
 		match output.verify_request(request, destination, &keys) {
-			| Ok(()) => Ok(Auth {
-				origin: Some(output.origin.clone()),
-				..Default::default()
-			}),
+			| Ok(()) => {
+				if services
+					.moderation
+					.is_remote_server_forbidden(&output.origin)
+				{
+					return Err!(Request(Unauthorized(
+						"You are blocked from federating with this server."
+					)));
+				}
+
+				Ok(Auth {
+					origin: Some(output.origin.clone()),
+					..Default::default()
+				})
+			},
 			| Err(err) =>
 				Err!(Request(Unauthorized(warn!("Failed to verify X-Matrix header: {err}")))),
 		}