feat: Implement event rejection

Co-Authored-By: star <star@nexy7574.co.uk>
2026-05-26 20:49:55 +00:00 · 2026-05-08 19:49:51 +01:00
parent afa80576f4
commit 1f6cab9e2e
15 changed files with 139 additions and 19 deletions
@@ -44,7 +44,7 @@ impl crate::Service for Service {
 			db,
 			server: args.server.clone(),
 			bad_event_ratelimiter: Arc::new(SyncRwLock::new(HashMap::new())),
-			admin_alias: OwnedRoomAliasId::try_from(format!("#admins:{}", &args.server.name))
+			admin_alias: OwnedRoomAliasId::try_from(format!("#admins:{}", args.server.name))
 				.expect("#admins:server_name is valid alias name"),
 			server_user: UserId::parse_with_server_name(
 				String::from("conduit"),
@@ -37,7 +37,7 @@ pub struct PasswordReset<'a> {
 }

 impl MessageTemplate for PasswordReset<'_> {
-	fn subject(&self) -> String { format!("Password reset request for {}", &self.user_id) }
+	fn subject(&self) -> String { format!("Password reset request for {}", self.user_id) }
 }

 #[derive(Template)]
@@ -48,7 +48,7 @@ impl DatabaseTokenInfo {

 impl std::fmt::Display for DatabaseTokenInfo {
 	fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
-		write!(f, "Token created by {} and used {} times. ", &self.creator, self.uses)?;
+		write!(f, "Token created by {} and used {} times. ", self.creator, self.uses)?;
 		if let Some(expires) = &self.expires {
 			write!(f, "{expires}.")?;
 		} else {
@@ -35,7 +35,7 @@ pub struct ValidToken {

 impl std::fmt::Display for ValidToken {
 	fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
-		write!(f, "`{}` --- {}", self.token, &self.source)
+		write!(f, "`{}` --- {}", self.token, self.source)
 	}
 }

@@ -38,13 +38,27 @@ where
 		return Ok(Some(pduid));
 	}

-	if self
+	if !self
 		.services
 		.pdu_metadata
-		.is_event_soft_failed(incoming_pdu.event_id())
+		.is_event_accepted(incoming_pdu.event_id())
 		.await
 	{
-		return Err!(Request(InvalidParam("Event has been soft failed")));
+		return Err!(Request(InvalidParam("Event has been rejected or soft-failed")));
+	}
+
+	// If any of the auth events are rejected, this event is also rejected.
+	for aid in incoming_pdu.auth_events() {
+		if self.services.pdu_metadata.is_event_rejected(aid).await {
+			warn!(
+				"Rejecting incoming event {} which depends on rejected auth event {aid}",
+				incoming_pdu.event_id()
+			);
+			self.services
+				.pdu_metadata
+				.mark_event_rejected(incoming_pdu.event_id());
+			return Err!(Request(InvalidParam("Event has rejected auth events")));
+		}
 	}

 	debug!(
@@ -106,6 +120,9 @@ where
 	.map_err(|e| err!(Request(Forbidden("Auth check failed: {e:?}"))))?;

 	if !auth_check {
+		self.services
+			.pdu_metadata
+			.mark_event_rejected(incoming_pdu.event_id());
 		return Err!(Request(Forbidden("Event has failed auth check with state at the event.")));
 	}

@@ -34,7 +34,7 @@ use ruma::{
 use crate::{
 	Dep, antispam, globals,
 	rooms::{
-		metadata, outlier, short,
+		metadata, outlier, pdu_metadata, short,
 		state::{self, RoomMutexGuard},
 		state_accessor, state_cache,
 		state_compressor::{self, CompressedState, HashSetCompressStateEvent},
@@ -54,6 +54,7 @@ struct Services {
 	globals: Dep<globals::Service>,
 	metadata: Dep<metadata::Service>,
 	outlier: Dep<outlier::Service>,
+	pdu_metadata: Dep<pdu_metadata::Service>,
 	sending: Dep<sending::Service>,
 	server_keys: Dep<server_keys::Service>,
 	short: Dep<short::Service>,
@@ -75,6 +76,7 @@ impl crate::Service for Service {
 				globals: args.depend::<globals::Service>("globals"),
 				metadata: args.depend::<metadata::Service>("rooms::metadata"),
 				outlier: args.depend::<outlier::Service>("rooms::outlier"),
+				pdu_metadata: args.depend::<pdu_metadata::Service>("rooms::pdu_metadata"),
 				sending: args.depend::<sending::Service>("sending"),
 				server_keys: args.depend::<server_keys::Service>("server_keys"),
 				short: args.depend::<short::Service>("rooms::short"),
@@ -285,7 +287,7 @@ impl Service {
 	}

 	#[tracing::instrument(skip_all, fields(%sender_user, %room_id), name = "join_remote_room", level = "info")]
-	async fn join_remote_room(
+	pub async fn join_remote_room(
 		&self,
 		sender_user: &UserId,
 		room_id: &RoomId,
@@ -293,6 +295,7 @@ impl Service {
 		servers: &[OwnedServerName],
 		state_lock: RoomMutexGuard,
 	) -> Result {
+		// public so the admin command force-join-room-remotely works
 		info!("Joining {room_id} over federation.");

 		let (make_join_response, remote_server) = self
@@ -512,6 +515,7 @@ impl Service {
 					return state;
 				}
 				self.services.outlier.add_pdu_outlier(&event_id, &value);
+				self.services.pdu_metadata.unmark_pdu(&event_id);
 				if let Some(state_key) = &pdu.state_key {
 					let shortstatekey = self
 						.services
@@ -543,6 +547,7 @@ impl Service {
 			.ready_for_each(|(event_id, value)| {
 				trace!(%event_id, "Adding PDU as an outlier from send_join auth_chain");
 				self.services.outlier.add_pdu_outlier(&event_id, &value);
+				self.services.pdu_metadata.unmark_pdu(&event_id);
 			})
 			.await;

@@ -26,6 +26,7 @@ pub(super) struct Data {
 	tofrom_relation: Arc<Map>,
 	referencedevents: Arc<Map>,
 	softfailedeventids: Arc<Map>,
+	rejectedeventids: Arc<Map>,
 	services: Services,
 }

@@ -40,6 +41,7 @@ impl Data {
 			tofrom_relation: db["tofrom_relation"].clone(),
 			referencedevents: db["referencedevents"].clone(),
 			softfailedeventids: db["softfailedeventids"].clone(),
+			rejectedeventids: db["rejectedeventids"].clone(),
 			services: Services {
 				timeline: args.depend::<rooms::timeline::Service>("rooms::timeline"),
 			},
@@ -118,7 +120,29 @@ impl Data {
 		self.softfailedeventids.insert(event_id, []);
 	}

+	pub(super) fn unmark_event_soft_failed(&self, event_id: &EventId) {
+		self.softfailedeventids.remove(event_id);
+	}
+
 	pub(super) async fn is_event_soft_failed(&self, event_id: &EventId) -> bool {
 		self.softfailedeventids.get(event_id).await.is_ok()
 	}
+
+	pub(super) fn mark_event_rejected(&self, event_id: &EventId) {
+		self.rejectedeventids.insert(event_id, []);
+	}
+
+	pub(super) fn unmark_event_rejected(&self, event_id: &EventId) {
+		self.rejectedeventids.remove(event_id);
+	}
+
+	pub(super) async fn is_event_rejected(&self, event_id: &EventId) -> bool {
+		self.rejectedeventids.get(event_id).await.is_ok()
+	}
+
+	/// Removes any soft-fail or rejection markers applied to the target PDU
+	pub(super) fn unmark_pdu(&self, event_id: &EventId) {
+		self.unmark_event_rejected(event_id);
+		self.unmark_event_soft_failed(event_id);
+	}
 }
@@ -140,4 +140,28 @@ impl Service {
 	pub async fn is_event_soft_failed(&self, event_id: &EventId) -> bool {
 		self.db.is_event_soft_failed(event_id).await
 	}
+
+	pub async fn is_event_rejected(&self, event_id: &EventId) -> bool {
+		self.db.is_event_rejected(event_id).await
+	}
+
+	pub fn mark_event_rejected(&self, event_id: &EventId) {
+		self.db.mark_event_rejected(event_id);
+	}
+
+	pub fn unmark_event_soft_failed(&self, event_id: &EventId) {
+		self.db.unmark_event_soft_failed(event_id);
+	}
+
+	pub fn unmark_event_rejected(&self, event_id: &EventId) {
+		self.db.unmark_event_rejected(event_id);
+	}
+
+	/// Returns true if the event is neither soft-failed nor rejected.
+	pub async fn is_event_accepted(&self, event_id: &EventId) -> bool {
+		!self.db.is_event_rejected(event_id).await
+			&& !self.db.is_event_soft_failed(event_id).await
+	}
+
+	pub fn unmark_pdu(&self, event_id: &EventId) { self.db.unmark_pdu(event_id); }
 }