Mirrors/continuwuity
1
0
Fork 0
mirror of https://forgejo.ellis.link/continuwuation/continuwuity.git synced 2026-05-26 20:49:55 +00:00
Code Issues Packages Projects Releases Wiki Activity

perf: Attempt to prevent people joining known busted rooms

Browse Source
This commit is contained in:
timedout
2026-03-07 17:02:08 +00:00
parent 38e93cde3e
commit 511bb8bf55
4 changed files with 60 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files
changelog.d/1502.feature
+1
View File
@@ -0,0 +1 @@
Added a list of rooms that are forcefully banned for performance reasons, to prevent new users foot-gunning themselves by joining them. Contributed by @nex.
conduwuit-example.toml
+17
View File
@@ -1519,6 +1519,23 @@
# #
#forbidden_alias_names = [] #forbidden_alias_names = []
# Allow joining rooms that are known to be broken or have a history of
# causing issues.
#
# The rooms that are banned in this way are hardcoded and set by the
# maintainers, and cannot be configured. This method is a last-resort to
# prevent people who are just setting up Matrix from joining these huge,
# old rooms that have been recommended to them, only to watch their
# server turn into a space heater and have horrific performance issues
# that are unresolvable due to the completely broken state of the rooms.
#
# If you enable this option, you acknowledge that joining rooms banned by
# this feature will likely cause you severe performance issues, and you
# forgo your right to complain about any slowdowns or inflated resource
# usage you encounter.
#
#allow_joining_broken_rooms = false
# List of forbidden username patterns/strings. # List of forbidden username patterns/strings.
# #
# Regex can be used or explicit contains matches can be done by just # Regex can be used or explicit contains matches can be done by just
src/api/client/membership/mod.rs
+23 -4
View File
@@ -58,6 +58,18 @@ pub(crate) async fn joined_rooms_route(
}) })
} }
const BROKEN_ROOM_IDS: [&str; 9] = [
"!iMZEhwCvbfeAYUxAjZ:t2l.io", // Matrix community space - insanely broken state
"!OGEhHVWSdvArJzumhm:matrix.org", // Old Matrix HQ - huge room, very broken
"!IemiTbwVankHTFiEoh:matrix.org", // Old Element Web - huge room, very broken
"!brXHJeAtqliwNGqHQx:lossy.network", // NixOS space - frequent bug reports, huge state
"!04iUOXvKl6GxOztTbP230xhKR-hu4kPzrzfjiv9dc_8", // GrapheneOS space - frequent bug reports
"!MBrxZRUoApYYjmyion:t2bot.io", // Old t2bot room - insane auth chain depths
"izahlpcyIDeymNjiOd:matrix.debian.social", // #debian-next:matrix.debian.social
"!mefQhZzgTaxNCNzAeK:kde.org", // KDE user help
"!OTxETzuhBDbnPqBqbP:kde.org", // KDE space
];
/// Checks if the room is banned in any way possible and the sender user is not /// Checks if the room is banned in any way possible and the sender user is not
/// an admin. /// an admin.
/// ///
@@ -71,11 +83,15 @@ pub(crate) async fn banned_room_check(
server_name: Option<&ServerName>, server_name: Option<&ServerName>,
client_ip: IpAddr, client_ip: IpAddr,
) -> Result { ) -> Result {
if services.users.is_admin(user_id).await {
return Ok(());
}
if let Some(room_id) = room_id { if let Some(room_id) = room_id {
if !services.config.allow_joining_broken_rooms
&& BROKEN_ROOM_IDS.contains(&room_id.as_str())
{
return Err!(Request(Forbidden("This room is too complex.")));
}
if services.users.is_admin(user_id).await {
return Ok(());
}
let room_banned = services.rooms.metadata.is_banned(room_id).await; let room_banned = services.rooms.metadata.is_banned(room_id).await;
let server_banned = room_id.server_name().is_some_and(|server_name| { let server_banned = room_id.server_name().is_some_and(|server_name| {
services.moderation.is_remote_server_forbidden(server_name) services.moderation.is_remote_server_forbidden(server_name)
@@ -116,6 +132,9 @@ pub(crate) async fn banned_room_check(
return Err!(Request(Forbidden("This room is banned on this homeserver."))); return Err!(Request(Forbidden("This room is banned on this homeserver.")));
} }
} else if let Some(server_name) = server_name { } else if let Some(server_name) = server_name {
if services.users.is_admin(user_id).await {
return Ok(());
}
if services if services
.config .config
.forbidden_remote_server_names .forbidden_remote_server_names
src/core/config/mod.rs
+19
View File
@@ -1751,6 +1751,25 @@ pub struct Config {
#[serde(default, with = "serde_regex")] #[serde(default, with = "serde_regex")]
pub forbidden_alias_names: RegexSet, pub forbidden_alias_names: RegexSet,
/// Allow joining rooms that are known to be broken or have a history of
/// causing issues.
///
/// The rooms that are banned in this way are hardcoded and set by the
/// maintainers, and cannot be configured. This method is a last-resort to
/// prevent people who are just setting up Matrix from joining these huge,
/// old rooms that have been recommended to them, only to watch their
/// server turn into a space heater and have horrific performance issues
/// that are unresolvable due to the completely broken state of the rooms.
///
/// If you enable this option, you acknowledge that joining rooms banned by
/// this feature will likely cause you severe performance issues, and you
/// forgo your right to complain about any slowdowns or inflated resource
/// usage you encounter.
///
/// default: false
#[serde(default)]
pub allow_joining_broken_rooms: bool,
/// List of forbidden username patterns/strings. /// List of forbidden username patterns/strings.
/// ///
/// Regex can be used or explicit contains matches can be done by just /// Regex can be used or explicit contains matches can be done by just