Mirrors/continuwuity
1
0
Fork 0
mirror of https://forgejo.ellis.link/continuwuation/continuwuity.git synced 2026-05-26 20:49:55 +00:00
Code Issues Packages Projects Releases Wiki Activity
6,665 Commits 157 Branches 36 Tags
ca358438eeb0061d5f4d32ffbeef8e3d7fc8bc59
Commit Graph

649 Commits

Author SHA1 Message Date
Jade Ellis 082c44f355 fix: Only sync LDAP admin status when admin_filter is configured 
Closes #1307
 2026-02-15 16:17:26 +00:00
nexy7574 aa5400bcef style: Fix IncompatibleRoomVersion log line 2026-02-15 16:11:18 +00:00
nexy7574 ff4dddd673 fix: Refactor local join process 2026-02-15 16:11:18 +00:00
timedout 3da7fa24db fix: Produce more useful errors in make_join_request 2026-02-15 16:11:18 +00:00
timedout a9ebdf58e2 feat: Filter ignored PDUs in relations 2026-02-15 15:55:35 +00:00
timedout f1ab27d344 feat: Return SENDER_IGNORED error for context and relations 2026-02-15 15:55:35 +00:00
timedout 8bc6e6ccca feat: Return SENDER_IGNORED error in is_ignored_pdu 2026-02-15 15:55:32 +00:00
Jade Ellis 60a3abe752 refactor: Use HashSet 2026-02-15 15:35:29 +00:00
Ellie e3b874d336 fix(sync): handle wildcard state keys in sliding sync required_state 2026-02-15 15:35:29 +00:00
Ginger 8d66500c99 chore: Code cleanup 2026-02-14 14:12:57 -05:00
Simon Gardling 134e5cadaf fix(sliding-sync): Properly handle wildcard state_key 
Fixes calls as described in https://forgejo.ellis.link/continuwuation/continuwuity/issues/1306
 2026-02-14 14:12:35 -05:00
Chris W Jones 5506997ca0 feat: Add config option for livekit 
This adds a new config option under `global.well_known` for livekit
server URLs.  It also updates the well_known client API endpoint to
return this list.

Closes #1355
 2026-02-13 19:52:39 +00:00
timedout f243b383cb style: Fix typo in validate_remote_member_event_stub 2026-02-08 15:37:40 +00:00
timedout e0b7d03018 fix: Perform additional membership validation on remote knocks too 2026-02-08 15:34:07 +00:00
timedout 184ae2ebb9 fix: Apply validation to make_join process 2026-02-06 18:15:39 +00:00
timedout fd9bbb08ed fix: Restore admin room announcement for deactivations 2026-01-30 05:11:30 +00:00
timedout 25f7d80a8c fix: Clippy lint 2026-01-30 05:11:30 +00:00
timedout 02fa0ba0b8 perf: Optimise account deactivation process 2026-01-30 05:11:30 +00:00
K900 cb79a3b9d7 refactor(treewide): get rid of compile time build environment introspection 
It's cursed and not very useful. Still a few uses of ctor left, but oh well.
 2026-01-19 19:44:28 +00:00
Jason Volk 79a278b9e8 Fix verification loss; workaround Nheko-Reborn/nheko#1908 (closes #146) 
Signed-off-by: Jason Volk <jason@zemos.net>
 2026-01-18 14:41:01 +00:00
timedout 99a10998b4 style: Remove unused import 2026-01-11 15:42:06 +00:00
nex 05c6b5df75 fix: M_BAD_JSON in c2s invite 2026-01-11 15:37:59 +00:00
timedout e3cf288f39 feat: Support creating custom v12 room IDs 2026-01-09 02:50:04 +00:00
timedout 5a2a1b6240 style: Clean up whoami code 2026-01-09 01:12:38 +00:00
timedout d22d47954f fix: Return 403 instead of 404 at /_matrix/client/v3/account/whoami 2026-01-09 00:44:38 +00:00
timedout 247bc15659 fix: Await future 2026-01-07 17:31:53 +00:00
timedout 88a35e139d fix: Correctly return M_USER_LOCKED during login 2026-01-07 17:31:53 +00:00
timedout 1c816850ed feat: Allow admins to disable the login capability of an account 
# Conflicts:
#	src/admin/user/commands.rs
 2026-01-07 17:31:51 +00:00
Ginger adc7c5ac49 fix(!783): Don't allow registrations by default with no token configured 2026-01-07 14:22:37 +00:00
Ginger ca77970ff3 feat(!783): Add admin commands for managing tokens 2026-01-07 14:22:37 +00:00
Ginger 42f4ec34cd feat(!783): Initial implementation 
Adds support for extra limited-use registration tokens
stored in the database, and a new service to manage them.
 2026-01-07 14:22:37 +00:00
Jade Ellis 9552dd7485 style: Log error 2026-01-06 01:55:52 +00:00
Ginger 88c84f221f chore: Add comment and warning to unhappy path 2026-01-06 00:59:32 +00:00
Laurențiu Nicola a10bd71945 fix(admin): fix force-leaving rooms with no left_state PDU 2026-01-06 00:59:31 +00:00
timedout 279f7cbfe4 style: Fix failing lints 2026-01-05 20:10:29 +00:00
timedout 4b873a1b95 fix: Apply spam checker to local restricted joins 2026-01-05 20:10:29 +00:00
timedout 99f16c2dfc fix: Call user_may_join_room later in the join process 2026-01-05 20:10:28 +00:00
timedout 5ac82f36f3 feat: Consolidate antispam checks into a service 
Also adds support for the spam checker join rule, and Draupnir callbacks
 2026-01-05 20:10:28 +00:00
timedout c249dd992e feat: Add support for automatically rejecting pending invites 2026-01-05 20:10:28 +00:00
timedout 0956779802 feat: Add Meowlnir invite interception support 
Co-authored-by: Jade Ellis <jade@ellis.link>
 2026-01-05 20:10:27 +00:00
Jade Ellis aed15f246a refactor: Clean up logging issues 
Primary issues: Double escapes (debug fmt), spans without levels
 2026-01-05 18:28:57 +00:00
timedout 27d6604d14 fix: Use a timeout instead of deadline 2026-01-03 17:08:47 +00:00
timedout 1c7bd2f6fa style: Remove unnecessary then() calls in chain 2026-01-03 16:22:49 +00:00
timedout 56d7099011 style: Include errors in key claim response too 2026-01-03 16:10:06 +00:00
timedout bc426e1bfc fix: Apply client-requested timeout to federated key queries 
Also parallelised federation calls in related functions
 2026-01-03 16:05:05 +00:00
timedout bf200ad12d fix: Resolve compile errors 
me and cargo check are oops now
 2025-12-31 20:01:29 +00:00
timedout 44851ee6a2 feat: Fall back to remote room summary if local fails 2025-12-31 20:01:29 +00:00
timedout a7e6e6e83f feat: Allow local server admins to bypass summary visibility checks 
feat: Allow local server admins to bypass summary visibility checks

Also improve error messages so they aren't so damn long.
 2025-12-31 20:01:29 +00:00
Terry f8c1e9bcde feat: Config defined admin list 
Closes !1246
 2025-12-31 19:35:40 +00:00
Olivia Lee 12aecf8091 validate membership events returned by remote servers 
This fixes a vulnerability where an attacker with a malicious remote
server and a user on the local server can trick the local server into
signing arbitrary events. The attacker issue a remote leave as the local
user to a room on the malicious server. Without any validation of the
make_leave response, the local server would sign the attacker-controlled
event and pass it back to the malicious server with send_leave.

The join and knock endpoints are also fixed in this commit, but are less
useful for exploitation because the local server replaces the "content"
field returned by the remote server. Remote invites are unaffected
because we already check that the event returned from /invite has the
same event ID as the event passed to it.

Co-authored-by: timedout <git@nexy7574.co.uk>
Co-authored-by: Jade Ellis <jade@ellis.link>
Co-authored-by: Ginger <ginger@gingershaped.computer>
 2025-12-30 15:24:45 +00:00