chore(sync/v3): Remove unused imports

Also, don't take read receipts into consideration for lazy loading.
Synapse doesn't do this and they're making initial syncs very large.

.forgejo/actions/upload-docker-artifacts/action.yml

@@ -54,7 +54,7 @@ runs:
       run: mv /tmp/binaries/sbin/conduwuit /tmp/binaries/conduwuit${{ inputs.cpu_suffix }}-${{ inputs.slug }}${{ inputs.artifact_suffix }}
 
     - name: Upload binary artifact
-      uses: forgejo/upload-artifact@v3
+      uses: forgejo/upload-artifact@v4
       with:
         name: conduwuit${{ inputs.cpu_suffix }}-${{ inputs.slug }}${{ inputs.artifact_suffix }}
         path: /tmp/binaries/conduwuit${{ inputs.cpu_suffix }}-${{ inputs.slug }}${{ inputs.artifact_suffix }}
@@ -62,7 +62,7 @@ runs:
 
     - name: Upload digest
       if: ${{ env.BUILTIN_REGISTRY_ENABLED == 'true' }}
-      uses: forgejo/upload-artifact@v3
+      uses: forgejo/upload-artifact@v4
       with:
         name: digests${{ inputs.digest_suffix }}-${{ inputs.slug }}${{ inputs.cpu_suffix }}
         path: /tmp/digests/*

.forgejo/workflows/build-debian.yml

@@ -35,7 +35,6 @@ jobs:
         uses: actions/checkout@v6
         with:
           fetch-depth: 0
-          ref: ${{ github.ref_name }}
 
       - name: Cache Cargo registry
         uses: actions/cache@v4
@@ -127,7 +126,7 @@ jobs:
           [ -f /etc/conduwuit/conduwuit.toml ] && echo "✅ Config file installed"
 
       - name: Upload deb artifact
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v5
         with:
           name: continuwuity-${{ steps.debian-version.outputs.distribution }}
           path: ${{ steps.cargo-deb.outputs.path }}

.forgejo/workflows/build-fedora.yml

@@ -33,7 +33,6 @@ jobs:
         uses: actions/checkout@v6
         with:
           fetch-depth: 0
-          ref: ${{ github.ref_name }}
 
 
       - name: Cache DNF packages
@@ -239,13 +238,13 @@ jobs:
           cp $BIN_RPM upload-bin/
 
       - name: Upload binary RPM
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v5
         with:
           name: continuwuity
           path: upload-bin/
 
       - name: Upload debug RPM artifact
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v5
         with:
           name: continuwuity-debug
           path: artifacts/*debuginfo*.rpm

.forgejo/workflows/element.yml

@@ -109,7 +109,7 @@ jobs:
           cat ./element-web/webapp/config.json
 
       - name: 📤 Upload Artifact
-        uses: forgejo/upload-artifact@v3
+        uses: forgejo/upload-artifact@v4
         with:
           name: element-web
           path: ./element-web/webapp/

docs/deploying/generic.mdx

@@ -134,7 +134,7 @@ You can also [view the file on Foregejo](https://forgejo.ellis.link/continuwuati
 ## Creating the Continuwuity configuration file
 
 Now you need to create the Continuwuity configuration file in
-`/etc/conduwuit/conduwuit.toml`. You can find an example configuration at
+`/etc/continuwuity/continuwuity.toml`. You can find an example configuration at
 [conduwuit-example.toml](../reference/config.mdx).
 
 **Please take a moment to read the config. You need to change at least the

docs/public/.well-known/matrix/client

@@ -1 +1 @@
-{"m.homeserver":{"base_url": "https://matrix.continuwuity.org"},"org.matrix.msc3575.proxy":{"url": "https://matrix.continuwuity.org"},"org.matrix.msc4143.rtc_foci":[{"type":"livekit","livekit_service_url":"https://livekit.ellis.link"}]}
+{"m.homeserver":{"base_url": "https://matrix.continuwuity.org"},"org.matrix.msc3575.proxy":{"url": "https://matrix.continuwuity.org"}}

src/api/client/membership/join.rs

@@ -44,7 +44,6 @@ use service::{
 	rooms::{
 		state::RoomMutexGuard,
 		state_compressor::{CompressedState, HashSetCompressStateEvent},
-		timeline::pdu_fits,
 	},
 };
 
@@ -574,13 +573,6 @@ async fn join_room_by_id_helper_remote(
 					return state;
 				},
 			};
-			if !pdu_fits(&mut value.clone()) {
-				warn!(
-					"dropping incoming PDU {event_id} in room {room_id} from room join because \
-					 it exceeds 65535 bytes or is otherwise too large."
-				);
-				return state;
-			}
 			services.rooms.outlier.add_pdu_outlier(&event_id, &value);
 			if let Some(state_key) = &pdu.state_key {
 				let shortstatekey = services

src/api/client/message.rs

@@ -1,5 +1,4 @@
 use axum::extract::State;
-use axum_client_ip::InsecureClientIp;
 use conduwuit::{
 	Err, Result, at,
 	matrix::{
@@ -71,7 +70,6 @@ const LIMIT_DEFAULT: usize = 10;
 ///   where the user was joined, depending on `history_visibility`)
 pub(crate) async fn get_message_events_route(
 	State(services): State<crate::State>,
-	InsecureClientIp(client_ip): InsecureClientIp,
 	body: Ruma<get_message_events::v3::Request>,
 ) -> Result<get_message_events::v3::Response> {
 	debug_assert!(IGNORED_MESSAGE_TYPES.is_sorted(), "IGNORED_MESSAGE_TYPES is not sorted");
@@ -80,11 +78,6 @@ pub(crate) async fn get_message_events_route(
 	let room_id = &body.room_id;
 	let filter = &body.filter;
 
-	services
-		.users
-		.update_device_last_seen(sender_user, sender_device, client_ip)
-		.await;
-
 	if !services.rooms.metadata.exists(room_id).await {
 		return Err!(Request(Forbidden("Room does not exist to this server")));
 	}

src/api/client/read_marker.rs

@@ -1,7 +1,6 @@
 use std::collections::BTreeMap;
 
 use axum::extract::State;
-use axum_client_ip::InsecureClientIp;
 use conduwuit::{Err, PduCount, Result, err};
 use ruma::{
 	MilliSecondsSinceUnixEpoch,
@@ -119,14 +118,9 @@ pub(crate) async fn set_read_marker_route(
 /// Sets private read marker and public read receipt EDU.
 pub(crate) async fn create_receipt_route(
 	State(services): State<crate::State>,
-	InsecureClientIp(client_ip): InsecureClientIp,
 	body: Ruma<create_receipt::v3::Request>,
 ) -> Result<create_receipt::v3::Response> {
 	let sender_user = body.sender_user();
-	services
-		.users
-		.update_device_last_seen(sender_user, body.sender_device.as_deref(), client_ip)
-		.await;
 
 	if matches!(
 		&body.receipt_type,

src/api/client/redact.rs

@@ -1,5 +1,4 @@
 use axum::extract::State;
-use axum_client_ip::InsecureClientIp;
 use conduwuit::{Err, Result, matrix::pdu::PduBuilder};
 use ruma::{
 	api::client::redact::redact_event, events::room::redaction::RoomRedactionEventContent,
@@ -14,14 +13,9 @@ use crate::Ruma;
 /// - TODO: Handle txn id
 pub(crate) async fn redact_event_route(
 	State(services): State<crate::State>,
-	InsecureClientIp(client_ip): InsecureClientIp,
 	body: Ruma<redact_event::v3::Request>,
 ) -> Result<redact_event::v3::Response> {
 	let sender_user = body.sender_user();
-	services
-		.users
-		.update_device_last_seen(sender_user, body.sender_device.as_deref(), client_ip)
-		.await;
 	let body = &body.body;
 	if services.users.is_suspended(sender_user).await? {
 		// TODO: Users can redact their own messages while suspended

src/api/client/send.rs

@@ -1,7 +1,6 @@
 use std::collections::BTreeMap;
 
 use axum::extract::State;
-use axum_client_ip::InsecureClientIp;
 use conduwuit::{Err, Result, err, matrix::pdu::PduBuilder, utils};
 use ruma::{api::client::message::send_message_event, events::MessageLikeEventType};
 use serde_json::from_str;
@@ -19,7 +18,6 @@ use crate::Ruma;
 ///   allowed
 pub(crate) async fn send_message_event_route(
 	State(services): State<crate::State>,
-	InsecureClientIp(client_ip): InsecureClientIp,
 	body: Ruma<send_message_event::v3::Request>,
 ) -> Result<send_message_event::v3::Response> {
 	let sender_user = body.sender_user();
@@ -29,11 +27,6 @@ pub(crate) async fn send_message_event_route(
 		return Err!(Request(UserSuspended("You cannot perform this action while suspended.")));
 	}
 
-	services
-		.users
-		.update_device_last_seen(sender_user, body.sender_device.as_deref(), client_ip)
-		.await;
-
 	// Forbid m.room.encrypted if encryption is disabled
 	if MessageLikeEventType::RoomEncrypted == body.event_type && !services.config.allow_encryption
 	{

src/api/client/state.rs

@@ -1,5 +1,4 @@
 use axum::extract::State;
-use axum_client_ip::InsecureClientIp;
 use conduwuit::{
 	Err, Result, err,
 	matrix::{Event, pdu::PduBuilder},
@@ -8,7 +7,7 @@ use conduwuit::{
 use conduwuit_service::Services;
 use futures::{FutureExt, TryStreamExt};
 use ruma::{
-	MilliSecondsSinceUnixEpoch, OwnedEventId, RoomId, UserId,
+	OwnedEventId, RoomId, UserId,
 	api::client::state::{get_state_events, get_state_events_for_key, send_state_event},
 	events::{
 		AnyStateEventContent, StateEventType,
@@ -31,14 +30,9 @@ use crate::{Ruma, RumaResponse};
 /// Sends a state event into the room.
 pub(crate) async fn send_state_event_for_key_route(
 	State(services): State<crate::State>,
-	InsecureClientIp(ip): InsecureClientIp,
 	body: Ruma<send_state_event::v3::Request>,
 ) -> Result<send_state_event::v3::Response> {
 	let sender_user = body.sender_user();
-	services
-		.users
-		.update_device_last_seen(sender_user, body.sender_device.as_deref(), ip)
-		.await;
 
 	if services.users.is_suspended(sender_user).await? {
 		return Err!(Request(UserSuspended("You cannot perform this action while suspended.")));
@@ -67,10 +61,9 @@ pub(crate) async fn send_state_event_for_key_route(
 /// Sends a state event into the room.
 pub(crate) async fn send_state_event_for_empty_key_route(
 	State(services): State<crate::State>,
-	InsecureClientIp(ip): InsecureClientIp,
 	body: Ruma<send_state_event::v3::Request>,
 ) -> Result<RumaResponse<send_state_event::v3::Response>> {
-	send_state_event_for_key_route(State(services), InsecureClientIp(ip), body)
+	send_state_event_for_key_route(State(services), body)
 		.boxed()
 		.await
 		.map(RumaResponse)
@@ -192,7 +185,7 @@ async fn send_state_event_for_key_helper(
 	event_type: &StateEventType,
 	json: &Raw<AnyStateEventContent>,
 	state_key: &str,
-	timestamp: Option<MilliSecondsSinceUnixEpoch>,
+	timestamp: Option<ruma::MilliSecondsSinceUnixEpoch>,
 ) -> Result<OwnedEventId> {
 	allowed_to_send_state_event(services, room_id, event_type, state_key, json).await?;
 	let state_lock = services.rooms.state.mutex.lock(room_id).await;

src/api/client/sync/v3/mod.rs

@@ -9,7 +9,6 @@ use std::{
 };
 
 use axum::extract::State;
-use axum_client_ip::InsecureClientIp;
 use conduwuit::{
 	Result, extract_variant,
 	utils::{
@@ -181,7 +180,6 @@ type PresenceUpdates = HashMap<OwnedUserId, PresenceEventContent>;
 )]
 pub(crate) async fn sync_events_route(
 	State(services): State<crate::State>,
-	InsecureClientIp(client_ip): InsecureClientIp,
 	body: Ruma<sync_events::v3::Request>,
 ) -> Result<sync_events::v3::Response, RumaResponse<UiaaResponse>> {
 	let (sender_user, sender_device) = body.sender();
@@ -194,12 +192,6 @@ pub(crate) async fn sync_events_route(
 			.await?;
 	}
 
-	// Increment the "device last active" metadata
-	services
-		.users
-		.update_device_last_seen(sender_user, Some(sender_device), client_ip)
-		.await;
-
 	// Setup watchers, so if there's no response, we can wait for them
 	let watcher = services.sync.watch(sender_user, sender_device);
 

src/api/client/sync/v5.rs

@@ -6,7 +6,6 @@ use std::{
 };
 
 use axum::extract::State;
-use axum_client_ip::InsecureClientIp;
 use conduwuit::{
 	Err, Error, Result, at, error, extract_variant, is_equal_to,
 	matrix::{Event, TypeStateKey, pdu::PduCount},
@@ -62,18 +61,11 @@ type KnownRooms = BTreeMap<String, BTreeMap<OwnedRoomId, u64>>;
 /// [MSC4186]: https://github.com/matrix-org/matrix-spec-proposals/pull/4186
 pub(crate) async fn sync_events_v5_route(
 	State(ref services): State<crate::State>,
-	InsecureClientIp(client_ip): InsecureClientIp,
 	body: Ruma<sync_events::v5::Request>,
 ) -> Result<sync_events::v5::Response> {
 	debug_assert!(DEFAULT_BUMP_TYPES.is_sorted(), "DEFAULT_BUMP_TYPES is not sorted");
 	let sender_user = body.sender_user.as_ref().expect("user is authenticated");
 	let sender_device = body.sender_device.as_ref().expect("user is authenticated");
-
-	services
-		.users
-		.update_device_last_seen(sender_user, Some(sender_device), client_ip)
-		.await;
-
 	let mut body = body.body;
 
 	// Setup watchers, so if there's no response, we can wait for them

src/api/client/typing.rs

@@ -1,5 +1,4 @@
 use axum::extract::State;
-use axum_client_ip::InsecureClientIp;
 use conduwuit::{Err, Result, utils, utils::math::Tried};
 use ruma::api::client::typing::create_typing_event;
 
@@ -10,15 +9,10 @@ use crate::Ruma;
 /// Sets the typing state of the sender user.
 pub(crate) async fn create_typing_event_route(
 	State(services): State<crate::State>,
-	InsecureClientIp(ip): InsecureClientIp,
 	body: Ruma<create_typing_event::v3::Request>,
 ) -> Result<create_typing_event::v3::Response> {
 	use create_typing_event::v3::Typing;
 	let sender_user = body.sender_user();
-	services
-		.users
-		.update_device_last_seen(sender_user, body.sender_device.as_deref(), ip)
-		.await;
 
 	if sender_user != body.user_id && body.appservice_info.is_none() {
 		return Err!(Request(Forbidden("You cannot update typing status of other users.")));

src/core/config/mod.rs

@@ -1224,6 +1224,12 @@ pub struct Config {
 	#[serde(default)]
 	pub rocksdb_repair: bool,
 
+	#[serde(default)]
+	pub rocksdb_read_only: bool,
+
+	#[serde(default)]
+	pub rocksdb_secondary: bool,
+
 	/// Enables idle CPU priority for compaction thread. This is not enabled by
 	/// default to prevent compaction from falling too far behind on busy
 	/// systems.

src/core/matrix/state_res/event_auth.rs

@@ -177,6 +177,11 @@ where
 
 	// [synapse] do_sig_check check the event has valid signatures for member events
 
+	// TODO do_size_check is false when called by `iterative_auth_check`
+	// do_size_check is also mostly accomplished by ruma with the exception of
+	// checking event_type, state_key, and json are below a certain size (255 and
+	// 65_536 respectively)
+
 	let sender = incoming_event.sender();
 
 	// Implementation of https://spec.matrix.org/latest/rooms/v1/#authorization-rules

src/database/engine.rs

@@ -19,7 +19,7 @@ use std::{
 
 use conduwuit::{Err, Result, debug, info, warn};
 use rocksdb::{
-	AsColumnFamilyRef, BoundColumnFamily, DBCommon, MultiThreaded, OptimisticTransactionDB,
+	AsColumnFamilyRef, BoundColumnFamily, DBCommon, DBWithThreadMode, MultiThreaded,
 	WaitForCompactOptions,
 };
 
@@ -33,11 +33,13 @@ pub struct Engine {
 	pub(crate) db: Db,
 	pub(crate) pool: Arc<Pool>,
 	pub(crate) ctx: Arc<Context>,
+	pub(super) read_only: bool,
+	pub(super) secondary: bool,
 	pub(crate) checksums: bool,
 	corks: AtomicU32,
 }
 
-pub(crate) type Db = OptimisticTransactionDB<MultiThreaded>;
+pub(crate) type Db = DBWithThreadMode<MultiThreaded>;
 
 impl Engine {
 	#[tracing::instrument(
@@ -127,6 +129,14 @@ impl Engine {
 
 		sequence
 	}
+
+	#[inline]
+	#[must_use]
+	pub fn is_read_only(&self) -> bool { self.secondary || self.read_only }
+
+	#[inline]
+	#[must_use]
+	pub fn is_secondary(&self) -> bool { self.secondary }
 }
 
 impl Drop for Engine {

src/database/engine/backup.rs

@@ -12,8 +12,9 @@ pub fn backup(&self) -> Result {
 	let mut engine = self.backup_engine()?;
 	let config = &self.ctx.server.config;
 	if config.database_backups_to_keep > 0 {
+		let flush = !self.is_read_only();
 		engine
-			.create_new_backup_flush(&self.db, true)
+			.create_new_backup_flush(&self.db, flush)
 			.map_err(map_err)?;
 
 		let engine_info = engine.get_backup_info();

src/database/engine/memory_usage.rs

@@ -1,7 +1,7 @@
 use std::fmt::Write;
 
 use conduwuit::{Result, implement};
-use rocksdb::perf::MemoryUsageBuilder;
+use rocksdb::perf::get_memory_usage_stats;
 
 use super::Engine;
 use crate::or_else;
@@ -9,21 +9,16 @@ use crate::or_else;
 #[implement(Engine)]
 pub fn memory_usage(&self) -> Result<String> {
 	let mut res = String::new();
-
+	let stats = get_memory_usage_stats(Some(&[&self.db]), Some(&[&*self.ctx.row_cache.lock()]))
-	let mut builder = MemoryUsageBuilder::new().or_else(or_else)?;
+		.or_else(or_else)?;
-	builder.add_db(&self.db);
-	builder.add_cache(&self.ctx.row_cache.lock());
-
-	let usage = builder.build().or_else(or_else)?;
-
 	let mibs = |input| f64::from(u32::try_from(input / 1024).unwrap_or(0)) / 1024.0;
 	writeln!(
 		res,
 		"Memory buffers: {:.2} MiB\nPending write: {:.2} MiB\nTable readers: {:.2} MiB\nRow \
 		 cache: {:.2} MiB",
-		mibs(usage.approximate_mem_table_total()),
+		mibs(stats.mem_table_total),
-		mibs(usage.approximate_mem_table_unflushed()),
+		mibs(stats.mem_table_unflushed),
-		mibs(usage.approximate_mem_table_readers_total()),
+		mibs(stats.mem_table_readers_total),
 		mibs(u64::try_from(self.ctx.row_cache.lock().get_usage())?),
 	)?;
 

src/database/engine/open.rs

@@ -35,7 +35,14 @@ pub(crate) async fn open(ctx: Arc<Context>, desc: &[Descriptor]) -> Result<Arc<S
 	}
 
 	debug!("Opening database...");
-	let db = Db::open_cf_descriptors(&db_opts, path, cfds).or_else(or_else)?;
+	let db = if config.rocksdb_read_only {
+		Db::open_cf_descriptors_read_only(&db_opts, path, cfds, false)
+	} else if config.rocksdb_secondary {
+		Db::open_cf_descriptors_as_secondary(&db_opts, path, path, cfds)
+	} else {
+		Db::open_cf_descriptors(&db_opts, path, cfds)
+	}
+	.or_else(or_else)?;
 
 	info!(
 		columns = num_cfds,
@@ -48,6 +55,8 @@ pub(crate) async fn open(ctx: Arc<Context>, desc: &[Descriptor]) -> Result<Arc<S
 		db,
 		pool: ctx.pool.clone(),
 		ctx: ctx.clone(),
+		read_only: config.rocksdb_read_only,
+		secondary: config.rocksdb_secondary,
 		checksums: config.rocksdb_checksums,
 		corks: AtomicU32::new(0),
 	}))

src/database/map/insert.rs

@@ -219,7 +219,7 @@ where
 	K: AsRef<[u8]> + Sized + Debug + 'a,
 	V: AsRef<[u8]> + Sized + 'a,
 {
-	let mut batch = WriteBatchWithTransaction::<true>::default();
+	let mut batch = WriteBatchWithTransaction::<false>::default();
 	for (key, val) in iter {
 		batch.put_cf(&self.cf(), key.as_ref(), val.as_ref());
 	}

src/database/mod.rs

@@ -77,6 +77,14 @@ impl Database {
 
 	#[inline]
 	pub fn keys(&self) -> impl Iterator<Item = &MapsKey> + Send + '_ { self.maps.keys() }
+
+	#[inline]
+	#[must_use]
+	pub fn is_read_only(&self) -> bool { self.db.is_read_only() }
+
+	#[inline]
+	#[must_use]
+	pub fn is_secondary(&self) -> bool { self.db.is_secondary() }
 }
 
 impl Index<&str> for Database {

src/service/emergency/mod.rs

@@ -37,6 +37,10 @@ impl crate::Service for Service {
 	}
 
 	async fn worker(self: Arc<Self>) -> Result {
+		if self.services.globals.is_read_only() {
+			return Ok(());
+		}
+
 		if self.services.config.ldap.enable {
 			warn!("emergency password feature not available with LDAP enabled.");
 			return Ok(());

src/service/globals/mod.rs

@@ -31,13 +31,12 @@ impl crate::Service for Service {
 
 		let turn_secret = config.turn_secret_file.as_ref().map_or_else(
 			|| config.turn_secret.clone(),
-			|path| match std::fs::read_to_string(path) {
+			|path| {
-				| Ok(secret) => secret.trim().to_owned(),
+				std::fs::read_to_string(path).unwrap_or_else(|e| {
-				| Err(e) => {
 					error!("Failed to read the TURN secret file: {e}");
 
 					config.turn_secret.clone()
-				},
+				})
 			},
 		);
 
@@ -50,7 +49,7 @@ impl crate::Service for Service {
 					return config.registration_token.clone();
 				};
 
-				Some(token.trim().to_owned())
+				Some(token)
 			},
 		);
 
@@ -171,4 +170,7 @@ impl Service {
 	pub fn server_is_ours(&self, server_name: &ServerName) -> bool {
 		server_name == self.server_name()
 	}
+
+	#[inline]
+	pub fn is_read_only(&self) -> bool { self.db.db.is_read_only() }
 }

src/service/migrations.rs

@@ -590,10 +590,6 @@ async fn fix_readreceiptid_readreceipt_duplicates(services: &Services) -> Result
 
 const FIXED_CORRUPT_MSC4133_FIELDS_MARKER: &[u8] = b"fix_corrupt_msc4133_fields";
 async fn fix_corrupt_msc4133_fields(services: &Services) -> Result {
-	// Due to an old bug, some conduwuit databases have `us.cloke.msc4175.tz` user
-	// profile fields with raw strings instead of quoted JSON ones.
-	// This migration fixes that.
-
 	use serde_json::{Value, from_slice};
 	type KeyVal<'a> = ((OwnedUserId, String), &'a [u8]);
 
@@ -610,28 +606,24 @@ async fn fix_corrupt_msc4133_fields(services: &Services) -> Result {
 			async |(mut total, mut fixed),
 			       ((user, key), value): KeyVal<'_>|
 			       -> Result<(usize, usize)> {
-				match from_slice::<Value>(value) {
+				if let Err(error) = from_slice::<Value>(value) {
-					// corrupted timezone field
+					// Due to an old bug, some conduwuit databases have `us.cloke.msc4175.tz` user
-					| Err(_) if key == "us.cloke.msc4175.tz" => {
+					// profile fields with raw strings instead of quoted JSON ones.
-						let new_value = Value::String(String::from_utf8(value.to_vec())?);
+					// This migration fixes that.
-						useridprofilekey_value.put((user, key), Json(new_value));
+					let new_value = if key == "us.cloke.msc4175.tz" {
-						fixed = fixed.saturating_add(1);
+						Value::String(String::from_utf8(value.to_vec())?)
-					},
+					} else {
-					// corrupted value for some other key
+						return Err!(
-					| Err(error) => {
+							"failed to deserialize msc4133 key {} of user {}: {}",
-						warn!(
+							key,
-							"deleting MSC4133 key {} for user {} due to deserialization \
+							user,
-							 failure: {}",
+							error
-							key, user, error
 						);
-						useridprofilekey_value.del((user, key));
+					};
-					},
-					// other key with no issues
-					| Ok(_) => {
-						// do nothing
-					},
-				}
 
+					useridprofilekey_value.put((user, key), Json(new_value));
+					fixed = fixed.saturating_add(1);
+				}
 				total = total.saturating_add(1);
 
 				Ok((total, fixed))

src/service/rooms/event_handler/handle_incoming_pdu.rs

@@ -14,7 +14,7 @@ use futures::{
 use ruma::{CanonicalJsonValue, EventId, RoomId, ServerName, UserId, events::StateEventType};
 use tracing::debug;
 
-use crate::rooms::timeline::{RawPduId, pdu_fits};
+use crate::rooms::timeline::RawPduId;
 
 /// When receiving an event one needs to:
 /// 0. Check the server is in the room
@@ -62,13 +62,6 @@ pub async fn handle_incoming_pdu<'a>(
 	if let Ok(pdu_id) = self.services.timeline.get_pdu_id(event_id).await {
 		return Ok(Some(pdu_id));
 	}
-	if !pdu_fits(&mut value.clone()) {
-		warn!(
-			"dropping incoming PDU {event_id} in room {room_id} from {origin} because it \
-			 exceeds 65535 bytes or is otherwise too large."
-		);
-		return Err!(Request(TooLarge("PDU is too large")));
-	}
 
 	// 1.1 Check the server is in the room
 	let meta_exists = self.services.metadata.exists(room_id).map(Ok);

src/service/rooms/event_handler/handle_outlier_pdu.rs

@@ -1,8 +1,7 @@
 use std::collections::{BTreeMap, HashMap, hash_map};
 
 use conduwuit::{
-	Err, Event, PduEvent, Result, debug, debug_info, debug_warn, err, implement, state_res,
+	Err, Event, PduEvent, Result, debug, debug_info, debug_warn, err, implement, state_res, trace,
-	trace, warn,
 };
 use futures::future::ready;
 use ruma::{
@@ -11,7 +10,6 @@ use ruma::{
 };
 
 use super::{check_room_id, get_room_version_id, to_room_version};
-use crate::rooms::timeline::pdu_fits;
 
 #[implement(super::Service)]
 #[allow(clippy::too_many_arguments)]
@@ -27,13 +25,6 @@ pub(super) async fn handle_outlier_pdu<'a, Pdu>(
 where
 	Pdu: Event + Send + Sync,
 {
-	if !pdu_fits(&mut value.clone()) {
-		warn!(
-			"dropping incoming PDU {event_id} in room {room_id} from {origin} because it \
-			 exceeds 65535 bytes or is otherwise too large."
-		);
-		return Err!(Request(TooLarge("PDU is too large")));
-	}
 	// 1. Remove unsigned field
 	value.remove("unsigned");
 

src/service/rooms/timeline/create.rs

@@ -23,40 +23,6 @@ use serde_json::value::{RawValue, to_raw_value};
 
 use super::RoomMutexGuard;
 
-pub fn pdu_fits(owned_obj: &mut CanonicalJsonObject) -> bool {
-	// room IDs, event IDs, senders, types, and state keys must all be <= 255 bytes
-	if let Some(CanonicalJsonValue::String(room_id)) = owned_obj.get("room_id") {
-		if room_id.len() > 255 {
-			return false;
-		}
-	}
-	if let Some(CanonicalJsonValue::String(event_id)) = owned_obj.get("event_id") {
-		if event_id.len() > 255 {
-			return false;
-		}
-	}
-	if let Some(CanonicalJsonValue::String(sender)) = owned_obj.get("sender") {
-		if sender.len() > 255 {
-			return false;
-		}
-	}
-	if let Some(CanonicalJsonValue::String(kind)) = owned_obj.get("type") {
-		if kind.len() > 255 {
-			return false;
-		}
-	}
-	if let Some(CanonicalJsonValue::String(state_key)) = owned_obj.get("state_key") {
-		if state_key.len() > 255 {
-			return false;
-		}
-	}
-	// Now check the full PDU size
-	match serde_json::to_string(owned_obj) {
-		| Ok(s) => s.len() <= 65535,
-		| Err(_) => false,
-	}
-}
-
 #[implement(super::Service)]
 pub async fn create_hash_and_sign_event(
 	&self,
@@ -182,6 +148,19 @@ pub async fn create_hash_and_sign_event(
 		}
 	}
 
+	// if event_type != TimelineEventType::RoomCreate && prev_events.is_empty() {
+	// 	return Err!(Request(Unknown("Event incorrectly had zero prev_events.")));
+	// }
+	// if state_key.is_none() && depth.lt(&uint!(2)) {
+	// 	// The first two events in a room are always m.room.create and
+	// m.room.member, 	// so any other events with that same depth are illegal.
+	// 	warn!(
+	// 		"Had unsafe depth {depth} when creating non-state event in {}. Cowardly
+	// aborting", 		room_id.expect("room_id is Some here").as_str()
+	// 	);
+	// 	return Err!(Request(Unknown("Unsafe depth for non-state event.")));
+	// }
+
 	let mut pdu = PduEvent {
 		event_id: ruma::event_id!("$thiswillbefilledinlater").into(),
 		room_id: room_id.map(ToOwned::to_owned),
@@ -290,16 +269,8 @@ pub async fn create_hash_and_sign_event(
 	}
 	// Generate event id
 	pdu.event_id = gen_event_id(&pdu_json, &room_version_id)?;
-	pdu_json.insert("event_id".into(), CanonicalJsonValue::String(pdu.event_id.clone().into()));
-	// Verify that the *full* PDU isn't over 64KiB.
-	// Ruma only validates that it's under 64KiB before signing and hashing.
-	// Has to be cloned to prevent mutating pdu_json itself :(
-	if !pdu_fits(&mut pdu_json.clone()) {
-		// feckin huge PDU mate
-		return Err!(Request(TooLarge("Message/PDU is too long (exceeds 65535 bytes)")));
-	}
-
 	// Check with the policy server
+	pdu_json.insert("event_id".into(), CanonicalJsonValue::String(pdu.event_id.clone().into()));
 	if room_id.is_some() {
 		trace!(
 			"Checking event in room {} with policy server",

src/service/rooms/timeline/mod.rs

@@ -26,7 +26,7 @@ use ruma::{
 use serde::Deserialize;
 
 use self::data::Data;
-pub use self::{create::pdu_fits, data::PdusIterItem};
+pub use self::data::PdusIterItem;
 use crate::{
 	Dep, account_data, admin, appservice, globals, pusher, rooms, sending, server_keys, users,
 };

src/service/services.rs

@@ -130,7 +130,7 @@ impl Services {
 
 		// reset dormant online/away statuses to offline, and set the server user as
 		// online
-		if self.server.config.allow_local_presence {
+		if self.server.config.allow_local_presence && !self.db.is_read_only() {
 			self.presence.unset_all_presence().await;
 			_ = self
 				.presence
@@ -146,7 +146,7 @@ impl Services {
 		info!("Shutting down services...");
 
 		// set the server user as offline
-		if self.server.config.allow_local_presence {
+		if self.server.config.allow_local_presence && !self.db.is_read_only() {
 			_ = self
 				.presence
 				.ping_presence(&self.globals.server_user, &ruma::presence::PresenceState::Offline)

src/service/uiaa/mod.rs

@@ -11,7 +11,7 @@ use database::{Deserialized, Json, Map};
 use ruma::{
 	CanonicalJsonValue, DeviceId, OwnedDeviceId, OwnedUserId, UserId,
 	api::client::{
-		error::{ErrorKind, StandardErrorBody},
+		error::ErrorKind,
 		uiaa::{AuthData, AuthType, Password, UiaaInfo, UserIdentifier},
 	},
 };
@@ -104,7 +104,6 @@ pub fn create(
 }
 
 #[implement(Service)]
-#[allow(clippy::useless_let_if_seq)]
 pub async fn try_auth(
 	&self,
 	user_id: &UserId,
@@ -164,39 +163,17 @@ pub async fn try_auth(
 			let user_id = user_id_from_username;
 
 			// Check if password is correct
-			let mut password_verified = false;
-
-			// First try local password hash verification
 			if let Ok(hash) = self.services.users.password_hash(&user_id).await {
-				password_verified = hash::verify_password(password, &hash).is_ok();
+				let hash_matches = hash::verify_password(password, &hash).is_ok();
-			}
+				if !hash_matches {
-
+					uiaainfo.auth_error = Some(ruma::api::client::error::StandardErrorBody {
-			// If local password verification failed, try LDAP authentication
+						kind: ErrorKind::forbidden(),
-			#[cfg(feature = "ldap")]
+						message: "Invalid username or password.".to_owned(),
-			if !password_verified && self.services.config.ldap.enable {
+					});
-				// Search for user in LDAP to get their DN
+					return Ok((false, uiaainfo));
-				if let Ok(dns) = self.services.users.search_ldap(&user_id).await {
-					if let Some((user_dn, _is_admin)) = dns.first() {
-						// Try to authenticate with LDAP
-						password_verified = self
-							.services
-							.users
-							.auth_ldap(user_dn, password)
-							.await
-							.is_ok();
-					}
 				}
 			}
 
-			if !password_verified {
-				uiaainfo.auth_error = Some(StandardErrorBody {
-					kind: ErrorKind::forbidden(),
-					message: "Invalid username or password.".to_owned(),
-				});
-
-				return Ok((false, uiaainfo));
-			}
-
 			// Password was correct! Let's add it to `completed`
 			uiaainfo.completed.push(AuthType::Password);
 		},
@@ -220,7 +197,7 @@ pub async fn try_auth(
 				},
 				| Err(e) => {
 					error!("ReCaptcha verification failed: {e:?}");
-					uiaainfo.auth_error = Some(StandardErrorBody {
+					uiaainfo.auth_error = Some(ruma::api::client::error::StandardErrorBody {
 						kind: ErrorKind::forbidden(),
 						message: "ReCaptcha verification failed.".to_owned(),
 					});
@@ -233,7 +210,7 @@ pub async fn try_auth(
 			if tokens.contains(t.token.trim()) {
 				uiaainfo.completed.push(AuthType::RegistrationToken);
 			} else {
-				uiaainfo.auth_error = Some(StandardErrorBody {
+				uiaainfo.auth_error = Some(ruma::api::client::error::StandardErrorBody {
 					kind: ErrorKind::forbidden(),
 					message: "Invalid registration token.".to_owned(),
 				});

src/service/users/mod.rs

@@ -1,6 +1,6 @@
 #[cfg(feature = "ldap")]
 use std::collections::HashMap;
-use std::{collections::BTreeMap, mem, net::IpAddr, sync::Arc};
+use std::{collections::BTreeMap, mem, sync::Arc};
 
 #[cfg(feature = "ldap")]
 use conduwuit::result::LogErr;
@@ -25,7 +25,6 @@ use ruma::{
 		invite_permission_config::{FilterLevel, InvitePermissionConfigEvent},
 	},
 	serde::Raw,
-	uint,
 };
 use serde::{Deserialize, Serialize};
 use serde_json::json;
@@ -981,7 +980,6 @@ impl Service {
 			.await;
 	}
 
-	/// Updates device metadata and increments the device list version.
 	pub async fn update_device_metadata(
 		&self,
 		user_id: &UserId,
@@ -989,51 +987,13 @@ impl Service {
 		device: &Device,
 	) -> Result<()> {
 		increment(&self.db.userid_devicelistversion, user_id.as_bytes());
-		self.update_device_metadata_no_increment(user_id, device_id, device)
-			.await
-	}
 
-	// Updates device metadata without incrementing the device list version.
-	// This is namely used for updating the last_seen_ip and last_seen_ts values,
-	// as those do not need a device list version bump due to them not being
-	// relevant to other consumers.
-	pub async fn update_device_metadata_no_increment(
-		&self,
-		user_id: &UserId,
-		device_id: &DeviceId,
-		device: &Device,
-	) -> Result<()> {
 		let key = (user_id, device_id);
 		self.db.userdeviceid_metadata.put(key, Json(device));
 
 		Ok(())
 	}
 
-	pub async fn update_device_last_seen(
-		&self,
-		user_id: &UserId,
-		device_id: Option<&DeviceId>,
-		ip: IpAddr,
-	) {
-		let now = MilliSecondsSinceUnixEpoch::now();
-		if let Some(device_id) = device_id {
-			if let Ok(mut device) = self.get_device_metadata(user_id, device_id).await {
-				device.last_seen_ip = Some(ip.to_string());
-				// If the last update was less than 10 seconds ago, don't update the timestamp
-				if let Some(prev) = device.last_seen_ts {
-					if now.get().saturating_sub(prev.get()) < uint!(10_000) {
-						return;
-					}
-				}
-				device.last_seen_ts = Some(now);
-
-				self.update_device_metadata_no_increment(user_id, device_id, &device)
-					.await
-					.ok();
-			}
-		}
-	}
-
 	/// Get device metadata.
 	pub async fn get_device_metadata(
 		&self,