feat: Add user creation endpoint

This is a surprise tool that will help us later

src/api/Cargo.toml

@@ -62,6 +62,8 @@ zstd_compression = [
 	"reqwest/zstd",
 ]
 
+admin_api = []
+
 [dependencies]
 async-trait.workspace = true
 axum-client-ip.workspace = true

src/api/admin/mod.rs

@@ -1 +0,0 @@
-pub mod rooms;

src/api/admin/rooms/list.rs

@@ -1,36 +0,0 @@
-use axum::extract::State;
-use conduwuit::{Err, Result};
-use futures::StreamExt;
-use ruma::OwnedRoomId;
-use ruminuwuity::admin::continuwuity::rooms;
-
-use crate::Ruma;
-
-/// # `GET /_continuwuity/admin/rooms/list`
-///
-/// Lists all rooms known to this server, excluding banned ones.
-pub(crate) async fn list_rooms(
-	State(services): State<crate::State>,
-	body: Ruma<rooms::list::v1::Request>,
-) -> Result<rooms::list::v1::Response> {
-	let sender_user = body.identity.sender_user();
-	if !services.users.is_admin(sender_user).await {
-		return Err!(Request(Forbidden("Only server administrators can use this endpoint")));
-	}
-
-	let mut rooms: Vec<OwnedRoomId> = services
-		.rooms
-		.metadata
-		.iter_ids()
-		.filter_map(|room_id| async move {
-			if !services.rooms.metadata.is_banned(&room_id).await {
-				Some(room_id.clone())
-			} else {
-				None
-			}
-		})
-		.collect()
-		.await;
-	rooms.sort();
-	Ok(rooms::list::v1::Response::new(rooms))
-}

src/api/admin/rooms/mod.rs

@@ -1,2 +0,0 @@
-pub mod ban;
-pub mod list;

src/api/client/account/register.rs

@@ -99,7 +99,7 @@ pub(crate) async fn register_route(
 			.users
 			.create_local_account(&user_id, password, identity.email)
 			.await;
-
+		services.users.join_auto_join_rooms(&user_id).await;
 		user_id
 	};
 

src/api/client/admin/lock.rs

@@ -0,0 +1,89 @@
+use axum::extract::State;
+use conduwuit::Err;
+use futures::future::{join, join3};
+use ruma::api::client::admin::{is_user_locked, lock_user};
+
+use crate::router::Ruma;
+
+/// # `GET /_matrix/client/v1/admin/lock/{userId}`
+///
+/// Check the account lock status of a target user
+pub(crate) async fn get_locked_status(
+	State(services): State<crate::State>,
+	body: Ruma<is_user_locked::v1::Request>,
+) -> conduwuit::Result<is_user_locked::v1::Response> {
+	let sender_user = body.sender_user();
+
+	let (admin, active) =
+		join(services.users.is_admin(sender_user), services.users.is_active(&body.user_id)).await;
+	if !admin {
+		return Err!(Request(Forbidden("Only server administrators can use this endpoint")));
+	}
+	if !services.globals.user_is_local(&body.user_id) {
+		return Err!(Request(InvalidParam("Can only check the lock status of local users")));
+	}
+	if !active {
+		return Err!(Request(NotFound("Unknown user")));
+	}
+	Ok(is_user_locked::v1::Response::new(
+		services.users.is_locked(&body.user_id).await?,
+	))
+}
+
+/// # `PUT /_matrix/client/v1/admin/lock/{userId}`
+///
+/// Set the account lock status of a target user
+pub(crate) async fn put_locked_status(
+	State(services): State<crate::State>,
+	body: Ruma<lock_user::v1::Request>,
+) -> conduwuit::Result<lock_user::v1::Response> {
+	let sender_user = body.sender_user();
+
+	let (sender_admin, active, target_admin) = join3(
+		services.users.is_admin(sender_user),
+		services.users.is_active(&body.user_id),
+		services.users.is_admin(&body.user_id),
+	)
+	.await;
+
+	if !sender_admin {
+		return Err!(Request(Forbidden("Only server administrators can use this endpoint")));
+	}
+	if !services.globals.user_is_local(&body.user_id) {
+		return Err!(Request(InvalidParam("Can only set the locked status of local users")));
+	}
+	if !active {
+		return Err!(Request(NotFound("Unknown user")));
+	}
+	if body.user_id == *sender_user {
+		return Err!(Request(Forbidden("You cannot lock yourself")));
+	}
+	if target_admin {
+		return Err!(Request(Forbidden("You cannot lock another server administrator")));
+	}
+	if services.users.is_locked(&body.user_id).await? == body.locked {
+		// No change
+		return Ok(lock_user::v1::Response::new(body.locked));
+	}
+
+	let action = if body.locked {
+		services
+			.users
+			.lock_account(&body.user_id, sender_user)
+			.await;
+		"suspended"
+	} else {
+		services.users.unlock_account(&body.user_id).await;
+		"unsuspended"
+	};
+
+	if services.config.admin_room_notices {
+		// Notify the admin room that an account has been un/suspended
+		services
+			.admin
+			.send_text(&format!("{} has been {} by {}.", body.user_id, action, sender_user))
+			.await;
+	}
+
+	Ok(lock_user::v1::Response::new(body.locked))
+}

src/api/client/admin/mod.rs

@@ -1,3 +1,5 @@
+mod lock;
+pub(crate) mod site;
 mod suspend;
 
-pub(crate) use self::suspend::*;
+pub(crate) use self::{lock::*, suspend::*};

src/api/client/admin/site/mod.rs

@@ -0,0 +1,2 @@
+pub(crate) mod rooms;
+pub(crate) mod users;

src/api/client/admin/site/rooms/ban.rs

@@ -6,7 +6,7 @@ use ruminuwuity::admin::continuwuity::rooms;
 
 use crate::{Ruma, client::leave_room};
 
-/// # `PUT /_continuwuity/admin/rooms/{roomID}/ban`
+/// # `PUT /_continuwuity/admin/v1/rooms/{roomID}/ban`
 ///
 /// Bans or unbans a room.
 pub(crate) async fn ban_room(

src/api/client/admin/site/rooms/list.rs

@@ -0,0 +1,188 @@
+use axum::extract::State;
+use conduwuit::{
+	Err, Event, Result,
+	utils::stream::{BroadbandExt, WidebandExt},
+};
+use futures::StreamExt;
+use ruma::{
+	OwnedRoomId,
+	events::{
+		StateEventType,
+		room::{
+			create::RoomCreateEventContent,
+			encryption::PossiblyRedactedRoomEncryptionEventContent,
+			tombstone::PossiblyRedactedRoomTombstoneEventContent,
+		},
+	},
+};
+use ruminuwuity::admin::continuwuity::rooms;
+use tokio::join;
+
+use crate::Ruma;
+
+/// # `GET /_continuwuity/admin/rooms`
+///
+/// Lists all room IDs known to this server, excluding banned ones.
+///
+/// This is the legacy version of the endpoint, which does not support
+/// pagination or including banned rooms. It is recommended to use the
+/// `/v1/rooms` endpoint instead. This endpoint may be removed in a future
+/// release.
+pub(crate) async fn legacy_list_rooms_route(
+	State(services): State<crate::State>,
+	body: Ruma<rooms::list::unstable::Request>,
+) -> Result<rooms::list::unstable::Response> {
+	let sender_user = body.identity.sender_user();
+	if !services.users.is_admin(sender_user).await {
+		return Err!(Request(Forbidden("Only server administrators can use this endpoint")));
+	}
+
+	let mut rooms: Vec<OwnedRoomId> = services
+		.rooms
+		.metadata
+		.iter_ids()
+		.filter_map(|room_id| async move {
+			if !services.rooms.metadata.is_banned(&room_id).await {
+				Some(room_id.clone())
+			} else {
+				None
+			}
+		})
+		.collect()
+		.await;
+	rooms.sort();
+	Ok(rooms::list::unstable::Response::new(rooms))
+}
+
+/// # `GET /_continuwuity/admin/v1/rooms`
+///
+/// Lists rooms known to this server.
+pub(crate) async fn list_rooms_route(
+	State(services): State<crate::State>,
+	body: Ruma<rooms::list::v1::Request>,
+) -> Result<rooms::list::v1::Response> {
+	let sender_user = body.sender_user();
+	if !services.users.is_admin(sender_user).await {
+		return Err!(Request(Forbidden("Only server administrators can use this endpoint")));
+	}
+
+	let include_banned_rooms = body.include_banned_rooms;
+	let rooms = services
+		.rooms
+		.metadata
+		.iter_ids()
+		.wide_filter_map(|room_id| async move {
+			if include_banned_rooms || !services.rooms.metadata.is_banned(&room_id).await {
+				Some(room_id.clone())
+			} else {
+				None
+			}
+		})
+		.skip(body.offset.unwrap_or_default())
+		.take(body.limit.unwrap_or(100).min(100))
+		.broad_filter_map(|room_id| async move {
+			let (
+				banned,
+				disabled,
+				member_count,
+				local_member_count,
+				resident_server_count,
+				published,
+				create_event,
+				encryption_event,
+				name_event,
+				topic_event,
+				canonical_alias_event,
+				join_rules_event,
+				history_visibility_event,
+				tombstone_event,
+			) = join!(
+				services.rooms.metadata.is_banned(&room_id),
+				services.rooms.metadata.is_disabled(&room_id),
+				services.rooms.state_cache.room_joined_count(&room_id),
+				services
+					.rooms
+					.state_cache
+					.active_local_users_in_room(&room_id)
+					.count(),
+				services.rooms.state_cache.room_servers(&room_id).count(),
+				services.rooms.directory.is_public_room(&room_id),
+				services.rooms.state_accessor.room_state_get(
+					&room_id,
+					&StateEventType::RoomCreate,
+					""
+				),
+				services
+					.rooms
+					.state_accessor
+					.room_state_get_content::<PossiblyRedactedRoomEncryptionEventContent>(
+						&room_id,
+						&StateEventType::RoomEncryption,
+						""
+					),
+				services.rooms.state_accessor.room_state_get_content(
+					&room_id,
+					&StateEventType::RoomName,
+					""
+				),
+				services.rooms.state_accessor.room_state_get_content(
+					&room_id,
+					&StateEventType::RoomTopic,
+					""
+				),
+				services.rooms.state_accessor.room_state_get_content(
+					&room_id,
+					&StateEventType::RoomCanonicalAlias,
+					""
+				),
+				services.rooms.state_accessor.room_state_get_content(
+					&room_id,
+					&StateEventType::RoomJoinRules,
+					""
+				),
+				services.rooms.state_accessor.room_state_get_content(
+					&room_id,
+					&StateEventType::RoomHistoryVisibility,
+					""
+				),
+				services
+					.rooms
+					.state_accessor
+					.room_state_get_content::<PossiblyRedactedRoomTombstoneEventContent>(
+						&room_id,
+						&StateEventType::RoomTombstone,
+						""
+					),
+			);
+			let Ok(create_event) = create_event else {
+				return None;
+			};
+			let create_content = create_event
+				.get_content::<RoomCreateEventContent>()
+				.expect("m.room.create content must be valid");
+			Some(rooms::list::v1::MinimalRoomInfo {
+				room_id,
+				banned,
+				disabled,
+				member_count: usize::try_from(member_count.unwrap_or_default())
+					.expect("u64 should fit in usize"),
+				local_member_count,
+				resident_server_count,
+				creators: vec![create_event.sender],
+				encrypted: encryption_event.is_ok_and(|c| c.algorithm.is_some()),
+				federated: create_content.federate,
+				published,
+				version: create_content.room_version,
+				name: name_event.unwrap_or(None),
+				topic: topic_event.unwrap_or(None),
+				canonical_alias: canonical_alias_event.unwrap_or(None),
+				join_rules: join_rules_event.unwrap_or(None),
+				history_visibility: history_visibility_event.unwrap_or(None),
+				predecessor: create_content.predecessor.map(|c| c.room_id),
+				successor: tombstone_event.map_or(None, |c| c.replacement_room),
+			})
+		})
+		.collect()
+		.await;
+	Ok(rooms::list::v1::Response::new(rooms))
+}

src/api/client/admin/site/rooms/mod.rs

@@ -0,0 +1,5 @@
+mod ban;
+mod list;
+
+pub(crate) use ban::ban_room;
+pub(crate) use list::*;

src/api/client/admin/site/users/create.rs

@@ -0,0 +1,119 @@
+use axum::extract::State;
+use conduwuit::{
+	Err, err, error, info,
+	utils::{IterStream, stream::BroadbandExt},
+	warn,
+};
+use futures::{FutureExt, StreamExt};
+use ruma::UserId;
+use ruminuwuity::admin::continuwuity::users;
+use service::users::HashedPassword;
+
+use crate::router::Ruma;
+
+/// # `POST /_continuwuity/admin/v1/users/create`
+///
+/// Creates a new user.
+pub(crate) async fn create_user_route(
+	State(services): State<crate::State>,
+	body: Ruma<users::create::v1::Request>,
+) -> conduwuit::Result<users::create::v1::Response> {
+	let sender_user = body.sender_user();
+
+	if !services.users.is_admin(sender_user).await {
+		return Err!(Request(Forbidden("Only server administrators can use this endpoint")));
+	}
+	let user_id =
+		&UserId::parse_with_server_name(&body.localpart, services.globals.server_name())?;
+	if services.users.is_active_local(user_id).await {
+		return Err!(Conflict("A user with this username already exists"));
+	}
+
+	services
+		.users
+		.create_local_account(
+			user_id,
+			HashedPassword::new(&body.password)?,
+			body.email
+				.clone()
+				.map(lettre::Address::try_from)
+				.transpose()
+				.map_err(|e| err!(Request(BadJson("Invalid email address: {e}"))))?,
+		)
+		.await;
+	if body.suspended {
+		services.users.suspend_account(user_id, sender_user).await;
+	}
+	if body.locked {
+		services.users.lock_account(user_id, sender_user).await;
+	}
+	if body.login_disabled {
+		services.users.disable_login(user_id);
+	}
+	if let Some(ref value) = body.display_name {
+		services.users.set_profile_key(
+			user_id,
+			"displayname",
+			Some(serde_json::to_value(value)?),
+		);
+	}
+	if let Some(ref value) = body.avatar_url {
+		services
+			.users
+			.set_profile_key(user_id, "avatar_url", Some(serde_json::to_value(value)?));
+	}
+	if body.admin {
+		services
+			.admin
+			.make_user_admin(user_id)
+			.await
+			.inspect_err(|e| error!("failed to make new user {user_id} an admin: {e}"))
+			.ok();
+	}
+	if !body.skip_auto_join {
+		services.users.join_auto_join_rooms(user_id).await;
+	}
+
+	body.auto_join_rooms
+		.clone()
+		.into_iter()
+		.stream()
+		.broad_filter_map(|room| async move {
+			services
+				.rooms
+				.alias
+				.resolve_with_servers(&room, None)
+				.await
+				.inspect_err(|e| {
+					warn!(
+						"Failed to resolve room alias to room ID when attempting to auto join \
+						 {room}: {e}"
+					);
+				})
+				.ok()
+		})
+		.for_each_concurrent(None, |(room_id, servers)| async move {
+			match services
+				.rooms
+				.membership
+				.join_room(
+					user_id,
+					&room_id,
+					Some("Automatically joining this room upon registration".to_owned()),
+					servers.as_ref(),
+				)
+				.boxed()
+				.await
+			{
+				| Err(e) => {
+					warn!("Failed to automatically join {user_id} to {room_id}: {e}");
+				},
+				| _ => {
+					info!("Automatically joined room {user_id} to {room_id}");
+				},
+			}
+		})
+		.await;
+
+	Ok(users::create::v1::Response::new(user_id.to_owned()))
+}

src/api/client/admin/site/users/list.rs

@@ -0,0 +1,48 @@
+use axum::extract::State;
+use conduwuit::{Err, utils::stream::WidebandExt};
+use futures::StreamExt;
+use ruminuwuity::admin::continuwuity::users;
+use tokio::join;
+
+use crate::router::Ruma;
+
+/// # `GET /_continuwuity/admin/v1/users`
+///
+/// Lists all users on this homeserver.
+pub(crate) async fn list_users_route(
+	State(services): State<crate::State>,
+	body: Ruma<users::list::v1::Request>,
+) -> conduwuit::Result<users::list::v1::Response> {
+	let sender_user = body.sender_user();
+
+	if !services.users.is_admin(sender_user).await {
+		return Err!(Request(Forbidden("Only server administrators can use this endpoint")));
+	}
+
+	let users = services
+		.users
+		.list_local_users()
+		.skip(body.offset.unwrap_or_default())
+		.take(body.limit.unwrap_or(100).min(100))
+		.wide_filter_map(|user_id| async move {
+			let (deactivated, suspended, locked, admin, login_disabled) = join!(
+				services.users.is_deactivated(&user_id),
+				services.users.is_suspended(&user_id),
+				services.users.is_locked(&user_id),
+				services.users.is_admin(&user_id),
+				services.users.is_login_disabled(&user_id),
+			);
+			Some(users::list::v1::User {
+				user_id: user_id.clone(),
+				deactivated: deactivated.unwrap_or_default(),
+				suspended: suspended.unwrap_or_default(),
+				locked: locked.unwrap_or_default(),
+				admin,
+				login_disabled,
+			})
+		})
+		.collect()
+		.await;
+
+	Ok(users::list::v1::Response::new(users))
+}

src/api/client/admin/site/users/mod.rs

@@ -0,0 +1,5 @@
+mod create;
+mod list;
+
+pub(crate) use create::*;
+pub(crate) use list::*;

src/api/client/admin/suspend.rs

@@ -1,7 +1,7 @@
 use axum::extract::State;
 use conduwuit::{Err, Result};
 use futures::future::{join, join3};
-use ruminuwuity::admin::{get_suspended, set_suspended};
+use ruma::api::client::admin::{is_user_suspended, suspend_user};
 
 use crate::Ruma;
 
@@ -10,8 +10,8 @@ use crate::Ruma;
 /// Check the suspension status of a target user
 pub(crate) async fn get_suspended_status(
 	State(services): State<crate::State>,
-	body: Ruma<get_suspended::v1::Request>,
-) -> Result<get_suspended::v1::Response> {
+	body: Ruma<is_user_suspended::v1::Request>,
+) -> Result<is_user_suspended::v1::Response> {
 	let (admin, active) = join(
 		services.users.is_admin(body.identity.sender_user()),
 		services.users.is_active(&body.user_id),
@@ -26,7 +26,7 @@ pub(crate) async fn get_suspended_status(
 	if !active {
 		return Err!(Request(NotFound("Unknown user")));
 	}
-	Ok(get_suspended::v1::Response::new(
+	Ok(is_user_suspended::v1::Response::new(
 		services.users.is_suspended(&body.user_id).await?,
 	))
 }
@@ -36,8 +36,8 @@ pub(crate) async fn get_suspended_status(
 /// Set the suspension status of a target user
 pub(crate) async fn put_suspended_status(
 	State(services): State<crate::State>,
-	body: Ruma<set_suspended::v1::Request>,
-) -> Result<set_suspended::v1::Response> {
+	body: Ruma<suspend_user::v1::Request>,
+) -> Result<suspend_user::v1::Response> {
 	let sender_user = body.identity.sender_user();
 
 	let (sender_admin, active, target_admin) = join3(
@@ -64,7 +64,7 @@ pub(crate) async fn put_suspended_status(
 	}
 	if services.users.is_suspended(&body.user_id).await? == body.suspended {
 		// No change
-		return Ok(set_suspended::v1::Response::new(body.suspended));
+		return Ok(suspend_user::v1::Response::new(body.suspended));
 	}
 
 	let action = if body.suspended {
@@ -86,5 +86,5 @@ pub(crate) async fn put_suspended_status(
 			.await;
 	}
 
-	Ok(set_suspended::v1::Response::new(body.suspended))
+	Ok(suspend_user::v1::Response::new(body.suspended))
 }

src/api/mod.rs

@@ -11,8 +11,6 @@ pub mod client;
 pub mod router;
 pub mod server;
 
-pub mod admin;
-
 pub(crate) use self::router::{Ruma, RumaResponse, State};
 
 conduwuit::mod_ctor! {}

src/api/router.rs

@@ -16,7 +16,9 @@ use http::{Uri, uri};
 
 use self::handler::RouterExt;
 pub(super) use self::{args::Args as Ruma, auth::ClientIdentity, response::RumaResponse};
-use crate::{admin, client, server};
+#[cfg(feature = "admin_api")]
+use crate::client::admin::site as admin_api;
+use crate::{client, server};
 
 pub fn build(router: Router<State>, state: State) -> Router<State> {
 	let config = &state.server.config;
@@ -181,6 +183,8 @@ pub fn build(router: Router<State>, state: State) -> Router<State> {
 		.ruma_route(&client::get_room_summary)
 		.ruma_route(&client::get_suspended_status)
 		.ruma_route(&client::put_suspended_status)
+		.ruma_route(&client::get_locked_status)
+		.ruma_route(&client::put_locked_status)
 		.ruma_route(&client::well_known_support)
 		.ruma_route(&client::well_known_client)
 		.ruma_route(&client::well_known_policy_server)
@@ -189,9 +193,7 @@ pub fn build(router: Router<State>, state: State) -> Router<State> {
 		.ruma_route(&client::get_authorization_server_metadata_route)
 		.merge(client::oauth::router(state))
 		.route("/_conduwuit/server_version", get(client::conduwuit_server_version))
-		.route("/_continuwuity/server_version", get(client::conduwuit_server_version))
-		.ruma_route(&admin::rooms::ban::ban_room)
-		.ruma_route(&admin::rooms::list::list_rooms);
+		.route("/_continuwuity/server_version", get(client::conduwuit_server_version));
 
 	if config.allow_federation {
 		router = router
@@ -277,6 +279,16 @@ pub fn build(router: Router<State>, state: State) -> Router<State> {
 			.route("/_matrix/media/r0/preview_url", any(redirect_legacy_preview));
 	}
 
+	#[cfg(feature = "admin_api")]
+	{
+		router = router
+			.ruma_route(&admin_api::users::list_users_route)
+			.ruma_route(&admin_api::users::create_user_route)
+			.ruma_route(&admin_api::rooms::ban_room)
+			.ruma_route(&admin_api::rooms::legacy_list_rooms_route)
+			.ruma_route(&admin_api::rooms::list_rooms_route);
+	};
+
 	router
 }
 

src/main/Cargo.toml

@@ -68,6 +68,7 @@ full = [
     "jemalloc_prof",
     "perf_measurements",
     "tokio_console",
+	"conduwuit-api/admin_api",
 ]
 
 brotli_compression = [

src/ruminuwuity/admin/continuwuity/mod.rs

@@ -1 +1,2 @@
 pub mod rooms;
+pub mod users;

src/ruminuwuity/admin/continuwuity/rooms/ban.rs

@@ -10,7 +10,8 @@ pub mod v1 {
 		rate_limited: false,
 		authentication: AccessToken,
 		history: {
-			1.0 => "/_continuwuity/admin/rooms/{room_id}/ban",
+			unstable("org.continuwuity.admin") => "/_continuwuity/admin/rooms/{room_id}/ban",
+			1.0 => "/_continuwuity/admin/v1/rooms/{room_id}/ban",
 		}
 	}
 
@@ -29,8 +30,11 @@ pub mod v1 {
 
 	#[response]
 	pub struct Response {
+		/// Users who were successfully kicked from this room.
 		pub kicked_users: Vec<OwnedUserId>,
+		/// Users who could not be kicked from the room.
 		pub failed_kicked_users: Vec<OwnedUserId>,
+		/// Any local aliases that were removed from the room.
 		pub local_aliases: Vec<OwnedRoomAliasId>,
 	}
 

src/ruminuwuity/admin/continuwuity/rooms/list.rs

@@ -1,4 +1,4 @@
-pub mod v1 {
+pub mod unstable {
 	use ruma::{
 		OwnedRoomId,
 		api::{auth_scheme::AccessToken, request, response},
@@ -10,7 +10,7 @@ pub mod v1 {
 		rate_limited: false,
 		authentication: AccessToken,
 		history: {
-			1.0 => "/_continuwuity/admin/rooms/list",
+			unstable => "/_continuwuity/admin/rooms/list",
 		}
 	}
 
@@ -20,6 +20,7 @@ pub mod v1 {
 
 	#[response]
 	pub struct Response {
+		/// A list of room IDs known to this server.
 		pub rooms: Vec<OwnedRoomId>,
 	}
 
@@ -33,3 +34,133 @@ pub mod v1 {
 		pub fn new(rooms: Vec<OwnedRoomId>) -> Self { Self { rooms } }
 	}
 }
+
+pub mod v1 {
+	use ruma::{
+		OwnedRoomId, OwnedUserId, RoomVersionId,
+		api::{auth_scheme::AccessToken, request, response},
+		events::room::{
+			canonical_alias::PossiblyRedactedRoomCanonicalAliasEventContent,
+			history_visibility::PossiblyRedactedRoomHistoryVisibilityEventContent,
+			join_rules::PossiblyRedactedRoomJoinRulesEventContent,
+			name::PossiblyRedactedRoomNameEventContent,
+			topic::PossiblyRedactedRoomTopicEventContent,
+		},
+		metadata,
+		serde::{default_true, is_default},
+	};
+
+	metadata! {
+		method: GET,
+		rate_limited: false,
+		authentication: AccessToken,
+		history: {
+			1.0 => "/_continuwuity/admin/v1/rooms",
+		}
+	}
+
+	#[request]
+	#[derive(Default)]
+	pub struct Request {
+		/// The maximum number of results to return in this page. Maximum (and
+		/// default) is 100.
+		#[ruma_api(query)]
+		#[serde(default, skip_serializing_if = "is_default")]
+		pub limit: Option<usize>,
+
+		/// The number of results to skip over before returning results. Default
+		/// is 0.
+		#[ruma_api(query)]
+		#[serde(default, skip_serializing_if = "is_default")]
+		pub offset: Option<usize>,
+
+		/// If true, includes banned rooms in the response.
+		#[ruma_api(query)]
+		#[serde(default, skip_serializing_if = "is_default")]
+		pub include_banned_rooms: bool,
+	}
+
+	#[derive(Clone, Debug, serde::Serialize, serde::Deserialize)]
+	pub struct MinimalRoomInfo {
+		/// The room's unique ID.
+		pub room_id: OwnedRoomId,
+		/// If true, this room is banned, and cannot be joined by non-admins.
+		#[serde(default, skip_serializing_if = "is_default")]
+		pub banned: bool,
+		/// If true, this room has federation disabled, but can still be locally
+		/// used.
+		#[serde(default, skip_serializing_if = "is_default")]
+		pub disabled: bool,
+		/// The total number of joined members in this room.
+		#[serde(default, skip_serializing_if = "is_default")]
+		pub member_count: usize,
+		/// The total number of joined members in this room that are local to
+		/// this server.
+		#[serde(default, skip_serializing_if = "is_default")]
+		pub local_member_count: usize,
+		/// The number of unique homeservers currently joined to this room.
+		#[serde(default, skip_serializing_if = "is_default")]
+		pub resident_server_count: usize,
+		/// The users who created this room.
+		///
+		/// The first entry is always the sender of the `m.room.create` event.
+		/// Any entries thereafter are additional creators in v12+ rooms. An
+		/// empty vec indicates the room is not known.
+		#[serde(default, skip_serializing_if = "is_default")]
+		pub creators: Vec<OwnedUserId>,
+		/// If true, this room has encryption enabled.
+		#[serde(default, skip_serializing_if = "is_default")]
+		pub encrypted: bool,
+		/// If true, this room is allowed to be federated (`m.federate` is not
+		/// `false` in `m.room.create`).
+		#[serde(default = "default_true", skip_serializing_if = "is_default")]
+		pub federated: bool,
+		/// If true, this room is published to this server's room directory.
+		#[serde(default, skip_serializing_if = "is_default")]
+		pub published: bool,
+		/// The version of the room.
+		pub version: RoomVersionId,
+		/// The event content for the `m.room.name` event, if any is present.
+		/// May be redacted.
+		#[serde(default, skip_serializing_if = "Option::is_none")]
+		pub name: Option<PossiblyRedactedRoomNameEventContent>,
+		/// The event content for the `m.room.topic` event, if any is present.
+		/// May be redacted.
+		#[serde(default, skip_serializing_if = "Option::is_none")]
+		pub topic: Option<PossiblyRedactedRoomTopicEventContent>,
+		/// The event content for the `m.room.canonical_alias` event, if any is
+		/// present. May be redacted.
+		#[serde(default, skip_serializing_if = "Option::is_none")]
+		pub canonical_alias: Option<PossiblyRedactedRoomCanonicalAliasEventContent>,
+		/// The event content for the `m.room.join_rules` event, if any is
+		/// present. May be redacted.
+		#[serde(default, skip_serializing_if = "Option::is_none")]
+		pub join_rules: Option<PossiblyRedactedRoomJoinRulesEventContent>,
+		/// The event content for the `m.room.history_visibility` event, if any
+		/// is present. May be redacted.
+		#[serde(default, skip_serializing_if = "Option::is_none")]
+		pub history_visibility: Option<PossiblyRedactedRoomHistoryVisibilityEventContent>,
+		/// The ID of the room which replaces this one, if any.
+		#[serde(default, skip_serializing_if = "Option::is_none")]
+		pub successor: Option<OwnedRoomId>,
+		/// The ID of the room which preceded this one, if any.
+		#[serde(default, skip_serializing_if = "Option::is_none")]
+		pub predecessor: Option<OwnedRoomId>,
+	}
+
+	#[response]
+	pub struct Response {
+		/// A list of rooms known to this server.
+		pub rooms: Vec<MinimalRoomInfo>,
+	}
+
+	impl Request {
+		#[must_use]
+		pub fn new() -> Self { Self::default() }
+	}
+
+	impl Response {
+		#[must_use]
+		pub fn new(rooms: Vec<MinimalRoomInfo>) -> Self { Self { rooms } }
+	}
+}

src/ruminuwuity/admin/continuwuity/users/create.rs

@@ -0,0 +1,104 @@
+pub mod v1 {
+	use ruma::{
+		OwnedMxcUri, OwnedRoomOrAliasId, OwnedUserId,
+		api::{auth_scheme::AccessToken, request, response},
+		metadata,
+	};
+
+	metadata! {
+		method: POST,
+		rate_limited: false,
+		authentication: AccessToken,
+		history: {
+			1.0 => "/_continuwuity/admin/v1/users/create",
+		},
+	}
+
+	#[request]
+	pub struct Request {
+		/// The user's localpart (the identifier between `@` and `:`). Cannot be
+		/// blank.
+		pub localpart: String,
+
+		/// The user's desired password. Cannot be blank.
+		pub password: String,
+
+		/// The user's email address, if any.
+		#[serde(default, skip_serializing_if = "ruma::serde::is_default")]
+		pub email: Option<String>,
+
+		/// The display name to set upon creation.
+		#[serde(default, skip_serializing_if = "ruma::serde::is_default")]
+		pub display_name: Option<String>,
+
+		/// The avatar URI to set upon creation.
+		#[serde(default, skip_serializing_if = "ruma::serde::is_default")]
+		pub avatar_url: Option<OwnedMxcUri>,
+
+		/// Suspends the user immediately upon creation. They can still log in.
+		#[serde(default, skip_serializing_if = "ruma::serde::is_default")]
+		pub suspended: bool,
+
+		/// Locks the user immediately upon creation. They will receive
+		/// M_USER_LOCKED upon login.
+		#[serde(default, skip_serializing_if = "ruma::serde::is_default")]
+		pub locked: bool,
+
+		/// Disables the user's login immediately upon creation.
+		///
+		/// The user can still be used if an admin generates an access token for
+		/// the account, but the user will not be able to use `POST
+		/// /_matrix/client/v3/login`.
+		#[serde(default, skip_serializing_if = "ruma::serde::is_default")]
+		pub login_disabled: bool,
+
+		/// Promotes the user to a server administrator immediately upon
+		/// creation.
+		#[serde(default, skip_serializing_if = "ruma::serde::is_default")]
+		pub admin: bool,
+
+		/// Skips joining rooms in the server's configured auto_join_rooms.
+		///
+		/// If this is false, all rooms in the config.toml's `auto_join_rooms`
+		/// will be automatically joined upon creation. If `auto_join_rooms`
+		/// is supplied in this request too, those rooms will be joined
+		/// afterwards.
+		#[serde(default, skip_serializing_if = "ruma::serde::is_default")]
+		pub skip_auto_join: bool,
+
+		/// Additional rooms to auto-join the new user to. If `skip_auto_join`
+		/// is `true`, these rooms will still be joined.
+		#[serde(default, skip_serializing_if = "ruma::serde::is_default")]
+		pub auto_join_rooms: Vec<OwnedRoomOrAliasId>,
+	}
+
+	#[response]
+	pub struct Response {
+		/// The fully qualified user ID of the newly created user.
+		pub user_id: OwnedUserId,
+	}
+
+	impl Request {
+		#[must_use]
+		pub fn new(localpart: String, password: String) -> Self {
+			Self {
+				localpart,
+				password,
+				email: None,
+				display_name: None,
+				avatar_url: None,
+				suspended: false,
+				locked: false,
+				login_disabled: false,
+				admin: false,
+				skip_auto_join: false,
+				auto_join_rooms: Vec::new(),
+			}
+		}
+	}
+
+	impl Response {
+		#[must_use]
+		pub fn new(user_id: OwnedUserId) -> Self { Self { user_id } }
+	}
+}

src/ruminuwuity/admin/continuwuity/users/list.rs

@@ -0,0 +1,138 @@
+pub mod v1 {
+	use ruma::{
+		OwnedUserId,
+		api::{auth_scheme::AccessToken, request, response},
+		metadata,
+	};
+	use serde::Deserialize;
+
+	metadata! {
+		method: GET,
+		rate_limited: false,
+		authentication: AccessToken,
+		history: {
+			1.0 => "/_continuwuity/admin/v1/users",
+		}
+	}
+
+	#[request]
+	#[derive(Default)]
+	pub struct Request {
+		/// If true, includes deactivated users in the response.
+		#[ruma_api(query)]
+		#[serde(default, skip_serializing_if = "ruma::serde::is_default")]
+		pub include_deactivated: bool,
+		/// If true, includes locked users in the response.
+		#[ruma_api(query)]
+		#[serde(default, skip_serializing_if = "ruma::serde::is_default")]
+		pub include_locked: bool,
+		/// If true, includes suspended users in the response.
+		#[ruma_api(query)]
+		#[serde(default, skip_serializing_if = "ruma::serde::is_default")]
+		pub include_suspended: bool,
+
+		/// The maximum number of results to return in this page. Maximum (and
+		/// default) is 100.
+		#[ruma_api(query)]
+		#[serde(default, skip_serializing_if = "ruma::serde::is_default")]
+		pub limit: Option<usize>,
+
+		/// The number of results to skip over before returning results. Default
+		/// is 0.
+		#[ruma_api(query)]
+		#[serde(default, skip_serializing_if = "ruma::serde::is_default")]
+		pub offset: Option<usize>,
+	}
+
+	#[derive(Debug, Clone, PartialEq, Eq, Deserialize, serde::Serialize)]
+	pub struct User {
+		/// The full user ID of the user.
+		pub user_id: OwnedUserId,
+
+		/// Whether this user is deactivated.
+		#[serde(default, skip_serializing_if = "ruma::serde::is_default")]
+		pub deactivated: bool,
+
+		/// Whether this user is suspended.
+		#[serde(default, skip_serializing_if = "ruma::serde::is_default")]
+		pub suspended: bool,
+
+		/// Whether this user is locked.
+		#[serde(default, skip_serializing_if = "ruma::serde::is_default")]
+		pub locked: bool,
+
+		/// Whether this user is an admin.
+		#[serde(default, skip_serializing_if = "ruma::serde::is_default")]
+		pub admin: bool,
+
+		/// Whether this user has their login disabled.
+		#[serde(default, skip_serializing_if = "ruma::serde::is_default")]
+		pub login_disabled: bool,
+	}
+
+	impl User {
+		#[must_use]
+		pub fn new(user_id: OwnedUserId) -> Self {
+			Self {
+				user_id,
+				deactivated: false,
+				suspended: false,
+				locked: false,
+				admin: false,
+				login_disabled: false,
+			}
+		}
+	}
+
+	#[response]
+	#[derive(Default)]
+	pub struct Response {
+		pub users: Vec<User>,
+	}
+
+	impl Request {
+		#[must_use]
+		pub fn new() -> Self { Self::default() }
+	}
+
+	impl Response {
+		#[must_use]
+		pub fn new(users: Vec<User>) -> Self { Self { users } }
+	}
+
+	#[cfg(test)]
+	mod tests {
+		use assign::assign;
+		use serde_json::json;
+
+		use super::*;
+
+		#[test]
+		fn request_defaults() {
+			let req = Request::new();
+			assert!(!req.include_deactivated && !req.include_locked && !req.include_suspended);
+		}
+
+		#[test]
+		fn user_serialize_omits_default_values() {
+			let user_id = OwnedUserId::try_from("@alice:example.org".to_owned()).unwrap();
+			let user = User::new(user_id.clone());
+
+			let expected = json!({ "user_id": user_id.to_string() });
+			assert_eq!(serde_json::to_value(&user).expect("failed to serialize user"), expected);
+
+			let suspended_user = assign!(user, {suspended: true});
+			let expected2 = json!({ "user_id": "@alice:example.org", "suspended": true});
+			assert_eq!(
+				serde_json::to_value(&suspended_user).expect("failed to serialize user"),
+				expected2
+			);
+		}
+
+		#[test]
+		fn response_defaults() {
+			let response = Response::default();
+			assert!(response.users.is_empty());
+		}
+	}
+}

src/ruminuwuity/admin/continuwuity/users/mod.rs

@@ -0,0 +1,2 @@
+pub mod create;
+pub mod list;

src/ruminuwuity/admin/get_suspended.rs

@@ -1,53 +0,0 @@
-//! `GET /_matrix/client/v1/admin/suspend/{userId}`
-//!
-//! Check the suspension status of a target user
-
-pub mod v1 {
-	//! `/_matrix/client/unstable/uk.timedout.msc4323/admin/suspend/{userID}`
-	//! ([msc])
-	//!
-	//! [msc]: https://github.com/matrix-org/matrix-spec-proposals/pull/4323
-
-	use ruma::{
-		OwnedUserId,
-		api::{auth_scheme::AccessToken, request, response},
-		metadata,
-	};
-
-	metadata! {
-		method: GET,
-		rate_limited: false,
-		authentication: AccessToken,
-		history: {
-			unstable => "/_matrix/client/unstable/uk.timedout.msc4323/admin/suspend/{user_id}",
-			1.18 => "/_matrix/client/v1/admin/suspend/{user_id}",
-		}
-	}
-
-	/// Request type for the get & set user suspension status endpoint.
-	#[request(error = ruma::api::error::Error)]
-	pub struct Request {
-		/// The user to look up.
-		#[ruma_api(path)]
-		pub user_id: OwnedUserId,
-	}
-
-	/// Response type for the suspension endpoints
-	#[response(error = ruma::api::error::Error)]
-	pub struct Response {
-		/// Whether the user is currently suspended.
-		pub suspended: bool,
-	}
-
-	impl Request {
-		/// Creates a new `Request` with the given user id.
-		#[must_use]
-		pub fn new(user_id: OwnedUserId) -> Self { Self { user_id } }
-	}
-
-	impl Response {
-		/// Creates a new `Response` with the given suspension status.
-		#[must_use]
-		pub fn new(suspended: bool) -> Self { Self { suspended } }
-	}
-}

src/ruminuwuity/admin/mod.rs

@@ -1,3 +1 @@
 pub mod continuwuity;
-pub mod get_suspended;
-pub mod set_suspended;

src/ruminuwuity/admin/set_suspended.rs

@@ -1,55 +0,0 @@
-//! `PUT /_matrix/client/v1/admin/suspend/{userId}`
-//!
-//! Set the suspension status of a target user
-
-pub mod v1 {
-	//! `/_matrix/client/unstable/uk.timedout.msc4323/admin/suspend/{userID}`
-	//! ([msc])
-	//!
-	//! [msc]: https://github.com/matrix-org/matrix-spec-proposals/pull/4323
-
-	use ruma::{
-		OwnedUserId,
-		api::{auth_scheme::AccessToken, request, response},
-		metadata,
-	};
-
-	metadata! {
-		method: PUT,
-		rate_limited: false,
-		authentication: AccessToken,
-		history: {
-			unstable => "/_matrix/client/unstable/uk.timedout.msc4323/admin/suspend/{user_id}",
-			1.18 => "/_matrix/client/v1/admin/suspend/{user_id}",
-		}
-	}
-
-	/// Request type for the set user suspension status endpoint.
-	#[request(error = ruma::api::error::Error)]
-	pub struct Request {
-		/// The user to look up.
-		#[ruma_api(path)]
-		pub user_id: OwnedUserId,
-
-		pub suspended: bool,
-	}
-
-	/// Response type for the suspension endpoints
-	#[response(error = ruma::api::error::Error)]
-	pub struct Response {
-		/// Whether the user is currently suspended.
-		pub suspended: bool,
-	}
-
-	impl Request {
-		/// Creates a new `Request` with the given user id.
-		#[must_use]
-		pub fn new(user_id: OwnedUserId, suspended: bool) -> Self { Self { user_id, suspended } }
-	}
-
-	impl Response {
-		/// Creates a new `Response` with the given suspension status.
-		#[must_use]
-		pub fn new(suspended: bool) -> Self { Self { suspended } }
-	}
-}

src/service/users/mod.rs

@@ -229,6 +229,9 @@ impl Service {
 	}
 
 	/// Create a new account for a local human or bot user.
+	///
+	/// Does not automatically join the user to auto join rooms. Use
+	/// `join_auto_join_rooms` for that.
 	pub async fn create_local_account(
 		&self,
 		user_id: &UserId,
@@ -303,8 +306,11 @@ impl Service {
 					.ok();
 			}
 		}
+		info!("Created new user account for {user_id}");
+	}
 
-		// Autojoin the user to the configured autojoin rooms
+	/// Autojoin the user to the configured autojoin rooms
+	pub async fn join_auto_join_rooms(&self, user_id: &UserId) {
 		for room in &self.services.config.auto_join_rooms {
 			let Ok(room_id) = self.services.alias.resolve(room).await else {
 				error!(
@@ -320,9 +326,7 @@ impl Service {
 				.server_in_room(self.services.globals.server_name(), &room_id)
 				.await
 			{
-				warn!(
-					"Skipping room {room} to automatically join as we have never joined before."
-				);
+				warn!("Skipping auto-room {room} as we have never joined before.");
 				continue;
 			}
 
@@ -354,8 +358,6 @@ impl Service {
 				}
 			}
 		}
-
-		info!("Created new user account for {user_id}");
 	}
 
 	pub async fn determine_registration_user_id(

src/web/pages/account/register.rs

@@ -519,6 +519,7 @@ async fn complete_registration(
 			.registration_tokens
 			.mark_token_as_used(registration_token);
 	}
+	services.users.join_auto_join_rooms(&user_id).await;
 
 	let user_session = UserSession { user_id, last_login: SystemTime::now() };