Fix clippy::unnecessary-unwrap.

Signed-off-by: Jason Volk <jason@zemos.net>
Add revoke_admin to service.
2026-05-26 20:49:55 +00:00 · 2025-06-29 16:16:46 +01:00 · 2025-06-29 16:16:45 +01:00 · 2025-06-29 16:16:45 +01:00 · 2025-06-29 16:16:45 +01:00 · 2025-06-29 16:16:45 +01:00
173 changed files with 8191 additions and 7537 deletions
@@ -23,6 +23,6 @@ indent_size = 2
 indent_style = tab
 max_line_length = 98

-[{.forgejo/**/*.yml,.github/**/*.yml}]
+[*.yml]
 indent_size = 2
 indent_style = space
@@ -0,0 +1,27 @@
+name: prefligit
+description: |
+  Runs prefligit, pre-commit reimplemented in Rust.
+inputs:
+  extra_args:
+    description: options to pass to pre-commit run
+    required: false
+    default: '--all-files'
+
+runs:
+  using: composite
+  steps:
+  - name: Install uv
+    uses: https://github.com/astral-sh/setup-uv@v6
+    with:
+      enable-cache: true
+      ignore-nothing-to-cache: true
+  - name: Install Prefligit
+    shell: bash
+    run: |
+      curl --proto '=https' --tlsv1.2 -LsSf https://github.com/j178/prefligit/releases/download/v0.0.10/prefligit-installer.sh | sh
+  - uses: actions/cache@v3
+    with:
+      path: ~/.cache/prefligit
+      key: prefligit-0|${{ hashFiles('.pre-commit-config.yaml') }}
+  - run: prefligit run --show-diff-on-failure --color=always -v ${{ inputs.extra_args }}
+    shell: bash
@@ -19,11 +19,20 @@ outputs:
  rustc_version:
    description: The rustc version installed
    value: ${{ steps.rustc-version.outputs.version }}
+  rustup_version:
+    description: The rustup version installed
+    value: ${{ steps.rustup-version.outputs.version }}

 runs:
  using: composite
  steps:
+    - name: Check if rustup is already installed
+      shell: bash
+      id: rustup-version
+      run: |
+        echo "version=$(rustup --version)" >> $GITHUB_OUTPUT
    - name: Cache rustup toolchains
+      if: steps.rustup-version.outputs.version == ''
      uses: actions/cache@v3
      with:
        path: |
@@ -33,6 +42,7 @@ runs:
        # Requires repo to be cloned if toolchain is not specified
        key: ${{ runner.os }}-rustup-${{ inputs.toolchain || hashFiles('**/rust-toolchain.toml') }}
    - name: Install Rust toolchain
+      if: steps.rustup-version.outputs.version == ''
      shell: bash
      run: |
        if ! command -v rustup &> /dev/null ; then
@@ -0,0 +1,22 @@
+name: Checks / Prefligit
+
+on:
+  push:
+  pull_request:
+permissions:
+  contents: read
+
+jobs:
+  prefligit:
+    runs-on: ubuntu-latest
+    env:
+      FROM_REF: ${{ github.event.pull_request.base.sha || (!github.event.forced && ( github.event.before != '0000000000000000000000000000000000000000'  && github.event.before || github.sha )) || format('{0}~', github.sha) }}
+      TO_REF: ${{ github.sha }}
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v4
+      with:
+        persist-credentials: false
+    - uses: ./.forgejo/actions/prefligit
+      with:
+        extra_args: --all-files --hook-stage manual
@@ -49,6 +49,7 @@ jobs:
            const platforms = ['linux/amd64', 'linux/arm64']
            core.setOutput('build_matrix', JSON.stringify({
              platform: platforms,
+              target_cpu: ['base'],
              include: platforms.map(platform => { return {
                platform,
                slug: platform.replace('/', '-')
@@ -57,7 +58,6 @@ jobs:

  build-image:
    runs-on: dind
-    container: ghcr.io/catthehacker/ubuntu:act-latest
    needs: define-variables
    permissions:
      contents: read
@@ -67,6 +67,8 @@ jobs:
    strategy:
      matrix:
        {
+          "target_cpu": ["base"],
+          "profile": ["release"],
          "include":
            [
              { "platform": "linux/amd64", "slug": "linux-amd64" },
@@ -74,6 +76,7 @@ jobs:
            ],
          "platform": ["linux/amd64", "linux/arm64"],
        }
+
    steps:
      - name: Echo strategy
        run: echo '${{ toJSON(fromJSON(needs.define-variables.outputs.build_matrix)) }}'
@@ -141,8 +144,8 @@ jobs:
        uses: actions/cache@v3
        with:
          path: |
-            cargo-target-${{ matrix.slug }}
-          key: cargo-target-${{ matrix.slug }}-${{hashFiles('**/Cargo.lock') }}-${{steps.rust-toolchain.outputs.rustc_version}}
+            cargo-target-${{ matrix.target_cpu }}-${{ matrix.slug }}-${{ matrix.profile }}
+          key: cargo-target-${{ matrix.target_cpu }}-${{ matrix.slug }}-${{ matrix.profile }}-${{hashFiles('**/Cargo.lock') }}-${{steps.rust-toolchain.outputs.rustc_version}}
      - name: Cache apt cache
        id: cache-apt
        uses: actions/cache@v3
@@ -164,9 +167,9 @@ jobs:
            {
              ".cargo/registry": "/usr/local/cargo/registry",
              ".cargo/git/db": "/usr/local/cargo/git/db",
-              "cargo-target-${{ matrix.slug }}": {
+              "cargo-target-${{ matrix.target_cpu }}-${{ matrix.slug }}-${{ matrix.profile }}": {
                "target": "/app/target",
-                "id": "cargo-target-${{ matrix.platform }}"
+                "id": "cargo-target-${{ matrix.target_cpu }}-${{ matrix.slug }}-${{ matrix.profile }}"
              },
              "var-cache-apt-${{ matrix.slug }}": "/var/cache/apt",
              "var-lib-apt-${{ matrix.slug }}": "/var/lib/apt"
@@ -181,14 +184,14 @@ jobs:
          file: "docker/Dockerfile"
          build-args: |
            GIT_COMMIT_HASH=${{ github.sha }})
-            GIT_COMMIT_HASH_SHORT=${{ env.COMMIT_SHORT_SHA }})
+            GIT_COMMIT_HASH_SHORT=${{ env.COMMIT_SHORT_SHA }}
            GIT_REMOTE_URL=${{github.event.repository.html_url }}
            GIT_REMOTE_COMMIT_URL=${{github.event.head_commit.url }}
          platforms: ${{ matrix.platform }}
          labels: ${{ steps.meta.outputs.labels }}
          annotations: ${{ steps.meta.outputs.annotations }}
          cache-from: type=gha
-          cache-to: type=gha,mode=max
+          # cache-to: type=gha,mode=max
          sbom: true
          outputs: type=image,"name=${{ needs.define-variables.outputs.images_list }}",push-by-digest=true,name-canonical=true,push=true
        env:
@@ -211,7 +214,6 @@ jobs:

  merge:
    runs-on: dind
-    container: ghcr.io/catthehacker/ubuntu:act-latest
    needs: [define-variables, build-image]
    steps:
      - name: Download digests
@@ -1,4 +1,4 @@
-name: Rust Checks
+name: Checks / Rust

 on:
  push:
@@ -80,6 +80,7 @@ jobs:
            -D warnings

      - name: Show sccache stats
+        if: always()
        run: sccache --show-stats

  cargo-test:
@@ -137,4 +138,5 @@ jobs:
            --no-fail-fast

      - name: Show sccache stats
+        if: always()
        run: sccache --show-stats
@@ -5,3 +5,5 @@ f419c64aca300a338096b4e0db4c73ace54f23d0
 # use chain_width 60
 162948313c212193965dece50b816ef0903172ba
 5998a0d883d31b866f7c8c46433a8857eae51a89
+# trailing whitespace and newlines
+46c193e74b2ce86c48ce802333a0aabce37fd6e9
@@ -84,4 +84,4 @@ Cargo.lock text
 *.zst      binary

 # Text files where line endings should be preserved
-*.patch    -text
+*.patch    -text
@@ -0,0 +1,50 @@
+default_install_hook_types:
+  - pre-commit
+  - commit-msg
+default_stages:
+  - pre-commit
+  - manual
+
+repos:
+  - repo: https://github.com/pre-commit/pre-commit-hooks
+    rev: v5.0.0
+    hooks:
+        - id: check-byte-order-marker
+        - id: check-case-conflict
+        - id: check-symlinks
+        - id: destroyed-symlinks
+        - id: check-yaml
+        - id: check-json
+        - id: check-toml
+        - id: end-of-file-fixer
+        - id: trailing-whitespace
+        - id: mixed-line-ending
+        - id: check-merge-conflict
+        - id: check-added-large-files
+
+  - repo: https://github.com/crate-ci/typos
+    rev: v1.26.0
+    hooks:
+      - id: typos
+
+  - repo: local
+    hooks:
+      - id: cargo-fmt
+        name: cargo fmt
+        entry: cargo +nightly fmt --
+        language: system
+        types: [rust]
+        pass_filenames: false
+        stages:
+            - pre-commit
+
+  - repo: local
+    hooks:
+      - id: cargo-clippy
+        name: cargo clippy
+        language: system
+        types: [rust]
+        pass_filenames: false
+        entry: cargo clippy --workspace --locked --no-deps --profile test -- -D warnings
+        stages:
+            - pre-commit
@@ -21,7 +21,7 @@ license = "Apache-2.0"
 readme = "README.md"
 repository = "https://forgejo.ellis.link/continuwuation/continuwuity"
 rust-version = "1.86.0"
-version = "0.5.0-rc.5"
+version = "0.5.0-rc.6"

 [workspace.metadata.crane]
 name = "conduwuit"
@@ -381,7 +381,7 @@ features = [
    "unstable-msc4121",
    "unstable-msc4125",
    "unstable-msc4186",
-    "unstable-msc4203", # sending to-device events to appservices 
+    "unstable-msc4203", # sending to-device events to appservices
    "unstable-msc4210", # remove legacy mentions
    "unstable-extensible-events",
    "unstable-pdu",
@@ -556,11 +556,11 @@ rev = "1e64095a8051a1adf0d1faa307f9f030889ec2aa"
 git = "https://forgejo.ellis.link/continuwuation/tracing"
 rev = "1e64095a8051a1adf0d1faa307f9f030889ec2aa"

-# adds a tab completion callback: https://forgejo.ellis.link/continuwuation/rustyline-async/commit/de26100b0db03e419a3d8e1dd26895d170d1fe50
-# adds event for CTRL+\: https://forgejo.ellis.link/continuwuation/rustyline-async/commit/67d8c49aeac03a5ef4e818f663eaa94dd7bf339b
+# adds a tab completion callback: https://forgejo.ellis.link/continuwuation/rustyline-async/src/branch/main/.patchy/0002-add-tab-completion-callback.patch
+# adds event for CTRL+\: https://forgejo.ellis.link/continuwuation/rustyline-async/src/branch/main/.patchy/0001-add-event-for-ctrl.patch
 [patch.crates-io.rustyline-async]
 git = "https://forgejo.ellis.link/continuwuation/rustyline-async"
-rev = "deaeb0694e2083f53d363b648da06e10fc13900c"
+rev = "e9f01cf8c6605483cb80b3b0309b400940493d7f"

 # adds LIFO queue scheduling; this should be updated with PR progress.
 [patch.crates-io.event-listener]
@@ -580,12 +580,11 @@ rev = "9c8e51510c35077df888ee72a36b4b05637147da"
 git = "https://forgejo.ellis.link/continuwuation/hyper-util"
 rev = "e4ae7628fe4fcdacef9788c4c8415317a4489941"

-# allows no-aaaa option in resolv.conf
-# bumps rust edition and toolchain to 1.86.0 and 2024
-# use sat_add on line number errors
+# Allows no-aaaa option in resolv.conf
+# Use 1-indexed line numbers when displaying parse error messages
 [patch.crates-io.resolv-conf]
 git = "https://forgejo.ellis.link/continuwuation/resolv-conf"
-rev = "200e958941d522a70c5877e3d846f55b5586c68d"
+rev = "56251316cc4127bcbf36e68ce5e2093f4d33e227"

 #
 # Our crates
@@ -0,0 +1,63 @@
+# Security Policy for Continuwuity
+
+This document outlines the security policy for Continuwuity. Our goal is to maintain a secure platform for all users, and we take security matters seriously.
+
+## Supported Versions
+
+We provide security updates for the following versions of Continuwuity:
+
+| Version        | Supported        |
+| -------------- |:----------------:|
+| Latest release |        ✅        |
+| Main branch    |        ✅        |
+| Older releases |        ❌        |
+
+We may backport fixes to the previous release at our discretion, but we don't guarantee this.
+
+## Reporting a Vulnerability
+
+### Responsible Disclosure
+
+We appreciate the efforts of security researchers and the community in identifying and reporting vulnerabilities. To ensure that potential vulnerabilities are addressed properly, please follow these guidelines:
+
+1. **Contact members of the team directly** over E2EE private message.
+   - [@jade:ellis.link](https://matrix.to/#/@jade:ellis.link)
+   - [@nex:nexy7574.co.uk](https://matrix.to/#/@nex:nexy7574.co.uk) <!-- ? -->
+2. **Email the security team** at [security@continuwuity.org](mailto:security@continuwuity.org). This is not E2EE, so don't include sensitive details.
+3. **Do not disclose the vulnerability publicly** until it has been addressed
+4. **Provide detailed information** about the vulnerability, including:
+   - A clear description of the issue
+   - Steps to reproduce
+   - Potential impact
+   - Any possible mitigations
+   - Version(s) affected, including specific commits if possible
+
+If you have any doubts about a potential security vulnerability, contact us via private channels first! We'd prefer that you bother us, instead of having a vulnerability disclosed without a fix.
+
+### What to Expect
+
+When you report a security vulnerability:
+
+1. **Acknowledgment**: We will acknowledge receipt of your report.
+2. **Assessment**: We will assess the vulnerability and determine its impact on our users
+3. **Updates**: We will provide updates on our progress in addressing the vulnerability, and may request you help test mitigations
+4. **Resolution**: Once resolved, we will notify you and discuss coordinated disclosure
+5. **Credit**: We will recognize your contribution (unless you prefer to remain anonymous)
+
+## Security Update Process
+
+When security vulnerabilities are identified:
+
+1. We will develop and test fixes in a private fork
+2. Security updates will be released as soon as possible
+3. Release notes will include information about the vulnerabilities, avoiding details that could facilitate exploitation where possible
+4. Critical security updates may be backported to the previous stable release
+
+## Additional Resources
+
+- [Matrix Security Disclosure Policy](https://matrix.org/security-disclosure-policy/)
+- [Continuwuity Documentation](https://continuwuity.org/introduction)
+
+---
+
+This security policy was last updated on May 25, 2025.
@@ -1641,19 +1641,29 @@
 #
 #server =

-# This item is undocumented. Please contribute documentation for it.
+# URL to a support page for the server, which will be served as part of
+# the MSC1929 server support endpoint at /.well-known/matrix/support.
+# Will be included alongside any contact information
 #
 #support_page =

-# This item is undocumented. Please contribute documentation for it.
+# Role string for server support contacts, to be served as part of the
+# MSC1929 server support endpoint at /.well-known/matrix/support.
 #
-#support_role =
+#support_role = "m.role.admin"

-# This item is undocumented. Please contribute documentation for it.
+# Email address for server support contacts, to be served as part of the
+# MSC1929 server support endpoint.
+# This will be used along with support_mxid if specified.
 #
 #support_email =

-# This item is undocumented. Please contribute documentation for it.
+# Matrix ID for server support contacts, to be served as part of the
+# MSC1929 server support endpoint.
+# This will be used along with support_email if specified.
+#
+# If no email or mxid is specified, all of the server's admins will be
+# listed.
 #
 #support_mxid =

@@ -1,15 +1,16 @@
 ARG RUST_VERSION=1
+ARG DEBIAN_VERSION=bookworm

 FROM --platform=$BUILDPLATFORM docker.io/tonistiigi/xx AS xx
-FROM --platform=$BUILDPLATFORM rust:${RUST_VERSION}-slim-bookworm AS base
-FROM --platform=$BUILDPLATFORM rust:${RUST_VERSION}-slim-bookworm AS toolchain
+FROM --platform=$BUILDPLATFORM rust:${RUST_VERSION}-slim-${DEBIAN_VERSION} AS base
+FROM --platform=$BUILDPLATFORM rust:${RUST_VERSION}-slim-${DEBIAN_VERSION} AS toolchain

 # Prevent deletion of apt cache
 RUN rm -f /etc/apt/apt.conf.d/docker-clean

 # Match Rustc version as close as possible
 # rustc -vV
-ARG LLVM_VERSION=19
+ARG LLVM_VERSION=20
 # ENV RUSTUP_TOOLCHAIN=${RUST_VERSION}

 # Install repo tools
@@ -19,10 +20,18 @@ ARG LLVM_VERSION=19
 RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \
    --mount=type=cache,target=/var/lib/apt,sharing=locked \
    apt-get update && apt-get install -y \
-    clang-${LLVM_VERSION} lld-${LLVM_VERSION} pkg-config make jq \
-    curl git \
+    pkg-config make jq \
+    curl git software-properties-common \
    file

+# LLVM packages
+RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \
+    --mount=type=cache,target=/var/lib/apt,sharing=locked \
+    curl https://apt.llvm.org/llvm.sh > llvm.sh && \
+    chmod +x llvm.sh && \
+    ./llvm.sh ${LLVM_VERSION} && \
+    rm llvm.sh
+
 # Create symlinks for LLVM tools
 RUN <<EOF
    set -o xtrace
@@ -39,7 +48,7 @@ EOF

 # Developer tool versions
 # renovate: datasource=github-releases depName=cargo-bins/cargo-binstall
-ENV BINSTALL_VERSION=1.12.3
+ENV BINSTALL_VERSION=1.13.0
 # renovate: datasource=github-releases depName=psastras/sbom-rs
 ENV CARGO_SBOM_VERSION=0.9.1
 # renovate: datasource=crate depName=lddtree
@@ -140,11 +149,12 @@ ENV GIT_REMOTE_COMMIT_URL=$GIT_REMOTE_COMMIT_URL
 ENV CONDUWUIT_VERSION_EXTRA=$CONDUWUIT_VERSION_EXTRA
 ENV CONTINUWUITY_VERSION_EXTRA=$CONTINUWUITY_VERSION_EXTRA

+ARG RUST_PROFILE=release

 # Build the binary
 RUN --mount=type=cache,target=/usr/local/cargo/registry \
    --mount=type=cache,target=/usr/local/cargo/git/db \
-    --mount=type=cache,target=/app/target,id=cargo-target-${TARGETPLATFORM} \
+    --mount=type=cache,target=/app/target,id=cargo-target-${TARGET_CPU}-${TARGETPLATFORM}-${RUST_PROFILE} \
    bash <<'EOF'
    set -o allexport
    set -o xtrace
@@ -153,7 +163,7 @@ RUN --mount=type=cache,target=/usr/local/cargo/registry \
            jq -r ".target_directory"))
    mkdir /out/sbin
    PACKAGE=conduwuit
-    xx-cargo build --locked --release \
+    xx-cargo build --locked --profile ${RUST_PROFILE} \
        -p $PACKAGE;
    BINARIES=($(cargo metadata --no-deps --format-version 1 | \
        jq -r ".packages[] | select(.name == \"$PACKAGE\") | .targets[] | select( .kind | map(. == \"bin\") | any ) | .name"))
@@ -20,3 +20,4 @@
  - [Testing](development/testing.md)
  - [Hot Reloading ("Live" Development)](development/hot_reload.md)
 - [Community (and Guidelines)](community.md)
+- [Security](security.md)
@@ -1,3 +1,5 @@
 # Continuwuity for Arch Linux

-Continuwuity does not have any Arch Linux packages at this time.
+Continuwuity is available on the `archlinuxcn` repository and AUR, with the same package name `continuwuity`, which includes latest taggged version. The development version is available on AUR as `continuwuity-git`
+
+Simply install the `continuwuity` package. Configure the service in `/etc/conduwuit/conduwuit.toml`, then enable/start the continuwuity.service.
@@ -34,4 +34,3 @@ services:
  #         - "traefik.http.routers.to-element-web.tls.certresolver=letsencrypt"

 # vim: ts=2:sw=2:expandtab
-
@@ -26,7 +26,7 @@ services:
        restart: unless-stopped
        volumes:
            - db:/var/lib/continuwuity
-            - /etc/resolv.conf:/etc/resolv.conf:ro # Use the host's DNS resolver rather than Docker's. 
+            - /etc/resolv.conf:/etc/resolv.conf:ro # Use the host's DNS resolver rather than Docker's.
            #- ./continuwuity.toml:/etc/continuwuity.toml
        environment:
            CONTINUWUITY_SERVER_NAME: example.com # EDIT THIS
@@ -8,7 +8,7 @@ services:
    restart: unless-stopped
    volumes:
      - db:/var/lib/continuwuity
-      - /etc/resolv.conf:/etc/resolv.conf:ro # Use the host's DNS resolver rather than Docker's. 
+      - /etc/resolv.conf:/etc/resolv.conf:ro # Use the host's DNS resolver rather than Docker's.
      #- ./continuwuity.toml:/etc/continuwuity.toml
    networks:
      - proxy
@@ -29,7 +29,7 @@ appropriately to use Continuwuity instead of Conduit.

 Due to the lack of a Continuwuity NixOS module, when using the `services.matrix-conduit` module
 a workaround like the one below is necessary to use UNIX sockets. This is because the UNIX
-socket option does not exist in Conduit, and the module forcibly sets the `address` and 
+socket option does not exist in Conduit, and the module forcibly sets the `address` and
 `port` config options.

 ```nix
@@ -0,0 +1 @@
+{{#include ../SECURITY.md}}
@@ -3,4 +3,4 @@
  Content-Type: application/json
 /.well-known/continuwuity/*
  Access-Control-Allow-Origin: *
-  Content-Type: application/json
+  Content-Type: application/json
@@ -4,6 +4,10 @@
        {
            "id": 1,
            "message": "Welcome to Continuwuity! Important announcements about the project will appear here."
+        },
+        {
+            "id": 2,
+            "message": "🎉 Continuwuity v0.5.0-rc.6 is now available! This release includes improved knock-restricted room handling, automatic support contact configuration, and a new HTML landing page. Check [the release notes for full details](https://forgejo.ellis.link/continuwuation/continuwuity/releases/tag/v0.5.0-rc.6) and upgrade instructions."
        }
    ]
-}
+}
@@ -3,7 +3,7 @@
    "$id": "https://continwuity.org/schema/announcements.schema.json",
    "type": "object",
    "properties": {
-      "updates": {
+      "announcements": {
        "type": "array",
        "items": {
          "type": "object",
@@ -16,6 +16,10 @@
            },
            "date": {
              "type": "string"
+            },
+            "mention_room": {
+              "type": "boolean",
+              "description": "Whether to mention the room (@room) when posting this announcement"
            }
          },
          "required": [
@@ -26,6 +30,6 @@
      }
    },
    "required": [
-      "updates"
+      "announcements"
    ]
-  }
+  }
@@ -21,4 +21,4 @@
    }
  ],
  "support_page": "https://continuwuity.org/introduction#contact"
-}
+}
@@ -9,7 +9,7 @@
 # If you're having trouble making the relevant changes, bug a maintainer.

 [toolchain]
-channel = "1.86.0"
+channel = "1.87.0"
 profile = "minimal"
 components = [
    # For rust-analyzer
@@ -19,11 +19,3 @@ components = [
    "rustfmt",
    "clippy",
 ]
-targets = [
-    #"x86_64-apple-darwin",
-    "x86_64-unknown-linux-gnu",
-    "x86_64-unknown-linux-musl",
-    "aarch64-unknown-linux-musl",
-    "aarch64-unknown-linux-gnu",
-    #"aarch64-apple-darwin",
-]
@@ -7,7 +7,10 @@ use std::{

 use conduwuit::{
 	Err, Result, debug_error, err, info,
-	matrix::pdu::{PduEvent, PduId, RawPduId},
+	matrix::{
+		Event,
+		pdu::{PduEvent, PduId, RawPduId},
+	},
 	trace, utils,
 	utils::{
 		stream::{IterStream, ReadyExt},
@@ -19,7 +22,7 @@ use futures::{FutureExt, StreamExt, TryStreamExt};
 use ruma::{
 	CanonicalJsonObject, CanonicalJsonValue, EventId, OwnedEventId, OwnedRoomId,
 	OwnedRoomOrAliasId, OwnedServerName, RoomId, RoomVersionId,
-	api::federation::event::get_room_state,
+	api::federation::event::get_room_state, events::AnyStateEvent, serde::Raw,
 };
 use service::rooms::{
 	short::{ShortEventId, ShortRoomId},
@@ -239,10 +242,11 @@ pub(super) async fn get_remote_pdu(
 		})
 		.await
 	{
-		| Err(e) =>
+		| Err(e) => {
 			return Err!(
 				"Remote server did not have PDU or failed sending request to remote server: {e}"
-			),
+			);
+		},
 		| Ok(response) => {
 			let json: CanonicalJsonObject =
 				serde_json::from_str(response.pdu.get()).map_err(|e| {
@@ -295,12 +299,12 @@ pub(super) async fn get_remote_pdu(
 #[admin_command]
 pub(super) async fn get_room_state(&self, room: OwnedRoomOrAliasId) -> Result {
 	let room_id = self.services.rooms.alias.resolve(&room).await?;
-	let room_state: Vec<_> = self
+	let room_state: Vec<Raw<AnyStateEvent>> = self
 		.services
 		.rooms
 		.state_accessor
 		.room_state_full_pdus(&room_id)
-		.map_ok(PduEvent::into_state_event)
+		.map_ok(Event::into_format)
 		.try_collect()
 		.await?;

@@ -384,8 +388,9 @@ pub(super) async fn change_log_level(&self, filter: Option<String>, reset: bool)
 			.reload
 			.reload(&old_filter_layer, Some(handles))
 		{
-			| Err(e) =>
-				return Err!("Failed to modify and reload the global tracing log level: {e}"),
+			| Err(e) => {
+				return Err!("Failed to modify and reload the global tracing log level: {e}");
+			},
 			| Ok(()) => {
 				let value = &self.services.server.config.log;
 				let out = format!("Successfully changed log level back to config value {value}");
@@ -407,9 +412,12 @@ pub(super) async fn change_log_level(&self, filter: Option<String>, reset: bool)
 			.reload
 			.reload(&new_filter_layer, Some(handles))
 		{
-			| Ok(()) => return self.write_str("Successfully changed log level").await,
-			| Err(e) =>
-				return Err!("Failed to modify and reload the global tracing log level: {e}"),
+			| Ok(()) => {
+				return self.write_str("Successfully changed log level").await;
+			},
+			| Err(e) => {
+				return Err!("Failed to modify and reload the global tracing log level: {e}");
+			},
 		}
 	}

@@ -529,6 +537,7 @@ pub(super) async fn force_set_room_state_from_server(
 	&self,
 	room_id: OwnedRoomId,
 	server_name: OwnedServerName,
+	at_event: Option<OwnedEventId>,
 ) -> Result {
 	if !self
 		.services
@@ -540,13 +549,18 @@ pub(super) async fn force_set_room_state_from_server(
 		return Err!("We are not participating in the room / we don't know about the room ID.");
 	}

-	let first_pdu = self
-		.services
-		.rooms
-		.timeline
-		.latest_pdu_in_room(&room_id)
-		.await
-		.map_err(|_| err!(Database("Failed to find the latest PDU in database")))?;
+	let at_event_id = match at_event {
+		| Some(event_id) => event_id,
+		| None => self
+			.services
+			.rooms
+			.timeline
+			.latest_pdu_in_room(&room_id)
+			.await
+			.map_err(|_| err!(Database("Failed to find the latest PDU in database")))?
+			.event_id()
+			.to_owned(),
+	};

 	let room_version = self.services.rooms.state.get_room_version(&room_id).await?;

@@ -557,7 +571,7 @@ pub(super) async fn force_set_room_state_from_server(
 		.sending
 		.send_federation_request(&server_name, get_room_state::v1::Request {
 			room_id: room_id.clone(),
-			event_id: first_pdu.event_id.clone(),
+			event_id: at_event_id,
 		})
 		.await?;

@@ -125,13 +125,13 @@ pub(super) enum DebugCommand {
 		reset: bool,
 	},

-	/// - Verify json signatures
+	/// - Sign JSON blob
 	///
 	/// This command needs a JSON blob provided in a Markdown code block below
 	/// the command.
 	SignJson,

-	/// - Verify json signatures
+	/// - Verify JSON signatures
 	///
 	/// This command needs a JSON blob provided in a Markdown code block below
 	/// the command.
@@ -177,6 +177,9 @@ pub(super) enum DebugCommand {
 		room_id: OwnedRoomId,
 		/// The server we will use to query the room state for
 		server_name: OwnedServerName,
+		/// The event ID of the latest known PDU in the room. Will be found
+		/// automatically if not provided.
+		event_id: Option<OwnedEventId>,
 	},

 	/// - Runs a server name through conduwuit's true destination resolution
@@ -93,8 +93,7 @@ async fn process_command(services: Arc<Services>, input: &CommandInput) -> Proce

 #[allow(clippy::result_large_err)]
 fn handle_panic(error: &Error, command: &CommandInput) -> ProcessorResult {
-	let link =
-		"Please submit a [bug report](https://forgejo.ellis.link/continuwuation/continuwuity/issues/new). 🥺";
+	let link = "Please submit a [bug report](https://forgejo.ellis.link/continuwuation/continuwuity/issues/new). 🥺";
 	let msg = format!("Panic occurred while processing command:\n```\n{error:#?}\n```\n{link}");
 	let content = RoomMessageEventContent::notice_markdown(msg);
 	error!("Panic while processing command: {error:?}");
@@ -5,7 +5,7 @@ use conduwuit::{
 	utils::{IterStream, ReadyExt},
 	warn,
 };
-use futures::StreamExt;
+use futures::{FutureExt, StreamExt};
 use ruma::{OwnedRoomId, OwnedRoomOrAliasId, RoomAliasId, RoomId, RoomOrAliasId};

 use crate::{admin_command, admin_command_dispatch, get_room_info};
@@ -155,7 +155,10 @@ async fn ban_room(&self, room: OwnedRoomOrAliasId) -> Result {
 			 evicting admins too)",
 		);

-		if let Err(e) = leave_room(self.services, user_id, &room_id, None).await {
+		if let Err(e) = leave_room(self.services, user_id, &room_id, None)
+			.boxed()
+			.await
+		{
 			warn!("Failed to leave room: {e}");
 		}

@@ -323,7 +326,10 @@ async fn ban_list_of_rooms(&self) -> Result {
 				 evicting admins too)",
 			);

-			if let Err(e) = leave_room(self.services, user_id, &room_id, None).await {
+			if let Err(e) = leave_room(self.services, user_id, &room_id, None)
+				.boxed()
+				.await
+			{
 				warn!("Failed to leave room: {e}");
 			}

@@ -1,14 +1,16 @@
 use std::{collections::BTreeMap, fmt::Write as _};

-use api::client::{full_user_deactivate, join_room_by_id_helper, leave_room};
+use api::client::{
+	full_user_deactivate, join_room_by_id_helper, leave_all_rooms, leave_room, update_avatar_url,
+	update_displayname,
+};
 use conduwuit::{
 	Err, Result, debug, debug_warn, error, info, is_equal_to,
-	matrix::pdu::PduBuilder,
+	matrix::{Event, pdu::PduBuilder},
 	utils::{self, ReadyExt},
 	warn,
 };
-use conduwuit_api::client::{leave_all_rooms, update_avatar_url, update_displayname};
-use futures::StreamExt;
+use futures::{FutureExt, StreamExt};
 use ruma::{
 	OwnedEventId, OwnedRoomId, OwnedRoomOrAliasId, OwnedUserId, UserId,
 	events::{
@@ -243,8 +245,9 @@ pub(super) async fn reset_password(&self, username: String, password: Option<Str
 		.set_password(&user_id, Some(new_password.as_str()))
 	{
 		| Err(e) => return Err!("Couldn't reset the password for user {user_id}: {e}"),
-		| Ok(()) =>
-			write!(self, "Successfully reset the password for user {user_id}: `{new_password}`"),
+		| Ok(()) => {
+			write!(self, "Successfully reset the password for user {user_id}: `{new_password}`")
+		},
 	}
 	.await
 }
@@ -655,7 +658,9 @@ pub(super) async fn force_leave_room(
 		return Err!("{user_id} is not joined in the room");
 	}

-	leave_room(self.services, &user_id, &room_id, None).await?;
+	leave_room(self.services, &user_id, &room_id, None)
+		.boxed()
+		.await?;

 	self.write_str(&format!("{user_id} has left {room_id}.",))
 		.await
@@ -692,7 +697,7 @@ pub(super) async fn force_demote(&self, user_id: String, room_id: OwnedRoomOrAli
 		.state_accessor
 		.room_state_get(&room_id, &StateEventType::RoomCreate, "")
 		.await
-		.is_ok_and(|event| event.sender == user_id);
+		.is_ok_and(|event| event.sender() == user_id);

 	if !user_can_demote_self {
 		return Err!("User is not allowed to modify their own power levels in the room.",);
@@ -843,10 +848,7 @@ pub(super) async fn redact_event(&self, event_id: OwnedEventId) -> Result {
 		return Err!("Event is already redacted.");
 	}

-	let room_id = event.room_id;
-	let sender_user = event.sender;
-
-	if !self.services.globals.user_is_local(&sender_user) {
+	if !self.services.globals.user_is_local(event.sender()) {
 		return Err!("This command only works on local users.");
 	}

@@ -856,21 +858,21 @@ pub(super) async fn redact_event(&self, event_id: OwnedEventId) -> Result {
 	);

 	let redaction_event_id = {
-		let state_lock = self.services.rooms.state.mutex.lock(&room_id).await;
+		let state_lock = self.services.rooms.state.mutex.lock(event.room_id()).await;

 		self.services
 			.rooms
 			.timeline
 			.build_and_append_pdu(
 				PduBuilder {
-					redacts: Some(event.event_id.clone()),
+					redacts: Some(event.event_id().to_owned()),
 					..PduBuilder::timeline(&RoomRedactionEventContent {
-						redacts: Some(event.event_id.clone()),
+						redacts: Some(event.event_id().to_owned()),
 						reason: Some(reason),
 					})
 				},
-				&sender_user,
-				&room_id,
+				event.sender(),
+				event.room_id(),
 				&state_lock,
 			)
 			.await?
@@ -3,10 +3,9 @@ use std::fmt::Write;
 use axum::extract::State;
 use axum_client_ip::InsecureClientIp;
 use conduwuit::{
-	Err, Error, Result, debug_info, err, error, info, is_equal_to,
+	Err, Error, Event, Result, debug_info, err, error, info, is_equal_to,
 	matrix::pdu::PduBuilder,
-	utils,
-	utils::{ReadyExt, stream::BroadbandExt},
+	utils::{self, ReadyExt, stream::BroadbandExt},
 	warn,
 };
 use conduwuit_service::Services;
@@ -26,10 +25,7 @@ use ruma::{
 	},
 	events::{
 		GlobalAccountDataEventType, StateEventType,
-		room::{
-			message::RoomMessageEventContent,
-			power_levels::{RoomPowerLevels, RoomPowerLevelsEventContent},
-		},
+		room::power_levels::{RoomPowerLevels, RoomPowerLevelsEventContent},
 	},
 	push,
 };
@@ -151,16 +147,32 @@ pub(crate) async fn register_route(
 	if !services.config.allow_registration && body.appservice_info.is_none() {
 		match (body.username.as_ref(), body.initial_device_display_name.as_ref()) {
 			| (Some(username), Some(device_display_name)) => {
-				info!(%is_guest, user = %username, device_name = %device_display_name, "Rejecting registration attempt as registration is disabled");
+				info!(
+					%is_guest,
+					user = %username,
+					device_name = %device_display_name,
+					"Rejecting registration attempt as registration is disabled"
+				);
 			},
 			| (Some(username), _) => {
-				info!(%is_guest, user = %username, "Rejecting registration attempt as registration is disabled");
+				info!(
+					%is_guest,
+					user = %username,
+					"Rejecting registration attempt as registration is disabled"
+				);
 			},
 			| (_, Some(device_display_name)) => {
-				info!(%is_guest, device_name = %device_display_name, "Rejecting registration attempt as registration is disabled");
+				info!(
+					%is_guest,
+					device_name = %device_display_name,
+					"Rejecting registration attempt as registration is disabled"
+				);
 			},
 			| (None, _) => {
-				info!(%is_guest, "Rejecting registration attempt as registration is disabled");
+				info!(
+					%is_guest,
+					"Rejecting registration attempt as registration is disabled"
+				);
 			},
 		}

@@ -351,8 +363,7 @@ pub(crate) async fn register_route(
 	if !services.globals.new_user_displayname_suffix().is_empty()
 		&& body.appservice_info.is_none()
 	{
-		write!(displayname, " {}", services.server.config.new_user_displayname_suffix)
-			.expect("should be able to write to string buffer");
+		write!(displayname, " {}", services.server.config.new_user_displayname_suffix)?;
 	}

 	services
@@ -370,8 +381,7 @@ pub(crate) async fn register_route(
 				content: ruma::events::push_rules::PushRulesEventContent {
 					global: push::Ruleset::server_default(&user_id),
 				},
-			})
-			.expect("to json always works"),
+			})?,
 		)
 		.await?;

@@ -416,32 +426,21 @@ pub(crate) async fn register_route(
 	// log in conduit admin channel if a non-guest user registered
 	if body.appservice_info.is_none() && !is_guest {
 		if !device_display_name.is_empty() {
-			info!(
-				"New user \"{user_id}\" registered on this server with device display name: \
-				 \"{device_display_name}\""
+			let notice = format!(
+				"New user \"{user_id}\" registered on this server from IP {client} and device \
+				 display name \"{device_display_name}\""
 			);

+			info!("{notice}");
 			if services.server.config.admin_room_notices {
-				services
-					.admin
-					.send_message(RoomMessageEventContent::notice_plain(format!(
-						"New user \"{user_id}\" registered on this server from IP {client} and \
-						 device display name \"{device_display_name}\""
-					)))
-					.await
-					.ok();
+				services.admin.notice(&notice).await;
 			}
 		} else {
-			info!("New user \"{user_id}\" registered on this server.");
+			let notice = format!("New user \"{user_id}\" registered on this server.");

+			info!("{notice}");
 			if services.server.config.admin_room_notices {
-				services
-					.admin
-					.send_message(RoomMessageEventContent::notice_plain(format!(
-						"New user \"{user_id}\" registered on this server from IP {client}"
-					)))
-					.await
-					.ok();
+				services.admin.notice(&notice).await;
 			}
 		}
 	}
@@ -454,24 +453,22 @@ pub(crate) async fn register_route(
 			if services.server.config.admin_room_notices {
 				services
 					.admin
-					.send_message(RoomMessageEventContent::notice_plain(format!(
+					.notice(&format!(
 						"Guest user \"{user_id}\" with device display name \
 						 \"{device_display_name}\" registered on this server from IP {client}"
-					)))
-					.await
-					.ok();
+					))
+					.await;
 			}
 		} else {
 			#[allow(clippy::collapsible_else_if)]
 			if services.server.config.admin_room_notices {
 				services
 					.admin
-					.send_message(RoomMessageEventContent::notice_plain(format!(
+					.notice(&format!(
 						"Guest user \"{user_id}\" with no device display name registered on \
 						 this server from IP {client}",
-					)))
-					.await
-					.ok();
+					))
+					.await;
 			}
 		}
 	}
@@ -584,7 +581,6 @@ pub(crate) async fn change_password_route(
 		.sender_user
 		.as_ref()
 		.ok_or_else(|| err!(Request(MissingToken("Missing access token."))))?;
-	let sender_device = body.sender_device();

 	let mut uiaainfo = UiaaInfo {
 		flows: vec![AuthFlow { stages: vec![AuthType::Password] }],
@@ -598,7 +594,7 @@ pub(crate) async fn change_password_route(
 		| Some(auth) => {
 			let (worked, uiaainfo) = services
 				.uiaa
-				.try_auth(sender_user, sender_device, auth, &uiaainfo)
+				.try_auth(sender_user, body.sender_device(), auth, &uiaainfo)
 				.await?;

 			if !worked {
@@ -612,7 +608,7 @@ pub(crate) async fn change_password_route(
 				uiaainfo.session = Some(utils::random_string(SESSION_ID_LENGTH));
 				services
 					.uiaa
-					.create(sender_user, sender_device, &uiaainfo, json);
+					.create(sender_user, body.sender_device(), &uiaainfo, json);

 				return Err(Error::Uiaa(uiaainfo));
 			},
@@ -631,7 +627,7 @@ pub(crate) async fn change_password_route(
 		services
 			.users
 			.all_device_ids(sender_user)
-			.ready_filter(|id| *id != sender_device)
+			.ready_filter(|id| *id != body.sender_device())
 			.for_each(|id| services.users.remove_device(sender_user, id))
 			.await;

@@ -640,17 +636,17 @@ pub(crate) async fn change_password_route(
 			.pusher
 			.get_pushkeys(sender_user)
 			.map(ToOwned::to_owned)
-			.broad_filter_map(|pushkey| async move {
+			.broad_filter_map(async |pushkey| {
 				services
 					.pusher
 					.get_pusher_device(&pushkey)
 					.await
 					.ok()
-					.filter(|pusher_device| pusher_device != sender_device)
+					.filter(|pusher_device| pusher_device != body.sender_device())
 					.is_some()
 					.then_some(pushkey)
 			})
-			.for_each(|pushkey| async move {
+			.for_each(async |pushkey| {
 				services.pusher.delete_pusher(sender_user, &pushkey).await;
 			})
 			.await;
@@ -661,11 +657,8 @@ pub(crate) async fn change_password_route(
 	if services.server.config.admin_room_notices {
 		services
 			.admin
-			.send_message(RoomMessageEventContent::notice_plain(format!(
-				"User {sender_user} changed their password."
-			)))
-			.await
-			.ok();
+			.notice(&format!("User {sender_user} changed their password."))
+			.await;
 	}

 	Ok(change_password::v3::Response {})
@@ -680,13 +673,10 @@ pub(crate) async fn whoami_route(
 	State(services): State<crate::State>,
 	body: Ruma<whoami::v3::Request>,
 ) -> Result<whoami::v3::Response> {
-	let sender_user = body.sender_user.as_ref().expect("user is authenticated");
-	let device_id = body.sender_device.clone();
-
 	Ok(whoami::v3::Response {
-		user_id: sender_user.clone(),
-		device_id,
-		is_guest: services.users.is_deactivated(sender_user).await?
+		user_id: body.sender_user().to_owned(),
+		device_id: body.sender_device.clone(),
+		is_guest: services.users.is_deactivated(body.sender_user()).await?
 			&& body.appservice_info.is_none(),
 	})
 }
@@ -714,7 +704,6 @@ pub(crate) async fn deactivate_route(
 		.sender_user
 		.as_ref()
 		.ok_or_else(|| err!(Request(MissingToken("Missing access token."))))?;
-	let sender_device = body.sender_device();

 	let mut uiaainfo = UiaaInfo {
 		flows: vec![AuthFlow { stages: vec![AuthType::Password] }],
@@ -728,7 +717,7 @@ pub(crate) async fn deactivate_route(
 		| Some(auth) => {
 			let (worked, uiaainfo) = services
 				.uiaa
-				.try_auth(sender_user, sender_device, auth, &uiaainfo)
+				.try_auth(sender_user, body.sender_device(), auth, &uiaainfo)
 				.await?;

 			if !worked {
@@ -741,7 +730,7 @@ pub(crate) async fn deactivate_route(
 				uiaainfo.session = Some(utils::random_string(SESSION_ID_LENGTH));
 				services
 					.uiaa
-					.create(sender_user, sender_device, &uiaainfo, json);
+					.create(sender_user, body.sender_device(), &uiaainfo, json);

 				return Err(Error::Uiaa(uiaainfo));
 			},
@@ -763,18 +752,17 @@ pub(crate) async fn deactivate_route(
 	super::update_displayname(&services, sender_user, None, &all_joined_rooms).await;
 	super::update_avatar_url(&services, sender_user, None, None, &all_joined_rooms).await;

-	full_user_deactivate(&services, sender_user, &all_joined_rooms).await?;
+	full_user_deactivate(&services, sender_user, &all_joined_rooms)
+		.boxed()
+		.await?;

 	info!("User {sender_user} deactivated their account.");

 	if services.server.config.admin_room_notices {
 		services
 			.admin
-			.send_message(RoomMessageEventContent::notice_plain(format!(
-				"User {sender_user} deactivated their account."
-			)))
-			.await
-			.ok();
+			.notice(&format!("User {sender_user} deactivated their account."))
+			.await;
 	}

 	Ok(deactivate::v3::Response {
@@ -851,6 +839,7 @@ pub async fn full_user_deactivate(
 	all_joined_rooms: &[OwnedRoomId],
 ) -> Result<()> {
 	services.users.deactivate_account(user_id).await.ok();
+
 	super::update_displayname(services, user_id, None, all_joined_rooms).await;
 	super::update_avatar_url(services, user_id, None, None, all_joined_rooms).await;

@@ -887,7 +876,7 @@ pub async fn full_user_deactivate(
 				.state_accessor
 				.room_state_get(room_id, &StateEventType::RoomCreate, "")
 				.await
-				.is_ok_and(|event| event.sender == user_id);
+				.is_ok_and(|event| event.sender() == user_id);

 		if user_can_demote_self {
 			let mut power_levels_content = room_power_levels.unwrap_or_default();
@@ -915,7 +904,7 @@ pub async fn full_user_deactivate(
 		}
 	}

-	super::leave_all_rooms(services, user_id).await;
+	super::leave_all_rooms(services, user_id).boxed().await;

 	Ok(())
 }
@@ -17,8 +17,7 @@ pub(crate) async fn create_alias_route(
 	State(services): State<crate::State>,
 	body: Ruma<create_alias::v3::Request>,
 ) -> Result<create_alias::v3::Response> {
-	let sender_user = body.sender_user.as_ref().expect("user is authenticated");
-
+	let sender_user = body.sender_user();
 	services
 		.rooms
 		.alias
@@ -62,8 +61,7 @@ pub(crate) async fn delete_alias_route(
 	State(services): State<crate::State>,
 	body: Ruma<delete_alias::v3::Request>,
 ) -> Result<delete_alias::v3::Response> {
-	let sender_user = body.sender_user.as_ref().expect("user is authenticated");
-
+	let sender_user = body.sender_user();
 	services
 		.rooms
 		.alias
@@ -2,8 +2,10 @@ use std::cmp::Ordering;

 use axum::extract::State;
 use conduwuit::{Err, Result, err};
+use conduwuit_service::Services;
+use futures::{FutureExt, future::try_join};
 use ruma::{
-	UInt,
+	UInt, UserId,
 	api::client::backup::{
 		add_backup_keys, add_backup_keys_for_room, add_backup_keys_for_session,
 		create_backup_version, delete_backup_keys, delete_backup_keys_for_room,
@@ -58,21 +60,9 @@ pub(crate) async fn get_latest_backup_info_route(
 		.await
 		.map_err(|_| err!(Request(NotFound("Key backup does not exist."))))?;

-	Ok(get_latest_backup_info::v3::Response {
-		algorithm,
-		count: (UInt::try_from(
-			services
-				.key_backups
-				.count_keys(body.sender_user(), &version)
-				.await,
-		)
-		.expect("user backup keys count should not be that high")),
-		etag: services
-			.key_backups
-			.get_etag(body.sender_user(), &version)
-			.await,
-		version,
-	})
+	let (count, etag) = get_count_etag(&services, body.sender_user(), &version).await?;
+
+	Ok(get_latest_backup_info::v3::Response { algorithm, count, etag, version })
 }

 /// # `GET /_matrix/client/v3/room_keys/version/{version}`
@@ -90,17 +80,12 @@ pub(crate) async fn get_backup_info_route(
 			err!(Request(NotFound("Key backup does not exist at version {:?}", body.version)))
 		})?;

+	let (count, etag) = get_count_etag(&services, body.sender_user(), &body.version).await?;
+
 	Ok(get_backup_info::v3::Response {
 		algorithm,
-		count: services
-			.key_backups
-			.count_keys(body.sender_user(), &body.version)
-			.await
-			.try_into()?,
-		etag: services
-			.key_backups
-			.get_etag(body.sender_user(), &body.version)
-			.await,
+		count,
+		etag,
 		version: body.version.clone(),
 	})
 }
@@ -155,17 +140,9 @@ pub(crate) async fn add_backup_keys_route(
 		}
 	}

-	Ok(add_backup_keys::v3::Response {
-		count: services
-			.key_backups
-			.count_keys(body.sender_user(), &body.version)
-			.await
-			.try_into()?,
-		etag: services
-			.key_backups
-			.get_etag(body.sender_user(), &body.version)
-			.await,
-	})
+	let (count, etag) = get_count_etag(&services, body.sender_user(), &body.version).await?;
+
+	Ok(add_backup_keys::v3::Response { count, etag })
 }

 /// # `PUT /_matrix/client/r0/room_keys/keys/{roomId}`
@@ -198,17 +175,9 @@ pub(crate) async fn add_backup_keys_for_room_route(
 			.await?;
 	}

-	Ok(add_backup_keys_for_room::v3::Response {
-		count: services
-			.key_backups
-			.count_keys(body.sender_user(), &body.version)
-			.await
-			.try_into()?,
-		etag: services
-			.key_backups
-			.get_etag(body.sender_user(), &body.version)
-			.await,
-	})
+	let (count, etag) = get_count_etag(&services, body.sender_user(), &body.version).await?;
+
+	Ok(add_backup_keys_for_room::v3::Response { count, etag })
 }

 /// # `PUT /_matrix/client/r0/room_keys/keys/{roomId}/{sessionId}`
@@ -306,17 +275,9 @@ pub(crate) async fn add_backup_keys_for_session_route(
 			.await?;
 	}

-	Ok(add_backup_keys_for_session::v3::Response {
-		count: services
-			.key_backups
-			.count_keys(body.sender_user(), &body.version)
-			.await
-			.try_into()?,
-		etag: services
-			.key_backups
-			.get_etag(body.sender_user(), &body.version)
-			.await,
-	})
+	let (count, etag) = get_count_etag(&services, body.sender_user(), &body.version).await?;
+
+	Ok(add_backup_keys_for_session::v3::Response { count, etag })
 }

 /// # `GET /_matrix/client/r0/room_keys/keys`
@@ -379,17 +340,9 @@ pub(crate) async fn delete_backup_keys_route(
 		.delete_all_keys(body.sender_user(), &body.version)
 		.await;

-	Ok(delete_backup_keys::v3::Response {
-		count: services
-			.key_backups
-			.count_keys(body.sender_user(), &body.version)
-			.await
-			.try_into()?,
-		etag: services
-			.key_backups
-			.get_etag(body.sender_user(), &body.version)
-			.await,
-	})
+	let (count, etag) = get_count_etag(&services, body.sender_user(), &body.version).await?;
+
+	Ok(delete_backup_keys::v3::Response { count, etag })
 }

 /// # `DELETE /_matrix/client/r0/room_keys/keys/{roomId}`
@@ -404,17 +357,9 @@ pub(crate) async fn delete_backup_keys_for_room_route(
 		.delete_room_keys(body.sender_user(), &body.version, &body.room_id)
 		.await;

-	Ok(delete_backup_keys_for_room::v3::Response {
-		count: services
-			.key_backups
-			.count_keys(body.sender_user(), &body.version)
-			.await
-			.try_into()?,
-		etag: services
-			.key_backups
-			.get_etag(body.sender_user(), &body.version)
-			.await,
-	})
+	let (count, etag) = get_count_etag(&services, body.sender_user(), &body.version).await?;
+
+	Ok(delete_backup_keys_for_room::v3::Response { count, etag })
 }

 /// # `DELETE /_matrix/client/r0/room_keys/keys/{roomId}/{sessionId}`
@@ -429,15 +374,22 @@ pub(crate) async fn delete_backup_keys_for_session_route(
 		.delete_room_key(body.sender_user(), &body.version, &body.room_id, &body.session_id)
 		.await;

-	Ok(delete_backup_keys_for_session::v3::Response {
-		count: services
-			.key_backups
-			.count_keys(body.sender_user(), &body.version)
-			.await
-			.try_into()?,
-		etag: services
-			.key_backups
-			.get_etag(body.sender_user(), &body.version)
-			.await,
-	})
+	let (count, etag) = get_count_etag(&services, body.sender_user(), &body.version).await?;
+
+	Ok(delete_backup_keys_for_session::v3::Response { count, etag })
+}
+
+async fn get_count_etag(
+	services: &Services,
+	sender_user: &UserId,
+	version: &str,
+) -> Result<(UInt, String)> {
+	let count = services
+		.key_backups
+		.count_keys(sender_user, version)
+		.map(TryInto::try_into);
+
+	let etag = services.key_backups.get_etag(sender_user, version).map(Ok);
+
+	Ok(try_join(count, etag).await?)
 }
@@ -26,8 +26,8 @@ pub(crate) async fn get_capabilities_route(

 	let mut capabilities = Capabilities::default();
 	capabilities.room_versions = RoomVersionsCapability {
-		default: services.server.config.default_room_version.clone(),
 		available,
+		default: services.server.config.default_room_version.clone(),
 	};

 	// we do not implement 3PID stuff
@@ -38,16 +38,12 @@ pub(crate) async fn get_capabilities_route(
 	};

 	// MSC4133 capability
-	capabilities
-		.set("uk.tcpip.msc4133.profile_fields", json!({"enabled": true}))
-		.expect("this is valid JSON we created");
+	capabilities.set("uk.tcpip.msc4133.profile_fields", json!({"enabled": true}))?;

-	capabilities
-		.set(
-			"org.matrix.msc4267.forget_forced_upon_leave",
-			json!({"enabled": services.config.forget_forced_upon_leave}),
-		)
-		.expect("valid JSON we created");
+	capabilities.set(
+		"org.matrix.msc4267.forget_forced_upon_leave",
+		json!({"enabled": services.config.forget_forced_upon_leave}),
+	)?;

 	Ok(get_capabilities::v3::Response { capabilities })
 }
@@ -1,8 +1,6 @@
 use axum::extract::State;
 use conduwuit::{
-	Err, Result, at, debug_warn, err,
-	matrix::pdu::PduEvent,
-	ref_at,
+	Err, Event, Result, at, debug_warn, err, ref_at,
 	utils::{
 		IterStream,
 		future::TryExtExt,
@@ -111,7 +109,7 @@ pub(crate) async fn get_context_route(

 	let lazy_loading_context = lazy_loading::Context {
 		user_id: sender_user,
-		device_id: sender_device,
+		device_id: Some(sender_device),
 		room_id,
 		token: Some(base_count.into_unsigned()),
 		options: Some(&filter.lazy_load_options),
@@ -179,12 +177,12 @@ pub(crate) async fn get_context_route(
 		.broad_filter_map(|event_id: &OwnedEventId| {
 			services.rooms.timeline.get_pdu(event_id.as_ref()).ok()
 		})
-		.map(PduEvent::into_state_event)
+		.map(Event::into_format)
 		.collect()
 		.await;

 	Ok(get_context::v3::Response {
-		event: base_event.map(at!(1)).map(PduEvent::into_room_event),
+		event: base_event.map(at!(1)).map(Event::into_format),

 		start: events_before
 			.last()
@@ -203,13 +201,13 @@ pub(crate) async fn get_context_route(
 		events_before: events_before
 			.into_iter()
 			.map(at!(1))
-			.map(PduEvent::into_room_event)
+			.map(Event::into_format)
 			.collect(),

 		events_after: events_after
 			.into_iter()
 			.map(at!(1))
-			.map(PduEvent::into_room_event)
+			.map(Event::into_format)
 			.collect(),

 		state,
@@ -21,11 +21,9 @@ pub(crate) async fn get_devices_route(
 	State(services): State<crate::State>,
 	body: Ruma<get_devices::v3::Request>,
 ) -> Result<get_devices::v3::Response> {
-	let sender_user = body.sender_user.as_ref().expect("user is authenticated");
-
 	let devices: Vec<device::Device> = services
 		.users
-		.all_devices_metadata(sender_user)
+		.all_devices_metadata(body.sender_user())
 		.collect()
 		.await;

@@ -39,11 +37,9 @@ pub(crate) async fn get_device_route(
 	State(services): State<crate::State>,
 	body: Ruma<get_device::v3::Request>,
 ) -> Result<get_device::v3::Response> {
-	let sender_user = body.sender_user.as_ref().expect("user is authenticated");
-
 	let device = services
 		.users
-		.get_device_metadata(sender_user, &body.body.device_id)
+		.get_device_metadata(body.sender_user(), &body.body.device_id)
 		.await
 		.map_err(|_| err!(Request(NotFound("Device not found."))))?;

@@ -1,7 +1,7 @@
 use axum::extract::State;
 use axum_client_ip::InsecureClientIp;
 use conduwuit::{
-	Err, Result, err, info,
+	Err, Event, Result, err, info,
 	utils::{
 		TryFutureExtExt,
 		math::Expected,
@@ -349,7 +349,7 @@ async fn user_can_publish_room(
 		.room_state_get(room_id, &StateEventType::RoomPowerLevels, "")
 		.await
 	{
-		| Ok(event) => serde_json::from_str(event.content.get())
+		| Ok(event) => serde_json::from_str(event.content().get())
 			.map_err(|_| err!(Database("Invalid event content for m.room.power_levels")))
 			.map(|content: RoomPowerLevelsEventContent| {
 				RoomPowerLevels::from(content)
@@ -362,7 +362,7 @@ async fn user_can_publish_room(
 				.room_state_get(room_id, &StateEventType::RoomCreate, "")
 				.await
 			{
-				| Ok(event) => Ok(event.sender == user_id),
+				| Ok(event) => Ok(event.sender() == user_id),
 				| _ => Err!(Request(Forbidden("User is not allowed to publish this room"))),
 			}
 		},
@@ -13,11 +13,9 @@ pub(crate) async fn get_filter_route(
 	State(services): State<crate::State>,
 	body: Ruma<get_filter::v3::Request>,
 ) -> Result<get_filter::v3::Response> {
-	let sender_user = body.sender_user.as_ref().expect("user is authenticated");
-
 	services
 		.users
-		.get_filter(sender_user, &body.filter_id)
+		.get_filter(body.sender_user(), &body.filter_id)
 		.await
 		.map(get_filter::v3::Response::new)
 		.map_err(|_| err!(Request(NotFound("Filter not found."))))
@@ -30,9 +28,9 @@ pub(crate) async fn create_filter_route(
 	State(services): State<crate::State>,
 	body: Ruma<create_filter::v3::Request>,
 ) -> Result<create_filter::v3::Response> {
-	let sender_user = body.sender_user.as_ref().expect("user is authenticated");
-
-	let filter_id = services.users.create_filter(sender_user, &body.filter);
+	let filter_id = services
+		.users
+		.create_filter(body.sender_user(), &body.filter);

 	Ok(create_filter::v3::Response::new(filter_id))
 }
@@ -126,7 +126,7 @@ pub(crate) async fn get_keys_route(
 	State(services): State<crate::State>,
 	body: Ruma<get_keys::v3::Request>,
 ) -> Result<get_keys::v3::Response> {
-	let sender_user = body.sender_user.as_ref().expect("user is authenticated");
+	let sender_user = body.sender_user();

 	get_keys_helper(
 		&services,
@@ -157,8 +157,7 @@ pub(crate) async fn upload_signing_keys_route(
 	State(services): State<crate::State>,
 	body: Ruma<upload_signing_keys::v3::Request>,
 ) -> Result<upload_signing_keys::v3::Response> {
-	let sender_user = body.sender_user.as_ref().expect("user is authenticated");
-	let sender_device = body.sender_device.as_ref().expect("user is authenticated");
+	let (sender_user, sender_device) = body.sender();

 	// UIAA
 	let mut uiaainfo = UiaaInfo {
@@ -203,12 +202,12 @@ pub(crate) async fn upload_signing_keys_route(
 					}
 					// Success!
 				},
-				| _ => match body.json_body {
+				| _ => match body.json_body.as_ref() {
 					| Some(json) => {
 						uiaainfo.session = Some(utils::random_string(SESSION_ID_LENGTH));
 						services
 							.uiaa
-							.create(sender_user, sender_device, &uiaainfo, &json);
+							.create(sender_user, sender_device, &uiaainfo, json);

 						return Err(Error::Uiaa(uiaainfo));
 					},
@@ -373,7 +372,7 @@ pub(crate) async fn get_key_changes_route(
 	State(services): State<crate::State>,
 	body: Ruma<get_key_changes::v3::Request>,
 ) -> Result<get_key_changes::v3::Response> {
-	let sender_user = body.sender_user.as_ref().expect("user is authenticated");
+	let sender_user = body.sender_user();

 	let mut device_list_updates = HashSet::new();

@@ -51,7 +51,7 @@ pub(crate) async fn create_content_route(
 	InsecureClientIp(client): InsecureClientIp,
 	body: Ruma<create_content::v3::Request>,
 ) -> Result<create_content::v3::Response> {
-	let user = body.sender_user.as_ref().expect("user is authenticated");
+	let user = body.sender_user();

 	let filename = body.filename.as_deref();
 	let content_type = body.content_type.as_deref();
@@ -94,7 +94,7 @@ pub(crate) async fn get_content_thumbnail_route(
 	InsecureClientIp(client): InsecureClientIp,
 	body: Ruma<get_content_thumbnail::v1::Request>,
 ) -> Result<get_content_thumbnail::v1::Response> {
-	let user = body.sender_user.as_ref().expect("user is authenticated");
+	let user = body.sender_user();

 	let dim = Dim::from_ruma(body.width, body.height, body.method.clone())?;
 	let mxc = Mxc {
@@ -131,7 +131,7 @@ pub(crate) async fn get_content_route(
 	InsecureClientIp(client): InsecureClientIp,
 	body: Ruma<get_content::v1::Request>,
 ) -> Result<get_content::v1::Response> {
-	let user = body.sender_user.as_ref().expect("user is authenticated");
+	let user = body.sender_user();

 	let mxc = Mxc {
 		server_name: &body.server_name,
@@ -167,7 +167,7 @@ pub(crate) async fn get_content_as_filename_route(
 	InsecureClientIp(client): InsecureClientIp,
 	body: Ruma<get_content_as_filename::v1::Request>,
 ) -> Result<get_content_as_filename::v1::Response> {
-	let user = body.sender_user.as_ref().expect("user is authenticated");
+	let user = body.sender_user();

 	let mxc = Mxc {
 		server_name: &body.server_name,
@@ -203,7 +203,7 @@ pub(crate) async fn get_media_preview_route(
 	InsecureClientIp(client): InsecureClientIp,
 	body: Ruma<get_media_preview::v1::Request>,
 ) -> Result<get_media_preview::v1::Response> {
-	let sender_user = body.sender_user.as_ref().expect("user is authenticated");
+	let sender_user = body.sender_user();

 	let url = &body.url;
 	let url = Url::parse(&body.url).map_err(|e| {
@@ -55,7 +55,7 @@ pub(crate) async fn get_media_preview_legacy_route(
 	InsecureClientIp(client): InsecureClientIp,
 	body: Ruma<get_media_preview::v3::Request>,
 ) -> Result<get_media_preview::v3::Response> {
-	let sender_user = body.sender_user.as_ref().expect("user is authenticated");
+	let sender_user = body.sender_user();

 	let url = &body.url;
 	let url = Url::parse(&body.url).map_err(|e| {
@@ -0,0 +1,55 @@
+use axum::extract::State;
+use conduwuit::{Err, Result, matrix::pdu::PduBuilder};
+use ruma::{
+	api::client::membership::ban_user,
+	events::room::member::{MembershipState, RoomMemberEventContent},
+};
+
+use crate::Ruma;
+
+/// # `POST /_matrix/client/r0/rooms/{roomId}/ban`
+///
+/// Tries to send a ban event into the room.
+pub(crate) async fn ban_user_route(
+	State(services): State<crate::State>,
+	body: Ruma<ban_user::v3::Request>,
+) -> Result<ban_user::v3::Response> {
+	let sender_user = body.sender_user();
+
+	if sender_user == body.user_id {
+		return Err!(Request(Forbidden("You cannot ban yourself.")));
+	}
+
+	let state_lock = services.rooms.state.mutex.lock(&body.room_id).await;
+
+	let current_member_content = services
+		.rooms
+		.state_accessor
+		.get_member(&body.room_id, &body.user_id)
+		.await
+		.unwrap_or_else(|_| RoomMemberEventContent::new(MembershipState::Ban));
+
+	services
+		.rooms
+		.timeline
+		.build_and_append_pdu(
+			PduBuilder::state(body.user_id.to_string(), &RoomMemberEventContent {
+				membership: MembershipState::Ban,
+				reason: body.reason.clone(),
+				displayname: None, // display name may be offensive
+				avatar_url: None,  // avatar may be offensive
+				is_direct: None,
+				join_authorized_via_users_server: None,
+				third_party_invite: None,
+				..current_member_content
+			}),
+			sender_user,
+			&body.room_id,
+			&state_lock,
+		)
+		.await?;
+
+	drop(state_lock);
+
+	Ok(ban_user::v3::Response::new())
+}
@@ -0,0 +1,52 @@
+use axum::extract::State;
+use conduwuit::{Err, Result, is_matching, result::NotFound, utils::FutureBoolExt};
+use futures::pin_mut;
+use ruma::{api::client::membership::forget_room, events::room::member::MembershipState};
+
+use crate::Ruma;
+
+/// # `POST /_matrix/client/v3/rooms/{roomId}/forget`
+///
+/// Forgets about a room.
+///
+/// - If the sender user currently left the room: Stops sender user from
+///   receiving information about the room
+///
+/// Note: Other devices of the user have no way of knowing the room was
+/// forgotten, so this has to be called from every device
+pub(crate) async fn forget_room_route(
+	State(services): State<crate::State>,
+	body: Ruma<forget_room::v3::Request>,
+) -> Result<forget_room::v3::Response> {
+	let user_id = body.sender_user();
+	let room_id = &body.room_id;
+
+	let joined = services.rooms.state_cache.is_joined(user_id, room_id);
+	let knocked = services.rooms.state_cache.is_knocked(user_id, room_id);
+	let invited = services.rooms.state_cache.is_invited(user_id, room_id);
+
+	pin_mut!(joined, knocked, invited);
+	if joined.or(knocked).or(invited).await {
+		return Err!(Request(Unknown("You must leave the room before forgetting it")));
+	}
+
+	let membership = services
+		.rooms
+		.state_accessor
+		.get_member(room_id, user_id)
+		.await;
+
+	if membership.is_not_found() {
+		return Err!(Request(Unknown("No membership event was found, room was never joined")));
+	}
+
+	let non_membership = membership
+		.map(|member| member.membership)
+		.is_ok_and(is_matching!(MembershipState::Leave | MembershipState::Ban));
+
+	if non_membership || services.rooms.state_cache.is_left(user_id, room_id).await {
+		services.rooms.state_cache.forget(room_id, user_id);
+	}
+
+	Ok(forget_room::v3::Response::new())
+}
@@ -0,0 +1,235 @@
+use axum::extract::State;
+use axum_client_ip::InsecureClientIp;
+use conduwuit::{
+	Err, Result, debug_error, err, info,
+	matrix::{event::gen_event_id_canonical_json, pdu::PduBuilder},
+};
+use futures::{FutureExt, join};
+use ruma::{
+	OwnedServerName, RoomId, UserId,
+	api::{client::membership::invite_user, federation::membership::create_invite},
+	events::room::member::{MembershipState, RoomMemberEventContent},
+};
+use service::Services;
+
+use super::banned_room_check;
+use crate::Ruma;
+
+/// # `POST /_matrix/client/r0/rooms/{roomId}/invite`
+///
+/// Tries to send an invite event into the room.
+#[tracing::instrument(skip_all, fields(%client), name = "invite")]
+pub(crate) async fn invite_user_route(
+	State(services): State<crate::State>,
+	InsecureClientIp(client): InsecureClientIp,
+	body: Ruma<invite_user::v3::Request>,
+) -> Result<invite_user::v3::Response> {
+	let sender_user = body.sender_user();
+
+	if !services.users.is_admin(sender_user).await && services.config.block_non_admin_invites {
+		debug_error!(
+			"User {sender_user} is not an admin and attempted to send an invite to room {}",
+			&body.room_id
+		);
+		return Err!(Request(Forbidden("Invites are not allowed on this server.")));
+	}
+
+	banned_room_check(
+		&services,
+		sender_user,
+		Some(&body.room_id),
+		body.room_id.server_name(),
+		client,
+	)
+	.await?;
+
+	match &body.recipient {
+		| invite_user::v3::InvitationRecipient::UserId { user_id } => {
+			let sender_ignored_recipient = services.users.user_is_ignored(sender_user, user_id);
+			let recipient_ignored_by_sender =
+				services.users.user_is_ignored(user_id, sender_user);
+
+			let (sender_ignored_recipient, recipient_ignored_by_sender) =
+				join!(sender_ignored_recipient, recipient_ignored_by_sender);
+
+			if sender_ignored_recipient {
+				return Ok(invite_user::v3::Response {});
+			}
+
+			if let Ok(target_user_membership) = services
+				.rooms
+				.state_accessor
+				.get_member(&body.room_id, user_id)
+				.await
+			{
+				if target_user_membership.membership == MembershipState::Ban {
+					return Err!(Request(Forbidden("User is banned from this room.")));
+				}
+			}
+
+			if recipient_ignored_by_sender {
+				// silently drop the invite to the recipient if they've been ignored by the
+				// sender, pretend it worked
+				return Ok(invite_user::v3::Response {});
+			}
+
+			invite_helper(
+				&services,
+				sender_user,
+				user_id,
+				&body.room_id,
+				body.reason.clone(),
+				false,
+			)
+			.boxed()
+			.await?;
+
+			Ok(invite_user::v3::Response {})
+		},
+		| _ => {
+			Err!(Request(NotFound("User not found.")))
+		},
+	}
+}
+
+pub(crate) async fn invite_helper(
+	services: &Services,
+	sender_user: &UserId,
+	user_id: &UserId,
+	room_id: &RoomId,
+	reason: Option<String>,
+	is_direct: bool,
+) -> Result {
+	if !services.users.is_admin(sender_user).await && services.config.block_non_admin_invites {
+		info!(
+			"User {sender_user} is not an admin and attempted to send an invite to room \
+			 {room_id}"
+		);
+		return Err!(Request(Forbidden("Invites are not allowed on this server.")));
+	}
+
+	if !services.globals.user_is_local(user_id) {
+		let (pdu, pdu_json, invite_room_state) = {
+			let state_lock = services.rooms.state.mutex.lock(room_id).await;
+
+			let content = RoomMemberEventContent {
+				avatar_url: services.users.avatar_url(user_id).await.ok(),
+				is_direct: Some(is_direct),
+				reason,
+				..RoomMemberEventContent::new(MembershipState::Invite)
+			};
+
+			let (pdu, pdu_json) = services
+				.rooms
+				.timeline
+				.create_hash_and_sign_event(
+					PduBuilder::state(user_id.to_string(), &content),
+					sender_user,
+					room_id,
+					&state_lock,
+				)
+				.await?;
+
+			let invite_room_state = services.rooms.state.summary_stripped(&pdu).await;
+
+			drop(state_lock);
+
+			(pdu, pdu_json, invite_room_state)
+		};
+
+		let room_version_id = services.rooms.state.get_room_version(room_id).await?;
+
+		let response = services
+			.sending
+			.send_federation_request(user_id.server_name(), create_invite::v2::Request {
+				room_id: room_id.to_owned(),
+				event_id: (*pdu.event_id).to_owned(),
+				room_version: room_version_id.clone(),
+				event: services
+					.sending
+					.convert_to_outgoing_federation_event(pdu_json.clone())
+					.await,
+				invite_room_state,
+				via: services
+					.rooms
+					.state_cache
+					.servers_route_via(room_id)
+					.await
+					.ok(),
+			})
+			.await?;
+
+		// We do not add the event_id field to the pdu here because of signature and
+		// hashes checks
+		let (event_id, value) = gen_event_id_canonical_json(&response.event, &room_version_id)
+			.map_err(|e| {
+				err!(Request(BadJson(warn!("Could not convert event to canonical JSON: {e}"))))
+			})?;
+
+		if pdu.event_id != event_id {
+			return Err!(Request(BadJson(warn!(
+				%pdu.event_id, %event_id,
+				"Server {} sent event with wrong event ID",
+				user_id.server_name()
+			))));
+		}
+
+		let origin: OwnedServerName = serde_json::from_value(serde_json::to_value(
+			value
+				.get("origin")
+				.ok_or_else(|| err!(Request(BadJson("Event missing origin field."))))?,
+		)?)
+		.map_err(|e| {
+			err!(Request(BadJson(warn!("Origin field in event is not a valid server name: {e}"))))
+		})?;
+
+		let pdu_id = services
+			.rooms
+			.event_handler
+			.handle_incoming_pdu(&origin, room_id, &event_id, value, true)
+			.boxed()
+			.await?
+			.ok_or_else(|| {
+				err!(Request(InvalidParam("Could not accept incoming PDU as timeline event.")))
+			})?;
+
+		return services.sending.send_pdu_room(room_id, &pdu_id).await;
+	}
+
+	if !services
+		.rooms
+		.state_cache
+		.is_joined(sender_user, room_id)
+		.await
+	{
+		return Err!(Request(Forbidden(
+			"You must be joined in the room you are trying to invite from."
+		)));
+	}
+
+	let state_lock = services.rooms.state.mutex.lock(room_id).await;
+
+	let content = RoomMemberEventContent {
+		displayname: services.users.displayname(user_id).await.ok(),
+		avatar_url: services.users.avatar_url(user_id).await.ok(),
+		blurhash: services.users.blurhash(user_id).await.ok(),
+		is_direct: Some(is_direct),
+		reason,
+		..RoomMemberEventContent::new(MembershipState::Invite)
+	};
+
+	services
+		.rooms
+		.timeline
+		.build_and_append_pdu(
+			PduBuilder::state(user_id.to_string(), &content),
+			sender_user,
+			room_id,
+			&state_lock,
+		)
+		.await?;
+
+	drop(state_lock);
+
+	Ok(())
+}
@@ -0,0 +1,975 @@
+use std::{borrow::Borrow, collections::HashMap, iter::once, sync::Arc};
+
+use axum::extract::State;
+use axum_client_ip::InsecureClientIp;
+use conduwuit::{
+	Err, Result, debug, debug_info, debug_warn, err, error, info,
+	matrix::{
+		StateKey,
+		event::{gen_event_id, gen_event_id_canonical_json},
+		pdu::{PduBuilder, PduEvent},
+		state_res,
+	},
+	result::FlatOk,
+	trace,
+	utils::{
+		self, shuffle,
+		stream::{IterStream, ReadyExt},
+	},
+	warn,
+};
+use futures::{FutureExt, StreamExt};
+use ruma::{
+	CanonicalJsonObject, CanonicalJsonValue, OwnedRoomId, OwnedServerName, OwnedUserId, RoomId,
+	RoomVersionId, UserId,
+	api::{
+		client::{
+			error::ErrorKind,
+			membership::{ThirdPartySigned, join_room_by_id, join_room_by_id_or_alias},
+		},
+		federation::{self},
+	},
+	canonical_json::to_canonical_value,
+	events::{
+		StateEventType,
+		room::{
+			join_rules::{AllowRule, JoinRule, RoomJoinRulesEventContent},
+			member::{MembershipState, RoomMemberEventContent},
+		},
+	},
+};
+use service::{
+	Services,
+	appservice::RegistrationInfo,
+	rooms::{
+		state::RoomMutexGuard,
+		state_compressor::{CompressedState, HashSetCompressStateEvent},
+	},
+};
+
+use super::banned_room_check;
+use crate::Ruma;
+
+/// # `POST /_matrix/client/r0/rooms/{roomId}/join`
+///
+/// Tries to join the sender user into a room.
+///
+/// - If the server knowns about this room: creates the join event and does auth
+///   rules locally
+/// - If the server does not know about the room: asks other servers over
+///   federation
+#[tracing::instrument(skip_all, fields(%client), name = "join")]
+pub(crate) async fn join_room_by_id_route(
+	State(services): State<crate::State>,
+	InsecureClientIp(client): InsecureClientIp,
+	body: Ruma<join_room_by_id::v3::Request>,
+) -> Result<join_room_by_id::v3::Response> {
+	let sender_user = body.sender_user();
+
+	banned_room_check(
+		&services,
+		sender_user,
+		Some(&body.room_id),
+		body.room_id.server_name(),
+		client,
+	)
+	.await?;
+
+	// There is no body.server_name for /roomId/join
+	let mut servers: Vec<_> = services
+		.rooms
+		.state_cache
+		.servers_invite_via(&body.room_id)
+		.map(ToOwned::to_owned)
+		.collect()
+		.await;
+
+	servers.extend(
+		services
+			.rooms
+			.state_cache
+			.invite_state(sender_user, &body.room_id)
+			.await
+			.unwrap_or_default()
+			.iter()
+			.filter_map(|event| event.get_field("sender").ok().flatten())
+			.filter_map(|sender: &str| UserId::parse(sender).ok())
+			.map(|user| user.server_name().to_owned()),
+	);
+
+	if let Some(server) = body.room_id.server_name() {
+		servers.push(server.into());
+	}
+
+	servers.sort_unstable();
+	servers.dedup();
+	shuffle(&mut servers);
+
+	join_room_by_id_helper(
+		&services,
+		sender_user,
+		&body.room_id,
+		body.reason.clone(),
+		&servers,
+		body.third_party_signed.as_ref(),
+		&body.appservice_info,
+	)
+	.boxed()
+	.await
+}
+
+/// # `POST /_matrix/client/r0/join/{roomIdOrAlias}`
+///
+/// Tries to join the sender user into a room.
+///
+/// - If the server knowns about this room: creates the join event and does auth
+///   rules locally
+/// - If the server does not know about the room: use the server name query
+///   param if specified. if not specified, asks other servers over federation
+///   via room alias server name and room ID server name
+#[tracing::instrument(skip_all, fields(%client), name = "join")]
+pub(crate) async fn join_room_by_id_or_alias_route(
+	State(services): State<crate::State>,
+	InsecureClientIp(client): InsecureClientIp,
+	body: Ruma<join_room_by_id_or_alias::v3::Request>,
+) -> Result<join_room_by_id_or_alias::v3::Response> {
+	let sender_user = body.sender_user();
+	let appservice_info = &body.appservice_info;
+	let body = &body.body;
+
+	let (servers, room_id) = match OwnedRoomId::try_from(body.room_id_or_alias.clone()) {
+		| Ok(room_id) => {
+			banned_room_check(
+				&services,
+				sender_user,
+				Some(&room_id),
+				room_id.server_name(),
+				client,
+			)
+			.boxed()
+			.await?;
+
+			let mut servers = body.via.clone();
+			servers.extend(
+				services
+					.rooms
+					.state_cache
+					.servers_invite_via(&room_id)
+					.map(ToOwned::to_owned)
+					.collect::<Vec<_>>()
+					.await,
+			);
+
+			servers.extend(
+				services
+					.rooms
+					.state_cache
+					.invite_state(sender_user, &room_id)
+					.await
+					.unwrap_or_default()
+					.iter()
+					.filter_map(|event| event.get_field("sender").ok().flatten())
+					.filter_map(|sender: &str| UserId::parse(sender).ok())
+					.map(|user| user.server_name().to_owned()),
+			);
+
+			if let Some(server) = room_id.server_name() {
+				servers.push(server.to_owned());
+			}
+
+			servers.sort_unstable();
+			servers.dedup();
+			shuffle(&mut servers);
+
+			(servers, room_id)
+		},
+		| Err(room_alias) => {
+			let (room_id, mut servers) = services
+				.rooms
+				.alias
+				.resolve_alias(&room_alias, Some(body.via.clone()))
+				.await?;
+
+			banned_room_check(
+				&services,
+				sender_user,
+				Some(&room_id),
+				Some(room_alias.server_name()),
+				client,
+			)
+			.await?;
+
+			let addl_via_servers = services
+				.rooms
+				.state_cache
+				.servers_invite_via(&room_id)
+				.map(ToOwned::to_owned);
+
+			let addl_state_servers = services
+				.rooms
+				.state_cache
+				.invite_state(sender_user, &room_id)
+				.await
+				.unwrap_or_default();
+
+			let mut addl_servers: Vec<_> = addl_state_servers
+				.iter()
+				.map(|event| event.get_field("sender"))
+				.filter_map(FlatOk::flat_ok)
+				.map(|user: &UserId| user.server_name().to_owned())
+				.stream()
+				.chain(addl_via_servers)
+				.collect()
+				.await;
+
+			addl_servers.sort_unstable();
+			addl_servers.dedup();
+			shuffle(&mut addl_servers);
+			servers.append(&mut addl_servers);
+
+			(servers, room_id)
+		},
+	};
+
+	let join_room_response = join_room_by_id_helper(
+		&services,
+		sender_user,
+		&room_id,
+		body.reason.clone(),
+		&servers,
+		body.third_party_signed.as_ref(),
+		appservice_info,
+	)
+	.boxed()
+	.await?;
+
+	Ok(join_room_by_id_or_alias::v3::Response { room_id: join_room_response.room_id })
+}
+
+pub async fn join_room_by_id_helper(
+	services: &Services,
+	sender_user: &UserId,
+	room_id: &RoomId,
+	reason: Option<String>,
+	servers: &[OwnedServerName],
+	third_party_signed: Option<&ThirdPartySigned>,
+	appservice_info: &Option<RegistrationInfo>,
+) -> Result<join_room_by_id::v3::Response> {
+	let state_lock = services.rooms.state.mutex.lock(room_id).await;
+
+	let user_is_guest = services
+		.users
+		.is_deactivated(sender_user)
+		.await
+		.unwrap_or(false)
+		&& appservice_info.is_none();
+
+	if user_is_guest && !services.rooms.state_accessor.guest_can_join(room_id).await {
+		return Err!(Request(Forbidden("Guests are not allowed to join this room")));
+	}
+
+	if services
+		.rooms
+		.state_cache
+		.is_joined(sender_user, room_id)
+		.await
+	{
+		debug_warn!("{sender_user} is already joined in {room_id}");
+		return Ok(join_room_by_id::v3::Response { room_id: room_id.into() });
+	}
+
+	if let Ok(membership) = services
+		.rooms
+		.state_accessor
+		.get_member(room_id, sender_user)
+		.await
+	{
+		if membership.membership == MembershipState::Ban {
+			debug_warn!("{sender_user} is banned from {room_id} but attempted to join");
+			return Err!(Request(Forbidden("You are banned from the room.")));
+		}
+	}
+
+	let server_in_room = services
+		.rooms
+		.state_cache
+		.server_in_room(services.globals.server_name(), room_id)
+		.await;
+
+	let local_join = server_in_room
+		|| servers.is_empty()
+		|| (servers.len() == 1 && services.globals.server_is_ours(&servers[0]));
+
+	if local_join {
+		join_room_by_id_helper_local(
+			services,
+			sender_user,
+			room_id,
+			reason,
+			servers,
+			third_party_signed,
+			state_lock,
+		)
+		.boxed()
+		.await?;
+	} else {
+		// Ask a remote server if we are not participating in this room
+		join_room_by_id_helper_remote(
+			services,
+			sender_user,
+			room_id,
+			reason,
+			servers,
+			third_party_signed,
+			state_lock,
+		)
+		.boxed()
+		.await?;
+	}
+
+	Ok(join_room_by_id::v3::Response::new(room_id.to_owned()))
+}
+
+#[tracing::instrument(skip_all, fields(%sender_user, %room_id), name = "join_remote")]
+async fn join_room_by_id_helper_remote(
+	services: &Services,
+	sender_user: &UserId,
+	room_id: &RoomId,
+	reason: Option<String>,
+	servers: &[OwnedServerName],
+	_third_party_signed: Option<&ThirdPartySigned>,
+	state_lock: RoomMutexGuard,
+) -> Result {
+	info!("Joining {room_id} over federation.");
+
+	let (make_join_response, remote_server) =
+		make_join_request(services, sender_user, room_id, servers).await?;
+
+	info!("make_join finished");
+
+	let Some(room_version_id) = make_join_response.room_version else {
+		return Err!(BadServerResponse("Remote room version is not supported by conduwuit"));
+	};
+
+	if !services.server.supported_room_version(&room_version_id) {
+		return Err!(BadServerResponse(
+			"Remote room version {room_version_id} is not supported by conduwuit"
+		));
+	}
+
+	let mut join_event_stub: CanonicalJsonObject =
+		serde_json::from_str(make_join_response.event.get()).map_err(|e| {
+			err!(BadServerResponse(warn!(
+				"Invalid make_join event json received from server: {e:?}"
+			)))
+		})?;
+
+	let join_authorized_via_users_server = {
+		use RoomVersionId::*;
+		if !matches!(room_version_id, V1 | V2 | V3 | V4 | V5 | V6 | V7) {
+			join_event_stub
+				.get("content")
+				.map(|s| {
+					s.as_object()?
+						.get("join_authorised_via_users_server")?
+						.as_str()
+				})
+				.and_then(|s| OwnedUserId::try_from(s.unwrap_or_default()).ok())
+		} else {
+			None
+		}
+	};
+
+	join_event_stub.insert(
+		"origin".to_owned(),
+		CanonicalJsonValue::String(services.globals.server_name().as_str().to_owned()),
+	);
+	join_event_stub.insert(
+		"origin_server_ts".to_owned(),
+		CanonicalJsonValue::Integer(
+			utils::millis_since_unix_epoch()
+				.try_into()
+				.expect("Timestamp is valid js_int value"),
+		),
+	);
+	join_event_stub.insert(
+		"content".to_owned(),
+		to_canonical_value(RoomMemberEventContent {
+			displayname: services.users.displayname(sender_user).await.ok(),
+			avatar_url: services.users.avatar_url(sender_user).await.ok(),
+			blurhash: services.users.blurhash(sender_user).await.ok(),
+			reason,
+			join_authorized_via_users_server: join_authorized_via_users_server.clone(),
+			..RoomMemberEventContent::new(MembershipState::Join)
+		})
+		.expect("event is valid, we just created it"),
+	);
+
+	// We keep the "event_id" in the pdu only in v1 or
+	// v2 rooms
+	match room_version_id {
+		| RoomVersionId::V1 | RoomVersionId::V2 => {},
+		| _ => {
+			join_event_stub.remove("event_id");
+		},
+	}
+
+	// In order to create a compatible ref hash (EventID) the `hashes` field needs
+	// to be present
+	services
+		.server_keys
+		.hash_and_sign_event(&mut join_event_stub, &room_version_id)?;
+
+	// Generate event id
+	let event_id = gen_event_id(&join_event_stub, &room_version_id)?;
+
+	// Add event_id back
+	join_event_stub
+		.insert("event_id".to_owned(), CanonicalJsonValue::String(event_id.clone().into()));
+
+	// It has enough fields to be called a proper event now
+	let mut join_event = join_event_stub;
+
+	info!("Asking {remote_server} for send_join in room {room_id}");
+	let send_join_request = federation::membership::create_join_event::v2::Request {
+		room_id: room_id.to_owned(),
+		event_id: event_id.clone(),
+		omit_members: false,
+		pdu: services
+			.sending
+			.convert_to_outgoing_federation_event(join_event.clone())
+			.await,
+	};
+
+	let send_join_response = match services
+		.sending
+		.send_synapse_request(&remote_server, send_join_request)
+		.await
+	{
+		| Ok(response) => response,
+		| Err(e) => {
+			error!("send_join failed: {e}");
+			return Err(e);
+		},
+	};
+
+	info!("send_join finished");
+
+	if join_authorized_via_users_server.is_some() {
+		if let Some(signed_raw) = &send_join_response.room_state.event {
+			debug_info!(
+				"There is a signed event with join_authorized_via_users_server. This room is \
+				 probably using restricted joins. Adding signature to our event"
+			);
+
+			let (signed_event_id, signed_value) =
+				gen_event_id_canonical_json(signed_raw, &room_version_id).map_err(|e| {
+					err!(Request(BadJson(warn!(
+						"Could not convert event to canonical JSON: {e}"
+					))))
+				})?;
+
+			if signed_event_id != event_id {
+				return Err!(Request(BadJson(warn!(
+					%signed_event_id, %event_id,
+					"Server {remote_server} sent event with wrong event ID"
+				))));
+			}
+
+			match signed_value["signatures"]
+				.as_object()
+				.ok_or_else(|| {
+					err!(BadServerResponse(warn!(
+						"Server {remote_server} sent invalid signatures type"
+					)))
+				})
+				.and_then(|e| {
+					e.get(remote_server.as_str()).ok_or_else(|| {
+						err!(BadServerResponse(warn!(
+							"Server {remote_server} did not send its signature for a restricted \
+							 room"
+						)))
+					})
+				}) {
+				| Ok(signature) => {
+					join_event
+						.get_mut("signatures")
+						.expect("we created a valid pdu")
+						.as_object_mut()
+						.expect("we created a valid pdu")
+						.insert(remote_server.to_string(), signature.clone());
+				},
+				| Err(e) => {
+					warn!(
+						"Server {remote_server} sent invalid signature in send_join signatures \
+						 for event {signed_value:?}: {e:?}",
+					);
+				},
+			}
+		}
+	}
+
+	services
+		.rooms
+		.short
+		.get_or_create_shortroomid(room_id)
+		.await;
+
+	info!("Parsing join event");
+	let parsed_join_pdu = PduEvent::from_id_val(&event_id, join_event.clone())
+		.map_err(|e| err!(BadServerResponse("Invalid join event PDU: {e:?}")))?;
+
+	info!("Acquiring server signing keys for response events");
+	let resp_events = &send_join_response.room_state;
+	let resp_state = &resp_events.state;
+	let resp_auth = &resp_events.auth_chain;
+	services
+		.server_keys
+		.acquire_events_pubkeys(resp_auth.iter().chain(resp_state.iter()))
+		.await;
+
+	info!("Going through send_join response room_state");
+	let cork = services.db.cork_and_flush();
+	let state = send_join_response
+		.room_state
+		.state
+		.iter()
+		.stream()
+		.then(|pdu| {
+			services
+				.server_keys
+				.validate_and_add_event_id_no_fetch(pdu, &room_version_id)
+		})
+		.ready_filter_map(Result::ok)
+		.fold(HashMap::new(), |mut state, (event_id, value)| async move {
+			let pdu = match PduEvent::from_id_val(&event_id, value.clone()) {
+				| Ok(pdu) => pdu,
+				| Err(e) => {
+					debug_warn!("Invalid PDU in send_join response: {e:?}: {value:#?}");
+					return state;
+				},
+			};
+
+			services.rooms.outlier.add_pdu_outlier(&event_id, &value);
+			if let Some(state_key) = &pdu.state_key {
+				let shortstatekey = services
+					.rooms
+					.short
+					.get_or_create_shortstatekey(&pdu.kind.to_string().into(), state_key)
+					.await;
+
+				state.insert(shortstatekey, pdu.event_id.clone());
+			}
+
+			state
+		})
+		.await;
+
+	drop(cork);
+
+	info!("Going through send_join response auth_chain");
+	let cork = services.db.cork_and_flush();
+	send_join_response
+		.room_state
+		.auth_chain
+		.iter()
+		.stream()
+		.then(|pdu| {
+			services
+				.server_keys
+				.validate_and_add_event_id_no_fetch(pdu, &room_version_id)
+		})
+		.ready_filter_map(Result::ok)
+		.ready_for_each(|(event_id, value)| {
+			services.rooms.outlier.add_pdu_outlier(&event_id, &value);
+		})
+		.await;
+
+	drop(cork);
+
+	debug!("Running send_join auth check");
+	let fetch_state = &state;
+	let state_fetch = |k: StateEventType, s: StateKey| async move {
+		let shortstatekey = services.rooms.short.get_shortstatekey(&k, &s).await.ok()?;
+
+		let event_id = fetch_state.get(&shortstatekey)?;
+		services.rooms.timeline.get_pdu(event_id).await.ok()
+	};
+
+	let auth_check = state_res::event_auth::auth_check(
+		&state_res::RoomVersion::new(&room_version_id)?,
+		&parsed_join_pdu,
+		None, // TODO: third party invite
+		|k, s| state_fetch(k.clone(), s.into()),
+	)
+	.await
+	.map_err(|e| err!(Request(Forbidden(warn!("Auth check failed: {e:?}")))))?;
+
+	if !auth_check {
+		return Err!(Request(Forbidden("Auth check failed")));
+	}
+
+	info!("Compressing state from send_join");
+	let compressed: CompressedState = services
+		.rooms
+		.state_compressor
+		.compress_state_events(state.iter().map(|(ssk, eid)| (ssk, eid.borrow())))
+		.collect()
+		.await;
+
+	debug!("Saving compressed state");
+	let HashSetCompressStateEvent {
+		shortstatehash: statehash_before_join,
+		added,
+		removed,
+	} = services
+		.rooms
+		.state_compressor
+		.save_state(room_id, Arc::new(compressed))
+		.await?;
+
+	debug!("Forcing state for new room");
+	services
+		.rooms
+		.state
+		.force_state(room_id, statehash_before_join, added, removed, &state_lock)
+		.await?;
+
+	info!("Updating joined counts for new room");
+	services
+		.rooms
+		.state_cache
+		.update_joined_count(room_id)
+		.await;
+
+	// We append to state before appending the pdu, so we don't have a moment in
+	// time with the pdu without it's state. This is okay because append_pdu can't
+	// fail.
+	let statehash_after_join = services
+		.rooms
+		.state
+		.append_to_state(&parsed_join_pdu)
+		.await?;
+
+	info!("Appending new room join event");
+	services
+		.rooms
+		.timeline
+		.append_pdu(
+			&parsed_join_pdu,
+			join_event,
+			once(parsed_join_pdu.event_id.borrow()),
+			&state_lock,
+		)
+		.await?;
+
+	info!("Setting final room state for new room");
+	// We set the room state after inserting the pdu, so that we never have a moment
+	// in time where events in the current room state do not exist
+	services
+		.rooms
+		.state
+		.set_room_state(room_id, statehash_after_join, &state_lock);
+
+	Ok(())
+}
+
+#[tracing::instrument(skip_all, fields(%sender_user, %room_id), name = "join_local")]
+async fn join_room_by_id_helper_local(
+	services: &Services,
+	sender_user: &UserId,
+	room_id: &RoomId,
+	reason: Option<String>,
+	servers: &[OwnedServerName],
+	_third_party_signed: Option<&ThirdPartySigned>,
+	state_lock: RoomMutexGuard,
+) -> Result {
+	debug_info!("We can join locally");
+
+	let join_rules_event_content = services
+		.rooms
+		.state_accessor
+		.room_state_get_content::<RoomJoinRulesEventContent>(
+			room_id,
+			&StateEventType::RoomJoinRules,
+			"",
+		)
+		.await;
+
+	let restriction_rooms = match join_rules_event_content {
+		| Ok(RoomJoinRulesEventContent {
+			join_rule: JoinRule::Restricted(restricted) | JoinRule::KnockRestricted(restricted),
+		}) => restricted
+			.allow
+			.into_iter()
+			.filter_map(|a| match a {
+				| AllowRule::RoomMembership(r) => Some(r.room_id),
+				| _ => None,
+			})
+			.collect(),
+		| _ => Vec::new(),
+	};
+
+	let join_authorized_via_users_server: Option<OwnedUserId> = {
+		if restriction_rooms
+			.iter()
+			.stream()
+			.any(|restriction_room_id| {
+				services
+					.rooms
+					.state_cache
+					.is_joined(sender_user, restriction_room_id)
+			})
+			.await
+		{
+			services
+				.rooms
+				.state_cache
+				.local_users_in_room(room_id)
+				.filter(|user| {
+					services.rooms.state_accessor.user_can_invite(
+						room_id,
+						user,
+						sender_user,
+						&state_lock,
+					)
+				})
+				.boxed()
+				.next()
+				.await
+				.map(ToOwned::to_owned)
+		} else {
+			None
+		}
+	};
+
+	let content = RoomMemberEventContent {
+		displayname: services.users.displayname(sender_user).await.ok(),
+		avatar_url: services.users.avatar_url(sender_user).await.ok(),
+		blurhash: services.users.blurhash(sender_user).await.ok(),
+		reason: reason.clone(),
+		join_authorized_via_users_server,
+		..RoomMemberEventContent::new(MembershipState::Join)
+	};
+
+	// Try normal join first
+	let Err(error) = services
+		.rooms
+		.timeline
+		.build_and_append_pdu(
+			PduBuilder::state(sender_user.to_string(), &content),
+			sender_user,
+			room_id,
+			&state_lock,
+		)
+		.await
+	else {
+		return Ok(());
+	};
+
+	if restriction_rooms.is_empty()
+		&& (servers.is_empty()
+			|| servers.len() == 1 && services.globals.server_is_ours(&servers[0]))
+	{
+		return Err(error);
+	}
+
+	warn!(
+		"We couldn't do the join locally, maybe federation can help to satisfy the restricted \
+		 join requirements"
+	);
+	let Ok((make_join_response, remote_server)) =
+		make_join_request(services, sender_user, room_id, servers).await
+	else {
+		return Err(error);
+	};
+
+	let Some(room_version_id) = make_join_response.room_version else {
+		return Err!(BadServerResponse("Remote room version is not supported by conduwuit"));
+	};
+
+	if !services.server.supported_room_version(&room_version_id) {
+		return Err!(BadServerResponse(
+			"Remote room version {room_version_id} is not supported by conduwuit"
+		));
+	}
+
+	let mut join_event_stub: CanonicalJsonObject =
+		serde_json::from_str(make_join_response.event.get()).map_err(|e| {
+			err!(BadServerResponse("Invalid make_join event json received from server: {e:?}"))
+		})?;
+
+	let join_authorized_via_users_server = join_event_stub
+		.get("content")
+		.map(|s| {
+			s.as_object()?
+				.get("join_authorised_via_users_server")?
+				.as_str()
+		})
+		.and_then(|s| OwnedUserId::try_from(s.unwrap_or_default()).ok());
+
+	join_event_stub.insert(
+		"origin".to_owned(),
+		CanonicalJsonValue::String(services.globals.server_name().as_str().to_owned()),
+	);
+	join_event_stub.insert(
+		"origin_server_ts".to_owned(),
+		CanonicalJsonValue::Integer(
+			utils::millis_since_unix_epoch()
+				.try_into()
+				.expect("Timestamp is valid js_int value"),
+		),
+	);
+	join_event_stub.insert(
+		"content".to_owned(),
+		to_canonical_value(RoomMemberEventContent {
+			displayname: services.users.displayname(sender_user).await.ok(),
+			avatar_url: services.users.avatar_url(sender_user).await.ok(),
+			blurhash: services.users.blurhash(sender_user).await.ok(),
+			reason,
+			join_authorized_via_users_server,
+			..RoomMemberEventContent::new(MembershipState::Join)
+		})
+		.expect("event is valid, we just created it"),
+	);
+
+	// We keep the "event_id" in the pdu only in v1 or
+	// v2 rooms
+	match room_version_id {
+		| RoomVersionId::V1 | RoomVersionId::V2 => {},
+		| _ => {
+			join_event_stub.remove("event_id");
+		},
+	}
+
+	// In order to create a compatible ref hash (EventID) the `hashes` field needs
+	// to be present
+	services
+		.server_keys
+		.hash_and_sign_event(&mut join_event_stub, &room_version_id)?;
+
+	// Generate event id
+	let event_id = gen_event_id(&join_event_stub, &room_version_id)?;
+
+	// Add event_id back
+	join_event_stub
+		.insert("event_id".to_owned(), CanonicalJsonValue::String(event_id.clone().into()));
+
+	// It has enough fields to be called a proper event now
+	let join_event = join_event_stub;
+
+	let send_join_response = services
+		.sending
+		.send_synapse_request(
+			&remote_server,
+			federation::membership::create_join_event::v2::Request {
+				room_id: room_id.to_owned(),
+				event_id: event_id.clone(),
+				omit_members: false,
+				pdu: services
+					.sending
+					.convert_to_outgoing_federation_event(join_event.clone())
+					.await,
+			},
+		)
+		.await?;
+
+	if let Some(signed_raw) = send_join_response.room_state.event {
+		let (signed_event_id, signed_value) =
+			gen_event_id_canonical_json(&signed_raw, &room_version_id).map_err(|e| {
+				err!(Request(BadJson(warn!("Could not convert event to canonical JSON: {e}"))))
+			})?;
+
+		if signed_event_id != event_id {
+			return Err!(Request(BadJson(
+				warn!(%signed_event_id, %event_id, "Server {remote_server} sent event with wrong event ID")
+			)));
+		}
+
+		drop(state_lock);
+		services
+			.rooms
+			.event_handler
+			.handle_incoming_pdu(&remote_server, room_id, &signed_event_id, signed_value, true)
+			.boxed()
+			.await?;
+	} else {
+		return Err(error);
+	}
+
+	Ok(())
+}
+
+async fn make_join_request(
+	services: &Services,
+	sender_user: &UserId,
+	room_id: &RoomId,
+	servers: &[OwnedServerName],
+) -> Result<(federation::membership::prepare_join_event::v1::Response, OwnedServerName)> {
+	let mut make_join_response_and_server =
+		Err!(BadServerResponse("No server available to assist in joining."));
+
+	let mut make_join_counter: usize = 0;
+	let mut incompatible_room_version_count: usize = 0;
+
+	for remote_server in servers {
+		if services.globals.server_is_ours(remote_server) {
+			continue;
+		}
+		info!("Asking {remote_server} for make_join ({make_join_counter})");
+		let make_join_response = services
+			.sending
+			.send_federation_request(
+				remote_server,
+				federation::membership::prepare_join_event::v1::Request {
+					room_id: room_id.to_owned(),
+					user_id: sender_user.to_owned(),
+					ver: services.server.supported_room_versions().collect(),
+				},
+			)
+			.await;
+
+		trace!("make_join response: {:?}", make_join_response);
+		make_join_counter = make_join_counter.saturating_add(1);
+
+		if let Err(ref e) = make_join_response {
+			if matches!(
+				e.kind(),
+				ErrorKind::IncompatibleRoomVersion { .. } | ErrorKind::UnsupportedRoomVersion
+			) {
+				incompatible_room_version_count =
+					incompatible_room_version_count.saturating_add(1);
+			}
+
+			if incompatible_room_version_count > 15 {
+				info!(
+					"15 servers have responded with M_INCOMPATIBLE_ROOM_VERSION or \
+					 M_UNSUPPORTED_ROOM_VERSION, assuming that conduwuit does not support the \
+					 room version {room_id}: {e}"
+				);
+				make_join_response_and_server =
+					Err!(BadServerResponse("Room version is not supported by Conduwuit"));
+				return make_join_response_and_server;
+			}
+
+			if make_join_counter > 40 {
+				warn!(
+					"40 servers failed to provide valid make_join response, assuming no server \
+					 can assist in joining."
+				);
+				make_join_response_and_server =
+					Err!(BadServerResponse("No server available to assist in joining."));
+
+				return make_join_response_and_server;
+			}
+		}
+
+		make_join_response_and_server = make_join_response.map(|r| (r, remote_server.clone()));
+
+		if make_join_response_and_server.is_ok() {
+			break;
+		}
+	}
+
+	make_join_response_and_server
+}
@@ -0,0 +1,61 @@
+use axum::extract::State;
+use conduwuit::{Err, Result, matrix::pdu::PduBuilder};
+use ruma::{
+	api::client::membership::kick_user,
+	events::room::member::{MembershipState, RoomMemberEventContent},
+};
+
+use crate::Ruma;
+
+/// # `POST /_matrix/client/r0/rooms/{roomId}/kick`
+///
+/// Tries to send a kick event into the room.
+pub(crate) async fn kick_user_route(
+	State(services): State<crate::State>,
+	body: Ruma<kick_user::v3::Request>,
+) -> Result<kick_user::v3::Response> {
+	let state_lock = services.rooms.state.mutex.lock(&body.room_id).await;
+
+	let Ok(event) = services
+		.rooms
+		.state_accessor
+		.get_member(&body.room_id, &body.user_id)
+		.await
+	else {
+		// copy synapse's behaviour of returning 200 without any change to the state
+		// instead of erroring on left users
+		return Ok(kick_user::v3::Response::new());
+	};
+
+	if !matches!(
+		event.membership,
+		MembershipState::Invite | MembershipState::Knock | MembershipState::Join,
+	) {
+		return Err!(Request(Forbidden(
+			"Cannot kick a user who is not apart of the room (current membership: {})",
+			event.membership
+		)));
+	}
+
+	services
+		.rooms
+		.timeline
+		.build_and_append_pdu(
+			PduBuilder::state(body.user_id.to_string(), &RoomMemberEventContent {
+				membership: MembershipState::Leave,
+				reason: body.reason.clone(),
+				is_direct: None,
+				join_authorized_via_users_server: None,
+				third_party_invite: None,
+				..event
+			}),
+			body.sender_user(),
+			&body.room_id,
+			&state_lock,
+		)
+		.await?;
+
+	drop(state_lock);
+
+	Ok(kick_user::v3::Response::new())
+}
@@ -0,0 +1,767 @@
+use std::{borrow::Borrow, collections::HashMap, iter::once, sync::Arc};
+
+use axum::extract::State;
+use axum_client_ip::InsecureClientIp;
+use conduwuit::{
+	Err, Result, debug, debug_info, debug_warn, err, info,
+	matrix::{
+		event::{Event, gen_event_id},
+		pdu::{PduBuilder, PduEvent},
+	},
+	result::FlatOk,
+	trace,
+	utils::{self, shuffle, stream::IterStream},
+	warn,
+};
+use futures::{FutureExt, StreamExt};
+use ruma::{
+	CanonicalJsonObject, CanonicalJsonValue, OwnedEventId, OwnedRoomId, OwnedServerName, RoomId,
+	RoomVersionId, UserId,
+	api::{
+		client::knock::knock_room,
+		federation::{self},
+	},
+	canonical_json::to_canonical_value,
+	events::{
+		StateEventType,
+		room::{
+			join_rules::{AllowRule, JoinRule},
+			member::{MembershipState, RoomMemberEventContent},
+		},
+	},
+};
+use service::{
+	Services,
+	rooms::{
+		state::RoomMutexGuard,
+		state_compressor::{CompressedState, HashSetCompressStateEvent},
+	},
+};
+
+use super::{banned_room_check, join::join_room_by_id_helper};
+use crate::Ruma;
+
+/// # `POST /_matrix/client/*/knock/{roomIdOrAlias}`
+///
+/// Tries to knock the room to ask permission to join for the sender user.
+#[tracing::instrument(skip_all, fields(%client), name = "knock")]
+pub(crate) async fn knock_room_route(
+	State(services): State<crate::State>,
+	InsecureClientIp(client): InsecureClientIp,
+	body: Ruma<knock_room::v3::Request>,
+) -> Result<knock_room::v3::Response> {
+	let sender_user = body.sender_user();
+	let body = &body.body;
+
+	let (servers, room_id) = match OwnedRoomId::try_from(body.room_id_or_alias.clone()) {
+		| Ok(room_id) => {
+			banned_room_check(
+				&services,
+				sender_user,
+				Some(&room_id),
+				room_id.server_name(),
+				client,
+			)
+			.await?;
+
+			let mut servers = body.via.clone();
+			servers.extend(
+				services
+					.rooms
+					.state_cache
+					.servers_invite_via(&room_id)
+					.map(ToOwned::to_owned)
+					.collect::<Vec<_>>()
+					.await,
+			);
+
+			servers.extend(
+				services
+					.rooms
+					.state_cache
+					.invite_state(sender_user, &room_id)
+					.await
+					.unwrap_or_default()
+					.iter()
+					.filter_map(|event| event.get_field("sender").ok().flatten())
+					.filter_map(|sender: &str| UserId::parse(sender).ok())
+					.map(|user| user.server_name().to_owned()),
+			);
+
+			if let Some(server) = room_id.server_name() {
+				servers.push(server.to_owned());
+			}
+
+			servers.sort_unstable();
+			servers.dedup();
+			shuffle(&mut servers);
+
+			(servers, room_id)
+		},
+		| Err(room_alias) => {
+			let (room_id, mut servers) = services
+				.rooms
+				.alias
+				.resolve_alias(&room_alias, Some(body.via.clone()))
+				.await?;
+
+			banned_room_check(
+				&services,
+				sender_user,
+				Some(&room_id),
+				Some(room_alias.server_name()),
+				client,
+			)
+			.await?;
+
+			let addl_via_servers = services
+				.rooms
+				.state_cache
+				.servers_invite_via(&room_id)
+				.map(ToOwned::to_owned);
+
+			let addl_state_servers = services
+				.rooms
+				.state_cache
+				.invite_state(sender_user, &room_id)
+				.await
+				.unwrap_or_default();
+
+			let mut addl_servers: Vec<_> = addl_state_servers
+				.iter()
+				.map(|event| event.get_field("sender"))
+				.filter_map(FlatOk::flat_ok)
+				.map(|user: &UserId| user.server_name().to_owned())
+				.stream()
+				.chain(addl_via_servers)
+				.collect()
+				.await;
+
+			addl_servers.sort_unstable();
+			addl_servers.dedup();
+			shuffle(&mut addl_servers);
+			servers.append(&mut addl_servers);
+
+			(servers, room_id)
+		},
+	};
+
+	knock_room_by_id_helper(&services, sender_user, &room_id, body.reason.clone(), &servers)
+		.boxed()
+		.await
+}
+
+async fn knock_room_by_id_helper(
+	services: &Services,
+	sender_user: &UserId,
+	room_id: &RoomId,
+	reason: Option<String>,
+	servers: &[OwnedServerName],
+) -> Result<knock_room::v3::Response> {
+	let state_lock = services.rooms.state.mutex.lock(room_id).await;
+
+	if services
+		.rooms
+		.state_cache
+		.is_invited(sender_user, room_id)
+		.await
+	{
+		debug_warn!("{sender_user} is already invited in {room_id} but attempted to knock");
+		return Err!(Request(Forbidden(
+			"You cannot knock on a room you are already invited/accepted to."
+		)));
+	}
+
+	if services
+		.rooms
+		.state_cache
+		.is_joined(sender_user, room_id)
+		.await
+	{
+		debug_warn!("{sender_user} is already joined in {room_id} but attempted to knock");
+		return Err!(Request(Forbidden("You cannot knock on a room you are already joined in.")));
+	}
+
+	if services
+		.rooms
+		.state_cache
+		.is_knocked(sender_user, room_id)
+		.await
+	{
+		debug_warn!("{sender_user} is already knocked in {room_id}");
+		return Ok(knock_room::v3::Response { room_id: room_id.into() });
+	}
+
+	if let Ok(membership) = services
+		.rooms
+		.state_accessor
+		.get_member(room_id, sender_user)
+		.await
+	{
+		if membership.membership == MembershipState::Ban {
+			debug_warn!("{sender_user} is banned from {room_id} but attempted to knock");
+			return Err!(Request(Forbidden("You cannot knock on a room you are banned from.")));
+		}
+	}
+
+	// For knock_restricted rooms, check if the user meets the restricted conditions
+	// If they do, attempt to join instead of knock
+	// This is not mentioned in the spec, but should be allowable (we're allowed to
+	// auto-join invites to knocked rooms)
+	let join_rule = services.rooms.state_accessor.get_join_rules(room_id).await;
+
+	if let JoinRule::KnockRestricted(restricted) = &join_rule {
+		let restriction_rooms: Vec<_> = restricted
+			.allow
+			.iter()
+			.filter_map(|a| match a {
+				| AllowRule::RoomMembership(r) => Some(&r.room_id),
+				| _ => None,
+			})
+			.collect();
+
+		// Check if the user is in any of the allowed rooms
+		let mut user_meets_restrictions = false;
+		for restriction_room_id in &restriction_rooms {
+			if services
+				.rooms
+				.state_cache
+				.is_joined(sender_user, restriction_room_id)
+				.await
+			{
+				user_meets_restrictions = true;
+				break;
+			}
+		}
+
+		// If the user meets the restrictions, try joining instead
+		if user_meets_restrictions {
+			debug_info!(
+				"{sender_user} meets the restricted criteria in knock_restricted room \
+				 {room_id}, attempting to join instead of knock"
+			);
+			// For this case, we need to drop the state lock and get a new one in
+			// join_room_by_id_helper We need to release the lock here and let
+			// join_room_by_id_helper acquire it again
+			drop(state_lock);
+			match join_room_by_id_helper(
+				services,
+				sender_user,
+				room_id,
+				reason.clone(),
+				servers,
+				None,
+				&None,
+			)
+			.await
+			{
+				| Ok(_) => return Ok(knock_room::v3::Response::new(room_id.to_owned())),
+				| Err(e) => {
+					debug_warn!(
+						"Failed to convert knock to join for {sender_user} in {room_id}: {e:?}"
+					);
+					// Get a new state lock for the remaining knock logic
+					let new_state_lock = services.rooms.state.mutex.lock(room_id).await;
+
+					let server_in_room = services
+						.rooms
+						.state_cache
+						.server_in_room(services.globals.server_name(), room_id)
+						.await;
+
+					let local_knock = server_in_room
+						|| servers.is_empty()
+						|| (servers.len() == 1 && services.globals.server_is_ours(&servers[0]));
+
+					if local_knock {
+						knock_room_helper_local(
+							services,
+							sender_user,
+							room_id,
+							reason,
+							servers,
+							new_state_lock,
+						)
+						.boxed()
+						.await?;
+					} else {
+						knock_room_helper_remote(
+							services,
+							sender_user,
+							room_id,
+							reason,
+							servers,
+							new_state_lock,
+						)
+						.boxed()
+						.await?;
+					}
+
+					return Ok(knock_room::v3::Response::new(room_id.to_owned()));
+				},
+			}
+		}
+	} else if !matches!(join_rule, JoinRule::Knock | JoinRule::KnockRestricted(_)) {
+		debug_warn!(
+			"{sender_user} attempted to knock on room {room_id} but its join rule is \
+			 {join_rule:?}, not knock or knock_restricted"
+		);
+	}
+
+	let server_in_room = services
+		.rooms
+		.state_cache
+		.server_in_room(services.globals.server_name(), room_id)
+		.await;
+
+	let local_knock = server_in_room
+		|| servers.is_empty()
+		|| (servers.len() == 1 && services.globals.server_is_ours(&servers[0]));
+
+	if local_knock {
+		knock_room_helper_local(services, sender_user, room_id, reason, servers, state_lock)
+			.boxed()
+			.await?;
+	} else {
+		knock_room_helper_remote(services, sender_user, room_id, reason, servers, state_lock)
+			.boxed()
+			.await?;
+	}
+
+	Ok(knock_room::v3::Response::new(room_id.to_owned()))
+}
+
+async fn knock_room_helper_local(
+	services: &Services,
+	sender_user: &UserId,
+	room_id: &RoomId,
+	reason: Option<String>,
+	servers: &[OwnedServerName],
+	state_lock: RoomMutexGuard,
+) -> Result {
+	debug_info!("We can knock locally");
+
+	let room_version_id = services.rooms.state.get_room_version(room_id).await?;
+
+	if matches!(
+		room_version_id,
+		RoomVersionId::V1
+			| RoomVersionId::V2
+			| RoomVersionId::V3
+			| RoomVersionId::V4
+			| RoomVersionId::V5
+			| RoomVersionId::V6
+	) {
+		return Err!(Request(Forbidden("This room does not support knocking.")));
+	}
+
+	let content = RoomMemberEventContent {
+		displayname: services.users.displayname(sender_user).await.ok(),
+		avatar_url: services.users.avatar_url(sender_user).await.ok(),
+		blurhash: services.users.blurhash(sender_user).await.ok(),
+		reason: reason.clone(),
+		..RoomMemberEventContent::new(MembershipState::Knock)
+	};
+
+	// Try normal knock first
+	let Err(error) = services
+		.rooms
+		.timeline
+		.build_and_append_pdu(
+			PduBuilder::state(sender_user.to_string(), &content),
+			sender_user,
+			room_id,
+			&state_lock,
+		)
+		.await
+	else {
+		return Ok(());
+	};
+
+	if servers.is_empty() || (servers.len() == 1 && services.globals.server_is_ours(&servers[0]))
+	{
+		return Err(error);
+	}
+
+	warn!("We couldn't do the knock locally, maybe federation can help to satisfy the knock");
+
+	let (make_knock_response, remote_server) =
+		make_knock_request(services, sender_user, room_id, servers).await?;
+
+	info!("make_knock finished");
+
+	let room_version_id = make_knock_response.room_version;
+
+	if !services.server.supported_room_version(&room_version_id) {
+		return Err!(BadServerResponse(
+			"Remote room version {room_version_id} is not supported by conduwuit"
+		));
+	}
+
+	let mut knock_event_stub = serde_json::from_str::<CanonicalJsonObject>(
+		make_knock_response.event.get(),
+	)
+	.map_err(|e| {
+		err!(BadServerResponse("Invalid make_knock event json received from server: {e:?}"))
+	})?;
+
+	knock_event_stub.insert(
+		"origin".to_owned(),
+		CanonicalJsonValue::String(services.globals.server_name().as_str().to_owned()),
+	);
+	knock_event_stub.insert(
+		"origin_server_ts".to_owned(),
+		CanonicalJsonValue::Integer(
+			utils::millis_since_unix_epoch()
+				.try_into()
+				.expect("Timestamp is valid js_int value"),
+		),
+	);
+	knock_event_stub.insert(
+		"content".to_owned(),
+		to_canonical_value(RoomMemberEventContent {
+			displayname: services.users.displayname(sender_user).await.ok(),
+			avatar_url: services.users.avatar_url(sender_user).await.ok(),
+			blurhash: services.users.blurhash(sender_user).await.ok(),
+			reason,
+			..RoomMemberEventContent::new(MembershipState::Knock)
+		})
+		.expect("event is valid, we just created it"),
+	);
+
+	// In order to create a compatible ref hash (EventID) the `hashes` field needs
+	// to be present
+	services
+		.server_keys
+		.hash_and_sign_event(&mut knock_event_stub, &room_version_id)?;
+
+	// Generate event id
+	let event_id = gen_event_id(&knock_event_stub, &room_version_id)?;
+
+	// Add event_id
+	knock_event_stub
+		.insert("event_id".to_owned(), CanonicalJsonValue::String(event_id.clone().into()));
+
+	// It has enough fields to be called a proper event now
+	let knock_event = knock_event_stub;
+
+	info!("Asking {remote_server} for send_knock in room {room_id}");
+	let send_knock_request = federation::knock::send_knock::v1::Request {
+		room_id: room_id.to_owned(),
+		event_id: event_id.clone(),
+		pdu: services
+			.sending
+			.convert_to_outgoing_federation_event(knock_event.clone())
+			.await,
+	};
+
+	let send_knock_response = services
+		.sending
+		.send_federation_request(&remote_server, send_knock_request)
+		.await?;
+
+	info!("send_knock finished");
+
+	services
+		.rooms
+		.short
+		.get_or_create_shortroomid(room_id)
+		.await;
+
+	info!("Parsing knock event");
+
+	let parsed_knock_pdu = PduEvent::from_id_val(&event_id, knock_event.clone())
+		.map_err(|e| err!(BadServerResponse("Invalid knock event PDU: {e:?}")))?;
+
+	info!("Updating membership locally to knock state with provided stripped state events");
+	services
+		.rooms
+		.state_cache
+		.update_membership(
+			room_id,
+			sender_user,
+			parsed_knock_pdu
+				.get_content::<RoomMemberEventContent>()
+				.expect("we just created this"),
+			sender_user,
+			Some(send_knock_response.knock_room_state),
+			None,
+			false,
+		)
+		.await?;
+
+	info!("Appending room knock event locally");
+	services
+		.rooms
+		.timeline
+		.append_pdu(
+			&parsed_knock_pdu,
+			knock_event,
+			once(parsed_knock_pdu.event_id.borrow()),
+			&state_lock,
+		)
+		.await?;
+
+	Ok(())
+}
+
+async fn knock_room_helper_remote(
+	services: &Services,
+	sender_user: &UserId,
+	room_id: &RoomId,
+	reason: Option<String>,
+	servers: &[OwnedServerName],
+	state_lock: RoomMutexGuard,
+) -> Result {
+	info!("Knocking {room_id} over federation.");
+
+	let (make_knock_response, remote_server) =
+		make_knock_request(services, sender_user, room_id, servers).await?;
+
+	info!("make_knock finished");
+
+	let room_version_id = make_knock_response.room_version;
+
+	if !services.server.supported_room_version(&room_version_id) {
+		return Err!(BadServerResponse(
+			"Remote room version {room_version_id} is not supported by conduwuit"
+		));
+	}
+
+	let mut knock_event_stub: CanonicalJsonObject =
+		serde_json::from_str(make_knock_response.event.get()).map_err(|e| {
+			err!(BadServerResponse("Invalid make_knock event json received from server: {e:?}"))
+		})?;
+
+	knock_event_stub.insert(
+		"origin".to_owned(),
+		CanonicalJsonValue::String(services.globals.server_name().as_str().to_owned()),
+	);
+	knock_event_stub.insert(
+		"origin_server_ts".to_owned(),
+		CanonicalJsonValue::Integer(
+			utils::millis_since_unix_epoch()
+				.try_into()
+				.expect("Timestamp is valid js_int value"),
+		),
+	);
+	knock_event_stub.insert(
+		"content".to_owned(),
+		to_canonical_value(RoomMemberEventContent {
+			displayname: services.users.displayname(sender_user).await.ok(),
+			avatar_url: services.users.avatar_url(sender_user).await.ok(),
+			blurhash: services.users.blurhash(sender_user).await.ok(),
+			reason,
+			..RoomMemberEventContent::new(MembershipState::Knock)
+		})
+		.expect("event is valid, we just created it"),
+	);
+
+	// In order to create a compatible ref hash (EventID) the `hashes` field needs
+	// to be present
+	services
+		.server_keys
+		.hash_and_sign_event(&mut knock_event_stub, &room_version_id)?;
+
+	// Generate event id
+	let event_id = gen_event_id(&knock_event_stub, &room_version_id)?;
+
+	// Add event_id
+	knock_event_stub
+		.insert("event_id".to_owned(), CanonicalJsonValue::String(event_id.clone().into()));
+
+	// It has enough fields to be called a proper event now
+	let knock_event = knock_event_stub;
+
+	info!("Asking {remote_server} for send_knock in room {room_id}");
+	let send_knock_request = federation::knock::send_knock::v1::Request {
+		room_id: room_id.to_owned(),
+		event_id: event_id.clone(),
+		pdu: services
+			.sending
+			.convert_to_outgoing_federation_event(knock_event.clone())
+			.await,
+	};
+
+	let send_knock_response = services
+		.sending
+		.send_federation_request(&remote_server, send_knock_request)
+		.await?;
+
+	info!("send_knock finished");
+
+	services
+		.rooms
+		.short
+		.get_or_create_shortroomid(room_id)
+		.await;
+
+	info!("Parsing knock event");
+	let parsed_knock_pdu = PduEvent::from_id_val(&event_id, knock_event.clone())
+		.map_err(|e| err!(BadServerResponse("Invalid knock event PDU: {e:?}")))?;
+
+	info!("Going through send_knock response knock state events");
+	let state = send_knock_response
+		.knock_room_state
+		.iter()
+		.map(|event| serde_json::from_str::<CanonicalJsonObject>(event.clone().into_json().get()))
+		.filter_map(Result::ok);
+
+	let mut state_map: HashMap<u64, OwnedEventId> = HashMap::new();
+
+	for event in state {
+		let Some(state_key) = event.get("state_key") else {
+			debug_warn!("send_knock stripped state event missing state_key: {event:?}");
+			continue;
+		};
+		let Some(event_type) = event.get("type") else {
+			debug_warn!("send_knock stripped state event missing event type: {event:?}");
+			continue;
+		};
+
+		let Ok(state_key) = serde_json::from_value::<String>(state_key.clone().into()) else {
+			debug_warn!("send_knock stripped state event has invalid state_key: {event:?}");
+			continue;
+		};
+		let Ok(event_type) = serde_json::from_value::<StateEventType>(event_type.clone().into())
+		else {
+			debug_warn!("send_knock stripped state event has invalid event type: {event:?}");
+			continue;
+		};
+
+		let event_id = gen_event_id(&event, &room_version_id)?;
+		let shortstatekey = services
+			.rooms
+			.short
+			.get_or_create_shortstatekey(&event_type, &state_key)
+			.await;
+
+		services.rooms.outlier.add_pdu_outlier(&event_id, &event);
+		state_map.insert(shortstatekey, event_id.clone());
+	}
+
+	info!("Compressing state from send_knock");
+	let compressed: CompressedState = services
+		.rooms
+		.state_compressor
+		.compress_state_events(state_map.iter().map(|(ssk, eid)| (ssk, eid.borrow())))
+		.collect()
+		.await;
+
+	debug!("Saving compressed state");
+	let HashSetCompressStateEvent {
+		shortstatehash: statehash_before_knock,
+		added,
+		removed,
+	} = services
+		.rooms
+		.state_compressor
+		.save_state(room_id, Arc::new(compressed))
+		.await?;
+
+	debug!("Forcing state for new room");
+	services
+		.rooms
+		.state
+		.force_state(room_id, statehash_before_knock, added, removed, &state_lock)
+		.await?;
+
+	let statehash_after_knock = services
+		.rooms
+		.state
+		.append_to_state(&parsed_knock_pdu)
+		.await?;
+
+	info!("Updating membership locally to knock state with provided stripped state events");
+	services
+		.rooms
+		.state_cache
+		.update_membership(
+			room_id,
+			sender_user,
+			parsed_knock_pdu
+				.get_content::<RoomMemberEventContent>()
+				.expect("we just created this"),
+			sender_user,
+			Some(send_knock_response.knock_room_state),
+			None,
+			false,
+		)
+		.await?;
+
+	info!("Appending room knock event locally");
+	services
+		.rooms
+		.timeline
+		.append_pdu(
+			&parsed_knock_pdu,
+			knock_event,
+			once(parsed_knock_pdu.event_id.borrow()),
+			&state_lock,
+		)
+		.await?;
+
+	info!("Setting final room state for new room");
+	// We set the room state after inserting the pdu, so that we never have a moment
+	// in time where events in the current room state do not exist
+	services
+		.rooms
+		.state
+		.set_room_state(room_id, statehash_after_knock, &state_lock);
+
+	Ok(())
+}
+
+async fn make_knock_request(
+	services: &Services,
+	sender_user: &UserId,
+	room_id: &RoomId,
+	servers: &[OwnedServerName],
+) -> Result<(federation::knock::create_knock_event_template::v1::Response, OwnedServerName)> {
+	let mut make_knock_response_and_server =
+		Err!(BadServerResponse("No server available to assist in knocking."));
+
+	let mut make_knock_counter: usize = 0;
+
+	for remote_server in servers {
+		if services.globals.server_is_ours(remote_server) {
+			continue;
+		}
+
+		info!("Asking {remote_server} for make_knock ({make_knock_counter})");
+
+		let make_knock_response = services
+			.sending
+			.send_federation_request(
+				remote_server,
+				federation::knock::create_knock_event_template::v1::Request {
+					room_id: room_id.to_owned(),
+					user_id: sender_user.to_owned(),
+					ver: services.server.supported_room_versions().collect(),
+				},
+			)
+			.await;
+
+		trace!("make_knock response: {make_knock_response:?}");
+		make_knock_counter = make_knock_counter.saturating_add(1);
+
+		make_knock_response_and_server = make_knock_response.map(|r| (r, remote_server.clone()));
+
+		if make_knock_response_and_server.is_ok() {
+			break;
+		}
+
+		if make_knock_counter > 40 {
+			warn!(
+				"50 servers failed to provide valid make_knock response, assuming no server can \
+				 assist in knocking."
+			);
+			make_knock_response_and_server =
+				Err!(BadServerResponse("No server available to assist in knocking."));
+
+			return make_knock_response_and_server;
+		}
+	}
+
+	make_knock_response_and_server
+}
@@ -0,0 +1,385 @@
+use std::collections::HashSet;
+
+use axum::extract::State;
+use conduwuit::{
+	Err, Result, debug_info, debug_warn, err,
+	matrix::{event::gen_event_id, pdu::PduBuilder},
+	utils::{self, FutureBoolExt, future::ReadyEqExt},
+	warn,
+};
+use futures::{FutureExt, StreamExt, TryFutureExt, pin_mut};
+use ruma::{
+	CanonicalJsonObject, CanonicalJsonValue, OwnedServerName, RoomId, RoomVersionId, UserId,
+	api::{
+		client::membership::leave_room,
+		federation::{self},
+	},
+	events::{
+		StateEventType,
+		room::member::{MembershipState, RoomMemberEventContent},
+	},
+};
+use service::Services;
+
+use crate::Ruma;
+
+/// # `POST /_matrix/client/v3/rooms/{roomId}/leave`
+///
+/// Tries to leave the sender user from a room.
+///
+/// - This should always work if the user is currently joined.
+pub(crate) async fn leave_room_route(
+	State(services): State<crate::State>,
+	body: Ruma<leave_room::v3::Request>,
+) -> Result<leave_room::v3::Response> {
+	leave_room(&services, body.sender_user(), &body.room_id, body.reason.clone())
+		.boxed()
+		.await
+		.map(|()| leave_room::v3::Response::new())
+}
+
+// Make a user leave all their joined rooms, rescinds knocks, forgets all rooms,
+// and ignores errors
+pub async fn leave_all_rooms(services: &Services, user_id: &UserId) {
+	let rooms_joined = services
+		.rooms
+		.state_cache
+		.rooms_joined(user_id)
+		.map(ToOwned::to_owned);
+
+	let rooms_invited = services
+		.rooms
+		.state_cache
+		.rooms_invited(user_id)
+		.map(|(r, _)| r);
+
+	let rooms_knocked = services
+		.rooms
+		.state_cache
+		.rooms_knocked(user_id)
+		.map(|(r, _)| r);
+
+	let all_rooms: Vec<_> = rooms_joined
+		.chain(rooms_invited)
+		.chain(rooms_knocked)
+		.collect()
+		.await;
+
+	for room_id in all_rooms {
+		// ignore errors
+		if let Err(e) = leave_room(services, user_id, &room_id, None).boxed().await {
+			warn!(%user_id, "Failed to leave {room_id} remotely: {e}");
+		}
+
+		services.rooms.state_cache.forget(&room_id, user_id);
+	}
+}
+
+pub async fn leave_room(
+	services: &Services,
+	user_id: &UserId,
+	room_id: &RoomId,
+	reason: Option<String>,
+) -> Result {
+	let default_member_content = RoomMemberEventContent {
+		membership: MembershipState::Leave,
+		reason: reason.clone(),
+		join_authorized_via_users_server: None,
+		is_direct: None,
+		avatar_url: None,
+		displayname: None,
+		third_party_invite: None,
+		blurhash: None,
+	};
+
+	let is_banned = services.rooms.metadata.is_banned(room_id);
+	let is_disabled = services.rooms.metadata.is_disabled(room_id);
+
+	pin_mut!(is_banned, is_disabled);
+	if is_banned.or(is_disabled).await {
+		// the room is banned/disabled, the room must be rejected locally since we
+		// cant/dont want to federate with this server
+		services
+			.rooms
+			.state_cache
+			.update_membership(
+				room_id,
+				user_id,
+				default_member_content,
+				user_id,
+				None,
+				None,
+				true,
+			)
+			.await?;
+
+		return Ok(());
+	}
+
+	let dont_have_room = services
+		.rooms
+		.state_cache
+		.server_in_room(services.globals.server_name(), room_id)
+		.eq(&false);
+
+	let not_knocked = services
+		.rooms
+		.state_cache
+		.is_knocked(user_id, room_id)
+		.eq(&false);
+
+	// Ask a remote server if we don't have this room and are not knocking on it
+	if dont_have_room.and(not_knocked).await {
+		if let Err(e) = remote_leave_room(services, user_id, room_id, reason.clone())
+			.boxed()
+			.await
+		{
+			warn!(%user_id, "Failed to leave room {room_id} remotely: {e}");
+			// Don't tell the client about this error
+		}
+
+		let last_state = services
+			.rooms
+			.state_cache
+			.invite_state(user_id, room_id)
+			.or_else(|_| services.rooms.state_cache.knock_state(user_id, room_id))
+			.or_else(|_| services.rooms.state_cache.left_state(user_id, room_id))
+			.await
+			.ok();
+
+		// We always drop the invite, we can't rely on other servers
+		services
+			.rooms
+			.state_cache
+			.update_membership(
+				room_id,
+				user_id,
+				default_member_content,
+				user_id,
+				last_state,
+				None,
+				true,
+			)
+			.await?;
+	} else {
+		let state_lock = services.rooms.state.mutex.lock(room_id).await;
+
+		let Ok(event) = services
+			.rooms
+			.state_accessor
+			.room_state_get_content::<RoomMemberEventContent>(
+				room_id,
+				&StateEventType::RoomMember,
+				user_id.as_str(),
+			)
+			.await
+		else {
+			debug_warn!(
+				"Trying to leave a room you are not a member of, marking room as left locally."
+			);
+
+			return services
+				.rooms
+				.state_cache
+				.update_membership(
+					room_id,
+					user_id,
+					default_member_content,
+					user_id,
+					None,
+					None,
+					true,
+				)
+				.await;
+		};
+
+		services
+			.rooms
+			.timeline
+			.build_and_append_pdu(
+				PduBuilder::state(user_id.to_string(), &RoomMemberEventContent {
+					membership: MembershipState::Leave,
+					reason,
+					join_authorized_via_users_server: None,
+					is_direct: None,
+					..event
+				}),
+				user_id,
+				room_id,
+				&state_lock,
+			)
+			.await?;
+	}
+
+	Ok(())
+}
+
+async fn remote_leave_room(
+	services: &Services,
+	user_id: &UserId,
+	room_id: &RoomId,
+	reason: Option<String>,
+) -> Result<()> {
+	let mut make_leave_response_and_server =
+		Err!(BadServerResponse("No remote server available to assist in leaving {room_id}."));
+
+	let mut servers: HashSet<OwnedServerName> = services
+		.rooms
+		.state_cache
+		.servers_invite_via(room_id)
+		.map(ToOwned::to_owned)
+		.collect()
+		.await;
+
+	match services
+		.rooms
+		.state_cache
+		.invite_state(user_id, room_id)
+		.await
+	{
+		| Ok(invite_state) => {
+			servers.extend(
+				invite_state
+					.iter()
+					.filter_map(|event| event.get_field("sender").ok().flatten())
+					.filter_map(|sender: &str| UserId::parse(sender).ok())
+					.map(|user| user.server_name().to_owned()),
+			);
+		},
+		| _ => {
+			match services
+				.rooms
+				.state_cache
+				.knock_state(user_id, room_id)
+				.await
+			{
+				| Ok(knock_state) => {
+					servers.extend(
+						knock_state
+							.iter()
+							.filter_map(|event| event.get_field("sender").ok().flatten())
+							.filter_map(|sender: &str| UserId::parse(sender).ok())
+							.filter_map(|sender| {
+								if !services.globals.user_is_local(sender) {
+									Some(sender.server_name().to_owned())
+								} else {
+									None
+								}
+							}),
+					);
+				},
+				| _ => {},
+			}
+		},
+	}
+
+	if let Some(room_id_server_name) = room_id.server_name() {
+		servers.insert(room_id_server_name.to_owned());
+	}
+
+	debug_info!("servers in remote_leave_room: {servers:?}");
+
+	for remote_server in servers {
+		let make_leave_response = services
+			.sending
+			.send_federation_request(
+				&remote_server,
+				federation::membership::prepare_leave_event::v1::Request {
+					room_id: room_id.to_owned(),
+					user_id: user_id.to_owned(),
+				},
+			)
+			.await;
+
+		make_leave_response_and_server = make_leave_response.map(|r| (r, remote_server));
+
+		if make_leave_response_and_server.is_ok() {
+			break;
+		}
+	}
+
+	let (make_leave_response, remote_server) = make_leave_response_and_server?;
+
+	let Some(room_version_id) = make_leave_response.room_version else {
+		return Err!(BadServerResponse(warn!(
+			"No room version was returned by {remote_server} for {room_id}, room version is \
+			 likely not supported by conduwuit"
+		)));
+	};
+
+	if !services.server.supported_room_version(&room_version_id) {
+		return Err!(BadServerResponse(warn!(
+			"Remote room version {room_version_id} for {room_id} is not supported by conduwuit",
+		)));
+	}
+
+	let mut leave_event_stub = serde_json::from_str::<CanonicalJsonObject>(
+		make_leave_response.event.get(),
+	)
+	.map_err(|e| {
+		err!(BadServerResponse(warn!(
+			"Invalid make_leave event json received from {remote_server} for {room_id}: {e:?}"
+		)))
+	})?;
+
+	// TODO: Is origin needed?
+	leave_event_stub.insert(
+		"origin".to_owned(),
+		CanonicalJsonValue::String(services.globals.server_name().as_str().to_owned()),
+	);
+	leave_event_stub.insert(
+		"origin_server_ts".to_owned(),
+		CanonicalJsonValue::Integer(
+			utils::millis_since_unix_epoch()
+				.try_into()
+				.expect("Timestamp is valid js_int value"),
+		),
+	);
+	// Inject the reason key into the event content dict if it exists
+	if let Some(reason) = reason {
+		if let Some(CanonicalJsonValue::Object(content)) = leave_event_stub.get_mut("content") {
+			content.insert("reason".to_owned(), CanonicalJsonValue::String(reason));
+		}
+	}
+
+	// room v3 and above removed the "event_id" field from remote PDU format
+	match room_version_id {
+		| RoomVersionId::V1 | RoomVersionId::V2 => {},
+		| _ => {
+			leave_event_stub.remove("event_id");
+		},
+	}
+
+	// In order to create a compatible ref hash (EventID) the `hashes` field needs
+	// to be present
+	services
+		.server_keys
+		.hash_and_sign_event(&mut leave_event_stub, &room_version_id)?;
+
+	// Generate event id
+	let event_id = gen_event_id(&leave_event_stub, &room_version_id)?;
+
+	// Add event_id back
+	leave_event_stub
+		.insert("event_id".to_owned(), CanonicalJsonValue::String(event_id.clone().into()));
+
+	// It has enough fields to be called a proper event now
+	let leave_event = leave_event_stub;
+
+	services
+		.sending
+		.send_federation_request(
+			&remote_server,
+			federation::membership::create_leave_event::v2::Request {
+				room_id: room_id.to_owned(),
+				event_id,
+				pdu: services
+					.sending
+					.convert_to_outgoing_federation_event(leave_event.clone())
+					.await,
+			},
+		)
+		.await?;
+
+	Ok(())
+}
@@ -0,0 +1,147 @@
+use axum::extract::State;
+use conduwuit::{
+	Err, Event, Result, at,
+	utils::{
+		future::TryExtExt,
+		stream::{BroadbandExt, ReadyExt},
+	},
+};
+use futures::{FutureExt, StreamExt, future::join};
+use ruma::{
+	api::client::membership::{
+		get_member_events::{self, v3::MembershipEventFilter},
+		joined_members::{self, v3::RoomMember},
+	},
+	events::{
+		StateEventType,
+		room::member::{MembershipState, RoomMemberEventContent},
+	},
+};
+
+use crate::Ruma;
+
+/// # `POST /_matrix/client/r0/rooms/{roomId}/members`
+///
+/// Lists all joined users in a room (TODO: at a specific point in time, with a
+/// specific membership).
+///
+/// - Only works if the user is currently joined
+pub(crate) async fn get_member_events_route(
+	State(services): State<crate::State>,
+	body: Ruma<get_member_events::v3::Request>,
+) -> Result<get_member_events::v3::Response> {
+	let sender_user = body.sender_user();
+	let membership = body.membership.as_ref();
+	let not_membership = body.not_membership.as_ref();
+
+	if !services
+		.rooms
+		.state_accessor
+		.user_can_see_state_events(sender_user, &body.room_id)
+		.await
+	{
+		return Err!(Request(Forbidden("You don't have permission to view this room.")));
+	}
+
+	Ok(get_member_events::v3::Response {
+		chunk: services
+			.rooms
+			.state_accessor
+			.room_state_full(&body.room_id)
+			.ready_filter_map(Result::ok)
+			.ready_filter(|((ty, _), _)| *ty == StateEventType::RoomMember)
+			.map(at!(1))
+			.ready_filter_map(|pdu| membership_filter(pdu, membership, not_membership))
+			.map(Event::into_format)
+			.collect()
+			.boxed()
+			.await,
+	})
+}
+
+/// # `POST /_matrix/client/r0/rooms/{roomId}/joined_members`
+///
+/// Lists all members of a room.
+///
+/// - The sender user must be in the room
+/// - TODO: An appservice just needs a puppet joined
+pub(crate) async fn joined_members_route(
+	State(services): State<crate::State>,
+	body: Ruma<joined_members::v3::Request>,
+) -> Result<joined_members::v3::Response> {
+	if !services
+		.rooms
+		.state_accessor
+		.user_can_see_state_events(body.sender_user(), &body.room_id)
+		.await
+	{
+		return Err!(Request(Forbidden("You don't have permission to view this room.")));
+	}
+
+	Ok(joined_members::v3::Response {
+		joined: services
+			.rooms
+			.state_cache
+			.room_members(&body.room_id)
+			.map(ToOwned::to_owned)
+			.broad_then(|user_id| async move {
+				let (display_name, avatar_url) = join(
+					services.users.displayname(&user_id).ok(),
+					services.users.avatar_url(&user_id).ok(),
+				)
+				.await;
+
+				(user_id, RoomMember { display_name, avatar_url })
+			})
+			.collect()
+			.await,
+	})
+}
+
+fn membership_filter<Pdu: Event>(
+	pdu: Pdu,
+	for_membership: Option<&MembershipEventFilter>,
+	not_membership: Option<&MembershipEventFilter>,
+) -> Option<impl Event> {
+	let membership_state_filter = match for_membership {
+		| Some(MembershipEventFilter::Ban) => MembershipState::Ban,
+		| Some(MembershipEventFilter::Invite) => MembershipState::Invite,
+		| Some(MembershipEventFilter::Knock) => MembershipState::Knock,
+		| Some(MembershipEventFilter::Leave) => MembershipState::Leave,
+		| Some(_) | None => MembershipState::Join,
+	};
+
+	let not_membership_state_filter = match not_membership {
+		| Some(MembershipEventFilter::Ban) => MembershipState::Ban,
+		| Some(MembershipEventFilter::Invite) => MembershipState::Invite,
+		| Some(MembershipEventFilter::Join) => MembershipState::Join,
+		| Some(MembershipEventFilter::Knock) => MembershipState::Knock,
+		| Some(_) | None => MembershipState::Leave,
+	};
+
+	let evt_membership = pdu.get_content::<RoomMemberEventContent>().ok()?.membership;
+
+	if for_membership.is_some() && not_membership.is_some() {
+		if membership_state_filter != evt_membership
+			|| not_membership_state_filter == evt_membership
+		{
+			None
+		} else {
+			Some(pdu)
+		}
+	} else if for_membership.is_some() && not_membership.is_none() {
+		if membership_state_filter != evt_membership {
+			None
+		} else {
+			Some(pdu)
+		}
+	} else if not_membership.is_some() && for_membership.is_none() {
+		if not_membership_state_filter == evt_membership {
+			None
+		} else {
+			Some(pdu)
+		}
+	} else {
+		Some(pdu)
+	}
+}
@@ -0,0 +1,156 @@
+mod ban;
+mod forget;
+mod invite;
+mod join;
+mod kick;
+mod knock;
+mod leave;
+mod members;
+mod unban;
+
+use std::net::IpAddr;
+
+use axum::extract::State;
+use conduwuit::{Err, Result, warn};
+use futures::{FutureExt, StreamExt};
+use ruma::{OwnedRoomId, RoomId, ServerName, UserId, api::client::membership::joined_rooms};
+use service::Services;
+
+pub(crate) use self::{
+	ban::ban_user_route,
+	forget::forget_room_route,
+	invite::{invite_helper, invite_user_route},
+	join::{join_room_by_id_or_alias_route, join_room_by_id_route},
+	kick::kick_user_route,
+	knock::knock_room_route,
+	leave::leave_room_route,
+	members::{get_member_events_route, joined_members_route},
+	unban::unban_user_route,
+};
+pub use self::{
+	join::join_room_by_id_helper,
+	leave::{leave_all_rooms, leave_room},
+};
+use crate::{Ruma, client::full_user_deactivate};
+
+/// # `POST /_matrix/client/r0/joined_rooms`
+///
+/// Lists all rooms the user has joined.
+pub(crate) async fn joined_rooms_route(
+	State(services): State<crate::State>,
+	body: Ruma<joined_rooms::v3::Request>,
+) -> Result<joined_rooms::v3::Response> {
+	Ok(joined_rooms::v3::Response {
+		joined_rooms: services
+			.rooms
+			.state_cache
+			.rooms_joined(body.sender_user())
+			.map(ToOwned::to_owned)
+			.collect()
+			.await,
+	})
+}
+
+/// Checks if the room is banned in any way possible and the sender user is not
+/// an admin.
+///
+/// Performs automatic deactivation if `auto_deactivate_banned_room_attempts` is
+/// enabled
+#[tracing::instrument(skip(services))]
+pub(crate) async fn banned_room_check(
+	services: &Services,
+	user_id: &UserId,
+	room_id: Option<&RoomId>,
+	server_name: Option<&ServerName>,
+	client_ip: IpAddr,
+) -> Result {
+	if services.users.is_admin(user_id).await {
+		return Ok(());
+	}
+
+	if let Some(room_id) = room_id {
+		if services.rooms.metadata.is_banned(room_id).await
+			|| services
+				.moderation
+				.is_remote_server_forbidden(room_id.server_name().expect("legacy room mxid"))
+		{
+			warn!(
+				"User {user_id} who is not an admin attempted to send an invite for or \
+				 attempted to join a banned room or banned room server name: {room_id}"
+			);
+
+			if services.server.config.auto_deactivate_banned_room_attempts {
+				warn!(
+					"Automatically deactivating user {user_id} due to attempted banned room join"
+				);
+
+				if services.server.config.admin_room_notices {
+					services
+						.admin
+						.send_text(&format!(
+							"Automatically deactivating user {user_id} due to attempted banned \
+							 room join from IP {client_ip}"
+						))
+						.await;
+				}
+
+				let all_joined_rooms: Vec<OwnedRoomId> = services
+					.rooms
+					.state_cache
+					.rooms_joined(user_id)
+					.map(Into::into)
+					.collect()
+					.await;
+
+				full_user_deactivate(services, user_id, &all_joined_rooms)
+					.boxed()
+					.await?;
+			}
+
+			return Err!(Request(Forbidden("This room is banned on this homeserver.")));
+		}
+	} else if let Some(server_name) = server_name {
+		if services
+			.config
+			.forbidden_remote_server_names
+			.is_match(server_name.host())
+		{
+			warn!(
+				"User {user_id} who is not an admin tried joining a room which has the server \
+				 name {server_name} that is globally forbidden. Rejecting.",
+			);
+
+			if services.server.config.auto_deactivate_banned_room_attempts {
+				warn!(
+					"Automatically deactivating user {user_id} due to attempted banned room join"
+				);
+
+				if services.server.config.admin_room_notices {
+					services
+						.admin
+						.send_text(&format!(
+							"Automatically deactivating user {user_id} due to attempted banned \
+							 room join from IP {client_ip}"
+						))
+						.await;
+				}
+
+				let all_joined_rooms: Vec<OwnedRoomId> = services
+					.rooms
+					.state_cache
+					.rooms_joined(user_id)
+					.map(Into::into)
+					.collect()
+					.await;
+
+				full_user_deactivate(services, user_id, &all_joined_rooms)
+					.boxed()
+					.await?;
+			}
+
+			return Err!(Request(Forbidden("This remote server is banned on this homeserver.")));
+		}
+	}
+
+	Ok(())
+}
@@ -0,0 +1,54 @@
+use axum::extract::State;
+use conduwuit::{Err, Result, matrix::pdu::PduBuilder};
+use ruma::{
+	api::client::membership::unban_user,
+	events::room::member::{MembershipState, RoomMemberEventContent},
+};
+
+use crate::Ruma;
+
+/// # `POST /_matrix/client/r0/rooms/{roomId}/unban`
+///
+/// Tries to send an unban event into the room.
+pub(crate) async fn unban_user_route(
+	State(services): State<crate::State>,
+	body: Ruma<unban_user::v3::Request>,
+) -> Result<unban_user::v3::Response> {
+	let state_lock = services.rooms.state.mutex.lock(&body.room_id).await;
+
+	let current_member_content = services
+		.rooms
+		.state_accessor
+		.get_member(&body.room_id, &body.user_id)
+		.await
+		.unwrap_or_else(|_| RoomMemberEventContent::new(MembershipState::Leave));
+
+	if current_member_content.membership != MembershipState::Ban {
+		return Err!(Request(Forbidden(
+			"Cannot unban a user who is not banned (current membership: {})",
+			current_member_content.membership
+		)));
+	}
+
+	services
+		.rooms
+		.timeline
+		.build_and_append_pdu(
+			PduBuilder::state(body.user_id.to_string(), &RoomMemberEventContent {
+				membership: MembershipState::Leave,
+				reason: body.reason.clone(),
+				join_authorized_via_users_server: None,
+				third_party_invite: None,
+				is_direct: None,
+				..current_member_content
+			}),
+			body.sender_user(),
+			&body.room_id,
+			&state_lock,
+		)
+		.await?;
+
+	drop(state_lock);
+
+	Ok(unban_user::v3::Response::new())
+}
@@ -1,12 +1,11 @@
-use core::panic;
-
 use axum::extract::State;
 use conduwuit::{
 	Err, Result, at,
 	matrix::{
-		Event,
-		pdu::{PduCount, PduEvent},
+		event::{Event, Matches},
+		pdu::PduCount,
 	},
+	ref_at,
 	utils::{
 		IterStream, ReadyExt,
 		result::{FlatOk, LogErr},
@@ -34,6 +33,7 @@ use ruma::{
 	},
 	serde::Raw,
 };
+use tracing::warn;

 use crate::Ruma;

@@ -73,7 +73,7 @@ pub(crate) async fn get_message_events_route(
 ) -> Result<get_message_events::v3::Response> {
 	debug_assert!(IGNORED_MESSAGE_TYPES.is_sorted(), "IGNORED_MESSAGE_TYPES is not sorted");
 	let sender_user = body.sender_user();
-	let sender_device = body.sender_device.as_ref();
+	let sender_device = body.sender_device.as_deref();
 	let room_id = &body.room_id;
 	let filter = &body.filter;

@@ -137,18 +137,17 @@ pub(crate) async fn get_message_events_route(

 	let lazy_loading_context = lazy_loading::Context {
 		user_id: sender_user,
-		device_id: match sender_device {
-			| Some(device_id) => device_id,
-			| None =>
-				if let Some(registration) = body.appservice_info.as_ref() {
-					<&DeviceId>::from(registration.registration.id.as_str())
-				} else {
-					panic!(
-						"No device_id provided and no appservice registration found, this \
-						 should be unreachable"
-					);
-				},
-		},
+		device_id: sender_device.or_else(|| {
+			if let Some(registration) = body.appservice_info.as_ref() {
+				Some(<&DeviceId>::from(registration.registration.id.as_str()))
+			} else {
+				warn!(
+					"No device_id provided and no appservice registration found, this should be \
+					 unreachable"
+				);
+				None
+			}
+		}),
 		room_id,
 		token: Some(from.into_unsigned()),
 		options: Some(&filter.lazy_load_options),
@@ -177,7 +176,7 @@ pub(crate) async fn get_message_events_route(
 	let chunk = events
 		.into_iter()
 		.map(at!(1))
-		.map(PduEvent::into_room_event)
+		.map(Event::into_format)
 		.collect();

 	Ok(get_message_events::v3::Response {
@@ -218,7 +217,9 @@ where
 	pin_mut!(receipts);
 	let witness: Witness = events
 		.stream()
-		.map(|(_, pdu)| pdu.sender.clone())
+		.map(ref_at!(1))
+		.map(Event::sender)
+		.map(ToOwned::to_owned)
 		.chain(
 			receipts
 				.ready_take_while(|(_, c, _)| *c <= newest.into_unsigned())
@@ -243,7 +244,7 @@ async fn get_member_event(
 		.rooms
 		.state_accessor
 		.room_state_get(room_id, &StateEventType::RoomMember, user_id.as_str())
-		.map_ok(PduEvent::into_state_event)
+		.map_ok(Event::into_format)
 		.await
 		.ok()
 }
@@ -263,27 +264,33 @@ pub(crate) async fn ignored_filter(
 }

 #[inline]
-pub(crate) async fn is_ignored_pdu(
+pub(crate) async fn is_ignored_pdu<Pdu>(
 	services: &Services,
-	pdu: &PduEvent,
+	event: &Pdu,
 	user_id: &UserId,
-) -> bool {
+) -> bool
+where
+	Pdu: Event + Send + Sync,
+{
 	// exclude Synapse's dummy events from bloating up response bodies. clients
 	// don't need to see this.
-	if pdu.kind.to_cow_str() == "org.matrix.dummy_event" {
+	if event.kind().to_cow_str() == "org.matrix.dummy_event" {
 		return true;
 	}

-	let ignored_type = IGNORED_MESSAGE_TYPES.binary_search(&pdu.kind).is_ok();
+	let ignored_type = IGNORED_MESSAGE_TYPES.binary_search(event.kind()).is_ok();

 	let ignored_server = services
 		.moderation
-		.is_remote_server_ignored(pdu.sender().server_name());
+		.is_remote_server_ignored(event.sender().server_name());

 	if ignored_type
 		&& (ignored_server
 			|| (!services.config.send_messages_from_ignored_users_to_client
-				&& services.users.user_is_ignored(&pdu.sender, user_id).await))
+				&& services
+					.users
+					.user_is_ignored(event.sender(), user_id)
+					.await))
 	{
 		return true;
 	}
@@ -302,7 +309,7 @@ pub(crate) async fn visibility_filter(
 	services
 		.rooms
 		.state_accessor
-		.user_can_see_event(user_id, &pdu.room_id, &pdu.event_id)
+		.user_can_see_event(user_id, pdu.room_id(), pdu.event_id())
 		.await
 		.then_some(item)
 }
@@ -310,7 +317,7 @@ pub(crate) async fn visibility_filter(
 #[inline]
 pub(crate) fn event_filter(item: PdusIterItem, filter: &RoomEventFilter) -> Option<PdusIterItem> {
 	let (_, pdu) = &item;
-	pdu.matches(filter).then_some(item)
+	filter.matches(pdu).then_some(item)
 }

 #[cfg_attr(debug_assertions, conduwuit::ctor)]
@@ -1,11 +1,8 @@
 use std::time::Duration;

 use axum::extract::State;
-use conduwuit::{Error, Result, utils};
-use ruma::{
-	api::client::{account, error::ErrorKind},
-	authentication::TokenType,
-};
+use conduwuit::{Err, Result, utils};
+use ruma::{api::client::account, authentication::TokenType};

 use super::TOKEN_LENGTH;
 use crate::Ruma;
@@ -19,17 +16,15 @@ pub(crate) async fn create_openid_token_route(
 	State(services): State<crate::State>,
 	body: Ruma<account::request_openid_token::v3::Request>,
 ) -> Result<account::request_openid_token::v3::Response> {
-	let sender_user = body.sender_user.as_ref().expect("user is authenticated");
+	let sender_user = body.sender_user();

-	if sender_user != &body.user_id {
-		return Err(Error::BadRequest(
-			ErrorKind::InvalidParam,
+	if sender_user != body.user_id {
+		return Err!(Request(InvalidParam(
 			"Not allowed to request OpenID tokens on behalf of other users",
-		));
+		)));
 	}

 	let access_token = utils::random_string(TOKEN_LENGTH);
-
 	let expires_in = services
 		.users
 		.create_openid_token(&body.user_id, &access_token)?;
@@ -2,21 +2,21 @@ use std::collections::BTreeMap;

 use axum::extract::State;
 use conduwuit::{
-	Err, Error, Result,
+	Err, Result,
 	matrix::pdu::PduBuilder,
-	utils::{IterStream, stream::TryIgnore},
+	utils::{IterStream, future::TryExtExt, stream::TryIgnore},
 	warn,
 };
 use conduwuit_service::Services;
-use futures::{StreamExt, TryStreamExt, future::join3};
+use futures::{
+	StreamExt, TryStreamExt,
+	future::{join, join3, join4},
+};
 use ruma::{
 	OwnedMxcUri, OwnedRoomId, UserId,
 	api::{
-		client::{
-			error::ErrorKind,
-			profile::{
-				get_avatar_url, get_display_name, get_profile, set_avatar_url, set_display_name,
-			},
+		client::profile::{
+			get_avatar_url, get_display_name, get_profile, set_avatar_url, set_display_name,
 		},
 		federation,
 	},
@@ -35,7 +35,7 @@ pub(crate) async fn set_displayname_route(
 	State(services): State<crate::State>,
 	body: Ruma<set_display_name::v3::Request>,
 ) -> Result<set_display_name::v3::Response> {
-	let sender_user = body.sender_user.as_ref().expect("user is authenticated");
+	let sender_user = body.sender_user();

 	if *sender_user != body.user_id && body.appservice_info.is_none() {
 		return Err!(Request(Forbidden("You cannot update the profile of another user")));
@@ -107,7 +107,7 @@ pub(crate) async fn get_displayname_route(
 	if !services.users.exists(&body.user_id).await {
 		// Return 404 if this user doesn't exist and we couldn't fetch it over
 		// federation
-		return Err(Error::BadRequest(ErrorKind::NotFound, "Profile was not found."));
+		return Err!(Request(NotFound("Profile was not found.")));
 	}

 	Ok(get_display_name::v3::Response {
@@ -124,7 +124,7 @@ pub(crate) async fn set_avatar_url_route(
 	State(services): State<crate::State>,
 	body: Ruma<set_avatar_url::v3::Request>,
 ) -> Result<set_avatar_url::v3::Response> {
-	let sender_user = body.sender_user.as_ref().expect("user is authenticated");
+	let sender_user = body.sender_user();

 	if *sender_user != body.user_id && body.appservice_info.is_none() {
 		return Err!(Request(Forbidden("You cannot update the profile of another user")));
@@ -189,11 +189,9 @@ pub(crate) async fn get_avatar_url_route(
 			services
 				.users
 				.set_displayname(&body.user_id, response.displayname.clone());
-
 			services
 				.users
 				.set_avatar_url(&body.user_id, response.avatar_url.clone());
-
 			services
 				.users
 				.set_blurhash(&body.user_id, response.blurhash.clone());
@@ -208,13 +206,16 @@ pub(crate) async fn get_avatar_url_route(
 	if !services.users.exists(&body.user_id).await {
 		// Return 404 if this user doesn't exist and we couldn't fetch it over
 		// federation
-		return Err(Error::BadRequest(ErrorKind::NotFound, "Profile was not found."));
+		return Err!(Request(NotFound("Profile was not found.")));
 	}

-	Ok(get_avatar_url::v3::Response {
-		avatar_url: services.users.avatar_url(&body.user_id).await.ok(),
-		blurhash: services.users.blurhash(&body.user_id).await.ok(),
-	})
+	let (avatar_url, blurhash) = join(
+		services.users.avatar_url(&body.user_id).ok(),
+		services.users.blurhash(&body.user_id).ok(),
+	)
+	.await;
+
+	Ok(get_avatar_url::v3::Response { avatar_url, blurhash })
 }

 /// # `GET /_matrix/client/v3/profile/{userId}`
@@ -247,15 +248,12 @@ pub(crate) async fn get_profile_route(
 			services
 				.users
 				.set_displayname(&body.user_id, response.displayname.clone());
-
 			services
 				.users
 				.set_avatar_url(&body.user_id, response.avatar_url.clone());
-
 			services
 				.users
 				.set_blurhash(&body.user_id, response.blurhash.clone());
-
 			services
 				.users
 				.set_timezone(&body.user_id, response.tz.clone());
@@ -281,7 +279,7 @@ pub(crate) async fn get_profile_route(
 	if !services.users.exists(&body.user_id).await {
 		// Return 404 if this user doesn't exist and we couldn't fetch it over
 		// federation
-		return Err(Error::BadRequest(ErrorKind::NotFound, "Profile was not found."));
+		return Err!(Request(NotFound("Profile was not found.")));
 	}

 	let mut custom_profile_fields: BTreeMap<String, serde_json::Value> = services
@@ -294,11 +292,19 @@ pub(crate) async fn get_profile_route(
 	custom_profile_fields.remove("us.cloke.msc4175.tz");
 	custom_profile_fields.remove("m.tz");

+	let (avatar_url, blurhash, displayname, tz) = join4(
+		services.users.avatar_url(&body.user_id).ok(),
+		services.users.blurhash(&body.user_id).ok(),
+		services.users.displayname(&body.user_id).ok(),
+		services.users.timezone(&body.user_id).ok(),
+	)
+	.await;
+
 	Ok(get_profile::v3::Response {
-		avatar_url: services.users.avatar_url(&body.user_id).await.ok(),
-		blurhash: services.users.blurhash(&body.user_id).await.ok(),
-		displayname: services.users.displayname(&body.user_id).await.ok(),
-		tz: services.users.timezone(&body.user_id).await.ok(),
+		avatar_url,
+		blurhash,
+		displayname,
+		tz,
 		custom_profile_fields,
 	})
 }
@@ -310,16 +316,12 @@ pub async fn update_displayname(
 	all_joined_rooms: &[OwnedRoomId],
 ) {
 	let (current_avatar_url, current_blurhash, current_displayname) = join3(
-		services.users.avatar_url(user_id),
-		services.users.blurhash(user_id),
-		services.users.displayname(user_id),
+		services.users.avatar_url(user_id).ok(),
+		services.users.blurhash(user_id).ok(),
+		services.users.displayname(user_id).ok(),
 	)
 	.await;

-	let current_avatar_url = current_avatar_url.ok();
-	let current_blurhash = current_blurhash.ok();
-	let current_displayname = current_displayname.ok();
-
 	if displayname == current_displayname {
 		return;
 	}
@@ -362,16 +364,12 @@ pub async fn update_avatar_url(
 	all_joined_rooms: &[OwnedRoomId],
 ) {
 	let (current_avatar_url, current_blurhash, current_displayname) = join3(
-		services.users.avatar_url(user_id),
-		services.users.blurhash(user_id),
-		services.users.displayname(user_id),
+		services.users.avatar_url(user_id).ok(),
+		services.users.blurhash(user_id).ok(),
+		services.users.displayname(user_id).ok(),
 	)
 	.await;

-	let current_avatar_url = current_avatar_url.ok();
-	let current_blurhash = current_blurhash.ok();
-	let current_displayname = current_displayname.ok();
-
 	if current_avatar_url == avatar_url && current_blurhash == blurhash {
 		return;
 	}
@@ -79,17 +79,14 @@ pub(crate) async fn get_pushrules_all_route(

 			global_ruleset.update_with_server_default(Ruleset::server_default(sender_user));

+			let ty = GlobalAccountDataEventType::PushRules;
+			let event = PushRulesEvent {
+				content: PushRulesEventContent { global: global_ruleset.clone() },
+			};
+
 			services
 				.account_data
-				.update(
-					None,
-					sender_user,
-					GlobalAccountDataEventType::PushRules.to_string().into(),
-					&serde_json::to_value(PushRulesEvent {
-						content: PushRulesEventContent { global: global_ruleset.clone() },
-					})
-					.expect("to json always works"),
-				)
+				.update(None, sender_user, ty.to_string().into(), &serde_json::to_value(event)?)
 				.await?;
 		}
 	};
@@ -106,7 +103,7 @@ pub(crate) async fn get_pushrules_global_route(
 	State(services): State<crate::State>,
 	body: Ruma<get_pushrules_global_scope::v3::Request>,
 ) -> Result<get_pushrules_global_scope::v3::Response> {
-	let sender_user = body.sender_user.as_ref().expect("user is authenticated");
+	let sender_user = body.sender_user();

 	let Some(content_value) = services
 		.account_data
@@ -118,19 +115,17 @@ pub(crate) async fn get_pushrules_global_route(
 	else {
 		// user somehow has non-existent push rule event. recreate it and return server
 		// default silently
+
+		let ty = GlobalAccountDataEventType::PushRules;
+		let event = PushRulesEvent {
+			content: PushRulesEventContent {
+				global: Ruleset::server_default(sender_user),
+			},
+		};
+
 		services
 			.account_data
-			.update(
-				None,
-				sender_user,
-				GlobalAccountDataEventType::PushRules.to_string().into(),
-				&serde_json::to_value(PushRulesEvent {
-					content: PushRulesEventContent {
-						global: Ruleset::server_default(sender_user),
-					},
-				})
-				.expect("to json always works"),
-			)
+			.update(None, sender_user, ty.to_string().into(), &serde_json::to_value(event)?)
 			.await?;

 		return Ok(get_pushrules_global_scope::v3::Response {
@@ -223,7 +218,7 @@ pub(crate) async fn get_pushrule_route(
 	if let Some(rule) = rule {
 		Ok(get_pushrule::v3::Response { rule })
 	} else {
-		Err(Error::BadRequest(ErrorKind::NotFound, "Push rule not found."))
+		Err!(Request(NotFound("Push rule not found.")))
 	}
 }

@@ -234,9 +229,8 @@ pub(crate) async fn set_pushrule_route(
 	State(services): State<crate::State>,
 	body: Ruma<set_pushrule::v3::Request>,
 ) -> Result<set_pushrule::v3::Response> {
-	let sender_user = body.sender_user.as_ref().expect("user is authenticated");
-	let body = body.body;
-
+	let sender_user = body.sender_user();
+	let body = &body.body;
 	let mut account_data: PushRulesEvent = services
 		.account_data
 		.get_global(sender_user, GlobalAccountDataEventType::PushRules)
@@ -275,14 +269,10 @@ pub(crate) async fn set_pushrule_route(
 		return Err(err);
 	}

+	let ty = GlobalAccountDataEventType::PushRules;
 	services
 		.account_data
-		.update(
-			None,
-			sender_user,
-			GlobalAccountDataEventType::PushRules.to_string().into(),
-			&serde_json::to_value(account_data).expect("to json value always works"),
-		)
+		.update(None, sender_user, ty.to_string().into(), &serde_json::to_value(account_data)?)
 		.await?;

 	Ok(set_pushrule::v3::Response {})
@@ -295,7 +285,7 @@ pub(crate) async fn get_pushrule_actions_route(
 	State(services): State<crate::State>,
 	body: Ruma<get_pushrule_actions::v3::Request>,
 ) -> Result<get_pushrule_actions::v3::Response> {
-	let sender_user = body.sender_user.as_ref().expect("user is authenticated");
+	let sender_user = body.sender_user();

 	// remove old deprecated mentions push rules as per MSC4210
 	#[allow(deprecated)]
@@ -329,7 +319,7 @@ pub(crate) async fn set_pushrule_actions_route(
 	State(services): State<crate::State>,
 	body: Ruma<set_pushrule_actions::v3::Request>,
 ) -> Result<set_pushrule_actions::v3::Response> {
-	let sender_user = body.sender_user.as_ref().expect("user is authenticated");
+	let sender_user = body.sender_user();

 	let mut account_data: PushRulesEvent = services
 		.account_data
@@ -343,17 +333,13 @@ pub(crate) async fn set_pushrule_actions_route(
 		.set_actions(body.kind.clone(), &body.rule_id, body.actions.clone())
 		.is_err()
 	{
-		return Err(Error::BadRequest(ErrorKind::NotFound, "Push rule not found."));
+		return Err!(Request(NotFound("Push rule not found.")));
 	}

+	let ty = GlobalAccountDataEventType::PushRules;
 	services
 		.account_data
-		.update(
-			None,
-			sender_user,
-			GlobalAccountDataEventType::PushRules.to_string().into(),
-			&serde_json::to_value(account_data).expect("to json value always works"),
-		)
+		.update(None, sender_user, ty.to_string().into(), &serde_json::to_value(account_data)?)
 		.await?;

 	Ok(set_pushrule_actions::v3::Response {})
@@ -366,7 +352,7 @@ pub(crate) async fn get_pushrule_enabled_route(
 	State(services): State<crate::State>,
 	body: Ruma<get_pushrule_enabled::v3::Request>,
 ) -> Result<get_pushrule_enabled::v3::Response> {
-	let sender_user = body.sender_user.as_ref().expect("user is authenticated");
+	let sender_user = body.sender_user();

 	// remove old deprecated mentions push rules as per MSC4210
 	#[allow(deprecated)]
@@ -400,7 +386,7 @@ pub(crate) async fn set_pushrule_enabled_route(
 	State(services): State<crate::State>,
 	body: Ruma<set_pushrule_enabled::v3::Request>,
 ) -> Result<set_pushrule_enabled::v3::Response> {
-	let sender_user = body.sender_user.as_ref().expect("user is authenticated");
+	let sender_user = body.sender_user();

 	let mut account_data: PushRulesEvent = services
 		.account_data
@@ -414,17 +400,13 @@ pub(crate) async fn set_pushrule_enabled_route(
 		.set_enabled(body.kind.clone(), &body.rule_id, body.enabled)
 		.is_err()
 	{
-		return Err(Error::BadRequest(ErrorKind::NotFound, "Push rule not found."));
+		return Err!(Request(NotFound("Push rule not found.")));
 	}

+	let ty = GlobalAccountDataEventType::PushRules;
 	services
 		.account_data
-		.update(
-			None,
-			sender_user,
-			GlobalAccountDataEventType::PushRules.to_string().into(),
-			&serde_json::to_value(account_data).expect("to json value always works"),
-		)
+		.update(None, sender_user, ty.to_string().into(), &serde_json::to_value(account_data)?)
 		.await?;

 	Ok(set_pushrule_enabled::v3::Response {})
@@ -437,7 +419,7 @@ pub(crate) async fn delete_pushrule_route(
 	State(services): State<crate::State>,
 	body: Ruma<delete_pushrule::v3::Request>,
 ) -> Result<delete_pushrule::v3::Response> {
-	let sender_user = body.sender_user.as_ref().expect("user is authenticated");
+	let sender_user = body.sender_user();

 	let mut account_data: PushRulesEvent = services
 		.account_data
@@ -463,14 +445,10 @@ pub(crate) async fn delete_pushrule_route(
 		return Err(err);
 	}

+	let ty = GlobalAccountDataEventType::PushRules;
 	services
 		.account_data
-		.update(
-			None,
-			sender_user,
-			GlobalAccountDataEventType::PushRules.to_string().into(),
-			&serde_json::to_value(account_data).expect("to json value always works"),
-		)
+		.update(None, sender_user, ty.to_string().into(), &serde_json::to_value(account_data)?)
 		.await?;

 	Ok(delete_pushrule::v3::Response {})
@@ -483,7 +461,7 @@ pub(crate) async fn get_pushers_route(
 	State(services): State<crate::State>,
 	body: Ruma<get_pushers::v3::Request>,
 ) -> Result<get_pushers::v3::Response> {
-	let sender_user = body.sender_user.as_ref().expect("user is authenticated");
+	let sender_user = body.sender_user();

 	Ok(get_pushers::v3::Response {
 		pushers: services.pusher.get_pushers(sender_user).await,
@@ -499,7 +477,7 @@ pub(crate) async fn set_pushers_route(
 	State(services): State<crate::State>,
 	body: Ruma<set_pusher::v3::Request>,
 ) -> Result<set_pusher::v3::Response> {
-	let sender_user = body.sender_user.as_ref().expect("user is authenticated");
+	let sender_user = body.sender_user();

 	services
 		.pusher
@@ -515,19 +493,16 @@ async fn recreate_push_rules_and_return(
 	services: &Services,
 	sender_user: &ruma::UserId,
 ) -> Result<get_pushrules_all::v3::Response> {
+	let ty = GlobalAccountDataEventType::PushRules;
+	let event = PushRulesEvent {
+		content: PushRulesEventContent {
+			global: Ruleset::server_default(sender_user),
+		},
+	};
+
 	services
 		.account_data
-		.update(
-			None,
-			sender_user,
-			GlobalAccountDataEventType::PushRules.to_string().into(),
-			&serde_json::to_value(PushRulesEvent {
-				content: PushRulesEventContent {
-					global: Ruleset::server_default(sender_user),
-				},
-			})
-			.expect("to json always works"),
-		)
+		.update(None, sender_user, ty.to_string().into(), &serde_json::to_value(event)?)
 		.await?;

 	Ok(get_pushrules_all::v3::Response {
@@ -37,7 +37,7 @@ pub(crate) async fn set_read_marker_route(
 				Some(&body.room_id),
 				sender_user,
 				RoomAccountDataEventType::FullyRead,
-				&serde_json::to_value(fully_read_event).expect("to json value always works"),
+				&serde_json::to_value(fully_read_event)?,
 			)
 			.await?;
 	}
@@ -146,7 +146,7 @@ pub(crate) async fn create_receipt_route(
 					Some(&body.room_id),
 					sender_user,
 					RoomAccountDataEventType::FullyRead,
-					&serde_json::to_value(fully_read_event).expect("to json value always works"),
+					&serde_json::to_value(fully_read_event)?,
 				)
 				.await?;
 		},
@@ -15,8 +15,8 @@ pub(crate) async fn redact_event_route(
 	State(services): State<crate::State>,
 	body: Ruma<redact_event::v3::Request>,
 ) -> Result<redact_event::v3::Response> {
-	let sender_user = body.sender_user.as_ref().expect("user is authenticated");
-	let body = body.body;
+	let sender_user = body.sender_user();
+	let body = &body.body;

 	let state_lock = services.rooms.state.mutex.lock(&body.room_id).await;

@@ -1,10 +1,10 @@
 use axum::extract::State;
 use conduwuit::{
 	Result, at,
-	matrix::pdu::PduCount,
+	matrix::{Event, event::RelationTypeEqual, pdu::PduCount},
 	utils::{IterStream, ReadyExt, result::FlatOk, stream::WidebandExt},
 };
-use conduwuit_service::{Services, rooms::timeline::PdusIterItem};
+use conduwuit_service::Services;
 use futures::StreamExt;
 use ruma::{
 	EventId, RoomId, UInt, UserId,
@@ -129,7 +129,7 @@ async fn paginate_relations_with_filter(
 	// Spec (v1.10) recommends depth of at least 3
 	let depth: u8 = if recurse { 3 } else { 1 };

-	let events: Vec<PdusIterItem> = services
+	let events: Vec<_> = services
 		.rooms
 		.pdu_metadata
 		.get_relations(sender_user, room_id, target, start, limit, depth, dir)
@@ -138,12 +138,12 @@ async fn paginate_relations_with_filter(
 		.filter(|(_, pdu)| {
 			filter_event_type
 				.as_ref()
-				.is_none_or(|kind| *kind == pdu.kind)
+				.is_none_or(|kind| kind == pdu.kind())
 		})
 		.filter(|(_, pdu)| {
 			filter_rel_type
 				.as_ref()
-				.is_none_or(|rel_type| pdu.relation_type_equal(rel_type))
+				.is_none_or(|rel_type| rel_type.relation_type_equal(pdu))
 		})
 		.stream()
 		.ready_take_while(|(count, _)| Some(*count) != to)
@@ -167,22 +167,22 @@ async fn paginate_relations_with_filter(
 		chunk: events
 			.into_iter()
 			.map(at!(1))
-			.map(|pdu| pdu.to_message_like_event())
+			.map(Event::into_format)
 			.collect(),
 	})
 }

-async fn visibility_filter(
+async fn visibility_filter<Pdu: Event + Send + Sync>(
 	services: &Services,
 	sender_user: &UserId,
-	item: PdusIterItem,
-) -> Option<PdusIterItem> {
+	item: (PduCount, Pdu),
+) -> Option<(PduCount, Pdu)> {
 	let (_, pdu) = &item;

 	services
 		.rooms
 		.state_accessor
-		.user_can_see_event(sender_user, &pdu.room_id, &pdu.event_id)
+		.user_can_see_event(sender_user, pdu.room_id(), pdu.event_id())
 		.await
 		.then_some(item)
 }
@@ -2,15 +2,12 @@ use std::time::Duration;

 use axum::extract::State;
 use axum_client_ip::InsecureClientIp;
-use conduwuit::{Err, Error, Result, debug_info, info, matrix::pdu::PduEvent, utils::ReadyExt};
+use conduwuit::{Err, Result, debug_info, info, matrix::pdu::PduEvent, utils::ReadyExt};
 use conduwuit_service::Services;
 use rand::Rng;
 use ruma::{
 	EventId, RoomId, UserId,
-	api::client::{
-		error::ErrorKind,
-		room::{report_content, report_room},
-	},
+	api::client::room::{report_content, report_room},
 	events::room::message,
 	int,
 };
@@ -28,7 +25,7 @@ pub(crate) async fn report_room_route(
 	body: Ruma<report_room::v3::Request>,
 ) -> Result<report_room::v3::Response> {
 	// user authentication
-	let sender_user = body.sender_user.as_ref().expect("user is authenticated");
+	let sender_user = body.sender_user();

 	info!(
 		"Received room report by user {sender_user} for room {} with reason: \"{}\"",
@@ -37,9 +34,8 @@ pub(crate) async fn report_room_route(
 	);

 	if body.reason.as_ref().is_some_and(|s| s.len() > 750) {
-		return Err(Error::BadRequest(
-			ErrorKind::InvalidParam,
-			"Reason too long, should be 750 characters or fewer",
+		return Err!(Request(
+			InvalidParam("Reason too long, should be 750 characters or fewer",)
 		));
 	}

@@ -82,7 +78,7 @@ pub(crate) async fn report_event_route(
 	body: Ruma<report_content::v3::Request>,
 ) -> Result<report_content::v3::Response> {
 	// user authentication
-	let sender_user = body.sender_user.as_ref().expect("user is authenticated");
+	let sender_user = body.sender_user();

 	info!(
 		"Received event report by user {sender_user} for room {} and event ID {}, with reason: \
@@ -151,23 +147,16 @@ async fn is_event_report_valid(
 	);

 	if room_id != pdu.room_id {
-		return Err(Error::BadRequest(
-			ErrorKind::NotFound,
-			"Event ID does not belong to the reported room",
-		));
+		return Err!(Request(NotFound("Event ID does not belong to the reported room",)));
 	}

 	if score.is_some_and(|s| s > int!(0) || s < int!(-100)) {
-		return Err(Error::BadRequest(
-			ErrorKind::InvalidParam,
-			"Invalid score, must be within 0 to -100",
-		));
+		return Err!(Request(InvalidParam("Invalid score, must be within 0 to -100",)));
 	}

 	if reason.as_ref().is_some_and(|s| s.len() > 750) {
-		return Err(Error::BadRequest(
-			ErrorKind::InvalidParam,
-			"Reason too long, should be 750 characters or fewer",
+		return Err!(Request(
+			InvalidParam("Reason too long, should be 750 characters or fewer",)
 		));
 	}

@@ -178,10 +167,7 @@ async fn is_event_report_valid(
 		.ready_any(|user_id| user_id == sender_user)
 		.await
 	{
-		return Err(Error::BadRequest(
-			ErrorKind::NotFound,
-			"You are not in the room you are reporting.",
-		));
+		return Err!(Request(NotFound("You are not in the room you are reporting.",)));
 	}

 	Ok(())
@@ -196,5 +182,6 @@ async fn delay_response() {
 		"Got successful /report request, waiting {time_to_wait} seconds before sending \
 		 successful response."
 	);
+
 	sleep(Duration::from_secs(time_to_wait)).await;
 }
@@ -1,7 +1,7 @@
 use axum::extract::State;
-use conduwuit::{Error, Result};
+use conduwuit::{Err, Result};
 use futures::StreamExt;
-use ruma::api::client::{error::ErrorKind, room::aliases};
+use ruma::api::client::room::aliases;

 use crate::Ruma;

@@ -15,7 +15,7 @@ pub(crate) async fn get_room_aliases_route(
 	State(services): State<crate::State>,
 	body: Ruma<aliases::v3::Request>,
 ) -> Result<aliases::v3::Response> {
-	let sender_user = body.sender_user.as_ref().expect("user is authenticated");
+	let sender_user = body.sender_user();

 	if !services
 		.rooms
@@ -23,10 +23,7 @@ pub(crate) async fn get_room_aliases_route(
 		.user_can_see_state_events(sender_user, &body.room_id)
 		.await
 	{
-		return Err(Error::BadRequest(
-			ErrorKind::forbidden(),
-			"You don't have permission to view this room.",
-		));
+		return Err!(Request(Forbidden("You don't have permission to view this room.",)));
 	}

 	Ok(aliases::v3::Response {
@@ -2,7 +2,7 @@ use std::collections::BTreeMap;

 use axum::extract::State;
 use conduwuit::{
-	Err, Error, Result, debug_info, debug_warn, err, error, info,
+	Err, Result, debug_info, debug_warn, err, info,
 	matrix::{StateKey, pdu::PduBuilder},
 	warn,
 };
@@ -10,10 +10,7 @@ use conduwuit_service::{Services, appservice::RegistrationInfo};
 use futures::FutureExt;
 use ruma::{
 	CanonicalJsonObject, Int, OwnedRoomAliasId, OwnedRoomId, OwnedUserId, RoomId, RoomVersionId,
-	api::client::{
-		error::ErrorKind,
-		room::{self, create_room},
-	},
+	api::client::room::{self, create_room},
 	events::{
 		TimelineEventType,
 		room::{
@@ -58,16 +55,13 @@ pub(crate) async fn create_room_route(
 ) -> Result<create_room::v3::Response> {
 	use create_room::v3::RoomPreset;

-	let sender_user = body.sender_user.as_ref().expect("user is authenticated");
+	let sender_user = body.sender_user();

 	if !services.globals.allow_room_creation()
 		&& body.appservice_info.is_none()
 		&& !services.users.is_admin(sender_user).await
 	{
-		return Err(Error::BadRequest(
-			ErrorKind::forbidden(),
-			"Room creation has been disabled.",
-		));
+		return Err!(Request(Forbidden("Room creation has been disabled.",)));
 	}

 	let room_id: OwnedRoomId = match &body.room_id {
@@ -77,10 +71,7 @@ pub(crate) async fn create_room_route(

 	// check if room ID doesn't already exist instead of erroring on auth check
 	if services.rooms.short.get_shortroomid(&room_id).await.is_ok() {
-		return Err(Error::BadRequest(
-			ErrorKind::RoomInUse,
-			"Room with that custom room ID already exists",
-		));
+		return Err!(Request(RoomInUse("Room with that custom room ID already exists",)));
 	}

 	if body.visibility == room::Visibility::Public
@@ -88,19 +79,17 @@ pub(crate) async fn create_room_route(
 		&& !services.users.is_admin(sender_user).await
 		&& body.appservice_info.is_none()
 	{
-		info!(
-			"Non-admin user {sender_user} tried to publish {0} to the room directory while \
-			 \"lockdown_public_room_directory\" is enabled",
-			&room_id
+		warn!(
+			"Non-admin user {sender_user} tried to publish {room_id} to the room directory \
+			 while \"lockdown_public_room_directory\" is enabled"
 		);

 		if services.server.config.admin_room_notices {
 			services
 				.admin
-				.send_text(&format!(
-					"Non-admin user {sender_user} tried to publish {0} to the room directory \
-					 while \"lockdown_public_room_directory\" is enabled",
-					&room_id
+				.notice(&format!(
+					"Non-admin user {sender_user} tried to publish {room_id} to the room \
+					 directory while \"lockdown_public_room_directory\" is enabled"
 				))
 				.await;
 		}
@@ -125,10 +114,9 @@ pub(crate) async fn create_room_route(
 			if services.server.supported_room_version(&room_version) {
 				room_version
 			} else {
-				return Err(Error::BadRequest(
-					ErrorKind::UnsupportedRoomVersion,
-					"This server does not support that room version.",
-				));
+				return Err!(Request(UnsupportedRoomVersion(
+					"This server does not support that room version."
+				)));
 			},
 		| None => services.server.config.default_room_version.clone(),
 	};
@@ -140,16 +128,17 @@ pub(crate) async fn create_room_route(
 			let mut content = content
 				.deserialize_as::<CanonicalJsonObject>()
 				.map_err(|e| {
-					error!("Failed to deserialise content as canonical JSON: {}", e);
-					Error::bad_database("Failed to deserialise content as canonical JSON.")
+					err!(Request(BadJson(error!(
+						"Failed to deserialise content as canonical JSON: {e}"
+					))))
 				})?;
+
 			match room_version {
 				| V1 | V2 | V3 | V4 | V5 | V6 | V7 | V8 | V9 | V10 => {
 					content.insert(
 						"creator".into(),
 						json!(&sender_user).try_into().map_err(|e| {
-							info!("Invalid creation content: {e}");
-							Error::BadRequest(ErrorKind::BadJson, "Invalid creation content")
+							err!(Request(BadJson(debug_error!("Invalid creation content: {e}"))))
 						})?,
 					);
 				},
@@ -159,9 +148,9 @@ pub(crate) async fn create_room_route(
 			}
 			content.insert(
 				"room_version".into(),
-				json!(room_version.as_str()).try_into().map_err(|_| {
-					Error::BadRequest(ErrorKind::BadJson, "Invalid creation content")
-				})?,
+				json!(room_version.as_str())
+					.try_into()
+					.map_err(|e| err!(Request(BadJson("Invalid creation content: {e}"))))?,
 			);
 			content
 		},
@@ -170,21 +159,13 @@ pub(crate) async fn create_room_route(

 			let content = match room_version {
 				| V1 | V2 | V3 | V4 | V5 | V6 | V7 | V8 | V9 | V10 =>
-					RoomCreateEventContent::new_v1(sender_user.clone()),
+					RoomCreateEventContent::new_v1(sender_user.to_owned()),
 				| _ => RoomCreateEventContent::new_v11(),
 			};
-			let mut content = serde_json::from_str::<CanonicalJsonObject>(
-				to_raw_value(&content)
-					.expect("we just created this as content was None")
-					.get(),
-			)
-			.unwrap();
-			content.insert(
-				"room_version".into(),
-				json!(room_version.as_str())
-					.try_into()
-					.expect("we just created this as content was None"),
-			);
+			let mut content =
+				serde_json::from_str::<CanonicalJsonObject>(to_raw_value(&content)?.get())
+					.unwrap();
+			content.insert("room_version".into(), json!(room_version.as_str()).try_into()?);
 			content
 		},
 	};
@@ -196,8 +177,7 @@ pub(crate) async fn create_room_route(
 		.build_and_append_pdu(
 			PduBuilder {
 				event_type: TimelineEventType::RoomCreate,
-				content: to_raw_value(&create_content)
-					.expect("create event content serialization"),
+				content: to_raw_value(&create_content)?,
 				state_key: Some(StateKey::new()),
 				..Default::default()
 			},
@@ -235,7 +215,7 @@ pub(crate) async fn create_room_route(
 		| _ => RoomPreset::PrivateChat, // Room visibility should not be custom
 	});

-	let mut users = BTreeMap::from_iter([(sender_user.clone(), int!(100))]);
+	let mut users = BTreeMap::from_iter([(sender_user.to_owned(), int!(100))]);

 	if preset == RoomPreset::TrustedPrivateChat {
 		for invite in &body.invite {
@@ -263,8 +243,7 @@ pub(crate) async fn create_room_route(
 		.build_and_append_pdu(
 			PduBuilder {
 				event_type: TimelineEventType::RoomPowerLevels,
-				content: to_raw_value(&power_levels_content)
-					.expect("serialized power_levels event content"),
+				content: to_raw_value(&power_levels_content)?,
 				state_key: Some(StateKey::new()),
 				..Default::default()
 			},
@@ -353,8 +332,7 @@ pub(crate) async fn create_room_route(
 	// 6. Events listed in initial_state
 	for event in &body.initial_state {
 		let mut pdu_builder = event.deserialize_as::<PduBuilder>().map_err(|e| {
-			warn!("Invalid initial state event: {:?}", e);
-			Error::BadRequest(ErrorKind::InvalidParam, "Invalid initial state event.")
+			err!(Request(InvalidParam(warn!("Invalid initial state event: {e:?}"))))
 		})?;

 		debug_info!("Room creation initial state event: {event:?}");
@@ -363,7 +341,7 @@ pub(crate) async fn create_room_route(
 		// state event in there with the content of literally `{}` (not null or empty
 		// string), let's just skip it over and warn.
 		if pdu_builder.content.get().eq("{}") {
-			info!("skipping empty initial state event with content of `{{}}`: {event:?}");
+			debug_warn!("skipping empty initial state event with content of `{{}}`: {event:?}");
 			debug_warn!("content: {}", pdu_builder.content.get());
 			continue;
 		}
@@ -510,9 +488,7 @@ fn default_power_levels_content(

 	if let Some(power_level_content_override) = power_level_content_override {
 		let json: JsonObject = serde_json::from_str(power_level_content_override.json().get())
-			.map_err(|_| {
-				Error::BadRequest(ErrorKind::BadJson, "Invalid power_level_content_override.")
-			})?;
+			.map_err(|e| err!(Request(BadJson("Invalid power_level_content_override: {e:?}"))))?;

 		for (key, value) in json {
 			power_levels_content[key] = value;
@@ -530,16 +506,14 @@ async fn room_alias_check(
 ) -> Result<OwnedRoomAliasId> {
 	// Basic checks on the room alias validity
 	if room_alias_name.contains(':') {
-		return Err(Error::BadRequest(
-			ErrorKind::InvalidParam,
+		return Err!(Request(InvalidParam(
 			"Room alias contained `:` which is not allowed. Please note that this expects a \
 			 localpart, not the full room alias.",
-		));
+		)));
 	} else if room_alias_name.contains(char::is_whitespace) {
-		return Err(Error::BadRequest(
-			ErrorKind::InvalidParam,
+		return Err!(Request(InvalidParam(
 			"Room alias contained spaces which is not a valid room alias.",
-		));
+		)));
 	}

 	// check if room alias is forbidden
@@ -548,7 +522,7 @@ async fn room_alias_check(
 		.forbidden_alias_names()
 		.is_match(room_alias_name)
 	{
-		return Err(Error::BadRequest(ErrorKind::Unknown, "Room alias name is forbidden."));
+		return Err!(Request(Unknown("Room alias name is forbidden.")));
 	}

 	let server_name = services.globals.server_name();
@@ -568,25 +542,19 @@ async fn room_alias_check(
 		.await
 		.is_ok()
 	{
-		return Err(Error::BadRequest(ErrorKind::RoomInUse, "Room alias already exists."));
+		return Err!(Request(RoomInUse("Room alias already exists.")));
 	}

 	if let Some(info) = appservice_info {
 		if !info.aliases.is_match(full_room_alias.as_str()) {
-			return Err(Error::BadRequest(
-				ErrorKind::Exclusive,
-				"Room alias is not in namespace.",
-			));
+			return Err!(Request(Exclusive("Room alias is not in namespace.")));
 		}
 	} else if services
 		.appservice
 		.is_exclusive_alias(&full_room_alias)
 		.await
 	{
-		return Err(Error::BadRequest(
-			ErrorKind::Exclusive,
-			"Room alias reserved by appservice.",
-		));
+		return Err!(Request(Exclusive("Room alias reserved by appservice.",)));
 	}

 	debug_info!("Full room alias: {full_room_alias}");
@@ -602,24 +570,33 @@ fn custom_room_id_check(services: &Services, custom_room_id: &str) -> Result<Own
 		.forbidden_alias_names()
 		.is_match(custom_room_id)
 	{
-		return Err(Error::BadRequest(ErrorKind::Unknown, "Custom room ID is forbidden."));
+		return Err!(Request(Unknown("Custom room ID is forbidden.")));
+	}
+
+	if custom_room_id.contains(':') {
+		return Err!(Request(InvalidParam(
+			"Custom room ID contained `:` which is not allowed. Please note that this expects a \
+			 localpart, not the full room ID.",
+		)));
+	} else if custom_room_id.contains(char::is_whitespace) {
+		return Err!(Request(InvalidParam(
+			"Custom room ID contained spaces which is not valid."
+		)));
 	}

 	let server_name = services.globals.server_name();
 	let mut room_id = custom_room_id.to_owned();
 	if custom_room_id.contains(':') {
 		if !custom_room_id.starts_with('!') {
-			return Err(Error::BadRequest(
-				ErrorKind::InvalidParam,
+			return Err!(Request(InvalidParam(
 				"Custom room ID contains an unexpected `:` which is not allowed.",
-			));
+			)));
 		}
 	} else if custom_room_id.starts_with('!') {
-		return Err(Error::BadRequest(
-			ErrorKind::InvalidParam,
+		return Err!(Request(InvalidParam(
 			"Room ID is prefixed with !, but is not fully qualified. You likely did not want \
 			 this.",
-		));
+		)));
 	} else {
 		room_id = format!("!{custom_room_id}:{server_name}");
 	}
@@ -631,10 +608,7 @@ fn custom_room_id_check(services: &Services, custom_room_id: &str) -> Result<Own
 				.expect("failed to extract server name from room ID")
 				!= server_name
 			{
-				Err(Error::BadRequest(
-					ErrorKind::InvalidParam,
-					"Custom room ID must be on this server.",
-				))
+				Err!(Request(InvalidParam("Custom room ID must be on this server.",)))
 			} else {
 				Ok(full_room_id)
 			}
@@ -40,5 +40,5 @@ pub(crate) async fn get_room_event_route(

 	event.add_age().ok();

-	Ok(get_room_event::v3::Response { event: event.into_room_event() })
+	Ok(get_room_event::v3::Response { event: event.into_format() })
 }
@@ -1,9 +1,9 @@
 use axum::extract::State;
 use conduwuit::{
-	Err, PduEvent, Result, at,
+	Err, Event, Result, at,
 	utils::{BoolExt, stream::TryTools},
 };
-use futures::TryStreamExt;
+use futures::{FutureExt, TryStreamExt, future::try_join4};
 use ruma::api::client::room::initial_sync::v3::{PaginationChunk, Request, Response};

 use crate::Ruma;
@@ -25,22 +25,33 @@ pub(crate) async fn room_initial_sync_route(
 		return Err!(Request(Forbidden("No room preview available.")));
 	}

+	let membership = services
+		.rooms
+		.state_cache
+		.user_membership(body.sender_user(), room_id)
+		.map(Ok);
+
+	let visibility = services.rooms.directory.visibility(room_id).map(Ok);
+
+	let state = services
+		.rooms
+		.state_accessor
+		.room_state_full_pdus(room_id)
+		.map_ok(Event::into_format)
+		.try_collect::<Vec<_>>();
+
 	let limit = LIMIT_MAX;
-	let events: Vec<_> = services
+	let events = services
 		.rooms
 		.timeline
 		.pdus_rev(None, room_id, None)
 		.try_take(limit)
-		.try_collect()
-		.await?;
+		.try_collect::<Vec<_>>();

-	let state: Vec<_> = services
-		.rooms
-		.state_accessor
-		.room_state_full_pdus(room_id)
-		.map_ok(PduEvent::into_state_event)
-		.try_collect()
-		.await?;
+	let (membership, visibility, state, events) =
+		try_join4(membership, visibility, state, events)
+			.boxed()
+			.await?;

 	let messages = PaginationChunk {
 		start: events.last().map(at!(0)).as_ref().map(ToString::to_string),
@@ -55,7 +66,7 @@ pub(crate) async fn room_initial_sync_route(
 		chunk: events
 			.into_iter()
 			.map(at!(1))
-			.map(PduEvent::into_room_event)
+			.map(Event::into_format)
 			.collect(),
 	};

@@ -64,11 +75,7 @@ pub(crate) async fn room_initial_sync_route(
 		account_data: None,
 		state: state.into(),
 		messages: messages.chunk.is_empty().or_some(messages),
-		visibility: services.rooms.directory.visibility(room_id).await.into(),
-		membership: services
-			.rooms
-			.state_cache
-			.user_membership(body.sender_user(), room_id)
-			.await,
+		visibility: visibility.into(),
+		membership,
 	})
 }
@@ -113,13 +113,15 @@ async fn local_room_summary_response(
 ) -> Result<get_summary::msc3266::Response> {
 	trace!(?sender_user, "Sending local room summary response for {room_id:?}");
 	let join_rule = services.rooms.state_accessor.get_join_rules(room_id);
+
 	let world_readable = services.rooms.state_accessor.is_world_readable(room_id);
+
 	let guest_can_join = services.rooms.state_accessor.guest_can_join(room_id);

 	let (join_rule, world_readable, guest_can_join) =
 		join3(join_rule, world_readable, guest_can_join).await;
-	trace!("{join_rule:?}, {world_readable:?}, {guest_can_join:?}");

+	trace!("{join_rule:?}, {world_readable:?}, {guest_can_join:?}");
 	user_can_see_summary(
 		services,
 		room_id,
@@ -2,7 +2,7 @@ use std::cmp::max;

 use axum::extract::State;
 use conduwuit::{
-	Error, Result, err, info,
+	Error, Event, Result, err, info,
 	matrix::{StateKey, pdu::PduBuilder},
 };
 use futures::StreamExt;
@@ -210,7 +210,7 @@ pub(crate) async fn upgrade_room_route(
 			.room_state_get(&body.room_id, event_type, "")
 			.await
 		{
-			| Ok(v) => v.content.clone(),
+			| Ok(v) => v.content().to_owned(),
 			| Err(_) => continue, // Skipping missing events.
 		};

@@ -3,7 +3,7 @@ use std::collections::BTreeMap;
 use axum::extract::State;
 use conduwuit::{
 	Err, Result, at, is_true,
-	matrix::pdu::PduEvent,
+	matrix::Event,
 	result::FlatOk,
 	utils::{IterStream, stream::ReadyExt},
 };
@@ -144,7 +144,7 @@ async fn category_room_events(
 		.map(at!(2))
 		.flatten()
 		.stream()
-		.map(PduEvent::into_room_event)
+		.map(Event::into_format)
 		.map(|result| SearchResult {
 			rank: None,
 			result: Some(result),
@@ -185,7 +185,7 @@ async fn procure_room_state(services: &Services, room_id: &RoomId) -> Result<Roo
 		.rooms
 		.state_accessor
 		.room_state_full_pdus(room_id)
-		.map_ok(PduEvent::into_state_event)
+		.map_ok(Event::into_format)
 		.try_collect()
 		.await?;

@@ -269,11 +269,9 @@ pub(crate) async fn login_token_route(
 		return Err!(Request(Forbidden("Login via an existing session is not enabled")));
 	}

-	let sender_user = body.sender_user();
-	let sender_device = body.sender_device();
-
 	// This route SHOULD have UIA
 	// TODO: How do we make only UIA sessions that have not been used before valid?
+	let (sender_user, sender_device) = body.sender();

 	let mut uiaainfo = uiaa::UiaaInfo {
 		flows: vec![uiaa::AuthFlow { stages: vec![uiaa::AuthType::Password] }],
@@ -335,12 +333,9 @@ pub(crate) async fn logout_route(
 	InsecureClientIp(client): InsecureClientIp,
 	body: Ruma<logout::v3::Request>,
 ) -> Result<logout::v3::Response> {
-	let sender_user = body.sender_user.as_ref().expect("user is authenticated");
-	let sender_device = body.sender_device.as_ref().expect("user is authenticated");
-
 	services
 		.users
-		.remove_device(sender_user, sender_device)
+		.remove_device(body.sender_user(), body.sender_device())
 		.await;

 	Ok(logout::v3::Response::new())
@@ -365,12 +360,10 @@ pub(crate) async fn logout_all_route(
 	InsecureClientIp(client): InsecureClientIp,
 	body: Ruma<logout_all::v3::Request>,
 ) -> Result<logout_all::v3::Response> {
-	let sender_user = body.sender_user.as_ref().expect("user is authenticated");
-
 	services
 		.users
-		.all_device_ids(sender_user)
-		.for_each(|device_id| services.users.remove_device(sender_user, device_id))
+		.all_device_ids(body.sender_user())
+		.for_each(|device_id| services.users.remove_device(body.sender_user(), device_id))
 		.await;

 	Ok(logout_all::v3::Response::new())
@@ -1,11 +1,11 @@
 use axum::extract::State;
 use conduwuit::{
 	Err, Result, err,
-	matrix::pdu::{PduBuilder, PduEvent},
+	matrix::{Event, pdu::PduBuilder},
 	utils::BoolExt,
 };
 use conduwuit_service::Services;
-use futures::TryStreamExt;
+use futures::{FutureExt, TryStreamExt};
 use ruma::{
 	OwnedEventId, RoomId, UserId,
 	api::client::state::{get_state_events, get_state_events_for_key, send_state_event},
@@ -21,6 +21,7 @@ use ruma::{
 	},
 	serde::Raw,
 };
+use serde_json::json;

 use crate::{Ruma, RumaResponse};

@@ -59,6 +60,7 @@ pub(crate) async fn send_state_event_for_empty_key_route(
 	body: Ruma<send_state_event::v3::Request>,
 ) -> Result<RumaResponse<send_state_event::v3::Response>> {
 	send_state_event_for_key_route(State(services), body)
+		.boxed()
 		.await
 		.map(RumaResponse)
 }
@@ -73,7 +75,7 @@ pub(crate) async fn get_state_events_route(
 	State(services): State<crate::State>,
 	body: Ruma<get_state_events::v3::Request>,
 ) -> Result<get_state_events::v3::Response> {
-	let sender_user = body.sender_user.as_ref().expect("user is authenticated");
+	let sender_user = body.sender_user();

 	if !services
 		.rooms
@@ -89,7 +91,7 @@ pub(crate) async fn get_state_events_route(
 			.rooms
 			.state_accessor
 			.room_state_full_pdus(&body.room_id)
-			.map_ok(PduEvent::into_state_event)
+			.map_ok(Event::into_format)
 			.try_collect()
 			.await?,
 	})
@@ -140,7 +142,18 @@ pub(crate) async fn get_state_events_for_key_route(

 	Ok(get_state_events_for_key::v3::Response {
 		content: event_format.or(|| event.get_content_as_value()),
-		event: event_format.then(|| event.into_state_event_value()),
+		event: event_format.then(|| {
+			json!({
+				"content": event.content(),
+				"event_id": event.event_id(),
+				"origin_server_ts": event.origin_server_ts(),
+				"room_id": event.room_id(),
+				"sender": event.sender(),
+				"state_key": event.state_key(),
+				"type": event.kind(),
+				"unsigned": event.unsigned(),
+			})
+		}),
 	})
 }

@@ -473,9 +473,7 @@ async fn handle_left_room(
 				prev_batch: Some(next_batch.to_string()),
 				events: Vec::new(),
 			},
-			state: RoomState {
-				events: vec![event.into_sync_state_event()],
-			},
+			state: RoomState { events: vec![event.into_format()] },
 		}));
 	}

@@ -559,7 +557,7 @@ async fn handle_left_room(
 				continue;
 			}

-			left_state_events.push(pdu.into_sync_state_event());
+			left_state_events.push(pdu.into_format());
 		}
 	}

@@ -645,7 +643,7 @@ async fn load_joined_room(

 	let lazy_loading_context = &lazy_loading::Context {
 		user_id: sender_user,
-		device_id: sender_device,
+		device_id: Some(sender_device),
 		room_id,
 		token: Some(since),
 		options: Some(&filter.room.state.lazy_load_options),
@@ -755,7 +753,7 @@ async fn load_joined_room(
 		.wide_filter_map(|item| ignored_filter(services, item, sender_user))
 		.map(at!(1))
 		.chain(joined_sender_member.into_iter().stream())
-		.map(|pdu| pdu.to_sync_room_event())
+		.map(Event::into_format)
 		.collect::<Vec<_>>();

 	let account_data_events = services
@@ -877,10 +875,7 @@ async fn load_joined_room(
 			events: room_events,
 		},
 		state: RoomState {
-			events: state_events
-				.into_iter()
-				.map(PduEvent::into_sync_state_event)
-				.collect(),
+			events: state_events.into_iter().map(Event::into_format).collect(),
 		},
 		ephemeral: Ephemeral { events: edus },
 		unread_thread_notifications: BTreeMap::new(),
@@ -6,7 +6,7 @@ use std::{

 use axum::extract::State;
 use conduwuit::{
-	Err, Error, PduCount, PduEvent, Result, debug, error, extract_variant,
+	Err, Error, Event, PduCount, Result, at, debug, error, extract_variant,
 	matrix::TypeStateKey,
 	utils::{
 		BoolExt, IterStream, ReadyExt, TryFutureExtExt,
@@ -604,7 +604,8 @@ pub(crate) async fn sync_events_v4_route(
 			.iter()
 			.stream()
 			.filter_map(|item| ignored_filter(&services, item.clone(), sender_user))
-			.map(|(_, pdu)| pdu.to_sync_room_event())
+			.map(at!(1))
+			.map(Event::into_format)
 			.collect()
 			.await;

@@ -626,7 +627,7 @@ pub(crate) async fn sync_events_v4_route(
 					.state_accessor
 					.room_state_get(room_id, &state.0, &state.1)
 					.await
-					.map(PduEvent::into_sync_state_event)
+					.map(Event::into_format)
 					.ok()
 			})
 			.collect()
@@ -7,11 +7,8 @@ use std::{

 use axum::extract::State;
 use conduwuit::{
-	Err, Error, Result, error, extract_variant, is_equal_to,
-	matrix::{
-		TypeStateKey,
-		pdu::{PduCount, PduEvent},
-	},
+	Err, Error, Result, at, error, extract_variant, is_equal_to,
+	matrix::{Event, TypeStateKey, pdu::PduCount},
 	trace,
 	utils::{
 		BoolExt, FutureBoolExt, IterStream, ReadyExt, TryFutureExtExt,
@@ -515,7 +512,8 @@ where
 			.iter()
 			.stream()
 			.filter_map(|item| ignored_filter(services, item.clone(), sender_user))
-			.map(|(_, pdu)| pdu.to_sync_room_event())
+			.map(at!(1))
+			.map(Event::into_format)
 			.collect()
 			.await;

@@ -537,7 +535,7 @@ where
 					.state_accessor
 					.room_state_get(room_id, &state.0, &state.1)
 					.await
-					.map(PduEvent::into_sync_state_event)
+					.map(Event::into_format)
 					.ok()
 			})
 			.collect()
@@ -21,7 +21,7 @@ pub(crate) async fn update_tag_route(
 	State(services): State<crate::State>,
 	body: Ruma<create_tag::v3::Request>,
 ) -> Result<create_tag::v3::Response> {
-	let sender_user = body.sender_user.as_ref().expect("user is authenticated");
+	let sender_user = body.sender_user();

 	let mut tags_event = services
 		.account_data
@@ -42,7 +42,7 @@ pub(crate) async fn update_tag_route(
 			Some(&body.room_id),
 			sender_user,
 			RoomAccountDataEventType::Tag,
-			&serde_json::to_value(tags_event).expect("to json value always works"),
+			&serde_json::to_value(tags_event)?,
 		)
 		.await?;

@@ -58,7 +58,7 @@ pub(crate) async fn delete_tag_route(
 	State(services): State<crate::State>,
 	body: Ruma<delete_tag::v3::Request>,
 ) -> Result<delete_tag::v3::Response> {
-	let sender_user = body.sender_user.as_ref().expect("user is authenticated");
+	let sender_user = body.sender_user();

 	let mut tags_event = services
 		.account_data
@@ -76,7 +76,7 @@ pub(crate) async fn delete_tag_route(
 			Some(&body.room_id),
 			sender_user,
 			RoomAccountDataEventType::Tag,
-			&serde_json::to_value(tags_event).expect("to json value always works"),
+			&serde_json::to_value(tags_event)?,
 		)
 		.await?;

@@ -92,7 +92,7 @@ pub(crate) async fn get_tags_route(
 	State(services): State<crate::State>,
 	body: Ruma<get_tags::v3::Request>,
 ) -> Result<get_tags::v3::Response> {
-	let sender_user = body.sender_user.as_ref().expect("user is authenticated");
+	let sender_user = body.sender_user();

 	let tags_event = services
 		.account_data
@@ -1,7 +1,10 @@
 use axum::extract::State;
 use conduwuit::{
 	Result, at,
-	matrix::pdu::{PduCount, PduEvent},
+	matrix::{
+		Event,
+		pdu::{PduCount, PduEvent},
+	},
 };
 use futures::StreamExt;
 use ruma::{api::client::threads::get_threads, uint};
@@ -56,7 +59,7 @@ pub(crate) async fn get_threads_route(
 		chunk: threads
 			.into_iter()
 			.map(at!(1))
-			.map(PduEvent::into_room_event)
+			.map(Event::into_format)
 			.collect(),
 	})
 }
@@ -21,7 +21,7 @@ pub(crate) async fn send_event_to_device_route(
 	State(services): State<crate::State>,
 	body: Ruma<send_event_to_device::v3::Request>,
 ) -> Result<send_event_to_device::v3::Response> {
-	let sender_user = body.sender_user.as_ref().expect("user is authenticated");
+	let sender_user = body.sender_user();
 	let sender_device = body.sender_device.as_deref();

 	// Check if this is a new transaction id
@@ -47,7 +47,7 @@ pub(crate) async fn send_event_to_device_route(
 				serde_json::to_writer(
 					&mut buf,
 					&federation::transactions::edu::Edu::DirectToDevice(DirectDeviceContent {
-						sender: sender_user.clone(),
+						sender: sender_user.to_owned(),
 						ev_type: body.event_type.clone(),
 						message_id: count.to_string().into(),
 						messages,
@@ -69,7 +69,7 @@ pub(crate) async fn delete_timezone_key_route(
 	State(services): State<crate::State>,
 	body: Ruma<delete_timezone_key::unstable::Request>,
 ) -> Result<delete_timezone_key::unstable::Response> {
-	let sender_user = body.sender_user.as_ref().expect("user is authenticated");
+	let sender_user = body.sender_user();

 	if *sender_user != body.user_id && body.appservice_info.is_none() {
 		return Err!(Request(Forbidden("You cannot update the profile of another user")));
@@ -97,7 +97,7 @@ pub(crate) async fn set_timezone_key_route(
 	State(services): State<crate::State>,
 	body: Ruma<set_timezone_key::unstable::Request>,
 ) -> Result<set_timezone_key::unstable::Response> {
-	let sender_user = body.sender_user.as_ref().expect("user is authenticated");
+	let sender_user = body.sender_user();

 	if *sender_user != body.user_id && body.appservice_info.is_none() {
 		return Err!(Request(Forbidden("You cannot update the profile of another user")));
@@ -125,7 +125,7 @@ pub(crate) async fn set_profile_key_route(
 	State(services): State<crate::State>,
 	body: Ruma<set_profile_key::unstable::Request>,
 ) -> Result<set_profile_key::unstable::Response> {
-	let sender_user = body.sender_user.as_ref().expect("user is authenticated");
+	let sender_user = body.sender_user();

 	if *sender_user != body.user_id && body.appservice_info.is_none() {
 		return Err!(Request(Forbidden("You cannot update the profile of another user")));
@@ -218,7 +218,7 @@ pub(crate) async fn delete_profile_key_route(
 	State(services): State<crate::State>,
 	body: Ruma<delete_profile_key::unstable::Request>,
 ) -> Result<delete_profile_key::unstable::Response> {
-	let sender_user = body.sender_user.as_ref().expect("user is authenticated");
+	let sender_user = body.sender_user();

 	if *sender_user != body.user_id && body.appservice_info.is_none() {
 		return Err!(Request(Forbidden("You cannot update the profile of another user")));
@@ -1,10 +1,7 @@
 use axum::extract::State;
 use conduwuit::{
 	Result,
-	utils::{
-		future::BoolExt,
-		stream::{BroadbandExt, ReadyExt},
-	},
+	utils::{future::BoolExt, stream::BroadbandExt},
 };
 use futures::{FutureExt, StreamExt, pin_mut};
 use ruma::{
@@ -37,17 +34,18 @@ pub(crate) async fn search_users_route(
 	let mut users = services
 		.users
 		.stream()
-		.ready_filter(|user_id| user_id.as_str().to_lowercase().contains(&search_term))
 		.map(ToOwned::to_owned)
 		.broad_filter_map(async |user_id| {
 			let display_name = services.users.displayname(&user_id).await.ok();

+			let user_id_matches = user_id.as_str().to_lowercase().contains(&search_term);
+
 			let display_name_matches = display_name
 				.as_deref()
 				.map(str::to_lowercase)
 				.is_some_and(|display_name| display_name.contains(&search_term));

-			if !display_name_matches {
+			if !user_id_matches && !display_name_matches {
 				return None;
 			}

@@ -1,5 +1,6 @@
 use axum::{Json, extract::State, response::IntoResponse};
 use conduwuit::{Error, Result};
+use futures::StreamExt;
 use ruma::api::client::{
 	discovery::{
 		discover_homeserver::{self, HomeserverInfo, SlidingSyncProxyInfo},
@@ -17,7 +18,7 @@ pub(crate) async fn well_known_client(
 	State(services): State<crate::State>,
 	_body: Ruma<discover_homeserver::Request>,
 ) -> Result<discover_homeserver::Response> {
-	let client_url = match services.server.config.well_known.client.as_ref() {
+	let client_url = match services.config.well_known.client.as_ref() {
 		| Some(url) => url.to_string(),
 		| None => return Err(Error::BadRequest(ErrorKind::NotFound, "Not found.")),
 	};
@@ -33,44 +34,63 @@ pub(crate) async fn well_known_client(
 /// # `GET /.well-known/matrix/support`
 ///
 /// Server support contact and support page of a homeserver's domain.
+/// Implements MSC1929 for server discovery.
+/// If no configuration is set, uses admin users as contacts.
 pub(crate) async fn well_known_support(
 	State(services): State<crate::State>,
 	_body: Ruma<discover_support::Request>,
 ) -> Result<discover_support::Response> {
 	let support_page = services
-		.server
 		.config
 		.well_known
 		.support_page
 		.as_ref()
 		.map(ToString::to_string);

-	let role = services.server.config.well_known.support_role.clone();
-
-	// support page or role must be either defined for this to be valid
-	if support_page.is_none() && role.is_none() {
-		return Err(Error::BadRequest(ErrorKind::NotFound, "Not found."));
-	}
-
-	let email_address = services.server.config.well_known.support_email.clone();
-	let matrix_id = services.server.config.well_known.support_mxid.clone();
-
-	// if a role is specified, an email address or matrix id is required
-	if role.is_some() && (email_address.is_none() && matrix_id.is_none()) {
-		return Err(Error::BadRequest(ErrorKind::NotFound, "Not found."));
-	}
+	let email_address = services.config.well_known.support_email.clone();
+	let matrix_id = services.config.well_known.support_mxid.clone();

 	// TODO: support defining multiple contacts in the config
 	let mut contacts: Vec<Contact> = vec![];

-	if let Some(role) = role {
-		let contact = Contact { role, email_address, matrix_id };
+	let role_value = services
+		.config
+		.well_known
+		.support_role
+		.clone()
+		.unwrap_or_else(|| "m.role.admin".to_owned().into());

-		contacts.push(contact);
+	// Add configured contact if at least one contact method is specified
+	if email_address.is_some() || matrix_id.is_some() {
+		contacts.push(Contact {
+			role: role_value.clone(),
+			email_address: email_address.clone(),
+			matrix_id: matrix_id.clone(),
+		});
+	}
+
+	// Try to add admin users as contacts if no contacts are configured
+	if contacts.is_empty() {
+		if let Ok(admin_room) = services.admin.get_admin_room().await {
+			let admin_users = services.rooms.state_cache.room_members(&admin_room);
+			let mut stream = admin_users;
+
+			while let Some(user_id) = stream.next().await {
+				// Skip server user
+				if *user_id == services.globals.server_user {
+					break;
+				}
+				contacts.push(Contact {
+					role: role_value.clone(),
+					email_address: None,
+					matrix_id: Some(user_id.to_owned()),
+				});
+			}
+		}
 	}

-	// support page or role+contacts must be either defined for this to be valid
 	if contacts.is_empty() && support_page.is_none() {
+		// No admin room, no configured contacts, and no support page
 		return Err(Error::BadRequest(ErrorKind::NotFound, "Not found."));
 	}

@@ -84,9 +104,9 @@ pub(crate) async fn well_known_support(
 pub(crate) async fn syncv3_client_server_json(
 	State(services): State<crate::State>,
 ) -> Result<impl IntoResponse> {
-	let server_url = match services.server.config.well_known.client.as_ref() {
+	let server_url = match services.config.well_known.client.as_ref() {
 		| Some(url) => url.to_string(),
-		| None => match services.server.config.well_known.server.as_ref() {
+		| None => match services.config.well_known.server.as_ref() {
 			| Some(url) => url.to_string(),
 			| None => return Err(Error::BadRequest(ErrorKind::NotFound, "Not found.")),
 		},
@@ -2,7 +2,10 @@ use axum::extract::State;
 use axum_client_ip::InsecureClientIp;
 use base64::{Engine as _, engine::general_purpose};
 use conduwuit::{
-	Err, Error, PduEvent, Result, err, pdu::gen_event_id, utils, utils::hash::sha256, warn,
+	Err, Error, PduEvent, Result, err,
+	matrix::{Event, event::gen_event_id},
+	utils::{self, hash::sha256},
+	warn,
 };
 use ruma::{
 	CanonicalJsonValue, OwnedUserId, UserId,
@@ -56,7 +59,7 @@ pub(crate) async fn create_invite_route(
 	}

 	let mut signed_event = utils::to_canonical_object(&body.event)
-		.map_err(|_| Error::BadRequest(ErrorKind::InvalidParam, "Invite event is invalid."))?;
+		.map_err(|_| err!(Request(InvalidParam("Invite event is invalid."))))?;

 	let invited_user: OwnedUserId = signed_event
 		.get("state_key")
@@ -111,7 +114,7 @@ pub(crate) async fn create_invite_route(
 	let pdu: PduEvent = serde_json::from_value(event.into())
 		.map_err(|e| err!(Request(BadJson("Invalid invite event PDU: {e}"))))?;

-	invite_state.push(pdu.to_stripped_state_event());
+	invite_state.push(pdu.to_format());

 	// If we are active in the room, the remote server will notify us about the
 	// join/invite through /send. If we are not in the room, we need to manually
@@ -144,7 +147,7 @@ pub(crate) async fn create_invite_route(
 					.send_appservice_request(
 						appservice.registration.clone(),
 						ruma::api::appservice::event::push_events::v1::Request {
-							events: vec![pdu.to_room_event()],
+							events: vec![pdu.to_format()],
 							txn_id: general_purpose::URL_SAFE_NO_PAD
 								.encode(sha256::hash(pdu.event_id.as_bytes()))
 								.into(),
@@ -5,7 +5,7 @@ use std::borrow::Borrow;
 use axum::extract::State;
 use conduwuit::{
 	Err, Result, at, err,
-	pdu::gen_event_id_canonical_json,
+	matrix::event::gen_event_id_canonical_json,
 	utils::stream::{IterStream, TryBroadbandExt},
 	warn,
 };
@@ -1,7 +1,7 @@
 use axum::extract::State;
 use conduwuit::{
 	Err, Result, err,
-	matrix::pdu::{PduEvent, gen_event_id_canonical_json},
+	matrix::{event::gen_event_id_canonical_json, pdu::PduEvent},
 	warn,
 };
 use futures::FutureExt;
@@ -1,7 +1,7 @@
 #![allow(deprecated)]

 use axum::extract::State;
-use conduwuit::{Err, Result, err, matrix::pdu::gen_event_id_canonical_json};
+use conduwuit::{Err, Result, err, matrix::event::gen_event_id_canonical_json};
 use conduwuit_service::Services;
 use futures::FutureExt;
 use ruma::{
@@ -13,13 +13,13 @@ version.workspace = true
 build = "build.rs"
 # [[bin]]
 # path = "main.rs"
-# name = "conduwuit_build_metadata" 
+# name = "conduwuit_build_metadata"

 [lib]
 path = "mod.rs"
 crate-type = [
-	"rlib",
-#	"dylib",
+    "rlib",
+    # "dylib",
 ]

 [features]
@@ -28,7 +28,7 @@ crate-type = [
 [dependencies]

 [build-dependencies]
-built = {version = "0.7", features = ["cargo-lock", "dependency-tree"]}
+built = { version = "0.8", features = [] }

 [lints]
 workspace = true
@@ -78,12 +78,13 @@ fn main() {
 	}

 	// --- Rerun Triggers ---
-	// Rerun if the git HEAD changes
-	println!("cargo:rerun-if-changed=.git/HEAD");
-	// Rerun if the ref pointed to by HEAD changes (e.g., new commit on branch)
-	if let Some(ref_path) = run_git_command(&["symbolic-ref", "--quiet", "HEAD"]) {
-		println!("cargo:rerun-if-changed=.git/{ref_path}");
-	}
+	// TODO: The git rerun triggers seem to always run
+	// // Rerun if the git HEAD changes
+	// println!("cargo:rerun-if-changed=.git/HEAD");
+	// // Rerun if the ref pointed to by HEAD changes (e.g., new commit on branch)
+	// if let Some(ref_path) = run_git_command(&["symbolic-ref", "--quiet", "HEAD"])
+	// { 	println!("cargo:rerun-if-changed=.git/{ref_path}");
+	// }

 	println!("cargo:rerun-if-env-changed=GIT_COMMIT_HASH");
 	println!("cargo:rerun-if-env-changed=GIT_COMMIT_HASH_SHORT");
@@ -12,11 +12,17 @@ pub static VERSION_EXTRA: Option<&str> =
 		v
 	} else if let v @ Some(_) = option_env!("CONDUWUIT_VERSION_EXTRA") {
 		v
-	} else if let v @ Some(_) = option_env!("CONDUIT_VERSION_EXTRA") {
-		v
 	} else {
-		GIT_COMMIT_HASH_SHORT
+		option_env!("CONDUIT_VERSION_EXTRA")
 	};
+
+#[must_use]
+pub fn version_tag() -> Option<&'static str> {
+	VERSION_EXTRA
+		.filter(|s| !s.is_empty())
+		.or(GIT_COMMIT_HASH_SHORT)
+}
+
 pub static GIT_REMOTE_WEB_URL: Option<&str> = option_env!("GIT_REMOTE_WEB_URL");
 pub static GIT_REMOTE_COMMIT_URL: Option<&str> = option_env!("GIT_REMOTE_COMMIT_URL");

@@ -274,6 +274,10 @@ pub fn set_dirty_decay<I: Into<Option<usize>>>(arena: I, decay_ms: isize) -> Res
 	}
 }

+pub fn background_thread_enable(enable: bool) -> Result<bool> {
+	set::<u8>(&mallctl!("background_thread"), enable.into()).map(is_nonzero!())
+}
+
 #[inline]
 #[must_use]
 pub fn is_affine_arena() -> bool { is_percpu_arena() || is_phycpu_arena() }
@@ -219,6 +219,15 @@ pub fn check(config: &Config) -> Result {
 		));
 	}

+	// Check if support contact information is configured
+	if config.well_known.support_email.is_none() && config.well_known.support_mxid.is_none() {
+		warn!(
+			"No support contact information (support_email or support_mxid) is configured in \
+			 the well_known section. Users in the admin room will be automatically listed as \
+			 support contacts in the /.well-known/matrix/support endpoint."
+		);
+	}
+
 	if config
 		.url_preview_domain_contains_allowlist
 		.contains(&"*".to_owned())
@@ -1897,12 +1897,28 @@ pub struct WellKnownConfig {
 	/// example: "matrix.example.com:443"
 	pub server: Option<OwnedServerName>,

+	/// URL to a support page for the server, which will be served as part of
+	/// the MSC1929 server support endpoint at /.well-known/matrix/support.
+	/// Will be included alongside any contact information
 	pub support_page: Option<Url>,

+	/// Role string for server support contacts, to be served as part of the
+	/// MSC1929 server support endpoint at /.well-known/matrix/support.
+	///
+	/// default: "m.role.admin"
 	pub support_role: Option<ContactRole>,

+	/// Email address for server support contacts, to be served as part of the
+	/// MSC1929 server support endpoint.
+	/// This will be used along with support_mxid if specified.
 	pub support_email: Option<String>,

+	/// Matrix ID for server support contacts, to be served as part of the
+	/// MSC1929 server support endpoint.
+	/// This will be used along with support_email if specified.
+	///
+	/// If no email or mxid is specified, all of the server's admins will be
+	/// listed.
 	pub support_mxid: Option<OwnedUserId>,
 }

@@ -88,10 +88,7 @@ impl PartialProxyConfig {
 			}
 		}
 		match (included_because, excluded_because) {
-			| (Some(a), Some(b)) if a.more_specific_than(b) => Some(&self.url), /* included for
-			                                                                      * a more specific
-			                                                                      * reason */
-			// than excluded
+			| (Some(a), Some(b)) if a.more_specific_than(b) => Some(&self.url),
 			| (Some(_), None) => Some(&self.url),
 			| _ => None,
 		}
@@ -84,10 +84,12 @@ fn append_features(features: &mut Vec<String>, manifest: &str) -> Result<()> {

 fn init_dependencies() -> Result<DepsSet> {
 	let manifest = Manifest::from_str(WORKSPACE_MANIFEST)?;
-	Ok(manifest
+	let deps_set = manifest
 		.workspace
 		.as_ref()
 		.expect("manifest has workspace section")
 		.dependencies
-		.clone())
+		.clone();
+
+	Ok(deps_set)
 }
@@ -26,6 +26,6 @@ pub fn user_agent() -> &'static str { USER_AGENT.get_or_init(init_user_agent) }
 fn init_user_agent() -> String { format!("{}/{}", name(), version()) }

 fn init_version() -> String {
-	conduwuit_build_metadata::VERSION_EXTRA
+	conduwuit_build_metadata::version_tag()
 		.map_or(SEMANTIC.to_owned(), |extra| format!("{SEMANTIC} ({extra})"))
 }
@@ -1,18 +1,171 @@
-use std::{
-	borrow::Borrow,
-	fmt::{Debug, Display},
-	hash::Hash,
-};
+mod content;
+mod filter;
+mod format;
+mod id;
+mod redact;
+mod relation;
+mod type_ext;
+mod unsigned;

-use ruma::{EventId, MilliSecondsSinceUnixEpoch, RoomId, UserId, events::TimelineEventType};
-use serde_json::value::RawValue as RawJsonValue;
+use std::fmt::Debug;
+
+use ruma::{
+	CanonicalJsonObject, EventId, MilliSecondsSinceUnixEpoch, OwnedEventId, RoomId,
+	RoomVersionId, UserId, events::TimelineEventType,
+};
+use serde::Deserialize;
+use serde_json::{Value as JsonValue, value::RawValue as RawJsonValue};
+
+pub use self::{filter::Matches, id::*, relation::RelationTypeEqual, type_ext::TypeExt};
+use super::{pdu::Pdu, state_key::StateKey};
+use crate::{Result, utils};

 /// Abstraction of a PDU so users can have their own PDU types.
-pub trait Event {
-	type Id: Clone + Debug + Display + Eq + Ord + Hash + Send + Borrow<EventId>;
+pub trait Event: Clone + Debug {
+	/// Serialize into a Ruma JSON format, consuming.
+	#[inline]
+	fn into_format<T>(self) -> T
+	where
+		T: From<format::Owned<Self>>,
+		Self: Sized,
+	{
+		format::Owned(self).into()
+	}
+
+	/// Serialize into a Ruma JSON format
+	#[inline]
+	fn to_format<'a, T>(&'a self) -> T
+	where
+		T: From<format::Ref<'a, Self>>,
+		Self: Sized + 'a,
+	{
+		format::Ref(self).into()
+	}
+
+	#[inline]
+	fn contains_unsigned_property<T>(&self, property: &str, is_type: T) -> bool
+	where
+		T: FnOnce(&JsonValue) -> bool,
+		Self: Sized,
+	{
+		unsigned::contains_unsigned_property::<T, _>(self, property, is_type)
+	}
+
+	#[inline]
+	fn get_unsigned_property<T>(&self, property: &str) -> Result<T>
+	where
+		T: for<'de> Deserialize<'de>,
+		Self: Sized,
+	{
+		unsigned::get_unsigned_property::<T, _>(self, property)
+	}
+
+	#[inline]
+	fn get_unsigned_as_value(&self) -> JsonValue
+	where
+		Self: Sized,
+	{
+		unsigned::get_unsigned_as_value(self)
+	}
+
+	#[inline]
+	fn get_unsigned<T>(&self) -> Result<T>
+	where
+		T: for<'de> Deserialize<'de>,
+		Self: Sized,
+	{
+		unsigned::get_unsigned::<T, _>(self)
+	}
+
+	#[inline]
+	fn get_content_as_value(&self) -> JsonValue
+	where
+		Self: Sized,
+	{
+		content::as_value(self)
+	}
+
+	#[inline]
+	fn get_content<T>(&self) -> Result<T>
+	where
+		for<'de> T: Deserialize<'de>,
+		Self: Sized,
+	{
+		content::get::<T, _>(self)
+	}
+
+	#[inline]
+	fn redacts_id(&self, room_version: &RoomVersionId) -> Option<OwnedEventId>
+	where
+		Self: Sized,
+	{
+		redact::redacts_id(self, room_version)
+	}
+
+	#[inline]
+	fn is_redacted(&self) -> bool
+	where
+		Self: Sized,
+	{
+		redact::is_redacted(self)
+	}
+
+	#[inline]
+	fn into_canonical_object(self) -> CanonicalJsonObject
+	where
+		Self: Sized,
+	{
+		utils::to_canonical_object(self.into_pdu()).expect("failed to create Value::Object")
+	}
+
+	#[inline]
+	fn to_canonical_object(&self) -> CanonicalJsonObject {
+		utils::to_canonical_object(self.as_pdu()).expect("failed to create Value::Object")
+	}
+
+	#[inline]
+	fn into_value(self) -> JsonValue
+	where
+		Self: Sized,
+	{
+		serde_json::to_value(self.into_pdu()).expect("failed to create JSON Value")
+	}
+
+	#[inline]
+	fn to_value(&self) -> JsonValue {
+		serde_json::to_value(self.as_pdu()).expect("failed to create JSON Value")
+	}
+
+	#[inline]
+	fn as_mut_pdu(&mut self) -> &mut Pdu { unimplemented!("not a mutable Pdu") }
+
+	fn as_pdu(&self) -> &Pdu;
+
+	fn into_pdu(self) -> Pdu;
+
+	fn is_owned(&self) -> bool;
+
+	//
+	// Canonical properties
+	//
+
+	/// All the authenticating events for this event.
+	fn auth_events(&self) -> impl DoubleEndedIterator<Item = &EventId> + Clone + Send + '_;
+
+	/// The event's content.
+	fn content(&self) -> &RawJsonValue;

 	/// The `EventId` of this event.
-	fn event_id(&self) -> &Self::Id;
+	fn event_id(&self) -> &EventId;
+
+	/// The time of creation on the originating server.
+	fn origin_server_ts(&self) -> MilliSecondsSinceUnixEpoch;
+
+	/// The events before this event.
+	fn prev_events(&self) -> impl DoubleEndedIterator<Item = &EventId> + Clone + Send + '_;
+
+	/// If this event is a redaction event this is the event it redacts.
+	fn redacts(&self) -> Option<&EventId>;

 	/// The `RoomId` of this event.
 	fn room_id(&self) -> &RoomId;
@@ -20,54 +173,16 @@ pub trait Event {
 	/// The `UserId` of this event.
 	fn sender(&self) -> &UserId;

-	/// The time of creation on the originating server.
-	fn origin_server_ts(&self) -> MilliSecondsSinceUnixEpoch;
-
-	/// The event type.
-	fn event_type(&self) -> &TimelineEventType;
-
-	/// The event's content.
-	fn content(&self) -> &RawJsonValue;
-
 	/// The state key for this event.
 	fn state_key(&self) -> Option<&str>;

-	/// The events before this event.
-	// Requires GATs to avoid boxing (and TAIT for making it convenient).
-	fn prev_events(&self) -> impl DoubleEndedIterator<Item = &Self::Id> + Send + '_;
+	/// The event type.
+	fn kind(&self) -> &TimelineEventType;

-	/// All the authenticating events for this event.
-	// Requires GATs to avoid boxing (and TAIT for making it convenient).
-	fn auth_events(&self) -> impl DoubleEndedIterator<Item = &Self::Id> + Send + '_;
+	/// Metadata container; peer-trusted only.
+	fn unsigned(&self) -> Option<&RawJsonValue>;

-	/// If this event is a redaction event this is the event it redacts.
-	fn redacts(&self) -> Option<&Self::Id>;
-}
-
-impl<T: Event> Event for &T {
-	type Id = T::Id;
-
-	fn event_id(&self) -> &Self::Id { (*self).event_id() }
-
-	fn room_id(&self) -> &RoomId { (*self).room_id() }
-
-	fn sender(&self) -> &UserId { (*self).sender() }
-
-	fn origin_server_ts(&self) -> MilliSecondsSinceUnixEpoch { (*self).origin_server_ts() }
-
-	fn event_type(&self) -> &TimelineEventType { (*self).event_type() }
-
-	fn content(&self) -> &RawJsonValue { (*self).content() }
-
-	fn state_key(&self) -> Option<&str> { (*self).state_key() }
-
-	fn prev_events(&self) -> impl DoubleEndedIterator<Item = &Self::Id> + Send + '_ {
-		(*self).prev_events()
-	}
-
-	fn auth_events(&self) -> impl DoubleEndedIterator<Item = &Self::Id> + Send + '_ {
-		(*self).auth_events()
-	}
-
-	fn redacts(&self) -> Option<&Self::Id> { (*self).redacts() }
+	//#[deprecated]
+	#[inline]
+	fn event_type(&self) -> &TimelineEventType { self.kind() }
 }
@@ -0,0 +1,21 @@
+use serde::Deserialize;
+use serde_json::value::Value as JsonValue;
+
+use super::Event;
+use crate::{Result, err};
+
+#[inline]
+#[must_use]
+pub(super) fn as_value<E: Event>(event: &E) -> JsonValue {
+	get(event).expect("Failed to represent Event content as JsonValue")
+}
+
+#[inline]
+pub(super) fn get<T, E>(event: &E) -> Result<T>
+where
+	T: for<'de> Deserialize<'de>,
+	E: Event,
+{
+	serde_json::from_str(event.content().get())
+		.map_err(|e| err!(Request(BadJson("Failed to deserialize content into type: {e}"))))
+}
@@ -0,0 +1,93 @@
+use ruma::api::client::filter::{RoomEventFilter, UrlFilter};
+use serde_json::Value;
+
+use super::Event;
+use crate::is_equal_to;
+
+pub trait Matches<E: Event> {
+	fn matches(&self, event: &E) -> bool;
+}
+
+impl<E: Event> Matches<E> for &RoomEventFilter {
+	#[inline]
+	fn matches(&self, event: &E) -> bool {
+		if !matches_sender(event, self) {
+			return false;
+		}
+
+		if !matches_room(event, self) {
+			return false;
+		}
+
+		if !matches_type(event, self) {
+			return false;
+		}
+
+		if !matches_url(event, self) {
+			return false;
+		}
+
+		true
+	}
+}
+
+fn matches_room<E: Event>(event: &E, filter: &RoomEventFilter) -> bool {
+	if filter.not_rooms.iter().any(is_equal_to!(event.room_id())) {
+		return false;
+	}
+
+	if let Some(rooms) = filter.rooms.as_ref() {
+		if !rooms.iter().any(is_equal_to!(event.room_id())) {
+			return false;
+		}
+	}
+
+	true
+}
+
+fn matches_sender<E: Event>(event: &E, filter: &RoomEventFilter) -> bool {
+	if filter.not_senders.iter().any(is_equal_to!(event.sender())) {
+		return false;
+	}
+
+	if let Some(senders) = filter.senders.as_ref() {
+		if !senders.iter().any(is_equal_to!(event.sender())) {
+			return false;
+		}
+	}
+
+	true
+}
+
+fn matches_type<E: Event>(event: &E, filter: &RoomEventFilter) -> bool {
+	let kind = event.kind().to_cow_str();
+
+	if filter.not_types.iter().any(is_equal_to!(&kind)) {
+		return false;
+	}
+
+	if let Some(types) = filter.types.as_ref() {
+		if !types.iter().any(is_equal_to!(&kind)) {
+			return false;
+		}
+	}
+
+	true
+}
+
+fn matches_url<E: Event>(event: &E, filter: &RoomEventFilter) -> bool {
+	let Some(url_filter) = filter.url_filter.as_ref() else {
+		return true;
+	};
+
+	//TODO: might be better to use Ruma's Raw rather than serde here
+	let url = event
+		.get_content_as_value()
+		.get("url")
+		.is_some_and(Value::is_string);
+
+	match url_filter {
+		| UrlFilter::EventsWithUrl => url,
+		| UrlFilter::EventsWithoutUrl => !url,
+	}
+}
@@ -0,0 +1,219 @@
+use ruma::{
+	events::{
+		AnyMessageLikeEvent, AnyStateEvent, AnyStrippedStateEvent, AnySyncStateEvent,
+		AnySyncTimelineEvent, AnyTimelineEvent, StateEvent, room::member::RoomMemberEventContent,
+		space::child::HierarchySpaceChildEvent,
+	},
+	serde::Raw,
+};
+use serde_json::json;
+
+use super::{Event, redact};
+
+pub struct Owned<E: Event>(pub(super) E);
+
+pub struct Ref<'a, E: Event>(pub(super) &'a E);
+
+impl<E: Event> From<Owned<E>> for Raw<AnySyncTimelineEvent> {
+	fn from(event: Owned<E>) -> Self { Ref(&event.0).into() }
+}
+
+impl<'a, E: Event> From<Ref<'a, E>> for Raw<AnySyncTimelineEvent> {
+	fn from(event: Ref<'a, E>) -> Self {
+		let event = event.0;
+		let (redacts, content) = redact::copy(event);
+		let mut json = json!({
+			"content": content,
+			"event_id": event.event_id(),
+			"origin_server_ts": event.origin_server_ts(),
+			"sender": event.sender(),
+			"type": event.event_type(),
+		});
+
+		if let Some(redacts) = redacts {
+			json["redacts"] = json!(redacts);
+		}
+		if let Some(state_key) = event.state_key() {
+			json["state_key"] = json!(state_key);
+		}
+		if let Some(unsigned) = event.unsigned() {
+			json["unsigned"] = json!(unsigned);
+		}
+
+		serde_json::from_value(json).expect("Failed to serialize Event value")
+	}
+}
+
+impl<E: Event> From<Owned<E>> for Raw<AnyTimelineEvent> {
+	fn from(event: Owned<E>) -> Self { Ref(&event.0).into() }
+}
+
+impl<'a, E: Event> From<Ref<'a, E>> for Raw<AnyTimelineEvent> {
+	fn from(event: Ref<'a, E>) -> Self {
+		let event = event.0;
+		let (redacts, content) = redact::copy(event);
+		let mut json = json!({
+			"content": content,
+			"event_id": event.event_id(),
+			"origin_server_ts": event.origin_server_ts(),
+			"room_id": event.room_id(),
+			"sender": event.sender(),
+			"type": event.kind(),
+		});
+
+		if let Some(redacts) = redacts {
+			json["redacts"] = json!(redacts);
+		}
+		if let Some(state_key) = event.state_key() {
+			json["state_key"] = json!(state_key);
+		}
+		if let Some(unsigned) = event.unsigned() {
+			json["unsigned"] = json!(unsigned);
+		}
+
+		serde_json::from_value(json).expect("Failed to serialize Event value")
+	}
+}
+
+impl<E: Event> From<Owned<E>> for Raw<AnyMessageLikeEvent> {
+	fn from(event: Owned<E>) -> Self { Ref(&event.0).into() }
+}
+
+impl<'a, E: Event> From<Ref<'a, E>> for Raw<AnyMessageLikeEvent> {
+	fn from(event: Ref<'a, E>) -> Self {
+		let event = event.0;
+		let (redacts, content) = redact::copy(event);
+		let mut json = json!({
+			"content": content,
+			"event_id": event.event_id(),
+			"origin_server_ts": event.origin_server_ts(),
+			"room_id": event.room_id(),
+			"sender": event.sender(),
+			"type": event.kind(),
+		});
+
+		if let Some(redacts) = &redacts {
+			json["redacts"] = json!(redacts);
+		}
+		if let Some(state_key) = event.state_key() {
+			json["state_key"] = json!(state_key);
+		}
+		if let Some(unsigned) = event.unsigned() {
+			json["unsigned"] = json!(unsigned);
+		}
+
+		serde_json::from_value(json).expect("Failed to serialize Event value")
+	}
+}
+
+impl<E: Event> From<Owned<E>> for Raw<AnyStateEvent> {
+	fn from(event: Owned<E>) -> Self { Ref(&event.0).into() }
+}
+
+impl<'a, E: Event> From<Ref<'a, E>> for Raw<AnyStateEvent> {
+	fn from(event: Ref<'a, E>) -> Self {
+		let event = event.0;
+		let mut json = json!({
+			"content": event.content(),
+			"event_id": event.event_id(),
+			"origin_server_ts": event.origin_server_ts(),
+			"room_id": event.room_id(),
+			"sender": event.sender(),
+			"state_key": event.state_key(),
+			"type": event.kind(),
+		});
+
+		if let Some(unsigned) = event.unsigned() {
+			json["unsigned"] = json!(unsigned);
+		}
+
+		serde_json::from_value(json).expect("Failed to serialize Event value")
+	}
+}
+
+impl<E: Event> From<Owned<E>> for Raw<AnySyncStateEvent> {
+	fn from(event: Owned<E>) -> Self { Ref(&event.0).into() }
+}
+
+impl<'a, E: Event> From<Ref<'a, E>> for Raw<AnySyncStateEvent> {
+	fn from(event: Ref<'a, E>) -> Self {
+		let event = event.0;
+		let mut json = json!({
+			"content": event.content(),
+			"event_id": event.event_id(),
+			"origin_server_ts": event.origin_server_ts(),
+			"sender": event.sender(),
+			"state_key": event.state_key(),
+			"type": event.kind(),
+		});
+
+		if let Some(unsigned) = event.unsigned() {
+			json["unsigned"] = json!(unsigned);
+		}
+
+		serde_json::from_value(json).expect("Failed to serialize Event value")
+	}
+}
+
+impl<E: Event> From<Owned<E>> for Raw<AnyStrippedStateEvent> {
+	fn from(event: Owned<E>) -> Self { Ref(&event.0).into() }
+}
+
+impl<'a, E: Event> From<Ref<'a, E>> for Raw<AnyStrippedStateEvent> {
+	fn from(event: Ref<'a, E>) -> Self {
+		let event = event.0;
+		let json = json!({
+			"content": event.content(),
+			"sender": event.sender(),
+			"state_key": event.state_key(),
+			"type": event.kind(),
+		});
+
+		serde_json::from_value(json).expect("Failed to serialize Event value")
+	}
+}
+
+impl<E: Event> From<Owned<E>> for Raw<HierarchySpaceChildEvent> {
+	fn from(event: Owned<E>) -> Self { Ref(&event.0).into() }
+}
+
+impl<'a, E: Event> From<Ref<'a, E>> for Raw<HierarchySpaceChildEvent> {
+	fn from(event: Ref<'a, E>) -> Self {
+		let event = event.0;
+		let json = json!({
+			"content": event.content(),
+			"origin_server_ts": event.origin_server_ts(),
+			"sender": event.sender(),
+			"state_key": event.state_key(),
+			"type": event.kind(),
+		});
+
+		serde_json::from_value(json).expect("Failed to serialize Event value")
+	}
+}
+
+impl<E: Event> From<Owned<E>> for Raw<StateEvent<RoomMemberEventContent>> {
+	fn from(event: Owned<E>) -> Self { Ref(&event.0).into() }
+}
+
+impl<'a, E: Event> From<Ref<'a, E>> for Raw<StateEvent<RoomMemberEventContent>> {
+	fn from(event: Ref<'a, E>) -> Self {
+		let event = event.0;
+		let mut json = json!({
+			"content": event.content(),
+			"event_id": event.event_id(),
+			"origin_server_ts": event.origin_server_ts(),
+			"redacts": event.redacts(),
+			"room_id": event.room_id(),
+			"sender": event.sender(),
+			"state_key": event.state_key(),
+			"type": event.kind(),
+		});
+
+		if let Some(unsigned) = event.unsigned() {
+			json["unsigned"] = json!(unsigned);
+		}
+
+		serde_json::from_value(json).expect("Failed to serialize Event value")
+	}
+}
@@ -0,0 +1,86 @@
+use ruma::{
+	OwnedEventId, RoomVersionId,
+	events::{TimelineEventType, room::redaction::RoomRedactionEventContent},
+};
+use serde::Deserialize;
+use serde_json::value::{RawValue as RawJsonValue, to_raw_value};
+
+use super::Event;
+
+/// Copies the `redacts` property of the event to the `content` dict and
+/// vice-versa.
+///
+/// This follows the specification's
+/// [recommendation](https://spec.matrix.org/v1.10/rooms/v11/#moving-the-redacts-property-of-mroomredaction-events-to-a-content-property):
+///
+/// > For backwards-compatibility with older clients, servers should add a
+/// > redacts property to the top level of m.room.redaction events in when
+/// > serving such events over the Client-Server API.
+///
+/// > For improved compatibility with newer clients, servers should add a
+/// > redacts property to the content of m.room.redaction events in older
+/// > room versions when serving such events over the Client-Server API.
+#[must_use]
+pub(super) fn copy<E: Event>(event: &E) -> (Option<OwnedEventId>, Box<RawJsonValue>) {
+	if *event.event_type() != TimelineEventType::RoomRedaction {
+		return (event.redacts().map(ToOwned::to_owned), event.content().to_owned());
+	}
+
+	let Ok(mut content) = event.get_content::<RoomRedactionEventContent>() else {
+		return (event.redacts().map(ToOwned::to_owned), event.content().to_owned());
+	};
+
+	if let Some(redacts) = content.redacts {
+		return (Some(redacts), event.content().to_owned());
+	}
+
+	if let Some(redacts) = event.redacts().map(ToOwned::to_owned) {
+		content.redacts = Some(redacts);
+		return (
+			event.redacts().map(ToOwned::to_owned),
+			to_raw_value(&content).expect("Must be valid, we only added redacts field"),
+		);
+	}
+
+	(event.redacts().map(ToOwned::to_owned), event.content().to_owned())
+}
+
+#[must_use]
+pub(super) fn is_redacted<E: Event>(event: &E) -> bool {
+	let Some(unsigned) = event.unsigned() else {
+		return false;
+	};
+
+	let Ok(unsigned) = ExtractRedactedBecause::deserialize(unsigned) else {
+		return false;
+	};
+
+	unsigned.redacted_because.is_some()
+}
+
+#[must_use]
+pub(super) fn redacts_id<E: Event>(
+	event: &E,
+	room_version: &RoomVersionId,
+) -> Option<OwnedEventId> {
+	use RoomVersionId::*;
+
+	if *event.kind() != TimelineEventType::RoomRedaction {
+		return None;
+	}
+
+	match *room_version {
+		| V1 | V2 | V3 | V4 | V5 | V6 | V7 | V8 | V9 | V10 =>
+			event.redacts().map(ToOwned::to_owned),
+		| _ =>
+			event
+				.get_content::<RoomRedactionEventContent>()
+				.ok()?
+				.redacts,
+	}
+}
+
+#[derive(Deserialize)]
+struct ExtractRedactedBecause {
+	redacted_because: Option<serde::de::IgnoredAny>,
+}
@@ -0,0 +1,28 @@
+use ruma::events::relation::RelationType;
+use serde::Deserialize;
+
+use super::Event;
+
+pub trait RelationTypeEqual<E: Event> {
+	fn relation_type_equal(&self, event: &E) -> bool;
+}
+
+#[derive(Clone, Debug, Deserialize)]
+struct ExtractRelatesToEventId {
+	#[serde(rename = "m.relates_to")]
+	relates_to: ExtractRelType,
+}
+
+#[derive(Clone, Debug, Deserialize)]
+struct ExtractRelType {
+	rel_type: RelationType,
+}
+
+impl<E: Event> RelationTypeEqual<E> for RelationType {
+	fn relation_type_equal(&self, event: &E) -> bool {
+		event
+			.get_content()
+			.map(|c: ExtractRelatesToEventId| c.relates_to.rel_type)
+			.is_ok_and(|r| r == *self)
+	}
+}
@@ -0,0 +1,32 @@
+use ruma::events::{StateEventType, TimelineEventType};
+
+use super::StateKey;
+
+/// Convenience trait for adding event type plus state key to state maps.
+pub trait TypeExt {
+	fn with_state_key(self, state_key: impl Into<StateKey>) -> (StateEventType, StateKey);
+}
+
+impl TypeExt for StateEventType {
+	fn with_state_key(self, state_key: impl Into<StateKey>) -> (StateEventType, StateKey) {
+		(self, state_key.into())
+	}
+}
+
+impl TypeExt for &StateEventType {
+	fn with_state_key(self, state_key: impl Into<StateKey>) -> (StateEventType, StateKey) {
+		(self.clone(), state_key.into())
+	}
+}
+
+impl TypeExt for TimelineEventType {
+	fn with_state_key(self, state_key: impl Into<StateKey>) -> (StateEventType, StateKey) {
+		(self.into(), state_key.into())
+	}
+}
+
+impl TypeExt for &TimelineEventType {
+	fn with_state_key(self, state_key: impl Into<StateKey>) -> (StateEventType, StateKey) {
+		(self.clone().into(), state_key.into())
+	}
+}
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
Jason Volk	1c08c0cdac	Fix clippy::unnecessary-unwrap. Signed-off-by: Jason Volk <jason@zemos.net>	2025-06-29 16:16:46 +01:00
Jason Volk	374a5d6fa4	Add revoke_admin to service. Signed-off-by: Jason Volk <jason@zemos.net>	2025-06-29 16:16:45 +01:00
Jason Volk	5fff540775	Split state_cache service. Signed-off-by: Jason Volk <jason@zemos.net>	2025-06-29 16:16:45 +01:00
Jason Volk	f030ba590d	Outdent state_compressor service. Signed-off-by: Jason Volk <jason@zemos.net>	2025-06-29 16:16:45 +01:00
Jason Volk	73c4042331	Split timeline service. Signed-off-by: Jason Volk <jason@zemos.net>	2025-06-29 16:16:45 +01:00
Jason Volk	461da03ca5	Fix regression `75aadd5c6a` Signed-off-by: Jason Volk <jason@zemos.net>	2025-06-29 16:16:45 +01:00
Jason Volk	671d0619ca	Post-formatting aesthetic and spacing corrections Signed-off-by: Jason Volk <jason@zemos.net>	2025-06-29 16:16:45 +01:00
Jason Volk	e8ddc9bd18	Cleanup/improve other async queries in some client handlers. Signed-off-by: Jason Volk <jason@zemos.net>	2025-06-29 16:16:44 +01:00
Jason Volk	4217479455	Toward abstracting Pdu into trait Event. Co-authored-by: Jade Ellis <jade@ellis.link> Signed-off-by: Jason Volk <jason@zemos.net>	2025-06-29 16:16:44 +01:00
Jason Volk	b01965b1ee	Dedup and parallelize current key backup count and etag fetching. Signed-off-by: Jason Volk <jason@zemos.net>	2025-06-29 16:16:44 +01:00
Jason Volk	90deb7ce1a	Macroize various remaining Error constructions. Signed-off-by: Jason Volk <jason@zemos.net>	2025-06-29 16:16:44 +01:00
Jason Volk	e02fa39688	Simplify api to send notices to admin room Signed-off-by: Jason Volk <jason@zemos.net>	2025-06-29 16:16:44 +01:00
Jason Volk	84c3264c07	Use integrated error instead of panic on some legacy codepaths Signed-off-by: Jason Volk <jason@zemos.net>	2025-06-29 16:16:43 +01:00
Jason Volk	7a22442295	Mitigate large futures Signed-off-by: Jason Volk <jason@zemos.net>	2025-06-29 16:16:43 +01:00
Jason Volk	1103cf7290	Support optional device_id's in lazy-loading context. Co-authored-by: Jade Ellis <jade@ellis.link> Signed-off-by: Jason Volk <jason@zemos.net>	2025-06-29 16:16:43 +01:00
Jason Volk	bf086158bd	Modernize various sender_user/sender_device lets. Signed-off-by: Jason Volk <jason@zemos.net>	2025-06-29 16:16:43 +01:00
Jade Ellis	2ecbd75d64	ci: fixes - Install UV - Verbose run - Set permissions explicitly - Check all files	2025-06-21 19:17:21 +01:00
Jade Ellis	a682e9dbb8	chore: Add commit to ignored revs	2025-06-21 18:03:38 +01:00
Jade Ellis	46c193e74b	chore: fix end of files & trailing whitespace	2025-06-21 17:59:01 +01:00
Jade Ellis	93719018a8	ci: Run additional sanity checks on repository	2025-06-21 17:58:28 +01:00
Jade Ellis	70df8364b3	chore: Bump rustyline-async from 0.4.3 to 0.4.6	2025-06-21 00:50:02 +01:00
Jade Ellis	bae8192fb3	chore: Bump resolv-conf from 0.7.1 to 0.7.4	2025-06-20 23:39:20 +01:00
Jade Ellis	add5c7052c	chore: Update lockfile	2025-06-20 21:51:53 +01:00
Jade Ellis	01200d9b54	build: Allow specifying build profile Additionally splits caches by target CPU	2025-06-20 21:48:37 +01:00
Jade Ellis	0ba4a265be	build: Upgrade to Rust 1.87	2025-06-20 21:45:29 +01:00
Jade Ellis	08fbcbba69	build: Use newer LLVM for rust 1.87	2025-06-20 21:35:48 +01:00
Jade Ellis	b526935d45	build: Specify debian version	2025-06-20 21:35:03 +01:00
Jade Ellis	a737d845a4	chore: Don't specify targets in rust-toolchain	2025-06-20 21:25:34 +01:00
nex	e508b1197f	feat: allow overriding the "most recent event" when forcing a state download (#853 ) Add option to select which event to set the state at to, for the force-set-room-state admin command. This allows us to work around issues where the latest PDU is one that remote servers don't know about (i.e. failed federation for whatever reason) Closes #852 Reviewed-on: https://forgejo.ellis.link/continuwuation/continuwuity/pulls/853 Reviewed-by: Jade Ellis <jade@ellis.link> Co-authored-by: nex <nex@noreply.forgejo.ellis.link> Co-committed-by: nex <nex@noreply.forgejo.ellis.link>	2025-06-19 21:27:50 +00:00
Kimiblock	d6fd30393c	Update docs/deploying/arch-linux.md	2025-06-19 12:36:49 +00:00
Jade Ellis	6e16a6ef8f	chore: Release announcement	2025-06-14 22:34:24 +01:00
Jade Ellis	0870c8d647	chore: Release	2025-06-14 20:53:00 +01:00
Jade Ellis	d0f00e6f5c	feat: Allow mentioning @room in an admin announcement	2025-06-14 19:09:54 +01:00
Jade Ellis	5d44653e3a	fix: Incorrect command descriptions	2025-06-14 16:51:24 +01:00
Jade Ellis	44e60d0ea6	docs: Tiny phrasing changes to the security policy	2025-06-14 16:34:58 +01:00
Jade Ellis	d7514178ab	ci: Fix extra bracket in commit shorthash	2025-06-13 14:30:26 +01:00
Jade Ellis	1d45e0b68c	feat: Add warning when admin users will be exposed as support contacts	2025-06-13 13:39:50 +01:00
Jade Ellis	3c44dccd65	ci: HACK, disable saving to actions cache	2025-05-26 19:16:50 +01:00
Jade Ellis	b57be072c7	build: Don't rerun on git changes	2025-05-26 19:16:05 +01:00
Jade Ellis	ea5dc8e09d	fix: Use correct brand in clap version string	2025-05-26 19:16:05 +01:00
Jade Ellis	b9d60c64e5	ci: Don't specify container for image builder	2025-05-26 19:16:04 +01:00
Jade Ellis	94ae824149	ci: Don't install rustup if it's already there	2025-05-26 19:16:03 +01:00
Jade Ellis	640714922b	feat: For knock_restricted rooms, automatically join rooms we meet restrictions for rather than knocking	2025-05-26 19:16:03 +01:00
Jade Ellis	2b268fdaf3	fix: Allow joining via invite for knock_restricted rooms	2025-05-26 19:16:01 +01:00
Jade Ellis	e8d823a653	docs: Apply feedback on security policy	2025-05-26 15:01:58 +01:00
Jade Ellis	0ba77674c7	docs: Security policy	2025-05-25 00:36:28 +01:00
Jade Ellis	2ccbd7d60b	fix: Reference config directly	2025-05-21 21:06:44 +01:00
Jade Ellis	60960c6e09	feat: Automatically set well-known support contacts	2025-05-21 20:32:53 +01:00
Jade Ellis	ce40304667	chore: Upgrade deps	2025-05-21 15:28:46 +01:00
Jade Ellis	dcbc4b54c5	ci: Always show sccache stats	2025-05-21 12:45:25 +01:00
Jade Ellis	fce024b30b	chore: Add must_use annotation	2025-05-21 12:45:14 +01:00
Jade Ellis	3e4e696761	fix: Make sure empty VERSION_EXTRA strings are ignored Also updates built & removes unused optional features	2025-05-21 12:35:36 +01:00
Jason Volk	f605913ea9	Eliminate associated Id type from trait Event. Co-authored-by: Jade Ellis <jade@ellis.link> Signed-off-by: Jason Volk <jason@zemos.net>	2025-05-21 11:36:15 +01:00
Jason Volk	44302ce732	Eliminate explicit parallel_fetches argument. Signed-off-by: Jason Volk <jason@zemos.net>	2025-05-21 11:36:15 +01:00
Jason Volk	bfb0a2b76a	Remove unused Pdu::into_any_event(). Signed-off-by: Jason Volk <jason@zemos.net>	2025-05-21 11:36:14 +01:00
Jason Volk	fcd5669aa1	Join jemalloc background threads prior to exit. Co-authored-by: Jade Ellis <jade@ellis.link> Signed-off-by: Jason Volk <jason@zemos.net>	2025-05-21 11:36:13 +01:00