fix: Allow server admins and v12 room creators to publish rooms

2026-05-26 20:49:55 +00:00 · 2026-04-09 19:25:30 +01:00
7 changed files with 60 additions and 301 deletions
@@ -20,7 +20,7 @@ jobs:
          token: ${{ secrets.FORGEJO_TOKEN }}

      - name: Install Lix
-        uses: https://github.com/samueldr/lix-gha-installer-action@f5e94192f565f53d84f41a056956dc0d3183b343
+        uses: https://github.com/samueldr/lix-gha-installer-action@7b7f14d320d6aacfb65bd1ef761566b3b69e474c
        with:
          extra_nix_config: experimental-features = nix-command flakes flake-self-attrs

@@ -1 +0,0 @@
-Fixed restricted joins not being signed when we are being used as an authorising server. Contributed by @nex, reported by [vel](matrix:u/vel:nhjkl.com?action=chat).
@@ -1,6 +1,6 @@
 use conduwuit::{Err, Result};
 use futures::StreamExt;
-use ruma::{OwnedRoomId, OwnedRoomOrAliasId};
+use ruma::OwnedRoomId;

 use crate::{PAGE_SIZE, admin_command, get_room_info};

@@ -82,185 +82,3 @@ pub(super) async fn exists(&self, room_id: OwnedRoomId) -> Result {

 	self.write_str(&format!("{result}")).await
 }
-
-#[admin_command]
-pub(super) async fn purge_sync_tokens(&self, room: OwnedRoomOrAliasId) -> Result {
-	// Resolve the room ID from the room or alias ID
-	let room_id = self.services.rooms.alias.resolve(&room).await?;
-
-	// Delete all tokens for this room using the service method
-	let Ok(deleted_count) = self.services.rooms.user.delete_room_tokens(&room_id).await else {
-		return Err!("Failed to delete sync tokens for room {}", room_id.as_str());
-	};
-
-	self.write_str(&format!(
-		"Successfully deleted {deleted_count} sync tokens for room {}",
-		room_id.as_str()
-	))
-	.await
-}
-
-/// Target options for room purging
-#[derive(Default, Debug, clap::ValueEnum, Clone)]
-pub enum RoomTargetOption {
-	#[default]
-	/// Target all rooms
-	All,
-	/// Target only disabled rooms
-	DisabledOnly,
-	/// Target only banned rooms
-	BannedOnly,
-}
-
-#[admin_command]
-pub(super) async fn purge_all_sync_tokens(
-	&self,
-	target_option: Option<RoomTargetOption>,
-	execute: bool,
-) -> Result {
-	use conduwuit::{debug, info};
-
-	let mode = if !execute { "Simulating" } else { "Starting" };
-
-	// strictly, we should check if these reach the max value after the loop and
-	// warn the user that the count is too large
-	let mut total_rooms_checked: usize = 0;
-	let mut total_tokens_deleted: usize = 0;
-	let mut error_count: u32 = 0;
-	let mut skipped_rooms: usize = 0;
-
-	info!("{} purge of sync tokens", mode);
-
-	// Get all rooms in the server
-	let all_rooms = self
-		.services
-		.rooms
-		.metadata
-		.iter_ids()
-		.collect::<Vec<_>>()
-		.await;
-
-	info!("Found {} rooms total on the server", all_rooms.len());
-
-	// Filter rooms based on options
-	let mut rooms = Vec::new();
-	for room_id in all_rooms {
-		if let Some(target) = &target_option {
-			match target {
-				| RoomTargetOption::DisabledOnly => {
-					if !self.services.rooms.metadata.is_disabled(room_id).await {
-						debug!("Skipping room {} as it's not disabled", room_id.as_str());
-						skipped_rooms = skipped_rooms.saturating_add(1);
-						continue;
-					}
-				},
-				| RoomTargetOption::BannedOnly => {
-					if !self.services.rooms.metadata.is_banned(room_id).await {
-						debug!("Skipping room {} as it's not banned", room_id.as_str());
-						skipped_rooms = skipped_rooms.saturating_add(1);
-						continue;
-					}
-				},
-				| RoomTargetOption::All => {},
-			}
-		}
-
-		rooms.push(room_id);
-	}
-
-	// Total number of rooms we'll be checking
-	let total_rooms = rooms.len();
-	info!(
-		"Processing {} rooms after filtering (skipped {} rooms)",
-		total_rooms, skipped_rooms
-	);
-
-	// Process each room
-	for room_id in rooms {
-		total_rooms_checked = total_rooms_checked.saturating_add(1);
-
-		// Log progress periodically
-		if total_rooms_checked.is_multiple_of(100) || total_rooms_checked == total_rooms {
-			info!(
-				"Progress: {}/{} rooms checked, {} tokens {}",
-				total_rooms_checked,
-				total_rooms,
-				total_tokens_deleted,
-				if !execute { "would be deleted" } else { "deleted" }
-			);
-		}
-
-		// In dry run mode, just count what would be deleted, don't actually delete
-		debug!(
-			"Room {}: {}",
-			room_id.as_str(),
-			if !execute {
-				"would purge sync tokens"
-			} else {
-				"purging sync tokens"
-			}
-		);
-
-		if !execute {
-			// For dry run mode, count tokens without deleting
-			match self.services.rooms.user.count_room_tokens(room_id).await {
-				| Ok(count) =>
-					if count > 0 {
-						debug!(
-							"Would delete {} sync tokens for room {}",
-							count,
-							room_id.as_str()
-						);
-						total_tokens_deleted = total_tokens_deleted.saturating_add(count);
-					} else {
-						debug!("No sync tokens found for room {}", room_id.as_str());
-					},
-				| Err(e) => {
-					debug!("Error counting sync tokens for room {}: {:?}", room_id.as_str(), e);
-					error_count = error_count.saturating_add(1);
-				},
-			}
-		} else {
-			// Real deletion mode
-			match self.services.rooms.user.delete_room_tokens(room_id).await {
-				| Ok(count) =>
-					if count > 0 {
-						debug!("Deleted {} sync tokens for room {}", count, room_id.as_str());
-						total_tokens_deleted = total_tokens_deleted.saturating_add(count);
-					} else {
-						debug!("No sync tokens found for room {}", room_id.as_str());
-					},
-				| Err(e) => {
-					debug!("Error purging sync tokens for room {}: {:?}", room_id.as_str(), e);
-					error_count = error_count.saturating_add(1);
-				},
-			}
-		}
-	}
-
-	let action = if !execute { "would be deleted" } else { "deleted" };
-	info!(
-		"Finished {}: checked {} rooms out of {} total, {} tokens {}, errors: {}",
-		if !execute {
-			"purge simulation"
-		} else {
-			"purging sync tokens"
-		},
-		total_rooms_checked,
-		total_rooms,
-		total_tokens_deleted,
-		action,
-		error_count
-	);
-
-	self.write_str(&format!(
-		"Finished {}: checked {} rooms out of {} total, {} tokens {}, errors: {}",
-		if !execute { "simulation" } else { "purging sync tokens" },
-		total_rooms_checked,
-		total_rooms,
-		total_tokens_deleted,
-		action,
-		error_count
-	))
-	.await
-}
@@ -5,9 +5,8 @@ mod info;
 mod moderation;

 use clap::Subcommand;
-use commands::RoomTargetOption;
 use conduwuit::Result;
-use ruma::{OwnedRoomId, OwnedRoomOrAliasId};
+use ruma::OwnedRoomId;

 use self::{
 	alias::RoomAliasCommand, directory::RoomDirectoryCommand, info::RoomInfoCommand,
@@ -61,25 +60,4 @@ pub enum RoomCommand {
 	Exists {
 		room_id: OwnedRoomId,
 	},
-
-	/// - Delete all sync tokens for a room
-	PurgeSyncTokens {
-		/// Room ID or alias to purge sync tokens for
-		#[arg(value_parser)]
-		room: OwnedRoomOrAliasId,
-	},
-
-	/// - Delete sync tokens for all rooms that have no local users
-	///
-	/// By default, processes all empty rooms.
-	PurgeAllSyncTokens {
-		/// Target specific room types
-		#[arg(long, value_enum)]
-		target_option: Option<RoomTargetOption>,
-
-		/// Execute token deletions. Otherwise,
-		/// Performs a dry run without actually deleting any tokens
-		#[arg(long)]
-		execute: bool,
-	},
 }
@@ -1,7 +1,9 @@
+use std::iter::once;
+
 use axum::extract::State;
 use axum_client_ip::InsecureClientIp;
 use conduwuit::{
-	Err, Event, Result, err, info,
+	Err, Event, Result, RoomVersion, err, info,
 	utils::{
 		TryFutureExtExt,
 		math::Expected,
@@ -30,12 +32,14 @@ use ruma::{
 	events::{
 		StateEventType,
 		room::{
+			create::RoomCreateEventContent,
 			join_rules::{JoinRule, RoomJoinRulesEventContent},
 			power_levels::{RoomPowerLevels, RoomPowerLevelsEventContent},
 		},
 	},
 	uint,
 };
+use tokio::join;

 use crate::Ruma;

@@ -339,36 +343,63 @@ pub(crate) async fn get_public_rooms_filtered_helper(
 	})
 }

-/// Check whether the user can publish to the room directory via power levels of
-/// room history visibility event or room creator
+/// Checks whether the given user ID is allowed to publish the target room to
+/// the server's public room directory. Users are allowed to publish rooms if
+/// they are server admins, room creators (in v12), or have the power level to
+/// send `m.room.canonical_alias`.
 async fn user_can_publish_room(
 	services: &Services,
 	user_id: &UserId,
 	room_id: &RoomId,
 ) -> Result<bool> {
-	match services
-		.rooms
-		.state_accessor
-		.room_state_get(room_id, &StateEventType::RoomPowerLevels, "")
-		.await
+	if services.users.is_admin(user_id).await {
+		// Server admins can always publish to their own room directory.
+		return Ok(true);
+	}
+	let (create_event, room_version, power_levels_content) = join!(
+		services
+			.rooms
+			.state_accessor
+			.room_state_get(room_id, &StateEventType::RoomCreate, ""),
+		services.rooms.state.get_room_version(room_id),
+		services
+			.rooms
+			.state_accessor
+			.room_state_get_content::<RoomPowerLevelsEventContent>(
+				room_id,
+				&StateEventType::RoomPowerLevels,
+				""
+			)
+	);
+	let room_version = room_version
+		.as_ref()
+		.map_err(|_| err!(Request(NotFound("Unknown room"))))?;
+	let create_event = create_event.map_err(|_| err!(Request(NotFound("Unknown room"))))?;
+	if RoomVersion::new(room_version)
+		.expect("room version must be supported")
+		.explicitly_privilege_room_creators
 	{
-		| Ok(event) => serde_json::from_str(event.content().get())
-			.map_err(|_| err!(Database("Invalid event content for m.room.power_levels")))
-			.map(|content: RoomPowerLevelsEventContent| {
-				RoomPowerLevels::from(content)
-					.user_can_send_state(user_id, StateEventType::RoomHistoryVisibility)
-			}),
-		| _ => {
-			match services
-				.rooms
-				.state_accessor
-				.room_state_get(room_id, &StateEventType::RoomCreate, "")
-				.await
-			{
-				| Ok(event) => Ok(event.sender() == user_id),
-				| _ => Err!(Request(Forbidden("User is not allowed to publish this room"))),
-			}
-		},
+		let create_content: RoomCreateEventContent =
+			serde_json::from_str(create_event.content().get())
+				.map_err(|_| err!(Database("Invalid event content for m.room.create")))?;
+		let is_creator = create_content
+			.additional_creators
+			.unwrap_or_default()
+			.into_iter()
+			.chain(once(create_event.sender().to_owned()))
+			.any(|sender| sender == user_id);
+		if is_creator {
+			return Ok(true);
+		}
+	}
+	match power_levels_content.map(RoomPowerLevels::from) {
+		| Ok(pl) => Ok(pl.user_can_send_state(user_id, StateEventType::RoomCanonicalAlias)),
+		| Err(e) =>
+			if e.is_not_found() {
+				Ok(create_event.sender() == user_id)
+			} else {
+				Err!(Database("Invalid event content for m.room.power_levels: {e}"))
+			},
 	}
 }

@@ -71,7 +71,7 @@ async fn create_join_event(
 	let room_version_id = services.rooms.state.get_room_version(room_id).await?;

 	trace!("Generating event ID and converting to canonical json");
-	let Ok((event_id, mut value)) = gen_event_id_canonical_json(pdu, &room_version_id) else {
+	let Ok((event_id, value)) = gen_event_id_canonical_json(pdu, &room_version_id) else {
 		// Event could not be converted to canonical json
 		return Err!(Request(BadJson("Could not convert event to canonical json.")));
 	};
@@ -187,13 +187,6 @@ async fn create_join_event(
 				"Joining user did not pass restricted room's rules."
 			)));
 		}
-
-		services
-			.server_keys
-			.hash_and_sign_event(&mut value, &room_version_id)
-			.map_err(|e| {
-				err!(Request(InvalidParam(warn!("Failed to sign send_join event: {e}"))))
-			})?;
 	}

 	let mutex_lock = services
@@ -127,63 +127,3 @@ pub async fn get_token_shortstatehash(
 		.await
 		.deserialized()
 }
-
-/// Count how many sync tokens exist for a room without deleting them
-///
-/// This is useful for dry runs to see how many tokens would be deleted
-#[implement(Service)]
-pub async fn count_room_tokens(&self, room_id: &RoomId) -> Result<usize> {
-	use futures::TryStreamExt;
-
-	let shortroomid = self.services.short.get_shortroomid(room_id).await?;
-
-	// Create a prefix to search by - all entries for this room will start with its
-	// short ID
-	let prefix = &[shortroomid];
-
-	// Collect all keys into a Vec and count them
-	let keys = self
-		.db
-		.roomsynctoken_shortstatehash
-		.keys_prefix_raw(prefix)
-		.map_ok(|_| ()) // We only need to count, not store the keys
-		.try_collect::<Vec<_>>()
-		.await?;
-
-	Ok(keys.len())
-}
-
-/// Delete all sync tokens associated with a room
-///
-/// This helps clean up the database as these tokens are never otherwise removed
-#[implement(Service)]
-pub async fn delete_room_tokens(&self, room_id: &RoomId) -> Result<usize> {
-	use futures::TryStreamExt;
-
-	let shortroomid = self.services.short.get_shortroomid(room_id).await?;
-
-	// Create a prefix to search by - all entries for this room will start with its
-	// short ID
-	let prefix = &[shortroomid];
-
-	// Collect all keys into a Vec first, then delete them
-	let keys = self
-		.db
-		.roomsynctoken_shortstatehash
-		.keys_prefix_raw(prefix)
-		.map_ok(|key| {
-			// Clone the key since we can't store references in the Vec
-			Vec::from(key)
-		})
-		.try_collect::<Vec<_>>()
-		.await?;
-
-	// Delete each key individually
-	for key in &keys {
-		self.db.roomsynctoken_shortstatehash.del(key);
-	}
-
-	let count = keys.len();
-
-	Ok(count)
-}
				`@@ -1 +0,0 @@`
				`Fixed restricted joins not being signed when we are being used as an authorising server. Contributed by @nex, reported by [vel](matrix:u/vel:nhjkl.com?action=chat).`