continuwuation/continuwuity
continuwuation/continuwuity
15
98
Fork 109
Code Issues 122 Pull requests 23 Releases 30 Packages 3 Activity Actions 9

feat: Add config option for a default ACL on room creation #1691

Merged
ginger merged 3 commits from eve/ackduck:I775 into main 2026-05-21 17:09:43 +00:00
Conversation 5 Commits 3 Files changed 5 +111 -3
eve commented 2026-04-20 14:14:50 +00:00
Contributor
Copy link

This allows for rooms to be created with a m.room.server_acl event by
default. This event can be thought of as part of the initial_state
events, although it is not provided by the client.

Implements #775

This pull request...

Pull request checklist:

  • This pull request targets the main branch, and the branch is named something other than
    main.
  • I have written an appropriate pull request title and my description is clear.
  • I understand I am responsible for the contents of this pull request.
  • I have followed the contributing guidelines:
This allows for rooms to be created with a m.room.server_acl event by default. This event can be thought of as part of the initial_state events, although it is not provided by the client. Implements #775 <!-- In order to help reviewers know what your pull request does at a glance, you should ensure that 1. Your PR title is a short, single sentence describing what you changed 2. You have described in more detail what you have changed, why you have changed it, what the intended effect is, and why you think this will be beneficial to the project. If you have made any potentially strange/questionable design choices, but didn't feel they'd benefit from code comments, please don't mention them here - after opening your pull request, go to "files changed", and click on the "+" symbol in the line number gutter, and attach comments to the lines that you think would benefit from some clarification. --> This pull request... <!-- Example: This pull request allows us to warp through time and space ten times faster than before by double-inverting the warp drive with hyperheated jump fluid, both making the drive faster and more efficient. This resolves the common issue where we have to wait more than 10 milliseconds to engage, use, and disengage the warp drive when travelling between galaxies. --> <!-- Closes: #... --> <!-- Fixes: #... --> <!-- Uncomment the above line(s) if your pull request fixes an issue or closes another pull request by superseding it. Replace `#...` with the issue/pr number, such as `#123`. --> **Pull request checklist:** <!-- You need to complete these before your PR can be considered. If you aren't sure about some, feel free to ask for clarification in #dev:continuwuity.org. --> - [x] This pull request targets the `main` branch, and the branch is named something other than `main`. - [x] I have written an appropriate pull request title and my description is clear. - [x] I understand I am responsible for the contents of this pull request. - I have followed the [contributing guidelines][c1]: - [x] My contribution follows the [code style][c2], if applicable. - [x] I ran [pre-commit checks][c1pc] before opening/drafting this pull request. - [x] I have [tested my contribution][c1t] (or proof-read it for documentation-only changes) myself, if applicable. This includes ensuring code compiles. - [x] My commit messages follow the [commit message format][c1cm] and are descriptive. - [ ] I have written a [news fragment][n1] for this PR, if applicable<!--(can be done after hitting open!)-->. <!-- Notes on these requirements: - While not required, we encourage you to sign your commits with GPG or SSH to attest the authenticity of your changes. - While we allow LLM-assisted contributions, we do not appreciate contributions that are low quality, which is typical of machine-generated contributions that have not had a lot of love and care from a human. Please do not open a PR if all you have done is asked ChatGPT to tidy up the codebase with a +-100,000 diff. - In the case of code style violations, reviewers may leave review comments/change requests indicating what the ideal change would look like. For example, a reviewer may suggest you lower a log level, or use `match` instead of `if/else` etc. - In the case of code style violations, pre-commit check failures, minor things like typos/spelling errors, and in some cases commit format violations, reviewers may modify your branch directly, typically by making changes and adding a commit. Particularly in the latter case, a reviewer may rebase your commits to squash "spammy" ones (like "fix", "fix", "actually fix"), and reword commit messages that don't satisfy the format. - Pull requests MUST pass the `Checks` CI workflows to be capable of being merged. This can only be bypassed in exceptional circumstances. If your CI flakes, let us know in matrix:r/dev:continuwuity.org. - Pull requests have to be based on the latest `main` commit before being merged. If the main branch changes while you're making your changes, you should make sure you rebase on main before opening a PR. Your branch will be rebased on main before it is merged if it has fallen behind. - We typically only do fast-forward merges, so your entire commit log will be included. Once in main, it's difficult to get out cleanly, so put on your best dress, smile for the cameras! --> [c1]: https://forgejo.ellis.link/continuwuation/continuwuity/src/branch/main/CONTRIBUTING.md [c2]: https://forgejo.ellis.link/continuwuation/continuwuity/src/branch/main/docs/development/code_style.mdx [c1pc]: https://forgejo.ellis.link/continuwuation/continuwuity/src/branch/main/CONTRIBUTING.md#pre-commit-checks [c1t]: https://forgejo.ellis.link/continuwuation/continuwuity/src/branch/main/CONTRIBUTING.md#running-tests-locally [c1cm]: https://forgejo.ellis.link/continuwuation/continuwuity/src/branch/main/CONTRIBUTING.md#commit-messages [n1]: https://towncrier.readthedocs.io/en/stable/tutorial.html#creating-news-fragments
🚀 1
eve reviewed 2026-04-20 14:15:51 +00:00
src/core/config/mod.rs Outdated
@ -774,0 +779,4 @@
///
/// ACLs in existing rooms will not be updated automatically. This is not
/// a substitute for moderation bots.
pub default_room_acl_allow: Option<Vec<String>>,
eve commented 2026-04-20 14:15:51 +00:00
Author
Contributor
Copy link

An empty list is not the same thing as no list being provided, as en empty allow list disallows all servers. Hence the Option.

An empty list is not the same thing as no list being provided, as en empty allow list disallows all servers. Hence the `Option`.
nex requested review from nex 2026-04-28 03:30:23 +00:00
nex requested changes 2026-04-28 03:51:01 +00:00
nex left a comment
Copy link

A couple concerns regarding footguns, otherwise this is good

A couple concerns regarding footguns, otherwise this is good
src/api/client/room/create.rs Outdated
@ -433,0 +437,4 @@
if let Some(allow_list) = services.server.config.default_room_acl_allow.clone() {
server_initial_state.push(PduBuilder::state(String::new(), &RoomServerAclEventContent {
allow_ip_literals: true,
allow: allow_list,
nex commented 2026-04-28 03:50:31 +00:00
Owner
Copy link

Probably want to guard against people forgetting to allow-list the local server or no servers (empty array)

Probably want to guard against people forgetting to allow-list the local server or no servers (empty array)
eve commented 2026-04-28 09:29:34 +00:00
Author
Contributor
Copy link

Good idea. I've added a check to the config validation that makes sure the configured default ACL doesn't self-ban the homeserver.

Good idea. I've added a check to the config validation that makes sure the configured default ACL doesn't self-ban the homeserver.
eve marked this conversation as resolved
src/api/client/room/create.rs Outdated
@ -433,0 +444,4 @@
server_initial_state.push(PduBuilder::state(String::new(), &RoomServerAclEventContent {
allow_ip_literals: true,
allow: vec!["*".to_owned()],
deny: deny_list,
nex commented 2026-04-28 03:50:07 +00:00
Owner
Copy link

Probably want to guard against people deny-listing the local server or all servers (*)

Probably want to guard against people deny-listing the local server or all servers (`*`)
eve marked this conversation as resolved
eve force-pushed I775 from d17c54c844
Some checks failed
Checks / Changelog / Check changelog is added (pull_request_target) Successful in 9s
Details
Documentation / Build and Deploy Documentation (pull_request) Has been cancelled
Details
Deploy Element Web / 🏗️ Build and Deploy (pull_request) Has been cancelled
Details
Checks / Prek / Pre-commit & Formatting (pull_request) Has been cancelled
Details
Checks / Prek / Clippy and Cargo Tests (pull_request) Has been cancelled
Details
Update flake hashes / update-flake-hashes (pull_request) Has been cancelled
Details
to fab3411b2e
Some checks failed
Checks / Changelog / Check changelog is added (pull_request_target) Successful in 9s
Details
Documentation / Build and Deploy Documentation (pull_request) Has been skipped
Details
Checks / Prek / Pre-commit & Formatting (pull_request) Successful in 1m22s
Details
Update flake hashes / update-flake-hashes (pull_request) Successful in 2m0s
Details
Deploy Element Web / 🏗️ Build and Deploy (pull_request) Failing after 8m17s
Details
Checks / Prek / Clippy and Cargo Tests (pull_request) Successful in 8m24s
Details
2026-04-29 10:00:07 +00:00 Compare
eve force-pushed I775 from fab3411b2e
Some checks failed
Checks / Changelog / Check changelog is added (pull_request_target) Successful in 9s
Details
Documentation / Build and Deploy Documentation (pull_request) Has been skipped
Details
Checks / Prek / Pre-commit & Formatting (pull_request) Successful in 1m22s
Details
Update flake hashes / update-flake-hashes (pull_request) Successful in 2m0s
Details
Deploy Element Web / 🏗️ Build and Deploy (pull_request) Failing after 8m17s
Details
Checks / Prek / Clippy and Cargo Tests (pull_request) Successful in 8m24s
Details
to 52fd902397
Some checks failed
Checks / Changelog / Check changelog is added (pull_request_target) Successful in 30s
Details
Documentation / Build and Deploy Documentation (pull_request) Has been cancelled
Details
Checks / Prek / Pre-commit & Formatting (pull_request) Has been cancelled
Details
Checks / Prek / Check changed files (pull_request) Has been cancelled
Details
Checks / Prek / Clippy and Cargo Tests (pull_request) Has been cancelled
Details
2026-05-01 09:43:18 +00:00 Compare
eve force-pushed I775 from 52fd902397
Some checks failed
Checks / Changelog / Check changelog is added (pull_request_target) Successful in 30s
Details
Documentation / Build and Deploy Documentation (pull_request) Has been cancelled
Details
Checks / Prek / Pre-commit & Formatting (pull_request) Has been cancelled
Details
Checks / Prek / Check changed files (pull_request) Has been cancelled
Details
Checks / Prek / Clippy and Cargo Tests (pull_request) Has been cancelled
Details
to 26011408aa
All checks were successful
Checks / Changelog / Check changelog is added (pull_request_target) Successful in 9s
Details
Documentation / Build and Deploy Documentation (pull_request) Has been skipped
Details
Checks / Prek / Check changed files (pull_request) Successful in 27s
Details
Checks / Prek / Pre-commit & Formatting (pull_request) Successful in 1m40s
Details
Checks / Prek / Clippy and Cargo Tests (pull_request) Successful in 9m1s
Details
2026-05-19 17:03:05 +00:00 Compare
ginger approved these changes 2026-05-20 12:50:10 +00:00
src/core/config/mod.rs Outdated
@ -760,6 +760,28 @@ pub struct Config {
#[serde(default = "default_default_room_version")]
pub default_room_version: RoomVersionId,
/// A default allow value for the Access Control List when creating a room
ginger commented 2026-05-20 12:49:35 +00:00
Owner
Copy link

This should probably end in a period

This should probably end in a period
eve marked this conversation as resolved
src/core/config/mod.rs Outdated
@ -763,0 +770,4 @@
/// a substitute for moderation bots.
pub default_room_acl_allow: Option<Vec<String>>,
/// A default deny value for the Access Control List when creating a room
ginger commented 2026-05-20 12:49:44 +00:00
Owner
Copy link

Same here

Same here
eve marked this conversation as resolved
eve force-pushed I775 from 26011408aa
All checks were successful
Checks / Changelog / Check changelog is added (pull_request_target) Successful in 9s
Details
Documentation / Build and Deploy Documentation (pull_request) Has been skipped
Details
Checks / Prek / Check changed files (pull_request) Successful in 27s
Details
Checks / Prek / Pre-commit & Formatting (pull_request) Successful in 1m40s
Details
Checks / Prek / Clippy and Cargo Tests (pull_request) Successful in 9m1s
Details
to b231210797
Some checks failed
Documentation / Build and Deploy Documentation (pull_request) Has been skipped
Details
Checks / Changelog / Check changelog is added (pull_request_target) Successful in 9s
Details
Checks / Prek / Check changed files (pull_request) Successful in 33s
Details
Update flake hashes / update-flake-hashes (pull_request) Failing after 1m48s
Details
Checks / Prek / Clippy and Cargo Tests (pull_request) Successful in 9m5s
Details
Checks / Prek / Pre-commit & Formatting (pull_request) Successful in 21m6s
Details
2026-05-20 12:59:08 +00:00 Compare
eve force-pushed I775 from b231210797
Some checks failed
Documentation / Build and Deploy Documentation (pull_request) Has been skipped
Details
Checks / Changelog / Check changelog is added (pull_request_target) Successful in 9s
Details
Checks / Prek / Check changed files (pull_request) Successful in 33s
Details
Update flake hashes / update-flake-hashes (pull_request) Failing after 1m48s
Details
Checks / Prek / Clippy and Cargo Tests (pull_request) Successful in 9m5s
Details
Checks / Prek / Pre-commit & Formatting (pull_request) Successful in 21m6s
Details
to 652f525352
All checks were successful
Documentation / Build and Deploy Documentation (pull_request) Has been skipped
Details
Checks / Changelog / Check changelog is added (pull_request_target) Successful in 9s
Details
Checks / Prek / Check changed files (pull_request) Successful in 32s
Details
Checks / Prek / Clippy and Cargo Tests (pull_request) Successful in 8m56s
Details
Checks / Prek / Pre-commit & Formatting (pull_request) Successful in 21m10s
Details
2026-05-20 13:49:28 +00:00 Compare
Jade approved these changes 2026-05-21 16:40:48 +00:00
ginger merged commit 02409c06b8 into main 2026-05-21 17:09:43 +00:00
Sign in to join this conversation.
Reviewers
No reviewers
nex
ginger
Jade
Aranjedeath
Labels
Clear labels   
Blocked
This pull request or issue is currently blocked from being merged/closed

  
Bug
Something isn't working as intended

  
Changelog
Added
 Changelog entry added

  
Changelog
Missing
 No changelog when one is needed

  
Changelog
None
 Changelog is unnecesary for this change

  
Cherry-picking
Commits picked from other conduit projects

  
Database
This requires or includes changes to the database

  
Dependencies
Something dependency related

  
Dependencies/Renovate
Automatic dependency upgrades by Renovate

  
Difficulty
Easy
 Low difficulty to implement - touches few parts of the codebase, low complexity

  
Difficulty
Hard
 High difficulty to implement - touches many parts of the codebase, high complexity

  
Difficulty
Medium
 Medium difficulty to implement - touches more parts of the codebase, higher complexity

  
Documentation
Improvements or additions to documentation

  
Enhancement
New feature or request

  
Good first issue
Good for newcomers

  
Help wanted
Additional eyes and keyboards are required for this one

  
Inherited
Issues that have been inhereted from the project pre-fork

  
Matrix/Administration
Features pertaining to homeserver administration

  
Matrix/Appservices
Features pertaining to the appservice API

  
Matrix/Auth
Features pertaining to authentication

  
Matrix/Client
Features pertaining to client-to-server interactions

  
Matrix/Core
Issues relating to core matrix functionality, such as state resolution and PDU formats

  
Matrix/E2EE
Issues related to end to end encryption

  
Matrix/Federation
Features pertaining to server-to-server interactions

  
Matrix/Hydra
Issues related to room version 12 and related changes (temporary label)

  
Matrix/MSC
Features pertaining to unstable matrix features

  
Matrix/Media
Features pertaining to media interactions

  
Matrix/T&S
Changes or issues related to trust & safety tooling

  
Merge
This PR is ready to be merged

  
Merge/Manual
This PR should be manually merged

  
Merge/Squash
This PR should be squashed when it is merged

  
Meta
Related to housekeeping, maintenance, or other repo-meta.

  
Meta/CI
Issues related to CI changes

  
Meta/Packaging
Packaging

  
Priority
Blocking
 This issue is blocking the next release

  
Priority
High
 This issue is very important

  
Priority
Low
 This issue is of a rather low priority

  
Security
This item is related to general security

  
Status
Confirmed
 This issue has enough information and is confirmed

  
Status
Duplicate
 This issue or pull request already exists

  
Status
Invalid
 This issue doesn't seem right

  
Status
Needs Investigation
 This issue needs further investigation

  
Support
Questions or support requests

  
Wont fix
This will not be worked on

  
old/ci/cd
Ci/CD

Archived

  
old/rust
Pull requests that update Rust code

Archived

No labels
Blocked
Bug
Changelog
Added
Changelog
Missing
Changelog
None
Cherry-picking
Database
Dependencies
Dependencies/Renovate
Difficulty
Easy
Difficulty
Hard
Difficulty
Medium
Documentation
Enhancement
Good first issue
Help wanted
Inherited
Matrix/Administration
Matrix/Appservices
Matrix/Auth
Matrix/Client
Matrix/Core
Matrix/E2EE
Matrix/Federation
Matrix/Hydra
Matrix/MSC
Matrix/Media
Matrix/T&S
Merge
Merge/Manual
Merge/Squash
Meta
Meta/CI
Meta/Packaging
Priority
Blocking
Priority
High
Priority
Low
Security
Status
Confirmed
Status
Duplicate
Status
Invalid
Status
Needs Investigation
Support
Wont fix
old/ci/cd
old/rust
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
5 participants
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
continuwuation/continuwuity!1691
No description provided.