continuwuation/continuwuity
9
17
Fork 10
Code Issues 78 Pull requests 9 Projects Releases 16 Packages 1 Activity Actions 1

Federation allow list #673

Closed
Jade wants to merge 4 commits from JadedBlueEyes/federation-allow-list into main
pull from: JadedBlueEyes/federation-allow-list
merge into: continuwuation:main
Conversation 1 Commits 4 Files changed 19 +127 -96
Jade commented 2025-01-18 17:08:32 +00:00
Owner
Copy link

This adds an allowed_remote_server_names. When empty, all remote servers are allowed. When set, servers not in the list are treated the same as forbidden_remote_server_names.

This additionally makes these options apply to remote media fetching and remote room directory fetching.

Not sure if ignoring messages from servers not in the allow-list is the best behaviour - it may result in some unexpected behaviour in cases like #672, where users are in a room with a non-allowed user via an allowed user. Perhaps this should be a separate option?

Unfortunately, the example config won't regenerate for me.
Tested and appears to work well (matrix-limited-federation.pissing.dev, only allows pissing.dev)

A useful enhancement for this and related options may be glob matching, or reading from a policy room. Out of scope for this, though.

This adds an `allowed_remote_server_names`. When empty, all remote servers are allowed. When set, servers not in the list are treated the same as `forbidden_remote_server_names`. This additionally makes these options apply to remote media fetching and remote room directory fetching. Not sure if ignoring messages from servers not in the allow-list is the best behaviour - it may result in some unexpected behaviour in cases like #672, where users are in a room with a non-allowed user via an allowed user. Perhaps this should be a separate option? Unfortunately, the example config won't regenerate for me. Tested and appears to work well (`matrix-limited-federation.pissing.dev`, only allows `pissing.dev`) A useful enhancement for this and related options may be glob matching, or reading from a policy room. Out of scope for this, though.
Jade commented 2025-01-29 19:51:44 +00:00
Author
Owner
Copy link

Rebased on the latest main, but I haven't tested config live reload with this as it's not a feature I use

Rebased on the latest main, but I haven't tested config live reload with this as it's not a feature I use
nex added the
Inherited
 label 2025-04-14 23:38:40 +00:00
Jade referenced this pull request from a commit 2025-04-19 22:33:20 +00:00
feat: Add `allowed_remote_server_names`
Jade referenced this pull request from a commit 2025-04-19 22:36:43 +00:00
feat: Add `allowed_remote_server_names`
Jade referenced this pull request from a commit 2025-04-19 22:38:02 +00:00
feat: Add `allowed_remote_server_names`
Jade closed this pull request 2025-04-20 13:05:20 +00:00

Pull request closed

Please reopen this pull request to perform a merge.
Sign in to join this conversation.
Reviewers
No reviewers
Labels
Clear labels   
Bug

Something isn't working as intended

  
Cherry-picking

Commits picked from other conduit projects

  
Database

This requires or includes changes to the database

  
Dependencies

Something dependency related

  
Documentation

Improvements or additions to documentation

  
Enhancement

New feature or request

  
Good first issue

Good for newcomers

  
Help wanted

Additional eyes and keyboards are required for this one

  
Inherited

Issues that have been inhereted from the project pre-fork

  
Matrix/Administration

Features pertaining to homeserver administration

  
Matrix/Appservices

Features pertaining to the appservice API

  
Matrix/Auth

Features pertaining to authentication

  
Matrix/Client

Features pertaining to client-to-server interactions

  
Matrix/Core

   
Matrix/Federation

Features pertaining to server-to-server interactions

  
Matrix/MSC

Features pertaining to unstable matrix features

  
Matrix/Media

Features pertaining to media interactions

  
Meta

Related to housekeeping, maintenance, or other repo-meta.

  
Meta/Packaging

Packaging

  
Priority
Blocking
This issue is blocking the next release

  
Priority
High
This issue is very important

  
Priority
Low
This issue is of a rather low priority

  
Security

This item is related to general security

  
Status
Confirmed

  
Status
Duplicate
This issue or pull request already exists

  
Status
Invalid
This issue doesn't seem right

  
Status
Needs Investigation
This issue needs further investigation

  
Wont fix

This will not be worked on

  
old/ci/cd

Ci/CD

Archived

  
old/rust

Pull requests that update Rust code

Archived

No labels
Bug
Cherry-picking
Database
Dependencies
Documentation
Enhancement
Good first issue
Help wanted
Inherited
Matrix/Administration
Matrix/Appservices
Matrix/Auth
Matrix/Client
Matrix/Core
Matrix/Federation
Matrix/MSC
Matrix/Media
Meta
Meta/Packaging
Priority
Blocking
Priority
High
Priority
Low
Security
Status
Confirmed
Status
Duplicate
Status
Invalid
Status
Needs Investigation
Wont fix
old/ci/cd
old/rust
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: continuwuation/continuwuity#673
No description provided.
Delete branch "JadedBlueEyes/federation-allow-list"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?