continuwuation/continuwuity
9
17
Fork 10
Code Issues 78 Pull requests 9 Projects Releases 16 Packages 1 Activity Actions

Federation allow list #774

Merged
Jade merged 4 commits from jade/federation-allow-list into main 2025-04-19 23:38:47 +00:00
Conversation 4 Commits 4 Files changed 18 +155 -98
Jade commented 2025-04-19 22:39:51 +00:00
Owner
Copy link

Superseeds #673

This has slightly different behaviour, given that the relevant options support regex now. See documentation in the second commit.

Superseeds https://forgejo.ellis.link/continuwuation/continuwuity/pulls/673 This has slightly different behaviour, given that the relevant options support regex now. See documentation in the second commit.
Jade added 2 commits 2025-04-19 22:39:52 +00:00 
This moves all checks related to `forbidden_remote_server_names`,
`forbidden_remote_room_directory_server_names` and
`prevent_media_downloads_from` to a new `moderation` module.
This is useful for implementing more complicated logic globally.
Mostly the changes from #673, but is also relevant for #750
feat: Add allowed_remote_server_names
Some checks failed
Release Docker Image / define-variables (push) Successful in 12s
Details
Release Docker Image / build-image (linux/amd64, linux-amd64) (push) Successful in 23m27s
Details
Release Docker Image / define-variables (pull_request) Successful in 13s
Details
Release Docker Image / build-image (linux/amd64, linux-amd64) (pull_request) Successful in 3m45s
Details
Release Docker Image / build-image (linux/arm64, linux-arm64) (pull_request) Successful in 19m14s
Details
Release Docker Image / merge (pull_request) Successful in 33s
Details
Release Docker Image / build-image (linux/arm64, linux-arm64) (push) Successful in 17m54s
Details
Documentation / Build and Deploy Documentation (pull_request) Failing after 1s
Details
Release Docker Image / merge (push) Failing after 31s
Details
9e62076baa 
This allows explicitly allowing servers. Can be
combined with the opposite to create allowlist-only
federation.

See also #31

Closes #673
requested review from Owners 2025-04-19 22:42:52 +00:00
Aranjedeath reviewed 2025-04-19 22:55:35 +00:00
src/core/config/mod.rs Outdated
@ -1955,3 +1970,3 @@
self.get_bind_hosts()
.len()
.saturating_add(self.get_bind_ports().len()),
.saturating_mul(self.get_bind_ports().len()),
Aranjedeath commented 2025-04-19 22:55:35 +00:00
Owner
Copy link

why change add to mul?

why change add to mul?
Jade commented 2025-04-19 22:58:44 +00:00
Author
Owner
Copy link

This is a minor bug fix from the original PR. If you're listening on two ports on three hosts, you're listening on six addresses, not five. If you're listening on one port on one host, you're listening on one address, not two.

This is a minor bug fix from the original PR. If you're listening on two ports on three hosts, you're listening on six addresses, not five. If you're listening on one port on one host, you're listening on one address, not two.
Jade marked this conversation as resolved
Aranjedeath approved these changes 2025-04-19 23:00:26 +00:00
Jade added 1 commit 2025-04-19 23:16:33 +00:00
docs: Document backfill bypassing federation restrictions
Some checks failed
Release Docker Image / define-variables (push) Failing after 1s
Details
Release Docker Image / build-image (linux/amd64, linux-amd64) (push) Has been skipped
Details
Release Docker Image / build-image (linux/arm64, linux-arm64) (push) Has been skipped
Details
Release Docker Image / merge (push) Has been skipped
Details
Documentation / Build and Deploy Documentation (pull_request) Failing after 1s
Details
Release Docker Image / define-variables (pull_request) Successful in 5s
Details
Release Docker Image / build-image (linux/arm64, linux-arm64) (pull_request) Successful in 18m53s
Details
Release Docker Image / build-image (linux/amd64, linux-amd64) (pull_request) Successful in 57m15s
Details
Release Docker Image / merge (pull_request) Failing after 31s
Details
84445b8458
nex requested changes 2025-04-19 23:23:51 +00:00
Dismissed
nex left a comment
Owner
Copy link

looks good, just a few comments on the documentation

looks good, just a few comments on the documentation
conduwuit-example.toml
@ -1201,4 +1208,4 @@
# sender user's server name, inbound federation X-Matrix origin, and
# outbound federation handler.
#
# Basically "global" ACLs.
nex commented 2025-04-19 23:23:34 +00:00
Owner
Copy link

This line is quite misleading to a first-time user, who may assume "you can set ACLs in rooms to prevent servers joining so global ACLs should apply to all of my rooms automatically".

Although, "default ACLs" sounds like a neat feature to tack on to /createRoom 🤔

This line is quite misleading to a first-time user, who may assume "you can set ACLs in rooms to prevent servers joining so global ACLs should apply to all of my rooms automatically". Although, "default ACLs" sounds like a neat feature to tack on to /createRoom 🤔
Jade commented 2025-04-19 23:30:15 +00:00
Author
Owner
Copy link

Agreed, I'll remove that entirely.

#775

Agreed, I'll remove that entirely. https://forgejo.ellis.link/continuwuation/continuwuity/issues/775
👍 1
Jade marked this conversation as resolved
conduwuit-example.toml
@ -1208,2 +1218,4 @@
#forbidden_remote_server_names = []
# List of allowed server names via regex patterns that we will allow,
# regardless of if they match `forbidden_remote_server_names`.
nex commented 2025-04-19 23:22:40 +00:00
Owner
Copy link

nitpicking, but it might be worth mentioning that this option has no effect if forbidden_remote_server_names is unspecified or otherwise wouldn't match any of them listed

nitpicking, but it might be worth mentioning that this option has no effect if `forbidden_remote_server_names` is unspecified or otherwise wouldn't match any of them listed
Jade marked this conversation as resolved
Jade added 1 commit 2025-04-19 23:31:12 +00:00
docs: Clarify
All checks were successful
Release Docker Image / define-variables (pull_request) Successful in 1s
Details
Release Docker Image / build-image (linux/arm64, linux-arm64) (pull_request) Successful in 17m50s
Details
Documentation / Build and Deploy Documentation (push) Successful in 41s
Details
Documentation / Build and Deploy Documentation (pull_request) Successful in 26s
Details
Release Docker Image / define-variables (push) Successful in 4s
Details
Release Docker Image / build-image (linux/amd64, linux-amd64) (pull_request) Successful in 50m28s
Details
Release Docker Image / build-image (linux/arm64, linux-arm64) (push) Successful in 17m41s
Details
Release Docker Image / merge (pull_request) Successful in 26s
Details
Release Docker Image / build-image (linux/amd64, linux-amd64) (push) Successful in 4m54s
Details
Release Docker Image / merge (push) Successful in 29s
Details
fe7963d306
nex approved these changes 2025-04-19 23:32:52 +00:00
nex left a comment
Owner
Copy link

Sweet, LGTM.

Sweet, LGTM.
Jade merged commit fe7963d306 into main 2025-04-19 23:38:47 +00:00
Jade deleted branch jade/federation-allow-list 2025-04-19 23:38:47 +00:00
Jade added the
Enhancement
 label 2025-04-23 21:49:55 +00:00
Sign in to join this conversation.
Reviewers
No reviewers
Aranjedeath
nex
Labels
Clear labels   
Bug

Something isn't working as intended

  
Cherry-picking

Commits picked from other conduit projects

  
Database

This requires or includes changes to the database

  
Dependencies

Something dependency related

  
Documentation

Improvements or additions to documentation

  
Enhancement

New feature or request

  
Good first issue

Good for newcomers

  
Help wanted

Additional eyes and keyboards are required for this one

  
Inherited

Issues that have been inhereted from the project pre-fork

  
Matrix/Administration

Features pertaining to homeserver administration

  
Matrix/Appservices

Features pertaining to the appservice API

  
Matrix/Auth

Features pertaining to authentication

  
Matrix/Client

Features pertaining to client-to-server interactions

  
Matrix/Core

   
Matrix/Federation

Features pertaining to server-to-server interactions

  
Matrix/MSC

Features pertaining to unstable matrix features

  
Matrix/Media

Features pertaining to media interactions

  
Meta

Related to housekeeping, maintenance, or other repo-meta.

  
Meta/Packaging

Packaging

  
Priority
Blocking
This issue is blocking the next release

  
Priority
High
This issue is very important

  
Priority
Low
This issue is of a rather low priority

  
Security

This item is related to general security

  
Status
Confirmed

  
Status
Duplicate
This issue or pull request already exists

  
Status
Invalid
This issue doesn't seem right

  
Status
Needs Investigation
This issue needs further investigation

  
Wont fix

This will not be worked on

  
old/ci/cd

Ci/CD

Archived

  
old/rust

Pull requests that update Rust code

Archived

No labels
Bug
Cherry-picking
Database
Dependencies
Documentation
Enhancement
Good first issue
Help wanted
Inherited
Matrix/Administration
Matrix/Appservices
Matrix/Auth
Matrix/Client
Matrix/Core
Matrix/Federation
Matrix/MSC
Matrix/Media
Meta
Meta/Packaging
Priority
Blocking
Priority
High
Priority
Low
Security
Status
Confirmed
Status
Duplicate
Status
Invalid
Status
Needs Investigation
Wont fix
old/ci/cd
old/rust
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
3 participants
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: continuwuation/continuwuity#774
No description provided.
Delete branch "jade/federation-allow-list"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?