continuwuation/continuwuity
continuwuation/continuwuity
11
31
Fork 29
Code Issues 97 Pull requests 22 Releases 19 Packages 4 Activity Actions

feat(MSC4277): Unify reporting endpoint behaviours #919

Merged
Jade merged 3 commits from nex/feat/4277-harmonized-reporting-endpoints into main 2025-09-10 16:35:03 +00:00
Conversation 5 Commits 3 Files changed 1 +10 -20
nex commented 2025-08-05 20:04:18 +00:00
Owner
Copy link

MSC4277

  • reporting rooms now always returns 200 OK
  • reporting an event returns OK if we don't know about the reported event
  • removed the score parameter (needs a followup ruwuma update)
[MSC4277](https://github.com/matrix-org/matrix-spec-proposals/pull/4277) * ~~reporting rooms now always returns 200 OK~~ * ~~reporting an event returns OK if we don't know about the reported event~~ * removed the score parameter (needs a followup ruwuma update)
feat(MSC4277): Unify reporting endpoint behaviours
Some checks failed
Release Docker Image / merge (push) Blocked by required conditions
Details
Release Docker Image / define-variables (push) Successful in 2s
Details
Checks / Prefligit / prefligit (push) Successful in 15s
Details
Checks / Rust / Format (push) Successful in 42s
Details
Release Docker Image / build-image (linux/arm64, release, linux-arm64, base) (push) Has been cancelled
Details
Checks / Rust / Cargo Test (push) Has been cancelled
Details
Release Docker Image / build-image (linux/amd64, release, linux-amd64, base) (push) Has been cancelled
Details
Checks / Rust / Clippy (push) Has been cancelled
Details
Checks / Prefligit / prefligit (pull_request) Successful in 20s
Details
Documentation / Build and Deploy Documentation (pull_request) Successful in 38s
Details
b1be499973
 
* reporting rooms now always returns 200 OK
* reporting an event returns OK if we don't know about the reported event
* removed the score parameter (needs a followup ruwuma update)
style(MSC4277): Run lints to satisfy checks
All checks were successful
Release Docker Image / define-variables (push) Successful in 4s
Details
Checks / Prefligit / prefligit (push) Successful in 19s
Details
Checks / Rust / Format (push) Successful in 50s
Details
Documentation / Build and Deploy Documentation (pull_request) Successful in 38s
Details
Checks / Prefligit / prefligit (pull_request) Successful in 19s
Details
Checks / Rust / Clippy (push) Successful in 2m58s
Details
Checks / Rust / Cargo Test (push) Successful in 4m26s
Details
Release Docker Image / build-image (linux/amd64, release, linux-amd64, base) (push) Successful in 13m5s
Details
Release Docker Image / build-image (linux/arm64, release, linux-arm64, base) (push) Successful in 13m35s
Details
Release Docker Image / merge (push) Successful in 26s
Details
3c35fb61c9
nex requested review from Jade 2025-08-05 20:14:01 +00:00
Jade requested changes 2025-08-05 22:38:57 +00:00
Dismissed
Jade left a comment
Owner
Copy link

Wondering if this is the correct action, we already have visibility checks in /event

Wondering if this is the correct action, we already have visibility checks in /event
src/api/client/report.rs Outdated
@ -59,3 +66,1 @@
return Err!(Request(NotFound(
"Room does not exist to us, no local users have joined at all"
)));
// return 200 as to not reveal if the room exists, preventing enumeration.
Jade commented 2025-08-05 22:36:56 +00:00
Owner
Copy link

Surely room peaking already has this issue? Either way checking if the room or event is visible to the user would be better

Surely room peaking already has this issue? Either way checking if the room or event is visible to the user would be better
nex commented 2025-08-05 22:42:45 +00:00
Author
Owner
Copy link

Not all rooms can be peeked per visibility settings and whatnot, so it's hard to differentiate between a room that does not exist and a room that cannot be peeked (aside from the different error types ig). Plus, can't peeking go over federation too?
I'm not sure why the user needs to know if a reported room exists or not, the only reason it wouldn't (aside from us having never joined) is if they are deliberately reporting random room IDs.

Not all rooms can be peeked per visibility settings and whatnot, so it's hard to differentiate between a room that does not exist and a room that cannot be peeked (aside from the different error types ig). Plus, can't peeking go over federation too? I'm not sure why the user needs to know if a reported room exists or not, the only reason it wouldn't (aside from us having never joined) is if they are deliberately reporting random room IDs.
Jade commented 2025-08-05 22:51:56 +00:00
Owner
Copy link

We don't do federated peeking yet. Perhaps erroring on invalid ID formats but accepting otherwise and always pushing to admin room is OK?

We don't do federated peeking yet. Perhaps erroring on invalid ID formats but accepting otherwise and always pushing to admin room is OK?
nex marked this conversation as resolved
src/api/client/report.rs Outdated
@ -101,3 +101,3 @@
// check if we know about the reported event ID or if it's invalid
let Ok(pdu) = services.rooms.timeline.get_pdu(&body.event_id).await else {
return Err!(Request(NotFound("Event ID is not known to us or Event ID is invalid")));
info!(
Jade commented 2025-08-05 22:37:38 +00:00
Owner
Copy link

Same

Same
nex commented 2025-08-05 22:43:21 +00:00
Author
Owner
Copy link

I can kinda see that argument for this better, but also, I don't see how reporting an event we just don't have (remember soft-failed events pass this check) benefits anybody

I can kinda see that argument for this better, but also, I don't see how reporting an event we just don't have (remember soft-failed events pass this check) benefits anybody
Jade commented 2025-08-05 22:49:10 +00:00
Owner
Copy link

Checking visibility using that check wouldn't allow events that we can't run that check on through at least

Checking visibility using that check wouldn't allow events that we can't run that check on through at least
nex marked this conversation as resolved
Jade commented 2025-08-05 22:48:37 +00:00
Owner
Copy link

Re both threads, my reasoning is basically: dropping reports silently is bad - especially with user provided reason text.

Re both threads, my reasoning is basically: dropping reports silently is bad - especially with user provided reason text.
nex commented 2025-08-05 22:52:47 +00:00
Author
Owner
Copy link

@Jade wrote in #919 (comment):

Re both threads, my reasoning is basically: dropping reports silently is bad - especially with user provided reason text.

counterpoint, dropping reports noisily, especially without ratelimiting (although kinda alleviated by the random delay) opens up the potential for enumeration. I can't think of a situation where an invalid report can even accidentally be made, since all implementations currently require you to have the thing you're reporting in front of you, as such invalid reports have to be deliberate and should be treated without inherent trust or respect.

@Jade wrote in https://forgejo.ellis.link/continuwuation/continuwuity/pulls/919#issuecomment-17067: > Re both threads, my reasoning is basically: dropping reports silently is bad - especially with user provided reason text. counterpoint, dropping reports noisily, especially without ratelimiting (although kinda alleviated by the random delay) opens up the potential for enumeration. I can't think of a situation where an invalid report can even accidentally be made, since all implementations currently require you to have the thing you're reporting in front of you, as such invalid reports have to be deliberate and should be treated without inherent trust or respect.
nex added this to the v0.5.0-rc.8 milestone 2025-08-16 16:10:00 +00:00
nex commented 2025-08-23 21:18:46 +00:00
Author
Owner
Copy link

Blocked - see open comment threads.

Blocked - see open comment threads.
nex force-pushed nex/feat/4277-harmonized-reporting-endpoints from 3c35fb61c9
All checks were successful
Release Docker Image / define-variables (push) Successful in 4s
Details
Checks / Prefligit / prefligit (push) Successful in 19s
Details
Checks / Rust / Format (push) Successful in 50s
Details
Documentation / Build and Deploy Documentation (pull_request) Successful in 38s
Details
Checks / Prefligit / prefligit (pull_request) Successful in 19s
Details
Checks / Rust / Clippy (push) Successful in 2m58s
Details
Checks / Rust / Cargo Test (push) Successful in 4m26s
Details
Release Docker Image / build-image (linux/amd64, release, linux-amd64, base) (push) Successful in 13m5s
Details
Release Docker Image / build-image (linux/arm64, release, linux-arm64, base) (push) Successful in 13m35s
Details
Release Docker Image / merge (push) Successful in 26s
Details
to de275dc8e9
All checks were successful
Documentation / Build and Deploy Documentation (pull_request) Successful in 24s
Details
Checks / Prek / Pre-commit & Formatting (pull_request) Successful in 1m4s
Details
Release Docker Image / define-variables (pull_request) Successful in 2s
Details
Release Docker Image / build-image (linux/amd64, release, linux-amd64, base) (pull_request) Successful in 6m28s
Details
Release Docker Image / build-image (linux/arm64, release, linux-arm64, base) (pull_request) Successful in 5m40s
Details
Release Docker Image / merge (pull_request) Successful in 7s
Details
Checks / Prek / Clippy and Cargo Tests (pull_request) Successful in 11m22s
Details
2025-09-07 22:26:13 +00:00 Compare
fix(MSC4277): Undo refuted response changes
All checks were successful
Documentation / Build and Deploy Documentation (pull_request) Successful in 31s
Details
Release Docker Image / define-variables (pull_request) Successful in 3s
Details
Checks / Prek / Pre-commit & Formatting (pull_request) Successful in 50s
Details
Release Docker Image / build-image (linux/arm64, release, linux-arm64, base) (pull_request) Successful in 5m27s
Details
Checks / Prek / Clippy and Cargo Tests (pull_request) Successful in 8m51s
Details
Release Docker Image / build-image (linux/amd64, release, linux-amd64, base) (pull_request) Successful in 4m8s
Details
Release Docker Image / merge (pull_request) Successful in 7s
Details
3df097c2a7
nex requested review from Jade 2025-09-07 22:36:49 +00:00
Jade approved these changes 2025-09-07 22:39:23 +00:00
nex force-pushed nex/feat/4277-harmonized-reporting-endpoints from 3df097c2a7
All checks were successful
Documentation / Build and Deploy Documentation (pull_request) Successful in 31s
Details
Release Docker Image / define-variables (pull_request) Successful in 3s
Details
Checks / Prek / Pre-commit & Formatting (pull_request) Successful in 50s
Details
Release Docker Image / build-image (linux/arm64, release, linux-arm64, base) (pull_request) Successful in 5m27s
Details
Checks / Prek / Clippy and Cargo Tests (pull_request) Successful in 8m51s
Details
Release Docker Image / build-image (linux/amd64, release, linux-amd64, base) (pull_request) Successful in 4m8s
Details
Release Docker Image / merge (pull_request) Successful in 7s
Details
to baa89586e2
Some checks failed
Documentation / Build and Deploy Documentation (pull_request) Successful in 39s
Details
Checks / Prek / Pre-commit & Formatting (pull_request) Successful in 47s
Details
Release Docker Image / define-variables (pull_request) Successful in 1s
Details
Checks / Prek / Clippy and Cargo Tests (pull_request) Failing after 1m28s
Details
Release Docker Image / build-image (linux/amd64, release, linux-amd64, base) (pull_request) Failing after 1m2s
Details
Release Docker Image / build-image (linux/arm64, release, linux-arm64, base) (pull_request) Failing after 1m8s
Details
Release Docker Image / merge (pull_request) Has been skipped
Details
Release Docker Image / define-variables (push) Waiting to run
Details
Release Docker Image / build-image (linux/amd64, release, linux-amd64, base) (push) Blocked by required conditions
Details
Release Docker Image / build-image (linux/arm64, release, linux-arm64, base) (push) Blocked by required conditions
Details
Release Docker Image / merge (push) Blocked by required conditions
Details
Documentation / Build and Deploy Documentation (push) Successful in 31s
Details
Checks / Prek / Clippy and Cargo Tests (push) Has been cancelled
Details
Checks / Prek / Pre-commit & Formatting (push) Has been cancelled
Details
2025-09-10 16:25:09 +00:00 Compare
Jade merged commit baa89586e2 into main 2025-09-10 16:35:03 +00:00
Sign in to join this conversation.
Reviewers
No reviewers
Jade
Labels
Clear labels   
Bug

Something isn't working as intended

  
Cherry-picking

Commits picked from other conduit projects

  
Database

This requires or includes changes to the database

  
Dependencies

Something dependency related

  
Dependencies/Renovate

Automatic dependency upgrades by Renovate

  
Difficulty
Easy
Low difficulty to implement - touches few parts of the codebase, low complexity

  
Difficulty
Hard
High difficulty to implement - touches many parts of the codebase, high complexity

  
Difficulty
Medium
Medium difficulty to implement - touches more parts of the codebase, higher complexity

  
Documentation

Improvements or additions to documentation

  
Enhancement

New feature or request

  
Good first issue

Good for newcomers

  
Help wanted

Additional eyes and keyboards are required for this one

  
Inherited

Issues that have been inhereted from the project pre-fork

  
Matrix/Administration

Features pertaining to homeserver administration

  
Matrix/Appservices

Features pertaining to the appservice API

  
Matrix/Auth

Features pertaining to authentication

  
Matrix/Client

Features pertaining to client-to-server interactions

  
Matrix/Core

Issues relating to core matrix functionality, such as state resolution and PDU formats

  
Matrix/Federation

Features pertaining to server-to-server interactions

  
Matrix/Hydra

Issues related to room version 12 and related changes (temporary label)

  
Matrix/MSC

Features pertaining to unstable matrix features

  
Matrix/Media

Features pertaining to media interactions

  
Meta

Related to housekeeping, maintenance, or other repo-meta.

  
Meta/CI

Issues related to CI changes

  
Meta/Packaging

Packaging

  
Priority
Blocking
This issue is blocking the next release

  
Priority
High
This issue is very important

  
Priority
Low
This issue is of a rather low priority

  
Security

This item is related to general security

  
Status/Blocked

This pull request or issue is currently blocked from being merged/closed

  
Status
Confirmed
This issue has enough information and is confirmed

  
Status
Duplicate
This issue or pull request already exists

  
Status
Invalid
This issue doesn't seem right

  
Status
Needs Investigation
This issue needs further investigation

  
To-Merge

   
Wont fix

This will not be worked on

  
old/ci/cd

Ci/CD

Archived

  
old/rust

Pull requests that update Rust code

Archived

No labels
Bug
Cherry-picking
Database
Dependencies
Dependencies/Renovate
Difficulty
Easy
Difficulty
Hard
Difficulty
Medium
Documentation
Enhancement
Good first issue
Help wanted
Inherited
Matrix/Administration
Matrix/Appservices
Matrix/Auth
Matrix/Client
Matrix/Core
Matrix/Federation
Matrix/Hydra
Matrix/MSC
Matrix/Media
Meta
Meta/CI
Meta/Packaging
Priority
Blocking
Priority
High
Priority
Low
Security
Status/Blocked
Status
Confirmed
Status
Duplicate
Status
Invalid
Status
Needs Investigation
To-Merge
Wont fix
old/ci/cd
old/rust
Milestone
Clear milestone
No items
No milestone
v0.5.0-rc.8
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
2 participants
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
continuwuation/continuwuity!919
No description provided.