perf: Attempt to prevent people joining known busted rooms
This commit is contained in:
timedout
parent
38e93cde3e
commit
511bb8bf55
4 changed files with 60 additions and 4 deletions
1
changelog.d/1502.feature
Normal file
1
changelog.d/1502.feature
Normal file
|
|
@ -0,0 +1 @@
|
|||
Added a list of rooms that are forcefully banned for performance reasons, to prevent new users foot-gunning themselves by joining them. Contributed by @nex.
|
||||
|
|
@ -1519,6 +1519,23 @@
|
|||
#
|
||||
#forbidden_alias_names = []
|
||||
|
||||
# Allow joining rooms that are known to be broken or have a history of
|
||||
# causing issues.
|
||||
#
|
||||
# The rooms that are banned in this way are hardcoded and set by the
|
||||
# maintainers, and cannot be configured. This method is a last-resort to
|
||||
# prevent people who are just setting up Matrix from joining these huge,
|
||||
# old rooms that have been recommended to them, only to watch their
|
||||
# server turn into a space heater and have horrific performance issues
|
||||
# that are unresolvable due to the completely broken state of the rooms.
|
||||
#
|
||||
# If you enable this option, you acknowledge that joining rooms banned by
|
||||
# this feature will likely cause you severe performance issues, and you
|
||||
# forgo your right to complain about any slowdowns or inflated resource
|
||||
# usage you encounter.
|
||||
#
|
||||
#allow_joining_broken_rooms = false
|
||||
|
||||
# List of forbidden username patterns/strings.
|
||||
#
|
||||
# Regex can be used or explicit contains matches can be done by just
|
||||
|
|
|
|||
|
|
@ -58,6 +58,18 @@ pub(crate) async fn joined_rooms_route(
|
|||
})
|
||||
}
|
||||
|
||||
const BROKEN_ROOM_IDS: [&str; 9] = [
|
||||
"!iMZEhwCvbfeAYUxAjZ:t2l.io", // Matrix community space - insanely broken state
|
||||
"!OGEhHVWSdvArJzumhm:matrix.org", // Old Matrix HQ - huge room, very broken
|
||||
"!IemiTbwVankHTFiEoh:matrix.org", // Old Element Web - huge room, very broken
|
||||
"!brXHJeAtqliwNGqHQx:lossy.network", // NixOS space - frequent bug reports, huge state
|
||||
"!04iUOXvKl6GxOztTbP230xhKR-hu4kPzrzfjiv9dc_8", // GrapheneOS space - frequent bug reports
|
||||
"!MBrxZRUoApYYjmyion:t2bot.io", // Old t2bot room - insane auth chain depths
|
||||
"izahlpcyIDeymNjiOd:matrix.debian.social", // #debian-next:matrix.debian.social
|
||||
"!mefQhZzgTaxNCNzAeK:kde.org", // KDE user help
|
||||
"!OTxETzuhBDbnPqBqbP:kde.org", // KDE space
|
||||
];
|
||||
|
||||
/// Checks if the room is banned in any way possible and the sender user is not
|
||||
/// an admin.
|
||||
///
|
||||
|
|
@ -71,11 +83,15 @@ pub(crate) async fn banned_room_check(
|
|||
server_name: Option<&ServerName>,
|
||||
client_ip: IpAddr,
|
||||
) -> Result {
|
||||
if services.users.is_admin(user_id).await {
|
||||
return Ok(());
|
||||
}
|
||||
|
||||
if let Some(room_id) = room_id {
|
||||
if !services.config.allow_joining_broken_rooms
|
||||
&& BROKEN_ROOM_IDS.contains(&room_id.as_str())
|
||||
{
|
||||
return Err!(Request(Forbidden("This room is too complex.")));
|
||||
}
|
||||
if services.users.is_admin(user_id).await {
|
||||
return Ok(());
|
||||
}
|
||||
let room_banned = services.rooms.metadata.is_banned(room_id).await;
|
||||
let server_banned = room_id.server_name().is_some_and(|server_name| {
|
||||
services.moderation.is_remote_server_forbidden(server_name)
|
||||
|
|
@ -116,6 +132,9 @@ pub(crate) async fn banned_room_check(
|
|||
return Err!(Request(Forbidden("This room is banned on this homeserver.")));
|
||||
}
|
||||
} else if let Some(server_name) = server_name {
|
||||
if services.users.is_admin(user_id).await {
|
||||
return Ok(());
|
||||
}
|
||||
if services
|
||||
.config
|
||||
.forbidden_remote_server_names
|
||||
|
|
|
|||
|
|
@ -1751,6 +1751,25 @@ pub struct Config {
|
|||
#[serde(default, with = "serde_regex")]
|
||||
pub forbidden_alias_names: RegexSet,
|
||||
|
||||
/// Allow joining rooms that are known to be broken or have a history of
|
||||
/// causing issues.
|
||||
///
|
||||
/// The rooms that are banned in this way are hardcoded and set by the
|
||||
/// maintainers, and cannot be configured. This method is a last-resort to
|
||||
/// prevent people who are just setting up Matrix from joining these huge,
|
||||
/// old rooms that have been recommended to them, only to watch their
|
||||
/// server turn into a space heater and have horrific performance issues
|
||||
/// that are unresolvable due to the completely broken state of the rooms.
|
||||
///
|
||||
/// If you enable this option, you acknowledge that joining rooms banned by
|
||||
/// this feature will likely cause you severe performance issues, and you
|
||||
/// forgo your right to complain about any slowdowns or inflated resource
|
||||
/// usage you encounter.
|
||||
///
|
||||
/// default: false
|
||||
#[serde(default)]
|
||||
pub allow_joining_broken_rooms: bool,
|
||||
|
||||
/// List of forbidden username patterns/strings.
|
||||
///
|
||||
/// Regex can be used or explicit contains matches can be done by just
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue