From 511bb8bf55c2a2435ca71fd60dbd72ba36daf53c Mon Sep 17 00:00:00 2001 From: timedout Date: Sat, 7 Mar 2026 17:02:08 +0000 Subject: [PATCH] perf: Attempt to prevent people joining known busted rooms --- changelog.d/1502.feature | 1 + conduwuit-example.toml | 17 +++++++++++++++++ src/api/client/membership/mod.rs | 27 +++++++++++++++++++++++---- src/core/config/mod.rs | 19 +++++++++++++++++++ 4 files changed, 60 insertions(+), 4 deletions(-) create mode 100644 changelog.d/1502.feature diff --git a/changelog.d/1502.feature b/changelog.d/1502.feature new file mode 100644 index 00000000..39256597 --- /dev/null +++ b/changelog.d/1502.feature @@ -0,0 +1 @@ +Added a list of rooms that are forcefully banned for performance reasons, to prevent new users foot-gunning themselves by joining them. Contributed by @nex. diff --git a/conduwuit-example.toml b/conduwuit-example.toml index 7d154f6f..dd8e463d 100644 --- a/conduwuit-example.toml +++ b/conduwuit-example.toml @@ -1519,6 +1519,23 @@ # #forbidden_alias_names = [] +# Allow joining rooms that are known to be broken or have a history of +# causing issues. +# +# The rooms that are banned in this way are hardcoded and set by the +# maintainers, and cannot be configured. This method is a last-resort to +# prevent people who are just setting up Matrix from joining these huge, +# old rooms that have been recommended to them, only to watch their +# server turn into a space heater and have horrific performance issues +# that are unresolvable due to the completely broken state of the rooms. +# +# If you enable this option, you acknowledge that joining rooms banned by +# this feature will likely cause you severe performance issues, and you +# forgo your right to complain about any slowdowns or inflated resource +# usage you encounter. +# +#allow_joining_broken_rooms = false + # List of forbidden username patterns/strings. # # Regex can be used or explicit contains matches can be done by just diff --git a/src/api/client/membership/mod.rs b/src/api/client/membership/mod.rs index 6f1bb3e7..3c248682 100644 --- a/src/api/client/membership/mod.rs +++ b/src/api/client/membership/mod.rs @@ -58,6 +58,18 @@ pub(crate) async fn joined_rooms_route( }) } +const BROKEN_ROOM_IDS: [&str; 9] = [ + "!iMZEhwCvbfeAYUxAjZ:t2l.io", // Matrix community space - insanely broken state + "!OGEhHVWSdvArJzumhm:matrix.org", // Old Matrix HQ - huge room, very broken + "!IemiTbwVankHTFiEoh:matrix.org", // Old Element Web - huge room, very broken + "!brXHJeAtqliwNGqHQx:lossy.network", // NixOS space - frequent bug reports, huge state + "!04iUOXvKl6GxOztTbP230xhKR-hu4kPzrzfjiv9dc_8", // GrapheneOS space - frequent bug reports + "!MBrxZRUoApYYjmyion:t2bot.io", // Old t2bot room - insane auth chain depths + "izahlpcyIDeymNjiOd:matrix.debian.social", // #debian-next:matrix.debian.social + "!mefQhZzgTaxNCNzAeK:kde.org", // KDE user help + "!OTxETzuhBDbnPqBqbP:kde.org", // KDE space +]; + /// Checks if the room is banned in any way possible and the sender user is not /// an admin. /// @@ -71,11 +83,15 @@ pub(crate) async fn banned_room_check( server_name: Option<&ServerName>, client_ip: IpAddr, ) -> Result { - if services.users.is_admin(user_id).await { - return Ok(()); - } - if let Some(room_id) = room_id { + if !services.config.allow_joining_broken_rooms + && BROKEN_ROOM_IDS.contains(&room_id.as_str()) + { + return Err!(Request(Forbidden("This room is too complex."))); + } + if services.users.is_admin(user_id).await { + return Ok(()); + } let room_banned = services.rooms.metadata.is_banned(room_id).await; let server_banned = room_id.server_name().is_some_and(|server_name| { services.moderation.is_remote_server_forbidden(server_name) @@ -116,6 +132,9 @@ pub(crate) async fn banned_room_check( return Err!(Request(Forbidden("This room is banned on this homeserver."))); } } else if let Some(server_name) = server_name { + if services.users.is_admin(user_id).await { + return Ok(()); + } if services .config .forbidden_remote_server_names diff --git a/src/core/config/mod.rs b/src/core/config/mod.rs index fb2c9375..39556d60 100644 --- a/src/core/config/mod.rs +++ b/src/core/config/mod.rs @@ -1751,6 +1751,25 @@ pub struct Config { #[serde(default, with = "serde_regex")] pub forbidden_alias_names: RegexSet, + /// Allow joining rooms that are known to be broken or have a history of + /// causing issues. + /// + /// The rooms that are banned in this way are hardcoded and set by the + /// maintainers, and cannot be configured. This method is a last-resort to + /// prevent people who are just setting up Matrix from joining these huge, + /// old rooms that have been recommended to them, only to watch their + /// server turn into a space heater and have horrific performance issues + /// that are unresolvable due to the completely broken state of the rooms. + /// + /// If you enable this option, you acknowledge that joining rooms banned by + /// this feature will likely cause you severe performance issues, and you + /// forgo your right to complain about any slowdowns or inflated resource + /// usage you encounter. + /// + /// default: false + #[serde(default)] + pub allow_joining_broken_rooms: bool, + /// List of forbidden username patterns/strings. /// /// Regex can be used or explicit contains matches can be done by just