From d189004d6564fae034465349cd23b41b5cb93e57 Mon Sep 17 00:00:00 2001 From: timedout Date: Thu, 16 Oct 2025 22:45:23 +0000 Subject: [PATCH] feat: Add more granular controls for policy server calling (#1127) Adds two new toggles to the configuration, the first of which allows disabling the policy server checks entirely, and the second of which allows disabling checking events created locally. They're both enabled by default for maximum PS efficacy but allowing them to be disabled allows people who frequently cannot contact policy servers, for example those in censored countries, to be able to still use rooms with pace, allows single-user/trusted-only homeservers to disable the preliminary check on their own events, and also gives an escape hatch in case an issue like #1060 happens again, especially with MSCs not in FCP being moving targets. In future, I think we should gate all MSC implementations behind config flags, even if they default to on. Reviewed-on: https://forgejo.ellis.link/continuwuation/continuwuity/pulls/1127 Reviewed-by: Jade Ellis Co-authored-by: timedout Co-committed-by: timedout --- conduwuit-example.toml | 13 +++++++++++++ src/core/config/mod.rs | 13 +++++++++++++ src/service/rooms/event_handler/policy_server.rs | 13 +++++++++++++ 3 files changed, 39 insertions(+) diff --git a/conduwuit-example.toml b/conduwuit-example.toml index 07374aae..4b50c067 100644 --- a/conduwuit-example.toml +++ b/conduwuit-example.toml @@ -1497,6 +1497,19 @@ # #block_non_admin_invites = false +# Enable or disable making requests to MSC4284 Policy Servers. +# It is recommended you keep this enabled unless you experience frequent +# connectivity issues, such as in a restricted networking environment. +# +#enable_msc4284_policy_servers = true + +# Enable running locally generated events through configured MSC4284 +# policy servers. You may wish to disable this if your server is +# single-user for a slight speed benefit in some rooms, but otherwise +# should leave it enabled. +# +#policy_server_check_own_events = true + # Allow admins to enter commands in rooms other than "#admins" (admin # room) by prefixing your message with "\!admin" or "\\!admin" followed up # a normal continuwuity admin command. The reply will be publicly visible diff --git a/src/core/config/mod.rs b/src/core/config/mod.rs index b6f6ab53..a5fdc320 100644 --- a/src/core/config/mod.rs +++ b/src/core/config/mod.rs @@ -1710,6 +1710,19 @@ pub struct Config { #[serde(default)] pub block_non_admin_invites: bool, + /// Enable or disable making requests to MSC4284 Policy Servers. + /// It is recommended you keep this enabled unless you experience frequent + /// connectivity issues, such as in a restricted networking environment. + #[serde(default = "true_fn")] + pub enable_msc4284_policy_servers: bool, + + /// Enable running locally generated events through configured MSC4284 + /// policy servers. You may wish to disable this if your server is + /// single-user for a slight speed benefit in some rooms, but otherwise + /// should leave it enabled. + #[serde(default = "true_fn")] + pub policy_server_check_own_events: bool, + /// Allow admins to enter commands in rooms other than "#admins" (admin /// room) by prefixing your message with "\!admin" or "\\!admin" followed up /// a normal continuwuity admin command. The reply will be publicly visible diff --git a/src/service/rooms/event_handler/policy_server.rs b/src/service/rooms/event_handler/policy_server.rs index 7539c330..d577f92a 100644 --- a/src/service/rooms/event_handler/policy_server.rs +++ b/src/service/rooms/event_handler/policy_server.rs @@ -31,6 +31,19 @@ pub async fn ask_policy_server( pdu_json: &CanonicalJsonObject, room_id: &RoomId, ) -> Result { + if !self.services.server.config.enable_msc4284_policy_servers { + return Ok(true); // don't ever contact policy servers + } + if self.services.server.config.policy_server_check_own_events + && pdu.origin.is_some() + && self + .services + .server + .is_ours(pdu.origin.as_ref().unwrap().as_str()) + { + return Ok(true); // don't contact policy servers for locally generated events + } + if *pdu.event_type() == StateEventType::RoomPolicy.into() { debug!( room_id = %room_id,