feat: Add local media self-redaction

2026-01-25 03:13:12 +00:00 · 2026-01-25 03:13:12 +00:00 · d90d22c917
commit d90d22c917
parent 6cb9d50383
5 changed files with 56 additions and 15 deletions
--- a/Cargo.lock
+++ b/Cargo.lock
@ -1311,7 +1311,7 @@ dependencies = [
 [[package]]
 name = "continuwuity-admin-api"
 version = "0.1.0"
-source = "git+https://forgejo.ellis.link/continuwuation/ruwuma?rev=85d00fb5746cba23904234b4fd3c838dcf141541#85d00fb5746cba23904234b4fd3c838dcf141541"
+source = "git+https://forgejo.ellis.link/continuwuation/ruwuma?rev=db86e37d602cc4935853bf14d5aace47d22358ed#db86e37d602cc4935853bf14d5aace47d22358ed"
 dependencies = [
 "ruma-common",
 "serde",
@ -1691,7 +1691,7 @@ dependencies = [
 [[package]]
 name = "draupnir-antispam"
 version = "0.1.0"
-source = "git+https://forgejo.ellis.link/continuwuation/ruwuma?rev=85d00fb5746cba23904234b4fd3c838dcf141541#85d00fb5746cba23904234b4fd3c838dcf141541"
+source = "git+https://forgejo.ellis.link/continuwuation/ruwuma?rev=db86e37d602cc4935853bf14d5aace47d22358ed#db86e37d602cc4935853bf14d5aace47d22358ed"
 dependencies = [
 "ruma-common",
 "serde",
@ -3039,7 +3039,7 @@ checksum = "f52b00d39961fc5b2736ea853c9cc86238e165017a493d1d5c8eac6bdc4cc273"
 [[package]]
 name = "meowlnir-antispam"
 version = "0.1.0"
-source = "git+https://forgejo.ellis.link/continuwuation/ruwuma?rev=85d00fb5746cba23904234b4fd3c838dcf141541#85d00fb5746cba23904234b4fd3c838dcf141541"
+source = "git+https://forgejo.ellis.link/continuwuation/ruwuma?rev=db86e37d602cc4935853bf14d5aace47d22358ed#db86e37d602cc4935853bf14d5aace47d22358ed"
 dependencies = [
 "ruma-common",
 "serde",
@ -4254,7 +4254,7 @@ dependencies = [
 [[package]]
 name = "ruma"
 version = "0.10.1"
-source = "git+https://forgejo.ellis.link/continuwuation/ruwuma?rev=85d00fb5746cba23904234b4fd3c838dcf141541#85d00fb5746cba23904234b4fd3c838dcf141541"
+source = "git+https://forgejo.ellis.link/continuwuation/ruwuma?rev=db86e37d602cc4935853bf14d5aace47d22358ed#db86e37d602cc4935853bf14d5aace47d22358ed"
 dependencies = [
 "assign",
 "continuwuity-admin-api",
@ -4277,7 +4277,7 @@ dependencies = [
 [[package]]
 name = "ruma-appservice-api"
 version = "0.10.0"
-source = "git+https://forgejo.ellis.link/continuwuation/ruwuma?rev=85d00fb5746cba23904234b4fd3c838dcf141541#85d00fb5746cba23904234b4fd3c838dcf141541"
+source = "git+https://forgejo.ellis.link/continuwuation/ruwuma?rev=db86e37d602cc4935853bf14d5aace47d22358ed#db86e37d602cc4935853bf14d5aace47d22358ed"
 dependencies = [
 "js_int",
 "ruma-common",
@ -4289,7 +4289,7 @@ dependencies = [
 [[package]]
 name = "ruma-client-api"
 version = "0.18.0"
-source = "git+https://forgejo.ellis.link/continuwuation/ruwuma?rev=85d00fb5746cba23904234b4fd3c838dcf141541#85d00fb5746cba23904234b4fd3c838dcf141541"
+source = "git+https://forgejo.ellis.link/continuwuation/ruwuma?rev=db86e37d602cc4935853bf14d5aace47d22358ed#db86e37d602cc4935853bf14d5aace47d22358ed"
 dependencies = [
 "as_variant",
 "assign",
@ -4312,7 +4312,7 @@ dependencies = [
 [[package]]
 name = "ruma-common"
 version = "0.13.0"
-source = "git+https://forgejo.ellis.link/continuwuation/ruwuma?rev=85d00fb5746cba23904234b4fd3c838dcf141541#85d00fb5746cba23904234b4fd3c838dcf141541"
+source = "git+https://forgejo.ellis.link/continuwuation/ruwuma?rev=db86e37d602cc4935853bf14d5aace47d22358ed#db86e37d602cc4935853bf14d5aace47d22358ed"
 dependencies = [
 "as_variant",
 "base64 0.22.1",
@ -4344,7 +4344,7 @@ dependencies = [
 [[package]]
 name = "ruma-events"
 version = "0.28.1"
-source = "git+https://forgejo.ellis.link/continuwuation/ruwuma?rev=85d00fb5746cba23904234b4fd3c838dcf141541#85d00fb5746cba23904234b4fd3c838dcf141541"
+source = "git+https://forgejo.ellis.link/continuwuation/ruwuma?rev=db86e37d602cc4935853bf14d5aace47d22358ed#db86e37d602cc4935853bf14d5aace47d22358ed"
 dependencies = [
 "as_variant",
 "indexmap",
@ -4369,7 +4369,7 @@ dependencies = [
 [[package]]
 name = "ruma-federation-api"
 version = "0.9.0"
-source = "git+https://forgejo.ellis.link/continuwuation/ruwuma?rev=85d00fb5746cba23904234b4fd3c838dcf141541#85d00fb5746cba23904234b4fd3c838dcf141541"
+source = "git+https://forgejo.ellis.link/continuwuation/ruwuma?rev=db86e37d602cc4935853bf14d5aace47d22358ed#db86e37d602cc4935853bf14d5aace47d22358ed"
 dependencies = [
 "bytes",
 "headers",
@ -4391,7 +4391,7 @@ dependencies = [
 [[package]]
 name = "ruma-identifiers-validation"
 version = "0.9.5"
-source = "git+https://forgejo.ellis.link/continuwuation/ruwuma?rev=85d00fb5746cba23904234b4fd3c838dcf141541#85d00fb5746cba23904234b4fd3c838dcf141541"
+source = "git+https://forgejo.ellis.link/continuwuation/ruwuma?rev=db86e37d602cc4935853bf14d5aace47d22358ed#db86e37d602cc4935853bf14d5aace47d22358ed"
 dependencies = [
 "js_int",
 "thiserror 2.0.17",
@ -4400,7 +4400,7 @@ dependencies = [
 [[package]]
 name = "ruma-identity-service-api"
 version = "0.9.0"
-source = "git+https://forgejo.ellis.link/continuwuation/ruwuma?rev=85d00fb5746cba23904234b4fd3c838dcf141541#85d00fb5746cba23904234b4fd3c838dcf141541"
+source = "git+https://forgejo.ellis.link/continuwuation/ruwuma?rev=db86e37d602cc4935853bf14d5aace47d22358ed#db86e37d602cc4935853bf14d5aace47d22358ed"
 dependencies = [
 "js_int",
 "ruma-common",
@ -4410,7 +4410,7 @@ dependencies = [
 [[package]]
 name = "ruma-macros"
 version = "0.13.0"
-source = "git+https://forgejo.ellis.link/continuwuation/ruwuma?rev=85d00fb5746cba23904234b4fd3c838dcf141541#85d00fb5746cba23904234b4fd3c838dcf141541"
+source = "git+https://forgejo.ellis.link/continuwuation/ruwuma?rev=db86e37d602cc4935853bf14d5aace47d22358ed#db86e37d602cc4935853bf14d5aace47d22358ed"
 dependencies = [
 "cfg-if",
 "proc-macro-crate",
@ -4425,7 +4425,7 @@ dependencies = [
 [[package]]
 name = "ruma-push-gateway-api"
 version = "0.9.0"
-source = "git+https://forgejo.ellis.link/continuwuation/ruwuma?rev=85d00fb5746cba23904234b4fd3c838dcf141541#85d00fb5746cba23904234b4fd3c838dcf141541"
+source = "git+https://forgejo.ellis.link/continuwuation/ruwuma?rev=db86e37d602cc4935853bf14d5aace47d22358ed#db86e37d602cc4935853bf14d5aace47d22358ed"
 dependencies = [
 "js_int",
 "ruma-common",
@ -4437,7 +4437,7 @@ dependencies = [
 [[package]]
 name = "ruma-signatures"
 version = "0.15.0"
-source = "git+https://forgejo.ellis.link/continuwuation/ruwuma?rev=85d00fb5746cba23904234b4fd3c838dcf141541#85d00fb5746cba23904234b4fd3c838dcf141541"
+source = "git+https://forgejo.ellis.link/continuwuation/ruwuma?rev=db86e37d602cc4935853bf14d5aace47d22358ed#db86e37d602cc4935853bf14d5aace47d22358ed"
 dependencies = [
 "base64 0.22.1",
 "ed25519-dalek",
--- a/Cargo.toml
+++ b/Cargo.toml
@ -342,7 +342,7 @@ version = "0.1.2"
 # Used for matrix spec type definitions and helpers
 [workspace.dependencies.ruma]
 git = "https://forgejo.ellis.link/continuwuation/ruwuma"
-rev = "85d00fb5746cba23904234b4fd3c838dcf141541"
+rev = "db86e37d602cc4935853bf14d5aace47d22358ed"
 features = [
    "compat",
    "rand",
--- a/src/api/client/media.rs
+++ b/src/api/client/media.rs
@ -14,6 +14,7 @@ use reqwest::Url;
 use ruma::{
 	Mxc, UserId,
 	api::client::{
+		authenticated_media,
 		authenticated_media::{
 			get_content, get_content_as_filename, get_content_thumbnail, get_media_config,
 			get_media_preview,
@ -244,6 +245,33 @@ pub(crate) async fn get_media_preview_route(
 		})
 }

+#[tracing::instrument(
+	name = "media_redact",
+	level = "debug",
+	skip_all,
+	fields(%_client),
+)]
+pub(crate) async fn redact_media_route(
+	State(services): State<crate::State>,
+	InsecureClientIp(_client): InsecureClientIp,
+	body: Ruma<authenticated_media::redact::unstable::Request>,
+) -> Result<authenticated_media::redact::unstable::Response> {
+	let user = body.sender_user();
+
+	let mxc = Mxc {
+		server_name: &body.server_name,
+		media_id: &body.media_id,
+	};
+
+	if !services.media.user_owns(&user, &mxc).await {
+		return Err!(Request(Forbidden("You do not have permission to redact this attachment.")));
+	}
+
+	services.media.delete(&mxc).await?; // TODO: Only delete file and mark as redacted
+
+	Ok(authenticated_media::redact::unstable::Response {})
+}
+
 async fn fetch_thumbnail(
 	services: &Services,
 	mxc: &Mxc<'_>,
--- a/src/api/router.rs
+++ b/src/api/router.rs
@ -154,6 +154,7 @@ pub fn build(router: Router<State>, server: &Server) -> Router<State> {
 		.ruma_route(&client::get_content_route)
 		.ruma_route(&client::get_content_as_filename_route)
 		.ruma_route(&client::get_media_preview_route)
+		.ruma_route(&client::redact_media_route)
 		.ruma_route(&client::get_media_config_route)
 		.ruma_route(&client::get_devices_route)
 		.ruma_route(&client::get_device_route)
--- a/src/service/media/mod.rs
+++ b/src/service/media/mod.rs
@ -229,6 +229,18 @@ impl Service {
 		Ok(mxcs)
 	}

+	/// Checks if a user owns a given MXC URI
+	pub async fn user_owns(&self, user: &UserId, mxc: &Mxc<'_>) -> bool {
+		self
+			.db
+			.get_all_user_mxcs(user)  // TODO: this can be more efficient.
+			.await
+			.iter()
+			.any(|v| {
+				v.parts().map(|x|(x.server_name, x.media_id)) == Ok((mxc.server_name, mxc.media_id))
+			})
+	}
+
 	/// Deletes all media files in the given time frame.
 	/// Returns a usize with the amount of media files deleted.
 	pub async fn delete_all_media_within_timeframe(