bba5318ce8
Merge pull request 'feat/space-permission-cascading' ( #2 ) from feat/space-permission-cascading into deployment
...
Documentation / Build and Deploy Documentation (pull_request) Has been skipped
Checks / Prek / Pre-commit & Formatting (pull_request) Failing after 4s
Checks / Prek / Clippy and Cargo Tests (pull_request) Failing after 5s
Reviewed-on: #2
2026-03-20 08:03:10 +00:00
1f91a74b27
feat(spaces): wire up enforcement hooks in join, append, and build paths
...
Documentation / Build and Deploy Documentation (pull_request) Has been skipped
Checks / Prek / Pre-commit & Formatting (pull_request) Failing after 5s
Checks / Prek / Clippy and Cargo Tests (pull_request) Failing after 6s
Update flake hashes / update-flake-hashes (pull_request) Failing after 6s
Add minimal integration points in existing files:
- append.rs: call on_pdu_appended for event-driven enforcement
- build.rs: call validate_pl_change to protect space-managed PLs
- join.rs: call check_join_allowed to gate joins on role requirements
- timeline/mod.rs: add roles service dependency
2026-03-20 08:52:23 +01:00
59401e1786
feat(spaces): add space roles service with enforcement and caching
...
Implement the roles service with well-factored helper methods:
- Cache population via load_user_roles, load_room_requirements,
load_child_rooms_index helpers
- Enforcement dispatch via enforce_roles_change, enforce_member_change,
enforce_room_change, enforce_cascading_toggle
- Child management via handle_child_added, handle_child_removed
- Kick logic via user_qualifies_in_any_parent, kick_user_from_room
- PL computation via compute_effective_pl (highest-wins across spaces)
- Per-space enable/disable, graceful shutdown guards
2026-03-20 08:52:05 +01:00
Ginger
67d5619ccb
fix: Fix password reset page appearance in light mode
2026-03-18 12:42:55 -04:00
Ginger
ae2b87f03f
fix: Fix M_NOT_FOUND for users with no origin set
2026-03-18 12:42:55 -04:00
Ginger
d13801e976
fix: Disallow issuing password reset tokens for deactivated users
2026-03-18 12:42:55 -04:00
Ginger
5716c36b47
chore: Change password reset page path
2026-03-18 12:42:55 -04:00
Ginger
ffa3c53847
feat: Implement a webpage for self-service password resets
2026-03-18 12:42:55 -04:00
Ginger
da8833fca4
feat: Implement a command for issuing password reset links
2026-03-18 12:42:55 -04:00
Ginger
267feb3c09
feat: Add a new service for handling password resets
2026-03-18 12:42:55 -04:00
Renovate Bot
acef746d26
fix(deps): Update rust crate recaptcha-verify to 0.2.0
2026-03-17 13:20:50 +00:00
Shane Jaroch
ff85145ee8
fix: missing logic inversion for acquired keys (should speed up room joins)
2026-03-13 20:54:38 -04:00
timedout
906c3df953
style: Reduce migration warning verbosity to info
...
They aren't actually warning of anything
2026-03-09 13:30:24 +00:00
timedout
33e5fdc16f
style: Reduce verbosity of fix_corrupt_msc4133_fields
2026-03-09 13:30:24 +00:00
timedout
77ac17855a
fix: Don't fail on invalid stripped state entries during migration
2026-03-09 13:30:24 +00:00
timedout
65ffcd2884
perf: Insert missed migration markers into fresh databases
2026-03-09 13:30:24 +00:00
timedout
7ec88bdbfe
feat: Make noise about migrations and make errors more informative
2026-03-09 13:30:24 +00:00
Ginger
da3fac8cb4
fix: Use more robust check for max_request_size
2026-03-09 13:27:39 +00:00
Trash Panda
3366113939
fix: Retrieve content_type and video width/height
2026-03-09 13:27:39 +00:00
Trash Panda
9039784f41
fix: Clippy lints
2026-03-09 13:27:39 +00:00
Trash Panda
7f165e5bbe
fix: Refactor and block media downloads larger than max_request_size
2026-03-09 13:27:39 +00:00
Trash Panda
e8746760fa
feat(url-preview): Optionally download audio/video files for url preview requests
2026-03-09 13:27:39 +00:00
timedout
94c5af40cf
fix: Automatically remove corrupted appservice registrations
2026-03-06 14:21:04 +00:00
Ben Botwin
5eb74bc1dd
feat: Readded support for reading registration tokens from a file
...
Co-authored-by: Ginger <ginger@gingershaped.computer>
2026-03-04 15:06:26 +00:00
Niklas Wojtkowiak
80c9bb4796
fix(rooms): prevent removing admin room alias
...
Only the server user can now remove the #admins alias, matching the
existing check for setting the alias. This prevents users from
accidentally breaking the admin room functionality.
fixes #1408
2026-03-04 15:05:24 +00:00
Ginger
83883a002c
fix(complement): Fix complement conflicting with first-run
...
- Disabled first-run mode when running Complement tests
- Updated logging config under complement to be a bit less verbose
- Changed test result and log output locations
2026-03-04 15:04:37 +00:00
31a05b9c
8dd4b71e0e
fix: make dropped PDU warning less useless
2026-03-04 14:58:01 +00:00
Jade Ellis
754959e80d
fix: Don't process admin escape commands for local users from federation
...
Reviewed-By: timedout <git@nexy7574.co.uk>
2026-03-03 19:55:50 +00:00
timedout
37888fb670
fix: Limit body read size of remote requests (CWE-409)
...
Reviewed-By: Jade Ellis <jade@ellis.link>
2026-03-03 19:54:34 +00:00
Jason Volk
1a7bda209b
feat: Implement Dehydrated Devices MSC3814
...
Co-authored-by: Jade Ellis <jade@ellis.link>
Signed-off-by: Jason Volk <jason@zemos.net>
2026-03-03 19:39:53 +00:00
timedout
b507898c62
fix: Bump ruwuma again
2026-03-03 18:10:28 +00:00
timedout
558262dd1f
chore: Refactor transaction_ids -> transactions
2026-02-23 17:44:35 +00:00
timedout
d311b87579
chore: Fix incorrect capitalisation
...
I didn't realise I agreed to take an English class with @ginger while
working on this server lol
2026-02-23 17:25:12 +00:00
timedout
8702f55cf5
fix: Don't panic if nobody's listening
2026-02-23 17:22:37 +00:00
Jade Ellis
92351df925
refactor: Make federation transaction handle errors correctly
...
We have a dedicated error type that's then matched.
Event sorting is now infallible.
Could probably be cleaned up in a bit.
2026-02-23 16:36:46 +00:00
Jade Ellis
47e2733ea1
refactor: Make stream utils generic over the error type
2026-02-23 16:36:46 +00:00
Jade Ellis
6637e4c6a7
fix: Clean up cache, prevent several race conditions
...
We use one map which is only ever held for a short time.
2026-02-23 16:36:46 +00:00
nexy7574
66bbb655bf
feat: Warn when server is overloaded
2026-02-23 16:36:45 +00:00
nexy7574
4657844d46
feat: Show active transaction handle count in !admin federation incoming-federation
2026-02-23 16:36:45 +00:00
nexy7574
9016cd11a6
chore: Run pre-commit and clippy to fix inherited CI errs
2026-02-23 16:36:45 +00:00
nexy7574
dd70094719
feat: Make max_active_txns actually configurable
2026-02-23 16:36:45 +00:00
nexy7574
2f9956ddca
feat: Add helper functions for federation channels
2026-02-23 16:36:44 +00:00
nexy7574
21a97cdd0b
chore: Refactor existing references to transaction service
2026-02-23 16:36:44 +00:00
nexy7574
e986cd4536
feat(federation): Restructure transaction_ids service
...
Adds two new in-memory maps to the service in to prepare for better handlers
2026-02-23 16:36:40 +00:00
Shane Jaroch
526d862296
fix: more aggressive user agent for URL preview
...
adding "facebookexternalhit" alongside "embedbot" fixes many errors, such as YouTube Music's:
"Your browser is deprecated. Please upgrade."
add admin command to clear URL stuck and broken data (per URL currently)
add command to clear all saved URL previews.
sync resolver docs.
2026-02-23 15:24:14 +00:00
Ginger
9fe761513d
chore: Clippy & prek fixes
2026-02-21 11:27:39 -05:00
Ginger
d9537e9b55
fix: Forbid registering users with a non-local localpart
2026-02-20 20:54:19 -05:00
Jade Ellis
b6c5991e1f
chore(deps): Update rand
...
A couple indirect deps are still on rand_core 0.6 but we can deal
2026-02-20 22:57:45 +00:00
Katie Kloss
92a848f74d
fix: Crash before starting on OpenBSD
...
core_affinity doesn't return any cores on OpenBSD, so we try to
clamp(1, 0). This is Less Good than fixing that crate, but at
least allows the server to start up.
2026-02-20 10:13:54 +00:00
timedout
31e2195e56
fix: Remove non-compliant and non-functional non-authoritative directory queries
...
chore: Add news frag
2026-02-19 01:37:42 +00:00
