bump crossbeam-channel bc yanked crate with potential double free

Signed-off-by: June Clementine Strawberry <june@3.dog>
bump tokio because of RUSTSEC-2025-0023
2025-04-08 23:38:54 -04:00 · 2025-04-08 09:05:49 -04:00 · 2025-04-06 16:11:35 -04:00 · 2025-04-06 15:25:19 -04:00 · 2025-04-06 13:19:09 -04:00 · 2025-04-06 13:17:13 -04:00
205 changed files with 3938 additions and 3419 deletions
--- a/.cargo/audit.toml
+++ b/.cargo/audit.toml
@ -1,5 +1,5 @@
 [advisories]
-ignore = ["RUSTSEC-2024-0436"] # advisory IDs to ignore e.g. ["RUSTSEC-2019-0001", ...]
+ignore = ["RUSTSEC-2024-0436", "RUSTSEC-2025-0014"] # advisory IDs to ignore e.g. ["RUSTSEC-2019-0001", ...]
 informational_warnings = [] # warn for categories of informational advisories
 severity_threshold = "none" # CVSS severity ("none", "low", "medium", "high", "critical")
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@ -21,16 +21,6 @@ concurrency:
    cancel-in-progress: true
 env:
    # sccache only on main repo
    SCCACHE_GHA_ENABLED: "${{ !startsWith(github.ref, 'refs/tags/') && (github.event.pull_request.draft != true) && (vars.DOCKER_USERNAME != '') && (vars.GITLAB_USERNAME != '') && (vars.SCCACHE_ENDPOINT != '') && (github.event.pull_request.user.login != 'renovate[bot]') && 'true' || 'false' }}"
    RUSTC_WRAPPER: "${{ !startsWith(github.ref, 'refs/tags/') && (github.event.pull_request.draft != true) && (vars.DOCKER_USERNAME != '') && (vars.GITLAB_USERNAME != '') && (vars.SCCACHE_ENDPOINT != '') && (github.event.pull_request.user.login != 'renovate[bot]') && 'sccache' || '' }}"
    SCCACHE_BUCKET: "${{ (github.event.pull_request.draft != true) && (vars.DOCKER_USERNAME != '') && (vars.GITLAB_USERNAME != '') && (vars.SCCACHE_ENDPOINT != '') && (github.event.pull_request.user.login != 'renovate[bot]') && 'sccache' || '' }}"
    SCCACHE_S3_USE_SSL: ${{ vars.SCCACHE_S3_USE_SSL }}
    SCCACHE_REGION: ${{ vars.SCCACHE_REGION }}
    SCCACHE_ENDPOINT: ${{ vars.SCCACHE_ENDPOINT }}
    SCCACHE_CACHE_MULTIARCH: ${{ vars.SCCACHE_CACHE_MULTIARCH }}
    AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
    AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
    # Required to make some things output color
    TERM: ansi
    # Publishing to my nix binary cache
@ -123,13 +113,6 @@ jobs:
                  bin/nix-build-and-cache just '.#devShells.x86_64-linux.all-features'
                  bin/nix-build-and-cache just '.#devShells.x86_64-linux.dynamic'
            # use sccache for Rust
            - name: Run sccache-cache
              # we want a fresh-state when we do releases/tags to avoid potential cache poisoning attacks impacting
              # releases and tags
              #if: ${{ (env.SCCACHE_GHA_ENABLED == 'true') && !startsWith(github.ref, 'refs/tags/') }}
              uses: mozilla-actions/sccache-action@main
            # use rust-cache
            - uses: Swatinem/rust-cache@v2
              # we want a fresh-state when we do releases/tags to avoid potential cache poisoning attacks impacting
@ -247,13 +230,6 @@ jobs:
                  direnv allow
                  nix develop .#all-features --command true --impure
            # use sccache for Rust
            - name: Run sccache-cache
              # we want a fresh-state when we do releases/tags to avoid potential cache poisoning attacks impacting
              # releases and tags
              #if: ${{ (env.SCCACHE_GHA_ENABLED == 'true') && !startsWith(github.ref, 'refs/tags/') }}
              uses: mozilla-actions/sccache-action@main
            # use rust-cache
            - uses: Swatinem/rust-cache@v2
              # we want a fresh-state when we do releases/tags to avoid potential cache poisoning attacks impacting
--- a/Cargo.lock
+++ b/Cargo.lock
--- a/Cargo.toml
+++ b/Cargo.toml
@ -20,18 +20,18 @@ license = "Apache-2.0"
 # See also `rust-toolchain.toml`
 readme = "README.md"
 repository = "https://github.com/girlbossceo/conduwuit"
-rust-version = "1.85.0"
+rust-version = "1.86.0"
 version = "0.5.0"
 [workspace.metadata.crane]
 name = "conduwuit"
 [workspace.dependencies.arrayvec]
-version = "0.7.4"
+version = "0.7.6"
 features = ["serde"]
 [workspace.dependencies.smallvec]
-version = "1.13.2"
+version = "1.14.0"
 features = [
 	"const_generics",
 	"const_new",
@ -45,7 +45,7 @@ version = "0.3"
 features = ["ffi", "std", "union"]
 [workspace.dependencies.const-str]
-version = "0.5.7"
+version = "0.6.2"
 [workspace.dependencies.ctor]
 version = "0.2.9"
@ -81,13 +81,13 @@ version = "0.8.5"
 # Used for the http request / response body type for Ruma endpoints used with reqwest
 [workspace.dependencies.bytes]
-version = "1.9.0"
+version = "1.10.1"
 [workspace.dependencies.http-body-util]
-version = "0.1.2"
+version = "0.1.3"
 [workspace.dependencies.http]
-version = "1.2.0"
+version = "1.3.1"
 [workspace.dependencies.regex]
 version = "1.11.1"
@ -111,7 +111,7 @@ default-features = false
 features = ["typed-header", "tracing"]
 [workspace.dependencies.axum-server]
-version = "0.7.1"
+version = "0.7.2"
 default-features = false
 # to listen on both HTTP and HTTPS if listening on TLS dierctly from conduwuit for complement or sytest
@ -122,7 +122,7 @@ version = "0.7"
 version = "0.6.1"
 [workspace.dependencies.tower]
-version = "0.5.1"
+version = "0.5.2"
 default-features = false
 features = ["util"]
@ -141,12 +141,12 @@ features = [
 ]
 [workspace.dependencies.rustls]
-version = "0.23.19"
+version = "0.23.25"
 default-features = false
 features = ["aws_lc_rs"]
 [workspace.dependencies.reqwest]
-version = "0.12.9"
+version = "0.12.15"
 default-features = false
 features = [
 	"rustls-tls-native-roots",
@ -156,12 +156,12 @@ features = [
 ]
 [workspace.dependencies.serde]
-version = "1.0.216"
+version = "1.0.219"
 default-features = false
 features = ["rc"]
 [workspace.dependencies.serde_json]
-version = "1.0.133"
+version = "1.0.140"
 default-features = false
 features = ["raw_value"]
@ -204,13 +204,13 @@ features = [
 # logging
 [workspace.dependencies.log]
-version = "0.4.22"
+version = "0.4.27"
 default-features = false
 [workspace.dependencies.tracing]
 version = "0.1.41"
 default-features = false
 [workspace.dependencies.tracing-subscriber]
-version = "=0.3.18"
+version = "0.3.19"
 default-features = false
 features = ["env-filter", "std", "tracing", "tracing-log", "ansi", "fmt"]
 [workspace.dependencies.tracing-core]
@ -224,7 +224,7 @@ default-features = false
 # used for conduwuit's CLI and admin room command parsing
 [workspace.dependencies.clap]
-version = "4.5.23"
+version = "4.5.35"
 default-features = false
 features = [
 	"derive",
@ -237,12 +237,12 @@ features = [
 ]
 [workspace.dependencies.futures]
-version = "0.3.30"
+version = "0.3.31"
 default-features = false
 features = ["std", "async-await"]
 [workspace.dependencies.tokio]
-version = "1.42.0"
+version = "1.44.2"
 default-features = false
 features = [
 	"fs",
@ -275,7 +275,7 @@ features = ["alloc", "std"]
 default-features = false
 [workspace.dependencies.hyper]
-version = "1.5.1"
+version = "1.6.0"
 default-features = false
 features = [
 	"server",
@ -284,8 +284,7 @@ features = [
 ]
 [workspace.dependencies.hyper-util]
-# hyper-util >=0.1.9 seems to have DNS issues
+version = "0.1.11"
 version = "=0.1.8"
 default-features = false
 features = [
 	"server-auto",
@ -295,7 +294,7 @@ features = [
 # to support multiple variations of setting a config option
 [workspace.dependencies.either]
-version = "1.13.0"
+version = "1.15.0"
 default-features = false
 features = ["serde"]
@ -306,22 +305,27 @@ default-features = false
 features = ["env", "toml"]
 [workspace.dependencies.hickory-resolver]
-version = "0.24.2"
+version = "0.25.1"
 default-features = false
 features = [
 	"serde",
 	"system-config",
 	"tokio",
 ]
 # Used for conduwuit::Error type
 [workspace.dependencies.thiserror]
-version = "2.0.7"
+version = "2.0.12"
 default-features = false
 # Used when hashing the state
 [workspace.dependencies.ring]
-version = "0.17.8"
+version = "0.17.14"
 default-features = false
 # Used to make working with iterators easier, was already a transitive depdendency
 [workspace.dependencies.itertools]
-version = "0.13.0"
+version = "0.14.0"
 # to parse user-friendly time durations in admin commands
 #TODO: overlaps chrono?
@ -337,7 +341,7 @@ version = "0.4.0"
 version = "2.3.1"
 [workspace.dependencies.async-trait]
-version = "0.1.83"
+version = "0.1.88"
 [workspace.dependencies.lru-cache]
 version = "0.1.2"
@ -346,7 +350,7 @@ version = "0.1.2"
 [workspace.dependencies.ruma]
 git = "https://github.com/girlbossceo/ruwuma"
 #branch = "conduwuit-changes"
-rev = "f5ab6302aaa55a14827a9cb5b40e980dd135fe14"
+rev = "920148dca1076454ca0ca5d43b5ce1aa708381d4"
 features = [
    "compat",
    "rand",
@ -423,7 +427,7 @@ features = ["rt-tokio"]
 # optional sentry metrics for crash/panic reporting
 [workspace.dependencies.sentry]
-version = "0.35.0"
+version = "0.37.0"
 default-features = false
 features = [
    "backtrace",
@ -439,9 +443,9 @@ features = [
 ]
 [workspace.dependencies.sentry-tracing]
-version = "0.35.0"
+version = "0.37.0"
 [workspace.dependencies.sentry-tower]
-version = "0.35.0"
+version = "0.37.0"
 # jemalloc usage
 [workspace.dependencies.tikv-jemalloc-sys]
@ -475,7 +479,7 @@ default-features = false
 features = ["resource"]
 [workspace.dependencies.sd-notify]
-version = "0.4.3"
+version = "0.4.5"
 default-features = false
 [workspace.dependencies.hardened_malloc-rs]
@ -492,25 +496,25 @@ version = "0.4.3"
 default-features = false
 [workspace.dependencies.termimad]
-version = "0.31.1"
+version = "0.31.2"
 default-features = false
 [workspace.dependencies.checked_ops]
 version = "0.1"
 [workspace.dependencies.syn]
-version = "2.0.90"
+version = "2.0"
 default-features = false
 features = ["full", "extra-traits"]
 [workspace.dependencies.quote]
-version = "1.0.37"
+version = "1.0"
 [workspace.dependencies.proc-macro2]
-version = "1.0.89"
+version = "1.0"
 [workspace.dependencies.bytesize]
-version = "1.3.2"
+version = "2.0"
 [workspace.dependencies.core_affinity]
 version = "0.8.1"
@ -522,11 +526,11 @@ version = "0.2"
 version = "0.2"
 [workspace.dependencies.minicbor]
-version = "0.25.1"
+version = "0.26.3"
 features = ["std"]
 [workspace.dependencies.minicbor-serde]
-version = "0.3.2"
+version = "0.4.1"
 features = ["std"]
 [workspace.dependencies.maplit]
@ -541,16 +545,16 @@ version = "1.0.2"
 # https://github.com/girlbossceo/tracing/commit/b348dca742af641c47bc390261f60711c2af573c
 [patch.crates-io.tracing-subscriber]
 git = "https://github.com/girlbossceo/tracing"
-rev = "05825066a6d0e9ad6b80dcf29457eb179ff4768c"
+rev = "1e64095a8051a1adf0d1faa307f9f030889ec2aa"
 [patch.crates-io.tracing]
 git = "https://github.com/girlbossceo/tracing"
-rev = "05825066a6d0e9ad6b80dcf29457eb179ff4768c"
+rev = "1e64095a8051a1adf0d1faa307f9f030889ec2aa"
 [patch.crates-io.tracing-core]
 git = "https://github.com/girlbossceo/tracing"
-rev = "05825066a6d0e9ad6b80dcf29457eb179ff4768c"
+rev = "1e64095a8051a1adf0d1faa307f9f030889ec2aa"
 [patch.crates-io.tracing-log]
 git = "https://github.com/girlbossceo/tracing"
-rev = "05825066a6d0e9ad6b80dcf29457eb179ff4768c"
+rev = "1e64095a8051a1adf0d1faa307f9f030889ec2aa"
 # adds a tab completion callback: https://github.com/girlbossceo/rustyline-async/commit/de26100b0db03e419a3d8e1dd26895d170d1fe50
 # adds event for CTRL+\: https://github.com/girlbossceo/rustyline-async/commit/67d8c49aeac03a5ef4e818f663eaa94dd7bf339b
@ -566,10 +570,23 @@ rev = "fe4aebeeaae435af60087ddd56b573a2e0be671d"
 git = "https://github.com/girlbossceo/async-channel"
 rev = "92e5e74063bf2a3b10414bcc8a0d68b235644280"
 # adds affinity masks for selecting more than one core at a time
 [patch.crates-io.core_affinity]
 git = "https://github.com/girlbossceo/core_affinity_rs"
 rev = "9c8e51510c35077df888ee72a36b4b05637147da"
 # reverts hyperium#148 conflicting with our delicate federation resolver hooks
 [patch.crates-io.hyper-util]
 git = "https://github.com/girlbossceo/hyper-util"
 rev = "e4ae7628fe4fcdacef9788c4c8415317a4489941"
 # allows no-aaaa option in resolv.conf
 # bumps rust edition and toolchain to 1.86.0 and 2024
 # use sat_add on line number errors
 [patch.crates-io.resolv-conf]
 git = "https://github.com/girlbossceo/resolv-conf"
 rev = "200e958941d522a70c5877e3d846f55b5586c68d"
 #
 # Our crates
 #
@ -841,6 +858,9 @@ unused_crate_dependencies = "allow"
 unsafe_code = "allow"
 variant_size_differences = "allow"
 # we check nightly clippy lints
 unknown_lints = "allow"
 #######################################
 #
 # Clippy lints
@ -889,6 +909,7 @@ needless_continue = { level = "allow", priority = 1 }
 no_effect_underscore_binding = { level = "allow", priority = 1 }
 similar_names = { level = "allow", priority = 1 }
 single_match_else = { level = "allow", priority = 1 }
 struct_excessive_bools = { level = "allow", priority = 1 }
 struct_field_names = { level = "allow", priority = 1 }
 unnecessary_wraps = { level = "allow", priority = 1 }
 unused_async = { level = "allow", priority = 1 }
--- a/README.md
+++ b/README.md
@ -1,6 +1,16 @@
 # conduwuit
-[![conduwuit main room](https://img.shields.io/matrix/conduwuit%3Apuppygock.gay?server_fqdn=matrix.transfem.dev&style=flat&logo=matrix&logoColor=%23f5b3ff&label=%23conduwuit%3Apuppygock.gay&color=%23f652ff)](https://matrix.to/#/#conduwuit:puppygock.gay) [![conduwuit space](https://img.shields.io/matrix/conduwuit-space%3Apuppygock.gay?server_fqdn=matrix.transfem.dev&style=flat&logo=matrix&logoColor=%23f5b3ff&label=%23conduwuit-space%3Apuppygock.gay&color=%23f652ff)](https://matrix.to/#/#conduwuit-space:puppygock.gay) [![CI and Artifacts](https://github.com/girlbossceo/conduwuit/actions/workflows/ci.yml/badge.svg?branch=main)](https://github.com/girlbossceo/conduwuit/actions/workflows/ci.yml)
+[![conduwuit main room](https://img.shields.io/matrix/conduwuit%3Apuppygock.gay?server_fqdn=matrix.transfem.dev&style=flat&logo=matrix&logoColor=%23f5b3ff&label=%23conduwuit%3Apuppygock.gay&color=%23f652ff)](https://matrix.to/#/#conduwuit:puppygock.gay) [![conduwuit space](https://img.shields.io/matrix/conduwuit-space%3Apuppygock.gay?server_fqdn=matrix.transfem.dev&style=flat&logo=matrix&logoColor=%23f5b3ff&label=%23conduwuit-space%3Apuppygock.gay&color=%23f652ff)](https://matrix.to/#/#conduwuit-space:puppygock.gay)
 [![CI and Artifacts](https://github.com/girlbossceo/conduwuit/actions/workflows/ci.yml/badge.svg?branch=main)](https://github.com/girlbossceo/conduwuit/actions/workflows/ci.yml)
 ![GitHub Repo stars](https://img.shields.io/github/stars/girlbossceo/conduwuit?style=flat&color=%23fcba03&link=https%3A%2F%2Fgithub.com%2Fgirlbossceo%2Fconduwuit) ![GitHub commit activity](https://img.shields.io/github/commit-activity/m/girlbossceo/conduwuit?style=flat&color=%2303fcb1&link=https%3A%2F%2Fgithub.com%2Fgirlbossceo%2Fconduwuit%2Fpulse%2Fmonthly) ![GitHub Created At](https://img.shields.io/github/created-at/girlbossceo/conduwuit) ![GitHub Sponsors](https://img.shields.io/github/sponsors/girlbossceo?color=%23fc03ba&link=https%3A%2F%2Fgithub.com%2Fsponsors%2Fgirlbossceo) ![GitHub License](https://img.shields.io/github/license/girlbossceo/conduwuit)
 ![Docker Image Size (tag)](https://img.shields.io/docker/image-size/girlbossceo/conduwuit/latest?label=image%20size%20(latest)&link=https%3A%2F%2Fhub.docker.com%2Frepository%2Fdocker%2Fgirlbossceo%2Fconduwuit%2Ftags%3Fname%3Dlatest) ![Docker Image Size (tag)](https://img.shields.io/docker/image-size/girlbossceo/conduwuit/main?label=image%20size%20(main)&link=https%3A%2F%2Fhub.docker.com%2Frepository%2Fdocker%2Fgirlbossceo%2Fconduwuit%2Ftags%3Fname%3Dmain)
 <!-- ANCHOR: catchphrase -->
@ -53,6 +63,19 @@ A lot of critical stability and performance issues have been fixed, and a lot of
 necessary groundwork has finished; making this project way better than it was
 back in the start at ~early 2024.
 #### Where is the differences page?
 conduwuit historically had a "differences" page that listed each and every single
 different thing about conduwuit from Conduit, as a way to promote and advertise
 conduwuit by showing significant amounts of work done. While this was feasible to
 maintain back when the project was new in early-2024, this became impossible
 very quickly and has unfortunately became heavily outdated, missing tons of things, etc.
 It's difficult to list out what we do differently, what are our notable features, etc
 when there's so many things and features and bug fixes and performance optimisations, 
 the list goes on. We simply recommend folks to just try out conduwuit, or ask us
 what features you are looking for and if they're implemented in conduwuit.
 #### How is conduwuit funded? Is conduwuit sustainable?
 conduwuit has no external funding. This is made possible purely in my freetime with
@ -64,17 +87,15 @@ and we have no plans in stopping or slowing down any time soon!
 #### Can I migrate or switch from Conduit?
-conduwuit is a complete drop-in replacement for Conduit. As long as you are using RocksDB,
+conduwuit had drop-in migration/replacement support for Conduit for about 12 months before
-the only "migration" you need to do is replace the binary or container image. There
+bugs somewhere along the line broke it. Maintaining this has been difficult and
-is no harm or additional steps required for using conduwuit. See the
+the majority of Conduit users have already migrated, additionally debugging Conduit
-[Migrating from Conduit](https://conduwuit.puppyirl.gay/deploying/generic.html#migrating-from-conduit) section
+is not one of our interests, and so Conduit migration no longer works. We also
-on the generic deploying guide.
+feel that 12 months has been plenty of time for people to seamlessly migrate.
-Note that as of conduwuit version 0.5.0, backwards compatibility with Conduit is
+If you are a Conduit user looking to migrate, you will have to wipe and reset
-no longer supported. We only support migrating *from* Conduit, not back to
+your database. We may fix seamless migration support at some point, but it's not an interest
-Conduit like before. If you are truly finding yourself wanting to migrate back
+from us.
 to Conduit, we would appreciate all your feedback and if we can assist with
 any issues or concerns.
 #### Can I migrate from Synapse or Dendrite?
@ -98,9 +119,10 @@ is the official project Matrix room. You can get support here, ask questions or
 concerns, get assistance setting up conduwuit, etc.
 This room should stay relevant and focused on conduwuit. An offtopic general
-chatter room can be found there as well.
+chatter room can be found in the room topic there as well.
 Please keep the issue trackers focused on *actual* bug reports and enhancement requests.
 Please keep the issue trackers focused on bug reports and enhancement requests.
 General support is extremely difficult to be offered over an issue tracker, and
 simple questions should be asked directly in an interactive platform like our
 Matrix room above as they can turn into a relevant discussion and/or may not be
@ -108,24 +130,34 @@ simple to answer. If you're not sure, just ask in the Matrix room.
 If you have a bug or feature to request: [Open an issue on GitHub](https://github.com/girlbossceo/conduwuit/issues/new)
 If you need to contact the primary maintainer, my contact methods are on my website: https://girlboss.ceo
 #### Donate
 conduwuit development is purely made possible by myself and contributors. I do
 not get paid to work on this, and I work on it in my free time. Donations are
 heavily appreciated! 💜🥺
- Liberapay (preferred): <https://liberapay.com/girlbossceo>
+- Liberapay: <https://liberapay.com/girlbossceo>
- GitHub Sponsors (preferred): <https://github.com/sponsors/girlbossceo>
+- GitHub Sponsors: <https://github.com/sponsors/girlbossceo>
 - Ko-fi: <https://ko-fi.com/puppygock>
 I do not and will not accept cryptocurrency donations, including things related.
 Note that donations will NOT guarantee you or give you any kind of tangible product,
 feature prioritisation, etc. By donating, you are agreeing that conduwuit is NOT
 going to provide you any goods or services as part of your donation, and this
 donation is purely a generous donation. We will not provide things like paid
 personal/direct support, feature request priority, merchandise, etc.
 #### Logo
 Original repo and Matrix room picture was from bran (<3). Current banner image
 and logo is directly from [this cohost
 post](https://web.archive.org/web/20241126004041/https://cohost.org/RatBaby/post/1028290-finally-a-flag-for).
 An SVG logo made by [@nktnet1](https://github.com/nktnet1) is available here: <https://github.com/girlbossceo/conduwuit/blob/main/docs/assets/>
 #### Is it conduwuit or Conduwuit?
 Both, but I prefer conduwuit.
--- a/arch/conduwuit.service
+++ b/arch/conduwuit.service
@ -4,6 +4,7 @@ Wants=network-online.target
 After=network-online.target
 Documentation=https://conduwuit.puppyirl.gay/
 RequiresMountsFor=/var/lib/private/conduwuit
 Alias=matrix-conduwuit.service
 [Service]
 DynamicUser=yes
--- a/bin/complement
+++ b/bin/complement
@ -18,7 +18,7 @@ RESULTS_FILE="${3:-complement_test_results.jsonl}"
 COMPLEMENT_BASE_IMAGE="${COMPLEMENT_BASE_IMAGE:-complement-conduwuit:main}"
 # Complement tests that are skipped due to flakiness/reliability issues or we don't implement such features and won't for a long time
-#SKIPPED_COMPLEMENT_TESTS='-skip=TestPartialStateJoin.*'
+SKIPPED_COMPLEMENT_TESTS='TestPartialStateJoin.*|TestRoomDeleteAlias/Parallel/Regular_users_can_add_and_delete_aliases_when_m.*|TestRoomDeleteAlias/Parallel/Can_delete_canonical_alias|TestUnbanViaInvite.*|TestRoomState/Parallel/GET_/publicRooms_lists.*"|TestRoomDeleteAlias/Parallel/Users_with_sufficient_power-level_can_delete_other.*'
 # $COMPLEMENT_SRC needs to be a directory to Complement source code
 if [ -f "$COMPLEMENT_SRC" ]; then
@ -68,7 +68,7 @@ set +o pipefail
 env \
    -C "$COMPLEMENT_SRC" \
    COMPLEMENT_BASE_IMAGE="$COMPLEMENT_BASE_IMAGE" \
-    go test -tags="conduwuit_blacklist" -timeout 1h -json ./tests/... | tee "$LOG_FILE"
+    go test -tags="conduwuit_blacklist" -skip="$SKIPPED_COMPLEMENT_TESTS" -v -timeout 1h -json ./tests/... | tee "$LOG_FILE"
 set -o pipefail
 # Post-process the results into an easy-to-compare format, sorted by Test name for reproducible results
--- a/book.toml
+++ b/book.toml
@ -13,12 +13,15 @@ create-missing = true
 extra-watch-dirs = ["debian", "docs"]
 [rust]
-edition = "2021"
+edition = "2024"
 [output.html]
 git-repository-url = "https://github.com/girlbossceo/conduwuit"
 edit-url-template = "https://github.com/girlbossceo/conduwuit/edit/main/{path}"
 git-repository-icon = "fa-github-square"
 [output.html.redirect]
 "/differences.html" = "https://conduwuit.puppyirl.gay/#where-is-the-differences-page"
 [output.html.search]
 limit-results = 15
--- a/clippy.toml
+++ b/clippy.toml
@ -2,9 +2,10 @@ array-size-threshold = 4096
 cognitive-complexity-threshold = 94         # TODO reduce me ALARA
 excessive-nesting-threshold = 11            # TODO reduce me to 4 or 5
 future-size-threshold = 7745                # TODO reduce me ALARA
-stack-size-threshold = 196608               # reduce me ALARA
+stack-size-threshold = 196608               # TODO reduce me ALARA
 too-many-lines-threshold = 780              # TODO reduce me to <= 100
 type-complexity-threshold = 250             # reduce me to ~200
 large-error-threshold = 256                 # TODO reduce me ALARA
 disallowed-macros = [
 	{ path = "log::error", reason = "use conduwuit_core::error" },
--- a/conduwuit-example.toml
+++ b/conduwuit-example.toml
@ -195,14 +195,6 @@
 #
 #servernameevent_data_cache_capacity = varies by system
 # This item is undocumented. Please contribute documentation for it.
 #
 #server_visibility_cache_capacity = varies by system
 # This item is undocumented. Please contribute documentation for it.
 #
 #user_visibility_cache_capacity = varies by system
 # This item is undocumented. Please contribute documentation for it.
 #
 #stateinfo_cache_capacity = varies by system
@ -535,9 +527,9 @@
 # Default room version conduwuit will create rooms with.
 #
-# Per spec, room version 10 is the default.
+# Per spec, room version 11 is the default.
 #
-#default_room_version = 10
+#default_room_version = 11
 # This item is undocumented. Please contribute documentation for it.
 #
@ -602,7 +594,7 @@
 # Currently, conduwuit doesn't support inbound batched key requests, so
 # this list should only contain other Synapse servers.
 #
-# example: ["matrix.org", "envs.net", "tchncs.de"]
+# example: ["matrix.org", "tchncs.de"]
 #
 #trusted_servers = ["matrix.org"]
@ -1194,13 +1186,16 @@
 #
 #prune_missing_media = false
-# Vector list of servers that conduwuit will refuse to download remote
+# Vector list of regex patterns of server names that conduwuit will refuse
-# media from.
+# to download remote media from.
 #
 # example: ["badserver\.tld$", "badphrase", "19dollarfortnitecards"]
 #
 #prevent_media_downloads_from = []
-# List of forbidden server names that we will block incoming AND outgoing
+# List of forbidden server names via regex patterns that we will block
-# federation with, and block client room joins / remote user invites.
+# incoming AND outgoing federation with, and block client room joins /
 # remote user invites.
 #
 # This check is applied on the room ID, room alias, sender server name,
 # sender user's server name, inbound federation X-Matrix origin, and
@ -1208,11 +1203,15 @@
 #
 # Basically "global" ACLs.
 #
 # example: ["badserver\.tld$", "badphrase", "19dollarfortnitecards"]
 #
 #forbidden_remote_server_names = []
-# List of forbidden server names that we will block all outgoing federated
+# List of forbidden server names via regex patterns that we will block all
-# room directory requests for. Useful for preventing our users from
+# outgoing federated room directory requests for. Useful for preventing
-# wandering into bad servers or spaces.
+# our users from wandering into bad servers or spaces.
 #
 # example: ["badserver\.tld$", "badphrase", "19dollarfortnitecards"]
 #
 #forbidden_remote_room_directory_server_names = []
@ -1323,7 +1322,7 @@
 # used, and startup as warnings if any room aliases in your database have
 # a forbidden room alias/ID.
 #
-# example: ["19dollarfortnitecards", "b[4a]droom"]
+# example: ["19dollarfortnitecards", "b[4a]droom", "badphrase"]
 #
 #forbidden_alias_names = []
@ -1336,7 +1335,7 @@
 # startup as warnings if any local users in your database have a forbidden
 # username.
 #
-# example: ["administrator", "b[a4]dusernam[3e]"]
+# example: ["administrator", "b[a4]dusernam[3e]", "badphrase"]
 #
 #forbidden_usernames = []
--- a/debian/conduwuit.service
+++ b/debian/conduwuit.service
@ -2,26 +2,14 @@
 Description=conduwuit Matrix homeserver
 Wants=network-online.target
 After=network-online.target
 Alias=matrix-conduwuit.service
 Documentation=https://conduwuit.puppyirl.gay/
 [Service]
 DynamicUser=yes
 User=conduwuit
 Group=conduwuit
-Type=notify-reload
+Type=notify
 ReloadSignal=SIGUSR1
 TTYPath=/dev/tty25
 DeviceAllow=char-tty
 StandardInput=tty-force
 StandardOutput=tty
 StandardError=journal+console
 TTYReset=yes
 # uncomment to allow buffer to be cleared every restart
 TTYVTDisallocate=no
 TTYColumns=120
 TTYRows=40
 Environment="CONDUWUIT_CONFIG=/etc/conduwuit/conduwuit.toml"
--- a/docs/SUMMARY.md
+++ b/docs/SUMMARY.md
@ -1,7 +1,6 @@
 # Summary
 - [Introduction](introduction.md)
 - [Differences from upstream Conduit](differences.md)
 - [Configuration](configuration.md)
  - [Examples](configuration/examples.md)
 - [Deploying](deploying.md)
--- a/docs/assets/conduwuit_logo.svg
+++ b/docs/assets/conduwuit_logo.svg
@ -0,0 +1,36 @@
 <svg
  version="1.1"
  id="Layer_1"
  xmlns="http://www.w3.org/2000/svg"
  x="0px"
  y="0px"
  width="100%"
  viewBox="0 0 864 864"
  enableBackground="new 0 0 864 864"
  xmlSpace="preserve"
 >
  <path
    fill="#EC008C"
    opacity="1.000000"
    stroke="none"
    d="M0.999997,649.000000 C1.000000,433.052795 1.000000,217.105591 1.000000,1.079198 C288.876801,1.079198 576.753601,1.079198 865.000000,1.079198 C865.000000,73.025414 865.000000,145.051453 864.634888,217.500671 C852.362488,223.837280 840.447632,229.735275 828.549438,235.666794 C782.143677,258.801056 735.743225,281.945923 688.998657,304.980469 C688.122009,304.476532 687.580750,304.087708 687.053894,303.680206 C639.556946,266.944733 573.006775,291.446869 560.804199,350.179443 C560.141357,353.369446 559.717590,356.609131 559.195374,359.748962 C474.522705,359.748962 390.283478,359.748962 306.088135,359.748962 C298.804138,318.894806 265.253357,295.206024 231.834442,293.306793 C201.003021,291.554596 169.912033,310.230042 156.935104,338.792725 C149.905151,354.265930 147.884064,370.379944 151.151794,387.034515 C155.204453,407.689667 166.300507,423.954224 183.344437,436.516663 C181.938263,437.607025 180.887405,438.409576 179.849426,439.228516 C147.141953,465.032562 139.918045,510.888947 163.388611,545.322632 C167.274551,551.023804 172.285187,555.958313 176.587341,561.495728 C125.846893,587.012817 75.302292,612.295532 24.735992,637.534790 C16.874903,641.458496 8.914484,645.183228 0.999997,649.000000 z"
  />
  <path
    fill="#000000"
    opacity="1.000000"
    stroke="none"
    d="M689.340759,305.086823 C735.743225,281.945923 782.143677,258.801056 828.549438,235.666794 C840.447632,229.735275 852.362488,223.837280 864.634888,217.961929 C865.000000,433.613190 865.000000,649.226379 865.000000,864.919800 C577.000000,864.919800 289.000000,864.919800 1.000000,864.919800 C1.000000,793.225708 1.000000,721.576721 0.999997,649.463867 C8.914484,645.183228 16.874903,641.458496 24.735992,637.534790 C75.302292,612.295532 125.846893,587.012817 176.939667,561.513062 C178.543060,562.085083 179.606812,562.886414 180.667526,563.691833 C225.656799,597.853394 291.232574,574.487244 304.462524,519.579773 C304.989105,517.394409 305.501068,515.205505 305.984619,513.166748 C391.466370,513.166748 476.422729,513.166748 561.331177,513.166748 C573.857727,555.764343 608.978149,572.880920 638.519897,572.672791 C671.048340,572.443665 700.623230,551.730408 711.658752,520.910583 C722.546875,490.502106 715.037842,453.265564 682.776733,429.447052 C683.966064,428.506866 685.119507,427.602356 686.265320,426.688232 C712.934143,405.412262 723.011475,370.684631 711.897339,338.686676 C707.312805,325.487671 699.185303,314.725128 689.340759,305.086823 z"
  />
  <path
    fill="#FEFBFC"
    opacity="1.000000"
    stroke="none"
    d="M688.998657,304.980469 C699.185303,314.725128 707.312805,325.487671 711.897339,338.686676 C723.011475,370.684631 712.934143,405.412262 686.265320,426.688232 C685.119507,427.602356 683.966064,428.506866 682.776733,429.447052 C715.037842,453.265564 722.546875,490.502106 711.658752,520.910583 C700.623230,551.730408 671.048340,572.443665 638.519897,572.672791 C608.978149,572.880920 573.857727,555.764343 561.331177,513.166748 C476.422729,513.166748 391.466370,513.166748 305.984619,513.166748 C305.501068,515.205505 304.989105,517.394409 304.462524,519.579773 C291.232574,574.487244 225.656799,597.853394 180.667526,563.691833 C179.606812,562.886414 178.543060,562.085083 177.128418,561.264465 C172.285187,555.958313 167.274551,551.023804 163.388611,545.322632 C139.918045,510.888947 147.141953,465.032562 179.849426,439.228516 C180.887405,438.409576 181.938263,437.607025 183.344437,436.516663 C166.300507,423.954224 155.204453,407.689667 151.151794,387.034515 C147.884064,370.379944 149.905151,354.265930 156.935104,338.792725 C169.912033,310.230042 201.003021,291.554596 231.834442,293.306793 C265.253357,295.206024 298.804138,318.894806 306.088135,359.748962 C390.283478,359.748962 474.522705,359.748962 559.195374,359.748962 C559.717590,356.609131 560.141357,353.369446 560.804199,350.179443 C573.006775,291.446869 639.556946,266.944733 687.053894,303.680206 C687.580750,304.087708 688.122009,304.476532 688.998657,304.980469 M703.311279,484.370789 C698.954468,457.053253 681.951416,440.229645 656.413696,429.482330 C673.953552,421.977875 688.014709,412.074219 696.456482,395.642365 C704.862061,379.280853 706.487793,362.316345 700.947998,344.809204 C691.688965,315.548492 664.183716,296.954437 633.103516,298.838257 C618.467957,299.725372 605.538086,305.139557 594.588501,314.780121 C577.473999,329.848511 570.185486,349.121399 571.838501,371.750854 C479.166595,371.750854 387.082886,371.750854 294.582672,371.750854 C293.993011,354.662048 288.485260,339.622314 276.940491,327.118439 C265.392609,314.611176 251.082092,307.205322 234.093262,305.960541 C203.355347,303.708374 176.337585,320.898438 166.089890,348.816620 C159.557541,366.613007 160.527206,384.117401 168.756042,401.172516 C177.054779,418.372589 191.471954,428.832886 207.526581,435.632172 C198.407059,442.272583 188.815598,448.302246 180.383728,455.660675 C171.685028,463.251984 166.849655,473.658661 163.940216,484.838684 C161.021744,496.053375 161.212982,507.259705 164.178833,518.426208 C171.577927,546.284302 197.338104,566.588867 226.001465,567.336853 C240.828415,567.723816 254.357819,563.819092 266.385468,555.199646 C284.811554,541.994751 293.631104,523.530579 294.687347,501.238312 C387.354828,501.238312 479.461304,501.238312 571.531799,501.238312 C577.616638,543.189026 615.312866,566.342102 651.310059,559.044739 C684.973938,552.220398 708.263306,519.393127 703.311279,484.370789 z"
  />
  <path
    fill="#EC008C"
    opacity="1.000000"
    stroke="none"
    d="M703.401855,484.804718 C708.263306,519.393127 684.973938,552.220398 651.310059,559.044739 C615.312866,566.342102 577.616638,543.189026 571.531799,501.238312 C479.461304,501.238312 387.354828,501.238312 294.687347,501.238312 C293.631104,523.530579 284.811554,541.994751 266.385468,555.199646 C254.357819,563.819092 240.828415,567.723816 226.001465,567.336853 C197.338104,566.588867 171.577927,546.284302 164.178833,518.426208 C161.212982,507.259705 161.021744,496.053375 163.940216,484.838684 C166.849655,473.658661 171.685028,463.251984 180.383728,455.660675 C188.815598,448.302246 198.407059,442.272583 207.526581,435.632172 C191.471954,428.832886 177.054779,418.372589 168.756042,401.172516 C160.527206,384.117401 159.557541,366.613007 166.089890,348.816620 C176.337585,320.898438 203.355347,303.708374 234.093262,305.960541 C251.082092,307.205322 265.392609,314.611176 276.940491,327.118439 C288.485260,339.622314 293.993011,354.662048 294.582672,371.750854 C387.082886,371.750854 479.166595,371.750854 571.838501,371.750854 C570.185486,349.121399 577.473999,329.848511 594.588501,314.780121 C605.538086,305.139557 618.467957,299.725372 633.103516,298.838257 C664.183716,296.954437 691.688965,315.548492 700.947998,344.809204 C706.487793,362.316345 704.862061,379.280853 696.456482,395.642365 C688.014709,412.074219 673.953552,421.977875 656.413696,429.482330 C681.951416,440.229645 698.954468,457.053253 703.401855,484.804718 z"
  />
 </svg>
--- a/docs/assets/gay
+++ b/docs/assets/gay
--- a/docs/deploying/generic.md
+++ b/docs/deploying/generic.md
@ -53,28 +53,6 @@ If wanting to build using standard Rust toolchains, make sure you install:
 You can build conduwuit using `cargo build --release --all-features`
 ## Migrating from Conduit
 As mentioned in the README, there is little to no steps needed to migrate
 from Conduit. As long as you are using the RocksDB database backend, just
 replace the binary / container image / etc.
 **WARNING**: As of conduwuit 0.5.0, all database and backwards compatibility
 with Conduit is no longer supported. We only support migrating *from* Conduit,
 not back to Conduit like before. If you are truly finding yourself wanting to
 migrate back to Conduit, we would appreciate all your feedback and if we can
 assist with any issues or concerns.
 **Note**: If you are relying on Conduit's "automatic delegation" feature,
 this will **NOT** work on conduwuit and you must configure delegation manually.
 This is not a mistake and no support for this feature will be added.
 If you are using SQLite, you **MUST** migrate to RocksDB. You can use this
 tool to migrate from SQLite to RocksDB: <https://github.com/ShadowJonathan/conduit_toolbox/>
 See the `[global.well_known]` config section, or configure your web server
 appropriately to send the delegation responses.
 ## Adding a conduwuit user
 While conduwuit can run as any user it is better to use dedicated users for
@ -167,25 +145,32 @@ sudo chmod 700 /var/lib/conduwuit/
 ## Setting up the Reverse Proxy
-Refer to the documentation or various guides online of your chosen reverse proxy
+We recommend Caddy as a reverse proxy, as it is trivial to use, handling TLS certificates, reverse proxy headers, etc transparently with proper defaults.
-software. There are many examples of basic Apache/Nginx reverse proxy setups
+For other software, please refer to their respective documentation or online guides.
 out there.
-A [Caddy](https://caddyserver.com/) example will be provided as this
+### Caddy
 is the recommended reverse proxy for new users and is very trivial to use
 (handles TLS, reverse proxy headers, etc transparently with proper defaults).
-Lighttpd is not supported as it seems to mess with the `X-Matrix` Authorization
+After installing Caddy via your preferred method, create `/etc/caddy/conf.d/conduwuit_caddyfile`
-header, making federation non-functional. If a workaround is found, feel free to share to get it added to the documentation here.
+and enter this (substitute for your server name).
-If using Apache, you need to use `nocanon` in your `ProxyPass` directive to prevent this (note that Apache isn't very good as a general reverse proxy and we discourage the usage of it if you can).
+```caddyfile
 your.server.name, your.server.name:8448 {
    # TCP reverse_proxy
    reverse_proxy 127.0.0.1:6167
    # UNIX socket
    #reverse_proxy unix//run/conduwuit/conduwuit.sock
 }
 ```
-If using Nginx, you need to give conduwuit the request URI using `$request_uri`, or like so:
+That's it! Just start and enable the service and you're set.
 - `proxy_pass http://127.0.0.1:6167$request_uri;`
 - `proxy_pass http://127.0.0.1:6167;`
-Nginx users need to increase `client_max_body_size` (default is 1M) to match
+```bash
-`max_request_size` defined in conduwuit.toml.
+sudo systemctl enable --now caddy
 ```
 ### Other Reverse Proxies
 As we would prefer our users to use Caddy, we will not provide configuration files for other proxys.
 You will need to reverse proxy everything under following routes:
 - `/_matrix/` - core Matrix C-S and S-S APIs
@ -208,25 +193,19 @@ Examples of delegation:
 - <https://puppygock.gay/.well-known/matrix/server>
 - <https://puppygock.gay/.well-known/matrix/client>
-### Caddy
+For Apache and Nginx there are many examples available online.
-Create `/etc/caddy/conf.d/conduwuit_caddyfile` and enter this (substitute for
+Lighttpd is not supported as it seems to mess with the `X-Matrix` Authorization
-your server name).
+header, making federation non-functional. If a workaround is found, feel free to share to get it added to the documentation here.
-```caddyfile
+If using Apache, you need to use `nocanon` in your `ProxyPass` directive to prevent httpd from messing with the `X-Matrix` header (note that Apache isn't very good as a general reverse proxy and we discourage the usage of it if you can).
 your.server.name, your.server.name:8448 {
    # TCP reverse_proxy
    reverse_proxy 127.0.0.1:6167
    # UNIX socket
    #reverse_proxy unix//run/conduwuit/conduwuit.sock
 }
 ```
-That's it! Just start and enable the service and you're set.
+If using Nginx, you need to give conduwuit the request URI using `$request_uri`, or like so:
 - `proxy_pass http://127.0.0.1:6167$request_uri;`
 - `proxy_pass http://127.0.0.1:6167;`
-```bash
+Nginx users need to increase `client_max_body_size` (default is 1M) to match
-sudo systemctl enable --now caddy
+`max_request_size` defined in conduwuit.toml.
 ```
 ## You're done
--- a/docs/development/hot_reload.md
+++ b/docs/development/hot_reload.md
@ -1,5 +1,8 @@
 # Hot Reloading ("Live" Development)
 Note that hot reloading has not been refactored in quite a while and is not
 guaranteed to work at this time.
 ### Summary
 When developing in debug-builds with the nightly toolchain, conduwuit is modular
--- a/docs/development/testing.md
+++ b/docs/development/testing.md
@ -5,12 +5,11 @@
 Have a look at [Complement's repository][complement] for an explanation of what
 it is.
-To test against Complement, with Nix (or [Lix](https://lix.systems) and direnv
+To test against Complement, with Nix (or [Lix](https://lix.systems) and
-installed and set up, you can:
+[direnv installed and set up][direnv] (run `direnv allow` after setting up the hook), you can:
-* Run `./bin/complement "$COMPLEMENT_SRC" ./path/to/logs.jsonl
+* Run `./bin/complement "$COMPLEMENT_SRC"` to build a Complement image, run
-./path/to/results.jsonl` to build a Complement image, run the tests, and output
+the tests, and output the logs and results to the specified paths. This will also output the OCI image
 the logs and results to the specified paths. This will also output the OCI image
 at `result`
 * Run `nix build .#complement` from the root of the repository to just build a
 Complement OCI image outputted to `result` (it's a `.tar.gz` file)
@ -18,5 +17,15 @@ Complement OCI image outputted to `result` (it's a `.tar.gz` file)
 output from the commit/revision you want to test (e.g. from main)
 [here][ci-workflows]
 If you want to use your own prebuilt OCI image (such as from our CI) without needing
 Nix installed, put the image at `complement_oci_image.tar.gz` in the root of the repo
 and run the script.
 If you're on macOS and need to build an image, run `nix build .#linux-complement`.
 We have a Complement fork as some tests have needed to be fixed. This can be found
 at: <https://github.com/girlbossceo/complement>
 [ci-workflows]: https://github.com/girlbossceo/conduwuit/actions/workflows/ci.yml?query=event%3Apush+is%3Asuccess+actor%3Agirlbossceo
 [complement]: https://github.com/matrix-org/complement
 [direnv]: https://direnv.net/docs/hook.html
--- a/docs/differences.md
+++ b/docs/differences.md
@ -1,379 +0,0 @@
 #### **Note: This list may not up to date. There are rapidly more and more
 improvements, fixes, changes, etc being made that it is becoming more difficult
 to maintain this list. I recommend that you give conduwuit a try and see the
 differences for yourself. If you have any concerns, feel free to join the
 conduwuit Matrix room and ask any pre-usage questions.**
 ### list of features, bug fixes, etc that conduwuit does that Conduit does not
 Outgoing typing indicators, outgoing read receipts, **and** outgoing presence!
 ## Performance
 - Concurrency support for individual homeserver key fetching for faster remote
 room joins and room joins that will error less frequently
 - Send `Cache-Control` response header with `immutable` and 1 year cache length
 for all media requests (download and thumbnail) to instruct clients to cache
 media, and reduce server load from media requests that could be otherwise cached
 - Add feature flags and config options to enable/build with zstd, brotli, and/or
 gzip HTTP body compression (response and request)
 - Eliminate all usage of the thread-blocking `getaddrinfo(3)` call upon DNS
 queries, significantly improving federation latency/ping and cache DNS results
 (NXDOMAINs, successful queries, etc) using hickory-dns / hickory-resolver
 - Enable HTTP/2 support on all requests
 - Vastly improve RocksDB default settings to use new features that help with
 performance significantly, uses settings tailored to SSDs, various ways to tweak
 RocksDB, and a conduwuit setting to tell RocksDB to use settings that are
 tailored to HDDs or slow spinning rust storage or buggy filesystems.
 - Implement database flush and cleanup conduwuit operations when using RocksDB
 - Implement RocksDB write buffer corking and coalescing in database write-heavy
 areas
 - Perform connection pooling and keepalives where necessary to significantly
 improve federation performance and latency
 - Various config options to tweak connection pooling, request timeouts,
 connection timeouts, DNS timeouts and settings, etc with good defaults which
 also help huge with performance via reusing connections and retrying where
 needed
 - Properly get and use the amount of parallelism / tokio workers
 - Implement building conduwuit with jemalloc (which extends to the RocksDB
 jemalloc feature for maximum gains) or hardened_malloc light variant, and
 io_uring support, and produce CI builds with jemalloc and io_uring by default
 for performance (Nix doesn't seem to build
 [hardened_malloc-rs](https://github.com/girlbossceo/hardened_malloc-rs)
 properly)
 - Add support for caching DNS results with hickory-dns / hickory-resolver in
 conduwuit (not a replacement for a proper resolver cache, but still far better
 than nothing), also properly falls back on TCP for UDP errors or if a SRV
 response is too large
 - Add config option for using DNS over TCP, and config option for controlling
 A/AAAA record lookup strategy (e.g. don't query AAAA records if you don't have
 IPv6 connectivity)
 - Overall significant database, Client-Server, and federation performance and
 latency improvements (check out the ping room leaderboards if you don't believe
 me :>)
 - Add config options for RocksDB compression and bottommost compression,
 including choosing the algorithm and compression level
 - Use [loole](https://github.com/mahdi-shojaee/loole) MPSC channels instead of
 tokio MPSC channels for huge performance boosts in sending channels (mainly
 relevant for federation) and presence channels
 - Use `tracing`/`log`'s `release_max_level_info` feature to improve performance,
 build speeds, binary size, and CPU usage in release builds by avoid compiling
 debug/trace log level macros that users will generally never use (can be
 disabled with a build-time feature flag)
 - Remove some unnecessary checks on EDU handling for incoming transactions,
 effectively speeding them up
 - Simplify, dedupe, etc huge chunks of the codebase, including some that were
 unnecessary overhead, binary bloats, or preventing compiler/linker optimisations
 - Implement zero-copy RocksDB database accessors, substantially improving
 performance caused by unnecessary memory allocations
 ## General Fixes/Features
 - Add legacy Element client hack fixing password changes and deactivations on
 legacy Element Android/iOS due to usage of an unspecced `user` field for UIAA
 - Raise and improve all the various request timeouts making some things like
 room joins and client bugs error less or none at all than they should, and make
 them all user configurable
 - Add missing `reason` field to user ban events (`/ban`)
 - Safer and cleaner shutdowns across incoming/outgoing requests (graceful
 shutdown) and the database
 - Stop sending `make_join` requests on room joins if 15 servers respond with
 `M_UNSUPPORTED_ROOM_VERSION` or `M_INVALID_ROOM_VERSION`
 - Stop sending `make_join` requests if 50 servers cannot provide `make_join` for
 us
 - Respect *most* client parameters for `/media/` requests (`allow_redirect`
 still needs work)
 - Return joined member count of rooms for push rules/conditions instead of a
 hardcoded value of 10
 - Make `CONDUIT_CONFIG` optional, relevant for container users that configure
 only by environment variables and no longer need to set `CONDUIT_CONFIG` to an
 empty string.
 - Allow HEAD and PATCH (MSC4138) HTTP requests in CORS for clients (despite not
 being explicity mentioned in Matrix spec, HTTP spec says all HEAD requests need
 to behave the same as GET requests, Synapse supports HEAD requests)
 - Fix using conduwuit with flake-compat on NixOS
 - Resolve and remove some "features" from upstream that result in concurrency
 hazards, exponential backoff issues, or arbitrary performance limiters
 - Find more servers for outbound federation `/hierarchy` requests instead of
 just the room ID server name
 - Support for suggesting servers to join through at
 `/_matrix/client/v3/directory/room/{roomAlias}`
 - Support for suggesting servers to join through us at
 `/_matrix/federation/v1/query/directory`
 - Misc edge-case search fixes (e.g. potentially missing some events)
 - Misc `/sync` fixes (e.g. returning unnecessary data or incorrect/invalid
 responses)
 - Add `replaces_state` and `prev_sender` in `unsigned` for state event changes
 which primarily makes Element's "See history" button on a state event functional
 - Fix Conduit not allowing incoming federation requests for various world
 readable rooms
 - Fix Conduit not respecting the client-requested file name on media requests
 - Prevent sending junk / non-membership events to `/send_join` and `/send_leave`
 endpoints
 - Only allow the requested membership type on `/send_join` and `/send_leave`
 endpoints (e.g. don't allow leave memberships on join endpoints)
 - Prevent state key impersonation on `/send_join` and `/send_leave` endpoints
 - Validate `X-Matrix` origin and request body `"origin"` field on incoming
 transactions
 - Add `GET /_matrix/client/v1/register/m.login.registration_token/validity`
 endpoint
 - Explicitly define support for sliding sync at `/_matrix/client/versions`
 (`org.matrix.msc3575`)
 - Fix seeing empty status messages on user presences
 ## Moderation
 - (Also see [Admin Room](#admin-room) for all the admin commands pertaining to
 moderation, there's a lot!)
 - Add support for room banning/blocking by ID using admin command
 - Add support for serving `support` well-known from `[global.well_known]`
 (MSC1929) (`/.well-known/matrix/support`)
 - Config option to forbid publishing rooms to the room directory
 (`lockdown_public_room_directory`) except for admins
 - Admin commands to delete room aliases and unpublish rooms from our room
 directory
 - For all
 [`/report`](https://spec.matrix.org/latest/client-server-api/#post_matrixclientv3roomsroomidreporteventid)
 requests: check if the reported event ID belongs to the reported room ID, raise
 report reasoning character limit to 750, fix broken formatting, make a small
 delayed random response per spec suggestion on privacy, and check if the sender
 user is in the reported room.
 - Support blocking servers from downloading remote media from, returning a 404
 - Don't allow `m.call.invite` events to be sent in public rooms (prevents
 calling the entire room)
 - On new public room creations, only allow moderators to send `m.call.invite`,
 `org.matrix.msc3401.call`, and `org.matrix.msc3401.call.member` events to
 prevent unprivileged users from calling the entire room
 - Add support for a "global ACLs" feature (`forbidden_remote_server_names`) that
 blocks inbound remote room invites, room joins by room ID on server name, room
 joins by room alias on server name, incoming federated joins, and incoming
 federated room directory requests. This is very helpful for blocking servers
 that are purely toxic/bad and serve no value in allowing our users to suffer
 from things like room invite spam or such. Please note that this is not a
 substitute for room ACLs.
 - Add support for a config option to forbid our local users from sending
 federated room directory requests for
 (`forbidden_remote_room_directory_server_names`). Similar to above, useful for
 blocking servers that help prevent our users from wandering into bad areas of
 Matrix via room directories of those malicious servers.
 - Add config option for auto remediating/deactivating local non-admin users who
 attempt to join bad/forbidden rooms (`auto_deactivate_banned_room_attempts`)
 - Deactivating users will remove their profile picture, blurhash, display name,
 and leave all rooms by default just like Synapse and for additional privacy
 - Reject some EDUs from ACL'd users such as read receipts and typing indicators
 ## Privacy/Security
 - Add config option for device name federation with a privacy-friendly default
 (disabled)
 - Add config option for requiring authentication to the `/publicRooms` endpoint
 (room directory) with a default enabled for privacy
 - Add config option for federating `/publicRooms` endpoint (room directory) to
 other servers with a default disabled for privacy
 - Uses proper `argon2` crate by RustCrypto instead of questionable `rust-argon2`
 crate
 - Generate passwords with 25 characters instead of 15
 - Config option `ip_range_denylist` to support refusing to send requests
 (typically federation) to specific IP ranges, typically RFC 1918, non-routable,
 testnet, etc addresses like Synapse for security (note: this is not a guaranteed
 protection, and you should be using a firewall with zones if you want guaranteed
 protection as doing this on the application level is prone to bypasses).
 - Config option to block non-admin users from sending room invites or receiving
 remote room invites. Admin users are still allowed.
 - Config option to disable incoming and/or outgoing remote read receipts
 - Config option to disable incoming and/or outgoing remote typing indicators
 - Config option to disable incoming, outgoing, and/or local presence and for
 timing out remote users
 - Sanitise file names for the `Content-Disposition` header for all media
 requests (thumbnails, downloads, uploads)
 - Media repository on handling `Content-Disposition` and `Content-Type` is fully
 spec compliant and secured
 - Send secure default HTTP headers such as a strong restrictive CSP (see
 MSC4149), deny iframes, disable `X-XSS-Protection`, disable interest cohort in
 `Permission-Policy`, etc to mitigate any potential attack surface such as from
 untrusted media
 ## Administration/Logging
 - Commandline argument to specify the path to a config file instead of relying
 on `CONDUIT_CONFIG`
 - Revamped admin room infrastructure and commands
 - Substantially clean up, improve, and fix logging (less noisy dead server
 logging, registration attempts, more useful troubleshooting logging, proper
 error propagation, etc)
 - Configurable RocksDB logging (`LOG` files) with proper defaults (rotate, max
 size, verbosity, etc) to stop LOG files from accumulating so much
 - Explicit startup error if your configuration allows open registration without
 a token or such like Synapse with a way to bypass it if needed
 - Replace the lightning bolt emoji option with support for setting any arbitrary
 text (e.g. another emoji) to suffix to all new user registrations, with a
 conduwuit default of "🏳️‍⚧️"
 - Implement config option to auto join rooms upon registration
 - Warn on unknown config options specified
 - Add `/_conduwuit/server_version` route to return the version of conduwuit
 without relying on the federation API `/_matrix/federation/v1/version`
 - Add `/_conduwuit/local_user_count` route to return the amount of registered
 active local users on your homeserver *if federation is enabled*
 - Add configurable RocksDB recovery modes to aid in recovering corrupted RocksDB
 databases
 - Support config options via `CONDUWUIT_` prefix and accessing non-global struct
 config options with the `__` split (e.g. `CONDUWUIT_WELL_KNOWN__SERVER`)
 - Add support for listening on multiple TCP ports and multiple addresses
 - **Opt-in** Sentry.io telemetry and metrics, mainly used for crash reporting
 - Log the client IP on various requests such as registrations, banned room join
 attempts, logins, deactivations, federation transactions, etc
 - Fix Conduit dropping some remote server federation response errors
 ## Maintenance/Stability
 - GitLab CI ported to GitHub Actions
 - Add support for the Matrix spec compliance test suite
 [Complement](https://github.com/matrix-org/complement/) via the Nix flake and
 various other fixes for it
 - Implement running and diff'ing Complement results in CI and error if any
 mismatch occurs to prevent large cases of conduwuit regressions
 - Repo is (officially) mirrored to GitHub, GitLab, git.gay, git.girlcock.ceo,
 sourcehut, and Codeberg (see README.md for their links)
 - Docker container images published to GitLab Container Registry, GitHub
 Container Registry, and Dockerhub
 - Extensively revamp the example config to be extremely helpful and useful to
 both new users and power users
 - Fixed every single clippy (default lints) and rustc warnings, including some
 that were performance related or potential safety issues / unsoundness
 - Add a **lot** of other clippy and rustc lints and a rustfmt.toml file
 - Repo uses [Renovate](https://docs.renovatebot.com/) and keeps ALL
 dependencies as up to date as possible
 - Purge unmaintained/irrelevant/broken database backends (heed, sled, persy) and
 other unnecessary code or overhead
 - webp support for images
 - Add cargo audit support to CI
 - Add documentation lints via lychee and markdownlint-cli to CI
 - CI tests for all sorts of feature matrixes (jemalloc, non-defaullt, all
 features, etc)
 - Add static and dynamic linking smoke tests in CI to prevent any potential
 linking regressions for Complement, static binaries, Nix devshells, etc
 - Add timestamp by commit date when building OCI images for keeping image build
 reproducibility and still have a meaningful "last modified date" for OCI image
 - Add timestamp by commit date via `SOURCE_DATE_EPOCH` for Debian packages
 - Startup check if conduwuit running in a container and is listening on
 127.0.0.1 (generally containers are using NAT networking and 0.0.0.0 is the
 intended listening address)
 - Add a panic catcher layer to return panic messages in HTTP responses if a
 panic occurs
 - Add full compatibility support for SHA256 media file names instead of base64
 file names to overcome filesystem file name length limitations (OS error file
 name too long) while still retaining upstream database compatibility
 - Remove SQLite support due to being very poor performance, difficult to
 maintain against RocksDB, and is a blocker to significantly improved database
 code
 ## Admin Room
 - Add support for a console CLI interface that can issue admin commands and
 output them in your terminal
 - Add support for an admin-user-only commandline admin room interface that can
 be issued in any room with the `\\!admin` or `\!admin` prefix and returns the
 response as yourself in the same room
 - Add admin commands for uptime, server startup, server shutdown, and server
 restart
 - Fix admin room handler to not panic/crash if the admin room command response
 fails (e.g. too large message)
 - Add command to dynamically change conduwuit's tracing log level filter on the
 fly
 - Add admin command to fetch a server's `/.well-known/matrix/support` file
 - Add debug admin command to force update user device lists (could potentially
 resolve some E2EE flukes)
 - Implement **RocksDB online backups**, listing RocksDB backups, and listing
 database file counts all via admin commands
 - Add various database visibility commands such as being able to query the
 getters and iterators used in conduwuit, a very helpful online debugging utility
 - Forbid the admin room from being made public or world readable history
 - Add `!admin` as a way to call the admin bot
 - Extend clear cache admin command to support clearing more caches such as DNS
 and TLS name overrides
 - Admin debug command to send a federation request/ping to a server's
 `/_matrix/federation/v1/version` endpoint and measures the latency it took
 - Add admin command to bulk delete media via a codeblock list of MXC URLs.
 - Add admin command to delete both the thumbnail and media MXC URLs from an
 event ID (e.g. from an abuse report)
 - Add admin command to list all the rooms a local user is joined in
 - Add admin command to list joined members in a room
 - Add admin command to view the room topic of a room
 - Add admin command to delete all remote media in the past X minutes as a form
 of deleting media that you don't want on your server that a remote user posted
 in a room, a `--force` flag to ignore errors, and support for reading `last
 modified time` instead of `creation time` for filesystems that don't support
 file created metadata
 - Add admin command to return a room's full/complete state
 - Admin debug command to fetch a PDU from a remote server and inserts it into
 our database/timeline as backfill
 - Add admin command to delete media via a specific MXC. This deletes the MXC
 from our database, and the file locally.
 - Add admin commands for banning (blocking) room IDs from our local users
 joining (admins are always allowed) and evicts all our local users from that
 room, in addition to bulk room banning support, and blocks room invites (remote
 and local) to the banned room, as a moderation feature
 - Add admin commands to output jemalloc memory stats and memory usage
 - Add admin command to get rooms a *remote* user shares with us
 - Add debug admin commands to get the earliest and latest PDU in a room
 - Add debug admin command to echo a message
 - Add admin command to insert rooms tags for a user, most useful for inserting
 the `m.server_notice` tag on your admin room to make it "persistent" in the
 "System Alerts" section of Element
 - Add experimental admin debug command for Dendrite's `AdminDownloadState`
 (`/admin/downloadState/{serverName}/{roomID}`) admin API endpoint to download
 and use a remote server's room state in the room
 - Disable URL previews by default in the admin room due to various command
 outputs having "URLs" in them that clients may needlessly render/request
 - Extend memory usage admin server command to support showing memory allocator
 stats such as jemalloc's
 - Add admin debug command to see memory allocator's full extended debug
 statistics such as jemalloc's
 ## Misc
 - Add guest support for accessing TURN servers via `turn_allow_guests` like
 Synapse
 - Support for creating rooms with custom room IDs like Maunium Synapse
 (`room_id` request body field to `/createRoom`)
 - Query parameter `?format=event|content` for returning either the room state
 event's content (default) for the full room state event on
 `/_matrix/client/v3/rooms/{roomId}/state/{eventType}[/{stateKey}]` requests (see
 <https://github.com/matrix-org/matrix-spec/issues/1047>)
 - Send a User-Agent on all of our requests
 - Send `avatar_url` on invite room membership events/changes
 - Support sending [`well_known` response to client login
 responses](https://spec.matrix.org/v1.10/client-server-api/#post_matrixclientv3login)
 if using config option `[well_known.client]`
 - Implement `include_state` search criteria support for `/search` requests
 (response now can include room states)
 - Declare various missing Matrix versions and features at
 `/_matrix/client/versions`
 - Implement legacy Matrix `/v1/` media endpoints that some clients and servers
 may still call
 - Config option to change Conduit's behaviour of homeserver key fetching
 (`query_trusted_key_servers_first`). This option sets whether conduwuit will
 query trusted notary key servers first before the individual homeserver(s), or
 vice versa which may help in joining certain rooms.
 - Implement unstable MSC2666 support for querying mutual rooms with a user
 - Implement unstable MSC3266 room summary API support
 - Implement unstable MSC4125 support for specifying servers to join via on
 federated invites
 - Make conduwuit build and be functional under Nix + macOS
 - Log out all sessions after unsetting the emergency password
 - Assume well-knowns are broken if they exceed past 12288 characters.
 - Add support for listening on both HTTP and HTTPS if using direct TLS with
 conduwuit for usecases such as Complement
 - Add config option for disabling RocksDB Direct IO if needed
 - Add various documentation on maintaining conduwuit, using RocksDB online
 backups, some troubleshooting, using admin commands, moderation documentation,
 etc
 - (Developers): Add support for [hot reloadable/"live" modular
 development](development/hot_reload.md)
 - (Developers): Add support for tokio-console
 - (Developers): Add support for tracing flame graphs
 - No cryptocurrency donations allowed, conduwuit is fully maintained by
 independent queer maintainers, and with a strong priority on inclusitivity and
 comfort for protected groups 🏳️‍⚧️
 - [Add a community Code of Conduct for all conduwuit community spaces, primarily
 the Matrix space](https://conduwuit.puppyirl.gay/conduwuit_coc.html)
--- a/docs/introduction.md
+++ b/docs/introduction.md
@ -4,10 +4,6 @@
 {{#include ../README.md:body}}
 #### What's different about your fork than upstream Conduit?
 See the [differences](differences.md) page
 #### How can I deploy my own?
 - [Deployment options](deploying.md)
--- a/engage.toml
+++ b/engage.toml
@ -161,24 +161,6 @@ name = "markdownlint"
 group = "lints"
 script = "markdownlint docs *.md || true" # TODO: fix the ton of markdown lints so we can drop `|| true`
 [[task]]
 name = "cargo/all"
 group = "tests"
 script = """
 env DIRENV_DEVSHELL=all-features \
    direnv exec . \
    cargo test \
        --workspace \
        --locked \
        --profile test \
        --all-targets \
        --no-fail-fast \
        --all-features \
        --color=always \
        -- \
        --color=always
 """
 [[task]]
 name = "cargo/default"
 group = "tests"
@ -196,24 +178,6 @@ env DIRENV_DEVSHELL=default \
        --color=always
 """
 [[task]]
 name = "cargo/no-features"
 group = "tests"
 script = """
 env DIRENV_DEVSHELL=no-features \
    direnv exec . \
    cargo test \
        --workspace \
        --locked \
        --profile test \
        --all-targets \
        --no-fail-fast \
        --no-default-features \
        --color=always \
        -- \
        --color=always
 """
 # Checks if the generated example config differs from the checked in repo's
 # example config.
 [[task]]
--- a/flake.lock
+++ b/flake.lock
@ -80,11 +80,11 @@
    "complement": {
      "flake": false,
      "locked": {
-        "lastModified": 1741378155,
+        "lastModified": 1741891349,
-        "narHash": "sha256-rJSfqf3q4oWxcAwENtAowLZeCi8lktwKVH9XQvvZR64=",
+        "narHash": "sha256-YvrzOWcX7DH1drp5SGa+E/fc7wN3hqFtPbqPjZpOu1Q=",
        "owner": "girlbossceo",
        "repo": "complement",
-        "rev": "1502a00d8551d0f6e8954a23e43868877c3e57d9",
+        "rev": "e587b3df569cba411aeac7c20b6366d03c143745",
        "type": "github"
      },
      "original": {
--- a/flake.nix
+++ b/flake.nix
@ -26,7 +26,7 @@
        file = ./rust-toolchain.toml;
        # See also `rust-toolchain.toml`
-        sha256 = "sha256-AJ6LX/Q/Er9kS15bn9iflkUwcgYqRQxiOIL2ToVAXaU=";
+        sha256 = "sha256-X/4ZBHO3iW0fOenQ3foEvscgAPJYl2abspaBThDOukI=";
      };
      mkScope = pkgs: pkgs.lib.makeScope pkgs.newScope (self: {
--- a/nix/pkgs/complement/certificate.crt
+++ b/nix/pkgs/complement/certificate.crt
@ -0,0 +1,21 @@
 -----BEGIN CERTIFICATE-----
 MIIDfzCCAmegAwIBAgIUcrZdSPmCh33Evys/U6mTPpShqdcwDQYJKoZIhvcNAQEL
 BQAwPzELMAkGA1UEBhMCNjkxCzAJBgNVBAgMAjQyMRUwEwYDVQQKDAx3b29mZXJz
 IGluYy4xDDAKBgNVBAMMA2hzMTAgFw0yNTAzMTMxMjU4NTFaGA8yMDUyMDcyODEy
 NTg1MVowPzELMAkGA1UEBhMCNjkxCzAJBgNVBAgMAjQyMRUwEwYDVQQKDAx3b29m
 ZXJzIGluYy4xDDAKBgNVBAMMA2hzMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
 AQoCggEBANL+h2ZmK/FqN5uLJPtIy6Feqcyb6EX7MQBEtxuJ56bTAbjHuCLZLpYt
 /wOWJ91drHqZ7Xd5iTisGdMu8YS803HSnHkzngf4VXKhVrdzW2YDrpZRxmOhtp88
 awOHmP7mqlJyBbCOQw8aDVrT0KmEIWzA7g+nFRQ5Ff85MaP+sQrHGKZbo61q8HBp
 L0XuaqNckruUKtxnEqrm5xx5sYyYKg7rrSFE5JMFoWKB1FNWJxyWT42BhGtnJZsK
 K5c+NDSOU4TatxoN6mpNSBpCz/a11PiQHMEfqRk6JA4g3911dqPTfZBevUdBh8gl
 8maIzqeZGhvyeKTmull1Y0781yyuj98CAwEAAaNxMG8wCQYDVR0TBAIwADALBgNV
 HQ8EBAMCBPAwNgYDVR0RBC8wLYIRKi5kb2NrZXIuaW50ZXJuYWyCA2hzMYIDaHMy
 ggNoczOCA2hzNIcEfwAAATAdBgNVHQ4EFgQUr4VYrmW1d+vjBTJewvy7fJYhLDYw
 DQYJKoZIhvcNAQELBQADggEBADkYqkjNYxjWX8hUUAmFHNdCwzT1CpYe/5qzLiyJ
 irDSdMlC5g6QqMUSrpu7nZxo1lRe1dXGroFVfWpoDxyCjSQhplQZgtYqtyLfOIx+
 HQ7cPE/tUU/KsTGc0aL61cETB6u8fj+rQKUGdfbSlm0Rpu4v0gC8RnDj06X/hZ7e
 VkWU+dOBzxlqHuLlwFFtVDgCyyTatIROx5V+GpMHrVqBPO7HcHhwqZ30k2kMM8J3
 y1CWaliQM85jqtSZV+yUHKQV8EksSowCFJuguf+Ahz0i0/koaI3i8m4MRN/1j13d
 jbTaX5a11Ynm3A27jioZdtMRty6AJ88oCp18jxVzqTxNNO4=
 -----END CERTIFICATE-----
--- a/nix/pkgs/complement/config.toml
+++ b/nix/pkgs/complement/config.toml
@ -6,7 +6,7 @@ allow_public_room_directory_over_federation = true
 allow_public_room_directory_without_auth = true
 allow_registration = true
 database_path = "/database"
-log = "trace,h2=warn,hyper=warn"
+log = "trace,h2=debug,hyper=debug"
 port = [8008, 8448]
 trusted_servers = []
 only_query_trusted_key_servers = false
@ -19,11 +19,11 @@ url_preview_domain_explicit_denylist = ["*"]
 media_compat_file_link = false
 media_startup_check = true
 prune_missing_media = true
-log_colors = false
+log_colors = true
 admin_room_notices = false
 allow_check_for_updates = false
 intentionally_unknown_config_option_for_testing = true
-rocksdb_log_level = "debug"
+rocksdb_log_level = "info"
 rocksdb_max_log_files = 1
 rocksdb_recovery_mode = 0
 rocksdb_paranoid_file_checks = true
--- a/nix/pkgs/complement/default.nix
+++ b/nix/pkgs/complement/default.nix
@ -3,10 +3,8 @@
 , buildEnv
 , coreutils
 , dockerTools
 , gawk
 , lib
 , main
 , openssl
 , stdenv
 , tini
 , writeShellScriptBin
@ -42,21 +40,6 @@ let
  start = writeShellScriptBin "start" ''
    set -euxo pipefail
    cp ${./v3.ext} /complement/v3.ext
    echo "DNS.1 = $SERVER_NAME" >> /complement/v3.ext
    echo "IP.1 = $(${lib.getExe gawk} 'END{print $1}' /etc/hosts)" \
      >> /complement/v3.ext
    ${lib.getExe openssl} x509 \
      -req \
      -extfile /complement/v3.ext \
      -in ${./signing_request.csr} \
      -CA /complement/ca/ca.crt \
      -CAkey /complement/ca/ca.key \
      -CAcreateserial \
      -out /complement/certificate.crt \
      -days 1 \
      -sha256
    ${lib.getExe' coreutils "env"} \
      CONDUWUIT_SERVER_NAME="$SERVER_NAME" \
      ${lib.getExe main'}
@ -93,7 +76,7 @@ dockerTools.buildImage {
    Env = [
      "CONDUWUIT_TLS__KEY=${./private_key.key}"
-      "CONDUWUIT_TLS__CERTS=/complement/certificate.crt"
+      "CONDUWUIT_TLS__CERTS=${./certificate.crt}"
      "CONDUWUIT_CONFIG=${./config.toml}"
      "RUST_BACKTRACE=full"
    ];
--- a/nix/pkgs/complement/signing_request.csr
+++ b/nix/pkgs/complement/signing_request.csr
@ -1,16 +1,16 @@
 -----BEGIN CERTIFICATE REQUEST-----
-MIICkTCCAXkCAQAwTDELMAkGA1UEBhMCNjkxCzAJBgNVBAgMAjQyMRYwFAYDVQQK
+MIIChDCCAWwCAQAwPzELMAkGA1UEBhMCNjkxCzAJBgNVBAgMAjQyMRUwEwYDVQQK
-DA13b29mZXJzLCBpbmMuMRgwFgYDVQQDDA9jb21wbGVtZW50LW9ubHkwggEiMA0G
+DAx3b29mZXJzIGluYy4xDDAKBgNVBAMMA2hzMTCCASIwDQYJKoZIhvcNAQEBBQAD
-CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDS/odmZivxajebiyT7SMuhXqnMm+hF
+ggEPADCCAQoCggEBANL+h2ZmK/FqN5uLJPtIy6Feqcyb6EX7MQBEtxuJ56bTAbjH
-+zEARLcbieem0wG4x7gi2S6WLf8DlifdXax6me13eYk4rBnTLvGEvNNx0px5M54H
+uCLZLpYt/wOWJ91drHqZ7Xd5iTisGdMu8YS803HSnHkzngf4VXKhVrdzW2YDrpZR
-+FVyoVa3c1tmA66WUcZjobafPGsDh5j+5qpScgWwjkMPGg1a09CphCFswO4PpxUU
+xmOhtp88awOHmP7mqlJyBbCOQw8aDVrT0KmEIWzA7g+nFRQ5Ff85MaP+sQrHGKZb
-ORX/OTGj/rEKxximW6OtavBwaS9F7mqjXJK7lCrcZxKq5uccebGMmCoO660hROST
+o61q8HBpL0XuaqNckruUKtxnEqrm5xx5sYyYKg7rrSFE5JMFoWKB1FNWJxyWT42B
-BaFigdRTVicclk+NgYRrZyWbCiuXPjQ0jlOE2rcaDepqTUgaQs/2tdT4kBzBH6kZ
+hGtnJZsKK5c+NDSOU4TatxoN6mpNSBpCz/a11PiQHMEfqRk6JA4g3911dqPTfZBe
-OiQOIN/ddXaj032QXr1HQYfIJfJmiM6nmRob8nik5rpZdWNO/Ncsro/fAgMBAAGg
+vUdBh8gl8maIzqeZGhvyeKTmull1Y0781yyuj98CAwEAAaAAMA0GCSqGSIb3DQEB
-ADANBgkqhkiG9w0BAQsFAAOCAQEAjW+aD4E0phtRT5b2RyedY1uiSe7LQECsQnIO
+CwUAA4IBAQDR/gjfxN0IID1MidyhZB4qpdWn3m6qZnEQqoTyHHdWalbfNXcALC79
-wUSyGGG1GXYlJscyxxyzE9W9+QIALrxZkmc/+e02u+bFb1zQXW/uB/7u7FgXzrj6
+ffS+Smx40N5hEPvqy6euR89N5YuYvt8Hs+j7aWNBn7Wus5Favixcm2JcfCTJn2R3
-2YSDiWYXiYKvgGWEfCi3lpcTJK9x6WWkR+iREaoKRjcl0ynhhGuR7YwP38TNyu+z
+r8FefuSs2xGkoyGsPFFcXE13SP/9zrZiwvOgSIuTdz/Pbh6GtEx7aV4DqHJsrXnb
-FN6B1Lo398fvJkaTCiiHngWiwztXZ2d0MxkicuwZ1LJhIQA72OTl3QoRb5uiqbze
+XuPxpQleoBqKvQgSlmaEBsJg13TQB+Fl2foBVUtqAFDQiv+RIuircf0yesMCKJaK
-T9QJfU6W3v8cB8c8PuKMv5gl1QsGNtlfyQB56/X0cMxWl25vWXd2ankLkAGRTDJ8
+MPH4Oo+r3pR8lI8ewfJPreRhCoV+XrGYMubaakz003TJ1xlOW8M+N9a6eFyMVh76
-9YZHxP1ki4/yh75AknFq02nCOsmxYrAazCYgP2TzIPhQwBurKQ==
+U1nY/KP8Ua6Lgaj9PRz7JCRzNoshZID/
 -----END CERTIFICATE REQUEST-----
--- a/nix/pkgs/complement/v3.ext
+++ b/nix/pkgs/complement/v3.ext
@ -4,3 +4,9 @@ keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
 subjectAltName = @alt_names
 [alt_names]
 DNS.1 = *.docker.internal
 DNS.2 = hs1
 DNS.3 = hs2
 DNS.4 = hs3
 DNS.5 = hs4
 IP.1 = 127.0.0.1
--- a/rust-toolchain.toml
+++ b/rust-toolchain.toml
@ -9,7 +9,7 @@
 # If you're having trouble making the relevant changes, bug a maintainer.
 [toolchain]
-channel = "1.85.0"
+channel = "1.86.0"
 profile = "minimal"
 components = [
    # For rust-analyzer
--- a/src/admin/debug/commands.rs
+++ b/src/admin/debug/commands.rs
@ -6,7 +6,9 @@ use std::{
 };
 use conduwuit::{
-	Error, PduEvent, PduId, RawPduId, Result, debug_error, err, info, trace, utils,
+	Error, Result, debug_error, err, info,
 	matrix::pdu::{PduEvent, PduId, RawPduId},
 	trace, utils,
 	utils::{
 		stream::{IterStream, ReadyExt},
 		string::EMPTY,
--- a/src/admin/media/mod.rs
+++ b/src/admin/media/mod.rs
@ -1,3 +1,4 @@
 #![allow(rustdoc::broken_intra_doc_links)]
 mod commands;
 use clap::Subcommand;
@ -27,18 +28,18 @@ pub(super) enum MediaCommand {
 	DeleteList,
 	/// - Deletes all remote (and optionally local) media created before or
-	///   after \[duration] time using filesystem metadata first created at
+	///   after [duration] time using filesystem metadata first created at date,
-	///   date, or fallback to last modified date. This will always ignore
+	///   or fallback to last modified date. This will always ignore errors by
-	///   errors by default.
+	///   default.
 	DeletePastRemoteMedia {
 		/// - The relative time (e.g. 30s, 5m, 7d) within which to search
 		duration: String,
-		/// - Only delete media created more recently than \[duration] ago
+		/// - Only delete media created before [duration] ago
 		#[arg(long, short)]
 		before: bool,
-		/// - Only delete media created after \[duration] ago
+		/// - Only delete media created after [duration] ago
 		#[arg(long, short)]
 		after: bool,
--- a/src/admin/processor.rs
+++ b/src/admin/processor.rs
@ -91,6 +91,7 @@ async fn process_command(services: Arc<Services>, input: &CommandInput) -> Proce
 	}
 }
 #[allow(clippy::result_large_err)]
 fn handle_panic(error: &Error, command: &CommandInput) -> ProcessorResult {
 	let link =
 		"Please submit a [bug report](https://github.com/girlbossceo/conduwuit/issues/new). 🥺";
@ -100,7 +101,7 @@ fn handle_panic(error: &Error, command: &CommandInput) -> ProcessorResult {
 	Err(reply(content, command.reply_id.as_deref()))
 }
-// Parse and process a message from the admin room
+/// Parse and process a message from the admin room
 async fn process(
 	context: &Command<'_>,
 	command: AdminCommand,
@ -164,7 +165,8 @@ fn capture_create(context: &Command<'_>) -> (Arc<Capture>, Arc<Mutex<String>>) {
 	(capture, logs)
 }
-// Parse chat messages from the admin room into an AdminCommand object
+/// Parse chat messages from the admin room into an AdminCommand object
 #[allow(clippy::result_large_err)]
 fn parse<'a>(
 	services: &Arc<Services>,
 	input: &'a CommandInput,
@ -232,7 +234,7 @@ fn complete_command(mut cmd: clap::Command, line: &str) -> String {
 	ret.join(" ")
 }
-// Parse chat messages from the admin room into an AdminCommand object
+/// Parse chat messages from the admin room into an AdminCommand object
 fn parse_line(command_line: &str) -> Vec<String> {
 	let mut argv = command_line
 		.split_whitespace()
--- a/src/admin/query/raw.rs
+++ b/src/admin/query/raw.rs
@ -1,15 +1,16 @@
-use std::{borrow::Cow, collections::BTreeMap, ops::Deref};
+use std::{borrow::Cow, collections::BTreeMap, ops::Deref, sync::Arc};
 use clap::Subcommand;
 use conduwuit::{
 	Err, Result, apply, at, is_zero,
 	utils::{
-		IterStream,
+		stream::{IterStream, ReadyExt, TryIgnore, TryParallelExt},
 		stream::{ReadyExt, TryIgnore, TryParallelExt},
 		string::EMPTY,
 	},
 };
-use futures::{FutureExt, StreamExt, TryStreamExt};
+use conduwuit_database::Map;
 use conduwuit_service::Services;
 use futures::{FutureExt, Stream, StreamExt, TryStreamExt};
 use ruma::events::room::message::RoomMessageEventContent;
 use tokio::time::Instant;
@ -172,22 +173,18 @@ pub(super) async fn compact(
 ) -> Result<RoomMessageEventContent> {
 	use conduwuit_database::compact::Options;
-	let default_all_maps = map
+	let default_all_maps: Option<_> = map.is_none().then(|| {
-		.is_none()
+		self.services
-		.then(|| {
+			.db
-			self.services
+			.keys()
-				.db
+			.map(Deref::deref)
-				.keys()
+			.map(ToOwned::to_owned)
-				.map(Deref::deref)
+	});
 				.map(ToOwned::to_owned)
 		})
 		.into_iter()
 		.flatten();
 	let maps: Vec<_> = map
 		.unwrap_or_default()
 		.into_iter()
-		.chain(default_all_maps)
+		.chain(default_all_maps.into_iter().flatten())
 		.map(|map| self.services.db.get(&map))
 		.filter_map(Result::ok)
 		.cloned()
@ -237,25 +234,8 @@ pub(super) async fn raw_count(
 ) -> Result<RoomMessageEventContent> {
 	let prefix = prefix.as_deref().unwrap_or(EMPTY);
 	let default_all_maps = map
 		.is_none()
 		.then(|| self.services.db.keys().map(Deref::deref))
 		.into_iter()
 		.flatten();
 	let maps: Vec<_> = map
 		.iter()
 		.map(String::as_str)
 		.chain(default_all_maps)
 		.map(|map| self.services.db.get(map))
 		.filter_map(Result::ok)
 		.cloned()
 		.collect();
 	let timer = Instant::now();
-	let count = maps
+	let count = with_maps_or(map.as_deref(), self.services)
 		.iter()
 		.stream()
 		.then(|map| map.raw_count_prefix(&prefix))
 		.ready_fold(0_usize, usize::saturating_add)
 		.await;
@ -300,25 +280,8 @@ pub(super) async fn raw_keys_sizes(
 ) -> Result<RoomMessageEventContent> {
 	let prefix = prefix.as_deref().unwrap_or(EMPTY);
 	let default_all_maps = map
 		.is_none()
 		.then(|| self.services.db.keys().map(Deref::deref))
 		.into_iter()
 		.flatten();
 	let maps: Vec<_> = map
 		.iter()
 		.map(String::as_str)
 		.chain(default_all_maps)
 		.map(|map| self.services.db.get(map))
 		.filter_map(Result::ok)
 		.cloned()
 		.collect();
 	let timer = Instant::now();
-	let result = maps
+	let result = with_maps_or(map.as_deref(), self.services)
 		.iter()
 		.stream()
 		.map(|map| map.raw_keys_prefix(&prefix))
 		.flatten()
 		.ignore_err()
@ -345,25 +308,8 @@ pub(super) async fn raw_keys_total(
 ) -> Result<RoomMessageEventContent> {
 	let prefix = prefix.as_deref().unwrap_or(EMPTY);
 	let default_all_maps = map
 		.is_none()
 		.then(|| self.services.db.keys().map(Deref::deref))
 		.into_iter()
 		.flatten();
 	let maps: Vec<_> = map
 		.iter()
 		.map(String::as_str)
 		.chain(default_all_maps)
 		.map(|map| self.services.db.get(map))
 		.filter_map(Result::ok)
 		.cloned()
 		.collect();
 	let timer = Instant::now();
-	let result = maps
+	let result = with_maps_or(map.as_deref(), self.services)
 		.iter()
 		.stream()
 		.map(|map| map.raw_keys_prefix(&prefix))
 		.flatten()
 		.ignore_err()
@ -387,25 +333,8 @@ pub(super) async fn raw_vals_sizes(
 ) -> Result<RoomMessageEventContent> {
 	let prefix = prefix.as_deref().unwrap_or(EMPTY);
 	let default_all_maps = map
 		.is_none()
 		.then(|| self.services.db.keys().map(Deref::deref))
 		.into_iter()
 		.flatten();
 	let maps: Vec<_> = map
 		.iter()
 		.map(String::as_str)
 		.chain(default_all_maps)
 		.map(|map| self.services.db.get(map))
 		.filter_map(Result::ok)
 		.cloned()
 		.collect();
 	let timer = Instant::now();
-	let result = maps
+	let result = with_maps_or(map.as_deref(), self.services)
 		.iter()
 		.stream()
 		.map(|map| map.raw_stream_prefix(&prefix))
 		.flatten()
 		.ignore_err()
@ -433,25 +362,8 @@ pub(super) async fn raw_vals_total(
 ) -> Result<RoomMessageEventContent> {
 	let prefix = prefix.as_deref().unwrap_or(EMPTY);
 	let default_all_maps = map
 		.is_none()
 		.then(|| self.services.db.keys().map(Deref::deref))
 		.into_iter()
 		.flatten();
 	let maps: Vec<_> = map
 		.iter()
 		.map(String::as_str)
 		.chain(default_all_maps)
 		.map(|map| self.services.db.get(map))
 		.filter_map(Result::ok)
 		.cloned()
 		.collect();
 	let timer = Instant::now();
-	let result = maps
+	let result = with_maps_or(map.as_deref(), self.services)
 		.iter()
 		.stream()
 		.map(|map| map.raw_stream_prefix(&prefix))
 		.flatten()
 		.ignore_err()
@ -573,3 +485,20 @@ pub(super) async fn raw_maps(&self) -> Result<RoomMessageEventContent> {
 	Ok(RoomMessageEventContent::notice_markdown(format!("{list:#?}")))
 }
 fn with_maps_or<'a>(
 	map: Option<&'a str>,
 	services: &'a Services,
 ) -> impl Stream<Item = &'a Arc<Map>> + Send + 'a {
 	let default_all_maps = map
 		.is_none()
 		.then(|| services.db.keys().map(Deref::deref))
 		.into_iter()
 		.flatten();
 	map.into_iter()
 		.chain(default_all_maps)
 		.map(|map| services.db.get(map))
 		.filter_map(Result::ok)
 		.stream()
 }
--- a/src/admin/user/commands.rs
+++ b/src/admin/user/commands.rs
@ -2,7 +2,8 @@ use std::{collections::BTreeMap, fmt::Write as _};
 use api::client::{full_user_deactivate, join_room_by_id_helper, leave_room};
 use conduwuit::{
-	PduBuilder, Result, debug, debug_warn, error, info, is_equal_to,
+	Result, debug, debug_warn, error, info, is_equal_to,
 	matrix::pdu::PduBuilder,
 	utils::{self, ReadyExt},
 	warn,
 };
--- a/src/api/Cargo.toml
+++ b/src/api/Cargo.toml
@ -35,6 +35,7 @@ brotli_compression = [
 ]
 [dependencies]
 async-trait.workspace = true
 axum-client-ip.workspace = true
 axum-extra.workspace = true
 axum.workspace = true
--- a/src/api/client/account.rs
+++ b/src/api/client/account.rs
@ -3,9 +3,13 @@ use std::fmt::Write;
 use axum::extract::State;
 use axum_client_ip::InsecureClientIp;
 use conduwuit::{
-	Err, Error, PduBuilder, Result, debug_info, err, error, info, is_equal_to, utils,
+	Err, Error, Result, debug_info, err, error, info, is_equal_to,
-	utils::ReadyExt, warn,
+	matrix::pdu::PduBuilder,
 	utils,
 	utils::{ReadyExt, stream::BroadbandExt},
 	warn,
 };
 use conduwuit_service::Services;
 use futures::{FutureExt, StreamExt};
 use register::RegistrationKind;
 use ruma::{
@ -29,7 +33,6 @@ use ruma::{
 	},
 	push,
 };
 use service::Services;
 use super::{DEVICE_ID_LENGTH, SESSION_ID_LENGTH, TOKEN_LENGTH, join_room_by_id_helper};
 use crate::Ruma;
@ -109,7 +112,7 @@ pub(crate) async fn get_register_available_route(
 		if !info.is_user_match(&user_id) {
 			return Err!(Request(Exclusive("Username is not in an appservice namespace.")));
 		}
-	};
+	}
 	if services.appservice.is_exclusive_user_id(&user_id).await {
 		return Err!(Request(Exclusive("Username is reserved by an appservice.")));
@ -145,7 +148,7 @@ pub(crate) async fn register_route(
 	let is_guest = body.kind == RegistrationKind::Guest;
 	let emergency_mode_enabled = services.config.emergency_password.is_some();
-	if !services.globals.allow_registration() && body.appservice_info.is_none() {
+	if !services.config.allow_registration && body.appservice_info.is_none() {
 		match (body.username.as_ref(), body.initial_device_display_name.as_ref()) {
 			| (Some(username), Some(device_display_name)) => {
 				info!(%is_guest, user = %username, device_name = %device_display_name, "Rejecting registration attempt as registration is disabled");
@ -159,14 +162,14 @@ pub(crate) async fn register_route(
 			| (None, _) => {
 				info!(%is_guest, "Rejecting registration attempt as registration is disabled");
 			},
-		};
+		}
 		return Err!(Request(Forbidden("Registration has been disabled.")));
 	}
 	if is_guest
-		&& (!services.globals.allow_guest_registration()
+		&& (!services.config.allow_guest_registration
-			|| (services.globals.allow_registration()
+			|| (services.config.allow_registration
 				&& services.globals.registration_token.is_some()))
 	{
 		info!(
@ -317,14 +320,14 @@ pub(crate) async fn register_route(
 				// Success!
 			},
 			| _ => match body.json_body {
-				| Some(json) => {
+				| Some(ref json) => {
 					uiaainfo.session = Some(utils::random_string(SESSION_ID_LENGTH));
 					services.uiaa.create(
 						&UserId::parse_with_server_name("", services.globals.server_name())
 							.unwrap(),
 						"".into(),
 						&uiaainfo,
-						&json,
+						json,
 					);
 					return Err(Error::Uiaa(uiaainfo));
 				},
@ -372,8 +375,12 @@ pub(crate) async fn register_route(
 		)
 		.await?;
-	// Inhibit login does not work for guests
+	if (!is_guest && body.inhibit_login)
-	if !is_guest && body.inhibit_login {
+		|| body
 			.appservice_info
 			.as_ref()
 			.is_some_and(|appservice| appservice.registration.device_management)
 	{
 		return Ok(register::v3::Response {
 			access_token: None,
 			user_id,
@ -440,7 +447,7 @@ pub(crate) async fn register_route(
 	}
 	// log in conduit admin channel if a guest registered
-	if body.appservice_info.is_none() && is_guest && services.globals.log_guest_registrations() {
+	if body.appservice_info.is_none() && is_guest && services.config.log_guest_registrations {
 		debug_info!("New guest user \"{user_id}\" registered on this server.");
 		if !device_display_name.is_empty() {
@ -489,7 +496,7 @@ pub(crate) async fn register_route(
 	if body.appservice_info.is_none()
 		&& !services.server.config.auto_join_rooms.is_empty()
-		&& (services.globals.allow_guests_auto_join_rooms() || !is_guest)
+		&& (services.config.allow_guests_auto_join_rooms || !is_guest)
 	{
 		for room in &services.server.config.auto_join_rooms {
 			let Ok(room_id) = services.rooms.alias.resolve(room).await else {
@ -627,6 +634,26 @@ pub(crate) async fn change_password_route(
 			.ready_filter(|id| *id != sender_device)
 			.for_each(|id| services.users.remove_device(sender_user, id))
 			.await;
 		// Remove all pushers except the ones associated with this session
 		services
 			.pusher
 			.get_pushkeys(sender_user)
 			.map(ToOwned::to_owned)
 			.broad_filter_map(|pushkey| async move {
 				services
 					.pusher
 					.get_pusher_device(&pushkey)
 					.await
 					.ok()
 					.filter(|pusher_device| pusher_device != sender_device)
 					.is_some()
 					.then_some(pushkey)
 			})
 			.for_each(|pushkey| async move {
 				services.pusher.delete_pusher(sender_user, &pushkey).await;
 			})
 			.await;
 	}
 	info!("User {sender_user} changed their password.");
--- a/src/api/client/account_data.rs
+++ b/src/api/client/account_data.rs
@ -1,5 +1,6 @@
 use axum::extract::State;
-use conduwuit::{Err, err};
+use conduwuit::{Err, Result, err};
 use conduwuit_service::Services;
 use ruma::{
 	RoomId, UserId,
 	api::client::config::{
@ -15,7 +16,7 @@ use ruma::{
 use serde::Deserialize;
 use serde_json::{json, value::RawValue as RawJsonValue};
-use crate::{Result, Ruma, service::Services};
+use crate::Ruma;
 /// # `PUT /_matrix/client/r0/user/{userId}/account_data/{type}`
 ///
--- a/src/api/client/alias.rs
+++ b/src/api/client/alias.rs
@ -1,12 +1,12 @@
 use axum::extract::State;
 use conduwuit::{Err, Result, debug};
 use conduwuit_service::Services;
 use futures::StreamExt;
 use rand::seq::SliceRandom;
 use ruma::{
 	OwnedServerName, RoomAliasId, RoomId,
 	api::client::alias::{create_alias, delete_alias, get_alias},
 };
 use service::Services;
 use crate::Ruma;
--- a/src/api/client/appservice.rs
+++ b/src/api/client/appservice.rs
@ -22,7 +22,13 @@ pub(crate) async fn appservice_ping(
 		)));
 	}
-	if appservice_info.registration.url.is_none() {
+	if appservice_info.registration.url.is_none()
 		|| appservice_info
 			.registration
 			.url
 			.as_ref()
 			.is_some_and(|url| url.is_empty() || url == "null")
 	{
 		return Err!(Request(UrlNotSet(
 			"Appservice does not have a URL set, there is nothing to ping."
 		)));
--- a/src/api/client/backup.rs
+++ b/src/api/client/backup.rs
@ -1,5 +1,7 @@
 use std::cmp::Ordering;
 use axum::extract::State;
-use conduwuit::{Err, err};
+use conduwuit::{Err, Result, err};
 use ruma::{
 	UInt,
 	api::client::backup::{
@ -11,7 +13,7 @@ use ruma::{
 	},
 };
-use crate::{Result, Ruma};
+use crate::Ruma;
 /// # `POST /_matrix/client/r0/room_keys/version`
 ///
@ -232,16 +234,77 @@ pub(crate) async fn add_backup_keys_for_session_route(
 		)));
 	}
-	services
+	// Check if we already have a better key
 	let mut ok_to_replace = true;
 	if let Some(old_key) = &services
 		.key_backups
-		.add_key(
+		.get_session(body.sender_user(), &body.version, &body.room_id, &body.session_id)
-			body.sender_user(),
+		.await
-			&body.version,
+		.ok()
-			&body.room_id,
+	{
-			&body.session_id,
+		let old_is_verified = old_key
-			&body.session_data,
+			.get_field::<bool>("is_verified")?
-		)
+			.unwrap_or_default();
-		.await?;
+
 		let new_is_verified = body
 			.session_data
 			.get_field::<bool>("is_verified")?
 			.ok_or_else(|| err!(Request(BadJson("`is_verified` field should exist"))))?;
 		// Prefer key that `is_verified`
 		if old_is_verified != new_is_verified {
 			if old_is_verified {
 				ok_to_replace = false;
 			}
 		} else {
 			// If both have same `is_verified`, prefer the one with lower
 			// `first_message_index`
 			let old_first_message_index = old_key
 				.get_field::<UInt>("first_message_index")?
 				.unwrap_or(UInt::MAX);
 			let new_first_message_index = body
 				.session_data
 				.get_field::<UInt>("first_message_index")?
 				.ok_or_else(|| {
 					err!(Request(BadJson("`first_message_index` field should exist")))
 				})?;
 			ok_to_replace = match new_first_message_index.cmp(&old_first_message_index) {
 				| Ordering::Less => true,
 				| Ordering::Greater => false,
 				| Ordering::Equal => {
 					// If both have same `first_message_index`, prefer the one with lower
 					// `forwarded_count`
 					let old_forwarded_count = old_key
 						.get_field::<UInt>("forwarded_count")?
 						.unwrap_or(UInt::MAX);
 					let new_forwarded_count = body
 						.session_data
 						.get_field::<UInt>("forwarded_count")?
 						.ok_or_else(|| {
 							err!(Request(BadJson("`forwarded_count` field should exist")))
 						})?;
 					new_forwarded_count < old_forwarded_count
 				},
 			};
 		}
 	}
 	if ok_to_replace {
 		services
 			.key_backups
 			.add_key(
 				body.sender_user(),
 				&body.version,
 				&body.room_id,
 				&body.session_id,
 				&body.session_data,
 			)
 			.await?;
 	}
 	Ok(add_backup_keys_for_session::v3::Response {
 		count: services
--- a/src/api/client/context.rs
+++ b/src/api/client/context.rs
@ -1,18 +1,20 @@
 use axum::extract::State;
 use conduwuit::{
-	Err, PduEvent, Result, at, debug_warn, err, ref_at,
+	Err, Result, at, debug_warn, err,
 	matrix::pdu::PduEvent,
 	ref_at,
 	utils::{
 		IterStream,
 		future::TryExtExt,
 		stream::{BroadbandExt, ReadyExt, TryIgnore, WidebandExt},
 	},
 };
 use conduwuit_service::rooms::{lazy_loading, lazy_loading::Options, short::ShortStateKey};
 use futures::{
 	FutureExt, StreamExt, TryFutureExt, TryStreamExt,
 	future::{OptionFuture, join, join3, try_join3},
 };
 use ruma::{OwnedEventId, UserId, api::client::context::get_context, events::StateEventType};
 use service::rooms::{lazy_loading, lazy_loading::Options, short::ShortStateKey};
 use crate::{
 	Ruma,
@ -105,7 +107,7 @@ pub(crate) async fn get_context_route(
 		.collect();
 	let (base_event, events_before, events_after): (_, Vec<_>, Vec<_>) =
-		join3(base_event, events_before, events_after).await;
+		join3(base_event, events_before, events_after).boxed().await;
 	let lazy_loading_context = lazy_loading::Context {
 		user_id: sender_user,
@ -182,7 +184,7 @@ pub(crate) async fn get_context_route(
 		.await;
 	Ok(get_context::v3::Response {
-		event: base_event.map(at!(1)).as_ref().map(PduEvent::to_room_event),
+		event: base_event.map(at!(1)).map(PduEvent::into_room_event),
 		start: events_before
 			.last()
@ -201,13 +203,13 @@ pub(crate) async fn get_context_route(
 		events_before: events_before
 			.into_iter()
 			.map(at!(1))
-			.map(|pdu| pdu.to_room_event())
+			.map(PduEvent::into_room_event)
 			.collect(),
 		events_after: events_after
 			.into_iter()
 			.map(at!(1))
-			.map(|pdu| pdu.to_room_event())
+			.map(PduEvent::into_room_event)
 			.collect(),
 		state,
--- a/src/api/client/device.rs
+++ b/src/api/client/device.rs
@ -1,9 +1,9 @@
 use axum::extract::State;
 use axum_client_ip::InsecureClientIp;
-use conduwuit::{Err, err};
+use conduwuit::{Err, Error, Result, debug, err, utils};
 use futures::StreamExt;
 use ruma::{
-	MilliSecondsSinceUnixEpoch,
+	MilliSecondsSinceUnixEpoch, OwnedDeviceId,
 	api::client::{
 		device::{self, delete_device, delete_devices, get_device, get_devices, update_device},
 		error::ErrorKind,
@ -12,7 +12,7 @@ use ruma::{
 };
 use super::SESSION_ID_LENGTH;
-use crate::{Error, Result, Ruma, utils};
+use crate::{Ruma, client::DEVICE_ID_LENGTH};
 /// # `GET /_matrix/client/r0/devices`
 ///
@ -59,26 +59,58 @@ pub(crate) async fn update_device_route(
 	InsecureClientIp(client): InsecureClientIp,
 	body: Ruma<update_device::v3::Request>,
 ) -> Result<update_device::v3::Response> {
-	let sender_user = body.sender_user.as_ref().expect("user is authenticated");
+	let sender_user = body.sender_user();
 	let appservice = body.appservice_info.as_ref();
-	let mut device = services
+	match services
 		.users
 		.get_device_metadata(sender_user, &body.device_id)
 		.await
-		.map_err(|_| err!(Request(NotFound("Device not found."))))?;
+	{
 		| Ok(mut device) => {
 			device.display_name.clone_from(&body.display_name);
 			device.last_seen_ip.clone_from(&Some(client.to_string()));
 			device
 				.last_seen_ts
 				.clone_from(&Some(MilliSecondsSinceUnixEpoch::now()));
-	device.display_name.clone_from(&body.display_name);
+			services
-	device.last_seen_ip.clone_from(&Some(client.to_string()));
+				.users
-	device
+				.update_device_metadata(sender_user, &body.device_id, &device)
-		.last_seen_ts
+				.await?;
 		.clone_from(&Some(MilliSecondsSinceUnixEpoch::now()));
-	services
+			Ok(update_device::v3::Response {})
-		.users
+		},
-		.update_device_metadata(sender_user, &body.device_id, &device)
+		| Err(_) => {
-		.await?;
+			let Some(appservice) = appservice else {
 				return Err!(Request(NotFound("Device not found.")));
 			};
 			if !appservice.registration.device_management {
 				return Err!(Request(NotFound("Device not found.")));
 			}
-	Ok(update_device::v3::Response {})
+			debug!(
 				"Creating new device for {sender_user} from appservice {} as MSC4190 is enabled \
 				 and device ID does not exist",
 				appservice.registration.id
 			);
 			let device_id = OwnedDeviceId::from(utils::random_string(DEVICE_ID_LENGTH));
 			services
 				.users
 				.create_device(
 					sender_user,
 					&device_id,
 					&appservice.registration.as_token,
 					None,
 					Some(client.to_string()),
 				)
 				.await?;
 			return Ok(update_device::v3::Response {});
 		},
 	}
 }
 /// # `DELETE /_matrix/client/r0/devices/{deviceId}`
@ -95,8 +127,21 @@ pub(crate) async fn delete_device_route(
 	State(services): State<crate::State>,
 	body: Ruma<delete_device::v3::Request>,
 ) -> Result<delete_device::v3::Response> {
-	let sender_user = body.sender_user.as_ref().expect("user is authenticated");
+	let (sender_user, sender_device) = body.sender();
-	let sender_device = body.sender_device.as_ref().expect("user is authenticated");
+	let appservice = body.appservice_info.as_ref();
 	if appservice.is_some_and(|appservice| appservice.registration.device_management) {
 		debug!(
 			"Skipping UIAA for {sender_user} as this is from an appservice and MSC4190 is \
 			 enabled"
 		);
 		services
 			.users
 			.remove_device(sender_user, &body.device_id)
 			.await;
 		return Ok(delete_device::v3::Response {});
 	}
 	// UIAA
 	let mut uiaainfo = UiaaInfo {
@ -120,11 +165,11 @@ pub(crate) async fn delete_device_route(
 			// Success!
 		},
 		| _ => match body.json_body {
-			| Some(json) => {
+			| Some(ref json) => {
 				uiaainfo.session = Some(utils::random_string(SESSION_ID_LENGTH));
 				services
 					.uiaa
-					.create(sender_user, sender_device, &uiaainfo, &json);
+					.create(sender_user, sender_device, &uiaainfo, json);
 				return Err!(Uiaa(uiaainfo));
 			},
@ -142,11 +187,12 @@ pub(crate) async fn delete_device_route(
 	Ok(delete_device::v3::Response {})
 }
-/// # `PUT /_matrix/client/r0/devices/{deviceId}`
+/// # `POST /_matrix/client/v3/delete_devices`
 ///
-/// Deletes the given device.
+/// Deletes the given list of devices.
 ///
-/// - Requires UIAA to verify user password
+/// - Requires UIAA to verify user password unless from an appservice with
 ///   MSC4190 enabled.
 ///
 /// For each device:
 /// - Invalidates access token
@ -158,8 +204,20 @@ pub(crate) async fn delete_devices_route(
 	State(services): State<crate::State>,
 	body: Ruma<delete_devices::v3::Request>,
 ) -> Result<delete_devices::v3::Response> {
-	let sender_user = body.sender_user.as_ref().expect("user is authenticated");
+	let (sender_user, sender_device) = body.sender();
-	let sender_device = body.sender_device.as_ref().expect("user is authenticated");
+	let appservice = body.appservice_info.as_ref();
 	if appservice.is_some_and(|appservice| appservice.registration.device_management) {
 		debug!(
 			"Skipping UIAA for {sender_user} as this is from an appservice and MSC4190 is \
 			 enabled"
 		);
 		for device_id in &body.devices {
 			services.users.remove_device(sender_user, device_id).await;
 		}
 		return Ok(delete_devices::v3::Response {});
 	}
 	// UIAA
 	let mut uiaainfo = UiaaInfo {
@ -183,11 +241,11 @@ pub(crate) async fn delete_devices_route(
 			// Success!
 		},
 		| _ => match body.json_body {
-			| Some(json) => {
+			| Some(ref json) => {
 				uiaainfo.session = Some(utils::random_string(SESSION_ID_LENGTH));
 				services
 					.uiaa
-					.create(sender_user, sender_device, &uiaainfo, &json);
+					.create(sender_user, sender_device, &uiaainfo, json);
 				return Err(Error::Uiaa(uiaainfo));
 			},
--- a/src/api/client/directory.rs
+++ b/src/api/client/directory.rs
@ -1,7 +1,19 @@
 use axum::extract::State;
 use axum_client_ip::InsecureClientIp;
-use conduwuit::{Err, Error, Result, info, warn};
+use conduwuit::{
-use futures::{StreamExt, TryFutureExt};
+	Err, Result, err, info,
 	utils::{
 		TryFutureExtExt,
 		math::Expected,
 		result::FlatOk,
 		stream::{ReadyExt, WidebandExt},
 	},
 };
 use conduwuit_service::Services;
 use futures::{
 	FutureExt, StreamExt, TryFutureExt,
 	future::{join, join4, join5},
 };
 use ruma::{
 	OwnedRoomId, RoomId, ServerName, UInt, UserId,
 	api::{
@ -10,12 +22,11 @@ use ruma::{
 				get_public_rooms, get_public_rooms_filtered, get_room_visibility,
 				set_room_visibility,
 			},
 			error::ErrorKind,
 			room,
 		},
 		federation,
 	},
-	directory::{Filter, PublicRoomJoinRule, PublicRoomsChunk, RoomNetwork},
+	directory::{Filter, PublicRoomJoinRule, PublicRoomsChunk, RoomNetwork, RoomTypeFilter},
 	events::{
 		StateEventType,
 		room::{
@ -25,7 +36,6 @@ use ruma::{
 	},
 	uint,
 };
 use service::Services;
 use crate::Ruma;
@ -42,10 +52,13 @@ pub(crate) async fn get_public_rooms_filtered_route(
 ) -> Result<get_public_rooms_filtered::v3::Response> {
 	if let Some(server) = &body.server {
 		if services
 			.server
 			.config
 			.forbidden_remote_room_directory_server_names
-			.contains(server)
+			.is_match(server.host())
 			|| services
 				.config
 				.forbidden_remote_server_names
 				.is_match(server.host())
 		{
 			return Err!(Request(Forbidden("Server is banned on this homeserver.")));
 		}
@ -61,11 +74,7 @@ pub(crate) async fn get_public_rooms_filtered_route(
 	)
 	.await
 	.map_err(|e| {
-		warn!(?body.server, "Failed to return /publicRooms: {e}");
+		err!(Request(Unknown(warn!(?body.server, "Failed to return /publicRooms: {e}"))))
 		Error::BadRequest(
 			ErrorKind::Unknown,
 			"Failed to return the requested server's public room list.",
 		)
 	})?;
 	Ok(response)
@ -84,10 +93,13 @@ pub(crate) async fn get_public_rooms_route(
 ) -> Result<get_public_rooms::v3::Response> {
 	if let Some(server) = &body.server {
 		if services
 			.server
 			.config
 			.forbidden_remote_room_directory_server_names
-			.contains(server)
+			.is_match(server.host())
 			|| services
 				.config
 				.forbidden_remote_server_names
 				.is_match(server.host())
 		{
 			return Err!(Request(Forbidden("Server is banned on this homeserver.")));
 		}
@ -103,11 +115,7 @@ pub(crate) async fn get_public_rooms_route(
 	)
 	.await
 	.map_err(|e| {
-		warn!(?body.server, "Failed to return /publicRooms: {e}");
+		err!(Request(Unknown(warn!(?body.server, "Failed to return /publicRooms: {e}"))))
 		Error::BadRequest(
 			ErrorKind::Unknown,
 			"Failed to return the requested server's public room list.",
 		)
 	})?;
 	Ok(get_public_rooms::v3::Response {
@ -127,7 +135,7 @@ pub(crate) async fn set_room_visibility_route(
 	InsecureClientIp(client): InsecureClientIp,
 	body: Ruma<set_room_visibility::v3::Request>,
 ) -> Result<set_room_visibility::v3::Response> {
-	let sender_user = body.sender_user.as_ref().expect("user is authenticated");
+	let sender_user = body.sender_user();
 	if !services.rooms.metadata.exists(&body.room_id).await {
 		// Return 404 if the room doesn't exist
@ -171,10 +179,9 @@ pub(crate) async fn set_room_visibility_route(
 						.await;
 				}
-				return Err(Error::BadRequest(
+				return Err!(Request(Forbidden(
 					ErrorKind::forbidden(),
 					"Publishing rooms to the room directory is not allowed",
-				));
+				)));
 			}
 			services.rooms.directory.set_public(&body.room_id);
@ -192,10 +199,7 @@ pub(crate) async fn set_room_visibility_route(
 		},
 		| room::Visibility::Private => services.rooms.directory.set_not_public(&body.room_id),
 		| _ => {
-			return Err(Error::BadRequest(
+			return Err!(Request(InvalidParam("Room visibility type is not supported.",)));
 				ErrorKind::InvalidParam,
 				"Room visibility type is not supported.",
 			));
 		},
 	}
@ -211,7 +215,7 @@ pub(crate) async fn get_room_visibility_route(
 ) -> Result<get_room_visibility::v3::Response> {
 	if !services.rooms.metadata.exists(&body.room_id).await {
 		// Return 404 if the room doesn't exist
-		return Err(Error::BadRequest(ErrorKind::NotFound, "Room not found"));
+		return Err!(Request(NotFound("Room not found")));
 	}
 	Ok(get_room_visibility::v3::Response {
@ -259,8 +263,8 @@ pub(crate) async fn get_public_rooms_filtered_helper(
 	}
 	// Use limit or else 10, with maximum 100
-	let limit = limit.map_or(10, u64::from);
+	let limit: usize = limit.map_or(10_u64, u64::from).try_into()?;
-	let mut num_since: u64 = 0;
+	let mut num_since: usize = 0;
 	if let Some(s) = &since {
 		let mut characters = s.chars();
@ -268,14 +272,14 @@ pub(crate) async fn get_public_rooms_filtered_helper(
 			| Some('n') => false,
 			| Some('p') => true,
 			| _ => {
-				return Err(Error::BadRequest(ErrorKind::InvalidParam, "Invalid `since` token"));
+				return Err!(Request(InvalidParam("Invalid `since` token")));
 			},
 		};
 		num_since = characters
 			.collect::<String>()
 			.parse()
-			.map_err(|_| Error::BadRequest(ErrorKind::InvalidParam, "Invalid `since` token."))?;
+			.map_err(|_| err!(Request(InvalidParam("Invalid `since` token."))))?;
 		if backwards {
 			num_since = num_since.saturating_sub(limit);
@ -287,8 +291,12 @@ pub(crate) async fn get_public_rooms_filtered_helper(
 		.directory
 		.public_rooms()
 		.map(ToOwned::to_owned)
-		.then(|room_id| public_rooms_chunk(services, room_id))
+		.wide_then(|room_id| public_rooms_chunk(services, room_id))
-		.filter_map(|chunk| async move {
+		.ready_filter_map(|chunk| {
 			if !filter.room_types.is_empty() && !filter.room_types.contains(&RoomTypeFilter::from(chunk.room_type.clone())) {
 				return None;
 			}
 			if let Some(query) = filter.generic_search_term.as_ref().map(|q| q.to_lowercase()) {
 				if let Some(name) = &chunk.name {
 					if name.as_str().to_lowercase().contains(&query) {
@ -320,40 +328,24 @@ pub(crate) async fn get_public_rooms_filtered_helper(
 	all_rooms.sort_by(|l, r| r.num_joined_members.cmp(&l.num_joined_members));
-	let total_room_count_estimate = UInt::try_from(all_rooms.len()).unwrap_or_else(|_| uint!(0));
+	let total_room_count_estimate = UInt::try_from(all_rooms.len())
 		.unwrap_or_else(|_| uint!(0))
 		.into();
-	let chunk: Vec<_> = all_rooms
+	let chunk: Vec<_> = all_rooms.into_iter().skip(num_since).take(limit).collect();
 		.into_iter()
 		.skip(
 			num_since
 				.try_into()
 				.expect("num_since should not be this high"),
 		)
 		.take(limit.try_into().expect("limit should not be this high"))
 		.collect();
-	let prev_batch = if num_since == 0 {
+	let prev_batch = num_since.ne(&0).then_some(format!("p{num_since}"));
 		None
 	} else {
 		Some(format!("p{num_since}"))
 	};
-	let next_batch = if chunk.len() < limit.try_into().unwrap() {
+	let next_batch = chunk
-		None
+		.len()
-	} else {
+		.ge(&limit)
-		Some(format!(
+		.then_some(format!("n{}", num_since.expected_add(limit)));
 			"n{}",
 			num_since
 				.checked_add(limit)
 				.expect("num_since and limit should not be that large")
 		))
 	};
 	Ok(get_public_rooms_filtered::v3::Response {
 		chunk,
 		prev_batch,
 		next_batch,
-		total_room_count_estimate: Some(total_room_count_estimate),
+		total_room_count_estimate,
 	})
 }
@ -371,7 +363,7 @@ async fn user_can_publish_room(
 		.await
 	{
 		| Ok(event) => serde_json::from_str(event.content.get())
-			.map_err(|_| Error::bad_database("Invalid event content for m.room.power_levels"))
+			.map_err(|_| err!(Database("Invalid event content for m.room.power_levels")))
 			.map(|content: RoomPowerLevelsEventContent| {
 				RoomPowerLevels::from(content)
 					.user_can_send_state(user_id, StateEventType::RoomHistoryVisibility)
@ -391,60 +383,61 @@ async fn user_can_publish_room(
 }
 async fn public_rooms_chunk(services: &Services, room_id: OwnedRoomId) -> PublicRoomsChunk {
 	let name = services.rooms.state_accessor.get_name(&room_id).ok();
 	let room_type = services.rooms.state_accessor.get_room_type(&room_id).ok();
 	let canonical_alias = services
 		.rooms
 		.state_accessor
 		.get_canonical_alias(&room_id)
 		.ok();
 	let avatar_url = services.rooms.state_accessor.get_avatar(&room_id);
 	let topic = services.rooms.state_accessor.get_room_topic(&room_id).ok();
 	let world_readable = services.rooms.state_accessor.is_world_readable(&room_id);
 	let join_rule = services
 		.rooms
 		.state_accessor
 		.room_state_get_content(&room_id, &StateEventType::RoomJoinRules, "")
 		.map_ok(|c: RoomJoinRulesEventContent| match c.join_rule {
 			| JoinRule::Public => PublicRoomJoinRule::Public,
 			| JoinRule::Knock => "knock".into(),
 			| JoinRule::KnockRestricted(_) => "knock_restricted".into(),
 			| _ => "invite".into(),
 		});
 	let guest_can_join = services.rooms.state_accessor.guest_can_join(&room_id);
 	let num_joined_members = services.rooms.state_cache.room_joined_count(&room_id);
 	let (
 		(avatar_url, canonical_alias, guest_can_join, join_rule, name),
 		(num_joined_members, room_type, topic, world_readable),
 	) = join(
 		join5(avatar_url, canonical_alias, guest_can_join, join_rule, name),
 		join4(num_joined_members, room_type, topic, world_readable),
 	)
 	.boxed()
 	.await;
 	PublicRoomsChunk {
-		canonical_alias: services
+		avatar_url: avatar_url.into_option().unwrap_or_default().url,
-			.rooms
+		canonical_alias,
-			.state_accessor
+		guest_can_join,
-			.get_canonical_alias(&room_id)
+		join_rule: join_rule.unwrap_or_default(),
-			.await
+		name,
-			.ok(),
+		num_joined_members: num_joined_members
-		name: services.rooms.state_accessor.get_name(&room_id).await.ok(),
+			.map(TryInto::try_into)
-		num_joined_members: services
+			.map(Result::ok)
-			.rooms
+			.flat_ok()
-			.state_cache
+			.unwrap_or_else(|| uint!(0)),
 			.room_joined_count(&room_id)
 			.await
 			.unwrap_or(0)
 			.try_into()
 			.expect("joined count overflows ruma UInt"),
 		topic: services
 			.rooms
 			.state_accessor
 			.get_room_topic(&room_id)
 			.await
 			.ok(),
 		world_readable: services
 			.rooms
 			.state_accessor
 			.is_world_readable(&room_id)
 			.await,
 		guest_can_join: services.rooms.state_accessor.guest_can_join(&room_id).await,
 		avatar_url: services
 			.rooms
 			.state_accessor
 			.get_avatar(&room_id)
 			.await
 			.into_option()
 			.unwrap_or_default()
 			.url,
 		join_rule: services
 			.rooms
 			.state_accessor
 			.room_state_get_content(&room_id, &StateEventType::RoomJoinRules, "")
 			.map_ok(|c: RoomJoinRulesEventContent| match c.join_rule {
 				| JoinRule::Public => PublicRoomJoinRule::Public,
 				| JoinRule::Knock => "knock".into(),
 				| JoinRule::KnockRestricted(_) => "knock_restricted".into(),
 				| _ => "invite".into(),
 			})
 			.await
 			.unwrap_or_default(),
 		room_type: services
 			.rooms
 			.state_accessor
 			.get_room_type(&room_id)
 			.await
 			.ok(),
 		room_id,
 		room_type,
 		topic,
 		world_readable,
 	}
 }
--- a/src/api/client/filter.rs
+++ b/src/api/client/filter.rs
@ -1,8 +1,8 @@
 use axum::extract::State;
-use conduwuit::err;
+use conduwuit::{Result, err};
 use ruma::api::client::filter::{create_filter, get_filter};
-use crate::{Result, Ruma};
+use crate::Ruma;
 /// # `GET /_matrix/client/r0/user/{userId}/filter/{filterId}`
 ///
--- a/src/api/client/keys.rs
+++ b/src/api/client/keys.rs
@ -1,7 +1,8 @@
 use std::collections::{BTreeMap, HashMap, HashSet};
 use axum::extract::State;
-use conduwuit::{Err, Error, Result, debug, debug_warn, err, info, result::NotFound, utils};
+use conduwuit::{Err, Error, Result, debug, debug_warn, err, result::NotFound, utils};
 use conduwuit_service::{Services, users::parse_master_key};
 use futures::{StreamExt, stream::FuturesUnordered};
 use ruma::{
 	OneTimeKeyAlgorithm, OwnedDeviceId, OwnedUserId, UserId,
@ -9,7 +10,8 @@ use ruma::{
 		client::{
 			error::ErrorKind,
 			keys::{
-				claim_keys, get_key_changes, get_keys, upload_keys, upload_signatures,
+				claim_keys, get_key_changes, get_keys, upload_keys,
 				upload_signatures::{self},
 				upload_signing_keys,
 			},
 			uiaa::{AuthFlow, AuthType, UiaaInfo},
@ -22,10 +24,7 @@ use ruma::{
 use serde_json::json;
 use super::SESSION_ID_LENGTH;
-use crate::{
+use crate::Ruma;
 	Ruma,
 	service::{Services, users::parse_master_key},
 };
 /// # `POST /_matrix/client/r0/keys/upload`
 ///
@ -80,14 +79,26 @@ pub(crate) async fn upload_keys_route(
 			)));
 		}
-		// TODO: merge this and the existing event?
+		if let Ok(existing_keys) = services
 		// This check is needed to assure that signatures are kept
 		if services
 			.users
 			.get_device_keys(sender_user, sender_device)
 			.await
 			.is_err()
 		{
 			if existing_keys.json().get() == device_keys.json().get() {
 				debug!(
 					?sender_user,
 					?sender_device,
 					?device_keys,
 					"Ignoring user uploaded keys as they are an exact copy already in the \
 					 database"
 				);
 			} else {
 				services
 					.users
 					.add_device_keys(sender_user, sender_device, device_keys)
 					.await;
 			}
 		} else {
 			services
 				.users
 				.add_device_keys(sender_user, sender_device, device_keys)
@ -166,7 +177,7 @@ pub(crate) async fn upload_signing_keys_route(
 		body.master_key.as_ref(),
 	)
 	.await
-	.inspect_err(|e| info!(?e))
+	.inspect_err(|e| debug!(?e))
 	{
 		| Ok(exists) => {
 			if let Some(result) = exists {
@ -296,53 +307,60 @@ async fn check_for_new_keys(
 /// # `POST /_matrix/client/r0/keys/signatures/upload`
 ///
 /// Uploads end-to-end key signatures from the sender user.
 ///
 /// TODO: clean this timo-code up more and integrate failures. tried to improve
 /// it a bit to stop exploding the entire request on bad sigs, but needs way
 /// more work.
 pub(crate) async fn upload_signatures_route(
 	State(services): State<crate::State>,
 	body: Ruma<upload_signatures::v3::Request>,
 ) -> Result<upload_signatures::v3::Response> {
-	let sender_user = body.sender_user.as_ref().expect("user is authenticated");
+	if body.signed_keys.is_empty() {
 		debug!("Empty signed_keys sent in key signature upload");
 		return Ok(upload_signatures::v3::Response::new());
 	}
 	let sender_user = body.sender_user();
 	for (user_id, keys) in &body.signed_keys {
 		for (key_id, key) in keys {
-			let key = serde_json::to_value(key)
+			let Ok(key) = serde_json::to_value(key)
-				.map_err(|_| Error::BadRequest(ErrorKind::InvalidParam, "Invalid key JSON"))?;
+				.inspect_err(|e| debug_warn!(?key_id, "Invalid \"key\" JSON: {e}"))
 			else {
 				continue;
 			};
-			for signature in key
+			let Some(signatures) = key.get("signatures") else {
-				.get("signatures")
+				continue;
-				.ok_or(Error::BadRequest(ErrorKind::InvalidParam, "Missing signatures field."))?
+			};
 				.get(sender_user.to_string())
 				.ok_or(Error::BadRequest(
 					ErrorKind::InvalidParam,
 					"Invalid user in signatures field.",
 				))?
 				.as_object()
 				.ok_or(Error::BadRequest(ErrorKind::InvalidParam, "Invalid signature."))?
 				.clone()
 			{
 				// Signature validation?
 				let signature = (
 					signature.0,
 					signature
 						.1
 						.as_str()
 						.ok_or(Error::BadRequest(
 							ErrorKind::InvalidParam,
 							"Invalid signature value.",
 						))?
 						.to_owned(),
 				);
-				services
+			let Some(sender_user_val) = signatures.get(sender_user.to_string()) else {
 				continue;
 			};
 			let Some(sender_user_object) = sender_user_val.as_object() else {
 				continue;
 			};
 			for (signature, val) in sender_user_object.clone() {
 				let Some(val) = val.as_str().map(ToOwned::to_owned) else {
 					continue;
 				};
 				let signature = (signature, val);
 				if let Err(_e) = services
 					.users
 					.sign_key(user_id, key_id, signature, sender_user)
-					.await?;
+					.await
 					.inspect_err(|e| debug_warn!("{e}"))
 				{
 					continue;
 				}
 			}
 		}
 	}
-	Ok(upload_signatures::v3::Response {
+	Ok(upload_signatures::v3::Response { failures: BTreeMap::new() })
 		failures: BTreeMap::new(), // TODO: integrate
 	})
 }
 /// # `POST /_matrix/client/r0/keys/changes`
--- a/src/api/client/membership.rs
+++ b/src/api/client/membership.rs
@ -9,13 +9,25 @@ use std::{
 use axum::extract::State;
 use axum_client_ip::InsecureClientIp;
 use conduwuit::{
-	Err, PduEvent, Result, StateKey, at, debug, debug_info, debug_warn, err, error, info,
+	Err, Result, at, debug, debug_info, debug_warn, err, error, info,
-	pdu::{PduBuilder, gen_event_id_canonical_json},
+	matrix::{
 		StateKey,
 		pdu::{PduBuilder, PduEvent, gen_event_id, gen_event_id_canonical_json},
 		state_res,
 	},
 	result::{FlatOk, NotFound},
-	state_res, trace,
+	trace,
 	utils::{self, IterStream, ReadyExt, shuffle},
 	warn,
 };
 use conduwuit_service::{
 	Services,
 	appservice::RegistrationInfo,
 	rooms::{
 		state::RoomMutexGuard,
 		state_compressor::{CompressedState, HashSetCompressStateEvent},
 	},
 };
 use futures::{FutureExt, StreamExt, TryFutureExt, future::join4, join};
 use ruma::{
 	CanonicalJsonObject, CanonicalJsonValue, OwnedEventId, OwnedRoomId, OwnedServerName,
@ -25,8 +37,9 @@ use ruma::{
 			error::ErrorKind,
 			knock::knock_room,
 			membership::{
-				ThirdPartySigned, ban_user, forget_room, get_member_events, invite_user,
+				ThirdPartySigned, ban_user, forget_room,
-				join_room_by_id, join_room_by_id_or_alias,
+				get_member_events::{self, v3::MembershipEventFilter},
 				invite_user, join_room_by_id, join_room_by_id_or_alias,
 				joined_members::{self, v3::RoomMember},
 				joined_rooms, kick_user, leave_room, unban_user,
 			},
@ -43,15 +56,6 @@ use ruma::{
 		},
 	},
 };
 use service::{
 	Services,
 	appservice::RegistrationInfo,
 	pdu::gen_event_id,
 	rooms::{
 		state::RoomMutexGuard,
 		state_compressor::{CompressedState, HashSetCompressStateEvent},
 	},
 };
 use crate::{Ruma, client::full_user_deactivate};
@ -75,10 +79,9 @@ async fn banned_room_check(
 	if let Some(room_id) = room_id {
 		if services.rooms.metadata.is_banned(room_id).await
 			|| services
 				.server
 				.config
 				.forbidden_remote_server_names
-				.contains(&room_id.server_name().unwrap().to_owned())
+				.is_match(room_id.server_name().unwrap().host())
 		{
 			warn!(
 				"User {user_id} who is not an admin attempted to send an invite for or \
@ -116,10 +119,9 @@ async fn banned_room_check(
 		}
 	} else if let Some(server_name) = server_name {
 		if services
 			.server
 			.config
 			.forbidden_remote_server_names
-			.contains(&server_name.to_owned())
+			.is_match(server_name.host())
 		{
 			warn!(
 				"User {user_id} who is not an admin tried joining a room which has the server \
@ -474,9 +476,9 @@ pub(crate) async fn leave_room_route(
 	State(services): State<crate::State>,
 	body: Ruma<leave_room::v3::Request>,
 ) -> Result<leave_room::v3::Response> {
-	leave_room(&services, body.sender_user(), &body.room_id, body.reason.clone()).await?;
+	leave_room(&services, body.sender_user(), &body.room_id, body.reason.clone())
-
+		.await
-	Ok(leave_room::v3::Response::new())
+		.map(|()| leave_room::v3::Response::new())
 }
 /// # `POST /_matrix/client/r0/rooms/{roomId}/invite`
@ -490,7 +492,7 @@ pub(crate) async fn invite_user_route(
 ) -> Result<invite_user::v3::Response> {
 	let sender_user = body.sender_user();
-	if !services.users.is_admin(sender_user).await && services.globals.block_non_admin_invites() {
+	if !services.users.is_admin(sender_user).await && services.config.block_non_admin_invites {
 		info!(
 			"User {sender_user} is not an admin and attempted to send an invite to room {}",
 			&body.room_id
@ -768,6 +770,54 @@ pub(crate) async fn joined_rooms_route(
 	})
 }
 fn membership_filter(
 	pdu: PduEvent,
 	for_membership: Option<&MembershipEventFilter>,
 	not_membership: Option<&MembershipEventFilter>,
 ) -> Option<PduEvent> {
 	let membership_state_filter = match for_membership {
 		| Some(MembershipEventFilter::Ban) => MembershipState::Ban,
 		| Some(MembershipEventFilter::Invite) => MembershipState::Invite,
 		| Some(MembershipEventFilter::Knock) => MembershipState::Knock,
 		| Some(MembershipEventFilter::Leave) => MembershipState::Leave,
 		| Some(_) | None => MembershipState::Join,
 	};
 	let not_membership_state_filter = match not_membership {
 		| Some(MembershipEventFilter::Ban) => MembershipState::Ban,
 		| Some(MembershipEventFilter::Invite) => MembershipState::Invite,
 		| Some(MembershipEventFilter::Join) => MembershipState::Join,
 		| Some(MembershipEventFilter::Knock) => MembershipState::Knock,
 		| Some(_) | None => MembershipState::Leave,
 	};
 	let evt_membership = pdu.get_content::<RoomMemberEventContent>().ok()?.membership;
 	if for_membership.is_some() && not_membership.is_some() {
 		if membership_state_filter != evt_membership
 			|| not_membership_state_filter == evt_membership
 		{
 			None
 		} else {
 			Some(pdu)
 		}
 	} else if for_membership.is_some() && not_membership.is_none() {
 		if membership_state_filter != evt_membership {
 			None
 		} else {
 			Some(pdu)
 		}
 	} else if not_membership.is_some() && for_membership.is_none() {
 		if not_membership_state_filter == evt_membership {
 			None
 		} else {
 			Some(pdu)
 		}
 	} else {
 		Some(pdu)
 	}
 }
 /// # `POST /_matrix/client/r0/rooms/{roomId}/members`
 ///
 /// Lists all joined users in a room (TODO: at a specific point in time, with a
@ -779,6 +829,8 @@ pub(crate) async fn get_member_events_route(
 	body: Ruma<get_member_events::v3::Request>,
 ) -> Result<get_member_events::v3::Response> {
 	let sender_user = body.sender_user();
 	let membership = body.membership.as_ref();
 	let not_membership = body.not_membership.as_ref();
 	if !services
 		.rooms
@ -797,6 +849,7 @@ pub(crate) async fn get_member_events_route(
 			.ready_filter_map(Result::ok)
 			.ready_filter(|((ty, _), _)| *ty == StateEventType::RoomMember)
 			.map(at!(1))
 			.ready_filter_map(|pdu| membership_filter(pdu, membership, not_membership))
 			.map(PduEvent::into_member_event)
 			.collect()
 			.await,
@ -1576,7 +1629,7 @@ pub(crate) async fn invite_helper(
 	reason: Option<String>,
 	is_direct: bool,
 ) -> Result {
-	if !services.users.is_admin(sender_user).await && services.globals.block_non_admin_invites() {
+	if !services.users.is_admin(sender_user).await && services.config.block_non_admin_invites {
 		info!(
 			"User {sender_user} is not an admin and attempted to send an invite to room \
 			 {room_id}"
@ -1711,8 +1764,8 @@ pub(crate) async fn invite_helper(
 	Ok(())
 }
-// Make a user leave all their joined rooms, forgets all rooms, and ignores
+// Make a user leave all their joined rooms, rescinds knocks, forgets all rooms,
-// errors
+// and ignores errors
 pub async fn leave_all_rooms(services: &Services, user_id: &UserId) {
 	let rooms_joined = services
 		.rooms
@ -1726,7 +1779,17 @@ pub async fn leave_all_rooms(services: &Services, user_id: &UserId) {
 		.rooms_invited(user_id)
 		.map(|(r, _)| r);
-	let all_rooms: Vec<_> = rooms_joined.chain(rooms_invited).collect().await;
+	let rooms_knocked = services
 		.rooms
 		.state_cache
 		.rooms_knocked(user_id)
 		.map(|(r, _)| r);
 	let all_rooms: Vec<_> = rooms_joined
 		.chain(rooms_invited)
 		.chain(rooms_knocked)
 		.collect()
 		.await;
 	for room_id in all_rooms {
 		// ignore errors
@ -1743,7 +1806,40 @@ pub async fn leave_room(
 	user_id: &UserId,
 	room_id: &RoomId,
 	reason: Option<String>,
-) -> Result<()> {
+) -> Result {
 	let default_member_content = RoomMemberEventContent {
 		membership: MembershipState::Leave,
 		reason: reason.clone(),
 		join_authorized_via_users_server: None,
 		is_direct: None,
 		avatar_url: None,
 		displayname: None,
 		third_party_invite: None,
 		blurhash: None,
 	};
 	if services.rooms.metadata.is_banned(room_id).await
 		|| services.rooms.metadata.is_disabled(room_id).await
 	{
 		// the room is banned/disabled, the room must be rejected locally since we
 		// cant/dont want to federate with this server
 		services
 			.rooms
 			.state_cache
 			.update_membership(
 				room_id,
 				user_id,
 				default_member_content,
 				user_id,
 				None,
 				None,
 				true,
 			)
 			.await?;
 		return Ok(());
 	}
 	// Ask a remote server if we don't have this room and are not knocking on it
 	if !services
 		.rooms
@ -1776,7 +1872,7 @@ pub async fn leave_room(
 			.update_membership(
 				room_id,
 				user_id,
-				RoomMemberEventContent::new(MembershipState::Leave),
+				default_member_content,
 				user_id,
 				last_state,
 				None,
@ -1796,26 +1892,23 @@ pub async fn leave_room(
 			)
 			.await
 		else {
-			// Fix for broken rooms
+			debug_warn!(
 			warn!(
 				"Trying to leave a room you are not a member of, marking room as left locally."
 			);
-			services
+			return services
 				.rooms
 				.state_cache
 				.update_membership(
 					room_id,
 					user_id,
-					RoomMemberEventContent::new(MembershipState::Leave),
+					default_member_content,
 					user_id,
 					None,
 					None,
 					true,
 				)
-				.await?;
+				.await;
 			return Ok(());
 		};
 		services
@ -1845,7 +1938,7 @@ async fn remote_leave_room(
 	room_id: &RoomId,
 ) -> Result<()> {
 	let mut make_leave_response_and_server =
-		Err!(BadServerResponse("No server available to assist in leaving."));
+		Err!(BadServerResponse("No remote server available to assist in leaving {room_id}."));
 	let mut servers: HashSet<OwnedServerName> = services
 		.rooms
@ -1925,20 +2018,25 @@ async fn remote_leave_room(
 	let (make_leave_response, remote_server) = make_leave_response_and_server?;
 	let Some(room_version_id) = make_leave_response.room_version else {
-		return Err!(BadServerResponse("Remote room version is not supported by conduwuit"));
+		return Err!(BadServerResponse(warn!(
 			"No room version was returned by {remote_server} for {room_id}, room version is \
 			 likely not supported by conduwuit"
 		)));
 	};
 	if !services.server.supported_room_version(&room_version_id) {
-		return Err!(BadServerResponse(
+		return Err!(BadServerResponse(warn!(
-			"Remote room version {room_version_id} is not supported by conduwuit"
+			"Remote room version {room_version_id} for {room_id} is not supported by conduwuit",
-		));
+		)));
 	}
 	let mut leave_event_stub = serde_json::from_str::<CanonicalJsonObject>(
 		make_leave_response.event.get(),
 	)
 	.map_err(|e| {
-		err!(BadServerResponse("Invalid make_leave event json received from server: {e:?}"))
+		err!(BadServerResponse(warn!(
 			"Invalid make_leave event json received from {remote_server} for {room_id}: {e:?}"
 		)))
 	})?;
 	// TODO: Is origin needed?
--- a/src/api/client/message.rs
+++ b/src/api/client/message.rs
@ -1,12 +1,24 @@
 use axum::extract::State;
 use conduwuit::{
-	Err, Event, PduCount, PduEvent, Result, at,
+	Err, Result, at,
 	matrix::{
 		Event,
 		pdu::{PduCount, PduEvent},
 	},
 	utils::{
 		IterStream, ReadyExt,
 		result::{FlatOk, LogErr},
 		stream::{BroadbandExt, TryIgnore, WidebandExt},
 	},
 };
 use conduwuit_service::{
 	Services,
 	rooms::{
 		lazy_loading,
 		lazy_loading::{Options, Witness},
 		timeline::PdusIterItem,
 	},
 };
 use futures::{FutureExt, StreamExt, TryFutureExt, future::OptionFuture, pin_mut};
 use ruma::{
 	RoomId, UserId,
@ -17,14 +29,6 @@ use ruma::{
 	events::{AnyStateEvent, StateEventType, TimelineEventType, TimelineEventType::*},
 	serde::Raw,
 };
 use service::{
 	Services,
 	rooms::{
 		lazy_loading,
 		lazy_loading::{Options, Witness},
 		timeline::PdusIterItem,
 	},
 };
 use crate::Ruma;
@ -157,7 +161,7 @@ pub(crate) async fn get_message_events_route(
 	let chunk = events
 		.into_iter()
 		.map(at!(1))
-		.map(|pdu| pdu.to_room_event())
+		.map(PduEvent::into_room_event)
 		.collect();
 	Ok(get_message_events::v3::Response {
@ -257,10 +261,9 @@ pub(crate) async fn is_ignored_pdu(
 	let ignored_type = IGNORED_MESSAGE_TYPES.binary_search(&pdu.kind).is_ok();
 	let ignored_server = services
 		.server
 		.config
 		.forbidden_remote_server_names
-		.contains(pdu.sender().server_name());
+		.is_match(pdu.sender().server_name().host());
 	if ignored_type
 		&& (ignored_server || services.users.user_is_ignored(&pdu.sender, user_id).await)
--- a/src/api/client/openid.rs
+++ b/src/api/client/openid.rs
@ -1,14 +1,14 @@
 use std::time::Duration;
 use axum::extract::State;
-use conduwuit::utils;
+use conduwuit::{Error, Result, utils};
 use ruma::{
 	api::client::{account, error::ErrorKind},
 	authentication::TokenType,
 };
 use super::TOKEN_LENGTH;
-use crate::{Error, Result, Ruma};
+use crate::Ruma;
 /// # `POST /_matrix/client/v3/user/{userId}/openid/request_token`
 ///
--- a/src/api/client/presence.rs
+++ b/src/api/client/presence.rs
@ -1,12 +1,10 @@
 use std::time::Duration;
 use axum::extract::State;
-use ruma::api::client::{
+use conduwuit::{Err, Result};
-	error::ErrorKind,
+use ruma::api::client::presence::{get_presence, set_presence};
 	presence::{get_presence, set_presence},
 };
-use crate::{Error, Result, Ruma};
+use crate::Ruma;
 /// # `PUT /_matrix/client/r0/presence/{userId}/status`
 ///
@ -15,24 +13,17 @@ pub(crate) async fn set_presence_route(
 	State(services): State<crate::State>,
 	body: Ruma<set_presence::v3::Request>,
 ) -> Result<set_presence::v3::Response> {
-	if !services.globals.allow_local_presence() {
+	if !services.config.allow_local_presence {
-		return Err(Error::BadRequest(
+		return Err!(Request(Forbidden("Presence is disabled on this server")));
 			ErrorKind::forbidden(),
 			"Presence is disabled on this server",
 		));
 	}
-	let sender_user = body.sender_user.as_ref().expect("user is authenticated");
+	if body.sender_user() != body.user_id && body.appservice_info.is_none() {
-	if sender_user != &body.user_id && body.appservice_info.is_none() {
+		return Err!(Request(InvalidParam("Not allowed to set presence of other users")));
 		return Err(Error::BadRequest(
 			ErrorKind::InvalidParam,
 			"Not allowed to set presence of other users",
 		));
 	}
 	services
 		.presence
-		.set_presence(sender_user, &body.presence, None, None, body.status_msg.clone())
+		.set_presence(body.sender_user(), &body.presence, None, None, body.status_msg.clone())
 		.await?;
 	Ok(set_presence::v3::Response {})
@ -47,21 +38,15 @@ pub(crate) async fn get_presence_route(
 	State(services): State<crate::State>,
 	body: Ruma<get_presence::v3::Request>,
 ) -> Result<get_presence::v3::Response> {
-	if !services.globals.allow_local_presence() {
+	if !services.config.allow_local_presence {
-		return Err(Error::BadRequest(
+		return Err!(Request(Forbidden("Presence is disabled on this server",)));
 			ErrorKind::forbidden(),
 			"Presence is disabled on this server",
 		));
 	}
 	let sender_user = body.sender_user.as_ref().expect("user is authenticated");
 	let mut presence_event = None;
 	let has_shared_rooms = services
 		.rooms
 		.state_cache
-		.user_sees_user(sender_user, &body.user_id)
+		.user_sees_user(body.sender_user(), &body.user_id)
 		.await;
 	if has_shared_rooms {
@ -99,9 +84,6 @@ pub(crate) async fn get_presence_route(
 				presence: presence.content.presence,
 			})
 		},
-		| _ => Err(Error::BadRequest(
+		| _ => Err!(Request(NotFound("Presence state for this user was not found"))),
 			ErrorKind::NotFound,
 			"Presence state for this user was not found",
 		)),
 	}
 }
--- a/src/api/client/profile.rs
+++ b/src/api/client/profile.rs
@ -3,10 +3,11 @@ use std::collections::BTreeMap;
 use axum::extract::State;
 use conduwuit::{
 	Err, Error, Result,
-	pdu::PduBuilder,
+	matrix::pdu::PduBuilder,
 	utils::{IterStream, stream::TryIgnore},
 	warn,
 };
 use conduwuit_service::Services;
 use futures::{StreamExt, TryStreamExt, future::join3};
 use ruma::{
 	OwnedMxcUri, OwnedRoomId, UserId,
@ -22,7 +23,6 @@ use ruma::{
 	events::room::member::{MembershipState, RoomMemberEventContent},
 	presence::PresenceState,
 };
 use service::Services;
 use crate::Ruma;
@ -52,7 +52,7 @@ pub(crate) async fn set_displayname_route(
 	update_displayname(&services, &body.user_id, body.displayname.clone(), &all_joined_rooms)
 		.await;
-	if services.globals.allow_local_presence() {
+	if services.config.allow_local_presence {
 		// Presence update
 		services
 			.presence
@ -147,7 +147,7 @@ pub(crate) async fn set_avatar_url_route(
 	)
 	.await;
-	if services.globals.allow_local_presence() {
+	if services.config.allow_local_presence {
 		// Presence update
 		services
 			.presence
--- a/src/api/client/push.rs
+++ b/src/api/client/push.rs
@ -1,5 +1,6 @@
 use axum::extract::State;
-use conduwuit::{Err, err};
+use conduwuit::{Err, Error, Result, err};
 use conduwuit_service::Services;
 use ruma::{
 	CanonicalJsonObject, CanonicalJsonValue,
 	api::client::{
@ -19,9 +20,8 @@ use ruma::{
 		RemovePushRuleError, Ruleset,
 	},
 };
 use service::Services;
-use crate::{Error, Result, Ruma};
+use crate::Ruma;
 /// # `GET /_matrix/client/r0/pushrules/`
 ///
@ -503,7 +503,7 @@ pub(crate) async fn set_pushers_route(
 	services
 		.pusher
-		.set_pusher(sender_user, &body.action)
+		.set_pusher(sender_user, body.sender_device(), &body.action)
 		.await?;
 	Ok(set_pusher::v3::Response::new())
--- a/src/api/client/read_marker.rs
+++ b/src/api/client/read_marker.rs
@ -1,7 +1,7 @@
 use std::collections::BTreeMap;
 use axum::extract::State;
-use conduwuit::{Err, PduCount, err};
+use conduwuit::{Err, PduCount, Result, err};
 use ruma::{
 	MilliSecondsSinceUnixEpoch,
 	api::client::{read_marker::set_read_marker, receipt::create_receipt},
@ -11,7 +11,7 @@ use ruma::{
 	},
 };
-use crate::{Result, Ruma};
+use crate::Ruma;
 /// # `POST /_matrix/client/r0/rooms/{roomId}/read_markers`
 ///
@ -50,7 +50,7 @@ pub(crate) async fn set_read_marker_route(
 	}
 	// ping presence
-	if services.globals.allow_local_presence() {
+	if services.config.allow_local_presence {
 		services
 			.presence
 			.ping_presence(sender_user, &ruma::presence::PresenceState::Online)
@ -126,7 +126,7 @@ pub(crate) async fn create_receipt_route(
 	}
 	// ping presence
-	if services.globals.allow_local_presence() {
+	if services.config.allow_local_presence {
 		services
 			.presence
 			.ping_presence(sender_user, &ruma::presence::PresenceState::Online)
--- a/src/api/client/redact.rs
+++ b/src/api/client/redact.rs
@ -1,9 +1,10 @@
 use axum::extract::State;
 use conduwuit::{Result, matrix::pdu::PduBuilder};
 use ruma::{
 	api::client::redact::redact_event, events::room::redaction::RoomRedactionEventContent,
 };
-use crate::{Result, Ruma, service::pdu::PduBuilder};
+use crate::Ruma;
 /// # `PUT /_matrix/client/r0/rooms/{roomId}/redact/{eventId}/{txnId}`
 ///
--- a/src/api/client/relations.rs
+++ b/src/api/client/relations.rs
@ -1,8 +1,10 @@
 use axum::extract::State;
 use conduwuit::{
-	PduCount, Result, at,
+	Result, at,
 	matrix::pdu::PduCount,
 	utils::{IterStream, ReadyExt, result::FlatOk, stream::WidebandExt},
 };
 use conduwuit_service::{Services, rooms::timeline::PdusIterItem};
 use futures::StreamExt;
 use ruma::{
 	EventId, RoomId, UInt, UserId,
@ -15,7 +17,6 @@ use ruma::{
 	},
 	events::{TimelineEventType, relation::RelationType},
 };
 use service::{Services, rooms::timeline::PdusIterItem};
 use crate::Ruma;
--- a/src/api/client/report.rs
+++ b/src/api/client/report.rs
@ -2,7 +2,8 @@ use std::time::Duration;
 use axum::extract::State;
 use axum_client_ip::InsecureClientIp;
-use conduwuit::{Err, info, utils::ReadyExt};
+use conduwuit::{Err, Error, Result, debug_info, info, matrix::pdu::PduEvent, utils::ReadyExt};
 use conduwuit_service::Services;
 use rand::Rng;
 use ruma::{
 	EventId, RoomId, UserId,
@ -15,10 +16,7 @@ use ruma::{
 };
 use tokio::time::sleep;
-use crate::{
+use crate::Ruma;
 	Error, Result, Ruma, debug_info,
 	service::{Services, pdu::PduEvent},
 };
 /// # `POST /_matrix/client/v3/rooms/{roomId}/report`
 ///
--- a/src/api/client/room/create.rs
+++ b/src/api/client/room/create.rs
@ -2,8 +2,11 @@ use std::collections::BTreeMap;
 use axum::extract::State;
 use conduwuit::{
-	Err, Error, Result, StateKey, debug_info, debug_warn, err, error, info, pdu::PduBuilder, warn,
+	Err, Error, Result, debug_info, debug_warn, err, error, info,
 	matrix::{StateKey, pdu::PduBuilder},
 	warn,
 };
 use conduwuit_service::{Services, appservice::RegistrationInfo};
 use futures::FutureExt;
 use ruma::{
 	CanonicalJsonObject, Int, OwnedRoomAliasId, OwnedRoomId, OwnedUserId, RoomId, RoomVersionId,
@ -29,7 +32,6 @@ use ruma::{
 	serde::{JsonObject, Raw},
 };
 use serde_json::{json, value::to_raw_value};
 use service::{Services, appservice::RegistrationInfo};
 use crate::{Ruma, client::invite_helper};
@ -372,7 +374,7 @@ pub(crate) async fn create_room_route(
 		// Silently skip encryption events if they are not allowed
 		if pdu_builder.event_type == TimelineEventType::RoomEncryption
-			&& !services.globals.allow_encryption()
+			&& !services.config.allow_encryption
 		{
 			continue;
 		}
--- a/src/api/client/room/event.rs
+++ b/src/api/client/room/event.rs
@ -40,5 +40,5 @@ pub(crate) async fn get_room_event_route(
 	event.add_age().ok();
-	Ok(get_room_event::v3::Response { event: event.to_room_event() })
+	Ok(get_room_event::v3::Response { event: event.into_room_event() })
 }
--- a/src/api/client/room/initial_sync.rs
+++ b/src/api/client/room/initial_sync.rs
@ -55,7 +55,7 @@ pub(crate) async fn room_initial_sync_route(
 		chunk: events
 			.into_iter()
 			.map(at!(1))
-			.map(|pdu| pdu.to_room_event())
+			.map(PduEvent::into_room_event)
 			.collect(),
 	};
--- a/src/api/client/room/mod.rs
+++ b/src/api/client/room/mod.rs
@ -2,9 +2,14 @@ mod aliases;
 mod create;
 mod event;
 mod initial_sync;
 mod summary;
 mod upgrade;
 pub(crate) use self::{
-	aliases::get_room_aliases_route, create::create_room_route, event::get_room_event_route,
+	aliases::get_room_aliases_route,
-	initial_sync::room_initial_sync_route, upgrade::upgrade_room_route,
+	create::create_room_route,
 	event::get_room_event_route,
 	initial_sync::room_initial_sync_route,
 	summary::{get_room_summary, get_room_summary_legacy},
 	upgrade::upgrade_room_route,
 };
--- a/src/api/client/room/summary.rs
+++ b/src/api/client/room/summary.rs
@ -0,0 +1,330 @@
 use axum::extract::State;
 use axum_client_ip::InsecureClientIp;
 use conduwuit::{
 	Err, Result, debug_warn, trace,
 	utils::{IterStream, future::TryExtExt},
 };
 use futures::{
 	FutureExt, StreamExt,
 	future::{OptionFuture, join3},
 	stream::FuturesUnordered,
 };
 use ruma::{
 	OwnedServerName, RoomId, UserId,
 	api::{
 		client::room::get_summary,
 		federation::space::{SpaceHierarchyParentSummary, get_hierarchy},
 	},
 	events::room::member::MembershipState,
 	space::SpaceRoomJoinRule::{self, *},
 };
 use service::Services;
 use crate::{Ruma, RumaResponse};
 /// # `GET /_matrix/client/unstable/im.nheko.summary/rooms/{roomIdOrAlias}/summary`
 ///
 /// Returns a short description of the state of a room.
 ///
 /// This is the "wrong" endpoint that some implementations/clients may use
 /// according to the MSC. Request and response bodies are the same as
 /// `get_room_summary`.
 ///
 /// An implementation of [MSC3266](https://github.com/matrix-org/matrix-spec-proposals/pull/3266)
 pub(crate) async fn get_room_summary_legacy(
 	State(services): State<crate::State>,
 	InsecureClientIp(client): InsecureClientIp,
 	body: Ruma<get_summary::msc3266::Request>,
 ) -> Result<RumaResponse<get_summary::msc3266::Response>> {
 	get_room_summary(State(services), InsecureClientIp(client), body)
 		.boxed()
 		.await
 		.map(RumaResponse)
 }
 /// # `GET /_matrix/client/unstable/im.nheko.summary/summary/{roomIdOrAlias}`
 ///
 /// Returns a short description of the state of a room.
 ///
 /// An implementation of [MSC3266](https://github.com/matrix-org/matrix-spec-proposals/pull/3266)
 #[tracing::instrument(skip_all, fields(%client), name = "room_summary")]
 pub(crate) async fn get_room_summary(
 	State(services): State<crate::State>,
 	InsecureClientIp(client): InsecureClientIp,
 	body: Ruma<get_summary::msc3266::Request>,
 ) -> Result<get_summary::msc3266::Response> {
 	let (room_id, servers) = services
 		.rooms
 		.alias
 		.resolve_with_servers(&body.room_id_or_alias, Some(body.via.clone()))
 		.await?;
 	if services.rooms.metadata.is_banned(&room_id).await {
 		return Err!(Request(Forbidden("This room is banned on this homeserver.")));
 	}
 	room_summary_response(&services, &room_id, &servers, body.sender_user.as_deref())
 		.boxed()
 		.await
 }
 async fn room_summary_response(
 	services: &Services,
 	room_id: &RoomId,
 	servers: &[OwnedServerName],
 	sender_user: Option<&UserId>,
 ) -> Result<get_summary::msc3266::Response> {
 	if services
 		.rooms
 		.state_cache
 		.server_in_room(services.globals.server_name(), room_id)
 		.await
 	{
 		return local_room_summary_response(services, room_id, sender_user)
 			.boxed()
 			.await;
 	}
 	let room =
 		remote_room_summary_hierarchy_response(services, room_id, servers, sender_user).await?;
 	Ok(get_summary::msc3266::Response {
 		room_id: room_id.to_owned(),
 		canonical_alias: room.canonical_alias,
 		avatar_url: room.avatar_url,
 		guest_can_join: room.guest_can_join,
 		name: room.name,
 		num_joined_members: room.num_joined_members,
 		topic: room.topic,
 		world_readable: room.world_readable,
 		join_rule: room.join_rule,
 		room_type: room.room_type,
 		room_version: room.room_version,
 		encryption: room.encryption,
 		allowed_room_ids: room.allowed_room_ids,
 		membership: sender_user.is_some().then_some(MembershipState::Leave),
 	})
 }
 async fn local_room_summary_response(
 	services: &Services,
 	room_id: &RoomId,
 	sender_user: Option<&UserId>,
 ) -> Result<get_summary::msc3266::Response> {
 	trace!(?sender_user, "Sending local room summary response for {room_id:?}");
 	let join_rule = services.rooms.state_accessor.get_join_rules(room_id);
 	let world_readable = services.rooms.state_accessor.is_world_readable(room_id);
 	let guest_can_join = services.rooms.state_accessor.guest_can_join(room_id);
 	let (join_rule, world_readable, guest_can_join) =
 		join3(join_rule, world_readable, guest_can_join).await;
 	trace!("{join_rule:?}, {world_readable:?}, {guest_can_join:?}");
 	user_can_see_summary(
 		services,
 		room_id,
 		&join_rule.clone().into(),
 		guest_can_join,
 		world_readable,
 		join_rule.allowed_rooms(),
 		sender_user,
 	)
 	.await?;
 	let canonical_alias = services
 		.rooms
 		.state_accessor
 		.get_canonical_alias(room_id)
 		.ok();
 	let name = services.rooms.state_accessor.get_name(room_id).ok();
 	let topic = services.rooms.state_accessor.get_room_topic(room_id).ok();
 	let room_type = services.rooms.state_accessor.get_room_type(room_id).ok();
 	let avatar_url = services
 		.rooms
 		.state_accessor
 		.get_avatar(room_id)
 		.map(|res| res.into_option().unwrap_or_default().url);
 	let room_version = services.rooms.state.get_room_version(room_id).ok();
 	let encryption = services
 		.rooms
 		.state_accessor
 		.get_room_encryption(room_id)
 		.ok();
 	let num_joined_members = services
 		.rooms
 		.state_cache
 		.room_joined_count(room_id)
 		.unwrap_or(0);
 	let membership: OptionFuture<_> = sender_user
 		.map(|sender_user| {
 			services
 				.rooms
 				.state_accessor
 				.get_member(room_id, sender_user)
 				.map_ok_or(MembershipState::Leave, |content| content.membership)
 		})
 		.into();
 	let (
 		canonical_alias,
 		name,
 		num_joined_members,
 		topic,
 		avatar_url,
 		room_type,
 		room_version,
 		encryption,
 		membership,
 	) = futures::join!(
 		canonical_alias,
 		name,
 		num_joined_members,
 		topic,
 		avatar_url,
 		room_type,
 		room_version,
 		encryption,
 		membership,
 	);
 	Ok(get_summary::msc3266::Response {
 		room_id: room_id.to_owned(),
 		canonical_alias,
 		avatar_url,
 		guest_can_join,
 		name,
 		num_joined_members: num_joined_members.try_into().unwrap_or_default(),
 		topic,
 		world_readable,
 		room_type,
 		room_version,
 		encryption,
 		membership,
 		allowed_room_ids: join_rule.allowed_rooms().map(Into::into).collect(),
 		join_rule: join_rule.into(),
 	})
 }
 /// used by MSC3266 to fetch a room's info if we do not know about it
 async fn remote_room_summary_hierarchy_response(
 	services: &Services,
 	room_id: &RoomId,
 	servers: &[OwnedServerName],
 	sender_user: Option<&UserId>,
 ) -> Result<SpaceHierarchyParentSummary> {
 	trace!(?sender_user, ?servers, "Sending remote room summary response for {room_id:?}");
 	if !services.config.allow_federation {
 		return Err!(Request(Forbidden("Federation is disabled.")));
 	}
 	if services.rooms.metadata.is_disabled(room_id).await {
 		return Err!(Request(Forbidden(
 			"Federaton of room {room_id} is currently disabled on this server."
 		)));
 	}
 	let request = get_hierarchy::v1::Request::new(room_id.to_owned());
 	let mut requests: FuturesUnordered<_> = servers
 		.iter()
 		.map(|server| {
 			services
 				.sending
 				.send_federation_request(server, request.clone())
 		})
 		.collect();
 	while let Some(Ok(response)) = requests.next().await {
 		trace!("{response:?}");
 		let room = response.room.clone();
 		if room.room_id != room_id {
 			debug_warn!(
 				"Room ID {} returned does not belong to the requested room ID {}",
 				room.room_id,
 				room_id
 			);
 			continue;
 		}
 		return user_can_see_summary(
 			services,
 			room_id,
 			&room.join_rule,
 			room.guest_can_join,
 			room.world_readable,
 			room.allowed_room_ids.iter().map(AsRef::as_ref),
 			sender_user,
 		)
 		.await
 		.map(|()| room);
 	}
 	Err!(Request(NotFound(
 		"Room is unknown to this server and was unable to fetch over federation with the \
 		 provided servers available"
 	)))
 }
 async fn user_can_see_summary<'a, I>(
 	services: &Services,
 	room_id: &RoomId,
 	join_rule: &SpaceRoomJoinRule,
 	guest_can_join: bool,
 	world_readable: bool,
 	allowed_room_ids: I,
 	sender_user: Option<&UserId>,
 ) -> Result
 where
 	I: Iterator<Item = &'a RoomId> + Send,
 {
 	let is_public_room = matches!(join_rule, Public | Knock | KnockRestricted);
 	match sender_user {
 		| Some(sender_user) => {
 			let user_can_see_state_events = services
 				.rooms
 				.state_accessor
 				.user_can_see_state_events(sender_user, room_id);
 			let is_guest = services.users.is_deactivated(sender_user).unwrap_or(false);
 			let user_in_allowed_restricted_room = allowed_room_ids
 				.stream()
 				.any(|room| services.rooms.state_cache.is_joined(sender_user, room));
 			let (user_can_see_state_events, is_guest, user_in_allowed_restricted_room) =
 				join3(user_can_see_state_events, is_guest, user_in_allowed_restricted_room)
 					.boxed()
 					.await;
 			if user_can_see_state_events
 				|| (is_guest && guest_can_join)
 				|| is_public_room
 				|| user_in_allowed_restricted_room
 			{
 				return Ok(());
 			}
 			Err!(Request(Forbidden(
 				"Room is not world readable, not publicly accessible/joinable, restricted room \
 				 conditions not met, and guest access is forbidden. Not allowed to see details \
 				 of this room."
 			)))
 		},
 		| None => {
 			if is_public_room || world_readable {
 				return Ok(());
 			}
 			Err!(Request(Forbidden(
 				"Room is not world readable or publicly accessible/joinable, authentication is \
 				 required"
 			)))
 		},
 	}
 }
--- a/src/api/client/room/upgrade.rs
+++ b/src/api/client/room/upgrade.rs
@ -1,7 +1,10 @@
 use std::cmp::max;
 use axum::extract::State;
-use conduwuit::{Error, Result, StateKey, err, info, pdu::PduBuilder};
+use conduwuit::{
 	Error, Result, err, info,
 	matrix::{StateKey, pdu::PduBuilder},
 };
 use futures::StreamExt;
 use ruma::{
 	CanonicalJsonObject, RoomId, RoomVersionId,
@ -103,7 +106,7 @@ pub(crate) async fn upgrade_room_route(
 	// Use the m.room.tombstone event as the predecessor
 	let predecessor = Some(ruma::events::room::create::PreviousRoom::new(
 		body.room_id.clone(),
-		(*tombstone_event_id).to_owned(),
+		Some(tombstone_event_id),
 	));
 	// Send a m.room.create event containing a predecessor field and the applicable
--- a/src/api/client/search.rs
+++ b/src/api/client/search.rs
@ -2,10 +2,12 @@ use std::collections::BTreeMap;
 use axum::extract::State;
 use conduwuit::{
-	Err, PduEvent, Result, at, is_true,
+	Err, Result, at, is_true,
 	matrix::pdu::PduEvent,
 	result::FlatOk,
 	utils::{IterStream, stream::ReadyExt},
 };
 use conduwuit_service::{Services, rooms::search::RoomQuery};
 use futures::{FutureExt, StreamExt, TryFutureExt, TryStreamExt, future::OptionFuture};
 use ruma::{
 	OwnedRoomId, RoomId, UInt, UserId,
@ -17,7 +19,6 @@ use ruma::{
 	serde::Raw,
 };
 use search_events::v3::{Request, Response};
 use service::{Services, rooms::search::RoomQuery};
 use crate::Ruma;
@ -143,7 +144,7 @@ async fn category_room_events(
 		.map(at!(2))
 		.flatten()
 		.stream()
-		.map(|pdu| pdu.to_room_event())
+		.map(PduEvent::into_room_event)
 		.map(|result| SearchResult {
 			rank: None,
 			result: Some(result),
--- a/src/api/client/send.rs
+++ b/src/api/client/send.rs
@ -1,11 +1,11 @@
 use std::collections::BTreeMap;
 use axum::extract::State;
-use conduwuit::{Err, err};
+use conduwuit::{Err, Result, err, matrix::pdu::PduBuilder, utils};
 use ruma::{api::client::message::send_message_event, events::MessageLikeEventType};
 use serde_json::from_str;
-use crate::{Result, Ruma, service::pdu::PduBuilder, utils};
+use crate::Ruma;
 /// # `PUT /_matrix/client/v3/rooms/{roomId}/send/{eventType}/{txnId}`
 ///
@ -25,8 +25,7 @@ pub(crate) async fn send_message_event_route(
 	let appservice_info = body.appservice_info.as_ref();
 	// Forbid m.room.encrypted if encryption is disabled
-	if MessageLikeEventType::RoomEncrypted == body.event_type
+	if MessageLikeEventType::RoomEncrypted == body.event_type && !services.config.allow_encryption
 		&& !services.globals.allow_encryption()
 	{
 		return Err!(Request(Forbidden("Encryption has been disabled")));
 	}
--- a/src/api/client/session.rs
+++ b/src/api/client/session.rs
@ -2,7 +2,11 @@ use std::time::Duration;
 use axum::extract::State;
 use axum_client_ip::InsecureClientIp;
-use conduwuit::{Err, debug, err, info, utils::ReadyExt};
+use conduwuit::{
 	Err, Error, Result, debug, err, info, utils,
 	utils::{ReadyExt, hash},
 };
 use conduwuit_service::uiaa::SESSION_ID_LENGTH;
 use futures::StreamExt;
 use ruma::{
 	UserId,
@ -22,10 +26,9 @@ use ruma::{
 		uiaa,
 	},
 };
 use service::uiaa::SESSION_ID_LENGTH;
 use super::{DEVICE_ID_LENGTH, TOKEN_LENGTH};
-use crate::{Error, Result, Ruma, utils, utils::hash};
+use crate::Ruma;
 /// # `GET /_matrix/client/v3/login`
 ///
--- a/src/api/client/space.rs
+++ b/src/api/client/space.rs
@ -8,16 +8,16 @@ use conduwuit::{
 	Err, Result,
 	utils::{future::TryExtExt, stream::IterStream},
 };
-use futures::{StreamExt, TryFutureExt, future::OptionFuture};
+use conduwuit_service::{
 use ruma::{
 	OwnedRoomId, OwnedServerName, RoomId, UInt, UserId, api::client::space::get_hierarchy,
 };
 use service::{
 	Services,
 	rooms::spaces::{
 		PaginationToken, SummaryAccessibility, get_parent_children_via, summary_to_chunk,
 	},
 };
 use futures::{StreamExt, TryFutureExt, future::OptionFuture};
 use ruma::{
 	OwnedRoomId, OwnedServerName, RoomId, UInt, UserId, api::client::space::get_hierarchy,
 };
 use crate::Ruma;
@ -155,11 +155,7 @@ where
 					break;
 				}
-				if children.is_empty() {
+				if parents.len() > max_depth {
 					break;
 				}
 				if parents.len() >= max_depth {
 					continue;
 				}
--- a/src/api/client/state.rs
+++ b/src/api/client/state.rs
@ -1,5 +1,10 @@
 use axum::extract::State;
-use conduwuit::{Err, PduEvent, Result, err, pdu::PduBuilder, utils::BoolExt};
+use conduwuit::{
 	Err, Result, err,
 	matrix::pdu::{PduBuilder, PduEvent},
 	utils::BoolExt,
 };
 use conduwuit_service::Services;
 use futures::TryStreamExt;
 use ruma::{
 	OwnedEventId, RoomId, UserId,
@ -16,7 +21,6 @@ use ruma::{
 	},
 	serde::Raw,
 };
 use service::Services;
 use crate::{Ruma, RumaResponse};
@ -207,7 +211,7 @@ async fn allowed_to_send_state_event(
 			// irreversible mistakes
 			match json.deserialize_as::<RoomServerAclEventContent>() {
 				| Ok(acl_content) => {
-					if acl_content.allow.is_empty() {
+					if acl_content.allow_is_empty() {
 						return Err!(Request(BadJson(debug_warn!(
 							?room_id,
 							"Sending an ACL event with an empty allow key will permanently \
@ -216,9 +220,7 @@ async fn allowed_to_send_state_event(
 						))));
 					}
-					if acl_content.deny.contains(&String::from("*"))
+					if acl_content.deny_contains("*") && acl_content.allow_contains("*") {
 						&& acl_content.allow.contains(&String::from("*"))
 					{
 						return Err!(Request(BadJson(debug_warn!(
 							?room_id,
 							"Sending an ACL event with a deny and allow key value of \"*\" will \
@ -227,8 +229,9 @@ async fn allowed_to_send_state_event(
 						))));
 					}
-					if acl_content.deny.contains(&String::from("*"))
+					if acl_content.deny_contains("*")
 						&& !acl_content.is_allowed(services.globals.server_name())
 						&& !acl_content.allow_contains(services.globals.server_name().as_str())
 					{
 						return Err!(Request(BadJson(debug_warn!(
 							?room_id,
@ -238,8 +241,9 @@ async fn allowed_to_send_state_event(
 						))));
 					}
-					if !acl_content.allow.contains(&String::from("*"))
+					if !acl_content.allow_contains("*")
 						&& !acl_content.is_allowed(services.globals.server_name())
 						&& !acl_content.allow_contains(services.globals.server_name().as_str())
 					{
 						return Err!(Request(BadJson(debug_warn!(
 							?room_id,
@ -254,7 +258,7 @@ async fn allowed_to_send_state_event(
 						"Room server ACL event is invalid: {e}"
 					))));
 				},
-			};
+			}
 		},
 		| StateEventType::RoomEncryption =>
 		// Forbid m.room.encryption if encryption is disabled
--- a/src/api/client/sync/mod.rs
+++ b/src/api/client/sync/mod.rs
@ -3,12 +3,14 @@ mod v4;
 mod v5;
 use conduwuit::{
-	PduCount,
+	Error, PduCount, Result,
 	matrix::pdu::PduEvent,
 	utils::{
 		IterStream,
 		stream::{BroadbandExt, ReadyExt, TryIgnore},
 	},
 };
 use conduwuit_service::Services;
 use futures::{StreamExt, pin_mut};
 use ruma::{
 	RoomId, UserId,
@ -21,7 +23,6 @@ use ruma::{
 pub(crate) use self::{
 	v3::sync_events_route, v4::sync_events_v4_route, v5::sync_events_v5_route,
 };
 use crate::{Error, PduEvent, Result, service::Services};
 pub(crate) const DEFAULT_BUMP_TYPES: &[TimelineEventType; 6] =
 	&[CallInvite, PollStart, Beacon, RoomEncrypted, RoomMessage, Sticker];
--- a/src/api/client/sync/v3.rs
+++ b/src/api/client/sync/v3.rs
@ -6,15 +6,20 @@ use std::{
 use axum::extract::State;
 use conduwuit::{
-	PduCount, PduEvent, Result, at, err, error, extract_variant, is_equal_to, pair_of,
+	Result, at, err, error, extract_variant, is_equal_to,
-	pdu::{Event, EventHash},
+	matrix::{
-	ref_at,
+		Event,
 		pdu::{EventHash, PduCount, PduEvent},
 	},
 	pair_of, ref_at,
 	result::FlatOk,
 	utils::{
 		self, BoolExt, IterStream, ReadyExt, TryFutureExtExt,
 		future::OptionStream,
 		math::ruma_from_u64,
 		stream::{BroadbandExt, Tools, TryExpect, WidebandExt},
 	},
 	warn,
 };
 use conduwuit_service::{
 	Services,
@ -118,7 +123,7 @@ pub(crate) async fn sync_events_route(
 	let (sender_user, sender_device) = body.sender();
 	// Presence update
-	if services.globals.allow_local_presence() {
+	if services.config.allow_local_presence {
 		services
 			.presence
 			.ping_presence(sender_user, &body.body.set_presence)
@ -219,6 +224,7 @@ pub(crate) async fn build_sync_events(
 				sender_user,
 				next_batch,
 				full_state,
 				filter.room.include_leave,
 				&filter,
 			)
 			.map_ok(move |left_room| (room_id, left_room))
@ -278,8 +284,8 @@ pub(crate) async fn build_sync_events(
 		});
 	let presence_updates: OptionFuture<_> = services
-		.globals
+		.config
-		.allow_local_presence()
+		.allow_local_presence
 		.then(|| process_presence_updates(services, since, sender_user))
 		.into();
@ -412,6 +418,7 @@ async fn handle_left_room(
 	sender_user: &UserId,
 	next_batch: u64,
 	full_state: bool,
 	include_leave: bool,
 	filter: &FilterDefinition,
 ) -> Result<Option<LeftRoom>> {
 	let left_count = services
@ -426,9 +433,12 @@ async fn handle_left_room(
 		return Ok(None);
 	}
-	if !services.rooms.metadata.exists(room_id).await {
+	if !services.rooms.metadata.exists(room_id).await
 		|| services.rooms.metadata.is_disabled(room_id).await
 		|| services.rooms.metadata.is_banned(room_id).await
 	{
 		// This is just a rejected invite, not a room we know
-		// Insert a leave event anyways
+		// Insert a leave event anyways for the client
 		let event = PduEvent {
 			event_id: EventId::new(services.globals.server_name()),
 			sender: sender_user.to_owned(),
@ -459,7 +469,7 @@ async fn handle_left_room(
 				events: Vec::new(),
 			},
 			state: RoomState {
-				events: vec![event.to_sync_state_event()],
+				events: vec![event.into_sync_state_event()],
 			},
 		}));
 	}
@ -487,7 +497,7 @@ async fn handle_left_room(
 		.room_state_get_id(room_id, &StateEventType::RoomMember, sender_user.as_str())
 		.await
 	else {
-		error!("Left room but no left state event");
+		warn!("Left {room_id} but no left state event");
 		return Ok(None);
 	};
@ -497,7 +507,7 @@ async fn handle_left_room(
 		.pdu_shortstatehash(&left_event_id)
 		.await
 	else {
-		error!(event_id = %left_event_id, "Leave event has no state");
+		warn!(event_id = %left_event_id, "Leave event has no state in {room_id}");
 		return Ok(None);
 	};
@ -540,7 +550,11 @@ async fn handle_left_room(
 				continue;
 			};
-			left_state_events.push(pdu.to_sync_state_event());
+			if !include_leave && pdu.sender == sender_user {
 				continue;
 			}
 			left_state_events.push(pdu.into_sync_state_event());
 		}
 	}
@ -859,8 +873,8 @@ async fn load_joined_room(
 		},
 		state: RoomState {
 			events: state_events
-				.iter()
+				.into_iter()
-				.map(PduEvent::to_sync_state_event)
+				.map(PduEvent::into_sync_state_event)
 				.collect(),
 		},
 		ephemeral: Ephemeral { events: edus },
@ -1023,7 +1037,7 @@ async fn calculate_state_incremental<'a>(
 		})
 		.into();
-	let state_diff: OptionFuture<_> = (!full_state && state_changed)
+	let state_diff_ids: OptionFuture<_> = (!full_state && state_changed)
 		.then(|| {
 			StreamExt::into_future(
 				services
@ -1048,45 +1062,9 @@ async fn calculate_state_incremental<'a>(
 		})
 		.into();
 	let lazy_state_ids = lazy_state_ids
 		.map(|opt| {
 			opt.map(|(curr, next)| {
 				let opt = curr;
 				let iter = Option::into_iter(opt);
 				IterStream::stream(iter).chain(next)
 			})
 		})
 		.map(Option::into_iter)
 		.map(IterStream::stream)
 		.flatten_stream()
 		.flatten();
 	let state_diff_ids = state_diff
 		.map(|opt| {
 			opt.map(|(curr, next)| {
 				let opt = curr;
 				let iter = Option::into_iter(opt);
 				IterStream::stream(iter).chain(next)
 			})
 		})
 		.map(Option::into_iter)
 		.map(IterStream::stream)
 		.flatten_stream()
 		.flatten();
 	let state_events = current_state_ids
-		.map(|opt| {
+		.stream()
-			opt.map(|(curr, next)| {
+		.chain(state_diff_ids.stream())
 				let opt = curr;
 				let iter = Option::into_iter(opt);
 				IterStream::stream(iter).chain(next)
 			})
 		})
 		.map(Option::into_iter)
 		.map(IterStream::stream)
 		.flatten_stream()
 		.flatten()
 		.chain(state_diff_ids)
 		.broad_filter_map(|(shortstatekey, shorteventid)| async move {
 			if witness.is_none() || encrypted_room {
 				return Some(shorteventid);
@ -1094,7 +1072,7 @@ async fn calculate_state_incremental<'a>(
 			lazy_filter(services, sender_user, shortstatekey, shorteventid).await
 		})
-		.chain(lazy_state_ids)
+		.chain(lazy_state_ids.stream())
 		.broad_filter_map(|shorteventid| {
 			services
 				.rooms
--- a/src/api/client/sync/v4.rs
+++ b/src/api/client/sync/v4.rs
@ -6,7 +6,7 @@ use std::{
 use axum::extract::State;
 use conduwuit::{
-	Error, PduCount, Result, debug, error, extract_variant,
+	Error, PduCount, PduEvent, Result, debug, error, extract_variant,
 	utils::{
 		BoolExt, IterStream, ReadyExt, TryFutureExtExt,
 		math::{ruma_from_usize, usize_from_ruma, usize_from_u64_truncated},
@ -438,7 +438,10 @@ pub(crate) async fn sync_events_v4_route(
 	let mut known_subscription_rooms = BTreeSet::new();
 	for (room_id, room) in &body.room_subscriptions {
-		if !services.rooms.metadata.exists(room_id).await {
+		if !services.rooms.metadata.exists(room_id).await
 			|| services.rooms.metadata.is_disabled(room_id).await
 			|| services.rooms.metadata.is_banned(room_id).await
 		{
 			continue;
 		}
 		let todo_room =
@ -634,7 +637,7 @@ pub(crate) async fn sync_events_v4_route(
 					.state_accessor
 					.room_state_get(room_id, &state.0, &state.1)
 					.await
-					.map(|s| s.to_sync_state_event())
+					.map(PduEvent::into_sync_state_event)
 					.ok()
 			})
 			.collect()
--- a/src/api/client/sync/v5.rs
+++ b/src/api/client/sync/v5.rs
@ -6,13 +6,19 @@ use std::{
 use axum::extract::State;
 use conduwuit::{
-	Error, Result, TypeStateKey, debug, error, extract_variant, trace,
+	Error, Result, debug, error, extract_variant,
 	matrix::{
 		TypeStateKey,
 		pdu::{PduCount, PduEvent},
 	},
 	trace,
 	utils::{
 		BoolExt, IterStream, ReadyExt, TryFutureExtExt,
 		math::{ruma_from_usize, usize_from_ruma},
 	},
 	warn,
 };
 use conduwuit_service::rooms::read_receipt::pack_receipts;
 use futures::{FutureExt, StreamExt, TryFutureExt};
 use ruma::{
 	DeviceId, OwnedEventId, OwnedRoomId, RoomId, UInt, UserId,
@ -27,7 +33,6 @@ use ruma::{
 	serde::Raw,
 	uint,
 };
 use service::{PduCount, rooms::read_receipt::pack_receipts};
 use super::{filter_rooms, share_encrypted_room};
 use crate::{
@ -214,7 +219,10 @@ async fn fetch_subscriptions(
 ) {
 	let mut known_subscription_rooms = BTreeSet::new();
 	for (room_id, room) in &body.room_subscriptions {
-		if !services.rooms.metadata.exists(room_id).await {
+		if !services.rooms.metadata.exists(room_id).await
 			|| services.rooms.metadata.is_disabled(room_id).await
 			|| services.rooms.metadata.is_banned(room_id).await
 		{
 			continue;
 		}
 		let todo_room =
@ -507,7 +515,7 @@ async fn process_rooms(
 					.state_accessor
 					.room_state_get(room_id, &state.0, &state.1)
 					.await
-					.map(|s| s.to_sync_state_event())
+					.map(PduEvent::into_sync_state_event)
 					.ok()
 			})
 			.collect()
--- a/src/api/client/tag.rs
+++ b/src/api/client/tag.rs
@ -1,6 +1,7 @@
 use std::collections::BTreeMap;
 use axum::extract::State;
 use conduwuit::Result;
 use ruma::{
 	api::client::tag::{create_tag, delete_tag, get_tags},
 	events::{
@ -9,7 +10,7 @@ use ruma::{
 	},
 };
-use crate::{Result, Ruma};
+use crate::Ruma;
 /// # `PUT /_matrix/client/r0/user/{userId}/rooms/{roomId}/tags/{tag}`
 ///
--- a/src/api/client/thirdparty.rs
+++ b/src/api/client/thirdparty.rs
@ -1,8 +1,9 @@
 use std::collections::BTreeMap;
 use conduwuit::Result;
 use ruma::api::client::thirdparty::get_protocols;
-use crate::{Result, Ruma, RumaResponse};
+use crate::{Ruma, RumaResponse};
 /// # `GET /_matrix/client/r0/thirdparty/protocols`
 ///
--- a/src/api/client/threads.rs
+++ b/src/api/client/threads.rs
@ -1,9 +1,12 @@
 use axum::extract::State;
-use conduwuit::{PduCount, PduEvent, at};
+use conduwuit::{
 	Result, at,
 	matrix::pdu::{PduCount, PduEvent},
 };
 use futures::StreamExt;
 use ruma::{api::client::threads::get_threads, uint};
-use crate::{Result, Ruma};
+use crate::Ruma;
 /// # `GET /_matrix/client/r0/rooms/{roomId}/threads`
 pub(crate) async fn get_threads_route(
@ -53,7 +56,7 @@ pub(crate) async fn get_threads_route(
 		chunk: threads
 			.into_iter()
 			.map(at!(1))
-			.map(|pdu| pdu.to_room_event())
+			.map(PduEvent::into_room_event)
 			.collect(),
 	})
 }
--- a/src/api/client/to_device.rs
+++ b/src/api/client/to_device.rs
@ -2,6 +2,7 @@ use std::collections::BTreeMap;
 use axum::extract::State;
 use conduwuit::{Error, Result};
 use conduwuit_service::sending::EduBuf;
 use futures::StreamExt;
 use ruma::{
 	api::{
@ -10,7 +11,6 @@ use ruma::{
 	},
 	to_device::DeviceIdOrAllDevices,
 };
 use service::sending::EduBuf;
 use crate::Ruma;
--- a/src/api/client/typing.rs
+++ b/src/api/client/typing.rs
@ -1,8 +1,8 @@
 use axum::extract::State;
-use conduwuit::{Err, utils::math::Tried};
+use conduwuit::{Err, Result, utils, utils::math::Tried};
 use ruma::api::client::typing::create_typing_event;
-use crate::{Result, Ruma, utils};
+use crate::Ruma;
 /// # `PUT /_matrix/client/r0/rooms/{roomId}/typing/{userId}`
 ///
@ -64,7 +64,7 @@ pub(crate) async fn create_typing_event_route(
 	}
 	// ping presence
-	if services.globals.allow_local_presence() {
+	if services.config.allow_local_presence {
 		services
 			.presence
 			.ping_presence(&body.user_id, &ruma::presence::PresenceState::Online)
--- a/src/api/client/unstable.rs
+++ b/src/api/client/unstable.rs
@ -2,7 +2,7 @@ use std::collections::BTreeMap;
 use axum::extract::State;
 use axum_client_ip::InsecureClientIp;
-use conduwuit::Err;
+use conduwuit::{Err, Error, Result};
 use futures::StreamExt;
 use ruma::{
 	OwnedRoomId,
@ -14,16 +14,14 @@ use ruma::{
 				delete_profile_key, delete_timezone_key, get_profile_key, get_timezone_key,
 				set_profile_key, set_timezone_key,
 			},
 			room::get_summary,
 		},
 		federation,
 	},
 	events::room::member::MembershipState,
 	presence::PresenceState,
 };
 use super::{update_avatar_url, update_displayname};
-use crate::{Error, Result, Ruma, RumaResponse};
+use crate::Ruma;
 /// # `GET /_matrix/client/unstable/uk.half-shot.msc2666/user/mutual_rooms`
 ///
@ -38,13 +36,10 @@ pub(crate) async fn get_mutual_rooms_route(
 	InsecureClientIp(client): InsecureClientIp,
 	body: Ruma<mutual_rooms::unstable::Request>,
 ) -> Result<mutual_rooms::unstable::Response> {
-	let sender_user = body.sender_user.as_ref().expect("user is authenticated");
+	let sender_user = body.sender_user();
-	if sender_user == &body.user_id {
+	if sender_user == body.user_id {
-		return Err(Error::BadRequest(
+		return Err!(Request(Unknown("You cannot request rooms in common with yourself.")));
 			ErrorKind::Unknown,
 			"You cannot request rooms in common with yourself.",
 		));
 	}
 	if !services.users.exists(&body.user_id).await {
@ -65,129 +60,6 @@ pub(crate) async fn get_mutual_rooms_route(
 	})
 }
 /// # `GET /_matrix/client/unstable/im.nheko.summary/rooms/{roomIdOrAlias}/summary`
 ///
 /// Returns a short description of the state of a room.
 ///
 /// This is the "wrong" endpoint that some implementations/clients may use
 /// according to the MSC. Request and response bodies are the same as
 /// `get_room_summary`.
 ///
 /// An implementation of [MSC3266](https://github.com/matrix-org/matrix-spec-proposals/pull/3266)
 pub(crate) async fn get_room_summary_legacy(
 	State(services): State<crate::State>,
 	InsecureClientIp(client): InsecureClientIp,
 	body: Ruma<get_summary::msc3266::Request>,
 ) -> Result<RumaResponse<get_summary::msc3266::Response>> {
 	get_room_summary(State(services), InsecureClientIp(client), body)
 		.await
 		.map(RumaResponse)
 }
 /// # `GET /_matrix/client/unstable/im.nheko.summary/summary/{roomIdOrAlias}`
 ///
 /// Returns a short description of the state of a room.
 ///
 /// TODO: support fetching remote room info if we don't know the room
 ///
 /// An implementation of [MSC3266](https://github.com/matrix-org/matrix-spec-proposals/pull/3266)
 #[tracing::instrument(skip_all, fields(%client), name = "room_summary")]
 pub(crate) async fn get_room_summary(
 	State(services): State<crate::State>,
 	InsecureClientIp(client): InsecureClientIp,
 	body: Ruma<get_summary::msc3266::Request>,
 ) -> Result<get_summary::msc3266::Response> {
 	let sender_user = body.sender_user.as_ref();
 	let room_id = services.rooms.alias.resolve(&body.room_id_or_alias).await?;
 	if !services.rooms.metadata.exists(&room_id).await {
 		return Err(Error::BadRequest(ErrorKind::NotFound, "Room is unknown to this server"));
 	}
 	if sender_user.is_none()
 		&& !services
 			.rooms
 			.state_accessor
 			.is_world_readable(&room_id)
 			.await
 	{
 		return Err(Error::BadRequest(
 			ErrorKind::forbidden(),
 			"Room is not world readable, authentication is required",
 		));
 	}
 	Ok(get_summary::msc3266::Response {
 		room_id: room_id.clone(),
 		canonical_alias: services
 			.rooms
 			.state_accessor
 			.get_canonical_alias(&room_id)
 			.await
 			.ok(),
 		avatar_url: services
 			.rooms
 			.state_accessor
 			.get_avatar(&room_id)
 			.await
 			.into_option()
 			.unwrap_or_default()
 			.url,
 		guest_can_join: services.rooms.state_accessor.guest_can_join(&room_id).await,
 		name: services.rooms.state_accessor.get_name(&room_id).await.ok(),
 		num_joined_members: services
 			.rooms
 			.state_cache
 			.room_joined_count(&room_id)
 			.await
 			.unwrap_or(0)
 			.try_into()?,
 		topic: services
 			.rooms
 			.state_accessor
 			.get_room_topic(&room_id)
 			.await
 			.ok(),
 		world_readable: services
 			.rooms
 			.state_accessor
 			.is_world_readable(&room_id)
 			.await,
 		join_rule: services
 			.rooms
 			.state_accessor
 			.get_join_rule(&room_id)
 			.await
 			.unwrap_or_default()
 			.0,
 		room_type: services
 			.rooms
 			.state_accessor
 			.get_room_type(&room_id)
 			.await
 			.ok(),
 		room_version: services.rooms.state.get_room_version(&room_id).await.ok(),
 		membership: if let Some(sender_user) = sender_user {
 			services
 				.rooms
 				.state_accessor
 				.get_member(&room_id, sender_user)
 				.await
 				.map_or_else(|_| MembershipState::Leave, |content| content.membership)
 				.into()
 		} else {
 			None
 		},
 		encryption: services
 			.rooms
 			.state_accessor
 			.get_room_encryption(&room_id)
 			.await
 			.ok(),
 	})
 }
 /// # `DELETE /_matrix/client/unstable/uk.tcpip.msc4133/profile/:user_id/us.cloke.msc4175.tz`
 ///
 /// Deletes the `tz` (timezone) of a user, as per MSC4133 and MSC4175.
@ -205,7 +77,7 @@ pub(crate) async fn delete_timezone_key_route(
 	services.users.set_timezone(&body.user_id, None);
-	if services.globals.allow_local_presence() {
+	if services.config.allow_local_presence {
 		// Presence update
 		services
 			.presence
@ -233,7 +105,7 @@ pub(crate) async fn set_timezone_key_route(
 	services.users.set_timezone(&body.user_id, body.tz.clone());
-	if services.globals.allow_local_presence() {
+	if services.config.allow_local_presence {
 		// Presence update
 		services
 			.presence
@ -326,7 +198,7 @@ pub(crate) async fn set_profile_key_route(
 		);
 	}
-	if services.globals.allow_local_presence() {
+	if services.config.allow_local_presence {
 		// Presence update
 		services
 			.presence
@ -385,7 +257,7 @@ pub(crate) async fn delete_profile_key_route(
 			.set_profile_key(&body.user_id, &body.key_name, None);
 	}
-	if services.globals.allow_local_presence() {
+	if services.config.allow_local_presence {
 		// Presence update
 		services
 			.presence
--- a/src/api/client/unversioned.rs
+++ b/src/api/client/unversioned.rs
@ -1,10 +1,11 @@
 use std::collections::BTreeMap;
 use axum::{Json, extract::State, response::IntoResponse};
 use conduwuit::Result;
 use futures::StreamExt;
 use ruma::api::client::discovery::get_supported_versions;
-use crate::{Result, Ruma};
+use crate::Ruma;
 /// # `GET /_matrix/client/versions`
 ///
--- a/src/api/client/user_directory.rs
+++ b/src/api/client/user_directory.rs
@ -1,15 +1,19 @@
 use axum::extract::State;
-use conduwuit::utils::TryFutureExtExt;
+use conduwuit::{
-use futures::{StreamExt, pin_mut};
+	Result,
 	utils::{future::BoolExt, stream::BroadbandExt},
 };
 use futures::{FutureExt, StreamExt, pin_mut};
 use ruma::{
-	api::client::user_directory::search_users,
+	api::client::user_directory::search_users::{self},
-	events::{
+	events::room::join_rules::JoinRule,
 		StateEventType,
 		room::join_rules::{JoinRule, RoomJoinRulesEventContent},
 	},
 };
-use crate::{Result, Ruma};
+use crate::Ruma;
 // conduwuit can handle a lot more results than synapse
 const LIMIT_MAX: usize = 500;
 const LIMIT_DEFAULT: usize = 10;
 /// # `POST /_matrix/client/r0/user_directory/search`
 ///
@ -21,78 +25,63 @@ pub(crate) async fn search_users_route(
 	State(services): State<crate::State>,
 	body: Ruma<search_users::v3::Request>,
 ) -> Result<search_users::v3::Response> {
-	let sender_user = body.sender_user.as_ref().expect("user is authenticated");
+	let sender_user = body.sender_user();
-	let limit = usize::try_from(body.limit).map_or(10, usize::from).min(100); // default limit is 10
+	let limit = usize::try_from(body.limit)
 		.map_or(LIMIT_DEFAULT, usize::from)
 		.min(LIMIT_MAX);
-	let users = services.users.stream().filter_map(|user_id| async {
+	let mut users = services
-		// Filter out buggy users (they should not exist, but you never know...)
+		.users
-		let user = search_users::v3::User {
+		.stream()
-			user_id: user_id.to_owned(),
+		.map(ToOwned::to_owned)
-			display_name: services.users.displayname(user_id).await.ok(),
+		.broad_filter_map(async |user_id| {
-			avatar_url: services.users.avatar_url(user_id).await.ok(),
+			let user = search_users::v3::User {
-		};
+				user_id: user_id.clone(),
 				display_name: services.users.displayname(&user_id).await.ok(),
 				avatar_url: services.users.avatar_url(&user_id).await.ok(),
 			};
-		let user_id_matches = user
+			let user_id_matches = user
-			.user_id
+				.user_id
-			.to_string()
+				.as_str()
-			.to_lowercase()
+				.to_lowercase()
-			.contains(&body.search_term.to_lowercase());
+				.contains(&body.search_term.to_lowercase());
-		let user_displayname_matches = user
+			let user_displayname_matches = user.display_name.as_ref().is_some_and(|name| {
 			.display_name
 			.as_ref()
 			.filter(|name| {
 				name.to_lowercase()
 					.contains(&body.search_term.to_lowercase())
-			})
+			});
 			.is_some();
-		if !user_id_matches && !user_displayname_matches {
+			if !user_id_matches && !user_displayname_matches {
-			return None;
+				return None;
-		}
+			}
-		// It's a matching user, but is the sender allowed to see them?
+			let user_in_public_room = services
 		let mut user_visible = false;
 		let user_is_in_public_rooms = services
 			.rooms
 			.state_cache
 			.rooms_joined(&user.user_id)
 			.any(|room| {
 				services
 					.rooms
 					.state_accessor
 					.room_state_get_content::<RoomJoinRulesEventContent>(
 						room,
 						&StateEventType::RoomJoinRules,
 						"",
 					)
 					.map_ok_or(false, |content| content.join_rule == JoinRule::Public)
 			})
 			.await;
 		if user_is_in_public_rooms {
 			user_visible = true;
 		} else {
 			let user_is_in_shared_rooms = services
 				.rooms
 				.state_cache
-				.user_sees_user(sender_user, &user.user_id)
+				.rooms_joined(&user_id)
-				.await;
+				.map(ToOwned::to_owned)
 				.any(|room| async move {
 					services
 						.rooms
 						.state_accessor
 						.get_join_rules(&room)
 						.map(|rule| matches!(rule, JoinRule::Public))
 						.await
 				});
-			if user_is_in_shared_rooms {
+			let user_sees_user = services
-				user_visible = true;
+				.rooms
-			}
+				.state_cache
-		}
+				.user_sees_user(sender_user, &user_id);
-		user_visible.then_some(user)
+			pin_mut!(user_in_public_room, user_sees_user);
 	});
-	pin_mut!(users);
+			user_in_public_room.or(user_sees_user).await.then_some(user)
 		});
-	let limited = users.by_ref().next().await.is_some();
+	let results = users.by_ref().take(limit).collect().await;
-
+	let limited = users.next().await.is_some();
 	let results = users.take(limit).collect().await;
 	Ok(search_users::v3::Response { results, limited })
 }
--- a/src/api/client/voip.rs
+++ b/src/api/client/voip.rs
@ -2,12 +2,12 @@ use std::time::{Duration, SystemTime};
 use axum::extract::State;
 use base64::{Engine as _, engine::general_purpose};
-use conduwuit::{Err, utils};
+use conduwuit::{Err, Result, utils};
 use hmac::{Hmac, Mac};
 use ruma::{SecondsSinceUnixEpoch, UserId, api::client::voip::get_turn_server_info};
 use sha1::Sha1;
-use crate::{Result, Ruma};
+use crate::Ruma;
 const RANDOM_USER_ID_LENGTH: usize = 10;
--- a/src/api/client/well_known.rs
+++ b/src/api/client/well_known.rs
@ -1,4 +1,5 @@
 use axum::{Json, extract::State, response::IntoResponse};
 use conduwuit::{Error, Result};
 use ruma::api::client::{
 	discovery::{
 		discover_homeserver::{self, HomeserverInfo, SlidingSyncProxyInfo},
@ -7,7 +8,7 @@ use ruma::api::client::{
 	error::ErrorKind,
 };
-use crate::{Error, Result, Ruma};
+use crate::Ruma;
 /// # `GET /.well-known/matrix/client`
 ///
--- a/src/api/mod.rs
+++ b/src/api/mod.rs
@ -1,3 +1,4 @@
 #![type_length_limit = "16384"] //TODO: reduce me
 #![allow(clippy::toplevel_ref_arg)]
 pub mod client;
@ -7,8 +8,6 @@ pub mod server;
 extern crate conduwuit_core as conduwuit;
 extern crate conduwuit_service as service;
 pub(crate) use conduwuit::{Error, Result, debug_info, pdu::PduEvent, utils};
 pub(crate) use self::router::{Ruma, RumaResponse, State};
 conduwuit::mod_ctor! {}
--- a/src/api/router/args.rs
+++ b/src/api/router/args.rs
@ -1,6 +1,7 @@
 use std::{mem, ops::Deref};
-use axum::{async_trait, body::Body, extract::FromRequest};
+use async_trait::async_trait;
 use axum::{body::Body, extract::FromRequest};
 use bytes::{BufMut, Bytes, BytesMut};
 use conduwuit::{Error, Result, debug, debug_warn, err, trace, utils::string::EMPTY};
 use ruma::{
--- a/src/api/router/auth.rs
+++ b/src/api/router/auth.rs
@ -317,10 +317,9 @@ fn auth_server_checks(services: &Services, x_matrix: &XMatrix) -> Result<()> {
 	let origin = &x_matrix.origin;
 	if services
 		.server
 		.config
 		.forbidden_remote_server_names
-		.contains(origin)
+		.is_match(origin.host())
 	{
 		return Err!(Request(Forbidden(debug_warn!(
 			"Federation requests from {origin} denied."
--- a/src/api/server/backfill.rs
+++ b/src/api/server/backfill.rs
@ -6,11 +6,17 @@ use conduwuit::{
 	utils::{IterStream, ReadyExt, stream::TryTools},
 };
 use futures::{FutureExt, StreamExt, TryStreamExt};
-use ruma::{MilliSecondsSinceUnixEpoch, api::federation::backfill::get_backfill, uint};
+use ruma::{MilliSecondsSinceUnixEpoch, api::federation::backfill::get_backfill};
 use super::AccessCheck;
 use crate::Ruma;
 /// arbitrary number but synapse's is 100 and we can handle lots of these
 /// anyways
 const LIMIT_MAX: usize = 150;
 /// no spec defined number but we can handle a lot of these
 const LIMIT_DEFAULT: usize = 50;
 /// # `GET /_matrix/federation/v1/backfill/<room_id>`
 ///
 /// Retrieves events from before the sender joined the room, if the room's
@ -30,9 +36,9 @@ pub(crate) async fn get_backfill_route(
 	let limit = body
 		.limit
 		.min(uint!(100))
 		.try_into()
-		.expect("UInt could not be converted to usize");
+		.unwrap_or(LIMIT_DEFAULT)
 		.min(LIMIT_MAX);
 	let from = body
 		.v
--- a/src/api/server/get_missing_events.rs
+++ b/src/api/server/get_missing_events.rs
@ -1,13 +1,15 @@
 use axum::extract::State;
-use conduwuit::{Error, Result};
+use conduwuit::{Result, debug, debug_error, utils::to_canonical_object};
-use ruma::{
+use ruma::api::federation::event::get_missing_events;
 	CanonicalJsonValue, EventId, RoomId,
 	api::{client::error::ErrorKind, federation::event::get_missing_events},
 };
 use super::AccessCheck;
 use crate::Ruma;
 /// arbitrary number but synapse's is 20 and we can handle lots of these anyways
 const LIMIT_MAX: usize = 50;
 /// spec says default is 10
 const LIMIT_DEFAULT: usize = 10;
 /// # `POST /_matrix/federation/v1/get_missing_events/{roomId}`
 ///
 /// Retrieves events that the sender is missing.
@ -24,7 +26,11 @@ pub(crate) async fn get_missing_events_route(
 	.check()
 	.await?;
-	let limit = body.limit.try_into()?;
+	let limit = body
 		.limit
 		.try_into()
 		.unwrap_or(LIMIT_DEFAULT)
 		.min(LIMIT_MAX);
 	let mut queued_events = body.latest_events.clone();
 	// the vec will never have more entries the limit
@ -32,60 +38,52 @@ pub(crate) async fn get_missing_events_route(
 	let mut i: usize = 0;
 	while i < queued_events.len() && events.len() < limit {
-		if let Ok(pdu) = services
+		let Ok(pdu) = services.rooms.timeline.get_pdu(&queued_events[i]).await else {
 			debug!(
 				?body.origin,
 				"Event {} does not exist locally, skipping", &queued_events[i]
 			);
 			i = i.saturating_add(1);
 			continue;
 		};
 		if body.earliest_events.contains(&queued_events[i]) {
 			i = i.saturating_add(1);
 			continue;
 		}
 		if !services
 			.rooms
-			.timeline
+			.state_accessor
-			.get_pdu_json(&queued_events[i])
+			.server_can_see_event(body.origin(), &body.room_id, &queued_events[i])
 			.await
 		{
-			let room_id_str = pdu
+			debug!(
-				.get("room_id")
+				?body.origin,
-				.and_then(|val| val.as_str())
+				"Server cannot see {:?} in {:?}, skipping", pdu.event_id, pdu.room_id
 				.ok_or_else(|| Error::bad_database("Invalid event in database."))?;
 			let event_room_id = <&RoomId>::try_from(room_id_str)
 				.map_err(|_| Error::bad_database("Invalid room_id in event in database."))?;
 			if event_room_id != body.room_id {
 				return Err(Error::BadRequest(ErrorKind::InvalidParam, "Event from wrong room."));
 			}
 			if body.earliest_events.contains(&queued_events[i]) {
 				i = i.saturating_add(1);
 				continue;
 			}
 			if !services
 				.rooms
 				.state_accessor
 				.server_can_see_event(body.origin(), &body.room_id, &queued_events[i])
 				.await
 			{
 				i = i.saturating_add(1);
 				continue;
 			}
 			let prev_events = pdu
 				.get("prev_events")
 				.and_then(CanonicalJsonValue::as_array)
 				.unwrap_or_default();
 			queued_events.extend(
 				prev_events
 					.iter()
 					.map(<&EventId>::try_from)
 					.filter_map(Result::ok)
 					.map(ToOwned::to_owned),
 			);
 			events.push(
 				services
 					.sending
 					.convert_to_outgoing_federation_event(pdu)
 					.await,
 			);
 			i = i.saturating_add(1);
 			continue;
 		}
-		i = i.saturating_add(1);
+
 		let Ok(event) = to_canonical_object(&pdu) else {
 			debug_error!(
 				?body.origin,
 				"Failed to convert PDU in database to canonical JSON: {pdu:?}"
 			);
 			i = i.saturating_add(1);
 			continue;
 		};
 		let prev_events = pdu.prev_events.iter().map(ToOwned::to_owned);
 		let event = services
 			.sending
 			.convert_to_outgoing_federation_event(event)
 			.await;
 		queued_events.extend(prev_events);
 		events.push(event);
 	}
 	Ok(get_missing_events::v1::Response { events })
--- a/src/api/server/hierarchy.rs
+++ b/src/api/server/hierarchy.rs
@ -3,9 +3,11 @@ use conduwuit::{
 	Err, Result,
 	utils::stream::{BroadbandExt, IterStream},
 };
 use conduwuit_service::rooms::spaces::{
 	Identifier, SummaryAccessibility, get_parent_children_via,
 };
 use futures::{FutureExt, StreamExt};
 use ruma::api::federation::space::get_hierarchy;
 use service::rooms::spaces::{Identifier, SummaryAccessibility, get_parent_children_via};
 use crate::Ruma;
--- a/src/api/server/invite.rs
+++ b/src/api/server/invite.rs
@ -1,14 +1,15 @@
 use axum::extract::State;
 use axum_client_ip::InsecureClientIp;
 use base64::{Engine as _, engine::general_purpose};
-use conduwuit::{Err, Error, PduEvent, Result, err, utils, utils::hash::sha256, warn};
+use conduwuit::{
 	Err, Error, PduEvent, Result, err, pdu::gen_event_id, utils, utils::hash::sha256, warn,
 };
 use ruma::{
 	CanonicalJsonValue, OwnedUserId, UserId,
 	api::{client::error::ErrorKind, federation::membership::create_invite},
 	events::room::member::{MembershipState, RoomMemberEventContent},
 	serde::JsonObject,
 };
 use service::pdu::gen_event_id;
 use crate::Ruma;
@ -37,20 +38,18 @@ pub(crate) async fn create_invite_route(
 	if let Some(server) = body.room_id.server_name() {
 		if services
 			.server
 			.config
 			.forbidden_remote_server_names
-			.contains(&server.to_owned())
+			.is_match(server.host())
 		{
 			return Err!(Request(Forbidden("Server is banned on this homeserver.")));
 		}
 	}
 	if services
 		.server
 		.config
 		.forbidden_remote_server_names
-		.contains(body.origin())
+		.is_match(body.origin().host())
 	{
 		warn!(
 			"Received federated/remote invite from banned server {} for room ID {}. Rejecting.",
@ -103,8 +102,7 @@ pub(crate) async fn create_invite_route(
 		return Err!(Request(Forbidden("This room is banned on this homeserver.")));
 	}
-	if services.globals.block_non_admin_invites() && !services.users.is_admin(&invited_user).await
+	if services.config.block_non_admin_invites && !services.users.is_admin(&invited_user).await {
 	{
 		return Err!(Request(Forbidden("This server does not allow room invites.")));
 	}
--- a/src/api/server/make_join.rs
+++ b/src/api/server/make_join.rs
@ -1,5 +1,8 @@
 use axum::extract::State;
-use conduwuit::{Err, debug_info, utils::IterStream, warn};
+use conduwuit::{
 	Err, Error, Result, debug_info, matrix::pdu::PduBuilder, utils::IterStream, warn,
 };
 use conduwuit_service::Services;
 use futures::StreamExt;
 use ruma::{
 	CanonicalJsonObject, OwnedUserId, RoomId, RoomVersionId, UserId,
@ -14,10 +17,7 @@ use ruma::{
 };
 use serde_json::value::to_raw_value;
-use crate::{
+use crate::Ruma;
 	Error, Result, Ruma,
 	service::{Services, pdu::PduBuilder},
 };
 /// # `GET /_matrix/federation/v1/make_join/{roomId}/{userId}`
 ///
@ -42,10 +42,9 @@ pub(crate) async fn create_join_event_template_route(
 		.await?;
 	if services
 		.server
 		.config
 		.forbidden_remote_server_names
-		.contains(body.origin())
+		.is_match(body.origin().host())
 	{
 		warn!(
 			"Server {} for remote user {} tried joining room ID {} which has a server name that \
@ -59,10 +58,9 @@ pub(crate) async fn create_join_event_template_route(
 	if let Some(server) = body.room_id.server_name() {
 		if services
 			.server
 			.config
 			.forbidden_remote_server_names
-			.contains(&server.to_owned())
+			.is_match(server.host())
 		{
 			return Err!(Request(Forbidden(warn!(
 				"Room ID server name {server} is banned on this homeserver."
--- a/src/api/server/make_knock.rs
+++ b/src/api/server/make_knock.rs
@ -1,15 +1,14 @@
 use RoomVersionId::*;
 use axum::extract::State;
-use conduwuit::{Err, debug_warn};
+use conduwuit::{Err, Error, Result, debug_warn, matrix::pdu::PduBuilder, warn};
 use ruma::{
 	RoomVersionId,
 	api::{client::error::ErrorKind, federation::knock::create_knock_event_template},
 	events::room::member::{MembershipState, RoomMemberEventContent},
 };
 use serde_json::value::to_raw_value;
 use tracing::warn;
-use crate::{Error, Result, Ruma, service::pdu::PduBuilder};
+use crate::Ruma;
 /// # `GET /_matrix/federation/v1/make_knock/{roomId}/{userId}`
 ///
@ -34,10 +33,9 @@ pub(crate) async fn create_knock_event_template_route(
 		.await?;
 	if services
 		.server
 		.config
 		.forbidden_remote_server_names
-		.contains(body.origin())
+		.is_match(body.origin().host())
 	{
 		warn!(
 			"Server {} for remote user {} tried knocking room ID {} which has a server name \
@ -51,10 +49,9 @@ pub(crate) async fn create_knock_event_template_route(
 	if let Some(server) = body.room_id.server_name() {
 		if services
 			.server
 			.config
 			.forbidden_remote_server_names
-			.contains(&server.to_owned())
+			.is_match(server.host())
 		{
 			return Err!(Request(Forbidden("Server is banned on this homeserver.")));
 		}
--- a/src/api/server/make_leave.rs
+++ b/src/api/server/make_leave.rs
@ -1,5 +1,5 @@
 use axum::extract::State;
-use conduwuit::{Err, Result};
+use conduwuit::{Err, Result, matrix::pdu::PduBuilder};
 use ruma::{
 	api::federation::membership::prepare_leave_event,
 	events::room::member::{MembershipState, RoomMemberEventContent},
@ -7,7 +7,7 @@ use ruma::{
 use serde_json::value::to_raw_value;
 use super::make_join::maybe_strip_event_id;
-use crate::{Ruma, service::pdu::PduBuilder};
+use crate::Ruma;
 /// # `GET /_matrix/federation/v1/make_leave/{roomId}/{eventId}`
 ///
--- a/src/api/server/openid.rs
+++ b/src/api/server/openid.rs
@ -1,7 +1,8 @@
 use axum::extract::State;
 use conduwuit::Result;
 use ruma::api::federation::openid::get_openid_userinfo;
-use crate::{Result, Ruma};
+use crate::Ruma;
 /// # `GET /_matrix/federation/v1/openid/userinfo`
 ///
--- a/src/api/server/publicrooms.rs
+++ b/src/api/server/publicrooms.rs
@ -1,5 +1,6 @@
 use axum::extract::State;
 use axum_client_ip::InsecureClientIp;
 use conduwuit::{Error, Result};
 use ruma::{
 	api::{
 		client::error::ErrorKind,
@ -8,7 +9,7 @@ use ruma::{
 	directory::Filter,
 };
-use crate::{Error, Result, Ruma};
+use crate::Ruma;
 /// # `POST /_matrix/federation/v1/publicRooms`
 ///
--- a/src/api/server/send.rs
+++ b/src/api/server/send.rs
@ -9,11 +9,15 @@ use conduwuit::{
 	result::LogErr,
 	trace,
 	utils::{
-		IterStream, ReadyExt,
+		IterStream, ReadyExt, millis_since_unix_epoch,
 		stream::{BroadbandExt, TryBroadbandExt, automatic_width},
 	},
 	warn,
 };
 use conduwuit_service::{
 	Services,
 	sending::{EDU_LIMIT, PDU_LIMIT},
 };
 use futures::{FutureExt, Stream, StreamExt, TryFutureExt, TryStreamExt};
 use itertools::Itertools;
 use ruma::{
@ -33,16 +37,8 @@ use ruma::{
 	serde::Raw,
 	to_device::DeviceIdOrAllDevices,
 };
 use service::{
 	Services,
 	sending::{EDU_LIMIT, PDU_LIMIT},
 };
 use utils::millis_since_unix_epoch;
-use crate::{
+use crate::Ruma;
 	Ruma,
 	utils::{self},
 };
 type ResolvedMap = BTreeMap<OwnedEventId, Result>;
 type Pdu = (OwnedRoomId, OwnedEventId, CanonicalJsonObject);
--- a/src/api/server/send_join.rs
+++ b/src/api/server/send_join.rs
@ -9,6 +9,7 @@ use conduwuit::{
 	utils::stream::{IterStream, TryBroadbandExt},
 	warn,
 };
 use conduwuit_service::Services;
 use futures::{FutureExt, StreamExt, TryStreamExt};
 use ruma::{
 	CanonicalJsonValue, OwnedEventId, OwnedRoomId, OwnedServerName, OwnedUserId, RoomId,
@ -20,7 +21,6 @@ use ruma::{
 	},
 };
 use serde_json::value::{RawValue as RawJsonValue, to_raw_value};
 use service::Services;
 use crate::Ruma;
@ -268,10 +268,9 @@ pub(crate) async fn create_join_event_v1_route(
 	body: Ruma<create_join_event::v1::Request>,
 ) -> Result<create_join_event::v1::Response> {
 	if services
 		.server
 		.config
 		.forbidden_remote_server_names
-		.contains(body.origin())
+		.is_match(body.origin().host())
 	{
 		warn!(
 			"Server {} tried joining room ID {} through us who has a server name that is \
@ -284,10 +283,9 @@ pub(crate) async fn create_join_event_v1_route(
 	if let Some(server) = body.room_id.server_name() {
 		if services
 			.server
 			.config
 			.forbidden_remote_server_names
-			.contains(&server.to_owned())
+			.is_match(server.host())
 		{
 			warn!(
 				"Server {} tried joining room ID {} through us which has a server name that is \
@ -316,20 +314,18 @@ pub(crate) async fn create_join_event_v2_route(
 	body: Ruma<create_join_event::v2::Request>,
 ) -> Result<create_join_event::v2::Response> {
 	if services
 		.server
 		.config
 		.forbidden_remote_server_names
-		.contains(body.origin())
+		.is_match(body.origin().host())
 	{
 		return Err!(Request(Forbidden("Server is banned on this homeserver.")));
 	}
 	if let Some(server) = body.room_id.server_name() {
 		if services
 			.server
 			.config
 			.forbidden_remote_server_names
-			.contains(&server.to_owned())
+			.is_match(server.host())
 		{
 			warn!(
 				"Server {} tried joining room ID {} through us which has a server name that is \
--- a/src/api/server/send_knock.rs
+++ b/src/api/server/send_knock.rs
@ -1,5 +1,9 @@
 use axum::extract::State;
-use conduwuit::{Err, PduEvent, Result, err, pdu::gen_event_id_canonical_json, warn};
+use conduwuit::{
 	Err, Result, err,
 	matrix::pdu::{PduEvent, gen_event_id_canonical_json},
 	warn,
 };
 use futures::FutureExt;
 use ruma::{
 	OwnedServerName, OwnedUserId,
@ -22,10 +26,9 @@ pub(crate) async fn create_knock_event_v1_route(
 	body: Ruma<send_knock::v1::Request>,
 ) -> Result<send_knock::v1::Response> {
 	if services
 		.server
 		.config
 		.forbidden_remote_server_names
-		.contains(body.origin())
+		.is_match(body.origin().host())
 	{
 		warn!(
 			"Server {} tried knocking room ID {} who has a server name that is globally \
@ -38,10 +41,9 @@ pub(crate) async fn create_knock_event_v1_route(
 	if let Some(server) = body.room_id.server_name() {
 		if services
 			.server
 			.config
 			.forbidden_remote_server_names
-			.contains(&server.to_owned())
+			.is_match(server.host())
 		{
 			warn!(
 				"Server {} tried knocking room ID {} which has a server name that is globally \
--- a/src/api/server/send_leave.rs
+++ b/src/api/server/send_leave.rs
@ -1,7 +1,8 @@
 #![allow(deprecated)]
 use axum::extract::State;
-use conduwuit::{Err, Result, err};
+use conduwuit::{Err, Result, err, matrix::pdu::gen_event_id_canonical_json};
 use conduwuit_service::Services;
 use futures::FutureExt;
 use ruma::{
 	OwnedRoomId, OwnedUserId, RoomId, ServerName,
@ -13,10 +14,7 @@ use ruma::{
 };
 use serde_json::value::RawValue as RawJsonValue;
-use crate::{
+use crate::Ruma;
 	Ruma,
 	service::{Services, pdu::gen_event_id_canonical_json},
 };
 /// # `PUT /_matrix/federation/v1/send_leave/{roomId}/{eventId}`
 ///
--- a/src/api/server/version.rs
+++ b/src/api/server/version.rs
@ -1,6 +1,7 @@
 use conduwuit::Result;
 use ruma::api::federation::discovery::get_server_version;
-use crate::{Result, Ruma};
+use crate::Ruma;
 /// # `GET /_matrix/federation/v1/version`
 ///
--- a/src/api/server/well_known.rs
+++ b/src/api/server/well_known.rs
@ -1,7 +1,8 @@
 use axum::extract::State;
 use conduwuit::{Error, Result};
 use ruma::api::{client::error::ErrorKind, federation::discovery::discover_homeserver};
-use crate::{Error, Result, Ruma};
+use crate::Ruma;
 /// # `GET /.well-known/matrix/server`
 ///
--- a/src/core/Cargo.toml
+++ b/src/core/Cargo.toml
@ -59,6 +59,7 @@ conduwuit_mods = [
 argon2.workspace = true
 arrayvec.workspace = true
 axum.workspace = true
 axum-extra.workspace = true
 bytes.workspace = true
 bytesize.workspace = true
 cargo_toml.workspace = true
--- a/src/core/alloc/je.rs
+++ b/src/core/alloc/je.rs
@ -8,7 +8,6 @@ use std::{
 };
 use arrayvec::ArrayVec;
 use const_str::concat_bytes;
 use tikv_jemalloc_ctl as mallctl;
 use tikv_jemalloc_sys as ffi;
 use tikv_jemallocator as jemalloc;
@ -20,7 +19,7 @@ use crate::{
 #[cfg(feature = "jemalloc_conf")]
 #[unsafe(no_mangle)]
-pub static malloc_conf: &[u8] = concat_bytes!(
+pub static malloc_conf: &[u8] = const_str::concat_bytes!(
 	"lg_extent_max_active_fit:4",
 	",oversize_threshold:16777216",
 	",tcache_max:2097152",
@ -336,6 +335,12 @@ where
 	Ok(res)
 }
 #[tracing::instrument(
 	name = "get",
 	level = "trace"
 	skip_all,
 	fields(?key)
 )]
 fn get<T>(key: &Key) -> Result<T>
 where
 	T: Copy + Debug,
@ -347,6 +352,12 @@ where
 	unsafe { mallctl::raw::read_mib(key.as_slice()) }.map_err(map_err)
 }
 #[tracing::instrument(
 	name = "xchg",
 	level = "trace"
 	skip_all,
 	fields(?key, ?val)
 )]
 fn xchg<T>(key: &Key, val: T) -> Result<T>
 where
 	T: Copy + Debug,
--- a/src/core/config/mod.rs
+++ b/src/core/config/mod.rs
@ -3,7 +3,7 @@ pub mod manager;
 pub mod proxy;
 use std::{
-	collections::{BTreeMap, BTreeSet, HashSet},
+	collections::{BTreeMap, BTreeSet},
 	net::{IpAddr, Ipv4Addr, Ipv6Addr, SocketAddr},
 	path::{Path, PathBuf},
 };
@ -252,14 +252,6 @@ pub struct Config {
 	#[serde(default = "default_servernameevent_data_cache_capacity")]
 	pub servernameevent_data_cache_capacity: u32,
 	/// default: varies by system
 	#[serde(default = "default_server_visibility_cache_capacity")]
 	pub server_visibility_cache_capacity: u32,
 	/// default: varies by system
 	#[serde(default = "default_user_visibility_cache_capacity")]
 	pub user_visibility_cache_capacity: u32,
 	/// default: varies by system
 	#[serde(default = "default_stateinfo_cache_capacity")]
 	pub stateinfo_cache_capacity: u32,
@ -648,9 +640,9 @@ pub struct Config {
 	/// Default room version conduwuit will create rooms with.
 	///
-	/// Per spec, room version 10 is the default.
+	/// Per spec, room version 11 is the default.
 	///
-	/// default: 10
+	/// default: 11
 	#[serde(default = "default_default_room_version")]
 	pub default_room_version: RoomVersionId,
@ -723,7 +715,7 @@ pub struct Config {
 	/// Currently, conduwuit doesn't support inbound batched key requests, so
 	/// this list should only contain other Synapse servers.
 	///
-	/// example: ["matrix.org", "envs.net", "tchncs.de"]
+	/// example: ["matrix.org", "tchncs.de"]
 	///
 	/// default: ["matrix.org"]
 	#[serde(default = "default_trusted_servers")]
@ -1369,15 +1361,18 @@ pub struct Config {
 	#[serde(default)]
 	pub prune_missing_media: bool,
-	/// Vector list of servers that conduwuit will refuse to download remote
+	/// Vector list of regex patterns of server names that conduwuit will refuse
-	/// media from.
+	/// to download remote media from.
 	///
 	/// example: ["badserver\.tld$", "badphrase", "19dollarfortnitecards"]
 	///
 	/// default: []
-	#[serde(default)]
+	#[serde(default, with = "serde_regex")]
-	pub prevent_media_downloads_from: HashSet<OwnedServerName>,
+	pub prevent_media_downloads_from: RegexSet,
-	/// List of forbidden server names that we will block incoming AND outgoing
+	/// List of forbidden server names via regex patterns that we will block
-	/// federation with, and block client room joins / remote user invites.
+	/// incoming AND outgoing federation with, and block client room joins /
 	/// remote user invites.
 	///
 	/// This check is applied on the room ID, room alias, sender server name,
 	/// sender user's server name, inbound federation X-Matrix origin, and
@ -1385,17 +1380,21 @@ pub struct Config {
 	///
 	/// Basically "global" ACLs.
 	///
-	/// default: []
+	/// example: ["badserver\.tld$", "badphrase", "19dollarfortnitecards"]
 	#[serde(default)]
 	pub forbidden_remote_server_names: HashSet<OwnedServerName>,
 	/// List of forbidden server names that we will block all outgoing federated
 	/// room directory requests for. Useful for preventing our users from
 	/// wandering into bad servers or spaces.
 	///
 	/// default: []
-	#[serde(default = "HashSet::new")]
+	#[serde(default, with = "serde_regex")]
-	pub forbidden_remote_room_directory_server_names: HashSet<OwnedServerName>,
+	pub forbidden_remote_server_names: RegexSet,
 	/// List of forbidden server names via regex patterns that we will block all
 	/// outgoing federated room directory requests for. Useful for preventing
 	/// our users from wandering into bad servers or spaces.
 	///
 	/// example: ["badserver\.tld$", "badphrase", "19dollarfortnitecards"]
 	///
 	/// default: []
 	#[serde(default, with = "serde_regex")]
 	pub forbidden_remote_room_directory_server_names: RegexSet,
 	/// Vector list of IPv4 and IPv6 CIDR ranges / subnets *in quotes* that you
 	/// do not want conduwuit to send outbound requests to. Defaults to
@ -1516,11 +1515,10 @@ pub struct Config {
 	/// used, and startup as warnings if any room aliases in your database have
 	/// a forbidden room alias/ID.
 	///
-	/// example: ["19dollarfortnitecards", "b[4a]droom"]
+	/// example: ["19dollarfortnitecards", "b[4a]droom", "badphrase"]
 	///
 	/// default: []
-	#[serde(default)]
+	#[serde(default, with = "serde_regex")]
 	#[serde(with = "serde_regex")]
 	pub forbidden_alias_names: RegexSet,
 	/// List of forbidden username patterns/strings.
@ -1532,11 +1530,10 @@ pub struct Config {
 	/// startup as warnings if any local users in your database have a forbidden
 	/// username.
 	///
-	/// example: ["administrator", "b[a4]dusernam[3e]"]
+	/// example: ["administrator", "b[a4]dusernam[3e]", "badphrase"]
 	///
 	/// default: []
-	#[serde(default)]
+	#[serde(default, with = "serde_regex")]
 	#[serde(with = "serde_regex")]
 	pub forbidden_usernames: RegexSet,
 	/// Retry failed and incomplete messages to remote servers immediately upon
@ -2035,10 +2032,6 @@ fn default_servernameevent_data_cache_capacity() -> u32 {
 	parallelism_scaled_u32(100_000).saturating_add(500_000)
 }
 fn default_server_visibility_cache_capacity() -> u32 { parallelism_scaled_u32(500) }
 fn default_user_visibility_cache_capacity() -> u32 { parallelism_scaled_u32(1000) }
 fn default_stateinfo_cache_capacity() -> u32 { parallelism_scaled_u32(100) }
 fn default_roomid_spacehierarchy_cache_capacity() -> u32 { parallelism_scaled_u32(1000) }
@ -2158,7 +2151,12 @@ fn default_rocksdb_max_log_file_size() -> usize {
 fn default_rocksdb_parallelism_threads() -> usize { 0 }
-fn default_rocksdb_compression_algo() -> String { "zstd".to_owned() }
+fn default_rocksdb_compression_algo() -> String {
 	cfg!(feature = "zstd_compression")
 		.then_some("zstd")
 		.unwrap_or("none")
 		.to_owned()
 }
 /// Default RocksDB compression level is 32767, which is internally read by
 /// RocksDB as the default magic number and translated to the library's default
@ -2177,7 +2175,7 @@ fn default_rocksdb_stats_level() -> u8 { 1 }
 // I know, it's a great name
 #[must_use]
 #[inline]
-pub fn default_default_room_version() -> RoomVersionId { RoomVersionId::V10 }
+pub fn default_default_room_version() -> RoomVersionId { RoomVersionId::V11 }
 fn default_ip_range_denylist() -> Vec<String> {
 	vec![
--- a/Show more
+++ b/Show more
Author	SHA1	Message	Date
June Clementine Strawberry	d8311a5ff6	bump crossbeam-channel bc yanked crate with potential double free Signed-off-by: June Clementine Strawberry <june@3.dog>	2025-04-08 23:38:54 -04:00
June Clementine Strawberry	47f8345457	bump tokio because of RUSTSEC-2025-0023 Signed-off-by: June Clementine Strawberry <june@3.dog>	2025-04-08 09:05:49 -04:00
June Clementine Strawberry	99868b1661	update new complement flakes Signed-off-by: June Clementine Strawberry <june@3.dog>	2025-04-06 16:11:35 -04:00
June Clementine Strawberry	d5ad973464	change forbidden_server_names and etc to allow regex patterns for wildcards Signed-off-by: June Clementine Strawberry <june@3.dog>	2025-04-06 15:25:19 -04:00
June Clementine Strawberry	ff276a42a3	drop unnecessary info log to debug Signed-off-by: June Clementine Strawberry <june@3.dog>	2025-04-06 13:19:09 -04:00
June Clementine Strawberry	5f8c68ab84	add trace logging for room summaries, use server_in_room instead of exists Signed-off-by: June Clementine Strawberry <june@3.dog>	2025-04-06 13:17:13 -04:00
June Clementine Strawberry	6578b83bce	parallelise IO of user searching, improve perf, raise max limit to 500 Signed-off-by: June Clementine Strawberry <june@3.dog>	2025-04-05 20:09:22 -04:00
June Clementine Strawberry	3cc92b32ec	bump rust toolchain to 1.86.0 Signed-off-by: June Clementine Strawberry <june@3.dog>	2025-04-05 18:37:13 -04:00
June Clementine Strawberry	9678948daf	use patch of resolv-conf crate to allow no-aaaa resolv.conf option Signed-off-by: June Clementine Strawberry <june@3.dog>	2025-04-05 18:33:43 -04:00
Jason Volk	500faa8d7f	simplify space join rules related Signed-off-by: Jason Volk <jason@zemos.net>	2025-04-05 22:12:33 +00:00
Jason Volk	d6cc447add	simplify acl brick-check conditions Signed-off-by: Jason Volk <jason@zemos.net>	2025-04-05 22:12:33 +00:00
June Clementine Strawberry	e28ae8fb4d	downgrade `deranged` crate Signed-off-by: June Clementine Strawberry <june@3.dog>	2025-04-05 14:26:00 -04:00
June Clementine Strawberry	c7246662f4	try partially reverting `94b107b42b` Signed-off-by: June Clementine Strawberry <june@3.dog>	2025-04-05 14:07:37 -04:00
June Clementine Strawberry	a212bf7cfc	update default room version to v11 Signed-off-by: June Clementine Strawberry <june@3.dog>	2025-04-05 14:00:40 -04:00
Jason Volk	58b8c7516a	extend extract_variant to multiple variants Signed-off-by: Jason Volk <jason@zemos.net>	2025-04-05 02:44:46 +00:00
Jason Volk	bb8320a691	abstract and encapsulate the awkward OptionFuture into Stream pattern Signed-off-by: Jason Volk <jason@zemos.net>	2025-04-05 02:44:46 +00:00
Jason Volk	532dfd004d	move core::pdu and core::state_res into core::matrix:: Signed-off-by: Jason Volk <jason@zemos.net>	2025-04-05 02:44:46 +00:00
June Clementine Strawberry	4e5b87d0cd	add missing condition for signatures upload failures Signed-off-by: June Clementine Strawberry <june@3.dog>	2025-04-04 11:34:31 -04:00
Jason Volk	00f7745ec4	remove the db pool queue full warning Signed-off-by: Jason Volk <jason@zemos.net>	2025-04-04 02:59:54 +00:00
Jason Volk	d036394ec7	refactor incoming prev events loop; mitigate large future Signed-off-by: Jason Volk <jason@zemos.net>	2025-04-03 22:40:40 +00:00
Jason Volk	6a073b4fa4	remove additional unnecessary Arc Signed-off-by: Jason Volk <jason@zemos.net>	2025-04-03 22:40:40 +00:00
Jason Volk	b7109131e2	further simplify get_missing_events; various log calls Signed-off-by: Jason Volk <jason@zemos.net>	2025-04-03 22:40:40 +00:00
June Clementine Strawberry	94b107b42b	add some debug logging and misc cleanup to keys/signatures/upload Signed-off-by: June Clementine Strawberry <june@3.dog>	2025-04-03 16:08:18 -04:00
Jason Volk	29d55b8036	move systemd stopping notification point Signed-off-by: Jason Volk <jason@zemos.net>	2025-04-03 19:38:51 +00:00
Jason Volk	45fd3875c8	move runtime shutdown out of main; gather final stats Signed-off-by: Jason Volk <jason@zemos.net>	2025-04-03 19:38:51 +00:00
Jason Volk	f9529937ce	patch hyper-util due to conflicts with federation resolver hooks Signed-off-by: Jason Volk <jason@zemos.net>	2025-04-03 19:38:51 +00:00
Jason Volk	0b56204f89	bump additional dependencies Signed-off-by: Jason Volk <jason@zemos.net>	2025-04-03 19:38:51 +00:00
Jason Volk	58adb6fead	upgrade hickory and hyper-util dependencies Signed-off-by: Jason Volk <jason@zemos.net>	2025-04-03 19:38:51 +00:00
Jason Volk	5d1404e9df	fix well-known using the hooked resolver Signed-off-by: Jason Volk <jason@zemos.net>	2025-04-03 19:38:51 +00:00
June Clementine Strawberry	f14756fb76	leave room locally if room is banned, rescind knocks on deactivation too Signed-off-by: June Clementine Strawberry <june@3.dog>	2025-04-03 12:21:16 -04:00
June Clementine Strawberry	24be579477	add appservice MSC4190 support Signed-off-by: June Clementine Strawberry <june@3.dog>	2025-04-03 12:21:16 -04:00
June Clementine Strawberry	0e0b8cc403	fixup+update msc3266, add fed support, parallelise IO Signed-off-by: June Clementine Strawberry <june@3.dog>	2025-04-03 00:56:37 -04:00
June Clementine Strawberry	1036f8dfa8	default shared history vis on unknown visibilities, drop needless error log Signed-off-by: June Clementine Strawberry <june@3.dog>	2025-04-02 22:46:01 -04:00
June Clementine Strawberry	74012c5289	significantly improve get_missing_events fed code Signed-off-by: June Clementine Strawberry <june@3.dog>	2025-04-02 22:44:44 -04:00
June Clementine Strawberry	ea246d91d9	remove pointless and buggy *_visibility in-memory caches Signed-off-by: June Clementine Strawberry <june@3.dog>	2025-04-02 22:38:47 -04:00
June Clementine Strawberry	1b71b99c51	fix weird issue with acl c2s check Signed-off-by: June Clementine Strawberry <june@3.dog>	2025-04-02 10:49:38 -04:00
Jason Volk	0f81c1e1cc	revert hyper-util upgrade due to continued DNS issues Signed-off-by: Jason Volk <jason@zemos.net>	2025-03-31 22:17:08 -04:00
Jason Volk	bee1f89624	bump dependencies Signed-off-by: Jason Volk <jason@zemos.net>	2025-03-31 05:03:52 +00:00
Jason Volk	5768ca8442	upgrade dependency ByteSize Signed-off-by: Jason Volk <jason@zemos.net>	2025-03-31 04:27:20 +00:00
Jason Volk	3f0f89cddb	use async_trait without axum re-export Signed-off-by: Jason Volk <jason@zemos.net>	2025-03-31 04:27:20 +00:00
Jason Volk	d3b65af616	remove several services.globals config wrappers Signed-off-by: Jason Volk <jason@zemos.net>	2025-03-31 03:00:53 +00:00
Jason Volk	d60920c728	workaround some large type name length issues Signed-off-by: Jason Volk <jason@zemos.net>	2025-03-31 03:00:53 +00:00
Jason Volk	db99d3a001	remove recently-made-unnecessary unsafe block Signed-off-by: Jason Volk <jason@zemos.net>	2025-03-31 02:30:32 +00:00
Jason Volk	bee4c6255a	reorg PduEvent strip tools and callsites Signed-off-by: Jason Volk <jason@zemos.net>	2025-03-30 23:00:37 +00:00
Jason Volk	dc6e9e74d9	add spans for for jemalloc mallctl points Signed-off-by: Jason Volk <jason@zemos.net>	2025-03-30 23:00:37 +00:00
Jason Volk	5bf5afaec8	instrument tokio before/after poll hooks Signed-off-by: Jason Volk <jason@zemos.net>	2025-03-30 23:00:37 +00:00
Jason Volk	095734a8e7	bump tokio to 1.44.1 Signed-off-by: Jason Volk <jason@zemos.net>	2025-03-30 23:00:37 +00:00
Jason Volk	a93cb34dd6	disambiguate UInt/u64 type related in client/api/directory; use err macros. Signed-off-by: Jason Volk <jason@zemos.net>	2025-03-30 23:00:37 +00:00
Jason Volk	b03c493bf9	add stub for database benches Signed-off-by: Jason Volk <jason@zemos.net>	2025-03-29 01:06:39 +00:00
Jason Volk	d0132706cd	add --read-only and --maintenance program option Signed-off-by: Jason Volk <jason@zemos.net>	2025-03-29 01:06:39 +00:00
Jason Volk	0e2009dbf5	fix client hierarchy loop condition Signed-off-by: Jason Volk <jason@zemos.net>	2025-03-28 22:47:51 +00:00
Ginger	3e57b7d35d	Update expected test results	2025-03-28 14:30:14 -04:00
Ginger	75b6daa67f	Fix off-by-one error when fetching room hierarchy	2025-03-28 14:30:14 -04:00
June Clementine Strawberry	6365f1a887	remove sccache from ci for now Signed-off-by: June Clementine Strawberry <june@3.dog>	2025-03-28 14:26:12 -04:00
Jason Volk	b2bf35cfab	fix benches from state-res Signed-off-by: Jason Volk <jason@zemos.net>	2025-03-28 09:01:46 +00:00
Jason Volk	7f448d88a4	use qualified crate names from within workspace Signed-off-by: Jason Volk <jason@zemos.net>	2025-03-27 07:08:41 +00:00
Jason Volk	c99f5770a0	mark get_summary_and_children_federation Send Signed-off-by: Jason Volk <jason@zemos.net>	2025-03-27 07:08:41 +00:00
Jason Volk	dfe058a244	default config item to 'none' when zstd_compression not featured Signed-off-by: Jason Volk <jason@zemos.net>	2025-03-27 01:09:27 +00:00
Jason Volk	07ba00f74e	abstract raw query command iterations Signed-off-by: Jason Volk <jason@zemos.net>	2025-03-26 04:43:05 +00:00
Jason Volk	9d0ce3965e	fix lints Signed-off-by: Jason Volk <jason@zemos.net>	2025-03-26 02:25:54 +00:00
Jason Volk	d1b82ea225	use #[ignore] for todo'ed tests Signed-off-by: Jason Volk <jason@zemos.net>	2025-03-26 01:33:41 +00:00
Jason Volk	23e3f6526f	split well_known resolver into unit Signed-off-by: Jason Volk <jason@zemos.net>	2025-03-26 01:33:41 +00:00
Jason Volk	8010505853	implement clear_cache() for resolver service Signed-off-by: Jason Volk <jason@zemos.net>	2025-03-26 01:33:41 +00:00
Jason Volk	9ce95a7030	make service memory_usage()/clear_cache() async trait Signed-off-by: Jason Volk <jason@zemos.net>	2025-03-26 01:33:41 +00:00
Jason Volk	d8ea8b378c	add Map::clear() to db interface Signed-off-by: Jason Volk <jason@zemos.net>	2025-03-26 01:33:41 +00:00
Jason Volk	17003ba773	add FIFO compaction for persistent-cache descriptor; comments/cleanup Signed-off-by: Jason Volk <jason@zemos.net>	2025-03-26 01:33:41 +00:00
Jason Volk	a57336ec13	assume canonical order in db serialization test Signed-off-by: Jason Volk <jason@zemos.net>	2025-03-26 01:33:41 +00:00
Jason Volk	7294368015	parallelize IO for PublicRoomsChunk vector Signed-off-by: Jason Volk <jason@zemos.net>	2025-03-26 01:33:41 +00:00
Jason Volk	aa4d2e2363	fix unused import without feature jemalloc_conf fix span passed by value Signed-off-by: Jason Volk <jason@zemos.net>	2025-03-26 01:33:41 +00:00
Jason Volk	07ec9d6d85	re-sort pushkey_deviceid (`33c5afe050`) Signed-off-by: Jason Volk <jason@zemos.net>	2025-03-26 01:33:41 +00:00
cy	33c5afe050	delete pushers created with different access token on password change	2025-03-21 10:34:17 -04:00
June Clementine Strawberry	7bf92c8a37	replace unnecessary check when updating device keys Signed-off-by: June Clementine Strawberry <june@3.dog>	2025-03-17 23:02:34 -04:00
cy	658c19d55e	check if we already have a more preferable key backup before adding	2025-03-16 18:23:19 -04:00
cy	4518f55408	guard against using someone else's access token in UIAA	2025-03-15 19:35:09 -04:00
June Clementine Strawberry	ee3c585555	skip a few flakey complement tests Signed-off-by: June Clementine Strawberry <june@3.dog>	2025-03-15 19:14:45 -04:00
June Clementine Strawberry	6c29792b3d	respect include_leave syncv3 filter Signed-off-by: June Clementine Strawberry <june@3.dog>	2025-03-13 15:49:40 -04:00
June Clementine Strawberry	258b399de9	bump ruwuma Signed-off-by: June Clementine Strawberry <june@3.dog>	2025-03-13 15:23:10 -04:00
June Clementine Strawberry	5dea52f0f8	stop doing complement cert gen and just use self-signed cert Signed-off-by: June Clementine Strawberry <june@3.dog>	2025-03-13 10:50:43 -04:00
June Clementine Strawberry	1d1ccec532	fix some nightly clippy lints Signed-off-by: June Clementine Strawberry <june@3.dog>	2025-03-13 08:37:34 -04:00
June Clementine Strawberry	0877f29439	respect membership filters on /members Signed-off-by: June Clementine Strawberry <june@3.dog>	2025-03-13 08:37:34 -04:00
June Clementine Strawberry	e920c44cb4	ignore humantime dep as tracing console-subscriber uses it (somewhere) Signed-off-by: June Clementine Strawberry <june@3.dog>	2025-03-11 21:15:11 -04:00
June Clementine Strawberry	ae818d5b25	remove most of cargo test from engage as crane does that but with more caching Signed-off-by: June Clementine Strawberry <june@3.dog>	2025-03-11 21:09:24 -04:00
June Clementine Strawberry	7f95eef9ab	bump ruwuma Signed-off-by: June Clementine Strawberry <june@3.dog>	2025-03-11 21:09:19 -04:00
June Clementine Strawberry	3104586884	bump tracing-subscriber, allowlist cargo-doc lint in admin room Signed-off-by: June Clementine Strawberry <june@3.dog>	2025-03-11 18:05:36 -04:00
Odd Eivind Ebbesen	c4b05e77f3	Fix up wording in the doc comments for admin media deletion (#694 )	2025-03-10 17:28:29 -04:00
Ginger	1366a3092f	Check the `room_types` filter when searching for local public rooms (#698 )	2025-03-10 17:28:19 -04:00
Tamara Schmitz	1e23c95ec6	docs: refactor reverse proxy setup sections (#701 )	2025-03-10 17:27:53 -04:00
June Clementine Strawberry	56dba8acb7	misc docs updates Signed-off-by: June Clementine Strawberry <june@3.dog>	2025-03-10 17:27:06 -04:00