Compare commits
9 commits
main
...
open-reg-c
| Author | SHA1 | Date | |
|---|---|---|---|
|
68bb1bbb03 | ||
|
|
49b7396900 | ||
|
|
d0a22ba206 | ||
|
|
b8b51f39b1 | ||
|
|
18cc8245c4 | ||
|
|
032586f87c | ||
|
|
b4c1831ec4 | ||
|
|
da2af37bfa | ||
|
|
43f5adbcb6 |
5 changed files with 65 additions and 26 deletions
|
|
@ -35,8 +35,19 @@ port = 6167
|
|||
# Max size for uploads
|
||||
max_request_size = 20_000_000 # in bytes
|
||||
|
||||
# Enables registration. If set to false, no users can register on this server.
|
||||
allow_registration = true
|
||||
# Enables open registration. If set to false, no users can register on this
|
||||
# server (unless a token is configured).
|
||||
# If set to true, users can register with no form of 2nd step only if you set
|
||||
# `yes_i_am_very_very_sure_i_want_an_open_registration_server_prone_to_abuse` to
|
||||
# in your config. If you would like
|
||||
# registration only via token reg, please set this to *false* and configure the
|
||||
# `registration_token` key.
|
||||
allow_registration = false
|
||||
|
||||
# A static registration token that new users will have to provide when creating
|
||||
# an account. If unset and `allow_registration` is true, registration is open
|
||||
# without any condition. YOU NEED TO EDIT THIS.
|
||||
registration_token = "change this token for something specific to your server"
|
||||
|
||||
allow_federation = true
|
||||
allow_check_for_updates = true
|
||||
|
|
|
|||
|
|
@ -48,18 +48,20 @@ pub struct Config {
|
|||
pub max_concurrent_requests: u16,
|
||||
#[serde(default = "default_max_fetch_prev_events")]
|
||||
pub max_fetch_prev_events: u16,
|
||||
#[serde(default = "false_fn")]
|
||||
#[serde(default)]
|
||||
pub allow_registration: bool,
|
||||
#[serde(default)]
|
||||
pub yes_i_am_very_very_sure_i_want_an_open_registration_server_prone_to_abuse: bool,
|
||||
pub registration_token: Option<String>,
|
||||
#[serde(default = "true_fn")]
|
||||
pub allow_encryption: bool,
|
||||
#[serde(default = "false_fn")]
|
||||
#[serde(default)]
|
||||
pub allow_federation: bool,
|
||||
#[serde(default = "false_fn")]
|
||||
#[serde(default)]
|
||||
pub allow_public_room_directory_over_federation: bool,
|
||||
#[serde(default = "false_fn")]
|
||||
#[serde(default)]
|
||||
pub allow_public_room_directory_without_auth: bool,
|
||||
#[serde(default = "false_fn")]
|
||||
#[serde(default)]
|
||||
pub allow_device_name_federation: bool,
|
||||
#[serde(default = "true_fn")]
|
||||
pub allow_room_creation: bool,
|
||||
|
|
@ -68,9 +70,9 @@ pub struct Config {
|
|||
#[serde(default = "default_default_room_version")]
|
||||
pub default_room_version: RoomVersionId,
|
||||
pub well_known_client: Option<String>,
|
||||
#[serde(default = "false_fn")]
|
||||
#[serde(default)]
|
||||
pub allow_jaeger: bool,
|
||||
#[serde(default = "false_fn")]
|
||||
#[serde(default)]
|
||||
pub tracing_flame: bool,
|
||||
#[serde(default)]
|
||||
pub proxy: ProxyConfig,
|
||||
|
|
@ -97,7 +99,7 @@ pub struct Config {
|
|||
pub rocksdb_max_log_file_size: usize,
|
||||
#[serde(default = "default_rocksdb_log_time_to_roll")]
|
||||
pub rocksdb_log_time_to_roll: usize,
|
||||
#[serde(default = "false_fn")]
|
||||
#[serde(default)]
|
||||
pub rocksdb_optimize_for_spinning_disks: bool,
|
||||
|
||||
pub emergency_password: Option<String>,
|
||||
|
|
@ -105,21 +107,21 @@ pub struct Config {
|
|||
#[serde(default = "default_notification_push_path")]
|
||||
pub notification_push_path: String,
|
||||
|
||||
#[serde(default = "false_fn")]
|
||||
#[serde(default)]
|
||||
pub allow_local_presence: bool,
|
||||
#[serde(default = "false_fn")]
|
||||
#[serde(default)]
|
||||
pub allow_incoming_presence: bool,
|
||||
#[serde(default = "false_fn")]
|
||||
#[serde(default)]
|
||||
pub allow_outgoing_presence: bool,
|
||||
#[serde(default = "default_presence_idle_timeout_s")]
|
||||
pub presence_idle_timeout_s: u64,
|
||||
#[serde(default = "default_presence_offline_timeout_s")]
|
||||
pub presence_offline_timeout_s: u64,
|
||||
|
||||
#[serde(default = "false_fn")]
|
||||
#[serde(default)]
|
||||
pub zstd_compression: bool,
|
||||
|
||||
#[serde(default = "false_fn")]
|
||||
#[serde(default)]
|
||||
pub allow_guest_registration: bool,
|
||||
|
||||
#[serde(flatten)]
|
||||
|
|
@ -197,7 +199,10 @@ impl fmt::Display for Config {
|
|||
"Maximum concurrent requests",
|
||||
&self.max_concurrent_requests.to_string(),
|
||||
),
|
||||
("Allow registration", &self.allow_registration.to_string()),
|
||||
(
|
||||
"Allow registration (open registration)",
|
||||
&self.allow_registration.to_string(),
|
||||
),
|
||||
(
|
||||
"Allow guest registration",
|
||||
&self.allow_guest_registration.to_string(),
|
||||
|
|
@ -302,10 +307,6 @@ impl fmt::Display for Config {
|
|||
}
|
||||
}
|
||||
|
||||
fn false_fn() -> bool {
|
||||
false
|
||||
}
|
||||
|
||||
fn true_fn() -> bool {
|
||||
true
|
||||
}
|
||||
|
|
@ -383,7 +384,7 @@ fn default_presence_offline_timeout_s() -> u64 {
|
|||
}
|
||||
|
||||
fn default_rocksdb_log_level() -> String {
|
||||
"info".to_owned()
|
||||
"warn".to_owned()
|
||||
}
|
||||
|
||||
fn default_rocksdb_log_time_to_roll() -> usize {
|
||||
|
|
|
|||
|
|
@ -42,7 +42,7 @@ fn db_options(rocksdb_cache: &rocksdb::Cache, config: &Config) -> rocksdb::Optio
|
|||
"warn" => Warn,
|
||||
"error" => Error,
|
||||
"fatal" => Fatal,
|
||||
_ => Info,
|
||||
_ => Warn,
|
||||
};
|
||||
|
||||
db_opts.set_log_level(rocksdb_log_level);
|
||||
|
|
|
|||
31
src/main.rs
31
src/main.rs
|
|
@ -156,9 +156,30 @@ async fn main() {
|
|||
};
|
||||
let config = &services().globals.config;
|
||||
|
||||
info!("Starting server");
|
||||
run_server().await.unwrap();
|
||||
if config.allow_registration
|
||||
&& !config.yes_i_am_very_very_sure_i_want_an_open_registration_server_prone_to_abuse
|
||||
{
|
||||
error!("!! You have `allow_registration` enabled in your config which means you are allowing ANYONE to register on your conduwuit instance without any 2nd-step (e.g. registration token).\n
|
||||
If this is not the intended behaviour, please disable `allow_registration` and set a registration token.\n
|
||||
For security and safety reasons, conduwuit will shut down. If you are extra sure this is the desired behaviour you want, please set the following config option to true:
|
||||
`yes_i_am_very_very_sure_i_want_an_open_registration_server_prone_to_abuse`");
|
||||
return;
|
||||
}
|
||||
|
||||
if config.allow_registration
|
||||
&& config.yes_i_am_very_very_sure_i_want_an_open_registration_server_prone_to_abuse
|
||||
{
|
||||
warn!("Open registration is enabled via setting `yes_i_am_very_very_sure_i_want_an_open_registration_server_prone_to_abuse` and `allow_registration` to true. You are expected to be aware of the risks now.\n
|
||||
If this is not the desired behaviour, please disable `allow_registration` and set a registration token.");
|
||||
}
|
||||
|
||||
info!("Starting server");
|
||||
if let Err(e) = run_server().await {
|
||||
error!("Critical error running server: {}", e);
|
||||
};
|
||||
|
||||
// if server runs into critical error and shuts down, shut down the tracer provider if jaegar is used.
|
||||
// awaiting run_server() is a blocking call so putting this after is fine, but not the other options above.
|
||||
if config.allow_jaeger {
|
||||
opentelemetry::global::shutdown_tracer_provider();
|
||||
}
|
||||
|
|
@ -247,6 +268,8 @@ async fn run_server() -> io::Result<()> {
|
|||
|
||||
#[cfg(feature = "systemd")]
|
||||
let _ = sd_notify::notify(true, &[sd_notify::NotifyState::Ready]);
|
||||
|
||||
info!("Listening at {:?}", path);
|
||||
let server = Server::builder(socket).serve(app);
|
||||
let graceful = server.with_graceful_shutdown(async {
|
||||
rx.await.ok();
|
||||
|
|
@ -263,6 +286,8 @@ async fn run_server() -> io::Result<()> {
|
|||
|
||||
#[cfg(feature = "systemd")]
|
||||
let _ = sd_notify::notify(true, &[sd_notify::NotifyState::Ready]);
|
||||
|
||||
info!("Listening on {}", addr);
|
||||
server.await?
|
||||
}
|
||||
None => {
|
||||
|
|
@ -270,6 +295,8 @@ async fn run_server() -> io::Result<()> {
|
|||
|
||||
#[cfg(feature = "systemd")]
|
||||
let _ = sd_notify::notify(true, &[sd_notify::NotifyState::Ready]);
|
||||
|
||||
info!("Listening on {}", addr);
|
||||
server.await?
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1729,8 +1729,8 @@ impl Service {
|
|||
PduBuilder {
|
||||
event_type: TimelineEventType::RoomMessage,
|
||||
content: to_raw_value(&RoomMessageEventContent::text_html(
|
||||
format!("## Thank you for trying out Conduit!\n\nConduit is currently in Beta. This means you can join and participate in most Matrix rooms, but not all features are supported and you might run into bugs from time to time.\n\nHelpful links:\n> Website: https://conduit.rs\n> Git and Documentation: https://gitlab.com/famedly/conduit\n> Report issues: https://gitlab.com/famedly/conduit/-/issues\n\nFor a list of available commands, send the following message in this room: `@conduit:{}: --help`\n\nHere are some rooms you can join (by typing the command):\n\nConduit room (Ask questions and get notified on updates):\n`/join #conduit:fachschaften.org`\n\nConduit lounge (Off-topic, only Conduit users are allowed to join)\n`/join #conduit-lounge:conduit.rs`", services().globals.server_name()),
|
||||
format!("<h2>Thank you for trying out Conduit!</h2>\n<p>Conduit is currently in Beta. This means you can join and participate in most Matrix rooms, but not all features are supported and you might run into bugs from time to time.</p>\n<p>Helpful links:</p>\n<blockquote>\n<p>Website: https://conduit.rs<br>Git and Documentation: https://gitlab.com/famedly/conduit<br>Report issues: https://gitlab.com/famedly/conduit/-/issues</p>\n</blockquote>\n<p>For a list of available commands, send the following message in this room: <code>@conduit:{}: --help</code></p>\n<p>Here are some rooms you can join (by typing the command):</p>\n<p>Conduit room (Ask questions and get notified on updates):<br><code>/join #conduit:fachschaften.org</code></p>\n<p>Conduit lounge (Off-topic, only Conduit users are allowed to join)<br><code>/join #conduit-lounge:conduit.rs</code></p>\n", services().globals.server_name()),
|
||||
format!("## Thank you for trying out conduwuit!\n\nconduwuit is a fork of upstream Conduit which is in Beta. This means you can join and participate in most Matrix rooms, but not all features are supported and you might run into bugs from time to time.\n\nHelpful links:\n> Git and Documentation: https://github.com/girlbossceo/conduit\n> Report issues: https://github.com/girlbossceo/conduwuit/issues\n\nFor a list of available commands, send the following message in this room: `@conduit:{}: --help`\n\nHere are some rooms you can join (by typing the command):\n\nconduwuit room (Ask questions and get notified on updates):\n`/join #conduwuit:puppygock.gay`", services().globals.server_name()),
|
||||
format!("<h2>Thank you for trying out conduwuit!</h2>\n<p>conduwuit is a fork of upstream Conduit which is in Beta. This means you can join and participate in most Matrix rooms, but not all features are supported and you might run into bugs from time to time.</p>\n<p>Helpful links:</p>\n<blockquote>\n<p>Git and Documentation: https://github.com/girlbossceo/conduit<br>Report issues: https://github.com/girlbossceo/conduwuit/issues</p>\n</blockquote>\n<p>For a list of available commands, send the following message in this room: <code>@conduit:{}: --help</code></p>\n<p>Here are some rooms you can join (by typing the command):</p>\n<p>conduwuit room (Ask questions and get notified on updates):<br><code>/join #conduwuit:puppygock.gay</code></p>\n", services().globals.server_name()),
|
||||
))
|
||||
.expect("event is valid, we just created it"),
|
||||
unsigned: None,
|
||||
|
|
|
|||
Reference in a new issue