Prune one time keys based on reasonable configured limit.

Signed-off-by: Jason Volk <jason@zemos.net>
2025-09-11 03:24:41 +00:00
parent 19dc5fafd4
commit 11eeca7e01
4 changed files with 52 additions and 1 deletions
--- a/src/core/config/mod.rs
+++ b/src/core/config/mod.rs
@@ -1999,6 +1999,16 @@ pub struct Config {
 	#[serde(default)]
 	pub delete_rooms_after_leave: bool,

+	/// Limits the number of One Time Keys per device (not per-algorithm). The
+	/// reference implementation maintains 50 OTK's at any given time, therefor
+	/// our default is at least ten times that. There is no known reason for an
+	/// administrator to adjust this value; it is provided here rather than
+	/// hardcoding it.
+	///
+	/// default: 512
+	#[serde(default = "default_one_time_key_limit")]
+	pub one_time_key_limit: usize,
+
 	// external structure; separate section
 	#[serde(default)]
 	pub blurhashing: BlurhashConfig,
@@ -2822,3 +2832,5 @@ fn default_access_token_ttl() -> u64 { 604_800 }
 fn default_deprioritize_joins_through_servers() -> RegexSet {
 	RegexSet::new([r"matrix\.org"]).unwrap()
 }
+
+fn default_one_time_key_limit() -> usize { 512 }