Implement local redaction blocking

src/api/client/redact.rs

@@ -2,7 +2,7 @@ use axum::extract::State;
 use ruma::{
 	api::client::redact::redact_event, events::room::redaction::RoomRedactionEventContent,
 };
-use tuwunel_core::{Result, matrix::pdu::PduBuilder};
+use tuwunel_core::{Err, Result, matrix::pdu::PduBuilder, warn};
 
 use crate::Ruma;
 
@@ -18,6 +18,17 @@ pub(crate) async fn redact_event_route(
 	let sender_user = body.sender_user();
 	let body = &body.body;
 
+	if services.config.disable_local_redactions
+		&& !services.admin.user_is_admin(sender_user).await
+	{
+		warn!(
+			%sender_user,
+			event_id = %body.event_id,
+			"Local redactions are disabled, non-admin user attempted to redact an event"
+		);
+		return Err!(Request(Forbidden("Redactions are disabled on this server.")));
+	}
+
 	let state_lock = services.state.mutex.lock(&body.room_id).await;
 
 	let event_id = services

src/api/client/send.rs

@@ -1,9 +1,12 @@
 use std::collections::BTreeMap;
 
 use axum::extract::State;
-use ruma::{api::client::message::send_message_event, events::MessageLikeEventType};
+use ruma::{
+	api::client::message::send_message_event,
+	events::{MessageLikeEventType, room::redaction::RoomRedactionEventContent},
+};
 use serde_json::from_str;
-use tuwunel_core::{Err, Result, err, matrix::pdu::PduBuilder, utils};
+use tuwunel_core::{Err, Result, err, matrix::pdu::PduBuilder, utils, warn};
 
 use crate::Ruma;
 
@@ -24,6 +27,34 @@ pub(crate) async fn send_message_event_route(
 	let sender_device = body.sender_device.as_deref();
 	let appservice_info = body.appservice_info.as_ref();
 
+	if body.event_type == MessageLikeEventType::RoomRedaction
+		&& services.config.disable_local_redactions
+		&& !services.admin.user_is_admin(sender_user).await
+	{
+		if let Some(event_id) = body
+			.body
+			.body
+			.deserialize_as_unchecked::<RoomRedactionEventContent>()
+			.ok()
+			.and_then(|content| content.redacts)
+		{
+			warn!(
+				%sender_user,
+				%event_id,
+				"Local redactions are disabled, non-admin user attempted to redact an event"
+			);
+		} else {
+			warn!(
+				%sender_user,
+				event = %body.body.body.json(),
+				"Local redactions are disabled, non-admin user attempted to redact an event \
+				 with an invalid redaction event"
+			);
+		}
+
+		return Err!(Request(Forbidden("Redactions are disabled on this server.")));
+	}
+
 	// Forbid m.room.encrypted if encryption is disabled
 	if MessageLikeEventType::RoomEncrypted == body.event_type && !services.config.allow_encryption
 	{

src/core/config/mod.rs

@@ -2019,6 +2019,12 @@ pub struct Config {
 	#[serde(default = "true_fn")]
 	pub allow_room_admins_to_request_unredacted_events: bool,
 
+	/// Prevents local users from sending redactions.
+	///
+	/// This check does not apply to server admins.
+	#[serde(default)]
+	pub disable_local_redactions: bool,
+
 	/// Enable database pool affinity support. On supporting systems, block
 	/// device queue topologies are detected and the request pool is optimized
 	/// for the hardware; db_pool_workers is determined automatically.

tuwunel-example.toml

@@ -1738,6 +1738,12 @@
 #
 #allow_room_admins_to_request_unredacted_events = true
 
+# Prevents local users from sending redactions.
+#
+# This check does not apply to server admins.
+#
+#disable_local_redactions = false
+
 # Enable database pool affinity support. On supporting systems, block
 # device queue topologies are detected and the request pool is optimized
 # for the hardware; db_pool_workers is determined automatically.