From baa1e523022f2d27fa7214a3bec50c846a941053 Mon Sep 17 00:00:00 2001 From: dasha_uwu Date: Wed, 4 Feb 2026 21:35:33 +0500 Subject: [PATCH] Implement local redaction blocking --- src/api/client/redact.rs | 13 ++++++++++++- src/api/client/send.rs | 35 +++++++++++++++++++++++++++++++++-- src/core/config/mod.rs | 6 ++++++ tuwunel-example.toml | 6 ++++++ 4 files changed, 57 insertions(+), 3 deletions(-) diff --git a/src/api/client/redact.rs b/src/api/client/redact.rs index 3046e91c..f9bfbc0f 100644 --- a/src/api/client/redact.rs +++ b/src/api/client/redact.rs @@ -2,7 +2,7 @@ use axum::extract::State; use ruma::{ api::client::redact::redact_event, events::room::redaction::RoomRedactionEventContent, }; -use tuwunel_core::{Result, matrix::pdu::PduBuilder}; +use tuwunel_core::{Err, Result, matrix::pdu::PduBuilder, warn}; use crate::Ruma; @@ -18,6 +18,17 @@ pub(crate) async fn redact_event_route( let sender_user = body.sender_user(); let body = &body.body; + if services.config.disable_local_redactions + && !services.admin.user_is_admin(sender_user).await + { + warn!( + %sender_user, + event_id = %body.event_id, + "Local redactions are disabled, non-admin user attempted to redact an event" + ); + return Err!(Request(Forbidden("Redactions are disabled on this server."))); + } + let state_lock = services.state.mutex.lock(&body.room_id).await; let event_id = services diff --git a/src/api/client/send.rs b/src/api/client/send.rs index a6d8e503..fbeeca98 100644 --- a/src/api/client/send.rs +++ b/src/api/client/send.rs @@ -1,9 +1,12 @@ use std::collections::BTreeMap; use axum::extract::State; -use ruma::{api::client::message::send_message_event, events::MessageLikeEventType}; +use ruma::{ + api::client::message::send_message_event, + events::{MessageLikeEventType, room::redaction::RoomRedactionEventContent}, +}; use serde_json::from_str; -use tuwunel_core::{Err, Result, err, matrix::pdu::PduBuilder, utils}; +use tuwunel_core::{Err, Result, err, matrix::pdu::PduBuilder, utils, warn}; use crate::Ruma; @@ -24,6 +27,34 @@ pub(crate) async fn send_message_event_route( let sender_device = body.sender_device.as_deref(); let appservice_info = body.appservice_info.as_ref(); + if body.event_type == MessageLikeEventType::RoomRedaction + && services.config.disable_local_redactions + && !services.admin.user_is_admin(sender_user).await + { + if let Some(event_id) = body + .body + .body + .deserialize_as_unchecked::() + .ok() + .and_then(|content| content.redacts) + { + warn!( + %sender_user, + %event_id, + "Local redactions are disabled, non-admin user attempted to redact an event" + ); + } else { + warn!( + %sender_user, + event = %body.body.body.json(), + "Local redactions are disabled, non-admin user attempted to redact an event \ + with an invalid redaction event" + ); + } + + return Err!(Request(Forbidden("Redactions are disabled on this server."))); + } + // Forbid m.room.encrypted if encryption is disabled if MessageLikeEventType::RoomEncrypted == body.event_type && !services.config.allow_encryption { diff --git a/src/core/config/mod.rs b/src/core/config/mod.rs index 3a0ef05c..3c080377 100644 --- a/src/core/config/mod.rs +++ b/src/core/config/mod.rs @@ -2019,6 +2019,12 @@ pub struct Config { #[serde(default = "true_fn")] pub allow_room_admins_to_request_unredacted_events: bool, + /// Prevents local users from sending redactions. + /// + /// This check does not apply to server admins. + #[serde(default)] + pub disable_local_redactions: bool, + /// Enable database pool affinity support. On supporting systems, block /// device queue topologies are detected and the request pool is optimized /// for the hardware; db_pool_workers is determined automatically. diff --git a/tuwunel-example.toml b/tuwunel-example.toml index ebce64df..7e8da510 100644 --- a/tuwunel-example.toml +++ b/tuwunel-example.toml @@ -1738,6 +1738,12 @@ # #allow_room_admins_to_request_unredacted_events = true +# Prevents local users from sending redactions. +# +# This check does not apply to server admins. +# +#disable_local_redactions = false + # Enable database pool affinity support. On supporting systems, block # device queue topologies are detected and the request pool is optimized # for the hardware; db_pool_workers is determined automatically.