Add configs for creating the admin room and granting first user.
Signed-off-by: Jason Volk <jason@zemos.net>
This commit is contained in:
Jason Volk
@@ -75,6 +75,7 @@ COPY <<EOF complement.toml
|
||||
allow_public_room_directory_over_federation = true
|
||||
allow_public_room_directory_without_auth = true
|
||||
allow_registration = true
|
||||
create_admin_room = false
|
||||
database_path = "/database"
|
||||
dns_attempts = 20
|
||||
dns_timeout = 60
|
||||
|
||||
@@ -513,9 +513,10 @@ pub(crate) async fn register_route(
|
||||
// If this is the first real user, grant them admin privileges except for guest
|
||||
// users
|
||||
// Note: the server user is generated first
|
||||
if !is_guest {
|
||||
if let Ok(admin_room) = services.admin.get_admin_room().await {
|
||||
if services
|
||||
if !is_guest
|
||||
&& services.config.grant_admin_to_first_user
|
||||
&& let Ok(admin_room) = services.admin.get_admin_room().await
|
||||
&& services
|
||||
.rooms
|
||||
.state_cache
|
||||
.room_joined_count(&admin_room)
|
||||
@@ -525,8 +526,6 @@ pub(crate) async fn register_route(
|
||||
services.admin.make_user_admin(&user_id).await?;
|
||||
warn!("Granting {user_id} admin privileges as the first user");
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if body.appservice_info.is_none()
|
||||
&& !services.server.config.auto_join_rooms.is_empty()
|
||||
|
||||
@@ -1683,6 +1683,23 @@ pub struct Config {
|
||||
#[serde(default = "default_admin_room_tag")]
|
||||
pub admin_room_tag: String,
|
||||
|
||||
/// Whether to grant the first user to register admin privileges by joining
|
||||
/// them to the admin room. Note that technically the next user to register
|
||||
/// when the admin room is empty (or only contains the server-user) is
|
||||
/// granted, and only when the admin room is enabled.
|
||||
///
|
||||
/// default: true
|
||||
#[serde(default = "true_fn")]
|
||||
pub grant_admin_to_first_user: bool,
|
||||
|
||||
/// Whether the admin room is created on first startup. Users should not set
|
||||
/// this to false. Developers can set this to false during integration tests
|
||||
/// to reduce activity and output.
|
||||
///
|
||||
/// default: true
|
||||
#[serde(default = "true_fn")]
|
||||
pub create_admin_room: bool,
|
||||
|
||||
/// Sentry.io crash/panic reporting, performance monitoring/metrics, etc.
|
||||
/// This is NOT enabled by default. tuwunel's default Sentry reporting
|
||||
/// endpoint domain is `o4509498990067712.ingest.us.sentry.io`.
|
||||
|
||||
@@ -20,6 +20,22 @@ use tuwunel_core::{Result, pdu::PduBuilder};
|
||||
|
||||
use crate::Services;
|
||||
|
||||
/// Create the server user.
|
||||
///
|
||||
/// This should be the first user on the server and created prior to the
|
||||
/// admin room.
|
||||
pub async fn create_server_user(services: &Services) -> Result {
|
||||
let server_user = services.globals.server_user.as_ref();
|
||||
|
||||
// Create a user for the server
|
||||
services
|
||||
.users
|
||||
.create(server_user, None, None)
|
||||
.await?;
|
||||
|
||||
Ok(())
|
||||
}
|
||||
|
||||
/// Create the admin room.
|
||||
///
|
||||
/// Users in this room are considered admins by tuwunel, and the room can be
|
||||
@@ -38,10 +54,9 @@ pub async fn create_admin_room(services: &Services) -> Result {
|
||||
|
||||
// Create a user for the server
|
||||
let server_user = services.globals.server_user.as_ref();
|
||||
services
|
||||
.users
|
||||
.create(server_user, None, None)
|
||||
.await?;
|
||||
if !services.users.exists(server_user).await {
|
||||
create_server_user(services).await?;
|
||||
}
|
||||
|
||||
let create_content = {
|
||||
use RoomVersionId::*;
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
pub mod console;
|
||||
mod create;
|
||||
pub mod create;
|
||||
mod execute;
|
||||
mod grant;
|
||||
|
||||
|
||||
@@ -67,9 +67,11 @@ async fn fresh(services: &Services) -> Result {
|
||||
db["global"].insert(b"fix_readreceiptid_readreceipt_duplicates", []);
|
||||
|
||||
// Create the admin room and server user on first run
|
||||
if services.config.create_admin_room {
|
||||
crate::admin::create_admin_room(services)
|
||||
.boxed()
|
||||
.await?;
|
||||
}
|
||||
|
||||
warn!("Created new RocksDB database with version {DATABASE_VERSION}");
|
||||
|
||||
|
||||
@@ -1450,6 +1450,19 @@
|
||||
#
|
||||
#admin_room_tag = "m.server_notice"
|
||||
|
||||
# Whether to grant the first user to register admin privileges by joining
|
||||
# them to the admin room. Note that technically the next user to register
|
||||
# when the admin room is empty (or only contains the server-user) is
|
||||
# granted, and only when the admin room is enabled.
|
||||
#
|
||||
#grant_admin_to_first_user = true
|
||||
|
||||
# Whether the admin room is created on first startup. Users should not set
|
||||
# this to false. Developers can set this to false during integration tests
|
||||
# to reduce activity and output.
|
||||
#
|
||||
#create_admin_room = true
|
||||
|
||||
# Sentry.io crash/panic reporting, performance monitoring/metrics, etc.
|
||||
# This is NOT enabled by default. tuwunel's default Sentry reporting
|
||||
# endpoint domain is `o4509498990067712.ingest.us.sentry.io`.
|
||||
|
||||
Reference in New Issue
Block a user