3527 commits

Author	SHA1	Message	Date
nexy7574	66d479e2eb	fix: Make remote leave helper a public fn	2025-09-01 11:27:58 +00:00
nexy7574	241371463e	feat: Force leave remote rooms admin command	2025-09-01 11:27:58 +00:00
nexy7574	d970df5fd2	perf(MSC4323): Parallelise some check futs	2025-09-01 12:13:37 +01:00
nexy7574	4e644961f3	perf(MSC4323): Remove redundant authorisation checks	2025-09-01 12:13:37 +01:00
nexy7574	35cf9af5c8	feat(MSC4323): Add versions flag	2025-09-01 12:13:37 +01:00
nexy7574	04e796176a	style(MSC4323): Satisfy our linting overlords	2025-09-01 12:13:37 +01:00
nexy7574	9783940105	feat(MSC4323): Advertise suspension support in capabilities	2025-09-01 12:13:37 +01:00
nexy7574	1e430f9470	feat(MSC4323): Implement agnostic suspension endpoint	2025-09-01 12:13:37 +01:00
nexy7574	83e3de55a4	fix(sync/v2): Room leaves being omitted incorrectly ... Partially borrowed from 85a84f93c7	2025-08-30 16:18:46 +01:00
Tom Foster	b5a2e49ae4	fix: Resolve Clippy CI failures from elided lifetime warnings ... The latest Rust nightly compiler (2025-08-27) introduced the elided-named-lifetimes lint which causes Clippy CI checks to fail when an elided lifetime ('_) resolves to a named lifetime that's already in scope. This commit fixes the Clippy warnings by: - Making lifetime relationships explicit where 'a is already in scope - Keeping elided lifetimes ('_) in functions without explicit lifetime parameters - Ensuring proper lifetime handling in the database pool module Affected files (17 total): - Database map modules: Handle, Key, and KeyVal references in get, qry, keys, and stream operations - Database pool module: into_recv_seek function This change resolves the CI build failures without changing any functionality, ensuring the codebase remains compatible with the latest nightly Clippy checks.	2025-08-28 21:13:19 +01:00
Jade Ellis	37248a4f68	chore: Add reasons for test skips	2025-08-28 20:10:05 +01:00
nexy7574	3183210459	fix: Post-merge compile issues	2025-08-23 21:28:31 +01:00
RatCornu	57d7743037	feat: add ldap_only config option	2025-08-23 19:59:36 +00:00
Jade Ellis	cb09bfa4e7	fix: Correctly pass ldap feature from the default crate	2025-08-23 19:59:36 +00:00
Jade Ellis	0ed691edef	fix: Make builds without LDAP work correctly	2025-08-23 19:59:36 +00:00
Jade Ellis	c58b9f05ed	chore: Fix default attributes for config	2025-08-23 19:59:36 +00:00
RatCornu	fb7e739b72	chore: remove unused LDAP mail attribute	2025-08-23 19:59:36 +00:00
RatCornu	c7adbae03f	feat: ldap login	2025-08-23 19:59:36 +00:00
Jade Ellis	8b35de6a43	chore: Fix clippy lints with minimal diff	2025-08-22 00:51:54 +01:00
Tom Foster	2a183cc5a4	fix(build): Remove hardened_malloc from full feature set ... The hardened_malloc feature conflicts with jemalloc, preventing successful builds with the --features full flag. Commenting out hardened_malloc allows the full profile to build correctly while maintaining all other features.	2025-08-17 13:44:32 +01:00
nexy7574	54acd07555	fix: Drop fake room v2 support	2025-08-16 16:22:24 +01:00
Tom Foster	583cb924f1	refactor: address code review feedback for auth and pagination improvements ... - Extract duplicated thread/message pagination functions to shared utils module - Refactor pagination token parsing to use Option combinators instead of defaults - Split access token generation from assignment for clearer error handling - Add appservice token collision detection at startup and registration - Allow appservice re-registration with same token (for config updates) - Simplify thread relation chunk building using iterator chaining - Fix saturating_inc edge case in relation queries with explicit filtering - Add concise comments explaining non-obvious behaviour choices	2025-08-12 05:29:41 +01:00
Tom Foster	9286838d23	fix(relations): improve thread pagination and include root event ... Replace unreliable PduCount pagination tokens with ShortEventId throughout the relations and messages endpoints. ShortEventId provides stable, unique identifiers that persist across server restarts and database operations. Key improvements: - Add token parsing helpers that try ShortEventId first, fall back to PduCount for backwards compatibility - Include thread root event when paginating backwards to thread start - Fix off-by-one error in get_relations that was returning the starting event in results - Only return next_batch/prev_batch tokens when more events are available, preventing clients from making unnecessary requests at thread boundaries - Ensure consistent token format between /relations, /messages, and /sync endpoints for interoperability This fixes duplicate events when scrolling at thread boundaries and ensures the thread root message is visible when viewing a thread, matching expected client behaviour.	2025-08-10 19:12:56 +01:00
Tom Foster	d1ebcfaf0b	fix(auth): prevent token collisions and optimise lookups ... Ensures access tokens are unique across both user and appservice tables to prevent authentication ambiguity and potential security issues. Changes: - On startup, automatically logout any user devices using tokens that conflict with appservice tokens (resolves in favour of appservices) and log a warning with affected user/device details - When creating new user tokens, check for conflicts with appservice tokens and generate a new token if a collision would occur - When registering new appservices, reject registration if the token is already in use by a user device - Use futures::select_ok to race token lookups concurrently for better performance (adapted from tuwunel commit 066097a8) This fix-forward approach resolves existing token collisions on startup whilst preventing new ones from being created, without breaking existing valid authentications. The find_token optimisation is adapted from tuwunel (matrix-construct/tuwunel) commit 066097a8: "Optimize user and appservice token queries" by Jason Volk.	2025-08-10 17:10:06 +01:00
Tom Foster	e820551f62	fix(appservice): create sender_localpart user during appservice startup ... Fixes #813: Application services were unable to work because their sender_localpart user was never created in the database, preventing authentication. This fix ensures the appservice user account is created when: - The server starts up and loads existing appservices from the database - A new appservice is registered via the admin command Additionally, if an appservice user has been accidentally deactivated, it will be automatically reactivated when the appservice starts. The solution centralises all appservice startup logic into a single `start_appservice` helper method, eliminating code duplication between the registration and startup paths.	2025-08-10 17:10:06 +01:00
nexy7574	e4a43b1a5b	fix(policy-server): Call the PS later in the PDU creation process ... This avoids accidentally sending partially built PDUs to the policy server, which may cause issues with some implementations	2025-08-02 00:19:33 +01:00
Jade Ellis	66181c61af	chore: Update rocksdb, feature flag changes ... Most of the way to static musl builds, just zlib I think	2025-07-24 21:51:52 +01:00
Jade Ellis	b7a0442298	feat: Musl images in docker ... Not working at the moment, need to upgrade the rust-rocksdb and possibly zstd to stop them force-enabling dynamic libclang	2025-07-24 19:00:41 +01:00
Jade Ellis	68b0140c42	docs: Add vias to matrix.to links	2025-07-24 13:31:58 +01:00
nexy7574	f32f60d056	fix(policy-server): Return the correct result when an event is marked as spam	2025-07-23 18:01:46 +01:00
nexy7574	fe06d78c8e	fix(policy-server): Update ask_policy_server docstring	2025-07-23 17:58:33 +01:00
nexy7574	99ebe022ed	fix(policy-server): Correctly default to 10 second timeout	2025-07-23 17:56:45 +01:00
nexy7574	f335f45017	feat(policy-server): Add configurable timeout	2025-07-23 17:49:08 +01:00
nexy7574	1726633c0f	fix(policy-server): Fixup refactor	2025-07-23 17:49:08 +01:00
nexy7574	dfda27fadc	feat(policy-server): Don't fail-closed & refactor references	2025-07-23 17:49:08 +01:00
Jade Ellis	9465c5df1f	style: Improve logging and comments	2025-07-23 17:49:07 +01:00
nexy7574	2d475b1220	style(policy-server): Run clippy	2025-07-23 17:49:07 +01:00
nexy7574	d7fa624fd2	feat(policy-server): Optimise policy server lookups	2025-07-23 17:49:07 +01:00
nexy7574	cc9202b0c4	feat(policy-server): Limit policy server request timeout to 10 seconds	2025-07-23 17:49:07 +01:00
nexy7574	a3d62ed0d9	feat(policy-server): Prevent local events that fail the policy check	2025-07-23 17:49:07 +01:00
nexy7574	78b7175677	feat(policy-server): Soft-fail redactions for failed events	2025-07-23 17:49:07 +01:00
nexy7574	74d60f256b	style(policy-server): Restructure logging	2025-07-23 17:49:07 +01:00
nexy7574	732c69f5ca	fix(policy-server): Avoid unnecessary database lookup	2025-07-23 17:49:07 +01:00
nexy7574	8e7801f323	chore: Update ruwuma & fix lints	2025-07-23 17:49:06 +01:00
nexy7574	9017efe45b	feat(policy-server): Policy server following	2025-07-23 17:49:06 +01:00
Jade Ellis	1c985c59f5	refactor: Allow with_lock to return data and take an async closure	2025-07-20 16:34:48 +01:00
Jade Ellis	b635e825d2	refactor: Implement with_lock for lock_api	2025-07-20 16:34:36 +01:00
Jade Ellis	6d29098d1a	refactor: Replace remaining std RwLocks	2025-07-20 16:33:36 +01:00
Jade Ellis	374fb2745c	refactor: Replace remaining std Mutexes	2025-07-20 16:32:48 +01:00
Jade Ellis	a1d616e3e3	refactor: Replace std RwLock with parking_lot	2025-07-20 16:31:55 +01:00