-
Notifications
You must be signed in to change notification settings - Fork 374
Add support for MSC4155 Invite filtering #18288
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Merged
reivilibre
merged 43 commits into
element-hq:develop
from
Half-Shot:hs/msc4155-invite-filtering
Jun 5, 2025
Merged
Changes from all commits
Commits
Show all changes
43 commits
Select commit
Hold shift + click to select a range
2eccb4c
Initial implementation of MSC4155
Half-Shot c7f6f30
Add a versions flag.
Half-Shot b033b1a
changelog
Half-Shot 9edc201
tweaks
Half-Shot 79ca4f9
tweak comments / block apply order
Half-Shot eb116af
Buildup tests.
Half-Shot 5a9b62e
Add mixed rules.
Half-Shot bf1302d
Finish writing tests
Half-Shot 501796c
Merge remote-tracking branch 'origin/develop' into hs/msc4155-invite-…
Half-Shot 729567f
Merge remote-tracking branch 'origin/develop' into hs/msc4155-invite-…
Half-Shot 055a3d4
Rewrite for new MSC contents
Half-Shot 0bd92ec
Merge branch 'develop' into hs/msc4155-invite-filtering
Half-Shot 5a07938
lint
Half-Shot 58dfba5
Update changelog.d/18288.feature
Half-Shot cd5d797
review bits
Half-Shot 0b87642
Rewrite so that the server notices exception applies inside room_member
Half-Shot 5d5cbf9
remove cached because it requires true immutability
Half-Shot cebeaba
Users can also match globs
Half-Shot dcdf812
Add experimental config to complement
Half-Shot 38ae50d
Revert accidental user directory change
Half-Shot e6ad1c3
everything is globs /o\
Half-Shot d72a884
cleanup error handling
Half-Shot b455dea
lint
Half-Shot 652341c
Add msc4155 to test list
Half-Shot de55ace
Refactor so that rules are processed in the correct order
Half-Shot e967227
Cleanup
Half-Shot 268c53e
Improve ignore behaviour
Half-Shot 5b696be
Merge branch 'develop' into hs/msc4155-invite-filtering
Half-Shot 2f33aab
Apply suggestions from code review
Half-Shot cb5207b
revert user directory faffage
Half-Shot 6e77fac
Review changes
Half-Shot 72452b4
Remove capabilites as it was removed from the MSC.
Half-Shot 56cd377
lint
Half-Shot de1392b
Merge branch 'develop' into hs/msc4155-invite-filtering
Half-Shot 0a6ffc7
Add pydoc
Half-Shot 8063cc6
cleanup
Half-Shot f810aa9
is state
Half-Shot 9815587
lint
Half-Shot 6d72827
Fix log line
anoadragon453 1facef6
Merge branch 'develop' into hs/msc4155-invite-filtering
Half-Shot d9defd8
Add INVITE_BLOCKED error.
Half-Shot ca76d7b
correct error
Half-Shot 78a69ca
correct error code in tests
Half-Shot File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
Add support for [MSC4155](https://github.com/matrix-org/matrix-spec-proposals/pull/4155) Invite Filtering. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,110 @@ | ||
import logging | ||
from enum import Enum | ||
from typing import Optional, Pattern | ||
|
||
from matrix_common.regex import glob_to_regex | ||
|
||
from synapse.types import JsonMapping, UserID | ||
|
||
logger = logging.getLogger(__name__) | ||
|
||
|
||
class InviteRule(Enum): | ||
"""Enum to define the action taken when an invite matches a rule.""" | ||
|
||
ALLOW = "allow" | ||
BLOCK = "block" | ||
IGNORE = "ignore" | ||
|
||
|
||
class InviteRulesConfig: | ||
"""Class to determine if a given user permits an invite from another user, and the action to take.""" | ||
|
||
def __init__(self, account_data: Optional[JsonMapping]): | ||
anoadragon453 marked this conversation as resolved.
Show resolved
Hide resolved
|
||
self.allowed_users: list[Pattern[str]] = [] | ||
self.ignored_users: list[Pattern[str]] = [] | ||
self.blocked_users: list[Pattern[str]] = [] | ||
|
||
self.allowed_servers: list[Pattern[str]] = [] | ||
self.ignored_servers: list[Pattern[str]] = [] | ||
self.blocked_servers: list[Pattern[str]] = [] | ||
|
||
def process_field( | ||
values: Optional[list[str]], | ||
ruleset: list[Pattern[str]], | ||
rule: InviteRule, | ||
) -> None: | ||
if isinstance(values, list): | ||
for value in values: | ||
if isinstance(value, str) and len(value) > 0: | ||
# User IDs cannot exceed 255 bytes. Don't process large, potentially | ||
# expensive glob patterns. | ||
if len(value) > 255: | ||
logger.debug( | ||
"Ignoring invite config glob pattern that is >255 bytes: {value}" | ||
) | ||
continue | ||
|
||
try: | ||
Half-Shot marked this conversation as resolved.
Show resolved
Hide resolved
|
||
ruleset.append(glob_to_regex(value)) | ||
except Exception as e: | ||
# If for whatever reason we can't process this, just ignore it. | ||
logger.debug( | ||
f"Could not process '{value}' field of invite rule config, ignoring: {e}" | ||
) | ||
|
||
if account_data: | ||
process_field( | ||
account_data.get("allowed_users"), self.allowed_users, InviteRule.ALLOW | ||
) | ||
process_field( | ||
account_data.get("ignored_users"), self.ignored_users, InviteRule.IGNORE | ||
) | ||
process_field( | ||
account_data.get("blocked_users"), self.blocked_users, InviteRule.BLOCK | ||
) | ||
process_field( | ||
account_data.get("allowed_servers"), | ||
self.allowed_servers, | ||
InviteRule.ALLOW, | ||
) | ||
process_field( | ||
account_data.get("ignored_servers"), | ||
self.ignored_servers, | ||
InviteRule.IGNORE, | ||
) | ||
process_field( | ||
account_data.get("blocked_servers"), | ||
self.blocked_servers, | ||
InviteRule.BLOCK, | ||
) | ||
|
||
def get_invite_rule(self, user_id: str) -> InviteRule: | ||
"""Get the invite rule that matches this user. Will return InviteRule.ALLOW if no rules match | ||
|
||
Args: | ||
user_id: The user ID of the inviting user. | ||
|
||
""" | ||
user = UserID.from_string(user_id) | ||
# The order here is important. We always process user rules before server rules | ||
# and we always process in the order of Allow, Ignore, Block. | ||
for patterns, rule in [ | ||
(self.allowed_users, InviteRule.ALLOW), | ||
(self.ignored_users, InviteRule.IGNORE), | ||
(self.blocked_users, InviteRule.BLOCK), | ||
]: | ||
for regex in patterns: | ||
if regex.match(user_id): | ||
return rule | ||
|
||
for patterns, rule in [ | ||
(self.allowed_servers, InviteRule.ALLOW), | ||
(self.ignored_servers, InviteRule.IGNORE), | ||
(self.blocked_servers, InviteRule.BLOCK), | ||
]: | ||
for regex in patterns: | ||
if regex.match(user.domain): | ||
return rule | ||
|
||
return InviteRule.ALLOW |
Oops, something went wrong.
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Noting last minute introduction of error code as per spec change. https://github.com/matrix-org/matrix-spec-proposals/pull/4155/files#diff-fc221ff9830147ac4cac04ecf91ccdde962f4706c40cbd700fb99859b28afc54R62