diff --git a/apps/meteor/server/settings/federation-service.ts b/apps/meteor/server/settings/federation-service.ts index 2ae38944734ca..2429a7d232046 100644 --- a/apps/meteor/server/settings/federation-service.ts +++ b/apps/meteor/server/settings/federation-service.ts @@ -84,5 +84,21 @@ export const createFederationServiceSettings = async (): Promise => { invalidValue: false, alert: 'Federation_Service_EDU_Process_Presence_Alert', }); + + await this.add('Federation_Service_Join_Encrypted_Rooms', false, { + type: 'boolean', + public: false, + enterprise: true, + modules: ['federation'], + invalidValue: false, + }); + + await this.add('Federation_Service_Join_Non_Private_Rooms', false, { + type: 'boolean', + public: false, + enterprise: true, + modules: ['federation'], + invalidValue: false, + }); }); }; diff --git a/ee/packages/federation-matrix/package.json b/ee/packages/federation-matrix/package.json index 70766e2801418..3650040d3faca 100644 --- a/ee/packages/federation-matrix/package.json +++ b/ee/packages/federation-matrix/package.json @@ -38,7 +38,7 @@ "@rocket.chat/core-services": "workspace:^", "@rocket.chat/core-typings": "workspace:^", "@rocket.chat/emitter": "^0.31.25", - "@rocket.chat/federation-sdk": "0.1.28", + "@rocket.chat/federation-sdk": "0.1.29", "@rocket.chat/http-router": "workspace:^", "@rocket.chat/license": "workspace:^", "@rocket.chat/models": "workspace:^", diff --git a/ee/packages/federation-matrix/src/api/_matrix/invite.ts b/ee/packages/federation-matrix/src/api/_matrix/invite.ts index 6a8966ee26216..cc5d99eea301d 100644 --- a/ee/packages/federation-matrix/src/api/_matrix/invite.ts +++ b/ee/packages/federation-matrix/src/api/_matrix/invite.ts @@ -1,6 +1,5 @@ import { FederationMatrix, Room } from '@rocket.chat/core-services'; import { isUserNativeFederated, type IUser } from '@rocket.chat/core-typings'; -import { eventIdSchema, roomIdSchema } from '@rocket.chat/federation-sdk'; import type { HomeserverServices, RoomService, @@ -9,6 +8,7 @@ import type { PersistentEventBase, RoomVersion, } from '@rocket.chat/federation-sdk'; +import { eventIdSchema, roomIdSchema, NotAllowedError } from '@rocket.chat/federation-sdk'; import { Router } from '@rocket.chat/http-router'; import { Rooms, Users } from '@rocket.chat/models'; import { ajv } from '@rocket.chat/rest-typings/dist/v1/Ajv'; @@ -355,32 +355,52 @@ export const getMatrixInviteRoutes = (services: HomeserverServices) => { throw new Error('user not found not processing invite'); } - const inviteEvent = await invite.processInvite( - event, - roomIdSchema.parse(roomId), - eventIdSchema.parse(eventId), - roomVersion, - c.get('authenticatedServer'), - ); - - setTimeout( - () => { - void startJoiningRoom({ - inviteEvent, - user: ourUser, - room, - state, - }); - }, - inviteEvent.event.content.is_direct ? 2000 : 0, - ); - - return { - body: { - event: inviteEvent.event, - }, - statusCode: 200, - }; + try { + const inviteEvent = await invite.processInvite( + event, + roomIdSchema.parse(roomId), + eventIdSchema.parse(eventId), + roomVersion, + c.get('authenticatedServer'), + ); + + setTimeout( + () => { + void startJoiningRoom({ + inviteEvent, + user: ourUser, + room, + state, + }); + }, + inviteEvent.event.content.is_direct ? 2000 : 0, + ); + + return { + body: { + event: inviteEvent.event, + }, + statusCode: 200, + }; + } catch (error) { + if (error instanceof NotAllowedError) { + return { + body: { + errcode: 'M_FORBIDDEN', + error: 'This server does not allow joining this type of room based on federation settings.', + }, + statusCode: 403, + }; + } + + return { + body: { + errcode: 'M_UNKNOWN', + error: error instanceof Error ? error.message : 'Internal server error while processing request', + }, + statusCode: 500, + }; + } }, ); }; diff --git a/ee/packages/federation-matrix/src/setup.ts b/ee/packages/federation-matrix/src/setup.ts index 5a56c26fad794..8f82e3062272c 100644 --- a/ee/packages/federation-matrix/src/setup.ts +++ b/ee/packages/federation-matrix/src/setup.ts @@ -45,6 +45,8 @@ export async function setupFederationMatrix(instanceId: string): Promise('Federation_Service_Matrix_Signing_Key')) || ''; const signingAlg = (await Settings.getValueById('Federation_Service_Matrix_Signing_Algorithm')) || ''; const signingVersion = (await Settings.getValueById('Federation_Service_Matrix_Signing_Version')) || ''; + const allowedEncryptedRooms = (await Settings.getValueById('Federation_Service_Join_Encrypted_Rooms')) || false; + const allowedNonPrivateRooms = (await Settings.getValueById('Federation_Service_Join_Non_Private_Rooms')) || false; // TODO are these required? const mongoUri = process.env.MONGO_URL || 'mongodb://localhost:3001/meteor'; @@ -83,6 +85,10 @@ export async function setupFederationMatrix(instanceId: string): Promise(); diff --git a/packages/core-services/package.json b/packages/core-services/package.json index f6c4d0630f4f5..cbe78787f4aad 100644 --- a/packages/core-services/package.json +++ b/packages/core-services/package.json @@ -35,7 +35,7 @@ }, "dependencies": { "@rocket.chat/core-typings": "workspace:^", - "@rocket.chat/federation-sdk": "0.1.28", + "@rocket.chat/federation-sdk": "0.1.29", "@rocket.chat/http-router": "workspace:^", "@rocket.chat/icons": "^0.43.0", "@rocket.chat/media-signaling": "workspace:^", diff --git a/packages/i18n/src/locales/en.i18n.json b/packages/i18n/src/locales/en.i18n.json index 0d7e43776d9ed..e0201d63bd6fc 100644 --- a/packages/i18n/src/locales/en.i18n.json +++ b/packages/i18n/src/locales/en.i18n.json @@ -2161,7 +2161,7 @@ "Federation_Service_EDU_Process_Presence": "Process Presence events", "Federation_Service_EDU_Process_Presence_Description": "Send and receive events of user presence (online, offline, etc.) between federated servers.", "Federation_Service_EDU_Process_Presence_Alert": "Enabling presence events may increase the load on your server and network traffic considerably, especially if you have many users. Only enable this option if you understand the implications and have the necessary resources to handle the additional load.", - "Federation_Service_Alert": "This is an alfa feature not intended for production usage!
It may not be stable and/or performatic. Please be aware that it may change, break, or even be removed in the future without any notice.", + "Federation_Service_Alert": "This is an Alpha feature not intended for production usage!
It may not be stable and/or performatic. Please be aware that it may change, break, or even be removed in the future without any notice.", "Federation_Service_Domain": "Federated Domain", "Federation_Service_Domain_Description": "The domain that this server should respond to, for example: `acme.com`. This will be used as the suffix for user IDs (e.g., `@user:acme.com`).
If your chat server is accessible from a different domain than the one you want to use for federation, you should follow our documentation to configure the `.well-known` file on your web server.", "Federation_Service_Domain_Alert": "Inform only the domain, do not include http(s)://, slashes or any path after it.
Use something like `acme.com` and not `https://acme.com/chat`.", @@ -2172,6 +2172,8 @@ "Federation_Service_max_allowed_size_of_public_rooms_to_join": "Maximum number of members when joining a public room in a remote server", "Federation_Service_max_allowed_size_of_public_rooms_to_join_Alert": "Keep in mind, that the bigger the room you allow for users to join, the more time it will take to join that room, besides the amount of resource it will use. Read more", "Federation_Service_max_allowed_size_of_public_rooms_to_join_Description": "The user limit from a public room in a remote server that can still be joined. Rooms that exceed this setting will still be listed, but users won't be able to join them", + "Federation_Service_Join_Encrypted_Rooms": "Allow joining encrypted federated rooms", + "Federation_Service_Join_Non_Private_Rooms": "Allow joining non-private rooms", "Federation_Service_Allow_List": "Domain Allow List", "Federation_Service_Allow_List_Description": "Restrict federation to the given allow list of domains.", "Field": "Field", diff --git a/yarn.lock b/yarn.lock index eb47f221eff25..f7e0e91563241 100644 --- a/yarn.lock +++ b/yarn.lock @@ -7279,7 +7279,7 @@ __metadata: "@rocket.chat/apps-engine": "workspace:^" "@rocket.chat/core-typings": "workspace:^" "@rocket.chat/eslint-config": "workspace:^" - "@rocket.chat/federation-sdk": "npm:0.1.28" + "@rocket.chat/federation-sdk": "npm:0.1.29" "@rocket.chat/http-router": "workspace:^" "@rocket.chat/icons": "npm:^0.43.0" "@rocket.chat/jest-presets": "workspace:~" @@ -7490,7 +7490,7 @@ __metadata: "@rocket.chat/core-typings": "workspace:^" "@rocket.chat/emitter": "npm:^0.31.25" "@rocket.chat/eslint-config": "workspace:^" - "@rocket.chat/federation-sdk": "npm:0.1.28" + "@rocket.chat/federation-sdk": "npm:0.1.29" "@rocket.chat/http-router": "workspace:^" "@rocket.chat/license": "workspace:^" "@rocket.chat/models": "workspace:^" @@ -7515,9 +7515,9 @@ __metadata: languageName: unknown linkType: soft -"@rocket.chat/federation-sdk@npm:0.1.28": - version: 0.1.28 - resolution: "@rocket.chat/federation-sdk@npm:0.1.28" +"@rocket.chat/federation-sdk@npm:0.1.29": + version: 0.1.29 + resolution: "@rocket.chat/federation-sdk@npm:0.1.29" dependencies: "@datastructures-js/priority-queue": "npm:^6.3.3" "@noble/ed25519": "npm:^3.0.0" @@ -7530,7 +7530,7 @@ __metadata: zod: "npm:^3.22.4" peerDependencies: typescript: ~5.9.2 - checksum: 10/21f2b17f1adf32497179142053bf8bdc7f165b67914a4dfe24b7942c195b5c8f5d7ac7c1c6fb228cf8a77fb347f239e3d7efc6b2b8cb70b534337e8cc305e9e2 + checksum: 10/2f8cf82f16e9dd4f342fdcec8cc7ef783626215465e6d68594a61bdd2df61d062d87d299eccbcd3b164e7d3b2bd42a9c32b6182d09b9415b391778d15d9bc2b9 languageName: node linkType: hard