Skip to content

fix(federation): allow to join non-private or encrypted rooms based on settings #37227

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
sampaiodiego merged 2 commits into from
Oct 15, 2025
Merged

fix(federation): allow to join non-private or encrypted rooms based on settings #37227

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
c6b8c6f
avoid to join non-private or encrypted rooms based on settings
ricardogarim Oct 15, 2025
616a918
bump @rocket.chat/federation-sdk to 0.1.29
ricardogarim Oct 15, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
16 changes: 16 additions & 0 deletions apps/meteor/server/settings/federation-service.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -84,5 +84,21 @@ export const createFederationServiceSettings = async (): Promise<void> => {
invalidValue: false,
alert: 'Federation_Service_EDU_Process_Presence_Alert',
});

await this.add('Federation_Service_Join_Encrypted_Rooms', false, {
type: 'boolean',
public: false,
enterprise: true,
modules: ['federation'],
invalidValue: false,
});

await this.add('Federation_Service_Join_Non_Private_Rooms', false, {
type: 'boolean',
public: false,
enterprise: true,
modules: ['federation'],
invalidValue: false,
});
});
};
2 changes: 1 addition & 1 deletion ee/packages/federation-matrix/package.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -38,7 +38,7 @@
"@rocket.chat/core-services": "workspace:^",
"@rocket.chat/core-typings": "workspace:^",
"@rocket.chat/emitter": "^0.31.25",
"@rocket.chat/federation-sdk": "0.1.28",
"@rocket.chat/federation-sdk": "0.1.29",
"@rocket.chat/http-router": "workspace:^",
"@rocket.chat/license": "workspace:^",
"@rocket.chat/models": "workspace:^",
Expand Down
74 changes: 47 additions & 27 deletions ee/packages/federation-matrix/src/api/_matrix/invite.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,5 @@
import { FederationMatrix, Room } from '@rocket.chat/core-services';
import { isUserNativeFederated, type IUser } from '@rocket.chat/core-typings';
import { eventIdSchema, roomIdSchema } from '@rocket.chat/federation-sdk';
import type {
HomeserverServices,
RoomService,
Expand All @@ -9,6 +8,7 @@ import type {
PersistentEventBase,
RoomVersion,
} from '@rocket.chat/federation-sdk';
import { eventIdSchema, roomIdSchema, NotAllowedError } from '@rocket.chat/federation-sdk';
import { Router } from '@rocket.chat/http-router';
import { Rooms, Users } from '@rocket.chat/models';
import { ajv } from '@rocket.chat/rest-typings/dist/v1/Ajv';
Expand Down Expand Up @@ -355,32 +355,52 @@ export const getMatrixInviteRoutes = (services: HomeserverServices) => {
throw new Error('user not found not processing invite');
}

const inviteEvent = await invite.processInvite(
event,
roomIdSchema.parse(roomId),
eventIdSchema.parse(eventId),
roomVersion,
c.get('authenticatedServer'),
);

setTimeout(
() => {
void startJoiningRoom({
inviteEvent,
user: ourUser,
room,
state,
});
},
inviteEvent.event.content.is_direct ? 2000 : 0,
);

return {
body: {
event: inviteEvent.event,
},
statusCode: 200,
};
try {
const inviteEvent = await invite.processInvite(
event,
roomIdSchema.parse(roomId),
eventIdSchema.parse(eventId),
roomVersion,
c.get('authenticatedServer'),
);

setTimeout(
() => {
void startJoiningRoom({
inviteEvent,
user: ourUser,
room,
state,
});
},
inviteEvent.event.content.is_direct ? 2000 : 0,
);

return {
body: {
event: inviteEvent.event,
},
statusCode: 200,
};
} catch (error) {
if (error instanceof NotAllowedError) {
return {
body: {
errcode: 'M_FORBIDDEN',
error: 'This server does not allow joining this type of room based on federation settings.',
},
statusCode: 403,
};
}

return {
body: {
errcode: 'M_UNKNOWN',
error: error instanceof Error ? error.message : 'Internal server error while processing request',
},
statusCode: 500,
};
}
},
);
};
6 changes: 6 additions & 0 deletions ee/packages/federation-matrix/src/setup.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -45,6 +45,8 @@ export async function setupFederationMatrix(instanceId: string): Promise<boolean
const signingKey = (await Settings.getValueById<string>('Federation_Service_Matrix_Signing_Key')) || '';
const signingAlg = (await Settings.getValueById<string>('Federation_Service_Matrix_Signing_Algorithm')) || '';
const signingVersion = (await Settings.getValueById<string>('Federation_Service_Matrix_Signing_Version')) || '';
const allowedEncryptedRooms = (await Settings.getValueById<boolean>('Federation_Service_Join_Encrypted_Rooms')) || false;
const allowedNonPrivateRooms = (await Settings.getValueById<boolean>('Federation_Service_Join_Non_Private_Rooms')) || false;

// TODO are these required?
const mongoUri = process.env.MONGO_URL || 'mongodb://localhost:3001/meteor';
Expand Down Expand Up @@ -83,6 +85,10 @@ export async function setupFederationMatrix(instanceId: string): Promise<boolean
downloadPerMinute: Number.parseInt(process.env.MEDIA_DOWNLOAD_RATE_LIMIT || '60', 10),
},
},
invite: {
allowedEncryptedRooms,
allowedNonPrivateRooms,
},
});

const eventHandler = new Emitter<HomeserverEventSignatures>();
Expand Down
2 changes: 1 addition & 1 deletion packages/core-services/package.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,7 @@
},
"dependencies": {
"@rocket.chat/core-typings": "workspace:^",
"@rocket.chat/federation-sdk": "0.1.28",
"@rocket.chat/federation-sdk": "0.1.29",
"@rocket.chat/http-router": "workspace:^",
"@rocket.chat/icons": "^0.43.0",
"@rocket.chat/media-signaling": "workspace:^",
Expand Down
4 changes: 3 additions & 1 deletion packages/i18n/src/locales/en.i18n.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2161,7 +2161,7 @@
"Federation_Service_EDU_Process_Presence": "Process Presence events",
"Federation_Service_EDU_Process_Presence_Description": "Send and receive events of user presence (online, offline, etc.) between federated servers.",
"Federation_Service_EDU_Process_Presence_Alert": "Enabling presence events may increase the load on your server and network traffic considerably, especially if you have many users. Only enable this option if you understand the implications and have the necessary resources to handle the additional load.",
"Federation_Service_Alert": "<strong>This is an alfa feature not intended for production usage!</strong><br/>It may not be stable and/or performatic. Please be aware that it may change, break, or even be removed in the future without any notice.",
"Federation_Service_Alert": "<strong>This is an Alpha feature not intended for production usage!</strong><br/>It may not be stable and/or performatic. Please be aware that it may change, break, or even be removed in the future without any notice.",
"Federation_Service_Domain": "Federated Domain",
"Federation_Service_Domain_Description": "The domain that this server should respond to, for example: `acme.com`. This will be used as the suffix for user IDs (e.g., `@user:acme.com`).<br/>If your chat server is accessible from a different domain than the one you want to use for federation, you should follow our documentation to configure the `.well-known` file on your web server.",
"Federation_Service_Domain_Alert": "Inform only the domain, do not include http(s)://, slashes or any path after it.<br/>Use something like `acme.com` and not `https://acme.com/chat`.",
Expand All @@ -2172,6 +2172,8 @@
"Federation_Service_max_allowed_size_of_public_rooms_to_join": "Maximum number of members when joining a public room in a remote server",
"Federation_Service_max_allowed_size_of_public_rooms_to_join_Alert": "Keep in mind, that the bigger the room you allow for users to join, the more time it will take to join that room, besides the amount of resource it will use. <a target=\"_blank\" href=\"https://matrix.org/blog/2022/10/18/testing-faster-remote-room-joins\">Read more</a>",
"Federation_Service_max_allowed_size_of_public_rooms_to_join_Description": "The user limit from a public room in a remote server that can still be joined. Rooms that exceed this setting will still be listed, but users won't be able to join them",
"Federation_Service_Join_Encrypted_Rooms": "Allow joining encrypted federated rooms",
"Federation_Service_Join_Non_Private_Rooms": "Allow joining non-private rooms",
"Federation_Service_Allow_List": "Domain Allow List",
"Federation_Service_Allow_List_Description": "Restrict federation to the given allow list of domains.",
"Field": "Field",
Expand Down
12 changes: 6 additions & 6 deletions yarn.lock
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7279,7 +7279,7 @@ __metadata:
"@rocket.chat/apps-engine": "workspace:^"
"@rocket.chat/core-typings": "workspace:^"
"@rocket.chat/eslint-config": "workspace:^"
"@rocket.chat/federation-sdk": "npm:0.1.28"
"@rocket.chat/federation-sdk": "npm:0.1.29"
"@rocket.chat/http-router": "workspace:^"
"@rocket.chat/icons": "npm:^0.43.0"
"@rocket.chat/jest-presets": "workspace:~"
Expand Down Expand Up @@ -7490,7 +7490,7 @@ __metadata:
"@rocket.chat/core-typings": "workspace:^"
"@rocket.chat/emitter": "npm:^0.31.25"
"@rocket.chat/eslint-config": "workspace:^"
"@rocket.chat/federation-sdk": "npm:0.1.28"
"@rocket.chat/federation-sdk": "npm:0.1.29"
"@rocket.chat/http-router": "workspace:^"
"@rocket.chat/license": "workspace:^"
"@rocket.chat/models": "workspace:^"
Expand All @@ -7515,9 +7515,9 @@ __metadata:
languageName: unknown
linkType: soft

"@rocket.chat/federation-sdk@npm:0.1.28":
version: 0.1.28
resolution: "@rocket.chat/federation-sdk@npm:0.1.28"
"@rocket.chat/federation-sdk@npm:0.1.29":
version: 0.1.29
resolution: "@rocket.chat/federation-sdk@npm:0.1.29"
dependencies:
"@datastructures-js/priority-queue": "npm:^6.3.3"
"@noble/ed25519": "npm:^3.0.0"
Expand All @@ -7530,7 +7530,7 @@ __metadata:
zod: "npm:^3.22.4"
peerDependencies:
typescript: ~5.9.2
checksum: 10/21f2b17f1adf32497179142053bf8bdc7f165b67914a4dfe24b7942c195b5c8f5d7ac7c1c6fb228cf8a77fb347f239e3d7efc6b2b8cb70b534337e8cc305e9e2
checksum: 10/2f8cf82f16e9dd4f342fdcec8cc7ef783626215465e6d68594a61bdd2df61d062d87d299eccbcd3b164e7d3b2bd42a9c32b6182d09b9415b391778d15d9bc2b9
languageName: node
linkType: hard

Expand Down
Loading