make registration tokens reloadable, and allow configuring multiple

Signed-off-by: morguldir <[email protected]>
girlbossceo · Jan 31, 2025 · f698254 · f698254
1 parent 6983767
commit f698254
Show file tree

Hide file tree

Showing 4 changed files with 41 additions and 19 deletions.
diff --git a/conduwuit-example.toml b/conduwuit-example.toml
@@ -406,8 +406,9 @@
 #
 #registration_token =
 
-# Path to a file on the system that gets read for the registration token.
-# this config option takes precedence/priority over "registration_token".
+# Path to a file on the system that gets read for additional registration
+# tokens. Multiple tokens can be added if you separate them with
+# whitespace
 #
 # conduwuit must be able to access the file, and it must not be empty
 #

diff --git a/src/admin/room/alias.rs b/src/admin/room/alias.rs
@@ -72,7 +72,7 @@ pub(super) async fn reprocess(
 					))),
 			};
 			match command {
-				| RoomAliasCommand::Set { force, room_id, .. } =>
+				| RoomAliasCommand::Set { force, room_id, .. } => {
 					match (force, services.rooms.alias.resolve_local_alias(&room_alias).await) {
 						| (true, Ok(id)) => {
 							match services.rooms.alias.set_alias(
@@ -106,8 +106,9 @@ pub(super) async fn reprocess(
 								))),
 							}
 						},
-					},
-				| RoomAliasCommand::Remove { .. } =>
+					}
+				},
+				| RoomAliasCommand::Remove { .. } => {
 					match services.rooms.alias.resolve_local_alias(&room_alias).await {
 						| Ok(id) => match services
 							.rooms
@@ -124,15 +125,17 @@ pub(super) async fn reprocess(
 						},
 						| Err(_) =>
 							Ok(RoomMessageEventContent::text_plain("Alias isn't in use.")),
-					},
-				| RoomAliasCommand::Which { .. } =>
+					}
+				},
+				| RoomAliasCommand::Which { .. } => {
 					match services.rooms.alias.resolve_local_alias(&room_alias).await {
 						| Ok(id) => Ok(RoomMessageEventContent::text_plain(format!(
 							"Alias resolves to {id}"
 						))),
 						| Err(_) =>
 							Ok(RoomMessageEventContent::text_plain("Alias isn't in use.")),
-					},
+					}
+				},
 				| RoomAliasCommand::List { .. } => unreachable!(),
 			}
 		},

diff --git a/src/core/config/mod.rs b/src/core/config/mod.rs
@@ -510,8 +510,9 @@ pub struct Config {
 	/// display: sensitive
 	pub registration_token: Option<String>,
 
-	/// Path to a file on the system that gets read for the registration token.
-	/// this config option takes precedence/priority over "registration_token".
+	/// Path to a file on the system that gets read for additional registration
+	/// tokens. Multiple tokens can be added if you separate them with
+	/// whitespace
 	///
 	/// conduwuit must be able to access the file, and it must not be empty
 	///

diff --git a/src/service/uiaa/mod.rs b/src/service/uiaa/mod.rs
@@ -1,5 +1,5 @@
 use std::{
-	collections::BTreeMap,
+	collections::{BTreeMap, HashSet},
 	sync::{Arc, RwLock},
 };
 
@@ -17,7 +17,7 @@ use ruma::{
 	CanonicalJsonValue, DeviceId, OwnedDeviceId, OwnedUserId, UserId,
 };
 
-use crate::{globals, users, Dep};
+use crate::{config, globals, users, Dep};
 
 pub struct Service {
 	userdevicesessionid_uiaarequest: RwLock<RequestMap>,
@@ -28,6 +28,7 @@ pub struct Service {
 struct Services {
 	globals: Dep<globals::Service>,
 	users: Dep<users::Service>,
+	config: Dep<config::Service>,
 }
 
 struct Data {
@@ -49,13 +50,34 @@ impl crate::Service for Service {
 			services: Services {
 				globals: args.depend::<globals::Service>("globals"),
 				users: args.depend::<users::Service>("users"),
+				config: args.depend::<config::Service>("config"),
 			},
 		}))
 	}
 
 	fn name(&self) -> &str { crate::service::make_name(std::module_path!()) }
 }
 
+#[implement(Service)]
+pub async fn read_tokens(&self) -> Result<HashSet<String>> {
+	let mut tokens = HashSet::new();
+	if let Some(file) = &self.services.config.registration_token_file.as_ref() {
+		match std::fs::read_to_string(file) {
+			| Ok(text) => {
+				text.split_ascii_whitespace().for_each(|token| {
+					tokens.insert(token.to_owned());
+				});
+			},
+			| Err(e) => error!("Failed to read the registration token file: {e}"),
+		}
+	};
+	if let Some(token) = &self.services.config.registration_token {
+		tokens.insert(token.to_owned());
+	}
+
+	Ok(tokens)
+}
+
 /// Creates a new Uiaa session. Make sure the session token is unique.
 #[implement(Service)]
 pub fn create(
@@ -152,13 +174,8 @@ pub async fn try_auth(
 			uiaainfo.completed.push(AuthType::Password);
 		},
 		| AuthData::RegistrationToken(t) => {
-			if self
-				.services
-				.globals
-				.registration_token
-				.as_ref()
-				.is_some_and(|reg_token| t.token.trim() == reg_token)
-			{
+			let tokens = self.read_tokens().await?;
+			if tokens.contains(t.token.trim()) {
 				uiaainfo.completed.push(AuthType::RegistrationToken);
 			} else {
 				uiaainfo.auth_error = Some(ruma::api::client::error::StandardErrorBody {