From 213c98c00a473bac7363e1a728828e0f056550b8 Mon Sep 17 00:00:00 2001
From: Erik Johnston <erik@matrix.org>
Date: Tue, 19 Mar 2019 16:50:51 +0000
Subject: Add option to disable search room lists

This disables both local and remote room list searching.
---
 synapse/config/room_directory.py |  9 +++++++++
 synapse/handlers/room_list.py    | 13 +++++++++++++
 2 files changed, 22 insertions(+)

(limited to 'synapse')

diff --git a/synapse/config/room_directory.py b/synapse/config/room_directory.py
index 9b897abe3c..a25a41d16d 100644
--- a/synapse/config/room_directory.py
+++ b/synapse/config/room_directory.py
@@ -20,6 +20,10 @@ from ._base import Config, ConfigError
 
 class RoomDirectoryConfig(Config):
     def read_config(self, config):
+        self.enable_room_list_search = config.get(
+            "enable_room_list_search", True,
+        )
+
         alias_creation_rules = config.get("alias_creation_rules")
 
         if alias_creation_rules is not None:
@@ -54,6 +58,11 @@ class RoomDirectoryConfig(Config):
 
     def default_config(self, config_dir_path, server_name, **kwargs):
         return """
+        # Wether the public room list can be searched. When disabled blocks
+        # searching local and remote room list for local and remote users.
+        #
+        #enable_room_list_search: true
+
         # The `alias_creation` option controls who's allowed to create aliases
         # on this server.
         #
diff --git a/synapse/handlers/room_list.py b/synapse/handlers/room_list.py
index afa508d729..ba50c8aa95 100644
--- a/synapse/handlers/room_list.py
+++ b/synapse/handlers/room_list.py
@@ -44,6 +44,7 @@ EMPTY_THIRD_PARTY_ID = ThirdPartyInstanceID(None, None)
 class RoomListHandler(BaseHandler):
     def __init__(self, hs):
         super(RoomListHandler, self).__init__(hs)
+        self.config = hs.config
         self.response_cache = ResponseCache(hs, "room_list")
         self.remote_response_cache = ResponseCache(hs, "remote_room_list",
                                                    timeout_ms=30 * 1000)
@@ -70,6 +71,12 @@ class RoomListHandler(BaseHandler):
             "Getting public room list: limit=%r, since=%r, search=%r, network=%r",
             limit, since_token, bool(search_filter), network_tuple,
         )
+        if not self.config.enable_room_list_search:
+            return defer.succeed({
+                "chunk": [],
+                "total_room_count_estimate": 0,
+            })
+
         if search_filter:
             # We explicitly don't bother caching searches or requests for
             # appservice specific lists.
@@ -441,6 +448,12 @@ class RoomListHandler(BaseHandler):
     def get_remote_public_room_list(self, server_name, limit=None, since_token=None,
                                     search_filter=None, include_all_networks=False,
                                     third_party_instance_id=None,):
+        if not self.config.enable_room_list_search:
+            defer.returnValue({
+                "chunk": [],
+                "total_room_count_estimate": 0,
+            })
+
         if search_filter:
             # We currently don't support searching across federation, so we have
             # to do it manually without pagination
-- 
cgit 1.4.1


From 926f29ea6d820d1d14fb5677fe948fa2e15d748e Mon Sep 17 00:00:00 2001
From: Erik Johnston <erik@matrix.org>
Date: Wed, 20 Mar 2019 14:24:53 +0000
Subject: Fix up config comments

---
 docs/sample_config.yaml          | 7 ++++---
 synapse/config/room_directory.py | 7 ++++---
 2 files changed, 8 insertions(+), 6 deletions(-)

(limited to 'synapse')

diff --git a/docs/sample_config.yaml b/docs/sample_config.yaml
index f7b1825d61..d1a419b240 100644
--- a/docs/sample_config.yaml
+++ b/docs/sample_config.yaml
@@ -1036,10 +1036,11 @@ password_config:
 
 
 
-# Wether the public room list can be searched. When disabled blocks
-# searching local and remote room list for local and remote users.
+# Uncomment to disable searching the public room list. When disabled
+# blocks searching local and remote room lists for local and remote
+# users by always returning an empty list for all queries.
 #
-#enable_room_list_search: true
+#enable_room_list_search: false
 
 # The `alias_creation` option controls who's allowed to create aliases
 # on this server.
diff --git a/synapse/config/room_directory.py b/synapse/config/room_directory.py
index a25a41d16d..8a9fded4c5 100644
--- a/synapse/config/room_directory.py
+++ b/synapse/config/room_directory.py
@@ -58,10 +58,11 @@ class RoomDirectoryConfig(Config):
 
     def default_config(self, config_dir_path, server_name, **kwargs):
         return """
-        # Wether the public room list can be searched. When disabled blocks
-        # searching local and remote room list for local and remote users.
+        # Uncomment to disable searching the public room list. When disabled
+        # blocks searching local and remote room lists for local and remote
+        # users by always returning an empty list for all queries.
         #
-        #enable_room_list_search: true
+        #enable_room_list_search: false
 
         # The `alias_creation` option controls who's allowed to create aliases
         # on this server.
-- 
cgit 1.4.1


From 7529038e66a81d36a71c654f26165a4215d918b3 Mon Sep 17 00:00:00 2001
From: Erik Johnston <erik@matrix.org>
Date: Wed, 20 Mar 2019 14:25:28 +0000
Subject: Return before we log

---
 synapse/handlers/room_list.py | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

(limited to 'synapse')

diff --git a/synapse/handlers/room_list.py b/synapse/handlers/room_list.py
index ba50c8aa95..dc54634107 100644
--- a/synapse/handlers/room_list.py
+++ b/synapse/handlers/room_list.py
@@ -67,16 +67,17 @@ class RoomListHandler(BaseHandler):
                 appservice and network id to use an appservice specific one.
                 Setting to None returns all public rooms across all lists.
         """
-        logger.info(
-            "Getting public room list: limit=%r, since=%r, search=%r, network=%r",
-            limit, since_token, bool(search_filter), network_tuple,
-        )
         if not self.config.enable_room_list_search:
             return defer.succeed({
                 "chunk": [],
                 "total_room_count_estimate": 0,
             })
 
+        logger.info(
+            "Getting public room list: limit=%r, since=%r, search=%r, network=%r",
+            limit, since_token, bool(search_filter), network_tuple,
+        )
+
         if search_filter:
             # We explicitly don't bother caching searches or requests for
             # appservice specific lists.
-- 
cgit 1.4.1


From 2c90422146b169cd43df12ab98e4e02ae53243c7 Mon Sep 17 00:00:00 2001
From: Erik Johnston <erik@matrix.org>
Date: Wed, 20 Mar 2019 14:25:58 +0000
Subject: Pull out config option

---
 synapse/handlers/room_list.py | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

(limited to 'synapse')

diff --git a/synapse/handlers/room_list.py b/synapse/handlers/room_list.py
index dc54634107..d6c9d56007 100644
--- a/synapse/handlers/room_list.py
+++ b/synapse/handlers/room_list.py
@@ -44,7 +44,7 @@ EMPTY_THIRD_PARTY_ID = ThirdPartyInstanceID(None, None)
 class RoomListHandler(BaseHandler):
     def __init__(self, hs):
         super(RoomListHandler, self).__init__(hs)
-        self.config = hs.config
+        self.enable_room_list_search = hs.config.enable_room_list_search
         self.response_cache = ResponseCache(hs, "room_list")
         self.remote_response_cache = ResponseCache(hs, "remote_room_list",
                                                    timeout_ms=30 * 1000)
@@ -67,7 +67,7 @@ class RoomListHandler(BaseHandler):
                 appservice and network id to use an appservice specific one.
                 Setting to None returns all public rooms across all lists.
         """
-        if not self.config.enable_room_list_search:
+        if not self.enable_room_list_search:
             return defer.succeed({
                 "chunk": [],
                 "total_room_count_estimate": 0,
@@ -449,7 +449,7 @@ class RoomListHandler(BaseHandler):
     def get_remote_public_room_list(self, server_name, limit=None, since_token=None,
                                     search_filter=None, include_all_networks=False,
                                     third_party_instance_id=None,):
-        if not self.config.enable_room_list_search:
+        if not self.enable_room_list_search:
             defer.returnValue({
                 "chunk": [],
                 "total_room_count_estimate": 0,
-- 
cgit 1.4.1


From cc197a61a1b494e5f8a7fbbc299161845f2ab8af Mon Sep 17 00:00:00 2001
From: Erik Johnston <erik@matrix.org>
Date: Wed, 20 Mar 2019 14:30:36 +0000
Subject: Disable publishing to room list when its disabled

---
 synapse/handlers/directory.py | 8 ++++++++
 1 file changed, 8 insertions(+)

(limited to 'synapse')

diff --git a/synapse/handlers/directory.py b/synapse/handlers/directory.py
index 8b113307d2..fe128d9c88 100644
--- a/synapse/handlers/directory.py
+++ b/synapse/handlers/directory.py
@@ -44,6 +44,7 @@ class DirectoryHandler(BaseHandler):
         self.appservice_handler = hs.get_application_service_handler()
         self.event_creation_handler = hs.get_event_creation_handler()
         self.config = hs.config
+        self.enable_room_list_search = hs.config.enable_room_list_search
 
         self.federation = hs.get_federation_client()
         hs.get_federation_registry().register_query_handler(
@@ -411,6 +412,13 @@ class DirectoryHandler(BaseHandler):
         if visibility not in ["public", "private"]:
             raise SynapseError(400, "Invalid visibility setting")
 
+        if visibility == "public" and not self.enable_room_list_search:
+            # The room list has been disabled.
+            raise AuthError(
+                403,
+                "This user is not permitted to publish rooms to the room list"
+            )
+
         room = yield self.store.get_room(room_id)
         if room is None:
             raise SynapseError(400, "Unknown room")
-- 
cgit 1.4.1