Add optional whitelist to public rooms directory over federation

changelog.d/5093.feature

@@ -0,0 +1 @@
+Add optional whitelist to public rooms directory over federation.

docs/sample_config.yaml

@@ -101,6 +101,17 @@ pid_file: DATADIR/homeserver.pid
 #  - nyc.example.com
 #  - syd.example.com
 
+# Restricts access to the server's public rooms directory over
+# federation to a whitelist of homeservers. If this is set to an empty
+# array ('[]'), forbids any homeserver to fetch the server's public
+# rooms directory. If not specified, the default is to whitelist
+# everything.
+#
+#public_rooms_over_federation_whitelist:
+#  - lon.example.com
+#  - nyc.example.com
+#  - syd.example.com
+
 # List of ports that Synapse should listen on, their purpose and their
 # configuration.
 #

synapse/config/server.py

@@ -122,6 +122,16 @@ def read_config(self, config):
             for domain in federation_domain_whitelist:
                 self.federation_domain_whitelist[domain] = True
 
+        self.public_rooms_over_federation_whitelist = None
+        public_rooms_over_federation_whitelist = config.get(
+            "public_rooms_over_federation_whitelist", None
+        )
+        # turn the whitelist into a hash for speed of lookup
+        if public_rooms_over_federation_whitelist is not None:
+            self.public_rooms_over_federation_whitelist = {}
+            for domain in public_rooms_over_federation_whitelist:
+                self.public_rooms_over_federation_whitelist[domain] = True
+
         if self.public_baseurl is not None:
             if self.public_baseurl[-1] != '/':
                 self.public_baseurl += '/'
@@ -351,6 +361,17 @@ def default_config(self, server_name, data_dir_path, **kwargs):
         #  - nyc.example.com
         #  - syd.example.com
 
+        # Restricts access to the server's public rooms directory over
+        # federation to a whitelist of homeservers. If this is set to an empty
+        # array ('[]'), forbids any homeserver to fetch the server's public
+        # rooms directory. If not specified, the default is to whitelist
+        # everything.
+        #
+        #public_rooms_over_federation_whitelist:
+        #  - lon.example.com
+        #  - nyc.example.com
+        #  - syd.example.com
+
         # List of ports that Synapse should listen on, their purpose and their
         # configuration.
         #

synapse/federation/transport/server.py

@@ -98,6 +98,7 @@ def __init__(self, hs):
         self.server_name = hs.hostname
         self.store = hs.get_datastore()
         self.federation_domain_whitelist = hs.config.federation_domain_whitelist
+        self.public_rooms_whitelist = hs.config.public_rooms_over_federation_whitelist
 
     # A method just so we can pass 'self' as the authenticator to the Servlets
     @defer.inlineCallbacks
@@ -133,6 +134,15 @@ def authenticate_request(self, request, content):
         ):
             raise FederationDeniedError(origin)
 
+        # Special case the public rooms directory since it has another dedicated
+        # whitelist.
+        if (
+            "publicRooms" in request.path and
+            self.public_rooms_whitelist is not None and
+            origin not in self.public_rooms_whitelist
+        ):
+            raise FederationDeniedError(origin)
+
         if not json_request["signatures"]:
             raise NoAuthenticationError(
                 401, "Missing Authorization headers", Codes.UNAUTHORIZED,