chore: Upgrade git dependencies

Re-adds revert to try and fix rocksdb repair deadlock

.forgejo/actions/prepare-docker-build/action.yml

@@ -75,7 +75,7 @@ runs:
 
     - name: Set up QEMU
       if: ${{ env.BUILDKIT_ENDPOINT == '' }}
-      uses: docker/setup-qemu-action@v3
+      uses: docker/setup-qemu-action@v4
 
     - name: Login to builtin registry
       if: ${{ env.BUILTIN_REGISTRY_ENABLED == 'true' }}

.forgejo/workflows/check-changelog.yml

@@ -0,0 +1,103 @@
+name: Check Changelog
+
+on:
+  pull_request_target:
+    types: [opened, synchronize, reopened, ready_for_review]
+
+
+concurrency:
+  group: "${{ github.workflow }}-${{ github.ref }}"
+  cancel-in-progress: true
+
+permissions:
+  contents: read
+  pull-requests: write
+  issues: write
+
+jobs:
+  check-changelog:
+    name: Check for changelog
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v6
+        with:
+          ref: ${{ github.event.pull_request.head.sha }}
+          fetch-depth: 0
+          persist-credentials: false
+          sparse-checkout: .
+
+      - name: Check for changelog entry
+        id: check_files
+        run: |
+          git fetch origin ${GITHUB_BASE_REF}
+
+          # Check for Added (A) or Modified (M) files in changelog.d
+          CHANGELOG_CHANGES=$(git diff --name-status origin/${GITHUB_BASE_REF} HEAD -- changelog.d/)
+
+          SRC_CHANGES=$(git diff --name-status origin/${GITHUB_BASE_REF} HEAD -- src/)
+
+          echo "Changes in changelog.d/:"
+          echo "$CHANGELOG_CHANGES"
+          echo "Changes in src/:"
+          echo "$SRC_CHANGES"
+
+          if echo "$CHANGELOG_CHANGES" | grep -q "^[AM]"; then
+            echo "has_changelog=true" >> $GITHUB_OUTPUT
+          else
+            echo "has_changelog=false" >> $GITHUB_OUTPUT
+          fi
+
+          if [ -n "$SRC_CHANGES" ]; then
+            echo "src_changed=true" >> $GITHUB_OUTPUT
+          else
+            echo "src_changed=false" >> $GITHUB_OUTPUT
+          fi
+
+      - name: Manage PR Comment
+        uses: https://github.com/actions/github-script@v8
+        env:
+          HAS_CHANGELOG: ${{ steps.check_files.outputs.has_changelog }}
+          SRC_CHANGED: ${{ steps.check_files.outputs.src_changed }}
+        with:
+          script: |
+            const hasChangelog = process.env.HAS_CHANGELOG === 'true';
+            const srcChanged = process.env.SRC_CHANGED === 'true';
+            const commentSignature = '<!-- changelog-check-action -->';
+            const commentBody = `${commentSignature}\nPlease add a changelog fragment to \`changelog.d/\` describing your changes.`;
+
+            const { data: currentUser } = await github.rest.users.getAuthenticated();
+
+            const { data: comments } = await github.rest.issues.listComments({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              issue_number: context.issue.number,
+            });
+
+            const botComment = comments.find(comment =>
+              comment.user.id === currentUser.id &&
+              comment.body.includes(commentSignature)
+            );
+
+            const shouldWarn = srcChanged && !hasChangelog;
+
+            if (!shouldWarn) {
+              if (botComment) {
+                console.log('Changelog found or not required. Deleting existing warning comment.');
+                await github.rest.issues.deleteComment({
+                  owner: context.repo.owner,
+                  repo: context.repo.repo,
+                  comment_id: botComment.id,
+                });
+              }
+            } else {
+              if (!botComment) {
+                console.log('Changelog missing and required. Creating warning comment.');
+                await github.rest.issues.createComment({
+                  owner: context.repo.owner,
+                  repo: context.repo.repo,
+                  issue_number: context.issue.number,
+                  body: commentBody,
+                });
+              }
+            }

CONTRIBUTING.md

@@ -36,7 +36,7 @@ # Run all checks
 prek --all-files
 ```
 
-Alternatively, you can use [pre-commit](https://pre-commit.com/):
+Alternatively, you can use [pre-commit][pre-commit]:
 ```bash
 # Requires python
 
@@ -52,6 +52,8 @@ # Run all checks manually
 
 These same checks are run in CI via the prek-checks workflow to ensure consistency. These must pass before the PR is merged.
 
+[pre-commit]: https://pre-commit.com/
+
 ### Running tests locally
 
 Tests, compilation, and linting can be run with standard Cargo commands:
@@ -109,7 +111,7 @@ ### Writing documentation
 
 ### Commit Messages
 
-Continuwuity follows the [Conventional Commits](https://www.conventionalcommits.org/) specification for commit messages. This provides a standardized format that makes the commit history more readable and enables automated tools to generate changelogs.
+Continuwuity follows the [Conventional Commits][conventional-commits] specification for commit messages. This provides a standardized format that makes the commit history more readable and enables automated tools to generate changelogs.
 
 The basic structure is:
 
@@ -168,6 +170,7 @@ ### Creating pull requests
 their contributions accepted. This includes users who have been banned from
 continuwuity Matrix rooms for Code of Conduct violations.
 
+[conventional-commits]: https://www.conventionalcommits.org/
 [issues]: https://forgejo.ellis.link/continuwuation/continuwuity/issues
 [continuwuity-matrix]: https://matrix.to/#/#continuwuity:continuwuity.org?via=continuwuity.org&via=ellis.link&via=explodie.org&via=matrix.org
 [complement]: https://github.com/matrix-org/complement/
@@ -175,3 +178,32 @@ ### Creating pull requests
 [nodejs-download]: https://nodejs.org/en/download
 [rspress]: https://rspress.rs/
 [documentation.yml]: https://forgejo.ellis.link/continuwuation/continuwuity/src/branch/main/.forgejo/workflows/documentation.yml
+
+#### Writing news fragments
+
+In order to make writing our changelogs easier, we make use of [Towncrier]. Towncrier builds changelogs based on
+"news fragments", which are little markdown files in the `changelog.d/` directory that describe individual changes.
+
+When you make a pull request that changes functionality, fixes a bug, or adds documentation, please add a news fragment
+describing your change. The file name *MUST* be in the format of `{pull_request_number}.{type}`, where `{type}` is one
+of the following:
+
+- `feature` - for new features
+- `bugfix` - for bug fixes
+- `doc` - for documentation changes
+- `misc` - for other changes that don't fit the above categories
+
+For example:
+
+```bash
+$ echo "Fixed the quantum flux stabiliser. Contributed by @alice." > changelog.d/42.bugfix
+```
+
+(Note: If you want to credit yourself, you should reference your forgejo handle, however links to other platforms are also acceptable.)
+
+When the next release is made, Towncrier will automatically include your news fragment in the changelog.
+
+You can read more about writing news fragments in the [Towncrier tutorial][tt].
+
+[Towncrier]: https://towncrier.readthedocs.io/
+[tt]: https://towncrier.readthedocs.io/en/stable/tutorial.html#creating-news-fragments

Cargo.lock

@@ -92,6 +92,15 @@ dependencies = [
  "unicode-width 0.2.2",
 ]
 
+[[package]]
+name = "ansi-width"
+version = "0.1.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "219e3ce6f2611d83b51ec2098a12702112c29e57203a6b0a0929b2cddb486608"
+dependencies = [
+ "unicode-width 0.1.14",
+]
+
 [[package]]
 name = "anstyle"
 version = "1.0.14"
@@ -271,8 +280,8 @@ checksum = "5f093eed78becd229346bf859eec0aa4dd7ddde0757287b2b4107a1f09c80002"
 
 [[package]]
 name = "async-channel"
-version = "2.3.1"
-source = "git+https://forgejo.ellis.link/continuwuation/async-channel?rev=92e5e74063bf2a3b10414bcc8a0d68b235644280#92e5e74063bf2a3b10414bcc8a0d68b235644280"
+version = "2.5.0"
+source = "git+https://forgejo.ellis.link/continuwuation/async-channel?rev=e990f0006b68dc9bace7a3c95fc90b5c4e44948d#e990f0006b68dc9bace7a3c95fc90b5c4e44948d"
 dependencies = [
  "concurrent-queue",
  "event-listener-strategy",
@@ -1022,6 +1031,7 @@ dependencies = [
  "hardened_malloc-rs",
  "http",
  "http-body-util",
+ "hyper-util",
  "ipaddress",
  "itertools 0.14.0",
  "libc",
@@ -1313,8 +1323,8 @@ dependencies = [
 
 [[package]]
 name = "core_affinity"
-version = "0.8.1"
-source = "git+https://forgejo.ellis.link/continuwuation/core_affinity_rs?rev=9c8e51510c35077df888ee72a36b4b05637147da#9c8e51510c35077df888ee72a36b4b05637147da"
+version = "0.8.3"
+source = "git+https://forgejo.ellis.link/continuwuation/core_affinity_rs?rev=7c7a9dea35382743a63837cdd1d977efdb8f1b8a#7c7a9dea35382743a63837cdd1d977efdb8f1b8a"
 dependencies = [
  "libc",
  "num_cpus",
@@ -1815,10 +1825,9 @@ dependencies = [
 
 [[package]]
 name = "event-listener"
-version = "5.3.1"
-source = "git+https://forgejo.ellis.link/continuwuation/event-listener?rev=fe4aebeeaae435af60087ddd56b573a2e0be671d#fe4aebeeaae435af60087ddd56b573a2e0be671d"
+version = "5.4.1"
+source = "git+https://forgejo.ellis.link/continuwuation/event-listener?rev=b2c19bcaf5a0a69c38c034e417bda04a9b991529#b2c19bcaf5a0a69c38c034e417bda04a9b991529"
 dependencies = [
- "concurrent-queue",
  "parking",
  "pin-project-lite",
 ]
@@ -2487,13 +2496,12 @@ dependencies = [
 
 [[package]]
 name = "hyper-util"
-version = "0.1.17"
-source = "git+https://forgejo.ellis.link/continuwuation/hyper-util?rev=5886d5292bf704c246206ad72d010d674a7b77d0#5886d5292bf704c246206ad72d010d674a7b77d0"
+version = "0.1.20"
+source = "git+https://forgejo.ellis.link/continuwuation/hyper-util?rev=09fcd3bf4656c81a8ad573bee410ab2b57f60b86#09fcd3bf4656c81a8ad573bee410ab2b57f60b86"
 dependencies = [
  "base64 0.22.1",
  "bytes",
  "futures-channel",
- "futures-core",
  "futures-util",
  "http",
  "http-body",
@@ -4590,8 +4598,8 @@ dependencies = [
 
 [[package]]
 name = "rust-librocksdb-sys"
-version = "0.39.0+10.5.1"
-source = "git+https://forgejo.ellis.link/continuwuation/rust-rocksdb-zaidoon1?rev=61d9d23872197e9ace4a477f2617d5c9f50ecb23#61d9d23872197e9ace4a477f2617d5c9f50ecb23"
+version = "0.42.0+10.10.1"
+source = "git+https://forgejo.ellis.link/continuwuation/rust-rocksdb-zaidoon1?rev=31fb8f772c7afcdc0061ab6a40cfa3a1be2fccd9#31fb8f772c7afcdc0061ab6a40cfa3a1be2fccd9"
 dependencies = [
  "bindgen",
  "bzip2-sys",
@@ -4607,8 +4615,8 @@ dependencies = [
 
 [[package]]
 name = "rust-rocksdb"
-version = "0.43.0"
-source = "git+https://forgejo.ellis.link/continuwuation/rust-rocksdb-zaidoon1?rev=61d9d23872197e9ace4a477f2617d5c9f50ecb23#61d9d23872197e9ace4a477f2617d5c9f50ecb23"
+version = "0.46.0"
+source = "git+https://forgejo.ellis.link/continuwuation/rust-rocksdb-zaidoon1?rev=31fb8f772c7afcdc0061ab6a40cfa3a1be2fccd9#31fb8f772c7afcdc0061ab6a40cfa3a1be2fccd9"
 dependencies = [
  "libc",
  "parking_lot",
@@ -4725,16 +4733,16 @@ checksum = "b39cdef0fa800fc44525c84ccb54a029961a8215f9619753635a9c0d2538d46d"
 
 [[package]]
 name = "rustyline-async"
-version = "0.4.6"
-source = "git+https://forgejo.ellis.link/continuwuation/rustyline-async?rev=e9f01cf8c6605483cb80b3b0309b400940493d7f#e9f01cf8c6605483cb80b3b0309b400940493d7f"
+version = "0.4.9"
+source = "git+https://forgejo.ellis.link/continuwuation/rustyline-async?rev=b13aca2cc08d5f78303746cd192d9a03d73e768e#b13aca2cc08d5f78303746cd192d9a03d73e768e"
 dependencies = [
+ "ansi-width",
  "crossterm",
  "futures-util",
  "pin-project",
  "thingbuf",
  "thiserror 2.0.18",
  "unicode-segmentation",
- "unicode-width 0.2.2",
 ]
 
 [[package]]
@@ -5454,8 +5462,8 @@ dependencies = [
 
 [[package]]
 name = "tikv-jemalloc-ctl"
-version = "0.6.0"
-source = "git+https://forgejo.ellis.link/continuwuation/jemallocator?rev=82af58d6a13ddd5dcdc7d4e91eae3b63292995b8#82af58d6a13ddd5dcdc7d4e91eae3b63292995b8"
+version = "0.6.1"
+source = "git+https://forgejo.ellis.link/continuwuation/jemallocator?rev=df86ff89d4b1e223b9f7d2dd2fbb7f202da7f554#df86ff89d4b1e223b9f7d2dd2fbb7f202da7f554"
 dependencies = [
  "libc",
  "paste",
@@ -5464,8 +5472,8 @@ dependencies = [
 
 [[package]]
 name = "tikv-jemalloc-sys"
-version = "0.6.0+5.3.0-1-ge13ca993e8ccb9ba9847cc330696e02839f328f7"
-source = "git+https://forgejo.ellis.link/continuwuation/jemallocator?rev=82af58d6a13ddd5dcdc7d4e91eae3b63292995b8#82af58d6a13ddd5dcdc7d4e91eae3b63292995b8"
+version = "0.6.1+5.3.0-1-ge13ca993e8ccb9ba9847cc330696e02839f328f7"
+source = "git+https://forgejo.ellis.link/continuwuation/jemallocator?rev=df86ff89d4b1e223b9f7d2dd2fbb7f202da7f554#df86ff89d4b1e223b9f7d2dd2fbb7f202da7f554"
 dependencies = [
  "cc",
  "libc",
@@ -5473,8 +5481,8 @@ dependencies = [
 
 [[package]]
 name = "tikv-jemallocator"
-version = "0.6.0"
-source = "git+https://forgejo.ellis.link/continuwuation/jemallocator?rev=82af58d6a13ddd5dcdc7d4e91eae3b63292995b8#82af58d6a13ddd5dcdc7d4e91eae3b63292995b8"
+version = "0.6.1"
+source = "git+https://forgejo.ellis.link/continuwuation/jemallocator?rev=df86ff89d4b1e223b9f7d2dd2fbb7f202da7f554#df86ff89d4b1e223b9f7d2dd2fbb7f202da7f554"
 dependencies = [
  "libc",
  "tikv-jemalloc-sys",

Cargo.toml

@@ -278,7 +278,7 @@ features = [
 ]
 
 [workspace.dependencies.hyper-util]
-version = "=0.1.17"
+version = "=0.1.20"
 default-features = false
 features = [
     "server-auto",
@@ -332,7 +332,7 @@ version = "0.4.0"
 
 # used for MPMC channels
 [workspace.dependencies.async-channel]
-version = "2.3.1"
+version = "2.5.0"
 
 [workspace.dependencies.async-trait]
 version = "0.1.88"
@@ -388,7 +388,7 @@ features = [
 
 [workspace.dependencies.rust-rocksdb]
 git = "https://forgejo.ellis.link/continuwuation/rust-rocksdb-zaidoon1"
-rev = "61d9d23872197e9ace4a477f2617d5c9f50ecb23"
+rev = "31fb8f772c7afcdc0061ab6a40cfa3a1be2fccd9"
 default-features = false
 features = [
     "multi-threaded-cf",
@@ -451,7 +451,7 @@ version = "0.46.0"
 # jemalloc usage
 [workspace.dependencies.tikv-jemalloc-sys]
 git = "https://forgejo.ellis.link/continuwuation/jemallocator"
-rev = "82af58d6a13ddd5dcdc7d4e91eae3b63292995b8"
+rev = "df86ff89d4b1e223b9f7d2dd2fbb7f202da7f554"
 default-features = false
 features = [
     "background_threads_runtime_support",
@@ -459,7 +459,7 @@ features = [
 ]
 [workspace.dependencies.tikv-jemallocator]
 git = "https://forgejo.ellis.link/continuwuation/jemallocator"
-rev = "82af58d6a13ddd5dcdc7d4e91eae3b63292995b8"
+rev = "df86ff89d4b1e223b9f7d2dd2fbb7f202da7f554"
 default-features = false
 features = [
     "background_threads_runtime_support",
@@ -467,7 +467,7 @@ features = [
 ]
 [workspace.dependencies.tikv-jemalloc-ctl]
 git = "https://forgejo.ellis.link/continuwuation/jemallocator"
-rev = "82af58d6a13ddd5dcdc7d4e91eae3b63292995b8"
+rev = "df86ff89d4b1e223b9f7d2dd2fbb7f202da7f554"
 default-features = false
 features = ["use_std"]
 
@@ -493,7 +493,7 @@ features = [
 ]
 
 [workspace.dependencies.rustyline-async]
-version = "0.4.3"
+version = "0.4.9"
 default-features = false
 
 [workspace.dependencies.termimad]
@@ -526,7 +526,7 @@ version = "0.4.13"
 version = "2.0"
 
 [workspace.dependencies.core_affinity]
-version = "0.8.1"
+version = "0.8.3"
 
 [workspace.dependencies.libc]
 version = "0.2"
@@ -550,9 +550,6 @@ version = "0.12.0"
 default-features = false
 features = ["sync", "tls-rustls", "rustls-provider"]
 
-[workspace.dependencies.resolv-conf]
-version = "0.7.5"
-
 [workspace.dependencies.yansi]
 version = "1.0.1"
 
@@ -571,25 +568,25 @@ version = "0.15.0"
 # adds event for CTRL+\: https://forgejo.ellis.link/continuwuation/rustyline-async/src/branch/main/.patchy/0001-add-event-for-ctrl.patch
 [patch.crates-io.rustyline-async]
 git = "https://forgejo.ellis.link/continuwuation/rustyline-async"
-rev = "e9f01cf8c6605483cb80b3b0309b400940493d7f"
+rev = "b13aca2cc08d5f78303746cd192d9a03d73e768e"
 
 # adds LIFO queue scheduling; this should be updated with PR progress.
 [patch.crates-io.event-listener]
 git = "https://forgejo.ellis.link/continuwuation/event-listener"
-rev = "fe4aebeeaae435af60087ddd56b573a2e0be671d"
+rev = "b2c19bcaf5a0a69c38c034e417bda04a9b991529"
 [patch.crates-io.async-channel]
 git = "https://forgejo.ellis.link/continuwuation/async-channel"
-rev = "92e5e74063bf2a3b10414bcc8a0d68b235644280"
+rev = "e990f0006b68dc9bace7a3c95fc90b5c4e44948d"
 
 # adds affinity masks for selecting more than one core at a time
 [patch.crates-io.core_affinity]
 git = "https://forgejo.ellis.link/continuwuation/core_affinity_rs"
-rev = "9c8e51510c35077df888ee72a36b4b05637147da"
+rev = "7c7a9dea35382743a63837cdd1d977efdb8f1b8a"
 
 # reverts hyperium#148 conflicting with our delicate federation resolver hooks
 [patch.crates-io.hyper-util]
 git = "https://forgejo.ellis.link/continuwuation/hyper-util"
-rev = "5886d5292bf704c246206ad72d010d674a7b77d0"
+rev = "09fcd3bf4656c81a8ad573bee410ab2b57f60b86"
 
 #
 # Our crates

changelog.d/+alias-enumeration-delete.bugfix.md

@@ -0,0 +1 @@
+Fixed room alias deletion so removing one local alias no longer removes other aliases from room alias listings.

changelog.d/1429.doc

@@ -0,0 +1 @@
+Added Testing and Troubleshooting instructions for Livekit documentation. Contributed by @stratself.

changelog.d/1542.bugfix.md

@@ -0,0 +1 @@
+Stripped `join_authorised_via_users_server` from json if user is already in room (@partha:cxy.run)

changelog.d/1572.bugfix

@@ -0,0 +1 @@
+Fixed internal server errors for fetching thumbnails. Contributed by @PerformativeJade

docker/Dockerfile

@@ -48,7 +48,7 @@ EOF
 
 # Developer tool versions
 # renovate: datasource=github-releases depName=cargo-bins/cargo-binstall
-ENV BINSTALL_VERSION=1.17.7
+ENV BINSTALL_VERSION=1.17.8
 # renovate: datasource=github-releases depName=psastras/sbom-rs
 ENV CARGO_SBOM_VERSION=0.9.1
 # renovate: datasource=crate depName=lddtree

docker/musl.Dockerfile

@@ -18,7 +18,7 @@ RUN --mount=type=cache,target=/etc/apk/cache apk add \
 
 # Developer tool versions
 # renovate: datasource=github-releases depName=cargo-bins/cargo-binstall
-ENV BINSTALL_VERSION=1.17.7
+ENV BINSTALL_VERSION=1.17.8
 # renovate: datasource=github-releases depName=psastras/sbom-rs
 ENV CARGO_SBOM_VERSION=0.9.1
 # renovate: datasource=crate depName=lddtree

docs/calls.mdx

@@ -10,4 +10,4 @@ # Calls
 For either one to work correctly, you have to do some additional setup.
 
 - For legacy calls to work, you need to set up a TURN/STUN server. [Read the TURN guide for tips on how to set up coturn](./calls/turn.mdx)
-- For MatrixRTC / Element Call to work, you have to set up the LiveKit backend (foci). LiveKit also uses TURN/STUN to increase reliability, so you might want to configure your TURN server first. [Read the LiveKit guide](./calls/livekit.mdx)
+- For MatrixRTC / Element Call to work, you have to set up the LiveKit backend (foci). LiveKit also uses TURN/STUN to increase reliability - you can set up its built-in TURN server, or integrate with an existing one. [Read the LiveKit guide](./calls/livekit.mdx)

docs/calls/livekit.mdx

@@ -4,6 +4,10 @@ # Matrix RTC/Element Call Setup
 This guide assumes that you are using docker compose for deployment. LiveKit only provides Docker images.
 :::
 
+:::tip
+You can find help setting up Matrix RTC in our dedicated room - [#matrixrtc:continuwuity.org](https://matrix.to/#/%23matrixrtc%3Acontinuwuity.org)
+:::
+
 ## Instructions
 
 ### 1. Domain
@@ -14,17 +18,21 @@ ### 1. Domain
 
 ### 2. Services
 
-Using LiveKit with Matrix requires two services - Livekit itself, and a service (`lk-jwt-service`) that grants Matrix users permission to connect to it.
+Using LiveKit with Matrix requires two services - LiveKit itself, and a service (`lk-jwt-service`) that grants Matrix users permission to connect to it.
 
 You must generate a key and secret to allow the Matrix service to authenticate with LiveKit. `LK_MATRIX_KEY` should be around 20 random characters, and `LK_MATRIX_SECRET` should be around 64. Remember to replace these with the actual values!
 
 :::tip Generating the secrets
 LiveKit provides a utility to generate secure random keys
 ```bash
-docker run --rm livekit/livekit-server:latest generate-keys
+~$ docker run --rm livekit/livekit-server:latest generate-keys
+API Key:  APIUxUnMnSkuFWV
+API Secret:  t93ZVjPeoEdyx7Wbet3kG4L3NGZIZVEFvqe0UuiVc22A
 ```
 :::
 
+Create a `docker-compose.yml` file as following:
+
 ```yaml
 services:
   lk-jwt-service:
@@ -32,10 +40,11 @@ ### 2. Services
     container_name: lk-jwt-service
     environment:
       - LIVEKIT_JWT_BIND=:8081
-      - LIVEKIT_URL=wss://livekit.example.com
-      - LIVEKIT_KEY=LK_MATRIX_KEY
-      - LIVEKIT_SECRET=LK_MATRIX_SECRET
-      - LIVEKIT_FULL_ACCESS_HOMESERVERS=example.com
+      - LIVEKIT_URL=wss://livekit.example.com # your LiveKit domain
+      - LIVEKIT_FULL_ACCESS_HOMESERVERS=example.com # your server_name
+      # Replace these with the generated values as above
+      - LIVEKIT_KEY=LK_MATRIX_KEY # APIUxUnMnSkuFWV
+      - LIVEKIT_SECRET=LK_MATRIX_SECRET # t93ZVjPeoEdyx7Wbet3kG4L3NGZIZVEFvqe0UuiVc22A
     restart: unless-stopped
     ports:
       - "8081:8081"
@@ -70,6 +79,8 @@ #      - "50100-50200:50100-50200/udp"
   enable_loopback_candidate: false
 keys:
   LK_MATRIX_KEY: LK_MATRIX_SECRET
+  # replace these with your key-secret pair. Example:
+  # APIUxUnMnSkuFWV: t93ZVjPeoEdyx7Wbet3kG4L3NGZIZVEFvqe0UuiVc22A
 ```
 
 #### Firewall hints
@@ -95,7 +106,7 @@ ### 4. Configure your Reverse Proxy
 
 Reverse proxies can be configured in many different ways - so we can't provide a step by step for this.
 
-By default, all routes should be forwarded to Livekit with the exception of the following path prefixes, which should be forwarded to the JWT/Authentication service:
+All paths should be forwarded to LiveKit by default, with the exception of the following path prefixes, which should be forwarded to the JWT/Authentication service:
 
 - `/sfu/get`
 - `/healthz`
@@ -104,7 +115,7 @@ ### 4. Configure your Reverse Proxy
 <details>
     <summary>Example caddy config</summary>
     ```
-    matrix-rtc.example.com {
+    livekit.example.com {
 
         # for lk-jwt-service
         @lk-jwt-service path /sfu/get* /healthz* /get_token*
@@ -122,7 +133,7 @@ ### 4. Configure your Reverse Proxy
     <summary>Example nginx config</summary>
     ```
     server {
-        server_name matrix-rtc.example.com;
+        server_name livekit.example.com;
 
         # for lk-jwt-service
         location ~ ^/(sfu/get|healthz|get_token) {
@@ -133,7 +144,7 @@ ### 4. Configure your Reverse Proxy
             proxy_buffering off;
         }
 
-        # for livekit
+        # for LiveKit
         location / {
             proxy_pass http://127.0.0.1:7880$request_uri;
             proxy_set_header X-Forwarded-For $remote_addr;
@@ -173,44 +184,11 @@ ### 6. Start Everything
 
 Start up the services using your usual method - for example `docker compose up -d`.
 
-## Additional Configuration
+## Additional TURN configuration
 
-### TURN Integration
+### Using LiveKit's built-in TURN server
 
-If you've already set up coturn, there may be a port clash between the two services. To fix this, make sure the `min-port` and `max-port` for coturn so it doesn't overlap with LiveKit's range:
-
-```ini
-min-port=50201
-max-port=65535
-```
-
-To improve LiveKit's reliability, you can configure it to use your coturn server.
-
-Generate a long random secret for LiveKit, and add it to your coturn config under the `static-auth-secret` option. You can add as many secrets as you want - so set a different one for each thing using your TURN server.
-
-Then configure livekit, making sure to replace `COTURN_SECRET`:
-
-```yaml
-# livekit.yaml
-rtc:
-  turn_servers:
-    - host: coturn.ellis.link
-      port: 3478
-      protocol: tcp
-      secret: "COTURN_SECRET"
-    - host: coturn.ellis.link
-      port: 5349
-      protocol: tls # Only if you've set up TLS in your coturn
-      secret: "COTURN_SECRET"
-    - host: coturn.ellis.link
-      port: 3478
-      protocol: udp
-      secret: "COTURN_SECRET"
-```
-
-## LiveKit's built in TURN server
-
-Livekit includes a built in TURN server which can be used in place of an external option. This TURN server will only work with Livekit, so you can't use it for legacy Matrix calling - or anything else.
+LiveKit includes a built-in TURN server which can be used in place of an external option. This TURN server will only work with LiveKit, so you can't use it for legacy Matrix calling or anything else.
 
 If you don't want to set up a separate TURN server, you can enable this with the following changes:
 
@@ -221,20 +199,175 @@ ### add this to livekit.yaml ###
   udp_port: 3478
   relay_range_start: 50300
   relay_range_end: 50400
-  domain: matrix-rtc.example.com
+  domain: livekit.example.com
 ```
 
 ```yaml
-### Add these to docker-compose ###
-- "3478:3478/udp"
-- "50300-50400:50300-50400/udp"
+### add these to livekit's docker-compose ###
+ports:
+  - "3478:3478/udp"
+  - "50300-50400:50300-50400/udp"
+### if you're using `network_mode: host`, you can skip this part
 ```
 
-### Related Documentation
+Recreate the LiveKit container (with `docker-compose up -d livekit`) to apply these changes. Remember to allow the new `3478/udp` and `50100:50200/udp` ports through your firewall.
 
-- [LiveKit GitHub](https://github.com/livekit/livekit)
-- [LiveKit Connection Tester](https://livekit.io/connection-test) - use with the token returned by `/sfu/get` or `/get_token`
-- [MatrixRTC proposal](https://half-shot.github.io/msc-crafter/#msc/4143)
-- [Synapse documentation](https://github.com/element-hq/element-call/blob/livekit/docs/self-hosting.md)
-- [Community guide](https://tomfos.tr/matrix/livekit/)
-- [Community guide](https://blog.kimiblock.top/2024/12/24/hosting-element-call/)
+### Integration with an external TURN server
+
+If you've already [set up coturn](./turn), you can configure Livekit to use it.
+
+:::tip Avoid port clashes between the two services
+
+Before continuing, make sure coturn's `min-port` and `max-port` do not overlap with LiveKit's port range:
+
+```ini
+# in your coturn.conf
+min-port=50201
+max-port=65535
+```
+:::
+
+Generate a long random secret for LiveKit, and add it to your coturn config under the `static-auth-secret` option. You can add as many secrets as you want, so set a different one for LiveKit to use.
+
+Then configure LiveKit, making sure to replace `COTURN_SECRET` with the one you generated:
+
+```yaml
+# livekit.yaml
+rtc:
+  turn_servers:
+    - host: coturn.example.com
+      port: 3478
+      protocol: udp
+      secret: "COTURN_SECRET"
+    - host: coturn.example.com
+      port: 3478
+      protocol: tcp
+      secret: "COTURN_SECRET"
+    - host: coturn.example.com
+      port: 5349
+      protocol: tls # Only if you have already set up TLS in your coturn
+      secret: "COTURN_SECRET"
+```
+
+Restart LiveKit and coturn to apply these changes.
+
+## Testing
+
+To test that LiveKit is successfully integrated with Continuwuity, you will need to replicate its [Token Exchange Flow](https://github.com/element-hq/lk-jwt-service#%EF%B8%8F-how-it-works--token-exchange-flow).
+
+First, you will need an access token for your current login session. These can be found in your client's settings or obtained via [this website](https://timedout.uk/mxtoken.html).
+
+Then, using that token, request another OpenID token for use with the lk-jwt-service:
+
+```bash
+~$ curl -X POST -H "Authorization: Bearer <session-access-token>" \
+  https://matrix.example.com/_matrix/client/v3/user/@user:example.com/openid/request_token
+{"access_token":"<openid_access_token>","token_type":"Bearer","matrix_server_name":"example.com","expires_in":3600}
+```
+
+Next, create a `payload.json` file with the following content:
+
+<details>
+
+<summary>`payload.json`</summary>
+
+```json
+{
+    "room_id": "abc",
+    "slot_id": "xyz",
+    "openid_token": {
+        "matrix_server_name": "example.com",
+        "access_token": "<openid_access_token>",
+        "token_type": "Bearer"
+    },
+    "member": {
+        "id": "xyz",
+        "claimed_device_id": "DEVICEID",
+        "claimed_user_id": "@user:example.com"
+    }
+}
+```
+
+Replace `matrix_server_name` and `claimed_user_id` with your information, and `<openid_access_token>` with the one you got from the previous step. Other values can be left as-is.
+
+</details>
+
+You can then send this payload to the lk-jwt-service:
+
+```bash
+~$ curl -X POST -d @payload.json https://livekit.example.com/get_token
+{"url":"wss://livekit.example.com","jwt":"a_really_really_long_string"}
+```
+
+The lk-jwt-service will, after checking against Continuwuity, answer with a `jwt` token to create a LiveKit media room. Use this token to test at the [LiveKit Connection Tester](https://livekit.io/connection-test). If everything works there, then you have set up LiveKit successfully!
+
+## Troubleshooting
+
+To debug any issues, you can place a call or redo the Testing instructions, and check the container logs for any specific errors. Use `docker-compose logs --follow` to follow them in real-time.
+
+### Common errors in Element Call UI
+
+- `MISSING_MATRIX_RTC_FOCUS`: LiveKit is missing from Continuwuity's config file
+- "Waiting for media" popup always showing: a LiveKit URL has been configured in Continuwuity, but your client cannot connect to it for some reason
+
+### Docker loopback networking issues
+
+Some distros do not allow Docker containers to connect to its host's public IP by default. This would cause `lk-jwt-service` to fail connecting to `livekit` or `continuwuity` on the same host. As a result, you would see connection refused/connection timeouts log entries in the JWT service, even when `LIVEKIT_URL` has been configured correctly.
+
+To alleviate this, you can try one of the following workarounds:
+
+- Use `network_mode: host` for the `lk-jwt-service` container (instead of the default bridge networking).
+
+- Add an `extra_hosts` file mapping livekit's (and continuwuity's) domain name to a localhost address:
+
+    ```diff
+    # in docker-compose.yaml
+    services:
+      lk-jwt-service:
+        ...
+    +    extra_hosts:
+    +     - "livekit.example.com:127.0.0.1"
+    +     - "matrix.example.com:127.0.0.1"
+    ```
+
+- (**untested, use at your own risk**) Implement an iptables workaround as shown [here](https://forums.docker.com/t/unable-to-connect-to-host-service-from-inside-docker-container/145749/6).
+
+After implementing the changes and restarting your compose, you can test whether the connection works by cURLing from a sidecar container:
+
+```bash
+~$ docker run --rm --net container:lk-jwt-service docker.io/curlimages/curl https://livekit.example.com
+OK
+```
+
+### Workaround for non-federating servers
+
+When deploying on servers with federation disabled (`allow_federation = false`), LiveKit will fail as it can't fetch the required [OpenID endpoint](https://spec.matrix.org/v1.17/server-server-api/#get_matrixfederationv1openiduserinfo) via federation paths.
+
+As a workaround, you can enable federation, but forbid all remote servers via the following config parameters:
+
+```toml
+### in your continuwuity.toml file ###
+allow_federation = true
+forbidden_remote_server_names = [".*"]
+```
+
+Subscribe to issue [!1440](https://forgejo.ellis.link/continuwuation/continuwuity/issues/1440) for future updates on this matter.
+
+## Related Documentation
+
+Guides:
+
+- [Element Call self-hosting documentation](https://github.com/element-hq/element-call/blob/livekit/docs/self-hosting.md)
+- [Community guide with overview of LiveKit's mechanisms](https://tomfos.tr/matrix/livekit/)
+- [Community guide using systemd](https://blog.kimiblock.top/2024/12/24/hosting-element-call/)
+
+Specifications:
+
+- [MatrixRTC proposal](https://github.com/matrix-org/matrix-spec-proposals/pull/4143)
+- [LiveKit proposal](https://github.com/matrix-org/matrix-spec-proposals/pull/4195)
+
+Source code:
+
+- [Element Call](https://github.com/element-hq/element-call)
+- [lk-jwt-service](https://github.com/element-hq/lk-jwt-service)
+- [LiveKit server](https://github.com/livekit/livekit)

docs/contributing.mdx

@@ -1 +0,0 @@
-../CONTRIBUTING.md

docs/development/contributing.mdx

@@ -1,203 +0,0 @@
-# Contributing guide
-
-This page is about contributing to Continuwuity. The
-[development](./index.mdx) and [code style guide](./code_style.mdx) pages may be of interest for you as well.
-
-If you would like to work on an [issue][issues] that is not assigned, preferably
-ask in the Matrix room first at [#continuwuity:continuwuity.org][continuwuity-matrix],
-and comment on it.
-
-### Code Style
-
-Please review and follow the [code style guide](./code_style) for formatting, linting, naming conventions, and other code standards.
-
-### Pre-commit Checks
-
-Continuwuity uses pre-commit hooks to enforce various coding standards and catch common issues before they're committed. These checks include:
-
-- Code formatting and linting
-- Typo detection (both in code and commit messages)
-- Checking for large files
-- Ensuring proper line endings and no trailing whitespace
-- Validating YAML, JSON, and TOML files
-- Checking for merge conflicts
-
-You can run these checks locally by installing [prefligit](https://github.com/j178/prefligit):
-
-
-```bash
-# Requires UV: https://docs.astral.sh/uv/getting-started/installation/
-# Mac/linux: curl -LsSf https://astral.sh/uv/install.sh | sh
-# Windows: powershell -ExecutionPolicy ByPass -c "irm https://astral.sh/uv/install.ps1 | iex"
-
-# Install prefligit using cargo-binstall
-cargo binstall prefligit
-
-# Install git hooks to run checks automatically
-prefligit install
-
-# Run all checks
-prefligit --all-files
-```
-
-Alternatively, you can use [pre-commit](https://pre-commit.com/):
-```bash
-# Requires python
-
-# Install pre-commit
-pip install pre-commit
-
-# Install the hooks
-pre-commit install
-
-# Run all checks manually
-pre-commit run --all-files
-```
-
-These same checks are run in CI via the prefligit-checks workflow to ensure consistency. These must pass before the PR is merged.
-
-### Running tests locally
-
-Tests, compilation, and linting can be run with standard Cargo commands:
-
-```bash
-# Run tests
-cargo test
-
-# Check compilation
-cargo check --workspace --features full
-
-# Run lints
-cargo clippy --workspace --features full
-# Auto-fix: cargo clippy --workspace --features full --fix --allow-staged;
-
-# Format code (must use nightly)
-cargo +nightly fmt
-```
-
-### Matrix tests
-
-Continuwuity uses [Complement][complement] for Matrix protocol compliance testing. Complement tests are run manually by developers, and documentation on how to run these tests locally is currently being developed.
-
-If your changes are done to fix Matrix tests, please note that in your pull request. If more Complement tests start failing from your changes, please review the logs and determine if they're intended or not.
-
-[Sytest][sytest] is currently unsupported.
-
-### Writing documentation
-
-Continuwuity's website uses [`mdbook`][mdbook] and is deployed via CI using Cloudflare Pages
-in the [`documentation.yml`][documentation.yml] workflow file. All documentation is in the `docs/`
-directory at the top level.
-
-To build the documentation locally:
-
-1. Install mdbook if you don't have it already:
-   ```bash
-   cargo install mdbook # or cargo binstall, or another method
-   ```
-
-2. Build the documentation:
-   ```bash
-   mdbook build
-   ```
-
-The output of the mdbook generation is in `public/`. You can open the HTML files directly in your browser without needing a web server.
-
-
-### Commit Messages
-
-Continuwuity follows the [Conventional Commits](https://www.conventionalcommits.org/) specification for commit messages. This provides a standardized format that makes the commit history more readable and enables automated tools to generate changelogs.
-
-The basic structure is:
-
-```
-<type>[(optional scope)]: <description>
-
-[optional body]
-
-[optional footer(s)]
-```
-
-The allowed types for commits are:
-- `fix`: Bug fixes
-- `feat`: New features
-- `docs`: Documentation changes
-- `style`: Changes that don't affect the meaning of the code (formatting, etc.)
-- `refactor`: Code changes that neither fix bugs nor add features
-- `perf`: Performance improvements
-- `test`: Adding or fixing tests
-- `build`: Changes to the build system or dependencies
-- `ci`: Changes to CI configuration
-- `chore`: Other changes that don't modify source or test files
-
-Examples:
-```
-feat: add user authentication
-fix(database): resolve connection pooling issue
-docs: update installation instructions
-```
-
-The project uses the `committed` hook to validate commit messages in pre-commit. This ensures all commits follow the conventional format.
-
-### Creating pull requests
-
-Please try to keep contributions to the Forgejo Instance. While the mirrors of continuwuity
-allow for pull/merge requests, there is no guarantee the maintainers will see them in a timely
-manner. Additionally, please mark WIP or unfinished or incomplete PRs as drafts.
-This prevents us from having to ping once in a while to double check the status
-of it, especially when the CI completed successfully and everything so it
-*looks* done.
-
-Before submitting a pull request, please ensure:
-1. Your code passes all CI checks (formatting, linting, typo detection, etc.). Run pre-commit for this.
-2. Your code follows the [code style guide](./code_style)
-3. Your commit messages follow the conventional commits format
-4. Tests are added for new functionality
-5. Documentation is updated if needed
-6. You have written a [news fragment](#writing-news-fragments) for your changes
-
-Direct all PRs/MRs to the `main` branch.
-
-By sending a pull request or patch, you are agreeing that your changes are
-allowed to be licenced under the Apache-2.0 licence and all of your conduct is
-in line with the Contributor's Covenant, and continuwuity's Code of Conduct.
-
-Contribution by users who violate either of these code of conducts may not have
-their contributions accepted. This includes users who have been banned from
-continuwuity Matrix rooms for Code of Conduct violations.
-
-[issues]: https://forgejo.ellis.link/continuwuation/continuwuity/issues
-[continuwuity-matrix]: https://matrix.to/#/#continuwuity:continuwuity.org?via=continuwuity.org&via=ellis.link&via=explodie.org&via=matrix.org
-[complement]: https://github.com/matrix-org/complement/
-[sytest]: https://github.com/matrix-org/sytest/
-[mdbook]: https://rust-lang.github.io/mdBook/
-[documentation.yml]: https://forgejo.ellis.link/continuwuation/continuwuity/src/branch/main/.forgejo/workflows/documentation.yml
-
-#### Writing news fragments
-
-In order to make writing our changelogs easier, we make use of [Towncrier]. Towncrier builds changelogs based on
-"news fragments", which are little markdown files in the `changelog.d/` directory that describe individual changes.
-
-When you make a pull request that changes functionality, fixes a bug, or adds documentation, please add a news fragment
-describing your change. The file name *MUST* be in the format of `{pull_request_number}.{type}`, where `{type}` is one
-of the following:
-
-- `feature` - for new features
-- `bugfix` - for bug fixes
-- `doc` - for documentation changes
-- `misc` - for other changes that don't fit the above categories
-
-For example:
-
-```bash
-$ echo "Fixed the quantum flux stabiliser. Contributed by @alice." > changelog.d/42.bugfix
-```
-
-(Note: If you want to credit yourself, you should reference your forgejo handle, however links to other platforms are also acceptable.)
-
-When the next release is made, Towncrier will automatically include your news fragment in the changelog.
-
-You can read more about writing news fragments in the [Towncrier tutorial][tt].
-
-[Towncrier]: https://towncrier.readthedocs.io/
-[tt]: https://towncrier.readthedocs.io/en/stable/tutorial.html#creating-news-fragments

docs/development/contributing.mdx

@@ -0,0 +1 @@
+../../CONTRIBUTING.md

docs/public/schema/announcements.schema.json

@@ -1,6 +1,6 @@
 {
     "$schema": "http://json-schema.org/draft-04/schema#",
-    "$id": "https://continwuity.org/schema/announcements.schema.json",
+    "$id": "https://continuwuity.org/schema/announcements.schema.json",
     "type": "object",
     "properties": {
       "announcements": {

nix/shells/default.nix

@@ -17,6 +17,7 @@
       # basic nix shell containing all things necessary to build continuwuity in all flavors manually (on x86_64-linux)
       devShells.default = uwulib.build.craneLib.devShell {
         packages = [
+          pkgs.nodejs
           pkgs.pkg-config
           pkgs.liburing
           pkgs.rust-jemalloc-sys-unprefixed

package-lock.json

@@ -12,13 +12,13 @@
         "@rspress/core": "^2.0.0",
         "@rspress/plugin-client-redirects": "^2.0.0",
         "@rspress/plugin-sitemap": "^2.0.0",
-        "typescript": "^5.9.3"
+        "typescript": "^6.0.0"
       }
     },
     "node_modules/@emnapi/core": {
-      "version": "1.9.0",
-      "resolved": "https://registry.npmjs.org/@emnapi/core/-/core-1.9.0.tgz",
-      "integrity": "sha512-0DQ98G9ZQZOxfUcQn1waV2yS8aWdZ6kJMbYCJB3oUBecjWYO1fqJ+a1DRfPF3O5JEkwqwP1A9QEN/9mYm2Yd0w==",
+      "version": "1.9.1",
+      "resolved": "https://registry.npmjs.org/@emnapi/core/-/core-1.9.1.tgz",
+      "integrity": "sha512-mukuNALVsoix/w1BJwFzwXBN/dHeejQtuVzcDsfOEsdpCumXb/E9j8w11h5S54tT1xhifGfbbSm/ICrObRb3KA==",
       "dev": true,
       "license": "MIT",
       "optional": true,
@@ -28,9 +28,9 @@
       }
     },
     "node_modules/@emnapi/runtime": {
-      "version": "1.9.0",
-      "resolved": "https://registry.npmjs.org/@emnapi/runtime/-/runtime-1.9.0.tgz",
-      "integrity": "sha512-QN75eB0IH2ywSpRpNddCRfQIhmJYBCJ1x5Lb3IscKAL8bMnVAKnRg8dCoXbHzVLLH7P38N2Z3mtulB7W0J0FKw==",
+      "version": "1.9.1",
+      "resolved": "https://registry.npmjs.org/@emnapi/runtime/-/runtime-1.9.1.tgz",
+      "integrity": "sha512-VYi5+ZVLhpgK4hQ0TAjiQiZ6ol0oe4mBx7mVv7IflsiEp0OWoVsp/+f9Vc1hOhE0TtkORVrI1GvzyreqpgWtkA==",
       "dev": true,
       "license": "MIT",
       "optional": true,
@@ -106,26 +106,30 @@
       }
     },
     "node_modules/@napi-rs/wasm-runtime": {
-      "version": "1.0.7",
-      "resolved": "https://registry.npmjs.org/@napi-rs/wasm-runtime/-/wasm-runtime-1.0.7.tgz",
-      "integrity": "sha512-SeDnOO0Tk7Okiq6DbXmmBODgOAb9dp9gjlphokTUxmt8U3liIP1ZsozBahH69j/RJv+Rfs6IwUKHTgQYJ/HBAw==",
+      "version": "1.1.1",
+      "resolved": "https://registry.npmjs.org/@napi-rs/wasm-runtime/-/wasm-runtime-1.1.1.tgz",
+      "integrity": "sha512-p64ah1M1ld8xjWv3qbvFwHiFVWrq1yFvV4f7w+mzaqiR4IlSgkqhcRdHwsGgomwzBH51sRY4NEowLxnaBjcW/A==",
       "dev": true,
       "license": "MIT",
       "optional": true,
       "dependencies": {
-        "@emnapi/core": "^1.5.0",
-        "@emnapi/runtime": "^1.5.0",
+        "@emnapi/core": "^1.7.1",
+        "@emnapi/runtime": "^1.7.1",
         "@tybys/wasm-util": "^0.10.1"
+      },
+      "funding": {
+        "type": "github",
+        "url": "https://github.com/sponsors/Brooooooklyn"
       }
     },
     "node_modules/@rsbuild/core": {
-      "version": "2.0.0-beta.6",
-      "resolved": "https://registry.npmjs.org/@rsbuild/core/-/core-2.0.0-beta.6.tgz",
-      "integrity": "sha512-DUBhUzvzj6xlGUAHTTipFskSuZmVEuTX7lGU+ToPuo8n3bsQrWn/UBOEQAd45g66k7QfXadoZ/v7eodQErpvGQ==",
+      "version": "2.0.0-beta.10",
+      "resolved": "https://registry.npmjs.org/@rsbuild/core/-/core-2.0.0-beta.10.tgz",
+      "integrity": "sha512-6xalOGzWjamJQvC+qnAipo6azfW3cn9JSRSkTMBz/hiXFzcfy54GX31gCDhRY0TooEisyJ2wbGWjGcT8zPwwxg==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
-        "@rspack/core": "2.0.0-beta.3",
+        "@rspack/core": "2.0.0-beta.8",
         "@swc/helpers": "^0.5.19"
       },
       "bin": {
@@ -163,28 +167,28 @@
       }
     },
     "node_modules/@rspack/binding": {
-      "version": "2.0.0-beta.3",
-      "resolved": "https://registry.npmjs.org/@rspack/binding/-/binding-2.0.0-beta.3.tgz",
-      "integrity": "sha512-GSj+d8AlLs1oElhYq32vIN/eAsxWG9jy0EiNgSxWTt5Gdamv87kcvsV4jwfWIjlltdnBIJgey2RnU+hDZlTAvw==",
+      "version": "2.0.0-beta.8",
+      "resolved": "https://registry.npmjs.org/@rspack/binding/-/binding-2.0.0-beta.8.tgz",
+      "integrity": "sha512-6tG/yYhUIF1zcEF7qw9GPA1Bwj5gq+Hqy4OzVzIBUWOn/2bKsFTWuorEJh8Yx1LwOnjNO7O+NbsATvk5zEOGKQ==",
       "dev": true,
       "license": "MIT",
       "optionalDependencies": {
-        "@rspack/binding-darwin-arm64": "2.0.0-beta.3",
-        "@rspack/binding-darwin-x64": "2.0.0-beta.3",
-        "@rspack/binding-linux-arm64-gnu": "2.0.0-beta.3",
-        "@rspack/binding-linux-arm64-musl": "2.0.0-beta.3",
-        "@rspack/binding-linux-x64-gnu": "2.0.0-beta.3",
-        "@rspack/binding-linux-x64-musl": "2.0.0-beta.3",
-        "@rspack/binding-wasm32-wasi": "2.0.0-beta.3",
-        "@rspack/binding-win32-arm64-msvc": "2.0.0-beta.3",
-        "@rspack/binding-win32-ia32-msvc": "2.0.0-beta.3",
-        "@rspack/binding-win32-x64-msvc": "2.0.0-beta.3"
+        "@rspack/binding-darwin-arm64": "2.0.0-beta.8",
+        "@rspack/binding-darwin-x64": "2.0.0-beta.8",
+        "@rspack/binding-linux-arm64-gnu": "2.0.0-beta.8",
+        "@rspack/binding-linux-arm64-musl": "2.0.0-beta.8",
+        "@rspack/binding-linux-x64-gnu": "2.0.0-beta.8",
+        "@rspack/binding-linux-x64-musl": "2.0.0-beta.8",
+        "@rspack/binding-wasm32-wasi": "2.0.0-beta.8",
+        "@rspack/binding-win32-arm64-msvc": "2.0.0-beta.8",
+        "@rspack/binding-win32-ia32-msvc": "2.0.0-beta.8",
+        "@rspack/binding-win32-x64-msvc": "2.0.0-beta.8"
       }
     },
     "node_modules/@rspack/binding-darwin-arm64": {
-      "version": "2.0.0-beta.3",
-      "resolved": "https://registry.npmjs.org/@rspack/binding-darwin-arm64/-/binding-darwin-arm64-2.0.0-beta.3.tgz",
-      "integrity": "sha512-QebSomLWlCbFsC0sfDuGqLJtkgyrnr38vrCepWukaAXIY4ANy5QB49LDKdLpVv6bKlC95MpnW37NvSNWY5GMYA==",
+      "version": "2.0.0-beta.8",
+      "resolved": "https://registry.npmjs.org/@rspack/binding-darwin-arm64/-/binding-darwin-arm64-2.0.0-beta.8.tgz",
+      "integrity": "sha512-h3x2GreEh8J36A3cWFeHZGTuz4vjUArk9dBDq8fZSyaUQQQox/lp8bUOGa/2YuYUOXk0gei2GN+/BVi2R5p39A==",
       "cpu": [
         "arm64"
       ],
@@ -196,9 +200,9 @@
       ]
     },
     "node_modules/@rspack/binding-darwin-x64": {
-      "version": "2.0.0-beta.3",
-      "resolved": "https://registry.npmjs.org/@rspack/binding-darwin-x64/-/binding-darwin-x64-2.0.0-beta.3.tgz",
-      "integrity": "sha512-EysmBq+sz+Ph0bu0gXpU1uuZG9gXgjqY+w3MJel+ieTFyQO3L/R56V32McgssMbheJbYcviDDn7Tz4D+lTvdJA==",
+      "version": "2.0.0-beta.8",
+      "resolved": "https://registry.npmjs.org/@rspack/binding-darwin-x64/-/binding-darwin-x64-2.0.0-beta.8.tgz",
+      "integrity": "sha512-+XTA37+FZjXgwxkNX94T/EqspFO8Q3Km4CklQ3nOQzieMi31w+TLBB0uTsnT1ugp0UTN5PHLd4DFK1SQB7Ckbg==",
       "cpu": [
         "x64"
       ],
@@ -210,13 +214,16 @@
       ]
     },
     "node_modules/@rspack/binding-linux-arm64-gnu": {
-      "version": "2.0.0-beta.3",
-      "resolved": "https://registry.npmjs.org/@rspack/binding-linux-arm64-gnu/-/binding-linux-arm64-gnu-2.0.0-beta.3.tgz",
-      "integrity": "sha512-iFPj4TQZKewnqWPfTbyk3F8QCBI/Edv7TVSRIPBHRnCM0lvYZl/8IZlUzXSamLvrtDpouF0nUzht/fktoWOhAg==",
+      "version": "2.0.0-beta.8",
+      "resolved": "https://registry.npmjs.org/@rspack/binding-linux-arm64-gnu/-/binding-linux-arm64-gnu-2.0.0-beta.8.tgz",
+      "integrity": "sha512-vD2+ztbMmeBR65jBlwUZCNIjUzO0exp/LaPSMIhLlqPlk670gMCQ7fmKo3tSgQ9tobfizEA/Atdy3/lW1Rl64A==",
       "cpu": [
         "arm64"
       ],
       "dev": true,
+      "libc": [
+        "glibc"
+      ],
       "license": "MIT",
       "optional": true,
       "os": [
@@ -224,13 +231,16 @@
       ]
     },
     "node_modules/@rspack/binding-linux-arm64-musl": {
-      "version": "2.0.0-beta.3",
-      "resolved": "https://registry.npmjs.org/@rspack/binding-linux-arm64-musl/-/binding-linux-arm64-musl-2.0.0-beta.3.tgz",
-      "integrity": "sha512-355mygfCNb0eF/y4HgtJcd0i9csNTG4Z15PCCplIkSAKJpFpkORM2xJb50BqsbhVafYl6AHoBlGWAo9iIzUb/w==",
+      "version": "2.0.0-beta.8",
+      "resolved": "https://registry.npmjs.org/@rspack/binding-linux-arm64-musl/-/binding-linux-arm64-musl-2.0.0-beta.8.tgz",
+      "integrity": "sha512-jJ1XB7Yz9YdPRA6MJ35S9/mb+3jeI4p9v78E3dexzCPA3G4X7WXbyOcRbUlYcyOlE5MtX5O19rDexqWlkD9tVw==",
       "cpu": [
         "arm64"
       ],
       "dev": true,
+      "libc": [
+        "musl"
+      ],
       "license": "MIT",
       "optional": true,
       "os": [
@@ -238,13 +248,16 @@
       ]
     },
     "node_modules/@rspack/binding-linux-x64-gnu": {
-      "version": "2.0.0-beta.3",
-      "resolved": "https://registry.npmjs.org/@rspack/binding-linux-x64-gnu/-/binding-linux-x64-gnu-2.0.0-beta.3.tgz",
-      "integrity": "sha512-U8a+bcP/tkMyiwiO9XfeRYYO20YPGiZNxWWt7FEsdmRuRAl6M+EmWaJllJFQtKH+GG8IN93pNoVPMvARjLoJOQ==",
+      "version": "2.0.0-beta.8",
+      "resolved": "https://registry.npmjs.org/@rspack/binding-linux-x64-gnu/-/binding-linux-x64-gnu-2.0.0-beta.8.tgz",
+      "integrity": "sha512-qy+fK/tiYw3KvGjTGGMu/mWOdvBYrMO8xva/ouiaRTrx64PPZ6vyqFXOUfHj9rhY5L6aU2NTObpV6HZHcBtmhQ==",
       "cpu": [
         "x64"
       ],
       "dev": true,
+      "libc": [
+        "glibc"
+      ],
       "license": "MIT",
       "optional": true,
       "os": [
@@ -252,13 +265,16 @@
       ]
     },
     "node_modules/@rspack/binding-linux-x64-musl": {
-      "version": "2.0.0-beta.3",
-      "resolved": "https://registry.npmjs.org/@rspack/binding-linux-x64-musl/-/binding-linux-x64-musl-2.0.0-beta.3.tgz",
-      "integrity": "sha512-g81rqkaqDFRTID2VrHBYeM+xZe8yWov7IcryTrl9RGXXr61s+6Tu/mWyM378PuHOCyMNu7G3blVaSjLvKauG6Q==",
+      "version": "2.0.0-beta.8",
+      "resolved": "https://registry.npmjs.org/@rspack/binding-linux-x64-musl/-/binding-linux-x64-musl-2.0.0-beta.8.tgz",
+      "integrity": "sha512-eJF1IsayHhsURu5Dp6fzdr5jYGeJmoREOZAc9UV3aEqY6zNAcWgZT1RwKCCujJylmHgCTCOuxqdK/VdFJqWDyw==",
       "cpu": [
         "x64"
       ],
       "dev": true,
+      "libc": [
+        "musl"
+      ],
       "license": "MIT",
       "optional": true,
       "os": [
@@ -266,9 +282,9 @@
       ]
     },
     "node_modules/@rspack/binding-wasm32-wasi": {
-      "version": "2.0.0-beta.3",
-      "resolved": "https://registry.npmjs.org/@rspack/binding-wasm32-wasi/-/binding-wasm32-wasi-2.0.0-beta.3.tgz",
-      "integrity": "sha512-tzGd8H2oj5F3oR/Hxp+J68zVU/nG+9ndH2KK3/RieVjNAiVNHCR0/ZU9D47s6fnmvWOqAQ1qO8gnVoVLopC4YA==",
+      "version": "2.0.0-beta.8",
+      "resolved": "https://registry.npmjs.org/@rspack/binding-wasm32-wasi/-/binding-wasm32-wasi-2.0.0-beta.8.tgz",
+      "integrity": "sha512-HssdOQE8i+nUWoK+NDeD5OSyNxf80k3elKCl/due3WunoNn0h6tUTSZ8QB+bhcT4tjH9vTbibWZIT91avtvUNw==",
       "cpu": [
         "wasm32"
       ],
@@ -276,13 +292,13 @@
       "license": "MIT",
       "optional": true,
       "dependencies": {
-        "@napi-rs/wasm-runtime": "1.0.7"
+        "@napi-rs/wasm-runtime": "1.1.1"
       }
     },
     "node_modules/@rspack/binding-win32-arm64-msvc": {
-      "version": "2.0.0-beta.3",
-      "resolved": "https://registry.npmjs.org/@rspack/binding-win32-arm64-msvc/-/binding-win32-arm64-msvc-2.0.0-beta.3.tgz",
-      "integrity": "sha512-TZZRSWa34sm5WyoQHwnyBjLJ4w3fcWRYA9ybYjSVWjUU6tVGdMiHiZp+WexUpIETvChLXU1JENNmBg/U7wvZEA==",
+      "version": "2.0.0-beta.8",
+      "resolved": "https://registry.npmjs.org/@rspack/binding-win32-arm64-msvc/-/binding-win32-arm64-msvc-2.0.0-beta.8.tgz",
+      "integrity": "sha512-RuHbXuIMJr0ANMFoGXIb3sUZE5VwIsJw70u3TKPwfoaOFiJjgW7Pi2JTLPoTYfOlE+CNcu2ldX8VJRBbktR4NA==",
       "cpu": [
         "arm64"
       ],
@@ -294,9 +310,9 @@
       ]
     },
     "node_modules/@rspack/binding-win32-ia32-msvc": {
-      "version": "2.0.0-beta.3",
-      "resolved": "https://registry.npmjs.org/@rspack/binding-win32-ia32-msvc/-/binding-win32-ia32-msvc-2.0.0-beta.3.tgz",
-      "integrity": "sha512-VFnfdbJhyl6gNW1VzTyd1ZrHCboHPR7vrOalEsulQRqVNbtDkjm1sqLHtDcLmhTEv0a9r4lli8uubWDwmel8KQ==",
+      "version": "2.0.0-beta.8",
+      "resolved": "https://registry.npmjs.org/@rspack/binding-win32-ia32-msvc/-/binding-win32-ia32-msvc-2.0.0-beta.8.tgz",
+      "integrity": "sha512-ajzIOk30zjTKPiay+d6oV7lqzzqdgIXQhDD5YtcOqPn7NTh7949EB1NZX5l3Ueh1m8k4DSe7n07qFLjHDhZ8jw==",
       "cpu": [
         "ia32"
       ],
@@ -308,9 +324,9 @@
       ]
     },
     "node_modules/@rspack/binding-win32-x64-msvc": {
-      "version": "2.0.0-beta.3",
-      "resolved": "https://registry.npmjs.org/@rspack/binding-win32-x64-msvc/-/binding-win32-x64-msvc-2.0.0-beta.3.tgz",
-      "integrity": "sha512-rwZ6Y3b3oqPj+ZDPPRxr3136HUPKDSlPQa4v7bBOPLDlrFDFOynMIEqDUUi5+8lPaUQ8WWR0aJK4cgcTTT0Siw==",
+      "version": "2.0.0-beta.8",
+      "resolved": "https://registry.npmjs.org/@rspack/binding-win32-x64-msvc/-/binding-win32-x64-msvc-2.0.0-beta.8.tgz",
+      "integrity": "sha512-MqPuHCbxyLSEjavbhYapHs7cvs2zSA9GKd8nJtDuSMmDTVHFzwHfUXTffUMFB4JTCAvdpMn8XtOG/UOW5QVRCA==",
       "cpu": [
         "x64"
       ],
@@ -322,13 +338,13 @@
       ]
     },
     "node_modules/@rspack/core": {
-      "version": "2.0.0-beta.3",
-      "resolved": "https://registry.npmjs.org/@rspack/core/-/core-2.0.0-beta.3.tgz",
-      "integrity": "sha512-VuLteRIesuyFFTXZaciUY0lwDZiwMc7JcpE8guvjArztDhtpVvlaOcLlVBp/Yza8c/Tk8Dxwe1ARzFL7xG1/0w==",
+      "version": "2.0.0-beta.8",
+      "resolved": "https://registry.npmjs.org/@rspack/core/-/core-2.0.0-beta.8.tgz",
+      "integrity": "sha512-GHiMNhcxfzJV3DqxIYYjiBGzhFkwwt+jSJl8+aVFRbQM0AYRdZJSfQDH4G5rHD1gO2yc3ktOOMHYnZWNtXCwdA==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
-        "@rspack/binding": "2.0.0-beta.3"
+        "@rspack/binding": "2.0.0-beta.8"
       },
       "engines": {
         "node": "^20.19.0 || >=22.12.0"
@@ -367,20 +383,20 @@
       }
     },
     "node_modules/@rspress/core": {
-      "version": "2.0.5",
-      "resolved": "https://registry.npmjs.org/@rspress/core/-/core-2.0.5.tgz",
-      "integrity": "sha512-2ezGmANmIrWmhsUrvlRb9Df4xsun1BDgEertDc890aQqtKcNrbu+TBRsOoO+E/N6ioavun7JGGe1wWjvxubCHw==",
+      "version": "2.0.7",
+      "resolved": "https://registry.npmjs.org/@rspress/core/-/core-2.0.7.tgz",
+      "integrity": "sha512-+HH6EVSs1SVvm+6l78lluK8u70ihKVX26VHEqYJzTBHLtipMXllmX2mfkjCoATEP2uqU+es4xSPurss+AztHWg==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
         "@mdx-js/mdx": "^3.1.1",
         "@mdx-js/react": "^3.1.1",
-        "@rsbuild/core": "2.0.0-beta.6",
-        "@rsbuild/plugin-react": "~1.4.5",
-        "@rspress/shared": "2.0.5",
-        "@shikijs/rehype": "^4.0.1",
+        "@rsbuild/core": "2.0.0-beta.10",
+        "@rsbuild/plugin-react": "~1.4.6",
+        "@rspress/shared": "2.0.7",
+        "@shikijs/rehype": "^4.0.2",
         "@types/unist": "^3.0.3",
-        "@unhead/react": "^2.1.9",
+        "@unhead/react": "^2.1.12",
         "body-scroll-lock": "4.0.0-beta.0",
         "cac": "^7.0.0",
         "chokidar": "^3.6.0",
@@ -411,7 +427,7 @@
         "remark-parse": "^11.0.0",
         "remark-stringify": "^11.0.0",
         "scroll-into-view-if-needed": "^3.1.0",
-        "shiki": "^4.0.1",
+        "shiki": "^4.0.2",
         "tinyglobby": "^0.2.15",
         "tinypool": "^1.1.1",
         "unified": "^11.0.5",
@@ -427,40 +443,40 @@
       }
     },
     "node_modules/@rspress/plugin-client-redirects": {
-      "version": "2.0.5",
-      "resolved": "https://registry.npmjs.org/@rspress/plugin-client-redirects/-/plugin-client-redirects-2.0.5.tgz",
-      "integrity": "sha512-sxwWzwHPefSPWUyV6/AA/hBlQUeNFntL8dBQi/vZCQiZHM6ShvKbqa3s5Xu2yI7DeFKHH3jb0VGbjufu8M3Ypw==",
+      "version": "2.0.7",
+      "resolved": "https://registry.npmjs.org/@rspress/plugin-client-redirects/-/plugin-client-redirects-2.0.7.tgz",
+      "integrity": "sha512-fH8HMUktt5ar6alSpGSDE/+dgY+TU/h0bW+4ntysUApKodNF1vg4ta60qju+5guWeRXD/35nH6rMV2Z0nW9BfQ==",
       "dev": true,
       "license": "MIT",
       "engines": {
         "node": "^20.19.0 || >=22.12.0"
       },
       "peerDependencies": {
-        "@rspress/core": "^2.0.5"
+        "@rspress/core": "^2.0.7"
       }
     },
     "node_modules/@rspress/plugin-sitemap": {
-      "version": "2.0.5",
-      "resolved": "https://registry.npmjs.org/@rspress/plugin-sitemap/-/plugin-sitemap-2.0.5.tgz",
-      "integrity": "sha512-wBxKL8sNd3bkKFxlFtB1xJ7jCtSRDL6pfVvWsmTIbTNDPCtefd1nmiMBIDMLOR8EflwuStIz3bMQXdWpbC7ahA==",
+      "version": "2.0.7",
+      "resolved": "https://registry.npmjs.org/@rspress/plugin-sitemap/-/plugin-sitemap-2.0.7.tgz",
+      "integrity": "sha512-K4Y8yhpiQkF+cbpfgVhdj/sfwq0K/12AusT06gfVSdJV7R4GvJO28y1GxfrsHlki8nopWu8Zqfqb3dcrNlccfA==",
       "dev": true,
       "license": "MIT",
       "engines": {
         "node": "^20.19.0 || >=22.12.0"
       },
       "peerDependencies": {
-        "@rspress/core": "^2.0.5"
+        "@rspress/core": "^2.0.7"
       }
     },
     "node_modules/@rspress/shared": {
-      "version": "2.0.5",
-      "resolved": "https://registry.npmjs.org/@rspress/shared/-/shared-2.0.5.tgz",
-      "integrity": "sha512-Wdhh+VjU8zJWoVLhv9KJTRAZQ4X2V/Z81Lo2D0hQsa0Kj5F3EaxlMt5/dhX7DoflqNuZPZk/e7CSUB+gO/Umlg==",
+      "version": "2.0.7",
+      "resolved": "https://registry.npmjs.org/@rspress/shared/-/shared-2.0.7.tgz",
+      "integrity": "sha512-x7OqCGP5Ir1/X+6fvhtApw/ObHfwVIdWne6LlX3GGUHyHF+01yci6vrUzEP2R6PainnqySzW2+345C6zZ3dZuA==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
-        "@rsbuild/core": "2.0.0-beta.6",
-        "@shikijs/rehype": "^4.0.1",
+        "@rsbuild/core": "2.0.0-beta.10",
+        "@shikijs/rehype": "^4.0.2",
         "gray-matter": "4.0.3",
         "lodash-es": "^4.17.23",
         "unified": "^11.0.5"
@@ -3711,9 +3727,9 @@
       "license": "0BSD"
     },
     "node_modules/typescript": {
-      "version": "5.9.3",
-      "resolved": "https://registry.npmjs.org/typescript/-/typescript-5.9.3.tgz",
-      "integrity": "sha512-jl1vZzPDinLr9eUt3J/t7V6FgNEw9QjvBPdysz9KfQDD41fQrC2Y4vKQdiaUpFT4bXlb1RHhLpp8wtm6M5TgSw==",
+      "version": "6.0.2",
+      "resolved": "https://registry.npmjs.org/typescript/-/typescript-6.0.2.tgz",
+      "integrity": "sha512-bGdAIrZ0wiGDo5l8c++HWtbaNCWTS4UTv7RaTH/ThVIgjkveJt83m74bBHMJkuCbslY8ixgLBVZJIOiQlQTjfQ==",
       "dev": true,
       "license": "Apache-2.0",
       "bin": {

package.json

@@ -25,6 +25,6 @@
     "@rspress/core": "^2.0.0",
     "@rspress/plugin-client-redirects": "^2.0.0",
     "@rspress/plugin-sitemap": "^2.0.0",
-    "typescript": "^5.9.3"
+    "typescript": "^6.0.0"
   }
 }

renovate.json

@@ -1,6 +1,6 @@
 {
     "$schema": "https://docs.renovatebot.com/renovate-schema.json",
-    "extends": ["config:recommended", "replacements:all", ":semanticCommitTypeAll(chore)"],
+    "extends": ["config:recommended", "replacements:all", ":semanticCommitTypeAll(chore)", "helpers:pinGitHubActionDigests"],
     "dependencyDashboard": true,
     "osvVulnerabilityAlerts": true,
     "lockFileMaintenance": {
@@ -95,16 +95,16 @@
         }
     ],
     "customManagers": [
-       {
-         "customType": "regex",
-         "description": "Update _VERSION variables in Dockerfiles",
-         "managerFilePatterns": [
-           "/(^|/)([Dd]ocker|[Cc]ontainer)file[^/]*$/",
-           "/(^|/|\\.)([Dd]ocker|[Cc]ontainer)file$/"
-         ],
-         "matchStrings": [
-           "# renovate: datasource=(?<datasource>[a-zA-Z0-9-._]+?) depName=(?<depName>[^\\s]+?)(?: (lookupName|packageName)=(?<packageName>[^\\s]+?))?(?: versioning=(?<versioning>[^\\s]+?))?(?: extractVersion=(?<extractVersion>[^\\s]+?))?(?: registryUrl=(?<registryUrl>[^\\s]+?))?\\s+(?:ENV\\s+|ARG\\s+)?[A-Za-z0-9_]+?_VERSION[ =][\"']?(?<currentValue>.+?)[\"']?\\s+(?:(?:ENV\\s+|ARG\\s+)?[A-Za-z0-9_]+?_CHECKSUM[ =][\"']?(?<currentDigest>.+?)[\"']?\\s)?"
-         ]
-       }
+        {
+            "customType": "regex",
+            "description": "Update _VERSION variables in Dockerfiles",
+            "managerFilePatterns": [
+                "/(^|/)([Dd]ocker|[Cc]ontainer)file[^/]*$/",
+                "/(^|/|\\.)([Dd]ocker|[Cc]ontainer)file$/"
+            ],
+            "matchStrings": [
+                "# renovate: datasource=(?<datasource>[a-zA-Z0-9-._]+?) depName=(?<depName>[^\\s]+?)(?: (lookupName|packageName)=(?<packageName>[^\\s]+?))?(?: versioning=(?<versioning>[^\\s]+?))?(?: extractVersion=(?<extractVersion>[^\\s]+?))?(?: registryUrl=(?<registryUrl>[^\\s]+?))?\\s+(?:ENV\\s+|ARG\\s+)?[A-Za-z0-9_]+?_VERSION[ =][\"']?(?<currentValue>.+?)[\"']?\\s+(?:(?:ENV\\s+|ARG\\s+)?[A-Za-z0-9_]+?_CHECKSUM[ =][\"']?(?<currentDigest>.+?)[\"']?\\s)?"
+            ]
+        }
     ]
 }

src/api/client/media.rs

@@ -114,7 +114,19 @@ pub(crate) async fn get_content_thumbnail_route(
 		content,
 		content_type,
 		content_disposition,
-	} = fetch_thumbnail(&services, &mxc, user, body.timeout_ms, &dim).await?;
+	} = match fetch_thumbnail(&services, &mxc, user, body.timeout_ms, &dim).await {
+		| Ok(meta) => meta,
+		| Err(conduwuit::Error::Io(e)) => match e.kind() {
+			| std::io::ErrorKind::NotFound =>
+				return Err!(Request(NotFound("Thumbnail not found."))),
+			| std::io::ErrorKind::PermissionDenied => {
+				error!("Permission denied when trying to read file: {e:?}");
+				return Err!(Request(Unknown("Unknown error when fetching thumbnail.")));
+			},
+			| _ => return Err!(Request(Unknown("Unknown error when fetching thumbnail."))),
+		},
+		| Err(_) => return Err!(Request(Unknown("Unknown error when fetching thumbnail."))),
+	};
 
 	Ok(get_content_thumbnail::v1::Response {
 		file: content.expect("entire file contents"),

src/api/client/state.rs

@@ -1,3 +1,5 @@
+#[cfg(test)]
+mod tests;
 use axum::extract::State;
 use axum_client_ip::InsecureClientIp;
 use conduwuit::{
@@ -194,6 +196,7 @@ async fn send_state_event_for_key_helper(
 	state_key: &str,
 	timestamp: Option<MilliSecondsSinceUnixEpoch>,
 ) -> Result<OwnedEventId> {
+	let json: &mut Raw<AnyStateEventContent> = &mut json.clone();
 	allowed_to_send_state_event(services, room_id, event_type, state_key, json).await?;
 	let state_lock = services.rooms.state.mutex.lock(room_id).await;
 	let event_id = services
@@ -221,7 +224,7 @@ async fn allowed_to_send_state_event(
 	room_id: &RoomId,
 	event_type: &StateEventType,
 	state_key: &str,
-	json: &Raw<AnyStateEventContent>,
+	json: &mut Raw<AnyStateEventContent>,
 ) -> Result {
 	match event_type {
 		| StateEventType::RoomCreate => {
@@ -366,7 +369,7 @@ async fn allowed_to_send_state_event(
 			}
 		},
 		| StateEventType::RoomMember => match json.deserialize_as::<RoomMemberEventContent>() {
-			| Ok(membership_content) => {
+			| Ok(mut membership_content) => {
 				let Ok(state_key) = UserId::parse(state_key) else {
 					return Err!(Request(BadJson(
 						"Membership event has invalid or non-existent state key"
@@ -376,20 +379,24 @@ async fn allowed_to_send_state_event(
 				if let Some(authorising_user) =
 					membership_content.join_authorized_via_users_server
 				{
-					if membership_content.membership != MembershipState::Join {
-						return Err!(Request(BadJson(
-							"join_authorised_via_users_server is only for member joins"
-						)));
-					}
-
+					// join_authorized_via_users_server must be thrown away, if user is already a
+					// member of the room.
 					if services
 						.rooms
 						.state_cache
 						.is_joined(state_key, room_id)
 						.await
 					{
-						return Err!(Request(InvalidParam(
-							"{state_key} is already joined, an authorising user is not required."
+						membership_content.join_authorized_via_users_server = None;
+						*json = Raw::<AnyStateEventContent>::from_json_string(
+							serde_json::to_string(&membership_content)?,
+						)?;
+						return Ok(());
+					}
+
+					if membership_content.membership != MembershipState::Join {
+						return Err!(Request(BadJson(
+							"join_authorised_via_users_server is only for member joins"
 						)));
 					}
 

src/api/client/state/tests.rs

@@ -0,0 +1,34 @@
+use super::*;
+
+#[test]
+fn test_strip_room_member() -> Result<()> {
+	//Test setup
+	let body = r#"
+		{
+			"avatar_url": "Something",
+			"displayname": "Someone",
+			"join_authorized_via_users_server": "@someone:domain.tld",
+			"membership": "join"
+		}"#;
+	println!("JSON (original): {body}");
+	let json: &mut Raw<AnyStateEventContent> =
+		&mut Raw::<AnyStateEventContent>::from_json_string(body.to_owned())?;
+	let mut membership_content: RoomMemberEventContent =
+		json.deserialize_as::<RoomMemberEventContent>()?;
+
+	//Begin Test
+	membership_content.join_authorized_via_users_server = None;
+	*json = Raw::<AnyStateEventContent>::from_json_string(serde_json::to_string(
+		&membership_content,
+	)?)?;
+
+	//Compare result
+	let result = json.json().get();
+	println!("JSON (modified): {result}");
+	assert_eq!(
+		result,
+		r#"{"avatar_url":"Something","displayname":"Someone","membership":"join"}"#
+	);
+
+	Ok(())
+}

src/core/Cargo.toml

@@ -114,6 +114,7 @@ tracing.workspace = true
 url.workspace = true
 parking_lot.workspace = true
 lock_api.workspace = true
+hyper-util.workspace = true
 
 [target.'cfg(unix)'.dependencies]
 nix.workspace = true

src/core/error/mod.rs

@@ -4,7 +4,7 @@
 mod response;
 mod serde;
 
-use std::{any::Any, borrow::Cow, convert::Infallible, sync::PoisonError};
+use std::{any::Any, borrow::Cow, convert::Infallible, error::Error as _, sync::PoisonError};
 
 pub use self::{err::visit, log::*};
 
@@ -66,8 +66,8 @@ pub enum Error {
 	Poison(Cow<'static, str>),
 	#[error("Regex error: {0}")]
 	Regex(#[from] regex::Error),
-	#[error("Request error: {0}")]
-	Reqwest(#[from] reqwest::Error),
+	#[error("{0}")]
+	Reqwest(FormattedReqwestError),
 	#[error("{0}")]
 	SerdeDe(Cow<'static, str>),
 	#[error("{0}")]
@@ -236,3 +236,41 @@ pub fn infallible(_e: &Infallible) {
 #[must_use]
 #[allow(clippy::needless_pass_by_value)]
 pub fn sanitized_message(e: Error) -> String { e.sanitized_message() }
+
+#[derive(Debug)]
+pub struct FormattedReqwestError(reqwest::Error);
+
+impl std::ops::Deref for FormattedReqwestError {
+	type Target = reqwest::Error;
+
+	fn deref(&self) -> &Self::Target { &self.0 }
+}
+
+impl std::error::Error for FormattedReqwestError {
+	fn source(&self) -> Option<&(dyn std::error::Error + 'static)> { self.0.source() }
+}
+
+impl std::fmt::Display for FormattedReqwestError {
+	fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
+		if let Some(hyper_error) = self.0.source()
+			&& hyper_error.is::<hyper_util::client::legacy::Error>()
+			&& let Some(real_error) = hyper_error.source()
+		{
+			if let Some(real_reason) = real_error.source() {
+				write!(f, "{real_error}: {real_reason}")
+			} else {
+				write!(f, "{real_error}")
+			}
+		} else {
+			write!(f, "Request error: {}", &self.0)
+		}
+	}
+}
+
+impl From<reqwest::Error> for FormattedReqwestError {
+	fn from(err: reqwest::Error) -> Self { Self(err) }
+}
+
+impl From<reqwest::Error> for Error {
+	fn from(err: reqwest::Error) -> Self { Self::Reqwest(err.into()) }
+}

src/database/engine/cf_opts.rs

@@ -70,15 +70,17 @@ fn descriptor_cf_options(
 		);
 	}
 
-	opts.set_options_from_string("{{arena_block_size=2097152;}}")
+	let mut opts = opts
+		.get_options_from_string("{{arena_block_size=2097152;}}")
 		.map_err(map_err)?;
 
 	#[cfg(debug_assertions)]
-	opts.set_options_from_string(
-		"{{paranoid_checks=true;paranoid_file_checks=true;force_consistency_checks=true;\
-		 verify_sst_unique_id_in_manifest=true;}}",
-	)
-	.map_err(map_err)?;
+	let opts = opts
+		.get_options_from_string(
+			"{{paranoid_checks=true;paranoid_file_checks=true;force_consistency_checks=true;\
+			 verify_sst_unique_id_in_manifest=true;}}",
+		)
+		.map_err(map_err)?;
 
 	Ok(opts)
 }
@@ -105,7 +107,7 @@ fn set_table_options(opts: &mut Options, desc: &Descriptor, cache: Option<&Cache
 		prepopulate,
 	);
 
-	opts.set_options_from_string(&string).map_err(map_err)?;
+	let mut opts = opts.get_options_from_string(&string).map_err(map_err)?;
 
 	opts.set_block_based_table_factory(&table);
 

src/database/engine/db_opts.rs

@@ -138,7 +138,7 @@ fn set_logging_defaults(opts: &mut Options, config: &Config) {
 	if config.rocksdb_log_stderr {
 		opts.set_stderr_logger(rocksdb_log_level, "rocksdb");
 	} else {
-		opts.set_callback_logger(rocksdb_log_level, &handle_log);
+		opts.set_callback_logger(rocksdb_log_level, handle_log);
 	}
 }
 

src/service/resolver/well_known.rs

@@ -26,7 +26,10 @@ pub(super) async fn request_well_known(&self, dest: &str) -> Result<Option<Strin
 		return Ok(None);
 	}
 
-	let text = response.limit_read_text(8192).await?;
+	let Ok(text) = response.limit_read_text(8192).await else {
+		debug!("failed to read well-known response (too large or non-text content)");
+		return Ok(None);
+	};
 	trace!("response text: {text:?}");
 
 	let body: serde_json::Value = serde_json::from_str(&text).unwrap_or_default();

src/service/rooms/alias/mod.rs

@@ -104,17 +104,13 @@ pub async fn remove_alias(&self, alias: &RoomAliasId, user_id: &UserId) -> Resul
 			return Err!(Request(Forbidden("User is not permitted to remove this alias.")));
 		}
 
+		let alias_full = alias.as_bytes().to_vec();
 		let alias = alias.alias();
 		let Ok(room_id) = self.db.alias_roomid.get(&alias).await else {
 			return Err!(Request(NotFound("Alias does not exist or is invalid.")));
 		};
 
-		let prefix = (&room_id, Interfix);
-		self.db
-			.aliasid_alias
-			.keys_prefix_raw(&prefix)
-			.ignore_err()
-			.ready_for_each(|key| self.db.aliasid_alias.remove(key))
+		self.remove_aliasid_alias_entries(&room_id, &alias_full)
 			.await;
 
 		self.db.alias_roomid.remove(alias.as_bytes());
@@ -274,6 +270,22 @@ async fn who_created_alias(&self, alias: &RoomAliasId) -> Result<OwnedUserId> {
 		self.db.alias_userid.get(alias.alias()).await.deserialized()
 	}
 
+	async fn remove_aliasid_alias_entries(&self, room_id: &[u8], alias_full: &[u8]) {
+		let prefix = (room_id, Interfix);
+		let keys: Vec<Vec<u8>> = self
+			.db
+			.aliasid_alias
+			.stream_prefix_raw(&prefix)
+			.ignore_err()
+			.ready_filter_map(|(key, value)| (value == alias_full).then_some(key.to_vec()))
+			.collect()
+			.await;
+
+		for key in keys {
+			self.db.aliasid_alias.remove(&key);
+		}
+	}
+
 	async fn resolve_appservice_alias(
 		&self,
 		room_alias: &RoomAliasId,