chore: Release

This fixes a vulnerability where an attacker with a malicious remote
server and a user on the local server can trick the local server into
signing arbitrary events. The attacker issue a remote leave as the local
user to a room on the malicious server. Without any validation of the
make_leave response, the local server would sign the attacker-controlled
event and pass it back to the malicious server with send_leave.

The join and knock endpoints are also fixed in this commit, but are less
useful for exploitation because the local server replaces the "content"
field returned by the remote server. Remote invites are unaffected
because we already check that the event returned from /invite has the
same event ID as the event passed to it.

Co-authored-by: timedout <git@nexy7574.co.uk>
Co-authored-by: Jade Ellis <jade@ellis.link>
Co-authored-by: Ginger <ginger@gingershaped.computer>

.forgejo/actions/create-docker-manifest/action.yml

@@ -32,11 +32,13 @@ outputs:
 runs:
   using: composite
   steps:
+    - run: mkdir -p digests
+      shell: bash
     - name: Download digests
       if: ${{ env.BUILTIN_REGISTRY_ENABLED == 'true' }}
       uses: forgejo/download-artifact@v4
       with:
-        path: /tmp/digests
+        path: digests
         pattern: ${{ inputs.digest_pattern }}
         merge-multiple: true
 
@@ -62,6 +64,7 @@ runs:
       uses: docker/metadata-action@v5
       with:
         flavor: |
+          latest=auto
           suffix=${{ inputs.tag_suffix }},onlatest=true
         tags: |
           type=semver,pattern={{version}},prefix=v
@@ -70,7 +73,6 @@ runs:
           type=ref,event=branch,prefix=${{ format('refs/heads/{0}', github.event.repository.default_branch) != github.ref && 'branch-' || '' }},
           type=ref,event=pr
           type=sha,format=short
-          type=raw,value=latest${{ inputs.tag_suffix }},enable=${{ startsWith(github.ref, 'refs/tags/v') }},priority=1100
         images: ${{ inputs.images }}
         # default labels & annotations: https://github.com/docker/metadata-action/blob/master/src/meta.ts#L509
       env:
@@ -78,7 +80,7 @@ runs:
 
     - name: Create manifest list and push
       if: ${{ env.BUILTIN_REGISTRY_ENABLED == 'true' }}
-      working-directory: /tmp/digests
+      working-directory: digests
       shell: bash
       env:
         IMAGES: ${{ inputs.images }}

.forgejo/actions/setup-rust/action.yml

@@ -17,9 +17,9 @@ inputs:
     required: false
     default: ''
   rust-version:
-    description: 'Rust version to install (e.g. nightly). Defaults to 1.87.0'
+    description: 'Rust version to install (e.g. nightly). Defaults to the version specified in rust-toolchain.toml'
     required: false
-    default: '1.87.0'
+    default: ''
   sccache-cache-limit:
     description: 'Maximum size limit for sccache local cache (e.g. 2G, 500M)'
     required: false
@@ -59,9 +59,20 @@ runs:
         mkdir -p "${{ github.workspace }}/target"
         mkdir -p "${{ github.workspace }}/.rustup"
 
-    - name: Start cache restore group
+    - name: Start registry/toolchain restore group
       shell: bash
-      run: echo "::group::📦 Restoring caches (registry, toolchain, build artifacts)"
+      run: echo "::group::📦 Restoring registry and toolchain caches"
+
+    - name: Cache toolchain binaries
+      id: toolchain-cache
+      uses: actions/cache@v4
+      with:
+        path: |
+          .cargo/bin
+          .rustup/toolchains
+          .rustup/update-hashes
+        # Shared toolchain cache across all Rust versions
+        key: continuwuity-toolchain-${{ steps.runner-os.outputs.slug }}-${{ steps.runner-os.outputs.arch }}
 
     - name: Cache Cargo registry and git
       id: registry-cache
@@ -77,58 +88,13 @@ runs:
         restore-keys: |
           continuwuity-cargo-registry-${{ steps.runner-os.outputs.slug }}-${{ steps.runner-os.outputs.arch }}-
 
-    - name: Cache toolchain binaries
-      id: toolchain-cache
-      uses: actions/cache@v4
-      with:
-        path: |
-          .cargo/bin
-          .rustup/toolchains
-          .rustup/update-hashes
-        # Shared toolchain cache across all Rust versions
-        key: continuwuity-toolchain-${{ steps.runner-os.outputs.slug }}-${{ steps.runner-os.outputs.arch }}
-
-
-    - name: Setup sccache
-      uses: https://git.tomfos.tr/tom/sccache-action@v1
-
-    - name: Cache dependencies
-      id: deps-cache
-      uses: actions/cache@v4
-      with:
-        path: |
-          target/**/.fingerprint
-          target/**/deps
-          target/**/*.d
-          target/**/.cargo-lock
-          target/**/CACHEDIR.TAG
-          target/**/.rustc_info.json
-          /timelord/
-        # Dependencies cache - based on Cargo.lock, survives source code changes
-        key: >-
-          continuwuity-deps-${{ steps.runner-os.outputs.slug }}-${{ steps.runner-os.outputs.arch }}-${{ inputs.rust-version }}${{ inputs.cache-key-suffix && format('-{0}', inputs.cache-key-suffix) || '' }}-${{ hashFiles('rust-toolchain.toml', '**/Cargo.lock') }}
-        restore-keys: |
-          continuwuity-deps-${{ steps.runner-os.outputs.slug }}-${{ steps.runner-os.outputs.arch }}-${{ inputs.rust-version }}${{ inputs.cache-key-suffix && format('-{0}', inputs.cache-key-suffix) || '' }}-
-
-    - name: Cache incremental compilation
-      id: incremental-cache
-      uses: actions/cache@v4
-      with:
-        path: |
-          target/**/incremental
-        # Incremental cache - based on source code changes
-        key: >-
-          continuwuity-incremental-${{ steps.runner-os.outputs.slug }}-${{ steps.runner-os.outputs.arch }}-${{ inputs.rust-version }}${{ inputs.cache-key-suffix && format('-{0}', inputs.cache-key-suffix) || '' }}-${{ hashFiles('rust-toolchain.toml', '**/Cargo.lock') }}-${{ hashFiles('**/*.rs', '**/Cargo.toml') }}
-        restore-keys: |
-          continuwuity-incremental-${{ steps.runner-os.outputs.slug }}-${{ steps.runner-os.outputs.arch }}-${{ inputs.rust-version }}${{ inputs.cache-key-suffix && format('-{0}', inputs.cache-key-suffix) || '' }}-${{ hashFiles('rust-toolchain.toml', '**/Cargo.lock') }}-
-          continuwuity-incremental-${{ steps.runner-os.outputs.slug }}-${{ steps.runner-os.outputs.arch }}-${{ inputs.rust-version }}${{ inputs.cache-key-suffix && format('-{0}', inputs.cache-key-suffix) || '' }}-
-
-    - name: End cache restore group
+    - name: End registry/toolchain restore group
       shell: bash
       run: echo "::endgroup::"
 
     - name: Setup Rust toolchain
       shell: bash
+      id: rust-setup
       run: |
         # Install rustup if not already cached
         if ! command -v rustup &> /dev/null; then
@@ -156,8 +122,68 @@ runs:
           echo "::group::📦 Setting up Rust from rust-toolchain.toml"
           rustup show
         fi
+
+        RUST_VERSION=$(rustc --version | cut -d' ' -f2)
+        echo "version=$RUST_VERSION" >> $GITHUB_OUTPUT
+
         echo "::endgroup::"
 
+    - name: Install Rust components
+      if: inputs.rust-components != ''
+      shell: bash
+      run: |
+        echo "📦 Installing components: ${{ inputs.rust-components }}"
+        rustup component add ${{ inputs.rust-components }}
+
+    - name: Install Rust target
+      if: inputs.rust-target != ''
+      shell: bash
+      run: |
+        echo "📦 Installing target: ${{ inputs.rust-target }}"
+        rustup target add ${{ inputs.rust-target }}
+
+    - name: Start build cache restore group
+      shell: bash
+      run: echo "::group::📦 Restoring build cache"
+
+    - name: Setup sccache
+      uses: https://git.tomfos.tr/tom/sccache-action@v1
+
+    - name: Cache dependencies
+      id: deps-cache
+      uses: actions/cache@v4
+      with:
+        path: |
+          target/**/.fingerprint
+          target/**/deps
+          target/**/*.d
+          target/**/.cargo-lock
+          target/**/CACHEDIR.TAG
+          target/**/.rustc_info.json
+          /timelord/
+        # Dependencies cache - based on Cargo.lock, survives source code changes
+        key: >-
+          continuwuity-deps-${{ steps.runner-os.outputs.slug }}-${{ steps.runner-os.outputs.arch }}-${{ steps.rust-setup.outputs.version }}${{ inputs.cache-key-suffix && format('-{0}', inputs.cache-key-suffix) || '' }}-${{ hashFiles('rust-toolchain.toml', '**/Cargo.lock') }}
+        restore-keys: |
+          continuwuity-deps-${{ steps.runner-os.outputs.slug }}-${{ steps.runner-os.outputs.arch }}-${{ steps.rust-setup.outputs.version }}${{ inputs.cache-key-suffix && format('-{0}', inputs.cache-key-suffix) || '' }}-
+
+    - name: Cache incremental compilation
+      id: incremental-cache
+      uses: actions/cache@v4
+      with:
+        path: |
+          target/**/incremental
+        # Incremental cache - based on source code changes
+        key: >-
+          continuwuity-incremental-${{ steps.runner-os.outputs.slug }}-${{ steps.runner-os.outputs.arch }}-${{ steps.rust-setup.outputs.version }}${{ inputs.cache-key-suffix && format('-{0}', inputs.cache-key-suffix) || '' }}-${{ hashFiles('rust-toolchain.toml', '**/Cargo.lock') }}-${{ hashFiles('**/*.rs', '**/Cargo.toml') }}
+        restore-keys: |
+          continuwuity-incremental-${{ steps.runner-os.outputs.slug }}-${{ steps.runner-os.outputs.arch }}-${{ steps.rust-setup.outputs.version }}${{ inputs.cache-key-suffix && format('-{0}', inputs.cache-key-suffix) || '' }}-${{ hashFiles('rust-toolchain.toml', '**/Cargo.lock') }}-
+          continuwuity-incremental-${{ steps.runner-os.outputs.slug }}-${{ steps.runner-os.outputs.arch }}-${{ steps.rust-setup.outputs.version }}${{ inputs.cache-key-suffix && format('-{0}', inputs.cache-key-suffix) || '' }}-
+
+    - name: End build cache restore group
+      shell: bash
+      run: echo "::endgroup::"
+
     - name: Configure PATH and install tools
       shell: bash
       env:
@@ -211,27 +237,9 @@ runs:
           echo "CARGO_INCREMENTAL_GC_THRESHOLD=5" >> $GITHUB_ENV
         fi
 
-    - name: Install Rust components
-      if: inputs.rust-components != ''
-      shell: bash
-      run: |
-        echo "📦 Installing components: ${{ inputs.rust-components }}"
-        rustup component add ${{ inputs.rust-components }}
-
-    - name: Install Rust target
-      if: inputs.rust-target != ''
-      shell: bash
-      run: |
-        echo "📦 Installing target: ${{ inputs.rust-target }}"
-        rustup target add ${{ inputs.rust-target }}
-
     - name: Output version and summary
-      id: rust-setup
       shell: bash
       run: |
-        RUST_VERSION=$(rustc --version | cut -d' ' -f2)
-        echo "version=$RUST_VERSION" >> $GITHUB_OUTPUT
-
         echo "📋 Setup complete:"
         echo "  Rust: $(rustc --version)"
         echo "  Cargo: $(cargo --version)"

.forgejo/pull_request_template.md

@@ -0,0 +1,82 @@
+---
+name: 'New pull request'
+about: 'Open a new pull request to contribute to continuwuity'
+ref: 'main'
+---
+
+<!--
+In order to help reviewers know what your pull request does at a glance, you should ensure that
+
+1. Your PR title is a short, single sentence describing what you changed
+2. You have described in more detail what you have changed, why you have changed it, what the
+   intended effect is, and why you think this will be beneficial to the project.
+
+If you have made any potentially strange/questionable design choices, but didn't feel they'd benefit
+from code comments, please don't mention them here - after opening your pull request,
+go to "files changed", and click on the "+" symbol in the line number gutter,
+and attach comments to the lines that you think would benefit from some clarification.
+-->
+
+This pull request...
+
+<!-- Example:
+This pull request allows us to warp through time and space ten times faster than before by
+double-inverting the warp drive with hyperheated jump fluid, both making the drive faster and more
+efficient. This resolves the common issue where we have to wait more than 10 milliseconds to
+engage, use, and disengage the warp drive when travelling between galaxies.
+-->
+
+<!-- Closes: #... -->
+<!-- Fixes: #...  -->
+<!-- Uncomment the above line(s) if your pull request fixes an issue or closes another pull request
+by superseding it. Replace `#...` with the issue/pr number, such as `#123`. -->
+
+**Pull request checklist:**
+
+<!-- You need to complete these before your PR can be considered.
+If you aren't sure about some, feel free to ask for clarification in #dev:continuwuity.org. -->
+- [ ] This pull request targets the `main` branch, and the branch is named something other than
+      `main`.
+- [ ] I have written an appropriate pull request title and my description is clear.
+- [ ] I understand I am responsible for the contents of this pull request.
+- I have followed the [contributing guidelines][c1]:
+  - [ ] My contribution follows the [code style][c2], if applicable.
+  - [ ] I ran [pre-commit checks][c1pc] before opening/drafting this pull request.
+  - [ ] I have [tested my contribution][c1t] (or proof-read it for documentation-only changes)
+        myself, if applicable. This includes ensuring code compiles.
+  - [ ] My commit messages follow the [commit message format][c1cm] and are descriptive.
+  - [ ] I have written a [news fragment][n1] for this PR, if applicable<!--(can be done after hitting open!)-->.
+
+<!--
+Notes on these requirements:
+
+- While not required, we encourage you to sign your commits with GPG or SSH to attest the
+  authenticity of your changes.
+- While we allow LLM-assisted contributions, we do not appreciate contributions that are
+  low quality, which is typical of machine-generated contributions that have not had a lot of love
+  and care from a human. Please do not open a PR if all you have done is asked ChatGPT to tidy up
+  the codebase with a +-100,000 diff.
+- In the case of code style violations, reviewers may leave review comments/change requests
+  indicating what the ideal change would look like. For example, a reviewer may suggest you lower
+  a log level, or use `match` instead of `if/else` etc.
+- In the case of code style violations, pre-commit check failures, minor things like typos/spelling
+  errors, and in some cases commit format violations, reviewers may modify your branch directly,
+  typically by making changes and adding a commit. Particularly in the latter case, a reviewer may
+  rebase your commits to squash "spammy" ones (like "fix", "fix", "actually fix"), and reword
+  commit messages that don't satisfy the format.
+- Pull requests MUST pass the `Checks` CI workflows to be capable of being merged. This can only be
+  bypassed in exceptional circumstances.
+  If your CI flakes, let us know in matrix:r/dev:continuwuity.org.
+- Pull requests have to be based on the latest `main` commit before being merged. If the main branch
+  changes while you're making your changes, you should make sure you rebase on main before
+  opening a PR. Your branch will be rebased on main before it is merged if it has fallen behind.
+- We typically only do fast-forward merges, so your entire commit log will be included. Once in
+  main, it's difficult to get out cleanly, so put on your best dress, smile for the cameras!
+-->
+
+[c1]: https://forgejo.ellis.link/continuwuation/continuwuity/src/branch/main/CONTRIBUTING.md
+[c2]: https://forgejo.ellis.link/continuwuation/continuwuity/src/branch/main/docs/development/code_style.mdx
+[c1pc]: https://forgejo.ellis.link/continuwuation/continuwuity/src/branch/main/CONTRIBUTING.md#pre-commit-checks
+[c1t]: https://forgejo.ellis.link/continuwuation/continuwuity/src/branch/main/CONTRIBUTING.md#running-tests-locally
+[c1cm]: https://forgejo.ellis.link/continuwuation/continuwuity/src/branch/main/CONTRIBUTING.md#commit-messages
+[n1]: https://towncrier.readthedocs.io/en/stable/tutorial.html#creating-news-fragments

.forgejo/regsync/regsync.yml

@@ -46,6 +46,9 @@ creds:
   - registry: ghcr.io
     user: "{{env \"GH_PACKAGES_USER\"}}"
     pass: "{{env \"GH_PACKAGES_TOKEN\"}}"
+  - registry: docker.io
+    user: "{{env \"DOCKER_MIRROR_USER\"}}"
+    pass: "{{env \"DOCKER_MIRROR_TOKEN\"}}"
 
 # Global defaults
 defaults:
@@ -67,3 +70,7 @@ sync:
     target: ghcr.io/continuwuity/continuwuity
     type: repository
     <<: *tags-main
+  - source: *source
+    target: docker.io/jadedblueeyes/continuwuity
+    type: repository
+    <<: *tags-main

.forgejo/workflows/build-debian.yml

@@ -32,12 +32,13 @@ jobs:
           echo "Debian distribution: $DISTRIBUTION ($VERSION)"
 
       - name: Checkout repository with full history
-        uses: https://code.forgejo.org/actions/checkout@v5
+        uses: actions/checkout@v6
         with:
           fetch-depth: 0
+          ref: ${{ github.ref_name }}
 
       - name: Cache Cargo registry
-        uses: https://code.forgejo.org/actions/cache@v4
+        uses: actions/cache@v4
         with:
           path: |
             ~/.cargo/registry
@@ -126,7 +127,7 @@ jobs:
           [ -f /etc/conduwuit/conduwuit.toml ] && echo "✅ Config file installed"
 
       - name: Upload deb artifact
-        uses: https://code.forgejo.org/actions/upload-artifact@v3
+        uses: forgejo/upload-artifact@v4
         with:
           name: continuwuity-${{ steps.debian-version.outputs.distribution }}
           path: ${{ steps.cargo-deb.outputs.path }}

.forgejo/workflows/build-fedora.yml

@@ -30,13 +30,14 @@ jobs:
           echo "Fedora version: $VERSION"
 
       - name: Checkout repository with full history
-        uses: https://code.forgejo.org/actions/checkout@v5
+        uses: actions/checkout@v6
         with:
           fetch-depth: 0
+          ref: ${{ github.ref_name }}
 
 
       - name: Cache DNF packages
-        uses: https://code.forgejo.org/actions/cache@v4
+        uses: actions/cache@v4
         with:
           path: |
             /var/cache/dnf
@@ -46,7 +47,7 @@ jobs:
             dnf-fedora${{ steps.fedora.outputs.version }}-
 
       - name: Cache Cargo registry
-        uses: https://code.forgejo.org/actions/cache@v4
+        uses: actions/cache@v4
         with:
           path: |
             ~/.cargo/registry
@@ -56,7 +57,7 @@ jobs:
             cargo-fedora${{ steps.fedora.outputs.version }}-
 
       - name: Cache Rust build dependencies
-        uses: https://code.forgejo.org/actions/cache@v4
+        uses: actions/cache@v4
         with:
           path: |
             ~/rpmbuild/BUILD/*/target/release/deps
@@ -238,13 +239,13 @@ jobs:
           cp $BIN_RPM upload-bin/
 
       - name: Upload binary RPM
-        uses: https://code.forgejo.org/actions/upload-artifact@v3
+        uses: forgejo/upload-artifact@v4
         with:
           name: continuwuity
           path: upload-bin/
 
       - name: Upload debug RPM artifact
-        uses: https://code.forgejo.org/actions/upload-artifact@v3
+        uses: forgejo/upload-artifact@v4
         with:
           name: continuwuity-debug
           path: artifacts/*debuginfo*.rpm

.forgejo/workflows/documentation.yml

@@ -21,34 +21,11 @@ jobs:
 
     steps:
       - name: Sync repository
-        uses: actions/checkout@v5
+        uses: actions/checkout@v6
         with:
           persist-credentials: false
           fetch-depth: 0
 
-      - name: Setup mdBook
-        uses: https://github.com/peaceiris/actions-mdbook@v2
-        with:
-          mdbook-version: "latest"
-
-      - name: Build mdbook
-        run: mdbook build
-
-      - name: Prepare static files for deployment
-        run: |
-          mkdir -p ./public/.well-known/matrix
-          mkdir -p ./public/.well-known/continuwuity
-          mkdir -p ./public/schema
-          # Copy the Matrix .well-known files
-          cp ./docs/static/server ./public/.well-known/matrix/server
-          cp ./docs/static/client ./public/.well-known/matrix/client
-          cp ./docs/static/client ./public/.well-known/matrix/support
-          cp ./docs/static/announcements.json ./public/.well-known/continuwuity/announcements
-          cp ./docs/static/announcements.schema.json ./public/schema/announcements.schema.json
-          # Copy the custom headers file
-          cp ./docs/static/_headers ./public/_headers
-          echo "Copied .well-known files and _headers to ./public"
-
       - name: Detect runner environment
         id: runner-env
         uses: https://git.tomfos.tr/actions/detect-versions@v1
@@ -63,9 +40,18 @@ jobs:
         uses: actions/cache@v3
         with:
           path: ~/.npm
-          key: continuwuity-${{ steps.runner-env.outputs.slug }}-${{ steps.runner-env.outputs.arch }}-node-${{ steps.runner-env.outputs.node_version }}
+          key: continuwuity-rspress-${{ steps.runner-env.outputs.slug }}-${{ steps.runner-env.outputs.arch }}-node-${{ steps.runner-env.outputs.node_version }}-${{ hashFiles('package-lock.json') }}
+          restore-keys: |
+            continuwuity-rspress-${{ steps.runner-env.outputs.slug }}-${{ steps.runner-env.outputs.arch }}-node-${{ steps.runner-env.outputs.node_version }}-
+            continuwuity-rspress-${{ steps.runner-env.outputs.slug }}-${{ steps.runner-env.outputs.arch }}-node-
 
       - name: Install dependencies
+        run: npm ci
+
+      - name: Build Rspress documentation
+        run: npm run docs:build
+
+      - name: Install Wrangler
         run: npm install --save-dev wrangler@latest
 
       - name: Deploy to Cloudflare Pages (Production)
@@ -74,7 +60,7 @@ jobs:
         with:
           accountId: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }}
           apiToken: ${{ secrets.CLOUDFLARE_API_TOKEN }}
-          command: pages deploy ./public --branch="main" --commit-dirty=true --project-name="${{ vars.CLOUDFLARE_PROJECT_NAME }}"
+          command: pages deploy ./doc_build --branch="main" --commit-dirty=true --project-name="${{ vars.CLOUDFLARE_PROJECT_NAME }}"
 
       - name: Deploy to Cloudflare Pages (Preview)
         if: github.ref != 'refs/heads/main' && vars.CLOUDFLARE_PROJECT_NAME != ''
@@ -82,4 +68,4 @@ jobs:
         with:
           accountId: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }}
           apiToken: ${{ secrets.CLOUDFLARE_API_TOKEN }}
-          command: pages deploy ./public --branch="${{ github.head_ref || github.ref_name }}" --commit-dirty=true --project-name="${{ vars.CLOUDFLARE_PROJECT_NAME }}"
+          command: pages deploy ./doc_build --branch="${{ github.head_ref || github.ref_name }}" --commit-dirty=true --project-name="${{ vars.CLOUDFLARE_PROJECT_NAME }}"

.forgejo/workflows/mirror-images.yml

@@ -34,9 +34,11 @@ jobs:
       N7574_GIT_TOKEN: ${{ secrets.N7574_GIT_TOKEN }}
       GH_PACKAGES_USER: ${{ vars.GH_PACKAGES_USER }}
       GH_PACKAGES_TOKEN: ${{ secrets.GH_PACKAGES_TOKEN }}
+      DOCKER_MIRROR_USER: ${{ vars.DOCKER_MIRROR_USER }}
+      DOCKER_MIRROR_TOKEN: ${{ secrets.DOCKER_MIRROR_TOKEN }}
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v5
+        uses: actions/checkout@v6
         with:
           persist-credentials: false
 

.forgejo/workflows/prek-checks.yml

@@ -16,7 +16,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v5
+        uses: actions/checkout@v6
         with:
           persist-credentials: false
 
@@ -47,7 +47,7 @@ jobs:
 
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v5
+        uses: actions/checkout@v6
         with:
           persist-credentials: false
 

.forgejo/workflows/release-image.yml

@@ -3,15 +3,6 @@ concurrency:
   group: "release-image-${{ github.ref }}"
 
 on:
-  pull_request:
-    paths-ignore:
-      - "*.md"
-      - "**/*.md"
-      - ".gitlab-ci.yml"
-      - ".gitignore"
-      - "renovate.json"
-      - "pkg/**"
-      - "docs/**"
   push:
     branches:
       - main
@@ -52,7 +43,7 @@ jobs:
 
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v5
+        uses: actions/checkout@v6
         with:
           persist-credentials: false
       - name: Prepare Docker build environment
@@ -106,7 +97,7 @@ jobs:
     needs: build-release
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v5
+        uses: actions/checkout@v6
         with:
           persist-credentials: false
       - name: Create multi-platform manifest
@@ -139,7 +130,7 @@ jobs:
 
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v5
+        uses: actions/checkout@v6
         with:
           persist-credentials: false
       - name: Prepare max-perf Docker build environment
@@ -193,7 +184,7 @@ jobs:
     needs: build-maxperf
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v5
+        uses: actions/checkout@v6
         with:
           persist-credentials: false
       - name: Create max-perf manifest

.forgejo/workflows/renovate.yml

@@ -43,11 +43,11 @@ jobs:
     name: Renovate
     runs-on: ubuntu-latest
     container:
-      image: ghcr.io/renovatebot/renovate:41.146.4@sha256:bb70194b7405faf10a6f279b60caa10403a440ba37d158c5a4ef0ae7b67a0f92
+      image: ghcr.io/renovatebot/renovate:42.11.0@sha256:656c1e5b808279eac16c37b89562fb4c699e02fc7e219244f4a1fc2f0a7ce367
       options: --tmpfs /tmp:exec
     steps:
       - name: Checkout
-        uses: actions/checkout@v5
+        uses: actions/checkout@v6
         with:
           show-progress: false
 

.forgejo/workflows/update-flake-hashes.yml

@@ -14,13 +14,14 @@ jobs:
   update-flake-hashes:
     runs-on: ubuntu-latest
     steps:
-      - uses: https://code.forgejo.org/actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5
+      - uses: actions/checkout@v6
         with:
           fetch-depth: 0
           fetch-tags: false
           fetch-single-branch: true
           submodules: false
-          persist-credentials: false
+          persist-credentials: true
+          token: ${{ secrets.FORGEJO_TOKEN }}
 
       - uses: https://github.com/cachix/install-nix-action@7ab6e7fd29da88e74b1e314a4ae9ac6b5cda3801 # v31.8.0
         with:

.gitignore

@@ -79,7 +79,7 @@ test-conduit.toml
 /.gitlab-ci.d
 
 # mdbook output
-public/
+/public/
 
 # macOS
 .DS_Store
@@ -95,3 +95,10 @@ rustc-ice-*
 
 # complement test logs are huge
 tests/test_results/complement/test_logs.jsonl
+
+# Node
+node_modules/
+
+# Rspress
+doc_build/
+.rspress/

.mailmap

@@ -2,6 +2,7 @@ AlexPewMaster <git@alex.unbox.at> <68469103+AlexPewMaster@users.noreply.github.c
 Daniel Wiesenberg <weasy@hotmail.de> <weasy666@gmail.com>
 Devin Ragotzy <devin.ragotzy@gmail.com> <d6ragotzy@wmich.edu>
 Devin Ragotzy <devin.ragotzy@gmail.com> <dragotzy7460@mail.kvcc.edu>
+Ginger <ginger@gingershaped.computer> <75683114+gingershaped@users.noreply.github.com>
 Jonas Platte <jplatte+git@posteo.de> <jplatte+gitlab@posteo.de>
 Jonas Zohren <git-pbkyr@jzohren.de> <gitlab-jfowl-0ux98@sh14.de>
 Jonathan de Jong <jonathan@automatia.nl> <jonathandejong02@gmail.com>
@@ -12,5 +13,6 @@ Olivia Lee <olivia@computer.surgery> <benjamin@computer.surgery>
 Rudi Floren <rudi.floren@gmail.com> <rudi.floren@googlemail.com>
 Tamara Schmitz <tamara.zoe.schmitz@posteo.de> <15906939+tamara-schmitz@users.noreply.github.com>
 Timo Kösters <timo@koesters.xyz>
+nexy7574 <git@nexy7574.co.uk> <nex@noreply.forgejo.ellis.link>
+nexy7574 <git@nexy7574.co.uk> <nex@noreply.localhost>
 x4u <xi.zhu@protonmail.ch> <14617923-x4u@users.noreply.gitlab.com>
-Ginger <ginger@gingershaped.computer> <75683114+gingershaped@users.noreply.github.com>

.pre-commit-config.yaml

@@ -23,7 +23,7 @@ repos:
         - id: check-added-large-files
 
   - repo: https://github.com/crate-ci/typos
-    rev: v1.39.0
+    rev: v1.40.0
     hooks:
       - id: typos
       - id: typos
@@ -31,7 +31,7 @@ repos:
         stages: [commit-msg]
 
   - repo: https://github.com/crate-ci/committed
-    rev: v1.1.7
+    rev: v1.1.8
     hooks:
     - id: committed
 

CHANGELOG.md

@@ -0,0 +1,12 @@
+# Continuwuity 0.5.0 (2025-12-30)
+
+**This release contains a CRITICAL vulnerability patch, and you must update as soon as possible**
+
+## Features
+
+- Enabled the OLTP exporter in default builds, and allow configuring the exporter protocol. (@Jade). (#1251)
+
+## Bug Fixes
+
+- Don't allow admin room upgrades, as this can break the admin room (@timedout) (#1245)
+- Fix invalid creators in power levels during upgrade to v12 (@timedout) (#1245)

CONTRIBUTING.md

@@ -1,7 +1,7 @@
 # Contributing guide
 
 This page is about contributing to Continuwuity. The
-[development](./development.md) and [code style guide](./development/code_style.md) pages may be of interest for you as well.
+[development](/development/index.mdx) and [code style guide](/development/code_style.mdx) pages may be of interest for you as well.
 
 If you would like to work on an [issue][issues] that is not assigned, preferably
 ask in the Matrix room first at [#continuwuity:continuwuity.org][continuwuity-matrix],
@@ -9,7 +9,7 @@ # Contributing guide
 
 ### Code Style
 
-Please review and follow the [code style guide](./development/code_style.md) for formatting, linting, naming conventions, and other code standards.
+Please review and follow the [code style guide](/development/code_style.mdx) for formatting, linting, naming conventions, and other code standards.
 
 ### Pre-commit Checks
 
@@ -150,7 +150,7 @@ ### Creating pull requests
 
 Before submitting a pull request, please ensure:
 1. Your code passes all CI checks (formatting, linting, typo detection, etc.)
-2. Your code follows the [code style guide](./development/code_style.md)
+2. Your code follows the [code style guide](/development/code_style.md)
 3. Your commit messages follow the conventional commits format
 4. Tests are added for new functionality
 5. Documentation is updated if needed

Cargo.lock

@@ -17,6 +17,19 @@ version = "2.0.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "320119579fcad9c21884f5c4861d16174d0e06250625266f50fe6898340abefa"
 
+[[package]]
+name = "ahash"
+version = "0.8.12"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "5a15f179cd60c4584b8a8c596927aadc462e27f2ca70c04e0071964a73ba7a75"
+dependencies = [
+ "cfg-if",
+ "getrandom 0.3.4",
+ "once_cell",
+ "version_check",
+ "zerocopy",
+]
+
 [[package]]
 name = "aho-corasick"
 version = "1.1.4"
@@ -26,6 +39,15 @@ dependencies = [
  "memchr",
 ]
 
+[[package]]
+name = "aligned"
+version = "0.4.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "377e4c0ba83e4431b10df45c1d4666f178ea9c552cac93e60c3a88bf32785923"
+dependencies = [
+ "as-slice",
+]
+
 [[package]]
 name = "aligned-vec"
 version = "0.6.4"
@@ -156,6 +178,15 @@ dependencies = [
  "serde",
 ]
 
+[[package]]
+name = "as-slice"
+version = "0.2.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "516b6b4f0e40d50dcda9365d53964ec74560ad4284da2e7fc97122cd83174516"
+dependencies = [
+ "stable_deref_trait",
+]
+
 [[package]]
 name = "as_variant"
 version = "1.3.0"
@@ -305,6 +336,26 @@ version = "1.5.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "c08606f8c3cbf4ce6ec8e28fb0014a2c086708fe954eaa885384a6165172e7e8"
 
+[[package]]
+name = "av-scenechange"
+version = "0.14.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "0f321d77c20e19b92c39e7471cf986812cbb46659d2af674adc4331ef3f18394"
+dependencies = [
+ "aligned",
+ "anyhow",
+ "arg_enum_proc_macro",
+ "arrayvec",
+ "log",
+ "num-rational",
+ "num-traits",
+ "pastey",
+ "rayon",
+ "thiserror 2.0.17",
+ "v_frame",
+ "y4m",
+]
+
 [[package]]
 name = "av1-grain"
 version = "0.2.4"
@@ -484,9 +535,9 @@ dependencies = [
 
 [[package]]
 name = "axum-server"
-version = "0.7.2"
+version = "0.7.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "495c05f60d6df0093e8fb6e74aa5846a0ad06abaf96d76166283720bf740f8ab"
+checksum = "c1ab4a3ec9ea8a657c72d99a03a824af695bd0fb5ec639ccbd9cd3543b41a5f9"
 dependencies = [
  "arc-swap",
  "bytes",
@@ -599,9 +650,12 @@ checksum = "2261d10cca569e4643e526d8dc2e62e433cc8aba21ab764233731f8d369bf394"
 
 [[package]]
 name = "bitstream-io"
-version = "2.6.0"
+version = "4.9.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "6099cdc01846bc367c4e7dd630dc5966dccf36b652fae7a74e17b640411a91b2"
+checksum = "60d4bd9d1db2c6bdf285e223a7fa369d5ce98ec767dec949c6ca62863ce61757"
+dependencies = [
+ "core2",
+]
 
 [[package]]
 name = "blake2"
@@ -651,12 +705,6 @@ dependencies = [
  "alloc-stdlib",
 ]
 
-[[package]]
-name = "built"
-version = "0.7.7"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "56ed6191a7e78c36abdb16ab65341eefd73d64d303fffccdbb00d51e4205967b"
-
 [[package]]
 name = "built"
 version = "0.8.0"
@@ -689,15 +737,15 @@ checksum = "8f1fe948ff07f4bd06c30984e69f5b4899c516a3ef74f34df92a2df2ab535495"
 
 [[package]]
 name = "bytes"
-version = "1.10.1"
+version = "1.11.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d71b6127be86fdcfddb610f7182ac57211d4b18a3e9c82eb2d17662f2227ad6a"
+checksum = "b35204fbdc0b3f4446b89fc1ac2cf84a8a68971995d0bf2e925ec7cd960f9cb3"
 
 [[package]]
 name = "bytesize"
-version = "2.1.0"
+version = "2.2.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f5c434ae3cf0089ca203e9019ebe529c47ff45cefe8af7c85ecb734ef541822f"
+checksum = "c99fa31e08a43eaa5913ef68d7e01c37a2bdce6ed648168239ad33b7d30a9cd8"
 
 [[package]]
 name = "bzip2-sys"
@@ -740,16 +788,6 @@ dependencies = [
  "nom",
 ]
 
-[[package]]
-name = "cfg-expr"
-version = "0.15.8"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d067ad48b8650848b989a59a86c6c36a995d02d2bf778d45c3c5d57bc2718f02"
-dependencies = [
- "smallvec 1.15.1",
- "target-lexicon",
-]
-
 [[package]]
 name = "cfg-if"
 version = "1.0.4"
@@ -793,9 +831,9 @@ dependencies = [
 
 [[package]]
 name = "clap"
-version = "4.5.51"
+version = "4.5.53"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "4c26d721170e0295f191a69bd9a1f93efcdb0aff38684b61ab5750468972e5f5"
+checksum = "c9e340e012a1bf4935f5282ed1436d1489548e8f72308207ea5df0e23d2d03f8"
 dependencies = [
  "clap_builder",
  "clap_derive",
@@ -812,9 +850,9 @@ dependencies = [
 
 [[package]]
 name = "clap_builder"
-version = "4.5.51"
+version = "4.5.53"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "75835f0c7bf681bfd05abe44e965760fea999a5286c6eb2d59883634fd02011a"
+checksum = "d76b5d13eaa18c901fd2f7fca939fefe3a0727a953561fefdf3b2922b8569d00"
 dependencies = [
  "anstream",
  "anstyle",
@@ -902,7 +940,7 @@ dependencies = [
 
 [[package]]
 name = "conduwuit"
-version = "0.5.0-rc.8"
+version = "0.5.1"
 dependencies = [
  "clap",
  "conduwuit_admin",
@@ -934,7 +972,7 @@ dependencies = [
 
 [[package]]
 name = "conduwuit_admin"
-version = "0.5.0-rc.8"
+version = "0.5.1"
 dependencies = [
  "clap",
  "conduwuit_api",
@@ -956,7 +994,7 @@ dependencies = [
 
 [[package]]
 name = "conduwuit_api"
-version = "0.5.0-rc.8"
+version = "0.5.1"
 dependencies = [
  "async-trait",
  "axum 0.7.9",
@@ -989,14 +1027,14 @@ dependencies = [
 
 [[package]]
 name = "conduwuit_build_metadata"
-version = "0.5.0-rc.8"
+version = "0.5.1"
 dependencies = [
- "built 0.8.0",
+ "built",
 ]
 
 [[package]]
 name = "conduwuit_core"
-version = "0.5.0-rc.8"
+version = "0.5.1"
 dependencies = [
  "argon2",
  "arrayvec",
@@ -1057,7 +1095,7 @@ dependencies = [
 
 [[package]]
 name = "conduwuit_database"
-version = "0.5.0-rc.8"
+version = "0.5.1"
 dependencies = [
  "async-channel",
  "conduwuit_core",
@@ -1076,7 +1114,7 @@ dependencies = [
 
 [[package]]
 name = "conduwuit_macros"
-version = "0.5.0-rc.8"
+version = "0.5.1"
 dependencies = [
  "itertools 0.14.0",
  "proc-macro2",
@@ -1086,7 +1124,7 @@ dependencies = [
 
 [[package]]
 name = "conduwuit_router"
-version = "0.5.0-rc.8"
+version = "0.5.1"
 dependencies = [
  "axum 0.7.9",
  "axum-client-ip",
@@ -1121,7 +1159,7 @@ dependencies = [
 
 [[package]]
 name = "conduwuit_service"
-version = "0.5.0-rc.8"
+version = "0.5.1"
 dependencies = [
  "async-trait",
  "base64 0.22.1",
@@ -1162,7 +1200,7 @@ dependencies = [
 
 [[package]]
 name = "conduwuit_web"
-version = "0.5.0-rc.8"
+version = "0.5.1"
 dependencies = [
  "askama",
  "axum 0.7.9",
@@ -1269,6 +1307,15 @@ version = "0.8.7"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "773648b94d0e5d620f64f280777445740e61fe701025087ec8b57f45c791888b"
 
+[[package]]
+name = "core2"
+version = "0.4.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "b49ba7ef1ad6107f8824dbe97de947cbaac53c44e7f9756a1fba0d37c1eec505"
+dependencies = [
+ "memchr",
+]
+
 [[package]]
 name = "core_affinity"
 version = "0.8.1"
@@ -1431,9 +1478,9 @@ dependencies = [
 
 [[package]]
 name = "ctor"
-version = "0.5.0"
+version = "0.6.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "67773048316103656a637612c4a62477603b777d91d9c62ff2290f9cde178fdb"
+checksum = "3ffc71fcdcdb40d6f087edddf7f8f1f8f79e6cf922f555a9ee8779752d4819bd"
 dependencies = [
  "ctor-proc-macro",
  "dtor",
@@ -1441,9 +1488,9 @@ dependencies = [
 
 [[package]]
 name = "ctor-proc-macro"
-version = "0.0.6"
+version = "0.0.7"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "e2931af7e13dc045d8e9d26afccc6fa115d64e115c9c84b1166288b46f6782c2"
+checksum = "52560adf09603e58c9a7ee1fe1dcb95a16927b17c127f0ac02d6e768a0e25bc1"
 
 [[package]]
 name = "curve25519-dalek"
@@ -1640,6 +1687,24 @@ dependencies = [
  "serde",
 ]
 
+[[package]]
+name = "encoding_rs"
+version = "0.8.35"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "75030f3c4f45dafd7586dd6780965a8c7e8e285a5ecb86713e63a79c5b2766f3"
+dependencies = [
+ "cfg-if",
+]
+
+[[package]]
+name = "encoding_rs_io"
+version = "0.1.7"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "1cc3c5651fb62ab8aa3103998dade57efdd028544bd300516baa31840c252a83"
+dependencies = [
+ "encoding_rs",
+]
+
 [[package]]
 name = "enum-as-inner"
 version = "0.6.1"
@@ -1710,9 +1775,9 @@ dependencies = [
 
 [[package]]
 name = "exr"
-version = "1.73.0"
+version = "1.74.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f83197f59927b46c04a183a619b7c29df34e63e63c7869320862268c0ef687e0"
+checksum = "4300e043a56aa2cb633c01af81ca8f699a321879a7854d3896a0ba89056363be"
 dependencies = [
  "bit_field",
  "half",
@@ -1991,9 +2056,9 @@ dependencies = [
 
 [[package]]
 name = "gif"
-version = "0.13.3"
+version = "0.14.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "4ae047235e33e2829703574b54fdec96bfbad892062d97fed2f76022287de61b"
+checksum = "f954a9e9159ec994f73a30a12b96a702dde78f5547bcb561174597924f7d4162"
 dependencies = [
  "color_quant",
  "weezl",
@@ -2455,9 +2520,9 @@ dependencies = [
 
 [[package]]
 name = "image"
-version = "0.25.8"
+version = "0.25.9"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "529feb3e6769d234375c4cf1ee2ce713682b8e76538cb13f9fc23e1400a591e7"
+checksum = "e6506c6c10786659413faa717ceebcb8f70731c0a60cbae39795fdf114519c1a"
 dependencies = [
  "bytemuck",
  "byteorder-lite",
@@ -2473,8 +2538,8 @@ dependencies = [
  "rayon",
  "rgb",
  "tiff",
- "zune-core",
- "zune-jpeg",
+ "zune-core 0.5.0",
+ "zune-jpeg 0.5.5",
 ]
 
 [[package]]
@@ -2925,29 +2990,15 @@ checksum = "6877bb514081ee2a7ff5ef9de3281f14a4dd4bceac4c09388074a6b5df8a139a"
 
 [[package]]
 name = "minicbor"
-version = "2.1.1"
+version = "2.1.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "4f182275033b808ede9427884caa8e05fa7db930801759524ca7925bd8aa7a82"
-dependencies = [
- "minicbor-derive",
-]
-
-[[package]]
-name = "minicbor-derive"
-version = "0.18.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "b17290c95158a760027059fe3f511970d6857e47ff5008f9e09bffe3d3e1c6af"
-dependencies = [
- "proc-macro2",
- "quote",
- "syn",
-]
+checksum = "f9a1119e42fbacc2bb65d860de6eb7c930562bc71d42dca026d06b0228231f77"
 
 [[package]]
 name = "minicbor-serde"
-version = "0.6.1"
+version = "0.6.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "546cc904f35809921fa57016a84c97e68d9d27c012e87b9dadc28c233705f783"
+checksum = "80047f75e28e3b38f6ab2ec3c2c7669f6b411fa6f8424e1a90a3fd784b19a3f4"
 dependencies = [
  "minicbor",
  "serde",
@@ -2955,9 +3006,9 @@ dependencies = [
 
 [[package]]
 name = "minimad"
-version = "0.13.1"
+version = "0.14.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "a9c5d708226d186590a7b6d4a9780e2bdda5f689e0d58cd17012a298efd745d2"
+checksum = "df8b688969b16915f3ecadc7829d5b7779dee4977e503f767f34136803d5c06f"
 dependencies = [
  "once_cell",
 ]
@@ -3070,7 +3121,7 @@ version = "0.50.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "7957b9740744892f114936ab4a57b3f487491bbeafaf8083688b16841a4240e5"
 dependencies = [
- "windows-sys 0.61.2",
+ "windows-sys 0.60.2",
 ]
 
 [[package]]
@@ -3254,6 +3305,8 @@ dependencies = [
  "prost",
  "reqwest",
  "thiserror 2.0.17",
+ "tokio",
+ "tonic",
  "tracing",
 ]
 
@@ -3347,6 +3400,12 @@ version = "1.0.15"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "57c0d7b74b563b49d38dae00a0c37d4d6de9b432382b2892f0574ddcae73fd0a"
 
+[[package]]
+name = "pastey"
+version = "0.1.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "35fb2e5f958ec131621fdd531e9fc186ed768cbe395337403ae56c17a74c68ec"
+
 [[package]]
 name = "pear"
 version = "0.2.9"
@@ -3611,7 +3670,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "9120690fafc389a67ba3803df527d0ec9cbbc9cc45e4cc20b332996dfb672425"
 dependencies = [
  "anyhow",
- "itertools 0.12.1",
+ "itertools 0.14.0",
  "proc-macro2",
  "quote",
  "syn",
@@ -3808,19 +3867,21 @@ dependencies = [
 
 [[package]]
 name = "rav1e"
-version = "0.7.1"
+version = "0.8.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "cd87ce80a7665b1cce111f8a16c1f3929f6547ce91ade6addf4ec86a8dda5ce9"
+checksum = "43b6dd56e85d9483277cde964fd1bdb0428de4fec5ebba7540995639a21cb32b"
 dependencies = [
+ "aligned-vec",
  "arbitrary",
  "arg_enum_proc_macro",
  "arrayvec",
+ "av-scenechange",
  "av1-grain",
  "bitstream-io",
- "built 0.7.7",
+ "built",
  "cfg-if",
  "interpolate_name",
- "itertools 0.12.1",
+ "itertools 0.14.0",
  "libc",
  "libfuzzer-sys",
  "log",
@@ -3829,23 +3890,21 @@ dependencies = [
  "noop_proc_macro",
  "num-derive",
  "num-traits",
- "once_cell",
  "paste",
  "profiling",
- "rand 0.8.5",
- "rand_chacha 0.3.1",
+ "rand 0.9.2",
+ "rand_chacha 0.9.0",
  "simd_helpers",
- "system-deps",
- "thiserror 1.0.69",
+ "thiserror 2.0.17",
  "v_frame",
  "wasm-bindgen",
 ]
 
 [[package]]
 name = "ravif"
-version = "0.11.20"
+version = "0.12.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "5825c26fddd16ab9f515930d49028a630efec172e903483c94796cfe31893e6b"
+checksum = "ef69c1990ceef18a116855938e74793a5f7496ee907562bd0857b6ac734ab285"
 dependencies = [
  "avif-serialize",
  "imgref",
@@ -3973,9 +4032,9 @@ dependencies = [
 
 [[package]]
 name = "resolv-conf"
-version = "0.7.5"
+version = "0.7.6"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "6b3789b30bd25ba102de4beabd95d21ac45b69b1be7d14522bab988c526d6799"
+checksum = "1e061d1b48cb8d38042de4ae0a7a6401009d6143dc80d2e2d6f31f0bdd6470c7"
 
 [[package]]
 name = "rgb"
@@ -4006,7 +4065,7 @@ checksum = "88f8660c1ff60292143c98d08fc6e2f654d722db50410e3f3797d40baaf9d8f3"
 [[package]]
 name = "ruma"
 version = "0.10.1"
-source = "git+https://forgejo.ellis.link/continuwuation/ruwuma?rev=50b2a91b2ab8f9830eea80b9911e11234e0eac66#50b2a91b2ab8f9830eea80b9911e11234e0eac66"
+source = "git+https://forgejo.ellis.link/continuwuation/ruwuma?rev=27abe0dcd33fd4056efc94bab3582646b31b6ce9#27abe0dcd33fd4056efc94bab3582646b31b6ce9"
 dependencies = [
  "assign",
  "js_int",
@@ -4026,7 +4085,7 @@ dependencies = [
 [[package]]
 name = "ruma-appservice-api"
 version = "0.10.0"
-source = "git+https://forgejo.ellis.link/continuwuation/ruwuma?rev=50b2a91b2ab8f9830eea80b9911e11234e0eac66#50b2a91b2ab8f9830eea80b9911e11234e0eac66"
+source = "git+https://forgejo.ellis.link/continuwuation/ruwuma?rev=27abe0dcd33fd4056efc94bab3582646b31b6ce9#27abe0dcd33fd4056efc94bab3582646b31b6ce9"
 dependencies = [
  "js_int",
  "ruma-common",
@@ -4038,7 +4097,7 @@ dependencies = [
 [[package]]
 name = "ruma-client-api"
 version = "0.18.0"
-source = "git+https://forgejo.ellis.link/continuwuation/ruwuma?rev=50b2a91b2ab8f9830eea80b9911e11234e0eac66#50b2a91b2ab8f9830eea80b9911e11234e0eac66"
+source = "git+https://forgejo.ellis.link/continuwuation/ruwuma?rev=27abe0dcd33fd4056efc94bab3582646b31b6ce9#27abe0dcd33fd4056efc94bab3582646b31b6ce9"
 dependencies = [
  "as_variant",
  "assign",
@@ -4061,7 +4120,7 @@ dependencies = [
 [[package]]
 name = "ruma-common"
 version = "0.13.0"
-source = "git+https://forgejo.ellis.link/continuwuation/ruwuma?rev=50b2a91b2ab8f9830eea80b9911e11234e0eac66#50b2a91b2ab8f9830eea80b9911e11234e0eac66"
+source = "git+https://forgejo.ellis.link/continuwuation/ruwuma?rev=27abe0dcd33fd4056efc94bab3582646b31b6ce9#27abe0dcd33fd4056efc94bab3582646b31b6ce9"
 dependencies = [
  "as_variant",
  "base64 0.22.1",
@@ -4093,7 +4152,7 @@ dependencies = [
 [[package]]
 name = "ruma-events"
 version = "0.28.1"
-source = "git+https://forgejo.ellis.link/continuwuation/ruwuma?rev=50b2a91b2ab8f9830eea80b9911e11234e0eac66#50b2a91b2ab8f9830eea80b9911e11234e0eac66"
+source = "git+https://forgejo.ellis.link/continuwuation/ruwuma?rev=27abe0dcd33fd4056efc94bab3582646b31b6ce9#27abe0dcd33fd4056efc94bab3582646b31b6ce9"
 dependencies = [
  "as_variant",
  "indexmap",
@@ -4118,7 +4177,7 @@ dependencies = [
 [[package]]
 name = "ruma-federation-api"
 version = "0.9.0"
-source = "git+https://forgejo.ellis.link/continuwuation/ruwuma?rev=50b2a91b2ab8f9830eea80b9911e11234e0eac66#50b2a91b2ab8f9830eea80b9911e11234e0eac66"
+source = "git+https://forgejo.ellis.link/continuwuation/ruwuma?rev=27abe0dcd33fd4056efc94bab3582646b31b6ce9#27abe0dcd33fd4056efc94bab3582646b31b6ce9"
 dependencies = [
  "bytes",
  "headers",
@@ -4140,7 +4199,7 @@ dependencies = [
 [[package]]
 name = "ruma-identifiers-validation"
 version = "0.9.5"
-source = "git+https://forgejo.ellis.link/continuwuation/ruwuma?rev=50b2a91b2ab8f9830eea80b9911e11234e0eac66#50b2a91b2ab8f9830eea80b9911e11234e0eac66"
+source = "git+https://forgejo.ellis.link/continuwuation/ruwuma?rev=27abe0dcd33fd4056efc94bab3582646b31b6ce9#27abe0dcd33fd4056efc94bab3582646b31b6ce9"
 dependencies = [
  "js_int",
  "thiserror 2.0.17",
@@ -4149,7 +4208,7 @@ dependencies = [
 [[package]]
 name = "ruma-identity-service-api"
 version = "0.9.0"
-source = "git+https://forgejo.ellis.link/continuwuation/ruwuma?rev=50b2a91b2ab8f9830eea80b9911e11234e0eac66#50b2a91b2ab8f9830eea80b9911e11234e0eac66"
+source = "git+https://forgejo.ellis.link/continuwuation/ruwuma?rev=27abe0dcd33fd4056efc94bab3582646b31b6ce9#27abe0dcd33fd4056efc94bab3582646b31b6ce9"
 dependencies = [
  "js_int",
  "ruma-common",
@@ -4159,7 +4218,7 @@ dependencies = [
 [[package]]
 name = "ruma-macros"
 version = "0.13.0"
-source = "git+https://forgejo.ellis.link/continuwuation/ruwuma?rev=50b2a91b2ab8f9830eea80b9911e11234e0eac66#50b2a91b2ab8f9830eea80b9911e11234e0eac66"
+source = "git+https://forgejo.ellis.link/continuwuation/ruwuma?rev=27abe0dcd33fd4056efc94bab3582646b31b6ce9#27abe0dcd33fd4056efc94bab3582646b31b6ce9"
 dependencies = [
  "cfg-if",
  "proc-macro-crate",
@@ -4174,7 +4233,7 @@ dependencies = [
 [[package]]
 name = "ruma-push-gateway-api"
 version = "0.9.0"
-source = "git+https://forgejo.ellis.link/continuwuation/ruwuma?rev=50b2a91b2ab8f9830eea80b9911e11234e0eac66#50b2a91b2ab8f9830eea80b9911e11234e0eac66"
+source = "git+https://forgejo.ellis.link/continuwuation/ruwuma?rev=27abe0dcd33fd4056efc94bab3582646b31b6ce9#27abe0dcd33fd4056efc94bab3582646b31b6ce9"
 dependencies = [
  "js_int",
  "ruma-common",
@@ -4186,7 +4245,7 @@ dependencies = [
 [[package]]
 name = "ruma-signatures"
 version = "0.15.0"
-source = "git+https://forgejo.ellis.link/continuwuation/ruwuma?rev=50b2a91b2ab8f9830eea80b9911e11234e0eac66#50b2a91b2ab8f9830eea80b9911e11234e0eac66"
+source = "git+https://forgejo.ellis.link/continuwuation/ruwuma?rev=27abe0dcd33fd4056efc94bab3582646b31b6ce9#27abe0dcd33fd4056efc94bab3582646b31b6ce9"
 dependencies = [
  "base64 0.22.1",
  "ed25519-dalek",
@@ -4572,18 +4631,20 @@ dependencies = [
 
 [[package]]
 name = "serde-saphyr"
-version = "0.0.7"
+version = "0.0.10"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "fd76af9505b2498740576f95f60b3b4e2c469b5b677a8d2dd1d2da18b58193de"
+checksum = "9b9e06cddad47cc6214c0c456cf209b99a58b54223e7af2f6d4b88a5a9968499"
 dependencies = [
+ "ahash",
  "base64 0.22.1",
+ "encoding_rs_io",
  "nohash-hasher",
  "num-traits",
  "ryu",
  "saphyr-parser",
  "serde",
  "serde_json",
- "smallvec 2.0.0-alpha.11",
+ "smallvec 2.0.0-alpha.12",
 ]
 
 [[package]]
@@ -4807,9 +4868,9 @@ dependencies = [
 
 [[package]]
 name = "smallvec"
-version = "2.0.0-alpha.11"
+version = "2.0.0-alpha.12"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "87b96efa4bd6bdd2ff0c6615cc36fc4970cbae63cfd46ddff5cee35a1b4df570"
+checksum = "ef784004ca8777809dcdad6ac37629f0a97caee4c685fcea805278d81dd8b857"
 
 [[package]]
 name = "socket2"
@@ -4901,9 +4962,9 @@ checksum = "13c2bddecc57b384dee18652358fb23172facb8a2c51ccc10d74c157bdea3292"
 
 [[package]]
 name = "syn"
-version = "2.0.109"
+version = "2.0.111"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "2f17c7e013e88258aa9543dcbe81aca68a667a9ac37cd69c9fbc07858bfe0e2f"
+checksum = "390cc9a294ab71bdb1aa2e99d13be9c753cd2d7bd6560c77118597410c4d2e87"
 dependencies = [
  "proc-macro2",
  "quote",
@@ -4930,31 +4991,12 @@ dependencies = [
  "syn",
 ]
 
-[[package]]
-name = "system-deps"
-version = "6.2.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "a3e535eb8dded36d55ec13eddacd30dec501792ff23a0b1682c38601b8cf2349"
-dependencies = [
- "cfg-expr",
- "heck",
- "pkg-config",
- "toml 0.8.23",
- "version-compare",
-]
-
 [[package]]
 name = "tagptr"
 version = "0.2.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "7b2093cf4c8eb1e67749a6762251bc9cd836b6fc171623bd0a9d324d37af2417"
 
-[[package]]
-name = "target-lexicon"
-version = "0.12.16"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "61c41af27dd6d1e27b1b16b489db798443478cef1f06a660c96db617ba5de3b1"
-
 [[package]]
 name = "tendril"
 version = "0.4.3"
@@ -4968,9 +5010,9 @@ dependencies = [
 
 [[package]]
 name = "termimad"
-version = "0.34.0"
+version = "0.34.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "68ff5ca043d65d4ea43b65cdb4e3aba119657d0d12caf44f93212ec3168a8e20"
+checksum = "889a9370996b74cf46016ce35b96c248a9ac36d69aab1d112b3e09bc33affa49"
 dependencies = [
  "coolor",
  "crokey",
@@ -5052,7 +5094,7 @@ dependencies = [
  "half",
  "quick-error",
  "weezl",
- "zune-jpeg",
+ "zune-jpeg 0.4.21",
 ]
 
 [[package]]
@@ -5366,9 +5408,9 @@ dependencies = [
 
 [[package]]
 name = "tower-http"
-version = "0.6.6"
+version = "0.6.7"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "adc82fd73de2a9722ac5da747f12383d2bfdb93591ee6c58486e0097890f05f2"
+checksum = "9cf146f99d442e8e68e585f5d798ccd3cad9a7835b917e09728880a862706456"
 dependencies = [
  "async-compression",
  "bitflags",
@@ -5402,9 +5444,9 @@ checksum = "8df9b6e13f2d32c91b9bd719c00d1958837bc7dec474d94952798cc8e69eeec3"
 
 [[package]]
 name = "tracing"
-version = "0.1.41"
+version = "0.1.43"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "784e0ac535deb450455cbfa28a6f0df145ea1bb7ae51b821cf5e7927fdcfbdd0"
+checksum = "2d15d90a0b5c19378952d479dc858407149d7bb45a14de0142f6c534b16fc647"
 dependencies = [
  "pin-project-lite",
  "tracing-attributes",
@@ -5413,9 +5455,9 @@ dependencies = [
 
 [[package]]
 name = "tracing-attributes"
-version = "0.1.30"
+version = "0.1.31"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "81383ab64e72a7a8b8e13130c49e3dab29def6d0c7d76a03087b3cf71c5c6903"
+checksum = "7490cfa5ec963746568740651ac6781f701c9c5ea257c58e057f3ba8cf69e8da"
 dependencies = [
  "proc-macro2",
  "quote",
@@ -5424,9 +5466,9 @@ dependencies = [
 
 [[package]]
 name = "tracing-core"
-version = "0.1.34"
+version = "0.1.35"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "b9d12581f227e93f094d3af2ae690a574abb8a2b9b7a96e7cfe9647b2b617678"
+checksum = "7a04e24fab5c89c6a36eb8558c9656f30d81de51dfa4d3b45f26b21d61fa0a6c"
 dependencies = [
  "once_cell",
  "valuable",
@@ -5445,9 +5487,9 @@ dependencies = [
 
 [[package]]
 name = "tracing-journald"
-version = "0.3.1"
+version = "0.3.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "fc0b4143302cf1022dac868d521e36e8b27691f72c84b3311750d5188ebba657"
+checksum = "2d3a81ed245bfb62592b1e2bc153e77656d94ee6a0497683a65a12ccaf2438d0"
 dependencies = [
  "libc",
  "tracing-core",
@@ -5486,9 +5528,9 @@ dependencies = [
 
 [[package]]
 name = "tracing-subscriber"
-version = "0.3.20"
+version = "0.3.22"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "2054a14f5307d601f88daf0553e1cbf472acc4f2c51afab632431cdcd72124d5"
+checksum = "2f30143827ddab0d256fd843b7a66d164e9f271cfa0dde49142c5ca0ca291f1e"
 dependencies = [
  "matchers",
  "nu-ansi-term",
@@ -5677,12 +5719,6 @@ version = "0.2.15"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "accd4ea62f7bb7a82fe23066fb0957d48ef677f6eeb8215f372f52e48bb32426"
 
-[[package]]
-name = "version-compare"
-version = "0.2.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "852e951cb7832cb45cb1169900d19760cfa39b82bc0ea9c0e5a14ae88411c98b"
-
 [[package]]
 name = "version_check"
 version = "0.9.5"
@@ -6170,7 +6206,7 @@ dependencies = [
 
 [[package]]
 name = "xtask"
-version = "0.5.0-rc.8"
+version = "0.5.1"
 dependencies = [
  "clap",
  "serde",
@@ -6179,7 +6215,7 @@ dependencies = [
 
 [[package]]
 name = "xtask-generate-commands"
-version = "0.5.0-rc.8"
+version = "0.5.1"
 dependencies = [
  "clap-markdown",
  "clap_builder",
@@ -6188,6 +6224,12 @@ dependencies = [
  "conduwuit_admin",
 ]
 
+[[package]]
+name = "y4m"
+version = "0.8.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "7a5a4b21e1a62b67a2970e6831bc091d7b87e119e7f9791aef9702e3bef04448"
+
 [[package]]
 name = "yansi"
 version = "1.0.1"
@@ -6332,6 +6374,12 @@ version = "0.4.12"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "3f423a2c17029964870cfaabb1f13dfab7d092a62a29a89264f4d36990ca414a"
 
+[[package]]
+name = "zune-core"
+version = "0.5.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "111f7d9820f05fd715df3144e254d6fc02ee4088b0644c0ffd0efc9e6d9d2773"
+
 [[package]]
 name = "zune-inflate"
 version = "0.2.54"
@@ -6347,5 +6395,14 @@ version = "0.4.21"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "29ce2c8a9384ad323cf564b67da86e21d3cfdff87908bc1223ed5c99bc792713"
 dependencies = [
- "zune-core",
+ "zune-core 0.4.12",
+]
+
+[[package]]
+name = "zune-jpeg"
+version = "0.5.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "dc6fb7703e32e9a07fb3f757360338b3a567a5054f21b5f52a666752e333d58e"
+dependencies = [
+ "zune-core 0.5.0",
 ]

Cargo.toml

@@ -21,7 +21,7 @@ license = "Apache-2.0"
 readme = "README.md"
 repository = "https://forgejo.ellis.link/continuwuation/continuwuity"
 rust-version = "1.86.0"
-version = "0.5.0-rc.8"
+version = "0.5.1"
 
 [workspace.metadata.crane]
 name = "conduwuit"
@@ -48,7 +48,7 @@ features = ["ffi", "std", "union"]
 version = "0.7.0"
 
 [workspace.dependencies.ctor]
-version = "0.5.0"
+version = "0.6.0"
 
 [workspace.dependencies.cargo_toml]
 version = "0.22"
@@ -167,7 +167,7 @@ features = ["raw_value"]
 
 # Used for appservice registration files
 [workspace.dependencies.serde-saphyr]
-version = "0.0.7"
+version = "0.0.10"
 
 # Used to load forbidden room/user regex from config
 [workspace.dependencies.serde_regex]
@@ -351,7 +351,7 @@ version = "0.1.2"
 # Used for matrix spec type definitions and helpers
 [workspace.dependencies.ruma]
 git = "https://forgejo.ellis.link/continuwuation/ruwuma"
-rev = "50b2a91b2ab8f9830eea80b9911e11234e0eac66"
+rev = "27abe0dcd33fd4056efc94bab3582646b31b6ce9"
 features = [
     "compat",
     "rand",
@@ -426,7 +426,7 @@ features = ["rt-tokio"]
 
 [workspace.dependencies.opentelemetry-otlp]
 version = "0.31.0"
-features = ["http", "trace", "logs", "metrics"]
+features = ["http", "grpc-tonic", "trace", "logs", "metrics"]
 
 
 
@@ -670,24 +670,6 @@ panic = "abort"
 inherits = "release"
 strip = "symbols"
 lto = "fat"
-#rustflags = [
-#	'-Ctarget-cpu=native',
-#	'-Ztune-cpu=native',
-#	'-Ctarget-feature=+crt-static',
-#	'-Crelocation-model=static',
-#	'-Ztls-model=local-exec',
-#	'-Zinline-in-all-cgus=true',
-#	'-Zinline-mir=true',
-#	'-Zmir-opt-level=3',
-#	'-Clink-arg=-fuse-ld=gold',
-#	'-Clink-arg=-Wl,--threads',
-#	'-Clink-arg=-Wl,--gc-sections',
-#	'-Clink-arg=-luring',
-#	'-Clink-arg=-lstdc++',
-#	'-Clink-arg=-lc',
-#	'-Ztime-passes',
-#	'-Ztime-llvm-passes',
-#]
 
 [profile.release-max-perf.build-override]
 inherits = "release-max-perf"
@@ -947,7 +929,7 @@ semicolon_outside_block = "warn"
 str_to_string = "warn"
 string_lit_chars_any = "warn"
 string_slice = "warn"
-string_to_string = "warn"
+
 suspicious_xor_used_as_pow = "warn"
 tests_outside_test_module = "warn"
 try_err = "warn"

README.md

@@ -11,7 +11,7 @@ ## A community-driven [Matrix](https://matrix.org/) homeserver in Rust
 <!-- ANCHOR_END: catchphrase -->
 
 [continuwuity] is a Matrix homeserver written in Rust.
-It's a community continuation of the [conduwuit](https://github.com/girlbossceo/conduwuit) homeserver.
+It's the official community continuation of the [conduwuit](https://github.com/girlbossceo/conduwuit) homeserver.
 
 <!-- ANCHOR: body -->
 

SECURITY.md

@@ -22,7 +22,7 @@ ### Responsible Disclosure
 
 1. **Contact members of the team directly** over E2EE private message.
    - [@jade:ellis.link](https://matrix.to/#/@jade:ellis.link)
-   - [@nex:nexy7574.co.uk](https://matrix.to/#/@nex:nexy7574.co.uk) <!-- ? -->
+   - [@nex:nexy7574.co.uk](https://matrix.to/#/@nex:nexy7574.co.uk)
 2. **Email the security team** at [security@continuwuity.org](mailto:security@continuwuity.org). This is not E2EE, so don't include sensitive details.
 3. **Do not disclose the vulnerability publicly** until it has been addressed
 4. **Provide detailed information** about the vulnerability, including:

book.toml

@@ -4,7 +4,6 @@ description = "continuwuity is a community continuation of the conduwuit Matrix
 language = "en"
 authors = ["The continuwuity Community"]
 text-direction = "ltr"
-multilingual = false
 src = "docs"
 
 [build]

conduwuit-example.toml

@@ -26,8 +26,8 @@
 # Also see the `[global.well_known]` config section at the very bottom.
 #
 # Examples of delegation:
-# - https://puppygock.gay/.well-known/matrix/server
-# - https://puppygock.gay/.well-known/matrix/client
+# - https://continuwuity.org/.well-known/matrix/server
+# - https://continuwuity.org/.well-known/matrix/client
 #
 # YOU NEED TO EDIT THIS. THIS CANNOT BE CHANGED AFTER WITHOUT A DATABASE
 # WIPE.
@@ -586,10 +586,13 @@
 #allow_unstable_room_versions = true
 
 # Default room version continuwuity will create rooms with.
+# Note that this has to be a string since the room version is a string
+# rather than an integer. Forgetting the quotes will make the server fail
+# to start!
 #
-# Per spec, room version 11 is the default.
+# Per spec, room version "11" is the default.
 #
-#default_room_version = 11
+#default_room_version = "11"
 
 # Enable OpenTelemetry OTLP tracing export. This replaces the deprecated
 # Jaeger exporter. Traces will be sent via OTLP to a collector (such as
@@ -605,6 +608,11 @@
 #
 #otlp_filter = "info"
 
+# Protocol to use for OTLP tracing export. Options are "http" or "grpc".
+# The HTTP protocol uses port 4318 by default, while gRPC uses port 4317.
+#
+#otlp_protocol = "http"
+
 # If the 'perf_measurements' compile-time feature is enabled, enables
 # collecting folded stack trace profile of tracing spans using
 # tracing_flame. The resulting profile can be visualized with inferno[1],
@@ -1530,7 +1538,7 @@
 # a normal continuwuity admin command. The reply will be publicly visible
 # to the room, originating from the sender.
 #
-# example: \\!admin debug ping puppygock.gay
+# example: \\!admin debug ping continuwuity.org
 #
 #admin_escape_commands = true
 
@@ -1548,7 +1556,8 @@
 # For example: `./continuwuity --execute "server admin-notice continuwuity
 # has started up at $(date)"`
 #
-# example: admin_execute = ["debug ping puppygock.gay", "debug echo hi"]`
+# example: admin_execute = ["debug ping continuwuity.org", "debug echo
+# hi"]`
 #
 #admin_execute = []
 

development.md

@@ -1 +1 @@
-docs/development.md
+docs/development/index.mdx

docker/Dockerfile

@@ -48,7 +48,7 @@ EOF
 
 # Developer tool versions
 # renovate: datasource=github-releases depName=cargo-bins/cargo-binstall
-ENV BINSTALL_VERSION=1.15.10
+ENV BINSTALL_VERSION=1.16.6
 # renovate: datasource=github-releases depName=psastras/sbom-rs
 ENV CARGO_SBOM_VERSION=0.9.1
 # renovate: datasource=crate depName=lddtree

docker/musl.Dockerfile

@@ -18,7 +18,7 @@ RUN --mount=type=cache,target=/etc/apk/cache apk add \
 
 # Developer tool versions
 # renovate: datasource=github-releases depName=cargo-bins/cargo-binstall
-ENV BINSTALL_VERSION=1.15.10
+ENV BINSTALL_VERSION=1.16.6
 # renovate: datasource=github-releases depName=psastras/sbom-rs
 ENV CARGO_SBOM_VERSION=0.9.1
 # renovate: datasource=crate depName=lddtree

docs/SUMMARY.md

@@ -1,26 +0,0 @@
-# Summary
-
-- [Introduction](introduction.md)
-- [Configuration](configuration.md)
-  - [Examples](configuration/examples.md)
-- [Deploying](deploying.md)
-  - [Generic](deploying/generic.md)
-  - [NixOS](deploying/nixos.md)
-  - [Docker](deploying/docker.md)
-  - [Kubernetes](deploying/kubernetes.md)
-  - [Arch Linux](deploying/arch-linux.md)
-  - [Debian](deploying/debian.md)
-  - [Fedora](deploying/fedora.md)
-  - [FreeBSD](deploying/freebsd.md)
-- [TURN](turn.md)
-- [Appservices](appservices.md)
-- [Maintenance](maintenance.md)
-- [Troubleshooting](troubleshooting.md)
-- [Admin Command Reference](admin_reference.md)
-- [Development](development.md)
-  - [Contributing](contributing.md)
-  - [Code Style Guide](development/code_style.md)
-  - [Testing](development/testing.md)
-  - [Hot Reloading ("Live" Development)](development/hot_reload.md)
-- [Community (and Guidelines)](community.md)
-- [Security](security.md)

docs/_meta.json

@@ -0,0 +1,74 @@
+[
+    {
+        "type": "file",
+        "name": "introduction",
+        "label": "Continuwuity"
+    },
+    {
+        "type": "file",
+        "name": "configuration",
+        "label": "Configuration"
+    },
+    {
+        "type": "dir",
+        "name": "deploying",
+        "label": "Deploying"
+    },
+    {
+        "type": "file",
+        "name": "turn",
+        "label": "TURN"
+    },
+    {
+        "type": "file",
+        "name": "appservices",
+        "label": "Appservices"
+    },
+    {
+        "type": "file",
+        "name": "maintenance",
+        "label": "Maintenance"
+    },
+    {
+        "type": "file",
+        "name": "troubleshooting",
+        "label": "Troubleshooting"
+    },
+    {
+        "type": "divider"
+    },
+    {
+        "type": "dir-section-header",
+        "name": "development",
+        "label": "Development",
+        "collapsible": true,
+        "collapsed": false
+    },
+    {
+        "type": "divider"
+    },
+    {
+        "type": "section-header",
+        "label": "Reference"
+    },
+    {
+        "type": "file",
+        "label": "Configuration Reference",
+        "name": "/reference/config"
+    },
+    {
+        "type": "file",
+        "label": "Admin Command Reference",
+        "name": "/reference/admin"
+    },
+    {
+        "type": "file",
+        "label": "Server Reference",
+        "name": "/reference/server"
+    },
+    {
+        "type": "divider"
+    },
+    "community",
+    "security"
+]

docs/_nav.json

@@ -0,0 +1,37 @@
+[
+    {
+        "text": "Guide",
+        "link": "/introduction",
+        "activeMatch": "^/(introduction|configuration|deploying|turn|appservices|maintenance|troubleshooting)"
+    },
+    {
+        "text": "Development",
+        "link": "/development/index",
+        "activeMatch": "^/development/"
+    },
+    {
+        "text": "Reference",
+        "items": [
+            {
+                "text": "Configuration Reference",
+                "link": "/reference/config"
+            },
+            {
+                "text": "Admin Command Reference",
+                "link": "/reference/admin"
+            },
+            {
+                "text": "Server Reference",
+                "link": "/reference/server"
+            }
+        ]
+    },
+    {
+        "text": "Community",
+        "link": "/community"
+    },
+    {
+        "text": "Security",
+        "link": "/security"
+    }
+]

docs/assets/conduwuit_logo.svg

@@ -1,36 +0,0 @@
-<svg
-  version="1.1"
-  id="Layer_1"
-  xmlns="http://www.w3.org/2000/svg"
-  x="0px"
-  y="0px"
-  width="100%"
-  viewBox="0 0 864 864"
-  enableBackground="new 0 0 864 864"
-  xmlSpace="preserve"
->
-  <path
-    fill="#EC008C"
-    opacity="1.000000"
-    stroke="none"
-    d="M0.999997,649.000000 C1.000000,433.052795 1.000000,217.105591 1.000000,1.079198 C288.876801,1.079198 576.753601,1.079198 865.000000,1.079198 C865.000000,73.025414 865.000000,145.051453 864.634888,217.500671 C852.362488,223.837280 840.447632,229.735275 828.549438,235.666794 C782.143677,258.801056 735.743225,281.945923 688.998657,304.980469 C688.122009,304.476532 687.580750,304.087708 687.053894,303.680206 C639.556946,266.944733 573.006775,291.446869 560.804199,350.179443 C560.141357,353.369446 559.717590,356.609131 559.195374,359.748962 C474.522705,359.748962 390.283478,359.748962 306.088135,359.748962 C298.804138,318.894806 265.253357,295.206024 231.834442,293.306793 C201.003021,291.554596 169.912033,310.230042 156.935104,338.792725 C149.905151,354.265930 147.884064,370.379944 151.151794,387.034515 C155.204453,407.689667 166.300507,423.954224 183.344437,436.516663 C181.938263,437.607025 180.887405,438.409576 179.849426,439.228516 C147.141953,465.032562 139.918045,510.888947 163.388611,545.322632 C167.274551,551.023804 172.285187,555.958313 176.587341,561.495728 C125.846893,587.012817 75.302292,612.295532 24.735992,637.534790 C16.874903,641.458496 8.914484,645.183228 0.999997,649.000000 z"
-  />
-  <path
-    fill="#000000"
-    opacity="1.000000"
-    stroke="none"
-    d="M689.340759,305.086823 C735.743225,281.945923 782.143677,258.801056 828.549438,235.666794 C840.447632,229.735275 852.362488,223.837280 864.634888,217.961929 C865.000000,433.613190 865.000000,649.226379 865.000000,864.919800 C577.000000,864.919800 289.000000,864.919800 1.000000,864.919800 C1.000000,793.225708 1.000000,721.576721 0.999997,649.463867 C8.914484,645.183228 16.874903,641.458496 24.735992,637.534790 C75.302292,612.295532 125.846893,587.012817 176.939667,561.513062 C178.543060,562.085083 179.606812,562.886414 180.667526,563.691833 C225.656799,597.853394 291.232574,574.487244 304.462524,519.579773 C304.989105,517.394409 305.501068,515.205505 305.984619,513.166748 C391.466370,513.166748 476.422729,513.166748 561.331177,513.166748 C573.857727,555.764343 608.978149,572.880920 638.519897,572.672791 C671.048340,572.443665 700.623230,551.730408 711.658752,520.910583 C722.546875,490.502106 715.037842,453.265564 682.776733,429.447052 C683.966064,428.506866 685.119507,427.602356 686.265320,426.688232 C712.934143,405.412262 723.011475,370.684631 711.897339,338.686676 C707.312805,325.487671 699.185303,314.725128 689.340759,305.086823 z"
-  />
-  <path
-    fill="#FEFBFC"
-    opacity="1.000000"
-    stroke="none"
-    d="M688.998657,304.980469 C699.185303,314.725128 707.312805,325.487671 711.897339,338.686676 C723.011475,370.684631 712.934143,405.412262 686.265320,426.688232 C685.119507,427.602356 683.966064,428.506866 682.776733,429.447052 C715.037842,453.265564 722.546875,490.502106 711.658752,520.910583 C700.623230,551.730408 671.048340,572.443665 638.519897,572.672791 C608.978149,572.880920 573.857727,555.764343 561.331177,513.166748 C476.422729,513.166748 391.466370,513.166748 305.984619,513.166748 C305.501068,515.205505 304.989105,517.394409 304.462524,519.579773 C291.232574,574.487244 225.656799,597.853394 180.667526,563.691833 C179.606812,562.886414 178.543060,562.085083 177.128418,561.264465 C172.285187,555.958313 167.274551,551.023804 163.388611,545.322632 C139.918045,510.888947 147.141953,465.032562 179.849426,439.228516 C180.887405,438.409576 181.938263,437.607025 183.344437,436.516663 C166.300507,423.954224 155.204453,407.689667 151.151794,387.034515 C147.884064,370.379944 149.905151,354.265930 156.935104,338.792725 C169.912033,310.230042 201.003021,291.554596 231.834442,293.306793 C265.253357,295.206024 298.804138,318.894806 306.088135,359.748962 C390.283478,359.748962 474.522705,359.748962 559.195374,359.748962 C559.717590,356.609131 560.141357,353.369446 560.804199,350.179443 C573.006775,291.446869 639.556946,266.944733 687.053894,303.680206 C687.580750,304.087708 688.122009,304.476532 688.998657,304.980469 M703.311279,484.370789 C698.954468,457.053253 681.951416,440.229645 656.413696,429.482330 C673.953552,421.977875 688.014709,412.074219 696.456482,395.642365 C704.862061,379.280853 706.487793,362.316345 700.947998,344.809204 C691.688965,315.548492 664.183716,296.954437 633.103516,298.838257 C618.467957,299.725372 605.538086,305.139557 594.588501,314.780121 C577.473999,329.848511 570.185486,349.121399 571.838501,371.750854 C479.166595,371.750854 387.082886,371.750854 294.582672,371.750854 C293.993011,354.662048 288.485260,339.622314 276.940491,327.118439 C265.392609,314.611176 251.082092,307.205322 234.093262,305.960541 C203.355347,303.708374 176.337585,320.898438 166.089890,348.816620 C159.557541,366.613007 160.527206,384.117401 168.756042,401.172516 C177.054779,418.372589 191.471954,428.832886 207.526581,435.632172 C198.407059,442.272583 188.815598,448.302246 180.383728,455.660675 C171.685028,463.251984 166.849655,473.658661 163.940216,484.838684 C161.021744,496.053375 161.212982,507.259705 164.178833,518.426208 C171.577927,546.284302 197.338104,566.588867 226.001465,567.336853 C240.828415,567.723816 254.357819,563.819092 266.385468,555.199646 C284.811554,541.994751 293.631104,523.530579 294.687347,501.238312 C387.354828,501.238312 479.461304,501.238312 571.531799,501.238312 C577.616638,543.189026 615.312866,566.342102 651.310059,559.044739 C684.973938,552.220398 708.263306,519.393127 703.311279,484.370789 z"
-  />
-  <path
-    fill="#EC008C"
-    opacity="1.000000"
-    stroke="none"
-    d="M703.401855,484.804718 C708.263306,519.393127 684.973938,552.220398 651.310059,559.044739 C615.312866,566.342102 577.616638,543.189026 571.531799,501.238312 C479.461304,501.238312 387.354828,501.238312 294.687347,501.238312 C293.631104,523.530579 284.811554,541.994751 266.385468,555.199646 C254.357819,563.819092 240.828415,567.723816 226.001465,567.336853 C197.338104,566.588867 171.577927,546.284302 164.178833,518.426208 C161.212982,507.259705 161.021744,496.053375 163.940216,484.838684 C166.849655,473.658661 171.685028,463.251984 180.383728,455.660675 C188.815598,448.302246 198.407059,442.272583 207.526581,435.632172 C191.471954,428.832886 177.054779,418.372589 168.756042,401.172516 C160.527206,384.117401 159.557541,366.613007 166.089890,348.816620 C176.337585,320.898438 203.355347,303.708374 234.093262,305.960541 C251.082092,307.205322 265.392609,314.611176 276.940491,327.118439 C288.485260,339.622314 293.993011,354.662048 294.582672,371.750854 C387.082886,371.750854 479.166595,371.750854 571.838501,371.750854 C570.185486,349.121399 577.473999,329.848511 594.588501,314.780121 C605.538086,305.139557 618.467957,299.725372 633.103516,298.838257 C664.183716,296.954437 691.688965,315.548492 700.947998,344.809204 C706.487793,362.316345 704.862061,379.280853 696.456482,395.642365 C688.014709,412.074219 673.953552,421.977875 656.413696,429.482330 C681.951416,440.229645 698.954468,457.053253 703.401855,484.804718 z"
-  />
-</svg>

docs/configuration.mdx

@@ -8,7 +8,7 @@ ## Basics
 setting individual config options via commandline.
 
 Please refer to the [example config
-file](./configuration/examples.md#example-configuration) for all of those
+file](./reference/config.mdx) for all of those
 settings.
 
 The config file to use can be specified on the commandline when running

docs/configuration/examples.md

@@ -1,19 +0,0 @@
-## Example configuration
-
-<details>
-<summary>Example configuration</summary>
-
-```toml
-{{#include ../../conduwuit-example.toml}}
-```
-
-</details>
-
-## systemd unit file
-
-<details>
-<summary>systemd unit file</summary>
-
-```
-{{#include ../../pkg/conduwuit.service}}
-```

docs/deploying/_meta.json

@@ -0,0 +1,42 @@
+[
+    {
+        "type": "file",
+        "name": "generic",
+        "label": "Generic"
+    },
+    {
+        "type": "file",
+        "name": "docker",
+        "label": "Docker"
+    },
+    {
+        "type": "file",
+        "name": "debian",
+        "label": "Debian"
+    },
+    {
+        "type": "file",
+        "name": "fedora",
+        "label": "Fedora"
+    },
+    {
+        "type": "file",
+        "name": "nixos",
+        "label": "NixOS"
+    },
+    {
+        "type": "file",
+        "name": "arch-linux",
+        "label": "Arch Linux"
+    },
+    {
+        "type": "file",
+        "name": "kubernetes",
+        "label": "Kubernetes"
+    },
+    {
+        "type": "file",
+        "name": "freebsd",
+        "label": "FreeBSD"
+    }
+]

docs/deploying/debian.md

@@ -1 +0,0 @@
-{{#include ../../pkg/debian/README.md}}

docs/deploying/debian.mdx

@@ -0,0 +1 @@
+../../pkg/debian/README.md

docs/deploying/docker-compose.for-traefik.yml

@@ -2,7 +2,7 @@
 
 services:
   homeserver:
-    ### If you already built the conduduwit image with 'docker build' or want to use the Docker Hub image,
+    ### If you already built the continuwuity image with 'docker build' or want to use the Docker Hub image,
     ### then you are ready to go.
     image: forgejo.ellis.link/continuwuation/continuwuity:latest
     restart: unless-stopped

docs/deploying/docker-compose.with-traefik.yml

@@ -114,6 +114,10 @@ services:
       TRAEFIK_CERTIFICATESRESOLVERS_LETSENCRYPT_ACME_HTTPCHALLENGE_ENTRYPOINT: web
       TRAEFIK_CERTIFICATESRESOLVERS_LETSENCRYPT_ACME_STORAGE: "/etc/traefik/acme/acme.json"
 
+      # Since Traefik 3.6.3, paths with certain "encoded characters" are now blocked by default; we need a couple, or else things *will* break
+      TRAEFIK_ENTRYPOINTS_WEBSECURE_HTTP_ENCODEDCHARACTERS_ALLOWENCODEDSLASH: true
+      TRAEFIK_ENTRYPOINTS_WEBSECURE_HTTP_ENCODEDCHARACTERS_ALLOWENCODEDHASH: true
+
       TRAEFIK_PROVIDERS_DOCKER: true
       TRAEFIK_PROVIDERS_DOCKER_ENDPOINT: "unix:///var/run/docker.sock"
       TRAEFIK_PROVIDERS_DOCKER_EXPOSEDBYDEFAULT: false

docs/deploying/docker.mdx

@@ -40,10 +40,10 @@ ### Run
 
 The `-d` flag lets the container run in detached mode. You may supply an
 optional `continuwuity.toml` config file, the example config can be found
-[here](../configuration/examples.md). You can pass in different env vars to
+[here](../reference/config.mdx). You can pass in different env vars to
 change config values on the fly. You can even configure Continuwuity completely by
 using env vars. For an overview of possible values, please take a look at the
-[`docker-compose.yml`](docker-compose.yml) file.
+<a href="/examples/docker-compose.yml" target="_blank">`docker-compose.yml`</a> file.
 
 If you just want to test Continuwuity for a short time, you can use the `--rm`
 flag, which cleans up everything related to your container after you stop
@@ -56,14 +56,62 @@ ### Docker-compose
 
 Depending on your proxy setup, you can use one of the following files:
 
-- If you already have a `traefik` instance set up, use
-[`docker-compose.for-traefik.yml`](docker-compose.for-traefik.yml)
-- If you don't have a `traefik` instance set up and would like to use it, use
-[`docker-compose.with-traefik.yml`](docker-compose.with-traefik.yml)
-- If you want a setup that works out of the box with `caddy-docker-proxy`, use
-[`docker-compose.with-caddy.yml`](docker-compose.with-caddy.yml) and replace all
-`example.com` placeholders with your own domain
-- For any other reverse proxy, use [`docker-compose.yml`](docker-compose.yml)
+### For existing Traefik setup
+
+<details>
+<summary>docker-compose.for-traefik.yml</summary>
+
+```yaml file="./docker-compose.for-traefik.yml"
+
+```
+
+</details>
+
+### With Traefik included
+
+<details>
+<summary>docker-compose.with-traefik.yml</summary>
+
+```yaml file="./docker-compose.with-traefik.yml"
+
+```
+
+</details>
+
+### With Caddy Docker Proxy
+
+<details>
+<summary>docker-compose.with-caddy.yml</summary>
+
+Replace all `example.com` placeholders with your own domain.
+
+```yaml file="./docker-compose.with-caddy.yml"
+
+```
+
+</details>
+
+### For other reverse proxies
+
+<details>
+<summary>docker-compose.yml</summary>
+
+```yaml file="./docker-compose.yml"
+
+```
+
+</details>
+
+### Override file
+
+<details>
+<summary>docker-compose.override.yml</summary>
+
+```yaml file="./docker-compose.override.yml"
+
+```
+
+</details>
 
 When picking the Traefik-related compose file, rename it to
 `docker-compose.yml`, and rename the override file to
@@ -80,7 +128,7 @@ ### Docker-compose
 After that, you can rename it to `docker-compose.yml` and spin up the
 containers!
 
-Additional info about deploying Continuwuity can be found [here](generic.md).
+Additional info about deploying Continuwuity can be found [here](generic.mdx).
 
 ### Build
 
@@ -88,7 +136,18 @@ ### Build
 
 The resulting images are widely compatible with Docker and other container runtimes like Podman or containerd.
 
-The images *do not contain a shell*. They contain only the Continuwuity binary, required libraries, TLS certificates, and metadata. Please refer to the [`docker/Dockerfile`][dockerfile-path] for the specific details of the image composition.
+The images *do not contain a shell*. They contain only the Continuwuity binary, required libraries, TLS certificates, and metadata.
+
+<details>
+<summary>Click to view the Dockerfile</summary>
+
+You can also <a href="https://forgejo.ellis.link/continuwuation/continuwuation/src/branch/main/docker/Dockerfile" target="_blank">view the Dockerfile on Forgejo</a>.
+
+```dockerfile file="../../docker/Dockerfile"
+
+```
+
+</details>
 
 To build an image locally using Docker Buildx, you can typically run a command like:
 
@@ -105,7 +164,7 @@ # docker buildx build --load --tag continuwuity:latest --build-arg TARGET_CPU=na
 
 Refer to the Docker Buildx documentation for more advanced build options.
 
-[dockerfile-path]: ../../docker/Dockerfile
+[dockerfile-path]: https://forgejo.ellis.link/continuwuation/continuwuation/src/branch/main/docker/Dockerfile
 
 ### Run
 
@@ -123,10 +182,7 @@ ### Use Traefik as Proxy
 
 As a container user, you probably know about Traefik. It is an easy-to-use
 reverse proxy for making containerized apps and services available through the
-web. With the two provided files,
-[`docker-compose.for-traefik.yml`](docker-compose.for-traefik.yml) (or
-[`docker-compose.with-traefik.yml`](docker-compose.with-traefik.yml)) and
-[`docker-compose.override.yml`](docker-compose.override.yml), it is equally easy
+web. With the Traefik-related docker-compose files provided above, it is equally easy
 to deploy and use Continuwuity, with a small caveat. If you have already looked at
 the files, you should have seen the `well-known` service, which is the
 small caveat. Traefik is simply a proxy and load balancer and cannot

docs/deploying/generic.mdx

@@ -97,8 +97,7 @@ ## Forwarding ports in the firewall or the router
 
 ## Setting up a systemd service
 
-You can find two example systemd units for Continuwuity
-[on the configuration page](../configuration/examples.md#debian-systemd-unit-file).
+You can find an example unit for continuwuity below.
 You may need to change the `ExecStart=` path to match where you placed the Continuwuity
 binary if it is not in `/usr/bin/conduwuit`.
 
@@ -117,11 +116,26 @@ ## Setting up a systemd service
 ReadWritePaths=/path/to/custom/database/path
 ```
 
+
+### Example systemd Unit File
+
+<details>
+<summary>Click to expand systemd unit file (conduwuit.service)</summary>
+
+
+```ini file="../../pkg/conduwuit.service"
+
+```
+
+</details>
+
+You can also [view the file on Foregejo](https://forgejo.ellis.link/continuwuation/continuwuity/src/branch/main/pkg/conduwuit.service).
+
 ## Creating the Continuwuity configuration file
 
 Now you need to create the Continuwuity configuration file in
-`/etc/continuwuity/continuwuity.toml`. You can find an example configuration at
-[conduwuit-example.toml](../configuration/examples.md).
+`/etc/conduwuit/conduwuit.toml`. You can find an example configuration at
+[conduwuit-example.toml](../reference/config.mdx).
 
 **Please take a moment to read the config. You need to change at least the
 server name.**
@@ -156,7 +170,7 @@ ### Caddy
 After installing Caddy via your preferred method, create `/etc/caddy/conf.d/conduwuit_caddyfile`
 and enter the following (substitute your actual server name):
 
-```caddyfile
+```
 your.server.name, your.server.name:8448 {
     # TCP reverse_proxy
     reverse_proxy 127.0.0.1:6167
@@ -193,8 +207,10 @@ ### Other Reverse Proxies
 - [`/.well-known/matrix/support`](https://spec.matrix.org/latest/client-server-api/#getwell-knownmatrixsupport)
 
 Examples of delegation:
-- <https://puppygock.gay/.well-known/matrix/server>
-- <https://puppygock.gay/.well-known/matrix/client>
+- https://continuwuity.org/.well-known/matrix/server
+- https://continuwuity.org/.well-known/matrix/client
+- https://ellis.link/.well-known/matrix/server
+- https://ellis.link/.well-known/matrix/client
 
 For Apache and Nginx there are many examples available online.
 

docs/deploying/kubernetes.mdx

@@ -1,8 +1,8 @@
 # Continuwuity for Kubernetes
 
 Continuwuity doesn't support horizontal scalability or distributed loading
-natively. However, a community-maintained Helm Chart is available here to run
-conduwuit on Kubernetes: <https://gitlab.cronce.io/charts/conduwuit>
+natively. However, [a community-maintained Helm Chart is available here to run
+conduwuit on Kubernetes](https://gitlab.cronce.io/charts/conduwuit)
 
 This should be compatible with Continuwuity, but you will need to change the image reference.
 

docs/deploying/nixos.mdx

@@ -48,7 +48,7 @@ ### Available options
 - `package`: The Continuwuity package to use
 - `settings`: The Continuwuity configuration (in TOML format)
 
-Use the `settings` option to configure Continuwuity itself. See the [example configuration file](../configuration/examples.md#example-configuration) for all available options.
+Use the `settings` option to configure Continuwuity itself. See the [example configuration file](../reference/config.mdx) for all available options.
 
 ### UNIX sockets
 

docs/development/_meta.json

@@ -0,0 +1,27 @@
+[
+    {
+        "type": "file",
+        "name": "index",
+        "label": "Development Guide"
+    },
+    {
+        "type": "file",
+        "name": "contributing",
+        "label": "Contributing"
+    },
+    {
+        "type": "file",
+        "name": "code_style",
+        "label": "Code Style Guide"
+    },
+    {
+        "type": "file",
+        "name": "testing",
+        "label": "Testing"
+    },
+    {
+        "type": "file",
+        "name": "hot_reload",
+        "label": "Hot Reloading"
+    }
+]

docs/development/contributing.mdx

@@ -0,0 +1,203 @@
+# Contributing guide
+
+This page is about contributing to Continuwuity. The
+[development](./index.mdx) and [code style guide](./code_style.mdx) pages may be of interest for you as well.
+
+If you would like to work on an [issue][issues] that is not assigned, preferably
+ask in the Matrix room first at [#continuwuity:continuwuity.org][continuwuity-matrix],
+and comment on it.
+
+### Code Style
+
+Please review and follow the [code style guide](./code_style) for formatting, linting, naming conventions, and other code standards.
+
+### Pre-commit Checks
+
+Continuwuity uses pre-commit hooks to enforce various coding standards and catch common issues before they're committed. These checks include:
+
+- Code formatting and linting
+- Typo detection (both in code and commit messages)
+- Checking for large files
+- Ensuring proper line endings and no trailing whitespace
+- Validating YAML, JSON, and TOML files
+- Checking for merge conflicts
+
+You can run these checks locally by installing [prefligit](https://github.com/j178/prefligit):
+
+
+```bash
+# Requires UV: https://docs.astral.sh/uv/getting-started/installation/
+# Mac/linux: curl -LsSf https://astral.sh/uv/install.sh | sh
+# Windows: powershell -ExecutionPolicy ByPass -c "irm https://astral.sh/uv/install.ps1 | iex"
+
+# Install prefligit using cargo-binstall
+cargo binstall prefligit
+
+# Install git hooks to run checks automatically
+prefligit install
+
+# Run all checks
+prefligit --all-files
+```
+
+Alternatively, you can use [pre-commit](https://pre-commit.com/):
+```bash
+# Requires python
+
+# Install pre-commit
+pip install pre-commit
+
+# Install the hooks
+pre-commit install
+
+# Run all checks manually
+pre-commit run --all-files
+```
+
+These same checks are run in CI via the prefligit-checks workflow to ensure consistency. These must pass before the PR is merged.
+
+### Running tests locally
+
+Tests, compilation, and linting can be run with standard Cargo commands:
+
+```bash
+# Run tests
+cargo test
+
+# Check compilation
+cargo check --workspace --features full
+
+# Run lints
+cargo clippy --workspace --features full
+# Auto-fix: cargo clippy --workspace --features full --fix --allow-staged;
+
+# Format code (must use nightly)
+cargo +nightly fmt
+```
+
+### Matrix tests
+
+Continuwuity uses [Complement][complement] for Matrix protocol compliance testing. Complement tests are run manually by developers, and documentation on how to run these tests locally is currently being developed.
+
+If your changes are done to fix Matrix tests, please note that in your pull request. If more Complement tests start failing from your changes, please review the logs and determine if they're intended or not.
+
+[Sytest][sytest] is currently unsupported.
+
+### Writing documentation
+
+Continuwuity's website uses [`mdbook`][mdbook] and is deployed via CI using Cloudflare Pages
+in the [`documentation.yml`][documentation.yml] workflow file. All documentation is in the `docs/`
+directory at the top level.
+
+To build the documentation locally:
+
+1. Install mdbook if you don't have it already:
+   ```bash
+   cargo install mdbook # or cargo binstall, or another method
+   ```
+
+2. Build the documentation:
+   ```bash
+   mdbook build
+   ```
+
+The output of the mdbook generation is in `public/`. You can open the HTML files directly in your browser without needing a web server.
+
+
+### Commit Messages
+
+Continuwuity follows the [Conventional Commits](https://www.conventionalcommits.org/) specification for commit messages. This provides a standardized format that makes the commit history more readable and enables automated tools to generate changelogs.
+
+The basic structure is:
+
+```
+<type>[(optional scope)]: <description>
+
+[optional body]
+
+[optional footer(s)]
+```
+
+The allowed types for commits are:
+- `fix`: Bug fixes
+- `feat`: New features
+- `docs`: Documentation changes
+- `style`: Changes that don't affect the meaning of the code (formatting, etc.)
+- `refactor`: Code changes that neither fix bugs nor add features
+- `perf`: Performance improvements
+- `test`: Adding or fixing tests
+- `build`: Changes to the build system or dependencies
+- `ci`: Changes to CI configuration
+- `chore`: Other changes that don't modify source or test files
+
+Examples:
+```
+feat: add user authentication
+fix(database): resolve connection pooling issue
+docs: update installation instructions
+```
+
+The project uses the `committed` hook to validate commit messages in pre-commit. This ensures all commits follow the conventional format.
+
+### Creating pull requests
+
+Please try to keep contributions to the Forgejo Instance. While the mirrors of continuwuity
+allow for pull/merge requests, there is no guarantee the maintainers will see them in a timely
+manner. Additionally, please mark WIP or unfinished or incomplete PRs as drafts.
+This prevents us from having to ping once in a while to double check the status
+of it, especially when the CI completed successfully and everything so it
+*looks* done.
+
+Before submitting a pull request, please ensure:
+1. Your code passes all CI checks (formatting, linting, typo detection, etc.). Run pre-commit for this.
+2. Your code follows the [code style guide](./code_style)
+3. Your commit messages follow the conventional commits format
+4. Tests are added for new functionality
+5. Documentation is updated if needed
+6. You have written a [news fragment](#writing-news-fragments) for your changes
+
+Direct all PRs/MRs to the `main` branch.
+
+By sending a pull request or patch, you are agreeing that your changes are
+allowed to be licenced under the Apache-2.0 licence and all of your conduct is
+in line with the Contributor's Covenant, and continuwuity's Code of Conduct.
+
+Contribution by users who violate either of these code of conducts may not have
+their contributions accepted. This includes users who have been banned from
+continuwuity Matrix rooms for Code of Conduct violations.
+
+[issues]: https://forgejo.ellis.link/continuwuation/continuwuity/issues
+[continuwuity-matrix]: https://matrix.to/#/#continuwuity:continuwuity.org?via=continuwuity.org&via=ellis.link&via=explodie.org&via=matrix.org
+[complement]: https://github.com/matrix-org/complement/
+[sytest]: https://github.com/matrix-org/sytest/
+[mdbook]: https://rust-lang.github.io/mdBook/
+[documentation.yml]: https://forgejo.ellis.link/continuwuation/continuwuity/src/branch/main/.forgejo/workflows/documentation.yml
+
+#### Writing news fragments
+
+In order to make writing our changelogs easier, we make use of [Towncrier]. Towncrier builds changelogs based on
+"news fragments", which are little markdown files in the `changelog.d/` directory that describe individual changes.
+
+When you make a pull request that changes functionality, fixes a bug, or adds documentation, please add a news fragment
+describing your change. The file name *MUST* be in the format of `{pull_request_number}.{type}`, where `{type}` is one
+of the following:
+
+- `feature` - for new features
+- `bugfix` - for bug fixes
+- `doc` - for documentation changes
+- `misc` - for other changes that don't fit the above categories
+
+For example:
+
+```bash
+$ echo "Fixed the quantum flux stabiliser. Contributed by @alice." > changelog.d/42.bugfix
+```
+
+(Note: If you want to credit yourself, you should reference your forgejo handle, however links to other platforms are also acceptable.)
+
+When the next release is made, Towncrier will automatically include your news fragment in the changelog.
+
+You can read more about writing news fragments in the [Towncrier tutorial][tt].
+
+[Towncrier]: https://towncrier.readthedocs.io/
+[tt]: https://towncrier.readthedocs.io/en/stable/tutorial.html#creating-news-fragments

docs/development/hot_reload.mdx

@@ -137,7 +137,7 @@ ### Addendum
 it.**
 
 ![Continuwuity's dynamic library setup diagram - created by Jason
-Volk](assets/libraries.png)
+Volk](./assets/libraries.png)
 
 When a symbol is referenced between crates they become bound: **crates cannot be
 unloaded until their calling crates are first unloaded.** Thus we start the
@@ -148,7 +148,7 @@ ### Addendum
 binding ever occurs between them.
 
 ![Continuwuity's reload and load order diagram - created by Jason
-Volk](assets/reload_order.png)
+Volk](./assets/reload_order.png)
 
 Proper resource management is essential for reliable reloading to occur. This is
 a very basic ask in RAII-idiomatic Rust and the exposure to reloading hazards is

docs/development/index.mdx

@@ -2,7 +2,7 @@ # Development
 
 Information about developing the project. If you are only interested in using
 it, you can safely ignore this page. If you plan on contributing, see the
-[contributor's guide](./contributing.md) and [code style guide](./development/code_style.md).
+[contributor's guide](./contributing.mdx) and [code style guide](./code_style.mdx).
 
 ## Continuwuity project layout
 

docs/development/testing.mdx

@@ -24,7 +24,7 @@ ## Complement
 If you're on macOS and need to build an image, run `nix build .#linux-complement`.
 
 We have a Complement fork as some tests have needed to be fixed. This can be found
-at: <https://forgejo.ellis.link/continuwuation/complement>
+at [continuwuation/complement](https://forgejo.ellis.link/continuwuation/complement)
 
 [ci-workflows]:
 https://forgejo.ellis.link/continuwuation/continuwuity/actions/?workflow=ci.yml&actor=0&status=1

docs/index.mdx

@@ -0,0 +1,51 @@
+---
+pageType: home
+
+hero:
+  name: Continuwuity
+  text: A community-driven Matrix homeserver
+  tagline: Fast, lightweight and open
+  actions:
+    - theme: brand
+      text: Get Started
+      link: /introduction
+    - theme: alt
+      text: Contribute on Forgejo
+      link: https://forgejo.ellis.link/continuwuation/continuwuity
+    - theme: alt
+      text: Star on GitHub
+      link: https://github.com/continuwuity/continuwuity
+  image:
+    src: /assets/logo.svg
+    alt: continuwuity logo
+
+features:
+  - title: 🚀 High Performance
+    details: Built with Rust for exceptional speed and efficiency. Designed to run smoothly even on modest hardware.
+  - title: 🔒 Secure by Default
+    details: Memory-safe Rust implementation with built-in security features to protect your communication.
+  - title: 🌐 Matrix Protocol
+    details: Fully compatible with the Matrix ecosystem. Connect with users across the federated network.
+  - title: 🛠️ Community Maintained
+    details: Actively developed by a dedicated community of Matrix enthusiasts and contributors.
+  - title: 📦 Easy to Deploy
+    details: Multiple deployment options including Docker, NixOS, and traditional package managers.
+  - title: 🔌 Appservice Support
+    details: Bridge to other platforms like Discord, Telegram, and more with Matrix appservices.
+
+doc: false
+---
+
+## What is Continuwuity?
+
+Continuwuity is a Matrix homeserver.
+
+Matrix is an open chat network that lets anyone talk to anyone, no matter what server or address they use - sort of like email.
+
+Continuwuity receives and keeps track of all your messages, and delivers what you send to the right people.
+
+## Why is Continuwuity different?
+
+Continuwuity is light and fast, using a fraction of the memory of other major homeservers. It's also simple to set up, and secure by default.
+
+We are a community run project, filled with diverse and friendly people. Everything is built by people who care about the project volunteering their free time.

docs/introduction.md

@@ -1,18 +0,0 @@
-# Continuwuity
-
-{{#include ../README.md:catchphrase}}
-
-{{#include ../README.md:body}}
-
-#### How can I deploy my own?
-
-- [Deployment options](deploying.md)
-
-If you want to connect an appservice to Continuwuity, take a look at the
-[appservices documentation](appservices.md).
-
-#### How can I contribute?
-
-See the [contributor's guide](contributing.md)
-
-{{#include ../README.md:footer}}

docs/introduction.mdx

@@ -0,0 +1,92 @@
+# Continuwuity
+
+## A community-driven [Matrix](https://matrix.org/) homeserver in Rust
+
+[![Chat on Matrix](https://img.shields.io/matrix/continuwuity%3Acontinuwuity.org?server_fqdn=matrix.continuwuity.org&fetchMode=summary&logo=matrix)](https://matrix.to/#/#continuwuity:continuwuity.org?via=continuwuity.org&via=ellis.link&via=explodie.org&via=matrix.org) [![Join the space](https://img.shields.io/matrix/space%3Acontinuwuity.org?server_fqdn=matrix.continuwuity.org&fetchMode=summary&logo=matrix&label=space)](https://matrix.to/#/#space:continuwuity.org?via=continuwuity.org&via=ellis.link&via=explodie.org&via=matrix.org)
+
+[continuwuity] is a Matrix homeserver written in Rust.
+It's the official community continuation of the [conduwuit](https://github.com/girlbossceo/conduwuit) homeserver.
+
+[![forgejo.ellis.link](https://img.shields.io/badge/Ellis%20Git-main+packages-green?style=flat&logo=forgejo&labelColor=fff)](https://forgejo.ellis.link/continuwuation/continuwuity) [![Stars](https://forgejo.ellis.link/continuwuation/continuwuity/badges/stars.svg?style=flat)](https://forgejo.ellis.link/continuwuation/continuwuity/stars) [![Issues](https://forgejo.ellis.link/continuwuation/continuwuity/badges/issues/open.svg?style=flat)](https://forgejo.ellis.link/continuwuation/continuwuity/issues?state=open) [![Pull Requests](https://forgejo.ellis.link/continuwuation/continuwuity/badges/pulls/open.svg?style=flat)](https://forgejo.ellis.link/continuwuation/continuwuity/pulls?state=open)
+
+[![GitHub](https://img.shields.io/badge/GitHub-mirror-blue?style=flat&logo=github&labelColor=fff&logoColor=24292f)](https://github.com/continuwuity/continuwuity) [![Stars](https://img.shields.io/github/stars/continuwuity/continuwuity?style=flat)](https://github.com/continuwuity/continuwuity/stargazers)
+
+[![GitLab](https://img.shields.io/badge/GitLab-mirror-blue?style=flat&logo=gitlab&labelColor=fff)](https://gitlab.com/continuwuity/continuwuity) [![Stars](https://img.shields.io/gitlab/stars/continuwuity/continuwuity?style=flat)](https://gitlab.com/continuwuity/continuwuity/-/starrers)
+
+[![Codeberg](https://img.shields.io/badge/Codeberg-mirror-2185D0?style=flat&logo=codeberg&labelColor=fff)](https://codeberg.org/continuwuity/continuwuity) [![Stars](https://codeberg.org/continuwuity/continuwuity/badges/stars.svg?style=flat)](https://codeberg.org/continuwuity/continuwuity/stars)
+
+## Why does this exist?
+
+The original conduwuit project has been archived and is no longer maintained. Rather than letting this Rust-based Matrix homeserver disappear, a group of community contributors have forked the project to continue its development, fix outstanding issues, and add new features.
+
+We aim to provide a stable, well-maintained alternative for current conduwuit users and welcome newcomers seeking a lightweight, efficient Matrix homeserver.
+
+## Who are we?
+
+We are a group of Matrix enthusiasts, developers and system administrators who have used conduwuit and believe in its potential. Our team includes both previous
+contributors to the original project and new developers who want to help maintain and improve this important piece of Matrix infrastructure.
+
+We operate as an open community project, welcoming contributions from anyone interested in improving continuwuity.
+
+## What is Matrix?
+
+[Matrix](https://matrix.org) is an open, federated, and extensible network for
+decentralized communication. Users from any Matrix homeserver can chat with users from all
+other homeservers over federation. Matrix is designed to be extensible and built on top of.
+You can even use bridges such as Matrix Appservices to communicate with users outside of Matrix, like a community on Discord.
+
+## What are the project's goals?
+
+continuwuity aims to:
+
+- Maintain a stable, reliable Matrix homeserver implementation in Rust
+- Improve compatibility and specification compliance with the Matrix protocol
+- Fix bugs and performance issues from the original conduwuit
+- Add missing features needed by homeserver administrators
+- Provide comprehensive documentation and easy deployment options
+- Create a sustainable development model for long-term maintenance
+- Keep a lightweight, efficient codebase that can run on modest hardware
+
+## Can I try it out?
+
+Check out the [documentation](https://continuwuity.org) for installation instructions.
+
+There are currently no open registration continuwuity instances available.
+
+## What are we working on?
+
+We're working our way through all of the issues in the [Forgejo project](https://forgejo.ellis.link/continuwuation/continuwuity/issues).
+
+- [Packaging & availability in more places](https://forgejo.ellis.link/continuwuation/continuwuity/issues/747)
+- [Appservices bugs & features](https://forgejo.ellis.link/continuwuation/continuwuity/issues?q=&type=all&state=open&labels=178&milestone=0&assignee=0&poster=0)
+- [Improving compatibility and spec compliance](https://forgejo.ellis.link/continuwuation/continuwuity/issues?labels=119)
+- Automated testing
+- [Admin API](https://forgejo.ellis.link/continuwuation/continuwuity/issues/748)
+- [Policy-list controlled moderation](https://forgejo.ellis.link/continuwuation/continuwuity/issues/750)
+
+## Can I migrate my data from x?
+
+- **Conduwuit**: Yes
+- **Conduit**: No, database is now incompatible
+- **Grapevine**: No, database is now incompatible
+- **Dendrite**: No
+- **Synapse**: No
+
+We haven't written up a guide on migrating from incompatible homeservers yet. Reach out to us if you need to do this!
+
+## How can I deploy my own?
+
+- [Deployment options](deploying)
+
+If you want to connect an appservice to continuwuity, take a look at the
+[appservices documentation](appservices).
+
+## How can I contribute?
+
+See the [contributor's guide](development/contributing)
+
+## Contact
+
+Join our [Matrix room](https://matrix.to/#/#continuwuity:continuwuity.org?via=continuwuity.org&via=ellis.link&via=explodie.org&via=matrix.org) and [space](https://matrix.to/#/#space:continuwuity.org?via=continuwuity.org&via=ellis.link&via=explodie.org&via=matrix.org) to chat with us about the project!
+
+[continuwuity]: https://forgejo.ellis.link/continuwuation/continuwuity

docs/maintenance.mdx

@@ -47,7 +47,7 @@ ## Database (RocksDB)
 ### Compression
 
 Some RocksDB settings can be adjusted such as the compression method chosen. See
-the RocksDB section in the [example config](configuration/examples.md).
+the RocksDB section in the [example config](./reference/config.mdx).
 
 btrfs users have reported that database compression does not need to be disabled
 on Continuwuity as the filesystem already does not attempt to compress. This can be
@@ -55,7 +55,7 @@ ### Compression
 the `physical_offset` matches (no filesystem compression). It is very important
 to ensure no additional filesystem compression takes place as this can render
 unbuffered Direct IO inoperable, significantly slowing down read and write
-performance. See <https://btrfs.readthedocs.io/en/latest/Compression.html#compatibility>
+performance. See [the Btrfs docs](https://btrfs.readthedocs.io/en/latest/Compression.html#compatibility).
 
 > Compression is done using the COW mechanism so it’s incompatible with
 > nodatacow. Direct IO read works on compressed files but will fall back to

docs/public/.well-known/continuwuity/announcements

@@ -0,0 +1,15 @@
+{
+    "$schema": "https://continuwuity.org/schema/announcements.schema.json",
+    "announcements": [
+        {
+            "id": 1,
+            "message": "Welcome to Continuwuity! Important announcements about the project will appear here."
+        },
+        {
+            "id": 7,
+            "mention_room": true,
+            "date": "2025-12-30",
+            "message": "Continuwuity v0.5.1 has been released. **The release contains a fix for the critical vulnerability [GHSA-m5p2-vccg-8c9v](https://github.com/continuwuity/continuwuity/security/advisories/GHSA-m5p2-vccg-8c9v) (embargoed) affecting all Conduit-derived servers. Update as soon as possible.**\n\nThis has been *actively exploited* to attempt account takeover and forge events bricking the Continuwuity rooms. The new space is accessible at [Continuwuity (room list)](https://matrix.to/#/!8cR4g-i9ucof69E4JHNg9LbPVkGprHb3SzcrGBDDJgk?via=continuwuity.org&via=starstruck.systems&via=gingershaped.computer)\n"
+        }
+    ]
+}

docs/public/.well-known/matrix/client

@@ -1 +1 @@
-{"m.homeserver":{"base_url": "https://matrix.continuwuity.org"},"org.matrix.msc3575.proxy":{"url": "https://matrix.continuwuity.org"}}
+{"m.homeserver":{"base_url": "https://matrix.continuwuity.org"},"org.matrix.msc3575.proxy":{"url": "https://matrix.continuwuity.org"},"org.matrix.msc4143.rtc_foci":[{"type":"livekit","livekit_service_url":"https://livekit.ellis.link"}]}

docs/public/assets/logo.svg

@@ -0,0 +1,43 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+   width="447.99823"
+   height="447.99823"
+   viewBox="0 0 447.99823 447.99823"
+   version="1.1"
+   id="svg1"
+   xml:space="preserve"
+   xmlns="http://www.w3.org/2000/svg"
+   xmlns:svg="http://www.w3.org/2000/svg"><defs
+     id="defs1" /><g
+     id="layer1"
+     transform="translate(-32.000893,-32.000893)"><circle
+       style="fill:#9b4bd4;fill-opacity:1;stroke:#000000;stroke-width:10;stroke-dasharray:none;stroke-opacity:1"
+       id="path1"
+       cy="256"
+       cx="256"
+       r="176" /><path
+       style="fill:#de6cd3;fill-opacity:1;stroke:#000000;stroke-width:10;stroke-linejoin:round;stroke-dasharray:none;stroke-opacity:1"
+       d="m 41,174 69,36 C 135,126 175,102 226,94 l -12,31 62,-44 -69,-44 15,30 C 128,69 84,109 41,172 Z"
+       id="path7" /><path
+       style="fill:#de6cd3;fill-opacity:1;stroke:#000000;stroke-width:10;stroke-linejoin:round;stroke-dasharray:none;stroke-opacity:1"
+       d="m 338,41 -36,69 c 84,25 108,65 116,116 l -31,-12 44,62 44,-69 -30,15 C 443,128 403,84 340,41 Z"
+       id="path6" /><path
+       style="fill:#de6cd3;fill-opacity:1;stroke:#000000;stroke-width:10;stroke-linejoin:round;stroke-dasharray:none;stroke-opacity:1"
+       d="m 471,338 -69,-36 c -25,84 -65,108 -116,116 l 12,-31 -62,44 69,44 -15,-30 c 94,-2 138,-42 181,-105 z"
+       id="path8" /><path
+       style="fill:#de6cd3;fill-opacity:1;stroke:#000000;stroke-width:10;stroke-linejoin:round;stroke-dasharray:none;stroke-opacity:1"
+       d="m 174,471 36,-69 C 126,377 102,337 94,286 l 31,12 -44,-62 -44,69 30,-15 c 2,94 42,138 105,181 z"
+       id="path9" /><g
+       id="g15"
+       transform="translate(-5.4157688e-4)"><path
+         style="fill:none;stroke:#000000;stroke-width:10;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none;stroke-opacity:1;paint-order:normal"
+         d="m 155.45977,224.65379 c -7.25909,13.49567 -7.25909,26.09161 -6.35171,39.58729 0.90737,11.69626 12.7034,24.29222 24.49943,26.09164 21.77727,3.59884 28.12898,-20.69338 28.12898,-20.69338 0,0 4.53693,-15.29508 5.4443,-40.48699"
+         id="path11" /><path
+         style="fill:none;stroke:#000000;stroke-width:10;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none;stroke-opacity:1;paint-order:normal"
+         d="m 218.96706,278.05399 c 3.00446,17.12023 7.52704,24.88918 19.22704,28.48918 9,2.7 22.5,-4.5 22.5,-16.2 0.9,21.6 17.1,17.1 19.8,17.1 11.7,-1.8 18.9,-14.4 16.2,-30.6"
+         id="path12" /><path
+         style="fill:none;stroke:#000000;stroke-width:10;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none;stroke-opacity:1;paint-order:normal"
+         d="m 305.6941,230.94317 c 1.8,27 6.3,40.5 6.3,40.5 8.1,27 28.8,19.8 28.8,19.8 18.9,-7.2 22.5,-24.3 22.5,-30.6 0,-25.2 -6.3,-35.1 -6.3,-35.1"
+         id="path13" /></g></g></svg>

docs/reference/_meta.json

@@ -0,0 +1,17 @@
+[
+    {
+        "type": "file",
+        "name": "config",
+        "label": "Configuration"
+    },
+    {
+        "type": "file",
+        "name": "admin",
+        "label": "Admin Commands"
+    },
+    {
+        "type": "file",
+        "name": "server",
+        "label": "Server command"
+    }
+]

docs/reference/config.mdx

@@ -0,0 +1,4 @@
+
+```toml file="../../conduwuit-example.toml"
+
+```

docs/security.md

@@ -1 +0,0 @@
-{{#include ../SECURITY.md}}

docs/security.mdx

@@ -0,0 +1 @@
+../SECURITY.md

docs/static/announcements.json

@@ -1,13 +0,0 @@
-{
-    "$schema": "https://continuwuity.org/schema/announcements.schema.json",
-    "announcements": [
-        {
-            "id": 1,
-            "message": "Welcome to Continuwuity! Important announcements about the project will appear here."
-        },
-        {
-            "id": 3,
-            "message": "_taps microphone_ The Continuwuity 0.5.0-rc.7 release is now available, and it's better than ever! **177 commits**, **35 pull requests**, **11 contributors,** and a lot of new stuff!\n\nFor highlights, we've got:\n\n* 🕵️ Full Policy Server support to fight spam!\n* 🚀 Smarter room & space upgrades.\n* 🚫 User suspension tools for better moderation.\n* 🤖 reCaptcha support for safer open registration.\n* 🔍 Ability to disable read receipts & typing indicators.\n* ⚡ Sweeping performance improvements!\n\nGet the [full changelog and downloads on our Forgejo](https://forgejo.ellis.link/continuwuation/continuwuity/releases/tag/v0.5.0-rc.7) - and make sure you're in the [Announcements room](https://matrix.to/#/!releases:continuwuity.org/$hN9z6L2_dTAlPxFLAoXVfo_g8DyYXu4cpvWsSrWhmB0) to get stuff like this sooner."
-        }
-    ]
-}

docs/troubleshooting.mdx

@@ -128,7 +128,7 @@ ### Database corruption
 With this in mind:
 
 - First start Continuwuity with the `PointInTime` recovery method. See the [example
-config](configuration/examples.md) for how to do this using
+config](./reference/config.mdx) for how to do this using
 `rocksdb_recovery_mode`
 - If your database successfully opens, clients are recommended to clear their
 client cache to account for the rollback

docs/turn.mdx

@@ -8,7 +8,7 @@ ### Configuration
 
 Create a configuration file called `coturn.conf` containing:
 
-```conf
+```
 use-auth-secret
 static-auth-secret=<a secret key>
 realm=<your server domain>
@@ -18,7 +18,7 @@ ### Configuration
 -s 64 1`.
 
 These same values need to be set in Continuwuity. See the [example
-config](configuration/examples.md) in the TURN section for configuring these and
+config](./reference/config.mdx) in the TURN section for configuring these and
 restart Continuwuity after.
 
 `turn_secret` or a path to `turn_secret_file` must have a value of your

flake.lock

@@ -3,11 +3,11 @@
     "advisory-db": {
       "flake": false,
       "locked": {
-        "lastModified": 1761112158,
-        "narHash": "sha256-RIXu/7eyKpQHjsPuAUODO81I4ni8f+WYSb7K4mTG6+0=",
+        "lastModified": 1766324728,
+        "narHash": "sha256-9C+WyE5U3y5w4WQXxmb0ylRyMMsPyzxielWXSHrcDpE=",
         "owner": "rustsec",
         "repo": "advisory-db",
-        "rev": "58f3aaec0e1776f4a900737be8cd7cb00972210d",
+        "rev": "c88b88c62bda077be8aa621d4e89d8701e39cb5d",
         "type": "github"
       },
       "original": {
@@ -18,11 +18,11 @@
     },
     "crane": {
       "locked": {
-        "lastModified": 1760924934,
-        "narHash": "sha256-tuuqY5aU7cUkR71sO2TraVKK2boYrdW3gCSXUkF4i44=",
+        "lastModified": 1766194365,
+        "narHash": "sha256-4AFsUZ0kl6MXSm4BaQgItD0VGlEKR3iq7gIaL7TjBvc=",
         "owner": "ipetkov",
         "repo": "crane",
-        "rev": "c6b4d5308293d0d04fcfeee92705017537cad02f",
+        "rev": "7d8ec2c71771937ab99790b45e6d9b93d15d9379",
         "type": "github"
       },
       "original": {
@@ -39,11 +39,11 @@
         "rust-analyzer-src": "rust-analyzer-src"
       },
       "locked": {
-        "lastModified": 1761115517,
-        "narHash": "sha256-Fev/ag/c3Fp3JBwHfup3lpA5FlNXfkoshnQ7dssBgJ0=",
+        "lastModified": 1766299592,
+        "narHash": "sha256-7u+q5hexu2eAxL2VjhskHvaUKg+GexmelIR2ve9Nbb4=",
         "owner": "nix-community",
         "repo": "fenix",
-        "rev": "320433651636186ea32b387cff05d6bbfa30cea7",
+        "rev": "381579dee168d5ced412e2990e9637ecc7cf1c5d",
         "type": "github"
       },
       "original": {
@@ -55,11 +55,11 @@
     "flake-compat": {
       "flake": false,
       "locked": {
-        "lastModified": 1747046372,
-        "narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=",
+        "lastModified": 1765121682,
+        "narHash": "sha256-4VBOP18BFeiPkyhy9o4ssBNQEvfvv1kXkasAYd0+rrA=",
         "owner": "edolstra",
         "repo": "flake-compat",
-        "rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885",
+        "rev": "65f23138d8d09a92e30f1e5c87611b23ef451bf3",
         "type": "github"
       },
       "original": {
@@ -74,11 +74,11 @@
         "nixpkgs-lib": "nixpkgs-lib"
       },
       "locked": {
-        "lastModified": 1760948891,
-        "narHash": "sha256-TmWcdiUUaWk8J4lpjzu4gCGxWY6/Ok7mOK4fIFfBuU4=",
+        "lastModified": 1765835352,
+        "narHash": "sha256-XswHlK/Qtjasvhd1nOa1e8MgZ8GS//jBoTqWtrS1Giw=",
         "owner": "hercules-ci",
         "repo": "flake-parts",
-        "rev": "864599284fc7c0ba6357ed89ed5e2cd5040f0c04",
+        "rev": "a34fae9c08a15ad73f295041fec82323541400a9",
         "type": "github"
       },
       "original": {
@@ -89,11 +89,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1760878510,
-        "narHash": "sha256-K5Osef2qexezUfs0alLvZ7nQFTGS9DL2oTVsIXsqLgs=",
+        "lastModified": 1766070988,
+        "narHash": "sha256-G/WVghka6c4bAzMhTwT2vjLccg/awmHkdKSd2JrycLc=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "5e2a59a5b1a82f89f2c7e598302a9cacebb72a67",
+        "rev": "c6245e83d836d0433170a16eb185cefe0572f8b8",
         "type": "github"
       },
       "original": {
@@ -105,11 +105,11 @@
     },
     "nixpkgs-lib": {
       "locked": {
-        "lastModified": 1754788789,
-        "narHash": "sha256-x2rJ+Ovzq0sCMpgfgGaaqgBSwY+LST+WbZ6TytnT9Rk=",
+        "lastModified": 1765674936,
+        "narHash": "sha256-k00uTP4JNfmejrCLJOwdObYC9jHRrr/5M/a/8L2EIdo=",
         "owner": "nix-community",
         "repo": "nixpkgs.lib",
-        "rev": "a73b9c743612e4244d865a2fdee11865283c04e6",
+        "rev": "2075416fcb47225d9b68ac469a5c4801a9c4dd85",
         "type": "github"
       },
       "original": {
@@ -132,11 +132,11 @@
     "rust-analyzer-src": {
       "flake": false,
       "locked": {
-        "lastModified": 1761077270,
-        "narHash": "sha256-O1uTuvI/rUlubJ8AXKyzh1WSWV3qCZX0huTFUvWLN4E=",
+        "lastModified": 1766253897,
+        "narHash": "sha256-ChK07B1aOlJ4QzWXpJo+y8IGAxp1V9yQ2YloJ+RgHRw=",
         "owner": "rust-lang",
         "repo": "rust-analyzer",
-        "rev": "39990a923c8bca38f5bd29dc4c96e20ee7808d5d",
+        "rev": "765b7bdb432b3740f2d564afccfae831d5a972e4",
         "type": "github"
       },
       "original": {
@@ -153,11 +153,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1760945191,
-        "narHash": "sha256-ZRVs8UqikBa4Ki3X4KCnMBtBW0ux1DaT35tgsnB1jM4=",
+        "lastModified": 1766000401,
+        "narHash": "sha256-+cqN4PJz9y0JQXfAK5J1drd0U05D5fcAGhzhfVrDlsI=",
         "owner": "numtide",
         "repo": "treefmt-nix",
-        "rev": "f56b1934f5f8fcab8deb5d38d42fd692632b47c2",
+        "rev": "42d96e75aa56a3f70cab7e7dc4a32868db28e8fd",
         "type": "github"
       },
       "original": {

nix/packages/rust.nix

@@ -15,7 +15,7 @@
             file = inputs.self + "/rust-toolchain.toml";
 
             # See also `rust-toolchain.toml`
-            sha256 = "sha256-+9FmLhAOezBZCOziO0Qct1NOrfpjNsXxc/8I0c7BdKE=";
+            sha256 = "sha256-SJwZ8g0zF2WrKDVmHrVG3pD2RGoQeo24MEXnNx5FyuI=";
           };
         in
         {

nix/packages/uwulib/build.nix

@@ -97,6 +97,9 @@ rec {
     craneLib.buildPackage (
       (commonAttrs commonAttrsArgs)
       // {
+        postFixup = ''
+          patchelf --set-rpath "$(${pkgs.patchelf}/bin/patchelf --print-rpath $out/bin/${crateInfo.pname}):${rocksdb}/lib" $out/bin/${crateInfo.pname}
+        '';
         cargoArtifacts = deps;
         doCheck = true;
         env = uwuenv.buildPackageEnv // rocksdbEnv;

nix/tests/default.nix

@@ -6,6 +6,69 @@
       pkgs,
       ...
     }:
+    let
+      baseTestScript =
+        pkgs.writers.writePython3Bin "do_test" { libraries = [ pkgs.python3Packages.matrix-nio ]; }
+          ''
+            import asyncio
+            import nio
+
+
+            async def main() -> None:
+                # Connect to continuwuity
+                client = nio.AsyncClient("http://continuwuity:6167", "alice")
+
+                # Register as user alice
+                response = await client.register("alice", "my-secret-password")
+
+                # Log in as user alice
+                response = await client.login("my-secret-password")
+
+                # Create a new room
+                response = await client.room_create(federate=False)
+                print("Matrix room create response:", response)
+                assert isinstance(response, nio.RoomCreateResponse)
+                room_id = response.room_id
+
+                # Join the room
+                response = await client.join(room_id)
+                print("Matrix join response:", response)
+                assert isinstance(response, nio.JoinResponse)
+
+                # Send a message to the room
+                response = await client.room_send(
+                    room_id=room_id,
+                    message_type="m.room.message",
+                    content={
+                        "msgtype": "m.text",
+                        "body": "Hello continuwuity!"
+                    }
+                )
+                print("Matrix room send response:", response)
+                assert isinstance(response, nio.RoomSendResponse)
+
+                # Sync responses
+                response = await client.sync(timeout=30000)
+                print("Matrix sync response:", response)
+                assert isinstance(response, nio.SyncResponse)
+
+                # Check the message was received by continuwuity
+                last_message = response.rooms.join[room_id].timeline.events[-1].body
+                assert last_message == "Hello continuwuity!"
+
+                # Leave the room
+                response = await client.room_leave(room_id)
+                print("Matrix room leave response:", response)
+                assert isinstance(response, nio.RoomLeaveResponse)
+
+                # Close the client
+                await client.close()
+
+
+            if __name__ == "__main__":
+                asyncio.run(main())
+          '';
+    in
     {
       # run some nixos tests as checks
       checks = lib.pipe self'.packages [
@@ -18,106 +81,69 @@
         # this test was initially yoinked from
         #
         # https://github.com/NixOS/nixpkgs/blob/960ce26339661b1b69c6f12b9063ca51b688615f/nixos/tests/matrix/continuwuity.nix
-        (builtins.map (name: {
-          name = "test-${name}";
-          value = pkgs.testers.runNixOSTest {
-            inherit name;
+        (builtins.concatMap (
+          name:
+          builtins.map
+            (
+              { config, suffix }:
+              {
+                name = "test-${name}-${suffix}";
+                value = pkgs.testers.runNixOSTest {
+                  inherit name;
 
-            nodes = {
-              continuwuity = {
-                services.matrix-continuwuity = {
-                  enable = true;
-                  package = self'.packages.${name};
-                  settings.global = {
+                  nodes = {
+                    continuwuity = {
+                      services.matrix-continuwuity = {
+                        enable = true;
+                        package = self'.packages.${name};
+                        settings = config;
+                        extraEnvironment.RUST_BACKTRACE = "yes";
+                      };
+                      networking.firewall.allowedTCPPorts = [ 6167 ];
+                    };
+                    client.environment.systemPackages = [ baseTestScript ];
+                  };
+
+                  testScript = ''
+                    start_all()
+
+                    with subtest("start continuwuity"):
+                          continuwuity.wait_for_unit("continuwuity.service")
+                          continuwuity.wait_for_open_port(6167)
+
+                    with subtest("ensure messages can be exchanged"):
+                          client.succeed("${lib.getExe baseTestScript} >&2")
+                  '';
+
+                };
+              }
+            )
+            [
+              {
+                suffix = "base";
+                config = {
+                  global = {
                     server_name = name;
                     address = [ "0.0.0.0" ];
                     allow_registration = true;
                     yes_i_am_very_very_sure_i_want_an_open_registration_server_prone_to_abuse = true;
                   };
-                  extraEnvironment.RUST_BACKTRACE = "yes";
                 };
-                networking.firewall.allowedTCPPorts = [ 6167 ];
-              };
-              client =
-                { pkgs, ... }:
-                {
-                  environment.systemPackages = [
-                    (pkgs.writers.writePython3Bin "do_test" { libraries = [ pkgs.python3Packages.matrix-nio ]; } ''
-                      import asyncio
-                      import nio
-
-
-                      async def main() -> None:
-                          # Connect to continuwuity
-                          client = nio.AsyncClient("http://continuwuity:6167", "alice")
-
-                          # Register as user alice
-                          response = await client.register("alice", "my-secret-password")
-
-                          # Log in as user alice
-                          response = await client.login("my-secret-password")
-
-                          # Create a new room
-                          response = await client.room_create(federate=False)
-                          print("Matrix room create response:", response)
-                          assert isinstance(response, nio.RoomCreateResponse)
-                          room_id = response.room_id
-
-                          # Join the room
-                          response = await client.join(room_id)
-                          print("Matrix join response:", response)
-                          assert isinstance(response, nio.JoinResponse)
-
-                          # Send a message to the room
-                          response = await client.room_send(
-                              room_id=room_id,
-                              message_type="m.room.message",
-                              content={
-                                  "msgtype": "m.text",
-                                  "body": "Hello continuwuity!"
-                              }
-                          )
-                          print("Matrix room send response:", response)
-                          assert isinstance(response, nio.RoomSendResponse)
-
-                          # Sync responses
-                          response = await client.sync(timeout=30000)
-                          print("Matrix sync response:", response)
-                          assert isinstance(response, nio.SyncResponse)
-
-                          # Check the message was received by continuwuity
-                          last_message = response.rooms.join[room_id].timeline.events[-1].body
-                          assert last_message == "Hello continuwuity!"
-
-                          # Leave the room
-                          response = await client.room_leave(room_id)
-                          print("Matrix room leave response:", response)
-                          assert isinstance(response, nio.RoomLeaveResponse)
-
-                          # Close the client
-                          await client.close()
-
-
-                      if __name__ == "__main__":
-                          asyncio.run(main())
-                    '')
-                  ];
+              }
+              {
+                suffix = "with-room-version";
+                config = {
+                  global = {
+                    server_name = name;
+                    address = [ "0.0.0.0" ];
+                    allow_registration = true;
+                    yes_i_am_very_very_sure_i_want_an_open_registration_server_prone_to_abuse = true;
+                    default_room_version = "12";
+                  };
                 };
-            };
-
-            testScript = ''
-              start_all()
-
-              with subtest("start continuwuity"):
-                    continuwuity.wait_for_unit("continuwuity.service")
-                    continuwuity.wait_for_open_port(6167)
-
-              with subtest("ensure messages can be exchanged"):
-                    client.succeed("do_test >&2")
-            '';
-
-          };
-        }))
+              }
+            ]
+        ))
         builtins.listToAttrs
       ];
     };

package.json

@@ -0,0 +1,31 @@
+{
+  "name": "continuwuation",
+  "version": "1.0.0",
+  "description": "<!-- ANCHOR: catchphrase -->",
+  "main": "index.js",
+  "directories": {
+    "doc": "docs",
+    "test": "tests"
+  },
+  "scripts": {
+    "docs:dev": "rspress dev docs",
+    "docs:build": "rspress build docs",
+    "docs:preview": "rspress preview docs",
+    "test": "echo \"Error: no test specified\" && exit 1"
+  },
+  "repository": {
+    "type": "git",
+    "url": "ssh://git@forgejo.ellis.link/continuwuation/continuwuity.git"
+  },
+  "keywords": [],
+  "author": "",
+  "license": "ISC",
+  "type": "commonjs",
+  "devDependencies": {
+    "@rspress/core": "^2.0.0-rc.1",
+    "@rspress/plugin-client-redirects": "^2.0.0-alpha.12",
+    "@rspress/plugin-preview": "^2.0.0-beta.35",
+    "@rspress/plugin-sitemap": "^2.0.0-beta.23",
+    "typescript": "^5.9.3"
+  }
+}

pkg/conduwuit.service

@@ -63,7 +63,7 @@ Restart=on-failure
 RestartSec=5
 
 TimeoutStopSec=4m
-TimeoutStartSec=4m
+TimeoutStartSec=10m
 
 StartLimitInterval=1m
 StartLimitBurst=5

pkg/debian/README.md

@@ -22,7 +22,7 @@ # Update remote package lists
 ```
 The `continuwuity` package conflicts with the old `conduwuit` package and will remove it automatically when installed.
 
-See the [generic deployment guide](../deploying/generic.md) for additional information about using the Debian package.
+See the [generic deployment guide](/deploying/generic.mdx) for additional information about using the Debian package.
 
 ### Configuration
 
@@ -32,8 +32,8 @@ ### Configuration
 
 ### Running
 
-The package uses the [`conduwuit.service`](../configuration/examples.md#example-systemd-unit-file) systemd unit file to start and stop Continuwuity. The binary installs at `/usr/bin/conduwuit`.
+The package uses the `conduwuit.service` systemd unit file to start and stop Continuwuity. The binary installs at `/usr/bin/conduwuit`.
 
 By default, this package assumes that Continuwuity runs behind a reverse proxy. The default configuration options apply (listening on `localhost` and TCP port `6167`). Matrix federation requires a valid domain name and TLS. To federate properly, you must set up TLS certificates and certificate renewal.
 
-For information about setting up a reverse proxy and TLS, consult online documentation and guides. The [generic deployment guide](../deploying/generic.md#setting-up-the-reverse-proxy) documents Caddy, which is the most user-friendly option for reverse proxy configuration.
+For information about setting up a reverse proxy and TLS, consult online documentation and guides. The [generic deployment guide](/deploying/generic.md#setting-up-the-reverse-proxy) documents Caddy, which is the most user-friendly option for reverse proxy configuration.

release.toml

@@ -0,0 +1 @@
+tag-message = "chore: Release v{{version}}"

rspress.config.ts

@@ -0,0 +1,60 @@
+import { defineConfig } from '@rspress/core';
+import { pluginPreview } from '@rspress/plugin-preview';
+import { pluginSitemap } from '@rspress/plugin-sitemap';
+import { pluginClientRedirects } from '@rspress/plugin-client-redirects';
+
+export default defineConfig({
+    root: 'docs',
+    title: 'Continuwuity',
+    description: 'A community-driven Matrix homeserver',
+    icon: '/assets/logo.svg',
+    logo: {
+        light: '/assets/logo.svg',
+        dark: '/assets/logo.svg',
+    },
+    themeConfig: {
+        socialLinks: [
+            {
+                icon: {
+                    svg: `<svg role="img" viewBox="0 0 24 24" width="100%" xmlns="http://www.w3.org/2000/svg"><title>Matrix</title><path fill="currentColor" d="M.632.55v22.9H2.28V24H0V0h2.28v.55zm7.043 7.26v1.157h.033c.309-.443.683-.784 1.117-1.024.433-.245.936-.365 1.5-.365.54 0 1.033.107 1.481.314.448.208.785.582 1.02 1.108.254-.374.6-.706 1.034-.992.434-.287.95-.43 1.546-.43.453 0 .872.056 1.26.167.388.11.716.286.993.53.276.245.489.559.646.951.152.392.23.863.23 1.417v5.728h-2.349V11.52c0-.286-.01-.559-.032-.812a1.755 1.755 0 0 0-.18-.66 1.106 1.106 0 0 0-.438-.448c-.194-.11-.457-.166-.785-.166-.332 0-.6.064-.803.189a1.38 1.38 0 0 0-.48.499 1.946 1.946 0 0 0-.231.696 5.56 5.56 0 0 0-.06.785v4.768h-2.35v-4.8c0-.254-.004-.503-.018-.752a2.074 2.074 0 0 0-.143-.688 1.052 1.052 0 0 0-.415-.503c-.194-.125-.476-.19-.854-.19-.111 0-.259.024-.439.074-.18.051-.36.143-.53.282-.171.138-.319.337-.439.595-.12.259-.18.6-.18 1.02v4.966H5.46V7.81zm15.693 15.64V.55H21.72V0H24v24h-2.28v-.55z"/></svg>`
+                },
+                mode: 'link',
+                content: 'https://matrix.to/#/#continuwuity:continuwuity.org',
+            },
+            {
+                icon: {
+                    svg: `<svg role="img" viewBox="0 0 24 24" xmlns="http://www.w3.org/2000/svg"><title>Forgejo</title><path fill="currentColor" d="M16.7773 0c1.6018 0 2.9004 1.2986 2.9004 2.9005s-1.2986 2.9004-2.9004 2.9004c-1.0854 0-2.0315-.596-2.5288-1.4787H12.91c-2.3322 0-4.2272 1.8718-4.2649 4.195l-.0007 2.1175a7.0759 7.0759 0 0 1 4.148-1.4205l.1176-.001 1.3385.0002c.4973-.8827 1.4434-1.4788 2.5288-1.4788 1.6018 0 2.9004 1.2986 2.9004 2.9005s-1.2986 2.9004-2.9004 2.9004c-1.0854 0-2.0315-.596-2.5288-1.4787H12.91c-2.3322 0-4.2272 1.8718-4.2649 4.195l-.0007 2.319c.8827.4973 1.4788 1.4434 1.4788 2.5287 0 1.602-1.2986 2.9005-2.9005 2.9005-1.6018 0-2.9004-1.2986-2.9004-2.9005 0-1.0853.596-2.0314 1.4788-2.5287l-.0002-9.9831c0-3.887 3.1195-7.0453 6.9915-7.108l.1176-.001h1.3385C14.7458.5962 15.692 0 16.7773 0ZM7.2227 19.9052c-.6596 0-1.1943.5347-1.1943 1.1943s.5347 1.1943 1.1943 1.1943 1.1944-.5347 1.1944-1.1943-.5348-1.1943-1.1944-1.1943Zm9.5546-10.4644c-.6596 0-1.1944.5347-1.1944 1.1943s.5348 1.1943 1.1944 1.1943c.6596 0 1.1943-.5347 1.1943-1.1943s-.5347-1.1943-1.1943-1.1943Zm0-7.7346c-.6596 0-1.1944.5347-1.1944 1.1943s.5348 1.1943 1.1944 1.1943c.6596 0 1.1943-.5347 1.1943-1.1943s-.5347-1.1943-1.1943-1.1943Z"/></svg>`
+                },
+                mode: 'link',
+                content: 'https://forgejo.ellis.link/continuwuation/continuwuity'
+            },
+            {
+                icon: 'github',
+                mode: 'link',
+                content: 'https://github.com/continuwuity/continuwuity',
+            },
+        ],
+        lastUpdated: true,
+        enableContentAnimation: true,
+        enableAppearanceAnimation: false,
+        footer: {
+        },
+    },
+
+    plugins: [pluginPreview(), pluginSitemap({
+        siteUrl: 'https://continuwuity.org', // TODO: Set automatically in build pipeline
+    }),
+    pluginClientRedirects({
+        redirects: [{
+            from: '/configuration/examples',
+            to: '/reference/config'
+        }, {
+            from: '/admin_reference',
+            to: '/reference/admin'
+        }, {
+            from: '/server_reference',
+            to: '/reference/server'
+        }
+        ]
+    })],
+});

rust-toolchain.toml

@@ -10,7 +10,7 @@
 
 [toolchain]
 profile = "minimal"
-channel = "1.89.0"
+channel = "1.90.0"
 components = [
     # For rust-analyzer
     "rust-src",

src/admin/query/account_data.rs

@@ -41,7 +41,7 @@ async fn changes_since(
 	let results: Vec<_> = self
 		.services
 		.account_data
-		.changes_since(room_id.as_deref(), &user_id, since, None)
+		.changes_since(room_id.as_deref(), &user_id, Some(since), None)
 		.collect()
 		.await;
 	let query_time = timer.elapsed();

src/admin/query/room_timeline.rs

@@ -31,7 +31,7 @@ pub(super) async fn last(&self, room_id: OwnedRoomOrAliasId) -> Result {
 		.services
 		.rooms
 		.timeline
-		.last_timeline_count(None, &room_id)
+		.last_timeline_count(&room_id)
 		.await?;
 
 	self.write_str(&format!("{result:#?}")).await
@@ -52,7 +52,7 @@ pub(super) async fn pdus(
 		.services
 		.rooms
 		.timeline
-		.pdus_rev(None, &room_id, from)
+		.pdus_rev(&room_id, from)
 		.try_take(limit.unwrap_or(3))
 		.try_collect()
 		.await?;

src/admin/server/commands.rs

@@ -30,10 +30,31 @@ pub(super) async fn show_config(&self) -> Result {
 
 #[admin_command]
 pub(super) async fn reload_config(&self, path: Option<PathBuf>) -> Result {
-	let path = path.as_deref().into_iter();
-	self.services.config.reload(path)?;
+	// The path argument is only what's optionally passed via the admin command,
+	// so we need to merge it with the existing paths if any were given at startup.
+	let mut paths = Vec::new();
 
-	self.write_str("Successfully reconfigured.").await
+	// Add previously saved paths to the argument list
+	self.services
+		.config
+		.config_paths
+		.clone()
+		.unwrap_or_default()
+		.iter()
+		.for_each(|p| paths.push(p.to_owned()));
+
+	// If a path is given, and it's not already in the list,
+	// add it last, so that it overrides earlier files
+	if let Some(p) = path {
+		if !paths.contains(&p) {
+			paths.push(p);
+		}
+	}
+
+	self.services.config.reload(&paths)?;
+
+	self.write_str(&format!("Successfully reconfigured from paths: {paths:?}"))
+		.await
 }
 
 #[admin_command]

src/admin/user/commands.rs

@@ -1,4 +1,7 @@
-use std::{collections::BTreeMap, fmt::Write as _};
+use std::{
+	collections::{BTreeMap, HashSet},
+	fmt::Write as _,
+};
 
 use api::client::{
 	full_user_deactivate, join_room_by_id_helper, leave_all_rooms, leave_room, remote_leave_room,
@@ -12,7 +15,7 @@
 };
 use futures::{FutureExt, StreamExt};
 use ruma::{
-	OwnedEventId, OwnedRoomId, OwnedRoomOrAliasId, OwnedUserId, UserId,
+	OwnedEventId, OwnedRoomId, OwnedRoomOrAliasId, OwnedServerName, OwnedUserId, UserId,
 	events::{
 		RoomAccountDataEventType, StateEventType,
 		room::{
@@ -950,23 +953,38 @@ pub(super) async fn force_leave_remote_room(
 	&self,
 	user_id: String,
 	room_id: OwnedRoomOrAliasId,
+	via: Option<String>,
 ) -> Result {
 	let user_id = parse_local_user_id(self.services, &user_id)?;
-	let (room_id, _) = self
+	let (room_id, vias_raw) = self
 		.services
 		.rooms
 		.alias
-		.resolve_with_servers(&room_id, None)
+		.resolve_with_servers(
+			&room_id,
+			if let Some(v) = via.clone() {
+				Some(vec![OwnedServerName::parse(v)?])
+			} else {
+				None
+			},
+		)
 		.await?;
 
 	assert!(
 		self.services.globals.user_is_local(&user_id),
 		"Parsed user_id must be a local user"
 	);
-	remote_leave_room(self.services, &user_id, &room_id, None)
+	let mut vias: HashSet<OwnedServerName> = HashSet::new();
+	if let Some(via) = via {
+		vias.insert(OwnedServerName::parse(via)?);
+	}
+	for server in vias_raw {
+		vias.insert(server);
+	}
+	remote_leave_room(self.services, &user_id, &room_id, None, vias)
 		.boxed()
 		.await?;
 
-	self.write_str(&format!("{user_id} has been joined to {room_id}.",))
+	self.write_str(&format!("{user_id} successfully left {room_id} via remote server."))
 		.await
 }

src/admin/user/mod.rs

@@ -107,6 +107,7 @@ pub enum UserCommand {
 	ForceLeaveRemoteRoom {
 		user_id: String,
 		room_id: OwnedRoomOrAliasId,
+		via: Option<String>,
 	},
 
 	/// - Forces the specified user to drop their power levels to the room

src/api/client/context.rs

@@ -59,7 +59,7 @@ pub(crate) async fn get_context_route(
 		.rooms
 		.timeline
 		.get_pdu(event_id)
-		.map_err(|_| err!(Request(NotFound("Base event not found."))));
+		.map_err(|_| err!(Request(NotFound("Event not found."))));
 
 	let visible = services
 		.rooms
@@ -70,7 +70,7 @@ pub(crate) async fn get_context_route(
 	let (base_id, base_pdu, visible) = try_join3(base_id, base_pdu, visible).await?;
 
 	if base_pdu.room_id_or_hash() != *room_id || base_pdu.event_id != *event_id {
-		return Err!(Request(NotFound("Base event not found.")));
+		return Err!(Request(NotFound("Event not found.")));
 	}
 
 	if !visible {
@@ -82,11 +82,25 @@ pub(crate) async fn get_context_route(
 
 	let base_event = ignored_filter(&services, (base_count, base_pdu), sender_user);
 
+	// PDUs are used to get seen user IDs and then returned in response.
+
 	let events_before = services
 		.rooms
 		.timeline
-		.pdus_rev(Some(sender_user), room_id, Some(base_count))
+		.pdus_rev(room_id, Some(base_count))
 		.ignore_err()
+		.then(async |mut pdu| {
+			pdu.1.set_unsigned(Some(sender_user));
+			if let Err(e) = services
+				.rooms
+				.pdu_metadata
+				.add_bundled_aggregations_to_pdu(sender_user, &mut pdu.1)
+				.await
+			{
+				debug_warn!("Failed to add bundled aggregations: {e}");
+			}
+			pdu
+		})
 		.ready_filter_map(|item| event_filter(item, filter))
 		.wide_filter_map(|item| ignored_filter(&services, item, sender_user))
 		.wide_filter_map(|item| visibility_filter(&services, item, sender_user))
@@ -96,8 +110,20 @@ pub(crate) async fn get_context_route(
 	let events_after = services
 		.rooms
 		.timeline
-		.pdus(Some(sender_user), room_id, Some(base_count))
+		.pdus(room_id, Some(base_count))
 		.ignore_err()
+		.then(async |mut pdu| {
+			pdu.1.set_unsigned(Some(sender_user));
+			if let Err(e) = services
+				.rooms
+				.pdu_metadata
+				.add_bundled_aggregations_to_pdu(sender_user, &mut pdu.1)
+				.await
+			{
+				debug_warn!("Failed to add bundled aggregations: {e}");
+			}
+			pdu
+		})
 		.ready_filter_map(|item| event_filter(item, filter))
 		.wide_filter_map(|item| ignored_filter(&services, item, sender_user))
 		.wide_filter_map(|item| visibility_filter(&services, item, sender_user))

src/api/client/keys.rs

@@ -389,7 +389,7 @@ pub(crate) async fn get_key_changes_route(
 	device_list_updates.extend(
 		services
 			.users
-			.keys_changed(sender_user, from, Some(to))
+			.keys_changed(sender_user, Some(from), Some(to))
 			.map(ToOwned::to_owned)
 			.collect::<Vec<_>>()
 			.await,
@@ -401,7 +401,7 @@ pub(crate) async fn get_key_changes_route(
 		device_list_updates.extend(
 			services
 				.users
-				.room_keys_changed(room_id, from, Some(to))
+				.room_keys_changed(room_id, Some(from), Some(to))
 				.map(|(user_id, _)| user_id)
 				.map(ToOwned::to_owned)
 				.collect::<Vec<_>>()

src/api/client/membership/join.rs

@@ -44,10 +44,11 @@
 	rooms::{
 		state::RoomMutexGuard,
 		state_compressor::{CompressedState, HashSetCompressStateEvent},
+		timeline::pdu_fits,
 	},
 };
 
-use super::banned_room_check;
+use super::{banned_room_check, validate_remote_member_event_stub};
 use crate::Ruma;
 
 /// # `POST /_matrix/client/r0/rooms/{roomId}/join`
@@ -573,6 +574,13 @@ async fn join_room_by_id_helper_remote(
 					return state;
 				},
 			};
+			if !pdu_fits(&mut value.clone()) {
+				warn!(
+					"dropping incoming PDU {event_id} in room {room_id} from room join because \
+					 it exceeds 65535 bytes or is otherwise too large."
+				);
+				return state;
+			}
 			services.rooms.outlier.add_pdu_outlier(&event_id, &value);
 			if let Some(state_key) = &pdu.state_key {
 				let shortstatekey = services
@@ -829,6 +837,13 @@ async fn join_room_by_id_helper_local(
 			err!(BadServerResponse("Invalid make_join event json received from server: {e:?}"))
 		})?;
 
+	validate_remote_member_event_stub(
+		&MembershipState::Join,
+		sender_user,
+		room_id,
+		&join_event_stub,
+	)?;
+
 	let join_authorized_via_users_server = join_event_stub
 		.get("content")
 		.map(|s| {

src/api/client/membership/knock.rs

@@ -5,7 +5,7 @@
 use conduwuit::{
 	Err, Result, debug, debug_info, debug_warn, err, info,
 	matrix::{
-		event::{Event, gen_event_id},
+		event::gen_event_id,
 		pdu::{PduBuilder, PduEvent},
 	},
 	result::FlatOk,
@@ -38,7 +38,7 @@
 	},
 };
 
-use super::{banned_room_check, join::join_room_by_id_helper};
+use super::{banned_room_check, join::join_room_by_id_helper, validate_remote_member_event_stub};
 use crate::Ruma;
 
 /// # `POST /_matrix/client/*/knock/{roomIdOrAlias}`
@@ -408,6 +408,13 @@ async fn knock_room_helper_local(
 		err!(BadServerResponse("Invalid make_knock event json received from server: {e:?}"))
 	})?;
 
+	validate_remote_member_event_stub(
+		&MembershipState::Knock,
+		sender_user,
+		room_id,
+		&knock_event_stub,
+	)?;
+
 	knock_event_stub.insert(
 		"origin".to_owned(),
 		CanonicalJsonValue::String(services.globals.server_name().as_str().to_owned()),
@@ -458,7 +465,7 @@ async fn knock_room_helper_local(
 			.await,
 	};
 
-	let send_knock_response = services
+	services
 		.sending
 		.send_federation_request(&remote_server, send_knock_request)
 		.await?;
@@ -477,20 +484,14 @@ async fn knock_room_helper_local(
 		.map_err(|e| err!(BadServerResponse("Invalid knock event PDU: {e:?}")))?;
 
 	info!("Updating membership locally to knock state with provided stripped state events");
+	// TODO: this call does not appear to do anything because `update_membership`
+	// doesn't call `mark_as_knock`. investigate further, ideally with the aim of
+	// removing this call entirely -- Ginger thinks `update_membership` should only
+	// be called from `force_state` and `append_pdu`.
 	services
 		.rooms
 		.state_cache
-		.update_membership(
-			room_id,
-			sender_user,
-			parsed_knock_pdu
-				.get_content::<RoomMemberEventContent>()
-				.expect("we just created this"),
-			sender_user,
-			Some(send_knock_response.knock_room_state),
-			None,
-			false,
-		)
+		.update_membership(room_id, sender_user, &parsed_knock_pdu, false)
 		.await?;
 
 	info!("Appending room knock event locally");
@@ -677,20 +678,11 @@ async fn knock_room_helper_remote(
 		.await?;
 
 	info!("Updating membership locally to knock state with provided stripped state events");
+	// TODO: see TODO on the other call to `update_membership`
 	services
 		.rooms
 		.state_cache
-		.update_membership(
-			room_id,
-			sender_user,
-			parsed_knock_pdu
-				.get_content::<RoomMemberEventContent>()
-				.expect("we just created this"),
-			sender_user,
-			Some(send_knock_response.knock_room_state),
-			None,
-			false,
-		)
+		.update_membership(room_id, sender_user, &parsed_knock_pdu, false)
 		.await?;
 
 	info!("Appending room knock event locally");

src/api/client/membership/leave.rs

@@ -2,12 +2,12 @@
 
 use axum::extract::State;
 use conduwuit::{
-	Err, Result, debug_info, debug_warn, err,
+	Err, Pdu, Result, debug_info, debug_warn, err,
 	matrix::{event::gen_event_id, pdu::PduBuilder},
 	utils::{self, FutureBoolExt, future::ReadyEqExt},
 	warn,
 };
-use futures::{FutureExt, StreamExt, TryFutureExt, pin_mut};
+use futures::{FutureExt, StreamExt, pin_mut};
 use ruma::{
 	CanonicalJsonObject, CanonicalJsonValue, OwnedServerName, RoomId, RoomVersionId, UserId,
 	api::{
@@ -21,6 +21,7 @@
 };
 use service::Services;
 
+use super::validate_remote_member_event_stub;
 use crate::Ruma;
 
 /// # `POST /_matrix/client/v3/rooms/{roomId}/leave`
@@ -81,42 +82,9 @@ pub async fn leave_room(
 	room_id: &RoomId,
 	reason: Option<String>,
 ) -> Result {
-	let default_member_content = RoomMemberEventContent {
-		membership: MembershipState::Leave,
-		reason: reason.clone(),
-		join_authorized_via_users_server: None,
-		is_direct: None,
-		avatar_url: None,
-		displayname: None,
-		third_party_invite: None,
-		blurhash: None,
-		redact_events: None,
-	};
-
 	let is_banned = services.rooms.metadata.is_banned(room_id);
 	let is_disabled = services.rooms.metadata.is_disabled(room_id);
 
-	pin_mut!(is_banned, is_disabled);
-	if is_banned.or(is_disabled).await {
-		// the room is banned/disabled, the room must be rejected locally since we
-		// cant/dont want to federate with this server
-		services
-			.rooms
-			.state_cache
-			.update_membership(
-				room_id,
-				user_id,
-				default_member_content,
-				user_id,
-				None,
-				None,
-				true,
-			)
-			.await?;
-
-		return Ok(());
-	}
-
 	let dont_have_room = services
 		.rooms
 		.state_cache
@@ -129,43 +97,41 @@ pub async fn leave_room(
 		.is_knocked(user_id, room_id)
 		.eq(&false);
 
-	// Ask a remote server if we don't have this room and are not knocking on it
-	if dont_have_room.and(not_knocked).await {
-		if let Err(e) = remote_leave_room(services, user_id, room_id, reason.clone())
-			.boxed()
-			.await
-		{
-			warn!(%user_id, "Failed to leave room {room_id} remotely: {e}");
-			// Don't tell the client about this error
-		}
+	pin_mut!(is_banned, is_disabled);
 
-		let last_state = services
-			.rooms
-			.state_cache
-			.invite_state(user_id, room_id)
-			.or_else(|_| services.rooms.state_cache.knock_state(user_id, room_id))
-			.or_else(|_| services.rooms.state_cache.left_state(user_id, room_id))
-			.await
-			.ok();
+	/*
+	there are three possible cases when leaving a room:
+	1. the room is banned or disabled, so we're not federating with it.
+	2. nobody on the homeserver is in the room, which can happen if the user is rejecting an invite
+	   to a room that we don't have any members in.
+	3. someone else on the homeserver is in the room. in this case we can leave like normal by sending a PDU over federation.
 
-		// We always drop the invite, we can't rely on other servers
-		services
-			.rooms
-			.state_cache
-			.update_membership(
-				room_id,
-				user_id,
-				default_member_content,
-				user_id,
-				last_state,
-				None,
-				true,
-			)
-			.await?;
+	in cases 1 and 2, we have to update the state cache using `mark_as_left` directly.
+	otherwise `build_and_append_pdu` will take care of updating the state cache for us.
+	*/
+
+	// `leave_pdu` is the outlier `m.room.member` event which will be synced to the
+	// user. if it's None the sync handler will create a dummy PDU.
+	let leave_pdu = if is_banned.or(is_disabled).await {
+		// case 1: the room is banned/disabled. we don't want to federate with another
+		// server to leave, so we can't create an outlier PDU.
+		None
+	} else if dont_have_room.and(not_knocked).await {
+		// case 2: ask a remote server to assist us with leaving
+		// we always mark the room as left locally, regardless of if the federated leave
+		// failed
+
+		remote_leave_room(services, user_id, room_id, reason.clone(), HashSet::new())
+			.await
+			.inspect_err(|err| {
+				warn!(%user_id, "Failed to leave room {room_id} remotely: {err}");
+			})
+			.ok()
 	} else {
+		// case 3: we can leave by sending a PDU.
 		let state_lock = services.rooms.state.mutex.lock(room_id).await;
 
-		let Ok(event) = services
+		let user_member_event_content = services
 			.rooms
 			.state_accessor
 			.room_state_get_content::<RoomMemberEventContent>(
@@ -173,64 +139,84 @@ pub async fn leave_room(
 				&StateEventType::RoomMember,
 				user_id.as_str(),
 			)
-			.await
-		else {
-			debug_warn!(
-				"Trying to leave a room you are not a member of, marking room as left locally."
-			);
+			.await;
 
-			return services
-				.rooms
-				.state_cache
-				.update_membership(
-					room_id,
-					user_id,
-					default_member_content,
-					user_id,
-					None,
-					None,
-					true,
-				)
-				.await;
-		};
+		match user_member_event_content {
+			| Ok(content) => {
+				services
+					.rooms
+					.timeline
+					.build_and_append_pdu(
+						PduBuilder::state(user_id.to_string(), &RoomMemberEventContent {
+							membership: MembershipState::Leave,
+							reason,
+							join_authorized_via_users_server: None,
+							is_direct: None,
+							..content
+						}),
+						user_id,
+						Some(room_id),
+						&state_lock,
+					)
+					.await?;
 
-		services
-			.rooms
-			.timeline
-			.build_and_append_pdu(
-				PduBuilder::state(user_id.to_string(), &RoomMemberEventContent {
-					membership: MembershipState::Leave,
-					reason,
-					join_authorized_via_users_server: None,
-					is_direct: None,
-					..event
-				}),
-				user_id,
-				Some(room_id),
-				&state_lock,
-			)
-			.await?;
-	}
+				// `build_and_append_pdu` calls `mark_as_left` internally, so we return early.
+				return Ok(());
+			},
+			| Err(_) => {
+				// an exception to case 3 is if the user isn't even in the room they're trying
+				// to leave. this can happen if the client's caching is wrong.
+				debug_warn!(
+					"Trying to leave a room you are not a member of, marking room as left \
+					 locally."
+				);
+
+				// return the existing leave state, if one exists. `mark_as_left` will then
+				// update the `roomuserid_leftcount` table, making the leave come down sync
+				// again.
+				services
+					.rooms
+					.state_cache
+					.left_state(user_id, room_id)
+					.await?
+			},
+		}
+	};
+
+	services
+		.rooms
+		.state_cache
+		.mark_as_left(user_id, room_id, leave_pdu)
+		.await;
+
+	services
+		.rooms
+		.state_cache
+		.update_joined_count(room_id)
+		.await;
 
 	Ok(())
 }
 
-pub async fn remote_leave_room(
+pub async fn remote_leave_room<S: ::std::hash::BuildHasher>(
 	services: &Services,
 	user_id: &UserId,
 	room_id: &RoomId,
 	reason: Option<String>,
-) -> Result<()> {
+	mut servers: HashSet<OwnedServerName, S>,
+) -> Result<Pdu> {
 	let mut make_leave_response_and_server =
 		Err!(BadServerResponse("No remote server available to assist in leaving {room_id}."));
 
-	let mut servers: HashSet<OwnedServerName> = services
-		.rooms
-		.state_cache
-		.servers_invite_via(room_id)
-		.map(ToOwned::to_owned)
-		.collect()
-		.await;
+	servers.extend(
+		services
+			.rooms
+			.state_cache
+			.servers_invite_via(room_id)
+			.map(ToOwned::to_owned)
+			.collect::<HashSet<OwnedServerName>>()
+			.await,
+	);
 
 	match services
 		.rooms
@@ -277,6 +263,11 @@ pub async fn remote_leave_room(
 	if let Some(room_id_server_name) = room_id.server_name() {
 		servers.insert(room_id_server_name.to_owned());
 	}
+	if servers.is_empty() {
+		return Err!(BadServerResponse(warn!(
+			"No remote servers found to assist in leaving {room_id}."
+		)));
+	}
 
 	debug_info!("servers in remote_leave_room: {servers:?}");
 
@@ -284,7 +275,7 @@ pub async fn remote_leave_room(
 		let make_leave_response = services
 			.sending
 			.send_federation_request(
-				&remote_server,
+				remote_server.as_ref(),
 				federation::membership::prepare_leave_event::v1::Request {
 					room_id: room_id.to_owned(),
 					user_id: user_id.to_owned(),
@@ -292,11 +283,21 @@ pub async fn remote_leave_room(
 			)
 			.await;
 
-		make_leave_response_and_server = make_leave_response.map(|r| (r, remote_server));
+		let error = make_leave_response.as_ref().err().map(ToString::to_string);
+		make_leave_response_and_server = make_leave_response.map(|r| (r, remote_server.clone()));
 
 		if make_leave_response_and_server.is_ok() {
+			debug_info!(
+				"Received make_leave_response from {} for leaving {room_id}",
+				remote_server
+			);
 			break;
 		}
+		debug_warn!(
+			"Failed to get make_leave_response from {} for leaving {room_id}: {}",
+			remote_server,
+			error.unwrap()
+		);
 	}
 
 	let (make_leave_response, remote_server) = make_leave_response_and_server?;
@@ -304,13 +305,14 @@ pub async fn remote_leave_room(
 	let Some(room_version_id) = make_leave_response.room_version else {
 		return Err!(BadServerResponse(warn!(
 			"No room version was returned by {remote_server} for {room_id}, room version is \
-			 likely not supported by conduwuit"
+			 likely not supported by continuwuity"
 		)));
 	};
 
 	if !services.server.supported_room_version(&room_version_id) {
 		return Err!(BadServerResponse(warn!(
-			"Remote room version {room_version_id} for {room_id} is not supported by conduwuit",
+			"Remote room version {room_version_id} for {room_id} is not supported by \
+			 continuwuity",
 		)));
 	}
 
@@ -323,6 +325,13 @@ pub async fn remote_leave_room(
 		)))
 	})?;
 
+	validate_remote_member_event_stub(
+		&MembershipState::Leave,
+		user_id,
+		room_id,
+		&leave_event_stub,
+	)?;
+
 	// TODO: Is origin needed?
 	leave_event_stub.insert(
 		"origin".to_owned(),
@@ -373,7 +382,7 @@ pub async fn remote_leave_room(
 			&remote_server,
 			federation::membership::create_leave_event::v2::Request {
 				room_id: room_id.to_owned(),
-				event_id,
+				event_id: event_id.clone(),
 				pdu: services
 					.sending
 					.convert_to_outgoing_federation_event(leave_event.clone())
@@ -382,5 +391,14 @@ pub async fn remote_leave_room(
 		)
 		.await?;
 
-	Ok(())
+	services
+		.rooms
+		.outlier
+		.add_pdu_outlier(&event_id, &leave_event);
+
+	let leave_pdu = Pdu::from_id_val(&event_id, leave_event).map_err(|e| {
+		err!(BadServerResponse("Invalid leave PDU received during federated leave: {e:?}"))
+	})?;
+
+	Ok(leave_pdu)
 }

src/api/client/membership/mod.rs

@@ -13,7 +13,14 @@
 use axum::extract::State;
 use conduwuit::{Err, Result, warn};
 use futures::{FutureExt, StreamExt};
-use ruma::{OwnedRoomId, RoomId, ServerName, UserId, api::client::membership::joined_rooms};
+use ruma::{
+	CanonicalJsonObject, OwnedRoomId, RoomId, ServerName, UserId,
+	api::client::membership::joined_rooms,
+	events::{
+		StaticEventContent,
+		room::member::{MembershipState, RoomMemberEventContent},
+	},
+};
 use service::Services;
 
 pub(crate) use self::{
@@ -153,3 +160,80 @@ pub(crate) async fn banned_room_check(
 
 	Ok(())
 }
+
+/// Validates that an event returned from a remote server by `/make_*`
+/// actually is a membership event with the expected fields.
+///
+/// Without checking this, the remote server could use the remote membership
+/// mechanism to trick our server into signing arbitrary malicious events.
+pub(crate) fn validate_remote_member_event_stub(
+	membership: &MembershipState,
+	user_id: &UserId,
+	room_id: &RoomId,
+	event_stub: &CanonicalJsonObject,
+) -> Result<()> {
+	let Some(event_type) = event_stub.get("type") else {
+		return Err!(BadServerResponse(
+			"Remote server returned member event with missing type field"
+		));
+	};
+	if event_type != &RoomMemberEventContent::TYPE {
+		return Err!(BadServerResponse(
+			"Remote server returned member event with invalid event type"
+		));
+	}
+
+	let Some(sender) = event_stub.get("sender") else {
+		return Err!(BadServerResponse(
+			"Remote server returned member event with missing sender field"
+		));
+	};
+	if sender != &user_id.as_str() {
+		return Err!(BadServerResponse(
+			"Remote server returned member event with incorrect sender"
+		));
+	}
+
+	let Some(state_key) = event_stub.get("state_key") else {
+		return Err!(BadServerResponse(
+			"Remote server returned member event with missing state_key field"
+		));
+	};
+	if state_key != &user_id.as_str() {
+		return Err!(BadServerResponse(
+			"Remote server returned member event with incorrect state_key"
+		));
+	}
+
+	let Some(event_room_id) = event_stub.get("room_id") else {
+		return Err!(BadServerResponse(
+			"Remote server returned member event with missing room_id field"
+		));
+	};
+	if event_room_id != &room_id.as_str() {
+		return Err!(BadServerResponse(
+			"Remote server returned member event with incorrect room_id"
+		));
+	}
+
+	let Some(content) = event_stub
+		.get("content")
+		.and_then(|content| content.as_object())
+	else {
+		return Err!(BadServerResponse(
+			"Remote server returned member event with missing content field"
+		));
+	};
+	let Some(event_membership) = content.get("membership") else {
+		return Err!(BadServerResponse(
+			"Remote server returned member event with missing membership field"
+		));
+	};
+	if event_membership != &membership.as_str() {
+		return Err!(BadServerResponse(
+			"Remote server returned member event with incorrect room_id"
+		));
+	}
+
+	Ok(())
+}

src/api/client/message.rs

@@ -1,6 +1,7 @@
 use axum::extract::State;
+use axum_client_ip::InsecureClientIp;
 use conduwuit::{
-	Err, Result, at,
+	Err, Result, at, debug_warn,
 	matrix::{
 		event::{Event, Matches},
 		pdu::PduCount,
@@ -16,7 +17,7 @@
 	Services,
 	rooms::{
 		lazy_loading,
-		lazy_loading::{Options, Witness},
+		lazy_loading::{MemberSet, Options},
 		timeline::PdusIterItem,
 	},
 };
@@ -70,6 +71,7 @@
 ///   where the user was joined, depending on `history_visibility`)
 pub(crate) async fn get_message_events_route(
 	State(services): State<crate::State>,
+	InsecureClientIp(client_ip): InsecureClientIp,
 	body: Ruma<get_message_events::v3::Request>,
 ) -> Result<get_message_events::v3::Response> {
 	debug_assert!(IGNORED_MESSAGE_TYPES.is_sorted(), "IGNORED_MESSAGE_TYPES is not sorted");
@@ -78,6 +80,11 @@ pub(crate) async fn get_message_events_route(
 	let room_id = &body.room_id;
 	let filter = &body.filter;
 
+	services
+		.users
+		.update_device_last_seen(sender_user, sender_device, client_ip)
+		.await;
+
 	if !services.rooms.metadata.exists(room_id).await {
 		return Err!(Request(Forbidden("Room does not exist to this server")));
 	}
@@ -115,14 +122,14 @@ pub(crate) async fn get_message_events_route(
 		| Direction::Forward => services
 			.rooms
 			.timeline
-			.pdus(Some(sender_user), room_id, Some(from))
+			.pdus(room_id, Some(from))
 			.ignore_err()
 			.boxed(),
 
 		| Direction::Backward => services
 			.rooms
 			.timeline
-			.pdus_rev(Some(sender_user), room_id, Some(from))
+			.pdus_rev(room_id, Some(from))
 			.ignore_err()
 			.boxed(),
 	};
@@ -133,6 +140,18 @@ pub(crate) async fn get_message_events_route(
 		.wide_filter_map(|item| ignored_filter(&services, item, sender_user))
 		.wide_filter_map(|item| visibility_filter(&services, item, sender_user))
 		.take(limit)
+		.then(async |mut pdu| {
+			pdu.1.set_unsigned(Some(sender_user));
+			if let Err(e) = services
+				.rooms
+				.pdu_metadata
+				.add_bundled_aggregations_to_pdu(sender_user, &mut pdu.1)
+				.await
+			{
+				debug_warn!("Failed to add bundled aggregations: {e}");
+			}
+			pdu
+		})
 		.collect()
 		.await;
 
@@ -162,7 +181,7 @@ pub(crate) async fn get_message_events_route(
 
 	let state = witness
 		.map(Option::into_iter)
-		.map(|option| option.flat_map(Witness::into_iter))
+		.map(|option| option.flat_map(MemberSet::into_iter))
 		.map(IterStream::stream)
 		.into_stream()
 		.flatten()
@@ -192,7 +211,7 @@ pub(crate) async fn lazy_loading_witness<'a, I>(
 	services: &Services,
 	lazy_loading_context: &lazy_loading::Context<'_>,
 	events: I,
-) -> Witness
+) -> MemberSet
 where
 	I: Iterator<Item = &'a PdusIterItem> + Clone + Send,
 {
@@ -213,10 +232,10 @@ pub(crate) async fn lazy_loading_witness<'a, I>(
 	let receipts = services
 		.rooms
 		.read_receipt
-		.readreceipts_since(lazy_loading_context.room_id, oldest.into_unsigned());
+		.readreceipts_since(lazy_loading_context.room_id, Some(oldest.into_unsigned()));
 
 	pin_mut!(receipts);
-	let witness: Witness = events
+	let witness: MemberSet = events
 		.stream()
 		.map(ref_at!(1))
 		.map(Event::sender)
@@ -224,7 +243,7 @@ pub(crate) async fn lazy_loading_witness<'a, I>(
 		.chain(
 			receipts
 				.ready_take_while(|(_, c, _)| *c <= newest.into_unsigned())
-				.map(|(user_id, ..)| user_id.to_owned()),
+				.map(|(user_id, ..)| user_id),
 		)
 		.collect()
 		.await;
@@ -232,7 +251,7 @@ pub(crate) async fn lazy_loading_witness<'a, I>(
 	services
 		.rooms
 		.lazy_loading
-		.witness_retain(witness, lazy_loading_context)
+		.retain_lazy_members(witness, lazy_loading_context)
 		.await
 }
 

src/api/client/read_marker.rs

@@ -1,6 +1,7 @@
 use std::collections::BTreeMap;
 
 use axum::extract::State;
+use axum_client_ip::InsecureClientIp;
 use conduwuit::{Err, PduCount, Result, err};
 use ruma::{
 	MilliSecondsSinceUnixEpoch,
@@ -118,9 +119,14 @@ pub(crate) async fn set_read_marker_route(
 /// Sets private read marker and public read receipt EDU.
 pub(crate) async fn create_receipt_route(
 	State(services): State<crate::State>,
+	InsecureClientIp(client_ip): InsecureClientIp,
 	body: Ruma<create_receipt::v3::Request>,
 ) -> Result<create_receipt::v3::Response> {
 	let sender_user = body.sender_user();
+	services
+		.users
+		.update_device_last_seen(sender_user, body.sender_device.as_deref(), client_ip)
+		.await;
 
 	if matches!(
 		&body.receipt_type,

src/api/client/redact.rs

@@ -1,4 +1,5 @@
 use axum::extract::State;
+use axum_client_ip::InsecureClientIp;
 use conduwuit::{Err, Result, matrix::pdu::PduBuilder};
 use ruma::{
 	api::client::redact::redact_event, events::room::redaction::RoomRedactionEventContent,
@@ -13,9 +14,14 @@
 /// - TODO: Handle txn id
 pub(crate) async fn redact_event_route(
 	State(services): State<crate::State>,
+	InsecureClientIp(client_ip): InsecureClientIp,
 	body: Ruma<redact_event::v3::Request>,
 ) -> Result<redact_event::v3::Response> {
 	let sender_user = body.sender_user();
+	services
+		.users
+		.update_device_last_seen(sender_user, body.sender_device.as_deref(), client_ip)
+		.await;
 	let body = &body.body;
 	if services.users.is_suspended(sender_user).await? {
 		// TODO: Users can redact their own messages while suspended