fix: Deserialisation error in public keys

Fixes #1290

.pre-commit-config.yaml

@@ -31,7 +31,7 @@ repos:
         stages: [commit-msg]
 
   - repo: https://github.com/crate-ci/committed
-    rev: v1.1.9
+    rev: v1.1.10
     hooks:
     - id: committed
 

.vscode/settings.json

@@ -7,6 +7,5 @@
         "continuwuity",
         "homeserver",
         "homeservers"
-    ],
-    "rust-analyzer.cargo.features": ["full"]
+    ]
 }

CHANGELOG.md

@@ -1,3 +1,24 @@
+# Continuwuity 0.5.3 (2026-01-12)
+
+## Features
+
+- Improve the display of nested configuration with the `!admin server show-config` command. Contributed by @Jade (#1279)
+
+## Bugfixes
+
+- Fixed `M_BAD_JSON` error when sending invites to other servers or when providing joins. Contributed by @nex (#1286)
+
+
+## Docs
+
+- Improve admin command documentation generation. Contributed by @ginger (#1280)
+
+
+## Misc
+
+- Improve timeout-related code for federation and URL previews. Contributed by @Jade (#1278)
+
+
 # Continuwuity 0.5.2 (2026-01-09)
 
 ## Features

Cargo.toml

@@ -1,6 +1,6 @@
 [workspace]
 resolver = "2"
-members = ["src/*", "xtask/*"]
+members = ["src/*", "xtask/"]
 default-members = ["src/*"]
 
 [workspace.package]
@@ -12,7 +12,7 @@ license = "Apache-2.0"
 # See also `rust-toolchain.toml`
 readme = "README.md"
 repository = "https://forgejo.ellis.link/continuwuation/continuwuity"
-version = "0.5.2"
+version = "0.5.3"
 
 [workspace.metadata.crane]
 name = "conduwuit"
@@ -158,7 +158,7 @@ features = ["raw_value"]
 
 # Used for appservice registration files
 [workspace.dependencies.serde-saphyr]
-version = "0.0.10"
+version = "0.0.14"
 
 # Used to load forbidden room/user regex from config
 [workspace.dependencies.serde_regex]
@@ -342,7 +342,7 @@ version = "0.1.2"
 # Used for matrix spec type definitions and helpers
 [workspace.dependencies.ruma]
 git = "https://forgejo.ellis.link/continuwuation/ruwuma"
-rev = "f9e74cb206cfa45cf5f17d39282253b43a15fcd5"
+rev = "85d00fb5746cba23904234b4fd3c838dcf141541"
 features = [
     "compat",
     "rand",

changelog.d/1288.feature.md

@@ -0,0 +1 @@
+The announcement checker will now announce errors it encounters in the first run to the admin room, plus a few other misc improvements. Contributed by @Jade

changelog.d/1290.bugfix.md

@@ -0,0 +1 @@
+Fix the generated configuration containing uncommented optional sections. Contributed by @Jade

changelog.d/1298.bugfix

@@ -0,0 +1 @@
+Fixed specification non-compliance when handling remote media errors. Contributed by @nex.

changelog.d/1302.bugfix.md

@@ -0,0 +1 @@
+UIAA requests which check for out-of-band success (sent by matrix-js-sdk)  will no longer create unhelpful errors in the logs.

conduwuit-example.toml

@@ -340,7 +340,9 @@
 # this to be high to account for extremely large room joins, slow
 # homeservers, your own resources etc.
 #
-#federation_timeout = 300
+# Joins have 6x the timeout.
+#
+#federation_timeout = 60
 
 # MSC4284 Policy server request timeout (seconds). Generally policy
 # servers should respond near instantly, however may slow down under
@@ -389,7 +391,15 @@
 #
 #appservice_idle_timeout = 300
 
-# Notification gateway pusher idle connection pool timeout.
+# Notification gateway pusher request connection timeout (seconds).
+#
+#pusher_conn_timeout = 15
+
+# Notification gateway pusher total request timeout (seconds).
+#
+#pusher_timeout = 60
+
+# Notification gateway pusher idle connection pool timeout (seconds).
 #
 #pusher_idle_timeout = 15
 
@@ -1446,6 +1456,11 @@
 #
 #url_preview_max_spider_size = 256000
 
+# Total request timeout for URL previews (seconds). This includes
+# connection, request, and response body reading time.
+#
+#url_preview_timeout = 120
+
 # Option to decide whether you would like to run the domain allowlist
 # checks (contains and explicit) on the root domain or not. Does not apply
 # to URL contains allowlist. Defaults to false.
@@ -1744,10 +1759,6 @@
 #
 #config_reload_signal = true
 
-# This item is undocumented. Please contribute documentation for it.
-#
-#ldap = false
-
 [global.tls]
 
 # Path to a valid TLS certificate file.
@@ -1915,7 +1926,9 @@
 #
 #admin_filter = ""
 
-[global.antispam.meowlnir]
+#[global.antispam]
+
+#[global.antispam.meowlnir]
 
 # The base URL on which to contact Meowlnir (before /_meowlnir/antispam).
 #
@@ -1940,7 +1953,7 @@
 #
 #check_all_joins = false
 
-[global.antispam.draupnir]
+#[global.antispam.draupnir]
 
 # The base URL on which to contact Draupnir (before /api/).
 #

docker/Dockerfile

@@ -48,7 +48,7 @@ EOF
 
 # Developer tool versions
 # renovate: datasource=github-releases depName=cargo-bins/cargo-binstall
-ENV BINSTALL_VERSION=1.16.6
+ENV BINSTALL_VERSION=1.16.7
 # renovate: datasource=github-releases depName=psastras/sbom-rs
 ENV CARGO_SBOM_VERSION=0.9.1
 # renovate: datasource=crate depName=lddtree

docker/musl.Dockerfile

@@ -18,7 +18,7 @@ RUN --mount=type=cache,target=/etc/apk/cache apk add \
 
 # Developer tool versions
 # renovate: datasource=github-releases depName=cargo-bins/cargo-binstall
-ENV BINSTALL_VERSION=1.16.6
+ENV BINSTALL_VERSION=1.16.7
 # renovate: datasource=github-releases depName=psastras/sbom-rs
 ENV CARGO_SBOM_VERSION=0.9.1
 # renovate: datasource=crate depName=lddtree

docs/_meta.json

@@ -34,6 +34,14 @@
         "name": "troubleshooting",
         "label": "Troubleshooting"
     },
+    "security",
+    {
+        "type": "dir-section-header",
+        "name": "community",
+        "label": "Community",
+        "collapsible": true,
+        "collapsed": false
+    },
     {
         "type": "divider"
     },
@@ -57,18 +65,11 @@
         "name": "/reference/config"
     },
     {
-        "type": "file",
+        "type": "dir",
         "label": "Admin Command Reference",
-        "name": "/reference/admin"
-    },
-    {
-        "type": "file",
-        "label": "Server Reference",
-        "name": "/reference/server"
+        "name": "/reference/admin/"
     },
     {
         "type": "divider"
-    },
-    "community",
-    "security"
+    }
 ]

docs/_nav.json

@@ -18,17 +18,22 @@
             },
             {
                 "text": "Admin Command Reference",
-                "link": "/reference/admin"
-            },
-            {
-                "text": "Server Reference",
-                "link": "/reference/server"
+                "link": "/reference/admin/"
             }
         ]
     },
     {
         "text": "Community",
-        "link": "/community"
+        "items": [
+            {
+                "text": "Community Guidelines",
+                "link": "/community/guidelines"
+            },
+            {
+                "text": "Become a Partnered Homeserver!",
+                "link": "/community/ops-guidelines"
+            }
+        ]
     },
     {
         "text": "Security",

docs/community/_meta.json

@@ -0,0 +1,12 @@
+[
+    {
+        "type": "file",
+        "name": "guidelines",
+        "label": "Community Guidelines"
+    },
+    {
+        "type": "file",
+        "name": "ops-guidelines",
+        "label": "Partnered Homeserver Guidelines"
+    }
+]

docs/community/ops-guidelines.mdx

@@ -0,0 +1,32 @@
+# Partnered Homeserver Operator Requirements
+> _So you want to be an officially sanctioned public Continuwuity homeserver operator?_
+
+Thank you for your interest in the project! There's a few things we need from you first to make sure your homeserver meets our quality standards and that you are prepared to handle the additional workload introduced by operating a public chat service.
+
+## Stuff you must have
+if you don't do these things we will tell you to go away
+
+- Your homeserver must be running an up-to-date version of Continuwuity
+- You must have a CAPTCHA, external registration system, or apply-to-join system that provides one-time-use invite codes (we do not accept fully open nor static token registration)
+- Your homeserver must have support details listed in [`/.well-known/matrix/support`](https://spec.matrix.org/v1.17/client-server-api/#getwell-knownmatrixsupport)
+- Your rules and guidelines must align with [the project's own code of conduct](guidelines).
+- You must be reasonably responsive (i.e. don't leave us hanging for a week if we alert you to an issue on your server)
+- Your homeserver's community rooms (if any) must be protected by a moderation bot subscribed to policy lists like the Community Moderation Effort (you can get one from https://asgard.chat if you don't want to run your own)
+
+## Stuff we encourage you to have
+not strictly required but we will consider your request more strongly if you have it
+
+- You should have automated moderation tooling that can automatically suspend abusive users on your homeserver who are added to policy lists
+- You should have multiple server administrators (increased bus factor)
+- You should have a terms of service and privacy policy prominently available
+
+## Stuff you get
+
+- Prominent listing in our README!
+- A gold star sticker
+- Access to a low noise room for more direct communication with maintainers and collaboration with fellow operators
+- Read-only access to the continuwuity internal ban list
+- Early notice of upcoming releases
+
+## Sound good?
+To get started, ping a team member in [our main chatroom](https://matrix.to/#/#continuwuity:continuwuity.org) and ask to be added to the list.

docs/deploying/docker.mdx

@@ -13,8 +13,8 @@ ### Use a registry
 | --------------- | --------------------------------------------------------------- | -----------------------|
 | Forgejo Registry| [forgejo.ellis.link/continuwuation/continuwuity:latest](https://forgejo.ellis.link/continuwuation/-/packages/container/continuwuity/latest)     | Latest tagged image.   |
 | Forgejo Registry| [forgejo.ellis.link/continuwuation/continuwuity:main](https://forgejo.ellis.link/continuwuation/-/packages/container/continuwuity/main)       | Main branch image.     |
-| Forgejo Registry| [forgejo.ellis.link/continuwuation/continuwuity:latest-maxperf](https://forgejo.ellis.link/continuwuation/-/packages/container/continuwuity/latest-maxperf) | Performance optimised version. |
-| Forgejo Registry| [forgejo.ellis.link/continuwuation/continuwuity:main-maxperf](https://forgejo.ellis.link/continuwuation/-/packages/container/continuwuity/main-maxperf)   | Performance optimised version. |
+| Forgejo Registry| [forgejo.ellis.link/continuwuation/continuwuity:latest-maxperf](https://forgejo.ellis.link/continuwuation/-/packages/container/continuwuity/latest-maxperf) | [Performance optimised version.](./generic.mdx#performance-optimised-builds) |
+| Forgejo Registry| [forgejo.ellis.link/continuwuation/continuwuity:main-maxperf](https://forgejo.ellis.link/continuwuation/-/packages/container/continuwuity/main-maxperf)   | [Performance optimised version.](./generic.mdx#performance-optimised-builds) |
 
 Use
 

docs/public/.well-known/continuwuity/announcements

@@ -6,10 +6,10 @@
             "message": "Welcome to Continuwuity! Important announcements about the project will appear here."
         },
         {
-            "id": 7,
-            "mention_room": true,
-            "date": "2025-12-30",
-            "message": "Continuwuity v0.5.1 has been released. **The release contains a fix for the critical vulnerability [GHSA-m5p2-vccg-8c9v](https://github.com/continuwuity/continuwuity/security/advisories/GHSA-m5p2-vccg-8c9v) (embargoed) affecting all Conduit-derived servers. Update as soon as possible.**\n\nThis has been *actively exploited* to attempt account takeover and forge events bricking the Continuwuity rooms. The new space is accessible at [Continuwuity (room list)](https://matrix.to/#/!8cR4g-i9ucof69E4JHNg9LbPVkGprHb3SzcrGBDDJgk?via=continuwuity.org&via=starstruck.systems&via=gingershaped.computer)\n"
+            "id": 8,
+            "mention_room": false,
+            "date": "2026-01-12",
+            "message": "Hey everyone!\n\nJust letting you know we've released [v0.5.3](https://forgejo.ellis.link/continuwuation/continuwuity/releases/tag/v0.5.3) - this one is a bit of a hotfix for an issue with inviting and allowing others to join rooms.\n\nIf you appreceate the round-the-clock work we've been doing to keep your servers secure over this holiday period, we'd really appreciate your support - you can sponsor individuals on our team using the 'sponsor' button at the top of [our GitHub repository](https://github.com/continuwuity/continuwuity). If you can't do that, even a star helps - spreading the word and advocating for our project helps keep it going.\n\nHave a lovely rest of your year \\\n[Jade \\(she/her\\)](https://matrix.to/#/%40jade%3Aellis.link) \n🩵"
         }
     ]
 }

docs/reference/_meta.json

@@ -8,10 +8,5 @@
         "type": "file",
         "name": "admin",
         "label": "Admin Commands"
-    },
-    {
-        "type": "file",
-        "name": "server",
-        "label": "Server command"
     }
 ]

docs/reference/admin/appservices.md

@@ -0,0 +1,29 @@
+<!-- This file is generated by `cargo xtask generate-docs`. Do not edit. -->
+# `!admin appservices`
+
+Commands for managing appservices
+
+
+## `!admin appservices register`
+
+Register an appservice using its registration YAML
+
+This command needs a YAML generated by an appservice (such as a bridge), which must be provided in a Markdown code block below the command.
+
+Registering a new bridge using the ID of an existing bridge will replace the old one.
+
+## `!admin appservices unregister`
+
+Unregister an appservice using its ID
+
+You can find the ID using the `list-appservices` command.
+
+## `!admin appservices show-appservice-config`
+
+Show an appservice's config using its ID
+
+You can find the ID using the `list-appservices` command.
+
+## `!admin appservices list-registered`
+
+List all the currently registered appservices

docs/reference/admin/check.md

@@ -0,0 +1,9 @@
+<!-- This file is generated by `cargo xtask generate-docs`. Do not edit. -->
+# `!admin check`
+
+Commands for checking integrity
+
+
+## `!admin check check-all-users`
+
+Uses the iterator in `src/database/key_value/users.rs` to iterator over every user in our database (remote and local). Reports total count, any errors if there were any, etc

docs/reference/admin/debug.md

@@ -0,0 +1,135 @@
+<!-- This file is generated by `cargo xtask generate-docs`. Do not edit. -->
+# `!admin debug`
+
+Commands for debugging things
+
+
+## `!admin debug echo`
+
+Echo input of admin command
+
+## `!admin debug get-auth-chain`
+
+Get the auth_chain of a PDU
+
+## `!admin debug parse-pdu`
+
+Parse and print a PDU from a JSON
+
+The PDU event is only checked for validity and is not added to the database.
+
+This command needs a JSON blob provided in a Markdown code block below the command.
+
+## `!admin debug get-pdu`
+
+Retrieve and print a PDU by EventID from the Continuwuity database
+
+## `!admin debug get-short-pdu`
+
+Retrieve and print a PDU by PduId from the Continuwuity database
+
+## `!admin debug get-remote-pdu`
+
+Attempts to retrieve a PDU from a remote server. **Does not** insert it into the database or persist it anywhere
+
+## `!admin debug get-remote-pdu-list`
+
+Same as `get-remote-pdu` but accepts a codeblock newline delimited list of PDUs and a single server to fetch from
+
+## `!admin debug get-room-state`
+
+Gets all the room state events for the specified room.
+
+This is functionally equivalent to `GET /_matrix/client/v3/rooms/{roomid}/state`, except the admin command does *not* check if the sender user is allowed to see state events. This is done because it's implied that server admins here have database access and can see/get room info themselves anyways if they were malicious admins.
+
+Of course the check is still done on the actual client API.
+
+## `!admin debug get-signing-keys`
+
+Get and display signing keys from local cache or remote server
+
+## `!admin debug get-verify-keys`
+
+Get and display signing keys from local cache or remote server
+
+## `!admin debug ping`
+
+Sends a federation request to the remote server's `/_matrix/federation/v1/version` endpoint and measures the latency it took for the server to respond
+
+## `!admin debug force-device-list-updates`
+
+Forces device lists for all local and remote users to be updated (as having new keys available)
+
+## `!admin debug change-log-level`
+
+Change tracing log level/filter on the fly
+
+This accepts the same format as the `log` config option.
+
+## `!admin debug verify-json`
+
+Verify JSON signatures
+
+This command needs a JSON blob provided in a Markdown code block below the command.
+
+## `!admin debug verify-pdu`
+
+Verify PDU
+
+This re-verifies a PDU existing in the database found by ID.
+
+## `!admin debug first-pdu-in-room`
+
+Prints the very first PDU in the specified room (typically m.room.create)
+
+## `!admin debug latest-pdu-in-room`
+
+Prints the latest ("last") PDU in the specified room (typically a message)
+
+## `!admin debug force-set-room-state-from-server`
+
+Forcefully replaces the room state of our local copy of the specified room, with the copy (auth chain and room state events) the specified remote server says.
+
+A common desire for room deletion is to simply "reset" our copy of the room. While this admin command is not a replacement for that, if you know you have split/broken room state and you know another server in the room that has the best/working room state, this command can let you use their room state. Such example is your server saying users are in a room, but other servers are saying they're not in the room in question.
+
+This command will get the latest PDU in the room we know about, and request the room state at that point in time via `/_matrix/federation/v1/state/{roomId}`.
+
+## `!admin debug resolve-true-destination`
+
+Runs a server name through Continuwuity's true destination resolution process
+
+Useful for debugging well-known issues
+
+## `!admin debug memory-stats`
+
+Print extended memory usage
+
+Optional argument is a character mask (a sequence of characters in any order) which enable additional extended statistics. Known characters are "abdeglmx". For convenience, a '*' will enable everything.
+
+## `!admin debug runtime-metrics`
+
+Print general tokio runtime metric totals
+
+## `!admin debug runtime-interval`
+
+Print detailed tokio runtime metrics accumulated since last command invocation
+
+## `!admin debug time`
+
+Print the current time
+
+## `!admin debug database-stats`
+
+Get database statistics
+
+## `!admin debug trim-memory`
+
+Trim memory usage
+
+## `!admin debug database-files`
+
+List database files
+
+## `!admin debug tester`
+
+Developer test stubs

docs/reference/admin/federation.md

@@ -0,0 +1,29 @@
+<!-- This file is generated by `cargo xtask generate-docs`. Do not edit. -->
+# `!admin federation`
+
+Commands for managing federation
+
+
+## `!admin federation incoming-federation`
+
+List all rooms we are currently handling an incoming pdu from
+
+## `!admin federation disable-room`
+
+Disables incoming federation handling for a room
+
+## `!admin federation enable-room`
+
+Enables incoming federation handling for a room again
+
+## `!admin federation fetch-support-well-known`
+
+Fetch `/.well-known/matrix/support` from the specified server
+
+Despite the name, this is not a federation endpoint and does not go through the federation / server resolution process as per-spec this is supposed to be served at the server_name.
+
+Respecting homeservers put this file here for listing administration, moderation, and security inquiries. This command provides a way to easily fetch that information.
+
+## `!admin federation remote-user-in-rooms`
+
+Lists all the rooms we share/track with the specified *remote* user

docs/reference/admin/index.md

@@ -0,0 +1,23 @@
+<!-- This file is generated by `cargo xtask generate-docs`. Do not edit. -->
+# Admin Command Reference
+
+Admin commands allow server administrators to manage the server from within their Matrix client. "Server administrators" by default means only those users which are members of the admin room, but additional server admins may be added using the `admins_list` configuration option.
+
+## Running commands
+
+* All commands listed here may be used by server administrators in the admin room by sending them as messages.
+* If the `admin_escape_commands` configuration option is enabled, server administrators may run certain commands in public rooms by prefixing them with a single backslash. These commands will only run on _their_ homeserver, even if they are a member of another homeserver's admin room. Some sensitive commands cannot be used outside the admin room and will return an error.
+* All commands listed here may be used in the server's console, if it is enabled. Commands entered in the console do not require the `!admin` prefix.
+
+## Categories
+
+- [`!admin appservices`](appservices/): Commands for managing appservices
+- [`!admin users`](users/): Commands for managing local users
+- [`!admin token`](token/): Commands for managing registration tokens
+- [`!admin rooms`](rooms/): Commands for managing rooms
+- [`!admin federation`](federation/): Commands for managing federation
+- [`!admin server`](server/): Commands for managing the server
+- [`!admin media`](media/): Commands for managing media
+- [`!admin check`](check/): Commands for checking integrity
+- [`!admin debug`](debug/): Commands for debugging things
+- [`!admin query`](query/): Low-level queries for database getters and iterators

docs/reference/admin/media.md

@@ -0,0 +1,38 @@
+<!-- This file is generated by `cargo xtask generate-docs`. Do not edit. -->
+# `!admin media`
+
+Commands for managing media
+
+
+## `!admin media delete`
+
+Deletes a single media file from our database and on the filesystem via a single MXC URL or event ID (not redacted)
+
+## `!admin media delete-list`
+
+Deletes a codeblock list of MXC URLs from our database and on the filesystem. This will always ignore errors
+
+## `!admin media delete-past-remote-media`
+
+Deletes all remote (and optionally local) media created before/after
+[duration] ago, using filesystem metadata first created at date, or
+fallback to last modified date. This will always ignore errors by
+default.
+
+* Examples:
+  * Delete all remote media older than a year:
+
+    `!admin media delete-past-remote-media -b 1y`
+
+  * Delete all remote and local media from 3 days ago, up until now:
+
+    `!admin media delete-past-remote-media -a 3d
+-yes-i-want-to-delete-local-media`
+
+## `!admin media delete-all-from-user`
+
+Deletes all the local media from a local user on our server. This will always ignore errors by default
+
+## `!admin media delete-all-from-server`
+
+Deletes all remote media from the specified remote server. This will always ignore errors by default

docs/reference/admin/query.md

@@ -0,0 +1,181 @@
+<!-- This file is generated by `cargo xtask generate-docs`. Do not edit. -->
+# `!admin query`
+
+Low-level queries for database getters and iterators
+
+
+## `!admin query account-data`
+
+account_data.rs iterators and getters
+
+### `!admin query account-data changes-since`
+
+Returns all changes to the account data that happened after `since`
+
+### `!admin query account-data account-data-get`
+
+Searches the account data for a specific kind
+
+## `!admin query appservice`
+
+appservice.rs iterators and getters
+
+### `!admin query appservice get-registration`
+
+Gets the appservice registration info/details from the ID as a string
+
+### `!admin query appservice all`
+
+Gets all appservice registrations with their ID and registration info
+
+## `!admin query presence`
+
+presence.rs iterators and getters
+
+### `!admin query presence get-presence`
+
+Returns the latest presence event for the given user
+
+### `!admin query presence presence-since`
+
+Iterator of the most recent presence updates that happened after the event with id `since`
+
+## `!admin query room-alias`
+
+rooms/alias.rs iterators and getters
+
+### `!admin query room-alias local-aliases-for-room`
+
+Iterator of all our local room aliases for the room ID
+
+### `!admin query room-alias all-local-aliases`
+
+Iterator of all our local aliases in our database with their room IDs
+
+## `!admin query room-state-cache`
+
+rooms/state_cache iterators and getters
+
+## `!admin query room-timeline`
+
+rooms/timeline iterators and getters
+
+## `!admin query globals`
+
+globals.rs iterators and getters
+
+### `!admin query globals signing-keys-for`
+
+This returns an empty `Ok(BTreeMap<..>)` when there are no keys found for the server
+
+## `!admin query sending`
+
+sending.rs iterators and getters
+
+### `!admin query sending active-requests`
+
+Queries database for all `servercurrentevent_data`
+
+### `!admin query sending active-requests-for`
+
+Queries database for `servercurrentevent_data` but for a specific destination
+
+This command takes only *one* format of these arguments:
+
+appservice_id server_name user_id AND push_key
+
+See src/service/sending/mod.rs for the definition of the `Destination` enum
+
+### `!admin query sending queued-requests`
+
+Queries database for `servernameevent_data` which are the queued up requests that will eventually be sent
+
+This command takes only *one* format of these arguments:
+
+appservice_id server_name user_id AND push_key
+
+See src/service/sending/mod.rs for the definition of the `Destination` enum
+
+## `!admin query users`
+
+users.rs iterators and getters
+
+## `!admin query resolver`
+
+resolver service
+
+### `!admin query resolver destinations-cache`
+
+Query the destinations cache
+
+### `!admin query resolver overrides-cache`
+
+Query the overrides cache
+
+## `!admin query pusher`
+
+pusher service
+
+### `!admin query pusher get-pushers`
+
+Returns all the pushers for the user
+
+## `!admin query short`
+
+short service
+
+## `!admin query raw`
+
+raw service
+
+### `!admin query raw raw-maps`
+
+List database maps
+
+### `!admin query raw raw-get`
+
+Raw database query
+
+### `!admin query raw raw-del`
+
+Raw database delete (for string keys)
+
+### `!admin query raw raw-keys`
+
+Raw database keys iteration
+
+### `!admin query raw raw-keys-sizes`
+
+Raw database key size breakdown
+
+### `!admin query raw raw-keys-total`
+
+Raw database keys total bytes
+
+### `!admin query raw raw-vals-sizes`
+
+Raw database values size breakdown
+
+### `!admin query raw raw-vals-total`
+
+Raw database values total bytes
+
+### `!admin query raw raw-iter`
+
+Raw database items iteration
+
+### `!admin query raw raw-keys-from`
+
+Raw database keys iteration
+
+### `!admin query raw raw-iter-from`
+
+Raw database items iteration
+
+### `!admin query raw raw-count`
+
+Raw database record count
+
+### `!admin query raw compact`
+
+Compact database

docs/reference/admin/rooms.md

@@ -0,0 +1,83 @@
+<!-- This file is generated by `cargo xtask generate-docs`. Do not edit. -->
+# `!admin rooms`
+
+Commands for managing rooms
+
+
+## `!admin rooms list-rooms`
+
+List all rooms the server knows about
+
+## `!admin rooms info`
+
+View information about a room we know about
+
+### `!admin rooms info list-joined-members`
+
+List joined members in a room
+
+### `!admin rooms info view-room-topic`
+
+Displays room topic
+
+Room topics can be huge, so this is in its own separate command
+
+## `!admin rooms moderation`
+
+Manage moderation of remote or local rooms
+
+### `!admin rooms moderation ban-room`
+
+Bans a room from local users joining and evicts all our local users (including server admins) from the room. Also blocks any invites (local and remote) for the banned room, and disables federation entirely with it
+
+### `!admin rooms moderation ban-list-of-rooms`
+
+Bans a list of rooms (room IDs and room aliases) from a newline delimited codeblock similar to `user deactivate-all`. Applies the same steps as ban-room
+
+### `!admin rooms moderation unban-room`
+
+Unbans a room to allow local users to join again
+
+### `!admin rooms moderation list-banned-rooms`
+
+List of all rooms we have banned
+
+## `!admin rooms alias`
+
+Manage rooms' aliases
+
+### `!admin rooms alias set`
+
+Make an alias point to a room
+
+### `!admin rooms alias remove`
+
+Remove a local alias
+
+### `!admin rooms alias which`
+
+Show which room is using an alias
+
+### `!admin rooms alias list`
+
+List aliases currently being used
+
+## `!admin rooms directory`
+
+Manage the room directory
+
+### `!admin rooms directory publish`
+
+Publish a room to the room directory
+
+### `!admin rooms directory unpublish`
+
+Unpublish a room to the room directory
+
+### `!admin rooms directory list`
+
+List rooms that are published
+
+## `!admin rooms exists`
+
+Check if we know about a room

docs/reference/admin/server.md

@@ -0,0 +1,49 @@
+<!-- This file is generated by `cargo xtask generate-docs`. Do not edit. -->
+# `!admin server`
+
+Commands for managing the server
+
+
+## `!admin server uptime`
+
+Time elapsed since startup
+
+## `!admin server show-config`
+
+Show configuration values
+
+## `!admin server reload-config`
+
+Reload configuration values
+
+## `!admin server memory-usage`
+
+Print database memory usage statistics
+
+## `!admin server clear-caches`
+
+Clears all of Continuwuity's caches
+
+## `!admin server backup-database`
+
+Performs an online backup of the database (only available for RocksDB at the moment)
+
+## `!admin server list-backups`
+
+List database backups
+
+## `!admin server admin-notice`
+
+Send a message to the admin room
+
+## `!admin server reload-mods`
+
+Hot-reload the server
+
+## `!admin server restart`
+
+Restart the server
+
+## `!admin server shutdown`
+
+Shutdown the server

docs/reference/admin/token.md

@@ -0,0 +1,17 @@
+<!-- This file is generated by `cargo xtask generate-docs`. Do not edit. -->
+# `!admin token`
+
+Commands for managing registration tokens
+
+
+## `!admin token issue`
+
+Issue a new registration token
+
+## `!admin token revoke`
+
+Revoke a registration token
+
+## `!admin token list`
+
+List all registration tokens

docs/reference/admin/users.md

@@ -0,0 +1,141 @@
+<!-- This file is generated by `cargo xtask generate-docs`. Do not edit. -->
+# `!admin users`
+
+Commands for managing local users
+
+
+## `!admin users create-user`
+
+Create a new user
+
+## `!admin users reset-password`
+
+Reset user password
+
+## `!admin users deactivate`
+
+Deactivate a user
+
+User will be removed from all rooms by default. Use --no-leave-rooms to not leave all rooms by default.
+
+## `!admin users deactivate-all`
+
+Deactivate a list of users
+
+Recommended to use in conjunction with list-local-users.
+
+Users will be removed from joined rooms by default.
+
+Can be overridden with --no-leave-rooms.
+
+Removing a mass amount of users from a room may cause a significant amount of leave events. The time to leave rooms may depend significantly on joined rooms and servers.
+
+This command needs a newline separated list of users provided in a Markdown code block below the command.
+
+## `!admin users logout`
+
+Forcefully log a user out of all of their devices.
+
+This will invalidate all access tokens for the specified user, effectively logging them out from all sessions. Note that this is destructive and may result in data loss for the user, such as encryption keys. Use with caution. Can only be used in the admin room.
+
+## `!admin users suspend`
+
+Suspend a user
+
+Suspended users are able to log in, sync, and read messages, but are not able to send events nor redact them, cannot change their profile, and are unable to join, invite to, or knock on rooms.
+
+Suspended users can still leave rooms and deactivate their account. Suspending them effectively makes them read-only.
+
+## `!admin users unsuspend`
+
+Unsuspend a user
+
+Reverses the effects of the `suspend` command, allowing the user to send messages, change their profile, create room invites, etc.
+
+## `!admin users lock`
+
+Lock a user
+
+Locked users are unable to use their accounts beyond logging out. This is akin to a temporary deactivation that does not change the user's password. This can be used to quickly prevent a user from accessing their account.
+
+## `!admin users unlock`
+
+Unlock a user
+
+Reverses the effects of the `lock` command, allowing the user to use their account again.
+
+## `!admin users enable-login`
+
+Enable login for a user
+
+## `!admin users disable-login`
+
+Disable login for a user
+
+Disables login for the specified user without deactivating or locking their account. This prevents the user from obtaining new access tokens, but does not invalidate existing sessions.
+
+## `!admin users list-users`
+
+List local users in the database
+
+## `!admin users list-joined-rooms`
+
+Lists all the rooms (local and remote) that the specified user is joined in
+
+## `!admin users force-join-room`
+
+Manually join a local user to a room
+
+## `!admin users force-leave-room`
+
+Manually leave a local user from a room
+
+## `!admin users force-leave-remote-room`
+
+Manually leave a remote room for a local user
+
+## `!admin users force-demote`
+
+Forces the specified user to drop their power levels to the room default, if their permissions allow and the auth check permits
+
+## `!admin users make-user-admin`
+
+Grant server-admin privileges to a user
+
+## `!admin users put-room-tag`
+
+Puts a room tag for the specified user and room ID.
+
+This is primarily useful if you'd like to set your admin room to the special "System Alerts" section in Element as a way to permanently see your admin room without it being buried away in your favourites or rooms. To do this, you would pass your user, your admin room's internal ID, and the tag name `m.server_notice`.
+
+## `!admin users delete-room-tag`
+
+Deletes the room tag for the specified user and room ID
+
+## `!admin users get-room-tags`
+
+Gets all the room tags for the specified user and room ID
+
+## `!admin users redact-event`
+
+Attempts to forcefully redact the specified event ID from the sender user
+
+This is only valid for local users
+
+## `!admin users force-join-list-of-local-users`
+
+Force joins a specified list of local users to join the specified room.
+
+Specify a codeblock of usernames.
+
+At least 1 server admin must be in the room to reduce abuse.
+
+Requires the `--yes-i-want-to-do-this` flag.
+
+## `!admin users force-join-all-local-users`
+
+Force joins all local users to the specified room.
+
+At least 1 server admin must be in the room to reduce abuse.
+
+Requires the `--yes-i-want-to-do-this` flag.

docs/reference/server.mdx

@@ -1,21 +0,0 @@
-# Command-Line Help for `continuwuity`
-
-This document contains the help content for the `continuwuity` command-line program.
-
-**Command Overview:**
-
-* [`continuwuity`↴](#continuwuity)
-
-## `continuwuity`
-
-A Matrix homeserver written in Rust, the official continuation of the conduwuit homeserver.
-
-**Usage:** `continuwuity [OPTIONS]`
-
-###### **Options:**
-
-* `-c`, `--config <CONFIG>` — Path to the config TOML file (optional)
-* `-O`, `--option <OPTION>` — Override a configuration variable using TOML 'key=value' syntax
-* `--read-only` — Run in a stricter read-only --maintenance mode
-* `--maintenance` — Run in maintenance mode while refusing connections
-* `--execute <EXECUTE>` — Execute console command automatically after startup

package-lock.json

@@ -47,7 +47,6 @@
       "integrity": "sha512-e7jT4DxYvIDLk1ZHmU/m/mB19rex9sv0c2ftBtjSBv+kVM/902eh0fINUzD7UwLLNR+jU585GxUJ8/EBfAM5fw==",
       "dev": true,
       "license": "MIT",
-      "peer": true,
       "dependencies": {
         "@babel/code-frame": "^7.27.1",
         "@babel/generator": "^7.28.5",
@@ -714,9 +713,9 @@
       }
     },
     "node_modules/@remix-run/router": {
-      "version": "1.23.1",
-      "resolved": "https://registry.npmjs.org/@remix-run/router/-/router-1.23.1.tgz",
-      "integrity": "sha512-vDbaOzF7yT2Qs4vO6XV1MHcJv+3dgR1sT+l3B8xxOVhUC336prMvqrvsLL/9Dnw2xr6Qhz4J0dmS0llNAbnUmQ==",
+      "version": "1.23.2",
+      "resolved": "https://registry.npmjs.org/@remix-run/router/-/router-1.23.2.tgz",
+      "integrity": "sha512-Ic6m2U/rMjTkhERIa/0ZtXJP17QUi2CbWE7cqx4J58M8aA3QTfW+2UlQ4psvTX9IO1RfNVhK3pcpdjej7L+t2w==",
       "dev": true,
       "license": "MIT",
       "engines": {
@@ -729,7 +728,6 @@
       "integrity": "sha512-wf41bbFIzqQsGkrDal2eVC4cxN6II1k4bUo1g7OFuvWeEOJzjoeK4R5xxKM9g5hRjbGAJs6OiQaGpASvUnDrsw==",
       "dev": true,
       "license": "MIT",
-      "peer": true,
       "dependencies": {
         "@rspack/core": "1.6.5",
         "@rspack/lite-tapable": "~1.1.0",
@@ -989,16 +987,6 @@
       "dev": true,
       "license": "MIT"
     },
-    "node_modules/@rspack/lite-tapable": {
-      "version": "1.0.1",
-      "resolved": "https://registry.npmjs.org/@rspack/lite-tapable/-/lite-tapable-1.0.1.tgz",
-      "integrity": "sha512-VynGOEsVw2s8TAlLf/uESfrgfrq2+rcXB1muPJYBWbsm1Oa6r5qVQhjA5ggM6z/coYPrsVMgovl3Ff7Q7OCp1w==",
-      "dev": true,
-      "license": "MIT",
-      "engines": {
-        "node": ">=16.0.0"
-      }
-    },
     "node_modules/@rspack/plugin-react-refresh": {
       "version": "1.5.3",
       "resolved": "https://registry.npmjs.org/@rspack/plugin-react-refresh/-/plugin-react-refresh-1.5.3.tgz",
@@ -1025,7 +1013,6 @@
       "integrity": "sha512-vYbHDoAy7fjQC8hYM4rRgkrsN48CZNSFpD1WEr6lZGXDQcWWrrpFjWw3LK2OQ04bZ0OXZeqapP2rgg/jTyPaZA==",
       "dev": true,
       "license": "MIT",
-      "peer": true,
       "dependencies": {
         "@mdx-js/mdx": "^3.1.1",
         "@mdx-js/react": "^3.1.1",
@@ -1288,7 +1275,6 @@
       "integrity": "sha512-m93nmR0iY3N9Y+9Xi2xCA0NfDnTZVYauJl2SJ9bqRhJmxFHAbWe5f4Ik3VI0gK1g3lvfQ3eBpZihkpUtxCJFBw==",
       "dev": true,
       "license": "MIT",
-      "peer": true,
       "dependencies": {
         "@rspress/shared": "2.0.0-rc.1",
         "@unhead/react": "^2.0.19",
@@ -1423,7 +1409,6 @@
       "integrity": "sha512-5IKx/Y13RsYd+sauPb2x+U/xZikHjolzfuDgTAl/Tdf3Q8rslRvC19NKDLgAJQ6wsqADk10ntlv08nPFw/gO/A==",
       "dev": true,
       "license": "Apache-2.0",
-      "peer": true,
       "dependencies": {
         "tslib": "^2.8.0"
       }
@@ -1592,7 +1577,6 @@
       "integrity": "sha512-NZyJarBfL7nWwIq+FDL6Zp/yHEhePMNnnJ0y3qfieCrmNvYct8uvtiV41UvlSe6apAfk0fY1FbWx+NwfmpvtTg==",
       "dev": true,
       "license": "MIT",
-      "peer": true,
       "bin": {
         "acorn": "bin/acorn"
       },
@@ -1774,7 +1758,6 @@
         }
       ],
       "license": "MIT",
-      "peer": true,
       "dependencies": {
         "baseline-browser-mapping": "^2.8.25",
         "caniuse-lite": "^1.0.30001754",
@@ -1973,7 +1956,8 @@
       "resolved": "https://registry.npmjs.org/csstype/-/csstype-3.2.3.tgz",
       "integrity": "sha512-z1HGKcYy2xA8AGQfwrn0PAy+PB7X/GSj3UVJW9qKyn43xWa+gl5nXmU4qqLMRzWVLFC8KusUX8T/0kCiOYpAIQ==",
       "dev": true,
-      "license": "MIT"
+      "license": "MIT",
+      "peer": true
     },
     "node_modules/debug": {
       "version": "4.4.3",
@@ -3260,9 +3244,9 @@
       }
     },
     "node_modules/mdast-util-to-hast": {
-      "version": "13.2.0",
-      "resolved": "https://registry.npmjs.org/mdast-util-to-hast/-/mdast-util-to-hast-13.2.0.tgz",
-      "integrity": "sha512-QGYKEuUsYT9ykKBCMOEDLsU5JRObWQusAolFMeko/tYPufNkRffBAQjIE+99jbA87xv6FgmjLtwjh9wBWajwAA==",
+      "version": "13.2.1",
+      "resolved": "https://registry.npmjs.org/mdast-util-to-hast/-/mdast-util-to-hast-13.2.1.tgz",
+      "integrity": "sha512-cctsq2wp5vTsLIcaymblUriiTcZd0CwWtCbLvrOzYCDZoWyMNV8sZ7krj09FSnsiJi3WVsHLM4k6Dq/yaPyCXA==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
@@ -4250,7 +4234,6 @@
       "integrity": "sha512-tmbWg6W31tQLeB5cdIBOicJDJRR2KzXsV7uSK9iNfLWQ5bIZfxuPEHp7M8wiHyHnn0DD1i7w3Zmin0FtkrwoCQ==",
       "dev": true,
       "license": "MIT",
-      "peer": true,
       "engines": {
         "node": ">=0.10.0"
       }
@@ -4261,7 +4244,6 @@
       "integrity": "sha512-UlbRu4cAiGaIewkPyiRGJk0imDN2T3JjieT6spoL2UeSf5od4n5LB/mQ4ejmxhCFT1tYe8IvaFulzynWovsEFQ==",
       "dev": true,
       "license": "MIT",
-      "peer": true,
       "dependencies": {
         "scheduler": "^0.27.0"
       },
@@ -4298,19 +4280,18 @@
       "integrity": "sha512-QgT5//D3jfjJb6Gsjxv0Slpj23ip+HtOpnNgnb2S5zU3CB26G/IDPGoy4RJB42wzFE46DRsstbW6tKHoKbhAxw==",
       "dev": true,
       "license": "MIT",
-      "peer": true,
       "engines": {
         "node": ">=0.10.0"
       }
     },
     "node_modules/react-router": {
-      "version": "6.30.2",
-      "resolved": "https://registry.npmjs.org/react-router/-/react-router-6.30.2.tgz",
-      "integrity": "sha512-H2Bm38Zu1bm8KUE5NVWRMzuIyAV8p/JrOaBJAwVmp37AXG72+CZJlEBw6pdn9i5TBgLMhNDgijS4ZlblpHyWTA==",
+      "version": "6.30.3",
+      "resolved": "https://registry.npmjs.org/react-router/-/react-router-6.30.3.tgz",
+      "integrity": "sha512-XRnlbKMTmktBkjCLE8/XcZFlnHvr2Ltdr1eJX4idL55/9BbORzyZEaIkBFDhFGCEWBBItsVrDxwx3gnisMitdw==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
-        "@remix-run/router": "1.23.1"
+        "@remix-run/router": "1.23.2"
       },
       "engines": {
         "node": ">=14.0.0"
@@ -4320,15 +4301,14 @@
       }
     },
     "node_modules/react-router-dom": {
-      "version": "6.30.2",
-      "resolved": "https://registry.npmjs.org/react-router-dom/-/react-router-dom-6.30.2.tgz",
-      "integrity": "sha512-l2OwHn3UUnEVUqc6/1VMmR1cvZryZ3j3NzapC2eUXO1dB0sYp5mvwdjiXhpUbRb21eFow3qSxpP8Yv6oAU824Q==",
+      "version": "6.30.3",
+      "resolved": "https://registry.npmjs.org/react-router-dom/-/react-router-dom-6.30.3.tgz",
+      "integrity": "sha512-pxPcv1AczD4vso7G4Z3TKcvlxK7g7TNt3/FNGMhfqyntocvYKj+GCatfigGDjbLozC4baguJ0ReCigoDJXb0ag==",
       "dev": true,
       "license": "MIT",
-      "peer": true,
       "dependencies": {
-        "@remix-run/router": "1.23.1",
-        "react-router": "6.30.2"
+        "@remix-run/router": "1.23.2",
+        "react-router": "6.30.3"
       },
       "engines": {
         "node": ">=14.0.0"
@@ -4663,6 +4643,7 @@
       "integrity": "sha512-16OL3NnUBw8JG1jBLUoZJsLnQq0n5Ua6aHalhJK4fMQkz1lqR7Osz1sA30trBtd9VUDc2NgkuRCn8+/pBwqZ+w==",
       "dev": true,
       "license": "MIT",
+      "peer": true,
       "engines": {
         "node": ">=10"
       },
@@ -4836,7 +4817,6 @@
       "integrity": "sha512-5gTmgEY/sqK6gFXLIsQNH19lWb4ebPDLA4SdLP7dsWkIXHWlG66oPuVvXSGFPppYZz8ZDZq0dYYrbHfBCVUb1Q==",
       "dev": true,
       "license": "MIT",
-      "peer": true,
       "engines": {
         "node": ">=12"
       },

release.toml

@@ -1 +1,8 @@
 tag-message = "chore: Release v{{version}}"
+tag-prefix = ""
+shared-version = true
+
+publish = false
+
+sign-commit = true
+sign-tag = true

rspress.config.ts

@@ -54,6 +54,9 @@ export default defineConfig({
         }, {
             from: '/server_reference',
             to: '/reference/server'
+        }, {
+            from: '/community$',
+            to: '/community/guidelines'
         }
         ]
     })],

src/admin/Cargo.toml

@@ -87,7 +87,6 @@ serde-saphyr.workspace = true
 tokio.workspace = true
 tracing-subscriber.workspace = true
 tracing.workspace = true
-ctor.workspace = true
 
 [lints]
 workspace = true

src/admin/admin.rs

@@ -19,43 +19,43 @@
 #[command(name = conduwuit_core::name(), version = conduwuit_core::version())]
 pub enum AdminCommand {
 	#[command(subcommand)]
-	/// - Commands for managing appservices
+	/// Commands for managing appservices
 	Appservices(AppserviceCommand),
 
 	#[command(subcommand)]
-	/// - Commands for managing local users
+	/// Commands for managing local users
 	Users(UserCommand),
 
 	#[command(subcommand)]
-	/// - Commands for managing registration tokens
+	/// Commands for managing registration tokens
 	Token(TokenCommand),
 
 	#[command(subcommand)]
-	/// - Commands for managing rooms
+	/// Commands for managing rooms
 	Rooms(RoomCommand),
 
 	#[command(subcommand)]
-	/// - Commands for managing federation
+	/// Commands for managing federation
 	Federation(FederationCommand),
 
 	#[command(subcommand)]
-	/// - Commands for managing the server
+	/// Commands for managing the server
 	Server(ServerCommand),
 
 	#[command(subcommand)]
-	/// - Commands for managing media
+	/// Commands for managing media
 	Media(MediaCommand),
 
 	#[command(subcommand)]
-	/// - Commands for checking integrity
+	/// Commands for checking integrity
 	Check(CheckCommand),
 
 	#[command(subcommand)]
-	/// - Commands for debugging things
+	/// Commands for debugging things
 	Debug(DebugCommand),
 
 	#[command(subcommand)]
-	/// - Low-level queries for database getters and iterators
+	/// Low-level queries for database getters and iterators
 	Query(QueryCommand),
 }
 

src/admin/appservice/mod.rs

@@ -8,7 +8,7 @@
 #[derive(Debug, Subcommand)]
 #[admin_command_dispatch]
 pub enum AppserviceCommand {
-	/// - Register an appservice using its registration YAML
+	/// Register an appservice using its registration YAML
 	///
 	/// This command needs a YAML generated by an appservice (such as a bridge),
 	/// which must be provided in a Markdown code block below the command.
@@ -17,7 +17,7 @@ pub enum AppserviceCommand {
 	/// the old one.
 	Register,
 
-	/// - Unregister an appservice using its ID
+	/// Unregister an appservice using its ID
 	///
 	/// You can find the ID using the `list-appservices` command.
 	Unregister {
@@ -25,7 +25,7 @@ pub enum AppserviceCommand {
 		appservice_identifier: String,
 	},
 
-	/// - Show an appservice's config using its ID
+	/// Show an appservice's config using its ID
 	///
 	/// You can find the ID using the `list-appservices` command.
 	#[clap(alias("show"))]
@@ -34,7 +34,7 @@ pub enum AppserviceCommand {
 		appservice_identifier: String,
 	},
 
-	/// - List all the currently registered appservices
+	/// List all the currently registered appservices
 	#[clap(alias("list"))]
 	ListRegistered,
 }

src/admin/check/commands.rs

@@ -4,9 +4,6 @@
 
 use crate::Context;
 
-/// Uses the iterator in `src/database/key_value/users.rs` to iterator over
-/// every user in our database (remote and local). Reports total count, any
-/// errors if there were any, etc
 #[implement(Context, params = "<'_>")]
 pub(super) async fn check_all_users(&self) -> Result {
 	let timer = tokio::time::Instant::now();

src/admin/check/mod.rs

@@ -8,5 +8,8 @@
 #[admin_command_dispatch]
 #[derive(Debug, Subcommand)]
 pub enum CheckCommand {
+	/// Uses the iterator in `src/database/key_value/users.rs` to iterator over
+	/// every user in our database (remote and local). Reports total count, any
+	/// errors if there were any, etc
 	CheckAllUsers,
 }

src/admin/debug/commands.rs

@@ -819,32 +819,6 @@ pub(super) async fn time(&self) -> Result {
 	self.write_str(&now).await
 }
 
-#[admin_command]
-pub(super) async fn list_dependencies(&self, names: bool) -> Result {
-	if names {
-		let out = info::cargo::dependencies_names().join(" ");
-		return self.write_str(&out).await;
-	}
-
-	let mut out = String::new();
-	let deps = info::cargo::dependencies();
-	writeln!(out, "| name | version | features |")?;
-	writeln!(out, "| ---- | ------- | -------- |")?;
-	for (name, dep) in deps {
-		let version = dep.try_req().unwrap_or("*");
-		let feats = dep.req_features();
-		let feats = if !feats.is_empty() {
-			feats.join(" ")
-		} else {
-			String::new()
-		};
-
-		writeln!(out, "| {name} | {version} | {feats} |")?;
-	}
-
-	self.write_str(&out).await
-}
-
 #[admin_command]
 pub(super) async fn database_stats(
 	&self,

src/admin/debug/mod.rs

@@ -12,18 +12,18 @@
 #[admin_command_dispatch]
 #[derive(Debug, Subcommand)]
 pub enum DebugCommand {
-	/// - Echo input of admin command
+	/// Echo input of admin command
 	Echo {
 		message: Vec<String>,
 	},
 
-	/// - Get the auth_chain of a PDU
+	/// Get the auth_chain of a PDU
 	GetAuthChain {
 		/// An event ID (the $ character followed by the base64 reference hash)
 		event_id: OwnedEventId,
 	},
 
-	/// - Parse and print a PDU from a JSON
+	/// Parse and print a PDU from a JSON
 	///
 	/// The PDU event is only checked for validity and is not added to the
 	/// database.
@@ -32,13 +32,13 @@ pub enum DebugCommand {
 	/// the command.
 	ParsePdu,
 
-	/// - Retrieve and print a PDU by EventID from the Continuwuity database
+	/// Retrieve and print a PDU by EventID from the Continuwuity database
 	GetPdu {
 		/// An event ID (a $ followed by the base64 reference hash)
 		event_id: OwnedEventId,
 	},
 
-	/// - Retrieve and print a PDU by PduId from the Continuwuity database
+	/// Retrieve and print a PDU by PduId from the Continuwuity database
 	GetShortPdu {
 		/// Shortroomid integer
 		shortroomid: ShortRoomId,
@@ -47,7 +47,7 @@ pub enum DebugCommand {
 		shorteventid: ShortEventId,
 	},
 
-	/// - Attempts to retrieve a PDU from a remote server. **Does not** insert
+	/// Attempts to retrieve a PDU from a remote server. **Does not** insert
 	///   it into the database
 	/// or persist it anywhere.
 	GetRemotePdu {
@@ -59,7 +59,7 @@ pub enum DebugCommand {
 		server: OwnedServerName,
 	},
 
-	/// - Same as `get-remote-pdu` but accepts a codeblock newline delimited
+	/// Same as `get-remote-pdu` but accepts a codeblock newline delimited
 	///   list of PDUs and a single server to fetch from
 	GetRemotePduList {
 		/// Argument for us to attempt to fetch all the events from the
@@ -71,7 +71,7 @@ pub enum DebugCommand {
 		force: bool,
 	},
 
-	/// - Gets all the room state events for the specified room.
+	/// Gets all the room state events for the specified room.
 	///
 	/// This is functionally equivalent to `GET
 	/// /_matrix/client/v3/rooms/{roomid}/state`, except the admin command does
@@ -86,7 +86,7 @@ pub enum DebugCommand {
 		room_id: OwnedRoomOrAliasId,
 	},
 
-	/// - Get and display signing keys from local cache or remote server.
+	/// Get and display signing keys from local cache or remote server.
 	GetSigningKeys {
 		server_name: Option<OwnedServerName>,
 
@@ -97,23 +97,23 @@ pub enum DebugCommand {
 		query: bool,
 	},
 
-	/// - Get and display signing keys from local cache or remote server.
+	/// Get and display signing keys from local cache or remote server.
 	GetVerifyKeys {
 		server_name: Option<OwnedServerName>,
 	},
 
-	/// - Sends a federation request to the remote server's
+	/// Sends a federation request to the remote server's
 	///   `/_matrix/federation/v1/version` endpoint and measures the latency it
 	///   took for the server to respond
 	Ping {
 		server: OwnedServerName,
 	},
 
-	/// - Forces device lists for all local and remote users to be updated (as
+	/// Forces device lists for all local and remote users to be updated (as
 	///   having new keys available)
 	ForceDeviceListUpdates,
 
-	/// - Change tracing log level/filter on the fly
+	/// Change tracing log level/filter on the fly
 	///
 	/// This accepts the same format as the `log` config option.
 	ChangeLogLevel {
@@ -125,34 +125,34 @@ pub enum DebugCommand {
 		reset: bool,
 	},
 
-	/// - Verify JSON signatures
+	/// Verify JSON signatures
 	///
 	/// This command needs a JSON blob provided in a Markdown code block below
 	/// the command.
 	VerifyJson,
 
-	/// - Verify PDU
+	/// Verify PDU
 	///
 	/// This re-verifies a PDU existing in the database found by ID.
 	VerifyPdu {
 		event_id: OwnedEventId,
 	},
 
-	/// - Prints the very first PDU in the specified room (typically
+	/// Prints the very first PDU in the specified room (typically
 	///   m.room.create)
 	FirstPduInRoom {
 		/// The room ID
 		room_id: OwnedRoomId,
 	},
 
-	/// - Prints the latest ("last") PDU in the specified room (typically a
+	/// Prints the latest ("last") PDU in the specified room (typically a
 	///   message)
 	LatestPduInRoom {
 		/// The room ID
 		room_id: OwnedRoomId,
 	},
 
-	/// - Forcefully replaces the room state of our local copy of the specified
+	/// Forcefully replaces the room state of our local copy of the specified
 	///   room, with the copy (auth chain and room state events) the specified
 	///   remote server says.
 	///
@@ -176,7 +176,7 @@ pub enum DebugCommand {
 		event_id: Option<OwnedEventId>,
 	},
 
-	/// - Runs a server name through Continuwuity's true destination resolution
+	/// Runs a server name through Continuwuity's true destination resolution
 	///   process
 	///
 	/// Useful for debugging well-known issues
@@ -187,7 +187,7 @@ pub enum DebugCommand {
 		no_cache: bool,
 	},
 
-	/// - Print extended memory usage
+	/// Print extended memory usage
 	///
 	/// Optional argument is a character mask (a sequence of characters in any
 	/// order) which enable additional extended statistics. Known characters are
@@ -196,23 +196,17 @@ pub enum DebugCommand {
 		opts: Option<String>,
 	},
 
-	/// - Print general tokio runtime metric totals.
+	/// Print general tokio runtime metric totals.
 	RuntimeMetrics,
 
-	/// - Print detailed tokio runtime metrics accumulated since last command
+	/// Print detailed tokio runtime metrics accumulated since last command
 	///   invocation.
 	RuntimeInterval,
 
-	/// - Print the current time
+	/// Print the current time
 	Time,
 
-	/// - List dependencies
-	ListDependencies {
-		#[arg(short, long)]
-		names: bool,
-	},
-
-	/// - Get database statistics
+	/// Get database statistics
 	DatabaseStats {
 		property: Option<String>,
 
@@ -220,10 +214,10 @@ pub enum DebugCommand {
 		map: Option<String>,
 	},
 
-	/// - Trim memory usage
+	/// Trim memory usage
 	TrimMemory,
 
-	/// - List database files
+	/// List database files
 	DatabaseFiles {
 		map: Option<String>,
 
@@ -231,7 +225,7 @@ pub enum DebugCommand {
 		level: Option<i32>,
 	},
 
-	/// - Developer test stubs
+	/// Developer test stubs
 	#[command(subcommand)]
 	#[allow(non_snake_case)]
 	#[clap(hide(true))]

src/admin/federation/mod.rs

@@ -9,20 +9,20 @@
 #[admin_command_dispatch]
 #[derive(Debug, Subcommand)]
 pub enum FederationCommand {
-	/// - List all rooms we are currently handling an incoming pdu from
+	/// List all rooms we are currently handling an incoming pdu from
 	IncomingFederation,
 
-	/// - Disables incoming federation handling for a room.
+	/// Disables incoming federation handling for a room.
 	DisableRoom {
 		room_id: OwnedRoomId,
 	},
 
-	/// - Enables incoming federation handling for a room again.
+	/// Enables incoming federation handling for a room again.
 	EnableRoom {
 		room_id: OwnedRoomId,
 	},
 
-	/// - Fetch `/.well-known/matrix/support` from the specified server
+	/// Fetch `/.well-known/matrix/support` from the specified server
 	///
 	/// Despite the name, this is not a federation endpoint and does not go
 	/// through the federation / server resolution process as per-spec this is
@@ -35,7 +35,7 @@ pub enum FederationCommand {
 		server_name: OwnedServerName,
 	},
 
-	/// - Lists all the rooms we share/track with the specified *remote* user
+	/// Lists all the rooms we share/track with the specified *remote* user
 	RemoteUserInRooms {
 		user_id: OwnedUserId,
 	},

src/admin/media/mod.rs

@@ -10,20 +10,20 @@
 #[admin_command_dispatch]
 #[derive(Debug, Subcommand)]
 pub enum MediaCommand {
-	/// - Deletes a single media file from our database and on the filesystem
+	/// Deletes a single media file from our database and on the filesystem
 	///   via a single MXC URL or event ID (not redacted)
 	Delete {
 		/// The MXC URL to delete
 		#[arg(long)]
 		mxc: Option<OwnedMxcUri>,
 
-		/// - The message event ID which contains the media and thumbnail MXC
+		/// The message event ID which contains the media and thumbnail MXC
 		///   URLs
 		#[arg(long)]
 		event_id: Option<OwnedEventId>,
 	},
 
-	/// - Deletes a codeblock list of MXC URLs from our database and on the
+	/// Deletes a codeblock list of MXC URLs from our database and on the
 	///   filesystem. This will always ignore errors.
 	DeleteList,
 
@@ -40,33 +40,33 @@ pub enum MediaCommand {
 	///   * Delete all remote and local media from 3 days ago, up until now:
 	///
 	///     `!admin media delete-past-remote-media -a 3d
-	/// --yes-i-want-to-delete-local-media`
+	///-yes-i-want-to-delete-local-media`
 	#[command(verbatim_doc_comment)]
 	DeletePastRemoteMedia {
-		/// - The relative time (e.g. 30s, 5m, 7d) from now within which to
+		/// The relative time (e.g. 30s, 5m, 7d) from now within which to
 		///   search
 		duration: String,
 
-		/// - Only delete media created before [duration] ago
+		/// Only delete media created before [duration] ago
 		#[arg(long, short)]
 		before: bool,
 
-		/// - Only delete media created after [duration] ago
+		/// Only delete media created after [duration] ago
 		#[arg(long, short)]
 		after: bool,
 
-		/// - Long argument to additionally delete local media
+		/// Long argument to additionally delete local media
 		#[arg(long)]
 		yes_i_want_to_delete_local_media: bool,
 	},
 
-	/// - Deletes all the local media from a local user on our server. This will
+	/// Deletes all the local media from a local user on our server. This will
 	///   always ignore errors by default.
 	DeleteAllFromUser {
 		username: String,
 	},
 
-	/// - Deletes all remote media from the specified remote server. This will
+	/// Deletes all remote media from the specified remote server. This will
 	///   always ignore errors by default.
 	DeleteAllFromServer {
 		server_name: OwnedServerName,

src/admin/mod.rs

@@ -30,11 +30,8 @@
 
 pub(crate) const PAGE_SIZE: usize = 100;
 
-use ctor::{ctor, dtor};
-
 conduwuit::mod_ctor! {}
 conduwuit::mod_dtor! {}
-conduwuit::rustc_flags_capture! {}
 
 pub use crate::admin::AdminCommand;
 

src/admin/query/account_data.rs

@@ -9,7 +9,7 @@
 #[derive(Debug, Subcommand)]
 /// All the getters and iterators from src/database/key_value/account_data.rs
 pub enum AccountDataCommand {
-	/// - Returns all changes to the account data that happened after `since`.
+	/// Returns all changes to the account data that happened after `since`.
 	ChangesSince {
 		/// Full user ID
 		user_id: OwnedUserId,
@@ -19,7 +19,7 @@ pub enum AccountDataCommand {
 		room_id: Option<OwnedRoomId>,
 	},
 
-	/// - Searches the account data for a specific kind.
+	/// Searches the account data for a specific kind.
 	AccountDataGet {
 		/// Full user ID
 		user_id: OwnedUserId,

src/admin/query/appservice.rs

@@ -7,13 +7,13 @@
 #[derive(Debug, Subcommand)]
 /// All the getters and iterators from src/database/key_value/appservice.rs
 pub enum AppserviceCommand {
-	/// - Gets the appservice registration info/details from the ID as a string
+	/// Gets the appservice registration info/details from the ID as a string
 	GetRegistration {
 		/// Appservice registration ID
 		appservice_id: String,
 	},
 
-	/// - Gets all appservice registrations with their ID and registration info
+	/// Gets all appservice registrations with their ID and registration info
 	All,
 }
 

src/admin/query/globals.rs

@@ -13,7 +13,7 @@ pub enum GlobalsCommand {
 
 	LastCheckForAnnouncementsId,
 
-	/// - This returns an empty `Ok(BTreeMap<..>)` when there are no keys found
+	/// This returns an empty `Ok(BTreeMap<..>)` when there are no keys found
 	///   for the server.
 	SigningKeysFor {
 		origin: OwnedServerName,

src/admin/query/mod.rs

@@ -28,55 +28,55 @@
 #[derive(Debug, Subcommand)]
 /// Query tables from database
 pub enum QueryCommand {
-	/// - account_data.rs iterators and getters
+	/// account_data.rs iterators and getters
 	#[command(subcommand)]
 	AccountData(AccountDataCommand),
 
-	/// - appservice.rs iterators and getters
+	/// appservice.rs iterators and getters
 	#[command(subcommand)]
 	Appservice(AppserviceCommand),
 
-	/// - presence.rs iterators and getters
+	/// presence.rs iterators and getters
 	#[command(subcommand)]
 	Presence(PresenceCommand),
 
-	/// - rooms/alias.rs iterators and getters
+	/// rooms/alias.rs iterators and getters
 	#[command(subcommand)]
 	RoomAlias(RoomAliasCommand),
 
-	/// - rooms/state_cache iterators and getters
+	/// rooms/state_cache iterators and getters
 	#[command(subcommand)]
 	RoomStateCache(RoomStateCacheCommand),
 
-	/// - rooms/timeline iterators and getters
+	/// rooms/timeline iterators and getters
 	#[command(subcommand)]
 	RoomTimeline(RoomTimelineCommand),
 
-	/// - globals.rs iterators and getters
+	/// globals.rs iterators and getters
 	#[command(subcommand)]
 	Globals(GlobalsCommand),
 
-	/// - sending.rs iterators and getters
+	/// sending.rs iterators and getters
 	#[command(subcommand)]
 	Sending(SendingCommand),
 
-	/// - users.rs iterators and getters
+	/// users.rs iterators and getters
 	#[command(subcommand)]
 	Users(UsersCommand),
 
-	/// - resolver service
+	/// resolver service
 	#[command(subcommand)]
 	Resolver(ResolverCommand),
 
-	/// - pusher service
+	/// pusher service
 	#[command(subcommand)]
 	Pusher(PusherCommand),
 
-	/// - short service
+	/// short service
 	#[command(subcommand)]
 	Short(ShortCommand),
 
-	/// - raw service
+	/// raw service
 	#[command(subcommand)]
 	Raw(RawCommand),
 }

src/admin/query/presence.rs

@@ -8,13 +8,13 @@
 #[derive(Debug, Subcommand)]
 /// All the getters and iterators from src/database/key_value/presence.rs
 pub enum PresenceCommand {
-	/// - Returns the latest presence event for the given user.
+	/// Returns the latest presence event for the given user.
 	GetPresence {
 		/// Full user ID
 		user_id: OwnedUserId,
 	},
 
-	/// - Iterator of the most recent presence updates that happened after the
+	/// Iterator of the most recent presence updates that happened after the
 	///   event with id `since`.
 	PresenceSince {
 		/// UNIX timestamp since (u64)

src/admin/query/pusher.rs

@@ -6,7 +6,7 @@
 
 #[derive(Debug, Subcommand)]
 pub enum PusherCommand {
-	/// - Returns all the pushers for the user.
+	/// Returns all the pushers for the user.
 	GetPushers {
 		/// Full user ID
 		user_id: OwnedUserId,

src/admin/query/raw.rs

@@ -20,10 +20,10 @@
 #[allow(clippy::enum_variant_names)]
 /// Query tables from database
 pub enum RawCommand {
-	/// - List database maps
+	/// List database maps
 	RawMaps,
 
-	/// - Raw database query
+	/// Raw database query
 	RawGet {
 		/// Map name
 		map: String,
@@ -32,7 +32,7 @@ pub enum RawCommand {
 		key: String,
 	},
 
-	/// - Raw database delete (for string keys)
+	/// Raw database delete (for string keys)
 	RawDel {
 		/// Map name
 		map: String,
@@ -41,7 +41,7 @@ pub enum RawCommand {
 		key: String,
 	},
 
-	/// - Raw database keys iteration
+	/// Raw database keys iteration
 	RawKeys {
 		/// Map name
 		map: String,
@@ -50,7 +50,7 @@ pub enum RawCommand {
 		prefix: Option<String>,
 	},
 
-	/// - Raw database key size breakdown
+	/// Raw database key size breakdown
 	RawKeysSizes {
 		/// Map name
 		map: Option<String>,
@@ -59,7 +59,7 @@ pub enum RawCommand {
 		prefix: Option<String>,
 	},
 
-	/// - Raw database keys total bytes
+	/// Raw database keys total bytes
 	RawKeysTotal {
 		/// Map name
 		map: Option<String>,
@@ -68,7 +68,7 @@ pub enum RawCommand {
 		prefix: Option<String>,
 	},
 
-	/// - Raw database values size breakdown
+	/// Raw database values size breakdown
 	RawValsSizes {
 		/// Map name
 		map: Option<String>,
@@ -77,7 +77,7 @@ pub enum RawCommand {
 		prefix: Option<String>,
 	},
 
-	/// - Raw database values total bytes
+	/// Raw database values total bytes
 	RawValsTotal {
 		/// Map name
 		map: Option<String>,
@@ -86,7 +86,7 @@ pub enum RawCommand {
 		prefix: Option<String>,
 	},
 
-	/// - Raw database items iteration
+	/// Raw database items iteration
 	RawIter {
 		/// Map name
 		map: String,
@@ -95,7 +95,7 @@ pub enum RawCommand {
 		prefix: Option<String>,
 	},
 
-	/// - Raw database keys iteration
+	/// Raw database keys iteration
 	RawKeysFrom {
 		/// Map name
 		map: String,
@@ -108,7 +108,7 @@ pub enum RawCommand {
 		limit: Option<usize>,
 	},
 
-	/// - Raw database items iteration
+	/// Raw database items iteration
 	RawIterFrom {
 		/// Map name
 		map: String,
@@ -121,7 +121,7 @@ pub enum RawCommand {
 		limit: Option<usize>,
 	},
 
-	/// - Raw database record count
+	/// Raw database record count
 	RawCount {
 		/// Map name
 		map: Option<String>,
@@ -130,7 +130,7 @@ pub enum RawCommand {
 		prefix: Option<String>,
 	},
 
-	/// - Compact database
+	/// Compact database
 	Compact {
 		#[arg(short, long, alias("column"))]
 		map: Option<Vec<String>>,

src/admin/query/room_alias.rs

@@ -13,13 +13,13 @@ pub enum RoomAliasCommand {
 		alias: OwnedRoomAliasId,
 	},
 
-	/// - Iterator of all our local room aliases for the room ID
+	/// Iterator of all our local room aliases for the room ID
 	LocalAliasesForRoom {
 		/// Full room ID
 		room_id: OwnedRoomId,
 	},
 
-	/// - Iterator of all our local aliases in our database with their room IDs
+	/// Iterator of all our local aliases in our database with their room IDs
 	AllLocalAliases,
 }
 

src/admin/query/sending.rs

@@ -9,10 +9,10 @@
 #[derive(Debug, Subcommand)]
 /// All the getters and iterators from src/database/key_value/sending.rs
 pub enum SendingCommand {
-	/// - Queries database for all `servercurrentevent_data`
+	/// Queries database for all `servercurrentevent_data`
 	ActiveRequests,
 
-	/// - Queries database for `servercurrentevent_data` but for a specific
+	/// Queries database for `servercurrentevent_data` but for a specific
 	///   destination
 	///
 	/// This command takes only *one* format of these arguments:
@@ -34,7 +34,7 @@ pub enum SendingCommand {
 		push_key: Option<String>,
 	},
 
-	/// - Queries database for `servernameevent_data` which are the queued up
+	/// Queries database for `servernameevent_data` which are the queued up
 	///   requests that will eventually be sent
 	///
 	/// This command takes only *one* format of these arguments:

src/admin/room/alias.rs

@@ -9,7 +9,7 @@
 
 #[derive(Debug, Subcommand)]
 pub enum RoomAliasCommand {
-	/// - Make an alias point to a room.
+	/// Make an alias point to a room.
 	Set {
 		#[arg(short, long)]
 		/// Set the alias even if a room is already using it
@@ -22,20 +22,20 @@ pub enum RoomAliasCommand {
 		room_alias_localpart: String,
 	},
 
-	/// - Remove a local alias
+	/// Remove a local alias
 	Remove {
 		/// The alias localpart to remove (`alias`, not `#alias:servername.tld`)
 		room_alias_localpart: String,
 	},
 
-	/// - Show which room is using an alias
+	/// Show which room is using an alias
 	Which {
 		/// The alias localpart to look up (`alias`, not
 		/// `#alias:servername.tld`)
 		room_alias_localpart: String,
 	},
 
-	/// - List aliases currently being used
+	/// List aliases currently being used
 	List {
 		/// If set, only list the aliases for this room
 		room_id: Option<OwnedRoomId>,

src/admin/room/directory.rs

@@ -7,19 +7,19 @@
 
 #[derive(Debug, Subcommand)]
 pub enum RoomDirectoryCommand {
-	/// - Publish a room to the room directory
+	/// Publish a room to the room directory
 	Publish {
 		/// The room id of the room to publish
 		room_id: OwnedRoomId,
 	},
 
-	/// - Unpublish a room to the room directory
+	/// Unpublish a room to the room directory
 	Unpublish {
 		/// The room id of the room to unpublish
 		room_id: OwnedRoomId,
 	},
 
-	/// - List rooms that are published
+	/// List rooms that are published
 	List {
 		page: Option<usize>,
 	},

src/admin/room/info.rs

@@ -8,7 +8,7 @@
 #[admin_command_dispatch]
 #[derive(Debug, Subcommand)]
 pub enum RoomInfoCommand {
-	/// - List joined members in a room
+	/// List joined members in a room
 	ListJoinedMembers {
 		room_id: OwnedRoomId,
 
@@ -17,7 +17,7 @@ pub enum RoomInfoCommand {
 		local_only: bool,
 	},
 
-	/// - Displays room topic
+	/// Displays room topic
 	///
 	/// Room topics can be huge, so this is in its
 	/// own separate command

src/admin/room/mod.rs

@@ -17,7 +17,7 @@
 #[admin_command_dispatch]
 #[derive(Debug, Subcommand)]
 pub enum RoomCommand {
-	/// - List all rooms the server knows about
+	/// List all rooms the server knows about
 	#[clap(alias = "list")]
 	ListRooms {
 		page: Option<usize>,
@@ -37,22 +37,22 @@ pub enum RoomCommand {
 	},
 
 	#[command(subcommand)]
-	/// - View information about a room we know about
+	/// View information about a room we know about
 	Info(RoomInfoCommand),
 
 	#[command(subcommand)]
-	/// - Manage moderation of remote or local rooms
+	/// Manage moderation of remote or local rooms
 	Moderation(RoomModerationCommand),
 
 	#[command(subcommand)]
-	/// - Manage rooms' aliases
+	/// Manage rooms' aliases
 	Alias(RoomAliasCommand),
 
 	#[command(subcommand)]
-	/// - Manage the room directory
+	/// Manage the room directory
 	Directory(RoomDirectoryCommand),
 
-	/// - Check if we know about a room
+	/// Check if we know about a room
 	Exists {
 		room_id: OwnedRoomId,
 	},

src/admin/room/moderation.rs

@@ -13,7 +13,7 @@
 #[admin_command_dispatch]
 #[derive(Debug, Subcommand)]
 pub enum RoomModerationCommand {
-	/// - Bans a room from local users joining and evicts all our local users
+	/// Bans a room from local users joining and evicts all our local users
 	///   (including server
 	/// admins)
 	///   from the room. Also blocks any invites (local and remote) for the
@@ -24,19 +24,19 @@ pub enum RoomModerationCommand {
 		room: OwnedRoomOrAliasId,
 	},
 
-	/// - Bans a list of rooms (room IDs and room aliases) from a newline
+	/// Bans a list of rooms (room IDs and room aliases) from a newline
 	///   delimited codeblock similar to `user deactivate-all`. Applies the same
 	///   steps as ban-room
 	BanListOfRooms,
 
-	/// - Unbans a room to allow local users to join again
+	/// Unbans a room to allow local users to join again
 	UnbanRoom {
 		/// The room in the format of `!roomid:example.com` or a room alias in
 		/// the format of `#roomalias:example.com`
 		room: OwnedRoomOrAliasId,
 	},
 
-	/// - List of all rooms we have banned
+	/// List of all rooms we have banned
 	ListBannedRooms {
 		#[arg(long)]
 		/// Whether to only output room IDs without supplementary room

src/admin/server/commands.rs

@@ -1,7 +1,7 @@
-use std::{fmt::Write, path::PathBuf, sync::Arc};
+use std::{path::PathBuf, sync::Arc};
 
 use conduwuit::{
-	Err, Result, info,
+	Err, Result,
 	utils::{stream::IterStream, time},
 	warn,
 };
@@ -59,34 +59,6 @@ pub(super) async fn reload_config(&self, path: Option<PathBuf>) -> Result {
 		.await
 }
 
-#[admin_command]
-pub(super) async fn list_features(&self, available: bool, enabled: bool, comma: bool) -> Result {
-	let delim = if comma { "," } else { " " };
-	if enabled && !available {
-		let features = info::rustc::features().join(delim);
-		let out = format!("`\n{features}\n`");
-		return self.write_str(&out).await;
-	}
-
-	if available && !enabled {
-		let features = info::cargo::features().join(delim);
-		let out = format!("`\n{features}\n`");
-		return self.write_str(&out).await;
-	}
-
-	let mut features = String::new();
-	let enabled = info::rustc::features();
-	let available = info::cargo::features();
-	for feature in available {
-		let active = enabled.contains(&feature.as_str());
-		let emoji = if active { "✅" } else { "❌" };
-		let remark = if active { "[enabled]" } else { "" };
-		writeln!(features, "{emoji} {feature} {remark}")?;
-	}
-
-	self.write_str(&features).await
-}
-
 #[admin_command]
 pub(super) async fn memory_usage(&self) -> Result {
 	let services_usage = self.services.memory_usage().await?;

src/admin/server/mod.rs

@@ -10,58 +10,46 @@
 #[admin_command_dispatch]
 #[derive(Debug, Subcommand)]
 pub enum ServerCommand {
-	/// - Time elapsed since startup
+	/// Time elapsed since startup
 	Uptime,
 
-	/// - Show configuration values
+	/// Show configuration values
 	ShowConfig,
 
-	/// - Reload configuration values
+	/// Reload configuration values
 	ReloadConfig {
 		path: Option<PathBuf>,
 	},
 
-	/// - List the features built into the server
-	ListFeatures {
-		#[arg(short, long)]
-		available: bool,
-
-		#[arg(short, long)]
-		enabled: bool,
-
-		#[arg(short, long)]
-		comma: bool,
-	},
-
-	/// - Print database memory usage statistics
+	/// Print database memory usage statistics
 	MemoryUsage,
 
-	/// - Clears all of Continuwuity's caches
+	/// Clears all of Continuwuity's caches
 	ClearCaches,
 
-	/// - Performs an online backup of the database (only available for RocksDB
+	/// Performs an online backup of the database (only available for RocksDB
 	///   at the moment)
 	BackupDatabase,
 
-	/// - List database backups
+	/// List database backups
 	ListBackups,
 
-	/// - Send a message to the admin room.
+	/// Send a message to the admin room.
 	AdminNotice {
 		message: Vec<String>,
 	},
 
-	/// - Hot-reload the server
+	/// Hot-reload the server
 	#[clap(alias = "reload")]
 	ReloadMods,
 
 	#[cfg(unix)]
-	/// - Restart the server
+	/// Restart the server
 	Restart {
 		#[arg(short, long)]
 		force: bool,
 	},
 
-	/// - Shutdown the server
+	/// Shutdown the server
 	Shutdown,
 }

src/admin/token/mod.rs

@@ -8,7 +8,7 @@
 #[admin_command_dispatch]
 #[derive(Debug, Subcommand)]
 pub enum TokenCommand {
-	/// - Issue a new registration token
+	/// Issue a new registration token
 	#[clap(name = "issue")]
 	IssueToken {
 		/// When this token will expire.
@@ -16,14 +16,14 @@ pub enum TokenCommand {
 		expires: TokenExpires,
 	},
 
-	/// - Revoke a registration token
+	/// Revoke a registration token
 	#[clap(name = "revoke")]
 	RevokeToken {
 		/// The token to revoke.
 		token: String,
 	},
 
-	/// - List all registration tokens
+	/// List all registration tokens
 	#[clap(name = "list")]
 	ListTokens,
 }

src/admin/user/mod.rs

@@ -9,7 +9,7 @@
 #[admin_command_dispatch]
 #[derive(Debug, Subcommand)]
 pub enum UserCommand {
-	/// - Create a new user
+	/// Create a new user
 	#[clap(alias = "create")]
 	CreateUser {
 		/// Username of the new user
@@ -18,7 +18,7 @@ pub enum UserCommand {
 		password: Option<String>,
 	},
 
-	/// - Reset user password
+	/// Reset user password
 	ResetPassword {
 		/// Log out existing sessions
 		#[arg(short, long)]
@@ -29,7 +29,7 @@ pub enum UserCommand {
 		password: Option<String>,
 	},
 
-	/// - Deactivate a user
+	/// Deactivate a user
 	///
 	/// User will be removed from all rooms by default.
 	/// Use --no-leave-rooms to not leave all rooms by default.
@@ -39,7 +39,7 @@ pub enum UserCommand {
 		user_id: String,
 	},
 
-	/// - Deactivate a list of users
+	/// Deactivate a list of users
 	///
 	/// Recommended to use in conjunction with list-local-users.
 	///
@@ -62,7 +62,7 @@ pub enum UserCommand {
 		force: bool,
 	},
 
-	/// - Forcefully log a user out of all of their devices.
+	/// Forcefully log a user out of all of their devices.
 	///
 	/// This will invalidate all access tokens for the specified user,
 	/// effectively logging them out from all sessions.
@@ -74,7 +74,7 @@ pub enum UserCommand {
 		user_id: String,
 	},
 
-	/// - Suspend a user
+	/// Suspend a user
 	///
 	/// Suspended users are able to log in, sync, and read messages, but are not
 	/// able to send events nor redact them, cannot change their profile, and
@@ -87,7 +87,7 @@ pub enum UserCommand {
 		user_id: String,
 	},
 
-	/// - Unsuspend a user
+	/// Unsuspend a user
 	///
 	/// Reverses the effects of the `suspend` command, allowing the user to send
 	/// messages, change their profile, create room invites, etc.
@@ -96,7 +96,7 @@ pub enum UserCommand {
 		user_id: String,
 	},
 
-	/// - Lock a user
+	/// Lock a user
 	///
 	/// Locked users are unable to use their accounts beyond logging out. This
 	/// is akin to a temporary deactivation that does not change the user's
@@ -107,7 +107,7 @@ pub enum UserCommand {
 		user_id: String,
 	},
 
-	/// - Unlock a user
+	/// Unlock a user
 	///
 	/// Reverses the effects of the `lock` command, allowing the user to use
 	/// their account again.
@@ -116,13 +116,13 @@ pub enum UserCommand {
 		user_id: String,
 	},
 
-	/// - Enable login for a user
+	/// Enable login for a user
 	EnableLogin {
 		/// Username of the user to enable login for
 		user_id: String,
 	},
 
-	/// - Disable login for a user
+	/// Disable login for a user
 	///
 	/// Disables login for the specified user without deactivating or locking
 	/// their account. This prevents the user from obtaining new access tokens,
@@ -132,48 +132,48 @@ pub enum UserCommand {
 		user_id: String,
 	},
 
-	/// - List local users in the database
+	/// List local users in the database
 	#[clap(alias = "list")]
 	ListUsers,
 
-	/// - Lists all the rooms (local and remote) that the specified user is
+	/// Lists all the rooms (local and remote) that the specified user is
 	///   joined in
 	ListJoinedRooms {
 		user_id: String,
 	},
 
-	/// - Manually join a local user to a room.
+	/// Manually join a local user to a room.
 	ForceJoinRoom {
 		user_id: String,
 		room_id: OwnedRoomOrAliasId,
 	},
 
-	/// - Manually leave a local user from a room.
+	/// Manually leave a local user from a room.
 	ForceLeaveRoom {
 		user_id: String,
 		room_id: OwnedRoomOrAliasId,
 	},
 
-	/// - Manually leave a remote room for a local user.
+	/// Manually leave a remote room for a local user.
 	ForceLeaveRemoteRoom {
 		user_id: String,
 		room_id: OwnedRoomOrAliasId,
 		via: Option<String>,
 	},
 
-	/// - Forces the specified user to drop their power levels to the room
+	/// Forces the specified user to drop their power levels to the room
 	///   default, if their permissions allow and the auth check permits
 	ForceDemote {
 		user_id: String,
 		room_id: OwnedRoomOrAliasId,
 	},
 
-	/// - Grant server-admin privileges to a user.
+	/// Grant server-admin privileges to a user.
 	MakeUserAdmin {
 		user_id: String,
 	},
 
-	/// - Puts a room tag for the specified user and room ID.
+	/// Puts a room tag for the specified user and room ID.
 	///
 	/// This is primarily useful if you'd like to set your admin room
 	/// to the special "System Alerts" section in Element as a way to
@@ -186,20 +186,20 @@ pub enum UserCommand {
 		tag: String,
 	},
 
-	/// - Deletes the room tag for the specified user and room ID
+	/// Deletes the room tag for the specified user and room ID
 	DeleteRoomTag {
 		user_id: String,
 		room_id: OwnedRoomId,
 		tag: String,
 	},
 
-	/// - Gets all the room tags for the specified user and room ID
+	/// Gets all the room tags for the specified user and room ID
 	GetRoomTags {
 		user_id: String,
 		room_id: OwnedRoomId,
 	},
 
-	/// - Attempts to forcefully redact the specified event ID from the sender
+	/// Attempts to forcefully redact the specified event ID from the sender
 	///   user
 	///
 	/// This is only valid for local users
@@ -207,7 +207,7 @@ pub enum UserCommand {
 		event_id: OwnedEventId,
 	},
 
-	/// - Force joins a specified list of local users to join the specified
+	/// Force joins a specified list of local users to join the specified
 	///   room.
 	///
 	/// Specify a codeblock of usernames.
@@ -222,7 +222,7 @@ pub enum UserCommand {
 		yes_i_want_to_do_this: bool,
 	},
 
-	/// - Force joins all local users to the specified room.
+	/// Force joins all local users to the specified room.
 	///
 	/// At least 1 server admin must be in the room to reduce abuse.
 	///

src/api/Cargo.toml

@@ -91,7 +91,6 @@ serde.workspace = true
 sha1.workspace = true
 tokio.workspace = true
 tracing.workspace = true
-ctor.workspace = true
 
 [lints]
 workspace = true

src/api/admin/mod.rs

@@ -0,0 +1 @@
+pub mod rooms;

src/api/admin/rooms/ban.rs

@@ -0,0 +1,132 @@
+use axum::extract::State;
+use conduwuit::{Err, Result, info, utils::ReadyExt, warn};
+use futures::{FutureExt, StreamExt};
+use ruma::{
+	OwnedRoomAliasId, continuwuity_admin_api::rooms,
+	events::room::message::RoomMessageEventContent,
+};
+
+use crate::{Ruma, client::leave_room};
+
+/// # `PUT /_continuwuity/admin/rooms/{roomID}/ban`
+///
+/// Bans or unbans a room.
+pub(crate) async fn ban_room(
+	State(services): State<crate::State>,
+	body: Ruma<rooms::ban::v1::Request>,
+) -> Result<rooms::ban::v1::Response> {
+	let sender_user = body.sender_user();
+	if !services.users.is_admin(sender_user).await {
+		return Err!(Request(Forbidden("Only server administrators can use this endpoint")));
+	}
+
+	if body.banned {
+		// Don't ban again if already banned
+		if services.rooms.metadata.is_banned(&body.room_id).await {
+			return Err!(Request(InvalidParam("Room is already banned")));
+		}
+		info!(%sender_user, "Banning room {}", body.room_id);
+
+		services
+			.admin
+			.notice(&format!("{sender_user} banned {} (ban in progress)", body.room_id))
+			.await;
+
+		let mut users = services
+			.rooms
+			.state_cache
+			.room_members(&body.room_id)
+			.map(ToOwned::to_owned)
+			.ready_filter(|user| services.globals.user_is_local(user))
+			.boxed();
+		let mut evicted = Vec::new();
+		let mut failed_evicted = Vec::new();
+
+		while let Some(ref user_id) = users.next().await {
+			info!("Evicting user {} from room {}", user_id, body.room_id);
+			match leave_room(&services, user_id, &body.room_id, None)
+				.boxed()
+				.await
+			{
+				| Ok(()) => {
+					services.rooms.state_cache.forget(&body.room_id, user_id);
+					evicted.push(user_id.clone());
+				},
+				| Err(e) => {
+					warn!("Failed to evict user {} from room {}: {}", user_id, body.room_id, e);
+					failed_evicted.push(user_id.clone());
+				},
+			}
+		}
+
+		let aliases: Vec<OwnedRoomAliasId> = services
+			.rooms
+			.alias
+			.local_aliases_for_room(&body.room_id)
+			.map(ToOwned::to_owned)
+			.collect::<Vec<_>>()
+			.await;
+		for alias in &aliases {
+			info!("Removing alias {} for banned room {}", alias, body.room_id);
+			services
+				.rooms
+				.alias
+				.remove_alias(alias, &services.globals.server_user)
+				.await?;
+		}
+
+		services.rooms.directory.set_not_public(&body.room_id); // remove from the room directory
+		services.rooms.metadata.ban_room(&body.room_id, true); // prevent further joins
+		services.rooms.metadata.disable_room(&body.room_id, true); // disable federation
+
+		services
+			.admin
+			.notice(&format!(
+				"Finished banning {}: Removed {} users ({} failed) and {} aliases",
+				body.room_id,
+				evicted.len(),
+				failed_evicted.len(),
+				aliases.len()
+			))
+			.await;
+		if !evicted.is_empty() || !failed_evicted.is_empty() || !aliases.is_empty() {
+			let msg = services
+				.admin
+				.text_or_file(RoomMessageEventContent::text_markdown(format!(
+					"Removed users:\n{}\n\nFailed to remove users:\n{}\n\nRemoved aliases: {}",
+					evicted
+						.iter()
+						.map(|u| u.as_str())
+						.collect::<Vec<_>>()
+						.join("\n"),
+					failed_evicted
+						.iter()
+						.map(|u| u.as_str())
+						.collect::<Vec<_>>()
+						.join("\n"),
+					aliases
+						.iter()
+						.map(|a| a.as_str())
+						.collect::<Vec<_>>()
+						.join(", "),
+				)))
+				.await;
+			services.admin.send_message(msg).await.ok();
+		}
+
+		Ok(rooms::ban::v1::Response::new(evicted, failed_evicted, aliases))
+	} else {
+		// Don't unban if not banned
+		if !services.rooms.metadata.is_banned(&body.room_id).await {
+			return Err!(Request(InvalidParam("Room is not banned")));
+		}
+		info!(%sender_user, "Unbanning room {}", body.room_id);
+		services.rooms.metadata.disable_room(&body.room_id, false);
+		services.rooms.metadata.ban_room(&body.room_id, false);
+		services
+			.admin
+			.notice(&format!("{sender_user} unbanned {}", body.room_id))
+			.await;
+		Ok(rooms::ban::v1::Response::new(Vec::new(), Vec::new(), Vec::new()))
+	}
+}

src/api/admin/rooms/list.rs

@@ -0,0 +1,35 @@
+use axum::extract::State;
+use conduwuit::{Err, Result};
+use futures::StreamExt;
+use ruma::{OwnedRoomId, continuwuity_admin_api::rooms};
+
+use crate::Ruma;
+
+/// # `GET /_continuwuity/admin/rooms/list`
+///
+/// Lists all rooms known to this server, excluding banned ones.
+pub(crate) async fn list_rooms(
+	State(services): State<crate::State>,
+	body: Ruma<rooms::list::v1::Request>,
+) -> Result<rooms::list::v1::Response> {
+	let sender_user = body.sender_user();
+	if !services.users.is_admin(sender_user).await {
+		return Err!(Request(Forbidden("Only server administrators can use this endpoint")));
+	}
+
+	let mut rooms: Vec<OwnedRoomId> = services
+		.rooms
+		.metadata
+		.iter_ids()
+		.filter_map(|room_id| async move {
+			if !services.rooms.metadata.is_banned(room_id).await {
+				Some(room_id.to_owned())
+			} else {
+				None
+			}
+		})
+		.collect()
+		.await;
+	rooms.sort();
+	Ok(rooms::list::v1::Response::new(rooms))
+}

src/api/admin/rooms/mod.rs

@@ -0,0 +1,2 @@
+pub mod ban;
+pub mod list;

src/api/client/keys.rs

@@ -91,8 +91,11 @@ pub(crate) async fn upload_keys_route(
 			.users
 			.get_device_keys(sender_user, sender_device)
 			.await
+			.and_then(|keys| keys.deserialize().map_err(Into::into))
 		{
-			if existing_keys.json().get() == device_keys.json().get() {
+			// NOTE: also serves as a workaround for a nheko bug which omits cross-signing
+			// NOTE: signatures when re-uploading the same DeviceKeys.
+			if existing_keys.keys == deser_device_keys.keys {
 				debug!(
 					%sender_user,
 					%sender_device,

src/api/client/membership/invite.rs

@@ -7,7 +7,7 @@
 };
 use futures::FutureExt;
 use ruma::{
-	OwnedServerName, RoomId, UserId,
+	RoomId, UserId,
 	api::{client::membership::invite_user, federation::membership::create_invite},
 	events::{
 		invite_permission_config::FilterLevel,
@@ -203,19 +203,10 @@ pub(crate) async fn invite_helper(
 			))));
 		}
 
-		let origin: OwnedServerName = serde_json::from_value(serde_json::to_value(
-			value
-				.get("origin")
-				.ok_or_else(|| err!(Request(BadJson("Event missing origin field."))))?,
-		)?)
-		.map_err(|e| {
-			err!(Request(BadJson(warn!("Origin field in event is not a valid server name: {e}"))))
-		})?;
-
 		let pdu_id = services
 			.rooms
 			.event_handler
-			.handle_incoming_pdu(&origin, room_id, &event_id, value, true)
+			.handle_incoming_pdu(recipient_user.server_name(), room_id, &event_id, value, true)
 			.boxed()
 			.await?
 			.ok_or_else(|| {

src/api/client/membership/join.rs

@@ -657,7 +657,6 @@ async fn join_room_by_id_helper_remote(
 	let auth_check = state_res::event_auth::auth_check(
 		&state_res::RoomVersion::new(&room_version_id)?,
 		&parsed_join_pdu,
-		None, // TODO: third party invite
 		|k, s| state_fetch(k.clone(), s.into()),
 		&state_fetch(StateEventType::RoomCreate, "".into())
 			.await

src/api/client/message.rs

@@ -371,11 +371,3 @@ pub(crate) async fn is_ignored_invite(
 		.invite_filter_level(&sender_user, recipient_user)
 		.await == FilterLevel::Ignore
 }
-
-#[cfg_attr(debug_assertions, ctor::ctor)]
-fn _is_sorted() {
-	debug_assert!(
-		IGNORED_MESSAGE_TYPES.is_sorted(),
-		"IGNORED_MESSAGE_TYPES must be sorted by the developer"
-	);
-}

src/api/mod.rs

@@ -1,12 +1,13 @@
 #![type_length_limit = "16384"] //TODO: reduce me
 #![allow(clippy::toplevel_ref_arg)]
 
+extern crate conduwuit_core as conduwuit;
+extern crate conduwuit_service as service;
 pub mod client;
 pub mod router;
 pub mod server;
 
-extern crate conduwuit_core as conduwuit;
-extern crate conduwuit_service as service;
+pub mod admin;
 
 pub(crate) use self::router::{Ruma, RumaResponse, State};
 

src/api/router.rs

@@ -17,7 +17,7 @@
 
 use self::handler::RouterExt;
 pub(super) use self::{args::Args as Ruma, response::RumaResponse};
-use crate::{client, server};
+use crate::{admin, client, server};
 
 pub fn build(router: Router<State>, server: &Server) -> Router<State> {
 	let config = &server.config;
@@ -187,7 +187,9 @@ pub fn build(router: Router<State>, server: &Server) -> Router<State> {
 		.route("/_conduwuit/server_version", get(client::conduwuit_server_version))
 		.route("/_continuwuity/server_version", get(client::conduwuit_server_version))
 		.ruma_route(&client::room_initial_sync_route)
-		.route("/client/server.json", get(client::syncv3_client_server_json));
+		.route("/client/server.json", get(client::syncv3_client_server_json))
+		.ruma_route(&admin::rooms::ban::ban_room)
+		.ruma_route(&admin::rooms::list::list_rooms);
 
 	if config.allow_federation {
 		router = router

src/api/server/send_join.rs

@@ -13,8 +13,7 @@
 use conduwuit_service::Services;
 use futures::{FutureExt, StreamExt, TryStreamExt};
 use ruma::{
-	CanonicalJsonValue, OwnedEventId, OwnedRoomId, OwnedServerName, OwnedUserId, RoomId,
-	ServerName,
+	CanonicalJsonValue, OwnedEventId, OwnedRoomId, OwnedUserId, RoomId, ServerName,
 	api::federation::membership::create_join_event,
 	events::{
 		StateEventType,
@@ -178,15 +177,6 @@ async fn create_join_event(
 		}
 	}
 
-	let origin: OwnedServerName = serde_json::from_value(
-		value
-			.get("origin")
-			.ok_or_else(|| err!(Request(BadJson("Event does not have an origin server name."))))?
-			.clone()
-			.into(),
-	)
-	.map_err(|e| err!(Request(BadJson("Event has an invalid origin server name: {e}"))))?;
-
 	trace!("Signing send_join event");
 	services
 		.server_keys
@@ -204,7 +194,7 @@ async fn create_join_event(
 	let pdu_id = services
 		.rooms
 		.event_handler
-		.handle_incoming_pdu(&origin, room_id, &event_id, value.clone(), true)
+		.handle_incoming_pdu(sender.server_name(), room_id, &event_id, value.clone(), true)
 		.boxed()
 		.await?
 		.ok_or_else(|| err!(Request(InvalidParam("Could not accept as timeline event."))))?;

src/api/server/send_knock.rs

@@ -6,7 +6,7 @@
 };
 use futures::FutureExt;
 use ruma::{
-	OwnedServerName, OwnedUserId,
+	OwnedUserId,
 	RoomVersionId::*,
 	api::federation::knock::send_knock,
 	events::{
@@ -136,15 +136,6 @@ pub(crate) async fn create_knock_event_v1_route(
 		return Err!(Request(InvalidParam("state_key does not match sender user of event.")));
 	}
 
-	let origin: OwnedServerName = serde_json::from_value(
-		value
-			.get("origin")
-			.ok_or_else(|| err!(Request(BadJson("Event does not have an origin server name."))))?
-			.clone()
-			.into(),
-	)
-	.map_err(|e| err!(Request(BadJson("Event has an invalid origin server name: {e}"))))?;
-
 	let mut event: JsonObject = serde_json::from_str(body.pdu.get())
 		.map_err(|e| err!(Request(InvalidParam("Invalid knock event PDU: {e}"))))?;
 
@@ -163,7 +154,7 @@ pub(crate) async fn create_knock_event_v1_route(
 	let pdu_id = services
 		.rooms
 		.event_handler
-		.handle_incoming_pdu(&origin, &body.room_id, &event_id, value.clone(), true)
+		.handle_incoming_pdu(sender.server_name(), &body.room_id, &event_id, value.clone(), true)
 		.boxed()
 		.await?
 		.ok_or_else(|| err!(Request(InvalidParam("Could not accept as timeline event."))))?;

src/core/Cargo.toml

@@ -10,31 +10,31 @@ version.workspace = true
 [lib]
 path = "mod.rs"
 crate-type = [
-	"rlib",
-#	"dylib",
+    "rlib",
+    #	"dylib",
 ]
 
 [features]
 brotli_compression = [
-	"reqwest/brotli",
+    "reqwest/brotli",
 ]
 conduwuit_mods = [
     "dep:libloading"
 ]
 gzip_compression = [
-	"reqwest/gzip",
+    "reqwest/gzip",
 ]
 hardened_malloc = [
-	"dep:hardened_malloc-rs"
+    "dep:hardened_malloc-rs"
 ]
 jemalloc = [
-	"dep:tikv-jemalloc-sys",
-	"dep:tikv-jemalloc-ctl",
-	"dep:tikv-jemallocator",
+    "dep:tikv-jemalloc-sys",
+    "dep:tikv-jemalloc-ctl",
+    "dep:tikv-jemallocator",
 ]
 jemalloc_conf = []
 jemalloc_prof = [
-	"tikv-jemalloc-sys/profiling",
+    "tikv-jemalloc-sys/profiling",
 ]
 jemalloc_stats = [
     "tikv-jemalloc-sys/stats",
@@ -43,10 +43,10 @@ jemalloc_stats = [
 ]
 perf_measurements = []
 release_max_log_level = [
-	"tracing/max_level_trace",
-	"tracing/release_max_level_info",
-	"log/max_level_trace",
-	"log/release_max_level_info",
+    "tracing/max_level_trace",
+    "tracing/release_max_level_info",
+    "log/max_level_trace",
+    "log/release_max_level_info",
 ]
 sentry_telemetry = []
 zstd_compression = [
@@ -110,6 +110,7 @@ tracing.workspace = true
 url.workspace = true
 parking_lot.workspace = true
 lock_api.workspace = true
+ed25519-dalek = "~2"
 
 [target.'cfg(unix)'.dependencies]
 nix.workspace = true

src/core/alloc/je.rs

@@ -47,7 +47,7 @@
 const NAME_MAX: usize = 128;
 const KEY_SEGS: usize = 8;
 
-#[crate::ctor]
+#[ctor::ctor]
 fn _static_initialization() {
 	acq_epoch().expect("pre-initialization of jemalloc failed");
 	acq_epoch().expect("pre-initialization of jemalloc failed");

src/core/config/mod.rs

@@ -53,8 +53,7 @@
 ### For more information, see:
 ### https://continuwuity.org/configuration.html
 "#,
-	ignore = "config_paths catchall well_known tls blurhashing \
-	allow_invalid_tls_certificates_yes_i_know_what_the_fuck_i_am_doing_with_this_and_i_know_this_is_insecure antispam"
+	ignore = "config_paths catchall"
 )]
 pub struct Config {
 	// Paths to config file(s). Not supposed to be set manually in the config file,
@@ -105,7 +104,7 @@ pub struct Config {
 	#[serde(default = "default_port")]
 	port: ListeningPort,
 
-	// external structure; separate section
+	/// display: nested
 	#[serde(default)]
 	pub tls: TlsConfig,
 
@@ -435,7 +434,9 @@ pub struct Config {
 	/// this to be high to account for extremely large room joins, slow
 	/// homeservers, your own resources etc.
 	///
-	/// default: 300
+	/// Joins have 6x the timeout.
+	///
+	/// default: 60
 	#[serde(default = "default_federation_timeout")]
 	pub federation_timeout: u64,
 
@@ -501,7 +502,19 @@ pub struct Config {
 	#[serde(default = "default_appservice_idle_timeout")]
 	pub appservice_idle_timeout: u64,
 
-	/// Notification gateway pusher idle connection pool timeout.
+	/// Notification gateway pusher request connection timeout (seconds).
+	///
+	/// default: 15
+	#[serde(default = "default_pusher_conn_timeout")]
+	pub pusher_conn_timeout: u64,
+
+	/// Notification gateway pusher total request timeout (seconds).
+	///
+	/// default: 60
+	#[serde(default = "default_pusher_timeout")]
+	pub pusher_timeout: u64,
+
+	/// Notification gateway pusher idle connection pool timeout (seconds).
 	///
 	/// default: 15
 	#[serde(default = "default_pusher_idle_timeout")]
@@ -710,7 +723,7 @@ pub struct Config {
 	#[serde(default = "default_default_room_version")]
 	pub default_room_version: RoomVersionId,
 
-	// external structure; separate section
+	/// display: nested
 	#[serde(default)]
 	pub well_known: WellKnownConfig,
 
@@ -1663,6 +1676,13 @@ pub struct Config {
 	#[serde(default = "default_url_preview_max_spider_size")]
 	pub url_preview_max_spider_size: usize,
 
+	/// Total request timeout for URL previews (seconds). This includes
+	/// connection, request, and response body reading time.
+	///
+	/// default: 120
+	#[serde(default = "default_url_preview_timeout")]
+	pub url_preview_timeout: u64,
+
 	/// Option to decide whether you would like to run the domain allowlist
 	/// checks (contains and explicit) on the root domain or not. Does not apply
 	/// to URL contains allowlist. Defaults to false.
@@ -2009,19 +2029,22 @@ pub struct Config {
 	/// etc. This is a hidden argument that should NOT be used in production as
 	/// it is highly insecure and I will personally yell at you if I catch you
 	/// using this.
+	///
+	/// display: hidden
 	#[serde(default)]
 	pub allow_invalid_tls_certificates_yes_i_know_what_the_fuck_i_am_doing_with_this_and_i_know_this_is_insecure:
 		bool,
 
-	// external structure; separate section
+	/// display: nested
 	#[serde(default)]
 	pub ldap: LdapConfig,
 
 	/// Configuration for antispam support
+	/// display: nested
 	#[serde(default)]
 	pub antispam: Option<Antispam>,
 
-	// external structure; separate section
+	/// display: nested
 	#[serde(default)]
 	pub blurhashing: BlurhashConfig,
 	#[serde(flatten)]
@@ -2238,15 +2261,23 @@ struct ListeningAddr {
 }
 
 #[derive(Clone, Debug, Deserialize)]
+#[config_example_generator(
+	filename = "conduwuit-example.toml",
+	section = "global.antispam",
+	optional = "true"
+)]
 pub struct Antispam {
+	/// display: nested
 	pub meowlnir: Option<MeowlnirConfig>,
+	/// display: nested
 	pub draupnir: Option<DraupnirConfig>,
 }
 
 #[derive(Clone, Debug, Deserialize)]
 #[config_example_generator(
 	filename = "conduwuit-example.toml",
-	section = "global.antispam.meowlnir"
+	section = "global.antispam.meowlnir",
+	optional = "true"
 )]
 pub struct MeowlnirConfig {
 	/// The base URL on which to contact Meowlnir (before /_meowlnir/antispam).
@@ -2275,7 +2306,8 @@ pub struct MeowlnirConfig {
 #[derive(Clone, Debug, Deserialize)]
 #[config_example_generator(
 	filename = "conduwuit-example.toml",
-	section = "global.antispam.draupnir"
+	section = "global.antispam.draupnir",
+	optional = "true"
 )]
 pub struct DraupnirConfig {
 	/// The base URL on which to contact Draupnir (before /api/).
@@ -2455,7 +2487,7 @@ fn default_well_known_timeout() -> u64 { 10 }
 
 fn default_federation_conn_timeout() -> u64 { 10 }
 
-fn default_federation_timeout() -> u64 { 25 }
+fn default_federation_timeout() -> u64 { 60 }
 
 fn default_policy_server_request_timeout() -> u64 { 10 }
 
@@ -2473,6 +2505,10 @@ fn default_appservice_timeout() -> u64 { 35 }
 
 fn default_appservice_idle_timeout() -> u64 { 300 }
 
+fn default_pusher_conn_timeout() -> u64 { 15 }
+
+fn default_pusher_timeout() -> u64 { 60 }
+
 fn default_pusher_idle_timeout() -> u64 { 15 }
 
 fn default_max_fetch_prev_events() -> u16 { 192_u16 }
@@ -2600,6 +2636,8 @@ fn default_url_preview_max_spider_size() -> usize {
 	256_000 // 256KB
 }
 
+fn default_url_preview_timeout() -> u64 { 120 }
+
 fn default_new_user_displayname_suffix() -> String { "🏳️‍⚧️".to_owned() }
 
 fn default_sentry_endpoint() -> Option<Url> { None }

src/core/debug.rs

@@ -62,7 +62,7 @@ macro_rules! debug_info {
 pub static DEBUGGER: LazyLock<bool> =
 	LazyLock::new(|| env::var("_").unwrap_or_default().ends_with("gdb"));
 
-#[cfg_attr(debug_assertions, crate::ctor)]
+#[cfg_attr(debug_assertions, ctor::ctor)]
 #[cfg_attr(not(debug_assertions), allow(dead_code))]
 fn set_panic_trap() {
 	if !*DEBUGGER {

src/core/error/err.rs

@@ -115,7 +115,7 @@ macro_rules! err {
 macro_rules! err_log {
 	($out:ident, $level:ident, $($fields:tt)+) => {{
 		use $crate::tracing::{
-			callsite, callsite2, metadata, valueset, Callsite,
+			callsite, callsite2, metadata, valueset_all, Callsite,
 			Level,
 		};
 
@@ -133,7 +133,7 @@ macro_rules! err_log {
 			fields: $($fields)+,
 		};
 
-		($crate::error::visit)(&mut $out, LEVEL, &__CALLSITE, &mut valueset!(__CALLSITE.metadata().fields(), $($fields)+));
+		($crate::error::visit)(&mut $out, LEVEL, &__CALLSITE, &mut valueset_all!(__CALLSITE.metadata().fields(), $($fields)+));
 		($out).into()
 	}}
 }

src/core/info/cargo.rs

@@ -1,95 +0,0 @@
-//! Information about the build related to Cargo. This is a frontend interface
-//! informed by proc-macros that capture raw information at build time which is
-//! further processed at runtime either during static initialization or as
-//! necessary.
-
-use std::sync::OnceLock;
-
-use cargo_toml::{DepsSet, Manifest};
-use conduwuit_macros::cargo_manifest;
-
-use crate::Result;
-
-// Raw captures of the cargo manifest for each crate. This is provided by a
-// proc-macro at build time since the source directory and the cargo toml's may
-// not be present during execution.
-
-#[cargo_manifest]
-const WORKSPACE_MANIFEST: &'static str = ();
-#[cargo_manifest(crate = "macros")]
-const MACROS_MANIFEST: &'static str = ();
-#[cargo_manifest(crate = "core")]
-const CORE_MANIFEST: &'static str = ();
-#[cargo_manifest(crate = "database")]
-const DATABASE_MANIFEST: &'static str = ();
-#[cargo_manifest(crate = "service")]
-const SERVICE_MANIFEST: &'static str = ();
-#[cargo_manifest(crate = "admin")]
-const ADMIN_MANIFEST: &'static str = ();
-#[cargo_manifest(crate = "router")]
-const ROUTER_MANIFEST: &'static str = ();
-#[cargo_manifest(crate = "main")]
-const MAIN_MANIFEST: &'static str = ();
-
-/// Processed list of features across all project crates. This is generated from
-/// the data in the MANIFEST strings and contains all possible project features.
-/// For *enabled* features see the info::rustc module instead.
-static FEATURES: OnceLock<Vec<String>> = OnceLock::new();
-
-/// Processed list of dependencies. This is generated from the data captured in
-/// the MANIFEST.
-static DEPENDENCIES: OnceLock<DepsSet> = OnceLock::new();
-
-#[must_use]
-pub fn dependencies_names() -> Vec<&'static str> {
-	dependencies().keys().map(String::as_str).collect()
-}
-
-pub fn dependencies() -> &'static DepsSet {
-	DEPENDENCIES.get_or_init(|| {
-		init_dependencies().unwrap_or_else(|e| panic!("Failed to initialize dependencies: {e}"))
-	})
-}
-
-/// List of all possible features for the project. For *enabled* features in
-/// this build see the companion function in info::rustc.
-pub fn features() -> &'static Vec<String> {
-	FEATURES.get_or_init(|| {
-		init_features().unwrap_or_else(|e| panic!("Failed initialize features: {e}"))
-	})
-}
-
-fn init_features() -> Result<Vec<String>> {
-	let mut features = Vec::new();
-	append_features(&mut features, WORKSPACE_MANIFEST)?;
-	append_features(&mut features, MACROS_MANIFEST)?;
-	append_features(&mut features, CORE_MANIFEST)?;
-	append_features(&mut features, DATABASE_MANIFEST)?;
-	append_features(&mut features, SERVICE_MANIFEST)?;
-	append_features(&mut features, ADMIN_MANIFEST)?;
-	append_features(&mut features, ROUTER_MANIFEST)?;
-	append_features(&mut features, MAIN_MANIFEST)?;
-	features.sort();
-	features.dedup();
-
-	Ok(features)
-}
-
-fn append_features(features: &mut Vec<String>, manifest: &str) -> Result<()> {
-	let manifest = Manifest::from_str(manifest)?;
-	features.extend(manifest.features.keys().cloned());
-
-	Ok(())
-}
-
-fn init_dependencies() -> Result<DepsSet> {
-	let manifest = Manifest::from_str(WORKSPACE_MANIFEST)?;
-	let deps_set = manifest
-		.workspace
-		.as_ref()
-		.expect("manifest has workspace section")
-		.dependencies
-		.clone();
-
-	Ok(deps_set)
-}

src/core/info/mod.rs

@@ -1,12 +1,5 @@
-//! Information about the project. This module contains version, build, system,
-//! etc information which can be queried by admins or used by developers.
-
-pub mod cargo;
 pub mod room_version;
-pub mod rustc;
 pub mod version;
 
-pub use conduwuit_macros::rustc_flags_capture;
-
 pub const MODULE_ROOT: &str = const_str::split!(std::module_path!(), "::")[0];
 pub const CRATE_PREFIX: &str = const_str::split!(MODULE_ROOT, '_')[0];

src/core/info/rustc.rs

@@ -1,54 +0,0 @@
-//! Information about the build related to rustc. This is a frontend interface
-//! informed by proc-macros at build time. Since the project is split into
-//! several crates, lower-level information is supplied from each crate during
-//! static initialization.
-
-use std::{collections::BTreeMap, sync::OnceLock};
-
-use crate::utils::exchange;
-
-/// Raw capture of rustc flags used to build each crate in the project. Informed
-/// by rustc_flags_capture macro (one in each crate's mod.rs). This is
-/// done during static initialization which is why it's mutex-protected and pub.
-/// Should not be written to by anything other than our macro.
-///
-/// We specifically use a std mutex here because parking_lot cannot be used
-/// after thread local storage is destroyed on MacOS.
-pub static FLAGS: std::sync::Mutex<BTreeMap<&str, &[&str]>> =
-	std::sync::Mutex::new(BTreeMap::new());
-
-/// Processed list of enabled features across all project crates. This is
-/// generated from the data in FLAGS.
-static FEATURES: OnceLock<Vec<&'static str>> = OnceLock::new();
-
-/// List of features enabled for the project.
-pub fn features() -> &'static Vec<&'static str> { FEATURES.get_or_init(init_features) }
-
-fn init_features() -> Vec<&'static str> {
-	let mut features = Vec::new();
-	FLAGS
-		.lock()
-		.expect("locked")
-		.iter()
-		.for_each(|(_, flags)| append_features(&mut features, flags));
-
-	features.sort_unstable();
-	features.dedup();
-	features
-}
-
-fn append_features(features: &mut Vec<&'static str>, flags: &[&'static str]) {
-	let mut next_is_cfg = false;
-	for flag in flags {
-		let is_cfg = *flag == "--cfg";
-		let is_feature = flag.starts_with("feature=");
-		if exchange(&mut next_is_cfg, is_cfg) && is_feature {
-			if let Some(feature) = flag
-				.split_once('=')
-				.map(|(_, feature)| feature.trim_matches('"'))
-			{
-				features.push(feature);
-			}
-		}
-	}
-}

src/core/matrix/state_res/event_auth.rs

@@ -1,26 +1,36 @@
 use std::{borrow::Borrow, collections::BTreeSet};
 
+use ed25519_dalek::{Verifier, VerifyingKey};
 use futures::{
 	Future,
 	future::{OptionFuture, join, join3},
 };
+use itertools::Itertools;
 use ruma::{
-	Int, OwnedUserId, RoomVersionId, UserId,
+	CanonicalJsonObject, Int, OwnedUserId, RoomVersionId, UserId,
+	canonical_json::to_canonical_value,
 	events::room::{
 		create::RoomCreateEventContent,
 		join_rules::{JoinRule, RoomJoinRulesEventContent},
 		member::{MembershipState, ThirdPartyInvite},
 		power_levels::RoomPowerLevelsEventContent,
-		third_party_invite::RoomThirdPartyInviteEventContent,
+		third_party_invite::{PublicKey, RoomThirdPartyInviteEventContent},
 	},
 	int,
-	serde::{Base64, Raw},
+	serde::{
+		Base64, Base64DecodeError, Raw,
+		base64::{Standard, UrlSafe},
+	},
+	signatures::{ParseError, VerificationError},
 };
 use serde::{
 	Deserialize,
 	de::{Error as _, IgnoredAny},
 };
-use serde_json::{from_str as from_json_str, value::RawValue as RawJsonValue};
+use serde_json::{
+	from_str as from_json_str, to_value,
+	value::{RawValue as RawJsonValue, to_raw_value},
+};
 
 use super::{
 	Error, Event, Result, StateEventType, StateKey, TimelineEventType,
@@ -30,7 +40,7 @@
 	},
 	room_version::RoomVersion,
 };
-use crate::{debug, error, trace, warn};
+use crate::{debug, error, trace, utils::to_canonical_object, warn};
 
 // FIXME: field extracting could be bundled for `content`
 #[derive(Deserialize)]
@@ -157,15 +167,14 @@ struct RoomMemberContentFields {
 pub async fn auth_check<E, F, Fut>(
 	room_version: &RoomVersion,
 	incoming_event: &E,
-	current_third_party_invite: Option<&E>,
 	fetch_state: F,
 	create_event: &E,
 ) -> Result<bool, Error>
 where
-	F: Fn(&StateEventType, &str) -> Fut + Send,
+	F: Fn(&StateEventType, &str) -> Fut + Send + Sync,
 	Fut: Future<Output = Option<E>> + Send,
 	E: Event + Send + Sync,
-	for<'a> &'a E: Event + Send,
+	for<'a> &'a E: Event + Send + Sync,
 {
 	debug!(
 		event_id = %incoming_event.event_id(),
@@ -415,13 +424,15 @@ pub async fn auth_check<E, F, Fut>(
 			sender,
 			sender_member_event.as_ref(),
 			incoming_event,
-			current_third_party_invite,
 			power_levels_event.as_ref(),
 			join_rules_event.as_ref(),
 			user_for_join_auth.as_deref(),
 			&user_for_join_auth_membership,
 			&room_create_event,
-		)? {
+			&fetch_state,
+		)
+		.await?
+		{
 			return Ok(false);
 		}
 
@@ -658,23 +669,25 @@ fn is_creator<EV>(
 /// event and the current State.
 #[allow(clippy::too_many_arguments)]
 #[allow(clippy::cognitive_complexity)]
-fn valid_membership_change<E>(
+async fn valid_membership_change<F, Fut, E>(
 	room_version: &RoomVersion,
 	target_user: &UserId,
 	target_user_membership_event: Option<&E>,
 	sender: &UserId,
 	sender_membership_event: Option<&E>,
 	current_event: &E,
-	current_third_party_invite: Option<&E>,
 	power_levels_event: Option<&E>,
 	join_rules_event: Option<&E>,
 	user_for_join_auth: Option<&UserId>,
 	user_for_join_auth_membership: &MembershipState,
 	create_room: &E,
+	fetch_state: &F,
 ) -> Result<bool>
 where
+	F: Fn(&StateEventType, &str) -> Fut + Send + Sync,
+	Fut: Future<Output = Option<E>> + Send,
 	E: Event + Send + Sync,
-	for<'a> &'a E: Event + Send,
+	for<'a> &'a E: Event + Send + Sync,
 {
 	#[derive(Deserialize)]
 	struct GetThirdPartyInvite {
@@ -950,68 +963,62 @@ struct GetThirdPartyInvite {
 		| MembershipState::Invite => {
 			// If content has third_party_invite key
 			trace!("starting target_membership=invite check");
-			match third_party_invite.and_then(|i| i.deserialize().ok()) {
-				| Some(tp_id) =>
-					if target_user_current_membership == MembershipState::Ban {
-						warn!(?target_user_membership_event_id, "Can't invite banned user");
-						false
-					} else {
-						let allow = verify_third_party_invite(
-							Some(target_user),
-							sender,
-							&tp_id,
-							current_third_party_invite,
-						);
-						if !allow {
-							warn!("Third party invite invalid");
-						}
-						allow
-					},
-				| _ =>
-					if !sender_is_joined {
-						warn!(
-							%sender,
-							?sender_membership_event_id,
-							?sender_membership,
-							"sender cannot produce an invite without being joined to the room",
-						);
-						false
-					} else if matches!(
-						target_user_current_membership,
-						MembershipState::Join | MembershipState::Ban
-					) {
-						warn!(
-							?target_user_membership_event_id,
-							?target_user_current_membership,
-							"cannot invite a user who is banned or already joined",
-						);
-						false
-					} else {
-						let allow = sender_creator
-							|| sender_power
-								.filter(|&p| p >= &power_levels.invite)
-								.is_some();
-						if !allow {
-							warn!(
-								%sender,
-								has=?sender_power,
-								required=?power_levels.invite,
-								"sender does not have enough power to produce invites",
-							);
-						}
-						trace!(
-							%sender,
-							?sender_membership_event_id,
-							?sender_membership,
-							?target_user_membership_event_id,
-							?target_user_current_membership,
-							sender_pl=?sender_power,
-							required_pl=?power_levels.invite,
-							"allowing invite"
-						);
-						allow
-					},
+			if let Some(third_party_invite) = third_party_invite {
+				let allow = verify_third_party_invite(
+					target_user_current_membership,
+					&serde_json::to_value(third_party_invite)?,
+					target_user,
+					current_event,
+					fetch_state,
+				)
+				.await;
+				if !allow {
+					warn!("Third party invite invalid");
+				}
+				return Ok(allow);
 			}
+			if !sender_is_joined {
+				warn!(
+					%sender,
+					?sender_membership_event_id,
+					?sender_membership,
+					"sender cannot produce an invite without being joined to the room",
+				);
+				return Ok(false);
+			} else if matches!(
+				target_user_current_membership,
+				MembershipState::Join | MembershipState::Ban
+			) {
+				warn!(
+					?target_user_membership_event_id,
+					?target_user_current_membership,
+					"cannot invite a user who is banned or already joined",
+				);
+				return Ok(false);
+			}
+			let allow = sender_creator
+				|| sender_power
+					.filter(|&p| p >= &power_levels.invite)
+					.is_some();
+			if !allow {
+				warn!(
+					%sender,
+					has=?sender_power,
+					required=?power_levels.invite,
+					"sender does not have enough power to produce invites",
+				);
+			}
+			trace!(
+				%sender,
+				?sender_membership_event_id,
+				?sender_membership,
+				?target_user_membership_event_id,
+				?target_user_current_membership,
+				sender_pl=?sender_power,
+				required_pl=?power_levels.invite,
+				"allowing invite"
+			);
+			return Ok(allow);
 		},
 		| MembershipState::Leave => {
 			let can_unban = if target_user_current_membership == MembershipState::Ban {
@@ -1499,399 +1506,187 @@ fn get_send_level(
 		.unwrap_or_else(|| if state_key.is_some() { int!(50) } else { int!(0) })
 }
 
-fn verify_third_party_invite(
-	target_user: Option<&UserId>,
-	sender: &UserId,
-	tp_id: &ThirdPartyInvite,
-	current_third_party_invite: Option<&impl Event>,
-) -> bool {
-	// 1. Check for user being banned happens before this is called
-	// checking for mxid and token keys is done by ruma when deserializing
+fn verify_payload(pk: &[u8], sig: &[u8], c: &[u8]) -> Result<(), ruma::signatures::Error> {
+	VerifyingKey::from_bytes(
+		pk.try_into()
+			.map_err(|_| ParseError::PublicKey(ed25519_dalek::SignatureError::new()))?,
+	)
+	.map_err(ParseError::PublicKey)?
+	.verify(c, &sig.try_into().map_err(ParseError::Signature)?)
+	.map_err(VerificationError::Signature)
+	.map_err(ruma::signatures::Error::from)
+}
 
-	// The state key must match the invitee
-	if target_user != Some(&tp_id.signed.mxid) {
+/// Decodes a base64 string as either URL-safe or standard base64, as per the
+/// spec. It attempts to decode urlsafe first.
+fn decode_base64(content: &str) -> Result<Vec<u8>, Base64DecodeError> {
+	if let Ok(decoded) = Base64::<UrlSafe>::parse(content) {
+		Ok(decoded.as_bytes().to_vec())
+	} else {
+		Base64::<Standard>::parse(content).map(|v| v.as_bytes().to_vec())
+	}
+}
+
+fn get_public_keys(event: &CanonicalJsonObject) -> Vec<Vec<u8>> {
+	let mut public_keys = Vec::new();
+	if let Some(public_key) = event.get("public_key").and_then(|v| v.as_str()) {
+		if let Ok(v) = decode_base64(public_key) {
+			trace!(
+				encoded = public_key,
+				decoded = ?v,
+				"found public key in public_key property of m.room.third_party_invite event",
+			);
+			public_keys.push(v);
+		} else {
+			warn!("m.room.third_party_invite event has invalid public_key");
+		}
+	}
+	if let Some(keys) = event.get("public_keys").and_then(|v| v.as_array()) {
+		for key in keys {
+			if let Some(key_obj) = key.as_object() {
+				if let Some(public_key) = key_obj.get("public_key").and_then(|v| v.as_str()) {
+					if let Ok(v) = decode_base64(public_key) {
+						trace!(
+							encoded = public_key,
+							decoded = ?v,
+							"found public key in public_keys list of m.room.third_party_invite \
+							 event",
+						);
+						public_keys.push(v);
+					} else {
+						warn!(
+							"m.room.third_party_invite event has invalid public_key in \
+							 public_keys list"
+						);
+					}
+				} else {
+					warn!(
+						"m.room.third_party_invite event has entry in public_keys list missing \
+						 public_key property"
+					);
+				}
+			} else {
+				warn!(
+					"m.room.third_party_invite event has invalid entry in public_keys list, \
+					 expected object"
+				);
+			}
+		}
+	}
+	public_keys
+}
+
+/// Checks a third-party invite is valid.
+async fn verify_third_party_invite<F, Fut, E>(
+	target_current_membership: MembershipState,
+	raw_third_party_invite: &serde_json::Value,
+	target: &UserId,
+	event: &E,
+	fetch_state: &F,
+) -> bool
+where
+	F: Fn(&StateEventType, &str) -> Fut + Send + Sync,
+	Fut: Future<Output = Option<E>> + Send,
+	E: Event + Send + Sync,
+	for<'a> &'a E: Event + Send + Sync,
+{
+	// 4.1.1: If target user is banned, reject.
+	if target_current_membership == MembershipState::Ban {
+		warn!("invite target is banned");
 		return false;
 	}
+	// 4.1.2: If content.third_party_invite does not have a signed property, reject.
+	let Some(signed) = raw_third_party_invite.get("signed") else {
+		warn!("invite event third_party_invite missing signed property");
+		return false;
+	};
+	// 4.2.3: If signed does not have mxid and token properties, reject.
+	let Some(mxid) = signed.get("mxid").and_then(|v| v.as_str()) else {
+		warn!("invite event third_party_invite signed missing/invalid mxid property");
+		return false;
+	};
+	let Some(token) = signed.get("token").and_then(|v| v.as_str()) else {
+		warn!("invite event third_party_invite signed missing token property");
+		return false;
+	};
+	// 4.2.4: If mxid does not match state_key, reject.
+	if mxid != target.as_str() {
+		warn!("invite event third_party_invite signed mxid does not match state_key");
+		return false;
+	}
+	// 4.2.5: If there is no m.room.third_party_invite event in the room
+	// state matching the token, reject.
+	let Some(third_party_invite_event) =
+		fetch_state(&StateEventType::RoomThirdPartyInvite, token).await
+	else {
+		warn!("invite event third_party_invite token has no matching m.room.third_party_invite");
+		return false;
+	};
+	// 4.2.6: If sender does not match sender of the m.room.third_party_invite,
+	// reject.
+	if third_party_invite_event.sender() != event.sender() {
+		warn!("invite event sender does not match m.room.third_party_invite sender");
+		return false;
+	}
+	// 4.2.7: If any signature in signed matches any public key in the
+	// m.room.third_party_invite event, allow. The public keys are in
+	// content of m.room.third_party_invite as:
+	//   1. A single public key in the public_key property.
+	//   2. A list of public keys in the public_keys property.
+	debug!(
+		"Fetching signatures in third-party-invite event {}",
+		third_party_invite_event.event_id()
+	);
+	trace!("third-party-invite event content: {}", third_party_invite_event.content().get());
 
-	// If there is no m.room.third_party_invite event in the current room state with
-	// state_key matching token, reject
-	#[allow(clippy::manual_let_else)]
-	let current_tpid = match current_third_party_invite {
-		| Some(id) => id,
-		| None => return false,
+	let Some(signatures) = signed.get("signatures").and_then(|v| v.as_object()) else {
+		warn!("invite event third_party_invite signed missing/invalid signatures");
+		return false;
 	};
 
-	if current_tpid.state_key() != Some(&tp_id.signed.token) {
-		return false;
-	}
-
-	if sender != current_tpid.sender() {
-		return false;
-	}
-
-	// If any signature in signed matches any public key in the
-	// m.room.third_party_invite event, allow
-	#[allow(clippy::manual_let_else)]
-	let tpid_ev =
-		match from_json_str::<RoomThirdPartyInviteEventContent>(current_tpid.content().get()) {
-			| Ok(ev) => ev,
-			| Err(_) => return false,
-		};
-
-	#[allow(clippy::manual_let_else)]
-	let decoded_invite_token = match Base64::parse(&tp_id.signed.token) {
-		| Ok(tok) => tok,
-		// FIXME: Log a warning?
-		| Err(_) => return false,
-	};
-
-	// A list of public keys in the public_keys field
-	for key in tpid_ev.public_keys.unwrap_or_default() {
-		if key.public_key == decoded_invite_token {
-			return true;
+	for pk in get_public_keys(
+		&to_canonical_object(third_party_invite_event.content())
+			.expect("m.room.third_party_invite event content is not a JSON object"),
+	) {
+		// signatures -> { server_name: { ed25519:N: signature } }
+		for (server_name, server_sigs) in signatures {
+			trace!("Searching for signatures from {}", server_name);
+			if let Some(server_sigs) = server_sigs.as_object() {
+				for (key_id, signature_value) in server_sigs {
+					trace!("Checking signature with key id {}", key_id);
+					if let Some(signature_str) = signature_value.as_str() {
+						if let Ok(signature) = decode_base64(signature_str) {
+							debug!(
+								%server_name,
+								%key_id,
+								"verifying third-party invite signature",
+							);
+							match verify_payload(
+								&pk,
+								&signature,
+								serde_json::to_string(&to_canonical_value(signed).unwrap())
+									.unwrap()
+									.as_bytes(),
+							) {
+								| Ok(()) => {
+									debug!("valid third-party invite signature found");
+									return true;
+								},
+								| Err(e) => {
+									warn!(
+										%server_name,
+										%key_id,
+										"invalid third-party invite signature: {e}",
+									);
+								},
+							}
+						}
+					}
+				}
+			}
 		}
 	}
 
-	// A single public key in the public_key field
-	tpid_ev.public_key == decoded_invite_token
-}
-
-#[cfg(test)]
-mod tests {
-	use ruma::events::{
-		StateEventType, TimelineEventType,
-		room::{
-			join_rules::{
-				AllowRule, JoinRule, Restricted, RoomJoinRulesEventContent, RoomMembership,
-			},
-			member::{MembershipState, RoomMemberEventContent},
-		},
-	};
-	use serde_json::value::to_raw_value as to_raw_json_value;
-
-	use crate::{
-		matrix::{Event, EventTypeExt, Pdu as PduEvent},
-		state_res::{
-			RoomVersion, StateMap,
-			event_auth::valid_membership_change,
-			test_utils::{
-				INITIAL_EVENTS, INITIAL_EVENTS_CREATE_ROOM, alice, charlie, ella, event_id,
-				member_content_ban, member_content_join, room_id, to_pdu_event,
-			},
-		},
-	};
-
-	#[test]
-	fn test_ban_pass() {
-		let _ = tracing::subscriber::set_default(
-			tracing_subscriber::fmt().with_test_writer().finish(),
-		);
-		let events = INITIAL_EVENTS();
-
-		let auth_events = events
-			.values()
-			.map(|ev| (ev.event_type().with_state_key(ev.state_key().unwrap()), ev.clone()))
-			.collect::<StateMap<_>>();
-
-		let requester = to_pdu_event(
-			"HELLO",
-			alice(),
-			TimelineEventType::RoomMember,
-			Some(charlie().as_str()),
-			member_content_ban(),
-			&[],
-			&["IMC"],
-		);
-
-		let fetch_state = |ty, key| auth_events.get(&(ty, key)).cloned();
-		let target_user = charlie();
-		let sender = alice();
-
-		assert!(
-			valid_membership_change(
-				&RoomVersion::V6,
-				target_user,
-				fetch_state(StateEventType::RoomMember, target_user.as_str().into()).as_ref(),
-				sender,
-				fetch_state(StateEventType::RoomMember, sender.as_str().into()).as_ref(),
-				&requester,
-				None::<&PduEvent>,
-				fetch_state(StateEventType::RoomPowerLevels, "".into()).as_ref(),
-				fetch_state(StateEventType::RoomJoinRules, "".into()).as_ref(),
-				None,
-				&MembershipState::Leave,
-				&fetch_state(StateEventType::RoomCreate, "".into()).unwrap(),
-			)
-			.unwrap()
-		);
-	}
-
-	#[test]
-	fn test_join_non_creator() {
-		let _ = tracing::subscriber::set_default(
-			tracing_subscriber::fmt().with_test_writer().finish(),
-		);
-		let events = INITIAL_EVENTS_CREATE_ROOM();
-
-		let auth_events = events
-			.values()
-			.map(|ev| (ev.event_type().with_state_key(ev.state_key().unwrap()), ev.clone()))
-			.collect::<StateMap<_>>();
-
-		let requester = to_pdu_event(
-			"HELLO",
-			charlie(),
-			TimelineEventType::RoomMember,
-			Some(charlie().as_str()),
-			member_content_join(),
-			&["CREATE"],
-			&["CREATE"],
-		);
-
-		let fetch_state = |ty, key| auth_events.get(&(ty, key)).cloned();
-		let target_user = charlie();
-		let sender = charlie();
-
-		assert!(
-			!valid_membership_change(
-				&RoomVersion::V6,
-				target_user,
-				fetch_state(StateEventType::RoomMember, target_user.as_str().into()).as_ref(),
-				sender,
-				fetch_state(StateEventType::RoomMember, sender.as_str().into()).as_ref(),
-				&requester,
-				None::<&PduEvent>,
-				fetch_state(StateEventType::RoomPowerLevels, "".into()).as_ref(),
-				fetch_state(StateEventType::RoomJoinRules, "".into()).as_ref(),
-				None,
-				&MembershipState::Leave,
-				&fetch_state(StateEventType::RoomCreate, "".into()).unwrap(),
-			)
-			.unwrap()
-		);
-	}
-
-	#[test]
-	fn test_join_creator() {
-		let _ = tracing::subscriber::set_default(
-			tracing_subscriber::fmt().with_test_writer().finish(),
-		);
-		let events = INITIAL_EVENTS_CREATE_ROOM();
-
-		let auth_events = events
-			.values()
-			.map(|ev| (ev.event_type().with_state_key(ev.state_key().unwrap()), ev.clone()))
-			.collect::<StateMap<_>>();
-
-		let requester = to_pdu_event(
-			"HELLO",
-			alice(),
-			TimelineEventType::RoomMember,
-			Some(alice().as_str()),
-			member_content_join(),
-			&["CREATE"],
-			&["CREATE"],
-		);
-
-		let fetch_state = |ty, key| auth_events.get(&(ty, key)).cloned();
-		let target_user = alice();
-		let sender = alice();
-
-		assert!(
-			valid_membership_change(
-				&RoomVersion::V6,
-				target_user,
-				fetch_state(StateEventType::RoomMember, target_user.as_str().into()).as_ref(),
-				sender,
-				fetch_state(StateEventType::RoomMember, sender.as_str().into()).as_ref(),
-				&requester,
-				None::<&PduEvent>,
-				fetch_state(StateEventType::RoomPowerLevels, "".into()).as_ref(),
-				fetch_state(StateEventType::RoomJoinRules, "".into()).as_ref(),
-				None,
-				&MembershipState::Leave,
-				&fetch_state(StateEventType::RoomCreate, "".into()).unwrap(),
-			)
-			.unwrap()
-		);
-	}
-
-	#[test]
-	fn test_ban_fail() {
-		let _ = tracing::subscriber::set_default(
-			tracing_subscriber::fmt().with_test_writer().finish(),
-		);
-		let events = INITIAL_EVENTS();
-
-		let auth_events = events
-			.values()
-			.map(|ev| (ev.event_type().with_state_key(ev.state_key().unwrap()), ev.clone()))
-			.collect::<StateMap<_>>();
-
-		let requester = to_pdu_event(
-			"HELLO",
-			charlie(),
-			TimelineEventType::RoomMember,
-			Some(alice().as_str()),
-			member_content_ban(),
-			&[],
-			&["IMC"],
-		);
-
-		let fetch_state = |ty, key| auth_events.get(&(ty, key)).cloned();
-		let target_user = alice();
-		let sender = charlie();
-
-		assert!(
-			!valid_membership_change(
-				&RoomVersion::V6,
-				target_user,
-				fetch_state(StateEventType::RoomMember, target_user.as_str().into()).as_ref(),
-				sender,
-				fetch_state(StateEventType::RoomMember, sender.as_str().into()).as_ref(),
-				&requester,
-				None::<&PduEvent>,
-				fetch_state(StateEventType::RoomPowerLevels, "".into()).as_ref(),
-				fetch_state(StateEventType::RoomJoinRules, "".into()).as_ref(),
-				None,
-				&MembershipState::Leave,
-				&fetch_state(StateEventType::RoomCreate, "".into()).unwrap(),
-			)
-			.unwrap()
-		);
-	}
-
-	#[test]
-	fn test_restricted_join_rule() {
-		let _ = tracing::subscriber::set_default(
-			tracing_subscriber::fmt().with_test_writer().finish(),
-		);
-		let mut events = INITIAL_EVENTS();
-		*events.get_mut(&event_id("IJR")).unwrap() = to_pdu_event(
-			"IJR",
-			alice(),
-			TimelineEventType::RoomJoinRules,
-			Some(""),
-			to_raw_json_value(&RoomJoinRulesEventContent::new(JoinRule::Restricted(
-				Restricted::new(vec![AllowRule::RoomMembership(RoomMembership::new(
-					room_id().to_owned(),
-				))]),
-			)))
-			.unwrap(),
-			&["CREATE", "IMA", "IPOWER"],
-			&["IPOWER"],
-		);
-
-		let mut member = RoomMemberEventContent::new(MembershipState::Join);
-		member.join_authorized_via_users_server = Some(alice().to_owned());
-
-		let auth_events = events
-			.values()
-			.map(|ev| (ev.event_type().with_state_key(ev.state_key().unwrap()), ev.clone()))
-			.collect::<StateMap<_>>();
-
-		let requester = to_pdu_event(
-			"HELLO",
-			ella(),
-			TimelineEventType::RoomMember,
-			Some(ella().as_str()),
-			to_raw_json_value(&RoomMemberEventContent::new(MembershipState::Join)).unwrap(),
-			&["CREATE", "IJR", "IPOWER", "new"],
-			&["new"],
-		);
-
-		let fetch_state = |ty, key| auth_events.get(&(ty, key)).cloned();
-		let target_user = ella();
-		let sender = ella();
-
-		assert!(
-			valid_membership_change(
-				&RoomVersion::V9,
-				target_user,
-				fetch_state(StateEventType::RoomMember, target_user.as_str().into()).as_ref(),
-				sender,
-				fetch_state(StateEventType::RoomMember, sender.as_str().into()).as_ref(),
-				&requester,
-				None::<&PduEvent>,
-				fetch_state(StateEventType::RoomPowerLevels, "".into()).as_ref(),
-				fetch_state(StateEventType::RoomJoinRules, "".into()).as_ref(),
-				Some(alice()),
-				&MembershipState::Join,
-				&fetch_state(StateEventType::RoomCreate, "".into()).unwrap(),
-			)
-			.unwrap()
-		);
-
-		assert!(
-			!valid_membership_change(
-				&RoomVersion::V9,
-				target_user,
-				fetch_state(StateEventType::RoomMember, target_user.as_str().into()).as_ref(),
-				sender,
-				fetch_state(StateEventType::RoomMember, sender.as_str().into()).as_ref(),
-				&requester,
-				None::<&PduEvent>,
-				fetch_state(StateEventType::RoomPowerLevels, "".into()).as_ref(),
-				fetch_state(StateEventType::RoomJoinRules, "".into()).as_ref(),
-				Some(ella()),
-				&MembershipState::Leave,
-				&fetch_state(StateEventType::RoomCreate, "".into()).unwrap(),
-			)
-			.unwrap()
-		);
-	}
-
-	#[test]
-	fn test_knock() {
-		let _ = tracing::subscriber::set_default(
-			tracing_subscriber::fmt().with_test_writer().finish(),
-		);
-		let mut events = INITIAL_EVENTS();
-		*events.get_mut(&event_id("IJR")).unwrap() = to_pdu_event(
-			"IJR",
-			alice(),
-			TimelineEventType::RoomJoinRules,
-			Some(""),
-			to_raw_json_value(&RoomJoinRulesEventContent::new(JoinRule::Knock)).unwrap(),
-			&["CREATE", "IMA", "IPOWER"],
-			&["IPOWER"],
-		);
-
-		let auth_events = events
-			.values()
-			.map(|ev| (ev.event_type().with_state_key(ev.state_key().unwrap()), ev.clone()))
-			.collect::<StateMap<_>>();
-
-		let requester = to_pdu_event(
-			"HELLO",
-			ella(),
-			TimelineEventType::RoomMember,
-			Some(ella().as_str()),
-			to_raw_json_value(&RoomMemberEventContent::new(MembershipState::Knock)).unwrap(),
-			&[],
-			&["IMC"],
-		);
-
-		let fetch_state = |ty, key| auth_events.get(&(ty, key)).cloned();
-		let target_user = ella();
-		let sender = ella();
-
-		assert!(
-			valid_membership_change(
-				&RoomVersion::V7,
-				target_user,
-				fetch_state(StateEventType::RoomMember, target_user.as_str().into()).as_ref(),
-				sender,
-				fetch_state(StateEventType::RoomMember, sender.as_str().into()).as_ref(),
-				&requester,
-				None::<&PduEvent>,
-				fetch_state(StateEventType::RoomPowerLevels, "".into()).as_ref(),
-				fetch_state(StateEventType::RoomJoinRules, "".into()).as_ref(),
-				None,
-				&MembershipState::Leave,
-				&fetch_state(StateEventType::RoomCreate, "".into()).unwrap(),
-			)
-			.unwrap()
-		);
-	}
+	warn!("no valid signature found for third-party invite");
+	false
 }

src/core/matrix/state_res/mod.rs

@@ -717,9 +717,6 @@ async fn iterative_auth_check<'a, E, F, Fut, S>(
 
 		// The key for this is (eventType + a state_key of the signed token not sender)
 		// so search for it
-		let current_third_party = auth_state.iter().find_map(|(_, pdu)| {
-			(*pdu.event_type() == TimelineEventType::RoomThirdPartyInvite).then_some(pdu)
-		});
 
 		let fetch_state = |ty: &StateEventType, key: &str| {
 			future::ready(
@@ -732,7 +729,6 @@ async fn iterative_auth_check<'a, E, F, Fut, S>(
 		let auth_result = auth_check(
 			room_version,
 			&event,
-			current_third_party,
 			fetch_state,
 			&fetch_state(&StateEventType::RoomCreate, "")
 				.await

src/core/mod.rs

@@ -22,7 +22,7 @@
 pub use config::Config;
 pub use error::Error;
 pub use info::{
-	rustc_flags_capture, version,
+	version,
 	version::{name, version},
 };
 pub use matrix::{
@@ -30,12 +30,10 @@
 };
 pub use parking_lot::{Mutex as SyncMutex, RwLock as SyncRwLock};
 pub use server::Server;
-pub use utils::{ctor, dtor, implement, result, result::Result};
+pub use utils::{implement, result, result::Result};
 
 pub use crate as conduwuit_core;
 
-rustc_flags_capture! {}
-
 #[cfg(any(not(conduwuit_mods), not(feature = "conduwuit_mods")))]
 pub mod mods {
 	#[macro_export]

src/core/utils/mod.rs

@@ -22,7 +22,6 @@
 pub mod with_lock;
 
 pub use ::conduwuit_macros::implement;
-pub use ::ctor::{ctor, dtor};
 
 pub use self::{
 	arrayvec::ArrayVecExt,

src/database/Cargo.toml

@@ -64,7 +64,6 @@ serde.workspace = true
 serde_json.workspace = true
 tokio.workspace = true
 tracing.workspace = true
-ctor.workspace = true
 
 [lints]
 workspace = true

src/database/mod.rs

@@ -3,11 +3,8 @@
 extern crate conduwuit_core as conduwuit;
 extern crate rust_rocksdb as rocksdb;
 
-use ctor::{ctor, dtor};
-
 conduwuit::mod_ctor! {}
 conduwuit::mod_dtor! {}
-conduwuit::rustc_flags_capture! {}
 
 #[cfg(test)]
 mod benches;

src/macros/cargo.rs

@@ -1,47 +0,0 @@
-use std::{fs::read_to_string, path::PathBuf};
-
-use proc_macro::{Span, TokenStream};
-use quote::quote;
-use syn::{Error, ItemConst, Meta};
-
-use crate::{Result, utils};
-
-pub(super) fn manifest(item: ItemConst, args: &[Meta]) -> Result<TokenStream> {
-	let member = utils::get_named_string(args, "crate");
-	let path = manifest_path(member.as_deref())?;
-	let manifest = read_to_string(&path).unwrap_or_default();
-	let val = manifest.as_str();
-	let name = item.ident;
-	let ret = quote! {
-		const #name: &'static str = #val;
-	};
-
-	Ok(ret.into())
-}
-
-#[allow(clippy::option_env_unwrap)]
-fn manifest_path(member: Option<&str>) -> Result<PathBuf> {
-	let Some(path) = option_env!("CARGO_MANIFEST_DIR") else {
-		return Err(Error::new(
-			Span::call_site().into(),
-			"missing CARGO_MANIFEST_DIR in environment",
-		));
-	};
-
-	let mut path: PathBuf = path.into();
-
-	// conduwuit/src/macros/ -> conduwuit/src/
-	path.pop();
-
-	if let Some(member) = member {
-		// conduwuit/$member/Cargo.toml
-		path.push(member);
-	} else {
-		// conduwuit/src/ -> conduwuit/
-		path.pop();
-	}
-
-	path.push("Cargo.toml");
-
-	Ok(path)
-}

src/macros/config.rs

@@ -73,11 +73,19 @@ fn generate_example(input: &ItemStruct, args: &[Meta], write: bool) -> Result<To
 				.expect("written to config file");
 		}
 
-		file.write_fmt(format_args!("\n[{section}]\n"))
+		let optional = settings.get("optional").is_some_and(|v| v == "true");
+		let section_header = if optional {
+			format!("\n#[{section}]\n")
+		} else {
+			format!("\n[{section}]\n")
+		};
+		file.write_fmt(format_args!("{section_header}"))
 			.expect("written to config file");
 	}
 
 	let mut summary: Vec<TokenStream2> = Vec::new();
+	let mut nested_displays: Vec<TokenStream2> = Vec::new();
+
 	if let Fields::Named(FieldsNamed { named, .. }) = &input.fields {
 		for field in named {
 			let Some(ident) = &field.ident else {
@@ -92,35 +100,6 @@ fn generate_example(input: &ItemStruct, args: &[Meta], write: bool) -> Result<To
 				continue;
 			};
 
-			let doc = get_doc_comment(field)
-				.unwrap_or_else(|| undocumented.into())
-				.trim_end()
-				.to_owned();
-
-			let doc = if doc.ends_with('#') {
-				format!("{doc}\n")
-			} else {
-				format!("{doc}\n#\n")
-			};
-
-			let default = get_doc_comment_line(field, "default")
-				.or_else(|| get_default(field))
-				.unwrap_or_default();
-
-			let default = if !default.is_empty() {
-				format!(" {default}")
-			} else {
-				default
-			};
-
-			if let Some(file) = file.as_mut() {
-				file.write_fmt(format_args!("\n{doc}"))
-					.expect("written to config file");
-
-				file.write_fmt(format_args!("#{ident} ={default}\n"))
-					.expect("written to config file");
-			}
-
 			let display = get_doc_comment_line(field, "display");
 			let display_directive = |key| {
 				display
@@ -129,17 +108,77 @@ fn generate_example(input: &ItemStruct, args: &[Meta], write: bool) -> Result<To
 					.flat_map(|display| display.split(' '))
 					.any(|directive| directive == key)
 			};
+			let is_nested = display_directive("nested");
+			let is_hidden = display_directive("hidden");
 
-			if !display_directive("hidden") {
-				let value = if display_directive("sensitive") {
-					quote! { "***********" }
+			// Only generate config file entries for non-nested, visible types
+			if !is_nested && !is_hidden {
+				let doc = get_doc_comment(field)
+					.unwrap_or_else(|| undocumented.into())
+					.trim_end()
+					.to_owned();
+
+				let doc = if doc.ends_with('#') {
+					format!("{doc}\n")
 				} else {
-					quote! { format_args!("{:?}", self.#ident) }
+					format!("{doc}\n#\n")
 				};
 
-				let name = ident.to_string();
+				let default = get_doc_comment_line(field, "default")
+					.or_else(|| get_default(field))
+					.unwrap_or_default();
+
+				let default = if !default.is_empty() {
+					format!(" {default}")
+				} else {
+					default
+				};
+
+				if let Some(file) = file.as_mut() {
+					file.write_fmt(format_args!("\n{doc}"))
+						.expect("written to config file");
+
+					file.write_fmt(format_args!("#{ident} ={default}\n"))
+						.expect("written to config file");
+				}
+			}
+
+			// Generate Display implementation for all fields
+			let name = ident.to_string();
+
+			if display_directive("sensitive") {
 				summary.push(quote! {
-					writeln!(out, "| {} | {} |", #name, #value)?;
+					writeln!(out, "| {} | {} |", #name, "***********")?;
+				});
+			} else if is_nested {
+				let is_option = matches!(type_name.as_str(), "Option");
+				if is_option {
+					summary.push(quote! {
+						writeln!(out, "| {} | {} |", #name,
+							if self.#ident.is_some() { "[configured]" } else { "None" })?;
+					});
+
+					nested_displays.push(quote! {
+						if let Some(nested) = &self.#ident {
+							writeln!(out)?;
+							writeln!(out, "## {}", #name)?;
+							write!(out, "{}", nested)?;
+						}
+					});
+				} else {
+					summary.push(quote! {
+						writeln!(out, "| {} | [configured] |", #name)?;
+					});
+
+					nested_displays.push(quote! {
+						writeln!(out)?;
+						writeln!(out, "## {}", #name)?;
+						write!(out, "{}", &self.#ident)?;
+					});
+				}
+			} else {
+				summary.push(quote! {
+					writeln!(out, "| {} | {:?} |", #name, self.#ident)?;
 				});
 			}
 		}
@@ -159,6 +198,7 @@ fn fmt(&self, out: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
 				writeln!(out, "| name | value |")?;
 				writeln!(out, "| :--- | :---  |")?;
 				#( #summary )*
+				#( #nested_displays )*
 				Ok(())
 			}
 		}

src/macros/mod.rs

@@ -1,15 +1,13 @@
 mod admin;
-mod cargo;
 mod config;
 mod debug;
 mod implement;
 mod refutable;
-mod rustc;
 mod utils;
 
 use proc_macro::TokenStream;
 use syn::{
-	Error, Item, ItemConst, ItemEnum, ItemFn, ItemStruct, Meta,
+	Error, Item, ItemEnum, ItemFn, ItemStruct, Meta,
 	parse::{Parse, Parser},
 	parse_macro_input,
 };
@@ -26,19 +24,11 @@ pub fn admin_command_dispatch(args: TokenStream, input: TokenStream) -> TokenStr
 	attribute_macro::<ItemEnum, _>(args, input, admin::command_dispatch)
 }
 
-#[proc_macro_attribute]
-pub fn cargo_manifest(args: TokenStream, input: TokenStream) -> TokenStream {
-	attribute_macro::<ItemConst, _>(args, input, cargo::manifest)
-}
-
 #[proc_macro_attribute]
 pub fn recursion_depth(args: TokenStream, input: TokenStream) -> TokenStream {
 	attribute_macro::<Item, _>(args, input, debug::recursion_depth)
 }
 
-#[proc_macro]
-pub fn rustc_flags_capture(args: TokenStream) -> TokenStream { rustc::flags_capture(args) }
-
 #[proc_macro_attribute]
 pub fn refutable(args: TokenStream, input: TokenStream) -> TokenStream {
 	attribute_macro::<ItemFn, _>(args, input, refutable::refutable)

src/macros/rustc.rs

@@ -1,29 +0,0 @@
-use proc_macro::TokenStream;
-use quote::quote;
-
-pub(super) fn flags_capture(args: TokenStream) -> TokenStream {
-	let cargo_crate_name = std::env::var("CARGO_CRATE_NAME");
-	let crate_name = match cargo_crate_name.as_ref() {
-		| Err(_) => return args,
-		| Ok(crate_name) => crate_name.trim_start_matches("conduwuit_"),
-	};
-
-	let flag = std::env::args().collect::<Vec<_>>();
-	let flag_len = flag.len();
-	let ret = quote! {
-		pub static RUSTC_FLAGS: [&str; #flag_len] = [#( #flag ),*];
-
-		#[ctor]
-		fn _set_rustc_flags() {
-			conduwuit_core::info::rustc::FLAGS.lock().expect("locked").insert(#crate_name, &RUSTC_FLAGS);
-		}
-
-		// static strings have to be yanked on module unload
-		#[dtor]
-		fn _unset_rustc_flags() {
-			conduwuit_core::info::rustc::FLAGS.lock().expect("locked").remove(#crate_name);
-		}
-	};
-
-	ret.into()
-}

src/main/Cargo.toml

@@ -207,7 +207,6 @@ clap.workspace = true
 console-subscriber.optional = true
 console-subscriber.workspace = true
 const-str.workspace = true
-ctor.workspace = true
 log.workspace = true
 opentelemetry.optional = true
 opentelemetry.workspace = true

src/main/mod.rs

@@ -2,7 +2,7 @@
 
 use std::sync::{Arc, atomic::Ordering};
 
-use conduwuit_core::{debug_info, error, rustc_flags_capture};
+use conduwuit_core::{debug_info, error};
 
 mod clap;
 mod logging;
@@ -13,12 +13,8 @@
 mod server;
 mod signal;
 
-use ctor::{ctor, dtor};
-use server::Server;
-
-rustc_flags_capture! {}
-
 pub use conduwuit_core::{Error, Result};
+use server::Server;
 
 pub use crate::clap::Args;
 

src/router/Cargo.toml

@@ -122,7 +122,6 @@ tokio.workspace = true
 tower.workspace = true
 tower-http.workspace = true
 tracing.workspace = true
-ctor.workspace = true
 
 [target.'cfg(all(unix, target_os = "linux"))'.dependencies]
 sd-notify.workspace = true

src/router/mod.rs

@@ -12,12 +12,10 @@
 
 use conduwuit::{Error, Result, Server};
 use conduwuit_service::Services;
-use ctor::{ctor, dtor};
 use futures::{Future, FutureExt, TryFutureExt};
 
 conduwuit::mod_ctor! {}
 conduwuit::mod_dtor! {}
-conduwuit::rustc_flags_capture! {}
 
 #[unsafe(no_mangle)]
 pub extern "Rust" fn start(