mas_data_model/site_config.rs
1// Copyright 2024, 2025 New Vector Ltd.
2// Copyright 2023, 2024 The Matrix.org Foundation C.I.C.
3//
4// SPDX-License-Identifier: AGPL-3.0-only OR LicenseRef-Element-Commercial
5// Please see LICENSE files in the repository root for full details.
6
7use std::num::NonZeroU64;
8
9use chrono::Duration;
10use serde::Serialize;
11use url::Url;
12
13/// Which Captcha service is being used
14#[derive(Debug, Clone, Copy)]
15pub enum CaptchaService {
16 RecaptchaV2,
17 CloudflareTurnstile,
18 HCaptcha,
19}
20
21/// Captcha configuration
22#[derive(Debug, Clone)]
23pub struct CaptchaConfig {
24 /// Which Captcha service is being used
25 pub service: CaptchaService,
26
27 /// The site key used by the instance
28 pub site_key: String,
29
30 /// The secret key used by the instance
31 pub secret_key: String,
32}
33
34/// Automatic session expiration configuration
35#[derive(Debug, Clone)]
36pub struct SessionExpirationConfig {
37 pub user_session_inactivity_ttl: Option<Duration>,
38 pub oauth_session_inactivity_ttl: Option<Duration>,
39 pub compat_session_inactivity_ttl: Option<Duration>,
40}
41
42/// See [`mas_config::ExperimentalSessionLimitConfig`]
43#[derive(Serialize, Debug, Clone)]
44pub struct SessionLimitConfig {
45 pub soft_limit: NonZeroU64,
46 pub hard_limit: NonZeroU64,
47 pub max_session_threshold: Option<NonZeroU64>,
48 pub dangerous_hard_limit_eviction: bool,
49}
50
51/// Random site configuration we want accessible in various places.
52#[expect(clippy::struct_excessive_bools)]
53#[derive(Debug, Clone)]
54pub struct SiteConfig {
55 /// Time-to-live of access tokens.
56 pub access_token_ttl: Duration,
57
58 /// Time-to-live of compatibility access tokens.
59 pub compat_token_ttl: Duration,
60
61 /// The server name, e.g. "matrix.org".
62 pub server_name: String,
63
64 /// The URL to the privacy policy.
65 pub policy_uri: Option<Url>,
66
67 /// The URL to the terms of service.
68 pub tos_uri: Option<Url>,
69
70 /// Imprint to show in the footer.
71 pub imprint: Option<String>,
72
73 /// Whether password login is enabled.
74 pub password_login_enabled: bool,
75
76 /// Whether password registration is enabled.
77 pub password_registration_enabled: bool,
78
79 /// Whether a valid email address is required for password registrations.
80 pub password_registration_email_required: bool,
81
82 /// Whether registration tokens are required for password registrations.
83 pub registration_token_required: bool,
84
85 /// Whether users can change their email.
86 pub email_change_allowed: bool,
87
88 /// Whether users can change their display name.
89 pub displayname_change_allowed: bool,
90
91 /// Whether users can change their password.
92 pub password_change_allowed: bool,
93
94 /// Whether users can recover their account via email.
95 pub account_recovery_allowed: bool,
96
97 /// Whether users can delete their own account.
98 pub account_deactivation_allowed: bool,
99
100 /// Captcha configuration
101 pub captcha: Option<CaptchaConfig>,
102
103 /// Minimum password complexity, between 0 and 4.
104 /// This is a score from zxcvbn.
105 pub minimum_password_complexity: u8,
106
107 pub session_expiration: Option<SessionExpirationConfig>,
108
109 /// Whether users can log in with their email address.
110 pub login_with_email_allowed: bool,
111
112 /// The iframe URL to show in the plan tab of the UI
113 pub plan_management_iframe_uri: Option<String>,
114
115 /// Limits on the number of application sessions that each user can have
116 pub session_limit: Option<SessionLimitConfig>,
117
118 /// Whether the Device Authorization Grant (RFC 8628) is enabled.
119 pub device_code_grant_enabled: bool,
120
121 /// Whether the device authorization endpoint advertises a
122 /// `verification_uri_complete` and whether `/link` accepts a `code`
123 /// query parameter to auto-fill the user code.
124 pub device_code_user_code_auto_fill_enabled: bool,
125}