Cargo.lock

@@ -1279,9 +1279,9 @@ dependencies = [
 
 [[package]]
 name = "deranged"
-version = "0.4.0"
+version = "0.4.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "9c9e6a11ca8224451684bc0d7d5a7adbf8f2fd6887261a1cfc3c0432f9d4068e"
+checksum = "28cfac68e08048ae1883171632c2aef3ebc555621ae56fbccce1cbf22dd7f058"
 dependencies = [
  "powerfmt",
 ]
@@ -3625,7 +3625,8 @@ dependencies = [
 [[package]]
 name = "resolv-conf"
 version = "0.7.1"
-source = "git+https://github.com/girlbossceo/resolv-conf?rev=200e958941d522a70c5877e3d846f55b5586c68d#200e958941d522a70c5877e3d846f55b5586c68d"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "48375394603e3dd4b2d64371f7148fd8c7baa2680e28741f2cb8d23b59e3d4c4"
 dependencies = [
  "hostname",
 ]
@@ -3653,7 +3654,7 @@ dependencies = [
 [[package]]
 name = "ruma"
 version = "0.10.1"
-source = "git+https://github.com/girlbossceo/ruwuma?rev=920148dca1076454ca0ca5d43b5ce1aa708381d4#920148dca1076454ca0ca5d43b5ce1aa708381d4"
+source = "git+https://github.com/girlbossceo/ruwuma?rev=edbdc79e560d01d9e4a76f7421e70ea4fd4c54ef#edbdc79e560d01d9e4a76f7421e70ea4fd4c54ef"
 dependencies = [
  "assign",
  "js_int",
@@ -3673,7 +3674,7 @@ dependencies = [
 [[package]]
 name = "ruma-appservice-api"
 version = "0.10.0"
-source = "git+https://github.com/girlbossceo/ruwuma?rev=920148dca1076454ca0ca5d43b5ce1aa708381d4#920148dca1076454ca0ca5d43b5ce1aa708381d4"
+source = "git+https://github.com/girlbossceo/ruwuma?rev=edbdc79e560d01d9e4a76f7421e70ea4fd4c54ef#edbdc79e560d01d9e4a76f7421e70ea4fd4c54ef"
 dependencies = [
  "js_int",
  "ruma-common",
@@ -3685,7 +3686,7 @@ dependencies = [
 [[package]]
 name = "ruma-client-api"
 version = "0.18.0"
-source = "git+https://github.com/girlbossceo/ruwuma?rev=920148dca1076454ca0ca5d43b5ce1aa708381d4#920148dca1076454ca0ca5d43b5ce1aa708381d4"
+source = "git+https://github.com/girlbossceo/ruwuma?rev=edbdc79e560d01d9e4a76f7421e70ea4fd4c54ef#edbdc79e560d01d9e4a76f7421e70ea4fd4c54ef"
 dependencies = [
  "as_variant",
  "assign",
@@ -3708,7 +3709,7 @@ dependencies = [
 [[package]]
 name = "ruma-common"
 version = "0.13.0"
-source = "git+https://github.com/girlbossceo/ruwuma?rev=920148dca1076454ca0ca5d43b5ce1aa708381d4#920148dca1076454ca0ca5d43b5ce1aa708381d4"
+source = "git+https://github.com/girlbossceo/ruwuma?rev=edbdc79e560d01d9e4a76f7421e70ea4fd4c54ef#edbdc79e560d01d9e4a76f7421e70ea4fd4c54ef"
 dependencies = [
  "as_variant",
  "base64 0.22.1",
@@ -3740,7 +3741,7 @@ dependencies = [
 [[package]]
 name = "ruma-events"
 version = "0.28.1"
-source = "git+https://github.com/girlbossceo/ruwuma?rev=920148dca1076454ca0ca5d43b5ce1aa708381d4#920148dca1076454ca0ca5d43b5ce1aa708381d4"
+source = "git+https://github.com/girlbossceo/ruwuma?rev=edbdc79e560d01d9e4a76f7421e70ea4fd4c54ef#edbdc79e560d01d9e4a76f7421e70ea4fd4c54ef"
 dependencies = [
  "as_variant",
  "indexmap 2.8.0",
@@ -3765,7 +3766,7 @@ dependencies = [
 [[package]]
 name = "ruma-federation-api"
 version = "0.9.0"
-source = "git+https://github.com/girlbossceo/ruwuma?rev=920148dca1076454ca0ca5d43b5ce1aa708381d4#920148dca1076454ca0ca5d43b5ce1aa708381d4"
+source = "git+https://github.com/girlbossceo/ruwuma?rev=edbdc79e560d01d9e4a76f7421e70ea4fd4c54ef#edbdc79e560d01d9e4a76f7421e70ea4fd4c54ef"
 dependencies = [
  "bytes",
  "headers",
@@ -3787,7 +3788,7 @@ dependencies = [
 [[package]]
 name = "ruma-identifiers-validation"
 version = "0.9.5"
-source = "git+https://github.com/girlbossceo/ruwuma?rev=920148dca1076454ca0ca5d43b5ce1aa708381d4#920148dca1076454ca0ca5d43b5ce1aa708381d4"
+source = "git+https://github.com/girlbossceo/ruwuma?rev=edbdc79e560d01d9e4a76f7421e70ea4fd4c54ef#edbdc79e560d01d9e4a76f7421e70ea4fd4c54ef"
 dependencies = [
  "js_int",
  "thiserror 2.0.12",
@@ -3796,7 +3797,7 @@ dependencies = [
 [[package]]
 name = "ruma-identity-service-api"
 version = "0.9.0"
-source = "git+https://github.com/girlbossceo/ruwuma?rev=920148dca1076454ca0ca5d43b5ce1aa708381d4#920148dca1076454ca0ca5d43b5ce1aa708381d4"
+source = "git+https://github.com/girlbossceo/ruwuma?rev=edbdc79e560d01d9e4a76f7421e70ea4fd4c54ef#edbdc79e560d01d9e4a76f7421e70ea4fd4c54ef"
 dependencies = [
  "js_int",
  "ruma-common",
@@ -3806,7 +3807,7 @@ dependencies = [
 [[package]]
 name = "ruma-macros"
 version = "0.13.0"
-source = "git+https://github.com/girlbossceo/ruwuma?rev=920148dca1076454ca0ca5d43b5ce1aa708381d4#920148dca1076454ca0ca5d43b5ce1aa708381d4"
+source = "git+https://github.com/girlbossceo/ruwuma?rev=edbdc79e560d01d9e4a76f7421e70ea4fd4c54ef#edbdc79e560d01d9e4a76f7421e70ea4fd4c54ef"
 dependencies = [
  "cfg-if",
  "proc-macro-crate",
@@ -3821,7 +3822,7 @@ dependencies = [
 [[package]]
 name = "ruma-push-gateway-api"
 version = "0.9.0"
-source = "git+https://github.com/girlbossceo/ruwuma?rev=920148dca1076454ca0ca5d43b5ce1aa708381d4#920148dca1076454ca0ca5d43b5ce1aa708381d4"
+source = "git+https://github.com/girlbossceo/ruwuma?rev=edbdc79e560d01d9e4a76f7421e70ea4fd4c54ef#edbdc79e560d01d9e4a76f7421e70ea4fd4c54ef"
 dependencies = [
  "js_int",
  "ruma-common",
@@ -3833,7 +3834,7 @@ dependencies = [
 [[package]]
 name = "ruma-signatures"
 version = "0.15.0"
-source = "git+https://github.com/girlbossceo/ruwuma?rev=920148dca1076454ca0ca5d43b5ce1aa708381d4#920148dca1076454ca0ca5d43b5ce1aa708381d4"
+source = "git+https://github.com/girlbossceo/ruwuma?rev=edbdc79e560d01d9e4a76f7421e70ea4fd4c54ef#edbdc79e560d01d9e4a76f7421e70ea4fd4c54ef"
 dependencies = [
  "base64 0.22.1",
  "ed25519-dalek",
@@ -4758,9 +4759,9 @@ checksum = "1f3ccbac311fea05f86f61904b462b55fb3df8837a366dfc601a0161d0532f20"
 
 [[package]]
 name = "tokio"
-version = "1.44.2"
+version = "1.44.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "e6b88822cbe49de4185e3a4cbf8321dd487cf5fe0c5c65695fef6346371e9c48"
+checksum = "f382da615b842244d4b8738c82ed1275e6c5dd90c459a30941cd07080b06c91a"
 dependencies = [
  "backtrace",
  "bytes",

Cargo.toml

@@ -20,7 +20,7 @@ license = "Apache-2.0"
 # See also `rust-toolchain.toml`
 readme = "README.md"
 repository = "https://github.com/girlbossceo/conduwuit"
-rust-version = "1.86.0"
+rust-version = "1.85.0"
 version = "0.5.0"
 
 [workspace.metadata.crane]
@@ -242,7 +242,7 @@ default-features = false
 features = ["std", "async-await"]
 
 [workspace.dependencies.tokio]
-version = "1.44.2"
+version = "1.44.1"
 default-features = false
 features = [
 	"fs",
@@ -350,7 +350,7 @@ version = "0.1.2"
 [workspace.dependencies.ruma]
 git = "https://github.com/girlbossceo/ruwuma"
 #branch = "conduwuit-changes"
-rev = "920148dca1076454ca0ca5d43b5ce1aa708381d4"
+rev = "edbdc79e560d01d9e4a76f7421e70ea4fd4c54ef"
 features = [
     "compat",
     "rand",
@@ -580,13 +580,6 @@ rev = "9c8e51510c35077df888ee72a36b4b05637147da"
 git = "https://github.com/girlbossceo/hyper-util"
 rev = "e4ae7628fe4fcdacef9788c4c8415317a4489941"
 
-# allows no-aaaa option in resolv.conf
-# bumps rust edition and toolchain to 1.86.0 and 2024
-# use sat_add on line number errors
-[patch.crates-io.resolv-conf]
-git = "https://github.com/girlbossceo/resolv-conf"
-rev = "200e958941d522a70c5877e3d846f55b5586c68d"
-
 #
 # Our crates
 #

conduwuit-example.toml

@@ -527,9 +527,9 @@
 
 # Default room version conduwuit will create rooms with.
 #
-# Per spec, room version 11 is the default.
+# Per spec, room version 10 is the default.
 #
-#default_room_version = 11
+#default_room_version = 10
 
 # This item is undocumented. Please contribute documentation for it.
 #
@@ -594,7 +594,7 @@
 # Currently, conduwuit doesn't support inbound batched key requests, so
 # this list should only contain other Synapse servers.
 #
-# example: ["matrix.org", "tchncs.de"]
+# example: ["matrix.org", "envs.net", "tchncs.de"]
 #
 #trusted_servers = ["matrix.org"]
 
@@ -1186,16 +1186,13 @@
 #
 #prune_missing_media = false
 
-# Vector list of regex patterns of server names that conduwuit will refuse
+# Vector list of servers that conduwuit will refuse to download remote
-# to download remote media from.
+# media from.
-#
-# example: ["badserver\.tld$", "badphrase", "19dollarfortnitecards"]
 #
 #prevent_media_downloads_from = []
 
-# List of forbidden server names via regex patterns that we will block
+# List of forbidden server names that we will block incoming AND outgoing
-# incoming AND outgoing federation with, and block client room joins /
+# federation with, and block client room joins / remote user invites.
-# remote user invites.
 #
 # This check is applied on the room ID, room alias, sender server name,
 # sender user's server name, inbound federation X-Matrix origin, and
@@ -1203,15 +1200,11 @@
 #
 # Basically "global" ACLs.
 #
-# example: ["badserver\.tld$", "badphrase", "19dollarfortnitecards"]
-#
 #forbidden_remote_server_names = []
 
-# List of forbidden server names via regex patterns that we will block all
+# List of forbidden server names that we will block all outgoing federated
-# outgoing federated room directory requests for. Useful for preventing
+# room directory requests for. Useful for preventing our users from
-# our users from wandering into bad servers or spaces.
+# wandering into bad servers or spaces.
-#
-# example: ["badserver\.tld$", "badphrase", "19dollarfortnitecards"]
 #
 #forbidden_remote_room_directory_server_names = []
 
@@ -1322,7 +1315,7 @@
 # used, and startup as warnings if any room aliases in your database have
 # a forbidden room alias/ID.
 #
-# example: ["19dollarfortnitecards", "b[4a]droom", "badphrase"]
+# example: ["19dollarfortnitecards", "b[4a]droom"]
 #
 #forbidden_alias_names = []
 
@@ -1335,7 +1328,7 @@
 # startup as warnings if any local users in your database have a forbidden
 # username.
 #
-# example: ["administrator", "b[a4]dusernam[3e]", "badphrase"]
+# example: ["administrator", "b[a4]dusernam[3e]"]
 #
 #forbidden_usernames = []
 

flake.nix

@@ -26,7 +26,7 @@
         file = ./rust-toolchain.toml;
 
         # See also `rust-toolchain.toml`
-        sha256 = "sha256-X/4ZBHO3iW0fOenQ3foEvscgAPJYl2abspaBThDOukI=";
+        sha256 = "sha256-AJ6LX/Q/Er9kS15bn9iflkUwcgYqRQxiOIL2ToVAXaU=";
       };
 
       mkScope = pkgs: pkgs.lib.makeScope pkgs.newScope (self: {

rust-toolchain.toml

@@ -9,7 +9,7 @@
 # If you're having trouble making the relevant changes, bug a maintainer.
 
 [toolchain]
-channel = "1.86.0"
+channel = "1.85.0"
 profile = "minimal"
 components = [
     # For rust-analyzer

src/admin/debug/commands.rs

@@ -6,9 +6,7 @@ use std::{
 };
 
 use conduwuit::{
-	Error, Result, debug_error, err, info,
+	Error, PduEvent, PduId, RawPduId, Result, debug_error, err, info, trace, utils,
-	matrix::pdu::{PduEvent, PduId, RawPduId},
-	trace, utils,
 	utils::{
 		stream::{IterStream, ReadyExt},
 		string::EMPTY,

src/admin/user/commands.rs

@@ -2,8 +2,7 @@ use std::{collections::BTreeMap, fmt::Write as _};
 
 use api::client::{full_user_deactivate, join_room_by_id_helper, leave_room};
 use conduwuit::{
-	Result, debug, debug_warn, error, info, is_equal_to,
+	PduBuilder, Result, debug, debug_warn, error, info, is_equal_to,
-	matrix::pdu::PduBuilder,
 	utils::{self, ReadyExt},
 	warn,
 };

src/api/client/account.rs

@@ -3,13 +3,10 @@ use std::fmt::Write;
 use axum::extract::State;
 use axum_client_ip::InsecureClientIp;
 use conduwuit::{
-	Err, Error, Result, debug_info, err, error, info, is_equal_to,
+	Err, Error, PduBuilder, Result, debug_info, err, error, info, is_equal_to, utils,
-	matrix::pdu::PduBuilder,
-	utils,
 	utils::{ReadyExt, stream::BroadbandExt},
 	warn,
 };
-use conduwuit_service::Services;
 use futures::{FutureExt, StreamExt};
 use register::RegistrationKind;
 use ruma::{
@@ -33,6 +30,7 @@ use ruma::{
 	},
 	push,
 };
+use service::Services;
 
 use super::{DEVICE_ID_LENGTH, SESSION_ID_LENGTH, TOKEN_LENGTH, join_room_by_id_helper};
 use crate::Ruma;

src/api/client/account_data.rs

@@ -1,6 +1,5 @@
 use axum::extract::State;
-use conduwuit::{Err, Result, err};
+use conduwuit::{Err, err};
-use conduwuit_service::Services;
 use ruma::{
 	RoomId, UserId,
 	api::client::config::{
@@ -16,7 +15,7 @@ use ruma::{
 use serde::Deserialize;
 use serde_json::{json, value::RawValue as RawJsonValue};
 
-use crate::Ruma;
+use crate::{Result, Ruma, service::Services};
 
 /// # `PUT /_matrix/client/r0/user/{userId}/account_data/{type}`
 ///

src/api/client/alias.rs

@@ -1,12 +1,12 @@
 use axum::extract::State;
 use conduwuit::{Err, Result, debug};
-use conduwuit_service::Services;
 use futures::StreamExt;
 use rand::seq::SliceRandom;
 use ruma::{
 	OwnedServerName, RoomAliasId, RoomId,
 	api::client::alias::{create_alias, delete_alias, get_alias},
 };
+use service::Services;
 
 use crate::Ruma;
 

src/api/client/backup.rs

@@ -1,7 +1,7 @@
 use std::cmp::Ordering;
 
 use axum::extract::State;
-use conduwuit::{Err, Result, err};
+use conduwuit::{Err, err};
 use ruma::{
 	UInt,
 	api::client::backup::{
@@ -13,7 +13,7 @@ use ruma::{
 	},
 };
 
-use crate::Ruma;
+use crate::{Result, Ruma};
 
 /// # `POST /_matrix/client/r0/room_keys/version`
 ///

src/api/client/context.rs

@@ -1,20 +1,18 @@
 use axum::extract::State;
 use conduwuit::{
-	Err, Result, at, debug_warn, err,
+	Err, PduEvent, Result, at, debug_warn, err, ref_at,
-	matrix::pdu::PduEvent,
-	ref_at,
 	utils::{
 		IterStream,
 		future::TryExtExt,
 		stream::{BroadbandExt, ReadyExt, TryIgnore, WidebandExt},
 	},
 };
-use conduwuit_service::rooms::{lazy_loading, lazy_loading::Options, short::ShortStateKey};
 use futures::{
 	FutureExt, StreamExt, TryFutureExt, TryStreamExt,
 	future::{OptionFuture, join, join3, try_join3},
 };
 use ruma::{OwnedEventId, UserId, api::client::context::get_context, events::StateEventType};
+use service::rooms::{lazy_loading, lazy_loading::Options, short::ShortStateKey};
 
 use crate::{
 	Ruma,

src/api/client/device.rs

@@ -1,6 +1,6 @@
 use axum::extract::State;
 use axum_client_ip::InsecureClientIp;
-use conduwuit::{Err, Error, Result, debug, err, utils};
+use conduwuit::{Err, debug, err};
 use futures::StreamExt;
 use ruma::{
 	MilliSecondsSinceUnixEpoch, OwnedDeviceId,
@@ -12,7 +12,7 @@ use ruma::{
 };
 
 use super::SESSION_ID_LENGTH;
-use crate::{Ruma, client::DEVICE_ID_LENGTH};
+use crate::{Error, Result, Ruma, client::DEVICE_ID_LENGTH, utils};
 
 /// # `GET /_matrix/client/r0/devices`
 ///

src/api/client/directory.rs

@@ -9,7 +9,6 @@ use conduwuit::{
 		stream::{ReadyExt, WidebandExt},
 	},
 };
-use conduwuit_service::Services;
 use futures::{
 	FutureExt, StreamExt, TryFutureExt,
 	future::{join, join4, join5},
@@ -36,6 +35,7 @@ use ruma::{
 	},
 	uint,
 };
+use service::Services;
 
 use crate::Ruma;
 
@@ -52,13 +52,10 @@ pub(crate) async fn get_public_rooms_filtered_route(
 ) -> Result<get_public_rooms_filtered::v3::Response> {
 	if let Some(server) = &body.server {
 		if services
+			.server
 			.config
 			.forbidden_remote_room_directory_server_names
-			.is_match(server.host())
+			.contains(server)
-			|| services
-				.config
-				.forbidden_remote_server_names
-				.is_match(server.host())
 		{
 			return Err!(Request(Forbidden("Server is banned on this homeserver.")));
 		}
@@ -93,13 +90,10 @@ pub(crate) async fn get_public_rooms_route(
 ) -> Result<get_public_rooms::v3::Response> {
 	if let Some(server) = &body.server {
 		if services
+			.server
 			.config
 			.forbidden_remote_room_directory_server_names
-			.is_match(server.host())
+			.contains(server)
-			|| services
-				.config
-				.forbidden_remote_server_names
-				.is_match(server.host())
 		{
 			return Err!(Request(Forbidden("Server is banned on this homeserver.")));
 		}

src/api/client/filter.rs

@@ -1,8 +1,8 @@
 use axum::extract::State;
-use conduwuit::{Result, err};
+use conduwuit::err;
 use ruma::api::client::filter::{create_filter, get_filter};
 
-use crate::Ruma;
+use crate::{Result, Ruma};
 
 /// # `GET /_matrix/client/r0/user/{userId}/filter/{filterId}`
 ///

src/api/client/keys.rs

@@ -1,8 +1,7 @@
 use std::collections::{BTreeMap, HashMap, HashSet};
 
 use axum::extract::State;
-use conduwuit::{Err, Error, Result, debug, debug_warn, err, result::NotFound, utils};
+use conduwuit::{Err, Error, Result, debug, debug_warn, err, info, result::NotFound, utils};
-use conduwuit_service::{Services, users::parse_master_key};
 use futures::{StreamExt, stream::FuturesUnordered};
 use ruma::{
 	OneTimeKeyAlgorithm, OwnedDeviceId, OwnedUserId, UserId,
@@ -11,7 +10,7 @@ use ruma::{
 			error::ErrorKind,
 			keys::{
 				claim_keys, get_key_changes, get_keys, upload_keys,
-				upload_signatures::{self},
+				upload_signatures::{self, v3::Failure},
 				upload_signing_keys,
 			},
 			uiaa::{AuthFlow, AuthType, UiaaInfo},
@@ -24,7 +23,10 @@ use ruma::{
 use serde_json::json;
 
 use super::SESSION_ID_LENGTH;
-use crate::Ruma;
+use crate::{
+	Ruma,
+	service::{Services, users::parse_master_key},
+};
 
 /// # `POST /_matrix/client/r0/keys/upload`
 ///
@@ -177,7 +179,7 @@ pub(crate) async fn upload_signing_keys_route(
 		body.master_key.as_ref(),
 	)
 	.await
-	.inspect_err(|e| debug!(?e))
+	.inspect_err(|e| info!(?e))
 	{
 		| Ok(exists) => {
 			if let Some(result) = exists {
@@ -308,59 +310,82 @@ async fn check_for_new_keys(
 ///
 /// Uploads end-to-end key signatures from the sender user.
 ///
-/// TODO: clean this timo-code up more and integrate failures. tried to improve
+/// TODO: clean this timo-code up more. tried to improve it a bit to stop
-/// it a bit to stop exploding the entire request on bad sigs, but needs way
+/// exploding the entire request on bad sigs, but needs way more work.
-/// more work.
 pub(crate) async fn upload_signatures_route(
 	State(services): State<crate::State>,
 	body: Ruma<upload_signatures::v3::Request>,
 ) -> Result<upload_signatures::v3::Response> {
+	use upload_signatures::v3::FailureErrorCode::*;
+
 	if body.signed_keys.is_empty() {
 		debug!("Empty signed_keys sent in key signature upload");
 		return Ok(upload_signatures::v3::Response::new());
 	}
 
 	let sender_user = body.sender_user();
+	let mut failures: BTreeMap<OwnedUserId, BTreeMap<String, Failure>> = BTreeMap::new();
+	let mut failure_reasons: BTreeMap<String, Failure> = BTreeMap::new();
+	let failure = Failure {
+		errcode: InvalidSignature,
+		error: String::new(),
+	};
 
 	for (user_id, keys) in &body.signed_keys {
 		for (key_id, key) in keys {
 			let Ok(key) = serde_json::to_value(key)
 				.inspect_err(|e| debug_warn!(?key_id, "Invalid \"key\" JSON: {e}"))
 			else {
+				let mut failure = failure.clone();
+				failure.error = String::from("Invalid \"key\" JSON");
+				failure_reasons.insert(key_id.to_owned(), failure);
 				continue;
 			};
 
 			let Some(signatures) = key.get("signatures") else {
+				let mut failure = failure.clone();
+				failure.error = String::from("Missing \"signatures\" field");
+				failure_reasons.insert(key_id.to_owned(), failure);
 				continue;
 			};
 
 			let Some(sender_user_val) = signatures.get(sender_user.to_string()) else {
+				let mut failure = failure.clone();
+				failure.error = String::from("Invalid user in signatures field");
+				failure_reasons.insert(key_id.to_owned(), failure);
 				continue;
 			};
 
 			let Some(sender_user_object) = sender_user_val.as_object() else {
+				let mut failure = failure.clone();
+				failure.error = String::from("signatures field is not a JSON object");
+				failure_reasons.insert(key_id.to_owned(), failure);
 				continue;
 			};
 
 			for (signature, val) in sender_user_object.clone() {
-				let Some(val) = val.as_str().map(ToOwned::to_owned) else {
+				let signature = (signature, val.to_string());
-					continue;
-				};
-				let signature = (signature, val);
 
-				if let Err(_e) = services
+				if let Err(e) = services
 					.users
 					.sign_key(user_id, key_id, signature, sender_user)
 					.await
 					.inspect_err(|e| debug_warn!("{e}"))
 				{
+					let mut failure = failure.clone();
+					failure.error = format!("Error signing key: {e}");
+					failure_reasons.insert(key_id.to_owned(), failure);
 					continue;
 				}
 			}
 		}
+
+		if !failure_reasons.is_empty() {
+			failures.insert(user_id.to_owned(), failure_reasons.clone());
+		}
 	}
 
-	Ok(upload_signatures::v3::Response { failures: BTreeMap::new() })
+	Ok(upload_signatures::v3::Response { failures })
 }
 
 /// # `POST /_matrix/client/r0/keys/changes`

src/api/client/membership.rs

@@ -9,25 +9,13 @@ use std::{
 use axum::extract::State;
 use axum_client_ip::InsecureClientIp;
 use conduwuit::{
-	Err, Result, at, debug, debug_info, debug_warn, err, error, info,
+	Err, PduEvent, Result, StateKey, at, debug, debug_info, debug_warn, err, error, info,
-	matrix::{
+	pdu::{PduBuilder, gen_event_id_canonical_json},
-		StateKey,
-		pdu::{PduBuilder, PduEvent, gen_event_id, gen_event_id_canonical_json},
-		state_res,
-	},
 	result::{FlatOk, NotFound},
-	trace,
+	state_res, trace,
 	utils::{self, IterStream, ReadyExt, shuffle},
 	warn,
 };
-use conduwuit_service::{
-	Services,
-	appservice::RegistrationInfo,
-	rooms::{
-		state::RoomMutexGuard,
-		state_compressor::{CompressedState, HashSetCompressStateEvent},
-	},
-};
 use futures::{FutureExt, StreamExt, TryFutureExt, future::join4, join};
 use ruma::{
 	CanonicalJsonObject, CanonicalJsonValue, OwnedEventId, OwnedRoomId, OwnedServerName,
@@ -56,6 +44,15 @@ use ruma::{
 		},
 	},
 };
+use service::{
+	Services,
+	appservice::RegistrationInfo,
+	pdu::gen_event_id,
+	rooms::{
+		state::RoomMutexGuard,
+		state_compressor::{CompressedState, HashSetCompressStateEvent},
+	},
+};
 
 use crate::{Ruma, client::full_user_deactivate};
 
@@ -79,9 +76,10 @@ async fn banned_room_check(
 	if let Some(room_id) = room_id {
 		if services.rooms.metadata.is_banned(room_id).await
 			|| services
+				.server
 				.config
 				.forbidden_remote_server_names
-				.is_match(room_id.server_name().unwrap().host())
+				.contains(&room_id.server_name().unwrap().to_owned())
 		{
 			warn!(
 				"User {user_id} who is not an admin attempted to send an invite for or \
@@ -119,9 +117,10 @@ async fn banned_room_check(
 		}
 	} else if let Some(server_name) = server_name {
 		if services
+			.server
 			.config
 			.forbidden_remote_server_names
-			.is_match(server_name.host())
+			.contains(&server_name.to_owned())
 		{
 			warn!(
 				"User {user_id} who is not an admin tried joining a room which has the server \

src/api/client/message.rs

@@ -1,24 +1,12 @@
 use axum::extract::State;
 use conduwuit::{
-	Err, Result, at,
+	Err, Event, PduCount, PduEvent, Result, at,
-	matrix::{
-		Event,
-		pdu::{PduCount, PduEvent},
-	},
 	utils::{
 		IterStream, ReadyExt,
 		result::{FlatOk, LogErr},
 		stream::{BroadbandExt, TryIgnore, WidebandExt},
 	},
 };
-use conduwuit_service::{
-	Services,
-	rooms::{
-		lazy_loading,
-		lazy_loading::{Options, Witness},
-		timeline::PdusIterItem,
-	},
-};
 use futures::{FutureExt, StreamExt, TryFutureExt, future::OptionFuture, pin_mut};
 use ruma::{
 	RoomId, UserId,
@@ -29,6 +17,14 @@ use ruma::{
 	events::{AnyStateEvent, StateEventType, TimelineEventType, TimelineEventType::*},
 	serde::Raw,
 };
+use service::{
+	Services,
+	rooms::{
+		lazy_loading,
+		lazy_loading::{Options, Witness},
+		timeline::PdusIterItem,
+	},
+};
 
 use crate::Ruma;
 
@@ -261,9 +257,10 @@ pub(crate) async fn is_ignored_pdu(
 	let ignored_type = IGNORED_MESSAGE_TYPES.binary_search(&pdu.kind).is_ok();
 
 	let ignored_server = services
+		.server
 		.config
 		.forbidden_remote_server_names
-		.is_match(pdu.sender().server_name().host());
+		.contains(pdu.sender().server_name());
 
 	if ignored_type
 		&& (ignored_server || services.users.user_is_ignored(&pdu.sender, user_id).await)

src/api/client/openid.rs

@@ -1,14 +1,14 @@
 use std::time::Duration;
 
 use axum::extract::State;
-use conduwuit::{Error, Result, utils};
+use conduwuit::utils;
 use ruma::{
 	api::client::{account, error::ErrorKind},
 	authentication::TokenType,
 };
 
 use super::TOKEN_LENGTH;
-use crate::Ruma;
+use crate::{Error, Result, Ruma};
 
 /// # `POST /_matrix/client/v3/user/{userId}/openid/request_token`
 ///

src/api/client/profile.rs

@@ -3,11 +3,10 @@ use std::collections::BTreeMap;
 use axum::extract::State;
 use conduwuit::{
 	Err, Error, Result,
-	matrix::pdu::PduBuilder,
+	pdu::PduBuilder,
 	utils::{IterStream, stream::TryIgnore},
 	warn,
 };
-use conduwuit_service::Services;
 use futures::{StreamExt, TryStreamExt, future::join3};
 use ruma::{
 	OwnedMxcUri, OwnedRoomId, UserId,
@@ -23,6 +22,7 @@ use ruma::{
 	events::room::member::{MembershipState, RoomMemberEventContent},
 	presence::PresenceState,
 };
+use service::Services;
 
 use crate::Ruma;
 

src/api/client/push.rs

@@ -1,6 +1,5 @@
 use axum::extract::State;
-use conduwuit::{Err, Error, Result, err};
+use conduwuit::{Err, err};
-use conduwuit_service::Services;
 use ruma::{
 	CanonicalJsonObject, CanonicalJsonValue,
 	api::client::{
@@ -20,8 +19,9 @@ use ruma::{
 		RemovePushRuleError, Ruleset,
 	},
 };
+use service::Services;
 
-use crate::Ruma;
+use crate::{Error, Result, Ruma};
 
 /// # `GET /_matrix/client/r0/pushrules/`
 ///

src/api/client/read_marker.rs

@@ -1,7 +1,7 @@
 use std::collections::BTreeMap;
 
 use axum::extract::State;
-use conduwuit::{Err, PduCount, Result, err};
+use conduwuit::{Err, PduCount, err};
 use ruma::{
 	MilliSecondsSinceUnixEpoch,
 	api::client::{read_marker::set_read_marker, receipt::create_receipt},
@@ -11,7 +11,7 @@ use ruma::{
 	},
 };
 
-use crate::Ruma;
+use crate::{Result, Ruma};
 
 /// # `POST /_matrix/client/r0/rooms/{roomId}/read_markers`
 ///

src/api/client/redact.rs

@@ -1,10 +1,9 @@
 use axum::extract::State;
-use conduwuit::{Result, matrix::pdu::PduBuilder};
 use ruma::{
 	api::client::redact::redact_event, events::room::redaction::RoomRedactionEventContent,
 };
 
-use crate::Ruma;
+use crate::{Result, Ruma, service::pdu::PduBuilder};
 
 /// # `PUT /_matrix/client/r0/rooms/{roomId}/redact/{eventId}/{txnId}`
 ///

src/api/client/relations.rs

@@ -1,10 +1,8 @@
 use axum::extract::State;
 use conduwuit::{
-	Result, at,
+	PduCount, Result, at,
-	matrix::pdu::PduCount,
 	utils::{IterStream, ReadyExt, result::FlatOk, stream::WidebandExt},
 };
-use conduwuit_service::{Services, rooms::timeline::PdusIterItem};
 use futures::StreamExt;
 use ruma::{
 	EventId, RoomId, UInt, UserId,
@@ -17,6 +15,7 @@ use ruma::{
 	},
 	events::{TimelineEventType, relation::RelationType},
 };
+use service::{Services, rooms::timeline::PdusIterItem};
 
 use crate::Ruma;
 

src/api/client/report.rs

@@ -2,8 +2,7 @@ use std::time::Duration;
 
 use axum::extract::State;
 use axum_client_ip::InsecureClientIp;
-use conduwuit::{Err, Error, Result, debug_info, info, matrix::pdu::PduEvent, utils::ReadyExt};
+use conduwuit::{Err, info, utils::ReadyExt};
-use conduwuit_service::Services;
 use rand::Rng;
 use ruma::{
 	EventId, RoomId, UserId,
@@ -16,7 +15,10 @@ use ruma::{
 };
 use tokio::time::sleep;
 
-use crate::Ruma;
+use crate::{
+	Error, Result, Ruma, debug_info,
+	service::{Services, pdu::PduEvent},
+};
 
 /// # `POST /_matrix/client/v3/rooms/{roomId}/report`
 ///

src/api/client/room/create.rs

@@ -2,11 +2,8 @@ use std::collections::BTreeMap;
 
 use axum::extract::State;
 use conduwuit::{
-	Err, Error, Result, debug_info, debug_warn, err, error, info,
+	Err, Error, Result, StateKey, debug_info, debug_warn, err, error, info, pdu::PduBuilder, warn,
-	matrix::{StateKey, pdu::PduBuilder},
-	warn,
 };
-use conduwuit_service::{Services, appservice::RegistrationInfo};
 use futures::FutureExt;
 use ruma::{
 	CanonicalJsonObject, Int, OwnedRoomAliasId, OwnedRoomId, OwnedUserId, RoomId, RoomVersionId,
@@ -32,6 +29,7 @@ use ruma::{
 	serde::{JsonObject, Raw},
 };
 use serde_json::{json, value::to_raw_value};
+use service::{Services, appservice::RegistrationInfo};
 
 use crate::{Ruma, client::invite_helper};
 

src/api/client/room/summary.rs

@@ -1,16 +1,12 @@
 use axum::extract::State;
 use axum_client_ip::InsecureClientIp;
 use conduwuit::{
-	Err, Result, debug_warn, trace,
+	Err, Result, debug_warn,
 	utils::{IterStream, future::TryExtExt},
 };
-use futures::{
+use futures::{FutureExt, StreamExt, future::join3, stream::FuturesUnordered};
-	FutureExt, StreamExt,
-	future::{OptionFuture, join3},
-	stream::FuturesUnordered,
-};
 use ruma::{
-	OwnedServerName, RoomId, UserId,
+	OwnedRoomId, OwnedServerName, RoomId, UserId,
 	api::{
 		client::room::get_summary,
 		federation::space::{SpaceHierarchyParentSummary, get_hierarchy},
@@ -74,12 +70,7 @@ async fn room_summary_response(
 	servers: &[OwnedServerName],
 	sender_user: Option<&UserId>,
 ) -> Result<get_summary::msc3266::Response> {
-	if services
+	if services.rooms.metadata.exists(room_id).await {
-		.rooms
-		.state_cache
-		.server_in_room(services.globals.server_name(), room_id)
-		.await
-	{
 		return local_room_summary_response(services, room_id, sender_user)
 			.boxed()
 			.await;
@@ -100,9 +91,13 @@ async fn room_summary_response(
 		join_rule: room.join_rule,
 		room_type: room.room_type,
 		room_version: room.room_version,
+		membership: if sender_user.is_none() {
+			None
+		} else {
+			Some(MembershipState::Leave)
+		},
 		encryption: room.encryption,
 		allowed_room_ids: room.allowed_room_ids,
-		membership: sender_user.is_some().then_some(MembershipState::Leave),
 	})
 }
 
@@ -111,22 +106,20 @@ async fn local_room_summary_response(
 	room_id: &RoomId,
 	sender_user: Option<&UserId>,
 ) -> Result<get_summary::msc3266::Response> {
-	trace!(?sender_user, "Sending local room summary response for {room_id:?}");
+	let join_rule = services.rooms.state_accessor.get_space_join_rule(room_id);
-	let join_rule = services.rooms.state_accessor.get_join_rules(room_id);
 	let world_readable = services.rooms.state_accessor.is_world_readable(room_id);
 	let guest_can_join = services.rooms.state_accessor.guest_can_join(room_id);
 
-	let (join_rule, world_readable, guest_can_join) =
+	let ((join_rule, allowed_room_ids), world_readable, guest_can_join) =
 		join3(join_rule, world_readable, guest_can_join).await;
-	trace!("{join_rule:?}, {world_readable:?}, {guest_can_join:?}");
 
 	user_can_see_summary(
 		services,
 		room_id,
-		&join_rule.clone().into(),
+		&join_rule,
 		guest_can_join,
 		world_readable,
-		join_rule.allowed_rooms(),
+		&allowed_room_ids,
 		sender_user,
 	)
 	.await?;
@@ -136,43 +129,26 @@ async fn local_room_summary_response(
 		.state_accessor
 		.get_canonical_alias(room_id)
 		.ok();
-
 	let name = services.rooms.state_accessor.get_name(room_id).ok();
-
 	let topic = services.rooms.state_accessor.get_room_topic(room_id).ok();
-
 	let room_type = services.rooms.state_accessor.get_room_type(room_id).ok();
-
 	let avatar_url = services
 		.rooms
 		.state_accessor
 		.get_avatar(room_id)
 		.map(|res| res.into_option().unwrap_or_default().url);
-
 	let room_version = services.rooms.state.get_room_version(room_id).ok();
-
 	let encryption = services
 		.rooms
 		.state_accessor
 		.get_room_encryption(room_id)
 		.ok();
-
 	let num_joined_members = services
 		.rooms
 		.state_cache
 		.room_joined_count(room_id)
 		.unwrap_or(0);
 
-	let membership: OptionFuture<_> = sender_user
-		.map(|sender_user| {
-			services
-				.rooms
-				.state_accessor
-				.get_member(room_id, sender_user)
-				.map_ok_or(MembershipState::Leave, |content| content.membership)
-		})
-		.into();
-
 	let (
 		canonical_alias,
 		name,
@@ -182,7 +158,6 @@ async fn local_room_summary_response(
 		room_type,
 		room_version,
 		encryption,
-		membership,
 	) = futures::join!(
 		canonical_alias,
 		name,
@@ -192,7 +167,6 @@ async fn local_room_summary_response(
 		room_type,
 		room_version,
 		encryption,
-		membership,
 	);
 
 	Ok(get_summary::msc3266::Response {
@@ -204,12 +178,21 @@ async fn local_room_summary_response(
 		num_joined_members: num_joined_members.try_into().unwrap_or_default(),
 		topic,
 		world_readable,
+		join_rule,
 		room_type,
 		room_version,
+		membership: if let Some(sender_user) = sender_user {
+			services
+				.rooms
+				.state_accessor
+				.get_member(room_id, sender_user)
+				.await
+				.map_or(Some(MembershipState::Leave), |content| Some(content.membership))
+		} else {
+			None
+		},
 		encryption,
-		membership,
+		allowed_room_ids,
-		allowed_room_ids: join_rule.allowed_rooms().map(Into::into).collect(),
-		join_rule: join_rule.into(),
 	})
 }
 
@@ -220,7 +203,6 @@ async fn remote_room_summary_hierarchy_response(
 	servers: &[OwnedServerName],
 	sender_user: Option<&UserId>,
 ) -> Result<SpaceHierarchyParentSummary> {
-	trace!(?sender_user, ?servers, "Sending remote room summary response for {room_id:?}");
 	if !services.config.allow_federation {
 		return Err!(Request(Forbidden("Federation is disabled.")));
 	}
@@ -243,7 +225,6 @@ async fn remote_room_summary_hierarchy_response(
 		.collect();
 
 	while let Some(Ok(response)) = requests.next().await {
-		trace!("{response:?}");
 		let room = response.room.clone();
 		if room.room_id != room_id {
 			debug_warn!(
@@ -260,7 +241,7 @@ async fn remote_room_summary_hierarchy_response(
 			&room.join_rule,
 			room.guest_can_join,
 			room.world_readable,
-			room.allowed_room_ids.iter().map(AsRef::as_ref),
+			&room.allowed_room_ids,
 			sender_user,
 		)
 		.await
@@ -273,19 +254,15 @@ async fn remote_room_summary_hierarchy_response(
 	)))
 }
 
-async fn user_can_see_summary<'a, I>(
+async fn user_can_see_summary(
 	services: &Services,
 	room_id: &RoomId,
 	join_rule: &SpaceRoomJoinRule,
 	guest_can_join: bool,
 	world_readable: bool,
-	allowed_room_ids: I,
+	allowed_room_ids: &[OwnedRoomId],
 	sender_user: Option<&UserId>,
-) -> Result
+) -> Result {
-where
-	I: Iterator<Item = &'a RoomId> + Send,
-{
-	let is_public_room = matches!(join_rule, Public | Knock | KnockRestricted);
 	match sender_user {
 		| Some(sender_user) => {
 			let user_can_see_state_events = services
@@ -294,6 +271,7 @@ where
 				.user_can_see_state_events(sender_user, room_id);
 			let is_guest = services.users.is_deactivated(sender_user).unwrap_or(false);
 			let user_in_allowed_restricted_room = allowed_room_ids
+				.iter()
 				.stream()
 				.any(|room| services.rooms.state_cache.is_joined(sender_user, room));
 
@@ -304,7 +282,7 @@ where
 
 			if user_can_see_state_events
 				|| (is_guest && guest_can_join)
-				|| is_public_room
+				|| matches!(&join_rule, &Public | &Knock | &KnockRestricted)
 				|| user_in_allowed_restricted_room
 			{
 				return Ok(());
@@ -317,7 +295,7 @@ where
 			)))
 		},
 		| None => {
-			if is_public_room || world_readable {
+			if matches!(join_rule, Public | Knock | KnockRestricted) || world_readable {
 				return Ok(());
 			}
 

src/api/client/room/upgrade.rs

@@ -1,10 +1,7 @@
 use std::cmp::max;
 
 use axum::extract::State;
-use conduwuit::{
+use conduwuit::{Error, Result, StateKey, err, info, pdu::PduBuilder};
-	Error, Result, err, info,
-	matrix::{StateKey, pdu::PduBuilder},
-};
 use futures::StreamExt;
 use ruma::{
 	CanonicalJsonObject, RoomId, RoomVersionId,

src/api/client/search.rs

@@ -2,12 +2,10 @@ use std::collections::BTreeMap;
 
 use axum::extract::State;
 use conduwuit::{
-	Err, Result, at, is_true,
+	Err, PduEvent, Result, at, is_true,
-	matrix::pdu::PduEvent,
 	result::FlatOk,
 	utils::{IterStream, stream::ReadyExt},
 };
-use conduwuit_service::{Services, rooms::search::RoomQuery};
 use futures::{FutureExt, StreamExt, TryFutureExt, TryStreamExt, future::OptionFuture};
 use ruma::{
 	OwnedRoomId, RoomId, UInt, UserId,
@@ -19,6 +17,7 @@ use ruma::{
 	serde::Raw,
 };
 use search_events::v3::{Request, Response};
+use service::{Services, rooms::search::RoomQuery};
 
 use crate::Ruma;
 

src/api/client/send.rs

@@ -1,11 +1,11 @@
 use std::collections::BTreeMap;
 
 use axum::extract::State;
-use conduwuit::{Err, Result, err, matrix::pdu::PduBuilder, utils};
+use conduwuit::{Err, err};
 use ruma::{api::client::message::send_message_event, events::MessageLikeEventType};
 use serde_json::from_str;
 
-use crate::Ruma;
+use crate::{Result, Ruma, service::pdu::PduBuilder, utils};
 
 /// # `PUT /_matrix/client/v3/rooms/{roomId}/send/{eventType}/{txnId}`
 ///

src/api/client/session.rs

@@ -2,11 +2,7 @@ use std::time::Duration;
 
 use axum::extract::State;
 use axum_client_ip::InsecureClientIp;
-use conduwuit::{
+use conduwuit::{Err, debug, err, info, utils::ReadyExt};
-	Err, Error, Result, debug, err, info, utils,
-	utils::{ReadyExt, hash},
-};
-use conduwuit_service::uiaa::SESSION_ID_LENGTH;
 use futures::StreamExt;
 use ruma::{
 	UserId,
@@ -26,9 +22,10 @@ use ruma::{
 		uiaa,
 	},
 };
+use service::uiaa::SESSION_ID_LENGTH;
 
 use super::{DEVICE_ID_LENGTH, TOKEN_LENGTH};
-use crate::Ruma;
+use crate::{Error, Result, Ruma, utils, utils::hash};
 
 /// # `GET /_matrix/client/v3/login`
 ///

src/api/client/space.rs

@@ -8,16 +8,16 @@ use conduwuit::{
 	Err, Result,
 	utils::{future::TryExtExt, stream::IterStream},
 };
-use conduwuit_service::{
+use futures::{StreamExt, TryFutureExt, future::OptionFuture};
+use ruma::{
+	OwnedRoomId, OwnedServerName, RoomId, UInt, UserId, api::client::space::get_hierarchy,
+};
+use service::{
 	Services,
 	rooms::spaces::{
 		PaginationToken, SummaryAccessibility, get_parent_children_via, summary_to_chunk,
 	},
 };
-use futures::{StreamExt, TryFutureExt, future::OptionFuture};
-use ruma::{
-	OwnedRoomId, OwnedServerName, RoomId, UInt, UserId, api::client::space::get_hierarchy,
-};
 
 use crate::Ruma;
 

src/api/client/state.rs

@@ -1,10 +1,5 @@
 use axum::extract::State;
-use conduwuit::{
+use conduwuit::{Err, PduEvent, Result, err, pdu::PduBuilder, utils::BoolExt};
-	Err, Result, err,
-	matrix::pdu::{PduBuilder, PduEvent},
-	utils::BoolExt,
-};
-use conduwuit_service::Services;
 use futures::TryStreamExt;
 use ruma::{
 	OwnedEventId, RoomId, UserId,
@@ -21,6 +16,7 @@ use ruma::{
 	},
 	serde::Raw,
 };
+use service::Services;
 
 use crate::{Ruma, RumaResponse};
 
@@ -211,7 +207,7 @@ async fn allowed_to_send_state_event(
 			// irreversible mistakes
 			match json.deserialize_as::<RoomServerAclEventContent>() {
 				| Ok(acl_content) => {
-					if acl_content.allow_is_empty() {
+					if acl_content.allow.is_empty() {
 						return Err!(Request(BadJson(debug_warn!(
 							?room_id,
 							"Sending an ACL event with an empty allow key will permanently \
@@ -220,7 +216,9 @@ async fn allowed_to_send_state_event(
 						))));
 					}
 
-					if acl_content.deny_contains("*") && acl_content.allow_contains("*") {
+					if acl_content.deny.contains(&String::from("*"))
+						&& acl_content.allow.contains(&String::from("*"))
+					{
 						return Err!(Request(BadJson(debug_warn!(
 							?room_id,
 							"Sending an ACL event with a deny and allow key value of \"*\" will \
@@ -229,9 +227,11 @@ async fn allowed_to_send_state_event(
 						))));
 					}
 
-					if acl_content.deny_contains("*")
+					if acl_content.deny.contains(&String::from("*"))
 						&& !acl_content.is_allowed(services.globals.server_name())
-						&& !acl_content.allow_contains(services.globals.server_name().as_str())
+						&& !acl_content
+							.allow
+							.contains(&services.globals.server_name().to_string())
 					{
 						return Err!(Request(BadJson(debug_warn!(
 							?room_id,
@@ -241,9 +241,11 @@ async fn allowed_to_send_state_event(
 						))));
 					}
 
-					if !acl_content.allow_contains("*")
+					if !acl_content.allow.contains(&String::from("*"))
 						&& !acl_content.is_allowed(services.globals.server_name())
-						&& !acl_content.allow_contains(services.globals.server_name().as_str())
+						&& !acl_content
+							.allow
+							.contains(&services.globals.server_name().to_string())
 					{
 						return Err!(Request(BadJson(debug_warn!(
 							?room_id,

src/api/client/sync/mod.rs

@@ -3,14 +3,12 @@ mod v4;
 mod v5;
 
 use conduwuit::{
-	Error, PduCount, Result,
+	PduCount,
-	matrix::pdu::PduEvent,
 	utils::{
 		IterStream,
 		stream::{BroadbandExt, ReadyExt, TryIgnore},
 	},
 };
-use conduwuit_service::Services;
 use futures::{StreamExt, pin_mut};
 use ruma::{
 	RoomId, UserId,
@@ -23,6 +21,7 @@ use ruma::{
 pub(crate) use self::{
 	v3::sync_events_route, v4::sync_events_v4_route, v5::sync_events_v5_route,
 };
+use crate::{Error, PduEvent, Result, service::Services};
 
 pub(crate) const DEFAULT_BUMP_TYPES: &[TimelineEventType; 6] =
 	&[CallInvite, PollStart, Beacon, RoomEncrypted, RoomMessage, Sticker];

src/api/client/sync/v3.rs

@@ -6,16 +6,12 @@ use std::{
 
 use axum::extract::State;
 use conduwuit::{
-	Result, at, err, error, extract_variant, is_equal_to,
+	PduCount, PduEvent, Result, at, err, error, extract_variant, is_equal_to, pair_of,
-	matrix::{
+	pdu::{Event, EventHash},
-		Event,
+	ref_at,
-		pdu::{EventHash, PduCount, PduEvent},
-	},
-	pair_of, ref_at,
 	result::FlatOk,
 	utils::{
 		self, BoolExt, IterStream, ReadyExt, TryFutureExtExt,
-		future::OptionStream,
 		math::ruma_from_u64,
 		stream::{BroadbandExt, Tools, TryExpect, WidebandExt},
 	},
@@ -1037,7 +1033,7 @@ async fn calculate_state_incremental<'a>(
 		})
 		.into();
 
-	let state_diff_ids: OptionFuture<_> = (!full_state && state_changed)
+	let state_diff: OptionFuture<_> = (!full_state && state_changed)
 		.then(|| {
 			StreamExt::into_future(
 				services
@@ -1062,9 +1058,45 @@ async fn calculate_state_incremental<'a>(
 		})
 		.into();
 
+	let lazy_state_ids = lazy_state_ids
+		.map(|opt| {
+			opt.map(|(curr, next)| {
+				let opt = curr;
+				let iter = Option::into_iter(opt);
+				IterStream::stream(iter).chain(next)
+			})
+		})
+		.map(Option::into_iter)
+		.map(IterStream::stream)
+		.flatten_stream()
+		.flatten();
+
+	let state_diff_ids = state_diff
+		.map(|opt| {
+			opt.map(|(curr, next)| {
+				let opt = curr;
+				let iter = Option::into_iter(opt);
+				IterStream::stream(iter).chain(next)
+			})
+		})
+		.map(Option::into_iter)
+		.map(IterStream::stream)
+		.flatten_stream()
+		.flatten();
+
 	let state_events = current_state_ids
-		.stream()
+		.map(|opt| {
-		.chain(state_diff_ids.stream())
+			opt.map(|(curr, next)| {
+				let opt = curr;
+				let iter = Option::into_iter(opt);
+				IterStream::stream(iter).chain(next)
+			})
+		})
+		.map(Option::into_iter)
+		.map(IterStream::stream)
+		.flatten_stream()
+		.flatten()
+		.chain(state_diff_ids)
 		.broad_filter_map(|(shortstatekey, shorteventid)| async move {
 			if witness.is_none() || encrypted_room {
 				return Some(shorteventid);
@@ -1072,7 +1104,7 @@ async fn calculate_state_incremental<'a>(
 
 			lazy_filter(services, sender_user, shortstatekey, shorteventid).await
 		})
-		.chain(lazy_state_ids.stream())
+		.chain(lazy_state_ids)
 		.broad_filter_map(|shorteventid| {
 			services
 				.rooms

src/api/client/sync/v5.rs

@@ -6,19 +6,13 @@ use std::{
 
 use axum::extract::State;
 use conduwuit::{
-	Error, Result, debug, error, extract_variant,
+	Error, PduEvent, Result, TypeStateKey, debug, error, extract_variant, trace,
-	matrix::{
-		TypeStateKey,
-		pdu::{PduCount, PduEvent},
-	},
-	trace,
 	utils::{
 		BoolExt, IterStream, ReadyExt, TryFutureExtExt,
 		math::{ruma_from_usize, usize_from_ruma},
 	},
 	warn,
 };
-use conduwuit_service::rooms::read_receipt::pack_receipts;
 use futures::{FutureExt, StreamExt, TryFutureExt};
 use ruma::{
 	DeviceId, OwnedEventId, OwnedRoomId, RoomId, UInt, UserId,
@@ -33,6 +27,7 @@ use ruma::{
 	serde::Raw,
 	uint,
 };
+use service::{PduCount, rooms::read_receipt::pack_receipts};
 
 use super::{filter_rooms, share_encrypted_room};
 use crate::{

src/api/client/tag.rs

@@ -1,7 +1,6 @@
 use std::collections::BTreeMap;
 
 use axum::extract::State;
-use conduwuit::Result;
 use ruma::{
 	api::client::tag::{create_tag, delete_tag, get_tags},
 	events::{
@@ -10,7 +9,7 @@ use ruma::{
 	},
 };
 
-use crate::Ruma;
+use crate::{Result, Ruma};
 
 /// # `PUT /_matrix/client/r0/user/{userId}/rooms/{roomId}/tags/{tag}`
 ///

src/api/client/thirdparty.rs

@@ -1,9 +1,8 @@
 use std::collections::BTreeMap;
 
-use conduwuit::Result;
 use ruma::api::client::thirdparty::get_protocols;
 
-use crate::{Ruma, RumaResponse};
+use crate::{Result, Ruma, RumaResponse};
 
 /// # `GET /_matrix/client/r0/thirdparty/protocols`
 ///

src/api/client/threads.rs

@@ -1,12 +1,9 @@
 use axum::extract::State;
-use conduwuit::{
+use conduwuit::{PduCount, PduEvent, at};
-	Result, at,
-	matrix::pdu::{PduCount, PduEvent},
-};
 use futures::StreamExt;
 use ruma::{api::client::threads::get_threads, uint};
 
-use crate::Ruma;
+use crate::{Result, Ruma};
 
 /// # `GET /_matrix/client/r0/rooms/{roomId}/threads`
 pub(crate) async fn get_threads_route(

src/api/client/to_device.rs

@@ -2,7 +2,6 @@ use std::collections::BTreeMap;
 
 use axum::extract::State;
 use conduwuit::{Error, Result};
-use conduwuit_service::sending::EduBuf;
 use futures::StreamExt;
 use ruma::{
 	api::{
@@ -11,6 +10,7 @@ use ruma::{
 	},
 	to_device::DeviceIdOrAllDevices,
 };
+use service::sending::EduBuf;
 
 use crate::Ruma;
 

src/api/client/typing.rs

@@ -1,8 +1,8 @@
 use axum::extract::State;
-use conduwuit::{Err, Result, utils, utils::math::Tried};
+use conduwuit::{Err, utils::math::Tried};
 use ruma::api::client::typing::create_typing_event;
 
-use crate::Ruma;
+use crate::{Result, Ruma, utils};
 
 /// # `PUT /_matrix/client/r0/rooms/{roomId}/typing/{userId}`
 ///

src/api/client/unversioned.rs

@@ -1,11 +1,10 @@
 use std::collections::BTreeMap;
 
 use axum::{Json, extract::State, response::IntoResponse};
-use conduwuit::Result;
 use futures::StreamExt;
 use ruma::api::client::discovery::get_supported_versions;
 
-use crate::Ruma;
+use crate::{Result, Ruma};
 
 /// # `GET /_matrix/client/versions`
 ///

src/api/client/user_directory.rs

@@ -1,19 +1,15 @@
 use axum::extract::State;
-use conduwuit::{
+use conduwuit::utils::TryFutureExtExt;
-	Result,
+use futures::{StreamExt, pin_mut};
-	utils::{future::BoolExt, stream::BroadbandExt},
-};
-use futures::{FutureExt, StreamExt, pin_mut};
 use ruma::{
-	api::client::user_directory::search_users::{self},
+	api::client::user_directory::search_users,
-	events::room::join_rules::JoinRule,
+	events::{
+		StateEventType,
+		room::join_rules::{JoinRule, RoomJoinRulesEventContent},
+	},
 };
 
-use crate::Ruma;
+use crate::{Result, Ruma};
-
-// conduwuit can handle a lot more results than synapse
-const LIMIT_MAX: usize = 500;
-const LIMIT_DEFAULT: usize = 10;
 
 /// # `POST /_matrix/client/r0/user_directory/search`
 ///
@@ -25,63 +21,78 @@ pub(crate) async fn search_users_route(
 	State(services): State<crate::State>,
 	body: Ruma<search_users::v3::Request>,
 ) -> Result<search_users::v3::Response> {
-	let sender_user = body.sender_user();
+	let sender_user = body.sender_user.as_ref().expect("user is authenticated");
-	let limit = usize::try_from(body.limit)
+	let limit = usize::try_from(body.limit).map_or(10, usize::from).min(100); // default limit is 10
-		.map_or(LIMIT_DEFAULT, usize::from)
-		.min(LIMIT_MAX);
 
-	let mut users = services
+	let users = services.users.stream().filter_map(|user_id| async {
-		.users
+		// Filter out buggy users (they should not exist, but you never know...)
-		.stream()
+		let user = search_users::v3::User {
-		.map(ToOwned::to_owned)
+			user_id: user_id.to_owned(),
-		.broad_filter_map(async |user_id| {
+			display_name: services.users.displayname(user_id).await.ok(),
-			let user = search_users::v3::User {
+			avatar_url: services.users.avatar_url(user_id).await.ok(),
-				user_id: user_id.clone(),
+		};
-				display_name: services.users.displayname(&user_id).await.ok(),
-				avatar_url: services.users.avatar_url(&user_id).await.ok(),
-			};
 
-			let user_id_matches = user
+		let user_id_matches = user
-				.user_id
+			.user_id
-				.as_str()
+			.to_string()
-				.to_lowercase()
+			.to_lowercase()
-				.contains(&body.search_term.to_lowercase());
+			.contains(&body.search_term.to_lowercase());
 
-			let user_displayname_matches = user.display_name.as_ref().is_some_and(|name| {
+		let user_displayname_matches = user
+			.display_name
+			.as_ref()
+			.filter(|name| {
 				name.to_lowercase()
 					.contains(&body.search_term.to_lowercase())
-			});
+			})
+			.is_some();
 
-			if !user_id_matches && !user_displayname_matches {
+		if !user_id_matches && !user_displayname_matches {
-				return None;
+			return None;
+		}
+
+		// It's a matching user, but is the sender allowed to see them?
+		let mut user_visible = false;
+
+		let user_is_in_public_rooms = services
+			.rooms
+			.state_cache
+			.rooms_joined(&user.user_id)
+			.any(|room| {
+				services
+					.rooms
+					.state_accessor
+					.room_state_get_content::<RoomJoinRulesEventContent>(
+						room,
+						&StateEventType::RoomJoinRules,
+						"",
+					)
+					.map_ok_or(false, |content| content.join_rule == JoinRule::Public)
+			})
+			.await;
+
+		if user_is_in_public_rooms {
+			user_visible = true;
+		} else {
+			let user_is_in_shared_rooms = services
+				.rooms
+				.state_cache
+				.user_sees_user(sender_user, &user.user_id)
+				.await;
+
+			if user_is_in_shared_rooms {
+				user_visible = true;
 			}
+		}
 
-			let user_in_public_room = services
+		user_visible.then_some(user)
-				.rooms
+	});
-				.state_cache
-				.rooms_joined(&user_id)
-				.map(ToOwned::to_owned)
-				.any(|room| async move {
-					services
-						.rooms
-						.state_accessor
-						.get_join_rules(&room)
-						.map(|rule| matches!(rule, JoinRule::Public))
-						.await
-				});
 
-			let user_sees_user = services
+	pin_mut!(users);
-				.rooms
-				.state_cache
-				.user_sees_user(sender_user, &user_id);
 
-			pin_mut!(user_in_public_room, user_sees_user);
+	let limited = users.by_ref().next().await.is_some();
 
-			user_in_public_room.or(user_sees_user).await.then_some(user)
+	let results = users.take(limit).collect().await;
-		});
-
-	let results = users.by_ref().take(limit).collect().await;
-	let limited = users.next().await.is_some();
 
 	Ok(search_users::v3::Response { results, limited })
 }

src/api/client/voip.rs

@@ -2,12 +2,12 @@ use std::time::{Duration, SystemTime};
 
 use axum::extract::State;
 use base64::{Engine as _, engine::general_purpose};
-use conduwuit::{Err, Result, utils};
+use conduwuit::{Err, utils};
 use hmac::{Hmac, Mac};
 use ruma::{SecondsSinceUnixEpoch, UserId, api::client::voip::get_turn_server_info};
 use sha1::Sha1;
 
-use crate::Ruma;
+use crate::{Result, Ruma};
 
 const RANDOM_USER_ID_LENGTH: usize = 10;
 

src/api/client/well_known.rs

@@ -1,5 +1,4 @@
 use axum::{Json, extract::State, response::IntoResponse};
-use conduwuit::{Error, Result};
 use ruma::api::client::{
 	discovery::{
 		discover_homeserver::{self, HomeserverInfo, SlidingSyncProxyInfo},
@@ -8,7 +7,7 @@ use ruma::api::client::{
 	error::ErrorKind,
 };
 
-use crate::Ruma;
+use crate::{Error, Result, Ruma};
 
 /// # `GET /.well-known/matrix/client`
 ///

src/api/mod.rs

@@ -8,6 +8,8 @@ pub mod server;
 extern crate conduwuit_core as conduwuit;
 extern crate conduwuit_service as service;
 
+pub(crate) use conduwuit::{Error, Result, debug_info, pdu::PduEvent, utils};
+
 pub(crate) use self::router::{Ruma, RumaResponse, State};
 
 conduwuit::mod_ctor! {}

src/api/router/auth.rs

@@ -317,9 +317,10 @@ fn auth_server_checks(services: &Services, x_matrix: &XMatrix) -> Result<()> {
 
 	let origin = &x_matrix.origin;
 	if services
+		.server
 		.config
 		.forbidden_remote_server_names
-		.is_match(origin.host())
+		.contains(origin)
 	{
 		return Err!(Request(Forbidden(debug_warn!(
 			"Federation requests from {origin} denied."

src/api/server/hierarchy.rs

@@ -3,11 +3,9 @@ use conduwuit::{
 	Err, Result,
 	utils::stream::{BroadbandExt, IterStream},
 };
-use conduwuit_service::rooms::spaces::{
-	Identifier, SummaryAccessibility, get_parent_children_via,
-};
 use futures::{FutureExt, StreamExt};
 use ruma::api::federation::space::get_hierarchy;
+use service::rooms::spaces::{Identifier, SummaryAccessibility, get_parent_children_via};
 
 use crate::Ruma;
 

src/api/server/invite.rs

@@ -1,15 +1,14 @@
 use axum::extract::State;
 use axum_client_ip::InsecureClientIp;
 use base64::{Engine as _, engine::general_purpose};
-use conduwuit::{
+use conduwuit::{Err, Error, PduEvent, Result, err, utils, utils::hash::sha256, warn};
-	Err, Error, PduEvent, Result, err, pdu::gen_event_id, utils, utils::hash::sha256, warn,
-};
 use ruma::{
 	CanonicalJsonValue, OwnedUserId, UserId,
 	api::{client::error::ErrorKind, federation::membership::create_invite},
 	events::room::member::{MembershipState, RoomMemberEventContent},
 	serde::JsonObject,
 };
+use service::pdu::gen_event_id;
 
 use crate::Ruma;
 
@@ -38,18 +37,20 @@ pub(crate) async fn create_invite_route(
 
 	if let Some(server) = body.room_id.server_name() {
 		if services
+			.server
 			.config
 			.forbidden_remote_server_names
-			.is_match(server.host())
+			.contains(&server.to_owned())
 		{
 			return Err!(Request(Forbidden("Server is banned on this homeserver.")));
 		}
 	}
 
 	if services
+		.server
 		.config
 		.forbidden_remote_server_names
-		.is_match(body.origin().host())
+		.contains(body.origin())
 	{
 		warn!(
 			"Received federated/remote invite from banned server {} for room ID {}. Rejecting.",

src/api/server/make_join.rs

@@ -1,8 +1,5 @@
 use axum::extract::State;
-use conduwuit::{
+use conduwuit::{Err, debug_info, utils::IterStream, warn};
-	Err, Error, Result, debug_info, matrix::pdu::PduBuilder, utils::IterStream, warn,
-};
-use conduwuit_service::Services;
 use futures::StreamExt;
 use ruma::{
 	CanonicalJsonObject, OwnedUserId, RoomId, RoomVersionId, UserId,
@@ -17,7 +14,10 @@ use ruma::{
 };
 use serde_json::value::to_raw_value;
 
-use crate::Ruma;
+use crate::{
+	Error, Result, Ruma,
+	service::{Services, pdu::PduBuilder},
+};
 
 /// # `GET /_matrix/federation/v1/make_join/{roomId}/{userId}`
 ///
@@ -42,9 +42,10 @@ pub(crate) async fn create_join_event_template_route(
 		.await?;
 
 	if services
+		.server
 		.config
 		.forbidden_remote_server_names
-		.is_match(body.origin().host())
+		.contains(body.origin())
 	{
 		warn!(
 			"Server {} for remote user {} tried joining room ID {} which has a server name that \
@@ -58,9 +59,10 @@ pub(crate) async fn create_join_event_template_route(
 
 	if let Some(server) = body.room_id.server_name() {
 		if services
+			.server
 			.config
 			.forbidden_remote_server_names
-			.is_match(server.host())
+			.contains(&server.to_owned())
 		{
 			return Err!(Request(Forbidden(warn!(
 				"Room ID server name {server} is banned on this homeserver."

src/api/server/make_knock.rs

@@ -1,14 +1,15 @@
 use RoomVersionId::*;
 use axum::extract::State;
-use conduwuit::{Err, Error, Result, debug_warn, matrix::pdu::PduBuilder, warn};
+use conduwuit::{Err, debug_warn};
 use ruma::{
 	RoomVersionId,
 	api::{client::error::ErrorKind, federation::knock::create_knock_event_template},
 	events::room::member::{MembershipState, RoomMemberEventContent},
 };
 use serde_json::value::to_raw_value;
+use tracing::warn;
 
-use crate::Ruma;
+use crate::{Error, Result, Ruma, service::pdu::PduBuilder};
 
 /// # `GET /_matrix/federation/v1/make_knock/{roomId}/{userId}`
 ///
@@ -33,9 +34,10 @@ pub(crate) async fn create_knock_event_template_route(
 		.await?;
 
 	if services
+		.server
 		.config
 		.forbidden_remote_server_names
-		.is_match(body.origin().host())
+		.contains(body.origin())
 	{
 		warn!(
 			"Server {} for remote user {} tried knocking room ID {} which has a server name \
@@ -49,9 +51,10 @@ pub(crate) async fn create_knock_event_template_route(
 
 	if let Some(server) = body.room_id.server_name() {
 		if services
+			.server
 			.config
 			.forbidden_remote_server_names
-			.is_match(server.host())
+			.contains(&server.to_owned())
 		{
 			return Err!(Request(Forbidden("Server is banned on this homeserver.")));
 		}

src/api/server/make_leave.rs

@@ -1,5 +1,5 @@
 use axum::extract::State;
-use conduwuit::{Err, Result, matrix::pdu::PduBuilder};
+use conduwuit::{Err, Result};
 use ruma::{
 	api::federation::membership::prepare_leave_event,
 	events::room::member::{MembershipState, RoomMemberEventContent},
@@ -7,7 +7,7 @@ use ruma::{
 use serde_json::value::to_raw_value;
 
 use super::make_join::maybe_strip_event_id;
-use crate::Ruma;
+use crate::{Ruma, service::pdu::PduBuilder};
 
 /// # `GET /_matrix/federation/v1/make_leave/{roomId}/{eventId}`
 ///

src/api/server/openid.rs

@@ -1,8 +1,7 @@
 use axum::extract::State;
-use conduwuit::Result;
 use ruma::api::federation::openid::get_openid_userinfo;
 
-use crate::Ruma;
+use crate::{Result, Ruma};
 
 /// # `GET /_matrix/federation/v1/openid/userinfo`
 ///

src/api/server/publicrooms.rs

@@ -1,6 +1,5 @@
 use axum::extract::State;
 use axum_client_ip::InsecureClientIp;
-use conduwuit::{Error, Result};
 use ruma::{
 	api::{
 		client::error::ErrorKind,
@@ -9,7 +8,7 @@ use ruma::{
 	directory::Filter,
 };
 
-use crate::Ruma;
+use crate::{Error, Result, Ruma};
 
 /// # `POST /_matrix/federation/v1/publicRooms`
 ///

src/api/server/send.rs

@@ -9,15 +9,11 @@ use conduwuit::{
 	result::LogErr,
 	trace,
 	utils::{
-		IterStream, ReadyExt, millis_since_unix_epoch,
+		IterStream, ReadyExt,
 		stream::{BroadbandExt, TryBroadbandExt, automatic_width},
 	},
 	warn,
 };
-use conduwuit_service::{
-	Services,
-	sending::{EDU_LIMIT, PDU_LIMIT},
-};
 use futures::{FutureExt, Stream, StreamExt, TryFutureExt, TryStreamExt};
 use itertools::Itertools;
 use ruma::{
@@ -37,8 +33,16 @@ use ruma::{
 	serde::Raw,
 	to_device::DeviceIdOrAllDevices,
 };
+use service::{
+	Services,
+	sending::{EDU_LIMIT, PDU_LIMIT},
+};
+use utils::millis_since_unix_epoch;
 
-use crate::Ruma;
+use crate::{
+	Ruma,
+	utils::{self},
+};
 
 type ResolvedMap = BTreeMap<OwnedEventId, Result>;
 type Pdu = (OwnedRoomId, OwnedEventId, CanonicalJsonObject);

src/api/server/send_join.rs

@@ -9,7 +9,6 @@ use conduwuit::{
 	utils::stream::{IterStream, TryBroadbandExt},
 	warn,
 };
-use conduwuit_service::Services;
 use futures::{FutureExt, StreamExt, TryStreamExt};
 use ruma::{
 	CanonicalJsonValue, OwnedEventId, OwnedRoomId, OwnedServerName, OwnedUserId, RoomId,
@@ -21,6 +20,7 @@ use ruma::{
 	},
 };
 use serde_json::value::{RawValue as RawJsonValue, to_raw_value};
+use service::Services;
 
 use crate::Ruma;
 
@@ -268,9 +268,10 @@ pub(crate) async fn create_join_event_v1_route(
 	body: Ruma<create_join_event::v1::Request>,
 ) -> Result<create_join_event::v1::Response> {
 	if services
+		.server
 		.config
 		.forbidden_remote_server_names
-		.is_match(body.origin().host())
+		.contains(body.origin())
 	{
 		warn!(
 			"Server {} tried joining room ID {} through us who has a server name that is \
@@ -283,9 +284,10 @@ pub(crate) async fn create_join_event_v1_route(
 
 	if let Some(server) = body.room_id.server_name() {
 		if services
+			.server
 			.config
 			.forbidden_remote_server_names
-			.is_match(server.host())
+			.contains(&server.to_owned())
 		{
 			warn!(
 				"Server {} tried joining room ID {} through us which has a server name that is \
@@ -314,18 +316,20 @@ pub(crate) async fn create_join_event_v2_route(
 	body: Ruma<create_join_event::v2::Request>,
 ) -> Result<create_join_event::v2::Response> {
 	if services
+		.server
 		.config
 		.forbidden_remote_server_names
-		.is_match(body.origin().host())
+		.contains(body.origin())
 	{
 		return Err!(Request(Forbidden("Server is banned on this homeserver.")));
 	}
 
 	if let Some(server) = body.room_id.server_name() {
 		if services
+			.server
 			.config
 			.forbidden_remote_server_names
-			.is_match(server.host())
+			.contains(&server.to_owned())
 		{
 			warn!(
 				"Server {} tried joining room ID {} through us which has a server name that is \

src/api/server/send_knock.rs

@@ -1,9 +1,5 @@
 use axum::extract::State;
-use conduwuit::{
+use conduwuit::{Err, PduEvent, Result, err, pdu::gen_event_id_canonical_json, warn};
-	Err, Result, err,
-	matrix::pdu::{PduEvent, gen_event_id_canonical_json},
-	warn,
-};
 use futures::FutureExt;
 use ruma::{
 	OwnedServerName, OwnedUserId,
@@ -26,9 +22,10 @@ pub(crate) async fn create_knock_event_v1_route(
 	body: Ruma<send_knock::v1::Request>,
 ) -> Result<send_knock::v1::Response> {
 	if services
+		.server
 		.config
 		.forbidden_remote_server_names
-		.is_match(body.origin().host())
+		.contains(body.origin())
 	{
 		warn!(
 			"Server {} tried knocking room ID {} who has a server name that is globally \
@@ -41,9 +38,10 @@ pub(crate) async fn create_knock_event_v1_route(
 
 	if let Some(server) = body.room_id.server_name() {
 		if services
+			.server
 			.config
 			.forbidden_remote_server_names
-			.is_match(server.host())
+			.contains(&server.to_owned())
 		{
 			warn!(
 				"Server {} tried knocking room ID {} which has a server name that is globally \

src/api/server/send_leave.rs

@@ -1,8 +1,7 @@
 #![allow(deprecated)]
 
 use axum::extract::State;
-use conduwuit::{Err, Result, err, matrix::pdu::gen_event_id_canonical_json};
+use conduwuit::{Err, Result, err};
-use conduwuit_service::Services;
 use futures::FutureExt;
 use ruma::{
 	OwnedRoomId, OwnedUserId, RoomId, ServerName,
@@ -14,7 +13,10 @@ use ruma::{
 };
 use serde_json::value::RawValue as RawJsonValue;
 
-use crate::Ruma;
+use crate::{
+	Ruma,
+	service::{Services, pdu::gen_event_id_canonical_json},
+};
 
 /// # `PUT /_matrix/federation/v1/send_leave/{roomId}/{eventId}`
 ///

src/api/server/version.rs

@@ -1,7 +1,6 @@
-use conduwuit::Result;
 use ruma::api::federation::discovery::get_server_version;
 
-use crate::Ruma;
+use crate::{Result, Ruma};
 
 /// # `GET /_matrix/federation/v1/version`
 ///

src/api/server/well_known.rs

@@ -1,8 +1,7 @@
 use axum::extract::State;
-use conduwuit::{Error, Result};
 use ruma::api::{client::error::ErrorKind, federation::discovery::discover_homeserver};
 
-use crate::Ruma;
+use crate::{Error, Result, Ruma};
 
 /// # `GET /.well-known/matrix/server`
 ///

src/core/config/mod.rs

@@ -3,7 +3,7 @@ pub mod manager;
 pub mod proxy;
 
 use std::{
-	collections::{BTreeMap, BTreeSet},
+	collections::{BTreeMap, BTreeSet, HashSet},
 	net::{IpAddr, Ipv4Addr, Ipv6Addr, SocketAddr},
 	path::{Path, PathBuf},
 };
@@ -640,9 +640,9 @@ pub struct Config {
 
 	/// Default room version conduwuit will create rooms with.
 	///
-	/// Per spec, room version 11 is the default.
+	/// Per spec, room version 10 is the default.
 	///
-	/// default: 11
+	/// default: 10
 	#[serde(default = "default_default_room_version")]
 	pub default_room_version: RoomVersionId,
 
@@ -715,7 +715,7 @@ pub struct Config {
 	/// Currently, conduwuit doesn't support inbound batched key requests, so
 	/// this list should only contain other Synapse servers.
 	///
-	/// example: ["matrix.org", "tchncs.de"]
+	/// example: ["matrix.org", "envs.net", "tchncs.de"]
 	///
 	/// default: ["matrix.org"]
 	#[serde(default = "default_trusted_servers")]
@@ -1361,18 +1361,15 @@ pub struct Config {
 	#[serde(default)]
 	pub prune_missing_media: bool,
 
-	/// Vector list of regex patterns of server names that conduwuit will refuse
+	/// Vector list of servers that conduwuit will refuse to download remote
-	/// to download remote media from.
+	/// media from.
-	///
-	/// example: ["badserver\.tld$", "badphrase", "19dollarfortnitecards"]
 	///
 	/// default: []
-	#[serde(default, with = "serde_regex")]
+	#[serde(default)]
-	pub prevent_media_downloads_from: RegexSet,
+	pub prevent_media_downloads_from: HashSet<OwnedServerName>,
 
-	/// List of forbidden server names via regex patterns that we will block
+	/// List of forbidden server names that we will block incoming AND outgoing
-	/// incoming AND outgoing federation with, and block client room joins /
+	/// federation with, and block client room joins / remote user invites.
-	/// remote user invites.
 	///
 	/// This check is applied on the room ID, room alias, sender server name,
 	/// sender user's server name, inbound federation X-Matrix origin, and
@@ -1380,21 +1377,17 @@ pub struct Config {
 	///
 	/// Basically "global" ACLs.
 	///
-	/// example: ["badserver\.tld$", "badphrase", "19dollarfortnitecards"]
-	///
 	/// default: []
-	#[serde(default, with = "serde_regex")]
+	#[serde(default)]
-	pub forbidden_remote_server_names: RegexSet,
+	pub forbidden_remote_server_names: HashSet<OwnedServerName>,
 
-	/// List of forbidden server names via regex patterns that we will block all
+	/// List of forbidden server names that we will block all outgoing federated
-	/// outgoing federated room directory requests for. Useful for preventing
+	/// room directory requests for. Useful for preventing our users from
-	/// our users from wandering into bad servers or spaces.
+	/// wandering into bad servers or spaces.
-	///
-	/// example: ["badserver\.tld$", "badphrase", "19dollarfortnitecards"]
 	///
 	/// default: []
-	#[serde(default, with = "serde_regex")]
+	#[serde(default = "HashSet::new")]
-	pub forbidden_remote_room_directory_server_names: RegexSet,
+	pub forbidden_remote_room_directory_server_names: HashSet<OwnedServerName>,
 
 	/// Vector list of IPv4 and IPv6 CIDR ranges / subnets *in quotes* that you
 	/// do not want conduwuit to send outbound requests to. Defaults to
@@ -1515,10 +1508,11 @@ pub struct Config {
 	/// used, and startup as warnings if any room aliases in your database have
 	/// a forbidden room alias/ID.
 	///
-	/// example: ["19dollarfortnitecards", "b[4a]droom", "badphrase"]
+	/// example: ["19dollarfortnitecards", "b[4a]droom"]
 	///
 	/// default: []
-	#[serde(default, with = "serde_regex")]
+	#[serde(default)]
+	#[serde(with = "serde_regex")]
 	pub forbidden_alias_names: RegexSet,
 
 	/// List of forbidden username patterns/strings.
@@ -1530,10 +1524,11 @@ pub struct Config {
 	/// startup as warnings if any local users in your database have a forbidden
 	/// username.
 	///
-	/// example: ["administrator", "b[a4]dusernam[3e]", "badphrase"]
+	/// example: ["administrator", "b[a4]dusernam[3e]"]
 	///
 	/// default: []
-	#[serde(default, with = "serde_regex")]
+	#[serde(default)]
+	#[serde(with = "serde_regex")]
 	pub forbidden_usernames: RegexSet,
 
 	/// Retry failed and incomplete messages to remote servers immediately upon
@@ -2175,7 +2170,7 @@ fn default_rocksdb_stats_level() -> u8 { 1 }
 // I know, it's a great name
 #[must_use]
 #[inline]
-pub fn default_default_room_version() -> RoomVersionId { RoomVersionId::V11 }
+pub fn default_default_room_version() -> RoomVersionId { RoomVersionId::V10 }
 
 fn default_ip_range_denylist() -> Vec<String> {
 	vec![

src/core/matrix/mod.rs

@@ -1,9 +0,0 @@
-//! Core Matrix Library
-
-pub mod event;
-pub mod pdu;
-pub mod state_res;
-
-pub use event::Event;
-pub use pdu::{PduBuilder, PduCount, PduEvent, PduId, RawPduId, StateKey};
-pub use state_res::{EventTypeExt, RoomVersion, StateMap, TypeStateKey};

src/core/mod.rs

@@ -6,10 +6,11 @@ pub mod debug;
 pub mod error;
 pub mod info;
 pub mod log;
-pub mod matrix;
 pub mod metrics;
 pub mod mods;
+pub mod pdu;
 pub mod server;
+pub mod state_res;
 pub mod utils;
 
 pub use ::arrayvec;
@@ -22,8 +23,9 @@ pub use ::tracing;
 pub use config::Config;
 pub use error::Error;
 pub use info::{rustc_flags_capture, version, version::version};
-pub use matrix::{Event, EventTypeExt, PduCount, PduEvent, PduId, RoomVersion, pdu, state_res};
+pub use pdu::{Event, PduBuilder, PduCount, PduEvent, PduId, RawPduId, StateKey};
 pub use server::Server;
+pub use state_res::{EventTypeExt, RoomVersion, StateMap, TypeStateKey};
 pub use utils::{ctor, dtor, implement, result, result::Result};
 
 pub use crate as conduwuit_core;

src/core/pdu/event.rs

@@ -0,0 +1,35 @@
+use ruma::{MilliSecondsSinceUnixEpoch, OwnedEventId, RoomId, UserId, events::TimelineEventType};
+use serde_json::value::RawValue as RawJsonValue;
+
+use super::Pdu;
+pub use crate::state_res::Event;
+
+impl Event for Pdu {
+	type Id = OwnedEventId;
+
+	fn event_id(&self) -> &Self::Id { &self.event_id }
+
+	fn room_id(&self) -> &RoomId { &self.room_id }
+
+	fn sender(&self) -> &UserId { &self.sender }
+
+	fn event_type(&self) -> &TimelineEventType { &self.kind }
+
+	fn content(&self) -> &RawJsonValue { &self.content }
+
+	fn origin_server_ts(&self) -> MilliSecondsSinceUnixEpoch {
+		MilliSecondsSinceUnixEpoch(self.origin_server_ts)
+	}
+
+	fn state_key(&self) -> Option<&str> { self.state_key.as_deref() }
+
+	fn prev_events(&self) -> impl DoubleEndedIterator<Item = &Self::Id> + Send + '_ {
+		self.prev_events.iter()
+	}
+
+	fn auth_events(&self) -> impl DoubleEndedIterator<Item = &Self::Id> + Send + '_ {
+		self.auth_events.iter()
+	}
+
+	fn redacts(&self) -> Option<&Self::Id> { self.redacts.as_ref() }
+}

src/core/pdu/mod.rs

@@ -1,6 +1,7 @@
 mod builder;
 mod content;
 mod count;
+mod event;
 mod event_id;
 mod filter;
 mod id;
@@ -16,8 +17,8 @@ mod unsigned;
 use std::cmp::Ordering;
 
 use ruma::{
-	CanonicalJsonObject, CanonicalJsonValue, EventId, MilliSecondsSinceUnixEpoch, OwnedEventId,
+	CanonicalJsonObject, CanonicalJsonValue, EventId, OwnedEventId, OwnedRoomId, OwnedServerName,
-	OwnedRoomId, OwnedServerName, OwnedUserId, RoomId, UInt, UserId, events::TimelineEventType,
+	OwnedUserId, UInt, events::TimelineEventType,
 };
 use serde::{Deserialize, Serialize};
 use serde_json::value::RawValue as RawJsonValue;
@@ -26,12 +27,12 @@ pub use self::{
 	Count as PduCount, Id as PduId, Pdu as PduEvent, RawId as RawPduId,
 	builder::{Builder, Builder as PduBuilder},
 	count::Count,
+	event::Event,
 	event_id::*,
 	id::*,
 	raw_id::*,
 	state_key::{ShortStateKey, StateKey},
 };
-use super::Event;
 use crate::Result;
 
 /// Persistent Data Unit (Event)
@@ -78,36 +79,6 @@ impl Pdu {
 	}
 }
 
-impl Event for Pdu {
-	type Id = OwnedEventId;
-
-	fn event_id(&self) -> &Self::Id { &self.event_id }
-
-	fn room_id(&self) -> &RoomId { &self.room_id }
-
-	fn sender(&self) -> &UserId { &self.sender }
-
-	fn event_type(&self) -> &TimelineEventType { &self.kind }
-
-	fn content(&self) -> &RawJsonValue { &self.content }
-
-	fn origin_server_ts(&self) -> MilliSecondsSinceUnixEpoch {
-		MilliSecondsSinceUnixEpoch(self.origin_server_ts)
-	}
-
-	fn state_key(&self) -> Option<&str> { self.state_key.as_deref() }
-
-	fn prev_events(&self) -> impl DoubleEndedIterator<Item = &Self::Id> + Send + '_ {
-		self.prev_events.iter()
-	}
-
-	fn auth_events(&self) -> impl DoubleEndedIterator<Item = &Self::Id> + Send + '_ {
-		self.auth_events.iter()
-	}
-
-	fn redacts(&self) -> Option<&Self::Id> { self.redacts.as_ref() }
-}
-
 /// Prevent derived equality which wouldn't limit itself to event_id
 impl Eq for Pdu {}
 
@@ -116,12 +87,12 @@ impl PartialEq for Pdu {
 	fn eq(&self, other: &Self) -> bool { self.event_id == other.event_id }
 }
 
-/// Ordering determined by the Pdu's ID, not the memory representations.
-impl Ord for Pdu {
-	fn cmp(&self, other: &Self) -> Ordering { self.event_id.cmp(&other.event_id) }
-}
-
 /// Ordering determined by the Pdu's ID, not the memory representations.
 impl PartialOrd for Pdu {
 	fn partial_cmp(&self, other: &Self) -> Option<Ordering> { Some(self.cmp(other)) }
 }
+
+/// Ordering determined by the Pdu's ID, not the memory representations.
+impl Ord for Pdu {
+	fn cmp(&self, other: &Self) -> Ordering { self.event_id.cmp(&other.event_id) }
+}

src/core/state_res/mod.rs

@@ -4,6 +4,7 @@ pub(crate) mod error;
 pub mod event_auth;
 mod power_levels;
 mod room_version;
+mod state_event;
 
 #[cfg(test)]
 mod test_utils;
@@ -35,12 +36,9 @@ use self::power_levels::PowerLevelsContentFields;
 pub use self::{
 	event_auth::{auth_check, auth_types_for_event},
 	room_version::RoomVersion,
+	state_event::Event,
 };
-use crate::{
+use crate::{debug, pdu::StateKey, trace, warn};
-	debug,
-	matrix::{event::Event, pdu::StateKey},
-	trace, warn,
-};
 
 /// A mapping of event type and state_key to some value `T`, usually an
 /// `EventId`.

src/core/state_res/power_levels.rs

@@ -11,9 +11,9 @@ use ruma::{
 };
 use serde::Deserialize;
 use serde_json::{Error, from_str as from_json_str};
+use tracing::error;
 
 use super::{Result, RoomVersion};
-use crate::error;
 
 #[derive(Deserialize)]
 struct IntRoomPowerLevelsEventContent {

src/core/state_res/test_utils.rs

@@ -28,10 +28,7 @@ use serde_json::{
 
 pub(crate) use self::event::PduEvent;
 use super::auth_types_for_event;
-use crate::{
+use crate::{Event, EventTypeExt, Result, StateMap, info};
-	Result, info,
-	matrix::{Event, EventTypeExt, StateMap},
-};
 
 static SERVER_TIMESTAMP: AtomicU64 = AtomicU64::new(0);
 

src/core/utils/future/mod.rs

@@ -1,11 +1,9 @@
 mod bool_ext;
 mod ext_ext;
 mod option_ext;
-mod option_stream;
 mod try_ext_ext;
 
 pub use bool_ext::{BoolExt, and, or};
 pub use ext_ext::ExtExt;
 pub use option_ext::OptionExt;
-pub use option_stream::OptionStream;
 pub use try_ext_ext::TryExtExt;

src/core/utils/future/option_ext.rs

@@ -11,14 +11,11 @@ pub trait OptionExt<T> {
 impl<T, Fut> OptionExt<T> for OptionFuture<Fut>
 where
 	Fut: Future<Output = T> + Send,
-	T: Send,
 {
-	#[inline]
 	fn is_none_or(self, f: impl FnOnce(&T) -> bool + Send) -> impl Future<Output = bool> + Send {
 		self.map(|o| o.as_ref().is_none_or(f))
 	}
 
-	#[inline]
 	fn is_some_and(self, f: impl FnOnce(&T) -> bool + Send) -> impl Future<Output = bool> + Send {
 		self.map(|o| o.as_ref().is_some_and(f))
 	}

src/core/utils/future/option_stream.rs

@@ -1,25 +0,0 @@
-use futures::{Future, FutureExt, Stream, StreamExt, future::OptionFuture};
-
-use super::super::IterStream;
-
-pub trait OptionStream<T> {
-	fn stream(self) -> impl Stream<Item = T> + Send;
-}
-
-impl<T, O, S, Fut> OptionStream<T> for OptionFuture<Fut>
-where
-	Fut: Future<Output = (O, S)> + Send,
-	S: Stream<Item = T> + Send,
-	O: IntoIterator<Item = T> + Send,
-	<O as IntoIterator>::IntoIter: Send,
-	T: Send,
-{
-	#[inline]
-	fn stream(self) -> impl Stream<Item = T> + Send {
-		self.map(|opt| opt.map(|(curr, next)| curr.into_iter().stream().chain(next)))
-			.map(Option::into_iter)
-			.map(IterStream::stream)
-			.flatten_stream()
-			.flatten()
-	}
-}

src/core/utils/mod.rs

@@ -49,10 +49,10 @@ pub fn exchange<T>(state: &mut T, source: T) -> T { std::mem::replace(state, sou
 
 #[macro_export]
 macro_rules! extract_variant {
-	( $e:expr_2021, $( $variant:path )|* ) => {
+	($e:expr_2021, $variant:path) => {
 		match $e {
-			$( $variant(value) => Some(value), )*
+			| $variant(value) => Some(value),
-			_ => None,
+			| _ => None,
 		}
 	};
 }

src/service/admin/grant.rs

@@ -1,6 +1,6 @@
 use std::collections::BTreeMap;
 
-use conduwuit::{Err, Result, debug_info, debug_warn, error, implement, matrix::pdu::PduBuilder};
+use conduwuit::{Err, Result, debug_info, debug_warn, error, implement};
 use ruma::{
 	RoomId, UserId,
 	events::{
@@ -14,6 +14,8 @@ use ruma::{
 	},
 };
 
+use crate::pdu::PduBuilder;
+
 /// Invite the user to the conduwuit admin room.
 ///
 /// This is equivalent to granting server admin privileges.

src/service/federation/execute.rs

@@ -69,7 +69,7 @@ where
 		.server
 		.config
 		.forbidden_remote_server_names
-		.is_match(dest.host())
+		.contains(dest)
 	{
 		return Err!(Request(Forbidden(debug_warn!("Federation with {dest} is not allowed."))));
 	}

src/service/media/remote.rs

@@ -426,13 +426,7 @@ fn check_fetch_authorized(&self, mxc: &Mxc<'_>) -> Result<()> {
 		.server
 		.config
 		.prevent_media_downloads_from
-		.is_match(mxc.server_name.host())
+		.contains(mxc.server_name)
-		|| self
-			.services
-			.server
-			.config
-			.forbidden_remote_server_names
-			.is_match(mxc.server_name.host())
 	{
 		// we'll lie to the client and say the blocked server's media was not found and
 		// log. the client has no way of telling anyways so this is a security bonus.

src/service/mod.rs

@@ -31,6 +31,7 @@ pub mod users;
 extern crate conduwuit_core as conduwuit;
 extern crate conduwuit_database as database;
 
+pub use conduwuit::{PduBuilder, PduCount, PduEvent, pdu};
 pub(crate) use service::{Args, Dep, Service};
 
 pub use crate::services::Services;

src/service/rooms/event_handler/state_at_incoming.rs

@@ -5,9 +5,7 @@ use std::{
 };
 
 use conduwuit::{
-	Result, debug, err, implement,
+	PduEvent, Result, StateMap, debug, err, implement, trace,
-	matrix::{PduEvent, StateMap},
-	trace,
 	utils::stream::{BroadbandExt, IterStream, ReadyExt, TryBroadbandExt, TryWidebandExt},
 };
 use futures::{FutureExt, StreamExt, TryFutureExt, TryStreamExt, future::try_join};

src/service/rooms/event_handler/upgrade_outlier_pdu.rs

@@ -1,8 +1,7 @@
 use std::{borrow::Borrow, collections::BTreeMap, iter::once, sync::Arc, time::Instant};
 
 use conduwuit::{
-	Err, Result, debug, debug_info, err, implement,
+	Err, EventTypeExt, PduEvent, Result, StateKey, debug, debug_info, err, implement, state_res,
-	matrix::{EventTypeExt, PduEvent, StateKey, state_res},
 	trace,
 	utils::stream::{BroadbandExt, ReadyExt},
 	warn,

src/service/rooms/outlier/mod.rs

@@ -1,9 +1,11 @@
 use std::sync::Arc;
 
-use conduwuit::{Result, implement, matrix::pdu::PduEvent};
+use conduwuit::{Result, implement};
-use conduwuit_database::{Deserialized, Json, Map};
+use database::{Deserialized, Json, Map};
 use ruma::{CanonicalJsonObject, EventId};
 
+use crate::PduEvent;
+
 pub struct Service {
 	db: Data,
 }

src/service/rooms/read_receipt/mod.rs

@@ -2,11 +2,7 @@ mod data;
 
 use std::{collections::BTreeMap, sync::Arc};
 
-use conduwuit::{
+use conduwuit::{PduCount, PduId, RawPduId, Result, debug, err, warn};
-	Result, debug, err,
-	matrix::pdu::{PduCount, PduId, RawPduId},
-	warn,
-};
 use futures::{Stream, TryFutureExt, try_join};
 use ruma::{
 	OwnedEventId, OwnedUserId, RoomId, UserId,