Add federation_domain_whitelist option (#2820)

Add federation_domain_whitelist gives a way to restrict which domains your HS is allowed to federate with. useful mainly for gracefully preventing a private but internet-connected HS from trying to federate to the wider public Matrix network
2025-05-02 20:54:50 -04:00 · 2018-01-22 19:11:18 +01:00 · 2018-01-22 19:11:18 +01:00 · ab9f844aaf
commit ab9f844aaf
parent d84f65255e
14 changed files with 146 additions and 7 deletions
--- a/synapse/api/errors.py
+++ b/synapse/api/errors.py
@ -141,6 +141,32 @@ class RegistrationError(SynapseError):
    pass


+class FederationDeniedError(SynapseError):
+    """An error raised when the server tries to federate with a server which
+    is not on its federation whitelist.
+
+    Attributes:
+        destination (str): The destination which has been denied
+    """
+
+    def __init__(self, destination):
+        """Raised by federation client or server to indicate that we are
+        are deliberately not attempting to contact a given server because it is
+        not on our federation whitelist.
+
+        Args:
+            destination (str): the domain in question
+        """
+
+        self.destination = destination
+
+        super(FederationDeniedError, self).__init__(
+            code=403,
+            msg="Federation denied with %s." % (self.destination,),
+            errcode=Codes.FORBIDDEN,
+        )
+
+
 class InteractiveAuthIncompleteError(Exception):
    """An error raised when UI auth is not yet complete