From 099cd12bddc70e7592b5749507628ac9b2be7424 Mon Sep 17 00:00:00 2001
From: Colin <colin@uninsane.org>
Date: Tue, 18 Apr 2023 00:58:15 +0000
Subject: [PATCH] matrix/irc.nix: sanitize quit messages

---
 .../matrix/irc-no-reveal-bridge.patch         | 13 +++++
 .../services/matrix/irc-no-reveal-mxid.patch  | 50 +++++++++++++++++++
 hosts/by-name/servo/services/matrix/irc.nix   | 14 ++++++
 3 files changed, 77 insertions(+)
 create mode 100644 hosts/by-name/servo/services/matrix/irc-no-reveal-bridge.patch
 create mode 100644 hosts/by-name/servo/services/matrix/irc-no-reveal-mxid.patch

diff --git a/hosts/by-name/servo/services/matrix/irc-no-reveal-bridge.patch b/hosts/by-name/servo/services/matrix/irc-no-reveal-bridge.patch
new file mode 100644
index 00000000..80ca0d9c
--- /dev/null
+++ b/hosts/by-name/servo/services/matrix/irc-no-reveal-bridge.patch
@@ -0,0 +1,13 @@
+diff --git a/src/irc/ConnectionInstance.ts b/src/irc/ConnectionInstance.ts
+index 688036ca..3373fa27 100644
+--- a/src/irc/ConnectionInstance.ts
++++ b/src/irc/ConnectionInstance.ts
+@@ -149,7 +149,7 @@ export class ConnectionInstance {
+         if (this.dead) {
+             return Promise.resolve();
+         }
+-        ircReason = ircReason || reason;
++        ircReason = "bye"; // don't reveal through the IRC quit message that we're a bridge
+         log.info(
+             "disconnect()ing %s@%s - %s", this.nick, this.domain, reason
+         );
diff --git a/hosts/by-name/servo/services/matrix/irc-no-reveal-mxid.patch b/hosts/by-name/servo/services/matrix/irc-no-reveal-mxid.patch
new file mode 100644
index 00000000..e1d6e81a
--- /dev/null
+++ b/hosts/by-name/servo/services/matrix/irc-no-reveal-mxid.patch
@@ -0,0 +1,50 @@
+diff --git a/config.schema.yml b/config.schema.yml
+index 2e71c8d6..42ba8ba1 100644
+--- a/config.schema.yml
++++ b/config.schema.yml
+@@ -433,7 +433,7 @@ properties:
+                                     type: "boolean"
+                                 realnameFormat:
+                                     type: "string"
+-                                    enum: ["mxid","reverse-mxid"]
++                                    enum: ["mxid","reverse-mxid","localpart"]
+                                 ipv6:
+                                     type: "object"
+                                     properties:
+diff --git a/src/irc/IdentGenerator.ts b/src/irc/IdentGenerator.ts
+index 7a2b5cf1..50f7815a 100644
+--- a/src/irc/IdentGenerator.ts
++++ b/src/irc/IdentGenerator.ts
+@@ -74,6 +74,9 @@ export class IdentGenerator {
+         else if (server.getRealNameFormat() === "reverse-mxid") {
+             realname = IdentGenerator.sanitiseRealname(IdentGenerator.switchAroundMxid(matrixUser));
+         }
++        else if (server.getRealNameFormat() == "localpart") {
++            realname = IdentGenerator.sanitiseRealname(matrixUser.localpart);
++        }
+         else {
+             throw Error('Invalid value for realNameFormat');
+         }
+diff --git a/src/irc/IrcServer.ts b/src/irc/IrcServer.ts
+index 2af73ab4..895b9783 100644
+--- a/src/irc/IrcServer.ts
++++ b/src/irc/IrcServer.ts
+@@ -101,7 +101,7 @@ export interface IrcServerConfig {
+         };
+         lineLimit: number;
+         userModes?: string;
+-        realnameFormat?: "mxid"|"reverse-mxid";
++        realnameFormat?: "mxid"|"reverse-mxid"|"localpart";
+         pingTimeoutMs: number;
+         pingRateMs: number;
+         kickOn: {
+@@ -289,7 +289,7 @@ export class IrcServer {
+         return this.config.ircClients.userModes || "";
+     }
+ 
+-    public getRealNameFormat(): "mxid"|"reverse-mxid" {
++    public getRealNameFormat(): "mxid"|"reverse-mxid"|"localpart" {
+         return this.config.ircClients.realnameFormat || "mxid";
+     }
+ 
+
diff --git a/hosts/by-name/servo/services/matrix/irc.nix b/hosts/by-name/servo/services/matrix/irc.nix
index 797061ef..fd7b447f 100644
--- a/hosts/by-name/servo/services/matrix/irc.nix
+++ b/hosts/by-name/servo/services/matrix/irc.nix
@@ -30,6 +30,8 @@ let
     };
     ircClients = {
       nickTemplate = "$LOCALPARTsane";  # @colin:uninsane.org (Matrix) -> colinsane (IRC)
+      realnameFormat = "reverse-mxid";  # @colin:uninsane.org (Matrix) -> org.uninsane:colin (IRC)
+      # realnameFormat = "localpart";  # @colin:uninsane.org (Matrix) -> colin (IRC)  -- but requires the mxid patch below
       # by default, Matrix will convert messages greater than (3) lines into a pastebin-like URL to send to IRC.
       lineLimit = 20;
       # Rizon in particular allows only 4 connections from one IP before a 30min ban.
@@ -89,6 +91,18 @@ let
   };
 in
 {
+
+  nixpkgs.overlays = [
+    (next: prev: {
+      matrix-appservice-irc = prev.matrix-appservice-irc.overrideAttrs (super: {
+        patches = super.patches or [] ++ [
+          ./irc-no-reveal-bridge.patch
+          # ./irc-no-reveal-mxid.patch
+        ];
+      });
+    })
+  ];
+
   sane.persist.sys.plaintext = [
     # TODO: mode?
     { user = "matrix-appservice-irc"; group = "matrix-appservice-irc"; directory = "/var/lib/matrix-appservice-irc"; }