add homeserver_only option

[F-Node-Karlsruhe]

Added an optional .env variable which allows homeserver only opteration of the bot. Even when join_on_invite=true, the bot will not join rooms which are located elsewhere than its own homeserver.

The idea is to prevent malicious external use of the bot.

[vranki]

Hi, The change is unfortunately broken. It tests for room ID, which is just random characters and it may NOT contain a homeserver domain (although synapse includes it in ID just to avoid collisions). Also, rooms in matrix are not on any specific homeserver, they are shared by all participating servers.

Correct implementation of this would check the list of room ALIASES instead of ID to find if one of them contains the local homeserver domain. Note that room may have zero aliases and in such case the bot would not be able to join it. Room ID should be considered only as random string and never used for any logic to be compatible with any servers.

[F-Node-Karlsruhe]

Hi, thanks for clarifying :) i did not know that, even though it makes sense. I just came across synapse servers till now and assumed that their naming is part of the protocol.

The takeaway is, that limiting a bot to a homeserver is not possible, but it should be possible for spaces?

[F-Node-Karlsruhe]

Would it be useful to change the feature towards users, i.e. only homeserver users can invite the bot into a room?

[vranki]

Yes, that would work. Allow invites from @*:homeserver.org in config ENV variables or something. That would be good.

[F-Node-Karlsruhe]

It runs very well for our bot :) can be merged

[vranki]

LGTM, thanks!