make a media section in the config file

book/changelog.md

@@ -138,9 +138,10 @@ This will be the first release of Grapevine since it was forked from Conduit
 10. Try to generate thumbnails for remote media ourselves if the federation
     thumbnail request fails.
     ([!58](https://gitlab.computer.surgery/matrix/grapevine/-/merge_requests/58))
-11. **BREAKING:** Disable unauthenticated access to media by default, set the
-    `serve_media_unauthenticated` config option to `true` to enable it.
-    ([!103](https://gitlab.computer.surgery/matrix/grapevine/-/merge_requests/103))
+11. **BREAKING:** Disable unauthenticated access to media by default. Use
+    `media.serve_media_unauthenticated` to configure this behavior.
+    ([!103](https://gitlab.computer.surgery/matrix/grapevine/-/merge_requests/103),
+    [!140](https://gitlab.computer.surgery/matrix/grapevine/-/merge_requests/140))
 12. **BREAKING:** Split CLI into multiple subcommands. The CLI invocation to run
     the server is now behind the `serve` command, so `grapevine --config ...`
     becomes `grapevine serve --config ...`.

src/cli/serve.rs

@@ -443,7 +443,7 @@ fn legacy_media_routes(config: &Config) -> Router {
     // deprecated, but unproblematic
     let router = router.ruma_route(c2s::get_media_config_legacy_route);
 
-    if config.serve_media_unauthenticated {
+    if config.media.serve_media_unauthenticated {
         router
             .ruma_route(c2s::get_content_legacy_route)
             .ruma_route(c2s::get_content_as_filename_legacy_route)

src/config.rs

@@ -45,6 +45,8 @@ pub(crate) struct Config {
     pub(crate) server_discovery: ServerDiscovery,
     pub(crate) database: DatabaseConfig,
     #[serde(default)]
+    pub(crate) media: MediaConfig,
+    #[serde(default)]
     pub(crate) federation: FederationConfig,
     #[serde(default)]
     pub(crate) cache: CacheConfig,
@@ -59,8 +61,6 @@ pub(crate) struct Config {
     pub(crate) allow_encryption: bool,
     #[serde(default = "true_fn")]
     pub(crate) allow_room_creation: bool,
-    #[serde(default = "false_fn")]
-    pub(crate) serve_media_unauthenticated: bool,
     #[serde(default = "default_default_room_version")]
     pub(crate) default_room_version: RoomVersionId,
     #[serde(default)]
@@ -74,6 +74,13 @@ pub(crate) struct Config {
     pub(crate) emergency_password: Option<String>,
 }
 
+#[derive(Debug, Deserialize, Default)]
+#[serde(deny_unknown_fields)]
+pub(crate) struct MediaConfig {
+    #[serde(default)]
+    pub(crate) serve_media_unauthenticated: bool,
+}
+
 #[derive(Debug, Deserialize)]
 #[serde(deny_unknown_fields, default)]
 pub(crate) struct CacheConfig {

tests/integrations/snapshots/integrations__check_config__invalid_keys@stderr.snap

@@ -8,4 +8,4 @@ Error: failed to validate configuration
   |
 1 | some_name = "example.com"
   | ^^^^^^^^^
-unknown field `some_name`, expected one of `conduit_compat`, `listen`, `tls`, `server_name`, `server_discovery`, `database`, `federation`, `cache`, `cleanup_second_interval`, `max_request_size`, `allow_registration`, `registration_token`, `allow_encryption`, `allow_room_creation`, `serve_media_unauthenticated`, `default_room_version`, `proxy`, `jwt_secret`, `observability`, `turn`, `emergency_password`
+unknown field `some_name`, expected one of `conduit_compat`, `listen`, `tls`, `server_name`, `server_discovery`, `database`, `media`, `federation`, `cache`, `cleanup_second_interval`, `max_request_size`, `allow_registration`, `registration_token`, `allow_encryption`, `allow_room_creation`, `default_room_version`, `proxy`, `jwt_secret`, `observability`, `turn`, `emergency_password`