From 33e09404027104b7f090022402f87c86249d0685 Mon Sep 17 00:00:00 2001
From: Hans van Zijst <hans@procolix.com>
Date: Wed, 27 Nov 2024 16:00:36 +0100
Subject: [PATCH] Added documentation for consent tracking.

---
 matrix/synapse/README.md | 125 ++++++++++++++++++++++++++++++++++++++-
 1 file changed, 124 insertions(+), 1 deletion(-)

diff --git a/matrix/synapse/README.md b/matrix/synapse/README.md
index 90062a9..f51741a 100644
--- a/matrix/synapse/README.md
+++ b/matrix/synapse/README.md
@@ -13,7 +13,7 @@ documentation](https://element-hq.github.io/synapse/latest/setup/installation.ht
 ```
 apt install -y lsb-release wget apt-transport-https build-essential python3-dev libffi-dev \
                python3-pip python3-setuptools sqlite3 \
-               libssl-dev virtualenv libjpeg-dev libxslt1-dev libicu-dev git
+               libssl-dev virtualenv libjpeg-dev libxslt1-dev libicu-dev git python3-jinja2
 
 wget -O /usr/share/keyrings/matrix-org-archive-keyring.gpg https://packages.matrix.org/debian/matrix-org-archive-keyring.gpg
 
@@ -489,3 +489,126 @@ notice to, and click "Send Server Notices".
 
 If the result is that you're returned to the login screen of Synapse-Admin,
 there was an error sending the notice. Check the Synapse logs.
+
+
+## Consent template
+
+You can force your users to accept an agreement before you let them on your
+machine, see the [Synapse Documentation](https://element-hq.github.io/synapse/latest/consent_tracking.html#support-in-synapse-for-tracking-agreement-to-server-terms-and-conditions).
+
+First, make the directory where you want Synapse to search for the document,
+we create the directory `consent_policy`:
+
+
+```
+mkdir -p /var/lib/matrix-synapse/consent_policy/en
+```
+
+You'll have to add the directory `en` under that, as every document is assumed
+to be in English. Support for other languages is on the wish list.
+
+Create a Jinja2 template with the texts you want: the text users have to agree
+to before they can use the service, and the text users that have already
+agreed will see. Something like this:
+
+```
+<!doctype html>
+<html lang="en">
+  <head>
+    <title>Example End User Policy</title>
+  </head>
+  <body>
+  {% if has_consented %}
+    <p>
+      You have already accepted the Example End User Policy.
+    </p>
+  {% else %}
+<h1>Example End User Policy</h1>
+
+These are the terms under which you can use this service. Unless you accept these terms, you
+will not be allowed to send any messages.
+
+<ol>
+  <li>You will not be abusive to other users, be they on this server or on an other.
+  <li>You will not do other nasty stuff.
+  <li>Basically: you will behave like a good person.
+</ol>
+
+We promise you a few things too:
+
+<ol>
+  <li>We'll keep your data safe
+  <li>We won't snoop on you
+  <li>We'll only turn you in with the authorities if you do nasty stuff.
+</ol>
+
+If you accept these terms, you can use this system.
+    {% if not public_version %}
+      <!-- The variables used here are only provided when the 'u' param is given to the homeserver -->
+      <form method="post" action="consent">
+        <input type="hidden" name="v" value="{{version}}"/>
+        <input type="hidden" name="u" value="{{user}}"/>
+        <input type="hidden" name="h" value="{{userhmac}}"/>
+        <input type="submit" value="I accept"/>
+      </form>
+    {% endif %}
+  {% endif %}
+  </body>
+</html>
+```
+
+The name of this document needs to be a version name with the extension `.html`.
+Say you want your users to accept version 0.1, the file must be named
+0.1.html. This version is referred to in the configuration.
+
+After a user has agreed to this policy, he is presented with `success.html`,
+which you will also have to make (although it's not mentioned in the
+documentation). This doesn't have to be very complicated.
+
+```
+<!doctype html>
+<html lang="en">
+  <head>
+    <title>ProcoliX End User Policy</title>
+  </head>
+  <body>
+<p>You have agreed to our End User Policy, you can now use our service.</p>
+
+<p>Have fun!</p>
+  </body>
+</html>
+```
+
+We now have the texts ready, time to configure Synapse to use it.
+
+Create a `form_secret`:
+
+```
+pwgen -csny 30 1
+```
+
+Add this bit to `conf.d/server_notices.yaml`:
+
+```
+form_secret: "<previously generated secret>"
+user_consent:
+  require_at_registration: true
+  policy_name: "Example End User Policy"
+  template_dir: consent_policy
+  version: <version>
+  server_notice_content:
+    msgtype: m.text
+    body: >-
+      You have to agree to our End User Policy before you can use this
+      service. Please read and accept it at %(consent_uri)s.
+  block_events_error: >-
+    You haven't accepted the End User Policy yet, so you can't post any
+    messages yet. Please read and accept the policy at %(consent_uri)s.
+```
+
+Restart Synapse for these changes to take effect.
+
+If you update your policy, you'll have to copy the current one to a new
+version, edit that (e.g. `0.2.html`) and change the `version` to the new
+document. Restart Synapse after that. Your users will all have to agree to the
+new policy.