Merge branch 'disable-federation-router' into 'next'
refactor: disable federation at the router level See merge request famedly/conduit!629
This commit is contained in:
Timo Kösters
commit
1474b94db6
3 changed files with 44 additions and 44 deletions
|
|
@ -149,10 +149,6 @@ where
|
||||||
Token::User((user_id, device_id)),
|
Token::User((user_id, device_id)),
|
||||||
) => (Some(user_id), Some(device_id), None, false),
|
) => (Some(user_id), Some(device_id), None, false),
|
||||||
(AuthScheme::ServerSignatures, Token::None) => {
|
(AuthScheme::ServerSignatures, Token::None) => {
|
||||||
if !services().globals.allow_federation() {
|
|
||||||
return Err(Error::bad_config("Federation is disabled."));
|
|
||||||
}
|
|
||||||
|
|
||||||
let TypedHeader(Authorization(x_matrix)) = parts
|
let TypedHeader(Authorization(x_matrix)) = parts
|
||||||
.extract::<TypedHeader<Authorization<XMatrix>>>()
|
.extract::<TypedHeader<Authorization<XMatrix>>>()
|
||||||
.await
|
.await
|
||||||
|
|
|
||||||
|
|
@ -527,10 +527,6 @@ async fn request_well_known(destination: &str) -> Option<String> {
|
||||||
pub async fn get_server_version_route(
|
pub async fn get_server_version_route(
|
||||||
_body: Ruma<get_server_version::v1::Request>,
|
_body: Ruma<get_server_version::v1::Request>,
|
||||||
) -> Result<get_server_version::v1::Response> {
|
) -> Result<get_server_version::v1::Response> {
|
||||||
if !services().globals.allow_federation() {
|
|
||||||
return Err(Error::bad_config("Federation is disabled."));
|
|
||||||
}
|
|
||||||
|
|
||||||
Ok(get_server_version::v1::Response {
|
Ok(get_server_version::v1::Response {
|
||||||
server: Some(get_server_version::v1::Server {
|
server: Some(get_server_version::v1::Server {
|
||||||
name: Some("Conduit".to_owned()),
|
name: Some("Conduit".to_owned()),
|
||||||
|
|
@ -547,10 +543,6 @@ pub async fn get_server_version_route(
|
||||||
/// forever.
|
/// forever.
|
||||||
// Response type for this endpoint is Json because we need to calculate a signature for the response
|
// Response type for this endpoint is Json because we need to calculate a signature for the response
|
||||||
pub async fn get_server_keys_route() -> Result<impl IntoResponse> {
|
pub async fn get_server_keys_route() -> Result<impl IntoResponse> {
|
||||||
if !services().globals.allow_federation() {
|
|
||||||
return Err(Error::bad_config("Federation is disabled."));
|
|
||||||
}
|
|
||||||
|
|
||||||
let mut verify_keys: BTreeMap<OwnedServerSigningKeyId, VerifyKey> = BTreeMap::new();
|
let mut verify_keys: BTreeMap<OwnedServerSigningKeyId, VerifyKey> = BTreeMap::new();
|
||||||
verify_keys.insert(
|
verify_keys.insert(
|
||||||
format!("ed25519:{}", services().globals.keypair().version())
|
format!("ed25519:{}", services().globals.keypair().version())
|
||||||
|
|
|
||||||
40
src/main.rs
40
src/main.rs
|
|
@ -3,7 +3,7 @@ use std::{future::Future, io, net::SocketAddr, sync::atomic, time::Duration};
|
||||||
use axum::{
|
use axum::{
|
||||||
extract::{DefaultBodyLimit, FromRequestParts, MatchedPath},
|
extract::{DefaultBodyLimit, FromRequestParts, MatchedPath},
|
||||||
response::IntoResponse,
|
response::IntoResponse,
|
||||||
routing::{get, on, MethodFilter},
|
routing::{any, get, on, MethodFilter},
|
||||||
Router,
|
Router,
|
||||||
};
|
};
|
||||||
use axum_server::{bind, bind_rustls, tls_rustls::RustlsConfig, Handle as ServerHandle};
|
use axum_server::{bind, bind_rustls, tls_rustls::RustlsConfig, Handle as ServerHandle};
|
||||||
|
|
@ -188,7 +188,7 @@ async fn run_server() -> io::Result<()> {
|
||||||
.expect("failed to convert max request size"),
|
.expect("failed to convert max request size"),
|
||||||
));
|
));
|
||||||
|
|
||||||
let app = routes().layer(middlewares).into_make_service();
|
let app = routes(config).layer(middlewares).into_make_service();
|
||||||
let handle = ServerHandle::new();
|
let handle = ServerHandle::new();
|
||||||
|
|
||||||
tokio::spawn(shutdown_signal(handle.clone()));
|
tokio::spawn(shutdown_signal(handle.clone()));
|
||||||
|
|
@ -249,8 +249,8 @@ async fn unrecognized_method<B: Send>(
|
||||||
Ok(inner)
|
Ok(inner)
|
||||||
}
|
}
|
||||||
|
|
||||||
fn routes() -> Router {
|
fn routes(config: &Config) -> Router {
|
||||||
Router::new()
|
let router = Router::new()
|
||||||
.ruma_route(client_server::get_supported_versions_route)
|
.ruma_route(client_server::get_supported_versions_route)
|
||||||
.ruma_route(client_server::get_register_available_route)
|
.ruma_route(client_server::get_register_available_route)
|
||||||
.ruma_route(client_server::register_route)
|
.ruma_route(client_server::register_route)
|
||||||
|
|
@ -390,6 +390,19 @@ fn routes() -> Router {
|
||||||
.ruma_route(client_server::get_relating_events_with_rel_type_route)
|
.ruma_route(client_server::get_relating_events_with_rel_type_route)
|
||||||
.ruma_route(client_server::get_relating_events_route)
|
.ruma_route(client_server::get_relating_events_route)
|
||||||
.ruma_route(client_server::get_hierarchy_route)
|
.ruma_route(client_server::get_hierarchy_route)
|
||||||
|
.route(
|
||||||
|
"/_matrix/client/r0/rooms/:room_id/initialSync",
|
||||||
|
get(initial_sync),
|
||||||
|
)
|
||||||
|
.route(
|
||||||
|
"/_matrix/client/v3/rooms/:room_id/initialSync",
|
||||||
|
get(initial_sync),
|
||||||
|
)
|
||||||
|
.route("/", get(it_works))
|
||||||
|
.fallback(not_found);
|
||||||
|
|
||||||
|
if config.allow_federation {
|
||||||
|
router
|
||||||
.ruma_route(server_server::get_server_version_route)
|
.ruma_route(server_server::get_server_version_route)
|
||||||
.route(
|
.route(
|
||||||
"/_matrix/key/v2/server",
|
"/_matrix/key/v2/server",
|
||||||
|
|
@ -417,16 +430,11 @@ fn routes() -> Router {
|
||||||
.ruma_route(server_server::get_profile_information_route)
|
.ruma_route(server_server::get_profile_information_route)
|
||||||
.ruma_route(server_server::get_keys_route)
|
.ruma_route(server_server::get_keys_route)
|
||||||
.ruma_route(server_server::claim_keys_route)
|
.ruma_route(server_server::claim_keys_route)
|
||||||
.route(
|
} else {
|
||||||
"/_matrix/client/r0/rooms/:room_id/initialSync",
|
router
|
||||||
get(initial_sync),
|
.route("/_matrix/federation/*path", any(federation_disabled))
|
||||||
)
|
.route("/_matrix/key/*path", any(federation_disabled))
|
||||||
.route(
|
}
|
||||||
"/_matrix/client/v3/rooms/:room_id/initialSync",
|
|
||||||
get(initial_sync),
|
|
||||||
)
|
|
||||||
.route("/", get(it_works))
|
|
||||||
.fallback(not_found)
|
|
||||||
}
|
}
|
||||||
|
|
||||||
async fn shutdown_signal(handle: ServerHandle) {
|
async fn shutdown_signal(handle: ServerHandle) {
|
||||||
|
|
@ -463,6 +471,10 @@ async fn shutdown_signal(handle: ServerHandle) {
|
||||||
let _ = sd_notify::notify(true, &[sd_notify::NotifyState::Stopping]);
|
let _ = sd_notify::notify(true, &[sd_notify::NotifyState::Stopping]);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
async fn federation_disabled(_: Uri) -> impl IntoResponse {
|
||||||
|
Error::bad_config("Federation is disabled.")
|
||||||
|
}
|
||||||
|
|
||||||
async fn not_found(uri: Uri) -> impl IntoResponse {
|
async fn not_found(uri: Uri) -> impl IntoResponse {
|
||||||
warn!("Not found: {uri}");
|
warn!("Not found: {uri}");
|
||||||
Error::BadRequest(ErrorKind::Unrecognized, "Unrecognized request")
|
Error::BadRequest(ErrorKind::Unrecognized, "Unrecognized request")
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue