Compare commits

...

614 commits

Author SHA1 Message Date
Timo Kösters
3c93c81204 Merge branch 'docs' into 'next'
fix: config options for well_known have changed

Closes #474

See merge request famedly/conduit!723
2024-10-07 00:00:34 +00:00
Timo Kösters
6767ca8bc8
fix: config options for well_known have changed 2024-10-07 00:03:35 +02:00
Timo Kösters
f8d7ef04e6 Merge branch 'bump' into 'next'
Bump version

See merge request famedly/conduit!722
2024-10-06 14:17:22 +00:00
Timo Kösters
892fb8846a
Bump version 2024-10-06 14:18:54 +02:00
Timo Kösters
bca8d1f70f Merge branch 'mediafixes' into 'next'
fix: old media used spaces in content disposition without quotes

See merge request famedly/conduit!717
2024-09-25 11:53:05 +00:00
Timo Kösters
65fe6b0ab5
fix: Empty content dispositions could create problems 2024-09-25 09:06:43 +02:00
Timo Kösters
fea85b0894
fix: Migration typo for media 2024-09-24 23:07:19 +02:00
Timo Kösters
a7405cddc0
fix: Matrix media repo 2024-09-24 19:43:26 +02:00
Timo Kösters
3df21e8257
fix: old media used spaces in content disposition without quotes 2024-09-24 16:46:32 +02:00
Timo Kösters
e4d6202840 Merge branch 'config-env-var-split' into 'next'
feat(config): split on __, allowing for setting individual values in a table

See merge request famedly/conduit!706
2024-09-21 14:51:39 +00:00
Timo Kösters
c4810a3a08 Merge branch 'well-know-fix' into 'next'
Fix parsing of CONFIG_WELL_KNOW_* env variables

See merge request famedly/conduit!718
2024-09-21 14:50:25 +00:00
Timo Kösters
73d0536cd3 Merge branch 'braid/msc3916-verson-response' into 'next'
fix: add missing msc3916 unstable feature in version response

Closes #473

See merge request famedly/conduit!720
2024-09-21 14:49:16 +00:00
The one with the braid
a6797ca0a2 fix: add missing msc3916 unstable feature in version response
Fixes: #473

Signed-off-by: The one with the braid <info@braid.business>
2024-09-21 10:54:01 +02:00
Leonardo José
cdd03dfec0 Fix parsing of CONFIG_WELL_KNOW_* env variables into the internal configuration object 2024-09-12 03:33:49 +00:00
Matthias Ahouansou
2bab8869d0 Merge branch 'authenticated-media' into 'next'
feat: authenticated media

See merge request famedly/conduit!716
2024-08-28 10:59:41 +00:00
Matthias Ahouansou
cbd3b07ca7
feat(media): use authenticated endpoints when fetching remote media 2024-08-28 11:25:28 +01:00
Matthias Ahouansou
27d6d94355
feat: add support for authenticated media requests 2024-08-28 11:25:28 +01:00
Matthias Ahouansou
a3716a7d5a
chore: upgrade request client matrix version
this is needed so that new endpoints use stable paths
2024-08-28 11:25:28 +01:00
Matthias Ahouansou
a9c3867287 Merge branch 'content-disposition-type' into 'next'
chore: Use Content-Disposition type for HTTP header

Closes #463

See merge request famedly/conduit!713
2024-08-22 18:36:25 +00:00
avdb13
423b0928d5
use ruma content disposition type in place of string
Co-Authored-By: Matthias Ahouansou <matthias@ahouansou.cz>
2024-08-22 19:03:32 +01:00
Matthias Ahouansou
44dd21f432 Merge branch 'TheDidek1-next-patch-00204' into 'next'
Update docs to point at new Synapse location

See merge request famedly/conduit!715
2024-07-19 08:58:05 +00:00
Dawid Rejowski
75a0f68349 Update docs to point at new Synapse location 2024-07-18 19:58:27 +00:00
Matthias Ahouansou
8abab8c8a0 Merge branch 'Crftbt-next-patch-43247' into 'next'
Update docker.md specifying port so that others don't also run into trying to...

See merge request famedly/conduit!712
2024-07-10 08:36:34 +00:00
Craft
324e1beabf Update docker.md specifying port so that others don't also run into trying to figure this out when following this md. 2024-07-09 21:49:55 +00:00
Matthias Ahouansou
00c9ef7b56 Merge branch 'send-invalid-pdu-correction' into 'next'
fix: don't fail the entire request if any PDU's format is invalid

See merge request famedly/conduit!709
2024-07-07 21:13:38 +00:00
Matthias Ahouansou
6455e918be
fix: don't always assume ruma can generate reference hashes 2024-07-07 21:40:56 +01:00
Matthias Ahouansou
ea3e7045b4
fix: don't fail the entire transaction if any PDU's format is invalid 2024-07-07 21:40:37 +01:00
Matthias Ahouansou
b8a1b4fee5 Merge branch 'remove-tls-override-when-no-srv-response' into 'next'
fix: remove TLS name override when no SRV record is present (but properly)

See merge request famedly/conduit!708
2024-07-06 16:49:38 +00:00
Matthias Ahouansou
d95345377b
fix: remove TLS name override when no SRV record is present (but properly)
The previous attempt only did so when no IP could be resolved, which isn't enough
2024-07-06 17:31:31 +01:00
Matthias Ahouansou
75322af8c7 Merge branch 'remove-tls-override-when-no-srv-response' into 'next'
fix: remove TLS name override when no SRV record is present

See merge request famedly/conduit!707
2024-07-06 16:24:32 +00:00
Matthias Ahouansou
11187b3fad
fix: remove TLS name override when no SRV record is present
this could have been an issue in cases where there was previously a SRV record, but later got removed
2024-07-06 17:06:11 +01:00
Matthias Ahouansou
35ed731a46
feat(config): split on __, allowing for setting individual values in a table 2024-07-02 15:39:45 +01:00
Matthias Ahouansou
1f313c6807 Merge branch 'finite-servername-cache' into 'next'
fix: don't cache server name lookups indefinitely

See merge request famedly/conduit!702
2024-07-01 09:52:18 +00:00
Matthias Ahouansou
e70d27af98 Merge branch 'timestamped-messaging' into 'next'
feat(appservice): support timestamped messaging

See merge request famedly/conduit!703
2024-07-01 09:36:14 +00:00
Matthias Ahouansou
ba8429cafe
fix: don't cache server name lookups indefinitely 2024-07-01 10:17:01 +01:00
Matthias Ahouansou
7a4d0f6fe8 Merge branch 'acl-dont-have-empty-exception' into 'next'
fix: don't ignore ACLs when there is no content

See merge request famedly/conduit!705
2024-06-26 21:41:42 +00:00
Matthias Ahouansou
2f45a907f9
fix: don't ignore ACLs when there is no content
despite this being very bad behavior, it is required by the spec
2024-06-26 22:06:46 +01:00
Matthias Ahouansou
de0deda179 Merge branch 'bump-ruma' into 'next'
chore: bump ruma

Closes #447

See merge request famedly/conduit!704
2024-06-25 09:43:15 +00:00
Matthias Ahouansou
62f1da053f
feat(appservice): support timestamped messaging 2024-06-25 10:25:58 +01:00
Matthias Ahouansou
602c56cae9
chore: bump ruma 2024-06-25 10:10:53 +01:00
Matthias Ahouansou
4b9520b5ad Merge branch 'bump-rust' into 'next'
chore: bump rust to 1.79.0 and apply new lints

See merge request famedly/conduit!700
2024-06-21 07:54:00 +00:00
Matthias Ahouansou
9014e43ce1
chore: bump rust to 1.79.0 and apply new lints 2024-06-21 08:29:33 +01:00
Matthias Ahouansou
ffc57f8997 Merge branch 'nightly-rustfmt' into 'next'
ci: use nightly rustfmt

See merge request famedly/conduit!699
2024-06-16 16:44:51 +00:00
Matthias Ahouansou
fd19dda5cb
ci: use nightly rustfmt
we were using this before, but it broke when refactoring the flake out into separate files
2024-06-16 17:28:05 +01:00
Matthias Ahouansou
dc0fa09a57 Merge branch 'bump' into 'next'
chore: bump version to 0.9.0-alpha

See merge request famedly/conduit!698
2024-06-14 12:02:56 +00:00
Matthias Ahouansou
ba1138aaa3
chore: bump version to 0.9.0-alpha 2024-06-14 12:33:40 +01:00
Matthias Ahouansou
6398136163 Merge branch 'debian-aarch64' into 'next'
ci: build for Debian aarch64

See merge request famedly/conduit!692
2024-06-14 11:10:59 +00:00
Matthias Ahouansou
16af8b58ae
ci: build for Debian aarch64 2024-06-13 09:32:09 +01:00
Timo Kösters
7a5b893013
Bump version 2024-06-12 19:43:18 +02:00
Matthias Ahouansou
c453d45598
fix(keys): only use keys valid at the time of PDU or transaction, and actually refresh keys
Previously, we only fetched keys once, only requesting them again if we have any missing, allowing for ancient keys to be used to sign PDUs and transactions
Now we refresh keys that either have or are about to expire, preventing attacks that make use of leaked private keys of a homeserver
We also ensure that when validating PDUs or transactions, that they are valid at the origin_server_ts or time of us receiving the transaction respectfully
As to not break event authorization for old rooms, we need to keep old keys around
We move verify_keys which we no longer see in direct requests to the origin to old_verify_keys
We keep old_verify_keys indefinitely as mentioned above, as to not break event authorization (at least until a future MSC addresses this)
2024-06-12 19:41:43 +02:00
Matthias Ahouansou
144d548ef7
fix: permission checks for aliases 2024-06-12 19:41:31 +02:00
Benjamin Lee
7b259272ce
fix: do not return redacted events from search 2024-06-12 19:41:02 +02:00
Matthias Ahouansou
48c1f3bdba
fix: userid checks for incoming EDUs 2024-06-12 19:39:27 +02:00
Timo Kösters
dd19877528 Merge branch 'bump-ruma' into 'next'
chore: bump all dependencies

See merge request famedly/conduit!627
2024-06-11 20:59:58 +00:00
Matthias Ahouansou
ba2a5a6115
chore: bump all dependencies 2024-06-11 20:35:56 +01:00
Matthias Ahouansou
a36ccff06a Merge branch 'security-readme' into 'next'
docs: add security disclosure instructions

See merge request famedly/conduit!691
2024-06-06 21:21:07 +00:00
Matthias Ahouansou
39b4932725
docs: add security disclosure instructions 2024-06-06 21:48:45 +01:00
Matthias Ahouansou
c45e52f45a Merge branch 'media-csp' into 'next'
fix(media): use csp instead of modifying content-type

See merge request famedly/conduit!689
2024-06-04 05:31:35 +00:00
Matthias Ahouansou
1dbb3433e0
fix(media): use csp instead of modifying content-type 2024-06-03 21:40:25 +01:00
Matthias Ahouansou
efecb78888 Merge branch 'local-event-non-restricted-room-vers' into 'next'
fix(membership): fallback to locally signed event if the join wasn't a restricted one on send_join response

See merge request famedly/conduit!680
2024-06-03 13:28:41 +00:00
Matthias Ahouansou
f25a0b49eb Merge branch 'recurse-relationships' into 'next'
feat: recurse relationships

See merge request famedly/conduit!613
2024-06-03 13:19:16 +00:00
Matthias Ahouansou
b46000fadc
feat: recurse relationships 2024-06-03 13:42:52 +01:00
Matthias Ahouansou
7b19618136 Merge branch 'server-user-globals' into 'next'
refactor: add server_user to globals

See merge request famedly/conduit!686
2024-05-31 21:27:26 +00:00
Matthias Ahouansou
19154a9f70
refactor: add server_user to globals 2024-05-31 21:56:11 +01:00
Matthias Ahouansou
ec8dfc283c
fix(membership): fallback to locally signed event if the join wasn't a restricted one on send_join response 2024-05-31 16:37:06 +01:00
Matthias Ahouansou
be1b8b68a7 Merge branch 'remove-alias-command' into 'next'
feat(admin): remove alias command

See merge request famedly/conduit!685
2024-05-29 17:05:45 +00:00
Matthias Ahouansou
6c2eb4c786
feat(admin): remove alias command 2024-05-29 17:49:51 +01:00
Matthias Ahouansou
3df791e030 Merge branch 'ruma-server-util' into 'next'
refactor: let ruma-server-util handle X-Matrix parsing

See merge request famedly/conduit!684
2024-05-29 13:16:08 +00:00
Matthias Ahouansou
9374b74e77
refactor: let ruma-server-util handle X-Matrix parsing 2024-05-29 12:27:37 +01:00
Matthias Ahouansou
c732c7c97f Merge branch 'toggle_allow_register' into 'next'
add command to set the allow registration status

See merge request famedly/conduit!477
2024-05-29 09:08:59 +00:00
Matthias Ahouansou
33c9da75ec Merge branch 'clarify-3pids-are-unsupported' into 'next'
fix: clarify that 3pids are currently unsupported

See merge request famedly/conduit!683
2024-05-29 08:52:59 +00:00
Matthias Ahouansou
59d7674b2a
fix: clarify that 3pids are currently unsupported 2024-05-29 09:36:35 +01:00
tony
6bcc2f80b8
add command to set the allow registration status
Co-Authored-By: Matthias Ahouansou <matthias@ahouansou.cz>
2024-05-29 09:25:08 +01:00
Matthias Ahouansou
817f382c5f Merge branch 'openid-api' into 'next'
feat: support OpenID endpoints

Closes #453

See merge request famedly/conduit!681
2024-05-28 15:11:03 +00:00
mikoto
a888c7cb16
OpenID routes
Co-Authored-By: Matthias Ahouansou <matthias@ahouansou.cz>
2024-05-28 15:39:19 +01:00
Timo Kösters
47aadcea1d Merge branch 'membership-reason-fixes' into 'next'
fix(membership): always set reason & allow new events if reason changed

Closes #452

See merge request famedly/conduit!669
2024-05-26 07:22:29 +00:00
Matthias Ahouansou
9b8ec21e6e Merge branch 'admin-faq' into 'next'
docs(faq): add instructions on how to make a user admin

See merge request famedly/conduit!677
2024-05-14 20:37:21 +00:00
Matthias Ahouansou
e51f60e437
docs(faq): add instructions on how to make a user admin 2024-05-14 21:20:16 +01:00
Matthias Ahouansou
11990e7524 Merge branch 'admin-hash-sign' into 'next'
feat(admin): add hash-and-sign-event command

See merge request famedly/conduit!670
2024-05-09 16:19:40 +00:00
Matthias Ahouansou
3ad7675bbf Merge branch 'format-toml' into 'next'
style: format all toml with taplo

See merge request famedly/conduit!673
2024-05-06 20:16:13 +00:00
Matthias Ahouansou
e2d91e26d6
style: format all toml with taplo 2024-05-06 20:57:56 +01:00
Matthias Ahouansou
20d9f3fd5d Merge branch 'media' into 'next'
fix: make media response match spec

See merge request famedly/conduit!672
2024-05-06 18:37:13 +00:00
Timo Kösters
965b6df83d
fix: make media response match spec 2024-05-06 20:05:51 +02:00
Matthias Ahouansou
8876d54d78
feat(admin): add hash-and-sign-event command 2024-05-05 17:35:02 +01:00
Matthias Ahouansou
d8badaf64b
fix(membership): always set reason & allow new events if reason changed 2024-05-05 15:28:18 +01:00
Matthias Ahouansou
08485ea5e4 Merge branch 'bump-rust-nix' into 'next'
chore: bump rust & nix

See merge request famedly/conduit!668
2024-05-05 12:48:36 +00:00
Matthias Ahouansou
eec9b9ed87
chore: bump nix 2024-05-05 13:28:00 +01:00
Matthias Ahouansou
256dae983b
chore: bump rust
and fix new lints that come with it
2024-05-05 13:27:56 +01:00
Matthias Ahouansou
79c4bb17ca Merge branch 'build-and-cache-everything' into 'next'
Draft: build and cache all packages and CI dependencies

See merge request famedly/conduit!667
2024-05-05 11:00:12 +00:00
Matthias Ahouansou
57a24f234d
Revert "ci: temporarily disable CONDUIT_VERSION_EXTRA"
This reverts commit 2a2b9554c8.
2024-05-05 11:43:06 +01:00
Charles Hall
a4c973e57e
build and cache all packages and CI dependencies
This fixes the problem where some artifacts were not being cached when
they should have been. The secret sauce is the  `nix-store` command.
2024-05-05 10:35:31 +01:00
Matthias Ahouansou
f9953c31fc
Revert "ci: use sh instead of bash"
This reverts commit 70b07dfabf.
2024-05-05 09:43:32 +01:00
Matthias Ahouansou
6b669d2f4d Merge branch 'only-cache-attic-when-nix' into 'next'
ci: only cache attic when nix is available

See merge request famedly/conduit!666
2024-05-05 08:19:15 +00:00
Matthias Ahouansou
90c9794221 Merge branch 'sh-not-bash' into 'next'
ci: use sh instead of bash

See merge request famedly/conduit!665
2024-05-05 08:12:20 +00:00
Matthias Ahouansou
358164f49d
ci: only cache attic when nix is available 2024-05-05 09:01:40 +01:00
Matthias Ahouansou
70b07dfabf
ci: use sh instead of bash 2024-05-05 08:53:53 +01:00
Matthias Ahouansou
d97f5aa3b8 Merge branch 'ci/fastzip' into 'next'
ci: faster cache and artifact handling

See merge request famedly/conduit!664
2024-05-05 05:54:18 +00:00
Matthias Ahouansou
bed9072a69 Merge branch 'always-cache-attic' into 'next'
ci: prevent unnecessary rebuilds

See merge request famedly/conduit!662
2024-05-05 05:54:16 +00:00
Matthias Ahouansou
2a2b9554c8
ci: temporarily disable CONDUIT_VERSION_EXTRA 2024-05-04 21:50:37 +01:00
Matthias Ahouansou
3d9d975a9f
ci: avoid rebuilding bindgen and friends 2024-05-04 15:17:02 +01:00
Charles Hall
96cc1f6abd
only set CONDUIT_VERSION_EXTRA for final build
This prevents us from needing to recompile the dependencies when that
environment variable changes, which generally changes on every commit,
which is far more frequently than the dependencies are actually changed.
2024-05-04 13:09:16 +01:00
Charles Hall
55259329a3
make it easy to configure cargo profiles from nix
This way you can easily build in debug mode with Nix.
2024-05-04 13:09:15 +01:00
Charles Hall
d796fe7cd3
make it easy to configure cargo features from nix
Users of the nix package can now just use `.override` to choose what
features they want.

This also makes RocksDB automatically use jemalloc when Conduit is
configured to use jemalloc.
2024-05-04 13:09:14 +01:00
Charles Hall
3336d3f812
factor out nix code into new files via makeScope
This makes the Nix code a lot easier to reason about.
2024-05-04 12:48:49 +01:00
Charles Hall
c9ee4a920e
always go through inputs
This way we don't have to modify the destructuring of outputs' argument when adding or removing inputs.
2024-05-04 10:03:49 +01:00
Samuel Meenzen
5570f5f3da
ci: faster cache and artifact handling 2024-05-02 15:08:40 +02:00
Matthias Ahouansou
38200163d6 Merge branch 'error-create-remote-user' into 'next'
fix(admin): don't allow creation of remote users

See merge request famedly/conduit!663
2024-05-02 10:39:46 +00:00
Matthias Ahouansou
9db1f5a13c
fix(admin): don't allow creation of remote users 2024-05-02 10:45:04 +01:00
Matthias Ahouansou
0074aca0ef Merge branch '244-support-well-known' into 'next'
feat: add .well-known support

Closes #244 and #378

See merge request famedly/conduit!332
2024-05-02 09:35:14 +00:00
Matthias Ahouansou
3ecf835b50
ci: cache attic on artifacts job 2024-05-02 09:53:53 +01:00
Matthias Ahouansou
6e913bfec4
docs: delegation 2024-05-02 09:41:27 +01:00
Jakub Kubík
c1f695653b
feat: support hosting .well-known from Conduit
Co-authored-by: Matthias Ahouansou <matthias@ahouansou.cz>
2024-05-02 09:26:43 +01:00
Matthias Ahouansou
e6b6cc77d1 Merge branch 'verify-x-matrix-destination' into 'next'
feat(auth): check if X-Matrix destination is correct if present

Closes #271

See merge request famedly/conduit!661
2024-05-02 07:15:20 +00:00
Matthias Ahouansou
b69a74961b Merge branch 'x-matrix-destination-header' into 'next'
feat(federation): add destination field to X-Matrix header

See merge request famedly/conduit!660
2024-05-02 06:59:52 +00:00
Matthias Ahouansou
622aa574b6 Merge branch 'namespace-fixes' into 'next'
fix(appservices): don't forward events relating to remote users, and forward events relating to remote aliases

See merge request famedly/conduit!653
2024-05-02 06:28:01 +00:00
Matthias Ahouansou
63ba157ef6
feat(auth): check if X-Matrix destination is correct if present 2024-05-02 07:14:44 +01:00
Matthias Ahouansou
dfe2916357
feat(federation): add destination field to X-Matrix header 2024-05-02 07:01:04 +01:00
Matthias Ahouansou
b4a60c3f9a Merge branch 'ci' into 'next'
ci: use attic.conduit.rs

See merge request famedly/conduit!658
2024-05-02 05:56:19 +00:00
Matthias Ahouansou
0b217232ac
ci: push attic to binary cache, update nix script 2024-05-01 21:55:28 +01:00
Timo Kösters
3b7c001350
ci: use attic.conduit.rs 2024-05-01 11:26:12 +02:00
Matthias Ahouansou
10412d4be9 Merge branch 'master' into 'next'
Pull v0.7.0 tag into next

See merge request famedly/conduit!657
2024-04-28 12:28:25 +00:00
Matthias Ahouansou
3c8879771c Merge branch 'docker-update-request-size' into 'next'
docs(docker): don't use underscores for max request size

Closes #289

See merge request famedly/conduit!656
2024-04-28 11:47:04 +00:00
Matthias Ahouansou
4fac7ca169 Merge branch 'backup-faq-docs' into 'next'
docs(faq): add backup instructions

See merge request famedly/conduit!655
2024-04-28 11:08:22 +00:00
Matthias Ahouansou
a23bfdb3f0
docs(docker): don't use underscores for max request size 2024-04-28 11:48:42 +01:00
Matthias Ahouansou
60fe238893
docs(faq): add backup instructions 2024-04-28 11:16:21 +01:00
Matthias Ahouansou
cd4e4fe7ac Merge branch 'Daniel15au-next-patch-38459' into 'next'
[docs] Remove references to legacy Docker Compose v1

See merge request famedly/conduit!642
2024-04-27 21:30:39 +00:00
Matthias Ahouansou
0a7ac058a0 Merge branch 'docs-migrate-faq-fix' into 'next'
docs(faq): correct answer about migration

See merge request famedly/conduit!654
2024-04-27 20:56:42 +00:00
Daniel Lo Nigro
c90e4816b7
[docs] Update docker-compose commands 2024-04-27 21:32:06 +01:00
Matthias Ahouansou
2b5295aa29
docs(faq): correct answer about migration 2024-04-27 20:55:19 +01:00
Matthias Ahouansou
df0ad2d07c
fix(appservices): don't forward events relating to remote users, and forward events relating to remote aliases 2024-04-27 20:41:28 +01:00
Matthias Ahouansou
bd5d9a7560 Merge branch 'stun-spelling' into 'next'
docs: fix STUN typo

See merge request famedly/conduit!652
2024-04-27 11:36:26 +00:00
Matthias Ahouansou
14ede9898d Merge branch 'faq' into 'next'
docs: add FAQ

See merge request famedly/conduit!651
2024-04-27 11:31:57 +00:00
Matthias Ahouansou
0220e9e9d1 Merge branch 'update-deps' into 'next'
Update trivial dependencies

See merge request famedly/conduit!650
2024-04-27 10:49:33 +00:00
Matthias Ahouansou
f62db723f7
docs: fix STUN typo 2024-04-27 11:32:20 +01:00
Matthias Ahouansou
a499c80d1b
docs: add FAQ 2024-04-27 11:27:56 +01:00
Matthias Ahouansou
5760d98192
chore: upgrade rocksdb in flake 2024-04-27 10:52:24 +01:00
Matthias Ahouansou
2d3f64c1e5
chore: upgrade lockfile 2024-04-27 10:45:53 +01:00
Ossi Herrala
aff97e4032
Update image crate 2024-04-27 11:15:04 +03:00
Ossi Herrala
a56139549f
Trust-DNS has been renamed to Hickory-DNS 2024-04-27 11:14:59 +03:00
Ossi Herrala
3b6928ebcf
Update dependencies that don't need code changes 2024-04-27 11:13:30 +03:00
Ossi Herrala
61cd2892b8
Remove unused dependencies 2024-04-27 11:13:30 +03:00
Timo Kösters
acef61a3cc Merge branch 'bump' into 'next'
Bump version to v0.8.0-alpha

See merge request famedly/conduit!647
2024-04-25 20:00:26 +00:00
Timo Kösters
c6a7563126 Merge branch 'docs' into 'next'
Update download links in documentation

See merge request famedly/conduit!648
2024-04-25 08:02:34 +00:00
Timo Kösters
779cebcd77
Update download links in documentation 2024-04-25 10:01:55 +02:00
Timo Kösters
3b3466fd51
Bump version to v0.8.0-alpha 2024-04-25 09:19:44 +02:00
Timo Kösters
a854ce5cf6 Merge branch 'next' into 'master'
Merge branch 'next' into 'master'

See merge request famedly/conduit!646
2024-04-24 23:23:33 +00:00
Timo Kösters
414056442a Merge branch 'bump' into 'next'
Bump version to v0.7.0

See merge request famedly/conduit!645
2024-04-24 22:22:56 +00:00
Timo Kösters
7c83372336 Merge branch 'exclusive-namespace-error' into 'next'
feat(appservice): ensure users/aliases outside of namespaces are not accessed

See merge request famedly/conduit!634
2024-04-24 21:39:20 +00:00
Timo Kösters
a854a46c24
Bump version to v0.7.0 2024-04-24 23:24:20 +02:00
Timo Kösters
429f80548f Merge branch 'sync-up-debian-generated-config' into 'next'
Sync up the generated Conduit config for Debian

See merge request famedly/conduit!644
2024-04-24 21:01:58 +00:00
Timo Kösters
a140bf8a6f Merge branch 'authorized-user-search' into 'next'
fix(membership): perform stricter checks when choosing an authorized user

See merge request famedly/conduit!620
2024-04-24 21:00:52 +00:00
Matthias Ahouansou
74db555336
fix(membership): perform stricter checks when choosing an authorized user 2024-04-24 20:54:07 +01:00
Timo Kösters
08636ef236 Merge branch 'can-invite-state-lock' into 'next'
fix(state-accessor): hold the state_lock when checking if a user can invite

See merge request famedly/conduit!643
2024-04-24 19:29:01 +00:00
Matthias Ahouansou
3086271139
feat(appservice): ensure users/aliases outside of namespaces are not accessed 2024-04-24 19:51:28 +01:00
Matthias Ahouansou
e40aed3a7d
fix(state-accessor): hold the state_lock when checking if a user can invite 2024-04-24 19:17:00 +01:00
Paul van Tilburg
0c0c9549b9
Sync up the generated Conduit config for Debian
This applies changes made in the exampl config by commits dc89fbe and
844508b.
2024-04-24 20:12:38 +02:00
Timo Kösters
53d3f9ae89 Merge branch 'registration-token-in-config' into 'next'
add registration_token in default cfg and DEPLOY

See merge request famedly/conduit!557
2024-04-24 18:09:47 +00:00
Timo Kösters
7ace9b0dff Merge branch 'check-if-membership-is-case-endpoints' into 'next'
feat(membership): check if user already has the membership that is requested to be set

See merge request famedly/conduit!622
2024-04-24 18:02:08 +00:00
Timo Kösters
624654a88b Merge branch 'fix-unrejectable-invites' into 'next'
Fix unrejectable invites

Closes #418

See merge request famedly/conduit!623
2024-04-24 18:01:48 +00:00
Timo Kösters
461236f3fb Merge branch 'room-v11' into 'next'
Add support for room v11

Closes #408

See merge request famedly/conduit!562
2024-04-24 10:48:12 +00:00
Matthias Ahouansou
1c4ae8d268
fix(redaction): use content.redacts when checking v11 events 2024-04-24 10:52:33 +01:00
Valentin Lorentz
89c1c2109c Link to the specification from user_can_redact's documentation 2024-04-24 08:29:47 +02:00
Matthias Ahouansou
1bae8b35a9 Merge branch 'document-all-configuration' into 'next'
Document all configuration

Closes #435

See merge request famedly/conduit!635
2024-04-23 22:08:03 +00:00
Matthias Ahouansou
00d6aeddb6
refactor(redactions): move checks inside conduit
ruma was already accidentally performing these checks for us, but this shouldn't be the case
2024-04-23 23:05:27 +01:00
Matthias Ahouansou
18f93ae8f3 Merge branch 'no-identity-assertion-optional-auth' into 'next'
fix(appservices): don't perform identity assertion when auth is optional

Closes #430

See merge request famedly/conduit!641
2024-04-23 21:05:01 +00:00
Matthias Ahouansou
6c9c1b5afe
fix(appservices): don't perform identity assertion when auth is optional 2024-04-22 10:33:12 +01:00
Charles Hall
27753b1d96 Merge branch 'updates' into 'next'
Update crane and rocskdb

See merge request famedly/conduit!640
2024-04-21 20:30:48 +00:00
Charles Hall
61cb186b5b
update rocksdb 2024-04-21 12:39:27 -07:00
Charles Hall
8c6ffb6bfc
unpin crane because the bug was fixed
Flake lock file updates:

• Updated input 'crane':
    'github:ipetkov/crane/2c653e4478476a52c6aa3ac0495e4dea7449ea0e?narHash=sha256-XoXRS%2B5whotelr1rHiZle5t5hDg9kpguS5yk8c8qzOc%3D' (2024-02-11)
  → 'github:ipetkov/crane/55f4939ac59ff8f89c6a4029730a2d49ea09105f?narHash=sha256-Vz1KRVTzU3ClBfyhOj8gOehZk21q58T1YsXC30V23PU%3D' (2024-04-21)
2024-04-21 12:31:57 -07:00
Awiteb
2656f6f435
feat(docs): Document all configuration options
Fixes: https://gitlab.com/famedly/conduit/-/issues/435
Suggested-by: Matthias Ahouansou <matthias@ahouansou.cz>
Helped-by: Matthias Ahouansou <matthias@ahouansou.cz>
Signed-off-by: Awiteb <a@4rs.nl>
2024-04-20 23:40:04 +03:00
Awiteb
b48e1300f2
chore(docs): Rename configuration section to Configuration 2024-04-20 23:37:00 +03:00
Timo Kösters
1474b94db6 Merge branch 'disable-federation-router' into 'next'
refactor: disable federation at the router level

See merge request famedly/conduit!629
2024-04-20 20:28:52 +00:00
Charles Hall
e19e6a4bff Merge branch 'default-room-version-10' into 'next'
chore(config): bump default room version to v10

See merge request famedly/conduit!628
2024-04-20 18:47:56 +00:00
Timo Kösters
95f5c61843 Merge branch 'remove-default-database-config' into 'next'
chore: remove default database backend

See merge request famedly/conduit!636
2024-04-18 20:55:03 +00:00
Matthias Ahouansou
4b288fd22f
chore: remove default database backend
has been sqlite for far too long, and having a default for this is just asking for trouble
2024-04-18 20:49:50 +01:00
Valentin Lorentz
2d8c551cd5 Fix doc 2024-04-17 19:41:38 +02:00
Valentin Lorentz
eb6801290b Document copy_redacts 2024-04-17 19:37:32 +02:00
Matthias Ahouansou
7a7c09785e feat(pdu): copy top level redact to content and vice versa 2024-04-17 19:34:36 +02:00
Timo Kösters
d22bf5182b Merge branch 'token-auth-fixes' into 'next'
Token auth fixes

Closes #430

See merge request famedly/conduit!633
2024-04-15 19:46:48 +00:00
Matthias Ahouansou
54e0e2a14c
fix(appservices): don't use identity assertion on account management endpoints 2024-04-15 19:16:18 +01:00
Matthias Ahouansou
475a68cbb9
refactor: disable federation at the router level 2024-04-13 10:39:32 +01:00
Matthias Ahouansou
92817213d5 Add missing import 2024-04-12 05:15:37 +00:00
Matthias Ahouansou
ab8592526f Replace panic!() with unreachable!() 2024-04-12 05:14:39 +00:00
Matthias Ahouansou
561a103140
chore(config): bump default room version to v10 2024-04-11 22:55:18 +01:00
Val Lorentz
b5e21f761b Merge branch 'next' into 'room-v11'
# Conflicts:
#   src/service/rooms/timeline/mod.rs
#   src/utils/error.rs
2024-04-11 17:34:42 +00:00
Matthias Ahouansou
9e6ce8326f Remove TODO 2024-04-11 17:21:00 +00:00
Matthias Ahouansou
e88d137bd7 Replace panic!() with unreachable!() 2024-04-11 17:19:42 +00:00
Charles Hall
7f63948db9 Merge branch 'version-extra' into 'next'
allow including extra info in `--version` output

See merge request famedly/conduit!601
2024-04-11 14:37:37 +00:00
Timo Kösters
f16bff2466 Merge branch 'user_can_membership' into 'next'
refactor(state_accessor): add method to check if a user can invite another user

See merge request famedly/conduit!621
2024-04-06 14:27:20 +00:00
Timo Kösters
e8796d6bf9 Merge branch 'admin-check-remote-users' into 'next'
fix: do not allow administration of remote users

Closes #377

See merge request famedly/conduit!614
2024-04-06 13:21:29 +00:00
Matthias Ahouansou
fe78cc8262
refactor(state_accessor): add method to check if a user can invite another user 2024-04-06 14:20:18 +01:00
Timo Kösters
03f9c888f0 Merge branch 'remove-join_authorized_via_users_servers' into 'next'
fix(membership): remove join_authorized_via_users_server field on state update

See merge request famedly/conduit!619
2024-04-06 13:20:01 +00:00
Matthias Ahouansou
2c73c3adbb
fix(sync): send phoney leave event where room state is unknown on invite rejection 2024-04-06 14:12:18 +01:00
Matthias Ahouansou
9497713a79
fix(membership): check if server is in room to decide whether to do remote leaves 2024-04-06 14:10:11 +01:00
Matthias Ahouansou
110b7e10e6
fix: do not allow administration of remote users 2024-04-05 10:56:28 +01:00
Timo Kösters
6c3ce71304 Merge branch 'dont-expect-reqwest-http-request' into 'next'
fix: do not expect that all http requests are valid reqwest requests

Closes #396

See merge request famedly/conduit!611
2024-04-05 09:53:14 +00:00
Matthias Ahouansou
fb4217486f
feat(membership): check if user already has the membership that is requested to be set 2024-04-05 10:21:44 +01:00
Charles Hall
dc23206e27 Merge branch 'nix-0.28' into 'next'
chore: upgrade nix to 0.28

See merge request famedly/conduit!615
2024-04-04 04:34:46 +00:00
Matthias Ahouansou
0f6b771cdd
fix(membership): remove join_authorized_via_users_server field on state update 2024-04-03 22:46:47 +01:00
Timo Kösters
24e9c99d47 Merge branch 'no-auth-ignore-token' into 'next'
fix: ignore access tokens where they are not needed

See merge request famedly/conduit!617
2024-04-02 18:18:59 +00:00
Matthias Ahouansou
0d62c9de7c
fix: ignore access tokens where they are not needed 2024-04-02 17:19:59 +01:00
Timo Kösters
33fb32be9a Merge branch 'srv-matrix-fed-record' into 'next'
feat: use _matrix-fed._tcp SRV record, fallback to _matrix._tcp

See merge request famedly/conduit!616
2024-04-01 21:30:58 +00:00
Matthias Ahouansou
e38af9b7fc
feat: use _matrix-fed._tcp SRV record, fallback to _matrix._tcp 2024-04-01 20:55:13 +01:00
Matthias Ahouansou
1c529529aa
chore: upgrade nix to 0.28
needed for musl targets on s390x
2024-04-01 13:36:38 +01:00
Timo Kösters
cf1e7bc1ed Merge branch 'unregister-fail-id-not-found' into 'next'
fix: return error when trying to unregister unknown appservice id

See merge request famedly/conduit!610
2024-03-31 21:26:31 +00:00
Matthias Ahouansou
3ce3d13378
fix: do not expect that all http requests are valid reqwest requests 2024-03-31 22:20:36 +01:00
Matthias Ahouansou
11612e347d
fix: return error when trying to unregister unknown appservice id 2024-03-31 21:24:15 +01:00
Timo Kösters
7aa70e2030 Merge branch 'error-appservice-token-auth' into 'next'
fix: reject requests with authentication when not used

Closes #430

See merge request famedly/conduit!608
2024-03-31 09:43:17 +00:00
Timo Kösters
71546a9fb7 Merge branch 'registration_appservice_token_check' into 'next'
fix: reject /register requests when there is no token and the type is appservice

Closes #430

See merge request famedly/conduit!609
2024-03-31 09:42:21 +00:00
Matthias Ahouansou
5c634ceb6b
fix: reject requests with authentication when not used 2024-03-30 16:50:21 +00:00
Matthias Ahouansou
8d70f69e62
fix: reject /register requests when there is no token and the type is appservice 2024-03-30 12:40:58 +00:00
Timo Kösters
9176474513 Merge branch 'ruma-registration-type' into 'next'
fix: don't panic if registration url is empty

See merge request famedly/conduit!583
2024-03-23 15:33:01 +00:00
Matthias Ahouansou
b20483aa13
refactor(appservices): avoid cloning frequently 2024-03-22 20:53:27 +00:00
Matthias Ahouansou
5c650bb67e
refactor: use BTreeMap for cached registration info 2024-03-22 17:52:47 +00:00
Timo Kösters
b11855e7a1 Merge branch 'performance' into 'next'
improvement: do not save typing edus in db

See merge request famedly/conduit!597
2024-03-22 08:32:40 +00:00
Timo Kösters
1fb5bcf98f
improvement: registration token now only works when registration is enabled 2024-03-22 09:26:11 +01:00
lafleur
34e0e710cb
add registration_token in default cfg and README 2024-03-22 09:17:42 +01:00
Timo Kösters
0bb28f60cf
refactor: minor appservice code cleanup 2024-03-22 08:59:36 +01:00
Timo Kösters
d2817679e5
refactor: remove previous typing implementation and add sync wakeup for new one 2024-03-22 08:24:17 +01:00
Timo Kösters
6bd7ff4917
improvement: do not save typing edus in db 2024-03-22 07:48:44 +01:00
Timo Kösters
bdae9ceccf Merge branch 'rocksdb' into 'next'
improvement: use simpler rocksdb config

See merge request famedly/conduit!602
2024-03-22 06:47:51 +00:00
Charles Hall
3ffdaaddcd Merge branch 'docs' into 'next'
reduce scope of the documentation

See merge request famedly/conduit!607
2024-03-21 23:08:36 +00:00
Charles Hall
5a4ee9808a
make chapter name reflect file name
Personally I think this makes more sense anyway.
2024-03-21 15:52:54 -07:00
Charles Hall
3dd21456ef
reduce scope of nixos documentation
There are so many ways to do this we realistically shouldn't bother
describing any of them, especially because people should be learning all
the options and choosing the one that suits them best anyway.
2024-03-21 15:52:54 -07:00
Charles Hall
f6bfba7014
normalize headers to "Conduit for X" 2024-03-21 15:52:54 -07:00
Charles Hall
f56abba216
rename "simple" deployment to "generic"
The main thing this section is really useful for is explaining how to
configure various reverse proxies, which applies to basically anything.

Also, remove all the language about this being "recommended", because
nothing in this documentation is actually tested in CI.
2024-03-21 15:52:54 -07:00
Charles Hall
2022efd279
remove section about cross compilation
It is very stale. Please just use Nix. Trying to do it outside of Nix
will be an exercise in frustration, I guarantee it.
2024-03-21 15:40:19 -07:00
Charles Hall
0a790686c5
avoid duplicating links in documentation
Because one might forget to update them. I did, initially, which is why
I'm making this change.
2024-03-21 15:40:19 -07:00
Charles Hall
68a33862b3
add mdbook to the devshell 2024-03-21 15:40:19 -07:00
Timo Kösters
879a8b969d
improvement: use simpler rocksdb config 2024-03-21 15:04:40 +01:00
Timo Kösters
81bc1fc4e3 Merge branch 'matrix-ecosystem-clients' into 'next'
docs: point people to the matrix client list instead of element

See merge request famedly/conduit!606
2024-03-18 18:14:32 +00:00
Timo Kösters
1931a45aba Merge branch 'disabled-federation-authcheck' into 'next'
refactor: check if federation is disabled inside the authcheck where possible

See merge request famedly/conduit!605
2024-03-18 18:10:21 +00:00
Matthias Ahouansou
5f0bea6961
refactor: check if federation is disabled inside the authcheck where possible 2024-03-18 09:24:37 +00:00
Matthias Ahouansou
120035685b
docs: point people to the matrix client list instead of element 2024-03-17 19:21:29 +00:00
Charles Hall
a8da61e5b7 Merge branch 'docs/mdbook-full' into 'next'
docs: build docs using mdBook and copy all markdown files

See merge request famedly/conduit!604
2024-03-17 04:06:58 +00:00
Samuel Meenzen
a3968725b4
chore: add EditorConfig 2024-03-16 20:01:16 -07:00
Charles Hall
6800e5fd18
build book in ci, deploy it to gitlab pages 2024-03-16 20:01:15 -07:00
Charles Hall
4f8d3953b3
add nix output for the book 2024-03-16 20:01:15 -07:00
Samuel Meenzen
425660472c
docs: build docs using mdBook 2024-03-16 20:01:15 -07:00
Charles Hall
ab98b52b21 Merge branch 'remove-log-modification' into 'next'
Remove log config modification

See merge request famedly/conduit!553
2024-03-12 22:06:32 +00:00
Charles Hall
ac22b1bed1
allow including extra info in --version output 2024-03-11 20:11:59 -07:00
Charles Hall
741ca63e94 Merge branch 'argparse' into 'next'
Add argument parser for the conduit executable

Closes #285

See merge request famedly/conduit!385
2024-03-11 18:03:39 +00:00
Max Cohen
9a81a49c6a
Add argument parser for the conduit executable
Allow fetching the version with `conduit --version`. Fixes #285.
2024-03-11 09:43:02 -07:00
Charles Hall
c42aeb506f Merge branch 'ci/avoid-duplicate-pipelines' into 'next'
fix(ci): avoid duplicate pipelines

See merge request famedly/conduit!600
2024-03-11 14:34:09 +00:00
Samuel Meenzen
4af691d737
fix(ci): avoid duplicate pipelines 2024-03-11 12:43:49 +01:00
Charles Hall
88fbd5b294 Merge branch 'rename-rocksdb-crate' into 'next'
rename the `rust-rocksdb` crate to just `rocksdb`

See merge request famedly/conduit!599
2024-03-11 07:03:53 +00:00
Charles Hall
d1bc7fcfd2
rename the rust-rocksdb crate to just rocksdb
This way the old `cfg`s still work and we don't need to constantly
remind ourselves what programming language we're using in `use`
statements.

Also fixes a problem where RocksDB users couldn't start Conduit because
the old `cfg`s were using the original crate's name instead of the
`backend_rocksdb` feature name for some reason. Maybe that should be
changed, but I'm not sure.
2024-03-10 23:40:11 -07:00
Charles Hall
dc89fbed3a
document log config syntax, don't give example
Because the old one was stale. Shocking!
2024-03-10 22:53:27 -07:00
Charles Hall
516876f8ef
remove final reference to sled in log config 2024-03-10 22:53:27 -07:00
Charles Hall
ed5bd23255
remove explicit references to log config
They're all stale. Sled was yote long ago.
2024-03-10 22:53:27 -07:00
Charles Hall
5f053a9357
link to example config instead of copying it
DRY FTW
2024-03-10 22:53:27 -07:00
Charles Hall
9ff9e85ebe
add newline to end of file
Please, people.
2024-03-10 22:33:54 -07:00
tezlm
daed4cdddf
Remove log config modification 2024-03-10 22:17:04 -07:00
Charles Hall
086c4daa38 Merge branch 'update-rocksdb' into 'next'
update rocksdb

See merge request famedly/conduit!577
2024-03-11 04:51:40 +00:00
Charles Hall
10f3f9da49
switch/update rocksdb crate
This fork was created because the original seems de-facto unmaintained.
2024-03-10 20:58:01 -07:00
Matthias Ahouansou
fa930182ae
fix(appservices): don't panic on empty registration url
perf(appservices): cache regex for namespaces
2024-03-10 13:27:48 +00:00
Charles Hall
a095e02d04 Merge branch 'ci/optional-artifacts' into 'next'
feat: run ci on demand to prevent unnecessary job executions

See merge request famedly/conduit!585
2024-03-07 18:33:14 +00:00
Samuel Meenzen
0d2f1348da
feat: run ci on demand to prevent unnecessary job executions 2024-03-06 12:39:16 +01:00
Charles Hall
20bb214d7e Merge branch 'ci-efficiency' into 'next'
make CI more efficient

See merge request famedly/conduit!596
2024-03-06 00:17:39 +00:00
Charles Hall
ae69da635b
allow overriding the attic endpoint
And also the public key so that pulling from the new endpoint will work.

This allows other people to host their own attic instances and configure
their (CI) environment to override the default endpoint so e.g. they can
take advantage of a binary cache without having write access to the
official one.

I didn't actually test this change but I think it should work.

Also why'd I format the script like that, ew lol
2024-03-05 15:06:52 -08:00
Charles Hall
d411e9037c
upload all devshell inputs to the cache
This will also include attic, so we don't need to explicitly do this
in `./bin/nix-build-and-cache` anymore, which is good because that
script gets called a good number of times and doing that repeatedly was
a bit of a waste.
2024-03-05 15:06:52 -08:00
Charles Hall
d5a9c6ac32
use nix-built binary to produce debian package
Currently just for `x86_64-unknown-linux-musl`. Theoretically, we can
use this same mechanism for `aarch64-unknown-linux-musl`. Practically,
I'm not sure just this will even work.
2024-03-05 15:06:52 -08:00
Charles Hall
4e09c9e58a
build all nix-based artifacts in a single job
This will reduce the amount of full builds that need to be done by runs
that don't have write access to the nix binary cache.
2024-03-05 15:06:52 -08:00
Charles Hall
6281c64c33
upgrade nixos/nix image 2024-03-05 15:06:51 -08:00
Charles Hall
4f352a711a
add trailing newline to file
Please fix your editor configuration...
2024-03-05 15:06:51 -08:00
Charles Hall
10b7b174b6
fix documented target triple
Even though it doesn't really matter because it's containerized anyway.
2024-03-05 15:06:51 -08:00
Charles Hall
e70f33741c
update flake.lock
Also switch names to match the newer upstream nixpkgs code.

Flake lock file updates:

• Updated input 'attic':
    'github:zhaofengli/attic/fbe252a5c21febbe920c025560cbd63b20e24f3b' (2024-01-18)
  → 'github:zhaofengli/attic/6eabc3f02fae3683bffab483e614bebfcd476b21' (2024-02-14)
• Updated input 'fenix':
    'github:nix-community/fenix/e132ea0eb0c799a2109a91688e499d7bf4962801' (2024-01-18)
  → 'github:nix-community/fenix/c8943ea9e98d41325ff57d4ec14736d330b321b2' (2024-03-05)
• Updated input 'fenix/rust-analyzer-src':
    'github:rust-lang/rust-analyzer/9d9b34354d2f13e33568c9c55b226dd014a146a0' (2024-01-17)
  → 'github:rust-lang/rust-analyzer/9f14343f9ee24f53f17492c5f9b653427e2ad15e' (2024-03-04)
• Updated input 'flake-utils':
    'github:numtide/flake-utils/1ef2e671c3b0c19053962c07dbda38332dcebf26' (2024-01-15)
  → 'github:numtide/flake-utils/d465f4819400de7c8d874d50b982301f28a84605' (2024-02-28)
• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/842d9d80cfd4560648c785f8a4e6f3b096790e19' (2024-01-17)
  → 'github:NixOS/nixpkgs/b8697e57f10292a6165a20f03d2f42920dfaf973' (2024-03-03)
2024-03-05 15:06:51 -08:00
Charles Hall
161ad8f9a4
update to latest crane before a regression
Once these issues are fixed, or at least just the one against crane, we
can go back to `ref=master`.

Flake lock file updates:

• Updated input 'crane':
    'github:ipetkov/crane/c798790eabec3e3da48190ae3698ac227aab770c' (2024-01-28)
  → 'github:ipetkov/crane/2c653e4478476a52c6aa3ac0495e4dea7449ea0e' (2024-02-11)
2024-03-05 15:06:51 -08:00
Timo Kösters
732d331847 Merge branch 'async-mutex-guards' into 'next'
refactor: use async-aware RwLocks and Mutexes where possible

See merge request famedly/conduit!595
2024-03-05 22:19:27 +00:00
Matthias Ahouansou
ee7efdd403
typo: as -> has 2024-03-05 20:31:40 +00:00
Matthias Ahouansou
07bb369c5c
perf: remove unnecessary async 2024-03-05 20:20:19 +00:00
Matthias Ahouansou
17dd8cb918
style: rename Sync(Mutex|RwLock) to Std(Mutex|RwLock) 2024-03-05 20:16:28 +00:00
Matthias Ahouansou
e33d8430d3
typo: colsures -> closures 2024-03-05 20:13:39 +00:00
Matthias Ahouansou
c58af8485d
revert: remove dependency on async_recursion 2024-03-05 19:59:24 +00:00
Matthias Ahouansou
becaad677f
refactor: use async-aware RwLocks and Mutexes where possible 2024-03-05 14:23:59 +00:00
Timo Kösters
57575b7c6f Merge branch 'dont-give-guests-admin' into 'next'
fix(accounts): don't give guests admin

See merge request famedly/conduit!591
2024-03-04 17:00:14 +00:00
Matthias Ahouansou
4934020ee7
style: remove unnecessary else block 2024-03-04 09:33:03 +00:00
Timo Kösters
7bb480ceb8 Merge branch 'readme' into 'next'
docs: small fixes for the README

See merge request famedly/conduit!592
2024-03-03 23:13:47 +00:00
Matthias Ahouansou
da5975d727 fix: avoid panics when admin room is not available 2024-03-03 22:42:24 +00:00
Timo Kösters
56a57d5489 docs: small fixes for the README 2024-03-03 15:56:03 +01:00
Matthias Ahouansou
e06e15d4ec
fix(accounts): don't give guests admin 2024-03-03 11:26:58 +00:00
Timo Kösters
18e684b92e Merge branch 'performance' into 'next'
Improvements to /sync performance and db size

See merge request famedly/conduit!590
2024-03-02 15:20:21 +00:00
Timo Kösters
a159fff08a
improvement: deactivate old presence code because it slows down sync
The problem is that for each sync, it creates a new rocksdb iterator for each room, and creating iterators is somewhat expensive
2024-02-29 10:31:25 +01:00
Timo Kösters
62dda7a43f
improvement: delete old rocksdb LOG files 2024-02-29 10:28:06 +01:00
Timo Kösters
99ab234f40
Merge branch 'fixes' into 'next'
Avoid panic when client is confused about rooms

See merge request famedly/conduit!588
2024-02-28 16:19:48 +00:00
Timo Kösters
e83416bb5a
Merge branch 'fixnginx' into 'next'
Fixed nginx proxy_pass directive

See merge request famedly/conduit!589
2024-02-28 16:09:55 +00:00
olly1240
726b6f0fa6
Fixed nginx proxy_pass directive 2024-02-28 16:38:06 +01:00
Timo Kösters
d7fd89df49
fix: avoid panic when client is confused about rooms 2024-02-28 16:31:41 +01:00
Timo Kösters
f4e57fdb22
Avoid federation when it is not necessary 2024-02-28 16:27:08 +01:00
Timo Kösters
4f096adcfa Merge branch 'bump-ruma' into 'next'
Bump ruma to latest commit

See merge request famedly/conduit!586
2024-02-25 19:35:54 +00:00
Matthias Ahouansou
21a5fa3ef0 refactor: use re-exported JsOption from ruma rather than directly adding it as a dependency 2024-02-25 10:30:30 +00:00
Matthias Ahouansou
b27e9ea95c chore: bump ruma to latest commit (as of 2024-02-25) 2024-02-25 08:49:20 +00:00
Matthias Ahouansou
8aa915acb9 bump ruma, support deprecated user login field 2024-02-23 20:29:17 +00:00
Matthias Ahouansou
ace9637bc2 replace unwraps with expects 2024-02-23 19:39:30 +00:00
Charles Hall
be1e2e9307 Merge branch 'ci/push-dockerhub' into 'next'
feat(ci): push oci-image to docker hub

See merge request famedly/conduit!584
2024-02-18 01:36:50 +00:00
Samuel Meenzen
1c6a4b1b24 feat(ci): push oci-image to docker hub 2024-02-18 01:36:50 +00:00
Matthias Ahouansou
976a73a0e5 style: appease rustfmt 2024-02-16 21:19:40 +00:00
Matthias Ahouansou
4c06f329c4 refactor: appease clippy 2024-02-16 21:13:59 +00:00
Matthias Ahouansou
d841b81c56 chore: update Cargo.lock 2024-02-16 20:52:19 +00:00
Matthias Ahouansou
e707084345 chore: bump ruma to latest commit (as of 2024-02-16) 2024-02-16 20:52:07 +00:00
strawberry
6dcc8b6cf1 bump ruma to latest commit (syncv3 JsOption and push optional power levels)
Signed-off-by: strawberry <strawberry@puppygock.gay>
2024-02-16 20:45:48 +00:00
strawberry
a2ac491c54 bump ruma, add wrong room keys error code, tiny logging change
can't update ruma to very latest commit because of the weird JsOption thing for syncv4 that i can't wrap my head around how to use, not important anyways

Signed-off-by: strawberry <strawberry@pupbrain.dev>
2024-02-16 20:45:27 +00:00
Charles Hall
72a13d8353 Merge branch 'flake-compat' into 'next'
support non-flake users

See merge request famedly/conduit!581
2024-02-02 03:32:41 +00:00
Raito Bezarius
3a63f9dfb6
feat: support non-flake users
This uses flakes-compat to read the `flake.nix` and expose it
to non-flake users.

Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-02-01 19:19:56 -08:00
Timo Kösters
f4f2d05b5b Merge branch 'update-ring' into 'next'
update ring to ^0.17

See merge request famedly/conduit!580
2024-02-01 10:45:28 +00:00
Charles Hall
c3c7bcb2ed Merge branch 'publish-oci-image' into 'next'
Publish oci image to the gitlab registry

See merge request famedly/conduit!570
2024-01-30 17:04:48 +00:00
Samuel Meenzen
d6c57f9b2e Publish oci image to the gitlab registry 2024-01-30 17:04:47 +00:00
Charles Hall
7fb9e99649
update ring and jsonwebtoken to remove ring ^0.16 2024-01-29 16:21:42 -08:00
Charles Hall
1274b48ebb
run cargo update
`IndexMap::remove` was deprecated in favor of explicitly named methods.
I assume that we actually needed to be using `shift_remove`, otherwise
we probably wouldn't be bothering with `indexmap` here in the first
place. I wonder if this fixes any bugs lol
2024-01-29 16:17:25 -08:00
Charles Hall
0a281e81a5 Merge branch 'fix-oci-image-cross' into 'next'
pass pkgsCrossStatic to mkOciImage, not pkgsHost

See merge request famedly/conduit!579
2024-01-29 23:50:56 +00:00
Charles Hall
a43bde69fa
pass pkgsCrossStatic to mkOciImage, not pkgsHost
This fixes a bug where the aarch64 OCI image had metadata saying it was
an x86_64 OCI image. On top of that, I think the metadata was actually
right (aside from Conduit's binary): since all other packages were being
pulled from `pkgsHost`, an OCI image cross compiled for aarch64 from a
different architecture would result in unexecutable binaries (e.g. tini)
since they were compiled for the completely wrong architecture.
2024-01-29 15:39:09 -08:00
Charles Hall
986343877c Merge branch 'artifact-links' into 'next'
update DEPLOY.md with new build links

See merge request famedly/conduit!578
2024-01-29 23:04:24 +00:00
Charles Hall
2d47710b55
update DEPLOY.md with new build links 2024-01-29 14:55:48 -08:00
Charles Hall
10542a1d70 Merge branch 'use-upstream-crane' into 'next'
switch crane input back to upstream

See merge request famedly/conduit!576
2024-01-28 21:54:38 +00:00
Charles Hall
c167f7a6ad
switch crane input back to upstream
Thanks to the crane maintainer to fixing my issue in a way that doesn't
suck, unlike my attempt in the fork we were briefly using.
2024-01-28 13:31:03 -08:00
Charles Hall
5787a70bab Merge branch 'fix-complement' into 'next'
make complement (mostly) work again

See merge request famedly/conduit!575
2024-01-28 03:21:04 +00:00
Charles Hall
cf8f1f2546
make a bunch of changes so complement works again
Well, kinda. It crashed on me after 10 minutes because the tests timed
out like in <https://github.com/matrix-org/complement/issues/394>.
Sounds like this means it's a them problem though.

I want to use Nix to build this image instead in the future but this
will at least make it work for now and give me a reference for while I'm
porting it. I also want to make Conduit natively understand Complement's
requirements instead of `sed`ing a bunch of stuff and needing a reverse
proxy in the container. Should be more reliable that way.

I'm not making this run in CI until the above stuff is addressed and
until I can decide on a way to pin the revision of Complement being
tested against.
2024-01-27 18:09:43 -08:00
Charles Hall
3c2fc4a4c6 Merge branch 'oci-image-ca-certs' into 'next'
add ca certificates to the OCI image

See merge request famedly/conduit!574
2024-01-27 20:37:21 +00:00
Charles Hall
dffd771e7c
add ca certificates to the OCI image
Without this, checking the authority of TLS certificates fails, making
Conduit (rightly) refuse to connect to anything.
2024-01-27 12:25:06 -08:00
Charles Hall
4da8c7e282 Merge branch 'docker-tag' into 'next'
change docker tag back to `next`

See merge request famedly/conduit!573
2024-01-27 05:55:08 +00:00
Charles Hall
0df5d18fd6
change docker tag back to next
I misunderstood what the general meaning of the `latest` tag was.
2024-01-26 21:38:13 -08:00
Charles Hall
825ceac1c3 Merge branch 'update-rust' into 'next'
update rust toolchain

See merge request famedly/conduit!572
2024-01-26 18:27:47 +00:00
Charles Hall
3e389256f5
switch lint config to manifest-lint feature
I removed some lint configuration in the process:

* `#[allow(clippy::suspicious_else_formatting)]` because nothing is
  currently triggering it.
* `#[warn(clippy::future_not_send)]` because some stuff under
  `src/lib.rs` is. And also like, auto-trait leakage generally means
  this isn't a problem, and if things really need to be `Send`, then
  you'll probably know to mark it manually.
* `#[warn(rust_2018_idioms)]` and replaced it with
  `explicit-outlives-requirements = "warn"` which is the most useful
  lint in that group that isn't enabled by default.
2024-01-26 01:03:55 -08:00
Charles Hall
a7892a28ec
refer directly to stdenv since it's in scope 2024-01-25 22:00:32 -08:00
Charles Hall
9453dbc740
update rust toolchain
It comes with a bunch of new lints (yay!) so I fixed them all so CI will
keep working.

Also apparently something about linking changed because I had to change
the checks for deciding the linker flags for static x86_64 builds to
keep working.
2024-01-25 21:44:40 -08:00
Charles Hall
bf48c10d28 Merge branch 'cross' into 'next'
cross compile static binaries for x86_64 and aarch64

See merge request famedly/conduit!569
2024-01-26 04:12:15 +00:00
Charles Hall
7c1a3e41d9
add package to build an aarch64 oci image
And build it as an artifact in CI.
2024-01-25 20:03:29 -08:00
Charles Hall
2a04a361e0
break oci image builder into a function
Now it can be reused for different `pkgs` and `package`s.
2024-01-25 20:03:25 -08:00
Charles Hall
0e8e4f1083
add static cross to aarch64-unknown-linux-musl 2024-01-25 19:44:06 -08:00
Charles Hall
81ae579b25
add static cross to x86_64-unknown-linux-musl 2024-01-25 19:43:23 -08:00
Charles Hall
3a3cafe912
preempt cross problems by using my crane fork
I imagine this will get fixed/merged upstream in the near future.
2024-01-25 11:39:17 -08:00
Charles Hall
d29591d47d
group packages in attrset literal
This will make generating packages for cross possible.
2024-01-25 11:39:17 -08:00
Charles Hall
67d280dd2e
factor package expression into a function
We'll need to call it repeatedly to make packages for cross.
2024-01-25 11:39:17 -08:00
Charles Hall
3ac9be5a78
add x86_64-unknown-linux-gnu
This is probably the most common target and usually doesn't involve
cross compilation.
2024-01-25 11:39:17 -08:00
Charles Hall
52954f7a11
use fromToolchainFile
I *think* this will make it easier to pull in extra rustc targets.
2024-01-25 11:39:16 -08:00
Charles Hall
692a31620d
make let bindings take pkgs as an argument
Again, will make cross compilation easier to set up.
2024-01-25 11:39:16 -08:00
Charles Hall
cf4015b830
rename pkgs to pkgsHost
This will make organizing cross compilation easier.
2024-01-25 11:39:16 -08:00
Charles Hall
9cef03127b
remove with for nativeBuildInputs
It's going to get more involved and that `with` was too specific.
2024-01-25 11:39:16 -08:00
Charles Hall
249fc7769d
don't bother with mold
For now, at least. I suspect it will make cross compilation more
difficult.
2024-01-25 11:39:16 -08:00
Charles Hall
5cc53c9e14
push oci image and x86_64-*-gnu build to bin cache
This will allow most Nix users to use the `default` package and without
having to build from source. And also allows any weirdos to get the OCI
image from the Nix binary cache if they want. No idea why that would be
desireable though lol
2024-01-25 11:37:35 -08:00
Charles Hall
bdc46f6392
add script to build and push to binary cache
This is even useful for local development, as you can pre-populate the
binary cache before running CI (assuming you have the token). Also, it
being in a script makes it easier to test.

We've added attic as a flake input even though the flake itself doesn't
use it so that we can use `--inputs-from .` in Nix commands to reference
a locked version of attic. This helps with reproducibility and caching,
and to makes it easy to update attic because it's part of the normal
flake lifecycle.
2024-01-25 11:34:46 -08:00
Charles Hall
6ae776218c
add our own binary cache
The machine I'm hosting this on doesn't have incredible upload speeds
but it should be good enough?
2024-01-25 10:51:21 -08:00
Charles Hall
bd2b146d5d
add crane binary cache
This way we don't need to build e.g. crane-utils every time.
2024-01-24 23:25:48 -08:00
Charles Hall
f7cc4fb3bb
state artifacts' targets and rename artifacts
This will make it more obvious what's what and be more internally
consistent.
2024-01-24 23:25:42 -08:00
Charles Hall
ca198c51fa Merge branch 'reqwest-follow-up' into 'next'
move resolver logic into the resolver

See merge request famedly/conduit!571
2024-01-24 23:24:00 +00:00
Charles Hall
fe86d28428
move resolver logic into the resolver
Honestly not sure why it wasn't done like this before. This code is much
less awkward to follow and more compartmentalized.

These changes were mainly motivated by a clippy lint triggering on the
original code, which then made me wonder if I could get rid of some of
the `Box`ing. Turns out I could, and this is the result of that.
2024-01-24 15:11:17 -08:00
Timo Kösters
c86f9a5c5b Merge branch 'pr_upstream_reqwest' into 'next'
Use upstream `reqwest` instead of vendored one

See merge request famedly/conduit!527
2024-01-24 21:59:34 +00:00
Timo Kösters
e0358a9de5 Merge branch 'send_push_to_invited_user' into 'next'
feat: send push notification on invite to invited user and etc

Closes #399

See merge request famedly/conduit!559
2024-01-24 17:55:22 +00:00
Tobias Bucher
69d0003222 Use upstream reqwest instead of vendored one
This uses the `ClientBuilder::dns_resolver` function that was added in
reqwest 0.11.13, instead of the homebrew `ClientBuilder::resolve_fn`.
2024-01-24 17:12:43 +01:00
Timo Kösters
5cf9f3df48 Merge branch 'lints' into 'next'
fix CI

See merge request famedly/conduit!564
2024-01-24 15:42:20 +00:00
Charles Hall
0b7ed5adc9
add debian package building in ci
This uses a separate step and docker image, which I'm not a huge fan of.
At least I could get this to work for now, but I won't be shocked when
it breaks later. I know, I know, fixing this kind of problem is the
exact reason I bothered to do this, but I was really struggling to do
better here. Maybe I can take a second pass at this later.

Also, this explicitly names the caches, because without this, various
things related to linking will break.
2024-01-24 07:22:37 -08:00
Charles Hall
4de54db305
redo docker image and build it in ci 2024-01-24 07:22:37 -08:00
Charles Hall
02781e4f9b
use nix-filter to filter sources
This prevents nix from rebuilding conduit when files that don't actually
effect the build are changed.
2024-01-24 07:22:37 -08:00
Charles Hall
f8bdfd82b0
update flake.lock
Flake lock file updates:

• Updated input 'crane':
    'github:ipetkov/crane/8b08e96c9af8c6e3a2b69af5a7fa168750fcf88e' (2023-07-07)
  → 'github:ipetkov/crane/742170d82cd65c925dcddc5c3d6185699fbbad08' (2024-01-18)
• Removed input 'crane/flake-compat'
• Removed input 'crane/flake-utils'
• Removed input 'crane/rust-overlay'
• Removed input 'crane/rust-overlay/flake-utils'
• Removed input 'crane/rust-overlay/nixpkgs'
• Updated input 'fenix':
    'github:nix-community/fenix/39096fe3f379036ff4a5fa198950b8e79defe939' (2023-07-16)
  → 'github:nix-community/fenix/e132ea0eb0c799a2109a91688e499d7bf4962801' (2024-01-18)
• Updated input 'fenix/rust-analyzer-src':
    'github:rust-lang/rust-analyzer/996e054f1eb1dbfc8455ecabff0f6ff22ba7f7c8' (2023-07-15)
  → 'github:rust-lang/rust-analyzer/9d9b34354d2f13e33568c9c55b226dd014a146a0' (2024-01-17)
• Updated input 'flake-utils':
    'github:numtide/flake-utils/919d646de7be200f3bf08cb76ae1f09402b6f9b4' (2023-07-11)
  → 'github:numtide/flake-utils/1ef2e671c3b0c19053962c07dbda38332dcebf26' (2024-01-15)
• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/8acef304efe70152463a6399f73e636bcc363813' (2023-07-15)
  → 'github:NixOS/nixpkgs/842d9d80cfd4560648c785f8a4e6f3b096790e19' (2024-01-17)
2024-01-24 07:22:37 -08:00
Charles Hall
7e66d2e2c0
use nix and engage to manage ci 2024-01-24 07:22:37 -08:00
Charles Hall
ffd03a256b
remove workflow rules
I don't think these are actually necessary? At least in my own testing,
I haven't seen duplicate pipelines for a single commit when converting
from just a branch to a merge request.
2024-01-24 07:22:37 -08:00
Charles Hall
9d592d60d2
remove dockerlint step because it does nothing
It's configured to let the pipeline pass even if there are warnings or
errors, i.e. it's pointless.
2024-01-24 07:22:37 -08:00
Charles Hall
25ceb5ebd8
remove commented out ci step
If you want it back, just look at the git history.
2024-01-24 07:22:37 -08:00
Charles Hall
6f052fff98
improve nix flake
Also fix the comment in `Cargo.toml` about the rust-version stuff.
2024-01-24 07:22:37 -08:00
Charles Hall
e8ac881b2f
add an engage file
See <https://charles.page.computer.surgery/engage/> for info.
2024-01-24 07:22:37 -08:00
Charles Hall
0d17aedae5
fix cargo doc lints
Rustdoc (rightfully) thought the `[commandbody]` "tags" were broken
links, so I've just made them links to nothing instead.
2024-01-24 07:22:37 -08:00
Charles Hall
ab1fff2642
fix cargo clippy lints 2024-01-24 07:22:37 -08:00
Charles Hall
92c5b6b86c
fix cargo check lints 2024-01-24 07:22:25 -08:00
Charles Hall
dc2f53e773
comment out heed backend things
The code in conduit doesn't compile.
2024-01-18 12:27:48 -08:00
Timo Kösters
2475995102 Merge branch 'conduit/declare-1.5-support' into 'next'
declare 1.5 support

See merge request famedly/conduit!568
2024-01-17 17:56:21 +00:00
Charles Hall
835f4ad8cf
declare 1.5 support 2024-01-16 13:52:56 -08:00
Val Lorentz
8175bc1246 Explicitly match RoomVersionId::V11 2023-12-24 19:04:48 +01:00
Val Lorentz
eb7ac91cd5 Reuse existing get_room_version 2023-12-24 19:02:03 +01:00
Timo Kösters
ca6219723b Merge branch 'conduit/envrc-shebang' into 'next'
add shebang to .envrc

See merge request famedly/conduit!566
2023-12-24 15:36:52 +00:00
Timo Kösters
40c7c248fb Merge branch 'conduit/rm-presence-panic' into 'next'
don't panic on missing presence status for a user

See merge request famedly/conduit!565
2023-12-24 15:36:36 +00:00
Charles Hall
8f3f5c01f9
add shebang to .envrc
All this really does is make syntax highlighting and shellcheck work by
default in more editors.
2023-12-23 22:21:19 -08:00
Charles Hall
9d7f7b871b
don't panic on missing presence status for a user 2023-12-23 21:01:01 -08:00
Timo Kösters
30f0871e21 Merge branch 'sendjoin-signature-error' into 'next'
Log underlying error when rejecting sendjoin response

See merge request famedly/conduit!563
2023-12-11 15:11:42 +00:00
Val Lorentz
98e81c6217 Log underlying error when rejecting sendjoin response 2023-12-03 19:38:09 +01:00
Val Lorentz
5a7bb1e8f1 Return error instead of panic when first event is not m.room.create 2023-12-02 17:51:19 +01:00
Val Lorentz
520806d413 Use Ruma's redact_content_in_place instead of custom implementation 2023-12-01 19:12:23 +01:00
Val Lorentz
9646439a94 Enable support for room v11 2023-12-01 18:29:15 +01:00
Val Lorentz
fac995036a create_hash_and_sign_event: Use actual version of RoomCreate events, instead of the default 2023-12-01 18:29:15 +01:00
Val Lorentz
18bfd79ef2 Remove "creator" key when upgrading rooms to v11 2023-12-01 18:28:51 +01:00
Val Lorentz
a3b8eea9b4 Move "redacts" key to "content" in redaction events in v11 rooms 2023-12-01 18:28:51 +01:00
Val Lorentz
d39d30008a Remove "creator" property from rooms >= v11 2023-12-01 15:11:26 +01:00
AndSDev
f3b6b3e222 feat: send push notification on invite to invited user and etc 2023-11-07 12:46:53 +00:00
Timo Kösters
3bfdae795d Merge branch 'sliding' into 'next'
Sliding sync improvements and redaction fixes

See merge request famedly/conduit!549
2023-09-13 18:57:57 +00:00
Timo Kösters
75c80df271
Sliding sync improvements and redaction fixes 2023-09-13 20:54:53 +02:00
Timo Kösters
094cb888d4 Merge branch 'badacl' into 'next'
fix: ACL error shouldn't break the whole request

See merge request famedly/conduit!542
2023-09-13 18:46:03 +00:00
Timo Kösters
fa725a14e2 Merge branch 'lukehmcc-next-patch-37096' into 'next'
Update README.md to fix typo & fix compatibility with new versions of docker compose

See merge request famedly/conduit!545
2023-09-11 18:34:06 +00:00
Luke McCarthy
9b3664aeeb Update README.md to fix typo & fix compatibility with new versions of docker compose 2023-08-27 02:14:03 +00:00
Jonas Zohren
90fea00dc7 Merge branch 'docs-docker-coturn' into 'next'
Docs: coturn instructions for docker

See merge request famedly/conduit!498
2023-08-23 14:18:42 +00:00
Jonas Zohren
20924a44f1 Suggestion on how to generate a secure key 2023-08-23 11:17:47 +02:00
purplemeteorite
38d6426b0e coturn setup instructions for docker 2023-08-23 11:09:21 +02:00
Timo Kösters
9b55ce933a
Back off from more events, don't retry auth events 2023-08-12 09:53:32 +02:00
Timo Kösters
f73a657a23
fix: ACL error shouldn't break the whole request 2023-08-11 20:29:22 +02:00
Timo Kösters
6dfb262ddf Merge branch 'patch-3' into 'next'
log handling previous event time as debug

See merge request famedly/conduit!540
2023-08-11 09:27:42 +00:00
Timo Kösters
75cdc3a1f6 Merge branch 'roomversionwarnings' into 'next'
Do not show "Invalid room version" errors when server is not in room

See merge request famedly/conduit!541
2023-08-11 09:27:23 +00:00
Timo Kösters
11103a92ed
Do not show "Invalid room version" errors when server is not in room 2023-08-11 10:48:48 +02:00
girlbossceo
ce2017a10e log handling previous event time as debug
Signed-off-by: girlbossceo <june@girlboss.ceo>
2023-08-10 23:12:37 +00:00
Timo Kösters
0c2cfda3ae Merge branch 'next' into 'master'
Merge remote-tracking branch 'origin/next'

See merge request famedly/conduit!538
2023-08-10 17:01:56 +00:00
Timo Kösters
4bf8ee1f74 Merge branch 'nextversion' into 'next'
Bump version to v0.6.0

See merge request famedly/conduit!537
2023-08-10 16:58:47 +00:00
Timo Kösters
5d16948030
Bump version to v0.6.0 2023-08-10 18:57:52 +02:00
Timo Kösters
b7b2eb9d05 Merge branch 'trust' into 'next'
improvement: matrix.org is default trusted server if unspecified

See merge request famedly/conduit!536
2023-08-10 15:50:16 +00:00
Timo Kösters
19bfee1835
improvement: matrix.org is default trusted server if unspecified 2023-08-10 17:45:58 +02:00
Timo Kösters
9db87550fd Merge branch 'admincommands' into 'next'
improvement: more forgiving admin command syntax

See merge request famedly/conduit!535
2023-08-10 15:36:29 +00:00
Timo Kösters
606b25b9e7
improvement: more forgiving admin command syntax 2023-08-10 17:26:55 +02:00
Timo Kösters
fd9e52a559
More sanity checks 2023-08-10 11:45:31 +02:00
Timo Kösters
0a0f227601 Merge branch 'registrationtokens' into 'next'
Registrationtokens

Closes #372

See merge request famedly/conduit!533
2023-08-09 20:27:19 +00:00
Timo Kösters
183558150d
fix: don't show removed rooms in space 2023-08-09 22:21:21 +02:00
Timo Kösters
c028e0553c
feat: registration tokens 2023-08-09 18:27:30 +02:00
Timo Kösters
2581f7a10b Merge branch 'fix-broken-links' into 'next'
Docs: Fix broken links in docker documentation

See merge request famedly/conduit!520
2023-08-09 07:55:49 +00:00
Timo Kösters
3e518773e2 Merge branch 'improvements' into 'next'
cross signing fixes

See merge request famedly/conduit!532
2023-08-07 16:11:11 +00:00
Timo Kösters
888f7e4403 Merge branch 'more-logging-enrichment' into 'next'
Slightly more logging improvements

See merge request famedly/conduit!530
2023-08-07 16:04:12 +00:00
Timo Kösters
d82c26f0a9
Avatars for sliding sync DMs 2023-08-07 17:54:08 +02:00
Timo Kösters
c1e2ffc0cd
improvement: maybe cross signing really works now 2023-08-07 13:55:44 +02:00
June
06fccbc340 debug log before and after nofile soft limit increases
Signed-off-by: June <june@girlboss.ceo>
2023-08-03 14:51:39 -10:00
girlbossceo
fbd8090b0b log room ID for invalid room topic event errors
Signed-off-by: girlbossceo <june@girlboss.ceo>
2023-08-03 08:54:47 -10:00
Timo Kösters
06ab707c79 Merge branch 'rusqlite-update' into 'next'
bump rusqlite to 0.29.0

See merge request famedly/conduit!529
2023-08-02 05:06:54 +00:00
Timo Kösters
174a580319 Merge branch 'base64-update' into 'next'
update base64 to 0.21.2

See merge request famedly/conduit!528
2023-08-02 05:06:24 +00:00
June
fbb256dd91 bump rusqlite to 0.29.0
Signed-off-by: June <june@girlboss.ceo>
2023-08-01 15:09:55 -10:00
June
5a7bade476 update base64 to 0.21.2
Signed-off-by: June <june@girlboss.ceo>
2023-08-01 14:48:50 -10:00
Timo Kösters
d2bfcb018e Merge branch 'error-leak-fix' into 'next'
sanitise potentially sensitive errors

See merge request famedly/conduit!523
2023-08-01 11:25:06 +00:00
Timo Kösters
08f0f17ff7 Merge branch 'msteenhagen-next-patch-18830' into 'next'
Removed ambiguity in deploy.md

See merge request famedly/conduit!525
2023-08-01 11:23:47 +00:00
Timo Kösters
57b86f1130 Merge branch 'msteenhagen-next-patch-22350' into 'next'
Correct option error adduser in DEPLOY.md

See merge request famedly/conduit!526
2023-08-01 11:23:28 +00:00
Maarten Steenhagen
3a6eee7019 Correct option error adduser in DEPLOY.md 2023-08-01 11:03:31 +00:00
Maarten Steenhagen
9ce1cad983 Changed 'right' to 'appropriate' to avoid ambiguity (original could be read as right-hand-side) 2023-08-01 10:58:07 +00:00
Timo Kösters
10da9485a5 Merge branch 'threads' into 'next'
fix: threads get updated properly

See merge request famedly/conduit!524
2023-07-31 14:24:11 +00:00
Timo Kösters
acfe381dd3
fix: threads get updated properly
Workaround for element web while waiting for https://github.com/matrix-org/matrix-js-sdk/pull/3635
2023-07-31 16:18:23 +02:00
girlbossceo
83805c66e5 sanitise potentially sensitive errors
prevents errors like DB or I/O errors from leaking filesystem paths

Co-authored-by: infamous <ehuff007@gmail.com>
Signed-off-by: girlbossceo <june@girlboss.ceo>
2023-07-30 17:30:16 +00:00
Timo Kösters
afd8112e25 Merge branch 'spaces' into 'next'
Automatic update checker

See merge request famedly/conduit!522
2023-07-29 19:55:51 +00:00
Timo Kösters
b8c164dc60
feat: version checker 2023-07-29 21:53:57 +02:00
Timo Kösters
0453a72890 Merge branch 'patch-1' into 'next'
fix: s/ok_or/ok_or_else in relevant places

See merge request famedly/conduit!521
2023-07-29 19:19:05 +00:00
girlbossceo
e2c914cc11 fix: s/ok_or/ok_or_else in relevant places
Signed-off-by: girlbossceo <june@girlboss.ceo>
2023-07-29 19:17:12 +00:00
Timo Kösters
da907451e7
Admin commands to sign and verify jsons 2023-07-29 20:00:12 +02:00
Timo Kösters
2b4a6c96ee Merge branch 'small-logging-improvements' into 'next'
Slight logging improvements

See merge request famedly/conduit!517
2023-07-29 15:00:42 +00:00
girlbossceo
d7061e6984 cargo fmt
Signed-off-by: girlbossceo <june@girlboss.ceo>
2023-07-29 14:30:48 +00:00
girlbossceo
3494d7759e Return "Hello from Conduit!" on the / route
akin to Synapes's "It works!" page, removing an unnecessary warning
about / route being unknown

Signed-off-by: girlbossceo <june@girlboss.ceo>
2023-07-29 14:29:26 +00:00
girlbossceo
cc5dcceacc Log the room ID, event ID, PDU, and event type where possible
Signed-off-by: girlbossceo <june@girlboss.ceo>
2023-07-29 14:29:26 +00:00
girlbossceo
863103450c Log the unknown login type in warning level
Signed-off-by: girlbossceo <june@girlboss.ceo>
2023-07-29 14:29:26 +00:00
girlbossceo
a0148a9996 Print relevant room ID and ACL'd server in informational level
These are room ACLs, not server ACLs. Causes confusion where people
think their Conduit homeserver was ACL'd. Print where these are coming from
in informational level.

Signed-off-by: girlbossceo <june@girlboss.ceo>
2023-07-29 14:29:26 +00:00
girlbossceo
1f867a2c86 Only print raw malformed JSON body in debug level
Signed-off-by: girlbossceo <june@girlboss.ceo>
2023-07-29 14:29:26 +00:00
purplemeteorite
c0a2acb869 Merge branch 'next' into 'fix-broken-links'
# Conflicts resolved:
#   docker/README.md
2023-07-29 08:02:56 +00:00
Timo Kösters
97835541ce Merge branch 'uak-next-patch-77212' into 'next'
Change link from docker-compose.override.traefik.yml to docker-compose.override.yml in README.md

See merge request famedly/conduit!514
2023-07-29 07:13:58 +00:00
purplemeteorite
081cc66eda fixed broken traefik links in docker README 2023-07-29 08:26:34 +02:00
purplemeteorite
7489e2c4f6 moved docker-compose.yml into the docker folder 2023-07-29 08:23:17 +02:00
Timo Kösters
1e675dbb68 Merge branch 'next' into 'next'
Docs: OCI image registries and tags

See merge request famedly/conduit!492
2023-07-28 19:34:42 +00:00
Timo Kösters
f4c1748ab1 Merge branch 'bugfix/well-known-missing' into 'next'
It's ok not being able to find a .well-known response.

See merge request famedly/conduit!519
2023-07-28 15:45:59 +00:00
Tobias Tom
7990822f72 It's ok not being able to find a .well-known response. 2023-07-28 16:26:40 +01:00
Timo Kösters
2a100412fa Merge branch 'relax-rocksdb' into 'next'
relax recovery mode

See merge request famedly/conduit!516
2023-07-27 06:12:31 +00:00
Timo Kösters
3e7652909b Merge branch 'maximize-fd-limit' into 'next'
maximize fd limit

See merge request famedly/conduit!515
2023-07-27 06:11:05 +00:00
Charles Hall
9fb8498067
relax recovery mode 2023-07-26 15:32:36 -07:00
Charles Hall
291290db92
maximize fd limit 2023-07-26 13:24:44 -07:00
uak
54a115caf3 Change link from docker-compose.override.traefik.yml to docker-compose.override.yml in README.md 2023-07-26 18:53:19 +00:00
Timo Kösters
81866170f0 Merge branch 'spaces' into 'next'
fix: spaces with restricted rooms

See merge request famedly/conduit!513
2023-07-26 06:40:00 +00:00
Timo Kösters
bf46829595
fix: spaces with restricted rooms 2023-07-26 08:34:12 +02:00
Timo Kösters
9f14ad7125 Merge branch 'sync-up-debian-packaging' into 'next'
Sync up Debian packaging

See merge request famedly/conduit!510
2023-07-24 17:10:45 +00:00
Timo Kösters
90a10c84ef Merge branch 'slidingfixes' into 'next'
Better sliding sync

See merge request famedly/conduit!511
2023-07-24 08:48:27 +00:00
Timo Kösters
d220641d64
Sliding sync subscriptions, e2ee, to_device messages 2023-07-24 10:42:52 +02:00
Timo Kösters
caddc656fb
slightly better sliding sync 2023-07-24 10:42:47 +02:00
Paul van Tilburg
b1a591a06c
Also create the conduit (system) group
The `chown` command mentioned later in `DEPLOY.md` needs this group to
exist. Also make sure this account cannot be used to login with by
disabling its password and its shell.

This is similar to how the Debian `postinst` script does this.
2023-07-23 12:53:43 +02:00
Paul van Tilburg
3cd3d0e0ff
Add section about how to download/install/deploy
This refers to `DEPLOY.md` as to not duplicate the information.
2023-07-23 12:53:36 +02:00
Paul van Tilburg
433dad6ac2
Turn README.Debian into a markdown file
It is common to have a markdown file per deployment subdirectory.
Still install it as `README.Debian` to `/usr/share/doc/matrix-conduit`
as per Debian policy.

Also update the link in the main `README.md` file.
2023-07-23 12:37:38 +02:00
Paul van Tilburg
8cf408e966
Fix up permissions of the database path
Also apply the database creation and ownership change on every
installation and upgrade.
2023-07-23 12:37:38 +02:00
Timo Kösters
1e560529d8 Merge branch 'nix-upkeep' into 'next'
Nix upkeep

See merge request famedly/conduit!505
2023-07-23 09:23:41 +00:00
Timo Kösters
ff98444d03 Merge branch 'nogroup' into 'next'
[Security fix] Create dedicated user group

See merge request famedly/conduit!509
2023-07-23 09:22:39 +00:00
x4u
82f31d6b72 Replace nogroup with dedicated user group 2023-07-23 14:21:36 +08:00
Charles Hall
6ae5143ff5
only listen on IPv6 since that's what conduit does 2023-07-21 12:12:37 -07:00
purplemeteorite
bd8fec3836 changed registry options
1. Recommended GitLab's own registry over Docker Hub. (Reason: https://gitlab.com/famedly/conduit/-/merge_requests/492#note_1457220261)
2. Added the development image :next to the list of options.
3. Displayed text for Docker Hub now contains "docker.io" as part of the link for easier copy-paste for podman users. Clicking on the link still takes to the website.
2023-07-21 20:33:32 +02:00
Charles Hall
742331e054
Revert "only use musl on x86_64"
This reverts commit 56f0f3dfa4.

This shouldn't be needed anymore since [this][0] reached nixos-unstable.

[0]: https://github.com/NixOS/nixpkgs/pull/242889
2023-07-16 13:48:05 -07:00
Charles Hall
abd8e1bf54
nixpkgs' rocksdb is now new enough :)
This reverts commit abd0a014e8.
2023-07-16 13:47:42 -07:00
Charles Hall
fa3b1fd9bd
update flake.lock
Flake lock file updates:

• Updated input 'crane':
    'github:ipetkov/crane/75f7d715f8088f741be9981405f6444e2d49efdd' (2023-06-13)
  → 'github:ipetkov/crane/8b08e96c9af8c6e3a2b69af5a7fa168750fcf88e' (2023-07-07)
• Updated input 'crane/rust-overlay':
    'github:oxalica/rust-overlay/c535b4f3327910c96dcf21851bbdd074d0760290' (2023-06-03)
  → 'github:oxalica/rust-overlay/f9b92316727af9e6c7fee4a761242f7f46880329' (2023-07-03)
• Updated input 'fenix':
    'github:nix-community/fenix/df0a6e4ec44b4a276acfa5a96d2a83cb2dfdc791' (2023-06-17)
  → 'github:nix-community/fenix/39096fe3f379036ff4a5fa198950b8e79defe939' (2023-07-16)
• Updated input 'fenix/rust-analyzer-src':
    'github:rust-lang/rust-analyzer/a5a71c75e62a0eaa1b42a376f7cf3d348cb5dec6' (2023-06-16)
  → 'github:rust-lang/rust-analyzer/996e054f1eb1dbfc8455ecabff0f6ff22ba7f7c8' (2023-07-15)
• Updated input 'flake-utils':
    'github:numtide/flake-utils/a1720a10a6cfe8234c0e93907ffe81be440f4cef' (2023-05-31)
  → 'github:numtide/flake-utils/919d646de7be200f3bf08cb76ae1f09402b6f9b4' (2023-07-11)
• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/04af42f3b31dba0ef742d254456dc4c14eedac86' (2023-06-17)
  → 'github:NixOS/nixpkgs/8acef304efe70152463a6399f73e636bcc363813' (2023-07-15)
2023-07-16 13:37:40 -07:00
Timo Kösters
e9946f81a0 Merge branch 'e2eefed' into 'next'
fix: e2ee over federation

See merge request famedly/conduit!504
2023-07-16 14:54:44 +00:00
Timo Kösters
a9ba067e77
fix: e2ee over federation 2023-07-16 16:50:03 +02:00
Timo Kösters
706148f941 Merge branch 'nhekobug' into 'next'
fix: nheko e2ee verification bug

See merge request famedly/conduit!503
2023-07-15 21:46:12 +00:00
Timo Kösters
24402312c5
fix: could not verify own events 2023-07-15 23:43:25 +02:00
Jonas Zohren
17180a3e08 capitalize names 2023-07-13 16:54:56 +00:00
Timo Kösters
3c6ffd88bf Merge branch 'unbreak-aarch64-nix' into 'next'
only use musl on x86_64

See merge request famedly/conduit!502
2023-07-11 14:11:45 +00:00
Timo Kösters
c3966f501c
fix: nheko e2ee verification bug 2023-07-10 23:10:27 +02:00
Charles Hall
56f0f3dfa4
only use musl on x86_64
Since that's all I've tested it on. Apparently this caused issues on
aarch64 even though it allegedly shouldn't.
2023-07-10 11:06:19 -07:00
Timo Kösters
ad06d475de Merge branch 'sliding' into 'next'
Very basic Element X support and fixes

See merge request famedly/conduit!501
2023-07-10 14:35:35 +00:00
Timo Kösters
0b4e3de9c0
fix: spaces with restricted rooms 2023-07-10 16:28:08 +02:00
Timo Kösters
edd4a3733f
fix: actually clear memory in the admin commands 2023-07-10 16:27:42 +02:00
Timo Kösters
c17187777f
fix: never try federation with self 2023-07-10 16:26:36 +02:00
Timo Kösters
78e7b711df
fix: better sliding sync 2023-07-10 16:25:33 +02:00
Timo Kösters
4b7d3e24dd
bump ruma 2023-07-10 16:24:57 +02:00
Timo Kösters
e4f769963f
feat: very simple sliding sync implementation 2023-07-06 10:32:25 +02:00
Jonas Zohren
eab5dac6e8 Merge branch 'fix-docker-build-image-size' into 'next'
ci: Fix "0 B" image size display

See merge request famedly/conduit!499
2023-07-04 21:18:25 +00:00
Jonas Zohren
c4824a6ebc ci: Fix "0 B" image size display
works around gitlab issue https://gitlab.com/gitlab-org/gitlab/-/issues/388865#workaround
2023-07-04 21:13:11 +00:00
Timo Kösters
f8a36e7554 Merge branch 'memory' into 'next'
improvement: better memory usage and admin commands to analyze it

See merge request famedly/conduit!497
2023-07-03 17:43:27 +00:00
Timo Kösters
a2c3256ced
improvement: better memory usage and admin commands to analyze it 2023-07-03 19:41:07 +02:00
Timo Kösters
833c1505f1 Merge branch 'hierarchy' into 'next'
feat: space hierarchies

See merge request famedly/conduit!495
2023-07-03 13:56:47 +00:00
Timo Kösters
bac13d08ae
fix: cache invalidation 2023-07-02 22:50:50 +02:00
Timo Kösters
f0a27dcb00 Merge branch 'next' into 'next'
update example configurations in DEPLOY.md for Apache and Nginx which include...

See merge request famedly/conduit!493
2023-07-02 20:20:31 +00:00
Timo Kösters
9d49d599f3
feat: space hierarchies 2023-07-02 22:12:06 +02:00
Jacob Taylor
2640f67e4b remove comments 2023-07-02 18:00:30 +00:00
Timo Kösters
eb8bc1af8d Merge branch 'jplatte/axum06' into 'next'
Upgrade axum to 0.6

See merge request famedly/conduit!494
2023-07-02 07:02:04 +00:00
Jonas Platte
0ded637b4a
Upgrade axum to 0.6 2023-06-29 11:20:52 +02:00
Jacob Taylor
dc50197a13 update example configurations in DEPLOY.md for Apache and Nginx which include upstream proxy timeouts of 5 minutes to allow for room joins which take a while 2023-06-29 02:42:32 +00:00
purplemeteorite
06a1321e56 easier-to-read docker setup instructions 2023-06-28 18:51:44 +02:00
Timo Kösters
6a6f8e80f1 Merge branch 'joinfix' into 'next'
improvement: randomize server order for alias joins

See merge request famedly/conduit!491
2023-06-28 15:47:36 +00:00
Timo Kösters
fd1ccbd3ad
improvement: randomize server order for alias joins 2023-06-28 17:44:30 +02:00
Timo Kösters
3a1a72df98 Merge branch 'stateres' into 'next'
Make state resolution more resistant and some sync performance improvements

See merge request famedly/conduit!490
2023-06-28 10:46:32 +00:00
Timo Kösters
84784970b2 Merge branch 'fix/docker-ci-pipeline' into 'next'
ci: Adjust to current docker

See merge request famedly/conduit!488
2023-06-27 18:54:40 +00:00
Timo Kösters
d64a56d88b
Do soft fail check before doing state res to allow leave events 2023-06-27 18:48:34 +02:00
Timo Kösters
be877ef719
Improve sync performance with more caching and wrapping things in Arcs to avoid copies 2023-06-27 13:15:11 +02:00
Timo Kösters
7c6d25dcd1
Do state res even if the event soft fails 2023-06-27 13:13:33 +02:00
Timo Kösters
b671238aa0 Merge branch 'rumafix' into 'next'
bump ruma

See merge request famedly/conduit!489
2023-06-26 21:11:20 +00:00
Timo Kösters
91180e011d
bump ruma 2023-06-26 23:10:26 +02:00
Jonas Zohren
26b8605fa0 ci: Adjust to current docker 2023-06-26 22:26:33 +02:00
Timo Kösters
dbd360ebb9 Merge branch 'unbreak' into 'next'
fix rustc version, nix upkeep

See merge request famedly/conduit!482
2023-06-26 19:12:46 +00:00
Timo Kösters
48e6e0659f Merge branch 'relations' into 'next'
Add relations endpoints, edits and threads work now

See merge request famedly/conduit!487
2023-06-26 19:11:57 +00:00
Timo Kösters
72eb1972c1
Add relations endpoints, edits and threads work now 2023-06-26 12:38:51 +02:00
Timo Kösters
63cbaedb79 Merge branch 'bearerfix' into 'next'
fix: send correct bearer token to appservices

Closes #358

See merge request famedly/conduit!486
2023-06-26 07:16:20 +00:00
Timo Kösters
db6def8800
fix: send correct bearer token to appservices 2023-06-26 09:15:52 +02:00
Timo Kösters
caa841c434 Merge branch 'contextfix' into 'next'
fix: /context for element android. start and end must be set even with limit=0

See merge request famedly/conduit!485
2023-06-26 06:34:10 +00:00
Timo Kösters
49a0f3a60d
fix: /context for element android. start and end must be set even with limit=0 2023-06-26 08:33:31 +02:00
Timo Kösters
bac82f43af Merge branch 'compressionoff' into 'next'
Disable compression, see https://en.wikipedia.org/wiki/BREACH

See merge request famedly/conduit!484
2023-06-25 21:46:34 +00:00
Timo Kösters
15cc801840
Disable compression, see https://en.wikipedia.org/wiki/BREACH 2023-06-25 23:43:54 +02:00
Timo Kösters
5f9ca8e458 Merge branch 'threads' into 'next'
feat: WIP relationships and threads

See merge request famedly/conduit!483
2023-06-25 20:59:53 +00:00
Timo Kösters
c7e0ea525a
feat: WIP relationships and threads 2023-06-25 19:40:33 +02:00
Charles Hall
abd0a014e8
nixpkgs' rocksdb is too old :( 2023-06-17 17:04:57 -07:00
Charles Hall
4a7d3c7301
upgrade rust in Cargo.toml/flake.nix
Looks like this should've happened as part of !479.
2023-06-17 17:04:11 -07:00
Charles Hall
15e60818c9
pin nixos-unstable, update flake.lock
`nixos-unstable` is the rolling release channel of NixOS. The default is
the master branch, which doesn't always have a populated binary cache
and so may result in compiling a bunch of stuff unnecessarily.
2023-06-17 17:02:10 -07:00
Timo Kösters
def079267d Merge branch 'adjust-to-rust-version-bumps' into 'next'
chore(ci): Adjust to rust version bumps

See merge request famedly/conduit!479
2023-06-10 15:35:22 +00:00
Jonas Zohren
a3a9b60abc chore(ci): Adjust to rust version bumps 2023-06-10 15:35:22 +00:00
Timo Kösters
808b12f618 Merge branch 'restricted' into 'next'
fix: restricted room error is now FORBIDDEN

See merge request famedly/conduit!478
2023-06-08 18:52:03 +00:00
Timo Kösters
faa9208a3e
cargo fmt 2023-06-08 20:51:34 +02:00
Timo Kösters
1ea27c4f97
fix: restricted room error is now FORBIDDEN 2023-06-08 20:49:42 +02:00
Timo Kösters
422ee40107 Merge branch 'mr-conduit-appservice-login' into 'next'
feat: support end to bridge encryption

See merge request famedly/conduit!454
2023-05-26 12:48:23 +00:00
Timo Kösters
0280fa5793 Merge branch 'next' into 'next'
fix nix readme to work with ipv6

See merge request famedly/conduit!475
2023-05-26 12:30:02 +00:00
digital
664d6baace fix: make requested changes 2023-05-26 13:06:28 +02:00
be9196430d fix nix readme to work with ipv6 2023-05-25 18:21:01 +00:00
Jonas Zohren
533bccad8f Merge branch '350-debian-package-from-docker-packager-result-doesn-t-seem-to-install-configuration-files' into 'next'
Fix CI + Debian packaging

Closes #350

See merge request famedly/conduit!474
2023-05-21 20:41:08 +00:00
Jonas Zohren
a4261aac76 * Fix Debian builds by actually including the whole debian directory into deb creation
* Fix CI by explicitly setting hostname of docker in docker service
* Fix Docker build by bumping the Rust version to 1.69
* Fix cargo check in CI by bumping the Rust version to 1.69
2023-05-21 20:41:08 +00:00
Timo Kösters
c38df57279 Merge branch 'deploymd' into 'next'
Minor DEPLOY.md changes

See merge request famedly/conduit!473
2023-05-21 13:17:29 +00:00
Timo Kösters
4e2bbf9d6a
Minor DEPLOY.md changes 2023-05-21 15:16:23 +02:00
Timo Kösters
7a9ec851fc Merge branch 'bump' into 'next'
Bump dependencies

See merge request famedly/conduit!472
2023-05-21 11:45:20 +00:00
Timo Kösters
d62cd2ae51
chore: bump dependencies 2023-05-21 13:42:59 +02:00
Timo Kösters
49b5af6d45
chore: bump rocksdb 2023-05-21 13:41:51 +02:00
Timo Kösters
1f1444da8c Merge branch 'pushrules' into 'next'
Improvements to pushrules endpoints

Closes #316

See merge request famedly/conduit!461
2023-05-21 10:41:31 +00:00
Timo Kösters
2a9a908343 Merge branch 'x4u/add-apache-cloudflare-deploy-info' into 'next'
X4u/add apache cloudflare deploy info

See merge request famedly/conduit!471
2023-05-21 07:04:59 +00:00
x4u
921b266d86 X4u/add apache cloudflare deploy info 2023-05-21 07:04:58 +00:00
Timo Kösters
dbbd164e39 Merge branch 'admin-command-fix' into 'next'
Recognize admin commands without : after tag

See merge request famedly/conduit!470
2023-05-17 19:09:54 +00:00
Jonathan Flueren
f5e3b0e2dd Recognize admin commands without : after tag
Very useful since many Matrix clients don't insert : after user tags
2023-05-15 19:25:57 +00:00
Timo Kösters
1b9e63f426 Merge branch 'unbreak-nix' into 'next'
Fix Nix builds (actually) (for real) (it seriously builds this time)

See merge request famedly/conduit!466
2023-04-05 09:59:09 +00:00
Charles Hall
eb4323cc0f
use mold on linux 2023-04-04 19:16:07 -07:00
Charles Hall
a6712627e4
tiny refactor 2023-04-04 19:15:09 -07:00
Charles Hall
3be32c4dac
factor out shared things 2023-04-04 17:52:15 -07:00
Charles Hall
55149e3336
use crane instead of naersk
I guess naersk still doesn't support git dependencies using workspace
inheritance, but crane does.
2023-04-04 17:42:24 -07:00
Charles Hall
2b63e46fc5
use system rocksdb
This mostly just improves build times.
2023-04-04 17:42:13 -07:00
Charles Hall
a0c449e570
update flake.lock 2023-04-04 17:09:49 -07:00
Charles Hall
c997311bea
Revert "build(nix): fix flake builds"
This reverts commit 5d913f7010.

Sorry, I don't understand how any of this works, and it seems pretty
opaque/difficult to fine-tune.
2023-04-04 17:02:34 -07:00
Kévin Commaille
1929ca5d9d
Add a database migration to fix and update the default pushrules 2023-03-18 15:03:57 +01:00
Kévin Commaille
88c6bf7595
Always return an error if a push rule is not found 2023-03-18 15:03:57 +01:00
Kévin Commaille
4635644e21
Use the ruma methods for managing rulesets 2023-03-18 15:03:57 +01:00
Kévin Commaille
f53ecaa97d
Bump Ruma 2023-03-18 15:03:56 +01:00
Timo Kösters
f704169aeb Merge branch 'fixjoin' into 'next'
fix: let requests continue event if client disconnects

See merge request famedly/conduit!464
2023-03-18 07:59:36 +00:00
Timo Kösters
2a7c4693b8
fix: don't accept new requests when shutting down 2023-03-18 08:58:20 +01:00
Timo Kösters
da3871f39a
fix: let requests continue event if client disconnects 2023-03-17 22:45:13 +01:00
Timo Kösters
664ee7d89a Merge branch 'backfill' into 'next'
feat: handle backfill requests

See merge request famedly/conduit!459
2023-03-16 13:32:42 +00:00
Timo Kösters
42b12934e3
Don't crash when a room errors 2023-03-13 10:43:09 +01:00
Timo Kösters
63f787f635
Reduce logs from info to debug 2023-03-13 10:39:19 +01:00
Timo Kösters
a1bd348977
fix: history visibility 2023-03-13 10:39:19 +01:00
Timo Kösters
27f29ba699
fix: SRV lookups should end with a period 2023-03-13 10:39:19 +01:00
Timo Kösters
cb0ce5b08f
Logs for server resolution 2023-03-13 10:39:18 +01:00
Timo Kösters
b7c99788e4
All the logs 2023-03-13 10:39:18 +01:00
Timo Kösters
2316d89048
Even more logging 2023-03-13 10:39:18 +01:00
Timo Kösters
bde4880c1d
fix: don't unwrap server keys 2023-03-13 10:39:18 +01:00
Timo Kösters
8b648d0d3f
fix: force abort federation requests after 2 minutes 2023-03-13 10:39:18 +01:00
Timo Kösters
4617ee2b6b
More logging for remote joins 2023-03-13 10:39:18 +01:00
Timo Kösters
10fa686c77
feat: respect history visibility 2023-03-13 10:39:18 +01:00
Timo Kösters
2a16a5e967
fix: don't send nulls as unsigned content 2023-03-13 10:39:17 +01:00
Timo Kösters
2aa0a2474b
fix: ignore unparsable pdus in /send 2023-03-13 10:39:17 +01:00
Timo Kösters
d39003ffc0
Allow backfilling create event itself 2023-03-13 10:39:17 +01:00
Timo Kösters
eae0989c40
fix: refactor backfill and add support for search 2023-03-13 10:39:17 +01:00
Timo Kösters
17a6431f5f
fix: make backfilled events reachable 2023-03-13 10:39:17 +01:00
Timo Kösters
fcfb06ffa6
fix: allow handling create event itself 2023-03-13 10:39:17 +01:00
Timo Kösters
7bdd9660aa
feat: ask for backfill 2023-03-13 10:39:17 +01:00
Timo Kösters
23b18d71ee
feat: handle backfill requests
Based on https://gitlab.com/famedly/conduit/-/merge_requests/421
2023-03-13 10:39:16 +01:00
Timo Kösters
84cfed5231 Merge branch 'fix-nix-build' into 'next'
Fix Nix flake build

See merge request famedly/conduit!456
2023-02-18 21:18:51 +00:00
Timo Kösters
cdcf4a017d Merge branch 'fixreset' into 'next'
fix: allow reactivation of users using reset-password admin command

See merge request famedly/conduit!458
2023-02-11 11:49:54 +00:00
Timo Kösters
fc0aff20cf
fix: allow reactivation of users using reset-password admin command 2023-02-11 12:43:41 +01:00
Timo Kösters
4223288cdf Merge branch 'fixbadservernameusers' into 'next'
fix: ignore bad user ids in migration

See merge request famedly/conduit!457
2023-02-07 16:19:59 +00:00
Timo Kösters
a4f18f99ad
fix: ignore bad user ids 2023-02-07 16:29:41 +01:00
Jonas Zohren
06df04f61c Merge branch 'fix_docker_healthcheck_for_address' into 'next'
Add a dynamic address resolution to the Docker healthcheck

See merge request famedly/conduit!434
2023-01-27 22:43:04 +00:00
Moritz Heiber
cfcc9086ff Add a dynamic address resolution to the Docker healthcheck 2023-01-27 22:43:04 +00:00
Yusuf Bera Ertan
11b9cfad5e
docs: update nix comment for rust-version in Cargo.toml 2023-01-28 00:14:58 +03:00
Yusuf Bera Ertan
5d913f7010
build(nix): fix flake builds 2023-01-28 00:10:21 +03:00
Jonas Zohren
d68dad580b Merge branch 'complement-improvements' into 'next'
Complement improvements

See merge request famedly/conduit!404
2023-01-27 16:41:34 +00:00
Jonathan de Jong
e13dc7c14a add little readme 2023-01-26 18:28:33 +01:00
Jonathan de Jong
b158896396 Merge remote-tracking branch 'origin/next' into complement-improvements 2023-01-26 18:19:39 +01:00
Timo Kösters
f95dd4521c Merge branch 'validate-state-of-admins-room' into 'next'
Validate PDU in admins room

See merge request famedly/conduit!382
2023-01-24 13:46:49 +00:00
Timo Kösters
1e77373332 Merge branch 'braid/ci-magic' into 'next'
fix: adjust CI config to runner requirements

See merge request famedly/conduit!455
2023-01-19 07:46:36 +00:00
The one with the braid
f01b96588d fix: adjust CI config to runner requirements
- make use of more stable BTRFS driver
- set default pull policy to `if-not-present`

Signed-off-by: The one with the braid <the-one@with-the-braid.cf>
2023-01-19 07:42:23 +01:00
digital
4d589d9788 feat: support end to bridge encryption
by implementing appservice logins
2023-01-18 23:34:18 +01:00
Timo Kösters
815db0d962 Merge branch 'joinfix' into 'next'
Maybe fix room joins

See merge request famedly/conduit!453
2023-01-14 20:22:55 +00:00
Timo Kösters
809c9b4481
Maybe fix room joins
This is a workaround for https://github.com/hyperium/hyper/issues/2312
2023-01-14 21:20:16 +01:00
Timo Kösters
c6e3438e76 Merge branch 'trusted-servers-doc' into 'next'
document `trusted_servers` option

See merge request famedly/conduit!451
2023-01-09 16:35:54 +00:00
Charles Hall
844508bc48
document trusted_servers option 2023-01-09 08:14:13 -08:00
Timo Kösters
b3aec63d67 Merge branch 'partial-nix-fix' into 'next'
partial nix fix

See merge request famedly/conduit!446
2023-01-09 15:58:40 +00:00
Timo Kösters
2da4ae6b3b Merge branch 'code-of-conduct' into 'next'
Add Contributor's Covenant Code of Conduct

See merge request famedly/conduit!448
2023-01-09 15:37:19 +00:00
Timo Kösters
5e6b498c22 Merge branch 'fix-nix-docs' into 'next'
fix nix docs

See merge request famedly/conduit!449
2023-01-09 15:35:39 +00:00
Charles Hall
391beddaf4
fix nix docs
I made some silly copy paste errors while writing this...
2023-01-08 12:44:59 -08:00
r3g_5z
112b76b1c1
Add Contributor's Covenant Code of Conduct
Signed-off-by: r3g_5z <june@girlboss.ceo>
2023-01-08 02:44:25 -05:00
Charles Hall
315944968b
remind people to update the hash
And offer help since it's pretty easy but impossible if you don't have
Nix installed.
2022-12-23 00:30:36 -08:00
Charles Hall
9f74555c88
update flake.lock 2022-12-23 00:29:43 -08:00
Charles Hall
0a4e8e5909
update rust toolchain hash 2022-12-23 00:29:43 -08:00
Jonathan de Jong
52018c3967 allow complement dockerfile to copy over target folder 2022-10-28 21:04:05 +02:00
Jonathan de Jong
215d909e59 More debug info when try_from_http_request fails 2022-10-17 18:41:59 +02:00
Jonathan de Jong
ada15ceacc Complement improvements 2022-10-17 18:41:45 +02:00
AndSDev
e923f63c49 fix(service/rooms/timeline): fix validating for non-joined members 2022-10-14 14:45:05 +03:00
AndSDev
d755a96c2c refactor(service/rooms/timeline): add cache for server_name 2022-10-13 11:19:51 +00:00
AndSDev
76f81ac201 feat(db/rooms): disable banning for last user and conduit user in admins room 2022-10-13 14:15:23 +03:00
AndSDev
912491cb28 style(db/rooms): refactor admin room pdu validating 2022-10-13 14:04:26 +03:00
AndSDev
da2dbd2877 feat(db/rooms): disable leaving from admin room for last user 2022-10-13 13:09:26 +03:00
AndSDev
c67f95ebff feat(db/rooms): disable leaving from admin room for conduit user 2022-10-13 13:01:18 +03:00
AndSDev
3a8321f9ad feat(db/rooms): encryption is not allowed in the admins room 2022-10-13 12:50:23 +03:00
159 changed files with 14584 additions and 7208 deletions

15
.editorconfig Normal file
View file

@ -0,0 +1,15 @@
# EditorConfig is awesome: https://EditorConfig.org
root = true
[*]
charset = utf-8
end_of_line = lf
tab_width = 4
indent_size = 4
indent_style = space
insert_final_newline = true
max_line_length = 120
[*.nix]
indent_size = 2

4
.envrc
View file

@ -1 +1,5 @@
#!/usr/bin/env bash
use flake use flake
PATH_add bin

7
.gitignore vendored
View file

@ -61,9 +61,16 @@ conduit.db
# Etc. # Etc.
**/*.rs.bk **/*.rs.bk
cached_target
# Nix artifacts # Nix artifacts
/result* /result*
# Direnv cache # Direnv cache
/.direnv /.direnv
# Gitlab CI cache
/.gitlab-ci.d
# mdbook output
public/

View file

@ -1,238 +1,197 @@
stages: stages:
- build - ci
- build docker image - artifacts
- test - publish
- upload artifacts
variables: variables:
# Make GitLab CI go fast: # Makes some things print in color
GIT_SUBMODULE_STRATEGY: recursive TERM: ansi
FF_USE_FASTZIP: 1 # Faster cache and artifact compression / decompression
CACHE_COMPRESSION_LEVEL: fastest FF_USE_FASTZIP: true
# Print progress reports for cache and artifact transfers
# --------------------------------------------------------------------- # TRANSFER_METER_FREQUENCY: 5s
# Create and publish docker image #
# --------------------------------------------------------------------- #
.docker-shared-settings:
stage: "build docker image"
image: jdrouet/docker-with-buildx:20.10.21-0.9.1
needs: []
tags: ["docker"]
variables:
# Docker in Docker:
DOCKER_HOST: tcp://docker:2375/
DOCKER_TLS_CERTDIR: ""
DOCKER_DRIVER: overlay2
services:
- docker:dind
script:
- apk add openssh-client
- eval $(ssh-agent -s)
- mkdir -p ~/.ssh && chmod 700 ~/.ssh
- printf "Host *\n\tStrictHostKeyChecking no\n\n" >> ~/.ssh/config
- sh .gitlab/setup-buildx-remote-builders.sh
# Authorize against this project's own image registry:
- docker login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" $CI_REGISTRY
# Build multiplatform image and push to temporary tag:
- >
docker buildx build
--platform "linux/arm/v7,linux/arm64,linux/amd64"
--pull
--tag "$CI_REGISTRY_IMAGE/temporary-ci-images:$CI_JOB_ID"
--push
--file "Dockerfile" .
# Build multiplatform image to deb stage and extract their .deb files:
- >
docker buildx build
--platform "linux/arm/v7,linux/arm64,linux/amd64"
--target "packager-result"
--output="type=local,dest=/tmp/build-output"
--file "Dockerfile" .
# Build multiplatform image to binary stage and extract their binaries:
- >
docker buildx build
--platform "linux/arm/v7,linux/arm64,linux/amd64"
--target "builder-result"
--output="type=local,dest=/tmp/build-output"
--file "Dockerfile" .
# Copy to GitLab container registry:
- >
docker buildx imagetools create
--tag "$CI_REGISTRY_IMAGE/$TAG"
--tag "$CI_REGISTRY_IMAGE/$TAG-bullseye"
--tag "$CI_REGISTRY_IMAGE/$TAG-commit-$CI_COMMIT_SHORT_SHA"
"$CI_REGISTRY_IMAGE/temporary-ci-images:$CI_JOB_ID"
# if DockerHub credentials exist, also copy to dockerhub:
- if [ -n "${DOCKER_HUB}" ]; then docker login -u "$DOCKER_HUB_USER" -p "$DOCKER_HUB_PASSWORD" "$DOCKER_HUB"; fi
- >
if [ -n "${DOCKER_HUB}" ]; then
docker buildx imagetools create
--tag "$DOCKER_HUB_IMAGE/$TAG"
--tag "$DOCKER_HUB_IMAGE/$TAG-bullseye"
--tag "$DOCKER_HUB_IMAGE/$TAG-commit-$CI_COMMIT_SHORT_SHA"
"$CI_REGISTRY_IMAGE/temporary-ci-images:$CI_JOB_ID"
; fi
- mv /tmp/build-output ./
artifacts:
paths:
- "./build-output/"
docker:next:
extends: .docker-shared-settings
rules:
- if: '$BUILD_SERVER_SSH_PRIVATE_KEY && $CI_COMMIT_BRANCH == "next"'
variables:
TAG: "matrix-conduit:next"
docker:master:
extends: .docker-shared-settings
rules:
- if: '$BUILD_SERVER_SSH_PRIVATE_KEY && $CI_COMMIT_BRANCH == "master"'
variables:
TAG: "matrix-conduit:latest"
docker:tags:
extends: .docker-shared-settings
rules:
- if: "$BUILD_SERVER_SSH_PRIVATE_KEY && $CI_COMMIT_TAG"
variables:
TAG: "matrix-conduit:$CI_COMMIT_TAG"
# --------------------------------------------------------------------- #
# Run tests #
# --------------------------------------------------------------------- #
cargo check:
stage: test
image: docker.io/rust:1.64.0-bullseye
needs: []
interruptible: true
before_script:
- "rustup show && rustc --version && cargo --version" # Print version info for debugging
- apt-get update && apt-get -y --no-install-recommends install libclang-dev # dependency for rocksdb
script:
- cargo check
.test-shared-settings:
stage: "test"
needs: []
image: "registry.gitlab.com/jfowl/conduit-containers/rust-with-tools:latest"
tags: ["docker"]
variables:
CARGO_INCREMENTAL: "false" # https://matklad.github.io/2021/09/04/fast-rust-builds.html#ci-workflow
interruptible: true
test:cargo:
extends: .test-shared-settings
before_script:
- apt-get update && apt-get -y --no-install-recommends install libclang-dev # dependency for rocksdb
script:
- rustc --version && cargo --version # Print version info for debugging
- "cargo test --color always --workspace --verbose --locked --no-fail-fast -- -Z unstable-options --format json | gitlab-report -p test > $CI_PROJECT_DIR/report.xml"
artifacts:
when: always
reports:
junit: report.xml
test:clippy:
extends: .test-shared-settings
allow_failure: true
before_script:
- rustup component add clippy
- apt-get update && apt-get -y --no-install-recommends install libclang-dev # dependency for rocksdb
script:
- rustc --version && cargo --version # Print version info for debugging
- "cargo clippy --color always --verbose --message-format=json | gitlab-report -p clippy > $CI_PROJECT_DIR/gl-code-quality-report.json"
artifacts:
when: always
reports:
codequality: gl-code-quality-report.json
test:format:
extends: .test-shared-settings
before_script:
- rustup component add rustfmt
script:
- cargo fmt --all -- --check
test:audit:
extends: .test-shared-settings
allow_failure: true
script:
- cargo audit --color always || true
- cargo audit --stale --json | gitlab-report -p audit > gl-sast-report.json
artifacts:
when: always
reports:
sast: gl-sast-report.json
test:dockerlint:
stage: "test"
needs: []
image: "ghcr.io/hadolint/hadolint@sha256:6c4b7c23f96339489dd35f21a711996d7ce63047467a9a562287748a03ad5242" # 2.8.0-alpine
interruptible: true
script:
- hadolint --version
# First pass: Print for CI log:
- >
hadolint
--no-fail --verbose
./Dockerfile
# Then output the results into a json for GitLab to pretty-print this in the MR:
- >
hadolint
--format gitlab_codeclimate
--failure-threshold error
./Dockerfile > dockerlint.json
artifacts:
when: always
reports:
codequality: dockerlint.json
paths:
- dockerlint.json
rules:
- if: '$CI_COMMIT_REF_NAME != "master"'
changes:
- docker/*Dockerfile
- Dockerfile
- .gitlab-ci.yml
- if: '$CI_COMMIT_REF_NAME == "master"'
- if: '$CI_COMMIT_REF_NAME == "next"'
# --------------------------------------------------------------------- #
# Store binaries as package so they have download urls #
# --------------------------------------------------------------------- #
# DISABLED FOR NOW, NEEDS TO BE FIXED AT A LATER TIME:
#publish:package:
# stage: "upload artifacts"
# needs:
# - "docker:tags"
# rules:
# - if: "$CI_COMMIT_TAG"
# image: curlimages/curl:latest
# tags: ["docker"]
# variables:
# GIT_STRATEGY: "none" # Don't need a clean copy of the code, we just operate on artifacts
# script:
# - 'BASE_URL="${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/generic/conduit-${CI_COMMIT_REF_SLUG}/build-${CI_PIPELINE_ID}"'
# - 'curl --header "JOB-TOKEN: $CI_JOB_TOKEN" --upload-file build-output/linux_amd64/conduit "${BASE_URL}/conduit-x86_64-unknown-linux-gnu"'
# - 'curl --header "JOB-TOKEN: $CI_JOB_TOKEN" --upload-file build-output/linux_arm_v7/conduit "${BASE_URL}/conduit-armv7-unknown-linux-gnu"'
# - 'curl --header "JOB-TOKEN: $CI_JOB_TOKEN" --upload-file build-output/linux_arm64/conduit "${BASE_URL}/conduit-aarch64-unknown-linux-gnu"'
# - 'curl --header "JOB-TOKEN: $CI_JOB_TOKEN" --upload-file build-output/linux_amd64/conduit.deb "${BASE_URL}/conduit-x86_64-unknown-linux-gnu.deb"'
# - 'curl --header "JOB-TOKEN: $CI_JOB_TOKEN" --upload-file build-output/linux_arm_v7/conduit.deb "${BASE_URL}/conduit-armv7-unknown-linux-gnu.deb"'
# - 'curl --header "JOB-TOKEN: $CI_JOB_TOKEN" --upload-file build-output/linux_arm64/conduit.deb "${BASE_URL}/conduit-aarch64-unknown-linux-gnu.deb"'
# Avoid duplicate pipelines # Avoid duplicate pipelines
# See: https://docs.gitlab.com/ee/ci/yaml/workflow.html#switch-between-branch-pipelines-and-merge-request-pipelines # See: https://docs.gitlab.com/ee/ci/yaml/workflow.html#switch-between-branch-pipelines-and-merge-request-pipelines
workflow: workflow:
rules: rules:
- if: '$CI_PIPELINE_SOURCE == "merge_request_event"' - if: $CI_PIPELINE_SOURCE == "merge_request_event"
- if: "$CI_COMMIT_BRANCH && $CI_OPEN_MERGE_REQUESTS" - if: $CI_COMMIT_BRANCH && $CI_OPEN_MERGE_REQUESTS
when: never when: never
- if: "$CI_COMMIT_BRANCH" - if: $CI
- if: "$CI_COMMIT_TAG"
before_script:
# Enable nix-command and flakes
- if command -v nix > /dev/null; then echo "experimental-features = nix-command flakes" >> /etc/nix/nix.conf; fi
# Add our own binary cache
- if command -v nix > /dev/null; then echo "extra-substituters = https://attic.conduit.rs/conduit" >> /etc/nix/nix.conf; fi
- if command -v nix > /dev/null; then echo "extra-trusted-public-keys = conduit:ddcaWZiWm0l0IXZlO8FERRdWvEufwmd0Negl1P+c0Ns=" >> /etc/nix/nix.conf; fi
# Add alternate binary cache
- if command -v nix > /dev/null && [ -n "$ATTIC_ENDPOINT" ]; then echo "extra-substituters = $ATTIC_ENDPOINT" >> /etc/nix/nix.conf; fi
- if command -v nix > /dev/null && [ -n "$ATTIC_PUBLIC_KEY" ]; then echo "extra-trusted-public-keys = $ATTIC_PUBLIC_KEY" >> /etc/nix/nix.conf; fi
# Add crane binary cache
- if command -v nix > /dev/null; then echo "extra-substituters = https://crane.cachix.org" >> /etc/nix/nix.conf; fi
- if command -v nix > /dev/null; then echo "extra-trusted-public-keys = crane.cachix.org-1:8Scfpmn9w+hGdXH/Q9tTLiYAE/2dnJYRJP7kl80GuRk=" >> /etc/nix/nix.conf; fi
# Add nix-community binary cache
- if command -v nix > /dev/null; then echo "extra-substituters = https://nix-community.cachix.org" >> /etc/nix/nix.conf; fi
- if command -v nix > /dev/null; then echo "extra-trusted-public-keys = nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" >> /etc/nix/nix.conf; fi
# Install direnv and nix-direnv
- if command -v nix > /dev/null; then nix-env -iA nixpkgs.direnv nixpkgs.nix-direnv; fi
# Allow .envrc
- if command -v nix > /dev/null; then direnv allow; fi
# Set CARGO_HOME to a cacheable path
- export CARGO_HOME="$(git rev-parse --show-toplevel)/.gitlab-ci.d/cargo"
# Cache attic client
- if command -v nix > /dev/null; then ./bin/nix-build-and-cache --inputs-from . attic; fi
ci:
stage: ci
image: nixos/nix:2.22.0
script:
# Cache the inputs required for the devShell
- ./bin/nix-build-and-cache .#devShells.x86_64-linux.default.inputDerivation
- direnv exec . engage
cache:
key: nix
paths:
- target
- .gitlab-ci.d
rules:
# CI on upstream runners (only available for maintainers)
- if: $CI_PIPELINE_SOURCE == "merge_request_event" && $IS_UPSTREAM_CI == "true"
# Manual CI on unprotected branches that are not MRs
- if: $CI_PIPELINE_SOURCE != "merge_request_event" && $CI_COMMIT_REF_PROTECTED == "false"
when: manual
# Manual CI on forks
- if: $IS_UPSTREAM_CI != "true"
when: manual
- if: $CI
interruptible: true
artifacts:
stage: artifacts
image: nixos/nix:2.22.0
script:
- ./bin/nix-build-and-cache .#static-x86_64-unknown-linux-musl
- cp result/bin/conduit x86_64-unknown-linux-musl
- mkdir -p target/release
- cp result/bin/conduit target/release
- direnv exec . cargo deb --no-build
- mv target/debian/*.deb x86_64-unknown-linux-musl.deb
# Since the OCI image package is based on the binary package, this has the
# fun side effect of uploading the normal binary too. Conduit users who are
# deploying with Nix can leverage this fact by adding our binary cache to
# their systems.
#
# Note that although we have an `oci-image-x86_64-unknown-linux-musl`
# output, we don't build it because it would be largely redundant to this
# one since it's all containerized anyway.
- ./bin/nix-build-and-cache .#oci-image
- cp result oci-image-amd64.tar.gz
- ./bin/nix-build-and-cache .#static-aarch64-unknown-linux-musl
- cp result/bin/conduit aarch64-unknown-linux-musl
- mkdir -p target/aarch64-unknown-linux-musl/release
- cp result/bin/conduit target/aarch64-unknown-linux-musl/release
- direnv exec . cargo deb --no-strip --no-build --target aarch64-unknown-linux-musl
- mv target/aarch64-unknown-linux-musl/debian/*.deb aarch64-unknown-linux-musl.deb
- ./bin/nix-build-and-cache .#oci-image-aarch64-unknown-linux-musl
- cp result oci-image-arm64v8.tar.gz
- ./bin/nix-build-and-cache .#book
# We can't just copy the symlink, we need to dereference it https://gitlab.com/gitlab-org/gitlab/-/issues/19746
- cp -r --dereference result public
artifacts:
paths:
- x86_64-unknown-linux-musl
- aarch64-unknown-linux-musl
- x86_64-unknown-linux-musl.deb
- aarch64-unknown-linux-musl.deb
- oci-image-amd64.tar.gz
- oci-image-arm64v8.tar.gz
- public
rules:
# CI required for all MRs
- if: $CI_PIPELINE_SOURCE == "merge_request_event"
# Optional CI on forks
- if: $IS_UPSTREAM_CI != "true"
when: manual
allow_failure: true
- if: $CI
interruptible: true
.push-oci-image:
stage: publish
image: docker:25.0.0
services:
- docker:25.0.0-dind
variables:
IMAGE_SUFFIX_AMD64: amd64
IMAGE_SUFFIX_ARM64V8: arm64v8
script:
- docker load -i oci-image-amd64.tar.gz
- IMAGE_ID_AMD64=$(docker images -q conduit:next)
- docker load -i oci-image-arm64v8.tar.gz
- IMAGE_ID_ARM64V8=$(docker images -q conduit:next)
# Tag and push the architecture specific images
- docker tag $IMAGE_ID_AMD64 $IMAGE_NAME:$CI_COMMIT_SHA-$IMAGE_SUFFIX_AMD64
- docker tag $IMAGE_ID_ARM64V8 $IMAGE_NAME:$CI_COMMIT_SHA-$IMAGE_SUFFIX_ARM64V8
- docker push $IMAGE_NAME:$CI_COMMIT_SHA-$IMAGE_SUFFIX_AMD64
- docker push $IMAGE_NAME:$CI_COMMIT_SHA-$IMAGE_SUFFIX_ARM64V8
# Tag the multi-arch image
- docker manifest create $IMAGE_NAME:$CI_COMMIT_SHA --amend $IMAGE_NAME:$CI_COMMIT_SHA-$IMAGE_SUFFIX_AMD64 --amend $IMAGE_NAME:$CI_COMMIT_SHA-$IMAGE_SUFFIX_ARM64V8
- docker manifest push $IMAGE_NAME:$CI_COMMIT_SHA
# Tag and push the git ref
- docker manifest create $IMAGE_NAME:$CI_COMMIT_REF_NAME --amend $IMAGE_NAME:$CI_COMMIT_SHA-$IMAGE_SUFFIX_AMD64 --amend $IMAGE_NAME:$CI_COMMIT_SHA-$IMAGE_SUFFIX_ARM64V8
- docker manifest push $IMAGE_NAME:$CI_COMMIT_REF_NAME
# Tag git tags as 'latest'
- |
if [[ -n "$CI_COMMIT_TAG" ]]; then
docker manifest create $IMAGE_NAME:latest --amend $IMAGE_NAME:$CI_COMMIT_SHA-$IMAGE_SUFFIX_AMD64 --amend $IMAGE_NAME:$CI_COMMIT_SHA-$IMAGE_SUFFIX_ARM64V8
docker manifest push $IMAGE_NAME:latest
fi
dependencies:
- artifacts
only:
- next
- master
- tags
oci-image:push-gitlab:
extends: .push-oci-image
variables:
IMAGE_NAME: $CI_REGISTRY_IMAGE/matrix-conduit
before_script:
- docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
oci-image:push-dockerhub:
extends: .push-oci-image
variables:
IMAGE_NAME: matrixconduit/matrix-conduit
before_script:
- docker login -u $DOCKER_HUB_USER -p $DOCKER_HUB_PASSWORD
pages:
stage: publish
dependencies:
- artifacts
only:
- next
script:
- "true"
artifacts:
paths:
- public

3
.gitlab/route-map.yml Normal file
View file

@ -0,0 +1,3 @@
# Docs: Map markdown to html files
- source: /docs/(.+)\.md/
public: '\1.html'

134
CODE_OF_CONDUCT.md Normal file
View file

@ -0,0 +1,134 @@
# Contributor Covenant Code of Conduct
## Our Pledge
We as members, contributors, and leaders pledge to make participation in our
community a harassment-free experience for everyone, regardless of age, body
size, visible or invisible disability, ethnicity, sex characteristics, gender
identity and expression, level of experience, education, socio-economic status,
nationality, personal appearance, race, caste, color, religion, or sexual
identity and orientation.
We pledge to act and interact in ways that contribute to an open, welcoming,
diverse, inclusive, and healthy community.
## Our Standards
Examples of behavior that contributes to a positive environment for our
community include:
* Demonstrating empathy and kindness toward other people
* Being respectful of differing opinions, viewpoints, and experiences
* Giving and gracefully accepting constructive feedback
* Accepting responsibility and apologizing to those affected by our mistakes,
and learning from the experience
* Focusing on what is best not just for us as individuals, but for the overall
community
Examples of unacceptable behavior include:
* The use of sexualized language or imagery, and sexual attention or advances of
any kind
* Trolling, insulting or derogatory comments, and personal or political attacks
* Public or private harassment
* Publishing others' private information, such as a physical or email address,
without their explicit permission
* Other conduct which could reasonably be considered inappropriate in a
professional setting
## Enforcement Responsibilities
Community leaders are responsible for clarifying and enforcing our standards of
acceptable behavior and will take appropriate and fair corrective action in
response to any behavior that they deem inappropriate, threatening, offensive,
or harmful.
Community leaders have the right and responsibility to remove, edit, or reject
comments, commits, code, wiki edits, issues, and other contributions that are
not aligned to this Code of Conduct, and will communicate reasons for moderation
decisions when appropriate.
## Scope
This Code of Conduct applies within all community spaces, and also applies when
an individual is officially representing the community in public spaces.
Examples of representing our community include using an official e-mail address,
posting via an official social media account, or acting as an appointed
representative at an online or offline event.
## Enforcement
Instances of abusive, harassing, or otherwise unacceptable behavior may be
reported to the community leaders responsible for enforcement over email at
coc@koesters.xyz or over Matrix at @timo:conduit.rs.
All complaints will be reviewed and investigated promptly and fairly.
All community leaders are obligated to respect the privacy and security of the
reporter of any incident.
## Enforcement Guidelines
Community leaders will follow these Community Impact Guidelines in determining
the consequences for any action they deem in violation of this Code of Conduct:
### 1. Correction
**Community Impact**: Use of inappropriate language or other behavior deemed
unprofessional or unwelcome in the community.
**Consequence**: A private, written warning from community leaders, providing
clarity around the nature of the violation and an explanation of why the
behavior was inappropriate. A public apology may be requested.
### 2. Warning
**Community Impact**: A violation through a single incident or series of
actions.
**Consequence**: A warning with consequences for continued behavior. No
interaction with the people involved, including unsolicited interaction with
those enforcing the Code of Conduct, for a specified period of time. This
includes avoiding interactions in community spaces as well as external channels
like social media. Violating these terms may lead to a temporary or permanent
ban.
### 3. Temporary Ban
**Community Impact**: A serious violation of community standards, including
sustained inappropriate behavior.
**Consequence**: A temporary ban from any sort of interaction or public
communication with the community for a specified period of time. No public or
private interaction with the people involved, including unsolicited interaction
with those enforcing the Code of Conduct, is allowed during this period.
Violating these terms may lead to a permanent ban.
### 4. Permanent Ban
**Community Impact**: Demonstrating a pattern of violation of community
standards, including sustained inappropriate behavior, harassment of an
individual, or aggression toward or disparagement of classes of individuals.
**Consequence**: A permanent ban from any sort of public interaction within the
community.
## Attribution
This Code of Conduct is adapted from the [Contributor Covenant][homepage],
version 2.1, available at
[https://www.contributor-covenant.org/version/2/1/code_of_conduct.html][v2.1].
Community Impact Guidelines were inspired by
[Mozilla's code of conduct enforcement ladder][Mozilla CoC].
For answers to common questions about this code of conduct, see the FAQ at
[https://www.contributor-covenant.org/faq][FAQ]. Translations are available at
[https://www.contributor-covenant.org/translations][translations].
[homepage]: https://www.contributor-covenant.org
[v2.1]: https://www.contributor-covenant.org/version/2/1/code_of_conduct.html
[Mozilla CoC]: https://github.com/mozilla/diversity
[FAQ]: https://www.contributor-covenant.org/faq
[translations]: https://www.contributor-covenant.org/translations

2953
Cargo.lock generated

File diff suppressed because it is too large Load diff

View file

@ -1,111 +1,190 @@
[workspace.lints.rust]
explicit_outlives_requirements = "warn"
unused_qualifications = "warn"
[workspace.lints.clippy]
cloned_instead_of_copied = "warn"
dbg_macro = "warn"
str_to_string = "warn"
[package] [package]
name = "conduit"
description = "A Matrix homeserver written in Rust"
license = "Apache-2.0"
authors = ["timokoesters <timo@koesters.xyz>"] authors = ["timokoesters <timo@koesters.xyz>"]
homepage = "https://conduit.rs" description = "A Matrix homeserver written in Rust"
repository = "https://gitlab.com/famedly/conduit"
readme = "README.md"
version = "0.6.0-alpha"
rust-version = "1.64"
edition = "2021" edition = "2021"
homepage = "https://conduit.rs"
license = "Apache-2.0"
name = "conduit"
readme = "README.md"
repository = "https://gitlab.com/famedly/conduit"
version = "0.10.0-alpha"
# See also `rust-toolchain.toml`
rust-version = "1.79.0"
# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
[lints]
workspace = true
[dependencies] [dependencies]
# Web framework # Web framework
axum = { version = "0.5.17", default-features = false, features = ["form", "headers", "http1", "http2", "json", "matched-path"], optional = true } axum = { version = "0.7", default-features = false, features = [
axum-server = { version = "0.4.0", features = ["tls-rustls"] } "form",
tower = { version = "0.4.8", features = ["util"] } "http1",
tower-http = { version = "0.3.4", features = ["add-extension", "cors", "compression-full", "sensitive-headers", "trace", "util"] } "http2",
"json",
# Used for matrix spec type definitions and helpers "matched-path",
#ruma = { version = "0.4.0", features = ["compat", "rand", "appservice-api-c", "client-api", "federation-api", "push-gateway-api-c", "state-res", "unstable-pre-spec", "unstable-exhaustive-types"] } ], optional = true }
ruma = { git = "https://github.com/ruma/ruma", rev = "67d0f3cc04a8d1dc4a8a1ec947519967ce11ce26", features = ["compat", "rand", "appservice-api-c", "client-api", "federation-api", "push-gateway-api-c", "state-res", "unstable-msc2448", "unstable-exhaustive-types", "ring-compat", "unstable-unspecified" ] } axum-extra = { version = "0.9", features = ["typed-header"] }
#ruma = { git = "https://github.com/timokoesters/ruma", rev = "50c1db7e0a3a21fc794b0cce3b64285a4c750c71", features = ["compat", "rand", "appservice-api-c", "client-api", "federation-api", "push-gateway-api-c", "state-res", "unstable-pre-spec", "unstable-exhaustive-types"] } axum-server = { version = "0.6", features = ["tls-rustls"] }
#ruma = { path = "../ruma/crates/ruma", features = ["compat", "rand", "appservice-api-c", "client-api", "federation-api", "push-gateway-api-c", "state-res", "unstable-pre-spec", "unstable-exhaustive-types"] } tower = { version = "0.4.13", features = ["util"] }
tower-http = { version = "0.5", features = [
"add-extension",
"cors",
"sensitive-headers",
"trace",
"util",
] }
tower-service = "0.3"
# Async runtime and utilities # Async runtime and utilities
tokio = { version = "1.11.0", features = ["fs", "macros", "signal", "sync"] } tokio = { version = "1.28.1", features = ["fs", "macros", "signal", "sync"] }
# Used for storing data permanently # Used for storing data permanently
#sled = { version = "0.34.7", features = ["compression", "no_metrics"], optional = true } #sled = { version = "0.34.7", features = ["compression", "no_metrics"], optional = true }
#sled = { git = "https://github.com/spacejam/sled.git", rev = "e4640e0773595229f398438886f19bca6f7326a2", features = ["compression"] } #sled = { git = "https://github.com/spacejam/sled.git", rev = "e4640e0773595229f398438886f19bca6f7326a2", features = ["compression"] }
persy = { version = "1.0.0", optional = true, features = ["background_ops"] } persy = { version = "1.4.4", optional = true, features = ["background_ops"] }
# Used for the http request / response body type for Ruma endpoints used with reqwest # Used for the http request / response body type for Ruma endpoints used with reqwest
bytes = "1.1.0" bytes = "1.4.0"
http = "0.2.4" http = "1"
# Used to find data directory for default db path # Used to find data directory for default db path
directories = "4.0.0" directories = "5"
# Used for ruma wrapper # Used for ruma wrapper
serde_json = { version = "1.0.68", features = ["raw_value"] } serde_json = { version = "1.0.96", features = ["raw_value"] }
# Used for appservice registration files # Used for appservice registration files
serde_yaml = "0.9.13" serde_yaml = "0.9.21"
# Used for pdu definition # Used for pdu definition
serde = { version = "1.0.130", features = ["rc"] } serde = { version = "1.0.163", features = ["rc"] }
# Used for secure identifiers # Used for secure identifiers
rand = "0.8.4" rand = "0.8.5"
# Used to hash passwords # Used to hash passwords
rust-argon2 = "1.0.0" rust-argon2 = "2"
# Used to send requests # Used to send requests
reqwest = { default-features = false, features = ["rustls-tls-native-roots", "socks"], git = "https://github.com/timokoesters/reqwest", rev = "57b7cf4feb921573dfafad7d34b9ac6e44ead0bd" } hyper = "1.1"
hyper-util = { version = "0.1", features = [
"client",
"client-legacy",
"http1",
"http2",
] }
reqwest = { version = "0.12", default-features = false, features = [
"rustls-tls-native-roots",
"socks",
] }
# Used for conduit::Error type # Used for conduit::Error type
thiserror = "1.0.29" thiserror = "1.0.40"
# Used to generate thumbnails for images # Used to generate thumbnails for images
image = { version = "0.24.4", default-features = false, features = ["jpeg", "png", "gif"] } image = { version = "0.25", default-features = false, features = [
"gif",
"jpeg",
"png",
] }
# Used to encode server public key # Used to encode server public key
base64 = "0.13.0" base64 = "0.22"
# Used when hashing the state # Used when hashing the state
ring = "0.16.20" ring = "0.17.7"
# Used when querying the SRV record of other servers # Used when querying the SRV record of other servers
trust-dns-resolver = "0.22.0" hickory-resolver = "0.24"
# Used to find matching events for appservices # Used to find matching events for appservices
regex = "1.5.4" regex = "1.8.1"
# jwt jsonwebtokens # jwt jsonwebtokens
jsonwebtoken = "8.1.1" jsonwebtoken = "9.2.0"
# Performance measurements # Performance measurements
tracing = { version = "0.1.27", features = [] } opentelemetry = "0.22"
tracing-subscriber = { version = "0.3.16", features = ["env-filter"] } opentelemetry-jaeger-propagator = "0.1"
opentelemetry-otlp = "0.15"
opentelemetry_sdk = { version = "0.22", features = ["rt-tokio"] }
tracing = "0.1.37"
tracing-flame = "0.2.0" tracing-flame = "0.2.0"
opentelemetry = { version = "0.18.0", features = ["rt-tokio"] } tracing-opentelemetry = "0.23"
opentelemetry-jaeger = { version = "0.17.0", features = ["rt-tokio"] } tracing-subscriber = { version = "0.3.17", features = ["env-filter"] }
tracing-opentelemetry = "0.18.0"
lru-cache = "0.1.2"
rusqlite = { version = "0.28.0", optional = true, features = ["bundled"] }
parking_lot = { version = "0.12.1", optional = true }
crossbeam = { version = "0.8.1", optional = true }
num_cpus = "1.13.0"
threadpool = "1.8.1"
heed = { git = "https://github.com/timokoesters/heed.git", rev = "f6f825da7fb2c758867e05ad973ef800a6fe1d5d", optional = true }
rocksdb = { version = "0.17.0", default-features = true, features = ["multi-threaded-cf", "zstd"], optional = true }
thread_local = "1.1.3" lru-cache = "0.1.2"
parking_lot = { version = "0.12.1", optional = true }
rusqlite = { version = "0.31", optional = true, features = ["bundled"] }
# crossbeam = { version = "0.8.2", optional = true }
num_cpus = "1.15.0"
threadpool = "1.8.1"
# heed = { git = "https://github.com/timokoesters/heed.git", rev = "f6f825da7fb2c758867e05ad973ef800a6fe1d5d", optional = true }
# Used for ruma wrapper
serde_html_form = "0.2.0"
thread_local = "1.1.7"
# used for TURN server authentication # used for TURN server authentication
hmac = "0.12.1" hmac = "0.12.1"
sha-1 = "0.10.0" sha-1 = "0.10.1"
# used for conduit's CLI and admin room command parsing # used for conduit's CLI and admin room command parsing
clap = { version = "4.0.11", default-features = false, features = ["std", "derive", "help", "usage", "error-context"] } clap = { version = "4.3.0", default-features = false, features = [
futures-util = { version = "0.3.17", default-features = false } "derive",
"error-context",
"help",
"std",
"string",
"usage",
] }
futures-util = { version = "0.3.28", default-features = false }
# Used for reading the configuration from conduit.toml & environment variables # Used for reading the configuration from conduit.toml & environment variables
figment = { version = "0.10.6", features = ["env", "toml"] } figment = { version = "0.10.8", features = ["env", "toml"] }
tikv-jemalloc-ctl = { version = "0.5.0", features = ["use_std"], optional = true } # Validating urls in config
tikv-jemallocator = { version = "0.5.0", features = ["unprefixed_malloc_on_supported_platforms"], optional = true } url = { version = "2", features = ["serde"] }
lazy_static = "1.4.0"
async-trait = "0.1.57" async-trait = "0.1.68"
tikv-jemallocator = { version = "0.5.0", features = [
"unprefixed_malloc_on_supported_platforms",
], optional = true }
sd-notify = { version = "0.4.1", optional = true } sd-notify = { version = "0.4.1", optional = true }
# Used for matrix spec type definitions and helpers
[dependencies.ruma]
features = [
"appservice-api-c",
"client-api",
"compat",
"federation-api",
"push-gateway-api-c",
"rand",
"ring-compat",
"server-util",
"state-res",
"unstable-exhaustive-types",
"unstable-msc2448",
"unstable-msc3575",
"unstable-unspecified",
]
git = "https://github.com/ruma/ruma"
[dependencies.rocksdb]
features = ["lz4", "multi-threaded-cf", "zstd"]
optional = true
package = "rust-rocksdb"
version = "0.25"
[target.'cfg(unix)'.dependencies]
nix = { version = "0.28", features = ["resource"] }
[features] [features]
default = ["conduit_bin", "backend_sqlite", "backend_rocksdb", "jemalloc", "systemd"] default = ["backend_rocksdb", "backend_sqlite", "conduit_bin", "systemd"]
#backend_sled = ["sled"] #backend_sled = ["sled"]
backend_persy = ["persy", "parking_lot"] backend_persy = ["parking_lot", "persy"]
backend_sqlite = ["sqlite"] backend_sqlite = ["sqlite"]
backend_heed = ["heed", "crossbeam"] #backend_heed = ["heed", "crossbeam"]
backend_rocksdb = ["rocksdb"] backend_rocksdb = ["rocksdb"]
jemalloc = ["tikv-jemalloc-ctl", "tikv-jemallocator"]
sqlite = ["rusqlite", "parking_lot", "tokio/signal"]
conduit_bin = ["axum"] conduit_bin = ["axum"]
jemalloc = ["tikv-jemallocator"]
sqlite = ["parking_lot", "rusqlite", "tokio/signal"]
systemd = ["sd-notify"] systemd = ["sd-notify"]
[[bin]] [[bin]]
@ -118,35 +197,45 @@ name = "conduit"
path = "src/lib.rs" path = "src/lib.rs"
[package.metadata.deb] [package.metadata.deb]
name = "matrix-conduit" assets = [
maintainer = "Paul van Tilburg <paul@luon.net>" [
"README.md",
"usr/share/doc/matrix-conduit/",
"644",
],
[
"debian/README.md",
"usr/share/doc/matrix-conduit/README.Debian",
"644",
],
[
"target/release/conduit",
"usr/sbin/matrix-conduit",
"755",
],
]
conf-files = ["/etc/matrix-conduit/conduit.toml"]
copyright = "2020, Timo Kösters <timo@koesters.xyz>" copyright = "2020, Timo Kösters <timo@koesters.xyz>"
license-file = ["LICENSE", "3"]
depends = "$auto, ca-certificates" depends = "$auto, ca-certificates"
extended-description = """\ extended-description = """\
A fast Matrix homeserver that is optimized for smaller, personal servers, \ A fast Matrix homeserver that is optimized for smaller, personal servers, \
instead of a server that has high scalability.""" instead of a server that has high scalability."""
section = "net" license-file = ["LICENSE", "3"]
priority = "optional" maintainer = "Paul van Tilburg <paul@luon.net>"
assets = [
["debian/README.Debian", "usr/share/doc/matrix-conduit/", "644"],
["README.md", "usr/share/doc/matrix-conduit/", "644"],
["target/release/conduit", "usr/sbin/matrix-conduit", "755"],
]
conf-files = [
"/etc/matrix-conduit/conduit.toml"
]
maintainer-scripts = "debian/" maintainer-scripts = "debian/"
name = "matrix-conduit"
priority = "optional"
section = "net"
systemd-units = { unit-name = "matrix-conduit" } systemd-units = { unit-name = "matrix-conduit" }
[profile.dev] [profile.dev]
lto = 'off'
incremental = true incremental = true
lto = 'off'
[profile.release] [profile.release]
lto = 'thin' codegen-units = 32
incremental = true incremental = true
codegen-units=32 lto = 'thin'
# If you want to make flamegraphs, enable debug info: # If you want to make flamegraphs, enable debug info:
# debug = true # debug = true

View file

@ -1,23 +0,0 @@
[build.env]
# CI uses an S3 endpoint to store sccache artifacts, so their config needs to
# be available in the cross container as well
passthrough = [
"RUSTC_WRAPPER",
"AWS_ACCESS_KEY_ID",
"AWS_SECRET_ACCESS_KEY",
"SCCACHE_BUCKET",
"SCCACHE_ENDPOINT",
"SCCACHE_S3_USE_SSL",
]
[target.aarch64-unknown-linux-musl]
image = "registry.gitlab.com/jfowl/conduit-containers/rust-cross-aarch64-unknown-linux-musl:latest"
[target.arm-unknown-linux-musleabihf]
image = "registry.gitlab.com/jfowl/conduit-containers/rust-cross-arm-unknown-linux-musleabihf:latest"
[target.armv7-unknown-linux-musleabihf]
image = "registry.gitlab.com/jfowl/conduit-containers/rust-cross-armv7-unknown-linux-musleabihf:latest"
[target.x86_64-unknown-linux-musl]
image = "registry.gitlab.com/jfowl/conduit-containers/rust-cross-x86_64-unknown-linux-musl@sha256:b6d689e42f0236c8a38b961bca2a12086018b85ed20e0826310421daf182e2bb"

311
DEPLOY.md
View file

@ -1,311 +0,0 @@
# Deploying Conduit
> ## Getting help
>
> If you run into any problems while setting up Conduit, write an email to `conduit@koesters.xyz`, ask us
> in `#conduit:fachschaften.org` or [open an issue on GitLab](https://gitlab.com/famedly/conduit/-/issues/new).
## Installing Conduit
Although you might be able to compile Conduit for Windows, we do recommend running it on a linux server. We therefore
only offer Linux binaries.
You may simply download the binary that fits your machine. Run `uname -m` to see what you need. Now copy the right url:
| CPU Architecture | Download stable version | Download development version |
| ------------------------------------------- | --------------------------------------------------------------- | ----------------------------------------------------------- |
| x84_64 / amd64 (Most servers and computers) | [Binary][x84_64-glibc-master] / [.deb][x84_64-glibc-master-deb] | [Binary][x84_64-glibc-next] / [.deb][x84_64-glibc-next-deb] |
| armv7 (e.g. Raspberry Pi by default) | [Binary][armv7-glibc-master] / [.deb][armv7-glibc-master-deb] | [Binary][armv7-glibc-next] / [.deb][armv7-glibc-next-deb] |
| armv8 / aarch64 | [Binary][armv8-glibc-master] / [.deb][armv8-glibc-master-deb] | [Binary][armv8-glibc-next] / [.deb][armv8-glibc-next-deb] |
These builds were created on and linked against the glibc version shipped with Debian bullseye.
If you use a system with an older glibc version, you might need to compile Conduit yourself.
[x84_64-glibc-master]: https://gitlab.com/famedly/conduit/-/jobs/artifacts/master/raw/build-output/linux_amd64/conduit?job=docker:master
[armv7-glibc-master]: https://gitlab.com/famedly/conduit/-/jobs/artifacts/master/raw/build-output/linux_arm_v7/conduit?job=docker:master
[armv8-glibc-master]: https://gitlab.com/famedly/conduit/-/jobs/artifacts/master/raw/build-output/linux_arm64/conduit?job=docker:master
[x84_64-glibc-next]: https://gitlab.com/famedly/conduit/-/jobs/artifacts/next/raw/build-output/linux_amd64/conduit?job=docker:next
[armv7-glibc-next]: https://gitlab.com/famedly/conduit/-/jobs/artifacts/next/raw/build-output/linux_arm_v7/conduit?job=docker:next
[armv8-glibc-next]: https://gitlab.com/famedly/conduit/-/jobs/artifacts/next/raw/build-output/linux_arm64/conduit?job=docker:next
[x84_64-glibc-master-deb]: https://gitlab.com/famedly/conduit/-/jobs/artifacts/master/raw/build-output/linux_amd64/conduit.deb?job=docker:master
[armv7-glibc-master-deb]: https://gitlab.com/famedly/conduit/-/jobs/artifacts/master/raw/build-output/linux_arm_v7/conduit.deb?job=docker:master
[armv8-glibc-master-deb]: https://gitlab.com/famedly/conduit/-/jobs/artifacts/master/raw/build-output/linux_arm64/conduit.deb?job=docker:master
[x84_64-glibc-next-deb]: https://gitlab.com/famedly/conduit/-/jobs/artifacts/next/raw/build-output/linux_amd64/conduit.deb?job=docker:next
[armv7-glibc-next-deb]: https://gitlab.com/famedly/conduit/-/jobs/artifacts/next/raw/build-output/linux_arm_v7/conduit.deb?job=docker:next
[armv8-glibc-next-deb]: https://gitlab.com/famedly/conduit/-/jobs/artifacts/next/raw/build-output/linux_arm64/conduit.deb?job=docker:next
```bash
$ sudo wget -O /usr/local/bin/matrix-conduit <url>
$ sudo chmod +x /usr/local/bin/matrix-conduit
```
Alternatively, you may compile the binary yourself
```bash
$ sudo apt install libclang-dev build-essential
```
```bash
$ cargo build --release
```
If you want to cross compile Conduit to another architecture, read the guide below.
<details>
<summary>Cross compilation</summary>
As easiest way to compile conduit for another platform [cross-rs](https://github.com/cross-rs/cross) is recommended, so install it first.
In order to use RockDB as storage backend append `-latomic` to linker flags.
For example, to build a binary for Raspberry Pi Zero W (ARMv6) you need `arm-unknown-linux-gnueabihf` as compilation
target.
```bash
git clone https://gitlab.com/famedly/conduit.git
cd conduit
export RUSTFLAGS='-C link-arg=-lgcc -Clink-arg=-latomic -Clink-arg=-static-libgcc'
cross build --release --no-default-features --features conduit_bin,backend_rocksdb,jemalloc --target=arm-unknown-linux-gnueabihf
```
</details>
## Adding a Conduit user
While Conduit can run as any user it is usually better to use dedicated users for different services. This also allows
you to make sure that the file permissions are correctly set up.
In Debian you can use this command to create a Conduit user:
```bash
sudo adduser --system conduit --no-create-home
```
## Forwarding ports in the firewall or the router
Conduit uses the ports 443 and 8448 both of which need to be open in the firewall.
If Conduit runs behind a router or in a container and has a different public IP address than the host system these public ports need to be forwarded directly or indirectly to the port mentioned in the config.
## Setting up a systemd service
Now we'll set up a systemd service for Conduit, so it's easy to start/stop Conduit and set it to autostart when your
server reboots. Simply paste the default systemd service you can find below into
`/etc/systemd/system/conduit.service`.
```systemd
[Unit]
Description=Conduit Matrix Server
After=network.target
[Service]
Environment="CONDUIT_CONFIG=/etc/matrix-conduit/conduit.toml"
User=conduit
Group=nogroup
Restart=always
ExecStart=/usr/local/bin/matrix-conduit
[Install]
WantedBy=multi-user.target
```
Finally, run
```bash
$ sudo systemctl daemon-reload
```
## Creating the Conduit configuration file
Now we need to create the Conduit's config file in `/etc/matrix-conduit/conduit.toml`. Paste this in **and take a moment
to read it. You need to change at least the server name.**
You can also choose to use a different database backend, but right now only `rocksdb` and `sqlite` are recommended.
```toml
[global]
# The server_name is the pretty name of this server. It is used as a suffix for user
# and room ids. Examples: matrix.org, conduit.rs
# The Conduit server needs all /_matrix/ requests to be reachable at
# https://your.server.name/ on port 443 (client-server) and 8448 (federation).
# If that's not possible for you, you can create /.well-known files to redirect
# requests. See
# https://matrix.org/docs/spec/client_server/latest#get-well-known-matrix-client
# and
# https://matrix.org/docs/spec/server_server/r0.1.4#get-well-known-matrix-server
# for more information
# YOU NEED TO EDIT THIS
#server_name = "your.server.name"
# This is the only directory where Conduit will save its data
database_path = "/var/lib/matrix-conduit/"
database_backend = "rocksdb"
# The port Conduit will be running on. You need to set up a reverse proxy in
# your web server (e.g. apache or nginx), so all requests to /_matrix on port
# 443 and 8448 will be forwarded to the Conduit instance running on this port
# Docker users: Don't change this, you'll need to map an external port to this.
port = 6167
# Max size for uploads
max_request_size = 20_000_000 # in bytes
# Enables registration. If set to false, no users can register on this server.
allow_registration = true
allow_federation = true
trusted_servers = ["matrix.org"]
#max_concurrent_requests = 100 # How many requests Conduit sends to other servers at the same time
#log = "warn,state_res=warn,rocket=off,_=off,sled=off"
address = "127.0.0.1" # This makes sure Conduit can only be reached using the reverse proxy
#address = "0.0.0.0" # If Conduit is running in a container, make sure the reverse proxy (ie. Traefik) can reach it.
```
## Setting the correct file permissions
As we are using a Conduit specific user we need to allow it to read the config. To do that you can run this command on
Debian:
```bash
sudo chown -R root:root /etc/matrix-conduit
sudo chmod 755 /etc/matrix-conduit
```
If you use the default database path you also need to run this:
```bash
sudo mkdir -p /var/lib/matrix-conduit/
sudo chown -R conduit:nogroup /var/lib/matrix-conduit/
sudo chmod 700 /var/lib/matrix-conduit/
```
## Setting up the Reverse Proxy
This depends on whether you use Apache, Caddy, Nginx or another web server.
### Apache
Create `/etc/apache2/sites-enabled/050-conduit.conf` and copy-and-paste this:
```apache
Listen 8448
<VirtualHost *:443 *:8448>
ServerName your.server.name # EDIT THIS
AllowEncodedSlashes NoDecode
ProxyPass /_matrix/ http://127.0.0.1:6167/_matrix/ nocanon
ProxyPassReverse /_matrix/ http://127.0.0.1:6167/_matrix/
</VirtualHost>
```
**You need to make some edits again.** When you are done, run
```bash
$ sudo systemctl reload apache2
```
### Caddy
Create `/etc/caddy/conf.d/conduit_caddyfile` and enter this (substitute for your server name).
```caddy
your.server.name, your.server.name:8448 {
reverse_proxy /_matrix/* 127.0.0.1:6167
}
```
That's it! Just start or enable the service and you're set.
```bash
$ sudo systemctl enable caddy
```
### Nginx
If you use Nginx and not Apache, add the following server section inside the http section of `/etc/nginx/nginx.conf`
```nginx
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
listen 8448 ssl http2;
listen [::]:8448 ssl http2;
server_name your.server.name; # EDIT THIS
merge_slashes off;
# Nginx defaults to only allow 1MB uploads
client_max_body_size 20M;
location /_matrix/ {
proxy_pass http://127.0.0.1:6167$request_uri;
proxy_set_header Host $http_host;
proxy_buffering off;
}
ssl_certificate /etc/letsencrypt/live/your.server.name/fullchain.pem; # EDIT THIS
ssl_certificate_key /etc/letsencrypt/live/your.server.name/privkey.pem; # EDIT THIS
ssl_trusted_certificate /etc/letsencrypt/live/your.server.name/chain.pem; # EDIT THIS
include /etc/letsencrypt/options-ssl-nginx.conf;
}
```
**You need to make some edits again.** When you are done, run
```bash
$ sudo systemctl reload nginx
```
## SSL Certificate
If you chose Caddy as your web proxy SSL certificates are handled automatically and you can skip this step.
The easiest way to get an SSL certificate, if you don't have one already, is to install `certbot` and run this:
```bash
$ sudo certbot -d your.server.name
```
## You're done!
Now you can start Conduit with:
```bash
$ sudo systemctl start conduit
```
Set it to start automatically when your system boots with:
```bash
$ sudo systemctl enable conduit
```
## How do I know it works?
You can open <https://app.element.io>, enter your homeserver and try to register.
You can also use these commands as a quick health check.
```bash
$ curl https://your.server.name/_matrix/client/versions
$ curl https://your.server.name:8448/_matrix/client/versions
```
- To check if your server can talk with other homeservers, you can use the [Matrix Federation Tester](https://federationtester.matrix.org/).
If you can register but cannot join federated rooms check your config again and also check if the port 8448 is open and forwarded correctly.
# What's next?
## Audio/Video calls
For Audio/Video call functionality see the [TURN Guide](TURN.md).
## Appservices
If you want to set up an appservice, take a look at the [Appservice Guide](APPSERVICES.md).

View file

@ -1,130 +0,0 @@
# syntax=docker/dockerfile:1
FROM docker.io/rust:1.64-bullseye AS builder
WORKDIR /usr/src/conduit
# Install required packages to build Conduit and it's dependencies
RUN apt-get update && \
apt-get -y --no-install-recommends install libclang-dev=1:11.0-51+nmu5
# == Build dependencies without our own code separately for caching ==
#
# Need a fake main.rs since Cargo refuses to build anything otherwise.
#
# See https://github.com/rust-lang/cargo/issues/2644 for a Cargo feature
# request that would allow just dependencies to be compiled, presumably
# regardless of whether source files are available.
RUN mkdir src && touch src/lib.rs && echo 'fn main() {}' > src/main.rs
COPY Cargo.toml Cargo.lock ./
RUN cargo build --release && rm -r src
# Copy over actual Conduit sources
COPY src src
# main.rs and lib.rs need their timestamp updated for this to work correctly since
# otherwise the build with the fake main.rs from above is newer than the
# source files (COPY preserves timestamps).
#
# Builds conduit and places the binary at /usr/src/conduit/target/release/conduit
RUN touch src/main.rs && touch src/lib.rs && cargo build --release
# ONLY USEFUL FOR CI: target stage to extract build artifacts
FROM scratch AS builder-result
COPY --from=builder /usr/src/conduit/target/release/conduit /conduit
# ---------------------------------------------------------------------------------------------------------------
# Build cargo-deb, a tool to package up rust binaries into .deb packages for Debian/Ubuntu based systems:
# ---------------------------------------------------------------------------------------------------------------
FROM docker.io/rust:1.64-bullseye AS build-cargo-deb
RUN apt-get update && \
apt-get install -y --no-install-recommends \
dpkg \
dpkg-dev \
liblzma-dev
RUN cargo install cargo-deb
# => binary is in /usr/local/cargo/bin/cargo-deb
# ---------------------------------------------------------------------------------------------------------------
# Package conduit build-result into a .deb package:
# ---------------------------------------------------------------------------------------------------------------
FROM builder AS packager
WORKDIR /usr/src/conduit
COPY ./LICENSE ./LICENSE
COPY ./README.md ./README.md
COPY debian/README.Debian ./debian/
COPY --from=build-cargo-deb /usr/local/cargo/bin/cargo-deb /usr/local/cargo/bin/cargo-deb
# --no-build makes cargo-deb reuse already compiled project
RUN cargo deb --no-build
# => Package is in /usr/src/conduit/target/debian/<project_name>_<version>_<arch>.deb
# ONLY USEFUL FOR CI: target stage to extract build artifacts
FROM scratch AS packager-result
COPY --from=packager /usr/src/conduit/target/debian/*.deb /conduit.deb
# ---------------------------------------------------------------------------------------------------------------
# Stuff below this line actually ends up in the resulting docker image
# ---------------------------------------------------------------------------------------------------------------
FROM docker.io/debian:bullseye-slim AS runner
# Standard port on which Conduit launches.
# You still need to map the port when using the docker command or docker-compose.
EXPOSE 6167
ARG DEFAULT_DB_PATH=/var/lib/matrix-conduit
ENV CONDUIT_PORT=6167 \
CONDUIT_ADDRESS="0.0.0.0" \
CONDUIT_DATABASE_PATH=${DEFAULT_DB_PATH} \
CONDUIT_CONFIG=''
# └─> Set no config file to do all configuration with env vars
# Conduit needs:
# dpkg: to install conduit.deb
# ca-certificates: for https
# iproute2 & wget: for the healthcheck script
RUN apt-get update && apt-get -y --no-install-recommends install \
dpkg \
ca-certificates \
iproute2 \
wget \
&& rm -rf /var/lib/apt/lists/*
# Test if Conduit is still alive, uses the same endpoint as Element
COPY ./docker/healthcheck.sh /srv/conduit/healthcheck.sh
HEALTHCHECK --start-period=5s --interval=5s CMD ./healthcheck.sh
# Install conduit.deb:
COPY --from=packager /usr/src/conduit/target/debian/*.deb /srv/conduit/
RUN dpkg -i /srv/conduit/*.deb
# Improve security: Don't run stuff as root, that does not need to run as root
# Most distros also use 1000:1000 for the first real user, so this should resolve volume mounting problems.
ARG USER_ID=1000
ARG GROUP_ID=1000
RUN set -x ; \
groupadd -r -g ${GROUP_ID} conduit ; \
useradd -l -r -M -d /srv/conduit -o -u ${USER_ID} -g conduit conduit && exit 0 ; exit 1
# Create database directory, change ownership of Conduit files to conduit user and group and make the healthcheck executable:
RUN chown -cR conduit:conduit /srv/conduit && \
chmod +x /srv/conduit/healthcheck.sh && \
mkdir -p ${DEFAULT_DB_PATH} && \
chown -cR conduit:conduit ${DEFAULT_DB_PATH}
# Change user to conduit, no root permissions afterwards:
USER conduit
# Set container home directory
WORKDIR /srv/conduit
# Run Conduit and print backtraces on panics
ENV RUST_BACKTRACE=1
ENTRYPOINT [ "/usr/sbin/matrix-conduit" ]

View file

@ -1,7 +1,15 @@
# Conduit # Conduit
### A Matrix homeserver written in Rust
<!-- ANCHOR: catchphrase -->
### A Matrix homeserver written in Rust
<!-- ANCHOR_END: catchphrase -->
Please visit the [Conduit documentation](https://famedly.gitlab.io/conduit) for more information.
Alternatively you can open [docs/introduction.md](docs/introduction.md) in this repository.
<!-- ANCHOR: body -->
#### What is Matrix? #### What is Matrix?
[Matrix](https://matrix.org) is an open network for secure and decentralized [Matrix](https://matrix.org) is an open network for secure and decentralized
communication. Users from every Matrix homeserver can chat with users from all communication. Users from every Matrix homeserver can chat with users from all
other Matrix servers. You can even use bridges (also called Matrix appservices) other Matrix servers. You can even use bridges (also called Matrix appservices)
@ -15,11 +23,7 @@ friends or company.
#### Can I try it out? #### Can I try it out?
Yes! You can test our Conduit instance by opening a Matrix client (<https://app.element.io> or Element Android for Yes! You can test our Conduit instance by opening a client that supports registration tokens such as [Element web](https://app.element.io/), [Nheko](https://matrix.org/ecosystem/clients/nheko/) or [SchildiChat web](https://app.schildi.chat/) and registering on the `conduit.rs` homeserver. The registration token is "for_testing_only". Don't share personal information. Once you have registered, you can use any other [Matrix client](https://matrix.org/ecosystem/clients) to login.
example) and registering on the `conduit.rs` homeserver.
*Registration is currently disabled because of scammers. For an account please
message us (see contact section below).*
Server hosting for conduit.rs is donated by the Matrix.org Foundation. Server hosting for conduit.rs is donated by the Matrix.org Foundation.
@ -33,27 +37,32 @@ There are still a few important features missing:
- E2EE emoji comparison over federation (E2EE chat works) - E2EE emoji comparison over federation (E2EE chat works)
- Outgoing read receipts, typing, presence over federation (incoming works) - Outgoing read receipts, typing, presence over federation (incoming works)
<!-- ANCHOR_END: body -->
Check out the [Conduit 1.0 Release Milestone](https://gitlab.com/famedly/conduit/-/milestones/3). <!-- ANCHOR: footer -->
#### How can I deploy my own?
- Simple install (this was tested the most): [DEPLOY.md](DEPLOY.md)
- Debian package: [debian/README.Debian](debian/README.Debian)
- Nix/NixOS: [nix/README.md](nix/README.md)
- Docker: [docker/README.md](docker/README.md)
If you want to connect an Appservice to Conduit, take a look at [APPSERVICES.md](APPSERVICES.md).
#### How can I contribute? #### How can I contribute?
1. Look for an issue you would like to work on and make sure it's not assigned 1. Look for an issue you would like to work on and make sure no one else is currently working on it.
to other users 2. Tell us that you are working on the issue (comment on the issue or chat in
2. Ask someone to assign the issue to you (comment on the issue or chat in [#conduit:fachschaften.org](https://matrix.to/#/#conduit:fachschaften.org)). If it is more complicated, please explain your approach and ask questions.
[#conduit:fachschaften.org](https://matrix.to/#/#conduit:fachschaften.org)) 3. Fork the repo, create a new branch and push commits.
3. Fork the repo and work on the issue.[#conduit:fachschaften.org](https://matrix.to/#/#conduit:fachschaften.org) is happy to help :)
4. Submit a MR 4. Submit a MR
#### Contact
If you have any questions, feel free to
- Ask in `#conduit:fachschaften.org` on Matrix
- Write an E-Mail to `conduit@koesters.xyz`
- Send an direct message to `@timokoesters:fachschaften.org` on Matrix
- [Open an issue on GitLab](https://gitlab.com/famedly/conduit/-/issues/new)
#### Security
If you believe you have found a security issue, please send a message to [Timo](https://matrix.to/#/@timo:conduit.rs)
and/or [Matthias](https://matrix.to/#/@matthias:ahouansou.cz) on Matrix, or send an email to
[conduit@koesters.xyz](mailto:conduit@koesters.xyz). Please do not disclose details about the issue to anyone else before
a fix is released publically.
#### Thanks to #### Thanks to
Thanks to FUTO, Famedly, Prototype Fund (DLR and German BMBF) and all individuals for financially supporting this project. Thanks to FUTO, Famedly, Prototype Fund (DLR and German BMBF) and all individuals for financially supporting this project.
@ -63,20 +72,13 @@ Thanks to the contributors to Conduit and all libraries we use, for example:
- Ruma: A clean library for the Matrix Spec in Rust - Ruma: A clean library for the Matrix Spec in Rust
- axum: A modular web framework - axum: A modular web framework
#### Contact
If you run into any question, feel free to
- Ask us in `#conduit:fachschaften.org` on Matrix
- Write an E-Mail to `conduit@koesters.xyz`
- Send an direct message to `timo@fachschaften.org` on Matrix
- [Open an issue on GitLab](https://gitlab.com/famedly/conduit/-/issues/new)
#### Donate #### Donate
Liberapay: <https://liberapay.com/timokoesters/>\ - Liberapay: <https://liberapay.com/timokoesters/>
Bitcoin: `bc1qnnykf986tw49ur7wx9rpw2tevpsztvar5x8w4n` - Bitcoin: `bc1qnnykf986tw49ur7wx9rpw2tevpsztvar5x8w4n`
#### Logo #### Logo
Lightning Bolt Logo: https://github.com/mozilla/fxemoji/blob/gh-pages/svgs/nature/u26A1-bolt.svg \ - Lightning Bolt Logo: <https://github.com/mozilla/fxemoji/blob/gh-pages/svgs/nature/u26A1-bolt.svg>
Logo License: https://github.com/mozilla/fxemoji/blob/gh-pages/LICENSE.md - Logo License: <https://github.com/mozilla/fxemoji/blob/gh-pages/LICENSE.md>
<!-- ANCHOR_END: footer -->

37
bin/complement Executable file
View file

@ -0,0 +1,37 @@
#!/usr/bin/env bash
set -euo pipefail
# Path to Complement's source code
COMPLEMENT_SRC="$1"
# A `.jsonl` file to write test logs to
LOG_FILE="$2"
# A `.jsonl` file to write test results to
RESULTS_FILE="$3"
OCI_IMAGE="complement-conduit:dev"
env \
-C "$(git rev-parse --show-toplevel)" \
docker build \
--tag "$OCI_IMAGE" \
--file complement/Dockerfile \
.
# It's okay (likely, even) that `go test` exits nonzero
set +o pipefail
env \
-C "$COMPLEMENT_SRC" \
COMPLEMENT_BASE_IMAGE="$OCI_IMAGE" \
go test -json ./tests | tee "$LOG_FILE"
set -o pipefail
# Post-process the results into an easy-to-compare format
cat "$LOG_FILE" | jq -c '
select(
(.Action == "pass" or .Action == "fail" or .Action == "skip")
and .Test != null
) | {Action: .Action, Test: .Test}
' | sort > "$RESULTS_FILE"

40
bin/nix-build-and-cache Executable file
View file

@ -0,0 +1,40 @@
#!/usr/bin/env bash
set -euo pipefail
# Build the installable and forward any other arguments too. Also, use
# nix-output-monitor instead if it's available.
if command -v nom &> /dev/null; then
nom build "$@"
else
nix build "$@"
fi
if [ ! -z ${ATTIC_TOKEN+x} ]; then
nix run --inputs-from . attic -- \
login \
conduit \
"${ATTIC_ENDPOINT:-https://attic.conduit.rs/conduit}" \
"$ATTIC_TOKEN"
readarray -t derivations < <(nix path-info "$@" --derivation)
for derivation in "${derivations[@]}"; do
cache+=(
"$(nix-store --query --requisites --include-outputs "$derivation")"
)
done
# Upload them to Attic
#
# Use `xargs` and a here-string because something would probably explode if
# several thousand arguments got passed to a command at once. Hopefully no
# store paths include a newline in them.
(
IFS=$'\n'
nix shell --inputs-from . attic -c xargs \
attic push conduit <<< "${cache[*]}"
)
else
echo "\$ATTIC_TOKEN is unset, skipping uploading to the binary cache"
fi

21
book.toml Normal file
View file

@ -0,0 +1,21 @@
[book]
description = "Conduit is a simple, fast and reliable chat server for the Matrix protocol"
language = "en"
multilingual = false
src = "docs"
title = "Conduit"
[build]
build-dir = "public"
create-missing = true
[output.html]
edit-url-template = "https://gitlab.com/famedly/conduit/-/edit/next/{path}"
git-repository-icon = "fa-git-square"
git-repository-url = "https://gitlab.com/famedly/conduit"
[output.html.search]
limit-results = 15
[output.html.code.hidelines]
json = "~"

45
complement/Dockerfile Normal file
View file

@ -0,0 +1,45 @@
FROM rust:1.79.0
WORKDIR /workdir
RUN apt-get update && apt-get install -y --no-install-recommends \
libclang-dev
COPY Cargo.toml Cargo.toml
COPY Cargo.lock Cargo.lock
COPY src src
RUN cargo build --release \
&& mv target/release/conduit conduit \
&& rm -rf target
# Install caddy
RUN apt-get update \
&& apt-get install -y \
debian-keyring \
debian-archive-keyring \
apt-transport-https \
curl \
&& curl -1sLf 'https://dl.cloudsmith.io/public/caddy/testing/gpg.key' \
| gpg --dearmor -o /usr/share/keyrings/caddy-testing-archive-keyring.gpg \
&& curl -1sLf 'https://dl.cloudsmith.io/public/caddy/testing/debian.deb.txt' \
| tee /etc/apt/sources.list.d/caddy-testing.list \
&& apt-get update \
&& apt-get install -y caddy
COPY conduit-example.toml conduit.toml
COPY complement/caddy.json caddy.json
ENV SERVER_NAME=localhost
ENV CONDUIT_CONFIG=/workdir/conduit.toml
RUN sed -i "s/port = 6167/port = 8008/g" conduit.toml
RUN echo "log = \"warn,_=off,sled=off\"" >> conduit.toml
RUN sed -i "s/address = \"127.0.0.1\"/address = \"0.0.0.0\"/g" conduit.toml
EXPOSE 8008 8448
CMD uname -a && \
sed -i "s/#server_name = \"your.server.name\"/server_name = \"${SERVER_NAME}\"/g" conduit.toml && \
sed -i "s/your.server.name/${SERVER_NAME}/g" caddy.json && \
caddy start --config caddy.json > /dev/null && \
/workdir/conduit

11
complement/README.md Normal file
View file

@ -0,0 +1,11 @@
# Complement
## What's that?
Have a look at [its repository](https://github.com/matrix-org/complement).
## How do I use it with Conduit?
The script at [`../bin/complement`](../bin/complement) has automation for this.
It takes a few command line arguments, you can read the script to find out what
those are.

72
complement/caddy.json Normal file
View file

@ -0,0 +1,72 @@
{
"logging": {
"logs": {
"default": {
"level": "WARN"
}
}
},
"apps": {
"http": {
"https_port": 8448,
"servers": {
"srv0": {
"listen": [":8448"],
"routes": [{
"match": [{
"host": ["your.server.name"]
}],
"handle": [{
"handler": "subroute",
"routes": [{
"handle": [{
"handler": "reverse_proxy",
"upstreams": [{
"dial": "127.0.0.1:8008"
}]
}]
}]
}],
"terminal": true
}],
"tls_connection_policies": [{
"match": {
"sni": ["your.server.name"]
}
}]
}
}
},
"pki": {
"certificate_authorities": {
"local": {
"name": "Complement CA",
"root": {
"certificate": "/complement/ca/ca.crt",
"private_key": "/complement/ca/ca.key"
},
"intermediate": {
"certificate": "/complement/ca/ca.crt",
"private_key": "/complement/ca/ca.key"
}
}
}
},
"tls": {
"automation": {
"policies": [{
"subjects": ["your.server.name"],
"issuers": [{
"module": "internal"
}],
"on_demand": true
}, {
"issuers": [{
"module": "internal",
"ca": "local"
}]
}]
}
}
}
}

View file

@ -17,14 +17,14 @@
# https://matrix.org/docs/spec/client_server/latest#get-well-known-matrix-client # https://matrix.org/docs/spec/client_server/latest#get-well-known-matrix-client
# and # and
# https://matrix.org/docs/spec/server_server/r0.1.4#get-well-known-matrix-server # https://matrix.org/docs/spec/server_server/r0.1.4#get-well-known-matrix-server
# for more information # for more information, or continue below to see how conduit can do this for you.
# YOU NEED TO EDIT THIS # YOU NEED TO EDIT THIS
#server_name = "your.server.name" #server_name = "your.server.name"
database_backend = "rocksdb"
# This is the only directory where Conduit will save its data # This is the only directory where Conduit will save its data
database_path = "/var/lib/matrix-conduit/" database_path = "/var/lib/matrix-conduit/"
database_backend = "rocksdb"
# The port Conduit will be running on. You need to set up a reverse proxy in # The port Conduit will be running on. You need to set up a reverse proxy in
# your web server (e.g. apache or nginx), so all requests to /_matrix on port # your web server (e.g. apache or nginx), so all requests to /_matrix on port
@ -38,15 +38,37 @@ max_request_size = 20_000_000 # in bytes
# Enables registration. If set to false, no users can register on this server. # Enables registration. If set to false, no users can register on this server.
allow_registration = true allow_registration = true
# A static registration token that new users will have to provide when creating
# an account. YOU NEED TO EDIT THIS.
# - Insert a password that users will have to enter on registration
# - Start the line with '#' to remove the condition
registration_token = ""
allow_check_for_updates = true
allow_federation = true allow_federation = true
# Enable the display name lightning bolt on registration. # Enable the display name lightning bolt on registration.
enable_lightning_bolt = true enable_lightning_bolt = true
# Servers listed here will be used to gather public keys of other servers.
# Generally, copying this exactly should be enough. (Currently, Conduit doesn't
# support batched key requests, so this list should only contain Synapse
# servers.)
trusted_servers = ["matrix.org"] trusted_servers = ["matrix.org"]
#max_concurrent_requests = 100 # How many requests Conduit sends to other servers at the same time #max_concurrent_requests = 100 # How many requests Conduit sends to other servers at the same time
#log = "warn,state_res=warn,rocket=off,_=off,sled=off"
# Controls the log verbosity. See also [here][0].
#
# [0]: https://docs.rs/tracing-subscriber/latest/tracing_subscriber/filter/struct.EnvFilter.html#directives
#log = "..."
address = "127.0.0.1" # This makes sure Conduit can only be reached using the reverse proxy address = "127.0.0.1" # This makes sure Conduit can only be reached using the reverse proxy
#address = "0.0.0.0" # If Conduit is running in a container, make sure the reverse proxy (ie. Traefik) can reach it. #address = "0.0.0.0" # If Conduit is running in a container, make sure the reverse proxy (ie. Traefik) can reach it.
[global.well_known]
# Conduit handles the /.well-known/matrix/* endpoints, making both clients and servers try to access conduit with the host
# server_name and port 443 by default.
# If you want to override these defaults, uncomment and edit the following lines accordingly:
#server = your.server.name:443
#client = https://your.server.name

View file

@ -1,28 +1,36 @@
Conduit for Debian Conduit for Debian
================== ==================
Installation
------------
Information about downloading, building and deploying the Debian package, see
the "Installing Conduit" section in the Deploying docs.
All following sections until "Setting up the Reverse Proxy" be ignored because
this is handled automatically by the packaging.
Configuration Configuration
------------- -------------
When installed, Debconf generates the configuration of the homeserver When installed, Debconf generates the configuration of the homeserver
(host)name, the address and port it listens on. This configuration ends up in (host)name, the address and port it listens on. This configuration ends up in
/etc/matrix-conduit/conduit.toml. `/etc/matrix-conduit/conduit.toml`.
You can tweak more detailed settings by uncommenting and setting the variables You can tweak more detailed settings by uncommenting and setting the variables
in /etc/matrix-conduit/conduit.toml. This involves settings such as the maximum in `/etc/matrix-conduit/conduit.toml`. This involves settings such as the maximum
file size for download/upload, enabling federation, etc. file size for download/upload, enabling federation, etc.
Running Running
------- -------
The package uses the matrix-conduit.service systemd unit file to start and The package uses the `matrix-conduit.service` systemd unit file to start and
stop Conduit. It loads the configuration file mentioned above to set up the stop Conduit. It loads the configuration file mentioned above to set up the
environment before running the server. environment before running the server.
This package assumes by default that Conduit will be placed behind a reverse This package assumes by default that Conduit will be placed behind a reverse
proxy such as Apache or nginx. This default deployment entails just listening proxy such as Apache or nginx. This default deployment entails just listening
on 127.0.0.1 and the free port 6167 and is reachable via a client using the URL on `127.0.0.1` and the free port `6167` and is reachable via a client using the URL
http://localhost:6167. <http://localhost:6167>.
At a later stage this packaging may support also setting up TLS and running At a later stage this packaging may support also setting up TLS and running
stand-alone. In this case, however, you need to set up some certificates and stand-alone. In this case, however, you need to set up some certificates and

28
debian/postinst vendored
View file

@ -19,11 +19,11 @@ case "$1" in
_matrix-conduit _matrix-conduit
fi fi
# Create the database path if it does not exist yet. # Create the database path if it does not exist yet and fix up ownership
if [ ! -d "$CONDUIT_DATABASE_PATH" ]; then # and permissions.
mkdir -p "$CONDUIT_DATABASE_PATH" mkdir -p "$CONDUIT_DATABASE_PATH"
chown _matrix-conduit "$CONDUIT_DATABASE_PATH" chown _matrix-conduit "$CONDUIT_DATABASE_PATH"
fi chmod 700 "$CONDUIT_DATABASE_PATH"
if [ ! -e "$CONDUIT_CONFIG_FILE" ]; then if [ ! -e "$CONDUIT_CONFIG_FILE" ]; then
# Write the debconf values in the config. # Write the debconf values in the config.
@ -72,12 +72,30 @@ max_request_size = 20_000_000 # in bytes
# Enables registration. If set to false, no users can register on this server. # Enables registration. If set to false, no users can register on this server.
allow_registration = true allow_registration = true
allow_federation = true # A static registration token that new users will have to provide when creating
# an account.
# - Insert a password that users will have to enter on registration
# - Start the line with '#' to remove the condition
#registration_token = ""
allow_federation = true
allow_check_for_updates = true
# Enable the display name lightning bolt on registration.
enable_lightning_bolt = true
# Servers listed here will be used to gather public keys of other servers.
# Generally, copying this exactly should be enough. (Currently, Conduit doesn't
# support batched key requests, so this list should only contain Synapse
# servers.)
trusted_servers = ["matrix.org"] trusted_servers = ["matrix.org"]
#max_concurrent_requests = 100 # How many requests Conduit sends to other servers at the same time #max_concurrent_requests = 100 # How many requests Conduit sends to other servers at the same time
#log = "warn,state_res=warn,rocket=off,_=off,sled=off"
# Controls the log verbosity. See also [here][0].
#
# [0]: https://docs.rs/tracing-subscriber/latest/tracing_subscriber/filter/struct.EnvFilter.html#directives
#log = "..."
EOF EOF
fi fi
;; ;;

10
default.nix Normal file
View file

@ -0,0 +1,10 @@
(import
(
let lock = builtins.fromJSON (builtins.readFile ./flake.lock); in
fetchTarball {
url = lock.nodes.flake-compat.locked.url or "https://github.com/edolstra/flake-compat/archive/${lock.nodes.flake-compat.locked.rev}.tar.gz";
sha256 = lock.nodes.flake-compat.locked.narHash;
}
)
{ src = ./.; }
).defaultNix

View file

@ -6,9 +6,14 @@ if [ -z "${CONDUIT_PORT}" ]; then
CONDUIT_PORT=$(ss -tlpn | grep conduit | grep -m1 -o ':[0-9]*' | grep -m1 -o '[0-9]*') CONDUIT_PORT=$(ss -tlpn | grep conduit | grep -m1 -o ':[0-9]*' | grep -m1 -o '[0-9]*')
fi fi
# If CONDUIT_ADDRESS is not set try to get the address from the process list
if [ -z "${CONDUIT_ADDRESS}" ]; then
CONDUIT_ADDRESS=$(ss -tlpn | awk -F ' +|:' '/conduit/ { print $4 }')
fi
# The actual health check. # The actual health check.
# We try to first get a response on HTTP and when that fails on HTTPS and when that fails, we exit with code 1. # We try to first get a response on HTTP and when that fails on HTTPS and when that fails, we exit with code 1.
# TODO: Change this to a single wget call. Do we have a config value that we can check for that? # TODO: Change this to a single wget call. Do we have a config value that we can check for that?
wget --no-verbose --tries=1 --spider "http://localhost:${CONDUIT_PORT}/_matrix/client/versions" || \ wget --no-verbose --tries=1 --spider "http://${CONDUIT_ADDRESS}:${CONDUIT_PORT}/_matrix/client/versions" || \
wget --no-verbose --tries=1 --spider "https://localhost:${CONDUIT_PORT}/_matrix/client/versions" || \ wget --no-verbose --tries=1 --spider "https://${CONDUIT_ADDRESS}:${CONDUIT_PORT}/_matrix/client/versions" || \
exit 1 exit 1

14
docs/SUMMARY.md Normal file
View file

@ -0,0 +1,14 @@
# Summary
- [Introduction](introduction.md)
- [Configuration](configuration.md)
- [Delegation](delegation.md)
- [Deploying](deploying.md)
- [Generic](deploying/generic.md)
- [Debian](deploying/debian.md)
- [Docker](deploying/docker.md)
- [NixOS](deploying/nixos.md)
- [TURN](turn.md)
- [Appservices](appservices.md)
- [FAQ](faq.md)

114
docs/configuration.md Normal file
View file

@ -0,0 +1,114 @@
# Configuration
**Conduit** is configured using a TOML file. The configuration file is loaded from the path specified by the `CONDUIT_CONFIG` environment variable.
> **Note:** The configuration file is required to run Conduit. If the `CONDUIT_CONFIG` environment variable is not set, Conduit will exit with an error.
> **Note:** If you update the configuration file, you must restart Conduit for the changes to take effect
> **Note:** You can also configure Conduit by using `CONDUIT_{field_name}` environment variables. To set values inside a table, use `CONDUIT_{table_name}__{field_name}`. Example: `CONDUIT_SERVER_NAME="example.org"`
Conduit's configuration file is divided into the following sections:
- [Global](#global)
- [TLS](#tls)
- [Proxy](#proxy)
## Global
The `global` section contains the following fields:
> **Note:** The `*` symbol indicates that the field is required, and the values in **parentheses** are the possible values
| Field | Type | Description | Default |
| --- | --- | --- | --- |
| `address` | `string` | The address to bind to | `"127.0.0.1"` |
| `port` | `integer` | The port to bind to | `8000` |
| `tls` | `table` | See the [TLS configuration](#tls) | N/A |
| `server_name`_*_ | `string` | The server name | N/A |
| `database_backend`_*_ | `string` | The database backend to use (`"rocksdb"` *recommended*, `"sqlite"`) | N/A |
| `database_path`_*_ | `string` | The path to the database file/dir | N/A |
| `db_cache_capacity_mb` | `float` | The cache capacity, in MB | `300.0` |
| `enable_lightning_bolt` | `boolean` | Add `⚡️` emoji to end of user's display name | `true` |
| `allow_check_for_updates` | `boolean` | Allow Conduit to check for updates | `true` |
| `conduit_cache_capacity_modifier` | `float` | The value to multiply the default cache capacity by | `1.0` |
| `rocksdb_max_open_files` | `integer` | The maximum number of open files | `1000` |
| `pdu_cache_capacity` | `integer` | The maximum number of Persisted Data Units (PDUs) to cache | `150000` |
| `cleanup_second_interval` | `integer` | How often conduit should clean up the database, in seconds | `60` |
| `max_request_size` | `integer` | The maximum request size, in bytes | `20971520` (20 MiB) |
| `max_concurrent_requests` | `integer` | The maximum number of concurrent requests | `100` |
| `max_fetch_prev_events` | `integer` | The maximum number of previous events to fetch per request if conduit notices events are missing | `100` |
| `allow_registration` | `boolean` | Opens your homeserver to public registration | `false` |
| `registration_token` | `string` | The token users need to have when registering to your homeserver | N/A |
| `allow_encryption` | `boolean` | Allow users to enable encryption in their rooms | `true` |
| `allow_federation` | `boolean` | Allow federation with other servers | `true` |
| `allow_room_creation` | `boolean` | Allow users to create rooms | `true` |
| `allow_unstable_room_versions` | `boolean` | Allow users to create and join rooms with unstable versions | `true` |
| `default_room_version` | `string` | The default room version (`"6"`-`"10"`)| `"10"` |
| `allow_jaeger` | `boolean` | Allow Jaeger tracing | `false` |
| `tracing_flame` | `boolean` | Enable flame tracing | `false` |
| `proxy` | `table` | See the [Proxy configuration](#proxy) | N/A |
| `jwt_secret` | `string` | The secret used in the JWT to enable JWT login without it a 400 error will be returned | N/A |
| `trusted_servers` | `array` | The list of trusted servers to gather public keys of offline servers | `["matrix.org"]` |
| `log` | `string` | The log verbosity to use | `"warn"` |
| `turn_username` | `string` | The TURN username | `""` |
| `turn_password` | `string` | The TURN password | `""` |
| `turn_uris` | `array` | The TURN URIs | `[]` |
| `turn_secret` | `string` | The TURN secret | `""` |
| `turn_ttl` | `integer` | The TURN TTL in seconds | `86400` |
| `emergency_password` | `string` | Set a password to login as the `conduit` user in case of emergency | N/A |
| `well_known_client` | `string` | Used for [delegation](delegation.md) | See [delegation](delegation.md) |
| `well_known_server` | `string` | Used for [delegation](delegation.md) | See [delegation](delegation.md) |
### TLS
The `tls` table contains the following fields:
- `certs`: The path to the public PEM certificate
- `key`: The path to the PEM private key
#### Example
```toml
[global.tls]
certs = "/path/to/cert.pem"
key = "/path/to/key.pem"
```
### Proxy
You can choose what requests conduit should proxy (if any). The `proxy` table contains the following fields
#### Global
The global option will proxy all outgoing requests. The `global` table contains the following fields:
- `url`: The URL of the proxy server
##### Example
```toml
[global.proxy.global]
url = "https://example.com"
```
#### By domain
An array of tables that contain the following fields:
- `url`: The URL of the proxy server
- `include`: Domains that should be proxied (assumed to be `["*"]` if unset)
- `exclude`: Domains that should not be proxied (takes precedent over `include`)
Both `include` and `exclude` allow for glob pattern matching.
##### Example
In this example, all requests to domains ending in `.onion` and `matrix.secretly-an-onion-domain.xyz`
will be proxied via `socks://localhost:9050`, except for domains ending in `.myspecial.onion`. You can add as many `by_domain` tables as you need.
```toml
[[global.proxy.by_domain]]
url = "socks5://localhost:9050"
include = ["*.onion", "matrix.secretly-an-onion-domain.xyz"]
exclude = ["*.clearnet.onion"]
```
### Example
> **Note:** The following example is a minimal configuration file. You should replace the values with your own.
```toml
[global]
{{#include ../conduit-example.toml:22:}}
```

69
docs/delegation.md Normal file
View file

@ -0,0 +1,69 @@
# Delegation
You can run Conduit on a separate domain than the actual server name (what shows up in user ids, aliases, etc.).
For example you can have your users have IDs such as `@foo:example.org` and have aliases like `#bar:example.org`,
while actually having Conduit hosted on the `matrix.example.org` domain. This is called delegation.
## Automatic (recommended)
Conduit has support for hosting delegation files by itself, and by default uses it to serve federation traffic on port 443.
With this method, you need to direct requests to `/.well-known/matrix/*` to Conduit in your reverse proxy.
This is only recommended if Conduit is on the same physical server as the server which serves your server name (e.g. example.org)
as servers don't always seem to cache the response, leading to slower response times otherwise, but it should also work if you
are connected to the server running Conduit using something like a VPN.
> **Note**: this will automatically allow you to use [sliding sync][0] without any extra configuration
To configure it, use the following options:
| Field | Type | Description | Default |
| --- | --- | --- | --- |
| `well_known_client` | `String` | The URL that clients should use to connect to Conduit | `https://<server_name>` |
| `well_known_server` | `String` | The hostname and port servers should use to connect to Conduit | `<server_name>:443` |
### Example
```toml
[global]
well_known_client = "https://matrix.example.org"
well_known_server = "matrix.example.org:443"
```
## Manual
Alternatively you can serve static JSON files to inform clients and servers how to connect to Conduit.
### Servers
For servers to discover how to access your domain, serve a response in the following format for `/.well-known/matrix/server`:
```json
{
"m.server": "matrix.example.org:443"
}
```
Where `matrix.example.org` is the domain and `443` is the port Conduit is accessible at.
### Clients
For clients to discover how to access your domain, serve a response in the following format for `/.well-known/matrix/client`:
```json
{
"m.homeserver": {
"base_url": "https://matrix.example.org"
}
}
```
Where `matrix.example.org` is the URL Conduit is accessible at.
To ensure that all clients can access this endpoint, it is recommended you set the following headers for this endpoint:
```
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS
Access-Control-Allow-Headers: X-Requested-With, Content-Type, Authorization
```
If you also want to be able to use [sliding sync][0], look [here](faq.md#how-do-i-setup-sliding-sync).
[0]: https://matrix.org/blog/2023/09/matrix-2-0/#sliding-sync

3
docs/deploying.md Normal file
View file

@ -0,0 +1,3 @@
# Deploying
This chapter describes various ways to deploy Conduit.

1
docs/deploying/debian.md Normal file
View file

@ -0,0 +1 @@
{{#include ../../debian/README.md}}

View file

@ -7,8 +7,8 @@ services:
### then you are ready to go. ### then you are ready to go.
image: matrixconduit/matrix-conduit:latest image: matrixconduit/matrix-conduit:latest
### If you want to build a fresh image from the sources, then comment the image line and uncomment the ### If you want to build a fresh image from the sources, then comment the image line and uncomment the
### build lines. If you want meaningful labels in your built Conduit image, you should run docker-compose like this: ### build lines. If you want meaningful labels in your built Conduit image, you should run docker compose like this:
### CREATED=$(date -u +'%Y-%m-%dT%H:%M:%SZ') VERSION=$(grep -m1 -o '[0-9].[0-9].[0-9]' Cargo.toml) docker-compose up -d ### CREATED=$(date -u +'%Y-%m-%dT%H:%M:%SZ') VERSION=$(grep -m1 -o '[0-9].[0-9].[0-9]' Cargo.toml) docker compose up -d
# build: # build:
# context: . # context: .
# args: # args:
@ -26,18 +26,19 @@ services:
CONDUIT_DATABASE_PATH: /var/lib/matrix-conduit/ CONDUIT_DATABASE_PATH: /var/lib/matrix-conduit/
CONDUIT_DATABASE_BACKEND: rocksdb CONDUIT_DATABASE_BACKEND: rocksdb
CONDUIT_PORT: 6167 CONDUIT_PORT: 6167
CONDUIT_MAX_REQUEST_SIZE: 20_000_000 # in bytes, ~20 MB CONDUIT_MAX_REQUEST_SIZE: 20000000 # in bytes, ~20 MB
CONDUIT_ALLOW_REGISTRATION: 'true' CONDUIT_ALLOW_REGISTRATION: 'true'
#CONDUIT_REGISTRATION_TOKEN: '' # require password for registration
CONDUIT_ALLOW_FEDERATION: 'true' CONDUIT_ALLOW_FEDERATION: 'true'
CONDUIT_ALLOW_CHECK_FOR_UPDATES: 'true'
CONDUIT_TRUSTED_SERVERS: '["matrix.org"]' CONDUIT_TRUSTED_SERVERS: '["matrix.org"]'
#CONDUIT_MAX_CONCURRENT_REQUESTS: 100 #CONDUIT_MAX_CONCURRENT_REQUESTS: 100
#CONDUIT_LOG: warn,rocket=off,_=off,sled=off
CONDUIT_ADDRESS: 0.0.0.0 CONDUIT_ADDRESS: 0.0.0.0
CONDUIT_CONFIG: '' # Ignore this CONDUIT_CONFIG: '' # Ignore this
# We need some way to server the client and server .well-known json. The simplest way is to use a nginx container # We need some way to server the client and server .well-known json. The simplest way is to use a nginx container
# to serve those two as static files. If you want to use a different way, delete or comment the below service, here # to serve those two as static files. If you want to use a different way, delete or comment the below service, here
# and in the docker-compose override file. # and in the docker compose override file.
well-known: well-known:
image: nginx:latest image: nginx:latest
restart: unless-stopped restart: unless-stopped

View file

@ -18,7 +18,7 @@ services:
# We need some way to server the client and server .well-known json. The simplest way is to use a nginx container # We need some way to server the client and server .well-known json. The simplest way is to use a nginx container
# to serve those two as static files. If you want to use a different way, delete or comment the below service, here # to serve those two as static files. If you want to use a different way, delete or comment the below service, here
# and in the docker-compose file. # and in the docker compose file.
well-known: well-known:
labels: labels:
- "traefik.enable=true" - "traefik.enable=true"

View file

@ -7,8 +7,8 @@ services:
### then you are ready to go. ### then you are ready to go.
image: matrixconduit/matrix-conduit:latest image: matrixconduit/matrix-conduit:latest
### If you want to build a fresh image from the sources, then comment the image line and uncomment the ### If you want to build a fresh image from the sources, then comment the image line and uncomment the
### build lines. If you want meaningful labels in your built Conduit image, you should run docker-compose like this: ### build lines. If you want meaningful labels in your built Conduit image, you should run docker compose like this:
### CREATED=$(date -u +'%Y-%m-%dT%H:%M:%SZ') VERSION=$(grep -m1 -o '[0-9].[0-9].[0-9]' Cargo.toml) docker-compose up -d ### CREATED=$(date -u +'%Y-%m-%dT%H:%M:%SZ') VERSION=$(grep -m1 -o '[0-9].[0-9].[0-9]' Cargo.toml) docker compose up -d
# build: # build:
# context: . # context: .
# args: # args:
@ -31,19 +31,18 @@ services:
### Uncomment and change values as desired ### Uncomment and change values as desired
# CONDUIT_ADDRESS: 0.0.0.0 # CONDUIT_ADDRESS: 0.0.0.0
# CONDUIT_PORT: 6167 # CONDUIT_PORT: 6167
# CONDUIT_REGISTRATION_TOKEN: '' # require password for registration
# CONDUIT_CONFIG: '/srv/conduit/conduit.toml' # if you want to configure purely by env vars, set this to an empty string '' # CONDUIT_CONFIG: '/srv/conduit/conduit.toml' # if you want to configure purely by env vars, set this to an empty string ''
# Available levels are: error, warn, info, debug, trace - more info at: https://docs.rs/env_logger/*/env_logger/#enabling-logging # Available levels are: error, warn, info, debug, trace - more info at: https://docs.rs/env_logger/*/env_logger/#enabling-logging
# CONDUIT_LOG: info # default is: "warn,_=off,sled=off" # CONDUIT_ALLOW_ENCRYPTION: 'true'
# CONDUIT_ALLOW_JAEGER: 'false' # CONDUIT_ALLOW_FEDERATION: 'true'
# CONDUIT_ALLOW_ENCRYPTION: 'false' # CONDUIT_ALLOW_CHECK_FOR_UPDATES: 'true'
# CONDUIT_ALLOW_FEDERATION: 'false'
# CONDUIT_DATABASE_PATH: /srv/conduit/.local/share/conduit # CONDUIT_DATABASE_PATH: /srv/conduit/.local/share/conduit
# CONDUIT_WORKERS: 10 # CONDUIT_MAX_REQUEST_SIZE: 20000000 # in bytes, ~20 MB
# CONDUIT_MAX_REQUEST_SIZE: 20_000_000 # in bytes, ~20 MB
# We need some way to server the client and server .well-known json. The simplest way is to use a nginx container # We need some way to server the client and server .well-known json. The simplest way is to use a nginx container
# to serve those two as static files. If you want to use a different way, delete or comment the below service, here # to serve those two as static files. If you want to use a different way, delete or comment the below service, here
# and in the docker-compose override file. # and in the docker compose override file.
well-known: well-known:
image: nginx:latest image: nginx:latest
restart: unless-stopped restart: unless-stopped

View file

@ -7,8 +7,8 @@ services:
### then you are ready to go. ### then you are ready to go.
image: matrixconduit/matrix-conduit:latest image: matrixconduit/matrix-conduit:latest
### If you want to build a fresh image from the sources, then comment the image line and uncomment the ### If you want to build a fresh image from the sources, then comment the image line and uncomment the
### build lines. If you want meaningful labels in your built Conduit image, you should run docker-compose like this: ### build lines. If you want meaningful labels in your built Conduit image, you should run docker compose like this:
### CREATED=$(date -u +'%Y-%m-%dT%H:%M:%SZ') VERSION=$(grep -m1 -o '[0-9].[0-9].[0-9]' Cargo.toml) docker-compose up -d ### CREATED=$(date -u +'%Y-%m-%dT%H:%M:%SZ') VERSION=$(grep -m1 -o '[0-9].[0-9].[0-9]' Cargo.toml) docker compose up -d
# build: # build:
# context: . # context: .
# args: # args:
@ -26,12 +26,12 @@ services:
CONDUIT_DATABASE_PATH: /var/lib/matrix-conduit/ CONDUIT_DATABASE_PATH: /var/lib/matrix-conduit/
CONDUIT_DATABASE_BACKEND: rocksdb CONDUIT_DATABASE_BACKEND: rocksdb
CONDUIT_PORT: 6167 CONDUIT_PORT: 6167
CONDUIT_MAX_REQUEST_SIZE: 20_000_000 # in bytes, ~20 MB CONDUIT_MAX_REQUEST_SIZE: 20000000 # in bytes, ~20 MB
CONDUIT_ALLOW_REGISTRATION: 'true' CONDUIT_ALLOW_REGISTRATION: 'true'
CONDUIT_ALLOW_FEDERATION: 'true' CONDUIT_ALLOW_FEDERATION: 'true'
CONDUIT_ALLOW_CHECK_FOR_UPDATES: 'true'
CONDUIT_TRUSTED_SERVERS: '["matrix.org"]' CONDUIT_TRUSTED_SERVERS: '["matrix.org"]'
#CONDUIT_MAX_CONCURRENT_REQUESTS: 100 #CONDUIT_MAX_CONCURRENT_REQUESTS: 100
#CONDUIT_LOG: warn,rocket=off,_=off,sled=off
CONDUIT_ADDRESS: 0.0.0.0 CONDUIT_ADDRESS: 0.0.0.0
CONDUIT_CONFIG: '' # Ignore this CONDUIT_CONFIG: '' # Ignore this
# #

View file

@ -1,10 +1,39 @@
# Deploy using Docker # Conduit for Docker
> **Note:** To run and use Conduit you should probably use it with a Domain or Subdomain behind a reverse proxy (like Nginx, Traefik, Apache, ...) with a Lets Encrypt certificate. > **Note:** To run and use Conduit you should probably use it with a Domain or Subdomain behind a reverse proxy (like Nginx, Traefik, Apache, ...) with a Lets Encrypt certificate.
## Docker ## Docker
### Build & Dockerfile To run Conduit with Docker you can either build the image yourself or pull it from a registry.
### Use a registry
OCI images for Conduit are available in the registries listed below. We recommend using the image tagged as `latest` from GitLab's own registry.
| Registry | Image | Size | Notes |
| --------------- | --------------------------------------------------------------- | ----------------------------- | ---------------------- |
| GitLab Registry | [registry.gitlab.com/famedly/conduit/matrix-conduit:latest][gl] | ![Image Size][shield-latest] | Stable image. |
| Docker Hub | [docker.io/matrixconduit/matrix-conduit:latest][dh] | ![Image Size][shield-latest] | Stable image. |
| GitLab Registry | [registry.gitlab.com/famedly/conduit/matrix-conduit:next][gl] | ![Image Size][shield-next] | Development version. |
| Docker Hub | [docker.io/matrixconduit/matrix-conduit:next][dh] | ![Image Size][shield-next] | Development version. |
[dh]: https://hub.docker.com/r/matrixconduit/matrix-conduit
[gl]: https://gitlab.com/famedly/conduit/container_registry/2497937
[shield-latest]: https://img.shields.io/docker/image-size/matrixconduit/matrix-conduit/latest
[shield-next]: https://img.shields.io/docker/image-size/matrixconduit/matrix-conduit/next
Use
```bash
docker image pull <link>
```
to pull it to your machine.
### Build using a dockerfile
The Dockerfile provided by Conduit has two stages, each of which creates an image. The Dockerfile provided by Conduit has two stages, each of which creates an image.
@ -19,9 +48,11 @@ docker build --tag matrixconduit/matrix-conduit:latest .
which also will tag the resulting image as `matrixconduit/matrix-conduit:latest`. which also will tag the resulting image as `matrixconduit/matrix-conduit:latest`.
### Run ### Run
After building the image you can simply run it with When you have the image you can simply run it with
```bash ```bash
docker run -d -p 8448:6167 \ docker run -d -p 8448:6167 \
@ -30,33 +61,24 @@ docker run -d -p 8448:6167 \
-e CONDUIT_DATABASE_BACKEND="rocksdb" \ -e CONDUIT_DATABASE_BACKEND="rocksdb" \
-e CONDUIT_ALLOW_REGISTRATION=true \ -e CONDUIT_ALLOW_REGISTRATION=true \
-e CONDUIT_ALLOW_FEDERATION=true \ -e CONDUIT_ALLOW_FEDERATION=true \
-e CONDUIT_MAX_REQUEST_SIZE="20_000_000" \ -e CONDUIT_MAX_REQUEST_SIZE="20000000" \
-e CONDUIT_TRUSTED_SERVERS="[\"matrix.org\"]" \ -e CONDUIT_TRUSTED_SERVERS="[\"matrix.org\"]" \
-e CONDUIT_MAX_CONCURRENT_REQUESTS="100" \ -e CONDUIT_MAX_CONCURRENT_REQUESTS="100" \
-e CONDUIT_LOG="warn,rocket=off,_=off,sled=off" \ -e CONDUIT_PORT="6167" \
--name conduit matrixconduit/matrix-conduit:latest --name conduit <link>
``` ```
or you can skip the build step and pull the image from one of the following registries: or you can use [docker compose](#docker-compose).
| Registry | Image | Size | The `-d` flag lets the container run in detached mode. You now need to supply a `conduit.toml` config file, an example can be found [here](../configuration.md).
| --------------- | --------------------------------------------------------------- | --------------------- |
| Docker Hub | [matrixconduit/matrix-conduit:latest][dh] | ![Image Size][shield] |
| GitLab Registry | [registry.gitlab.com/famedly/conduit/matrix-conduit:latest][gl] | ![Image Size][shield] |
[dh]: https://hub.docker.com/r/matrixconduit/matrix-conduit
[gl]: https://gitlab.com/famedly/conduit/container_registry/2497937
[shield]: https://img.shields.io/docker/image-size/matrixconduit/matrix-conduit/latest
The `-d` flag lets the container run in detached mode. You now need to supply a `conduit.toml` config file, an example can be found [here](../conduit-example.toml).
You can pass in different env vars to change config values on the fly. You can even configure Conduit completely by using env vars, but for that you need You can pass in different env vars to change config values on the fly. You can even configure Conduit completely by using env vars, but for that you need
to pass `-e CONDUIT_CONFIG=""` into your container. For an overview of possible values, please take a look at the `docker-compose.yml` file. to pass `-e CONDUIT_CONFIG=""` into your container. For an overview of possible values, please take a look at the `docker-compose.yml` file.
If you just want to test Conduit for a short time, you can use the `--rm` flag, which will clean up everything related to your container after you stop it. If you just want to test Conduit for a short time, you can use the `--rm` flag, which will clean up everything related to your container after you stop it.
## Docker-compose ### Docker compose
If the `docker run` command is not for you or your setup, you can also use one of the provided `docker-compose` files. If the `docker run` command is not for you or your setup, you can also use one of the provided `docker compose` files.
Depending on your proxy setup, you can use one of the following files; Depending on your proxy setup, you can use one of the following files;
- If you already have a `traefik` instance set up, use [`docker-compose.for-traefik.yml`](docker-compose.for-traefik.yml) - If you already have a `traefik` instance set up, use [`docker-compose.for-traefik.yml`](docker-compose.for-traefik.yml)
@ -66,15 +88,14 @@ Depending on your proxy setup, you can use one of the following files;
When picking the traefik-related compose file, rename it so it matches `docker-compose.yml`, and When picking the traefik-related compose file, rename it so it matches `docker-compose.yml`, and
rename the override file to `docker-compose.override.yml`. Edit the latter with the values you want rename the override file to `docker-compose.override.yml`. Edit the latter with the values you want
for your server. for your server.
Additional info about deploying Conduit can be found [here](generic.md).
Additional info about deploying Conduit can be found [here](../DEPLOY.md).
### Build ### Build
To build the Conduit image with docker-compose, you first need to open and modify the `docker-compose.yml` file. There you need to comment the `image:` option and uncomment the `build:` option. Then call docker-compose with: To build the Conduit image with docker compose, you first need to open and modify the `docker-compose.yml` file. There you need to comment the `image:` option and uncomment the `build:` option. Then call docker compose with:
```bash ```bash
docker-compose up docker compose up
``` ```
This will also start the container right afterwards, so if want it to run in detached mode, you also should use the `-d` flag. This will also start the container right afterwards, so if want it to run in detached mode, you also should use the `-d` flag.
@ -84,7 +105,7 @@ This will also start the container right afterwards, so if want it to run in det
If you already have built the image or want to use one from the registries, you can just start the container and everything else in the compose file in detached mode with: If you already have built the image or want to use one from the registries, you can just start the container and everything else in the compose file in detached mode with:
```bash ```bash
docker-compose up -d docker compose up -d
``` ```
> **Note:** Don't forget to modify and adjust the compose file to your needs. > **Note:** Don't forget to modify and adjust the compose file to your needs.
@ -95,7 +116,7 @@ As a container user, you probably know about Traefik. It is a easy to use revers
containerized app and services available through the web. With the two provided files, containerized app and services available through the web. With the two provided files,
[`docker-compose.for-traefik.yml`](docker-compose.for-traefik.yml) (or [`docker-compose.for-traefik.yml`](docker-compose.for-traefik.yml) (or
[`docker-compose.with-traefik.yml`](docker-compose.with-traefik.yml)) and [`docker-compose.with-traefik.yml`](docker-compose.with-traefik.yml)) and
[`docker-compose.override.yml`](docker-compose.override.traefik.yml), it is equally easy to deploy [`docker-compose.override.yml`](docker-compose.override.yml), it is equally easy to deploy
and use Conduit, with a little caveat. If you already took a look at the files, then you should have and use Conduit, with a little caveat. If you already took a look at the files, then you should have
seen the `well-known` service, and that is the little caveat. Traefik is simply a proxy and seen the `well-known` service, and that is the little caveat. Traefik is simply a proxy and
loadbalancer and is not able to serve any kind of content, but for Conduit to federate, we need to loadbalancer and is not able to serve any kind of content, but for Conduit to federate, we need to
@ -106,9 +127,10 @@ With the service `well-known` we use a single `nginx` container that will serve
So...step by step: So...step by step:
1. Copy [`docker-compose.traefik.yml`](docker-compose.traefik.yml) and [`docker-compose.override.traefik.yml`](docker-compose.override.traefik.yml) from the repository and remove `.traefik` from the filenames. 1. Copy [`docker-compose.for-traefik.yml`](docker-compose.for-traefik.yml) (or
[`docker-compose.with-traefik.yml`](docker-compose.with-traefik.yml)) and [`docker-compose.override.yml`](docker-compose.override.yml) from the repository and remove `.for-traefik` (or `.with-traefik`) from the filename.
2. Open both files and modify/adjust them to your needs. Meaning, change the `CONDUIT_SERVER_NAME` and the volume host mappings according to your needs. 2. Open both files and modify/adjust them to your needs. Meaning, change the `CONDUIT_SERVER_NAME` and the volume host mappings according to your needs.
3. Create the `conduit.toml` config file, an example can be found [here](../conduit-example.toml), or set `CONDUIT_CONFIG=""` and configure Conduit per env vars. 3. Create the `conduit.toml` config file, an example can be found [here](../configuration.md), or set `CONDUIT_CONFIG=""` and configure Conduit per env vars.
4. Uncomment the `element-web` service if you want to host your own Element Web Client and create a `element_config.json`. 4. Uncomment the `element-web` service if you want to host your own Element Web Client and create a `element_config.json`.
5. Create the files needed by the `well-known` service. 5. Create the files needed by the `well-known` service.
@ -136,5 +158,60 @@ So...step by step:
} }
``` ```
6. Run `docker-compose up -d` 6. Run `docker compose up -d`
7. Connect to your homeserver with your preferred client and create a user. You should do this immediately after starting Conduit, because the first created user is the admin. 7. Connect to your homeserver with your preferred client and create a user. You should do this immediately after starting Conduit, because the first created user is the admin.
## Voice communication
In order to make or receive calls, a TURN server is required. Conduit suggests using [Coturn](https://github.com/coturn/coturn) for this purpose, which is also available as a Docker image. Before proceeding with the software installation, it is essential to have the necessary configurations in place.
### Configuration
Create a configuration file called `coturn.conf` containing:
```conf
use-auth-secret
static-auth-secret=<a secret key>
realm=<your server domain>
```
A common way to generate a suitable alphanumeric secret key is by using `pwgen -s 64 1`.
These same values need to be set in conduit. You can either modify conduit.toml to include these lines:
```
turn_uris = ["turn:<your server domain>?transport=udp", "turn:<your server domain>?transport=tcp"]
turn_secret = "<secret key from coturn configuration>"
```
or append the following to the docker environment variables dependig on which configuration method you used earlier:
```yml
CONDUIT_TURN_URIS: '["turn:<your server domain>?transport=udp", "turn:<your server domain>?transport=tcp"]'
CONDUIT_TURN_SECRET: "<secret key from coturn configuration>"
```
Restart Conduit to apply these changes.
### Run
Run the [Coturn](https://hub.docker.com/r/coturn/coturn) image using
```bash
docker run -d --network=host -v $(pwd)/coturn.conf:/etc/coturn/turnserver.conf coturn/coturn
```
or docker compose. For the latter, paste the following section into a file called `docker-compose.yml`
and run `docker compose up -d` in the same directory.
```yml
version: 3
services:
turn:
container_name: coturn-server
image: docker.io/coturn/coturn
restart: unless-stopped
network_mode: "host"
volumes:
- ./coturn.conf:/etc/coturn/turnserver.conf
```
To understand why the host networking mode is used and explore alternative configuration options, please visit the following link: https://github.com/coturn/coturn/blob/master/docker/coturn/README.md.
For security recommendations see Synapse's [Coturn documentation](https://github.com/matrix-org/synapse/blob/develop/docs/setup/turn/coturn.md#configuration).

289
docs/deploying/generic.md Normal file
View file

@ -0,0 +1,289 @@
# Generic deployment documentation
> ## Getting help
>
> If you run into any problems while setting up Conduit, write an email to `conduit@koesters.xyz`, ask us
> in `#conduit:fachschaften.org` or [open an issue on GitLab](https://gitlab.com/famedly/conduit/-/issues/new).
## Installing Conduit
Although you might be able to compile Conduit for Windows, we do recommend running it on a Linux server. We therefore
only offer Linux binaries.
You may simply download the binary that fits your machine. Run `uname -m` to see what you need. For `arm`, you should use `aarch`. Now copy the appropriate url:
**Stable/Main versions:**
| Target | Type | Download |
|-|-|-|
| `x86_64-unknown-linux-musl` | Statically linked Debian package | [link](https://gitlab.com/api/v4/projects/famedly%2Fconduit/jobs/artifacts/master/raw/x86_64-unknown-linux-musl.deb?job=artifacts) |
| `aarch64-unknown-linux-musl` | Statically linked Debian package | [link](https://gitlab.com/api/v4/projects/famedly%2Fconduit/jobs/artifacts/master/raw/aarch64-unknown-linux-musl.deb?job=artifacts) |
| `x86_64-unknown-linux-musl` | Statically linked binary | [link](https://gitlab.com/api/v4/projects/famedly%2Fconduit/jobs/artifacts/master/raw/x86_64-unknown-linux-musl?job=artifacts) |
| `aarch64-unknown-linux-musl` | Statically linked binary | [link](https://gitlab.com/api/v4/projects/famedly%2Fconduit/jobs/artifacts/master/raw/aarch64-unknown-linux-musl?job=artifacts) |
| `x86_64-unknown-linux-gnu` | OCI image | [link](https://gitlab.com/api/v4/projects/famedly%2Fconduit/jobs/artifacts/master/raw/oci-image-amd64.tar.gz?job=artifacts) |
| `aarch64-unknown-linux-musl` | OCI image | [link](https://gitlab.com/api/v4/projects/famedly%2Fconduit/jobs/artifacts/master/raw/oci-image-arm64v8.tar.gz?job=artifacts) |
These builds were created on and linked against the glibc version shipped with Debian bullseye.
If you use a system with an older glibc version (e.g. RHEL8), you might need to compile Conduit yourself.
**Latest/Next versions:**
| Target | Type | Download |
|-|-|-|
| `x86_64-unknown-linux-musl` | Statically linked Debian package | [link](https://gitlab.com/api/v4/projects/famedly%2Fconduit/jobs/artifacts/next/raw/x86_64-unknown-linux-musl.deb?job=artifacts) |
| `aarch64-unknown-linux-musl` | Statically linked Debian package | [link](https://gitlab.com/api/v4/projects/famedly%2Fconduit/jobs/artifacts/next/raw/aarch64-unknown-linux-musl.deb?job=artifacts) |
| `x86_64-unknown-linux-musl` | Statically linked binary | [link](https://gitlab.com/api/v4/projects/famedly%2Fconduit/jobs/artifacts/next/raw/x86_64-unknown-linux-musl?job=artifacts) |
| `aarch64-unknown-linux-musl` | Statically linked binary | [link](https://gitlab.com/api/v4/projects/famedly%2Fconduit/jobs/artifacts/next/raw/aarch64-unknown-linux-musl?job=artifacts) |
| `x86_64-unknown-linux-gnu` | OCI image | [link](https://gitlab.com/api/v4/projects/famedly%2Fconduit/jobs/artifacts/next/raw/oci-image-amd64.tar.gz?job=artifacts) |
| `aarch64-unknown-linux-musl` | OCI image | [link](https://gitlab.com/api/v4/projects/famedly%2Fconduit/jobs/artifacts/next/raw/oci-image-arm64v8.tar.gz?job=artifacts) |
```bash
$ sudo wget -O /usr/local/bin/matrix-conduit <url>
$ sudo chmod +x /usr/local/bin/matrix-conduit
```
Alternatively, you may compile the binary yourself. First, install any dependencies:
```bash
# Debian
$ sudo apt install libclang-dev build-essential
# RHEL
$ sudo dnf install clang
```
Then, `cd` into the source tree of conduit-next and run:
```bash
$ cargo build --release
```
## Adding a Conduit user
While Conduit can run as any user it is usually better to use dedicated users for different services. This also allows
you to make sure that the file permissions are correctly set up.
In Debian or RHEL, you can use this command to create a Conduit user:
```bash
sudo adduser --system conduit --group --disabled-login --no-create-home
```
## Forwarding ports in the firewall or the router
Conduit uses the ports 443 and 8448 both of which need to be open in the firewall.
If Conduit runs behind a router or in a container and has a different public IP address than the host system these public ports need to be forwarded directly or indirectly to the port mentioned in the config.
## Optional: Avoid port 8448
If Conduit runs behind Cloudflare reverse proxy, which doesn't support port 8448 on free plans, [delegation](https://matrix-org.github.io/synapse/latest/delegate.html) can be set up to have federation traffic routed to port 443:
```apache
# .well-known delegation on Apache
<Files "/.well-known/matrix/server">
ErrorDocument 200 '{"m.server": "your.server.name:443"}'
Header always set Content-Type application/json
Header always set Access-Control-Allow-Origin *
</Files>
```
[SRV DNS record](https://spec.matrix.org/latest/server-server-api/#resolving-server-names) delegation is also [possible](https://www.cloudflare.com/en-gb/learning/dns/dns-records/dns-srv-record/).
## Setting up a systemd service
Now we'll set up a systemd service for Conduit, so it's easy to start/stop Conduit and set it to autostart when your
server reboots. Simply paste the default systemd service you can find below into
`/etc/systemd/system/conduit.service`.
```systemd
[Unit]
Description=Conduit Matrix Server
After=network.target
[Service]
Environment="CONDUIT_CONFIG=/etc/matrix-conduit/conduit.toml"
User=conduit
Group=conduit
Restart=always
ExecStart=/usr/local/bin/matrix-conduit
[Install]
WantedBy=multi-user.target
```
Finally, run
```bash
$ sudo systemctl daemon-reload
```
## Creating the Conduit configuration file
Now we need to create the Conduit's config file in
`/etc/matrix-conduit/conduit.toml`. Paste in the contents of
[`conduit-example.toml`](../configuration.md) **and take a moment to read it.
You need to change at least the server name.**
You can also choose to use a different database backend, but right now only `rocksdb` and `sqlite` are recommended.
## Setting the correct file permissions
As we are using a Conduit specific user we need to allow it to read the config. To do that you can run this command on
Debian or RHEL:
```bash
sudo chown -R root:root /etc/matrix-conduit
sudo chmod 755 /etc/matrix-conduit
```
If you use the default database path you also need to run this:
```bash
sudo mkdir -p /var/lib/matrix-conduit/
sudo chown -R conduit:conduit /var/lib/matrix-conduit/
sudo chmod 700 /var/lib/matrix-conduit/
```
## Setting up the Reverse Proxy
This depends on whether you use Apache, Caddy, Nginx or another web server.
### Apache
Create `/etc/apache2/sites-enabled/050-conduit.conf` and copy-and-paste this:
```apache
# Requires mod_proxy and mod_proxy_http
#
# On Apache instance compiled from source,
# paste into httpd-ssl.conf or httpd.conf
Listen 8448
<VirtualHost *:443 *:8448>
ServerName your.server.name # EDIT THIS
AllowEncodedSlashes NoDecode
ProxyPass /_matrix/ http://127.0.0.1:6167/_matrix/ timeout=300 nocanon
ProxyPassReverse /_matrix/ http://127.0.0.1:6167/_matrix/
</VirtualHost>
```
**You need to make some edits again.** When you are done, run
```bash
# Debian
$ sudo systemctl reload apache2
# Installed from source
$ sudo apachectl -k graceful
```
### Caddy
Create `/etc/caddy/conf.d/conduit_caddyfile` and enter this (substitute for your server name).
```caddy
your.server.name, your.server.name:8448 {
reverse_proxy /_matrix/* 127.0.0.1:6167
}
```
That's it! Just start or enable the service and you're set.
```bash
$ sudo systemctl enable caddy
```
### Nginx
If you use Nginx and not Apache, add the following server section inside the http section of `/etc/nginx/nginx.conf`
```nginx
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
listen 8448 ssl http2;
listen [::]:8448 ssl http2;
server_name your.server.name; # EDIT THIS
merge_slashes off;
# Nginx defaults to only allow 1MB uploads
# Increase this to allow posting large files such as videos
client_max_body_size 20M;
location /_matrix/ {
proxy_pass http://127.0.0.1:6167;
proxy_set_header Host $http_host;
proxy_buffering off;
proxy_read_timeout 5m;
}
ssl_certificate /etc/letsencrypt/live/your.server.name/fullchain.pem; # EDIT THIS
ssl_certificate_key /etc/letsencrypt/live/your.server.name/privkey.pem; # EDIT THIS
ssl_trusted_certificate /etc/letsencrypt/live/your.server.name/chain.pem; # EDIT THIS
include /etc/letsencrypt/options-ssl-nginx.conf;
}
```
**You need to make some edits again.** When you are done, run
```bash
$ sudo systemctl reload nginx
```
## SSL Certificate
If you chose Caddy as your web proxy SSL certificates are handled automatically and you can skip this step.
The easiest way to get an SSL certificate, if you don't have one already, is to [install](https://certbot.eff.org/instructions) `certbot` and run this:
```bash
# To use ECC for the private key,
# paste into /etc/letsencrypt/cli.ini:
# key-type = ecdsa
# elliptic-curve = secp384r1
$ sudo certbot -d your.server.name
```
[Automated renewal](https://eff-certbot.readthedocs.io/en/stable/using.html#automated-renewals) is usually preconfigured.
If using Cloudflare, configure instead the edge and origin certificates in dashboard. In case youre already running a website on the same Apache server, you can just copy-and-paste the SSL configuration from your main virtual host on port 443 into the above-mentioned vhost.
## You're done!
Now you can start Conduit with:
```bash
$ sudo systemctl start conduit
```
Set it to start automatically when your system boots with:
```bash
$ sudo systemctl enable conduit
```
## How do I know it works?
You can open [a Matrix client](https://matrix.org/ecosystem/clients), enter your homeserver and try to register. If you are using a registration token, use [Element web](https://app.element.io/), [Nheko](https://matrix.org/ecosystem/clients/nheko/) or [SchildiChat web](https://app.schildi.chat/), as they support this feature.
You can also use these commands as a quick health check.
```bash
$ curl https://your.server.name/_matrix/client/versions
# If using port 8448
$ curl https://your.server.name:8448/_matrix/client/versions
```
- To check if your server can talk with other homeservers, you can use the [Matrix Federation Tester](https://federationtester.matrix.org/).
If you can register but cannot join federated rooms check your config again and also check if the port 8448 is open and forwarded correctly.
# What's next?
## Audio/Video calls
For Audio/Video call functionality see the [TURN Guide](../turn.md).
## Appservices
If you want to set up an appservice, take a look at the [Appservice Guide](../appservices.md).

18
docs/deploying/nixos.md Normal file
View file

@ -0,0 +1,18 @@
# Conduit for NixOS
Conduit can be acquired by Nix from various places:
* The `flake.nix` at the root of the repo
* The `default.nix` at the root of the repo
* From Nixpkgs
The `flake.nix` and `default.nix` do not (currently) provide a NixOS module, so
(for now) [`services.matrix-conduit`][module] from Nixpkgs should be used to
configure Conduit.
If you want to run the latest code, you should get Conduit from the `flake.nix`
or `default.nix` and set [`services.matrix-conduit.package`][package]
appropriately.
[module]: https://search.nixos.org/options?channel=unstable&query=services.matrix-conduit
[package]: https://search.nixos.org/options?channel=unstable&query=services.matrix-conduit.package

41
docs/faq.md Normal file
View file

@ -0,0 +1,41 @@
# FAQ
Here are some of the most frequently asked questions about Conduit, and their answers.
## Why do I get a `M_INCOMPATIBLE_ROOM_VERSION` error when trying to join some rooms?
Conduit doesn't support room versions 1 and 2 at all, and doesn't properly support versions 3-5 currently. You can track the progress of adding support [here](https://gitlab.com/famedly/conduit/-/issues/433).
## How do I backup my server?
To backup your Conduit server, it's very easy.
You can simply stop Conduit, make a copy or file system snapshot of the database directory, then start Conduit again.
> **Note**: When using a file system snapshot, it is not required that you stop the server, but it is still recommended as it is the safest option and should ensure your database is not left in an inconsistent state.
## How do I setup sliding sync?
If you use the [automatic method for delegation](delegation.md#automatic-recommended) or just proxy `.well-known/matrix/client` to Conduit, sliding sync should work with no extra configuration.
If you don't, continue below.
You need to add a `org.matrix.msc3575.proxy` field to your `.well-known/matrix/client` response which contains a url which Conduit is accessible behind.
Here is an example:
```json
{
~ "m.homeserver": {
~ "base_url": "https://matrix.example.org"
~ },
"org.matrix.msc3575.proxy": {
"url": "https://matrix.example.org"
}
}
```
## Can I migrate from Synapse to Conduit?
Not really. You can reuse the domain of your current server with Conduit, but you will not be able to migrate accounts automatically.
Rooms that were federated can be re-joined via the other participating servers, however media and the like may be deleted from remote servers after some time, and hence might not be recoverable.
## How do I make someone an admin?
Simply invite them to the admin room. Once joined, they can administer the server by interacting with the `@conduit:<server_name>` user.

13
docs/introduction.md Normal file
View file

@ -0,0 +1,13 @@
# Conduit
{{#include ../README.md:catchphrase}}
{{#include ../README.md:body}}
#### How can I deploy my own?
- [Deployment options](deploying.md)
If you want to connect an Appservice to Conduit, take a look at the [appservices documentation](appservices.md).
{{#include ../README.md:footer}}

View file

@ -1,8 +1,8 @@
# Setting up TURN/STURN # Setting up TURN/STUN
## General instructions ## General instructions
* It is assumed you have a [Coturn server](https://github.com/coturn/coturn) up and running. See [Synapse reference implementation](https://github.com/matrix-org/synapse/blob/develop/docs/turn-howto.md). * It is assumed you have a [Coturn server](https://github.com/coturn/coturn) up and running. See [Synapse reference implementation](https://github.com/element-hq/synapse/blob/develop/docs/turn-howto.md).
## Edit/Add a few settings to your existing conduit.toml ## Edit/Add a few settings to your existing conduit.toml

79
engage.toml Normal file
View file

@ -0,0 +1,79 @@
interpreter = ["bash", "-euo", "pipefail", "-c"]
[[task]]
group = "versions"
name = "engage"
script = "engage --version"
[[task]]
group = "versions"
name = "rustc"
script = "rustc --version"
[[task]]
group = "versions"
name = "cargo"
script = "cargo --version"
[[task]]
group = "versions"
name = "cargo-fmt"
script = "cargo fmt --version"
[[task]]
group = "versions"
name = "rustdoc"
script = "rustdoc --version"
[[task]]
group = "versions"
name = "cargo-clippy"
script = "cargo clippy -- --version"
[[task]]
group = "versions"
name = "lychee"
script = "lychee --version"
[[task]]
group = "lints"
name = "cargo-fmt"
script = "cargo fmt --check -- --color=always"
[[task]]
group = "lints"
name = "cargo-doc"
script = """
RUSTDOCFLAGS="-D warnings" cargo doc \
--workspace \
--no-deps \
--document-private-items \
--color always
"""
[[task]]
group = "lints"
name = "cargo-clippy"
script = "cargo clippy --workspace --all-targets --color=always -- -D warnings"
[[task]]
group = "lints"
name = "taplo-fmt"
script = "taplo fmt --check --colors always"
[[task]]
group = "lints"
name = "lychee"
script = "lychee --offline docs"
[[task]]
group = "tests"
name = "cargo"
script = """
cargo test \
--workspace \
--all-targets \
--color=always \
-- \
--color=always
"""

213
flake.lock generated
View file

@ -1,5 +1,70 @@
{ {
"nodes": { "nodes": {
"attic": {
"inputs": {
"crane": "crane",
"flake-compat": "flake-compat",
"flake-utils": "flake-utils",
"nixpkgs": "nixpkgs",
"nixpkgs-stable": "nixpkgs-stable"
},
"locked": {
"lastModified": 1707922053,
"narHash": "sha256-wSZjK+rOXn+UQiP1NbdNn5/UW6UcBxjvlqr2wh++MbM=",
"owner": "zhaofengli",
"repo": "attic",
"rev": "6eabc3f02fae3683bffab483e614bebfcd476b21",
"type": "github"
},
"original": {
"owner": "zhaofengli",
"ref": "main",
"repo": "attic",
"type": "github"
}
},
"crane": {
"inputs": {
"nixpkgs": [
"attic",
"nixpkgs"
]
},
"locked": {
"lastModified": 1702918879,
"narHash": "sha256-tWJqzajIvYcaRWxn+cLUB9L9Pv4dQ3Bfit/YjU5ze3g=",
"owner": "ipetkov",
"repo": "crane",
"rev": "7195c00c272fdd92fc74e7d5a0a2844b9fadb2fb",
"type": "github"
},
"original": {
"owner": "ipetkov",
"repo": "crane",
"type": "github"
}
},
"crane_2": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1713721181,
"narHash": "sha256-Vz1KRVTzU3ClBfyhOj8gOehZk21q58T1YsXC30V23PU=",
"owner": "ipetkov",
"repo": "crane",
"rev": "55f4939ac59ff8f89c6a4029730a2d49ea09105f",
"type": "github"
},
"original": {
"owner": "ipetkov",
"ref": "master",
"repo": "crane",
"type": "github"
}
},
"fenix": { "fenix": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@ -8,11 +73,11 @@
"rust-analyzer-src": "rust-analyzer-src" "rust-analyzer-src": "rust-analyzer-src"
}, },
"locked": { "locked": {
"lastModified": 1665815894, "lastModified": 1709619709,
"narHash": "sha256-Vboo1L4NMGLKZKVLnOPi9OHlae7uoNyfgvyIUm+SVXE=", "narHash": "sha256-l6EPVJfwfelWST7qWQeP6t/TDK3HHv5uUB1b2vw4mOQ=",
"owner": "nix-community", "owner": "nix-community",
"repo": "fenix", "repo": "fenix",
"rev": "2348450241a5f945f0ba07e44ecbfac2f541d7f4", "rev": "c8943ea9e98d41325ff57d4ec14736d330b321b2",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -21,13 +86,45 @@
"type": "github" "type": "github"
} }
}, },
"flake-compat": {
"flake": false,
"locked": {
"lastModified": 1673956053,
"narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-compat_2": {
"flake": false,
"locked": {
"lastModified": 1696426674,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-utils": { "flake-utils": {
"locked": { "locked": {
"lastModified": 1659877975, "lastModified": 1667395993,
"narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=", "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=",
"owner": "numtide", "owner": "numtide",
"repo": "flake-utils", "repo": "flake-utils",
"rev": "c0e246b9b83f637f4681389ecabcb2681b4f3af0", "rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -36,57 +133,106 @@
"type": "github" "type": "github"
} }
}, },
"naersk": { "flake-utils_2": {
"inputs": { "inputs": {
"nixpkgs": [ "systems": "systems"
"nixpkgs"
]
}, },
"locked": { "locked": {
"lastModified": 1662220400, "lastModified": 1709126324,
"narHash": "sha256-9o2OGQqu4xyLZP9K6kNe1pTHnyPz0Wr3raGYnr9AIgY=", "narHash": "sha256-q6EQdSeUZOG26WelxqkmR7kArjgWCdw5sfJVHPH/7j8=",
"owner": "nix-community", "owner": "numtide",
"repo": "naersk", "repo": "flake-utils",
"rev": "6944160c19cb591eb85bbf9b2f2768a935623ed3", "rev": "d465f4819400de7c8d874d50b982301f28a84605",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "nix-community", "owner": "numtide",
"repo": "naersk", "repo": "flake-utils",
"type": "github"
}
},
"nix-filter": {
"locked": {
"lastModified": 1705332318,
"narHash": "sha256-kcw1yFeJe9N4PjQji9ZeX47jg0p9A0DuU4djKvg1a7I=",
"owner": "numtide",
"repo": "nix-filter",
"rev": "3449dc925982ad46246cfc36469baf66e1b64f17",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "nix-filter",
"type": "github" "type": "github"
} }
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1665856037, "lastModified": 1702539185,
"narHash": "sha256-/RvIWnGKdTSoIq5Xc2HwPIL0TzRslzU6Rqk4Img6UNg=", "narHash": "sha256-KnIRG5NMdLIpEkZTnN5zovNYc0hhXjAgv6pfd5Z4c7U=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "c95ebc5125ffffcd431df0ad8620f0926b8125b8", "rev": "aa9d4729cbc99dabacb50e3994dcefb3ea0f7447",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "NixOS", "owner": "NixOS",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-stable": {
"locked": {
"lastModified": 1702780907,
"narHash": "sha256-blbrBBXjjZt6OKTcYX1jpe9SRof2P9ZYWPzq22tzXAA=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "1e2e384c5b7c50dbf8e9c441a9e58d85f408b01f",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-23.11",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1709479366,
"narHash": "sha256-n6F0n8UV6lnTZbYPl1A9q1BS0p4hduAv1mGAP17CVd0=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "b8697e57f10292a6165a20f03d2f42920dfaf973",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs", "repo": "nixpkgs",
"type": "github" "type": "github"
} }
}, },
"root": { "root": {
"inputs": { "inputs": {
"attic": "attic",
"crane": "crane_2",
"fenix": "fenix", "fenix": "fenix",
"flake-utils": "flake-utils", "flake-compat": "flake-compat_2",
"naersk": "naersk", "flake-utils": "flake-utils_2",
"nixpkgs": "nixpkgs" "nix-filter": "nix-filter",
"nixpkgs": "nixpkgs_2"
} }
}, },
"rust-analyzer-src": { "rust-analyzer-src": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1665765556, "lastModified": 1709571018,
"narHash": "sha256-w9L5j0TIB5ay4aRwzGCp8mgvGsu5dVJQvbEFutwr6xE=", "narHash": "sha256-ISFrxHxE0J5g7lDAscbK88hwaT5uewvWoma9TlFmRzM=",
"owner": "rust-lang", "owner": "rust-lang",
"repo": "rust-analyzer", "repo": "rust-analyzer",
"rev": "018b8429cf3fa9d8aed916704e41dfedeb0f4f78", "rev": "9f14343f9ee24f53f17492c5f9b653427e2ad15e",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -95,6 +241,21 @@
"repo": "rust-analyzer", "repo": "rust-analyzer",
"type": "github" "type": "github"
} }
},
"systems": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
} }
}, },
"root": "root", "root": "root",

148
flake.nix
View file

@ -1,75 +1,115 @@
{ {
inputs = { inputs = {
nixpkgs.url = "github:NixOS/nixpkgs"; nixpkgs.url = "github:NixOS/nixpkgs?ref=nixos-unstable";
flake-utils.url = "github:numtide/flake-utils"; flake-utils.url = "github:numtide/flake-utils";
nix-filter.url = "github:numtide/nix-filter";
flake-compat = {
url = "github:edolstra/flake-compat";
flake = false;
};
fenix = { fenix = {
url = "github:nix-community/fenix"; url = "github:nix-community/fenix";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
naersk = { crane = {
url = "github:nix-community/naersk"; url = "github:ipetkov/crane?ref=master";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
attic.url = "github:zhaofengli/attic?ref=main";
}; };
outputs = outputs = inputs:
{ self
, nixpkgs
, flake-utils
, fenix
, naersk
}: flake-utils.lib.eachDefaultSystem (system:
let let
pkgs = nixpkgs.legacyPackages.${system}; # Keep sorted
mkScope = pkgs: pkgs.lib.makeScope pkgs.newScope (self: {
craneLib =
(inputs.crane.mkLib pkgs).overrideToolchain self.toolchain;
# Nix-accessible `Cargo.toml` default = self.callPackage ./nix/pkgs/default {};
cargoToml = builtins.fromTOML (builtins.readFile ./Cargo.toml);
# The Rust toolchain to use inherit inputs;
toolchain = fenix.packages.${system}.toolchainOf {
# Use the Rust version defined in `Cargo.toml`
channel = cargoToml.package.rust-version;
# This will need to be updated when `package.rust-version` is changed in oci-image = self.callPackage ./nix/pkgs/oci-image {};
# `Cargo.toml`
sha256 = "sha256-KXx+ID0y4mg2B3LHp7IyaiMrdexF6octADnAtFIOjrY=";
};
builder = (pkgs.callPackage naersk { book = self.callPackage ./nix/pkgs/book {};
inherit (toolchain) rustc cargo;
}).buildPackage; rocksdb =
let
version = "9.1.1";
in in
{ pkgs.rocksdb.overrideAttrs (old: {
packages.default = builder { inherit version;
src = ./.; src = pkgs.fetchFromGitHub {
owner = "facebook";
nativeBuildInputs = (with pkgs.rustPlatform; [ repo = "rocksdb";
bindgenHook rev = "v${version}";
]); hash = "sha256-/Xf0bzNJPclH9IP80QNaABfhj4IAR5LycYET18VFCXc=";
};
devShells.default = pkgs.mkShell {
# Rust Analyzer needs to be able to find the path to default crate
# sources, and it can read this environment variable to do so
RUST_SRC_PATH = "${toolchain.rust-src}/lib/rustlib/src/rust/library";
# Development tools
nativeBuildInputs = (with pkgs.rustPlatform; [
bindgenHook
]) ++ (with toolchain; [
cargo
clippy
rust-src
rustc
rustfmt
]);
};
checks = {
packagesDefault = self.packages.${system}.default;
devShellsDefault = self.devShells.${system}.default;
}; };
}); });
shell = self.callPackage ./nix/shell.nix {};
# The Rust toolchain to use
toolchain = inputs
.fenix
.packages
.${pkgs.pkgsBuildHost.system}
.fromToolchainFile {
file = ./rust-toolchain.toml;
# See also `rust-toolchain.toml`
sha256 = "sha256-Ngiz76YP4HTY75GGdH2P+APE/DEIx2R/Dn+BwwOyzZU=";
};
});
in
inputs.flake-utils.lib.eachDefaultSystem (system:
let
pkgs = inputs.nixpkgs.legacyPackages.${system};
in
{
packages = {
default = (mkScope pkgs).default;
oci-image = (mkScope pkgs).oci-image;
book = (mkScope pkgs).book;
}
//
builtins.listToAttrs
(builtins.concatLists
(builtins.map
(crossSystem:
let
binaryName = "static-${crossSystem}";
pkgsCrossStatic =
(import inputs.nixpkgs {
inherit system;
crossSystem = {
config = crossSystem;
};
}).pkgsStatic;
in
[
# An output for a statically-linked binary
{
name = binaryName;
value = (mkScope pkgsCrossStatic).default;
}
# An output for an OCI image based on that binary
{
name = "oci-image-${crossSystem}";
value = (mkScope pkgsCrossStatic).oci-image;
}
]
)
[
"x86_64-unknown-linux-musl"
"aarch64-unknown-linux-musl"
]
)
);
devShells.default = (mkScope pkgs).shell;
}
);
} }

View file

@ -1,188 +0,0 @@
# Conduit for Nix/NixOS
This guide assumes you have a recent version of Nix (^2.4) installed.
Since Conduit ships as a Nix flake, you'll first need to [enable
flakes][enable_flakes].
You can now use the usual Nix commands to interact with Conduit's flake. For
example, `nix run gitlab:famedly/conduit` will run Conduit (though you'll need
to provide configuration and such manually as usual).
If your NixOS configuration is defined as a flake, you can depend on this flake
to provide a more up-to-date version than provided by `nixpkgs`. In your flake,
add the following to your `inputs`:
```nix
conduit = {
url = "gitlab:famedly/conduit";
# Assuming you have an input for nixpkgs called `nixpkgs`. If you experience
# build failures while using this, try commenting/deleting this line. This
# will probably also require you to always build from source.
inputs.nixpkgs.follows = "nixpkgs";
};
```
Next, make sure you're passing your flake inputs to the `specialArgs` argument
of `nixpkgs.lib.nixosSystem` [as explained here][specialargs]. This guide will
assume you've named the group `flake-inputs`.
Now you can configure Conduit and a reverse proxy for it. Add the following to
a new Nix file and include it in your configuration:
```nix
{ config
, pkgs
, flake-inputs
, ...
}:
let
# You'll need to edit these values
# The hostname that will appear in your user and room IDs
server_name = "example.com";
# The hostname that Conduit actually runs on
#
# This can be the same as `server_name` if you want. This is only necessary
# when Conduit is running on a different machine than the one hosting your
# root domain. This configuration also assumes this is all running on a single
# machine, some tweaks will need to be made if this is not the case.
matrix_hostname = "matrix.${server_name}";
# An admin email for TLS certificate notifications
admin_email = "admin@${server_name}";
# These ones you can leave alone
# Build a dervation that stores the content of `${server_name}/.well-known/matrix/server`
well_known_server = pkgs.writeText "well-known-matrix-server" ''
{
"m.server": "${matrix_hostname}"
}
'';
# Build a dervation that stores the content of `${server_name}/.well-known/matrix/client`
well_known_client = pkgs.writeText "well-known-matrix-client" ''
{
"m.homeserver": {
"base_url": "https://${matrix_hostname}"
}
}
'';
in
{
# Configure Conduit itself
services.matrix-conduit = {
enable = true;
# This causes NixOS to use the flake defined in this repository instead of
# the build of Conduit built into nixpkgs.
package = flake-inputs.conduit.packages.${pkgs.system}.default;
settings.global = {
inherit server_name;
};
};
# Configure automated TLS acquisition/renewal
security.acme = {
acceptTerms = true;
defaults = {
email = admin_email;
};
};
# ACME data must be readable by the NGINX user
users.users.nginx.extraGroups = [
"acme"
];
# Configure NGINX as a reverse proxy
services.nginx = {
enable = true;
recommendedProxySettings = true;
virtualHosts = {
"${server_name}" = {
forceSSL = true;
enableACME = true;
listen = [
{
addr = "0.0.0.0";
port = 443;
ssl = true;
}
{
addr = "0.0.0.0";
port = 8448;
ssl = true;
}
];
extraConfig = ''
merge_slashes off;
'';
"${matrix_hostname}" = {
forceSSL = true;
enableACME = true;
locations."/_matrix/" = {
proxyPass = "http://backend_conduit$request_uri";
proxyWebsockets = true;
extraConfig = ''
proxy_set_header Host $host;
proxy_buffering off;
'';
};
locations."=/.well-known/matrix/server" = {
# Use the contents of the derivation built previously
alias = "${well_known_server}";
extraConfig = ''
# Set the header since by default NGINX thinks it's just bytes
default_type application/json;
'';
};
locations."=/.well-known/matrix/client" = {
# Use the contents of the derivation built previously
alias = "${well_known_client}";
extraConfig = ''
# Set the header since by default NGINX thinks it's just bytes
default_type application/json;
# https://matrix.org/docs/spec/client_server/r0.4.0#web-browser-clients
add_header Access-Control-Allow-Origin "*";
'';
};
};
};
upstreams = {
"backend_conduit" = {
servers = {
"localhost:${toString config.services.matrix-conduit.settings.global.port}" = { };
};
};
};
};
# Open firewall ports for HTTP, HTTPS, and Matrix federation
networking.firewall.allowedTCPPorts = [ 80 443 8448 ];
networking.firewall.allowedUDPPorts = [ 80 443 8448 ];
}
```
Now you can rebuild your system configuration and you should be good to go!
[enable_flakes]: https://nixos.wiki/wiki/Flakes#Enable_flakes
[specialargs]: https://nixos.wiki/wiki/Flakes#Using_nix_flakes_with_NixOS

34
nix/pkgs/book/default.nix Normal file
View file

@ -0,0 +1,34 @@
# Keep sorted
{ default
, inputs
, mdbook
, stdenv
}:
stdenv.mkDerivation {
pname = "${default.pname}-book";
version = default.version;
src = let filter = inputs.nix-filter.lib; in filter {
root = inputs.self;
# Keep sorted
include = [
"book.toml"
"conduit-example.toml"
"debian/README.md"
"docs"
"README.md"
];
};
nativeBuildInputs = [
mdbook
];
buildPhase = ''
mdbook build
mv public $out
'';
}

View file

@ -0,0 +1,100 @@
{ lib
, pkgsBuildHost
, rust
, stdenv
}:
lib.optionalAttrs stdenv.hostPlatform.isStatic {
ROCKSDB_STATIC = "";
}
//
{
CARGO_BUILD_RUSTFLAGS =
lib.concatStringsSep
" "
([]
# This disables PIE for static builds, which isn't great in terms of
# security. Unfortunately, my hand is forced because nixpkgs'
# `libstdc++.a` is built without `-fPIE`, which precludes us from
# leaving PIE enabled.
++ lib.optionals
stdenv.hostPlatform.isStatic
[ "-C" "relocation-model=static" ]
++ lib.optionals
(stdenv.buildPlatform.config != stdenv.hostPlatform.config)
[ "-l" "c" ]
++ lib.optionals
# This check has to match the one [here][0]. We only need to set
# these flags when using a different linker. Don't ask me why, though,
# because I don't know. All I know is it breaks otherwise.
#
# [0]: https://github.com/NixOS/nixpkgs/blob/5cdb38bb16c6d0a38779db14fcc766bc1b2394d6/pkgs/build-support/rust/lib/default.nix#L37-L40
(
# Nixpkgs doesn't check for x86_64 here but we do, because I
# observed a failure building statically for x86_64 without
# including it here. Linkers are weird.
(stdenv.hostPlatform.isAarch64 || stdenv.hostPlatform.isx86_64)
&& stdenv.hostPlatform.isStatic
&& !stdenv.isDarwin
&& !stdenv.cc.bintools.isLLVM
)
[
"-l"
"stdc++"
"-L"
"${stdenv.cc.cc.lib}/${stdenv.hostPlatform.config}/lib"
]
);
}
# What follows is stolen from [here][0]. Its purpose is to properly configure
# compilers and linkers for various stages of the build, and even covers the
# case of build scripts that need native code compiled and run on the build
# platform (I think).
#
# [0]: https://github.com/NixOS/nixpkgs/blob/5cdb38bb16c6d0a38779db14fcc766bc1b2394d6/pkgs/build-support/rust/lib/default.nix#L57-L80
//
(
let
inherit (rust.lib) envVars;
in
lib.optionalAttrs
(stdenv.targetPlatform.rust.rustcTarget
!= stdenv.hostPlatform.rust.rustcTarget)
(
let
inherit (stdenv.targetPlatform.rust) cargoEnvVarTarget;
in
{
"CC_${cargoEnvVarTarget}" = envVars.ccForTarget;
"CXX_${cargoEnvVarTarget}" = envVars.cxxForTarget;
"CARGO_TARGET_${cargoEnvVarTarget}_LINKER" =
envVars.linkerForTarget;
}
)
//
(
let
inherit (stdenv.hostPlatform.rust) cargoEnvVarTarget rustcTarget;
in
{
"CC_${cargoEnvVarTarget}" = envVars.ccForHost;
"CXX_${cargoEnvVarTarget}" = envVars.cxxForHost;
"CARGO_TARGET_${cargoEnvVarTarget}_LINKER" = envVars.linkerForHost;
CARGO_BUILD_TARGET = rustcTarget;
}
)
//
(
let
inherit (stdenv.buildPlatform.rust) cargoEnvVarTarget;
in
{
"CC_${cargoEnvVarTarget}" = envVars.ccForBuild;
"CXX_${cargoEnvVarTarget}" = envVars.cxxForBuild;
"CARGO_TARGET_${cargoEnvVarTarget}_LINKER" = envVars.linkerForBuild;
HOST_CC = "${pkgsBuildHost.stdenv.cc}/bin/cc";
HOST_CXX = "${pkgsBuildHost.stdenv.cc}/bin/c++";
}
)
)

View file

@ -0,0 +1,95 @@
# Dependencies (keep sorted)
{ craneLib
, inputs
, lib
, pkgsBuildHost
, rocksdb
, rust
, stdenv
# Options (keep sorted)
, default-features ? true
, features ? []
, profile ? "release"
}:
let
buildDepsOnlyEnv =
let
rocksdb' = rocksdb.override {
enableJemalloc = builtins.elem "jemalloc" features;
};
in
{
NIX_OUTPATH_USED_AS_RANDOM_SEED = "randomseed"; # https://crane.dev/faq/rebuilds-bindgen.html
ROCKSDB_INCLUDE_DIR = "${rocksdb'}/include";
ROCKSDB_LIB_DIR = "${rocksdb'}/lib";
}
//
(import ./cross-compilation-env.nix {
# Keep sorted
inherit
lib
pkgsBuildHost
rust
stdenv;
});
buildPackageEnv = {
CONDUIT_VERSION_EXTRA = inputs.self.shortRev or inputs.self.dirtyShortRev;
} // buildDepsOnlyEnv;
commonAttrs = {
inherit
(craneLib.crateNameFromCargoToml {
cargoToml = "${inputs.self}/Cargo.toml";
})
pname
version;
src = let filter = inputs.nix-filter.lib; in filter {
root = inputs.self;
# Keep sorted
include = [
"Cargo.lock"
"Cargo.toml"
"src"
];
};
nativeBuildInputs = [
# bindgen needs the build platform's libclang. Apparently due to "splicing
# weirdness", pkgs.rustPlatform.bindgenHook on its own doesn't quite do the
# right thing here.
pkgsBuildHost.rustPlatform.bindgenHook
];
CARGO_PROFILE = profile;
};
in
craneLib.buildPackage ( commonAttrs // {
cargoArtifacts = craneLib.buildDepsOnly (commonAttrs // {
env = buildDepsOnlyEnv;
});
cargoExtraArgs = "--locked "
+ lib.optionalString
(!default-features)
"--no-default-features "
+ lib.optionalString
(features != [])
"--features " + (builtins.concatStringsSep "," features);
# This is redundant with CI
doCheck = false;
env = buildPackageEnv;
passthru = {
env = buildPackageEnv;
};
meta.mainProgram = commonAttrs.pname;
})

View file

@ -0,0 +1,25 @@
# Keep sorted
{ default
, dockerTools
, lib
, tini
}:
dockerTools.buildImage {
name = default.pname;
tag = "next";
copyToRoot = [
dockerTools.caCertificates
];
config = {
# Use the `tini` init system so that signals (e.g. ctrl+c/SIGINT)
# are handled as expected
Entrypoint = [
"${lib.getExe' tini "tini"}"
"--"
];
Cmd = [
"${lib.getExe default}"
];
};
}

61
nix/shell.nix Normal file
View file

@ -0,0 +1,61 @@
# Keep sorted
{ cargo-deb
, default
, engage
, go
, inputs
, jq
, lychee
, mdbook
, mkShell
, olm
, system
, taplo
, toolchain
}:
mkShell {
env = default.env // {
# Rust Analyzer needs to be able to find the path to default crate
# sources, and it can read this environment variable to do so. The
# `rust-src` component is required in order for this to work.
RUST_SRC_PATH = "${toolchain}/lib/rustlib/src/rust/library";
};
# Development tools
nativeBuildInputs = [
# Always use nightly rustfmt because most of its options are unstable
#
# This needs to come before `toolchain` in this list, otherwise
# `$PATH` will have stable rustfmt instead.
inputs.fenix.packages.${system}.latest.rustfmt
# rust itself
toolchain
# CI tests
engage
# format toml files
taplo
# Needed for producing Debian packages
cargo-deb
# Needed for our script for Complement
jq
# Needed for Complement
go
olm
# Needed for our script for Complement
jq
# Needed for finding broken markdown links
lychee
# Useful for editing the book locally
mdbook
] ++ default.nativeBuildInputs ;
}

21
rust-toolchain.toml Normal file
View file

@ -0,0 +1,21 @@
# This is the authoritiative configuration of this project's Rust toolchain.
#
# Other files that need upkeep when this changes:
#
# * `Cargo.toml`
# * `flake.nix`
#
# Search in those files for `rust-toolchain.toml` to find the relevant places.
# If you're having trouble making the relevant changes, bug a maintainer.
[toolchain]
channel = "1.79.0"
components = [
# For rust-analyzer
"rust-src",
]
targets = [
"aarch64-unknown-linux-musl",
"x86_64-unknown-linux-gnu",
"x86_64-unknown-linux-musl",
]

View file

@ -1,2 +1,2 @@
imports_granularity = "Crate"
unstable_features = true unstable_features = true
imports_granularity="Crate"

View file

@ -1,24 +1,35 @@
use crate::{services, utils, Error, Result}; use crate::{services, utils, Error, Result};
use bytes::BytesMut; use bytes::BytesMut;
use ruma::api::{IncomingResponse, MatrixVersion, OutgoingRequest, SendAccessToken}; use ruma::api::{
appservice::Registration, IncomingResponse, MatrixVersion, OutgoingRequest, SendAccessToken,
};
use std::{fmt::Debug, mem, time::Duration}; use std::{fmt::Debug, mem, time::Duration};
use tracing::warn; use tracing::warn;
/// Sends a request to an appservice
///
/// Only returns None if there is no url specified in the appservice registration file
#[tracing::instrument(skip(request))] #[tracing::instrument(skip(request))]
pub(crate) async fn send_request<T: OutgoingRequest>( pub(crate) async fn send_request<T>(
registration: serde_yaml::Value, registration: Registration,
request: T, request: T,
) -> Result<T::IncomingResponse> ) -> Result<Option<T::IncomingResponse>>
where where
T: Debug, T: OutgoingRequest + Debug,
{ {
let destination = registration.get("url").unwrap().as_str().unwrap(); let destination = match registration.url {
let hs_token = registration.get("hs_token").unwrap().as_str().unwrap(); Some(url) => url,
None => {
return Ok(None);
}
};
let hs_token = registration.hs_token.as_str();
let mut http_request = request let mut http_request = request
.try_into_http_request::<BytesMut>( .try_into_http_request::<BytesMut>(
destination, &destination,
SendAccessToken::IfRequired(""), SendAccessToken::IfRequired(hs_token),
&[MatrixVersion::V1_0], &[MatrixVersion::V1_0],
) )
.unwrap() .unwrap()
@ -39,8 +50,7 @@ where
); );
*http_request.uri_mut() = parts.try_into().expect("our manipulation is always valid"); *http_request.uri_mut() = parts.try_into().expect("our manipulation is always valid");
let mut reqwest_request = reqwest::Request::try_from(http_request) let mut reqwest_request = reqwest::Request::try_from(http_request)?;
.expect("all http requests are valid reqwest requests");
*reqwest_request.timeout_mut() = Some(Duration::from_secs(30)); *reqwest_request.timeout_mut() = Some(Duration::from_secs(30));
@ -55,9 +65,7 @@ where
Err(e) => { Err(e) => {
warn!( warn!(
"Could not send request to appservice {:?} at {}: {}", "Could not send request to appservice {:?} at {}: {}",
registration.get("id"), registration.id, destination, e
destination,
e
); );
return Err(e.into()); return Err(e.into());
} }
@ -95,7 +103,8 @@ where
.body(body) .body(body)
.expect("reqwest body is valid http body"), .expect("reqwest body is valid http body"),
); );
response.map_err(|_| {
response.map(Some).map_err(|_| {
warn!( warn!(
"Appservice returned invalid response bytes {}\n{}", "Appservice returned invalid response bytes {}\n{}",
destination, url destination, url

View file

@ -3,7 +3,8 @@ use crate::{api::client_server, services, utils, Error, Result, Ruma};
use ruma::{ use ruma::{
api::client::{ api::client::{
account::{ account::{
change_password, deactivate, get_3pids, get_username_availability, register, change_password, deactivate, get_3pids, get_username_availability,
register::{self, LoginType},
request_3pid_management_token_via_email, request_3pid_management_token_via_msisdn, request_3pid_management_token_via_email, request_3pid_management_token_via_msisdn,
whoami, ThirdPartyIdRemovalStatus, whoami, ThirdPartyIdRemovalStatus,
}, },
@ -74,9 +75,9 @@ pub async fn get_register_available_route(
/// - Creates a new account and populates it with default account data /// - Creates a new account and populates it with default account data
/// - If `inhibit_login` is false: Creates a device and returns device id and access_token /// - If `inhibit_login` is false: Creates a device and returns device id and access_token
pub async fn register_route(body: Ruma<register::v3::Request>) -> Result<register::v3::Response> { pub async fn register_route(body: Ruma<register::v3::Request>) -> Result<register::v3::Response> {
if !services().globals.allow_registration() && !body.from_appservice { if !services().globals.allow_registration().await && body.appservice_info.is_none() {
return Err(Error::BadRequest( return Err(Error::BadRequest(
ErrorKind::Forbidden, ErrorKind::forbidden(),
"Registration has been disabled.", "Registration has been disabled.",
)); ));
} }
@ -118,8 +119,44 @@ pub async fn register_route(body: Ruma<register::v3::Request>) -> Result<registe
}, },
}; };
if body.body.login_type == Some(LoginType::ApplicationService) {
if let Some(ref info) = body.appservice_info {
if !info.is_user_match(&user_id) {
return Err(Error::BadRequest(
ErrorKind::Exclusive,
"User is not in namespace.",
));
}
} else {
return Err(Error::BadRequest(
ErrorKind::MissingToken,
"Missing appservice token.",
));
}
} else if services().appservice.is_exclusive_user_id(&user_id).await {
return Err(Error::BadRequest(
ErrorKind::Exclusive,
"User id reserved by appservice.",
));
}
// UIAA // UIAA
let mut uiaainfo = UiaaInfo { let mut uiaainfo;
let skip_auth = if services().globals.config.registration_token.is_some() {
// Registration token required
uiaainfo = UiaaInfo {
flows: vec![AuthFlow {
stages: vec![AuthType::RegistrationToken],
}],
completed: Vec::new(),
params: Default::default(),
session: None,
auth_error: None,
};
body.appservice_info.is_some()
} else {
// No registration token necessary, but clients must still go through the flow
uiaainfo = UiaaInfo {
flows: vec![AuthFlow { flows: vec![AuthFlow {
stages: vec![AuthType::Dummy], stages: vec![AuthType::Dummy],
}], }],
@ -128,8 +165,10 @@ pub async fn register_route(body: Ruma<register::v3::Request>) -> Result<registe
session: None, session: None,
auth_error: None, auth_error: None,
}; };
body.appservice_info.is_some() || is_guest
};
if !body.from_appservice { if !skip_auth {
if let Some(auth) = &body.auth { if let Some(auth) = &body.auth {
let (worked, uiaainfo) = services().uiaa.try_auth( let (worked, uiaainfo) = services().uiaa.try_auth(
&UserId::parse_with_server_name("", services().globals.server_name()) &UserId::parse_with_server_name("", services().globals.server_name())
@ -222,15 +261,24 @@ pub async fn register_route(body: Ruma<register::v3::Request>) -> Result<registe
)?; )?;
info!("New user {} registered on this server.", user_id); info!("New user {} registered on this server.", user_id);
if body.appservice_info.is_none() && !is_guest {
services() services()
.admin .admin
.send_message(RoomMessageEventContent::notice_plain(format!( .send_message(RoomMessageEventContent::notice_plain(format!(
"New user {user_id} registered on this server." "New user {user_id} registered on this server."
))); )));
}
// If this is the first real user, grant them admin privileges // If this is the first real user, grant them admin privileges
// Note: the server user, @conduit:servername, is generated first // Note: the server user, @conduit:servername, is generated first
if services().users.count()? == 2 { if !is_guest {
if let Some(admin_room) = services().admin.get_admin_room()? {
if services()
.rooms
.state_cache
.room_joined_count(&admin_room)?
== Some(1)
{
services() services()
.admin .admin
.make_user_admin(&user_id, displayname) .make_user_admin(&user_id, displayname)
@ -238,6 +286,8 @@ pub async fn register_route(body: Ruma<register::v3::Request>) -> Result<registe
warn!("Granting {} admin privileges as the first user", user_id); warn!("Granting {} admin privileges as the first user", user_id);
} }
}
}
Ok(register::v3::Response { Ok(register::v3::Response {
access_token: Some(token), access_token: Some(token),
@ -265,7 +315,11 @@ pub async fn register_route(body: Ruma<register::v3::Request>) -> Result<registe
pub async fn change_password_route( pub async fn change_password_route(
body: Ruma<change_password::v3::Request>, body: Ruma<change_password::v3::Request>,
) -> Result<change_password::v3::Response> { ) -> Result<change_password::v3::Response> {
let sender_user = body.sender_user.as_ref().expect("user is authenticated"); let sender_user = body
.sender_user
.as_ref()
// In the future password changes could be performed with UIA with 3PIDs, but we don't support that currently
.ok_or_else(|| Error::BadRequest(ErrorKind::MissingToken, "Missing access token."))?;
let sender_device = body.sender_device.as_ref().expect("user is authenticated"); let sender_device = body.sender_device.as_ref().expect("user is authenticated");
let mut uiaainfo = UiaaInfo { let mut uiaainfo = UiaaInfo {
@ -335,7 +389,7 @@ pub async fn whoami_route(body: Ruma<whoami::v3::Request>) -> Result<whoami::v3:
Ok(whoami::v3::Response { Ok(whoami::v3::Response {
user_id: sender_user.clone(), user_id: sender_user.clone(),
device_id, device_id,
is_guest: services().users.is_deactivated(sender_user)? && !body.from_appservice, is_guest: services().users.is_deactivated(sender_user)? && body.appservice_info.is_none(),
}) })
} }
@ -352,7 +406,11 @@ pub async fn whoami_route(body: Ruma<whoami::v3::Request>) -> Result<whoami::v3:
pub async fn deactivate_route( pub async fn deactivate_route(
body: Ruma<deactivate::v3::Request>, body: Ruma<deactivate::v3::Request>,
) -> Result<deactivate::v3::Response> { ) -> Result<deactivate::v3::Response> {
let sender_user = body.sender_user.as_ref().expect("user is authenticated"); let sender_user = body
.sender_user
.as_ref()
// In the future password changes could be performed with UIA with SSO, but we don't support that currently
.ok_or_else(|| Error::BadRequest(ErrorKind::MissingToken, "Missing access token."))?;
let sender_device = body.sender_device.as_ref().expect("user is authenticated"); let sender_device = body.sender_device.as_ref().expect("user is authenticated");
let mut uiaainfo = UiaaInfo { let mut uiaainfo = UiaaInfo {
@ -425,7 +483,7 @@ pub async fn request_3pid_management_token_via_email_route(
) -> Result<request_3pid_management_token_via_email::v3::Response> { ) -> Result<request_3pid_management_token_via_email::v3::Response> {
Err(Error::BadRequest( Err(Error::BadRequest(
ErrorKind::ThreepidDenied, ErrorKind::ThreepidDenied,
"Third party identifier is not allowed", "Third party identifiers are currently unsupported by this server implementation",
)) ))
} }
@ -439,6 +497,6 @@ pub async fn request_3pid_management_token_via_msisdn_route(
) -> Result<request_3pid_management_token_via_msisdn::v3::Response> { ) -> Result<request_3pid_management_token_via_msisdn::v3::Response> {
Err(Error::BadRequest( Err(Error::BadRequest(
ErrorKind::ThreepidDenied, ErrorKind::ThreepidDenied,
"Third party identifier is not allowed", "Third party identifiers are currently unsupported by this server implementation",
)) ))
} }

View file

@ -1,5 +1,5 @@
use crate::{services, Error, Result, Ruma}; use crate::{services, Error, Result, Ruma};
use regex::Regex; use rand::seq::SliceRandom;
use ruma::{ use ruma::{
api::{ api::{
appservice, appservice,
@ -18,6 +18,8 @@ use ruma::{
pub async fn create_alias_route( pub async fn create_alias_route(
body: Ruma<create_alias::v3::Request>, body: Ruma<create_alias::v3::Request>,
) -> Result<create_alias::v3::Response> { ) -> Result<create_alias::v3::Response> {
let sender_user = body.sender_user.as_ref().expect("user is authenticated");
if body.room_alias.server_name() != services().globals.server_name() { if body.room_alias.server_name() != services().globals.server_name() {
return Err(Error::BadRequest( return Err(Error::BadRequest(
ErrorKind::InvalidParam, ErrorKind::InvalidParam,
@ -25,6 +27,24 @@ pub async fn create_alias_route(
)); ));
} }
if let Some(ref info) = body.appservice_info {
if !info.aliases.is_match(body.room_alias.as_str()) {
return Err(Error::BadRequest(
ErrorKind::Exclusive,
"Room alias is not in namespace.",
));
}
} else if services()
.appservice
.is_exclusive_alias(&body.room_alias)
.await
{
return Err(Error::BadRequest(
ErrorKind::Exclusive,
"Room alias reserved by appservice.",
));
}
if services() if services()
.rooms .rooms
.alias .alias
@ -37,7 +57,7 @@ pub async fn create_alias_route(
services() services()
.rooms .rooms
.alias .alias
.set_alias(&body.room_alias, &body.room_id)?; .set_alias(&body.room_alias, &body.room_id, sender_user)?;
Ok(create_alias::v3::Response::new()) Ok(create_alias::v3::Response::new())
} }
@ -46,11 +66,12 @@ pub async fn create_alias_route(
/// ///
/// Deletes a room alias from this server. /// Deletes a room alias from this server.
/// ///
/// - TODO: additional access control checks
/// - TODO: Update canonical alias event /// - TODO: Update canonical alias event
pub async fn delete_alias_route( pub async fn delete_alias_route(
body: Ruma<delete_alias::v3::Request>, body: Ruma<delete_alias::v3::Request>,
) -> Result<delete_alias::v3::Response> { ) -> Result<delete_alias::v3::Response> {
let sender_user = body.sender_user.as_ref().expect("user is authenticated");
if body.room_alias.server_name() != services().globals.server_name() { if body.room_alias.server_name() != services().globals.server_name() {
return Err(Error::BadRequest( return Err(Error::BadRequest(
ErrorKind::InvalidParam, ErrorKind::InvalidParam,
@ -58,7 +79,28 @@ pub async fn delete_alias_route(
)); ));
} }
services().rooms.alias.remove_alias(&body.room_alias)?; if let Some(ref info) = body.appservice_info {
if !info.aliases.is_match(body.room_alias.as_str()) {
return Err(Error::BadRequest(
ErrorKind::Exclusive,
"Room alias is not in namespace.",
));
}
} else if services()
.appservice
.is_exclusive_alias(&body.room_alias)
.await
{
return Err(Error::BadRequest(
ErrorKind::Exclusive,
"Room alias reserved by appservice.",
));
}
services()
.rooms
.alias
.remove_alias(&body.room_alias, sender_user)?;
// TODO: update alt_aliases? // TODO: update alt_aliases?
@ -90,41 +132,30 @@ pub(crate) async fn get_alias_helper(
) )
.await?; .await?;
return Ok(get_alias::v3::Response::new( let mut servers = response.servers;
response.room_id, servers.shuffle(&mut rand::thread_rng());
response.servers,
)); return Ok(get_alias::v3::Response::new(response.room_id, servers));
} }
let mut room_id = None; let mut room_id = None;
match services().rooms.alias.resolve_local_alias(&room_alias)? { match services().rooms.alias.resolve_local_alias(&room_alias)? {
Some(r) => room_id = Some(r), Some(r) => room_id = Some(r),
None => { None => {
for (_id, registration) in services().appservice.all()? { for appservice in services().appservice.read().await.values() {
let aliases = registration if appservice.aliases.is_match(room_alias.as_str())
.get("namespaces") && matches!(
.and_then(|ns| ns.get("aliases")) services()
.and_then(|aliases| aliases.as_sequence())
.map_or_else(Vec::new, |aliases| {
aliases
.iter()
.filter_map(|aliases| Regex::new(aliases.get("regex")?.as_str()?).ok())
.collect::<Vec<_>>()
});
if aliases
.iter()
.any(|aliases| aliases.is_match(room_alias.as_str()))
&& services()
.sending .sending
.send_appservice_request( .send_appservice_request(
registration, appservice.registration.clone(),
appservice::query::query_room_alias::v1::Request { appservice::query::query_room_alias::v1::Request {
room_alias: room_alias.clone(), room_alias: room_alias.clone(),
}, },
) )
.await .await,
.is_ok() Ok(Some(_opt_result))
)
{ {
room_id = Some( room_id = Some(
services() services()

View file

@ -75,7 +75,7 @@ pub async fn get_global_account_data_route(
let event: Box<RawJsonValue> = services() let event: Box<RawJsonValue> = services()
.account_data .account_data
.get(None, sender_user, body.event_type.clone().into())? .get(None, sender_user, body.event_type.to_string().into())?
.ok_or(Error::BadRequest(ErrorKind::NotFound, "Data not found."))?; .ok_or(Error::BadRequest(ErrorKind::NotFound, "Data not found."))?;
let account_data = serde_json::from_str::<ExtractGlobalEventContent>(event.get()) let account_data = serde_json::from_str::<ExtractGlobalEventContent>(event.get())
@ -95,11 +95,7 @@ pub async fn get_room_account_data_route(
let event: Box<RawJsonValue> = services() let event: Box<RawJsonValue> = services()
.account_data .account_data
.get( .get(Some(&body.room_id), sender_user, body.event_type.clone())?
Some(&body.room_id),
sender_user,
body.event_type.clone().into(),
)?
.ok_or(Error::BadRequest(ErrorKind::NotFound, "Data not found."))?; .ok_or(Error::BadRequest(ErrorKind::NotFound, "Data not found."))?;
let account_data = serde_json::from_str::<ExtractRoomEventContent>(event.get()) let account_data = serde_json::from_str::<ExtractRoomEventContent>(event.get())

View file

@ -3,7 +3,7 @@ use ruma::{
api::client::{context::get_context, error::ErrorKind, filter::LazyLoadOptions}, api::client::{context::get_context, error::ErrorKind, filter::LazyLoadOptions},
events::StateEventType, events::StateEventType,
}; };
use std::{collections::HashSet, convert::TryFrom}; use std::collections::HashSet;
use tracing::error; use tracing::error;
/// # `GET /_matrix/client/r0/rooms/{roomId}/context` /// # `GET /_matrix/client/r0/rooms/{roomId}/context`
@ -27,21 +27,20 @@ pub async fn get_context_route(
let mut lazy_loaded = HashSet::new(); let mut lazy_loaded = HashSet::new();
let base_pdu_id = services() let base_token = services()
.rooms .rooms
.timeline .timeline
.get_pdu_id(&body.event_id)? .get_pdu_count(&body.event_id)?
.ok_or(Error::BadRequest( .ok_or(Error::BadRequest(
ErrorKind::NotFound, ErrorKind::NotFound,
"Base event id not found.", "Base event id not found.",
))?; ))?;
let base_token = services().rooms.timeline.pdu_count(&base_pdu_id)?; let base_event =
services()
let base_event = services()
.rooms .rooms
.timeline .timeline
.get_pdu_from_id(&base_pdu_id)? .get_pdu(&body.event_id)?
.ok_or(Error::BadRequest( .ok_or(Error::BadRequest(
ErrorKind::NotFound, ErrorKind::NotFound,
"Base event not found.", "Base event not found.",
@ -51,12 +50,12 @@ pub async fn get_context_route(
if !services() if !services()
.rooms .rooms
.state_cache .state_accessor
.is_joined(sender_user, &room_id)? .user_can_see_event(sender_user, &room_id, &body.event_id)?
{ {
return Err(Error::BadRequest( return Err(Error::BadRequest(
ErrorKind::Forbidden, ErrorKind::forbidden(),
"You don't have permission to view this room.", "You don't have permission to view this event.",
)); ));
} }
@ -70,19 +69,24 @@ pub async fn get_context_route(
lazy_loaded.insert(base_event.sender.as_str().to_owned()); lazy_loaded.insert(base_event.sender.as_str().to_owned());
} }
// Use limit with maximum 100
let limit = u64::from(body.limit).min(100) as usize;
let base_event = base_event.to_room_event(); let base_event = base_event.to_room_event();
let events_before: Vec<_> = services() let events_before: Vec<_> = services()
.rooms .rooms
.timeline .timeline
.pdus_until(sender_user, &room_id, base_token)? .pdus_until(sender_user, &room_id, base_token)?
.take( .take(limit / 2)
u32::try_from(body.limit).map_err(|_| {
Error::BadRequest(ErrorKind::InvalidParam, "Limit value is invalid.")
})? as usize
/ 2,
)
.filter_map(|r| r.ok()) // Remove buggy events .filter_map(|r| r.ok()) // Remove buggy events
.filter(|(_, pdu)| {
services()
.rooms
.state_accessor
.user_can_see_event(sender_user, &room_id, &pdu.event_id)
.unwrap_or(false)
})
.collect(); .collect();
for (_, event) in &events_before { for (_, event) in &events_before {
@ -99,8 +103,8 @@ pub async fn get_context_route(
let start_token = events_before let start_token = events_before
.last() .last()
.and_then(|(pdu_id, _)| services().rooms.timeline.pdu_count(pdu_id).ok()) .map(|(count, _)| count.stringify())
.map(|count| count.to_string()); .unwrap_or_else(|| base_token.stringify());
let events_before: Vec<_> = events_before let events_before: Vec<_> = events_before
.into_iter() .into_iter()
@ -111,13 +115,15 @@ pub async fn get_context_route(
.rooms .rooms
.timeline .timeline
.pdus_after(sender_user, &room_id, base_token)? .pdus_after(sender_user, &room_id, base_token)?
.take( .take(limit / 2)
u32::try_from(body.limit).map_err(|_| {
Error::BadRequest(ErrorKind::InvalidParam, "Limit value is invalid.")
})? as usize
/ 2,
)
.filter_map(|r| r.ok()) // Remove buggy events .filter_map(|r| r.ok()) // Remove buggy events
.filter(|(_, pdu)| {
services()
.rooms
.state_accessor
.user_can_see_event(sender_user, &room_id, &pdu.event_id)
.unwrap_or(false)
})
.collect(); .collect();
for (_, event) in &events_after { for (_, event) in &events_after {
@ -153,8 +159,8 @@ pub async fn get_context_route(
let end_token = events_after let end_token = events_after
.last() .last()
.and_then(|(pdu_id, _)| services().rooms.timeline.pdu_count(pdu_id).ok()) .map(|(count, _)| count.stringify())
.map(|count| count.to_string()); .unwrap_or_else(|| base_token.stringify());
let events_after: Vec<_> = events_after let events_after: Vec<_> = events_after
.into_iter() .into_iter()
@ -191,8 +197,8 @@ pub async fn get_context_route(
} }
let resp = get_context::v3::Response { let resp = get_context::v3::Response {
start: start_token, start: Some(start_token),
end: end_token, end: Some(end_token),
events_before, events_before,
event: Some(base_event), event: Some(base_event),
events_after, events_after,

View file

@ -53,7 +53,7 @@ pub async fn update_device_route(
.get_device_metadata(sender_user, &body.device_id)? .get_device_metadata(sender_user, &body.device_id)?
.ok_or(Error::BadRequest(ErrorKind::NotFound, "Device not found."))?; .ok_or(Error::BadRequest(ErrorKind::NotFound, "Device not found."))?;
device.display_name = body.display_name.clone(); device.display_name.clone_from(&body.display_name);
services() services()
.users .users

View file

@ -20,7 +20,6 @@ use ruma::{
guest_access::{GuestAccess, RoomGuestAccessEventContent}, guest_access::{GuestAccess, RoomGuestAccessEventContent},
history_visibility::{HistoryVisibility, RoomHistoryVisibilityEventContent}, history_visibility::{HistoryVisibility, RoomHistoryVisibilityEventContent},
join_rules::{JoinRule, RoomJoinRulesEventContent}, join_rules::{JoinRule, RoomJoinRulesEventContent},
name::RoomNameEventContent,
topic::RoomTopicEventContent, topic::RoomTopicEventContent,
}, },
StateEventType, StateEventType,
@ -203,17 +202,7 @@ pub(crate) async fn get_public_rooms_filtered_helper(
Error::bad_database("Invalid canonical alias event in database.") Error::bad_database("Invalid canonical alias event in database.")
}) })
})?, })?,
name: services() name: services().rooms.state_accessor.get_name(&room_id)?,
.rooms
.state_accessor
.room_state_get(&room_id, &StateEventType::RoomName, "")?
.map_or(Ok(None), |s| {
serde_json::from_str(s.content.get())
.map(|c: RoomNameEventContent| c.name)
.map_err(|_| {
Error::bad_database("Invalid room name event in database.")
})
})?,
num_joined_members: services() num_joined_members: services()
.rooms .rooms
.state_cache .state_cache
@ -232,6 +221,7 @@ pub(crate) async fn get_public_rooms_filtered_helper(
serde_json::from_str(s.content.get()) serde_json::from_str(s.content.get())
.map(|c: RoomTopicEventContent| Some(c.topic)) .map(|c: RoomTopicEventContent| Some(c.topic))
.map_err(|_| { .map_err(|_| {
error!("Invalid room topic event in database for room {}", room_id);
Error::bad_database("Invalid room topic event in database.") Error::bad_database("Invalid room topic event in database.")
}) })
})?, })?,

View file

@ -17,7 +17,11 @@ use ruma::{
DeviceKeyAlgorithm, OwnedDeviceId, OwnedUserId, UserId, DeviceKeyAlgorithm, OwnedDeviceId, OwnedUserId, UserId,
}; };
use serde_json::json; use serde_json::json;
use std::collections::{BTreeMap, HashMap, HashSet}; use std::{
collections::{hash_map, BTreeMap, HashMap, HashSet},
time::{Duration, Instant},
};
use tracing::debug;
/// # `POST /_matrix/client/r0/keys/upload` /// # `POST /_matrix/client/r0/keys/upload`
/// ///
@ -132,6 +136,7 @@ pub async fn upload_signing_keys_route(
master_key, master_key,
&body.self_signing_key, &body.self_signing_key,
&body.user_signing_key, &body.user_signing_key,
true, // notify so that other users see the new keys
)?; )?;
} }
@ -151,18 +156,6 @@ pub async fn upload_signatures_route(
let key = serde_json::to_value(key) let key = serde_json::to_value(key)
.map_err(|_| Error::BadRequest(ErrorKind::InvalidParam, "Invalid key JSON"))?; .map_err(|_| Error::BadRequest(ErrorKind::InvalidParam, "Invalid key JSON"))?;
let is_signed_key = match key.get("usage") {
Some(usage) => usage
.as_array()
.map(|usage| !usage.contains(&json!("master")))
.unwrap_or(false),
None => true,
};
if !is_signed_key {
continue;
}
for signature in key for signature in key
.get("signatures") .get("signatures")
.ok_or(Error::BadRequest( .ok_or(Error::BadRequest(
@ -323,15 +316,17 @@ pub(crate) async fn get_keys_helper<F: Fn(&UserId) -> bool>(
} }
} }
if let Some(master_key) = services() if let Some(master_key) =
services()
.users .users
.get_master_key(user_id, &allowed_signatures)? .get_master_key(sender_user, user_id, &allowed_signatures)?
{ {
master_keys.insert(user_id.to_owned(), master_key); master_keys.insert(user_id.to_owned(), master_key);
} }
if let Some(self_signing_key) = services() if let Some(self_signing_key) =
services()
.users .users
.get_self_signing_key(user_id, &allowed_signatures)? .get_self_signing_key(sender_user, user_id, &allowed_signatures)?
{ {
self_signing_keys.insert(user_id.to_owned(), self_signing_key); self_signing_keys.insert(user_id.to_owned(), self_signing_key);
} }
@ -344,36 +339,99 @@ pub(crate) async fn get_keys_helper<F: Fn(&UserId) -> bool>(
let mut failures = BTreeMap::new(); let mut failures = BTreeMap::new();
let back_off = |id| async {
match services()
.globals
.bad_query_ratelimiter
.write()
.await
.entry(id)
{
hash_map::Entry::Vacant(e) => {
e.insert((Instant::now(), 1));
}
hash_map::Entry::Occupied(mut e) => *e.get_mut() = (Instant::now(), e.get().1 + 1),
}
};
let mut futures: FuturesUnordered<_> = get_over_federation let mut futures: FuturesUnordered<_> = get_over_federation
.into_iter() .into_iter()
.map(|(server, vec)| async move { .map(|(server, vec)| async move {
if let Some((time, tries)) = services()
.globals
.bad_query_ratelimiter
.read()
.await
.get(server)
{
// Exponential backoff
let mut min_elapsed_duration = Duration::from_secs(30) * (*tries) * (*tries);
if min_elapsed_duration > Duration::from_secs(60 * 60 * 24) {
min_elapsed_duration = Duration::from_secs(60 * 60 * 24);
}
if time.elapsed() < min_elapsed_duration {
debug!("Backing off query from {:?}", server);
return (
server,
Err(Error::BadServerResponse("bad query, still backing off")),
);
}
}
let mut device_keys_input_fed = BTreeMap::new(); let mut device_keys_input_fed = BTreeMap::new();
for (user_id, keys) in vec { for (user_id, keys) in vec {
device_keys_input_fed.insert(user_id.to_owned(), keys.clone()); device_keys_input_fed.insert(user_id.to_owned(), keys.clone());
} }
( (
server, server,
services() tokio::time::timeout(
.sending Duration::from_secs(25),
.send_federation_request( services().sending.send_federation_request(
server, server,
federation::keys::get_keys::v1::Request { federation::keys::get_keys::v1::Request {
device_keys: device_keys_input_fed, device_keys: device_keys_input_fed,
}, },
),
) )
.await, .await
.map_err(|_e| Error::BadServerResponse("Query took too long")),
) )
}) })
.collect(); .collect();
while let Some((server, response)) = futures.next().await { while let Some((server, response)) = futures.next().await {
match response { match response {
Ok(response) => { Ok(Ok(response)) => {
master_keys.extend(response.master_keys); for (user, masterkey) in response.master_keys {
let (master_key_id, mut master_key) =
services().users.parse_master_key(&user, &masterkey)?;
if let Some(our_master_key) = services().users.get_key(
&master_key_id,
sender_user,
&user,
&allowed_signatures,
)? {
let (_, our_master_key) =
services().users.parse_master_key(&user, &our_master_key)?;
master_key.signatures.extend(our_master_key.signatures);
}
let json = serde_json::to_value(master_key).expect("to_value always works");
let raw = serde_json::from_value(json).expect("Raw::from_value always works");
services().users.add_cross_signing_keys(
&user, &raw, &None, &None,
false, // Dont notify. A notification would trigger another key request resulting in an endless loop
)?;
master_keys.insert(user, raw);
}
self_signing_keys.extend(response.self_signing_keys); self_signing_keys.extend(response.self_signing_keys);
device_keys.extend(response.device_keys); device_keys.extend(response.device_keys);
} }
Err(_e) => { _ => {
back_off(server.to_owned()).await;
failures.insert(server.to_string(), json!({})); failures.insert(server.to_string(), json!({}));
} }
} }

View file

@ -1,10 +1,24 @@
// Unauthenticated media is deprecated
#![allow(deprecated)]
use std::time::Duration;
use crate::{service::media::FileMeta, services, utils, Error, Result, Ruma}; use crate::{service::media::FileMeta, services, utils, Error, Result, Ruma};
use ruma::api::client::{ use http::header::{CONTENT_DISPOSITION, CONTENT_TYPE};
error::ErrorKind, use ruma::{
media::{ api::{
create_content, get_content, get_content_as_filename, get_content_thumbnail, client::{
get_media_config, authenticated_media::{
get_content, get_content_as_filename, get_content_thumbnail, get_media_config,
}, },
error::ErrorKind,
media::{self, create_content},
},
federation::authenticated_media::{self as federation_media, FileOrLocation},
},
http_headers::{ContentDisposition, ContentDispositionType},
media::Method,
ServerName, UInt,
}; };
const MXC_LENGTH: usize = 32; const MXC_LENGTH: usize = 32;
@ -13,9 +27,20 @@ const MXC_LENGTH: usize = 32;
/// ///
/// Returns max upload size. /// Returns max upload size.
pub async fn get_media_config_route( pub async fn get_media_config_route(
_body: Ruma<get_media_config::v3::Request>, _body: Ruma<media::get_media_config::v3::Request>,
) -> Result<get_media_config::v3::Response> { ) -> Result<media::get_media_config::v3::Response> {
Ok(get_media_config::v3::Response { Ok(media::get_media_config::v3::Response {
upload_size: services().globals.max_request_size().into(),
})
}
/// # `GET /_matrix/client/v1/media/config`
///
/// Returns max upload size.
pub async fn get_media_config_auth_route(
_body: Ruma<get_media_config::v1::Request>,
) -> Result<get_media_config::v1::Response> {
Ok(get_media_config::v1::Response {
upload_size: services().globals.max_request_size().into(), upload_size: services().globals.max_request_size().into(),
}) })
} }
@ -39,43 +64,84 @@ pub async fn create_content_route(
.media .media
.create( .create(
mxc.clone(), mxc.clone(),
body.filename Some(
.as_ref() ContentDisposition::new(ContentDispositionType::Inline)
.map(|filename| "inline; filename=".to_owned() + filename) .with_filename(body.filename.clone()),
.as_deref(), ),
body.content_type.as_deref(), body.content_type.as_deref(),
&body.file, &body.file,
) )
.await?; .await?;
Ok(create_content::v3::Response { Ok(create_content::v3::Response {
content_uri: mxc.try_into().expect("Invalid mxc:// URI"), content_uri: mxc.into(),
blurhash: None, blurhash: None,
}) })
} }
pub async fn get_remote_content( pub async fn get_remote_content(
mxc: &str, mxc: &str,
server_name: &ruma::ServerName, server_name: &ServerName,
media_id: String, media_id: String,
) -> Result<get_content::v3::Response, Error> { ) -> Result<get_content::v1::Response, Error> {
let content_response = services() let content_response = match services()
.sending .sending
.send_federation_request( .send_federation_request(
server_name, server_name,
get_content::v3::Request { federation_media::get_content::v1::Request {
allow_remote: false, media_id: media_id.clone(),
timeout_ms: Duration::from_secs(20),
},
)
.await
{
Ok(federation_media::get_content::v1::Response {
metadata: _,
content: FileOrLocation::File(content),
}) => get_content::v1::Response {
file: content.file,
content_type: content.content_type,
content_disposition: content.content_disposition,
},
Ok(federation_media::get_content::v1::Response {
metadata: _,
content: FileOrLocation::Location(url),
}) => get_location_content(url).await?,
Err(Error::BadRequest(ErrorKind::Unrecognized, _)) => {
let media::get_content::v3::Response {
file,
content_type,
content_disposition,
..
} = services()
.sending
.send_federation_request(
server_name,
media::get_content::v3::Request {
server_name: server_name.to_owned(), server_name: server_name.to_owned(),
media_id, media_id,
timeout_ms: Duration::from_secs(20),
allow_remote: false,
allow_redirect: true,
}, },
) )
.await?; .await?;
get_content::v1::Response {
file,
content_type,
content_disposition,
}
}
Err(e) => return Err(e),
};
services() services()
.media .media
.create( .create(
mxc.to_owned(), mxc.to_owned(),
content_response.content_disposition.as_deref(), content_response.content_disposition.clone(),
content_response.content_type.as_deref(), content_response.content_type.as_deref(),
&content_response.file, &content_response.file,
) )
@ -90,26 +156,58 @@ pub async fn get_remote_content(
/// ///
/// - Only allows federation if `allow_remote` is true /// - Only allows federation if `allow_remote` is true
pub async fn get_content_route( pub async fn get_content_route(
body: Ruma<get_content::v3::Request>, body: Ruma<media::get_content::v3::Request>,
) -> Result<get_content::v3::Response> { ) -> Result<media::get_content::v3::Response> {
let mxc = format!("mxc://{}/{}", body.server_name, body.media_id); let get_content::v1::Response {
file,
if let Some(FileMeta {
content_disposition, content_disposition,
content_type, content_type,
file, } = get_content(&body.server_name, body.media_id.clone(), body.allow_remote).await?;
}) = services().media.get(mxc.clone()).await?
{ Ok(media::get_content::v3::Response {
Ok(get_content::v3::Response {
file, file,
content_type, content_type,
content_disposition, content_disposition,
cross_origin_resource_policy: Some("cross-origin".to_owned()), cross_origin_resource_policy: Some("cross-origin".to_owned()),
}) })
} else if &*body.server_name != services().globals.server_name() && body.allow_remote { }
/// # `GET /_matrix/client/v1/media/download/{serverName}/{mediaId}`
///
/// Load media from our server or over federation.
pub async fn get_content_auth_route(
body: Ruma<get_content::v1::Request>,
) -> Result<get_content::v1::Response> {
get_content(&body.server_name, body.media_id.clone(), true).await
}
async fn get_content(
server_name: &ServerName,
media_id: String,
allow_remote: bool,
) -> Result<get_content::v1::Response, Error> {
let mxc = format!("mxc://{}/{}", server_name, media_id);
if let Ok(Some(FileMeta {
content_disposition,
content_type,
file,
})) = services().media.get(mxc.clone()).await
{
Ok(get_content::v1::Response {
file,
content_type,
content_disposition: Some(content_disposition),
})
} else if server_name != services().globals.server_name() && allow_remote {
let remote_content_response = let remote_content_response =
get_remote_content(&mxc, &body.server_name, body.media_id.clone()).await?; get_remote_content(&mxc, server_name, media_id.clone()).await?;
Ok(remote_content_response)
Ok(get_content::v1::Response {
content_disposition: remote_content_response.content_disposition,
content_type: remote_content_response.content_type,
file: remote_content_response.file,
})
} else { } else {
Err(Error::BadRequest(ErrorKind::NotFound, "Media not found.")) Err(Error::BadRequest(ErrorKind::NotFound, "Media not found."))
} }
@ -121,31 +219,74 @@ pub async fn get_content_route(
/// ///
/// - Only allows federation if `allow_remote` is true /// - Only allows federation if `allow_remote` is true
pub async fn get_content_as_filename_route( pub async fn get_content_as_filename_route(
body: Ruma<get_content_as_filename::v3::Request>, body: Ruma<media::get_content_as_filename::v3::Request>,
) -> Result<get_content_as_filename::v3::Response> { ) -> Result<media::get_content_as_filename::v3::Response> {
let mxc = format!("mxc://{}/{}", body.server_name, body.media_id); let get_content_as_filename::v1::Response {
file,
content_type,
content_disposition,
} = get_content_as_filename(
&body.server_name,
body.media_id.clone(),
body.filename.clone(),
body.allow_remote,
)
.await?;
if let Some(FileMeta { Ok(media::get_content_as_filename::v3::Response {
content_disposition: _,
content_type,
file,
}) = services().media.get(mxc.clone()).await?
{
Ok(get_content_as_filename::v3::Response {
file, file,
content_type, content_type,
content_disposition: Some(format!("inline; filename={}", body.filename)), content_disposition,
cross_origin_resource_policy: Some("cross-origin".to_owned()), cross_origin_resource_policy: Some("cross-origin".to_owned()),
}) })
} else if &*body.server_name != services().globals.server_name() && body.allow_remote { }
let remote_content_response =
get_remote_content(&mxc, &body.server_name, body.media_id.clone()).await?;
Ok(get_content_as_filename::v3::Response { /// # `GET /_matrix/client/v1/media/download/{serverName}/{mediaId}/{fileName}`
content_disposition: Some(format!("inline: filename={}", body.filename)), ///
/// Load media from our server or over federation, permitting desired filename.
pub async fn get_content_as_filename_auth_route(
body: Ruma<get_content_as_filename::v1::Request>,
) -> Result<get_content_as_filename::v1::Response, Error> {
get_content_as_filename(
&body.server_name,
body.media_id.clone(),
body.filename.clone(),
true,
)
.await
}
async fn get_content_as_filename(
server_name: &ServerName,
media_id: String,
filename: String,
allow_remote: bool,
) -> Result<get_content_as_filename::v1::Response, Error> {
let mxc = format!("mxc://{}/{}", server_name, media_id);
if let Ok(Some(FileMeta {
file, content_type, ..
})) = services().media.get(mxc.clone()).await
{
Ok(get_content_as_filename::v1::Response {
file,
content_type,
content_disposition: Some(
ContentDisposition::new(ContentDispositionType::Inline)
.with_filename(Some(filename.clone())),
),
})
} else if server_name != services().globals.server_name() && allow_remote {
let remote_content_response =
get_remote_content(&mxc, server_name, media_id.clone()).await?;
Ok(get_content_as_filename::v1::Response {
content_disposition: Some(
ContentDisposition::new(ContentDispositionType::Inline)
.with_filename(Some(filename.clone())),
),
content_type: remote_content_response.content_type, content_type: remote_content_response.content_type,
file: remote_content_response.file, file: remote_content_response.file,
cross_origin_resource_policy: Some("cross-origin".to_owned()),
}) })
} else { } else {
Err(Error::BadRequest(ErrorKind::NotFound, "Media not found.")) Err(Error::BadRequest(ErrorKind::NotFound, "Media not found."))
@ -158,60 +299,169 @@ pub async fn get_content_as_filename_route(
/// ///
/// - Only allows federation if `allow_remote` is true /// - Only allows federation if `allow_remote` is true
pub async fn get_content_thumbnail_route( pub async fn get_content_thumbnail_route(
body: Ruma<get_content_thumbnail::v3::Request>, body: Ruma<media::get_content_thumbnail::v3::Request>,
) -> Result<get_content_thumbnail::v3::Response> { ) -> Result<media::get_content_thumbnail::v3::Response> {
let mxc = format!("mxc://{}/{}", body.server_name, body.media_id); let get_content_thumbnail::v1::Response { file, content_type } = get_content_thumbnail(
&body.server_name,
if let Some(FileMeta { body.media_id.clone(),
content_type, file, .. body.height,
}) = services() body.width,
.media body.method.clone(),
.get_thumbnail( body.animated,
mxc.clone(), body.allow_remote,
body.width
.try_into()
.map_err(|_| Error::BadRequest(ErrorKind::InvalidParam, "Width is invalid."))?,
body.height
.try_into()
.map_err(|_| Error::BadRequest(ErrorKind::InvalidParam, "Width is invalid."))?,
) )
.await? .await?;
{
Ok(get_content_thumbnail::v3::Response { Ok(media::get_content_thumbnail::v3::Response {
file, file,
content_type, content_type,
cross_origin_resource_policy: Some("cross-origin".to_owned()), cross_origin_resource_policy: Some("cross-origin".to_owned()),
}) })
} else if &*body.server_name != services().globals.server_name() && body.allow_remote { }
let get_thumbnail_response = services()
/// # `GET /_matrix/client/v1/media/thumbnail/{serverName}/{mediaId}`
///
/// Load media thumbnail from our server or over federation.
pub async fn get_content_thumbnail_auth_route(
body: Ruma<get_content_thumbnail::v1::Request>,
) -> Result<get_content_thumbnail::v1::Response> {
get_content_thumbnail(
&body.server_name,
body.media_id.clone(),
body.height,
body.width,
body.method.clone(),
body.animated,
true,
)
.await
}
async fn get_content_thumbnail(
server_name: &ServerName,
media_id: String,
height: UInt,
width: UInt,
method: Option<Method>,
animated: Option<bool>,
allow_remote: bool,
) -> Result<get_content_thumbnail::v1::Response, Error> {
let mxc = format!("mxc://{}/{}", server_name, media_id);
if let Ok(Some(FileMeta {
file, content_type, ..
})) = services()
.media
.get_thumbnail(
mxc.clone(),
width
.try_into()
.map_err(|_| Error::BadRequest(ErrorKind::InvalidParam, "Width is invalid."))?,
height
.try_into()
.map_err(|_| Error::BadRequest(ErrorKind::InvalidParam, "Height is invalid."))?,
)
.await
{
Ok(get_content_thumbnail::v1::Response { file, content_type })
} else if server_name != services().globals.server_name() && allow_remote {
let thumbnail_response = match services()
.sending .sending
.send_federation_request( .send_federation_request(
&body.server_name, server_name,
get_content_thumbnail::v3::Request { federation_media::get_content_thumbnail::v1::Request {
height,
width,
method: method.clone(),
media_id: media_id.clone(),
timeout_ms: Duration::from_secs(20),
animated,
},
)
.await
{
Ok(federation_media::get_content_thumbnail::v1::Response {
metadata: _,
content: FileOrLocation::File(content),
}) => get_content_thumbnail::v1::Response {
file: content.file,
content_type: content.content_type,
},
Ok(federation_media::get_content_thumbnail::v1::Response {
metadata: _,
content: FileOrLocation::Location(url),
}) => {
let get_content::v1::Response {
file, content_type, ..
} = get_location_content(url).await?;
get_content_thumbnail::v1::Response { file, content_type }
}
Err(Error::BadRequest(ErrorKind::Unrecognized, _)) => {
let media::get_content_thumbnail::v3::Response {
file, content_type, ..
} = services()
.sending
.send_federation_request(
server_name,
media::get_content_thumbnail::v3::Request {
height,
width,
method: method.clone(),
server_name: server_name.to_owned(),
media_id: media_id.clone(),
timeout_ms: Duration::from_secs(20),
allow_redirect: false,
animated,
allow_remote: false, allow_remote: false,
height: body.height,
width: body.width,
method: body.method.clone(),
server_name: body.server_name.clone(),
media_id: body.media_id.clone(),
}, },
) )
.await?; .await?;
get_content_thumbnail::v1::Response { file, content_type }
}
Err(e) => return Err(e),
};
services() services()
.media .media
.upload_thumbnail( .upload_thumbnail(
mxc, mxc,
None, thumbnail_response.content_type.as_deref(),
get_thumbnail_response.content_type.as_deref(), width.try_into().expect("all UInts are valid u32s"),
body.width.try_into().expect("all UInts are valid u32s"), height.try_into().expect("all UInts are valid u32s"),
body.height.try_into().expect("all UInts are valid u32s"), &thumbnail_response.file,
&get_thumbnail_response.file,
) )
.await?; .await?;
Ok(get_thumbnail_response) Ok(thumbnail_response)
} else { } else {
Err(Error::BadRequest(ErrorKind::NotFound, "Media not found.")) Err(Error::BadRequest(ErrorKind::NotFound, "Media not found."))
} }
} }
async fn get_location_content(url: String) -> Result<get_content::v1::Response, Error> {
let client = services().globals.default_client();
let response = client.get(url).send().await?;
let headers = response.headers();
let content_type = headers
.get(CONTENT_TYPE)
.and_then(|header| header.to_str().ok())
.map(ToOwned::to_owned);
let content_disposition = headers
.get(CONTENT_DISPOSITION)
.map(|header| header.as_bytes())
.map(TryFrom::try_from)
.and_then(Result::ok);
let file = response.bytes().await?.to_vec();
Ok(get_content::v1::Response {
file,
content_type,
content_disposition,
})
}

File diff suppressed because it is too large Load diff

View file

@ -1,10 +1,13 @@
use crate::{service::pdu::PduBuilder, services, utils, Error, Result, Ruma}; use crate::{
service::{pdu::PduBuilder, rooms::timeline::PduCount},
services, utils, Error, Result, Ruma,
};
use ruma::{ use ruma::{
api::client::{ api::client::{
error::ErrorKind, error::ErrorKind,
message::{get_message_events, send_message_event}, message::{get_message_events, send_message_event},
}, },
events::{RoomEventType, StateEventType}, events::{StateEventType, TimelineEventType},
}; };
use std::{ use std::{
collections::{BTreeMap, HashSet}, collections::{BTreeMap, HashSet},
@ -29,18 +32,18 @@ pub async fn send_message_event_route(
.globals .globals
.roomid_mutex_state .roomid_mutex_state
.write() .write()
.unwrap() .await
.entry(body.room_id.clone()) .entry(body.room_id.clone())
.or_default(), .or_default(),
); );
let state_lock = mutex_state.lock().await; let state_lock = mutex_state.lock().await;
// Forbid m.room.encrypted if encryption is disabled // Forbid m.room.encrypted if encryption is disabled
if RoomEventType::RoomEncrypted == body.event_type.to_string().into() if TimelineEventType::RoomEncrypted == body.event_type.to_string().into()
&& !services().globals.allow_encryption() && !services().globals.allow_encryption()
{ {
return Err(Error::BadRequest( return Err(Error::BadRequest(
ErrorKind::Forbidden, ErrorKind::forbidden(),
"Encryption has been disabled", "Encryption has been disabled",
)); ));
} }
@ -70,7 +73,10 @@ pub async fn send_message_event_route(
let mut unsigned = BTreeMap::new(); let mut unsigned = BTreeMap::new();
unsigned.insert("transaction_id".to_owned(), body.txn_id.to_string().into()); unsigned.insert("transaction_id".to_owned(), body.txn_id.to_string().into());
let event_id = services().rooms.timeline.build_and_append_pdu( let event_id = services()
.rooms
.timeline
.build_and_append_pdu(
PduBuilder { PduBuilder {
event_type: body.event_type.to_string().into(), event_type: body.event_type.to_string().into(),
content: serde_json::from_str(body.body.body.json().get()) content: serde_json::from_str(body.body.body.json().get())
@ -78,11 +84,17 @@ pub async fn send_message_event_route(
unsigned: Some(unsigned), unsigned: Some(unsigned),
state_key: None, state_key: None,
redacts: None, redacts: None,
timestamp: if body.appservice_info.is_some() {
body.timestamp
} else {
None
},
}, },
sender_user, sender_user,
&body.room_id, &body.room_id,
&state_lock, &state_lock,
)?; )
.await?;
services().transaction_ids.add_txnid( services().transaction_ids.add_txnid(
sender_user, sender_user,
@ -110,39 +122,26 @@ pub async fn get_message_events_route(
let sender_user = body.sender_user.as_ref().expect("user is authenticated"); let sender_user = body.sender_user.as_ref().expect("user is authenticated");
let sender_device = body.sender_device.as_ref().expect("user is authenticated"); let sender_device = body.sender_device.as_ref().expect("user is authenticated");
if !services()
.rooms
.state_cache
.is_joined(sender_user, &body.room_id)?
{
return Err(Error::BadRequest(
ErrorKind::Forbidden,
"You don't have permission to view this room.",
));
}
let from = match body.from.clone() { let from = match body.from.clone() {
Some(from) => from Some(from) => PduCount::try_from_string(&from)?,
.parse()
.map_err(|_| Error::BadRequest(ErrorKind::InvalidParam, "Invalid `from` value."))?,
None => match body.dir { None => match body.dir {
ruma::api::client::Direction::Forward => 0, ruma::api::Direction::Forward => PduCount::min(),
ruma::api::client::Direction::Backward => u64::MAX, ruma::api::Direction::Backward => PduCount::max(),
}, },
}; };
let to = body.to.as_ref().map(|t| t.parse()); let to = body
.to
.as_ref()
.and_then(|t| PduCount::try_from_string(t).ok());
services().rooms.lazy_loading.lazy_load_confirm_delivery( services()
sender_user, .rooms
sender_device, .lazy_loading
&body.room_id, .lazy_load_confirm_delivery(sender_user, sender_device, &body.room_id, from)
from, .await?;
)?;
// Use limit or else 10 let limit = u64::from(body.limit).min(100) as usize;
let limit = body.limit.try_into().map_or(10_usize, |l: u32| l as usize);
let next_token; let next_token;
@ -151,22 +150,21 @@ pub async fn get_message_events_route(
let mut lazy_loaded = HashSet::new(); let mut lazy_loaded = HashSet::new();
match body.dir { match body.dir {
ruma::api::client::Direction::Forward => { ruma::api::Direction::Forward => {
let events_after: Vec<_> = services() let events_after: Vec<_> = services()
.rooms .rooms
.timeline .timeline
.pdus_after(sender_user, &body.room_id, from)? .pdus_after(sender_user, &body.room_id, from)?
.take(limit) .take(limit)
.filter_map(|r| r.ok()) // Filter out buggy events .filter_map(|r| r.ok()) // Filter out buggy events
.filter_map(|(pdu_id, pdu)| { .filter(|(_, pdu)| {
services() services()
.rooms .rooms
.timeline .state_accessor
.pdu_count(&pdu_id) .user_can_see_event(sender_user, &body.room_id, &pdu.event_id)
.map(|pdu_count| (pdu_count, pdu)) .unwrap_or(false)
.ok()
}) })
.take_while(|&(k, _)| Some(Ok(k)) != to) // Stop at `to` .take_while(|&(k, _)| Some(k) != to) // Stop at `to`
.collect(); .collect();
for (_, event) in &events_after { for (_, event) in &events_after {
@ -192,26 +190,30 @@ pub async fn get_message_events_route(
.map(|(_, pdu)| pdu.to_room_event()) .map(|(_, pdu)| pdu.to_room_event())
.collect(); .collect();
resp.start = from.to_string(); resp.start = from.stringify();
resp.end = next_token.map(|count| count.to_string()); resp.end = next_token.map(|count| count.stringify());
resp.chunk = events_after; resp.chunk = events_after;
} }
ruma::api::client::Direction::Backward => { ruma::api::Direction::Backward => {
services()
.rooms
.timeline
.backfill_if_required(&body.room_id, from)
.await?;
let events_before: Vec<_> = services() let events_before: Vec<_> = services()
.rooms .rooms
.timeline .timeline
.pdus_until(sender_user, &body.room_id, from)? .pdus_until(sender_user, &body.room_id, from)?
.take(limit) .take(limit)
.filter_map(|r| r.ok()) // Filter out buggy events .filter_map(|r| r.ok()) // Filter out buggy events
.filter_map(|(pdu_id, pdu)| { .filter(|(_, pdu)| {
services() services()
.rooms .rooms
.timeline .state_accessor
.pdu_count(&pdu_id) .user_can_see_event(sender_user, &body.room_id, &pdu.event_id)
.map(|pdu_count| (pdu_count, pdu)) .unwrap_or(false)
.ok()
}) })
.take_while(|&(k, _)| Some(Ok(k)) != to) // Stop at `to` .take_while(|&(k, _)| Some(k) != to) // Stop at `to`
.collect(); .collect();
for (_, event) in &events_before { for (_, event) in &events_before {
@ -237,8 +239,8 @@ pub async fn get_message_events_route(
.map(|(_, pdu)| pdu.to_room_event()) .map(|(_, pdu)| pdu.to_room_event())
.collect(); .collect();
resp.start = from.to_string(); resp.start = from.stringify();
resp.end = next_token.map(|count| count.to_string()); resp.end = next_token.map(|count| count.stringify());
resp.chunk = events_before; resp.chunk = events_before;
} }
} }

View file

@ -11,24 +11,29 @@ mod keys;
mod media; mod media;
mod membership; mod membership;
mod message; mod message;
mod openid;
mod presence; mod presence;
mod profile; mod profile;
mod push; mod push;
mod read_marker; mod read_marker;
mod redact; mod redact;
mod relations;
mod report; mod report;
mod room; mod room;
mod search; mod search;
mod session; mod session;
mod space;
mod state; mod state;
mod sync; mod sync;
mod tag; mod tag;
mod thirdparty; mod thirdparty;
mod threads;
mod to_device; mod to_device;
mod typing; mod typing;
mod unversioned; mod unversioned;
mod user_directory; mod user_directory;
mod voip; mod voip;
mod well_known;
pub use account::*; pub use account::*;
pub use alias::*; pub use alias::*;
@ -43,24 +48,29 @@ pub use keys::*;
pub use media::*; pub use media::*;
pub use membership::*; pub use membership::*;
pub use message::*; pub use message::*;
pub use openid::*;
pub use presence::*; pub use presence::*;
pub use profile::*; pub use profile::*;
pub use push::*; pub use push::*;
pub use read_marker::*; pub use read_marker::*;
pub use redact::*; pub use redact::*;
pub use relations::*;
pub use report::*; pub use report::*;
pub use room::*; pub use room::*;
pub use search::*; pub use search::*;
pub use session::*; pub use session::*;
pub use space::*;
pub use state::*; pub use state::*;
pub use sync::*; pub use sync::*;
pub use tag::*; pub use tag::*;
pub use thirdparty::*; pub use thirdparty::*;
pub use threads::*;
pub use to_device::*; pub use to_device::*;
pub use typing::*; pub use typing::*;
pub use unversioned::*; pub use unversioned::*;
pub use user_directory::*; pub use user_directory::*;
pub use voip::*; pub use voip::*;
pub use well_known::*;
pub const DEVICE_ID_LENGTH: usize = 10; pub const DEVICE_ID_LENGTH: usize = 10;
pub const TOKEN_LENGTH: usize = 32; pub const TOKEN_LENGTH: usize = 32;

View file

@ -0,0 +1,23 @@
use std::time::Duration;
use ruma::{api::client::account, authentication::TokenType};
use crate::{services, Result, Ruma};
/// # `POST /_matrix/client/r0/user/{userId}/openid/request_token`
///
/// Request an OpenID token to verify identity with third-party services.
///
/// - The token generated is only valid for the OpenID API.
pub async fn create_openid_token_route(
body: Ruma<account::request_openid_token::v3::Request>,
) -> Result<account::request_openid_token::v3::Response> {
let (access_token, expires_in) = services().users.create_openid_token(&body.user_id)?;
Ok(account::request_openid_token::v3::Response {
access_token,
token_type: TokenType::Bearer,
matrix_server_name: services().globals.server_name().to_owned(),
expires_in: Duration::from_secs(expires_in),
})
}

View file

@ -1,5 +1,8 @@
use crate::{services, utils, Result, Ruma}; use crate::{services, utils, Error, Result, Ruma};
use ruma::api::client::presence::{get_presence, set_presence}; use ruma::api::client::{
error::ErrorKind,
presence::{get_presence, set_presence},
};
use std::time::Duration; use std::time::Duration;
/// # `PUT /_matrix/client/r0/presence/{userId}/status` /// # `PUT /_matrix/client/r0/presence/{userId}/status`
@ -79,6 +82,9 @@ pub async fn get_presence_route(
presence: presence.content.presence, presence: presence.content.presence,
}) })
} else { } else {
todo!(); Err(Error::BadRequest(
ErrorKind::NotFound,
"Presence state for this user was not found",
))
} }
} }

View file

@ -9,7 +9,7 @@ use ruma::{
}, },
federation::{self, query::get_profile_information::v1::ProfileField}, federation::{self, query::get_profile_information::v1::ProfileField},
}, },
events::{room::member::RoomMemberEventContent, RoomEventType, StateEventType}, events::{room::member::RoomMemberEventContent, StateEventType, TimelineEventType},
}; };
use serde_json::value::to_raw_value; use serde_json::value::to_raw_value;
use std::sync::Arc; use std::sync::Arc;
@ -37,9 +37,10 @@ pub async fn set_displayname_route(
.map(|room_id| { .map(|room_id| {
Ok::<_, Error>(( Ok::<_, Error>((
PduBuilder { PduBuilder {
event_type: RoomEventType::RoomMember, event_type: TimelineEventType::RoomMember,
content: to_raw_value(&RoomMemberEventContent { content: to_raw_value(&RoomMemberEventContent {
displayname: body.displayname.clone(), displayname: body.displayname.clone(),
join_authorized_via_users_server: None,
..serde_json::from_str( ..serde_json::from_str(
services() services()
.rooms .rooms
@ -64,6 +65,7 @@ pub async fn set_displayname_route(
unsigned: None, unsigned: None,
state_key: Some(sender_user.to_string()), state_key: Some(sender_user.to_string()),
redacts: None, redacts: None,
timestamp: None,
}, },
room_id, room_id,
)) ))
@ -77,18 +79,17 @@ pub async fn set_displayname_route(
.globals .globals
.roomid_mutex_state .roomid_mutex_state
.write() .write()
.unwrap() .await
.entry(room_id.clone()) .entry(room_id.clone())
.or_default(), .or_default(),
); );
let state_lock = mutex_state.lock().await; let state_lock = mutex_state.lock().await;
let _ = services().rooms.timeline.build_and_append_pdu( let _ = services()
pdu_builder, .rooms
sender_user, .timeline
&room_id, .build_and_append_pdu(pdu_builder, sender_user, &room_id, &state_lock)
&state_lock, .await;
);
// Presence update // Presence update
services().rooms.edus.presence.update_presence( services().rooms.edus.presence.update_presence(
@ -172,9 +173,10 @@ pub async fn set_avatar_url_route(
.map(|room_id| { .map(|room_id| {
Ok::<_, Error>(( Ok::<_, Error>((
PduBuilder { PduBuilder {
event_type: RoomEventType::RoomMember, event_type: TimelineEventType::RoomMember,
content: to_raw_value(&RoomMemberEventContent { content: to_raw_value(&RoomMemberEventContent {
avatar_url: body.avatar_url.clone(), avatar_url: body.avatar_url.clone(),
join_authorized_via_users_server: None,
..serde_json::from_str( ..serde_json::from_str(
services() services()
.rooms .rooms
@ -199,6 +201,7 @@ pub async fn set_avatar_url_route(
unsigned: None, unsigned: None,
state_key: Some(sender_user.to_string()), state_key: Some(sender_user.to_string()),
redacts: None, redacts: None,
timestamp: None,
}, },
room_id, room_id,
)) ))
@ -212,18 +215,17 @@ pub async fn set_avatar_url_route(
.globals .globals
.roomid_mutex_state .roomid_mutex_state
.write() .write()
.unwrap() .await
.entry(room_id.clone()) .entry(room_id.clone())
.or_default(), .or_default(),
); );
let state_lock = mutex_state.lock().await; let state_lock = mutex_state.lock().await;
let _ = services().rooms.timeline.build_and_append_pdu( let _ = services()
pdu_builder, .rooms
sender_user, .timeline
&room_id, .build_and_append_pdu(pdu_builder, sender_user, &room_id, &state_lock)
&state_lock, .await;
);
// Presence update // Presence update
services().rooms.edus.presence.update_presence( services().rooms.edus.presence.update_presence(

View file

@ -5,11 +5,11 @@ use ruma::{
push::{ push::{
delete_pushrule, get_pushers, get_pushrule, get_pushrule_actions, get_pushrule_enabled, delete_pushrule, get_pushers, get_pushrule, get_pushrule_actions, get_pushrule_enabled,
get_pushrules_all, set_pusher, set_pushrule, set_pushrule_actions, get_pushrules_all, set_pusher, set_pushrule, set_pushrule_actions,
set_pushrule_enabled, RuleKind, RuleScope, set_pushrule_enabled, RuleScope,
}, },
}, },
events::{push_rules::PushRulesEvent, GlobalAccountDataEventType}, events::{push_rules::PushRulesEvent, GlobalAccountDataEventType},
push::{ConditionalPushRuleInit, NewPushRule, PatternedPushRuleInit, SimplePushRuleInit}, push::{InsertPushRuleError, RemovePushRuleError},
}; };
/// # `GET /_matrix/client/r0/pushrules` /// # `GET /_matrix/client/r0/pushrules`
@ -65,30 +65,10 @@ pub async fn get_pushrule_route(
.map_err(|_| Error::bad_database("Invalid account data event in db."))? .map_err(|_| Error::bad_database("Invalid account data event in db."))?
.content; .content;
let global = account_data.global; let rule = account_data
let rule = match body.kind { .global
RuleKind::Override => global .get(body.kind.clone(), &body.rule_id)
.override_ .map(Into::into);
.get(body.rule_id.as_str())
.map(|rule| rule.clone().into()),
RuleKind::Underride => global
.underride
.get(body.rule_id.as_str())
.map(|rule| rule.clone().into()),
RuleKind::Sender => global
.sender
.get(body.rule_id.as_str())
.map(|rule| rule.clone().into()),
RuleKind::Room => global
.room
.get(body.rule_id.as_str())
.map(|rule| rule.clone().into()),
RuleKind::Content => global
.content
.get(body.rule_id.as_str())
.map(|rule| rule.clone().into()),
_ => None,
};
if let Some(rule) = rule { if let Some(rule) = rule {
Ok(get_pushrule::v3::Response { rule }) Ok(get_pushrule::v3::Response { rule })
@ -131,66 +111,36 @@ pub async fn set_pushrule_route(
let mut account_data = serde_json::from_str::<PushRulesEvent>(event.get()) let mut account_data = serde_json::from_str::<PushRulesEvent>(event.get())
.map_err(|_| Error::bad_database("Invalid account data event in db."))?; .map_err(|_| Error::bad_database("Invalid account data event in db."))?;
let global = &mut account_data.content.global; if let Err(error) = account_data.content.global.insert(
match body.rule { body.rule.clone(),
NewPushRule::Override(rule) => { body.after.as_deref(),
global.override_.replace( body.before.as_deref(),
ConditionalPushRuleInit { ) {
actions: rule.actions, let err = match error {
default: false, InsertPushRuleError::ServerDefaultRuleId => Error::BadRequest(
enabled: true, ErrorKind::InvalidParam,
rule_id: rule.rule_id, "Rule IDs starting with a dot are reserved for server-default rules.",
conditions: rule.conditions, ),
} InsertPushRuleError::InvalidRuleId => Error::BadRequest(
.into(), ErrorKind::InvalidParam,
); "Rule ID containing invalid characters.",
} ),
NewPushRule::Underride(rule) => { InsertPushRuleError::RelativeToServerDefaultRule => Error::BadRequest(
global.underride.replace( ErrorKind::InvalidParam,
ConditionalPushRuleInit { "Can't place a push rule relatively to a server-default rule.",
actions: rule.actions, ),
default: false, InsertPushRuleError::UnknownRuleId => Error::BadRequest(
enabled: true, ErrorKind::NotFound,
rule_id: rule.rule_id, "The before or after rule could not be found.",
conditions: rule.conditions, ),
} InsertPushRuleError::BeforeHigherThanAfter => Error::BadRequest(
.into(), ErrorKind::InvalidParam,
); "The before rule has a higher priority than the after rule.",
} ),
NewPushRule::Sender(rule) => { _ => Error::BadRequest(ErrorKind::InvalidParam, "Invalid data."),
global.sender.replace( };
SimplePushRuleInit {
actions: rule.actions, return Err(err);
default: false,
enabled: true,
rule_id: rule.rule_id,
}
.into(),
);
}
NewPushRule::Room(rule) => {
global.room.replace(
SimplePushRuleInit {
actions: rule.actions,
default: false,
enabled: true,
rule_id: rule.rule_id,
}
.into(),
);
}
NewPushRule::Content(rule) => {
global.content.replace(
PatternedPushRuleInit {
actions: rule.actions,
default: false,
enabled: true,
rule_id: rule.rule_id,
pattern: rule.pattern,
}
.into(),
);
}
} }
services().account_data.update( services().account_data.update(
@ -235,33 +185,15 @@ pub async fn get_pushrule_actions_route(
.content; .content;
let global = account_data.global; let global = account_data.global;
let actions = match body.kind { let actions = global
RuleKind::Override => global .get(body.kind.clone(), &body.rule_id)
.override_ .map(|rule| rule.actions().to_owned())
.get(body.rule_id.as_str()) .ok_or(Error::BadRequest(
.map(|rule| rule.actions.clone()), ErrorKind::NotFound,
RuleKind::Underride => global "Push rule not found.",
.underride ))?;
.get(body.rule_id.as_str())
.map(|rule| rule.actions.clone()),
RuleKind::Sender => global
.sender
.get(body.rule_id.as_str())
.map(|rule| rule.actions.clone()),
RuleKind::Room => global
.room
.get(body.rule_id.as_str())
.map(|rule| rule.actions.clone()),
RuleKind::Content => global
.content
.get(body.rule_id.as_str())
.map(|rule| rule.actions.clone()),
_ => None,
};
Ok(get_pushrule_actions::v3::Response { Ok(get_pushrule_actions::v3::Response { actions })
actions: actions.unwrap_or_default(),
})
} }
/// # `PUT /_matrix/client/r0/pushrules/{scope}/{kind}/{ruleId}/actions` /// # `PUT /_matrix/client/r0/pushrules/{scope}/{kind}/{ruleId}/actions`
@ -294,40 +226,17 @@ pub async fn set_pushrule_actions_route(
let mut account_data = serde_json::from_str::<PushRulesEvent>(event.get()) let mut account_data = serde_json::from_str::<PushRulesEvent>(event.get())
.map_err(|_| Error::bad_database("Invalid account data event in db."))?; .map_err(|_| Error::bad_database("Invalid account data event in db."))?;
let global = &mut account_data.content.global; if account_data
match body.kind { .content
RuleKind::Override => { .global
if let Some(mut rule) = global.override_.get(body.rule_id.as_str()).cloned() { .set_actions(body.kind.clone(), &body.rule_id, body.actions.clone())
rule.actions = body.actions.clone(); .is_err()
global.override_.replace(rule); {
return Err(Error::BadRequest(
ErrorKind::NotFound,
"Push rule not found.",
));
} }
}
RuleKind::Underride => {
if let Some(mut rule) = global.underride.get(body.rule_id.as_str()).cloned() {
rule.actions = body.actions.clone();
global.underride.replace(rule);
}
}
RuleKind::Sender => {
if let Some(mut rule) = global.sender.get(body.rule_id.as_str()).cloned() {
rule.actions = body.actions.clone();
global.sender.replace(rule);
}
}
RuleKind::Room => {
if let Some(mut rule) = global.room.get(body.rule_id.as_str()).cloned() {
rule.actions = body.actions.clone();
global.room.replace(rule);
}
}
RuleKind::Content => {
if let Some(mut rule) = global.content.get(body.rule_id.as_str()).cloned() {
rule.actions = body.actions.clone();
global.content.replace(rule);
}
}
_ => {}
};
services().account_data.update( services().account_data.update(
None, None,
@ -370,34 +279,13 @@ pub async fn get_pushrule_enabled_route(
.map_err(|_| Error::bad_database("Invalid account data event in db."))?; .map_err(|_| Error::bad_database("Invalid account data event in db."))?;
let global = account_data.content.global; let global = account_data.content.global;
let enabled = match body.kind { let enabled = global
RuleKind::Override => global .get(body.kind.clone(), &body.rule_id)
.override_ .map(|r| r.enabled())
.iter() .ok_or(Error::BadRequest(
.find(|rule| rule.rule_id == body.rule_id) ErrorKind::NotFound,
.map_or(false, |rule| rule.enabled), "Push rule not found.",
RuleKind::Underride => global ))?;
.underride
.iter()
.find(|rule| rule.rule_id == body.rule_id)
.map_or(false, |rule| rule.enabled),
RuleKind::Sender => global
.sender
.iter()
.find(|rule| rule.rule_id == body.rule_id)
.map_or(false, |rule| rule.enabled),
RuleKind::Room => global
.room
.iter()
.find(|rule| rule.rule_id == body.rule_id)
.map_or(false, |rule| rule.enabled),
RuleKind::Content => global
.content
.iter()
.find(|rule| rule.rule_id == body.rule_id)
.map_or(false, |rule| rule.enabled),
_ => false,
};
Ok(get_pushrule_enabled::v3::Response { enabled }) Ok(get_pushrule_enabled::v3::Response { enabled })
} }
@ -432,44 +320,16 @@ pub async fn set_pushrule_enabled_route(
let mut account_data = serde_json::from_str::<PushRulesEvent>(event.get()) let mut account_data = serde_json::from_str::<PushRulesEvent>(event.get())
.map_err(|_| Error::bad_database("Invalid account data event in db."))?; .map_err(|_| Error::bad_database("Invalid account data event in db."))?;
let global = &mut account_data.content.global; if account_data
match body.kind { .content
RuleKind::Override => { .global
if let Some(mut rule) = global.override_.get(body.rule_id.as_str()).cloned() { .set_enabled(body.kind.clone(), &body.rule_id, body.enabled)
global.override_.remove(&rule); .is_err()
rule.enabled = body.enabled; {
global.override_.insert(rule); return Err(Error::BadRequest(
} ErrorKind::NotFound,
} "Push rule not found.",
RuleKind::Underride => { ));
if let Some(mut rule) = global.underride.get(body.rule_id.as_str()).cloned() {
global.underride.remove(&rule);
rule.enabled = body.enabled;
global.underride.insert(rule);
}
}
RuleKind::Sender => {
if let Some(mut rule) = global.sender.get(body.rule_id.as_str()).cloned() {
global.sender.remove(&rule);
rule.enabled = body.enabled;
global.sender.insert(rule);
}
}
RuleKind::Room => {
if let Some(mut rule) = global.room.get(body.rule_id.as_str()).cloned() {
global.room.remove(&rule);
rule.enabled = body.enabled;
global.room.insert(rule);
}
}
RuleKind::Content => {
if let Some(mut rule) = global.content.get(body.rule_id.as_str()).cloned() {
global.content.remove(&rule);
rule.enabled = body.enabled;
global.content.insert(rule);
}
}
_ => {}
} }
services().account_data.update( services().account_data.update(
@ -512,34 +372,23 @@ pub async fn delete_pushrule_route(
let mut account_data = serde_json::from_str::<PushRulesEvent>(event.get()) let mut account_data = serde_json::from_str::<PushRulesEvent>(event.get())
.map_err(|_| Error::bad_database("Invalid account data event in db."))?; .map_err(|_| Error::bad_database("Invalid account data event in db."))?;
let global = &mut account_data.content.global; if let Err(error) = account_data
match body.kind { .content
RuleKind::Override => { .global
if let Some(rule) = global.override_.get(body.rule_id.as_str()).cloned() { .remove(body.kind.clone(), &body.rule_id)
global.override_.remove(&rule); {
let err = match error {
RemovePushRuleError::ServerDefault => Error::BadRequest(
ErrorKind::InvalidParam,
"Cannot delete a server-default pushrule.",
),
RemovePushRuleError::NotFound => {
Error::BadRequest(ErrorKind::NotFound, "Push rule not found.")
} }
} _ => Error::BadRequest(ErrorKind::InvalidParam, "Invalid data."),
RuleKind::Underride => { };
if let Some(rule) = global.underride.get(body.rule_id.as_str()).cloned() {
global.underride.remove(&rule); return Err(err);
}
}
RuleKind::Sender => {
if let Some(rule) = global.sender.get(body.rule_id.as_str()).cloned() {
global.sender.remove(&rule);
}
}
RuleKind::Room => {
if let Some(rule) = global.room.get(body.rule_id.as_str()).cloned() {
global.room.remove(&rule);
}
}
RuleKind::Content => {
if let Some(rule) = global.content.get(body.rule_id.as_str()).cloned() {
global.content.remove(&rule);
}
}
_ => {}
} }
services().account_data.update( services().account_data.update(

View file

@ -1,4 +1,4 @@
use crate::{services, Error, Result, Ruma}; use crate::{service::rooms::timeline::PduCount, services, Error, Result, Ruma};
use ruma::{ use ruma::{
api::client::{error::ErrorKind, read_marker::set_read_marker, receipt::create_receipt}, api::client::{error::ErrorKind, read_marker::set_read_marker, receipt::create_receipt},
events::{ events::{
@ -42,18 +42,28 @@ pub async fn set_read_marker_route(
} }
if let Some(event) = &body.private_read_receipt { if let Some(event) = &body.private_read_receipt {
services().rooms.edus.read_receipt.private_read_set( let count = services()
&body.room_id,
sender_user,
services()
.rooms .rooms
.timeline .timeline
.get_pdu_count(event)? .get_pdu_count(event)?
.ok_or(Error::BadRequest( .ok_or(Error::BadRequest(
ErrorKind::InvalidParam, ErrorKind::InvalidParam,
"Event does not exist.", "Event does not exist.",
))?, ))?;
)?; let count = match count {
PduCount::Backfilled(_) => {
return Err(Error::BadRequest(
ErrorKind::InvalidParam,
"Read receipt is in backfilled timeline",
))
}
PduCount::Normal(c) => c,
};
services()
.rooms
.edus
.read_receipt
.private_read_set(&body.room_id, sender_user, count)?;
} }
if let Some(event) = &body.read_receipt { if let Some(event) = &body.read_receipt {
@ -142,17 +152,27 @@ pub async fn create_receipt_route(
)?; )?;
} }
create_receipt::v3::ReceiptType::ReadPrivate => { create_receipt::v3::ReceiptType::ReadPrivate => {
services().rooms.edus.read_receipt.private_read_set( let count = services()
&body.room_id,
sender_user,
services()
.rooms .rooms
.timeline .timeline
.get_pdu_count(&body.event_id)? .get_pdu_count(&body.event_id)?
.ok_or(Error::BadRequest( .ok_or(Error::BadRequest(
ErrorKind::InvalidParam, ErrorKind::InvalidParam,
"Event does not exist.", "Event does not exist.",
))?, ))?;
let count = match count {
PduCount::Backfilled(_) => {
return Err(Error::BadRequest(
ErrorKind::InvalidParam,
"Read receipt is in backfilled timeline",
))
}
PduCount::Normal(c) => c,
};
services().rooms.edus.read_receipt.private_read_set(
&body.room_id,
sender_user,
count,
)?; )?;
} }
_ => return Err(Error::bad_database("Unsupported receipt type")), _ => return Err(Error::bad_database("Unsupported receipt type")),

View file

@ -3,7 +3,7 @@ use std::sync::Arc;
use crate::{service::pdu::PduBuilder, services, Result, Ruma}; use crate::{service::pdu::PduBuilder, services, Result, Ruma};
use ruma::{ use ruma::{
api::client::redact::redact_event, api::client::redact::redact_event,
events::{room::redaction::RoomRedactionEventContent, RoomEventType}, events::{room::redaction::RoomRedactionEventContent, TimelineEventType},
}; };
use serde_json::value::to_raw_value; use serde_json::value::to_raw_value;
@ -24,27 +24,33 @@ pub async fn redact_event_route(
.globals .globals
.roomid_mutex_state .roomid_mutex_state
.write() .write()
.unwrap() .await
.entry(body.room_id.clone()) .entry(body.room_id.clone())
.or_default(), .or_default(),
); );
let state_lock = mutex_state.lock().await; let state_lock = mutex_state.lock().await;
let event_id = services().rooms.timeline.build_and_append_pdu( let event_id = services()
.rooms
.timeline
.build_and_append_pdu(
PduBuilder { PduBuilder {
event_type: RoomEventType::RoomRedaction, event_type: TimelineEventType::RoomRedaction,
content: to_raw_value(&RoomRedactionEventContent { content: to_raw_value(&RoomRedactionEventContent {
redacts: Some(body.event_id.clone()),
reason: body.reason.clone(), reason: body.reason.clone(),
}) })
.expect("event is valid, we just created it"), .expect("event is valid, we just created it"),
unsigned: None, unsigned: None,
state_key: None, state_key: None,
redacts: Some(body.event_id.into()), redacts: Some(body.event_id.into()),
timestamp: None,
}, },
sender_user, sender_user,
&body.room_id, &body.room_id,
&state_lock, &state_lock,
)?; )
.await?;
drop(state_lock); drop(state_lock);

View file

@ -0,0 +1,91 @@
use ruma::api::client::relations::{
get_relating_events, get_relating_events_with_rel_type,
get_relating_events_with_rel_type_and_event_type,
};
use crate::{services, Result, Ruma};
/// # `GET /_matrix/client/r0/rooms/{roomId}/relations/{eventId}/{relType}/{eventType}`
pub async fn get_relating_events_with_rel_type_and_event_type_route(
body: Ruma<get_relating_events_with_rel_type_and_event_type::v1::Request>,
) -> Result<get_relating_events_with_rel_type_and_event_type::v1::Response> {
let sender_user = body.sender_user.as_ref().expect("user is authenticated");
let res = services()
.rooms
.pdu_metadata
.paginate_relations_with_filter(
sender_user,
&body.room_id,
&body.event_id,
Some(body.event_type.clone()),
Some(body.rel_type.clone()),
body.from.clone(),
body.to.clone(),
body.limit,
body.recurse,
&body.dir,
)?;
Ok(
get_relating_events_with_rel_type_and_event_type::v1::Response {
chunk: res.chunk,
next_batch: res.next_batch,
prev_batch: res.prev_batch,
recursion_depth: res.recursion_depth,
},
)
}
/// # `GET /_matrix/client/r0/rooms/{roomId}/relations/{eventId}/{relType}`
pub async fn get_relating_events_with_rel_type_route(
body: Ruma<get_relating_events_with_rel_type::v1::Request>,
) -> Result<get_relating_events_with_rel_type::v1::Response> {
let sender_user = body.sender_user.as_ref().expect("user is authenticated");
let res = services()
.rooms
.pdu_metadata
.paginate_relations_with_filter(
sender_user,
&body.room_id,
&body.event_id,
None,
Some(body.rel_type.clone()),
body.from.clone(),
body.to.clone(),
body.limit,
body.recurse,
&body.dir,
)?;
Ok(get_relating_events_with_rel_type::v1::Response {
chunk: res.chunk,
next_batch: res.next_batch,
prev_batch: res.prev_batch,
recursion_depth: res.recursion_depth,
})
}
/// # `GET /_matrix/client/r0/rooms/{roomId}/relations/{eventId}`
pub async fn get_relating_events_route(
body: Ruma<get_relating_events::v1::Request>,
) -> Result<get_relating_events::v1::Response> {
let sender_user = body.sender_user.as_ref().expect("user is authenticated");
services()
.rooms
.pdu_metadata
.paginate_relations_with_filter(
sender_user,
&body.room_id,
&body.event_id,
None,
None,
body.from.clone(),
body.to.clone(),
body.limit,
body.recurse,
&body.dir,
)
}

View file

@ -19,11 +19,11 @@ use ruma::{
tombstone::RoomTombstoneEventContent, tombstone::RoomTombstoneEventContent,
topic::RoomTopicEventContent, topic::RoomTopicEventContent,
}, },
RoomEventType, StateEventType, StateEventType, TimelineEventType,
}, },
int, int,
serde::JsonObject, serde::JsonObject,
CanonicalJsonObject, OwnedRoomAliasId, RoomAliasId, RoomId, CanonicalJsonObject, OwnedRoomAliasId, RoomAliasId, RoomId, RoomVersionId,
}; };
use serde_json::{json, value::to_raw_value}; use serde_json::{json, value::to_raw_value};
use std::{cmp::max, collections::BTreeMap, sync::Arc}; use std::{cmp::max, collections::BTreeMap, sync::Arc};
@ -61,18 +61,18 @@ pub async fn create_room_route(
.globals .globals
.roomid_mutex_state .roomid_mutex_state
.write() .write()
.unwrap() .await
.entry(room_id.clone()) .entry(room_id.clone())
.or_default(), .or_default(),
); );
let state_lock = mutex_state.lock().await; let state_lock = mutex_state.lock().await;
if !services().globals.allow_room_creation() if !services().globals.allow_room_creation()
&& !body.from_appservice && body.appservice_info.is_none()
&& !services().users.is_admin(sender_user)? && !services().users.is_admin(sender_user)?
{ {
return Err(Error::BadRequest( return Err(Error::BadRequest(
ErrorKind::Forbidden, ErrorKind::forbidden(),
"Room creation has been disabled.", "Room creation has been disabled.",
)); ));
} }
@ -104,6 +104,22 @@ pub async fn create_room_route(
} }
})?; })?;
if let Some(ref alias) = alias {
if let Some(ref info) = body.appservice_info {
if !info.aliases.is_match(alias.as_str()) {
return Err(Error::BadRequest(
ErrorKind::Exclusive,
"Room alias is not in namespace.",
));
}
} else if services().appservice.is_exclusive_alias(alias).await {
return Err(Error::BadRequest(
ErrorKind::Exclusive,
"Room alias reserved by appservice.",
));
}
}
let room_version = match body.room_version.clone() { let room_version = match body.room_version.clone() {
Some(room_version) => { Some(room_version) => {
if services() if services()
@ -127,12 +143,29 @@ pub async fn create_room_route(
let mut content = content let mut content = content
.deserialize_as::<CanonicalJsonObject>() .deserialize_as::<CanonicalJsonObject>()
.expect("Invalid creation content"); .expect("Invalid creation content");
match room_version {
RoomVersionId::V1
| RoomVersionId::V2
| RoomVersionId::V3
| RoomVersionId::V4
| RoomVersionId::V5
| RoomVersionId::V6
| RoomVersionId::V7
| RoomVersionId::V8
| RoomVersionId::V9
| RoomVersionId::V10 => {
content.insert( content.insert(
"creator".into(), "creator".into(),
json!(&sender_user).try_into().map_err(|_| { json!(&sender_user).try_into().map_err(|_| {
Error::BadRequest(ErrorKind::BadJson, "Invalid creation content") Error::BadRequest(ErrorKind::BadJson, "Invalid creation content")
})?, })?,
); );
}
RoomVersionId::V11 => {} // V11 removed the "creator" key
_ => unreachable!("Validity of room version already checked"),
}
content.insert( content.insert(
"room_version".into(), "room_version".into(),
json!(room_version.as_str()).try_into().map_err(|_| { json!(room_version.as_str()).try_into().map_err(|_| {
@ -142,8 +175,22 @@ pub async fn create_room_route(
content content
} }
None => { None => {
let content = match room_version {
RoomVersionId::V1
| RoomVersionId::V2
| RoomVersionId::V3
| RoomVersionId::V4
| RoomVersionId::V5
| RoomVersionId::V6
| RoomVersionId::V7
| RoomVersionId::V8
| RoomVersionId::V9
| RoomVersionId::V10 => RoomCreateEventContent::new_v1(sender_user.clone()),
RoomVersionId::V11 => RoomCreateEventContent::new_v11(),
_ => unreachable!("Validity of room version already checked"),
};
let mut content = serde_json::from_str::<CanonicalJsonObject>( let mut content = serde_json::from_str::<CanonicalJsonObject>(
to_raw_value(&RoomCreateEventContent::new(sender_user.clone())) to_raw_value(&content)
.map_err(|_| Error::BadRequest(ErrorKind::BadJson, "Invalid creation content"))? .map_err(|_| Error::BadRequest(ErrorKind::BadJson, "Invalid creation content"))?
.get(), .get(),
) )
@ -173,23 +220,31 @@ pub async fn create_room_route(
} }
// 1. The room create event // 1. The room create event
services().rooms.timeline.build_and_append_pdu( services()
.rooms
.timeline
.build_and_append_pdu(
PduBuilder { PduBuilder {
event_type: RoomEventType::RoomCreate, event_type: TimelineEventType::RoomCreate,
content: to_raw_value(&content).expect("event is valid, we just created it"), content: to_raw_value(&content).expect("event is valid, we just created it"),
unsigned: None, unsigned: None,
state_key: Some("".to_owned()), state_key: Some("".to_owned()),
redacts: None, redacts: None,
timestamp: None,
}, },
sender_user, sender_user,
&room_id, &room_id,
&state_lock, &state_lock,
)?; )
.await?;
// 2. Let the room creator join // 2. Let the room creator join
services().rooms.timeline.build_and_append_pdu( services()
.rooms
.timeline
.build_and_append_pdu(
PduBuilder { PduBuilder {
event_type: RoomEventType::RoomMember, event_type: TimelineEventType::RoomMember,
content: to_raw_value(&RoomMemberEventContent { content: to_raw_value(&RoomMemberEventContent {
membership: MembershipState::Join, membership: MembershipState::Join,
displayname: services().users.displayname(sender_user)?, displayname: services().users.displayname(sender_user)?,
@ -204,11 +259,13 @@ pub async fn create_room_route(
unsigned: None, unsigned: None,
state_key: Some(sender_user.to_string()), state_key: Some(sender_user.to_string()),
redacts: None, redacts: None,
timestamp: None,
}, },
sender_user, sender_user,
&room_id, &room_id,
&state_lock, &state_lock,
)?; )
.await?;
// 3. Power levels // 3. Power levels
@ -245,25 +302,33 @@ pub async fn create_room_route(
} }
} }
services().rooms.timeline.build_and_append_pdu( services()
.rooms
.timeline
.build_and_append_pdu(
PduBuilder { PduBuilder {
event_type: RoomEventType::RoomPowerLevels, event_type: TimelineEventType::RoomPowerLevels,
content: to_raw_value(&power_levels_content) content: to_raw_value(&power_levels_content)
.expect("to_raw_value always works on serde_json::Value"), .expect("to_raw_value always works on serde_json::Value"),
unsigned: None, unsigned: None,
state_key: Some("".to_owned()), state_key: Some("".to_owned()),
redacts: None, redacts: None,
timestamp: None,
}, },
sender_user, sender_user,
&room_id, &room_id,
&state_lock, &state_lock,
)?; )
.await?;
// 4. Canonical room alias // 4. Canonical room alias
if let Some(room_alias_id) = &alias { if let Some(room_alias_id) = &alias {
services().rooms.timeline.build_and_append_pdu( services()
.rooms
.timeline
.build_and_append_pdu(
PduBuilder { PduBuilder {
event_type: RoomEventType::RoomCanonicalAlias, event_type: TimelineEventType::RoomCanonicalAlias,
content: to_raw_value(&RoomCanonicalAliasEventContent { content: to_raw_value(&RoomCanonicalAliasEventContent {
alias: Some(room_alias_id.to_owned()), alias: Some(room_alias_id.to_owned()),
alt_aliases: vec![], alt_aliases: vec![],
@ -272,19 +337,24 @@ pub async fn create_room_route(
unsigned: None, unsigned: None,
state_key: Some("".to_owned()), state_key: Some("".to_owned()),
redacts: None, redacts: None,
timestamp: None,
}, },
sender_user, sender_user,
&room_id, &room_id,
&state_lock, &state_lock,
)?; )
.await?;
} }
// 5. Events set by preset // 5. Events set by preset
// 5.1 Join Rules // 5.1 Join Rules
services().rooms.timeline.build_and_append_pdu( services()
.rooms
.timeline
.build_and_append_pdu(
PduBuilder { PduBuilder {
event_type: RoomEventType::RoomJoinRules, event_type: TimelineEventType::RoomJoinRules,
content: to_raw_value(&RoomJoinRulesEventContent::new(match preset { content: to_raw_value(&RoomJoinRulesEventContent::new(match preset {
RoomPreset::PublicChat => JoinRule::Public, RoomPreset::PublicChat => JoinRule::Public,
// according to spec "invite" is the default // according to spec "invite" is the default
@ -294,16 +364,21 @@ pub async fn create_room_route(
unsigned: None, unsigned: None,
state_key: Some("".to_owned()), state_key: Some("".to_owned()),
redacts: None, redacts: None,
timestamp: None,
}, },
sender_user, sender_user,
&room_id, &room_id,
&state_lock, &state_lock,
)?; )
.await?;
// 5.2 History Visibility // 5.2 History Visibility
services().rooms.timeline.build_and_append_pdu( services()
.rooms
.timeline
.build_and_append_pdu(
PduBuilder { PduBuilder {
event_type: RoomEventType::RoomHistoryVisibility, event_type: TimelineEventType::RoomHistoryVisibility,
content: to_raw_value(&RoomHistoryVisibilityEventContent::new( content: to_raw_value(&RoomHistoryVisibilityEventContent::new(
HistoryVisibility::Shared, HistoryVisibility::Shared,
)) ))
@ -311,16 +386,21 @@ pub async fn create_room_route(
unsigned: None, unsigned: None,
state_key: Some("".to_owned()), state_key: Some("".to_owned()),
redacts: None, redacts: None,
timestamp: None,
}, },
sender_user, sender_user,
&room_id, &room_id,
&state_lock, &state_lock,
)?; )
.await?;
// 5.3 Guest Access // 5.3 Guest Access
services().rooms.timeline.build_and_append_pdu( services()
.rooms
.timeline
.build_and_append_pdu(
PduBuilder { PduBuilder {
event_type: RoomEventType::RoomGuestAccess, event_type: TimelineEventType::RoomGuestAccess,
content: to_raw_value(&RoomGuestAccessEventContent::new(match preset { content: to_raw_value(&RoomGuestAccessEventContent::new(match preset {
RoomPreset::PublicChat => GuestAccess::Forbidden, RoomPreset::PublicChat => GuestAccess::Forbidden,
_ => GuestAccess::CanJoin, _ => GuestAccess::CanJoin,
@ -329,11 +409,13 @@ pub async fn create_room_route(
unsigned: None, unsigned: None,
state_key: Some("".to_owned()), state_key: Some("".to_owned()),
redacts: None, redacts: None,
timestamp: None,
}, },
sender_user, sender_user,
&room_id, &room_id,
&state_lock, &state_lock,
)?; )
.await?;
// 6. Events listed in initial_state // 6. Events listed in initial_state
for event in &body.initial_state { for event in &body.initial_state {
@ -346,41 +428,48 @@ pub async fn create_room_route(
pdu_builder.state_key.get_or_insert_with(|| "".to_owned()); pdu_builder.state_key.get_or_insert_with(|| "".to_owned());
// Silently skip encryption events if they are not allowed // Silently skip encryption events if they are not allowed
if pdu_builder.event_type == RoomEventType::RoomEncryption if pdu_builder.event_type == TimelineEventType::RoomEncryption
&& !services().globals.allow_encryption() && !services().globals.allow_encryption()
{ {
continue; continue;
} }
services().rooms.timeline.build_and_append_pdu( services()
pdu_builder, .rooms
sender_user, .timeline
&room_id, .build_and_append_pdu(pdu_builder, sender_user, &room_id, &state_lock)
&state_lock, .await?;
)?;
} }
// 7. Events implied by name and topic // 7. Events implied by name and topic
if let Some(name) = &body.name { if let Some(name) = &body.name {
services().rooms.timeline.build_and_append_pdu( services()
.rooms
.timeline
.build_and_append_pdu(
PduBuilder { PduBuilder {
event_type: RoomEventType::RoomName, event_type: TimelineEventType::RoomName,
content: to_raw_value(&RoomNameEventContent::new(Some(name.clone()))) content: to_raw_value(&RoomNameEventContent::new(name.clone()))
.expect("event is valid, we just created it"), .expect("event is valid, we just created it"),
unsigned: None, unsigned: None,
state_key: Some("".to_owned()), state_key: Some("".to_owned()),
redacts: None, redacts: None,
timestamp: None,
}, },
sender_user, sender_user,
&room_id, &room_id,
&state_lock, &state_lock,
)?; )
.await?;
} }
if let Some(topic) = &body.topic { if let Some(topic) = &body.topic {
services().rooms.timeline.build_and_append_pdu( services()
.rooms
.timeline
.build_and_append_pdu(
PduBuilder { PduBuilder {
event_type: RoomEventType::RoomTopic, event_type: TimelineEventType::RoomTopic,
content: to_raw_value(&RoomTopicEventContent { content: to_raw_value(&RoomTopicEventContent {
topic: topic.clone(), topic: topic.clone(),
}) })
@ -388,11 +477,13 @@ pub async fn create_room_route(
unsigned: None, unsigned: None,
state_key: Some("".to_owned()), state_key: Some("".to_owned()),
redacts: None, redacts: None,
timestamp: None,
}, },
sender_user, sender_user,
&room_id, &room_id,
&state_lock, &state_lock,
)?; )
.await?;
} }
// 8. Events implied by invite (and TODO: invite_3pid) // 8. Events implied by invite (and TODO: invite_3pid)
@ -403,7 +494,10 @@ pub async fn create_room_route(
// Homeserver specific stuff // Homeserver specific stuff
if let Some(alias) = alias { if let Some(alias) = alias {
services().rooms.alias.set_alias(&alias, &room_id)?; services()
.rooms
.alias
.set_alias(&alias, &room_id, sender_user)?;
} }
if body.visibility == room::Visibility::Public { if body.visibility == room::Visibility::Public {
@ -425,24 +519,31 @@ pub async fn get_room_event_route(
) -> Result<get_room_event::v3::Response> { ) -> Result<get_room_event::v3::Response> {
let sender_user = body.sender_user.as_ref().expect("user is authenticated"); let sender_user = body.sender_user.as_ref().expect("user is authenticated");
if !services() let event = services()
.rooms
.state_cache
.is_joined(sender_user, &body.room_id)?
{
return Err(Error::BadRequest(
ErrorKind::Forbidden,
"You don't have permission to view this room.",
));
}
Ok(get_room_event::v3::Response {
event: services()
.rooms .rooms
.timeline .timeline
.get_pdu(&body.event_id)? .get_pdu(&body.event_id)?
.ok_or(Error::BadRequest(ErrorKind::NotFound, "Event not found."))? .ok_or_else(|| {
.to_room_event(), warn!("Event not found, event ID: {:?}", &body.event_id);
Error::BadRequest(ErrorKind::NotFound, "Event not found.")
})?;
if !services().rooms.state_accessor.user_can_see_event(
sender_user,
&event.room_id,
&body.event_id,
)? {
return Err(Error::BadRequest(
ErrorKind::forbidden(),
"You don't have permission to view this event.",
));
}
let mut event = (*event).clone();
event.add_age()?;
Ok(get_room_event::v3::Response {
event: event.to_room_event(),
}) })
} }
@ -462,7 +563,7 @@ pub async fn get_room_aliases_route(
.is_joined(sender_user, &body.room_id)? .is_joined(sender_user, &body.room_id)?
{ {
return Err(Error::BadRequest( return Err(Error::BadRequest(
ErrorKind::Forbidden, ErrorKind::forbidden(),
"You don't have permission to view this room.", "You don't have permission to view this room.",
)); ));
} }
@ -515,7 +616,7 @@ pub async fn upgrade_room_route(
.globals .globals
.roomid_mutex_state .roomid_mutex_state
.write() .write()
.unwrap() .await
.entry(body.room_id.clone()) .entry(body.room_id.clone())
.or_default(), .or_default(),
); );
@ -523,9 +624,12 @@ pub async fn upgrade_room_route(
// Send a m.room.tombstone event to the old room to indicate that it is not intended to be used any further // Send a m.room.tombstone event to the old room to indicate that it is not intended to be used any further
// Fail if the sender does not have the required permissions // Fail if the sender does not have the required permissions
let tombstone_event_id = services().rooms.timeline.build_and_append_pdu( let tombstone_event_id = services()
.rooms
.timeline
.build_and_append_pdu(
PduBuilder { PduBuilder {
event_type: RoomEventType::RoomTombstone, event_type: TimelineEventType::RoomTombstone,
content: to_raw_value(&RoomTombstoneEventContent { content: to_raw_value(&RoomTombstoneEventContent {
body: "This room has been replaced".to_owned(), body: "This room has been replaced".to_owned(),
replacement_room: replacement_room.clone(), replacement_room: replacement_room.clone(),
@ -534,11 +638,13 @@ pub async fn upgrade_room_route(
unsigned: None, unsigned: None,
state_key: Some("".to_owned()), state_key: Some("".to_owned()),
redacts: None, redacts: None,
timestamp: None,
}, },
sender_user, sender_user,
&body.room_id, &body.room_id,
&state_lock, &state_lock,
)?; )
.await?;
// Change lock to replacement room // Change lock to replacement room
drop(state_lock); drop(state_lock);
@ -547,7 +653,7 @@ pub async fn upgrade_room_route(
.globals .globals
.roomid_mutex_state .roomid_mutex_state
.write() .write()
.unwrap() .await
.entry(replacement_room.clone()) .entry(replacement_room.clone())
.or_default(), .or_default(),
); );
@ -572,12 +678,30 @@ pub async fn upgrade_room_route(
)); ));
// Send a m.room.create event containing a predecessor field and the applicable room_version // Send a m.room.create event containing a predecessor field and the applicable room_version
match body.new_version {
RoomVersionId::V1
| RoomVersionId::V2
| RoomVersionId::V3
| RoomVersionId::V4
| RoomVersionId::V5
| RoomVersionId::V6
| RoomVersionId::V7
| RoomVersionId::V8
| RoomVersionId::V9
| RoomVersionId::V10 => {
create_event_content.insert( create_event_content.insert(
"creator".into(), "creator".into(),
json!(&sender_user) json!(&sender_user).try_into().map_err(|_| {
.try_into() Error::BadRequest(ErrorKind::BadJson, "Error forming creation event")
.map_err(|_| Error::BadRequest(ErrorKind::BadJson, "Error forming creation event"))?, })?,
); );
}
RoomVersionId::V11 => {
// "creator" key no longer exists in V11 rooms
create_event_content.remove("creator");
}
_ => unreachable!("Validity of room version already checked"),
}
create_event_content.insert( create_event_content.insert(
"room_version".into(), "room_version".into(),
json!(&body.new_version) json!(&body.new_version)
@ -605,24 +729,32 @@ pub async fn upgrade_room_route(
)); ));
} }
services().rooms.timeline.build_and_append_pdu( services()
.rooms
.timeline
.build_and_append_pdu(
PduBuilder { PduBuilder {
event_type: RoomEventType::RoomCreate, event_type: TimelineEventType::RoomCreate,
content: to_raw_value(&create_event_content) content: to_raw_value(&create_event_content)
.expect("event is valid, we just created it"), .expect("event is valid, we just created it"),
unsigned: None, unsigned: None,
state_key: Some("".to_owned()), state_key: Some("".to_owned()),
redacts: None, redacts: None,
timestamp: None,
}, },
sender_user, sender_user,
&replacement_room, &replacement_room,
&state_lock, &state_lock,
)?; )
.await?;
// Join the new room // Join the new room
services().rooms.timeline.build_and_append_pdu( services()
.rooms
.timeline
.build_and_append_pdu(
PduBuilder { PduBuilder {
event_type: RoomEventType::RoomMember, event_type: TimelineEventType::RoomMember,
content: to_raw_value(&RoomMemberEventContent { content: to_raw_value(&RoomMemberEventContent {
membership: MembershipState::Join, membership: MembershipState::Join,
displayname: services().users.displayname(sender_user)?, displayname: services().users.displayname(sender_user)?,
@ -637,11 +769,13 @@ pub async fn upgrade_room_route(
unsigned: None, unsigned: None,
state_key: Some(sender_user.to_string()), state_key: Some(sender_user.to_string()),
redacts: None, redacts: None,
timestamp: None,
}, },
sender_user, sender_user,
&replacement_room, &replacement_room,
&state_lock, &state_lock,
)?; )
.await?;
// Recommended transferable state events list from the specs // Recommended transferable state events list from the specs
let transferable_state_events = vec![ let transferable_state_events = vec![
@ -668,18 +802,23 @@ pub async fn upgrade_room_route(
None => continue, // Skipping missing events. None => continue, // Skipping missing events.
}; };
services().rooms.timeline.build_and_append_pdu( services()
.rooms
.timeline
.build_and_append_pdu(
PduBuilder { PduBuilder {
event_type: event_type.to_string().into(), event_type: event_type.to_string().into(),
content: event_content, content: event_content,
unsigned: None, unsigned: None,
state_key: Some("".to_owned()), state_key: Some("".to_owned()),
redacts: None, redacts: None,
timestamp: None,
}, },
sender_user, sender_user,
&replacement_room, &replacement_room,
&state_lock, &state_lock,
)?; )
.await?;
} }
// Moves any local aliases to the new room // Moves any local aliases to the new room
@ -692,7 +831,7 @@ pub async fn upgrade_room_route(
services() services()
.rooms .rooms
.alias .alias
.set_alias(&alias, &replacement_room)?; .set_alias(&alias, &replacement_room, sender_user)?;
} }
// Get the old room power levels // Get the old room power levels
@ -713,19 +852,24 @@ pub async fn upgrade_room_route(
power_levels_event_content.invite = new_level; power_levels_event_content.invite = new_level;
// Modify the power levels in the old room to prevent sending of events and inviting new users // Modify the power levels in the old room to prevent sending of events and inviting new users
let _ = services().rooms.timeline.build_and_append_pdu( let _ = services()
.rooms
.timeline
.build_and_append_pdu(
PduBuilder { PduBuilder {
event_type: RoomEventType::RoomPowerLevels, event_type: TimelineEventType::RoomPowerLevels,
content: to_raw_value(&power_levels_event_content) content: to_raw_value(&power_levels_event_content)
.expect("event is valid, we just created it"), .expect("event is valid, we just created it"),
unsigned: None, unsigned: None,
state_key: Some("".to_owned()), state_key: Some("".to_owned()),
redacts: None, redacts: None,
timestamp: None,
}, },
sender_user, sender_user,
&body.room_id, &body.room_id,
&state_lock, &state_lock,
)?; )
.await?;
drop(state_lock); drop(state_lock);

View file

@ -31,7 +31,8 @@ pub async fn search_events_route(
.collect() .collect()
}); });
let limit = filter.limit.map_or(10, |l| u64::from(l) as usize); // Use limit or else 10, with maximum 100
let limit = filter.limit.map_or(10, u64::from).min(100) as usize;
let mut searches = Vec::new(); let mut searches = Vec::new();
@ -42,7 +43,7 @@ pub async fn search_events_route(
.is_joined(sender_user, &room_id)? .is_joined(sender_user, &room_id)?
{ {
return Err(Error::BadRequest( return Err(Error::BadRequest(
ErrorKind::Forbidden, ErrorKind::forbidden(),
"You don't have permission to view this room.", "You don't have permission to view this room.",
)); ));
} }
@ -81,6 +82,22 @@ pub async fn search_events_route(
let results: Vec<_> = results let results: Vec<_> = results
.iter() .iter()
.filter_map(|result| {
services()
.rooms
.timeline
.get_pdu_from_id(result)
.ok()?
.filter(|pdu| {
!pdu.is_redacted()
&& services()
.rooms
.state_accessor
.user_can_see_event(sender_user, &pdu.room_id, &pdu.event_id)
.unwrap_or(false)
})
.map(|pdu| pdu.to_room_event())
})
.map(|result| { .map(|result| {
Ok::<_, Error>(SearchResult { Ok::<_, Error>(SearchResult {
context: EventContextResult { context: EventContextResult {
@ -91,11 +108,7 @@ pub async fn search_events_route(
start: None, start: None,
}, },
rank: None, rank: None,
result: services() result: Some(result),
.rooms
.timeline
.get_pdu_from_id(result)?
.map(|pdu| pdu.to_room_event()),
}) })
}) })
.filter_map(|r| r.ok()) .filter_map(|r| r.ok())

View file

@ -9,7 +9,7 @@ use ruma::{
UserId, UserId,
}; };
use serde::Deserialize; use serde::Deserialize;
use tracing::info; use tracing::{info, warn};
#[derive(Debug, Deserialize)] #[derive(Debug, Deserialize)]
struct Claims { struct Claims {
@ -26,6 +26,7 @@ pub async fn get_login_types_route(
) -> Result<get_login_types::v3::Response> { ) -> Result<get_login_types::v3::Response> {
Ok(get_login_types::v3::Response::new(vec![ Ok(get_login_types::v3::Response::new(vec![
get_login_types::v3::LoginType::Password(Default::default()), get_login_types::v3::LoginType::Password(Default::default()),
get_login_types::v3::LoginType::ApplicationService(Default::default()),
])) ]))
} }
@ -41,28 +42,43 @@ pub async fn get_login_types_route(
/// Note: You can use [`GET /_matrix/client/r0/login`](fn.get_supported_versions_route.html) to see /// Note: You can use [`GET /_matrix/client/r0/login`](fn.get_supported_versions_route.html) to see
/// supported login types. /// supported login types.
pub async fn login_route(body: Ruma<login::v3::Request>) -> Result<login::v3::Response> { pub async fn login_route(body: Ruma<login::v3::Request>) -> Result<login::v3::Response> {
// To allow deprecated login methods
#![allow(deprecated)]
// Validate login method // Validate login method
// TODO: Other login methods // TODO: Other login methods
let user_id = match &body.login_info { let user_id = match &body.login_info {
login::v3::LoginInfo::Password(login::v3::Password { login::v3::LoginInfo::Password(login::v3::Password {
identifier, identifier,
password, password,
user,
address: _,
medium: _,
}) => { }) => {
let username = if let UserIdentifier::UserIdOrLocalpart(user_id) = identifier { let user_id = if let Some(UserIdentifier::UserIdOrLocalpart(user_id)) = identifier {
user_id.to_lowercase() UserId::parse_with_server_name(
user_id.to_lowercase(),
services().globals.server_name(),
)
} else if let Some(user) = user {
UserId::parse(user)
} else { } else {
return Err(Error::BadRequest(ErrorKind::Forbidden, "Bad login type.")); warn!("Bad login type: {:?}", &body.login_info);
}; return Err(Error::BadRequest(ErrorKind::forbidden(), "Bad login type."));
let user_id = }
UserId::parse_with_server_name(username, services().globals.server_name()) .map_err(|_| Error::BadRequest(ErrorKind::InvalidUsername, "Username is invalid."))?;
.map_err(|_| {
Error::BadRequest(ErrorKind::InvalidUsername, "Username is invalid.") if services().appservice.is_exclusive_user_id(&user_id).await {
})?; return Err(Error::BadRequest(
ErrorKind::Exclusive,
"User id reserved by appservice.",
));
}
let hash = services() let hash = services()
.users .users
.password_hash(&user_id)? .password_hash(&user_id)?
.ok_or(Error::BadRequest( .ok_or(Error::BadRequest(
ErrorKind::Forbidden, ErrorKind::forbidden(),
"Wrong username or password.", "Wrong username or password.",
))?; ))?;
@ -77,7 +93,7 @@ pub async fn login_route(body: Ruma<login::v3::Request>) -> Result<login::v3::Re
if !hash_matches { if !hash_matches {
return Err(Error::BadRequest( return Err(Error::BadRequest(
ErrorKind::Forbidden, ErrorKind::forbidden(),
"Wrong username or password.", "Wrong username or password.",
)); ));
} }
@ -93,9 +109,20 @@ pub async fn login_route(body: Ruma<login::v3::Request>) -> Result<login::v3::Re
) )
.map_err(|_| Error::BadRequest(ErrorKind::InvalidUsername, "Token is invalid."))?; .map_err(|_| Error::BadRequest(ErrorKind::InvalidUsername, "Token is invalid."))?;
let username = token.claims.sub.to_lowercase(); let username = token.claims.sub.to_lowercase();
UserId::parse_with_server_name(username, services().globals.server_name()).map_err( let user_id =
|_| Error::BadRequest(ErrorKind::InvalidUsername, "Username is invalid."), UserId::parse_with_server_name(username, services().globals.server_name())
)? .map_err(|_| {
Error::BadRequest(ErrorKind::InvalidUsername, "Username is invalid.")
})?;
if services().appservice.is_exclusive_user_id(&user_id).await {
return Err(Error::BadRequest(
ErrorKind::Exclusive,
"User id reserved by appservice.",
));
}
user_id
} else { } else {
return Err(Error::BadRequest( return Err(Error::BadRequest(
ErrorKind::Unknown, ErrorKind::Unknown,
@ -103,7 +130,41 @@ pub async fn login_route(body: Ruma<login::v3::Request>) -> Result<login::v3::Re
)); ));
} }
} }
login::v3::LoginInfo::ApplicationService(login::v3::ApplicationService {
identifier,
user,
}) => {
let user_id = if let Some(UserIdentifier::UserIdOrLocalpart(user_id)) = identifier {
UserId::parse_with_server_name(
user_id.to_lowercase(),
services().globals.server_name(),
)
} else if let Some(user) = user {
UserId::parse(user)
} else {
warn!("Bad login type: {:?}", &body.login_info);
return Err(Error::BadRequest(ErrorKind::forbidden(), "Bad login type."));
}
.map_err(|_| Error::BadRequest(ErrorKind::InvalidUsername, "Username is invalid."))?;
if let Some(ref info) = body.appservice_info {
if !info.is_user_match(&user_id) {
return Err(Error::BadRequest(
ErrorKind::Exclusive,
"User is not in namespace.",
));
}
} else {
return Err(Error::BadRequest(
ErrorKind::MissingToken,
"Missing appservice token.",
));
}
user_id
}
_ => { _ => {
warn!("Unsupported or unknown login type: {:?}", &body.login_info);
return Err(Error::BadRequest( return Err(Error::BadRequest(
ErrorKind::Unknown, ErrorKind::Unknown,
"Unsupported login type.", "Unsupported login type.",
@ -141,6 +202,8 @@ pub async fn login_route(body: Ruma<login::v3::Request>) -> Result<login::v3::Re
info!("{} logged in", user_id); info!("{} logged in", user_id);
// Homeservers are still required to send the `home_server` field
#[allow(deprecated)]
Ok(login::v3::Response { Ok(login::v3::Response {
user_id, user_id,
access_token: token, access_token: token,
@ -164,6 +227,15 @@ pub async fn logout_route(body: Ruma<logout::v3::Request>) -> Result<logout::v3:
let sender_user = body.sender_user.as_ref().expect("user is authenticated"); let sender_user = body.sender_user.as_ref().expect("user is authenticated");
let sender_device = body.sender_device.as_ref().expect("user is authenticated"); let sender_device = body.sender_device.as_ref().expect("user is authenticated");
if let Some(ref info) = body.appservice_info {
if !info.is_user_match(sender_user) {
return Err(Error::BadRequest(
ErrorKind::Exclusive,
"User is not in namespace.",
));
}
}
services().users.remove_device(sender_user, sender_device)?; services().users.remove_device(sender_user, sender_device)?;
Ok(logout::v3::Response::new()) Ok(logout::v3::Response::new())
@ -185,6 +257,20 @@ pub async fn logout_all_route(
) -> Result<logout_all::v3::Response> { ) -> Result<logout_all::v3::Response> {
let sender_user = body.sender_user.as_ref().expect("user is authenticated"); let sender_user = body.sender_user.as_ref().expect("user is authenticated");
if let Some(ref info) = body.appservice_info {
if !info.is_user_match(sender_user) {
return Err(Error::BadRequest(
ErrorKind::Exclusive,
"User is not in namespace.",
));
}
} else {
return Err(Error::BadRequest(
ErrorKind::MissingToken,
"Missing appservice token.",
));
}
for device_id in services().users.all_device_ids(sender_user).flatten() { for device_id in services().users.all_device_ids(sender_user).flatten() {
services().users.remove_device(sender_user, &device_id)?; services().users.remove_device(sender_user, &device_id)?;
} }

View file

@ -0,0 +1,34 @@
use crate::{services, Result, Ruma};
use ruma::api::client::space::get_hierarchy;
/// # `GET /_matrix/client/v1/rooms/{room_id}/hierarchy``
///
/// Paginates over the space tree in a depth-first manner to locate child rooms of a given space.
pub async fn get_hierarchy_route(
body: Ruma<get_hierarchy::v1::Request>,
) -> Result<get_hierarchy::v1::Response> {
let sender_user = body.sender_user.as_ref().expect("user is authenticated");
let skip = body
.from
.as_ref()
.and_then(|s| s.parse::<usize>().ok())
.unwrap_or(0);
let limit = body.limit.map_or(10, u64::from).min(100) as usize;
let max_depth = body.max_depth.map_or(3, u64::from).min(10) as usize + 1; // +1 to skip the space room itself
services()
.rooms
.spaces
.get_hierarchy(
sender_user,
&body.room_id,
limit,
skip,
max_depth,
body.suggested_only,
)
.await
}

View file

@ -7,15 +7,12 @@ use ruma::{
state::{get_state_events, get_state_events_for_key, send_state_event}, state::{get_state_events, get_state_events_for_key, send_state_event},
}, },
events::{ events::{
room::{ room::canonical_alias::RoomCanonicalAliasEventContent, AnyStateEventContent, StateEventType,
canonical_alias::RoomCanonicalAliasEventContent,
history_visibility::{HistoryVisibility, RoomHistoryVisibilityEventContent},
},
AnyStateEventContent, StateEventType,
}, },
serde::Raw, serde::Raw,
EventId, RoomId, UserId, EventId, MilliSecondsSinceUnixEpoch, RoomId, UserId,
}; };
use tracing::log::warn;
/// # `PUT /_matrix/client/r0/rooms/{roomId}/state/{eventType}/{stateKey}` /// # `PUT /_matrix/client/r0/rooms/{roomId}/state/{eventType}/{stateKey}`
/// ///
@ -35,6 +32,11 @@ pub async fn send_state_event_for_key_route(
&body.event_type, &body.event_type,
&body.body.body, // Yes, I hate it too &body.body.body, // Yes, I hate it too
body.state_key.to_owned(), body.state_key.to_owned(),
if body.appservice_info.is_some() {
body.timestamp
} else {
None
},
) )
.await?; .await?;
@ -57,7 +59,7 @@ pub async fn send_state_event_for_empty_key_route(
// Forbid m.room.encryption if encryption is disabled // Forbid m.room.encryption if encryption is disabled
if body.event_type == StateEventType::RoomEncryption && !services().globals.allow_encryption() { if body.event_type == StateEventType::RoomEncryption && !services().globals.allow_encryption() {
return Err(Error::BadRequest( return Err(Error::BadRequest(
ErrorKind::Forbidden, ErrorKind::forbidden(),
"Encryption has been disabled", "Encryption has been disabled",
)); ));
} }
@ -68,6 +70,11 @@ pub async fn send_state_event_for_empty_key_route(
&body.event_type.to_string().into(), &body.event_type.to_string().into(),
&body.body.body, &body.body.body,
body.state_key.to_owned(), body.state_key.to_owned(),
if body.appservice_info.is_some() {
body.timestamp
} else {
None
},
) )
.await?; .await?;
@ -85,32 +92,13 @@ pub async fn get_state_events_route(
) -> Result<get_state_events::v3::Response> { ) -> Result<get_state_events::v3::Response> {
let sender_user = body.sender_user.as_ref().expect("user is authenticated"); let sender_user = body.sender_user.as_ref().expect("user is authenticated");
#[allow(clippy::blocks_in_if_conditions)]
// Users not in the room should not be able to access the state unless history_visibility is
// WorldReadable
if !services() if !services()
.rooms
.state_cache
.is_joined(sender_user, &body.room_id)?
&& !matches!(
services()
.rooms .rooms
.state_accessor .state_accessor
.room_state_get(&body.room_id, &StateEventType::RoomHistoryVisibility, "")? .user_can_see_state_events(sender_user, &body.room_id)?
.map(|event| {
serde_json::from_str(event.content.get())
.map(|e: RoomHistoryVisibilityEventContent| e.history_visibility)
.map_err(|_| {
Error::bad_database(
"Invalid room history visibility event in database.",
)
})
}),
Some(Ok(HistoryVisibility::WorldReadable))
)
{ {
return Err(Error::BadRequest( return Err(Error::BadRequest(
ErrorKind::Forbidden, ErrorKind::forbidden(),
"You don't have permission to view the room state.", "You don't have permission to view the room state.",
)); ));
} }
@ -137,32 +125,13 @@ pub async fn get_state_events_for_key_route(
) -> Result<get_state_events_for_key::v3::Response> { ) -> Result<get_state_events_for_key::v3::Response> {
let sender_user = body.sender_user.as_ref().expect("user is authenticated"); let sender_user = body.sender_user.as_ref().expect("user is authenticated");
#[allow(clippy::blocks_in_if_conditions)]
// Users not in the room should not be able to access the state unless history_visibility is
// WorldReadable
if !services() if !services()
.rooms
.state_cache
.is_joined(sender_user, &body.room_id)?
&& !matches!(
services()
.rooms .rooms
.state_accessor .state_accessor
.room_state_get(&body.room_id, &StateEventType::RoomHistoryVisibility, "")? .user_can_see_state_events(sender_user, &body.room_id)?
.map(|event| {
serde_json::from_str(event.content.get())
.map(|e: RoomHistoryVisibilityEventContent| e.history_visibility)
.map_err(|_| {
Error::bad_database(
"Invalid room history visibility event in database.",
)
})
}),
Some(Ok(HistoryVisibility::WorldReadable))
)
{ {
return Err(Error::BadRequest( return Err(Error::BadRequest(
ErrorKind::Forbidden, ErrorKind::forbidden(),
"You don't have permission to view the room state.", "You don't have permission to view the room state.",
)); ));
} }
@ -171,10 +140,13 @@ pub async fn get_state_events_for_key_route(
.rooms .rooms
.state_accessor .state_accessor
.room_state_get(&body.room_id, &body.event_type, &body.state_key)? .room_state_get(&body.room_id, &body.event_type, &body.state_key)?
.ok_or(Error::BadRequest( .ok_or_else(|| {
ErrorKind::NotFound, warn!(
"State event not found.", "State event {:?} not found in room {:?}",
))?; &body.event_type, &body.room_id
);
Error::BadRequest(ErrorKind::NotFound, "State event not found.")
})?;
Ok(get_state_events_for_key::v3::Response { Ok(get_state_events_for_key::v3::Response {
content: serde_json::from_str(event.content.get()) content: serde_json::from_str(event.content.get())
@ -192,32 +164,13 @@ pub async fn get_state_events_for_empty_key_route(
) -> Result<RumaResponse<get_state_events_for_key::v3::Response>> { ) -> Result<RumaResponse<get_state_events_for_key::v3::Response>> {
let sender_user = body.sender_user.as_ref().expect("user is authenticated"); let sender_user = body.sender_user.as_ref().expect("user is authenticated");
#[allow(clippy::blocks_in_if_conditions)]
// Users not in the room should not be able to access the state unless history_visibility is
// WorldReadable
if !services() if !services()
.rooms
.state_cache
.is_joined(sender_user, &body.room_id)?
&& !matches!(
services()
.rooms .rooms
.state_accessor .state_accessor
.room_state_get(&body.room_id, &StateEventType::RoomHistoryVisibility, "")? .user_can_see_state_events(sender_user, &body.room_id)?
.map(|event| {
serde_json::from_str(event.content.get())
.map(|e: RoomHistoryVisibilityEventContent| e.history_visibility)
.map_err(|_| {
Error::bad_database(
"Invalid room history visibility event in database.",
)
})
}),
Some(Ok(HistoryVisibility::WorldReadable))
)
{ {
return Err(Error::BadRequest( return Err(Error::BadRequest(
ErrorKind::Forbidden, ErrorKind::forbidden(),
"You don't have permission to view the room state.", "You don't have permission to view the room state.",
)); ));
} }
@ -226,10 +179,13 @@ pub async fn get_state_events_for_empty_key_route(
.rooms .rooms
.state_accessor .state_accessor
.room_state_get(&body.room_id, &body.event_type, "")? .room_state_get(&body.room_id, &body.event_type, "")?
.ok_or(Error::BadRequest( .ok_or_else(|| {
ErrorKind::NotFound, warn!(
"State event not found.", "State event {:?} not found in room {:?}",
))?; &body.event_type, &body.room_id
);
Error::BadRequest(ErrorKind::NotFound, "State event not found.")
})?;
Ok(get_state_events_for_key::v3::Response { Ok(get_state_events_for_key::v3::Response {
content: serde_json::from_str(event.content.get()) content: serde_json::from_str(event.content.get())
@ -244,6 +200,7 @@ async fn send_state_event_for_key_helper(
event_type: &StateEventType, event_type: &StateEventType,
json: &Raw<AnyStateEventContent>, json: &Raw<AnyStateEventContent>,
state_key: String, state_key: String,
timestamp: Option<MilliSecondsSinceUnixEpoch>,
) -> Result<Arc<EventId>> { ) -> Result<Arc<EventId>> {
let sender_user = sender; let sender_user = sender;
@ -268,7 +225,7 @@ async fn send_state_event_for_key_helper(
.is_none() .is_none()
{ {
return Err(Error::BadRequest( return Err(Error::BadRequest(
ErrorKind::Forbidden, ErrorKind::forbidden(),
"You are only allowed to send canonical_alias \ "You are only allowed to send canonical_alias \
events when it's aliases already exists", events when it's aliases already exists",
)); ));
@ -281,24 +238,29 @@ async fn send_state_event_for_key_helper(
.globals .globals
.roomid_mutex_state .roomid_mutex_state
.write() .write()
.unwrap() .await
.entry(room_id.to_owned()) .entry(room_id.to_owned())
.or_default(), .or_default(),
); );
let state_lock = mutex_state.lock().await; let state_lock = mutex_state.lock().await;
let event_id = services().rooms.timeline.build_and_append_pdu( let event_id = services()
.rooms
.timeline
.build_and_append_pdu(
PduBuilder { PduBuilder {
event_type: event_type.to_string().into(), event_type: event_type.to_string().into(),
content: serde_json::from_str(json.json().get()).expect("content is valid json"), content: serde_json::from_str(json.json().get()).expect("content is valid json"),
unsigned: None, unsigned: None,
state_key: Some(state_key), state_key: Some(state_key),
redacts: None, redacts: None,
timestamp,
}, },
sender_user, sender_user,
room_id, room_id,
&state_lock, &state_lock,
)?; )
.await?;
Ok(event_id) Ok(event_id)
} }

File diff suppressed because it is too large Load diff

View file

@ -0,0 +1,49 @@
use ruma::api::client::{error::ErrorKind, threads::get_threads};
use crate::{services, Error, Result, Ruma};
/// # `GET /_matrix/client/r0/rooms/{roomId}/threads`
pub async fn get_threads_route(
body: Ruma<get_threads::v1::Request>,
) -> Result<get_threads::v1::Response> {
let sender_user = body.sender_user.as_ref().expect("user is authenticated");
// Use limit or else 10, with maximum 100
let limit = body
.limit
.and_then(|l| l.try_into().ok())
.unwrap_or(10)
.min(100);
let from = if let Some(from) = &body.from {
from.parse()
.map_err(|_| Error::BadRequest(ErrorKind::InvalidParam, ""))?
} else {
u64::MAX
};
let threads = services()
.rooms
.threads
.threads_until(sender_user, &body.room_id, from, &body.include)?
.take(limit)
.filter_map(|r| r.ok())
.filter(|(_, pdu)| {
services()
.rooms
.state_accessor
.user_can_see_event(sender_user, &body.room_id, &pdu.event_id)
.unwrap_or(false)
})
.collect::<Vec<_>>();
let next_batch = threads.last().map(|(count, _)| count.to_string());
Ok(get_threads::v1::Response {
chunk: threads
.into_iter()
.map(|(_, pdu)| pdu.to_room_event())
.collect(),
next_batch,
})
}

View file

@ -1,4 +1,3 @@
use ruma::events::ToDeviceEventType;
use std::collections::BTreeMap; use std::collections::BTreeMap;
use crate::{services, Error, Result, Ruma}; use crate::{services, Error, Result, Ruma};
@ -42,7 +41,7 @@ pub async fn send_event_to_device_route(
serde_json::to_vec(&federation::transactions::edu::Edu::DirectToDevice( serde_json::to_vec(&federation::transactions::edu::Edu::DirectToDevice(
DirectDeviceContent { DirectDeviceContent {
sender: sender_user.clone(), sender: sender_user.clone(),
ev_type: ToDeviceEventType::from(&*body.event_type), ev_type: body.event_type.clone(),
message_id: count.to_string().into(), message_id: count.to_string().into(),
messages, messages,
}, },
@ -60,7 +59,7 @@ pub async fn send_event_to_device_route(
sender_user, sender_user,
target_user_id, target_user_id,
target_device_id, target_device_id,
&body.event_type, &body.event_type.to_string(),
event.deserialize_as().map_err(|_| { event.deserialize_as().map_err(|_| {
Error::BadRequest(ErrorKind::InvalidParam, "Event is invalid") Error::BadRequest(ErrorKind::InvalidParam, "Event is invalid")
})?, })?,
@ -73,7 +72,7 @@ pub async fn send_event_to_device_route(
sender_user, sender_user,
target_user_id, target_user_id,
&target_device_id?, &target_device_id?,
&body.event_type, &body.event_type.to_string(),
event.deserialize_as().map_err(|_| { event.deserialize_as().map_err(|_| {
Error::BadRequest(ErrorKind::InvalidParam, "Event is invalid") Error::BadRequest(ErrorKind::InvalidParam, "Event is invalid")
})?, })?,

View file

@ -17,23 +17,29 @@ pub async fn create_typing_event_route(
.is_joined(sender_user, &body.room_id)? .is_joined(sender_user, &body.room_id)?
{ {
return Err(Error::BadRequest( return Err(Error::BadRequest(
ErrorKind::Forbidden, ErrorKind::forbidden(),
"You are not in this room.", "You are not in this room.",
)); ));
} }
if let Typing::Yes(duration) = body.state { if let Typing::Yes(duration) = body.state {
services().rooms.edus.typing.typing_add( services()
.rooms
.edus
.typing
.typing_add(
sender_user, sender_user,
&body.room_id, &body.room_id,
duration.as_millis() as u64 + utils::millis_since_unix_epoch(), duration.as_millis() as u64 + utils::millis_since_unix_epoch(),
)?; )
.await?;
} else { } else {
services() services()
.rooms .rooms
.edus .edus
.typing .typing
.typing_remove(sender_user, &body.room_id)?; .typing_remove(sender_user, &body.room_id)
.await?;
} }
Ok(create_typing_event::v3::Response {}) Ok(create_typing_event::v3::Response {})

View file

@ -23,8 +23,14 @@ pub async fn get_supported_versions_route(
"r0.6.0".to_owned(), "r0.6.0".to_owned(),
"v1.1".to_owned(), "v1.1".to_owned(),
"v1.2".to_owned(), "v1.2".to_owned(),
"v1.3".to_owned(),
"v1.4".to_owned(),
"v1.5".to_owned(),
], ],
unstable_features: BTreeMap::from_iter([("org.matrix.e2e_cross_signing".to_owned(), true)]), unstable_features: BTreeMap::from_iter([
("org.matrix.e2e_cross_signing".to_owned(), true),
("org.matrix.msc3916.stable".to_owned(), true),
]),
}; };
Ok(resp) Ok(resp)

View file

@ -48,6 +48,9 @@ pub async fn search_users_route(
return None; return None;
} }
// It's a matching user, but is the sender allowed to see them?
let mut user_visible = false;
let user_is_in_public_rooms = services() let user_is_in_public_rooms = services()
.rooms .rooms
.state_cache .state_cache
@ -69,9 +72,8 @@ pub async fn search_users_route(
}); });
if user_is_in_public_rooms { if user_is_in_public_rooms {
return Some(user); user_visible = true;
} } else {
let user_is_in_shared_rooms = services() let user_is_in_shared_rooms = services()
.rooms .rooms
.user .user
@ -81,10 +83,15 @@ pub async fn search_users_route(
.is_some(); .is_some();
if user_is_in_shared_rooms { if user_is_in_shared_rooms {
return Some(user); user_visible = true;
}
} }
None if !user_visible {
return None;
}
Some(user)
}); });
let results = users.by_ref().take(limit).collect(); let results = users.by_ref().take(limit).collect();

View file

@ -1,4 +1,5 @@
use crate::{services, Result, Ruma}; use crate::{services, Result, Ruma};
use base64::{engine::general_purpose, Engine as _};
use hmac::{Hmac, Mac}; use hmac::{Hmac, Mac};
use ruma::{api::client::voip::get_turn_server_info, SecondsSinceUnixEpoch}; use ruma::{api::client::voip::get_turn_server_info, SecondsSinceUnixEpoch};
use sha1::Sha1; use sha1::Sha1;
@ -28,7 +29,7 @@ pub async fn turn_server_route(
.expect("HMAC can take key of any size"); .expect("HMAC can take key of any size");
mac.update(username.as_bytes()); mac.update(username.as_bytes());
let password: String = base64::encode_config(mac.finalize().into_bytes(), base64::STANDARD); let password: String = general_purpose::STANDARD.encode(mac.finalize().into_bytes());
(username, password) (username, password)
} else { } else {

View file

@ -0,0 +1,22 @@
use ruma::api::client::discovery::discover_homeserver::{
self, HomeserverInfo, SlidingSyncProxyInfo,
};
use crate::{services, Result, Ruma};
/// # `GET /.well-known/matrix/client`
///
/// Returns the client server discovery information.
pub async fn well_known_client(
_body: Ruma<discover_homeserver::Request>,
) -> Result<discover_homeserver::Response> {
let client_url = services().globals.well_known_client();
Ok(discover_homeserver::Response {
homeserver: HomeserverInfo {
base_url: client_url.clone(),
},
identity_server: None,
sliding_sync_proxy: Some(SlidingSyncProxyInfo { url: client_url }),
})
}

View file

@ -2,52 +2,72 @@ use std::{collections::BTreeMap, iter::FromIterator, str};
use axum::{ use axum::{
async_trait, async_trait,
body::{Full, HttpBody}, body::Body,
extract::{ extract::{FromRequest, Path},
rejection::TypedHeaderRejectionReason, FromRequest, Path, RequestParts, TypedHeader,
},
headers::{
authorization::{Bearer, Credentials},
Authorization,
},
response::{IntoResponse, Response}, response::{IntoResponse, Response},
BoxError, RequestExt, RequestPartsExt,
}; };
use bytes::{BufMut, Bytes, BytesMut}; use axum_extra::{
use http::StatusCode; headers::{authorization::Bearer, Authorization},
typed_header::TypedHeaderRejectionReason,
TypedHeader,
};
use bytes::{BufMut, BytesMut};
use http::{Request, StatusCode};
use ruma::{ use ruma::{
api::{client::error::ErrorKind, AuthScheme, IncomingRequest, OutgoingResponse}, api::{client::error::ErrorKind, AuthScheme, IncomingRequest, OutgoingResponse},
CanonicalJsonValue, OwnedDeviceId, OwnedServerName, UserId, server_util::authorization::XMatrix,
CanonicalJsonValue, MilliSecondsSinceUnixEpoch, OwnedDeviceId, OwnedUserId, UserId,
}; };
use serde::Deserialize; use serde::Deserialize;
use tracing::{debug, error, warn}; use tracing::{debug, error, warn};
use super::{Ruma, RumaResponse}; use super::{Ruma, RumaResponse};
use crate::{services, Error, Result}; use crate::{service::appservice::RegistrationInfo, services, Error, Result};
enum Token {
Appservice(Box<RegistrationInfo>),
User((OwnedUserId, OwnedDeviceId)),
Invalid,
None,
}
#[async_trait] #[async_trait]
impl<T, B> FromRequest<B> for Ruma<T> impl<T, S> FromRequest<S> for Ruma<T>
where where
T: IncomingRequest, T: IncomingRequest,
B: HttpBody + Send,
B::Data: Send,
B::Error: Into<BoxError>,
{ {
type Rejection = Error; type Rejection = Error;
async fn from_request(req: &mut RequestParts<B>) -> Result<Self, Self::Rejection> { async fn from_request(req: Request<Body>, _state: &S) -> Result<Self, Self::Rejection> {
#[derive(Deserialize)] #[derive(Deserialize)]
struct QueryParams { struct QueryParams {
access_token: Option<String>, access_token: Option<String>,
user_id: Option<String>, user_id: Option<String>,
} }
let metadata = T::METADATA; let (mut parts, mut body) = {
let auth_header = Option::<TypedHeader<Authorization<Bearer>>>::from_request(req).await?; let limited_req = req.with_limited_body();
let path_params = Path::<Vec<String>>::from_request(req).await?; let (parts, body) = limited_req.into_parts();
let body = axum::body::to_bytes(
body,
services()
.globals
.max_request_size()
.try_into()
.unwrap_or(usize::MAX),
)
.await
.map_err(|_| Error::BadRequest(ErrorKind::MissingToken, "Missing token."))?;
(parts, body)
};
let query = req.uri().query().unwrap_or_default(); let metadata = T::METADATA;
let query_params: QueryParams = match ruma::serde::urlencoded::from_str(query) { let auth_header: Option<TypedHeader<Authorization<Bearer>>> = parts.extract().await?;
let path_params: Path<Vec<String>> = parts.extract().await?;
let query = parts.uri.query().unwrap_or_default();
let query_params: QueryParams = match serde_html_form::from_str(query) {
Ok(params) => params, Ok(params) => params,
Err(e) => { Err(e) => {
error!(%query, "Failed to deserialize query parameters: {}", e); error!(%query, "Failed to deserialize query parameters: {}", e);
@ -63,83 +83,84 @@ where
None => query_params.access_token.as_deref(), None => query_params.access_token.as_deref(),
}; };
let mut body = Bytes::from_request(req) let token = if let Some(token) = token {
.await if let Some(reg_info) = services().appservice.find_from_token(token).await {
.map_err(|_| Error::BadRequest(ErrorKind::MissingToken, "Missing token."))?; Token::Appservice(Box::new(reg_info.clone()))
} else if let Some((user_id, device_id)) = services().users.find_from_token(token)? {
Token::User((user_id, OwnedDeviceId::from(device_id)))
} else {
Token::Invalid
}
} else {
Token::None
};
let mut json_body = serde_json::from_slice::<CanonicalJsonValue>(&body).ok(); let mut json_body = serde_json::from_slice::<CanonicalJsonValue>(&body).ok();
let appservices = services().appservice.all().unwrap(); let (sender_user, sender_device, sender_servername, appservice_info) =
let appservice_registration = appservices.iter().find(|(_id, registration)| { match (metadata.authentication, token) {
registration (_, Token::Invalid) => {
.get("as_token") // OpenID endpoint uses a query param with the same name, drop this once query params for user auth are removed from the spec
.and_then(|as_token| as_token.as_str()) if query_params.access_token.is_some() {
.map_or(false, |as_token| token == Some(as_token)) (None, None, None, None)
}); } else {
return Err(Error::BadRequest(
let (sender_user, sender_device, sender_servername, from_appservice) = ErrorKind::UnknownToken { soft_logout: false },
if let Some((_id, registration)) = appservice_registration { "Unknown access token.",
match metadata.authentication { ));
AuthScheme::AccessToken => { }
let user_id = query_params.user_id.map_or_else( }
(AuthScheme::AccessToken, Token::Appservice(info)) => {
let user_id = query_params
.user_id
.map_or_else(
|| { || {
UserId::parse_with_server_name( UserId::parse_with_server_name(
registration info.registration.sender_localpart.as_str(),
.get("sender_localpart")
.unwrap()
.as_str()
.unwrap(),
services().globals.server_name(), services().globals.server_name(),
) )
.unwrap()
}, },
|s| UserId::parse(s).unwrap(), UserId::parse,
); )
.map_err(|_| {
Error::BadRequest(ErrorKind::InvalidUsername, "Username is invalid.")
})?;
if !services().users.exists(&user_id).unwrap() { if !info.is_user_match(&user_id) {
return Err(Error::BadRequest( return Err(Error::BadRequest(
ErrorKind::Forbidden, ErrorKind::Exclusive,
"User is not in namespace.",
));
}
if !services().users.exists(&user_id)? {
return Err(Error::BadRequest(
ErrorKind::forbidden(),
"User does not exist.", "User does not exist.",
)); ));
} }
// TODO: Check if appservice is allowed to be that user (Some(user_id), None, None, Some(*info))
(Some(user_id), None, None, true)
} }
AuthScheme::ServerSignatures => (None, None, None, true), (
AuthScheme::None => (None, None, None, true), AuthScheme::None
} | AuthScheme::AppserviceToken
} else { | AuthScheme::AccessTokenOptional,
match metadata.authentication { Token::Appservice(info),
AuthScheme::AccessToken => { ) => (None, None, None, Some(*info)),
let token = match token { (AuthScheme::AccessToken, Token::None) => {
Some(token) => token,
_ => {
return Err(Error::BadRequest( return Err(Error::BadRequest(
ErrorKind::MissingToken, ErrorKind::MissingToken,
"Missing access token.", "Missing access token.",
)) ));
} }
}; (
AuthScheme::AccessToken | AuthScheme::AccessTokenOptional | AuthScheme::None,
match services().users.find_from_token(token).unwrap() { Token::User((user_id, device_id)),
None => { ) => (Some(user_id), Some(device_id), None, None),
return Err(Error::BadRequest( (AuthScheme::ServerSignatures, Token::None) => {
ErrorKind::UnknownToken { soft_logout: false }, let TypedHeader(Authorization(x_matrix)) = parts
"Unknown access token.", .extract::<TypedHeader<Authorization<XMatrix>>>()
))
}
Some((user_id, device_id)) => (
Some(user_id),
Some(OwnedDeviceId::from(device_id)),
None,
false,
),
}
}
AuthScheme::ServerSignatures => {
let TypedHeader(Authorization(x_matrix)) =
TypedHeader::<Authorization<XMatrix>>::from_request(req)
.await .await
.map_err(|e| { .map_err(|e| {
warn!("Missing or invalid Authorization header: {}", e); warn!("Missing or invalid Authorization header: {}", e);
@ -154,27 +175,41 @@ where
_ => "Unknown header-related error", _ => "Unknown header-related error",
}; };
Error::BadRequest(ErrorKind::Forbidden, msg) Error::BadRequest(ErrorKind::forbidden(), msg)
})?; })?;
if let Some(dest) = x_matrix.destination {
if dest != services().globals.server_name() {
return Err(Error::BadRequest(
ErrorKind::Unauthorized,
"X-Matrix destination field does not match server name.",
));
}
};
let origin_signatures = BTreeMap::from_iter([( let origin_signatures = BTreeMap::from_iter([(
x_matrix.key.clone(), x_matrix.key.clone(),
CanonicalJsonValue::String(x_matrix.sig), CanonicalJsonValue::String(x_matrix.sig.to_string()),
)]); )]);
let signatures = BTreeMap::from_iter([( let signatures = BTreeMap::from_iter([(
x_matrix.origin.as_str().to_owned(), x_matrix.origin.as_str().to_owned(),
CanonicalJsonValue::Object(origin_signatures), CanonicalJsonValue::Object(
origin_signatures
.into_iter()
.map(|(k, v)| (k.to_string(), v))
.collect(),
),
)]); )]);
let mut request_map = BTreeMap::from_iter([ let mut request_map = BTreeMap::from_iter([
( (
"method".to_owned(), "method".to_owned(),
CanonicalJsonValue::String(req.method().to_string()), CanonicalJsonValue::String(parts.method.to_string()),
), ),
( (
"uri".to_owned(), "uri".to_owned(),
CanonicalJsonValue::String(req.uri().to_string()), CanonicalJsonValue::String(parts.uri.to_string()),
), ),
( (
"origin".to_owned(), "origin".to_owned(),
@ -199,7 +234,7 @@ where
let keys_result = services() let keys_result = services()
.rooms .rooms
.event_handler .event_handler
.fetch_signing_keys(&x_matrix.origin, vec![x_matrix.key.to_owned()]) .fetch_signing_keys(&x_matrix.origin, vec![x_matrix.key.to_string()], false)
.await; .await;
let keys = match keys_result { let keys = match keys_result {
@ -207,24 +242,35 @@ where
Err(e) => { Err(e) => {
warn!("Failed to fetch signing keys: {}", e); warn!("Failed to fetch signing keys: {}", e);
return Err(Error::BadRequest( return Err(Error::BadRequest(
ErrorKind::Forbidden, ErrorKind::forbidden(),
"Failed to fetch signing keys.", "Failed to fetch signing keys.",
)); ));
} }
}; };
let pub_key_map = // Only verify_keys that are currently valid should be used for validating requests
BTreeMap::from_iter([(x_matrix.origin.as_str().to_owned(), keys)]); // as per MSC4029
let pub_key_map = BTreeMap::from_iter([(
x_matrix.origin.as_str().to_owned(),
if keys.valid_until_ts > MilliSecondsSinceUnixEpoch::now() {
keys.verify_keys
.into_iter()
.map(|(id, key)| (id, key.key))
.collect()
} else {
BTreeMap::new()
},
)]);
match ruma::signatures::verify_json(&pub_key_map, &request_map) { match ruma::signatures::verify_json(&pub_key_map, &request_map) {
Ok(()) => (None, None, Some(x_matrix.origin), false), Ok(()) => (None, None, Some(x_matrix.origin), None),
Err(e) => { Err(e) => {
warn!( warn!(
"Failed to verify json request from {}: {}\n{:?}", "Failed to verify json request from {}: {}\n{:?}",
x_matrix.origin, e, request_map x_matrix.origin, e, request_map
); );
if req.uri().to_string().contains('@') { if parts.uri.to_string().contains('@') {
warn!( warn!(
"Request uri contained '@' character. Make sure your \ "Request uri contained '@' character. Make sure your \
reverse proxy gives Conduit the raw uri (apache: use \ reverse proxy gives Conduit the raw uri (apache: use \
@ -233,18 +279,34 @@ where
} }
return Err(Error::BadRequest( return Err(Error::BadRequest(
ErrorKind::Forbidden, ErrorKind::forbidden(),
"Failed to verify X-Matrix signatures.", "Failed to verify X-Matrix signatures.",
)); ));
} }
} }
} }
AuthScheme::None => (None, None, None, false), (
AuthScheme::None
| AuthScheme::AppserviceToken
| AuthScheme::AccessTokenOptional,
Token::None,
) => (None, None, None, None),
(AuthScheme::ServerSignatures, Token::Appservice(_) | Token::User(_)) => {
return Err(Error::BadRequest(
ErrorKind::Unauthorized,
"Only server signatures should be used on this endpoint.",
));
}
(AuthScheme::AppserviceToken, Token::User(_)) => {
return Err(Error::BadRequest(
ErrorKind::Unauthorized,
"Only appservice access tokens should be used on this endpoint.",
));
} }
}; };
let mut http_request = http::Request::builder().uri(req.uri()).method(req.method()); let mut http_request = Request::builder().uri(parts.uri).method(parts.method);
*http_request.headers_mut().unwrap() = req.headers().clone(); *http_request.headers_mut().unwrap() = parts.headers;
if let Some(CanonicalJsonValue::Object(json_body)) = &mut json_body { if let Some(CanonicalJsonValue::Object(json_body)) = &mut json_body {
let user_id = sender_user.clone().unwrap_or_else(|| { let user_id = sender_user.clone().unwrap_or_else(|| {
@ -281,7 +343,8 @@ where
debug!("{:?}", http_request); debug!("{:?}", http_request);
let body = T::try_from_http_request(http_request, &path_params).map_err(|e| { let body = T::try_from_http_request(http_request, &path_params).map_err(|e| {
warn!("{:?}\n{:?}", e, json_body); warn!("try_from_http_request failed: {:?}", e);
debug!("JSON body: {:?}", json_body);
Error::BadRequest(ErrorKind::BadJson, "Failed to deserialize request.") Error::BadRequest(ErrorKind::BadJson, "Failed to deserialize request.")
})?; })?;
@ -290,73 +353,16 @@ where
sender_user, sender_user,
sender_device, sender_device,
sender_servername, sender_servername,
from_appservice, appservice_info,
json_body, json_body,
}) })
} }
} }
struct XMatrix {
origin: OwnedServerName,
key: String, // KeyName?
sig: String,
}
impl Credentials for XMatrix {
const SCHEME: &'static str = "X-Matrix";
fn decode(value: &http::HeaderValue) -> Option<Self> {
debug_assert!(
value.as_bytes().starts_with(b"X-Matrix "),
"HeaderValue to decode should start with \"X-Matrix ..\", received = {value:?}",
);
let parameters = str::from_utf8(&value.as_bytes()["X-Matrix ".len()..])
.ok()?
.trim_start();
let mut origin = None;
let mut key = None;
let mut sig = None;
for entry in parameters.split_terminator(',') {
let (name, value) = entry.split_once('=')?;
// It's not at all clear why some fields are quoted and others not in the spec,
// let's simply accept either form for every field.
let value = value
.strip_prefix('"')
.and_then(|rest| rest.strip_suffix('"'))
.unwrap_or(value);
// FIXME: Catch multiple fields of the same name
match name {
"origin" => origin = Some(value.try_into().ok()?),
"key" => key = Some(value.to_owned()),
"sig" => sig = Some(value.to_owned()),
_ => debug!(
"Unexpected field `{}` in X-Matrix Authorization header",
name
),
}
}
Some(Self {
origin: origin?,
key: key?,
sig: sig?,
})
}
fn encode(&self) -> http::HeaderValue {
todo!()
}
}
impl<T: OutgoingResponse> IntoResponse for RumaResponse<T> { impl<T: OutgoingResponse> IntoResponse for RumaResponse<T> {
fn into_response(self) -> Response { fn into_response(self) -> Response {
match self.0.try_into_http_response::<BytesMut>() { match self.0.try_into_http_response::<BytesMut>() {
Ok(res) => res.map(BytesMut::freeze).map(Full::new).into_response(), Ok(res) => res.map(BytesMut::freeze).map(Body::from).into_response(),
Err(_) => StatusCode::INTERNAL_SERVER_ERROR.into_response(), Err(_) => StatusCode::INTERNAL_SERVER_ERROR.into_response(),
} }
} }

View file

@ -1,4 +1,4 @@
use crate::Error; use crate::{service::appservice::RegistrationInfo, Error};
use ruma::{ use ruma::{
api::client::uiaa::UiaaResponse, CanonicalJsonValue, OwnedDeviceId, OwnedServerName, api::client::uiaa::UiaaResponse, CanonicalJsonValue, OwnedDeviceId, OwnedServerName,
OwnedUserId, OwnedUserId,
@ -16,7 +16,7 @@ pub struct Ruma<T> {
pub sender_servername: Option<OwnedServerName>, pub sender_servername: Option<OwnedServerName>,
// This is None when body is not a valid string // This is None when body is not a valid string
pub json_body: Option<CanonicalJsonValue>, pub json_body: Option<CanonicalJsonValue>,
pub from_appservice: bool, pub appservice_info: Option<RegistrationInfo>,
} }
impl<T> Deref for Ruma<T> { impl<T> Deref for Ruma<T> {

File diff suppressed because it is too large Load diff

27
src/clap.rs Normal file
View file

@ -0,0 +1,27 @@
//! Integration with `clap`
use clap::Parser;
/// Returns the current version of the crate with extra info if supplied
///
/// Set the environment variable `CONDUIT_VERSION_EXTRA` to any UTF-8 string to
/// include it in parenthesis after the SemVer version. A common value are git
/// commit hashes.
fn version() -> String {
let cargo_pkg_version = env!("CARGO_PKG_VERSION");
match option_env!("CONDUIT_VERSION_EXTRA") {
Some(x) => format!("{} ({})", cargo_pkg_version, x),
None => cargo_pkg_version.to_owned(),
}
}
/// Command line arguments
#[derive(Parser)]
#[clap(about, version = version())]
pub struct Args {}
/// Parse command line arguments into structured data
pub fn parse() -> Args {
Args::parse()
}

View file

@ -7,6 +7,7 @@ use std::{
use ruma::{OwnedServerName, RoomVersionId}; use ruma::{OwnedServerName, RoomVersionId};
use serde::{de::IgnoredAny, Deserialize}; use serde::{de::IgnoredAny, Deserialize};
use tracing::warn; use tracing::warn;
use url::Url;
mod proxy; mod proxy;
@ -21,13 +22,14 @@ pub struct Config {
pub tls: Option<TlsConfig>, pub tls: Option<TlsConfig>,
pub server_name: OwnedServerName, pub server_name: OwnedServerName,
#[serde(default = "default_database_backend")]
pub database_backend: String, pub database_backend: String,
pub database_path: String, pub database_path: String,
#[serde(default = "default_db_cache_capacity_mb")] #[serde(default = "default_db_cache_capacity_mb")]
pub db_cache_capacity_mb: f64, pub db_cache_capacity_mb: f64,
#[serde(default = "true_fn")] #[serde(default = "true_fn")]
pub enable_lightning_bolt: bool, pub enable_lightning_bolt: bool,
#[serde(default = "true_fn")]
pub allow_check_for_updates: bool,
#[serde(default = "default_conduit_cache_capacity_modifier")] #[serde(default = "default_conduit_cache_capacity_modifier")]
pub conduit_cache_capacity_modifier: f64, pub conduit_cache_capacity_modifier: f64,
#[serde(default = "default_rocksdb_max_open_files")] #[serde(default = "default_rocksdb_max_open_files")]
@ -44,6 +46,9 @@ pub struct Config {
pub max_fetch_prev_events: u16, pub max_fetch_prev_events: u16,
#[serde(default = "false_fn")] #[serde(default = "false_fn")]
pub allow_registration: bool, pub allow_registration: bool,
pub registration_token: Option<String>,
#[serde(default = "default_openid_token_ttl")]
pub openid_token_ttl: u64,
#[serde(default = "true_fn")] #[serde(default = "true_fn")]
pub allow_encryption: bool, pub allow_encryption: bool,
#[serde(default = "false_fn")] #[serde(default = "false_fn")]
@ -54,6 +59,8 @@ pub struct Config {
pub allow_unstable_room_versions: bool, pub allow_unstable_room_versions: bool,
#[serde(default = "default_default_room_version")] #[serde(default = "default_default_room_version")]
pub default_room_version: RoomVersionId, pub default_room_version: RoomVersionId,
#[serde(default, flatten)]
pub well_known: WellKnownConfig,
#[serde(default = "false_fn")] #[serde(default = "false_fn")]
pub allow_jaeger: bool, pub allow_jaeger: bool,
#[serde(default = "false_fn")] #[serde(default = "false_fn")]
@ -61,7 +68,7 @@ pub struct Config {
#[serde(default)] #[serde(default)]
pub proxy: ProxyConfig, pub proxy: ProxyConfig,
pub jwt_secret: Option<String>, pub jwt_secret: Option<String>,
#[serde(default = "Vec::new")] #[serde(default = "default_trusted_servers")]
pub trusted_servers: Vec<OwnedServerName>, pub trusted_servers: Vec<OwnedServerName>,
#[serde(default = "default_log")] #[serde(default = "default_log")]
pub log: String, pub log: String,
@ -88,6 +95,14 @@ pub struct TlsConfig {
pub key: String, pub key: String,
} }
#[derive(Clone, Debug, Deserialize, Default)]
pub struct WellKnownConfig {
#[serde(rename = "well_known_client")]
pub client: Option<Url>,
#[serde(rename = "well_known_server")]
pub server: Option<OwnedServerName>,
}
const DEPRECATED_KEYS: &[&str] = &["cache_capacity"]; const DEPRECATED_KEYS: &[&str] = &["cache_capacity"];
impl Config { impl Config {
@ -108,9 +123,35 @@ impl Config {
} }
} }
impl Config {
pub fn well_known_client(&self) -> String {
if let Some(url) = &self.well_known.client {
url.to_string()
} else {
format!("https://{}", self.server_name)
}
}
pub fn well_known_server(&self) -> OwnedServerName {
match &self.well_known.server {
Some(server_name) => server_name.to_owned(),
None => {
if self.server_name.port().is_some() {
self.server_name.to_owned()
} else {
format!("{}:443", self.server_name.host())
.try_into()
.expect("Host from valid hostname + :443 must be valid")
}
}
}
}
}
impl fmt::Display for Config { impl fmt::Display for Config {
fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
// Prepare a list of config values to show // Prepare a list of config values to show
let well_known_server = self.well_known_server();
let lines = [ let lines = [
("Server name", self.server_name.host()), ("Server name", self.server_name.host()),
("Database backend", &self.database_backend), ("Database backend", &self.database_backend),
@ -191,6 +232,8 @@ impl fmt::Display for Config {
} }
&lst.join(", ") &lst.join(", ")
}), }),
("Well-known server name", well_known_server.as_str()),
("Well-known client URL", &self.well_known_client()),
]; ];
let mut msg: String = "Active config values:\n\n".to_owned(); let mut msg: String = "Active config values:\n\n".to_owned();
@ -219,12 +262,8 @@ fn default_port() -> u16 {
8000 8000
} }
fn default_database_backend() -> String {
"sqlite".to_owned()
}
fn default_db_cache_capacity_mb() -> f64 { fn default_db_cache_capacity_mb() -> f64 {
1000.0 300.0
} }
fn default_conduit_cache_capacity_modifier() -> f64 { fn default_conduit_cache_capacity_modifier() -> f64 {
@ -255,15 +294,23 @@ fn default_max_fetch_prev_events() -> u16 {
100_u16 100_u16
} }
fn default_trusted_servers() -> Vec<OwnedServerName> {
vec![OwnedServerName::try_from("matrix.org").unwrap()]
}
fn default_log() -> String { fn default_log() -> String {
"warn,state_res=warn,_=off,sled=off".to_owned() "warn,state_res=warn,_=off".to_owned()
} }
fn default_turn_ttl() -> u64 { fn default_turn_ttl() -> u64 {
60 * 60 * 24 60 * 60 * 24
} }
fn default_openid_token_ttl() -> u64 {
60 * 60
}
// I know, it's a great name // I know, it's a great name
pub fn default_default_room_version() -> RoomVersionId { pub fn default_default_room_version() -> RoomVersionId {
RoomVersionId::V9 RoomVersionId::V10
} }

View file

@ -29,7 +29,9 @@ use crate::Result;
/// would be used for `ordinary.onion`, `matrix.myspecial.onion`, but not `hello.myspecial.onion`. /// would be used for `ordinary.onion`, `matrix.myspecial.onion`, but not `hello.myspecial.onion`.
#[derive(Clone, Debug, Deserialize)] #[derive(Clone, Debug, Deserialize)]
#[serde(rename_all = "snake_case")] #[serde(rename_all = "snake_case")]
#[derive(Default)]
pub enum ProxyConfig { pub enum ProxyConfig {
#[default]
None, None,
Global { Global {
#[serde(deserialize_with = "crate::utils::deserialize_from_str")] #[serde(deserialize_with = "crate::utils::deserialize_from_str")]
@ -48,11 +50,6 @@ impl ProxyConfig {
}) })
} }
} }
impl Default for ProxyConfig {
fn default() -> Self {
ProxyConfig::None
}
}
#[derive(Clone, Debug, Deserialize)] #[derive(Clone, Debug, Deserialize)]
pub struct PartialProxyConfig { pub struct PartialProxyConfig {

View file

@ -116,7 +116,7 @@ impl KvTree for PersyTree {
match iter { match iter {
Ok(iter) => Box::new(iter.filter_map(|(k, v)| { Ok(iter) => Box::new(iter.filter_map(|(k, v)| {
v.into_iter() v.into_iter()
.map(|val| ((*k).to_owned().into(), (*val).to_owned().into())) .map(|val| ((*k).to_owned(), (*val).to_owned()))
.next() .next()
})), })),
Err(e) => { Err(e) => {
@ -142,7 +142,7 @@ impl KvTree for PersyTree {
Ok(iter) => { Ok(iter) => {
let map = iter.filter_map(|(k, v)| { let map = iter.filter_map(|(k, v)| {
v.into_iter() v.into_iter()
.map(|val| ((*k).to_owned().into(), (*val).to_owned().into())) .map(|val| ((*k).to_owned(), (*val).to_owned()))
.next() .next()
}); });
if backwards { if backwards {
@ -179,7 +179,7 @@ impl KvTree for PersyTree {
iter.take_while(move |(k, _)| (*k).starts_with(&owned_prefix)) iter.take_while(move |(k, _)| (*k).starts_with(&owned_prefix))
.filter_map(|(k, v)| { .filter_map(|(k, v)| {
v.into_iter() v.into_iter()
.map(|val| ((*k).to_owned().into(), (*val).to_owned().into())) .map(|val| ((*k).to_owned(), (*val).to_owned()))
.next() .next()
}), }),
) )

View file

@ -23,30 +23,35 @@ pub struct RocksDbEngineTree<'a> {
fn db_options(max_open_files: i32, rocksdb_cache: &rocksdb::Cache) -> rocksdb::Options { fn db_options(max_open_files: i32, rocksdb_cache: &rocksdb::Cache) -> rocksdb::Options {
let mut block_based_options = rocksdb::BlockBasedOptions::default(); let mut block_based_options = rocksdb::BlockBasedOptions::default();
block_based_options.set_block_cache(rocksdb_cache); block_based_options.set_block_cache(rocksdb_cache);
block_based_options.set_bloom_filter(10.0, false);
// "Difference of spinning disk"
// https://zhangyuchi.gitbooks.io/rocksdbbook/content/RocksDB-Tuning-Guide.html
block_based_options.set_block_size(4 * 1024); block_based_options.set_block_size(4 * 1024);
block_based_options.set_cache_index_and_filter_blocks(true); block_based_options.set_cache_index_and_filter_blocks(true);
block_based_options.set_pin_l0_filter_and_index_blocks_in_cache(true);
block_based_options.set_optimize_filters_for_memory(true);
let mut db_opts = rocksdb::Options::default(); let mut db_opts = rocksdb::Options::default();
db_opts.set_block_based_table_factory(&block_based_options); db_opts.set_block_based_table_factory(&block_based_options);
db_opts.set_optimize_filters_for_hits(true);
db_opts.set_skip_stats_update_on_db_open(true);
db_opts.set_level_compaction_dynamic_level_bytes(true);
db_opts.set_target_file_size_base(256 * 1024 * 1024);
//db_opts.set_compaction_readahead_size(2 * 1024 * 1024);
//db_opts.set_use_direct_reads(true);
//db_opts.set_use_direct_io_for_flush_and_compaction(true);
db_opts.create_if_missing(true); db_opts.create_if_missing(true);
db_opts.increase_parallelism(num_cpus::get() as i32); db_opts.increase_parallelism(num_cpus::get() as i32);
db_opts.set_max_open_files(max_open_files); db_opts.set_max_open_files(max_open_files);
db_opts.set_compression_type(rocksdb::DBCompressionType::Zstd); db_opts.set_compression_type(rocksdb::DBCompressionType::Lz4);
db_opts.set_bottommost_compression_type(rocksdb::DBCompressionType::Zstd);
db_opts.set_compaction_style(rocksdb::DBCompactionStyle::Level); db_opts.set_compaction_style(rocksdb::DBCompactionStyle::Level);
db_opts.optimize_level_style_compaction(10 * 1024 * 1024);
let prefix_extractor = rocksdb::SliceTransform::create_fixed_prefix(1); // https://github.com/facebook/rocksdb/wiki/Setup-Options-and-Basic-Tuning
db_opts.set_prefix_extractor(prefix_extractor); db_opts.set_level_compaction_dynamic_level_bytes(true);
db_opts.set_max_background_jobs(6);
db_opts.set_bytes_per_sync(1048576);
// https://github.com/facebook/rocksdb/issues/849
db_opts.set_keep_log_file_num(100);
// https://github.com/facebook/rocksdb/wiki/WAL-Recovery-Modes#ktoleratecorruptedtailrecords
//
// Unclean shutdowns of a Matrix homeserver are likely to be fine when
// recovered in this manner as it's likely any lost information will be
// restored via federation.
db_opts.set_wal_recovery_mode(rocksdb::DBRecoveryMode::TolerateCorruptedTailRecords);
db_opts db_opts
} }
@ -54,7 +59,7 @@ fn db_options(max_open_files: i32, rocksdb_cache: &rocksdb::Cache) -> rocksdb::O
impl KeyValueDatabaseEngine for Arc<Engine> { impl KeyValueDatabaseEngine for Arc<Engine> {
fn open(config: &Config) -> Result<Self> { fn open(config: &Config) -> Result<Self> {
let cache_capacity_bytes = (config.db_cache_capacity_mb * 1024.0 * 1024.0) as usize; let cache_capacity_bytes = (config.db_cache_capacity_mb * 1024.0 * 1024.0) as usize;
let rocksdb_cache = rocksdb::Cache::new_lru_cache(cache_capacity_bytes).unwrap(); let rocksdb_cache = rocksdb::Cache::new_lru_cache(cache_capacity_bytes);
let db_opts = db_options(config.rocksdb_max_open_files, &rocksdb_cache); let db_opts = db_options(config.rocksdb_max_open_files, &rocksdb_cache);
@ -131,12 +136,17 @@ impl RocksDbEngineTree<'_> {
impl KvTree for RocksDbEngineTree<'_> { impl KvTree for RocksDbEngineTree<'_> {
fn get(&self, key: &[u8]) -> Result<Option<Vec<u8>>> { fn get(&self, key: &[u8]) -> Result<Option<Vec<u8>>> {
Ok(self.db.rocks.get_cf(&self.cf(), key)?) let readoptions = rocksdb::ReadOptions::default();
Ok(self.db.rocks.get_cf_opt(&self.cf(), key, &readoptions)?)
} }
fn insert(&self, key: &[u8], value: &[u8]) -> Result<()> { fn insert(&self, key: &[u8], value: &[u8]) -> Result<()> {
let writeoptions = rocksdb::WriteOptions::default();
let lock = self.write_lock.read().unwrap(); let lock = self.write_lock.read().unwrap();
self.db.rocks.put_cf(&self.cf(), key, value)?; self.db
.rocks
.put_cf_opt(&self.cf(), key, value, &writeoptions)?;
drop(lock); drop(lock);
self.watchers.wake(key); self.watchers.wake(key);
@ -145,23 +155,32 @@ impl KvTree for RocksDbEngineTree<'_> {
} }
fn insert_batch<'a>(&self, iter: &mut dyn Iterator<Item = (Vec<u8>, Vec<u8>)>) -> Result<()> { fn insert_batch<'a>(&self, iter: &mut dyn Iterator<Item = (Vec<u8>, Vec<u8>)>) -> Result<()> {
let writeoptions = rocksdb::WriteOptions::default();
for (key, value) in iter { for (key, value) in iter {
self.db.rocks.put_cf(&self.cf(), key, value)?; self.db
.rocks
.put_cf_opt(&self.cf(), key, value, &writeoptions)?;
} }
Ok(()) Ok(())
} }
fn remove(&self, key: &[u8]) -> Result<()> { fn remove(&self, key: &[u8]) -> Result<()> {
Ok(self.db.rocks.delete_cf(&self.cf(), key)?) let writeoptions = rocksdb::WriteOptions::default();
Ok(self
.db
.rocks
.delete_cf_opt(&self.cf(), key, &writeoptions)?)
} }
fn iter<'a>(&'a self) -> Box<dyn Iterator<Item = (Vec<u8>, Vec<u8>)> + 'a> { fn iter<'a>(&'a self) -> Box<dyn Iterator<Item = (Vec<u8>, Vec<u8>)> + 'a> {
let readoptions = rocksdb::ReadOptions::default();
Box::new( Box::new(
self.db self.db
.rocks .rocks
.iterator_cf(&self.cf(), rocksdb::IteratorMode::Start) .iterator_cf_opt(&self.cf(), readoptions, rocksdb::IteratorMode::Start)
//.map(|r| r.unwrap()) .map(|r| r.unwrap())
.map(|(k, v)| (Vec::from(k), Vec::from(v))), .map(|(k, v)| (Vec::from(k), Vec::from(v))),
) )
} }
@ -171,11 +190,14 @@ impl KvTree for RocksDbEngineTree<'_> {
from: &[u8], from: &[u8],
backwards: bool, backwards: bool,
) -> Box<dyn Iterator<Item = (Vec<u8>, Vec<u8>)> + 'a> { ) -> Box<dyn Iterator<Item = (Vec<u8>, Vec<u8>)> + 'a> {
let readoptions = rocksdb::ReadOptions::default();
Box::new( Box::new(
self.db self.db
.rocks .rocks
.iterator_cf( .iterator_cf_opt(
&self.cf(), &self.cf(),
readoptions,
rocksdb::IteratorMode::From( rocksdb::IteratorMode::From(
from, from,
if backwards { if backwards {
@ -185,29 +207,39 @@ impl KvTree for RocksDbEngineTree<'_> {
}, },
), ),
) )
//.map(|r| r.unwrap()) .map(|r| r.unwrap())
.map(|(k, v)| (Vec::from(k), Vec::from(v))), .map(|(k, v)| (Vec::from(k), Vec::from(v))),
) )
} }
fn increment(&self, key: &[u8]) -> Result<Vec<u8>> { fn increment(&self, key: &[u8]) -> Result<Vec<u8>> {
let readoptions = rocksdb::ReadOptions::default();
let writeoptions = rocksdb::WriteOptions::default();
let lock = self.write_lock.write().unwrap(); let lock = self.write_lock.write().unwrap();
let old = self.db.rocks.get_cf(&self.cf(), key)?; let old = self.db.rocks.get_cf_opt(&self.cf(), key, &readoptions)?;
let new = utils::increment(old.as_deref()).unwrap(); let new = utils::increment(old.as_deref()).unwrap();
self.db.rocks.put_cf(&self.cf(), key, &new)?; self.db
.rocks
.put_cf_opt(&self.cf(), key, &new, &writeoptions)?;
drop(lock); drop(lock);
Ok(new) Ok(new)
} }
fn increment_batch<'a>(&self, iter: &mut dyn Iterator<Item = Vec<u8>>) -> Result<()> { fn increment_batch<'a>(&self, iter: &mut dyn Iterator<Item = Vec<u8>>) -> Result<()> {
let readoptions = rocksdb::ReadOptions::default();
let writeoptions = rocksdb::WriteOptions::default();
let lock = self.write_lock.write().unwrap(); let lock = self.write_lock.write().unwrap();
for key in iter { for key in iter {
let old = self.db.rocks.get_cf(&self.cf(), &key)?; let old = self.db.rocks.get_cf_opt(&self.cf(), &key, &readoptions)?;
let new = utils::increment(old.as_deref()).unwrap(); let new = utils::increment(old.as_deref()).unwrap();
self.db.rocks.put_cf(&self.cf(), key, new)?; self.db
.rocks
.put_cf_opt(&self.cf(), key, new, &writeoptions)?;
} }
drop(lock); drop(lock);
@ -219,14 +251,17 @@ impl KvTree for RocksDbEngineTree<'_> {
&'a self, &'a self,
prefix: Vec<u8>, prefix: Vec<u8>,
) -> Box<dyn Iterator<Item = (Vec<u8>, Vec<u8>)> + 'a> { ) -> Box<dyn Iterator<Item = (Vec<u8>, Vec<u8>)> + 'a> {
let readoptions = rocksdb::ReadOptions::default();
Box::new( Box::new(
self.db self.db
.rocks .rocks
.iterator_cf( .iterator_cf_opt(
&self.cf(), &self.cf(),
readoptions,
rocksdb::IteratorMode::From(&prefix, rocksdb::Direction::Forward), rocksdb::IteratorMode::From(&prefix, rocksdb::Direction::Forward),
) )
//.map(|r| r.unwrap()) .map(|r| r.unwrap())
.map(|(k, v)| (Vec::from(k), Vec::from(v))) .map(|(k, v)| (Vec::from(k), Vec::from(v)))
.take_while(move |(k, _)| k.starts_with(&prefix)), .take_while(move |(k, _)| k.starts_with(&prefix)),
) )

View file

@ -13,8 +13,8 @@ use thread_local::ThreadLocal;
use tracing::debug; use tracing::debug;
thread_local! { thread_local! {
static READ_CONNECTION: RefCell<Option<&'static Connection>> = RefCell::new(None); static READ_CONNECTION: RefCell<Option<&'static Connection>> = const { RefCell::new(None) };
static READ_CONNECTION_ITERATOR: RefCell<Option<&'static Connection>> = RefCell::new(None); static READ_CONNECTION_ITERATOR: RefCell<Option<&'static Connection>> = const { RefCell::new(None) };
} }
struct PreparedStatementIterator<'a> { struct PreparedStatementIterator<'a> {
@ -33,7 +33,7 @@ impl Iterator for PreparedStatementIterator<'_> {
struct NonAliasingBox<T>(*mut T); struct NonAliasingBox<T>(*mut T);
impl<T> Drop for NonAliasingBox<T> { impl<T> Drop for NonAliasingBox<T> {
fn drop(&mut self) { fn drop(&mut self) {
unsafe { Box::from_raw(self.0) }; drop(unsafe { Box::from_raw(self.0) });
} }
} }

View file

@ -8,6 +8,7 @@ use tokio::sync::watch;
#[derive(Default)] #[derive(Default)]
pub(super) struct Watchers { pub(super) struct Watchers {
#[allow(clippy::type_complexity)]
watchers: RwLock<HashMap<Vec<u8>, (watch::Sender<()>, watch::Receiver<()>)>>, watchers: RwLock<HashMap<Vec<u8>, (watch::Sender<()>, watch::Receiver<()>)>>,
} }
@ -19,7 +20,7 @@ impl Watchers {
let mut rx = match self.watchers.write().unwrap().entry(prefix.to_vec()) { let mut rx = match self.watchers.write().unwrap().entry(prefix.to_vec()) {
hash_map::Entry::Occupied(o) => o.get().1.clone(), hash_map::Entry::Occupied(o) => o.get().1.clone(),
hash_map::Entry::Vacant(v) => { hash_map::Entry::Vacant(v) => {
let (tx, rx) = tokio::sync::watch::channel(()); let (tx, rx) = watch::channel(());
v.insert((tx, rx.clone())); v.insert((tx, rx.clone()));
rx rx
} }

View file

@ -123,13 +123,12 @@ impl service::account_data::Data for KeyValueDatabase {
.take_while(move |(k, _)| k.starts_with(&prefix)) .take_while(move |(k, _)| k.starts_with(&prefix))
.map(|(k, v)| { .map(|(k, v)| {
Ok::<_, Error>(( Ok::<_, Error>((
RoomAccountDataEventType::try_from( RoomAccountDataEventType::from(
utils::string_from_bytes(k.rsplit(|&b| b == 0xff).next().ok_or_else( utils::string_from_bytes(k.rsplit(|&b| b == 0xff).next().ok_or_else(
|| Error::bad_database("RoomUserData ID in db is invalid."), || Error::bad_database("RoomUserData ID in db is invalid."),
)?) )?)
.map_err(|_| Error::bad_database("RoomUserData ID in db is invalid."))?, .map_err(|_| Error::bad_database("RoomUserData ID in db is invalid."))?,
) ),
.map_err(|_| Error::bad_database("RoomUserData ID in db is invalid."))?,
serde_json::from_slice::<Raw<AnyEphemeralRoomEvent>>(&v).map_err(|_| { serde_json::from_slice::<Raw<AnyEphemeralRoomEvent>>(&v).map_err(|_| {
Error::bad_database("Database contains invalid account data.") Error::bad_database("Database contains invalid account data.")
})?, })?,

View file

@ -1,18 +1,15 @@
use ruma::api::appservice::Registration;
use crate::{database::KeyValueDatabase, service, utils, Error, Result}; use crate::{database::KeyValueDatabase, service, utils, Error, Result};
impl service::appservice::Data for KeyValueDatabase { impl service::appservice::Data for KeyValueDatabase {
/// Registers an appservice and returns the ID to the caller /// Registers an appservice and returns the ID to the caller
fn register_appservice(&self, yaml: serde_yaml::Value) -> Result<String> { fn register_appservice(&self, yaml: Registration) -> Result<String> {
// TODO: Rumaify let id = yaml.id.as_str();
let id = yaml.get("id").unwrap().as_str().unwrap();
self.id_appserviceregistrations.insert( self.id_appserviceregistrations.insert(
id.as_bytes(), id.as_bytes(),
serde_yaml::to_string(&yaml).unwrap().as_bytes(), serde_yaml::to_string(&yaml).unwrap().as_bytes(),
)?; )?;
self.cached_registrations
.write()
.unwrap()
.insert(id.to_owned(), yaml.to_owned());
Ok(id.to_owned()) Ok(id.to_owned())
} }
@ -25,33 +22,18 @@ impl service::appservice::Data for KeyValueDatabase {
fn unregister_appservice(&self, service_name: &str) -> Result<()> { fn unregister_appservice(&self, service_name: &str) -> Result<()> {
self.id_appserviceregistrations self.id_appserviceregistrations
.remove(service_name.as_bytes())?; .remove(service_name.as_bytes())?;
self.cached_registrations
.write()
.unwrap()
.remove(service_name);
Ok(()) Ok(())
} }
fn get_registration(&self, id: &str) -> Result<Option<serde_yaml::Value>> { fn get_registration(&self, id: &str) -> Result<Option<Registration>> {
self.cached_registrations
.read()
.unwrap()
.get(id)
.map_or_else(
|| {
self.id_appserviceregistrations self.id_appserviceregistrations
.get(id.as_bytes())? .get(id.as_bytes())?
.map(|bytes| { .map(|bytes| {
serde_yaml::from_slice(&bytes).map_err(|_| { serde_yaml::from_slice(&bytes).map_err(|_| {
Error::bad_database( Error::bad_database("Invalid registration bytes in id_appserviceregistrations.")
"Invalid registration bytes in id_appserviceregistrations.",
)
}) })
}) })
.transpose() .transpose()
},
|r| Ok(Some(r.clone())),
)
} }
fn iter_ids<'a>(&'a self) -> Result<Box<dyn Iterator<Item = Result<String>> + 'a>> { fn iter_ids<'a>(&'a self) -> Result<Box<dyn Iterator<Item = Result<String>> + 'a>> {
@ -64,7 +46,7 @@ impl service::appservice::Data for KeyValueDatabase {
))) )))
} }
fn all(&self) -> Result<Vec<(String, serde_yaml::Value)>> { fn all(&self) -> Result<Vec<(String, Registration)>> {
self.iter_ids()? self.iter_ids()?
.filter_map(|id| id.ok()) .filter_map(|id| id.ok())
.map(move |id| { .map(move |id| {

View file

@ -1,16 +1,22 @@
use std::collections::BTreeMap; use std::collections::HashMap;
use async_trait::async_trait; use async_trait::async_trait;
use futures_util::{stream::FuturesUnordered, StreamExt}; use futures_util::{stream::FuturesUnordered, StreamExt};
use lru_cache::LruCache;
use ruma::{ use ruma::{
api::federation::discovery::{ServerSigningKeys, VerifyKey}, api::federation::discovery::{OldVerifyKey, ServerSigningKeys},
signatures::Ed25519KeyPair, signatures::Ed25519KeyPair,
DeviceId, MilliSecondsSinceUnixEpoch, OwnedServerSigningKeyId, ServerName, UserId, DeviceId, ServerName, UserId,
}; };
use crate::{database::KeyValueDatabase, service, services, utils, Error, Result}; use crate::{
database::KeyValueDatabase,
service::{self, globals::SigningKeys},
services, utils, Error, Result,
};
pub const COUNTER: &[u8] = b"c"; pub const COUNTER: &[u8] = b"c";
pub const LAST_CHECK_FOR_UPDATES_COUNT: &[u8] = b"u";
#[async_trait] #[async_trait]
impl service::globals::Data for KeyValueDatabase { impl service::globals::Data for KeyValueDatabase {
@ -26,6 +32,23 @@ impl service::globals::Data for KeyValueDatabase {
}) })
} }
fn last_check_for_updates_id(&self) -> Result<u64> {
self.global
.get(LAST_CHECK_FOR_UPDATES_COUNT)?
.map_or(Ok(0_u64), |bytes| {
utils::u64_from_bytes(&bytes).map_err(|_| {
Error::bad_database("last check for updates count has invalid bytes.")
})
})
}
fn update_check_for_updates_id(&self, id: u64) -> Result<()> {
self.global
.insert(LAST_CHECK_FOR_UPDATES_COUNT, &id.to_be_bytes())?;
Ok(())
}
async fn watch(&self, user_id: &UserId, device_id: &DeviceId) -> Result<()> { async fn watch(&self, user_id: &UserId, device_id: &DeviceId) -> Result<()> {
let userid_bytes = user_id.as_bytes().to_vec(); let userid_bytes = user_id.as_bytes().to_vec();
let mut userid_prefix = userid_bytes.clone(); let mut userid_prefix = userid_bytes.clone();
@ -75,7 +98,9 @@ impl service::globals::Data for KeyValueDatabase {
futures.push(self.pduid_pdu.watch_prefix(&short_roomid)); futures.push(self.pduid_pdu.watch_prefix(&short_roomid));
// EDUs // EDUs
futures.push(self.roomid_lasttypingupdate.watch_prefix(&roomid_bytes)); futures.push(Box::into_pin(Box::new(async move {
let _result = services().rooms.edus.typing.wait_for_update(&room_id).await;
})));
futures.push(self.readreceiptid_readreceipt.watch_prefix(&roomid_prefix)); futures.push(self.readreceiptid_readreceipt.watch_prefix(&roomid_prefix));
@ -118,8 +143,67 @@ impl service::globals::Data for KeyValueDatabase {
self._db.cleanup() self._db.cleanup()
} }
fn memory_usage(&self) -> Result<String> { fn memory_usage(&self) -> String {
self._db.memory_usage() let pdu_cache = self.pdu_cache.lock().unwrap().len();
let shorteventid_cache = self.shorteventid_cache.lock().unwrap().len();
let auth_chain_cache = self.auth_chain_cache.lock().unwrap().len();
let eventidshort_cache = self.eventidshort_cache.lock().unwrap().len();
let statekeyshort_cache = self.statekeyshort_cache.lock().unwrap().len();
let our_real_users_cache = self.our_real_users_cache.read().unwrap().len();
let appservice_in_room_cache = self.appservice_in_room_cache.read().unwrap().len();
let lasttimelinecount_cache = self.lasttimelinecount_cache.lock().unwrap().len();
let mut response = format!(
"\
pdu_cache: {pdu_cache}
shorteventid_cache: {shorteventid_cache}
auth_chain_cache: {auth_chain_cache}
eventidshort_cache: {eventidshort_cache}
statekeyshort_cache: {statekeyshort_cache}
our_real_users_cache: {our_real_users_cache}
appservice_in_room_cache: {appservice_in_room_cache}
lasttimelinecount_cache: {lasttimelinecount_cache}\n"
);
if let Ok(db_stats) = self._db.memory_usage() {
response += &db_stats;
}
response
}
fn clear_caches(&self, amount: u32) {
if amount > 0 {
let c = &mut *self.pdu_cache.lock().unwrap();
*c = LruCache::new(c.capacity());
}
if amount > 1 {
let c = &mut *self.shorteventid_cache.lock().unwrap();
*c = LruCache::new(c.capacity());
}
if amount > 2 {
let c = &mut *self.auth_chain_cache.lock().unwrap();
*c = LruCache::new(c.capacity());
}
if amount > 3 {
let c = &mut *self.eventidshort_cache.lock().unwrap();
*c = LruCache::new(c.capacity());
}
if amount > 4 {
let c = &mut *self.statekeyshort_cache.lock().unwrap();
*c = LruCache::new(c.capacity());
}
if amount > 5 {
let c = &mut *self.our_real_users_cache.write().unwrap();
*c = HashMap::new();
}
if amount > 6 {
let c = &mut *self.appservice_in_room_cache.write().unwrap();
*c = HashMap::new();
}
if amount > 7 {
let c = &mut *self.lasttimelinecount_cache.lock().unwrap();
*c = HashMap::new();
}
} }
fn load_keypair(&self) -> Result<Ed25519KeyPair> { fn load_keypair(&self) -> Result<Ed25519KeyPair> {
@ -157,64 +241,97 @@ impl service::globals::Data for KeyValueDatabase {
self.global.remove(b"keypair") self.global.remove(b"keypair")
} }
fn add_signing_key( fn add_signing_key_from_trusted_server(
&self, &self,
origin: &ServerName, origin: &ServerName,
new_keys: ServerSigningKeys, new_keys: ServerSigningKeys,
) -> Result<BTreeMap<OwnedServerSigningKeyId, VerifyKey>> { ) -> Result<SigningKeys> {
// Not atomic, but this is not critical let prev_keys = self.server_signingkeys.get(origin.as_bytes())?;
let signingkeys = self.server_signingkeys.get(origin.as_bytes())?;
let mut keys = signingkeys
.and_then(|keys| serde_json::from_slice(&keys).ok())
.unwrap_or_else(|| {
// Just insert "now", it doesn't matter
ServerSigningKeys::new(origin.to_owned(), MilliSecondsSinceUnixEpoch::now())
});
Ok(
if let Some(mut prev_keys) =
prev_keys.and_then(|keys| serde_json::from_slice::<ServerSigningKeys>(&keys).ok())
{
let ServerSigningKeys { let ServerSigningKeys {
verify_keys, verify_keys,
old_verify_keys, old_verify_keys,
.. ..
} = new_keys; } = new_keys;
keys.verify_keys.extend(verify_keys.into_iter()); prev_keys.verify_keys.extend(verify_keys);
keys.old_verify_keys.extend(old_verify_keys.into_iter()); prev_keys.old_verify_keys.extend(old_verify_keys);
prev_keys.valid_until_ts = new_keys.valid_until_ts;
self.server_signingkeys.insert( self.server_signingkeys.insert(
origin.as_bytes(), origin.as_bytes(),
&serde_json::to_vec(&keys).expect("serversigningkeys can be serialized"), &serde_json::to_vec(&prev_keys).expect("serversigningkeys can be serialized"),
)?; )?;
let mut tree = keys.verify_keys; prev_keys.into()
tree.extend( } else {
keys.old_verify_keys self.server_signingkeys.insert(
.into_iter() origin.as_bytes(),
.map(|old| (old.0, VerifyKey::new(old.1.key))), &serde_json::to_vec(&new_keys).expect("serversigningkeys can be serialized"),
); )?;
Ok(tree) new_keys.into()
},
)
}
fn add_signing_key_from_origin(
&self,
origin: &ServerName,
new_keys: ServerSigningKeys,
) -> Result<SigningKeys> {
let prev_keys = self.server_signingkeys.get(origin.as_bytes())?;
Ok(
if let Some(mut prev_keys) =
prev_keys.and_then(|keys| serde_json::from_slice::<ServerSigningKeys>(&keys).ok())
{
let ServerSigningKeys {
verify_keys,
old_verify_keys,
..
} = new_keys;
// Moving `verify_keys` no longer present to `old_verify_keys`
for (key_id, key) in prev_keys.verify_keys {
if !verify_keys.contains_key(&key_id) {
prev_keys
.old_verify_keys
.insert(key_id, OldVerifyKey::new(prev_keys.valid_until_ts, key.key));
}
}
prev_keys.verify_keys = verify_keys;
prev_keys.old_verify_keys.extend(old_verify_keys);
prev_keys.valid_until_ts = new_keys.valid_until_ts;
self.server_signingkeys.insert(
origin.as_bytes(),
&serde_json::to_vec(&prev_keys).expect("serversigningkeys can be serialized"),
)?;
prev_keys.into()
} else {
self.server_signingkeys.insert(
origin.as_bytes(),
&serde_json::to_vec(&new_keys).expect("serversigningkeys can be serialized"),
)?;
new_keys.into()
},
)
} }
/// This returns an empty `Ok(BTreeMap<..>)` when there are no keys found for the server. /// This returns an empty `Ok(BTreeMap<..>)` when there are no keys found for the server.
fn signing_keys_for( fn signing_keys_for(&self, origin: &ServerName) -> Result<Option<SigningKeys>> {
&self,
origin: &ServerName,
) -> Result<BTreeMap<OwnedServerSigningKeyId, VerifyKey>> {
let signingkeys = self let signingkeys = self
.server_signingkeys .server_signingkeys
.get(origin.as_bytes())? .get(origin.as_bytes())?
.and_then(|bytes| serde_json::from_slice(&bytes).ok()) .and_then(|bytes| serde_json::from_slice::<SigningKeys>(&bytes).ok());
.map(|keys: ServerSigningKeys| {
let mut tree = keys.verify_keys;
tree.extend(
keys.old_verify_keys
.into_iter()
.map(|old| (old.0, VerifyKey::new(old.1.key))),
);
tree
})
.unwrap_or_else(BTreeMap::new);
Ok(signingkeys) Ok(signingkeys)
} }

View file

@ -1,4 +1,4 @@
use ruma::api::client::error::ErrorKind; use ruma::{api::client::error::ErrorKind, http_headers::ContentDisposition};
use crate::{database::KeyValueDatabase, service, utils, Error, Result}; use crate::{database::KeyValueDatabase, service, utils, Error, Result};
@ -8,7 +8,7 @@ impl service::media::Data for KeyValueDatabase {
mxc: String, mxc: String,
width: u32, width: u32,
height: u32, height: u32,
content_disposition: Option<&str>, content_disposition: &ContentDisposition,
content_type: Option<&str>, content_type: Option<&str>,
) -> Result<Vec<u8>> { ) -> Result<Vec<u8>> {
let mut key = mxc.as_bytes().to_vec(); let mut key = mxc.as_bytes().to_vec();
@ -16,12 +16,7 @@ impl service::media::Data for KeyValueDatabase {
key.extend_from_slice(&width.to_be_bytes()); key.extend_from_slice(&width.to_be_bytes());
key.extend_from_slice(&height.to_be_bytes()); key.extend_from_slice(&height.to_be_bytes());
key.push(0xff); key.push(0xff);
key.extend_from_slice( key.extend_from_slice(content_disposition.to_string().as_bytes());
content_disposition
.as_ref()
.map(|f| f.as_bytes())
.unwrap_or_default(),
);
key.push(0xff); key.push(0xff);
key.extend_from_slice( key.extend_from_slice(
content_type content_type
@ -40,7 +35,7 @@ impl service::media::Data for KeyValueDatabase {
mxc: String, mxc: String,
width: u32, width: u32,
height: u32, height: u32,
) -> Result<(Option<String>, Option<String>, Vec<u8>)> { ) -> Result<(ContentDisposition, Option<String>, Vec<u8>)> {
let mut prefix = mxc.as_bytes().to_vec(); let mut prefix = mxc.as_bytes().to_vec();
prefix.push(0xff); prefix.push(0xff);
prefix.extend_from_slice(&width.to_be_bytes()); prefix.extend_from_slice(&width.to_be_bytes());
@ -68,15 +63,9 @@ impl service::media::Data for KeyValueDatabase {
.next() .next()
.ok_or_else(|| Error::bad_database("Media ID in db is invalid."))?; .ok_or_else(|| Error::bad_database("Media ID in db is invalid."))?;
let content_disposition = if content_disposition_bytes.is_empty() { let content_disposition = content_disposition_bytes.try_into().unwrap_or_else(|_| {
None ContentDisposition::new(ruma::http_headers::ContentDispositionType::Inline)
} else { });
Some(
utils::string_from_bytes(content_disposition_bytes).map_err(|_| {
Error::bad_database("Content Disposition in mediaid_file is invalid unicode.")
})?,
)
};
Ok((content_disposition, content_type, key)) Ok((content_disposition, content_type, key))
} }
} }

View file

@ -1,9 +1,15 @@
use ruma::{api::client::error::ErrorKind, OwnedRoomAliasId, OwnedRoomId, RoomAliasId, RoomId}; use ruma::{
api::client::error::ErrorKind, OwnedRoomAliasId, OwnedRoomId, OwnedUserId, RoomAliasId, RoomId,
UserId,
};
use crate::{database::KeyValueDatabase, service, services, utils, Error, Result}; use crate::{database::KeyValueDatabase, service, services, utils, Error, Result};
impl service::rooms::alias::Data for KeyValueDatabase { impl service::rooms::alias::Data for KeyValueDatabase {
fn set_alias(&self, alias: &RoomAliasId, room_id: &RoomId) -> Result<()> { fn set_alias(&self, alias: &RoomAliasId, room_id: &RoomId, user_id: &UserId) -> Result<()> {
// Comes first as we don't want a stuck alias
self.alias_userid
.insert(alias.alias().as_bytes(), user_id.as_bytes())?;
self.alias_roomid self.alias_roomid
.insert(alias.alias().as_bytes(), room_id.as_bytes())?; .insert(alias.alias().as_bytes(), room_id.as_bytes())?;
let mut aliasid = room_id.as_bytes().to_vec(); let mut aliasid = room_id.as_bytes().to_vec();
@ -22,13 +28,13 @@ impl service::rooms::alias::Data for KeyValueDatabase {
self.aliasid_alias.remove(&key)?; self.aliasid_alias.remove(&key)?;
} }
self.alias_roomid.remove(alias.alias().as_bytes())?; self.alias_roomid.remove(alias.alias().as_bytes())?;
self.alias_userid.remove(alias.alias().as_bytes())
} else { } else {
return Err(Error::BadRequest( Err(Error::BadRequest(
ErrorKind::NotFound, ErrorKind::NotFound,
"Alias does not exist.", "Alias does not exist.",
)); ))
} }
Ok(())
} }
fn resolve_local_alias(&self, alias: &RoomAliasId) -> Result<Option<OwnedRoomId>> { fn resolve_local_alias(&self, alias: &RoomAliasId) -> Result<Option<OwnedRoomId>> {
@ -57,4 +63,16 @@ impl service::rooms::alias::Data for KeyValueDatabase {
.map_err(|_| Error::bad_database("Invalid alias in aliasid_alias.")) .map_err(|_| Error::bad_database("Invalid alias in aliasid_alias."))
})) }))
} }
fn who_created_alias(&self, alias: &RoomAliasId) -> Result<Option<OwnedUserId>> {
self.alias_userid
.get(alias.alias().as_bytes())?
.map(|bytes| {
UserId::parse(utils::string_from_bytes(&bytes).map_err(|_| {
Error::bad_database("User ID in alias_userid is invalid unicode.")
})?)
.map_err(|_| Error::bad_database("User ID in alias_roomid is invalid."))
})
.transpose()
}
} }

View file

@ -1,6 +1,5 @@
mod presence; mod presence;
mod read_receipt; mod read_receipt;
mod typing;
use crate::{database::KeyValueDatabase, service}; use crate::{database::KeyValueDatabase, service};

View file

@ -1,127 +0,0 @@
use std::{collections::HashSet, mem};
use ruma::{OwnedUserId, RoomId, UserId};
use crate::{database::KeyValueDatabase, service, services, utils, Error, Result};
impl service::rooms::edus::typing::Data for KeyValueDatabase {
fn typing_add(&self, user_id: &UserId, room_id: &RoomId, timeout: u64) -> Result<()> {
let mut prefix = room_id.as_bytes().to_vec();
prefix.push(0xff);
let count = services().globals.next_count()?.to_be_bytes();
let mut room_typing_id = prefix;
room_typing_id.extend_from_slice(&timeout.to_be_bytes());
room_typing_id.push(0xff);
room_typing_id.extend_from_slice(&count);
self.typingid_userid
.insert(&room_typing_id, user_id.as_bytes())?;
self.roomid_lasttypingupdate
.insert(room_id.as_bytes(), &count)?;
Ok(())
}
fn typing_remove(&self, user_id: &UserId, room_id: &RoomId) -> Result<()> {
let mut prefix = room_id.as_bytes().to_vec();
prefix.push(0xff);
let user_id = user_id.to_string();
let mut found_outdated = false;
// Maybe there are multiple ones from calling roomtyping_add multiple times
for outdated_edu in self
.typingid_userid
.scan_prefix(prefix)
.filter(|(_, v)| &**v == user_id.as_bytes())
{
self.typingid_userid.remove(&outdated_edu.0)?;
found_outdated = true;
}
if found_outdated {
self.roomid_lasttypingupdate.insert(
room_id.as_bytes(),
&services().globals.next_count()?.to_be_bytes(),
)?;
}
Ok(())
}
fn typings_maintain(&self, room_id: &RoomId) -> Result<()> {
let mut prefix = room_id.as_bytes().to_vec();
prefix.push(0xff);
let current_timestamp = utils::millis_since_unix_epoch();
let mut found_outdated = false;
// Find all outdated edus before inserting a new one
for outdated_edu in self
.typingid_userid
.scan_prefix(prefix)
.map(|(key, _)| {
Ok::<_, Error>((
key.clone(),
utils::u64_from_bytes(
&key.splitn(2, |&b| b == 0xff).nth(1).ok_or_else(|| {
Error::bad_database("RoomTyping has invalid timestamp or delimiters.")
})?[0..mem::size_of::<u64>()],
)
.map_err(|_| Error::bad_database("RoomTyping has invalid timestamp bytes."))?,
))
})
.filter_map(|r| r.ok())
.take_while(|&(_, timestamp)| timestamp < current_timestamp)
{
// This is an outdated edu (time > timestamp)
self.typingid_userid.remove(&outdated_edu.0)?;
found_outdated = true;
}
if found_outdated {
self.roomid_lasttypingupdate.insert(
room_id.as_bytes(),
&services().globals.next_count()?.to_be_bytes(),
)?;
}
Ok(())
}
fn last_typing_update(&self, room_id: &RoomId) -> Result<u64> {
Ok(self
.roomid_lasttypingupdate
.get(room_id.as_bytes())?
.map(|bytes| {
utils::u64_from_bytes(&bytes).map_err(|_| {
Error::bad_database("Count in roomid_lastroomactiveupdate is invalid.")
})
})
.transpose()?
.unwrap_or(0))
}
fn typings_all(&self, room_id: &RoomId) -> Result<HashSet<OwnedUserId>> {
let mut prefix = room_id.as_bytes().to_vec();
prefix.push(0xff);
let mut user_ids = HashSet::new();
for (_, user_id) in self.typingid_userid.scan_prefix(prefix) {
let user_id = UserId::parse(utils::string_from_bytes(&user_id).map_err(|_| {
Error::bad_database("User ID in typingid_userid is invalid unicode.")
})?)
.map_err(|_| Error::bad_database("User ID in typingid_userid is invalid."))?;
user_ids.insert(user_id);
}
Ok(user_ids)
}
}

View file

@ -12,6 +12,7 @@ mod state;
mod state_accessor; mod state_accessor;
mod state_cache; mod state_cache;
mod state_compressor; mod state_compressor;
mod threads;
mod timeline; mod timeline;
mod user; mod user;

Some files were not shown because too many files have changed in this diff Show more