shruub
/
conduit
mirror of https://gitlab.com/famedly/conduit
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'maxopenfiles' into 'next'

Browse Source 
Server ACL support and more config options

Closes #67

See merge request famedly/conduit!248
merge-requests/256/merge
Timo Kösters 2 years ago
parent 24aa034e48 53de350908
commit b2ffc4e496
12 changed files with 193 additions and 92 deletions
Show Stats Download Patch File Download Diff File

48
Cargo.lock generated
Unescape Escape View File

@ -2086,7 +2086,7 @@ dependencies = [
[[package]]
name = "ruma"
version = "0.4.0"
source = "git+https://github.com/ruma/ruma?rev=f8ba7f795765bf4aeb4db06849f9fdde9c162ac3#f8ba7f795765bf4aeb4db06849f9fdde9c162ac3"
source = "git+https://github.com/ruma/ruma?rev=08d60b3d376b63462f769d4b9bd3bbfb560d501a#08d60b3d376b63462f769d4b9bd3bbfb560d501a"
dependencies = [
"assign",
"js_int",
@ -2107,7 +2107,7 @@ dependencies = [
[[package]]
name = "ruma-api"
version = "0.18.5"
source = "git+https://github.com/ruma/ruma?rev=f8ba7f795765bf4aeb4db06849f9fdde9c162ac3#f8ba7f795765bf4aeb4db06849f9fdde9c162ac3"
source = "git+https://github.com/ruma/ruma?rev=08d60b3d376b63462f769d4b9bd3bbfb560d501a#08d60b3d376b63462f769d4b9bd3bbfb560d501a"
dependencies = [
"bytes",
"http",
@ -2123,7 +2123,7 @@ dependencies = [
[[package]]
name = "ruma-api-macros"
version = "0.18.5"
source = "git+https://github.com/ruma/ruma?rev=f8ba7f795765bf4aeb4db06849f9fdde9c162ac3#f8ba7f795765bf4aeb4db06849f9fdde9c162ac3"
source = "git+https://github.com/ruma/ruma?rev=08d60b3d376b63462f769d4b9bd3bbfb560d501a#08d60b3d376b63462f769d4b9bd3bbfb560d501a"
dependencies = [
"proc-macro-crate",
"proc-macro2",
@ -2134,7 +2134,7 @@ dependencies = [
[[package]]
name = "ruma-appservice-api"
version = "0.4.0"
source = "git+https://github.com/ruma/ruma?rev=f8ba7f795765bf4aeb4db06849f9fdde9c162ac3#f8ba7f795765bf4aeb4db06849f9fdde9c162ac3"
source = "git+https://github.com/ruma/ruma?rev=08d60b3d376b63462f769d4b9bd3bbfb560d501a#08d60b3d376b63462f769d4b9bd3bbfb560d501a"
dependencies = [
"ruma-api",
"ruma-common",
@ -2148,7 +2148,7 @@ dependencies = [
[[package]]
name = "ruma-client-api"
version = "0.12.3"
source = "git+https://github.com/ruma/ruma?rev=f8ba7f795765bf4aeb4db06849f9fdde9c162ac3#f8ba7f795765bf4aeb4db06849f9fdde9c162ac3"
source = "git+https://github.com/ruma/ruma?rev=08d60b3d376b63462f769d4b9bd3bbfb560d501a#08d60b3d376b63462f769d4b9bd3bbfb560d501a"
dependencies = [
"assign",
"bytes",
@ -2168,7 +2168,7 @@ dependencies = [
[[package]]
name = "ruma-common"
version = "0.6.0"
source = "git+https://github.com/ruma/ruma?rev=f8ba7f795765bf4aeb4db06849f9fdde9c162ac3#f8ba7f795765bf4aeb4db06849f9fdde9c162ac3"
source = "git+https://github.com/ruma/ruma?rev=08d60b3d376b63462f769d4b9bd3bbfb560d501a#08d60b3d376b63462f769d4b9bd3bbfb560d501a"
dependencies = [
"indexmap",
"js_int",
@ -2183,7 +2183,7 @@ dependencies = [
[[package]]
name = "ruma-events"
version = "0.24.6"
source = "git+https://github.com/ruma/ruma?rev=f8ba7f795765bf4aeb4db06849f9fdde9c162ac3#f8ba7f795765bf4aeb4db06849f9fdde9c162ac3"
source = "git+https://github.com/ruma/ruma?rev=08d60b3d376b63462f769d4b9bd3bbfb560d501a#08d60b3d376b63462f769d4b9bd3bbfb560d501a"
dependencies = [
"indoc",
"js_int",
@ -2194,12 +2194,13 @@ dependencies = [
"serde",
"serde_json",
"thiserror",
"wildmatch",
]
[[package]]
name = "ruma-events-macros"
version = "0.24.6"
source = "git+https://github.com/ruma/ruma?rev=f8ba7f795765bf4aeb4db06849f9fdde9c162ac3#f8ba7f795765bf4aeb4db06849f9fdde9c162ac3"
source = "git+https://github.com/ruma/ruma?rev=08d60b3d376b63462f769d4b9bd3bbfb560d501a#08d60b3d376b63462f769d4b9bd3bbfb560d501a"
dependencies = [
"proc-macro-crate",
"proc-macro2",
@ -2210,7 +2211,7 @@ dependencies = [
[[package]]
name = "ruma-federation-api"
version = "0.3.1"
source = "git+https://github.com/ruma/ruma?rev=f8ba7f795765bf4aeb4db06849f9fdde9c162ac3#f8ba7f795765bf4aeb4db06849f9fdde9c162ac3"
source = "git+https://github.com/ruma/ruma?rev=08d60b3d376b63462f769d4b9bd3bbfb560d501a#08d60b3d376b63462f769d4b9bd3bbfb560d501a"
dependencies = [
"js_int",
"ruma-api",
@ -2225,7 +2226,7 @@ dependencies = [
[[package]]
name = "ruma-identifiers"
version = "0.20.0"
source = "git+https://github.com/ruma/ruma?rev=f8ba7f795765bf4aeb4db06849f9fdde9c162ac3#f8ba7f795765bf4aeb4db06849f9fdde9c162ac3"
source = "git+https://github.com/ruma/ruma?rev=08d60b3d376b63462f769d4b9bd3bbfb560d501a#08d60b3d376b63462f769d4b9bd3bbfb560d501a"
dependencies = [
"percent-encoding",
"rand 0.8.4",
@ -2234,12 +2235,13 @@ dependencies = [
"ruma-serde",
"ruma-serde-macros",
"serde",
"uuid",
]
[[package]]
name = "ruma-identifiers-macros"
version = "0.20.0"
source = "git+https://github.com/ruma/ruma?rev=f8ba7f795765bf4aeb4db06849f9fdde9c162ac3#f8ba7f795765bf4aeb4db06849f9fdde9c162ac3"
source = "git+https://github.com/ruma/ruma?rev=08d60b3d376b63462f769d4b9bd3bbfb560d501a#08d60b3d376b63462f769d4b9bd3bbfb560d501a"
dependencies = [
"quote",
"ruma-identifiers-validation",
@ -2249,7 +2251,7 @@ dependencies = [
[[package]]
name = "ruma-identifiers-validation"
version = "0.5.0"
source = "git+https://github.com/ruma/ruma?rev=f8ba7f795765bf4aeb4db06849f9fdde9c162ac3#f8ba7f795765bf4aeb4db06849f9fdde9c162ac3"
source = "git+https://github.com/ruma/ruma?rev=08d60b3d376b63462f769d4b9bd3bbfb560d501a#08d60b3d376b63462f769d4b9bd3bbfb560d501a"
dependencies = [
"thiserror",
]
@ -2257,7 +2259,7 @@ dependencies = [
[[package]]
name = "ruma-identity-service-api"
version = "0.3.0"
source = "git+https://github.com/ruma/ruma?rev=f8ba7f795765bf4aeb4db06849f9fdde9c162ac3#f8ba7f795765bf4aeb4db06849f9fdde9c162ac3"
source = "git+https://github.com/ruma/ruma?rev=08d60b3d376b63462f769d4b9bd3bbfb560d501a#08d60b3d376b63462f769d4b9bd3bbfb560d501a"
dependencies = [
"js_int",
"ruma-api",
@ -2270,7 +2272,7 @@ dependencies = [
[[package]]
name = "ruma-push-gateway-api"
version = "0.3.0"
source = "git+https://github.com/ruma/ruma?rev=f8ba7f795765bf4aeb4db06849f9fdde9c162ac3#f8ba7f795765bf4aeb4db06849f9fdde9c162ac3"
source = "git+https://github.com/ruma/ruma?rev=08d60b3d376b63462f769d4b9bd3bbfb560d501a#08d60b3d376b63462f769d4b9bd3bbfb560d501a"
dependencies = [
"js_int",
"ruma-api",
@ -2285,8 +2287,9 @@ dependencies = [
[[package]]
name = "ruma-serde"
version = "0.5.0"
source = "git+https://github.com/ruma/ruma?rev=f8ba7f795765bf4aeb4db06849f9fdde9c162ac3#f8ba7f795765bf4aeb4db06849f9fdde9c162ac3"
source = "git+https://github.com/ruma/ruma?rev=08d60b3d376b63462f769d4b9bd3bbfb560d501a#08d60b3d376b63462f769d4b9bd3bbfb560d501a"
dependencies = [
"base64 0.13.0",
"bytes",
"form_urlencoded",
"itoa 0.4.8",
@ -2299,7 +2302,7 @@ dependencies = [
[[package]]
name = "ruma-serde-macros"
version = "0.5.0"
source = "git+https://github.com/ruma/ruma?rev=f8ba7f795765bf4aeb4db06849f9fdde9c162ac3#f8ba7f795765bf4aeb4db06849f9fdde9c162ac3"
source = "git+https://github.com/ruma/ruma?rev=08d60b3d376b63462f769d4b9bd3bbfb560d501a#08d60b3d376b63462f769d4b9bd3bbfb560d501a"
dependencies = [
"proc-macro-crate",
"proc-macro2",
@ -2310,7 +2313,7 @@ dependencies = [
[[package]]
name = "ruma-signatures"
version = "0.9.0"
source = "git+https://github.com/ruma/ruma?rev=f8ba7f795765bf4aeb4db06849f9fdde9c162ac3#f8ba7f795765bf4aeb4db06849f9fdde9c162ac3"
source = "git+https://github.com/ruma/ruma?rev=08d60b3d376b63462f769d4b9bd3bbfb560d501a#08d60b3d376b63462f769d4b9bd3bbfb560d501a"
dependencies = [
"base64 0.13.0",
"ed25519-dalek",
@ -2327,7 +2330,7 @@ dependencies = [
[[package]]
name = "ruma-state-res"
version = "0.4.1"
source = "git+https://github.com/ruma/ruma?rev=f8ba7f795765bf4aeb4db06849f9fdde9c162ac3#f8ba7f795765bf4aeb4db06849f9fdde9c162ac3"
source = "git+https://github.com/ruma/ruma?rev=08d60b3d376b63462f769d4b9bd3bbfb560d501a#08d60b3d376b63462f769d4b9bd3bbfb560d501a"
dependencies = [
"itertools",
"js_int",
@ -3308,6 +3311,15 @@ dependencies = [
"percent-encoding",
]
[[package]]
name = "uuid"
version = "0.8.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "bc5cf98d8186244414c848017f0e2676b3fcb46807f6668a97dfe67359a3c4b7"
dependencies = [
"getrandom 0.2.3",
]
[[package]]
name = "vcpkg"
version = "0.2.15"

2
Cargo.toml
Unescape Escape View File

@ -19,7 +19,7 @@ rocket = { version = "0.5.0-rc.1", features = ["tls"] } # Used to handle request
# Used for matrix spec type definitions and helpers
#ruma = { version = "0.4.0", features = ["compat", "rand", "appservice-api-c", "client-api", "federation-api", "push-gateway-api-c", "state-res", "unstable-pre-spec", "unstable-exhaustive-types"] }
ruma = { git = "https://github.com/ruma/ruma", rev = "f8ba7f795765bf4aeb4db06849f9fdde9c162ac3", features = ["compat", "rand", "appservice-api-c", "client-api", "federation-api", "push-gateway-api-c", "state-res", "unstable-pre-spec", "unstable-exhaustive-types"] }
ruma = { git = "https://github.com/ruma/ruma", rev = "08d60b3d376b63462f769d4b9bd3bbfb560d501a", features = ["compat", "rand", "appservice-api-c", "client-api", "federation-api", "push-gateway-api-c", "state-res", "unstable-pre-spec", "unstable-exhaustive-types"] }
#ruma = { git = "https://github.com/timokoesters/ruma", rev = "50c1db7e0a3a21fc794b0cce3b64285a4c750c71", features = ["compat", "rand", "appservice-api-c", "client-api", "federation-api", "push-gateway-api-c", "state-res", "unstable-pre-spec", "unstable-exhaustive-types"] }
#ruma = { path = "../ruma/crates/ruma", features = ["compat", "rand", "appservice-api-c", "client-api", "federation-api", "push-gateway-api-c", "state-res", "unstable-pre-spec", "unstable-exhaustive-types"] }

4
src/client_server/membership.rs
Unescape Escape View File

@ -23,7 +23,7 @@ use ruma::{
},
EventType,
},
serde::{to_canonical_value, CanonicalJsonObject, CanonicalJsonValue},
serde::{to_canonical_value, Base64, CanonicalJsonObject, CanonicalJsonValue},
state_res::{self, RoomVersion},
uint, EventId, RoomId, RoomVersionId, ServerName, UserId,
};
@ -787,7 +787,7 @@ async fn join_room_by_id_helper(
fn validate_and_add_event_id(
pdu: &RawJsonValue,
room_version: &RoomVersionId,
pub_key_map: &RwLock<BTreeMap<String, BTreeMap<String, String>>>,
pub_key_map: &RwLock<BTreeMap<String, BTreeMap<String, Base64>>>,
db: &Database,
) -> Result<(Box<EventId>, CanonicalJsonObject)> {
let mut value: CanonicalJsonObject = serde_json::from_str(pdu.get()).map_err(|e| {

4
src/client_server/message.rs
Unescape Escape View File

@ -74,11 +74,11 @@ pub async fn send_message_event_route(
}
let mut unsigned = BTreeMap::new();
unsigned.insert("transaction_id".to_owned(), body.txn_id.clone().into());
unsigned.insert("transaction_id".to_owned(), body.txn_id.to_string().into());
let event_id = db.rooms.build_and_append_pdu(
PduBuilder {
event_type: EventType::from(&body.event_type),
event_type: EventType::from(&*body.event_type),
content: serde_json::from_str(body.body.body.json().get())
.map_err(|_| Error::BadRequest(ErrorKind::BadJson, "Invalid JSON body."))?,
unsigned: Some(unsigned),

4
src/client_server/state.rs
Unescape Escape View File

@ -44,7 +44,7 @@ pub async fn send_state_event_for_key_route(
&db,
sender_user,
&body.room_id,
EventType::from(&body.event_type),
EventType::from(&*body.event_type),
&body.body.body, // Yes, I hate it too
body.state_key.to_owned(),
)
@ -86,7 +86,7 @@ pub async fn send_state_event_for_empty_key_route(
&db,
sender_user,
&body.room_id,
EventType::from(&body.event_type),
EventType::from(&*body.event_type),
&body.body.body,
body.state_key.to_owned(),
)

53
src/client_server/sync.rs
Unescape Escape View File

@ -453,38 +453,39 @@ async fn sync_helper(
let joined_since_last_sync = since_sender_member
.map_or(true, |member| member.membership != MembershipState::Join);
let current_state_ids = db.rooms.state_full_ids(current_shortstatehash)?;
let since_state_ids = db.rooms.state_full_ids(since_shortstatehash)?;
let mut state_events = Vec::new();
let mut lazy_loaded = HashSet::new();
for (key, id) in current_state_ids {
if body.full_state || since_state_ids.get(&key) != Some(&id) {
let pdu = match db.rooms.get_pdu(&id)? {
Some(pdu) => pdu,
None => {
error!("Pdu in state not found: {}", id);
continue;
}
};
if pdu.kind == EventType::RoomMember {
match UserId::parse(
pdu.state_key
.as_ref()
.expect("State event has state key")
.clone(),
) {
Ok(state_key_userid) => {
lazy_loaded.insert(state_key_userid);
if since_shortstatehash != current_shortstatehash {
let current_state_ids = db.rooms.state_full_ids(current_shortstatehash)?;
let since_state_ids = db.rooms.state_full_ids(since_shortstatehash)?;
for (key, id) in current_state_ids {
if body.full_state || since_state_ids.get(&key) != Some(&id) {
let pdu = match db.rooms.get_pdu(&id)? {
Some(pdu) => pdu,
None => {
error!("Pdu in state not found: {}", id);
continue;
}
};
if pdu.kind == EventType::RoomMember {
match UserId::parse(
pdu.state_key
.as_ref()
.expect("State event has state key")
.clone(),
) {
Ok(state_key_userid) => {
lazy_loaded.insert(state_key_userid);
}
Err(e) => error!("Invalid state key for member event: {}", e),
}
Err(e) => error!("Invalid state key for member event: {}", e),
}
}
state_events.push(pdu);
state_events.push(pdu);
}
}
}

4
src/client_server/to_device.rs
Unescape Escape View File

@ -53,8 +53,8 @@ pub async fn send_event_to_device_route(
serde_json::to_vec(&federation::transactions::edu::Edu::DirectToDevice(
DirectDeviceContent {
sender: sender_user.clone(),
ev_type: EventType::from(&body.event_type),
message_id: body.txn_id.clone(),
ev_type: EventType::from(&*body.event_type),
message_id: body.txn_id.to_string(),
messages,
},
))

8
src/database.rs
Unescape Escape View File

@ -49,6 +49,8 @@ pub struct Config {
database_path: String,
#[serde(default = "default_db_cache_capacity_mb")]
db_cache_capacity_mb: f64,
#[serde(default = "default_rocksdb_max_open_files")]
rocksdb_max_open_files: i32,
#[serde(default = "default_pdu_cache_capacity")]
pdu_cache_capacity: u32,
#[serde(default = "default_cleanup_second_interval")]
@ -127,8 +129,12 @@ fn default_db_cache_capacity_mb() -> f64 {
10.0
}
fn default_rocksdb_max_open_files() -> i32 {
512
}
fn default_pdu_cache_capacity() -> u32 {
1_000_000
150_000
}
fn default_cleanup_second_interval() -> u32 {

16
src/database/abstraction/rocksdb.rs
Unescape Escape View File

@ -4,7 +4,7 @@ use std::{future::Future, pin::Pin, sync::Arc, sync::RwLock};
pub struct Engine {
rocks: rocksdb::DBWithThreadMode<rocksdb::MultiThreaded>,
cache_capacity_bytes: usize,
max_open_files: i32,
cache: rocksdb::Cache,
old_cfs: Vec<String>,
}
@ -16,7 +16,7 @@ pub struct RocksDbEngineTree<'a> {
write_lock: RwLock<()>,
}
fn db_options(cache_capacity_bytes: usize, rocksdb_cache: &rocksdb::Cache) -> rocksdb::Options {
fn db_options(max_open_files: i32, rocksdb_cache: &rocksdb::Cache) -> rocksdb::Options {
let mut block_based_options = rocksdb::BlockBasedOptions::default();
block_based_options.set_block_cache(rocksdb_cache);
@ -36,10 +36,10 @@ fn db_options(cache_capacity_bytes: usize, rocksdb_cache: &rocksdb::Cache) -> ro
//db_opts.set_use_direct_io_for_flush_and_compaction(true);
db_opts.create_if_missing(true);
db_opts.increase_parallelism(num_cpus::get() as i32);
db_opts.set_max_open_files(512);
db_opts.set_max_open_files(max_open_files);
db_opts.set_compression_type(rocksdb::DBCompressionType::Zstd);
db_opts.set_compaction_style(rocksdb::DBCompactionStyle::Level);
db_opts.optimize_level_style_compaction(cache_capacity_bytes);
db_opts.optimize_level_style_compaction(10 * 1024 * 1024);
let prefix_extractor = rocksdb::SliceTransform::create_fixed_prefix(1);
db_opts.set_prefix_extractor(prefix_extractor);
@ -52,7 +52,7 @@ impl DatabaseEngine for Arc<Engine> {
let cache_capacity_bytes = (config.db_cache_capacity_mb * 1024.0 * 1024.0) as usize;
let rocksdb_cache = rocksdb::Cache::new_lru_cache(cache_capacity_bytes).unwrap();
let db_opts = db_options(cache_capacity_bytes, &rocksdb_cache);
let db_opts = db_options(config.rocksdb_max_open_files, &rocksdb_cache);
let cfs = rocksdb::DBWithThreadMode::<rocksdb::MultiThreaded>::list_cf(
&db_opts,
@ -66,14 +66,14 @@ impl DatabaseEngine for Arc<Engine> {
cfs.iter().map(|name| {
rocksdb::ColumnFamilyDescriptor::new(
name,
db_options(cache_capacity_bytes, &rocksdb_cache),
db_options(config.rocksdb_max_open_files, &rocksdb_cache),
)
}),
)?;
Ok(Arc::new(Engine {
rocks: db,
cache_capacity_bytes,
max_open_files: config.rocksdb_max_open_files,
cache: rocksdb_cache,
old_cfs: cfs,
}))
@ -84,7 +84,7 @@ impl DatabaseEngine for Arc<Engine> {
// Create if it didn't exist
let _ = self
.rocks
.create_cf(name, &db_options(self.cache_capacity_bytes, &self.cache));
.create_cf(name, &db_options(self.max_open_files, &self.cache));
}
Ok(Arc::new(RocksDbEngineTree {

10
src/database/sending.rs
Unescape Escape View File

@ -524,7 +524,7 @@ impl Sending {
.unwrap(), // TODO: handle error
appservice::event::push_events::v1::Request {
events: &pdu_jsons,
txn_id: &base64::encode_config(
txn_id: (&*base64::encode_config(
Self::calculate_hash(
&events
.iter()
@ -534,7 +534,8 @@ impl Sending {
.collect::<Vec<_>>(),
),
base64::URL_SAFE_NO_PAD,
),
))
.into(),
},
)
.await
@ -682,7 +683,7 @@ impl Sending {
pdus: &pdu_jsons,
edus: &edu_jsons,
origin_server_ts: MilliSecondsSinceUnixEpoch::now(),
transaction_id: &base64::encode_config(
transaction_id: (&*base64::encode_config(
Self::calculate_hash(
&events
.iter()
@ -692,7 +693,8 @@ impl Sending {
.collect::<Vec<_>>(),
),
base64::URL_SAFE_NO_PAD,
),
))
.into(),
},
)
.await

6
src/database/transaction_ids.rs
Unescape Escape View File

@ -1,7 +1,7 @@
use std::sync::Arc;
use crate::Result;
use ruma::{DeviceId, UserId};
use ruma::{identifiers::TransactionId, DeviceId, UserId};
use super::abstraction::Tree;
@ -14,7 +14,7 @@ impl TransactionIds {
&self,
user_id: &UserId,
device_id: Option<&DeviceId>,
txn_id: &str,
txn_id: &TransactionId,
data: &[u8],
) -> Result<()> {
let mut key = user_id.as_bytes().to_vec();
@ -32,7 +32,7 @@ impl TransactionIds {
&self,
user_id: &UserId,
device_id: Option<&DeviceId>,
txn_id: &str,
txn_id: &TransactionId,
) -> Result<Option<Vec<u8>>> {
let mut key = user_id.as_bytes().to_vec();
key.push(0xff);

126
src/server_server.rs
Unescape Escape View File

@ -44,12 +44,13 @@ use ruma::{
room::{
create::RoomCreateEventContent,
member::{MembershipState, RoomMemberEventContent},
server_acl::RoomServerAclEventContent,
},
AnyEphemeralRoomEvent, EventType,
},
int,
receipt::ReceiptType,
serde::JsonObject,
serde::{Base64, JsonObject},
signatures::{CanonicalJsonObject, CanonicalJsonValue},
state_res::{self, RoomVersion, StateMap},
to_device::DeviceIdOrAllDevices,
@ -551,7 +552,7 @@ pub fn get_server_keys_route(db: DatabaseGuard) -> Json<String> {
.try_into()
.expect("found invalid server signing keys in DB"),
VerifyKey {
key: base64::encode_config(db.globals.keypair().public_key(), base64::STANDARD_NO_PAD),
key: Base64::new(db.globals.keypair().public_key().to_vec()),
},
);
let mut response = serde_json::from_slice(
@ -740,6 +741,8 @@ pub async fn send_transaction_message_route(
}
};
acl_check(&body.origin, &room_id, &db)?;
let mutex = Arc::clone(
db.globals
.roomid_mutex_federation
@ -854,7 +857,7 @@ pub async fn send_transaction_message_route(
// Check if this is a new transaction id
if db
.transaction_ids
.existing_txnid(&sender, None, &message_id)?
.existing_txnid(&sender, None, (&*message_id).into())?
.is_some()
{
continue;
@ -902,7 +905,7 @@ pub async fn send_transaction_message_route(
// Save transaction id with empty data
db.transaction_ids
.add_txnid(&sender, None, &message_id, &[])?;
.add_txnid(&sender, None, (&*message_id).into(), &[])?;
}
Edu::_Custom(_) => {}
}
@ -948,7 +951,7 @@ pub(crate) async fn handle_incoming_pdu<'a>(
value: BTreeMap<String, CanonicalJsonValue>,
is_timeline_event: bool,
db: &'a Database,
pub_key_map: &'a RwLock<BTreeMap<String, BTreeMap<String, String>>>,
pub_key_map: &'a RwLock<BTreeMap<String, BTreeMap<String, Base64>>>,
) -> Result<Option<Vec<u8>>, String> {
match db.rooms.exists(room_id) {
Ok(true) => {}
@ -1123,7 +1126,7 @@ fn handle_outlier_pdu<'a>(
room_id: &'a RoomId,
value: BTreeMap<String, CanonicalJsonValue>,
db: &'a Database,
pub_key_map: &'a RwLock<BTreeMap<String, BTreeMap<String, String>>>,
pub_key_map: &'a RwLock<BTreeMap<String, BTreeMap<String, Base64>>>,
) -> AsyncRecursiveType<'a, Result<(Arc<PduEvent>, BTreeMap<String, CanonicalJsonValue>), String>> {
Box::pin(async move {
// TODO: For RoomVersion6 we must check that Raw<..> is canonical do we anywhere?: https://matrix.org/docs/spec/rooms/v6#canonical-json
@ -1285,7 +1288,7 @@ async fn upgrade_outlier_to_timeline_pdu(
origin: &ServerName,
db: &Database,
room_id: &RoomId,
pub_key_map: &RwLock<BTreeMap<String, BTreeMap<String, String>>>,
pub_key_map: &RwLock<BTreeMap<String, BTreeMap<String, Base64>>>,
) -> Result<Option<Vec<u8>>, String> {
if let Ok(Some(pduid)) = db.rooms.get_pdu_id(&incoming_pdu.event_id) {
return Ok(Some(pduid));
@ -1827,7 +1830,7 @@ pub(crate) fn fetch_and_handle_outliers<'a>(
events: &'a [Arc<EventId>],
create_event: &'a PduEvent,
room_id: &'a RoomId,
pub_key_map: &'a RwLock<BTreeMap<String, BTreeMap<String, String>>>,
pub_key_map: &'a RwLock<BTreeMap<String, BTreeMap<String, Base64>>>,
) -> AsyncRecursiveType<'a, Vec<(Arc<PduEvent>, Option<BTreeMap<String, CanonicalJsonValue>>)>> {
Box::pin(async move {
let back_off = |id| match db.globals.bad_event_ratelimiter.write().unwrap().entry(id) {
@ -1966,9 +1969,9 @@ pub(crate) async fn fetch_signing_keys(
db: &Database,
origin: &ServerName,
signature_ids: Vec<String>,
) -> Result<BTreeMap<String, String>> {
) -> Result<BTreeMap<String, Base64>> {
let contains_all_ids =
|keys: &BTreeMap<String, String>| signature_ids.iter().all(|id| keys.contains_key(id));
|keys: &BTreeMap<String, Base64>| signature_ids.iter().all(|id| keys.contains_key(id));
let permit = db
.globals
@ -2355,8 +2358,11 @@ pub fn get_event_route(
let room_id = <&RoomId>::try_from(room_id_str)
.map_err(|_| Error::bad_database("Invalid room id field in event in database"))?;
if !db.rooms.server_in_room(sender_servername, room_id)? {
return Err(Error::BadRequest(ErrorKind::NotFound, "Event not found."));
if !db.rooms.server_in_room(sender_servername, &room_id)? {
return Err(Error::BadRequest(
ErrorKind::Forbidden,
"Server is not in room",
));
}
Ok(get_event::v1::Response {
@ -2395,6 +2401,8 @@ pub fn get_missing_events_route(
));
}
acl_check(sender_servername, &body.room_id, &db)?;
let mut queued_events = body.latest_events.clone();
let mut events = Vec::new();
@ -2464,6 +2472,15 @@ pub fn get_event_authorization_route(
.as_ref()
.expect("server is authenticated");
if !db.rooms.server_in_room(sender_servername, &body.room_id)? {
return Err(Error::BadRequest(
ErrorKind::Forbidden,
"Server is not in room.",
));
}
acl_check(sender_servername, &body.room_id, &db)?;
let event = db
.rooms
.get_pdu_json(&body.event_id)?
@ -2477,10 +2494,6 @@ pub fn get_event_authorization_route(
let room_id = <&RoomId>::try_from(room_id_str)
.map_err(|_| Error::bad_database("Invalid room id field in event in database"))?;
if !db.rooms.server_in_room(sender_servername, room_id)? {
return Err(Error::BadRequest(ErrorKind::NotFound, "Event not found."));
}
let auth_chain_ids = get_auth_chain(room_id, vec![Arc::from(&*body.event_id)], &db)?;
Ok(get_event_authorization::v1::Response {
@ -2520,6 +2533,8 @@ pub fn get_room_state_route(
));
}
acl_check(sender_servername, &body.room_id, &db)?;
let shortstatehash = db
.rooms
.pdu_shortstatehash(&body.event_id)?
@ -2583,6 +2598,8 @@ pub fn get_room_state_ids_route(
));
}
acl_check(sender_servername, &body.room_id, &db)?;
let shortstatehash = db
.rooms
.pdu_shortstatehash(&body.event_id)?
@ -2626,10 +2643,17 @@ pub fn create_join_event_template_route(
if !db.rooms.exists(&body.room_id)? {
return Err(Error::BadRequest(
ErrorKind::NotFound,
"Server is not in room.",
"Room is unknown to this server.",
));
}
let sender_servername = body
.sender_servername
.as_ref()
.expect("server is authenticated");
acl_check(sender_servername, &body.room_id, &db)?;
let prev_events: Vec<_> = db
.rooms
.get_pdu_leaves(&body.room_id)?
@ -2782,6 +2806,7 @@ pub fn create_join_event_template_route(
async fn create_join_event(
db: &DatabaseGuard,
sender_servername: &ServerName,
room_id: &RoomId,
pdu: &RawJsonValue,
) -> Result<RoomState> {
@ -2789,6 +2814,15 @@ async fn create_join_event(
return Err(Error::bad_config("Federation is disabled."));
}
if !db.rooms.exists(room_id)? {
return Err(Error::BadRequest(
ErrorKind::NotFound,
"Room is unknown to this server.",
));
}
acl_check(sender_servername, room_id, &db)?;
// We need to return the state prior to joining, let's keep a reference to that here
let shortstatehash = db
.rooms
@ -2888,7 +2922,12 @@ pub async fn create_join_event_v1_route(
db: DatabaseGuard,
body: Ruma<create_join_event::v1::Request<'_>>,
) -> ConduitResult<create_join_event::v1::Response> {
let room_state = create_join_event(&db, &body.room_id, &body.pdu).await?;
let sender_servername = body
.sender_servername
.as_ref()
.expect("server is authenticated");
let room_state = create_join_event(&db, sender_servername, &body.room_id, &body.pdu).await?;
Ok(create_join_event::v1::Response { room_state }.into())
}
@ -2905,7 +2944,12 @@ pub async fn create_join_event_v2_route(
db: DatabaseGuard,
body: Ruma<create_join_event::v2::Request<'_>>,
) -> ConduitResult<create_join_event::v2::Response> {
let room_state = create_join_event(&db, &body.room_id, &body.pdu).await?;
let sender_servername = body
.sender_servername
.as_ref()
.expect("server is authenticated");
let room_state = create_join_event(&db, sender_servername, &body.room_id, &body.pdu).await?;
Ok(create_join_event::v2::Response { room_state }.into())
}
@ -2926,6 +2970,13 @@ pub async fn create_invite_route(
return Err(Error::bad_config("Federation is disabled."));
}
let sender_servername = body
.sender_servername
.as_ref()
.expect("server is authenticated");
acl_check(sender_servername, &body.room_id, &db)?;
if body.room_version != RoomVersionId::V5 && body.room_version != RoomVersionId::V6 {
return Err(Error::BadRequest(
ErrorKind::IncompatibleRoomVersion {
@ -3199,7 +3250,7 @@ pub async fn claim_keys_route(
#[tracing::instrument(skip(event, pub_key_map, db))]
pub(crate) async fn fetch_required_signing_keys(
event: &BTreeMap<String, CanonicalJsonValue>,
pub_key_map: &RwLock<BTreeMap<String, BTreeMap<String, String>>>,
pub_key_map: &RwLock<BTreeMap<String, BTreeMap<String, Base64>>>,
db: &Database,
) -> Result<()> {
let signatures = event
@ -3253,7 +3304,7 @@ fn get_server_keys_from_cache(
pdu: &RawJsonValue,
servers: &mut BTreeMap<Box<ServerName>, BTreeMap<Box<ServerSigningKeyId>, QueryCriteria>>,
room_version: &RoomVersionId,
pub_key_map: &mut RwLockWriteGuard<'_, BTreeMap<String, BTreeMap<String, String>>>,
pub_key_map: &mut RwLockWriteGuard<'_, BTreeMap<String, BTreeMap<String, Base64>>>,
db: &Database,
) -> Result<()> {
let value: CanonicalJsonObject = serde_json::from_str(pdu.get()).map_err(|e| {
@ -3306,7 +3357,7 @@ fn get_server_keys_from_cache(
let signature_ids = signature_object.keys().cloned().collect::<Vec<_>>();
let contains_all_ids =
|keys: &BTreeMap<String, String>| signature_ids.iter().all(|id| keys.contains_key(id));
|keys: &BTreeMap<String, Base64>| signature_ids.iter().all(|id| keys.contains_key(id));
let origin = <&ServerName>::try_from(signature_server.as_str()).map_err(|_| {
Error::BadServerResponse("Invalid servername in signatures of server response pdu.")
@ -3339,7 +3390,7 @@ fn get_server_keys_from_cache(
pub(crate) async fn fetch_join_signing_keys(
event: &create_join_event::v2::Response,
room_version: &RoomVersionId,
pub_key_map: &RwLock<BTreeMap<String, BTreeMap<String, String>>>,
pub_key_map: &RwLock<BTreeMap<String, BTreeMap<String, Base64>>>,
db: &Database,
) -> Result<()> {
let mut servers: BTreeMap<Box<ServerName>, BTreeMap<Box<ServerSigningKeyId>, QueryCriteria>> =
@ -3439,6 +3490,35 @@ pub(crate) async fn fetch_join_signing_keys(
Ok(())
}
/// Returns Ok if the acl allows the server
fn acl_check(server_name: &ServerName, room_id: &RoomId, db: &Database) -> Result<()> {
let acl_event = match db
.rooms
.room_state_get(room_id, &EventType::RoomServerAcl, "")?
{
Some(acl) => acl,
None => return Ok(()),
};
let acl_event_content: RoomServerAclEventContent =
match serde_json::from_str(acl_event.content.get()) {
Ok(content) => content,
Err(_) => {
warn!("Invalid ACL event");
return Ok(());
}
};
if acl_event_content.is_allowed(server_name) {
Ok(())
} else {
Err(Error::BadRequest(
ErrorKind::Forbidden,
"Server was denied by ACL",
))
}
}
#[cfg(test)]
mod tests {
use super::{add_port_to_hostname, get_ip_with_port, FedDest};

Write Preview
Loading…
Cancel
Save