Merge remote-tracking branch 'famedly/master' into appservices

Cargo.toml

@@ -77,3 +77,26 @@ required-features = ["conduit_bin"]
 [lib]
 name = "conduit"
 path = "src/lib.rs"
+
+[package.metadata.deb]
+name = "matrix-conduit"
+maintainer = "Paul van Tilburg <paul@luon.net>"
+copyright = "2020, Timo Kösters <timo@koesters.xyz>"
+license-file = ["LICENSE", "3"]
+depends = "$auto, ca-certificates"
+extended-description = """\
+A fast Matrix homeserver that is optimized for smaller, personal servers, \
+instead of a server that has high scalability."""
+section = "net"
+priority = "optional"
+assets = [
+  ["debian/env.local", "etc/matrix-conduit/local", "644"],
+  ["debian/README.Debian", "usr/share/doc/matrix-conduit/", "644"],
+  ["README.md", "usr/share/doc/matrix-conduit/", "644"],
+  ["target/release/conduit", "usr/sbin/matrix-conduit", "755"],
+]
+conf-files = [
+  "/etc/matrix-conduit/local"
+]
+maintainer-scripts = "debian/"
+systemd-units = { unit-name = "matrix-conduit" }

debian/README.Debian

@@ -0,0 +1,29 @@
+Conduit for Debian
+==================
+
+Configuration
+-------------
+
+When installed, Debconf handles the configuration of the homeserver (host)name,
+the address and port it listens on. These configuration variables end up in
+/etc/matrix-conduit/debian.
+
+You can tweak more detailed settings by uncommenting and setting the variables
+in /etc/matrix-conduit/local. This involves settings such as the maximum file
+size for download/upload, enabling federation, etc.
+
+Running
+-------
+
+The package uses the matrix-conduit.service systemd unit file to start and
+stop Conduit. It loads the configuration files mentioned above to set up the
+environment before running the server.
+
+This package assumes by default that Conduit is placed behind a reverse proxy
+such as Apache or nginx. This default deployment entails just listening on
+127.0.0.1 and the free port 14004 and is reachable via a client using the URL
+http://localhost:14004.
+
+At a later stage this packaging may support also setting up TLS and running
+stand-alone.  In this case, however, you need to set up some certificates and
+renewal, for it to work properly.

debian/config

@@ -0,0 +1,17 @@
+#!/bin/sh
+set -e
+
+# Source debconf library.
+. /usr/share/debconf/confmodule
+
+# Ask for the Matrix homeserver name, address and port.
+db_input high matrix-conduit/hostname || true
+db_go
+
+db_input low matrix-conduit/address || true
+db_go
+
+db_input medium matrix-conduit/port || true
+db_go
+
+exit 0

debian/env.local

@@ -0,0 +1,33 @@
+# Conduit homeserver local configuration
+#
+# Conduit is an application based on the Rocket web framework.
+# Configuration of Conduit happens via Debconf (see the resulting config in
+# `/etc/matrix-conduit/debian`) and optionally by uncommenting and tweaking the
+# variables in this file below.
+
+# The maximum size of a Matrix HTTP requests in bytes.
+#
+# This mostly affects the size of files that can be downloaded/uploaded.
+# It defaults to 20971520 (20MB).
+#ROCKET_MAX_REQUEST_SIZE=20971520
+
+# Whether user registration is allowed.
+#
+# User registration is not disabled by default.
+#ROCKET_REGISTRATION_DISABLED=false
+
+# Whether encryption is enabled.
+#
+# (End-to-end) encryption is not disabled by default.
+#ROCKET_ENCRYPTION_DISABLED=false
+
+# Whether federation with other Matrix servers is enabled.
+#
+# Federation is not enabled by default; it is still experimental.
+#ROCKET_FEDERATION_ENABLED=false
+
+# The log level of the homeserver.
+#
+# The log level is "critical" by default.
+# Allowed values are: "off", "normal", "debug", "critical"
+#ROCKET_LOG="critical"

debian/matrix-conduit.service

@@ -0,0 +1,49 @@
+[Unit]
+Description=Conduit Matrix homeserver
+After=network.target
+
+[Service]
+User=_matrix-conduit
+Group=_matrix-conduit
+Type=simple
+
+AmbientCapabilities=
+CapabilityBoundingSet=
+LockPersonality=yes
+MemoryDenyWriteExecute=yes
+NoNewPrivileges=yes
+ProtectClock=yes
+ProtectControlGroups=yes
+ProtectHome=yes
+ProtectHostname=yes
+ProtectKernelLogs=yes
+ProtectKernelModules=yes
+ProtectKernelTunables=yes
+ProtectSystem=strict
+PrivateDevices=yes
+PrivateMounts=yes
+PrivateTmp=yes
+PrivateUsers=yes
+RemoveIPC=yes
+RestrictAddressFamilies=AF_INET AF_INET6
+RestrictNamespaces=yes
+RestrictRealtime=yes
+RestrictSUIDSGID=yes
+SystemCallArchitectures=native
+SystemCallFilter=@system-service
+SystemCallErrorNumber=EPERM
+StateDirectory=matrix-conduit
+
+Environment="ROCKET_ENV=production"
+Environment="ROCKET_DATABASE_PATH=/var/lib/matrix-conduit"
+EnvironmentFile=/etc/matrix-conduit/debian
+EnvironmentFile=/etc/matrix-conduit/local
+
+ExecStart=/usr/sbin/matrix-conduit
+Restart=on-failure
+RestartSec=10
+StartLimitInterval=1m
+StartLimitBurst=5
+
+[Install]
+WantedBy=multi-user.target

debian/postinst

@@ -0,0 +1,73 @@
+#!/bin/sh
+set -e
+
+. /usr/share/debconf/confmodule
+
+CONDUIT_CONFIG_PATH=/etc/matrix-conduit
+CONDUIT_CONFIG_FILE="$CONDUIT_CONFIG_PATH/debian"
+CONDUIT_DATABASE_PATH=/var/lib/matrix-conduit
+
+case "$1" in
+  configure)
+    # Create the `_matrix-conduit` user if it does not exist yet.
+    if ! getent passwd _matrix-conduit > /dev/null ; then
+      echo 'Adding system user for the Conduit Matrix homeserver' 1>&2
+      adduser --system --group --quiet \
+        --home $CONDUIT_DATABASE_PATH \
+        --disabled-login \
+        --force-badname \
+        _matrix-conduit
+    fi
+
+    # Create the database path if it does not exist yet.
+    if [ ! -d "$CONDUIT_DATABASE_PATH" ]; then
+      mkdir -p "$CONDUIT_DATABASE_PATH"
+      chown _matrix-conduit "$CONDUIT_DATABASE_PATH"
+    fi
+
+    # Write the debconf values in the config.
+    db_get matrix-conduit/hostname
+    ROCKET_SERVER_NAME="$RET"
+    db_get matrix-conduit/address
+    ROCKET_ADDRESS="$RET"
+    db_get matrix-conduit/port
+    ROCKET_PORT="$RET"
+    cat >"$CONDUIT_CONFIG_FILE" << EOF
+# Conduit homeserver Debian configuration
+#
+# Conduit is an application based on the Rocket web framework.
+# Configuration of Conduit happens via Debconf (of which the resulting config
+# is in this file) and optionally by uncommenting and tweaking the variables in
+# /etc/matrix-conduit/local.
+
+# THIS FILE IS GENERATED BY DEBCONF AND WILL BE OVERRIDDEN!
+#
+# Please make changes by running:
+#
+# \$ dpkg-reconfigure matrix-conduit
+#
+# or by providing overriding changes in /etc/matrix-conduit/local.
+
+# The server (host)name of the Matrix homeserver.
+#
+# This is the hostname the homeserver will be reachable at via a client.
+ROCKET_SERVER_NAME="$ROCKET_SERVER_NAME"
+
+# The address the Matrix homeserver listens on.
+#
+# By default the server listens on address 0.0.0.0. Change this to 127.0.0.1 to
+# only listen on the localhost when using a reverse proxy.
+ROCKET_ADDRESS="$ROCKET_ADDRESS"
+
+# The port of the Matrix homeserver.
+#
+# This port is could be any available port if accessed by a reverse proxy.
+# By default the server listens on port 8000.
+ROCKET_PORT="$ROCKET_PORT"
+
+# THIS FILE IS GENERATED BY DEBCONF AND WILL BE OVERRIDDEN!
+EOF
+    ;;
+esac
+
+#DEBHELPER#

debian/postrm

@@ -0,0 +1,22 @@
+#!/bin/sh
+set -e
+
+CONDUIT_CONFIG_PATH=/etc/matrix-conduit
+CONDUIT_DATABASE_PATH=/var/lib/matrix-conduit
+
+case $1 in
+  purge)
+    # Per https://www.debian.org/doc/debian-policy/ch-files.html#behavior
+    # "configuration files must be preserved when the package is removed, and
+    #  only deleted when the package is purged."
+    if [ -d "$CONDUIT_CONFIG_PATH" ]; then
+      rm -r "$CONDUIT_CONFIG_PATH"
+    fi
+
+    if [ -d "$CONDUIT_DATABASE_PATH" ]; then
+      rm -r "$CONDUIT_DATABASE_PATH"
+    fi
+    ;;
+esac
+
+#DEBHELPER#

debian/templates

@@ -0,0 +1,21 @@
+Template: matrix-conduit/hostname
+Type: string
+Default: localhost
+Description: The server (host)name of the Matrix homeserver
+ This is the hostname the homeserver will be reachable at via a client.
+ .
+ If set to "localhost", you can connect with a client locally and clients
+ from other hosts and also other homeservers will not be able to reach you!
+
+Template: matrix-conduit/address
+Type: string
+Default: 127.0.0.1
+Description: The listen address of the Matrix homeserver
+ This is the address the homeserver will listen on. Leave it set to 127.0.0.1
+ when using a reverse proxy.
+
+Template: matrix-conduit/port
+Type: string
+Default: 14004
+Description: The port of the Matrix homeserver
+ This port is most often just accessed by a reverse proxy.

src/client_server/account.rs

@@ -584,16 +584,16 @@ pub async fn change_password_route(
 
     db.users.set_password(&sender_user, &body.new_password)?;
 
-    // TODO: Read logout_devices field when it's available and respect that, currently not supported in Ruma
-    // See: https://github.com/ruma/ruma/issues/107
-    // Logout all devices except the current one
-    for id in db
-        .users
-        .all_device_ids(&sender_user)
-        .filter_map(|id| id.ok())
-        .filter(|id| id != sender_device)
-    {
-        db.users.remove_device(&sender_user, &id)?;
+    if body.logout_devices {
+        // Logout all devices except the current one
+        for id in db
+            .users
+            .all_device_ids(&sender_user)
+            .filter_map(|id| id.ok())
+            .filter(|id| id != sender_device)
+        {
+            db.users.remove_device(&sender_user, &id)?;
+        }
     }
 
     db.flush().await?;

tests/Complement.Dockerfile

@@ -9,7 +9,7 @@ ARG SCCACHE_ENDPOINT
 ARG SCCACHE_S3_USE_SSL
 
 COPY . .
-RUN cargo build
+RUN test -e target/release/cond_test || cargo build --release --offline
 
 FROM valkum/docker-rust-ci:latest
 WORKDIR /workdir