conduit/src/database/globals.rs

use crate::{database::Config, utils, Error, Result};
use log::{error, info};
use ruma::{
    api::federation::discovery::{ServerSigningKeys, VerifyKey},
    EventId, MilliSecondsSinceUnixEpoch, ServerName, ServerSigningKeyId,
};
use rustls::{ServerCertVerifier, WebPKIVerifier};
use std::{
    collections::{BTreeMap, HashMap},
    sync::{Arc, RwLock},
    time::{Duration, Instant},
};
use tokio::sync::Semaphore;
use trust_dns_resolver::TokioAsyncResolver;

pub const COUNTER: &str = "c";

type WellKnownMap = HashMap<Box<ServerName>, (String, String)>;
type TlsNameMap = HashMap<String, webpki::DNSName>;
type RateLimitState = (Instant, u32); // Time if last failed try, number of failed tries
#[derive(Clone)]
pub struct Globals {
    pub actual_destination_cache: Arc<RwLock<WellKnownMap>>, // actual_destination, host
    pub tls_name_override: Arc<RwLock<TlsNameMap>>,
    pub(super) globals: sled::Tree,
    config: Config,
    keypair: Arc<ruma::signatures::Ed25519KeyPair>,
    reqwest_client: reqwest::Client,
    dns_resolver: TokioAsyncResolver,
    jwt_decoding_key: Option<jsonwebtoken::DecodingKey<'static>>,
    pub(super) server_signingkeys: sled::Tree,
    pub bad_event_ratelimiter: Arc<RwLock<BTreeMap<EventId, RateLimitState>>>,
    pub bad_signature_ratelimiter: Arc<RwLock<BTreeMap<Vec<String>, RateLimitState>>>,
    pub servername_ratelimiter: Arc<RwLock<BTreeMap<Box<ServerName>, Arc<Semaphore>>>>,
}

struct MatrixServerVerifier {
    inner: WebPKIVerifier,
    tls_name_override: Arc<RwLock<TlsNameMap>>,
}

impl ServerCertVerifier for MatrixServerVerifier {
    fn verify_server_cert(
        &self,
        roots: &rustls::RootCertStore,
        presented_certs: &[rustls::Certificate],
        dns_name: webpki::DNSNameRef<'_>,
        ocsp_response: &[u8],
    ) -> std::result::Result<rustls::ServerCertVerified, rustls::TLSError> {
        if let Some(override_name) = self.tls_name_override.read().unwrap().get(dns_name.into()) {
            let result = self.inner.verify_server_cert(
                roots,
                presented_certs,
                override_name.as_ref(),
                ocsp_response,
            );
            if result.is_ok() {
                return result;
            }
            info!(
                "Server {:?} is non-compliant, retrying TLS verification with original name",
                dns_name
            );
        }
        self.inner
            .verify_server_cert(roots, presented_certs, dns_name, ocsp_response)
    }
}

impl Globals {
    pub fn load(
        globals: sled::Tree,
        server_signingkeys: sled::Tree,
        config: Config,
    ) -> Result<Self> {
        let bytes = &*globals
            .update_and_fetch("keypair", utils::generate_keypair)?
            .expect("utils::generate_keypair always returns Some");

        let mut parts = bytes.splitn(2, |&b| b == 0xff);

        let keypair = utils::string_from_bytes(
            // 1. version
            parts
                .next()
                .expect("splitn always returns at least one element"),
        )
        .map_err(|_| Error::bad_database("Invalid version bytes in keypair."))
        .and_then(|version| {
            // 2. key
            parts
                .next()
                .ok_or_else(|| Error::bad_database("Invalid keypair format in database."))
                .map(|key| (version, key))
        })
        .and_then(|(version, key)| {
            ruma::signatures::Ed25519KeyPair::new(&key, version)
                .map_err(|_| Error::bad_database("Private or public keys are invalid."))
        });

        let keypair = match keypair {
            Ok(k) => k,
            Err(e) => {
                error!("Keypair invalid. Deleting...");
                globals.remove("keypair")?;
                return Err(e);
            }
        };

        let tls_name_override = Arc::new(RwLock::new(TlsNameMap::new()));
        let verifier = Arc::new(MatrixServerVerifier {
            inner: WebPKIVerifier::new(),
            tls_name_override: tls_name_override.clone(),
        });
        let mut tlsconfig = rustls::ClientConfig::new();
        tlsconfig.dangerous().set_certificate_verifier(verifier);
        tlsconfig.root_store =
            rustls_native_certs::load_native_certs().expect("Error loading system certificates");

        let reqwest_client = reqwest::Client::builder()
            .connect_timeout(Duration::from_secs(30))
            .timeout(Duration::from_secs(60 * 3))
            .pool_max_idle_per_host(1)
            .use_preconfigured_tls(tlsconfig)
            .build()
            .unwrap();

        let jwt_decoding_key = config
            .jwt_secret
            .as_ref()
            .map(|secret| jsonwebtoken::DecodingKey::from_secret(secret.as_bytes()).into_static());

        Ok(Self {
            globals,
            config,
            keypair: Arc::new(keypair),
            reqwest_client,
            dns_resolver: TokioAsyncResolver::tokio_from_system_conf().map_err(|_| {
                Error::bad_config("Failed to set up trust dns resolver with system config.")
            })?,
            actual_destination_cache: Arc::new(RwLock::new(WellKnownMap::new())),
            tls_name_override,
            server_signingkeys,
            jwt_decoding_key,
            bad_event_ratelimiter: Arc::new(RwLock::new(BTreeMap::new())),
            bad_signature_ratelimiter: Arc::new(RwLock::new(BTreeMap::new())),
            servername_ratelimiter: Arc::new(RwLock::new(BTreeMap::new())),
        })
    }

    /// Returns this server's keypair.
    pub fn keypair(&self) -> &ruma::signatures::Ed25519KeyPair {
        &self.keypair
    }

    /// Returns a reqwest client which can be used to send requests.
    pub fn reqwest_client(&self) -> &reqwest::Client {
        &self.reqwest_client
    }

    pub fn next_count(&self) -> Result<u64> {
        Ok(utils::u64_from_bytes(
            &self
                .globals
                .update_and_fetch(COUNTER, utils::increment)?
                .expect("utils::increment will always put in a value"),
        )
        .map_err(|_| Error::bad_database("Count has invalid bytes."))?)
    }

    pub fn current_count(&self) -> Result<u64> {
        self.globals.get(COUNTER)?.map_or(Ok(0_u64), |bytes| {
            Ok(utils::u64_from_bytes(&bytes)
                .map_err(|_| Error::bad_database("Count has invalid bytes."))?)
        })
    }

    pub fn server_name(&self) -> &ServerName {
        self.config.server_name.as_ref()
    }

    pub fn max_request_size(&self) -> u32 {
        self.config.max_request_size
    }

    pub fn allow_registration(&self) -> bool {
        self.config.allow_registration
    }

    pub fn allow_encryption(&self) -> bool {
        self.config.allow_encryption
    }

    pub fn allow_federation(&self) -> bool {
        self.config.allow_federation
    }

    pub fn trusted_servers(&self) -> &[Box<ServerName>] {
        &self.config.trusted_servers
    }

    pub fn dns_resolver(&self) -> &TokioAsyncResolver {
        &self.dns_resolver
    }

    pub fn jwt_decoding_key(&self) -> Option<&jsonwebtoken::DecodingKey<'_>> {
        self.jwt_decoding_key.as_ref()
    }

    /// TODO: the key valid until timestamp is only honored in room version > 4
    /// Remove the outdated keys and insert the new ones.
    ///
    /// This doesn't actually check that the keys provided are newer than the old set.
    pub fn add_signing_key(&self, origin: &ServerName, new_keys: &ServerSigningKeys) -> Result<()> {
        self.server_signingkeys
            .update_and_fetch(origin.as_bytes(), |signingkeys| {
                let mut keys = signingkeys
                    .and_then(|keys| serde_json::from_slice(keys).ok())
                    .unwrap_or_else(|| {
                        // Just insert "now", it doesn't matter
                        ServerSigningKeys::new(origin.to_owned(), MilliSecondsSinceUnixEpoch::now())
                    });
                keys.verify_keys
                    .extend(new_keys.verify_keys.clone().into_iter());
                keys.old_verify_keys
                    .extend(new_keys.old_verify_keys.clone().into_iter());
                Some(serde_json::to_vec(&keys).expect("serversigningkeys can be serialized"))
            })?;

        Ok(())
    }

    /// This returns an empty `Ok(BTreeMap<..>)` when there are no keys found for the server.
    pub fn signing_keys_for(
        &self,
        origin: &ServerName,
    ) -> Result<BTreeMap<ServerSigningKeyId, VerifyKey>> {
        let signingkeys = self
            .server_signingkeys
            .get(origin.as_bytes())?
            .and_then(|bytes| serde_json::from_slice::<ServerSigningKeys>(&bytes).ok())
            .map(|keys| {
                let mut tree = keys.verify_keys;
                tree.extend(
                    keys.old_verify_keys
                        .into_iter()
                        .map(|old| (old.0, VerifyKey::new(old.1.key))),
                );
                tree
            })
            .unwrap_or_else(BTreeMap::new);

        Ok(signingkeys)
    }

    pub fn database_version(&self) -> Result<u64> {
        self.globals.get("version")?.map_or(Ok(0), |version| {
            utils::u64_from_bytes(&version)
                .map_err(|_| Error::bad_database("Database version id is invalid."))
        })
    }

    pub fn bump_database_version(&self, new_version: u64) -> Result<()> {
        self.globals.insert("version", &new_version.to_be_bytes())?;
        Ok(())
    }
}
improvement: upgrade dependencies, fix timeline reload bug 2020-12-05 20:03:43 +00:00			`use crate::{database::Config, utils, Error, Result};`
chore: code formatting and cleanup 2021-04-16 15:18:22 +00:00			`use log::{error, info};`
Abstract event validation/fetching, add outlier and signing key DB trees Fixed the miss named commented out keys in conduit-example.toml. 2021-01-15 02:32:22 +00:00			`use ruma::{`
			`api::federation::discovery::{ServerSigningKeys, VerifyKey},`
improvement: federation get_keys and optimize signingkey storage - get encryption keys over federation - optimize signing key storage - rate limit parsing of bad events - rate limit signature fetching - dependency bumps 2021-05-20 21:46:52 +00:00			`EventId, MilliSecondsSinceUnixEpoch, ServerName, ServerSigningKeyId,`
Abstract event validation/fetching, add outlier and signing key DB trees Fixed the miss named commented out keys in conduit-example.toml. 2021-01-15 02:32:22 +00:00			`};`
chore: code formatting and cleanup 2021-04-16 15:18:22 +00:00			`use rustls::{ServerCertVerifier, WebPKIVerifier};`
Run cargo fmt using nightly 2021-01-27 02:53:03 +00:00			`use std::{`
			`collections::{BTreeMap, HashMap},`
			`sync::{Arc, RwLock},`
improvement: federation get_keys and optimize signingkey storage - get encryption keys over federation - optimize signing key storage - rate limit parsing of bad events - rate limit signature fetching - dependency bumps 2021-05-20 21:46:52 +00:00			`time::{Duration, Instant},`
Run cargo fmt using nightly 2021-01-27 02:53:03 +00:00			`};`
improvement: federation get_keys and optimize signingkey storage - get encryption keys over federation - optimize signing key storage - rate limit parsing of bad events - rate limit signature fetching - dependency bumps 2021-05-20 21:46:52 +00:00			`use tokio::sync::Semaphore;`
feat: implement appservices this also reverts some stateres changes 2020-12-08 09:33:44 +00:00			`use trust_dns_resolver::TokioAsyncResolver;`
Implement max_request_size config option 2020-07-24 03:03:24 +00:00
refactor: split database into multiple files, more error handling, cleaner code 2020-05-03 15:25:31 +00:00			`pub const COUNTER: &str = "c";`

Send proper Host header in federation requests 2021-03-14 01:31:41 +00:00			`type WellKnownMap = HashMap<Box<ServerName>, (String, String)>;`
feat: add handling of tls cert for delegated hosts 2021-04-16 01:07:27 +00:00			`type TlsNameMap = HashMap<String, webpki::DNSName>;`
improvement: federation get_keys and optimize signingkey storage - get encryption keys over federation - optimize signing key storage - rate limit parsing of bad events - rate limit signature fetching - dependency bumps 2021-05-20 21:46:52 +00:00			`type RateLimitState = (Instant, u32); // Time if last failed try, number of failed tries`
fix: sending slowness 2020-09-15 14:13:54 +00:00			`#[derive(Clone)]`
refactor: split database into multiple files, more error handling, cleaner code 2020-05-03 15:25:31 +00:00			`pub struct Globals {`
Make clippy happy (needless-return, etc.) 2021-03-04 12:35:12 +00:00			`pub actual_destination_cache: Arc<RwLock<WellKnownMap>>, // actual_destination, host`
feat: add handling of tls cert for delegated hosts 2021-04-16 01:07:27 +00:00			`pub tls_name_override: Arc<RwLock<TlsNameMap>>,`
refactor: split database into multiple files, more error handling, cleaner code 2020-05-03 15:25:31 +00:00			`pub(super) globals: sled::Tree,`
improvement: cache actual destination 2020-12-06 10:05:51 +00:00			`config: Config,`
fix: sending slowness 2020-09-15 14:13:54 +00:00			`keypair: Arc<ruma::signatures::Ed25519KeyPair>,`
refactor: split database into multiple files, more error handling, cleaner code 2020-05-03 15:25:31 +00:00			`reqwest_client: reqwest::Client,`
improvement: cache actual destination 2020-12-06 10:05:51 +00:00			`dns_resolver: TokioAsyncResolver,`
Add 'm.login.token' authentication 2021-02-07 16:38:45 +00:00			`jwt_decoding_key: Option<jsonwebtoken::DecodingKey<'static>>,`
improvement: federation get_keys and optimize signingkey storage - get encryption keys over federation - optimize signing key storage - rate limit parsing of bad events - rate limit signature fetching - dependency bumps 2021-05-20 21:46:52 +00:00			`pub(super) server_signingkeys: sled::Tree,`
			`pub bad_event_ratelimiter: Arc<RwLock<BTreeMap<EventId, RateLimitState>>>,`
			`pub bad_signature_ratelimiter: Arc<RwLock<BTreeMap<Vec<String>, RateLimitState>>>,`
			`pub servername_ratelimiter: Arc<RwLock<BTreeMap<Box<ServerName>, Arc<Semaphore>>>>,`
refactor: split database into multiple files, more error handling, cleaner code 2020-05-03 15:25:31 +00:00			`}`

feat: add handling of tls cert for delegated hosts 2021-04-16 01:07:27 +00:00			`struct MatrixServerVerifier {`
			`inner: WebPKIVerifier,`
			`tls_name_override: Arc<RwLock<TlsNameMap>>,`
			`}`

			`impl ServerCertVerifier for MatrixServerVerifier {`
			`fn verify_server_cert(`
			`&self,`
			`roots: &rustls::RootCertStore,`
			`presented_certs: &[rustls::Certificate],`
			`dns_name: webpki::DNSNameRef<'_>,`
			`ocsp_response: &[u8],`
			`) -> std::result::Result<rustls::ServerCertVerified, rustls::TLSError> {`
chore: code formatting and cleanup 2021-04-16 15:18:22 +00:00			`if let Some(override_name) = self.tls_name_override.read().unwrap().get(dns_name.into()) {`
			`let result = self.inner.verify_server_cert(`
			`roots,`
			`presented_certs,`
			`override_name.as_ref(),`
			`ocsp_response,`
			`);`
			`if result.is_ok() {`
			`return result;`
			`}`
improvement: warning on misconfigured reverse proxy 2021-04-24 10:27:46 +00:00			`info!(`
			`"Server {:?} is non-compliant, retrying TLS verification with original name",`
			`dns_name`
			`);`
chore: code formatting and cleanup 2021-04-16 15:18:22 +00:00			`}`
			`self.inner`
			`.verify_server_cert(roots, presented_certs, dns_name, ocsp_response)`
feat: add handling of tls cert for delegated hosts 2021-04-16 01:07:27 +00:00			`}`
			`}`

refactor: split database into multiple files, more error handling, cleaner code 2020-05-03 15:25:31 +00:00			`impl Globals {`
Address review issues, fix forward extremity calc Keep track of all prev_events since if we know that an event is a prev_event it is referenced and does not qualify as a forward extremity. 2021-02-04 01:00:01 +00:00			`pub fn load(`
			`globals: sled::Tree,`
improvement: federation get_keys and optimize signingkey storage - get encryption keys over federation - optimize signing key storage - rate limit parsing of bad events - rate limit signature fetching - dependency bumps 2021-05-20 21:46:52 +00:00			`server_signingkeys: sled::Tree,`
Address review issues, fix forward extremity calc Keep track of all prev_events since if we know that an event is a prev_event it is referenced and does not qualify as a forward extremity. 2021-02-04 01:00:01 +00:00			`config: Config,`
			`) -> Result<Self> {`
fix: server keys and destination resolution when server name contains port 2020-09-15 19:46:10 +00:00			`let bytes = &*globals`
			`.update_and_fetch("keypair", utils::generate_keypair)?`
			`.expect("utils::generate_keypair always returns Some");`

			`let mut parts = bytes.splitn(2, \|&b\| b == 0xff);`

			`let keypair = utils::string_from_bytes(`
			`// 1. version`
			`parts`
			`.next()`
			`.expect("splitn always returns at least one element"),`
			`)`
			`.map_err(\|_\| Error::bad_database("Invalid version bytes in keypair."))`
			`.and_then(\|version\| {`
			`// 2. key`
			`parts`
			`.next()`
			`.ok_or_else(\|\| Error::bad_database("Invalid keypair format in database."))`
			`.map(\|key\| (version, key))`
			`})`
			`.and_then(\|(version, key)\| {`
			`ruma::signatures::Ed25519KeyPair::new(&key, version)`
			`.map_err(\|_\| Error::bad_database("Private or public keys are invalid."))`
			`});`

			`let keypair = match keypair {`
			`Ok(k) => k,`
			`Err(e) => {`
			`error!("Keypair invalid. Deleting...");`
			`globals.remove("keypair")?;`
			`return Err(e);`
			`}`
			`};`
refactor: split database into multiple files, more error handling, cleaner code 2020-05-03 15:25:31 +00:00
feat: add handling of tls cert for delegated hosts 2021-04-16 01:07:27 +00:00			`let tls_name_override = Arc::new(RwLock::new(TlsNameMap::new()));`
chore: code formatting and cleanup 2021-04-16 15:18:22 +00:00			`let verifier = Arc::new(MatrixServerVerifier {`
			`inner: WebPKIVerifier::new(),`
			`tls_name_override: tls_name_override.clone(),`
			`});`
feat: add handling of tls cert for delegated hosts 2021-04-16 01:07:27 +00:00			`let mut tlsconfig = rustls::ClientConfig::new();`
			`tlsconfig.dangerous().set_certificate_verifier(verifier);`
chore: code formatting and cleanup 2021-04-16 15:18:22 +00:00			`tlsconfig.root_store =`
			`rustls_native_certs::load_native_certs().expect("Error loading system certificates");`
feat: add handling of tls cert for delegated hosts 2021-04-16 01:07:27 +00:00
feat: improved state store 2020-12-19 15:00:11 +00:00			`let reqwest_client = reqwest::Client::builder()`
			`.connect_timeout(Duration::from_secs(30))`
			`.timeout(Duration::from_secs(60 * 3))`
			`.pool_max_idle_per_host(1)`
feat: add handling of tls cert for delegated hosts 2021-04-16 01:07:27 +00:00			`.use_preconfigured_tls(tlsconfig)`
feat: improved state store 2020-12-19 15:00:11 +00:00			`.build()`
			`.unwrap();`

Add 'm.login.token' authentication 2021-02-07 16:38:45 +00:00			`let jwt_decoding_key = config`
			`.jwt_secret`
			`.as_ref()`
			`.map(\|secret\| jsonwebtoken::DecodingKey::from_secret(secret.as_bytes()).into_static());`

refactor: better error handling 2020-06-09 13:13:17 +00:00			`Ok(Self {`
refactor: split database into multiple files, more error handling, cleaner code 2020-05-03 15:25:31 +00:00			`globals,`
improvement: cache actual destination 2020-12-06 10:05:51 +00:00			`config,`
fix: server keys and destination resolution when server name contains port 2020-09-15 19:46:10 +00:00			`keypair: Arc::new(keypair),`
feat: improved state store 2020-12-19 15:00:11 +00:00			`reqwest_client,`
Append state event that pass resolution to DB, update to tokio 1.1 2021-01-29 16:20:33 +00:00			`dns_resolver: TokioAsyncResolver::tokio_from_system_conf().map_err(\|_\| {`
			`Error::bad_config("Failed to set up trust dns resolver with system config.")`
			`})?,`
feat: add handling of tls cert for delegated hosts 2021-04-16 01:07:27 +00:00			`actual_destination_cache: Arc::new(RwLock::new(WellKnownMap::new())),`
			`tls_name_override,`
improvement: federation get_keys and optimize signingkey storage - get encryption keys over federation - optimize signing key storage - rate limit parsing of bad events - rate limit signature fetching - dependency bumps 2021-05-20 21:46:52 +00:00			`server_signingkeys,`
Merge branch 'correct-sendtxn' into pushers 2021-03-15 08:48:19 +00:00			`jwt_decoding_key,`
improvement: federation get_keys and optimize signingkey storage - get encryption keys over federation - optimize signing key storage - rate limit parsing of bad events - rate limit signature fetching - dependency bumps 2021-05-20 21:46:52 +00:00			`bad_event_ratelimiter: Arc::new(RwLock::new(BTreeMap::new())),`
			`bad_signature_ratelimiter: Arc::new(RwLock::new(BTreeMap::new())),`
			`servername_ratelimiter: Arc::new(RwLock::new(BTreeMap::new())),`
refactor: better error handling 2020-06-09 13:13:17 +00:00			`})`
refactor: split database into multiple files, more error handling, cleaner code 2020-05-03 15:25:31 +00:00			`}`

			`/// Returns this server's keypair.`
Switch to the ruma meta-crate 2020-06-05 16:19:26 +00:00			`pub fn keypair(&self) -> &ruma::signatures::Ed25519KeyPair {`
refactor: split database into multiple files, more error handling, cleaner code 2020-05-03 15:25:31 +00:00			`&self.keypair`
			`}`

			`/// Returns a reqwest client which can be used to send requests.`
			`pub fn reqwest_client(&self) -> &reqwest::Client {`
			`&self.reqwest_client`
			`}`

			`pub fn next_count(&self) -> Result<u64> {`
			`Ok(utils::u64_from_bytes(`
			`&self`
			`.globals`
			`.update_and_fetch(COUNTER, utils::increment)?`
			`.expect("utils::increment will always put in a value"),`
refactor: better error handling 2020-06-09 13:13:17 +00:00			`)`
improvement: log bad database errors automatically 2020-06-11 08:03:08 +00:00			`.map_err(\|_\| Error::bad_database("Count has invalid bytes."))?)`
refactor: split database into multiple files, more error handling, cleaner code 2020-05-03 15:25:31 +00:00			`}`

			`pub fn current_count(&self) -> Result<u64> {`
refactor: better error handling 2020-06-09 13:13:17 +00:00			`self.globals.get(COUNTER)?.map_or(Ok(0_u64), \|bytes\| {`
			`Ok(utils::u64_from_bytes(&bytes)`
improvement: log bad database errors automatically 2020-06-11 08:03:08 +00:00			`.map_err(\|_\| Error::bad_database("Count has invalid bytes."))?)`
refactor: better error handling 2020-06-09 13:13:17 +00:00			`})`
refactor: split database into multiple files, more error handling, cleaner code 2020-05-03 15:25:31 +00:00			`}`
feat: close registration with ROCKET_REGISTRATION_DISABLED=true 2020-06-06 17:02:31 +00:00
Update to latest ruma/ruma commit This will most likely be the API that is released to crates.io so it should be fairly stable... 2020-07-17 20:00:39 +00:00			`pub fn server_name(&self) -> &ServerName {`
improvement: upgrade dependencies, fix timeline reload bug 2020-12-05 20:03:43 +00:00			`self.config.server_name.as_ref()`
feat: close registration with ROCKET_REGISTRATION_DISABLED=true 2020-06-06 17:02:31 +00:00			`}`

Implement max_request_size config option 2020-07-24 03:03:24 +00:00			`pub fn max_request_size(&self) -> u32 {`
improvement: upgrade dependencies, fix timeline reload bug 2020-12-05 20:03:43 +00:00			`self.config.max_request_size`
Implement max_request_size config option 2020-07-24 03:03:24 +00:00			`}`

improvement: better deploy guide 2021-01-01 12:47:53 +00:00			`pub fn allow_registration(&self) -> bool {`
			`self.config.allow_registration`
feat: close registration with ROCKET_REGISTRATION_DISABLED=true 2020-06-06 17:02:31 +00:00			`}`
feat: encryption_disabled config option Can be used with ROCKET_ENCRYPTION_DISABLED=true 2020-07-26 18:41:10 +00:00
improvement: better deploy guide 2021-01-01 12:47:53 +00:00			`pub fn allow_encryption(&self) -> bool {`
			`self.config.allow_encryption`
feat: encryption_disabled config option Can be used with ROCKET_ENCRYPTION_DISABLED=true 2020-07-26 18:41:10 +00:00			`}`
feat: federation disabled by default It can be enable in the Rocket.toml config or using ROCKET_FEDERATION_ENABLED=true 2020-10-06 19:04:51 +00:00
improvement: better deploy guide 2021-01-01 12:47:53 +00:00			`pub fn allow_federation(&self) -> bool {`
			`self.config.allow_federation`
feat: federation disabled by default It can be enable in the Rocket.toml config or using ROCKET_FEDERATION_ENABLED=true 2020-10-06 19:04:51 +00:00			`}`
improvement: cache actual destination 2020-12-06 10:05:51 +00:00
Add trusted_servers, filter servers to query keys by trusted_servers 2021-03-01 14:17:53 +00:00			`pub fn trusted_servers(&self) -> &[Box<ServerName>] {`
			`&self.config.trusted_servers`
			`}`

improvement: cache actual destination 2020-12-06 10:05:51 +00:00			`pub fn dns_resolver(&self) -> &TokioAsyncResolver {`
			`&self.dns_resolver`
			`}`
Abstract event validation/fetching, add outlier and signing key DB trees Fixed the miss named commented out keys in conduit-example.toml. 2021-01-15 02:32:22 +00:00
Add 'm.login.token' authentication 2021-02-07 16:38:45 +00:00			`pub fn jwt_decoding_key(&self) -> Option<&jsonwebtoken::DecodingKey<'_>> {`
			`self.jwt_decoding_key.as_ref()`
			`}`
Abstract event validation/fetching, add outlier and signing key DB trees Fixed the miss named commented out keys in conduit-example.toml. 2021-01-15 02:32:22 +00:00
Abstract event validation/fetching, add outlier and signing key DB trees Fixed the miss named commented out keys in conduit-example.toml. 2021-01-15 02:32:22 +00:00			`/// TODO: the key valid until timestamp is only honored in room version > 4`
			`/// Remove the outdated keys and insert the new ones.`
			`///`
			`/// This doesn't actually check that the keys provided are newer than the old set.`
improvement: federation get_keys and optimize signingkey storage - get encryption keys over federation - optimize signing key storage - rate limit parsing of bad events - rate limit signature fetching - dependency bumps 2021-05-20 21:46:52 +00:00			`pub fn add_signing_key(&self, origin: &ServerName, new_keys: &ServerSigningKeys) -> Result<()> {`
			`self.server_signingkeys`
			`.update_and_fetch(origin.as_bytes(), \|signingkeys\| {`
			`let mut keys = signingkeys`
			`.and_then(\|keys\| serde_json::from_slice(keys).ok())`
			`.unwrap_or_else(\|\| {`
			`// Just insert "now", it doesn't matter`
			`ServerSigningKeys::new(origin.to_owned(), MilliSecondsSinceUnixEpoch::now())`
			`});`
			`keys.verify_keys`
			`.extend(new_keys.verify_keys.clone().into_iter());`
			`keys.old_verify_keys`
			`.extend(new_keys.old_verify_keys.clone().into_iter());`
			`Some(serde_json::to_vec(&keys).expect("serversigningkeys can be serialized"))`
			`})?;`
improvement: make state res actually work 2021-03-13 15:30:12 +00:00
Abstract event validation/fetching, add outlier and signing key DB trees Fixed the miss named commented out keys in conduit-example.toml. 2021-01-15 02:32:22 +00:00			`Ok(())`
			`}`

			/// This returns an empty `Ok(BTreeMap<..>)` when there are no keys found for the server.
			`pub fn signing_keys_for(`
			`&self,`
			`origin: &ServerName,`
			`) -> Result<BTreeMap<ServerSigningKeyId, VerifyKey>> {`
improvement: federation get_keys and optimize signingkey storage - get encryption keys over federation - optimize signing key storage - rate limit parsing of bad events - rate limit signature fetching - dependency bumps 2021-05-20 21:46:52 +00:00			`let signingkeys = self`
			`.server_signingkeys`
			`.get(origin.as_bytes())?`
			`.and_then(\|bytes\| serde_json::from_slice::<ServerSigningKeys>(&bytes).ok())`
			`.map(\|keys\| {`
			`let mut tree = keys.verify_keys;`
			`tree.extend(`
			`keys.old_verify_keys`
			`.into_iter()`
			`.map(\|old\| (old.0, VerifyKey::new(old.1.key))),`
			`);`
			`tree`
			`})`
			`.unwrap_or_else(BTreeMap::new);`

			`Ok(signingkeys)`
Abstract event validation/fetching, add outlier and signing key DB trees Fixed the miss named commented out keys in conduit-example.toml. 2021-01-15 02:32:22 +00:00			`}`
feat: send read receipts over federation currently they will only be sent if a PDU has to be sent as well 2021-05-17 08:25:27 +00:00
			`pub fn database_version(&self) -> Result<u64> {`
			`self.globals.get("version")?.map_or(Ok(0), \|version\| {`
			`utils::u64_from_bytes(&version)`
			`.map_err(\|_\| Error::bad_database("Database version id is invalid."))`
			`})`
			`}`

			`pub fn bump_database_version(&self, new_version: u64) -> Result<()> {`
			`self.globals.insert("version", &new_version.to_be_bytes())?;`
			`Ok(())`
			`}`
refactor: split database into multiple files, more error handling, cleaner code 2020-05-03 15:25:31 +00:00			`}`