From 226045ea4bb845fa201b66159a02f6f6d82634be Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Timo=20K=C3=B6sters?= <timo@koesters.xyz>
Date: Sat, 24 Apr 2021 12:27:46 +0200
Subject: [PATCH] improvement: warning on misconfigured reverse proxy

---
 src/database/globals.rs | 5 ++++-
 src/ruma_wrapper.rs     | 9 +++++----
 src/server_server.rs    | 2 +-
 3 files changed, 10 insertions(+), 6 deletions(-)

diff --git a/src/database/globals.rs b/src/database/globals.rs
index acecf02..04f8d29 100644
--- a/src/database/globals.rs
+++ b/src/database/globals.rs
@@ -52,7 +52,10 @@ impl ServerCertVerifier for MatrixServerVerifier {
             if result.is_ok() {
                 return result;
             }
-            info!("Server {:?} is non-compliant, retrying TLS verification with original name", dns_name);
+            info!(
+                "Server {:?} is non-compliant, retrying TLS verification with original name",
+                dns_name
+            );
         }
         self.inner
             .verify_server_cert(roots, presented_certs, dns_name, ocsp_response)
diff --git a/src/ruma_wrapper.rs b/src/ruma_wrapper.rs
index 7777e12..49a9fb0 100644
--- a/src/ruma_wrapper.rs
+++ b/src/ruma_wrapper.rs
@@ -203,9 +203,6 @@ where
                         "uri".to_owned(),
                         CanonicalJsonValue::String(request.uri().to_string()),
                     );
-
-                    println!("{}: {:?}", origin, request.uri().to_string());
-
                     request_map.insert(
                         "origin".to_owned(),
                         CanonicalJsonValue::String(origin.as_str().to_owned()),
@@ -252,7 +249,11 @@ where
                     match ruma::signatures::verify_json(&pub_key_map, &request_map) {
                         Ok(()) => (None, None, false),
                         Err(e) => {
-                            warn!("Failed to verify json request from {}: {}", origin, e,);
+                            warn!("Failed to verify json request from {}: {}", origin, e);
+
+                            if request.uri().to_string().contains('@') {
+                                warn!("Request uri contained '@' character. Make sure your reverse proxy gives Conduit the raw uri (apache: use nocanon)");
+                            }
 
                             // Forbidden
                             return Failure((Status::raw(580), ()));
diff --git a/src/server_server.rs b/src/server_server.rs
index 0a882fe..187ec4f 100644
--- a/src/server_server.rs
+++ b/src/server_server.rs
@@ -2201,7 +2201,7 @@ pub async fn fetch_required_signing_keys(
 
 #[cfg(test)]
 mod tests {
-    use super::{FedDest, add_port_to_hostname, get_ip_with_port};
+    use super::{add_port_to_hostname, get_ip_with_port, FedDest};
 
     #[test]
     fn ips_get_default_ports() {