feat: federation disabled by default

It can be enable in the Rocket.toml config or using ROCKET_FEDERATION_ENABLED=true
next
Timo Kösters 2020-10-06 21:04:51 +02:00
parent c15ae3c126
commit 6afc4c9b3e
No known key found for this signature in database
GPG Key ID: 24DA7517711A2BA4
5 changed files with 50 additions and 1 deletions

View File

@ -27,7 +27,10 @@ Environment="ROCKET_SERVER_NAME=YOURSERVERNAME.HERE" # EDIT THIS
Environment="ROCKET_PORT=14004" # Reverse proxy port Environment="ROCKET_PORT=14004" # Reverse proxy port
#Environment="ROCKET_MAX_REQUEST_SIZE=20000000" # in bytes
#Environment="ROCKET_REGISTRATION_DISABLED=true" #Environment="ROCKET_REGISTRATION_DISABLED=true"
#Environment="ROCKET_ENCRYPTION_DISABLED=true"
#Environment="ROCKET_FEDERATION_ENABLED=true"
#Environment="ROCKET_LOG=normal" # Detailed logging #Environment="ROCKET_LOG=normal" # Detailed logging
Environment="ROCKET_ENV=production" Environment="ROCKET_ENV=production"

View File

@ -16,6 +16,8 @@ port = 14004
# Note: existing rooms will continue to work # Note: existing rooms will continue to work
#encryption_disabled = true #encryption_disabled = true
#federation_enabled = true
# Default path is in this user's data # Default path is in this user's data
#database_path = "/home/timo/MyConduitServer" #database_path = "/home/timo/MyConduitServer"

View File

@ -31,6 +31,7 @@ services:
# ROCKET_PORT: 8000 # ROCKET_PORT: 8000
# ROCKET_REGISTRATION_DISABLED: 'true' # ROCKET_REGISTRATION_DISABLED: 'true'
# ROCKET_ENCRYPTION_DISABLED: 'true' # ROCKET_ENCRYPTION_DISABLED: 'true'
# ROCKET_FEDERATION_ENABLED: 'true'
# ROCKET_DATABASE_PATH: /srv/conduit/.local/share/conduit # ROCKET_DATABASE_PATH: /srv/conduit/.local/share/conduit
# ROCKET_WORKERS: 10 # ROCKET_WORKERS: 10
# ROCKET_MAX_REQUEST_SIZE: 20_000_000 # in bytes, ~20 MB # ROCKET_MAX_REQUEST_SIZE: 20_000_000 # in bytes, ~20 MB

View File

@ -14,6 +14,7 @@ pub struct Globals {
max_request_size: u32, max_request_size: u32,
registration_disabled: bool, registration_disabled: bool,
encryption_disabled: bool, encryption_disabled: bool,
federation_enabled: bool,
} }
impl Globals { impl Globals {
@ -69,6 +70,7 @@ impl Globals {
.map_err(|_| Error::BadConfig("Invalid max_request_size."))?, .map_err(|_| Error::BadConfig("Invalid max_request_size."))?,
registration_disabled: config.get_bool("registration_disabled").unwrap_or(false), registration_disabled: config.get_bool("registration_disabled").unwrap_or(false),
encryption_disabled: config.get_bool("encryption_disabled").unwrap_or(false), encryption_disabled: config.get_bool("encryption_disabled").unwrap_or(false),
federation_enabled: config.get_bool("federation_enabled").unwrap_or(false),
}) })
} }
@ -114,4 +116,8 @@ impl Globals {
pub fn encryption_disabled(&self) -> bool { pub fn encryption_disabled(&self) -> bool {
self.encryption_disabled self.encryption_disabled
} }
pub fn federation_enabled(&self) -> bool {
self.federation_enabled
}
} }

View File

@ -57,6 +57,10 @@ pub async fn send_request<T: OutgoingRequest>(
where where
T: Debug, T: Debug,
{ {
if !globals.federation_enabled() {
return Err(Error::BadConfig("Federation is disabled."));
}
let resolver = AsyncResolver::tokio_from_system_conf() let resolver = AsyncResolver::tokio_from_system_conf()
.await .await
.map_err(|_| Error::BadConfig("Failed to set up trust dns resolver with system config."))?; .map_err(|_| Error::BadConfig("Failed to set up trust dns resolver with system config."))?;
@ -204,7 +208,11 @@ where
} }
#[cfg_attr(feature = "conduit_bin", get("/_matrix/federation/v1/version"))] #[cfg_attr(feature = "conduit_bin", get("/_matrix/federation/v1/version"))]
pub fn get_server_version() -> ConduitResult<get_server_version::Response> { pub fn get_server_version(db: State<'_, Database>) -> ConduitResult<get_server_version::Response> {
if !db.globals.federation_enabled() {
return Err(Error::BadConfig("Federation is disabled."));
}
Ok(get_server_version::Response { Ok(get_server_version::Response {
server: Some(get_server_version::Server { server: Some(get_server_version::Server {
name: Some("Conduit".to_owned()), name: Some("Conduit".to_owned()),
@ -216,6 +224,11 @@ pub fn get_server_version() -> ConduitResult<get_server_version::Response> {
#[cfg_attr(feature = "conduit_bin", get("/_matrix/key/v2/server"))] #[cfg_attr(feature = "conduit_bin", get("/_matrix/key/v2/server"))]
pub fn get_server_keys(db: State<'_, Database>) -> Json<String> { pub fn get_server_keys(db: State<'_, Database>) -> Json<String> {
if !db.globals.federation_enabled() {
// TODO: Use proper types
return Json("Federation is disabled.".to_owned());
}
let mut verify_keys = BTreeMap::new(); let mut verify_keys = BTreeMap::new();
verify_keys.insert( verify_keys.insert(
format!("ed25519:{}", db.globals.keypair().version()), format!("ed25519:{}", db.globals.keypair().version()),
@ -259,6 +272,10 @@ pub async fn get_public_rooms_filtered_route(
db: State<'_, Database>, db: State<'_, Database>,
body: Ruma<get_public_rooms_filtered::v1::Request<'_>>, body: Ruma<get_public_rooms_filtered::v1::Request<'_>>,
) -> ConduitResult<get_public_rooms_filtered::v1::Response> { ) -> ConduitResult<get_public_rooms_filtered::v1::Response> {
if !db.globals.federation_enabled() {
return Err(Error::BadConfig("Federation is disabled."));
}
let response = client_server::get_public_rooms_filtered_helper( let response = client_server::get_public_rooms_filtered_helper(
&db, &db,
None, None,
@ -302,6 +319,10 @@ pub async fn get_public_rooms_route(
db: State<'_, Database>, db: State<'_, Database>,
body: Ruma<get_public_rooms::v1::Request<'_>>, body: Ruma<get_public_rooms::v1::Request<'_>>,
) -> ConduitResult<get_public_rooms::v1::Response> { ) -> ConduitResult<get_public_rooms::v1::Response> {
if !db.globals.federation_enabled() {
return Err(Error::BadConfig("Federation is disabled."));
}
let response = client_server::get_public_rooms_filtered_helper( let response = client_server::get_public_rooms_filtered_helper(
&db, &db,
None, None,
@ -345,6 +366,10 @@ pub fn send_transaction_message_route<'a>(
db: State<'a, Database>, db: State<'a, Database>,
body: Ruma<send_transaction_message::v1::Request<'_>>, body: Ruma<send_transaction_message::v1::Request<'_>>,
) -> ConduitResult<send_transaction_message::v1::Response> { ) -> ConduitResult<send_transaction_message::v1::Response> {
if !db.globals.federation_enabled() {
return Err(Error::BadConfig("Federation is disabled."));
}
//dbg!(&*body); //dbg!(&*body);
for pdu in &body.pdus { for pdu in &body.pdus {
let mut value = serde_json::from_str(pdu.json().get()) let mut value = serde_json::from_str(pdu.json().get())
@ -384,6 +409,10 @@ pub fn get_missing_events_route<'a>(
db: State<'a, Database>, db: State<'a, Database>,
body: Ruma<get_missing_events::v1::Request<'_>>, body: Ruma<get_missing_events::v1::Request<'_>>,
) -> ConduitResult<get_missing_events::v1::Response> { ) -> ConduitResult<get_missing_events::v1::Response> {
if !db.globals.federation_enabled() {
return Err(Error::BadConfig("Federation is disabled."));
}
let mut queued_events = body.latest_events.clone(); let mut queued_events = body.latest_events.clone();
let mut events = Vec::new(); let mut events = Vec::new();
@ -427,6 +456,10 @@ pub fn get_profile_information_route<'a>(
db: State<'a, Database>, db: State<'a, Database>,
body: Ruma<get_profile_information::v1::Request<'_>>, body: Ruma<get_profile_information::v1::Request<'_>>,
) -> ConduitResult<get_profile_information::v1::Response> { ) -> ConduitResult<get_profile_information::v1::Response> {
if !db.globals.federation_enabled() {
return Err(Error::BadConfig("Federation is disabled."));
}
let mut displayname = None; let mut displayname = None;
let mut avatar_url = None; let mut avatar_url = None;
@ -455,6 +488,10 @@ pub fn get_user_devices_route<'a>(
db: State<'a, Database>, db: State<'a, Database>,
body: Ruma<membership::v1::Request<'_>>, body: Ruma<membership::v1::Request<'_>>,
) -> ConduitResult<get_profile_information::v1::Response> { ) -> ConduitResult<get_profile_information::v1::Response> {
if !db.globals.federation_enabled() {
return Err(Error::BadConfig("Federation is disabled."));
}
let mut displayname = None; let mut displayname = None;
let mut avatar_url = None; let mut avatar_url = None;