* Set MaxFileSizeBytes < 0 to "unlimited"
Signed-off-by: Till Faelligen <tfaelligen@gmail.com>
* int64 overflows later in mediaapi/routing/upload.go[doUpload]
* Prevent int overflow when uploading
This fixes the issue found in #1759 which broke due to go changes. The new command allows you to generate keys with docker, and drop them in the current working directory.
* Add parameters to specify password
Signed-off-by: Till Faelligen <tfaelligen@gmail.com>
* Fix typo
* Add testdata
* Use go1.13 compatible way to read files
Without this entry, setups where users have the homeserver on the URL
matrix.myurl.com but want the servername to be myurl.com don't work by default
since clients like element.io can't connect to the homeserver
* Try to optimize SelectOneTimeKeys
Signed-off-by: Till Faelligen <tfaelligen@gmail.com>
* Use pg.Array when using ANY...
Co-authored-by: Kegsay <kegan@matrix.org>
* Use LimitReader to prevent DoS risk
Signed-off-by: Till Faelligen <tfaelligen@gmail.com>
* Check if bytesWritten is equal to the maxFileSize
Add tests
Signed-off-by: Till Faelligen <tfaelligen@gmail.com>
* Use oldschool defer to cleanup after the tests
* Let LimitReader read MaxFileSizeBytes + 1
Co-authored-by: Kegsay <kegan@matrix.org>
* Avoid crash on non-compiled room regex
Roughly fixes#1845 (actual compiling still needed)
Signed-off-by: Bohdan Horbeshko <bodqhrohro@gmail.com>
* Compile regexes for all namespaces
Deadheres the regex compiling from building larger regexes for possibly
exclusive namespaces only. A complete fix for #1845, so regexes for
rooms namespaces and other non-whitelisted namespaces can be used
more safely.
Signed-off-by: Bohdan Horbeshko <bodqhrohro@gmail.com>
* Appservice config: handle regexp parsing errors
Signed-off-by: diamondburned <datutbrus@gmail.com>
Signed-off-by: Bohdan Horbeshko <bodqhrohro@gmail.com>
Co-authored-by: Kegsay <kegan@matrix.org>
The update part wasn't executed actually for SQLite, so it is moved to
a separate statement.
Fixes#1852.
Signed-off-by: Bohdan Horbeshko <bodqhrohro@gmail.com>
Now that MSC1772 passed FCP its identifiers have stabilised
This outright drops support for experimental spaces but that's what you get for being on the bleeding edge
* Hash-deduplicated state storage (and migrations) for PostgreSQL and SQLite
* Refactor droomserver database setup for migrations
* Fix conflict statements
* Update migration names
* Set a boundary for old to new block/snapshot IDs so we don't rewrite them more than once accidentally
* Create sequence if not exists
* Fix boundary queries
* Fix boundary queries
* Use Query
* Break out queries a bit
* More sequence tweaks
* Query parameters are not playing the game
* Injection escaping may not work for CREATE SEQUENCE after all
* Fix snapshot sequence name
* Use boundaried IDs in SQLite too
* Use IFNULL for SQLite
* Use COALESCE in PostgreSQL
* Review comments @Kegsay
* fedsender: tolerate dupe membership events
Previously if the fedsender got a duplicate membership event it would cause
the entire process to crash. Now it doesn't. This masks an issue with the
roomserver where it can emit duplicate membership events.
* Update joined_hosts_table.go
* Remove the Content-Length requirement
* Make sure that the file size does not exceed max content size
* Address review comment - universally check if temp file size exceeds max file size
Just changing the Media API's `max_file_size_bytes` isn't enough if
Dendrite is running behind a proxy; document the need for a proxy config
change in the place the admin is most likely to notice it.
Signed-off-by: Tim McCormack <cortex@brainonfire.net>
* Implement OpenID module (#599)
- Unrelated: change Riot references to Element in client API routing
Signed-off-by: Bruce MacDonald <contact@bruce-macdonald.com>
* OpenID module tweaks (#599)
- specify expiry is ms rather than vague ts
- add OpenID token lifetime to configuration
- use Go naming conventions for the path params
- store plaintext token rather than hash
- remove openid table sqllite mutex
* Add default OpenID token lifetime (#599)
* Update dendrite-config.yaml
Co-authored-by: Kegsay <kegsay@gmail.com>
Co-authored-by: Kegsay <kegan@matrix.org>
* Add a per-room mutex to federationapi when processing transactions
This has numerous benefits:
- Prevents us doing lots of state resolutions in busy rooms. Previously, room forks would always result
in a state resolution being performed immediately, without checking if we were already doing this in
a different transaction. Now they will queue up, resulting in fewer calls to `/state_ids`, `/g_m_e`, etc.
- Prevents memory usage from growing too large as a result and potentially OOMing.
And costs:
- High traffic rooms will be slightly slower due to head-of-line blocking from other servers,
though this has always been an issue as roomserver has a per-room mutex already.
* Fix unit tests
* Correct mutex lock ordering