aboutsummaryrefslogtreecommitdiff
path: root/setup
AgeCommit message (Collapse)Author
2023-02-20Merge keyserver & userapi (#2972)Till
As discussed yesterday, a first draft of merging the keyserver and the userapi.
2023-02-14Remove polylith/API mode (#2967)Till
This removes most of the code used for polylith/API mode. This removes the `/api` internal endpoints entirely. Binary size change roughly 5%: ``` 51437560 Feb 13 10:15 dendrite-monolith-server # old 48759008 Feb 13 10:15 dendrite-monolith-server # new ```
2023-01-28Relay integration to pinecone demos (#2955)devonh
This extends the dendrite monolith for pinecone to integrate the s&f features into the mobile apps. Also makes a few tweaks to federation queueing/statistics to make some edge cases more robust.
2023-01-26Added Landing Page (#2885)Lukas
I have added/copied a landing page like Synpase does. Recently I have installed Dendrite and was wondering why it´s not working. After some troubleshooting I figured out there is no landing page like synpase has, so the Server was running just fine. Hopefuly this PR can fix this problem and may help other users who run into this issue. I have not written any unit tests, because it´s just a simple landing page with a redirect to a static site. ### Pull Request Checklist <!-- Please read https://matrix-org.github.io/dendrite/development/contributing before submitting your pull request --> * [x] I have added Go unit tests or [Complement integration tests](https://github.com/matrix-org/complement) for this PR _or_ I have justified why this PR doesn't need tests * [x] Pull request includes a [sign off below using a legally identifiable name](https://matrix-org.github.io/dendrite/development/contributing#sign-off) _or_ I have already signed off privately Signed-off-by: `Lukas Huida<lukas@leucali.net>` Co-authored-by: Till Faelligen <2353100+S7evinK@users.noreply.github.com>
2023-01-23Initial Store & Forward Implementation (#2917)devonh
This adds store & forward relays into dendrite for p2p. A few things have changed: - new relay api serves new http endpoints for s&f federation - updated outbound federation queueing which will attempt to forward using s&f if appropriate - database entries to track s&f relays for other nodes
2023-01-23Use `t.TempDir` for SQLite databases, so tests don't rip out each others ↵Till
databases (#2950) This should hopefully finally fix issues about `disk I/O error` as seen [here](https://gitlab.alpinelinux.org/alpine/aports/-/jobs/955030/raw) Hopefully this will also fix `SSL accept attempt failed` issues by disabling HTTP keep alives when generating a config for CI.
2023-01-20Make tests more reliable (#2948)Till
When using `testrig.CreateBase` and then using that base for other `NewInternalAPI` calls, we never actually shutdown the components. `testrig.CreateBase` returns a `close` function, which only removes the database, so still running components have issues connecting to the database, since we ripped it out underneath it - which can result in "Disk I/O" or "pq deadlock detected" issues.
2023-01-16Switch the default config option values for `recaptcha_sitekey_class` and ↵Andrew Morgan
`recaptcha_form_field` (#2939) Attempting to use the [web auth fallback mechanism](https://spec.matrix.org/v1.5/client-server-api/#fallback) for Google ReCAPTCHA with the default setting for `client_api.recaptcha_sitekey_class` of "g-recaptcha-response" results in no captcha being rendered: ![image](https://user-images.githubusercontent.com/1342360/212482321-14980045-6e20-4d59-adaa-59a01ad88367.png) I cross-checked the captcha code between [dendrite.matrix.org's fallback page](https://dendrite.matrix.org/_matrix/client/r0/auth/m.login.recaptcha/fallback/web?session=asdhjaksd) and [matrix-client.matrix.org's one](https://matrix-client.matrix.org/_matrix/client/r0/auth/m.login.recaptcha/fallback/web?session=asdhjaksd) (which both use the same captcha public key) and noticed a discrepancy in the `class` attribute of the div that renders the captcha. [ReCAPTCHA's docs state](https://developers.google.com/recaptcha/docs/v3#automatically_bind_the_challenge_to_a_button) to use "g-recaptcha" as the class for the submit button. I noticed this when user `@parappanon:parappa.party` reported that they were also seeing no captcha being rendered on their Dendrite instance. Changing `client_api.recaptcha_sitekey_class` to "g-recaptcha" caused their captcha to render properly as well. There may have been a change in the class name from ReCAPTCHA v2 to v3? The [docs for v2](https://developers.google.com/recaptcha/docs/display#auto_render) also request one uses "g-recaptcha" though. Thus I propose changing the default setting to unbreak people's recaptcha auth fallback pages. Should fix dendrite.matrix.org as well.
2023-01-06Add simplified helm chart (#2905)helm-dendrite-0.10.8Till
As discussed yesterday, a simplified version of [my helm](https://github.com/S7evinK/dendrite-helm) which deploys a monolith with internal NATS and an optionally enabled PostgreSQL server. If the PostgreSQL dependency is not enabled, a user specified connection string is constructed. Co-authored-by: kegsay <kegan@matrix.org>
2022-12-23Add clientapi tests (#2916)Till
This PR - adds several tests for the clientapi, mostly around `/register` and auth fallback. - removes the now deprecated `homeserver` field from responses to `/register` and `/login` - slightly refactors auth fallback handling
2022-12-22Handle guest access [1/2?] (#2872)Till
Needs https://github.com/matrix-org/sytest/pull/1315, as otherwise the membership events aren't persisted yet when hitting `/state` after kicking guest users. Makes the following tests pass: ``` Guest users denied access over federation if guest access prohibited Guest users are kicked from guest_access rooms on revocation of guest_access Guest users are kicked from guest_access rooms on revocation of guest_access over federation ``` Todo (in a follow up PR): - Restrict access to CS API Endpoints as per https://spec.matrix.org/v1.4/client-server-api/#client-behaviour-14 Co-authored-by: kegsay <kegan@matrix.org>
2022-12-01Fix `dendrite-demo-pinecone`, `/_dendrite` namespace setupNeil Alexander
2022-11-29Update configurationNeil Alexander
2022-11-18Fix registration for virtual hostingNeil Alexander
2022-11-17Fix `/key/v2/server`, add HTTP `Host` matchingNeil Alexander
2022-11-16Detect consumer being deleted in `JetStreamConsumer`Neil Alexander
2022-11-15Federation fixes for virtual hostingNeil Alexander
2022-11-11Deny guest access on several endpoints (#2873)Till
Second part for guest access, this adds a `WithAllowGuests()` option to `MakeAuthAPI`, allowing guests to access the specified endpoints. Endpoints taken from the [spec](https://spec.matrix.org/v1.4/client-server-api/#client-behaviour-14) and by checking Synapse endpoints for `allow_guest=true`.
2022-10-28Add hcaptcha support besides Google ReCaptcha (#2834)X. Ding
### Pull Request Checklist This PR add support for hcaptcha.com as an alternative to Google ReCaptcha. It also makes possible for user to customize ReCaptcha URL when needed. (Such as use recaptcha.net instead of www.google.com) This feature needs manual test cuz it involves 3rd party _captcha_. Signed-off-by: `Simon Ding <dxl@plotbridge.com>` Co-authored-by: dxl <dxl@plotbridge.com>
2022-10-26Initial support for multiple server names (#2829)Neil Alexander
This PR is the first step towards virtual hosting by laying the groundwork for multiple server names being configured.
2022-10-26Add support for config "auto_join_rooms" (#2823)Neboer
Add support for config "auto_join_rooms". Now new accounts can join the rooms in config file automatically. ### Pull Request Checklist <!-- Please read https://matrix-org.github.io/dendrite/development/contributing before submitting your pull request --> * [x] I have justified why this PR doesn't need tests. * [x] Pull request includes a [sign off below using a legally identifiable name](https://matrix-org.github.io/dendrite/development/contributing#sign-off) Signed-off-by: `Rubin Poster <rubinposter@gmail.com>`
2022-10-24Fix wrong config keyTill Faelligen
2022-10-06Allow specifying old signing keys with the public key and key ID only (#2770)Neil Alexander
If the private key file is lost, it's often possible to retrieve the public key from another server elsewhere, so we should make it possible to configure it in that way.
2022-10-05Add `RoomEventType` nats.Header to avoid unneeded unmarshalling (#2765)Till
2022-10-04Track reasons why the process is in a degraded stateNeil Alexander
2022-09-27Update search docsNeil Alexander
2022-09-27Fulltext implementation using Bleve (#2675)Till
Based on #2480 This actually indexes events based on their event type. They are removed from the index if we receive a `m.room.redaction` event on the `OutputRoomEvent` stream. An admin endpoint is added to reindex all existing events. Co-authored-by: Neil Alexander <neilalexander@users.noreply.github.com>
2022-09-27Return `M_UNRECOGNIZED` for unknown CS API endpoints/actions (#2740)Neil Alexander
Fixes #2739.
2022-09-27Refactor notifications (#2688)Till
This PR changes the handling of notifications - removes the `StreamEvent` and `ReadUpdate` stream - listens on the `OutputRoomEvent` stream in the UserAPI to inform the SyncAPI about unread notifications - listens on the `OutputReceiptEvent` stream in the UserAPI to set receipts/update notifications - sets the `read_markers` directly from within the internal UserAPI Co-authored-by: Neil Alexander <neilalexander@users.noreply.github.com>
2022-09-20HTTP connection keepalives (#2730)Neil Alexander
Beforehand we disabled HTTP keepalives to prevent ambient system resources from being used by excess idle connections. Now that we've fixed some bugs in the federation API and device list updater, this situation is now much better and we don't open so many remote connections anyway. Keepalives allow us to not have to handshake TLS so often (which is quite expensive) and reusing an idle connection is much faster than having to open a new one. This can help with response times when talking to remote federated servers. This PR also adds a new option to disable keepalives if needed: ``` # Disable HTTP keepalives, which also prevents connection reuse. Dendrite will typically # keep HTTP connections open to remote hosts for 5 minutes as they can be reused much # more quickly than opening new connections each time. Disabling keepalives will close # HTTP connections immediately after a successful request but may result in more CPU and # memory being used on TLS handshakes for each new connection instead. disable_http_keepalives: false ```
2022-09-20Update dependencies (#2729)Neil Alexander
This updates Dendrite dependencies.
2022-09-09Only verify if fulltext indexing is enabledTill Faelligen
2022-09-07Fulltext implementation incl. config (#2480)Till
This adds the main component of the fulltext search. This PR doesn't do anything yet, besides creating an empty fulltextindex folder if enabled. Indexing events is done in a separate PR.
2022-09-07Add a SigningKeyUpdate producer (#2697)Till
This adds a new stream for signing key updates, this should ensure we don't lose any updates over federation.
2022-09-01Configuration tweaks (#2567)Neil Alexander
This makes the following changes: * The various `Defaults` functions are now responsible for setting sane defaults if `generate` is specified, rather than hiding them in `generate-config` * Some configuration options have been marked as `omitempty` so that they don't appear in generated configs unnecessarily (monolith-specific vs. polylith-specific options) * A new option `-polylith` has been added to `generate-config` to create a config that makes sense for polylith deployments (i.e. including the internal/external API listeners and per-component database sections) * A new option `-normalise` has been added to `generate-config` to take an existing file and add any missing options and/or defaults
2022-09-01Refactor appservices component (#2687)Neil Alexander
This PR refactors the app services component. It makes the following changes: * Each appservice now gets its own NATS JetStream consumer * The appservice database is now removed entirely, since we just use JetStream as a data source instead * The entire component is now much simpler and we deleted lots of lines of code 💅 The result is that it should be much lighter and hopefully much more performant.
2022-08-31Allow batching in `JetStreamConsumer` (#2686)Neil Alexander
This allows us to receive more than one message from NATS at a time if we want.
2022-08-31Pinecone standalone refactoring (#2685)Neil Alexander
This refactors the `dendrite-demo-pinecone` executable so that it: 1. Converts the old `.key` file into a standard `.pem` file 2. Allows passing in the `--config` option to supply a normal Dendrite configuration file, so that you can configure PostgreSQL instead of SQLite, appservices and all the other usual stuff
2022-08-30Fix race condition on startup (#2679)Till
`SetupAndServeHTTP` would race in `configureHTTPErrors` and while configuring routes.
2022-08-12/hierarchy - return public and knockable rooms for authed users (#2578)texuf
When requesting the room hierarchy with an authenticated user, return public and knockable rooms. According to the spec, https://github.com/matrix-org/matrix-spec-proposals/blob/main/proposals/2946-spaces-summary.md ``` Any child room that the user is joined or is potentially joinable is included in the response. ``` This is currently not the case. See discussion here: https://matrix.to/#/!NasysSDfxKxZBzJJoE:matrix.org/$t2Csj-6y1PVsn8GOnFZfXzeQW13NfqvrFCxB-XI_uhA?via=matrix.org&via=libera.chat&via=element.io and here: https://matrix.to/#/!NasysSDfxKxZBzJJoE:matrix.org/$EHp1x1DY7tnYZtx_PVEb-sKB9lmJajqHx2uGlhrRh6k?via=matrix.org&via=libera.chat&via=element.io Test Plan: create and register clients bob and alice have bob create a public space have bob create a public room parented to the space have alice join the space(room) have alice sync the space expect alice to see two rooms in the space hierarchy, the space and the child room Co-authored-by: Neil Alexander <neilalexander@users.noreply.github.com>
2022-08-11Generic-based internal HTTP API (#2626)Neil Alexander
* Generic-based internal HTTP API (tested out on a few endpoints in the federation API) * Add `PerformInvite` * More tweaks * Fix metric name * Fix LookupStateIDs * Lots of changes to clients * Some serverside stuff * Some error handling * Use paths as metric names * Revert "Use paths as metric names" This reverts commit a9323a6a343f5ce6461a2e5bd570fe06465f1b15. * Namespace metric names * Remove duplicate entry * Remove another duplicate entry * Tweak error handling * Some more tweaks * Update error behaviour * Some more error tweaking * Fix API path for `PerformDeleteKeys` * Fix another path * Tweak federation client proxying * Fix another path * Don't return typed nils * Some more tweaks, not that it makes any difference * Tweak federation client proxying * Maybe fix the key backup test
2022-08-05Do not use `ioutil` as it is deprecated (#2625)Neil Alexander
2022-08-05Fix linter issues (#2624)Till
* Try that again * All hail the mighty linter? * And once again * goimport all the things
2022-08-05Add race testing to tests, and fix a few small race conditions in the tests ↵Brian Meek
(#2587) * Add race testing to tests, and fix a few small race conditions in the tests * Enable run-sytest on MacOS * Remove deadlock detecting mutex, per code review feedback * Remove autoformatting related changes and a closure that is not needed * Adjust to importing nats client as 'natsclient' Signed-off-by: Brian Meek <brian@hntlabs.com> * Clarify the use of gooseMutex to proect goose internal state Signed-off-by: Brian Meek <brian@hntlabs.com> * Remove no longer needed mutex for guarding goose Signed-off-by: Brian Meek <brian@hntlabs.com>
2022-08-02Disable NATS Server logging, allow self-signed certificates (#2605)Till
* Disable NATS Server logs in CI * Add option to disable TLS validation for NATS
2022-08-01Set CORS headers for HTTP 404 and 405 errors (#2599)Neil Alexander
* Set CORS headers for the 404s * Use custom handlers, plus one for HTTP 405 too * Tweak setup * Add to muxes too * Tidy up some more * Use built-in HTTP 404 handler * Don't bother setting it for federation-facing
2022-07-25Remove `room_id` field from MSC2946 stripped events (closes #2588)Neil Alexander
2022-07-25Add .well-known/matrix/client to clientapi (#2551)Jonathan Bartlett
Signed-off-by: Jonathan Bartlett <jonathan@jonnobrow.co.uk> Co-authored-by: Neil Alexander <neilalexander@users.noreply.github.com>
2022-07-19Update FAQNeil Alexander
2022-07-11Ristretto cache (#2563)Neil Alexander
* Try Ristretto cache * Tweak * It's beautiful * Update GMSL * More strict keyable interface * Fix that some more * Make less panicky * Don't enforce mutability checks for now * Determine mutability using deep equality * Tweaks * Namespace keys * Make federation caches mutable * Update cost estimation, add metric * Update GMSL * Estimate cost for metrics better * Reduce counters a bit * Try caching events * Some guards * Try again * Try this * Use separate caches for hopefully better hash distribution * Fix bug with admitting events into cache * Try to fix bugs * Check nil * Try that again * Preserve order jeezo this is messy * thanks VS Code for doing exactly the wrong thing * Try this again * Be more specific * aaaaargh * One more time * That might be better * Stronger sorting * Cache expiries, async publishing of EDUs * Put it back * Use a shared cache again * Cost estimation fixes * Update ristretto * Reduce counters a bit * Clean up a bit * Update GMSL * 1GB * Configurable cache sizees * Tweaks * Add `config.DataUnit` for specifying friendly cache sizes * Various tweaks * Update GMSL * Add back some lazy loading caching * Include key in cost * Include key in cost * Tweak max age handling, config key name * Only register prometheus metrics if requested * Review comments @S7evinK * Don't return errors when creating caches (it is better just to crash since otherwise we'll `nil`-pointer exception everywhere) * Review comments * Update sample configs * Update GHA Workflow * Update Complement images to Go 1.18 * Remove the cache test from the federation API as we no longer guarantee immediate cache admission * Don't check the caches in the renewal test * Possibly fix the upgrade tests * Update to matrix-org/gomatrixserverlib#322 * Update documentation to refer to Go 1.18