From 6afc4c9b3e066f2d071e8420c9e4111d0dc65d96 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Timo=20K=C3=B6sters?= <timo@koesters.xyz>
Date: Tue, 6 Oct 2020 21:04:51 +0200
Subject: [PATCH] feat: federation disabled by default
It can be enable in the Rocket.toml config or using ROCKET_FEDERATION_ENABLED=true
---
DEPLOY_FROM_SOURCE.md | 3 +++
Rocket-example.toml | 2 ++
docker-compose.yml | 1 +
src/database/globals.rs | 6 ++++++
src/server_server.rs | 39 ++++++++++++++++++++++++++++++++++++++-
5 files changed, 50 insertions(+), 1 deletion(-)
diff --git a/DEPLOY_FROM_SOURCE.md b/DEPLOY_FROM_SOURCE.md
index 4d685f6e0..456fe6ea0 100644
--- a/DEPLOY_FROM_SOURCE.md
+++ b/DEPLOY_FROM_SOURCE.md
@@ -27,7 +27,10 @@ ## Setup systemd service
Environment="ROCKET_PORT=14004" # Reverse proxy port
+#Environment="ROCKET_MAX_REQUEST_SIZE=20000000" # in bytes
#Environment="ROCKET_REGISTRATION_DISABLED=true"
+#Environment="ROCKET_ENCRYPTION_DISABLED=true"
+#Environment="ROCKET_FEDERATION_ENABLED=true"
#Environment="ROCKET_LOG=normal" # Detailed logging
Environment="ROCKET_ENV=production"
diff --git a/Rocket-example.toml b/Rocket-example.toml
index 41b36d3a9..8eb48e95f 100644
--- a/Rocket-example.toml
+++ b/Rocket-example.toml
@@ -16,6 +16,8 @@ port = 14004
# Note: existing rooms will continue to work
#encryption_disabled = true
+#federation_enabled = true
+
# Default path is in this user's data
#database_path = "/home/timo/MyConduitServer"
diff --git a/docker-compose.yml b/docker-compose.yml
index f06eaca97..7d1976225 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -31,6 +31,7 @@ services:
# ROCKET_PORT: 8000
# ROCKET_REGISTRATION_DISABLED: 'true'
# ROCKET_ENCRYPTION_DISABLED: 'true'
+ # ROCKET_FEDERATION_ENABLED: 'true'
# ROCKET_DATABASE_PATH: /srv/conduit/.local/share/conduit
# ROCKET_WORKERS: 10
# ROCKET_MAX_REQUEST_SIZE: 20_000_000 # in bytes, ~20 MB
diff --git a/src/database/globals.rs b/src/database/globals.rs
index 8ce9c0113..37f10eec4 100644
--- a/src/database/globals.rs
+++ b/src/database/globals.rs
@@ -14,6 +14,7 @@ pub struct Globals {
max_request_size: u32,
registration_disabled: bool,
encryption_disabled: bool,
+ federation_enabled: bool,
}
impl Globals {
@@ -69,6 +70,7 @@ pub fn load(globals: sled::Tree, config: &rocket::Config) -> Result<Self> {
.map_err(|_| Error::BadConfig("Invalid max_request_size."))?,
registration_disabled: config.get_bool("registration_disabled").unwrap_or(false),
encryption_disabled: config.get_bool("encryption_disabled").unwrap_or(false),
+ federation_enabled: config.get_bool("federation_enabled").unwrap_or(false),
})
}
@@ -114,4 +116,8 @@ pub fn registration_disabled(&self) -> bool {
pub fn encryption_disabled(&self) -> bool {
self.encryption_disabled
}
+
+ pub fn federation_enabled(&self) -> bool {
+ self.federation_enabled
+ }
}
diff --git a/src/server_server.rs b/src/server_server.rs
index 0c175bfb2..79976c09d 100644
--- a/src/server_server.rs
+++ b/src/server_server.rs
@@ -57,6 +57,10 @@ pub async fn send_request<T: OutgoingRequest>(
where
T: Debug,
{
+ if !globals.federation_enabled() {
+ return Err(Error::BadConfig("Federation is disabled."));
+ }
+
let resolver = AsyncResolver::tokio_from_system_conf()
.await
.map_err(|_| Error::BadConfig("Failed to set up trust dns resolver with system config."))?;
@@ -204,7 +208,11 @@ pub async fn send_request<T: OutgoingRequest>(
}
#[cfg_attr(feature = "conduit_bin", get("/_matrix/federation/v1/version"))]
-pub fn get_server_version() -> ConduitResult<get_server_version::Response> {
+pub fn get_server_version(db: State<'_, Database>) -> ConduitResult<get_server_version::Response> {
+ if !db.globals.federation_enabled() {
+ return Err(Error::BadConfig("Federation is disabled."));
+ }
+
Ok(get_server_version::Response {
server: Some(get_server_version::Server {
name: Some("Conduit".to_owned()),
@@ -216,6 +224,11 @@ pub fn get_server_version() -> ConduitResult<get_server_version::Response> {
#[cfg_attr(feature = "conduit_bin", get("/_matrix/key/v2/server"))]
pub fn get_server_keys(db: State<'_, Database>) -> Json<String> {
+ if !db.globals.federation_enabled() {
+ // TODO: Use proper types
+ return Json("Federation is disabled.".to_owned());
+ }
+
let mut verify_keys = BTreeMap::new();
verify_keys.insert(
format!("ed25519:{}", db.globals.keypair().version()),
@@ -259,6 +272,10 @@ pub async fn get_public_rooms_filtered_route(
db: State<'_, Database>,
body: Ruma<get_public_rooms_filtered::v1::Request<'_>>,
) -> ConduitResult<get_public_rooms_filtered::v1::Response> {
+ if !db.globals.federation_enabled() {
+ return Err(Error::BadConfig("Federation is disabled."));
+ }
+
let response = client_server::get_public_rooms_filtered_helper(
&db,
None,
@@ -302,6 +319,10 @@ pub async fn get_public_rooms_route(
db: State<'_, Database>,
body: Ruma<get_public_rooms::v1::Request<'_>>,
) -> ConduitResult<get_public_rooms::v1::Response> {
+ if !db.globals.federation_enabled() {
+ return Err(Error::BadConfig("Federation is disabled."));
+ }
+
let response = client_server::get_public_rooms_filtered_helper(
&db,
None,
@@ -345,6 +366,10 @@ pub fn send_transaction_message_route<'a>(
db: State<'a, Database>,
body: Ruma<send_transaction_message::v1::Request<'_>>,
) -> ConduitResult<send_transaction_message::v1::Response> {
+ if !db.globals.federation_enabled() {
+ return Err(Error::BadConfig("Federation is disabled."));
+ }
+
//dbg!(&*body);
for pdu in &body.pdus {
let mut value = serde_json::from_str(pdu.json().get())
@@ -384,6 +409,10 @@ pub fn get_missing_events_route<'a>(
db: State<'a, Database>,
body: Ruma<get_missing_events::v1::Request<'_>>,
) -> ConduitResult<get_missing_events::v1::Response> {
+ if !db.globals.federation_enabled() {
+ return Err(Error::BadConfig("Federation is disabled."));
+ }
+
let mut queued_events = body.latest_events.clone();
let mut events = Vec::new();
@@ -427,6 +456,10 @@ pub fn get_profile_information_route<'a>(
db: State<'a, Database>,
body: Ruma<get_profile_information::v1::Request<'_>>,
) -> ConduitResult<get_profile_information::v1::Response> {
+ if !db.globals.federation_enabled() {
+ return Err(Error::BadConfig("Federation is disabled."));
+ }
+
let mut displayname = None;
let mut avatar_url = None;
@@ -455,6 +488,10 @@ pub fn get_user_devices_route<'a>(
db: State<'a, Database>,
body: Ruma<membership::v1::Request<'_>>,
) -> ConduitResult<get_profile_information::v1::Response> {
+ if !db.globals.federation_enabled() {
+ return Err(Error::BadConfig("Federation is disabled."));
+ }
+
let mut displayname = None;
let mut avatar_url = None;
--
GitLab