Add ability to disable federation (#1604)

* Allow disabling federation * Don't start federation queues if disabled * Fix for Go 1.13
2025-08-01 13:52:46 +00:00 · 2020-12-02 15:10:03 +00:00 · 2020-12-02 15:10:03 +00:00 · bdf6490375
commit bdf6490375
parent b4c3692dcc
6 changed files with 88 additions and 23 deletions
--- a/internal/setup/base.go
+++ b/internal/setup/base.go
@ -249,6 +249,9 @@ func (b *BaseDendrite) CreateAccountsDB() accounts.Database {
 // CreateClient creates a new client (normally used for media fetch requests).
 // Should only be called once per component.
 func (b *BaseDendrite) CreateClient() *gomatrixserverlib.Client {
+	if b.Cfg.Global.DisableFederation {
+		return gomatrixserverlib.NewClientWithTransport(noOpHTTPTransport)
+	}
 	client := gomatrixserverlib.NewClient(
 		b.Cfg.FederationSender.DisableTLSValidation,
 	)
@ -259,6 +262,12 @@ func (b *BaseDendrite) CreateClient() *gomatrixserverlib.Client {
 // CreateFederationClient creates a new federation client. Should only be called
 // once per component.
 func (b *BaseDendrite) CreateFederationClient() *gomatrixserverlib.FederationClient {
+	if b.Cfg.Global.DisableFederation {
+		return gomatrixserverlib.NewFederationClientWithTransport(
+			b.Cfg.Global.ServerName, b.Cfg.Global.KeyID, b.Cfg.Global.PrivateKey,
+			b.Cfg.FederationSender.DisableTLSValidation, noOpHTTPTransport,
+		)
+	}
 	client := gomatrixserverlib.NewFederationClientWithTimeout(
 		b.Cfg.Global.ServerName, b.Cfg.Global.KeyID, b.Cfg.Global.PrivateKey,
 		b.Cfg.FederationSender.DisableTLSValidation, time.Minute*5,
@ -308,8 +317,10 @@ func (b *BaseDendrite) SetupAndServeHTTP(
 	}

 	externalRouter.PathPrefix(httputil.PublicClientPathPrefix).Handler(b.PublicClientAPIMux)
-	externalRouter.PathPrefix(httputil.PublicKeyPathPrefix).Handler(b.PublicKeyAPIMux)
-	externalRouter.PathPrefix(httputil.PublicFederationPathPrefix).Handler(b.PublicFederationAPIMux)
+	if !b.Cfg.Global.DisableFederation {
+		externalRouter.PathPrefix(httputil.PublicKeyPathPrefix).Handler(b.PublicKeyAPIMux)
+		externalRouter.PathPrefix(httputil.PublicFederationPathPrefix).Handler(b.PublicFederationAPIMux)
+	}
 	externalRouter.PathPrefix(httputil.PublicMediaPathPrefix).Handler(b.PublicMediaAPIMux)

 	if internalAddr != NoListener && internalAddr != externalAddr {
--- a/internal/setup/federation.go
+++ b/internal/setup/federation.go
@ -0,0 +1,32 @@
+package setup
+
+import (
+	"context"
+	"fmt"
+	"net"
+	"net/http"
+)
+
+// noOpHTTPTransport is used to disable federation.
+var noOpHTTPTransport = &http.Transport{
+	Dial: func(_, _ string) (net.Conn, error) {
+		return nil, fmt.Errorf("federation prohibited by configuration")
+	},
+	DialContext: func(_ context.Context, _, _ string) (net.Conn, error) {
+		return nil, fmt.Errorf("federation prohibited by configuration")
+	},
+	DialTLS: func(_, _ string) (net.Conn, error) {
+		return nil, fmt.Errorf("federation prohibited by configuration")
+	},
+}
+
+func init() {
+	noOpHTTPTransport.RegisterProtocol("matrix", &noOpHTTPRoundTripper{})
+}
+
+type noOpHTTPRoundTripper struct {
+}
+
+func (y *noOpHTTPRoundTripper) RoundTrip(req *http.Request) (*http.Response, error) {
+	return nil, fmt.Errorf("federation prohibited by configuration")
+}