mirror of
https://github.com/hoernschen/dendrite.git
synced 2025-07-29 12:42:46 +00:00
Merge federationapi, federationsender, signingkeyserver components (#2055)
* Initial federation sender -> federation API refactoring * Move base into own package, avoids import cycle * Fix build errors * Fix tests * Add signing key server tables * Try to fold signing key server into federation API * Fix dendritejs builds * Update embedded interfaces * Fix panic, fix lint error * Update configs, docker * Rename some things * Reuse same keyring on the implementing side * Fix federation tests, `NewBaseDendrite` can accept freeform options * Fix build * Update create_db, configs * Name tables back * Don't rename federationsender consumer for now
This commit is contained in:
Neil Alexander
GitHub
parent
6e93531e94
commit
ec716793eb
136 changed files with 1211 additions and 1786 deletions
|
|
@ -53,18 +53,16 @@ type Dendrite struct {
|
|||
// been a breaking change to the config file format.
|
||||
Version int `yaml:"version"`
|
||||
|
||||
Global Global `yaml:"global"`
|
||||
AppServiceAPI AppServiceAPI `yaml:"app_service_api"`
|
||||
ClientAPI ClientAPI `yaml:"client_api"`
|
||||
EDUServer EDUServer `yaml:"edu_server"`
|
||||
FederationAPI FederationAPI `yaml:"federation_api"`
|
||||
FederationSender FederationSender `yaml:"federation_sender"`
|
||||
KeyServer KeyServer `yaml:"key_server"`
|
||||
MediaAPI MediaAPI `yaml:"media_api"`
|
||||
RoomServer RoomServer `yaml:"room_server"`
|
||||
SigningKeyServer SigningKeyServer `yaml:"signing_key_server"`
|
||||
SyncAPI SyncAPI `yaml:"sync_api"`
|
||||
UserAPI UserAPI `yaml:"user_api"`
|
||||
Global Global `yaml:"global"`
|
||||
AppServiceAPI AppServiceAPI `yaml:"app_service_api"`
|
||||
ClientAPI ClientAPI `yaml:"client_api"`
|
||||
EDUServer EDUServer `yaml:"edu_server"`
|
||||
FederationAPI FederationAPI `yaml:"federation_api"`
|
||||
KeyServer KeyServer `yaml:"key_server"`
|
||||
MediaAPI MediaAPI `yaml:"media_api"`
|
||||
RoomServer RoomServer `yaml:"room_server"`
|
||||
SyncAPI SyncAPI `yaml:"sync_api"`
|
||||
UserAPI UserAPI `yaml:"user_api"`
|
||||
|
||||
MSCs MSCs `yaml:"mscs"`
|
||||
|
||||
|
|
@ -300,11 +298,9 @@ func (c *Dendrite) Defaults() {
|
|||
c.ClientAPI.Defaults()
|
||||
c.EDUServer.Defaults()
|
||||
c.FederationAPI.Defaults()
|
||||
c.FederationSender.Defaults()
|
||||
c.KeyServer.Defaults()
|
||||
c.MediaAPI.Defaults()
|
||||
c.RoomServer.Defaults()
|
||||
c.SigningKeyServer.Defaults()
|
||||
c.SyncAPI.Defaults()
|
||||
c.UserAPI.Defaults()
|
||||
c.AppServiceAPI.Defaults()
|
||||
|
|
@ -319,9 +315,9 @@ func (c *Dendrite) Verify(configErrs *ConfigErrors, isMonolith bool) {
|
|||
}
|
||||
for _, c := range []verifiable{
|
||||
&c.Global, &c.ClientAPI,
|
||||
&c.EDUServer, &c.FederationAPI, &c.FederationSender,
|
||||
&c.EDUServer, &c.FederationAPI,
|
||||
&c.KeyServer, &c.MediaAPI, &c.RoomServer,
|
||||
&c.SigningKeyServer, &c.SyncAPI, &c.UserAPI,
|
||||
&c.SyncAPI, &c.UserAPI,
|
||||
&c.AppServiceAPI, &c.MSCs,
|
||||
} {
|
||||
c.Verify(configErrs, isMonolith)
|
||||
|
|
@ -332,11 +328,9 @@ func (c *Dendrite) Wiring() {
|
|||
c.ClientAPI.Matrix = &c.Global
|
||||
c.EDUServer.Matrix = &c.Global
|
||||
c.FederationAPI.Matrix = &c.Global
|
||||
c.FederationSender.Matrix = &c.Global
|
||||
c.KeyServer.Matrix = &c.Global
|
||||
c.MediaAPI.Matrix = &c.Global
|
||||
c.RoomServer.Matrix = &c.Global
|
||||
c.SigningKeyServer.Matrix = &c.Global
|
||||
c.SyncAPI.Matrix = &c.Global
|
||||
c.UserAPI.Matrix = &c.Global
|
||||
c.AppServiceAPI.Matrix = &c.Global
|
||||
|
|
@ -493,6 +487,15 @@ func (config *Dendrite) AppServiceURL() string {
|
|||
return string(config.AppServiceAPI.InternalAPI.Connect)
|
||||
}
|
||||
|
||||
// FederationAPIURL returns an HTTP URL for where the federation API is listening.
|
||||
func (config *Dendrite) FederationAPIURL() string {
|
||||
// Hard code the federationapi to talk HTTP for now.
|
||||
// If we support HTTPS we need to think of a practical way to do certificate validation.
|
||||
// People setting up servers shouldn't need to get a certificate valid for the public
|
||||
// internet for an internal API.
|
||||
return string(config.FederationAPI.InternalAPI.Connect)
|
||||
}
|
||||
|
||||
// RoomServerURL returns an HTTP URL for where the roomserver is listening.
|
||||
func (config *Dendrite) RoomServerURL() string {
|
||||
// Hard code the roomserver to talk HTTP for now.
|
||||
|
|
@ -520,24 +523,6 @@ func (config *Dendrite) EDUServerURL() string {
|
|||
return string(config.EDUServer.InternalAPI.Connect)
|
||||
}
|
||||
|
||||
// FederationSenderURL returns an HTTP URL for where the federation sender is listening.
|
||||
func (config *Dendrite) FederationSenderURL() string {
|
||||
// Hard code the federation sender server to talk HTTP for now.
|
||||
// If we support HTTPS we need to think of a practical way to do certificate validation.
|
||||
// People setting up servers shouldn't need to get a certificate valid for the public
|
||||
// internet for an internal API.
|
||||
return string(config.FederationSender.InternalAPI.Connect)
|
||||
}
|
||||
|
||||
// SigningKeyServerURL returns an HTTP URL for where the signing key server is listening.
|
||||
func (config *Dendrite) SigningKeyServerURL() string {
|
||||
// Hard code the signing key server to talk HTTP for now.
|
||||
// If we support HTTPS we need to think of a practical way to do certificate validation.
|
||||
// People setting up servers shouldn't need to get a certificate valid for the public
|
||||
// internet for an internal API.
|
||||
return string(config.SigningKeyServer.InternalAPI.Connect)
|
||||
}
|
||||
|
||||
// KeyServerURL returns an HTTP URL for where the key server is listening.
|
||||
func (config *Dendrite) KeyServerURL() string {
|
||||
// Hard code the key server to talk HTTP for now.
|
||||
|
|
|
|||
|
|
@ -1,23 +1,55 @@
|
|||
package config
|
||||
|
||||
import "github.com/matrix-org/gomatrixserverlib"
|
||||
|
||||
type FederationAPI struct {
|
||||
Matrix *Global `yaml:"-"`
|
||||
|
||||
InternalAPI InternalAPIOptions `yaml:"internal_api"`
|
||||
ExternalAPI ExternalAPIOptions `yaml:"external_api"`
|
||||
|
||||
// The database stores information used by the federation destination queues to
|
||||
// send transactions to remote servers.
|
||||
Database DatabaseOptions `yaml:"database"`
|
||||
|
||||
// List of paths to X509 certificates used by the external federation listeners.
|
||||
// These are used to calculate the TLS fingerprints to publish for this server.
|
||||
// Other matrix servers talking to this server will expect the x509 certificate
|
||||
// to match one of these certificates.
|
||||
// The certificates should be in PEM format.
|
||||
FederationCertificatePaths []Path `yaml:"federation_certificates"`
|
||||
|
||||
// Federation failure threshold. How many consecutive failures that we should
|
||||
// tolerate when sending federation requests to a specific server. The backoff
|
||||
// is 2**x seconds, so 1 = 2 seconds, 2 = 4 seconds, 3 = 8 seconds, etc.
|
||||
// The default value is 16 if not specified, which is circa 18 hours.
|
||||
FederationMaxRetries uint32 `yaml:"send_max_retries"`
|
||||
|
||||
// FederationDisableTLSValidation disables the validation of X.509 TLS certs
|
||||
// on remote federation endpoints. This is not recommended in production!
|
||||
DisableTLSValidation bool `yaml:"disable_tls_validation"`
|
||||
|
||||
Proxy Proxy `yaml:"proxy_outbound"`
|
||||
|
||||
// Perspective keyservers, to use as a backup when direct key fetch
|
||||
// requests don't succeed
|
||||
KeyPerspectives KeyPerspectives `yaml:"key_perspectives"`
|
||||
|
||||
// Should we prefer direct key fetches over perspective ones?
|
||||
PreferDirectFetch bool `yaml:"prefer_direct_fetch"`
|
||||
}
|
||||
|
||||
func (c *FederationAPI) Defaults() {
|
||||
c.InternalAPI.Listen = "http://localhost:7772"
|
||||
c.InternalAPI.Connect = "http://localhost:7772"
|
||||
c.ExternalAPI.Listen = "http://[::]:8072"
|
||||
c.Database.Defaults(10)
|
||||
c.Database.ConnectionString = "file:federationapi.db"
|
||||
|
||||
c.FederationMaxRetries = 16
|
||||
c.DisableTLSValidation = false
|
||||
|
||||
c.Proxy.Defaults()
|
||||
}
|
||||
|
||||
func (c *FederationAPI) Verify(configErrs *ConfigErrors, isMonolith bool) {
|
||||
|
|
@ -26,6 +58,48 @@ func (c *FederationAPI) Verify(configErrs *ConfigErrors, isMonolith bool) {
|
|||
if !isMonolith {
|
||||
checkURL(configErrs, "federation_api.external_api.listen", string(c.ExternalAPI.Listen))
|
||||
}
|
||||
checkNotEmpty(configErrs, "federation_api.database.connection_string", string(c.Database.ConnectionString))
|
||||
// TODO: not applicable always, e.g. in demos
|
||||
//checkNotZero(configErrs, "federation_api.federation_certificates", int64(len(c.FederationCertificatePaths)))
|
||||
}
|
||||
|
||||
// The config for setting a proxy to use for server->server requests
|
||||
type Proxy struct {
|
||||
// Is the proxy enabled?
|
||||
Enabled bool `yaml:"enabled"`
|
||||
// The protocol for the proxy (http / https / socks5)
|
||||
Protocol string `yaml:"protocol"`
|
||||
// The host where the proxy is listening
|
||||
Host string `yaml:"host"`
|
||||
// The port on which the proxy is listening
|
||||
Port uint16 `yaml:"port"`
|
||||
}
|
||||
|
||||
func (c *Proxy) Defaults() {
|
||||
c.Enabled = false
|
||||
c.Protocol = "http"
|
||||
c.Host = "localhost"
|
||||
c.Port = 8080
|
||||
}
|
||||
|
||||
func (c *Proxy) Verify(configErrs *ConfigErrors) {
|
||||
}
|
||||
|
||||
// KeyPerspectives are used to configure perspective key servers for
|
||||
// retrieving server keys.
|
||||
type KeyPerspectives []KeyPerspective
|
||||
|
||||
type KeyPerspective struct {
|
||||
// The server name of the perspective key server
|
||||
ServerName gomatrixserverlib.ServerName `yaml:"server_name"`
|
||||
// Server keys for the perspective user, used to verify the
|
||||
// keys have been signed by the perspective server
|
||||
Keys []KeyPerspectiveTrustKey `yaml:"keys"`
|
||||
}
|
||||
|
||||
type KeyPerspectiveTrustKey struct {
|
||||
// The key ID, e.g. ed25519:auto
|
||||
KeyID gomatrixserverlib.KeyID `yaml:"key_id"`
|
||||
// The public key in base64 unpadded format
|
||||
PublicKey string `yaml:"public_key"`
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,63 +0,0 @@
|
|||
package config
|
||||
|
||||
type FederationSender struct {
|
||||
Matrix *Global `yaml:"-"`
|
||||
|
||||
InternalAPI InternalAPIOptions `yaml:"internal_api"`
|
||||
|
||||
// The FederationSender database stores information used by the FederationSender
|
||||
// It is only accessed by the FederationSender.
|
||||
Database DatabaseOptions `yaml:"database"`
|
||||
|
||||
// Federation failure threshold. How many consecutive failures that we should
|
||||
// tolerate when sending federation requests to a specific server. The backoff
|
||||
// is 2**x seconds, so 1 = 2 seconds, 2 = 4 seconds, 3 = 8 seconds, etc.
|
||||
// The default value is 16 if not specified, which is circa 18 hours.
|
||||
FederationMaxRetries uint32 `yaml:"send_max_retries"`
|
||||
|
||||
// FederationDisableTLSValidation disables the validation of X.509 TLS certs
|
||||
// on remote federation endpoints. This is not recommended in production!
|
||||
DisableTLSValidation bool `yaml:"disable_tls_validation"`
|
||||
|
||||
Proxy Proxy `yaml:"proxy_outbound"`
|
||||
}
|
||||
|
||||
func (c *FederationSender) Defaults() {
|
||||
c.InternalAPI.Listen = "http://localhost:7775"
|
||||
c.InternalAPI.Connect = "http://localhost:7775"
|
||||
c.Database.Defaults(10)
|
||||
c.Database.ConnectionString = "file:federationsender.db"
|
||||
|
||||
c.FederationMaxRetries = 16
|
||||
c.DisableTLSValidation = false
|
||||
|
||||
c.Proxy.Defaults()
|
||||
}
|
||||
|
||||
func (c *FederationSender) Verify(configErrs *ConfigErrors, isMonolith bool) {
|
||||
checkURL(configErrs, "federation_sender.internal_api.listen", string(c.InternalAPI.Listen))
|
||||
checkURL(configErrs, "federation_sender.internal_api.connect", string(c.InternalAPI.Connect))
|
||||
checkNotEmpty(configErrs, "federation_sender.database.connection_string", string(c.Database.ConnectionString))
|
||||
}
|
||||
|
||||
// The config for setting a proxy to use for server->server requests
|
||||
type Proxy struct {
|
||||
// Is the proxy enabled?
|
||||
Enabled bool `yaml:"enabled"`
|
||||
// The protocol for the proxy (http / https / socks5)
|
||||
Protocol string `yaml:"protocol"`
|
||||
// The host where the proxy is listening
|
||||
Host string `yaml:"host"`
|
||||
// The port on which the proxy is listening
|
||||
Port uint16 `yaml:"port"`
|
||||
}
|
||||
|
||||
func (c *Proxy) Defaults() {
|
||||
c.Enabled = false
|
||||
c.Protocol = "http"
|
||||
c.Host = "localhost"
|
||||
c.Port = 8080
|
||||
}
|
||||
|
||||
func (c *Proxy) Verify(configErrs *ConfigErrors) {
|
||||
}
|
||||
|
|
@ -1,52 +0,0 @@
|
|||
package config
|
||||
|
||||
import "github.com/matrix-org/gomatrixserverlib"
|
||||
|
||||
type SigningKeyServer struct {
|
||||
Matrix *Global `yaml:"-"`
|
||||
|
||||
InternalAPI InternalAPIOptions `yaml:"internal_api"`
|
||||
|
||||
// The SigningKeyServer database caches the public keys of remote servers.
|
||||
// It may be accessed by the FederationAPI, the ClientAPI, and the MediaAPI.
|
||||
Database DatabaseOptions `yaml:"database"`
|
||||
|
||||
// Perspective keyservers, to use as a backup when direct key fetch
|
||||
// requests don't succeed
|
||||
KeyPerspectives KeyPerspectives `yaml:"key_perspectives"`
|
||||
|
||||
// Should we prefer direct key fetches over perspective ones?
|
||||
PreferDirectFetch bool `yaml:"prefer_direct_fetch"`
|
||||
}
|
||||
|
||||
func (c *SigningKeyServer) Defaults() {
|
||||
c.InternalAPI.Listen = "http://localhost:7780"
|
||||
c.InternalAPI.Connect = "http://localhost:7780"
|
||||
c.Database.Defaults(10)
|
||||
c.Database.ConnectionString = "file:signingkeyserver.db"
|
||||
}
|
||||
|
||||
func (c *SigningKeyServer) Verify(configErrs *ConfigErrors, isMonolith bool) {
|
||||
checkURL(configErrs, "signing_key_server.internal_api.listen", string(c.InternalAPI.Listen))
|
||||
checkURL(configErrs, "signing_key_server.internal_api.bind", string(c.InternalAPI.Connect))
|
||||
checkNotEmpty(configErrs, "signing_key_server.database.connection_string", string(c.Database.ConnectionString))
|
||||
}
|
||||
|
||||
// KeyPerspectives are used to configure perspective key servers for
|
||||
// retrieving server keys.
|
||||
type KeyPerspectives []KeyPerspective
|
||||
|
||||
type KeyPerspective struct {
|
||||
// The server name of the perspective key server
|
||||
ServerName gomatrixserverlib.ServerName `yaml:"server_name"`
|
||||
// Server keys for the perspective user, used to verify the
|
||||
// keys have been signed by the perspective server
|
||||
Keys []KeyPerspectiveTrustKey `yaml:"keys"`
|
||||
}
|
||||
|
||||
type KeyPerspectiveTrustKey struct {
|
||||
// The key ID, e.g. ed25519:auto
|
||||
KeyID gomatrixserverlib.KeyID `yaml:"key_id"`
|
||||
// The public key in base64 unpadded format
|
||||
PublicKey string `yaml:"public_key"`
|
||||
}
|
||||
|
|
@ -112,7 +112,7 @@ federation_sender:
|
|||
listen: http://localhost:7775
|
||||
connect: http://localhost:7775
|
||||
database:
|
||||
connection_string: file:federationsender.db
|
||||
connection_string: file:federationapi.db
|
||||
max_open_conns: 100
|
||||
max_idle_conns: 2
|
||||
conn_max_lifetime: -1
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue