diff options
author | Eric Eastwood <erice@element.io> | 2023-07-18 03:49:21 -0500 |
---|---|---|
committer | GitHub <noreply@github.com> | 2023-07-18 09:49:21 +0100 |
commit | 1c802de626de3293049206cb788af15cbc8ea17f (patch) | |
tree | 52d72c2fcd6442e96943a7a565c519240eca19eb /synapse/api/errors.py | |
parent | Bump anyhow from 1.0.71 to 1.0.72 (#15949) (diff) | |
download | synapse-1c802de626de3293049206cb788af15cbc8ea17f.tar.xz |
Re-introduce the outbound federation proxy (#15913)
Allow configuring the set of workers to proxy outbound federation traffic through (`outbound_federation_restricted_to`). This is useful when you have a worker setup with `federation_sender` instances responsible for sending outbound federation requests and want to make sure *all* outbound federation traffic goes through those instances. Before this change, the generic workers would still contact federation themselves for things like profile lookups, backfill, etc. This PR allows you to set more strict access controls/firewall for all workers and only allow the `federation_sender`'s to contact the outside world.
Diffstat (limited to 'synapse/api/errors.py')
-rw-r--r-- | synapse/api/errors.py | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/synapse/api/errors.py b/synapse/api/errors.py index af894243f8..3546aaf7c3 100644 --- a/synapse/api/errors.py +++ b/synapse/api/errors.py @@ -217,6 +217,13 @@ class InvalidAPICallError(SynapseError): super().__init__(HTTPStatus.BAD_REQUEST, msg, Codes.BAD_JSON) +class InvalidProxyCredentialsError(SynapseError): + """Error raised when the proxy credentials are invalid.""" + + def __init__(self, msg: str, errcode: str = Codes.UNKNOWN): + super().__init__(401, msg, errcode) + + class ProxiedRequestError(SynapseError): """An error from a general matrix endpoint, eg. from a proxied Matrix API call. |