diff options
author | Matthew Hodgson <matthew@arasphere.net> | 2018-01-22 19:11:18 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2018-01-22 19:11:18 +0100 |
commit | ab9f844aaf3662a64dbc4c56077e9fa37bc7d5d0 (patch) | |
tree | df5417cbd46f5c9a386d4d762f83b06d58afda17 /synapse/federation/transport/server.py | |
parent | Merge pull request #2813 from matrix-org/matthew/registrations_require_3pid (diff) | |
download | synapse-ab9f844aaf3662a64dbc4c56077e9fa37bc7d5d0.tar.xz |
Add federation_domain_whitelist option (#2820)
Add federation_domain_whitelist gives a way to restrict which domains your HS is allowed to federate with. useful mainly for gracefully preventing a private but internet-connected HS from trying to federate to the wider public Matrix network
Diffstat (limited to 'synapse/federation/transport/server.py')
-rw-r--r-- | synapse/federation/transport/server.py | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/synapse/federation/transport/server.py b/synapse/federation/transport/server.py index 2b02b021ec..06c16ba4fa 100644 --- a/synapse/federation/transport/server.py +++ b/synapse/federation/transport/server.py @@ -16,7 +16,7 @@ from twisted.internet import defer from synapse.api.urls import FEDERATION_PREFIX as PREFIX -from synapse.api.errors import Codes, SynapseError +from synapse.api.errors import Codes, SynapseError, FederationDeniedError from synapse.http.server import JsonResource from synapse.http.servlet import ( parse_json_object_from_request, parse_integer_from_args, parse_string_from_args, @@ -81,6 +81,7 @@ class Authenticator(object): self.keyring = hs.get_keyring() self.server_name = hs.hostname self.store = hs.get_datastore() + self.federation_domain_whitelist = hs.config.federation_domain_whitelist # A method just so we can pass 'self' as the authenticator to the Servlets @defer.inlineCallbacks @@ -92,6 +93,12 @@ class Authenticator(object): "signatures": {}, } + if ( + self.federation_domain_whitelist is not None and + self.server_name not in self.federation_domain_whitelist + ): + raise FederationDeniedError(self.server_name) + if content is not None: json_request["content"] = content |