diff options
author | Matthew Hodgson <matthew@arasphere.net> | 2018-01-22 19:11:18 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2018-01-22 19:11:18 +0100 |
commit | ab9f844aaf3662a64dbc4c56077e9fa37bc7d5d0 (patch) | |
tree | df5417cbd46f5c9a386d4d762f83b06d58afda17 /synapse/rest/key/v2 | |
parent | Merge pull request #2813 from matrix-org/matthew/registrations_require_3pid (diff) | |
download | synapse-ab9f844aaf3662a64dbc4c56077e9fa37bc7d5d0.tar.xz |
Add federation_domain_whitelist option (#2820)
Add federation_domain_whitelist gives a way to restrict which domains your HS is allowed to federate with. useful mainly for gracefully preventing a private but internet-connected HS from trying to federate to the wider public Matrix network
Diffstat (limited to 'synapse/rest/key/v2')
-rw-r--r-- | synapse/rest/key/v2/remote_key_resource.py | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/synapse/rest/key/v2/remote_key_resource.py b/synapse/rest/key/v2/remote_key_resource.py index cc2842aa72..17e6079cba 100644 --- a/synapse/rest/key/v2/remote_key_resource.py +++ b/synapse/rest/key/v2/remote_key_resource.py @@ -93,6 +93,7 @@ class RemoteKey(Resource): self.store = hs.get_datastore() self.version_string = hs.version_string self.clock = hs.get_clock() + self.federation_domain_whitelist = hs.config.federation_domain_whitelist def render_GET(self, request): self.async_render_GET(request) @@ -137,6 +138,13 @@ class RemoteKey(Resource): logger.info("Handling query for keys %r", query) store_queries = [] for server_name, key_ids in query.items(): + if ( + self.federation_domain_whitelist is not None and + server_name not in self.federation_domain_whitelist + ): + logger.debug("Federation denied with %s", server_name) + continue + if not key_ids: key_ids = (None,) for key_id in key_ids: |