summary refs log tree commit diff
path: root/synapse/rest/key/v2
diff options
context:
space:
mode:
authorMatthew Hodgson <matthew@arasphere.net>2018-01-22 19:11:18 +0100
committerGitHub <noreply@github.com>2018-01-22 19:11:18 +0100
commitab9f844aaf3662a64dbc4c56077e9fa37bc7d5d0 (patch)
treedf5417cbd46f5c9a386d4d762f83b06d58afda17 /synapse/rest/key/v2
parentMerge pull request #2813 from matrix-org/matthew/registrations_require_3pid (diff)
downloadsynapse-ab9f844aaf3662a64dbc4c56077e9fa37bc7d5d0.tar.xz
Add federation_domain_whitelist option (#2820)
Add federation_domain_whitelist

gives a way to restrict which domains your HS is allowed to federate with.
useful mainly for gracefully preventing a private but internet-connected HS from trying to federate to the wider public Matrix network
Diffstat (limited to 'synapse/rest/key/v2')
-rw-r--r--synapse/rest/key/v2/remote_key_resource.py8
1 files changed, 8 insertions, 0 deletions
diff --git a/synapse/rest/key/v2/remote_key_resource.py b/synapse/rest/key/v2/remote_key_resource.py
index cc2842aa72..17e6079cba 100644
--- a/synapse/rest/key/v2/remote_key_resource.py
+++ b/synapse/rest/key/v2/remote_key_resource.py
@@ -93,6 +93,7 @@ class RemoteKey(Resource):
         self.store = hs.get_datastore()
         self.version_string = hs.version_string
         self.clock = hs.get_clock()
+        self.federation_domain_whitelist = hs.config.federation_domain_whitelist
 
     def render_GET(self, request):
         self.async_render_GET(request)
@@ -137,6 +138,13 @@ class RemoteKey(Resource):
         logger.info("Handling query for keys %r", query)
         store_queries = []
         for server_name, key_ids in query.items():
+            if (
+                self.federation_domain_whitelist is not None and
+                server_name not in self.federation_domain_whitelist
+            ):
+                logger.debug("Federation denied with %s", server_name)
+                continue
+
             if not key_ids:
                 key_ids = (None,)
             for key_id in key_ids: