summary refs log tree commit diff
path: root/synapse/app (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Move some more endpoints off master (#10084)Erik Johnston2021-05-271-2/+2
|
* Remove redundant code to reload tls cert (#10054)Richard van der Hoff2021-05-271-4/+1
| | | | | we don't need to reload the tls cert if we don't have any tls listeners. Follow-up to #9280.
* Don't hammer the database for destination retry timings every ~5mins (#10036)Erik Johnston2021-05-211-2/+0
|
* Export jemalloc stats to prometheus when used (#9882)Erik Johnston2021-05-061-0/+2
|
* Optionally track memory usage of each LruCache (#9881)Erik Johnston2021-05-052-0/+2
| | | | | This will double count slightly in the presence of interned strings. It's off by default as it can consume a lot of resources.
* Limit how often GC happens by time. (#9902)Erik Johnston2021-05-052-0/+6
| | | | | | | | | | | | | | | Synapse can be quite memory intensive, and unless care is taken to tune the GC thresholds it can end up thrashing, causing noticable performance problems for large servers. We fix this by limiting how often we GC a given generation, regardless of current counts/thresholds. This does not help with the reverse problem where the thresholds are set too high, but that should only happen in situations where they've been manually configured. Adds a `gc_min_seconds_between` config option to override the defaults. Fixes #9890.
* Improved validation for received requests (#9817)Richard van der Hoff2021-04-234-21/+45
| | | | | | * Simplify `start_listening` callpath * Correctly check the size of uploaded files
* pass a reactor into SynapseSite (#9874)Richard van der Hoff2021-04-232-15/+11
|
* Split presence out of master (#9820)Erik Johnston2021-04-231-27/+4
|
* remove `HomeServer.get_config` (#9815)Richard van der Hoff2021-04-142-10/+10
| | | | Every single time I want to access the config object, I have to remember whether or not we use `get_config`. Let's just get rid of it.
* Move some replication processing out of generic_worker (#9796)Erik Johnston2021-04-141-468/+2
| | | Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
* Remove redundant "coding: utf-8" lines (#9786)Jonathan de Jong2021-04-1415-15/+0
| | | | | | | Part of #9744 Removes all redundant `# -*- coding: utf-8 -*-` lines from files, as python 3 automatically reads source code as utf-8 now. `Signed-off-by: Jonathan de Jong <jonathan@automatia.nl>`
* Add a Synapse Module for configuring presence update routing (#9491)Andrew Morgan2021-04-061-1/+2
| | | | | | | | | | | | At the moment, if you'd like to share presence between local or remote users, those users must be sharing a room together. This isn't always the most convenient or useful situation though. This PR adds a module to Synapse that will allow deployments to set up extra logic on where presence updates should be routed. The module must implement two methods, `get_users_for_states` and `get_interested_users`. These methods are given presence updates or user IDs and must return information that Synapse will use to grant passing presence updates around. A method is additionally added to `ModuleApi` which allows triggering a set of users to receive the current, online presence information for all users they are considered interested in. This is the equivalent of that user receiving presence information during an initial sync. The goal of this module is to be fairly generic and useful for a variety of applications, with hard requirements being: * Sending state for a specific set or all known users to a defined set of local and remote users. * The ability to trigger an initial sync for specific users, so they receive all current state.
* Add type hints for the federation sender. (#9681)Patrick Cloke2021-03-291-7/+0
| | | | Includes an abstract base class which both the FederationSender and the FederationRemoteSendQueue must implement.
* Suppress CryptographyDeprecationWarning (#9698)Richard van der Hoff2021-03-263-14/+25
| | | This warning is somewhat confusing to users, so let's suppress it
* Fix lintBrendan Abolivier2021-03-191-4/+4
|
* Move support for MSC3026 behind an experimental flagBrendan Abolivier2021-03-181-1/+6
|
* Implement MSC3026: busy presence stateBrendan Abolivier2021-03-181-0/+1
|
* Enable flake8-bugbear, but disable most checks. (#9499)Jonathan de Jong2021-03-161-1/+3
| | | | * Adds B00 to ignored checks. * Fixes remaining issues.
* Set X-Forwarded-Proto header when frontend-proxy proxies a request (#9539)Richard van der Hoff2021-03-031-2/+13
| | | Should fix some remaining warnings
* Allow bytecode again (#9502)Jonathan de Jong2021-02-261-2/+0
| | | | | | | In #75, bytecode was disabled (from a bit of FUD back in `python<2.4` days, according to dev chat), I think it's safe enough to enable it again. Added in `__pycache__/` and `.pyc`/`.pyd` to `.gitignore`, to extra-insure compiled files don't get committed. `Signed-off-by: Jonathan de Jong <jonathan@automatia.nl>`
* Clean up `ShardedWorkerHandlingConfig` (#9466)Erik Johnston2021-02-242-32/+2
| | | | | | | | | | | | | | | | | * Split ShardedWorkerHandlingConfig This is so that we have a type level understanding of when it is safe to call `get_instance(..)` (as opposed to `should_handle(..)`). * Remove special cases in ShardedWorkerHandlingConfig. `ShardedWorkerHandlingConfig` tried to handle the various different ways it was possible to configure federation senders and pushers. This led to special cases that weren't hit during testing. To fix this the handling of the different cases is moved from there and `generic_worker` into the worker config class. This allows us to have the logic in one place and allows the rest of the code to ignore the different cases.
* Fix deleting pushers when using sharded pushers. (#9465)Erik Johnston2021-02-221-3/+0
|
* Update black, and run auto formatting over the codebase (#9381)Eric Eastwood2021-02-162-11/+6
| | | | | | | - Update black version to the latest - Run black auto formatting over the codebase - Run autoformatting according to [`docs/code_style.md `](https://github.com/matrix-org/synapse/blob/80d6dc9783aa80886a133756028984dbf8920168/docs/code_style.md) - Update `code_style.md` docs around installing black to use the correct version
* Merge branch 'social_login' into developRichard van der Hoff2021-02-012-18/+9
|\
| * Fix SSO on workers (#9271)Richard van der Hoff2021-02-012-20/+9
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fixes #8966. * Factor out build_synapse_client_resource_tree Start a function which will mount resources common to all workers. * Move sso init into build_synapse_client_resource_tree ... so that we don't have to do it for each worker * Fix SSO-login-via-a-worker Expose the SSO login endpoints on workers, like the documentation says. * Update workers config for new endpoints Add documentation for endpoints recently added (#8942, #9017, #9262) * remove submit_token from workers endpoints list this *doesn't* work on workers (yet). * changelog * Add a comment about the odd path for SAML2Resource
| * Split out a separate endpoint to complete SSO registration (#9262)Richard van der Hoff2021-02-011-0/+2
| | | | | | There are going to be a couple of paths to get to the final step of SSO reg, and I want the URL in the browser to consistent. So, let's move the final step onto a separate path, which we redirect to.
* | Add phone home stats for encrypted messages. (#9283)Jan Christian Grünhage2021-02-011-2/+7
| | | | | | Signed-off-by: Jan Christian Grünhage <jan.christian@gruenhage.xyz>
* | Fixes for PyPy compatibility (#9270)Ivan Shapovalov2021-01-301-1/+2
|/ | | | | | | | | | | | * synapse.app.base: only call gc.freeze() on CPython gc.freeze() is an implementation detail of CPython garbage collector, and notably does not exist on PyPy. Rather than playing whack-a-mole and skipping the call when under PyPy, simply restrict it to CPython because the whole gc module is implementation-defined. Signed-off-by: Ivan Shapovalov <intelfx@intelfx.name>
* Allow moving account data and receipts streams off master (#9104)Erik Johnston2021-01-181-1/+14
|
* Split OidcProvider out of OidcHandler (#9107)Richard van der Hoff2021-01-141-1/+0
| | | | | | | The idea here is that we will have an instance of OidcProvider for each configured IdP, with OidcHandler just doing the marshalling of them. For now it's still hardcoded with a single provider.
* Register the /devices endpoint on workers. (#9092)Patrick Cloke2021-01-131-0/+2
|
* Move more encryption endpoints off master (#9068)Erik Johnston2021-01-111-2/+10
|
* Clean up exception handling in the startup code (#9059)Richard van der Hoff2021-01-113-100/+119
| | | | Factor out the exception handling in the startup code to a utility function, and fix the some logging and exit code stuff.
* Remove unused SynapseService (#9058)Richard van der Hoff2021-01-111-22/+0
|
* Allow running sendToDevice on workers (#9044)Erik Johnston2021-01-071-0/+3
|
* Add initial support for a "pick your IdP" page (#9017)Richard van der Hoff2021-01-051-0/+2
| | | | | During login, if there are multiple IdPs enabled, offer the user a choice of IdPs.
* Allow redacting events on workers (#8994)Patrick Cloke2020-12-291-27/+4
| | | Adds the redacts endpoint to workers that have the client listener.
* Implement a username picker for synapse (#8942)Richard van der Hoff2020-12-181-0/+2
| | | | | | | | | | | | | | The final part (for now) of my work to implement a username picker in synapse itself. The idea is that we allow `UsernameMappingProvider`s to return `localpart=None`, in which case, rather than redirecting the browser back to the client, we redirect to a username-picker resource, which allows the user to enter a username. We *then* complete the SSO flow (including doing the client permission checks). The static resources for the username picker itself (in https://github.com/matrix-org/synapse/tree/rav/username_picker/synapse/res/username_picker) are essentially lifted wholesale from https://github.com/matrix-org/matrix-synapse-saml-mozilla/tree/master/matrix_synapse_saml_mozilla/res. As the comment says, we might want to think about making them customisable, but that can be a follow-up. Fixes #8876.
* Fix deadlock on SIGHUP (#8918)Erik Johnston2020-12-101-1/+5
| | | Fixes #8892
* Better formatting for config errors from modules (#8874)Richard van der Hoff2020-12-081-4/+42
| | | | | | | | | | The idea is that the parse_config method of extension modules can raise either a ConfigError or a JsonValidationError, and it will be magically turned into a legible error message. There's a few components to it: * Separating the "path" and the "message" parts of a ConfigError, so that we can fiddle with the path bit to turn it into an absolute path. * Generally improving the way ConfigErrors get printed. * Passing in the config path to load_module so that it can wrap any exceptions that get caught appropriately.
* Apply an IP range blacklist to push and key revocation requests. (#8821)Patrick Cloke2020-12-021-1/+0
| | | | | | | | | | | | Replaces the `federation_ip_range_blacklist` configuration setting with an `ip_range_blacklist` setting with wider scope. It now applies to: * Federation * Identity servers * Push notifications * Checking key validitity for third-party invite events The old `federation_ip_range_blacklist` setting is still honored if present, but with reduced scope (it only applies to federation and identity servers).
* Defer SIGHUP handlers to reactor. (#8817)Erik Johnston2020-11-261-1/+9
| | | | | | | | | We can get a SIGHUP at any point, including times where we are not in a sane state. By deferring calling the handlers until the next reactor tick we ensure that we don't get unexpected conflicts, e.g. trying to flush logs from the signal handler while the code was in the process of writing a log entry. Fixes #8769.
* Fix SIGHUP handler (#8697)Richard van der Hoff2020-11-061-3/+2
| | | | | | | Fixes: ``` builtins.TypeError: _reload_logging_config() takes 1 positional argument but 2 were given ```
* Fix not sending events over federation when using sharded event persisters ↵Erik Johnston2020-10-141-4/+0
| | | | | | | | | | | | | | | | | (#8536) * Fix outbound federaion with multiple event persisters. We incorrectly notified federation senders that the minimum persisted stream position had advanced when we got an `RDATA` from an event persister. Notifying of federation senders already correctly happens in the notifier, so we just delete the offending line. * Change some interfaces to use RoomStreamToken. By enforcing use of `RoomStreamTokens` we make it less likely that people pass in random ints that they got from somewhere random.
* Move additional tasks to the background worker, part 3 (#8489)Patrick Cloke2020-10-091-11/+3
|
* Remove the deprecated Handlers object (#8494)Patrick Cloke2020-10-091-1/+1
| | | All handlers now available via get_*_handler() methods on the HomeServer.
* Move additional tasks to the background worker (#8458)Patrick Cloke2020-10-072-22/+15
|
* Include the configured log level in phone home stats. (#8477)Patrick Cloke2020-10-071-0/+7
| | | By reporting the log level of the synapse logger as a string.
* Combine `SpamCheckerApi` with the more generic `ModuleApi`. (#8464)Richard van der Hoff2020-10-071-2/+1
| | | | | Lots of different module apis is not easy to maintain. Rather than adding yet another ModuleApi(hs, hs.get_auth_handler()) incantation, first add an hs.get_module_api() method and use it where possible.
* Add logging on startup/shutdown (#8448)Erik Johnston2020-10-021-0/+5
| | | | | This is so we can tell what is going on when things are taking a while to start up. The main change here is to ensure that transactions that are created during startup get correctly logged like normal transactions.
* Allow background tasks to be run on a separate worker. (#8369)Patrick Cloke2020-10-025-182/+213
|
* Simplify super() calls to Python 3 syntax. (#8344)Patrick Cloke2020-09-181-3/+3
| | | | | | | This converts calls like super(Foo, self) -> super(). Generated with: sed -i "" -Ee 's/super\([^\(]+\)/super()/g' **/*.py
* Remove obsolete __future__ imports (#8337)Jonathan de Jong2020-09-171-2/+0
|
* Show a confirmation page during user password reset (#8004)Andrew Morgan2020-09-101-0/+10
| | | | | This PR adds a confirmation step to resetting your user password between clicking the link in your email and your password actually being reset. This is to better align our password reset flow with the industry standard of requiring a confirmation from the user after email validation.
* Directly import json from the standard library. (#8259)Patrick Cloke2020-09-081-2/+1
| | | | | By importing from canonicaljson the simplejson module was still being used in some situations. After this change the std lib json is consistenty used throughout Synapse.
* Stop sub-classing object (#8249)Patrick Cloke2020-09-042-3/+3
|
* Convert the main methods run by the reactor to async. (#8213)Patrick Cloke2020-09-022-21/+17
|
* Add a comment about _LimitedHostnameResolverRichard van der Hoff2020-08-291-0/+7
|
* Change HomeServer definition to work with typing.Erik Johnston2020-08-111-3/+5
| | | | | | | | | | Duplicating function signatures between server.py and server.pyi is silly. This commit changes that by changing all `build_*` methods to `get_*` methods and changing the `_make_dependency_method` to work work as a descriptor that caches the produced value. There are some changes in other files that were made to fix the typing in server.py.
* Add health check endpoint (#8048)Erik Johnston2020-08-072-2/+9
|
* Rename database classes to make some sense (#8033)Erik Johnston2020-08-053-11/+11
|
* re-implement daemonize (#8011)Richard van der Hoff2020-08-041-13/+3
| | | | | | | | | | | | | This has long been something I've wanted to do. Basically the `Daemonize` code is both too flexible and not flexible enough, in that it offers a bunch of features that we don't use (changing UID, closing FDs in the child, logging to syslog) and doesn't offer a bunch that we could do with (redirecting stdout/err to a file instead of /dev/null; having the parent not exit until the child is running). As a first step, I've lifted the Daemonize code and removed the bits we don't use. This should be a non-functional change. Fixing everything else will come later.
* Convert ACME code to async/await. (#7989)Patrick Cloke2020-08-031-7/+6
|
* Merge branch 'master' into developOlivier Wilkinson (reivilibre)2020-07-301-3/+3
|\
| * Update worker docs with recent enhancements (#7969)Erik Johnston2020-07-291-3/+3
| |
* | Ensure that remove_pusher is always async (#7981)Patrick Cloke2020-07-301-1/+1
|/
* Fix typing replication not being handled on master (#7959)Erik Johnston2020-07-271-7/+0
| | | | | | | | | | | | | | | | Handling of incoming typing stream updates from replication was not hooked up on master, effecting set ups where typing was handled on a different worker. This is really only a problem if the master process is also handling sync requests, which is unlikely for those that are at the stage of moving typing off. The other observable effect is that if a worker restarts or a replication connect drops then the typing worker will issue a `POSITION typing`, triggering master process to try and stream *all* typing updates from position 0. Fixes #7907
* Convert synapse.app to async/await. (#7868)Patrick Cloke2020-07-172-20/+17
|
* Allow moving typing off master (#7869)Erik Johnston2020-07-161-34/+2
|
* Add ability to shard the federation sender (#7798)Erik Johnston2020-07-101-43/+16
|
* Pass original request headers from workers to the main process. (#7797)Patrick Cloke2020-07-091-5/+25
|
* Merge branch 'master' into developPatrick Cloke2020-07-021-1/+2
|\
| * Ensure that HTML pages served from Synapse include headers to avoid embedding.Patrick Cloke2020-07-021-1/+2
| |
* | Create a ListenerConfig object (#7681)Richard van der Hoff2020-06-163-41/+53
| | | | | | | | | | | | | | | | | | | | This ended up being a bit more invasive than I'd hoped for (not helped by generic_worker duplicating some of the code from homeserver), but hopefully it's an improvement. The idea is that, rather than storing unstructured `dict`s in the config for the listener configurations, we instead parse it into a structured `ListenerConfig` object.
* | Discard RDATA from already seen positions. (#7648)Patrick Cloke2020-06-151-0/+5
| |
* | Replace iteritems/itervalues/iterkeys with native versions. (#7692)Patrick Cloke2020-06-151-4/+2
|/
* Attempt to fix PhoneHomeStatsTestCase.test_performance_100 being flaky. (#7634)Patrick Cloke2020-06-051-19/+23
|
* async/await get_user_id_by_threepid (#7620)Andrew Morgan2020-06-031-5/+4
| | | | | Based on #7619 async's `get_user_id_by_threepid` and its call stack.
* Ensure we persist and ack the same tokenErik Johnston2020-05-271-5/+7
|
* Speed up processing of federation stream RDATA rows.Erik Johnston2020-05-271-2/+17
| | | | | | Instead of storing and sending an ACK for every single row we send synchronously, we instead do it asynchronously while batching up updates.
* Fix incorrect exception handling in KeyUploadServlet.on_POST (#7563)Richard van der Hoff2020-05-261-1/+1
| | | Introduced in #7556
* Fix recording of federation stream token (#7564)Richard van der Hoff2020-05-261-24/+44
| | | | | | | | A couple of changes of significance: * remove the `_last_ack < federation_position` condition, so that updates will still be correctly processed after restart * Correctly wire up send_federation_ack to the right class.
* Add option to move event persistence off master (#7517)Erik Johnston2020-05-221-5/+48
|
* Return 200 OK for all OPTIONS requests (#7534)Patrick Cloke2020-05-222-8/+11
|
* Fix exception reporting due to HTTP request errors. (#7556)Erik Johnston2020-05-221-4/+9
| | | | These are business as usual errors, rather than stuff we want to log at error.
* Stub out GET presence requests in the frontend proxy (#7545)Richard van der Hoff2020-05-211-17/+4
| | | | | We don't really make any promises about returning accurate presence data when presence is disabled, so we may as well just return a static response, rather than making the master handle a request.
* Allow ReplicationRestResource to be added to workers (#7515)Erik Johnston2020-05-181-0/+4
| | | This allows workers to talk to each other over HTTP replication.
* Add a worker store for search insertion. (#7516)Erik Johnston2020-05-151-0/+2
| | | | | This is required as both event persistence and the background update needs access to this function. It should be perfectly safe for two workers to write to that table at the same time.
* Move EventStream handling into default ReplicationDataHandler (#7493)Erik Johnston2020-05-141-31/+2
| | | This is so that the logic can happen on both master and workers when we move event persistence out.
* Allow censoring of events to happen on workers. (#7492)Erik Johnston2020-05-131-0/+2
| | | This is safe as we can now write to cache invalidation stream on workers, and is required for when we move event persistence off master.
* Fix new flake8 errors (#7470)Erik Johnston2020-05-121-2/+3
|
* Allow configuration of Synapse's cache without using synctl or environment ↵Amber Brown2020-05-111-3/+2
| | | | variables (#6391)
* Implement OpenID Connect-based login (#7256)Quentin Gliech2020-05-081-0/+12
|
* Thread through instance name to replication client. (#7369)Erik Johnston2020-05-011-6/+4
| | | For in memory streams when fetching updates on workers we need to query the source of the stream, which currently is hard coded to be master. This PR threads through the source instance we received via `POSITION` through to the update function in each stream, which can then be passed to the replication client for in memory streams.
* Use `stream.current_token()` and remove `stream_positions()` (#7172)Erik Johnston2020-05-011-16/+0
| | | | We move the processing of typing and federation replication traffic into their handlers so that `Stream.current_token()` points to a valid token. This allows us to remove `get_streams_to_replicate()` and `stream_positions()`.
* Persist user interactive authentication sessions (#7302)Patrick Cloke2020-04-301-0/+2
| | | | | By persisting the user interactive authentication sessions to the database, this fixes situations where a user hits different works throughout their auth session and also allows sessions to persist through restarts of Synapse.
* Add instance name to RDATA/POSITION commands (#7364)Erik Johnston2020-04-291-2/+2
| | | | | This is primarily for allowing us to send those commands from workers, but for now simply allows us to ignore echoed RDATA/POSITION commands that we sent (we get echoes of sent commands when using redis). Currently we log a WARNING on the master process every time we receive an echoed RDATA.
* Run replication streamers on workers (#7146)Erik Johnston2020-04-281-4/+9
| | | Currently we never write to streams from workers, but that will change soon
* Stop the master relaying USER_SYNC for other workers (#7318)Richard van der Hoff2020-04-221-36/+49
| | | | | | | Long story short: if we're handling presence on the current worker, we shouldn't be sending USER_SYNC commands over replication. In an attempt to figure out what is going on here, I ended up refactoring some bits of the presencehandler code, so the first 4 commits here are non-functional refactors to move this code slightly closer to sanity. (There's still plenty to do here :/). Suggest reviewing individual commits. Fixes (I hope) #7257.
* Merge branch 'release-v1.12.4' into developRichard van der Hoff2020-04-221-0/+6
|\
| * Support GET account_data requests on a worker (#7311)Richard van der Hoff2020-04-211-0/+6
| |
| * Fix starting workers when federation sending not split out.Erik Johnston2020-03-311-0/+12
| |
* | Add ability to run replication protocol over redis. (#7040)Erik Johnston2020-04-221-0/+6
| | | | | | This is configured via the `redis` config options.
* | Move client command handling out of TCP protocol (#7185)Erik Johnston2020-04-062-18/+3
| | | | | | The aim here is to move the command handling out of the TCP protocol classes and to also merge the client and server command handling (so that we can reuse them for redis protocol). This PR simply moves the client paths to the new `ReplicationCommandHandler`, a future PR will move the server paths too.
* | Extend web_client_location to handle absolute URLs (#7006)Martin Milata2020-04-031-3/+13
| | | | | | | | | | Log warning when filesystem path is used. Signed-off-by: Martin Milata <martin@martinmilata.cz>
* | Remove some `run_in_background` calls in replication code (#7203)Richard van der Hoff2020-04-031-8/+8
| | | | | | | | | | | | By running this stuff with `run_in_background`, it won't be correctly reported against the relevant CPU usage stats. Fixes #7202
* | Remove usage of "conn_id" for presence. (#7128)Erik Johnston2020-03-301-4/+16
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Remove `conn_id` usage for UserSyncCommand. Each tcp replication connection is assigned a "conn_id", which is used to give an ID to a remotely connected worker. In a redis world, there will no longer be a one to one mapping between connection and instance, so instead we need to replace such usages with an ID generated by the remote instances and included in the replicaiton commands. This really only effects UserSyncCommand. * Add CLEAR_USER_SYNCS command that is sent on shutdown. This should help with the case where a synchrotron gets restarted gracefully, rather than rely on 5 minute timeout.
* | Move catchup of replication streams to worker. (#7024)Erik Johnston2020-03-251-0/+3
| | | | | | This changes the replication protocol so that the server does not send down `RDATA` for rows that happened before the client connected. Instead, the server will send a `POSITION` and clients then query the database (or master out of band) to get up to date.
* | Merge pull request #7133 from matrix-org/erikj/fix_worker_startupErik Johnston2020-03-251-0/+12
|\ \ | | | | | | Fix starting workers when federation sending not split out.
| * | Fix starting workers when federation sending not split out.Erik Johnston2020-03-241-0/+12
| |/
* | Convert `*StreamRow` classes to inner classes (#7116)Richard van der Hoff2020-03-231-1/+1
| | | | | | | | | | This just helps keep the rows closer to their streams, so that it's easier to see what the format of each stream is.
* | Fix processing of `groups` stream, and use symbolic names for streams (#7117)Richard van der Hoff2020-03-231-12/+23
| | | | | | | | | | | | `groups` != `receipts` Introduced in #6964
* | Change device list streams to have one row per ID (#7010)Erik Johnston2020-03-191-3/+7
|\ \ | |/ |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Add 'device_lists_outbound_pokes' as extra table. This makes sure we check all the relevant tables to get the current max stream ID. Currently not doing so isn't problematic as the max stream ID in `device_lists_outbound_pokes` is the same as in `device_lists_stream`, however that will change. * Change device lists stream to have one row per id. This will make it possible to process the streams more incrementally, avoiding having to process large chunks at once. * Change device list replication to match new semantics. Instead of sending down batches of user ID/host tuples, send down a row per entity (user ID or host). * Newsfile * Remove handling of multiple rows per ID * Fix worker handling * Comments from review
| * Comments from reviewErik Johnston2020-03-181-0/+3
| |
| * Fix worker handlingErik Johnston2020-03-021-2/+3
| |
| * Change device list replication to match new semantics.Erik Johnston2020-02-281-1/+1
| | | | | | | | | | Instead of sending down batches of user ID/host tuples, send down a row per entity (user ID or host).
* | Move pusherpool startup into _base.setup (#7104)Richard van der Hoff2020-03-192-1/+1
| | | | | | | | | | This should be safe to do on all workers/masters because it is guarded by a config option which will ensure it is only actually done on the worker assigned as a pusher.
* | Break down monthly active users by appservice_id (#7030)Neil Johnson2020-03-061-0/+13
|/ | | | | * Break down monthly active users by appservice_id and emit via prometheus. Co-authored-by: Brendan Abolivier <babolivier@matrix.org>
* Don't refuse to start worker if media listener configured. (#7002)Erik Johnston2020-02-271-14/+20
| | | | | | | | Instead lets just warn if the worker has a media listener configured but has the media repository disabled. Previously non media repository workers would just ignore the media listener.
* Merge worker apps into one. (#6964)Erik Johnston2020-02-2511-2239/+947
|
* Clarify list/set/dict/tuple comprehensions and enforce via flake8 (#6957)Patrick Cloke2020-02-213-4/+4
| | | | Ensure good comprehension hygiene using flake8-comprehensions.
* Freeze allocated objects on startup. (#6953)Erik Johnston2020-02-191-0/+9
| | | | | This may make gc go a bit faster as the gc will know things like caches/data stores etc. are frozen without having to check.
* Add support for putting fed user query API on workers (#6873)Erik Johnston2020-02-071-0/+2
|
* Allow moving group read APIs to workers (#6866)Erik Johnston2020-02-072-0/+5
|
* Fix race in federation sender that delayed device updates. (#6799)Erik Johnston2020-01-291-1/+19
| | | | | | | | | | | | We were sending device updates down both the federation stream and device streams. This mean there was a race if the federation sender worker processed the federation stream first, as when the sender checked if there were new device updates the slaved ID generator hadn't been updated with the new stream IDs and so returned nothing. This situation is correctly handled by events/receipts/etc by not sending updates down the federation stream and instead having the federation sender worker listen on the other streams and poke the transaction queues as appropriate.
* Allow monthly active user limiting support for worker mode, fixes #4639. (#6742)Neil Johnson2020-01-224-0/+16
|
* Wake up transaction queue when remote server comes back online (#6706)Erik Johnston2020-01-171-1/+11
| | | | | This will be used to retry outbound transactions to a remote server if we think it might have come back up.
* Port synapse.replication.tcp to async/await (#6666)Erik Johnston2020-01-166-17/+11
| | | | | | | | | | * Port synapse.replication.tcp to async/await * Newsfile * Correctly document type of on_<FOO> functions as async * Don't be overenthusiastic with the asyncing....
* Allow additional_resources to implement Resource directly (#6686)Richard van der Hoff2020-01-131-2/+11
| | | | | | AdditionalResource really doesn't add any value, and it gets in the way for resources which want to support child resources or the like. So, if the resource object already implements the IResource interface, don't bother wrapping it.
* Import RoomStore in media worker to fix admin APIsErik Johnston2020-01-081-0/+2
|
* Fix exceptions in log when rejected event is replicatedRichard van der Hoff2020-01-061-2/+9
|
* async/await for SyncReplicationHandler.process_and_notifyRichard van der Hoff2020-01-061-5/+4
|
* Raise an error if someone tries to use the log_file config option (#6626)Richard van der Hoff2020-01-031-1/+1
| | | | This has caused some confusion for people who didn't notice it going away.
* Remove unused, undocumented "content repo" resource (#6628)Richard van der Hoff2020-01-032-14/+2
| | | | | | This looks like it got half-killed back in #888. Fixes #6567.
* Port some admin handlers to async/await (#6559)Erik Johnston2019-12-191-2/+4
|
* Improve diagnostics on database upgrade failure (#6570)Richard van der Hoff2019-12-191-7/+2
| | | | `Failed to upgrade database` is not helpful, and it's unlikely that UPGRADE.rst has anything useful.
* Fix sdnotify with acme enabled (#6571)Richard van der Hoff2019-12-191-3/+7
| | | | | | | If acme was enabled, the sdnotify startup hook would never be run because we would try to add it to a hook which had already fired. There's no need to delay it: we can sdnotify as soon as we've started the listeners.
* Merge pull request #6511 from matrix-org/erikj/remove_db_config_from_appsErik Johnston2019-12-1212-61/+1
|\ | | | | Move database config from apps into HomeServer object
| * Remove database config parsing from apps.Erik Johnston2019-12-1012-61/+1
| |
* | Merge tag 'v1.7.0rc2' into developErik Johnston2019-12-111-1/+6
|\ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Synapse 1.7.0rc2 (2019-12-11) ============================= Bugfixes -------- - Fix incorrect error message for invalid requests when setting user's avatar URL. ([\#6497](https://github.com/matrix-org/synapse/issues/6497)) - Fix support for SQLite 3.7. ([\#6499](https://github.com/matrix-org/synapse/issues/6499)) - Fix regression where sending email push would not work when using a pusher worker. ([\#6507](https://github.com/matrix-org/synapse/issues/6507), [\#6509](https://github.com/matrix-org/synapse/issues/6509))
| * | Make the PusherSlaveStore inherit from the slave RoomStoreBrendan Abolivier2019-12-101-1/+6
| |/ | | | | | | So that it has access to the get_retention_policy_for_room function which is required by filter_events_for_client.
* / Phone home stats DB reporting should not assume a single DB.Erik Johnston2019-12-101-2/+4
|/
* Move start up DB checks to main data store.Erik Johnston2019-12-061-18/+5
|
* Move are_all_users_on_domain checks to main data store.Erik Johnston2019-12-061-11/+1
|
* Change DataStores to accept 'database' param.Erik Johnston2019-12-062-4/+6
|
* Merge branch 'develop' of github.com:matrix-org/synapse into ↵Erik Johnston2019-12-061-1/+1
|\ | | | | | | erikj/make_database_class
| * Port rest/v1 to async/awaitErik Johnston2019-12-051-1/+1
| |
* | Move background update handling out of storeErik Johnston2019-12-051-1/+1
| |
* | Move DB pool and helper functions into dedicated Database classErik Johnston2019-12-052-2/+2
|/
* Remove underscore from SQLBaseStore functionsErik Johnston2019-12-041-1/+1
|
* Don't call SQLBaseStore methods from outside storesErik Johnston2019-12-041-2/+2
|
* Merge branch 'master' into developAndrew Morgan2019-11-261-1/+1
|\
| * Fix phone home stats (#6418)Erik Johnston2019-11-261-1/+1
| | | | | | | | Fix phone home stats
* | Clean up newline quote marks around the codebase (#6362)Andrew Morgan2019-11-211-1/+1
|/
* Fix phone home statsErik Johnston2019-11-051-2/+2
|
* Remove the psutil dependency (#6318)Amber Brown2019-11-051-82/+92
| | | * remove psutil and replace with resource
* Support for routing outbound HTTP requests via a proxy (#6239)Richard van der Hoff2019-11-011-1/+1
| | | | | | | | | | | | | | | | | | | | The `http_proxy` and `HTTPS_PROXY` env vars can be set to a `host[:port]` value which should point to a proxy. The address of the proxy should be excluded from IP blacklists such as the `url_preview_ip_range_blacklist`. The proxy will then be used for * push * url previews * phone-home stats * recaptcha validation * CAS auth validation It will *not* be used for: * Application Services * Identity servers * Outbound federation * In worker configurations, connections from workers to masters Fixes #4198.
* Remove usage of deprecated logger.warn method from codebase (#6271)Andrew Morgan2019-10-3112-24/+26
| | | Replace every instance of `logger.warn` with `logger.warning` as the former is deprecated.
* Move storage classes into a main "data store".Erik Johnston2019-10-214-4/+4
| | | | | This is in preparation for having multiple data stores that offer different functionality, e.g. splitting out state or event storage.
* Fix MAU reaping where reserved users are specified. (#6168)Neil Johnson2019-10-111-3/+3
|
* Fix up some typechecking (#6150)Amber Brown2019-10-021-1/+3
| | | | | | * type checking fixes * changelog
* add report_stats_endpoint config option (#6012)Sorunome2019-09-121-2/+4
| | | This PR adds the optional `report_stats_endpoint` to configure where stats are reported to, if enabled.
* Allow Synapse to send registration emails + choose Synapse or an external ↵Andrew Morgan2019-09-061-1/+1
| | | | | | | | | | | | | | | | server to handle 3pid validation (#5987) This is a combination of a few different PRs, finally all being merged into `develop`: * #5875 * #5876 * #5868 (This one added the `/versions` flag but the flag itself was actually [backed out](https://github.com/matrix-org/synapse/commit/891afb57cbdf9867f2848341b29c75d6f35eef5a#diff-e591d42d30690ffb79f63bb726200891) in #5969. What's left is just giving /versions access to the config file, which could be useful in the future) * #5835 * #5969 * #5940 Clients should not actually use the new registration functionality until https://github.com/matrix-org/synapse/pull/5972 is merged. UPGRADE.rst, changelog entries and config file changes should all be reviewed closely before this PR is merged.
* Remove unnecessary parentheses around return statements (#5931)Andrew Morgan2019-08-301-4/+4
| | | | | Python will return a tuple whether there are parentheses around the returned values or not. I'm just sick of my editor complaining about this all over the place :)
* Implement a structured logging output system. (#5680)Amber Brown2019-08-2813-29/+31
|
* Drop dependency on sdnotify (#5871)Richard van der Hoff2019-08-171-10/+37
| | | | | | ... to save OSes which don't use it from having to maintain a port. Fixes #5865.
* Fix issue with Synapse not starting up. Fixes #5866.Chris Moos2019-08-161-1/+1
| | | | Signed-off-by: Chris Moos <chris@chrismoos.com>
* Don't load the media repo when configured to use an external media repo (#5754)Amber Brown2019-08-131-0/+9
|
* Replace returnValue with return (#5736)Amber Brown2019-07-232-5/+5
|
* Call startup commands as system triggers.Erik Johnston2019-07-2211-11/+29
| | | | | This helps ensures that we only consider ourselves "up" once all the startup functions have completed.
* Add process hooks to tell systemd our state.Erik Johnston2019-07-221-0/+29
| | | | Fixes #5676.
* Support Prometheus_client 0.4.0+ (#5636)Amber Brown2019-07-1812-24/+12
|
* Remove pointless descriptionErik Johnston2019-07-161-1/+0
|
* Fix typo in synapse/app/admin_cmd.pyErik Johnston2019-07-161-1/+1
| | | Co-Authored-By: Aaron Raimist <aaron@raim.ist>
* s/exfiltrate_user_data/export_user_data/Erik Johnston2019-07-151-1/+1
|
* Add FileExfiltrationWriterErik Johnston2019-07-151-1/+69
|
* Merge branch 'develop' of github.com:matrix-org/synapse into erikj/admin_api_cmdErik Johnston2019-07-1512-40/+45
|\
| * Add basic opentracing support (#5544)Jorik Schellekens2019-07-111-0/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Configure and initialise tracer Includes config options for the tracer and sets up JaegerClient. * Scope manager using LogContexts We piggy-back our tracer scopes by using log context. The current log context gives us the current scope. If new scope is created we create a stack of scopes in the context. * jaeger is a dependency now * Carrier inject and extraction for Twisted Headers * Trace federation requests on the way in and out. The span is created in _started_processing and closed in _finished_processing because we need a meaningful log context. * Create logcontext for new scope. Instead of having a stack of scopes in a logcontext we create a new context for a new scope if the current logcontext already has a scope. * Remove scope from logcontext if logcontext is top level * Disable tracer if not configured * typo * Remove dependence on jaeger internals * bools * Set service name * :Explicitely state that the tracer is disabled * Black is the new black * Newsfile * Code style * Use the new config setup. * Generate config. * Copyright * Rename config to opentracing * Remove user whitelisting * Empty whitelist by default * User ConfigError instead of RuntimeError * Use isinstance * Use tag constants for opentracing. * Remove debug comment and no need to explicitely record error * Two errors a "s(c)entry" * Docstrings! * Remove debugging brainslip * Homeserver Whitlisting * Better opentracing config comment * linting * Inclue worker name in service_name * Make opentracing an optional dependency * Neater config retreival * Clean up dummy tags * Instantiate tracing as object instead of global class * Inlcude opentracing as a homeserver member. * Thread opentracing to the request level * Reference opetnracing through hs * Instantiate dummy opentracin g for tests. * About to revert, just keeping the unfinished changes just in case * Revert back to global state, commit number: 9ce4a3d9067bf9889b86c360c05ac88618b85c4f * Use class level methods in tracerutils * Start and stop requests spans in a place where we have access to the authenticated entity * Seen it, isort it * Make sure to close the active span. * I'm getting black and blue from this. * Logger formatting Co-Authored-By: Erik Johnston <erik@matrix.org> * Outdated comment * Import opentracing at the top * Return a contextmanager * Start tracing client requests from the servlet * Return noop context manager if not tracing * Explicitely say that these are federation requests * Include servlet name in client requests * Use context manager * Move opentracing to logging/ * Seen it, isort it again! * Ignore twisted return exceptions on context exit * Escape the scope * Scopes should be entered to make them useful. * Nicer decorator names * Just one init, init? * Don't need to close something that isn't open * Docs make you smarter
| * Move logging utilities out of the side drawer of util/ and into logging/ (#5606)Amber Brown2019-07-0412-12/+12
| |
| * Fix 'utime went backwards' errors on daemonization. (#5609)Richard van der Hoff2019-07-031-27/+30
| | | | | | | | | | | | | | | | * Fix 'utime went backwards' errors on daemonization. Fixes #5608 * remove spurious debug
* | Use set_defaults(func=) styleErik Johnston2019-07-151-11/+8
| |
* | Move creation of ArgumentParser to callerErik Johnston2019-07-151-1/+3
| |
* | Fix up commentsErik Johnston2019-07-151-2/+2
| |
* | Add basic admin cmd appErik Johnston2019-07-022-3/+212
|/
* Drop support for cpu_affinity (#5525)Richard van der Hoff2019-06-222-26/+1
| | | This has no useful purpose on python3, and is generally a source of confusion.
* Fix /messages on worker when no token suppliedErik Johnston2019-06-211-0/+2
|
* Support pagination API in client_reader workerErik Johnston2019-06-211-0/+2
|
* Run Black. (#5482)Amber Brown2019-06-2013-368/+358
|
* Merge branch 'master' of github.com:matrix-org/synapse into developErik Johnston2019-06-111-1/+0
|\
| * Change password reset links to /_matrix.Erik Johnston2019-06-111-1/+0
| |
* | add monthly active users to phonehome stats (#5252)Neil Johnson2019-06-101-0/+1
|/ | | | * add monthly active users to phonehome stats
* Add ability to perform password reset via email without trusting the ↵Andrew Morgan2019-06-061-0/+1
| | | | | | | | | | | | identity server (#5377) Sends password reset emails from the homeserver instead of proxying to the identity server. This is now the default behaviour for security reasons. If you wish to continue proxying password reset requests to the identity server you must now enable the email.trust_identity_server_for_password_resets option. This PR is a culmination of 3 smaller PRs which have each been separately reviewed: * #5308 * #5345 * #5368
* Unify v1 and v2 REST client APIs (#5226)Amber Brown2019-06-031-6/+5
|
* Fix dropped logcontexts during high outbound traffic. (#5277)Richard van der Hoff2019-05-291-7/+13
| | | Fixes #5271.
* Neilj/ensure get profileinfo available in client reader slaved store (#5213)Neil Johnson2019-05-221-0/+2
| | | * expose SlavedProfileStore to ClientReaderSlavedStore
* Revert "expose SlavedProfileStore to ClientReaderSlavedStore (#5200)"Richard van der Hoff2019-05-201-2/+0
| | | | | | | | | | | | | | | | | | This reverts commit ce5bcefc609db40740c692bd53a1ef84ab675e8c. This caused: ``` Traceback (most recent call last): File "/usr/local/lib/python3.7/runpy.py", line 193, in _run_module_as_main "__main__", mod_spec) File "/usr/local/lib/python3.7/runpy.py", line 85, in _run_code exec(code, run_globals) File "/home/synapse/src/synapse/app/client_reader.py", line 32, in <module> from synapse.replication.slave.storage import SlavedProfileStore ImportError: cannot import name 'SlavedProfileStore' from 'synapse.replication.slave.storage' (/home/synapse/src/synapse/replication/slave/storage/__init__.py) error starting synapse.app.client_reader('/home/synapse/config/workers/client_reader.yaml') (exit code: 1); see above for logs ```
* expose SlavedProfileStore to ClientReaderSlavedStore (#5200)Neil Johnson2019-05-171-0/+2
| | | * expose SlavedProfileStore to ClientReaderSlavedStore
* Merge pull request #5037 from matrix-org/erikj/limit_inflight_dnsErik Johnston2019-05-081-1/+82
|\ | | | | Limit in flight DNS requests
| * Limit in flight DNS requestsErik Johnston2019-04-091-1/+82
| | | | | | | | | | | | | | This is to work around a bug in twisted where a large number of concurrent DNS requests cause it to tight loop forever. c.f. https://twistedmatrix.com/trac/ticket/9620#ticket
* | Move admin api impl to its own packageRichard van der Hoff2019-05-011-1/+1
| | | | | | | | It doesn't really belong under rest/client/v1 any more.
* | Move admin API to a new prefixRichard van der Hoff2019-05-011-0/+2
| |
* | VersionRestServlet doesn't take a paramErik Johnston2019-04-151-1/+1
| |
* | Merge pull request #5063 from matrix-org/erikj/move_endpointsErik Johnston2019-04-151-4/+7
|\ \ | |/ |/| Move some rest endpoints to client reader
| * Move some rest endpoints to client readerErik Johnston2019-04-151-4/+7
| |
* | add context to phonehome stats (#5020)Neil Johnson2019-04-081-1/+1
|/ | | | add context to phonehome stats
* Combine the CurrentStateDeltaStream into the EventStreamRichard van der Hoff2019-03-271-7/+10
|
* Make EventStream rows have a typeRichard van der Hoff2019-03-271-1/+4
| | | | ... as a precursor to combining it with the CurrentStateDelta stream.
* Move replication.tcp.streams into a packageRichard van der Hoff2019-03-271-1/+1
|
* Merge pull request #4852 from matrix-org/rav/move_rr_sending_to_workerRichard van der Hoff2019-03-151-0/+30
|\ | | | | Move client receipt processing to federation sender worker.
| * Move client receipt processing to federation sender worker.Richard van der Hoff2019-03-131-0/+30
| | | | | | | | | | This is mostly a prerequisite for #4730, but also fits with the general theme of "move everything off the master that we possibly can".
* | Merge pull request #4853 from matrix-org/erikj/worker_docker_ciErik Johnston2019-03-152-15/+19
|\ \ | | | | | | Allow passing --daemonize to workers
| * | Correctly handle all command line optionsErik Johnston2019-03-142-15/+19
| |/
* / master startupAmber Brown2019-03-111-0/+1
|/
* Allow /keys/{changes,query} API to run on workerErik Johnston2019-03-041-0/+11
|
* Merge pull request #4759 from matrix-org/erikj/3pid_client_readerErik Johnston2019-02-271-0/+2
|\ | | | | Move /account/3pid to client_reader
| * Move /account/3pid to client_readerErik Johnston2019-02-271-0/+2
| |
* | Move server key queries to federation readerErik Johnston2019-02-271-1/+5
|/
* Add database version to phonehome stats. (#4753)Richard van der Hoff2019-02-271-0/+3
|
* Correctly proxy exception in frontend_proxy workerErik Johnston2019-02-231-5/+10
|
* Merge pull request #4670 from matrix-org/erikj/register_login_splitErik Johnston2019-02-191-0/+2
|\ | | | | Split /login into client_reader
| * Split /login into client_readerErik Johnston2019-02-181-0/+2
| |
* | Merge pull request #4632 from matrix-org/erikj/basic_sentryErik Johnston2019-02-181-0/+30
|\ \ | | | | | | Add basic optional sentry.io integration
| * | Fixup comments and add warningErik Johnston2019-02-131-3/+3
| | |
| * | CommentsErik Johnston2019-02-121-0/+8
| | |
| * | Basic sentry integrationErik Johnston2019-02-121-0/+22
| | |
* | | Merge pull request #4666 from matrix-org/erikj/register_login_splitErik Johnston2019-02-181-0/+2
|\ \ \ | | |/ | |/| Split out registration to worker
| * | Split out registration to workerErik Johnston2019-02-181-0/+2
| | | | | | | | | | | | | | | | | | | | | | | | This allows registration to be handled by a worker, though the actual write to the database still happens on master. Note: due to the in-memory session map all registration requests must be handled by the same worker.
* | | Fix kicking guest users in worker modeErik Johnston2019-02-181-0/+2
|/ / | | | | | | | | | | | | | | When guest_access changes from allowed to forbidden all local guest users should be kicked from the room. This did not happen when revocation was received from federation on a worker. Presumably broken in #4141
* | Fix errors in acme provisioning (#4648)Richard van der Hoff2019-02-141-6/+13
| | | | | | | | | | | | | | | | | | * Better logging for errors on startup * Fix "TypeError: '>' not supported" when starting without an existing certificate * Fix a bug where an existing certificate would be reprovisoned every day
* | Update synapse/app/_base.pyErik Johnston2019-02-131-1/+1
| | | | | | Co-Authored-By: richvdh <1389908+richvdh@users.noreply.github.com>
* | Use `listen_tcp` for the replication listenerRichard van der Hoff2019-02-131-7/+7
| | | | | | | | | | Fixes the "can't listen on 0.0.0.0" error. Also makes it more consistent with what we do elsewhere.
* | Improve logging around listening servicesRichard van der Hoff2019-02-132-11/+20
| | | | | | | | | | | | | | | | | | I wanted to bring listen_tcp into line with listen_ssl in terms of returning a list of ports, and wanted to check that was a safe thing to do - hence the logging in `refresh_certificate`. Also, pull the 'Synapse now listening' message up to homeserver.py, because it was being duplicated everywhere else.
* | Special-case the default bind_addresses for metrics listenerRichard van der Hoff2019-02-131-3/+2
|/ | | | | turns out it doesn't really support ipv6, so let's hack around that by only listening on ipv4 by default.
* Fix error when loading cert if tls is disabled (#4618)Richard van der Hoff2019-02-121-2/+3
| | | | | | If TLS is disabled, it should not be an error if no cert is given. Fixes #4554.
* Infer no_tls from presence of TLS listenersRichard van der Hoff2019-02-112-6/+1
| | | | | Rather than have to specify `no_tls` explicitly, infer whether we need to load the TLS keys etc from whether we have any TLS-enabled listeners.
* Don't create server contexts when TLS is disabledRichard van der Hoff2019-02-111-0/+5
| | | | we aren't going to use them anyway.
* Logging improvements around TLS certsRichard van der Hoff2019-02-111-4/+2
| | | | | Log which file we're reading keys and certs from, and refactor the code a bit in preparation for other work
* Move ClientTLSOptionsFactory init out of refresh_certificates (#4611)Richard van der Hoff2019-02-111-3/+0
| | | | | It's nothing to do with refreshing the certificates. No idea why it was here.
* ACME Reprovisioning (#4522)Amber Brown2019-02-112-24/+74
|
* Merge pull request #4420 from matrix-org/jaywink/openid-listenerErik Johnston2019-02-112-2/+24
|\ | | | | New listener resource for the federation API "openid/userinfo" endpoint
| * Fix flake8 issuesJason Robinson2019-01-231-1/+4
| | | | | | | | Signed-off-by: Jason Robinson <jasonr@matrix.org>
| * Split federation OpenID userinfo endpoint out of the federation resourceJason Robinson2019-01-232-0/+16
| | | | | | | | | | | | | | | | | | | | | | | | | | | | This allows the OpenID userinfo endpoint to be active even if the federation resource is not active. The OpenID userinfo endpoint is called by integration managers to verify user actions using the client API OpenID access token. Without this verification, the integration manager cannot know that the access token is valid. The OpenID userinfo endpoint will be loaded in the case that either "federation" or "openid" resource is defined. The new "openid" resource is defaulted to active in default configuration. Signed-off-by: Jason Robinson <jasonr@matrix.org>
| * Make SynapseHomeServer _http_listener use self.get_reactor()Jason Robinson2019-01-231-1/+3
| | | | | | | | | | | | | | | | | | | | | | For all the homeserver classes, only the FrontendProxyServer passes its reactor when doing the http listen. Looking at previous PR's looks like this was introduced to make it possible to write a test, otherwise when you try to run a test with the test homeserver it tries to do a real bind to a port. Passing the reactor that the homeserver is instantiated with should probably be the right thing to do anyway? Signed-off-by: Jason Robinson <jasonr@matrix.org>
| * Make FederationReaderServer _http_listen use self.get_reactor()Jason Robinson2019-01-231-1/+2
| | | | | | | | | | | | | | | | | | | | | | For all the homeserver classes, only the FrontendProxyServer passes its reactor when doing the http listen. Looking at previous PR's looks like this was introduced to make it possible to write a test, otherwise when you try to run a test with the test homeserver it tries to do a real bind to a port. Passing the reactor that the homeserver is instantiated with should probably be the right thing to do anyway? Signed-off-by: Jason Robinson <jasonr@matrix.org>
* | Deduplicate some code in synapse.app (#4567)Amber Brown2019-02-0812-147/+77
| |
* | ACME config cleanups (#4525)Richard van der Hoff2019-01-302-22/+25
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Handle listening for ACME requests on IPv6 addresses the weird url-but-not-actually-a-url-string doesn't handle IPv6 addresses without extra quoting. Building a string which you are about to parse again seems like a weird choice. Let's just use listenTCP, which is consistent with what we do elsewhere. * Clean up the default ACME config make it look a bit more consistent with everything else, and tweak the defaults to listen on port 80. * newsfile
* | Raise ConfigError insteadErik Johnston2019-01-301-1/+3
| |
* | _listener_http should return a listErik Johnston2019-01-301-1/+1
| |
* | SIGHUP for TLS cert reloading (#4495)Amber Brown2019-01-302-12/+68
| |