summary refs log tree commit diff
path: root/synapse/config/server.py (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Add automatic purge after all users forget a room (#15488)Mathieu Velten2023-09-151-0/+11
| | | | | | Also add restore of purge/shutdown rooms after a synapse restart. Co-authored-by: Eric Eastwood <erice@matrix.org> Co-authored-by: Erik Johnston <erikj@matrix.org>
* Rename blacklist/whitelist internally. (#15620)Patrick Cloke2023-05-191-12/+12
| | | | Avoid renaming configuration settings for now and rename internal code to use blocklist and allowlist instead.
* Re-type config paths in `ConfigError`s to be `StrSequence`s (#15615)Sean Quah2023-05-181-2/+2
| | | | | | Part of #14809. Signed-off-by: Sean Quah <seanq@matrix.org>
* Experimental Unix socket support (#15353)Jason Little2023-04-031-28/+90
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Add IReactorUNIX to ISynapseReactor type hint. * Create listen_unix(). Two options, 'path' to the file and 'mode' of permissions(not umask, recommend 666 as default as nginx/other reverse proxies write to it and it's setup as user www-data) For the moment, leave the option to always create a PID lockfile turned on by default * Create UnixListenerConfig and wire it up. Rename ListenerConfig to TCPListenerConfig, then Union them together into ListenerConfig. This spidered around a bit, but I think I got it all. Metrics and manhole have been placed behind a conditional in case of accidental putting them onto a unix socket. Use new helpers to get if a listener is configured for TLS, and to help create a site tag for logging. There are 2 TODO things in parse_listener_def() to finish up at a later point. * Refactor SynapseRequest to handle logging correctly when using a unix socket. This prevents an exception when an IP address can not be retrieved for a request. * Make the 'Synapse now listening on Unix socket' log line a little prettier. * No silent failures on generic workers when trying to use a unix socket with metrics or manhole. * Inline variables in app/_base.py * Update docstring for listen_unix() to remove reference to a hardcoded permission of 0o666 and add a few comments saying where the default IS declared. * Disallow both a unix socket and a ip/port combo on the same listener resource * Linting * Changelog * review: simplify how listen_unix returns(and get rid of a type: ignore) * review: fix typo from ConfigError in app/homeserver.py * review: roll conditional for http_options.tag into get_site_tag() helper(and add docstring) * review: enhance the conditionals for checking if a port or path is valid, remove a TODO line * review: Try updating comment in get_client_ip_if_available to clarify what is being retrieved and why * Pretty up how 'Synapse now listening on Unix Socket' looks by decoding the byte string. * review: In parse_listener_def(), raise ConfigError if neither socket_path nor port is declared(and fix a typo)
* Bump black from 22.12.0 to 23.1.0 (#15103)dependabot[bot]2023-02-221-1/+0
|
* Allow health listener resource to load (#15096)realtyem2023-02-201-0/+1
| | | | | | | * Allow health listener resource to load. * changelog * Update changelog.d/15096.bugfix
* Prefer `type(x) is int` to `isinstance(x, int)` (#14945)David Robertson2023-01-311-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Perfer `type(x) is int` to `isinstance(x, int)` This covered all additional instances I could see where `x` was user-controlled. The remaining cases are ``` $ rg -s 'isinstance.*[^_]int' tests/replication/_base.py 576: if isinstance(obj, int): synapse/util/caches/stream_change_cache.py 136: assert isinstance(stream_pos, int) 214: assert isinstance(stream_pos, int) 246: assert isinstance(stream_pos, int) 267: assert isinstance(stream_pos, int) synapse/replication/tcp/external_cache.py 133: if isinstance(result, int): synapse/metrics/__init__.py 100: if isinstance(calls, (int, float)): synapse/handlers/appservice.py 262: assert isinstance(new_token, int) synapse/config/_util.py 62: if isinstance(p, int): ``` which cover metrics, logic related to `jsonschema`, and replication and data streams. AFAICS these are all internal to Synapse * Changelog
* Change default room version to 10. Implements MSC3904 (#14111)Catalan Lover2023-01-181-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Change Documentation to have v10 as default room version * Change Default Room version to 10 * Add changelog entry for default room version swap * Add changelog entry for v10 default room version in docs * Clarify doc changelog entry Co-authored-by: David Robertson <david.m.robertson1@gmail.com> * Improve Documentation changes. Co-authored-by: David Robertson <david.m.robertson1@gmail.com> * Update Changelog entry to have correct format Co-authored-by: David Robertson <david.m.robertson1@gmail.com> * Update Spec Version to 1.5 * Only need 1 changelog. * Fix test. * Update "Changed in" line Co-authored-by: David Robertson <david.m.robertson1@gmail.com> Co-authored-by: Patrick Cloke <clokep@users.noreply.github.com> Co-authored-by: Patrick Cloke <patrickc@matrix.org>
* Implementation of HTTP 307 response for MSC3886 POST endpoint (#14018)Hugh Nimmo-Smith2022-10-181-0/+4
| | | | Co-authored-by: reivilibre <olivier@librepush.net> Co-authored-by: Andrew Morgan <andrewm@element.io>
* Be able to correlate timeouts in reverse-proxy layer in front of Synapse ↵Eric Eastwood2022-09-151-3/+10
| | | | | | | | | | | | | | | | | | (pull request ID from header) (#13801) Fix https://github.com/matrix-org/synapse/issues/13685 New config: ```diff listeners: - port: 8008 tls: false type: http x_forwarded: true + request_id_header: "cf-ray" bind_addresses: ['::1', '127.0.0.1', '0.0.0.0'] ```
* Remove configuration options for direct TCP replication. (#13647)Patrick Cloke2022-09-061-3/+13
| | | Removes the ability to configure legacy direct TCP replication. Workers now require Redis to run.
* Add custom well-known (#13035)Jacek Kuśnierz2022-06-161-0/+20
| | | Co-authored-by: David Robertson <david.m.robertson1@gmail.com>
* Remove code generating comments in configuration file (#12941)Shay2022-06-141-492/+2
|
* Add a background job to automatically delete stale devices (#12855)Brendan Abolivier2022-05-271-0/+11
| | | Co-authored-by: Patrick Cloke <clokep@users.noreply.github.com>
* Fix typo in listener config (#12742)Dirk Klimpel2022-05-161-1/+1
|
* Add the `update_user_directory_from_worker` configuration option ↵reivilibre2022-05-101-4/+0
| | | | | (superseding `update_user_directory`) to allow a generic worker to be designated as the worker to update the user directory. (#12654) Co-authored-by: Shay <hillerys@element.io>
* Add `mau_appservice_trial_days` config (#12619)Will Hunt2022-05-041-0/+8
| | | | | | | | | | | | | | | | | | | | | * Add mau_appservice_trial_days * Add a test * Tweaks * changelog * Ensure we sync after the delay * Fix types * Add config statement * Fix test * Reinstate logging that got removed * Fix feature name
* Remove unused `# type: ignore`s (#12531)David Robertson2022-04-271-4/+2
| | | | | | | | | | | | | | | | | | | | | | Over time we've begun to use newer versions of mypy, typeshed, stub packages---and of course we've improved our own annotations. This makes some type ignore comments no longer necessary. I have removed them. There was one exception: a module that imports `select.epoll`. The ignore is redundant on Linux, but I've kept it ignored for those of us who work on the source tree using not-Linux. (#11771) I'm more interested in the config line which enforces this. I want unused ignores to be reported, because I think it's useful feedback when annotating to know when you've fixed a problem you had to previously ignore. * Installing extras before typechecking Lacking an easy way to install all extras generically, let's bite the bullet and make install the hand-maintained `all` extra before typechecking. Now that https://github.com/matrix-org/backend-meta/pull/6 is merged to the release/v1 branch.
* Process device list updates asynchronously (#12365)Erik Johnston2022-04-121-8/+0
|
* Add missing type hints to config classes. (#12402)Patrick Cloke2022-04-111-10/+10
|
* Track device list updates per room. (#12321)Erik Johnston2022-04-041-0/+8
| | | | | | | | | | | | | | This is a first step in dealing with #7721. The idea is basically that rather than calculating the full set of users a device list update needs to be sent to up front, we instead simply record the rooms the user was in at the time of the change. This will allow a few things: 1. we can defer calculating the set of remote servers that need to be poked about the change; and 2. during `/sync` and `/keys/changes` we can avoid also avoid calculating users who share rooms with other users, and instead just look at the rooms that have changed. However, care needs to be taken to correctly handle server downgrades. As such this PR writes to both `device_lists_changes_in_room` and the `device_lists_outbound_pokes` table synchronously. In a future release we can then bump the database schema compat version to `69` and then we can assume that the new `device_lists_changes_in_room` exists and is handled. There is a temporary option to disable writing to `device_lists_outbound_pokes` synchronously, allowing us to test the new code path does work (and by implication upgrading to a future release and downgrading to this one will work correctly). Note: Ideally we'd do the calculation of room to servers on a worker (e.g. the background worker), but currently only master can write to the `device_list_outbound_pokes` table.
* Add a configuration to exclude rooms from sync response (#12310)Brendan Abolivier2022-03-301-0/+13
|
* Optionally include account validity in MSC3720 account status responses (#12266)Brendan Abolivier2022-03-241-0/+4
|
* Use room version 9 as the default room version (per MSC3589). (#12058)Patrick Cloke2022-02-221-1/+1
|
* Remove support for the webclient listener. (#11895)Patrick Cloke2022-02-031-36/+12
| | | Also remove support for non-HTTP(S) web_client_location.
* Revert experimental push rules from #7997. (#11884)Patrick Cloke2022-02-021-13/+0
| | | Manually reverts the merge from cdbb8e6d6e36e0b6bc36e676d8fe66c96986b399.
* Configurable limits on avatars (#11846)Brendan Abolivier2022-01-281-0/+27
| | | | | | Only allow files which file size and content types match configured limits to be set as avatar. Most of the inspiration from the non-test code comes from matrix-org/synapse-dinsic#19
* Add deprecation warnings for `webclient` listener and non-HTTP(S) ↵Patrick Cloke2022-01-201-14/+20
| | | | | | | `web_client_location`. (#11774) This changes the behaviour of the root endpoint to redirect directly to the configuration of `web_client_location` if it is given an HTTP(S) URL.
* update room spec url in config files (#11739)qwertyforce2022-01-131-1/+1
| | | | | | | * change spec url in config files * Create 11739.txt * .txt -> .doc
* Use auto_attribs/native type hints for attrs classes. (#11692)Patrick Cloke2022-01-131-2/+2
|
* Additional type hints for the config module, part 2. (#11480)Patrick Cloke2021-12-091-1/+1
|
* Additional type hints for config module. (#11465)Patrick Cloke2021-12-011-7/+13
| | | | This adds some misc. type hints to helper methods used in the `synapse.config` module.
* Add missing type hints to config base classes (#11377)Patrick Cloke2021-11-231-2/+2
|
* Default value for `public_baseurl` (#11210)Richard van der Hoff2021-11-081-4/+41
| | | | | We might as well use a default value for `public_baseurl` based on `server_name` - in many cases, it will be correct.
* Support for serving server well-known files (#11211)Richard van der Hoff2021-11-011-0/+19
| | | | Fixes https://github.com/matrix-org/synapse/issues/8308
* Move experimental & retention config out of the server module. (#11070)Patrick Cloke2021-10-151-201/+0
|
* Use direct references for configuration variables (part 6). (#10916)Patrick Cloke2021-09-291-3/+1
|
* Clean-up type hints in server config (#10915)Patrick Cloke2021-09-281-51/+49
| | | | | | By using attrs instead of dicts to store configuration. Also updates some of the attrs classes to use proper type hints and auto_attribs.
* Remove unnecessary parentheses around tuples returned from methods (#10889)Andrew Morgan2021-09-231-1/+1
|
* Add config option to use non-default manhole password and keys (#10643)Azrenbeth2021-09-061-2/+85
|
* Merge branch 'release-v1.41' into developErik Johnston2021-08-181-0/+25
|\
| * Centralise the custom template directory (#10596)Brendan Abolivier2021-08-171-0/+25
| | | | | | Several configuration sections are using separate settings for custom template directories, which can be confusing. This PR adds a new top-level configuration for a custom template directory which is then used for every module. The only exception is the consent templates, since the consent template directory require a specific hierarchy, so it's probably better that it stays separate from everything else.
* | Port the PresenceRouter module interface to the new generic interface (#10524)Azrenbeth2021-08-171-14/+1
|/ | | Port the PresenceRouter module interface to the new generic interface introduced in v1.37.0
* Add warnings to ip_range_blacklist usage with proxies (#10129)Kento Okamoto2021-08-031-0/+2
| | | | | | | | Per issue #9812 using `url_preview_ip_range_blacklist` with a proxy via `HTTPS_PROXY` or `HTTP_PROXY` environment variables has some inconsistent bahavior than mentioned. This PR changes the following: - Changes the Sample Config file to include a note mentioning that `url_preview_ip_range_blacklist` and `ip_range_blacklist` is ignored when using a proxy - Changes some logic in synapse/config/repository.py to send a warning when both `*ip_range_blacklist` configs and a proxy environment variable are set and but no longer throws an error. Signed-off-by: Kento Okamoto <kentokamoto@protonmail.com>
* Use inline type hints in various other places (in `synapse/`) (#10380)Jonathan de Jong2021-07-151-9/+7
|
* Update links to documentation in sample config (#10287)Dirk Klimpel2021-07-071-11/+12
| | | Signed-off-by: Dirk Klimpel dirk@klimpel.org
* Fix 'ip_range_whitelist' not working for federation servers (#10115)Michael Kutzner2021-06-151-12/+15
| | | | | Add 'federation_ip_range_whitelist'. This allows backwards-compatibility, If 'federation_ip_range_blacklist' is set. Otherwise 'ip_range_whitelist' will be used for federation servers. Signed-off-by: Michael Kutzner 1mikure@gmail.com
* Limit how often GC happens by time. (#9902)Erik Johnston2021-05-051-1/+30
| | | | | | | | | | | | | | | Synapse can be quite memory intensive, and unless care is taken to tune the GC thresholds it can end up thrashing, causing noticable performance problems for large servers. We fix this by limiting how often we GC a given generation, regardless of current counts/thresholds. This does not help with the reverse problem where the thresholds are set too high, but that should only happen in situations where they've been manually configured. Adds a `gc_min_seconds_between` config option to override the defaults. Fixes #9890.
* Allow OIDC cookies to work on non-root public baseurls (#9726)Andrew Morgan2021-04-231-4/+4
| | | | | Applied a (slightly modified) patch from https://github.com/matrix-org/synapse/issues/9574. As far as I understand this would allow the cookie set during the OIDC flow to work on deployments using public baseurls that do not sit at the URL path root.
* Remove redundant "coding: utf-8" lines (#9786)Jonathan de Jong2021-04-141-1/+0
| | | | | | | Part of #9744 Removes all redundant `# -*- coding: utf-8 -*-` lines from files, as python 3 automatically reads source code as utf-8 now. `Signed-off-by: Jonathan de Jong <jonathan@automatia.nl>`
* Add a Synapse Module for configuring presence update routing (#9491)Andrew Morgan2021-04-061-3/+36
| | | | | | | | | | | | At the moment, if you'd like to share presence between local or remote users, those users must be sharing a room together. This isn't always the most convenient or useful situation though. This PR adds a module to Synapse that will allow deployments to set up extra logic on where presence updates should be routed. The module must implement two methods, `get_users_for_states` and `get_interested_users`. These methods are given presence updates or user IDs and must return information that Synapse will use to grant passing presence updates around. A method is additionally added to `ModuleApi` which allows triggering a set of users to receive the current, online presence information for all users they are considered interested in. This is the equivalent of that user receiving presence information during an initial sync. The goal of this module is to be fairly generic and useful for a variety of applications, with hard requirements being: * Sending state for a specific set or all known users to a defined set of local and remote users. * The ability to trigger an initial sync for specific users, so they receive all current state.
* quick config comment tweak to clarify allow_profile_lookup_over_federationMatthew Hodgson2021-03-081-2/+1
|
* Clean up `ShardedWorkerHandlingConfig` (#9466)Erik Johnston2021-02-241-1/+0
| | | | | | | | | | | | | | | | | * Split ShardedWorkerHandlingConfig This is so that we have a type level understanding of when it is safe to call `get_instance(..)` (as opposed to `should_handle(..)`). * Remove special cases in ShardedWorkerHandlingConfig. `ShardedWorkerHandlingConfig` tried to handle the various different ways it was possible to configure federation senders and pushers. This led to special cases that weren't hit during testing. To fix this the handling of the different cases is moved from there and `generic_worker` into the worker config class. This allows us to have the logic in one place and allows the rest of the code to ignore the different cases.
* Add configs to make profile data more private (#9203)AndrewFerr2021-02-191-0/+14
| | | | | | | Add off-by-default configuration settings to: - disable putting an invitee's profile info in invite events - disable profile lookup via federation Signed-off-by: Andrew Ferrazzutti <fair@miscworks.net>
* Update black, and run auto formatting over the codebase (#9381)Eric Eastwood2021-02-161-4/+13
| | | | | | | - Update black version to the latest - Run black auto formatting over the codebase - Run autoformatting according to [`docs/code_style.md `](https://github.com/matrix-org/synapse/blob/80d6dc9783aa80886a133756028984dbf8920168/docs/code_style.md) - Update `code_style.md` docs around installing black to use the correct version
* Merge tag 'v1.27.0rc2' into developPatrick Cloke2021-02-111-9/+4
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Synapse 1.27.0rc2 (2021-02-11) ============================== Features -------- - Further improvements to the user experience of registration via single sign-on. ([\#9297](https://github.com/matrix-org/synapse/issues/9297)) Bugfixes -------- - Fix ratelimiting introduced in v1.27.0rc1 for invites to respect the `ratelimit` flag on application services. ([\#9302](https://github.com/matrix-org/synapse/issues/9302)) - Do not automatically calculate `public_baseurl` since it can be wrong in some situations. Reverts behaviour introduced in v1.26.0. ([\#9313](https://github.com/matrix-org/synapse/issues/9313)) Improved Documentation ---------------------- - Clarify the sample configuration for changes made to the template loading code. ([\#9310](https://github.com/matrix-org/synapse/issues/9310))
| * Backout changes for automatically calculating the public baseurl. (#9313)Patrick Cloke2021-02-111-9/+4
| | | | | | | | This breaks some people's configurations (if their Client-Server API is not accessed via port 443).
* | Convert blacklisted IPv4 addresses to compatible IPv6 addresses. (#9240)Patrick Cloke2021-02-031-17/+82
|/ | | Also add a few more IP ranges to the default blacklist.
* Support icons for Identity Providers (#9154)Richard van der Hoff2021-01-201-1/+1
|
* Give `public_baseurl` a default value (#9159)Richard van der Hoff2021-01-201-9/+15
|
* Fix the sample config location for the ip_range_whitelist setting. (#8954)Patrick Cloke2020-12-161-0/+12
| | | | Move it from the federation section to the server section to match ip_range_blacklist.
* Default to blacklisting reserved IP ranges and add a whitelist. (#8870)Patrick Cloke2020-12-091-0/+80
| | | | This defaults `ip_range_blacklist` to reserved IP ranges and also adds an `ip_range_whitelist` setting to override it.
* Update default room version to 6 (#8461)Richard van der Hoff2020-10-051-1/+1
| | | | Per https://github.com/matrix-org/matrix-doc/pull/2788
* Update description of server_name config option (#8415)Aaron Raimist2020-09-291-4/+17
|
* Add a config option for validating 'next_link' parameters against a domain ↵Andrew Morgan2020-09-081-1/+32
| | | | | | | | | | | whitelist (#8275) This is a config option ported over from DINUM's Sydent: https://github.com/matrix-org/sydent/pull/285 They've switched to validating 3PIDs via Synapse rather than Sydent, and would like to retain this functionality. This original purpose for this change is phishing prevention. This solution could also potentially be replaced by a similar one to https://github.com/matrix-org/synapse/pull/8004, but across all `*/submit_token` endpoint. This option may still be useful to enterprise even with that safeguard in place though, if they want to be absolutely sure that their employees don't follow links to other domains.
* Stop sub-classing object (#8249)Patrick Cloke2020-09-041-1/+1
|
* Allow capping a room's retention policy (#8104)Brendan Abolivier2020-08-241-8/+14
|
* Add resources.consent conditional dependency back (#8107)Andrew Morgan2020-08-181-20/+0
| | | Turns out that part of the codebase (synapse.config.server) checks for this key explicitly. Remove that check.
* TypoBrendan Abolivier2020-08-101-1/+1
|
* LintBrendan Abolivier2020-08-101-2/+2
|
* why mypy whyBrendan Abolivier2020-08-101-1/+3
|
* LintBrendan Abolivier2020-08-061-1/+1
|
* Incorporate reviewBrendan Abolivier2020-08-061-2/+2
|
* Incorporate reviewBrendan Abolivier2020-08-061-0/+3
|
* Back out the database hack and replace it with a temporary config settingBrendan Abolivier2020-08-031-0/+10
|
* Option to allow server admins to join complex rooms (#7902)lugino-emeritus2020-07-281-0/+7
| | | | | Fixes #7901. Signed-off-by: Niklas Tittjung <nik_t.01@web.de>
* Fix a typo in the sample config. (#7890)Adrian2020-07-201-1/+1
|
* Add a default limit (of 100) to get/sync operations. (#7858)Patrick Cloke2020-07-171-2/+4
|
* Add ability to shard the federation sender (#7798)Erik Johnston2020-07-101-66/+0
|
* Create a ListenerConfig object (#7681)Richard van der Hoff2020-06-161-85/+150
| | | | | | | | | | This ended up being a bit more invasive than I'd hoped for (not helped by generic_worker duplicating some of the code from homeserver), but hopefully it's an improvement. The idea is that, rather than storing unstructured `dict`s in the config for the listener configurations, we instead parse it into a structured `ListenerConfig` object.
* fix typo in sample_config.yaml (#7652)wondratsch2020-06-111-1/+1
| | | | | Just a simple typo fix. Signed-off-by: wondratsch 28294257+wondratsch@users.noreply.github.com
* Fix some DETECTED VIOLATIONS in the config file (#7550)Richard van der Hoff2020-05-221-14/+19
| | | consistency ftw
* Fix new flake8 errors (#7470)Erik Johnston2020-05-121-1/+1
|
* Add a configuration setting for the dummy event threshold (#7422)Brendan Abolivier2020-05-071-0/+15
| | | Add dummy_events_threshold which allows configuring the number of forward extremities a room needs for Synapse to send forward extremities in it.
* Revert "Revert "Merge pull request #7315 from ↵Brendan Abolivier2020-04-231-0/+21
| | | | | | matrix-org/babolivier/request_token"" This reverts commit 1adf6a55870aa08de272591ff49db9dc49738076.
* Extend web_client_location to handle absolute URLs (#7006)Martin Milata2020-04-031-3/+8
| | | | | Log warning when filesystem path is used. Signed-off-by: Martin Milata <martin@martinmilata.cz>
* Clarify list/set/dict/tuple comprehensions and enforce via flake8 (#6957)Patrick Cloke2020-02-211-2/+2
| | | | Ensure good comprehension hygiene using flake8-comprehensions.
* Add more logging around message retention policies support (#6717)Brendan Abolivier2020-01-171-0/+8
| | | So we can debug issues like #6683 more easily
* RewordBrendan Abolivier2020-01-071-3/+3
|
* Change the example from 5min to 12hBrendan Abolivier2020-01-071-4/+4
| | | | Have a purge job running every 5min is probably not something we want to advise admins to do as a sort-of default.
* Fix a typo in the purge jobs configuration exampleBrendan Abolivier2020-01-031-1/+1
|
* Add option to allow profile queries without sharing a room (#6523)Will Hunt2019-12-161-0/+13
|
* Bump version of mypyErik Johnston2019-12-121-1/+1
|
* privacy by default for room dir (#6355)Neil Johnson2019-12-041-12/+14
| | | | Ensure that the the default settings for the room directory are that the it is hidden from public view by default.
* Add ephemeral messages support (MSC2228) (#6409)Brendan Abolivier2019-12-031-0/+2
| | | | | | | | Implement part [MSC2228](https://github.com/matrix-org/matrix-doc/pull/2228). The parts that differ are: * the feature is hidden behind a configuration flag (`enable_ephemeral_messages`) * self-destruction doesn't happen for state events * only implement support for the `m.self_destruct_after` field (not the `m.self_destruct` one) * doesn't send synthetic redactions to clients because for this specific case we consider the clients to be able to destroy an event themselves, instead we just censor it (by pruning its JSON) in the database
* Merge branch 'develop' into babolivier/message_retentionBrendan Abolivier2019-11-261-6/+6
|\
| * Clean up newline quote marks around the codebase (#6362)Andrew Morgan2019-11-211-3/+3
| |
| * Merge branch 'develop' of github.com:matrix-org/synapse into ↵Andrew Morgan2019-11-141-1/+1
| |\ | | | | | | | | | | | | | | | | | | | | | anoa/homeserver_copy * 'develop' of github.com:matrix-org/synapse: Blacklist PurgeRoomTestCase (#6361) Set room version default to 5
| | * Merge pull request #6220 from matrix-org/neilj/set_room_version_default_to_5Brendan Abolivier2019-11-141-1/+1
| | |\ | | | | | | | | Set room version default to 5
| | | * Set room version default to 5Neil Johnson2019-10-191-1/+1
| | | |
| * | | A couple more instancesAndrew Morgan2019-11-121-1/+1
| | | |
| * | | Replace instance variations of homeserver with correct case/spacingAndrew Morgan2019-11-121-1/+1
| |/ /
* | | Lint againBrendan Abolivier2019-11-191-1/+1
| | |
* | | Lint againBrendan Abolivier2019-11-191-1/+1
| | |
* | | LintBrendan Abolivier2019-11-191-15/+24
| | |
* | | Implement per-room message retention policiesBrendan Abolivier2019-11-041-0/+172
|/ /
* | Option to suppress resource exceeded alerting (#6173)Neil Johnson2019-10-241-2/+8
| | | | | | | | The expected use case is to suppress MAU limiting on small instances
* | Add config linting script that checks for bool casing (#6203)Andrew Morgan2019-10-231-5/+5
|/ | | | | Add a linting script that enforces all boolean values in the default config be lowercase. This has annoyed me for a while so I decided to fix it.
* Refactor HomeserverConfig so it can be typechecked (#6137)Amber Brown2019-10-101-0/+2
|
* Fix up some typechecking (#6150)Amber Brown2019-10-021-3/+7
| | | | | | * type checking fixes * changelog
* Fix 'redaction_retention_period' sampel config to match guidelinesErik Johnston2019-09-261-1/+1
|
* Explicitly log when a homeserver does not have a trusted key server ↵Neil Johnson2019-09-261-8/+8
| | | | configured (#6090)
* Merge branch 'develop' of github.com:matrix-org/synapse into ↵Erik Johnston2019-09-251-3/+4
|\ | | | | | | erikj/cleanup_user_ips_2
| * Enable cleaning up extremities with dummy events by default to prevent undue ↵Neil Johnson2019-09-251-3/+1
| | | | | | | | build up of forward extremities. (#5884)
| * Use the federation blacklist for requests to untrusted Identity Servers (#6000)Andrew Morgan2019-09-231-0/+3
| | | | | | | | | | Uses a SimpleHttpClient instance equipped with the federation_ip_range_blacklist list for requests to identity servers provided by user input. Does not use a blacklist when contacting identity servers specified by account_threepid_delegates. The homeserver trusts the latter and we don't want to prevent homeserver admins from specifying delegates that are on internal IP addresses. Fixes #5935
* | Review commentsErik Johnston2019-09-251-1/+1
| |
* | Prune rows in user_ips older than configured periodErik Johnston2019-09-241-0/+13
|/ | | | Defaults to pruning everything older than 28d.
* (#5849) Convert rst to markdown (#6040)dstipp2019-09-171-6/+6
| | | | | Converting some of the rst documentation to markdown. Attempted to preserve whitespace and line breaks to minimize cosmetic change.
* Default to censoring redactions after seven daysErik Johnston2019-09-091-4/+6
|
* Handle setting retention period to 0Erik Johnston2019-09-091-1/+1
|
* Make redaction retention period configurableErik Johnston2019-09-051-0/+15
|
* Config templating (#5900)Jorik Schellekens2019-08-281-17/+67
| | | | | | | | | | | | Template config files * Imagine a system composed entirely of x, y, z etc and the basic operations.. Wait George, why XOR? Why not just neq? George: Eh, I didn't think of that.. Co-Authored-By: Erik Johnston <erik@matrix.org>
* Room Complexity Client Implementation (#5783)Amber Brown2019-07-301-0/+41
|
* enable aggregations support by defaultNeil Johnson2019-07-181-1/+1
|
* Change add_arguments to be a static methodErik Johnston2019-07-151-1/+2
|
* Merge pull request #5524 from matrix-org/rav/new_cmdline_optionsRichard van der Hoff2019-06-241-5/+12
|\ | | | | Add --data-dir and --open-private-ports options.
| * Add "--open-private-ports" cmdline optionRichard van der Hoff2019-06-241-5/+12
| | | | | | | | This is helpful when generating a config file for running synapse under docker.
* | Merge pull request #5523 from matrix-org/rav/arg_defaultsRichard van der Hoff2019-06-241-1/+1
|\| | | | | Stop conflating generated config and default config
| * Don't load the generated config as the default.Richard van der Hoff2019-06-241-1/+1
| | | | | | | | It's too confusing.
* | Split public rooms directory auth config in twoBrendan Abolivier2019-06-241-10/+34
|/
* Pass config_dir_path and data_dir_path into Config.read_config. (#5522)Richard van der Hoff2019-06-241-1/+1
| | | | | | * Pull config_dir_path and data_dir_path calculation out of read_config_files * Pass config_dir_path and data_dir_path into read_config
* Drop support for cpu_affinity (#5525)Richard van der Hoff2019-06-221-24/+0
| | | This has no useful purpose on python3, and is generally a source of confusion.
* Run Black. (#5482)Amber Brown2019-06-201-118/+108
|
* Add experimental option to reduce extremities.Erik Johnston2019-06-181-0/+6
| | | | | | | Adds new config option `cleanup_extremities_with_dummy_events` which periodically sends dummy events to rooms with more than 10 extremities. THIS IS REALLY EXPERIMENTAL.
* Set default room version to v4. (#5379)Neil Johnson2019-06-061-1/+1
| | | | Set default room version to v4.
* Neilj/mau tracking config explainer (#5284)Neil Johnson2019-06-051-0/+16
| | | | Improve documentation of monthly active user blocking and mau_trial_days
* Add missing blank line in config (#5249)Richard van der Hoff2019-05-241-0/+1
|
* Add config option for setting homeserver's default room version (#5223)Andrew Morgan2019-05-231-0/+32
| | | | | Replaces DEFAULT_ROOM_VERSION constant with a method that first checks the config, then returns a hardcoded value if the option is not present. That hardcoded value is now located in the server.py config file.
* Merge pull request #5209 from matrix-org/erikj/reactions_baseErik Johnston2019-05-201-0/+5
|\ | | | | Land basic reaction and edit support.
| * Add aggregations APIErik Johnston2019-05-161-0/+5
| |
* | Add option to disable per-room profilesBrendan Abolivier2019-05-161-0/+11
|/
* Add ability to blacklist ip ranges for federation traffic (#5043)Andrew Morgan2019-05-131-0/+38
|
* add options to require an access_token to GET /profile and /publicRooms on ↵Matthew Hodgson2019-05-081-0/+27
| | | | | | | | | | | | | | | | | CS API (#5083) This commit adds two config options: * `restrict_public_rooms_to_local_users` Requires auth to fetch the public rooms directory through the CS API and disables fetching it through the federation API. * `require_auth_for_profile_requests` When set to `true`, requires that requests to `/profile` over the CS API are authenticated, and only returns the user's profile if the requester shares a room with the profile's owner, as per MSC1301. MSC1301 also specifies a behaviour for federation (only returning the profile if the server asking for it shares a room with the profile's owner), but that's currently really non-trivial to do in a not too expensive way. Next step is writing down a MSC that allows a HS to specify which user sent the profile query. In this implementation, Synapse won't send a profile query over federation if it doesn't believe it already shares a room with the profile's owner, though. Groups have been intentionally omitted from this commit.
* Merge pull request #5124 from matrix-org/babolivier/aliasesBrendan Abolivier2019-05-021-0/+11
|\ | | | | Add some limitations to alias creation
| * Add some limitations to alias creationBrendan Abolivier2019-05-021-0/+11
| |
* | Move admin API to a new prefixRichard van der Hoff2019-05-011-2/+2
|/
* Config option for verifying federation certificates (MSC 1711) (#4967)Andrew Morgan2019-04-251-2/+4
|
* add context to phonehome stats (#5020)Neil Johnson2019-04-081-0/+4
| | | | add context to phonehome stats
* Add a config option for torture-testing worker replication. (#4902)Richard van der Hoff2019-03-201-0/+5
| | | Setting this to 50 or so makes a bunch of sytests fail in worker mode.
* Comment out most options in the generated config. (#4863)Richard van der Hoff2019-03-191-3/+3
| | | | | | | | | | | | | | | | | | | | Make it so that most options in the config are optional, and commented out in the generated config. The reasons this is a good thing are as follows: * If we decide that we should change the default for an option, we can do so, and only those admins that have deliberately chosen to override that option will be stuck on the old setting. * It moves us towards a point where we can get rid of the super-surprising feature of synapse where the default settings for the config come from the generated yaml. * It makes setting up a test config for unit testing an order of magnitude easier (see forthcoming PR). * It makes the generated config more consistent, and hopefully easier for users to understand.
* Include a default configuration file in the 'docs' directory. (#4791)Richard van der Hoff2019-03-041-0/+4
|
* Attempt to make default config more consistentRichard van der Hoff2019-02-191-42/+50
| | | | | | The general idea here is that config examples should just have a hash and no extraneous whitespace, both to make it easier for people who don't understand yaml, and to make the examples stand out from the comments.
* Special-case the default bind_addresses for metrics listenerRichard van der Hoff2019-02-131-1/+5
| | | | | turns out it doesn't really support ipv6, so let's hack around that by only listening on ipv4 by default.
* Disable TLS by default (#4614)Richard van der Hoff2019-02-121-24/+24
|
* Infer no_tls from presence of TLS listenersRichard van der Hoff2019-02-111-3/+20
| | | | | Rather than have to specify `no_tls` explicitly, infer whether we need to load the TLS keys etc from whether we have any TLS-enabled listeners.
* Fail cleanly if listener config lacks a 'port'Richard van der Hoff2019-02-111-0/+5
| | | | ... otherwise we would fail with a mysterious KeyError or something later.
* Clean up default listener configuration (#4586)Richard van der Hoff2019-02-111-48/+81
| | | | | | | | | | Rearrange the comments to try to clarify them, and expand on what some of it means. Use a sensible default 'bind_addresses' setting. For the insecure port, only bind to localhost, and enable x_forwarded, since apparently it's for use behind a load-balancer.
* Merge pull request #4420 from matrix-org/jaywink/openid-listenerErik Johnston2019-02-111-0/+10
|\ | | | | New listener resource for the federation API "openid/userinfo" endpoint
| * Fix flake8 issuesJason Robinson2019-01-231-1/+1
| | | | | | | | Signed-off-by: Jason Robinson <jasonr@matrix.org>
| * Remove openid resource from default configJason Robinson2019-01-231-4/+13
| | | | | | | | | | | | Instead document it commented out. Signed-off-by: Jason Robinson <jasonr@matrix.org>
| * Split federation OpenID userinfo endpoint out of the federation resourceJason Robinson2019-01-231-4/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | This allows the OpenID userinfo endpoint to be active even if the federation resource is not active. The OpenID userinfo endpoint is called by integration managers to verify user actions using the client API OpenID access token. Without this verification, the integration manager cannot know that the access token is valid. The OpenID userinfo endpoint will be loaded in the case that either "federation" or "openid" resource is defined. The new "openid" resource is defaulted to active in default configuration. Signed-off-by: Jason Robinson <jasonr@matrix.org>
* | Don't recommend :8448 to people on public_baseurlTravis Ralston2019-01-281-1/+1
| |
* | Merge pull request #4435 from matrix-org/neilj/fix_threepid_auth_checkNeil Johnson2019-01-241-5/+4
|\ \ | | | | | | Neilj/fix threepid auth check
| * | move guard out of is_threepid_reserved and into register.pyNeil Johnson2019-01-221-2/+0
| | |
| * | Fix None guard in config.server.is_threepid_reservedNeil Johnson2019-01-221-5/+6
| |/
* / Clarify docs for public_baseurlDavid Baker2019-01-241-1/+5
|/ | | | | | This is leading to problems with people upgrading to clients that support MSC1730 because people have this misconfigured, so try to make the docs completely unambiguous.
* Check jinja version for consent resource (#4327)Richard van der Hoff2019-01-071-1/+37
| | | | | | | | * Raise a ConfigError if an invalid resource is specified * Require Jinja 2.9 for the consent resource * changelog
* Add a script to generate a clean config file (#4315)Richard van der Hoff2018-12-221-2/+3
|
* Fix indentation in default config (#4313)Richard van der Hoff2018-12-221-35/+35
| | | These settings are not supposed to be under 'listeners'.
* Stop installing Matrix Console by defaultRichard van der Hoff2018-12-111-15/+27
| | | | This is based on the work done by @krombel in #2601.
* Add an option to disable search for homeservers which may not be interested ↵Travis Ralston2018-12-041-1/+11
| | | | | | in it (#4230) This is useful for homeservers not intended for users, such as bot-only homeservers or ones that only process IoT data.
* Add option to track MAU stats (but not limit people) (#3830)Travis Ralston2018-11-151-0/+6
|
* move threepid checker to config, add missing yieldsNeil Johnson2018-08-311-0/+17
|
* Change admin_uri to admin_contact in config and errorsErik Johnston2018-08-241-2/+2
|
* Implement trail usersErik Johnston2018-08-231-0/+6
|
* Integrate presence from hotfixes (#3694)Amber Brown2018-08-181-0/+6
|
* server limits config docsNeil Johnson2018-08-171-0/+26
|
* add new error type ResourceLimitNeil Johnson2018-08-161-0/+1
|
* update admin email to uriNeil Johnson2018-08-151-1/+1
|
* replace admin_email with admin_uri for greater flexibilityNeil Johnson2018-08-151-1/+1
|
* support admin_email config and pass through into blocking errors, return ↵Neil Johnson2018-08-131-0/+4
| | | | AuthError in all cases
* Revert "support admin_email config and pass through into blocking errors, ↵Neil Johnson2018-08-131-4/+0
| | | | | | return AuthError in all cases" This reverts commit 0d43f991a19840a224d3dac78d79f13d78212ee6.
* support admin_email config and pass through into blocking errors, return ↵Neil Johnson2018-08-131-0/+4
| | | | AuthError in all cases
* Merge branch 'develop' into neilj/disable_hsNeil Johnson2018-08-081-0/+3
|\
| * implement reserved users for mau limitsNeil Johnson2018-08-071-1/+1
| |
| * load mau limit threepidsNeil Johnson2018-08-061-0/+3
| |
* | disable HS from configNeil Johnson2018-08-041-0/+4
|/
* fix (lots of) py3 test failuresNeil Johnson2018-08-031-2/+2
|
* Merge branch 'master' into developRichard van der Hoff2018-08-021-0/+2
|\
| * Merge pull request #3377 from Valodim/note-affinityRichard van der Hoff2018-07-191-0/+2
| |\ | | | | | | document that the affinity package is required for the cpu_affinity setting
| | * add note that the affinity package is required for the cpu_affinity settingVincent Breitmoser2018-06-091-0/+2
| | |
* | | remove need to plot limit_usage_by_mauNeil Johnson2018-08-011-3/+6
| | |
* | | coding styleNeil Johnson2018-07-311-1/+1
| | |
* | | limit register and sign in on number of monthly usersNeil Johnson2018-07-301-0/+5
|/ /
* | run isortAmber Brown2018-07-091-0/+1
| |
* | More server_name validationRichard van der Hoff2018-07-041-2/+9
|/ | | | | | | | We need to do a bit more validation when we get a server name, but don't want to be re-doing it all over the shop, so factor out a separate parse_and_validate_server_name, and do the extra validation. Also, use it to verify the server name in the config file.
* Run Prometheus on a different port, optionally. (#3274)Amber Brown2018-05-311-0/+10
|
* Add federation_domain_whitelist option (#2820)Matthew Hodgson2018-01-221-0/+22
| | | | | | Add federation_domain_whitelist gives a way to restrict which domains your HS is allowed to federate with. useful mainly for gracefully preventing a private but internet-connected HS from trying to federate to the wider public Matrix network
* Allow binds to both :: and 0.0.0.0Silke Hofstra2017-12-171-5/+3
| | | | | | | | | | Binding on 0.0.0.0 when :: is specified in the bind_addresses is now allowed. This causes a warning explaining the behaviour. Configuration changed to match. See #2232 Signed-off-by: Silke Hofstra <silke@slxh.eu>
* Adapt the default config to bind on IPv6.Willem Mulder2017-12-171-8/+9
| | | | | | | | | Most deployments are on Linux (or Mac OS), so this would actually bind on both IPv4 and IPv6. Resolves #1886. Signed-off-by: Willem Mulder <willemmaster@hotmail.com>
* Add config option to disable media_repo on main synapseRichard van der Hoff2017-11-221-0/+6
| | | | ... to stop us doing the cache cleanup jobs on the master.
* Add a hook for custom rest endpointsRichard van der Hoff2017-11-021-0/+7
| | | | | Let the user specify custom modules which can be used for implementing extra endpoints.
* replace 'except:' with 'except Exception:'Richard van der Hoff2017-10-231-1/+1
| | | | what could possibly go wrong
* Add a config option to block all room invites (#2457)Richard van der Hoff2017-09-191-0/+10
| | | | | - allows sysadmins the ability to lock down their servers so that people can't send their users room invites.
* Fix process startupRichard van der Hoff2017-08-161-10/+13
| | | | escape the % that got added in 92168cb so that the process starts up ok.
* explain why CPU affinity is a good ideaMatthew Hodgson2017-08-151-0/+8
|
* Allow configuration of CPU affinityRichard van der Hoff2017-08-151-0/+12
| | | | | Make it possible to set the CPU affinity in the config file, so that we don't need to remember to do it manually every time.
* Initial worker implErik Johnston2017-06-161-0/+4
|
* Configurable maximum number of events requested by /sync and /messages (#2220)Pablo Saavedra2017-05-131-0/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Set the limit on the returned events in the timeline in the get and sync operations. The default value is -1, means no upper limit. For example, using `filter_timeline_limit: 5000`: POST /_matrix/client/r0/user/user:id/filter { room: { timeline: { limit: 1000000000000000000 } } } GET /_matrix/client/r0/user/user:id/filter/filter:id { room: { timeline: { limit: 5000 } } } The server cuts down the room.timeline.limit.
* web_server_root documentation fixMatthew Wolff2017-04-171-0/+6
| | | | Signed-off-by: Matthew Wolff <matthewjwolff@gmail.com>
* Pop bind_addressErik Johnston2017-01-101-1/+1
|
* Restore default bind addressErik Johnston2017-01-101-4/+13
|
* Add IPv6 comment to default configJohannes Löthberg2016-12-181-0/+4
| | | | Signed-off-by: Johannes Löthberg <johannes@kyriasis.com>
* Make default homeserver config use bind_addressesJohannes Löthberg2016-12-181-4/+5
| | | | Signed-off-by: Johannes Löthberg <johannes@kyriasis.com>
* Hook up the send queue and create a federation sender workerErik Johnston2016-11-161-0/+5
|
* Remove support for aggregate room listsErik Johnston2016-09-151-9/+0
|
* remove vector.im from default secondary DS listMatthew Hodgson2016-06-271-1/+0
|
* Remove the legacy v0 content upload API.Mark Haines2016-06-211-20/+0
| | | | | | The existing content can still be downloaded. The last upload to the matrix.org server was in January 2015, so it is probably safe to remove the upload API.
* Turn use_frozen_events off by defaultErik Johnston2016-06-171-1/+1
|
* Inline the synchrotron and pusher configs into the main configMark Haines2016-06-161-13/+18
|
* Allow setting of gc.set_thresholdsErik Johnston2016-06-071-1/+18
|
* Add vector.im to default secondary_directory_servers and add comment ↵David Baker2016-05-311-0/+4
| | | | explaining it's not a permanent solution
* Add federation room list servletDavid Baker2016-05-311-0/+6
|
* Correct public_baseurl defaultDavid Baker2016-04-291-2/+2
|
* Merge remote-tracking branch 'origin/develop' into dbkr/email_notifsDavid Baker2016-04-291-0/+1
|\
| * Optionally split out the pushers into a separate processMark Haines2016-04-211-0/+1
| |
* | Hopefully all remaining bits for email notifsDavid Baker2016-04-271-0/+8
|/ | | | Add public facing base url to the server so synapse knows what URL to use when converting mxc to http urls for use in emails
* Merge pull request #473 from matrix-org/erikj/ssh_manholeErik Johnston2016-01-071-1/+1
|\ | | | | Change manhole to use ssh
| * s/telnet/ssh/Erik Johnston2016-01-071-1/+1
| |
* | copyrightsMatthew Hodgson2016-01-071-1/+1
|/
* Added a single line to explain what the server_name is used forMads R. Christensen2015-12-021-0/+1
|
* Preserve version string in user agentDaniel Wagner-Hall2015-10-051-1/+1
|
* Allow synapse's useragent to be customizedDaniel Wagner-Hall2015-10-021-0/+1
| | | | | This will allow me to write tests which verify which server made HTTP requests in a federation context.
* Implement configurable stats reportingDaniel Wagner-Hall2015-09-221-1/+1
| | | | | | | | | | SYN-287 This requires that HS owners either opt in or out of stats reporting. When --generate-config is passed, --report-stats must be specified If an already-generated config is used, and doesn't have the report_stats key, it is requested to be set.
* Allow specifying a directory to host a web client fromErik Johnston2015-08-251-0/+1
|
* Only print the pidfile path on startup if requested by a commandline flagPaul "LeoNerd" Evans2015-08-071-0/+7
|
* Remove redundant newlineErik Johnston2015-06-151-2/+1
|
* Document listener config. Remove deprecated config optionsErik Johnston2015-06-151-28/+42
|
* Add backwards compat support for metrics, manhole and webclient config optionsErik Johnston2015-06-121-3/+27
|
* Correctly handle x_forwaded listener optionErik Johnston2015-06-121-0/+2
|
* Use config.listenersErik Johnston2015-06-121-30/+84
|
* Begin changing the config formatErik Johnston2015-06-111-8/+24
|
* Add config option to disable compression of http responsesErik Johnston2015-06-011-0/+6
|
* Add config option to turn off freezing events. Use new encode_json api and ↵Erik Johnston2015-05-291-0/+1
| | | | ujson.loads
* Use the daemonize key from the config if it existsMark Haines2015-05-011-1/+4
|
* Allow "manhole" to be ommited from the configMark Haines2015-04-301-1/+1
|
* Remove the ~, comment the lines insteadMark Haines2015-04-301-1/+1
|
* Manually generate the default config yaml, remove most of the commandline ↵Mark Haines2015-04-301-48/+69
| | | | arguments for synapse anticipating that people will use the yaml instead. Simpify implementing config options by not requiring the classes to hit the super class
* Move the key related config parser into a separate fileMark Haines2015-04-241-84/+1
|
* Better help for the old-signing-key optionMark Haines2015-04-241-1/+4
|