summary refs log tree commit diff
path: root/synapse/federation/transport/server.py (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Merge pull request #5859 from matrix-org/rei/msc2197reivilibre2019-08-281-0/+36
|\ | | | | MSC2197 Search Filters over Federation
| * Use MSC2197 on stable prefix as it has almost finished FCPOlivier Wilkinson (reivilibre)2019-08-201-24/+2
| | | | | | | | Signed-off-by: Olivier Wilkinson (reivilibre) <olivier@librepush.net>
| * Add support for inbound MSC2197 requests on unstable Federation APIOlivier Wilkinson (reivilibre)2019-08-151-1/+59
| | | | | | | | Signed-off-by: Olivier Wilkinson (reivilibre) <olivier@librepush.net>
* | Opentracing across workers (#5771)Jorik Schellekens2019-08-221-15/+28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Propagate opentracing contexts across workers Also includes some Convenience modifications to opentracing for servlets, notably: - Add boolean to skip the whitelisting check on inject extract methods. - useful when injecting into carriers locally. Otherwise we'd always have to include our own servername and whitelist our servername - start_active_span_from_request instead of header - Add boolean to decide whether to extract context from a request to a servlet
* | Opentracing misc (#5856)Jorik Schellekens2019-08-161-6/+7
| | | | | | | | | | | | | | | | | | | | | | Add authenticated_entity and servlet_names tags. Functionally: - Add a tag for authenticated_entity - Add a tag for servlet_names Stylistically: Moved to importing methods directly from opentracing.
* | Wrap `get_local_public_room_list` call in `maybeDeferred` because itOlivier Wilkinson (reivilibre)2019-08-141-2/+8
|/ | | | | | | is cached and so does not always return a `Deferred`. `await` does not silently pass-through non-Deferreds like `yield` used to. Signed-off-by: Olivier Wilkinson (reivilibre) <olivier@librepush.net>
* Fix servlet metric names (#5734)Jorik Schellekens2019-07-241-1/+3
| | | | | | | | | | * Fix servlet metric names Co-Authored-By: Richard van der Hoff <1389908+richvdh@users.noreply.github.com> * Remove redundant check * Cover all return paths
* Convert synapse.federation.transport.server to async (#5689)Richard van der Hoff2019-07-181-242/+188
| | | | | | | | | | | | | | | | * Convert BaseFederationServlet._wrap to async Empirically, this fixes some lost stacktraces. It should be safe because the wrapped function is called from JsonResource._async_render, which is already async. * Convert the rest of synapse.federation.transport.server to async We may as well do the whole file while we're here. * changelog * flake8
* Add basic opentracing support (#5544)Jorik Schellekens2019-07-111-5/+21
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Configure and initialise tracer Includes config options for the tracer and sets up JaegerClient. * Scope manager using LogContexts We piggy-back our tracer scopes by using log context. The current log context gives us the current scope. If new scope is created we create a stack of scopes in the context. * jaeger is a dependency now * Carrier inject and extraction for Twisted Headers * Trace federation requests on the way in and out. The span is created in _started_processing and closed in _finished_processing because we need a meaningful log context. * Create logcontext for new scope. Instead of having a stack of scopes in a logcontext we create a new context for a new scope if the current logcontext already has a scope. * Remove scope from logcontext if logcontext is top level * Disable tracer if not configured * typo * Remove dependence on jaeger internals * bools * Set service name * :Explicitely state that the tracer is disabled * Black is the new black * Newsfile * Code style * Use the new config setup. * Generate config. * Copyright * Rename config to opentracing * Remove user whitelisting * Empty whitelist by default * User ConfigError instead of RuntimeError * Use isinstance * Use tag constants for opentracing. * Remove debug comment and no need to explicitely record error * Two errors a "s(c)entry" * Docstrings! * Remove debugging brainslip * Homeserver Whitlisting * Better opentracing config comment * linting * Inclue worker name in service_name * Make opentracing an optional dependency * Neater config retreival * Clean up dummy tags * Instantiate tracing as object instead of global class * Inlcude opentracing as a homeserver member. * Thread opentracing to the request level * Reference opetnracing through hs * Instantiate dummy opentracin g for tests. * About to revert, just keeping the unfinished changes just in case * Revert back to global state, commit number: 9ce4a3d9067bf9889b86c360c05ac88618b85c4f * Use class level methods in tracerutils * Start and stop requests spans in a place where we have access to the authenticated entity * Seen it, isort it * Make sure to close the active span. * I'm getting black and blue from this. * Logger formatting Co-Authored-By: Erik Johnston <erik@matrix.org> * Outdated comment * Import opentracing at the top * Return a contextmanager * Start tracing client requests from the servlet * Return noop context manager if not tracing * Explicitely say that these are federation requests * Include servlet name in client requests * Use context manager * Move opentracing to logging/ * Seen it, isort it again! * Ignore twisted return exceptions on context exit * Escape the scope * Scopes should be entered to make them useful. * Nicer decorator names * Just one init, init? * Don't need to close something that isn't open * Docs make you smarter
* Move logging utilities out of the side drawer of util/ and into logging/ (#5606)Amber Brown2019-07-041-1/+1
|
* Split public rooms directory auth config in twoBrendan Abolivier2019-06-241-4/+4
|
* Run Black. (#5482)Amber Brown2019-06-201-128/+109
|
* Associate a request_name with each verify request, for loggingRichard van der Hoff2019-06-051-1/+3
| | | | | | | Also: * rename VerifyKeyRequest->VerifyJsonRequest * calculate key_ids on VerifyJsonRequest construction * refactor things to pass around VerifyJsonRequests instead of 4-tuples
* Enforce validity period on server_keys for fed requests. (#5321)Richard van der Hoff2019-06-031-1/+3
| | | | | | | | When handling incoming federation requests, make sure that we have an up-to-date copy of the signing key. We do not yet enforce the validity period for event signatures.
* Implement the SHHS complexity API (#5216)Amber Brown2019-05-301-1/+30
|
* Make all the rate limiting options more consistent (#5181)Amber Brown2019-05-151-5/+1
|
* add options to require an access_token to GET /profile and /publicRooms on ↵Matthew Hodgson2019-05-081-0/+10
| | | | | | | | | | | | | | | | | CS API (#5083) This commit adds two config options: * `restrict_public_rooms_to_local_users` Requires auth to fetch the public rooms directory through the CS API and disables fetching it through the federation API. * `require_auth_for_profile_requests` When set to `true`, requires that requests to `/profile` over the CS API are authenticated, and only returns the user's profile if the requester shares a room with the profile's owner, as per MSC1301. MSC1301 also specifies a behaviour for federation (only returning the profile if the server asking for it shares a room with the profile's owner), but that's currently really non-trivial to do in a not too expensive way. Next step is writing down a MSC that allows a HS to specify which user sent the profile query. In this implementation, Synapse won't send a profile query over federation if it doesn't believe it already shares a room with the profile's owner, though. Groups have been intentionally omitted from this commit.
* Collect room-version variations into one place (#4969)Richard van der Hoff2019-04-011-2/+2
| | | | Collect all the things that make room-versions different to one another into one place, so that it's easier to define new room versions.
* Make federation endpoints more tolerant of trailing slashes v2 (#4935)Andrew Morgan2019-03-261-7/+7
| | | Redo of https://github.com/matrix-org/synapse/pull/4840
* Revert "Make federation endpoints more tolerant of trailing slashes for some ↵Erik Johnston2019-03-141-7/+7
| | | | | | endpoints (#4793)" This reverts commit 290552fd836f4ae2dc1d893a7f72f7fff85365d3.
* Make federation endpoints more tolerant of trailing slashes for some ↵Andrew Morgan2019-03-111-7/+7
| | | | | endpoints (#4793) Server side of a solution towards #3622.
* Remove unnecessary dollar signsAndrew Morgan2019-03-041-22/+22
| | | | | A dollar sign is already appended to the end of each PATH, so there's no need to add one in the PATH declaration as well.
* Make 'event_id' a required parameter in federated state requests (#4741)Amber Brown2019-02-271-2/+2
| | | | | | | | | | | | | | * make 'event_id' a required parameter in federated state requests As per the spec: https://matrix.org/docs/spec/server_server/r0.1.1.html#id40 Signed-off-by: Joseph Weston <joseph@weston.cloud> * add changelog entry for bugfix Signed-off-by: Joseph Weston <joseph@weston.cloud> * Update server.py
* Merge branch 'develop' of github.com:matrix-org/synapse into ↵Andrew Morgan2019-02-261-58/+138
|\ | | | | | | anoa/public_rooms_federate_develop
| * Revert "Prevent showing non-fed rooms in fed /publicRooms"Andrew Morgan2019-02-261-2/+1
| |
| * Merge branch 'develop' of github.com:matrix-org/synapse into ↵Erik Johnston2019-02-251-58/+138
| |\ | | | | | | | | | anoa/public_rooms_federate
| | * Merge pull request #4420 from matrix-org/jaywink/openid-listenerErik Johnston2019-02-111-42/+95
| | |\ | | | | | | | | New listener resource for the federation API "openid/userinfo" endpoint
| | | * Document `servlet_groups` parametersJason Robinson2019-01-231-0/+23
| | | | | | | | | | | | | | | | Signed-off-by: Jason Robinson <jasonr@matrix.org>
| | | * Split federation OpenID userinfo endpoint out of the federation resourceJason Robinson2019-01-231-42/+72
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This allows the OpenID userinfo endpoint to be active even if the federation resource is not active. The OpenID userinfo endpoint is called by integration managers to verify user actions using the client API OpenID access token. Without this verification, the integration manager cannot know that the access token is valid. The OpenID userinfo endpoint will be loaded in the case that either "federation" or "openid" resource is defined. The new "openid" resource is defaulted to active in default configuration. Signed-off-by: Jason Robinson <jasonr@matrix.org>
| | * | Require event format version to parse or create eventsErik Johnston2019-01-251-2/+2
| | | |
| | * | Revert "Require event format version to parse or create events"Erik Johnston2019-01-251-2/+2
| | | |
| | * | Require event format version to parse or create eventsErik Johnston2019-01-231-2/+2
| | |/
| | * Add /v2/invite federation APIErik Johnston2019-01-151-4/+38
| | |
| | * Add groundwork for new versions of federation APIsErik Johnston2019-01-151-2/+4
| | |
| | * Remove the unused /pull federation API (#4118)Amber Brown2018-10-311-9/+0
| | |
| | * Fix incorrect truncation in get_missing_eventsRichard van der Hoff2018-10-161-2/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | It's quite important that get_missing_events returns the *latest* events in the room; however we were pulling event ids out of the database until we got *at least* 10, and then taking the *earliest* of the results. We also shouldn't really be relying on depth, and should be checking the room_id.
| * | Don't restrict non-fed rooms over client APIsAndrew Morgan2019-02-251-1/+2
| | |
* | | Prevent showing non-fed rooms in fed /publicRoomsAndrew Morgan2019-02-261-1/+2
|/ /
* / Fix incorrect truncation in get_missing_eventsRichard van der Hoff2018-10-171-2/+0
|/ | | | | | | | | It's quite important that get_missing_events returns the *latest* events in the room; however we were pulling event ids out of the database until we got *at least* 10, and then taking the *earliest* of the results. We also shouldn't really be relying on depth, and should be checking the room_id.
* Port federation/ to py3 (#3847)Amber Brown2018-09-121-13/+11
|
* Merge branch 'master' into developRichard van der Hoff2018-09-061-1/+1
|\
| * Fix origin handling for pushed transactionsRichard van der Hoff2018-09-051-1/+1
| | | | | | | | | | Use the actual origin for push transactions, rather than whatever the remote server claimed.
* | Log more detail when we fail to authenticate requestErik Johnston2018-08-211-3/+3
| |
* | Don't log exceptions when failing to fetch server keysErik Johnston2018-08-211-2/+2
|/ | | | | Not being able to resolve or connect to remote servers is an expected error, so we shouldn't log at ERROR with stacktraces.
* Enforce compatibility when processing make_join requestsRichard van der Hoff2018-08-031-1/+23
| | | | | | Reject make_join requests from servers which do not support the room version. Also include the room version in the response.
* Docstrings for BaseFederationServletRichard van der Hoff2018-08-031-0/+47
| | | | ... to save me reverse-engineering this stuff again.
* Python 3: Convert some unicode/bytes uses (#3569)Amber Brown2018-08-021-1/+1
|
* Remove pdu_failures from transactionsTravis Ralston2018-07-301-2/+1
| | | The field is never read from, and all the opportunities given to populate it are not utilized. It should be very safe to remove this.
* Update the send_leave path to be an event_idTravis Ralston2018-07-261-2/+2
| | | It's still not used, however the parameter is an event ID not a transaction ID.
* run isortAmber Brown2018-07-091-10/+11
|
* Implementation of server_aclsRichard van der Hoff2018-07-041-2/+6
| | | | | ... as described at https://docs.google.com/document/d/1EttUVzjc2DWe2ciw4XPtNpUpIl9lWXGEsy2ewDS7rtw.
* More server_name validationRichard van der Hoff2018-07-041-2/+3
| | | | | | | | We need to do a bit more validation when we get a server name, but don't want to be re-doing it all over the shop, so factor out a separate parse_and_validate_server_name, and do the extra validation. Also, use it to verify the server name in the config file.
* Reject invalid server names (#3480)Richard van der Hoff2018-07-031-22/+44
| | | | | Make sure that server_names used in auth headers are sane, and reject them with a sensible error code, before they disappear off into the depths of the system.
* Improve exception handling for background processesRichard van der Hoff2018-04-271-3/+10
| | | | | | | | | | | | | | | | | | There were a bunch of places where we fire off a process to happen in the background, but don't have any exception handling on it - instead relying on the unhandled error being logged when the relevent deferred gets garbage-collected. This is unsatisfactory for a number of reasons: - logging on garbage collection is best-effort and may happen some time after the error, if at all - it can be hard to figure out where the error actually happened. - it is logged as a scary CRITICAL error which (a) I always forget to grep for and (b) it's not really CRITICAL if a background process we don't care about fails. So this is an attempt to add exception handling to everything we fire off into the background.
* fix federation_domain_whitelistMatthew Hodgson2018-04-131-6/+6
| | | | we were checking the wrong server_name on inbound requests
* revert last to PR properlyMatthew Hodgson2018-04-131-6/+6
|
* correctly auth inbound federation_domain_whitelist reqsMatthew Hodgson2018-04-131-6/+6
|
* Implement group join APIDavid Baker2018-04-061-0/+18
|
* use PUT instead of POST for federating groups/m.join_policyKrombel2018-04-061-1/+1
|
* Use "/settings/" (plural)Luke Barnard2018-04-051-1/+1
|
* Use join_policy API instead of joinableLuke Barnard2018-04-031-4/+4
| | | | | | | | | | | | | | | | | The API is now under /groups/$group_id/setting/m.join_policy and expects a JSON blob of the shape ```json { "m.join_policy": { "type": "invite" } } ``` where "invite" could alternatively be "open".
* Add joinability for groupsDavid Baker2018-03-281-0/+20
| | | | | Adds API to set the 'joinable' flag, and corresponding flag in the table.
* s/replication_server/federation_serverErik Johnston2018-03-131-1/+1
|
* Split replication layer into twoErik Johnston2018-03-131-1/+1
|
* Add federation_domain_whitelist option (#2820)Matthew Hodgson2018-01-221-1/+8
| | | | | | Add federation_domain_whitelist gives a way to restrict which domains your HS is allowed to federate with. useful mainly for gracefully preventing a private but internet-connected HS from trying to federate to the wider public Matrix network
* Add bracketsErik Johnston2017-11-091-2/+4
|
* Have an explicit API to update room configErik Johnston2017-11-081-1/+22
|
* Revert "Modify group room association API to allow modification of is_public"Erik Johnston2017-11-081-2/+2
|
* Modify group room association API to allow modification of is_publicLuke Barnard2017-10-311-2/+2
| | | | also includes renamings to make things more consistent.
* Merge branch 'develop' of github.com:matrix-org/synapse into ↵Erik Johnston2017-10-241-3/+3
|\ | | | | | | erikj/group_fed_update_profile
| * replace 'except:' with 'except Exception:'Richard van der Hoff2017-10-231-3/+3
| | | | | | | | what could possibly go wrong
* | Correctly wire in update group profile over federationErik Johnston2017-10-231-11/+11
|/
* Fix typoErik Johnston2017-10-191-1/+1
|
* Fix typo in group attestation handlingErik Johnston2017-10-191-1/+1
|
* DelintLuke Barnard2017-10-161-0/+2
|
* Implement GET /groups/$groupId/invited_usersLuke Barnard2017-10-161-1/+17
|
* Add remove room APIErik Johnston2017-09-261-1/+13
|
* Add bulk group publicised lookup APIErik Johnston2017-08-091-0/+17
|
* Add update group profile APIErik Johnston2017-07-201-0/+12
|
* CommentsErik Johnston2017-07-181-1/+1
|
* Correctly parse query paramsErik Johnston2017-07-181-19/+19
|
* CommentsErik Johnston2017-07-181-15/+19
|
* Add local group server supportErik Johnston2017-07-171-0/+44
|
* Ensure category and role ids are non-nullErik Johnston2017-07-141-0/+24
|
* CommentsErik Johnston2017-07-131-0/+8
|
* Add summary APIs to federationErik Johnston2017-07-131-11/+223
|
* Add group summary APIsErik Johnston2017-07-121-0/+17
|
* Add federation API for adding room to groupErik Johnston2017-07-111-0/+18
|
* CommentErik Johnston2017-07-111-0/+14
|
* Initial group server implementationErik Johnston2017-07-101-1/+142
|
* Separate federation servlet into different listsErik Johnston2017-07-051-8/+16
|
* Use preserve_fn and add logsErik Johnston2017-05-051-1/+3
|
* Always mark remotes as up if we receive a signed request from themErik Johnston2017-05-051-0/+7
|
* Implement device key caching over federationErik Johnston2017-01-261-0/+8
|
* Add new API appservice specific public room listErik Johnston2016-12-061-1/+18
|
* Pass since/from parameters over federationErik Johnston2016-09-151-2/+8
|
* Add federation /version APIErik Johnston2016-08-051-1/+17
|
* Change the way we specify if we require auth or notErik Johnston2016-08-051-40/+55
|
* Merge branch 'develop' of github.com:matrix-org/synapse into erikj/state_ids_apiErik Johnston2016-08-041-3/+1
|\
| * E2E keys: Make federation query share code with client queryRichard van der Hoff2016-08-021-3/+1
| | | | | | | | | | Refactor the e2e query handler to separate out the local query, and then make the federation handler use it.
* | Add /state_ids federation APIErik Johnston2016-08-031-0/+12
|/ | | | | The new API only returns the event_ids for the state, as most requesters will already have the vast majority of the events already.
* Linearize some federation endpoints based on (origin, room_id)Erik Johnston2016-06-171-1/+1
|
* Disable responding with canonical json for federationErik Johnston2016-06-171-1/+1
|
* Fix up federation PublicRoomListErik Johnston2016-06-081-1/+1
|
* Enable auth on federation PublicRoomListErik Johnston2016-06-081-5/+0
|
* pep8David Baker2016-06-011-1/+3
|
* Basic, un-cached support for secondary_directory_serversDavid Baker2016-05-311-1/+1
|
* Fix c+p failDavid Baker2016-05-311-17/+0
|
* Add federation room list servletDavid Baker2016-05-311-1/+64
|
* Add an openidish mechanism for proving to third parties that you own a given ↵Mark Haines2016-05-051-1/+46
| | | | user_id
* Fix typo in event_auth servlet pathErik Johnston2016-04-291-1/+1
|
* Intern all the thingsErik Johnston2016-03-231-14/+14
|
* Use parse_json_object_from_request to parse JSON out of request bodiesMark Haines2016-03-111-2/+2
|
* Allow third_party_signed to be specified on /joinDaniel Wagner-Hall2016-02-231-1/+11
|
* Remove redundated BaseHomeServerErik Johnston2016-01-261-32/+50
|
* copyrightsMatthew Hodgson2016-01-071-1/+1
|
* Host /unstable and /r0 versions of r0 APIsDaniel Wagner-Hall2015-12-011-1/+1
|
* Exchange 3pid invites for m.room.member invitesDaniel Wagner-Hall2015-11-051-1/+38
|
* Allow rejecting invitesDaniel Wagner-Hall2015-10-201-0/+20
| | | | | This is done by using the same /leave flow as you would use if you had already accepted the invite and wanted to leave.
* Implement third party identifier invitesDaniel Wagner-Hall2015-10-011-1/+1
|
* Get the end-to-end key federation workingMark Haines2015-07-241-6/+6
|
* Add federation support for end-to-end key requestsMark Haines2015-07-231-0/+20
|
* Log more when we have processed the requestErik Johnston2015-06-151-0/+1
|
* Log where a request came from in federationErik Johnston2015-06-021-0/+2
|
* Log origin and stats of incoming transactionsErik Johnston2015-05-221-0/+8
|
* Add missing servlet to listErik Johnston2015-03-191-0/+1
|
* Count incoming HTTP requests per servlet that respondsPaul "LeoNerd" Evans2015-03-121-0/+4
|
* Appease pep8Paul "LeoNerd" Evans2015-03-051-19/+27
|
* Append a $ on PATH at registration time, meaning each PATH attribute doesn't ↵Paul "LeoNerd" Evans2015-03-051-13/+14
| | | | need it
* Slightly neater(?) arrangement of authentication wrapper for HTTP servlet ↵Paul "LeoNerd" Evans2015-03-051-25/+37
| | | | methods
* Remove the dead 'rate_limit_origin' method from TransportLayerServerPaul "LeoNerd" Evans2015-03-051-6/+0
|
* Move federation API responding code out of weird mix of lambdas into ↵Paul "LeoNerd" Evans2015-03-051-170/+130
| | | | Servlet-style methods on instances
* Merge branch 'develop' of github.com:matrix-org/synapse into batched_get_pduErik Johnston2015-03-021-3/+11
|\
| * Move federation rate limiting out of transport layerErik Johnston2015-02-271-203/+1
| |
| * Document FederationRateLimiterErik Johnston2015-02-271-8/+51
| |
| * Initial implementation of federation server rate limitingErik Johnston2015-02-261-4/+171
| |
* | Implement and use new batched get missing pduErik Johnston2015-02-231-0/+31
|/
* Blunty replace json with simplejsonErik Johnston2015-02-111-1/+1
|
* Initial implementation of auth conflict resolutionErik Johnston2015-01-291-1/+20
|
* Finish renaming "context" to "room_id" in federation codebaseMark Haines2015-01-161-1/+0
|
* Split transport layer into client and server partsMark Haines2015-01-161-0/+328