summary refs log tree commit diff
path: root/synapse/http/site.py (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Re-introduce the outbound federation proxy (#15913)Eric Eastwood2023-07-181-8/+19
| | | | | Allow configuring the set of workers to proxy outbound federation traffic through (`outbound_federation_restricted_to`). This is useful when you have a worker setup with `federation_sender` instances responsible for sending outbound federation requests and want to make sure *all* outbound federation traffic goes through those instances. Before this change, the generic workers would still contact federation themselves for things like profile lookups, backfill, etc. This PR allows you to set more strict access controls/firewall for all workers and only allow the `federation_sender`'s to contact the outside world.
* Revert "Federation outbound proxy" (#15910)Eric Eastwood2023-07-101-18/+8
| | | | | | Revert "Federation outbound proxy (#15773)" This reverts commit b07b14b494ae1dd564b4c44f844c9a9545b3d08a.
* Federation outbound proxy (#15773)Eric Eastwood2023-07-051-8/+18
| | | | | | | Allow configuring the set of workers to proxy outbound federation traffic through (`outbound_federation_restricted_to`). This is useful when you have a worker setup with `federation_sender` instances responsible for sending outbound federation requests and want to make sure *all* outbound federation traffic goes through those instances. Before this change, the generic workers would still contact federation themselves for things like profile lookups, backfill, etc. This PR allows you to set more strict access controls/firewall for all workers and only allow the `federation_sender`'s to contact the outside world. The original code is from @erikjohnston's branches which I've gotten in-shape to merge.
* Add login spam checker API (#15838)Erik Johnston2023-06-261-0/+11
|
* Experimental Unix socket support (#15353)Jason Little2023-04-031-3/+24
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Add IReactorUNIX to ISynapseReactor type hint. * Create listen_unix(). Two options, 'path' to the file and 'mode' of permissions(not umask, recommend 666 as default as nginx/other reverse proxies write to it and it's setup as user www-data) For the moment, leave the option to always create a PID lockfile turned on by default * Create UnixListenerConfig and wire it up. Rename ListenerConfig to TCPListenerConfig, then Union them together into ListenerConfig. This spidered around a bit, but I think I got it all. Metrics and manhole have been placed behind a conditional in case of accidental putting them onto a unix socket. Use new helpers to get if a listener is configured for TLS, and to help create a site tag for logging. There are 2 TODO things in parse_listener_def() to finish up at a later point. * Refactor SynapseRequest to handle logging correctly when using a unix socket. This prevents an exception when an IP address can not be retrieved for a request. * Make the 'Synapse now listening on Unix socket' log line a little prettier. * No silent failures on generic workers when trying to use a unix socket with metrics or manhole. * Inline variables in app/_base.py * Update docstring for listen_unix() to remove reference to a hardcoded permission of 0o666 and add a few comments saying where the default IS declared. * Disallow both a unix socket and a ip/port combo on the same listener resource * Linting * Changelog * review: simplify how listen_unix returns(and get rid of a type: ignore) * review: fix typo from ConfigError in app/homeserver.py * review: roll conditional for http_options.tag into get_site_tag() helper(and add docstring) * review: enhance the conditionals for checking if a port or path is valid, remove a TODO line * review: Try updating comment in get_client_ip_if_available to clarify what is being retrieved and why * Pretty up how 'Synapse now listening on Unix Socket' looks by decoding the byte string. * review: In parse_listener_def(), raise ConfigError if neither socket_path nor port is declared(and fix a typo)
* Remove redundant types from comments. (#14412)Patrick Cloke2022-11-161-1/+1
| | | | | | | Remove type hints from comments which have been added as Python type hints. This helps avoid drift between comments and reality, as well as removing redundant information. Also adds some missing type hints which were simple to fill in.
* Implementation of HTTP 307 response for MSC3886 POST endpoint (#14018)Hugh Nimmo-Smith2022-10-181-0/+3
| | | | Co-authored-by: reivilibre <olivier@librepush.net> Co-authored-by: Andrew Morgan <andrewm@element.io>
* Be able to correlate timeouts in reverse-proxy layer in front of Synapse ↵Eric Eastwood2022-09-151-1/+13
| | | | | | | | | | | | | | | | | | (pull request ID from header) (#13801) Fix https://github.com/matrix-org/synapse/issues/13685 New config: ```diff listeners: - port: 8008 tls: false type: http x_forwarded: true + request_id_header: "cf-ray" bind_addresses: ['::1', '127.0.0.1', '0.0.0.0'] ```
* `synapse.api.auth.Auth` cleanup: make permission-related methods use ↵Quentin Gliech2022-08-221-1/+1
| | | | | | | | | `Requester` instead of the `UserID` (#13024) Part of #13019 This changes all the permission-related methods to rely on the Requester instead of the UserID. This is a first step towards enabling scoped access tokens at some point, since I expect the Requester to have scope-related informations in it. It also changes methods which figure out the user/device/appservice out of the access token to return a Requester instead of something else. This avoids having store-related objects in the methods signatures.
* Capture the `Deferred` for request cancellation in `_AsyncResource` (#12694)Sean Quah2022-05-101-4/+5
| | | | | | | | | | | | | All async request processing goes through `_AsyncResource`, so this is the only place where a `Deferred` needs to be captured for cancellation. Unfortunately, the same isn't true for determining whether a request can be cancelled. Each of `RestServlet`, `BaseFederationServlet`, `DirectServe{Html,Json}Resource` and `ReplicationEndpoint` have different wrappers around the method doing the request handling and they all need to be handled separately. Signed-off-by: Sean Quah <seanq@element.io>
* Add ability to cancel disconnected requests to `SynapseRequest` (#12588)Sean Quah2022-05-101-1/+23
| | | | Signed-off-by: Sean Quah <seanq@element.io>
* Use `getClientAddress` instead of `getClientIP`. (#12599)Patrick Cloke2022-05-041-3/+3
| | | | | getClientIP was deprecated in Twisted 18.4.0, which also added getClientAddress. The Synapse minimum version for Twisted is currently 18.9.0, so all supported versions have the new API.
* Don't print HTTPStatus.* in "Processed..." logs (#11827)David Robertson2022-01-261-1/+4
| | | | | | | | | * Don't print HTTPStatus.* in "Processed..." logs Fixes #11812. See also #7118 and https://github.com/matrix-org/synapse/pull/7188#r401719326 in particular. Co-authored-by: Brendan Abolivier <babolivier@matrix.org>
* Use auto_attribs/native type hints for attrs classes. (#11692)Patrick Cloke2022-01-131-2/+2
|
* Improve opentracing for incoming HTTP requests (#11618)Richard van der Hoff2021-12-201-1/+29
| | | | | | | | | | | | | | | | | | | | | | * remove `start_active_span_from_request` Instead, pull out a separate function, `span_context_from_request`, to extract the parent span, which we can then pass into `start_active_span` as normal. This seems to be clearer all round. * Remove redundant tags from `incoming-federation-request` These are all wrapped up inside a parent span generated in AsyncResource, so there's no point duplicating all the tags that are set there. * Leave request spans open until the request completes It may take some time for the response to be encoded into JSON, and that JSON to be streamed back to the client, and really we want that inside the top-level span, so let's hand responsibility for closure to the SynapseRequest. * opentracing logs for HTTP request events * changelog
* Add missing type hints to synapse.http. (#11571)Patrick Cloke2021-12-141-4/+4
|
* Add reactor to `SynapseRequest` and fix up types. (#10868)Erik Johnston2021-09-241-13/+24
|
* Add types to http.site (#10867)Erik Johnston2021-09-211-18/+22
|
* Change logging of puppeted requests to better differentiate users (#10779)Erik Johnston2021-09-081-1/+1
| | | This used to be a comma and got accidentally changed to a period in #9654, but a pipe character is more easier to parse visually.
* [pyupgrade] `synapse/` (#10348)Jonathan de Jong2021-07-191-1/+1
| | | | | | | | | This PR is tantamount to running ``` pyupgrade --py36-plus --keep-percent-format `find synapse/ -type f -name "*.py"` ``` Part of #9744
* Use inline type hints in various other places (in `synapse/`) (#10380)Jonathan de Jong2021-07-151-7/+7
|
* Log method and path when dropping request due to size limit (#10091)Erik Johnston2021-05-281-1/+3
|
* Improved validation for received requests (#9817)Richard van der Hoff2021-04-231-5/+27
| | | | | | * Simplify `start_listening` callpath * Correctly check the size of uploaded files
* pass a reactor into SynapseSite (#9874)Richard van der Hoff2021-04-231-9/+28
|
* Bump black configuration to target py36 (#9781)Dan Callahan2021-04-131-1/+1
| | | Signed-off-by: Dan Callahan <danc@element.io>
* Record more information into structured logs. (#9654)Patrick Cloke2021-04-081-24/+88
| | | | Records additional request information into the structured logs, e.g. the requester, IP address, etc.
* Fix additional type hints from Twisted upgrade. (#9518)Patrick Cloke2021-03-031-12/+23
|
* Add support for X-Forwarded-Proto (#9472)Richard van der Hoff2021-02-241-15/+70
| | | | | rewrite XForwardedForRequest to set `isSecure()` based on `X-Forwarded-Proto`. Also implement `getClientAddress()` while we're here.
* Update black, and run auto formatting over the codebase (#9381)Eric Eastwood2021-02-161-5/+4
| | | | | | | - Update black version to the latest - Run black auto formatting over the codebase - Run autoformatting according to [`docs/code_style.md `](https://github.com/matrix-org/synapse/blob/80d6dc9783aa80886a133756028984dbf8920168/docs/code_style.md) - Update `code_style.md` docs around installing black to use the correct version
* Remove SynapseRequest.get_user_agent (#9069)Richard van der Hoff2021-01-121-16/+2
| | | | | | | | | | | SynapseRequest is in danger of becoming a bit of a dumping-ground for "useful stuff relating to Requests", which isn't really its intention (its purpose is to override render, finished and connectionLost to set up the LoggingContext and write the right entries to the request log). Putting utility functions inside SynapseRequest means that lots of our code ends up requiring a SynapseRequest when there is nothing synapse-specific about the Request at all, and any old twisted.web.iweb.IRequest will do. This increases code coupling and makes testing more difficult. In short: move get_user_agent out to a utility function.
* Various clean-ups to the logging context code (#8935)Patrick Cloke2020-12-141-2/+1
|
* Add ability for access tokens to belong to one user but grant access to ↵Erik Johnston2020-10-291-7/+23
| | | | | | | | | | another user. (#8616) We do it this way round so that only the "owner" can delete the access token (i.e. `/logout/all` by the "owner" also deletes that token, but `/logout/all` by the "target user" doesn't). A future PR will add an API for creating such a token. When the target user and authenticated entity are different the `Processed request` log line will be logged with a: `{@admin:server as @bob:server} ...`. I'm not convinced by that format (especially since it adds spaces in there, making it harder to use `cut -d ' '` to chop off the start of log lines). Suggestions welcome.
* Fix typos and spelling errors. (#8639)Patrick Cloke2020-10-231-1/+3
|
* Fix handling of User-Agent headers with bad utf-8. (#8632)Erik Johnston2020-10-231-7/+9
|
* Don't log OPTIONS request at INFO (#8049)Erik Johnston2020-08-071-1/+7
|
* Add health check endpoint (#8048)Erik Johnston2020-08-071-1/+8
|
* Convert run_as_background_process inner function to async. (#8032)Patrick Cloke2020-08-061-3/+2
|
* Downgrade warning on client disconnect to INFO (#7928)Richard van der Hoff2020-07-241-3/+1
| | | | Clients disconnecting before we finish processing the request happens from time to time. We don't need to yell about it
* Create a ListenerConfig object (#7681)Richard van der Hoff2020-06-161-2/+4
| | | | | | | | | | This ended up being a bit more invasive than I'd hoped for (not helped by generic_worker duplicating some of the code from homeserver), but hopefully it's an improvement. The idea is that, rather than storing unstructured `dict`s in the config for the listener configurations, we instead parse it into a structured `ListenerConfig` object.
* mypy for synapse.http.site (#7553)Richard van der Hoff2020-05-221-3/+6
|
* Workaround for failure to wrap reason in Failure (#7473)Andrew Morgan2020-05-141-0/+7
|
* Fix "'NoneType' has no attribute start|stop" logcontext errors (#7181)Richard van der Hoff2020-03-311-7/+6
| | | | Fixes #7179.
* Reduce amount of logging at INFO level. (#6862)Erik Johnston2020-02-061-1/+1
| | | | | | | | A lot of the things we log at INFO are now a bit superfluous, so lets make them DEBUG logs to reduce the amount we log by default. Co-Authored-By: Brendan Abolivier <babolivier@matrix.org> Co-authored-by: Brendan Abolivier <github@brendanabolivier.com>
* Fix exceptions on requests for non-ascii urls (#6682)Richard van der Hoff2020-01-131-1/+1
| | | Fixes #6402
* Kill off redundant SynapseRequestFactory (#6619)Richard van der Hoff2020-01-031-15/+3
| | | | We already get the Site via the Channel, so there's no need for a dedicated RequestFactory: we can just use the right constructor.
* Remove usage of deprecated logger.warn method from codebase (#6271)Andrew Morgan2019-10-311-2/+2
| | | Replace every instance of `logger.warn` with `logger.warning` as the former is deprecated.
* Move logging utilities out of the side drawer of util/ and into logging/ (#5606)Amber Brown2019-07-041-1/+1
|
* Run Black. (#5482)Amber Brown2019-06-201-17/+31
|
* Fix error when logging incomplete requestsErik Johnston2018-10-021-6/+21
| | | | | | | | | | If a connection is lost before a request is read from Request, Twisted sets `method` (and `uri`) attributes to dummy values. These dummy values have incorrect types (i.e. they're not bytes), and so things like `__repr__` would raise an exception. To fix this we had a helper method to return the method with a consistent type.
* Fix client IPs being broken on Python 3 (#3908)Amber Brown2018-09-201-1/+1
|
* Add a regression test for logging on failed connections (#3912)Amber Brown2018-09-201-2/+2
|
* Fix more b'abcd' noise in metricsRichard van der Hoff2018-09-171-1/+1
|
* Fix some b'abcd' noise in logs and metricsRichard van der Hoff2018-09-171-4/+4
| | | | | Python 3 compatibility: make sure that we decode some byte sequences before we use them to create log lines and metrics labels.
* fixAmber Brown2018-09-141-1/+4
|
* fixAmber Brown2018-09-141-1/+1
|
* Port http/ to Python 3 (#3771)Amber Brown2018-09-061-2/+2
|
* Fix exceptions when a connection is closed before we read the headersRichard van der Hoff2018-08-201-1/+7
| | | | | This fixes bugs introduced in #3700, by making sure that we behave sanely when an incoming connection is closed before the headers are read.
* Port over enough to get some sytests running on Python 3 (#3668)Amber Brown2018-08-201-2/+2
|
* Refactor request logging codeRichard van der Hoff2018-08-151-45/+156
| | | | | | | | | | | | | | | This commit moves a bunch of the logic for deciding when to log the receipt and completion of HTTP requests into SynapseRequest, rather than in the request handling wrappers. Advantages of this are: * we get logs for *all* requests (including OPTIONS and HEADs), rather than just those that end up hitting handlers we've remembered to decorate correctly. * when a request handler wires up a Producer (as the media stuff does currently, and as other things will do soon), we log at the point that all of the traffic has been sent to the client.
* Refactor REST API tests to use explicit reactors (#3351)Amber Brown2018-07-171-2/+3
|
* check isort by travisKrombel2018-07-161-1/+1
|
* Refactor logcontext resource usage tracking (#3501)Richard van der Hoff2018-07-101-15/+9
| | | | | Factor out the resource usage tracking out to a separate object, which can be passed around and copied independently of the logcontext itself.
* run isortAmber Brown2018-07-091-1/+1
|
* replace invalid utf8 with \ufffdMatthew Hodgson2018-07-021-2/+2
|
* a fix which doesn't NPE everywhereMatthew Hodgson2018-07-011-9/+17
|
* don't mix unicode strings with utf8-in-byte-stringsMatthew Hodgson2018-07-011-2/+9
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | otherwise we explode with: ``` Traceback (most recent call last): File /usr/lib/python2.7/logging/handlers.py, line 78, in emit logging.FileHandler.emit(self, record) File /usr/lib/python2.7/logging/__init__.py, line 950, in emit StreamHandler.emit(self, record) File /usr/lib/python2.7/logging/__init__.py, line 887, in emit self.handleError(record) File /usr/lib/python2.7/logging/__init__.py, line 810, in handleError None, sys.stderr) File /usr/lib/python2.7/traceback.py, line 124, in print_exception _print(file, 'Traceback (most recent call last):') File /usr/lib/python2.7/traceback.py, line 13, in _print file.write(str+terminator) File /home/matrix/.synapse/local/lib/python2.7/site-packages/twisted/logger/_io.py, line 170, in write self.log.emit(self.level, format=u{log_io}, log_io=line) File /home/matrix/.synapse/local/lib/python2.7/site-packages/twisted/logger/_logger.py, line 144, in emit self.observer(event) File /home/matrix/.synapse/local/lib/python2.7/site-packages/twisted/logger/_observer.py, line 136, in __call__ errorLogger = self._errorLoggerForObserver(brokenObserver) File /home/matrix/.synapse/local/lib/python2.7/site-packages/twisted/logger/_observer.py, line 156, in _errorLoggerForObserver if obs is not observer File /home/matrix/.synapse/local/lib/python2.7/site-packages/twisted/logger/_observer.py, line 81, in __init__ self.log = Logger(observer=self) File /home/matrix/.synapse/local/lib/python2.7/site-packages/twisted/logger/_logger.py, line 64, in __init__ namespace = self._namespaceFromCallingContext() File /home/matrix/.synapse/local/lib/python2.7/site-packages/twisted/logger/_logger.py, line 42, in _namespaceFromCallingContext return currentframe(2).f_globals[__name__] File /home/matrix/.synapse/local/lib/python2.7/site-packages/twisted/python/compat.py, line 93, in currentframe for x in range(n + 1): RuntimeError: maximum recursion depth exceeded while calling a Python object Logged from file site.py, line 129 File /usr/lib/python2.7/logging/__init__.py, line 859, in emit msg = self.format(record) File /usr/lib/python2.7/logging/__init__.py, line 732, in format return fmt.format(record) File /usr/lib/python2.7/logging/__init__.py, line 471, in format record.message = record.getMessage() File /usr/lib/python2.7/logging/__init__.py, line 335, in getMessage msg = msg % self.args UnicodeDecodeError: 'ascii' codec can't decode byte 0xe2 in position 4: ordinal not in range(128) Logged from file site.py, line 129 ``` ...where the logger apparently recurses whilst trying to log the error, hitting the maximum recursion depth and killing everything badly.
* Log number of events fetched from DBRichard van der Hoff2018-06-211-1/+4
| | | | | | | | | | When we finish processing a request, log the number of events we fetched from the database to handle it. [I'm trying to figure out which requests are responsible for large amounts of event cache churn. It may turn out to be more helpful to add counts to the prometheus per-request/block metrics, but that is an extension to this code anyway.]
* factor out uri redaction into a method on httpMichael Telatynski2018-06-051-7/+2
|
* update metrics to be in secondsAmber Brown2018-05-281-10/+10
|
* Merge pull request #3246 from NotAFile/py3-repr-stringAmber Brown2018-05-241-1/+1
|\ | | | | use repr, not str
| * use repr, not strAdrian Tschira2018-05-191-1/+1
| | | | | | | | Signed-off-by: Adrian Tschira <nota@notafile.com>
* | Add in flight request metricsErik Johnston2018-05-211-1/+3
|/ | | | | This tracks CPU and DB usage while requests are in flight, rather than when we write the response.
* Set Server header in SynapseRequestRichard van der Hoff2018-05-101-1/+10
| | | | | | | | | | | | (instead of everywhere that writes a response. Or rather, the subset of places which write responses where we haven't forgotten it). This also means that we don't have to have the mysterious version_string attribute in anything with a request handler. Unfortunately it does mean that we have to pass the version string wherever we instantiate a SynapseSite, which has been c&ped 150 times, but that is code that ought to be cleaned up anyway really.
* Move RequestMetrics handling into SynapseRequest.processing()Richard van der Hoff2018-05-101-11/+58
| | | | | It fits quite nicely here, and opens the path to getting rid of the "include_metrics" mess.
* Move request_id management into SynapseRequestRichard van der Hoff2018-05-101-0/+9
|
* Add b prefixes to some strings that are bytes in py3Adrian Tschira2018-04-041-3/+3
| | | | | | This has no effect on python2 Signed-off-by: Adrian Tschira <nota@notafile.com>
* Track DB scheduling delay per-requestRichard van der Hoff2018-01-161-1/+3
| | | | | | For each request, track the amount of time spent waiting for a db connection. This entails adding it to the LoggingContext and we may as well add metrics for it while we are passing.
* Track db txn time in millisecsRichard van der Hoff2018-01-161-3/+3
| | | | ... to reduce the amount of floating-point foo we do.
* replace 'except:' with 'except Exception:'Richard van der Hoff2017-10-231-1/+1
| | | | what could possibly go wrong
* Move SynapseSite to its own fileMark Haines2016-04-221-0/+146