Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Validate input to POST /key/v2/query endpoint. (#16183) | Patrick Cloke | 2023-08-25 | 1 | -10/+29 |
| | | | To avoid 500 internal server errors with garbage input. | ||||
* | Add cache to `get_server_keys_json_for_remote` (#16123) | Erik Johnston | 2023-08-18 | 1 | -19/+25 |
| | |||||
* | Declare support for Matrix 1.6 (#15559) | Patrick Cloke | 2023-05-12 | 2 | -1/+21 |
| | | | | | | | Adds logging for key server requests which include a key ID. This is technically in violation of the 1.6 spec, but is the only way to remain backwards compatibly with earlier versions of Synapse (and possibly other homeservers) which *did* include the key ID. | ||||
* | Modify StoreKeyFetcher to read from server_keys_json. (#15417) | Patrick Cloke | 2023-04-20 | 1 | -1/+1 |
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Before this change: * `PerspectivesKeyFetcher` and `ServerKeyFetcher` write to `server_keys_json`. * `PerspectivesKeyFetcher` also writes to `server_signature_keys`. * `StoreKeyFetcher` reads from `server_signature_keys`. After this change: * `PerspectivesKeyFetcher` and `ServerKeyFetcher` write to `server_keys_json`. * `PerspectivesKeyFetcher` also writes to `server_signature_keys`. * `StoreKeyFetcher` reads from `server_keys_json`. This results in `StoreKeyFetcher` now using the results from `ServerKeyFetcher` in addition to those from `PerspectivesKeyFetcher`, i.e. keys which are directly fetched from a server will now be pulled from the database instead of refetched. An additional minor change is included to avoid creating a `PerspectivesKeyFetcher` (and checking it) if no `trusted_key_servers` are configured. The overall impact of this should be better usage of cached results: * If a server has no trusted key servers configured then it should reduce how often keys are fetched. * if a server's trusted key server does not have a requested server's keys cached then it should reduce how often keys are directly fetched. | ||||
* | Add a primitive helper script for listing worker endpoints. (#15243) | reivilibre | 2023-03-23 | 1 | -0/+2 |
| | | | | Co-authored-by: Patrick Cloke <patrickc@matrix.org> | ||||
* | Use servlets for /key/ endpoints. (#14229) | Patrick Cloke | 2022-10-20 | 3 | -50/+64 |
| | | | | | To fix the response for unknown endpoints under that prefix. See MSC3743. | ||||
* | Implementation of HTTP 307 response for MSC3886 POST endpoint (#14018) | Hugh Nimmo-Smith | 2022-10-18 | 1 | -2/+2 |
| | | | | Co-authored-by: reivilibre <olivier@librepush.net> Co-authored-by: Andrew Morgan <andrewm@element.io> | ||||
* | Return keys for unwhitelisted servers from `/_matrix/key/v2/query` (#13683) | Richard van der Hoff | 2022-09-01 | 1 | -20/+21 |
| | |||||
* | Fix typechecker problems exposed by signedjson 1.1.2 (#12326) | David Robertson | 2022-03-29 | 2 | -10/+10 |
| | |||||
* | Remove `HomeServer.get_datastore()` (#12031) | Richard van der Hoff | 2022-02-23 | 1 | -1/+1 |
| | | | | | | | The presence of this method was confusing, and mostly present for backwards compatibility. Let's get rid of it. Part of #11733 | ||||
* | Add missing type hints to synapse.http. (#11571) | Patrick Cloke | 2021-12-14 | 1 | -2/+2 |
| | |||||
* | Add reactor to `SynapseRequest` and fix up types. (#10868) | Erik Johnston | 2021-09-24 | 1 | -5/+4 |
| | |||||
* | Use direct references for configuration variables (part 4). (#10893) | Patrick Cloke | 2021-09-23 | 2 | -7/+9 |
| | |||||
* | Add missing type hints to non-client REST servlets. (#10817) | Patrick Cloke | 2021-09-15 | 3 | -15/+37 |
| | | | | Including admin, consent, key, synapse, and media. All REST servlets (the synapse.rest module) now require typed method definitions. | ||||
* | Use direct references for some configuration variables (#10798) | Patrick Cloke | 2021-09-13 | 2 | -3/+5 |
| | | | | Instead of proxying through the magic getter of the RootConfig object. This should be more performant (and is more explicit). | ||||
* | Use inline type hints in `handlers/` and `rest/`. (#10382) | Jonathan de Jong | 2021-07-16 | 1 | -2/+2 |
| | |||||
* | Rewrite the KeyRing (#10035) | Erik Johnston | 2021-06-02 | 1 | -1/+8 |
| | |||||
* | Remove tls_fingerprints option (#9280) | Jerin J Titus | 2021-05-24 | 2 | -11/+0 |
| | | | | Signed-off-by: Jerin J Titus <72017981+jerinjtitus@users.noreply.github.com> | ||||
* | Fix (final) Bugbear violations (#9838) | Jonathan de Jong | 2021-04-20 | 1 | -2/+2 |
| | |||||
* | Remove redundant "coding: utf-8" lines (#9786) | Jonathan de Jong | 2021-04-14 | 3 | -3/+0 |
| | | | | | | | Part of #9744 Removes all redundant `# -*- coding: utf-8 -*-` lines from files, as python 3 automatically reads source code as utf-8 now. `Signed-off-by: Jonathan de Jong <jonathan@automatia.nl>` | ||||
* | Add type hints to the crypto module. (#8999) | Patrick Cloke | 2021-01-04 | 1 | -4/+5 |
| | |||||
* | Simplify the way the `HomeServer` object caches its internal attributes. ↵ | Jonathan de Jong | 2020-11-30 | 1 | -1/+1 |
| | | | | | (#8565) Changes `@cache_in_self` to use underscore-prefixed attributes. | ||||
* | Fix typos in comments. | Patrick Cloke | 2020-09-14 | 1 | -1/+1 |
| | |||||
* | Be stricter about JSON that is accepted by Synapse (#8106) | Patrick Cloke | 2020-08-19 | 1 | -3/+5 |
| | |||||
* | Iteratively encode JSON responses to avoid blocking the reactor. (#8013) | Patrick Cloke | 2020-08-18 | 1 | -3/+3 |
| | |||||
* | Ensure that calls to `json.dumps` are compatible with the standard library ↵ | Patrick Cloke | 2020-07-15 | 1 | -1/+3 |
| | | | | json. (#7836) | ||||
* | Merge different Resource implementation classes (#7732) | Erik Johnston | 2020-07-03 | 1 | -8/+4 |
| | |||||
* | Convert remote key resource REST layer to async/await. (#7020) | Patrick Cloke | 2020-03-05 | 1 | -7/+4 |
| | |||||
* | Clarify list/set/dict/tuple comprehensions and enforce via flake8 (#6957) | Patrick Cloke | 2020-02-21 | 1 | -1/+1 |
| | | | | Ensure good comprehension hygiene using flake8-comprehensions. | ||||
* | Fixup synapse.rest to pass mypy (#6732) | Erik Johnston | 2020-01-20 | 1 | -2/+3 |
| | |||||
* | Back out ill-advised notary server hackery (#6657) | Richard van der Hoff | 2020-01-08 | 1 | -22/+8 |
| | | | | | | | | | | | This was ill-advised. We can't modify verify_keys here, because the response object has already been signed by the requested key. Furthermore, it's somewhat unnecessary because existing versions of Synapse (which get upset that the notary key isn't present in verify_keys) will fall back to a direct fetch via `/key/v2/server`. Also: more tests for fetching keys via perspectives: it would be nice if we actually tested when our fetcher can't talk to our notary impl. | ||||
* | Workaround for error when fetching notary's own key (#6620) | Richard van der Hoff | 2020-01-06 | 1 | -8/+22 |
| | | | | | | | | | | | | | | * Kill off redundant SynapseRequestFactory We already get the Site via the Channel, so there's no need for a dedicated RequestFactory: we can just use the right constructor. * Workaround for error when fetching notary's own key As a notary server, when we return our own keys, include all of our signing keys in verify_keys. This is a workaround for #6596. | ||||
* | Update black to 19.10b0 (#6304) | Amber Brown | 2019-11-01 | 1 | -1/+1 |
| | | | * update version of black and also fix the mypy config being overridden | ||||
* | Fixup review comments | Erik Johnston | 2019-08-23 | 1 | -2/+2 |
| | |||||
* | Only sign when we respond to remote key requests | Erik Johnston | 2019-08-21 | 1 | -13/+15 |
| | |||||
* | Make the http server handle coroutine-making REST servlets (#5475) | Amber Brown | 2019-06-29 | 1 | -18/+10 |
| | |||||
* | Run Black. (#5482) | Amber Brown | 2019-06-20 | 2 | -46/+38 |
| | |||||
* | Notary server: make requests to origins in parallel | Richard van der Hoff | 2019-06-04 | 1 | -10/+2 |
| | | | | ... else we're guaranteed to time out. | ||||
* | Fix remote_key_resource | Richard van der Hoff | 2019-05-23 | 1 | -3/+3 |
| | |||||
* | Remove deprecated v1 key exchange endpoint (#4119) | Amber Brown | 2018-10-31 | 2 | -106/+0 |
| | |||||
* | Port rest/ to Python 3 (#3823) | Amber Brown | 2018-09-12 | 3 | -5/+7 |
| | |||||
* | run isort | Amber Brown | 2018-07-09 | 4 | -17/+20 |
| | |||||
* | Set Server header in SynapseRequest | Richard van der Hoff | 2018-05-10 | 3 | -6/+0 |
| | | | | | | | | | | | | (instead of everywhere that writes a response. Or rather, the subset of places which write responses where we haven't forgotten it). This also means that we don't have to have the mysterious version_string attribute in anything with a request handler. Unfortunately it does mean that we have to pass the version string wherever we instantiate a SynapseSite, which has been c&ped 150 times, but that is code that ought to be cleaned up anyway really. | ||||
* | Remove redundant request_handler decorator | Richard van der Hoff | 2018-05-10 | 1 | -3/+5 |
| | | | | | | This is needless complexity; we might as well use the wrapper directly. Also rename wrap_request_handler->wrap_json_request_handler. | ||||
* | Add federation_domain_whitelist option (#2820) | Matthew Hodgson | 2018-01-22 | 1 | -0/+8 |
| | | | | | | Add federation_domain_whitelist gives a way to restrict which domains your HS is allowed to federate with. useful mainly for gracefully preventing a private but internet-connected HS from trying to federate to the wider public Matrix network | ||||
* | replace 'except:' with 'except Exception:' | Richard van der Hoff | 2017-10-23 | 1 | -1/+1 |
| | | | | what could possibly go wrong | ||||
* | Fix code for reporting old verify keys in synapse | Mark Haines | 2017-04-24 | 1 | -3/+2 |
| | |||||
* | Improve comment formatting | Mark Haines | 2016-10-12 | 1 | -3/+6 |
| | |||||
* | Add config option for adding additional TLS fingerprints | Mark Haines | 2016-10-11 | 1 | -12/+4 |
| | |||||
* | Don't print stack traces when failing to get remote keys | Erik Johnston | 2016-08-10 | 1 | -1/+3 |
| | |||||
* | Report per request metrics for all of the things using request_handler | Mark Haines | 2016-04-28 | 2 | -3/+2 |
| | |||||
* | Use parse_json_object_from_request to parse JSON out of request bodies | Mark Haines | 2016-03-11 | 1 | -10/+2 |
| | |||||
* | copyrights | Matthew Hodgson | 2016-01-07 | 6 | -6/+6 |
| | |||||
* | Remove syutil dependency in favour of smaller single-purpose libraries | Mark Haines | 2015-08-24 | 2 | -6/+6 |
| | |||||
* | Implement minimum_valid_until_ts in the remote key resource | Mark Haines | 2015-04-29 | 1 | -4/+55 |
| | |||||
* | Copyright notice | Mark Haines | 2015-04-24 | 1 | -0/+14 |
| | |||||
* | Update to match the specification for key/v2 | Mark Haines | 2015-04-23 | 2 | -19/+24 |
| | |||||
* | Implement remote key lookup api | Mark Haines | 2015-04-22 | 3 | -8/+185 |
| | |||||
* | Implement v2 key lookup | Mark Haines | 2015-04-20 | 1 | -1/+3 |
| | |||||
* | Return a sha256 fingerprint rather than the entire tls certificate | Mark Haines | 2015-04-14 | 1 | -2/+8 |
| | |||||
* | Add a version 2 of the key server api | Mark Haines | 2015-04-14 | 2 | -0/+137 |
| | |||||
* | Move server key api into rest/key/v1 | Mark Haines | 2015-04-14 | 3 | -0/+121 |