Hot-Reloading Refactor

Signed-off-by: Jason Volk <jason@zemos.net>
2024-05-09 15:59:08 -07:00 · 2024-05-09 15:59:08 -07:00 · 6c1434c165
commit 6c1434c165
parent ae1a4fd283
212 changed files with 5679 additions and 4206 deletions
--- a/src/core/config/check.rs
+++ b/src/core/config/check.rs
@ -0,0 +1,170 @@
+#[cfg(unix)]
+use std::path::Path; // not unix specific, just only for UNIX sockets stuff and *nix container checks
+
+use tracing::{debug, error, info, warn};
+
+use crate::{error::Error, Config};
+
+pub fn check(config: &Config) -> Result<(), Error> {
+	config.warn_deprecated();
+	config.warn_unknown_key();
+
+	if config.sentry && config.sentry_endpoint.is_none() {
+		return Err(Error::bad_config("Sentry cannot be enabled without an endpoint set"));
+	}
+
+	if cfg!(feature = "hardened_malloc") && cfg!(feature = "jemalloc") {
+		warn!(
+			"hardened_malloc and jemalloc were built together, this causes neither to be used. Conduwuit will still \
+			 function, but consider rebuilding and pick one as this is now no-op."
+		);
+	}
+
+	if config.unix_socket_path.is_some() && !cfg!(unix) {
+		return Err(Error::bad_config(
+			"UNIX socket support is only available on *nix platforms. Please remove \"unix_socket_path\" from your \
+			 config.",
+		));
+	}
+
+	if config.address.is_loopback() && cfg!(unix) {
+		debug!(
+			"Found loopback listening address {}, running checks if we're in a container.",
+			config.address
+		);
+
+		#[cfg(unix)]
+		if Path::new("/proc/vz").exists() /* Guest */ && !Path::new("/proc/bz").exists()
+		/* Host */
+		{
+			error!(
+				"You are detected using OpenVZ with a loopback/localhost listening address of {}. If you are using \
+				 OpenVZ for containers and you use NAT-based networking to communicate with the host and guest, this \
+				 will NOT work. Please change this to \"0.0.0.0\". If this is expected, you can ignore.",
+				config.address
+			);
+		}
+
+		#[cfg(unix)]
+		if Path::new("/.dockerenv").exists() {
+			error!(
+				"You are detected using Docker with a loopback/localhost listening address of {}. If you are using a \
+				 reverse proxy on the host and require communication to conduwuit in the Docker container via \
+				 NAT-based networking, this will NOT work. Please change this to \"0.0.0.0\". If this is expected, \
+				 you can ignore.",
+				config.address
+			);
+		}
+
+		#[cfg(unix)]
+		if Path::new("/run/.containerenv").exists() {
+			error!(
+				"You are detected using Podman with a loopback/localhost listening address of {}. If you are using a \
+				 reverse proxy on the host and require communication to conduwuit in the Podman container via \
+				 NAT-based networking, this will NOT work. Please change this to \"0.0.0.0\". If this is expected, \
+				 you can ignore.",
+				config.address
+			);
+		}
+	}
+
+	// rocksdb does not allow max_log_files to be 0
+	if config.rocksdb_max_log_files == 0 && cfg!(feature = "rocksdb") {
+		return Err(Error::bad_config(
+			"When using RocksDB, rocksdb_max_log_files cannot be 0. Please set a value at least 1.",
+		));
+	}
+
+	// yeah, unless the user built a debug build hopefully for local testing only
+	if config.server_name == "your.server.name" && !cfg!(debug_assertions) {
+		return Err(Error::bad_config(
+			"You must specify a valid server name for production usage of conduwuit.",
+		));
+	}
+
+	if cfg!(debug_assertions) {
+		info!("Note: conduwuit was built without optimisations (i.e. debug build)");
+	}
+
+	// check if the user specified a registration token as `""`
+	if config.registration_token == Some(String::new()) {
+		return Err(Error::bad_config("Registration token was specified but is empty (\"\")"));
+	}
+
+	if config.max_request_size < 5120000 {
+		return Err(Error::bad_config("Max request size is less than 5MB. Please increase it."));
+	}
+
+	// check if user specified valid IP CIDR ranges on startup
+	for cidr in &config.ip_range_denylist {
+		if let Err(e) = ipaddress::IPAddress::parse(cidr) {
+			error!("Error parsing specified IP CIDR range from string: {e}");
+			return Err(Error::bad_config("Error parsing specified IP CIDR ranges from strings"));
+		}
+	}
+
+	if config.allow_registration
+		&& !config.yes_i_am_very_very_sure_i_want_an_open_registration_server_prone_to_abuse
+		&& config.registration_token.is_none()
+	{
+		return Err(Error::bad_config(
+			"!! You have `allow_registration` enabled without a token configured in your config which means you are \
+			 allowing ANYONE to register on your conduwuit instance without any 2nd-step (e.g. registration token).\n
+If this is not the intended behaviour, please set a registration token with the `registration_token` config option.\n
+For security and safety reasons, conduwuit will shut down. If you are extra sure this is the desired behaviour you \
+			 want, please set the following config option to true:
+`yes_i_am_very_very_sure_i_want_an_open_registration_server_prone_to_abuse`",
+		));
+	}
+
+	if config.allow_registration
+		&& config.yes_i_am_very_very_sure_i_want_an_open_registration_server_prone_to_abuse
+		&& config.registration_token.is_none()
+	{
+		warn!(
+			"Open registration is enabled via setting \
+			 `yes_i_am_very_very_sure_i_want_an_open_registration_server_prone_to_abuse` and `allow_registration` to \
+			 true without a registration token configured. You are expected to be aware of the risks now.\n
+    If this is not the desired behaviour, please set a registration token."
+		);
+	}
+
+	if config.allow_outgoing_presence && !config.allow_local_presence {
+		return Err(Error::bad_config(
+			"Outgoing presence requires allowing local presence. Please enable \"allow_local_presence\".",
+		));
+	}
+
+	if config
+		.url_preview_domain_contains_allowlist
+		.contains(&"*".to_owned())
+	{
+		warn!(
+			"All URLs are allowed for URL previews via setting \"url_preview_domain_contains_allowlist\" to \"*\". \
+			 This opens up significant attack surface to your server. You are expected to be aware of the risks by \
+			 doing this."
+		);
+	}
+	if config
+		.url_preview_domain_explicit_allowlist
+		.contains(&"*".to_owned())
+	{
+		warn!(
+			"All URLs are allowed for URL previews via setting \"url_preview_domain_explicit_allowlist\" to \"*\". \
+			 This opens up significant attack surface to your server. You are expected to be aware of the risks by \
+			 doing this."
+		);
+	}
+	if config
+		.url_preview_url_contains_allowlist
+		.contains(&"*".to_owned())
+	{
+		warn!(
+			"All URLs are allowed for URL previews via setting \"url_preview_url_contains_allowlist\" to \"*\". This \
+			 opens up significant attack surface to your server. You are expected to be aware of the risks by doing \
+			 this."
+		);
+	}
+
+	Ok(())
+}
--- a/src/core/config/mod.rs
+++ b/src/core/config/mod.rs
--- a/src/core/config/proxy.rs
+++ b/src/core/config/proxy.rs
@ -0,0 +1,148 @@
+use reqwest::{Proxy, Url};
+use serde::Deserialize;
+
+use crate::Result;
+
+/// ## Examples:
+/// - No proxy (default):
+/// ```toml
+/// proxy ="none"
+/// ```
+/// - Global proxy
+/// ```toml
+/// [global.proxy]
+/// global = { url = "socks5h://localhost:9050" }
+/// ```
+/// - Proxy some domains
+/// ```toml
+/// [global.proxy]
+/// [[global.proxy.by_domain]]
+/// url = "socks5h://localhost:9050"
+/// include = ["*.onion", "matrix.myspecial.onion"]
+/// exclude = ["*.myspecial.onion"]
+/// ```
+/// ## Include vs. Exclude
+/// If include is an empty list, it is assumed to be `["*"]`.
+///
+/// If a domain matches both the exclude and include list, the proxy will only
+/// be used if it was included because of a more specific rule than it was
+/// excluded. In the above example, the proxy would be used for
+/// `ordinary.onion`, `matrix.myspecial.onion`, but not `hello.myspecial.onion`.
+#[derive(Clone, Default, Debug, Deserialize)]
+#[serde(rename_all = "snake_case")]
+pub enum ProxyConfig {
+	#[default]
+	None,
+	Global {
+		#[serde(deserialize_with = "crate::utils::deserialize_from_str")]
+		url: Url,
+	},
+	ByDomain(Vec<PartialProxyConfig>),
+}
+impl ProxyConfig {
+	pub fn to_proxy(&self) -> Result<Option<Proxy>> {
+		Ok(match self.clone() {
+			ProxyConfig::None => None,
+			ProxyConfig::Global {
+				url,
+			} => Some(Proxy::all(url)?),
+			ProxyConfig::ByDomain(proxies) => Some(Proxy::custom(move |url| {
+				proxies.iter().find_map(|proxy| proxy.for_url(url)).cloned() // first matching
+				                                             // proxy
+			})),
+		})
+	}
+}
+
+#[derive(Clone, Debug, Deserialize)]
+pub struct PartialProxyConfig {
+	#[serde(deserialize_with = "crate::utils::deserialize_from_str")]
+	url: Url,
+	#[serde(default)]
+	include: Vec<WildCardedDomain>,
+	#[serde(default)]
+	exclude: Vec<WildCardedDomain>,
+}
+impl PartialProxyConfig {
+	#[must_use]
+	pub fn for_url(&self, url: &Url) -> Option<&Url> {
+		let domain = url.domain()?;
+		let mut included_because = None; // most specific reason it was included
+		let mut excluded_because = None; // most specific reason it was excluded
+		if self.include.is_empty() {
+			// treat empty include list as `*`
+			included_because = Some(&WildCardedDomain::WildCard);
+		}
+		for wc_domain in &self.include {
+			if wc_domain.matches(domain) {
+				match included_because {
+					Some(prev) if !wc_domain.more_specific_than(prev) => (),
+					_ => included_because = Some(wc_domain),
+				}
+			}
+		}
+		for wc_domain in &self.exclude {
+			if wc_domain.matches(domain) {
+				match excluded_because {
+					Some(prev) if !wc_domain.more_specific_than(prev) => (),
+					_ => excluded_because = Some(wc_domain),
+				}
+			}
+		}
+		match (included_because, excluded_because) {
+			(Some(a), Some(b)) if a.more_specific_than(b) => Some(&self.url), /* included for a more specific reason */
+			// than excluded
+			(Some(_), None) => Some(&self.url),
+			_ => None,
+		}
+	}
+}
+
+/// A domain name, that optionally allows a * as its first subdomain.
+#[derive(Clone, Debug)]
+enum WildCardedDomain {
+	WildCard,
+	WildCarded(String),
+	Exact(String),
+}
+impl WildCardedDomain {
+	fn matches(&self, domain: &str) -> bool {
+		match self {
+			WildCardedDomain::WildCard => true,
+			WildCardedDomain::WildCarded(d) => domain.ends_with(d),
+			WildCardedDomain::Exact(d) => domain == d,
+		}
+	}
+
+	fn more_specific_than(&self, other: &Self) -> bool {
+		match (self, other) {
+			(WildCardedDomain::WildCard, WildCardedDomain::WildCard) => false,
+			(_, WildCardedDomain::WildCard) => true,
+			(WildCardedDomain::Exact(a), WildCardedDomain::WildCarded(_)) => other.matches(a),
+			(WildCardedDomain::WildCarded(a), WildCardedDomain::WildCarded(b)) => a != b && a.ends_with(b),
+			_ => false,
+		}
+	}
+}
+impl std::str::FromStr for WildCardedDomain {
+	type Err = std::convert::Infallible;
+
+	fn from_str(s: &str) -> Result<Self, Self::Err> {
+		// maybe do some domain validation?
+		Ok(if s.starts_with("*.") {
+			WildCardedDomain::WildCarded(s[1..].to_owned())
+		} else if s == "*" {
+			WildCardedDomain::WildCarded(String::new())
+		} else {
+			WildCardedDomain::Exact(s.to_owned())
+		})
+	}
+}
+impl<'de> Deserialize<'de> for WildCardedDomain {
+	fn deserialize<D>(deserializer: D) -> Result<Self, D::Error>
+	where
+		D: serde::de::Deserializer<'de>,
+	{
+		crate::utils::deserialize_from_str(deserializer)
+	}
+}