magmaus3/continuwuity
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Hot-Reloading Refactor

Browse source 
Signed-off-by: Jason Volk <jason@zemos.net>
This commit is contained in:
Jason Volk 2024-05-09 15:59:08 -07:00 committed by June 🍓🦴
parent ae1a4fd283
commit 6c1434c165
212 changed files with 5679 additions and 4206 deletions
Download patch file Download diff file Expand all files Collapse all files

18
src/service/globals/client.rs
View file

@ -4,18 +4,18 @@ use reqwest::redirect;
use crate::{service::globals::resolver, utils::conduwuit_version, Config, Result};
pub(crate) struct Client {
pub(crate) default: reqwest::Client,
pub(crate) url_preview: reqwest::Client,
pub(crate) well_known: reqwest::Client,
pub(crate) federation: reqwest::Client,
pub(crate) sender: reqwest::Client,
pub(crate) appservice: reqwest::Client,
pub(crate) pusher: reqwest::Client,
pub struct Client {
pub default: reqwest::Client,
pub url_preview: reqwest::Client,
pub well_known: reqwest::Client,
pub federation: reqwest::Client,
pub sender: reqwest::Client,
pub appservice: reqwest::Client,
pub pusher: reqwest::Client,
}
impl Client {
pub(crate) fn new(config: &Config, resolver: &Arc<resolver::Resolver>) -> Client {
pub fn new(config: &Config, resolver: &Arc<resolver::Resolver>) -> Client {
Client {
default: Self::base(config)
.unwrap()

2
src/service/globals/data.rs
View file

@ -10,7 +10,7 @@ use ruma::{
use crate::{database::Cork, Result};
#[async_trait]
pub(crate) trait Data: Send + Sync {
pub trait Data: Send + Sync {
fn next_count(&self) -> Result<u64>;
fn current_count(&self) -> Result<u64>;
fn last_check_for_updates_id(&self) -> Result<u64>;

66
src/service/globals/emerg_access.rs Normal file
View file

@ -0,0 +1,66 @@
use conduit::Result;
use ruma::{
events::{
push_rules::PushRulesEventContent, room::message::RoomMessageEventContent, GlobalAccountDataEvent,
GlobalAccountDataEventType,
},
push::Ruleset,
UserId,
};
use tracing::{error, warn};
use crate::services;
pub(crate) async fn init_emergency_access() {
// Set emergency access for the conduit user
match set_emergency_access() {
Ok(pwd_set) => {
if pwd_set {
warn!(
"The Conduit account emergency password is set! Please unset it as soon as you finish admin \
account recovery!"
);
services()
.admin
.send_message(RoomMessageEventContent::text_plain(
"The Conduit account emergency password is set! Please unset it as soon as you finish admin \
account recovery!",
))
.await;
}
},
Err(e) => {
error!("Could not set the configured emergency password for the conduit user: {}", e);
},
};
}
/// Sets the emergency password and push rules for the @conduit account in case
/// emergency password is set
fn set_emergency_access() -> Result<bool> {
let conduit_user = UserId::parse_with_server_name("conduit", services().globals.server_name())
.expect("@conduit:server_name is a valid UserId");
services()
.users
.set_password(&conduit_user, services().globals.emergency_password().as_deref())?;
let (ruleset, res) = match services().globals.emergency_password() {
Some(_) => (Ruleset::server_default(&conduit_user), Ok(true)),
None => (Ruleset::new(), Ok(false)),
};
services().account_data.update(
None,
&conduit_user,
GlobalAccountDataEventType::PushRules.to_string().into(),
&serde_json::to_value(&GlobalAccountDataEvent {
content: PushRulesEventContent {
global: ruleset,
},
})
.expect("to json value always works"),
)?;
res
}

638
src/service/globals/migrations.rs Normal file
View file

@ -0,0 +1,638 @@
use std::{
collections::{HashMap, HashSet},
fs::{self},
io::Write,
mem::size_of,
sync::Arc,
};
use argon2::{password_hash::SaltString, PasswordHasher, PasswordVerifier};
use database::KeyValueDatabase;
use itertools::Itertools;
use rand::thread_rng;
use ruma::{
events::{push_rules::PushRulesEvent, GlobalAccountDataEventType},
push::Ruleset,
EventId, OwnedRoomId, RoomId, UserId,
};
use tracing::{debug, error, info, warn};
use crate::{services, utils, Config, Error, Result};
pub(crate) async fn migrations(db: &KeyValueDatabase, config: &Config) -> Result<()> {
// Matrix resource ownership is based on the server name; changing it
// requires recreating the database from scratch.
if services().users.count()? > 0 {
let conduit_user =
UserId::parse_with_server_name("conduit", &config.server_name).expect("@conduit:server_name is valid");
if !services().users.exists(&conduit_user)? {
error!("The {} server user does not exist, and the database is not new.", conduit_user);
return Err(Error::bad_database(
"Cannot reuse an existing database after changing the server name, please delete the old one first.",
));
}
}
// If the database has any data, perform data migrations before starting
// do not increment the db version if the user is not using sha256_media
let latest_database_version = if cfg!(feature = "sha256_media") {
14
} else {
13
};
if services().users.count()? > 0 {
// MIGRATIONS
if services().globals.database_version()? < 1 {
for (roomserverid, _) in db.roomserverids.iter() {
let mut parts = roomserverid.split(|&b| b == 0xFF);
let room_id = parts.next().expect("split always returns one element");
let Some(servername) = parts.next() else {
error!("Migration: Invalid roomserverid in db.");
continue;
};
let mut serverroomid = servername.to_vec();
serverroomid.push(0xFF);
serverroomid.extend_from_slice(room_id);
db.serverroomids.insert(&serverroomid, &[])?;
}
services().globals.bump_database_version(1)?;
warn!("Migration: 0 -> 1 finished");
}
if services().globals.database_version()? < 2 {
// We accidentally inserted hashed versions of "" into the db instead of just ""
for (userid, password) in db.userid_password.iter() {
let salt = SaltString::generate(thread_rng());
let empty_pass = services()
.globals
.argon
.hash_password(b"", &salt)
.expect("our own password to be properly hashed");
let empty_hashed_password = services()
.globals
.argon
.verify_password(&password, &empty_pass)
.is_ok();
if empty_hashed_password {
db.userid_password.insert(&userid, b"")?;
}
}
services().globals.bump_database_version(2)?;
warn!("Migration: 1 -> 2 finished");
}
if services().globals.database_version()? < 3 {
// Move media to filesystem
for (key, content) in db.mediaid_file.iter() {
if content.is_empty() {
continue;
}
#[allow(deprecated)]
let path = services().globals.get_media_file(&key);
let mut file = fs::File::create(path)?;
file.write_all(&content)?;
db.mediaid_file.insert(&key, &[])?;
}
services().globals.bump_database_version(3)?;
warn!("Migration: 2 -> 3 finished");
}
if services().globals.database_version()? < 4 {
// Add federated users to services() as deactivated
for our_user in services().users.iter() {
let our_user = our_user?;
if services().users.is_deactivated(&our_user)? {
continue;
}
for room in services().rooms.state_cache.rooms_joined(&our_user) {
for user in services().rooms.state_cache.room_members(&room?) {
let user = user?;
if user.server_name() != config.server_name {
info!(?user, "Migration: creating user");
services().users.create(&user, None)?;
}
}
}
}
services().globals.bump_database_version(4)?;
warn!("Migration: 3 -> 4 finished");
}
if services().globals.database_version()? < 5 {
// Upgrade user data store
for (roomuserdataid, _) in db.roomuserdataid_accountdata.iter() {
let mut parts = roomuserdataid.split(|&b| b == 0xFF);
let room_id = parts.next().unwrap();
let user_id = parts.next().unwrap();
let event_type = roomuserdataid.rsplit(|&b| b == 0xFF).next().unwrap();
let mut key = room_id.to_vec();
key.push(0xFF);
key.extend_from_slice(user_id);
key.push(0xFF);
key.extend_from_slice(event_type);
db.roomusertype_roomuserdataid
.insert(&key, &roomuserdataid)?;
}
services().globals.bump_database_version(5)?;
warn!("Migration: 4 -> 5 finished");
}
if services().globals.database_version()? < 6 {
// Set room member count
for (roomid, _) in db.roomid_shortstatehash.iter() {
let string = utils::string_from_bytes(&roomid).unwrap();
let room_id = <&RoomId>::try_from(string.as_str()).unwrap();
services().rooms.state_cache.update_joined_count(room_id)?;
}
services().globals.bump_database_version(6)?;
warn!("Migration: 5 -> 6 finished");
}
if services().globals.database_version()? < 7 {
// Upgrade state store
let mut last_roomstates: HashMap<OwnedRoomId, u64> = HashMap::new();
let mut current_sstatehash: Option<u64> = None;
let mut current_room = None;
let mut current_state = HashSet::new();
let handle_state = |current_sstatehash: u64,
current_room: &RoomId,
current_state: HashSet<_>,
last_roomstates: &mut HashMap<_, _>| {
let last_roomsstatehash = last_roomstates.get(current_room);
let states_parents = last_roomsstatehash.map_or_else(
|| Ok(Vec::new()),
|&last_roomsstatehash| {
services()
.rooms
.state_compressor
.load_shortstatehash_info(last_roomsstatehash)
},
)?;
let (statediffnew, statediffremoved) = if let Some(parent_stateinfo) = states_parents.last() {
let statediffnew = current_state
.difference(&parent_stateinfo.1)
.copied()
.collect::<HashSet<_>>();
let statediffremoved = parent_stateinfo
.1
.difference(&current_state)
.copied()
.collect::<HashSet<_>>();
(statediffnew, statediffremoved)
} else {
(current_state, HashSet::new())
};
services().rooms.state_compressor.save_state_from_diff(
current_sstatehash,
Arc::new(statediffnew),
Arc::new(statediffremoved),
2, // every state change is 2 event changes on average
states_parents,
)?;
/*
let mut tmp = services().rooms.load_shortstatehash_info(&current_sstatehash)?;
let state = tmp.pop().unwrap();
println!(
"{}\t{}{:?}: {:?} + {:?} - {:?}",
current_room,
" ".repeat(tmp.len()),
utils::u64_from_bytes(&current_sstatehash).unwrap(),
tmp.last().map(|b| utils::u64_from_bytes(&b.0).unwrap()),
state
.2
.iter()
.map(|b| utils::u64_from_bytes(&b[size_of::<u64>()..]).unwrap())
.collect::<Vec<_>>(),
state
.3
.iter()
.map(|b| utils::u64_from_bytes(&b[size_of::<u64>()..]).unwrap())
.collect::<Vec<_>>()
);
*/
Ok::<_, Error>(())
};
for (k, seventid) in db.db.open_tree("stateid_shorteventid")?.iter() {
let sstatehash = utils::u64_from_bytes(&k[0..size_of::<u64>()]).expect("number of bytes is correct");
let sstatekey = k[size_of::<u64>()..].to_vec();
if Some(sstatehash) != current_sstatehash {
if let Some(current_sstatehash) = current_sstatehash {
handle_state(
current_sstatehash,
current_room.as_deref().unwrap(),
current_state,
&mut last_roomstates,
)?;
last_roomstates.insert(current_room.clone().unwrap(), current_sstatehash);
}
current_state = HashSet::new();
current_sstatehash = Some(sstatehash);
let event_id = db.shorteventid_eventid.get(&seventid).unwrap().unwrap();
let string = utils::string_from_bytes(&event_id).unwrap();
let event_id = <&EventId>::try_from(string.as_str()).unwrap();
let pdu = services()
.rooms
.timeline
.get_pdu(event_id)
.unwrap()
.unwrap();
if Some(&pdu.room_id) != current_room.as_ref() {
current_room = Some(pdu.room_id.clone());
}
}
let mut val = sstatekey;
val.extend_from_slice(&seventid);
current_state.insert(val.try_into().expect("size is correct"));
}
if let Some(current_sstatehash) = current_sstatehash {
handle_state(
current_sstatehash,
current_room.as_deref().unwrap(),
current_state,
&mut last_roomstates,
)?;
}
services().globals.bump_database_version(7)?;
warn!("Migration: 6 -> 7 finished");
}
if services().globals.database_version()? < 8 {
// Generate short room ids for all rooms
for (room_id, _) in db.roomid_shortstatehash.iter() {
let shortroomid = services().globals.next_count()?.to_be_bytes();
db.roomid_shortroomid.insert(&room_id, &shortroomid)?;
info!("Migration: 8");
}
// Update pduids db layout
let mut batch = db.pduid_pdu.iter().filter_map(|(key, v)| {
if !key.starts_with(b"!") {
return None;
}
let mut parts = key.splitn(2, |&b| b == 0xFF);
let room_id = parts.next().unwrap();
let count = parts.next().unwrap();
let short_room_id = db
.roomid_shortroomid
.get(room_id)
.unwrap()
.expect("shortroomid should exist");
let mut new_key = short_room_id;
new_key.extend_from_slice(count);
Some((new_key, v))
});
db.pduid_pdu.insert_batch(&mut batch)?;
let mut batch2 = db.eventid_pduid.iter().filter_map(|(k, value)| {
if !value.starts_with(b"!") {
return None;
}
let mut parts = value.splitn(2, |&b| b == 0xFF);
let room_id = parts.next().unwrap();
let count = parts.next().unwrap();
let short_room_id = db
.roomid_shortroomid
.get(room_id)
.unwrap()
.expect("shortroomid should exist");
let mut new_value = short_room_id;
new_value.extend_from_slice(count);
Some((k, new_value))
});
db.eventid_pduid.insert_batch(&mut batch2)?;
services().globals.bump_database_version(8)?;
warn!("Migration: 7 -> 8 finished");
}
if services().globals.database_version()? < 9 {
// Update tokenids db layout
let mut iter = db
.tokenids
.iter()
.filter_map(|(key, _)| {
if !key.starts_with(b"!") {
return None;
}
let mut parts = key.splitn(4, |&b| b == 0xFF);
let room_id = parts.next().unwrap();
let word = parts.next().unwrap();
let _pdu_id_room = parts.next().unwrap();
let pdu_id_count = parts.next().unwrap();
let short_room_id = db
.roomid_shortroomid
.get(room_id)
.unwrap()
.expect("shortroomid should exist");
let mut new_key = short_room_id;
new_key.extend_from_slice(word);
new_key.push(0xFF);
new_key.extend_from_slice(pdu_id_count);
Some((new_key, Vec::new()))
})
.peekable();
while iter.peek().is_some() {
db.tokenids.insert_batch(&mut iter.by_ref().take(1000))?;
debug!("Inserted smaller batch");
}
info!("Deleting starts");
let batch2: Vec<_> = db
.tokenids
.iter()
.filter_map(|(key, _)| {
if key.starts_with(b"!") {
Some(key)
} else {
None
}
})
.collect();
for key in batch2 {
db.tokenids.remove(&key)?;
}
services().globals.bump_database_version(9)?;
warn!("Migration: 8 -> 9 finished");
}
if services().globals.database_version()? < 10 {
// Add other direction for shortstatekeys
for (statekey, shortstatekey) in db.statekey_shortstatekey.iter() {
db.shortstatekey_statekey
.insert(&shortstatekey, &statekey)?;
}
// Force E2EE device list updates so we can send them over federation
for user_id in services().users.iter().filter_map(Result::ok) {
services().users.mark_device_key_update(&user_id)?;
}
services().globals.bump_database_version(10)?;
warn!("Migration: 9 -> 10 finished");
}
if services().globals.database_version()? < 11 {
db.db
.open_tree("userdevicesessionid_uiaarequest")?
.clear()?;
services().globals.bump_database_version(11)?;
warn!("Migration: 10 -> 11 finished");
}
if services().globals.database_version()? < 12 {
for username in services().users.list_local_users()? {
let user = match UserId::parse_with_server_name(username.clone(), &config.server_name) {
Ok(u) => u,
Err(e) => {
warn!("Invalid username {username}: {e}");
continue;
},
};
let raw_rules_list = services()
.account_data
.get(None, &user, GlobalAccountDataEventType::PushRules.to_string().into())
.unwrap()
.expect("Username is invalid");
let mut account_data = serde_json::from_str::<PushRulesEvent>(raw_rules_list.get()).unwrap();
let rules_list = &mut account_data.content.global;
//content rule
{
let content_rule_transformation = [".m.rules.contains_user_name", ".m.rule.contains_user_name"];
let rule = rules_list.content.get(content_rule_transformation[0]);
if rule.is_some() {
let mut rule = rule.unwrap().clone();
content_rule_transformation[1].clone_into(&mut rule.rule_id);
rules_list
.content
.shift_remove(content_rule_transformation[0]);
rules_list.content.insert(rule);
}
}
//underride rules
{
let underride_rule_transformation = [
[".m.rules.call", ".m.rule.call"],
[".m.rules.room_one_to_one", ".m.rule.room_one_to_one"],
[".m.rules.encrypted_room_one_to_one", ".m.rule.encrypted_room_one_to_one"],
[".m.rules.message", ".m.rule.message"],
[".m.rules.encrypted", ".m.rule.encrypted"],
];
for transformation in underride_rule_transformation {
let rule = rules_list.underride.get(transformation[0]);
if let Some(rule) = rule {
let mut rule = rule.clone();
transformation[1].clone_into(&mut rule.rule_id);
rules_list.underride.shift_remove(transformation[0]);
rules_list.underride.insert(rule);
}
}
}
services().account_data.update(
None,
&user,
GlobalAccountDataEventType::PushRules.to_string().into(),
&serde_json::to_value(account_data).expect("to json value always works"),
)?;
}
services().globals.bump_database_version(12)?;
warn!("Migration: 11 -> 12 finished");
}
// This migration can be reused as-is anytime the server-default rules are
// updated.
if services().globals.database_version()? < 13 {
for username in services().users.list_local_users()? {
let user = match UserId::parse_with_server_name(username.clone(), &config.server_name) {
Ok(u) => u,
Err(e) => {
warn!("Invalid username {username}: {e}");
continue;
},
};
let raw_rules_list = services()
.account_data
.get(None, &user, GlobalAccountDataEventType::PushRules.to_string().into())
.unwrap()
.expect("Username is invalid");
let mut account_data = serde_json::from_str::<PushRulesEvent>(raw_rules_list.get()).unwrap();
let user_default_rules = Ruleset::server_default(&user);
account_data
.content
.global
.update_with_server_default(user_default_rules);
services().account_data.update(
None,
&user,
GlobalAccountDataEventType::PushRules.to_string().into(),
&serde_json::to_value(account_data).expect("to json value always works"),
)?;
}
services().globals.bump_database_version(13)?;
warn!("Migration: 12 -> 13 finished");
}
#[cfg(feature = "sha256_media")]
{
if services().globals.database_version()? < 14 && cfg!(feature = "sha256_media") {
warn!("sha256_media feature flag is enabled, migrating legacy base64 file names to sha256 file names");
// Move old media files to new names
for (key, _) in db.mediaid_file.iter() {
let old_path = services().globals.get_media_file(&key);
debug!("Old file path: {old_path:?}");
let path = services().globals.get_media_file_new(&key);
debug!("New file path: {path:?}");
// move the file to the new location
if old_path.exists() {
tokio::fs::rename(&old_path, &path).await?;
}
}
services().globals.bump_database_version(14)?;
warn!("Migration: 13 -> 14 finished");
}
}
assert_eq!(
services().globals.database_version().unwrap(),
latest_database_version,
"Failed asserting local database version {} is equal to known latest conduwuit database version {}",
services().globals.database_version().unwrap(),
latest_database_version
);
{
let patterns = services().globals.forbidden_usernames();
if !patterns.is_empty() {
for user_id in services()
.users
.iter()
.filter_map(Result::ok)
.filter(|user| !services().users.is_deactivated(user).unwrap_or(true))
.filter(|user| user.server_name() == config.server_name)
{
let matches = patterns.matches(user_id.localpart());
if matches.matched_any() {
warn!(
"User {} matches the following forbidden username patterns: {}",
user_id.to_string(),
matches
.into_iter()
.map(|x| &patterns.patterns()[x])
.join(", ")
);
}
}
}
}
{
let patterns = services().globals.forbidden_alias_names();
if !patterns.is_empty() {
for address in services().rooms.metadata.iter_ids() {
let room_id = address?;
let room_aliases = services().rooms.alias.local_aliases_for_room(&room_id);
for room_alias_result in room_aliases {
let room_alias = room_alias_result?;
let matches = patterns.matches(room_alias.alias());
if matches.matched_any() {
warn!(
"Room with alias {} ({}) matches the following forbidden room name patterns: {}",
room_alias,
&room_id,
matches
.into_iter()
.map(|x| &patterns.patterns()[x])
.join(", ")
);
}
}
}
}
}
info!(
"Loaded {} database with schema version {}",
config.database_backend, latest_database_version
);
} else {
services()
.globals
.bump_database_version(latest_database_version)?;
// Create the admin room and server user on first run
services().admin.create_admin_room().await?;
warn!(
"Created new {} database with version {}",
config.database_backend, latest_database_version
);
}
Ok(())
}

253
src/service/globals/mod.rs
View file

@ -3,16 +3,13 @@ use std::{
fs,
future::Future,
path::PathBuf,
sync::{
atomic::{self, AtomicBool},
Arc,
},
time::{Instant, SystemTime},
sync::Arc,
time::Instant,
};
use argon2::Argon2;
use base64::{engine::general_purpose, Engine as _};
pub(crate) use data::Data;
pub use data::Data;
use hickory_resolver::TokioAsyncResolver;
use ipaddress::IPAddress;
use regex::RegexSet;
@ -25,42 +22,46 @@ use ruma::{
DeviceId, OwnedEventId, OwnedRoomId, OwnedServerName, OwnedServerSigningKeyId, OwnedUserId, RoomVersionId,
ServerName, UserId,
};
use tokio::sync::{broadcast, Mutex, RwLock};
use tracing::{error, info, trace};
use tokio::{
sync::{broadcast, Mutex, RwLock},
task::JoinHandle,
};
use tracing::{error, trace};
use url::Url;
use crate::{services, Config, LogLevelReloadHandles, Result};
use crate::{services, Config, Result};
mod client;
mod data;
pub mod data;
pub(crate) mod emerg_access;
pub(crate) mod migrations;
mod resolver;
pub(crate) mod updates;
type RateLimitState = (Instant, u32); // Time if last failed try, number of failed tries
pub(crate) struct Service<'a> {
pub(crate) db: &'static dyn Data,
pub struct Service {
pub db: Arc<dyn Data>,
pub(crate) tracing_reload_handle: LogLevelReloadHandles,
pub(crate) config: Config,
pub(crate) cidr_range_denylist: Vec<IPAddress>,
pub config: Config,
pub cidr_range_denylist: Vec<IPAddress>,
keypair: Arc<ruma::signatures::Ed25519KeyPair>,
jwt_decoding_key: Option<jsonwebtoken::DecodingKey>,
pub(crate) resolver: Arc<resolver::Resolver>,
pub(crate) client: client::Client,
pub(crate) stable_room_versions: Vec<RoomVersionId>,
pub(crate) unstable_room_versions: Vec<RoomVersionId>,
pub(crate) bad_event_ratelimiter: Arc<RwLock<HashMap<OwnedEventId, RateLimitState>>>,
pub(crate) bad_signature_ratelimiter: Arc<RwLock<HashMap<Vec<String>, RateLimitState>>>,
pub(crate) bad_query_ratelimiter: Arc<RwLock<HashMap<OwnedServerName, RateLimitState>>>,
pub(crate) roomid_mutex_insert: RwLock<HashMap<OwnedRoomId, Arc<Mutex<()>>>>,
pub(crate) roomid_mutex_state: RwLock<HashMap<OwnedRoomId, Arc<Mutex<()>>>>,
pub(crate) roomid_mutex_federation: RwLock<HashMap<OwnedRoomId, Arc<Mutex<()>>>>, // this lock will be held longer
pub(crate) roomid_federationhandletime: RwLock<HashMap<OwnedRoomId, (OwnedEventId, Instant)>>,
pub(crate) stateres_mutex: Arc<Mutex<()>>,
pub(crate) rotate: RotationHandler,
pub(crate) started: SystemTime,
pub(crate) shutdown: AtomicBool,
pub(crate) argon: Argon2<'a>,
pub resolver: Arc<resolver::Resolver>,
pub client: client::Client,
pub stable_room_versions: Vec<RoomVersionId>,
pub unstable_room_versions: Vec<RoomVersionId>,
pub bad_event_ratelimiter: Arc<RwLock<HashMap<OwnedEventId, RateLimitState>>>,
pub bad_signature_ratelimiter: Arc<RwLock<HashMap<Vec<String>, RateLimitState>>>,
pub bad_query_ratelimiter: Arc<RwLock<HashMap<OwnedServerName, RateLimitState>>>,
pub roomid_mutex_insert: RwLock<HashMap<OwnedRoomId, Arc<Mutex<()>>>>,
pub roomid_mutex_state: RwLock<HashMap<OwnedRoomId, Arc<Mutex<()>>>>,
pub roomid_mutex_federation: RwLock<HashMap<OwnedRoomId, Arc<Mutex<()>>>>, // this lock will be held longer
pub roomid_federationhandletime: RwLock<HashMap<OwnedRoomId, (OwnedEventId, Instant)>>,
pub updates_handle: Mutex<Option<JoinHandle<()>>>,
pub stateres_mutex: Arc<Mutex<()>>,
pub rotate: RotationHandler,
pub argon: Argon2<'static>,
}
/// Handles "rotation" of long-polling requests. "Rotation" in this context is
@ -68,7 +69,7 @@ pub(crate) struct Service<'a> {
///
/// This is utilized to have sync workers return early and release read locks on
/// the database.
pub(crate) struct RotationHandler(broadcast::Sender<()>, ());
pub struct RotationHandler(broadcast::Sender<()>, ());
impl RotationHandler {
fn new() -> Self {
@ -76,25 +77,22 @@ impl RotationHandler {
Self(s, ())
}
pub(crate) fn watch(&self) -> impl Future<Output = ()> {
pub fn watch(&self) -> impl Future<Output = ()> {
let mut r = self.0.subscribe();
async move {
_ = r.recv().await;
}
}
fn fire(&self) { _ = self.0.send(()); }
pub fn fire(&self) { _ = self.0.send(()); }
}
impl Default for RotationHandler {
fn default() -> Self { Self::new() }
}
impl Service<'_> {
pub(crate) fn load(
db: &'static dyn Data, config: &Config, tracing_reload_handle: LogLevelReloadHandles,
) -> Result<Self> {
impl Service {
pub fn load(db: Arc<dyn Data>, config: &Config) -> Result<Self> {
let keypair = db.load_keypair();
let keypair = match keypair {
@ -140,7 +138,6 @@ impl Service<'_> {
}
let mut s = Self {
tracing_reload_handle,
db,
config: config.clone(),
cidr_range_denylist,
@ -157,10 +154,9 @@ impl Service<'_> {
roomid_mutex_insert: RwLock::new(HashMap::new()),
roomid_mutex_federation: RwLock::new(HashMap::new()),
roomid_federationhandletime: RwLock::new(HashMap::new()),
updates_handle: Mutex::new(None),
stateres_mutex: Arc::new(Mutex::new(())),
rotate: RotationHandler::new(),
started: SystemTime::now(),
shutdown: AtomicBool::new(false),
argon,
};
@ -178,145 +174,141 @@ impl Service<'_> {
}
/// Returns this server's keypair.
pub(crate) fn keypair(&self) -> &ruma::signatures::Ed25519KeyPair { &self.keypair }
pub fn keypair(&self) -> &ruma::signatures::Ed25519KeyPair { &self.keypair }
#[tracing::instrument(skip(self))]
pub(crate) fn next_count(&self) -> Result<u64> { self.db.next_count() }
pub fn next_count(&self) -> Result<u64> { self.db.next_count() }
#[tracing::instrument(skip(self))]
pub(crate) fn current_count(&self) -> Result<u64> { self.db.current_count() }
pub fn current_count(&self) -> Result<u64> { self.db.current_count() }
#[tracing::instrument(skip(self))]
pub(crate) fn last_check_for_updates_id(&self) -> Result<u64> { self.db.last_check_for_updates_id() }
pub fn last_check_for_updates_id(&self) -> Result<u64> { self.db.last_check_for_updates_id() }
#[tracing::instrument(skip(self))]
pub(crate) fn update_check_for_updates_id(&self, id: u64) -> Result<()> { self.db.update_check_for_updates_id(id) }
pub fn update_check_for_updates_id(&self, id: u64) -> Result<()> { self.db.update_check_for_updates_id(id) }
pub(crate) async fn watch(&self, user_id: &UserId, device_id: &DeviceId) -> Result<()> {
pub async fn watch(&self, user_id: &UserId, device_id: &DeviceId) -> Result<()> {
self.db.watch(user_id, device_id).await
}
pub(crate) fn cleanup(&self) -> Result<()> { self.db.cleanup() }
pub fn cleanup(&self) -> Result<()> { self.db.cleanup() }
/// TODO: use this?
#[allow(dead_code)]
pub(crate) fn flush(&self) -> Result<()> { self.db.flush() }
pub fn flush(&self) -> Result<()> { self.db.flush() }
pub(crate) fn server_name(&self) -> &ServerName { self.config.server_name.as_ref() }
pub fn server_name(&self) -> &ServerName { self.config.server_name.as_ref() }
pub(crate) fn max_request_size(&self) -> u32 { self.config.max_request_size }
pub fn max_request_size(&self) -> u32 { self.config.max_request_size }
pub(crate) fn max_fetch_prev_events(&self) -> u16 { self.config.max_fetch_prev_events }
pub fn max_fetch_prev_events(&self) -> u16 { self.config.max_fetch_prev_events }
pub(crate) fn allow_registration(&self) -> bool { self.config.allow_registration }
pub fn allow_registration(&self) -> bool { self.config.allow_registration }
pub(crate) fn allow_guest_registration(&self) -> bool { self.config.allow_guest_registration }
pub fn allow_guest_registration(&self) -> bool { self.config.allow_guest_registration }
pub(crate) fn allow_guests_auto_join_rooms(&self) -> bool { self.config.allow_guests_auto_join_rooms }
pub fn allow_guests_auto_join_rooms(&self) -> bool { self.config.allow_guests_auto_join_rooms }
pub(crate) fn log_guest_registrations(&self) -> bool { self.config.log_guest_registrations }
pub fn log_guest_registrations(&self) -> bool { self.config.log_guest_registrations }
pub(crate) fn allow_encryption(&self) -> bool { self.config.allow_encryption }
pub fn allow_encryption(&self) -> bool { self.config.allow_encryption }
pub(crate) fn allow_federation(&self) -> bool { self.config.allow_federation }
pub fn allow_federation(&self) -> bool { self.config.allow_federation }
pub(crate) fn allow_public_room_directory_over_federation(&self) -> bool {
pub fn allow_public_room_directory_over_federation(&self) -> bool {
self.config.allow_public_room_directory_over_federation
}
pub(crate) fn allow_device_name_federation(&self) -> bool { self.config.allow_device_name_federation }
pub fn allow_device_name_federation(&self) -> bool { self.config.allow_device_name_federation }
pub(crate) fn allow_room_creation(&self) -> bool { self.config.allow_room_creation }
pub fn allow_room_creation(&self) -> bool { self.config.allow_room_creation }
pub(crate) fn allow_unstable_room_versions(&self) -> bool { self.config.allow_unstable_room_versions }
pub fn allow_unstable_room_versions(&self) -> bool { self.config.allow_unstable_room_versions }
pub(crate) fn default_room_version(&self) -> RoomVersionId { self.config.default_room_version.clone() }
pub fn default_room_version(&self) -> RoomVersionId { self.config.default_room_version.clone() }
pub(crate) fn new_user_displayname_suffix(&self) -> &String { &self.config.new_user_displayname_suffix }
pub fn new_user_displayname_suffix(&self) -> &String { &self.config.new_user_displayname_suffix }
pub(crate) fn allow_check_for_updates(&self) -> bool { self.config.allow_check_for_updates }
pub fn allow_check_for_updates(&self) -> bool { self.config.allow_check_for_updates }
pub(crate) fn trusted_servers(&self) -> &[OwnedServerName] { &self.config.trusted_servers }
pub fn trusted_servers(&self) -> &[OwnedServerName] { &self.config.trusted_servers }
pub(crate) fn query_trusted_key_servers_first(&self) -> bool { self.config.query_trusted_key_servers_first }
pub fn query_trusted_key_servers_first(&self) -> bool { self.config.query_trusted_key_servers_first }
pub(crate) fn dns_resolver(&self) -> &TokioAsyncResolver { &self.resolver.resolver }
pub fn dns_resolver(&self) -> &TokioAsyncResolver { &self.resolver.resolver }
pub(crate) fn actual_destinations(&self) -> &Arc<RwLock<resolver::WellKnownMap>> { &self.resolver.destinations }
pub fn actual_destinations(&self) -> &Arc<RwLock<resolver::WellKnownMap>> { &self.resolver.destinations }
pub(crate) fn jwt_decoding_key(&self) -> Option<&jsonwebtoken::DecodingKey> { self.jwt_decoding_key.as_ref() }
pub fn jwt_decoding_key(&self) -> Option<&jsonwebtoken::DecodingKey> { self.jwt_decoding_key.as_ref() }
pub(crate) fn turn_password(&self) -> &String { &self.config.turn_password }
pub fn turn_password(&self) -> &String { &self.config.turn_password }
pub(crate) fn turn_ttl(&self) -> u64 { self.config.turn_ttl }
pub fn turn_ttl(&self) -> u64 { self.config.turn_ttl }
pub(crate) fn turn_uris(&self) -> &[String] { &self.config.turn_uris }
pub fn turn_uris(&self) -> &[String] { &self.config.turn_uris }
pub(crate) fn turn_username(&self) -> &String { &self.config.turn_username }
pub fn turn_username(&self) -> &String { &self.config.turn_username }
pub(crate) fn turn_secret(&self) -> &String { &self.config.turn_secret }
pub fn turn_secret(&self) -> &String { &self.config.turn_secret }
pub(crate) fn allow_profile_lookup_federation_requests(&self) -> bool {
pub fn allow_profile_lookup_federation_requests(&self) -> bool {
self.config.allow_profile_lookup_federation_requests
}
pub(crate) fn notification_push_path(&self) -> &String { &self.config.notification_push_path }
pub fn notification_push_path(&self) -> &String { &self.config.notification_push_path }
pub(crate) fn emergency_password(&self) -> &Option<String> { &self.config.emergency_password }
pub fn emergency_password(&self) -> &Option<String> { &self.config.emergency_password }
pub(crate) fn url_preview_domain_contains_allowlist(&self) -> &Vec<String> {
pub fn url_preview_domain_contains_allowlist(&self) -> &Vec<String> {
&self.config.url_preview_domain_contains_allowlist
}
pub(crate) fn url_preview_domain_explicit_allowlist(&self) -> &Vec<String> {
pub fn url_preview_domain_explicit_allowlist(&self) -> &Vec<String> {
&self.config.url_preview_domain_explicit_allowlist
}
pub(crate) fn url_preview_domain_explicit_denylist(&self) -> &Vec<String> {
pub fn url_preview_domain_explicit_denylist(&self) -> &Vec<String> {
&self.config.url_preview_domain_explicit_denylist
}
pub(crate) fn url_preview_url_contains_allowlist(&self) -> &Vec<String> {
&self.config.url_preview_url_contains_allowlist
}
pub fn url_preview_url_contains_allowlist(&self) -> &Vec<String> { &self.config.url_preview_url_contains_allowlist }
pub(crate) fn url_preview_max_spider_size(&self) -> usize { self.config.url_preview_max_spider_size }
pub fn url_preview_max_spider_size(&self) -> usize { self.config.url_preview_max_spider_size }
pub(crate) fn url_preview_check_root_domain(&self) -> bool { self.config.url_preview_check_root_domain }
pub fn url_preview_check_root_domain(&self) -> bool { self.config.url_preview_check_root_domain }
pub(crate) fn forbidden_alias_names(&self) -> &RegexSet { &self.config.forbidden_alias_names }
pub fn forbidden_alias_names(&self) -> &RegexSet { &self.config.forbidden_alias_names }
pub(crate) fn forbidden_usernames(&self) -> &RegexSet { &self.config.forbidden_usernames }
pub fn forbidden_usernames(&self) -> &RegexSet { &self.config.forbidden_usernames }
pub(crate) fn allow_local_presence(&self) -> bool { self.config.allow_local_presence }
pub fn allow_local_presence(&self) -> bool { self.config.allow_local_presence }
pub(crate) fn allow_incoming_presence(&self) -> bool { self.config.allow_incoming_presence }
pub fn allow_incoming_presence(&self) -> bool { self.config.allow_incoming_presence }
pub(crate) fn allow_outgoing_presence(&self) -> bool { self.config.allow_outgoing_presence }
pub fn allow_outgoing_presence(&self) -> bool { self.config.allow_outgoing_presence }
pub(crate) fn allow_incoming_read_receipts(&self) -> bool { self.config.allow_incoming_read_receipts }
pub fn allow_incoming_read_receipts(&self) -> bool { self.config.allow_incoming_read_receipts }
pub(crate) fn allow_outgoing_read_receipts(&self) -> bool { self.config.allow_outgoing_read_receipts }
pub fn allow_outgoing_read_receipts(&self) -> bool { self.config.allow_outgoing_read_receipts }
pub(crate) fn prevent_media_downloads_from(&self) -> &[OwnedServerName] {
&self.config.prevent_media_downloads_from
}
pub fn prevent_media_downloads_from(&self) -> &[OwnedServerName] { &self.config.prevent_media_downloads_from }
pub(crate) fn forbidden_remote_room_directory_server_names(&self) -> &[OwnedServerName] {
pub fn forbidden_remote_room_directory_server_names(&self) -> &[OwnedServerName] {
&self.config.forbidden_remote_room_directory_server_names
}
pub(crate) fn well_known_support_page(&self) -> &Option<Url> { &self.config.well_known.support_page }
pub fn well_known_support_page(&self) -> &Option<Url> { &self.config.well_known.support_page }
pub(crate) fn well_known_support_role(&self) -> &Option<ContactRole> { &self.config.well_known.support_role }
pub fn well_known_support_role(&self) -> &Option<ContactRole> { &self.config.well_known.support_role }
pub(crate) fn well_known_support_email(&self) -> &Option<String> { &self.config.well_known.support_email }
pub fn well_known_support_email(&self) -> &Option<String> { &self.config.well_known.support_email }
pub(crate) fn well_known_support_mxid(&self) -> &Option<OwnedUserId> { &self.config.well_known.support_mxid }
pub fn well_known_support_mxid(&self) -> &Option<OwnedUserId> { &self.config.well_known.support_mxid }
pub(crate) fn block_non_admin_invites(&self) -> bool { self.config.block_non_admin_invites }
pub fn block_non_admin_invites(&self) -> bool { self.config.block_non_admin_invites }
pub(crate) fn supported_room_versions(&self) -> Vec<RoomVersionId> {
pub fn supported_room_versions(&self) -> Vec<RoomVersionId> {
let mut room_versions: Vec<RoomVersionId> = vec![];
room_versions.extend(self.stable_room_versions.clone());
if self.allow_unstable_room_versions() {
@ -332,7 +324,7 @@ impl Service<'_> {
///
/// This doesn't actually check that the keys provided are newer than the
/// old set.
pub(crate) fn add_signing_key(
pub fn add_signing_key(
&self, origin: &ServerName, new_keys: ServerSigningKeys,
) -> Result<BTreeMap<OwnedServerSigningKeyId, VerifyKey>> {
self.db.add_signing_key(origin, new_keys)
@ -340,7 +332,7 @@ impl Service<'_> {
/// This returns an empty `Ok(BTreeMap<..>)` when there are no keys found
/// for the server.
pub(crate) fn signing_keys_for(&self, origin: &ServerName) -> Result<BTreeMap<OwnedServerSigningKeyId, VerifyKey>> {
pub fn signing_keys_for(&self, origin: &ServerName) -> Result<BTreeMap<OwnedServerSigningKeyId, VerifyKey>> {
let mut keys = self.db.signing_keys_for(origin)?;
if origin == self.server_name() {
keys.insert(
@ -356,13 +348,11 @@ impl Service<'_> {
Ok(keys)
}
pub(crate) fn database_version(&self) -> Result<u64> { self.db.database_version() }
pub fn database_version(&self) -> Result<u64> { self.db.database_version() }
pub(crate) fn bump_database_version(&self, new_version: u64) -> Result<()> {
self.db.bump_database_version(new_version)
}
pub fn bump_database_version(&self, new_version: u64) -> Result<()> { self.db.bump_database_version(new_version) }
pub(crate) fn get_media_folder(&self) -> PathBuf {
pub fn get_media_folder(&self) -> PathBuf {
let mut r = PathBuf::new();
r.push(self.config.database_path.clone());
r.push("media");
@ -373,7 +363,7 @@ impl Service<'_> {
/// flag enabled and database migrated uses SHA256 hash of the base64 key as
/// the file name
#[cfg(feature = "sha256_media")]
pub(crate) fn get_media_file_new(&self, key: &[u8]) -> PathBuf {
pub fn get_media_file_new(&self, key: &[u8]) -> PathBuf {
let mut r = PathBuf::new();
r.push(self.config.database_path.clone());
r.push("media");
@ -387,7 +377,7 @@ impl Service<'_> {
/// old base64 file name media function
/// This is the old version of `get_media_file` that uses the full base64
/// key as the filename.
pub(crate) fn get_media_file(&self, key: &[u8]) -> PathBuf {
pub fn get_media_file(&self, key: &[u8]) -> PathBuf {
let mut r = PathBuf::new();
r.push(self.config.database_path.clone());
r.push("media");
@ -395,13 +385,13 @@ impl Service<'_> {
r
}
pub(crate) fn well_known_client(&self) -> &Option<Url> { &self.config.well_known.client }
pub fn well_known_client(&self) -> &Option<Url> { &self.config.well_known.client }
pub(crate) fn well_known_server(&self) -> &Option<OwnedServerName> { &self.config.well_known.server }
pub fn well_known_server(&self) -> &Option<OwnedServerName> { &self.config.well_known.server }
pub(crate) fn unix_socket_path(&self) -> &Option<PathBuf> { &self.config.unix_socket_path }
pub fn unix_socket_path(&self) -> &Option<PathBuf> { &self.config.unix_socket_path }
pub(crate) fn valid_cidr_range(&self, ip: &IPAddress) -> bool {
pub fn valid_cidr_range(&self, ip: &IPAddress) -> bool {
for cidr in &self.cidr_range_denylist {
if cidr.includes(ip) {
return false;
@ -410,24 +400,13 @@ impl Service<'_> {
true
}
pub(crate) fn shutdown(&self) {
self.shutdown.store(true, atomic::Ordering::Relaxed);
// On shutdown
if self.unix_socket_path().is_some() {
match &self.unix_socket_path() {
Some(path) => {
fs::remove_file(path).unwrap();
},
None => error!(
"Unable to remove socket file at {:?} during shutdown.",
&self.unix_socket_path()
),
};
};
info!(target: "shutdown-sync", "Received shutdown notification, notifying sync helpers...");
services().globals.rotate.fire();
}
}
#[inline]
#[must_use]
pub fn server_is_ours(server_name: &ServerName) -> bool { server_name == services().globals.config.server_name }
/// checks if `user_id` is local to us via server_name comparison
#[inline]
#[must_use]
pub fn user_is_local(user_id: &UserId) -> bool { server_is_ours(user_id.server_name()) }

18
src/service/globals/resolver.rs
View file

@ -17,21 +17,21 @@ use crate::{service::sending::FedDest, Config, Error};
pub(crate) type WellKnownMap = HashMap<OwnedServerName, (FedDest, String)>;
type TlsNameMap = HashMap<String, (Vec<IpAddr>, u16)>;
pub(crate) struct Resolver {
pub(crate) destinations: Arc<RwLock<WellKnownMap>>, // actual_destination, host
pub(crate) overrides: Arc<StdRwLock<TlsNameMap>>,
pub(crate) resolver: Arc<TokioAsyncResolver>,
pub(crate) hooked: Arc<Hooked>,
pub struct Resolver {
pub destinations: Arc<RwLock<WellKnownMap>>, // actual_destination, host
pub overrides: Arc<StdRwLock<TlsNameMap>>,
pub resolver: Arc<TokioAsyncResolver>,
pub hooked: Arc<Hooked>,
}
pub(crate) struct Hooked {
pub(crate) overrides: Arc<StdRwLock<TlsNameMap>>,
pub(crate) resolver: Arc<TokioAsyncResolver>,
pub struct Hooked {
pub overrides: Arc<StdRwLock<TlsNameMap>>,
pub resolver: Arc<TokioAsyncResolver>,
}
impl Resolver {
#[allow(clippy::as_conversions, clippy::cast_sign_loss, clippy::cast_possible_truncation)]
pub(crate) fn new(config: &Config) -> Self {
pub fn new(config: &Config) -> Self {
let (sys_conf, mut opts) = hickory_resolver::system_conf::read_system_conf()
.map_err(|e| {
error!("Failed to set up hickory dns resolver with system config: {}", e);

76
src/service/globals/updates.rs Normal file
View file

@ -0,0 +1,76 @@
use std::time::Duration;
use ruma::events::room::message::RoomMessageEventContent;
use serde::Deserialize;
use tokio::{task::JoinHandle, time::interval};
use tracing::{debug, error};
use crate::{
conduit::{Error, Result},
services,
};
#[derive(Deserialize)]
struct CheckForUpdatesResponseEntry {
id: u64,
date: String,
message: String,
}
#[derive(Deserialize)]
struct CheckForUpdatesResponse {
updates: Vec<CheckForUpdatesResponseEntry>,
}
#[tracing::instrument]
pub async fn start_check_for_updates_task() -> Result<JoinHandle<()>> {
let timer_interval = Duration::from_secs(7200); // 2 hours
Ok(services().server.runtime().spawn(async move {
let mut i = interval(timer_interval);
loop {
tokio::select! {
_ = i.tick() => {
debug!(target: "start_check_for_updates_task", "Timer ticked");
},
}
_ = try_handle_updates().await;
}
}))
}
async fn try_handle_updates() -> Result<()> {
let response = services()
.globals
.client
.default
.get("https://pupbrain.dev/check-for-updates/stable")
.send()
.await?;
let response = serde_json::from_str::<CheckForUpdatesResponse>(&response.text().await?).map_err(|e| {
error!("Bad check for updates response: {e}");
Error::BadServerResponse("Bad version check response")
})?;
let mut last_update_id = services().globals.last_check_for_updates_id()?;
for update in response.updates {
last_update_id = last_update_id.max(update.id);
if update.id > services().globals.last_check_for_updates_id()? {
error!("{}", update.message);
services()
.admin
.send_message(RoomMessageEventContent::text_plain(format!(
"@room: the following is a message from the conduwuit puppy. it was sent on '{}':\n\n{}",
update.date, update.message
)))
.await;
}
}
services()
.globals
.update_check_for_updates_id(last_update_id)?;
Ok(())
}