magmaus3/continuwuity
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

apply new rustfmt.toml changes, fix some clippy lints

Browse source 
Signed-off-by: strawberry <strawberry@puppygock.gay>
This commit is contained in:
strawberry 2024-12-15 00:05:47 -05:00
parent 0317cc8cc5
commit 77e0b76408
No known key found for this signature in database
296 changed files with 7147 additions and 4300 deletions
Download patch file Download diff file Expand all files Collapse all files

97
src/core/config/check.rs
View file

@ -16,18 +16,24 @@ pub fn check(config: &Config) -> Result<()> {
warn_unknown_key(config);
if config.sentry && config.sentry_endpoint.is_none() {
return Err!(Config("sentry_endpoint", "Sentry cannot be enabled without an endpoint set"));
return Err!(Config(
"sentry_endpoint",
"Sentry cannot be enabled without an endpoint set"
));
}
if cfg!(all(feature = "hardened_malloc", feature = "jemalloc")) {
info!("hardened_malloc and jemalloc compile-time features are both enabled, this causes jemalloc to be used.");
info!(
"hardened_malloc and jemalloc compile-time features are both enabled, this causes \
jemalloc to be used."
);
}
if cfg!(not(unix)) && config.unix_socket_path.is_some() {
return Err!(Config(
"unix_socket_path",
"UNIX socket support is only available on *nix platforms. Please remove 'unix_socket_path' from your \
config."
"UNIX socket support is only available on *nix platforms. Please remove \
'unix_socket_path' from your config."
));
}
@ -44,30 +50,36 @@ pub fn check(config: &Config) -> Result<()> {
use std::path::Path;
if addr.ip().is_loopback() {
debug_info!("Found loopback listening address {addr}, running checks if we're in a container.");
debug_info!(
"Found loopback listening address {addr}, running checks if we're in a \
container."
);
if Path::new("/proc/vz").exists() /* Guest */ && !Path::new("/proc/bz").exists()
/* Host */
{
error!(
"You are detected using OpenVZ with a loopback/localhost listening address of {addr}. If you \
are using OpenVZ for containers and you use NAT-based networking to communicate with the \
host and guest, this will NOT work. Please change this to \"0.0.0.0\". If this is expected, \
you can ignore.",
"You are detected using OpenVZ with a loopback/localhost listening \
address of {addr}. If you are using OpenVZ for containers and you use \
NAT-based networking to communicate with the host and guest, this will \
NOT work. Please change this to \"0.0.0.0\". If this is expected, you \
can ignore.",
);
} else if Path::new("/.dockerenv").exists() {
error!(
"You are detected using Docker with a loopback/localhost listening address of {addr}. If you \
are using a reverse proxy on the host and require communication to conduwuit in the Docker \
container via NAT-based networking, this will NOT work. Please change this to \"0.0.0.0\". \
If this is expected, you can ignore.",
"You are detected using Docker with a loopback/localhost listening \
address of {addr}. If you are using a reverse proxy on the host and \
require communication to conduwuit in the Docker container via \
NAT-based networking, this will NOT work. Please change this to \
\"0.0.0.0\". If this is expected, you can ignore.",
);
} else if Path::new("/run/.containerenv").exists() {
error!(
"You are detected using Podman with a loopback/localhost listening address of {addr}. If you \
are using a reverse proxy on the host and require communication to conduwuit in the Podman \
container via NAT-based networking, this will NOT work. Please change this to \"0.0.0.0\". \
If this is expected, you can ignore.",
"You are detected using Podman with a loopback/localhost listening \
address of {addr}. If you are using a reverse proxy on the host and \
require communication to conduwuit in the Podman container via \
NAT-based networking, this will NOT work. Please change this to \
\"0.0.0.0\". If this is expected, you can ignore.",
);
}
}
@ -93,7 +105,8 @@ pub fn check(config: &Config) -> Result<()> {
if config.emergency_password == Some(String::from("F670$2CP@Hw8mG7RY1$%!#Ic7YA")) {
return Err!(Config(
"emergency_password",
"The public example emergency password is being used, this is insecure. Please change this."
"The public example emergency password is being used, this is insecure. Please \
change this."
));
}
@ -124,7 +137,8 @@ pub fn check(config: &Config) -> Result<()> {
if config.max_request_size < 10_000_000 {
return Err!(Config(
"max_request_size",
"Max request size is less than 10MB. Please increase it as this is too low for operable federation."
"Max request size is less than 10MB. Please increase it as this is too low for \
operable federation."
));
}
@ -145,11 +159,12 @@ pub fn check(config: &Config) -> Result<()> {
{
return Err!(Config(
"registration_token",
"!! You have `allow_registration` enabled without a token configured in your config which means you are \
allowing ANYONE to register on your conduwuit instance without any 2nd-step (e.g. registration token). \
If this is not the intended behaviour, please set a registration token. For security and safety reasons, \
conduwuit will shut down. If you are extra sure this is the desired behaviour you want, please set the \
following config option to true:
"!! You have `allow_registration` enabled without a token configured in your config \
which means you are allowing ANYONE to register on your conduwuit instance without \
any 2nd-step (e.g. registration token). If this is not the intended behaviour, \
please set a registration token. For security and safety reasons, conduwuit will \
shut down. If you are extra sure this is the desired behaviour you want, please \
set the following config option to true:
`yes_i_am_very_very_sure_i_want_an_open_registration_server_prone_to_abuse`"
));
}
@ -161,17 +176,18 @@ pub fn check(config: &Config) -> Result<()> {
{
warn!(
"Open registration is enabled via setting \
`yes_i_am_very_very_sure_i_want_an_open_registration_server_prone_to_abuse` and `allow_registration` to \
true without a registration token configured. You are expected to be aware of the risks now. If this is \
not the desired behaviour, please set a registration token."
`yes_i_am_very_very_sure_i_want_an_open_registration_server_prone_to_abuse` and \
`allow_registration` to true without a registration token configured. You are \
expected to be aware of the risks now. If this is not the desired behaviour, \
please set a registration token."
);
}
if config.allow_outgoing_presence && !config.allow_local_presence {
return Err!(Config(
"allow_local_presence",
"Outgoing presence requires allowing local presence. Please enable 'allow_local_presence' or disable \
outgoing presence."
"Outgoing presence requires allowing local presence. Please enable \
'allow_local_presence' or disable outgoing presence."
));
}
@ -180,9 +196,10 @@ pub fn check(config: &Config) -> Result<()> {
.contains(&"*".to_owned())
{
warn!(
"All URLs are allowed for URL previews via setting \"url_preview_domain_contains_allowlist\" to \"*\". \
This opens up significant attack surface to your server. You are expected to be aware of the risks by \
doing this."
"All URLs are allowed for URL previews via setting \
\"url_preview_domain_contains_allowlist\" to \"*\". This opens up significant \
attack surface to your server. You are expected to be aware of the risks by doing \
this."
);
}
if config
@ -190,9 +207,10 @@ pub fn check(config: &Config) -> Result<()> {
.contains(&"*".to_owned())
{
warn!(
"All URLs are allowed for URL previews via setting \"url_preview_domain_explicit_allowlist\" to \"*\". \
This opens up significant attack surface to your server. You are expected to be aware of the risks by \
doing this."
"All URLs are allowed for URL previews via setting \
\"url_preview_domain_explicit_allowlist\" to \"*\". This opens up significant \
attack surface to your server. You are expected to be aware of the risks by doing \
this."
);
}
if config
@ -200,9 +218,9 @@ pub fn check(config: &Config) -> Result<()> {
.contains(&"*".to_owned())
{
warn!(
"All URLs are allowed for URL previews via setting \"url_preview_url_contains_allowlist\" to \"*\". This \
opens up significant attack surface to your server. You are expected to be aware of the risks by doing \
this."
"All URLs are allowed for URL previews via setting \
\"url_preview_url_contains_allowlist\" to \"*\". This opens up significant attack \
surface to your server. You are expected to be aware of the risks by doing this."
);
}
@ -260,7 +278,8 @@ pub(super) fn is_dual_listening(raw_config: &Figment) -> Result<()> {
let contains_unix_socket = raw_config.contains("unix_socket_path");
if contains_address && contains_unix_socket {
return Err!(
"TOML keys \"address\" and \"unix_socket_path\" were both defined. Please specify only one option."
"TOML keys \"address\" and \"unix_socket_path\" were both defined. Please specify \
only one option."
);
}

87
src/core/config/mod.rs
View file

@ -18,8 +18,8 @@ pub use figment::{value::Value as FigmentValue, Figment};
use itertools::Itertools;
use regex::RegexSet;
use ruma::{
api::client::discovery::discover_support::ContactRole, OwnedRoomOrAliasId, OwnedServerName, OwnedUserId,
RoomVersionId,
api::client::discovery::discover_support::ContactRole, OwnedRoomOrAliasId, OwnedServerName,
OwnedUserId, RoomVersionId,
};
use serde::{de::IgnoredAny, Deserialize};
use url::Url;
@ -181,7 +181,10 @@ pub struct Config {
/// are scaled by your CPU core count.
///
/// default: 1.0
#[serde(default = "default_cache_capacity_modifier", alias = "conduit_cache_capacity_modifier")]
#[serde(
default = "default_cache_capacity_modifier",
alias = "conduit_cache_capacity_modifier"
)]
pub cache_capacity_modifier: f64,
/// default: varies by system
@ -1555,7 +1558,8 @@ pub struct Config {
pub db_pool_queue_size: usize,
#[serde(flatten)]
#[allow(clippy::zero_sized_map_values)] // this is a catchall, the map shouldn't be zero at runtime
#[allow(clippy::zero_sized_map_values)]
// this is a catchall, the map shouldn't be zero at runtime
catchall: BTreeMap<String, IgnoredAny>,
}
@ -1676,15 +1680,15 @@ impl Config {
fn get_bind_hosts(&self) -> Vec<IpAddr> {
match &self.address.addrs {
Left(addr) => vec![*addr],
Right(addrs) => addrs.clone(),
| Left(addr) => vec![*addr],
| Right(addrs) => addrs.clone(),
}
}
fn get_bind_ports(&self) -> Vec<u16> {
match &self.port.ports {
Left(port) => vec![*port],
Right(ports) => ports.clone(),
| Left(port) => vec![*port],
| Right(ports) => ports.clone(),
}
}
@ -1756,9 +1760,13 @@ impl fmt::Display for Config {
line("Allow registration", &self.allow_registration.to_string());
line(
"Registration token",
if self.registration_token.is_none() && self.registration_token_file.is_none() && self.allow_registration {
if self.registration_token.is_none()
&& self.registration_token_file.is_none()
&& self.allow_registration
{
"not set (⚠️ open registration!)"
} else if self.registration_token.is_none() && self.registration_token_file.is_none() {
} else if self.registration_token.is_none() && self.registration_token_file.is_none()
{
"not set"
} else {
"set"
@ -1811,7 +1819,8 @@ impl fmt::Display for Config {
&self.allow_outgoing_read_receipts.to_string(),
);
line(
"Block non-admin room invites (local and remote, admins can still send and receive invites)",
"Block non-admin room invites (local and remote, admins can still send and receive \
invites)",
&self.block_non_admin_invites.to_string(),
);
line("Enable admin escape commands", &self.admin_escape_commands.to_string());
@ -1859,13 +1868,10 @@ impl fmt::Display for Config {
"Lockdown public room directory (only allow admins to publish)",
&self.lockdown_public_room_directory.to_string(),
);
line(
"JWT secret",
match self.jwt_secret {
Some(_) => "set",
None => "not set",
},
);
line("JWT secret", match self.jwt_secret {
| Some(_) => "set",
| None => "not set",
});
line(
"Trusted key servers",
&self
@ -1979,7 +1985,8 @@ impl fmt::Display for Config {
&lst.join(", ")
});
line("Forbidden Remote Room Directory Server Names", {
let mut lst = Vec::with_capacity(self.forbidden_remote_room_directory_server_names.len());
let mut lst =
Vec::with_capacity(self.forbidden_remote_room_directory_server_names.len());
for domain in &self.forbidden_remote_room_directory_server_names {
lst.push(domain.host());
}
@ -2099,11 +2106,7 @@ fn default_address() -> ListeningAddr {
}
}
fn default_port() -> ListeningPort {
ListeningPort {
ports: Left(8008),
}
}
fn default_port() -> ListeningPort { ListeningPort { ports: Left(8008) } }
fn default_unix_socket_perms() -> u32 { 660 }
@ -2115,19 +2118,33 @@ fn default_pdu_cache_capacity() -> u32 { parallelism_scaled_u32(10_000).saturati
fn default_cache_capacity_modifier() -> f64 { 1.0 }
fn default_auth_chain_cache_capacity() -> u32 { parallelism_scaled_u32(10_000).saturating_add(100_000) }
fn default_auth_chain_cache_capacity() -> u32 {
parallelism_scaled_u32(10_000).saturating_add(100_000)
}
fn default_shorteventid_cache_capacity() -> u32 { parallelism_scaled_u32(50_000).saturating_add(100_000) }
fn default_shorteventid_cache_capacity() -> u32 {
parallelism_scaled_u32(50_000).saturating_add(100_000)
}
fn default_eventidshort_cache_capacity() -> u32 { parallelism_scaled_u32(25_000).saturating_add(100_000) }
fn default_eventidshort_cache_capacity() -> u32 {
parallelism_scaled_u32(25_000).saturating_add(100_000)
}
fn default_eventid_pdu_cache_capacity() -> u32 { parallelism_scaled_u32(25_000).saturating_add(100_000) }
fn default_eventid_pdu_cache_capacity() -> u32 {
parallelism_scaled_u32(25_000).saturating_add(100_000)
}
fn default_shortstatekey_cache_capacity() -> u32 { parallelism_scaled_u32(10_000).saturating_add(100_000) }
fn default_shortstatekey_cache_capacity() -> u32 {
parallelism_scaled_u32(10_000).saturating_add(100_000)
}
fn default_statekeyshort_cache_capacity() -> u32 { parallelism_scaled_u32(10_000).saturating_add(100_000) }
fn default_statekeyshort_cache_capacity() -> u32 {
parallelism_scaled_u32(10_000).saturating_add(100_000)
}
fn default_servernameevent_data_cache_capacity() -> u32 { parallelism_scaled_u32(100_000).saturating_add(500_000) }
fn default_servernameevent_data_cache_capacity() -> u32 {
parallelism_scaled_u32(100_000).saturating_add(500_000)
}
fn default_server_visibility_cache_capacity() -> u32 { parallelism_scaled_u32(500) }
@ -2203,7 +2220,9 @@ fn default_jaeger_filter() -> String {
fn default_tracing_flame_output_path() -> String { "./tracing.folded".to_owned() }
fn default_trusted_servers() -> Vec<OwnedServerName> { vec![OwnedServerName::try_from("matrix.org").unwrap()] }
fn default_trusted_servers() -> Vec<OwnedServerName> {
vec![OwnedServerName::try_from("matrix.org").unwrap()]
}
/// do debug logging by default for debug builds
#[must_use]
@ -2332,4 +2351,6 @@ fn default_trusted_server_batch_size() -> usize { 256 }
fn default_db_pool_workers() -> usize { sys::available_parallelism().saturating_mul(4).max(32) }
fn default_db_pool_queue_size() -> usize { sys::available_parallelism().saturating_mul(8).max(256) }
fn default_db_pool_queue_size() -> usize {
sys::available_parallelism().saturating_mul(8).max(256)
}

40
src/core/config/proxy.rs
View file

@ -42,11 +42,9 @@ pub enum ProxyConfig {
impl ProxyConfig {
pub fn to_proxy(&self) -> Result<Option<Proxy>> {
Ok(match self.clone() {
Self::None => None,
Self::Global {
url,
} => Some(Proxy::all(url)?),
Self::ByDomain(proxies) => Some(Proxy::custom(move |url| {
| Self::None => None,
| Self::Global { url } => Some(Proxy::all(url)?),
| Self::ByDomain(proxies) => Some(Proxy::custom(move |url| {
// first matching proxy
proxies.iter().find_map(|proxy| proxy.for_url(url)).cloned()
})),
@ -76,24 +74,26 @@ impl PartialProxyConfig {
for wc_domain in &self.include {
if wc_domain.matches(domain) {
match included_because {
Some(prev) if !wc_domain.more_specific_than(prev) => (),
_ => included_because = Some(wc_domain),
| Some(prev) if !wc_domain.more_specific_than(prev) => (),
| _ => included_because = Some(wc_domain),
}
}
}
for wc_domain in &self.exclude {
if wc_domain.matches(domain) {
match excluded_because {
Some(prev) if !wc_domain.more_specific_than(prev) => (),
_ => excluded_because = Some(wc_domain),
| Some(prev) if !wc_domain.more_specific_than(prev) => (),
| _ => excluded_because = Some(wc_domain),
}
}
}
match (included_because, excluded_because) {
(Some(a), Some(b)) if a.more_specific_than(b) => Some(&self.url), /* included for a more specific reason */
| (Some(a), Some(b)) if a.more_specific_than(b) => Some(&self.url), /* included for
* a more specific
* reason */
// than excluded
(Some(_), None) => Some(&self.url),
_ => None,
| (Some(_), None) => Some(&self.url),
| _ => None,
}
}
}
@ -108,19 +108,19 @@ enum WildCardedDomain {
impl WildCardedDomain {
fn matches(&self, domain: &str) -> bool {
match self {
Self::WildCard => true,
Self::WildCarded(d) => domain.ends_with(d),
Self::Exact(d) => domain == d,
| Self::WildCard => true,
| Self::WildCarded(d) => domain.ends_with(d),
| Self::Exact(d) => domain == d,
}
}
fn more_specific_than(&self, other: &Self) -> bool {
match (self, other) {
(Self::WildCard, Self::WildCard) => false,
(_, Self::WildCard) => true,
(Self::Exact(a), Self::WildCarded(_)) => other.matches(a),
(Self::WildCarded(a), Self::WildCarded(b)) => a != b && a.ends_with(b),
_ => false,
| (Self::WildCard, Self::WildCard) => false,
| (_, Self::WildCard) => true,
| (Self::Exact(a), Self::WildCarded(_)) => other.matches(a),
| (Self::WildCarded(a), Self::WildCarded(b)) => a != b && a.ends_with(b),
| _ => false,
}
}
}