mirror of
https://github.com/1f349/dendrite.git
synced 2024-11-09 22:42:58 +00:00
Add ability to disable federation (#1604)
* Allow disabling federation * Don't start federation queues if disabled * Fix for Go 1.13
This commit is contained in:
parent
b4c3692dcc
commit
bdf6490375
@ -60,6 +60,10 @@ global:
|
|||||||
- matrix.org
|
- matrix.org
|
||||||
- vector.im
|
- vector.im
|
||||||
|
|
||||||
|
# Disables federation. Dendrite will not be able to make any outbound HTTP requests
|
||||||
|
# to other servers and the federation API will not be exposed.
|
||||||
|
disable_federation: false
|
||||||
|
|
||||||
# Configuration for Kafka/Naffka.
|
# Configuration for Kafka/Naffka.
|
||||||
kafka:
|
kafka:
|
||||||
# List of Kafka broker addresses to connect to. This is not needed if using
|
# List of Kafka broker addresses to connect to. This is not needed if using
|
||||||
|
@ -59,8 +59,8 @@ func NewInternalAPI(
|
|||||||
consumer, _ := kafka.SetupConsumerProducer(&cfg.Matrix.Kafka)
|
consumer, _ := kafka.SetupConsumerProducer(&cfg.Matrix.Kafka)
|
||||||
|
|
||||||
queues := queue.NewOutgoingQueues(
|
queues := queue.NewOutgoingQueues(
|
||||||
federationSenderDB, cfg.Matrix.ServerName, federation,
|
federationSenderDB, cfg.Matrix.DisableFederation,
|
||||||
rsAPI, stats,
|
cfg.Matrix.ServerName, federation, rsAPI, stats,
|
||||||
&queue.SigningInfo{
|
&queue.SigningInfo{
|
||||||
KeyID: cfg.Matrix.KeyID,
|
KeyID: cfg.Matrix.KeyID,
|
||||||
PrivateKey: cfg.Matrix.PrivateKey,
|
PrivateKey: cfg.Matrix.PrivateKey,
|
||||||
|
@ -34,6 +34,7 @@ import (
|
|||||||
// matrix servers
|
// matrix servers
|
||||||
type OutgoingQueues struct {
|
type OutgoingQueues struct {
|
||||||
db storage.Database
|
db storage.Database
|
||||||
|
disabled bool
|
||||||
rsAPI api.RoomserverInternalAPI
|
rsAPI api.RoomserverInternalAPI
|
||||||
origin gomatrixserverlib.ServerName
|
origin gomatrixserverlib.ServerName
|
||||||
client *gomatrixserverlib.FederationClient
|
client *gomatrixserverlib.FederationClient
|
||||||
@ -46,6 +47,7 @@ type OutgoingQueues struct {
|
|||||||
// NewOutgoingQueues makes a new OutgoingQueues
|
// NewOutgoingQueues makes a new OutgoingQueues
|
||||||
func NewOutgoingQueues(
|
func NewOutgoingQueues(
|
||||||
db storage.Database,
|
db storage.Database,
|
||||||
|
disabled bool,
|
||||||
origin gomatrixserverlib.ServerName,
|
origin gomatrixserverlib.ServerName,
|
||||||
client *gomatrixserverlib.FederationClient,
|
client *gomatrixserverlib.FederationClient,
|
||||||
rsAPI api.RoomserverInternalAPI,
|
rsAPI api.RoomserverInternalAPI,
|
||||||
@ -53,6 +55,7 @@ func NewOutgoingQueues(
|
|||||||
signing *SigningInfo,
|
signing *SigningInfo,
|
||||||
) *OutgoingQueues {
|
) *OutgoingQueues {
|
||||||
queues := &OutgoingQueues{
|
queues := &OutgoingQueues{
|
||||||
|
disabled: disabled,
|
||||||
db: db,
|
db: db,
|
||||||
rsAPI: rsAPI,
|
rsAPI: rsAPI,
|
||||||
origin: origin,
|
origin: origin,
|
||||||
@ -62,28 +65,30 @@ func NewOutgoingQueues(
|
|||||||
queues: map[gomatrixserverlib.ServerName]*destinationQueue{},
|
queues: map[gomatrixserverlib.ServerName]*destinationQueue{},
|
||||||
}
|
}
|
||||||
// Look up which servers we have pending items for and then rehydrate those queues.
|
// Look up which servers we have pending items for and then rehydrate those queues.
|
||||||
time.AfterFunc(time.Second*5, func() {
|
if !disabled {
|
||||||
serverNames := map[gomatrixserverlib.ServerName]struct{}{}
|
time.AfterFunc(time.Second*5, func() {
|
||||||
if names, err := db.GetPendingPDUServerNames(context.Background()); err == nil {
|
serverNames := map[gomatrixserverlib.ServerName]struct{}{}
|
||||||
for _, serverName := range names {
|
if names, err := db.GetPendingPDUServerNames(context.Background()); err == nil {
|
||||||
serverNames[serverName] = struct{}{}
|
for _, serverName := range names {
|
||||||
|
serverNames[serverName] = struct{}{}
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
log.WithError(err).Error("Failed to get PDU server names for destination queue hydration")
|
||||||
}
|
}
|
||||||
} else {
|
if names, err := db.GetPendingEDUServerNames(context.Background()); err == nil {
|
||||||
log.WithError(err).Error("Failed to get PDU server names for destination queue hydration")
|
for _, serverName := range names {
|
||||||
}
|
serverNames[serverName] = struct{}{}
|
||||||
if names, err := db.GetPendingEDUServerNames(context.Background()); err == nil {
|
}
|
||||||
for _, serverName := range names {
|
} else {
|
||||||
serverNames[serverName] = struct{}{}
|
log.WithError(err).Error("Failed to get EDU server names for destination queue hydration")
|
||||||
}
|
}
|
||||||
} else {
|
for serverName := range serverNames {
|
||||||
log.WithError(err).Error("Failed to get EDU server names for destination queue hydration")
|
if !queues.getQueue(serverName).statistics.Blacklisted() {
|
||||||
}
|
queues.getQueue(serverName).wakeQueueIfNeeded()
|
||||||
for serverName := range serverNames {
|
}
|
||||||
if !queues.getQueue(serverName).statistics.Blacklisted() {
|
|
||||||
queues.getQueue(serverName).wakeQueueIfNeeded()
|
|
||||||
}
|
}
|
||||||
}
|
})
|
||||||
})
|
}
|
||||||
return queues
|
return queues
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -122,6 +127,9 @@ func (oqs *OutgoingQueues) SendEvent(
|
|||||||
ev *gomatrixserverlib.HeaderedEvent, origin gomatrixserverlib.ServerName,
|
ev *gomatrixserverlib.HeaderedEvent, origin gomatrixserverlib.ServerName,
|
||||||
destinations []gomatrixserverlib.ServerName,
|
destinations []gomatrixserverlib.ServerName,
|
||||||
) error {
|
) error {
|
||||||
|
if oqs.disabled {
|
||||||
|
return fmt.Errorf("federation is disabled")
|
||||||
|
}
|
||||||
if origin != oqs.origin {
|
if origin != oqs.origin {
|
||||||
// TODO: Support virtual hosting; gh issue #577.
|
// TODO: Support virtual hosting; gh issue #577.
|
||||||
return fmt.Errorf(
|
return fmt.Errorf(
|
||||||
@ -181,6 +189,9 @@ func (oqs *OutgoingQueues) SendEDU(
|
|||||||
e *gomatrixserverlib.EDU, origin gomatrixserverlib.ServerName,
|
e *gomatrixserverlib.EDU, origin gomatrixserverlib.ServerName,
|
||||||
destinations []gomatrixserverlib.ServerName,
|
destinations []gomatrixserverlib.ServerName,
|
||||||
) error {
|
) error {
|
||||||
|
if oqs.disabled {
|
||||||
|
return fmt.Errorf("federation is disabled")
|
||||||
|
}
|
||||||
if origin != oqs.origin {
|
if origin != oqs.origin {
|
||||||
// TODO: Support virtual hosting; gh issue #577.
|
// TODO: Support virtual hosting; gh issue #577.
|
||||||
return fmt.Errorf(
|
return fmt.Errorf(
|
||||||
@ -243,6 +254,9 @@ func (oqs *OutgoingQueues) SendEDU(
|
|||||||
|
|
||||||
// RetryServer attempts to resend events to the given server if we had given up.
|
// RetryServer attempts to resend events to the given server if we had given up.
|
||||||
func (oqs *OutgoingQueues) RetryServer(srv gomatrixserverlib.ServerName) {
|
func (oqs *OutgoingQueues) RetryServer(srv gomatrixserverlib.ServerName) {
|
||||||
|
if oqs.disabled {
|
||||||
|
return
|
||||||
|
}
|
||||||
q := oqs.getQueue(srv)
|
q := oqs.getQueue(srv)
|
||||||
if q == nil {
|
if q == nil {
|
||||||
return
|
return
|
||||||
|
@ -34,6 +34,10 @@ type Global struct {
|
|||||||
// Defaults to 24 hours.
|
// Defaults to 24 hours.
|
||||||
KeyValidityPeriod time.Duration `yaml:"key_validity_period"`
|
KeyValidityPeriod time.Duration `yaml:"key_validity_period"`
|
||||||
|
|
||||||
|
// Disables federation. Dendrite will not be able to make any outbound HTTP requests
|
||||||
|
// to other servers and the federation API will not be exposed.
|
||||||
|
DisableFederation bool `yaml:"disable_federation"`
|
||||||
|
|
||||||
// List of domains that the server will trust as identity servers to
|
// List of domains that the server will trust as identity servers to
|
||||||
// verify third-party identifiers.
|
// verify third-party identifiers.
|
||||||
// Defaults to an empty array.
|
// Defaults to an empty array.
|
||||||
|
@ -249,6 +249,9 @@ func (b *BaseDendrite) CreateAccountsDB() accounts.Database {
|
|||||||
// CreateClient creates a new client (normally used for media fetch requests).
|
// CreateClient creates a new client (normally used for media fetch requests).
|
||||||
// Should only be called once per component.
|
// Should only be called once per component.
|
||||||
func (b *BaseDendrite) CreateClient() *gomatrixserverlib.Client {
|
func (b *BaseDendrite) CreateClient() *gomatrixserverlib.Client {
|
||||||
|
if b.Cfg.Global.DisableFederation {
|
||||||
|
return gomatrixserverlib.NewClientWithTransport(noOpHTTPTransport)
|
||||||
|
}
|
||||||
client := gomatrixserverlib.NewClient(
|
client := gomatrixserverlib.NewClient(
|
||||||
b.Cfg.FederationSender.DisableTLSValidation,
|
b.Cfg.FederationSender.DisableTLSValidation,
|
||||||
)
|
)
|
||||||
@ -259,6 +262,12 @@ func (b *BaseDendrite) CreateClient() *gomatrixserverlib.Client {
|
|||||||
// CreateFederationClient creates a new federation client. Should only be called
|
// CreateFederationClient creates a new federation client. Should only be called
|
||||||
// once per component.
|
// once per component.
|
||||||
func (b *BaseDendrite) CreateFederationClient() *gomatrixserverlib.FederationClient {
|
func (b *BaseDendrite) CreateFederationClient() *gomatrixserverlib.FederationClient {
|
||||||
|
if b.Cfg.Global.DisableFederation {
|
||||||
|
return gomatrixserverlib.NewFederationClientWithTransport(
|
||||||
|
b.Cfg.Global.ServerName, b.Cfg.Global.KeyID, b.Cfg.Global.PrivateKey,
|
||||||
|
b.Cfg.FederationSender.DisableTLSValidation, noOpHTTPTransport,
|
||||||
|
)
|
||||||
|
}
|
||||||
client := gomatrixserverlib.NewFederationClientWithTimeout(
|
client := gomatrixserverlib.NewFederationClientWithTimeout(
|
||||||
b.Cfg.Global.ServerName, b.Cfg.Global.KeyID, b.Cfg.Global.PrivateKey,
|
b.Cfg.Global.ServerName, b.Cfg.Global.KeyID, b.Cfg.Global.PrivateKey,
|
||||||
b.Cfg.FederationSender.DisableTLSValidation, time.Minute*5,
|
b.Cfg.FederationSender.DisableTLSValidation, time.Minute*5,
|
||||||
@ -308,8 +317,10 @@ func (b *BaseDendrite) SetupAndServeHTTP(
|
|||||||
}
|
}
|
||||||
|
|
||||||
externalRouter.PathPrefix(httputil.PublicClientPathPrefix).Handler(b.PublicClientAPIMux)
|
externalRouter.PathPrefix(httputil.PublicClientPathPrefix).Handler(b.PublicClientAPIMux)
|
||||||
externalRouter.PathPrefix(httputil.PublicKeyPathPrefix).Handler(b.PublicKeyAPIMux)
|
if !b.Cfg.Global.DisableFederation {
|
||||||
externalRouter.PathPrefix(httputil.PublicFederationPathPrefix).Handler(b.PublicFederationAPIMux)
|
externalRouter.PathPrefix(httputil.PublicKeyPathPrefix).Handler(b.PublicKeyAPIMux)
|
||||||
|
externalRouter.PathPrefix(httputil.PublicFederationPathPrefix).Handler(b.PublicFederationAPIMux)
|
||||||
|
}
|
||||||
externalRouter.PathPrefix(httputil.PublicMediaPathPrefix).Handler(b.PublicMediaAPIMux)
|
externalRouter.PathPrefix(httputil.PublicMediaPathPrefix).Handler(b.PublicMediaAPIMux)
|
||||||
|
|
||||||
if internalAddr != NoListener && internalAddr != externalAddr {
|
if internalAddr != NoListener && internalAddr != externalAddr {
|
||||||
|
32
internal/setup/federation.go
Normal file
32
internal/setup/federation.go
Normal file
@ -0,0 +1,32 @@
|
|||||||
|
package setup
|
||||||
|
|
||||||
|
import (
|
||||||
|
"context"
|
||||||
|
"fmt"
|
||||||
|
"net"
|
||||||
|
"net/http"
|
||||||
|
)
|
||||||
|
|
||||||
|
// noOpHTTPTransport is used to disable federation.
|
||||||
|
var noOpHTTPTransport = &http.Transport{
|
||||||
|
Dial: func(_, _ string) (net.Conn, error) {
|
||||||
|
return nil, fmt.Errorf("federation prohibited by configuration")
|
||||||
|
},
|
||||||
|
DialContext: func(_ context.Context, _, _ string) (net.Conn, error) {
|
||||||
|
return nil, fmt.Errorf("federation prohibited by configuration")
|
||||||
|
},
|
||||||
|
DialTLS: func(_, _ string) (net.Conn, error) {
|
||||||
|
return nil, fmt.Errorf("federation prohibited by configuration")
|
||||||
|
},
|
||||||
|
}
|
||||||
|
|
||||||
|
func init() {
|
||||||
|
noOpHTTPTransport.RegisterProtocol("matrix", &noOpHTTPRoundTripper{})
|
||||||
|
}
|
||||||
|
|
||||||
|
type noOpHTTPRoundTripper struct {
|
||||||
|
}
|
||||||
|
|
||||||
|
func (y *noOpHTTPRoundTripper) RoundTrip(req *http.Request) (*http.Response, error) {
|
||||||
|
return nil, fmt.Errorf("federation prohibited by configuration")
|
||||||
|
}
|
Loading…
Reference in New Issue
Block a user