Merge branch 'main' of github.com:matrix-org/dendrite into s7evink/userprofile

2026-01-10 15:43:09 -06:00 · 2022-08-12 07:55:51 +02:00 · 2022-08-12 07:55:51 +02:00 · 16fb3469af
parent bf48442eb7 2b352915a1
commit 16fb3469af
253 changed files with 5852 additions and 4618 deletions
--- a/.github/workflows/dendrite.yml
+++ b/.github/workflows/dendrite.yml
@ -67,7 +67,7 @@ jobs:
    steps:
      - uses: actions/checkout@v3
      - name: golangci-lint
-        uses: golangci/golangci-lint-action@v2
+        uses: golangci/golangci-lint-action@v3
  # run go test with different go versions
  test:
@ -97,7 +97,7 @@ jobs:
    strategy:
      fail-fast: false
      matrix:
-        go: ["1.18"]
+        go: ["1.18", "1.19"]
    steps:
      - uses: actions/checkout@v3
      - name: Setup go
@ -127,7 +127,7 @@ jobs:
    strategy:
      fail-fast: false
      matrix:
-        go: ["1.18"]
+        go: ["1.18", "1.19"]
        goos: ["linux"]
        goarch: ["amd64", "386"]
    steps:
@ -151,6 +151,7 @@ jobs:
          GOOS: ${{ matrix.goos }}
          GOARCH: ${{ matrix.goarch }}
          CGO_ENABLED: 1
          CGO_CFLAGS: -fno-stack-protector
        run: go build -trimpath -v -o "bin/" ./cmd/...
  # build for Windows 64-bit
@ -160,7 +161,7 @@ jobs:
    runs-on: ubuntu-latest
    strategy:
      matrix:
-        go: ["1.18"]
+        go: ["1.18", "1.19"]
        goos: ["windows"]
        goarch: ["amd64"]
    steps:
@ -223,6 +224,31 @@ jobs:
      - name: Test upgrade
        run: ./dendrite-upgrade-tests --head .
  # run database upgrade tests, skipping over one version
  upgrade_test_direct:
    name: Upgrade tests from HEAD-2
    timeout-minutes: 20
    needs: initial-tests-done
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
      - name: Setup go
        uses: actions/setup-go@v2
        with:
          go-version: "1.18"
      - uses: actions/cache@v3
        with:
          path: |
            ~/.cache/go-build
            ~/go/pkg/mod
          key: ${{ runner.os }}-go-upgrade-${{ hashFiles('**/go.sum') }}
          restore-keys: |
            ${{ runner.os }}-go-upgrade
      - name: Build upgrade-tests
        run: go build ./cmd/dendrite-upgrade-tests
      - name: Test upgrade
        run: ./dendrite-upgrade-tests -direct -from HEAD-2 --head .
  # run Sytest in different variations
  sytest:
    timeout-minutes: 20
@ -359,7 +385,14 @@ jobs:
  integration-tests-done:
    name: Integration tests passed
-    needs: [initial-tests-done, upgrade_test, sytest, complement]
+    needs:
      [
        initial-tests-done,
        upgrade_test,
        upgrade_test_direct,
        sytest,
        complement,
      ]
    runs-on: ubuntu-latest
    if: ${{ !cancelled() }} # Run this even if prior jobs were skipped
    steps:
--- a/CHANGES.md
+++ b/CHANGES.md
@ -1,5 +1,49 @@
 # Changelog
 ## Dendrite 0.9.1 (2022-08-03)
 ### Fixes
 * Upgrades a dependency which caused issues building Dendrite with Go 1.19
 * The roomserver will no longer give up prematurely after failing to call `/state_ids`
 * Removes the faulty room info cache, which caused of a number of race conditions and occasional bugs (including when creating and joining rooms)
 * The media endpoint now sets the `Cache-Control` header correctly to prevent web-based clients from hitting media endpoints excessively
 * The sync API will now advance the PDU stream position correctly in all cases (contributed by [sergekh2](https://github.com/sergekh2))
 * The sync API will now delete the correct range of send-to-device messages when advancing the stream position
 * The device list `changed` key in the `/sync` response should now return the correct users 
 * A data race when looking up missing state has been fixed
 * The `/send_join` API is now applying stronger validation to the received membership event
 ## Dendrite 0.9.0 (2022-08-01)
 ### Features
 * Dendrite now uses Ristretto for managing in-memory caches
  * Should improve cache utilisation considerably over time by more intelligently selecting and managing cache entries compared to the previous LRU-based cache
  * Defaults to a 1GB cache size if not configured otherwise
  * The estimated cache size in memory and maximum age can now be configured with new [configuration options](https://github.com/matrix-org/dendrite/blob/e94ef84aaba30e12baf7f524c4e7a36d2fdeb189/dendrite-sample.monolith.yaml#L44-L61) to prevent unbounded cache growth
 * Added support for serving the `/.well-known/matrix/client` hint directly from Dendrite
  * Configurable with the new [configuration option](https://github.com/matrix-org/dendrite/blob/e94ef84aaba30e12baf7f524c4e7a36d2fdeb189/dendrite-sample.monolith.yaml#L67-L69)
 * Refactored membership updater, which should eliminate some bugs caused by the membership table getting out of sync with the room state
 * The User API is now responsible for sending account data updates to other components, which may fix some races and duplicate account data events
 * Optimised database query for checking whether a remote server is allowed to request an event over federation without using anywhere near as much CPU time (PostgreSQL only)
 * Database migrations have been refactored to eliminate some problems that were present with `goose` and upgrading from older Dendrite versions
 * Media fetching will now use the `/v3` endpoints for downloading media from remote homeservers
 * HTTP 404 and HTTP 405 errors from the client-facing APIs should now be returned with CORS headers so that web-based clients do not produce incorrect access control warnings for unknown endpoints
 * Some preparation work for full history visibility support
 ### Fixes
 * Fixes a crash that could occur during event redaction
 * The `/members` endpoint will no longer incorrectly return HTTP 500 as a result of some invite events
 * Send-to-device messages should now be ordered more reliably and the last position in the stream updated correctly
 * Parsing of appservice configuration files is now less strict (contributed by [Kab1r](https://github.com/Kab1r))
 * The sync API should now identify shared users correctly when waking up for E2EE key changes
 * The federation `/state` endpoint will now return a HTTP 403 when the state before an event isn't known instead of a HTTP 500
 * Presence timestamps should now be calculated with the correct precision
 * A race condition in the roomserver's room info has been fixed
 * A race condition in the sync API has been fixed
 ## Dendrite 0.8.9 (2022-07-01)
 ### Features
--- a/README.md
+++ b/README.md
@ -21,8 +21,7 @@ As of October 2020 (current [progress below](#progress)), Dendrite has now enter
 This does not mean:
 - Dendrite is bug-free. It has not yet been battle-tested in the real world and so will be error prone initially.
- All of the CS/Federation APIs are implemented. We are tracking progress via a script called 'Are We Synapse Yet?'. In particular,
+- Dendrite is feature-complete. There may be client or federation APIs that are not implemented.
  presence and push notifications are entirely missing from Dendrite. See [CHANGES.md](CHANGES.md) for updates.
 - Dendrite is ready for massive homeserver deployments. You cannot shard each microservice, only run each one on a different machine.
 Currently, we expect Dendrite to function well for small (10s/100s of users) homeserver deployments as well as P2P Matrix nodes in-browser or on mobile devices.
@ -36,6 +35,9 @@ If you have further questions, please take a look at [our FAQ](docs/FAQ.md) or j
 ## Requirements
 See the [Planning your Installation](https://matrix-org.github.io/dendrite/installation/planning) page for
 more information on requirements.
 To build Dendrite, you will need Go 1.18 or later.
 For a usable federating Dendrite deployment, you will also need:
@ -83,11 +85,11 @@ $ ./bin/create-account --config dendrite.yaml -username alice
 Then point your favourite Matrix client at `http://localhost:8008` or `https://localhost:8448`.
-## <a id="progress"></a> Progress
+## Progress
 We use a script called Are We Synapse Yet which checks Sytest compliance rates. Sytest is a black-box homeserver
 test rig with around 900 tests. The script works out how many of these tests are passing on Dendrite and it
-updates with CI. As of April 2022 we're at around 83% CS API coverage and 95% Federation coverage, though check
+updates with CI. As of August 2022 we're at around 83% CS API coverage and 95% Federation coverage, though check
 CI for the latest numbers. In practice, this means you can communicate locally and via federation with Synapse
 servers such as matrix.org reasonably well, although there are still some missing features (like Search).
@ -119,53 +121,8 @@ We would be grateful for any help on issues marked as
 all have related Sytests which need to pass in order for the issue to be closed. Once you've written your
 code, you can quickly run Sytest to ensure that the test names are now passing.
-For example, if the test `Local device key changes get to remote servers` was marked as failing, find the
+If you're new to the project, see our
-test file (e.g via `grep` or via the
+[Contributing page](https://matrix-org.github.io/dendrite/development/contributing) to get up to speed, then
 [CI log output](https://buildkite.com/matrix-dot-org/dendrite/builds/2826#39cff5de-e032-4ad0-ad26-f819e6919c42)
 it's `tests/50federation/40devicelists.pl` ) then to run Sytest:
 ```
 docker run --rm --name sytest
 -v "/Users/kegan/github/sytest:/sytest"
 -v "/Users/kegan/github/dendrite:/src"
 -v "/Users/kegan/logs:/logs"
 -v "/Users/kegan/go/:/gopath"
 -e "POSTGRES=1" -e "DENDRITE_TRACE_HTTP=1"
 matrixdotorg/sytest-dendrite:latest tests/50federation/40devicelists.pl
 ```
 See [sytest.md](docs/sytest.md) for the full description of these flags.
 You can try running sytest outside of docker for faster runs, but the dependencies can be temperamental
 and we recommend using docker where possible.
 ```
 cd sytest
 export PERL5LIB=$HOME/lib/perl5
 export PERL_MB_OPT=--install_base=$HOME
 export PERL_MM_OPT=INSTALL_BASE=$HOME
 ./install-deps.pl
 ./run-tests.pl -I Dendrite::Monolith -d $PATH_TO_DENDRITE_BINARIES
 ```
 Sometimes Sytest is testing the wrong thing or is flakey, so it will need to be patched.
 Ask on `#dendrite-dev:matrix.org` if you think this is the case for you and we'll be happy to help.
 If you're new to the project, see [CONTRIBUTING.md](docs/CONTRIBUTING.md) to get up to speed then
 look for [Good First Issues](https://github.com/matrix-org/dendrite/labels/good%20first%20issue). If you're
 familiar with the project, look for [Help Wanted](https://github.com/matrix-org/dendrite/labels/help-wanted)
 issues.
 ## Hardware requirements
 Dendrite in Monolith + SQLite works in a range of environments including iOS and in-browser via WASM.
 For small homeserver installations joined on ~10s rooms on matrix.org with ~100s of users in those rooms, including some
 encrypted rooms:
 - Memory: uses around 100MB of RAM, with peaks at around 200MB.
 - Disk space: After a few months of usage, the database grew to around 2GB (in Monolith mode).
 - CPU: Brief spikes when processing events, typically idles at 1% CPU.
 This means Dendrite should comfortably work on things like Raspberry Pis.
--- a/appservice/inthttp/client.go
+++ b/appservice/inthttp/client.go
@ -7,7 +7,6 @@ import (
 	"github.com/matrix-org/dendrite/appservice/api"
 	"github.com/matrix-org/dendrite/internal/httputil"
 	"github.com/opentracing/opentracing-go"
 )
 // HTTP paths for the internal HTTP APIs
@ -42,11 +41,10 @@ func (h *httpAppServiceQueryAPI) RoomAliasExists(
 	request *api.RoomAliasExistsRequest,
 	response *api.RoomAliasExistsResponse,
 ) error {
-	span, ctx := opentracing.StartSpanFromContext(ctx, "appserviceRoomAliasExists")
+	return httputil.CallInternalRPCAPI(
-	defer span.Finish()
+		"RoomAliasExists", h.appserviceURL+AppServiceRoomAliasExistsPath,
-
+		h.httpClient, ctx, request, response,
-	apiURL := h.appserviceURL + AppServiceRoomAliasExistsPath
+	)
 	return httputil.PostJSON(ctx, span, h.httpClient, apiURL, request, response)
 }
 // UserIDExists implements AppServiceQueryAPI
@ -55,9 +53,8 @@ func (h *httpAppServiceQueryAPI) UserIDExists(
 	request *api.UserIDExistsRequest,
 	response *api.UserIDExistsResponse,
 ) error {
-	span, ctx := opentracing.StartSpanFromContext(ctx, "appserviceUserIDExists")
+	return httputil.CallInternalRPCAPI(
-	defer span.Finish()
+		"UserIDExists", h.appserviceURL+AppServiceUserIDExistsPath,
-
+		h.httpClient, ctx, request, response,
-	apiURL := h.appserviceURL + AppServiceUserIDExistsPath
+	)
 	return httputil.PostJSON(ctx, span, h.httpClient, apiURL, request, response)
 }
--- a/appservice/inthttp/server.go
+++ b/appservice/inthttp/server.go
@ -1,43 +1,20 @@
 package inthttp
 import (
 	"encoding/json"
 	"net/http"
 	"github.com/gorilla/mux"
 	"github.com/matrix-org/dendrite/appservice/api"
 	"github.com/matrix-org/dendrite/internal/httputil"
 	"github.com/matrix-org/util"
 )
 // AddRoutes adds the AppServiceQueryAPI handlers to the http.ServeMux.
 func AddRoutes(a api.AppServiceInternalAPI, internalAPIMux *mux.Router) {
 	internalAPIMux.Handle(
 		AppServiceRoomAliasExistsPath,
-		httputil.MakeInternalAPI("appserviceRoomAliasExists", func(req *http.Request) util.JSONResponse {
+		httputil.MakeInternalRPCAPI("AppserviceRoomAliasExists", a.RoomAliasExists),
 			var request api.RoomAliasExistsRequest
 			var response api.RoomAliasExistsResponse
 			if err := json.NewDecoder(req.Body).Decode(&request); err != nil {
 				return util.ErrorResponse(err)
 			}
 			if err := a.RoomAliasExists(req.Context(), &request, &response); err != nil {
 				return util.ErrorResponse(err)
 			}
 			return util.JSONResponse{Code: http.StatusOK, JSON: &response}
 		}),
 	)
 	internalAPIMux.Handle(
 		AppServiceUserIDExistsPath,
-		httputil.MakeInternalAPI("appserviceUserIDExists", func(req *http.Request) util.JSONResponse {
+		httputil.MakeInternalRPCAPI("AppserviceUserIDExists", a.UserIDExists),
 			var request api.UserIDExistsRequest
 			var response api.UserIDExistsResponse
 			if err := json.NewDecoder(req.Body).Decode(&request); err != nil {
 				return util.ErrorResponse(err)
 			}
 			if err := a.UserIDExists(req.Context(), &request, &response); err != nil {
 				return util.ErrorResponse(err)
 			}
 			return util.JSONResponse{Code: http.StatusOK, JSON: &response}
 		}),
 	)
 }
--- a/build/docker/Dockerfile.monolith
+++ b/build/docker/Dockerfile.monolith
@ -8,7 +8,6 @@ COPY . /build
 RUN mkdir -p bin
 RUN go build -trimpath -o bin/ ./cmd/dendrite-monolith-server
 RUN go build -trimpath -o bin/ ./cmd/goose
 RUN go build -trimpath -o bin/ ./cmd/create-account
 RUN go build -trimpath -o bin/ ./cmd/generate-keys
--- a/build/docker/Dockerfile.polylith
+++ b/build/docker/Dockerfile.polylith
@ -8,7 +8,6 @@ COPY . /build
 RUN mkdir -p bin
 RUN go build -trimpath -o bin/ ./cmd/dendrite-polylith-multi
 RUN go build -trimpath -o bin/ ./cmd/goose
 RUN go build -trimpath -o bin/ ./cmd/create-account
 RUN go build -trimpath -o bin/ ./cmd/generate-keys
--- a/build/scripts/build-test-lint.sh
+++ b/build/scripts/build-test-lint.sh
@ -13,4 +13,4 @@ go build ./cmd/...
 ./build/scripts/find-lint.sh
 echo "Testing..."
-go test -v ./...
+go test --race -v ./...
--- a/clientapi/auth/login.go
+++ b/clientapi/auth/login.go
@ -18,7 +18,6 @@ import (
 	"context"
 	"encoding/json"
 	"io"
 	"io/ioutil"
 	"net/http"
 	"github.com/matrix-org/dendrite/clientapi/auth/authtypes"
@ -34,7 +33,7 @@ import (
 // If the final return value is non-nil, an error occurred and the cleanup function
 // is nil.
 func LoginFromJSONReader(ctx context.Context, r io.Reader, useraccountAPI uapi.UserLoginAPI, userAPI UserInternalAPIForLogin, cfg *config.ClientAPI) (*Login, LoginCleanupFunc, *util.JSONResponse) {
-	reqBytes, err := ioutil.ReadAll(r)
+	reqBytes, err := io.ReadAll(r)
 	if err != nil {
 		err := &util.JSONResponse{
 			Code: http.StatusBadRequest,
--- a/clientapi/clientapi.go
+++ b/clientapi/clientapi.go
@ -48,7 +48,6 @@ func AddPublicRoutes(
 	syncProducer := &producers.SyncAPIProducer{
 		JetStream:              js,
 		TopicClientData:        cfg.Matrix.JetStream.Prefixed(jetstream.OutputClientData),
 		TopicReceiptEvent:      cfg.Matrix.JetStream.Prefixed(jetstream.OutputReceiptEvent),
 		TopicSendToDeviceEvent: cfg.Matrix.JetStream.Prefixed(jetstream.OutputSendToDeviceEvent),
 		TopicTypingEvent:       cfg.Matrix.JetStream.Prefixed(jetstream.OutputTypingEvent),
@ -59,6 +58,7 @@ func AddPublicRoutes(
 	routing.Setup(
 		base.PublicClientAPIMux,
 		base.PublicWellKnownAPIMux,
 		base.SynapseAdminMux,
 		base.DendriteAdminMux,
 		cfg, rsAPI, asAPI,
--- a/clientapi/httputil/httputil.go
+++ b/clientapi/httputil/httputil.go
@ -16,7 +16,7 @@ package httputil
 import (
 	"encoding/json"
-	"io/ioutil"
+	"io"
 	"net/http"
 	"unicode/utf8"
@ -29,9 +29,9 @@ import (
 func UnmarshalJSONRequest(req *http.Request, iface interface{}) *util.JSONResponse {
 	// encoding/json allows invalid utf-8, matrix does not
 	// https://matrix.org/docs/spec/client_server/r0.6.1#api-standards
-	body, err := ioutil.ReadAll(req.Body)
+	body, err := io.ReadAll(req.Body)
 	if err != nil {
-		util.GetLogger(req.Context()).WithError(err).Error("ioutil.ReadAll failed")
+		util.GetLogger(req.Context()).WithError(err).Error("io.ReadAll failed")
 		resp := jsonerror.InternalServerError()
 		return &resp
 	}
--- a/clientapi/jsonerror/jsonerror.go
+++ b/clientapi/jsonerror/jsonerror.go
@ -15,11 +15,13 @@
 package jsonerror
 import (
 	"context"
 	"fmt"
 	"net/http"
 	"github.com/matrix-org/gomatrixserverlib"
 	"github.com/matrix-org/util"
 	"github.com/sirupsen/logrus"
 )
 // MatrixError represents the "standard error response" in Matrix.
@ -213,3 +215,15 @@ func NotTrusted(serverName string) *MatrixError {
 		Err:     fmt.Sprintf("Untrusted server '%s'", serverName),
 	}
 }
 // InternalAPIError is returned when Dendrite failed to reach an internal API.
 func InternalAPIError(ctx context.Context, err error) util.JSONResponse {
 	logrus.WithContext(ctx).WithError(err).Error("Error reaching an internal API")
 	return util.JSONResponse{
 		Code: http.StatusInternalServerError,
 		JSON: &MatrixError{
 			ErrCode: "M_INTERNAL_SERVER_ERROR",
 			Err:     "Dendrite encountered an error reaching an internal API.",
 		},
 	}
 }
--- a/clientapi/producers/syncapi.go
+++ b/clientapi/producers/syncapi.go
@ -21,7 +21,6 @@ import (
 	"strconv"
 	"time"
 	"github.com/matrix-org/dendrite/internal/eventutil"
 	"github.com/matrix-org/dendrite/setup/jetstream"
 	"github.com/matrix-org/dendrite/syncapi/types"
 	userapi "github.com/matrix-org/dendrite/userapi/api"
@ -32,7 +31,6 @@ import (
 // SyncAPIProducer produces events for the sync API server to consume
 type SyncAPIProducer struct {
 	TopicClientData        string
 	TopicReceiptEvent      string
 	TopicSendToDeviceEvent string
 	TopicTypingEvent       string
@ -42,36 +40,6 @@ type SyncAPIProducer struct {
 	UserAPI                userapi.ClientUserAPI
 }
 // SendData sends account data to the sync API server
 func (p *SyncAPIProducer) SendData(userID string, roomID string, dataType string, readMarker *eventutil.ReadMarkerJSON, ignoredUsers *types.IgnoredUsers) error {
 	m := &nats.Msg{
 		Subject: p.TopicClientData,
 		Header:  nats.Header{},
 	}
 	m.Header.Set(jetstream.UserID, userID)
 	data := eventutil.AccountData{
 		RoomID:       roomID,
 		Type:         dataType,
 		ReadMarker:   readMarker,
 		IgnoredUsers: ignoredUsers,
 	}
 	var err error
 	m.Data, err = json.Marshal(data)
 	if err != nil {
 		return err
 	}
 	log.WithFields(log.Fields{
 		"user_id":   userID,
 		"room_id":   roomID,
 		"data_type": dataType,
 	}).Tracef("Producing to topic '%s'", p.TopicClientData)
 	_, err = p.JetStream.PublishMsg(m)
 	return err
 }
 func (p *SyncAPIProducer) SendReceipt(
 	ctx context.Context,
 	userID, roomID, eventID, receiptType string, timestamp gomatrixserverlib.Timestamp,
--- a/clientapi/routing/account_data.go
+++ b/clientapi/routing/account_data.go
@ -17,7 +17,7 @@ package routing
 import (
 	"encoding/json"
 	"fmt"
-	"io/ioutil"
+	"io"
 	"net/http"
 	"github.com/matrix-org/dendrite/clientapi/httputil"
@ -25,7 +25,6 @@ import (
 	"github.com/matrix-org/dendrite/clientapi/producers"
 	"github.com/matrix-org/dendrite/internal/eventutil"
 	roomserverAPI "github.com/matrix-org/dendrite/roomserver/api"
 	"github.com/matrix-org/dendrite/syncapi/types"
 	"github.com/matrix-org/dendrite/userapi/api"
 	"github.com/matrix-org/util"
@ -102,9 +101,9 @@ func SaveAccountData(
 		}
 	}
-	body, err := ioutil.ReadAll(req.Body)
+	body, err := io.ReadAll(req.Body)
 	if err != nil {
-		util.GetLogger(req.Context()).WithError(err).Error("ioutil.ReadAll failed")
+		util.GetLogger(req.Context()).WithError(err).Error("io.ReadAll failed")
 		return jsonerror.InternalServerError()
 	}
@ -127,18 +126,6 @@ func SaveAccountData(
 		return util.ErrorResponse(err)
 	}
 	var ignoredUsers *types.IgnoredUsers
 	if dataType == "m.ignored_user_list" {
 		ignoredUsers = &types.IgnoredUsers{}
 		_ = json.Unmarshal(body, ignoredUsers)
 	}
 	// TODO: user API should do this since it's account data
 	if err := syncProducer.SendData(userID, roomID, dataType, nil, ignoredUsers); err != nil {
 		util.GetLogger(req.Context()).WithError(err).Error("syncProducer.SendData failed")
 		return jsonerror.InternalServerError()
 	}
 	return util.JSONResponse{
 		Code: http.StatusOK,
 		JSON: struct{}{},
@ -191,11 +178,6 @@ func SaveReadMarker(
 		return util.ErrorResponse(err)
 	}
 	if err := syncProducer.SendData(device.UserID, roomID, "m.fully_read", &r, nil); err != nil {
 		util.GetLogger(req.Context()).WithError(err).Error("syncProducer.SendData failed")
 		return jsonerror.InternalServerError()
 	}
 	// Handle the read receipt that may be included in the read marker
 	if r.Read != "" {
 		return SetReceipt(req, syncProducer, device, roomID, "m.read", r.Read)
--- a/clientapi/routing/admin.go
+++ b/clientapi/routing/admin.go
@ -30,13 +30,15 @@ func AdminEvacuateRoom(req *http.Request, device *userapi.Device, rsAPI roomserv
 		}
 	}
 	res := &roomserverAPI.PerformAdminEvacuateRoomResponse{}
-	rsAPI.PerformAdminEvacuateRoom(
+	if err := rsAPI.PerformAdminEvacuateRoom(
 		req.Context(),
 		&roomserverAPI.PerformAdminEvacuateRoomRequest{
 			RoomID: roomID,
 		},
 		res,
-	)
+	); err != nil {
 		return util.ErrorResponse(err)
 	}
 	if err := res.Error; err != nil {
 		return err.JSONResponse()
 	}
@ -67,13 +69,15 @@ func AdminEvacuateUser(req *http.Request, device *userapi.Device, rsAPI roomserv
 		}
 	}
 	res := &roomserverAPI.PerformAdminEvacuateUserResponse{}
-	rsAPI.PerformAdminEvacuateUser(
+	if err := rsAPI.PerformAdminEvacuateUser(
 		req.Context(),
 		&roomserverAPI.PerformAdminEvacuateUserRequest{
 			UserID: userID,
 		},
 		res,
-	)
+	); err != nil {
 		return jsonerror.InternalAPIError(req.Context(), err)
 	}
 	if err := res.Error; err != nil {
 		return err.JSONResponse()
 	}
--- a/clientapi/routing/createroom.go
+++ b/clientapi/routing/createroom.go
@ -556,10 +556,12 @@ func createRoom(
 	if r.Visibility == "public" {
 		// expose this room in the published room list
 		var pubRes roomserverAPI.PerformPublishResponse
-		rsAPI.PerformPublish(ctx, &roomserverAPI.PerformPublishRequest{
+		if err := rsAPI.PerformPublish(ctx, &roomserverAPI.PerformPublishRequest{
 			RoomID:     roomID,
 			Visibility: "public",
-		}, &pubRes)
+		}, &pubRes); err != nil {
 			return jsonerror.InternalAPIError(ctx, err)
 		}
 		if pubRes.Error != nil {
 			// treat as non-fatal since the room is already made by this point
 			util.GetLogger(ctx).WithError(pubRes.Error).Error("failed to visibility:public")
--- a/clientapi/routing/deactivate.go
+++ b/clientapi/routing/deactivate.go
@ -1,7 +1,7 @@
 package routing
 import (
-	"io/ioutil"
+	"io"
 	"net/http"
 	"github.com/matrix-org/dendrite/clientapi/auth"
@ -20,7 +20,7 @@ func Deactivate(
 ) util.JSONResponse {
 	ctx := req.Context()
 	defer req.Body.Close() // nolint:errcheck
-	bodyBytes, err := ioutil.ReadAll(req.Body)
+	bodyBytes, err := io.ReadAll(req.Body)
 	if err != nil {
 		return util.JSONResponse{
 			Code: http.StatusBadRequest,
--- a/clientapi/routing/device.go
+++ b/clientapi/routing/device.go
@ -15,7 +15,7 @@
 package routing
 import (
-	"io/ioutil"
+	"io"
 	"net"
 	"net/http"
@ -175,7 +175,7 @@ func DeleteDeviceById(
 	}()
 	ctx := req.Context()
 	defer req.Body.Close() // nolint:errcheck
-	bodyBytes, err := ioutil.ReadAll(req.Body)
+	bodyBytes, err := io.ReadAll(req.Body)
 	if err != nil {
 		return util.JSONResponse{
 			Code: http.StatusBadRequest,
--- a/clientapi/routing/directory.go
+++ b/clientapi/routing/directory.go
@ -302,10 +302,12 @@ func SetVisibility(
 	}
 	var publishRes roomserverAPI.PerformPublishResponse
-	rsAPI.PerformPublish(req.Context(), &roomserverAPI.PerformPublishRequest{
+	if err := rsAPI.PerformPublish(req.Context(), &roomserverAPI.PerformPublishRequest{
 		RoomID:     roomID,
 		Visibility: v.Visibility,
-	}, &publishRes)
+	}, &publishRes); err != nil {
 		return jsonerror.InternalAPIError(req.Context(), err)
 	}
 	if publishRes.Error != nil {
 		util.GetLogger(req.Context()).WithError(publishRes.Error).Error("PerformPublish failed")
 		return publishRes.Error.JSONResponse()
--- a/clientapi/routing/directory_public.go
+++ b/clientapi/routing/directory_public.go
@ -23,13 +23,14 @@ import (
 	"strings"
 	"sync"
 	"github.com/matrix-org/gomatrixserverlib"
 	"github.com/matrix-org/util"
 	"github.com/matrix-org/dendrite/clientapi/api"
 	"github.com/matrix-org/dendrite/clientapi/httputil"
 	"github.com/matrix-org/dendrite/clientapi/jsonerror"
 	roomserverAPI "github.com/matrix-org/dendrite/roomserver/api"
 	"github.com/matrix-org/dendrite/setup/config"
 	"github.com/matrix-org/gomatrixserverlib"
 	"github.com/matrix-org/util"
 )
 var (
@ -196,14 +197,14 @@ func fillPublicRoomsReq(httpReq *http.Request, request *PublicRoomReq) *util.JSO
 // sliceInto returns a subslice of `slice` which honours the since/limit values given.
 //
-//    0  1  2  3  4  5  6   index
+//	  0  1  2  3  4  5  6   index
-//   [A, B, C, D, E, F, G]  slice
+//	 [A, B, C, D, E, F, G]  slice
 //
-//   limit=3          => A,B,C (prev='', next='3')
+//	 limit=3          => A,B,C (prev='', next='3')
-//   limit=3&since=3  => D,E,F (prev='0', next='6')
+//	 limit=3&since=3  => D,E,F (prev='0', next='6')
-//   limit=3&since=6  => G     (prev='3', next='')
+//	 limit=3&since=6  => G     (prev='3', next='')
 //
-//  A value of '-1' for prev/next indicates no position.
+//	A value of '-1' for prev/next indicates no position.
 func sliceInto(slice []gomatrixserverlib.PublicRoom, since int64, limit int16) (subset []gomatrixserverlib.PublicRoom, prev, next int) {
 	prev = -1
 	next = -1
--- a/clientapi/routing/joinroom.go
+++ b/clientapi/routing/joinroom.go
@ -81,8 +81,9 @@ func JoinRoomByIDOrAlias(
 	done := make(chan util.JSONResponse, 1)
 	go func() {
 		defer close(done)
-		rsAPI.PerformJoin(req.Context(), &joinReq, &joinRes)
+		if err := rsAPI.PerformJoin(req.Context(), &joinReq, &joinRes); err != nil {
-		if joinRes.Error != nil {
+			done <- jsonerror.InternalAPIError(req.Context(), err)
 		} else if joinRes.Error != nil {
 			done <- joinRes.Error.JSONResponse()
 		} else {
 			done <- util.JSONResponse{
--- a/clientapi/routing/key_backup.go
+++ b/clientapi/routing/key_backup.go
@ -91,10 +91,12 @@ func CreateKeyBackupVersion(req *http.Request, userAPI userapi.ClientUserAPI, de
 // Implements GET  /_matrix/client/r0/room_keys/version and GET /_matrix/client/r0/room_keys/version/{version}
 func KeyBackupVersion(req *http.Request, userAPI userapi.ClientUserAPI, device *userapi.Device, version string) util.JSONResponse {
 	var queryResp userapi.QueryKeyBackupResponse
-	userAPI.QueryKeyBackup(req.Context(), &userapi.QueryKeyBackupRequest{
+	if err := userAPI.QueryKeyBackup(req.Context(), &userapi.QueryKeyBackupRequest{
 		UserID:  device.UserID,
 		Version: version,
-	}, &queryResp)
+	}, &queryResp); err != nil {
 		return jsonerror.InternalAPIError(req.Context(), err)
 	}
 	if queryResp.Error != "" {
 		return util.ErrorResponse(fmt.Errorf("QueryKeyBackup: %s", queryResp.Error))
 	}
@ -233,13 +235,15 @@ func GetBackupKeys(
 	req *http.Request, userAPI userapi.ClientUserAPI, device *userapi.Device, version, roomID, sessionID string,
 ) util.JSONResponse {
 	var queryResp userapi.QueryKeyBackupResponse
-	userAPI.QueryKeyBackup(req.Context(), &userapi.QueryKeyBackupRequest{
+	if err := userAPI.QueryKeyBackup(req.Context(), &userapi.QueryKeyBackupRequest{
 		UserID:           device.UserID,
 		Version:          version,
 		ReturnKeys:       true,
 		KeysForRoomID:    roomID,
 		KeysForSessionID: sessionID,
-	}, &queryResp)
+	}, &queryResp); err != nil {
 		return jsonerror.InternalAPIError(req.Context(), err)
 	}
 	if queryResp.Error != "" {
 		return util.ErrorResponse(fmt.Errorf("QueryKeyBackup: %s", queryResp.Error))
 	}
--- a/clientapi/routing/key_crosssigning.go
+++ b/clientapi/routing/key_crosssigning.go
@ -72,7 +72,9 @@ func UploadCrossSigningDeviceKeys(
 	sessions.addCompletedSessionStage(sessionID, authtypes.LoginTypePassword)
 	uploadReq.UserID = device.UserID
-	keyserverAPI.PerformUploadDeviceKeys(req.Context(), &uploadReq.PerformUploadDeviceKeysRequest, uploadRes)
+	if err := keyserverAPI.PerformUploadDeviceKeys(req.Context(), &uploadReq.PerformUploadDeviceKeysRequest, uploadRes); err != nil {
 		return jsonerror.InternalAPIError(req.Context(), err)
 	}
 	if err := uploadRes.Error; err != nil {
 		switch {
@ -114,7 +116,9 @@ func UploadCrossSigningDeviceSignatures(req *http.Request, keyserverAPI api.Clie
 	}
 	uploadReq.UserID = device.UserID
-	keyserverAPI.PerformUploadDeviceSignatures(req.Context(), uploadReq, uploadRes)
+	if err := keyserverAPI.PerformUploadDeviceSignatures(req.Context(), uploadReq, uploadRes); err != nil {
 		return jsonerror.InternalAPIError(req.Context(), err)
 	}
 	if err := uploadRes.Error; err != nil {
 		switch {
--- a/clientapi/routing/keys.go
+++ b/clientapi/routing/keys.go
@ -62,7 +62,9 @@ func UploadKeys(req *http.Request, keyAPI api.ClientKeyAPI, device *userapi.Devi
 	}
 	var uploadRes api.PerformUploadKeysResponse
-	keyAPI.PerformUploadKeys(req.Context(), uploadReq, &uploadRes)
+	if err := keyAPI.PerformUploadKeys(req.Context(), uploadReq, &uploadRes); err != nil {
 		return util.ErrorResponse(err)
 	}
 	if uploadRes.Error != nil {
 		util.GetLogger(req.Context()).WithError(uploadRes.Error).Error("Failed to PerformUploadKeys")
 		return jsonerror.InternalServerError()
@ -107,12 +109,14 @@ func QueryKeys(req *http.Request, keyAPI api.ClientKeyAPI, device *userapi.Devic
 		return *resErr
 	}
 	queryRes := api.QueryKeysResponse{}
-	keyAPI.QueryKeys(req.Context(), &api.QueryKeysRequest{
+	if err := keyAPI.QueryKeys(req.Context(), &api.QueryKeysRequest{
 		UserID:        device.UserID,
 		UserToDevices: r.DeviceKeys,
 		Timeout:       r.GetTimeout(),
 		// TODO: Token?
-	}, &queryRes)
+	}, &queryRes); err != nil {
 		return util.ErrorResponse(err)
 	}
 	return util.JSONResponse{
 		Code: 200,
 		JSON: map[string]interface{}{
@ -145,10 +149,12 @@ func ClaimKeys(req *http.Request, keyAPI api.ClientKeyAPI) util.JSONResponse {
 		return *resErr
 	}
 	claimRes := api.PerformClaimKeysResponse{}
-	keyAPI.PerformClaimKeys(req.Context(), &api.PerformClaimKeysRequest{
+	if err := keyAPI.PerformClaimKeys(req.Context(), &api.PerformClaimKeysRequest{
 		OneTimeKeys: r.OneTimeKeys,
 		Timeout:     r.GetTimeout(),
-	}, &claimRes)
+	}, &claimRes); err != nil {
 		return jsonerror.InternalAPIError(req.Context(), err)
 	}
 	if claimRes.Error != nil {
 		util.GetLogger(req.Context()).WithError(claimRes.Error).Error("failed to PerformClaimKeys")
 		return jsonerror.InternalServerError()
--- a/clientapi/routing/peekroom.go
+++ b/clientapi/routing/peekroom.go
@ -17,6 +17,7 @@ package routing
 import (
 	"net/http"
 	"github.com/matrix-org/dendrite/clientapi/jsonerror"
 	roomserverAPI "github.com/matrix-org/dendrite/roomserver/api"
 	"github.com/matrix-org/dendrite/userapi/api"
 	"github.com/matrix-org/gomatrixserverlib"
@ -54,7 +55,9 @@ func PeekRoomByIDOrAlias(
 	}
 	// Ask the roomserver to perform the peek.
-	rsAPI.PerformPeek(req.Context(), &peekReq, &peekRes)
+	if err := rsAPI.PerformPeek(req.Context(), &peekReq, &peekRes); err != nil {
 		return util.ErrorResponse(err)
 	}
 	if peekRes.Error != nil {
 		return peekRes.Error.JSONResponse()
 	}
@ -89,7 +92,9 @@ func UnpeekRoomByID(
 	}
 	unpeekRes := roomserverAPI.PerformUnpeekResponse{}
-	rsAPI.PerformUnpeek(req.Context(), &unpeekReq, &unpeekRes)
+	if err := rsAPI.PerformUnpeek(req.Context(), &unpeekReq, &unpeekRes); err != nil {
 		return jsonerror.InternalAPIError(req.Context(), err)
 	}
 	if unpeekRes.Error != nil {
 		return unpeekRes.Error.JSONResponse()
 	}
--- a/clientapi/routing/register.go
+++ b/clientapi/routing/register.go
@ -19,7 +19,7 @@ import (
 	"context"
 	"encoding/json"
 	"fmt"
-	"io/ioutil"
+	"io"
 	"net/http"
 	"net/url"
 	"regexp"
@ -371,7 +371,7 @@ func validateRecaptcha(
 	// Grab the body of the response from the captcha server
 	var r recaptchaResponse
-	body, err := ioutil.ReadAll(resp.Body)
+	body, err := io.ReadAll(resp.Body)
 	if err != nil {
 		return &util.JSONResponse{
 			Code: http.StatusGatewayTimeout,
@ -539,7 +539,7 @@ func Register(
 	cfg *config.ClientAPI,
 ) util.JSONResponse {
 	defer req.Body.Close() // nolint: errcheck
-	reqBody, err := ioutil.ReadAll(req.Body)
+	reqBody, err := io.ReadAll(req.Body)
 	if err != nil {
 		return util.JSONResponse{
 			Code: http.StatusBadRequest,
--- a/clientapi/routing/register_secret_test.go
+++ b/clientapi/routing/register_secret_test.go
@ -2,7 +2,7 @@ package routing
 import (
 	"bytes"
-	"io/ioutil"
+	"io"
 	"testing"
 	"github.com/patrickmn/go-cache"
@ -13,7 +13,7 @@ func TestSharedSecretRegister(t *testing.T) {
 	jsonStr := []byte(`{"admin":false,"mac":"f1ba8d37123866fd659b40de4bad9b0f8965c565","nonce":"759f047f312b99ff428b21d581256f8592b8976e58bc1b543972dc6147e529a79657605b52d7becd160ff5137f3de11975684319187e06901955f79e5a6c5a79","password":"wonderland","username":"alice"}`)
 	sharedSecret := "dendritetest"
-	req, err := NewSharedSecretRegistrationRequest(ioutil.NopCloser(bytes.NewBuffer(jsonStr)))
+	req, err := NewSharedSecretRegistrationRequest(io.NopCloser(bytes.NewBuffer(jsonStr)))
 	if err != nil {
 		t.Fatalf("failed to read request: %s", err)
 	}
--- a/clientapi/routing/room_tagging.go
+++ b/clientapi/routing/room_tagging.go
@ -18,8 +18,6 @@ import (
 	"encoding/json"
 	"net/http"
 	"github.com/sirupsen/logrus"
 	"github.com/matrix-org/dendrite/clientapi/httputil"
 	"github.com/matrix-org/dendrite/clientapi/jsonerror"
 	"github.com/matrix-org/dendrite/clientapi/producers"
@ -98,10 +96,6 @@ func PutTag(
 		return jsonerror.InternalServerError()
 	}
 	if err = syncProducer.SendData(userID, roomID, "m.tag", nil, nil); err != nil {
 		logrus.WithError(err).Error("Failed to send m.tag account data update to syncapi")
 	}
 	return util.JSONResponse{
 		Code: http.StatusOK,
 		JSON: struct{}{},
@ -150,11 +144,6 @@ func DeleteTag(
 		return jsonerror.InternalServerError()
 	}
 	// TODO: user API should do this since it's account data
 	if err := syncProducer.SendData(userID, roomID, "m.tag", nil, nil); err != nil {
 		logrus.WithError(err).Error("Failed to send m.tag account data update to syncapi")
 	}
 	return util.JSONResponse{
 		Code: http.StatusOK,
 		JSON: struct{}{},
--- a/clientapi/routing/routing.go
+++ b/clientapi/routing/routing.go
@ -48,7 +48,7 @@ import (
 // applied:
 // nolint: gocyclo
 func Setup(
-	publicAPIMux, synapseAdminRouter, dendriteAdminRouter *mux.Router,
+	publicAPIMux, wkMux, synapseAdminRouter, dendriteAdminRouter *mux.Router,
 	cfg *config.ClientAPI,
 	rsAPI roomserverAPI.ClientRoomserverAPI,
 	asAPI appserviceAPI.AppServiceInternalAPI,
@ -74,6 +74,26 @@ func Setup(
 		unstableFeatures["org.matrix."+msc] = true
 	}
 	if cfg.Matrix.WellKnownClientName != "" {
 		logrus.Infof("Setting m.homeserver base_url as %s at /.well-known/matrix/client", cfg.Matrix.WellKnownClientName)
 		wkMux.Handle("/client", httputil.MakeExternalAPI("wellknown", func(r *http.Request) util.JSONResponse {
 			return util.JSONResponse{
 				Code: http.StatusOK,
 				JSON: struct {
 					HomeserverName struct {
 						BaseUrl string `json:"base_url"`
 					} `json:"m.homeserver"`
 				}{
 					HomeserverName: struct {
 						BaseUrl string `json:"base_url"`
 					}{
 						BaseUrl: cfg.Matrix.WellKnownClientName,
 					},
 				},
 			}
 		})).Methods(http.MethodGet, http.MethodOptions)
 	}
 	publicAPIMux.Handle("/versions",
 		httputil.MakeExternalAPI("versions", func(req *http.Request) util.JSONResponse {
 			return util.JSONResponse{
--- a/clientapi/routing/sendevent.go
+++ b/clientapi/routing/sendevent.go
@ -63,9 +63,10 @@ var sendEventDuration = prometheus.NewHistogramVec(
 )
 // SendEvent implements:
-//   /rooms/{roomID}/send/{eventType}
+//
-//   /rooms/{roomID}/send/{eventType}/{txnID}
+//	/rooms/{roomID}/send/{eventType}
-//   /rooms/{roomID}/state/{eventType}/{stateKey}
+//	/rooms/{roomID}/send/{eventType}/{txnID}
 //	/rooms/{roomID}/state/{eventType}/{stateKey}
 func SendEvent(
 	req *http.Request,
 	device *userapi.Device,
--- a/clientapi/routing/threepid.go
+++ b/clientapi/routing/threepid.go
@ -38,8 +38,9 @@ type threePIDsResponse struct {
 }
 // RequestEmailToken implements:
-//     POST /account/3pid/email/requestToken
+//
-//     POST /register/email/requestToken
+//	POST /account/3pid/email/requestToken
 //	POST /register/email/requestToken
 func RequestEmailToken(req *http.Request, threePIDAPI api.ClientUserAPI, cfg *config.ClientAPI) util.JSONResponse {
 	var body threepid.EmailAssociationRequest
 	if reqErr := httputil.UnmarshalJSONRequest(req, &body); reqErr != nil {
--- a/clientapi/routing/upgrade_room.go
+++ b/clientapi/routing/upgrade_room.go
@ -64,7 +64,9 @@ func UpgradeRoom(
 	}
 	upgradeResp := roomserverAPI.PerformRoomUpgradeResponse{}
-	rsAPI.PerformRoomUpgrade(req.Context(), &upgradeReq, &upgradeResp)
+	if err := rsAPI.PerformRoomUpgrade(req.Context(), &upgradeReq, &upgradeResp); err != nil {
 		return jsonerror.InternalAPIError(req.Context(), err)
 	}
 	if upgradeResp.Error != nil {
 		if upgradeResp.Error.Code == roomserverAPI.PerformErrorNoRoom {
--- a/clientapi/routing/voip.go
+++ b/clientapi/routing/voip.go
@ -22,15 +22,17 @@ import (
 	"net/http"
 	"time"
 	"github.com/matrix-org/gomatrix"
 	"github.com/matrix-org/util"
 	"github.com/matrix-org/dendrite/clientapi/jsonerror"
 	"github.com/matrix-org/dendrite/setup/config"
 	"github.com/matrix-org/dendrite/userapi/api"
 	"github.com/matrix-org/gomatrix"
 	"github.com/matrix-org/util"
 )
 // RequestTurnServer implements:
-//     GET /voip/turnServer
+//
 //	GET /voip/turnServer
 func RequestTurnServer(req *http.Request, device *api.Device, cfg *config.ClientAPI) util.JSONResponse {
 	turnConfig := cfg.TURN
--- a/cmd/create-account/main.go
+++ b/cmd/create-account/main.go
@ -19,7 +19,6 @@ import (
 	"flag"
 	"fmt"
 	"io"
 	"io/ioutil"
 	"os"
 	"regexp"
 	"strings"
@ -157,7 +156,7 @@ func main() {
 func getPassword(password, pwdFile string, pwdStdin bool, r io.Reader) (string, error) {
 	// read password from file
 	if pwdFile != "" {
-		pw, err := ioutil.ReadFile(pwdFile)
+		pw, err := os.ReadFile(pwdFile)
 		if err != nil {
 			return "", fmt.Errorf("Unable to read password from file: %v", err)
 		}
@ -166,7 +165,7 @@ func getPassword(password, pwdFile string, pwdStdin bool, r io.Reader) (string,
 	// read password from stdin
 	if pwdStdin {
-		data, err := ioutil.ReadAll(r)
+		data, err := io.ReadAll(r)
 		if err != nil {
 			return "", fmt.Errorf("Unable to read password from stdin: %v", err)
 		}
--- a/cmd/dendrite-demo-pinecone/main.go
+++ b/cmd/dendrite-demo-pinecone/main.go
@ -21,7 +21,6 @@ import (
 	"encoding/hex"
 	"flag"
 	"fmt"
 	"io/ioutil"
 	"net"
 	"net/http"
 	"os"
@ -76,11 +75,11 @@ func main() {
 		if pk, sk, err = ed25519.GenerateKey(nil); err != nil {
 			panic(err)
 		}
-		if err = ioutil.WriteFile(keyfile, sk, 0644); err != nil {
+		if err = os.WriteFile(keyfile, sk, 0644); err != nil {
 			panic(err)
 		}
 	} else if err == nil {
-		if sk, err = ioutil.ReadFile(keyfile); err != nil {
+		if sk, err = os.ReadFile(keyfile); err != nil {
 			panic(err)
 		}
 		if len(sk) != ed25519.PrivateKeySize {
--- a/cmd/dendrite-demo-yggdrasil/yggconn/node.go
+++ b/cmd/dendrite-demo-yggdrasil/yggconn/node.go
@ -20,7 +20,6 @@ import (
 	"encoding/hex"
 	"encoding/json"
 	"fmt"
 	"io/ioutil"
 	"log"
 	"net"
 	"os"
@ -69,7 +68,7 @@ func Setup(instanceName, storageDirectory, peerURI string) (*Node, error) {
 	yggfile := fmt.Sprintf("%s/%s-yggdrasil.conf", storageDirectory, instanceName)
 	if _, err := os.Stat(yggfile); !os.IsNotExist(err) {
-		yggconf, e := ioutil.ReadFile(yggfile)
+		yggconf, e := os.ReadFile(yggfile)
 		if e != nil {
 			panic(err)
 		}
@ -88,7 +87,7 @@ func Setup(instanceName, storageDirectory, peerURI string) (*Node, error) {
 	if err != nil {
 		panic(err)
 	}
-	if e := ioutil.WriteFile(yggfile, j, 0600); e != nil {
+	if e := os.WriteFile(yggfile, j, 0600); e != nil {
 		n.log.Printf("Couldn't write private key to file '%s': %s\n", yggfile, e)
 	}
--- a/cmd/dendrite-upgrade-tests/main.go
+++ b/cmd/dendrite-upgrade-tests/main.go
@ -6,7 +6,7 @@ import (
 	"encoding/json"
 	"flag"
 	"fmt"
-	"io/ioutil"
+	"io"
 	"log"
 	"net/http"
 	"os"
@ -37,6 +37,7 @@ var (
 	flagBuildConcurrency = flag.Int("build-concurrency", runtime.NumCPU(), "The amount of build concurrency when building images")
 	flagHead             = flag.String("head", "", "Location to a dendrite repository to treat as HEAD instead of Github")
 	flagDockerHost       = flag.String("docker-host", "localhost", "The hostname of the docker client. 'localhost' if running locally, 'host.docker.internal' if running in Docker.")
 	flagDirect           = flag.Bool("direct", false, "If a direct upgrade from the defined FROM version to TO should be done")
 	alphaNumerics        = regexp.MustCompile("[^a-zA-Z0-9]+")
 )
@ -46,7 +47,7 @@ const HEAD = "HEAD"
 // We cannot use the dockerfile associated with the repo with each version sadly due to changes in
 // Docker versions. Specifically, earlier Dendrite versions are incompatible with newer Docker clients
 // due to the error:
-//   When using COPY with more than one source file, the destination must be a directory and end with a /
+// When using COPY with more than one source file, the destination must be a directory and end with a /
 // We need to run a postgres anyway, so use the dockerfile associated with Complement instead.
 const Dockerfile = `FROM golang:1.18-stretch as build
 RUN apt-get update && apt-get install -y postgresql
@ -94,7 +95,9 @@ CMD /build/run_dendrite.sh `
 const dendriteUpgradeTestLabel = "dendrite_upgrade_test"
 // downloadArchive downloads an arbitrary github archive of the form:
-//   https://github.com/matrix-org/dendrite/archive/v0.3.11.tar.gz
+//
 //	https://github.com/matrix-org/dendrite/archive/v0.3.11.tar.gz
 //
 // and re-tarballs it without the top-level directory which contains branch information. It inserts
 // the contents of `dockerfile` as a root file `Dockerfile` in the re-tarballed directory such that
 // you can directly feed the retarballed archive to `ImageBuild` to have it run said dockerfile.
@ -125,7 +128,7 @@ func downloadArchive(cli *http.Client, tmpDir, archiveURL string, dockerfile []b
 		return nil, err
 	}
 	// add top level Dockerfile
-	err = ioutil.WriteFile(path.Join(tmpDir, "Dockerfile"), dockerfile, os.ModePerm)
+	err = os.WriteFile(path.Join(tmpDir, "Dockerfile"), dockerfile, os.ModePerm)
 	if err != nil {
 		return nil, fmt.Errorf("failed to inject /Dockerfile: %w", err)
 	}
@ -147,7 +150,7 @@ func buildDendrite(httpClient *http.Client, dockerClient *client.Client, tmpDir,
 	if branchOrTagName == HEAD && *flagHead != "" {
 		log.Printf("%s: Using %s as HEAD", branchOrTagName, *flagHead)
 		// add top level Dockerfile
-		err = ioutil.WriteFile(path.Join(*flagHead, "Dockerfile"), []byte(Dockerfile), os.ModePerm)
+		err = os.WriteFile(path.Join(*flagHead, "Dockerfile"), []byte(Dockerfile), os.ModePerm)
 		if err != nil {
 			return "", fmt.Errorf("custom HEAD: failed to inject /Dockerfile: %w", err)
 		}
@ -229,7 +232,7 @@ func getAndSortVersionsFromGithub(httpClient *http.Client) (semVers []*semver.Ve
 	return semVers, nil
 }
-func calculateVersions(cli *http.Client, from, to string) []string {
+func calculateVersions(cli *http.Client, from, to string, direct bool) []string {
 	semvers, err := getAndSortVersionsFromGithub(cli)
 	if err != nil {
 		log.Fatalf("failed to collect semvers from github: %s", err)
@ -284,6 +287,9 @@ func calculateVersions(cli *http.Client, from, to string) []string {
 	if to == HEAD {
 		versions = append(versions, HEAD)
 	}
 	if direct {
 		versions = []string{versions[0], versions[len(versions)-1]}
 	}
 	return versions
 }
@ -382,7 +388,7 @@ func runImage(dockerClient *client.Client, volumeName, version, imageID string)
 		})
 		// ignore errors when cannot get logs, it's just for debugging anyways
 		if err == nil {
-			logbody, err := ioutil.ReadAll(logs)
+			logbody, err := io.ReadAll(logs)
 			if err == nil {
 				log.Printf("Container logs:\n\n%s\n\n", string(logbody))
 			}
@ -461,7 +467,7 @@ func main() {
 		os.Exit(1)
 	}
 	cleanup(dockerClient)
-	versions := calculateVersions(httpClient, *flagFrom, *flagTo)
+	versions := calculateVersions(httpClient, *flagFrom, *flagTo, *flagDirect)
 	log.Printf("Testing dendrite versions: %v\n", versions)
 	branchToImageID := buildDendriteImages(httpClient, dockerClient, *flagTempDir, *flagBuildConcurrency, versions)
--- a/cmd/dendrite-upgrade-tests/tests.go
+++ b/cmd/dendrite-upgrade-tests/tests.go
@ -18,9 +18,9 @@ type user struct {
 }
 // runTests performs the following operations:
-//  - register alice and bob with branch name muxed into the localpart
+// - register alice and bob with branch name muxed into the localpart
-//  - create a DM room for the 2 users and exchange messages
+// - create a DM room for the 2 users and exchange messages
-//  - create/join a public #global room and exchange messages
+// - create/join a public #global room and exchange messages
 func runTests(baseURL, branchName string) error {
 	// register 2 users
 	users := []user{
--- a/cmd/furl/main.go
+++ b/cmd/furl/main.go
@ -9,7 +9,6 @@ import (
 	"encoding/pem"
 	"flag"
 	"fmt"
 	"io/ioutil"
 	"net/url"
 	"os"
@ -30,7 +29,7 @@ func main() {
 		os.Exit(1)
 	}
-	data, err := ioutil.ReadFile(*requestKey)
+	data, err := os.ReadFile(*requestKey)
 	if err != nil {
 		panic(err)
 	}
--- a/cmd/goose/README.md
+++ b/cmd/goose/README.md
@ -1,109 +0,0 @@
 ## Database migrations
 We use [goose](https://github.com/pressly/goose) to handle database migrations. This allows us to execute
 both SQL deltas (e.g `ALTER TABLE ...`) as well as manipulate data in the database in Go using Go functions.
 To run a migration, the `goose` binary in this directory needs to be built:
 ```
 $ go build ./cmd/goose
 ```
 This binary allows Dendrite databases to be upgraded and downgraded. Sample usage for upgrading the roomserver database:
 ```
 # for sqlite
 $ ./goose -dir roomserver/storage/sqlite3/deltas sqlite3 ./roomserver.db up
 # for postgres
 $ ./goose -dir roomserver/storage/postgres/deltas postgres "user=dendrite dbname=dendrite sslmode=disable" up
 ```
 For a full list of options, including rollbacks, see https://github.com/pressly/goose or use `goose` with no args.
 ### Rationale
 Dendrite creates tables on startup using `CREATE TABLE IF NOT EXISTS`, so you might think that we should also
 apply version upgrades on startup as well. This is convenient and doesn't involve an additional binary to run
 which complicates upgrades. However, combining the upgrade mechanism and the server binary makes it difficult
 to handle rollbacks. Firstly, how do you specify you wish to rollback? We would have to add additional flags
 to the main server binary to say "rollback to version X". Secondly, if you roll back the server binary from
 version 5 to version 4, the version 4 binary doesn't know how to rollback the database from version 5 to
 version 4! For these reasons, we prefer to have a separate "upgrade" binary which is run for database upgrades.
 Rather than roll-our-own migration tool, we decided to use [goose](https://github.com/pressly/goose) as it supports
 complex migrations in Go code in addition to just executing SQL deltas. Other alternatives like
 `github.com/golang-migrate/migrate` [do not support](https://github.com/golang-migrate/migrate/issues/15) these
 kinds of complex migrations.
 ### Adding new deltas
 You can add `.sql` or `.go` files manually or you can use goose to create them for you.
 If you only want to add a SQL delta then run:
 ```
 $ ./goose -dir serverkeyapi/storage/sqlite3/deltas sqlite3 ./foo.db create new_col sql
 2020/09/09 14:37:43 Created new file: serverkeyapi/storage/sqlite3/deltas/20200909143743_new_col.sql
 ```
 In this case, the version number is `20200909143743`. The important thing is that it is always increasing.
 Then add up/downgrade SQL commands to the created file which looks like:
 ```sql
 -- +goose Up
 -- +goose StatementBegin
 SELECT 'up SQL query';
 -- +goose StatementEnd
 -- +goose Down
 -- +goose StatementBegin
 SELECT 'down SQL query';
 -- +goose StatementEnd
 ```
 You __must__ keep the `+goose` annotations. You'll need to repeat this process for Postgres.
 For complex Go migrations:
 ```
 $ ./goose -dir serverkeyapi/storage/sqlite3/deltas sqlite3 ./foo.db create complex_update go
 2020/09/09 14:40:38 Created new file: serverkeyapi/storage/sqlite3/deltas/20200909144038_complex_update.go
 ```
 Then modify the created `.go` file which looks like:
 ```go
 package migrations
 import (
 	"database/sql"
 	"fmt"
 	"github.com/pressly/goose"
 )
 func init() {
 	goose.AddMigration(upComplexUpdate, downComplexUpdate)
 }
 func upComplexUpdate(tx *sql.Tx) error {
 	// This code is executed when the migration is applied.
 	return nil
 }
 func downComplexUpdate(tx *sql.Tx) error {
 	// This code is executed when the migration is rolled back.
 	return nil
 }
 ```
 You __must__ import the package in `/cmd/goose/main.go` so `func init()` gets called.
 #### Database limitations
 - SQLite3 does NOT support `ALTER TABLE table_name DROP COLUMN` - you would have to rename the column or drop the table
  entirely and recreate it. ([example](https://github.com/matrix-org/dendrite/blob/master/userapi/storage/accounts/sqlite3/deltas/20200929203058_is_active.sql))
  More information: [sqlite.org](https://www.sqlite.org/lang_altertable.html)
--- a/cmd/goose/main.go
+++ b/cmd/goose/main.go
@ -1,154 +0,0 @@
 // This is custom goose binary
 package main
 import (
 	"flag"
 	"fmt"
 	"log"
 	"os"
 	"github.com/pressly/goose"
 	pgusers "github.com/matrix-org/dendrite/userapi/storage/postgres/deltas"
 	slusers "github.com/matrix-org/dendrite/userapi/storage/sqlite3/deltas"
 	_ "github.com/lib/pq"
 	_ "github.com/mattn/go-sqlite3"
 )
 const (
 	AppService       = "appservice"
 	FederationSender = "federationapi"
 	KeyServer        = "keyserver"
 	MediaAPI         = "mediaapi"
 	RoomServer       = "roomserver"
 	SigningKeyServer = "signingkeyserver"
 	SyncAPI          = "syncapi"
 	UserAPI          = "userapi"
 )
 var (
 	dir       = flags.String("dir", "", "directory with migration files")
 	flags     = flag.NewFlagSet("goose", flag.ExitOnError)
 	component = flags.String("component", "", "dendrite component name")
 	knownDBs  = []string{
 		AppService, FederationSender, KeyServer, MediaAPI, RoomServer, SigningKeyServer, SyncAPI, UserAPI,
 	}
 )
 // nolint: gocyclo
 func main() {
 	err := flags.Parse(os.Args[1:])
 	if err != nil {
 		panic(err.Error())
 	}
 	args := flags.Args()
 	if len(args) < 3 {
 		fmt.Println(
 			`Usage: goose [OPTIONS] DRIVER DBSTRING COMMAND
 Drivers:
    postgres
    sqlite3
 Examples:
    goose -component roomserver sqlite3 ./roomserver.db status
    goose -component roomserver sqlite3 ./roomserver.db up
    goose -component roomserver postgres "user=dendrite dbname=dendrite sslmode=disable" status
 Options:
  -component string
    	Dendrite component name e.g roomserver, signingkeyserver, clientapi, syncapi
  -table string
    	migrations table name (default "goose_db_version")
  -h	print help
  -v	enable verbose mode
  -dir string
        directory with migration files, only relevant when creating new migrations.
  -version
    	print version
 Commands:
    up                   Migrate the DB to the most recent version available
    up-by-one            Migrate the DB up by 1
    up-to VERSION        Migrate the DB to a specific VERSION
    down                 Roll back the version by 1
    down-to VERSION      Roll back to a specific VERSION
    redo                 Re-run the latest migration
    reset                Roll back all migrations
    status               Dump the migration status for the current DB
    version              Print the current version of the database
    create NAME [sql|go] Creates new migration file with the current timestamp
    fix                  Apply sequential ordering to migrations`,
 		)
 		return
 	}
 	engine := args[0]
 	if engine != "sqlite3" && engine != "postgres" {
 		fmt.Println("engine must be one of 'sqlite3' or 'postgres'")
 		return
 	}
 	knownComponent := false
 	for _, c := range knownDBs {
 		if c == *component {
 			knownComponent = true
 			break
 		}
 	}
 	if !knownComponent {
 		fmt.Printf("component must be one of %v\n", knownDBs)
 		return
 	}
 	if engine == "sqlite3" {
 		loadSQLiteDeltas(*component)
 	} else {
 		loadPostgresDeltas(*component)
 	}
 	dbstring, command := args[1], args[2]
 	db, err := goose.OpenDBWithDriver(engine, dbstring)
 	if err != nil {
 		log.Fatalf("goose: failed to open DB: %v\n", err)
 	}
 	defer func() {
 		if err := db.Close(); err != nil {
 			log.Fatalf("goose: failed to close DB: %v\n", err)
 		}
 	}()
 	arguments := []string{}
 	if len(args) > 3 {
 		arguments = append(arguments, args[3:]...)
 	}
 	// goose demands a directory even though we don't use it for upgrades
 	d := *dir
 	if d == "" {
 		d = os.TempDir()
 	}
 	if err := goose.Run(command, db, d, arguments...); err != nil {
 		log.Fatalf("goose %v: %v", command, err)
 	}
 }
 func loadSQLiteDeltas(component string) {
 	switch component {
 	case UserAPI:
 		slusers.LoadFromGoose()
 	}
 }
 func loadPostgresDeltas(component string) {
 	switch component {
 	case UserAPI:
 		pgusers.LoadFromGoose()
 	}
 }
--- a/dendrite-sample.monolith.yaml
+++ b/dendrite-sample.monolith.yaml
@ -64,6 +64,10 @@ global:
  # e.g. localhost:443
  well_known_server_name: ""
  # The server name to delegate client-server communications to, with optional port
  # e.g. localhost:443
  well_known_client_name: ""
  # Lists of domains that the server will trust as identity servers to verify third
  # party identifiers such as phone numbers and email addresses.
  trusted_third_party_id_servers:
@ -109,6 +113,11 @@ global:
    addresses:
    # - localhost:4222
    # Disable the validation of TLS certificates of NATS. This is
    # not recommended in production since it may allow NATS traffic
    # to be sent to an insecure endpoint.
    disable_tls_validation: false
    # Persistent directory to store JetStream streams in. This directory should be
    # preserved across Dendrite restarts.
    storage_path: ./
@ -169,13 +178,16 @@ client_api:
  # TURN server information that this homeserver should send to clients.
  turn:
-    turn_user_lifetime: ""
+    turn_user_lifetime: "5m"
    turn_uris:
    #  - turn:turn.server.org?transport=udp
    #  - turn:turn.server.org?transport=tcp
    turn_shared_secret: ""
-    turn_username: ""
+    # If your TURN server requires static credentials, then you will need to enter
-    turn_password: ""
+    # them here instead of supplying a shared secret. Note that these credentials
    # will be visible to clients!
    # turn_username: ""
    # turn_password: ""
  # Settings for rate-limited endpoints. Rate limiting kicks in after the threshold
  # number of "slots" have been taken by requests from a specific host. Each "slot"
@ -183,7 +195,7 @@ client_api:
  # and appservice users are exempt from rate limiting by default.
  rate_limiting:
    enabled: true
-    threshold: 5
+    threshold: 20
    cooloff_ms: 500
    exempt_user_ids:
    #  - "@user:domain.com"
--- a/dendrite-sample.polylith.yaml
+++ b/dendrite-sample.polylith.yaml
@ -54,6 +54,10 @@ global:
  # e.g. localhost:443
  well_known_server_name: ""
  # The server name to delegate client-server communications to, with optional port
  # e.g. localhost:443
  well_known_client_name: ""
  # Lists of domains that the server will trust as identity servers to verify third
  # party identifiers such as phone numbers and email addresses.
  trusted_third_party_id_servers:
@ -99,6 +103,11 @@ global:
    addresses:
      - hostname:4222
    # Disable the validation of TLS certificates of NATS. This is
    # not recommended in production since it may allow NATS traffic
    # to be sent to an insecure endpoint.
    disable_tls_validation: false
    # The prefix to use for stream names for this homeserver - really only useful
    # if you are running more than one Dendrite server on the same NATS deployment.
    topic_prefix: Dendrite
@ -125,7 +134,7 @@ app_service_api:
  # Database configuration for this component.
  database:
-    connection_string: postgresql://username@password:hostname/dendrite_appservice?sslmode=disable
+    connection_string: postgresql://username:password@hostname/dendrite_appservice?sslmode=disable
    max_open_conns: 10
    max_idle_conns: 2
    conn_max_lifetime: -1
@ -172,13 +181,16 @@ client_api:
  # TURN server information that this homeserver should send to clients.
  turn:
-    turn_user_lifetime: ""
+    turn_user_lifetime: "5m"
    turn_uris:
    #  - turn:turn.server.org?transport=udp
    #  - turn:turn.server.org?transport=tcp
    turn_shared_secret: ""
-    turn_username: ""
+    # If your TURN server requires static credentials, then you will need to enter
-    turn_password: ""
+    # them here instead of supplying a shared secret. Note that these credentials
    # will be visible to clients!
    # turn_username: ""
    # turn_password: ""
  # Settings for rate-limited endpoints. Rate limiting kicks in after the threshold
  # number of "slots" have been taken by requests from a specific host. Each "slot"
@ -186,7 +198,7 @@ client_api:
  # and appservice users are exempt from rate limiting by default.
  rate_limiting:
    enabled: true
-    threshold: 5
+    threshold: 20
    cooloff_ms: 500
    exempt_user_ids:
    #  - "@user:domain.com"
@ -199,7 +211,7 @@ federation_api:
  external_api:
    listen: http://[::]:8072
  database:
-    connection_string: postgresql://username@password:hostname/dendrite_federationapi?sslmode=disable
+    connection_string: postgresql://username:password@hostname/dendrite_federationapi?sslmode=disable
    max_open_conns: 10
    max_idle_conns: 2
    conn_max_lifetime: -1
@ -236,7 +248,7 @@ key_server:
    listen: http://[::]:7779 # The listen address for incoming API requests
    connect: http://key_server:7779 # The connect address for other components to use
  database:
-    connection_string: postgresql://username@password:hostname/dendrite_keyserver?sslmode=disable
+    connection_string: postgresql://username:password@hostname/dendrite_keyserver?sslmode=disable
    max_open_conns: 10
    max_idle_conns: 2
    conn_max_lifetime: -1
@ -249,7 +261,7 @@ media_api:
  external_api:
    listen: http://[::]:8074
  database:
-    connection_string: postgresql://username@password:hostname/dendrite_mediaapi?sslmode=disable
+    connection_string: postgresql://username:password@hostname/dendrite_mediaapi?sslmode=disable
    max_open_conns: 5
    max_idle_conns: 2
    conn_max_lifetime: -1
@ -286,7 +298,7 @@ mscs:
  #  - msc2836  # (Threading, see https://github.com/matrix-org/matrix-doc/pull/2836)
  #  - msc2946  # (Spaces Summary, see https://github.com/matrix-org/matrix-doc/pull/2946)
  database:
-    connection_string: postgresql://username@password:hostname/dendrite_mscs?sslmode=disable
+    connection_string: postgresql://username:password@hostname/dendrite_mscs?sslmode=disable
    max_open_conns: 5
    max_idle_conns: 2
    conn_max_lifetime: -1
@ -297,7 +309,7 @@ room_server:
    listen: http://[::]:7770 # The listen address for incoming API requests
    connect: http://room_server:7770 # The connect address for other components to use
  database:
-    connection_string: postgresql://username@password:hostname/dendrite_roomserver?sslmode=disable
+    connection_string: postgresql://username:password@hostname/dendrite_roomserver?sslmode=disable
    max_open_conns: 10
    max_idle_conns: 2
    conn_max_lifetime: -1
@ -310,7 +322,7 @@ sync_api:
  external_api:
    listen: http://[::]:8073
  database:
-    connection_string: postgresql://username@password:hostname/dendrite_syncapi?sslmode=disable
+    connection_string: postgresql://username:password@hostname/dendrite_syncapi?sslmode=disable
    max_open_conns: 10
    max_idle_conns: 2
    conn_max_lifetime: -1
@ -326,7 +338,7 @@ user_api:
    listen: http://[::]:7781 # The listen address for incoming API requests
    connect: http://user_api:7781 # The connect address for other components to use
  account_database:
-    connection_string: postgresql://username@password:hostname/dendrite_userapi?sslmode=disable
+    connection_string: postgresql://username:password@hostname/dendrite_userapi?sslmode=disable
    max_open_conns: 10
    max_idle_conns: 2
    conn_max_lifetime: -1
--- a/docs/CONTRIBUTING.md
+++ b/docs/CONTRIBUTING.md
@ -24,7 +24,7 @@ Unfortunately we can't accept contributions without it.
 ## Getting up and running
-See the [Installation](INSTALL.md) section for information on how to build an
+See the [Installation](installation) section for information on how to build an
 instance of Dendrite. You will likely need this in order to test your changes.
 ## Code style
@ -64,7 +64,7 @@ comment. Please avoid doing this if you can.
 We also have unit tests which we run via:
 ```bash
-go test ./...
+go test --race ./...
 ```
 In general, we like submissions that come with tests. Anything that proves that the
--- a/docs/FAQ.md
+++ b/docs/FAQ.md
@ -86,9 +86,12 @@ would be a huge help too, as that will help us to understand where the memory us
 You may need to revisit the connection limit of your PostgreSQL server and/or make changes to the `max_connections` lines in your Dendrite configuration. Be aware that each Dendrite component opens its own database connections and has its own connection limit, even in monolith mode!
-## What is being reported when enabling anonymous stats?
+## What is being reported when enabling phone-home statistics?
-If anonymous stats reporting is enabled, the following data is send to the defined endpoint.
+Phone-home statistics contain your server's domain name, some configuration information about
 your deployment and aggregated information about active users on your deployment. They are sent
 to the endpoint URL configured in your Dendrite configuration file only. The following is an
 example of the data that is sent:
 ```json
 {
@ -106,7 +109,7 @@ If anonymous stats reporting is enabled, the following data is send to the defin
    "go_arch": "amd64",
    "go_os": "linux",
    "go_version": "go1.16.13",
-    "homeserver": "localhost:8800",
+    "homeserver": "my.domain.com",
    "log_level": "trace",
    "memory_rss": 93452,
    "monolith": true,
--- a/docs/Gemfile.lock
+++ b/docs/Gemfile.lock
@ -233,6 +233,8 @@ GEM
    multipart-post (2.1.1)
    nokogiri (1.13.6-arm64-darwin)
      racc (~> 1.4)
    nokogiri (1.13.6-x86_64-linux)
      racc (~> 1.4)
    octokit (4.22.0)
      faraday (>= 0.9)
      sawyer (~> 0.8.0, >= 0.5.3)
@ -263,7 +265,7 @@ GEM
    thread_safe (0.3.6)
    typhoeus (1.4.0)
      ethon (>= 0.9.0)
-    tzinfo (1.2.9)
+    tzinfo (1.2.10)
      thread_safe (~> 0.1)
    unf (0.1.4)
      unf_ext
@ -273,11 +275,11 @@ GEM
 PLATFORMS
  arm64-darwin-21
  x86_64-linux
 DEPENDENCIES
  github-pages (~> 226)
  jekyll-feed (~> 0.15.1)
  minima (~> 2.5.1)
 BUNDLED WITH
   2.3.7
--- a/docs/administration/1_createusers.md
+++ b/docs/administration/1_createusers.md
@ -32,6 +32,15 @@ To create a new **admin account**, add the `-admin` flag:
 ./bin/create-account -config /path/to/dendrite.yaml -username USERNAME -admin
 ```
 An example of using `create-account` when running in **Docker**, having found the `CONTAINERNAME` from `docker ps`:
 ```bash
 docker exec -it CONTAINERNAME /usr/bin/create-account -config /path/to/dendrite.yaml -username USERNAME
 ```
 ```bash
 docker exec -it CONTAINERNAME /usr/bin/create-account -config /path/to/dendrite.yaml -username USERNAME -admin
 ```
 ## Using shared secret registration
 Dendrite supports the Synapse-compatible shared secret registration endpoint.
--- a/docs/administration/5_troubleshooting.md
+++ b/docs/administration/5_troubleshooting.md
@ -0,0 +1,81 @@
 ---
 title: Troubleshooting
 parent: Administration
 permalink: /administration/troubleshooting
 ---
 # Troubleshooting
 If your Dendrite installation is acting strangely, there are a few things you should
 check before seeking help.
 ## 1. Logs
 Dendrite, by default, will log all warnings and errors to stdout, in addition to any
 other locations configured in the `dendrite.yaml` configuration file. Often there will
 be clues in the logs.
 You can increase this log level to the more verbose `debug` level if necessary by adding
 this to the config and restarting Dendrite:
 ```
 logging:
 - type: std
  level: debug
 ```
 Look specifically for lines that contain `level=error` or `level=warning`.
 ## 2. Federation tester
 If you are experiencing problems federating with other homeservers, you should check
 that the [Federation Tester](https://federationtester.matrix.org) is passing for your
 server.
 Common reasons that it may not pass include:
 1. Incorrect DNS configuration;
 2. Misconfigured DNS SRV entries or well-known files;
 3. Invalid TLS/SSL certificates;
 4. Reverse proxy configuration issues (if applicable).
 Correct any errors if shown and re-run the federation tester to check the results.
 ## 3. System time
 Matrix relies heavily on TLS which requires the system time to be correct. If the clock
 drifts then you may find that federation no works reliably (or at all) and clients may
 struggle to connect to your Dendrite server.
 Ensure that your system time is correct and consider syncing to a reliable NTP source.
 ## 4. Database connections
 If you are using the PostgreSQL database, you should ensure that Dendrite's configured
 number of database connections does not exceed the maximum allowed by PostgreSQL.
 Open your `postgresql.conf` configuration file and check the value of `max_connections`
 (which is typically `100` by default). Then open your `dendrite.yaml` configuration file
 and ensure that:
 1. If you are using the `global.database` section, that `max_open_conns` does not exceed
   that number;
 2. If you are **not** using the `global.database` section, that the sum total of all
   `max_open_conns` across all `database` blocks does not exceed that number.
 ## 5. File descriptors
 Dendrite requires a sufficient number of file descriptors for every connection it makes
 to a remote server, every connection to the database engine and every file it is reading
 or writing to at a given time (media, logs etc). We recommend ensuring that the limit is
 no lower than 65535 for Dendrite.
 Dendrite will check at startup if there are a sufficient number of available descriptors.
 If there aren't, you will see a log lines like this:
 ```
 level=warning msg="IMPORTANT: Process file descriptor limit is currently 65535, it is recommended to raise the limit for Dendrite to at least 65535 to avoid issues"
 ```
 Follow the [Optimisation](../installation/10_optimisation.md) instructions to correct the
 available number of file descriptors.
--- a/docs/caddy/monolith/CaddyFile
+++ b/docs/caddy/monolith/CaddyFile
@ -1,68 +0,0 @@
 {
    # debug
    admin off
    email example@example.com
    default_sni example.com
    # Debug endpoint
    # acme_ca https://acme-staging-v02.api.letsencrypt.org/directory	
 }
 #######################################################################
 #   Snippets
 #______________________________________________________________________
 (handle_errors_maintenance) {
 	handle_errors {
 		@maintenance expression {http.error.status_code} == 502
 		rewrite @maintenance maintenance.html
 		root * "/path/to/service/pages"
 		file_server
 	}
 }
 (matrix-well-known-header) {
    # Headers
    header Access-Control-Allow-Origin "*"
    header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS"
    header Access-Control-Allow-Headers "Origin, X-Requested-With, Content-Type, Accept, Authorization"
    header Content-Type "application/json"
 }
 #######################################################################
 example.com {
 	# ...
 	handle /.well-known/matrix/server {
 		import matrix-well-known-header
 		respond `{ "m.server": "matrix.example.com:443" }` 200
 	}
 	handle /.well-known/matrix/client {
 		import matrix-well-known-header
 		respond `{ "m.homeserver": { "base_url": "https://matrix.example.com" } }` 200
 	}
 	import handle_errors_maintenance
 }
 example.com:8448 {
 	# server<->server HTTPS traffic
    reverse_proxy http://dendrite-host:8008
 }
 matrix.example.com {
 	handle /_matrix/* {
 		# client<->server HTTPS traffic
 		reverse_proxy  http://dendrite-host:8008
 	}
 	handle_path /* {
 		# Client webapp (Element SPA or ...)
 		file_server {
 			root /path/to/www/example.com/matrix-web-client/
 		}	
 	}
 }
--- a/docs/caddy/monolith/Caddyfile
+++ b/docs/caddy/monolith/Caddyfile
@ -0,0 +1,57 @@
 # Sample Caddyfile for using Caddy in front of Dendrite.
 #
 # Customize email address and domain names.
 # Optional settings commented out.
 #
 # BE SURE YOUR DOMAINS ARE POINTED AT YOUR SERVER FIRST.
 # Documentation: https://caddyserver.com/docs/
 #
 # Bonus tip: If your IP address changes, use Caddy's
 # dynamic DNS plugin to update your DNS records to
 # point to your new IP automatically:
 # https://github.com/mholt/caddy-dynamicdns
 #
 # Global options block
 {
 	# In case there is a problem with your certificates.
 	# email example@example.com
 	# Turn off the admin endpoint if you don't need graceful config
 	# changes and/or are running untrusted code on your machine.
 	# admin off
 	# Enable this if your clients don't send ServerName in TLS handshakes.
 	# default_sni example.com
 	# Enable debug mode for verbose logging.
 	# debug
 	# Use Let's Encrypt's staging endpoint for testing.
 	# acme_ca https://acme-staging-v02.api.letsencrypt.org/directory
 	# If you're port-forwarding HTTP/HTTPS ports from 80/443 to something
 	# else, enable these and put the alternate port numbers here.
 	# http_port  8080
 	# https_port 8443
 }
 # The server name of your matrix homeserver. This example shows
 # "well-known delegation" from the registered domain to a subdomain,
 # which is only needed if your server_name doesn't match your Matrix
 # homeserver URL (i.e. you can show users a vanity domain that looks
 # nice and is easy to remember but still have your Matrix server on
 # its own subdomain or hosted service).
 example.com {
 	header /.well-known/matrix/* Content-Type application/json
 	header /.well-known/matrix/* Access-Control-Allow-Origin *
 	respond /.well-known/matrix/server `{"m.server": "matrix.example.com:443"}`
 	respond /.well-known/matrix/client `{"m.homeserver": {"base_url": "https://matrix.example.com"}}`
 }
 # The actual domain name whereby your Matrix server is accessed.
 matrix.example.com {
 	# Set localhost:8008 to the address of your Dendrite server, if different
 	reverse_proxy /_matrix/* localhost:8008
 }
--- a/docs/caddy/polylith/Caddyfile
+++ b/docs/caddy/polylith/Caddyfile
@ -0,0 +1,66 @@
 # Sample Caddyfile for using Caddy in front of Dendrite.
 #
 # Customize email address and domain names.
 # Optional settings commented out.
 #
 # BE SURE YOUR DOMAINS ARE POINTED AT YOUR SERVER FIRST.
 # Documentation: https://caddyserver.com/docs/
 #
 # Bonus tip: If your IP address changes, use Caddy's
 # dynamic DNS plugin to update your DNS records to
 # point to your new IP automatically:
 # https://github.com/mholt/caddy-dynamicdns
 #
 # Global options block
 {
 	# In case there is a problem with your certificates.
 	# email example@example.com
 	# Turn off the admin endpoint if you don't need graceful config
 	# changes and/or are running untrusted code on your machine.
 	# admin off
 	# Enable this if your clients don't send ServerName in TLS handshakes.
 	# default_sni example.com
 	# Enable debug mode for verbose logging.
 	# debug
 	# Use Let's Encrypt's staging endpoint for testing.
 	# acme_ca https://acme-staging-v02.api.letsencrypt.org/directory
 	# If you're port-forwarding HTTP/HTTPS ports from 80/443 to something
 	# else, enable these and put the alternate port numbers here.
 	# http_port  8080
 	# https_port 8443
 }
 # The server name of your matrix homeserver. This example shows
 # "well-known delegation" from the registered domain to a subdomain,
 # which is only needed if your server_name doesn't match your Matrix
 # homeserver URL (i.e. you can show users a vanity domain that looks
 # nice and is easy to remember but still have your Matrix server on
 # its own subdomain or hosted service).
 example.com {
 	header /.well-known/matrix/* Content-Type application/json
 	header /.well-known/matrix/* Access-Control-Allow-Origin *
 	respond /.well-known/matrix/server `{"m.server": "matrix.example.com:443"}`
 	respond /.well-known/matrix/client `{"m.homeserver": {"base_url": "https://matrix.example.com"}}`
 }
 # The actual domain name whereby your Matrix server is accessed.
 matrix.example.com {
 	# Change the end of each reverse_proxy line to the correct
 	# address for your various services.
 	@sync_api {
 		path_regexp /_matrix/client/.*?/(sync|user/.*?/filter/?.*|keys/changes|rooms/.*?/messages)$
 	}
 	reverse_proxy @sync_api sync_api:8073
 	reverse_proxy /_matrix/client* client_api:8071
 	reverse_proxy /_matrix/federation* federation_api:8071
 	reverse_proxy /_matrix/key* federation_api:8071
 	reverse_proxy /_matrix/media* media_api:8071
 }
--- a/docs/installation/10_starting_polylith.md
+++ b/docs/installation/10_starting_polylith.md
@ -2,7 +2,7 @@
 title: Starting the polylith
 parent: Installation
 has_toc: true
-nav_order: 9
+nav_order: 10
 permalink: /installation/start/polylith
 ---
--- a/docs/installation/11_optimisation.md
+++ b/docs/installation/11_optimisation.md
@ -2,7 +2,7 @@
 title: Optimise your installation
 parent: Installation
 has_toc: true
-nav_order: 10
+nav_order: 11
 permalink: /installation/start/optimisation
 ---
--- a/docs/installation/1_planning.md
+++ b/docs/installation/1_planning.md
@ -95,12 +95,13 @@ enabled.
 To do so, follow the [NATS Server installation instructions](https://docs.nats.io/running-a-nats-service/introduction/installation) and then [start your NATS deployment](https://docs.nats.io/running-a-nats-service/introduction/running). JetStream must be enabled, either by passing the `-js` flag to `nats-server`,
 or by specifying the `store_dir` option in the the `jetstream` configuration.
-### Reverse proxy (polylith deployments)
+### Reverse proxy
-Polylith deployments require a reverse proxy, such as [NGINX](https://www.nginx.com) or
+A reverse proxy such as [Caddy](https://caddyserver.com), [NGINX](https://www.nginx.com) or
-[HAProxy](http://www.haproxy.org). Configuring those is not covered in this documentation,
+[HAProxy](http://www.haproxy.org) is required for polylith deployments and is useful for monolith
-although a [sample configuration for NGINX](https://github.com/matrix-org/dendrite/blob/main/docs/nginx/polylith-sample.conf)
+deployments. Configuring those is not covered in this documentation, although sample configurations
-is provided.
+for [Caddy](https://github.com/matrix-org/dendrite/blob/main/docs/caddy) and
 [NGINX](https://github.com/matrix-org/dendrite/blob/main/docs/nginx) are provided.
 ### Windows
--- a/docs/installation/2_domainname.md
+++ b/docs/installation/2_domainname.md
@ -14,27 +14,38 @@ that take the format `@user:example.com`.
 For federation to work, the server name must be resolvable by other homeservers on the internet
 — that is, the domain must be registered and properly configured with the relevant DNS records.
-Matrix servers discover each other when federating using the following methods:
+Matrix servers usually discover each other when federating using the following methods:
-1. If a well-known delegation exists on `example.com`, use the path server from the
+1. If a well-known delegation exists on `example.com`, use the domain and port from the
   well-known file to connect to the remote homeserver;
-2. If a DNS SRV delegation exists on `example.com`, use the hostname and port from the DNS SRV
+2. If a DNS SRV delegation exists on `example.com`, use the IP address and port from the DNS SRV
   record to connect to the remote homeserver;
 3. If neither well-known or DNS SRV delegation are configured, attempt to connect to the remote
   homeserver by connecting to `example.com` port TCP/8448 using HTTPS.
 The exact details of how server name resolution works can be found in
 [the spec](https://spec.matrix.org/v1.3/server-server-api/#resolving-server-names).
 ## TLS certificates
 Matrix federation requires that valid TLS certificates are present on the domain. You must
-obtain certificates from a publicly accepted Certificate Authority (CA). [LetsEncrypt](https://letsencrypt.org)
+obtain certificates from a publicly-trusted certificate authority (CA). [Let's Encrypt](https://letsencrypt.org)
-is an example of such a CA that can be used. Self-signed certificates are not suitable for
+is a popular choice of CA because the certificates are publicly-trusted, free, and automated
-federation and will typically not be accepted by other homeservers.
+via the ACME protocol. (Self-signed certificates are not suitable for federation and will typically
 not be accepted by other homeservers.)
-A common practice to help ease the management of certificates is to install a reverse proxy in
+Automating the renewal of TLS certificates is best practice. There are many tools for this,
-front of Dendrite which manages the TLS certificates and HTTPS proxying itself. Software such as
+but the simplest way to achieve TLS automation is to have your reverse proxy do it for you.
-[NGINX](https://www.nginx.com) and [HAProxy](http://www.haproxy.org) can be used for the task.
+[Caddy](https://caddyserver.com) is recommended as a production-grade reverse proxy with
-Although the finer details of configuring these are not described here, you must reverse proxy
+automatic TLS which is commonly used in front of Dendrite. It obtains and renews TLS certificates
-all `/_matrix` paths to your Dendrite server.
+automatically and by default as long as your domain name is pointed at your server first.
 Although the finer details of [configuring Caddy](https://caddyserver.com/docs/) is not described
 here, in general, you must reverse proxy all `/_matrix` paths to your Dendrite server. For example,
 with Caddy:
 ```
 reverse_proxy /_matrix/* localhost:8008
 ```
 It is possible for the reverse proxy to listen on the standard HTTPS port TCP/443 so long as your
 domain delegation is configured to point to port TCP/443.
@ -51,17 +62,12 @@ you will be able to delegate from `example.com` to `matrix.example.com` so that
 Delegation can be performed in one of two ways:
-* **Well-known delegation**: A well-known text file is served over HTTPS on the domain name
+* **Well-known delegation (preferred)**: A well-known text file is served over HTTPS on the domain
-  that you want to use, pointing to your server on `matrix.example.com` port 8448;
+  name that you want to use, pointing to your server on `matrix.example.com` port 8448;
-* **DNS SRV delegation**: A DNS SRV record is created on the domain name that you want to
+* **DNS SRV delegation (not recommended)**: See the SRV delegation section below for details.
  use, pointing to your server on `matrix.example.com` port TCP/8448.
-If you are using a reverse proxy to forward `/_matrix` to Dendrite, your well-known or DNS SRV
+If you are using a reverse proxy to forward `/_matrix` to Dendrite, your well-known or delegation
-delegation must refer to the hostname and port that the reverse proxy is listening on instead.
+must refer to the hostname and port that the reverse proxy is listening on instead.
 Well-known delegation is typically easier to set up and usually preferred. However, you can use
 either or both methods to delegate. If you configure both methods of delegation, it is important
 that they both agree and refer to the same hostname and port.
 ## Well-known delegation
@ -74,20 +80,46 @@ and contain the following JSON document:
 ```json
 {
-    "m.server": "https://matrix.example.com:8448"
+    "m.server": "matrix.example.com:8448"
 }
 ```
 For example, this can be done with the following Caddy config:
 ```
 handle /.well-known/matrix/client {
 	header Content-Type application/json
 	header Access-Control-Allow-Origin *
 	respond `{"m.homeserver": {"base_url": "https://matrix.example.com:8448"}}`
 }
 ```
 You can also serve `.well-known` with Dendrite itself by setting the `well_known_server_name` config
 option to the value you want for `m.server`. This is primarily useful if Dendrite is exposed on
 `example.com:443` and you don't want to set up a separate webserver just for serving the `.well-known`
 file.
 ```yaml
 global:
 ...
   well_known_server_name: "example.com:443"
 ```
 ## DNS SRV delegation
-Using DNS SRV delegation requires creating DNS SRV records on the `example.com` zone which
+This method is not recommended, as the behavior of SRV records in Matrix is rather unintuitive:
-refer to your Dendrite installation.
+SRV records will only change the IP address and port that other servers connect to, they won't
 affect the domain name. In technical terms, the `Host` header and TLS SNI of federation requests
 will still be `example.com` even if the SRV record points at `matrix.example.com`.
-Assuming that your Dendrite installation is listening for HTTPS connections at `matrix.example.com`
+In practice, this means that the server must be configured with valid TLS certificates for
-port 8448, the DNS SRV record must have the following fields:
+`example.com`, rather than `matrix.example.com` as one might intuitively expect. If there's a
 reverse proxy in between, the proxy configuration must be written as if it's `example.com`, as the
 proxy will never see the name `matrix.example.com` in incoming requests.
-* Name: `@` (or whichever term your DNS provider uses to signal the root)
+This behavior also means that if `example.com` and `matrix.example.com` point at the same IP
-* Service: `_matrix`
+address, there is no reason to have a SRV record pointing at `matrix.example.com`. It can still
-* Protocol: `_tcp`
+be used to change the port number, but it won't do anything else.
-* Port: `8448`
+
-* Target: `matrix.example.com`
+If you understand how SRV records work and still want to use them, the service name is `_matrix` and
 the protocol is `_tcp`.
--- a/docs/installation/3_build.md
+++ b/docs/installation/3_build.md
@ -0,0 +1,38 @@
 ---
 title: Building Dendrite
 parent: Installation
 has_toc: true
 nav_order: 3
 permalink: /installation/build
 ---
 # Build all Dendrite commands
 Dendrite has numerous utility commands in addition to the actual server binaries.
 Build them all from the root of the source repo with `build.sh` (Linux/Mac):
 ```sh
 ./build.sh
 ```
 or `build.cmd` (Windows):
 ```powershell
 build.cmd
 ```
 The resulting binaries will be placed in the `bin` subfolder.
 # Installing as a monolith
 You can install the Dendrite monolith binary into `$GOPATH/bin` by using `go install`:
 ```sh
 go install ./cmd/dendrite-monolith-server
 ```
 Alternatively, you can specify a custom path for the binary to be written to using `go build`:
 ```sh
 go build -o /usr/local/bin/ ./cmd/dendrite-monolith-server
 ```
--- a/docs/installation/4_database.md
+++ b/docs/installation/4_database.md
@ -17,7 +17,9 @@ filenames in the Dendrite configuration file and start Dendrite. The databases w
 and populated automatically.
 Note that Dendrite **cannot share a single SQLite database across multiple components**. Each
-component must be configured with its own SQLite database filename.
+component must be configured with its own SQLite database filename. You will have to remove
 the `global.database` section from your Dendrite config and add it to each individual section
 instead in order to use SQLite.
 ### Connection strings
--- a/docs/installation/6_install_polylith.md
+++ b/docs/installation/6_install_polylith.md
@ -29,5 +29,6 @@ Polylith deployments require a reverse proxy in order to ensure that requests ar
 sent to the correct endpoint. You must ensure that a suitable reverse proxy is installed
 and configured.
-A [sample configuration file](https://github.com/matrix-org/dendrite/blob/main/docs/nginx/polylith-sample.conf)
+Sample configurations are provided
-is provided for [NGINX](https://www.nginx.com).
+for [Caddy](https://github.com/matrix-org/dendrite/blob/main/docs/caddy/polylith/Caddyfile)
 and [NGINX](https://github.com/matrix-org/dendrite/blob/main/docs/nginx/polylith-sample.conf).
--- a/docs/installation/7_configuration.md
+++ b/docs/installation/7_configuration.md
@ -1,13 +1,13 @@
 ---
-title: Populate the configuration
+title: Configuring Dendrite
 parent: Installation
 nav_order: 7
 permalink: /installation/configuration
 ---
-# Populate the configuration
+# Configuring Dendrite
-The configuration file is used to configure Dendrite. Sample configuration files are
+A YAML configuration file is used to configure Dendrite. Sample configuration files are
 present in the top level of the Dendrite repository:
 * [`dendrite-sample.monolith.yaml`](https://github.com/matrix-org/dendrite/blob/main/dendrite-sample.monolith.yaml)
--- a/docs/installation/8_signingkey.md
+++ b/docs/installation/8_signingkey.md
@ -1,7 +1,7 @@
 ---
 title: Generating signing keys
 parent: Installation
-nav_order: 4
+nav_order: 8
 permalink: /installation/signingkeys
 ---
--- a/docs/installation/9_starting_monolith.md
+++ b/docs/installation/9_starting_monolith.md
@ -15,8 +15,9 @@ you can start your Dendrite monolith deployment by starting the `dendrite-monoli
 ./dendrite-monolith-server -config /path/to/dendrite.yaml
 ```
-If you want to change the addresses or ports that Dendrite listens on, you
+By default, Dendrite will listen HTTP on port 8008. If you want to change the addresses
-can use the `-http-bind-address` and `-https-bind-address` command line arguments:
+or ports that Dendrite listens on, you can use the `-http-bind-address` and
 `-https-bind-address` command line arguments:
 ```bash
 ./dendrite-monolith-server -config /path/to/dendrite.yaml \
--- a/federationapi/api/api.go
+++ b/federationapi/api/api.go
@ -110,7 +110,7 @@ type FederationClientError struct {
 	Blacklisted bool
 }
-func (e *FederationClientError) Error() string {
+func (e FederationClientError) Error() string {
 	return fmt.Sprintf("%s - (retry_after=%s, blacklisted=%v)", e.Err, e.RetryAfter.String(), e.Blacklisted)
 }
--- a/federationapi/consumers/roomserver.go
+++ b/federationapi/consumers/roomserver.go
@ -208,9 +208,11 @@ func (s *OutputRoomEventConsumer) processMessage(ore api.OutputNewRoomEvent, rew
 // joinedHostsAtEvent works out a list of matrix servers that were joined to
 // the room at the event (including peeking ones)
 // It is important to use the state at the event for sending messages because:
-//   1) We shouldn't send messages to servers that weren't in the room.
+//
-//   2) If a server is kicked from the rooms it should still be told about the
+//  1. We shouldn't send messages to servers that weren't in the room.
-//      kick event,
+//  2. If a server is kicked from the rooms it should still be told about the
 //     kick event.
 //
 // Usually the list can be calculated locally, but sometimes it will need fetch
 // events from the room server.
 // Returns an error if there was a problem talking to the room server.
--- a/federationapi/consumers/sendtodevice.go
+++ b/federationapi/consumers/sendtodevice.go
@ -95,6 +95,11 @@ func (t *OutputSendToDeviceConsumer) onMessage(ctx context.Context, msg *nats.Ms
 		return true
 	}
 	// The SyncAPI is already handling sendToDevice for the local server
 	if destServerName == t.ServerName {
 		return true
 	}
 	// Pack the EDU and marshal it
 	edu := &gomatrixserverlib.EDU{
 		Type:   gomatrixserverlib.MDirectToDevice,
--- a/federationapi/federationapi.go
+++ b/federationapi/federationapi.go
@ -15,6 +15,8 @@
 package federationapi
 import (
 	"time"
 	"github.com/gorilla/mux"
 	"github.com/matrix-org/dendrite/federationapi/api"
 	federationAPI "github.com/matrix-org/dendrite/federationapi/api"
@ -167,5 +169,16 @@ func NewInternalAPI(
 	if err = presenceConsumer.Start(); err != nil {
 		logrus.WithError(err).Panic("failed to start presence consumer")
 	}
 	var cleanExpiredEDUs func()
 	cleanExpiredEDUs = func() {
 		logrus.Infof("Cleaning expired EDUs")
 		if err := federationDB.DeleteExpiredEDUs(base.Context()); err != nil {
 			logrus.WithError(err).Error("Failed to clean expired EDUs")
 		}
 		time.AfterFunc(time.Hour, cleanExpiredEDUs)
 	}
 	time.AfterFunc(time.Minute, cleanExpiredEDUs)
 	return internal.NewFederationInternalAPI(federationDB, cfg, rsAPI, federation, stats, caches, queues, keyRing)
 }
--- a/federationapi/federationapi_keys_test.go
+++ b/federationapi/federationapi_keys_test.go
@ -6,7 +6,7 @@ import (
 	"crypto/ed25519"
 	"encoding/json"
 	"fmt"
-	"io/ioutil"
+	"io"
 	"net/http"
 	"os"
 	"testing"
@ -66,7 +66,7 @@ func TestMain(m *testing.M) {
 			s.cache = caching.NewRistrettoCache(8*1024*1024, time.Hour, false)
 			// Create a temporary directory for JetStream.
-			d, err := ioutil.TempDir("./", "jetstream*")
+			d, err := os.MkdirTemp("./", "jetstream*")
 			if err != nil {
 				panic(err)
 			}
@ -136,7 +136,7 @@ func (m *MockRoundTripper) RoundTrip(req *http.Request) (res *http.Response, err
 	// And respond.
 	res = &http.Response{
 		StatusCode: 200,
-		Body:       ioutil.NopCloser(bytes.NewReader(body)),
+		Body:       io.NopCloser(bytes.NewReader(body)),
 	}
 	return
 }
--- a/federationapi/federationapi_test.go
+++ b/federationapi/federationapi_test.go
@ -6,6 +6,7 @@ import (
 	"encoding/json"
 	"fmt"
 	"strings"
 	"sync"
 	"testing"
 	"time"
@ -31,11 +32,12 @@ type fedRoomserverAPI struct {
 }
 // PerformJoin will call this function
-func (f *fedRoomserverAPI) InputRoomEvents(ctx context.Context, req *rsapi.InputRoomEventsRequest, res *rsapi.InputRoomEventsResponse) {
+func (f *fedRoomserverAPI) InputRoomEvents(ctx context.Context, req *rsapi.InputRoomEventsRequest, res *rsapi.InputRoomEventsResponse) error {
 	if f.inputRoomEvents == nil {
-		return
+		return nil
 	}
 	f.inputRoomEvents(ctx, req, res)
 	return nil
 }
 // keychange consumer calls this
@ -48,6 +50,7 @@ func (f *fedRoomserverAPI) QueryRoomsForUser(ctx context.Context, req *rsapi.Que
 // TODO: This struct isn't generic, only works for TestFederationAPIJoinThenKeyUpdate
 type fedClient struct {
 	fedClientMutex sync.Mutex
 	api.FederationClient
 	allowJoins []*test.Room
 	keys       map[gomatrixserverlib.ServerName]struct {
@ -59,6 +62,8 @@ type fedClient struct {
 }
 func (f *fedClient) GetServerKeys(ctx context.Context, matrixServer gomatrixserverlib.ServerName) (gomatrixserverlib.ServerKeys, error) {
 	f.fedClientMutex.Lock()
 	defer f.fedClientMutex.Unlock()
 	fmt.Println("GetServerKeys:", matrixServer)
 	var keys gomatrixserverlib.ServerKeys
 	var keyID gomatrixserverlib.KeyID
@ -122,6 +127,8 @@ func (f *fedClient) MakeJoin(ctx context.Context, s gomatrixserverlib.ServerName
 	return
 }
 func (f *fedClient) SendJoin(ctx context.Context, s gomatrixserverlib.ServerName, event *gomatrixserverlib.Event) (res gomatrixserverlib.RespSendJoin, err error) {
 	f.fedClientMutex.Lock()
 	defer f.fedClientMutex.Unlock()
 	for _, r := range f.allowJoins {
 		if r.ID == event.RoomID() {
 			r.InsertEvent(f.t, event.Headered(r.Version))
@ -134,6 +141,8 @@ func (f *fedClient) SendJoin(ctx context.Context, s gomatrixserverlib.ServerName
 }
 func (f *fedClient) SendTransaction(ctx context.Context, t gomatrixserverlib.Transaction) (res gomatrixserverlib.RespSend, err error) {
 	f.fedClientMutex.Lock()
 	defer f.fedClientMutex.Unlock()
 	for _, edu := range t.EDUs {
 		if edu.Type == gomatrixserverlib.MDeviceListUpdate {
 			f.sentTxn = true
@ -242,6 +251,8 @@ func testFederationAPIJoinThenKeyUpdate(t *testing.T, dbType test.DBType) {
 	testrig.MustPublishMsgs(t, jsctx, msg)
 	time.Sleep(500 * time.Millisecond)
 	fc.fedClientMutex.Lock()
 	defer fc.fedClientMutex.Unlock()
 	if !fc.sentTxn {
 		t.Fatalf("did not send device list update")
 	}
--- a/federationapi/inthttp/client.go
+++ b/federationapi/inthttp/client.go
@ -10,7 +10,6 @@ import (
 	"github.com/matrix-org/dendrite/internal/httputil"
 	"github.com/matrix-org/gomatrix"
 	"github.com/matrix-org/gomatrixserverlib"
 	"github.com/opentracing/opentracing-go"
 )
 // HTTP paths for the internal HTTP API
@ -48,7 +47,11 @@ func NewFederationAPIClient(federationSenderURL string, httpClient *http.Client,
 	if httpClient == nil {
 		return nil, errors.New("NewFederationInternalAPIHTTP: httpClient is <nil>")
 	}
-	return &httpFederationInternalAPI{federationSenderURL, httpClient, cache}, nil
+	return &httpFederationInternalAPI{
 		federationAPIURL: federationSenderURL,
 		httpClient:       httpClient,
 		cache:            cache,
 	}, nil
 }
 type httpFederationInternalAPI struct {
@ -63,11 +66,10 @@ func (h *httpFederationInternalAPI) PerformLeave(
 	request *api.PerformLeaveRequest,
 	response *api.PerformLeaveResponse,
 ) error {
-	span, ctx := opentracing.StartSpanFromContext(ctx, "PerformLeaveRequest")
+	return httputil.CallInternalRPCAPI(
-	defer span.Finish()
+		"PerformLeave", h.federationAPIURL+FederationAPIPerformLeaveRequestPath,
-
+		h.httpClient, ctx, request, response,
-	apiURL := h.federationAPIURL + FederationAPIPerformLeaveRequestPath
+	)
 	return httputil.PostJSON(ctx, span, h.httpClient, apiURL, request, response)
 }
 // Handle sending an invite to a remote server.
@ -76,11 +78,10 @@ func (h *httpFederationInternalAPI) PerformInvite(
 	request *api.PerformInviteRequest,
 	response *api.PerformInviteResponse,
 ) error {
-	span, ctx := opentracing.StartSpanFromContext(ctx, "PerformInviteRequest")
+	return httputil.CallInternalRPCAPI(
-	defer span.Finish()
+		"PerformInvite", h.federationAPIURL+FederationAPIPerformInviteRequestPath,
-
+		h.httpClient, ctx, request, response,
-	apiURL := h.federationAPIURL + FederationAPIPerformInviteRequestPath
+	)
 	return httputil.PostJSON(ctx, span, h.httpClient, apiURL, request, response)
 }
 // Handle starting a peek on a remote server.
@ -89,11 +90,10 @@ func (h *httpFederationInternalAPI) PerformOutboundPeek(
 	request *api.PerformOutboundPeekRequest,
 	response *api.PerformOutboundPeekResponse,
 ) error {
-	span, ctx := opentracing.StartSpanFromContext(ctx, "PerformOutboundPeekRequest")
+	return httputil.CallInternalRPCAPI(
-	defer span.Finish()
+		"PerformOutboundPeek", h.federationAPIURL+FederationAPIPerformOutboundPeekRequestPath,
-
+		h.httpClient, ctx, request, response,
-	apiURL := h.federationAPIURL + FederationAPIPerformOutboundPeekRequestPath
+	)
 	return httputil.PostJSON(ctx, span, h.httpClient, apiURL, request, response)
 }
 // QueryJoinedHostServerNamesInRoom implements FederationInternalAPI
@ -102,11 +102,10 @@ func (h *httpFederationInternalAPI) QueryJoinedHostServerNamesInRoom(
 	request *api.QueryJoinedHostServerNamesInRoomRequest,
 	response *api.QueryJoinedHostServerNamesInRoomResponse,
 ) error {
-	span, ctx := opentracing.StartSpanFromContext(ctx, "QueryJoinedHostServerNamesInRoom")
+	return httputil.CallInternalRPCAPI(
-	defer span.Finish()
+		"QueryJoinedHostServerNamesInRoom", h.federationAPIURL+FederationAPIQueryJoinedHostServerNamesInRoomPath,
-
+		h.httpClient, ctx, request, response,
-	apiURL := h.federationAPIURL + FederationAPIQueryJoinedHostServerNamesInRoomPath
+	)
 	return httputil.PostJSON(ctx, span, h.httpClient, apiURL, request, response)
 }
 // Handle an instruction to make_join & send_join with a remote server.
@ -115,12 +114,10 @@ func (h *httpFederationInternalAPI) PerformJoin(
 	request *api.PerformJoinRequest,
 	response *api.PerformJoinResponse,
 ) {
-	span, ctx := opentracing.StartSpanFromContext(ctx, "PerformJoinRequest")
+	if err := httputil.CallInternalRPCAPI(
-	defer span.Finish()
+		"PerformJoinRequest", h.federationAPIURL+FederationAPIPerformJoinRequestPath,
-
+		h.httpClient, ctx, request, response,
-	apiURL := h.federationAPIURL + FederationAPIPerformJoinRequestPath
+	); err != nil {
 	err := httputil.PostJSON(ctx, span, h.httpClient, apiURL, request, response)
 	if err != nil {
 		response.LastError = &gomatrix.HTTPError{
 			Message:      err.Error(),
 			Code:         0,
@ -135,11 +132,10 @@ func (h *httpFederationInternalAPI) PerformDirectoryLookup(
 	request *api.PerformDirectoryLookupRequest,
 	response *api.PerformDirectoryLookupResponse,
 ) error {
-	span, ctx := opentracing.StartSpanFromContext(ctx, "PerformDirectoryLookup")
+	return httputil.CallInternalRPCAPI(
-	defer span.Finish()
+		"PerformDirectoryLookup", h.federationAPIURL+FederationAPIPerformDirectoryLookupRequestPath,
-
+		h.httpClient, ctx, request, response,
-	apiURL := h.federationAPIURL + FederationAPIPerformDirectoryLookupRequestPath
+	)
 	return httputil.PostJSON(ctx, span, h.httpClient, apiURL, request, response)
 }
 // Handle an instruction to broadcast an EDU to all servers in rooms we are joined to.
@ -148,101 +144,61 @@ func (h *httpFederationInternalAPI) PerformBroadcastEDU(
 	request *api.PerformBroadcastEDURequest,
 	response *api.PerformBroadcastEDUResponse,
 ) error {
-	span, ctx := opentracing.StartSpanFromContext(ctx, "PerformBroadcastEDU")
+	return httputil.CallInternalRPCAPI(
-	defer span.Finish()
+		"PerformBroadcastEDU", h.federationAPIURL+FederationAPIPerformBroadcastEDUPath,
-
+		h.httpClient, ctx, request, response,
-	apiURL := h.federationAPIURL + FederationAPIPerformBroadcastEDUPath
+	)
 	return httputil.PostJSON(ctx, span, h.httpClient, apiURL, request, response)
 }
 type getUserDevices struct {
 	S      gomatrixserverlib.ServerName
 	UserID string
 	Res    *gomatrixserverlib.RespUserDevices
 	Err    *api.FederationClientError
 }
 func (h *httpFederationInternalAPI) GetUserDevices(
 	ctx context.Context, s gomatrixserverlib.ServerName, userID string,
 ) (gomatrixserverlib.RespUserDevices, error) {
-	span, ctx := opentracing.StartSpanFromContext(ctx, "GetUserDevices")
+	return httputil.CallInternalProxyAPI[getUserDevices, gomatrixserverlib.RespUserDevices, *api.FederationClientError](
-	defer span.Finish()
+		"GetUserDevices", h.federationAPIURL+FederationAPIGetUserDevicesPath, h.httpClient,
-
+		ctx, &getUserDevices{
-	var result gomatrixserverlib.RespUserDevices
+			S:      s,
-	request := getUserDevices{
+			UserID: userID,
-		S:      s,
+		},
-		UserID: userID,
+	)
 	}
 	var response getUserDevices
 	apiURL := h.federationAPIURL + FederationAPIGetUserDevicesPath
 	err := httputil.PostJSON(ctx, span, h.httpClient, apiURL, &request, &response)
 	if err != nil {
 		return result, err
 	}
 	if response.Err != nil {
 		return result, response.Err
 	}
 	return *response.Res, nil
 }
 type claimKeys struct {
 	S           gomatrixserverlib.ServerName
 	OneTimeKeys map[string]map[string]string
 	Res         *gomatrixserverlib.RespClaimKeys
 	Err         *api.FederationClientError
 }
 func (h *httpFederationInternalAPI) ClaimKeys(
 	ctx context.Context, s gomatrixserverlib.ServerName, oneTimeKeys map[string]map[string]string,
 ) (gomatrixserverlib.RespClaimKeys, error) {
-	span, ctx := opentracing.StartSpanFromContext(ctx, "ClaimKeys")
+	return httputil.CallInternalProxyAPI[claimKeys, gomatrixserverlib.RespClaimKeys, *api.FederationClientError](
-	defer span.Finish()
+		"ClaimKeys", h.federationAPIURL+FederationAPIClaimKeysPath, h.httpClient,
-
+		ctx, &claimKeys{
-	var result gomatrixserverlib.RespClaimKeys
+			S:           s,
-	request := claimKeys{
+			OneTimeKeys: oneTimeKeys,
-		S:           s,
+		},
-		OneTimeKeys: oneTimeKeys,
+	)
 	}
 	var response claimKeys
 	apiURL := h.federationAPIURL + FederationAPIClaimKeysPath
 	err := httputil.PostJSON(ctx, span, h.httpClient, apiURL, &request, &response)
 	if err != nil {
 		return result, err
 	}
 	if response.Err != nil {
 		return result, response.Err
 	}
 	return *response.Res, nil
 }
 type queryKeys struct {
 	S    gomatrixserverlib.ServerName
 	Keys map[string][]string
 	Res  *gomatrixserverlib.RespQueryKeys
 	Err  *api.FederationClientError
 }
 func (h *httpFederationInternalAPI) QueryKeys(
 	ctx context.Context, s gomatrixserverlib.ServerName, keys map[string][]string,
 ) (gomatrixserverlib.RespQueryKeys, error) {
-	span, ctx := opentracing.StartSpanFromContext(ctx, "QueryKeys")
+	return httputil.CallInternalProxyAPI[queryKeys, gomatrixserverlib.RespQueryKeys, *api.FederationClientError](
-	defer span.Finish()
+		"QueryKeys", h.federationAPIURL+FederationAPIQueryKeysPath, h.httpClient,
-
+		ctx, &queryKeys{
-	var result gomatrixserverlib.RespQueryKeys
+			S:    s,
-	request := queryKeys{
+			Keys: keys,
-		S:    s,
+		},
-		Keys: keys,
+	)
 	}
 	var response queryKeys
 	apiURL := h.federationAPIURL + FederationAPIQueryKeysPath
 	err := httputil.PostJSON(ctx, span, h.httpClient, apiURL, &request, &response)
 	if err != nil {
 		return result, err
 	}
 	if response.Err != nil {
 		return result, response.Err
 	}
 	return *response.Res, nil
 }
 type backfill struct {
@ -250,32 +206,20 @@ type backfill struct {
 	RoomID   string
 	Limit    int
 	EventIDs []string
 	Res      *gomatrixserverlib.Transaction
 	Err      *api.FederationClientError
 }
 func (h *httpFederationInternalAPI) Backfill(
 	ctx context.Context, s gomatrixserverlib.ServerName, roomID string, limit int, eventIDs []string,
 ) (gomatrixserverlib.Transaction, error) {
-	span, ctx := opentracing.StartSpanFromContext(ctx, "Backfill")
+	return httputil.CallInternalProxyAPI[backfill, gomatrixserverlib.Transaction, *api.FederationClientError](
-	defer span.Finish()
+		"Backfill", h.federationAPIURL+FederationAPIBackfillPath, h.httpClient,
-
+		ctx, &backfill{
-	request := backfill{
+			S:        s,
-		S:        s,
+			RoomID:   roomID,
-		RoomID:   roomID,
+			Limit:    limit,
-		Limit:    limit,
+			EventIDs: eventIDs,
-		EventIDs: eventIDs,
+		},
-	}
+	)
 	var response backfill
 	apiURL := h.federationAPIURL + FederationAPIBackfillPath
 	err := httputil.PostJSON(ctx, span, h.httpClient, apiURL, &request, &response)
 	if err != nil {
 		return gomatrixserverlib.Transaction{}, err
 	}
 	if response.Err != nil {
 		return gomatrixserverlib.Transaction{}, response.Err
 	}
 	return *response.Res, nil
 }
 type lookupState struct {
@ -283,63 +227,39 @@ type lookupState struct {
 	RoomID      string
 	EventID     string
 	RoomVersion gomatrixserverlib.RoomVersion
 	Res         *gomatrixserverlib.RespState
 	Err         *api.FederationClientError
 }
 func (h *httpFederationInternalAPI) LookupState(
 	ctx context.Context, s gomatrixserverlib.ServerName, roomID, eventID string, roomVersion gomatrixserverlib.RoomVersion,
 ) (gomatrixserverlib.RespState, error) {
-	span, ctx := opentracing.StartSpanFromContext(ctx, "LookupState")
+	return httputil.CallInternalProxyAPI[lookupState, gomatrixserverlib.RespState, *api.FederationClientError](
-	defer span.Finish()
+		"LookupState", h.federationAPIURL+FederationAPILookupStatePath, h.httpClient,
-
+		ctx, &lookupState{
-	request := lookupState{
+			S:           s,
-		S:           s,
+			RoomID:      roomID,
-		RoomID:      roomID,
+			EventID:     eventID,
-		EventID:     eventID,
+			RoomVersion: roomVersion,
-		RoomVersion: roomVersion,
+		},
-	}
+	)
 	var response lookupState
 	apiURL := h.federationAPIURL + FederationAPILookupStatePath
 	err := httputil.PostJSON(ctx, span, h.httpClient, apiURL, &request, &response)
 	if err != nil {
 		return gomatrixserverlib.RespState{}, err
 	}
 	if response.Err != nil {
 		return gomatrixserverlib.RespState{}, response.Err
 	}
 	return *response.Res, nil
 }
 type lookupStateIDs struct {
 	S       gomatrixserverlib.ServerName
 	RoomID  string
 	EventID string
 	Res     *gomatrixserverlib.RespStateIDs
 	Err     *api.FederationClientError
 }
 func (h *httpFederationInternalAPI) LookupStateIDs(
 	ctx context.Context, s gomatrixserverlib.ServerName, roomID, eventID string,
 ) (gomatrixserverlib.RespStateIDs, error) {
-	span, ctx := opentracing.StartSpanFromContext(ctx, "LookupStateIDs")
+	return httputil.CallInternalProxyAPI[lookupStateIDs, gomatrixserverlib.RespStateIDs, *api.FederationClientError](
-	defer span.Finish()
+		"LookupStateIDs", h.federationAPIURL+FederationAPILookupStateIDsPath, h.httpClient,
-
+		ctx, &lookupStateIDs{
-	request := lookupStateIDs{
+			S:       s,
-		S:       s,
+			RoomID:  roomID,
-		RoomID:  roomID,
+			EventID: eventID,
-		EventID: eventID,
+		},
-	}
+	)
 	var response lookupStateIDs
 	apiURL := h.federationAPIURL + FederationAPILookupStateIDsPath
 	err := httputil.PostJSON(ctx, span, h.httpClient, apiURL, &request, &response)
 	if err != nil {
 		return gomatrixserverlib.RespStateIDs{}, err
 	}
 	if response.Err != nil {
 		return gomatrixserverlib.RespStateIDs{}, response.Err
 	}
 	return *response.Res, nil
 }
 type lookupMissingEvents struct {
@ -347,64 +267,38 @@ type lookupMissingEvents struct {
 	RoomID      string
 	Missing     gomatrixserverlib.MissingEvents
 	RoomVersion gomatrixserverlib.RoomVersion
 	Res         struct {
 		Events []gomatrixserverlib.RawJSON `json:"events"`
 	}
 	Err *api.FederationClientError
 }
 func (h *httpFederationInternalAPI) LookupMissingEvents(
 	ctx context.Context, s gomatrixserverlib.ServerName, roomID string,
 	missing gomatrixserverlib.MissingEvents, roomVersion gomatrixserverlib.RoomVersion,
 ) (res gomatrixserverlib.RespMissingEvents, err error) {
-	span, ctx := opentracing.StartSpanFromContext(ctx, "LookupMissingEvents")
+	return httputil.CallInternalProxyAPI[lookupMissingEvents, gomatrixserverlib.RespMissingEvents, *api.FederationClientError](
-	defer span.Finish()
+		"LookupMissingEvents", h.federationAPIURL+FederationAPILookupMissingEventsPath, h.httpClient,
-
+		ctx, &lookupMissingEvents{
-	request := lookupMissingEvents{
+			S:           s,
-		S:           s,
+			RoomID:      roomID,
-		RoomID:      roomID,
+			Missing:     missing,
-		Missing:     missing,
+			RoomVersion: roomVersion,
-		RoomVersion: roomVersion,
+		},
-	}
+	)
 	apiURL := h.federationAPIURL + FederationAPILookupMissingEventsPath
 	err = httputil.PostJSON(ctx, span, h.httpClient, apiURL, &request, &request)
 	if err != nil {
 		return res, err
 	}
 	if request.Err != nil {
 		return res, request.Err
 	}
 	res.Events = request.Res.Events
 	return res, nil
 }
 type getEvent struct {
 	S       gomatrixserverlib.ServerName
 	EventID string
 	Res     *gomatrixserverlib.Transaction
 	Err     *api.FederationClientError
 }
 func (h *httpFederationInternalAPI) GetEvent(
 	ctx context.Context, s gomatrixserverlib.ServerName, eventID string,
 ) (gomatrixserverlib.Transaction, error) {
-	span, ctx := opentracing.StartSpanFromContext(ctx, "GetEvent")
+	return httputil.CallInternalProxyAPI[getEvent, gomatrixserverlib.Transaction, *api.FederationClientError](
-	defer span.Finish()
+		"GetEvent", h.federationAPIURL+FederationAPIGetEventPath, h.httpClient,
-
+		ctx, &getEvent{
-	request := getEvent{
+			S:       s,
-		S:       s,
+			EventID: eventID,
-		EventID: eventID,
+		},
-	}
+	)
 	var response getEvent
 	apiURL := h.federationAPIURL + FederationAPIGetEventPath
 	err := httputil.PostJSON(ctx, span, h.httpClient, apiURL, &request, &response)
 	if err != nil {
 		return gomatrixserverlib.Transaction{}, err
 	}
 	if response.Err != nil {
 		return gomatrixserverlib.Transaction{}, response.Err
 	}
 	return *response.Res, nil
 }
 type getEventAuth struct {
@ -412,135 +306,86 @@ type getEventAuth struct {
 	RoomVersion gomatrixserverlib.RoomVersion
 	RoomID      string
 	EventID     string
 	Res         *gomatrixserverlib.RespEventAuth
 	Err         *api.FederationClientError
 }
 func (h *httpFederationInternalAPI) GetEventAuth(
 	ctx context.Context, s gomatrixserverlib.ServerName,
 	roomVersion gomatrixserverlib.RoomVersion, roomID, eventID string,
 ) (gomatrixserverlib.RespEventAuth, error) {
-	span, ctx := opentracing.StartSpanFromContext(ctx, "GetEventAuth")
+	return httputil.CallInternalProxyAPI[getEventAuth, gomatrixserverlib.RespEventAuth, *api.FederationClientError](
-	defer span.Finish()
+		"GetEventAuth", h.federationAPIURL+FederationAPIGetEventAuthPath, h.httpClient,
-
+		ctx, &getEventAuth{
-	request := getEventAuth{
+			S:           s,
-		S:           s,
+			RoomVersion: roomVersion,
-		RoomVersion: roomVersion,
+			RoomID:      roomID,
-		RoomID:      roomID,
+			EventID:     eventID,
-		EventID:     eventID,
+		},
-	}
+	)
 	var response getEventAuth
 	apiURL := h.federationAPIURL + FederationAPIGetEventAuthPath
 	err := httputil.PostJSON(ctx, span, h.httpClient, apiURL, &request, &response)
 	if err != nil {
 		return gomatrixserverlib.RespEventAuth{}, err
 	}
 	if response.Err != nil {
 		return gomatrixserverlib.RespEventAuth{}, response.Err
 	}
 	return *response.Res, nil
 }
 func (h *httpFederationInternalAPI) QueryServerKeys(
 	ctx context.Context, req *api.QueryServerKeysRequest, res *api.QueryServerKeysResponse,
 ) error {
-	span, ctx := opentracing.StartSpanFromContext(ctx, "QueryServerKeys")
+	return httputil.CallInternalRPCAPI(
-	defer span.Finish()
+		"QueryServerKeys", h.federationAPIURL+FederationAPIQueryServerKeysPath,
-
+		h.httpClient, ctx, req, res,
-	apiURL := h.federationAPIURL + FederationAPIQueryServerKeysPath
+	)
 	return httputil.PostJSON(ctx, span, h.httpClient, apiURL, req, res)
 }
 type lookupServerKeys struct {
 	S           gomatrixserverlib.ServerName
 	KeyRequests map[gomatrixserverlib.PublicKeyLookupRequest]gomatrixserverlib.Timestamp
 	ServerKeys  []gomatrixserverlib.ServerKeys
 	Err         *api.FederationClientError
 }
 func (h *httpFederationInternalAPI) LookupServerKeys(
 	ctx context.Context, s gomatrixserverlib.ServerName, keyRequests map[gomatrixserverlib.PublicKeyLookupRequest]gomatrixserverlib.Timestamp,
 ) ([]gomatrixserverlib.ServerKeys, error) {
-	span, ctx := opentracing.StartSpanFromContext(ctx, "LookupServerKeys")
+	return httputil.CallInternalProxyAPI[lookupServerKeys, []gomatrixserverlib.ServerKeys, *api.FederationClientError](
-	defer span.Finish()
+		"LookupServerKeys", h.federationAPIURL+FederationAPILookupServerKeysPath, h.httpClient,
-
+		ctx, &lookupServerKeys{
-	request := lookupServerKeys{
+			S:           s,
-		S:           s,
+			KeyRequests: keyRequests,
-		KeyRequests: keyRequests,
+		},
-	}
+	)
 	var response lookupServerKeys
 	apiURL := h.federationAPIURL + FederationAPILookupServerKeysPath
 	err := httputil.PostJSON(ctx, span, h.httpClient, apiURL, &request, &response)
 	if err != nil {
 		return []gomatrixserverlib.ServerKeys{}, err
 	}
 	if response.Err != nil {
 		return []gomatrixserverlib.ServerKeys{}, response.Err
 	}
 	return response.ServerKeys, nil
 }
 type eventRelationships struct {
 	S       gomatrixserverlib.ServerName
 	Req     gomatrixserverlib.MSC2836EventRelationshipsRequest
 	RoomVer gomatrixserverlib.RoomVersion
 	Res     gomatrixserverlib.MSC2836EventRelationshipsResponse
 	Err     *api.FederationClientError
 }
 func (h *httpFederationInternalAPI) MSC2836EventRelationships(
 	ctx context.Context, s gomatrixserverlib.ServerName, r gomatrixserverlib.MSC2836EventRelationshipsRequest,
 	roomVersion gomatrixserverlib.RoomVersion,
 ) (res gomatrixserverlib.MSC2836EventRelationshipsResponse, err error) {
-	span, ctx := opentracing.StartSpanFromContext(ctx, "MSC2836EventRelationships")
+	return httputil.CallInternalProxyAPI[eventRelationships, gomatrixserverlib.MSC2836EventRelationshipsResponse, *api.FederationClientError](
-	defer span.Finish()
+		"MSC2836EventRelationships", h.federationAPIURL+FederationAPIEventRelationshipsPath, h.httpClient,
-
+		ctx, &eventRelationships{
-	request := eventRelationships{
+			S:       s,
-		S:       s,
+			Req:     r,
-		Req:     r,
+			RoomVer: roomVersion,
-		RoomVer: roomVersion,
+		},
-	}
+	)
 	var response eventRelationships
 	apiURL := h.federationAPIURL + FederationAPIEventRelationshipsPath
 	err = httputil.PostJSON(ctx, span, h.httpClient, apiURL, &request, &response)
 	if err != nil {
 		return res, err
 	}
 	if response.Err != nil {
 		return res, response.Err
 	}
 	return response.Res, nil
 }
 type spacesReq struct {
 	S             gomatrixserverlib.ServerName
 	SuggestedOnly bool
 	RoomID        string
 	Res           gomatrixserverlib.MSC2946SpacesResponse
 	Err           *api.FederationClientError
 }
 func (h *httpFederationInternalAPI) MSC2946Spaces(
 	ctx context.Context, dst gomatrixserverlib.ServerName, roomID string, suggestedOnly bool,
 ) (res gomatrixserverlib.MSC2946SpacesResponse, err error) {
-	span, ctx := opentracing.StartSpanFromContext(ctx, "MSC2946Spaces")
+	return httputil.CallInternalProxyAPI[spacesReq, gomatrixserverlib.MSC2946SpacesResponse, *api.FederationClientError](
-	defer span.Finish()
+		"MSC2836EventRelationships", h.federationAPIURL+FederationAPISpacesSummaryPath, h.httpClient,
-
+		ctx, &spacesReq{
-	request := spacesReq{
+			S:             dst,
-		S:             dst,
+			SuggestedOnly: suggestedOnly,
-		SuggestedOnly: suggestedOnly,
+			RoomID:        roomID,
-		RoomID:        roomID,
+		},
-	}
+	)
 	var response spacesReq
 	apiURL := h.federationAPIURL + FederationAPISpacesSummaryPath
 	err = httputil.PostJSON(ctx, span, h.httpClient, apiURL, &request, &response)
 	if err != nil {
 		return res, err
 	}
 	if response.Err != nil {
 		return res, response.Err
 	}
 	return response.Res, nil
 }
 func (s *httpFederationInternalAPI) KeyRing() *gomatrixserverlib.KeyRing {
@ -614,11 +459,10 @@ func (h *httpFederationInternalAPI) InputPublicKeys(
 	request *api.InputPublicKeysRequest,
 	response *api.InputPublicKeysResponse,
 ) error {
-	span, ctx := opentracing.StartSpanFromContext(ctx, "InputPublicKey")
+	return httputil.CallInternalRPCAPI(
-	defer span.Finish()
+		"InputPublicKey", h.federationAPIURL+FederationAPIInputPublicKeyPath,
-
+		h.httpClient, ctx, request, response,
-	apiURL := h.federationAPIURL + FederationAPIInputPublicKeyPath
+	)
 	return httputil.PostJSON(ctx, span, h.httpClient, apiURL, request, response)
 }
 func (h *httpFederationInternalAPI) QueryPublicKeys(
@ -626,9 +470,8 @@ func (h *httpFederationInternalAPI) QueryPublicKeys(
 	request *api.QueryPublicKeysRequest,
 	response *api.QueryPublicKeysResponse,
 ) error {
-	span, ctx := opentracing.StartSpanFromContext(ctx, "QueryPublicKey")
+	return httputil.CallInternalRPCAPI(
-	defer span.Finish()
+		"QueryPublicKeys", h.federationAPIURL+FederationAPIQueryPublicKeyPath,
-
+		h.httpClient, ctx, request, response,
-	apiURL := h.federationAPIURL + FederationAPIQueryPublicKeyPath
+	)
 	return httputil.PostJSON(ctx, span, h.httpClient, apiURL, request, response)
 }
--- a/federationapi/inthttp/server.go
+++ b/federationapi/inthttp/server.go
@ -1,12 +1,14 @@
 package inthttp
 import (
 	"context"
 	"encoding/json"
 	"net/http"
 	"github.com/gorilla/mux"
 	"github.com/matrix-org/dendrite/federationapi/api"
 	"github.com/matrix-org/dendrite/internal/httputil"
 	"github.com/matrix-org/gomatrixserverlib"
 	"github.com/matrix-org/util"
 )
@ -15,372 +17,180 @@ import (
 func AddRoutes(intAPI api.FederationInternalAPI, internalAPIMux *mux.Router) {
 	internalAPIMux.Handle(
 		FederationAPIQueryJoinedHostServerNamesInRoomPath,
-		httputil.MakeInternalAPI("QueryJoinedHostServerNamesInRoom", func(req *http.Request) util.JSONResponse {
+		httputil.MakeInternalRPCAPI("FederationAPIQueryJoinedHostServerNamesInRoom", intAPI.QueryJoinedHostServerNamesInRoom),
 			var request api.QueryJoinedHostServerNamesInRoomRequest
 			var response api.QueryJoinedHostServerNamesInRoomResponse
 			if err := json.NewDecoder(req.Body).Decode(&request); err != nil {
 				return util.ErrorResponse(err)
 			}
 			if err := intAPI.QueryJoinedHostServerNamesInRoom(req.Context(), &request, &response); err != nil {
 				return util.ErrorResponse(err)
 			}
 			return util.JSONResponse{Code: http.StatusOK, JSON: &response}
 		}),
 	)
 	internalAPIMux.Handle(
 		FederationAPIPerformJoinRequestPath,
 		httputil.MakeInternalAPI("PerformJoinRequest", func(req *http.Request) util.JSONResponse {
 			var request api.PerformJoinRequest
 			var response api.PerformJoinResponse
 			if err := json.NewDecoder(req.Body).Decode(&request); err != nil {
 				return util.MessageResponse(http.StatusBadRequest, err.Error())
 			}
 			intAPI.PerformJoin(req.Context(), &request, &response)
 			return util.JSONResponse{Code: http.StatusOK, JSON: &response}
 		}),
 	)
 	internalAPIMux.Handle(
 		FederationAPIPerformLeaveRequestPath,
 		httputil.MakeInternalAPI("PerformLeaveRequest", func(req *http.Request) util.JSONResponse {
 			var request api.PerformLeaveRequest
 			var response api.PerformLeaveResponse
 			if err := json.NewDecoder(req.Body).Decode(&request); err != nil {
 				return util.MessageResponse(http.StatusBadRequest, err.Error())
 			}
 			if err := intAPI.PerformLeave(req.Context(), &request, &response); err != nil {
 				return util.ErrorResponse(err)
 			}
 			return util.JSONResponse{Code: http.StatusOK, JSON: &response}
 		}),
 	)
 	internalAPIMux.Handle(
 		FederationAPIPerformInviteRequestPath,
-		httputil.MakeInternalAPI("PerformInviteRequest", func(req *http.Request) util.JSONResponse {
+		httputil.MakeInternalRPCAPI("FederationAPIPerformInvite", intAPI.PerformInvite),
 			var request api.PerformInviteRequest
 			var response api.PerformInviteResponse
 			if err := json.NewDecoder(req.Body).Decode(&request); err != nil {
 				return util.MessageResponse(http.StatusBadRequest, err.Error())
 			}
 			if err := intAPI.PerformInvite(req.Context(), &request, &response); err != nil {
 				return util.ErrorResponse(err)
 			}
 			return util.JSONResponse{Code: http.StatusOK, JSON: &response}
 		}),
 	)
 	internalAPIMux.Handle(
 		FederationAPIPerformLeaveRequestPath,
 		httputil.MakeInternalRPCAPI("FederationAPIPerformLeave", intAPI.PerformLeave),
 	)
 	internalAPIMux.Handle(
 		FederationAPIPerformDirectoryLookupRequestPath,
-		httputil.MakeInternalAPI("PerformDirectoryLookupRequest", func(req *http.Request) util.JSONResponse {
+		httputil.MakeInternalRPCAPI("FederationAPIPerformDirectoryLookupRequest", intAPI.PerformDirectoryLookup),
 			var request api.PerformDirectoryLookupRequest
 			var response api.PerformDirectoryLookupResponse
 			if err := json.NewDecoder(req.Body).Decode(&request); err != nil {
 				return util.MessageResponse(http.StatusBadRequest, err.Error())
 			}
 			if err := intAPI.PerformDirectoryLookup(req.Context(), &request, &response); err != nil {
 				return util.ErrorResponse(err)
 			}
 			return util.JSONResponse{Code: http.StatusOK, JSON: &response}
 		}),
 	)
 	internalAPIMux.Handle(
 		FederationAPIPerformBroadcastEDUPath,
-		httputil.MakeInternalAPI("PerformBroadcastEDU", func(req *http.Request) util.JSONResponse {
+		httputil.MakeInternalRPCAPI("FederationAPIPerformBroadcastEDU", intAPI.PerformBroadcastEDU),
 			var request api.PerformBroadcastEDURequest
 			var response api.PerformBroadcastEDUResponse
 			if err := json.NewDecoder(req.Body).Decode(&request); err != nil {
 				return util.MessageResponse(http.StatusBadRequest, err.Error())
 			}
 			if err := intAPI.PerformBroadcastEDU(req.Context(), &request, &response); err != nil {
 				return util.ErrorResponse(err)
 			}
 			return util.JSONResponse{Code: http.StatusOK, JSON: &response}
 		}),
 	)
 	internalAPIMux.Handle(
 		FederationAPIPerformJoinRequestPath,
 		httputil.MakeInternalRPCAPI(
 			"FederationAPIPerformJoinRequest",
 			func(ctx context.Context, req *api.PerformJoinRequest, res *api.PerformJoinResponse) error {
 				intAPI.PerformJoin(ctx, req, res)
 				return nil
 			},
 		),
 	)
 	internalAPIMux.Handle(
 		FederationAPIGetUserDevicesPath,
-		httputil.MakeInternalAPI("GetUserDevices", func(req *http.Request) util.JSONResponse {
+		httputil.MakeInternalProxyAPI(
-			var request getUserDevices
+			"FederationAPIGetUserDevices",
-			if err := json.NewDecoder(req.Body).Decode(&request); err != nil {
+			func(ctx context.Context, req *getUserDevices) (*gomatrixserverlib.RespUserDevices, error) {
-				return util.MessageResponse(http.StatusBadRequest, err.Error())
+				res, err := intAPI.GetUserDevices(ctx, req.S, req.UserID)
-			}
+				return &res, federationClientError(err)
-			res, err := intAPI.GetUserDevices(req.Context(), request.S, request.UserID)
+			},
-			if err != nil {
+		),
 				ferr, ok := err.(*api.FederationClientError)
 				if ok {
 					request.Err = ferr
 				} else {
 					request.Err = &api.FederationClientError{
 						Err: err.Error(),
 					}
 				}
 			}
 			request.Res = &res
 			return util.JSONResponse{Code: http.StatusOK, JSON: request}
 		}),
 	)
 	internalAPIMux.Handle(
 		FederationAPIClaimKeysPath,
-		httputil.MakeInternalAPI("ClaimKeys", func(req *http.Request) util.JSONResponse {
+		httputil.MakeInternalProxyAPI(
-			var request claimKeys
+			"FederationAPIClaimKeys",
-			if err := json.NewDecoder(req.Body).Decode(&request); err != nil {
+			func(ctx context.Context, req *claimKeys) (*gomatrixserverlib.RespClaimKeys, error) {
-				return util.MessageResponse(http.StatusBadRequest, err.Error())
+				res, err := intAPI.ClaimKeys(ctx, req.S, req.OneTimeKeys)
-			}
+				return &res, federationClientError(err)
-			res, err := intAPI.ClaimKeys(req.Context(), request.S, request.OneTimeKeys)
+			},
-			if err != nil {
+		),
 				ferr, ok := err.(*api.FederationClientError)
 				if ok {
 					request.Err = ferr
 				} else {
 					request.Err = &api.FederationClientError{
 						Err: err.Error(),
 					}
 				}
 			}
 			request.Res = &res
 			return util.JSONResponse{Code: http.StatusOK, JSON: request}
 		}),
 	)
 	internalAPIMux.Handle(
 		FederationAPIQueryKeysPath,
-		httputil.MakeInternalAPI("QueryKeys", func(req *http.Request) util.JSONResponse {
+		httputil.MakeInternalProxyAPI(
-			var request queryKeys
+			"FederationAPIQueryKeys",
-			if err := json.NewDecoder(req.Body).Decode(&request); err != nil {
+			func(ctx context.Context, req *queryKeys) (*gomatrixserverlib.RespQueryKeys, error) {
-				return util.MessageResponse(http.StatusBadRequest, err.Error())
+				res, err := intAPI.QueryKeys(ctx, req.S, req.Keys)
-			}
+				return &res, federationClientError(err)
-			res, err := intAPI.QueryKeys(req.Context(), request.S, request.Keys)
+			},
-			if err != nil {
+		),
 				ferr, ok := err.(*api.FederationClientError)
 				if ok {
 					request.Err = ferr
 				} else {
 					request.Err = &api.FederationClientError{
 						Err: err.Error(),
 					}
 				}
 			}
 			request.Res = &res
 			return util.JSONResponse{Code: http.StatusOK, JSON: request}
 		}),
 	)
 	internalAPIMux.Handle(
 		FederationAPIBackfillPath,
-		httputil.MakeInternalAPI("Backfill", func(req *http.Request) util.JSONResponse {
+		httputil.MakeInternalProxyAPI(
-			var request backfill
+			"FederationAPIBackfill",
-			if err := json.NewDecoder(req.Body).Decode(&request); err != nil {
+			func(ctx context.Context, req *backfill) (*gomatrixserverlib.Transaction, error) {
-				return util.MessageResponse(http.StatusBadRequest, err.Error())
+				res, err := intAPI.Backfill(ctx, req.S, req.RoomID, req.Limit, req.EventIDs)
-			}
+				return &res, federationClientError(err)
-			res, err := intAPI.Backfill(req.Context(), request.S, request.RoomID, request.Limit, request.EventIDs)
+			},
-			if err != nil {
+		),
 				ferr, ok := err.(*api.FederationClientError)
 				if ok {
 					request.Err = ferr
 				} else {
 					request.Err = &api.FederationClientError{
 						Err: err.Error(),
 					}
 				}
 			}
 			request.Res = &res
 			return util.JSONResponse{Code: http.StatusOK, JSON: request}
 		}),
 	)
 	internalAPIMux.Handle(
 		FederationAPILookupStatePath,
-		httputil.MakeInternalAPI("LookupState", func(req *http.Request) util.JSONResponse {
+		httputil.MakeInternalProxyAPI(
-			var request lookupState
+			"FederationAPILookupState",
-			if err := json.NewDecoder(req.Body).Decode(&request); err != nil {
+			func(ctx context.Context, req *lookupState) (*gomatrixserverlib.RespState, error) {
-				return util.MessageResponse(http.StatusBadRequest, err.Error())
+				res, err := intAPI.LookupState(ctx, req.S, req.RoomID, req.EventID, req.RoomVersion)
-			}
+				return &res, federationClientError(err)
-			res, err := intAPI.LookupState(req.Context(), request.S, request.RoomID, request.EventID, request.RoomVersion)
+			},
-			if err != nil {
+		),
 				ferr, ok := err.(*api.FederationClientError)
 				if ok {
 					request.Err = ferr
 				} else {
 					request.Err = &api.FederationClientError{
 						Err: err.Error(),
 					}
 				}
 			}
 			request.Res = &res
 			return util.JSONResponse{Code: http.StatusOK, JSON: request}
 		}),
 	)
 	internalAPIMux.Handle(
 		FederationAPILookupStateIDsPath,
-		httputil.MakeInternalAPI("LookupStateIDs", func(req *http.Request) util.JSONResponse {
+		httputil.MakeInternalProxyAPI(
-			var request lookupStateIDs
+			"FederationAPILookupStateIDs",
-			if err := json.NewDecoder(req.Body).Decode(&request); err != nil {
+			func(ctx context.Context, req *lookupStateIDs) (*gomatrixserverlib.RespStateIDs, error) {
-				return util.MessageResponse(http.StatusBadRequest, err.Error())
+				res, err := intAPI.LookupStateIDs(ctx, req.S, req.RoomID, req.EventID)
-			}
+				return &res, federationClientError(err)
-			res, err := intAPI.LookupStateIDs(req.Context(), request.S, request.RoomID, request.EventID)
+			},
-			if err != nil {
+		),
 				ferr, ok := err.(*api.FederationClientError)
 				if ok {
 					request.Err = ferr
 				} else {
 					request.Err = &api.FederationClientError{
 						Err: err.Error(),
 					}
 				}
 			}
 			request.Res = &res
 			return util.JSONResponse{Code: http.StatusOK, JSON: request}
 		}),
 	)
 	internalAPIMux.Handle(
 		FederationAPILookupMissingEventsPath,
-		httputil.MakeInternalAPI("LookupMissingEvents", func(req *http.Request) util.JSONResponse {
+		httputil.MakeInternalProxyAPI(
-			var request lookupMissingEvents
+			"FederationAPILookupMissingEvents",
-			if err := json.NewDecoder(req.Body).Decode(&request); err != nil {
+			func(ctx context.Context, req *lookupMissingEvents) (*gomatrixserverlib.RespMissingEvents, error) {
-				return util.MessageResponse(http.StatusBadRequest, err.Error())
+				res, err := intAPI.LookupMissingEvents(ctx, req.S, req.RoomID, req.Missing, req.RoomVersion)
-			}
+				return &res, federationClientError(err)
-			res, err := intAPI.LookupMissingEvents(req.Context(), request.S, request.RoomID, request.Missing, request.RoomVersion)
+			},
-			if err != nil {
+		),
 				ferr, ok := err.(*api.FederationClientError)
 				if ok {
 					request.Err = ferr
 				} else {
 					request.Err = &api.FederationClientError{
 						Err: err.Error(),
 					}
 				}
 			}
 			for _, event := range res.Events {
 				js, err := json.Marshal(event)
 				if err != nil {
 					return util.MessageResponse(http.StatusInternalServerError, err.Error())
 				}
 				request.Res.Events = append(request.Res.Events, js)
 			}
 			return util.JSONResponse{Code: http.StatusOK, JSON: request}
 		}),
 	)
 	internalAPIMux.Handle(
 		FederationAPIGetEventPath,
-		httputil.MakeInternalAPI("GetEvent", func(req *http.Request) util.JSONResponse {
+		httputil.MakeInternalProxyAPI(
-			var request getEvent
+			"FederationAPIGetEvent",
-			if err := json.NewDecoder(req.Body).Decode(&request); err != nil {
+			func(ctx context.Context, req *getEvent) (*gomatrixserverlib.Transaction, error) {
-				return util.MessageResponse(http.StatusBadRequest, err.Error())
+				res, err := intAPI.GetEvent(ctx, req.S, req.EventID)
-			}
+				return &res, federationClientError(err)
-			res, err := intAPI.GetEvent(req.Context(), request.S, request.EventID)
+			},
-			if err != nil {
+		),
 				ferr, ok := err.(*api.FederationClientError)
 				if ok {
 					request.Err = ferr
 				} else {
 					request.Err = &api.FederationClientError{
 						Err: err.Error(),
 					}
 				}
 			}
 			request.Res = &res
 			return util.JSONResponse{Code: http.StatusOK, JSON: request}
 		}),
 	)
 	internalAPIMux.Handle(
 		FederationAPIGetEventAuthPath,
-		httputil.MakeInternalAPI("GetEventAuth", func(req *http.Request) util.JSONResponse {
+		httputil.MakeInternalProxyAPI(
-			var request getEventAuth
+			"FederationAPIGetEventAuth",
-			if err := json.NewDecoder(req.Body).Decode(&request); err != nil {
+			func(ctx context.Context, req *getEventAuth) (*gomatrixserverlib.RespEventAuth, error) {
-				return util.MessageResponse(http.StatusBadRequest, err.Error())
+				res, err := intAPI.GetEventAuth(ctx, req.S, req.RoomVersion, req.RoomID, req.EventID)
-			}
+				return &res, federationClientError(err)
-			res, err := intAPI.GetEventAuth(req.Context(), request.S, request.RoomVersion, request.RoomID, request.EventID)
+			},
-			if err != nil {
+		),
 				ferr, ok := err.(*api.FederationClientError)
 				if ok {
 					request.Err = ferr
 				} else {
 					request.Err = &api.FederationClientError{
 						Err: err.Error(),
 					}
 				}
 			}
 			request.Res = &res
 			return util.JSONResponse{Code: http.StatusOK, JSON: request}
 		}),
 	)
 	internalAPIMux.Handle(
 		FederationAPIQueryServerKeysPath,
-		httputil.MakeInternalAPI("QueryServerKeys", func(req *http.Request) util.JSONResponse {
+		httputil.MakeInternalRPCAPI("FederationAPIQueryServerKeys", intAPI.QueryServerKeys),
 			var request api.QueryServerKeysRequest
 			var response api.QueryServerKeysResponse
 			if err := json.NewDecoder(req.Body).Decode(&request); err != nil {
 				return util.MessageResponse(http.StatusBadRequest, err.Error())
 			}
 			if err := intAPI.QueryServerKeys(req.Context(), &request, &response); err != nil {
 				return util.ErrorResponse(err)
 			}
 			return util.JSONResponse{Code: http.StatusOK, JSON: &response}
 		}),
 	)
 	internalAPIMux.Handle(
 		FederationAPILookupServerKeysPath,
-		httputil.MakeInternalAPI("LookupServerKeys", func(req *http.Request) util.JSONResponse {
+		httputil.MakeInternalProxyAPI(
-			var request lookupServerKeys
+			"FederationAPILookupServerKeys",
-			if err := json.NewDecoder(req.Body).Decode(&request); err != nil {
+			func(ctx context.Context, req *lookupServerKeys) (*[]gomatrixserverlib.ServerKeys, error) {
-				return util.MessageResponse(http.StatusBadRequest, err.Error())
+				res, err := intAPI.LookupServerKeys(ctx, req.S, req.KeyRequests)
-			}
+				return &res, federationClientError(err)
-			res, err := intAPI.LookupServerKeys(req.Context(), request.S, request.KeyRequests)
+			},
-			if err != nil {
+		),
 				ferr, ok := err.(*api.FederationClientError)
 				if ok {
 					request.Err = ferr
 				} else {
 					request.Err = &api.FederationClientError{
 						Err: err.Error(),
 					}
 				}
 			}
 			request.ServerKeys = res
 			return util.JSONResponse{Code: http.StatusOK, JSON: request}
 		}),
 	)
 	internalAPIMux.Handle(
 		FederationAPIEventRelationshipsPath,
-		httputil.MakeInternalAPI("MSC2836EventRelationships", func(req *http.Request) util.JSONResponse {
+		httputil.MakeInternalProxyAPI(
-			var request eventRelationships
+			"FederationAPIMSC2836EventRelationships",
-			if err := json.NewDecoder(req.Body).Decode(&request); err != nil {
+			func(ctx context.Context, req *eventRelationships) (*gomatrixserverlib.MSC2836EventRelationshipsResponse, error) {
-				return util.MessageResponse(http.StatusBadRequest, err.Error())
+				res, err := intAPI.MSC2836EventRelationships(ctx, req.S, req.Req, req.RoomVer)
-			}
+				return &res, federationClientError(err)
-			res, err := intAPI.MSC2836EventRelationships(req.Context(), request.S, request.Req, request.RoomVer)
+			},
-			if err != nil {
+		),
 				ferr, ok := err.(*api.FederationClientError)
 				if ok {
 					request.Err = ferr
 				} else {
 					request.Err = &api.FederationClientError{
 						Err: err.Error(),
 					}
 				}
 			}
 			request.Res = res
 			return util.JSONResponse{Code: http.StatusOK, JSON: request}
 		}),
 	)
 	internalAPIMux.Handle(
 		FederationAPISpacesSummaryPath,
-		httputil.MakeInternalAPI("MSC2946SpacesSummary", func(req *http.Request) util.JSONResponse {
+		httputil.MakeInternalProxyAPI(
-			var request spacesReq
+			"FederationAPIMSC2946SpacesSummary",
-			if err := json.NewDecoder(req.Body).Decode(&request); err != nil {
+			func(ctx context.Context, req *spacesReq) (*gomatrixserverlib.MSC2946SpacesResponse, error) {
-				return util.MessageResponse(http.StatusBadRequest, err.Error())
+				res, err := intAPI.MSC2946Spaces(ctx, req.S, req.RoomID, req.SuggestedOnly)
-			}
+				return &res, federationClientError(err)
-			res, err := intAPI.MSC2946Spaces(req.Context(), request.S, request.RoomID, request.SuggestedOnly)
+			},
-			if err != nil {
+		),
 				ferr, ok := err.(*api.FederationClientError)
 				if ok {
 					request.Err = ferr
 				} else {
 					request.Err = &api.FederationClientError{
 						Err: err.Error(),
 					}
 				}
 			}
 			request.Res = res
 			return util.JSONResponse{Code: http.StatusOK, JSON: request}
 		}),
 	)
 	// TODO: Look at this shape
 	internalAPIMux.Handle(FederationAPIQueryPublicKeyPath,
-		httputil.MakeInternalAPI("queryPublicKeys", func(req *http.Request) util.JSONResponse {
+		httputil.MakeInternalAPI("FederationAPIQueryPublicKeys", func(req *http.Request) util.JSONResponse {
 			request := api.QueryPublicKeysRequest{}
 			response := api.QueryPublicKeysResponse{}
 			if err := json.NewDecoder(req.Body).Decode(&request); err != nil {
@ -394,8 +204,10 @@ func AddRoutes(intAPI api.FederationInternalAPI, internalAPIMux *mux.Router) {
 			return util.JSONResponse{Code: http.StatusOK, JSON: &response}
 		}),
 	)
 	// TODO: Look at this shape
 	internalAPIMux.Handle(FederationAPIInputPublicKeyPath,
-		httputil.MakeInternalAPI("inputPublicKeys", func(req *http.Request) util.JSONResponse {
+		httputil.MakeInternalAPI("FederationAPIInputPublicKeys", func(req *http.Request) util.JSONResponse {
 			request := api.InputPublicKeysRequest{}
 			response := api.InputPublicKeysResponse{}
 			if err := json.NewDecoder(req.Body).Decode(&request); err != nil {
@ -408,3 +220,18 @@ func AddRoutes(intAPI api.FederationInternalAPI, internalAPIMux *mux.Router) {
 		}),
 	)
 }
 func federationClientError(err error) error {
 	switch ferr := err.(type) {
 	case nil:
 		return nil
 	case api.FederationClientError:
 		return &ferr
 	case *api.FederationClientError:
 		return ferr
 	default:
 		return &api.FederationClientError{
 			Err: err.Error(),
 		}
 	}
 }
--- a/federationapi/queue/destinationqueue.go
+++ b/federationapi/queue/destinationqueue.go
@ -127,6 +127,7 @@ func (oq *destinationQueue) sendEDU(event *gomatrixserverlib.EDU, receipt *share
 		oq.destination, // the destination server name
 		receipt,        // NIDs from federationapi_queue_json table
 		event.Type,
 		nil, // this will use the default expireEDUTypes map
 	); err != nil {
 		logrus.WithError(err).Errorf("failed to associate EDU with destination %q", oq.destination)
 		return
--- a/federationapi/queue/queue.go
+++ b/federationapi/queue/queue.go
@ -158,7 +158,7 @@ func (oqs *OutgoingQueues) getQueue(destination gomatrixserverlib.ServerName) *d
 	oqs.queuesMutex.Lock()
 	defer oqs.queuesMutex.Unlock()
 	oq, ok := oqs.queues[destination]
-	if !ok || oq != nil {
+	if !ok || oq == nil {
 		destinationQueueTotal.Inc()
 		oq = &destinationQueue{
 			queues:           oqs,
--- a/federationapi/routing/devices.go
+++ b/federationapi/routing/devices.go
@ -30,9 +30,11 @@ func GetUserDevices(
 	userID string,
 ) util.JSONResponse {
 	var res keyapi.QueryDeviceMessagesResponse
-	keyAPI.QueryDeviceMessages(req.Context(), &keyapi.QueryDeviceMessagesRequest{
+	if err := keyAPI.QueryDeviceMessages(req.Context(), &keyapi.QueryDeviceMessagesRequest{
 		UserID: userID,
-	}, &res)
+	}, &res); err != nil {
 		return util.ErrorResponse(err)
 	}
 	if res.Error != nil {
 		util.GetLogger(req.Context()).WithError(res.Error).Error("keyAPI.QueryDeviceMessages failed")
 		return jsonerror.InternalServerError()
@ -47,7 +49,9 @@ func GetUserDevices(
 	for _, dev := range res.Devices {
 		sigReq.TargetIDs[userID] = append(sigReq.TargetIDs[userID], gomatrixserverlib.KeyID(dev.DeviceID))
 	}
-	keyAPI.QuerySignatures(req.Context(), sigReq, sigRes)
+	if err := keyAPI.QuerySignatures(req.Context(), sigReq, sigRes); err != nil {
 		return jsonerror.InternalAPIError(req.Context(), err)
 	}
 	response := gomatrixserverlib.RespUserDevices{
 		UserID:   userID,
--- a/federationapi/routing/invite.go
+++ b/federationapi/routing/invite.go
@ -26,7 +26,6 @@ import (
 	"github.com/matrix-org/dendrite/setup/config"
 	"github.com/matrix-org/gomatrixserverlib"
 	"github.com/matrix-org/util"
 	"github.com/sirupsen/logrus"
 )
 // InviteV2 implements /_matrix/federation/v2/invite/{roomID}/{eventID}
@ -144,7 +143,6 @@ func processInvite(
 	// Check that the event is signed by the server sending the request.
 	redacted, err := gomatrixserverlib.RedactEventJSON(event.JSON(), event.Version())
 	if err != nil {
 		logrus.WithError(err).Errorf("XXX: invite.go")
 		return util.JSONResponse{
 			Code: http.StatusBadRequest,
 			JSON: jsonerror.BadJSON("The event JSON could not be redacted"),
--- a/federationapi/routing/join.go
+++ b/federationapi/routing/join.go
@ -21,13 +21,14 @@ import (
 	"sort"
 	"time"
 	"github.com/matrix-org/gomatrixserverlib"
 	"github.com/matrix-org/util"
 	"github.com/sirupsen/logrus"
 	"github.com/matrix-org/dendrite/clientapi/jsonerror"
 	"github.com/matrix-org/dendrite/internal/eventutil"
 	"github.com/matrix-org/dendrite/roomserver/api"
 	"github.com/matrix-org/dendrite/setup/config"
 	"github.com/matrix-org/gomatrixserverlib"
 	"github.com/matrix-org/util"
 	"github.com/sirupsen/logrus"
 )
 // MakeJoin implements the /make_join API
@ -202,6 +203,14 @@ func SendJoin(
 		}
 	}
 	// Check that the event is from the server sending the request.
 	if event.Origin() != request.Origin() {
 		return util.JSONResponse{
 			Code: http.StatusForbidden,
 			JSON: jsonerror.Forbidden("The join must be sent by the server it originated on"),
 		}
 	}
 	// Check that a state key is provided.
 	if event.StateKey() == nil || event.StateKeyEquals("") {
 		return util.JSONResponse{
@ -216,6 +225,22 @@ func SendJoin(
 		}
 	}
 	// Check that the sender belongs to the server that is sending us
 	// the request. By this point we've already asserted that the sender
 	// and the state key are equal so we don't need to check both.
 	var domain gomatrixserverlib.ServerName
 	if _, domain, err = gomatrixserverlib.SplitID('@', event.Sender()); err != nil {
 		return util.JSONResponse{
 			Code: http.StatusForbidden,
 			JSON: jsonerror.Forbidden("The sender of the join is invalid"),
 		}
 	} else if domain != request.Origin() {
 		return util.JSONResponse{
 			Code: http.StatusForbidden,
 			JSON: jsonerror.Forbidden("The sender of the join must belong to the origin server"),
 		}
 	}
 	// Check that the room ID is correct.
 	if event.RoomID() != roomID {
 		return util.JSONResponse{
@ -242,14 +267,6 @@ func SendJoin(
 		}
 	}
 	// Check that the event is from the server sending the request.
 	if event.Origin() != request.Origin() {
 		return util.JSONResponse{
 			Code: http.StatusForbidden,
 			JSON: jsonerror.Forbidden("The join must be sent by the server it originated on"),
 		}
 	}
 	// Check that this is in fact a join event
 	membership, err := event.Membership()
 	if err != nil {
@ -375,7 +392,7 @@ func SendJoin(
 	// the room, so set SendAsServer to cfg.Matrix.ServerName
 	if !alreadyJoined {
 		var response api.InputRoomEventsResponse
-		rsAPI.InputRoomEvents(httpReq.Context(), &api.InputRoomEventsRequest{
+		if err := rsAPI.InputRoomEvents(httpReq.Context(), &api.InputRoomEventsRequest{
 			InputRoomEvents: []api.InputRoomEvent{
 				{
 					Kind:          api.KindNew,
@ -384,7 +401,9 @@ func SendJoin(
 					TransactionID: nil,
 				},
 			},
-		}, &response)
+		}, &response); err != nil {
 			return jsonerror.InternalAPIError(httpReq.Context(), err)
 		}
 		if response.ErrMsg != "" {
 			util.GetLogger(httpReq.Context()).WithField(logrus.ErrorKey, response.ErrMsg).Error("SendEvents failed")
 			if response.NotAllowed {
@ -419,13 +438,13 @@ func SendJoin(
 // a restricted room join. If the room version does not support restricted
 // joins then this function returns with no side effects. This returns three
 // values:
-// * an optional JSON response body (i.e. M_UNABLE_TO_AUTHORISE_JOIN) which
+//   - an optional JSON response body (i.e. M_UNABLE_TO_AUTHORISE_JOIN) which
-//   should always be sent back to the client if one is specified
+//     should always be sent back to the client if one is specified
-// * a user ID of an authorising user, typically a user that has power to
+//   - a user ID of an authorising user, typically a user that has power to
-//   issue invites in the room, if one has been found
+//     issue invites in the room, if one has been found
-// * an error if there was a problem finding out if this was allowable,
+//   - an error if there was a problem finding out if this was allowable,
-//   like if the room version isn't known or a problem happened talking to
+//     like if the room version isn't known or a problem happened talking to
-//   the roomserver
+//     the roomserver
 func checkRestrictedJoin(
 	httpReq *http.Request,
 	rsAPI api.FederationRoomserverAPI,
--- a/federationapi/routing/keys.go
+++ b/federationapi/routing/keys.go
@ -19,7 +19,7 @@ import (
 	"net/http"
 	"time"
-	"github.com/matrix-org/dendrite/clientapi/httputil"
+	clienthttputil "github.com/matrix-org/dendrite/clientapi/httputil"
 	"github.com/matrix-org/dendrite/clientapi/jsonerror"
 	federationAPI "github.com/matrix-org/dendrite/federationapi/api"
 	"github.com/matrix-org/dendrite/keyserver/api"
@ -61,9 +61,11 @@ func QueryDeviceKeys(
 	}
 	var queryRes api.QueryKeysResponse
-	keyAPI.QueryKeys(httpReq.Context(), &api.QueryKeysRequest{
+	if err := keyAPI.QueryKeys(httpReq.Context(), &api.QueryKeysRequest{
 		UserToDevices: qkr.DeviceKeys,
-	}, &queryRes)
+	}, &queryRes); err != nil {
 		return jsonerror.InternalAPIError(httpReq.Context(), err)
 	}
 	if queryRes.Error != nil {
 		util.GetLogger(httpReq.Context()).WithError(queryRes.Error).Error("Failed to QueryKeys")
 		return jsonerror.InternalServerError()
@ -113,9 +115,11 @@ func ClaimOneTimeKeys(
 	}
 	var claimRes api.PerformClaimKeysResponse
-	keyAPI.PerformClaimKeys(httpReq.Context(), &api.PerformClaimKeysRequest{
+	if err := keyAPI.PerformClaimKeys(httpReq.Context(), &api.PerformClaimKeysRequest{
 		OneTimeKeys: cor.OneTimeKeys,
-	}, &claimRes)
+	}, &claimRes); err != nil {
 		return jsonerror.InternalAPIError(httpReq.Context(), err)
 	}
 	if claimRes.Error != nil {
 		util.GetLogger(httpReq.Context()).WithError(claimRes.Error).Error("Failed to PerformClaimKeys")
 		return jsonerror.InternalServerError()
@ -184,7 +188,7 @@ func NotaryKeys(
 ) util.JSONResponse {
 	if req == nil {
 		req = &gomatrixserverlib.PublicKeyNotaryLookupRequest{}
-		if reqErr := httputil.UnmarshalJSONRequest(httpReq, &req); reqErr != nil {
+		if reqErr := clienthttputil.UnmarshalJSONRequest(httpReq, &req); reqErr != nil {
 			return *reqErr
 		}
 	}
--- a/federationapi/routing/leave.go
+++ b/federationapi/routing/leave.go
@ -277,7 +277,7 @@ func SendLeave(
 	// We are responsible for notifying other servers that the user has left
 	// the room, so set SendAsServer to cfg.Matrix.ServerName
 	var response api.InputRoomEventsResponse
-	rsAPI.InputRoomEvents(httpReq.Context(), &api.InputRoomEventsRequest{
+	if err := rsAPI.InputRoomEvents(httpReq.Context(), &api.InputRoomEventsRequest{
 		InputRoomEvents: []api.InputRoomEvent{
 			{
 				Kind:          api.KindNew,
@ -286,7 +286,9 @@ func SendLeave(
 				TransactionID: nil,
 			},
 		},
-	}, &response)
+	}, &response); err != nil {
 		return jsonerror.InternalAPIError(httpReq.Context(), err)
 	}
 	if response.ErrMsg != "" {
 		util.GetLogger(httpReq.Context()).WithField(logrus.ErrorKey, response.ErrMsg).WithField("not_allowed", response.NotAllowed).Error("producer.SendEvents failed")
--- a/federationapi/routing/send.go
+++ b/federationapi/routing/send.go
@ -469,7 +469,9 @@ func (t *txnReq) processSigningKeyUpdate(ctx context.Context, e gomatrixserverli
 		UserID:           updatePayload.UserID,
 	}
 	uploadRes := &keyapi.PerformUploadDeviceKeysResponse{}
-	t.keyAPI.PerformUploadDeviceKeys(ctx, uploadReq, uploadRes)
+	if err := t.keyAPI.PerformUploadDeviceKeys(ctx, uploadReq, uploadRes); err != nil {
 		return err
 	}
 	if uploadRes.Error != nil {
 		return uploadRes.Error
 	}
--- a/federationapi/routing/send_test.go
+++ b/federationapi/routing/send_test.go
@ -64,11 +64,12 @@ func (t *testRoomserverAPI) InputRoomEvents(
 	ctx context.Context,
 	request *api.InputRoomEventsRequest,
 	response *api.InputRoomEventsResponse,
-) {
+) error {
 	t.inputRoomEvents = append(t.inputRoomEvents, request.InputRoomEvents...)
 	for _, ire := range request.InputRoomEvents {
 		fmt.Println("InputRoomEvents: ", ire.Event.EventID())
 	}
 	return nil
 }
 // Query the latest events and state for a room from the room server.
--- a/federationapi/storage/interface.go
+++ b/federationapi/storage/interface.go
@ -16,6 +16,7 @@ package storage
 import (
 	"context"
 	"time"
 	"github.com/matrix-org/dendrite/federationapi/storage/shared"
 	"github.com/matrix-org/dendrite/federationapi/types"
@ -38,7 +39,7 @@ type Database interface {
 	GetPendingEDUs(ctx context.Context, serverName gomatrixserverlib.ServerName, limit int) (edus map[*shared.Receipt]*gomatrixserverlib.EDU, err error)
 	AssociatePDUWithDestination(ctx context.Context, transactionID gomatrixserverlib.TransactionID, serverName gomatrixserverlib.ServerName, receipt *shared.Receipt) error
-	AssociateEDUWithDestination(ctx context.Context, serverName gomatrixserverlib.ServerName, receipt *shared.Receipt, eduType string) error
+	AssociateEDUWithDestination(ctx context.Context, serverName gomatrixserverlib.ServerName, receipt *shared.Receipt, eduType string, expireEDUTypes map[string]time.Duration) error
 	CleanPDUs(ctx context.Context, serverName gomatrixserverlib.ServerName, receipts []*shared.Receipt) error
 	CleanEDUs(ctx context.Context, serverName gomatrixserverlib.ServerName, receipts []*shared.Receipt) error
@ -70,4 +71,6 @@ type Database interface {
 	// Query the notary for the server keys for the given server. If `optKeyIDs` is not empty, multiple server keys may be returned (between 1 - len(optKeyIDs))
 	// such that the combination of all server keys will include all the `optKeyIDs`.
 	GetNotaryKeys(ctx context.Context, serverName gomatrixserverlib.ServerName, optKeyIDs []gomatrixserverlib.KeyID) ([]gomatrixserverlib.ServerKeys, error)
 	// DeleteExpiredEDUs cleans up expired EDUs
 	DeleteExpiredEDUs(ctx context.Context) error
 }
--- a/federationapi/storage/postgres/deltas/2021020411080000_rooms.go
+++ b/federationapi/storage/postgres/deltas/2021020411080000_rooms.go
@ -15,23 +15,13 @@
 package deltas
 import (
 	"context"
 	"database/sql"
 	"fmt"
 	"github.com/matrix-org/dendrite/internal/sqlutil"
 	"github.com/pressly/goose"
 )
-func LoadFromGoose() {
+func UpRemoveRoomsTable(ctx context.Context, tx *sql.Tx) error {
-	goose.AddMigration(UpRemoveRoomsTable, DownRemoveRoomsTable)
+	_, err := tx.ExecContext(ctx, `
 }
 func LoadRemoveRoomsTable(m *sqlutil.Migrations) {
 	m.AddMigration(UpRemoveRoomsTable, DownRemoveRoomsTable)
 }
 func UpRemoveRoomsTable(tx *sql.Tx) error {
 	_, err := tx.Exec(`
 		DROP TABLE IF EXISTS federationsender_rooms;
 	`)
 	if err != nil {
--- a/federationapi/storage/postgres/deltas/2022042812473400_addexpiresat.go
+++ b/federationapi/storage/postgres/deltas/2022042812473400_addexpiresat.go
@ -0,0 +1,44 @@
 // Copyright 2022 The Matrix.org Foundation C.I.C.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
 // You may obtain a copy of the License at
 //
 //     http://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing, software
 // distributed under the License is distributed on an "AS IS" BASIS,
 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 // See the License for the specific language governing permissions and
 // limitations under the License.
 package deltas
 import (
 	"context"
 	"database/sql"
 	"fmt"
 	"time"
 	"github.com/matrix-org/gomatrixserverlib"
 )
 func UpAddexpiresat(ctx context.Context, tx *sql.Tx) error {
 	_, err := tx.ExecContext(ctx, "ALTER TABLE federationsender_queue_edus ADD COLUMN IF NOT EXISTS expires_at BIGINT NOT NULL DEFAULT 0;")
 	if err != nil {
 		return fmt.Errorf("failed to execute upgrade: %w", err)
 	}
 	_, err = tx.ExecContext(ctx, "UPDATE federationsender_queue_edus SET expires_at = $1 WHERE edu_type != 'm.direct_to_device'", gomatrixserverlib.AsTimestamp(time.Now().Add(time.Hour*24)))
 	if err != nil {
 		return fmt.Errorf("failed to update queue_edus: %w", err)
 	}
 	return nil
 }
 func DownAddexpiresat(ctx context.Context, tx *sql.Tx) error {
 	_, err := tx.ExecContext(ctx, "ALTER TABLE federationsender_queue_edus DROP COLUMN expires_at;")
 	if err != nil {
 		return fmt.Errorf("failed to execute downgrade: %w", err)
 	}
 	return nil
 }
--- a/federationapi/storage/postgres/queue_edus_table.go
+++ b/federationapi/storage/postgres/queue_edus_table.go
@ -19,9 +19,11 @@ import (
 	"database/sql"
 	"github.com/lib/pq"
 	"github.com/matrix-org/gomatrixserverlib"
 	"github.com/matrix-org/dendrite/federationapi/storage/postgres/deltas"
 	"github.com/matrix-org/dendrite/internal"
 	"github.com/matrix-org/dendrite/internal/sqlutil"
 	"github.com/matrix-org/gomatrixserverlib"
 )
 const queueEDUsSchema = `
@ -31,7 +33,9 @@ CREATE TABLE IF NOT EXISTS federationsender_queue_edus (
    -- The domain part of the user ID the EDU event is for.
 	server_name TEXT NOT NULL,
 	-- The JSON NID from the federationsender_queue_edus_json table.
-	json_nid BIGINT NOT NULL
+	json_nid BIGINT NOT NULL,
 	-- The expiry time of this edu, if any.
 	expires_at BIGINT NOT NULL DEFAULT 0
 );
 CREATE UNIQUE INDEX IF NOT EXISTS federationsender_queue_edus_json_nid_idx
@ -43,8 +47,8 @@ CREATE INDEX IF NOT EXISTS federationsender_queue_edus_server_name_idx
 `
 const insertQueueEDUSQL = "" +
-	"INSERT INTO federationsender_queue_edus (edu_type, server_name, json_nid)" +
+	"INSERT INTO federationsender_queue_edus (edu_type, server_name, json_nid, expires_at)" +
-	" VALUES ($1, $2, $3)"
+	" VALUES ($1, $2, $3, $4)"
 const deleteQueueEDUSQL = "" +
 	"DELETE FROM federationsender_queue_edus WHERE server_name = $1 AND json_nid = ANY($2)"
@ -65,6 +69,12 @@ const selectQueueEDUCountSQL = "" +
 const selectQueueServerNamesSQL = "" +
 	"SELECT DISTINCT server_name FROM federationsender_queue_edus"
 const selectExpiredEDUsSQL = "" +
 	"SELECT DISTINCT json_nid FROM federationsender_queue_edus WHERE expires_at > 0 AND expires_at <= $1"
 const deleteExpiredEDUsSQL = "" +
 	"DELETE FROM federationsender_queue_edus WHERE expires_at > 0 AND expires_at <= $1"
 type queueEDUsStatements struct {
 	db                                   *sql.DB
 	insertQueueEDUStmt                   *sql.Stmt
@ -73,6 +83,8 @@ type queueEDUsStatements struct {
 	selectQueueEDUReferenceJSONCountStmt *sql.Stmt
 	selectQueueEDUCountStmt              *sql.Stmt
 	selectQueueEDUServerNamesStmt        *sql.Stmt
 	selectExpiredEDUsStmt                *sql.Stmt
 	deleteExpiredEDUsStmt                *sql.Stmt
 }
 func NewPostgresQueueEDUsTable(db *sql.DB) (s *queueEDUsStatements, err error) {
@ -81,27 +93,34 @@ func NewPostgresQueueEDUsTable(db *sql.DB) (s *queueEDUsStatements, err error) {
 	}
 	_, err = s.db.Exec(queueEDUsSchema)
 	if err != nil {
-		return
+		return s, err
 	}
-	if s.insertQueueEDUStmt, err = s.db.Prepare(insertQueueEDUSQL); err != nil {
+
-		return
+	m := sqlutil.NewMigrator(db)
 	m.AddMigrations(
 		sqlutil.Migration{
 			Version: "federationapi: add expiresat column",
 			Up:      deltas.UpAddexpiresat,
 		},
 	)
 	if err := m.Up(context.Background()); err != nil {
 		return s, err
 	}
-	if s.deleteQueueEDUStmt, err = s.db.Prepare(deleteQueueEDUSQL); err != nil {
+
-		return
+	return s, nil
-	}
+}
-	if s.selectQueueEDUStmt, err = s.db.Prepare(selectQueueEDUSQL); err != nil {
+
-		return
+func (s *queueEDUsStatements) Prepare() error {
-	}
+	return sqlutil.StatementList{
-	if s.selectQueueEDUReferenceJSONCountStmt, err = s.db.Prepare(selectQueueEDUReferenceJSONCountSQL); err != nil {
+		{&s.insertQueueEDUStmt, insertQueueEDUSQL},
-		return
+		{&s.deleteQueueEDUStmt, deleteQueueEDUSQL},
-	}
+		{&s.selectQueueEDUStmt, selectQueueEDUSQL},
-	if s.selectQueueEDUCountStmt, err = s.db.Prepare(selectQueueEDUCountSQL); err != nil {
+		{&s.selectQueueEDUReferenceJSONCountStmt, selectQueueEDUReferenceJSONCountSQL},
-		return
+		{&s.selectQueueEDUCountStmt, selectQueueEDUCountSQL},
-	}
+		{&s.selectQueueEDUServerNamesStmt, selectQueueServerNamesSQL},
-	if s.selectQueueEDUServerNamesStmt, err = s.db.Prepare(selectQueueServerNamesSQL); err != nil {
+		{&s.selectExpiredEDUsStmt, selectExpiredEDUsSQL},
-		return
+		{&s.deleteExpiredEDUsStmt, deleteExpiredEDUsSQL},
-	}
+	}.Prepare(s.db)
 	return
 }
 func (s *queueEDUsStatements) InsertQueueEDU(
@ -110,6 +129,7 @@ func (s *queueEDUsStatements) InsertQueueEDU(
 	eduType string,
 	serverName gomatrixserverlib.ServerName,
 	nid int64,
 	expiresAt gomatrixserverlib.Timestamp,
 ) error {
 	stmt := sqlutil.TxStmt(txn, s.insertQueueEDUStmt)
 	_, err := stmt.ExecContext(
@ -117,6 +137,7 @@ func (s *queueEDUsStatements) InsertQueueEDU(
 		eduType,    // the EDU type
 		serverName, // destination server name
 		nid,        // JSON blob NID
 		expiresAt,  // timestamp of expiry
 	)
 	return err
 }
@ -150,7 +171,7 @@ func (s *queueEDUsStatements) SelectQueueEDUs(
 		}
 		result = append(result, nid)
 	}
-	return result, nil
+	return result, rows.Err()
 }
 func (s *queueEDUsStatements) SelectQueueEDUReferenceJSONCount(
@ -200,3 +221,33 @@ func (s *queueEDUsStatements) SelectQueueEDUServerNames(
 	return result, rows.Err()
 }
 func (s *queueEDUsStatements) SelectExpiredEDUs(
 	ctx context.Context, txn *sql.Tx,
 	expiredBefore gomatrixserverlib.Timestamp,
 ) ([]int64, error) {
 	stmt := sqlutil.TxStmt(txn, s.selectExpiredEDUsStmt)
 	rows, err := stmt.QueryContext(ctx, expiredBefore)
 	if err != nil {
 		return nil, err
 	}
 	defer internal.CloseAndLogIfError(ctx, rows, "SelectExpiredEDUs: rows.close() failed")
 	var result []int64
 	var nid int64
 	for rows.Next() {
 		if err = rows.Scan(&nid); err != nil {
 			return nil, err
 		}
 		result = append(result, nid)
 	}
 	return result, rows.Err()
 }
 func (s *queueEDUsStatements) DeleteExpiredEDUs(
 	ctx context.Context, txn *sql.Tx,
 	expiredBefore gomatrixserverlib.Timestamp,
 ) error {
 	stmt := sqlutil.TxStmt(txn, s.deleteExpiredEDUsStmt)
 	_, err := stmt.ExecContext(ctx, expiredBefore)
 	return err
 }
--- a/federationapi/storage/postgres/storage.go
+++ b/federationapi/storage/postgres/storage.go
@ -82,9 +82,16 @@ func NewDatabase(base *base.BaseDendrite, dbProperties *config.DatabaseOptions,
 	if err != nil {
 		return nil, err
 	}
-	m := sqlutil.NewMigrations()
+	m := sqlutil.NewMigrator(d.db)
-	deltas.LoadRemoveRoomsTable(m)
+	m.AddMigrations(sqlutil.Migration{
-	if err = m.RunDeltas(d.db, dbProperties); err != nil {
+		Version: "federationsender: drop federationsender_rooms",
 		Up:      deltas.UpRemoveRoomsTable,
 	})
 	err = m.Up(base.Context())
 	if err != nil {
 		return nil, err
 	}
 	if err = queueEDUs.Prepare(); err != nil {
 		return nil, err
 	}
 	d.Database = shared.Database{
--- a/federationapi/storage/shared/storage_edus.go
+++ b/federationapi/storage/shared/storage_edus.go
@ -20,10 +20,21 @@ import (
 	"encoding/json"
 	"errors"
 	"fmt"
 	"time"
 	"github.com/matrix-org/gomatrixserverlib"
 )
 // defaultExpiry for EDUs if not listed below
 var defaultExpiry = time.Hour * 24
 // defaultExpireEDUTypes contains EDUs which can/should be expired after a given time
 // if the target server isn't reachable for some reason.
 var defaultExpireEDUTypes = map[string]time.Duration{
 	gomatrixserverlib.MTyping:   time.Minute,
 	gomatrixserverlib.MPresence: time.Minute * 10,
 }
 // AssociateEDUWithDestination creates an association that the
 // destination queues will use to determine which JSON blobs to send
 // to which servers.
@ -32,7 +43,21 @@ func (d *Database) AssociateEDUWithDestination(
 	serverName gomatrixserverlib.ServerName,
 	receipt *Receipt,
 	eduType string,
 	expireEDUTypes map[string]time.Duration,
 ) error {
 	if expireEDUTypes == nil {
 		expireEDUTypes = defaultExpireEDUTypes
 	}
 	expiresAt := gomatrixserverlib.AsTimestamp(time.Now().Add(defaultExpiry))
 	if duration, ok := expireEDUTypes[eduType]; ok {
 		// Keep EDUs for at least x minutes before deleting them
 		expiresAt = gomatrixserverlib.AsTimestamp(time.Now().Add(duration))
 	}
 	// We forcibly set m.direct_to_device events to 0, as we always want them
 	// to be delivered. (required for E2EE)
 	if eduType == gomatrixserverlib.MDirectToDevice {
 		expiresAt = 0
 	}
 	return d.Writer.Do(d.DB, nil, func(txn *sql.Tx) error {
 		if err := d.FederationQueueEDUs.InsertQueueEDU(
 			ctx,         // context
@ -40,6 +65,7 @@ func (d *Database) AssociateEDUWithDestination(
 			eduType,     // EDU type for coalescing
 			serverName,  // destination server name
 			receipt.nid, // NID from the federationapi_queue_json table
 			expiresAt,   // The timestamp this EDU will expire
 		); err != nil {
 			return fmt.Errorf("InsertQueueEDU: %w", err)
 		}
@ -150,3 +176,26 @@ func (d *Database) GetPendingEDUServerNames(
 ) ([]gomatrixserverlib.ServerName, error) {
 	return d.FederationQueueEDUs.SelectQueueEDUServerNames(ctx, nil)
 }
 // DeleteExpiredEDUs deletes expired EDUs
 func (d *Database) DeleteExpiredEDUs(ctx context.Context) error {
 	return d.Writer.Do(d.DB, nil, func(txn *sql.Tx) error {
 		expiredBefore := gomatrixserverlib.AsTimestamp(time.Now())
 		jsonNIDs, err := d.FederationQueueEDUs.SelectExpiredEDUs(ctx, txn, expiredBefore)
 		if err != nil {
 			return err
 		}
 		if len(jsonNIDs) == 0 {
 			return nil
 		}
 		for i := range jsonNIDs {
 			d.Cache.EvictFederationQueuedEDU(jsonNIDs[i])
 		}
 		if err = d.FederationQueueJSON.DeleteQueueJSON(ctx, txn, jsonNIDs); err != nil {
 			return err
 		}
 		return d.FederationQueueEDUs.DeleteExpiredEDUs(ctx, txn, expiredBefore)
 	})
 }
--- a/federationapi/storage/sqlite3/deltas/2021020411080000_rooms.go
+++ b/federationapi/storage/sqlite3/deltas/2021020411080000_rooms.go
@ -15,23 +15,13 @@
 package deltas
 import (
 	"context"
 	"database/sql"
 	"fmt"
 	"github.com/matrix-org/dendrite/internal/sqlutil"
 	"github.com/pressly/goose"
 )
-func LoadFromGoose() {
+func UpRemoveRoomsTable(ctx context.Context, tx *sql.Tx) error {
-	goose.AddMigration(UpRemoveRoomsTable, DownRemoveRoomsTable)
+	_, err := tx.ExecContext(ctx, `
 }
 func LoadRemoveRoomsTable(m *sqlutil.Migrations) {
 	m.AddMigration(UpRemoveRoomsTable, DownRemoveRoomsTable)
 }
 func UpRemoveRoomsTable(tx *sql.Tx) error {
 	_, err := tx.Exec(`
 		DROP TABLE IF EXISTS federationsender_rooms;
 	`)
 	if err != nil {
--- a/federationapi/storage/sqlite3/deltas/2022042812473400_addexpiresat.go
+++ b/federationapi/storage/sqlite3/deltas/2022042812473400_addexpiresat.go
@ -0,0 +1,68 @@
 // Copyright 2022 The Matrix.org Foundation C.I.C.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
 // You may obtain a copy of the License at
 //
 //     http://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing, software
 // distributed under the License is distributed on an "AS IS" BASIS,
 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 // See the License for the specific language governing permissions and
 // limitations under the License.
 package deltas
 import (
 	"context"
 	"database/sql"
 	"fmt"
 	"time"
 	"github.com/matrix-org/gomatrixserverlib"
 )
 func UpAddexpiresat(ctx context.Context, tx *sql.Tx) error {
 	_, err := tx.ExecContext(ctx, "ALTER TABLE federationsender_queue_edus RENAME TO federationsender_queue_edus_old;")
 	if err != nil {
 		return fmt.Errorf("failed to rename table: %w", err)
 	}
 	_, err = tx.ExecContext(ctx, `
 CREATE TABLE IF NOT EXISTS federationsender_queue_edus (
 	edu_type TEXT NOT NULL,
 	server_name TEXT NOT NULL,
 	json_nid BIGINT NOT NULL,
 	expires_at BIGINT NOT NULL DEFAULT 0
 );
 CREATE UNIQUE INDEX IF NOT EXISTS federationsender_queue_edus_json_nid_idx
    ON federationsender_queue_edus (json_nid, server_name);
 `)
 	if err != nil {
 		return fmt.Errorf("failed to create new table: %w", err)
 	}
 	_, err = tx.ExecContext(ctx, `
 INSERT
    INTO federationsender_queue_edus (
        edu_type, server_name, json_nid, expires_at
    )  SELECT edu_type, server_name, json_nid, 0 FROM federationsender_queue_edus_old;
 `)
 	if err != nil {
 		return fmt.Errorf("failed to update queue_edus: %w", err)
 	}
 	_, err = tx.ExecContext(ctx, "UPDATE federationsender_queue_edus SET expires_at = $1 WHERE edu_type != 'm.direct_to_device'", gomatrixserverlib.AsTimestamp(time.Now().Add(time.Hour*24)))
 	if err != nil {
 		return fmt.Errorf("failed to update queue_edus: %w", err)
 	}
 	return nil
 }
 func DownAddexpiresat(ctx context.Context, tx *sql.Tx) error {
 	_, err := tx.ExecContext(ctx, "ALTER TABLE federationsender_queue_edus DROP COLUMN expires_at;")
 	if err != nil {
 		return fmt.Errorf("failed to rename table: %w", err)
 	}
 	return nil
 }
--- a/federationapi/storage/sqlite3/queue_edus_table.go
+++ b/federationapi/storage/sqlite3/queue_edus_table.go
@ -20,9 +20,11 @@ import (
 	"fmt"
 	"strings"
 	"github.com/matrix-org/gomatrixserverlib"
 	"github.com/matrix-org/dendrite/federationapi/storage/sqlite3/deltas"
 	"github.com/matrix-org/dendrite/internal"
 	"github.com/matrix-org/dendrite/internal/sqlutil"
 	"github.com/matrix-org/gomatrixserverlib"
 )
 const queueEDUsSchema = `
@ -32,7 +34,9 @@ CREATE TABLE IF NOT EXISTS federationsender_queue_edus (
    -- The domain part of the user ID the EDU event is for.
 	server_name TEXT NOT NULL,
 	-- The JSON NID from the federationsender_queue_edus_json table.
-	json_nid BIGINT NOT NULL
+	json_nid BIGINT NOT NULL,
 	-- The expiry time of this edu, if any.
 	expires_at BIGINT NOT NULL DEFAULT 0
 );
 CREATE UNIQUE INDEX IF NOT EXISTS federationsender_queue_edus_json_nid_idx
@ -44,8 +48,8 @@ CREATE INDEX IF NOT EXISTS federationsender_queue_edus_server_name_idx
 `
 const insertQueueEDUSQL = "" +
-	"INSERT INTO federationsender_queue_edus (edu_type, server_name, json_nid)" +
+	"INSERT INTO federationsender_queue_edus (edu_type, server_name, json_nid, expires_at)" +
-	" VALUES ($1, $2, $3)"
+	" VALUES ($1, $2, $3, $4)"
 const deleteQueueEDUsSQL = "" +
 	"DELETE FROM federationsender_queue_edus WHERE server_name = $1 AND json_nid IN ($2)"
@ -66,13 +70,22 @@ const selectQueueEDUCountSQL = "" +
 const selectQueueServerNamesSQL = "" +
 	"SELECT DISTINCT server_name FROM federationsender_queue_edus"
 const selectExpiredEDUsSQL = "" +
 	"SELECT DISTINCT json_nid FROM federationsender_queue_edus WHERE expires_at > 0 AND expires_at <= $1"
 const deleteExpiredEDUsSQL = "" +
 	"DELETE FROM federationsender_queue_edus WHERE expires_at > 0 AND expires_at <= $1"
 type queueEDUsStatements struct {
-	db                                   *sql.DB
+	db                 *sql.DB
-	insertQueueEDUStmt                   *sql.Stmt
+	insertQueueEDUStmt *sql.Stmt
 	// deleteQueueEDUStmt                *sql.Stmt - prepared at runtime due to variadic
 	selectQueueEDUStmt                   *sql.Stmt
 	selectQueueEDUReferenceJSONCountStmt *sql.Stmt
 	selectQueueEDUCountStmt              *sql.Stmt
 	selectQueueEDUServerNamesStmt        *sql.Stmt
 	selectExpiredEDUsStmt                *sql.Stmt
 	deleteExpiredEDUsStmt                *sql.Stmt
 }
 func NewSQLiteQueueEDUsTable(db *sql.DB) (s *queueEDUsStatements, err error) {
@ -81,24 +94,33 @@ func NewSQLiteQueueEDUsTable(db *sql.DB) (s *queueEDUsStatements, err error) {
 	}
 	_, err = db.Exec(queueEDUsSchema)
 	if err != nil {
-		return
+		return s, err
 	}
-	if s.insertQueueEDUStmt, err = db.Prepare(insertQueueEDUSQL); err != nil {
+
-		return
+	m := sqlutil.NewMigrator(db)
 	m.AddMigrations(
 		sqlutil.Migration{
 			Version: "federationapi: add expiresat column",
 			Up:      deltas.UpAddexpiresat,
 		},
 	)
 	if err := m.Up(context.Background()); err != nil {
 		return s, err
 	}
-	if s.selectQueueEDUStmt, err = db.Prepare(selectQueueEDUSQL); err != nil {
+
-		return
+	return s, nil
-	}
+}
-	if s.selectQueueEDUReferenceJSONCountStmt, err = db.Prepare(selectQueueEDUReferenceJSONCountSQL); err != nil {
+
-		return
+func (s *queueEDUsStatements) Prepare() error {
-	}
+	return sqlutil.StatementList{
-	if s.selectQueueEDUCountStmt, err = db.Prepare(selectQueueEDUCountSQL); err != nil {
+		{&s.insertQueueEDUStmt, insertQueueEDUSQL},
-		return
+		{&s.selectQueueEDUStmt, selectQueueEDUSQL},
-	}
+		{&s.selectQueueEDUReferenceJSONCountStmt, selectQueueEDUReferenceJSONCountSQL},
-	if s.selectQueueEDUServerNamesStmt, err = db.Prepare(selectQueueServerNamesSQL); err != nil {
+		{&s.selectQueueEDUCountStmt, selectQueueEDUCountSQL},
-		return
+		{&s.selectQueueEDUServerNamesStmt, selectQueueServerNamesSQL},
-	}
+		{&s.selectExpiredEDUsStmt, selectExpiredEDUsSQL},
-	return
+		{&s.deleteExpiredEDUsStmt, deleteExpiredEDUsSQL},
 	}.Prepare(s.db)
 }
 func (s *queueEDUsStatements) InsertQueueEDU(
@ -107,6 +129,7 @@ func (s *queueEDUsStatements) InsertQueueEDU(
 	eduType string,
 	serverName gomatrixserverlib.ServerName,
 	nid int64,
 	expiresAt gomatrixserverlib.Timestamp,
 ) error {
 	stmt := sqlutil.TxStmt(txn, s.insertQueueEDUStmt)
 	_, err := stmt.ExecContext(
@ -114,6 +137,7 @@ func (s *queueEDUsStatements) InsertQueueEDU(
 		eduType,    // the EDU type
 		serverName, // destination server name
 		nid,        // JSON blob NID
 		expiresAt,  // timestamp of expiry
 	)
 	return err
 }
@ -159,7 +183,7 @@ func (s *queueEDUsStatements) SelectQueueEDUs(
 		}
 		result = append(result, nid)
 	}
-	return result, nil
+	return result, rows.Err()
 }
 func (s *queueEDUsStatements) SelectQueueEDUReferenceJSONCount(
@ -209,3 +233,33 @@ func (s *queueEDUsStatements) SelectQueueEDUServerNames(
 	return result, rows.Err()
 }
 func (s *queueEDUsStatements) SelectExpiredEDUs(
 	ctx context.Context, txn *sql.Tx,
 	expiredBefore gomatrixserverlib.Timestamp,
 ) ([]int64, error) {
 	stmt := sqlutil.TxStmt(txn, s.selectExpiredEDUsStmt)
 	rows, err := stmt.QueryContext(ctx, expiredBefore)
 	if err != nil {
 		return nil, err
 	}
 	defer internal.CloseAndLogIfError(ctx, rows, "SelectExpiredEDUs: rows.close() failed")
 	var result []int64
 	var nid int64
 	for rows.Next() {
 		if err = rows.Scan(&nid); err != nil {
 			return nil, err
 		}
 		result = append(result, nid)
 	}
 	return result, rows.Err()
 }
 func (s *queueEDUsStatements) DeleteExpiredEDUs(
 	ctx context.Context, txn *sql.Tx,
 	expiredBefore gomatrixserverlib.Timestamp,
 ) error {
 	stmt := sqlutil.TxStmt(txn, s.deleteExpiredEDUsStmt)
 	_, err := stmt.ExecContext(ctx, expiredBefore)
 	return err
 }
--- a/federationapi/storage/sqlite3/storage.go
+++ b/federationapi/storage/sqlite3/storage.go
@ -81,9 +81,16 @@ func NewDatabase(base *base.BaseDendrite, dbProperties *config.DatabaseOptions,
 	if err != nil {
 		return nil, err
 	}
-	m := sqlutil.NewMigrations()
+	m := sqlutil.NewMigrator(d.db)
-	deltas.LoadRemoveRoomsTable(m)
+	m.AddMigrations(sqlutil.Migration{
-	if err = m.RunDeltas(d.db, dbProperties); err != nil {
+		Version: "federationsender: drop federationsender_rooms",
 		Up:      deltas.UpRemoveRoomsTable,
 	})
 	err = m.Up(base.Context())
 	if err != nil {
 		return nil, err
 	}
 	if err = queueEDUs.Prepare(); err != nil {
 		return nil, err
 	}
 	d.Database = shared.Database{
--- a/federationapi/storage/storage_test.go
+++ b/federationapi/storage/storage_test.go
@ -0,0 +1,81 @@
 package storage_test
 import (
 	"context"
 	"testing"
 	"time"
 	"github.com/matrix-org/gomatrixserverlib"
 	"github.com/stretchr/testify/assert"
 	"github.com/matrix-org/dendrite/federationapi/storage"
 	"github.com/matrix-org/dendrite/setup/config"
 	"github.com/matrix-org/dendrite/test"
 	"github.com/matrix-org/dendrite/test/testrig"
 )
 func mustCreateFederationDatabase(t *testing.T, dbType test.DBType) (storage.Database, func()) {
 	b, baseClose := testrig.CreateBaseDendrite(t, dbType)
 	connStr, dbClose := test.PrepareDBConnectionString(t, dbType)
 	db, err := storage.NewDatabase(b, &config.DatabaseOptions{
 		ConnectionString: config.DataSource(connStr),
 	}, b.Caches, b.Cfg.Global.ServerName)
 	if err != nil {
 		t.Fatalf("NewDatabase returned %s", err)
 	}
 	return db, func() {
 		dbClose()
 		baseClose()
 	}
 }
 func TestExpireEDUs(t *testing.T) {
 	var expireEDUTypes = map[string]time.Duration{
 		gomatrixserverlib.MReceipt: time.Millisecond,
 	}
 	ctx := context.Background()
 	test.WithAllDatabases(t, func(t *testing.T, dbType test.DBType) {
 		db, close := mustCreateFederationDatabase(t, dbType)
 		defer close()
 		// insert some data
 		for i := 0; i < 100; i++ {
 			receipt, err := db.StoreJSON(ctx, "{}")
 			assert.NoError(t, err)
 			err = db.AssociateEDUWithDestination(ctx, "localhost", receipt, gomatrixserverlib.MReceipt, expireEDUTypes)
 			assert.NoError(t, err)
 		}
 		// add data without expiry
 		receipt, err := db.StoreJSON(ctx, "{}")
 		assert.NoError(t, err)
 		// m.read_marker gets the default expiry of 24h, so won't be deleted further down in this test
 		err = db.AssociateEDUWithDestination(ctx, "localhost", receipt, "m.read_marker", expireEDUTypes)
 		assert.NoError(t, err)
 		// Delete expired EDUs
 		err = db.DeleteExpiredEDUs(ctx)
 		assert.NoError(t, err)
 		// verify the data is gone
 		data, err := db.GetPendingEDUs(ctx, "localhost", 100)
 		assert.NoError(t, err)
 		assert.Equal(t, 1, len(data))
 		// check that m.direct_to_device is never expired
 		receipt, err = db.StoreJSON(ctx, "{}")
 		assert.NoError(t, err)
 		err = db.AssociateEDUWithDestination(ctx, "localhost", receipt, gomatrixserverlib.MDirectToDevice, expireEDUTypes)
 		assert.NoError(t, err)
 		err = db.DeleteExpiredEDUs(ctx)
 		assert.NoError(t, err)
 		// We should get two EDUs, the m.read_marker and the m.direct_to_device
 		data, err = db.GetPendingEDUs(ctx, "localhost", 100)
 		assert.NoError(t, err)
 		assert.Equal(t, 2, len(data))
 	})
 }
--- a/federationapi/storage/tables/interface.go
+++ b/federationapi/storage/tables/interface.go
@ -34,12 +34,15 @@ type FederationQueuePDUs interface {
 }
 type FederationQueueEDUs interface {
-	InsertQueueEDU(ctx context.Context, txn *sql.Tx, eduType string, serverName gomatrixserverlib.ServerName, nid int64) error
+	InsertQueueEDU(ctx context.Context, txn *sql.Tx, eduType string, serverName gomatrixserverlib.ServerName, nid int64, expiresAt gomatrixserverlib.Timestamp) error
 	DeleteQueueEDUs(ctx context.Context, txn *sql.Tx, serverName gomatrixserverlib.ServerName, jsonNIDs []int64) error
 	SelectQueueEDUs(ctx context.Context, txn *sql.Tx, serverName gomatrixserverlib.ServerName, limit int) ([]int64, error)
 	SelectQueueEDUReferenceJSONCount(ctx context.Context, txn *sql.Tx, jsonNID int64) (int64, error)
 	SelectQueueEDUCount(ctx context.Context, txn *sql.Tx, serverName gomatrixserverlib.ServerName) (int64, error)
 	SelectQueueEDUServerNames(ctx context.Context, txn *sql.Tx) ([]gomatrixserverlib.ServerName, error)
 	SelectExpiredEDUs(ctx context.Context, txn *sql.Tx, expiredBefore gomatrixserverlib.Timestamp) ([]int64, error)
 	DeleteExpiredEDUs(ctx context.Context, txn *sql.Tx, expiredBefore gomatrixserverlib.Timestamp) error
 	Prepare() error
 }
 type FederationQueueJSON interface {
--- a/go.mod
+++ b/go.mod
@ -1,9 +1,5 @@
 module github.com/matrix-org/dendrite
 replace github.com/nats-io/nats-server/v2 => github.com/neilalexander/nats-server/v2 v2.8.3-0.20220513095553-73a9a246d34f
 replace github.com/nats-io/nats.go => github.com/neilalexander/nats.go v1.13.1-0.20220621084451-ac518c356673
 require (
 	github.com/Arceliar/ironwood v0.0.0-20220306165321-319147a02d98
 	github.com/Arceliar/phony v0.0.0-20210209235338-dde1a8dca979
@ -25,21 +21,20 @@ require (
 	github.com/matrix-org/dugong v0.0.0-20210921133753-66e6b1c67e2e
 	github.com/matrix-org/go-sqlite3-js v0.0.0-20220419092513-28aa791a1c91
 	github.com/matrix-org/gomatrix v0.0.0-20210324163249-be2af5ef2e16
-	github.com/matrix-org/gomatrixserverlib v0.0.0-20220711125303-3bb2e997a44c
+	github.com/matrix-org/gomatrixserverlib v0.0.0-20220801083850-5ff38e2c2839
-	github.com/matrix-org/pinecone v0.0.0-20220708135211-1ce778fcde6a
+	github.com/matrix-org/pinecone v0.0.0-20220803093810-b7a830c08fb9
 	github.com/matrix-org/util v0.0.0-20200807132607-55161520e1d4
 	github.com/mattn/go-sqlite3 v1.14.13
-	github.com/nats-io/nats-server/v2 v2.7.4-0.20220309205833-773636c1c5bb
+	github.com/nats-io/nats-server/v2 v2.8.5-0.20220731184415-903a06a5b4ee
-	github.com/nats-io/nats.go v1.14.0
+	github.com/nats-io/nats.go v1.16.1-0.20220731182438-87bbea85922b
 	github.com/neilalexander/utp v0.1.1-0.20210727203401-54ae7b1cd5f9
 	github.com/nfnt/resize v0.0.0-20180221191011-83c6a9932646
 	github.com/ngrok/sqlmw v0.0.0-20220520173518-97c9c04efc79
 	github.com/opentracing/opentracing-go v1.2.0
 	github.com/patrickmn/go-cache v2.1.0+incompatible
 	github.com/pkg/errors v0.9.1
 	github.com/pressly/goose v2.7.0+incompatible
 	github.com/prometheus/client_golang v1.12.2
-	github.com/sirupsen/logrus v1.8.1
+	github.com/sirupsen/logrus v1.9.0
 	github.com/stretchr/testify v1.7.1
 	github.com/tidwall/gjson v1.14.1
 	github.com/tidwall/sjson v1.2.4
@ -47,10 +42,10 @@ require (
 	github.com/uber/jaeger-lib v2.4.1+incompatible
 	github.com/yggdrasil-network/yggdrasil-go v0.4.3
 	go.uber.org/atomic v1.9.0
-	golang.org/x/crypto v0.0.0-20220525230936-793ad666bf5e
+	golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa
 	golang.org/x/image v0.0.0-20220413100746-70e8d0d3baa9
 	golang.org/x/mobile v0.0.0-20220518205345-8578da9835fd
-	golang.org/x/net v0.0.0-20220524220425-1d687d428aca
+	golang.org/x/net v0.0.0-20220624214902-1bab6f366d9e
 	golang.org/x/term v0.0.0-20220526004731-065cf7ba2467
 	gopkg.in/h2non/bimg.v1 v1.1.9
 	gopkg.in/yaml.v2 v2.4.0
@ -77,17 +72,18 @@ require (
 	github.com/h2non/filetype v1.1.3 // indirect
 	github.com/juju/errors v0.0.0-20220203013757-bd733f3c86b9 // indirect
 	github.com/juju/testing v0.0.0-20220203020004-a0ff61f03494 // indirect
-	github.com/klauspost/compress v1.14.4 // indirect
+	github.com/klauspost/compress v1.15.9 // indirect
-	github.com/lucas-clemente/quic-go v0.26.0 // indirect
+	github.com/lucas-clemente/quic-go v0.28.1 // indirect
 	github.com/marten-seemann/qtls-go1-16 v0.1.5 // indirect
-	github.com/marten-seemann/qtls-go1-17 v0.1.1 // indirect
+	github.com/marten-seemann/qtls-go1-17 v0.1.2 // indirect
-	github.com/marten-seemann/qtls-go1-18 v0.1.1 // indirect
+	github.com/marten-seemann/qtls-go1-18 v0.1.2 // indirect
 	github.com/marten-seemann/qtls-go1-19 v0.1.0-beta.1 // indirect
 	github.com/matttproud/golang_protobuf_extensions v1.0.2-0.20181231171920-c182affec369 // indirect
 	github.com/miekg/dns v1.1.49 // indirect
 	github.com/minio/highwayhash v1.0.2 // indirect
 	github.com/moby/term v0.0.0-20210610120745-9d4ed1856297 // indirect
 	github.com/morikuni/aec v1.0.0 // indirect
-	github.com/nats-io/jwt/v2 v2.2.1-0.20220330180145-442af02fd36a // indirect
+	github.com/nats-io/jwt/v2 v2.3.0 // indirect
 	github.com/nats-io/nkeys v0.3.0 // indirect
 	github.com/nats-io/nuid v1.0.1 // indirect
 	github.com/nxadm/tail v1.4.8 // indirect
@ -103,9 +99,9 @@ require (
 	github.com/tidwall/match v1.1.1 // indirect
 	github.com/tidwall/pretty v1.2.0 // indirect
 	golang.org/x/mod v0.6.0-dev.0.20220106191415-9b9b3d81d5e3 // indirect
-	golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a // indirect
+	golang.org/x/sys v0.0.0-20220731174439-a90be440212d // indirect
 	golang.org/x/text v0.3.8-0.20211004125949-5bd84dd9b33b // indirect
-	golang.org/x/time v0.0.0-20211116232009-f0f3c7e86c11 // indirect
+	golang.org/x/time v0.0.0-20220411224347-583f2d630306 // indirect
 	golang.org/x/tools v0.1.10 // indirect
 	golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 // indirect
 	google.golang.org/protobuf v1.27.1 // indirect
--- a/go.sum
+++ b/go.sum
@ -302,8 +302,8 @@ github.com/kardianos/minwinsvc v1.0.0/go.mod h1:Bgd0oc+D0Qo3bBytmNtyRKVlp85dAloL
 github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8=
 github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
 github.com/klauspost/compress v1.10.3/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs=
-github.com/klauspost/compress v1.14.4 h1:eijASRJcobkVtSt81Olfh7JX43osYLwy5krOJo6YEu4=
+github.com/klauspost/compress v1.15.9 h1:wKRjX6JRtDdrE9qwa4b/Cip7ACOshUI4smpCQanqjSY=
-github.com/klauspost/compress v1.14.4/go.mod h1:/3/Vjq9QcHkK5uEr5lBEmyoZ1iFhe47etQ6QUkpK6sk=
+github.com/klauspost/compress v1.15.9/go.mod h1:PhcZ0MbTNciWF3rruxRgKxI5NkcHHrHUDtV4Yw2GlzU=
 github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
 github.com/konsorten/go-windows-terminal-sequences v1.0.2/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
 github.com/konsorten/go-windows-terminal-sequences v1.0.3/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
@ -321,8 +321,8 @@ github.com/leodido/go-urn v1.2.0 h1:hpXL4XnriNwQ/ABnpepYM/1vCLWNDfUNts8dX3xTG6Y=
 github.com/leodido/go-urn v1.2.0/go.mod h1:+8+nEpDfqqsY+g338gtMEUOtuK+4dEMhiQEgxpxOKII=
 github.com/lib/pq v1.10.5 h1:J+gdV2cUmX7ZqL2B0lFcW0m+egaHC2V3lpO8nWxyYiQ=
 github.com/lib/pq v1.10.5/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o=
-github.com/lucas-clemente/quic-go v0.26.0 h1:ALBQXr9UJ8A1LyzvceX4jd9QFsHvlI0RR6BkV16o00A=
+github.com/lucas-clemente/quic-go v0.28.1 h1:Uo0lvVxWg5la9gflIF9lwa39ONq85Xq2D91YNEIslzU=
-github.com/lucas-clemente/quic-go v0.26.0/go.mod h1:AzgQoPda7N+3IqMMMkywBKggIFo2KT6pfnlrQ2QieeI=
+github.com/lucas-clemente/quic-go v0.28.1/go.mod h1:oGz5DKK41cJt5+773+BSO9BXDsREY4HLf7+0odGAPO0=
 github.com/lunixbochs/vtclean v1.0.0/go.mod h1:pHhQNgMf3btfWnGBVipUOjRYhoOsdGqdm/+2c2E2WMI=
 github.com/lxn/walk v0.0.0-20210112085537-c389da54e794/go.mod h1:E23UucZGqpuUANJooIbHWCufXvOcT6E7Stq81gU+CSQ=
 github.com/lxn/win v0.0.0-20210218163916-a377121e959e/go.mod h1:KxxjdtRkfNoYDCUP5ryK7XJJNTnpC8atvtmTheChOtk=
@ -330,10 +330,12 @@ github.com/mailru/easyjson v0.0.0-20190312143242-1de009706dbe/go.mod h1:C1wdFJiN
 github.com/marten-seemann/qpack v0.2.1/go.mod h1:F7Gl5L1jIgN1D11ucXefiuJS9UMVP2opoCp2jDKb7wc=
 github.com/marten-seemann/qtls-go1-16 v0.1.5 h1:o9JrYPPco/Nukd/HpOHMHZoBDXQqoNtUCmny98/1uqQ=
 github.com/marten-seemann/qtls-go1-16 v0.1.5/go.mod h1:gNpI2Ol+lRS3WwSOtIUUtRwZEQMXjYK+dQSBFbethAk=
-github.com/marten-seemann/qtls-go1-17 v0.1.1 h1:DQjHPq+aOzUeh9/lixAGunn6rIOQyWChPSI4+hgW7jc=
+github.com/marten-seemann/qtls-go1-17 v0.1.2 h1:JADBlm0LYiVbuSySCHeY863dNkcpMmDR7s0bLKJeYlQ=
-github.com/marten-seemann/qtls-go1-17 v0.1.1/go.mod h1:C2ekUKcDdz9SDWxec1N/MvcXBpaX9l3Nx67XaR84L5s=
+github.com/marten-seemann/qtls-go1-17 v0.1.2/go.mod h1:C2ekUKcDdz9SDWxec1N/MvcXBpaX9l3Nx67XaR84L5s=
-github.com/marten-seemann/qtls-go1-18 v0.1.1 h1:qp7p7XXUFL7fpBvSS1sWD+uSqPvzNQK43DH+/qEkj0Y=
+github.com/marten-seemann/qtls-go1-18 v0.1.2 h1:JH6jmzbduz0ITVQ7ShevK10Av5+jBEKAHMntXmIV7kM=
-github.com/marten-seemann/qtls-go1-18 v0.1.1/go.mod h1:mJttiymBAByA49mhlNZZGrH5u1uXYZJ+RW28Py7f4m4=
+github.com/marten-seemann/qtls-go1-18 v0.1.2/go.mod h1:mJttiymBAByA49mhlNZZGrH5u1uXYZJ+RW28Py7f4m4=
 github.com/marten-seemann/qtls-go1-19 v0.1.0-beta.1 h1:7m/WlWcSROrcK5NxuXaxYD32BZqe/LEEnBrWcH/cOqQ=
 github.com/marten-seemann/qtls-go1-19 v0.1.0-beta.1/go.mod h1:5HTDWtVudo/WFsHKRNuOhWlbdjrfs5JHrYb0wIJqGpI=
 github.com/matrix-org/dugong v0.0.0-20210921133753-66e6b1c67e2e h1:DP5RC0Z3XdyBEW5dKt8YPeN6vZbm6OzVaGVp7f1BQRM=
 github.com/matrix-org/dugong v0.0.0-20210921133753-66e6b1c67e2e/go.mod h1:NgPCr+UavRGH6n5jmdX8DuqFZ4JiCWIJoZiuhTRLSUg=
 github.com/matrix-org/go-sqlite3-js v0.0.0-20220419092513-28aa791a1c91 h1:s7fexw2QV3YD/fRrzEDPNGgTlJlvXY0EHHnT87wF3OA=
@ -341,10 +343,10 @@ github.com/matrix-org/go-sqlite3-js v0.0.0-20220419092513-28aa791a1c91/go.mod h1
 github.com/matrix-org/gomatrix v0.0.0-20190528120928-7df988a63f26/go.mod h1:3fxX6gUjWyI/2Bt7J1OLhpCzOfO/bB3AiX0cJtEKud0=
 github.com/matrix-org/gomatrix v0.0.0-20210324163249-be2af5ef2e16 h1:ZtO5uywdd5dLDCud4r0r55eP4j9FuUNpl60Gmntcop4=
 github.com/matrix-org/gomatrix v0.0.0-20210324163249-be2af5ef2e16/go.mod h1:/gBX06Kw0exX1HrwmoBibFA98yBk/jxKpGVeyQbff+s=
-github.com/matrix-org/gomatrixserverlib v0.0.0-20220711125303-3bb2e997a44c h1:mt30TDK8kXKV+nCmVfnqoXsh842N+74kvZw7DXuS/JQ=
+github.com/matrix-org/gomatrixserverlib v0.0.0-20220801083850-5ff38e2c2839 h1:QEFxKWH8PlEt3ZQKl31yJNAm8lvpNUwT51IMNTl9v1k=
-github.com/matrix-org/gomatrixserverlib v0.0.0-20220711125303-3bb2e997a44c/go.mod h1:jX38yp3SSLJNftBg3PXU1ayd0PCLIiDHQ4xAc9DIixk=
+github.com/matrix-org/gomatrixserverlib v0.0.0-20220801083850-5ff38e2c2839/go.mod h1:jX38yp3SSLJNftBg3PXU1ayd0PCLIiDHQ4xAc9DIixk=
-github.com/matrix-org/pinecone v0.0.0-20220708135211-1ce778fcde6a h1:DdG8vXMlZ65EAtc4V+3t7zHZ2Gqs24pSnyXS+4BRHUs=
+github.com/matrix-org/pinecone v0.0.0-20220803093810-b7a830c08fb9 h1:ed8yvWhTLk7+sNeK/eOZRTvESFTOHDRevoRoyeqPtvY=
-github.com/matrix-org/pinecone v0.0.0-20220708135211-1ce778fcde6a/go.mod h1:ulJzsVOTssIVp1j/m5eI//4VpAGDkMt5NrRuAVX7wpc=
+github.com/matrix-org/pinecone v0.0.0-20220803093810-b7a830c08fb9/go.mod h1:P4MqPf+u83OPulPJ+XTbSDbbWrdFYNY4LZ/B1PIduFE=
 github.com/matrix-org/util v0.0.0-20190711121626-527ce5ddefc7/go.mod h1:vVQlW/emklohkZnOPwD3LrZUBqdfsbiyO3p1lNV8F6U=
 github.com/matrix-org/util v0.0.0-20200807132607-55161520e1d4 h1:eCEHXWDv9Rm335MSuB49mFUK44bwZPFSDde3ORE3syk=
 github.com/matrix-org/util v0.0.0-20200807132607-55161520e1d4/go.mod h1:vVQlW/emklohkZnOPwD3LrZUBqdfsbiyO3p1lNV8F6U=
@ -381,8 +383,12 @@ github.com/morikuni/aec v1.0.0/go.mod h1:BbKIizmSmc5MMPqRYbxO4ZU0S0+P200+tUnFx7P
 github.com/mschoch/smat v0.0.0-20160514031455-90eadee771ae/go.mod h1:qAyveg+e4CE+eKJXWVjKXM4ck2QobLqTDytGJbLLhJg=
 github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U=
 github.com/mwitkow/go-conntrack v0.0.0-20190716064945-2f068394615f/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U=
-github.com/nats-io/jwt/v2 v2.2.1-0.20220330180145-442af02fd36a h1:lem6QCvxR0Y28gth9P+wV2K/zYUUAkJ+55U8cpS0p5I=
+github.com/nats-io/jwt/v2 v2.3.0 h1:z2mA1a7tIf5ShggOFlR1oBPgd6hGqcDYsISxZByUzdI=
-github.com/nats-io/jwt/v2 v2.2.1-0.20220330180145-442af02fd36a/go.mod h1:0tqz9Hlu6bCBFLWAASKhE5vUA4c24L9KPUUgvwumE/k=
+github.com/nats-io/jwt/v2 v2.3.0/go.mod h1:0tqz9Hlu6bCBFLWAASKhE5vUA4c24L9KPUUgvwumE/k=
 github.com/nats-io/nats-server/v2 v2.8.5-0.20220731184415-903a06a5b4ee h1:vAtoZ+LW6eIUjkCWWwO1DZ6o16UGrVOG+ot/AkwejO8=
 github.com/nats-io/nats-server/v2 v2.8.5-0.20220731184415-903a06a5b4ee/go.mod h1:3Yg3ApyQxPlAs1KKHKV5pobV5VtZk+TtOiUJx/iqkkg=
 github.com/nats-io/nats.go v1.16.1-0.20220731182438-87bbea85922b h1:CE9wSYLvwq8aC/0+6zH8lhhtZYvJ9p8PzwvZeYgdBc0=
 github.com/nats-io/nats.go v1.16.1-0.20220731182438-87bbea85922b/go.mod h1:BPko4oXsySz4aSWeFgOHLZs3G4Jq4ZAyE6/zMCxRT6w=
 github.com/nats-io/nkeys v0.3.0 h1:cgM5tL53EvYRU+2YLXIK0G2mJtK12Ft9oeooSZMA2G8=
 github.com/nats-io/nkeys v0.3.0/go.mod h1:gvUNGjVcM2IPr5rCsRsC6Wb3Hr2CQAm08dsxtV6A5y4=
 github.com/nats-io/nuid v1.0.1 h1:5iA8DT8V7q8WK2EScv2padNa/rTESc1KdnPw4TC2paw=
@ -390,10 +396,6 @@ github.com/nats-io/nuid v1.0.1/go.mod h1:19wcPz3Ph3q0Jbyiqsd0kePYG7A95tJPxeL+1OS
 github.com/nbio/st v0.0.0-20140626010706-e9e8d9816f32/go.mod h1:9wM+0iRr9ahx58uYLpLIr5fm8diHn0JbqRycJi6w0Ms=
 github.com/neelance/astrewrite v0.0.0-20160511093645-99348263ae86/go.mod h1:kHJEU3ofeGjhHklVoIGuVj85JJwZ6kWPaJwCIxgnFmo=
 github.com/neelance/sourcemap v0.0.0-20151028013722-8c68805598ab/go.mod h1:Qr6/a/Q4r9LP1IltGz7tA7iOK1WonHEYhu1HRBA7ZiM=
 github.com/neilalexander/nats-server/v2 v2.8.3-0.20220513095553-73a9a246d34f h1:Fc+TjdV1mOy0oISSzfoxNWdTqjg7tN/Vdgf+B2cwvdo=
 github.com/neilalexander/nats-server/v2 v2.8.3-0.20220513095553-73a9a246d34f/go.mod h1:vIdpKz3OG+DCg4q/xVPdXHoztEyKDWRtykQ4N7hd7C4=
 github.com/neilalexander/nats.go v1.13.1-0.20220621084451-ac518c356673 h1:TcKfa3Tf0qwUotv63PQVu2d1bBoLi2iEA4RHVMGDh5M=
 github.com/neilalexander/nats.go v1.13.1-0.20220621084451-ac518c356673/go.mod h1:BPko4oXsySz4aSWeFgOHLZs3G4Jq4ZAyE6/zMCxRT6w=
 github.com/neilalexander/utp v0.1.1-0.20210727203401-54ae7b1cd5f9 h1:lrVQzBtkeQEGGYUHwSX1XPe1E5GL6U3KYCNe2G4bncQ=
 github.com/neilalexander/utp v0.1.1-0.20210727203401-54ae7b1cd5f9/go.mod h1:NPHGhPc0/wudcaCqL/H5AOddkRf8GPRhzOujuUKGQu8=
 github.com/nfnt/resize v0.0.0-20180221191011-83c6a9932646 h1:zYyBkD/k9seD2A7fsi6Oo2LfFZAehjjQMERAvZLEDnQ=
@ -432,8 +434,6 @@ github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
 github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/pressly/goose v2.7.0+incompatible h1:PWejVEv07LCerQEzMMeAtjuyCKbyprZ/LBa6K5P0OCQ=
 github.com/pressly/goose v2.7.0+incompatible/go.mod h1:m+QHWCqxR3k8D9l7qfzuC/djtlfzxr34mozWDYEu1z8=
 github.com/prometheus/client_golang v0.8.0/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw=
 github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw=
 github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5FsnadC4Ky3P0J6CfImo=
@ -493,8 +493,8 @@ github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPx
 github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE=
 github.com/sirupsen/logrus v1.6.0/go.mod h1:7uNnSEd1DgxDLC74fIahvMZmmYsHGZGEOFrfsX/uA88=
 github.com/sirupsen/logrus v1.7.0/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0=
-github.com/sirupsen/logrus v1.8.1 h1:dJKuHgqk1NNQlqoA6BTlM1Wf9DOH3NBjQyu0h9+AZZE=
+github.com/sirupsen/logrus v1.9.0 h1:trlNQbNUG3OdDrDil03MCb1H2o9nJ1x4/5LYw7byDE0=
-github.com/sirupsen/logrus v1.8.1/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0=
+github.com/sirupsen/logrus v1.9.0/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ=
 github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d/go.mod h1:OnSkiWE9lh6wB0YB77sQom3nweQdgAjqCqsofrRNTgc=
 github.com/smartystreets/goconvey v0.0.0-20181108003508-044398e4856c/go.mod h1:XDJAKZRPZ1CvBcN2aX5YOUTYGHki24fSF0Iv48Ibg0s=
 github.com/sourcegraph/annotate v0.0.0-20160123013949-f4cad6c6324d/go.mod h1:UdhH50NIW0fCiwBSr0co2m7BnFLdv4fQTgdqdJTHFeE=
@ -551,7 +551,6 @@ go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8=
 go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
 go.opencensus.io v0.22.3/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
 go.opencensus.io v0.22.4/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
 go.uber.org/atomic v1.7.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc=
 go.uber.org/atomic v1.9.0 h1:ECmE8Bn/WFTYwEW/bpKD3M8VtR/zQVbavAoalC1PYyE=
 go.uber.org/atomic v1.9.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc=
 go4.org v0.0.0-20180809161055-417644f6feb5/go.mod h1:MkTOUMDaeVYJUOUsaDXIhWPZYa1yOyC1qaOBpL57BhE=
@ -570,8 +569,8 @@ golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPh
 golang.org/x/crypto v0.0.0-20210314154223-e6e6c4f2bb5b/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4=
 golang.org/x/crypto v0.0.0-20210421170649-83a5a9bb288b/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4=
 golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
-golang.org/x/crypto v0.0.0-20220525230936-793ad666bf5e h1:T8NU3HyQ8ClP4SEE+KbFlg6n0NhuTsN4MyznaarGsZM=
+golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa h1:zuSxTR4o9y82ebqCUJYNGJbGPo6sKVl54f/TVDObg1c=
-golang.org/x/crypto v0.0.0-20220525230936-793ad666bf5e/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
+golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 golang.org/x/exp v0.0.0-20180321215751-8460e604b9de/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20180807140117-3d87b88a115f/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
@ -661,8 +660,8 @@ golang.org/x/net v0.0.0-20210805182204-aaa1db679c0d/go.mod h1:9nx3DQGgdP8bBQD5qx
 golang.org/x/net v0.0.0-20210927181540-4e4d966f7476/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20211011170408-caeb26a5c8c0/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20211101193420-4a448f8816b3/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
-golang.org/x/net v0.0.0-20220524220425-1d687d428aca h1:xTaFYiPROfpPhqrfTIDXj0ri1SpfueYT951s4bAuDO8=
+golang.org/x/net v0.0.0-20220624214902-1bab6f366d9e h1:TsQ7F31D3bUCLeqPT0u+yjp1guoArKaNKmCr22PYgTQ=
-golang.org/x/net v0.0.0-20220524220425-1d687d428aca/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
+golang.org/x/net v0.0.0-20220624214902-1bab6f366d9e/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.0.0-20181017192945-9dcd33a902f4/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.0.0-20181203162652-d668ce993890/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
@ -749,9 +748,12 @@ golang.org/x/sys v0.0.0-20211007075335-d3039528d8ac/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.0.0-20211102192858-4dd72447c267/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220114195835-da31bd327af9/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220405052023-b1e9470b6e64/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a h1:dGzPydgVsqGcTRVwiLJ1jVbufYwmzD3LfVPLKsKg+0k=
 golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220731174439-a90be440212d h1:Sv5ogFZatcgIMMtBSTTAgMYsicp25MXBubjXNDKwm80=
 golang.org/x/sys v0.0.0-20220731174439-a90be440212d/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/term v0.0.0-20220526004731-065cf7ba2467 h1:CBpWXWQpIRjzmkkA+M7q9Fqnwd2mZr3AFqexg8YTfoM=
 golang.org/x/term v0.0.0-20220526004731-065cf7ba2467/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
@ -760,14 +762,15 @@ golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3
 golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
 golang.org/x/text v0.3.8-0.20211004125949-5bd84dd9b33b h1:NXqSWXSRUSCaFuvitrWtU169I3876zRTalMRbfd6LL0=
 golang.org/x/text v0.3.8-0.20211004125949-5bd84dd9b33b/go.mod h1:EFNZuWvGYxIRUEX+K8UmCFwYmZjqcrnq15ZuVldZkZ0=
 golang.org/x/time v0.0.0-20180412165947-fbb02b2291d2/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
-golang.org/x/time v0.0.0-20211116232009-f0f3c7e86c11 h1:GZokNIeuVkl3aZHJchRrr13WCsols02MLUcz1U9is6M=
+golang.org/x/time v0.0.0-20220411224347-583f2d630306 h1:+gHMid33q6pen7kv9xvT+JRinntgeXO2AeZVd0AWD3w=
-golang.org/x/time v0.0.0-20211116232009-f0f3c7e86c11/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
+golang.org/x/time v0.0.0-20220411224347-583f2d630306/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/tools v0.0.0-20180525024113-a5b4c53f6e8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20180828015842-6cd1fcedba52/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
--- a/internal/caching/cache_eventstatekeys.go
+++ b/internal/caching/cache_eventstatekeys.go
@ -0,0 +1,18 @@
 package caching
 import "github.com/matrix-org/dendrite/roomserver/types"
 // EventStateKeyCache contains the subset of functions needed for
 // a room event state key cache.
 type EventStateKeyCache interface {
 	GetEventStateKey(eventStateKeyNID types.EventStateKeyNID) (string, bool)
 	StoreEventStateKey(eventStateKeyNID types.EventStateKeyNID, eventStateKey string)
 }
 func (c Caches) GetEventStateKey(eventStateKeyNID types.EventStateKeyNID) (string, bool) {
 	return c.RoomServerStateKeys.Get(eventStateKeyNID)
 }
 func (c Caches) StoreEventStateKey(eventStateKeyNID types.EventStateKeyNID, eventStateKey string) {
 	c.RoomServerStateKeys.Set(eventStateKeyNID, eventStateKey)
 }
--- a/internal/caching/cache_lazy_load_members.go
+++ b/internal/caching/cache_lazy_load_members.go
@ -14,6 +14,7 @@ type lazyLoadingCacheKey struct {
 type LazyLoadCache interface {
 	StoreLazyLoadedUser(device *userapi.Device, roomID, userID, eventID string)
 	IsLazyLoadedUserCached(device *userapi.Device, roomID, userID string) (string, bool)
 	InvalidateLazyLoadedUser(device *userapi.Device, roomID, userID string)
 }
 func (c Caches) StoreLazyLoadedUser(device *userapi.Device, roomID, userID, eventID string) {
@ -33,3 +34,12 @@ func (c Caches) IsLazyLoadedUserCached(device *userapi.Device, roomID, userID st
 		TargetUserID: userID,
 	})
 }
 func (c Caches) InvalidateLazyLoadedUser(device *userapi.Device, roomID, userID string) {
 	c.LazyLoading.Unset(lazyLoadingCacheKey{
 		UserID:       device.UserID,
 		DeviceID:     device.ID,
 		RoomID:       roomID,
 		TargetUserID: userID,
 	})
 }
--- a/internal/caching/cache_roominfo.go
+++ b/internal/caching/cache_roominfo.go
@ -1,33 +0,0 @@
 package caching
 import (
 	"github.com/matrix-org/dendrite/roomserver/types"
 )
 // WARNING: This cache is mutable because it's entirely possible that
 // the IsStub or StateSnaphotNID fields can change, even though the
 // room version and room NID fields will not. This is only safe because
 // the RoomInfoCache is used ONLY within the roomserver and because it
 // will be kept up-to-date by the latest events updater. It MUST NOT be
 // used from other components as we currently have no way to invalidate
 // the cache in downstream components.
 // RoomInfosCache contains the subset of functions needed for
 // a room Info cache. It must only be used from the roomserver only
 // It is not safe for use from other components.
 type RoomInfoCache interface {
 	GetRoomInfo(roomID string) (roomInfo types.RoomInfo, ok bool)
 	StoreRoomInfo(roomID string, roomInfo types.RoomInfo)
 }
 // GetRoomInfo must only be called from the roomserver only. It is not
 // safe for use from other components.
 func (c Caches) GetRoomInfo(roomID string) (types.RoomInfo, bool) {
 	return c.RoomInfos.Get(roomID)
 }
 // StoreRoomInfo must only be called from the roomserver only. It is not
 // safe for use from other components.
 func (c Caches) StoreRoomInfo(roomID string, roomInfo types.RoomInfo) {
 	c.RoomInfos.Set(roomID, roomInfo)
 }
--- a/internal/caching/cache_roomservernids.go
+++ b/internal/caching/cache_roomservernids.go
@ -7,8 +7,8 @@ import (
 type RoomServerCaches interface {
 	RoomServerNIDsCache
 	RoomVersionCache
 	RoomInfoCache
 	RoomServerEventsCache
 	EventStateKeyCache
 }
 // RoomServerNIDsCache contains the subset of functions needed for
@ -19,9 +19,9 @@ type RoomServerNIDsCache interface {
 }
 func (c Caches) GetRoomServerRoomID(roomNID types.RoomNID) (string, bool) {
-	return c.RoomServerRoomIDs.Get(int64(roomNID))
+	return c.RoomServerRoomIDs.Get(roomNID)
 }
 func (c Caches) StoreRoomServerRoomID(roomNID types.RoomNID, roomID string) {
-	c.RoomServerRoomIDs.Set(int64(roomNID), roomID)
+	c.RoomServerRoomIDs.Set(roomNID, roomID)
 }
--- a/internal/caching/caches.go
+++ b/internal/caching/caches.go
@ -23,16 +23,16 @@ import (
 // different implementations as long as they satisfy the Cache
 // interface.
 type Caches struct {
-	RoomVersions       Cache[string, gomatrixserverlib.RoomVersion]           // room ID -> room version
+	RoomVersions        Cache[string, gomatrixserverlib.RoomVersion]           // room ID -> room version
-	ServerKeys         Cache[string, gomatrixserverlib.PublicKeyLookupResult] // server name -> server keys
+	ServerKeys          Cache[string, gomatrixserverlib.PublicKeyLookupResult] // server name -> server keys
-	RoomServerRoomNIDs Cache[string, types.RoomNID]                           // room ID -> room NID
+	RoomServerRoomNIDs  Cache[string, types.RoomNID]                           // room ID -> room NID
-	RoomServerRoomIDs  Cache[int64, string]                                   // room NID -> room ID
+	RoomServerRoomIDs   Cache[types.RoomNID, string]                           // room NID -> room ID
-	RoomServerEvents   Cache[int64, *gomatrixserverlib.Event]                 // event NID -> event
+	RoomServerEvents    Cache[int64, *gomatrixserverlib.Event]                 // event NID -> event
-	RoomInfos          Cache[string, types.RoomInfo]                          // room ID -> room info
+	RoomServerStateKeys Cache[types.EventStateKeyNID, string]                  // event NID -> event state key
-	FederationPDUs     Cache[int64, *gomatrixserverlib.HeaderedEvent]         // queue NID -> PDU
+	FederationPDUs      Cache[int64, *gomatrixserverlib.HeaderedEvent]         // queue NID -> PDU
-	FederationEDUs     Cache[int64, *gomatrixserverlib.EDU]                   // queue NID -> EDU
+	FederationEDUs      Cache[int64, *gomatrixserverlib.EDU]                   // queue NID -> EDU
-	SpaceSummaryRooms  Cache[string, gomatrixserverlib.MSC2946SpacesResponse] // room ID -> space response
+	SpaceSummaryRooms   Cache[string, gomatrixserverlib.MSC2946SpacesResponse] // room ID -> space response
-	LazyLoading        Cache[lazyLoadingCacheKey, string]                     // composite key -> event ID
+	LazyLoading         Cache[lazyLoadingCacheKey, string]                     // composite key -> event ID
 }
 // Cache is the interface that an implementation must satisfy.
@ -44,7 +44,7 @@ type Cache[K keyable, T any] interface {
 type keyable interface {
 	// from https://github.com/dgraph-io/ristretto/blob/8e850b710d6df0383c375ec6a7beae4ce48fc8d5/z/z.go#L34
-	uint64 | string | []byte | byte | int | int32 | uint32 | int64 | lazyLoadingCacheKey
+	~uint64 | ~string | []byte | byte | ~int | ~int32 | ~uint32 | ~int64 | lazyLoadingCacheKey
 }
 type costable interface {
--- a/internal/caching/impl_ristretto.go
+++ b/internal/caching/impl_ristretto.go
@ -35,18 +35,18 @@ const (
 	roomNIDsCache
 	roomIDsCache
 	roomEventsCache
 	roomInfosCache
 	federationPDUsCache
 	federationEDUsCache
 	spaceSummaryRoomsCache
 	lazyLoadingCache
 	eventStateKeyCache
 )
 func NewRistrettoCache(maxCost config.DataUnit, maxAge time.Duration, enablePrometheus bool) *Caches {
 	cache, err := ristretto.NewCache(&ristretto.Config{
-		NumCounters: 1e5, // 10x number of expected cache items, affects bloom filter size, gives us room for 10,000 currently
+		NumCounters: int64((maxCost / 1024) * 10), // 10 counters per 1KB data, affects bloom filter size
-		BufferItems: 64,  // recommended by the ristretto godocs as a sane buffer size value
+		BufferItems: 64,                           // recommended by the ristretto godocs as a sane buffer size value
-		MaxCost:     int64(maxCost),
+		MaxCost:     int64(maxCost),               // max cost is in bytes, as per the Dendrite config
 		Metrics:     true,
 		KeyToHash: func(key interface{}) (uint64, uint64) {
 			return z.KeyToHash(key)
@ -88,7 +88,7 @@ func NewRistrettoCache(maxCost config.DataUnit, maxAge time.Duration, enableProm
 			Prefix: roomNIDsCache,
 			MaxAge: maxAge,
 		},
-		RoomServerRoomIDs: &RistrettoCachePartition[int64, string]{ // room NID -> room ID
+		RoomServerRoomIDs: &RistrettoCachePartition[types.RoomNID, string]{ // room NID -> room ID
 			cache:  cache,
 			Prefix: roomIDsCache,
 			MaxAge: maxAge,
@ -100,11 +100,10 @@ func NewRistrettoCache(maxCost config.DataUnit, maxAge time.Duration, enableProm
 				MaxAge: maxAge,
 			},
 		},
-		RoomInfos: &RistrettoCachePartition[string, types.RoomInfo]{ // room ID -> room info
+		RoomServerStateKeys: &RistrettoCachePartition[types.EventStateKeyNID, string]{ // event NID -> event state key
-			cache:   cache,
+			cache:  cache,
-			Prefix:  roomInfosCache,
+			Prefix: eventStateKeyCache,
-			Mutable: true,
+			MaxAge: maxAge,
 			MaxAge:  maxAge,
 		},
 		FederationPDUs: &RistrettoCostedCachePartition[int64, *gomatrixserverlib.HeaderedEvent]{ // queue NID -> PDU
 			&RistrettoCachePartition[int64, *gomatrixserverlib.HeaderedEvent]{
--- a/internal/httputil/http.go
+++ b/internal/httputil/http.go
@ -19,19 +19,21 @@ import (
 	"context"
 	"encoding/json"
 	"fmt"
 	"io"
 	"net/http"
 	"net/url"
 	"strings"
 	"github.com/matrix-org/dendrite/userapi/api"
 	opentracing "github.com/opentracing/opentracing-go"
 	"github.com/opentracing/opentracing-go/ext"
 )
-// PostJSON performs a POST request with JSON on an internal HTTP API
+// PostJSON performs a POST request with JSON on an internal HTTP API.
-func PostJSON(
+// The error will match the errtype if returned from the remote API, or
 // will be a different type if there was a problem reaching the API.
 func PostJSON[reqtype, restype any, errtype error](
 	ctx context.Context, span opentracing.Span, httpClient *http.Client,
-	apiURL string, request, response interface{},
+	apiURL string, request *reqtype, response *restype,
 ) error {
 	jsonBytes, err := json.Marshal(request)
 	if err != nil {
@ -69,17 +71,23 @@ func PostJSON(
 	if err != nil {
 		return err
 	}
-	if res.StatusCode != http.StatusOK {
+	var body []byte
-		var errorBody struct {
+	body, err = io.ReadAll(res.Body)
-			Message string `json:"message"`
+	if err != nil {
-		}
+		return err
 		if _, ok := response.(*api.PerformKeyBackupResponse); ok { // TODO: remove this, once cross-boundary errors are a thing
 			return nil
 		}
 		if msgerr := json.NewDecoder(res.Body).Decode(&errorBody); msgerr == nil {
 			return fmt.Errorf("internal API: %d from %s: %s", res.StatusCode, apiURL, errorBody.Message)
 		}
 		return fmt.Errorf("internal API: %d from %s", res.StatusCode, apiURL)
 	}
-	return json.NewDecoder(res.Body).Decode(response)
+	if res.StatusCode != http.StatusOK {
 		if len(body) == 0 {
 			return fmt.Errorf("HTTP %d from %s (no response body)", res.StatusCode, apiURL)
 		}
 		var reserr errtype
 		if err = json.Unmarshal(body, reserr); err != nil {
 			return fmt.Errorf("HTTP %d from %s", res.StatusCode, apiURL)
 		}
 		return reserr
 	}
 	if err = json.Unmarshal(body, response); err != nil {
 		return fmt.Errorf("json.Unmarshal: %w", err)
 	}
 	return nil
 }
--- a/internal/httputil/internalapi.go
+++ b/internal/httputil/internalapi.go
@ -0,0 +1,93 @@
 // Copyright 2022 The Matrix.org Foundation C.I.C.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
 // You may obtain a copy of the License at
 //
 //     http://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing, software
 // distributed under the License is distributed on an "AS IS" BASIS,
 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 // See the License for the specific language governing permissions and
 // limitations under the License.
 package httputil
 import (
 	"context"
 	"encoding/json"
 	"fmt"
 	"net/http"
 	"reflect"
 	"github.com/matrix-org/util"
 	opentracing "github.com/opentracing/opentracing-go"
 )
 type InternalAPIError struct {
 	Type    string
 	Message string
 }
 func (e InternalAPIError) Error() string {
 	return fmt.Sprintf("internal API returned %q error: %s", e.Type, e.Message)
 }
 func MakeInternalRPCAPI[reqtype, restype any](metricsName string, f func(context.Context, *reqtype, *restype) error) http.Handler {
 	return MakeInternalAPI(metricsName, func(req *http.Request) util.JSONResponse {
 		var request reqtype
 		var response restype
 		if err := json.NewDecoder(req.Body).Decode(&request); err != nil {
 			return util.MessageResponse(http.StatusBadRequest, err.Error())
 		}
 		if err := f(req.Context(), &request, &response); err != nil {
 			return util.JSONResponse{
 				Code: http.StatusInternalServerError,
 				JSON: &InternalAPIError{
 					Type:    reflect.TypeOf(err).String(),
 					Message: fmt.Sprintf("%s", err),
 				},
 			}
 		}
 		return util.JSONResponse{
 			Code: http.StatusOK,
 			JSON: &response,
 		}
 	})
 }
 func MakeInternalProxyAPI[reqtype, restype any](metricsName string, f func(context.Context, *reqtype) (*restype, error)) http.Handler {
 	return MakeInternalAPI(metricsName, func(req *http.Request) util.JSONResponse {
 		var request reqtype
 		if err := json.NewDecoder(req.Body).Decode(&request); err != nil {
 			return util.MessageResponse(http.StatusBadRequest, err.Error())
 		}
 		response, err := f(req.Context(), &request)
 		if err != nil {
 			return util.JSONResponse{
 				Code: http.StatusInternalServerError,
 				JSON: err,
 			}
 		}
 		return util.JSONResponse{
 			Code: http.StatusOK,
 			JSON: response,
 		}
 	})
 }
 func CallInternalRPCAPI[reqtype, restype any](name, url string, client *http.Client, ctx context.Context, request *reqtype, response *restype) error {
 	span, ctx := opentracing.StartSpanFromContext(ctx, name)
 	defer span.Finish()
 	return PostJSON[reqtype, restype, InternalAPIError](ctx, span, client, url, request, response)
 }
 func CallInternalProxyAPI[reqtype, restype any, errtype error](name, url string, client *http.Client, ctx context.Context, request *reqtype) (restype, error) {
 	span, ctx := opentracing.StartSpanFromContext(ctx, name)
 	defer span.Finish()
 	var response restype
 	return response, PostJSON[reqtype, restype, errtype](ctx, span, client, url, request, &response)
 }
--- a/Show more
+++ b/Show more