From ed6d964e5dabcf359ad0ffc9a0267114976d851e Mon Sep 17 00:00:00 2001 From: Till <2353100+S7evinK@users.noreply.github.com> Date: Fri, 13 Sep 2024 09:39:30 +0200 Subject: [PATCH 01/11] Fix function signature, use default random boundary (#3422) Fixes the function signature of `parseMultipartResponse` and uses the default random boundary when creating a new multipart response. --- mediaapi/routing/download.go | 33 ++++++++++++------------------- mediaapi/routing/download_test.go | 2 +- 2 files changed, 14 insertions(+), 21 deletions(-) diff --git a/mediaapi/routing/download.go b/mediaapi/routing/download.go index c812b9d65..c3ac3cdc7 100644 --- a/mediaapi/routing/download.go +++ b/mediaapi/routing/download.go @@ -33,7 +33,6 @@ import ( "sync" "unicode" - "github.com/google/uuid" "github.com/matrix-org/dendrite/mediaapi/fileutils" "github.com/matrix-org/dendrite/mediaapi/storage" "github.com/matrix-org/dendrite/mediaapi/thumbnailer" @@ -400,22 +399,16 @@ func (r *downloadRequest) respondFromLocalFile( } func multipartResponse(w http.ResponseWriter, r *downloadRequest, contentType string, responseFile io.Reader) (int64, error) { - // Update the header to be multipart/mixed; boundary=$randomBoundary - boundary := uuid.NewString() - w.Header().Set("Content-Type", "multipart/mixed; boundary="+boundary) - - w.Header().Del("Content-Length") // let Go handle the content length mw := multipart.NewWriter(w) + // Update the header to be multipart/mixed; boundary=$randomBoundary + w.Header().Set("Content-Type", "multipart/mixed; boundary="+mw.Boundary()) + w.Header().Del("Content-Length") // let Go handle the content length defer func() { if err := mw.Close(); err != nil { r.Logger.WithError(err).Error("Failed to close multipart writer") } }() - if err := mw.SetBoundary(boundary); err != nil { - return 0, fmt.Errorf("failed to set multipart boundary: %w", err) - } - // JSON object part jsonWriter, err := mw.CreatePart(textproto.MIMEHeader{ "Content-Type": {"application/json"}, @@ -858,7 +851,7 @@ func (r *downloadRequest) fetchRemoteFile( var reader io.Reader var parseErr error if isAuthed { - parseErr, contentLength, reader = parseMultipartResponse(r, resp, maxFileSizeBytes) + contentLength, reader, parseErr = parseMultipartResponse(r, resp, maxFileSizeBytes) } else { // The reader returned here will be limited either by the Content-Length // and/or the configured maximum media size. @@ -928,48 +921,48 @@ func (r *downloadRequest) fetchRemoteFile( return types.Path(finalPath), duplicate, nil } -func parseMultipartResponse(r *downloadRequest, resp *http.Response, maxFileSizeBytes config.FileSizeBytes) (error, int64, io.Reader) { +func parseMultipartResponse(r *downloadRequest, resp *http.Response, maxFileSizeBytes config.FileSizeBytes) (int64, io.Reader, error) { _, params, err := mime.ParseMediaType(resp.Header.Get("Content-Type")) if err != nil { - return err, 0, nil + return 0, nil, err } if params["boundary"] == "" { - return fmt.Errorf("no boundary header found on media %s from %s", r.MediaMetadata.MediaID, r.MediaMetadata.Origin), 0, nil + return 0, nil, fmt.Errorf("no boundary header found on media %s from %s", r.MediaMetadata.MediaID, r.MediaMetadata.Origin) } mr := multipart.NewReader(resp.Body, params["boundary"]) // Get the first, JSON, part p, err := mr.NextPart() if err != nil { - return err, 0, nil + return 0, nil, err } defer p.Close() // nolint: errcheck if p.Header.Get("Content-Type") != "application/json" { - return fmt.Errorf("first part of the response must be application/json"), 0, nil + return 0, nil, fmt.Errorf("first part of the response must be application/json") } // Try to parse media meta information meta := mediaMeta{} if err = json.NewDecoder(p).Decode(&meta); err != nil { - return err, 0, nil + return 0, nil, err } defer p.Close() // nolint: errcheck // Get the actual media content p, err = mr.NextPart() if err != nil { - return err, 0, nil + return 0, nil, err } redirect := p.Header.Get("Location") if redirect != "" { - return fmt.Errorf("Location header is not yet supported"), 0, nil + return 0, nil, fmt.Errorf("Location header is not yet supported") } contentLength, reader, err := r.GetContentLengthAndReader(p.Header.Get("Content-Length"), p, maxFileSizeBytes) // For multipart requests, we need to get the Content-Type of the second part, which is the actual media r.MediaMetadata.ContentType = types.ContentType(p.Header.Get("Content-Type")) - return err, contentLength, reader + return contentLength, reader, err } // contentDispositionFor returns the Content-Disposition for a given diff --git a/mediaapi/routing/download_test.go b/mediaapi/routing/download_test.go index 11368919a..9654b7474 100644 --- a/mediaapi/routing/download_test.go +++ b/mediaapi/routing/download_test.go @@ -35,7 +35,7 @@ func Test_Multipart(t *testing.T) { assert.NoError(t, err) defer resp.Body.Close() // contentLength is always 0, since there's no Content-Length header on the multipart part. - err, _, reader := parseMultipartResponse(r, resp, 1000) + _, reader, err := parseMultipartResponse(r, resp, 1000) assert.NoError(t, err) gotResponse, err := io.ReadAll(reader) assert.NoError(t, err) From 763c79f1421200c3fd74401fd68298bc00ecefbc Mon Sep 17 00:00:00 2001 From: Till <2353100+S7evinK@users.noreply.github.com> Date: Fri, 13 Sep 2024 15:06:07 +0200 Subject: [PATCH 02/11] Version 0.13.8 (#3421) --- CHANGES.md | 24 +++++++++++++++++++++--- helm/dendrite/Chart.yaml | 4 ++-- helm/dendrite/README.md | 4 +--- internal/version.go | 2 +- 4 files changed, 25 insertions(+), 9 deletions(-) diff --git a/CHANGES.md b/CHANGES.md index 240b0ceec..c2c1a73f7 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -1,10 +1,28 @@ # Changelog -## Dendrite 0.xx.x +## Dendrite 0.13.8 (2024-09-13) -### Other +### Features - - Bump required Go version to 1.21 + - The required Go version to build Dendrite is now 1.21 + - Support for authenticated media ([MSC3916](https://github.com/matrix-org/matrix-spec-proposals/pull/3916)) has been added + - NATS can now connect to servers requiring authentication (contributed by [paigeadelethompson](https://github.com/paigeadelethompson)) + - Updated dependencies + - Internal NATS Server has been updated from v2.10.7 to v2.10.20 (contributed by [neilalexander](https://github.com/neilalexander)) + +### Fixes + + - Fix parsing `?ts` query param (contributed by [tulir](https://github.com/tulir)) + - Don't query the database if we could fetch all keys from cache + - Fix media DB potentially leaking connections + - Fixed a bug where we would return that an account exists if we encountered an unhandled error case + - Fixed an issues where edited message could appear twice in search results (contributed by [adnull](https://github.com/adnull)) + - Outgoing threepid HTTP requests now correctly close the returned body (contributed by [ testwill](https://github.com/testwill)) + - Presence conflicts are handled better, reducing the amount of outgoing federation requests (contributed by [jjj333-p](https://github.com/jjj333-p)) + - Internal NATS now uses `SyncAlways` which should improve resilience against crashes (contributed by [neilalexander](https://github.com/neilalexander)) + - Whitespaces in the `X-Matrix` header are now handled correctly + - `/.well-known/matrix/server` lookups now timeout after 30 seconds + - Purging rooms has seen a huge speed-up ## Dendrite 0.13.7 (2024-04-09) diff --git a/helm/dendrite/Chart.yaml b/helm/dendrite/Chart.yaml index a4088872e..80c618822 100644 --- a/helm/dendrite/Chart.yaml +++ b/helm/dendrite/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 name: dendrite -version: "0.14.1" -appVersion: "0.13.7" +version: "0.14.2" +appVersion: "0.13.8" description: Dendrite Matrix Homeserver type: application icon: https://avatars.githubusercontent.com/u/8418310?s=48&v=4 diff --git a/helm/dendrite/README.md b/helm/dendrite/README.md index 9259c7903..6595a11fc 100644 --- a/helm/dendrite/README.md +++ b/helm/dendrite/README.md @@ -1,7 +1,7 @@ # dendrite -![Version: 0.14.0](https://img.shields.io/badge/Version-0.14.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.13.7](https://img.shields.io/badge/AppVersion-0.13.7-informational?style=flat-square) +![Version: 0.14.2](https://img.shields.io/badge/Version-0.14.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.13.8](https://img.shields.io/badge/AppVersion-0.13.8-informational?style=flat-square) Dendrite Matrix Homeserver Status: **NOT PRODUCTION READY** @@ -189,5 +189,3 @@ grafana: ``` PS: The label `release=kube-prometheus-stack` is setup with the helmchart of the Prometheus Operator. For Grafana Dashboards it may be necessary to enable scanning in the correct namespaces (or ALL), enabled by `sidecar.dashboards.searchNamespace` in [Helmchart of grafana](https://artifacthub.io/packages/helm/grafana/grafana) (which is part of PrometheusOperator, so `grafana.sidecar.dashboards.searchNamespace`) ----------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.13.1](https://github.com/norwoodj/helm-docs/releases/v1.13.1) \ No newline at end of file diff --git a/internal/version.go b/internal/version.go index 8616b82af..e5ff5af8e 100644 --- a/internal/version.go +++ b/internal/version.go @@ -18,7 +18,7 @@ var build string const ( VersionMajor = 0 VersionMinor = 13 - VersionPatch = 7 + VersionPatch = 8 VersionTag = "" // example: "rc1" gitRevLen = 7 // 7 matches the displayed characters on github.com From aa8d10a62d485f02bc5ff2f5543121489dd8449e Mon Sep 17 00:00:00 2001 From: Rhea Danzey Date: Wed, 18 Sep 2024 02:16:33 -0500 Subject: [PATCH 03/11] Pinecone test image - Explicitly select Alpine golang image (#3426) I've noticed when trying to build the Dendrite Pinecone test image, the build fails due to `apk` not being available: image Checking out the [Docker Hub](https://hub.docker.com/_/golang/) repo for the `golang` image it looks like this can resovle to `1.22-bookworm`, so this should ensure we get an Alpine-based image for this build. ### Pull Request Checklist * [x] I have added Go unit tests or [Complement integration tests](https://github.com/matrix-org/complement) for this PR _or_ I have justified why this PR doesn't need tests * [x] Pull request includes a [sign off below using a legally identifiable name](https://matrix-org.github.io/dendrite/development/contributing#sign-off) _or_ I have already signed off privately Signed-off-by: `Rhea Danzey ` Signed-off-by: Rhea Danzey --- build/docker/Dockerfile.demo-pinecone | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build/docker/Dockerfile.demo-pinecone b/build/docker/Dockerfile.demo-pinecone index f295044fc..dc6b22d7d 100644 --- a/build/docker/Dockerfile.demo-pinecone +++ b/build/docker/Dockerfile.demo-pinecone @@ -1,4 +1,4 @@ -FROM docker.io/golang:1.22 AS base +FROM docker.io/golang:1.22-alpine AS base # # Needs to be separate from the main Dockerfile for OpenShift, From 3530d2997f9060ac713bc09738a97c32aca91712 Mon Sep 17 00:00:00 2001 From: Rhea Danzey Date: Wed, 18 Sep 2024 13:21:23 -0500 Subject: [PATCH 04/11] Ensure Helm packages generated end up in docs/ subpath that's hosted (#3427) I've noticed that Chart Releaser is behaving improperly, and not successfully putting the charts where gh-pages will hots them and generating invalid index. This change should ensure built charts end up in the `docs/` subpath, which should ensure that `gh-pages` branch isn't getting an invalid `index.yaml` and new charts should be automatically available. ### Pull Request Checklist * [x] I have added Go unit tests or [Complement integration tests](https://github.com/matrix-org/complement) for this PR _or_ I have justified why this PR doesn't need tests * [x] Pull request includes a [sign off below using a legally identifiable name](https://matrix-org.github.io/dendrite/development/contributing#sign-off) _or_ I have already signed off privately Signed-off-by: `Rhea Danzey ` --- helm/ct.yaml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/helm/ct.yaml b/helm/ct.yaml index af706fa3d..8b5aaa875 100644 --- a/helm/ct.yaml +++ b/helm/ct.yaml @@ -4,4 +4,6 @@ chart-repos: - bitnami=https://charts.bitnami.com/bitnami chart-dirs: - helm -validate-maintainers: false \ No newline at end of file +validate-maintainers: false +# this should ensure the tarballs are in the appropriate location for GH pages, rather than repo root +package-path: docs/ \ No newline at end of file From 152626c87e419a9b345a91f390f999212f420ff2 Mon Sep 17 00:00:00 2001 From: Rhea Danzey Date: Wed, 18 Sep 2024 13:22:18 -0500 Subject: [PATCH 05/11] Helm chart - Add configuration for image pull secrets (#3428) This minor change should allow the use of private container images with this chart by specifying image pull secrets. ### Pull Request Checklist * [x] I have added Go unit tests or [Complement integration tests](https://github.com/matrix-org/complement) for this PR _or_ I have justified why this PR doesn't need tests * [x] Pull request includes a [sign off below using a legally identifiable name](https://matrix-org.github.io/dendrite/development/contributing#sign-off) _or_ I have already signed off privately Signed-off-by: `Rhea Danzey ` --------- Signed-off-by: Rhea Danzey --- helm/dendrite/Chart.yaml | 2 +- helm/dendrite/templates/deployment.yaml | 4 ++++ helm/dendrite/values.yaml | 4 ++++ 3 files changed, 9 insertions(+), 1 deletion(-) diff --git a/helm/dendrite/Chart.yaml b/helm/dendrite/Chart.yaml index 80c618822..2ed0d17e0 100644 --- a/helm/dendrite/Chart.yaml +++ b/helm/dendrite/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: dendrite -version: "0.14.2" +version: "0.14.3" appVersion: "0.13.8" description: Dendrite Matrix Homeserver type: application diff --git a/helm/dendrite/templates/deployment.yaml b/helm/dendrite/templates/deployment.yaml index e3f84cdae..6496b2692 100644 --- a/helm/dendrite/templates/deployment.yaml +++ b/helm/dendrite/templates/deployment.yaml @@ -110,3 +110,7 @@ spec: httpGet: path: /_dendrite/monitor/up port: http + imagePullSecrets: + {{- with .Values.imagePullSecrets }} + {{ . | toYaml | nindent 6 }} + {{- end }} \ No newline at end of file diff --git a/helm/dendrite/values.yaml b/helm/dendrite/values.yaml index 6c5abc90e..f9d82965a 100644 --- a/helm/dendrite/values.yaml +++ b/helm/dendrite/values.yaml @@ -6,6 +6,10 @@ image: # -- Overrides the image tag whose default is the chart appVersion. tag: "" +# -- Configure image pull secrets to use private container registry +# https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/#create-a-pod-that-uses-your-secret +imagePullSecrets: [] +# - name: your-pull-secret-name # signing key to use signing_key: From 40dd2c0400cfc6534072ca7d9839539872b013ad Mon Sep 17 00:00:00 2001 From: Rhea Danzey Date: Wed, 18 Sep 2024 14:41:22 -0500 Subject: [PATCH 06/11] Use chart-releaser-action tag v1.6.0 (#3429) Context: https://github.com/matrix-org/dendrite/pull/3427#issuecomment-2359139622 Try tagged version of chart-releaser-action now that mark_latest option is available ### Pull Request Checklist * [x] I have added Go unit tests or [Complement integration tests](https://github.com/matrix-org/complement) for this PR _or_ I have justified why this PR doesn't need tests * [x] Pull request includes a [sign off below using a legally identifiable name](https://matrix-org.github.io/dendrite/development/contributing#sign-off) _or_ I have already signed off privately Signed-off-by: `Rhea Danzey ` --- .github/workflows/helm.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/helm.yml b/.github/workflows/helm.yml index d4772e106..10eb7c020 100644 --- a/.github/workflows/helm.yml +++ b/.github/workflows/helm.yml @@ -32,7 +32,7 @@ jobs: version: v3.10.0 - name: Run chart-releaser - uses: helm/chart-releaser-action@ed43eb303604cbc0eeec8390544f7748dc6c790d # specific commit, since `mark_as_latest` is not yet in a release + uses: helm/chart-releaser-action@v1.6.0 env: CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}" with: From f2db7cbcb80fa8f9f0e2757c39a9255da7da9985 Mon Sep 17 00:00:00 2001 From: Till Faelligen <2353100+S7evinK@users.noreply.github.com> Date: Wed, 18 Sep 2024 21:46:33 +0200 Subject: [PATCH 07/11] Bump version to trigger CI --- helm/dendrite/Chart.yaml | 2 +- helm/dendrite/README.md | 5 ++++- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/helm/dendrite/Chart.yaml b/helm/dendrite/Chart.yaml index 2ed0d17e0..915d8af54 100644 --- a/helm/dendrite/Chart.yaml +++ b/helm/dendrite/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: dendrite -version: "0.14.3" +version: "0.14.4" appVersion: "0.13.8" description: Dendrite Matrix Homeserver type: application diff --git a/helm/dendrite/README.md b/helm/dendrite/README.md index 6595a11fc..a5b03aa85 100644 --- a/helm/dendrite/README.md +++ b/helm/dendrite/README.md @@ -1,7 +1,7 @@ # dendrite -![Version: 0.14.2](https://img.shields.io/badge/Version-0.14.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.13.8](https://img.shields.io/badge/AppVersion-0.13.8-informational?style=flat-square) +![Version: 0.14.4](https://img.shields.io/badge/Version-0.14.4-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.13.8](https://img.shields.io/badge/AppVersion-0.13.8-informational?style=flat-square) Dendrite Matrix Homeserver Status: **NOT PRODUCTION READY** @@ -45,6 +45,7 @@ Create a folder `appservices` and place your configurations in there. The confi | image.repository | string | `"ghcr.io/matrix-org/dendrite-monolith"` | Docker repository/image to use | | image.pullPolicy | string | `"IfNotPresent"` | Kubernetes pullPolicy | | image.tag | string | `""` | Overrides the image tag whose default is the chart appVersion. | +| imagePullSecrets | list | `[]` | Configure image pull secrets to use private container registry https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/#create-a-pod-that-uses-your-secret | | signing_key.create | bool | `true` | Create a new signing key, if not exists | | signing_key.existingSecret | string | `""` | Use an existing secret | | resources | object | sets some sane default values | Default resource requests/limits. | @@ -189,3 +190,5 @@ grafana: ``` PS: The label `release=kube-prometheus-stack` is setup with the helmchart of the Prometheus Operator. For Grafana Dashboards it may be necessary to enable scanning in the correct namespaces (or ALL), enabled by `sidecar.dashboards.searchNamespace` in [Helmchart of grafana](https://artifacthub.io/packages/helm/grafana/grafana) (which is part of PrometheusOperator, so `grafana.sidecar.dashboards.searchNamespace`) +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2) \ No newline at end of file From c914f062e6ec9891a2a03d9ab54a28007bafa3a8 Mon Sep 17 00:00:00 2001 From: Rhea Danzey Date: Fri, 20 Sep 2024 00:44:50 -0500 Subject: [PATCH 08/11] Helm chart - Fix image pull secrets for signing-key job (#3430) Forgotten in https://github.com/matrix-org/dendrite/pull/3428 - Pull secrets need to be used for signing-key job since it uses Dendrite container as well ### Pull Request Checklist * [x] I have added Go unit tests or [Complement integration tests](https://github.com/matrix-org/complement) for this PR _or_ I have justified why this PR doesn't need tests * [x] Pull request includes a [sign off below using a legally identifiable name](https://matrix-org.github.io/dendrite/development/contributing#sign-off) _or_ I have already signed off privately Signed-off-by: `Rhea Danzey ` --------- Signed-off-by: Rhea Danzey --- helm/dendrite/Chart.yaml | 2 +- helm/dendrite/templates/jobs.yaml | 4 ++++ 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/helm/dendrite/Chart.yaml b/helm/dendrite/Chart.yaml index 915d8af54..7893f9bdc 100644 --- a/helm/dendrite/Chart.yaml +++ b/helm/dendrite/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: dendrite -version: "0.14.4" +version: "0.14.5" appVersion: "0.13.8" description: Dendrite Matrix Homeserver type: application diff --git a/helm/dendrite/templates/jobs.yaml b/helm/dendrite/templates/jobs.yaml index c10f358b0..42582d749 100644 --- a/helm/dendrite/templates/jobs.yaml +++ b/helm/dendrite/templates/jobs.yaml @@ -54,6 +54,10 @@ metadata: spec: template: spec: + imagePullSecrets: + {{- with .Values.imagePullSecrets }} + {{ . | toYaml | nindent 6 }} + {{- end }} restartPolicy: "Never" serviceAccount: {{ $name }} containers: From 07e59d0ba908f02ca81a3cd4f08d56a816614c78 Mon Sep 17 00:00:00 2001 From: Rhea Danzey Date: Fri, 20 Sep 2024 13:56:27 -0500 Subject: [PATCH 09/11] =?UTF-8?q?Helm=20Chart=20-=20Add=20configuration=20?= =?UTF-8?q?for=20node=20selector=20/=20tolerations=20/=20affi=E2=80=A6=20(?= =?UTF-8?q?#3433)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit For some experimentation I'm doing, I need to pin Dendrite to a specific node pool. This should be available configuration within the chart ideally, and this should do it in theory. ### Pull Request Checklist * [x] I have added Go unit tests or [Complement integration tests](https://github.com/matrix-org/complement) for this PR _or_ I have justified why this PR doesn't need tests * [x] Pull request includes a [sign off below using a legally identifiable name](https://matrix-org.github.io/dendrite/development/contributing#sign-off) _or_ I have already signed off privately Signed-off-by: `Rhea Danzey ` --------- Signed-off-by: Rhea Danzey --- helm/dendrite/Chart.yaml | 2 +- helm/dendrite/templates/deployment.yaml | 15 +++++++++++++++ helm/dendrite/templates/jobs.yaml | 12 ++++++++++++ helm/dendrite/values.yaml | 12 ++++++++++++ 4 files changed, 40 insertions(+), 1 deletion(-) diff --git a/helm/dendrite/Chart.yaml b/helm/dendrite/Chart.yaml index 7893f9bdc..9613b5045 100644 --- a/helm/dendrite/Chart.yaml +++ b/helm/dendrite/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: dendrite -version: "0.14.5" +version: "0.14.6" appVersion: "0.13.8" description: Dendrite Matrix Homeserver type: application diff --git a/helm/dendrite/templates/deployment.yaml b/helm/dendrite/templates/deployment.yaml index 6496b2692..3952f4a7c 100644 --- a/helm/dendrite/templates/deployment.yaml +++ b/helm/dendrite/templates/deployment.yaml @@ -56,6 +56,9 @@ spec: args: - '--config' - '/etc/dendrite/dendrite.yaml' + {{- with .Values.extraArgs }} + {{- toYaml . | nindent 10 }} + {{- end }} ports: - name: http containerPort: 8008 @@ -113,4 +116,16 @@ spec: imagePullSecrets: {{- with .Values.imagePullSecrets }} {{ . | toYaml | nindent 6 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} {{- end }} \ No newline at end of file diff --git a/helm/dendrite/templates/jobs.yaml b/helm/dendrite/templates/jobs.yaml index 42582d749..7f96f2695 100644 --- a/helm/dendrite/templates/jobs.yaml +++ b/helm/dendrite/templates/jobs.yaml @@ -98,6 +98,18 @@ spec: volumes: - name: signing-key emptyDir: {} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} parallelism: 1 completions: 1 backoffLimit: 1 diff --git a/helm/dendrite/values.yaml b/helm/dendrite/values.yaml index f9d82965a..02cd1aa13 100644 --- a/helm/dendrite/values.yaml +++ b/helm/dendrite/values.yaml @@ -77,6 +77,9 @@ persistence: # GKE, AWS & OpenStack) storageClass: +# -- Add additional arguments to the dendrite command +extraArgs: [] + # -- Add additional volumes to the Dendrite Pod extraVolumes: [] # ex. @@ -100,6 +103,15 @@ strategy: # -- Maximum number of pods that can be scheduled above the desired number of pods maxSurge: 25% +# -- Node selector configuration +nodeSelector: {} + +# -- Tolerations configuration +tolerations: {} + +# -- Affinity configuration +affinity: {} + dendrite_config: version: 2 global: From df770dae0aa823e2dcba7c6d8682da60c679dfde Mon Sep 17 00:00:00 2001 From: arenekosreal <17194552+arenekosreal@users.noreply.github.com> Date: Sun, 22 Sep 2024 16:33:54 +0800 Subject: [PATCH 10/11] Make OPTIONS method on MSC3916 endpoints available without auth (#3431) OPTIONS method is usually sent by browser in preflight requests, most of the time we cannot control preflight request to add auth header. Synapse will return a 204 response directly without authentication for those OPTIONS method. According to firefox's documentation, both 200 and 204 are acceptable so I think there is no need to change handler in dendrite. This closes https://github.com/matrix-org/dendrite/issues/3424 No need to add a test because this is just a fix and I have tested on my Cinny Web client personally. ### Pull Request Checklist * [x] I have added Go unit tests or [Complement integration tests](https://github.com/matrix-org/complement) for this PR _or_ I have justified why this PR doesn't need tests * [x] Pull request includes a [sign off below using a legally identifiable name](https://matrix-org.github.io/dendrite/development/contributing#sign-off) _or_ I have already signed off privately Signed-off-by: `arenekosreal <17194552+arenekosreal@users.noreply.github.com>` Signed-off-by: arenekosreal <17194552+arenekosreal@users.noreply.github.com> --- internal/httputil/httpapi.go | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/internal/httputil/httpapi.go b/internal/httputil/httpapi.go index 0559fbb72..034f19f1f 100644 --- a/internal/httputil/httpapi.go +++ b/internal/httputil/httpapi.go @@ -210,6 +210,12 @@ func MakeExternalAPI(metricsName string, f func(*http.Request) util.JSONResponse // This is used to serve HTML alongside JSON error messages func MakeHTTPAPI(metricsName string, userAPI userapi.QueryAcccessTokenAPI, enableMetrics bool, f func(http.ResponseWriter, *http.Request), checks ...AuthAPIOption) http.Handler { withSpan := func(w http.ResponseWriter, req *http.Request) { + if req.Method == http.MethodOptions { + util.SetCORSHeaders(w) + w.WriteHeader(http.StatusOK) // Maybe http.StatusNoContent? + return + } + trace, ctx := internal.StartTask(req.Context(), metricsName) defer trace.EndTask() req = req.WithContext(ctx) From 6cd1285ca0276bebd407110c37031bc4622f0b79 Mon Sep 17 00:00:00 2001 From: idk Date: Mon, 23 Sep 2024 13:28:28 -0400 Subject: [PATCH 11/11] Adds support for listening on and connecting to I2P and Onion services securely (#3293) This PR adds 2 `dendrite-demo` main's, each designed expressly to serve a Hidden Service/Overlay network. The first, `dendrite-demo-i2p` add self-configuration for use of dendrite as an I2P hidden service(eepsite) and to connect to I2P services(federate) as an I2P client. It further disables the `dendrite` server from communicating with non-anonymous servers by federation(because I2P does not canonically have the ability to exit, we rely on donors for exit traffic), and enables the use of self-signed TLS certificates([because I2P services are self-authenticating but TLS is still required for other aspects of the system to work reliably](https://tor.stackexchange.com/questions/13887/registering-onion-with-certificate-authority)). This demo turns the system into an "pseudonymous" homeserver which people can connect to using an I2P-enabled Matrix client(I like `cinny` and it's what I tested with). The second, `dendrite-demo-tor` adds self-configuration for the use of dendrite as an Onion service and to connect to other onion services and non-anonymous web sites using Tor to obfuscate it's physical location and providing, optionally, pseudonymity. It also enables the use of self-signed TLS certificates, for the same reason as with I2P, because onion services aren't typically eligible for TLS certificates. It has also been tested with `cinny`. These services are both pseudonymous like myself, not anonymous. I will be meeting members of the element team at the CCC assembly shortly to discuss contributing under my pseudonym. As none of the other `dendrite-demo` have unit tests I did not add them to these checkins. * [*] I have added Go unit tests or [Complement integration tests](https://github.com/matrix-org/complement) for this PR _or_ I have justified why this PR doesn't need tests --------- Co-authored-by: eyedeekay Co-authored-by: Till Faelligen <2353100+S7evinK@users.noreply.github.com> --- contrib/dendrite-demo-i2p/main.go | 185 ++++++++++++++ contrib/dendrite-demo-i2p/main_i2p.go | 233 ++++++++++++++++++ contrib/dendrite-demo-i2p/main_test.go | 50 ++++ contrib/dendrite-demo-i2p/static/index.gotmpl | 63 +++++ contrib/dendrite-demo-tor/main.go | 180 ++++++++++++++ contrib/dendrite-demo-tor/main_test.go | 50 ++++ contrib/dendrite-demo-tor/main_tor.go | 215 ++++++++++++++++ contrib/dendrite-demo-tor/static/index.gotmpl | 63 +++++ go.mod | 17 +- go.sum | 54 +++- setup/base/base.go | 2 +- 11 files changed, 1093 insertions(+), 19 deletions(-) create mode 100644 contrib/dendrite-demo-i2p/main.go create mode 100644 contrib/dendrite-demo-i2p/main_i2p.go create mode 100644 contrib/dendrite-demo-i2p/main_test.go create mode 100644 contrib/dendrite-demo-i2p/static/index.gotmpl create mode 100644 contrib/dendrite-demo-tor/main.go create mode 100644 contrib/dendrite-demo-tor/main_test.go create mode 100644 contrib/dendrite-demo-tor/main_tor.go create mode 100644 contrib/dendrite-demo-tor/static/index.gotmpl diff --git a/contrib/dendrite-demo-i2p/main.go b/contrib/dendrite-demo-i2p/main.go new file mode 100644 index 000000000..92cfab49a --- /dev/null +++ b/contrib/dendrite-demo-i2p/main.go @@ -0,0 +1,185 @@ +// Copyright 2017 Vector Creations Ltd +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package main + +import ( + "flag" + "os" + "time" + + "github.com/getsentry/sentry-go" + "github.com/matrix-org/dendrite/internal" + "github.com/matrix-org/dendrite/internal/caching" + "github.com/matrix-org/dendrite/internal/httputil" + "github.com/matrix-org/dendrite/internal/sqlutil" + "github.com/matrix-org/dendrite/setup/jetstream" + "github.com/matrix-org/dendrite/setup/process" + "github.com/matrix-org/gomatrixserverlib/fclient" + "github.com/prometheus/client_golang/prometheus" + "github.com/sirupsen/logrus" + + "github.com/matrix-org/dendrite/appservice" + "github.com/matrix-org/dendrite/federationapi" + "github.com/matrix-org/dendrite/roomserver" + "github.com/matrix-org/dendrite/setup" + basepkg "github.com/matrix-org/dendrite/setup/base" + "github.com/matrix-org/dendrite/setup/config" + "github.com/matrix-org/dendrite/setup/mscs" + "github.com/matrix-org/dendrite/userapi" +) + +var ( + samAddr = flag.String("samaddr", "127.0.0.1:7656", "Address to connect to the I2P SAMv3 API") + _, skip = os.LookupEnv("CI") +) + +func main() { + cfg := setup.ParseFlags(true) + if skip { + return + } + + configErrors := &config.ConfigErrors{} + cfg.Verify(configErrors) + if len(*configErrors) > 0 { + for _, err := range *configErrors { + logrus.Errorf("Configuration error: %s", err) + } + logrus.Fatalf("Failed to start due to configuration errors") + } + processCtx := process.NewProcessContext() + + internal.SetupStdLogging() + internal.SetupHookLogging(cfg.Logging) + internal.SetupPprof() + + basepkg.PlatformSanityChecks() + + logrus.Infof("Dendrite version %s", internal.VersionString()) + if !cfg.ClientAPI.RegistrationDisabled && cfg.ClientAPI.OpenRegistrationWithoutVerificationEnabled { + logrus.Warn("Open registration is enabled") + } + + // create DNS cache + var dnsCache *fclient.DNSCache + if cfg.Global.DNSCache.Enabled { + dnsCache = fclient.NewDNSCache( + cfg.Global.DNSCache.CacheSize, + cfg.Global.DNSCache.CacheLifetime, + ) + logrus.Infof( + "DNS cache enabled (size %d, lifetime %s)", + cfg.Global.DNSCache.CacheSize, + cfg.Global.DNSCache.CacheLifetime, + ) + } + + // setup tracing + closer, err := cfg.SetupTracing() + if err != nil { + logrus.WithError(err).Panicf("failed to start opentracing") + } + defer closer.Close() // nolint: errcheck + + // setup sentry + if cfg.Global.Sentry.Enabled { + logrus.Info("Setting up Sentry for debugging...") + err = sentry.Init(sentry.ClientOptions{ + Dsn: cfg.Global.Sentry.DSN, + Environment: cfg.Global.Sentry.Environment, + Debug: true, + ServerName: string(cfg.Global.ServerName), + Release: "dendrite@" + internal.VersionString(), + AttachStacktrace: true, + }) + if err != nil { + logrus.WithError(err).Panic("failed to start Sentry") + } + go func() { + processCtx.ComponentStarted() + <-processCtx.WaitForShutdown() + if !sentry.Flush(time.Second * 5) { + logrus.Warnf("failed to flush all Sentry events!") + } + processCtx.ComponentFinished() + }() + } + + federationClient := basepkg.CreateFederationClient(cfg, dnsCache) + httpClient := basepkg.CreateClient(cfg, dnsCache) + + // prepare required dependencies + cm := sqlutil.NewConnectionManager(processCtx, cfg.Global.DatabaseOptions) + routers := httputil.NewRouters() + + caches := caching.NewRistrettoCache(cfg.Global.Cache.EstimatedMaxSize, cfg.Global.Cache.MaxAge, caching.EnableMetrics) + natsInstance := jetstream.NATSInstance{} + rsAPI := roomserver.NewInternalAPI(processCtx, cfg, cm, &natsInstance, caches, caching.EnableMetrics) + fsAPI := federationapi.NewInternalAPI( + processCtx, cfg, cm, &natsInstance, federationClient, rsAPI, caches, nil, false, + ) + + keyRing := fsAPI.KeyRing() + + // The underlying roomserver implementation needs to be able to call the fedsender. + // This is different to rsAPI which can be the http client which doesn't need this + // dependency. Other components also need updating after their dependencies are up. + rsAPI.SetFederationAPI(fsAPI, keyRing) + + userAPI := userapi.NewInternalAPI(processCtx, cfg, cm, &natsInstance, rsAPI, federationClient, caching.EnableMetrics, fsAPI.IsBlacklistedOrBackingOff) + asAPI := appservice.NewInternalAPI(processCtx, cfg, &natsInstance, userAPI, rsAPI) + + rsAPI.SetAppserviceAPI(asAPI) + rsAPI.SetUserAPI(userAPI) + + monolith := setup.Monolith{ + Config: cfg, + Client: httpClient, + FedClient: federationClient, + KeyRing: keyRing, + + AppserviceAPI: asAPI, + // always use the concrete impl here even in -http mode because adding public routes + // must be done on the concrete impl not an HTTP client else fedapi will call itself + FederationAPI: fsAPI, + RoomserverAPI: rsAPI, + UserAPI: userAPI, + } + monolith.AddAllPublicRoutes(processCtx, cfg, routers, cm, &natsInstance, caches, caching.EnableMetrics) + + if len(cfg.MSCs.MSCs) > 0 { + if err := mscs.Enable(cfg, cm, routers, &monolith, caches); err != nil { + logrus.WithError(err).Fatalf("Failed to enable MSCs") + } + } + + upCounter := prometheus.NewCounter(prometheus.CounterOpts{ + Namespace: "dendrite", + Name: "up", + ConstLabels: map[string]string{ + "version": internal.VersionString(), + }, + }) + upCounter.Add(1) + prometheus.MustRegister(upCounter) + + // Expose the matrix APIs directly rather than putting them under a /api path. + go func() { + SetupAndServeHTTPS(processCtx, cfg, routers) //, httpsAddr, nil, nil) + }() + + // We want to block forever to let the HTTP and HTTPS handler serve the APIs + basepkg.WaitForShutdown(processCtx) +} diff --git a/contrib/dendrite-demo-i2p/main_i2p.go b/contrib/dendrite-demo-i2p/main_i2p.go new file mode 100644 index 000000000..72fed656e --- /dev/null +++ b/contrib/dendrite-demo-i2p/main_i2p.go @@ -0,0 +1,233 @@ +// Copyright 2017 Vector Creations Ltd +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package main + +import ( + "bytes" + "context" + "crypto/tls" + "embed" + "net" + "net/http" + "net/url" + "strings" + "sync/atomic" + "text/template" + + "github.com/cretz/bine/tor" + "github.com/eyedeekay/goSam" + "github.com/eyedeekay/onramp" + sentryhttp "github.com/getsentry/sentry-go/http" + "github.com/gorilla/mux" + "github.com/kardianos/minwinsvc" + "github.com/matrix-org/dendrite/internal" + "github.com/matrix-org/dendrite/internal/httputil" + "github.com/matrix-org/dendrite/setup/process" + "github.com/prometheus/client_golang/prometheus/promhttp" + "github.com/sirupsen/logrus" + + basepkg "github.com/matrix-org/dendrite/setup/base" + "github.com/matrix-org/dendrite/setup/config" +) + +func client() (*goSam.Client, error) { + if skip { + return nil, nil + } + return goSam.NewClient(*samAddr) +} + +var sam, samError = client() + +func start() (*tor.Tor, error) { + if skip { + return nil, nil + } + return tor.Start(context.Background(), nil) +} + +func dialer() (*tor.Dialer, error) { + if skip { + return nil, nil + } + return t.Dialer(context.TODO(), nil) +} + +var ( + t, terr = start() + tdialer, tderr = dialer() +) + +// Dial a network connection to an I2P server or a unix socket. Use Tor, or Fail for clearnet addresses. +func DialContext(ctx context.Context, network, addr string) (net.Conn, error) { + if samError != nil { + return nil, samError + } + if network == "unix" { + return net.Dial(network, addr) + } + + // convert the addr to a full URL + url, err := url.Parse(addr) + if err != nil { + return nil, err + } + if strings.HasSuffix(url.Host, ".i2p") { + return sam.DialContext(ctx, network, addr) + } + if terr != nil { + return nil, terr + } + if (tderr != nil) || (tdialer == nil) { + return nil, tderr + } + return tdialer.DialContext(ctx, network, addr) +} + +//go:embed static/*.gotmpl +var staticContent embed.FS + +// SetupAndServeHTTPS sets up the HTTPS server to serve client & federation APIs +// and adds a prometheus handler under /_dendrite/metrics. +func SetupAndServeHTTPS( + processContext *process.ProcessContext, + cfg *config.Dendrite, + routers httputil.Routers, +) { + // create a transport that uses SAM to dial TCP Connections + httpClient := &http.Client{ + Transport: &http.Transport{ + DialContext: DialContext, + TLSClientConfig: &tls.Config{ + InsecureSkipVerify: true, + }, + }, + } + + http.DefaultClient = httpClient + + garlic, err := onramp.NewGarlic("dendrite", *samAddr, onramp.OPT_HUGE) + if err != nil { + logrus.WithError(err).Fatal("failed to create garlic") + } + defer garlic.Close() // nolint: errcheck + listener, err := garlic.ListenTLS() + if err != nil { + logrus.WithError(err).Fatal("failed to serve HTTPS") + } + defer listener.Close() // nolint: errcheck + + externalHTTPSAddr := config.ServerAddress{} + https, err := config.HTTPAddress("https://" + listener.Addr().String()) + if err != nil { + logrus.WithError(err).Fatalf("Failed to parse http address") + } + externalHTTPSAddr = https + + externalRouter := mux.NewRouter().SkipClean(true).UseEncodedPath() + + externalServ := &http.Server{ + Addr: externalHTTPSAddr.Address, + WriteTimeout: basepkg.HTTPServerTimeout, + Handler: externalRouter, + BaseContext: func(_ net.Listener) context.Context { + return processContext.Context() + }, + } + + // Redirect for Landing Page + externalRouter.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) { + http.Redirect(w, r, httputil.PublicStaticPath, http.StatusFound) + }) + + if cfg.Global.Metrics.Enabled { + externalRouter.Handle("/metrics", httputil.WrapHandlerInBasicAuth(promhttp.Handler(), cfg.Global.Metrics.BasicAuth)) + } + + basepkg.ConfigureAdminEndpoints(processContext, routers) + + // Parse and execute the landing page template + tmpl := template.Must(template.ParseFS(staticContent, "static/*.gotmpl")) + landingPage := &bytes.Buffer{} + if err := tmpl.ExecuteTemplate(landingPage, "index.gotmpl", map[string]string{ + "Version": internal.VersionString(), + }); err != nil { + logrus.WithError(err).Fatal("failed to execute landing page template") + } + + routers.Static.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) { + _, _ = w.Write(landingPage.Bytes()) + }) + + var clientHandler http.Handler + clientHandler = routers.Client + if cfg.Global.Sentry.Enabled { + sentryHandler := sentryhttp.New(sentryhttp.Options{ + Repanic: true, + }) + clientHandler = sentryHandler.Handle(routers.Client) + } + var federationHandler http.Handler + federationHandler = routers.Federation + if cfg.Global.Sentry.Enabled { + sentryHandler := sentryhttp.New(sentryhttp.Options{ + Repanic: true, + }) + federationHandler = sentryHandler.Handle(routers.Federation) + } + externalRouter.PathPrefix(httputil.DendriteAdminPathPrefix).Handler(routers.DendriteAdmin) + externalRouter.PathPrefix(httputil.PublicClientPathPrefix).Handler(clientHandler) + if !cfg.Global.DisableFederation { + externalRouter.PathPrefix(httputil.PublicKeyPathPrefix).Handler(routers.Keys) + externalRouter.PathPrefix(httputil.PublicFederationPathPrefix).Handler(federationHandler) + } + externalRouter.PathPrefix(httputil.SynapseAdminPathPrefix).Handler(routers.SynapseAdmin) + externalRouter.PathPrefix(httputil.PublicMediaPathPrefix).Handler(routers.Media) + externalRouter.PathPrefix(httputil.PublicWellKnownPrefix).Handler(routers.WellKnown) + externalRouter.PathPrefix(httputil.PublicStaticPath).Handler(routers.Static) + + externalRouter.NotFoundHandler = httputil.NotFoundCORSHandler + externalRouter.MethodNotAllowedHandler = httputil.NotAllowedHandler + + if externalHTTPSAddr.Enabled() { + go func() { + var externalShutdown atomic.Bool // RegisterOnShutdown can be called more than once + logrus.Infof("Starting external listener on https://%s", externalServ.Addr) + processContext.ComponentStarted() + externalServ.RegisterOnShutdown(func() { + if externalShutdown.CompareAndSwap(false, true) { + processContext.ComponentFinished() + logrus.Infof("Stopped external HTTPS listener") + } + }) + addr := listener.Addr() + externalServ.Addr = addr.String() + if err := externalServ.Serve(listener); err != nil { + if err != http.ErrServerClosed { + logrus.WithError(err).Fatal("failed to serve HTTPS") + } + } + + logrus.Infof("Stopped external listener on %s", externalServ.Addr) + }() + } + + minwinsvc.SetOnExit(processContext.ShutdownDendrite) + <-processContext.WaitForShutdown() + + logrus.Infof("Stopping HTTPS listeners") + _ = externalServ.Shutdown(context.Background()) + logrus.Infof("Stopped HTTPS listeners") +} diff --git a/contrib/dendrite-demo-i2p/main_test.go b/contrib/dendrite-demo-i2p/main_test.go new file mode 100644 index 000000000..cc70ddba4 --- /dev/null +++ b/contrib/dendrite-demo-i2p/main_test.go @@ -0,0 +1,50 @@ +package main + +import ( + "os" + "os/signal" + "strings" + "syscall" + "testing" +) + +// This is an instrumented main, used when running integration tests (sytest) with code coverage. +// Compile: go test -c -race -cover -covermode=atomic -o monolith.debug -coverpkg "github.com/matrix-org/..." ./cmd/dendrite +// Run the monolith: ./monolith.debug -test.coverprofile=/somewhere/to/dump/integrationcover.out DEVEL --config dendrite.yaml +// Generate HTML with coverage: go tool cover -html=/somewhere/where/there/is/integrationcover.out -o cover.html +// Source: https://dzone.com/articles/measuring-integration-test-coverage-rate-in-pouchc +func TestMain(t *testing.T) { + var args []string + + for _, arg := range os.Args { + switch { + case strings.HasPrefix(arg, "DEVEL"): + case strings.HasPrefix(arg, "-test"): + default: + args = append(args, arg) + } + } + + // only run the tests if there are args to be passed + if len(args) <= 1 { + return + } + t.Log(args) + + waitCh := make(chan int, 1) + os.Args = args + go func() { + main() + close(waitCh) + }() + + signalCh := make(chan os.Signal, 1) + signal.Notify(signalCh, syscall.SIGINT, syscall.SIGQUIT, syscall.SIGTERM, syscall.SIGHUP) + + select { + case <-signalCh: + return + case <-waitCh: + return + } +} diff --git a/contrib/dendrite-demo-i2p/static/index.gotmpl b/contrib/dendrite-demo-i2p/static/index.gotmpl new file mode 100644 index 000000000..b3c5576eb --- /dev/null +++ b/contrib/dendrite-demo-i2p/static/index.gotmpl @@ -0,0 +1,63 @@ + + + + Dendrite is running + + + + +

It works! Dendrite {{ .Version }} is running

+

Your Dendrite server is listening on this port and is ready for messages.

+

To use this server you'll need a Matrix client. +

+

Welcome to the Matrix universe :)

+
+

+ + + matrix.org + + +

+ + diff --git a/contrib/dendrite-demo-tor/main.go b/contrib/dendrite-demo-tor/main.go new file mode 100644 index 000000000..f82d6d538 --- /dev/null +++ b/contrib/dendrite-demo-tor/main.go @@ -0,0 +1,180 @@ +// Copyright 2017 Vector Creations Ltd +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package main + +import ( + "os" + "time" + + "github.com/getsentry/sentry-go" + "github.com/matrix-org/dendrite/internal" + "github.com/matrix-org/dendrite/internal/caching" + "github.com/matrix-org/dendrite/internal/httputil" + "github.com/matrix-org/dendrite/internal/sqlutil" + "github.com/matrix-org/dendrite/setup/jetstream" + "github.com/matrix-org/dendrite/setup/process" + "github.com/matrix-org/gomatrixserverlib/fclient" + "github.com/prometheus/client_golang/prometheus" + "github.com/sirupsen/logrus" + + "github.com/matrix-org/dendrite/appservice" + "github.com/matrix-org/dendrite/federationapi" + "github.com/matrix-org/dendrite/roomserver" + "github.com/matrix-org/dendrite/setup" + basepkg "github.com/matrix-org/dendrite/setup/base" + "github.com/matrix-org/dendrite/setup/config" + "github.com/matrix-org/dendrite/setup/mscs" + "github.com/matrix-org/dendrite/userapi" +) + +var _, skip = os.LookupEnv("CI") + +func main() { + cfg := setup.ParseFlags(true) + if skip { + return + } + configErrors := &config.ConfigErrors{} + cfg.Verify(configErrors) + if len(*configErrors) > 0 { + for _, err := range *configErrors { + logrus.Errorf("Configuration error: %s", err) + } + logrus.Fatalf("Failed to start due to configuration errors") + } + processCtx := process.NewProcessContext() + + internal.SetupStdLogging() + internal.SetupHookLogging(cfg.Logging) + internal.SetupPprof() + + basepkg.PlatformSanityChecks() + + logrus.Infof("Dendrite version %s", internal.VersionString()) + if !cfg.ClientAPI.RegistrationDisabled && cfg.ClientAPI.OpenRegistrationWithoutVerificationEnabled { + logrus.Warn("Open registration is enabled") + } + + // create DNS cache + var dnsCache *fclient.DNSCache + if cfg.Global.DNSCache.Enabled { + dnsCache = fclient.NewDNSCache( + cfg.Global.DNSCache.CacheSize, + cfg.Global.DNSCache.CacheLifetime, + ) + logrus.Infof( + "DNS cache enabled (size %d, lifetime %s)", + cfg.Global.DNSCache.CacheSize, + cfg.Global.DNSCache.CacheLifetime, + ) + } + + // setup tracing + closer, err := cfg.SetupTracing() + if err != nil { + logrus.WithError(err).Panicf("failed to start opentracing") + } + defer closer.Close() // nolint: errcheck + + // setup sentry + if cfg.Global.Sentry.Enabled { + logrus.Info("Setting up Sentry for debugging...") + err = sentry.Init(sentry.ClientOptions{ + Dsn: cfg.Global.Sentry.DSN, + Environment: cfg.Global.Sentry.Environment, + Debug: true, + ServerName: string(cfg.Global.ServerName), + Release: "dendrite@" + internal.VersionString(), + AttachStacktrace: true, + }) + if err != nil { + logrus.WithError(err).Panic("failed to start Sentry") + } + go func() { + processCtx.ComponentStarted() + <-processCtx.WaitForShutdown() + if !sentry.Flush(time.Second * 5) { + logrus.Warnf("failed to flush all Sentry events!") + } + processCtx.ComponentFinished() + }() + } + + federationClient := basepkg.CreateFederationClient(cfg, dnsCache) + httpClient := basepkg.CreateClient(cfg, dnsCache) + + // prepare required dependencies + cm := sqlutil.NewConnectionManager(processCtx, cfg.Global.DatabaseOptions) + routers := httputil.NewRouters() + + caches := caching.NewRistrettoCache(cfg.Global.Cache.EstimatedMaxSize, cfg.Global.Cache.MaxAge, caching.EnableMetrics) + natsInstance := jetstream.NATSInstance{} + rsAPI := roomserver.NewInternalAPI(processCtx, cfg, cm, &natsInstance, caches, caching.EnableMetrics) + fsAPI := federationapi.NewInternalAPI( + processCtx, cfg, cm, &natsInstance, federationClient, rsAPI, caches, nil, false, + ) + + keyRing := fsAPI.KeyRing() + + // The underlying roomserver implementation needs to be able to call the fedsender. + // This is different to rsAPI which can be the http client which doesn't need this + // dependency. Other components also need updating after their dependencies are up. + rsAPI.SetFederationAPI(fsAPI, keyRing) + + userAPI := userapi.NewInternalAPI(processCtx, cfg, cm, &natsInstance, rsAPI, federationClient, caching.EnableMetrics, fsAPI.IsBlacklistedOrBackingOff) + asAPI := appservice.NewInternalAPI(processCtx, cfg, &natsInstance, userAPI, rsAPI) + + rsAPI.SetAppserviceAPI(asAPI) + rsAPI.SetUserAPI(userAPI) + + monolith := setup.Monolith{ + Config: cfg, + Client: httpClient, + FedClient: federationClient, + KeyRing: keyRing, + + AppserviceAPI: asAPI, + // always use the concrete impl here even in -http mode because adding public routes + // must be done on the concrete impl not an HTTP client else fedapi will call itself + FederationAPI: fsAPI, + RoomserverAPI: rsAPI, + UserAPI: userAPI, + } + monolith.AddAllPublicRoutes(processCtx, cfg, routers, cm, &natsInstance, caches, caching.EnableMetrics) + + if len(cfg.MSCs.MSCs) > 0 { + if err := mscs.Enable(cfg, cm, routers, &monolith, caches); err != nil { + logrus.WithError(err).Fatalf("Failed to enable MSCs") + } + } + + upCounter := prometheus.NewCounter(prometheus.CounterOpts{ + Namespace: "dendrite", + Name: "up", + ConstLabels: map[string]string{ + "version": internal.VersionString(), + }, + }) + upCounter.Add(1) + prometheus.MustRegister(upCounter) + + // Expose the matrix APIs directly rather than putting them under a /api path. + go func() { + SetupAndServeHTTPS(processCtx, cfg, routers) //, httpsAddr, nil, nil) + }() + + // We want to block forever to let the HTTP and HTTPS handler serve the APIs + basepkg.WaitForShutdown(processCtx) +} diff --git a/contrib/dendrite-demo-tor/main_test.go b/contrib/dendrite-demo-tor/main_test.go new file mode 100644 index 000000000..cc70ddba4 --- /dev/null +++ b/contrib/dendrite-demo-tor/main_test.go @@ -0,0 +1,50 @@ +package main + +import ( + "os" + "os/signal" + "strings" + "syscall" + "testing" +) + +// This is an instrumented main, used when running integration tests (sytest) with code coverage. +// Compile: go test -c -race -cover -covermode=atomic -o monolith.debug -coverpkg "github.com/matrix-org/..." ./cmd/dendrite +// Run the monolith: ./monolith.debug -test.coverprofile=/somewhere/to/dump/integrationcover.out DEVEL --config dendrite.yaml +// Generate HTML with coverage: go tool cover -html=/somewhere/where/there/is/integrationcover.out -o cover.html +// Source: https://dzone.com/articles/measuring-integration-test-coverage-rate-in-pouchc +func TestMain(t *testing.T) { + var args []string + + for _, arg := range os.Args { + switch { + case strings.HasPrefix(arg, "DEVEL"): + case strings.HasPrefix(arg, "-test"): + default: + args = append(args, arg) + } + } + + // only run the tests if there are args to be passed + if len(args) <= 1 { + return + } + t.Log(args) + + waitCh := make(chan int, 1) + os.Args = args + go func() { + main() + close(waitCh) + }() + + signalCh := make(chan os.Signal, 1) + signal.Notify(signalCh, syscall.SIGINT, syscall.SIGQUIT, syscall.SIGTERM, syscall.SIGHUP) + + select { + case <-signalCh: + return + case <-waitCh: + return + } +} diff --git a/contrib/dendrite-demo-tor/main_tor.go b/contrib/dendrite-demo-tor/main_tor.go new file mode 100644 index 000000000..8f889c41a --- /dev/null +++ b/contrib/dendrite-demo-tor/main_tor.go @@ -0,0 +1,215 @@ +// Copyright 2017 Vector Creations Ltd +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package main + +import ( + "bytes" + "context" + "crypto/tls" + "embed" + "net" + "net/http" + "net/url" + "sync/atomic" + "text/template" + + "github.com/cretz/bine/tor" + "github.com/eyedeekay/onramp" + sentryhttp "github.com/getsentry/sentry-go/http" + "github.com/gorilla/mux" + "github.com/kardianos/minwinsvc" + "github.com/matrix-org/dendrite/internal" + "github.com/matrix-org/dendrite/internal/httputil" + "github.com/matrix-org/dendrite/setup/process" + "github.com/prometheus/client_golang/prometheus/promhttp" + "github.com/sirupsen/logrus" + + basepkg "github.com/matrix-org/dendrite/setup/base" + "github.com/matrix-org/dendrite/setup/config" +) + +func start() (*tor.Tor, error) { + if skip { + return nil, nil + } + return tor.Start(context.Background(), nil) +} + +func dialer() (*tor.Dialer, error) { + if skip { + return nil, nil + } + return t.Dialer(context.TODO(), nil) +} + +var ( + t, terr = start() + tdialer, tderr = dialer() +) + +// Dial either a unix socket address, or connect to a remote address over Tor. Always uses Tor. +func DialContext(ctx context.Context, network, addr string) (net.Conn, error) { + if terr != nil { + return nil, terr + } + if (tderr != nil) || (tdialer == nil) { + return nil, tderr + } + if network == "unix" { + return net.Dial(network, addr) + } + // convert the addr to a full URL + url, err := url.Parse(addr) + if err != nil { + return nil, err + } + return tdialer.DialContext(ctx, network, url.Host) +} + +//go:embed static/*.gotmpl +var staticContent embed.FS + +// SetupAndServeHTTPS sets up the HTTPS server to serve client & federation APIs +// and adds a prometheus handler under /_dendrite/metrics. +func SetupAndServeHTTPS( + processContext *process.ProcessContext, + cfg *config.Dendrite, + routers httputil.Routers, +) { + // create a transport that uses SAM to dial TCP Connections + httpClient := &http.Client{ + Transport: &http.Transport{ + DialContext: DialContext, + TLSClientConfig: &tls.Config{ + InsecureSkipVerify: true, + }, + }, + } + + http.DefaultClient = httpClient + + onion, err := onramp.NewOnion("dendrite-onion") + if err != nil { + logrus.WithError(err).Fatal("failed to create onion") + } + defer onion.Close() // nolint: errcheck + listener, err := onion.ListenTLS() + if err != nil { + logrus.WithError(err).Fatal("failed to serve HTTPS") + } + defer listener.Close() // nolint: errcheck + + externalHTTPSAddr := config.ServerAddress{} + https, err := config.HTTPAddress("https://" + listener.Addr().String()) + if err != nil { + logrus.WithError(err).Fatalf("Failed to parse http address") + } + externalHTTPSAddr = https + + externalRouter := mux.NewRouter().SkipClean(true).UseEncodedPath() + + externalServ := &http.Server{ + Addr: externalHTTPSAddr.Address, + WriteTimeout: basepkg.HTTPServerTimeout, + Handler: externalRouter, + BaseContext: func(_ net.Listener) context.Context { + return processContext.Context() + }, + } + + // Redirect for Landing Page + externalRouter.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) { + http.Redirect(w, r, httputil.PublicStaticPath, http.StatusFound) + }) + + if cfg.Global.Metrics.Enabled { + externalRouter.Handle("/metrics", httputil.WrapHandlerInBasicAuth(promhttp.Handler(), cfg.Global.Metrics.BasicAuth)) + } + + basepkg.ConfigureAdminEndpoints(processContext, routers) + + // Parse and execute the landing page template + tmpl := template.Must(template.ParseFS(staticContent, "static/*.gotmpl")) + landingPage := &bytes.Buffer{} + if err := tmpl.ExecuteTemplate(landingPage, "index.gotmpl", map[string]string{ + "Version": internal.VersionString(), + }); err != nil { + logrus.WithError(err).Fatal("failed to execute landing page template") + } + + routers.Static.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) { + _, _ = w.Write(landingPage.Bytes()) + }) + + var clientHandler http.Handler + clientHandler = routers.Client + if cfg.Global.Sentry.Enabled { + sentryHandler := sentryhttp.New(sentryhttp.Options{ + Repanic: true, + }) + clientHandler = sentryHandler.Handle(routers.Client) + } + var federationHandler http.Handler + federationHandler = routers.Federation + if cfg.Global.Sentry.Enabled { + sentryHandler := sentryhttp.New(sentryhttp.Options{ + Repanic: true, + }) + federationHandler = sentryHandler.Handle(routers.Federation) + } + externalRouter.PathPrefix(httputil.DendriteAdminPathPrefix).Handler(routers.DendriteAdmin) + externalRouter.PathPrefix(httputil.PublicClientPathPrefix).Handler(clientHandler) + if !cfg.Global.DisableFederation { + externalRouter.PathPrefix(httputil.PublicKeyPathPrefix).Handler(routers.Keys) + externalRouter.PathPrefix(httputil.PublicFederationPathPrefix).Handler(federationHandler) + } + externalRouter.PathPrefix(httputil.SynapseAdminPathPrefix).Handler(routers.SynapseAdmin) + externalRouter.PathPrefix(httputil.PublicMediaPathPrefix).Handler(routers.Media) + externalRouter.PathPrefix(httputil.PublicWellKnownPrefix).Handler(routers.WellKnown) + externalRouter.PathPrefix(httputil.PublicStaticPath).Handler(routers.Static) + + externalRouter.NotFoundHandler = httputil.NotFoundCORSHandler + externalRouter.MethodNotAllowedHandler = httputil.NotAllowedHandler + + if externalHTTPSAddr.Enabled() { + go func() { + var externalShutdown atomic.Bool // RegisterOnShutdown can be called more than once + logrus.Infof("Starting external listener on https://%s", externalServ.Addr) + processContext.ComponentStarted() + externalServ.RegisterOnShutdown(func() { + if externalShutdown.CompareAndSwap(false, true) { + processContext.ComponentFinished() + logrus.Infof("Stopped external HTTPS listener") + } + }) + addr := listener.Addr() + externalServ.Addr = addr.String() + if err := externalServ.Serve(listener); err != nil { + if err != http.ErrServerClosed { + logrus.WithError(err).Fatal("failed to serve HTTPS") + } + } + + logrus.Infof("Stopped external listener on %s", externalServ.Addr) + }() + } + + minwinsvc.SetOnExit(processContext.ShutdownDendrite) + <-processContext.WaitForShutdown() + + logrus.Infof("Stopping HTTPS listeners") + _ = externalServ.Shutdown(context.Background()) + logrus.Infof("Stopped HTTPS listeners") +} diff --git a/contrib/dendrite-demo-tor/static/index.gotmpl b/contrib/dendrite-demo-tor/static/index.gotmpl new file mode 100644 index 000000000..b3c5576eb --- /dev/null +++ b/contrib/dendrite-demo-tor/static/index.gotmpl @@ -0,0 +1,63 @@ + + + + Dendrite is running + + + + +

It works! Dendrite {{ .Version }} is running

+

Your Dendrite server is listening on this port and is ready for messages.

+

To use this server you'll need a Matrix client. +

+

Welcome to the Matrix universe :)

+
+

+ + + matrix.org + + +

+ + diff --git a/go.mod b/go.mod index a36bc471c..4add5ae1a 100644 --- a/go.mod +++ b/go.mod @@ -7,9 +7,12 @@ require ( github.com/Masterminds/semver/v3 v3.1.1 github.com/blevesearch/bleve/v2 v2.4.0 github.com/codeclysm/extract v2.2.0+incompatible + github.com/cretz/bine v0.2.0 github.com/dgraph-io/ristretto v0.1.1 github.com/docker/docker v25.0.6+incompatible github.com/docker/go-connections v0.4.0 + github.com/eyedeekay/goSam v0.32.54 + github.com/eyedeekay/onramp v0.33.8 github.com/getsentry/sentry-go v0.14.0 github.com/gologme/log v1.3.0 github.com/google/go-cmp v0.6.0 @@ -34,19 +37,19 @@ require ( github.com/prometheus/client_golang v1.19.1 github.com/sirupsen/logrus v1.9.3 github.com/stretchr/testify v1.9.0 - github.com/tidwall/gjson v1.17.1 + github.com/tidwall/gjson v1.17.0 github.com/tidwall/sjson v1.2.5 github.com/uber/jaeger-client-go v2.30.0+incompatible github.com/uber/jaeger-lib v2.4.1+incompatible github.com/yggdrasil-network/yggdrasil-go v0.5.6 github.com/yggdrasil-network/yggquic v0.0.0-20240802104827-b4e97a928967 go.uber.org/atomic v1.11.0 - golang.org/x/crypto v0.26.0 + golang.org/x/crypto v0.27.0 golang.org/x/exp v0.0.0-20240506185415-9bf2ced13842 golang.org/x/image v0.18.0 golang.org/x/mobile v0.0.0-20240520174638-fa72addaaa1b golang.org/x/sync v0.8.0 - golang.org/x/term v0.23.0 + golang.org/x/term v0.24.0 gopkg.in/h2non/bimg.v1 v1.1.9 gopkg.in/yaml.v2 v2.4.0 gotest.tools/v3 v3.4.0 @@ -86,6 +89,8 @@ require ( github.com/distribution/reference v0.6.0 // indirect github.com/docker/go-units v0.5.0 // indirect github.com/dustin/go-humanize v1.0.1 // indirect + github.com/eyedeekay/i2pkeys v0.33.8 // indirect + github.com/eyedeekay/sam3 v0.33.8 // indirect github.com/felixge/httpsnoop v1.0.4 // indirect github.com/go-logr/logr v1.4.2 // indirect github.com/go-logr/stdr v1.2.2 // indirect @@ -135,9 +140,9 @@ require ( go.opentelemetry.io/otel/trace v1.28.0 // indirect go.uber.org/mock v0.4.0 // indirect golang.org/x/mod v0.17.0 // indirect - golang.org/x/net v0.26.0 // indirect - golang.org/x/sys v0.24.0 // indirect - golang.org/x/text v0.17.0 // indirect + golang.org/x/net v0.29.0 // indirect + golang.org/x/sys v0.25.0 // indirect + golang.org/x/text v0.18.0 // indirect golang.org/x/time v0.6.0 // indirect golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d // indirect google.golang.org/protobuf v1.34.2 // indirect diff --git a/go.sum b/go.sum index 6f8e01d48..b64125e3c 100644 --- a/go.sum +++ b/go.sum @@ -75,6 +75,8 @@ github.com/containerd/log v0.1.0/go.mod h1:VRRf09a7mHDIRezVKTRCrOq78v577GXq3bSa3 github.com/coreos/go-systemd/v22 v22.5.0/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc= github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= github.com/creack/pty v1.1.11/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= +github.com/cretz/bine v0.2.0 h1:8GiDRGlTgz+o8H9DSnsl+5MeBK4HsExxgl6WgzOCuZo= +github.com/cretz/bine v0.2.0/go.mod h1:WU4o9QR9wWp8AVKtTM1XD5vUHkEqnf2vVSo6dBqbetI= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= @@ -93,12 +95,33 @@ github.com/docker/go-units v0.5.0/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDD github.com/dustin/go-humanize v1.0.0/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk= github.com/dustin/go-humanize v1.0.1 h1:GzkhY7T5VNhEkwH0PVJgjz+fX1rhBrR7pRT3mDkpeCY= github.com/dustin/go-humanize v1.0.1/go.mod h1:Mu1zIs6XwVuF/gI1OepvI0qD18qycQx+mFykh5fBlto= +github.com/eyedeekay/goSam v0.32.54 h1:Uq1F9rePGi5aiHZ8J8ZC0HRpf4hvTUR+PJvmcCBpmWU= +github.com/eyedeekay/goSam v0.32.54/go.mod h1:R+prG/Xans0bG87LhtbbLSx40YiHtJNovhTHL2mEwPE= +github.com/eyedeekay/i2pkeys v0.0.0-20220310055120-b97558c06ac8/go.mod h1:W9KCm9lqZ+Ozwl3dwcgnpPXAML97+I8Jiht7o5A8YBM= +github.com/eyedeekay/i2pkeys v0.33.8 h1:f3llyruchFqs1QwCacBYbShArKPpMSSOqo/DVZXcfVs= +github.com/eyedeekay/i2pkeys v0.33.8/go.mod h1:W9KCm9lqZ+Ozwl3dwcgnpPXAML97+I8Jiht7o5A8YBM= +github.com/eyedeekay/onramp v0.33.8 h1:nc2ZGwWkeLf/GcijOMDdzI53q2mA8hCjepMyGHstcF0= +github.com/eyedeekay/onramp v0.33.8/go.mod h1:YYMgClC/ck/+3lHHAdsYzmDCSmsU8tn5WMkiSy9fcLo= +github.com/eyedeekay/sam3 v0.33.8 h1:emuSZ4qSyoqc1EDjIBFbJ3GXNHOXw6hjbNp2OqdOpgI= +github.com/eyedeekay/sam3 v0.33.8/go.mod h1:ytbwLYLJlW6UA92Ffyc6oioWTKnGeeUMr9CLuJbtqSA= github.com/felixge/httpsnoop v1.0.4 h1:NFTV2Zj1bL4mc9sqWACXbQFVBBg2W3GPvqp8/ESS2Wg= github.com/felixge/httpsnoop v1.0.4/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U= github.com/fogleman/gg v1.2.1-0.20190220221249-0403632d5b90/go.mod h1:R/bRT+9gY/C5z7JzPU0zXsXHKM4/ayA+zqcVNZzPa1k= github.com/frankban/quicktest v1.0.0/go.mod h1:R98jIehRai+d1/3Hv2//jOVCTJhW1VBavT6B6CuGq2k= github.com/frankban/quicktest v1.14.3 h1:FJKSZTDHjyhriyC81FLQ0LY93eSai0ZyR/ZIkd3ZUKE= github.com/frankban/quicktest v1.14.3/go.mod h1:mgiwOwqx65TmIk1wJ6Q7wvnVMocbUorkibMOrVTHZps= +github.com/getlantern/context v0.0.0-20190109183933-c447772a6520/go.mod h1:L+mq6/vvYHKjCX2oez0CgEAJmbq1fbb/oNJIWQkBybY= +github.com/getlantern/errors v1.0.1/go.mod h1:l+xpFBrCtDLpK9qNjxs+cHU6+BAdlBaxHqikB6Lku3A= +github.com/getlantern/fdcount v0.0.0-20210503151800-5decd65b3731/go.mod h1:XZwE+iIlAgr64OFbXKFNCllBwV4wEipPx8Hlo2gZdbM= +github.com/getlantern/go-socks5 v0.0.0-20171114193258-79d4dd3e2db5/go.mod h1:kGHRXch95rnGLHjER/GhhFiHvfnqNz7KqWD9kGfATHY= +github.com/getlantern/golog v0.0.0-20201105130739-9586b8bde3a9/go.mod h1:ZyIjgH/1wTCl+B+7yH1DqrWp6MPJqESmwmEQ89ZfhvA= +github.com/getlantern/hex v0.0.0-20190417191902-c6586a6fe0b7/go.mod h1:dD3CgOrwlzca8ed61CsZouQS5h5jIzkK9ZWrTcf0s+o= +github.com/getlantern/hidden v0.0.0-20190325191715-f02dbb02be55/go.mod h1:6mmzY2kW1TOOrVy+r41Za2MxXM+hhqTtY3oBKd2AgFA= +github.com/getlantern/mockconn v0.0.0-20200818071412-cb30d065a848/go.mod h1:+F5GJ7qGpQ03DBtcOEyQpM30ix4BLswdaojecFtsdy8= +github.com/getlantern/mtime v0.0.0-20200417132445-23682092d1f7/go.mod h1:GfzwugvtH7YcmNIrHHizeyImsgEdyL88YkdnK28B14c= +github.com/getlantern/netx v0.0.0-20190110220209-9912de6f94fd/go.mod h1:wKdY0ikOgzrWSeB9UyBVKPRhjXQ+vTb+BPeJuypUuNE= +github.com/getlantern/ops v0.0.0-20190325191751-d70cb0d6f85f/go.mod h1:D5ao98qkA6pxftxoqzibIBBrLSUli+kYnJqrgBf9cIA= +github.com/getlantern/ops v0.0.0-20200403153110-8476b16edcd6/go.mod h1:D5ao98qkA6pxftxoqzibIBBrLSUli+kYnJqrgBf9cIA= github.com/getsentry/sentry-go v0.14.0 h1:rlOBkuFZRKKdUnKO+0U3JclRDQKlRu5vVQtkWSQvC70= github.com/getsentry/sentry-go v0.14.0/go.mod h1:RZPJKSw+adu8PBNygiri/A98FqVr2HtRckJk9XVxJ9I= github.com/gin-contrib/sse v0.1.0 h1:Y/yl/+YNO8GZSjAhjMsSuLt29uWRFHdHYUb5lYOV9qE= @@ -124,6 +147,7 @@ github.com/go-playground/universal-translator v0.18.0/go.mod h1:UvRDBj+xPUEGrFYl github.com/go-playground/validator/v10 v10.2.0/go.mod h1:uOYAAleCW8F/7oMFd6aG0GOhaH6EGOAJShg8Id5JGkI= github.com/go-playground/validator/v10 v10.11.1 h1:prmOlTVv+YjZjmRmNSF3VmspqJIxJWXmqUsHwfTRRkQ= github.com/go-playground/validator/v10 v10.11.1/go.mod h1:i+3WkQ1FvaUjjxh1kSvIA4dMGDBiPU55YFDl0WbKdWU= +github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY= github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 h1:tfuBGBXKqDEevZMzYi5KSi8KkcZtzBcTgAUUtapy0OI= github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572/go.mod h1:9Pwr4B2jHnOSGXyyzV8ROjYa2ojvAY6HCGYYfMoC3Ls= github.com/gobwas/httphead v0.0.0-20180130184737-2c6c146eadee h1:s+21KNqlpePfkah2I+gwHF8xmJWRjooY+5248k6m4A0= @@ -267,6 +291,7 @@ github.com/opencontainers/image-spec v1.0.3-0.20211202183452-c5a74bcca799 h1:rc3 github.com/opencontainers/image-spec v1.0.3-0.20211202183452-c5a74bcca799/go.mod h1:BtxoFyWECRxE4U/7sNtV5W15zMzWCbyJoFRP3s7yZA0= github.com/opentracing/opentracing-go v1.2.0 h1:uEJPy/1a5RIPAJ0Ov+OIO8OxWu77jEv+1B0VhjKrZUs= github.com/opentracing/opentracing-go v1.2.0/go.mod h1:GxEUsuufX4nBwe+T+Wl9TAgYrxe9dPLANfrWvHYVTgc= +github.com/oxtoacart/bpool v0.0.0-20190530202638-03653db5a59c/go.mod h1:X07ZCGwUbLaax7L0S3Tw4hpejzu63ZrrQiUe6W0hcy0= github.com/patrickmn/go-cache v2.1.0+incompatible h1:HRMgzkcYKYpi3C8ajMPV8OFXaaRUnok+kx1WdO15EQc= github.com/patrickmn/go-cache v2.1.0+incompatible/go.mod h1:3Qf8kWWT7OJRJbdiICTKqZju1ZixQ/KpMGzzAfe6+WQ= github.com/pelletier/go-toml/v2 v2.0.5 h1:ipoSadvV8oGUjnUbMub59IDPPwfxF694nG/jwbMiyQg= @@ -305,13 +330,14 @@ github.com/stretchr/objx v0.5.2/go.mod h1:FRsXN1f5AsAjCGJKqEizvkpNtU+EGNCLh3NxZ/ github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= +github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA= github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg= github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= github.com/tidwall/gjson v1.14.2/go.mod h1:/wbyibRr2FHMks5tjHJ5F8dMZh3AcwJEMf5vlfC0lxk= -github.com/tidwall/gjson v1.17.1 h1:wlYEnwqAHgzmhNUFfw7Xalt2JzQvsMx2Se4PcoFCT/U= -github.com/tidwall/gjson v1.17.1/go.mod h1:/wbyibRr2FHMks5tjHJ5F8dMZh3AcwJEMf5vlfC0lxk= +github.com/tidwall/gjson v1.17.0 h1:/Jocvlh98kcTfpN2+JzGQWQcqrPQwDrVEMApx/M5ZwM= +github.com/tidwall/gjson v1.17.0/go.mod h1:/wbyibRr2FHMks5tjHJ5F8dMZh3AcwJEMf5vlfC0lxk= github.com/tidwall/match v1.1.1 h1:+Ho715JplO36QYgwN9PGYNhgZvoUSc9X2c80KVTi+GA= github.com/tidwall/match v1.1.1/go.mod h1:eRSPERbgtNPcGhD8UCthc6PmLEQXEWd3PRB5JTxsfmM= github.com/tidwall/pretty v1.2.0/go.mod h1:ITEVvHYasfjBbM0u2Pg8T2nJnzm8xPwvNhhsoaGGjNU= @@ -364,11 +390,12 @@ golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACk golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= +golang.org/x/crypto v0.0.0-20210513164829-c07d793c2f9a/go.mod h1:P+XmwS30IXTQdn5tA2iutPOUgjI07+tq3H3K9MVA1s8= golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU= golang.org/x/crypto v0.23.0/go.mod h1:CKFgDieR+mRhux2Lsu27y0fO304Db0wZe70UKqHu0v8= -golang.org/x/crypto v0.26.0 h1:RrRspgV4mU+YwB4FYnuBoKsUapNIL5cohGAmSH3azsw= -golang.org/x/crypto v0.26.0/go.mod h1:GY7jblb9wI+FOo5y8/S2oY4zWP07AkOJ4+jxCqdqn54= +golang.org/x/crypto v0.27.0 h1:GXm2NjJrPaiv/h1tb2UH8QfgC/hOf/+z0p6PT8o1w7A= +golang.org/x/crypto v0.27.0/go.mod h1:1Xngt8kV6Dvbssa53Ziq6Eqn0HqbZi5Z6R0ZpwQzt70= golang.org/x/exp v0.0.0-20180321215751-8460e604b9de/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20180807140117-3d87b88a115f/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190125153040-c74c464bbbf2/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= @@ -397,12 +424,13 @@ golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLL golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= +golang.org/x/net v0.0.0-20210525063256-abc453219eb5/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg= golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44= -golang.org/x/net v0.26.0 h1:soB7SVo0PWrY4vPW/+ay0jKDNScG2X9wFeYlXIvJsOQ= -golang.org/x/net v0.26.0/go.mod h1:5YKkiSynbBIh3p6iOc/vibscux0x38BZDkn8sCUPxHE= +golang.org/x/net v0.29.0 h1:5ORfpBpCs4HzDYoodCDBbwHzdR5UrLBZ3sOnUJmFoHo= +golang.org/x/net v0.29.0/go.mod h1:gLkgy8jTGERgjzMic6DS9+SP0ajcu6Xu3Orq/SpETg0= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -419,6 +447,7 @@ golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210119212857-b64e53b001e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210616094352-59db8d763f22/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= @@ -434,26 +463,27 @@ golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.20.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.21.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -golang.org/x/sys v0.24.0 h1:Twjiwq9dn6R1fQcyiK+wQyHWfaz/BJB+YIpzU/Cv3Xg= -golang.org/x/sys v0.24.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.25.0 h1:r+8e+loiHxRqhXVl6ML1nO3l1+oFoWbnlu2Ehimmi34= +golang.org/x/sys v0.25.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo= golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk= golang.org/x/term v0.20.0/go.mod h1:8UkIAJTvZgivsXaD6/pH6U9ecQzZ45awqEOzuCvwpFY= -golang.org/x/term v0.23.0 h1:F6D4vR+EHoL9/sWAWgAR1H2DcHr4PareCbAaCo1RpuU= -golang.org/x/term v0.23.0/go.mod h1:DgV24QBUrK6jhZXl+20l6UWznPlwAHm1Q1mGHtydmSk= +golang.org/x/term v0.24.0 h1:Mh5cbb+Zk2hqqXNO7S1iTjEphVL+jb8ZWaqh/g+JWkM= +golang.org/x/term v0.24.0/go.mod h1:lOBK/LVxemqiMij05LGJ0tzNr8xlmwBRJ81PX6wVLH8= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= +golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= golang.org/x/text v0.15.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= -golang.org/x/text v0.17.0 h1:XtiM5bkSOt+ewxlOE/aE/AKEHibwj/6gvWMl9Rsh0Qc= -golang.org/x/text v0.17.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY= +golang.org/x/text v0.18.0 h1:XvMDiNzPAl0jr17s6W9lcaIhGUfUORdGCNsuLmPG224= +golang.org/x/text v0.18.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY= golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.6.0 h1:eTDhh4ZXt5Qf0augr54TN6suAUudPcawVZeIAPU7D4U= golang.org/x/time v0.6.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= diff --git a/setup/base/base.go b/setup/base/base.go index 82068aa92..26615fc08 100644 --- a/setup/base/base.go +++ b/setup/base/base.go @@ -52,6 +52,7 @@ var staticContent embed.FS //go:embed static/client/login var loginFallback embed.FS +var StaticContent = staticContent const HTTPServerTimeout = time.Minute * 5 @@ -235,7 +236,6 @@ func SetupAndServeHTTP( logrus.WithError(err).Fatal("failed to serve unix socket") } } - } else { if err := externalServ.ListenAndServe(); err != nil { if err != http.ErrServerClosed {