Updates/adds a new multistage (build-kit) Dockerfile. (if accepted,
could make `Dockerfile.monolith` and `Dockerfile.polylith` in
`build/docker` obsolete)
There's no huge difference between the dockerfiles, except this uses a
non-root user when running the container, also doesn't copy the working
directory to the image when building.
Also adds vulnerabilities scans using
[Trivy](https://github.com/aquasecurity/trivy) for the created docker
images. (untested)
Building images is done using
```
docker build . --target image-monolith -t dendrite-monolith
docker build . --target image-polylith -t dendrite-polylith
```
As noted in the comments, only adds `dendrite-polylith-multi` to the
polylith image and all required binaries to the monolith image.
Probably needs some docs updating, if this is accepted.
Co-authored-by: Neil Alexander <neilalexander@users.noreply.github.com>
Based on #2480
This actually indexes events based on their event type. They are removed
from the index if we receive a `m.room.redaction` event on the
`OutputRoomEvent` stream.
An admin endpoint is added to reindex all existing events.
Co-authored-by: Neil Alexander <neilalexander@users.noreply.github.com>
This makes the following changes:
* The various `Defaults` functions are now responsible for setting sane defaults if `generate` is specified, rather than hiding them in `generate-config`
* Some configuration options have been marked as `omitempty` so that they don't appear in generated configs unnecessarily (monolith-specific vs. polylith-specific options)
* A new option `-polylith` has been added to `generate-config` to create a config that makes sense for polylith deployments (i.e. including the internal/external API listeners and per-component database sections)
* A new option `-normalise` has been added to `generate-config` to take an existing file and add any missing options and/or defaults
This PR refactors the app services component. It makes the following changes:
* Each appservice now gets its own NATS JetStream consumer
* The appservice database is now removed entirely, since we just use JetStream as a data source instead
* The entire component is now much simpler and we deleted lots of lines of code 💅
The result is that it should be much lighter and hopefully much more performant.
This refactors the `dendrite-demo-pinecone` executable so that it:
1. Converts the old `.key` file into a standard `.pem` file
2. Allows passing in the `--config` option to supply a normal Dendrite configuration file, so that you can configure PostgreSQL instead of SQLite, appservices and all the other usual stuff
This PR does the following:
- adds a `keysize` parameter to `generate-keys`, so we can use lower sized keys when running in CI
- updates the Complement docker files to use BuildKit (requires Docker >18.09)
- uses `exec` when executing `dendrite-monotlith-server`, making it PID 1 inside docker, which results in Dendrite actually receiving the `SIGTERM` signal send by Docker. (Making it faster when running tests with Complement, as we don't take 10 seconds to timeout)
A timeout of 10 seconds could cause issues with servers having a high `bcrypt_cost` configured in the config.
This adds a parameter to manually configure the timeout, defaults to 30 seconds.
* Get all account data on CompleteSync
* Revert "Get all account data on CompleteSync"
This reverts commit 44a3e566d8.
* Use /_synapse/admin/v1/register to create account
* Linting
* Linter again :)
* Update docs
* Use HTTP API to reset password, add option to User API `PerformPasswordUpdate` to invalidate sessions
* Fix routing name
* Tell me more about what went wrong
* Deprecate the `-reset-password` flag, document the new API
Co-authored-by: Neil Alexander <neilalexander@users.noreply.github.com>
* Correctly redact events over federation (#2526)
* Ensure we check powerlevel/origin before redacting an event
* Add passing test
* Use pl.UserLevel
* Make check more readable, also check for the sender
* Add new next steps page to the documentation
* Highlighting in docs
* Rename the page to "Optimise your installation"
* Attempt to raise the file descriptor limit at startup (#2527)
* Add `--difference` to `resolve-state` tool
* Make the linter happy again
* generic CaddyFile in front of Dendrite (monolith) (#2531)
for Caddy 2.5.x
Co-authored-by: emanuele.aliberti <emanuele.aliberti@mtka.eu>
* Handle state before, send history visibility in output (#2532)
* Check state before event
* Tweaks
* Refactor a bit, include in output events
* Don't waste time if soft failed either
* Tweak control flow, comments, use GMSL history visibility type
* Fix rare panic when returning user devices over federation (#2534)
* Add `InputDeviceListUpdate` to the keyserver, remove old input API (#2536)
* Add `InputDeviceListUpdate` to the keyserver, remove old input API
* Fix copyright
* Log more information when a device list update fails
* Fix nats.go commit (#2540)
Signed-off-by: Jean Lucas <jean@4ray.co>
* Don't return `end` if there are not more messages (#2542)
* Be more spec compliant
* Move lazyLoadMembers to own method
* Return an error if trying to invite a malformed user ID (#2543)
* Add `evacuateUser` endpoint, use it when deactivating accounts (#2545)
* Add `evacuateUser` endpoint, use it when deactivating accounts
* Populate the API
* Clean up user devices when deactivating
* Include invites, delete pushers
* Silence presence logs (#2547)
* Blacklist `Guest users can join guest_access rooms` test until it can be investigated
* Disable WebAssembly builds for now
* Try to fix backfilling (#2548)
* Try to fix backfilling
* Return start/end to not confuse clients
* Update GMSL
* Update GMSL
* Roomserver producers package (#2546)
* Give the roomserver a producers package
* Change init point
* Populate ACLs API
* Fix build issues
* `RoomEventProducer` naming
* Version 0.8.9 (#2549)
* Version 0.8.9
* Update changelog
* feat+fix: Ignore unknown keys and verify required fields are present in appservice registration files (#2550)
* fix: ignore unknown keys in appservice configs
fixesmatrix-org/dendrite#1567
* feat: verify required fields in appservice configs
* Use new testrig for key changes tests (#2552)
* Use new testrig for tests
* Log the error message
* Fix QuerySharedUsers for the SyncAPI keychange consumer (#2554)
* Make more use of base.BaseDendrite
* Fix QuerySharedUsers if no UserIDs are supplied
* Return clearer error when no state NID exists for an event (#2555)
* Wrap error from `SnapshotNIDFromEventID`
* Hopefully fix read receipts timestamps (#2557)
This should avoid coercions between signed and unsigned ints which might fix problems like `sql: converting argument $5 type: uint64 values with high bit set are not supported`.
* Fix nil pointer access when redacting events (#2560)
* Fix issue `uint64 values with high bit are not supported` in presence (#2562)
* Fix issue #2528
* Use gomatrixserverlib.Timestamp
* Use ParseUint instead of ParseInt
* Update Pinecone to matrix-org/pinecone@1ce778f
* Ristretto cache (#2563)
* Try Ristretto cache
* Tweak
* It's beautiful
* Update GMSL
* More strict keyable interface
* Fix that some more
* Make less panicky
* Don't enforce mutability checks for now
* Determine mutability using deep equality
* Tweaks
* Namespace keys
* Make federation caches mutable
* Update cost estimation, add metric
* Update GMSL
* Estimate cost for metrics better
* Reduce counters a bit
* Try caching events
* Some guards
* Try again
* Try this
* Use separate caches for hopefully better hash distribution
* Fix bug with admitting events into cache
* Try to fix bugs
* Check nil
* Try that again
* Preserve order jeezo this is messy
* thanks VS Code for doing exactly the wrong thing
* Try this again
* Be more specific
* aaaaargh
* One more time
* That might be better
* Stronger sorting
* Cache expiries, async publishing of EDUs
* Put it back
* Use a shared cache again
* Cost estimation fixes
* Update ristretto
* Reduce counters a bit
* Clean up a bit
* Update GMSL
* 1GB
* Configurable cache sizees
* Tweaks
* Add `config.DataUnit` for specifying friendly cache sizes
* Various tweaks
* Update GMSL
* Add back some lazy loading caching
* Include key in cost
* Include key in cost
* Tweak max age handling, config key name
* Only register prometheus metrics if requested
* Review comments @S7evinK
* Don't return errors when creating caches (it is better just to crash since otherwise we'll `nil`-pointer exception everywhere)
* Review comments
* Update sample configs
* Update GHA Workflow
* Update Complement images to Go 1.18
* Remove the cache test from the federation API as we no longer guarantee immediate cache admission
* Don't check the caches in the renewal test
* Possibly fix the upgrade tests
* Update to matrix-org/gomatrixserverlib#322
* Update documentation to refer to Go 1.18
* Minor SendToDevice fix (#2565)
* Avoid unnecessary marshalling if sending to the local server
* Fix ordering of ToDevice messages
* Revive SendToDevice test
* Use `/v3` to request media from remote servers (update to matrix-org/gomatrixserverlib#324)
* Pointerise `types.RoomInfo` in the cache so we can update it in-place in the latest events updater
* Add a Troubleshooting page
* Update `sytest-whitelist`
* Use sync API database in `filterSharedUsers` (#2572)
* Add function to the sync API storage package for filtering shared users
* Use the database instead of asking the RS API
* Fix unit tests
* Fix map handling in `filterSharedUsers`
* Update 1_createusers.md (#2571)
* Update 1_createusers.md
Added description on how to create user accounts when running in docker.
* Update 1_createusers.md
Co-authored-by: Neil Alexander <neilalexander@users.noreply.github.com>
* Fix connection_string format in dendrite-sample.polylith.yaml (#2574)
* History visibility database changes (#2533)
* Add new history_visibility column
* Update SQL queries to include history_visibility
* Store the history visibilty calculated by the roomserver
* Update GMSL
* Update migrations
* Fix migration
* Update GMSL
* Fix `go.sum`
* Update GMSL to use sql.Scanner & sql.Valuer
* Re-order migration/table creation
* Update gomatrixserverlib
* Add history_visibility column to current_room_state
* Fix migrations
* Return error instead of Fatal log
Co-authored-by: Neil Alexander <neilalexander@users.noreply.github.com>
* Tweak cache counters (#2575)
* Tweak cache counters
This makes the number of counters relative to the
maximum cache size. Since the counters
effectively manage the size of the bloom filter,
larger caches need more counters and smaller
caches need less.
10 counters per 1KB data means that the default
cache size of 1GB should result in a bloom filter
and TinyLRU admission set of about 16MB
estimated.
* Remove line left by accident
* Set historyVisibility in rowsToStreamEvents
* Update FAQ
* Add event state key cache (#2576)
* Explain how SRV works in Matrix and discourage using it (#2577)
* Explain how SRV works in Matrix and discourage using it
* Minor tweaks to formatting
Co-authored-by: Neil Alexander <neilalexander@users.noreply.github.com>
* Fix issue with membership event_nid being 0 (#2580)
* docs: Add build page; correct proxy info; fix Caddy example (#2579)
* Add build page; correct proxy info; fix Caddy example
* Improve Caddyfile example
* Apply review comments; add polylith Caddyfile
* Bump tzinfo from 1.2.9 to 1.2.10 in /docs (#2584)
Bumps [tzinfo](https://github.com/tzinfo/tzinfo) from 1.2.9 to 1.2.10.
- [Release notes](https://github.com/tzinfo/tzinfo/releases)
- [Changelog](https://github.com/tzinfo/tzinfo/blob/master/CHANGES.md)
- [Commits](https://github.com/tzinfo/tzinfo/compare/v1.2.9...v1.2.10)
---
updated-dependencies:
- dependency-name: tzinfo
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Membership updater refactoring (#2541)
* Membership updater refactoring
* Pass in membership state
* Use membership check rather than referring to state directly
* Delete irrelevant membership states
* We don't need the leave event after all
* Tweaks
* Put a log entry in that I might stand a chance of finding
* Be less panicky
* Tweak invite handling
* Don't freak if we can't find the event NID
* Use event NID from `types.Event`
* Clean up
* Better invite handling
* Placate the almighty linter
* Blacklist a Sytest which is otherwise fine under Complement for reasons I don't understand
* Fix the sytest after all (thanks @S7evinK for the spot)
* Try to fix HTTP 500s on `/members` (#2581)
* Update database migrations, remove goose (#2264)
* Add new db migration
* Update migrations
Remove goose
* Add possibility to test direct upgrades
* Try to fix WASM test
* Add checks for specific migrations
* Remove AddMigration
Use WithTransaction
Add Dendrite version to table
* Fix linter issues
* Update tests
* Update comments, outdent if
* Namespace migrations
* Add direct upgrade tests, skipping over one version
* Split migrations
* Update go version in CI
* Fix copy&paste mistake
* Use contexts in migrations
Co-authored-by: kegsay <kegan@matrix.org>
Co-authored-by: Neil Alexander <neilalexander@users.noreply.github.com>
* Add .well-known/matrix/client to clientapi (#2551)
Signed-off-by: Jonathan Bartlett <jonathan@jonnobrow.co.uk>
Co-authored-by: Neil Alexander <neilalexander@users.noreply.github.com>
* Remove `room_id` field from MSC2946 stripped events (closes#2588)
* Remove `goose` from Dockerfiles
* Make the User API responsible for sending account data output events (#2592)
* Make the User API responsible for sending account data output events
* Clean up producer
* Review comments
* Update NATS Server and nats.go to use upstream
* Set CORS headers for HTTP 404 and 405 errors (#2599)
* Set CORS headers for the 404s
* Use custom handlers, plus one for HTTP 405 too
* Tweak setup
* Add to muxes too
* Tidy up some more
* Use built-in HTTP 404 handler
* Don't bother setting it for federation-facing
* Optimise checking other servers allowed to see events (#2596)
* Try optimising checking if server is allowed to see event
* Fix error
* Handle case where snapshot NID is 0
* Fix query
* Update SQL
* Clean up `CheckServerAllowedToSeeEvent`
* Not supported on SQLite
* Maybe placate the unit tests
* Review comments
* De-race `types.RoomInfo` (#2600)
* De-race `CompleteSync` (#2601)
The `err` was coming from outside of the goroutine and being written to by concurrent goroutines.
* Version 0.9.0 (#2602)
Co-authored-by: Till <2353100+S7evinK@users.noreply.github.com>
Co-authored-by: Neil Alexander <neilalexander@users.noreply.github.com>
Co-authored-by: Till Faelligen <davidf@element.io>
Co-authored-by: Emanuele Aliberti <dev@mtka.eu>
Co-authored-by: emanuele.aliberti <emanuele.aliberti@mtka.eu>
Co-authored-by: Jean Lucas <jean@4ray.co>
Co-authored-by: Kabir Kwatra <kabir@kwatra.me>
Co-authored-by: andreever <52261463+andreever@users.noreply.github.com>
Co-authored-by: Maximilian Gaedig <38767445+MaximilianGaedig@users.noreply.github.com>
Co-authored-by: Tulir Asokan <tulir@maunium.net>
Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: kegsay <kegan@matrix.org>
Co-authored-by: Jonathan Bartlett <34320158+Jonnobrow@users.noreply.github.com>
* Add new db migration
* Update migrations
Remove goose
* Add possibility to test direct upgrades
* Try to fix WASM test
* Add checks for specific migrations
* Remove AddMigration
Use WithTransaction
Add Dendrite version to table
* Fix linter issues
* Update tests
* Update comments, outdent if
* Namespace migrations
* Add direct upgrade tests, skipping over one version
* Split migrations
* Update go version in CI
* Fix copy&paste mistake
* Use contexts in migrations
Co-authored-by: kegsay <kegan@matrix.org>
Co-authored-by: Neil Alexander <neilalexander@users.noreply.github.com>
* Try Ristretto cache
* Tweak
* It's beautiful
* Update GMSL
* More strict keyable interface
* Fix that some more
* Make less panicky
* Don't enforce mutability checks for now
* Determine mutability using deep equality
* Tweaks
* Namespace keys
* Make federation caches mutable
* Update cost estimation, add metric
* Update GMSL
* Estimate cost for metrics better
* Reduce counters a bit
* Try caching events
* Some guards
* Try again
* Try this
* Use separate caches for hopefully better hash distribution
* Fix bug with admitting events into cache
* Try to fix bugs
* Check nil
* Try that again
* Preserve order jeezo this is messy
* thanks VS Code for doing exactly the wrong thing
* Try this again
* Be more specific
* aaaaargh
* One more time
* That might be better
* Stronger sorting
* Cache expiries, async publishing of EDUs
* Put it back
* Use a shared cache again
* Cost estimation fixes
* Update ristretto
* Reduce counters a bit
* Clean up a bit
* Update GMSL
* 1GB
* Configurable cache sizees
* Tweaks
* Add `config.DataUnit` for specifying friendly cache sizes
* Various tweaks
* Update GMSL
* Add back some lazy loading caching
* Include key in cost
* Include key in cost
* Tweak max age handling, config key name
* Only register prometheus metrics if requested
* Review comments @S7evinK
* Don't return errors when creating caches (it is better just to crash since otherwise we'll `nil`-pointer exception everywhere)
* Review comments
* Update sample configs
* Update GHA Workflow
* Update Complement images to Go 1.18
* Remove the cache test from the federation API as we no longer guarantee immediate cache admission
* Don't check the caches in the renewal test
* Possibly fix the upgrade tests
* Update to matrix-org/gomatrixserverlib#322
* Update documentation to refer to Go 1.18
Squashed commit of the following:
commit b5c55faf98
Author: Neil Alexander <neilalexander@users.noreply.github.com>
Date: Fri Jul 1 12:00:32 2022 +0100
Version 0.8.9 (#2549)
* Version 0.8.9
* Update changelog
commit b50a24c666
Author: Neil Alexander <neilalexander@users.noreply.github.com>
Date: Fri Jul 1 10:54:07 2022 +0100
Roomserver producers package (#2546)
* Give the roomserver a producers package
* Change init point
* Populate ACLs API
* Fix build issues
* `RoomEventProducer` naming
commit 89cd0e8fc1
Author: Till <2353100+S7evinK@users.noreply.github.com>
Date: Fri Jul 1 11:49:26 2022 +0200
Try to fix backfilling (#2548)
* Try to fix backfilling
* Return start/end to not confuse clients
* Update GMSL
* Update GMSL
commit 086f182e24
Author: Neil Alexander <neilalexander@users.noreply.github.com>
Date: Fri Jul 1 09:50:06 2022 +0100
Disable WebAssembly builds for now
commit 54bed4c593
Author: Neil Alexander <neilalexander@users.noreply.github.com>
Date: Fri Jul 1 09:37:54 2022 +0100
Blacklist `Guest users can join guest_access rooms` test until it can be investigated
commit 561c159ad7
Author: Till <2353100+S7evinK@users.noreply.github.com>
Date: Thu Jun 30 12:34:37 2022 +0200
Silence presence logs (#2547)
commit 519bc1124b
Author: Neil Alexander <neilalexander@users.noreply.github.com>
Date: Wed Jun 29 15:29:39 2022 +0100
Add `evacuateUser` endpoint, use it when deactivating accounts (#2545)
* Add `evacuateUser` endpoint, use it when deactivating accounts
* Populate the API
* Clean up user devices when deactivating
* Include invites, delete pushers
commit 2dea466685
Author: Neil Alexander <neilalexander@users.noreply.github.com>
Date: Wed Jun 29 12:32:24 2022 +0100
Return an error if trying to invite a malformed user ID (#2543)
commit 2086992caf
Author: Till <2353100+S7evinK@users.noreply.github.com>
Date: Wed Jun 29 10:49:12 2022 +0200
Don't return `end` if there are not more messages (#2542)
* Be more spec compliant
* Move lazyLoadMembers to own method
commit 920a20821b
Author: Jean Lucas <jean@4ray.co>
Date: Mon Jun 27 04:15:19 2022 -0400
Fix nats.go commit (#2540)
Signed-off-by: Jean Lucas <jean@4ray.co>
commit 7120eb6bc9
Author: Neil Alexander <neilalexander@users.noreply.github.com>
Date: Wed Jun 15 14:27:07 2022 +0100
Add `InputDeviceListUpdate` to the keyserver, remove old input API (#2536)
* Add `InputDeviceListUpdate` to the keyserver, remove old input API
* Fix copyright
* Log more information when a device list update fails
commit 1b90cc9536
Author: Till <2353100+S7evinK@users.noreply.github.com>
Date: Wed Jun 15 12:50:02 2022 +0200
Fix rare panic when returning user devices over federation (#2534)
commit 4c2a10f1a6
Author: Neil Alexander <neilalexander@users.noreply.github.com>
Date: Mon Jun 13 15:11:10 2022 +0100
Handle state before, send history visibility in output (#2532)
* Check state before event
* Tweaks
* Refactor a bit, include in output events
* Don't waste time if soft failed either
* Tweak control flow, comments, use GMSL history visibility type
commit c500958583
Author: Emanuele Aliberti <dev@mtka.eu>
Date: Mon Jun 13 13:08:46 2022 +0200
generic CaddyFile in front of Dendrite (monolith) (#2531)
for Caddy 2.5.x
Co-authored-by: emanuele.aliberti <emanuele.aliberti@mtka.eu>
commit e1136f4d3e
Author: Till Faelligen <davidf@element.io>
Date: Mon Jun 13 11:46:59 2022 +0200
Make the linter happy again
commit 0a7f7dc716
Author: Neil Alexander <neilalexander@users.noreply.github.com>
Date: Mon Jun 13 10:16:30 2022 +0100
Add `--difference` to `resolve-state` tool
commit 89d2adadbd
Author: Neil Alexander <neilalexander@users.noreply.github.com>
Date: Fri Jun 10 10:58:04 2022 +0100
Attempt to raise the file descriptor limit at startup (#2527)
commit 1030072285
Author: Neil Alexander <neilalexander@users.noreply.github.com>
Date: Fri Jun 10 10:18:32 2022 +0100
Rename the page to "Optimise your installation"
commit 16ed1633b6
Author: Neil Alexander <neilalexander@users.noreply.github.com>
Date: Fri Jun 10 10:15:14 2022 +0100
Highlighting in docs
commit e2a64773ce
Author: Neil Alexander <neilalexander@users.noreply.github.com>
Date: Fri Jun 10 10:14:15 2022 +0100
Add new next steps page to the documentation
commit 660f7839f5
Author: Till <2353100+S7evinK@users.noreply.github.com>
Date: Thu Jun 9 18:38:07 2022 +0200
Correctly redact events over federation (#2526)
* Ensure we check powerlevel/origin before redacting an event
* Add passing test
* Use pl.UserLevel
* Make check more readable, also check for the sender
* Refactor ApplicationServiceWorkerState to be more robust
* Add launch.json to VS Code
* Implement login with JWT, registering with email, failed login rate limiting and reset password with m.login.email.identity auth type
* Log errors when JWT parsing failed
* Development build script
* Fix linter errors
* Use golangci-lint as a linter in VS Code
* Fix tests with RtFailedLogin
* Pass config load tests - parse JWT public key only if enabled
* Reduce CI steps
Do not support 386 arch and go 1.16, 1.17
* Fix linter errors
* Change RtFailedLogin logic - nil pointer can be provided
* Respect access token in query
* Fix typos
* Use only one mutex in RtFailedLogin
* Remove eventsRemaining across appservice component
* Push dendrite to production registry as well
* Rafactor TestRtFailedLogin
* Fix flakey sytest 'Local device key changes get to remote servers'
* Debug logs
* Remove internal/test and use /test only
Remove a lot of ancient code too.
* Use FederationRoomserverAPI in more places
* Use more interfaces in federationapi; begin adding regression test
* Linting
* Add regression test
* Unbreak tests
* ALL THE LOGS
* Fix a race condition which could cause events to not be sent to servers
If a new room event which rewrites state arrives, we remove all joined hosts
then re-calculate them. This wasn't done in a transaction so for a brief period
we would have no joined hosts. During this interim, key change events which arrive
would not be sent to destination servers. This would sporadically fail on sytest.
* Unbreak new tests
* Linting
