Fix registration for virtual hosting
This commit is contained in:
parent
a8e7ffc7ab
commit
8299da5905
|
@ -24,6 +24,7 @@ import (
|
||||||
"github.com/matrix-org/dendrite/clientapi/jsonerror"
|
"github.com/matrix-org/dendrite/clientapi/jsonerror"
|
||||||
"github.com/matrix-org/dendrite/setup/config"
|
"github.com/matrix-org/dendrite/setup/config"
|
||||||
uapi "github.com/matrix-org/dendrite/userapi/api"
|
uapi "github.com/matrix-org/dendrite/userapi/api"
|
||||||
|
"github.com/matrix-org/gomatrixserverlib"
|
||||||
"github.com/matrix-org/util"
|
"github.com/matrix-org/util"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
@ -66,8 +67,10 @@ func TestLoginFromJSONReader(t *testing.T) {
|
||||||
var userAPI fakeUserInternalAPI
|
var userAPI fakeUserInternalAPI
|
||||||
cfg := &config.ClientAPI{
|
cfg := &config.ClientAPI{
|
||||||
Matrix: &config.Global{
|
Matrix: &config.Global{
|
||||||
|
SigningIdentity: gomatrixserverlib.SigningIdentity{
|
||||||
ServerName: serverName,
|
ServerName: serverName,
|
||||||
},
|
},
|
||||||
|
},
|
||||||
}
|
}
|
||||||
login, cleanup, err := LoginFromJSONReader(ctx, strings.NewReader(tst.Body), &userAPI, &userAPI, cfg)
|
login, cleanup, err := LoginFromJSONReader(ctx, strings.NewReader(tst.Body), &userAPI, &userAPI, cfg)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
@ -144,8 +147,10 @@ func TestBadLoginFromJSONReader(t *testing.T) {
|
||||||
var userAPI fakeUserInternalAPI
|
var userAPI fakeUserInternalAPI
|
||||||
cfg := &config.ClientAPI{
|
cfg := &config.ClientAPI{
|
||||||
Matrix: &config.Global{
|
Matrix: &config.Global{
|
||||||
|
SigningIdentity: gomatrixserverlib.SigningIdentity{
|
||||||
ServerName: serverName,
|
ServerName: serverName,
|
||||||
},
|
},
|
||||||
|
},
|
||||||
}
|
}
|
||||||
_, cleanup, errRes := LoginFromJSONReader(ctx, strings.NewReader(tst.Body), &userAPI, &userAPI, cfg)
|
_, cleanup, errRes := LoginFromJSONReader(ctx, strings.NewReader(tst.Body), &userAPI, &userAPI, cfg)
|
||||||
if errRes == nil {
|
if errRes == nil {
|
||||||
|
|
|
@ -47,8 +47,10 @@ func (d *fakeAccountDatabase) QueryAccountByPassword(ctx context.Context, req *a
|
||||||
func setup() *UserInteractive {
|
func setup() *UserInteractive {
|
||||||
cfg := &config.ClientAPI{
|
cfg := &config.ClientAPI{
|
||||||
Matrix: &config.Global{
|
Matrix: &config.Global{
|
||||||
|
SigningIdentity: gomatrixserverlib.SigningIdentity{
|
||||||
ServerName: serverName,
|
ServerName: serverName,
|
||||||
},
|
},
|
||||||
|
},
|
||||||
}
|
}
|
||||||
return NewUserInteractive(&fakeAccountDatabase{}, cfg)
|
return NewUserInteractive(&fakeAccountDatabase{}, cfg)
|
||||||
}
|
}
|
||||||
|
|
|
@ -551,6 +551,12 @@ func Register(
|
||||||
}
|
}
|
||||||
|
|
||||||
var r registerRequest
|
var r registerRequest
|
||||||
|
host := gomatrixserverlib.ServerName(req.Host)
|
||||||
|
if v := cfg.Matrix.VirtualHostForHTTPHost(host); v != nil {
|
||||||
|
r.ServerName = v.ServerName
|
||||||
|
} else {
|
||||||
|
r.ServerName = cfg.Matrix.ServerName
|
||||||
|
}
|
||||||
sessionID := gjson.GetBytes(reqBody, "auth.session").String()
|
sessionID := gjson.GetBytes(reqBody, "auth.session").String()
|
||||||
if sessionID == "" {
|
if sessionID == "" {
|
||||||
// Generate a new, random session ID
|
// Generate a new, random session ID
|
||||||
|
@ -560,6 +566,7 @@ func Register(
|
||||||
// Some of these might end up being overwritten if the
|
// Some of these might end up being overwritten if the
|
||||||
// values are specified again in the request body.
|
// values are specified again in the request body.
|
||||||
r.Username = data.Username
|
r.Username = data.Username
|
||||||
|
r.ServerName = data.ServerName
|
||||||
r.Password = data.Password
|
r.Password = data.Password
|
||||||
r.DeviceID = data.DeviceID
|
r.DeviceID = data.DeviceID
|
||||||
r.InitialDisplayName = data.InitialDisplayName
|
r.InitialDisplayName = data.InitialDisplayName
|
||||||
|
@ -575,7 +582,6 @@ func Register(
|
||||||
if resErr := httputil.UnmarshalJSON(reqBody, &r); resErr != nil {
|
if resErr := httputil.UnmarshalJSON(reqBody, &r); resErr != nil {
|
||||||
return *resErr
|
return *resErr
|
||||||
}
|
}
|
||||||
r.ServerName = cfg.Matrix.ServerName
|
|
||||||
if l, d, err := cfg.Matrix.SplitLocalID('@', r.Username); err == nil {
|
if l, d, err := cfg.Matrix.SplitLocalID('@', r.Username); err == nil {
|
||||||
r.Username, r.ServerName = l, d
|
r.Username, r.ServerName = l, d
|
||||||
}
|
}
|
||||||
|
@ -650,16 +656,25 @@ func handleGuestRegistration(
|
||||||
cfg *config.ClientAPI,
|
cfg *config.ClientAPI,
|
||||||
userAPI userapi.ClientUserAPI,
|
userAPI userapi.ClientUserAPI,
|
||||||
) util.JSONResponse {
|
) util.JSONResponse {
|
||||||
if cfg.RegistrationDisabled || cfg.GuestsDisabled {
|
registrationEnabled := !cfg.RegistrationDisabled
|
||||||
|
guestsEnabled := !cfg.GuestsDisabled
|
||||||
|
if v := cfg.Matrix.VirtualHost(r.ServerName); v != nil {
|
||||||
|
registrationEnabled, guestsEnabled = v.RegistrationAllowed()
|
||||||
|
}
|
||||||
|
|
||||||
|
if !registrationEnabled || !guestsEnabled {
|
||||||
return util.JSONResponse{
|
return util.JSONResponse{
|
||||||
Code: http.StatusForbidden,
|
Code: http.StatusForbidden,
|
||||||
JSON: jsonerror.Forbidden("Guest registration is disabled"),
|
JSON: jsonerror.Forbidden(
|
||||||
|
fmt.Sprintf("Guest registration is disabled on %q", r.ServerName),
|
||||||
|
),
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
var res userapi.PerformAccountCreationResponse
|
var res userapi.PerformAccountCreationResponse
|
||||||
err := userAPI.PerformAccountCreation(req.Context(), &userapi.PerformAccountCreationRequest{
|
err := userAPI.PerformAccountCreation(req.Context(), &userapi.PerformAccountCreationRequest{
|
||||||
AccountType: userapi.AccountTypeGuest,
|
AccountType: userapi.AccountTypeGuest,
|
||||||
|
ServerName: r.ServerName,
|
||||||
}, &res)
|
}, &res)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return util.JSONResponse{
|
return util.JSONResponse{
|
||||||
|
@ -736,10 +751,16 @@ func handleRegistrationFlow(
|
||||||
)
|
)
|
||||||
}
|
}
|
||||||
|
|
||||||
if cfg.RegistrationDisabled && r.Auth.Type != authtypes.LoginTypeSharedSecret {
|
registrationEnabled := !cfg.RegistrationDisabled
|
||||||
|
if v := cfg.Matrix.VirtualHost(r.ServerName); v != nil {
|
||||||
|
registrationEnabled, _ = v.RegistrationAllowed()
|
||||||
|
}
|
||||||
|
if !registrationEnabled && r.Auth.Type != authtypes.LoginTypeSharedSecret {
|
||||||
return util.JSONResponse{
|
return util.JSONResponse{
|
||||||
Code: http.StatusForbidden,
|
Code: http.StatusForbidden,
|
||||||
JSON: jsonerror.Forbidden("Registration is disabled"),
|
JSON: jsonerror.Forbidden(
|
||||||
|
fmt.Sprintf("Registration is disabled on %q", r.ServerName),
|
||||||
|
),
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -827,8 +848,9 @@ func handleApplicationServiceRegistration(
|
||||||
// Don't need to worry about appending to registration stages as
|
// Don't need to worry about appending to registration stages as
|
||||||
// application service registration is entirely separate.
|
// application service registration is entirely separate.
|
||||||
return completeRegistration(
|
return completeRegistration(
|
||||||
req.Context(), userAPI, r.Username, "", appserviceID, req.RemoteAddr, req.UserAgent(), r.Auth.Session,
|
req.Context(), userAPI, r.Username, r.ServerName, "", appserviceID, req.RemoteAddr,
|
||||||
r.InhibitLogin, r.InitialDisplayName, r.DeviceID, userapi.AccountTypeAppService,
|
req.UserAgent(), r.Auth.Session, r.InhibitLogin, r.InitialDisplayName, r.DeviceID,
|
||||||
|
userapi.AccountTypeAppService,
|
||||||
)
|
)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -846,8 +868,9 @@ func checkAndCompleteFlow(
|
||||||
if checkFlowCompleted(flow, cfg.Derived.Registration.Flows) {
|
if checkFlowCompleted(flow, cfg.Derived.Registration.Flows) {
|
||||||
// This flow was completed, registration can continue
|
// This flow was completed, registration can continue
|
||||||
return completeRegistration(
|
return completeRegistration(
|
||||||
req.Context(), userAPI, r.Username, r.Password, "", req.RemoteAddr, req.UserAgent(), sessionID,
|
req.Context(), userAPI, r.Username, r.ServerName, r.Password, "", req.RemoteAddr,
|
||||||
r.InhibitLogin, r.InitialDisplayName, r.DeviceID, userapi.AccountTypeUser,
|
req.UserAgent(), sessionID, r.InhibitLogin, r.InitialDisplayName, r.DeviceID,
|
||||||
|
userapi.AccountTypeUser,
|
||||||
)
|
)
|
||||||
}
|
}
|
||||||
sessions.addParams(sessionID, r)
|
sessions.addParams(sessionID, r)
|
||||||
|
@ -869,7 +892,8 @@ func checkAndCompleteFlow(
|
||||||
func completeRegistration(
|
func completeRegistration(
|
||||||
ctx context.Context,
|
ctx context.Context,
|
||||||
userAPI userapi.ClientUserAPI,
|
userAPI userapi.ClientUserAPI,
|
||||||
username, password, appserviceID, ipAddr, userAgent, sessionID string,
|
username string, serverName gomatrixserverlib.ServerName,
|
||||||
|
password, appserviceID, ipAddr, userAgent, sessionID string,
|
||||||
inhibitLogin eventutil.WeakBoolean,
|
inhibitLogin eventutil.WeakBoolean,
|
||||||
displayName, deviceID *string,
|
displayName, deviceID *string,
|
||||||
accType userapi.AccountType,
|
accType userapi.AccountType,
|
||||||
|
@ -891,6 +915,7 @@ func completeRegistration(
|
||||||
err := userAPI.PerformAccountCreation(ctx, &userapi.PerformAccountCreationRequest{
|
err := userAPI.PerformAccountCreation(ctx, &userapi.PerformAccountCreationRequest{
|
||||||
AppServiceID: appserviceID,
|
AppServiceID: appserviceID,
|
||||||
Localpart: username,
|
Localpart: username,
|
||||||
|
ServerName: serverName,
|
||||||
Password: password,
|
Password: password,
|
||||||
AccountType: accType,
|
AccountType: accType,
|
||||||
OnConflict: userapi.ConflictAbort,
|
OnConflict: userapi.ConflictAbort,
|
||||||
|
@ -934,6 +959,7 @@ func completeRegistration(
|
||||||
var devRes userapi.PerformDeviceCreationResponse
|
var devRes userapi.PerformDeviceCreationResponse
|
||||||
err = userAPI.PerformDeviceCreation(ctx, &userapi.PerformDeviceCreationRequest{
|
err = userAPI.PerformDeviceCreation(ctx, &userapi.PerformDeviceCreationRequest{
|
||||||
Localpart: username,
|
Localpart: username,
|
||||||
|
ServerName: serverName,
|
||||||
AccessToken: token,
|
AccessToken: token,
|
||||||
DeviceDisplayName: displayName,
|
DeviceDisplayName: displayName,
|
||||||
DeviceID: deviceID,
|
DeviceID: deviceID,
|
||||||
|
@ -1028,6 +1054,10 @@ func RegisterAvailable(
|
||||||
// Squash username to all lowercase letters
|
// Squash username to all lowercase letters
|
||||||
username = strings.ToLower(username)
|
username = strings.ToLower(username)
|
||||||
domain := cfg.Matrix.ServerName
|
domain := cfg.Matrix.ServerName
|
||||||
|
host := gomatrixserverlib.ServerName(req.Host)
|
||||||
|
if v := cfg.Matrix.VirtualHostForHTTPHost(host); v != nil {
|
||||||
|
domain = v.ServerName
|
||||||
|
}
|
||||||
if u, l, err := cfg.Matrix.SplitLocalID('@', username); err == nil {
|
if u, l, err := cfg.Matrix.SplitLocalID('@', username); err == nil {
|
||||||
username, domain = u, l
|
username, domain = u, l
|
||||||
}
|
}
|
||||||
|
@ -1117,5 +1147,5 @@ func handleSharedSecretRegistration(cfg *config.ClientAPI, userAPI userapi.Clien
|
||||||
if ssrr.Admin {
|
if ssrr.Admin {
|
||||||
accType = userapi.AccountTypeAdmin
|
accType = userapi.AccountTypeAdmin
|
||||||
}
|
}
|
||||||
return completeRegistration(req.Context(), userAPI, ssrr.User, ssrr.Password, "", req.RemoteAddr, req.UserAgent(), "", false, &ssrr.User, &deviceID, accType)
|
return completeRegistration(req.Context(), userAPI, ssrr.User, cfg.Matrix.ServerName, ssrr.Password, "", req.RemoteAddr, req.UserAgent(), "", false, &ssrr.User, &deviceID, accType)
|
||||||
}
|
}
|
||||||
|
|
|
@ -30,7 +30,9 @@ var (
|
||||||
// TestGoodUserID checks that correct localpart is returned for a valid user ID.
|
// TestGoodUserID checks that correct localpart is returned for a valid user ID.
|
||||||
func TestGoodUserID(t *testing.T) {
|
func TestGoodUserID(t *testing.T) {
|
||||||
cfg := &config.Global{
|
cfg := &config.Global{
|
||||||
|
SigningIdentity: gomatrixserverlib.SigningIdentity{
|
||||||
ServerName: serverName,
|
ServerName: serverName,
|
||||||
|
},
|
||||||
}
|
}
|
||||||
|
|
||||||
lp, _, err := ParseUsernameParam(goodUserID, cfg)
|
lp, _, err := ParseUsernameParam(goodUserID, cfg)
|
||||||
|
@ -47,7 +49,9 @@ func TestGoodUserID(t *testing.T) {
|
||||||
// TestWithLocalpartOnly checks that localpart is returned when usernameParam contains only localpart.
|
// TestWithLocalpartOnly checks that localpart is returned when usernameParam contains only localpart.
|
||||||
func TestWithLocalpartOnly(t *testing.T) {
|
func TestWithLocalpartOnly(t *testing.T) {
|
||||||
cfg := &config.Global{
|
cfg := &config.Global{
|
||||||
|
SigningIdentity: gomatrixserverlib.SigningIdentity{
|
||||||
ServerName: serverName,
|
ServerName: serverName,
|
||||||
|
},
|
||||||
}
|
}
|
||||||
|
|
||||||
lp, _, err := ParseUsernameParam(localpart, cfg)
|
lp, _, err := ParseUsernameParam(localpart, cfg)
|
||||||
|
@ -64,7 +68,9 @@ func TestWithLocalpartOnly(t *testing.T) {
|
||||||
// TestIncorrectDomain checks for error when there's server name mismatch.
|
// TestIncorrectDomain checks for error when there's server name mismatch.
|
||||||
func TestIncorrectDomain(t *testing.T) {
|
func TestIncorrectDomain(t *testing.T) {
|
||||||
cfg := &config.Global{
|
cfg := &config.Global{
|
||||||
|
SigningIdentity: gomatrixserverlib.SigningIdentity{
|
||||||
ServerName: invalidServerName,
|
ServerName: invalidServerName,
|
||||||
|
},
|
||||||
}
|
}
|
||||||
|
|
||||||
_, _, err := ParseUsernameParam(goodUserID, cfg)
|
_, _, err := ParseUsernameParam(goodUserID, cfg)
|
||||||
|
@ -77,7 +83,9 @@ func TestIncorrectDomain(t *testing.T) {
|
||||||
// TestBadUserID checks that ParseUsernameParam fails for invalid user ID
|
// TestBadUserID checks that ParseUsernameParam fails for invalid user ID
|
||||||
func TestBadUserID(t *testing.T) {
|
func TestBadUserID(t *testing.T) {
|
||||||
cfg := &config.Global{
|
cfg := &config.Global{
|
||||||
|
SigningIdentity: gomatrixserverlib.SigningIdentity{
|
||||||
ServerName: serverName,
|
ServerName: serverName,
|
||||||
|
},
|
||||||
}
|
}
|
||||||
|
|
||||||
_, _, err := ParseUsernameParam(badUserID, cfg)
|
_, _, err := ParseUsernameParam(badUserID, cfg)
|
||||||
|
|
|
@ -144,24 +144,9 @@ func LocalKeys(cfg *config.FederationAPI, serverName gomatrixserverlib.ServerNam
|
||||||
|
|
||||||
func localKeys(cfg *config.FederationAPI, serverName gomatrixserverlib.ServerName) (*gomatrixserverlib.ServerKeys, error) {
|
func localKeys(cfg *config.FederationAPI, serverName gomatrixserverlib.ServerName) (*gomatrixserverlib.ServerKeys, error) {
|
||||||
var keys gomatrixserverlib.ServerKeys
|
var keys gomatrixserverlib.ServerKeys
|
||||||
var virtualHost *config.VirtualHost
|
|
||||||
loop:
|
|
||||||
for _, v := range cfg.Matrix.VirtualHosts {
|
|
||||||
if v.ServerName == serverName {
|
|
||||||
virtualHost = v
|
|
||||||
break loop
|
|
||||||
}
|
|
||||||
for _, httpHost := range v.MatchHTTPHosts {
|
|
||||||
if httpHost == serverName {
|
|
||||||
virtualHost = v
|
|
||||||
break loop
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
var identity *gomatrixserverlib.SigningIdentity
|
var identity *gomatrixserverlib.SigningIdentity
|
||||||
var err error
|
var err error
|
||||||
if virtualHost == nil {
|
if virtualHost := cfg.Matrix.VirtualHostForHTTPHost(serverName); virtualHost == nil {
|
||||||
if identity, err = cfg.Matrix.SigningIdentityFor(cfg.Matrix.ServerName); err != nil {
|
if identity, err = cfg.Matrix.SigningIdentityFor(cfg.Matrix.ServerName); err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
|
4
go.mod
4
go.mod
|
@ -22,7 +22,7 @@ require (
|
||||||
github.com/matrix-org/dugong v0.0.0-20210921133753-66e6b1c67e2e
|
github.com/matrix-org/dugong v0.0.0-20210921133753-66e6b1c67e2e
|
||||||
github.com/matrix-org/go-sqlite3-js v0.0.0-20220419092513-28aa791a1c91
|
github.com/matrix-org/go-sqlite3-js v0.0.0-20220419092513-28aa791a1c91
|
||||||
github.com/matrix-org/gomatrix v0.0.0-20220926102614-ceba4d9f7530
|
github.com/matrix-org/gomatrix v0.0.0-20220926102614-ceba4d9f7530
|
||||||
github.com/matrix-org/gomatrixserverlib v0.0.0-20221115151040-900369eadf39
|
github.com/matrix-org/gomatrixserverlib v0.0.0-20221118122129-9b9340bf29d7
|
||||||
github.com/matrix-org/pinecone v0.0.0-20221117214503-218c39e0cd6d
|
github.com/matrix-org/pinecone v0.0.0-20221117214503-218c39e0cd6d
|
||||||
github.com/matrix-org/util v0.0.0-20200807132607-55161520e1d4
|
github.com/matrix-org/util v0.0.0-20200807132607-55161520e1d4
|
||||||
github.com/mattn/go-sqlite3 v1.14.15
|
github.com/mattn/go-sqlite3 v1.14.15
|
||||||
|
@ -109,8 +109,6 @@ require (
|
||||||
github.com/nats-io/jwt/v2 v2.3.0 // indirect
|
github.com/nats-io/jwt/v2 v2.3.0 // indirect
|
||||||
github.com/nats-io/nkeys v0.3.0 // indirect
|
github.com/nats-io/nkeys v0.3.0 // indirect
|
||||||
github.com/nats-io/nuid v1.0.1 // indirect
|
github.com/nats-io/nuid v1.0.1 // indirect
|
||||||
github.com/nxadm/tail v1.4.8 // indirect
|
|
||||||
github.com/onsi/ginkgo v1.16.5 // indirect
|
|
||||||
github.com/onsi/ginkgo/v2 v2.3.0 // indirect
|
github.com/onsi/ginkgo/v2 v2.3.0 // indirect
|
||||||
github.com/onsi/gomega v1.22.1 // indirect
|
github.com/onsi/gomega v1.22.1 // indirect
|
||||||
github.com/opencontainers/go-digest v1.0.0 // indirect
|
github.com/opencontainers/go-digest v1.0.0 // indirect
|
||||||
|
|
16
go.sum
16
go.sum
|
@ -335,12 +335,8 @@ github.com/leodido/go-urn v1.2.0/go.mod h1:+8+nEpDfqqsY+g338gtMEUOtuK+4dEMhiQEgx
|
||||||
github.com/leodido/go-urn v1.2.1 h1:BqpAaACuzVSgi/VLzGZIobT2z4v53pjosyNd9Yv6n/w=
|
github.com/leodido/go-urn v1.2.1 h1:BqpAaACuzVSgi/VLzGZIobT2z4v53pjosyNd9Yv6n/w=
|
||||||
github.com/lib/pq v1.10.7 h1:p7ZhMD+KsSRozJr34udlUrhboJwWAgCg34+/ZZNvZZw=
|
github.com/lib/pq v1.10.7 h1:p7ZhMD+KsSRozJr34udlUrhboJwWAgCg34+/ZZNvZZw=
|
||||||
github.com/lib/pq v1.10.7/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o=
|
github.com/lib/pq v1.10.7/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o=
|
||||||
github.com/lucas-clemente/quic-go v0.28.1/go.mod h1:oGz5DKK41cJt5+773+BSO9BXDsREY4HLf7+0odGAPO0=
|
|
||||||
github.com/lucas-clemente/quic-go v0.29.2 h1:O8Mt0O6LpvEW+wfC40vZdcw0DngwYzoxq5xULZNzSI8=
|
|
||||||
github.com/lucas-clemente/quic-go v0.29.2/go.mod h1:g6/h9YMmLuU54tL1gW25uIi3VlBp3uv+sBihplIuskE=
|
|
||||||
github.com/lucas-clemente/quic-go v0.30.0 h1:nwLW0h8ahVQ5EPTIM7uhl/stHqQDea15oRlYKZmw2O0=
|
github.com/lucas-clemente/quic-go v0.30.0 h1:nwLW0h8ahVQ5EPTIM7uhl/stHqQDea15oRlYKZmw2O0=
|
||||||
github.com/lucas-clemente/quic-go v0.30.0/go.mod h1:ssOrRsOmdxa768Wr78vnh2B8JozgLsMzG/g+0qEC7uk=
|
github.com/lucas-clemente/quic-go v0.30.0/go.mod h1:ssOrRsOmdxa768Wr78vnh2B8JozgLsMzG/g+0qEC7uk=
|
||||||
github.com/lunixbochs/vtclean v1.0.0/go.mod h1:pHhQNgMf3btfWnGBVipUOjRYhoOsdGqdm/+2c2E2WMI=
|
|
||||||
github.com/magiconair/properties v1.8.0/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ=
|
github.com/magiconair/properties v1.8.0/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ=
|
||||||
github.com/marten-seemann/qtls-go1-18 v0.1.3 h1:R4H2Ks8P6pAtUagjFty2p7BVHn3XiwDAl7TTQf5h7TI=
|
github.com/marten-seemann/qtls-go1-18 v0.1.3 h1:R4H2Ks8P6pAtUagjFty2p7BVHn3XiwDAl7TTQf5h7TI=
|
||||||
github.com/marten-seemann/qtls-go1-18 v0.1.3/go.mod h1:mJttiymBAByA49mhlNZZGrH5u1uXYZJ+RW28Py7f4m4=
|
github.com/marten-seemann/qtls-go1-18 v0.1.3/go.mod h1:mJttiymBAByA49mhlNZZGrH5u1uXYZJ+RW28Py7f4m4=
|
||||||
|
@ -352,10 +348,8 @@ github.com/matrix-org/go-sqlite3-js v0.0.0-20220419092513-28aa791a1c91 h1:s7fexw
|
||||||
github.com/matrix-org/go-sqlite3-js v0.0.0-20220419092513-28aa791a1c91/go.mod h1:e+cg2q7C7yE5QnAXgzo512tgFh1RbQLC0+jozuegKgo=
|
github.com/matrix-org/go-sqlite3-js v0.0.0-20220419092513-28aa791a1c91/go.mod h1:e+cg2q7C7yE5QnAXgzo512tgFh1RbQLC0+jozuegKgo=
|
||||||
github.com/matrix-org/gomatrix v0.0.0-20220926102614-ceba4d9f7530 h1:kHKxCOLcHH8r4Fzarl4+Y3K5hjothkVW5z7T1dUM11U=
|
github.com/matrix-org/gomatrix v0.0.0-20220926102614-ceba4d9f7530 h1:kHKxCOLcHH8r4Fzarl4+Y3K5hjothkVW5z7T1dUM11U=
|
||||||
github.com/matrix-org/gomatrix v0.0.0-20220926102614-ceba4d9f7530/go.mod h1:/gBX06Kw0exX1HrwmoBibFA98yBk/jxKpGVeyQbff+s=
|
github.com/matrix-org/gomatrix v0.0.0-20220926102614-ceba4d9f7530/go.mod h1:/gBX06Kw0exX1HrwmoBibFA98yBk/jxKpGVeyQbff+s=
|
||||||
github.com/matrix-org/gomatrixserverlib v0.0.0-20221115151040-900369eadf39 h1:VapUpY3oSbEGhfSpnnTKh7bz6AA5R4tVB5lwdlcA6jE=
|
github.com/matrix-org/gomatrixserverlib v0.0.0-20221118122129-9b9340bf29d7 h1:S2TNN7C00CZlE1Af31LzxkOsAEkFt0RYZ7/3VdR1D5U=
|
||||||
github.com/matrix-org/gomatrixserverlib v0.0.0-20221115151040-900369eadf39/go.mod h1:Mtifyr8q8htcBeugvlDnkBcNUy5LO8OzUoplAf1+mb4=
|
github.com/matrix-org/gomatrixserverlib v0.0.0-20221118122129-9b9340bf29d7/go.mod h1:Mtifyr8q8htcBeugvlDnkBcNUy5LO8OzUoplAf1+mb4=
|
||||||
github.com/matrix-org/pinecone v0.0.0-20221026160848-639feeff74d6 h1:nAT5w41Q9uWTSnpKW55/hBwP91j2IFYPDRs0jJ8TyFI=
|
|
||||||
github.com/matrix-org/pinecone v0.0.0-20221026160848-639feeff74d6/go.mod h1:K0N1ixHQxXoCyqolDqVxPM3ArrDtcMs8yegOx2Lfv9k=
|
|
||||||
github.com/matrix-org/pinecone v0.0.0-20221117214503-218c39e0cd6d h1:RRJg8TP3bYYtVyFIMv/ebJR+ZTWv7Xtci5zk1D3GD10=
|
github.com/matrix-org/pinecone v0.0.0-20221117214503-218c39e0cd6d h1:RRJg8TP3bYYtVyFIMv/ebJR+ZTWv7Xtci5zk1D3GD10=
|
||||||
github.com/matrix-org/pinecone v0.0.0-20221117214503-218c39e0cd6d/go.mod h1:F3GHppRuHCTDeoOmmgjZMeJdbql91+RSGGsATWfC7oc=
|
github.com/matrix-org/pinecone v0.0.0-20221117214503-218c39e0cd6d/go.mod h1:F3GHppRuHCTDeoOmmgjZMeJdbql91+RSGGsATWfC7oc=
|
||||||
github.com/matrix-org/util v0.0.0-20200807132607-55161520e1d4 h1:eCEHXWDv9Rm335MSuB49mFUK44bwZPFSDde3ORE3syk=
|
github.com/matrix-org/util v0.0.0-20200807132607-55161520e1d4 h1:eCEHXWDv9Rm335MSuB49mFUK44bwZPFSDde3ORE3syk=
|
||||||
|
@ -408,12 +402,6 @@ github.com/ngrok/sqlmw v0.0.0-20220520173518-97c9c04efc79/go.mod h1:E26fwEtRNigB
|
||||||
github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno=
|
github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno=
|
||||||
github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
|
github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
|
||||||
github.com/onsi/ginkgo v1.7.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
|
github.com/onsi/ginkgo v1.7.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
|
||||||
github.com/onsi/ginkgo v1.12.1/go.mod h1:zj2OWP4+oCPe1qIXoGWkgMRwljMUYCdkwsT2108oapk=
|
|
||||||
github.com/onsi/ginkgo v1.14.0/go.mod h1:iSB4RoI2tjJc9BBv4NKIKWKya62Rps+oPG/Lv9klQyY=
|
|
||||||
github.com/onsi/ginkgo v1.16.2/go.mod h1:CObGmKUOKaSC0RjmoAK7tKyn4Azo5P2IWuoMnvwxz1E=
|
|
||||||
github.com/onsi/ginkgo v1.16.4/go.mod h1:dX+/inL/fNMqNlz0e9LfyB9TswhZpCVdJM/Z6Vvnwo0=
|
|
||||||
github.com/onsi/ginkgo v1.16.5 h1:8xi0RTUf59SOSfEtZMvwTvXYMzG4gV23XVHOZiXNtnE=
|
|
||||||
github.com/onsi/ginkgo v1.16.5/go.mod h1:+E8gABHa3K6zRBolWtd+ROzc/U5bkGt0FwiG042wbpU=
|
|
||||||
github.com/onsi/ginkgo/v2 v2.3.0 h1:kUMoxMoQG3ogk/QWyKh3zibV7BKZ+xBpWil1cTylVqc=
|
github.com/onsi/ginkgo/v2 v2.3.0 h1:kUMoxMoQG3ogk/QWyKh3zibV7BKZ+xBpWil1cTylVqc=
|
||||||
github.com/onsi/ginkgo/v2 v2.3.0/go.mod h1:Eew0uilEqZmIEZr8JrvYlvOM7Rr6xzTmMV8AyFNU9d0=
|
github.com/onsi/ginkgo/v2 v2.3.0/go.mod h1:Eew0uilEqZmIEZr8JrvYlvOM7Rr6xzTmMV8AyFNU9d0=
|
||||||
github.com/onsi/gomega v1.4.3/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY=
|
github.com/onsi/gomega v1.4.3/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY=
|
||||||
|
|
|
@ -235,7 +235,7 @@ func loadConfig(
|
||||||
if v.KeyValidityPeriod == 0 {
|
if v.KeyValidityPeriod == 0 {
|
||||||
v.KeyValidityPeriod = c.Global.KeyValidityPeriod
|
v.KeyValidityPeriod = c.Global.KeyValidityPeriod
|
||||||
}
|
}
|
||||||
if v.PrivateKeyPath == "" {
|
if v.PrivateKeyPath == "" || v.PrivateKey == nil || v.KeyID == "" {
|
||||||
v.KeyID = c.Global.KeyID
|
v.KeyID = c.Global.KeyID
|
||||||
v.PrivateKey = c.Global.PrivateKey
|
v.PrivateKey = c.Global.PrivateKey
|
||||||
continue
|
continue
|
||||||
|
|
|
@ -12,8 +12,9 @@ import (
|
||||||
)
|
)
|
||||||
|
|
||||||
type Global struct {
|
type Global struct {
|
||||||
// The name of the server. This is usually the domain name, e.g 'matrix.org', 'localhost'.
|
// Signing identity contains the server name, private key and key ID of
|
||||||
ServerName gomatrixserverlib.ServerName `yaml:"server_name"`
|
// the deployment.
|
||||||
|
gomatrixserverlib.SigningIdentity `yaml:",inline"`
|
||||||
|
|
||||||
// The secondary server names, used for virtual hosting.
|
// The secondary server names, used for virtual hosting.
|
||||||
VirtualHosts []*VirtualHost `yaml:"virtual_hosts"`
|
VirtualHosts []*VirtualHost `yaml:"virtual_hosts"`
|
||||||
|
@ -21,13 +22,6 @@ type Global struct {
|
||||||
// Path to the private key which will be used to sign requests and events.
|
// Path to the private key which will be used to sign requests and events.
|
||||||
PrivateKeyPath Path `yaml:"private_key"`
|
PrivateKeyPath Path `yaml:"private_key"`
|
||||||
|
|
||||||
// The private key which will be used to sign requests and events.
|
|
||||||
PrivateKey ed25519.PrivateKey `yaml:"-"`
|
|
||||||
|
|
||||||
// An arbitrary string used to uniquely identify the PrivateKey. Must start with the
|
|
||||||
// prefix "ed25519:".
|
|
||||||
KeyID gomatrixserverlib.KeyID `yaml:"-"`
|
|
||||||
|
|
||||||
// Information about old private keys that used to be used to sign requests and
|
// Information about old private keys that used to be used to sign requests and
|
||||||
// events on this domain. They will not be used but will be advertised to other
|
// events on this domain. They will not be used but will be advertised to other
|
||||||
// servers that ask for them to help verify old events.
|
// servers that ask for them to help verify old events.
|
||||||
|
@ -151,6 +145,29 @@ func (c *Global) SplitLocalID(sigil byte, id string) (string, gomatrixserverlib.
|
||||||
return u, s, nil
|
return u, s, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func (c *Global) VirtualHost(serverName gomatrixserverlib.ServerName) *VirtualHost {
|
||||||
|
for _, v := range c.VirtualHosts {
|
||||||
|
if v.ServerName == serverName {
|
||||||
|
return v
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
|
func (c *Global) VirtualHostForHTTPHost(serverName gomatrixserverlib.ServerName) *VirtualHost {
|
||||||
|
for _, v := range c.VirtualHosts {
|
||||||
|
if v.ServerName == serverName {
|
||||||
|
return v
|
||||||
|
}
|
||||||
|
for _, h := range v.MatchHTTPHosts {
|
||||||
|
if h == serverName {
|
||||||
|
return v
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
func (c *Global) SigningIdentityFor(serverName gomatrixserverlib.ServerName) (*gomatrixserverlib.SigningIdentity, error) {
|
func (c *Global) SigningIdentityFor(serverName gomatrixserverlib.ServerName) (*gomatrixserverlib.SigningIdentity, error) {
|
||||||
for _, id := range c.SigningIdentities() {
|
for _, id := range c.SigningIdentities() {
|
||||||
if id.ServerName == serverName {
|
if id.ServerName == serverName {
|
||||||
|
@ -162,32 +179,22 @@ func (c *Global) SigningIdentityFor(serverName gomatrixserverlib.ServerName) (*g
|
||||||
|
|
||||||
func (c *Global) SigningIdentities() []*gomatrixserverlib.SigningIdentity {
|
func (c *Global) SigningIdentities() []*gomatrixserverlib.SigningIdentity {
|
||||||
identities := make([]*gomatrixserverlib.SigningIdentity, 0, len(c.VirtualHosts)+1)
|
identities := make([]*gomatrixserverlib.SigningIdentity, 0, len(c.VirtualHosts)+1)
|
||||||
identities = append(identities, &gomatrixserverlib.SigningIdentity{
|
identities = append(identities, &c.SigningIdentity)
|
||||||
ServerName: c.ServerName,
|
|
||||||
KeyID: c.KeyID,
|
|
||||||
PrivateKey: c.PrivateKey,
|
|
||||||
})
|
|
||||||
for _, v := range c.VirtualHosts {
|
for _, v := range c.VirtualHosts {
|
||||||
identities = append(identities, v.SigningIdentity())
|
identities = append(identities, &v.SigningIdentity)
|
||||||
}
|
}
|
||||||
return identities
|
return identities
|
||||||
}
|
}
|
||||||
|
|
||||||
type VirtualHost struct {
|
type VirtualHost struct {
|
||||||
// The server name of the virtual host.
|
// Signing identity contains the server name, private key and key ID of
|
||||||
ServerName gomatrixserverlib.ServerName `yaml:"server_name"`
|
// the virtual host.
|
||||||
|
gomatrixserverlib.SigningIdentity `yaml:",inline"`
|
||||||
// The key ID of the private key. If not specified, the default global key ID
|
|
||||||
// will be used instead.
|
|
||||||
KeyID gomatrixserverlib.KeyID `yaml:"key_id"`
|
|
||||||
|
|
||||||
// Path to the private key. If not specified, the default global private key
|
// Path to the private key. If not specified, the default global private key
|
||||||
// will be used instead.
|
// will be used instead.
|
||||||
PrivateKeyPath Path `yaml:"private_key"`
|
PrivateKeyPath Path `yaml:"private_key"`
|
||||||
|
|
||||||
// The private key itself.
|
|
||||||
PrivateKey ed25519.PrivateKey `yaml:"-"`
|
|
||||||
|
|
||||||
// How long a remote server can cache our server key for before requesting it again.
|
// How long a remote server can cache our server key for before requesting it again.
|
||||||
// Increasing this number will reduce the number of requests made by remote servers
|
// Increasing this number will reduce the number of requests made by remote servers
|
||||||
// for our key, but increases the period a compromised key will be considered valid
|
// for our key, but increases the period a compromised key will be considered valid
|
||||||
|
@ -201,19 +208,24 @@ type VirtualHost struct {
|
||||||
MatchHTTPHosts []gomatrixserverlib.ServerName `yaml:"match_http_hosts"`
|
MatchHTTPHosts []gomatrixserverlib.ServerName `yaml:"match_http_hosts"`
|
||||||
|
|
||||||
// Is registration enabled on this virtual host?
|
// Is registration enabled on this virtual host?
|
||||||
AllowRegistration bool `json:"allow_registration"`
|
AllowRegistration bool `yaml:"allow_registration"`
|
||||||
|
|
||||||
|
// Is guest registration enabled on this virtual host?
|
||||||
|
AllowGuests bool `yaml:"allow_guests"`
|
||||||
}
|
}
|
||||||
|
|
||||||
func (v *VirtualHost) Verify(configErrs *ConfigErrors) {
|
func (v *VirtualHost) Verify(configErrs *ConfigErrors) {
|
||||||
checkNotEmpty(configErrs, "virtual_host.*.server_name", string(v.ServerName))
|
checkNotEmpty(configErrs, "virtual_host.*.server_name", string(v.ServerName))
|
||||||
}
|
}
|
||||||
|
|
||||||
func (v *VirtualHost) SigningIdentity() *gomatrixserverlib.SigningIdentity {
|
// RegistrationAllowed returns two bools, the first states whether registration
|
||||||
return &gomatrixserverlib.SigningIdentity{
|
// is allowed for this virtual host and the second states whether guests are
|
||||||
ServerName: v.ServerName,
|
// allowed for this virtual host.
|
||||||
KeyID: v.KeyID,
|
func (v *VirtualHost) RegistrationAllowed() (bool, bool) {
|
||||||
PrivateKey: v.PrivateKey,
|
if v == nil {
|
||||||
|
return false, false
|
||||||
}
|
}
|
||||||
|
return v.AllowRegistration, v.AllowGuests
|
||||||
}
|
}
|
||||||
|
|
||||||
type OldVerifyKeys struct {
|
type OldVerifyKeys struct {
|
||||||
|
|
|
@ -61,8 +61,10 @@ func MustMakeInternalAPI(t *testing.T, opts apiTestOpts, dbType test.DBType) (ap
|
||||||
|
|
||||||
cfg := &config.UserAPI{
|
cfg := &config.UserAPI{
|
||||||
Matrix: &config.Global{
|
Matrix: &config.Global{
|
||||||
|
SigningIdentity: gomatrixserverlib.SigningIdentity{
|
||||||
ServerName: serverName,
|
ServerName: serverName,
|
||||||
},
|
},
|
||||||
|
},
|
||||||
}
|
}
|
||||||
|
|
||||||
return &internal.UserInternalAPI{
|
return &internal.UserInternalAPI{
|
||||||
|
|
Loading…
Reference in a new issue