From 1ce00f90fea3f1f078e22387442087c5ca7329b0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Timo=20K=C3=B6sters?= Date: Thu, 4 Mar 2021 13:36:06 +0100 Subject: [PATCH 01/14] fix: don't accept incoming pdus if we know about them already --- src/server_server.rs | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/src/server_server.rs b/src/server_server.rs index 00f31ca3..d5898182 100644 --- a/src/server_server.rs +++ b/src/server_server.rs @@ -554,6 +554,12 @@ pub async fn send_transaction_message_route<'a>( // TODO: redact event if hashing fails let (event_id, value) = crate::pdu::process_incoming_pdu(pdu); + // Skip the pdu if we already know about it + if db.rooms.get_pdu_id(&event_id)?.is_some() { + resolved_map.insert(event_id, Err("We already know about this event".into())); + continue; + } + let pdu = serde_json::from_value::( serde_json::to_value(&value).expect("CanonicalJsonObj is a valid JsonValue"), ) From 6309506a48daa70b120b4dcf0ea76ab2487208d2 Mon Sep 17 00:00:00 2001 From: Rudi Floren Date: Thu, 4 Mar 2021 15:26:34 +0100 Subject: [PATCH 02/14] Allow suspicious_else_formatting This is probably unfixable because it is caused by macros --- src/lib.rs | 1 + src/main.rs | 1 + 2 files changed, 2 insertions(+) diff --git a/src/lib.rs b/src/lib.rs index aed129fd..196626ea 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -1,3 +1,4 @@ +#![allow(clippy::suspicious_else_formatting)] pub mod appservice_server; pub mod client_server; mod database; diff --git a/src/main.rs b/src/main.rs index 498cfa69..eff55522 100644 --- a/src/main.rs +++ b/src/main.rs @@ -1,4 +1,5 @@ #![warn(rust_2018_idioms)] +#![allow(clippy::suspicious_else_formatting)] pub mod appservice_server; pub mod client_server; From 4027cbd01ddf11541c84e4029fbb1587d951e784 Mon Sep 17 00:00:00 2001 From: Rudi Floren Date: Thu, 4 Mar 2021 15:27:25 +0100 Subject: [PATCH 03/14] Fix various clippy errors --- src/database/sending.rs | 8 +++----- src/ruma_wrapper.rs | 5 +++-- src/server_server.rs | 10 +++++++--- 3 files changed, 13 insertions(+), 10 deletions(-) diff --git a/src/database/sending.rs b/src/database/sending.rs index 48fe68a1..1ae063f4 100644 --- a/src/database/sending.rs +++ b/src/database/sending.rs @@ -74,7 +74,7 @@ impl Sending { for ((server, is_appservice), pdus) in current_transactions { // Create new reservation let mut prefix = if is_appservice { - "+".as_bytes().to_vec() + b"+".to_vec() } else { Vec::new() }; @@ -217,11 +217,9 @@ impl Sending { prefix.extend_from_slice(server.as_bytes()); prefix.push(0xff); - if servercurrentpdus + servercurrentpdus .compare_and_swap(prefix, Option::<&[u8]>::None, Some(&[])) // Try to reserve - == Ok(Ok(())) { true } else { - false - } + == Ok(Ok(())) }) { servercurrentpdus.insert(&key, &[]).unwrap(); diff --git a/src/ruma_wrapper.rs b/src/ruma_wrapper.rs index 898561f8..188d1b6f 100644 --- a/src/ruma_wrapper.rs +++ b/src/ruma_wrapper.rs @@ -1,17 +1,17 @@ use crate::Error; use ruma::{ - api::{AuthScheme, OutgoingRequest}, identifiers::{DeviceId, UserId}, Outgoing, }; use std::{ - convert::{TryFrom, TryInto}, + convert::{TryInto}, ops::Deref, }; #[cfg(feature = "conduit_bin")] use { crate::utils, + ruma::api::{AuthScheme, OutgoingRequest}, log::{debug, warn}, rocket::{ data::{ @@ -25,6 +25,7 @@ use { Request, State, }, std::io::Cursor, + std::convert::TryFrom, }; /// This struct converts rocket requests into ruma structs by converting them into http requests diff --git a/src/server_server.rs b/src/server_server.rs index 00f31ca3..a3fac181 100644 --- a/src/server_server.rs +++ b/src/server_server.rs @@ -3,7 +3,7 @@ use get_profile_information::v1::ProfileField; use http::header::{HeaderValue, AUTHORIZATION, HOST}; use log::{info, warn}; use regex::Regex; -use rocket::{get, post, put, response::content::Json, State}; +use rocket::{response::content::Json, State}; use ruma::{ api::{ federation::{ @@ -29,6 +29,10 @@ use std::{ net::{IpAddr, SocketAddr}, time::{Duration, SystemTime}, }; +#[cfg(feature = "conduit_bin")] +use { + rocket::{get, post, put} +}; #[tracing::instrument(skip(globals))] pub async fn send_request( @@ -591,7 +595,7 @@ pub async fn send_transaction_message_route<'a>( .get("users") .and_then(|users| users.as_sequence()) .map_or_else( - || Vec::new(), + Vec::new, |users| { users .iter() @@ -623,7 +627,7 @@ pub async fn send_transaction_message_route<'a>( .and_then(|string| { UserId::parse_with_server_name(string, db.globals.server_name()).ok() }); - + #[allow(clippy::blocks_in_if_conditions)] if bridge_user_id.map_or(false, |bridge_user_id| { db.rooms .is_joined(&bridge_user_id, room_id) From bb1064ce04fb66594f4de7b61b60d05d05ef5730 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Timo=20K=C3=B6sters?= Date: Thu, 4 Mar 2021 15:28:28 +0100 Subject: [PATCH 04/14] docs: small readme changes --- README.md | 49 +++++++++++++++++++++++++------------------------ 1 file changed, 25 insertions(+), 24 deletions(-) diff --git a/README.md b/README.md index 8e4b1b70..bff15e66 100644 --- a/README.md +++ b/README.md @@ -1,25 +1,43 @@ # Conduit ### A Matrix homeserver written in Rust -[![Liberapay](https://img.shields.io/liberapay/receives/timokoesters?logo=liberapay)](https://liberapay.com/timokoesters) -[![Matrix](https://img.shields.io/matrix/conduit:conduit.rs?server_fqdn=conduit.koesters.xyz)](https://matrix.to/#/#conduit:matrix.org) - #### What is the goal? A fast Matrix homeserver that's easy to set up and just works. You can install it on a mini-computer like the Raspberry Pi to host Matrix for your family, friends or company. + #### Can I try it out? Yes! Just open a Matrix client ( or Element Android for example) and register on the `https://conduit.koesters.xyz` homeserver. + +#### What is it build on? + +- [Ruma](https://www.ruma.io): Useful structures for endpoint requests and + responses that can be (de)serialized +- [Sled](https://github.com/spacejam/sled): A simple (key, value) database with + good performance +- [Rocket](https://rocket.rs): A flexible web framework + + +#### What are the biggest things still missing? + +- Most federation features (invites, e2ee) +- Push notifications on mobile +- Notification settings +- Lots of testing + +Check out the [Conduit 1.0 Release Milestone](https://gitlab.com/famedly/conduit/-/milestones/3). + + #### How can I deploy my own? ##### Deploy -Download or compile a conduit binary and call it from somewhere like a systemd script. [Read +Download or compile a Conduit binary, set up the config and call it from somewhere like a systemd script. [Read more](DEPLOY.md) ##### Deploy using Docker @@ -33,32 +51,15 @@ docker run -d -p 8448:8000 -v db:/srv/conduit/.local/share/conduit matrixconduit Or build and run it with docker or docker-compose. [Read more](docker/README.md) -#### What is it build on? - -- [Ruma](https://www.ruma.io): Useful structures for endpoint requests and - responses that can be (de)serialized -- [Sled](https://github.com/spacejam/sled): A simple (key, value) database with - good performance -- [Rocket](https://rocket.rs): A flexible web framework - -#### What are the biggest things still missing? - -- Appservices (Bridges and Bots) -- Most federation features (invites, e2ee) -- Push notifications on mobile -- Notification settings -- Lots of testing - -Also check out the [milestones](https://git.koesters.xyz/timo/conduit/milestones). #### How can I contribute? 1. Look for an issue you would like to work on and make sure it's not assigned to other users 2. Ask someone to assign the issue to you (comment on the issue or chat in - #conduit:matrix.org) -3. Fork the repo and work on the issue. #conduit:matrix.org is happy to help :) -4. Submit a PR + #conduit:nordgedanken.dev) +3. Fork the repo and work on the issue. #conduit:nordgedanken.dev is happy to help :) +4. Submit a MR #### Donate From 156296ac051a83cf009cd399dc097164238a6a18 Mon Sep 17 00:00:00 2001 From: Rudi Floren Date: Thu, 4 Mar 2021 17:22:23 +0000 Subject: [PATCH 05/14] Fix Complement CI paths The final container tried to COPY from the default cargo target dir, but we only checked if cached_target is present. We copy from cached_target to target when cached_target is present now in the builder --- tests/Complement.Dockerfile | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/tests/Complement.Dockerfile b/tests/Complement.Dockerfile index 370db7cd..7deb6e88 100644 --- a/tests/Complement.Dockerfile +++ b/tests/Complement.Dockerfile @@ -9,7 +9,9 @@ ARG SCCACHE_ENDPOINT ARG SCCACHE_S3_USE_SSL COPY . . -RUN test -e cached_target/release/conduit || cargo build --release +RUN mkdir -p target/release +RUN test -e cached_target/release/conduit && cp cached_target/release/conduit target/release/conduit || cargo build --release + FROM valkum/docker-rust-ci:latest WORKDIR /workdir @@ -37,4 +39,4 @@ CMD ([ -z "${COMPLEMENT_CA}" ] && echo "Error: Need Complement PKI support" && t sed -i "s/your.server.name/${SERVER_NAME}/g" caddy.json && \ /workdir/caddy start --config caddy.json > /dev/null && \ /workdir/conduit - \ No newline at end of file + From 96431069a9bc72cc4cf79a030e9f68a371910201 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Timo=20K=C3=B6sters?= Date: Thu, 4 Mar 2021 21:26:30 +0100 Subject: [PATCH 06/14] docs: add icon and license to readme --- README.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/README.md b/README.md index bff15e66..32fa6572 100644 --- a/README.md +++ b/README.md @@ -65,3 +65,9 @@ Or build and run it with docker or docker-compose. [Read more](docker/README.md) Liberapay: \ Bitcoin: `bc1qnnykf986tw49ur7wx9rpw2tevpsztvar5x8w4n` + + +#### Logo + +Lightning Bolt Logo: https://github.com/mozilla/fxemoji/blob/gh-pages/svgs/nature/u26A1-bolt.svg \ +Logo License: https://github.com/mozilla/fxemoji/blob/gh-pages/LICENSE.md From 7bc58461cd5378889fa45fe6fa65997a09f16c16 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Timo=20K=C3=B6sters?= Date: Fri, 12 Mar 2021 16:22:35 +0100 Subject: [PATCH 07/14] fix: avoid illegal instruction crash see https://github.com/spacejam/sled/issues/1232 --- Cargo.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Cargo.toml b/Cargo.toml index 03515436..8addf501 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -30,7 +30,7 @@ state-res = { git = "https://github.com/ruma/state-res", branch = "timo-spec-com # Used for long polling and federation sender, should be the same as rocket::tokio tokio = "1.2.0" # Used for storing data permanently -sled = { version = "0.34.6", default-features = false } +sled = { version = "0.34.6", features = ["no_metrics"] } # Used for emitting log entries log = "0.4.14" # Used for rocket<->ruma conversions From d0d5bc412b570e10e9233b3b917e838cfd04df29 Mon Sep 17 00:00:00 2001 From: Jonathan de Jong Date: Sat, 13 Mar 2021 20:33:16 +0100 Subject: [PATCH 08/14] Add more gitignore --- .gitignore | 63 ++++++++++++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 61 insertions(+), 2 deletions(-) diff --git a/.gitignore b/.gitignore index efbc1d9e..e2f4e882 100644 --- a/.gitignore +++ b/.gitignore @@ -1,5 +1,64 @@ -/target -**/*.rs.bk +# CMake +cmake-build-*/ +# IntelliJ +.idea/ +out/ +*.iml +modules.xml +*.ipr + +# mpeltonen/sbt-idea plugin +.idea_modules/ + +# Linux backup files +*~ + +# temporary files which can be created if a process still has a handle open of a deleted file +.fuse_hidden* + +# KDE directory preferences +.directory + +# Linux trash folder which might appear on any partition or disk +.Trash-* + +# .nfs files are created when an open file is removed but is still being accessed +.nfs* + +# Rust +/target/ + +### vscode ### +.vscode/* +!.vscode/settings.json +!.vscode/tasks.json +!.vscode/launch.json +!.vscode/extensions.json +*.code-workspace + +### Windows ### +# Windows thumbnail cache files +Thumbs.db +Thumbs.db:encryptable +ehthumbs.db +ehthumbs_vista.db + +# Dump file +*.stackdump + +# Folder config file +[Dd]esktop.ini + +# Recycle Bin used on file shares +$RECYCLE.BIN/ + +# Windows shortcuts +*.lnk + +# Conduit Rocket.toml conduit.toml + +# Etc. +**/*.rs.bk From 03670282037c56d870605fb6e00c637c488a8c28 Mon Sep 17 00:00:00 2001 From: Jonathan de Jong Date: Sun, 14 Mar 2021 11:55:28 +0100 Subject: [PATCH 09/14] add settings.json --- .vscode/settings.json | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 .vscode/settings.json diff --git a/.vscode/settings.json b/.vscode/settings.json new file mode 100644 index 00000000..c3f66054 --- /dev/null +++ b/.vscode/settings.json @@ -0,0 +1,3 @@ +{ + "rust-analyzer.procMacro.enable": true +} \ No newline at end of file From 246e4735fdcb7e3f2ad4c9078a34a90a5062db92 Mon Sep 17 00:00:00 2001 From: Mariusz Kogen Date: Fri, 2 Apr 2021 22:11:14 +0000 Subject: [PATCH 10/14] No need to log out and back in fix --- CROSS_COMPILE.md | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/CROSS_COMPILE.md b/CROSS_COMPILE.md index 3c7bbcb5..4728768c 100644 --- a/CROSS_COMPILE.md +++ b/CROSS_COMPILE.md @@ -1,13 +1,10 @@ Install docker: - +``` $ sudo apt install docker $ sudo usermod -aG docker $USER - -Then log out and back in. - +$ exec sudo su -l $USER $ sudo systemctl start docker - $ cargo install cross $ cross build --release --features tls_vendored --target armv7-unknown-linux-musleabihf - +``` The cross-compiled binary is at target/armv7-unknown-linux-musleabihf/release/conduit From 9b2f8730bb7123a29c09e87cc60b681b1b8ec3c1 Mon Sep 17 00:00:00 2001 From: Marcel Date: Tue, 6 Apr 2021 12:26:47 +0000 Subject: [PATCH 11/14] fix: Do not run conduit as root instead use a separate user --- DEPLOY.md | 22 ++++++++++++++++++++-- 1 file changed, 20 insertions(+), 2 deletions(-) diff --git a/DEPLOY.md b/DEPLOY.md index b547b644..0faa2776 100644 --- a/DEPLOY.md +++ b/DEPLOY.md @@ -18,6 +18,14 @@ $ sudo wget -O /usr/local/bin/matrix-conduit $ sudo chmod +x /usr/local/bin/matrix-conduit ``` +## Adding a conduit user + +While conduit can run as any user it is usually better to use dedicated users for different services. +This also allows you to make sure that the file permissions are correctly set up. + +In debian you can use this command to create a conduit user: + +`sudo adduser --system conduit --no-create-home` ## Setting up a systemd service @@ -33,8 +41,8 @@ After=network.target [Service] Environment="CONDUIT_CONFIG=/etc/matrix-conduit/conduit.toml" -User=root -Group=root +User=conduit +Group=nogroup Restart=always ExecStart=/usr/local/bin/matrix-conduit @@ -91,6 +99,16 @@ allow_federation = true address = "127.0.0.1" # This makes sure Conduit can only be reached using the reverse proxy ``` +## Setting the correct file permissions + +As we are using a conduit specific user we need to allow it to read the config. +To do that you can run this command on debian: + +`sudo chown -R conduit:nogroup /etc/matrix-conduit` + +If you use the default database path you also need to run this. (It might be that you first need to create that folder): + +`sudo chown -R conduit:nogroup /var/lib/matrix-conduit/conduit_db` ## Setting up the Reverse Proxy From c267c0f09e8733e29efbc6bd0611a85826aae720 Mon Sep 17 00:00:00 2001 From: Marcel Date: Tue, 6 Apr 2021 13:17:39 +0000 Subject: [PATCH 12/14] fix: use full codeblocks and capitalize Conduit and Debian --- DEPLOY.md | 24 ++++++++++++++++-------- 1 file changed, 16 insertions(+), 8 deletions(-) diff --git a/DEPLOY.md b/DEPLOY.md index 0faa2776..f801e295 100644 --- a/DEPLOY.md +++ b/DEPLOY.md @@ -18,14 +18,16 @@ $ sudo wget -O /usr/local/bin/matrix-conduit $ sudo chmod +x /usr/local/bin/matrix-conduit ``` -## Adding a conduit user +## Adding a Conduit user While conduit can run as any user it is usually better to use dedicated users for different services. This also allows you to make sure that the file permissions are correctly set up. -In debian you can use this command to create a conduit user: +In Debian you can use this command to create a Conduit user: -`sudo adduser --system conduit --no-create-home` +``` +sudo adduser --system conduit --no-create-home +``` ## Setting up a systemd service @@ -101,14 +103,20 @@ address = "127.0.0.1" # This makes sure Conduit can only be reached using the re ## Setting the correct file permissions -As we are using a conduit specific user we need to allow it to read the config. -To do that you can run this command on debian: +As we are using a Conduit specific user we need to allow it to read the config. +To do that you can run this command on Debian: -`sudo chown -R conduit:nogroup /etc/matrix-conduit` +``` +sudo chown -R conduit:nogroup /etc/matrix-conduit +``` -If you use the default database path you also need to run this. (It might be that you first need to create that folder): +If you use the default database path you also need to run this: + +``` +sudo mkdir -p /var/lib/matrix-conduit/conduit_db +sudo chown -R conduit:nogroup /var/lib/matrix-conduit/conduit_db +``` -`sudo chown -R conduit:nogroup /var/lib/matrix-conduit/conduit_db` ## Setting up the Reverse Proxy From dd6985059899c22ca10a76684f5fe2696d36033f Mon Sep 17 00:00:00 2001 From: Marcel Date: Sun, 11 Apr 2021 10:50:38 +0000 Subject: [PATCH 13/14] docs: Fix missing _matrix in apache config --- DEPLOY.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/DEPLOY.md b/DEPLOY.md index f801e295..53ca2ea5 100644 --- a/DEPLOY.md +++ b/DEPLOY.md @@ -133,8 +133,8 @@ Listen 8448 ServerName your.server.name # EDIT THIS AllowEncodedSlashes NoDecode -ProxyPass /_matrix/ http://localhost:6167/ -ProxyPassReverse /_matrix/ http://localhost:6167/ +ProxyPass /_matrix/ http://localhost:6167/_matrix/ +ProxyPassReverse /_matrix/ http://localhost:6167/_matrix/ Include /etc/letsencrypt/options-ssl-apache.conf SSLCertificateFile /etc/letsencrypt/live/your.server.name/fullchain.pem # EDIT THIS From ac99e05714767bfcca27dbbbc3725b2e7548f61c Mon Sep 17 00:00:00 2001 From: Marcel Date: Sun, 11 Apr 2021 10:51:43 +0000 Subject: [PATCH 14/14] docs: capitalize a "conduit" that was missed --- DEPLOY.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/DEPLOY.md b/DEPLOY.md index 53ca2ea5..4601ab57 100644 --- a/DEPLOY.md +++ b/DEPLOY.md @@ -20,7 +20,7 @@ $ sudo chmod +x /usr/local/bin/matrix-conduit ## Adding a Conduit user -While conduit can run as any user it is usually better to use dedicated users for different services. +While Conduit can run as any user it is usually better to use dedicated users for different services. This also allows you to make sure that the file permissions are correctly set up. In Debian you can use this command to create a Conduit user: