backups/grapevine
1
0
Fork 0
mirror of https://gitlab.computer.surgery/matrix/grapevine.git synced 2025-12-17 07:41:23 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Support specifying old_verify_keys in config

Browse source
This commit is contained in:
Lambda 2024-09-13 14:46:27 +00:00
parent 5691cf0868
commit 458a7458dc
3 changed files with 22 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

2
book/changelog.md
View file

@ -222,3 +222,5 @@ This will be the first release of Grapevine since it was forked from Conduit
([!58](https://gitlab.computer.surgery/matrix/grapevine-fork/-/merge_requests/58)) ([!58](https://gitlab.computer.surgery/matrix/grapevine-fork/-/merge_requests/58))
16. Added support for configuring and serving `/.well-known/matrix/...` data. 16. Added support for configuring and serving `/.well-known/matrix/...` data.
([!90](https://gitlab.computer.surgery/matrix/grapevine-fork/-/merge_requests/90)) ([!90](https://gitlab.computer.surgery/matrix/grapevine-fork/-/merge_requests/90))
17. Added support for configuring old verify/signing keys in config (`federation.old_verify_keys`)
([!96](https://gitlab.computer.surgery/matrix/grapevine-fork/-/merge_requests/96))

8
src/config.rs
View file

@ -1,12 +1,16 @@
use std::{ use std::{
borrow::Cow, borrow::Cow,
collections::BTreeMap,
fmt::{self, Display}, fmt::{self, Display},
net::{IpAddr, Ipv4Addr}, net::{IpAddr, Ipv4Addr},
path::{Path, PathBuf}, path::{Path, PathBuf},
}; };
use once_cell::sync::Lazy; use once_cell::sync::Lazy;
use ruma::{OwnedServerName, RoomVersionId}; use ruma::{
api::federation::discovery::OldVerifyKey, OwnedServerName,
OwnedServerSigningKeyId, RoomVersionId,
};
use serde::Deserialize; use serde::Deserialize;
use crate::error; use crate::error;
@ -288,6 +292,7 @@ pub(crate) struct FederationConfig {
pub(crate) trusted_servers: Vec<OwnedServerName>, pub(crate) trusted_servers: Vec<OwnedServerName>,
pub(crate) max_fetch_prev_events: u16, pub(crate) max_fetch_prev_events: u16,
pub(crate) max_concurrent_requests: u16, pub(crate) max_concurrent_requests: u16,
pub(crate) old_verify_keys: BTreeMap<OwnedServerSigningKeyId, OldVerifyKey>,
} }
impl Default for FederationConfig { impl Default for FederationConfig {
@ -299,6 +304,7 @@ impl Default for FederationConfig {
], ],
max_fetch_prev_events: 100, max_fetch_prev_events: 100,
max_concurrent_requests: 100, max_concurrent_requests: 100,
old_verify_keys: BTreeMap::new(),
} }
} }
} }

14
src/service/globals/data.rs
View file

@ -18,17 +18,29 @@ use crate::{services, Result};
/// don't require post-validation /// don't require post-validation
#[derive(Deserialize, Debug, Clone)] #[derive(Deserialize, Debug, Clone)]
pub(crate) struct SigningKeys { pub(crate) struct SigningKeys {
// FIXME: Use [`OwnedServerSigningKeyId`] as key
// Not yet feasibly because they get passed to `verify_event`, see https://github.com/ruma/ruma/pull/1808
pub(crate) verify_keys: BTreeMap<String, VerifyKey>, pub(crate) verify_keys: BTreeMap<String, VerifyKey>,
pub(crate) old_verify_keys: BTreeMap<String, OldVerifyKey>, pub(crate) old_verify_keys: BTreeMap<String, OldVerifyKey>,
pub(crate) valid_until_ts: MilliSecondsSinceUnixEpoch, pub(crate) valid_until_ts: MilliSecondsSinceUnixEpoch,
} }
impl SigningKeys { impl SigningKeys {
/// Creates the `SigningKeys` struct, using the keys of the current server /// Creates the `SigningKeys` struct, using the keys of the current server
pub(crate) fn load_own_keys() -> Self { pub(crate) fn load_own_keys() -> Self {
let old_verify_keys = services()
.globals
.config
.federation
.old_verify_keys
.iter()
.map(|(id, key)| (id.to_string(), key.clone()))
.collect();
let mut keys = Self { let mut keys = Self {
verify_keys: BTreeMap::new(), verify_keys: BTreeMap::new(),
old_verify_keys: BTreeMap::new(), old_verify_keys,
valid_until_ts: MilliSecondsSinceUnixEpoch::from_system_time( valid_until_ts: MilliSecondsSinceUnixEpoch::from_system_time(
SystemTime::now() + Duration::from_secs(7 * 86400), SystemTime::now() + Duration::from_secs(7 * 86400),
) )