backups/grapevine
1
0
Fork 0
mirror of https://gitlab.computer.surgery/matrix/grapevine.git synced 2025-12-17 07:41:23 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
2704 commits 35 branches 1 tag 23 MiB
Commit graph

304 commits

Author SHA1 Message Date
Charles Hall
0b4cc6a1b1
add subcmd to repair some persistent state 
This version does state resolution from scratch instead of trusting the
caches in the database.
 2024-11-02 12:57:54 -07:00
Andreas Fuchs
26ba489aa3 Add a "check-config" command to validate config files & tests for it 2024-11-01 12:08:17 -04:00
Lambda
70ee206031 Extract source address for requests 2024-10-25 20:48:38 +00:00
Lambda
3247c64cd8 Add support for HAProxy proxy protocol for listeners 2024-10-25 20:48:38 +00:00
Benjamin Lee
e2318cad8a
fix serving tls by setting rustls default crypto provider 
The rustls version bump in c24f79b79b
introduced a panic when serving listeners with 'tls = true':

> thread 'main' panicked at /nix/store/eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee-vendor-cargo-deps/c19b7c6f923b580ac259164a89f2577984ad5ab09ee9d583b888f934adbbe8d0/rustls-0.23.13/src/crypto/mod.rs:265:14:
> no process-level CryptoProvider available -- call CryptoProvider::install_default() before this point

This commit fixes this by setting the default provider to ring. I chose
ring (the old rustls default) over aws-lc-rs (the new default) for a few
reasons:

 - Judging by github issues, aws-lc-rs seems to have a lot of build problems.
   We don't need more of that.
 - The "motivation" section in the aws-lc-rs docs only talks about FIPS,
   which we do not care about.
 - My past experience with things that start with "aws-" has been very
   negative.
 2024-09-23 23:39:23 -07:00
Charles Hall
b0d1cc1b63
bump otel to v0.24.0 
Someone contributed opentelemetry-prometheus support for v0.24 and this
version also doesn't put stupid requirements on the tokio version. This
version of the OTel ecosystem also fixes an apparent bug with some hacks
I plan on doing in the future...
 2024-09-23 14:22:55 -07:00
Charles Hall
c24f79b79b
update rust deps except rocksdb and otel clownery 
* OTel v0.25.0 requires downgrading Tokio to 1.38 [0]
* They have a fix for this but aren't cutting a release just for release
  schedule reasons [1]
* Prometheus support (at least for server-pull) was dropped at OTel
  v0.23 and isn't planned to be picked up again until OTel v1 [2]
* No real reasoning was provided for this decision AFAICT [3] [4]
* So many compiler errors
* Unhelpful changelogs

The last two points are what made me give up on trying to upgrade to
OTel v0.24 too.

RocksDB isn't updated because we'd need to update our nixpkgs too but
that causes other problems, such as an upstream bug in liburing when
building for musl.

[0]: https://github.com/open-telemetry/opentelemetry-rust/issues/2094
[1]: https://github.com/open-telemetry/opentelemetry-rust/issues/2094#issuecomment-2346834030
[2]: https://docs.rs/opentelemetry-prometheus/0.17.0/opentelemetry_prometheus/index.html
[3]: https://github.com/open-telemetry/opentelemetry-rust/pull/1792
[4]: https://github.com/open-telemetry/opentelemetry-rust/pull/1792#issuecomment-2121514344
 2024-09-23 14:22:55 -07:00
Lambda
5a5bea3217 cargo update ruma httparse 
This adds authenticated media APIs.
 2024-09-01 09:42:45 +00:00
Benjamin Lee
a909e2079b
config options for log format and color usage 
We want to be able to disable colors for complement logs (since they
are likely to be opened in a text editor). There's no pressing need for
alternative log formats, but I'm interested in whether the 'pretty'
format will be easier for debugging.

I chose to add 'log_*' options rather than making a separate 'log'
section for now. There's been some discussion about trying to separate
the tracing/logging stuff into more structured sections, but that can
happen later.
 2024-06-13 21:21:14 -07:00
Charles Hall
70fa17dde0
enable clap's wrap_help feature 
This makes the output easier to read.
 2024-06-12 19:57:00 -07:00
Charles Hall
85e77832e9
follow xdg base dirs spec by default 2024-06-12 19:57:00 -07:00
Charles Hall
2b0bc140cf
drop figment 
Just deserialize directly via the `toml` crate.
 2024-06-12 19:56:59 -07:00
Charles Hall
9364d44ce2
use strum instead 2024-06-05 17:41:39 -07:00
Charles Hall
aa4cd8b1e1
switch to RustCrypto's argon2 crate 2024-06-04 19:35:21 -07:00
Charles Hall
a0b92c82e8
set up opentelemetry for metrics 
Also adds an `allow_prometheus` option (disabled by default) to expose
a `/metrics` endpoint that returns Prometheus data.
 2024-06-03 18:18:44 -07:00
Lambda
62dd097f49 Use Ruma XMatrix type instead of rolling our own 
Both the hand-rolled parser and serialization were wrong in countless
ways. The current Ruma parser is much better, and the Ruma serialization
will be fixed by https://github.com/ruma/ruma/pull/1830.
 2024-06-03 20:50:49 +00:00
Charles Hall
aec314ce85
get tracing-opentelemetry from crates.io 
They made a release with the changes we needed; we can stop pulling it
from git now.
 2024-06-02 17:27:54 -07:00
Charles Hall
a275543494
enable axum's tracing feature 
This pretty much only makes it log a single error event, but it's one
that's useful to know about.
 2024-05-26 19:47:00 -07:00
Charles Hall
8f0fdfb2f2
upgrade all cargo dependencies 
Unfortunately we need to pull tracing-opentelemetry from git because
there hasn't been a release including the dependency bump on the other
opentelemetry crates.
 2024-05-26 19:47:00 -07:00
Charles Hall
b5321d81c0
update flake.lock 
Nixpkgs and `rust-rocksdb` line up so we can drop our RocksDB input for
the time being.

Flake lock file updates:

• Updated input 'attic':
    'github:zhaofengli/attic/6eabc3f02fae3683bffab483e614bebfcd476b21' (2024-02-14)
  → 'github:zhaofengli/attic/4dbdbee45728d8ce5788db6461aaaa89d98081f0' (2024-03-29)
• Updated input 'attic/nixpkgs':
    'github:NixOS/nixpkgs/aa9d4729cbc99dabacb50e3994dcefb3ea0f7447' (2023-12-14)
  → 'github:NixOS/nixpkgs/07262b18b97000d16a4bdb003418bd2fb067a932' (2024-03-25)
• Updated input 'attic/nixpkgs-stable':
    'github:NixOS/nixpkgs/1e2e384c5b7c50dbf8e9c441a9e58d85f408b01f' (2023-12-17)
  → 'github:NixOS/nixpkgs/44733514b72e732bd49f5511bd0203dea9b9a434' (2024-03-26)
• Updated input 'crane':
    'github:ipetkov/crane/55f4939ac59ff8f89c6a4029730a2d49ea09105f' (2024-04-21)
  → 'github:ipetkov/crane/109987da061a1bf452f435f1653c47511587d919' (2024-05-24)
• Updated input 'fenix':
    'github:nix-community/fenix/c8943ea9e98d41325ff57d4ec14736d330b321b2' (2024-03-05)
  → 'github:nix-community/fenix/b6fc5035b28e36a98370d0eac44f4ef3fd323df6' (2024-05-22)
• Updated input 'fenix/rust-analyzer-src':
    'github:rust-lang/rust-analyzer/9f14343f9ee24f53f17492c5f9b653427e2ad15e' (2024-03-04)
  → 'github:rust-lang/rust-analyzer/21ec8f523812b88418b2bfc64240c62b3dd967bd' (2024-05-19)
• Updated input 'flake-utils':
    'github:numtide/flake-utils/d465f4819400de7c8d874d50b982301f28a84605' (2024-02-28)
  → 'github:numtide/flake-utils/b1d9ab70662946ef0850d488da1c9019f3a9752a' (2024-03-11)
• Updated input 'nix-filter':
    'github:numtide/nix-filter/3449dc925982ad46246cfc36469baf66e1b64f17' (2024-01-15)
  → 'github:numtide/nix-filter/3342559a24e85fc164b295c3444e8a139924675b' (2024-03-11)
• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/b8697e57f10292a6165a20f03d2f42920dfaf973' (2024-03-03)
  → 'github:NixOS/nixpkgs/5710852ba686cc1fd0d3b8e22b3117d43ba374c2' (2024-05-21)
• Removed input 'rocksdb'
 2024-05-24 20:08:54 -07:00
Charles Hall
a60501189d
prevent xss via user-uploaded media 
Previously, `Content-Disposition` was always set to `inline`, even for
HTML, which means that XSS could be easily acheived by uploading
malicious HTML and getting someone to click on the Matrix HTTP API link
for that piece of media. Now, we have an allowlist of safe values for
`Content-Type` that use `inline` while everything else defaults to
`attachment`, including HTML and SVG, which prevents XSS.

We also set the `Content-Security-Policy` header because why not.

A `set_header_or_panic` function is introduced to do what it says in
case Ruma begins providing better or worse values for the relevant
headers in the future. The safest way to handle such a case is simply
to panic.
 2024-05-19 21:05:02 -07:00
Charles Hall
e7b8f78867
update rocksdb 
Flake lock file updates:

• Updated input 'rocksdb':
    'github:facebook/rocksdb/bcf88d48ce8aa8b536aee4dd305533b3b83cf435' (2024-04-16)
  → 'github:facebook/rocksdb/6f7cabeac80a3a6150be2c8a8369fcecb107bf43' (2024-04-22)
 2024-05-16 21:50:31 -07:00
Charles Hall
844b32f097
enable string_slice lint 
Also swaps out vendored HTML-escaping code for a dependency that I
imagine has decent testing considering all of its reverse depedencies.
 2024-05-12 19:08:12 -07:00
Charles Hall
360e020b64
rename conduit to grapevine 2024-04-30 21:54:56 -07:00
Charles Hall
c496878afa
remove unused dependencies 2024-04-30 21:54:55 -07:00
Charles Hall
c765a1634d
remove unused database backends 2024-04-30 21:54:39 -07:00
Charles Hall
aa51acf152
remove dead code 2024-04-30 00:08:26 -07:00
Timo Kösters
a854a46c24
Bump version to v0.7.0 2024-04-24 23:24:20 +02:00
Charles Hall
61cb186b5b
update rocksdb 2024-04-21 12:39:27 -07:00
Matthias Ahouansou
1c529529aa
chore: upgrade nix to 0.28 
needed for musl targets on s390x
 2024-04-01 13:36:38 +01:00
Matthias Ahouansou
5c634ceb6b
fix: reject requests with authentication when not used 2024-03-30 16:50:21 +00:00
Timo Kösters
879a8b969d
improvement: use simpler rocksdb config 2024-03-21 15:04:40 +01:00
Charles Hall
10f3f9da49
switch/update rocksdb crate 
This fork was created because the original seems de-facto unmaintained.
 2024-03-10 20:58:01 -07:00
Matthias Ahouansou
21a5fa3ef0 refactor: use re-exported JsOption from ruma rather than directly adding it as a dependency 2024-02-25 10:30:30 +00:00
Matthias Ahouansou
b27e9ea95c chore: bump ruma to latest commit (as of 2024-02-25) 2024-02-25 08:49:20 +00:00
Matthias Ahouansou
8aa915acb9 bump ruma, support deprecated user login field 2024-02-23 20:29:17 +00:00
Matthias Ahouansou
d841b81c56 chore: update Cargo.lock 2024-02-16 20:52:19 +00:00
Charles Hall
7fb9e99649
update ring and jsonwebtoken to remove ring ^0.16 2024-01-29 16:21:42 -08:00
Charles Hall
1274b48ebb
run cargo update 
`IndexMap::remove` was deprecated in favor of explicitly named methods.
I assume that we actually needed to be using `shift_remove`, otherwise
we probably wouldn't be bothering with `indexmap` here in the first
place. I wonder if this fixes any bugs lol
 2024-01-29 16:17:25 -08:00
Tobias Bucher
69d0003222 Use upstream reqwest instead of vendored one 
This uses the `ClientBuilder::dns_resolver` function that was added in
reqwest 0.11.13, instead of the homebrew `ClientBuilder::resolve_fn`.
 2024-01-24 17:12:43 +01:00
Charles Hall
dc2f53e773
comment out heed backend things 
The code in conduit doesn't compile.
 2024-01-18 12:27:48 -08:00
Timo Kösters
75c80df271
Sliding sync improvements and redaction fixes 2023-09-13 20:54:53 +02:00
Timo Kösters
11103a92ed
Do not show "Invalid room version" errors when server is not in room 2023-08-11 10:48:48 +02:00
Timo Kösters
5d16948030
Bump version to v0.6.0 2023-08-10 18:57:52 +02:00
Timo Kösters
3e518773e2 Merge branch 'improvements' into 'next' 
cross signing fixes

See merge request famedly/conduit!532
 2023-08-07 16:11:11 +00:00
Timo Kösters
d82c26f0a9
Avatars for sliding sync DMs 2023-08-07 17:54:08 +02:00
Timo Kösters
06ab707c79 Merge branch 'rusqlite-update' into 'next' 
bump rusqlite to 0.29.0

See merge request famedly/conduit!529
 2023-08-02 05:06:54 +00:00
June
fbb256dd91 bump rusqlite to 0.29.0 
Signed-off-by: June <june@girlboss.ceo>
 2023-08-01 15:09:55 -10:00
June
5a7bade476 update base64 to 0.21.2 
Signed-off-by: June <june@girlboss.ceo>
 2023-08-01 14:48:50 -10:00
Charles Hall
291290db92
maximize fd limit 2023-07-26 13:24:44 -07:00