Merge pull request #185 from matrix-org/erikj/listeners_config

Change listener config.
2024-10-01 05:36:05 +00:00 · 2015-06-15 18:05:58 +01:00 · 2015-06-15 18:05:58 +01:00 · bc42ca121f
commit bc42ca121f
parent f0583f65e1 9d0326baa6
6 changed files with 328 additions and 209 deletions
--- a/synapse/app/homeserver.py
+++ b/synapse/app/homeserver.py
@ -34,7 +34,7 @@ from twisted.application import service
 from twisted.enterprise import adbapi
 from twisted.web.resource import Resource, EncodingResourceWrapper
 from twisted.web.static import File
-from twisted.web.server import Site, GzipEncoderFactory
+from twisted.web.server import Site, GzipEncoderFactory, Request
 from twisted.web.http import proxiedLogFormatter, combinedLogFormatter
 from synapse.http.server import JsonResource, RootRedirect
 from synapse.rest.media.v0.content_repository import ContentRepoResource
@ -63,7 +63,6 @@ import synapse
 import logging
 import os
 import re
 import resource
 import subprocess
@ -87,16 +86,10 @@ class SynapseHomeServer(HomeServer):
        return MatrixFederationHttpClient(self)
    def build_resource_for_client(self):
-        res = ClientV1RestResource(self)
+        return ClientV1RestResource(self)
        if self.config.gzip_responses:
            res = gz_wrap(res)
        return res
    def build_resource_for_client_v2_alpha(self):
-        res = ClientV2AlphaRestResource(self)
+        return ClientV2AlphaRestResource(self)
        if self.config.gzip_responses:
            res = gz_wrap(res)
        return res
    def build_resource_for_federation(self):
        return JsonResource(self)
@ -145,152 +138,102 @@ class SynapseHomeServer(HomeServer):
            **self.db_config.get("args", {})
        )
-    def create_resource_tree(self, redirect_root_to_web_client):
+    def _listener_http(self, config, listener_config):
-        """Create the resource tree for this Home Server.
+        port = listener_config["port"]
        bind_address = listener_config.get("bind_address", "")
        tls = listener_config.get("tls", False)
-        This in unduly complicated because Twisted does not support putting
+        if tls and config.no_tls:
-        child resources more than 1 level deep at a time.
+            return
        Args:
            web_client (bool): True to enable the web client.
            redirect_root_to_web_client (bool): True to redirect '/' to the
            location of the web client. This does nothing if web_client is not
            True.
        """
        config = self.get_config()
        web_client = config.web_client
        # list containing (path_str, Resource) e.g:
        # [ ("/aaa/bbb/cc", Resource1), ("/aaa/dummy", Resource2) ]
        desired_tree = [
            (CLIENT_PREFIX, self.get_resource_for_client()),
            (CLIENT_V2_ALPHA_PREFIX, self.get_resource_for_client_v2_alpha()),
            (FEDERATION_PREFIX, self.get_resource_for_federation()),
            (CONTENT_REPO_PREFIX, self.get_resource_for_content_repo()),
            (SERVER_KEY_PREFIX, self.get_resource_for_server_key()),
            (SERVER_KEY_V2_PREFIX, self.get_resource_for_server_key_v2()),
            (MEDIA_PREFIX, self.get_resource_for_media_repository()),
            (STATIC_PREFIX, self.get_resource_for_static_content()),
        ]
        if web_client:
            logger.info("Adding the web client.")
            desired_tree.append((WEB_CLIENT_PREFIX,
                                self.get_resource_for_web_client()))
        if web_client and redirect_root_to_web_client:
            self.root_resource = RootRedirect(WEB_CLIENT_PREFIX)
        else:
            self.root_resource = Resource()
        metrics_resource = self.get_resource_for_metrics()
        if config.metrics_port is None and metrics_resource is not None:
            desired_tree.append((METRICS_PREFIX, metrics_resource))
-        # ideally we'd just use getChild and putChild but getChild doesn't work
+        resources = {}
-        # unless you give it a Request object IN ADDITION to the name :/ So
+        for res in listener_config["resources"]:
-        # instead, we'll store a copy of this mapping so we can actually add
+            for name in res["names"]:
-        # extra resources to existing nodes. See self._resource_id for the key.
+                if name == "client":
-        resource_mappings = {}
+                    if res["compress"]:
-        for full_path, res in desired_tree:
+                        client_v1 = gz_wrap(self.get_resource_for_client())
-            logger.info("Attaching %s to path %s", res, full_path)
+                        client_v2 = gz_wrap(self.get_resource_for_client_v2_alpha())
-            last_resource = self.root_resource
+                    else:
-            for path_seg in full_path.split('/')[1:-1]:
+                        client_v1 = self.get_resource_for_client()
-                if path_seg not in last_resource.listNames():
+                        client_v2 = self.get_resource_for_client_v2_alpha()
                    # resource doesn't exist, so make a "dummy resource"
                    child_resource = Resource()
                    last_resource.putChild(path_seg, child_resource)
                    res_id = self._resource_id(last_resource, path_seg)
                    resource_mappings[res_id] = child_resource
                    last_resource = child_resource
                else:
                    # we have an existing Resource, use that instead.
                    res_id = self._resource_id(last_resource, path_seg)
                    last_resource = resource_mappings[res_id]
-            # ===========================
+                    resources.update({
-            # now attach the actual desired resource
+                        CLIENT_PREFIX: client_v1,
-            last_path_seg = full_path.split('/')[-1]
+                        CLIENT_V2_ALPHA_PREFIX: client_v2,
                    })
-            # if there is already a resource here, thieve its children and
+                if name == "federation":
-            # replace it
+                    resources.update({
-            res_id = self._resource_id(last_resource, last_path_seg)
+                        FEDERATION_PREFIX: self.get_resource_for_federation(),
-            if res_id in resource_mappings:
+                    })
                # there is a dummy resource at this path already, which needs
                # to be replaced with the desired resource.
                existing_dummy_resource = resource_mappings[res_id]
                for child_name in existing_dummy_resource.listNames():
                    child_res_id = self._resource_id(existing_dummy_resource,
                                                     child_name)
                    child_resource = resource_mappings[child_res_id]
                    # steal the children
                    res.putChild(child_name, child_resource)
-            # finally, insert the desired resource in the right place
+                if name in ["static", "client"]:
-            last_resource.putChild(last_path_seg, res)
+                    resources.update({
-            res_id = self._resource_id(last_resource, last_path_seg)
+                        STATIC_PREFIX: self.get_resource_for_static_content(),
-            resource_mappings[res_id] = res
+                    })
-        return self.root_resource
+                if name in ["media", "federation", "client"]:
                    resources.update({
                        MEDIA_PREFIX: self.get_resource_for_media_repository(),
                        CONTENT_REPO_PREFIX: self.get_resource_for_content_repo(),
                    })
-    def _resource_id(self, resource, path_seg):
+                if name in ["keys", "federation"]:
-        """Construct an arbitrary resource ID so you can retrieve the mapping
+                    resources.update({
-        later.
+                        SERVER_KEY_PREFIX: self.get_resource_for_server_key(),
                        SERVER_KEY_V2_PREFIX: self.get_resource_for_server_key_v2(),
                    })
-        If you want to represent resource A putChild resource B with path C,
+                if name == "webclient":
-        the mapping should looks like _resource_id(A,C) = B.
+                    resources[WEB_CLIENT_PREFIX] = self.get_resource_for_web_client()
-        Args:
+                if name == "metrics" and metrics_resource:
-            resource (Resource): The *parent* Resource
+                    resources[METRICS_PREFIX] = metrics_resource
-            path_seg (str): The name of the child Resource to be attached.
+
-        Returns:
+        root_resource = create_resource_tree(resources)
-            str: A unique string which can be a key to the child Resource.
+        if tls:
-        """
+            reactor.listenSSL(
-        return "%s-%s" % (resource, path_seg)
+                port,
                SynapseSite(
                    "synapse.access.https",
                    listener_config,
                    root_resource,
                ),
                self.tls_context_factory,
                interface=bind_address
            )
        else:
            reactor.listenTCP(
                port,
                SynapseSite(
                    "synapse.access.https",
                    listener_config,
                    root_resource,
                ),
                interface=bind_address
            )
        logger.info("Synapse now listening on port %d", port)
    def start_listening(self):
        config = self.get_config()
-        if not config.no_tls and config.bind_port is not None:
+        for listener in config.listeners:
-            reactor.listenSSL(
+            if listener["type"] == "http":
-                config.bind_port,
+                self._listener_http(config, listener)
-                SynapseSite(
+            elif listener["type"] == "manhole":
-                    "synapse.access.https",
+                f = twisted.manhole.telnet.ShellFactory()
-                    config,
+                f.username = "matrix"
-                    self.root_resource,
+                f.password = "rabbithole"
-                ),
+                f.namespace['hs'] = self
-                self.tls_context_factory,
+                reactor.listenTCP(
-                interface=config.bind_host
+                    listener["port"],
-            )
+                    f,
-            logger.info("Synapse now listening on port %d", config.bind_port)
+                    interface=listener.get("bind_address", '127.0.0.1')
-
+                )
-        if config.unsecure_port is not None:
+            else:
-            reactor.listenTCP(
+                logger.warn("Unrecognized listener type: %s", listener["type"])
                config.unsecure_port,
                SynapseSite(
                    "synapse.access.http",
                    config,
                    self.root_resource,
                ),
                interface=config.bind_host
            )
            logger.info("Synapse now listening on port %d", config.unsecure_port)
        metrics_resource = self.get_resource_for_metrics()
        if metrics_resource and config.metrics_port is not None:
            reactor.listenTCP(
                config.metrics_port,
                SynapseSite(
                    "synapse.access.metrics",
                    config,
                    metrics_resource,
                ),
                interface=config.metrics_bind_host,
            )
            logger.info(
                "Metrics now running on %s port %d",
                config.metrics_bind_host, config.metrics_port,
            )
    def run_startup_checks(self, db_conn, database_engine):
        all_users_native = are_all_users_on_domain(
@ -425,11 +368,6 @@ def setup(config_options):
    events.USE_FROZEN_DICTS = config.use_frozen_dicts
    if re.search(":[0-9]+$", config.server_name):
        domain_with_port = config.server_name
    else:
        domain_with_port = "%s:%s" % (config.server_name, config.bind_port)
    tls_context_factory = context_factory.ServerContextFactory(config)
    database_engine = create_engine(config.database_config["name"])
@ -437,7 +375,6 @@ def setup(config_options):
    hs = SynapseHomeServer(
        config.server_name,
        domain_with_port=domain_with_port,
        upload_dir=os.path.abspath("uploads"),
        db_config=config.database_config,
        tls_context_factory=tls_context_factory,
@ -447,10 +384,6 @@ def setup(config_options):
        database_engine=database_engine,
    )
    hs.create_resource_tree(
        redirect_root_to_web_client=True,
    )
    logger.info("Preparing database: %r...", config.database_config)
    try:
@ -475,13 +408,6 @@ def setup(config_options):
    logger.info("Database prepared in %r.", config.database_config)
    if config.manhole:
        f = twisted.manhole.telnet.ShellFactory()
        f.username = "matrix"
        f.password = "rabbithole"
        f.namespace['hs'] = hs
        reactor.listenTCP(config.manhole, f, interface='127.0.0.1')
    hs.start_listening()
    hs.get_pusherpool().start()
@ -507,6 +433,28 @@ class SynapseService(service.Service):
        return self._port.stopListening()
 class XForwardedForRequest(Request):
    def __init__(self, *args, **kw):
        Request.__init__(self, *args, **kw)
    """
    Add a layer on top of another request that only uses the value of an
    X-Forwarded-For header as the result of C{getClientIP}.
    """
    def getClientIP(self):
        """
        @return: The client address (the first address) in the value of the
            I{X-Forwarded-For header}.  If the header is not present, return
            C{b"-"}.
        """
        return self.requestHeaders.getRawHeaders(
            b"x-forwarded-for", [b"-"])[0].split(b",")[0].strip()
 def XForwardedFactory(*args, **kwargs):
    return XForwardedForRequest(*args, **kwargs)
 class SynapseSite(Site):
    """
    Subclass of a twisted http Site that does access logging with python's
@ -514,7 +462,8 @@ class SynapseSite(Site):
    """
    def __init__(self, logger_name, config, resource, *args, **kwargs):
        Site.__init__(self, resource, *args, **kwargs)
-        if config.captcha_ip_origin_is_x_forwarded:
+        if config.get("x_forwarded", False):
            self.requestFactory = XForwardedFactory
            self._log_formatter = proxiedLogFormatter
        else:
            self._log_formatter = combinedLogFormatter
@ -525,6 +474,87 @@ class SynapseSite(Site):
        self.access_logger.info(line)
 def create_resource_tree(desired_tree, redirect_root_to_web_client=True):
    """Create the resource tree for this Home Server.
    This in unduly complicated because Twisted does not support putting
    child resources more than 1 level deep at a time.
    Args:
        web_client (bool): True to enable the web client.
        redirect_root_to_web_client (bool): True to redirect '/' to the
        location of the web client. This does nothing if web_client is not
        True.
    """
    if redirect_root_to_web_client and WEB_CLIENT_PREFIX in desired_tree:
        root_resource = RootRedirect(WEB_CLIENT_PREFIX)
    else:
        root_resource = Resource()
    # ideally we'd just use getChild and putChild but getChild doesn't work
    # unless you give it a Request object IN ADDITION to the name :/ So
    # instead, we'll store a copy of this mapping so we can actually add
    # extra resources to existing nodes. See self._resource_id for the key.
    resource_mappings = {}
    for full_path, res in desired_tree.items():
        logger.info("Attaching %s to path %s", res, full_path)
        last_resource = root_resource
        for path_seg in full_path.split('/')[1:-1]:
            if path_seg not in last_resource.listNames():
                # resource doesn't exist, so make a "dummy resource"
                child_resource = Resource()
                last_resource.putChild(path_seg, child_resource)
                res_id = _resource_id(last_resource, path_seg)
                resource_mappings[res_id] = child_resource
                last_resource = child_resource
            else:
                # we have an existing Resource, use that instead.
                res_id = _resource_id(last_resource, path_seg)
                last_resource = resource_mappings[res_id]
        # ===========================
        # now attach the actual desired resource
        last_path_seg = full_path.split('/')[-1]
        # if there is already a resource here, thieve its children and
        # replace it
        res_id = _resource_id(last_resource, last_path_seg)
        if res_id in resource_mappings:
            # there is a dummy resource at this path already, which needs
            # to be replaced with the desired resource.
            existing_dummy_resource = resource_mappings[res_id]
            for child_name in existing_dummy_resource.listNames():
                child_res_id = _resource_id(
                    existing_dummy_resource, child_name
                )
                child_resource = resource_mappings[child_res_id]
                # steal the children
                res.putChild(child_name, child_resource)
        # finally, insert the desired resource in the right place
        last_resource.putChild(last_path_seg, res)
        res_id = _resource_id(last_resource, last_path_seg)
        resource_mappings[res_id] = res
    return root_resource
 def _resource_id(resource, path_seg):
    """Construct an arbitrary resource ID so you can retrieve the mapping
    later.
    If you want to represent resource A putChild resource B with path C,
    the mapping should looks like _resource_id(A,C) = B.
    Args:
        resource (Resource): The *parent* Resource
        path_seg (str): The name of the child Resource to be attached.
    Returns:
        str: A unique string which can be a key to the child Resource.
    """
    return "%s-%s" % (resource, path_seg)
 def run(hs):
    PROFILE_SYNAPSE = False
    if PROFILE_SYNAPSE:
--- a/synapse/config/captcha.py
+++ b/synapse/config/captcha.py
@ -21,10 +21,6 @@ class CaptchaConfig(Config):
        self.recaptcha_private_key = config["recaptcha_private_key"]
        self.recaptcha_public_key = config["recaptcha_public_key"]
        self.enable_registration_captcha = config["enable_registration_captcha"]
        # XXX: This is used for more than just captcha
        self.captcha_ip_origin_is_x_forwarded = (
            config["captcha_ip_origin_is_x_forwarded"]
        )
        self.captcha_bypass_secret = config.get("captcha_bypass_secret")
        self.recaptcha_siteverify_api = config["recaptcha_siteverify_api"]
@ -43,10 +39,6 @@ class CaptchaConfig(Config):
        # public/private key.
        enable_registration_captcha: False
        # When checking captchas, use the X-Forwarded-For (XFF) header
        # as the client IP and not the actual client IP.
        captcha_ip_origin_is_x_forwarded: False
        # A secret key used to bypass the captcha test entirely.
        #captcha_bypass_secret: "YOUR_SECRET_HERE"
--- a/synapse/config/metrics.py
+++ b/synapse/config/metrics.py
@ -28,10 +28,4 @@ class MetricsConfig(Config):
        # Enable collection and rendering of performance metrics
        enable_metrics: False
        # Separate port to accept metrics requests on
        # metrics_port: 8081
        # Which host to bind the metric listener to
        # metrics_bind_host: 127.0.0.1
        """
--- a/synapse/config/server.py
+++ b/synapse/config/server.py
@ -20,26 +20,97 @@ class ServerConfig(Config):
    def read_config(self, config):
        self.server_name = config["server_name"]
        self.bind_port = config["bind_port"]
        self.bind_host = config["bind_host"]
        self.unsecure_port = config["unsecure_port"]
        self.manhole = config.get("manhole")
        self.pid_file = self.abspath(config.get("pid_file"))
        self.web_client = config["web_client"]
        self.soft_file_limit = config["soft_file_limit"]
        self.daemonize = config.get("daemonize")
        self.use_frozen_dicts = config.get("use_frozen_dicts", True)
-        self.gzip_responses = config["gzip_responses"]
+
        self.listeners = config.get("listeners", [])
        bind_port = config.get("bind_port")
        if bind_port:
            self.listeners = []
            bind_host = config.get("bind_host", "")
            gzip_responses = config.get("gzip_responses", True)
            names = ["client", "webclient"] if self.web_client else ["client"]
            self.listeners.append({
                "port": bind_port,
                "bind_address": bind_host,
                "tls": True,
                "type": "http",
                "resources": [
                    {
                        "names": names,
                        "compress": gzip_responses,
                    },
                    {
                        "names": ["federation"],
                        "compress": False,
                    }
                ]
            })
            unsecure_port = config.get("unsecure_port", bind_port - 400)
            if unsecure_port:
                self.listeners.append({
                    "port": unsecure_port,
                    "bind_address": bind_host,
                    "tls": False,
                    "type": "http",
                    "resources": [
                        {
                            "names": names,
                            "compress": gzip_responses,
                        },
                        {
                            "names": ["federation"],
                            "compress": False,
                        }
                    ]
                })
        manhole = config.get("manhole")
        if manhole:
            self.listeners.append({
                "port": manhole,
                "bind_address": "127.0.0.1",
                "type": "manhole",
            })
        metrics_port = config.get("metrics_port")
        if metrics_port:
            self.listeners.append({
                "port": metrics_port,
                "bind_address": config.get("metrics_bind_host", "127.0.0.1"),
                "tls": False,
                "type": "http",
                "resources": [
                    {
                        "names": ["metrics"],
                        "compress": False,
                    },
                ]
            })
        # Attempt to guess the content_addr for the v0 content repostitory
        content_addr = config.get("content_addr")
        if not content_addr:
            for listener in self.listeners:
                if listener["type"] == "http" and not listener.get("tls", False):
                    unsecure_port = listener["port"]
                    break
            else:
                raise RuntimeError("Could not determine 'content_addr'")
            host = self.server_name
            if ':' not in host:
-                host = "%s:%d" % (host, self.unsecure_port)
+                host = "%s:%d" % (host, unsecure_port)
            else:
                host = host.split(':')[0]
-                host = "%s:%d" % (host, self.unsecure_port)
+                host = "%s:%d" % (host, unsecure_port)
            content_addr = "http://%s" % (host,)
        self.content_addr = content_addr
@ -61,18 +132,6 @@ class ServerConfig(Config):
        # e.g. matrix.org, localhost:8080, etc.
        server_name: "%(server_name)s"
        # The port to listen for HTTPS requests on.
        # For when matrix traffic is sent directly to synapse.
        bind_port: %(bind_port)s
        # The port to listen for HTTP requests on.
        # For when matrix traffic passes through loadbalancer that unwraps TLS.
        unsecure_port: %(unsecure_port)s
        # Local interface to listen on.
        # The empty string will cause synapse to listen on all interfaces.
        bind_host: ""
        # When running as a daemon, the file to store the pid in
        pid_file: %(pid_file)s
@ -84,14 +143,64 @@ class ServerConfig(Config):
        # hard limit.
        soft_file_limit: 0
-        # Turn on the twisted telnet manhole service on localhost on the given
+        # List of ports that Synapse should listen on, their purpose and their
-        # port.
+        # configuration.
-        #manhole: 9000
+        listeners:
          # Main HTTPS listener
          # For when matrix traffic is sent directly to synapse.
          -
            # The port to listen for HTTPS requests on.
            port: %(bind_port)s
-        # Should synapse compress HTTP responses to clients that support it?
+            # Local interface to listen on.
-        # This should be disabled if running synapse behind a load balancer
+            # The empty string will cause synapse to listen on all interfaces.
-        # that can do automatic compression.
+            bind_address: ''
-        gzip_responses: True
+
            # This is a 'http' listener, allows us to specify 'resources'.
            type: http
            tls: true
            # Use the X-Forwarded-For (XFF) header as the client IP and not the
            # actual client IP.
            x_forwarded: false
            # List of HTTP resources to serve on this listener.
            resources:
              -
                # List of resources to host on this listener.
                names:
                  - client     # The client-server APIs, both v1 and v2
                  - webclient  # The bundled webclient.
                # Should synapse compress HTTP responses to clients that support it?
                # This should be disabled if running synapse behind a load balancer
                # that can do automatic compression.
                compress: true
              - names: [federation]  # Federation APIs
                compress: false
          # Unsecure HTTP listener,
          # For when matrix traffic passes through loadbalancer that unwraps TLS.
          - port: %(unsecure_port)s
            tls: false
            bind_address: ''
            type: http
            x_forwarded: false
            resources:
              - names: [client, webclient]
                compress: true
              - names: [federation]
                compress: false
          # Turn on the twisted telnet manhole service on localhost on the given
          # port.
          # - port: 9000
          #   bind_address: 127.0.0.1
          #   type: manhole
        """ % locals()
    def read_arguments(self, args):
--- a/synapse/server.py
+++ b/synapse/server.py
@ -132,16 +132,8 @@ class BaseHomeServer(object):
        setattr(BaseHomeServer, "get_%s" % (depname), _get)
    def get_ip_from_request(self, request):
-        # May be an X-Forwarding-For header depending on config
+        # X-Forwarded-For is handled by our custom request type.
-        ip_addr = request.getClientIP()
+        return request.getClientIP()
        if self.config.captcha_ip_origin_is_x_forwarded:
            # use the header
            if request.requestHeaders.hasHeader("X-Forwarded-For"):
                ip_addr = request.requestHeaders.getRawHeaders(
                    "X-Forwarded-For"
                )[0]
        return ip_addr
    def is_mine(self, domain_specific_string):
        return domain_specific_string.domain == self.hostname
--- a/tests/utils.py
+++ b/tests/utils.py
@ -114,6 +114,8 @@ class MockHttpResource(HttpServer):
        mock_request.method = http_method
        mock_request.uri = path
        mock_request.getClientIP.return_value = "-"
        mock_request.requestHeaders.getRawHeaders.return_value=[
            "X-Matrix origin=test,key=,sig="
        ]