Commit Graph

96 Commits

Author SHA1 Message Date
dependabot[bot]
d72fa10522
Bump express from 4.19.2 to 4.20.0
Bumps [express](https://github.com/expressjs/express) from 4.19.2 to 4.20.0.
- [Release notes](https://github.com/expressjs/express/releases)
- [Changelog](https://github.com/expressjs/express/blob/master/History.md)
- [Commits](https://github.com/expressjs/express/compare/4.19.2...4.20.0)

---
updated-dependencies:
- dependency-name: express
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-09-11 22:27:13 +00:00
Shay
4488706fc6
Add a NSFW protection (#520) 2024-09-11 15:26:20 -07:00
dependabot[bot]
e7e77512a8
Bump express from 4.18.1 to 4.19.2 (#512)
Bumps [express](https://github.com/expressjs/express) from 4.18.1 to 4.19.2.
- [Release notes](https://github.com/expressjs/express/releases)
- [Changelog](https://github.com/expressjs/express/blob/master/History.md)
- [Commits](https://github.com/expressjs/express/compare/4.18.1...4.19.2)

---
updated-dependencies:
- dependency-name: express
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-07-19 12:22:49 -07:00
dependabot[bot]
3c6039997e
Bump crypto-js from 4.1.1 to 4.2.0 (#492)
Bumps [crypto-js](https://github.com/brix/crypto-js) from 4.1.1 to 4.2.0.
- [Commits](https://github.com/brix/crypto-js/compare/4.1.1...4.2.0)

---
updated-dependencies:
- dependency-name: crypto-js
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-07-19 12:20:44 -07:00
Shay
f2706331b7
v1.6.5 (#499) 2023-11-14 14:21:15 -08:00
Shay
e597d46b53
bump package version (#498) 2023-11-14 13:52:41 -08:00
Shay
8bf628e5bd
Bump node version to 18 (#496)
* try win dns res

* add dns hack to application service tests

* fix unused import

* update types

* add note about why dns resolution order is necessary
2023-11-14 12:52:53 -08:00
dependabot[bot]
2cb616943c
Bump matrix-appservice-bridge from 8.0.0 to 8.1.2
Bumps [matrix-appservice-bridge](https://github.com/matrix-org/matrix-appservice-bridge) from 8.0.0 to 8.1.2.
- [Release notes](https://github.com/matrix-org/matrix-appservice-bridge/releases)
- [Changelog](https://github.com/matrix-org/matrix-appservice-bridge/blob/8.1.2/CHANGELOG.md)
- [Commits](https://github.com/matrix-org/matrix-appservice-bridge/compare/8.0.0...8.1.2)

---
updated-dependencies:
- dependency-name: matrix-appservice-bridge
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-08-04 17:27:31 +00:00
dependabot[bot]
774cf38678
Bump yaml from 2.1.1 to 2.2.2
Bumps [yaml](https://github.com/eemeli/yaml) from 2.1.1 to 2.2.2.
- [Release notes](https://github.com/eemeli/yaml/releases)
- [Commits](https://github.com/eemeli/yaml/compare/v2.1.1...v2.2.2)

---
updated-dependencies:
- dependency-name: yaml
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-04-25 20:21:21 +00:00
David Teller
7be00c1c3c v1.6.3 2023-01-11 11:02:29 +01:00
David Teller
c3cb22bf36
Very basic support for OpenMetrics (aka Prometheus) (#442)
This PR:

- creates an OpenMetrics server that enables collecting performance data from this process by e.g. a Prometheus server;
- exposes as metrics the performance of http requests with MatrixBot.

Further metrics may of course be added.
2023-01-05 08:37:54 +01:00
David Teller
6abc8a7c4e v1.6.2 2023-01-02 12:40:27 +01:00
Gnuxie
433ff7eadd
A look at PolicyList.update (#454)
This started out as just a way to find out why mjolnir was syncing with lists several times for each update to a policy list.

The main changes are

- Verbosity was irrelevant to the sync command but for some reason was an option.
  Unfortunately all this did was suppress whether to tell you when it had finished, meaning it wouldn't
  when verbose logging was disabled. Historically this was probably a parameter that got passed through
  to applyServerAcl/applyUserBans, which can be horribly verbose, but they access the config directly.

- Stop emitting `'PolicyList.update'` when there are no changes.
- Include a revision ID for the `'PolicyList.update'`method and event.
- Use the revision ID in the `ProtectedRoomsSet` so that we don't unnecessarily resynchronize all rooms when the `'PolicyList.update'` event is received. Though not when the `sync` command is used. Since this is supposed to `sync` in the case when there is a state reset or otherwise or the user has changed some room settings.
- insert an await lock around the `PolicyList.update` method to avoid a race condition where a call can be started and finished within the extent of an existing call (via another task, this can happen if the server is slow with handling one request). `PolicyList.udpate` now has a helper that is synchronous to be called directly after requesting the room state. The reason for this is to enforce that no one `await`s while updating the policy list's cache of rules. Which is important because it is one of the biggest methods that I tolerate and visually checking for `await` is impossible.
- The revision ID uses a ULID, but this is unnecessary and could have just been a "dumb counter".

closes https://github.com/matrix-org/mjolnir/issues/447
2022-12-08 16:09:55 +00:00
David Teller
2915757b7d
Very basic support for Sentry. (#398)
The Sentry package is very useful for monitoring runtime errors. With this PR,
we simply add the necessary mechanism to:

- log to sentry any uncaught error that reaches the toplevel, including startup errors.
2022-11-30 16:06:02 +01:00
Gnuxie
e35b855744
Gnuxie/appservice logging (#441)
* upgrade to matrix-appservice-bridge 8.0.0

this is so we can use their new logger

* Configure and use matrix-appservice-bridge's `Logger`

https://github.com/matrix-org/mjolnir/issues/422
Haven't changed all of the mjolnir components to use this,
just the appservice.
The fact that we've configured this properly means we get
logging from matrix-appservice-bridge components too (we didn't before).

* use try/catch instead
2022-11-30 13:30:38 +00:00
gnuxie
1bc329b5e8 v1.6.1 2022-11-23 10:56:46 +00:00
Gnuxie
333c55e18c
Config fixes (#432)
* Use the npm package `config` to load the config.

This is what was used prior to https://github.com/matrix-org/mjolnir/pull/347.
It was a nice idea motivated to drop a dependency that was confusing.
It was just never followed through and was underestimated how much disruption it would cause.
It was also believed that the library would mean there could only ever be one global copy of the config,
It was followed up by:
https://github.com/matrix-org/mjolnir/pull/369
https://github.com/matrix-org/mjolnir/pull/357
https://github.com/matrix-org/mjolnir/pull/429
https://github.com/matrix-org/mjolnir/pull/397/files
https://github.com/matrix-org/mjolnir/issues/365

For simplicity sake I am reinstating the library.
The practice of loading default.yaml by default is also dangerous
and has led to issues multiple times in #mjolnir:matrix.org.
It is a sample and not a default.

In a following commit I will be adding the ability to specify the
config to use from the cli.

* Allow config to be specified with an explicit cli argument.

* Update doc to transition away from old config handling
2022-11-23 10:55:22 +00:00
Gnuxie
b2c0e23e36
Update CONTRIBUTING.md to show how to debug mjolnir. (#433) 2022-11-23 10:55:00 +00:00
gnuxie
0845636d39 v1.6.0 2022-11-22 10:44:19 +00:00
Jess Porter
50f80f2392
manymjolnir appservice (#364)
Mjolnir can now be run as an application service,
meaning it will host multiple independent mjolnirs that can be requested by users.
If the user is on the same homeserver as the appservice is deployed on,
then they can provision a mjolnir via a widget https://github.com/matrix-org/mjolnir-widget.
Otherwise they can invite the appservice bot to a room they want to protect.
This will create them a mjolnir, a management room and a policy list.

The appservice shares the same docker image as the bot,
but is started slightly differently by specifying "appservice"
as the first argument to docker run (this s managed by `mjolnir-entrypoint.sh`. 
We could have used another Dockerfile for the appservice,
extending the existing one but we decided not to because there
would have been lots of fiddling around the entrypoint
and logistics involved around adding a tag for it via github actions.
Not to mention that this would be duplicating the image
just to run it with a different binary.

A list of followup issues can be found here https://github.com/issues?q=is%3Aopen+is%3Aissue+author%3AGnuxie+archived%3Afalse+label%3AA-Appservice.

Somewhat relevant and squashed commit messages(regrettably squashing because frankly these won't make sense in isolation): 

* draft widget backend

* add `managementRoomId` to `provisionNewMjolnir`

* remove ratelimits from appservice mjolnirs

* add /join endpoint to api backend


* tighter guard around room type in PolicyList

matrix-bot-sdk imporved the types for this

* enable esModuleInterop

* launch and use postgres in a container whilst using mx-tester


* limited access control

policy list used for access control

* Redesign initialization API of many mjolnir.

It's much harder to forget to initialize the components now that you have to in order to construct them in the first place.


* Ammend config not to clash with existing CI

this means that the appsrvice bot is now called 'mjolnir-bot' by default
which was easier than going through old code base and renaming


* Change entrypoint in Dockerfile so that we can start the appservice.

We could have used another Dockerfile for the appservice,
extending the exising one but we decided not to because there
would have been lots of fiddling around the entrypoint
and logistics involved around adding a tag for it via github actions.
Not to mention that this would be duplicating the image
just to run it with a different binary.

This solution is much simpler, backwards compatible, and conscious about the future.


Co-authored-by: gnuxie <gnuxie@element.io>
2022-11-15 18:03:06 +00:00
gnuxie
58e36d4e23 Factor out protected rooms config management from Mjolnir.
The combination of `resyncJoinedRooms`, `unprotectedWatchedListRooms`,
`explicitlyProtectedRoomIds`, `protectedJoinedRoomIds` was incomprehensible.
https://github.com/matrix-org/mjolnir/issues/370

Separating out the management of `explicitlyProtectedRoomIds`, then
making sure all policy lists have to be explicitly protected
(in either setting of `config.protectAllJoinedRooms`) will make
this code much much simpler.
We will later change the `status` command to explicitly show
which lists are watched and which are watched and protected.
2022-10-19 15:21:51 +01:00
Jess Porter
4376679b99
load config yaml manually, remove more references to static config (#347) 2022-08-16 15:51:18 +01:00
gnuxie
b48904bc2b v1.5.0 2022-07-07 13:07:27 +01:00
Gnuxie
84ffb36494
Bump minimum node version to 16. (#316)
* Bump minimum node version to 16.

We already made the mistake of using features from 16 without realising
Previously: https://github.com/matrix-org/mjolnir/pull/192

* Make sure CI uses specific version of node and we also lint.

https://github.com/matrix-org/pipelines/blob/master/mjolnir/pipeline.yml#L13
2022-07-06 14:50:33 +01:00
Gnuxie
b850e4554c
Remove debug leftovers from a test. (#314)
* Remove debug leftovers from a test.

This is really terrible and has meant whenever anyone has run `yarn test:integration` they have only been running this test.
💀💀💀
https://www.youtube.com/watch?v=jmX-tzSOFE0

* Set a default timeout for integration tests that is 5 minutes long.

Seriously, I don't think there is much to gain by making people guess
a reasnoble time for a test to complete in all the time, especially
with how much Synapse changes in response time and all of the machines
involved in running these tests.

* Warn when giving up on being throttled

* For some reason it takes longer for events to appear in /state

no i am not going to track down why yet.

* Rate limiting got a lot more aggresive.

https://github.com/matrix-org/synapse/pull/13018

Rate limiting in Synapse used to reset the burst count and remove
the backoff when you were spamming continuously, now it doesn't.
Ideally we'd rewrite the rate limiting logic to back off for longer
than suggested so we could get burst again, but for now
lets just unblock CI by reducing the number of events we send in these
tests.
2022-07-06 14:20:25 +01:00
David Teller
cb34af02c6
Revert "Fix: roomMemberTest off-by-one error (#319)" (#323)
This reverts commit d8aac434f1.
2022-07-05 15:29:01 +02:00
David Teller
d8aac434f1
Fix: roomMemberTest off-by-one error (#319) 2022-07-05 14:38:53 +02:00
gnuxie
a88fc64a07 v1.4.2 2022-05-06 11:25:49 +01:00
Jonathan de Jong
cc9f393ed7
fix CI (#282)
ts-mocha has also been updated to make running locally possible (else it gives a confusing error that tsconfig.json is not "json" or the likes)
2022-05-03 11:20:40 +01:00
Gnuxie
3d10f998b7
Change antispam Python module verison with mjolnir version. (#264)
The reason we want this is so that people do not forget to change the version number in the synapse module.
The precedent is that the version number has been 0.1.0 since the begging until now.
While this solution does mean that there may be new version of the module where
nothing has actually changed, this is still better than not changing the version at all.
Another version scheme for the module would be inconsistent to
the git repository tags and that has the potential to cause much more confusion
than "blank" version bumps.
If this is a problem, then antispam must be extracted to another repository.

In order to test this, run `yarn version --patch` observe the changes with `git log` and `git diff HEAD~`,
then YOU MUST delete the tag with `git tag --delete vd.d.d` when you are finished.

* more robust
2022-04-12 16:36:35 +01:00
gnuxie
4008e3f65d v1.4.1 2022-03-21 14:28:21 +00:00
gnuxie
fb027fe2af v1.4.0 2022-03-21 12:32:32 +00:00
David Teller
e05616b327
New command !mjolnir since <date or duration> <kick | ban | show> <limit> [reason] [...rooms] (#238)
A new command `since` to affect all users who have joined a protected room since a given date.
2022-03-21 10:39:15 +01:00
David Teller
26ae55cd24
A command to show when users in a given room have joined (#225) 2022-03-07 11:34:25 +01:00
Gnuxie
17dd0aa173
Fix the test script yarn test:manual and add it to tsconfig (#234)
* Add test:manual launch script to tsconfig

this is so we won't keep breaking it
2022-02-24 14:46:15 +00:00
David Teller
82a2e63d23
A room Protection designed to measure lag in a room (#217) 2022-02-24 13:43:31 +01:00
gnuxie
a3f77e1b39 v1.3.2 2022-02-23 10:38:42 +00:00
Jess Porter
f70d97e4d9
enable noImplicitAny (#209) 2022-02-02 12:43:05 +00:00
gnuxie
fcf53d15b8 v1.3.1 2022-02-01 13:21:04 +00:00
gnuxie
767e1a5a7e v1.3.0 2022-02-01 10:55:21 +00:00
gnuxie
9e96d399c0 Remove axios from the test suite, it is unnecessary.
It's probably also got problems.
2022-01-25 18:22:34 +00:00
gnuxie
dacbc1cde5 Bump minimum node version to >=14
Needed to merge https://github.com/matrix-org/mjolnir/pull/186 & node 12 is approaching EOL.
2022-01-19 16:46:18 +00:00
David Teller
c48a1e8ffc Let's make sure that we can still check for errors with concise error handling 2022-01-07 14:06:10 +01:00
David Teller
a21415a04c
Give the ability to moderators to react quickly to /report abuse reports. (#137) 2021-11-09 13:15:49 +01:00
gnuxie
4e8315be44 Add regression test for timeline pagination. 2021-10-19 16:28:55 +01:00
David Teller
06e5f00b2d
Intercept /report and display human-readable abuse reports in the moderation room - Resolves #38 (#135)
* Intercept /report and display human-readable abuse reports in the moderation room - Resolves #38
2021-10-07 14:42:08 +02:00
gnuxie
c29cfe370a make yarn test only runs unit tests for now while we sortout CI setup 2021-09-27 15:34:06 +01:00
gnuxie
ac075fd22e Remove dependencies from old test harness 2021-09-27 15:33:15 +01:00
gnuxie
b838caee09 Add script for manual testing with mx-tester 2021-09-27 15:33:15 +01:00
gnuxie
a86afd3cc8 Remove old test harness 2021-09-24 18:25:28 +01:00