mirror of
https://github.com/matrix-org/mjolnir.git
synced 2024-10-01 01:36:06 -04:00
dacbc1cde5
Needed to merge https://github.com/matrix-org/mjolnir/pull/186 & node 12 is approaching EOL.
218 lines
8.6 KiB
Markdown
218 lines
8.6 KiB
Markdown
# mjolnir
|
|
|
|
A moderation tool for Matrix. Visit [#mjolnir:matrix.org](https://matrix.to/#/#mjolnir:matrix.org)
|
|
for more information.
|
|
|
|
## Features
|
|
|
|
As an all-in-one moderation tool, it can protect your server from malicious invites, spam
|
|
messages, and whatever else you don't want. In addition to server-level protection, Mjolnir
|
|
is great for communities wanting to protect their rooms without having to use their personal
|
|
accounts for moderation.
|
|
|
|
The bot by default includes support for bans, redactions, anti-spam, server ACLs, room
|
|
directory changes, room alias transfers, account deactivation, room shutdown, and more.
|
|
|
|
A Synapse module is also available to apply the same rulesets the bot uses across an entire
|
|
homeserver.
|
|
|
|
## Bot configuration
|
|
|
|
It is recommended to use [Pantalaimon](https://github.com/matrix-org/pantalaimon) so your
|
|
management room can be encrypted. This also applies if you are looking to moderate an encrypted
|
|
room.
|
|
|
|
If you aren't using encrypted rooms anywhere, get an access token by opening Riot in an
|
|
incognito/private window and log in as the bot. From the Help & Support tab in settings there
|
|
is an access token field - copy and paste that into your config. Most importantly: do not log
|
|
out and instead just close the window. Logging out will make the token you just copied useless.
|
|
|
|
**Note**: Mjolnir expects to be free of rate limiting - see [Synapse #6286](https://github.com/matrix-org/synapse/issues/6286)
|
|
for information on how to achieve this.
|
|
|
|
**Note**: To deactivate users, move aliases, shutdown rooms, etc Mjolnir will need to be a server
|
|
admin.
|
|
|
|
## Docker installation (preferred)
|
|
|
|
Mjolnir is on Docker Hub as [matrixdotorg/mjolnir](https://hub.docker.com/r/matrixdotorg/mjolnir)
|
|
but can be built yourself with `docker build -t mjolnir .`.
|
|
|
|
```bash
|
|
git clone https://github.com/matrix-org/mjolnir.git
|
|
cd mjolnir
|
|
|
|
# Copy and edit the config. It is not recommended to change the data path.
|
|
mkdir -p /etc/mjolnir/config
|
|
cp config/default.yaml /etc/mjolnir/config/production.yaml
|
|
nano /etc/mjolnir/config/production.yaml
|
|
|
|
docker run --rm -it -v /etc/mjolnir:/data matrixdotorg/mjolnir:latest
|
|
```
|
|
|
|
## Build it (alternative installation)
|
|
|
|
This bot requires `yarn` and Node 14.
|
|
|
|
```bash
|
|
git clone https://github.com/matrix-org/mjolnir.git
|
|
cd mjolnir
|
|
|
|
yarn install
|
|
yarn build
|
|
|
|
# Copy and edit the config. It *is* recommended to change the data path.
|
|
cp config/default.yaml config/development.yaml
|
|
nano config/development.yaml
|
|
|
|
node lib/index.js
|
|
```
|
|
|
|
## Quickstart guide
|
|
|
|
After your bot is up and running, you'll want to run a couple commands to get everything
|
|
set up:
|
|
|
|
1. `!mjolnir list create COC code-of-conduct-ban-list` - This will create a new ban list
|
|
with the shortcode `COC` and an alias of `#code-of-conduct-ban-list:example.org`. You
|
|
will be invited to the room it creates automatically where you can change settings such
|
|
as the visibility of the room.
|
|
2. `!mjolnir default COC` - This sets the default ban list to the list we just created to
|
|
help with the ban commands later on.
|
|
3. Review the [Moderator's Guide](https://github.com/matrix-org/mjolnir/blob/main/docs/moderators.md).
|
|
4. Review `!mjolnir help` to see what else the bot can do.
|
|
|
|
## Synapse Module
|
|
|
|
Using the bot to manage your rooms is great, however if you want to use your ban lists
|
|
(or someone else's) on your server to affect all of your users then a Synapse module
|
|
is needed. Primarily meant to block invites from undesired homeservers/users, Mjolnir's
|
|
Synapse module is a way to interpret ban lists and apply them to your entire homeserver.
|
|
|
|
First, install the module to your Synapse python environment:
|
|
```
|
|
pip install -e "git+https://github.com/matrix-org/mjolnir.git#egg=mjolnir&subdirectory=synapse_antispam"
|
|
```
|
|
|
|
*Note*: Where your python environment is depends on your installation method. Visit
|
|
[#synapse:matrix.org](https://matrix.to/#/#synapse:matrix.org) if you're not sure.
|
|
|
|
Then add the following to your `homeserver.yaml`:
|
|
```yaml
|
|
spam_checker:
|
|
module: mjolnir.AntiSpam
|
|
config:
|
|
# Prevent servers/users in the ban lists from inviting users on this
|
|
# server to rooms. Default true.
|
|
block_invites: true
|
|
# Flag messages sent by servers/users in the ban lists as spam. Currently
|
|
# this means that spammy messages will appear as empty to users. Default
|
|
# false.
|
|
block_messages: false
|
|
# Remove users from the user directory search by filtering matrix IDs and
|
|
# display names by the entries in the user ban list. Default false.
|
|
block_usernames: false
|
|
# The room IDs of the ban lists to honour. Unlike other parts of Mjolnir,
|
|
# this list cannot be room aliases or permalinks. This server is expected
|
|
# to already be joined to the room - Mjolnir will not automatically join
|
|
# these rooms.
|
|
ban_lists:
|
|
- "!roomid:example.org"
|
|
```
|
|
|
|
*Note*: Although this is described as a "spam checker", it does much more than fight
|
|
spam.
|
|
|
|
Be sure to change the configuration to match your setup. Your server is expected to
|
|
already be participating in the ban lists - if it is not, you will need to have a user
|
|
on your homeserver join. The antispam module will not join the rooms for you.
|
|
|
|
If you change the configuration, you will need to restart Synapse. You'll also need
|
|
to restart Synapse to install the plugin.
|
|
|
|
## Enabling readable abuse reports
|
|
|
|
Since version 1.2, Mjölnir offers the ability to replace the Matrix endpoint used
|
|
to report abuse and display it into a room, instead of requiring you to request
|
|
this data from an admin API.
|
|
|
|
This requires two configuration steps:
|
|
|
|
1. In your Mjölnir configuration file, typically `/etc/mjolnir/config/production.yaml`, copy and paste the `web` section from `default.yaml`, if you don't have it yet (it appears with version 1.20) and set `enabled: true` for both `web` and
|
|
`abuseReporting`.
|
|
2. Setup a reverse proxy that will redirect requests from `^/_matrix/client/r0/rooms/([^/]*)/report/(.*)$` to `http://host:port/api/1/report/$1/$2`, where `host` is the host where you run Mjölnir, and `port` is the port you configured in `production.yaml`. For an example nginx configuration, see `test/nginx.conf`. It's the confirmation we use during runtime testing.
|
|
|
|
### Security note
|
|
|
|
This mechanism can extract some information from **unencrypted** rooms. We have
|
|
taken precautions to ensure that this cannot be abused: the only case in which
|
|
this feature will publish information from room *foo* is:
|
|
|
|
1. If it is used by a member of room *foo*; AND
|
|
2. If said member did witness the event; AND
|
|
3. If the event was unencrypted; AND
|
|
4. If the event was not redacted/removed/...
|
|
|
|
Essentially, this is a more restricted variant of the Admin APIs available on
|
|
homeservers.
|
|
|
|
However, if you are uncomfortable with this, please do not activate this feature.
|
|
Also, you should probably setup your `production.yaml` to ensure that the web
|
|
server can only receive requests from your reverse proxy (e.g. `localhost`).
|
|
|
|
## Development
|
|
|
|
TODO. It's a TypeScript project with a linter.
|
|
|
|
### Development and testing with mx-tester
|
|
|
|
WARNING: mx-tester is currently work in progress, but it can still save you some time and is better than struggling with nothing.
|
|
|
|
If you have docker installed you can quickly get setup with a development environment by using
|
|
[mx-tester](https://github.com/matrix-org/mx-tester).
|
|
|
|
To use mx-tester you will need to have rust installed. You can do that at [rustup](https://rustup.rs/) or [here](https://rust-lang.github.io/rustup/installation/other.html), you should probably also check your distro's documentation first to see if they have specific instructions for installing rust.
|
|
|
|
Once rust is installed you can install mx-tester like so.
|
|
|
|
```
|
|
$ cargo install mx-tester
|
|
```
|
|
|
|
Once you have mx-tester installed you we will want to build a synapse image with synapse_antispam from the mjolnir project root.
|
|
|
|
```
|
|
$ mx-tester build
|
|
```
|
|
|
|
Then we can start a container that uses that image and the config in `mx-tester.yml`.
|
|
|
|
```
|
|
$ mx-tester up
|
|
```
|
|
|
|
Once you have called `mx-tester up` you can run the integration tests.
|
|
```
|
|
$ yarn test:integration
|
|
```
|
|
|
|
After calling `mx-tester up`, if we want to play with mojlnir locally we can run the following and then point a matrix client to http://localhost:9999.
|
|
You should then be able to join the management room at `#moderators:localhost:9999`.
|
|
|
|
```
|
|
yarn test:manual
|
|
```
|
|
|
|
Once we are finished developing we can stop the synapse container.
|
|
|
|
```
|
|
mx-tester down
|
|
```
|
|
|
|
### Running integration tests
|
|
|
|
The integration tests can be run with `yarn test:integration`.
|
|
The config that the tests use is in `config/harness.yaml`
|
|
and by default this is configured to work with the server specified in `mx-tester.yml`,
|
|
but you can configure it however you like to run against your own setup.
|