2014-08-12 22:14:34 -04:00
|
|
|
#!/usr/bin/env python
|
2014-08-12 10:10:52 -04:00
|
|
|
# -*- coding: utf-8 -*-
|
2016-01-06 23:26:29 -05:00
|
|
|
# Copyright 2014-2016 OpenMarket Ltd
|
2019-02-14 12:10:36 -05:00
|
|
|
# Copyright 2019 New Vector Ltd
|
2014-08-12 10:10:52 -04:00
|
|
|
#
|
|
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
|
|
# you may not use this file except in compliance with the License.
|
|
|
|
# You may obtain a copy of the License at
|
|
|
|
#
|
|
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
#
|
|
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
|
|
# See the License for the specific language governing permissions and
|
|
|
|
# limitations under the License.
|
2019-01-23 03:39:06 -05:00
|
|
|
|
2016-02-02 12:18:50 -05:00
|
|
|
import logging
|
|
|
|
import os
|
2015-02-17 05:54:06 -05:00
|
|
|
import sys
|
2020-12-08 09:04:35 -05:00
|
|
|
from typing import Iterable, Iterator
|
2017-03-10 10:16:50 -05:00
|
|
|
|
2021-01-11 10:55:05 -05:00
|
|
|
from twisted.internet import reactor
|
2020-05-22 09:30:07 -04:00
|
|
|
from twisted.web.resource import EncodingResourceWrapper, IResource
|
2018-07-09 02:09:20 -04:00
|
|
|
from twisted.web.server import GzipEncoderFactory
|
|
|
|
from twisted.web.static import File
|
|
|
|
|
2017-08-15 10:57:46 -04:00
|
|
|
import synapse
|
2017-03-10 10:16:50 -05:00
|
|
|
import synapse.config.logger
|
2017-08-15 10:57:46 -04:00
|
|
|
from synapse import events
|
2018-07-09 02:09:20 -04:00
|
|
|
from synapse.api.urls import (
|
|
|
|
FEDERATION_PREFIX,
|
|
|
|
LEGACY_MEDIA_PREFIX,
|
|
|
|
MEDIA_PREFIX,
|
|
|
|
SERVER_KEY_V2_PREFIX,
|
|
|
|
STATIC_PREFIX,
|
|
|
|
WEB_CLIENT_PREFIX,
|
|
|
|
)
|
2017-08-15 10:57:46 -04:00
|
|
|
from synapse.app import _base
|
2021-01-11 10:55:05 -05:00
|
|
|
from synapse.app._base import listen_ssl, listen_tcp, quit_with_error, register_start
|
Error if macaroon key is missing from config
Currently we store all access tokens in the DB, and fall back to that
check if we can't validate the macaroon, so our fallback works here, but
for guests, their macaroons don't get persisted, so we don't get to
find them in the database. Each restart, we generate a new ephemeral
key, so guests lose access after each server restart.
I tried to fix up the config stuff to be less insane, but gave up, so
instead I bolt on yet another piece of custom one-off insanity.
Also, add some basic tests for config generation and loading.
2016-02-04 20:58:23 -05:00
|
|
|
from synapse.config._base import ConfigError
|
2020-09-10 06:45:12 -04:00
|
|
|
from synapse.config.emailconfig import ThreepidBehaviour
|
2014-08-31 11:06:39 -04:00
|
|
|
from synapse.config.homeserver import HomeServerConfig
|
2020-06-16 07:44:07 -04:00
|
|
|
from synapse.config.server import ListenerConfig
|
2017-08-15 10:57:46 -04:00
|
|
|
from synapse.federation.transport.server import TransportLayerServer
|
2017-11-02 10:18:24 -04:00
|
|
|
from synapse.http.additional_resource import AdditionalResource
|
2020-05-22 09:30:07 -04:00
|
|
|
from synapse.http.server import (
|
|
|
|
OptionsResource,
|
|
|
|
RootOptionsRedirectResource,
|
|
|
|
RootRedirect,
|
2020-07-01 09:10:23 -04:00
|
|
|
StaticResource,
|
2020-05-22 09:30:07 -04:00
|
|
|
)
|
2017-08-15 10:57:46 -04:00
|
|
|
from synapse.http.site import SynapseSite
|
2019-07-03 10:07:04 -04:00
|
|
|
from synapse.logging.context import LoggingContext
|
2019-07-18 09:57:15 -04:00
|
|
|
from synapse.metrics import METRICS_PREFIX, MetricsResource, RegistryProxy
|
2018-12-11 08:18:48 -05:00
|
|
|
from synapse.python_dependencies import check_requirements
|
2018-07-09 02:09:20 -04:00
|
|
|
from synapse.replication.http import REPLICATION_PREFIX, ReplicationRestResource
|
2017-03-30 08:31:10 -04:00
|
|
|
from synapse.replication.tcp.resource import ReplicationStreamProtocolFactory
|
2017-08-15 10:57:46 -04:00
|
|
|
from synapse.rest import ClientRestResource
|
2019-05-01 10:32:38 -04:00
|
|
|
from synapse.rest.admin import AdminRestResource
|
2020-08-07 09:21:24 -04:00
|
|
|
from synapse.rest.health import HealthResource
|
2017-08-15 10:57:46 -04:00
|
|
|
from synapse.rest.key.v2 import KeyApiV2Resource
|
2021-01-05 06:25:28 -05:00
|
|
|
from synapse.rest.synapse.client.pick_idp import PickIdpResource
|
2020-12-18 09:19:46 -05:00
|
|
|
from synapse.rest.synapse.client.pick_username import pick_username_resource
|
2018-12-05 08:38:58 -05:00
|
|
|
from synapse.rest.well_known import WellKnownResource
|
2017-08-15 10:57:46 -04:00
|
|
|
from synapse.server import HomeServer
|
2019-12-06 08:09:40 -05:00
|
|
|
from synapse.storage import DataStore
|
2019-12-06 12:42:18 -05:00
|
|
|
from synapse.storage.engines import IncorrectDatabaseSetup
|
2019-12-06 08:09:40 -05:00
|
|
|
from synapse.storage.prepare_database import UpgradeDatabaseException
|
2016-04-22 10:40:51 -04:00
|
|
|
from synapse.util.httpresourcetree import create_resource_tree
|
2016-04-25 09:59:21 -04:00
|
|
|
from synapse.util.manhole import manhole
|
2017-11-02 10:18:24 -04:00
|
|
|
from synapse.util.module_loader import load_module
|
2018-09-17 12:37:56 -04:00
|
|
|
from synapse.util.versionstring import get_version_string
|
2014-08-12 10:10:52 -04:00
|
|
|
|
2015-04-07 07:04:02 -04:00
|
|
|
logger = logging.getLogger("synapse.app.homeserver")
|
2014-08-12 10:10:52 -04:00
|
|
|
|
|
|
|
|
2015-05-14 11:39:19 -04:00
|
|
|
def gz_wrap(r):
|
|
|
|
return EncodingResourceWrapper(r, [GzipEncoderFactory()])
|
|
|
|
|
|
|
|
|
2016-01-26 08:52:29 -05:00
|
|
|
class SynapseHomeServer(HomeServer):
|
2018-08-28 08:39:49 -04:00
|
|
|
DATASTORE_CLASS = DataStore
|
|
|
|
|
2020-06-16 07:44:07 -04:00
|
|
|
def _listener_http(self, config: HomeServerConfig, listener_config: ListenerConfig):
|
|
|
|
port = listener_config.port
|
|
|
|
bind_addresses = listener_config.bind_addresses
|
|
|
|
tls = listener_config.tls
|
|
|
|
site_tag = listener_config.http_options.tag
|
|
|
|
if site_tag is None:
|
2020-12-08 09:04:35 -05:00
|
|
|
site_tag = str(port)
|
2015-06-12 10:33:07 -04:00
|
|
|
|
2020-08-07 09:21:24 -04:00
|
|
|
# We always include a health resource.
|
|
|
|
resources = {"/health": HealthResource()}
|
|
|
|
|
2020-06-16 07:44:07 -04:00
|
|
|
for res in listener_config.http_options.resources:
|
|
|
|
for name in res.names:
|
|
|
|
if name == "openid" and "federation" in res.names:
|
2019-01-20 18:54:43 -05:00
|
|
|
# Skip loading openid resource if federation is defined
|
|
|
|
# since federation resource will include openid
|
|
|
|
continue
|
2020-06-16 07:44:07 -04:00
|
|
|
resources.update(self._configure_named_resource(name, res.compress))
|
2015-06-12 10:33:07 -04:00
|
|
|
|
2020-06-16 07:44:07 -04:00
|
|
|
additional_resources = listener_config.http_options.additional_resources
|
2019-06-20 05:32:02 -04:00
|
|
|
logger.debug("Configuring additional resources: %r", additional_resources)
|
2020-10-07 07:03:26 -04:00
|
|
|
module_api = self.get_module_api()
|
2017-11-02 10:18:24 -04:00
|
|
|
for path, resmodule in additional_resources.items():
|
2020-12-08 09:04:35 -05:00
|
|
|
handler_cls, config = load_module(
|
|
|
|
resmodule,
|
|
|
|
("listeners", site_tag, "additional_resources", "<%s>" % (path,)),
|
|
|
|
)
|
2017-11-02 10:18:24 -04:00
|
|
|
handler = handler_cls(config, module_api)
|
2020-01-13 07:42:44 -05:00
|
|
|
if IResource.providedBy(handler):
|
|
|
|
resource = handler
|
|
|
|
elif hasattr(handler, "handle_request"):
|
|
|
|
resource = AdditionalResource(self, handler.handle_request)
|
|
|
|
else:
|
|
|
|
raise ConfigError(
|
|
|
|
"additional_resource %s does not implement a known interface"
|
|
|
|
% (resmodule["module"],)
|
|
|
|
)
|
|
|
|
resources[path] = resource
|
2017-11-02 10:18:24 -04:00
|
|
|
|
2018-12-11 07:18:19 -05:00
|
|
|
# try to find something useful to redirect '/' to
|
2016-04-22 10:40:51 -04:00
|
|
|
if WEB_CLIENT_PREFIX in resources:
|
2020-05-22 09:30:07 -04:00
|
|
|
root_resource = RootOptionsRedirectResource(WEB_CLIENT_PREFIX)
|
2018-12-11 07:18:19 -05:00
|
|
|
elif STATIC_PREFIX in resources:
|
2020-05-22 09:30:07 -04:00
|
|
|
root_resource = RootOptionsRedirectResource(STATIC_PREFIX)
|
2016-04-22 10:40:51 -04:00
|
|
|
else:
|
2020-05-22 09:30:07 -04:00
|
|
|
root_resource = OptionsResource()
|
2016-04-22 10:40:51 -04:00
|
|
|
|
|
|
|
root_resource = create_resource_tree(resources, root_resource)
|
2016-12-18 14:42:43 -05:00
|
|
|
|
2015-06-12 10:33:07 -04:00
|
|
|
if tls:
|
2019-02-13 06:53:43 -05:00
|
|
|
ports = listen_ssl(
|
2017-09-06 11:48:49 -04:00
|
|
|
bind_addresses,
|
|
|
|
port,
|
|
|
|
SynapseSite(
|
|
|
|
"synapse.access.https.%s" % (site_tag,),
|
|
|
|
site_tag,
|
|
|
|
listener_config,
|
|
|
|
root_resource,
|
2018-05-10 13:46:59 -04:00
|
|
|
self.version_string,
|
2017-09-06 11:48:49 -04:00
|
|
|
),
|
|
|
|
self.tls_server_context_factory,
|
2019-01-18 03:02:08 -05:00
|
|
|
reactor=self.get_reactor(),
|
2017-09-06 11:48:49 -04:00
|
|
|
)
|
2019-02-13 06:53:43 -05:00
|
|
|
logger.info("Synapse now listening on TCP port %d (TLS)", port)
|
2017-09-02 11:26:40 -04:00
|
|
|
|
2015-06-12 10:33:07 -04:00
|
|
|
else:
|
2019-02-13 06:53:43 -05:00
|
|
|
ports = listen_tcp(
|
2017-09-06 11:48:49 -04:00
|
|
|
bind_addresses,
|
|
|
|
port,
|
|
|
|
SynapseSite(
|
|
|
|
"synapse.access.http.%s" % (site_tag,),
|
|
|
|
site_tag,
|
|
|
|
listener_config,
|
|
|
|
root_resource,
|
2018-05-10 13:46:59 -04:00
|
|
|
self.version_string,
|
2019-01-18 03:02:08 -05:00
|
|
|
),
|
|
|
|
reactor=self.get_reactor(),
|
2017-09-06 11:48:49 -04:00
|
|
|
)
|
2019-02-13 06:53:43 -05:00
|
|
|
logger.info("Synapse now listening on TCP port %d", port)
|
|
|
|
|
|
|
|
return ports
|
2014-08-14 04:52:20 -04:00
|
|
|
|
2017-11-02 09:27:21 -04:00
|
|
|
def _configure_named_resource(self, name, compress=False):
|
|
|
|
"""Build a resource map for a named resource
|
|
|
|
|
|
|
|
Args:
|
|
|
|
name (str): named resource: one of "client", "federation", etc
|
|
|
|
compress (bool): whether to enable gzip compression for this
|
|
|
|
resource
|
|
|
|
|
|
|
|
Returns:
|
|
|
|
dict[str, Resource]: map from path to HTTP resource
|
|
|
|
"""
|
|
|
|
resources = {}
|
|
|
|
if name == "client":
|
|
|
|
client_resource = ClientRestResource(self)
|
|
|
|
if compress:
|
|
|
|
client_resource = gz_wrap(client_resource)
|
|
|
|
|
2019-06-20 05:32:02 -04:00
|
|
|
resources.update(
|
|
|
|
{
|
|
|
|
"/_matrix/client/api/v1": client_resource,
|
|
|
|
"/_matrix/client/r0": client_resource,
|
|
|
|
"/_matrix/client/unstable": client_resource,
|
|
|
|
"/_matrix/client/v2_alpha": client_resource,
|
|
|
|
"/_matrix/client/versions": client_resource,
|
|
|
|
"/.well-known/matrix/client": WellKnownResource(self),
|
|
|
|
"/_synapse/admin": AdminRestResource(self),
|
2020-12-18 09:19:46 -05:00
|
|
|
"/_synapse/client/pick_username": pick_username_resource(self),
|
2021-01-05 06:25:28 -05:00
|
|
|
"/_synapse/client/pick_idp": PickIdpResource(self),
|
2019-06-20 05:32:02 -04:00
|
|
|
}
|
|
|
|
)
|
2017-11-02 09:27:21 -04:00
|
|
|
|
2020-05-08 08:30:40 -04:00
|
|
|
if self.get_config().oidc_enabled:
|
|
|
|
from synapse.rest.oidc import OIDCResource
|
|
|
|
|
|
|
|
resources["/_synapse/oidc"] = OIDCResource(self)
|
|
|
|
|
2018-12-07 07:11:11 -05:00
|
|
|
if self.get_config().saml2_enabled:
|
|
|
|
from synapse.rest.saml2 import SAML2Resource
|
2019-06-20 05:32:02 -04:00
|
|
|
|
2018-12-07 07:11:11 -05:00
|
|
|
resources["/_matrix/saml2"] = SAML2Resource(self)
|
|
|
|
|
2020-09-10 06:45:12 -04:00
|
|
|
if self.get_config().threepid_behaviour_email == ThreepidBehaviour.LOCAL:
|
|
|
|
from synapse.rest.synapse.client.password_reset import (
|
|
|
|
PasswordResetSubmitTokenResource,
|
|
|
|
)
|
|
|
|
|
|
|
|
resources[
|
|
|
|
"/_synapse/client/password_reset/email/submit_token"
|
|
|
|
] = PasswordResetSubmitTokenResource(self)
|
|
|
|
|
2018-05-10 19:17:11 -04:00
|
|
|
if name == "consent":
|
2018-05-22 09:00:23 -04:00
|
|
|
from synapse.rest.consent.consent_resource import ConsentResource
|
2019-06-20 05:32:02 -04:00
|
|
|
|
2018-05-10 19:17:11 -04:00
|
|
|
consent_resource = ConsentResource(self)
|
|
|
|
if compress:
|
|
|
|
consent_resource = gz_wrap(consent_resource)
|
2019-06-20 05:32:02 -04:00
|
|
|
resources.update({"/_matrix/consent": consent_resource})
|
2018-05-10 19:17:11 -04:00
|
|
|
|
2017-11-02 09:27:21 -04:00
|
|
|
if name == "federation":
|
2019-06-20 05:32:02 -04:00
|
|
|
resources.update({FEDERATION_PREFIX: TransportLayerServer(self)})
|
2017-11-02 09:27:21 -04:00
|
|
|
|
2019-01-20 18:54:43 -05:00
|
|
|
if name == "openid":
|
2019-06-20 05:32:02 -04:00
|
|
|
resources.update(
|
|
|
|
{
|
|
|
|
FEDERATION_PREFIX: TransportLayerServer(
|
|
|
|
self, servlet_groups=["openid"]
|
|
|
|
)
|
|
|
|
}
|
|
|
|
)
|
2019-01-20 18:54:43 -05:00
|
|
|
|
2017-11-02 09:27:21 -04:00
|
|
|
if name in ["static", "client"]:
|
2019-06-20 05:32:02 -04:00
|
|
|
resources.update(
|
|
|
|
{
|
2020-07-01 09:10:23 -04:00
|
|
|
STATIC_PREFIX: StaticResource(
|
2019-06-20 05:32:02 -04:00
|
|
|
os.path.join(os.path.dirname(synapse.__file__), "static")
|
|
|
|
)
|
|
|
|
}
|
|
|
|
)
|
2017-11-02 09:27:21 -04:00
|
|
|
|
|
|
|
if name in ["media", "federation", "client"]:
|
2017-11-21 08:29:39 -05:00
|
|
|
if self.get_config().enable_media_repo:
|
|
|
|
media_repo = self.get_media_repository_resource()
|
2019-06-20 05:32:02 -04:00
|
|
|
resources.update(
|
2020-01-03 12:10:52 -05:00
|
|
|
{MEDIA_PREFIX: media_repo, LEGACY_MEDIA_PREFIX: media_repo}
|
2019-06-20 05:32:02 -04:00
|
|
|
)
|
2017-11-21 08:29:39 -05:00
|
|
|
elif name == "media":
|
|
|
|
raise ConfigError(
|
2019-06-20 05:32:02 -04:00
|
|
|
"'media' resource conflicts with enable_media_repo=False"
|
2017-11-21 08:29:39 -05:00
|
|
|
)
|
2017-11-02 09:27:21 -04:00
|
|
|
|
|
|
|
if name in ["keys", "federation"]:
|
2018-10-31 07:29:02 -04:00
|
|
|
resources[SERVER_KEY_V2_PREFIX] = KeyApiV2Resource(self)
|
2017-11-02 09:27:21 -04:00
|
|
|
|
|
|
|
if name == "webclient":
|
2020-04-03 11:57:34 -04:00
|
|
|
webclient_loc = self.get_config().web_client_location
|
2018-12-11 08:18:48 -05:00
|
|
|
|
2020-04-03 11:57:34 -04:00
|
|
|
if webclient_loc is None:
|
2018-12-11 08:18:48 -05:00
|
|
|
logger.warning(
|
|
|
|
"Not enabling webclient resource, as web_client_location is unset."
|
|
|
|
)
|
2020-04-03 11:57:34 -04:00
|
|
|
elif webclient_loc.startswith("http://") or webclient_loc.startswith(
|
|
|
|
"https://"
|
|
|
|
):
|
|
|
|
resources[WEB_CLIENT_PREFIX] = RootRedirect(webclient_loc)
|
2018-12-11 08:18:48 -05:00
|
|
|
else:
|
2020-04-03 11:57:34 -04:00
|
|
|
logger.warning(
|
|
|
|
"Running webclient on the same domain is not recommended: "
|
|
|
|
"https://github.com/matrix-org/synapse#security-note - "
|
|
|
|
"after you move webclient to different host you can set "
|
|
|
|
"web_client_location to its full URL to enable redirection."
|
|
|
|
)
|
2018-12-11 08:18:48 -05:00
|
|
|
# GZip is disabled here due to
|
|
|
|
# https://twistedmatrix.com/trac/ticket/7678
|
2020-04-03 11:57:34 -04:00
|
|
|
resources[WEB_CLIENT_PREFIX] = File(webclient_loc)
|
2017-11-02 09:27:21 -04:00
|
|
|
|
|
|
|
if name == "metrics" and self.get_config().enable_metrics:
|
2018-05-31 05:04:50 -04:00
|
|
|
resources[METRICS_PREFIX] = MetricsResource(RegistryProxy)
|
2017-11-02 09:27:21 -04:00
|
|
|
|
2018-02-05 12:22:16 -05:00
|
|
|
if name == "replication":
|
|
|
|
resources[REPLICATION_PREFIX] = ReplicationRestResource(self)
|
|
|
|
|
2017-11-02 09:27:21 -04:00
|
|
|
return resources
|
|
|
|
|
2020-06-16 07:44:07 -04:00
|
|
|
def start_listening(self, listeners: Iterable[ListenerConfig]):
|
2015-06-12 10:33:07 -04:00
|
|
|
config = self.get_config()
|
|
|
|
|
2020-04-22 08:07:41 -04:00
|
|
|
if config.redis_enabled:
|
|
|
|
# If redis is enabled we connect via the replication command handler
|
|
|
|
# in the same way as the workers (since we're effectively a client
|
|
|
|
# rather than a server).
|
|
|
|
self.get_tcp_replication().start_replication(self)
|
|
|
|
|
2019-02-08 12:25:57 -05:00
|
|
|
for listener in listeners:
|
2020-06-16 07:44:07 -04:00
|
|
|
if listener.type == "http":
|
2019-06-20 05:32:02 -04:00
|
|
|
self._listening_services.extend(self._listener_http(config, listener))
|
2020-06-16 07:44:07 -04:00
|
|
|
elif listener.type == "manhole":
|
2017-12-17 07:04:05 -05:00
|
|
|
listen_tcp(
|
2020-06-16 07:44:07 -04:00
|
|
|
listener.bind_addresses,
|
|
|
|
listener.port,
|
2017-09-06 11:48:49 -04:00
|
|
|
manhole(
|
2019-06-20 05:32:02 -04:00
|
|
|
username="matrix", password="rabbithole", globals={"hs": self}
|
|
|
|
),
|
2017-09-06 11:48:49 -04:00
|
|
|
)
|
2020-06-16 07:44:07 -04:00
|
|
|
elif listener.type == "replication":
|
2019-02-13 06:59:04 -05:00
|
|
|
services = listen_tcp(
|
2020-06-16 07:44:07 -04:00
|
|
|
listener.bind_addresses,
|
|
|
|
listener.port,
|
2019-02-13 06:59:04 -05:00
|
|
|
ReplicationStreamProtocolFactory(self),
|
|
|
|
)
|
|
|
|
for s in services:
|
2019-06-20 05:32:02 -04:00
|
|
|
reactor.addSystemEventTrigger("before", "shutdown", s.stopListening)
|
2020-06-16 07:44:07 -04:00
|
|
|
elif listener.type == "metrics":
|
2018-05-31 05:04:50 -04:00
|
|
|
if not self.get_config().enable_metrics:
|
2019-10-31 06:23:24 -04:00
|
|
|
logger.warning(
|
2019-06-20 05:32:02 -04:00
|
|
|
(
|
|
|
|
"Metrics listener configured, but "
|
|
|
|
"enable_metrics is not True!"
|
|
|
|
)
|
|
|
|
)
|
2018-05-31 05:04:50 -04:00
|
|
|
else:
|
2020-06-16 07:44:07 -04:00
|
|
|
_base.listen_metrics(listener.bind_addresses, listener.port)
|
2015-06-12 10:33:07 -04:00
|
|
|
else:
|
2020-06-16 07:44:07 -04:00
|
|
|
# this shouldn't happen, as the listener type should have been checked
|
|
|
|
# during parsing
|
|
|
|
logger.warning("Unrecognized listener type: %s", listener.type)
|
2015-03-12 12:05:46 -04:00
|
|
|
|
2015-04-29 07:12:18 -04:00
|
|
|
|
2015-03-10 05:58:33 -04:00
|
|
|
def setup(config_options):
|
2015-03-10 05:39:42 -04:00
|
|
|
"""
|
|
|
|
Args:
|
|
|
|
config_options_options: The options passed to Synapse. Usually
|
|
|
|
`sys.argv[1:]`.
|
|
|
|
|
|
|
|
Returns:
|
|
|
|
HomeServer
|
|
|
|
"""
|
Error if macaroon key is missing from config
Currently we store all access tokens in the DB, and fall back to that
check if we can't validate the macaroon, so our fallback works here, but
for guests, their macaroons don't get persisted, so we don't get to
find them in the database. Each restart, we generate a new ephemeral
key, so guests lose access after each server restart.
I tried to fix up the config stuff to be less insane, but gave up, so
instead I bolt on yet another piece of custom one-off insanity.
Also, add some basic tests for config generation and loading.
2016-02-04 20:58:23 -05:00
|
|
|
try:
|
2016-06-09 13:50:38 -04:00
|
|
|
config = HomeServerConfig.load_or_generate_config(
|
2019-06-20 05:32:02 -04:00
|
|
|
"Synapse Homeserver", config_options
|
Error if macaroon key is missing from config
Currently we store all access tokens in the DB, and fall back to that
check if we can't validate the macaroon, so our fallback works here, but
for guests, their macaroons don't get persisted, so we don't get to
find them in the database. Each restart, we generate a new ephemeral
key, so guests lose access after each server restart.
I tried to fix up the config stuff to be less insane, but gave up, so
instead I bolt on yet another piece of custom one-off insanity.
Also, add some basic tests for config generation and loading.
2016-02-04 20:58:23 -05:00
|
|
|
)
|
|
|
|
except ConfigError as e:
|
2020-12-08 09:04:35 -05:00
|
|
|
sys.stderr.write("\n")
|
|
|
|
for f in format_config_error(e):
|
|
|
|
sys.stderr.write(f)
|
|
|
|
sys.stderr.write("\n")
|
Error if macaroon key is missing from config
Currently we store all access tokens in the DB, and fall back to that
check if we can't validate the macaroon, so our fallback works here, but
for guests, their macaroons don't get persisted, so we don't get to
find them in the database. Each restart, we generate a new ephemeral
key, so guests lose access after each server restart.
I tried to fix up the config stuff to be less insane, but gave up, so
instead I bolt on yet another piece of custom one-off insanity.
Also, add some basic tests for config generation and loading.
2016-02-04 20:58:23 -05:00
|
|
|
sys.exit(1)
|
|
|
|
|
|
|
|
if not config:
|
|
|
|
# If a config isn't returned, and an exception isn't raised, we're just
|
|
|
|
# generating config files and shouldn't try to continue.
|
|
|
|
sys.exit(0)
|
2014-11-18 10:57:00 -05:00
|
|
|
|
2015-05-29 07:17:33 -04:00
|
|
|
events.USE_FROZEN_DICTS = config.use_frozen_dicts
|
|
|
|
|
2014-08-12 10:10:52 -04:00
|
|
|
hs = SynapseHomeServer(
|
2014-08-31 11:06:39 -04:00
|
|
|
config.server_name,
|
2014-09-02 12:57:04 -04:00
|
|
|
config=config,
|
2018-06-20 10:33:14 -04:00
|
|
|
version_string="Synapse/" + get_version_string(synapse),
|
2014-08-12 10:10:52 -04:00
|
|
|
)
|
|
|
|
|
2019-08-28 07:18:53 -04:00
|
|
|
synapse.config.logger.setup_logging(hs, config, use_worker_options=False)
|
|
|
|
|
2019-12-06 08:09:40 -05:00
|
|
|
logger.info("Setting up server")
|
2014-09-10 11:23:58 -04:00
|
|
|
|
2014-12-16 09:20:32 -05:00
|
|
|
try:
|
2019-12-06 08:09:40 -05:00
|
|
|
hs.setup()
|
|
|
|
except IncorrectDatabaseSetup as e:
|
|
|
|
quit_with_error(str(e))
|
2019-12-19 09:53:15 -05:00
|
|
|
except UpgradeDatabaseException as e:
|
|
|
|
quit_with_error("Failed to upgrade database: %s" % (e,))
|
2014-09-10 11:23:58 -04:00
|
|
|
|
2020-08-03 07:09:33 -04:00
|
|
|
async def do_acme() -> bool:
|
2019-02-11 05:36:26 -05:00
|
|
|
"""
|
|
|
|
Reprovision an ACME certificate, if it's required.
|
|
|
|
|
|
|
|
Returns:
|
2020-08-03 07:09:33 -04:00
|
|
|
Whether the cert has been updated.
|
2019-02-11 05:36:26 -05:00
|
|
|
"""
|
|
|
|
acme = hs.get_acme_handler()
|
|
|
|
|
|
|
|
# Check how long the certificate is active for.
|
2019-06-20 05:32:02 -04:00
|
|
|
cert_days_remaining = hs.config.is_disk_cert_valid(allow_self_signed=False)
|
2019-02-11 05:36:26 -05:00
|
|
|
|
|
|
|
# We want to reprovision if cert_days_remaining is None (meaning no
|
|
|
|
# certificate exists), or the days remaining number it returns
|
|
|
|
# is less than our re-registration threshold.
|
|
|
|
provision = False
|
|
|
|
|
2019-02-14 12:10:36 -05:00
|
|
|
if (
|
2019-06-20 05:32:02 -04:00
|
|
|
cert_days_remaining is None
|
|
|
|
or cert_days_remaining < hs.config.acme_reprovision_threshold
|
2019-02-14 12:10:36 -05:00
|
|
|
):
|
2019-02-11 05:36:26 -05:00
|
|
|
provision = True
|
|
|
|
|
|
|
|
if provision:
|
2020-08-03 07:09:33 -04:00
|
|
|
await acme.provision_certificate()
|
2019-02-11 05:36:26 -05:00
|
|
|
|
2019-07-23 09:00:55 -04:00
|
|
|
return provision
|
2019-02-11 05:36:26 -05:00
|
|
|
|
2020-09-02 07:44:50 -04:00
|
|
|
async def reprovision_acme():
|
2019-02-11 05:36:26 -05:00
|
|
|
"""
|
|
|
|
Provision a certificate from ACME, if required, and reload the TLS
|
|
|
|
certificate if it's renewed.
|
|
|
|
"""
|
2020-09-02 07:44:50 -04:00
|
|
|
reprovisioned = await do_acme()
|
2019-02-11 05:36:26 -05:00
|
|
|
if reprovisioned:
|
|
|
|
_base.refresh_certificate(hs)
|
|
|
|
|
2020-09-02 07:44:50 -04:00
|
|
|
async def start():
|
2021-01-11 10:55:05 -05:00
|
|
|
# Run the ACME provisioning code, if it's enabled.
|
|
|
|
if hs.config.acme_enabled:
|
|
|
|
acme = hs.get_acme_handler()
|
|
|
|
# Start up the webservices which we will respond to ACME
|
|
|
|
# challenges with, and then provision.
|
|
|
|
await acme.start_listening()
|
|
|
|
await do_acme()
|
|
|
|
|
|
|
|
# Check if it needs to be reprovisioned every day.
|
|
|
|
hs.get_clock().looping_call(reprovision_acme, 24 * 60 * 60 * 1000)
|
|
|
|
|
|
|
|
# Load the OIDC provider metadatas, if OIDC is enabled.
|
|
|
|
if hs.config.oidc_enabled:
|
|
|
|
oidc = hs.get_oidc_handler()
|
|
|
|
# Loading the provider metadata also ensures the provider config is valid.
|
|
|
|
await oidc.load_metadata()
|
|
|
|
await oidc.load_jwks()
|
|
|
|
|
|
|
|
await _base.start(hs, config.listeners)
|
|
|
|
|
|
|
|
hs.get_datastore().db_pool.updates.start_doing_background_updates()
|
|
|
|
|
|
|
|
register_start(start)
|
2015-02-06 11:52:22 -05:00
|
|
|
|
2015-03-10 05:39:42 -04:00
|
|
|
return hs
|
|
|
|
|
2014-11-20 12:26:36 -05:00
|
|
|
|
2020-12-08 09:04:35 -05:00
|
|
|
def format_config_error(e: ConfigError) -> Iterator[str]:
|
|
|
|
"""
|
|
|
|
Formats a config error neatly
|
|
|
|
|
|
|
|
The idea is to format the immediate error, plus the "causes" of those errors,
|
|
|
|
hopefully in a way that makes sense to the user. For example:
|
|
|
|
|
|
|
|
Error in configuration at 'oidc_config.user_mapping_provider.config.display_name_template':
|
|
|
|
Failed to parse config for module 'JinjaOidcMappingProvider':
|
|
|
|
invalid jinja template:
|
|
|
|
unexpected end of template, expected 'end of print statement'.
|
|
|
|
|
|
|
|
Args:
|
|
|
|
e: the error to be formatted
|
|
|
|
|
|
|
|
Returns: An iterator which yields string fragments to be formatted
|
|
|
|
"""
|
|
|
|
yield "Error in configuration"
|
|
|
|
|
|
|
|
if e.path:
|
|
|
|
yield " at '%s'" % (".".join(e.path),)
|
|
|
|
|
|
|
|
yield ":\n %s" % (e.msg,)
|
|
|
|
|
|
|
|
e = e.__cause__
|
|
|
|
indent = 1
|
|
|
|
while e:
|
|
|
|
indent += 1
|
|
|
|
yield ":\n%s%s" % (" " * indent, str(e))
|
|
|
|
e = e.__cause__
|
|
|
|
|
|
|
|
|
2015-03-10 05:58:33 -04:00
|
|
|
def run(hs):
|
2016-01-26 13:27:23 -05:00
|
|
|
PROFILE_SYNAPSE = False
|
2015-05-06 12:08:00 -04:00
|
|
|
if PROFILE_SYNAPSE:
|
2019-06-20 05:32:02 -04:00
|
|
|
|
2015-05-06 12:08:00 -04:00
|
|
|
def profile(func):
|
|
|
|
from cProfile import Profile
|
|
|
|
from threading import current_thread
|
|
|
|
|
|
|
|
def profiled(*args, **kargs):
|
|
|
|
profile = Profile()
|
|
|
|
profile.enable()
|
|
|
|
func(*args, **kargs)
|
|
|
|
profile.disable()
|
|
|
|
ident = current_thread().ident
|
2019-06-20 05:32:02 -04:00
|
|
|
profile.dump_stats(
|
|
|
|
"/tmp/%s.%s.%i.pstat" % (hs.hostname, func.__name__, ident)
|
|
|
|
)
|
2015-05-06 12:08:00 -04:00
|
|
|
|
|
|
|
return profiled
|
|
|
|
|
|
|
|
from twisted.python.threadpool import ThreadPool
|
2019-06-20 05:32:02 -04:00
|
|
|
|
2015-05-06 12:08:00 -04:00
|
|
|
ThreadPool._worker = profile(ThreadPool._worker)
|
|
|
|
reactor.run = profile(reactor.run)
|
2015-03-10 05:58:33 -04:00
|
|
|
|
2017-08-15 10:57:46 -04:00
|
|
|
_base.start_reactor(
|
|
|
|
"synapse-homeserver",
|
2019-03-14 09:32:14 -04:00
|
|
|
soft_file_limit=hs.config.soft_file_limit,
|
|
|
|
gc_thresholds=hs.config.gc_thresholds,
|
|
|
|
pid_file=hs.config.pid_file,
|
|
|
|
daemonize=hs.config.daemonize,
|
|
|
|
print_pidfile=hs.config.print_pidfile,
|
|
|
|
logger=logger,
|
2017-08-15 10:57:46 -04:00
|
|
|
)
|
2014-10-29 21:21:33 -04:00
|
|
|
|
2014-11-20 12:26:36 -05:00
|
|
|
|
2014-11-18 10:57:00 -05:00
|
|
|
def main():
|
2014-10-30 07:15:39 -04:00
|
|
|
with LoggingContext("main"):
|
2015-03-17 07:45:37 -04:00
|
|
|
# check base requirements
|
2015-01-08 12:07:28 -05:00
|
|
|
check_requirements()
|
2015-03-10 05:58:33 -04:00
|
|
|
hs = setup(sys.argv[1:])
|
|
|
|
run(hs)
|
2014-08-12 10:10:52 -04:00
|
|
|
|
2014-11-20 12:26:36 -05:00
|
|
|
|
2019-06-20 05:32:02 -04:00
|
|
|
if __name__ == "__main__":
|
2014-11-18 10:57:00 -05:00
|
|
|
main()
|