diff --git a/docs/MSC2140_MSC2134.md b/docs/MSC2140_MSC2134.md new file mode 100644 index 0000000..7e73928 --- /dev/null +++ b/docs/MSC2140_MSC2134.md @@ -0,0 +1,47 @@ +# MSC2140 + +## V1 vs V2 +In the [MSC2140](https://github.com/matrix-org/matrix-doc/pull/2140) the v2 prefix was introduced. + +Default values: +```.yaml +matrix: + v1: true # deprecated + v2: true +``` + +To disable change value to `false`. + +NOTE: the v1 is deprecated, therefore recommend to use only v2 and disable v1 (default value can be ommited): +```.yaml +matrix: + v1: false +``` + +## Terms + +Example: +```.yaml +policy: + policies: + term_name: # term name + version: 1.0 # version + terms: + en: # lang + name: term name en # localized name + url: https://ma1sd.host.tld/term_en.html # localized url + fe: # lang + name: term name fr # localized name + url: https://ma1sd.host.tld/term_fr.html # localized url + regexp: + - '/_matrix/identity/v2/account.*' + - '/_matrix/identity/v2/hash_lookup' +``` +Where: + +- `term_name` -- name of the terms. +- `regexp` -- regexp patterns for API. + + +## Hash lookup + diff --git a/docs/configure.md b/docs/configure.md index 69c8f7e..a133b9d 100644 --- a/docs/configure.md +++ b/docs/configure.md @@ -48,6 +48,9 @@ Create a list under the label `myOtherServers` containing two Identity servers: ## Unbind (MSC1915) - `session.policy.unbind.enabled`: Enable or disable unbind functionality (MSC1915). (Defaults to true). +## Hash lookups, Term and others (MSC2140, MSC2134) +See the [dedicated document](MSC2140_MSC2134.md) for configuration. + *Warning*: Unbind check incoming request by two ways: - session validation. - request signature via `X-Matrix` header and uses `server.publicUrl` property to construct the signing json; diff --git a/src/main/java/io/kamax/mxisd/config/HashingConfig.java b/src/main/java/io/kamax/mxisd/config/HashingConfig.java index 6d557e0..dda4ccd 100644 --- a/src/main/java/io/kamax/mxisd/config/HashingConfig.java +++ b/src/main/java/io/kamax/mxisd/config/HashingConfig.java @@ -23,27 +23,28 @@ public class HashingConfig { LOGGER.info(" Pepper length: {}", getPepperLength()); LOGGER.info(" Rotation policy: {}", getRotationPolicy()); LOGGER.info(" Hash storage type: {}", getHashStorageType()); - if (RotationPolicyEnum.PER_SECONDS == rotationPolicy) { + if (RotationPolicyEnum.per_seconds == rotationPolicy) { LOGGER.info(" Rotation delay: {}", delay); } + LOGGER.info(" Algorithms: {}", algorithms); } else { LOGGER.info("Hash configuration disabled, used only `none` pepper."); } } public enum Algorithm { - NONE, - SHA256 + none, + sha256 } public enum RotationPolicyEnum { - PER_REQUESTS, - PER_SECONDS + per_requests, + per_seconds } public enum HashStorageEnum { - IN_MEMORY, - SQL + in_memory, + sql } public boolean isEnabled() { diff --git a/src/main/java/io/kamax/mxisd/config/PolicyConfig.java b/src/main/java/io/kamax/mxisd/config/PolicyConfig.java index aab17c6..39f4319 100644 --- a/src/main/java/io/kamax/mxisd/config/PolicyConfig.java +++ b/src/main/java/io/kamax/mxisd/config/PolicyConfig.java @@ -100,10 +100,12 @@ public class PolicyConfig { policyObjectItem.getValue().getPatterns().add(Pattern.compile(regexp)); } sb.append(" terms:\n"); - for (Map.Entry termItem : policyObject.getTerms().entrySet()) { - sb.append(" - lang: ").append(termItem.getKey()).append("\n"); - sb.append(" name: ").append(termItem.getValue().getName()).append("\n"); - sb.append(" url: ").append(termItem.getValue().getUrl()).append("\n"); + if (policyObject.getTerms() != null) { + for (Map.Entry termItem : policyObject.getTerms().entrySet()) { + sb.append(" - lang: ").append(termItem.getKey()).append("\n"); + sb.append(" name: ").append(termItem.getValue().getName()).append("\n"); + sb.append(" url: ").append(termItem.getValue().getUrl()).append("\n"); + } } LOGGER.info(sb.toString()); } diff --git a/src/main/java/io/kamax/mxisd/config/sql/SqlConfig.java b/src/main/java/io/kamax/mxisd/config/sql/SqlConfig.java index 44b2d57..75c2687 100644 --- a/src/main/java/io/kamax/mxisd/config/sql/SqlConfig.java +++ b/src/main/java/io/kamax/mxisd/config/sql/SqlConfig.java @@ -125,7 +125,7 @@ public abstract class SqlConfig { } public static class Lookup { - private String query; + private String query = "SELECT user_id AS mxid, medium, address from user_threepids"; public String getQuery() { return query; diff --git a/src/main/java/io/kamax/mxisd/hash/HashEngine.java b/src/main/java/io/kamax/mxisd/hash/HashEngine.java index 7b5b6a5..5aaee1e 100644 --- a/src/main/java/io/kamax/mxisd/hash/HashEngine.java +++ b/src/main/java/io/kamax/mxisd/hash/HashEngine.java @@ -6,11 +6,15 @@ import io.kamax.mxisd.hash.storage.HashStorage; import io.kamax.mxisd.lookup.ThreePidMapping; import io.kamax.mxisd.lookup.provider.IThreePidProvider; import org.apache.commons.lang3.RandomStringUtils; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; import java.util.List; public class HashEngine { + private static final Logger LOGGER = LoggerFactory.getLogger(HashEngine.class); + private final List providers; private final HashStorage hashStorage; private final MxSha256 sha256 = new MxSha256(); @@ -24,15 +28,21 @@ public class HashEngine { } public void updateHashes() { + LOGGER.info("Start update hashes."); synchronized (hashStorage) { this.pepper = newPepper(); hashStorage.clear(); for (IThreePidProvider provider : providers) { - for (ThreePidMapping pidMapping : provider.populateHashes()) { - hashStorage.add(pidMapping, hash(pidMapping)); + try { + for (ThreePidMapping pidMapping : provider.populateHashes()) { + hashStorage.add(pidMapping, hash(pidMapping)); + } + } catch (Exception e) { + LOGGER.error("Unable to update hashes of the provider: " + provider.toString(), e); } } } + LOGGER.info("Finish update hashes."); } public String getPepper() { diff --git a/src/main/java/io/kamax/mxisd/hash/HashManager.java b/src/main/java/io/kamax/mxisd/hash/HashManager.java index 7af2e00..31249fd 100644 --- a/src/main/java/io/kamax/mxisd/hash/HashManager.java +++ b/src/main/java/io/kamax/mxisd/hash/HashManager.java @@ -40,10 +40,10 @@ public class HashManager { private void initStorage() { if (config.isEnabled()) { switch (config.getHashStorageType()) { - case IN_MEMORY: + case in_memory: this.hashStorage = new InMemoryHashStorage(); break; - case SQL: + case sql: this.hashStorage = new SqlHashStorage(storage); break; default: @@ -57,10 +57,10 @@ public class HashManager { private void initRotationStrategy() { if (config.isEnabled()) { switch (config.getRotationPolicy()) { - case PER_REQUESTS: + case per_requests: this.rotationStrategy = new RotationPerRequests(); break; - case PER_SECONDS: + case per_seconds: this.rotationStrategy = new TimeBasedRotation(config.getDelay()); break; default: diff --git a/src/main/java/io/kamax/mxisd/http/undertow/handler/identity/v2/HashLookupHandler.java b/src/main/java/io/kamax/mxisd/http/undertow/handler/identity/v2/HashLookupHandler.java index 03a877e..5cc28d0 100644 --- a/src/main/java/io/kamax/mxisd/http/undertow/handler/identity/v2/HashLookupHandler.java +++ b/src/main/java/io/kamax/mxisd/http/undertow/handler/identity/v2/HashLookupHandler.java @@ -84,7 +84,7 @@ public class HashLookupHandler extends LookupHandler implements ApiHandler { } private void noneAlgorithm(HttpServerExchange exchange, HashLookupRequest request, ClientHashLookupRequest input) throws Exception { - if (!hashManager.getConfig().getAlgorithms().contains(HashingConfig.Algorithm.NONE)) { + if (!hashManager.getConfig().getAlgorithms().contains(HashingConfig.Algorithm.none)) { throw new InvalidParamException(); } @@ -110,7 +110,7 @@ public class HashLookupHandler extends LookupHandler implements ApiHandler { } private void sha256Algorithm(HttpServerExchange exchange, HashLookupRequest request, ClientHashLookupRequest input) { - if (!hashManager.getConfig().getAlgorithms().contains(HashingConfig.Algorithm.SHA256)) { + if (!hashManager.getConfig().getAlgorithms().contains(HashingConfig.Algorithm.sha256)) { throw new InvalidParamException(); }