mirror of
https://github.com/element-hq/element-web
synced 2024-11-29 12:58:53 +03:00
483 lines
20 KiB
Markdown
483 lines
20 KiB
Markdown
Element
|
||
=======
|
||
|
||
Element (formerly known as Vector and Riot) is a Matrix web client built using the [Matrix
|
||
React SDK](https://github.com/matrix-org/matrix-react-sdk).
|
||
|
||
Supported Environments
|
||
======================
|
||
|
||
Element has several tiers of support for different environments:
|
||
|
||
* Supported
|
||
* Definition: Issues **actively triaged**, regressions **block** the release
|
||
* Last 2 major versions of Chrome, Firefox, Safari, and Edge on desktop OSes
|
||
* Latest release of official Element Desktop app on desktop OSes
|
||
* Desktop OSes means macOS, Windows, and Linux versions for desktop devices
|
||
that are actively supported by the OS vendor and receive security updates
|
||
* Experimental
|
||
* Definition: Issues **accepted**, regressions **do not block** the release
|
||
* Element as an installed PWA via current stable version of Chrome, Firefox, and Safari
|
||
* Mobile web for current stable version of Chrome, Firefox, and Safari on Android, iOS, and iPadOS
|
||
* Not supported
|
||
* Definition: Issues only affecting unsupported environments are **closed**
|
||
* Everything else
|
||
|
||
For accessing Element on an Android or iOS device, we currently recommend the
|
||
native apps [element-android](https://github.com/vector-im/element-android)
|
||
and [element-ios](https://github.com/vector-im/element-ios).
|
||
|
||
Getting Started
|
||
===============
|
||
|
||
The easiest way to test Element is to just use the hosted copy at <https://app.element.io>.
|
||
The `develop` branch is continuously deployed to <https://develop.element.io>
|
||
for those who like living dangerously.
|
||
|
||
To host your own copy of Element, the quickest bet is to use a pre-built
|
||
released version of Element:
|
||
|
||
1. Download the latest version from <https://github.com/vector-im/element-web/releases>
|
||
1. Untar the tarball on your web server
|
||
1. Move (or symlink) the `element-x.x.x` directory to an appropriate name
|
||
1. Configure the correct caching headers in your webserver (see below)
|
||
1. If desired, copy `config.sample.json` to `config.json` and edit it
|
||
as desired. See the [configuration docs](docs/config.md) for details.
|
||
1. Enter the URL into your browser and log into Element!
|
||
|
||
Releases are signed using gpg and the OpenPGP standard, and can be checked against the public key located
|
||
at <https://packages.riot.im/element-release-key.asc>.
|
||
|
||
Note that for the security of your chats will need to serve Element
|
||
over HTTPS. Major browsers also do not allow you to use VoIP/video
|
||
chats over HTTP, as WebRTC is only usable over HTTPS.
|
||
There are some exceptions like when using localhost, which is
|
||
considered a [secure context](https://developer.mozilla.org/docs/Web/Security/Secure_Contexts)
|
||
and thus allowed.
|
||
|
||
To install Element as a desktop application, see [Running as a desktop
|
||
app](#running-as-a-desktop-app) below.
|
||
|
||
Important Security Notes
|
||
========================
|
||
|
||
Separate domains
|
||
----------------
|
||
|
||
We do not recommend running Element from the same domain name as your Matrix
|
||
homeserver. The reason is the risk of XSS (cross-site-scripting)
|
||
vulnerabilities that could occur if someone caused Element to load and render
|
||
malicious user generated content from a Matrix API which then had trusted
|
||
access to Element (or other apps) due to sharing the same domain.
|
||
|
||
We have put some coarse mitigations into place to try to protect against this
|
||
situation, but it's still not good practice to do it in the first place. See
|
||
<https://github.com/vector-im/element-web/issues/1977> for more details.
|
||
|
||
Configuration best practices
|
||
----------------------------
|
||
|
||
Unless you have special requirements, you will want to add the following to
|
||
your web server configuration when hosting Element Web:
|
||
|
||
* The `X-Frame-Options: SAMEORIGIN` header, to prevent Element Web from being
|
||
framed and protect from [clickjacking][owasp-clickjacking].
|
||
* The `frame-ancestors 'none'` directive to your `Content-Security-Policy`
|
||
header, as the modern replacement for `X-Frame-Options` (though both should be
|
||
included since not all browsers support it yet, see
|
||
[this][owasp-clickjacking-csp]).
|
||
* The `X-Content-Type-Options: nosniff` header, to [disable MIME
|
||
sniffing][mime-sniffing].
|
||
* The `X-XSS-Protection: 1; mode=block;` header, for basic XSS protection in
|
||
legacy browsers.
|
||
|
||
[mime-sniffing]:
|
||
<https://developer.mozilla.org/en-US/docs/Web/HTTP/Basics_of_HTTP/MIME_types#mime_sniffing>
|
||
|
||
[owasp-clickjacking-csp]:
|
||
<https://cheatsheetseries.owasp.org/cheatsheets/Clickjacking_Defense_Cheat_Sheet.html#content-security-policy-frame-ancestors-examples>
|
||
|
||
[owasp-clickjacking]:
|
||
<https://cheatsheetseries.owasp.org/cheatsheets/Clickjacking_Defense_Cheat_Sheet.html>
|
||
|
||
If you are using nginx, this would look something like the following:
|
||
|
||
```
|
||
add_header X-Frame-Options SAMEORIGIN;
|
||
add_header X-Content-Type-Options nosniff;
|
||
add_header X-XSS-Protection "1; mode=block";
|
||
add_header Content-Security-Policy "frame-ancestors 'none'";
|
||
```
|
||
|
||
Note: In case you are already setting a `Content-Security-Policy` header
|
||
elsewhere, you should modify it to include the `frame-ancestors` directive
|
||
instead of adding that last line.
|
||
|
||
Building From Source
|
||
====================
|
||
|
||
Element is a modular webapp built with modern ES6 and uses a Node.js build system.
|
||
Ensure you have the latest LTS version of Node.js installed.
|
||
|
||
Using `yarn` instead of `npm` is recommended. Please see the Yarn [install
|
||
guide](https://classic.yarnpkg.com/en/docs/install) if you do not have it already.
|
||
|
||
1. Install or update `node.js` so that your `node` is at least v10.x.
|
||
1. Install `yarn` if not present already.
|
||
1. Clone the repo: `git clone https://github.com/vector-im/element-web.git`.
|
||
1. Switch to the element-web directory: `cd element-web`.
|
||
1. Install the prerequisites: `yarn install`.
|
||
* If you're using the `develop` branch, then it is recommended to set up a
|
||
proper development environment (see [Setting up a dev
|
||
environment](#setting-up-a-dev-environment) below). Alternatively, you
|
||
can use <https://develop.element.io> - the continuous integration release of
|
||
the develop branch.
|
||
1. Configure the app by copying `config.sample.json` to `config.json` and
|
||
modifying it. See the [configuration docs](docs/config.md) for details.
|
||
1. `yarn dist` to build a tarball to deploy. Untaring this file will give
|
||
a version-specific directory containing all the files that need to go on your
|
||
web server.
|
||
|
||
Note that `yarn dist` is not supported on Windows, so Windows users can run `yarn build`,
|
||
which will build all the necessary files into the `webapp` directory. The version of Element
|
||
will not appear in Settings without using the dist script. You can then mount the
|
||
`webapp` directory on your web server to actually serve up the app, which is
|
||
entirely static content.
|
||
|
||
Running as a Desktop app
|
||
========================
|
||
|
||
Element can also be run as a desktop app, wrapped in Electron. You can download a
|
||
pre-built version from <https://element.io/get-started> or, if you prefer,
|
||
build it yourself.
|
||
|
||
To build it yourself, follow the instructions at <https://github.com/vector-im/element-desktop>.
|
||
|
||
Many thanks to @aviraldg for the initial work on the Electron integration.
|
||
|
||
Other options for running as a desktop app:
|
||
|
||
* @asdf:matrix.org points out that you can use nativefier and it just works(tm)
|
||
|
||
```bash
|
||
yarn global add nativefier
|
||
nativefier https://app.element.io/
|
||
```
|
||
|
||
The [configuration docs](docs/config.md#desktop-app-configuration) show how to
|
||
override the desktop app's default settings if desired.
|
||
|
||
Running from Docker
|
||
===================
|
||
|
||
The Docker image can be used to serve element-web as a web server. The easiest way to use
|
||
it is to use the prebuilt image:
|
||
|
||
```bash
|
||
docker run -p 80:80 vectorim/element-web
|
||
```
|
||
|
||
To supply your own custom `config.json`, map a volume to `/app/config.json`. For example,
|
||
if your custom config was located at `/etc/element-web/config.json` then your Docker command
|
||
would be:
|
||
|
||
```bash
|
||
docker run -p 80:80 -v /etc/element-web/config.json:/app/config.json vectorim/element-web
|
||
```
|
||
|
||
To build the image yourself:
|
||
|
||
```bash
|
||
git clone https://github.com/vector-im/element-web.git element-web
|
||
cd element-web
|
||
git checkout master
|
||
docker build .
|
||
```
|
||
|
||
If you're building a custom branch, or want to use the develop branch, check out the appropriate
|
||
element-web branch and then run:
|
||
|
||
```bash
|
||
docker build -t \
|
||
--build-arg USE_CUSTOM_SDKS=true \
|
||
--build-arg REACT_SDK_REPO="https://github.com/matrix-org/matrix-react-sdk.git" \
|
||
--build-arg REACT_SDK_BRANCH="develop" \
|
||
--build-arg JS_SDK_REPO="https://github.com/matrix-org/matrix-js-sdk.git" \
|
||
--build-arg JS_SDK_BRANCH="develop" \
|
||
.
|
||
```
|
||
|
||
Running in Kubernetes
|
||
=====================
|
||
|
||
The provided element-web docker image can also be run from within a Kubernetes cluster.
|
||
See the [Kubernetes example](docs/kubernetes.md) for more details.
|
||
|
||
config.json
|
||
===========
|
||
|
||
Element supports a variety of settings to configure default servers, behaviour, themes, etc.
|
||
See the [configuration docs](docs/config.md) for more details.
|
||
|
||
Labs Features
|
||
=============
|
||
|
||
Some features of Element may be enabled by flags in the `Labs` section of the settings.
|
||
Some of these features are described in [labs.md](https://github.com/vector-im/element-web/blob/develop/docs/labs.md).
|
||
|
||
Caching requirements
|
||
====================
|
||
|
||
Element requires the following URLs not to be cached, when/if you are serving Element from your own webserver:
|
||
|
||
```
|
||
/config.*.json
|
||
/i18n
|
||
/home
|
||
/sites
|
||
/index.html
|
||
```
|
||
|
||
Development
|
||
===========
|
||
|
||
Before attempting to develop on Element you **must** read the [developer guide
|
||
for `matrix-react-sdk`](https://github.com/matrix-org/matrix-react-sdk#developer-guide), which
|
||
also defines the design, architecture and style for Element too.
|
||
|
||
Before starting work on a feature, it's best to ensure your plan aligns well
|
||
with our vision for Element. Please chat with the team in
|
||
[#element-dev:matrix.org](https://matrix.to/#/#element-dev:matrix.org) before you
|
||
start so we can ensure it's something we'd be willing to merge.
|
||
|
||
You should also familiarise yourself with the ["Here be Dragons" guide
|
||
](https://docs.google.com/document/d/12jYzvkidrp1h7liEuLIe6BMdU0NUjndUYI971O06ooM)
|
||
to the tame & not-so-tame dragons (gotchas) which exist in the codebase.
|
||
|
||
The idea of Element is to be a relatively lightweight "skin" of customisations on
|
||
top of the underlying `matrix-react-sdk`. `matrix-react-sdk` provides both the
|
||
higher and lower level React components useful for building Matrix communication
|
||
apps using React.
|
||
|
||
After creating a new component you must run `yarn reskindex` to regenerate
|
||
the `component-index.js` for the app (used in future for skinning).
|
||
|
||
Please note that Element is intended to run correctly without access to the public
|
||
internet. So please don't depend on resources (JS libs, CSS, images, fonts)
|
||
hosted by external CDNs or servers but instead please package all dependencies
|
||
into Element itself.
|
||
|
||
CSS hot-reload is available as an opt-in development feature. You can enable it
|
||
by defining a `CSS_HOT_RELOAD` environment variable, in a `.env` file in the root
|
||
of the repository. See `.env.example` for documentation and an example.
|
||
|
||
Setting up a dev environment
|
||
============================
|
||
|
||
Much of the functionality in Element is actually in the `matrix-react-sdk` and
|
||
`matrix-js-sdk` modules. It is possible to set these up in a way that makes it
|
||
easy to track the `develop` branches in git and to make local changes without
|
||
having to manually rebuild each time.
|
||
|
||
First clone and build `matrix-js-sdk`:
|
||
|
||
``` bash
|
||
git clone https://github.com/matrix-org/matrix-js-sdk.git
|
||
pushd matrix-js-sdk
|
||
yarn link
|
||
yarn install
|
||
popd
|
||
```
|
||
|
||
Then similarly with `matrix-react-sdk`:
|
||
|
||
```bash
|
||
git clone https://github.com/matrix-org/matrix-react-sdk.git
|
||
pushd matrix-react-sdk
|
||
yarn link
|
||
yarn link matrix-js-sdk
|
||
yarn install
|
||
popd
|
||
```
|
||
|
||
Finally, build and start Element itself:
|
||
|
||
```bash
|
||
git clone https://github.com/vector-im/element-web.git
|
||
cd element-web
|
||
yarn link matrix-js-sdk
|
||
yarn link matrix-react-sdk
|
||
yarn install
|
||
yarn reskindex
|
||
yarn start
|
||
```
|
||
|
||
Wait a few seconds for the initial build to finish; you should see something like:
|
||
|
||
```
|
||
[element-js] <s> [webpack.Progress] 100%
|
||
[element-js]
|
||
[element-js] ℹ 「wdm」: 1840 modules
|
||
[element-js] ℹ 「wdm」: Compiled successfully.
|
||
```
|
||
|
||
Remember, the command will not terminate since it runs the web server
|
||
and rebuilds source files when they change. This development server also
|
||
disables caching, so do NOT use it in production.
|
||
|
||
Configure the app by copying `config.sample.json` to `config.json` and
|
||
modifying it. See the [configuration docs](docs/config.md) for details.
|
||
|
||
Open <http://127.0.0.1:8080/> in your browser to see your newly built Element.
|
||
|
||
**Note**: The build script uses inotify by default on Linux to monitor directories
|
||
for changes. If the inotify limits are too low your build will fail silently or with
|
||
`Error: EMFILE: too many open files`. To avoid these issues, we recommend a watch limit
|
||
of at least `128M` and instance limit around `512`.
|
||
|
||
You may be interested in issues [#15750](https://github.com/vector-im/element-web/issues/15750) and
|
||
[#15774](https://github.com/vector-im/element-web/issues/15774) for further details.
|
||
|
||
To set a new inotify watch and instance limit, execute:
|
||
|
||
```
|
||
sudo sysctl fs.inotify.max_user_watches=131072
|
||
sudo sysctl fs.inotify.max_user_instances=512
|
||
sudo sysctl -p
|
||
```
|
||
|
||
If you wish, you can make the new limits permanent, by executing:
|
||
|
||
```
|
||
echo fs.inotify.max_user_watches=131072 | sudo tee -a /etc/sysctl.conf
|
||
echo fs.inotify.max_user_instances=512 | sudo tee -a /etc/sysctl.conf
|
||
sudo sysctl -p
|
||
```
|
||
|
||
___
|
||
|
||
When you make changes to `matrix-react-sdk` or `matrix-js-sdk` they should be
|
||
automatically picked up by webpack and built.
|
||
|
||
If you add or remove any components from the Element skin, you will need to rebuild
|
||
the skin's index by running, `yarn reskindex`.
|
||
|
||
If any of these steps error with, `file table overflow`, you are probably on a mac
|
||
which has a very low limit on max open files. Run `ulimit -Sn 1024` and try again.
|
||
You'll need to do this in each new terminal you open before building Element.
|
||
|
||
Running the tests
|
||
-----------------
|
||
|
||
There are a number of application-level tests in the `tests` directory; these
|
||
are designed to run in a browser instance under the control of
|
||
[karma](https://karma-runner.github.io). To run them:
|
||
|
||
* Make sure you have Chrome installed (a recent version, like 59)
|
||
* Make sure you have `matrix-js-sdk` and `matrix-react-sdk` installed and
|
||
built, as above
|
||
* `yarn test`
|
||
|
||
The above will run the tests under Chrome in a `headless` mode.
|
||
|
||
You can also tell karma to run the tests in a loop (every time the source
|
||
changes), in an instance of Chrome on your desktop, with `yarn
|
||
test-multi`. This also gives you the option of running the tests in 'debug'
|
||
mode, which is useful for stepping through the tests in the developer tools.
|
||
|
||
### End-to-End tests
|
||
|
||
See [matrix-react-sdk](https://github.com/matrix-org/matrix-react-sdk/#end-to-end-tests) how to run the end-to-end tests.
|
||
|
||
Translations
|
||
============
|
||
|
||
To add a new translation, head to the [translating doc](docs/translating.md).
|
||
|
||
For a developer guide, see the [translating dev doc](docs/translating-dev.md).
|
||
|
||
[<img src="https://translate.element.io/widgets/element-web/-/multi-auto.svg" alt="translationsstatus" width="340">](https://translate.element.io/engage/element-web/?utm_source=widget)
|
||
|
||
Triaging issues
|
||
===============
|
||
|
||
We strive to completely cover all applicable issues with these core labels:
|
||
|
||
1. __Type__ — Every issue is assigned a type:
|
||
* __[T-Defect](https://github.com/vector-im/element-web/labels/T-Defect):__
|
||
Bugs, crashes, hangs, vulnerabilities, or other reported problems
|
||
* __[T-Enhancement](https://github.com/vector-im/element-web/labels/T-Enhancement):__
|
||
New features, changes in functionality, performance boosts, user-facing
|
||
improvements
|
||
* __[T-Task](https://github.com/vector-im/element-web/labels/T-Task):__
|
||
Refactoring, enabling or disabling functionality, other engineering tasks
|
||
* __[T-Other](https://github.com/vector-im/element-web/labels/T-Other):__
|
||
Questions, user support, anything else
|
||
|
||
2. __Severity__ — All issues labeled `T-Defect` are also assigned a severity:
|
||
* __[S-Critical](https://github.com/vector-im/element-web/labels/S-Critical):__
|
||
Prevents work, causes data loss, affects many users, and/or has no
|
||
workaround
|
||
* __[S-Major](https://github.com/vector-im/element-web/labels/S-Major):__
|
||
Severely degrades major functionality or product features, with no
|
||
satisfactory workaround
|
||
* __[S-Minor](https://github.com/vector-im/element-web/labels/S-Minor):__
|
||
Impairs non-critical functionality, or suitable workarounds exist
|
||
* __[S-Tolerable](https://github.com/vector-im/element-web/labels/S-Tolerable):__
|
||
Purely cosmetic or low / no impact to users
|
||
|
||
3. __Prevalence__ — All issues labeled `T-Defect` are also assigned a prevalence:
|
||
* __[P-High](https://github.com/vector-im/element-web/labels/P-High):__ Affects most users regularly or impacts most users' first experience (e.g. registration)
|
||
* __[P-Medium](https://github.com/vector-im/element-web/labels/P-Medium):__ Affects some users regularly or most users rarely
|
||
* __[P-Low](https://github.com/vector-im/element-web/labels/P-Low):__ Most users are unlikely to come across this or it is a corner case
|
||
|
||
This label may also be used for other types of issues.
|
||
|
||
4. __Area__ — Most issues are assigned one or several "areas" using one of the
|
||
many `A-` prefixed labels, e.g. `A-Composer` or `A-Spaces`. Each area label
|
||
maps to a group of features or portion of the UI surface in the app.
|
||
|
||
The Priority label is now deprecated. Defects will now be classed based on their severity and prevalence:
|
||
| Labels | Equivalent priority | What it means |
|
||
| ----------- | ----------- | ----------- |
|
||
| S‑Critical and P‑High<br />S‑Critical and P‑Medium<br />S‑Major and P‑High | P1 | These issues should be worked on in this sprint or next sprint. If the backlog of issues is too long, we should reevaluate why the bugs are not caught earlier. |
|
||
| S‑Critical and P‑Low<br />S‑Major and P‑Medium<br />S‑Minor and P‑High | P2 | When all the highest priority bugs are done, this is the next set to tackle. Ideally we should be fixing a few issues from this group every week. |
|
||
| S‑Major and P‑Low<br />S‑Minor and P‑Medium<br />S‑Tolerable and P‑High | P3 | These issues are wishful thinking for now. We hope to get to them one day, but they are low priority. There are likely to be some good new contributor issues in here. |
|
||
| S‑Minor and P‑Low<br />S‑Tolerable and P‑Medium<br />S‑Minor and P‑Low | P4 and P5 | These issues are unlikely to be actively looked at by the webapp team, but may be picked up by community. |
|
||
|
||
|
||
### Other common labels
|
||
|
||
We have a handful of other labels which are added on an as-needed basis, and not expected to be exhaustive:
|
||
|
||
* __Exceptions__ — Special flags for issues and pull requests:
|
||
* __[X-Needs-Info](https://github.com/vector-im/element-web/labels/X-Needs-Info):__
|
||
This issue is blocked pending further information from the reporter
|
||
* __[X-Regression](https://github.com/vector-im/element-web/labels/X-Regression):__
|
||
Denotes things breaking which previously worked
|
||
* __[X-Release-Blocker](https://github.com/vector-im/element-web/labels/X-Release-Blocker):__
|
||
Issues which must be resolved before making a release
|
||
|
||
* __[Easy](https://github.com/vector-im/element-web/labels/Easy)__ / __[Help
|
||
Wanted](https://github.com/vector-im/element-web/labels/Help%20Wanted)__ —
|
||
Well-defined issues which are suitable for folks new to the codebase
|
||
|
||
* __[A11y](https://github.com/vector-im/element-web/labels/A11y)__ /
|
||
__[Meta](https://github.com/vector-im/element-web/labels/Meta)__ /
|
||
__[I18n](https://github.com/vector-im/element-web/labels/I18n)__ /
|
||
__[Privacy](https://github.com/vector-im/element-web/labels/Privacy)__ /
|
||
__[Security](https://github.com/vector-im/element-web/labels/Security)__ —
|
||
Issues which fall under these conceptual themes (which apply to many software
|
||
projects and are not specific to Element)
|
||
|
||
* __[Sponsored](https://github.com/vector-im/element-web/labels/Sponsored)__ —
|
||
Used internally by Element to denote issues with external funding
|
||
|
||
### Ad hoc labels (`Z-`)
|
||
|
||
We have reserved the `Z-` prefix for ad hoc labels.
|
||
|
||
Any member of the core team is welcome to create labels beginning with `Z-` for
|
||
any purpose, such as tracking personal areas of interest or providing a common
|
||
way to label cross-repo initiatives. The prefix avoids interference with the
|
||
project's main labels.
|