mirror of
https://github.com/element-hq/synapse.git
synced 2024-12-19 01:21:09 +03:00
259442fa4c
MSC3967 was updated recently to make it more robust to network failures: > there is an existing cross-signing master key and it exactly matches the cross-signing master key provided in the request body. If there are any additional keys provided in the request (self signing key, user signing key) they MUST also match the existing keys stored on the server. In other words, the request contains no new keys. If there are new keys, UIA MUST be performed. https://github.com/matrix-org/matrix-spec-proposals/blob/hughns/device-signing-upload-uia/proposals/3967-device-signing-upload-uia.md#proposal This covers the case where the 200 OK is lost in transit so the client retries the upload, only to then get UIA'd. Complement tests: https://github.com/matrix-org/complement/pull/713 - passing example https://github.com/element-hq/synapse/actions/runs/7976948122/job/21778795094?pr=16943#step:7:8820 ### Pull Request Checklist <!-- Please read https://element-hq.github.io/synapse/latest/development/contributing_guide.html before submitting your pull request --> * [x] Pull request is based on the develop branch * [x] Pull request includes a [changelog file](https://element-hq.github.io/synapse/latest/development/contributing_guide.html#changelog). The entry should: - Be a short description of your change which makes sense to users. "Fixed a bug that prevented receiving messages from other servers." instead of "Moved X method from `EventStore` to `EventWorkerStore`.". - Use markdown where necessary, mostly for `code blocks`. - End with either a period (.) or an exclamation mark (!). - Start with a capital letter. - Feel free to credit yourself, by adding a sentence "Contributed by @github_username." or "Contributed by [Your Name]." to the end of the entry. * [x] [Code style](https://element-hq.github.io/synapse/latest/code_style.html) is correct (run the [linters](https://element-hq.github.io/synapse/latest/development/contributing_guide.html#run-the-linters)) --------- Co-authored-by: reivilibre <oliverw@matrix.org>
120 lines
2.6 KiB
Django/Jinja
120 lines
2.6 KiB
Django/Jinja
{#
|
|
This file extends the default 'shared' configuration file (from the 'synapse-workers'
|
|
docker image) with Complement-specific tweak.
|
|
|
|
The base configuration is moved out of the default path to `shared-orig.yaml.j2`
|
|
in the Complement Dockerfile and below we include that original file.
|
|
#}
|
|
|
|
## Server ##
|
|
report_stats: False
|
|
trusted_key_servers: []
|
|
enable_registration: true
|
|
enable_registration_without_verification: true
|
|
bcrypt_rounds: 4
|
|
url_preview_enabled: true
|
|
url_preview_ip_range_blacklist: []
|
|
|
|
## Registration ##
|
|
|
|
# Needed by Complement to register admin users
|
|
# DO NOT USE in a production configuration! This should be a random secret.
|
|
registration_shared_secret: complement
|
|
|
|
## Federation ##
|
|
|
|
# trust certs signed by Complement's CA
|
|
federation_custom_ca_list:
|
|
- /complement/ca/ca.crt
|
|
|
|
# unblacklist RFC1918 addresses
|
|
federation_ip_range_blacklist: []
|
|
|
|
# Disable server rate-limiting
|
|
rc_federation:
|
|
window_size: 1000
|
|
sleep_limit: 10
|
|
sleep_delay: 500
|
|
reject_limit: 99999
|
|
concurrent: 3
|
|
|
|
rc_message:
|
|
per_second: 9999
|
|
burst_count: 9999
|
|
|
|
rc_registration:
|
|
per_second: 9999
|
|
burst_count: 9999
|
|
|
|
rc_login:
|
|
address:
|
|
per_second: 9999
|
|
burst_count: 9999
|
|
account:
|
|
per_second: 9999
|
|
burst_count: 9999
|
|
failed_attempts:
|
|
per_second: 9999
|
|
burst_count: 9999
|
|
|
|
rc_admin_redaction:
|
|
per_second: 9999
|
|
burst_count: 9999
|
|
|
|
rc_joins:
|
|
local:
|
|
per_second: 9999
|
|
burst_count: 9999
|
|
remote:
|
|
per_second: 9999
|
|
burst_count: 9999
|
|
|
|
rc_joins_per_room:
|
|
per_second: 9999
|
|
burst_count: 9999
|
|
|
|
rc_3pid_validation:
|
|
per_second: 1000
|
|
burst_count: 1000
|
|
|
|
rc_invites:
|
|
per_room:
|
|
per_second: 1000
|
|
burst_count: 1000
|
|
per_user:
|
|
per_second: 1000
|
|
burst_count: 1000
|
|
|
|
federation_rr_transactions_per_room_per_second: 9999
|
|
|
|
allow_device_name_lookup_over_federation: true
|
|
|
|
## Experimental Features ##
|
|
|
|
experimental_features:
|
|
# client-side support for partial state in /send_join responses
|
|
faster_joins: true
|
|
# Enable support for polls
|
|
msc3381_polls_enabled: true
|
|
# Enable deleting device-specific notification settings stored in account data
|
|
msc3890_enabled: true
|
|
# Enable removing account data support
|
|
msc3391_enabled: true
|
|
# Filtering /messages by relation type.
|
|
msc3874_enabled: true
|
|
# no UIA for x-signing upload for the first time
|
|
msc3967_enabled: true
|
|
|
|
server_notices:
|
|
system_mxid_localpart: _server
|
|
system_mxid_display_name: "Server Alert"
|
|
system_mxid_avatar_url: ""
|
|
room_name: "Server Alert"
|
|
|
|
|
|
# Disable sync cache so that initial `/sync` requests are up-to-date.
|
|
caches:
|
|
sync_response_cache_duration: 0
|
|
|
|
|
|
{% include "shared-orig.yaml.j2" %}
|