Skip to content
This repository was archived by the owner on Nov 25, 2024. It is now read-only.

Commit 6cd1285

Browse files
eyedeekayeyedeekayS7evinK
authored
Adds support for listening on and connecting to I2P and Onion services securely (#3293)
This PR adds 2 `dendrite-demo` main's, each designed expressly to serve a Hidden Service/Overlay network. The first, `dendrite-demo-i2p` add self-configuration for use of dendrite as an I2P hidden service(eepsite) and to connect to I2P services(federate) as an I2P client. It further disables the `dendrite` server from communicating with non-anonymous servers by federation(because I2P does not canonically have the ability to exit, we rely on donors for exit traffic), and enables the use of self-signed TLS certificates([because I2P services are self-authenticating but TLS is still required for other aspects of the system to work reliably](https://tor.stackexchange.com/questions/13887/registering-onion-with-certificate-authority)). This demo turns the system into an "pseudonymous" homeserver which people can connect to using an I2P-enabled Matrix client(I like `cinny` and it's what I tested with). The second, `dendrite-demo-tor` adds self-configuration for the use of dendrite as an Onion service and to connect to other onion services and non-anonymous web sites using Tor to obfuscate it's physical location and providing, optionally, pseudonymity. It also enables the use of self-signed TLS certificates, for the same reason as with I2P, because onion services aren't typically eligible for TLS certificates. It has also been tested with `cinny`. These services are both pseudonymous like myself, not anonymous. I will be meeting members of the element team at the CCC assembly shortly to discuss contributing under my pseudonym. As none of the other `dendrite-demo` have unit tests I did not add them to these checkins. * [*] I have added Go unit tests or [Complement integration tests](https://github.com/matrix-org/complement) for this PR _or_ I have justified why this PR doesn't need tests --------- Co-authored-by: eyedeekay <idk@mulder> Co-authored-by: Till Faelligen <[email protected]>
1 parent df770da commit 6cd1285

File tree

11 files changed

+1093
-19
lines changed

11 files changed

+1093
-19
lines changed

contrib/dendrite-demo-i2p/main.go

+185
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,185 @@
1+
// Copyright 2017 Vector Creations Ltd
2+
//
3+
// Licensed under the Apache License, Version 2.0 (the "License");
4+
// you may not use this file except in compliance with the License.
5+
// You may obtain a copy of the License at
6+
//
7+
// http://www.apache.org/licenses/LICENSE-2.0
8+
//
9+
// Unless required by applicable law or agreed to in writing, software
10+
// distributed under the License is distributed on an "AS IS" BASIS,
11+
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12+
// See the License for the specific language governing permissions and
13+
// limitations under the License.
14+
15+
package main
16+
17+
import (
18+
"flag"
19+
"os"
20+
"time"
21+
22+
"github.com/getsentry/sentry-go"
23+
"github.com/matrix-org/dendrite/internal"
24+
"github.com/matrix-org/dendrite/internal/caching"
25+
"github.com/matrix-org/dendrite/internal/httputil"
26+
"github.com/matrix-org/dendrite/internal/sqlutil"
27+
"github.com/matrix-org/dendrite/setup/jetstream"
28+
"github.com/matrix-org/dendrite/setup/process"
29+
"github.com/matrix-org/gomatrixserverlib/fclient"
30+
"github.com/prometheus/client_golang/prometheus"
31+
"github.com/sirupsen/logrus"
32+
33+
"github.com/matrix-org/dendrite/appservice"
34+
"github.com/matrix-org/dendrite/federationapi"
35+
"github.com/matrix-org/dendrite/roomserver"
36+
"github.com/matrix-org/dendrite/setup"
37+
basepkg "github.com/matrix-org/dendrite/setup/base"
38+
"github.com/matrix-org/dendrite/setup/config"
39+
"github.com/matrix-org/dendrite/setup/mscs"
40+
"github.com/matrix-org/dendrite/userapi"
41+
)
42+
43+
var (
44+
samAddr = flag.String("samaddr", "127.0.0.1:7656", "Address to connect to the I2P SAMv3 API")
45+
_, skip = os.LookupEnv("CI")
46+
)
47+
48+
func main() {
49+
cfg := setup.ParseFlags(true)
50+
if skip {
51+
return
52+
}
53+
54+
configErrors := &config.ConfigErrors{}
55+
cfg.Verify(configErrors)
56+
if len(*configErrors) > 0 {
57+
for _, err := range *configErrors {
58+
logrus.Errorf("Configuration error: %s", err)
59+
}
60+
logrus.Fatalf("Failed to start due to configuration errors")
61+
}
62+
processCtx := process.NewProcessContext()
63+
64+
internal.SetupStdLogging()
65+
internal.SetupHookLogging(cfg.Logging)
66+
internal.SetupPprof()
67+
68+
basepkg.PlatformSanityChecks()
69+
70+
logrus.Infof("Dendrite version %s", internal.VersionString())
71+
if !cfg.ClientAPI.RegistrationDisabled && cfg.ClientAPI.OpenRegistrationWithoutVerificationEnabled {
72+
logrus.Warn("Open registration is enabled")
73+
}
74+
75+
// create DNS cache
76+
var dnsCache *fclient.DNSCache
77+
if cfg.Global.DNSCache.Enabled {
78+
dnsCache = fclient.NewDNSCache(
79+
cfg.Global.DNSCache.CacheSize,
80+
cfg.Global.DNSCache.CacheLifetime,
81+
)
82+
logrus.Infof(
83+
"DNS cache enabled (size %d, lifetime %s)",
84+
cfg.Global.DNSCache.CacheSize,
85+
cfg.Global.DNSCache.CacheLifetime,
86+
)
87+
}
88+
89+
// setup tracing
90+
closer, err := cfg.SetupTracing()
91+
if err != nil {
92+
logrus.WithError(err).Panicf("failed to start opentracing")
93+
}
94+
defer closer.Close() // nolint: errcheck
95+
96+
// setup sentry
97+
if cfg.Global.Sentry.Enabled {
98+
logrus.Info("Setting up Sentry for debugging...")
99+
err = sentry.Init(sentry.ClientOptions{
100+
Dsn: cfg.Global.Sentry.DSN,
101+
Environment: cfg.Global.Sentry.Environment,
102+
Debug: true,
103+
ServerName: string(cfg.Global.ServerName),
104+
Release: "dendrite@" + internal.VersionString(),
105+
AttachStacktrace: true,
106+
})
107+
if err != nil {
108+
logrus.WithError(err).Panic("failed to start Sentry")
109+
}
110+
go func() {
111+
processCtx.ComponentStarted()
112+
<-processCtx.WaitForShutdown()
113+
if !sentry.Flush(time.Second * 5) {
114+
logrus.Warnf("failed to flush all Sentry events!")
115+
}
116+
processCtx.ComponentFinished()
117+
}()
118+
}
119+
120+
federationClient := basepkg.CreateFederationClient(cfg, dnsCache)
121+
httpClient := basepkg.CreateClient(cfg, dnsCache)
122+
123+
// prepare required dependencies
124+
cm := sqlutil.NewConnectionManager(processCtx, cfg.Global.DatabaseOptions)
125+
routers := httputil.NewRouters()
126+
127+
caches := caching.NewRistrettoCache(cfg.Global.Cache.EstimatedMaxSize, cfg.Global.Cache.MaxAge, caching.EnableMetrics)
128+
natsInstance := jetstream.NATSInstance{}
129+
rsAPI := roomserver.NewInternalAPI(processCtx, cfg, cm, &natsInstance, caches, caching.EnableMetrics)
130+
fsAPI := federationapi.NewInternalAPI(
131+
processCtx, cfg, cm, &natsInstance, federationClient, rsAPI, caches, nil, false,
132+
)
133+
134+
keyRing := fsAPI.KeyRing()
135+
136+
// The underlying roomserver implementation needs to be able to call the fedsender.
137+
// This is different to rsAPI which can be the http client which doesn't need this
138+
// dependency. Other components also need updating after their dependencies are up.
139+
rsAPI.SetFederationAPI(fsAPI, keyRing)
140+
141+
userAPI := userapi.NewInternalAPI(processCtx, cfg, cm, &natsInstance, rsAPI, federationClient, caching.EnableMetrics, fsAPI.IsBlacklistedOrBackingOff)
142+
asAPI := appservice.NewInternalAPI(processCtx, cfg, &natsInstance, userAPI, rsAPI)
143+
144+
rsAPI.SetAppserviceAPI(asAPI)
145+
rsAPI.SetUserAPI(userAPI)
146+
147+
monolith := setup.Monolith{
148+
Config: cfg,
149+
Client: httpClient,
150+
FedClient: federationClient,
151+
KeyRing: keyRing,
152+
153+
AppserviceAPI: asAPI,
154+
// always use the concrete impl here even in -http mode because adding public routes
155+
// must be done on the concrete impl not an HTTP client else fedapi will call itself
156+
FederationAPI: fsAPI,
157+
RoomserverAPI: rsAPI,
158+
UserAPI: userAPI,
159+
}
160+
monolith.AddAllPublicRoutes(processCtx, cfg, routers, cm, &natsInstance, caches, caching.EnableMetrics)
161+
162+
if len(cfg.MSCs.MSCs) > 0 {
163+
if err := mscs.Enable(cfg, cm, routers, &monolith, caches); err != nil {
164+
logrus.WithError(err).Fatalf("Failed to enable MSCs")
165+
}
166+
}
167+
168+
upCounter := prometheus.NewCounter(prometheus.CounterOpts{
169+
Namespace: "dendrite",
170+
Name: "up",
171+
ConstLabels: map[string]string{
172+
"version": internal.VersionString(),
173+
},
174+
})
175+
upCounter.Add(1)
176+
prometheus.MustRegister(upCounter)
177+
178+
// Expose the matrix APIs directly rather than putting them under a /api path.
179+
go func() {
180+
SetupAndServeHTTPS(processCtx, cfg, routers) //, httpsAddr, nil, nil)
181+
}()
182+
183+
// We want to block forever to let the HTTP and HTTPS handler serve the APIs
184+
basepkg.WaitForShutdown(processCtx)
185+
}

0 commit comments

Comments
 (0)