|
- #!/usr/bin/env python
- # Copyright 2014-2016 OpenMarket Ltd
- # Copyright 2019 New Vector Ltd
- #
- # Licensed under the Apache License, Version 2.0 (the "License");
- # you may not use this file except in compliance with the License.
- # You may obtain a copy of the License at
- #
- # http://www.apache.org/licenses/LICENSE-2.0
- #
- # Unless required by applicable law or agreed to in writing, software
- # distributed under the License is distributed on an "AS IS" BASIS,
- # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- # See the License for the specific language governing permissions and
- # limitations under the License.
-
- import logging
- import os
- import sys
- from typing import Iterable, Iterator
-
- from twisted.internet import reactor
- from twisted.web.resource import EncodingResourceWrapper, IResource
- from twisted.web.server import GzipEncoderFactory
- from twisted.web.static import File
-
- import synapse
- import synapse.config.logger
- from synapse import events
- from synapse.api.urls import (
- FEDERATION_PREFIX,
- LEGACY_MEDIA_PREFIX,
- MEDIA_PREFIX,
- SERVER_KEY_V2_PREFIX,
- STATIC_PREFIX,
- WEB_CLIENT_PREFIX,
- )
- from synapse.app import _base
- from synapse.app._base import listen_ssl, listen_tcp, quit_with_error, register_start
- from synapse.config._base import ConfigError
- from synapse.config.emailconfig import ThreepidBehaviour
- from synapse.config.homeserver import HomeServerConfig
- from synapse.config.server import ListenerConfig
- from synapse.federation.transport.server import TransportLayerServer
- from synapse.http.additional_resource import AdditionalResource
- from synapse.http.server import (
- OptionsResource,
- RootOptionsRedirectResource,
- RootRedirect,
- StaticResource,
- )
- from synapse.http.site import SynapseSite
- from synapse.logging.context import LoggingContext
- from synapse.metrics import METRICS_PREFIX, MetricsResource, RegistryProxy
- from synapse.python_dependencies import check_requirements
- from synapse.replication.http import REPLICATION_PREFIX, ReplicationRestResource
- from synapse.replication.tcp.resource import ReplicationStreamProtocolFactory
- from synapse.rest import ClientRestResource
- from synapse.rest.admin import AdminRestResource
- from synapse.rest.health import HealthResource
- from synapse.rest.key.v2 import KeyApiV2Resource
- from synapse.rest.synapse.client import build_synapse_client_resource_tree
- from synapse.rest.well_known import WellKnownResource
- from synapse.server import HomeServer
- from synapse.storage import DataStore
- from synapse.storage.engines import IncorrectDatabaseSetup
- from synapse.storage.prepare_database import UpgradeDatabaseException
- from synapse.util.httpresourcetree import create_resource_tree
- from synapse.util.module_loader import load_module
- from synapse.util.versionstring import get_version_string
-
- logger = logging.getLogger("synapse.app.homeserver")
-
-
- def gz_wrap(r):
- return EncodingResourceWrapper(r, [GzipEncoderFactory()])
-
-
- class SynapseHomeServer(HomeServer):
- DATASTORE_CLASS = DataStore
-
- def _listener_http(self, config: HomeServerConfig, listener_config: ListenerConfig):
- port = listener_config.port
- bind_addresses = listener_config.bind_addresses
- tls = listener_config.tls
- site_tag = listener_config.http_options.tag
- if site_tag is None:
- site_tag = str(port)
-
- # We always include a health resource.
- resources = {"/health": HealthResource()}
-
- for res in listener_config.http_options.resources:
- for name in res.names:
- if name == "openid" and "federation" in res.names:
- # Skip loading openid resource if federation is defined
- # since federation resource will include openid
- continue
- resources.update(self._configure_named_resource(name, res.compress))
-
- additional_resources = listener_config.http_options.additional_resources
- logger.debug("Configuring additional resources: %r", additional_resources)
- module_api = self.get_module_api()
- for path, resmodule in additional_resources.items():
- handler_cls, config = load_module(
- resmodule,
- ("listeners", site_tag, "additional_resources", "<%s>" % (path,)),
- )
- handler = handler_cls(config, module_api)
- if IResource.providedBy(handler):
- resource = handler
- elif hasattr(handler, "handle_request"):
- resource = AdditionalResource(self, handler.handle_request)
- else:
- raise ConfigError(
- "additional_resource %s does not implement a known interface"
- % (resmodule["module"],)
- )
- resources[path] = resource
-
- # try to find something useful to redirect '/' to
- if WEB_CLIENT_PREFIX in resources:
- root_resource = RootOptionsRedirectResource(WEB_CLIENT_PREFIX)
- elif STATIC_PREFIX in resources:
- root_resource = RootOptionsRedirectResource(STATIC_PREFIX)
- else:
- root_resource = OptionsResource()
-
- root_resource = create_resource_tree(resources, root_resource)
-
- if tls:
- ports = listen_ssl(
- bind_addresses,
- port,
- SynapseSite(
- "synapse.access.https.%s" % (site_tag,),
- site_tag,
- listener_config,
- root_resource,
- self.version_string,
- ),
- self.tls_server_context_factory,
- reactor=self.get_reactor(),
- )
- logger.info("Synapse now listening on TCP port %d (TLS)", port)
-
- else:
- ports = listen_tcp(
- bind_addresses,
- port,
- SynapseSite(
- "synapse.access.http.%s" % (site_tag,),
- site_tag,
- listener_config,
- root_resource,
- self.version_string,
- ),
- reactor=self.get_reactor(),
- )
- logger.info("Synapse now listening on TCP port %d", port)
-
- return ports
-
- def _configure_named_resource(self, name, compress=False):
- """Build a resource map for a named resource
-
- Args:
- name (str): named resource: one of "client", "federation", etc
- compress (bool): whether to enable gzip compression for this
- resource
-
- Returns:
- dict[str, Resource]: map from path to HTTP resource
- """
- resources = {}
- if name == "client":
- client_resource = ClientRestResource(self)
- if compress:
- client_resource = gz_wrap(client_resource)
-
- resources.update(
- {
- "/_matrix/client/api/v1": client_resource,
- "/_matrix/client/r0": client_resource,
- "/_matrix/client/unstable": client_resource,
- "/_matrix/client/v2_alpha": client_resource,
- "/_matrix/client/versions": client_resource,
- "/.well-known/matrix/client": WellKnownResource(self),
- "/_synapse/admin": AdminRestResource(self),
- **build_synapse_client_resource_tree(self),
- }
- )
-
- if self.get_config().threepid_behaviour_email == ThreepidBehaviour.LOCAL:
- from synapse.rest.synapse.client.password_reset import (
- PasswordResetSubmitTokenResource,
- )
-
- resources[
- "/_synapse/client/password_reset/email/submit_token"
- ] = PasswordResetSubmitTokenResource(self)
-
- if name == "consent":
- from synapse.rest.consent.consent_resource import ConsentResource
-
- consent_resource = ConsentResource(self)
- if compress:
- consent_resource = gz_wrap(consent_resource)
- resources.update({"/_matrix/consent": consent_resource})
-
- if name == "federation":
- resources.update({FEDERATION_PREFIX: TransportLayerServer(self)})
-
- if name == "openid":
- resources.update(
- {
- FEDERATION_PREFIX: TransportLayerServer(
- self, servlet_groups=["openid"]
- )
- }
- )
-
- if name in ["static", "client"]:
- resources.update(
- {
- STATIC_PREFIX: StaticResource(
- os.path.join(os.path.dirname(synapse.__file__), "static")
- )
- }
- )
-
- if name in ["media", "federation", "client"]:
- if self.get_config().enable_media_repo:
- media_repo = self.get_media_repository_resource()
- resources.update(
- {MEDIA_PREFIX: media_repo, LEGACY_MEDIA_PREFIX: media_repo}
- )
- elif name == "media":
- raise ConfigError(
- "'media' resource conflicts with enable_media_repo=False"
- )
-
- if name in ["keys", "federation"]:
- resources[SERVER_KEY_V2_PREFIX] = KeyApiV2Resource(self)
-
- if name == "webclient":
- webclient_loc = self.get_config().web_client_location
-
- if webclient_loc is None:
- logger.warning(
- "Not enabling webclient resource, as web_client_location is unset."
- )
- elif webclient_loc.startswith("http://") or webclient_loc.startswith(
- "https://"
- ):
- resources[WEB_CLIENT_PREFIX] = RootRedirect(webclient_loc)
- else:
- logger.warning(
- "Running webclient on the same domain is not recommended: "
- "https://github.com/matrix-org/synapse#security-note - "
- "after you move webclient to different host you can set "
- "web_client_location to its full URL to enable redirection."
- )
- # GZip is disabled here due to
- # https://twistedmatrix.com/trac/ticket/7678
- resources[WEB_CLIENT_PREFIX] = File(webclient_loc)
-
- if name == "metrics" and self.get_config().enable_metrics:
- resources[METRICS_PREFIX] = MetricsResource(RegistryProxy)
-
- if name == "replication":
- resources[REPLICATION_PREFIX] = ReplicationRestResource(self)
-
- return resources
-
- def start_listening(self, listeners: Iterable[ListenerConfig]):
- config = self.get_config()
-
- if config.redis_enabled:
- # If redis is enabled we connect via the replication command handler
- # in the same way as the workers (since we're effectively a client
- # rather than a server).
- self.get_tcp_replication().start_replication(self)
-
- for listener in listeners:
- if listener.type == "http":
- self._listening_services.extend(self._listener_http(config, listener))
- elif listener.type == "manhole":
- _base.listen_manhole(
- listener.bind_addresses, listener.port, manhole_globals={"hs": self}
- )
- elif listener.type == "replication":
- services = listen_tcp(
- listener.bind_addresses,
- listener.port,
- ReplicationStreamProtocolFactory(self),
- )
- for s in services:
- reactor.addSystemEventTrigger("before", "shutdown", s.stopListening)
- elif listener.type == "metrics":
- if not self.get_config().enable_metrics:
- logger.warning(
- (
- "Metrics listener configured, but "
- "enable_metrics is not True!"
- )
- )
- else:
- _base.listen_metrics(listener.bind_addresses, listener.port)
- else:
- # this shouldn't happen, as the listener type should have been checked
- # during parsing
- logger.warning("Unrecognized listener type: %s", listener.type)
-
-
- def setup(config_options):
- """
- Args:
- config_options_options: The options passed to Synapse. Usually
- `sys.argv[1:]`.
-
- Returns:
- HomeServer
- """
- try:
- config = HomeServerConfig.load_or_generate_config(
- "Synapse Homeserver", config_options
- )
- except ConfigError as e:
- sys.stderr.write("\n")
- for f in format_config_error(e):
- sys.stderr.write(f)
- sys.stderr.write("\n")
- sys.exit(1)
-
- if not config:
- # If a config isn't returned, and an exception isn't raised, we're just
- # generating config files and shouldn't try to continue.
- sys.exit(0)
-
- events.USE_FROZEN_DICTS = config.use_frozen_dicts
-
- hs = SynapseHomeServer(
- config.server_name,
- config=config,
- version_string="Synapse/" + get_version_string(synapse),
- )
-
- synapse.config.logger.setup_logging(hs, config, use_worker_options=False)
-
- logger.info("Setting up server")
-
- try:
- hs.setup()
- except IncorrectDatabaseSetup as e:
- quit_with_error(str(e))
- except UpgradeDatabaseException as e:
- quit_with_error("Failed to upgrade database: %s" % (e,))
-
- async def do_acme() -> bool:
- """
- Reprovision an ACME certificate, if it's required.
-
- Returns:
- Whether the cert has been updated.
- """
- acme = hs.get_acme_handler()
-
- # Check how long the certificate is active for.
- cert_days_remaining = hs.config.is_disk_cert_valid(allow_self_signed=False)
-
- # We want to reprovision if cert_days_remaining is None (meaning no
- # certificate exists), or the days remaining number it returns
- # is less than our re-registration threshold.
- provision = False
-
- if (
- cert_days_remaining is None
- or cert_days_remaining < hs.config.acme_reprovision_threshold
- ):
- provision = True
-
- if provision:
- await acme.provision_certificate()
-
- return provision
-
- async def reprovision_acme():
- """
- Provision a certificate from ACME, if required, and reload the TLS
- certificate if it's renewed.
- """
- reprovisioned = await do_acme()
- if reprovisioned:
- _base.refresh_certificate(hs)
-
- async def start():
- # Run the ACME provisioning code, if it's enabled.
- if hs.config.acme_enabled:
- acme = hs.get_acme_handler()
- # Start up the webservices which we will respond to ACME
- # challenges with, and then provision.
- await acme.start_listening()
- await do_acme()
-
- # Check if it needs to be reprovisioned every day.
- hs.get_clock().looping_call(reprovision_acme, 24 * 60 * 60 * 1000)
-
- # Load the OIDC provider metadatas, if OIDC is enabled.
- if hs.config.oidc_enabled:
- oidc = hs.get_oidc_handler()
- # Loading the provider metadata also ensures the provider config is valid.
- await oidc.load_metadata()
-
- await _base.start(hs, config.listeners)
-
- hs.get_datastore().db_pool.updates.start_doing_background_updates()
-
- register_start(start)
-
- return hs
-
-
- def format_config_error(e: ConfigError) -> Iterator[str]:
- """
- Formats a config error neatly
-
- The idea is to format the immediate error, plus the "causes" of those errors,
- hopefully in a way that makes sense to the user. For example:
-
- Error in configuration at 'oidc_config.user_mapping_provider.config.display_name_template':
- Failed to parse config for module 'JinjaOidcMappingProvider':
- invalid jinja template:
- unexpected end of template, expected 'end of print statement'.
-
- Args:
- e: the error to be formatted
-
- Returns: An iterator which yields string fragments to be formatted
- """
- yield "Error in configuration"
-
- if e.path:
- yield " at '%s'" % (".".join(e.path),)
-
- yield ":\n %s" % (e.msg,)
-
- e = e.__cause__
- indent = 1
- while e:
- indent += 1
- yield ":\n%s%s" % (" " * indent, str(e))
- e = e.__cause__
-
-
- def run(hs):
- PROFILE_SYNAPSE = False
- if PROFILE_SYNAPSE:
-
- def profile(func):
- from cProfile import Profile
- from threading import current_thread
-
- def profiled(*args, **kargs):
- profile = Profile()
- profile.enable()
- func(*args, **kargs)
- profile.disable()
- ident = current_thread().ident
- profile.dump_stats(
- "/tmp/%s.%s.%i.pstat" % (hs.hostname, func.__name__, ident)
- )
-
- return profiled
-
- from twisted.python.threadpool import ThreadPool
-
- ThreadPool._worker = profile(ThreadPool._worker)
- reactor.run = profile(reactor.run)
-
- _base.start_reactor(
- "synapse-homeserver",
- soft_file_limit=hs.config.soft_file_limit,
- gc_thresholds=hs.config.gc_thresholds,
- pid_file=hs.config.pid_file,
- daemonize=hs.config.daemonize,
- print_pidfile=hs.config.print_pidfile,
- logger=logger,
- )
-
-
- def main():
- with LoggingContext("main"):
- # check base requirements
- check_requirements()
- hs = setup(sys.argv[1:])
- run(hs)
-
-
- if __name__ == "__main__":
- main()
|
