Reset repository content

matrixgw_backend/.gitignore

@@ -0,0 +1,3 @@
+storage
+.idea
+target

matrixgw_backend/Cargo.toml

@@ -0,0 +1,6 @@
+[package]
+name = "matrixgw_backend"
+version = "0.1.0"
+edition = "2024"
+
+[dependencies]

matrixgw_backend/Dockerfile

@@ -0,0 +1,10 @@
+FROM debian:bookworm-slim
+
+RUN apt-get update \
+  && apt-get install -y libssl3 \
+  && rm -rf /var/lib/apt/lists/*
+
+COPY matrix_gateway /usr/local/bin/matrix_gateway
+
+ENTRYPOINT ["/usr/local/bin/matrix_gateway"]
+

matrixgw_backend/docker-compose.yml

@@ -0,0 +1,107 @@
+services:
+  mas:
+    image: ghcr.io/element-hq/matrix-authentication-service:main
+    user: "1000"
+    restart: unless-stopped
+    depends_on:
+      - masdb
+    volumes:
+      - ./docker/mas:/config:ro
+    command: server -c /config/config.yaml
+    ports:
+      - "8778:8778/tcp"
+
+  mas_create_admin1:
+    image: ghcr.io/element-hq/matrix-authentication-service:main
+    user: "1000"
+    restart: no
+    profiles: ["create-accounts"]
+    depends_on:
+      - mas
+    volumes:
+      - ./docker/mas:/config:ro
+    command: |
+      manage register-user -c /config/config.yaml -y --ignore-password-complexity 
+      -p admin1 -e admin1@admin1.local --admin -d "Admin One" admin1
+
+  mas_create_user1:
+    image: ghcr.io/element-hq/matrix-authentication-service:main
+    user: "1000"
+    restart: no
+    profiles: ["create-accounts"]
+    depends_on:
+      - mas
+    volumes:
+      - ./docker/mas:/config:ro
+    command: |
+      manage register-user -c /config/config.yaml -y --ignore-password-complexity 
+      -p user1 -e user1@user1.local -d "User One" user1
+
+  synapse:
+    image: docker.io/matrixdotorg/synapse:latest
+    user: "1000"
+    # Since synapse does not retry to connect to the database, restart upon
+    # failure
+    restart: unless-stopped
+    # See the readme for a full documentation of the environment settings
+    # NOTE: You must edit homeserver.yaml to use postgres, it defaults to sqlite
+    environment:
+      - SYNAPSE_CONFIG_PATH=/config/homeserver.yaml
+    volumes:
+      # You may either store all the files in a local folder
+      - ./storage/synapse:/data
+      - ./docker/synapse:/config:ro
+      # .. or you may split this between different storage points
+      # - ./files:/data
+      # - /path/to/ssd:/data/uploads
+      # - /path/to/large_hdd:/data/media
+    # In order to expose Synapse, remove one of the following, you might for
+    # instance expose the TLS port directly:
+    ports:
+      - "8448:8448/tcp"
+
+  masdb:
+    image: docker.io/postgres:18-alpine
+    user: "1000"
+    environment:
+      - POSTGRES_DB=masdb
+      - POSTGRES_USER=masdb
+      - POSTGRES_PASSWORD=changeme
+      # ensure the database gets created correctly
+      # https://element-hq.github.io/synapse/latest/postgres.html#set-up-database
+      - POSTGRES_INITDB_ARGS=--encoding=UTF-8 --lc-collate=C --lc-ctype=C
+      - PGDATA=/data
+    volumes:
+      # You may store the database tables in a local folder..
+      - ./storage/maspostgres:/data
+      # .. or store them on some high performance storage for better results
+      # - /path/to/ssd/storage:/var/lib/postgresql/data
+
+  element:
+    image: docker.io/vectorim/element-web
+    ports:
+      - 8080:80/tcp
+    volumes:
+      - ./docker/element/config.json:/app/config.json:ro
+
+  minio:
+    image: quay.io/minio/minio
+    command: minio server --console-address ":9002" /data
+    ports:
+      - 9000:9000/tcp
+      - 9002:9002/tcp
+    environment:
+      MINIO_ROOT_USER: minioadmin
+      MINIO_ROOT_PASSWORD: minioadmin
+    volumes:
+      # You may store the database tables in a local folder..
+      - ./storage/minio:/data
+
+  redis:
+    image: redis:alpine
+    command: redis-server --requirepass ${REDIS_PASS:-secretredis}
+    ports:
+      - 6379:6379
+    volumes:
+      - ./storage/redis-data:/data
+      - ./storage/redis-conf:/usr/local/etc/redis/redis.conf

matrixgw_backend/docker/element/config.json

@@ -0,0 +1,49 @@
+{
+    "default_server_config": {
+        "m.homeserver": {
+            "base_url": "http://localhost:8448",
+            "server_name": "devserver"
+        },
+        "m.identity_server": {
+            "base_url": "https://vector.im"
+        }
+    },
+    "disable_custom_urls": false,
+    "disable_guests": false,
+    "disable_login_language_selector": false,
+    "disable_3pid_login": false,
+    "brand": "Element",
+    "integrations_ui_url": "https://scalar.vector.im/",
+    "integrations_rest_url": "https://scalar.vector.im/api",
+    "integrations_widgets_urls": [
+        "https://scalar.vector.im/_matrix/integrations/v1",
+        "https://scalar.vector.im/api",
+        "https://scalar-staging.vector.im/_matrix/integrations/v1",
+        "https://scalar-staging.vector.im/api",
+        "https://scalar-staging.riot.im/scalar/api"
+    ],
+    "default_country_code": "GB",
+    "show_labs_settings": false,
+    "features": {},
+    "default_federate": true,
+    "default_theme": "light",
+    "room_directory": {
+        "servers": ["matrix.org"]
+    },
+    "enable_presence_by_hs_url": {
+        "https://matrix.org": false,
+        "https://matrix-client.matrix.org": false
+    },
+    "setting_defaults": {
+        "breadcrumbs": true
+    },
+    "jitsi": {
+        "preferred_domain": "meet.element.io"
+    },
+    "element_call": {
+        "url": "https://call.element.io",
+        "participant_limit": 8,
+        "brand": "Element Call"
+    },
+    "map_style_url": "https://api.maptiler.com/maps/streets/style.json?key=fU3vlMsMn4Jb6dnEIFsx"
+}

matrixgw_backend/docker/mas/config.yaml

@@ -0,0 +1,113 @@
+http:
+  listeners:
+  - name: web
+    resources:
+    - name: discovery
+    - name: human
+    - name: oauth
+    - name: compat
+    - name: graphql
+    - name: assets
+    binds:
+    - address: '[::]:8778'
+    proxy_protocol: false
+  - name: internal
+    resources:
+    - name: health
+    binds:
+    - host: localhost
+      port: 8081
+    proxy_protocol: false
+  trusted_proxies:
+  - 192.168.0.0/16
+  - 172.16.0.0/12
+  - 10.0.0.0/10
+  - 127.0.0.1/8
+  - fd00::/8
+  - ::1/128
+  public_base: http://localhost:8778/
+  issuer: http://localhost:8778/
+database:
+  uri: postgresql://masdb:changeme@masdb/masdb
+  max_connections: 10
+  min_connections: 0
+  connect_timeout: 30
+  idle_timeout: 600
+  max_lifetime: 1800
+email:
+  from: '"Authentication Service" <root@localhost>'
+  reply_to: '"Authentication Service" <root@localhost>'
+  transport: blackhole
+secrets:
+  encryption: 12de9ad7bc2bacfa2ab9b1e3f7f1b3feb802195c8ebe66a8293cdb27f00be471
+  keys:
+  - kid: Bj2PICQ7mf
+    key: |
+      -----BEGIN RSA PRIVATE KEY-----
+      MIIEogIBAAKCAQEAsCYCrrCJA7IuGbTYzP5yZN74QszbzudBUCX6MyN/+36HO2r6
+      xL8x1PRJ+Klx9Y90J9pWuo+cIuEmFLqO+Yfblo9fSQgZVvkWAFpO6Xh8J4z9qg49
+      M8xm0Ct8EnRDZDCEOBnwoDaAB9RTbpJGa1RPVCiamfi+xU+j47Zl4Er5jvLm81O7
+      DSlH9eK8Eih8AxuKTkAbKE1zyXquImE26Mj2dmMRfjDrWV/I8oqE3WFViAKR12Av
+      zw6TUyduiz8nK9pONCF3NIcQvBdHntBz1HlDXv6i0fRvlGIhjNL5LBgo6XQ3rNM1
+      bW2KYOw/iFP0YbfD4/xRjkBPvK2coQ8aRzK2VwIDAQABAoH/G4XU5Xav8ePlUB7x
+      wRYAycINCGL59Vos2lkUvujNFn6uopoUlKlLH/sLk87l/3hqrc9vvbayrsB/Mr3z
+      mQmhReUg/khFrVE+Hs/9hH1O6N8ew3N2HKHTbrNcr4V7AiySfDGRZ3ccihyi7KPu
+      XNbPjlbJ0UUMicfn06ysPl94nt0So0UAmXg+c7sDDqyzh3cY8emedYZ5FCljo/jA
+      F8k40rs7CywLJYMJB9O1vtomgt1xkDRO4F8UrZrriMIcYn0iFKe7i4AH8D6nkgNu
+      /v9Z43Leu8yRKrUvbpH3NaX8DlUSFWAXKpwUWr4sAQgWcLkVgjAXG1v9jCE97qW2
+      f0nBAoGBAOaKrnY5rWeZ74dERnPhSCsYiqRMneQAh7eJR+Er+xu1yF/bxwkhq2tK
+      /txheTK448DqhQRtr095t/v7TMZcPl3bSmybT1CQg/wiMJsgDMZqlC9tofvcq6uz
+      xP8vxMFHd0YSMSP693dkny4MzNY6LuoVWDLT+HxKPJyzGs1alruzAoGBAMOZp5J2
+      3ODcHQlcsGBtj1yVpQ4UXMvrSZF2ygiGK9bagL/f1iAtwACVOh5rgmbiOLSVgmR2
+      n4nupTgSAXMYkjmAmDyEh0PDaRl4WWvYEKp8GMvTPVPvjc6N0dT+y8Mf9bu+LcEt
+      +uZqPOZNbO5Vi+UgGeM9zZpxq/K7dpJmM/jNAoGBALsYHRGxKTsEwFEkZZCxaWIg
+      HpPL4e8hRwL6FC13BeitFBpHQDX27yi5yi+Lo1I4ngz3xk+bvERhYaDLhrkML0j4
+      KGQPfsTBI3vBO3UJA5Ua9XuwG19M7L0BvYPjfmfk2bUyGlM63w4zyMMUfD/3JA+w
+      ls1ZHTWxAZOh/sRdGirlAoGAX16B1+XgmDp6ZeAtlzaUGd5U1eKTxFF6U1SJ+VIB
+      +gYblHI84v+riB06cy6ULDnM0C+9neJAs24KXKZa0pV+Zk8O6yLrGN0kV2jYoL5+
+      kcFkDa13T3+TssxvLNz22LKyi9GUWYZjuQi/nMLPg/1t8k+Oj7/Iia822WkRzRvL
+      51kCgYEAwrN5Us8LR+fThm3C0vhvwv2wap6ccw0qq5+FTN+igAZAmmvKKvhow2Vi
+      LnPKBkc7QvxvQSNoXkdUo4qs3zOQ7DGvJLqSG9pwxFW5X1+78pNEm5OWe8AlT1uZ
+      Jz8Z1/Ae7fr/fFaucW9LkWjcuoPwPLiZ3b7ZQ6phs8qzoL+FpBI=
+      -----END RSA PRIVATE KEY-----
+  - kid: HcRvLHat12
+    key: |
+      -----BEGIN EC PRIVATE KEY-----
+      MHcCAQEEIOCCFSnkfz1ksln6kus8enQstBTu0q62IGJVzuX0WiXPoAoGCCqGSM49
+      AwEHoUQDQgAEVWPLbvSdxquLAjU3zJLcCWdaxr6QK1tPVbV1IS+87QUMv/zKiCMa
+      fNpwgBXwU7dF0gY507R2yY9pcdTmRtnRug==
+      -----END EC PRIVATE KEY-----
+  - kid: YjMITk5VSn
+    key: |
+      -----BEGIN EC PRIVATE KEY-----
+      MIGkAgEBBDCoPSjaN7qqnPz+vdzHeIy8RZCCtFOqLTkvylM1gz6xOGaVsS63VJw9
+      Td9BtpolZ0egBwYFK4EEACKhZANiAAT8tH88HYBHNiQTSqZzlxElSuSDC0+Xn0O9
+      ukj0xTTVBp8rUM9lCJQAlB8PjS2XK/n0YvYdzysQb3AYqszJa45/rOGvSar30YNE
+      gwpJvu36xNIKZT+nHalNwg069FdjNBc=
+      -----END EC PRIVATE KEY-----
+  - kid: NvFzzeMRU3
+    key: |
+      -----BEGIN EC PRIVATE KEY-----
+      MHQCAQEEILJEmFPDGFZoBVBQf1P6h4YfasYsFiu8a6FrFxiJvKXPoAcGBSuBBAAK
+      oUQDQgAE4NY5H3+D8r9GNOhrpbUn2dvLZIzi4A+SiwfqvtvPEmZkW+KDbd2tzKmx
+      maydZBn52QWedVY65snGAEoh9mV1TQ==
+      -----END EC PRIVATE KEY-----
+passwords:
+  enabled: true
+  schemes:
+  - version: 1
+    algorithm: argon2id
+  minimum_complexity: 0
+account:
+  password_registration_enabled: true
+  password_registration_email_required: false
+matrix:
+  kind: synapse
+  homeserver: localhost
+  secret: IhKoLn6jWf1qRRZWvqgaKuIdwD6H0Mvx
+  endpoint: http://synapse:8448/
+
+policy:
+  data:
+    client_registration:
+      allow_insecure_uris: true

matrixgw_backend/docker/synapse/homeserver.yaml

@@ -0,0 +1,41 @@
+# Configuration file for Synapse.
+#
+# This is a YAML file: see [1] for a quick introduction. Note in particular
+# that *indentation is important*: all the elements of a list or dictionary
+# should have the same indentation.
+#
+# [1] https://docs.ansible.com/ansible/latest/reference_appendices/YAMLSyntax.html
+#
+# For more information on how to configure Synapse, including a complete accounting of
+# each option, go to docs/usage/configuration/config_documentation.md or
+# https://element-hq.github.io/synapse/latest/usage/configuration/config_documentation.html
+server_name: "localhost"
+pid_file: /data/homeserver.pid
+listeners:
+  - port: 8448
+    tls: false
+    type: http
+    x_forwarded: true
+    resources:
+      - names: [client, federation]
+        compress: false
+database:
+  name: sqlite3
+  args:
+    database: /data/homeserver.db
+log_config: "/config/localhost.log.config"
+media_store_path: /data/media_store
+registration_shared_secret: "+oJd9zgvkQpXN-tt;95Wy,AFAdRH+FSTg&LxUXh6ZSvwMJHT;h"
+report_stats: false
+macaroon_secret_key: "d@ck1QkQLxlRg^aB#c#oZeII.oxOS6E2DX;YobP^Vm#iB5pQpd"
+form_secret: "P.uleBJUYc6AM.UOrFF1q7OKH2N5T*Ae2;fGh46;vIHLIQ#JBP"
+signing_key_path: "/config/localhost.signing.key"
+trusted_key_servers:
+  - server_name: "matrix.org"
+# vim:ft=yaml
+matrix_authentication_service:
+  enabled: true
+  endpoint: http://mas:8778/
+  secret: "IhKoLn6jWf1qRRZWvqgaKuIdwD6H0Mvx"
+  # Alternatively, using a file:
+  #secret_file: /path/to/secret.txt

matrixgw_backend/docker/synapse/localhost.log.config

@@ -0,0 +1,39 @@
+version: 1
+
+formatters:
+  precise:
+    
+    format: '%(asctime)s - %(name)s - %(lineno)d - %(levelname)s - %(request)s - %(message)s'
+    
+
+handlers:
+
+
+  console:
+    class: logging.StreamHandler
+    formatter: precise
+
+loggers:
+    # This is just here so we can leave `loggers` in the config regardless of whether
+    # we configure other loggers below (avoid empty yaml dict error).
+    _placeholder:
+        level: "INFO"
+
+    
+    
+    synapse.storage.SQL:
+        # beware: increasing this to DEBUG will make synapse log sensitive
+        # information such as access tokens.
+        level: INFO
+    
+
+    
+
+root:
+    level: INFO
+
+
+    handlers: [console]
+
+
+disable_existing_loggers: false

matrixgw_backend/docker/synapse/localhost.signing.key

@@ -0,0 +1 @@
+ed25519 a_HEcG Q2iG1Yy5WTiZ/VIy+zHPyHCRUpqyE3qrVttGULrVQK4

matrixgw_backend/examples/api_curl.rs

@@ -0,0 +1,86 @@
+use clap::Parser;
+use jwt_simple::algorithms::HS256Key;
+use jwt_simple::prelude::{Clock, Duration, JWTClaims, MACLike};
+use matrix_gateway::extractors::client_auth::TokenClaims;
+use matrix_gateway::utils::base_utils::rand_str;
+use std::ops::Add;
+use std::os::unix::prelude::CommandExt;
+use std::process::Command;
+
+/// cURL wrapper to query MatrixGW
+#[derive(Parser, Debug)]
+#[command(version, about, long_about = None)]
+struct Args {
+    /// URL of Matrix GW
+    #[arg(short('U'), long, env, default_value = "http://localhost:8000")]
+    matrix_gw_url: String,
+
+    /// Token ID
+    #[arg(short('i'), long, env)]
+    token_id: String,
+
+    /// User ID
+    #[arg(short('u'), long, env)]
+    user_id: String,
+
+    /// Token secret
+    #[arg(short('t'), long, env)]
+    token_secret: String,
+
+    /// Request verb
+    #[arg(short('X'), long, default_value = "GET")]
+    method: String,
+
+    /// Payload SHA256 digest
+    #[arg(short('D'), long)]
+    payload_digest: Option<String>,
+
+    /// Request URI
+    uri: String,
+
+    /// Command line arguments to pass to cURL
+    #[clap(trailing_var_arg = true, allow_hyphen_values = true)]
+    run: Vec<String>,
+}
+
+fn main() {
+    let args: Args = Args::parse();
+
+    let full_url = format!("{}{}", args.matrix_gw_url, args.uri);
+    log::debug!("Full URL: {full_url}");
+
+    let key = HS256Key::from_bytes(args.token_secret.as_bytes());
+
+    let claims = JWTClaims::<TokenClaims> {
+        issued_at: Some(Clock::now_since_epoch()),
+        expires_at: Some(Clock::now_since_epoch().add(Duration::from_mins(15))),
+        invalid_before: None,
+        issuer: None,
+        subject: None,
+        audiences: None,
+        jwt_id: None,
+        nonce: Some(rand_str(10)),
+        custom: TokenClaims {
+            method: args.method.to_string(),
+            uri: args.uri,
+            payload_sha256: args.payload_digest.clone(),
+        },
+    };
+
+    let jwt = key
+        .with_key_id(&format!(
+            "{}#{}",
+            urlencoding::encode(&args.user_id),
+            urlencoding::encode(&args.token_id)
+        ))
+        .authenticate(claims)
+        .expect("Failed to sign JWT!");
+
+    let _ = Command::new("curl")
+        .args(["-X", &args.method])
+        .args(["-H", &format!("x-client-auth: {jwt}")])
+        .args(args.run)
+        .arg(full_url)
+        .exec();
+    panic!("Failed to run curl!")
+}

matrixgw_backend/src/main.rs

@@ -0,0 +1,3 @@
+fn main() {
+    println!("Hello, world!");
+}