Skip to content

Conversation

@enaix
Copy link

@enaix enaix commented Jan 16, 2025

Description

This PR introduces a mechanism to exclude all servers from federation except given ones. Similar functionality is implemented in Synapse using federation_domain_whitelist. This functionality has been requested by users: #3487 (comment)

Configuration

In federation:

  • enable_whitelist: enable or disable whitelist
  • whitelisted_servers: the list of server names to whitelist

Changes

  • Added new table with the list of whitelisted servers
  • Added necessary APIs for accessing this server property
  • The whitelist check is performed in federationapi/internal/federationclient.go

Pull Request Checklist

Sign-off: private

@enaix enaix requested a review from a team as a code owner January 16, 2025 17:50
@CLAassistant
Copy link

CLAassistant commented Jan 16, 2025

CLA assistant check
Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
You have signed the CLA already but the status is still pending? Let us recheck it.

@S7evinK
Copy link
Collaborator

S7evinK commented Jan 16, 2025

Just a few quick notes:

  • I'd prefer if we could use AllowList or similar instead of WhiteList
  • No need for an Enable option, if we can just check len(allowedServers) > 0
  • Do we actually need a database table, isn't the list static?

@enaix
Copy link
Author

enaix commented Jan 17, 2025

  • I wanted to match the naming of synapse config options to avoid confusion, but sure
  • Sure
  • Yeah, it makes sense, since we can use a hashmap and drastically reduce cpu cycles

I wanted to ask if it's enough to add allowlist checks in federationclient.go

@enaix
Copy link
Author

enaix commented Jan 17, 2025

I wanted to ask if it's enough to add allowlist checks in federationclient.go

It seems that it's not enough.. clientapi/routing is performing various requests like public rooms fetch. Should we add whitelist checks to clientapi/routing/routing.go?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants