Sydent: Reference Matrix Identity Server http://matrix.org (mirror)

David Robertson 5de734962a Make `sydent.terms` pass `mypy --strict` (#428) 3 роки тому
.github 85e8397378 Run mypy in CI on the sydent package (#416) 3 роки тому
changelog.d 5de734962a Make `sydent.terms` pass `mypy --strict` (#428) 3 роки тому
docs 9e685c2be0 Add documentation on writing templates (#395) 3 роки тому
matrix_is_test e50f5d0f8a Support MSC3288 -- passing the room_type when processing invites. (#375) 3 роки тому
res baba66f8b9 Make the casefolding migration script more reliable (#379) 3 роки тому
scripts 5f90f62b69 Merge branch 'release-v2.4' 3 роки тому
scripts-dev 3dde3ad4c9 Add .gitignore config and a crude lint.sh (#417) 3 роки тому
stubs 4989ec00f4 Make sydent.util pass `mypy --strict` (#418) 3 роки тому
sydent 5de734962a Make `sydent.terms` pass `mypy --strict` (#428) 3 роки тому
tests 5f90f62b69 Merge branch 'release-v2.4' 3 роки тому
.dockerignore de80990a95 Add Dockerfile (Updated) (#290) 4 роки тому
.gitignore 3dde3ad4c9 Add .gitignore config and a crude lint.sh (#417) 3 роки тому
CHANGELOG.md 8270d08759 2.4.3 3 роки тому
CONTRIBUTING.md 3d9e2bad95 Add a primitive contributing guide and tweak PR template. (#393) 3 роки тому
Dockerfile d078590e6a Fix building docker images (#335) 3 роки тому
LICENSE 2360cd427f Reference Synapse Identity Verification and Lookup Server 10 роки тому
MANIFEST.in d9d1216c36 Add a manifest to fix missing files 6 роки тому
README.rst 3d9e2bad95 Add a primitive contributing guide and tweak PR template. (#393) 3 роки тому
matrix-sydent.service 4a64a89a68 example systemd file 6 роки тому
pyproject.toml 5de734962a Make `sydent.terms` pass `mypy --strict` (#428) 3 роки тому
setup.cfg cc72969681 Configure Flake8 and resolve errors (#347) 3 роки тому
setup.py 57ba780bbd Make sydent.validators pass `mypy --strict` (#425) 3 роки тому
terms.sample.yaml aa34363d56 Support MSC2140 register/terms endpoints 5 роки тому

README.rst

Installation
============

Installing the system dependencies
----------------------------------

To install Sydent's dependencies on a Debian-based system, run::

sudo apt-get install build-essential python3-dev libffi-dev \
sqlite3 libssl-dev python-virtualenv libxslt1-dev

Creating the virtualenv
-----------------------

To create the virtual environment in which Sydent will run::

virtualenv -p python3 ~/.sydent
source ~/.sydent/bin/activate
pip install --upgrade pip
pip install --upgrade setuptools


Installing the latest Sydent release from PyPI
----------------------------------------------

Sydent and its dependencies can be installed using ``pip`` by running::

pip install matrix-sydent

Installing from source
----------------------

Alternatively, Sydent can be installed using ``pip`` from a local git checkout::

git clone https://github.com/matrix-org/sydent.git
cd sydent
pip install -e .


Running Sydent
==============

With the virtualenv activated, you can run Sydent using::

python -m sydent.sydent

This will create a configuration file in ``sydent.conf`` with some defaults. If a setting is
defined in both the ``[DEFAULT]`` section and another section in the configuration file,
then the value in the other section is used.

You'll most likely want to change the server name (``server.name``) and specify an email server
(look for the settings starting with ``email.``).

By default, Sydent will listen on ``0.0.0.0:8090``. This can be changed by changing the values for
the configuration settings ``clientapi.http.bind_address`` and ``clientapi.http.port``.

Sydent uses SQLite as its database backend. By default, it will create the database as ``sydent.db``
in its working directory. The name can be overridden by modifying the ``db.file`` configuration option.
Sydent is known to be working with SQLite version 3.16.2 and later.

SMS originators
---------------

Defaults for SMS originators will not be added to the generated config file, these should
be added to the ``[sms]`` section of that config file in the form::

originators. = :

Where country code is the numeric country code, or ``default`` to specify the originator
used for countries not listed. For example, to use a selection of long codes for the
US/Canada, a short code for the UK and an alphanumertic originator for everywhere else::

originators.1 = long:12125552368,long:12125552369
originators.44 = short:12345
originators.default = alpha:Matrix

Docker
======

A Dockerfile is provided for sydent. To use it, run ``docker build -t sydent .`` in a sydent checkout.
To run it, use ``docker run --env=SYDENT_SERVER_NAME=my-sydent-server -p 8090:8090 sydent``.

Caution: All data will be lost when the container is terminated!

Persistent data
---------------

By default, all data is stored in ``/data``.
The best method is to put the data in a Docker volume.

.. code-block:: shell

docker volume create sydent-data
docker run ... --mount type=volume,source=sydent-data,destination=/data sydent

But you can also bind a local directory to the container.
However, you then have to pay attention to the file permissions.

.. code-block:: shell

mkdir /path/to/sydent-data
chown 993:993 /path/to/sydent-data
docker run ... --mount type=bind,source=/path/to/sydent-data,destination=/data sydent

Environment variables
---------------------

.. warning:: These variables are only taken into account at first start and are written to the configuration file.

+--------------------+-----------------+-----------------------+
| Variable Name | Sydent default | Dockerfile default |
+====================+=================+=======================+
| SYDENT_SERVER_NAME | *empty* | *empty* |
+--------------------+-----------------+-----------------------+
| SYDENT_CONF | ``sydent.conf`` | ``/data/sydent.conf`` |
+--------------------+-----------------+-----------------------+
| SYDENT_PID_FILE | ``sydent.pid`` | ``/data/sydent.pid`` |
+--------------------+-----------------+-----------------------+
| SYDENT_DB_PATH | ``sydent.db`` | ``/data/sydent.db`` |
+--------------------+-----------------+-----------------------+


Internal bind and unbind API
============================

It is possible to enable an internal API which allows for binding and unbinding
between identifiers and matrix IDs without any validation.
This is open to abuse, so is disabled by
default, and when it is enabled, is available only on a separate socket which
is bound to ``localhost`` by default.

To enable it, configure the port in the config file. For example::

[http]
internalapi.http.port = 8091

To change the address to which that API is bound, set the ``internalapi.http.bind_address`` configuration
setting in the ``[http]`` section, for example::

[http]
internalapi.http.port = 8091
internalapi.http.bind_address = 192.168.0.18

As already mentioned above, this is open to abuse, so make sure this address is not publicly accessible.

To use bind::

curl -XPOST 'http://localhost:8091/_matrix/identity/internal/bind' -H "Content-Type: application/json" -d '{"address": "matthew@arasphere.net", "medium": "email", "mxid": "@matthew:matrix.org"}'

The response has the same format as
`/_matrix/identity/api/v1/3pid/bind `_.

To use unbind::

curl -XPOST 'http://localhost:8091/_matrix/identity/internal/unbind' -H "Content-Type: application/json" -d '{"address": "matthew@arasphere.net", "medium": "email", "mxid": "@matthew:matrix.org"}'

The response has the same format as
`/_matrix/identity/api/v1/3pid/unbind `_.


Replication
===========

It is possible to configure a mesh of Sydent instances which replicate identity bindings
between each other. See ``_.