123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215 |
- # -*- coding: utf-8 -*-
- # Copyright 2014 OpenMarket Ltd
- # Copyright 2018 New Vector Ltd
- # Copyright 2019 The Matrix.org Foundation C.I.C.
- #
- # Licensed under the Apache License, Version 2.0 (the "License");
- # you may not use this file except in compliance with the License.
- # You may obtain a copy of the License at
- #
- # http://www.apache.org/licenses/LICENSE-2.0
- #
- # Unless required by applicable law or agreed to in writing, software
- # distributed under the License is distributed on an "AS IS" BASIS,
- # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- # See the License for the specific language governing permissions and
- # limitations under the License.
- from __future__ import absolute_import
- from twisted.web.server import Site
- from twisted.web.resource import Resource
- import logging
- import twisted.internet.ssl
- from sydent.http.servlets.authenticated_bind_threepid_servlet import (
- AuthenticatedBindThreePidServlet,
- )
- from sydent.http.servlets.authenticated_unbind_threepid_servlet import (
- AuthenticatedUnbindThreePidServlet,
- )
- logger = logging.getLogger(__name__)
- class ClientApiHttpServer:
- def __init__(self, sydent):
- self.sydent = sydent
- root = Resource()
- matrix = Resource()
- identity = Resource()
- api = Resource()
- v1 = self.sydent.servlets.v1
- v2 = self.sydent.servlets.v2
- validate = Resource()
- email = Resource()
- msisdn = Resource()
- emailReqCode = self.sydent.servlets.emailRequestCode
- emailValCode = self.sydent.servlets.emailValidate
- msisdnReqCode = self.sydent.servlets.msisdnRequestCode
- msisdnValCode = self.sydent.servlets.msisdnValidate
- getValidated3pid = self.sydent.servlets.getValidated3pid
- lookup = self.sydent.servlets.lookup
- bulk_lookup = self.sydent.servlets.bulk_lookup
- info = self.sydent.servlets.info
- internalInfo = self.sydent.servlets.internalInfo
- hash_details = self.sydent.servlets.hash_details
- lookup_v2 = self.sydent.servlets.lookup_v2
- threepid_v1 = Resource()
- threepid_v2 = Resource()
- bind = self.sydent.servlets.threepidBind
- unbind = self.sydent.servlets.threepidUnbind
- pubkey = Resource()
- ephemeralPubkey = Resource()
- pk_ed25519 = self.sydent.servlets.pubkey_ed25519
- root.putChild(b'_matrix', matrix)
- matrix.putChild(b'identity', identity)
- identity.putChild(b'api', api)
- identity.putChild(b'v2', v2)
- api.putChild(b'v1', v1)
- validate.putChild(b'email', email)
- validate.putChild(b'msisdn', msisdn)
- v1.putChild(b'validate', validate)
- v1.putChild(b'lookup', lookup)
- v1.putChild(b'bulk_lookup', bulk_lookup)
- v1.putChild(b'info', info)
- v1.putChild(b'internal-info', internalInfo)
- v1.putChild(b'pubkey', pubkey)
- pubkey.putChild(b'isvalid', self.sydent.servlets.pubkeyIsValid)
- pubkey.putChild(b'ed25519:0', pk_ed25519)
- pubkey.putChild(b'ephemeral', ephemeralPubkey)
- ephemeralPubkey.putChild(b'isvalid', self.sydent.servlets.ephemeralPubkeyIsValid)
- threepid_v2.putChild(b'getValidated3pid', getValidated3pid)
- threepid_v2.putChild(b'bind', bind)
- threepid_v2.putChild(b'unbind', unbind)
- threepid_v1.putChild(b'getValidated3pid', getValidated3pid)
- threepid_v1.putChild(b'unbind', unbind)
- if self.sydent.enable_v1_associations:
- threepid_v1.putChild(b'bind', bind)
- v1.putChild(b'3pid', threepid_v1)
- email.putChild(b'requestToken', emailReqCode)
- email.putChild(b'submitToken', emailValCode)
- msisdn.putChild(b'requestToken', msisdnReqCode)
- msisdn.putChild(b'submitToken', msisdnValCode)
- v1.putChild(b'store-invite', self.sydent.servlets.storeInviteServlet)
- v1.putChild(b'sign-ed25519', self.sydent.servlets.blindlySignStuffServlet)
- # v2
- # note v2 loses the /api so goes on 'identity' not 'api'
- identity.putChild(b'v2', v2)
- # v2 exclusive APIs
- v2.putChild(b'terms', self.sydent.servlets.termsServlet)
- account = self.sydent.servlets.accountServlet
- v2.putChild(b'account', account)
- account.putChild(b'register', self.sydent.servlets.registerServlet)
- account.putChild(b'logout', self.sydent.servlets.logoutServlet)
- # v2 versions of existing APIs
- v2.putChild(b'validate', validate)
- v2.putChild(b'pubkey', pubkey)
- v2.putChild(b'3pid', threepid_v2)
- v2.putChild(b'store-invite', self.sydent.servlets.storeInviteServlet)
- v2.putChild(b'sign-ed25519', self.sydent.servlets.blindlySignStuffServlet)
- v2.putChild(b'lookup', lookup_v2)
- v2.putChild(b'hash_details', hash_details)
- self.factory = Site(root)
- self.factory.displayTracebacks = False
- def setup(self):
- httpPort = int(self.sydent.cfg.get('http', 'clientapi.http.port'))
- interface = self.sydent.cfg.get('http', 'clientapi.http.bind_address')
- logger.info("Starting Client API HTTP server on %s:%d", interface, httpPort)
- self.sydent.reactor.listenTCP(
- httpPort, self.factory, interface=interface,
- )
- class InternalApiHttpServer(object):
- def __init__(self, sydent):
- self.sydent = sydent
- def setup(self, interface, port):
- logger.info("Starting Internal API HTTP server on %s:%d", interface, port)
- root = Resource()
- matrix = Resource()
- root.putChild(b'_matrix', matrix)
- identity = Resource()
- matrix.putChild(b'identity', identity)
- internal = Resource()
- identity.putChild(b'internal', internal)
- authenticated_bind = AuthenticatedBindThreePidServlet(self.sydent)
- internal.putChild(b'bind', authenticated_bind)
- authenticated_unbind = AuthenticatedUnbindThreePidServlet(self.sydent)
- internal.putChild(b'unbind', authenticated_unbind)
- factory = Site(root)
- factory.displayTracebacks = False
- self.sydent.reactor.listenTCP(port, factory, interface=interface)
- class ReplicationHttpsServer:
- def __init__(self, sydent):
- self.sydent = sydent
- root = Resource()
- matrix = Resource()
- identity = Resource()
- root.putChild(b'_matrix', matrix)
- matrix.putChild(b'identity', identity)
- replicate = Resource()
- replV1 = Resource()
- identity.putChild(b'replicate', replicate)
- replicate.putChild(b'v1', replV1)
- replV1.putChild(b'push', self.sydent.servlets.replicationPush)
- self.factory = Site(root)
- self.factory.displayTracebacks = False
- def setup(self):
- httpPort = int(self.sydent.cfg.get('http', 'replication.https.port'))
- interface = self.sydent.cfg.get('http', 'replication.https.bind_address')
- if self.sydent.sslComponents.myPrivateCertificate:
- # We will already have logged a warn if this is absent, so don't do it again
- cert = self.sydent.sslComponents.myPrivateCertificate
- certOptions = twisted.internet.ssl.CertificateOptions(privateKey=cert.privateKey.original,
- certificate=cert.original,
- trustRoot=self.sydent.sslComponents.trustRoot)
- logger.info("Loaded server private key and certificate!")
- logger.info("Starting Replication HTTPS server on %s:%d", interface, httpPort)
- self.sydent.reactor.listenSSL(httpPort, self.factory, certOptions,
- interface=interface)
|