Closed Guerteltier closed 2 years ago
Looking at the config - a reason for ~100% usage could be enable_outbound
set to true
.
This can result in quite a huge amount of outgoing federated requests, depending on the server count you are federating with.
Random question @Guerteltier, does hCaptcha work for you? https://github.com/matrix-org/dendrite/issues/2157 is asking to add support for it, but if it already works - great! :)
Looking at the config - a reason for ~100% usage could be
enable_outbound
set totrue
. This can result in quite a huge amount of outgoing federated requests, depending on the server count you are federating with.
Disabling it fixed the high CPU usage. Maybe consider adding a warning to the config template?
Random question @Guerteltier, does hCaptcha work for you? #2157 is asking to add support for it, but if it already works - great! :)
It works with some simple changes:
diff --git a/clientapi/auth/authtypes/logintypes.go b/clientapi/auth/authtypes/logintypes.go
index f01e48f8..78e67755 100644
--- a/clientapi/auth/authtypes/logintypes.go
+++ b/clientapi/auth/authtypes/logintypes.go
@@ -8,7 +8,7 @@ const (
LoginTypePassword = "m.login.password"
LoginTypeDummy = "m.login.dummy"
LoginTypeSharedSecret = "org.matrix.login.shared_secret"
- LoginTypeRecaptcha = "m.login.recaptcha"
+ LoginTypeRecaptcha = "org.asozial.login.hcaptcha"
LoginTypeApplicationService = "m.login.application_service"
LoginTypeToken = "m.login.token"
)
diff --git a/clientapi/routing/auth_fallback.go b/clientapi/routing/auth_fallback.go
index abfe830f..af10dc49 100644
--- a/clientapi/routing/auth_fallback.go
+++ b/clientapi/routing/auth_fallback.go
@@ -31,7 +31,7 @@ const recaptchaTemplate = `
<title>Authentication</title>
<meta name='viewport' content='width=device-width, initial-scale=1,
user-scalable=no, minimum-scale=1.0, maximum-scale=1.0'>
-<script src="https://www.google.com/recaptcha/api.js"
+<script src="https://js.hcaptcha.com/1/api.js"
async defer></script>
<script src="//code.jquery.com/jquery-1.11.2.min.js"></script>
<script>
@@ -51,7 +51,7 @@ function captchaDone() {
Please verify that you're not a robot.
</p>
<input type="hidden" name="session" value="{{.session}}" />
- <div class="g-recaptcha"
+ <div class="h-captcha"
data-sitekey="{{.siteKey}}"
data-callback="captchaDone">
</div>
@@ -155,7 +155,7 @@ func AuthFallback(
return &res
}
- response := req.Form.Get("g-recaptcha-response")
+ response := req.Form.Get("h-captcha-response")
if err := validateRecaptcha(cfg, response, clientIP); err != nil {
util.GetLogger(req.Context()).Error(err)
return err
diff --git a/clientapi/routing/register.go b/clientapi/routing/register.go
index 8253f315..65290530 100644
--- a/clientapi/routing/register.go
+++ b/clientapi/routing/register.go
@@ -20,6 +20,7 @@ import (
"encoding/json"
"fmt"
"io/ioutil"
+ "net"
"net/http"
"net/url"
"regexp"
@@ -255,7 +256,7 @@ type recaptchaResponse struct {
Success bool `json:"success"`
ChallengeTS time.Time `json:"challenge_ts"`
Hostname string `json:"hostname"`
- ErrorCodes []int `json:"error-codes"`
+ ErrorCodes []string `json:"error-codes"`
}
// validateUsername returns an error response if the username is invalid
@@ -333,12 +334,21 @@ func validateRecaptcha(
}
}
+ host, _, err := net.SplitHostPort(clientip)
+
+ if err != nil {
+ return &util.JSONResponse{
+ Code: http.StatusInternalServerError,
+ JSON: jsonerror.Unknown("net.SplitHostPort(" + clientip + ") failed!"),
+ }
+ }
+
// Make a POST request to Google's API to check the captcha response
resp, err := http.PostForm(cfg.RecaptchaSiteVerifyAPI,
url.Values{
"secret": {cfg.RecaptchaPrivateKey},
"response": {response},
- "remoteip": {clientip},
+ "remoteip": {host},
},
)
Closing this for now, as with some recent changes this error message should be handled differently. If you're still seeing this, feel free to re-open.
Background information
bfa344e83191c49bdc9917ab7a8ec31b93c202e9
go version
:go1.16.12 linux/amd64
Description
time="2022-05-04T13:41:50.560907000Z" level=warning msg="GetUserDevices returned unknown error type" func="github.com/matrix-org/dendrite/keyserver/internal.(*DeviceListUpdater).processServer" file="github.com/matrix-org/dendrite/keyserver/internal/device_list_update.go:402" context=missing error="contents=[123 34 101 114 114 99 111 100 101 34 58 34 77 95 85 78 65 85 84 72 79 82 73 90 69 68 34 44 34 101 114 114 111 114 34 58 34 70 97 105 108 101 100 32 116 111 32 102 105 110 100 32 97 110 121 32 107 101 121 32 116 111 32 115 97 116 105 115 102 121 58 32 95 70 101 116 99 104 75 101 121 82 101 113 117 101 115 116 40 115 101 114 118 101 114 95 110 97 109 101 61 39 97 115 111 122 105 97 108 46 111 114 103 39 44 32 109 105 110 105 109 117 109 95 118 97 108 105 100 95 117 110 116 105 108 95 116 115 61 49 54 53 49 54 55 49 55 48 57 53 55 49 44 32 107 101 121 95 105 100 115 61 91 39 101 100 50 53 53 49 57 58 77 101 73 122 87 69 39 93 41 34 125] msg=Failed to GET JSON (hostname \"matrix.org\" path \"/_matrix/federation/v1/user/devices/@machine_sinatra:matrix.org\") code=401 wrapped=M_UNAUTHORIZED: Failed to find any key to satisfy: _FetchKeyRequest(server_name='asozial.org', minimum_valid_until_ts=1651671709571, key_ids=['ed25519:MeIzWE'])" server_name=matrix.org user_id="@machine_sinatra:matrix.org"
Additionally CPU usage is constantly at ~100%, but I don't know if this is related to this issue or if it's a separate issue.My config: