search

processone / ejabberd

Robust, Ubiquitous and Massively Scalable Messaging Platform (XMPP, MQTT, SIP Server)
https://www.process-one.net/en/ejabberd/
Other
6.01k stars 1.5k forks source link

Problems with matrix gateway #4244

Closed TheBluestBird closed 1 week ago

TheBluestBird commented 1 week ago

Environment

Configuration

hosts:
  - "macaw.me"
loglevel: 4
log_rotate_size: 10485760
log_rotate_date: ""
log_rotate_count: 1
log_rate_limit: 100
update_sql_schema: false
captcha_cmd: "/lib/ejabberd/priv/bin/captcha.sh"
captcha_host: "macaw.me:5443"
sql_type: mysql
sql_server: "localhost"
sql_database: "ejabberd"
sql_username: "ejabberd"
sql_password: "***"
sql_port: 3306
sql_keepalive_interval: 120
auth_method: sql
auth_password_format: scram
default_db: sql
certfiles:
  - "/etc/letsencrypt/live/macaw.me/fullchain.pem"
  - "/etc/letsencrypt/live/macaw.me/privkey.pem"
  - "/etc/letsencrypt/live/macaw.me/cert.pem"
  - "/etc/letsencrypt/live/macaw.me/chain.pem"
listen:
  -
    port: 5222
    ip: "::"
    module: ejabberd_c2s
    max_stanza_size: 262144
    shaper: c2s_shaper
    access: c2s
    starttls: true
  -
    port: 5223
    ip: "::"
    module: ejabberd_c2s
    max_stanza_size: 262144
    shaper: c2s_shaper
    access: c2s
    tls: true
  -
    port: 5269
    ip: "::"
    shaper: s2s_shaper
    module: ejabberd_s2s_in
    max_stanza_size: 524288
  -
    port: 5270
    ip: "::"
    shaper: s2s_shaper
    module: ejabberd_s2s_in
    max_stanza_size: 524288
    tls: true
  -
    port: 5443
    ip: "::"
    module: ejabberd_http
    request_handlers:
      /admin: ejabberd_web_admin
      /api: mod_http_api
      /bosh: mod_bosh
      /upload: mod_http_upload
      /ws: ejabberd_http_ws
      /captcha: ejabberd_captcha
    tls: true
    custom_headers:
      "Access-Control-Allow-Origin": "*"
      "Access-Control-Allow-Methods": "OPTIONS, HEAD, GET, POST, PUT"
      "Access-Control-Allow-Headers": "Authorization, Accept, Accept-Language, Content-Language, Content-Type"
      "Access-Control-Allow-Credentials": "true"
  -
    port: 5280
    ip: "::"
    module: ejabberd_http
    web_admin: true
  -
    port: 8448 # Matrix federation
    module: ejabberd_http
    tls: true
    request_handlers:
      "/_matrix": mod_matrix_gw
  -
    port: 3478
    transport: udp
    use_turn: true
    turn_ipv4_address: "45.79.76.58"
    turn_ipv6_address: "2600:3c01::f03c:91ff:fefb:8a47"
    auth_realm: "macaw.me"
    module: ejabberd_stun
  -
    port: 3478
    transport: tcp
    use_turn: true
    turn_ipv4_address: "45.79.76.58"
    turn_ipv6_address: "2600:3c01::f03c:91ff:fefb:8a47"
    auth_realm: "macaw.me"
    module: ejabberd_stun
  -
    port: 3479
    transport: tcp
    tls: true
    use_turn: true
    turn_ipv4_address: "45.79.76.58"
    turn_ipv6_address: "2600:3c01::f03c:91ff:fefb:8a47"
    auth_realm: "macaw.me"
    module: ejabberd_stun
  -
    ip: "::"
    port: 5347
    module: ejabberd_service
    hosts:
      tg.macaw.me:
          password: ***
s2s_use_starttls: required
s2s_access: s2s
acl:
  slidge_acl:
    server:
      - "tg.macaw.me"
  admin:
    user:
      - "administrator": "macaw.me"
      - "administrator": "chat.macaw.me"
  local:
    server: "macaw.me"
  loopback:
    ip:
      - "127.0.0.0/8"
      - "::1/128"
      - "::FFFF:127.0.0.1/128"
  world:
    user: all
access_rules:
  slidge_rule:
    - allow: slidge_acl
  local:
    - allow: local
  c2s:
    - deny: blocked
    - allow
  s2s:
    - allow
  announce:
    - allow: admin
  configure:
    - allow: admin
  muc_create:
    - deny: blocked
    - allow: local
  pubsub_createnode:
    - deny: blocked
    - allow
  register:
    - allow: all
  trusted_network:
    - allow: loopback
  world:
    - deny: blocked
    - allow
api_permissions:
  "console commands":
    from:
      - ejabberd_ctl
    who: all
    what: "*"
  "admin access":
    who:
      - access:
          - allow:
            - acl: loopback
            - acl: admin
      - oauth:
        - scope: "ejabberd:admin"
        - access:
          - allow:
            - acl: loopback
            - acl: admin
    what:
      - "*"
      - "!stop"
      - "!start"
  "public commands":
    who:
      - ip: "127.0.0.1/8"
    what:
      - "status"
      - "connected_users_number"
shaper:
  normal:
    rate: 5000
    burst_size: 20000
  fast: 100000
shaper_rules:
  max_user_sessions: 10
  max_user_offline_messages:
    - 5000: admin
    - 500
  c2s_shaper:
    - none: admin
    - normal
  s2s_shaper: fast
  soft_upload_quota:
    2000: all # MiB  
  hard_upload_quota:
    2500: all # MiB
modules:
  mod_adhoc: {}
  mod_admin_extra: {}
  mod_announce:
    access: announce
  mod_avatar: {}
  mod_blocking: {}
  mod_bosh: {}
  mod_caps: {}
  mod_carboncopy: {}
  mod_client_state: {}
  mod_configure: {}
  mod_matrix_gw:
    matrix_domain: "matrix.macaw.me"
    key_name: "key1"
    key: "***"
  mod_disco:
        server_info:
        -
            modules: all
            name: "abuse-addresses"
            urls:
              - "mailto:administrator@macaw.me"
              - "xmpp:administrator@macaw.me"
        -
            modules: all
            name: "admin-addresses"
            urls:
              - "mailto:administrator@macaw.me"
              - "xmpp:administrator@macaw.me"
        -
            modules: all
            name: "support-addresses"
            urls:
              - "mailto:administrator@macaw.me"
              - "mailto:blue@macaw.me"
              - "xmpp:administrator@macaw.me"
              - "xmpp:blue@macaw.me"
              - "xmpp:support@conference.macaw.me?join"
              - "https://macaw.me/services/xmpp.html"
  mod_fail2ban: {}
  mod_http_api: {}
  mod_http_upload:
    name: "HTTP File Upload"
    put_url: "https://@HOST@:5443/upload"
    docroot: "/var/upload"
    max_size: 104857600 # 100 MiB.
    thumbnail: false
    access: world
    custom_headers:
      "Access-Control-Allow-Origin": "*"
      "Access-Control-Allow-Headers": "Authorization, Accept, Accept-Language, Content-Language, Content-Type"
      "Access-Control-Allow-Methods": "GET, POST, PUT, HEAD, OPTIONS"
      "Access-Control-Allow-Credentials": "true"
  mod_http_upload_quota: {}
  mod_last: {}
  mod_mam:
    assume_mam_usage: true
    default: always
  mod_muc:
    access:
      - allow
    access_admin:
      - allow: admin
    access_create: muc_create
    access_persistent: muc_create
    default_room_options:
      mam: true
  mod_muc_admin: {}
  mod_muc_occupantid: {}
  mod_muc_rtbl: {}
  mod_offline:
    access_max_user_messages: max_user_offline_messages
  mod_ping: {}
  mod_privacy: {}
  mod_private: {}
  mod_privilege:
    roster:
      both: slidge_rule
    message:
      outgoing: slidge_rule
  mod_proxy65:
    access: world
    max_connections: 10
  mod_pubsub:
    access_createnode: pubsub_createnode
    ignore_pep_from_offline: false
    last_item_cache: false
    max_items_node: 50000
    default_node_config:
      max_items: max
    plugins:
      - "flat"
      - "pep"
    hosts:
      - "news.@HOST@"
      - "social.@HOST@"
      - "comments.@HOST@"
    force_node_config:
      "eu.siacs.conversations.axolotl.*":
        access_model: open
      "storage:bookmarks":
        access_model: whitelist
      "urn:xmpp:microblog:0":
        max_items: max
        access_model: open
        notify_retract: true
        persist_items: true
      "urn:xmpp:bookmarks:0":
        access_model: whitelist
        send_last_published_item: never
        persist_items: true
        max_items: max
      "urn:xmpp:bookmarks:1":
        access_model: whitelist
        send_last_published_item: never
        persist_items: true
        max_items: max
      "urn:xmpp:pubsub:movim-public-subscription":
        access_model: whitelist
        persist_items: true
        notify_retract: true
        max_items: max
      "urn:xmpp:pubsub:subscription":
        max_items: max
        access_model: open
        notify_retract: true
        persist_items: true
  mod_push: {}
  mod_push_keepalive: {}
  mod_register:
    access: register
    registration_watchers:
      - "administrator@macaw.me"
    welcome_message:
      subject: "Welcome!"
      body: |-
        Hello!
        Welcome to Macaw.me Jabber server.
        If you have any sort of trouble with this server
        contact administrator@macaw.me by email or XMPP.
        Support chat is support@conference.macaw.me.
    captcha_protected: true
  mod_roster:
    versioning: true
  mod_s2s_dialback: {}
  mod_shared_roster: {}
  mod_stream_mgmt:
    resend_on_timeout: if_offline
  mod_vcard: {}
  mod_vcard_xupdate: {}
  mod_stun_disco:
    credentials_lifetime: 12h
    services:
        -
          host: 45.79.76.58
          port: 3478
          type: stun
          transport: udp
          restricted: false
        -
          host: 45.79.76.58
          port: 3478
          type: turn
          transport: udp
          restricted: true
        -
          host: macaw.me
          port: 3479
          type: stuns
          transport: tcp
          restricted: false
        -
          host: macaw.me
          port: 3479
          type: turns
          transport: tcp
          restricted: true
        -
          host: macaw.me
          port: 3478
          type: stun
          transport: tcp
          restricted: false
        -
          host: macaw.me
          port: 3478
          type: turn
          transport: tcp
          restricted: true
  mod_version:
    show_os: true

Errors from error.log/crash.log

Jul 03 12:38:15 peppersurprise ejabberdctl[2935905]: 2024-07-03 12:38:15.485343+00:00 [error] HTTP handler crashed: exception error: {unsupported_type,{[{<<"old_verify_keys">>,{[]}},
Jul 03 12:38:15 peppersurprise ejabberdctl[2935905]:                                       {<<"server_name">>,
Jul 03 12:38:15 peppersurprise ejabberdctl[2935905]:                                        <<"matrix.macaw.me">>},
Jul 03 12:38:15 peppersurprise ejabberdctl[2935905]:                                       {<<"valid_until_ts">>,1720615095484},
Jul 03 12:38:15 peppersurprise ejabberdctl[2935905]:                                       {<<"verify_keys">>,
Jul 03 12:38:15 peppersurprise ejabberdctl[2935905]:                                        {[{<<"ed25519:key1">>,
Jul 03 12:38:15 peppersurprise ejabberdctl[2935905]:                                           {[{<<"key">>,
Jul 03 12:38:15 peppersurprise ejabberdctl[2935905]:                                              <<"t4S0HeVB2z+QsKJ0tko8olWGVG2n4aecJSV5hImTZxE">>}]}}]}}]}}
Jul 03 12:38:15 peppersurprise ejabberdctl[2935905]:    in function  json:do_encode/2 (json.erl, line 193)
Jul 03 12:38:15 peppersurprise ejabberdctl[2935905]:    in call from misc:json_encode/1 (src/misc.erl, line 141)
Jul 03 12:38:15 peppersurprise ejabberdctl[2935905]:    in call from mod_matrix_gw:sign_json/2 (src/mod_matrix_gw.erl, line 722)
Jul 03 12:38:15 peppersurprise ejabberdctl[2935905]:    in call from mod_matrix_gw:process/2 (src/mod_matrix_gw.erl, line 76)
Jul 03 12:38:15 peppersurprise ejabberdctl[2935905]:    in call from ejabberd_http:process/2 (src/ejabberd_http.erl, line 375)
Jul 03 12:38:15 peppersurprise ejabberdctl[2935905]:    in call from ejabberd_http:process_request/1 (src/ejabberd_http.erl, line 505)
Jul 03 12:38:15 peppersurprise ejabberdctl[2935905]:    in call from ejabberd_http:process_header/2 (src/ejabberd_http.erl, line 294)
Jul 03 12:38:15 peppersurprise ejabberdctl[2935905]:    in call from ejabberd_http:parse_headers/1 (src/ejabberd_http.erl, line 219)
Jul 03 12:38:15 peppersurprise ejabberdctl[2935905]: 2024-07-03 12:38:15.485923+00:00 [error] CRASH REPORT:
Jul 03 12:38:15 peppersurprise ejabberdctl[2935905]:   crasher:
Jul 03 12:38:15 peppersurprise ejabberdctl[2935905]:     initial call: ejabberd_http:init/3
Jul 03 12:38:15 peppersurprise ejabberdctl[2935905]:     pid: <0.32025.0>
Jul 03 12:38:15 peppersurprise ejabberdctl[2935905]:     registered_name: []
Jul 03 12:38:15 peppersurprise ejabberdctl[2935905]:     exception error: {unsupported_type,
Jul 03 12:38:15 peppersurprise ejabberdctl[2935905]:                          {[{<<"old_verify_keys">>,{[]}},
Jul 03 12:38:15 peppersurprise ejabberdctl[2935905]:                            {<<"server_name">>,<<"matrix.macaw.me">>},
Jul 03 12:38:15 peppersurprise ejabberdctl[2935905]:                            {<<"valid_until_ts">>,1720615095484},
Jul 03 12:38:15 peppersurprise ejabberdctl[2935905]:                            {<<"verify_keys">>,
Jul 03 12:38:15 peppersurprise ejabberdctl[2935905]:                             {[{<<"ed25519:key1">>,
Jul 03 12:38:15 peppersurprise ejabberdctl[2935905]:                                {[{<<"key">>,
Jul 03 12:38:15 peppersurprise ejabberdctl[2935905]:                                   <<"t4S0HeVB2z+QsKJ0tko8olWGVG2n4aecJSV5hImTZxE">>}]}}]}}]}}
Jul 03 12:38:15 peppersurprise ejabberdctl[2935905]:       in function  json:do_encode/2 (json.erl, line 193)
Jul 03 12:38:15 peppersurprise ejabberdctl[2935905]:       in call from misc:json_encode/1 (src/misc.erl, line 141)
Jul 03 12:38:15 peppersurprise ejabberdctl[2935905]:       in call from mod_matrix_gw:sign_json/2 (src/mod_matrix_gw.erl, line 722)
Jul 03 12:38:15 peppersurprise ejabberdctl[2935905]:       in call from mod_matrix_gw:process/2 (src/mod_matrix_gw.erl, line 76)
Jul 03 12:38:15 peppersurprise ejabberdctl[2935905]:       in call from ejabberd_http:process/2 (src/ejabberd_http.erl, line 375)
Jul 03 12:38:15 peppersurprise ejabberdctl[2935905]:       in call from ejabberd_http:process_request/1 (src/ejabberd_http.erl, line 505)
Jul 03 12:38:15 peppersurprise ejabberdctl[2935905]:       in call from ejabberd_http:process_header/2 (src/ejabberd_http.erl, line 294)
Jul 03 12:38:15 peppersurprise ejabberdctl[2935905]:       in call from ejabberd_http:parse_headers/1 (src/ejabberd_http.erl, line 219)
Jul 03 12:38:15 peppersurprise ejabberdctl[2935905]:     ancestors: [ejabberd_http_sup,ejabberd_sup,<0.178.0>]
Jul 03 12:38:15 peppersurprise ejabberdctl[2935905]:     message_queue_len: 0
Jul 03 12:38:15 peppersurprise ejabberdctl[2935905]:     messages: []
Jul 03 12:38:15 peppersurprise ejabberdctl[2935905]:     links: [<0.1101.0>,#Port<0.30318>]
Jul 03 12:38:15 peppersurprise ejabberdctl[2935905]:     dictionary: []
Jul 03 12:38:15 peppersurprise ejabberdctl[2935905]:     trap_exit: false
Jul 03 12:38:15 peppersurprise ejabberdctl[2935905]:     status: running
Jul 03 12:38:15 peppersurprise ejabberdctl[2935905]:     heap_size: 4185
Jul 03 12:38:15 peppersurprise ejabberdctl[2935905]:     stack_size: 29
Jul 03 12:38:15 peppersurprise ejabberdctl[2935905]:     reductions: 27245
Jul 03 12:38:15 peppersurprise ejabberdctl[2935905]:   neighbours:
Jul 03 12:38:15 peppersurprise ejabberdctl[2935905]: 2024-07-03 12:38:15.488464+00:00 [error] SUPERVISOR REPORT:
Jul 03 12:38:15 peppersurprise ejabberdctl[2935905]:     supervisor: {local,ejabberd_http_sup}
Jul 03 12:38:15 peppersurprise ejabberdctl[2935905]:     errorContext: child_terminated
Jul 03 12:38:15 peppersurprise ejabberdctl[2935905]:     reason: {{unsupported_type,{[{<<"old_verify_keys">>,{[]}},
Jul 03 12:38:15 peppersurprise ejabberdctl[2935905]:                                  {<<"server_name">>,<<"matrix.macaw.me">>},
Jul 03 12:38:15 peppersurprise ejabberdctl[2935905]:                                  {<<"valid_until_ts">>,1720615095484},
Jul 03 12:38:15 peppersurprise ejabberdctl[2935905]:                                  {<<"verify_keys">>,
Jul 03 12:38:15 peppersurprise ejabberdctl[2935905]:                                   {[{<<"ed25519:key1">>,
Jul 03 12:38:15 peppersurprise ejabberdctl[2935905]:                                      {[{<<"key">>,
Jul 03 12:38:15 peppersurprise ejabberdctl[2935905]:                                         <<"t4S0HeVB2z+QsKJ0tko8olWGVG2n4aecJSV5hImTZxE">>}]}}]}}]}},
Jul 03 12:38:15 peppersurprise ejabberdctl[2935905]:              [{json,do_encode,2,[{file,"json.erl"},{line,193}]},
Jul 03 12:38:15 peppersurprise ejabberdctl[2935905]:               {misc,json_encode,1,[{file,"src/misc.erl"},{line,141}]},
Jul 03 12:38:15 peppersurprise ejabberdctl[2935905]:               {mod_matrix_gw,sign_json,2,
Jul 03 12:38:15 peppersurprise ejabberdctl[2935905]:                              [{file,"src/mod_matrix_gw.erl"},{line,722}]},
Jul 03 12:38:15 peppersurprise ejabberdctl[2935905]:               {mod_matrix_gw,process,2,
Jul 03 12:38:15 peppersurprise ejabberdctl[2935905]:                              [{file,"src/mod_matrix_gw.erl"},{line,76}]},
Jul 03 12:38:15 peppersurprise ejabberdctl[2935905]:               {ejabberd_http,process,2,
Jul 03 12:38:15 peppersurprise ejabberdctl[2935905]:                              [{file,"src/ejabberd_http.erl"},{line,375}]},
Jul 03 12:38:15 peppersurprise ejabberdctl[2935905]:               {ejabberd_http,process_request,1,
Jul 03 12:38:15 peppersurprise ejabberdctl[2935905]:                              [{file,"src/ejabberd_http.erl"},{line,505}]},
Jul 03 12:38:15 peppersurprise ejabberdctl[2935905]:               {ejabberd_http,process_header,2,
Jul 03 12:38:15 peppersurprise ejabberdctl[2935905]:                              [{file,"src/ejabberd_http.erl"},{line,294}]},
Jul 03 12:38:15 peppersurprise ejabberdctl[2935905]:               {ejabberd_http,parse_headers,1,
Jul 03 12:38:15 peppersurprise ejabberdctl[2935905]:                              [{file,"src/ejabberd_http.erl"},{line,219}]}]}
Jul 03 12:38:15 peppersurprise ejabberdctl[2935905]:     offender: [{pid,<0.32025.0>},
Jul 03 12:38:15 peppersurprise ejabberdctl[2935905]:                {id,undefined},
Jul 03 12:38:15 peppersurprise ejabberdctl[2935905]:                {mfargs,{ejabberd_http,start_link,undefined}},
Jul 03 12:38:15 peppersurprise ejabberdctl[2935905]:                {restart_type,temporary},
Jul 03 12:38:15 peppersurprise ejabberdctl[2935905]:                {significant,false},
Jul 03 12:38:15 peppersurprise ejabberdctl[2935905]:                {shutdown,5000},
Jul 03 12:38:15 peppersurprise ejabberdctl[2935905]:                {child_type,worker}]

Bug description

Hello everyone!

I decided to try out the new feature of matrix gateway, but it didn't work for me. I followed this tutorial and on the moment I try to test it gives this error in the log.

I suspect that I have misconfigured something, so, decided to attach my full config just to be on the safe side.

Thank you so much for your attention!

prefiks commented 1 week ago

Ok, seems like problem with new json encoder from erlang 27 (this is new module added in this version, in older version we are using external library for this same task).

I see that this code need to have json fields in particular order, as i guess requirement for repeatable signatures, so it convert json object to sorted lists of tuples (as you can't specify order of fields with maps), which new encode doesn't like. We need to find a way to make it consume those lists, i think it should be doable with custom encoders that json module offers.

prefiks commented 1 week ago

I added code doing that in a4fd756eae7768a1f2884fed0e4eb2972b8bb7f6, i think this should fix that crash.