room and user account data encryption
This commit is contained in:
Aine
@@ -54,7 +54,8 @@ env vars
|
|||||||
* **POSTMOOGLE_TLS_CERT** - path to your SSL certificate (chain)
|
* **POSTMOOGLE_TLS_CERT** - path to your SSL certificate (chain)
|
||||||
* **POSTMOOGLE_TLS_KEY** - path to your SSL certificate's private key
|
* **POSTMOOGLE_TLS_KEY** - path to your SSL certificate's private key
|
||||||
* **POSTMOOGLE_TLS_REQUIRED** - require TLS connection, **even** on the non-TLS port (`POSTMOOGLE_PORT`). TLS connections are always required on the TLS port (`POSTMOOGLE_TLS_PORT`) regardless of this setting.
|
* **POSTMOOGLE_TLS_REQUIRED** - require TLS connection, **even** on the non-TLS port (`POSTMOOGLE_PORT`). TLS connections are always required on the TLS port (`POSTMOOGLE_TLS_PORT`) regardless of this setting.
|
||||||
* **POSTMOOGLE_NOENCRYPTION** - disable encryption support
|
* **POSTMOOGLE_DATA_SECRET** - secure key (password) to encrypt account data, must be 16, 24, or 32 bytes long
|
||||||
|
* **POSTMOOGLE_NOENCRYPTION** - disable matrix encryption (libolm) support
|
||||||
* **POSTMOOGLE_STATUSMSG** - presence status message
|
* **POSTMOOGLE_STATUSMSG** - presence status message
|
||||||
* **POSTMOOGLE_SENTRY_DSN** - sentry DSN
|
* **POSTMOOGLE_SENTRY_DSN** - sentry DSN
|
||||||
* **POSTMOOGLE_LOGLEVEL** - log level
|
* **POSTMOOGLE_LOGLEVEL** - log level
|
||||||
|
|||||||
@@ -68,8 +68,7 @@ func (b *Bot) initBotUsers() ([]string, error) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
func (b *Bot) getBotSettings() botSettings {
|
func (b *Bot) getBotSettings() botSettings {
|
||||||
config := botSettings{}
|
config, err := b.lp.GetAccountData(acBotSettingsKey)
|
||||||
err := b.lp.GetAccountData(acBotSettingsKey, &config)
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
b.log.Error("cannot get bot settings: %v", utils.UnwrapError(err))
|
b.log.Error("cannot get bot settings: %v", utils.UnwrapError(err))
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -88,8 +88,7 @@ func (s roomSettings) ContentOptions() *utils.ContentOptions {
|
|||||||
}
|
}
|
||||||
|
|
||||||
func (b *Bot) getRoomSettings(roomID id.RoomID) (roomSettings, error) {
|
func (b *Bot) getRoomSettings(roomID id.RoomID) (roomSettings, error) {
|
||||||
config := roomSettings{}
|
config, err := b.lp.GetRoomAccountData(roomID, acRoomSettingsKey)
|
||||||
err := b.lp.GetRoomAccountData(roomID, acRoomSettingsKey, &config)
|
|
||||||
return config, utils.UnwrapError(err)
|
return config, utils.UnwrapError(err)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@@ -76,6 +76,7 @@ func initBot(cfg *config.Config) {
|
|||||||
DB: db,
|
DB: db,
|
||||||
Dialect: cfg.DB.Dialect,
|
Dialect: cfg.DB.Dialect,
|
||||||
NoEncryption: cfg.NoEncryption,
|
NoEncryption: cfg.NoEncryption,
|
||||||
|
AccountDataSecret: cfg.DataSecret,
|
||||||
LPLogger: mxlog,
|
LPLogger: mxlog,
|
||||||
APILogger: logger.New("api.", cfg.LogLevel),
|
APILogger: logger.New("api.", cfg.LogLevel),
|
||||||
StoreLogger: logger.New("store.", cfg.LogLevel),
|
StoreLogger: logger.New("store.", cfg.LogLevel),
|
||||||
|
|||||||
@@ -18,6 +18,7 @@ func New() *Config {
|
|||||||
Domain: env.String("domain", defaultConfig.Domain),
|
Domain: env.String("domain", defaultConfig.Domain),
|
||||||
Port: env.String("port", defaultConfig.Port),
|
Port: env.String("port", defaultConfig.Port),
|
||||||
NoEncryption: env.Bool("noencryption"),
|
NoEncryption: env.Bool("noencryption"),
|
||||||
|
DataSecret: env.String("data.secret", defaultConfig.DataSecret),
|
||||||
MaxSize: env.Int("maxsize", defaultConfig.MaxSize),
|
MaxSize: env.Int("maxsize", defaultConfig.MaxSize),
|
||||||
StatusMsg: env.String("statusmsg", defaultConfig.StatusMsg),
|
StatusMsg: env.String("statusmsg", defaultConfig.StatusMsg),
|
||||||
Admins: env.Slice("admins"),
|
Admins: env.Slice("admins"),
|
||||||
|
|||||||
@@ -14,6 +14,8 @@ type Config struct {
|
|||||||
Port string
|
Port string
|
||||||
// RoomID of the admin room
|
// RoomID of the admin room
|
||||||
LogLevel string
|
LogLevel string
|
||||||
|
// DataSecret is account data secret key (password) to encrypt all account data values
|
||||||
|
DataSecret string
|
||||||
// NoEncryption disabled encryption support
|
// NoEncryption disabled encryption support
|
||||||
NoEncryption bool
|
NoEncryption bool
|
||||||
// Prefix for commands
|
// Prefix for commands
|
||||||
|
|||||||
2
go.mod
2
go.mod
@@ -18,7 +18,7 @@ require (
|
|||||||
gitlab.com/etke.cc/go/logger v1.1.0
|
gitlab.com/etke.cc/go/logger v1.1.0
|
||||||
gitlab.com/etke.cc/go/mxidwc v1.0.0
|
gitlab.com/etke.cc/go/mxidwc v1.0.0
|
||||||
gitlab.com/etke.cc/go/secgen v1.1.1
|
gitlab.com/etke.cc/go/secgen v1.1.1
|
||||||
gitlab.com/etke.cc/linkpearl v0.0.0-20221002130603-2ee25abf8373
|
gitlab.com/etke.cc/linkpearl v0.0.0-20221002171411-bb783f7e50f0
|
||||||
golang.org/x/net v0.0.0-20221002022538-bcab6841153b
|
golang.org/x/net v0.0.0-20221002022538-bcab6841153b
|
||||||
maunium.net/go/mautrix v0.12.1
|
maunium.net/go/mautrix v0.12.1
|
||||||
)
|
)
|
||||||
|
|||||||
4
go.sum
4
go.sum
@@ -95,8 +95,8 @@ gitlab.com/etke.cc/go/mxidwc v1.0.0 h1:6EAlJXvs3nU4RaMegYq6iFlyVvLw7JZYnZmNCGMYQ
|
|||||||
gitlab.com/etke.cc/go/mxidwc v1.0.0/go.mod h1:E/0kh45SAN9+ntTG0cwkAEKdaPxzvxVmnjwivm9nmz8=
|
gitlab.com/etke.cc/go/mxidwc v1.0.0/go.mod h1:E/0kh45SAN9+ntTG0cwkAEKdaPxzvxVmnjwivm9nmz8=
|
||||||
gitlab.com/etke.cc/go/secgen v1.1.1 h1:RmKOki725HIhWJHzPtAc9X4YvBneczndchpMgoDkE8w=
|
gitlab.com/etke.cc/go/secgen v1.1.1 h1:RmKOki725HIhWJHzPtAc9X4YvBneczndchpMgoDkE8w=
|
||||||
gitlab.com/etke.cc/go/secgen v1.1.1/go.mod h1:3pJqRGeWApzx7qXjABqz2o2SMCNpKSZao/gXVdasqE8=
|
gitlab.com/etke.cc/go/secgen v1.1.1/go.mod h1:3pJqRGeWApzx7qXjABqz2o2SMCNpKSZao/gXVdasqE8=
|
||||||
gitlab.com/etke.cc/linkpearl v0.0.0-20221002130603-2ee25abf8373 h1:+lF/qMr9Cz9X579cELiP6Tuma4BHoEBRaoBb198Zi3s=
|
gitlab.com/etke.cc/linkpearl v0.0.0-20221002171411-bb783f7e50f0 h1:B5YV62XKsLb9sCu9jW4Pnc5HDNRzdR1FswtRBMw1sR0=
|
||||||
gitlab.com/etke.cc/linkpearl v0.0.0-20221002130603-2ee25abf8373/go.mod h1:hjn0SVswej+Jo3+MycLm+lTsAVFy047Df+adX6MoXoE=
|
gitlab.com/etke.cc/linkpearl v0.0.0-20221002171411-bb783f7e50f0/go.mod h1:hjn0SVswej+Jo3+MycLm+lTsAVFy047Df+adX6MoXoE=
|
||||||
golang.org/x/crypto v0.0.0-20220518034528-6f7dac969898/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
|
golang.org/x/crypto v0.0.0-20220518034528-6f7dac969898/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
|
||||||
golang.org/x/crypto v0.0.0-20220926161630-eccd6366d1be h1:fmw3UbQh+nxngCAHrDCCztao/kbYFnWjoqop8dHx05A=
|
golang.org/x/crypto v0.0.0-20220926161630-eccd6366d1be h1:fmw3UbQh+nxngCAHrDCCztao/kbYFnWjoqop8dHx05A=
|
||||||
golang.org/x/crypto v0.0.0-20220926161630-eccd6366d1be/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
|
golang.org/x/crypto v0.0.0-20220926161630-eccd6366d1be/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
|
||||||
|
|||||||
Reference in New Issue
Block a user