diff --git a/apps/meteor/server/settings/federation-service.ts b/apps/meteor/server/settings/federation-service.ts index 3ee05dcdd3003..75271da3e2dcc 100644 --- a/apps/meteor/server/settings/federation-service.ts +++ b/apps/meteor/server/settings/federation-service.ts @@ -24,5 +24,12 @@ export const createFederationServiceSettings = async (): Promise => { public: true, alert: 'Federation_Service_Matrix_Port_Alert', }); + + await this.add('Federation_Service_Matrix_Signing_Key', '', { + type: 'string', + i18nLabel: 'Federation_Service_Matrix_Signing_Key', + i18nDescription: 'Federation_Service_Matrix_Signing_Key_Description', + public: false, + }); }); }; diff --git a/ee/packages/federation-matrix/src/FederationMatrix.ts b/ee/packages/federation-matrix/src/FederationMatrix.ts index a4b35262f5e27..726f0424d6f0a 100644 --- a/ee/packages/federation-matrix/src/FederationMatrix.ts +++ b/ee/packages/federation-matrix/src/FederationMatrix.ts @@ -1,6 +1,5 @@ import 'reflect-metadata'; -import { toUnpaddedBase64 } from '@hs/core'; import { ConfigService, createFederationContainer, getAllServices } from '@hs/federation-sdk'; import type { HomeserverEventSignatures, HomeserverServices, FederationContainerOptions } from '@hs/federation-sdk'; import { type IFederationMatrixService, ServiceClass, Settings } from '@rocket.chat/core-services'; @@ -40,40 +39,24 @@ export class FederationMatrix extends ServiceClass implements IFederationMatrixS static async create(emitter?: Emitter): Promise { const instance = new FederationMatrix(emitter); + const settingsSigningKey = await Settings.get('Federation_Service_Matrix_Signing_Key'); const config = new ConfigService({ + serverName: process.env.MATRIX_SERVER_NAME || 'rc1', + keyRefreshInterval: Number.parseInt(process.env.MATRIX_KEY_REFRESH_INTERVAL || '60', 10), + matrixDomain: process.env.MATRIX_DOMAIN || 'rc1', + version: process.env.SERVER_VERSION || '1.0', + port: Number.parseInt(process.env.SERVER_PORT || '8080', 10), + signingKey: settingsSigningKey, + signingKeyPath: process.env.CONFIG_FOLDER || './rc1.signing.key', database: { uri: process.env.MONGODB_URI || 'mongodb://localhost:3001/meteor', name: process.env.DATABASE_NAME || 'meteor', poolSize: Number.parseInt(process.env.DATABASE_POOL_SIZE || '10', 10), }, - server: { - name: process.env.SERVER_NAME || 'rc1', - version: process.env.SERVER_VERSION || '1.0', - port: Number.parseInt(process.env.SERVER_PORT || '8080', 10), - baseUrl: process.env.SERVER_BASE_URL || 'http://rc1:8080', - host: process.env.SERVER_HOST || '0.0.0.0', - }, - matrix: { - serverName: process.env.MATRIX_SERVER_NAME || 'rc1', - domain: process.env.MATRIX_DOMAIN || 'rc1', - keyRefreshInterval: Number.parseInt(process.env.MATRIX_KEY_REFRESH_INTERVAL || '60', 10), - }, - signingKeyPath: process.env.CONFIG_FOLDER || './rc1.signing.key', }); - const matrixConfig = config.getMatrixConfig(); - const serverConfig = config.getServerConfig(); - const signingKeys = await config.getSigningKey(); - const signingKey = signingKeys[0]; const containerOptions: FederationContainerOptions = { emitter: instance.eventHandler, - federationOptions: { - serverName: matrixConfig.serverName, - signingKey: toUnpaddedBase64(signingKey.privateKey), - signingKeyId: `ed25519:${signingKey.version}`, - timeout: 30000, - baseUrl: serverConfig.baseUrl, - }, }; await createFederationContainer(containerOptions, config); @@ -131,7 +114,7 @@ export class FederationMatrix extends ServiceClass implements IFederationMatrixS this.logger.warn('Homeserver services not available, skipping room creation'); return; } - + if (!(room.t === 'c' || room.t === 'p')) { throw new Error('Room is not a public or private room'); } diff --git a/packages/i18n/src/locales/en.i18n.json b/packages/i18n/src/locales/en.i18n.json index 395db02398f58..f91f0ad65dcbe 100644 --- a/packages/i18n/src/locales/en.i18n.json +++ b/packages/i18n/src/locales/en.i18n.json @@ -2126,6 +2126,8 @@ "Federation_Service_Matrix_Port_Description": "The port of the Matrix server to use for federation.", "Federation_Service_Matrix_Port_Alert": "If you're using a DNS or a reverse proxy, you should set this to the port of the DNS handling the federation traffic. E.g. your server is running on port 3000 and you're using a DNS to handle incoming traffic from port 3000 to the DNS name rc1.server.com only. In this case, you should set this to 443.", "Federation_Service_Alert": "This feature is in beta and may not be stable. Please be aware that it may change, break, or even be removed in the future without any notice.", + "Federation_Service_Matrix_Signing_Key": "Matrix server signing key", + "Federation_Service_Matrix_Signing_Key_Description": "The private signing key used by your Matrix server to authenticate federation requests. Format should be: algorithm version base64. This is typically an Ed25519 algorithm key (version 4), encoded as base64. It is essential for secure communication between federated Matrix servers and should be kept confidential.", "Field": "Field", "Field_removed": "Field removed", "Field_required": "Field required",