Skip to content

chore: support for the server key via settings #36551

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
MarcosSpessatto merged 2 commits into from
Jul 31, 2025
Merged

chore: support for the server key via settings #36551

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
4f28437
chore: support for the server key via settings
Jul 28, 2025
7338298
Merge branch 'feat/federation' into chore/support-server-key-in-settings
Jul 31, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 7 additions & 0 deletions apps/meteor/server/settings/federation-service.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,5 +24,12 @@ export const createFederationServiceSettings = async (): Promise<void> => {
public: true,
alert: 'Federation_Service_Matrix_Port_Alert',
});

await this.add('Federation_Service_Matrix_Signing_Key', '', {
type: 'string',
i18nLabel: 'Federation_Service_Matrix_Signing_Key',
i18nDescription: 'Federation_Service_Matrix_Signing_Key_Description',
public: false,
});
});
};
35 changes: 9 additions & 26 deletions ee/packages/federation-matrix/src/FederationMatrix.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,5 @@
import 'reflect-metadata';

import { toUnpaddedBase64 } from '@hs/core';
import { ConfigService, createFederationContainer, getAllServices } from '@hs/federation-sdk';
import type { HomeserverEventSignatures, HomeserverServices, FederationContainerOptions } from '@hs/federation-sdk';
import { type IFederationMatrixService, ServiceClass, Settings } from '@rocket.chat/core-services';
Expand Down Expand Up @@ -40,40 +39,24 @@ export class FederationMatrix extends ServiceClass implements IFederationMatrixS

static async create(emitter?: Emitter<HomeserverEventSignatures>): Promise<FederationMatrix> {
const instance = new FederationMatrix(emitter);
const settingsSigningKey = await Settings.get<string>('Federation_Service_Matrix_Signing_Key');
const config = new ConfigService({
serverName: process.env.MATRIX_SERVER_NAME || 'rc1',
keyRefreshInterval: Number.parseInt(process.env.MATRIX_KEY_REFRESH_INTERVAL || '60', 10),
matrixDomain: process.env.MATRIX_DOMAIN || 'rc1',
version: process.env.SERVER_VERSION || '1.0',
port: Number.parseInt(process.env.SERVER_PORT || '8080', 10),
signingKey: settingsSigningKey,
signingKeyPath: process.env.CONFIG_FOLDER || './rc1.signing.key',
database: {
uri: process.env.MONGODB_URI || 'mongodb://localhost:3001/meteor',
name: process.env.DATABASE_NAME || 'meteor',
poolSize: Number.parseInt(process.env.DATABASE_POOL_SIZE || '10', 10),
},
server: {
name: process.env.SERVER_NAME || 'rc1',
version: process.env.SERVER_VERSION || '1.0',
port: Number.parseInt(process.env.SERVER_PORT || '8080', 10),
baseUrl: process.env.SERVER_BASE_URL || 'http://rc1:8080',
host: process.env.SERVER_HOST || '0.0.0.0',
},
matrix: {
serverName: process.env.MATRIX_SERVER_NAME || 'rc1',
domain: process.env.MATRIX_DOMAIN || 'rc1',
keyRefreshInterval: Number.parseInt(process.env.MATRIX_KEY_REFRESH_INTERVAL || '60', 10),
},
signingKeyPath: process.env.CONFIG_FOLDER || './rc1.signing.key',
});
const matrixConfig = config.getMatrixConfig();
const serverConfig = config.getServerConfig();
const signingKeys = await config.getSigningKey();
const signingKey = signingKeys[0];

const containerOptions: FederationContainerOptions = {
emitter: instance.eventHandler,
federationOptions: {
serverName: matrixConfig.serverName,
signingKey: toUnpaddedBase64(signingKey.privateKey),
signingKeyId: `ed25519:${signingKey.version}`,
timeout: 30000,
baseUrl: serverConfig.baseUrl,
},
};

await createFederationContainer(containerOptions, config);
Expand Down Expand Up @@ -131,7 +114,7 @@ export class FederationMatrix extends ServiceClass implements IFederationMatrixS
this.logger.warn('Homeserver services not available, skipping room creation');
return;
}

if (!(room.t === 'c' || room.t === 'p')) {
throw new Error('Room is not a public or private room');
}
Expand Down
2 changes: 2 additions & 0 deletions packages/i18n/src/locales/en.i18n.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2126,6 +2126,8 @@
"Federation_Service_Matrix_Port_Description": "The port of the Matrix server to use for federation.",
"Federation_Service_Matrix_Port_Alert": "If you're using a DNS or a reverse proxy, you should set this to the port of the DNS handling the federation traffic. E.g. your server is running on port 3000 and you're using a DNS to handle incoming traffic from port 3000 to the DNS name rc1.server.com only. In this case, you should set this to 443.",
"Federation_Service_Alert": "This feature is in beta and may not be stable. Please be aware that it may change, break, or even be removed in the future without any notice.",
"Federation_Service_Matrix_Signing_Key": "Matrix server signing key",
"Federation_Service_Matrix_Signing_Key_Description": "The private signing key used by your Matrix server to authenticate federation requests. Format should be: algorithm version base64<privateKey>. This is typically an Ed25519 algorithm key (version 4), encoded as base64. It is essential for secure communication between federated Matrix servers and should be kept confidential.",
"Field": "Field",
"Field_removed": "Field removed",
"Field_required": "Field required",
Expand Down
Loading