Compare commits
6 commits
next
...
bump-docke
Author | SHA1 | Date | |
---|---|---|---|
|
7c925891c2 | ||
|
147f27521c | ||
|
70a24808d5 | ||
|
1872702789 | ||
|
0b926c2a31 | ||
|
01761e0211 |
3 changed files with 26 additions and 12 deletions
13
Dockerfile
13
Dockerfile
|
@ -36,9 +36,11 @@ FROM docker.io/debian:bullseye-slim AS runner
|
||||||
# You still need to map the port when using the docker command or docker-compose.
|
# You still need to map the port when using the docker command or docker-compose.
|
||||||
EXPOSE 6167
|
EXPOSE 6167
|
||||||
|
|
||||||
|
ARG DEFAULT_DB_PATH=/var/lib/matrix-conduit
|
||||||
|
|
||||||
ENV CONDUIT_PORT=6167 \
|
ENV CONDUIT_PORT=6167 \
|
||||||
CONDUIT_ADDRESS="0.0.0.0" \
|
CONDUIT_ADDRESS="0.0.0.0" \
|
||||||
CONDUIT_DATABASE_PATH=/var/lib/matrix-conduit \
|
CONDUIT_DATABASE_PATH=${DEFAULT_DB_PATH} \
|
||||||
CONDUIT_CONFIG=''
|
CONDUIT_CONFIG=''
|
||||||
# └─> Set no config file to do all configuration with env vars
|
# └─> Set no config file to do all configuration with env vars
|
||||||
|
|
||||||
|
@ -51,9 +53,6 @@ RUN apt-get update && apt-get -y --no-install-recommends install \
|
||||||
wget \
|
wget \
|
||||||
&& rm -rf /var/lib/apt/lists/*
|
&& rm -rf /var/lib/apt/lists/*
|
||||||
|
|
||||||
# Created directory for the database and media files
|
|
||||||
RUN mkdir -p /srv/conduit/.local/share/conduit
|
|
||||||
|
|
||||||
# Test if Conduit is still alive, uses the same endpoint as Element
|
# Test if Conduit is still alive, uses the same endpoint as Element
|
||||||
COPY ./docker/healthcheck.sh /srv/conduit/healthcheck.sh
|
COPY ./docker/healthcheck.sh /srv/conduit/healthcheck.sh
|
||||||
HEALTHCHECK --start-period=5s --interval=5s CMD ./healthcheck.sh
|
HEALTHCHECK --start-period=5s --interval=5s CMD ./healthcheck.sh
|
||||||
|
@ -69,9 +68,11 @@ RUN set -x ; \
|
||||||
groupadd -r -g ${GROUP_ID} conduit ; \
|
groupadd -r -g ${GROUP_ID} conduit ; \
|
||||||
useradd -l -r -M -d /srv/conduit -o -u ${USER_ID} -g conduit conduit && exit 0 ; exit 1
|
useradd -l -r -M -d /srv/conduit -o -u ${USER_ID} -g conduit conduit && exit 0 ; exit 1
|
||||||
|
|
||||||
# Change ownership of Conduit files to conduit user and group and make the healthcheck executable:
|
# Create database directory, change ownership of Conduit files to conduit user and group and make the healthcheck executable:
|
||||||
RUN chown -cR conduit:conduit /srv/conduit && \
|
RUN chown -cR conduit:conduit /srv/conduit && \
|
||||||
chmod +x /srv/conduit/healthcheck.sh
|
chmod +x /srv/conduit/healthcheck.sh && \
|
||||||
|
mkdir -p ${DEFAULT_DB_PATH} && \
|
||||||
|
chown -cR conduit:conduit ${DEFAULT_DB_PATH}
|
||||||
|
|
||||||
# Change user to conduit, no root permissions afterwards:
|
# Change user to conduit, no root permissions afterwards:
|
||||||
USER conduit
|
USER conduit
|
||||||
|
|
|
@ -7,7 +7,7 @@
|
||||||
# Credit's for the original Dockerfile: Weasy666.
|
# Credit's for the original Dockerfile: Weasy666.
|
||||||
# ---------------------------------------------------------------------------------------------------------
|
# ---------------------------------------------------------------------------------------------------------
|
||||||
|
|
||||||
FROM docker.io/alpine:3.16.0@sha256:4ff3ca91275773af45cb4b0834e12b7eb47d1c18f770a0b151381cd227f4c253 AS runner
|
FROM docker.io/alpine:3.16.2@sha256:1304f174557314a7ed9eddb4eab12fed12cb0cd9809e4c28f29af86979a3c870 AS runner
|
||||||
|
|
||||||
|
|
||||||
# Standard port on which Conduit launches.
|
# Standard port on which Conduit launches.
|
||||||
|
|
|
@ -170,11 +170,24 @@ pub async fn upload_signatures_route(
|
||||||
) -> Result<upload_signatures::v3::Response> {
|
) -> Result<upload_signatures::v3::Response> {
|
||||||
let sender_user = body.sender_user.as_ref().expect("user is authenticated");
|
let sender_user = body.sender_user.as_ref().expect("user is authenticated");
|
||||||
|
|
||||||
for (user_id, signed_keys) in &body.signed_keys {
|
for (user_id, keys) in &body.signed_keys {
|
||||||
for (key_id, signed_key) in signed_keys {
|
for (key_id, key) in keys {
|
||||||
let signed_key = serde_json::to_value(signed_key).unwrap();
|
let key = serde_json::to_value(key)
|
||||||
|
.map_err(|_| Error::BadRequest(ErrorKind::InvalidParam, "Invalid key JSON"))?;
|
||||||
|
|
||||||
for signature in signed_key
|
let is_signed_key = match key.get("usage") {
|
||||||
|
Some(usage) => usage
|
||||||
|
.as_array()
|
||||||
|
.map(|usage| !usage.contains(&json!("master")))
|
||||||
|
.unwrap_or(false),
|
||||||
|
None => true,
|
||||||
|
};
|
||||||
|
|
||||||
|
if !is_signed_key {
|
||||||
|
continue;
|
||||||
|
}
|
||||||
|
|
||||||
|
for signature in key
|
||||||
.get("signatures")
|
.get("signatures")
|
||||||
.ok_or(Error::BadRequest(
|
.ok_or(Error::BadRequest(
|
||||||
ErrorKind::InvalidParam,
|
ErrorKind::InvalidParam,
|
||||||
|
|
Loading…
Reference in a new issue