6213 Commits

This Branch

This Branch

All Branches

Author	SHA1	Message	Date
dasha_uwu	ce8abf6bf1	feat: implement OIDC server for next-gen auth (MSC2965/2964/2966/2967) ... Implements a built-in OIDC authorization server that allows Matrix clients like Element X to authenticate via OIDC, delegating user authentication to upstream identity providers (e.g. Kanidm) through the existing SSO flow. ## Endpoints - GET /_matrix/client/unstable/org.matrix.msc2965/auth_issuer - GET /.well-known/openid-configuration - POST /_tuwunel/oidc/registration (Dynamic Client Registration) - GET /_tuwunel/oidc/authorize → SSO redirect → _complete bridge - POST /_tuwunel/oidc/token (auth code exchange + refresh) - POST /_tuwunel/oidc/revoke - GET /_tuwunel/oidc/jwks - GET /_tuwunel/oidc/userinfo - GET /_tuwunel/oidc/account (placeholder) ## Spec compliance fixes - OAuth error responses use RFC 6749 §5.2 format ({"error": "...", "error_description": "..."}) - PKCE code_verifier validation per RFC 7636 §4.1 - Scope token matching uses exact whitespace-delimited comparison per RFC 6749 §3.3 - Typed ProviderMetadata struct for the discovery document - DCR includes policy_uri, tos_uri, software_id, software_version per RFC 7591 Refs: #246, #266	2026-03-20 14:48:31 +00:00
dasha_uwu	6a3588ed0b	Exclude the server user from admin users force-join-all-local-users, fixes #373	2026-03-17 23:04:11 +05:00
Jason Volk	7e21b9d730	Move admin startup command exec later in init sequence. (closes #320) ... Signed-off-by: Jason Volk <jason@zemos.net>	2026-03-12 09:08:36 +00:00
Jason Volk	1a5b552cd6	ci: Upgrade docker/login-action. ... Signed-off-by: Jason Volk <jason@zemos.net>	2026-03-12 02:18:03 +00:00
Jason Volk	529a2b91a4	Workaround Mxc serialization assertion. ... Signed-off-by: Jason Volk <jason@zemos.net>	2026-03-12 02:18:03 +00:00
Jason Volk	a656aba615	Check and wait loop for admin module load on startup. (fixes #320) ... Signed-off-by: Jason Volk <jason@zemos.net>	2026-03-11 15:24:21 +00:00
Jason Volk	e9864bc4e7	Encapsulate incoming pdu formatting and checks within constructor. ... Signed-off-by: Jason Volk <jason@zemos.net>	2026-03-11 15:24:21 +00:00
Jason Volk	a554280559	ci: Bump actions/checkout, actions/upload-artifact. ... Signed-off-by: Jason Volk <jason@zemos.net>	2026-03-11 15:24:21 +00:00
Jason Volk	02ee1a55a0	Only include JWT in login flows when configured. ... Signed-off-by: Jason Volk <jason@zemos.net>	2026-03-11 13:51:37 +00:00
Jason Volk	3ceeb8655f	Add spans for parse_incoming/gen_event_id for alloc instruments ... Signed-off-by: Jason Volk <jason@zemos.net>	2026-03-10 07:26:28 +00:00
Jason Volk	cd66cd843b	Fix double-deserialize during incoming pdu parsing. ... Signed-off-by: Jason Volk <jason@zemos.net>	2026-03-10 07:26:28 +00:00
Jason Volk	b5b6e3f1fd	Merge branch 'ventureoo/systemd-socket-activation'	2026-03-10 02:37:16 +00:00
Jason Volk	e31778bdb2	Merge branch 'donjuanplatinum/msc2246'	2026-03-10 02:37:12 +00:00
Jason Volk	aa847e4844	Flatten conditional branches; eliminate unwrap(). ... Signed-off-by: Jason Volk <jason@zemos.net>	2026-03-10 02:33:11 +00:00
Jason Volk	2a1d34bee1	Bump quinn-proto. ... Signed-off-by: Jason Volk <jason@zemos.net>	2026-03-10 01:20:32 +00:00
Jason Volk	64dd481140	Eliminate remaining conduit unwrap() et al. ... Signed-off-by: Jason Volk <jason@zemos.net>	2026-03-10 01:13:24 +00:00
Jason Volk	715d0a11c6	Eliminate type-length and recursion relaxations. ... Signed-off-by: Jason Volk <jason@zemos.net>	2026-03-10 01:13:24 +00:00
Jason Volk	beb9fa0ecd	Apply clippy::has_significant_drop. ... Signed-off-by: Jason Volk <jason@zemos.net>	2026-03-10 01:13:00 +00:00
Jason Volk	e70bc5d665	Move membership filter into closure. ... Signed-off-by: Jason Volk <jason@zemos.net>	2026-03-10 01:13:00 +00:00
Jason Volk	d15b30de64	Simplify database queries.	2026-03-09 22:26:46 +00:00
Vasiliy Stelmachenok	f3db71b32e	Add support for systemd socket activation ... Co-authored-by: Jason Volk <jason@zemos.net> Signed-off-by: Vasiliy Stelmachenok <ventureo@cachyos.org>	2026-03-09 22:09:12 +03:00
Jason Volk	13c038e254	Merge remote-tracking branch 'vladexa/monotonic-usec'	2026-03-09 07:43:55 +00:00
Jason Volk	b07c61fab8	Add database serde tests confirming mixed string/integer tuples. ... Signed-off-by: Jason Volk <jason@zemos.net>	2026-03-09 07:11:12 +00:00
Jason Volk	e5d01a2045	Fix conditional compilation for proc_pid_statm(5). (fixes #357) (again) ... Signed-off-by: Jason Volk <jason@zemos.net>	2026-03-09 04:37:44 +00:00
Vladislav Grechannik	0de031c765	Send monotonic time to systemd after reload notification ... Co-authored-by: Andrew Hunter <andrew@hunter.camera>	2026-03-08 22:27:52 +01:00
Jason Volk	0d43411447	Fix conditional compilation for supported RLIMIT variants. (fixes #357) ... Signed-off-by: Jason Volk <jason@zemos.net>	2026-03-08 15:47:37 +00:00
Jason Volk	cf7a4dc88d	Add ExpectInto numerological conversion trait. (#357) ... Signed-off-by: Jason Volk <jason@zemos.net>	2026-03-08 15:47:37 +00:00
Jason Volk	3fcfcafdd2	Add rocksdb event listener callbacks. ... Signed-off-by: Jason Volk <jason@zemos.net>	2026-03-08 15:47:37 +00:00
Jason Volk	dfedef4d19	Cleanup	2026-03-08 14:36:49 +00:00
Donjuanplatinum	c960a9dbc3	M_NOT_YET_UPLOAD and can not override,and change the result asyncupload to pass	2026-03-08 19:52:11 +08:00
Jason Volk	57d4ae243a	Add sys util to get rss from statm on linux. ... Signed-off-by: Jason Volk <jason@zemos.net>	2026-03-08 10:34:32 +00:00
Jason Volk	75301ff596	Add page_size() to sys limits suite. ... Signed-off-by: Jason Volk <jason@zemos.net>	2026-03-08 10:34:31 +00:00
Jason Volk	1d537d4a37	Improve log message fields intended for release mode. ... Signed-off-by: Jason Volk <jason@zemos.net>	2026-03-08 09:31:18 +00:00
Jason Volk	14b9c5df45	Instrument recursion level in event_handler. ... Signed-off-by: Jason Volk <jason@zemos.net>	2026-03-08 09:31:18 +00:00
Donjuanplatinum	ad896bb091	cllipy fix	2026-03-08 14:53:49 +08:00
Donjuanplatinum	2b81e189cb	add MSC2246 support	2026-03-08 14:53:49 +08:00
Jason Volk	31e7dc2735	Add missing jemalloc profiling interface mallctl's. ... Signed-off-by: Jason Volk <jason@zemos.net>	2026-03-08 06:50:24 +00:00
Jason Volk	d2836e9f50	Bump Rust 1.94.0. ... Signed-off-by: Jason Volk <jason@zemos.net>	2026-03-08 06:50:24 +00:00
Jason Volk	55ee0d8ab6	Bump dependencies. ... Signed-off-by: Jason Volk <jason@zemos.net>	2026-03-08 05:08:30 +00:00
Jason Volk	9d47ffff05	Bump 1.5.1 ... Signed-off-by: Jason Volk <jason@zemos.net>	2026-03-07 11:20:50 +00:00
Jason Volk	2bbf773390	Fix typo. (#352) ... Signed-off-by: Jason Volk <jason@zemos.net>	2026-03-07 09:49:58 +00:00
Jason Volk	ea8961a50d	Merge remote-tracking branch 'alametti/base-domain-well-known-docs'	2026-03-07 05:33:15 +00:00
Ava Pek	9a830c9bfc	Update MatrixRTC reverse proxy instructions ... The `get_token` route needs to be included as well, see: - https://www.exodrifter.space/entries/20260221100913 - https://continuwuity.org/calls/livekit#4-configure-your-reverse-proxy	2026-03-07 05:06:19 +00:00
Ava Pek	eb2e0d2d9f	Replace ; with : in docker docs ... Fixes #338	2026-03-07 05:06:13 +00:00
Jason Volk	3127eca67c	Add conditional UIAA flows for SSO and password. (#314) ... Signed-off-by: Jason Volk <jason@zemos.net>	2026-03-07 04:43:18 +00:00
Jason Volk	449b80de1d	Skip reserving capacity in fetch_auth_chain helper containers for now. ... Signed-off-by: Jason Volk <jason@zemos.net>	2026-03-07 03:39:13 +00:00
dasha_uwu	74a8fb7ed4	New way to configure livekit	2026-03-07 03:18:41 +00:00
dasha_uwu	fbbea7ae1d	Refactor Event.redacts_id to look at room version rules, use it	2026-03-07 03:18:41 +00:00
dasha_uwu	9246636b87	Set default value for encryption_enabled_by_default_for_room_type	2026-03-07 03:18:41 +00:00
Jason Volk	88bec526cb	Reduce debuginfo to limited for dependencies in dbg profile. ... Signed-off-by: Jason Volk <jason@zemos.net>	2026-03-07 03:18:41 +00:00