ircd::resource: Add conf items to toggle X-Matrix Authorization.

include/ircd/resource.h

@@ -85,6 +85,9 @@ struct ircd::resource::method
 	struct stats;
 	using handler = std::function<response (client &, request &)>;
 
+	static conf::item<bool> x_matrix_verify_origin;
+	static conf::item<bool> x_matrix_verify_destination;
+
 	struct resource *resource;
 	string_view name;
 	handler function;

ircd/m_event.cc

@@ -1381,7 +1381,7 @@ ircd::m::event::signatures(const mutable_buffer &out,
 
 	const json::members sigs
 	{
-		{ my_host(), sigb64 }
+		{ event.at("origin"), sigb64 }
     };
 
 	return json::stringify(mutable_buffer{out}, sigs);
@@ -1408,10 +1408,17 @@ ircd::m::signatures(const mutable_buffer &out_,
 		sign(preimage)
 	};
 
+	const auto sig_host
+	{
+		my_host(json::get<"origin"_>(event))?
+			json::get<"origin"_>(event):
+			my_host()
+	};
+
 	thread_local char sigb64buf[b64encode_size(sizeof(sig))];
 	const json::member my_sig
 	{
-		my_host(), json::members
+		sig_host, json::members
 		{
 			{ self::public_key_id, b64encode_unpadded(sigb64buf, sig) }
 		}

ircd/resource.cc

@@ -579,6 +579,20 @@ const
 	return request.user_id;
 }
 
+decltype(ircd::resource::method::x_matrix_verify_origin)
+ircd::resource::method::x_matrix_verify_origin
+{
+	{ "name",     "ircd.resource.x_matrix.verify_origin" },
+	{ "default",  true                                   },
+};
+
+decltype(ircd::resource::method::x_matrix_verify_origin)
+ircd::resource::method::x_matrix_verify_destination
+{
+	{ "name",     "ircd.resource.x_matrix.verify_destination" },
+	{ "default",  true                                        },
+};
+
 ircd::string_view
 ircd::resource::method::verify_origin(client &client,
                                       request &request)
@@ -599,17 +613,17 @@ const try
 		iequals(authorization.first, "X-Matrix"_sv)
 	};
 
-	if(!supplied && !required)
+	if(!required && !supplied)
 		return {};
 
-	if(!supplied && required)
+	if(required && !supplied)
 		throw m::error
 		{
 			http::UNAUTHORIZED, "M_MISSING_AUTHORIZATION",
 			"Required X-Matrix Authorization was not supplied"
 		};
 
-	if(!m::my_host(request.head.host))
+	if(x_matrix_verify_destination && !m::my_host(request.head.host))
 		throw m::error
 		{
 			http::UNAUTHORIZED, "M_NOT_MY_HOST",
@@ -626,7 +640,7 @@ const try
 		x_matrix.origin, request.head.host, name, request.head.uri, request.content
 	};
 
-	if(!object.verify(x_matrix.key, x_matrix.sig))
+	if(x_matrix_verify_origin && !object.verify(x_matrix.key, x_matrix.sig))
 		throw m::error
 		{
 			http::FORBIDDEN, "M_INVALID_SIGNATURE",