From ac5ca1965bbcb2b61d59f6b00a581d060a743259 Mon Sep 17 00:00:00 2001 From: Tulir Asokan Date: Thu, 13 Apr 2023 17:09:44 +0300 Subject: [PATCH] Add options to automatically delete/ratchet megolm sessions --- config/upgrade.go | 7 +++++++ example-config.yaml | 17 +++++++++++++++++ go.mod | 2 +- go.sum | 4 ++-- 4 files changed, 27 insertions(+), 3 deletions(-) diff --git a/config/upgrade.go b/config/upgrade.go index c594324..86cf6a0 100644 --- a/config/upgrade.go +++ b/config/upgrade.go @@ -119,6 +119,13 @@ func DoUpgrade(helper *up.Helper) { helper.Copy(up.Bool, "bridge", "encryption", "require") helper.Copy(up.Bool, "bridge", "encryption", "appservice") helper.Copy(up.Bool, "bridge", "encryption", "plaintext_mentions") + helper.Copy(up.Bool, "bridge", "encryption", "delete_keys", "delete_outbound_on_ack") + helper.Copy(up.Bool, "bridge", "encryption", "delete_keys", "dont_store_outbound") + helper.Copy(up.Bool, "bridge", "encryption", "delete_keys", "ratchet_on_decrypt") + helper.Copy(up.Bool, "bridge", "encryption", "delete_keys", "delete_fully_used_on_decrypt") + helper.Copy(up.Bool, "bridge", "encryption", "delete_keys", "delete_prev_on_new_session") + helper.Copy(up.Bool, "bridge", "encryption", "delete_keys", "delete_on_device_delete") + helper.Copy(up.Bool, "bridge", "encryption", "delete_keys", "periodically_delete_expired") helper.Copy(up.Str, "bridge", "encryption", "verification_levels", "receive") helper.Copy(up.Str, "bridge", "encryption", "verification_levels", "send") helper.Copy(up.Str, "bridge", "encryption", "verification_levels", "share") diff --git a/example-config.yaml b/example-config.yaml index 806a2de..dd96b9c 100644 --- a/example-config.yaml +++ b/example-config.yaml @@ -355,6 +355,23 @@ bridge: allow_key_sharing: false # Should users mentions be in the event wire content to enable the server to send push notifications? plaintext_mentions: false + # Options for deleting megolm sessions from the bridge. + delete_keys: + # Beeper-specific: delete outbound sessions when hungryserv confirms + # that the user has uploaded the key to key backup. + delete_outbound_on_ack: false + # Don't store outbound sessions in the inbound table. + dont_store_outbound: false + # Ratchet megolm sessions forward after decrypting messages. + ratchet_on_decrypt: false + # Delete fully used keys (index >= max_messages) after decrypting messages. + delete_fully_used_on_decrypt: false + # Delete previous megolm sessions from same device when receiving a new one. + delete_prev_on_new_session: false + # Delete megolm sessions received from a device when the device is deleted. + delete_on_device_delete: false + # Periodically delete megolm sessions when 2x max_age has passed since receiving the session. + periodically_delete_expired: false # What level of device verification should be required from users? # # Valid levels: diff --git a/go.mod b/go.mod index 1c57642..48df239 100644 --- a/go.mod +++ b/go.mod @@ -16,7 +16,7 @@ require ( golang.org/x/net v0.8.0 google.golang.org/protobuf v1.28.1 maunium.net/go/maulogger/v2 v2.4.1 - maunium.net/go/mautrix v0.15.1-0.20230407141116-e5aa88ba0f9d + maunium.net/go/mautrix v0.15.1-0.20230413142246-2ba7be081ca5 ) require ( diff --git a/go.sum b/go.sum index 5028d16..9e86fdc 100644 --- a/go.sum +++ b/go.sum @@ -134,5 +134,5 @@ maunium.net/go/mauflag v1.0.0 h1:YiaRc0tEI3toYtJMRIfjP+jklH45uDHtT80nUamyD4M= maunium.net/go/mauflag v1.0.0/go.mod h1:nLivPOpTpHnpzEh8jEdSL9UqO9+/KBJFmNRlwKfkPeA= maunium.net/go/maulogger/v2 v2.4.1 h1:N7zSdd0mZkB2m2JtFUsiGTQQAdP0YeFWT7YMc80yAL8= maunium.net/go/maulogger/v2 v2.4.1/go.mod h1:omPuYwYBILeVQobz8uO3XC8DIRuEb5rXYlQSuqrbCho= -maunium.net/go/mautrix v0.15.1-0.20230407141116-e5aa88ba0f9d h1:LdxNYgiE2J7Q2057MV30ogMHiivhLPU02aTVbcqQeC8= -maunium.net/go/mautrix v0.15.1-0.20230407141116-e5aa88ba0f9d/go.mod h1:Ei+ijYIMoQ3at2vJrMbEQq/pN2fB3h18clD8PyVyTD0= +maunium.net/go/mautrix v0.15.1-0.20230413142246-2ba7be081ca5 h1:3qxQ/FaP7s/xHfVUYSgOM0COuS41097UoNaL0qMtQCk= +maunium.net/go/mautrix v0.15.1-0.20230413142246-2ba7be081ca5/go.mod h1:Ei+ijYIMoQ3at2vJrMbEQq/pN2fB3h18clD8PyVyTD0=