matrix-org · Azrenbeth · Sep 13, 2021 · Sep 7, 2021 · Sep 7, 2021 · Sep 7, 2021
@@ -12,6 +12,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+from configparser import NoOptionError
 from typing import TYPE_CHECKING
 
 if TYPE_CHECKING:
@@ -29,3 +30,44 @@ def parse_config(self, cfg: "ConfigParser") -> None:
         self.verify_response_template = None
         if cfg.has_option("http", "verify_response_template"):
             self.verify_response_template = cfg.get("http", "verify_response_template")
+
+        self.client_bind_address = cfg.get("http", "clientapi.http.bind_address")
+        self.client_port = cfg.getint("http", "clientapi.http.port")
+
+        # internal port is allowed to be set to an empty string in the config
+        self.internal_port = cfg.get("http", "internalapi.http.port")
+        if self.internal_port:
+            self.internal_api_enabled = True
+            self.internal_port = int(self.internal_port)
+            try:
+                self.internal_bind_address = cfg.get(
+                    "http", "internalapi.http.bind_address"
+                )
+            except NoOptionError:
+                self.internal_bind_address = "::1"
+        else:
+            self.internal_api_enabled = False
+
+        self.cert_file = cfg.get("http", "replication.https.certfile")
+        self.ca_cert_File = cfg.get("http", "replication.https.cacert")
+
+        self.replication_bind_address = cfg.get(
+            "http", "replication.https.bind_address"
+        )
+        self.replication_port = cfg.getint("http", "replication.https.port")
+
+        self.obey_x_forwarded_for = cfg.get("http", "obey_x_forwarded_for")
+
+        self.verify_federation_certs = cfg.getboolean("http", "federation.verifycerts")
+
+        self.server_http_url_base = cfg.get("http", "client_http_base")
+
+        self.base_replication_urls = {}
+
+        for section in cfg.sections():
+            if section.startswith("peer."):
+                # peer name is all the characters after 'peer.'
+                peer = section[5:]
+                if cfg.has_option(section, "base_replication_url"):
+                    base_url = cfg.get(section, "base_replication_url")
+                    self.base_replication_urls[peer] = base_url
@@ -89,8 +89,7 @@ class ClientTLSOptionsFactory:
     """Factory for Twisted ClientTLSOptions that are used to make connections
     to remote servers for federation."""
 
-    def __init__(self, config):
-        verify_requests = config.getboolean("http", "federation.verifycerts")
+    def __init__(self, verify_requests):
         if verify_requests:
             self._options = ssl.CertificateOptions(trustRoot=ssl.platformTrust())
         else:

@@ -145,7 +145,7 @@ def __init__(self, sydent: "Sydent") -> None:
                 ip_whitelist=sydent.ip_whitelist,
                 ip_blacklist=sydent.ip_blacklist,
             ),
-            ClientTLSOptionsFactory(sydent.cfg)
+            ClientTLSOptionsFactory(sydent.config.http.verify_federation_certs)
             if sydent.use_tls_for_federation
             else None,
         )
@@ -42,9 +42,9 @@ def __init__(self, sydent: "Sydent") -> None:
         self.trustRoot = self.makeTrustRoot()
 
     def makeMyCertificate(self):
-        privKeyAndCertFilename = self.sydent.cfg.get(
-            "http", "replication.https.certfile"
-        )
+        # TODO Move some of this loading into parse_config
+        privKeyAndCertFilename = self.sydent.config.http.cert_file
+
         if privKeyAndCertFilename == "":
             logger.warning(
                 "No HTTPS private key / cert found: not starting replication server "
@@ -69,7 +69,7 @@ def makeMyCertificate(self):
     def makeTrustRoot(self):
         # If this option is specified, use a specific root CA cert. This is useful for testing when it's not
         # practical to get the client cert signed by a real root CA but should never be used on a production server.
-        caCertFilename = self.sydent.cfg.get("http", "replication.https.cacert")
+        caCertFilename = self.sydent.config.http.ca_cert_File
         if len(caCertFilename) > 0:
             try:
                 fp = open(caCertFilename)

@@ -139,8 +139,9 @@ def __init__(self, sydent: "Sydent") -> None:
         self.factory.displayTracebacks = False
 
     def setup(self):
-        httpPort = int(self.sydent.cfg.get("http", "clientapi.http.port"))
-        interface = self.sydent.cfg.get("http", "clientapi.http.bind_address")
+        httpPort = self.sydent.config.http.client_port
+        interface = self.sydent.config.http.client_bind_address
+
         logger.info("Starting Client API HTTP server on %s:%d", interface, httpPort)
         self.sydent.reactor.listenTCP(
             httpPort,
@@ -199,8 +200,8 @@ def __init__(self, sydent: "Sydent") -> None:
         self.factory.displayTracebacks = False
 
     def setup(self):
-        httpPort = int(self.sydent.cfg.get("http", "replication.https.port"))
-        interface = self.sydent.cfg.get("http", "replication.https.bind_address")
+        httpPort = self.sydent.config.http.replication_port
+        interface = self.sydent.config.http.replication_bind_address
 
         if self.sydent.sslComponents.myPrivateCertificate:
             # We will already have logged a warn if this is absent, so don't do it again

@@ -170,7 +170,7 @@ def render_POST(self, request: Request) -> JsonDict:
         pubKeyBase64 = encode_base64(pubKey.encode())
 
         baseUrl = "%s/_matrix/identity/api/v1" % (
-            self.sydent.cfg.get("http", "client_http_base"),
+            self.sydent.config.http.server_http_url_base,
         )
 
         keysToReturn = []

@@ -14,7 +14,6 @@
 # limitations under the License.
 
 import binascii
-import configparser
 import json
 import logging
 from typing import TYPE_CHECKING, Any, Dict
@@ -138,12 +137,9 @@ def __init__(
         self.lastSentVersion = lastSentVersion
 
         # look up or build the replication URL
-        try:
-            replication_url = sydent.cfg.get(
-                "peer.%s" % server_name,
-                "base_replication_url",
-            )
-        except (configparser.NoSectionError, configparser.NoOptionError):
+        replication_url = self.sydent.config.http.base_replication_urls.get(server_name)
+
+        if replication_url is None:
             if not port:
                 port = 1001
             replication_url = "https://%s:%i" % (server_name, port)

@@ -395,14 +395,12 @@ def run(self):
         self.replicationHttpsServer.setup()
         self.pusher.setup()
 
-        internalport = self.cfg.get("http", "internalapi.http.port")
-        if internalport:
-            try:
-                interface = self.cfg.get("http", "internalapi.http.bind_address")
-            except configparser.NoOptionError:
-                interface = "::1"
+        if self.config.http.internal_api_enabled:
+            internalport = self.config.http.internal_port
+            interface = self.config.http.internal_bind_address
+
             self.internalApiHttpServer = InternalApiHttpServer(self)
-            self.internalApiHttpServer.setup(interface, int(internalport))
+            self.internalApiHttpServer.setup(interface, internalport)
 
         if self.pidfile:
             with open(self.pidfile, "w") as pidfile:
@@ -411,9 +409,9 @@ def run(self):
         self.reactor.run()
 
     def ip_from_request(self, request):
-        if self.cfg.get(
-            "http", "obey_x_forwarded_for"
-        ) and request.requestHeaders.hasHeader("X-Forwarded-For"):
+        if self.config.http.obey_x_forwarded_for and request.requestHeaders.hasHeader(
+            "X-Forwarded-For"
+        ):
             return request.requestHeaders.getRawHeaders("X-Forwarded-For")[0]
         client = request.getClientAddress()
         if isinstance(client, (address.IPv4Address, address.IPv6Address)):

@@ -112,7 +112,7 @@ def makeValidateLink(
 
         :return: The validation link.
         """
-        base = self.sydent.cfg.get("http", "client_http_base")
+        base = self.sydent.config.http.server_http_url_base
         link = "%s/_matrix/identity/api/v1/validate/email/submitToken?token=%s&client_secret=%s&sid=%d" % (
             base,
             urllib.parse.quote(valSession.token),