Skip to content

Commit

Permalink
Merge pull request #2080 from wireapp/release_2022_01_27
Browse files Browse the repository at this point in the history
  • Loading branch information
@fisx
fisx committed Jan 28, 2022
2 parents b97b966 + 0641f90 commit 13a6a83
Show file tree
Hide file tree
Showing 1,275 changed files with 4,630 additions and 2,415 deletions.
2 changes: 1 addition & 1 deletion .headroom.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@ variables:
organization: Wire Swiss GmbH
email: opensource@wire.com
project: This file is part of the Wire Server implementation.
year: '2020'
year: '2022'
license-headers:
haskell:
file-extensions: ["hs", "hsc"]
Expand Down
47 changes: 47 additions & 0 deletions CHANGELOG.md
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,52 @@
<!-- if you're not the release manager, do your edits to changelog under CHANGELOG.d/ -->

# [2022-01-27]

## Release notes

* The `nginz` chart now configures nginx to only allow cross-origin requests from an explicit allow list of subdomains. By default these are:

```yaml
nginz:
nginx_conf:
allowlisted_origins:
- webapp
- teams
- account
```

If you changed the names of these services, you must adjust those names in the nginz config as well. (#1630, #2073, 116988c62732)

* Backend now separates conversation access control for guests and services. The old access roles are still supported but it is encouraged to upgrade clients since mapping between the old access roles and the new access roles is not isomorphic. For more details refer to the API changes below or the Swagger docs.
Old clients are fully supported; if new clients and old clients are mixed, to old clients, either guests of services may appear to be enable if they are not, which may lead to error messages (confusing but harmless). (#2035)

## API changes

* Endpoints that recently have accepted `access_role` in their payload will now accept `access_role_v2` as well which will take precedence over `access_role`. See Swagger docs for how values are mapped. Endpoints that recently have returned `access_role` in their payload will now additionally return the `access_role_v2` field. (#2035)

## Features

* Conversation access roles now distinguish between guests and services. (#2035)

## Bug fixes and other updates

* There is now an explicit CORS allow list for *all* endpoints. In previous releases, all subdomains were accepted, however they must now be listed explicitly. This is a **breaking change**, as now only known Javascript applications may access the backend. (#1630, #2073, 116988c62732)
* Prevent 500s when SFTs are not reachable from Backend (#2077)

## Internal changes

* Bump hsaml2 package version (#2075)
* Separate Spar.Data module into smaller Cassandra interpreters (#2064)
* Fix some HLint issues in libs/wire-api. (#2065)
* Fix broken build process of package "old-time" for some environments (#2056)
* Refresh license headers (#2062)
* Rename Spar.Sem.ScimTokenStore.GetByTeam to LookupByTeam (#2068)

## Federation changes

* Tag several federation tests cases for the M2 release (#2045)


# [2022-01-18]

## Release notes
Expand Down
8 changes: 3 additions & 5 deletions charts/nginz/templates/conf/_nginx.conf.tpl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -125,7 +125,9 @@ http {

map $http_origin $cors_header {
default "";
"~^https://([^/]+\.)?{{ .Values.nginx_conf.external_env_domain | replace "." "\\." }}(:[0-9]{2,5})?$" "$http_origin";
{{ range $origin := .Values.nginx_conf.allowlisted_origins }}
"https://{{ $origin }}.{{ $.Values.nginx_conf.external_env_domain}}" "$http_origin";
{{ end }}
}


Expand Down Expand Up @@ -293,11 +295,7 @@ http {
more_set_headers 'Access-Control-Allow-Credentials: true';
{{ end -}}

{{ if ($location.restrict_whitelisted_origin) -}}
more_set_headers 'Access-Control-Allow-Origin: $cors_header';
{{- else }}
more_set_headers 'Access-Control-Allow-Origin: $http_origin';
{{- end }}

more_set_headers 'Access-Control-Expose-Headers: Request-Id, Location';
more_set_headers 'Request-Id: $request_id';
Expand Down
10 changes: 5 additions & 5 deletions charts/nginz/values.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -52,6 +52,11 @@ nginx_conf:
- ~* ^/conversations/([^/]*)/call/state
- /search/top
- /search/common
# -- The origins from which we allow CORS requests. These are combined with 'external_env_domain' to form a full url
allowlisted_origins:
- webapp
- teams
- account
upstreams:
cargohold:
- path: ~* ^/conversations/([^/]*)/assets
Expand Down Expand Up @@ -79,7 +84,6 @@ nginx_conf:
envs:
- all
allow_credentials: true
restrict_whitelisted_origin: true
max_body_size: "0"
disable_request_buffering: true
brig:
Expand Down Expand Up @@ -149,7 +153,6 @@ nginx_conf:
envs:
- all
allow_credentials: true
restrict_whitelisted_origin: true
- path: /bot/self
envs:
- all
Expand All @@ -170,13 +173,11 @@ nginx_conf:
envs:
- all
allow_credentials: true
restrict_whitelisted_origin: true
disable_zauth: true
- path: /activate
envs:
- all
allow_credentials: true
restrict_whitelisted_origin: true
disable_zauth: true
- path: /delete
envs:
Expand Down Expand Up @@ -238,7 +239,6 @@ nginx_conf:
- all
disable_zauth: true
allow_credentials: true
restrict_whitelisted_origin: true
unlimited_requests_endpoint: true
- path: /login
envs:
Expand Down
1 change: 1 addition & 0 deletions dev-packages.nix
View file
Original file line number Diff line number Diff line change
Expand Up @@ -159,6 +159,7 @@ let
export LIBRARY_PATH="${compile-deps}/lib"
export PKG_CONFIG_PATH="${compile-deps}/lib/pkgconfig"
export PATH="${compile-deps}/bin"
export CONFIG_SHELL="${compile-deps}/bin/sh"
exec "${pkgs.cabal-install}/bin/cabal" "$@"
'';
in
Expand Down
1 change: 1 addition & 0 deletions docs/reference/cassandra-schema.cql
View file
Original file line number Diff line number Diff line change
Expand Up @@ -227,6 +227,7 @@ CREATE TABLE galley_test.conversation (
conv uuid PRIMARY KEY,
access set<int>,
access_role int,
access_roles_v2 set<int>,
creator uuid,
deleted boolean,
message_timer bigint,
Expand Down
2 changes: 2 additions & 0 deletions hack/helm_vars/wire-server/values.yaml.gotmpl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -194,6 +194,8 @@ nginz:
nginx_conf:
env: staging
external_env_domain: zinfra.io
# NOTE: Web apps are disabled by default
allowlisted_origins: []
secrets:
basicAuth: "whatever"
zAuth:
Expand Down
2 changes: 1 addition & 1 deletion libs/api-bot/src/Network/Wire/Bot.hs
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
-- This file is part of the Wire Server implementation.
--
-- Copyright (C) 2020 Wire Swiss GmbH <opensource@wire.com>
-- Copyright (C) 2022 Wire Swiss GmbH <opensource@wire.com>
--
-- This program is free software: you can redistribute it and/or modify it under
-- the terms of the GNU Affero General Public License as published by the Free
Expand Down
2 changes: 1 addition & 1 deletion libs/api-bot/src/Network/Wire/Bot/Assert.hs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@

-- This file is part of the Wire Server implementation.
--
-- Copyright (C) 2020 Wire Swiss GmbH <opensource@wire.com>
-- Copyright (C) 2022 Wire Swiss GmbH <opensource@wire.com>
--
-- This program is free software: you can redistribute it and/or modify it under
-- the terms of the GNU Affero General Public License as published by the Free
Expand Down
2 changes: 1 addition & 1 deletion libs/api-bot/src/Network/Wire/Bot/Cache.hs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@

-- This file is part of the Wire Server implementation.
--
-- Copyright (C) 2020 Wire Swiss GmbH <opensource@wire.com>
-- Copyright (C) 2022 Wire Swiss GmbH <opensource@wire.com>
--
-- This program is free software: you can redistribute it and/or modify it under
-- the terms of the GNU Affero General Public License as published by the Free
Expand Down
2 changes: 1 addition & 1 deletion libs/api-bot/src/Network/Wire/Bot/Clients.hs
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
-- This file is part of the Wire Server implementation.
--
-- Copyright (C) 2020 Wire Swiss GmbH <opensource@wire.com>
-- Copyright (C) 2022 Wire Swiss GmbH <opensource@wire.com>
--
-- This program is free software: you can redistribute it and/or modify it under
-- the terms of the GNU Affero General Public License as published by the Free
Expand Down
2 changes: 1 addition & 1 deletion libs/api-bot/src/Network/Wire/Bot/Crypto.hs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@

-- This file is part of the Wire Server implementation.
--
-- Copyright (C) 2020 Wire Swiss GmbH <opensource@wire.com>
-- Copyright (C) 2022 Wire Swiss GmbH <opensource@wire.com>
--
-- This program is free software: you can redistribute it and/or modify it under
-- the terms of the GNU Affero General Public License as published by the Free
Expand Down
2 changes: 1 addition & 1 deletion libs/api-bot/src/Network/Wire/Bot/Crypto/Glue.hs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@

-- This file is part of the Wire Server implementation.
--
-- Copyright (C) 2020 Wire Swiss GmbH <opensource@wire.com>
-- Copyright (C) 2022 Wire Swiss GmbH <opensource@wire.com>
--
-- This program is free software: you can redistribute it and/or modify it under
-- the terms of the GNU Affero General Public License as published by the Free
Expand Down
2 changes: 1 addition & 1 deletion libs/api-bot/src/Network/Wire/Bot/Email.hs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@

-- This file is part of the Wire Server implementation.
--
-- Copyright (C) 2020 Wire Swiss GmbH <opensource@wire.com>
-- Copyright (C) 2022 Wire Swiss GmbH <opensource@wire.com>
--
-- This program is free software: you can redistribute it and/or modify it under
-- the terms of the GNU Affero General Public License as published by the Free
Expand Down
2 changes: 1 addition & 1 deletion libs/api-bot/src/Network/Wire/Bot/Metrics.hs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@

-- This file is part of the Wire Server implementation.
--
-- Copyright (C) 2020 Wire Swiss GmbH <opensource@wire.com>
-- Copyright (C) 2022 Wire Swiss GmbH <opensource@wire.com>
--
-- This program is free software: you can redistribute it and/or modify it under
-- the terms of the GNU Affero General Public License as published by the Free
Expand Down
2 changes: 1 addition & 1 deletion libs/api-bot/src/Network/Wire/Bot/Monad.hs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@

-- This file is part of the Wire Server implementation.
--
-- Copyright (C) 2020 Wire Swiss GmbH <opensource@wire.com>
-- Copyright (C) 2022 Wire Swiss GmbH <opensource@wire.com>
--
-- This program is free software: you can redistribute it and/or modify it under
-- the terms of the GNU Affero General Public License as published by the Free
Expand Down
2 changes: 1 addition & 1 deletion libs/api-bot/src/Network/Wire/Bot/Report.hs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@

-- This file is part of the Wire Server implementation.
--
-- Copyright (C) 2020 Wire Swiss GmbH <opensource@wire.com>
-- Copyright (C) 2022 Wire Swiss GmbH <opensource@wire.com>
--
-- This program is free software: you can redistribute it and/or modify it under
-- the terms of the GNU Affero General Public License as published by the Free
Expand Down
2 changes: 1 addition & 1 deletion libs/api-bot/src/Network/Wire/Bot/Report/Text.hs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@

-- This file is part of the Wire Server implementation.
--
-- Copyright (C) 2020 Wire Swiss GmbH <opensource@wire.com>
-- Copyright (C) 2022 Wire Swiss GmbH <opensource@wire.com>
--
-- This program is free software: you can redistribute it and/or modify it under
-- the terms of the GNU Affero General Public License as published by the Free
Expand Down
2 changes: 1 addition & 1 deletion libs/api-bot/src/Network/Wire/Bot/Settings.hs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@

-- This file is part of the Wire Server implementation.
--
-- Copyright (C) 2020 Wire Swiss GmbH <opensource@wire.com>
-- Copyright (C) 2022 Wire Swiss GmbH <opensource@wire.com>
--
-- This program is free software: you can redistribute it and/or modify it under
-- the terms of the GNU Affero General Public License as published by the Free
Expand Down
2 changes: 1 addition & 1 deletion libs/api-client/src/Network/Wire/Client.hs
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
-- This file is part of the Wire Server implementation.
--
-- Copyright (C) 2020 Wire Swiss GmbH <opensource@wire.com>
-- Copyright (C) 2022 Wire Swiss GmbH <opensource@wire.com>
--
-- This program is free software: you can redistribute it and/or modify it under
-- the terms of the GNU Affero General Public License as published by the Free
Expand Down
2 changes: 1 addition & 1 deletion libs/api-client/src/Network/Wire/Client/API/Asset.hs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@

-- This file is part of the Wire Server implementation.
--
-- Copyright (C) 2020 Wire Swiss GmbH <opensource@wire.com>
-- Copyright (C) 2022 Wire Swiss GmbH <opensource@wire.com>
--
-- This program is free software: you can redistribute it and/or modify it under
-- the terms of the GNU Affero General Public License as published by the Free
Expand Down
2 changes: 1 addition & 1 deletion libs/api-client/src/Network/Wire/Client/API/Auth.hs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@

-- This file is part of the Wire Server implementation.
--
-- Copyright (C) 2020 Wire Swiss GmbH <opensource@wire.com>
-- Copyright (C) 2022 Wire Swiss GmbH <opensource@wire.com>
--
-- This program is free software: you can redistribute it and/or modify it under
-- the terms of the GNU Affero General Public License as published by the Free
Expand Down
2 changes: 1 addition & 1 deletion libs/api-client/src/Network/Wire/Client/API/Client.hs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@

-- This file is part of the Wire Server implementation.
--
-- Copyright (C) 2020 Wire Swiss GmbH <opensource@wire.com>
-- Copyright (C) 2022 Wire Swiss GmbH <opensource@wire.com>
--
-- This program is free software: you can redistribute it and/or modify it under
-- the terms of the GNU Affero General Public License as published by the Free
Expand Down
2 changes: 1 addition & 1 deletion libs/api-client/src/Network/Wire/Client/API/Conversation.hs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@

-- This file is part of the Wire Server implementation.
--
-- Copyright (C) 2020 Wire Swiss GmbH <opensource@wire.com>
-- Copyright (C) 2022 Wire Swiss GmbH <opensource@wire.com>
--
-- This program is free software: you can redistribute it and/or modify it under
-- the terms of the GNU Affero General Public License as published by the Free
Expand Down
2 changes: 1 addition & 1 deletion libs/api-client/src/Network/Wire/Client/API/Push.hs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@

-- This file is part of the Wire Server implementation.
--
-- Copyright (C) 2020 Wire Swiss GmbH <opensource@wire.com>
-- Copyright (C) 2022 Wire Swiss GmbH <opensource@wire.com>
--
-- This program is free software: you can redistribute it and/or modify it under
-- the terms of the GNU Affero General Public License as published by the Free
Expand Down
2 changes: 1 addition & 1 deletion libs/api-client/src/Network/Wire/Client/API/Search.hs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@

-- This file is part of the Wire Server implementation.
--
-- Copyright (C) 2020 Wire Swiss GmbH <opensource@wire.com>
-- Copyright (C) 2022 Wire Swiss GmbH <opensource@wire.com>
--
-- This program is free software: you can redistribute it and/or modify it under
-- the terms of the GNU Affero General Public License as published by the Free
Expand Down
2 changes: 1 addition & 1 deletion libs/api-client/src/Network/Wire/Client/API/User.hs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@

-- This file is part of the Wire Server implementation.
--
-- Copyright (C) 2020 Wire Swiss GmbH <opensource@wire.com>
-- Copyright (C) 2022 Wire Swiss GmbH <opensource@wire.com>
--
-- This program is free software: you can redistribute it and/or modify it under
-- the terms of the GNU Affero General Public License as published by the Free
Expand Down
2 changes: 1 addition & 1 deletion libs/api-client/src/Network/Wire/Client/HTTP.hs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@

-- This file is part of the Wire Server implementation.
--
-- Copyright (C) 2020 Wire Swiss GmbH <opensource@wire.com>
-- Copyright (C) 2022 Wire Swiss GmbH <opensource@wire.com>
--
-- This program is free software: you can redistribute it and/or modify it under
-- the terms of the GNU Affero General Public License as published by the Free
Expand Down
2 changes: 1 addition & 1 deletion libs/api-client/src/Network/Wire/Client/Monad.hs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@

-- This file is part of the Wire Server implementation.
--
-- Copyright (C) 2020 Wire Swiss GmbH <opensource@wire.com>
-- Copyright (C) 2022 Wire Swiss GmbH <opensource@wire.com>
--
-- This program is free software: you can redistribute it and/or modify it under
-- the terms of the GNU Affero General Public License as published by the Free
Expand Down
2 changes: 1 addition & 1 deletion libs/api-client/src/Network/Wire/Client/Session.hs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@

-- This file is part of the Wire Server implementation.
--
-- Copyright (C) 2020 Wire Swiss GmbH <opensource@wire.com>
-- Copyright (C) 2022 Wire Swiss GmbH <opensource@wire.com>
--
-- This program is free software: you can redistribute it and/or modify it under
-- the terms of the GNU Affero General Public License as published by the Free
Expand Down
2 changes: 1 addition & 1 deletion libs/bilge/examples/google.hs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@

-- This file is part of the Wire Server implementation.
--
-- Copyright (C) 2020 Wire Swiss GmbH <opensource@wire.com>
-- Copyright (C) 2022 Wire Swiss GmbH <opensource@wire.com>
--
-- This program is free software: you can redistribute it and/or modify it under
-- the terms of the GNU Affero General Public License as published by the Free
Expand Down
2 changes: 1 addition & 1 deletion libs/bilge/src/Bilge.hs
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
-- This file is part of the Wire Server implementation.
--
-- Copyright (C) 2020 Wire Swiss GmbH <opensource@wire.com>
-- Copyright (C) 2022 Wire Swiss GmbH <opensource@wire.com>
--
-- This program is free software: you can redistribute it and/or modify it under
-- the terms of the GNU Affero General Public License as published by the Free
Expand Down
2 changes: 1 addition & 1 deletion libs/bilge/src/Bilge/Assert.hs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@

-- This file is part of the Wire Server implementation.
--
-- Copyright (C) 2020 Wire Swiss GmbH <opensource@wire.com>
-- Copyright (C) 2022 Wire Swiss GmbH <opensource@wire.com>
--
-- This program is free software: you can redistribute it and/or modify it under
-- the terms of the GNU Affero General Public License as published by the Free
Expand Down
2 changes: 1 addition & 1 deletion libs/bilge/src/Bilge/IO.hs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@

-- This file is part of the Wire Server implementation.
--
-- Copyright (C) 2020 Wire Swiss GmbH <opensource@wire.com>
-- Copyright (C) 2022 Wire Swiss GmbH <opensource@wire.com>
--
-- This program is free software: you can redistribute it and/or modify it under
-- the terms of the GNU Affero General Public License as published by the Free
Expand Down
Loading

0 comments on commit 13a6a83

Please sign in to comment.