add rocksdb paranoid_file_checks config option, add some more config checks

Signed-off-by: strawberry <strawberry@puppygock.gay>

conduwuit-example.toml

@@ -105,7 +105,7 @@
 #
 # This defaults to 128.0 + (64.0 * CPU core count)
 #
-#db_cache_capacity_mb =
+#db_cache_capacity_mb = varies by system
 
 # Option to control adding arbitrary text to the end of the user's
 # displayname upon registration with a space before the text. This was the
@@ -114,9 +114,9 @@
 #
 # The default is the trans pride flag.
 #
-# example: "🏳️⚧️"
+# example: "🏳️‍⚧️"
 #
-#new_user_displayname_suffix = "🏳️⚧️"
+#new_user_displayname_suffix = "🏳️‍⚧️"
 
 # If enabled, conduwuit will send a simple GET request periodically to
 # `https://pupbrain.dev/check-for-updates/stable` for any new
@@ -132,8 +132,7 @@
 # with such as "auth_chain_cache_capacity".
 #
 # May be useful if you have significant memory to spare to increase
-# performance. This was previously called
-# `conduit_cache_capacity_modifier`.
+# performance.
 #
 # If you have low memory, reducing this may be viable.
 #
@@ -204,9 +203,7 @@
 # longer running Matrix). Only decrease this if you are using an external
 # DNS cache.
 #
-# default_dns_min_ttl: 259200
-#
-#dns_min_ttl =
+#dns_min_ttl = 10800
 
 # Minimum time-to-live in seconds for NXDOMAIN entries in the DNS cache.
 # This value is critical for the server to federate efficiently.
@@ -217,7 +214,7 @@
 #
 #dns_min_ttl_nxdomain = 259200
 
-# Number of retries after a timeout.
+# Number of DNS nameserver retries after a timeout or error.
 #
 #dns_attempts = 10
 
@@ -547,7 +544,7 @@
 # Currently, conduwuit doesn't support inbound batched key requests, so
 # this list should only contain other Synapse servers
 #
-# example: ["matrix.org", "constellatory.net", "tchncs.de"]
+# example: ["matrix.org", "envs.net", "constellatory.net", "tchncs.de"]
 #
 #trusted_servers = ["matrix.org"]
 
@@ -689,14 +686,14 @@
 # room invites) are ignored here.
 #
 # Defaults to false as rooms can be banned for non-moderation-related
-# reasons
+# reasons and this performs a full user deactivation
 #
 #auto_deactivate_banned_room_attempts = false
 
 # RocksDB log level. This is not the same as conduwuit's log level. This
 # is the log level for the RocksDB engine/library which show up in your
 # database folder/path as `LOG` files. conduwuit will log RocksDB errors
-# as normal through tracing.
+# as normal through tracing or panics if severe for safety.
 #
 #rocksdb_log_level = "error"
 
@@ -745,7 +742,7 @@
 # operatons such as cleanup, sync, flush, compaction, etc. Set to 0 to use
 # all your logical threads. Defaults to your CPU logical thread count.
 #
-#rocksdb_parallelism_threads = 0
+#rocksdb_parallelism_threads = varies by system
 
 # Maximum number of LOG files RocksDB will keep. This must *not* be set to
 # 0. It must be at least 1. Defaults to 3 as these are not very useful
@@ -833,6 +830,14 @@
 #
 #rocksdb_recovery_mode = 1
 
+# Enables or disables paranoid SST file checks. This can improve RocksDB
+# database consistency at a potential performance impact due to further
+# safety checks ran.
+#
+# See https://github.com/facebook/rocksdb/wiki/Online-Verification#columnfamilyoptionsparanoid_file_checks for more information.
+#
+#rocksdb_paranoid_file_checks = false
+
 # Database repair mode (for RocksDB SST corruption)
 #
 # Use this option when the server reports corruption while running or
@@ -1119,12 +1124,14 @@
 #
 # To disable, set this to be an empty vector (`[]`).
 #
+# Defaults to:
+# ["127.0.0.0/8", "10.0.0.0/8", "172.16.0.0/12",
 # "192.168.0.0/16", "100.64.0.0/10", "192.0.0.0/24", "169.254.0.0/16",
 # "192.88.99.0/24", "198.18.0.0/15", "192.0.2.0/24", "198.51.100.0/24",
 # "203.0.113.0/24", "224.0.0.0/4", "::1/128", "fe80::/10", "fc00::/7",
 # "2001:db8::/32", "ff00::/8", "fec0::/10"]
 #
-#ip_range_denylist = ["127.0.0.0/8", "10.0.0.0/8", "172.16.0.0/12",
+#ip_range_denylist =
 
 # Optional IP address or network interface-name to bind as the source of
 # URL preview requests. If not set, it will not bind to a specific
@@ -1181,9 +1188,9 @@
 #url_preview_url_contains_allowlist = []
 
 # Maximum amount of bytes allowed in a URL preview body size when
-# spidering. Defaults to 384KB in bytes.
+# spidering. Defaults to 256KB in bytes.
 #
-#url_preview_max_spider_size = 384000
+#url_preview_max_spider_size = 256000
 
 # Option to decide whether you would like to run the domain allowlist
 # checks (contains and explicit) on the root domain or not. Does not apply
@@ -1302,7 +1309,7 @@
 
 # Sentry.io crash/panic reporting, performance monitoring/metrics, etc.
 # This is NOT enabled by default. conduwuit's default Sentry reporting
-# endpoint is o4506996327251968.ingest.us.sentry.io
+# endpoint domain is o4506996327251968.ingest.us.sentry.io
 #
 #sentry = false
 

src/core/config/check.rs

@@ -20,10 +20,7 @@ pub fn check(config: &Config) -> Result<()> {
 	}
 
 	if cfg!(all(feature = "hardened_malloc", feature = "jemalloc")) {
-		warn!(
-			"hardened_malloc and jemalloc are both enabled, this causes jemalloc to be used. If using --all-features, \
-			 this is harmless."
-		);
+		info!("hardened_malloc and jemalloc compile-time features are both enabled, this causes jemalloc to be used.");
 	}
 
 	if cfg!(not(unix)) && config.unix_socket_path.is_some() {
@@ -34,7 +31,15 @@ pub fn check(config: &Config) -> Result<()> {
 		));
 	}
 
-	if cfg!(unix) && config.unix_socket_path.is_none() {
+	if config.unix_socket_path.is_none() && config.get_bind_hosts().is_empty() {
+		return Err!(Config("address", "No TCP addresses were specified to listen on"));
+	}
+
+	if config.unix_socket_path.is_none() && config.get_bind_ports().is_empty() {
+		return Err!(Config("port", "No ports were specified to listen on"));
+	}
+
+	if config.unix_socket_path.is_none() {
 		config.get_bind_addrs().iter().for_each(|addr| {
 			use std::path::Path;
 
@@ -50,18 +55,14 @@ pub fn check(config: &Config) -> Result<()> {
 						 host and guest, this will NOT work. Please change this to \"0.0.0.0\". If this is expected, \
 						 you can ignore.",
 					);
-				}
-
-				if Path::new("/.dockerenv").exists() {
+				} else if Path::new("/.dockerenv").exists() {
 					error!(
 						"You are detected using Docker with a loopback/localhost listening address of {addr}. If you \
 						 are using a reverse proxy on the host and require communication to conduwuit in the Docker \
 						 container via NAT-based networking, this will NOT work. Please change this to \"0.0.0.0\". \
 						 If this is expected, you can ignore.",
 					);
-				}
-
-				if Path::new("/run/.containerenv").exists() {
+				} else if Path::new("/run/.containerenv").exists() {
 					error!(
 						"You are detected using Podman with a loopback/localhost listening address of {addr}. If you \
 						 are using a reverse proxy on the host and require communication to conduwuit in the Podman \
@@ -89,6 +90,13 @@ pub fn check(config: &Config) -> Result<()> {
 		));
 	}
 
+	if config.emergency_password == Some(String::from("F670$2CP@Hw8mG7RY1$%!#Ic7YA")) {
+		return Err!(Config(
+			"emergency_password",
+			"The public example emergency password is being used, this is insecure. Please change this."
+		));
+	}
+
 	// check if the user specified a registration token as `""`
 	if config.registration_token == Some(String::new()) {
 		return Err!(Config(
@@ -113,17 +121,20 @@ pub fn check(config: &Config) -> Result<()> {
 		));
 	}
 
-	if config.max_request_size < 5_120_000 {
+	if config.max_request_size < 10_000_000 {
 		return Err!(Config(
 			"max_request_size",
-			"Max request size is less than 5MB. Please increase it."
+			"Max request size is less than 10MB. Please increase it as this is too low for operable federation."
 		));
 	}
 
 	// check if user specified valid IP CIDR ranges on startup
 	for cidr in &config.ip_range_denylist {
 		if let Err(e) = ipaddress::IPAddress::parse(cidr) {
-			return Err!(Config("ip_range_denylist", "Parsing specified IP CIDR range from string: {e}."));
+			return Err!(Config(
+				"ip_range_denylist",
+				"Parsing specified IP CIDR range from string failed: {e}."
+			));
 		}
 	}
 
@@ -135,10 +146,10 @@ pub fn check(config: &Config) -> Result<()> {
 		return Err!(Config(
 			"registration_token",
 			"!! You have `allow_registration` enabled without a token configured in your config which means you are \
-			 allowing ANYONE to register on your conduwuit instance without any 2nd-step (e.g. registration token).\n
-If this is not the intended behaviour, please set a registration token.\n
-For security and safety reasons, conduwuit will shut down. If you are extra sure this is the desired behaviour you \
-			 want, please set the following config option to true:
+			 allowing ANYONE to register on your conduwuit instance without any 2nd-step (e.g. registration token). \
+			 If this is not the intended behaviour, please set a registration token. For security and safety reasons, \
+			 conduwuit will shut down. If you are extra sure this is the desired behaviour you want, please set the \
+			 following config option to true:
 `yes_i_am_very_very_sure_i_want_an_open_registration_server_prone_to_abuse`"
 		));
 	}
@@ -151,15 +162,16 @@ For security and safety reasons, conduwuit will shut down. If you are extra sure
 		warn!(
 			"Open registration is enabled via setting \
 			 `yes_i_am_very_very_sure_i_want_an_open_registration_server_prone_to_abuse` and `allow_registration` to \
-			 true without a registration token configured. You are expected to be aware of the risks now.\n
-    If this is not the desired behaviour, please set a registration token."
+			 true without a registration token configured. You are expected to be aware of the risks now. If this is \
+			 not the desired behaviour, please set a registration token."
 		);
 	}
 
 	if config.allow_outgoing_presence && !config.allow_local_presence {
 		return Err!(Config(
 			"allow_local_presence",
-			"Outgoing presence requires allowing local presence. Please enable 'allow_local_presence'."
+			"Outgoing presence requires allowing local presence. Please enable 'allow_local_presence' or disable \
+			 outgoing presence."
 		));
 	}
 

src/core/config/mod.rs

@@ -141,6 +141,8 @@ pub struct Config {
 	/// core count.
 	///
 	/// This defaults to 128.0 + (64.0 * CPU core count)
+	///
+	/// default: varies by system
 	#[serde(default = "default_db_cache_capacity_mb")]
 	pub db_cache_capacity_mb: f64,
 
@@ -151,9 +153,9 @@ pub struct Config {
 	///
 	/// The default is the trans pride flag.
 	///
-	/// example: "🏳️⚧️"
+	/// example: "🏳️‍⚧️"
 	///
-	/// default: "🏳️⚧️"
+	/// default: "🏳️‍⚧️"
 	#[serde(default = "default_new_user_displayname_suffix")]
 	pub new_user_displayname_suffix: String,
 
@@ -164,15 +166,14 @@ pub struct Config {
 	///
 	/// This is disabled by default as this is rarely used except for security
 	/// updates or major updates.
-	#[serde(default)]
+	#[serde(default, alias = "allow_announcements_check")]
 	pub allow_check_for_updates: bool,
 
 	/// Set this to any float value to multiply conduwuit's in-memory LRU caches
 	/// with such as "auth_chain_cache_capacity".
 	///
 	/// May be useful if you have significant memory to spare to increase
-	/// performance. This was previously called
-	/// `conduit_cache_capacity_modifier`.
+	/// performance.
 	///
 	/// If you have low memory, reducing this may be viable.
 	///
@@ -247,7 +248,7 @@ pub struct Config {
 	/// longer running Matrix). Only decrease this if you are using an external
 	/// DNS cache.
 	///
-	/// default_dns_min_ttl: 259200
+	/// default: 10800
 	#[serde(default = "default_dns_min_ttl")]
 	pub dns_min_ttl: u64,
 
@@ -262,7 +263,7 @@ pub struct Config {
 	#[serde(default = "default_dns_min_ttl_nxdomain")]
 	pub dns_min_ttl_nxdomain: u64,
 
-	/// Number of retries after a timeout.
+	/// Number of DNS nameserver retries after a timeout or error.
 	///
 	/// default: 10
 	#[serde(default = "default_dns_attempts")]
@@ -633,7 +634,7 @@ pub struct Config {
 	/// Currently, conduwuit doesn't support inbound batched key requests, so
 	/// this list should only contain other Synapse servers
 	///
-	/// example: ["matrix.org", "constellatory.net", "tchncs.de"]
+	/// example: ["matrix.org", "envs.net", "constellatory.net", "tchncs.de"]
 	///
 	/// default: ["matrix.org"]
 	#[serde(default = "default_trusted_servers")]
@@ -794,14 +795,14 @@ pub struct Config {
 	/// room invites) are ignored here.
 	///
 	/// Defaults to false as rooms can be banned for non-moderation-related
-	/// reasons
+	/// reasons and this performs a full user deactivation
 	#[serde(default)]
 	pub auto_deactivate_banned_room_attempts: bool,
 
 	/// RocksDB log level. This is not the same as conduwuit's log level. This
 	/// is the log level for the RocksDB engine/library which show up in your
 	/// database folder/path as `LOG` files. conduwuit will log RocksDB errors
-	/// as normal through tracing.
+	/// as normal through tracing or panics if severe for safety.
 	///
 	/// default: "error"
 	#[serde(default = "default_rocksdb_log_level")]
@@ -855,7 +856,7 @@ pub struct Config {
 	/// operatons such as cleanup, sync, flush, compaction, etc. Set to 0 to use
 	/// all your logical threads. Defaults to your CPU logical thread count.
 	///
-	/// default: 0
+	/// default: varies by system
 	#[serde(default = "default_rocksdb_parallelism_threads")]
 	pub rocksdb_parallelism_threads: usize,
 
@@ -955,6 +956,14 @@ pub struct Config {
 	#[serde(default = "default_rocksdb_recovery_mode")]
 	pub rocksdb_recovery_mode: u8,
 
+	/// Enables or disables paranoid SST file checks. This can improve RocksDB
+	/// database consistency at a potential performance impact due to further
+	/// safety checks ran.
+	///
+	/// See https://github.com/facebook/rocksdb/wiki/Online-Verification#columnfamilyoptionsparanoid_file_checks for more information.
+	#[serde(default)]
+	pub rocksdb_paranoid_file_checks: bool,
+
 	/// Database repair mode (for RocksDB SST corruption)
 	///
 	/// Use this option when the server reports corruption while running or
@@ -1255,7 +1264,8 @@ pub struct Config {
 	///
 	/// To disable, set this to be an empty vector (`[]`).
 	///
-	/// default: ["127.0.0.0/8", "10.0.0.0/8", "172.16.0.0/12",
+	/// Defaults to:
+	/// ["127.0.0.0/8", "10.0.0.0/8", "172.16.0.0/12",
 	/// "192.168.0.0/16", "100.64.0.0/10", "192.0.0.0/24", "169.254.0.0/16",
 	/// "192.88.99.0/24", "198.18.0.0/15", "192.0.2.0/24", "198.51.100.0/24",
 	/// "203.0.113.0/24", "224.0.0.0/4", "::1/128", "fe80::/10", "fc00::/7",
@@ -1328,9 +1338,9 @@ pub struct Config {
 	pub url_preview_url_contains_allowlist: Vec<String>,
 
 	/// Maximum amount of bytes allowed in a URL preview body size when
-	/// spidering. Defaults to 384KB in bytes.
+	/// spidering. Defaults to 256KB in bytes.
 	///
-	/// default: 384000
+	/// default: 256000
 	#[serde(default = "default_url_preview_max_spider_size")]
 	pub url_preview_max_spider_size: usize,
 
@@ -1465,7 +1475,7 @@ pub struct Config {
 
 	/// Sentry.io crash/panic reporting, performance monitoring/metrics, etc.
 	/// This is NOT enabled by default. conduwuit's default Sentry reporting
-	/// endpoint is o4506996327251968.ingest.us.sentry.io
+	/// endpoint domain is o4506996327251968.ingest.us.sentry.io
 	#[serde(default)]
 	pub sentry: bool,
 
@@ -1532,12 +1542,14 @@ pub struct Config {
 	/// specifically the queue-depth or the number of simultaneous requests in
 	/// flight. Defaults to 32 or four times the number of CPU cores, whichever
 	/// is greater.
+	///
 	/// default: 32
 	#[serde(default = "default_db_pool_workers")]
 	pub db_pool_workers: usize,
 
 	/// Size of the queue feeding the database's frontend-pool. Defaults to 256
 	/// or eight times the number of CPU cores, whichever is greater.
+	///
 	/// default: 256
 	#[serde(default = "default_db_pool_queue_size")]
 	pub db_pool_queue_size: usize,
@@ -2282,7 +2294,7 @@ fn default_ip_range_denylist() -> Vec<String> {
 }
 
 fn default_url_preview_max_spider_size() -> usize {
-	384_000 // 384KB
+	256_000 // 256KB
 }
 
 fn default_new_user_displayname_suffix() -> String { "🏳️‍⚧️".to_owned() }

src/database/opts.rs

@@ -95,6 +95,8 @@ pub(crate) fn db_options(config: &Config, env: &mut Env, row_cache: &Cache, col_
 		4_u8..=u8::MAX => unimplemented!(),
 	});
 
+	opts.set_paranoid_checks(config.rocksdb_paranoid_file_checks);
+
 	opts.set_env(env);
 	Ok(opts)
 }