recipe-maintainer: public snapshot (secrets + deployment plans removed, single commit)
Sanitized single-commit public mirror of recipe-maintainer. - Removed test-ssh/.testenv (live creds); added test-ssh/.testenv.example placeholders. - Removed plans/ and planned-updates/ (deployment-planning docs) so no client/ deployment domains appear in the public repo. - All other secret stores were already gitignored. - docs.coopcloud.tech retained as a submodule (public upstream).
This commit is contained in:
70
recipe-info/matrix-synapse/tests/test_complexity_limit.sh
Executable file
70
recipe-info/matrix-synapse/tests/test_complexity_limit.sh
Executable file
@ -0,0 +1,70 @@
|
||||
#!/bin/bash
|
||||
# Test: verify room complexity limit blocks joining large remote rooms
|
||||
#
|
||||
# Tries to join a known large remote room (#community:matrix.org) and
|
||||
# verifies Synapse rejects the join due to complexity limits.
|
||||
# Requires: ROOM_COMPLEXITY_LIMIT set low enough (e.g. 10.0) and federation enabled.
|
||||
set -euo pipefail
|
||||
|
||||
SERVER="cctest.autonomic.zone"
|
||||
DOMAIN="matrix-synapse.cctest.autonomic.zone"
|
||||
STACK_NAME="matrix-synapse_cctest_autonomic_zone"
|
||||
ADMIN_USER="complexity_test_admin"
|
||||
ADMIN_PASS="complextest_pass_123"
|
||||
|
||||
echo "=== Test: room complexity limit blocks large remote rooms ==="
|
||||
|
||||
# Register admin user
|
||||
echo "Registering admin user..."
|
||||
ssh "$SERVER" "docker exec \$(docker ps --filter name=${STACK_NAME}_app -q) \
|
||||
register_new_matrix_user -u $ADMIN_USER -p $ADMIN_PASS -a -c /data/homeserver.yaml http://localhost:8008 2>&1" || true
|
||||
|
||||
# Get token
|
||||
echo "Getting token..."
|
||||
TOKEN=$(ssh "$SERVER" "docker exec \$(docker ps --filter name=${STACK_NAME}_app -q) \
|
||||
curl -s -X POST http://localhost:8008/_matrix/client/r0/login \
|
||||
-H 'Content-Type: application/json' \
|
||||
-d '{\"type\":\"m.login.password\",\"user\":\"$ADMIN_USER\",\"password\":\"$ADMIN_PASS\"}'" \
|
||||
| python3 -c "import sys,json; print(json.load(sys.stdin)['access_token'])")
|
||||
|
||||
if [ -z "$TOKEN" ]; then
|
||||
echo "FAIL: Could not get token"
|
||||
exit 1
|
||||
fi
|
||||
echo "Token: ${TOKEN:0:20}..."
|
||||
|
||||
# Verify complexity limit is set
|
||||
echo ""
|
||||
echo "Checking homeserver config..."
|
||||
COMPLEXITY=$(ssh "$SERVER" "docker exec \$(docker ps --filter name=${STACK_NAME}_app -q) \
|
||||
grep 'complexity:' /data/homeserver.yaml" | awk '{print $2}')
|
||||
echo "Configured complexity limit: $COMPLEXITY"
|
||||
|
||||
# Try to join #community:matrix.org (a large room with ~30k state events, complexity ~60)
|
||||
# This should be rejected because complexity 60 > limit 10
|
||||
LARGE_ROOM="%23community:matrix.org"
|
||||
echo ""
|
||||
echo "Attempting to join #community:matrix.org (should be rejected)..."
|
||||
RESULT=$(ssh "$SERVER" "docker exec \$(docker ps --filter name=${STACK_NAME}_app -q) \
|
||||
curl -s -X POST 'http://localhost:8008/_matrix/client/r0/join/${LARGE_ROOM}' \
|
||||
-H 'Authorization: Bearer $TOKEN' \
|
||||
-H 'Content-Type: application/json' \
|
||||
-d '{}'")
|
||||
echo "Response: $RESULT"
|
||||
|
||||
# Check for complexity error
|
||||
if echo "$RESULT" | grep -qi "complex\|too large\|M_RESOURCE_LIMIT_EXCEEDED"; then
|
||||
echo ""
|
||||
echo "PASS: Room join rejected due to complexity limit"
|
||||
elif echo "$RESULT" | grep -qi "error"; then
|
||||
echo ""
|
||||
echo "Got an error (may be federation related, not complexity):"
|
||||
echo "$RESULT" | python3 -m json.tool 2>/dev/null || echo "$RESULT"
|
||||
echo ""
|
||||
echo "INCONCLUSIVE: Got an error but not clearly a complexity rejection"
|
||||
exit 1
|
||||
else
|
||||
echo ""
|
||||
echo "FAIL: Room join was not rejected — complexity limit may not be working"
|
||||
exit 1
|
||||
fi
|
||||
Reference in New Issue
Block a user