When started without specifying a fileupload backend, soju crashes
because of a nil-pointer deref.
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x8 pc=0x9484bd]
goroutine 1 [running]:
main.loadConfig()
git.sr.ht/~emersion/soju/cmd/soju/main.go:94 +0x51d
main.main()
git.sr.ht/~emersion/soju/cmd/soju/main.go:127 +0x165
panic: runtime error: invalid memory address or nil pointer dereference
Add a guardclause preventing that crash.
Signed-off-by: Moritz Poldrack <git@moritz.sh>
This adds a new config option, `logs db`, which enables storing chat
logs in the soju database.
Regular store options, CHATHISTORY options, and SEARCH operations are
supported, like the fs logs backend.
Messages are stored in a new table, Message. In order to track the list
of targets we have messages for in an optimized manner, another database
is used: MessageTarget.
All new requests are backend by indexes so should be fast even with
hundreds of thousands of messages.
A contrib script is provided for migrating existing logs fs chat logs to
the database. It can be run with eg:
go run ./contrib/migrate-logs/ logs/ sqlite3:soju.db
Co-authored-by: Simon Ser <contact@emersion.fr>
This new command enables communicating with the unix administrative
endpoint (unix+admin) that can be enabled on soju.
The syntax is just that of BouncerServ.
Examples:
sojuctl -config soju.config help
sojuctl -config soju.config user status
This adds support for listening on a Unix socket for administrative
connections, that then use a simple protocol for communicating with
the service (BouncerServ) as an administrator with a global context.
The wire format used by the Unix socket is IRC, but without
registration or overheads.
Example session:
>>> BOUNCERSERV
<<< 461 * BOUNCERSERV :Not enough parameters
>>> BOUNCERSERV :n s
<<< :gensou FAIL BOUNCERSERV :this command must be run as a user
>>> BOUNCERSERV :u s
<<< :gensou PRIVMSG * :marisa: 2 networks
<<< :gensou PRIVMSG * :alice: 1 networks
<<< :gensou BOUNCERSERV OK
Add a new flag to disable users. This can be useful to temporarily
deactivate an account without erasing data.
The user goroutine is kept alive for simplicity's sake. Most of the
infrastructure assumes that each user always has a running goroutine.
A disabled user's goroutine is responsible for sending back an error
to downstream connections, and listening for potential events to
re-enable the account.
On some systems (namely Windows), syscall.Rlimit is not defined, and
makes the build fail.
This fixes the build by making the rlimit calls only run on archs where
it is defined, defaulting to a stub on other systems.
See: 8427429c59
The bouncer process may be dealing with many opened FDs. The default
on Linux is 1024. To support bouncers with a lot of users, bump
RLIMIT_NOFILE to the max as advised in [1].
[1]: http://0pointer.net/blog/file-descriptor-limits.html
This is a mecanical change, which just lifts up the context.TODO()
calls from inside the DB implementations to the callers.
Future work involves properly wiring up the contexts when it makes
sense.
go-proxyproto added support for a read timeout in 0.6.0[1] and
defaulted it to 200ms. After this time if no data is read on
the socket, it is closed.
This is _really_ low if the underlying connection is a TLS
one as no data pops out the other end until the handshake is
done. It effectively limits you to TLS connections within
a 50ms RTT of your bouncer with clients that are fast enough
at responding.
It appears that HexChat on Arch is somehow slow enough at
TLS connections thant it consistently takes longer than
200ms even over localhost, meaning it outright can't connect
to soju any longer.
To make this a lot less painful, have soju pass in a read
timeout of 5 seconds. This feels like a reasonable tradeoff
between keeping (possibly malicious) connections open and
accepting the realities of network connections.
[1]: https://github.com/pires/go-proxyproto/issues/65
Previously http.Server.ListenAndServeTLS would return a not very helpful
error about a failed open. This adds a check similar to the one in the
ircs case that should make it clearer to operators what the error is.
