Skip to content

Set signing key if available/known #9

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 2 commits into from
Oct 22, 2025
Merged

Set signing key if available/known #9

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
997ab6b
Set signing key if available/known
turt2live Oct 17, 2025
8893a33
Apply suggestion from @turt2live
turt2live Oct 22, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 4 additions & 0 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -53,6 +53,10 @@ services:
- POLICYSERV_BASE_URL=https://your_policyserv.example.org
- POLICYSERV_API_KEY=your_policyserv_api_key_goes_here
- POLICYSERV_SERVER_NAME=policyserv.example.org
# policyserv prints its public event signing key on startup. Look for the line starting
# with "Public event key:" and copy the base64 value after "ed25519:policy_server".
# This is currently optional, but may become required in the future.
- POLICYSERV_EVENT_SIGNING_KEY=unpadded_base64_encoded_PUBLIC_key
- APPEAL_DIRECTIONS=To appeal this decision, please contact [email protected]
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

So you start the bot and and it prints out the signing key and then you add that to the env variables? I am wondering why add it to the env if the bot knows it's key already? Also should it be mentioned (as in the comment below) that it is optional?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The bot doesn't know the signing key - the server does. I considered adding an API to fetch it, but that feels a bit overkill compared to copy/paste.

It should probably be marked optional, yea.

- COMMUNITY_RATE_LIMIT_WINDOW_MS=600000
- COMMUNITY_RATE_LIMIT_MAX=10
Expand Down
10 changes: 7 additions & 3 deletions src/index.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@ const storagePath = process.env.STORAGE_PATH || "bot";
const policyservBaseUrl = process.env.POLICYSERV_BASE_URL;
const policyservApiKey = process.env.POLICYSERV_API_KEY;
const policyservServerName = process.env.POLICYSERV_SERVER_NAME;
const policyservEventSigningKey = process.env.POLICYSERV_EVENT_SIGNING_KEY; // optional
const appealDirections = process.env.APPEAL_DIRECTIONS || "To appeal this decision, please email [email protected]";
const communityRateLimitWindowMs = Number(process.env.COMMUNITY_RATE_LIMIT_WINDOW_MS) || 10 * 60 * 1000; // 10min default
const communityRateLimitMax = Number(process.env.COMMUNITY_RATE_LIMIT_MAX) || 10;
Expand Down Expand Up @@ -107,10 +108,13 @@ const userLimiter = new RateLimit(userRateLimitWindowMs, userRateLimitMax);
} else {
// Try to set the policy server state event ourselves, but warn the community if it went poorly
try {
await client.sendStateEvent(policyservData["room_id"], "org.matrix.msc4284.policy", "", {
const content = {
"via": policyservServerName,
// TODO: Also include signing key (if applicable)
});
};
if (!!policyservEventSigningKey) {
content["public_key"] = policyservEventSigningKey;
}
await client.sendStateEvent(policyservData["room_id"], "org.matrix.msc4284.policy", "", content);
} catch (e) {
console.error(e);
await client.sendHtmlNotice(policyservData["community_room_id"], `⚠️ The bot was unable to set the policy server configuration in <code>${escapeHtml(policyservData["room_id"])}</code>. It will have to be done manually. The server name for this room should be <code>${policyservServerName}</code>`);
Expand Down