Disable federation when using SQLite by default

changelog.d/5078.feature

@@ -0,0 +1 @@
+Disable federation when using SQLite by default.

docs/sample_config.yaml

@@ -239,6 +239,20 @@ listeners:
 # Used by phonehome stats to group together related servers.
 #server_context: context
 
+# Using SQLite with Synapse induces a severe degradation in performances
+# compared to using PostgreSQL. SQLite should only be used for personal
+# testing. Production instances should use PostgreSQL instead. You can
+# find documentation on setting up PostgreSQL with Synapse here:
+# https://github.com/matrix-org/synapse/blob/master/docs/postgres.rst
+#
+# If you want to use federation with SQLite regardless, you can
+# uncomment the line below, but be aware that it can make Synapse
+# malfunction and be very laggy, especially when joining large rooms.
+# This option defaults to 'false' when using SQLite and 'true'
+# otherwise.
+#
+#enable_federation_can_cause_bad_perfs_with_sqlite = true
+
 
 ## TLS ##
 

synapse/api/errors.py

@@ -156,17 +156,19 @@ class RegistrationError(SynapseError):
 
 
 class FederationDeniedError(SynapseError):
-    """An error raised when the server tries to federate with a server which
-    is not on its federation whitelist.
+    """An error raised when the server tries to federate with a server which is
+    not on its federation whitelist or when federation is disabled in the
+    configuration.
 
     Attributes:
         destination (str): The destination which has been denied
     """
 
     def __init__(self, destination):
         """Raised by federation client or server to indicate that we are
-        are deliberately not attempting to contact a given server because it is
-        not on our federation whitelist.
+        deliberately not attempting to contact a given server because it is not
+        on our federation whitelist or federation is disabled in the
+        configuration.
 
         Args:
             destination (str): the domain in question

synapse/config/server.py

@@ -59,6 +59,16 @@ def read_config(self, config):
         # "disable" federation
         self.send_federation = config.get("send_federation", True)
 
+        try:
+            self.enable_federation = config[
+                "enable_federation_can_cause_bad_perfs_with_sqlite"
+            ]
+        except KeyError:
+            if config.get("database", {"name": "sqlite3"}).get("name") == "sqlite3":
+                self.enable_federation = False
+            else:
+                self.enable_federation = True
+
         # Whether to enable user presence.
         self.use_presence = config.get("use_presence", True)
 
@@ -490,6 +500,20 @@ def default_config(self, server_name, data_dir_path, **kwargs):
 
         # Used by phonehome stats to group together related servers.
         #server_context: context
+
+        # Using SQLite with Synapse induces a severe degradation in performances
+        # compared to using PostgreSQL. SQLite should only be used for personal
+        # testing. Production instances should use PostgreSQL instead. You can
+        # find documentation on setting up PostgreSQL with Synapse here:
+        # https://github.com/matrix-org/synapse/blob/master/docs/postgres.rst
+        #
+        # If you want to use federation with SQLite regardless, you can
+        # uncomment the line below, but be aware that it can make Synapse
+        # malfunction and be very laggy, especially when joining large rooms.
+        # This option defaults to 'false' when using SQLite and 'true'
+        # otherwise.
+        #
+        #enable_federation_can_cause_bad_perfs_with_sqlite = true
         """ % locals()
 
     def read_arguments(self, args):

synapse/federation/transport/server.py

@@ -98,6 +98,7 @@ def __init__(self, hs):
         self.server_name = hs.hostname
         self.store = hs.get_datastore()
         self.federation_domain_whitelist = hs.config.federation_domain_whitelist
+        self.enable_federation = hs.config.enable_federation
 
     # A method just so we can pass 'self' as the authenticator to the Servlets
     @defer.inlineCallbacks
@@ -130,7 +131,7 @@ def authenticate_request(self, request, content):
         if (
             self.federation_domain_whitelist is not None and
             origin not in self.federation_domain_whitelist
-        ):
+        ) or not self.enable_federation:
             raise FederationDeniedError(origin)
 
         if not json_request["signatures"]:

synapse/http/matrixfederationclient.py

@@ -274,7 +274,8 @@ def _send_request(
             NotRetryingDestination: If we are not yet ready to retry this
                 server.
             FederationDeniedError: If this destination  is not on our
-                federation whitelist
+                federation whitelist or federation is disabled in the server's
+                configuration.
             RequestSendFailed: If there were problems connecting to the
                 remote, due to e.g. DNS failures, connection timeouts etc.
         """
@@ -286,7 +287,7 @@ def _send_request(
         if (
             self.hs.config.federation_domain_whitelist is not None and
             request.destination not in self.hs.config.federation_domain_whitelist
-        ):
+        ) or not self.hs.config.enable_federation:
             raise FederationDeniedError(request.destination)
 
         limiter = yield synapse.util.retryutils.get_retry_limiter(
@@ -563,7 +564,8 @@ def put_json(self, destination, path, args={}, data={},
             NotRetryingDestination: If we are not yet ready to retry this
                 server.
             FederationDeniedError: If this destination  is not on our
-                federation whitelist
+                federation whitelist or federation is disabled in the server's
+                configuration.
             RequestSendFailed: If there were problems connecting to the
                 remote, due to e.g. DNS failures, connection timeouts etc.
         """
@@ -619,7 +621,8 @@ def post_json(self, destination, path, data={}, long_retries=False,
             NotRetryingDestination: If we are not yet ready to retry this
                 server.
             FederationDeniedError: If this destination  is not on our
-                federation whitelist
+                federation whitelist or federation is disabled in the server's
+                configuration.
             RequestSendFailed: If there were problems connecting to the
                 remote, due to e.g. DNS failures, connection timeouts etc.
         """
@@ -679,7 +682,8 @@ def get_json(self, destination, path, args=None, retry_on_dns_fail=True,
             NotRetryingDestination: If we are not yet ready to retry this
                 server.
             FederationDeniedError: If this destination  is not on our
-                federation whitelist
+                federation whitelist or federation is disabled in the server's
+                configuration.
             RequestSendFailed: If there were problems connecting to the
                 remote, due to e.g. DNS failures, connection timeouts etc.
         """
@@ -734,7 +738,8 @@ def delete_json(self, destination, path, long_retries=False,
             NotRetryingDestination: If we are not yet ready to retry this
                 server.
             FederationDeniedError: If this destination  is not on our
-                federation whitelist
+                federation whitelist or federation is disabled in the server's
+                configuration.
             RequestSendFailed: If there were problems connecting to the
                 remote, due to e.g. DNS failures, connection timeouts etc.
         """
@@ -780,7 +785,8 @@ def get_file(self, destination, path, output_stream, args={},
             NotRetryingDestination: If we are not yet ready to retry this
                 server.
             FederationDeniedError: If this destination  is not on our
-                federation whitelist
+                federation whitelist or federation is disabled in the server's
+                configuration.
             RequestSendFailed: If there were problems connecting to the
                 remote, due to e.g. DNS failures, connection timeouts etc.
         """

synapse/rest/media/v1/media_repository.py

@@ -84,6 +84,7 @@ def __init__(self, hs):
         self.recently_accessed_locals = set()
 
         self.federation_domain_whitelist = hs.config.federation_domain_whitelist
+        self.enable_federation = hs.config.enable_federation
 
         # List of StorageProviders where we should search for media and
         # potentially upload to.
@@ -234,7 +235,7 @@ def get_remote_media(self, request, server_name, media_id, name):
         if (
             self.federation_domain_whitelist is not None and
             server_name not in self.federation_domain_whitelist
-        ):
+        ) or not self.enable_federation:
             raise FederationDeniedError(server_name)
 
         self.mark_recently_accessed(server_name, media_id)
@@ -274,7 +275,7 @@ def get_remote_media_info(self, server_name, media_id):
         if (
             self.federation_domain_whitelist is not None and
             server_name not in self.federation_domain_whitelist
-        ):
+        ) or not self.enable_federation:
             raise FederationDeniedError(server_name)
 
         # We linearize here to ensure that we don't try and download remote

tests/http/test_fedclient.py

@@ -22,7 +22,7 @@
 from twisted.web.client import ResponseNeverReceived
 from twisted.web.http import HTTPChannel
 
-from synapse.api.errors import RequestSendFailed
+from synapse.api.errors import FederationDeniedError, RequestSendFailed
 from synapse.http.matrixfederationclient import (
     MatrixFederationHttpClient,
     MatrixFederationRequest,
@@ -428,3 +428,22 @@ def test_closes_connection(self):
         self.pump(120)
 
         self.assertTrue(conn.disconnecting)
+
+
+class FederationDisabledClientTests(HomeserverTestCase):
+
+    def make_homeserver(self, reactor, clock):
+        config = self.default_config()
+        config.enable_federation = False
+        hs = self.setup_test_homeserver(config=config)
+        return hs
+
+    def prepare(self, reactor, clock, homeserver):
+        self.cl = MatrixFederationHttpClient(self.hs, None)
+        self.reactor.lookups["testserv"] = "1.2.3.4"
+
+    def test_federation_denied(self):
+        self.assertFailure(
+            self.cl.get_json("testserv:8008", "foo/bar"),
+            FederationDeniedError,
+        )

tests/utils.py

@@ -186,6 +186,8 @@ def default_config(name):
     # background, which upsets the test runner.
     config.update_user_directory = False
 
+    config.enable_federation = True
+
     return config