From d80ef72fbedaea160c61e9f4de731ebae16572dc Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Sat, 14 Mar 2026 23:31:51 +0200 Subject: [PATCH] matrix-synapse: remove stale client-reader residue and refresh worker comment Current Synapse no longer exposes device management under `/_matrix/client/.../account/devices`. The live client API shape is `/devices`, `/devices/{device_id}`, and `/delete_devices`, and MDAD already routes those real device-list-sensitive endpoints through explicit device-list handling. Keeping `account/devices` in the old client-reader regex therefore only preserves stale route-model residue. While touching the same area, refresh the `/_synapse/client/*` comment to reflect current Synapse: client-serving generic workers now mount a meaningful Synapse-specific client tree there, but MDAD still intentionally keeps those paths out of its broad worker regexes because they are deployment-sensitive and auth-sensitive. Refs: - https://github.com/element-hq/synapse/blob/b99a58719b274fcbb327fd8d7649185792bfd12c/docs/workers.md#historical-apps - https://github.com/element-hq/synapse/blob/b99a58719b274fcbb327fd8d7649185792bfd12c/synapse/rest/client/devices.py#L49-L150 - https://github.com/element-hq/synapse/blob/b99a58719b274fcbb327fd8d7649185792bfd12c/synapse/rest/synapse/client/__init__.py#L39-L88 --- roles/custom/matrix-synapse/vars/main.yml | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/roles/custom/matrix-synapse/vars/main.yml b/roles/custom/matrix-synapse/vars/main.yml index 6cf07e58b..0f2930626 100644 --- a/roles/custom/matrix-synapse/vars/main.yml +++ b/roles/custom/matrix-synapse/vars/main.yml @@ -31,7 +31,7 @@ matrix_synapse_workers_sync_worker_client_server_endpoints: # Client reader workers handle generic client-server endpoints that don't contain a roomid or sync matrix_synapse_workers_client_reader_client_server_endpoints: - - ^/_matrix/client/(api/v1|r0|v3|unstable)/(room_keys/|keys/(query|changes|claim|room_keys/)|login|register(/available|/m.login.registration_token/validity|)|password_policy|profile|rooms/.*/(joined_members|context/.*|members|state|hierarchy|relations/|event/|aliases|timestamp_to_event|redact|send|state/|(join|invite|leave|ban|unban|kick))|createRoom|publicRooms|account/(3pid|whoami|devices)|versions|voip/turnServer|joined_rooms|search|user/.*/filter(/|$)|directory/room/.*|capabilities) + - ^/_matrix/client/(api/v1|r0|v3|unstable)/(room_keys/|keys/(query|changes|claim|room_keys/)|login|register(/available|/m.login.registration_token/validity|)|password_policy|profile|rooms/.*/(joined_members|context/.*|members|state|hierarchy|relations/|event/|aliases|timestamp_to_event|redact|send|state/|(join|invite|leave|ban|unban|kick))|createRoom|publicRooms|account/(3pid|whoami)|versions|voip/turnServer|joined_rooms|search|user/.*/filter(/|$)|directory/room/.*|capabilities) # Federation reader workers handle generic federation endpoints that don't contain a roomid matrix_synapse_workers_federation_reader_federation_endpoints: @@ -47,12 +47,10 @@ matrix_synapse_workers_federation_reader_federation_endpoints: # because `matrix_synapse_workers_generic_worker_endpoints` also contains things like `/_synapse/client/`, etc. # While /_synapse/client/ endpoints are somewhat client-server API-related, they're: # - neither part of the client-server API spec (and are thus, different) -# - nor always OK to forward to a worker (we're supposed to obey `matrix_synapse_companion_container_labels_client_synapse_client_api_enabled`) +# - and they now include a meaningful Synapse-specific tree (`pick_idp`, `pick_username`, OIDC/SAML callbacks, rendezvous, etc.) +# - some of these paths are auth-sensitive or deployment-sensitive, so we intentionally keep them out of the broad worker route model unless explicitly handled elsewhere # -# It's also not too many of these APIs (only `^/_synapse/client/password_reset/email/submit_token$` at the time of this writing / 2021-01-24), -# so it's not that important whether we forward them or not. -# -# Basically, we aim to cover most things. Skipping `/_synapse/client` or a few other minor things doesn't matter too much. +# Basically, we aim to cover most spec client APIs here. Skipping `/_synapse/client` is intentional and conservative. matrix_synapse_workers_generic_worker_client_server_endpoints: "{{ matrix_synapse_workers_generic_worker_endpoints | default([]) | map('regex_search', '.*/_matrix/client.*') | list | difference([none]) }}" # A Synapse generic worker can handle both federation and client-server API endpoints.