From 30a0f880a21a51affb8e7936fdc5df20fddae6d2 Mon Sep 17 00:00:00 2001
From: "Alexander \"Ace\" Olofsson" <ace@haxalot.com>
Date: Sun, 24 Jul 2022 22:56:55 +0200
Subject: [PATCH] matrix-synapse: Update worker paths to Exact type

---
 charts/matrix-synapse/Chart.yaml             |   2 +-
 charts/matrix-synapse/templates/ingress.yaml |   8 +-
 charts/matrix-synapse/values.yaml            | 110 ++++++++++++-------
 3 files changed, 76 insertions(+), 44 deletions(-)

diff --git a/charts/matrix-synapse/Chart.yaml b/charts/matrix-synapse/Chart.yaml
index 059549e..b60e97b 100644
--- a/charts/matrix-synapse/Chart.yaml
+++ b/charts/matrix-synapse/Chart.yaml
@@ -6,7 +6,7 @@ icon: https://matrix.org/images/matrix-logo.svg
 appVersion: 1.63.1
 
 type: application
-version: 2.3.6
+version: 2.4.0
 maintainers:
   - name: Alexander Olofsson
     email: ace@haxalot.com
diff --git a/charts/matrix-synapse/templates/ingress.yaml b/charts/matrix-synapse/templates/ingress.yaml
index f786a9d..16ca21a 100644
--- a/charts/matrix-synapse/templates/ingress.yaml
+++ b/charts/matrix-synapse/templates/ingress.yaml
@@ -66,7 +66,7 @@ spec:
                 name: {{ $service }}
                 port:
                   number: 8083
-            pathType: ImplementationSpecific
+            pathType: Exact
                   {{- else }}
               serviceName: {{ $service }}
               servicePort: 8083
@@ -79,7 +79,7 @@ spec:
                 name: {{ $service }}
                 port:
                   number: 8083
-            pathType: ImplementationSpecific
+            pathType: Exact
                   {{- else }}
               serviceName: {{ $service }}
               servicePort: 8083
@@ -97,7 +97,7 @@ spec:
                 name: {{ $service }}
                 port:
                   number: 8083
-            pathType: ImplementationSpecific
+            pathType: Exact
                   {{- else }}
               serviceName: {{ $service }}
               servicePort: 8083
@@ -110,7 +110,7 @@ spec:
                 name: {{ $service }}
                 port:
                   number: 8083
-            pathType: ImplementationSpecific
+            pathType: Exact
                   {{- else }}
               serviceName: {{ $service }}
               servicePort: 8083
diff --git a/charts/matrix-synapse/values.yaml b/charts/matrix-synapse/values.yaml
index 2ee0873..fd6b7dc 100644
--- a/charts/matrix-synapse/values.yaml
+++ b/charts/matrix-synapse/values.yaml
@@ -392,57 +392,86 @@ workers:
     generic: true
     listeners: [client, federation]
     csPaths:
-    # - "/_matrix/client/(v2_alpha|r0|v3)/sync"
-      - "/_matrix/client/(api/v1|v2_alpha|r0|v3)/events"
-    # - "/_matrix/client/(api/v1|r0|v3)/initialSync"
-    # - "/_matrix/client/(api/v1|r0|v3)/rooms/[^/]+/initialSync"
+      ## Sync requests
+      # - "/_matrix/client/(r0|v3)/sync"
+      - "/_matrix/client/(api/v1|r0|v3)/events"
+      # - "/_matrix/client/(api/v1|r0|v3)/initialSync"
+      # - "/_matrix/client/(api/v1|r0|v3)/rooms/[^/]+/initialSync"
+
+      ## Client API requests
+      - "/_matrix/client/(api/v1|r0|v3|unstable)/createRoom"
       - "/_matrix/client/(api/v1|r0|v3|unstable)/publicRooms"
       - "/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/joined_members"
       - "/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/context/.*"
       - "/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/members"
       - "/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/state"
-      - "/_matrix/client/unstable/org.matrix.msc2946/rooms/.*/spaces"
-      - "/_matrix/client/unstable/org.matrix.msc2946/rooms/.*/hierarchy"
+      - "/_matrix/client/v1/rooms/.*/hierarchy"
+      - "/_matrix/client/unstable/org.matrix.msc2716/rooms/.*/batch_send"
       - "/_matrix/client/unstable/im.nheko.summary/rooms/.*/summary"
-      - "/_matrix/client/(api/v1|r0|v3|unstable)/account/3pid"
-      - "/_matrix/client/(api/v1|r0|v3|unstable)/keys/query"
-      - "/_matrix/client/(api/v1|r0|v3|unstable)/keys/changes"
+      - "/_matrix/client/(r0|v3|unstable)/account/3pid"
+      - "/_matrix/client/(r0|v3|unstable)/account/whoami"
+      - "/_matrix/client/(r0|v3|unstable)/devices"
       - "/_matrix/client/versions"
       - "/_matrix/client/(api/v1|r0|v3|unstable)/voip/turnServer"
-      - "/_matrix/client/(api/v1|r0|v3|unstable)/joined_groups"
-      - "/_matrix/client/(api/v1|r0|v3|unstable)/publicised_groups"
-      - "/_matrix/client/(api/v1|r0|v3|unstable)/publicised_groups/"
+      - "/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/event/.*"
+      - "/_matrix/client/(api/v1|r0|v3|unstable)/joined_rooms"
+      - "/_matrix/client/(api/v1|r0|v3|unstable)/search"
+      
+      ## Encryption requests
+      - "/_matrix/client/(r0|v3|unstable)/keys/query"
+      - "/_matrix/client/(r0|v3|unstable)/keys/changes"
+      - "/_matrix/client/(r0|v3|unstable)/keys/claim"
+      - "/_matrix/client/(r0|v3|unstable)/room_keys/.*"
+      
+      ## Registration/login requests
       - "/_matrix/client/(api/v1|r0|v3|unstable)/login"
       - "/_matrix/client/(r0|v3|unstable)/register"
-      - "/_matrix/client/(r0|v3|unstable)/auth/.*/fallback/web"
+      - "/_matrix/client/v1/register/m.login.registration_token/validity"
+      
+      ## Event sending requests
+      - "/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/redact"
       - "/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/send"
-      - "/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/state/"
+      - "/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/state/.*"
       - "/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/(join|invite|leave|ban|unban|kick)"
-      - "/_matrix/client/(api/v1|r0|v3|unstable)/join/"
-      - "/_matrix/client/(api/v1|r0|v3|unstable)/profile/"
+      - "/_matrix/client/(api/v1|r0|v3|unstable)/join/.*"
+      - "/_matrix/client/(api/v1|r0|v3|unstable)/profile/.*"
+      
+      ## Account data requests
+      - "/_matrix/client/(r0|v3|unstable)/.*/tags"
+      - "/_matrix/client/(r0|v3|unstable)/.*/account_data"
+      
+      ## Receipts requests
+      - "/_matrix/client/(r0|v3|unstable)/rooms/.*/receipt"
+      - "/_matrix/client/(r0|v3|unstable)/rooms/.*/read_markers"
+      
+      ## Presence requests
+      - "/_matrix/client/(api/v1|r0|v3|unstable)/presence/.*"
+      
+      ## User directory search requests
+      - "/_matrix/client/(r0|v3|unstable)/user_directory/search"
+
     paths:
-      - "/_matrix/federation/v1/event/"
-      - "/_matrix/federation/v1/state/"
-      - "/_matrix/federation/v1/state_ids/"
-      - "/_matrix/federation/v1/backfill/"
-      - "/_matrix/federation/v1/get_missing_events/"
+      ## Federation requests
+      - "/_matrix/federation/v1/event/.*"
+      - "/_matrix/federation/v1/state/.*"
+      - "/_matrix/federation/v1/state_ids/.*"
+      - "/_matrix/federation/v1/backfill/.*"
+      - "/_matrix/federation/v1/get_missing_events/.*"
       - "/_matrix/federation/v1/publicRooms"
-      - "/_matrix/federation/v1/query/"
-      - "/_matrix/federation/v1/make_join/"
-      - "/_matrix/federation/v1/make_leave/"
-      - "/_matrix/federation/v1/send_join/"
-      - "/_matrix/federation/v2/send_join/"
-      - "/_matrix/federation/v1/send_leave/"
-      - "/_matrix/federation/v2/send_leave/"
-      - "/_matrix/federation/v1/invite/"
-      - "/_matrix/federation/v2/invite/"
-      - "/_matrix/federation/v1/query_auth/"
-      - "/_matrix/federation/v1/event_auth/"
-      - "/_matrix/federation/v1/exchange_third_party_invite/"
-      - "/_matrix/federation/v1/user/devices/"
-      - "/_matrix/federation/v1/send/"
-      - "/_matrix/federation/v1/get_groups_publicised"
+      - "/_matrix/federation/v1/query/.*"
+      - "/_matrix/federation/v1/make_join/.*"
+      - "/_matrix/federation/v1/make_leave/.*"
+      - "/_matrix/federation/(v1|v2)/send_join/.*"
+      - "/_matrix/federation/(v1|v2)/send_leave/.*"
+      - "/_matrix/federation/(v1|v2)/invite/.*"
+      - "/_matrix/federation/v1/event_auth/.*"
+      - "/_matrix/federation/v1/exchange_third_party_invite/.*"
+      - "/_matrix/federation/v1/user/devices/.*"
       - "/_matrix/key/v2/query"
+      - "/_matrix/federation/v1/hierarchy/.*"
+
+      ## Inbound federation transaction request
+      - "/_matrix/federation/v1/send/.*"
 
   ## To separate the generic worker into specific concerns - for example federation transaction receiving;
   ## NB; This worker should have incoming traffic routed based on source IP, which is
@@ -453,7 +482,7 @@ workers:
   #  generic: true
   #  listeners: [federation]
   #  paths:
-  #     - "/_matrix/federation/v1/send/"
+  #     - "/_matrix/federation/v1/send/.*"
 
   ## Or /sync handling.
   ## NB; Care should be taken to route users to the same instance when scaling this worker,
@@ -469,6 +498,8 @@ workers:
   #    - "/_matrix/client/(api/v1|r0|v3)/initialSync"
   #    - "/_matrix/client/(api/v1|r0|v3)/rooms/[^/]+/initialSync"
 
+  ## Specialized - non-generic workers below;
+
   ## This worker deals with pushing notifications.
   ## NB; Only one instance of this worker can be run at a time, refer to the
   ## information URL above.
@@ -495,14 +526,15 @@ workers:
     enabled: false
     listeners: [media]
     csPaths:
-      - "/_matrix/media/"
+      - "/_matrix/media/.*"
       - "/_synapse/admin/v1/purge_media_cache"
       - "/_synapse/admin/v1/room/.*/media.*"
       - "/_synapse/admin/v1/user/.*/media.*"
       - "/_synapse/admin/v1/media/.*"
       - "/_synapse/admin/v1/quarantine_media/.*"
+      - "/_synapse/admin/v1/users/.*/media"
     paths:
-      - "/_matrix/media/"
+      - "/_matrix/media/.*"
 
   ## This worker deals with user directory searches.
   ##