From 71bab17665121bd6e2c5e2b5dd8b55ea6777b872 Mon Sep 17 00:00:00 2001 From: Brad Stein Date: Sat, 17 Jan 2026 07:32:57 -0300 Subject: [PATCH] comms: fix matrix login routing and prune guests --- services/comms/guest-name-job.yaml | 37 +++++++++++++++++++++++++++++- services/comms/helmrelease.yaml | 19 +-------------- 2 files changed, 37 insertions(+), 19 deletions(-) diff --git a/services/comms/guest-name-job.yaml b/services/comms/guest-name-job.yaml index 0ba2f52..142dc73 100644 --- a/services/comms/guest-name-job.yaml +++ b/services/comms/guest-name-job.yaml @@ -123,6 +123,7 @@ spec: SEEDER_USER = os.environ["SEEDER_USER"] ROOM_ALIAS = "#othrys:live.bstein.dev" SERVER_NAME = "live.bstein.dev" + STALE_GUEST_MS = 7 * 24 * 60 * 60 * 1000 def mas_admin_token(): with open(MAS_ADMIN_CLIENT_SECRET_FILE, "r", encoding="utf-8") as f: @@ -235,6 +236,35 @@ spec: break return users + def should_prune_guest(entry, now_ms): + if not entry.get("is_guest"): + return False + last_seen = entry.get("last_seen_ts") + if last_seen is None: + return False + try: + last_seen = int(last_seen) + except (TypeError, ValueError): + return False + return now_ms - last_seen > STALE_GUEST_MS + + def prune_guest(token, user_id): + headers = {"Authorization": f"Bearer {token}"} + try: + r = requests.delete( + f"{BASE}/_synapse/admin/v2/users/{urllib.parse.quote(user_id)}", + headers=headers, + params={"erase": "true"}, + timeout=30, + ) + except Exception as exc: # noqa: BLE001 + print(f"guest prune failed for {user_id}: {exc}") + return False + if r.status_code in (200, 202, 204, 404): + return True + print(f"guest prune failed for {user_id}: {r.status_code} {r.text}") + return False + def user_id_for_username(username): return f"@{username}:live.bstein.dev" @@ -404,6 +434,7 @@ spec: except Exception as exc: # noqa: BLE001 print(f"synapse admin list skipped: {exc}") entries = [] + now_ms = int(time.time() * 1000) for entry in entries: user_id = entry.get("name") or "" if not user_id.startswith("@"): @@ -412,6 +443,9 @@ spec: if localpart in mas_usernames: continue is_guest = entry.get("is_guest") + if is_guest and should_prune_guest(entry, now_ms): + if prune_guest(seeder_token, user_id): + continue if not (is_guest or needs_rename_username(localpart)): continue display = get_displayname_admin(seeder_token, user_id) @@ -431,4 +465,5 @@ spec: db_rename_numeric(existing) finally: mas_revoke_session(admin_token, seeder_session) - PY \ No newline at end of file + PY + diff --git a/services/comms/helmrelease.yaml b/services/comms/helmrelease.yaml index bf45b21..e259c52 100644 --- a/services/comms/helmrelease.yaml +++ b/services/comms/helmrelease.yaml @@ -130,24 +130,7 @@ spec: values: ["rpi5", "rpi4"] ingress: - enabled: true - className: traefik - annotations: - cert-manager.io/cluster-issuer: letsencrypt - traefik.ingress.kubernetes.io/router.entrypoints: websecure - traefik.ingress.kubernetes.io/router.tls: "true" - csHosts: - - matrix.live.bstein.dev - hosts: - - matrix.live.bstein.dev - wkHosts: - - live.bstein.dev - - bstein.dev - tls: - - secretName: matrix-live-tls - hosts: - - matrix.live.bstein.dev - - live.bstein.dev + enabled: false extraConfig: allow_guest_access: true