Fallback keys can be provided by client devices to be used in case the
supply of one-time keys run out. The server will store one fallback key
per user, per device, per algorithm. The server will keep track of
whether this fallback key has been used or not.
The /keys/claim endpoint now provides a fallback key
if no one-time key is found
The /keys/upload endpoint now accepts fallback keys
The /sync endpoint now informs the client of the algorithms for which it
has an unused fallback key in stock.
- Issue a single-use token for initial account creation
- Disable registration through other methods until the first account is made
- Print helpful instructions to the console on the first run
- Improve the welcome message sent in the admin room on first run
The latest Rust nightly compiler (2025-08-27) introduced the
elided-named-lifetimes lint which causes Clippy CI checks to fail
when an elided lifetime ('_) resolves to a named lifetime that's
already in scope.
This commit fixes the Clippy warnings by:
- Making lifetime relationships explicit where 'a is already in scope
- Keeping elided lifetimes ('_) in functions without explicit
lifetime parameters
- Ensuring proper lifetime handling in the database pool module
Affected files (17 total):
- Database map modules: Handle, Key, and KeyVal references in get,
qry, keys, and stream operations
- Database pool module: into_recv_seek function
This change resolves the CI build failures without changing any
functionality, ensuring the codebase remains compatible with the
latest nightly Clippy checks.
Ensures access tokens are unique across both user and appservice tables to
prevent authentication ambiguity and potential security issues.
Changes:
- On startup, automatically logout any user devices using tokens that
conflict with appservice tokens (resolves in favour of appservices)
and log a warning with affected user/device details
- When creating new user tokens, check for conflicts with appservice tokens
and generate a new token if a collision would occur
- When registering new appservices, reject registration if the token is
already in use by a user device
- Use futures::select_ok to race token lookups concurrently for better
performance (adapted from tuwunel commit 066097a8)
This fix-forward approach resolves existing token collisions on startup
whilst preventing new ones from being created, without breaking existing
valid authentications.
The find_token optimisation is adapted from tuwunel (matrix-construct/tuwunel)
commit 066097a8: "Optimize user and appservice token queries" by Jason Volk.
Ginger
new-years-eve
Jade Ellis
Getz Mikalsen
Jason Volk
April Grimoire
timedout
Tom Foster
RatCornu
June Clementine Strawberry