Mark encryption as experimental (#610)

* Update config to mark encryption support as experimental

* Mention encryption as experimental in docs

* changelog

* Hide empty values from config

* transmuate snakes into camels

changelog.d/610.misc

@@ -0,0 +1 @@
+Mark encryption feature as experimental (config option is now `experimentalEncryption`).

config.sample.yml

@@ -113,11 +113,6 @@ queue:
   monolithic: true
   port: 6379
   host: localhost
-encryption:
-  # (Optional) Configuration for encryption support in the bridge.
-  # If omitted, encryption support will be disabled.
-  #
-  storagePath: ./data/encryption
 logging:
   # (Optional) Logging settings. You can have a severity debug,info,warn,error
   #

docs/advanced/encryption.md

@@ -1,12 +1,17 @@
 Encryption
-=======
+==========
+
+<section class="warning">
+Encryption support is <strong>HIGHLY EXPERIMENTAL AND SUBJECT TO CHANGE</strong>. It should not be enabled for production workloads.
+For more details, see <a href="https://github.com/matrix-org/matrix-hookshot/issues/594">issue 594</a>.
+</section>
 
 Hookshot supports end-to-bridge encryption via [MSC3202](https://github.com/matrix-org/matrix-spec-proposals/pull/3202). As such, encryption requires hookshot to be connected to a homeserver that supports that MSC, such as [Synapse](#running-with-synapse).
 
 ## Enabling encryption in Hookshot
 
 In order for hookshot to use encryption, it must be configured as follows:
-- The `encryption.storagePath` setting must point to a directory that hookshot has permissions to write files into. If running with Docker, this path should be within a volume (for persistency).
+- The `experimentalEncryption.storagePath` setting must point to a directory that hookshot has permissions to write files into. If running with Docker, this path should be within a volume (for persistency).
 - [Redis](./workers.md) must be enabled. Note that worker mode is not yet supported with encryption, so `queue.monolithic` must be set to `true`.
 
 If you ever reset your homeserver's state, ensure you also reset hookshot's encryption state. This includes clearing the `encryption.storagePath` directory and all worker state stored in your redis instance. Otherwise, hookshot may fail on start up with registration errors.

package.json

@@ -6,7 +6,6 @@
   "repository": "https://github.com/matrix-org/matrix-hookshot",
   "author": "matrix.org",
   "license": "Apache-2.0",
-  "private": false,
   "napi": {
     "name": "matrix-hookshot-rs"
   },

src/Config/Config.ts

@@ -426,7 +426,7 @@ export interface BridgeConfigMetrics {
 export interface BridgeConfigRoot {
     bot?: BridgeConfigBot;
     bridge: BridgeConfigBridge;
-    encryption?: BridgeConfigEncryption;
+    experimentalEncryption?: BridgeConfigEncryption;
     figma?: BridgeConfigFigma;
     feeds?: BridgeConfigFeedsYAML;
     generic?: BridgeGenericWebhooksConfigYAML;
@@ -448,7 +448,9 @@ export class BridgeConfig {
     @configKey("Basic homeserver configuration")
     public readonly bridge: BridgeConfigBridge;
     @configKey(`Configuration for encryption support in the bridge.
- If omitted, encryption support will be disabled.`, true)
+ If omitted, encryption support will be disabled.
+ This feature is HIGHLY EXPERIMENTAL AND SUBJECT TO CHANGE.
+ For more details, see https://github.com/matrix-org/matrix-hookshot/issues/594.`, true)
     public readonly encryption?: BridgeConfigEncryption;
     @configKey(`Message queue / cache configuration options for large scale deployments.
  For encryption to work, must be set to monolithic mode and have a host & port specified.`, true)
@@ -515,7 +517,8 @@ export class BridgeConfig {
         this.queue = configData.queue || {
             monolithic: true,
         };
-        this.encryption = configData.encryption;
+        this.encryption = configData.experimentalEncryption;
+
 
         this.logging = configData.logging || {
             level: "info",
@@ -528,6 +531,12 @@ export class BridgeConfig {
         if (!ValidLogLevelStrings.includes(this.logging.level)) {
             throw new ConfigError("logging.level", `Logging level is not valid. Must be one of ${ValidLogLevelStrings.join(', ')}`)
         }
+        if (this.encryption) {
+            log.warn(`
+You have enabled encryption support in the bridge. This feature is HIGHLY EXPERIMENTAL AND SUBJECT TO CHANGE.
+For more details, see https://github.com/matrix-org/matrix-hookshot/issues/594.
+            `)
+        }
 
         this.permissions = configData.permissions || [{
             actor: this.bridge.domain,

src/Config/Defaults.ts

@@ -134,10 +134,7 @@ export const DefaultConfig = new BridgeConfig({
             bindAddress: '0.0.0.0',
             resources: ['widgets'],
         }
-    ],
-    encryption: {
-        storagePath: "./data/encryption"
-    }
+    ]
 }, {});
 
 function renderSection(doc: YAML.Document, obj: Record<string, unknown>, parentNode?: YAMLSeq) {
@@ -147,6 +144,10 @@ function renderSection(doc: YAML.Document, obj: Record<string, unknown>, parentN
             return;
         }
 
+        if (value === undefined || value === null) {
+            return;
+        }
+
         let newNode: Node;
         if (typeof value === "object" && !Array.isArray(value)) {
             newNode = YAML.createNode({});