Profile for ersei

Display name
dragon punch high score setter
Username
@ersei@ersei.net
Role
admin

About ersei

Fields

they
them
illegal maths
05D3 E019 2231 9A75 86B4 B8D5 023F F4C1 A9D6 BAFD

Bio

call me a slipped disk the way im back and about to make it everyones problem

ipv6 certified sage by hurricane electric

commits nix crimes for a living

worlds most ok music taste

serial post favouriter sorry for the notifs

posts are default followers only

follow requests are subject to the rfc: https://rfc.ersei.net/rfcs/1.html (read it)

20% actual content, 80% "____er I hardly know er" jokes

I apologize in advance

Stats

Joined
Posts
3338
Followed by
27
Following
27

Recent posts

favourite VM runtime

Poll closed , 39 votes total
  • Option 1, JVM (Java, Scala, ...)
    5.13% , 2 votes
  • Option 2, BEAM (Erlang, Elixir, ...)
    25.64% , 10 votes
  • Option 3, CLR (C#, F#, ...)
    2.56% , 1 vote
  • Option 4, Mono (C#, F#, ...)
    2.56% , 1 vote
  • Option 5, CPython (Python)
    17.95% , 7 votes
  • Option 6, PyPy (Python)
    5.13% , 2 votes
  • Option 7, LuaJIT (Lua)
    20.51% , 8 votes
  • Option 8, V8 (Javascript)
    2.56% , 1 vote
  • Option 9, Zend (PHP)
    2.56% , 1 vote
  • Option 10, YJIT (Ruby)
    2.56% , 1 vote
  • Option 11, Something else (comment below)
    12.82% , 5 votes

So I'm running into an issue with Finamp where it would send duplicate playback started and playback stopped events due to a race condition (possibly), which messed with ListenBrainz. I fixed it in the worst way possible: with Nginx fuckery

limit_req_zone $http_authorization zone=jfplaybackstopped:10m rate=10r/m;
limit_req_zone $http_authorization zone=jfplaybackstarted:10m rate=10r/m;

# ...

        location = /Sessions/Playing/Stopped {
                limit_req zone=jfplaybackstopped;
                limit_req_status 599;
                limit_conn_status 599;
                error_page 599 =204 'debounce';

                proxy_pass http://$jellyfin;
                include snippets.d/proxy.conf;

                add_header Cross-Origin-Resource-Policy cross-origin;
        }

        location = /Sessions/Playing {
                limit_req zone=jfplaybackstarted;
                limit_req_status 599;
                limit_conn_status 599;
                error_page 599 =204 'debounce';

                proxy_pass http://$jellyfin;
                include snippets.d/proxy.conf;

                add_header Cross-Origin-Resource-Policy cross-origin;
        }

we need error_page to be like this because limit_*_status only lets you return an error code from 400-599. It works perfectly to prevent the duplicated requests :) only issue I foresee is a song that's less than 6 seconds being played, but I don't think I listen to that, so I'll be fine.

Of course, I have to make sure that fail2ban doesn't see the rate limit trips and ban me...

I keep finding bugs with federated apps and S3 integrations. Here's the latest:

Now that Synapse can accept redirects, it's got some strange behaviour. I have a Minio instance running that matrix-media-repo redirects Synapse to. However, Synapse sets the Authorization:X-Matrix... header, which causes Minio to return a 400 Invalid Request due to it expecting either no authorization or proper AWS4-HMAC-SHA256.

Currently, I have a fix in place by having Apache unset the Authorization header if it detects Synapse is requesting something from the S3 endpoint:

<If "%{HTTP:Authorization} =~ /X-Matrix/">
  RequestHeader unset "Authorization"
</If>

So my grand question is this: is this a Synapse bug (are headers meant to be kept when redirecting), a Minio bug (it should accept any authorization header if the bucket allows anonymous reads), or a matrix-media-repo bug?

Both Synapse and Minio are on the same subdomain, so it might be a connection reuse bug, which is the second time I've hit this issue in two days.

This is a direct consequence of MSC3860