| 18 Feb 2022 |
 hexa | more input welcome | 22:57:56 |
| hexa | * more input very welcome | 22:57:58 |
 f0x | added some more assertions | 23:43:07 |
| f0x | I think it would be great to support both option designs, perhaps make them mutually exclusive though | 23:44:23 |
| f0x | we would also need some way of handling the load balancing considerations when having multiple sync or federationReceiver workers | 23:46:46 |
| f0x | im considering writing some kind of proxy to handle the access token parsing for efficient /sync loadbalancing, because doing that in pure nginx became impossible with the new temporary tokens afaik | 23:52:57 |
| f0x | https://github.com/sandhose/matrix-doc/blob/sandhose/msc/refresh-token/proposals/2918-refreshtokens.md these are entirely opaque whereas the old (long) access tokens actually encoded the MXID | 23:57:27 |
| f0x | so you would need to do an http request or database access to figure out who the token is for | 23:57:41 |
| 19 Feb 2022 |
| hexa | In reply to @f0x:pixie.town
we would also need some way of handling the load balancing considerations when having multiple sync or federationReceiver workers ideally yes, but until that is possible we should resort to simpler measure, like hashing the src address of incoming requests | 01:07:27 |
| f0x | oh that's pretty good actually | 01:08:17 |
| hexa | also I think there was something proxy-adjacent linked recently, I think by sorunome? | 01:09:37 |
| hexa | https://github.com/Sorunome/matrix-synchrotron-balancer | 01:09:43 |
| hexa | though that looks dated? | 01:09:46 |
 Dandellion | its old and uses the trick with usernames in AS tokens IIRC | 01:09:59 |
| hexa | so no good | 01:10:31 |
| f0x | In reply to @dandellion:dodsorf.as
its old and uses the trick with usernames in AS tokens IIRC it does use a whoami request so should still work | 01:12:04 |
| f0x | maybe other parts changed though | 01:12:33 |
| f0x | using a hash of the authorization header could work too? | 01:12:52 |
| Dandellion | huh you're right | 01:13:11 |
| hexa | yeah, so how do you access that in nginx? | 01:16:07 |
| f0x | $http_Authorization apparently | 01:17:51 |
| hexa | neat | 01:17:58 |
| hexa | so it's just hash $http_Authorization and we'd be good? | 01:18:30 |
| f0x | i have no idea but it's worth a try :P | 01:18:55 |
| hexa | so I wonder, you're saying that ideally we'd support both | 01:21:05 |
| hexa | but what would you people actually be using if both were available? | 01:21:16 |
| Dandellion | since the same data needs to be synced to all devices, currently it makes more sense let the workers cache things by username and not device | 01:22:07 |
| Dandellion | I don't think it actually matters for anything but the largest installations | 01:22:29 |
| hexa | so we have two means to get the user, by IP or by Authorization header | 01:22:45 |
| hexa | * so we have two means to get the device, by IP or by Authorization header | 01:22:53 |
