Upgrades matrix-js-sdk from 34.13.0 to 41.5.0. This crosses the v37
removal of the legacy libolm crypto stack, so E2EE is migrated to the
Rust crypto implementation. Also adds device verification, cross-signing
setup, and authenticated media support.
Dependencies
- Bump matrix-js-sdk ^34.13.0 -> ^41.5.0; require Node.js >= 22.
- Drop the `olm` dependency (legacy crypto only); add `fake-indexeddb`.
Rust crypto
- Replace initCrypto() with initRustCrypto(); the legacy crypto stack
was removed upstream in v37.
- Add src/matrix-crypto-store.js: the Rust crypto store requires
IndexedDB, absent in Node.js, so it is backed by fake-indexeddb and
snapshotted to disk (rust-crypto-store.v8) to survive restarts.
- Migrate existing libolm crypto state into the Rust store on first run,
and discard the stored crypto state when the device ID changes.
Homeserver discovery
- Resolve the homeserver via .well-known, so a delegating domain
(e.g. example.org) works as the configured server URL.
Cross-signing & secure backup
- Add a secured /matrix-chat/secure-backup admin endpoint and a modal
dialog on the server config node: check status, unlock an existing
secure backup with its recovery key, or reset and create a new one.
Device verification (new nodes)
- matrix-verification: event source emitting verification requests and
phase changes, with on-node filters (phase, initiated by, type,
self-verification, user allowlist, room).
- matrix-verification-action: request, accept, start SAS, confirm,
mismatch, or cancel an in-flight verification.
Authenticated media
- matrix-receive and matrix-crypt-file use the authenticated media
endpoints, send a bearer token via msg.headers, and fall back between
the v3 and v1 media endpoints on a 404.
Fixes
- Surface connection/auth errors in the log; node.error() calls were
passed an empty msg object, which routed the error and suppressed
console logging.
- matrix-get-user: await getProfileInfo()/getPresence().
- matrix-invite-room: pass the reason as the third invite() argument
(the removed callback parameter was shifting it out).
- Guard the verification handlers so a throwing SDK getter cannot crash
Node-RED.
Docs
- Add the device-verification example flow; update the READMEs and node
help, correcting stale claims that device verification, secure backup,
and encrypted file uploads were unsupported.
- Remove mention of Device ID being required for encryption (since it can now auto generate if not provided this could make people think they have to set it when that isn't the case)
- matrix-js-sdk updated from ^v15.3.0 to ^v15.5.0
- got updated from ^11.8.2 to ^12.0.1 (this also required us to change how we import this library in code)
- Node-RED version requirement added for >=v1.3.0
- NodeJS version requirement added for >=v14.0.0
- removed `process` dependency
- send-image node fixed so error doesn't get thrown (`matrix-js-sdk` updated causing some errors)
- updated send-image node docs to explain that msg.contentType is necessary for some clients to render the image (otherwise it could display as a blank message in the room).
- If a matrix server configuration node was missing it's User ID it would throw a TypeError instead of telling the user the actual issue.
- Updated user list example: it now paginates all users on the server (if you had a lot of users the message would fail to send because it was too large)
- Added example for creating a room and inviting a user
- Added example for joining a mentioned room
- Added example for listing out a user's or server's rooms
- Added example for getting session data from a user via whois info
- Added example for getting a room's user list
- Added example for downloading & storing received files/images
- Added example for kicking/banning user from a room.
- Added example for deactivating a user
- Removed message in the room-users config stating it only works if you are an admin
- Receive node now outputs `msg.filename` for files and images
- Updated readme
- Support for e2ee is here! It's in beta as I am sure there are still things to do (such as adding a node for encrypting files as files currently are not encrypted).
- Added nodes for joining a room (and forcing users into a room), creating rooms, decrypting files, and inviting users to a room.
- matrix-synapse-register node name changed from "Synapse Register v1" to "Shared Secret Registration" to make it more self explanatory.
- matrix-receive node updated so that instead of selecting what events to ignore you select what events to listen on (this way it isn't a BC every time we add another event).
- matrix-receive now handles m.emote & m.sticker events
- matrix-server-config updated to now include the device ID and a checkbox to flag whether to enable e2ee support or not.
- matrix-synapse-create-edit-user.html updated to include link to the API docs'
- matrix-synapse-deactivate-user.html updated to include message about alternative way to deactivate users (in a way that is recoverable)
- matrix-synapse-register node does not need to display if connected or not since it users an entirely different API anyways
- matrix-synapse-users.html updated to include link to API docs
skylord123
bvmensvoort