matrix-js-sdk's LocalStorageCryptoStore.getEndToEndSessionsBatch()
returns olm sessions without the deviceKey/sessionId fields, since
those live only in the storage key path. initRustCrypto()'s migration
then assigns the undefined deviceKey to PickledSession.senderKey and
crashes in the WASM setter with "Cannot read properties of undefined
(reading 'length')". The IndexedDB backend embeds those fields in the
record and is unaffected, which is why this only hit installs that
were started on the legacy localStorage crypto store.
Patch the instance to re-derive deviceKey/sessionId from the
crypto.sessions/<deviceKey> keys before returning a batch, so both
the migration and its delete-after-migrate step work.
New matrix-send-location node publishes m.location events using
matrix-js-sdk's makeLocationContent helper, so the wire format matches
Element's "Share my location". Per-message inputs are typed inputs
(msg / flow / global / num / str), defaulting to the obvious msg.*
names.
matrix-receive's m.location handler now also sets msg.latitude,
msg.longitude, msg.altitude, msg.description, msg.assetType, and
msg.timestamp on the output (additive - msg.geo_uri / msg.payload are
unchanged), so a Receive node wired straight into Send Location resends
a byte-equivalent event.
Help docs in both nodes updated.
Adds two interactive admin tools to the matrix-server-config node so
device verification and session management can be done from the editor
without building a flow. Both open as modal dialogs and are backed by
new flows.write-protected admin endpoints.
Pending verifications
- New "Pending verification requests" button opens a modal listing
incoming and in-progress verification requests, refreshed every 5
seconds.
- Each entry shows the type (device or room), who it is from, a live
age, and a live expiry countdown; the list is capped at the newest 20
with a hidden-count note.
- Clicking an entry drives the SAS flow (accept, start, show emoji,
confirm/cancel) within the modal.
- New /matrix-chat/verification endpoint with list, advance, confirm,
mismatch, and cancel actions.
- trackVerificationRequest now records a seen-at timestamp and keeps
finished requests for two minutes so their outcome can still be
reported to the editor.
Sessions
- New "Manage sessions" button opens a modal listing the account's
sessions, modelled on Element's session manager: the current session
with a verified / not-verified status box, then other sessions, each
with a green or red shield, last activity, and IP address.
- Clicking a session shows its details (session ID, last activity, IP),
a Rename action, and a password-confirmed Remove. Unverified sessions
offer a Verify action that hands off into the verification modal.
- New /matrix-chat/sessions endpoint with list, rename, remove, and
verify actions.
Upgrades matrix-js-sdk from 34.13.0 to 41.5.0. This crosses the v37
removal of the legacy libolm crypto stack, so E2EE is migrated to the
Rust crypto implementation. Also adds device verification, cross-signing
setup, and authenticated media support.
Dependencies
- Bump matrix-js-sdk ^34.13.0 -> ^41.5.0; require Node.js >= 22.
- Drop the `olm` dependency (legacy crypto only); add `fake-indexeddb`.
Rust crypto
- Replace initCrypto() with initRustCrypto(); the legacy crypto stack
was removed upstream in v37.
- Add src/matrix-crypto-store.js: the Rust crypto store requires
IndexedDB, absent in Node.js, so it is backed by fake-indexeddb and
snapshotted to disk (rust-crypto-store.v8) to survive restarts.
- Migrate existing libolm crypto state into the Rust store on first run,
and discard the stored crypto state when the device ID changes.
Homeserver discovery
- Resolve the homeserver via .well-known, so a delegating domain
(e.g. example.org) works as the configured server URL.
Cross-signing & secure backup
- Add a secured /matrix-chat/secure-backup admin endpoint and a modal
dialog on the server config node: check status, unlock an existing
secure backup with its recovery key, or reset and create a new one.
Device verification (new nodes)
- matrix-verification: event source emitting verification requests and
phase changes, with on-node filters (phase, initiated by, type,
self-verification, user allowlist, room).
- matrix-verification-action: request, accept, start SAS, confirm,
mismatch, or cancel an in-flight verification.
Authenticated media
- matrix-receive and matrix-crypt-file use the authenticated media
endpoints, send a bearer token via msg.headers, and fall back between
the v3 and v1 media endpoints on a 404.
Fixes
- Surface connection/auth errors in the log; node.error() calls were
passed an empty msg object, which routed the error and suppressed
console logging.
- matrix-get-user: await getProfileInfo()/getPresence().
- matrix-invite-room: pass the reason as the third invite() argument
(the removed callback parameter was shifting it out).
- Guard the verification handlers so a throwing SDK getter cannot crash
Node-RED.
Docs
- Add the device-verification example flow; update the READMEs and node
help, correcting stale claims that device verification, secure backup,
and encrypted file uploads were unsupported.
- Added examples for every node
- Fixed User Settings node requiring a roomId when it's not needed
- Fixed the documentation for Upload File node
- Get User node had unused config code that has been removed
- Add new node `Get Event` that will give you room data for a corresponding roomId and eventId #117
- Add new node `Fetch Event Relations` that can paginate through events related to another event #119
- README updates
- matrix-send-message node can now be used to reply in a thread (closes#104)
- matrix-receive node now returns msg.mentions for easier access to who was mentioned in message
- matrix-receive node now returns boolean msg.isThread based on whether the message is a thread reply or not
#102 File upload node automatically detects mime type from name
#102 File upload node automatically fills in information for m.video, m.audio, and m.image (resolution, duration, etc)
#102 File upload node can generate a thumbnail for videos
#102 Send message node now accepts an object to override the message content
- #97 added support for m.room.history_visibility, m.room.server_acl, m.room.pinned_events, m.space.child, and m.space.parent
- #97 fix issue with checkbox being hidden on config page when adding new setters/getters on config page
- #97 remove num, bool, bin, and data from being options you can set to a state event (currently only objects and sometimes strings are allowed)
- Updated Leave Room node so it deletes the room from local storage
- Updated server config node so it deletes the matrix client from storage during shutdown (possibly solution to #94)
- Room Settings node renamed to Room State Events
- Room State Events node allows configuring inputs/outputs from config
- Fix bug with various nodes allowing execution even though matrix server isn't connected
- Replace deprecated matrixClient.setGlobalErrorOnUnknownDevices method
- Update docs for new Room State Events node
skylord123
Fabbio Protopapa
Patrick Kranz
Marc
Chris Koos
squatica
bvmensvoort