Upgrades matrix-js-sdk from 34.13.0 to 41.5.0. This crosses the v37
removal of the legacy libolm crypto stack, so E2EE is migrated to the
Rust crypto implementation. Also adds device verification, cross-signing
setup, and authenticated media support.
Dependencies
- Bump matrix-js-sdk ^34.13.0 -> ^41.5.0; require Node.js >= 22.
- Drop the `olm` dependency (legacy crypto only); add `fake-indexeddb`.
Rust crypto
- Replace initCrypto() with initRustCrypto(); the legacy crypto stack
was removed upstream in v37.
- Add src/matrix-crypto-store.js: the Rust crypto store requires
IndexedDB, absent in Node.js, so it is backed by fake-indexeddb and
snapshotted to disk (rust-crypto-store.v8) to survive restarts.
- Migrate existing libolm crypto state into the Rust store on first run,
and discard the stored crypto state when the device ID changes.
Homeserver discovery
- Resolve the homeserver via .well-known, so a delegating domain
(e.g. example.org) works as the configured server URL.
Cross-signing & secure backup
- Add a secured /matrix-chat/secure-backup admin endpoint and a modal
dialog on the server config node: check status, unlock an existing
secure backup with its recovery key, or reset and create a new one.
Device verification (new nodes)
- matrix-verification: event source emitting verification requests and
phase changes, with on-node filters (phase, initiated by, type,
self-verification, user allowlist, room).
- matrix-verification-action: request, accept, start SAS, confirm,
mismatch, or cancel an in-flight verification.
Authenticated media
- matrix-receive and matrix-crypt-file use the authenticated media
endpoints, send a bearer token via msg.headers, and fall back between
the v3 and v1 media endpoints on a 404.
Fixes
- Surface connection/auth errors in the log; node.error() calls were
passed an empty msg object, which routed the error and suppressed
console logging.
- matrix-get-user: await getProfileInfo()/getPresence().
- matrix-invite-room: pass the reason as the third invite() argument
(the removed callback parameter was shifting it out).
- Guard the verification handlers so a throwing SDK getter cannot crash
Node-RED.
Docs
- Add the device-verification example flow; update the READMEs and node
help, correcting stale claims that device verification, secure backup,
and encrypted file uploads were unsupported.
- can now specify message in node's configuration for matrix-send-message
- can now specify reaction in node's configuration for matrix-react
- reason can now be configured on both matrix-room-kick and matrix-room-ban
- icons updated for various nodes
- fix tag for name configuration field for various nodes
- roomId input is now validated to ensure it starts with ! and if not shows an error
- can now specify message in node's configuration for matrix-send-message
- can now specify reaction in node's configuration for matrix-react
- reason can now be configured on both matrix-room-kick and matrix-room-ban
- icons updated for various nodes
- matrix-js-sdk update from 15.5.0 to 16.0.0
- Fixed matrix-js-sdk breaking changes
- @matrix-org_olm-3.2.8.tgz added to package since there is no npm release for this. It fixes some errors so we need it.
- Updated readme
- Support for e2ee is here! It's in beta as I am sure there are still things to do (such as adding a node for encrypting files as files currently are not encrypted).
- Added nodes for joining a room (and forcing users into a room), creating rooms, decrypting files, and inviting users to a room.
- matrix-synapse-register node name changed from "Synapse Register v1" to "Shared Secret Registration" to make it more self explanatory.
- matrix-receive node updated so that instead of selecting what events to ignore you select what events to listen on (this way it isn't a BC every time we add another event).
- matrix-receive now handles m.emote & m.sticker events
- matrix-server-config updated to now include the device ID and a checkbox to flag whether to enable e2ee support or not.
- matrix-synapse-create-edit-user.html updated to include link to the API docs'
- matrix-synapse-deactivate-user.html updated to include message about alternative way to deactivate users (in a way that is recoverable)
- matrix-synapse-register node does not need to display if connected or not since it users an entirely different API anyways
- matrix-synapse-users.html updated to include link to API docs
skylord123