I built a psyogs server 0.3.4
i'm visible admin to a few open Communities on there
I can add messages when using the Android client
Last week my ability to enter text using the Windows desktop client stopped working
The "+" and microphone symbols are missing next to the Message box
All other conversations/communities are fine, just seems to be an issue with my sogs and the Windows client

Looking for help on what to check really. Or just seeing what 0.3.5 brings.

When trying to delete the main room, which is a carryover from the days of the Rust SOGS:

$ sudo sogs --delete-room main
2022-03-25 10:40:08,357 foo.com config[1333760] INFO Loading config from /etc/sogs/sogs.ini

main
====
Name: Main
Description: None
URL: http://foo.com/main?public_key=abcdec6c471ac0468c7c77e1cdc12f24a139ee8a07c6e3bf4e7855640dad821
Messages: 0 (0.0 MB)
Attachments: 0 (0.0 MB)
Active users: 2 (7d), 2 (14d) 2 (30d)
Moderators: 0 admins (0 hidden), 0 moderators (0 hidden)
Are you sure you want to delete this room? [yN] y
Traceback (most recent call last):
  File "/usr/lib/python3.8/runpy.py", line 194, in _run_module_as_main
    return _run_code(code, main_globals, None,
  File "/usr/lib/python3.8/runpy.py", line 87, in _run_code
    exec(code, run_globals)
  File "/usr/lib/python3/dist-packages/sogs/__main__.py", line 169, in <module>
    cur.execute("DELETE FROM rooms WHERE token = ?", [args.delete_room])
sqlite3.IntegrityError: FOREIGN KEY constraint failed

I'm not sure what exactly is happening here, but wanted to document it.

Is this simply a case of a banned user?

Oct 01 21:26:13 sog.caliban.org uwsgi[5496]: 2022-10-01 21:26:13,920 sog.caliban.org sogs.web[5496] WARNING This endpoint requires room message 'read' permission
Oct 01 21:26:13 sog.caliban.org uwsgi[5496]: 2022-10-01 21:26:13,921 sog.caliban.org sogs.web[5496] WARNING Sub-request for GET /room/persian/pollInfo/9 returned status 403
Oct 01 21:26:13 sog.caliban.org uwsgi[5496]: 2022-10-01 21:26:13,922 sog.caliban.org sogs.web[5496] WARNING This endpoint requires room message 'read' permission
Oct 01 21:26:13 sog.caliban.org uwsgi[5496]: 2022-10-01 21:26:13,922 sog.caliban.org sogs.web[5496] WARNING Sub-request for GET /room/persian/messages/since/151461 returned status 403
Oct 01 21:26:13 sog.caliban.org uwsgi[5496]: [pid: 5496|app: 0|req: 3287/13263] 198.98.62.177 () {34 vars in 443 bytes} [Sat Oct  1 21:26:13 2022] POST /oxen/v4/lsrpc => generated 526 bytes in 6 msecs (HTTP/1.1 200) 2 headers in 80 bytes (1 switches on core 0)
Oct 01 21:26:13 sog.caliban.org uwsgi[5496]: [pid: 5496|app: 0|req: 3288/13264] 104.248.20.139 () {34 vars in 440 bytes} [Sat Oct  1 21:26:13 2022] POST /oxen/v4/lsrpc => generated 449 bytes in 8 msecs (HTTP/1.1 200) 2 headers in 80 bytes (1 switches on core 0)
Oct 01 21:26:13 sog.caliban.org uwsgi[5496]: [pid: 5496|app: 0|req: 3289/13265] 159.69.19.182 () {34 vars in 439 bytes} [Sat Oct  1 21:26:13 2022] POST /oxen/v4/lsrpc => generated 212 bytes in 2 msecs (HTTP/1.1 200) 2 headers in 80 bytes (1 switches on core 0)
Oct 01 21:26:13 sog.caliban.org uwsgi[5504]: 2022-10-01 21:26:13,940 sog.caliban.org sogs.web[5504] WARNING Sub-request for POST /room/persian/message failed: Traceback (most recent call last):
Oct 01 21:26:13 sog.caliban.org uwsgi[5504]:   File "/usr/lib/python3/dist-packages/flask/app.py", line 1950, in full_dispatch_request
Oct 01 21:26:13 sog.caliban.org uwsgi[5504]:     rv = self.dispatch_request()
Oct 01 21:26:13 sog.caliban.org uwsgi[5504]:   File "/usr/lib/python3/dist-packages/flask/app.py", line 1936, in dispatch_request
Oct 01 21:26:13 sog.caliban.org uwsgi[5504]:     return self.view_functions[rule.endpoint](**req.view_args)
Oct 01 21:26:13 sog.caliban.org uwsgi[5504]:   File "/usr/lib/python3/dist-packages/sogs/routes/auth.py", line 119, in required_user_wrapper
Oct 01 21:26:13 sog.caliban.org uwsgi[5504]:     return f(*args, **kwargs)
Oct 01 21:26:13 sog.caliban.org uwsgi[5504]:   File "/usr/lib/python3/dist-packages/sogs/routes/messages.py", line 362, in post_message
Oct 01 21:26:13 sog.caliban.org uwsgi[5504]:     msg = room.add_post(
Oct 01 21:26:13 sog.caliban.org uwsgi[5504]:   File "/usr/lib/python3/dist-packages/sogs/model/room.py", line 793, in add_post
Oct 01 21:26:13 sog.caliban.org uwsgi[5504]:     raise BadPermission()
Oct 01 21:26:13 sog.caliban.org uwsgi[5504]: sogs.model.exc.BadPermission: Permission denied
Oct 01 21:26:13 sog.caliban.org uwsgi[5504]: During handling of the above exception, another exception occurred:
Oct 01 21:26:13 sog.caliban.org uwsgi[5504]: Traceback (most recent call last):
Oct 01 21:26:13 sog.caliban.org uwsgi[5504]:   File "/usr/lib/python3/dist-packages/sogs/routes/subrequest.py", line 98, in make_subrequest
Oct 01 21:26:13 sog.caliban.org uwsgi[5504]:     response = app.full_dispatch_request()
Oct 01 21:26:13 sog.caliban.org uwsgi[5504]:   File "/usr/lib/python3/dist-packages/flask/app.py", line 1952, in full_dispatch_request
Oct 01 21:26:13 sog.caliban.org uwsgi[5504]:     rv = self.handle_user_exception(e)
Oct 01 21:26:13 sog.caliban.org uwsgi[5504]:   File "/usr/lib/python3/dist-packages/flask/app.py", line 1822, in handle_user_exception
Oct 01 21:26:13 sog.caliban.org uwsgi[5504]:     return handler(e)
Oct 01 21:26:13 sog.caliban.org uwsgi[5504]:   File "/usr/lib/python3/dist-packages/sogs/model/exc.py", line 97, in abort_perm_denied
Oct 01 21:26:13 sog.caliban.org uwsgi[5504]:     flask.abort(http.FORBIDDEN)
Oct 01 21:26:13 sog.caliban.org uwsgi[5504]:   File "/usr/lib/python3/dist-packages/werkzeug/exceptions.py", line 822, in abort
Oct 01 21:26:13 sog.caliban.org uwsgi[5504]:     return _aborter(status, *args, **kwargs)
Oct 01 21:26:13 sog.caliban.org uwsgi[5504]:   File "/usr/lib/python3/dist-packages/werkzeug/exceptions.py", line 807, in __call__
Oct 01 21:26:13 sog.caliban.org uwsgi[5504]:     raise self.mapping[code](*args, **kwargs)
Oct 01 21:26:13 sog.caliban.org uwsgi[5504]: werkzeug.exceptions.Forbidden: 403 Forbidden: You don't have the permission to access the requested resource. It is either read-protected or not readable by the server.
Oct 01 21:26:13 sog.caliban.org uwsgi[5504]: 
Oct 01 21:26:13 sog.caliban.org uwsgi[5504]: 2022-10-01 21:26:13,942 sog.caliban.org sogs.web[5504] WARNING Invalid v4 onion request: 403 Forbidden: You don't have the permission to access the requested resource. It is either read-protected or not readable by the server.

Hello,

on Debian 11 i can see that uwsgi is writing duplicate log lines to two files: syslog and daemon.log. How to fix this issue please?

Another question is why it is logging lines like:
uwsgi[256720]: [pid: 256720|app: 0|req: 547/564] 127.0.0.1 () {34 vars in 466 bytes} [Fri Nov 18 05:31:50 2022] POST /oxen/v4/lsrpc => generated 920 bytes ...
despite my /etc/sogs/sogs.ini contains line "level = WARNING" (i have removed ";") and SOGS was restart?

The amoung of log lines is also alarming:
cd /var/log && grep -c "POST /oxen/v4/lsrpc" {syslog,daemon.log}

syslog:475960
daemon.log:475961

Ideas what to check please? And if you believe as me that such intensive logging should not be by default, please tweak the code. Thank you

Hello,

I followed the steps here for sogs-proxied and gave it a cert using certbot. SOGS itself works as such, however upon viewing the domain in a browser for webview and clicking on the room name, despite the correct URL showing, it would then redirect to the local IP:port and fail accordingly.

Upon investigating, it appears that adding a host header in the generated NGINX configuration resolves the issue.

Here's an example of what a working location block would look like after updating that:

    location / {
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_pass http://127.3.2.1:4242$request_uri;
    }

Edit: if you happen to be troubleshooting the same thing, remember to clear cache/cookies especially if using Firefox before retesting

I enabled id blinding for sog.caliban.org on 2023-01-01 at 00.00 UTC. The server runs PySOGS 0.3.6.

Immediately, I noticed that I had lost hidden global admin privileges in all of my groups. The extra menu options no longer appeared for me.

These were restored by executing the following:

$ sudo sogs --add-moderators <my_unblinded_session_id> --rooms=+ --hidden --admin

Other group-level admins are reporting that privileged features are still displayed in Session's menus, but no longer effective.

Having a not privileged tag for normal users would be great so we can have a molly guard in the client for a ban of those users.

Hello,

How can I put that only administrators and moderators can publish, and other users only read ?

Thanks

Hello,

because Sessiond developers not yet made the public group link to cause addition of a group to session, many people "Open" the link (in browser) which cause "Not Found" confusing newbies.

For example: http://sog.caliban.org/espanol?public_key=118df8c6c471ac0468c7c77e1cdc12f24a139ee8a07c6e3bf4e7855640dad821

It would be handy if you add redirect (maybe to http://sog.caliban.org/r/espanol/) or add new page where visitor is instructed (maybe even multi-language) like:

[Click to copy] this address and then paste it to the Session "Join Public Group" section.

This instruction be displayed even on http://sog.caliban.org/r/espanol/ maybe.

Steps:
* Follow the steps to install for Ubuntu

Error happens at step:
* sudo apt install sogs-standalone

Output:

sudo apt install sogs-standalone
Reading package lists... Done
Building dependency tree
Reading state information... Done
Some packages could not be installed. This may mean that you have
requested an impossible situation or if you are using the unstable
distribution that some required packages have not yet been created
or been moved out of Incoming.
The following information may help to resolve the situation:

The following packages have unmet dependencies:
 sogs-standalone : Depends: python3-sogs (= 0.3.0-2) but it is not going to be installed
Unable to correct problems, you have held broken packages.

I am able to verify the repo is added correctly:

Hit:1 https://packages.grafana.com/oss/deb stable InRelease
Hit:2 https://deb.oxen.io focal InRelease
Hit:3 http://iad-ad-2.clouds.ports.ubuntu.com/ubuntu-ports focal InRelease
Hit:4 http://ports.ubuntu.com/ubuntu-ports focal-security InRelease
Hit:5 http://iad-ad-2.clouds.ports.ubuntu.com/ubuntu-ports focal-updates InRelease
Hit:6 http://iad-ad-2.clouds.ports.ubuntu.com/ubuntu-ports focal-backports InRelease

SOGS handles message requests for blinded IDs, we should implement a per ID limit on how many message requests a ID can send per x period of time, this should be adjustable in config

Brainstorming:

0. Alice, Bob, and Chuck are in a SOGS (the DNA room which is all about the number 42, of course, but recommends that you bring a towel).
1. In order to participate in the room Alice derives a shadow private and public key according to:

   k = H(open group pubkey)
   a' = ka
   A' = kA
   B = 0x04 || A'
   

   and submits SOGS messages using a per-server, pseudo-session-id B (which is like a Session ID but, in hex notation, begins with 04 for differentiation).
2. Alice submits a post to the DNA room, signing the message using a' (using the same XEd25519 signatures as are used currently, but with this derived key instead), and uses A' as the publicly visible sender session ID.
3. Bob retrieves messages from SOGS and receives the message from Alice. Because Bob and Alice have prior direct contact, his session client can derive A', and so Bob's client automatically displays the message as being from Alice (and shows both derived and real Session IDs when viewing message details).
4. Chuck, who does not know Alice's true session ID, receives the same message, can verify the signature, but since A' doesn't match the derived keys of any of Chuck's contacts, can only display the message using the pseudo-id (the one starting with 04).
5. Chuck wants to DM Alice, but in order to do so requires Alice's Session ID.
6. Chuck constructs a "please send your session ID to me" message (precise encoding TBD), which includes Chuck's own Session ID, encrypted using Alice's pseudo-id, and sends it to the SOGS for delivery to Alice.
7. Alice receives it from SOGS the next time she polls for messages, decrypts it, and then, if she chooses to allow it (perhaps automatically or via confirmation depending on Privacy settings) constructs a "here's my session ID" message that goes directly to Chuck's session ID, which Chuck then recognizes as part of the DM he is trying to initiate.
8. Chuck receives, verifies, and opens a new conversation with Alice. (And going forward, like Bob, can see when Alice posts a message).

Notes:

• There is some trust in the server during the discovery process. A malicious server could fully intercept all messages, rewrite them using new IDs and passively translate IDs back and forth to keep itself in the middle of all conversations. This is outside the scope of problems we can solve because it is the exact same problem as with any session ID discovery process. It is, however, important that we include some identifying characteristics for the server in question so that the user can make an informed decision as to whether to engage in the handshake based on the server source.
• Although this proposal avoids linking unknown users based on their session ID (because each user will have a different psuedo-ID on each server) there are still various ways to link users:
  • ONS users are not protected if their ONS name matches their profile name (or is otherwise advertised): Session clients can instantly look up the ONS name and verify that the pseudo-id matches the published name. (This is probably a good thing in some respects -- ONS users can get a special badge).
  • avatar uploads can link a user as having the same file server avatar URL in two different profile sections on two different servers almost certainly means you are the same user. (This doesn't help you get the Session ID, but does allow linking of accounts). Future capabilities might involve some sort of "don't post my avatar in messages to this server", or per-server avatars/display names.

Hello,

profanity list phrases are currently not effective against fancy text https://textfancy.com/ and one have to add for example:
purple
𝑃𝑈𝑅𝑃𝐿𝐸

Can You please disable fancy text in Session or convert it to normal/regular text (or do it on SOGS or on profanity filtering level) so the regular text block really everything and fancy one is not a problem for admin ?

https://github.com/nitanmarcel/fancy_text
https://github.com/Secret-chest/fancify-text#readme

$ sogs -L
This script must run as root (e.g. via sudo)

Why?

Endpoint for getting the members of an open group room, should be authenticated only for moderators and admins

add endpoints for a user to delete their DMs.

$ sudo sogs --rooms francais --name Français --description 'Discussion in French.'
usage: sogs [-h] [--version] [--add-room TOKEN] [--name NAME] [--description DESCRIPTION]
            [--delete-room TOKEN] [--add-moderators SESSIONID [SESSIONID ...]]
            [--delete-moderators SESSIONID [SESSIONID ...]] [--set-perms]
            [--users SESSIONID [SESSIONID ...]] [--add-perms ADD_PERMS]
            [--remove-perms REMOVE_PERMS] [--clear-perms CLEAR_PERMS] [--admin]
            [--rooms TOKEN [TOKEN ...]] [--visible | --hidden] [--list-rooms]
            [--list-global-mods] [--verbose] [--yes] [--initialize] [--upgrade]
            [--check-upgrades]
sogs: error: one of the arguments --add-room --delete-room --add-moderators --delete-moderators --set-perms --list-rooms/-L --list-global-mods/-M --initialize --upgrade/-U --check-upgrades is required

It seems that an --edit-room is called for.

On flag day we need SOGS to start returning a fake (i.e. signed by the server key converted into a Session ID) message saying something along the lines of:

"This server requires an upgraded version of Session."

when using the legacy message retrieval endpoints so that existing Session clients don't just silently fail (since they'll refuse messages posted with blinded keys, which starts on flag day).

Currently, carried over from legacy SOGS, there is no association of files/images with posts and so, when a post is deleted, the attachment stays around until it expires. This also means we can't do things like automatically preventing expiry of attachments in pinned messages (because we have no way to get the attachments).

This also means that when some failure occurs and Session re-uploads it can end up re-trying to upload several times before it actually submits the post, and we get never-referenced files that hang around for 15 days.

Association for a client would look something like:

• Client uploads one or more files via new (non-legacy) upload endpoint, gets the image ids. These uploaded files, however, will be very short-lived, maybe 10 minutes.
• Client submits the post including ids of any attached images, at which point the expiries get extended to the default file lifetime (15 days, or whatever has been configured).

On the backend, I think we could use this column added to the files table:

    message BIGINT REFERENCES messages(id) ON DELETE SET NULL,

along with a trigger to immediately expire messages if a post is deleted:

CREATE TRIGGER messages_delete_attachments AFTER UPDATE OF data ON messages
FOR EACH ROW WHEN NEW.data IS NULL and OLD.data IS NOT NULL
BEGIN
    UPDATE files SET expiry = 0 WHERE message = OLD.id;
END;

Three things here:

• Implementing new endpoints so submit files, which will give them a default 1h expiry time, and take a suggested filename.
• Download endpoints (not using JSON), along with filename, etc. provided in headers.
• Add recognition of "files" parameter in the post and edit message endpoints, so that it associates any listed files that don't already have an associated posts with the new (or edited) post, and updates the expiry on the files to the server default expiry time.

I am trying to create a SOGS server using Debian Linux and the sogs-standalone setup. There is one detail about this server that is unusual, the server is a Tor hidden service. There is another server which hosts an nginx reverse proxy to this hidden server. This is something I have done many times and usually works quite well. The nginx reverse proxy does use SSL with LetsEncrypt. Despite this abnormal setup, it should work fine because sogs-standalone works using HTTP virtual hosts.

I do get a webpage through my nginx reverse proxy of the room list, but once a room is clicked my browser gets redirected to an address which does not work http://127.3.2.1:4242/ and the browser complains it cannot reach it.

The problem is that the sogs standalone server does listen on port 80 and this is what I want. Regardless of that I want it to create links for HTTPS on port 443, because that is what my external clearnet server uses, where it then redirects things to the Tor hidden service. Basically despite running on 80 I need it to give out HTTPS urls, or just use relative paths.

Beyond the advice on installing the server and the help provided by the sogs command I cannot really find any comprensive documentation, but if I just failed to Google it post a link for me below.

Hello! Is it possible to make a pinned message containing, for example, community guidelines?
~ Judah

The great thing about better-profanity is that it is much faster than its long-abandoned predecessor, profanity. It achieves this by matching fixed strings rather than regular expressions, and therein lies a painful trade-off for SOGS operators.

For example, I would like to filter one-word greetings from my groups, and whilst I can list the words themselves, I cannot specify that they match only when they are the only text present.

The lack of support for regex in better-profanity is a clear design decision, so the answer is not to patch that, but to develop a second filter that handles any regex filtering desired by the user.

Ideally, PySOGS would monitor the custom lists of both filters and reload them whenever the mtime changes.

i'm getting this error when attempting to install the oxen proxy package:

Package python3-oxenmq is not available, but is referred to by another package.
This may mean that the package is missing, has been obsoleted, or
is only available from another source

E: Package 'python3-oxenmq' has no installation candidate

any workarounds? running ubuntu 22.04

After creating a group and viewing the group from the web page, the QR code is a broken image. When I view the QR code URL I get the error:
Internal Server Error
The server encountered an internal error and was unable to complete your request. Either the server is overloaded or there is an error in the application.

and logs show the errors below:
Dec 9 06:52:12 test uwsgi[44550]: #33[32m2022-12-09 06:52:12,979#033[0m #33[35mtest#033[0m #33[34msogs.web[44550]#33[0m #33[1;30mERROR#033[0m #33[31mException on /r/test/invite.png [GET]#33[0m
Dec 9 06:52:12 test uwsgi[44550]: Traceback (most recent call last):
Dec 9 06:52:12 test uwsgi[44550]: File "/usr/lib/python3/dist-packages/flask/app.py", line 2070, in wsgi_app
Dec 9 06:52:12 test uwsgi[44550]: response = self.full_dispatch_request()
Dec 9 06:52:12 test uwsgi[44550]: File "/usr/lib/python3/dist-packages/flask/app.py", line 1515, in full_dispatch_request
Dec 9 06:52:12 test uwsgi[44550]: rv = self.handle_user_exception(e)
Dec 9 06:52:12 test uwsgi[44550]: File "/usr/lib/python3/dist-packages/flask/app.py", line 1513, in full_dispatch_request
Dec 9 06:52:12 test uwsgi[44550]: rv = self.dispatch_request()
Dec 9 06:52:12 test uwsgi[44550]: File "/usr/lib/python3/dist-packages/flask/app.py", line 1499, in dispatch_request
Dec 9 06:52:12 test uwsgi[44550]: return self.ensure_sync(self.view_functions[rule.endpoint])(**req.view_args)
Dec 9 06:52:12 test uwsgi[44550]: File "/usr/lib/python3/dist-packages/sogs/routes/views.py", line 64, in serve_invite_qr
Dec 9 06:52:12 test uwsgi[44550]: img = qrencode.encode(room.url)
Dec 9 06:52:12 test uwsgi[44550]: File "/usr/lib/python3/dist-packages/qrencode/init.py", line 47, in encode
Dec 9 06:52:12 test uwsgi[44550]: version, size, data = _encode(data, version, level, hint, True)
Dec 9 06:52:12 test uwsgi[44550]: SystemError: PY_SSIZE_T_CLEAN macro must be defined for '#' formats

OS is a fresh Ubunto 20.04
Python version: 3.10.6

Followed install steps here for sogs-standalone:
https://docs.oxen.io/products-built-on-oxen/session/guides/open-group-setup

Any ideas? thx

the readme needs to be rewritten in full as nothing in it is up to date anymore

I run a status page and would love to have some sort of way to tie it into the open group, maybe like a webhook of some sort? So it can send a message to the group when one of my services goes down, for example.

Not sure if this is possible, but I guess asking won't hurt!

• Cross

One where only admins/mods can chat in. For announcements and stuff.

By Default PySOGS hosts a web viewer for each room you create, this should be on by default but should be able to be turned off through a config option.

--unban USERS would be nice to have in combination with --rooms to unban the Session ids of the given users in the given rooms.

After enabling id blinding on sog.caliban.org, I observe that messages posted prior to blinding are still downloaded by Session with the original unblinded id.

This allows the association of blinded ids with their unblinded counterparts for any given display name.

Should id blinding not be retroactively applied to all messages downloaded from the server?

We need to ensure that user permissions carry over when blinding gets enabled, so that if someone is a moderator they remain a moderator post-blinding, and a banned user remains banned.

Here's an approach that would work:

• Add a needs_blinding table with two columns: [user, blinded_pos]. user is a foreign key to users.id, blinded_pos is a varchar.
• At startup (before forking) when blinding is enabled: get the list of unblinded users with user_permission_override rows that don't exist in the needs_blinding table, insert (id, |kA|) rows into the needs_blinding table, where |kA| is the positive branch kA (i.e. has the MSB cleared: kA[31] &= 0x7f).
• During authentication:
  • if blinded user does not exist in the database then see if |kA| (i.e. clear the sign bit) exists in needs_blinding. If it does:
    1. insert user row (using kA, not |kA|).
    2. update any user_permission_override, user_permission_futures, and user_ban_futures rows with the old ID to the newly inserted user id.
    3. delete the needs_blinding row.
• when inserting a moderator by unblinded id, look up kA/-kA and if either exist in the users table then use that instead. Otherwise insert the unblinded id as a user (if not already existing) + add a needs_blinding row for the unblinded id, then set the permission bits for that unblinded user.

Some implementation details:

• Getting unmigrated users list:

SELECT users.id FROM users WHERE session_id > '05' AND session_id < '06'
    AND EXISTS (SELECT * FROM user_permission_overrides WHERE "user" = users.id);

• Should also add an index on user_permission_overrides(user) to make that query fast.
• permission updating:

UPDATE user_permission_overrides SET "user" = :new_id WHERE "user" = :old_id;
UPDATE user_permission_futures SET "user" = :new_id WHERE "user" = :old_id;
UPDATE user_ban_futures SET "user" = :new_id WHERE "user" = :old_id;

version: PySOGS 0.3.5

config additions, otherwise stock settings.

[users]                                                                                                                                                                                                            
require_blind_keys = yes   

traceback given while trying to delete a room

The above exception was the direct cause of the following exception:

Traceback (most recent call last):
  File "/usr/lib/python3.9/runpy.py", line 197, in _run_module_as_main
    return _run_code(code, main_globals, None,
  File "/usr/lib/python3.9/runpy.py", line 87, in _run_code
    exec(code, run_globals)
  File "/usr/lib/python3/dist-packages/sogs/__main__.py", line 341, in <module>
    room.delete()
  File "/usr/lib/python3/dist-packages/sogs/model/room.py", line 186, in delete
    result = query("DELETE FROM rooms WHERE token = :t", t=self.token)
  File "/usr/lib/python3/dist-packages/sogs/db.py", line 54, in query
    return dbconn.execute(q, **params)
  File "/usr/lib/python3/dist-packages/sqlalchemy/engine/base.py", line 1011, in execute
    return meth(self, multiparams, params)
  File "/usr/lib/python3/dist-packages/sqlalchemy/sql/elements.py", line 298, in _execute_on_connection
    return connection._execute_clauseelement(self, multiparams, params)
  File "/usr/lib/python3/dist-packages/sqlalchemy/engine/base.py", line 1124, in _execute_clauseelement
    ret = self._execute_context(
  File "/usr/lib/python3/dist-packages/sqlalchemy/engine/base.py", line 1316, in _execute_context
    self._handle_dbapi_exception(
  File "/usr/lib/python3/dist-packages/sqlalchemy/engine/base.py", line 1510, in _handle_dbapi_exception
    util.raise_(
  File "/usr/lib/python3/dist-packages/sqlalchemy/util/compat.py", line 182, in raise_
    raise exception
  File "/usr/lib/python3/dist-packages/sqlalchemy/engine/base.py", line 1276, in _execute_context
    self.dialect.do_execute(
  File "/usr/lib/python3/dist-packages/sqlalchemy/engine/default.py", line 609, in do_execute
    cursor.execute(statement, parameters)
sqlalchemy.exc.IntegrityError: (sqlite3.IntegrityError) FOREIGN KEY constraint failed
[SQL: DELETE FROM rooms WHERE token = ?]
[parameters: ('roomgoeshere',)]
(Background on this error at: http://sqlalche.me/e/13/gkpj)

--banned would be nice to have in combination with --rooms to list the Session ids of banned users in the given rooms.

In old SOGS there was a /block_list that just returns the list of all banned session IDs. This doesn't work well for new SOGS because we have supplemental info, such as a possible ban timeout, as well as different types of restrictions (for example, someone might only be muted but not entirely banned).

We can, of course, just return a dump of the ban info, but that isn't great either because a ban list almost never shrinks, which means the returned data is going to be growing forever.

I think, instead, we need some sort of incremental ban mechanism so that moderators can query bans/permissions/etc. and receive updates to that list without needing to download the whole list every time.

After creating a new group in PySOGS, Session Desktop does not recognise my global hidden admin status and I cannot, for example, add an avatar to the group.

If, however, I rerun the command to add myself as a global hidden admin, the status is then recognised in the new group. This should be a superfluous action, however, because administration.md states:

Global moderators/administrators are considered to be moderators of every room on the server for both existing rooms and any new future rooms

It seems that the "future" part is failing, which suggests that a privilege-granting trigger that should fire when a new group is created is failing to run.

To Reproduce

1. Assign oneself global hidden admin status on a SOGS instance.
2. Create a new group on the instance with no explicit admins.
3. Try to perform any action requiring admin privileges in Session Desktop. None is available.

• PySOGS 0.3.5
• Session Version: 1.10.4

See also this Session Desktop issue, which can be closed if the bug lies entirely on the PySOGS side.

I was installing sogs proxied https://github.com/oxen-io/session-pysogs/blob/dev/install-debs.md#installation
on Debian 11 and selected address: https://mydomain.tld when prompted.
After installed, accessing that address via browser not worked: Secure Connection Failed

sudo apt install python*certbot-nginx
sudo certbot --nginx -d mydomain.tld -d www.mydomain.tld

That attempt to install certificate always ended with error: Could not automatically find a matching server block for mydomain.tld. Set the server_name directive to use the Nginx installer.

I have found that certbot starts working after i "sudo nano /etc/nginx/nginx.conf" and setting

server {
    server_name  localhost mydomain.tld www.mydomain.tld;

and restarting nginx: sudo systemctl restart nginx && sudo nginx -t

After previous command, web browser shows: "Welcome to nginx!" not SOGS index. I have later solved this by messing with the nginx files :-/

So here i am wondering if sogs installation can somehow deal with nginx other way so admin does not have to face the certbot issue.

I was also missing instruction on how to uninstall sogs including all configs.
https://github.com/oxen-io/session-pysogs/blob/dev/install-debs.md
https://github.com/oxen-io/session-pysogs/blob/dev/install-uwsgi.md

I did the same for nginx:
sudo apt purge nginx;sudo apt install nginx;sudo apt-get -o DPkg::options::=--force-confmiss --reinstall install nginx-common
Before i attempt to "sudo apt install sogs-proxied" (this time it ended with no prompts despite i have apt remove the package before install and removed also /var/lib/session-open-group-server , /etc/sogs/sogs.ini

Ideas how to cleanup the nginx/sogs installation and make it working with nginx and certbot are needed. I am not using nginx for anything else beside sogs.

I noticed we're missing a new API method for setting the room image.

This should be very easy to wire up: I think it just needs to accept an image_id field in the PUT /room/TOKEN endpoint and call room.image = id if it's set.

We have an updated python3-nacl packaged in our repo, but the deb is just depending on python3-nacl, not >= 1.4.0, and so you can upgrade sogs by itself and not have the updated nacl module installed.

Need an endpoint to delete a post. Should only be invokable by the owner (if they still have write permission in the room), or a moderator.

i'm using sogs proxy and i cannot seem to get a server running a .onion domain to work. the website lists the room directory, but when i click on a room it shows a blank page. if i get the url to join manually and enter it into session, it says "Couldn't join group".

is it possible to do this? using nginx with the default sogs proxy setup.

--users would be nice to have in combination with --rooms to list the Session ids of users in the given rooms.

I realize this isn't a high priority, but if at some point you can either make it clear how to install to other variants and operating systems, or support installing through a common tool, such as pip, that would be fantastic.

Currently deleting a room with at least some active users and/or posts fails with a foreign key constraint violation.

This makes me suspect one or more of the foreign keys are not declared ON DELETE CASCADE.

We're missing an implementation of the delete-all-a-users-posts endpoint, /user/{sessionId}/deleteMessages (which should have the option to either delete from specific rooms, or from all rooms where the caller is a moderator -- very similarly to how /user/{sessionId}/ban works now).

I suspect that the profanity filtering does not support longer phrases like:
privacy?public_key=118df8c6c471ac0468c7c77e1cdc12f24a139ee8a07c6e3bf4e7855640dad821
or
aaaaaaaaaaadaaaaaaa118df8c6c471ac0468c7c77e1cdc12f24a139ee8a07c6e3bf4e7855640dad821

When i add it and ran "sudo systemctl restart sogs"

Job for sogs-proxied.service failed.
See "systemctl status sogs-proxied.service" and "journalctl -xe" for details.

$ sogs --version
PySOGS 0.3.5

I am on Linux Debian 11, .deb package

Can you reproduce it and fix it please?

I want to use this program to create a group and push messages from other channels to the group at the same time. My code is here: https://github.com/liqsliu/session-pysogs/blob/7efa148dae9f9643a6da04e7e36989a6b0112ca5/sogs/mule.py#L99
At present, I can't see the messages I send with it in the Android client, but I can see it in the web browser.

Hello, in sogs-proxied 0.3.5 on Debian 11 (apt package) with nginx "tail /var/log/nginx/error.log" shows many:

22:31:57 [error] redacted: *545 open() "/var/www/html/oxen/v4/lsrpc" failed (2: No such file or directory), client: redacted, server: 127.0.0.1, request: "POST /oxen/v4/lsrpc HTTP/1.1", host: "redacted"
22:31:58 [error] redacted: *548 open() "/var/www/html/oxen/v4/lsrpc" failed (2: No such file or directory), client: redacted, server: 127.0.0.1, request: "POST /oxen/v4/lsrpc HTTP/1.1", host: "redacted"
22:31:58 [error] redacted: *549 open() "/var/www/html/oxen/v4/lsrpc" failed (2: No such file or directory), client: redacted, server: 127.0.0.1, request: "POST /oxen/v4/lsrpc HTTP/1.1", host: "redacted"

I am unable to find any directory/file like that:
find / -name lsrpc;find / -name oxen|grep v4

My nginx.conf is here.

Which command to run, what to modify to prevent this please?