Access token cache
The media repo verifies who is uploading a piece of media by calling the
on the homeserver over the client-server API. This can cause significant load on the homeserver if
The full configuration for the access token cache is:
accessTokens: maxCacheTimeSeconds: 0 useLocalAppserviceConfig: false appservices: - id: Name_of_appservice_for_your_reference asToken: Secret_token_for_appservices_to_use senderUserId: "@_example_bridge:yourdomain.com" userNamespaces: - regex: "@_example_bridge_.+:yourdomain.com"
The access token cache is disabled by default, however if enabled it is strongly recommended to
/logout/all endpoints through to the media repo. They'll be proxied through
to the homeserver and update the cache internally. Without this, a smaller
recommended. If the endpoints are being proxied, a
43200 (12 hours) will
be suitable for most applications.
To enable the access token cache, set
maxCacheTimeSeconds to a non-zero value.
Application services (bridges, normally) can be made even more efficient for the media repo by
registering some minimal information with the media repo. When
the media repo will accept requests which would be valid under the
appservices list without
verifying with the homeserver, leading to fewer requests though increasing the risk of media being
uploaded for users which do not exist. It's important to only use this option with a trustworthy
bridge/appservice as otherwise the media repo could become an abuse vector.
Each appservice has an
id which is only used for your reference in the logs/API - this can be
set to anything that makes sense to you, such as
discord for the respective bridges.
asToken should be copied directly from the appservice's registration. The
a combination of the
sender_localpart from the registration and the homeserver's domain name. The
media repo only needs to know about the
user namespaces, and only the regular expressions contained
Note: If the appservice generated a user namespace for
@_example.* (ie: no domain restriction)
then it is important to add one. For example:
@_example.+:homeserver.example.org. Without a domain
restriction in the regular expression anyone who matches the prefix could upload media from any
homeserver if they had the right
Note: If using the appservice feature, it's strongly recommended to only configure the
appservices in per-domain configs to ensure that appservices for one homeserver are not configured
for all homeservers.