Access token cache

The media repo verifies who is uploading a piece of media by calling the /account/whoami endpoint on the homeserver over the client-server API. This can cause significant load on the homeserver if not cached.

The full configuration for the access token cache is:

accessTokens:
  maxCacheTimeSeconds: 0
  useLocalAppserviceConfig: false
  appservices:
    - id: Name_of_appservice_for_your_reference
      asToken: Secret_token_for_appservices_to_use
      senderUserId: "@_example_bridge:yourdomain.com"
      userNamespaces:
        - regex: "@_example_bridge_.+:yourdomain.com"

The access token cache is disabled by default, however if enabled it is strongly recommended to proxy the /logout and /logout/all endpoints through to the media repo. They'll be proxied through to the homeserver and update the cache internally. Without this, a smaller maxCacheTimeSeconds is recommended. If the endpoints are being proxied, a maxCacheTimeSeconds of 43200 (12 hours) will be suitable for most applications.

To enable the access token cache, set maxCacheTimeSeconds to a non-zero value.

Application services (bridges, normally) can be made even more efficient for the media repo by registering some minimal information with the media repo. When useLocalAppserviceConfig is true, the media repo will accept requests which would be valid under the appservices list without verifying with the homeserver, leading to fewer requests though increasing the risk of media being uploaded for users which do not exist. It's important to only use this option with a trustworthy bridge/appservice as otherwise the media repo could become an abuse vector.

Each appservice has an id which is only used for your reference in the logs/API - this can be set to anything that makes sense to you, such as telegram or discord for the respective bridges. The asToken should be copied directly from the appservice's registration. The senderUserId is a combination of the sender_localpart from the registration and the homeserver's domain name. The media repo only needs to know about the user namespaces, and only the regular expressions contained within.

Note: If the appservice generated a user namespace for @_example.* (ie: no domain restriction) then it is important to add one. For example: @_example.+:homeserver.example.org. Without a domain restriction in the regular expression anyone who matches the prefix could upload media from any homeserver if they had the right asToken.

Note: If using the appservice feature, it's strongly recommended to only configure the appservices in per-domain configs to ensure that appservices for one homeserver are not configured for all homeservers.