|  7b8ab047ed Expand on the development state of cross-signing in the labs docs. Fixes https://github.com/vector-im/riot-web/issues/11492 | ||
|---|---|---|
| .buildkite | ||
| .github | ||
| docs | ||
| electron_app | ||
| origin_migrator | ||
| res | ||
| riot.im | ||
| scripts | ||
| src | ||
| test | ||
| .babelrc | ||
| .dockerignore | ||
| .editorconfig | ||
| .eslintignore | ||
| .eslintrc.js | ||
| .gitignore | ||
| .modernizr.json | ||
| .npmignore | ||
| AUTHORS.rst | ||
| CHANGELOG.md | ||
| CONTRIBUTING.rst | ||
| Dockerfile | ||
| LICENSE | ||
| README.md | ||
| config.sample.json | ||
| karma.conf.js | ||
| package.json | ||
| postcss.config.js | ||
| release.sh | ||
| release_config.yaml | ||
| webpack.config.js | ||
| yarn.lock | ||
		
			
				
				README.md
			
		
		
			
			
		
	
	Riot
Riot (formerly known as Vector) is a Matrix web client built using the Matrix React SDK.
Riot is officially supported on the web in modern versions of Chrome, Firefox, and Safari. Other browsers may work, however official support is not provided. For accessing Riot on an Android or iOS device, check out riot-android and riot-ios - riot-web does not support mobile devices.
Getting Started
The easiest way to test Riot is to just use the hosted copy at https://riot.im/app.
The develop branch is continuously deployed by Jenkins at https://riot.im/develop
for those who like living dangerously.
To host your own copy of Riot, the quickest bet is to use a pre-built released version of Riot:
- Download the latest version from https://github.com/vector-im/riot-web/releases
- Untar the tarball on your web server
- Move (or symlink) the riot-x.x.xdirectory to an appropriate name
- Configure the correct caching headers in your webserver (see below)
- If desired, copy config.sample.jsontoconfig.jsonand edit it as desired. See the configuration docs for details.
- Enter the URL into your browser and log into Riot!
Releases are signed using gpg and the OpenPGP standard, and can be checked against the public key located at https://packages.riot.im/riot-release-key.asc.
Note that for the security of your chats will need to serve Riot over HTTPS. Major browsers also do not allow you to use VoIP/video chats over HTTP, as WebRTC is only usable over HTTPS. There are some exceptions like when using localhost, which is considered a secure context and thus allowed.
To install Riot as a desktop application, see Running as a desktop app below.
Important Security Note
We do not recommend running Riot from the same domain name as your Matrix homeserver. The reason is the risk of XSS (cross-site-scripting) vulnerabilities that could occur if someone caused Riot to load and render malicious user generated content from a Matrix API which then had trusted access to Riot (or other apps) due to sharing the same domain.
We have put some coarse mitigations into place to try to protect against this situation, but it's still not good practice to do it in the first place. See https://github.com/vector-im/riot-web/issues/1977 for more details.
The same applies for end-to-end encrypted content, but since this is decrypted on the client, Riot needs a way to supply the decrypted content from a separate origin to the one Riot is hosted on. This currently done with a 'cross origin renderer' which is a small piece of javascript hosted on a different domain. To avoid all Riot installs needing one of these to be set up, riot.im hosts one on usercontent.riot.im which is used by default. https://github.com/vector-im/riot-web/issues/6173 tracks progress on replacing this with something better.
Building From Source
Riot is a modular webapp built with modern ES6 and uses a Node.js build system. Ensure you have the latest LTS version of Node.js installed.
Using yarn instead of npm is recommended. Please see the Yarn install
guide if you do not have it already.
- Install or update node.jsso that yournodeis at least v10.x.
- Install yarnif not present already.
- Clone the repo: git clone https://github.com/vector-im/riot-web.git.
- Switch to the riot-web directory: cd riot-web.
- Install the prerequisites: yarn install.- If you're using the developbranch, then it is recommended to set up a proper development environment (see Setting up a dev environment below). Alternatively, you can use https://riot.im/develop - the continuous integration release of the develop branch.
 
- If you're using the 
- Configure the app by copying config.sample.jsontoconfig.jsonand modifying it. See the configuration docs for details.
- yarn distto build a tarball to deploy. Untaring this file will give a version-specific directory containing all the files that need to go on your web server.
Note that yarn dist is not supported on Windows, so Windows users can run yarn build,
which will build all the necessary files into the webapp directory. The version of Riot
will not appear in Settings without using the dist script. You can then mount the
webapp directory on your webserver to actually serve up the app, which is entirely static content.
Running as a Desktop app
Riot can also be run as a desktop app, wrapped in Electron. You can download a pre-built version from https://riot.im/download/desktop/ or, if you prefer, build it yourself.
To build it yourself, follow the instructions below.
- 
Follow the instructions in 'Building From Source' above, but run yarn buildinstead ofyarn dist(since we don't need the tarball).
- 
Install Electron and run it: yarn electron
To build packages, use electron-builder. This is configured to output:
- dmg+- zipfor macOS
- exe+- nupkgfor Windows
- debfor Linux But this can be customised by editing the- buildsection of package.json as per https://github.com/electron-userland/electron-builder/wiki/Options
See https://github.com/electron-userland/electron-builder/wiki/Multi-Platform-Build for dependencies required for building packages for various platforms.
The only platform that can build packages for all three platforms is macOS:
brew install mono
yarn install
yarn build:electron
For other packages, use electron-builder manually. For example, to build a
package for 64 bit Linux:
- Follow the instructions in 'Building From Source' above
- node_modules/.bin/build -l --x64
All Electron packages go into electron_app/dist/
Many thanks to @aviraldg for the initial work on the Electron integration.
Other options for running as a desktop app:
- @asdf:matrix.org points out that you can use nativefier and it just works(tm)
yarn global add nativefier
nativefier https://riot.im/app/
The configuration docs show how to override the desktop app's default settings if desired.
Running from Docker
The Docker image can be used to serve riot-web as a web server. The easiest way to use it is to use the prebuilt image:
docker run -p 80:80 vectorim/riot-web
To supply your own custom config.json, map a volume to /app/config.json. For example,
if your custom config was located at /etc/riot-web/config.json then your Docker command
would be:
docker run -p 80:80 -v /etc/riot-web/config.json:/app/config.json vectorim/riot-web
To build the image yourself:
git clone https://github.com/vector-im/riot-web.git riot-web
cd riot-web
git checkout master
docker build -t vectorim/riot-web .
If you're building a custom branch, or want to use the develop branch, check out the appropriate riot-web branch and then run:
docker build -t vectorim/riot-web:develop \
    --build-arg USE_CUSTOM_SDKS=true \
    --build-arg REACT_SDK_REPO="https://github.com/matrix-org/matrix-react-sdk.git" \
    --build-arg REACT_SDK_BRANCH="develop" \
    --build-arg JS_SDK_REPO="https://github.com/matrix-org/matrix-js-sdk.git" \
    --build-arg JS_SDK_BRANCH="develop" \
    .
config.json
Riot supports a variety of settings to configure default servers, behaviour, themes, etc. See the configuration docs for more details.
Labs Features
Some features of Riot may be enabled by flags in the Labs section of the settings.
Some of these features are described in labs.md.
Caching requirements
Riot requires the following URLs not to be cached, when/if you are serving Riot from your own webserver:
/config.*.json
/i18n
/home
/sites
/index.html
Development
Before attempting to develop on Riot you must read the developer guide
for matrix-react-sdk, which
also defines the design, architecture and style for Riot too.
You should also familiarise yourself with the "Here be Dragons" guide to the tame & not-so-tame dragons (gotchas) which exist in the codebase.
The idea of Riot is to be a relatively lightweight "skin" of customisations on
top of the underlying matrix-react-sdk. matrix-react-sdk provides both the
higher and lower level React components useful for building Matrix communication
apps using React.
After creating a new component you must run yarn reskindex to regenerate
the component-index.js for the app (used in future for skinning).
Please note that Riot is intended to run correctly without access to the public internet. So please don't depend on resources (JS libs, CSS, images, fonts) hosted by external CDNs or servers but instead please package all dependencies into Riot itself.
Setting up a dev environment
Much of the functionality in Riot is actually in the matrix-react-sdk and
matrix-js-sdk modules. It is possible to set these up in a way that makes it
easy to track the develop branches in git and to make local changes without
having to manually rebuild each time.
First clone and build matrix-js-sdk:
git clone https://github.com/matrix-org/matrix-js-sdk.git
pushd matrix-js-sdk
git checkout develop
yarn link
yarn install
popd
Then similarly with matrix-react-sdk:
git clone https://github.com/matrix-org/matrix-react-sdk.git
pushd matrix-react-sdk
git checkout develop
yarn link
yarn link matrix-js-sdk
yarn install
popd
Finally, build and start Riot itself:
git clone https://github.com/vector-im/riot-web.git
cd riot-web
git checkout develop
yarn link matrix-js-sdk
yarn link matrix-react-sdk
yarn install
yarn start
Wait a few seconds for the initial build to finish; you should see something like:
Hash: b0af76309dd56d7275c8
Version: webpack 1.12.14
Time: 14533ms
         Asset     Size  Chunks             Chunk Names
     bundle.js   4.2 MB       0  [emitted]  main
    bundle.css  91.5 kB       0  [emitted]  main
 bundle.js.map  5.29 MB       0  [emitted]  main
bundle.css.map   116 kB       0  [emitted]  main
    + 1013 hidden modules
Remember, the command will not terminate since it runs the web server and rebuilds source files when they change. This development server also disables caching, so do NOT use it in production.
Configure the app by copying config.sample.json to config.json and
modifying it. See the configuration docs for details.
Open http://127.0.0.1:8080/ in your browser to see your newly built Riot.
When you make changes to matrix-react-sdk or matrix-js-sdk they should be
automatically picked up by webpack and built.
If you add or remove any components from the Riot skin, you will need to rebuild
the skin's index by running, yarn reskindex.
If any of these steps error with, file table overflow, you are probably on a mac
which has a very low limit on max open files. Run ulimit -Sn 1024 and try again.
You'll need to do this in each new terminal you open before building Riot.
Running the tests
There are a number of application-level tests in the tests directory; these
are designed to run in a browser instance under the control of
karma. To run them:
- Make sure you have Chrome installed (a recent version, like 59)
- Make sure you have matrix-js-sdkandmatrix-react-sdkinstalled and built, as above
- yarn test
The above will run the tests under Chrome in a headless mode.
You can also tell karma to run the tests in a loop (every time the source
changes), in an instance of Chrome on your desktop, with yarn test-multi. This also gives you the option of running the tests in 'debug'
mode, which is useful for stepping through the tests in the developer tools.
End-to-End tests
See matrix-react-sdk how to run the end-to-end tests.
Translations
To add a new translation, head to the translating doc.
For a developer guide, see the translating dev doc.
Triaging issues
Issues will be triaged by the core team using the below set of tags.
Tags are meant to be used in combination - e.g.:
- P1 critical bug == really urgent stuff that should be next in the bugfixing todo list
- "release blocker" == stuff which is blocking us from cutting the next release.
- P1 feature type:voip == what VoIP features should we be working on next?
priority: compulsory
- P1: top priority - i.e. pool of stuff which we should be working on next
- P2: still need to fix, but lower than P1
- P3: non-urgent
- P4: interesting idea - bluesky some day
- P5: recorded for posterity/to avoid duplicates. No intention to resolves right now.
bug or feature: compulsory
- bug
- feature
bug severity: compulsory, if bug
- critical - whole app doesn't work
- major - entire feature doesn't work
- minor - partially broken feature (but still usable)
- cosmetic - feature works functionally but UI/UX is broken
types
- type:* - refers to a particular part of the app; used to filter bugs on a given topic - e.g. VOIP, signup, timeline, etc.
additional categories (self-explanatory):
- release blocker
- ui/ux (think of this as cosmetic)
- network (specific to network conditions)
- platform specific
- accessibility
- maintenance
- performance
- i18n
- blocked - whether this issue currently can't be progressed due to outside factors
community engagement
- easy
- hacktoberfest
- bounty? - proposal to be included in a bounty programme
- bounty - included in Status Open Bounty