| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Signed-off-by: Xe Iaso <me@xeiaso.net>
|
|
* refactor(logging): centralize logger creation in GetLogger function
Signed-off-by: Jason Cameron <git@jasoncameron.dev>
* refactor(logging): rename GetLogger to GetRequestLogger for clarity
Signed-off-by: Jason Cameron <git@jasoncameron.dev>
* refactor: streamline error handling and response methods
Signed-off-by: Jason Cameron <git@jasoncameron.dev>
* refactor(lib): Split anubis.go up into some smaller specialized methods
Signed-off-by: Jason Cameron <git@jasoncameron.dev>
* refactor(http): simplify error response handling by using respondWithStatus
Signed-off-by: Jason Cameron <git@jasoncameron.dev>
* chore(lib): run goimports
Signed-off-by: Xe Iaso <me@xeiaso.net>
---------
Signed-off-by: Jason Cameron <git@jasoncameron.dev>
Signed-off-by: Xe Iaso <me@xeiaso.net>
Co-authored-by: Xe Iaso <me@xeiaso.net>
|
|
|
|
Signed-off-by: Xe Iaso <me@xeiaso.net>
|
|
Signed-off-by: p0008874 <75534590+p0008874@users.noreply.github.com>
|
|
Signed-off-by: Xe Iaso <me@xeiaso.net>
|
|
Closes #372
Fun YAML fact of the day:
What is the difference between how these two expressions are parsed?
```yaml
foo: >
bar
```
```yaml
foo: >-
bar
```
They are invisible in yaml, but when you evaluate them to JSON the
difference is obvious:
```json
{
"foo": "bar\n"
}
```
```json
{
"foo": "bar"
}
```
User-Agent strings, URL path values, and HTTP headers _do_ end in
newlines in HTTP/1.1 wire form, but that newline is usually stripped
before the server actually handles it. Also HTTP/2 is a thing and does
not terminate header values with newlines.
This change makes Anubis more aggressively detect mistaken uses of the
yaml `>` operator and nudges the user into using the yaml `>-` operator
which does not append the trailing newline.
I had honestly forgotten about this YAML behavior because it wasn't
relevant for so long. Oops! Glad I released a beta.
Whenever you get into this state, Anubis will throw a config parsing
error and then give you a message hinting at the folly of your ways.
```
config.Bot: regular expression ends with newline (try >- instead of > in yaml)
```
Big thanks to https://yaml-multiline.info, this helped me realize my
folly instantly.
@aiverson, this is official permission to say "told you so".
Signed-off-by: Xe Iaso <me@xeiaso.net>
|
|
Previously Anubis would aggressively make sure that the client cookie
matched exactly what it should. This has turned out to be too paranoid
in practice and has caused problems with Happy Eyeballs et. al.
This is a potential fix to #303 and #289.
|
|
* fix: rename variable for preventing collision in ED25519 private key handling
Signed-off-by: Jason Cameron <git@jasoncameron.dev>
* fix: remove unused import and debug print in xess.go
Signed-off-by: Jason Cameron <git@jasoncameron.dev>
* feat: introduce base path configuration for Anubis endpoints
Closes: #231
Signed-off-by: Jason Cameron <git@jasoncameron.dev>
* hack(internal/test): skip these tests for now
Signed-off-by: Xe Iaso <me@xeiaso.net>
* fix(yeet): unbreak package builds
Signed-off-by: Xe Iaso <me@xeiaso.net>
---------
Signed-off-by: Jason Cameron <git@jasoncameron.dev>
Signed-off-by: Xe Iaso <me@xeiaso.net>
Co-authored-by: Xe Iaso <me@xeiaso.net>
|
|
* Add check endpoint which can be used with nginx' auth_request function
* feat(cmd): allow configuring redirect domains
* test: add test environment for the nginx_auth PR
This is a full local setup of the nginx_auth PR including HTTPS so that
it's easier to validate in isolation.
This requires an install of k3s (https://k3s.io) with traefik set to
listen on localhost. This will be amended in the future but for now this
works enough to ship it.
Signed-off-by: Xe Iaso <me@xeiaso.net>
* fix(cmd|lib): allow empty redirect domains variable
Signed-off-by: Xe Iaso <me@xeiaso.net>
* fix(test): add space to target variable in anubis container
Signed-off-by: Xe Iaso <me@xeiaso.net>
* docs(admin): rewrite subrequest auth docs, make generic
* docs(install): document REDIRECT_DOMAINS flag
Signed-off-by: Xe Iaso <me@xeiaso.net>
* feat(lib): clamp redirects to the same HTTP host
Only if REDIRECT_DOMAINS is not set.
Signed-off-by: Xe Iaso <me@xeiaso.net>
---------
Signed-off-by: Xe Iaso <me@xeiaso.net>
Co-authored-by: Xe Iaso <me@xeiaso.net>
|
|
Closes #310
Signed-off-by: Xe Iaso <me@xeiaso.net>
|
|
- Fix wording and typos in the`traefix.mdx` file
- Add rendering fix for the NOTE due to syntax
|
|
* feat: more elaborate XFF compute
#328 followup
now featuring configuration and
defaults that shouldn't break most
setups.
fixes #344
* refactor: obvious condition eval order optimization
* feat: add StripLLU implementation
* chore: I'm sorry it's 7 AM
* test: add test environment for unix socket serving
Signed-off-by: Xe Iaso <me@xeiaso.net>
* test(unix-socket-xff): comment out the shell script more
Signed-off-by: Xe Iaso <me@xeiaso.net>
* fix(internal): fix logic bug in XFF computation, add tests
Signed-off-by: Xe Iaso <me@xeiaso.net>
* fix(internal): prevent panic in local testing
Signed-off-by: Xe Iaso <me@xeiaso.net>
* fix(internal): shuffle around return values to flow better
Signed-off-by: Xe Iaso <me@xeiaso.net>
---------
Signed-off-by: Xe Iaso <me@xeiaso.net>
Co-authored-by: Xe Iaso <me@xeiaso.net>
|
|
Signed-off-by: Xe Iaso <me@xeiaso.net>
|
|
Signed-off-by: Xe Iaso <me@xeiaso.net>
|
|
Closes #340
Signed-off-by: Xe Iaso <me@xeiaso.net>
|
|
It would seem the file was originally edited for 2-space indentation but accidentally used tabs instead of actual spaces.
Signed-off-by: Diego E <diegoe@gnome.org>
|
|
|
|
|
|
* update mojeekbot UA regex
* add fix into changelog
* hack: empty commit to unbreak CI
Signed-off-by: Xe Iaso <me@xeiaso.net>
---------
Signed-off-by: Xe Iaso <me@xeiaso.net>
Co-authored-by: Xe Iaso <me@xeiaso.net>
|
|
Signed-off-by: luzpaz <luzpaz@users.noreply.github.com>
|
|
Otherwise, `r.URL.Path` was always `/.within.website/x/cmd/anubis/api/pass-challenge`
and this didn't match the path checker rules correctly,
which caused a failure when the difficulty of these rules was non-default.
|
|
|
|
Signed-off-by: Xe Iaso <me@xeiaso.net>
|
|
Bumps [estree-util-value-to-estree](https://github.com/remcohaszing/estree-util-value-to-estree) from 3.3.2 to 3.3.3.
- [Release notes](https://github.com/remcohaszing/estree-util-value-to-estree/releases)
- [Commits](https://github.com/remcohaszing/estree-util-value-to-estree/compare/v3.3.2...v3.3.3)
---
updated-dependencies:
- dependency-name: estree-util-value-to-estree
dependency-version: 3.3.3
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
|
|
Bumps [http-proxy-middleware](https://github.com/chimurai/http-proxy-middleware) from 2.0.7 to 2.0.9.
- [Release notes](https://github.com/chimurai/http-proxy-middleware/releases)
- [Changelog](https://github.com/chimurai/http-proxy-middleware/blob/v2.0.9/CHANGELOG.md)
- [Commits](https://github.com/chimurai/http-proxy-middleware/compare/v2.0.7...v2.0.9)
---
updated-dependencies:
- dependency-name: http-proxy-middleware
dependency-version: 2.0.9
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
|
|
* feat(config): support importing bot policy snippets
This changes the grammar of the Anubis bot policy config to allow
importing from internal shared rules or external rules on the
filesystem.
This lets you create a file at `/data/policies/block-evilbot.yaml` and
then import it with:
```yaml
bots:
- import: /data/policies/block-evilbot.yaml
```
This also explodes the default policy file into a bunch of composable
snippets.
Thank you @Aibrew for your example gitea Atom / RSS feed rules!
Signed-off-by: Xe Iaso <me@xeiaso.net>
* fix(data): update botPolicies.json to use imports
Signed-off-by: Xe Iaso <me@xeiaso.net>
* fix(cmd/anubis): extract bot policies with --extract-resources
This allows a user that doesn't have anything but the Anubis binary to
figure out what the default configuration does.
* docs(data/botPolices.yaml): document import syntax in-line
Signed-off-by: Xe Iaso <me@xeiaso.net>
* fix(lib/policy): better test importing from JSON snippets
Signed-off-by: Xe Iaso <me@xeiaso.net>
* docs(admin): Add import syntax documentation
This documents the import syntax and is based on the block comment at
the top of the default bot policy file.
* docs(changelog): add note about importing snippets
Signed-off-by: Xe Iaso <me@xeiaso.net>
* style(lib/policy/config): use an error value instead of an inline error
Signed-off-by: Xe Iaso <me@xeiaso.net>
---------
Signed-off-by: Xe Iaso <me@xeiaso.net>
|
|
* feat(cmd/anubis): compute full XFF header
this one is pretty important to not pass
through blindly, as many applications and
frameworks will trust them
* feat(cmd/anubis): skip XFF compute if remote address is loopback
* docs: update CHANGELOG
|
|
Closes #333
I'm very bad at design so I just picked colors that looked reasonable
enough to me. Hopefully this will be enough to get us to the next stage!
Signed-off-by: Xe Iaso <me@xeiaso.net>
|
|
* fix: improve error handling for resource closing and JSON encoding in MakeChallenge
* chore: update CHANGELOG with recent changes and improvements
* refactor: simplify RenderIndex function and improve error handling
---------
Signed-off-by: Jason Cameron <git@jasoncameron.dev>
|
|
Signed-off-by: Xe Iaso <me@xeiaso.net>
|
|
Signed-off-by: Xe Iaso <me@xeiaso.net>
|
|
Signed-off-by: Xe Iaso <me@xeiaso.net>
|
|
This makes each check into its own type that has encapsulated check
logic, meaning that it's easier to add new checker implementations in
the future.
Signed-off-by: Xe Iaso <me@xeiaso.net>
|
|
Signed-off-by: Xe Iaso <me@xeiaso.net>
|
|
Signed-off-by: Xe Iaso <me@xeiaso.net>
|
|
Bumps the github-actions group with 1 update: [astral-sh/setup-uv](https://github.com/astral-sh/setup-uv).
Updates `astral-sh/setup-uv` from 5.4.1 to 5.4.2
- [Release notes](https://github.com/astral-sh/setup-uv/releases)
- [Commits](https://github.com/astral-sh/setup-uv/compare/0c5e2b8115b80b4c7c5ddf6ffdd634974642d182...d4b2f3b6ecc6e67c4457f6d3e41ec42d3d0fcb86)
---
updated-dependencies:
- dependency-name: astral-sh/setup-uv
dependency-version: 5.4.2
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: github-actions
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
|
|
Signed-off-by: Jason Cameron <git@jasoncameron.dev>
|
|
* lib: move config to yaml
Signed-off-by: Xe Iaso <me@xeiaso.net>
* web: run go generate
Signed-off-by: Xe Iaso <me@xeiaso.net>
* Add Haiku to known instances (#304)
Signed-off-by: Asmodeus <46908100+AsmodeumX@users.noreply.github.com>
* Add headers bot rule (#300)
* Closes #291: add headers support to bot policy rules
* Fix config validator
* update docs for JSON -> YAML
Signed-off-by: Xe Iaso <me@xeiaso.net>
* docs: document http header based actions
Signed-off-by: Xe Iaso <me@xeiaso.net>
* lib: add missing test
Signed-off-by: Xe Iaso <me@xeiaso.net>
* Apply suggestions from code review
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Signed-off-by: Xe Iaso <me@xeiaso.net>
---------
Signed-off-by: Xe Iaso <me@xeiaso.net>
Signed-off-by: Asmodeus <46908100+AsmodeumX@users.noreply.github.com>
Co-authored-by: Asmodeus <46908100+AsmodeumX@users.noreply.github.com>
Co-authored-by: Neur0toxine <pashok9825@gmail.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
|
|
* feat(docs): added info on how to configure traefik
* docs/admin/config/traefik: typo fixes
Signed-off-by: Xe Iaso <me@xeiaso.net>
---------
Signed-off-by: Xe Iaso <me@xeiaso.net>
Co-authored-by: Xe Iaso <me@xeiaso.net>
|
|
Signed-off-by: Xe Iaso <me@xeiaso.net>
|
|
* Update CHANGELOG.md
Signed-off-by: Thinkseal <132022649+Thinkseal@users.noreply.github.com>
* Update known-instances.md to add git.lupancham.net
Signed-off-by: Thinkseal <132022649+Thinkseal@users.noreply.github.com>
---------
Signed-off-by: Thinkseal <132022649+Thinkseal@users.noreply.github.com>
Signed-off-by: Xe Iaso <me@xeiaso.net>
Co-authored-by: Xe Iaso <me@xeiaso.net>
|
|
* Closes #291: add headers support to bot policy rules
* Fix config validator
|
|
Signed-off-by: Asmodeus <46908100+AsmodeumX@users.noreply.github.com>
|
|
easier
Signed-off-by: Xe Iaso <me@xeiaso.net>
|
|
Signed-off-by: Xe Iaso <me@xeiaso.net>
|
|
Signed-off-by: Xe Iaso <me@xeiaso.net>
|
|
* fix(xess): suppress Go inspection warning for boolean expressions
Signed-off-by: Jason Cameron <git@jasoncameron.dev>
* feat: use outline shorthand
Signed-off-by: Jason Cameron <git@jasoncameron.dev>
---------
Signed-off-by: Jason Cameron <git@jasoncameron.dev>
|
|
Signed-off-by: Xe Iaso <me@xeiaso.net>
|
|
* docs/admin/installation: Apache documentation
Closes #277
This adds step by step documentation for setting up Anubis in Apache.
* docs/admin/installation: add selinux troubleshooting
Signed-off-by: Xe Iaso <me@xeiaso.net>
---------
Signed-off-by: Xe Iaso <me@xeiaso.net>
|
