diff options
| author | Xe Iaso <me@xeiaso.net> | 2025-03-17 01:25:18 -0400 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2025-03-17 01:25:18 -0400 |
| commit | 2859f037cdf0cfd7314768152a2a5ad0ec8cd638 (patch) | |
| tree | 7031b50ed6509b9ce22ff8de7628d2771da33237 /cmd/anubis/main.go | |
| parent | c3f5f1f5463bb8c48dc341e31957a54527f299e9 (diff) | |
| download | x-2859f037cdf0cfd7314768152a2a5ad0ec8cd638.tar.xz x-2859f037cdf0cfd7314768152a2a5ad0ec8cd638.zip | |
cmd/anubis: add rule hashes for admin-configured denials (#696)
* cmd/anubis: add rule hashes for admin-configured denials
Closes #695
Signed-off-by: Xe Iaso <me@xeiaso.net>
* cmd/anubis: remove theoretical nil pointer deference panic
This won't actually happen in real life, but the code paths might change so we should be somewhat defensive.
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
---------
Signed-off-by: Xe Iaso <me@xeiaso.net>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Diffstat (limited to 'cmd/anubis/main.go')
| -rw-r--r-- | cmd/anubis/main.go | 31 |
1 files changed, 29 insertions, 2 deletions
diff --git a/cmd/anubis/main.go b/cmd/anubis/main.go index 69be826..de0a592 100644 --- a/cmd/anubis/main.go +++ b/cmd/anubis/main.go @@ -114,6 +114,21 @@ func main() { log.Fatal(err) } + fmt.Println("Rule error IDs:") + for _, rule := range s.policy.Bots { + if rule.Action != config.RuleDeny { + continue + } + + hash, err := rule.Hash() + if err != nil { + log.Fatalf("can't calculate checksum of rule %s: %v", rule.Name, err) + } + + fmt.Printf("* %s: %s\n", rule.Name, hash) + } + fmt.Println() + mux := http.NewServeMux() xess.Mount(mux) @@ -229,7 +244,7 @@ type Server struct { } func (s *Server) maybeReverseProxy(w http.ResponseWriter, r *http.Request) { - cr := s.check(r) + cr, rule := s.check(r) r.Header.Add("X-Anubis-Rule", cr.Name) r.Header.Add("X-Anubis-Action", string(cr.Rule)) lg := slog.With( @@ -272,7 +287,19 @@ func (s *Server) maybeReverseProxy(w http.ResponseWriter, r *http.Request) { case config.RuleDeny: clearCookie(w) lg.Info("explicit deny") - templ.Handler(base("Oh noes!", errorPage("Access Denied")), templ.WithStatus(http.StatusOK)).ServeHTTP(w, r) + if rule == nil { + lg.Error("rule is nil, cannot calculate checksum") + templ.Handler(base("Oh noes!", errorPage("Other internal server error (contact the admin)")), templ.WithStatus(http.StatusInternalServerError)).ServeHTTP(w, r) + return + } + hash, err := rule.Hash() + if err != nil { + lg.Error("can't calculate checksum of rule", "err", err) + templ.Handler(base("Oh noes!", errorPage("Other internal server error (contact the admin)")), templ.WithStatus(http.StatusInternalServerError)).ServeHTTP(w, r) + return + } + lg.Debug("rule hash", "hash", hash) + templ.Handler(base("Oh noes!", errorPage(fmt.Sprintf("Access Denied: error code %s", hash))), templ.WithStatus(http.StatusOK)).ServeHTTP(w, r) return case config.RuleChallenge: lg.Debug("challenge requested") |