cmd/anubis: serveral improvements

* Make sha256 function less bad (thanks @allypost!)
* Link to git.xeserv.us in README
* actually start metrics server in the background

3 files changed, 15 insertions, 12 deletions

diff --git a/cmd/anubis/README.md b/cmd/anubis/README.md
index b064524..81cb615 100644
--- a/cmd/anubis/README.md
+++ b/cmd/anubis/README.md
@@ -18,6 +18,8 @@ This is a bit of a nuclear response, but AI scraper bots scraping so aggressivel
 
 In most cases, you should not need this and can probably get by using Cloudflare to protect a given origin. However, for circumstances where you can't or won't use Cloudflare, Anubis is there for you.
 
+If you want to try this out, connect to [git.xeserv.us](https://git.xeserv.us).
+
 ## Support
 
 If you run into any issues running Anubis, please [open an issue](https://github.com/Xe/x/issues/new?template=Blank+issue) and tag it with the Anubis tag. Please include all the information I would need to diagnose your issue.
diff --git a/cmd/anubis/main.go b/cmd/anubis/main.go
index da4571c..89910f0 100644
--- a/cmd/anubis/main.go
+++ b/cmd/anubis/main.go
@@ -168,22 +168,27 @@ type Server struct {
 func (s *Server) maybeReverseProxy(w http.ResponseWriter, r *http.Request) {
 	switch {
 	case !strings.Contains(r.UserAgent(), "Mozilla"):
+		bypasses.Inc()
 		slog.Debug("non-browser user agent")
 		s.rp.ServeHTTP(w, r)
 		return
 	case strings.HasPrefix(r.URL.Path, "/.well-known/"):
+		bypasses.Inc()
 		slog.Debug("well-known path")
 		s.rp.ServeHTTP(w, r)
 		return
 	case strings.HasSuffix(r.URL.Path, ".rss") || strings.HasSuffix(r.URL.Path, ".xml") || strings.HasSuffix(r.URL.Path, ".atom"):
+		bypasses.Inc()
 		slog.Debug("rss path")
 		s.rp.ServeHTTP(w, r)
 		return
 	case r.URL.Path == "/favicon.ico":
+		bypasses.Inc()
 		slog.Debug("favicon path")
 		s.rp.ServeHTTP(w, r)
 		return
 	case r.URL.Path == "/robots.txt":
+		bypasses.Inc()
 		slog.Debug("robots.txt path")
 		s.rp.ServeHTTP(w, r)
 		return
@@ -216,7 +221,6 @@ func (s *Server) maybeReverseProxy(w http.ResponseWriter, r *http.Request) {
 	claims := token.Claims.(jwt.MapClaims)
 	if claims["challenge"] != challengeFor(r) {
 		slog.Debug("invalid challenge", "path", r.URL.Path)
-		clearCookie(w)
 		s.renderIndex(w, r)
 		return
 	}
diff --git a/cmd/anubis/static/js/proof-of-work.mjs b/cmd/anubis/static/js/proof-of-work.mjs
index 4019fec..edaf865 100644
--- a/cmd/anubis/static/js/proof-of-work.mjs
+++ b/cmd/anubis/static/js/proof-of-work.mjs
@@ -29,17 +29,14 @@ export function process(data, difficulty = 5) {
 
 function processTask() {
   return function () {
-    function sha256(text) {
-      return new Promise((resolve, reject) => {
-        let buffer = (new TextEncoder).encode(text);
-
-        crypto.subtle.digest('SHA-256', buffer.buffer).then(result => {
-          resolve(Array.from(new Uint8Array(result)).map(
-            c => c.toString(16).padStart(2, '0')
-          ).join(''));
-        }, reject);
-      });
-    }
+    const sha256 = (text) => {
+      const encoded = new TextEncoder().encode(text);
+      return crypto.subtle.digest("SHA-256", encoded.buffer).then((result) =>
+        Array.from(new Uint8Array(result))
+          .map((c) => c.toString(16).padStart(2, "0"))
+          .join(""),
+      );
+    };
 
     addEventListener('message', async (event) => {
       let data = event.data.data;