| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Signed-off-by: Xe Iaso <me@xeiaso.net>
|
|
* cmd/anubis: add rule hashes for admin-configured denials
Closes #695
Signed-off-by: Xe Iaso <me@xeiaso.net>
* cmd/anubis: remove theoretical nil pointer deference panic
This won't actually happen in real life, but the code paths might change so we should be somewhat defensive.
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
---------
Signed-off-by: Xe Iaso <me@xeiaso.net>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
|
|
This fixes a trivial auth bypass where a user requests a challenge,
formulates any nonce they want (such as 42069), and then passes the
challenge with difficulty zero.
This was fixed by not using the difficulity the client specified and
instead using the fixed difficulty at the server level. The difficulty
has also been encoded into the challenge in 7bd7b209f4f1.
Thanks to Coral Pink for finding this and reporting it over email.
Signed-off-by: Xe Iaso <me@xeiaso.net>
|
|
Signed-off-by: Xe Iaso <me@xeiaso.net>
|
|
Signed-off-by: Xe Iaso <me@xeiaso.net>
|
|
Signed-off-by: Xe Iaso <me@xeiaso.net>
|
|
Signed-off-by: Xe Iaso <me@xeiaso.net>
|
|
Signed-off-by: Xe Iaso <me@xeiaso.net>
|
|
Signed-off-by: Xe Iaso <me@xeiaso.net>
|
|
Signed-off-by: Xe Iaso <me@xeiaso.net>
|
|
* Make sha256 function less bad (thanks @allypost!)
* Link to git.xeserv.us in README
* actually start metrics server in the background
|
|
Signed-off-by: Xe Iaso <me@xeiaso.net>
|
