| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Signed-off-by: Xe Iaso <me@xeiaso.net>
|
|
Signed-off-by: Xe Iaso <me@xeiaso.net>
|
|
Closes #701
Signed-off-by: Xe Iaso <me@xeiaso.net>
|
|
Like Google and Bing, Qwant maintains its own search index.
|
|
* cmd/anubis: add rule hashes for admin-configured denials
Closes #695
Signed-off-by: Xe Iaso <me@xeiaso.net>
* cmd/anubis: remove theoretical nil pointer deference panic
This won't actually happen in real life, but the code paths might change so we should be somewhat defensive.
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
---------
Signed-off-by: Xe Iaso <me@xeiaso.net>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
|
|
Signed-off-by: Xe Iaso <me@xeiaso.net>
|
|
Closes #681
Signed-off-by: Xe Iaso <me@xeiaso.net>
|
|
Fixes a potential TOCTOU issue that would cause values to be spuriously
erased.
IIUC, the following interleaving of (*DecayMap).Get() and
(*DecayMap).Set() can cause an update to be erased:
// thread A: Get("x")
m.lock.RLock()
value, ok := m.data["x"]
m.lock.RUnlock()
...
if time.Now().After(value.expiry) {
// <wait for lock!>
// thread B: Set("x", ...)
m.lock.Lock()
defer m.lock.Unlock()
m.data["x"] = DecayMapEntry{ ... }
// thread A continues its Get("x") after acquring the lock:
m.lock.Lock()
delete(m.data, "x") // Oops! Newer entry is deleted!
m.lock.Unlock()
Realistically... I think it's probably a non-issue either way, because
the worst that can happen is that a cache entry is spuriously removed,
and it'll just get re-fetched.
|
|
Signed-off-by: Xe Iaso <me@xeiaso.net>
|
|
Signed-off-by: Xe Iaso <me@xeiaso.net>
|
|
Signed-off-by: Xe Iaso <me@xeiaso.net>
|
|
This fixes a trivial auth bypass where a user requests a challenge,
formulates any nonce they want (such as 42069), and then passes the
challenge with difficulty zero.
This was fixed by not using the difficulity the client specified and
instead using the fixed difficulty at the server level. The difficulty
has also been encoded into the challenge in 7bd7b209f4f1.
Thanks to Coral Pink for finding this and reporting it over email.
Signed-off-by: Xe Iaso <me@xeiaso.net>
|
|
Signed-off-by: Xe Iaso <me@xeiaso.net>
|
|
Signed-off-by: Xe Iaso <me@xeiaso.net>
|
|
Signed-off-by: Xe Iaso <me@xeiaso.net>
|
|
Signed-off-by: Xe Iaso <me@xeiaso.net>
|
|
Signed-off-by: Xe Iaso <me@xeiaso.net>
|
|
Signed-off-by: Xe Iaso <me@xeiaso.net>
|
|
Signed-off-by: Xe Iaso <me@xeiaso.net>
|
|
Browsers are known to change the Accept-Encoding header based on
what media type is being accepted. I kinda hate this too, but such
is life.
Signed-off-by: Xe Iaso <me@xeiaso.net>
|
|
Ref #649
Signed-off-by: Xe Iaso <me@xeiaso.net>
|
|
Signed-off-by: Xe Iaso <me@xeiaso.net>
|
|
Signed-off-by: Xe Iaso <me@xeiaso.net>
|
|
Signed-off-by: Xe Iaso <me@xeiaso.net>
|
|
Signed-off-by: Xe Iaso <me@xeiaso.net>
|
|
Signed-off-by: Xe Iaso <me@xeiaso.net>
|
|
while waking up
Signed-off-by: Xe Iaso <me@xeiaso.net>
|
|
Signed-off-by: Xe Iaso <me@xeiaso.net>
|
|
Signed-off-by: Xe Iaso <me@xeiaso.net>
|
|
Signed-off-by: Xe Iaso <me@xeiaso.net>
|
|
Signed-off-by: Xe Iaso <me@xeiaso.net>
|
|
Signed-off-by: Xe Iaso <me@xeiaso.net>
|
|
Signed-off-by: Xe Iaso <me@xeiaso.net>
|
|
Signed-off-by: Xe Iaso <me@xeiaso.net>
|
|
Signed-off-by: Xe Iaso <me@xeiaso.net>
|
|
Signed-off-by: Xe Iaso <me@xeiaso.net>
|
|
Signed-off-by: Xe Iaso <me@xeiaso.net>
|
|
* Make sha256 function less bad (thanks @allypost!)
* Link to git.xeserv.us in README
* actually start metrics server in the background
|
|
Signed-off-by: Xe Iaso <me@xeiaso.net>
|
|
Signed-off-by: Xe Iaso <me@xeiaso.net>
|
