aboutsummaryrefslogtreecommitdiff
path: root/cmd
AgeCommit message (Collapse)AuthorFilesLines
2025-04-27fix(relayd): increase correlation potentialHEADmasterXe Iaso1-1/+12
Signed-off-by: Xe Iaso <me@xeiaso.net>
2025-04-27feat(relayd): autocert support for automatic TLS cert mintingXe Iaso2-75/+64
Signed-off-by: Xe Iaso <me@xeiaso.net>
2025-04-27feat(httpdebug): quiet mode and function as a systemd serviceXe Iaso3-3/+21
Signed-off-by: Xe Iaso <me@xeiaso.net>
2025-04-27feat(relayd): store and query TLS fingerprintsXe Iaso2-5/+94
Release-Status: cut Signed-off-by: Xe Iaso <me@xeiaso.net>
2025-04-26chore: set up semantic-releaseXe Iaso1-1/+1
Signed-off-by: Xe Iaso <me@xeiaso.net>
2025-04-26fix(relayd): disable TCP fingerprinting on Linux for nowXe Iaso3-12/+13
Signed-off-by: Xe Iaso <me@xeiaso.net>
2025-04-26chore: reformat the world, set up autoformat on commitXe Iaso37-830/+11574
Signed-off-by: Xe Iaso <me@xeiaso.net>
2025-04-26chore: run go mod generateXe Iaso6-2470/+1394
Signed-off-by: Xe Iaso <me@xeiaso.net>
2025-04-26chore(templ): fix go generate commandsXe Iaso22-232/+1793
Signed-off-by: Xe Iaso <me@xeiaso.net>
2025-04-26feat(anubis): replace with tombstoneXe Iaso32-2115/+3
Signed-off-by: Xe Iaso <me@xeiaso.net>
2025-04-26feat(relayd): add standard reverse proxy headersXe Iaso2-4/+20
Signed-off-by: Xe Iaso <me@xeiaso.net>
2025-04-26feat: cmd/aws-secgen for generating fake AWS secretsXe Iaso1-0/+73
Signed-off-by: Xe Iaso <me@xeiaso.net>
2025-04-23fix(relayd): rename HTTP headers for fingerprintsXe Iaso1-3/+3
This aligns with what go-away is doing. Signed-off-by: Xe Iaso <me@xeiaso.net>
2025-04-21feat(relayd): ja4t fingerprintingXe Iaso2-11/+29
Signed-off-by: Xe Iaso <me@xeiaso.net>
2025-04-21cmd/relayd: start implementing tcp fingerprintingXe Iaso4-19/+101
Signed-off-by: Xe Iaso <me@xeiaso.net>
2025-04-19cmd/relayd: test stuffXe Iaso2-4/+16
Signed-off-by: Xe Iaso <me@xeiaso.net>
2025-04-19cmd/relayd: refine for packagingv1.13.6Xe Iaso3-2/+14
Signed-off-by: Xe Iaso <me@xeiaso.net>
2025-04-19cmd/relayd: automagically reload TLS certificates, JA3N/JA4 fingerprintsXe Iaso2-8/+457
Signed-off-by: Xe Iaso <me@xeiaso.net>
2025-04-07cmd: add yeet tombstoneXe Iaso10-1190/+1
Signed-off-by: Xe Iaso <me@xeiaso.net>
2025-04-06add reverseproxydXe Iaso1-0/+38
Signed-off-by: Xe Iaso <me@xeiaso.net>
2025-04-04cmd/yeet: support custom filename logic for tarball generationv1.13.4Xe Iaso3-4/+15
Signed-off-by: Xe Iaso <me@xeiaso.net>
2025-04-03add package build job from Anubis as a testXe Iaso1-4/+3
Signed-off-by: Xe Iaso <me@xeiaso.net>
2025-04-02cmd/yeet: staticcheck/vet fixesv1.13.1Xe Iaso4-28/+13
Signed-off-by: Xe Iaso <me@xeiaso.net>
2025-04-02cmd/yeet/internal/mktarball: put VERSION in doc folderXe Iaso2-0/+19
Signed-off-by: Xe Iaso <me@xeiaso.net>
2025-04-01cmd/yeet: build tarball packagesv1.13.0Xe Iaso5-13/+198
Signed-off-by: Xe Iaso <me@xeiaso.net>
2025-04-01cmd/yeet: modernize build syntax, nix nixXe Iaso7-186/+110
Signed-off-by: Xe Iaso <me@xeiaso.net>
2025-03-31cmd/yeet: fixupsXe Iaso6-37/+76
Signed-off-by: Xe Iaso <me@xeiaso.net>
2025-03-28cmd/yeet: add ability to build debian packagesXe Iaso6-30/+174
Signed-off-by: Xe Iaso <me@xeiaso.net>
2025-03-19cmd/anubis: mark as a tombstone (#705)Xe Iaso1-6/+5
Signed-off-by: Xe Iaso <me@xeiaso.net>
2025-03-17cmd/anubis: rephrase noscript warningXe Iaso2-2/+2
Closes #701 Signed-off-by: Xe Iaso <me@xeiaso.net>
2025-03-17cmd/anubis: allow qwantbot scraping (#700)Dennis ten Hoove1-1/+6
Like Google and Bing, Qwant maintains its own search index.
2025-03-17cmd/anubis: add rule hashes for admin-configured denials (#696)Xe Iaso5-7/+57
* cmd/anubis: add rule hashes for admin-configured denials Closes #695 Signed-off-by: Xe Iaso <me@xeiaso.net> * cmd/anubis: remove theoretical nil pointer deference panic This won't actually happen in real life, but the code paths might change so we should be somewhat defensive. Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> --------- Signed-off-by: Xe Iaso <me@xeiaso.net> Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
2025-03-15cmd/anubis/internal/config: properly use errors.JoinXe Iaso1-6/+6
Signed-off-by: Xe Iaso <me@xeiaso.net>
2025-03-03Potential fix for code scanning alert no. 9: Uncontrolled data used in path ↵Xe Iaso1-3/+21
expression (#687) * Potential fix for code scanning alert no. 9: Uncontrolled data used in path expression Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> * Update cmd/mimi/modules/discord/heic2jpeg/heic2jpeg.go Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> --------- Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
2025-03-03cmd/anubis: implement health check (#685)Xe Iaso1-0/+22
Closes #681 Signed-off-by: Xe Iaso <me@xeiaso.net>
2025-03-01cmd/anubis: Fix potential decaymap race (#683)Em Sharnoff1-1/+5
Fixes a potential TOCTOU issue that would cause values to be spuriously erased. IIUC, the following interleaving of (*DecayMap).Get() and (*DecayMap).Set() can cause an update to be erased: // thread A: Get("x") m.lock.RLock() value, ok := m.data["x"] m.lock.RUnlock() ... if time.Now().After(value.expiry) { // <wait for lock!> // thread B: Set("x", ...) m.lock.Lock() defer m.lock.Unlock() m.data["x"] = DecayMapEntry{ ... } // thread A continues its Get("x") after acquring the lock: m.lock.Lock() delete(m.data, "x") // Oops! Newer entry is deleted! m.lock.Unlock() Realistically... I think it's probably a non-issue either way, because the worst that can happen is that a cache entry is spuriously removed, and it'll just get re-fetched.
2025-02-14cmd/anubis: cache DNSBL hits in a DecayMapXe Iaso2-12/+84
Signed-off-by: Xe Iaso <me@xeiaso.net>
2025-02-14cmd/anubis: enable DNSBL checking via droneblXe Iaso7-3/+226
Signed-off-by: Xe Iaso <me@xeiaso.net>
2025-02-14Earthfile: bump to go 1.24Xe Iaso1-0/+5
Signed-off-by: Xe Iaso <me@xeiaso.net>
2025-01-26cmd/anubis: forbid bypassing auth by faking the challenge difficultyXe Iaso7-22/+6
This fixes a trivial auth bypass where a user requests a challenge, formulates any nonce they want (such as 42069), and then passes the challenge with difficulty zero. This was fixed by not using the difficulity the client specified and instead using the fixed difficulty at the server level. The difficulty has also been encoded into the challenge in 7bd7b209f4f1. Thanks to Coral Pink for finding this and reporting it over email. Signed-off-by: Xe Iaso <me@xeiaso.net>
2025-01-26cmd/anubis: bake difficulty into challengeXe Iaso1-1/+2
Signed-off-by: Xe Iaso <me@xeiaso.net>
2025-01-26cmd/anubis: ship sourcemapsXe Iaso6-1/+9
Signed-off-by: Xe Iaso <me@xeiaso.net>
2025-01-26cmd/anubis: disable video test for nowXe Iaso5-11/+12
Signed-off-by: Xe Iaso <me@xeiaso.net>
2025-01-25cmd/anubis: prepare for more efficient servingXe Iaso4-1/+32
Signed-off-by: Xe Iaso <me@xeiaso.net>
2025-01-25cmd/anubis: minify JS, add video element testXe Iaso8-108/+145
Signed-off-by: Xe Iaso <me@xeiaso.net>
2025-01-25make simpleapp helm templateXe Iaso1-7/+24
Signed-off-by: Xe Iaso <me@xeiaso.net>
2025-01-24cmd/anubis: document POLICY_FNAMEXe Iaso1-7/+8
Signed-off-by: Xe Iaso <me@xeiaso.net>
2025-01-24cmd/anubis: add rudimentary bot policy supportXe Iaso7-50/+422
Signed-off-by: Xe Iaso <me@xeiaso.net>
2025-01-24cmd/anubis: don't include Accept-Encoding in challengeXe Iaso2-3/+7
Browsers are known to change the Accept-Encoding header based on what media type is being accepted. I kinda hate this too, but such is life. Signed-off-by: Xe Iaso <me@xeiaso.net>
2025-01-21refactor out fly.io registry from CIXe Iaso2-2/+2
Signed-off-by: Xe Iaso <me@xeiaso.net>
generated by cgit v1.2.3 (git 2.25.1) at 2026-01-02 10:02:39 +0000