mirror of
https://github.com/TecharoHQ/anubis.git
synced 2026-06-10 14:28:15 +00:00
Merge branch 'main' into Xe/small-sec-fixes
Signed-off-by: Xe Iaso <xe.iaso@techaro.lol>
This commit is contained in:
Xe Iaso
@@ -38,6 +38,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
|
||||
- Validate bounds in the CEL `randInt` helper so non-positive or platform-overflowing arguments surface a typed CEL error instead of an evaluator panic.
|
||||
- Pin docs deployment images to immutable digests with `imagePullPolicy: IfNotPresent`, and have the docs-deploy workflow overlay the just-built digest via `kustomize edit set image` so each rollout references an auditable artifact instead of a floating `:main` tag. The docs `Dockerfile` now pins `node` and `nginx-micro` base images to specific versions.
|
||||
- Fix a race in the bbolt store where the asynchronous cleanup scheduled by an expired read could delete a value that had just been refreshed; the delete now only fires when the key still carries the same expired generation it observed.
|
||||
- Marginally increase the performances of requests processing
|
||||
- Marginally improve the performances of PoW validation
|
||||
|
||||
## v1.25.0: Necron
|
||||
|
||||
|
||||
+2
-3
@@ -11,9 +11,8 @@ import (
|
||||
// SHA256sum computes a cryptographic hash. Still used for proof-of-work challenges
|
||||
// where we need the security properties of a cryptographic hash function.
|
||||
func SHA256sum(text string) string {
|
||||
hash := sha256.New()
|
||||
hash.Write([]byte(text))
|
||||
return hex.EncodeToString(hash.Sum(nil))
|
||||
sum := sha256.Sum256([]byte(text))
|
||||
return hex.EncodeToString(sum[:])
|
||||
}
|
||||
|
||||
// FastHash is a high-performance non-cryptographic hash function suitable for
|
||||
|
||||
@@ -45,7 +45,7 @@ func (i *Impl) Validate(r *http.Request, lg *slog.Logger, in *chall.ValidateInpu
|
||||
return chall.NewError("validate", "invalid response", fmt.Errorf("%w nonce", chall.ErrMissingField))
|
||||
}
|
||||
|
||||
nonce, err := strconv.Atoi(nonceStr)
|
||||
_, err := strconv.Atoi(nonceStr)
|
||||
if err != nil {
|
||||
return chall.NewError("validate", "invalid response", fmt.Errorf("%w: nonce: %w", chall.ErrInvalidFormat, err))
|
||||
|
||||
@@ -66,7 +66,7 @@ func (i *Impl) Validate(r *http.Request, lg *slog.Logger, in *chall.ValidateInpu
|
||||
return chall.NewError("validate", "invalid response", fmt.Errorf("%w response", chall.ErrMissingField))
|
||||
}
|
||||
|
||||
calcString := fmt.Sprintf("%s%d", challenge, nonce)
|
||||
calcString := challenge + nonceStr
|
||||
calculated := internal.SHA256sum(calcString)
|
||||
|
||||
if subtle.ConstantTimeCompare([]byte(response), []byte(calculated)) != 1 {
|
||||
|
||||
+15
-4
@@ -1,8 +1,6 @@
|
||||
package policy
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
|
||||
"github.com/TecharoHQ/anubis/internal"
|
||||
"github.com/TecharoHQ/anubis/lib/config"
|
||||
"github.com/TecharoHQ/anubis/lib/policy/checker"
|
||||
@@ -13,9 +11,22 @@ type Bot struct {
|
||||
Challenge *config.ChallengeRules
|
||||
Weight *config.Weight
|
||||
Name string
|
||||
Action config.Rule
|
||||
// hash caches the result of Hash() when populated at parse time, see ParseConfig
|
||||
hash string
|
||||
Action config.Rule
|
||||
}
|
||||
|
||||
// Hash returns a stable identifier for this Bot derived from its Name
|
||||
// and Rules. When the cached value is present (populated by
|
||||
// ParseConfig) it is returned directly; otherwise the hash is
|
||||
// recomputed on demand so callers do not have to know about the cache.
|
||||
func (b Bot) Hash() string {
|
||||
return internal.FastHash(fmt.Sprintf("%s::%s", b.Name, b.Rules.Hash()))
|
||||
if b.hash != "" {
|
||||
return b.hash
|
||||
}
|
||||
var rulesHash string
|
||||
if b.Rules != nil { // defensive, should never happen
|
||||
rulesHash = b.Rules.Hash()
|
||||
}
|
||||
return internal.FastHash(b.Name + "::" + rulesHash)
|
||||
}
|
||||
|
||||
@@ -219,6 +219,7 @@ func ParseConfig(ctx context.Context, fin io.Reader, fname string, defaultDiffic
|
||||
result.Impressum = c.Impressum
|
||||
|
||||
parsedBot.Rules = cl
|
||||
parsedBot.hash = parsedBot.Hash()
|
||||
|
||||
result.Bots = append(result.Bots, parsedBot)
|
||||
}
|
||||
|
||||
Generated
+491
-373
File diff suppressed because it is too large
Load Diff
+6
-6
@@ -20,11 +20,11 @@
|
||||
"author": "",
|
||||
"license": "ISC",
|
||||
"devDependencies": {
|
||||
"@commitlint/cli": "^20.5.3",
|
||||
"@commitlint/config-conventional": "^20.5.3",
|
||||
"baseline-browser-mapping": "^2.10.27",
|
||||
"cssnano": "^7.1.8",
|
||||
"cssnano-preset-advanced": "^7.0.16",
|
||||
"@commitlint/cli": "^21.0.1",
|
||||
"@commitlint/config-conventional": "^21.0.1",
|
||||
"baseline-browser-mapping": "^2.10.30",
|
||||
"cssnano": "^8.0.1",
|
||||
"cssnano-preset-advanced": "^8.0.1",
|
||||
"esbuild": "^0.28.0",
|
||||
"husky": "^9.1.7",
|
||||
"playwright": "^1.52.0",
|
||||
@@ -36,7 +36,7 @@
|
||||
},
|
||||
"dependencies": {
|
||||
"@aws-crypto/sha256-js": "^5.2.0",
|
||||
"preact": "^10.29.1"
|
||||
"preact": "^10.29.2"
|
||||
},
|
||||
"commitlint": {
|
||||
"extends": [
|
||||
|
||||
Reference in New Issue
Block a user