From c3ed405dbcb2295c34765f19978fa60a5641fb3e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sunniva=20L=C3=B8vstad?= Date: Thu, 25 Sep 2025 10:01:02 +0200 Subject: [PATCH 1/8] Update Nynorsk translation (#1143) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * chore: fix capitalisation in bokmål and nynorsk * stadfest → e-verb Signed-off-by: Sunniva Løvstad --------- Signed-off-by: Sunniva Løvstad --- lib/localization/locales/nn.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/lib/localization/locales/nn.json b/lib/localization/locales/nn.json index d49396a8..0b0d6eaf 100644 --- a/lib/localization/locales/nn.json +++ b/lib/localization/locales/nn.json @@ -13,7 +13,7 @@ "try_again": "Prøv att", "go_home": "Gå heim", "contact_webmaster": "eller om du synest at du ikkje burde vera blokkert, venlegast tak kontakt med administratoren på", - "connection_security": "Venlegast vent medan vi stadfestar tryggleiken av tilkoplinga di.", + "connection_security": "Venlegast vent medan vi stadfester tryggleiken av tilkoplinga di.", "javascript_required": "Du lyt diverre slå på JavaScript for å koma deg forbi denne utfordringa. Dette krevst av di KI-selskap har endra sosialkontrakten om korleis nettstadsverting fungerer. Ei ikkje-JS-løysing er i gang med å skapast.", "benchmark_requires_js": "JavaScript må vera slegen på for å køyre samanlikningsverktøyet.", "difficulty": "Vanskenivå:", @@ -41,7 +41,7 @@ "oh_noes": "Å nei!", "benchmarking_anubis": "Samanliknar Anubis!", "you_are_not_a_bot": "Du er ikkje ein bot!", - "making_sure_not_bot": "Stadfestar at du ikkje er ein bot!", + "making_sure_not_bot": "Stadfester at du ikkje er ein bot!", "celphase": "CELPHASE", "js_web_crypto_error": "Nettlesaren din har ikkje eit fungerande web.crypto-element. Ser du dette med ei sikker tilkopling?", "js_web_workers_error": "Nettlesaren din støttar ikkje nettarbeidarar (Anubis brukar dette for å unngå å fryse nettlesaren din). Har du eit tillegg som JShelter installert?", @@ -63,4 +63,4 @@ "js_calculation_error_msg": "Mislukkast i å rekne utfordring:", "missing_required_forwarded_headers": "Manglende nødvendige X-Forwarded-* headers", "simplified_explanation": "Dette er eit tiltak mot robotar og vondsinna førespurnader som liknar på ein CAPTCHA. Men i staden for å måtte gjere arbeidet sjølv, får nettlesaren din ei utrekningsoppgåve som han må løyse for å sikre at han er ein gyldig klient. Dette konseptet blir kalla Arbeidsbevis. Oppgåva blir rekna ut på nokre få sekund, og du får tilgang til nettstaden. Takk for di forståing og tålmod." -} \ No newline at end of file +} From 1cf03535a580afbaf8f88320f8fc1da13ff9e2c7 Mon Sep 17 00:00:00 2001 From: violet <167108906+avioletheart@users.noreply.github.com> Date: Thu, 25 Sep 2025 04:01:24 -0400 Subject: [PATCH 2/8] feat: support reading real client IP from a custom header (#1138) * feat: support reading real client IP from a custom header * pr reviews --------- Co-authored-by: violet --- cmd/anubis/main.go | 2 ++ docs/docs/CHANGELOG.md | 1 + docs/docs/admin/caveats-xff.mdx | 2 ++ docs/docs/admin/installation.mdx | 1 + internal/headers.go | 16 ++++++++++++++++ 5 files changed, 22 insertions(+) diff --git a/cmd/anubis/main.go b/cmd/anubis/main.go index 59dd56f9..c1efe241 100644 --- a/cmd/anubis/main.go +++ b/cmd/anubis/main.go @@ -83,6 +83,7 @@ var ( versionFlag = flag.Bool("version", false, "print Anubis version") publicUrl = flag.String("public-url", "", "the externally accessible URL for this Anubis instance, used for constructing redirect URLs (e.g., for forwardAuth).") xffStripPrivate = flag.Bool("xff-strip-private", true, "if set, strip private addresses from X-Forwarded-For") + customRealIPHeader = flag.String("custom-real-ip-header", "", "if set, read remote IP from header of this name (in case your environment doesn't set X-Real-IP header)") thothInsecure = flag.Bool("thoth-insecure", false, "if set, connect to Thoth over plain HTTP/2, don't enable this unless support told you to") thothURL = flag.String("thoth-url", "", "if set, URL for Thoth, the IP reputation database for Anubis") @@ -460,6 +461,7 @@ func main() { var h http.Handler h = s + h = internal.CustomRealIPHeader(*customRealIPHeader, h) h = internal.RemoteXRealIP(*useRemoteAddress, *bindNetwork, h) h = internal.XForwardedForToXRealIP(h) h = internal.XForwardedForUpdate(*xffStripPrivate, h) diff --git a/docs/docs/CHANGELOG.md b/docs/docs/CHANGELOG.md index 948ff93a..1ffbb814 100644 --- a/docs/docs/CHANGELOG.md +++ b/docs/docs/CHANGELOG.md @@ -13,6 +13,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 +- Add `-custom-real-ip-header` flag to get the original request IP from a different header than `x-real-ip`. - Add `contentLength` variable to bot expressions. - Add `COOKIE_SAME_SITE_MODE` to force anubis cookies SameSite value, and downgrade automatically from `None` to `Lax` if cookie is insecure. - Fix lock convoy problem in decaymap ([#1103](https://github.com/TecharoHQ/anubis/issues/1103)). diff --git a/docs/docs/admin/caveats-xff.mdx b/docs/docs/admin/caveats-xff.mdx index 655534f3..54b04f5e 100644 --- a/docs/docs/admin/caveats-xff.mdx +++ b/docs/docs/admin/caveats-xff.mdx @@ -20,6 +20,8 @@ Upstream: X-Forwarded-For: CF_IP As a workaround, you should configure your web server to parse an alternative source (such as `CF-Connecting-IP`), or pre-process the incoming `X-Forwarded-For` with your web server to ensure it only contains the real client IP address, then pass it to Anubis as `X-Forwarded-For`. +If you do not control the web server upstream of Anubis, the `custom-real-ip-header` command line flag accepts a header value that Anubis will read the real client IP address from. Anubis will set the `X-Real-IP` header to the IP address found in the custom header. + The `X-Real-IP` header will be automatically inferred from `X-Forwarded-For` if not set, setting it explicitly is not necessary as long as `X-Forwarded-For` contains only the real client IP. However setting it explicitly can eliminate spoofed values if your web server doesn't set this. See [Cloudflare](environments/cloudflare.mdx) for an example configuration. diff --git a/docs/docs/admin/installation.mdx b/docs/docs/admin/installation.mdx index b82fe7b9..96f305c7 100644 --- a/docs/docs/admin/installation.mdx +++ b/docs/docs/admin/installation.mdx @@ -76,6 +76,7 @@ Anubis uses these environment variables for configuration: | `COOKIE_DOMAIN` | unset | The domain the Anubis challenge pass cookie should be set to. This should be set to the domain you bought from your registrar (EG: `techaro.lol` if your webapp is running on `anubis.techaro.lol`). See this [stackoverflow explanation of cookies](https://stackoverflow.com/a/1063760) for more information.

Note that unlike `REDIRECT_DOMAINS`, you should never include a port number in this variable. | | `COOKIE_DYNAMIC_DOMAIN` | false | If set to true, automatically set cookie domain fields based on the hostname of the request. EG: if you are making a request to `anubis.techaro.lol`, the Anubis cookie will be valid for any subdomain of `techaro.lol`. | | `COOKIE_EXPIRATION_TIME` | `168h` | The amount of time the authorization cookie is valid for. | +| `CUSTOM_REAL_IP_HEADER` | unset | If set, Anubis will read the client's real IP address from this header, and set it in `X-Real-IP` header. | | `COOKIE_PARTITIONED` | `false` | If set to `true`, enables the [partitioned (CHIPS) flag](https://developers.google.com/privacy-sandbox/cookies/chips), meaning that Anubis inside an iframe has a different set of cookies than the domain hosting the iframe. | | `COOKIE_PREFIX` | `anubis-cookie` | The prefix used for browser cookies created by Anubis. Useful for customization or avoiding conflicts with other applications. | | `COOKIE_SECURE` | `true` | If set to `true`, enables the [Secure flag](https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/Cookies#block_access_to_your_cookies), meaning that the cookies will only be transmitted over HTTPS. If Anubis is used in an unsecure context (plain HTTP), this will be need to be set to false | diff --git a/internal/headers.go b/internal/headers.go index 8b478665..21601d24 100644 --- a/internal/headers.go +++ b/internal/headers.go @@ -38,6 +38,22 @@ func UnchangingCache(next http.Handler) http.Handler { }) } +// CustomXRealIPHeader sets the X-Real-IP header to the value of a +// different header. +// Used in environments where the upstream proxy sets the request's +// origin IP in a custom header. +func CustomRealIPHeader(customRealIPHeaderValue string, next http.Handler) http.Handler { + if customRealIPHeaderValue == "" { + slog.Debug("skipping middleware, customRealIPHeaderValue is empty") + return next + } + + return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + r.Header.Set("X-Real-IP", r.Header.Get(customRealIPHeaderValue)) + next.ServeHTTP(w, r) + }) +} + // RemoteXRealIP sets the X-Real-Ip header to the request's real IP if // the setting is enabled by the user. func RemoteXRealIP(useRemoteAddress bool, bindNetwork string, next http.Handler) http.Handler { From 75ea1b60d5646ca81d03731c5066492f5ac12014 Mon Sep 17 00:00:00 2001 From: Jamie McClelland Date: Thu, 25 Sep 2025 08:08:16 +0000 Subject: [PATCH 3/8] enable auto setting of SNI based on host header (#1129) With this change, setting targetSNI to 'auto' causes anubis to use the request host name as the SNI name, allowing multiple sites to use the same anubis instance and same backend, while still securely connecting to the backend via https. See https://github.com/TecharoHQ/anubis/issues/424 --- cmd/anubis/main.go | 25 +++++++++++++++---------- docs/docs/CHANGELOG.md | 1 + docs/docs/admin/installation.mdx | 2 +- 3 files changed, 17 insertions(+), 11 deletions(-) diff --git a/cmd/anubis/main.go b/cmd/anubis/main.go index c1efe241..5ccdcc01 100644 --- a/cmd/anubis/main.go +++ b/cmd/anubis/main.go @@ -68,7 +68,7 @@ var ( slogLevel = flag.String("slog-level", "INFO", "logging level (see https://pkg.go.dev/log/slog#hdr-Levels)") stripBasePrefix = flag.Bool("strip-base-prefix", false, "if true, strips the base prefix from requests forwarded to the target server") target = flag.String("target", "http://localhost:3923", "target to reverse proxy to, set to an empty string to disable proxying when only using auth request") - targetSNI = flag.String("target-sni", "", "if set, the value of the TLS handshake hostname when forwarding requests to the target") + targetSNI = flag.String("target-sni", "", "if set, TLS handshake hostname when forwarding requests to the target, if set to auto, use Host header") targetHost = flag.String("target-host", "", "if set, the value of the Host header when forwarding requests to the target") targetInsecureSkipVerify = flag.Bool("target-insecure-skip-verify", false, "if true, skips TLS validation for the backend") targetDisableKeepAlive = flag.Bool("target-disable-keepalive", false, "if true, disables HTTP keep-alive for the backend") @@ -236,23 +236,28 @@ func makeReverseProxy(target string, targetSNI string, targetHost string, insecu if insecureSkipVerify || targetSNI != "" { transport.TLSClientConfig = &tls.Config{} - if insecureSkipVerify { - slog.Warn("TARGET_INSECURE_SKIP_VERIFY is set to true, TLS certificate validation will not be performed", "target", target) - transport.TLSClientConfig.InsecureSkipVerify = true - } - if targetSNI != "" { - transport.TLSClientConfig.ServerName = targetSNI - } + } + if insecureSkipVerify { + slog.Warn("TARGET_INSECURE_SKIP_VERIFY is set to true, TLS certificate validation will not be performed", "target", target) + transport.TLSClientConfig.InsecureSkipVerify = true + } + if targetSNI != "" && targetSNI != "auto" { + transport.TLSClientConfig.ServerName = targetSNI } rp := httputil.NewSingleHostReverseProxy(targetUri) rp.Transport = transport - if targetHost != "" { + if targetHost != "" || targetSNI == "auto" { originalDirector := rp.Director rp.Director = func(req *http.Request) { originalDirector(req) - req.Host = targetHost + if targetHost != "" { + req.Host = targetHost + } + if targetSNI == "auto" { + transport.TLSClientConfig.ServerName = req.Host + } } } diff --git a/docs/docs/CHANGELOG.md b/docs/docs/CHANGELOG.md index 1ffbb814..2b2fb21e 100644 --- a/docs/docs/CHANGELOG.md +++ b/docs/docs/CHANGELOG.md @@ -29,6 +29,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 - Fixes concurrency problems with very old browsers ([#1082](https://github.com/TecharoHQ/anubis/issues/1082)). - Randomly use the Refresh header instead of the meta refresh tag in the metarefresh challenge. - Update OpenRC service to truncate the runtime directory before starting Anubis. +- Add option to set `targetSNI` to special keyword 'auto' to indicate that it should be automatically set to the request Host name ([424](https://github.com/TecharoHQ/anubis/issues/424)). ### Bug Fixes diff --git a/docs/docs/admin/installation.mdx b/docs/docs/admin/installation.mdx index 96f305c7..0edd65d7 100644 --- a/docs/docs/admin/installation.mdx +++ b/docs/docs/admin/installation.mdx @@ -123,7 +123,7 @@ If you don't know or understand what these settings mean, ignore them. These are | `TARGET_DISABLE_KEEPALIVE` | `false` | If `true`, disables HTTP keep-alive for connections to the target backend. Useful for backends that don't handle keep-alive properly. | | `TARGET_HOST` | unset | If set, overrides the Host header in requests forwarded to `TARGET`. | | `TARGET_INSECURE_SKIP_VERIFY` | `false` | If `true`, skip TLS certificate validation for targets that listen over `https`. If your backend does not listen over `https`, ignore this setting. | -| `TARGET_SNI` | unset | If set, overrides the TLS handshake hostname in requests forwarded to `TARGET`. | +| `TARGET_SNI` | unset | If set, TLS handshake hostname when forwarding requests to the `TARGET`. If set to auto, use Host header. | From 714c85dbc46c370e5bced15d31897b3ccc160a58 Mon Sep 17 00:00:00 2001 From: Xe Iaso Date: Sat, 27 Sep 2025 13:44:46 -0400 Subject: [PATCH 4/8] fix(lib): enable multiple consecutive slash support (#1155) * fix(lib): enable multiple consecutive slash support Closes #754 Closes #808 Closes #815 Apparently more applications use multiple slashes in a row than I thought. There is no easy way around this other than to do this hacky fix to avoid net/http#ServeMux's URL cleaning. * test(double_slash): add sourceware case Signed-off-by: Xe Iaso * test(lib): fix tests for double slash fix Signed-off-by: Xe Iaso --------- Signed-off-by: Xe Iaso Signed-off-by: Xe Iaso --- .github/workflows/smoke-tests.yml | 1 + docs/docs/CHANGELOG.md | 1 + lib/anubis_test.go | 21 +++- lib/config.go | 2 +- lib/http.go | 7 +- test/cmd/httpdebug/main.go | 25 +++++ test/double_slash/anubis.yaml | 8 ++ test/double_slash/input.txt | 178 ++++++++++++++++++++++++++++++ test/double_slash/test.mjs | 45 ++++++++ test/double_slash/test.sh | 23 ++++ test/double_slash/var/.gitignore | 2 + 11 files changed, 307 insertions(+), 6 deletions(-) create mode 100644 test/cmd/httpdebug/main.go create mode 100644 test/double_slash/anubis.yaml create mode 100644 test/double_slash/input.txt create mode 100644 test/double_slash/test.mjs create mode 100755 test/double_slash/test.sh create mode 100644 test/double_slash/var/.gitignore diff --git a/.github/workflows/smoke-tests.yml b/.github/workflows/smoke-tests.yml index ccebcd64..ef1a834c 100644 --- a/.github/workflows/smoke-tests.yml +++ b/.github/workflows/smoke-tests.yml @@ -14,6 +14,7 @@ jobs: strategy: matrix: test: + - double_slash - forced-language - git-clone - git-push diff --git a/docs/docs/CHANGELOG.md b/docs/docs/CHANGELOG.md index 2b2fb21e..f5f54d18 100644 --- a/docs/docs/CHANGELOG.md +++ b/docs/docs/CHANGELOG.md @@ -29,6 +29,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 - Fixes concurrency problems with very old browsers ([#1082](https://github.com/TecharoHQ/anubis/issues/1082)). - Randomly use the Refresh header instead of the meta refresh tag in the metarefresh challenge. - Update OpenRC service to truncate the runtime directory before starting Anubis. +- Allow multiple consecutive slashes in a row in application paths ([#754](https://github.com/TecharoHQ/anubis/issues/754)). - Add option to set `targetSNI` to special keyword 'auto' to indicate that it should be automatically set to the request Host name ([424](https://github.com/TecharoHQ/anubis/issues/424)). ### Bug Fixes diff --git a/lib/anubis_test.go b/lib/anubis_test.go index 133c56d0..1a0b2d97 100644 --- a/lib/anubis_test.go +++ b/lib/anubis_test.go @@ -457,7 +457,7 @@ func TestBasePrefix(t *testing.T) { }{ { name: "no prefix", - basePrefix: "/", + basePrefix: "", path: "/.within.website/x/cmd/anubis/api/make-challenge", expected: "/.within.website/x/cmd/anubis/api/make-challenge", }, @@ -499,9 +499,15 @@ func TestBasePrefix(t *testing.T) { } q := req.URL.Query() - q.Set("redir", tc.basePrefix) + redir := tc.basePrefix + if tc.basePrefix == "" { + redir = "/" + } + q.Set("redir", redir) req.URL.RawQuery = q.Encode() + t.Log(req.URL.String()) + // Test API endpoint with prefix resp, err := cli.Do(req) if err != nil { @@ -513,8 +519,15 @@ func TestBasePrefix(t *testing.T) { t.Errorf("expected status code %d, got: %d", http.StatusOK, resp.StatusCode) } + data, err := io.ReadAll(resp.Body) + if err != nil { + t.Fatalf("can't read body: %v", err) + } + + t.Log(string(data)) + var chall challengeResp - if err := json.NewDecoder(resp.Body).Decode(&chall); err != nil { + if err := json.NewDecoder(bytes.NewBuffer(data)).Decode(&chall); err != nil { t.Fatalf("can't read challenge response body: %v", err) } @@ -535,7 +548,7 @@ func TestBasePrefix(t *testing.T) { nonce++ } elapsedTime := 420 - redir := "/" + redir = "/" cli.CheckRedirect = func(req *http.Request, via []*http.Request) error { return http.ErrUseLastResponse diff --git a/lib/config.go b/lib/config.go index 7ab312d1..3c220dc5 100644 --- a/lib/config.go +++ b/lib/config.go @@ -107,7 +107,7 @@ func New(opts Options) (*Server, error) { opts.ED25519PrivateKey = priv } - anubis.BasePrefix = opts.BasePrefix + anubis.BasePrefix = strings.TrimRight(opts.BasePrefix, "/") anubis.PublicUrl = opts.PublicUrl result := &Server{ diff --git a/lib/http.go b/lib/http.go index 1332035a..dcefdb01 100644 --- a/lib/http.go +++ b/lib/http.go @@ -279,7 +279,12 @@ func (s *Server) respondWithStatus(w http.ResponseWriter, r *http.Request, msg s } func (s *Server) ServeHTTP(w http.ResponseWriter, r *http.Request) { - s.mux.ServeHTTP(w, r) + if strings.HasPrefix(r.URL.Path, anubis.BasePrefix+anubis.StaticPath) { + s.mux.ServeHTTP(w, r) + return + } + + s.maybeReverseProxyOrPage(w, r) } func (s *Server) stripBasePrefixFromRequest(r *http.Request) *http.Request { diff --git a/test/cmd/httpdebug/main.go b/test/cmd/httpdebug/main.go new file mode 100644 index 00000000..74779b7b --- /dev/null +++ b/test/cmd/httpdebug/main.go @@ -0,0 +1,25 @@ +package main + +import ( + "flag" + "fmt" + "log" + "log/slog" + "net/http" +) + +var ( + bind = flag.String("bind", ":3923", "TCP port to bind to") +) + +func main() { + flag.Parse() + + slog.Info("listening", "url", "http://localhost"+*bind) + log.Fatal(http.ListenAndServe(*bind, http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + slog.Info("got request", "method", r.Method, "path", r.RequestURI) + + fmt.Fprintln(w, r.Method, r.RequestURI) + r.Header.Write(w) + }))) +} diff --git a/test/double_slash/anubis.yaml b/test/double_slash/anubis.yaml new file mode 100644 index 00000000..9880a86c --- /dev/null +++ b/test/double_slash/anubis.yaml @@ -0,0 +1,8 @@ +bots: + - name: challenge + user_agent_regex: CHALLENGE + action: CHALLENGE + +status_codes: + CHALLENGE: 200 + DENY: 403 diff --git a/test/double_slash/input.txt b/test/double_slash/input.txt new file mode 100644 index 00000000..639f5842 --- /dev/null +++ b/test/double_slash/input.txt @@ -0,0 +1,178 @@ +/wiki//bin +/wiki//boot +/wiki//dev +/wiki//dev/de +/wiki//dev/en +/wiki//dev/en-ca +/wiki//dev/es +/wiki//dev/fr +/wiki//dev/hr +/wiki//dev/hu +/wiki//dev/it +/wiki//dev/ja +/wiki//dev/ko +/wiki//dev/pl +/wiki//dev/pt-br +/wiki//dev/ro +/wiki//dev/ru +/wiki//dev/sv +/wiki//dev/uk +/wiki//dev/zh-cn +/wiki//etc +/wiki//etc/conf.d +/wiki//etc/env.d +/wiki//etc/fstab +/wiki//etc/fstab/de +/wiki//etc/fstab/en +/wiki//etc/fstab/es +/wiki//etc/fstab/fr +/wiki//etc/fstab/hu +/wiki//etc/fstab/it +/wiki//etc/fstab/ja +/wiki//etc/fstab/ko +/wiki//etc/fstab/ru +/wiki//etc/fstab/sv +/wiki//etc/fstab/uk +/wiki//etc/fstab/zh-cn +/wiki//etc/hosts +/wiki//etc/local.d +/wiki//etc/make.conf +/wiki//etc/portage +/wiki//etc/portage/bashrc +/wiki//etc/portage/Bashrc +/wiki//etc/portage/binrepos.conf +/wiki//etc/portage/binrepos.conf/en +/wiki//etc/portage/binrepos.conf/hu +/wiki//etc/portage/binrepos.conf/ja +/wiki//etc/portage/binrepos.conf/ru +/wiki//etc/portage/categories +/wiki//etc/portage/color.map +/wiki//etc/portage/env +/wiki//etc/portage/img/ico.png +/wiki//etc/portage/license_groups +/wiki//etc/portage/make.conf +/wiki//etc/portage/make.conf/de +/wiki//etc/portage/make.conf/de/etc/portage/make.conf +/wiki//etc/portage/make.conf/en +/wiki//etc/portage/make.conf/es +/wiki//etc/portage/make.conf/fr +/wiki//etc/portage/make.conf/hu +/wiki//etc/portage/make.conf/it +/wiki//etc/portage/make.conf/it/var/db/repos/gentoo/licenses +/wiki//etc/portage/make.conf/ja +/wiki//etc/portage/make.conf/pl +/wiki//etc/portage/make.conf/ru +/wiki//etc/portage/make.conf/uk +/wiki//etc/portage/make.conf/zh-cn +/wiki//etc/portage/make.profile +/wiki//etc/portage/mirrors +/wiki//etc/portage/modules +/wiki//etc/portage/package.accept_keywords +/wiki//etc/portage/package.env +/wiki//etc/portage/package.license +/wiki//etc/portage/package.license/en +/wiki//etc/portage/package.license/es +/wiki//etc/portage/package.license/hu +/wiki//etc/portage/package.license/ja +/wiki//etc/portage/package.mask +/wiki//etc/portage/package.mask/en +/wiki//etc/portage/package.mask/hu +/wiki//etc/portage/package.mask/ja +/wiki//etc/portage/package.properties +/wiki//etc/portage/package.unmask +/wiki//etc/portage/package.use +/wiki//etc/portage/package.use/de +/wiki//etc/portage/package.use/en +/wiki//etc/portage/package.use/es +/wiki//etc/portage/package.use/fr +/wiki//etc/portage/package.use/hu +/wiki//etc/portage/package.use/it +/wiki//etc/portage/package.use/ja +/wiki//etc/portage/package.use/ru +/wiki//etc/portage/package.use/uk +/wiki//etc/portage/package.use/zh-cn +/wiki//etc/portage/patches +/wiki//etc/portage/profile/make.defaults +/wiki//etc/portage/profile/package.provided +/wiki//etc/portage/profile/package.provided/etc/portage/profile/package.provided +/wiki//etc/portage/profile/package.provided/etc/portage/profiles/package.provided +/wiki//etc/portage/profile/package.use.mask +/wiki//etc/portage/profiles/package.provided +/wiki//etc/portage/profiles/package.use.mask +/wiki//etc/portage/profiles/package.use.mask/etc/portage/profile/package.use.mask +/wiki//etc/portage/profiles/package.use.mask/etc/portage/profiles/package.use.mask +/wiki//etc/portage/profiles/use.mask +/wiki//etc/portage/profile/use.mask +/wiki//etc/portage/repos.conf +/wiki//etc/portage/repos.conf/brother-overlay.conf +/wiki//etc/portage/repos.conf/de +/wiki//etc/portage/repos.conf/en +/wiki//etc/portage/repos.conf/es +/wiki//etc/portage/repos.conf/etc/portage/repos.conf/gentoo.conf +/wiki//etc/portage/repos.conf/fr +/wiki//etc/portage/repos.conf/fr/etc/portage/repos.conf/gentoo.conf +/wiki//etc/portage/repos.conf/gentoo.conf +/wiki//etc/portage/repos.conf/gentoo.conf/etc/portage/repos.conf/gentoo.conf +/wiki//etc/portage/repos.conf/hr +/wiki//etc/portage/repos.conf/hu +/wiki//etc/portage/repos.conf/it +/wiki//etc/portage/repos.conf/ja +/wiki//etc/portage/repos.conf/ko +/wiki//etc/portage/repos.conf/pl +/wiki//etc/portage/repos.conf/pt-br +/wiki//etc/portage/repos.conf/ru +/wiki//etc/portage/repos.conf/uk +/wiki//etc/portage/repos.conf/zh-cn +/wiki//etc/portage/savedconfig +/wiki//etc/portage/sets +/wiki//etc/profile +/wiki//etc/profile.env +/wiki//etc/sandbox.conf +/wiki//home +/wiki//lib +/wiki//lib64 +/wiki//media +/wiki//mnt +/wiki//opt +/wiki//proc +/wiki//proc/config.gz +/wiki//run +/wiki//sbin +/wiki//srv +/wiki//sys +/wiki//tmp +/wiki//usr +/wiki//usr/bin +/wiki//usr_move +/wiki//usr/portage +/wiki//usr/portage/distfiles +/wiki//usr/portage/licenses +/wiki//usr/portage/metadata +/wiki//usr/portage/metadata/md5-cache +/wiki//usr/portage/metadata/md5-cache/usr/portage/metadata/md5-cache +/wiki//usr/portage/metadata/md5-cache/var/db/repos/gentoo//metadata/md5-cache +/wiki//usr/portage/packages +/wiki//usr/portage/profiles +/wiki//usr/portage/profiles/license_groups +/wiki//usr/portage/profiles/license_groups/usr/portage/profiles/license_groups +/wiki//usr/portage/profiles/license_groups/var/db/repos/gentoo//profiles/license_groups +/wiki//usr/share/doc/ +/wiki//var/cache/binpkgs +/wiki//var/cache/distfiles +/wiki//var/db/pkg +/wiki//var/db/pkg%22 +/wiki//var/db/repos/gentoo +/wiki//var/db/repos/gentoo/licenses +/wiki//var/db/repos/gentoo/licenses/var/db/repos/gentoo//licenses +/wiki//var/db/repos/gentoo/licenses/var/db/repos/gentoo/licenses +/wiki//var/db/repos/gentoo/metadata +/wiki//var/db/repos/gentoo/metadata/md5-cache +/wiki//var/db/repos/gentoo/metadata/var/db/repos/gentoo//metadata +/wiki//var/db/repos/gentoo/metadata/var/db/repos/gentoo/metadata +/wiki//var/db/repos/gentoo/profiles +/wiki//var/db/repos/gentoo/profiles/license_groups +/wiki//var/db/repos/gentoo/profiles/package.mask +/wiki//var/lib/portage +/wiki//var/lib/portage/world +/wiki//var/run +/gcc-bugs/bug-122002-4@http.gcc.gnu.org%2Fbugzilla%2F/T/ \ No newline at end of file diff --git a/test/double_slash/test.mjs b/test/double_slash/test.mjs new file mode 100644 index 00000000..7ae9c5a8 --- /dev/null +++ b/test/double_slash/test.mjs @@ -0,0 +1,45 @@ +import { createReadStream } from "fs"; +import { createInterface } from "readline"; + +async function getPage(path) { + return fetch(`http://localhost:8923${path}`) + .then(resp => { + if (resp.status !== 200) { + throw new Error(`wanted status 200, got status: ${resp.status}`); + } + return resp; + }) + .then(resp => resp.text()); +} + +(async () => { + const fin = createReadStream("input.txt"); + const rl = createInterface({ + input: fin, + crlfDelay: Infinity, + }); + + const resultSheet = {}; + + let failed = false; + + for await (const line of rl) { + console.log(line); + + const resp = await getPage(line); + resultSheet[line] = { + match: resp.includes(`GET ${line}`), + line: resp.split("\n")[0], + }; + } + + for (let [k, v] of Object.entries(resultSheet)) { + if (!v.match) { + failed = true; + } + + console.debug({ path: k, results: v }); + } + + process.exit(failed ? 1 : 0); +})(); \ No newline at end of file diff --git a/test/double_slash/test.sh b/test/double_slash/test.sh new file mode 100755 index 00000000..69e7f665 --- /dev/null +++ b/test/double_slash/test.sh @@ -0,0 +1,23 @@ +#!/usr/bin/env bash + +set -euo pipefail + +function cleanup() { + pkill -P $$ +} + +trap cleanup EXIT SIGINT + +# Build static assets +(cd ../.. && npm ci && npm run assets) + +go tool anubis --help 2>/dev/null || : + +go run ../cmd/httpdebug & + +go tool anubis \ + --policy-fname ./anubis.yaml \ + --use-remote-address \ + --target=http://localhost:3923 & + +backoff-retry node ./test.mjs diff --git a/test/double_slash/var/.gitignore b/test/double_slash/var/.gitignore new file mode 100644 index 00000000..c96a04f0 --- /dev/null +++ b/test/double_slash/var/.gitignore @@ -0,0 +1,2 @@ +* +!.gitignore \ No newline at end of file From 5731477e0af7d2c45581cf69e0499e1f4b36a13b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 27 Sep 2025 13:46:12 -0400 Subject: [PATCH 5/8] build(deps-dev): bump esbuild from 0.25.9 to 0.25.10 in the npm group (#1147) Bumps the npm group with 1 update: [esbuild](https://github.com/evanw/esbuild). Updates `esbuild` from 0.25.9 to 0.25.10 - [Release notes](https://github.com/evanw/esbuild/releases) - [Changelog](https://github.com/evanw/esbuild/blob/main/CHANGELOG.md) - [Commits](https://github.com/evanw/esbuild/compare/v0.25.9...v0.25.10) --- updated-dependencies: - dependency-name: esbuild dependency-version: 0.25.10 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: npm ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- package-lock.json | 216 +++++++++++++++++++++++----------------------- package.json | 2 +- 2 files changed, 109 insertions(+), 109 deletions(-) diff --git a/package-lock.json b/package-lock.json index 5c241a9b..c1398271 100644 --- a/package-lock.json +++ b/package-lock.json @@ -15,7 +15,7 @@ "devDependencies": { "cssnano": "^7.1.1", "cssnano-preset-advanced": "^7.0.9", - "esbuild": "^0.25.9", + "esbuild": "^0.25.10", "playwright": "^1.52.0", "postcss-cli": "^11.0.1", "postcss-import": "^16.1.1", @@ -62,9 +62,9 @@ } }, "node_modules/@esbuild/aix-ppc64": { - "version": "0.25.9", - "resolved": "https://registry.npmjs.org/@esbuild/aix-ppc64/-/aix-ppc64-0.25.9.tgz", - "integrity": "sha512-OaGtL73Jck6pBKjNIe24BnFE6agGl+6KxDtTfHhy1HmhthfKouEcOhqpSL64K4/0WCtbKFLOdzD/44cJ4k9opA==", + "version": "0.25.10", + "resolved": "https://registry.npmjs.org/@esbuild/aix-ppc64/-/aix-ppc64-0.25.10.tgz", + "integrity": "sha512-0NFWnA+7l41irNuaSVlLfgNT12caWJVLzp5eAVhZ0z1qpxbockccEt3s+149rE64VUI3Ml2zt8Nv5JVc4QXTsw==", "cpu": [ "ppc64" ], @@ -79,9 +79,9 @@ } }, "node_modules/@esbuild/android-arm": { - "version": "0.25.9", - "resolved": "https://registry.npmjs.org/@esbuild/android-arm/-/android-arm-0.25.9.tgz", - "integrity": "sha512-5WNI1DaMtxQ7t7B6xa572XMXpHAaI/9Hnhk8lcxF4zVN4xstUgTlvuGDorBguKEnZO70qwEcLpfifMLoxiPqHQ==", + "version": "0.25.10", + "resolved": "https://registry.npmjs.org/@esbuild/android-arm/-/android-arm-0.25.10.tgz", + "integrity": "sha512-dQAxF1dW1C3zpeCDc5KqIYuZ1tgAdRXNoZP7vkBIRtKZPYe2xVr/d3SkirklCHudW1B45tGiUlz2pUWDfbDD4w==", "cpu": [ "arm" ], @@ -96,9 +96,9 @@ } }, "node_modules/@esbuild/android-arm64": { - "version": "0.25.9", - "resolved": "https://registry.npmjs.org/@esbuild/android-arm64/-/android-arm64-0.25.9.tgz", - "integrity": "sha512-IDrddSmpSv51ftWslJMvl3Q2ZT98fUSL2/rlUXuVqRXHCs5EUF1/f+jbjF5+NG9UffUDMCiTyh8iec7u8RlTLg==", + "version": "0.25.10", + "resolved": "https://registry.npmjs.org/@esbuild/android-arm64/-/android-arm64-0.25.10.tgz", + "integrity": "sha512-LSQa7eDahypv/VO6WKohZGPSJDq5OVOo3UoFR1E4t4Gj1W7zEQMUhI+lo81H+DtB+kP+tDgBp+M4oNCwp6kffg==", "cpu": [ "arm64" ], @@ -113,9 +113,9 @@ } }, "node_modules/@esbuild/android-x64": { - "version": "0.25.9", - "resolved": "https://registry.npmjs.org/@esbuild/android-x64/-/android-x64-0.25.9.tgz", - "integrity": "sha512-I853iMZ1hWZdNllhVZKm34f4wErd4lMyeV7BLzEExGEIZYsOzqDWDf+y082izYUE8gtJnYHdeDpN/6tUdwvfiw==", + "version": "0.25.10", + "resolved": "https://registry.npmjs.org/@esbuild/android-x64/-/android-x64-0.25.10.tgz", + "integrity": "sha512-MiC9CWdPrfhibcXwr39p9ha1x0lZJ9KaVfvzA0Wxwz9ETX4v5CHfF09bx935nHlhi+MxhA63dKRRQLiVgSUtEg==", "cpu": [ "x64" ], @@ -130,9 +130,9 @@ } }, "node_modules/@esbuild/darwin-arm64": { - "version": "0.25.9", - "resolved": "https://registry.npmjs.org/@esbuild/darwin-arm64/-/darwin-arm64-0.25.9.tgz", - "integrity": "sha512-XIpIDMAjOELi/9PB30vEbVMs3GV1v2zkkPnuyRRURbhqjyzIINwj+nbQATh4H9GxUgH1kFsEyQMxwiLFKUS6Rg==", + "version": "0.25.10", + "resolved": "https://registry.npmjs.org/@esbuild/darwin-arm64/-/darwin-arm64-0.25.10.tgz", + "integrity": "sha512-JC74bdXcQEpW9KkV326WpZZjLguSZ3DfS8wrrvPMHgQOIEIG/sPXEN/V8IssoJhbefLRcRqw6RQH2NnpdprtMA==", "cpu": [ "arm64" ], @@ -147,9 +147,9 @@ } }, "node_modules/@esbuild/darwin-x64": { - "version": "0.25.9", - "resolved": "https://registry.npmjs.org/@esbuild/darwin-x64/-/darwin-x64-0.25.9.tgz", - "integrity": "sha512-jhHfBzjYTA1IQu8VyrjCX4ApJDnH+ez+IYVEoJHeqJm9VhG9Dh2BYaJritkYK3vMaXrf7Ogr/0MQ8/MeIefsPQ==", + "version": "0.25.10", + "resolved": "https://registry.npmjs.org/@esbuild/darwin-x64/-/darwin-x64-0.25.10.tgz", + "integrity": "sha512-tguWg1olF6DGqzws97pKZ8G2L7Ig1vjDmGTwcTuYHbuU6TTjJe5FXbgs5C1BBzHbJ2bo1m3WkQDbWO2PvamRcg==", "cpu": [ "x64" ], @@ -164,9 +164,9 @@ } }, "node_modules/@esbuild/freebsd-arm64": { - "version": "0.25.9", - "resolved": "https://registry.npmjs.org/@esbuild/freebsd-arm64/-/freebsd-arm64-0.25.9.tgz", - "integrity": "sha512-z93DmbnY6fX9+KdD4Ue/H6sYs+bhFQJNCPZsi4XWJoYblUqT06MQUdBCpcSfuiN72AbqeBFu5LVQTjfXDE2A6Q==", + "version": "0.25.10", + "resolved": "https://registry.npmjs.org/@esbuild/freebsd-arm64/-/freebsd-arm64-0.25.10.tgz", + "integrity": "sha512-3ZioSQSg1HT2N05YxeJWYR+Libe3bREVSdWhEEgExWaDtyFbbXWb49QgPvFH8u03vUPX10JhJPcz7s9t9+boWg==", "cpu": [ "arm64" ], @@ -181,9 +181,9 @@ } }, "node_modules/@esbuild/freebsd-x64": { - "version": "0.25.9", - "resolved": "https://registry.npmjs.org/@esbuild/freebsd-x64/-/freebsd-x64-0.25.9.tgz", - "integrity": "sha512-mrKX6H/vOyo5v71YfXWJxLVxgy1kyt1MQaD8wZJgJfG4gq4DpQGpgTB74e5yBeQdyMTbgxp0YtNj7NuHN0PoZg==", + "version": "0.25.10", + "resolved": "https://registry.npmjs.org/@esbuild/freebsd-x64/-/freebsd-x64-0.25.10.tgz", + "integrity": "sha512-LLgJfHJk014Aa4anGDbh8bmI5Lk+QidDmGzuC2D+vP7mv/GeSN+H39zOf7pN5N8p059FcOfs2bVlrRr4SK9WxA==", "cpu": [ "x64" ], @@ -198,9 +198,9 @@ } }, "node_modules/@esbuild/linux-arm": { - "version": "0.25.9", - "resolved": "https://registry.npmjs.org/@esbuild/linux-arm/-/linux-arm-0.25.9.tgz", - "integrity": "sha512-HBU2Xv78SMgaydBmdor38lg8YDnFKSARg1Q6AT0/y2ezUAKiZvc211RDFHlEZRFNRVhcMamiToo7bDx3VEOYQw==", + "version": "0.25.10", + "resolved": "https://registry.npmjs.org/@esbuild/linux-arm/-/linux-arm-0.25.10.tgz", + "integrity": "sha512-oR31GtBTFYCqEBALI9r6WxoU/ZofZl962pouZRTEYECvNF/dtXKku8YXcJkhgK/beU+zedXfIzHijSRapJY3vg==", "cpu": [ "arm" ], @@ -215,9 +215,9 @@ } }, "node_modules/@esbuild/linux-arm64": { - "version": "0.25.9", - "resolved": "https://registry.npmjs.org/@esbuild/linux-arm64/-/linux-arm64-0.25.9.tgz", - "integrity": "sha512-BlB7bIcLT3G26urh5Dmse7fiLmLXnRlopw4s8DalgZ8ef79Jj4aUcYbk90g8iCa2467HX8SAIidbL7gsqXHdRw==", + "version": "0.25.10", + "resolved": "https://registry.npmjs.org/@esbuild/linux-arm64/-/linux-arm64-0.25.10.tgz", + "integrity": "sha512-5luJWN6YKBsawd5f9i4+c+geYiVEw20FVW5x0v1kEMWNq8UctFjDiMATBxLvmmHA4bf7F6hTRaJgtghFr9iziQ==", "cpu": [ "arm64" ], @@ -232,9 +232,9 @@ } }, "node_modules/@esbuild/linux-ia32": { - "version": "0.25.9", - "resolved": "https://registry.npmjs.org/@esbuild/linux-ia32/-/linux-ia32-0.25.9.tgz", - "integrity": "sha512-e7S3MOJPZGp2QW6AK6+Ly81rC7oOSerQ+P8L0ta4FhVi+/j/v2yZzx5CqqDaWjtPFfYz21Vi1S0auHrap3Ma3A==", + "version": "0.25.10", + "resolved": "https://registry.npmjs.org/@esbuild/linux-ia32/-/linux-ia32-0.25.10.tgz", + "integrity": "sha512-NrSCx2Kim3EnnWgS4Txn0QGt0Xipoumb6z6sUtl5bOEZIVKhzfyp/Lyw4C1DIYvzeW/5mWYPBFJU3a/8Yr75DQ==", "cpu": [ "ia32" ], @@ -249,9 +249,9 @@ } }, "node_modules/@esbuild/linux-loong64": { - "version": "0.25.9", - "resolved": "https://registry.npmjs.org/@esbuild/linux-loong64/-/linux-loong64-0.25.9.tgz", - "integrity": "sha512-Sbe10Bnn0oUAB2AalYztvGcK+o6YFFA/9829PhOCUS9vkJElXGdphz0A3DbMdP8gmKkqPmPcMJmJOrI3VYB1JQ==", + "version": "0.25.10", + "resolved": "https://registry.npmjs.org/@esbuild/linux-loong64/-/linux-loong64-0.25.10.tgz", + "integrity": "sha512-xoSphrd4AZda8+rUDDfD9J6FUMjrkTz8itpTITM4/xgerAZZcFW7Dv+sun7333IfKxGG8gAq+3NbfEMJfiY+Eg==", "cpu": [ "loong64" ], @@ -266,9 +266,9 @@ } }, "node_modules/@esbuild/linux-mips64el": { - "version": "0.25.9", - "resolved": "https://registry.npmjs.org/@esbuild/linux-mips64el/-/linux-mips64el-0.25.9.tgz", - "integrity": "sha512-YcM5br0mVyZw2jcQeLIkhWtKPeVfAerES5PvOzaDxVtIyZ2NUBZKNLjC5z3/fUlDgT6w89VsxP2qzNipOaaDyA==", + "version": "0.25.10", + "resolved": "https://registry.npmjs.org/@esbuild/linux-mips64el/-/linux-mips64el-0.25.10.tgz", + "integrity": "sha512-ab6eiuCwoMmYDyTnyptoKkVS3k8fy/1Uvq7Dj5czXI6DF2GqD2ToInBI0SHOp5/X1BdZ26RKc5+qjQNGRBelRA==", "cpu": [ "mips64el" ], @@ -283,9 +283,9 @@ } }, "node_modules/@esbuild/linux-ppc64": { - "version": "0.25.9", - "resolved": "https://registry.npmjs.org/@esbuild/linux-ppc64/-/linux-ppc64-0.25.9.tgz", - "integrity": "sha512-++0HQvasdo20JytyDpFvQtNrEsAgNG2CY1CLMwGXfFTKGBGQT3bOeLSYE2l1fYdvML5KUuwn9Z8L1EWe2tzs1w==", + "version": "0.25.10", + "resolved": "https://registry.npmjs.org/@esbuild/linux-ppc64/-/linux-ppc64-0.25.10.tgz", + "integrity": "sha512-NLinzzOgZQsGpsTkEbdJTCanwA5/wozN9dSgEl12haXJBzMTpssebuXR42bthOF3z7zXFWH1AmvWunUCkBE4EA==", "cpu": [ "ppc64" ], @@ -300,9 +300,9 @@ } }, "node_modules/@esbuild/linux-riscv64": { - "version": "0.25.9", - "resolved": "https://registry.npmjs.org/@esbuild/linux-riscv64/-/linux-riscv64-0.25.9.tgz", - "integrity": "sha512-uNIBa279Y3fkjV+2cUjx36xkx7eSjb8IvnL01eXUKXez/CBHNRw5ekCGMPM0BcmqBxBcdgUWuUXmVWwm4CH9kg==", + "version": "0.25.10", + "resolved": "https://registry.npmjs.org/@esbuild/linux-riscv64/-/linux-riscv64-0.25.10.tgz", + "integrity": "sha512-FE557XdZDrtX8NMIeA8LBJX3dC2M8VGXwfrQWU7LB5SLOajfJIxmSdyL/gU1m64Zs9CBKvm4UAuBp5aJ8OgnrA==", "cpu": [ "riscv64" ], @@ -317,9 +317,9 @@ } }, "node_modules/@esbuild/linux-s390x": { - "version": "0.25.9", - "resolved": "https://registry.npmjs.org/@esbuild/linux-s390x/-/linux-s390x-0.25.9.tgz", - "integrity": "sha512-Mfiphvp3MjC/lctb+7D287Xw1DGzqJPb/J2aHHcHxflUo+8tmN/6d4k6I2yFR7BVo5/g7x2Monq4+Yew0EHRIA==", + "version": "0.25.10", + "resolved": "https://registry.npmjs.org/@esbuild/linux-s390x/-/linux-s390x-0.25.10.tgz", + "integrity": "sha512-3BBSbgzuB9ajLoVZk0mGu+EHlBwkusRmeNYdqmznmMc9zGASFjSsxgkNsqmXugpPk00gJ0JNKh/97nxmjctdew==", "cpu": [ "s390x" ], @@ -334,9 +334,9 @@ } }, "node_modules/@esbuild/linux-x64": { - "version": "0.25.9", - "resolved": "https://registry.npmjs.org/@esbuild/linux-x64/-/linux-x64-0.25.9.tgz", - "integrity": "sha512-iSwByxzRe48YVkmpbgoxVzn76BXjlYFXC7NvLYq+b+kDjyyk30J0JY47DIn8z1MO3K0oSl9fZoRmZPQI4Hklzg==", + "version": "0.25.10", + "resolved": "https://registry.npmjs.org/@esbuild/linux-x64/-/linux-x64-0.25.10.tgz", + "integrity": "sha512-QSX81KhFoZGwenVyPoberggdW1nrQZSvfVDAIUXr3WqLRZGZqWk/P4T8p2SP+de2Sr5HPcvjhcJzEiulKgnxtA==", "cpu": [ "x64" ], @@ -351,9 +351,9 @@ } }, "node_modules/@esbuild/netbsd-arm64": { - "version": "0.25.9", - "resolved": "https://registry.npmjs.org/@esbuild/netbsd-arm64/-/netbsd-arm64-0.25.9.tgz", - "integrity": "sha512-9jNJl6FqaUG+COdQMjSCGW4QiMHH88xWbvZ+kRVblZsWrkXlABuGdFJ1E9L7HK+T0Yqd4akKNa/lO0+jDxQD4Q==", + "version": "0.25.10", + "resolved": "https://registry.npmjs.org/@esbuild/netbsd-arm64/-/netbsd-arm64-0.25.10.tgz", + "integrity": "sha512-AKQM3gfYfSW8XRk8DdMCzaLUFB15dTrZfnX8WXQoOUpUBQ+NaAFCP1kPS/ykbbGYz7rxn0WS48/81l9hFl3u4A==", "cpu": [ "arm64" ], @@ -368,9 +368,9 @@ } }, "node_modules/@esbuild/netbsd-x64": { - "version": "0.25.9", - "resolved": "https://registry.npmjs.org/@esbuild/netbsd-x64/-/netbsd-x64-0.25.9.tgz", - "integrity": "sha512-RLLdkflmqRG8KanPGOU7Rpg829ZHu8nFy5Pqdi9U01VYtG9Y0zOG6Vr2z4/S+/3zIyOxiK6cCeYNWOFR9QP87g==", + "version": "0.25.10", + "resolved": "https://registry.npmjs.org/@esbuild/netbsd-x64/-/netbsd-x64-0.25.10.tgz", + "integrity": "sha512-7RTytDPGU6fek/hWuN9qQpeGPBZFfB4zZgcz2VK2Z5VpdUxEI8JKYsg3JfO0n/Z1E/6l05n0unDCNc4HnhQGig==", "cpu": [ "x64" ], @@ -385,9 +385,9 @@ } }, "node_modules/@esbuild/openbsd-arm64": { - "version": "0.25.9", - "resolved": "https://registry.npmjs.org/@esbuild/openbsd-arm64/-/openbsd-arm64-0.25.9.tgz", - "integrity": "sha512-YaFBlPGeDasft5IIM+CQAhJAqS3St3nJzDEgsgFixcfZeyGPCd6eJBWzke5piZuZ7CtL656eOSYKk4Ls2C0FRQ==", + "version": "0.25.10", + "resolved": "https://registry.npmjs.org/@esbuild/openbsd-arm64/-/openbsd-arm64-0.25.10.tgz", + "integrity": "sha512-5Se0VM9Wtq797YFn+dLimf2Zx6McttsH2olUBsDml+lm0GOCRVebRWUvDtkY4BWYv/3NgzS8b/UM3jQNh5hYyw==", "cpu": [ "arm64" ], @@ -402,9 +402,9 @@ } }, "node_modules/@esbuild/openbsd-x64": { - "version": "0.25.9", - "resolved": "https://registry.npmjs.org/@esbuild/openbsd-x64/-/openbsd-x64-0.25.9.tgz", - "integrity": "sha512-1MkgTCuvMGWuqVtAvkpkXFmtL8XhWy+j4jaSO2wxfJtilVCi0ZE37b8uOdMItIHz4I6z1bWWtEX4CJwcKYLcuA==", + "version": "0.25.10", + "resolved": "https://registry.npmjs.org/@esbuild/openbsd-x64/-/openbsd-x64-0.25.10.tgz", + "integrity": "sha512-XkA4frq1TLj4bEMB+2HnI0+4RnjbuGZfet2gs/LNs5Hc7D89ZQBHQ0gL2ND6Lzu1+QVkjp3x1gIcPKzRNP8bXw==", "cpu": [ "x64" ], @@ -419,9 +419,9 @@ } }, "node_modules/@esbuild/openharmony-arm64": { - "version": "0.25.9", - "resolved": "https://registry.npmjs.org/@esbuild/openharmony-arm64/-/openharmony-arm64-0.25.9.tgz", - "integrity": "sha512-4Xd0xNiMVXKh6Fa7HEJQbrpP3m3DDn43jKxMjxLLRjWnRsfxjORYJlXPO4JNcXtOyfajXorRKY9NkOpTHptErg==", + "version": "0.25.10", + "resolved": "https://registry.npmjs.org/@esbuild/openharmony-arm64/-/openharmony-arm64-0.25.10.tgz", + "integrity": "sha512-AVTSBhTX8Y/Fz6OmIVBip9tJzZEUcY8WLh7I59+upa5/GPhh2/aM6bvOMQySspnCCHvFi79kMtdJS1w0DXAeag==", "cpu": [ "arm64" ], @@ -436,9 +436,9 @@ } }, "node_modules/@esbuild/sunos-x64": { - "version": "0.25.9", - "resolved": "https://registry.npmjs.org/@esbuild/sunos-x64/-/sunos-x64-0.25.9.tgz", - "integrity": "sha512-WjH4s6hzo00nNezhp3wFIAfmGZ8U7KtrJNlFMRKxiI9mxEK1scOMAaa9i4crUtu+tBr+0IN6JCuAcSBJZfnphw==", + "version": "0.25.10", + "resolved": "https://registry.npmjs.org/@esbuild/sunos-x64/-/sunos-x64-0.25.10.tgz", + "integrity": "sha512-fswk3XT0Uf2pGJmOpDB7yknqhVkJQkAQOcW/ccVOtfx05LkbWOaRAtn5SaqXypeKQra1QaEa841PgrSL9ubSPQ==", "cpu": [ "x64" ], @@ -453,9 +453,9 @@ } }, "node_modules/@esbuild/win32-arm64": { - "version": "0.25.9", - "resolved": "https://registry.npmjs.org/@esbuild/win32-arm64/-/win32-arm64-0.25.9.tgz", - "integrity": "sha512-mGFrVJHmZiRqmP8xFOc6b84/7xa5y5YvR1x8djzXpJBSv/UsNK6aqec+6JDjConTgvvQefdGhFDAs2DLAds6gQ==", + "version": "0.25.10", + "resolved": "https://registry.npmjs.org/@esbuild/win32-arm64/-/win32-arm64-0.25.10.tgz", + "integrity": "sha512-ah+9b59KDTSfpaCg6VdJoOQvKjI33nTaQr4UluQwW7aEwZQsbMCfTmfEO4VyewOxx4RaDT/xCy9ra2GPWmO7Kw==", "cpu": [ "arm64" ], @@ -470,9 +470,9 @@ } }, "node_modules/@esbuild/win32-ia32": { - "version": "0.25.9", - "resolved": "https://registry.npmjs.org/@esbuild/win32-ia32/-/win32-ia32-0.25.9.tgz", - "integrity": "sha512-b33gLVU2k11nVx1OhX3C8QQP6UHQK4ZtN56oFWvVXvz2VkDoe6fbG8TOgHFxEvqeqohmRnIHe5A1+HADk4OQww==", + "version": "0.25.10", + "resolved": "https://registry.npmjs.org/@esbuild/win32-ia32/-/win32-ia32-0.25.10.tgz", + "integrity": "sha512-QHPDbKkrGO8/cz9LKVnJU22HOi4pxZnZhhA2HYHez5Pz4JeffhDjf85E57Oyco163GnzNCVkZK0b/n4Y0UHcSw==", "cpu": [ "ia32" ], @@ -487,9 +487,9 @@ } }, "node_modules/@esbuild/win32-x64": { - "version": "0.25.9", - "resolved": "https://registry.npmjs.org/@esbuild/win32-x64/-/win32-x64-0.25.9.tgz", - "integrity": "sha512-PPOl1mi6lpLNQxnGoyAfschAodRFYXJ+9fs6WHXz7CSWKbOqiMZsubC+BQsVKuul+3vKLuwTHsS2c2y9EoKwxQ==", + "version": "0.25.10", + "resolved": "https://registry.npmjs.org/@esbuild/win32-x64/-/win32-x64-0.25.10.tgz", + "integrity": "sha512-9KpxSVFCu0iK1owoez6aC/s/EdUQLDN3adTxGCqxMVhrPDj6bt5dbrHDXUuq+Bs2vATFBBrQS5vdQ/Ed2P+nbw==", "cpu": [ "x64" ], @@ -1144,9 +1144,9 @@ } }, "node_modules/esbuild": { - "version": "0.25.9", - "resolved": "https://registry.npmjs.org/esbuild/-/esbuild-0.25.9.tgz", - "integrity": "sha512-CRbODhYyQx3qp7ZEwzxOk4JBqmD/seJrzPa/cGjY1VtIn5E09Oi9/dB4JwctnfZ8Q8iT7rioVv5k/FNT/uf54g==", + "version": "0.25.10", + "resolved": "https://registry.npmjs.org/esbuild/-/esbuild-0.25.10.tgz", + "integrity": "sha512-9RiGKvCwaqxO2owP61uQ4BgNborAQskMR6QusfWzQqv7AZOg5oGehdY2pRJMTKuwxd1IDBP4rSbI5lHzU7SMsQ==", "dev": true, "hasInstallScript": true, "license": "MIT", @@ -1157,32 +1157,32 @@ "node": ">=18" }, "optionalDependencies": { - "@esbuild/aix-ppc64": "0.25.9", - "@esbuild/android-arm": "0.25.9", - "@esbuild/android-arm64": "0.25.9", - "@esbuild/android-x64": "0.25.9", - "@esbuild/darwin-arm64": "0.25.9", - "@esbuild/darwin-x64": "0.25.9", - "@esbuild/freebsd-arm64": "0.25.9", - "@esbuild/freebsd-x64": "0.25.9", - "@esbuild/linux-arm": "0.25.9", - "@esbuild/linux-arm64": "0.25.9", - "@esbuild/linux-ia32": "0.25.9", - "@esbuild/linux-loong64": "0.25.9", - "@esbuild/linux-mips64el": "0.25.9", - "@esbuild/linux-ppc64": "0.25.9", - "@esbuild/linux-riscv64": "0.25.9", - "@esbuild/linux-s390x": "0.25.9", - "@esbuild/linux-x64": "0.25.9", - "@esbuild/netbsd-arm64": "0.25.9", - "@esbuild/netbsd-x64": "0.25.9", - "@esbuild/openbsd-arm64": "0.25.9", - "@esbuild/openbsd-x64": "0.25.9", - "@esbuild/openharmony-arm64": "0.25.9", - "@esbuild/sunos-x64": "0.25.9", - "@esbuild/win32-arm64": "0.25.9", - "@esbuild/win32-ia32": "0.25.9", - "@esbuild/win32-x64": "0.25.9" + "@esbuild/aix-ppc64": "0.25.10", + "@esbuild/android-arm": "0.25.10", + "@esbuild/android-arm64": "0.25.10", + "@esbuild/android-x64": "0.25.10", + "@esbuild/darwin-arm64": "0.25.10", + "@esbuild/darwin-x64": "0.25.10", + "@esbuild/freebsd-arm64": "0.25.10", + "@esbuild/freebsd-x64": "0.25.10", + "@esbuild/linux-arm": "0.25.10", + "@esbuild/linux-arm64": "0.25.10", + "@esbuild/linux-ia32": "0.25.10", + "@esbuild/linux-loong64": "0.25.10", + "@esbuild/linux-mips64el": "0.25.10", + "@esbuild/linux-ppc64": "0.25.10", + "@esbuild/linux-riscv64": "0.25.10", + "@esbuild/linux-s390x": "0.25.10", + "@esbuild/linux-x64": "0.25.10", + "@esbuild/netbsd-arm64": "0.25.10", + "@esbuild/netbsd-x64": "0.25.10", + "@esbuild/openbsd-arm64": "0.25.10", + "@esbuild/openbsd-x64": "0.25.10", + "@esbuild/openharmony-arm64": "0.25.10", + "@esbuild/sunos-x64": "0.25.10", + "@esbuild/win32-arm64": "0.25.10", + "@esbuild/win32-ia32": "0.25.10", + "@esbuild/win32-x64": "0.25.10" } }, "node_modules/escalade": { diff --git a/package.json b/package.json index f9ede0ca..6ed65072 100644 --- a/package.json +++ b/package.json @@ -20,7 +20,7 @@ "devDependencies": { "cssnano": "^7.1.1", "cssnano-preset-advanced": "^7.0.9", - "esbuild": "^0.25.9", + "esbuild": "^0.25.10", "playwright": "^1.52.0", "postcss-cli": "^11.0.1", "postcss-import": "^16.1.1", From ec90a8b87dae41fa31e372ddd83acdd66f05d714 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 27 Sep 2025 13:46:23 -0400 Subject: [PATCH 6/8] build(deps): bump github.com/ulikunitz/xz from 0.5.12 to 0.5.14 (#1132) Bumps [github.com/ulikunitz/xz](https://github.com/ulikunitz/xz) from 0.5.12 to 0.5.14. - [Commits](https://github.com/ulikunitz/xz/compare/v0.5.12...v0.5.14) --- updated-dependencies: - dependency-name: github.com/ulikunitz/xz dependency-version: 0.5.14 dependency-type: indirect ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 197042d6..95e32618 100644 --- a/go.mod +++ b/go.mod @@ -164,7 +164,7 @@ require ( github.com/suzuki-shunsuke/urfave-cli-help-all v0.0.4 // indirect github.com/tklauser/go-sysconf v0.3.15 // indirect github.com/tklauser/numcpus v0.10.0 // indirect - github.com/ulikunitz/xz v0.5.12 // indirect + github.com/ulikunitz/xz v0.5.14 // indirect github.com/urfave/cli/v2 v2.27.7 // indirect github.com/xanzy/ssh-agent v0.3.3 // indirect github.com/xrash/smetrics v0.0.0-20250705151800-55b8f293f342 // indirect diff --git a/go.sum b/go.sum index 3c789e2d..f0f78eb4 100644 --- a/go.sum +++ b/go.sum @@ -399,8 +399,8 @@ github.com/tklauser/go-sysconf v0.3.15 h1:VE89k0criAymJ/Os65CSn1IXaol+1wrsFHEB8O github.com/tklauser/go-sysconf v0.3.15/go.mod h1:Dmjwr6tYFIseJw7a3dRLJfsHAMXZ3nEnL/aZY+0IuI4= github.com/tklauser/numcpus v0.10.0 h1:18njr6LDBk1zuna922MgdjQuJFjrdppsZG60sHGfjso= github.com/tklauser/numcpus v0.10.0/go.mod h1:BiTKazU708GQTYF4mB+cmlpT2Is1gLk7XVuEeem8LsQ= -github.com/ulikunitz/xz v0.5.12 h1:37Nm15o69RwBkXM0J6A5OlE67RZTfzUxTj8fB3dfcsc= -github.com/ulikunitz/xz v0.5.12/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oWt/14= +github.com/ulikunitz/xz v0.5.14 h1:uv/0Bq533iFdnMHZdRBTOlaNMdb1+ZxXIlHDZHIHcvg= +github.com/ulikunitz/xz v0.5.14/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oWt/14= github.com/urfave/cli/v2 v2.27.7 h1:bH59vdhbjLv3LAvIu6gd0usJHgoTTPhCFib8qqOwXYU= github.com/urfave/cli/v2 v2.27.7/go.mod h1:CyNAG/xg+iAOg0N4MPGZqVmv2rCoP267496AOXUZjA4= github.com/xanzy/ssh-agent v0.3.3 h1:+/15pJfg/RsTxqYcX6fHqOXZwwMP+2VyYWJeWM2qQFM= From ff33982ee9c643ae3f98432ce406dd3d0a29493d Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 27 Sep 2025 14:29:07 -0400 Subject: [PATCH 7/8] build(deps): bump github.com/docker/docker (#1131) Bumps [github.com/docker/docker](https://github.com/docker/docker) from 28.3.2+incompatible to 28.3.3+incompatible. - [Release notes](https://github.com/docker/docker/releases) - [Commits](https://github.com/docker/docker/compare/v28.3.2...v28.3.3) --- updated-dependencies: - dependency-name: github.com/docker/docker dependency-version: 28.3.3+incompatible dependency-type: indirect ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 95e32618..aec1f876 100644 --- a/go.mod +++ b/go.mod @@ -87,7 +87,7 @@ require ( github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f // indirect github.com/distribution/reference v0.6.0 // indirect github.com/dlclark/regexp2 v1.11.5 // indirect - github.com/docker/docker v28.3.2+incompatible // indirect + github.com/docker/docker v28.3.3+incompatible // indirect github.com/docker/go-connections v0.5.0 // indirect github.com/docker/go-units v0.5.0 // indirect github.com/dop251/goja v0.0.0-20250630131328-58d95d85e994 // indirect diff --git a/go.sum b/go.sum index f0f78eb4..c38d2f19 100644 --- a/go.sum +++ b/go.sum @@ -141,8 +141,8 @@ github.com/distribution/reference v0.6.0 h1:0IXCQ5g4/QMHHkarYzh5l+u8T3t73zM5Qvfr github.com/distribution/reference v0.6.0/go.mod h1:BbU0aIcezP1/5jX/8MP0YiH4SdvB5Y4f/wlDRiLyi3E= github.com/dlclark/regexp2 v1.11.5 h1:Q/sSnsKerHeCkc/jSTNq1oCm7KiVgUMZRDUoRu0JQZQ= github.com/dlclark/regexp2 v1.11.5/go.mod h1:DHkYz0B9wPfa6wondMfaivmHpzrQ3v9q8cnmRbL6yW8= -github.com/docker/docker v28.3.2+incompatible h1:wn66NJ6pWB1vBZIilP8G3qQPqHy5XymfYn5vsqeA5oA= -github.com/docker/docker v28.3.2+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= +github.com/docker/docker v28.3.3+incompatible h1:Dypm25kh4rmk49v1eiVbsAtpAsYURjYkaKubwuBdxEI= +github.com/docker/docker v28.3.3+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= github.com/docker/go-connections v0.5.0 h1:USnMq7hx7gwdVZq1L49hLXaFtUdTADjXGp+uj1Br63c= github.com/docker/go-connections v0.5.0/go.mod h1:ov60Kzw0kKElRwhNs9UlUHAE/F9Fe6GLaXnqyDdmEXc= github.com/docker/go-units v0.5.0 h1:69rxXcBk27SvSaaxTtLh/8llcHD8vYHT7WSdRZ/jvr4= From d51d32726ce35db6b37510aa50cdbfca360b564a Mon Sep 17 00:00:00 2001 From: Xe Iaso Date: Sat, 27 Sep 2025 22:16:23 -0400 Subject: [PATCH 8/8] fix(lib): serve CSS properly (#1158) Signed-off-by: Xe Iaso --- lib/http.go | 4 ++++ xess/xess.go | 3 ++- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/lib/http.go b/lib/http.go index dcefdb01..0f63ba74 100644 --- a/lib/http.go +++ b/lib/http.go @@ -17,6 +17,7 @@ import ( "github.com/TecharoHQ/anubis/lib/localization" "github.com/TecharoHQ/anubis/lib/policy" "github.com/TecharoHQ/anubis/web" + "github.com/TecharoHQ/anubis/xess" "github.com/a-h/templ" "github.com/golang-jwt/jwt/v5" "golang.org/x/net/publicsuffix" @@ -282,6 +283,9 @@ func (s *Server) ServeHTTP(w http.ResponseWriter, r *http.Request) { if strings.HasPrefix(r.URL.Path, anubis.BasePrefix+anubis.StaticPath) { s.mux.ServeHTTP(w, r) return + } else if strings.HasPrefix(r.URL.Path, anubis.BasePrefix+xess.BasePrefix) { + s.mux.ServeHTTP(w, r) + return } s.maybeReverseProxyOrPage(w, r) diff --git a/xess/xess.go b/xess/xess.go index efdd5bc3..a391c633 100644 --- a/xess/xess.go +++ b/xess/xess.go @@ -16,7 +16,8 @@ var ( //go:embed *.css static Static embed.FS - URL = "/.within.website/x/xess/xess.css" + BasePrefix = "/.within.website/x/xess/" + URL = "/.within.website/x/xess/xess.css" ) func init() {