fix(honeypot/naive): optimize hilariously

Signed-off-by: Xe Iaso <me@xeiaso.net>
2026-04-09 18:18:49 +00:00 · 2025-12-15 23:11:21 -05:00
parent ade8505b26
commit e0f4468b03
8 changed files with 124 additions and 40 deletions
--- a/go.mod
+++ b/go.mod
@@ -19,8 +19,8 @@ require (
 	github.com/grpc-ecosystem/go-grpc-middleware/v2 v2.3.3
 	github.com/joho/godotenv v1.5.1
 	github.com/lum8rjack/go-ja4h v0.0.0-20250828030157-fa5266d50650
-	github.com/m1/gospin v0.0.0-20200506075355-4345dd621d4a
 	github.com/nicksnyder/go-i18n/v2 v2.6.0
+	github.com/nikandfor/spintax v0.0.0-20181023094358-fc346b245bb3
 	github.com/playwright-community/playwright-go v0.5200.1
 	github.com/prometheus/client_golang v1.23.2
 	github.com/redis/go-redis/v9 v9.17.2
--- a/go.sum
+++ b/go.sum
@@ -255,7 +255,6 @@ github.com/hashicorp/go-version v1.7.0 h1:5tqGy27NaOTB8yJKUZELlFAS/LTKJkrmONwQKe
 github.com/hashicorp/go-version v1.7.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA=
 github.com/huandu/xstrings v1.5.0 h1:2ag3IFq9ZDANvthTwTiqSSZLjDc+BedvHPAp5tJy2TI=
 github.com/huandu/xstrings v1.5.0/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE=
-github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8=
 github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 h1:BQSFePA1RWJOlocH6Fxy8MmwDt+yVQYULKfN0RoTN8A=
 github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99/go.mod h1:1lJo3i6rXxKeerYnT8Nvf0QmHCRC1n8sfWVwXF2Frvo=
 github.com/joho/godotenv v1.5.1 h1:7eLL/+HRGLY0ldzfGMeQkb7vMd0as4CfYvUVzLqw0N0=
@@ -283,8 +282,6 @@ github.com/lufia/plan9stats v0.0.0-20250317134145-8bc96cf8fc35 h1:PpXWgLPs+Fqr32
 github.com/lufia/plan9stats v0.0.0-20250317134145-8bc96cf8fc35/go.mod h1:autxFIvghDt3jPTLoqZ9OZ7s9qTGNAWmYCjVFWPX/zg=
 github.com/lum8rjack/go-ja4h v0.0.0-20250828030157-fa5266d50650 h1:hhx/Mo6+Hk0mAQS5MW311ON1VlSzp0D1cYhY27IcmnI=
 github.com/lum8rjack/go-ja4h v0.0.0-20250828030157-fa5266d50650/go.mod h1:bMqyXOakqQIdx82d4vcnk5TIZLptZ2gLqju9xmPrWYA=
-github.com/m1/gospin v0.0.0-20200506075355-4345dd621d4a h1:1SIAGB8spa9zVw6UL59uT5xQWjQMe7EK6rw7eYA8kdI=
-github.com/m1/gospin v0.0.0-20200506075355-4345dd621d4a/go.mod h1:Mxpzp00JqlLiQAoV1bOlEKWjT5wbK9/YqHqTUvcE+4I=
 github.com/magiconair/properties v1.8.10 h1:s31yESBquKXCV9a/ScB3ESkOjUYYv+X0rg8SYxI99mE=
 github.com/magiconair/properties v1.8.10/go.mod h1:Dhd985XPs7jluiymwWYZ0G4Z61jb3vdS329zhj2hYo0=
 github.com/matryer/is v1.4.0 h1:sosSmIWwkYITGrxZ25ULNDeKiMNzFSr4V/eqBQP0PeE=
@@ -323,6 +320,8 @@ github.com/natefinch/atomic v1.0.1 h1:ZPYKxkqQOx3KZ+RsbnP/YsgvxWQPGxjC0oBt2AhwV0
 github.com/natefinch/atomic v1.0.1/go.mod h1:N/D/ELrljoqDyT3rZrsUmtsuzvHkeB/wWjHV22AZRbM=
 github.com/nicksnyder/go-i18n/v2 v2.6.0 h1:C/m2NNWNiTB6SK4Ao8df5EWm3JETSTIGNXBpMJTxzxQ=
 github.com/nicksnyder/go-i18n/v2 v2.6.0/go.mod h1:88sRqr0C6OPyJn0/KRNaEz1uWorjxIKP7rUUcvycecE=
+github.com/nikandfor/spintax v0.0.0-20181023094358-fc346b245bb3 h1:foZ9X1bz2KmW7b8Yx5V0LAQKhTazdllv5rnGUe6iGTY=
+github.com/nikandfor/spintax v0.0.0-20181023094358-fc346b245bb3/go.mod h1:wwDYKfVF3WHdY0rugsAZoIpyQjDA3bn9wEzo/QXPx1Y=
 github.com/onsi/gomega v1.35.1 h1:Cwbd75ZBPxFSuZ6T+rN/WCb/gOc6YgFBXLlZLhC7Ds4=
 github.com/onsi/gomega v1.35.1/go.mod h1:PvZbdDc8J6XJEpDK4HCuRBm8a6Fzp9/DmhC9C7yFlog=
 github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U=
@@ -377,8 +376,6 @@ github.com/spf13/afero v1.14.0 h1:9tH6MapGnn/j0eb0yIXiLjERO8RB6xIVZRDCX7PtqWA=
 github.com/spf13/afero v1.14.0/go.mod h1:acJQ8t0ohCGuMN3O+Pv0V0hgMxNYDlvdk+VTfyZmbYo=
 github.com/spf13/cast v1.9.2 h1:SsGfm7M8QOFtEzumm7UZrZdLLquNdzFYfIbEXntcFbE=
 github.com/spf13/cast v1.9.2/go.mod h1:jNfB8QC9IA6ZuY2ZjDp0KtFO2LZZlg4S/7bzP6qqeHo=
-github.com/spf13/cobra v0.0.3/go.mod h1:1l0Ry5zgKvJasoi3XT1TypsSe7PqH0Sj9dhYf7v3XqQ=
-github.com/spf13/pflag v1.0.3/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4=
 github.com/stoewer/go-strcase v1.3.1 h1:iS0MdW+kVTxgMoE1LAZyMiYJFKlOzLooE4MxjirtkAs=
 github.com/stoewer/go-strcase v1.3.1/go.mod h1:fAH5hQ5pehh+j3nZfvwdk2RgEgQjAoM8wodgtPmh1xo=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
@@ -387,7 +384,6 @@ github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpE
 github.com/stretchr/objx v0.5.2 h1:xuMeJ0Sdp5ZMRXx/aWO6RZxdr3beISkG5/G/aIRr3pY=
 github.com/stretchr/objx v0.5.2/go.mod h1:FRsXN1f5AsAjCGJKqEizvkpNtU+EGNCLh3NxZ/8L+MA=
 github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
-github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
 github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
 github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
--- a/internal/headers.go
+++ b/internal/headers.go
@@ -1,6 +1,7 @@
 package internal

 import (
+	"context"
 	"errors"
 	"fmt"
 	"log/slog"
@@ -13,6 +14,13 @@ import (
 	"github.com/sebest/xff"
 )

+type realIPKey struct{}
+
+func RealIP(r *http.Request) (netip.Addr, bool) {
+	result, ok := r.Context().Value(realIPKey{}).(netip.Addr)
+	return result, ok
+}
+
 // TODO: move into config
 type XFFComputePreferences struct {
 	StripPrivate  bool
@@ -77,6 +85,9 @@ func RemoteXRealIP(useRemoteAddress bool, bindNetwork string, next http.Handler)
 			panic(err) // this should never happen
 		}
 		r.Header.Set("X-Real-Ip", host)
+		if addr, err := netip.ParseAddr(host); err == nil {
+			r = r.WithContext(context.WithValue(r.Context(), realIPKey{}, addr))
+		}
 		next.ServeHTTP(w, r)
 	})
 }
@@ -129,8 +140,6 @@ func XForwardedForUpdate(stripPrivate bool, next http.Handler) http.Handler {
 		} else {
 			r.Header.Set("X-Forwarded-For", xffHeaderString)
 		}
-
-		slog.Debug("updating X-Forwarded-For", "original", origXFFHeader, "new", xffHeaderString)
 	})
 }

--- a/internal/honeypot/naive/affirmations.txt
+++ b/internal/honeypot/naive/affirmations.txt
--- a/internal/honeypot/naive/naive.go
+++ b/internal/honeypot/naive/naive.go
@@ -2,16 +2,19 @@ package naive

 import (
 	_ "embed"
+	"fmt"
 	"log/slog"
 	"math/rand/v2"
 	"net/http"
+	"net/netip"
 	"time"

+	"github.com/TecharoHQ/anubis/internal"
 	"github.com/TecharoHQ/anubis/internal/honeypot"
 	"github.com/TecharoHQ/anubis/lib/store"
 	"github.com/a-h/templ"
 	"github.com/google/uuid"
-	"github.com/m1/gospin"
+	"github.com/nikandfor/spintax"
 )

 //go:generate go tool github.com/a-h/templ/cmd/templ generate
@@ -31,52 +34,88 @@ var titles string
 //go:embed affirmations.txt
 var affirmations string

-func New(st store.Interface, lg *slog.Logger) *Impl {
-	spin := gospin.New(nil)
+func New(st store.Interface, lg *slog.Logger) (*Impl, error) {
+	affirmation, err := spintax.Parse(affirmations)
+	if err != nil {
+		return nil, fmt.Errorf("can't parse affirmations: %w", err)
+	}
+
+	body, err := spintax.Parse(spintext)
+	if err != nil {
+		return nil, fmt.Errorf("can't parse bodies: %w", err)
+	}
+
+	title, err := spintax.Parse(titles)
+	if err != nil {
+		return nil, fmt.Errorf("can't parse titles: %w", err)
+	}
+
+	lg.Debug("initialized basic bullshit generator", "affirmations", affirmation.Count(), "bodies", body.Count(), "titles", title.Count())

 	return &Impl{
-		st:    st,
-		infos: store.JSON[honeypot.Info]{Underlying: st, Prefix: "honeypot-infos"},
-		spin:  spin,
-		lg:    lg.With("component", "honeypot/naive"),
-	}
+		st:          st,
+		infos:       store.JSON[honeypot.Info]{Underlying: st, Prefix: "honeypot-infos"},
+		affirmation: affirmation,
+		body:        body,
+		title:       title,
+		lg:          lg.With("component", "honeypot/naive"),
+	}, nil
 }

 type Impl struct {
 	st    store.Interface
 	infos store.JSON[honeypot.Info]
-	spin  *gospin.Spinner
 	lg    *slog.Logger
+
+	affirmation, body, title spintax.Spintax
 }

 func (i *Impl) makeAffirmations() []string {
-	result, err := i.spin.SpinN(affirmations, rand.IntN(5)+1)
-	if err != nil {
-		i.lg.Debug("can't spin affirmations, using fallback", "err", err)
-		return []string{uuid.NewString()}
+	count := rand.IntN(5) + 1
+
+	var result []string
+	for j := 0; j < count; j++ {
+		result = append(result, i.affirmation.Spin())
 	}

 	return result
 }

 func (i *Impl) makeSpins() []string {
-	result, err := i.spin.SpinN(spintext, rand.IntN(8)+8)
-	if err != nil {
-		i.lg.Debug("can't spin text, using fallback", "err", err)
-		return []string{uuid.NewString()}
+	count := rand.IntN(5) + 1
+
+	var result []string
+	for j := 0; j < count; j++ {
+		result = append(result, i.body.Spin())
 	}

 	return result
 }

 func (i *Impl) makeTitle() string {
-	result, err := i.spin.Spin(titles)
-	if err != nil {
-		i.lg.Debug("can't spin titles, using fallback", "err", err)
-		return uuid.NewString()
-	}
+	return i.title.Spin()
+}

-	return result
+func (i *Impl) clampIP(addr netip.Addr) netip.Prefix {
+	fallback := netip.MustParsePrefix(addr.String() + "/32")
+	switch {
+	case addr.Is4() || addr.Is4In6():
+		result, err := addr.Prefix(24)
+		if err != nil {
+			return fallback
+		}
+		return result
+
+	case addr.Is6():
+		result, err := addr.Prefix(48)
+		if err != nil {
+			return fallback
+		}
+		return result
+
+	default:
+		return fallback
+	}
 }

 func (i *Impl) ServeHTTP(w http.ResponseWriter, r *http.Request) {
@@ -87,9 +126,45 @@ func (i *Impl) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 		id = uuid.NewString()
 	}

+	realIP, _ := internal.RealIP(r)
+	if !realIP.IsValid() {
+		i.lg.Error("the real IP is somehow invalid, bad middleware stack?")
+		http.Error(w, "The cake is a lie", http.StatusTeapot)
+		return
+	}
+
+	network := i.clampIP(realIP)
+
 	stage := r.PathValue("stage")
+
+	var info honeypot.Info
+	var err error
+
 	if stage == "init" {
-		i.lg.Debug("found new entrance point", "id", id, "userAgent", r.UserAgent(), "ip", r.Header.Get("X-Real-Ip"))
+		i.lg.Debug("found new entrance point", "id", id, "userAgent", r.UserAgent(), "clampedIP", network)
+
+		info = honeypot.Info{
+			CreatedAt: time.Now(),
+			UserAgent: r.UserAgent(),
+			IPAddress: realIP.String(),
+			HitCount:  1,
+		}
+
+		i.infos.Set(r.Context(), network.String(), info, time.Hour)
+	} else {
+		info, err = i.infos.Get(r.Context(), network.String())
+		if err != nil {
+			info = honeypot.Info{
+				CreatedAt: time.Now(),
+				UserAgent: r.UserAgent(),
+				IPAddress: realIP.String(),
+				HitCount:  1,
+			}
+			i.infos.Set(r.Context(), network.String(), info, time.Hour)
+		} else {
+			info.HitCount++
+			i.infos.Set(r.Context(), network.String(), info, time.Hour)
+		}
 	}

 	spins := i.makeSpins()
--- a/internal/honeypot/naive/page.templ
+++ b/internal/honeypot/naive/page.templ
@@ -30,7 +30,7 @@ templ (i Impl) maze(body []string, links []link) {
 	}
 	<ul>
 		for _, link := range links {
-			<li><a href={ templ.SafeURL(fmt.Sprintf("./%s", link.href)) }></a>{ link.body }</li>
+			<li><a href={ templ.SafeURL(fmt.Sprintf("./%s", link.href)) }>{ link.body }</a></li>
 		}
 	</ul>
 }
--- a/internal/honeypot/naive/page_templ.go
+++ b/internal/honeypot/naive/page_templ.go
@@ -131,20 +131,20 @@ func (i Impl) maze(body []string, links []link) templ.Component {
 			if templ_7745c5c3_Err != nil {
 				return templ_7745c5c3_Err
 			}
-			templ_7745c5c3_Err = templruntime.WriteString(templ_7745c5c3_Buffer, 9, "\"></a>")
+			templ_7745c5c3_Err = templruntime.WriteString(templ_7745c5c3_Buffer, 9, "\">")
 			if templ_7745c5c3_Err != nil {
 				return templ_7745c5c3_Err
 			}
 			var templ_7745c5c3_Var7 string
 			templ_7745c5c3_Var7, templ_7745c5c3_Err = templ.JoinStringErrs(link.body)
 			if templ_7745c5c3_Err != nil {
-				return templ.Error{Err: templ_7745c5c3_Err, FileName: `page.templ`, Line: 33, Col: 80}
+				return templ.Error{Err: templ_7745c5c3_Err, FileName: `page.templ`, Line: 33, Col: 76}
 			}
 			_, templ_7745c5c3_Err = templ_7745c5c3_Buffer.WriteString(templ.EscapeString(templ_7745c5c3_Var7))
 			if templ_7745c5c3_Err != nil {
 				return templ_7745c5c3_Err
 			}
-			templ_7745c5c3_Err = templruntime.WriteString(templ_7745c5c3_Buffer, 10, "</li>")
+			templ_7745c5c3_Err = templruntime.WriteString(templ_7745c5c3_Buffer, 10, "</a></li>")
 			if templ_7745c5c3_Err != nil {
 				return templ_7745c5c3_Err
 			}
--- a/lib/config.go
+++ b/lib/config.go
@@ -176,8 +176,12 @@ func New(opts Options) (*Server, error) {
 	registerWithPrefix(anubis.APIPrefix+"check", http.HandlerFunc(result.maybeReverseProxyHttpStatusOnly), "")
 	registerWithPrefix("/", http.HandlerFunc(result.maybeReverseProxyOrPage), "")

-	bsgen := naive.New(result.store, result.logger)
-	registerWithPrefix(anubis.APIPrefix+"honeypot/{id}/{stage}", bsgen, http.MethodGet)
+	bsgen, err := naive.New(result.store, result.logger)
+	if err == nil {
+		registerWithPrefix(anubis.APIPrefix+"honeypot/{id}/{stage}", bsgen, http.MethodGet)
+	} else {
+		result.logger.Error("can't init honeypot subsystem", "err", err)
+	}

 	//goland:noinspection GoBoolExpressions
 	if anubis.Version == "devel" {