arian/anubis-mirror
1
0
Fork 0
mirror of https://github.com/TecharoHQ/anubis.git synced 2026-04-19 22:56:39 +00:00
Code Issues Packages Projects Releases Wiki Activity
630 Commits 188 Branches 41 Tags
0699f331d2a10b0faa0afcd6ff6efc1b506d91f1
Commit Graph

630 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Xe Iaso 0699f331d2 docs: add wasm documentation 
Signed-off-by: Xe Iaso <me@xeiaso.net>
 2025-09-30 20:57:10 +00:00
Xe Iaso 7f1a7197f3 fix(wasm): use interpreter on aarch64 for now 
Signed-off-by: Xe Iaso <me@xeiaso.net>
 2025-09-30 14:39:56 +00:00
Xe Iaso 2ad7be2847 ci: use binaryen 108 
Signed-off-by: Xe Iaso <me@xeiaso.net>
 2025-09-30 14:33:02 +00:00
Xe Iaso 45c9cb6842 Update metadata 
check-spelling run (pull_request) for Xe/wasm3

Signed-off-by: check-spelling-bot <check-spelling-bot@users.noreply.github.com>
on-behalf-of: @check-spelling <check-spelling-bot@check-spelling.dev>
 2025-09-30 14:30:59 +00:00
Xe Iaso a29025c382 ci: fix invocations of setup-binaryen 
Signed-off-by: Xe Iaso <me@xeiaso.net>
 2025-09-30 14:28:39 +00:00
Xe Iaso bba000e87e chore: clean up places I forced things in testing 
Signed-off-by: Xe Iaso <me@xeiaso.net>
 2025-09-30 14:27:19 +00:00
Xe Iaso 643b4719d8 feat(wasm): support "pure JS" mode 
Closes #1159

This uses the binaryen tool wasm2js to compile the Anubis WASM blobs
to JavaScript. This produces biblically large (520Ki) outputs when you
inline both hashx and sha256 solvers, but this is a tradeoff that I'm
willing to accept. The performance is good enough in my testing with
JIT enabled. I fear that this may end up being terrible with JIT
disabled. I have no idea if this will work on big endian or not.

Signed-off-by: Xe Iaso <me@xeiaso.net>
 2025-09-30 14:21:29 +00:00
Xe Iaso 705da2fa3c fix: disable broken wasm interpreter flow for now 
Signed-off-by: Xe Iaso <me@xeiaso.net>
 2025-09-28 15:01:42 +00:00
Xe Iaso bd5613c699 feat(web/wasm): start work on wasm2js, found bugs in the code, stopping to go to bed 
Signed-off-by: Xe Iaso <me@xeiaso.net>
 2025-09-28 04:25:26 +00:00
Xe Iaso a0df3d4428 chore: cleanups 
Signed-off-by: Xe Iaso <me@xeiaso.net>
 2025-09-28 04:03:39 +00:00
Xe Iaso 097c9e9586 feat(web/wasm): use simd128 if available 
Signed-off-by: Xe Iaso <me@xeiaso.net>
 2025-09-28 04:03:30 +00:00
Xe Iaso cf931cc0a5 fix(lib): detect failures on challenge method initialization 
Signed-off-by: Xe Iaso <me@xeiaso.net>
 2025-09-28 04:02:49 +00:00
Xe Iaso 8b60b4309b chore(wasm): argon2id -> hashx 
Signed-off-by: Xe Iaso <me@xeiaso.net>
 2025-09-28 03:39:19 +00:00
Xe Iaso 41bfbf7900 test(ssh-ci): use TecharoHQ/ci-images SSH runner image 
Signed-off-by: Xe Iaso <me@xeiaso.net>
 2025-09-28 03:09:45 +00:00
Xe Iaso 1c5ce190b4 ci: test ssh ci for the wasm stack 
Signed-off-by: Xe Iaso <me@xeiaso.net>
 2025-09-28 02:50:43 +00:00
Xe Iaso bed126e641 ci(packages): fix builds 
Signed-off-by: Xe Iaso <me@xeiaso.net>
 2025-09-28 02:48:00 +00:00
Xe Iaso 9959cb0d06 ci: fix rust wasm32 target 
Signed-off-by: Xe Iaso <me@xeiaso.net>
 2025-09-28 02:45:17 +00:00
Xe Iaso f150e4b466 ci: fix rust dependencies 
Signed-off-by: Xe Iaso <me@xeiaso.net>
 2025-09-28 02:40:54 +00:00
Xe Iaso 8999303eef feat(lib/challenge/wasm): server side validation logic 
Signed-off-by: Xe Iaso <me@xeiaso.net>
 2025-09-28 02:35:42 +00:00
Xe Iaso a63cbc7ced feat(web/js): add wasm client side runner 
Signed-off-by: Xe Iaso <me@xeiaso.net>
 2025-09-28 02:21:11 +00:00
Xe Iaso 03a6c07c73 chore: add rust-toolchain.toml 
Signed-off-by: Xe Iaso <me@xeiaso.net>
 2025-09-27 18:33:05 +00:00
Xe Iaso 908f85db91 feat: add wasm rigging 
Signed-off-by: Xe Iaso <me@xeiaso.net>
 2025-09-27 17:50:28 +00:00
dependabot[bot] ec90a8b87d build(deps): bump github.com/ulikunitz/xz from 0.5.12 to 0.5.14 (#1132) 
Bumps [github.com/ulikunitz/xz](https://github.com/ulikunitz/xz) from 0.5.12 to 0.5.14.
- [Commits](https://github.com/ulikunitz/xz/compare/v0.5.12...v0.5.14)

---
updated-dependencies:
- dependency-name: github.com/ulikunitz/xz
  dependency-version: 0.5.14
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-09-27 13:46:23 -04:00
dependabot[bot] 5731477e0a build(deps-dev): bump esbuild from 0.25.9 to 0.25.10 in the npm group (#1147) 
Bumps the npm group with 1 update: [esbuild](https://github.com/evanw/esbuild).


Updates `esbuild` from 0.25.9 to 0.25.10
- [Release notes](https://github.com/evanw/esbuild/releases)
- [Changelog](https://github.com/evanw/esbuild/blob/main/CHANGELOG.md)
- [Commits](https://github.com/evanw/esbuild/compare/v0.25.9...v0.25.10)

---
updated-dependencies:
- dependency-name: esbuild
  dependency-version: 0.25.10
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-09-27 13:46:12 -04:00
Xe Iaso 714c85dbc4 fix(lib): enable multiple consecutive slash support (#1155) 
* fix(lib): enable multiple consecutive slash support

Closes #754
Closes #808
Closes #815

Apparently more applications use multiple slashes in a row than I
thought. There is no easy way around this other than to do this hacky
fix to avoid net/http#ServeMux's URL cleaning.

* test(double_slash): add sourceware case

Signed-off-by: Xe Iaso <me@xeiaso.net>

* test(lib): fix tests for double slash fix

Signed-off-by: Xe Iaso <me@xeiaso.net>

---------

Signed-off-by: Xe Iaso <xe.iaso@techaro.lol>
Signed-off-by: Xe Iaso <me@xeiaso.net>
 2025-09-27 13:44:46 -04:00
Jamie McClelland 75ea1b60d5 enable auto setting of SNI based on host header (#1129) 
With this change, setting targetSNI to 'auto' causes anubis to
use the request host name as the SNI name, allowing multiple sites
to use the same anubis instance and same backend, while still securely
connecting to the backend via https.

See https://github.com/TecharoHQ/anubis/issues/424
 2025-09-25 08:08:16 +00:00
violet 1cf03535a5 feat: support reading real client IP from a custom header (#1138) 
* feat: support reading real client IP from a custom header

* pr reviews

---------

Co-authored-by: violet <violet@tsukuyomi>
 2025-09-25 04:01:24 -04:00
Sunniva Løvstad c3ed405dbc Update Nynorsk translation (#1143) 
* chore: fix capitalisation in bokmål and nynorsk

* stadfest → e-verb

Signed-off-by: Sunniva Løvstad <github@turtle.garden>

---------

Signed-off-by: Sunniva Løvstad <github@turtle.garden>
 2025-09-25 04:01:02 -04:00
Xe Iaso 8cdf58c9e6 ci(ssh): re-enable aarch64-16k 
Signed-off-by: Xe Iaso <me@xeiaso.net>
 2025-09-20 15:30:29 +00:00
Xe Iaso 1c170988c8 fix: mend auth cookie name stutter (#1139) 
Signed-off-by: Xe Iaso <me@xeiaso.net>
 2025-09-19 13:51:11 -04:00
Xe Iaso 9439466ff2 ci(ssh): disable aarch64-16k until my SFP connecter comes in on friday 
Signed-off-by: Xe Iaso <me@xeiaso.net>
 2025-09-17 16:00:10 +00:00
Richard Mahn 4787aeca51 Add Door43 link to known instances documentation (#1136) 
Signed-off-by: Richard Mahn <richmahn@users.noreply.github.com>
 2025-09-17 13:11:11 +00:00
Xe Iaso fb3637df95 feat(metarefresh): randomly use the Refresh header (#1133) 
* feat(lib/challenge): expose ResponseWriter to challenge issuers

Signed-off-by: Xe Iaso <me@xeiaso.net>

* feat(metarefresh): randomly use the Refresh header

There are several ways to trigger an automatic refresh without
JavaScript. One of them is the "meta refresh" method[1], but the other
is with the Refresh header[2]. Both are semantically identical and
supported with browsers as old as Chrome version 1.

Given that they are basically the same thing, this patch makes Anubis
randomly select between them by using the challenge random data's first
character. This will fire about 50% of the time.

I expect this to have no impact. If this works out fine, then I will
implement some kind of fallback logic for the fast challenge such that
admins can opt into allowing clients with a no-js configuration to pass
the fast challenge. This needs to bake in the oven though.

[1]: https://developer.mozilla.org/en-US/docs/Web/HTML/Reference/Elements/meta/http-equiv
[2]: https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Refresh

Signed-off-by: Xe Iaso <me@xeiaso.net>

* docs: update CHANGELOG

Signed-off-by: Xe Iaso <me@xeiaso.net>

* feat(metarefresh): simplify random logic

Signed-off-by: Xe Iaso <me@xeiaso.net>

---------

Signed-off-by: Xe Iaso <me@xeiaso.net>
Signed-off-by: Xe Iaso <xe.iaso@techaro.lol>
 2025-09-16 17:32:13 -04:00
dependabot[bot] 26076b8520 build(deps): bump github.com/docker/docker in /test (#1130) 
Bumps [github.com/docker/docker](https://github.com/docker/docker) from 28.3.2+incompatible to 28.3.3+incompatible.
- [Release notes](https://github.com/docker/docker/releases)
- [Commits](https://github.com/docker/docker/compare/v28.3.2...v28.3.3)

---
updated-dependencies:
- dependency-name: github.com/docker/docker
  dependency-version: 28.3.3+incompatible
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-09-16 16:22:28 -04:00
NetSysFire edb84f03b7 convert issue templates into issue forms (#1115) 2025-09-16 13:14:10 +00:00
Jan Pieter Waagmeester b2d525bba4 Update nl.json removeing literal translated 'cookie' (koekje) with 'cookie' (#1126) 
Signed-off-by: Jan Pieter Waagmeester <jieter@jieter.nl>
 2025-09-16 07:53:30 -04:00
dependabot[bot] 00679aed66 build(deps): bump the github-actions group with 3 updates (#1118) 
Bumps the github-actions group with 3 updates: [actions-hub/kubectl](https://github.com/actions-hub/kubectl), [astral-sh/setup-uv](https://github.com/astral-sh/setup-uv) and [github/codeql-action](https://github.com/github/codeql-action).


Updates `actions-hub/kubectl` from 1.34.0 to 1.34.1
- [Release notes](https://github.com/actions-hub/kubectl/releases)
- [Commits](https://github.com/actions-hub/kubectl/compare/af345ed727f0268738e65be48422e463cc67c220...f14933a23bc8c582b5aa7d108defd8e2cb9fa86d)

Updates `astral-sh/setup-uv` from 6.6.1 to 6.7.0
- [Release notes](https://github.com/astral-sh/setup-uv/releases)
- [Commits](https://github.com/astral-sh/setup-uv/compare/557e51de59eb14aaaba2ed9621916900a91d50c6...b75a909f75acd358c2196fb9a5f1299a9a8868a4)

Updates `github/codeql-action` from 3.30.1 to 3.30.3
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/f1f6e5f6af878fb37288ce1c627459e94dbf7d01...192325c86100d080feab897ff886c34abd4c83a3)

---
updated-dependencies:
- dependency-name: actions-hub/kubectl
  dependency-version: 1.34.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions
- dependency-name: astral-sh/setup-uv
  dependency-version: 6.7.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
- dependency-name: github/codeql-action
  dependency-version: 3.30.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-09-15 18:23:31 -04:00
dependabot[bot] 03299024c5 build(deps): bump the npm group with 2 updates (#1117) 
Bumps the npm group with 2 updates: [preact](https://github.com/preactjs/preact) and [postcss-import-url](https://github.com/unlight/postcss-import-url).


Updates `preact` from 10.27.1 to 10.27.2
- [Release notes](https://github.com/preactjs/preact/releases)
- [Commits](https://github.com/preactjs/preact/compare/10.27.1...10.27.2)

Updates `postcss-import-url` from 1.0.0 to 7.2.0
- [Release notes](https://github.com/unlight/postcss-import-url/releases)
- [Changelog](https://github.com/unlight/postcss-import-url/blob/master/CHANGELOG.md)
- [Commits](https://github.com/unlight/postcss-import-url/commits/v7.2.0)

---
updated-dependencies:
- dependency-name: preact
  dependency-version: 10.27.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: npm
- dependency-name: postcss-import-url
  dependency-version: 7.2.0
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: npm
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-09-15 18:23:15 -04:00
Anna f745d37d90 fix(run/openrc): truncate runtime directory before starting Anubis (#1122) 
If Anubis is not shut down correctly and there are leftover socket
files, Anubis will refuse to start.

As "checkpath -D" currently does not work as expected
(https://github.com/OpenRC/openrc/issues/335), simply use "rm -rf"
before starting Anubis.

Signed-off-by: Anna @CyberTailor <cyber@sysrq.in>
 2025-09-15 07:44:35 -04:00
Xe Iaso d12993e31d feat(expressions): add contentLength to bot expressions (#1120) 
Signed-off-by: Xe Iaso <me@xeiaso.net>
 2025-09-15 01:41:45 +00:00
Xe Iaso 88b3e457ee docs: update BotStopper docs based on new features 
Signed-off-by: Xe Iaso <me@xeiaso.net>
 2025-09-14 20:16:43 +00:00
Xe Iaso bb2b113b63 ci(ssh): don't print uname -av output (#1114) 
Signed-off-by: Xe Iaso <me@xeiaso.net>
 2025-09-14 03:03:46 +00:00
Xe Iaso 6c283d0cd9 ci: add aarch64 for ssh CI (#1112) 
* ci: add aarch64 for ssh CI

Signed-off-by: Xe Iaso <me@xeiaso.net>

* ci: better comment aile and t-elos' roles

Signed-off-by: Xe Iaso <me@xeiaso.net>

* ci: fix aile

Signed-off-by: Xe Iaso <me@xeiaso.net>

* ci: update ssh known hosts secret

Signed-off-by: Xe Iaso <me@xeiaso.net>

* ci(ssh): replace raw connection strings with arch-quirks

Signed-off-by: Xe Iaso <me@xeiaso.net>

* ci(ssh): disable this check in PRs again

Signed-off-by: Xe Iaso <me@xeiaso.net>

---------

Signed-off-by: Xe Iaso <me@xeiaso.net>
 2025-09-14 00:15:23 +00:00
agoujot 0037e214a1 add link to preact in challenge list (#1111) 
Preact was added in 1.22, but it currently isn't listed in the "Challenges" page.

Signed-off-by: agoujot <145840578+agoujot@users.noreply.github.com>
 2025-09-13 17:31:36 -04:00
Valentin Lab 29ae2a4b87 feat: fallback to SameSite Lax mode if cookie is not secure (#1105) 
Also, will allow to set cookie `SameSite` mode on command line or
environment. Note that `None` mode will be forced to ``Lax`` if
cookie is set to not be secure.

Signed-off-by: Valentin Lab <valentin.lab@kalysto.org>
 2025-09-13 10:56:54 +00:00
Xe Iaso 401e18f29f feat(store/bbolt): implement actor pattern (#1107) 
* feat(store/bbolt): implement actor pattern

Signed-off-by: Xe Iaso <me@xeiaso.net>

* docs(internal/actorify): document package

Signed-off-by: Xe Iaso <me@xeiaso.net>

* Update metadata

check-spelling run (pull_request) for Xe/actorify

Signed-off-by: check-spelling-bot <check-spelling-bot@users.noreply.github.com>
on-behalf-of: @check-spelling <check-spelling-bot@check-spelling.dev>

---------

Signed-off-by: Xe Iaso <me@xeiaso.net>
Signed-off-by: check-spelling-bot <check-spelling-bot@users.noreply.github.com>
 2025-09-12 18:35:22 +00:00
Xe Iaso 63591866aa fix(decaymap): fix lock convoy (#1106) 
* fix(decaymap): fix lock convoy

Ref #1103

This uses the actor pattern to delay deletion instead of making things
fight over a lock. It also properly fixes locking logic to prevent the
convoy problem.

Signed-off-by: Xe Iaso <me@xeiaso.net>

* docs: update CHANGELOG

Signed-off-by: Xe Iaso <me@xeiaso.net>

---------

Signed-off-by: Xe Iaso <me@xeiaso.net>
 2025-09-12 16:43:08 +00:00
Xe Iaso f79d36d21e docs: update CHANGELOG properly 
It helps if you save your editor buffer!

Signed-off-by: Xe Iaso <me@xeiaso.net>
 2025-09-11 14:07:52 +00:00
Xe Iaso f5b5243b5e docs: update CHANGELOG 
Signed-off-by: Xe Iaso <me@xeiaso.net>
 2025-09-11 14:04:32 +00:00
Xe Iaso 2011b83a44 chore: port client-side JS to TypeScript (#1100) 
* chore(challenge/preact): port to typescript

Signed-off-by: Xe Iaso <me@xeiaso.net>

* chore(js/algorithms): port to typescript

Signed-off-by: Xe Iaso <me@xeiaso.net>

* chore(js/worker): port to typescript

Signed-off-by: Xe Iaso <me@xeiaso.net>

* chore(web): fix TypeScript build logic

Signed-off-by: Xe Iaso <me@xeiaso.net>

* chore(web): port bench.mjs to typescript

Signed-off-by: Xe Iaso <me@xeiaso.net>

* chore(web): port main.mjs to typescript

Signed-off-by: Xe Iaso <me@xeiaso.net>

* Update metadata

check-spelling run (pull_request) for Xe/use-typescript

Signed-off-by: check-spelling-bot <check-spelling-bot@users.noreply.github.com>
on-behalf-of: @check-spelling <check-spelling-bot@check-spelling.dev>

* fix(js/algorithms/fast): handle old browsers

Closes #1082

Signed-off-by: Xe Iaso <me@xeiaso.net>

---------

Signed-off-by: Xe Iaso <me@xeiaso.net>
Signed-off-by: check-spelling-bot <check-spelling-bot@users.noreply.github.com>
 2025-09-11 10:03:10 -04:00