arian/anubis-mirror
1
0
Fork 0
mirror of https://github.com/TecharoHQ/anubis.git synced 2026-04-11 02:58:49 +00:00
Code Issues Packages Projects Releases Wiki Activity
400 Commits 190 Branches 41 Tags
4845f8515dc95aa06195e966ab9a463b4207bc77
Commit Graph

400 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Xe Iaso
4845f8515d test(lib/store/valkey): disable tests if not using docker 
Signed-off-by: Xe Iaso <me@xeiaso.net>
 2025-07-04 18:38:35 +00:00
Xe Iaso
3808f7ba17 feat(lib/store): implement valkey backend 
Signed-off-by: Xe Iaso <me@xeiaso.net>
 2025-07-04 18:31:01 +00:00
Xe Iaso
59f69d48d2 fix(lib): make challenges live for 30 minutes by default 
Signed-off-by: Xe Iaso <me@xeiaso.net>
 2025-07-04 17:29:14 +00:00
Xe Iaso
ded9c32801 chore(devcontainer): adapt to docker compose, add valkey service 
Signed-off-by: Xe Iaso <me@xeiaso.net>
 2025-07-04 17:28:52 +00:00
Xe Iaso
06b2dca7fc chore: go mod tidy 
Signed-off-by: Xe Iaso <me@xeiaso.net>
 2025-07-03 18:14:23 +00:00
Xe Iaso
1dceab889c chore: spelling 
Signed-off-by: Xe Iaso <me@xeiaso.net>
 2025-07-03 18:05:21 +00:00
Xe Iaso
45f6fa2194 feat(lib/store): add bbolt store implementation 
Signed-off-by: Xe Iaso <me@xeiaso.net>
 2025-07-03 18:02:17 +00:00
Xe Iaso
ddb7b0e99e fix(decaymap): invert locking process for Delete 
Signed-off-by: Xe Iaso <me@xeiaso.net>
 2025-07-03 04:50:11 +00:00
Xe Iaso
acee62a9d0 chore: spelling 
Signed-off-by: Xe Iaso <me@xeiaso.net>
 2025-07-03 00:46:16 -04:00
Xe Iaso
2b3bfdc40b test(lib/store): make generic storage interface test adaptor 
Signed-off-by: Xe Iaso <me@xeiaso.net>
 2025-07-03 04:44:29 +00:00
Xe Iaso
e538f55e89 chore(lib): fix SA4004 
Signed-off-by: Xe Iaso <me@xeiaso.net>
 2025-07-03 04:08:32 +00:00
Xe Iaso
b8e0c1a961 chore(decaymap): fix documentation typo 
Signed-off-by: Xe Iaso <me@xeiaso.net>
 2025-07-03 04:07:44 +00:00
Xe Iaso
def6f2dc90 feat(lib): use new challenge creation flow 
Previously Anubis constructed challenge strings from request metadata.
This was a good idea in spirit, but has turned out to be a very bad idea
in practice. This new flow reuses the Store facility to dynamically
create challenge values with completely random data.

This is a fairly big rewrite of how Anubis processes challenges. Right
now it defaults to using the in-memory storage backend, but on-disk
(boltdb) and valkey-based adaptors will come soon.

Signed-off-by: Xe Iaso <me@xeiaso.net>
 2025-07-02 23:56:23 +00:00
Xe Iaso
e5c39facfe chore(policy): import all store backends 
Signed-off-by: Xe Iaso <me@xeiaso.net>
 2025-07-02 23:34:49 +00:00
Xe Iaso
18b21330df feat(lib/store): all metapackage to import all store implementations 
Signed-off-by: Xe Iaso <me@xeiaso.net>
 2025-07-02 23:17:51 +00:00
Xe Iaso
0f9da86003 feat(lib): implement store interface 
Signed-off-by: Xe Iaso <me@xeiaso.net>
 2025-07-02 23:12:27 +00:00
Xe Iaso
32afc9c040 chore(lib/challenge): refactor Validate to take ValidateInput 
Signed-off-by: Xe Iaso <me@xeiaso.net>
 2025-07-02 22:23:10 +00:00
Xe Iaso
9245c4beec feat(decaymap): add Delete method 
Signed-off-by: Xe Iaso <me@xeiaso.net>
 2025-07-02 22:22:34 +00:00
Xe Iaso
9f0c5e974e fix(web/main): remove the success interstitial (#745) 
I'm gonna be totally honest here, I'm still not sure why #564 is still
an issue. This is really confusing and I'm going to totally throw out
how Anubis issues challenges and redo it with Valkey (#201, #622).

The problem seems to be that I assume that the makeChallenge function in
package lib is idempotent for the same client. I have no idea why this
would be inconsistent, but for some reason it is and I'm just at a loss
for words as to why this is happening.

This stops the bleeding by improving the UX as a stopgap.

Signed-off-by: Xe Iaso <me@xeiaso.net>
 2025-07-01 23:44:38 +00:00
Victor Fernandes
292c470ada Set cookies to have the Secure flag default to true (#739) 
* Set Cookies to use the Secure Flag and default SameSite to None

* Add secure flag test

* Updated changelog and documentation for secure flag option
 2025-06-30 14:58:31 -04:00
Rafael Fontenelle
12453fdc00 Fix translations in pt-BR.json (#729) 
Signed-off-by: Rafael Fontenelle <rffontenelle@users.noreply.github.com>
 2025-06-30 14:14:24 -04:00
Xe Iaso
f5b3bf81bc feat: dev container support (#734) 
* chore: add devcontainer for Anubis

Signed-off-by: Xe Iaso <me@xeiaso.net>

* chore(devcontainer): ensure user can write to $HOME

Signed-off-by: Xe Iaso <me@xeiaso.net>

* chore(devcontainer): forward ports, add launch config

Signed-off-by: Xe Iaso <me@xeiaso.net>

* chore(devcontainer): add playwright deps

Signed-off-by: Xe Iaso <me@xeiaso.net>

* docs: document devcontainer usage

Signed-off-by: Xe Iaso <me@xeiaso.net>

* chore: spelling

Signed-off-by: Xe Iaso <me@xeiaso.net>

* ci(devcontainer): fix action references

Signed-off-by: Xe Iaso <me@xeiaso.net>

* chore(devcontainer): fix ko on arm64

Signed-off-by: Xe Iaso <me@xeiaso.net>

---------

Signed-off-by: Xe Iaso <me@xeiaso.net>
 2025-06-29 23:41:29 -04:00
dependabot[bot]
1820649987 build(deps): bump the gomod group with 2 updates (#736) 
---
updated-dependencies:
- dependency-name: github.com/a-h/templ
  dependency-version: 0.3.906
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: gomod
- dependency-name: sigs.k8s.io/yaml
  dependency-version: 1.5.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: gomod
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-06-29 21:32:56 -04:00
dependabot[bot]
14eeeb56d6 build(deps): bump the github-actions group with 2 updates (#735) 
Bumps the github-actions group with 2 updates: [astral-sh/setup-uv](https://github.com/astral-sh/setup-uv) and [github/codeql-action](https://github.com/github/codeql-action).


Updates `astral-sh/setup-uv` from 6.3.0 to 6.3.1
- [Release notes](https://github.com/astral-sh/setup-uv/releases)
- [Commits](445689ea25...bd01e18f51)

Updates `github/codeql-action` from 3.29.0 to 3.29.1
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](ce28f5bb42...39edc492db)

---
updated-dependencies:
- dependency-name: astral-sh/setup-uv
  dependency-version: 6.3.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions
- dependency-name: github/codeql-action
  dependency-version: 3.29.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-06-29 20:53:14 -04:00
Martin
d9e0fbe905 feat(cmd): Add custom cookie prefix (#732) 
* Add cookie prefix option

* Add explaination comment for TestCookieName

* Rename TestCookieName value from cookie-test-if-you-block-this-anubis-wont-work to cookie-verification

* Add changes to CHANGELOG.md

* Add values to CookieName and TestCookieName in anubis.go required for testcases
 2025-06-29 20:03:09 -04:00
Martin
6aa17532da fix: Dynamic cookie domain not working (#731) 
* Fix cookieDynamicDomain option not being set in Options struct

* Fix using wrong cookie name when using dynamic cookie domains

* Adjust testcases for new cookie option structs

* Add known words to expect.txt and change typo in Zombocom

* Cleanup expect.txt

* Add changes to changelog

* Bump versions of grpc and apimachinery

* Fix testcases and add additional condition for dynamic cookie domain
 2025-06-29 15:38:55 -04:00
Xe Iaso
b1edf84a7c docs(blog/v1.20.0): i am smart 
Signed-off-by: Xe Iaso <me@xeiaso.net>
 2025-06-27 21:10:02 -04:00
Xe Iaso
d47a3406db docs(blog/v1.20.0): how did CI not catch this? 
Signed-off-by: Xe Iaso <me@xeiaso.net>
 2025-06-27 19:55:58 -04:00
Xe Iaso
ff5991b5cf docs(blog/v1.20.0): add cover image 
Signed-off-by: Xe Iaso <me@xeiaso.net>
 2025-06-27 19:20:12 -04:00
Xe Iaso
19f78f37ad docs(blog/v1.20.0): fix typo 
Signed-off-by: Xe Iaso <me@xeiaso.net>
 2025-06-27 18:59:07 -04:00
Xe Iaso
b0b0a5c08a feat(blog): v1.20.0 announcement post 
Signed-off-by: Xe Iaso <me@xeiaso.net>
 2025-06-27 18:56:09 -04:00
Rafael Fontenelle
261306dc63 Add Brazilian Portuguese translation (#726) 
* Create pt-br.json

Signed-off-by: Rafael Fontenelle <rffontenelle@users.noreply.github.com>

* Enable pt-br locale

Signed-off-by: Rafael Fontenelle <rffontenelle@users.noreply.github.com>

* Fix language code

Signed-off-by: Rafael Fontenelle <rffontenelle@users.noreply.github.com>

* Update and rename pt-br.json to pt-BR.json

Signed-off-by: Rafael Fontenelle <rffontenelle@users.noreply.github.com>

* Update lib/localization/locales/pt-BR.json

Co-authored-by: Victor Fernandes  <victorvalenca@gmail.com>
Signed-off-by: Rafael Fontenelle <rffontenelle@users.noreply.github.com>

---------

Signed-off-by: Rafael Fontenelle <rffontenelle@users.noreply.github.com>
Co-authored-by: Victor Fernandes <victorvalenca@gmail.com>
 2025-06-27 20:56:56 +00:00
CXM
3520421757 fix: determine bind network from bind address (#714) 
* fix: determine bind network from bind address

* docs: update CHANGELOG

Signed-off-by: Xe Iaso <me@xeiaso.net>

---------

Signed-off-by: Xe Iaso <me@xeiaso.net>
Co-authored-by: Xe Iaso <me@xeiaso.net>
 2025-06-27 17:57:37 +00:00
Laurent Laffont
ad5430612f feat: implement localization system (#716) 
* lib/localization: implement localization system

Locale files are placed in lib/localization/locales/. If you add a
locale, update manifest.json with available locales.

* Exclude locales from check spelling

* tests(lib/localization): add comprehensive translations test

Signed-off-by: Xe Iaso <me@xeiaso.net>

* fix(challenge/metarefresh): enable localization

Signed-off-by: Xe Iaso <me@xeiaso.net>

* fix: use simple syntax for localization in templ

Also localize CELPHASE into French according to the wishes of the
artist.

Signed-off-by: Xe Iaso <me@xeiaso.net>

* chore: spelling

Signed-off-by: Xe Iaso <me@xeiaso.net>

* chore:(js): fix forbidden patterns

Signed-off-by: Xe Iaso <me@xeiaso.net>

* chore: add goi18n to tools

Signed-off-by: Xe Iaso <me@xeiaso.net>

* test(lib/localization): dynamically determine the list of supported languages

Signed-off-by: Xe Iaso <me@xeiaso.net>

---------

Signed-off-by: Xe Iaso <me@xeiaso.net>
Co-authored-by: Xe Iaso <me@xeiaso.net>
 2025-06-27 17:49:15 +00:00
Xe Iaso
c2423d0688 chore: release v1.20.0 
Signed-off-by: Xe Iaso <me@xeiaso.net>
v1.20.0 		2025-06-27 12:06:22 -04:00
Xe Iaso
a1b7d2ccda feat: dynamic cookie domains (#722) 
* feat: dynamic cookie domains

Replaces #685

I was having weird testing issues when trying to merge #685, so I
rewrote it from scratch to be a lot more minimal.

* chore: spelling

Signed-off-by: Xe Iaso <me@xeiaso.net>

---------

Signed-off-by: Xe Iaso <me@xeiaso.net>
 2025-06-26 12:11:59 +00:00
msporleder
7cf6ac5de6 remove incorrect module mentions (#687) 
mod_proxy_html is for modifying html content in response bodies. The example configs are using mod_proxy_http.

https://httpd.apache.org/docs/2.4/mod/mod_proxy_html.html
vs
https://httpd.apache.org/docs/2.4/mod/mod_proxy_http.html

And anyway mod_proxy + mod_proxy_http should already be installed on almost all systems.

Signed-off-by: msporleder <msporleder@gmail.com>
 2025-06-26 10:47:30 +00:00
Martin
59f5b07281 feat: Add option to use HS512 secret for JWT instead of ED25519 (#680) 
* Add functionality for HS512 JWT tokens

* Add HS512_SECRET to installation docs

* Update CHANGELOG.md regarding HS512

* Move HS512_SECRET to advenced section in docs

* Move token Keyfunc logic to Server function

* Add Keyfunc to spelling

* chore: spelling

Signed-off-by: Xe Iaso <me@xeiaso.net>

---------

Signed-off-by: Xe Iaso <me@xeiaso.net>
Co-authored-by: Martin Weidenauer <mweidenauer@nanx0as46153.anx.local>
Co-authored-by: Xe Iaso <me@xeiaso.net>
 2025-06-26 10:06:44 +00:00
Jason Cameron
1562f88c35 chore: Remove unused/dead code (#703) 
* chore(xess): remove unused xess templates

Signed-off-by: Jason Cameron <git@jasoncameron.dev>

* chore(checker): remove unused staticHashChecker implementation

Signed-off-by: Jason Cameron <git@jasoncameron.dev>

* feat: add pinact and deadcode to go tools (pinact is used for the gha pinning)

Signed-off-by: Jason Cameron <git@jasoncameron.dev>

* chore: update Docker and kubectl actions to latest versions

Signed-off-by: Jason Cameron <git@jasoncameron.dev>

* chore: update Homebrew action from master to main in workflow files

See  df537ec97f

Signed-off-by: Jason Cameron <git@jasoncameron.dev>

* chore: remove unused go-colorable and tools dependencies from go.sum

Signed-off-by: Jason Cameron <git@jasoncameron.dev>

* chore: update postcss-import and other dependencies to latest versions

Signed-off-by: Jason Cameron <git@jasoncameron.dev>

* chore: update Docusaurus dependencies to version 3.8.1

Signed-off-by: Jason Cameron <git@jasoncameron.dev>

* chore: downgrade playwright and playwright-core to version 1.52.0

Signed-off-by: Jason Cameron <git@jasoncameron.dev>

---------

Signed-off-by: Jason Cameron <git@jasoncameron.dev>
 2025-06-25 09:31:33 -04:00
Outvi V
15bd9b6a44 Populate OpenGraph configurations to Opens.OpenGraph (#717) 
* chore: read OpenGraph configurations

* docs: update CHANGELOG
 2025-06-24 15:12:26 +00:00
dependabot[bot]
1ca531b930 build(deps): bump the gomod group with 4 updates (#709) 
Bumps the gomod group with 4 updates: [github.com/grpc-ecosystem/go-grpc-middleware/providers/prometheus](https://github.com/grpc-ecosystem/go-grpc-middleware), [github.com/grpc-ecosystem/go-grpc-middleware/v2](https://github.com/grpc-ecosystem/go-grpc-middleware), [google.golang.org/grpc](https://github.com/grpc/grpc-go) and [k8s.io/apimachinery](https://github.com/kubernetes/apimachinery).


Updates `github.com/grpc-ecosystem/go-grpc-middleware/providers/prometheus` from 1.0.1 to 1.1.0
- [Release notes](https://github.com/grpc-ecosystem/go-grpc-middleware/releases)
- [Commits](https://github.com/grpc-ecosystem/go-grpc-middleware/compare/providers/prometheus/v1.0.1...v1.1.0)

Updates `github.com/grpc-ecosystem/go-grpc-middleware/v2` from 2.1.0 to 2.3.2
- [Release notes](https://github.com/grpc-ecosystem/go-grpc-middleware/releases)
- [Commits](https://github.com/grpc-ecosystem/go-grpc-middleware/compare/v2.1.0...v2.3.2)

Updates `google.golang.org/grpc` from 1.72.2 to 1.73.0
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](https://github.com/grpc/grpc-go/compare/v1.72.2...v1.73.0)

Updates `k8s.io/apimachinery` from 0.33.1 to 0.33.2
- [Commits](https://github.com/kubernetes/apimachinery/compare/v0.33.1...v0.33.2)

---
updated-dependencies:
- dependency-name: github.com/grpc-ecosystem/go-grpc-middleware/providers/prometheus
  dependency-version: 1.1.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: gomod
- dependency-name: github.com/grpc-ecosystem/go-grpc-middleware/v2
  dependency-version: 2.3.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: gomod
- dependency-name: google.golang.org/grpc
  dependency-version: 1.73.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: gomod
- dependency-name: k8s.io/apimachinery
  dependency-version: 0.33.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: gomod
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-06-23 15:59:08 -04:00
Xe Iaso
f9259299b9 chore: release v1.20.0-pre2 
Signed-off-by: Xe Iaso <me@xeiaso.net>
v1.20.0-pre2 		2025-06-23 15:17:13 -04:00
Xe Iaso
16a4e04027 fix(lib): fix invalid response after success in Chrome (#711) 
Closes #564

This one is really dumb. Take a seat and listen to my tale of woe.

While @victorvalenca was working on #693 we ran into a strange issue.
The tests would consistently pass on Firefox but instantly failed on
Chrome. After adding increasingly desperate debugging logs to the mix,
we found out that somehow Chrome was randomizing the contents of its
Accept-Language header. This was making the challenge string get
calculated differently, thus making things spuriously fail. I cannot
figure out what causes Chrome to do this other than you being in an
environment where you have more than one "system language" set.

Either way, this should finally fix this issue and bring peace to the
land forever*.

Signed-off-by: Xe Iaso <me@xeiaso.net>
 2025-06-23 15:11:56 -04:00
dependabot[bot]
8c79870edb build(deps): bump the github-actions group with 3 updates (#708) 
Bumps the github-actions group with 3 updates: [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action), [actions-hub/kubectl](https://github.com/actions-hub/kubectl) and [astral-sh/setup-uv](https://github.com/astral-sh/setup-uv).


Updates `docker/setup-buildx-action` from 3.10.0 to 3.11.1
- [Release notes](https://github.com/docker/setup-buildx-action/releases)
- [Commits](b5ca514318...e468171a9d)

Updates `actions-hub/kubectl` from 1.33.1 to 1.33.2
- [Release notes](https://github.com/actions-hub/kubectl/releases)
- [Commits](f632a31512...d50394b7d7)

Updates `astral-sh/setup-uv` from 6.1.0 to 6.3.0
- [Release notes](https://github.com/astral-sh/setup-uv/releases)
- [Commits](f0ec1fc3b3...445689ea25)

---
updated-dependencies:
- dependency-name: docker/setup-buildx-action
  dependency-version: 3.11.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
- dependency-name: actions-hub/kubectl
  dependency-version: 1.33.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions
- dependency-name: astral-sh/setup-uv
  dependency-version: 6.3.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-06-23 08:41:04 -04:00
Eric T. Johnson
060b10ea2d fix(web/js): broken progress bar with slow algo (#673) 
This was revealed by the reformat in #546.

Signed-off-by: Eric T. Johnson <yut23@users.noreply.github.com>
 2025-06-22 20:05:37 -04:00
Xe Iaso
4c74934e9f fix(default-config): Techaro -> Zombocom 
Signed-off-by: Xe Iaso <me@xeiaso.net>
 2025-06-22 20:04:40 -04:00
Xe Iaso
5870f7072c feat: implement imprint/impressum support (#706) 
* feat: implement imprint/impressum support

Closes #362

Signed-off-by: Xe Iaso <me@xeiaso.net>

* chore(docs/anubis): enable an imprint

Signed-off-by: Xe Iaso <me@xeiaso.net>

* chore: spelling

Signed-off-by: Xe Iaso <me@xeiaso.net>

* docs: fix the end of the sentence, comment out a default impressum

Signed-off-by: Xe Iaso <me@xeiaso.net>

* docs: link back to impressum page

Signed-off-by: Xe Iaso <me@xeiaso.net>

---------

Signed-off-by: Xe Iaso <me@xeiaso.net>
 2025-06-22 18:09:37 -04:00
Xe Iaso
3c1d95d61e fix(default-config): off-by-one error in the default thresholds (#701) 
I don't know how I missed this in testing.
 2025-06-20 11:47:34 -04:00
Jan Alexander Steffens
ab801a3597 Makefile: Build robots2policy (#699) 
* Makefile: Build robots2policy

* Update metadata

check-spelling run (pull_request) for build-robots2policy

Signed-off-by: check-spelling-bot <check-spelling-bot@users.noreply.github.com>
on-behalf-of: @check-spelling <check-spelling-bot@check-spelling.dev>

---------

Signed-off-by: check-spelling-bot <check-spelling-bot@users.noreply.github.com>
Co-authored-by: Jason Cameron <git@jasoncameron.dev>
 2025-06-20 11:08:56 -04:00
Xe Iaso
ecc716940e chore: release v1.20.0-pre1 
Signed-off-by: Xe Iaso <me@xeiaso.net>
v1.20.0-pre1 		2025-06-19 19:32:49 -04:00