Xe Iaso
8cc2c4d07c
ci: fix smoke tests
...
Signed-off-by: Xe Iaso <me@xeiaso.net >
2025-09-30 21:17:36 +00:00
Xe Iaso
158a3b8d77
docs: update CHANGELOG with binaryen dependency
...
Signed-off-by: Xe Iaso <me@xeiaso.net >
2025-09-30 21:04:43 +00:00
Xe Iaso
1530eab1a4
docs: update CHANGELOG
...
Signed-off-by: Xe Iaso <me@xeiaso.net >
2025-09-30 21:02:59 +00:00
Xe Iaso
accffa6d83
chore(wasm): spelling fixes
...
Signed-off-by: Xe Iaso <me@xeiaso.net >
2025-09-30 20:57:59 +00:00
Xe Iaso
c04bd486e1
fix(wasm): support loading webassembly again
...
Signed-off-by: Xe Iaso <me@xeiaso.net >
2025-09-30 20:57:49 +00:00
Xe Iaso
0699f331d2
docs: add wasm documentation
...
Signed-off-by: Xe Iaso <me@xeiaso.net >
2025-09-30 20:57:10 +00:00
Xe Iaso
7f1a7197f3
fix(wasm): use interpreter on aarch64 for now
...
Signed-off-by: Xe Iaso <me@xeiaso.net >
2025-09-30 14:39:56 +00:00
Xe Iaso
2ad7be2847
ci: use binaryen 108
...
Signed-off-by: Xe Iaso <me@xeiaso.net >
2025-09-30 14:33:02 +00:00
Xe Iaso
45c9cb6842
Update metadata
...
check-spelling run (pull_request) for Xe/wasm3
Signed-off-by: check-spelling-bot <check-spelling-bot@users.noreply.github.com >
on-behalf-of: @check-spelling <check-spelling-bot@check-spelling.dev >
2025-09-30 14:30:59 +00:00
Xe Iaso
a29025c382
ci: fix invocations of setup-binaryen
...
Signed-off-by: Xe Iaso <me@xeiaso.net >
2025-09-30 14:28:39 +00:00
Xe Iaso
bba000e87e
chore: clean up places I forced things in testing
...
Signed-off-by: Xe Iaso <me@xeiaso.net >
2025-09-30 14:27:19 +00:00
Xe Iaso
643b4719d8
feat(wasm): support "pure JS" mode
...
Closes #1159
This uses the binaryen tool wasm2js to compile the Anubis WASM blobs
to JavaScript. This produces biblically large (520Ki) outputs when you
inline both hashx and sha256 solvers, but this is a tradeoff that I'm
willing to accept. The performance is good enough in my testing with
JIT enabled. I fear that this may end up being terrible with JIT
disabled. I have no idea if this will work on big endian or not.
Signed-off-by: Xe Iaso <me@xeiaso.net >
2025-09-30 14:21:29 +00:00
Xe Iaso
705da2fa3c
fix: disable broken wasm interpreter flow for now
...
Signed-off-by: Xe Iaso <me@xeiaso.net >
2025-09-28 15:01:42 +00:00
Xe Iaso
bd5613c699
feat(web/wasm): start work on wasm2js, found bugs in the code, stopping to go to bed
...
Signed-off-by: Xe Iaso <me@xeiaso.net >
2025-09-28 04:25:26 +00:00
Xe Iaso
a0df3d4428
chore: cleanups
...
Signed-off-by: Xe Iaso <me@xeiaso.net >
2025-09-28 04:03:39 +00:00
Xe Iaso
097c9e9586
feat(web/wasm): use simd128 if available
...
Signed-off-by: Xe Iaso <me@xeiaso.net >
2025-09-28 04:03:30 +00:00
Xe Iaso
cf931cc0a5
fix(lib): detect failures on challenge method initialization
...
Signed-off-by: Xe Iaso <me@xeiaso.net >
2025-09-28 04:02:49 +00:00
Xe Iaso
8b60b4309b
chore(wasm): argon2id -> hashx
...
Signed-off-by: Xe Iaso <me@xeiaso.net >
2025-09-28 03:39:19 +00:00
Xe Iaso
41bfbf7900
test(ssh-ci): use TecharoHQ/ci-images SSH runner image
...
Signed-off-by: Xe Iaso <me@xeiaso.net >
2025-09-28 03:09:45 +00:00
Xe Iaso
1c5ce190b4
ci: test ssh ci for the wasm stack
...
Signed-off-by: Xe Iaso <me@xeiaso.net >
2025-09-28 02:50:43 +00:00
Xe Iaso
bed126e641
ci(packages): fix builds
...
Signed-off-by: Xe Iaso <me@xeiaso.net >
2025-09-28 02:48:00 +00:00
Xe Iaso
9959cb0d06
ci: fix rust wasm32 target
...
Signed-off-by: Xe Iaso <me@xeiaso.net >
2025-09-28 02:45:17 +00:00
Xe Iaso
f150e4b466
ci: fix rust dependencies
...
Signed-off-by: Xe Iaso <me@xeiaso.net >
2025-09-28 02:40:54 +00:00
Xe Iaso
8999303eef
feat(lib/challenge/wasm): server side validation logic
...
Signed-off-by: Xe Iaso <me@xeiaso.net >
2025-09-28 02:35:42 +00:00
Xe Iaso
a63cbc7ced
feat(web/js): add wasm client side runner
...
Signed-off-by: Xe Iaso <me@xeiaso.net >
2025-09-28 02:21:11 +00:00
Xe Iaso
03a6c07c73
chore: add rust-toolchain.toml
...
Signed-off-by: Xe Iaso <me@xeiaso.net >
2025-09-27 18:33:05 +00:00
Xe Iaso
908f85db91
feat: add wasm rigging
...
Signed-off-by: Xe Iaso <me@xeiaso.net >
2025-09-27 17:50:28 +00:00
dependabot[bot]
ec90a8b87d
build(deps): bump github.com/ulikunitz/xz from 0.5.12 to 0.5.14 ( #1132 )
...
Bumps [github.com/ulikunitz/xz](https://github.com/ulikunitz/xz ) from 0.5.12 to 0.5.14.
- [Commits](https://github.com/ulikunitz/xz/compare/v0.5.12...v0.5.14 )
---
updated-dependencies:
- dependency-name: github.com/ulikunitz/xz
dependency-version: 0.5.14
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-09-27 13:46:23 -04:00
dependabot[bot]
5731477e0a
build(deps-dev): bump esbuild from 0.25.9 to 0.25.10 in the npm group ( #1147 )
...
Bumps the npm group with 1 update: [esbuild](https://github.com/evanw/esbuild ).
Updates `esbuild` from 0.25.9 to 0.25.10
- [Release notes](https://github.com/evanw/esbuild/releases )
- [Changelog](https://github.com/evanw/esbuild/blob/main/CHANGELOG.md )
- [Commits](https://github.com/evanw/esbuild/compare/v0.25.9...v0.25.10 )
---
updated-dependencies:
- dependency-name: esbuild
dependency-version: 0.25.10
dependency-type: direct:development
update-type: version-update:semver-patch
dependency-group: npm
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-09-27 13:46:12 -04:00
Xe Iaso
714c85dbc4
fix(lib): enable multiple consecutive slash support ( #1155 )
...
* fix(lib): enable multiple consecutive slash support
Closes #754
Closes #808
Closes #815
Apparently more applications use multiple slashes in a row than I
thought. There is no easy way around this other than to do this hacky
fix to avoid net/http#ServeMux's URL cleaning.
* test(double_slash): add sourceware case
Signed-off-by: Xe Iaso <me@xeiaso.net >
* test(lib): fix tests for double slash fix
Signed-off-by: Xe Iaso <me@xeiaso.net >
---------
Signed-off-by: Xe Iaso <xe.iaso@techaro.lol >
Signed-off-by: Xe Iaso <me@xeiaso.net >
2025-09-27 13:44:46 -04:00
Jamie McClelland
75ea1b60d5
enable auto setting of SNI based on host header ( #1129 )
...
With this change, setting targetSNI to 'auto' causes anubis to
use the request host name as the SNI name, allowing multiple sites
to use the same anubis instance and same backend, while still securely
connecting to the backend via https.
See https://github.com/TecharoHQ/anubis/issues/424
2025-09-25 08:08:16 +00:00
violet
1cf03535a5
feat: support reading real client IP from a custom header ( #1138 )
...
* feat: support reading real client IP from a custom header
* pr reviews
---------
Co-authored-by: violet <violet@tsukuyomi>
2025-09-25 04:01:24 -04:00
Sunniva Løvstad
c3ed405dbc
Update Nynorsk translation ( #1143 )
...
* chore: fix capitalisation in bokmål and nynorsk
* stadfest → e-verb
Signed-off-by: Sunniva Løvstad <github@turtle.garden >
---------
Signed-off-by: Sunniva Løvstad <github@turtle.garden >
2025-09-25 04:01:02 -04:00
Xe Iaso
8cdf58c9e6
ci(ssh): re-enable aarch64-16k
...
Signed-off-by: Xe Iaso <me@xeiaso.net >
2025-09-20 15:30:29 +00:00
Xe Iaso
1c170988c8
fix: mend auth cookie name stutter ( #1139 )
...
Signed-off-by: Xe Iaso <me@xeiaso.net >
2025-09-19 13:51:11 -04:00
Xe Iaso
9439466ff2
ci(ssh): disable aarch64-16k until my SFP connecter comes in on friday
...
Signed-off-by: Xe Iaso <me@xeiaso.net >
2025-09-17 16:00:10 +00:00
Richard Mahn
4787aeca51
Add Door43 link to known instances documentation ( #1136 )
...
Signed-off-by: Richard Mahn <richmahn@users.noreply.github.com >
2025-09-17 13:11:11 +00:00
Xe Iaso
fb3637df95
feat(metarefresh): randomly use the Refresh header ( #1133 )
...
* feat(lib/challenge): expose ResponseWriter to challenge issuers
Signed-off-by: Xe Iaso <me@xeiaso.net >
* feat(metarefresh): randomly use the Refresh header
There are several ways to trigger an automatic refresh without
JavaScript. One of them is the "meta refresh" method[1], but the other
is with the Refresh header[2]. Both are semantically identical and
supported with browsers as old as Chrome version 1.
Given that they are basically the same thing, this patch makes Anubis
randomly select between them by using the challenge random data's first
character. This will fire about 50% of the time.
I expect this to have no impact. If this works out fine, then I will
implement some kind of fallback logic for the fast challenge such that
admins can opt into allowing clients with a no-js configuration to pass
the fast challenge. This needs to bake in the oven though.
[1]: https://developer.mozilla.org/en-US/docs/Web/HTML/Reference/Elements/meta/http-equiv
[2]: https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Refresh
Signed-off-by: Xe Iaso <me@xeiaso.net >
* docs: update CHANGELOG
Signed-off-by: Xe Iaso <me@xeiaso.net >
* feat(metarefresh): simplify random logic
Signed-off-by: Xe Iaso <me@xeiaso.net >
---------
Signed-off-by: Xe Iaso <me@xeiaso.net >
Signed-off-by: Xe Iaso <xe.iaso@techaro.lol >
2025-09-16 17:32:13 -04:00
dependabot[bot]
26076b8520
build(deps): bump github.com/docker/docker in /test ( #1130 )
...
Bumps [github.com/docker/docker](https://github.com/docker/docker ) from 28.3.2+incompatible to 28.3.3+incompatible.
- [Release notes](https://github.com/docker/docker/releases )
- [Commits](https://github.com/docker/docker/compare/v28.3.2...v28.3.3 )
---
updated-dependencies:
- dependency-name: github.com/docker/docker
dependency-version: 28.3.3+incompatible
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-09-16 16:22:28 -04:00
NetSysFire
edb84f03b7
convert issue templates into issue forms ( #1115 )
2025-09-16 13:14:10 +00:00
Jan Pieter Waagmeester
b2d525bba4
Update nl.json removeing literal translated 'cookie' (koekje) with 'cookie' ( #1126 )
...
Signed-off-by: Jan Pieter Waagmeester <jieter@jieter.nl >
2025-09-16 07:53:30 -04:00
dependabot[bot]
00679aed66
build(deps): bump the github-actions group with 3 updates ( #1118 )
...
Bumps the github-actions group with 3 updates: [actions-hub/kubectl](https://github.com/actions-hub/kubectl ), [astral-sh/setup-uv](https://github.com/astral-sh/setup-uv ) and [github/codeql-action](https://github.com/github/codeql-action ).
Updates `actions-hub/kubectl` from 1.34.0 to 1.34.1
- [Release notes](https://github.com/actions-hub/kubectl/releases )
- [Commits](af345ed727...f14933a23bhttps://github.com/astral-sh/setup-uv/releases )
- [Commits](557e51de59...b75a909f75https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](f1f6e5f6af...192325c861support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-09-15 18:23:31 -04:00
dependabot[bot]
03299024c5
build(deps): bump the npm group with 2 updates ( #1117 )
...
Bumps the npm group with 2 updates: [preact](https://github.com/preactjs/preact ) and [postcss-import-url](https://github.com/unlight/postcss-import-url ).
Updates `preact` from 10.27.1 to 10.27.2
- [Release notes](https://github.com/preactjs/preact/releases )
- [Commits](https://github.com/preactjs/preact/compare/10.27.1...10.27.2 )
Updates `postcss-import-url` from 1.0.0 to 7.2.0
- [Release notes](https://github.com/unlight/postcss-import-url/releases )
- [Changelog](https://github.com/unlight/postcss-import-url/blob/master/CHANGELOG.md )
- [Commits](https://github.com/unlight/postcss-import-url/commits/v7.2.0 )
---
updated-dependencies:
- dependency-name: preact
dependency-version: 10.27.2
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: npm
- dependency-name: postcss-import-url
dependency-version: 7.2.0
dependency-type: direct:development
update-type: version-update:semver-major
dependency-group: npm
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-09-15 18:23:15 -04:00
Anna
f745d37d90
fix(run/openrc): truncate runtime directory before starting Anubis ( #1122 )
...
If Anubis is not shut down correctly and there are leftover socket
files, Anubis will refuse to start.
As "checkpath -D" currently does not work as expected
(https://github.com/OpenRC/openrc/issues/335 ), simply use "rm -rf"
before starting Anubis.
Signed-off-by: Anna @CyberTailor <cyber@sysrq.in >
2025-09-15 07:44:35 -04:00
Xe Iaso
d12993e31d
feat(expressions): add contentLength to bot expressions ( #1120 )
...
Signed-off-by: Xe Iaso <me@xeiaso.net >
2025-09-15 01:41:45 +00:00
Xe Iaso
88b3e457ee
docs: update BotStopper docs based on new features
...
Signed-off-by: Xe Iaso <me@xeiaso.net >
2025-09-14 20:16:43 +00:00
Xe Iaso
bb2b113b63
ci(ssh): don't print uname -av output ( #1114 )
...
Signed-off-by: Xe Iaso <me@xeiaso.net >
2025-09-14 03:03:46 +00:00
Xe Iaso
6c283d0cd9
ci: add aarch64 for ssh CI ( #1112 )
...
* ci: add aarch64 for ssh CI
Signed-off-by: Xe Iaso <me@xeiaso.net >
* ci: better comment aile and t-elos' roles
Signed-off-by: Xe Iaso <me@xeiaso.net >
* ci: fix aile
Signed-off-by: Xe Iaso <me@xeiaso.net >
* ci: update ssh known hosts secret
Signed-off-by: Xe Iaso <me@xeiaso.net >
* ci(ssh): replace raw connection strings with arch-quirks
Signed-off-by: Xe Iaso <me@xeiaso.net >
* ci(ssh): disable this check in PRs again
Signed-off-by: Xe Iaso <me@xeiaso.net >
---------
Signed-off-by: Xe Iaso <me@xeiaso.net >
2025-09-14 00:15:23 +00:00
agoujot
0037e214a1
add link to preact in challenge list ( #1111 )
...
Preact was added in 1.22, but it currently isn't listed in the "Challenges" page.
Signed-off-by: agoujot <145840578+agoujot@users.noreply.github.com >
2025-09-13 17:31:36 -04:00
Valentin Lab
29ae2a4b87
feat: fallback to SameSite Lax mode if cookie is not secure ( #1105 )
...
Also, will allow to set cookie `SameSite` mode on command line or
environment. Note that `None` mode will be forced to ``Lax`` if
cookie is set to not be secure.
Signed-off-by: Valentin Lab <valentin.lab@kalysto.org >
2025-09-13 10:56:54 +00:00
