arian/anubis-mirror
1
0
Fork 0
mirror of https://github.com/TecharoHQ/anubis.git synced 2026-04-19 22:56:39 +00:00
Code Issues Packages Projects Releases Wiki Activity
611 Commits 188 Branches 41 Tags
a63cbc7ced0c6856f60b032be60402cb96f4d39b
Commit Graph

611 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Xe Iaso a63cbc7ced feat(web/js): add wasm client side runner 
Signed-off-by: Xe Iaso <me@xeiaso.net>
 2025-09-28 02:21:11 +00:00
Xe Iaso 03a6c07c73 chore: add rust-toolchain.toml 
Signed-off-by: Xe Iaso <me@xeiaso.net>
 2025-09-27 18:33:05 +00:00
Xe Iaso 908f85db91 feat: add wasm rigging 
Signed-off-by: Xe Iaso <me@xeiaso.net>
 2025-09-27 17:50:28 +00:00
dependabot[bot] ec90a8b87d build(deps): bump github.com/ulikunitz/xz from 0.5.12 to 0.5.14 (#1132) 
Bumps [github.com/ulikunitz/xz](https://github.com/ulikunitz/xz) from 0.5.12 to 0.5.14.
- [Commits](https://github.com/ulikunitz/xz/compare/v0.5.12...v0.5.14)

---
updated-dependencies:
- dependency-name: github.com/ulikunitz/xz
  dependency-version: 0.5.14
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-09-27 13:46:23 -04:00
dependabot[bot] 5731477e0a build(deps-dev): bump esbuild from 0.25.9 to 0.25.10 in the npm group (#1147) 
Bumps the npm group with 1 update: [esbuild](https://github.com/evanw/esbuild).


Updates `esbuild` from 0.25.9 to 0.25.10
- [Release notes](https://github.com/evanw/esbuild/releases)
- [Changelog](https://github.com/evanw/esbuild/blob/main/CHANGELOG.md)
- [Commits](https://github.com/evanw/esbuild/compare/v0.25.9...v0.25.10)

---
updated-dependencies:
- dependency-name: esbuild
  dependency-version: 0.25.10
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-09-27 13:46:12 -04:00
Xe Iaso 714c85dbc4 fix(lib): enable multiple consecutive slash support (#1155) 
* fix(lib): enable multiple consecutive slash support

Closes #754
Closes #808
Closes #815

Apparently more applications use multiple slashes in a row than I
thought. There is no easy way around this other than to do this hacky
fix to avoid net/http#ServeMux's URL cleaning.

* test(double_slash): add sourceware case

Signed-off-by: Xe Iaso <me@xeiaso.net>

* test(lib): fix tests for double slash fix

Signed-off-by: Xe Iaso <me@xeiaso.net>

---------

Signed-off-by: Xe Iaso <xe.iaso@techaro.lol>
Signed-off-by: Xe Iaso <me@xeiaso.net>
 2025-09-27 13:44:46 -04:00
Jamie McClelland 75ea1b60d5 enable auto setting of SNI based on host header (#1129) 
With this change, setting targetSNI to 'auto' causes anubis to
use the request host name as the SNI name, allowing multiple sites
to use the same anubis instance and same backend, while still securely
connecting to the backend via https.

See https://github.com/TecharoHQ/anubis/issues/424
 2025-09-25 08:08:16 +00:00
violet 1cf03535a5 feat: support reading real client IP from a custom header (#1138) 
* feat: support reading real client IP from a custom header

* pr reviews

---------

Co-authored-by: violet <violet@tsukuyomi>
 2025-09-25 04:01:24 -04:00
Sunniva Løvstad c3ed405dbc Update Nynorsk translation (#1143) 
* chore: fix capitalisation in bokmål and nynorsk

* stadfest → e-verb

Signed-off-by: Sunniva Løvstad <github@turtle.garden>

---------

Signed-off-by: Sunniva Løvstad <github@turtle.garden>
 2025-09-25 04:01:02 -04:00
Xe Iaso 8cdf58c9e6 ci(ssh): re-enable aarch64-16k 
Signed-off-by: Xe Iaso <me@xeiaso.net>
 2025-09-20 15:30:29 +00:00
Xe Iaso 1c170988c8 fix: mend auth cookie name stutter (#1139) 
Signed-off-by: Xe Iaso <me@xeiaso.net>
 2025-09-19 13:51:11 -04:00
Xe Iaso 9439466ff2 ci(ssh): disable aarch64-16k until my SFP connecter comes in on friday 
Signed-off-by: Xe Iaso <me@xeiaso.net>
 2025-09-17 16:00:10 +00:00
Richard Mahn 4787aeca51 Add Door43 link to known instances documentation (#1136) 
Signed-off-by: Richard Mahn <richmahn@users.noreply.github.com>
 2025-09-17 13:11:11 +00:00
Xe Iaso fb3637df95 feat(metarefresh): randomly use the Refresh header (#1133) 
* feat(lib/challenge): expose ResponseWriter to challenge issuers

Signed-off-by: Xe Iaso <me@xeiaso.net>

* feat(metarefresh): randomly use the Refresh header

There are several ways to trigger an automatic refresh without
JavaScript. One of them is the "meta refresh" method[1], but the other
is with the Refresh header[2]. Both are semantically identical and
supported with browsers as old as Chrome version 1.

Given that they are basically the same thing, this patch makes Anubis
randomly select between them by using the challenge random data's first
character. This will fire about 50% of the time.

I expect this to have no impact. If this works out fine, then I will
implement some kind of fallback logic for the fast challenge such that
admins can opt into allowing clients with a no-js configuration to pass
the fast challenge. This needs to bake in the oven though.

[1]: https://developer.mozilla.org/en-US/docs/Web/HTML/Reference/Elements/meta/http-equiv
[2]: https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Refresh

Signed-off-by: Xe Iaso <me@xeiaso.net>

* docs: update CHANGELOG

Signed-off-by: Xe Iaso <me@xeiaso.net>

* feat(metarefresh): simplify random logic

Signed-off-by: Xe Iaso <me@xeiaso.net>

---------

Signed-off-by: Xe Iaso <me@xeiaso.net>
Signed-off-by: Xe Iaso <xe.iaso@techaro.lol>
 2025-09-16 17:32:13 -04:00
dependabot[bot] 26076b8520 build(deps): bump github.com/docker/docker in /test (#1130) 
Bumps [github.com/docker/docker](https://github.com/docker/docker) from 28.3.2+incompatible to 28.3.3+incompatible.
- [Release notes](https://github.com/docker/docker/releases)
- [Commits](https://github.com/docker/docker/compare/v28.3.2...v28.3.3)

---
updated-dependencies:
- dependency-name: github.com/docker/docker
  dependency-version: 28.3.3+incompatible
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-09-16 16:22:28 -04:00
NetSysFire edb84f03b7 convert issue templates into issue forms (#1115) 2025-09-16 13:14:10 +00:00
Jan Pieter Waagmeester b2d525bba4 Update nl.json removeing literal translated 'cookie' (koekje) with 'cookie' (#1126) 
Signed-off-by: Jan Pieter Waagmeester <jieter@jieter.nl>
 2025-09-16 07:53:30 -04:00
dependabot[bot] 00679aed66 build(deps): bump the github-actions group with 3 updates (#1118) 
Bumps the github-actions group with 3 updates: [actions-hub/kubectl](https://github.com/actions-hub/kubectl), [astral-sh/setup-uv](https://github.com/astral-sh/setup-uv) and [github/codeql-action](https://github.com/github/codeql-action).


Updates `actions-hub/kubectl` from 1.34.0 to 1.34.1
- [Release notes](https://github.com/actions-hub/kubectl/releases)
- [Commits](https://github.com/actions-hub/kubectl/compare/af345ed727f0268738e65be48422e463cc67c220...f14933a23bc8c582b5aa7d108defd8e2cb9fa86d)

Updates `astral-sh/setup-uv` from 6.6.1 to 6.7.0
- [Release notes](https://github.com/astral-sh/setup-uv/releases)
- [Commits](https://github.com/astral-sh/setup-uv/compare/557e51de59eb14aaaba2ed9621916900a91d50c6...b75a909f75acd358c2196fb9a5f1299a9a8868a4)

Updates `github/codeql-action` from 3.30.1 to 3.30.3
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/f1f6e5f6af878fb37288ce1c627459e94dbf7d01...192325c86100d080feab897ff886c34abd4c83a3)

---
updated-dependencies:
- dependency-name: actions-hub/kubectl
  dependency-version: 1.34.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions
- dependency-name: astral-sh/setup-uv
  dependency-version: 6.7.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
- dependency-name: github/codeql-action
  dependency-version: 3.30.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-09-15 18:23:31 -04:00
dependabot[bot] 03299024c5 build(deps): bump the npm group with 2 updates (#1117) 
Bumps the npm group with 2 updates: [preact](https://github.com/preactjs/preact) and [postcss-import-url](https://github.com/unlight/postcss-import-url).


Updates `preact` from 10.27.1 to 10.27.2
- [Release notes](https://github.com/preactjs/preact/releases)
- [Commits](https://github.com/preactjs/preact/compare/10.27.1...10.27.2)

Updates `postcss-import-url` from 1.0.0 to 7.2.0
- [Release notes](https://github.com/unlight/postcss-import-url/releases)
- [Changelog](https://github.com/unlight/postcss-import-url/blob/master/CHANGELOG.md)
- [Commits](https://github.com/unlight/postcss-import-url/commits/v7.2.0)

---
updated-dependencies:
- dependency-name: preact
  dependency-version: 10.27.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: npm
- dependency-name: postcss-import-url
  dependency-version: 7.2.0
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: npm
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-09-15 18:23:15 -04:00
Anna f745d37d90 fix(run/openrc): truncate runtime directory before starting Anubis (#1122) 
If Anubis is not shut down correctly and there are leftover socket
files, Anubis will refuse to start.

As "checkpath -D" currently does not work as expected
(https://github.com/OpenRC/openrc/issues/335), simply use "rm -rf"
before starting Anubis.

Signed-off-by: Anna @CyberTailor <cyber@sysrq.in>
 2025-09-15 07:44:35 -04:00
Xe Iaso d12993e31d feat(expressions): add contentLength to bot expressions (#1120) 
Signed-off-by: Xe Iaso <me@xeiaso.net>
 2025-09-15 01:41:45 +00:00
Xe Iaso 88b3e457ee docs: update BotStopper docs based on new features 
Signed-off-by: Xe Iaso <me@xeiaso.net>
 2025-09-14 20:16:43 +00:00
Xe Iaso bb2b113b63 ci(ssh): don't print uname -av output (#1114) 
Signed-off-by: Xe Iaso <me@xeiaso.net>
 2025-09-14 03:03:46 +00:00
Xe Iaso 6c283d0cd9 ci: add aarch64 for ssh CI (#1112) 
* ci: add aarch64 for ssh CI

Signed-off-by: Xe Iaso <me@xeiaso.net>

* ci: better comment aile and t-elos' roles

Signed-off-by: Xe Iaso <me@xeiaso.net>

* ci: fix aile

Signed-off-by: Xe Iaso <me@xeiaso.net>

* ci: update ssh known hosts secret

Signed-off-by: Xe Iaso <me@xeiaso.net>

* ci(ssh): replace raw connection strings with arch-quirks

Signed-off-by: Xe Iaso <me@xeiaso.net>

* ci(ssh): disable this check in PRs again

Signed-off-by: Xe Iaso <me@xeiaso.net>

---------

Signed-off-by: Xe Iaso <me@xeiaso.net>
 2025-09-14 00:15:23 +00:00
agoujot 0037e214a1 add link to preact in challenge list (#1111) 
Preact was added in 1.22, but it currently isn't listed in the "Challenges" page.

Signed-off-by: agoujot <145840578+agoujot@users.noreply.github.com>
 2025-09-13 17:31:36 -04:00
Valentin Lab 29ae2a4b87 feat: fallback to SameSite Lax mode if cookie is not secure (#1105) 
Also, will allow to set cookie `SameSite` mode on command line or
environment. Note that `None` mode will be forced to ``Lax`` if
cookie is set to not be secure.

Signed-off-by: Valentin Lab <valentin.lab@kalysto.org>
 2025-09-13 10:56:54 +00:00
Xe Iaso 401e18f29f feat(store/bbolt): implement actor pattern (#1107) 
* feat(store/bbolt): implement actor pattern

Signed-off-by: Xe Iaso <me@xeiaso.net>

* docs(internal/actorify): document package

Signed-off-by: Xe Iaso <me@xeiaso.net>

* Update metadata

check-spelling run (pull_request) for Xe/actorify

Signed-off-by: check-spelling-bot <check-spelling-bot@users.noreply.github.com>
on-behalf-of: @check-spelling <check-spelling-bot@check-spelling.dev>

---------

Signed-off-by: Xe Iaso <me@xeiaso.net>
Signed-off-by: check-spelling-bot <check-spelling-bot@users.noreply.github.com>
 2025-09-12 18:35:22 +00:00
Xe Iaso 63591866aa fix(decaymap): fix lock convoy (#1106) 
* fix(decaymap): fix lock convoy

Ref #1103

This uses the actor pattern to delay deletion instead of making things
fight over a lock. It also properly fixes locking logic to prevent the
convoy problem.

Signed-off-by: Xe Iaso <me@xeiaso.net>

* docs: update CHANGELOG

Signed-off-by: Xe Iaso <me@xeiaso.net>

---------

Signed-off-by: Xe Iaso <me@xeiaso.net>
 2025-09-12 16:43:08 +00:00
Xe Iaso f79d36d21e docs: update CHANGELOG properly 
It helps if you save your editor buffer!

Signed-off-by: Xe Iaso <me@xeiaso.net>
 2025-09-11 14:07:52 +00:00
Xe Iaso f5b5243b5e docs: update CHANGELOG 
Signed-off-by: Xe Iaso <me@xeiaso.net>
 2025-09-11 14:04:32 +00:00
Xe Iaso 2011b83a44 chore: port client-side JS to TypeScript (#1100) 
* chore(challenge/preact): port to typescript

Signed-off-by: Xe Iaso <me@xeiaso.net>

* chore(js/algorithms): port to typescript

Signed-off-by: Xe Iaso <me@xeiaso.net>

* chore(js/worker): port to typescript

Signed-off-by: Xe Iaso <me@xeiaso.net>

* chore(web): fix TypeScript build logic

Signed-off-by: Xe Iaso <me@xeiaso.net>

* chore(web): port bench.mjs to typescript

Signed-off-by: Xe Iaso <me@xeiaso.net>

* chore(web): port main.mjs to typescript

Signed-off-by: Xe Iaso <me@xeiaso.net>

* Update metadata

check-spelling run (pull_request) for Xe/use-typescript

Signed-off-by: check-spelling-bot <check-spelling-bot@users.noreply.github.com>
on-behalf-of: @check-spelling <check-spelling-bot@check-spelling.dev>

* fix(js/algorithms/fast): handle old browsers

Closes #1082

Signed-off-by: Xe Iaso <me@xeiaso.net>

---------

Signed-off-by: Xe Iaso <me@xeiaso.net>
Signed-off-by: check-spelling-bot <check-spelling-bot@users.noreply.github.com>
 2025-09-11 10:03:10 -04:00
Martin 8ed89a6c6e feat(lib): Add option for adding difficulty field to JWT claims (#1063) 
* Add option for difficulty JWT field

* Add DIFFICULTY_IN_JWT option to docs

* Add missing_required_forwarded_headers to lt translation via Google Translate

* docs(CHANGELOG): move CHANGELOG entry to the top

Signed-off-by: Xe Iaso <me@xeiaso.net>

---------

Signed-off-by: Xe Iaso <me@xeiaso.net>
Co-authored-by: Xe Iaso <me@xeiaso.net>
 2025-09-11 13:50:33 +00:00
Xe Iaso 9430d0e6a5 fix(cmd/containerbuild): support commas in --docker-tags (#1099) 
Signed-off-by: Xe Iaso <me@xeiaso.net>
 2025-09-08 22:19:42 +00:00
Xe Iaso 8b9dafac51 security: npm audit fix for GHSA-hfm8-9jrf-7g9w et. al (#1098) 
* security: npm audit fix for GHSA-hfm8-9jrf-7g9w et. al

Closes #1097

I'm not sure that this is required, but I'd sleep better at night not
finding out that it is required the hard way.

Signed-off-by: Xe Iaso <me@xeiaso.net>

* chore: bump postcss version

Signed-off-by: Xe Iaso <me@xeiaso.net>

---------

Signed-off-by: Xe Iaso <me@xeiaso.net>
 2025-09-08 14:17:59 -04:00
dependabot[bot] 9997130a7c build(deps): bump the github-actions group with 4 updates (#1093) 
Co-authored-by: Jason Cameron <git@jasoncameron.dev>
 2025-09-07 22:01:27 -04:00
Jason Cameron e239083944 docs: add reminder for verified signatures in PR template (#1092) 2025-09-07 16:15:26 -04:00
Jason Cameron abf6c8de57 feat: Warn on missing signing keys when persisting challenges (#1088) 2025-09-07 15:43:58 -04:00
Xe Iaso 7e1b5d9951 fix: demote temporal assurance checks 
* fix(challenge): demote temporal assurance to 80% instead of 95%

Signed-off-by: Xe Iaso <me@xeiaso.net>

* fix(challenge/preact): wait a little longer to be extra safe

Signed-off-by: Xe Iaso <me@xeiaso.net>

* fix(challenge/metarefresh): wait a little longer to be extra safe

Signed-off-by: Xe Iaso <me@xeiaso.net>

* docs(CHANGELOG): add fix notes

Signed-off-by: Xe Iaso <me@xeiaso.net>

---------

Signed-off-by: Xe Iaso <me@xeiaso.net>
 2025-09-07 16:10:54 +00:00
Xe Iaso 98945fb56f feat(lib/store): add s3api storage backend (#1089) 
* feat(lib/store): add s3api storage backend

Signed-off-by: Xe Iaso <me@xeiaso.net>

* docs(store/s3api): replace fake S3 API keys with the bee movie script

Signed-off-by: Xe Iaso <me@xeiaso.net>

* docs(store/s3api): fix spelling sin

Signed-off-by: Xe Iaso <me@xeiaso.net>

* fix(store/s3api): remove vestigal experiment

Signed-off-by: Xe Iaso <me@xeiaso.net>

* chore: spelling

Signed-off-by: Xe Iaso <me@xeiaso.net>

* chore: spelling

Signed-off-by: Xe Iaso <me@xeiaso.net>

* chore(store/s3api): support IsPersistent call

Ref #1088

Signed-off-by: Xe Iaso <me@xeiaso.net>

* chore: spelling

Signed-off-by: Xe Iaso <me@xeiaso.net>

* chore(test): go mod tidy

Signed-off-by: Xe Iaso <me@xeiaso.net>

---------

Signed-off-by: Xe Iaso <me@xeiaso.net>
 2025-09-07 09:24:14 -04:00
Jason Cameron 82099d9e05 fix(robots2policy): handle multiple user agents under one block (#925) 2025-09-06 22:35:19 -04:00
dependabot[bot] 87c2f1e0e6 build(deps): bump the github-actions group across 1 directory with 8 updates (#1071) 
Co-authored-by: Jason Cameron <git@jasoncameron.dev>
 2025-09-06 22:30:43 -04:00
Jason Cameron f0199d014f docs: document some missing env vars (#1087) 2025-09-07 01:34:42 +00:00
Jason Cameron 75109f6b73 docs(installation): add SLOG_LEVEL environment variable to configuration (#1086) 
* docs(installation): add SLOG_LEVEL environment variable to configuration

* docs(installation): add SLOG_LEVEL environment variable to configuration
 2025-09-06 20:59:02 -04:00
Xe Iaso c43d7ca686 docs(botstopper): add HTML templating support 
Signed-off-by: Xe Iaso <me@xeiaso.net>
 2025-09-06 23:42:23 +00:00
Xe Iaso 5d5c39e123 chore: v1.22.0 
Signed-off-by: Xe Iaso <me@xeiaso.net>
v1.22.0 		2025-09-06 11:54:36 -04:00
Xe Iaso d35e47c655 feat: glob matching for redirect domains (#1084) 
* feat: glob matching for redirect domains

Signed-off-by: Xe Iaso <me@xeiaso.net>

* chore: spelling

Signed-off-by: Xe Iaso <me@xeiaso.net>

* docs: update CHANGELOG

Signed-off-by: Xe Iaso <me@xeiaso.net>

---------

Signed-off-by: Xe Iaso <me@xeiaso.net>
 2025-09-06 15:46:18 +00:00
Xe Iaso 48b49a0190 docs(CHANGELOG): add changelog entry for v1.22.0 
Signed-off-by: Xe Iaso <me@xeiaso.net>
 2025-09-05 22:42:08 +00:00
Xe Iaso de94139789 test: ensure FORCED_LANGUAGE works (#1083) 
Closes #1077
 2025-09-05 22:07:17 +00:00
Rimas Kudelis fd011d19e2 Updates to lt.json (#1075) 
Minor improvements to Lithuanian strings

Signed-off-by: Rimas Kudelis <rimas@kudelis.lt>
 2025-09-03 20:07:46 -04:00
Xe Iaso 489abb6b4d chore: release v1.22.0-pre2 
Signed-off-by: Xe Iaso <me@xeiaso.net>
v1.22.0-pre2 		2025-09-02 21:31:17 -04:00