chore: release v1.21.0-pre2 (#816)

* chore: release v1.21.0-pre2

* chore: disable automated stable package builds for now

Signed-off-by: Xe Iaso <me@xeiaso.net>

.github/workflows/package-builds-stable.yml

@@ -1,8 +1,9 @@
 name: Package builds (stable)
 
 on:
-  release:
+  workflow_dispatch:
-    types: [published]
+  # release:
+  #   types: [published]
 
 permissions:
   contents: write
@@ -13,67 +14,67 @@ jobs:
     #runs-on: alrest-techarohq
     runs-on: ubuntu-24.04
     steps:
-    - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-      with:
+        with:
-        persist-credentials: false
+          persist-credentials: false
-        fetch-tags: true
+          fetch-tags: true
-        fetch-depth: 0
+          fetch-depth: 0
 
-    - name: build essential
+      - name: build essential
-      run: |
+        run: |
-        sudo apt-get update
+          sudo apt-get update
-        sudo apt-get install -y build-essential
+          sudo apt-get install -y build-essential
 
-    - name: Set up Homebrew
+      - name: Set up Homebrew
-      uses: Homebrew/actions/setup-homebrew@main
+        uses: Homebrew/actions/setup-homebrew@main
 
-    - name: Setup Homebrew cellar cache
+      - name: Setup Homebrew cellar cache
-      uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3
+        uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3
-      with:
+        with:
-        path: |
+          path: |
-          /home/linuxbrew/.linuxbrew/Cellar
+            /home/linuxbrew/.linuxbrew/Cellar
-          /home/linuxbrew/.linuxbrew/bin
+            /home/linuxbrew/.linuxbrew/bin
-          /home/linuxbrew/.linuxbrew/etc
+            /home/linuxbrew/.linuxbrew/etc
-          /home/linuxbrew/.linuxbrew/include
+            /home/linuxbrew/.linuxbrew/include
-          /home/linuxbrew/.linuxbrew/lib
+            /home/linuxbrew/.linuxbrew/lib
-          /home/linuxbrew/.linuxbrew/opt
+            /home/linuxbrew/.linuxbrew/opt
-          /home/linuxbrew/.linuxbrew/sbin
+            /home/linuxbrew/.linuxbrew/sbin
-          /home/linuxbrew/.linuxbrew/share
+            /home/linuxbrew/.linuxbrew/share
-          /home/linuxbrew/.linuxbrew/var
+            /home/linuxbrew/.linuxbrew/var
-        key: ${{ runner.os }}-go-homebrew-cellar-${{ hashFiles('go.sum') }}
+          key: ${{ runner.os }}-go-homebrew-cellar-${{ hashFiles('go.sum') }}
-        restore-keys: |
+          restore-keys: |
-          ${{ runner.os }}-go-homebrew-cellar-
+            ${{ runner.os }}-go-homebrew-cellar-
 
-    - name: Install Brew dependencies
+      - name: Install Brew dependencies
-      run: |
+        run: |
-        brew bundle
+          brew bundle
 
-    - name: Setup Golang caches
+      - name: Setup Golang caches
-      uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3
+        uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3
-      with:
+        with:
-        path: |
+          path: |
-          ~/.cache/go-build
+            ~/.cache/go-build
-          ~/go/pkg/mod
+            ~/go/pkg/mod
-        key: ${{ runner.os }}-golang-${{ hashFiles('**/go.sum') }}
+          key: ${{ runner.os }}-golang-${{ hashFiles('**/go.sum') }}
-        restore-keys: |
+          restore-keys: |
-          ${{ runner.os }}-golang-
+            ${{ runner.os }}-golang-
 
-    - name: install node deps
+      - name: install node deps
-      run: |
+        run: |
-        npm ci
+          npm ci
 
-    - name: Build Packages
+      - name: Build Packages
-      run: |
+        run: |
-        go tool yeet
+          go tool yeet
 
-    - name: Upload released artifacts
+      - name: Upload released artifacts
-      env:
+        env:
-        GITHUB_TOKEN: ${{ github.TOKEN }}
+          GITHUB_TOKEN: ${{ github.TOKEN }}
-        RELEASE_VERSION: ${{github.event.release.tag_name}}
+          RELEASE_VERSION: ${{github.event.release.tag_name}}
-      shell: bash
+        shell: bash
-      run: |
+        run: |
-        RELEASE="${RELEASE_VERSION}"
+          RELEASE="${RELEASE_VERSION}"
-        cd var
+          cd var
-        for file in *; do
+          for file in *; do
-          gh release upload $RELEASE $file
+            gh release upload $RELEASE $file
-        done
+          done

VERSION

@@ -1 +1 @@
-1.21.0-pre1
+1.21.0-pre2

docs/docs/CHANGELOG.md

@@ -17,7 +17,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 > Please, be at ease. You are among friends here.
 
-In this release, Anubis becomes internationalized, gains the ability to use system load as input to issuing challenges,
+In this release, Anubis becomes internationalized, gains the ability to use system load as input to issuing challenges, finally fixes the "invalid response" after "success" bug, and more! Please read these notes before upgrading as the changes are big enough that administrators should take action to ensure that the upgrade goes smoothly.
 
 ### Big ticket changes
 
@@ -99,7 +99,6 @@ There are a bunch of other assorted features and fixes too:
 - Allow [Common Crawl](https://commoncrawl.org/) by default so scrapers have less incentive to scrape
 - The [bbolt storage backend](./admin/policies.mdx#bbolt) now runs its cleanup every hour instead of every five minutes.
 - Don't block Anubis starting up if [Thoth](./admin/thoth.mdx) health checks fail.
-- Multiple consecutive slashes are supported in upstream application URLs ([#754](https://github.com/TecharoHQ/anubis/issues/754)).
 
 ### Potentially breaking changes
 

lib/anubis.go

@@ -67,15 +67,14 @@ var (
 )
 
 type Server struct {
-	next         http.Handler
+	next        http.Handler
-	mux          *http.ServeMux
+	mux         *http.ServeMux
-	policy       *policy.ParsedConfig
+	policy      *policy.ParsedConfig
-	OGTags       *ogtags.OGTagCache
+	OGTags      *ogtags.OGTagCache
-	ed25519Priv  ed25519.PrivateKey
+	ed25519Priv ed25519.PrivateKey
-	hs512Secret  []byte
+	hs512Secret []byte
-	opts         Options
+	opts        Options
-	store        store.Interface
+	store       store.Interface
-	internalPath string
 }
 
 func (s *Server) getTokenKeyfunc() jwt.Keyfunc {

lib/anubis_test.go

@@ -204,63 +204,6 @@ func TestCVE2025_24369(t *testing.T) {
 	}
 }
 
-func TestDoubleSlashes(t *testing.T) {
-	pol := loadPolicies(t, "", 0)
-
-	path := ""
-
-	srv := spawnAnubis(t, Options{
-		Next: http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-			path = r.URL.Path
-		}),
-		Policy: pol,
-	})
-
-	ts := httptest.NewServer(internal.RemoteXRealIP(true, "tcp", srv))
-	defer ts.Close()
-
-	cli := httpClient(t)
-	chall := makeChallenge(t, ts, cli)
-	resp := handleChallengeZeroDifficulty(t, ts, cli, chall)
-
-	if resp.StatusCode != http.StatusFound {
-		t.Fatal("can't solve challenge, see logs")
-	}
-
-	for _, tt := range []struct {
-		name, path string
-	}{
-		{
-			name: "basic",
-			path: "/foo",
-		},
-		{
-			name: "leading slashes",
-			path: "//foo",
-		},
-		{
-			name: "mid slashes",
-			path: "/foo//bar///baz",
-		},
-		{
-			name: "trailing slashes",
-			path: "/foo/bar///",
-		},
-	} {
-		t.Run(tt.name, func(t *testing.T) {
-			if _, err := cli.Get(ts.URL + tt.path); err != nil {
-				t.Errorf("can't make request to %s: %v", tt.path, err)
-			}
-
-			if path != tt.path {
-				t.Logf("want: %s", tt.path)
-				t.Logf("got:  %s", path)
-				t.Error("invalid path sent to server")
-			}
-		})
-	}
-}
-
 func TestCookieCustomExpiration(t *testing.T) {
 	pol := loadPolicies(t, "", 0)
 	ckieExpiration := 10 * time.Minute

lib/config.go

@@ -101,14 +101,13 @@ func New(opts Options) (*Server, error) {
 	anubis.BasePrefix = opts.BasePrefix
 
 	result := &Server{
-		next:         opts.Next,
+		next:        opts.Next,
-		ed25519Priv:  opts.ED25519PrivateKey,
+		ed25519Priv: opts.ED25519PrivateKey,
-		hs512Secret:  opts.HS512Secret,
+		hs512Secret: opts.HS512Secret,
-		policy:       opts.Policy,
+		policy:      opts.Policy,
-		opts:         opts,
+		opts:        opts,
-		OGTags:       ogtags.NewOGTagCache(opts.Target, opts.Policy.OpenGraph, opts.Policy.Store),
+		OGTags:      ogtags.NewOGTagCache(opts.Target, opts.Policy.OpenGraph, opts.Policy.Store),
-		store:        opts.Policy.Store,
+		store:       opts.Policy.Store,
-		internalPath: opts.BasePrefix + anubis.StaticPath,
 	}
 
 	mux := http.NewServeMux()
@@ -155,6 +154,7 @@ func New(opts Options) (*Server, error) {
 
 	registerWithPrefix(anubis.APIPrefix+"pass-challenge", http.HandlerFunc(result.PassChallenge), "GET")
 	registerWithPrefix(anubis.APIPrefix+"check", http.HandlerFunc(result.maybeReverseProxyHttpStatusOnly), "")
+	registerWithPrefix("/", http.HandlerFunc(result.maybeReverseProxyOrPage), "")
 
 	//goland:noinspection GoBoolExpressions
 	if anubis.Version == "devel" {

lib/http.go

@@ -200,12 +200,7 @@ func (s *Server) respondWithStatus(w http.ResponseWriter, r *http.Request, msg s
 }
 
 func (s *Server) ServeHTTP(w http.ResponseWriter, r *http.Request) {
-	switch strings.HasPrefix(r.URL.Path, s.internalPath) {
+	s.mux.ServeHTTP(w, r)
-	case true:
-		s.mux.ServeHTTP(w, r)
-	case false:
-		s.maybeReverseProxyOrPage(w, r)
-	}
 }
 
 func (s *Server) stripBasePrefixFromRequest(r *http.Request) *http.Request {

package-lock.json

@@ -1,12 +1,12 @@
 {
   "name": "@techaro/anubis",
-  "version": "1.21.0-pre1",
+  "version": "1.21.0-pre2",
   "lockfileVersion": 3,
   "requires": true,
   "packages": {
     "": {
       "name": "@techaro/anubis",
-      "version": "1.21.0-pre1",
+      "version": "1.21.0-pre2",
       "license": "ISC",
       "devDependencies": {
         "cssnano": "^7.0.7",

package.json

@@ -1,6 +1,6 @@
 {
   "name": "@techaro/anubis",
-  "version": "1.21.0-pre1",
+  "version": "1.21.0-pre2",
   "description": "",
   "main": "index.js",
   "scripts": {