chore: npm run assets

Signed-off-by: Xe Iaso <me@xeiaso.net>

.github/actions/spelling/expect.txt

@@ -64,7 +64,6 @@ Codespaces
 confd
 connnection
 containerbuild
-containerregistry
 coreutils
 Cotoyogi
 Cromite
@@ -342,7 +341,6 @@ Velen
 vendored
 vhosts
 VKE
-vnd
 VPS
 Vultr
 weblate

.github/workflows/asset-verification.yml

@@ -0,0 +1,73 @@
+name: Asset Build Verification
+
+on:
+  push:
+    branches: ["main"]
+  pull_request:
+    branches: ["main"]
+
+permissions:
+  contents: read
+
+jobs:
+  asset_verification:
+    runs-on: ubuntu-24.04
+    steps:
+      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        with:
+          persist-credentials: false
+
+      - name: build essential
+        run: |
+          sudo apt-get update
+          sudo apt-get install -y build-essential
+
+      - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
+        with:
+          node-version: latest
+
+      - uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0
+        with:
+          go-version: stable
+
+      - name: install node deps
+        run: |
+          npm ci
+
+      - name: Check for uncommitted changes before asset build
+        id: check-changes-before
+        run: |
+          if [[ -n $(git status --porcelain) ]]; then
+            echo "has_changes=true" >> $GITHUB_OUTPUT
+          else
+            echo "has_changes=false" >> $GITHUB_OUTPUT
+          fi
+
+      - name: Fail if there are uncommitted changes before build
+        if: steps.check-changes-before.outputs.has_changes == 'true'
+        run: |
+          echo "There are uncommitted changes before running npm run assets"
+          git status
+          exit 1
+
+      - name: Run asset build
+        run: |
+          npm run assets
+
+      - name: Check for uncommitted changes after asset build
+        id: check-changes-after
+        run: |
+          if [[ -n $(git status --porcelain) ]]; then
+            echo "has_changes=true" >> $GITHUB_OUTPUT
+          else
+            echo "has_changes=false" >> $GITHUB_OUTPUT
+          fi
+
+      - name: Fail if assets generated changes
+        if: steps.check-changes-after.outputs.has_changes == 'true'
+        run: |
+          echo "npm run assets generated uncommitted changes. This indicates the repository has outdated generated files."
+          echo "Please run 'npm run assets' locally and commit the changes."
+          git status
+          git diff
+          exit 1

.github/workflows/docker-pr.yml

@@ -2,7 +2,7 @@ name: Docker image builds (pull requests)
 
 on:
   pull_request:
-    branches: ["main"]
+    branches: [ "main" ]
 
 env:
   DOCKER_METADATA_SET_OUTPUT_ENV: "true"
@@ -21,20 +21,29 @@ jobs:
           fetch-depth: 0
           persist-credentials: false
 
-      - name: build essential
+      - name: Set up Homebrew
+        uses: Homebrew/actions/setup-homebrew@main
+
+      - name: Setup Homebrew cellar cache
+        uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0
+        with:
+          path: |
+            /home/linuxbrew/.linuxbrew/Cellar
+            /home/linuxbrew/.linuxbrew/bin
+            /home/linuxbrew/.linuxbrew/etc
+            /home/linuxbrew/.linuxbrew/include
+            /home/linuxbrew/.linuxbrew/lib
+            /home/linuxbrew/.linuxbrew/opt
+            /home/linuxbrew/.linuxbrew/sbin
+            /home/linuxbrew/.linuxbrew/share
+            /home/linuxbrew/.linuxbrew/var
+          key: ${{ runner.os }}-go-homebrew-cellar-${{ hashFiles('go.sum') }}
+          restore-keys: |
+            ${{ runner.os }}-go-homebrew-cellar-
+
+      - name: Install Brew dependencies
         run: |
-          sudo apt-get update
+          brew bundle
-          sudo apt-get install -y build-essential
-
-      - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
-        with:
-          node-version: latest
-
-      - uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0
-        with:
-          go-version: stable
-
-      - uses: ko-build/setup-ko@d006021bd0c28d1ce33a07e7943d48b079944c8d # v0.9
 
       - name: Docker meta
         id: meta

.github/workflows/docker.yml

@@ -27,24 +27,33 @@ jobs:
           fetch-depth: 0
           persist-credentials: false
 
-      - name: build essential
-        run: |
-          sudo apt-get update
-          sudo apt-get install -y build-essential
-
       - name: Set lowercase image name
         run: |
           echo "IMAGE=ghcr.io/${GITHUB_REPOSITORY,,}" >> $GITHUB_ENV
 
-      - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
+      - name: Set up Homebrew
-        with:
+        uses: Homebrew/actions/setup-homebrew@main
-          node-version: latest
 
-      - uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0
+      - name: Setup Homebrew cellar cache
+        uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0
         with:
-          go-version: stable
+          path: |
+            /home/linuxbrew/.linuxbrew/Cellar
+            /home/linuxbrew/.linuxbrew/bin
+            /home/linuxbrew/.linuxbrew/etc
+            /home/linuxbrew/.linuxbrew/include
+            /home/linuxbrew/.linuxbrew/lib
+            /home/linuxbrew/.linuxbrew/opt
+            /home/linuxbrew/.linuxbrew/sbin
+            /home/linuxbrew/.linuxbrew/share
+            /home/linuxbrew/.linuxbrew/var
+          key: ${{ runner.os }}-go-homebrew-cellar-${{ hashFiles('go.sum') }}
+          restore-keys: |
+            ${{ runner.os }}-go-homebrew-cellar-
 
-      - uses: ko-build/setup-ko@d006021bd0c28d1ce33a07e7943d48b079944c8d # v0.9
+      - name: Install Brew dependencies
+        run: |
+          brew bundle
 
       - name: Log into registry
         uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0

.github/workflows/go.yml

@@ -2,9 +2,9 @@ name: Go
 
 on:
   push:
-    branches: ["main"]
+    branches: [ "main" ]
   pull_request:
-    branches: ["main"]
+    branches: [ "main" ]
 
 permissions:
   contents: read
@@ -15,51 +15,77 @@ jobs:
     #runs-on: alrest-techarohq
     runs-on: ubuntu-24.04
     steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+    - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
-        with:
+      with:
-          persist-credentials: false
+        persist-credentials: false
 
-      - name: build essential
+    - name: build essential
-        run: |
+      run: |
-          sudo apt-get update
+        sudo apt-get update
-          sudo apt-get install -y build-essential
+        sudo apt-get install -y build-essential
 
-      - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
+    - name: Set up Homebrew
-        with:
+      uses: Homebrew/actions/setup-homebrew@main
-          node-version: latest
 
-      - uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0
+    - name: Setup Homebrew cellar cache
-        with:
+      uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0
-          go-version: stable
+      with:
+        path: |
+          /home/linuxbrew/.linuxbrew/Cellar
+          /home/linuxbrew/.linuxbrew/bin
+          /home/linuxbrew/.linuxbrew/etc
+          /home/linuxbrew/.linuxbrew/include
+          /home/linuxbrew/.linuxbrew/lib
+          /home/linuxbrew/.linuxbrew/opt
+          /home/linuxbrew/.linuxbrew/sbin
+          /home/linuxbrew/.linuxbrew/share
+          /home/linuxbrew/.linuxbrew/var
+        key: ${{ runner.os }}-go-homebrew-cellar-${{ hashFiles('go.sum') }}
+        restore-keys: |
+          ${{ runner.os }}-go-homebrew-cellar-
 
-      - name: Cache playwright binaries
+    - name: Install Brew dependencies
-        uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0
+      run: |
-        id: playwright-cache
+        brew bundle
-        with:
-          path: |
-            ~/.cache/ms-playwright
-          key: ${{ runner.os }}-playwright-${{ hashFiles('**/go.sum') }}
 
-      - name: install node deps
+    - name: Setup Golang caches
-        run: |
+      uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0
-          npm ci
+      with:
+        path: |
+          ~/.cache/go-build
+          ~/go/pkg/mod
+        key: ${{ runner.os }}-golang-${{ hashFiles('**/go.sum') }}
+        restore-keys: |
+          ${{ runner.os }}-golang-
 
-      - name: install playwright browsers
+    - name: Cache playwright binaries
-        run: |
+      uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0
-          npx --no-install playwright@1.52.0 install --with-deps
+      id: playwright-cache
-          npx --no-install playwright@1.52.0 run-server --port 9001 &
+      with:
+        path: |
+          ~/.cache/ms-playwright
+        key: ${{ runner.os }}-playwright-${{ hashFiles('**/go.sum') }}
 
-      - name: Build
+    - name: install node deps
-        run: npm run build
+      run: |
+        npm ci
 
-      - name: Test
+    - name: install playwright browsers
-        run: npm run test
+      run: |
+        npx --no-install playwright@1.52.0 install --with-deps
+        npx --no-install playwright@1.52.0 run-server --port 9001 &
 
-      - name: Lint with staticcheck
+    - name: Build
-        uses: dominikh/staticcheck-action@024238d2898c874f26d723e7d0ff4308c35589a2 # v1.4.0
+      run: npm run build
-        with:
-          version: "latest"
 
-      - name: Govulncheck
+    - name: Test
-        run: |
+      run: npm run test
-          go tool govulncheck ./...
+
+    - name: Lint with staticcheck
+      uses: dominikh/staticcheck-action@024238d2898c874f26d723e7d0ff4308c35589a2 # v1.4.0
+      with:
+        version: "latest"
+
+    - name: Govulncheck
+      run: |
+        go tool govulncheck ./...

.github/workflows/package-builds-stable.yml

@@ -25,13 +25,39 @@ jobs:
           sudo apt-get update
           sudo apt-get install -y build-essential
 
-      - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
+      - name: Set up Homebrew
-        with:
+        uses: Homebrew/actions/setup-homebrew@main
-          node-version: latest
 
-      - uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0
+      - name: Setup Homebrew cellar cache
+        uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0
         with:
-          go-version: stable
+          path: |
+            /home/linuxbrew/.linuxbrew/Cellar
+            /home/linuxbrew/.linuxbrew/bin
+            /home/linuxbrew/.linuxbrew/etc
+            /home/linuxbrew/.linuxbrew/include
+            /home/linuxbrew/.linuxbrew/lib
+            /home/linuxbrew/.linuxbrew/opt
+            /home/linuxbrew/.linuxbrew/sbin
+            /home/linuxbrew/.linuxbrew/share
+            /home/linuxbrew/.linuxbrew/var
+          key: ${{ runner.os }}-go-homebrew-cellar-${{ hashFiles('go.sum') }}
+          restore-keys: |
+            ${{ runner.os }}-go-homebrew-cellar-
+
+      - name: Install Brew dependencies
+        run: |
+          brew bundle
+
+      - name: Setup Golang caches
+        uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0
+        with:
+          path: |
+            ~/.cache/go-build
+            ~/go/pkg/mod
+          key: ${{ runner.os }}-golang-${{ hashFiles('**/go.sum') }}
+          restore-keys: |
+            ${{ runner.os }}-golang-
 
       - name: install node deps
         run: |

.github/workflows/package-builds-unstable.yml

@@ -2,9 +2,9 @@ name: Package builds (unstable)
 
 on:
   push:
-    branches: ["main"]
+    branches: [ "main" ]
   pull_request:
-    branches: ["main"]
+    branches: [ "main" ]
 
 permissions:
   contents: read
@@ -15,34 +15,60 @@ jobs:
     #runs-on: alrest-techarohq
     runs-on: ubuntu-24.04
     steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+    - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
-        with:
+      with:
-          persist-credentials: false
+        persist-credentials: false
-          fetch-tags: true
+        fetch-tags: true
-          fetch-depth: 0
+        fetch-depth: 0
 
-      - name: build essential
+    - name: build essential
-        run: |
+      run: |
-          sudo apt-get update
+        sudo apt-get update
-          sudo apt-get install -y build-essential
+        sudo apt-get install -y build-essential
 
-      - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
+    - name: Set up Homebrew
-        with:
+      uses: Homebrew/actions/setup-homebrew@main
-          node-version: latest
 
-      - uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0
+    - name: Setup Homebrew cellar cache
-        with:
+      uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0
-          go-version: stable
+      with:
+        path: |
+          /home/linuxbrew/.linuxbrew/Cellar
+          /home/linuxbrew/.linuxbrew/bin
+          /home/linuxbrew/.linuxbrew/etc
+          /home/linuxbrew/.linuxbrew/include
+          /home/linuxbrew/.linuxbrew/lib
+          /home/linuxbrew/.linuxbrew/opt
+          /home/linuxbrew/.linuxbrew/sbin
+          /home/linuxbrew/.linuxbrew/share
+          /home/linuxbrew/.linuxbrew/var
+        key: ${{ runner.os }}-go-homebrew-cellar-${{ hashFiles('go.sum') }}
+        restore-keys: |
+          ${{ runner.os }}-go-homebrew-cellar-
 
-      - name: install node deps
+    - name: Install Brew dependencies
-        run: |
+      run: |
-          npm ci
+        brew bundle
 
-      - name: Build Packages
+    - name: Setup Golang caches
-        run: |
+      uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0
-          go tool yeet
+      with:
+        path: |
+          ~/.cache/go-build
+          ~/go/pkg/mod
+        key: ${{ runner.os }}-golang-${{ hashFiles('**/go.sum') }}
+        restore-keys: |
+          ${{ runner.os }}-golang-
 
-      - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
+    - name: install node deps
-        with:
+      run: |
-          name: packages
+        npm ci
-          path: var/*
+
+    - name: Build Packages
+      run: |
+        go tool yeet
+
+    - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
+      with:
+        name: packages
+        path: var/*

.github/workflows/smoke-tests.yml

@@ -15,7 +15,6 @@ jobs:
       matrix:
         test:
           - default-config-macro
-          - docker-registry
           - double_slash
           - forced-language
           - git-clone

data/clients/docker-client.yaml

@@ -1,25 +0,0 @@
-- name: allow-docker-client
-  action: ALLOW
-  expression:
-    all:
-      - path.startsWith("/v2/")
-      - userAgent.contains("docker/")
-      - userAgent.contains("git-commit/")
-      - '"Accept" in headers'
-      - headers["Accept"].contains("vnd.docker.distribution")
-      - '"Baggage" in headers'
-      - headers["Baggage"].contains("trigger")
-
-- name: allow-crane-client
-  action: ALLOW
-  expression:
-    all:
-      - userAgent.contains("crane/")
-      - userAgent.contains("go-containerregistry/")
-
-- name: allow-docker-distribution-api-client
-  action: ALLOW
-  expression:
-    all:
-      - '"Docker-Distribution-Api-Version" in headers'
-      - '!(userAgent.contains("Mozilla"))'

docs/docs/CHANGELOG.md

@@ -16,20 +16,6 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - Fix `SERVE_ROBOTS_TXT` setting file after the double slash fix broke it.
 - Remove the default configuration rule to block Tencent cloud. If users see abuse from Tencent cloud IP ranges, please contact abuse@tencent.com and mention that you are using Anubis to protect your services. Please include source IP address, source port, timestamp, target IP address, target port, request headers (including the User-Agent header), and target endpoints/patterns.
 
-### Potentially breaking changes
-
-#### Docker / OCI registry clients
-
-Anubis v1.23.0 accidentally blocked Docker / OCI registry clients. In order to explicitly allow them, add an import for `(data)/clients/docker-client.yaml`:
-
-```yaml
-bots:
-  - import: (data)/meta/default-config.yaml
-  - import: (data)/clients/docker-client.yaml
-```
-
-This is technically a regression as these clients used to work in Anubis v1.22.0, however it is allowable to make this opt-in as most websites do not expect to be serving Docker / OCI registry client traffic.
-
 ## v1.23.0: Lyse Hext
 
 - Add default tencent cloud DENY rule.

docs/docs/admin/roles/_category_.json

@@ -1,8 +0,0 @@
-{
-  "label": "Server Roles",
-  "position": 40,
-  "link": {
-    "type": "generated-index",
-    "description": "Various server roles you will need to keep in mind with Anubis."
-  }
-}

docs/docs/admin/roles/oci-registry.mdx

@@ -1,10 +0,0 @@
-# OCI Registries
-
-If you are serving an OCI registry behind Anubis, you will need to import the `(data)/clients/docker-client.yaml` file in order to make sure that OCI registry clients can download images:
-
-```yaml
-bots:
-  - import: (data)/meta/default-config.yaml
-  - import: (data)/clients/docker-client.yaml
-# ... the rest of your config
-```

lib/challenge/metarefresh/metarefresh_templ.go

@@ -1,6 +1,6 @@
 // Code generated by templ - DO NOT EDIT.
 
-// templ: version: v0.3.924
+// templ: version: v0.3.960
 package metarefresh
 
 //lint:file-ignore SA4006 This context is only used if a nested component is present.

lib/challenge/preact/preact_templ.go

@@ -1,6 +1,6 @@
 // Code generated by templ - DO NOT EDIT.
 
-// templ: version: v0.3.924
+// templ: version: v0.3.960
 package preact
 
 //lint:file-ignore SA4006 This context is only used if a nested component is present.

lib/challenge/proofofwork/proofofwork_templ.go

@@ -1,6 +1,6 @@
 // Code generated by templ - DO NOT EDIT.
 
-// templ: version: v0.3.924
+// templ: version: v0.3.960
 package proofofwork
 
 //lint:file-ignore SA4006 This context is only used if a nested component is present.

test/docker-registry/anubis.yaml

@@ -1,7 +0,0 @@
-bots:
-  - import: (data)/meta/default-config.yaml
-  - import: (data)/clients/docker-client.yaml
-
-status_codes:
-  CHALLENGE: 200
-  DENY: 403

test/docker-registry/docker-compose.yaml

@@ -1,30 +0,0 @@
-services:
-  registry:
-    image: distribution/distribution:edge
-    restart: always
-
-  relayd:
-    image: ghcr.io/xe/x/relayd
-    pull_policy: always
-    environment:
-      CERT_DIR: /etc/techaro/pki/registry.local.cetacean.club
-      CERT_FNAME: cert.pem
-      KEY_FNAME: key.pem
-      PROXY_TO: http://anubis:3000
-    ports:
-      - 3004:3004
-    volumes:
-      - ../pki/registry.local.cetacean.club:/etc/techaro/pki/registry.local.cetacean.club
-
-  anubis:
-    image: ko.local/anubis
-    restart: always
-    environment:
-      BIND: ":3000"
-      TARGET: http://registry:5000
-      POLICY_FNAME: /etc/techaro/anubis.yaml
-      USE_REMOTE_ADDRESS: "true"
-    ports:
-      - 3000
-    volumes:
-      - ./anubis.yaml:/etc/techaro/anubis.yaml

test/docker-registry/test.sh

@@ -1,29 +0,0 @@
-#!/usr/bin/env bash
-
-set -eo pipefail
-
-export VERSION=${GITHUB_SHA}-test
-export KO_DOCKER_REPO=ko.local
-
-set -u
-
-source ../lib/lib.sh
-
-build_anubis_ko
-
-function cleanup() {
-	docker compose down
-}
-
-trap cleanup EXIT SIGINT
-
-mint_cert registry.local.cetacean.club
-
-docker compose up -d
-
-backoff-retry skopeo \
-	--insecure-policy \
-	copy \
-	--dest-tls-verify=false \
-	docker://hello-world \
-	docker://registry.local.cetacean.club:3004/hello-world

test/docker-registry/var/.gitignore

@@ -1,2 +0,0 @@
-*
-!.gitignore

test/git-push/test.sh

@@ -2,7 +2,7 @@
 
 set -eo pipefail
 
-export VERSION=${GITHUB_SHA}-test
+export VERSION=$GITHUB_COMMIT-test
 export KO_DOCKER_REPO=ko.local
 
 set -u
@@ -21,16 +21,16 @@ docker compose up -d
 sleep 2
 
 (
-	cd var &&
+  cd var && \
-		mkdir foo &&
+  mkdir foo && \
-		cd foo &&
+  cd foo && \
-		git init &&
+  git init && \
-		touch README &&
+  touch README && \
-		git add . &&
+  git add . && \
-		git config user.name "Anubis CI" &&
+  git config user.name "Anubis CI" && \
-		git config user.email "social+anubis-ci@techaro.lol" &&
+  git config user.email "social+anubis-ci@techaro.lol" && \
-		git commit -sm "initial commit" &&
+  git commit -sm "initial commit" && \
-		git push -u http://localhost:3000/git/foo.git master
+  git push -u http://localhost:3000/git/foo.git master
 )
 
-exit 0
+exit 0

web/index_templ.go

@@ -1,6 +1,6 @@
 // Code generated by templ - DO NOT EDIT.
 
-// templ: version: v0.3.924
+// templ: version: v0.3.960
 package web
 
 //lint:file-ignore SA4006 This context is only used if a nested component is present.