chore: fix unclean uncommit

Signed-off-by: Xe Iaso <me@xeiaso.net>
Merge branch 'main' into Xe/small-sec-fixes
2026-06-09 22:08:15 +00:00 · 2026-05-30 00:44:05 -04:00 · 2026-05-30 00:42:41 -04:00 · 2026-05-30 00:42:10 -04:00 · 2026-05-30 00:40:46 -04:00 · 2026-05-30 00:39:41 -04:00
9 changed files with 21 additions and 75 deletions
@@ -44,4 +44,3 @@ xou
 AWOO
 firewalls
 bindhosts
-handrolled
@@ -10,3 +10,4 @@ builds:
    ldflags:
      - -s -w
      - -extldflags "-static"
+      - -X github.com/TecharoHQ/anubis.Version={{.Env.VERSION}}
@@ -1,27 +1,12 @@
 // Package anubis contains the version number of Anubis.
 package anubis

-import (
-	"runtime/debug"
-	"time"
-)
-
-func init() {
-	bi, ok := debug.ReadBuildInfo()
-	if !ok {
-		return
-	}
-
-	// XXX(Xe): many things in this repo assume that the development version
-	// of anubis is `devel` and ReadBuildInfo returns `(devel)`. Shim the gap.
-	if bi.Main.Version != "(devel)" {
-		Version = bi.Main.Version
-	}
-}
+import "time"

 // Version is the current version of Anubis.
 //
-// This is set from the Go module runtime version.
+// This variable is set at build time using the -X linker flag. If not set,
+// it defaults to "devel".
 var Version = "devel"

 // CookieName is the name of the cookie that Anubis uses in order to validate
@@ -36,7 +36,6 @@ import (
 	"github.com/TecharoHQ/anubis/lib/thoth"
 	"github.com/TecharoHQ/anubis/web"
 	"github.com/facebookgo/flagenv"
-	"github.com/google/uuid"
 	_ "github.com/joho/godotenv/autoload"
 	healthv1 "google.golang.org/grpc/health/grpc_health_v1"
 )
@@ -194,9 +193,6 @@ func main() {
 	flagenv.Parse()
 	flag.Parse()

-	// Must be set before any concurrent UUID call.
-	uuid.EnableRandPool()
-
 	if *versionFlag {
 		fmt.Println("Anubis", anubis.Version)
 		return
@@ -23,7 +23,6 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - Improve error messages and fix broken REDIRECT_DOMAINS link in docs ([#1193](https://github.com/TecharoHQ/anubis/issues/1193))
 - Add Bulgarian locale ([#1394](https://github.com/TecharoHQ/anubis/pull/1394))
 - Fixed case-sensitivity mismatch in geoipchecker.go
- Use [Go's native version stamping](https://michael.stapelberg.ch/posts/2026-04-05-stamp-it-all-programs-must-report-their-version/) instead of a handrolled variant.
 - Fix CEL internal errors when iterating `headers`/`query` map wrappers by implementing map iterators for `HTTPHeaders` and `URLValues` ([#1465](https://github.com/TecharoHQ/anubis/pull/1465)).
 - Enable [metrics serving via TLS](./admin/policies.mdx#tls), including [mutual TLS (mTLS)](./admin/policies.mdx#mtls).
 - Enable [HTTP basic auth](./admin/policies.mdx#http-basic-authentication) for the metrics server.
@@ -40,9 +39,6 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - Fix a race in the bbolt store where the asynchronous cleanup scheduled by an expired read could delete a value that had just been refreshed; the delete now only fires when the key still carries the same expired generation it observed.
 - Marginally increase the performances of requests processing
 - Marginally improve the performances of PoW validation
- Marginally improve the performances of challenges generation/display
- Significantly improve the performances of the gzip middleware
- Significantly improve the performances of the PoW validation

 ## v1.25.0: Necron

@@ -2,28 +2,11 @@ package internal

 import (
 	"compress/gzip"
-	"io"
 	"net/http"
 	"strings"
-	"sync"
 )

 func GzipMiddleware(level int, next http.Handler) http.Handler {
-	// Validate the level once at setup; gzip.NewWriterLevel only fails for
-	// invalid levels and we'd rather panic now than mid-request.
-	if _, err := gzip.NewWriterLevel(io.Discard, level); err != nil {
-		panic(err)
-	}
-
-	// Per-middleware pool of *gzip.Writer. Each entry carries ~40 KiB of
-	// deflate buffers; reusing them avoids that allocation on every request.
-	pool := sync.Pool{
-		New: func() any {
-			gz, _ := gzip.NewWriterLevel(io.Discard, level)
-			return gz
-		},
-	}
-
 	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		if !strings.Contains(r.Header.Get("Accept-Encoding"), "gzip") {
 			next.ServeHTTP(w, r)
@@ -31,13 +14,11 @@ func GzipMiddleware(level int, next http.Handler) http.Handler {
 		}

 		w.Header().Set("Content-Encoding", "gzip")
-		gz := pool.Get().(*gzip.Writer)
-		gz.Reset(w)
-		defer func() {
-			gz.Close()
-			gz.Reset(io.Discard)
-			pool.Put(gz)
-		}()
+		gz, err := gzip.NewWriterLevel(w, level)
+		if err != nil {
+			panic(err)
+		}
+		defer gz.Close()

 		grw := gzipResponseWriter{ResponseWriter: w, sink: gz}
 		next.ServeHTTP(grw, r)
@@ -4,7 +4,6 @@ import (
 	"context"
 	"crypto/ed25519"
 	"crypto/rand"
-	"encoding/hex"
 	"encoding/json"
 	"errors"
 	"fmt"
@@ -163,7 +162,6 @@ func (s *Server) issueChallenge(ctx context.Context, r *http.Request, lg *slog.L
 	if err != nil {
 		return nil, err
 	}
-	idStr := id.String()

 	var randomData = make([]byte, 64)
 	if _, err := rand.Read(randomData); err != nil {
@@ -171,9 +169,9 @@ func (s *Server) issueChallenge(ctx context.Context, r *http.Request, lg *slog.L
 	}

 	chall := challenge.Challenge{
-		ID:             idStr,
+		ID:             id.String(),
 		Method:         rule.Challenge.Algorithm,
-		RandomData:     hex.EncodeToString(randomData),
+		RandomData:     fmt.Sprintf("%x", randomData),
 		IssuedAt:       time.Now(),
 		Difficulty:     rule.Challenge.Difficulty,
 		PolicyRuleHash: rule.Hash(),
@@ -184,11 +182,11 @@ func (s *Server) issueChallenge(ctx context.Context, r *http.Request, lg *slog.L
 	}

 	j := store.JSON[challenge.Challenge]{Underlying: s.store}
-	if err := j.Set(ctx, "challenge:"+idStr, chall, 30*time.Minute); err != nil {
+	if err := j.Set(ctx, "challenge:"+id.String(), chall, 30*time.Minute); err != nil {
 		return nil, err
 	}

-	lg.Info("new challenge issued", "challenge", idStr, "weight", cr.Weight)
+	lg.Info("new challenge issued", "challenge", id.String(), "weight", cr.Weight)

 	return &chall, err
 }
@@ -242,7 +240,7 @@ func (s *Server) maybeReverseProxyOrPage(w http.ResponseWriter, r *http.Request)
 func (s *Server) maybeReverseProxy(w http.ResponseWriter, r *http.Request, httpStatusOnly bool) {
 	lg, r := s.getRequestLogger(r)

-	if val, _ := s.store.Get(r.Context(), "ogtags:allow:"+r.Host+r.URL.String()); val != nil {
+	if val, _ := s.store.Get(r.Context(), fmt.Sprintf("ogtags:allow:%s%s", r.Host, r.URL.String())); val != nil {
 		lg.Debug("serving opengraph tag asset")
 		s.ServeHTTPNext(w, r)
 		return
@@ -1,15 +1,14 @@
 package proofofwork

 import (
-	"crypto/sha256"
 	"crypto/subtle"
-	"encoding/hex"
 	"fmt"
 	"log/slog"
 	"net/http"
 	"strconv"
 	"strings"

+	"github.com/TecharoHQ/anubis/internal"
 	chall "github.com/TecharoHQ/anubis/lib/challenge"
 	"github.com/TecharoHQ/anubis/lib/localization"
 	"github.com/a-h/templ"
@@ -67,20 +66,11 @@ func (i *Impl) Validate(r *http.Request, lg *slog.Logger, in *chall.ValidateInpu
 		return chall.NewError("validate", "invalid response", fmt.Errorf("%w response", chall.ErrMissingField))
 	}

-	// Stream the challenge and nonce into a single sha256 hasher to avoid
-	// the intermediate "challenge + nonceStr" concatenation. Hex-encode
-	// the digest into a stack buffer so the comparison runs without
-	// allocating a heap string.
-	h := sha256.New()
-	h.Write([]byte(challenge))
-	h.Write([]byte(nonceStr))
-	var sumBuf [sha256.Size]byte
-	sum := h.Sum(sumBuf[:0])
-	var hexBuf [sha256.Size * 2]byte
-	hex.Encode(hexBuf[:], sum)
+	calcString := challenge + nonceStr
+	calculated := internal.SHA256sum(calcString)

-	if subtle.ConstantTimeCompare([]byte(response), hexBuf[:]) != 1 {
-		return chall.NewError("validate", "invalid response", fmt.Errorf("%w: wanted response %s but got %s", chall.ErrFailed, string(hexBuf[:]), response))
+	if subtle.ConstantTimeCompare([]byte(response), []byte(calculated)) != 1 {
+		return chall.NewError("validate", "invalid response", fmt.Errorf("%w: wanted response %s but got %s", chall.ErrFailed, calculated, response))
 	}

 	// compare the leading zeroes
@@ -17,8 +17,8 @@ $`npm run assets`;
      },

      build: ({ bin, etc, systemd, doc }) => {
-        $`go build -o ${bin}/anubis -ldflags '-s -w -extldflags "-static" ./cmd/anubis`;
-        $`go build -o ${bin}/anubis-robots2policy -ldflags '-s -w -extldflags "-static"' ./cmd/robots2policy`;
+        $`go build -o ${bin}/anubis -ldflags '-s -w -extldflags "-static" -X "github.com/TecharoHQ/anubis.Version=${git.tag()}"' ./cmd/anubis`;
+        $`go build -o ${bin}/anubis-robots2policy -ldflags '-s -w -extldflags "-static" -X "github.com/TecharoHQ/anubis.Version=${git.tag()}"' ./cmd/robots2policy`;

        file.install("./run/anubis@.service", `${systemd}/anubis@.service`);
        file.install("./run/default.env", `${etc}/default.env`);
Author	SHA1	Message	Date
Xe Iaso	4c42236b97	chore: fix unclean uncommit Signed-off-by: Xe Iaso <me@xeiaso.net>	2026-05-30 00:44:05 -04:00
Xe Iaso	0d8d9f40d8	Merge branch 'main' into Xe/small-sec-fixes Signed-off-by: Xe Iaso <xe.iaso@techaro.lol>	2026-05-30 00:42:41 -04:00
Xe Iaso	5c33f31fdc	chore: spelling Signed-off-by: Xe Iaso <me@xeiaso.net>	2026-05-30 00:42:10 -04:00
Xe Iaso	da80db94e4	chore: spelling Signed-off-by: Xe Iaso <me@xeiaso.net>	2026-05-30 00:40:46 -04:00
Xe Iaso	69ae404fc3	fix(bbolt): small correctness fix Signed-off-by: Xe Iaso <me@xeiaso.net>	2026-05-30 00:39:41 -04:00
Xe Iaso	97d15cd803	fix(expressions): validate randInt bounds before rand.IntN Non-positive or platform-overflowing arguments to the CEL randInt helper used to reach rand.IntN unchecked, surfacing a CEL evaluator error during request processing when policies passed attacker-influenced values (e.g. contentLength). Reject non-positive bounds and detect int narrowing explicitly, returning a typed CEL error in both cases. Ref: AWOO-010 Signed-off-by: Xe Iaso <me@xeiaso.net>	2026-05-18 21:27:28 -04:00
Xe Iaso	120a730a66	fix(lib): mend case where domainless redirects could allow cross-domain Ref: AWOO-009 Signed-off-by: Xe Iaso <me@xeiaso.net>	2026-05-18 21:22:45 -04:00
Xe Iaso	386e92eb97	fix(expressions): mend possible nil pointer deref edge case If Anubis just started up, load averages may not be set in memory. This can cause a nil pointer dereference which could fail requests with weird errors until the async thread sets the load averages. Ref: AWOO-005 Signed-off-by: Xe Iaso <me@xeiaso.net>	2026-05-18 21:12:38 -04:00
Xe Iaso	e3f500cb56	fix(policy): mend an edge case with subrequest auth and query strings This fixes an unlikely edge case where using subrequest auth and query strings with path based filtering can cause reality to differ from administrator intent. This effectively strips the query string from subrequest auth checks. This deficiency should be fixed in the future. Ref: AWOO-004 Signed-off-by: Xe Iaso <me@xeiaso.net>	2026-05-18 21:08:38 -04:00
Xe Iaso	75aa251406	fix(honeypot/naive): cap r9k delay to one second Otherwise this can get unbounded, which can cause problems with lesser HTTP proxies such as Apache. Ref: AWOO-002 Signed-off-by: Xe Iaso <me@xeiaso.net>	2026-05-18 21:00:36 -04:00
Xe Iaso	324c2f4fed	fix(metrics): don't expose pprof by default pprof[1] is the Go standard library profiling toolkit. It is invaluable for diagnosing how Go programs perform in the wild. However it also is able to expose secret data set with command line flags. This is not ideal and should be mitigated by correctly configured firewall rules. We don't live in a world where people correctly configure firewall rules, so we have to fix things for people. Welcome to 2026. [1]: https://pkg.go.dev/runtime/pprof Ref: AWOO-001 Signed-off-by: Xe Iaso <me@xeiaso.net>	2026-05-18 20:54:28 -04:00