mirror of
https://github.com/TecharoHQ/anubis.git
synced 2026-05-09 16:42:52 +00:00
Compare commits
4 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
 Jason Cameron
|
33ea6c714f | ||
|
Jason Cameron
|
8e9b641280 | ||
|
Jason Cameron
|
d21c67f902 | ||
|
Jason Cameron
|
19e82973af |
@@ -1,12 +1,12 @@
|
||||
<!--
|
||||
delete me and describe your change here, give enough context for a maintainer to understand what and why
|
||||
|
||||
See https://github.com/TecharoHQ/anubis/blob/main/CONTRIBUTING.md for more information
|
||||
See https://anubis.techaro.lol/docs/developer/code-quality for more information
|
||||
-->
|
||||
|
||||
Checklist:
|
||||
|
||||
- [ ] Added a description of the changes to the `[Unreleased]` section of docs/docs/CHANGELOG.md
|
||||
- [ ] Added test cases to [the relevant parts of the codebase](https://github.com/TecharoHQ/anubis/blob/main/CONTRIBUTING.md)
|
||||
- [ ] Added test cases to [the relevant parts of the codebase](https://anubis.techaro.lol/docs/developer/code-quality)
|
||||
- [ ] Ran integration tests `npm run test:integration` (unsupported on Windows, please use WSL)
|
||||
- [ ] All of my commits have [verified signatures](https://anubis.techaro.lol/docs/developer/signed-commits)
|
||||
|
||||
@@ -26,6 +26,3 @@ blocklists
|
||||
rififi
|
||||
prolocation
|
||||
Prolocation
|
||||
Necron
|
||||
Stargate
|
||||
FFXIV
|
||||
|
||||
@@ -119,7 +119,6 @@ FCr
|
||||
fcrdns
|
||||
fediverse
|
||||
ffprobe
|
||||
FFXIV
|
||||
fhdr
|
||||
financials
|
||||
finfos
|
||||
@@ -239,7 +238,6 @@ mymaster
|
||||
mypass
|
||||
myuser
|
||||
nbf
|
||||
Necron
|
||||
nepeat
|
||||
netsurf
|
||||
nginx
|
||||
@@ -331,13 +329,12 @@ Spambot
|
||||
spammer
|
||||
sparkline
|
||||
spyderbot
|
||||
srcip
|
||||
srv
|
||||
stackoverflow
|
||||
Stargate
|
||||
startprecmd
|
||||
stoppostcmd
|
||||
storetest
|
||||
srcip
|
||||
strcmp
|
||||
subgrid
|
||||
subr
|
||||
|
||||
@@ -22,12 +22,12 @@ jobs:
|
||||
sudo apt-get update
|
||||
sudo apt-get install -y build-essential
|
||||
|
||||
- uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0
|
||||
- uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0
|
||||
with:
|
||||
node-version: "24.11.0"
|
||||
- uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0
|
||||
- uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v6.2.0
|
||||
with:
|
||||
go-version: "1.25.7"
|
||||
go-version: "1.25.4"
|
||||
|
||||
- name: install node deps
|
||||
run: |
|
||||
|
||||
@@ -26,18 +26,18 @@ jobs:
|
||||
sudo apt-get update
|
||||
sudo apt-get install -y build-essential
|
||||
|
||||
- uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0
|
||||
- uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0
|
||||
with:
|
||||
node-version: "24.11.0"
|
||||
- uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0
|
||||
- uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v6.2.0
|
||||
with:
|
||||
go-version: "stable"
|
||||
go-version: "1.25.4"
|
||||
|
||||
- uses: ko-build/setup-ko@d006021bd0c28d1ce33a07e7943d48b079944c8d # v0.9
|
||||
|
||||
- name: Docker meta
|
||||
id: meta
|
||||
uses: docker/metadata-action@030e881283bb7a6894de51c315a6bfe6a94e05cf # v6.0.0
|
||||
uses: docker/metadata-action@c299e40c65443455700f0fdfc63efafe5b349051 # v5.10.0
|
||||
with:
|
||||
images: ghcr.io/${{ github.repository }}
|
||||
|
||||
|
||||
@@ -36,17 +36,17 @@ jobs:
|
||||
run: |
|
||||
echo "IMAGE=ghcr.io/${GITHUB_REPOSITORY,,}" >> $GITHUB_ENV
|
||||
|
||||
- uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0
|
||||
- uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0
|
||||
with:
|
||||
node-version: "24.11.0"
|
||||
- uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0
|
||||
- uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v6.2.0
|
||||
with:
|
||||
go-version: "stable"
|
||||
go-version: "1.25.4"
|
||||
|
||||
- uses: ko-build/setup-ko@d006021bd0c28d1ce33a07e7943d48b079944c8d # v0.9
|
||||
|
||||
- name: Log into registry
|
||||
uses: docker/login-action@b45d80f862d83dbcd57f89517bcf500b2ab88fb2 # v4.0.0
|
||||
uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3.7.0
|
||||
with:
|
||||
registry: ghcr.io
|
||||
username: ${{ github.repository_owner }}
|
||||
@@ -54,7 +54,7 @@ jobs:
|
||||
|
||||
- name: Docker meta
|
||||
id: meta
|
||||
uses: docker/metadata-action@030e881283bb7a6894de51c315a6bfe6a94e05cf # v6.0.0
|
||||
uses: docker/metadata-action@c299e40c65443455700f0fdfc63efafe5b349051 # v5.10.0
|
||||
with:
|
||||
images: ${{ env.IMAGE }}
|
||||
|
||||
@@ -68,7 +68,7 @@ jobs:
|
||||
SLOG_LEVEL: debug
|
||||
|
||||
- name: Generate artifact attestation
|
||||
uses: actions/attest-build-provenance@a2bbfa25375fe432b6a289bc6b6cd05ecd0c4c32 # v4.1.0
|
||||
uses: actions/attest-build-provenance@96278af6caaf10aea03fd8d33a09a777ca52d62f # v3.2.0
|
||||
with:
|
||||
subject-name: ${{ env.IMAGE }}
|
||||
subject-digest: ${{ steps.build.outputs.digest }}
|
||||
|
||||
@@ -22,10 +22,10 @@ jobs:
|
||||
persist-credentials: false
|
||||
|
||||
- name: Set up Docker Buildx
|
||||
uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4.0.0
|
||||
uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3.12.0
|
||||
|
||||
- name: Log into registry
|
||||
uses: docker/login-action@b45d80f862d83dbcd57f89517bcf500b2ab88fb2 # v4.0.0
|
||||
uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3.7.0
|
||||
with:
|
||||
registry: ghcr.io
|
||||
username: techarohq
|
||||
@@ -33,7 +33,7 @@ jobs:
|
||||
|
||||
- name: Docker meta
|
||||
id: meta
|
||||
uses: docker/metadata-action@030e881283bb7a6894de51c315a6bfe6a94e05cf # v6.0.0
|
||||
uses: docker/metadata-action@c299e40c65443455700f0fdfc63efafe5b349051 # v5.10.0
|
||||
with:
|
||||
images: ghcr.io/techarohq/anubis/docs
|
||||
tags: |
|
||||
@@ -42,7 +42,7 @@ jobs:
|
||||
|
||||
- name: Build and push
|
||||
id: build
|
||||
uses: docker/build-push-action@d08e5c354a6adb9ed34480a06d141179aa583294 # v7.0.0
|
||||
uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0
|
||||
with:
|
||||
context: ./docs
|
||||
cache-to: type=gha
|
||||
@@ -53,14 +53,14 @@ jobs:
|
||||
push: true
|
||||
|
||||
- name: Apply k8s manifests to limsa lominsa
|
||||
uses: actions-hub/kubectl@5ada4e2c02eacc03978c2437e95c8b0f979a9619 # v1.35.2
|
||||
uses: actions-hub/kubectl@3ece3793e7a9fe94effe257d03ac834c815ea87d # v1.35.1
|
||||
env:
|
||||
KUBE_CONFIG: ${{ secrets.LIMSA_LOMINSA_KUBECONFIG }}
|
||||
with:
|
||||
args: apply -k docs/manifest
|
||||
|
||||
- name: Apply k8s manifests to limsa lominsa
|
||||
uses: actions-hub/kubectl@5ada4e2c02eacc03978c2437e95c8b0f979a9619 # v1.35.2
|
||||
uses: actions-hub/kubectl@3ece3793e7a9fe94effe257d03ac834c815ea87d # v1.35.1
|
||||
env:
|
||||
KUBE_CONFIG: ${{ secrets.LIMSA_LOMINSA_KUBECONFIG }}
|
||||
with:
|
||||
|
||||
@@ -18,11 +18,11 @@ jobs:
|
||||
persist-credentials: false
|
||||
|
||||
- name: Set up Docker Buildx
|
||||
uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4.0.0
|
||||
uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3.12.0
|
||||
|
||||
- name: Docker meta
|
||||
id: meta
|
||||
uses: docker/metadata-action@030e881283bb7a6894de51c315a6bfe6a94e05cf # v6.0.0
|
||||
uses: docker/metadata-action@c299e40c65443455700f0fdfc63efafe5b349051 # v5.10.0
|
||||
with:
|
||||
images: ghcr.io/techarohq/anubis/docs
|
||||
tags: |
|
||||
@@ -31,7 +31,7 @@ jobs:
|
||||
|
||||
- name: Build and push
|
||||
id: build
|
||||
uses: docker/build-push-action@d08e5c354a6adb9ed34480a06d141179aa583294 # v7.0.0
|
||||
uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0
|
||||
with:
|
||||
context: ./docs
|
||||
cache-to: type=gha
|
||||
|
||||
@@ -17,9 +17,9 @@ jobs:
|
||||
with:
|
||||
persist-credentials: false
|
||||
|
||||
- uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0
|
||||
- uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v6.2.0
|
||||
with:
|
||||
go-version: "stable"
|
||||
go-version: "1.25.4"
|
||||
|
||||
- name: Check go.mod and go.sum in main directory
|
||||
run: |
|
||||
|
||||
@@ -24,12 +24,12 @@ jobs:
|
||||
sudo apt-get update
|
||||
sudo apt-get install -y build-essential
|
||||
|
||||
- uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0
|
||||
- uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0
|
||||
with:
|
||||
node-version: "24.11.0"
|
||||
- uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0
|
||||
- uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v6.2.0
|
||||
with:
|
||||
go-version: "stable"
|
||||
go-version: "1.25.4"
|
||||
|
||||
- name: Cache playwright binaries
|
||||
uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3
|
||||
@@ -55,10 +55,10 @@ jobs:
|
||||
run: npm run test
|
||||
|
||||
- name: Lint with staticcheck
|
||||
uses: dominikh/staticcheck-action@9716614d4101e79b4340dd97b10e54d68234e431 # v1.4.1
|
||||
uses: dominikh/staticcheck-action@024238d2898c874f26d723e7d0ff4308c35589a2 # v1.4.0
|
||||
with:
|
||||
version: "latest"
|
||||
|
||||
- name: Govulncheck
|
||||
run: |
|
||||
go tool govulncheck ./... ||:
|
||||
go tool govulncheck ./...
|
||||
|
||||
@@ -25,12 +25,12 @@ jobs:
|
||||
sudo apt-get update
|
||||
sudo apt-get install -y build-essential
|
||||
|
||||
- uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0
|
||||
- uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0
|
||||
with:
|
||||
node-version: "24.11.0"
|
||||
- uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0
|
||||
- uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v6.2.0
|
||||
with:
|
||||
go-version: "stable"
|
||||
go-version: "1.25.4"
|
||||
|
||||
- name: install node deps
|
||||
run: |
|
||||
|
||||
@@ -26,12 +26,12 @@ jobs:
|
||||
sudo apt-get update
|
||||
sudo apt-get install -y build-essential
|
||||
|
||||
- uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0
|
||||
- uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0
|
||||
with:
|
||||
node-version: "24.11.0"
|
||||
- uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0
|
||||
- uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v6.2.0
|
||||
with:
|
||||
go-version: "stable"
|
||||
go-version: "1.25.4"
|
||||
|
||||
- name: install node deps
|
||||
run: |
|
||||
@@ -41,7 +41,7 @@ jobs:
|
||||
run: |
|
||||
go tool yeet
|
||||
|
||||
- uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
|
||||
- uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
|
||||
with:
|
||||
name: packages
|
||||
path: var/*
|
||||
|
||||
@@ -34,12 +34,12 @@ jobs:
|
||||
with:
|
||||
persist-credentials: false
|
||||
|
||||
- uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0
|
||||
- uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0
|
||||
with:
|
||||
node-version: "24.11.0"
|
||||
- uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0
|
||||
- uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v6.2.0
|
||||
with:
|
||||
go-version: "stable"
|
||||
go-version: "1.25.4"
|
||||
|
||||
- uses: ko-build/setup-ko@d006021bd0c28d1ce33a07e7943d48b079944c8d # v0.9
|
||||
|
||||
@@ -57,7 +57,7 @@ jobs:
|
||||
run: echo "ARTIFACT_NAME=${{ matrix.test }}" | sed 's|/|-|g' >> $GITHUB_ENV
|
||||
|
||||
- name: Upload artifact
|
||||
uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f
|
||||
uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f
|
||||
if: always()
|
||||
with:
|
||||
name: ${{ env.ARTIFACT_NAME }}
|
||||
|
||||
@@ -24,13 +24,13 @@ jobs:
|
||||
fetch-depth: 0
|
||||
persist-credentials: false
|
||||
- name: Log into registry
|
||||
uses: docker/login-action@b45d80f862d83dbcd57f89517bcf500b2ab88fb2 # v4.0.0
|
||||
uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3.7.0
|
||||
with:
|
||||
registry: ghcr.io
|
||||
username: ${{ github.repository_owner }}
|
||||
password: ${{ secrets.GITHUB_TOKEN }}
|
||||
- name: Set up Docker Buildx
|
||||
uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4.0.0
|
||||
uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3.12.0
|
||||
- name: Build and push
|
||||
run: |
|
||||
cd ./test/ssh-ci
|
||||
|
||||
@@ -29,15 +29,15 @@ jobs:
|
||||
persist-credentials: false
|
||||
|
||||
- name: Install CI target SSH key
|
||||
uses: shimataro/ssh-key-action@6b84f2e793b32fa0b03a379cadadec75cc539391 # v2.8.0
|
||||
uses: shimataro/ssh-key-action@d4fffb50872869abe2d9a9098a6d9c5aa7d16be4 # v2.7.0
|
||||
with:
|
||||
key: ${{ secrets.CI_SSH_KEY }}
|
||||
name: id_rsa
|
||||
known_hosts: ${{ secrets.CI_SSH_KNOWN_HOSTS }}
|
||||
|
||||
- uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0
|
||||
- uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v6.2.0
|
||||
with:
|
||||
go-version: "stable"
|
||||
go-version: "1.25.4"
|
||||
|
||||
- name: Run CI
|
||||
run: go run ./utils/cmd/backoff-retry bash test/ssh-ci/rigging.sh ${{ matrix.host }}
|
||||
|
||||
@@ -24,6 +24,7 @@ build: assets
|
||||
lint: assets
|
||||
$(GO) vet ./...
|
||||
$(GO) tool staticcheck ./...
|
||||
$(GO) tool govulncheck ./...
|
||||
|
||||
prebaked-build:
|
||||
$(GO) build -o ./var/anubis -ldflags "-X 'github.com/TecharoHQ/anubis.Version=$(VERSION)'" ./cmd/anubis
|
||||
|
||||
@@ -11,10 +11,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
|
||||
|
||||
## [Unreleased]
|
||||
|
||||
- Instruct reverse proxies to not cache error pages.
|
||||
- Fixed mixed tab/space indentation in Caddy documentation code block
|
||||
|
||||
<!-- This changes the project to: -->
|
||||
- Fix CEL internal errors when iterating `headers`/`query` map wrappers by implementing map iterators for `HTTPHeaders` and `URLValues` ([#1465](https://github.com/TecharoHQ/anubis/pull/1465)).
|
||||
|
||||
## v1.25.0: Necron
|
||||
|
||||
|
||||
@@ -393,32 +393,6 @@ logging:
|
||||
|
||||
When files are rotated out, the old files will be named after the rotation timestamp in [RFC 3339 format](https://www.rfc-editor.org/rfc/rfc3339).
|
||||
|
||||
:::note
|
||||
|
||||
If you are running Anubis in systemd via a native package, the default systemd unit settings are very restrictive and will forbid writing to folders in `/var/log`. In order to fix this, please make a [drop-in unit](https://www.flatcar.org/docs/latest/setup/systemd/drop-in-units/) like the following:
|
||||
|
||||
```text
|
||||
# /etc/systemd/anubis@instance-name.service.d/50-var-log-readwrite.conf
|
||||
[Service]
|
||||
ReadWritePaths=/run /var/log/anubis
|
||||
```
|
||||
|
||||
Once you write this to the correct place, reload the systemd configuration:
|
||||
|
||||
```text
|
||||
sudo systemctl daemon-reload
|
||||
```
|
||||
|
||||
And then restart Anubis:
|
||||
|
||||
```text
|
||||
sudo systemctl restart anubis@instance-name
|
||||
```
|
||||
|
||||
You may be required to make drop-ins for each Anubis instance depending on the facts and circumstances of your deployment.
|
||||
|
||||
:::
|
||||
|
||||
### `stdio` sink
|
||||
|
||||
By default, Anubis logs everything to the standard error stream of its process. This requires no configuration:
|
||||
|
||||
@@ -0,0 +1,31 @@
|
||||
---
|
||||
title: Code quality guidelines
|
||||
---
|
||||
|
||||
When submitting code to Anubis, please take the time to consider the fact that this project is security software. If things go bad, bots can pummel sites into oblivion. This is not ideal for uptime.
|
||||
|
||||
As such, code reviews will be a bit more strict than you have seen in other projects. This is not people trying to be mean, this is a side effect of taking the problem seriously.
|
||||
|
||||
When making code changes, try to do the following:
|
||||
|
||||
- If you're submitting a bugfix, add a test case for it
|
||||
- If you're changing the JavaScript, make sure the integration tests pass (`npm run test:integration`)
|
||||
|
||||
## Commit messages
|
||||
|
||||
Anubis follows the Go project's conventions for commit messages. In general, an ideal commit message should read like this:
|
||||
|
||||
```text
|
||||
path/to/folder: brief description of the change
|
||||
|
||||
If the change is subtle, has implementation consequences, or is otherwise
|
||||
not entirely self-describing: take the time to spell out why. If things
|
||||
are very subtle, please also amend the documentation accordingly
|
||||
```
|
||||
|
||||
The subject of a commit message should be the second half of the sentence "This commit changes the Anubis project to:". Here's a few examples:
|
||||
|
||||
- `disable DroneBL by default`
|
||||
- `port the challenge to WebAssembly`
|
||||
|
||||
The extended commit message is also your place to give rationale for a new feature. When maintainers are reviewing your code, they will use this to figure out if the burden from feature maintainership is worth the merge.
|
||||
@@ -38,8 +38,10 @@ This page contains a non-exhaustive list with all websites using Anubis.
|
||||
- https://squirreljme.cc/
|
||||
- https://superlove.sayitditto.net/
|
||||
- https://svnweb.freebsd.org/
|
||||
- https://trac.ffmpeg.org/
|
||||
- https://tumfatig.net/
|
||||
- https://wiki.archlinux.org/
|
||||
- https://wiki.dolphin-emu.org/
|
||||
- https://wiki.freepascal.org/
|
||||
- https://wiki.koha-community.org/
|
||||
- https://www.cfaarchive.org/
|
||||
@@ -51,11 +53,6 @@ This page contains a non-exhaustive list with all websites using Anubis.
|
||||
- https://bbs.archlinux32.org/
|
||||
- https://bugs.archlinux32.org/
|
||||
</details>
|
||||
- <details>
|
||||
<summary>Dolphin Emulator</summary>
|
||||
- https://forums.dolphin-emu.org/
|
||||
- https://wiki.dolphin-emu.org/
|
||||
</details>
|
||||
- <details>
|
||||
<summary>Duke University</summary>
|
||||
- https://repository.duke.edu/
|
||||
@@ -63,11 +60,6 @@ This page contains a non-exhaustive list with all websites using Anubis.
|
||||
- https://find.library.duke.edu/
|
||||
- https://nicholas.duke.edu/
|
||||
</details>
|
||||
- <details>
|
||||
<summary>FFmpeg</summary>
|
||||
- https://git.ffmpeg.org/
|
||||
- https://trac.ffmpeg.org/
|
||||
</details>
|
||||
- <details>
|
||||
<summary>Forschungszentrum Jülich</summary>
|
||||
- https://juser.fz-juelich.de/
|
||||
@@ -120,8 +112,11 @@ This page contains a non-exhaustive list with all websites using Anubis.
|
||||
- https://git.kernel.org/
|
||||
- https://lore.kernel.org/
|
||||
</details>
|
||||
- <details>
|
||||
<summary>The United Nations</summary>
|
||||
- https://policytoolbox.iiep.unesco.org/
|
||||
</details>
|
||||
- <details>
|
||||
<summary>Valve Corporation</summary>
|
||||
- https://developer.valvesoftware.com/wiki/Main_Page
|
||||
- https://wiki.teamfortress.com/wiki/Main_Page
|
||||
</details>
|
||||
|
||||
+1
-8
@@ -333,14 +333,7 @@ func (s *Server) respondWithError(w http.ResponseWriter, r *http.Request, messag
|
||||
func (s *Server) respondWithStatus(w http.ResponseWriter, r *http.Request, msg, code string, status int) {
|
||||
localizer := localization.GetLocalizer(r)
|
||||
|
||||
component := web.Base(
|
||||
localizer.T("oh_noes"),
|
||||
web.ErrorPage(msg, s.opts.WebmasterEmail, code, localizer),
|
||||
s.policy.Impressum,
|
||||
localizer,
|
||||
)
|
||||
handler := internal.NoStoreCache(templ.Handler(component, templ.WithStatus(status)))
|
||||
handler.ServeHTTP(w, r)
|
||||
templ.Handler(web.Base(localizer.T("oh_noes"), web.ErrorPage(msg, s.opts.WebmasterEmail, code, localizer), s.policy.Impressum, localizer), templ.WithStatus(status)).ServeHTTP(w, r)
|
||||
}
|
||||
|
||||
func (s *Server) ServeHTTP(w http.ResponseWriter, r *http.Request) {
|
||||
|
||||
@@ -7,7 +7,6 @@ import (
|
||||
"testing"
|
||||
|
||||
"github.com/TecharoHQ/anubis"
|
||||
"github.com/TecharoHQ/anubis/internal"
|
||||
"github.com/TecharoHQ/anubis/lib/policy"
|
||||
)
|
||||
|
||||
@@ -192,34 +191,3 @@ func TestRenderIndexUnauthorized(t *testing.T) {
|
||||
t.Errorf("expected body %q, got %q", "Authorization required", body)
|
||||
}
|
||||
}
|
||||
|
||||
func TestNoCacheOnError(t *testing.T) {
|
||||
pol := loadPolicies(t, "testdata/useragent.yaml", 0)
|
||||
srv := spawnAnubis(t, Options{Policy: pol})
|
||||
ts := httptest.NewServer(internal.RemoteXRealIP(true, "tcp", srv))
|
||||
defer ts.Close()
|
||||
|
||||
for userAgent, expectedCacheControl := range map[string]string{
|
||||
"DENY": "no-store",
|
||||
"CHALLENGE": "no-store",
|
||||
"ALLOW": "",
|
||||
} {
|
||||
t.Run(userAgent, func(t *testing.T) {
|
||||
req, err := http.NewRequest(http.MethodGet, ts.URL, nil)
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
|
||||
req.Header.Set("User-Agent", userAgent)
|
||||
|
||||
resp, err := ts.Client().Do(req)
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
|
||||
if resp.Header.Get("Cache-Control") != expectedCacheControl {
|
||||
t.Errorf("wanted Cache-Control header %q, got %q", expectedCacheControl, resp.Header.Get("Cache-Control"))
|
||||
}
|
||||
})
|
||||
}
|
||||
}
|
||||
|
||||
@@ -1,66 +1,66 @@
|
||||
{
|
||||
"loading": "Chargement...",
|
||||
"why_am_i_seeing": "Comment suis-je arrivé·e ici ?",
|
||||
"why_am_i_seeing": "Pourquoi je vois ceci ?",
|
||||
"protected_by": "Protégé par",
|
||||
"protected_from": "de",
|
||||
"protected_from": "From",
|
||||
"made_with": "Fait avec ❤️ au 🇨🇦",
|
||||
"mascot_design": "Design de la mascotte par",
|
||||
"ai_companies_explanation": "Vous voyez cette page car l'administrateur·rice de ce site Web a configuré Anubis pour protéger le serveur contre le fléau des entreprises d'IA qui récupèrent agressivement le contenu des sites Web. Cela perturbe leur fonctionnement et rend leurs ressources inaccessibles pour tout le monde.",
|
||||
"anubis_compromise": "Anubis est un compromis. Anubis utilise un procédé de preuve de travail similaire à Hashcash, un procédé de preuve de travail proposé pour réduire le spam par e-mail. L'idée est qu'à l'échelle individuelle, la charge supplémentaire est négligeable, mais à l'échelle des scrapers de masse, la charge s'accumule et le scraping devient beaucoup plus coûteux.",
|
||||
"hack_purpose": "En fin de compte, il s'agit d'une solution de substitution permettant de consacrer plus de temps à l'identification et à la prise d'empreintes des navigateurs headless (par exemple, en reconnaissant leur rendu des polices), pour que, à terme, la page de défi utilisant la preuve de travail n'ait plus besoin d'être présentée aux utilisateur·rices qui sont beaucoup plus susceptibles d'être légitimes.",
|
||||
"jshelter_note": "Veuillez noter qu'Anubis nécessite l'utilisation de fonctionnalités JavaScript modernes qui peuvent être désactivées par des plugins comme JShelter. Veuillez désactiver JShelter ou tout autre plugin similaire pour ce domaine.",
|
||||
"version_info": "Ce site Web utilise Anubis version",
|
||||
"ai_companies_explanation": "Vous voyez ceci car l'administrateur de ce site web a configuré Anubis pour protéger le serveur contre le fléau des entreprises d'IA qui scrapent agressivement les sites web. Cela peut et cause des temps d'arrêt pour les sites web, ce qui rend leurs ressources inaccessibles pour tout le monde.",
|
||||
"anubis_compromise": "Anubis est un compromis. Anubis utilise un schéma de Preuve de Travail dans la veine de Hashcash, un schéma de preuve de travail proposé pour réduire le spam par email. L'idée est qu'à l'échelle individuelle, la charge supplémentaire est négligeable, mais à l'échelle des scrapers de masse, cela s'accumule et rend le scraping beaucoup plus coûteux.",
|
||||
"hack_purpose": "En fin de compte, il s'agit d'une solution de substitution afin de consacrer plus de temps à l'identification et à l'empreinte digitale des navigateurs sans tête (par exemple, via leur rendu de police) afin que la page de preuve de travail du défi n'ait pas besoin d'être présentée aux utilisateurs qui sont beaucoup plus susceptibles d'être légitimes.",
|
||||
"jshelter_note": "Veuillez noter qu'Anubis nécessite l'utilisation de fonctionnalités JavaScript modernes que des plugins comme JShelter désactiveront. Veuillez désactiver JShelter ou d'autres plugins similaires pour ce domaine.",
|
||||
"version_info": "Ce site web utilise Anubis version",
|
||||
"try_again": "Réessayer",
|
||||
"go_home": "Accueil",
|
||||
"contact_webmaster": "ou si vous pensez que vous ne devriez pas être bloqué, veuillez contacter le webmaster à l'adresse",
|
||||
"contact_webmaster": "ou si vous pensez que vous ne devriez pas être bloqué, veuillez contacter le webmaster à",
|
||||
"connection_security": "Veuillez patienter un instant pendant que nous assurons la sécurité de votre connexion.",
|
||||
"javascript_required": "Malheureusement, vous devez activer JavaScript pour passer cette page de défi. Cette obligation est imposée par les entreprises d'IA, qui ont décidé de modifier unilatéralement les termes du contrat social régissant l'hébergement de sites Web. Une solution sans JavaScript est en cours de développement.",
|
||||
"javascript_required": "Malheureusement, vous devez activer JavaScript pour passer ce défi. Ceci est requis car les entreprises d'IA ont changé le contrat social autour du fonctionnement de l'hébergement de sites web. Une solution sans JS est en cours de développement.",
|
||||
"benchmark_requires_js": "L'exécution de l'outil de benchmark nécessite l'activation de JavaScript.",
|
||||
"difficulty": "Difficulté :",
|
||||
"algorithm": "Algorithme :",
|
||||
"compare": "Comparer :",
|
||||
"difficulty": "Difficulté :",
|
||||
"algorithm": "Algorithme :",
|
||||
"compare": "Comparer :",
|
||||
"time": "Temps",
|
||||
"iters": "Itérations",
|
||||
"time_a": "Temps A",
|
||||
"iters_a": "Itér. A",
|
||||
"time_b": "Temps B",
|
||||
"iters_b": "Itér. B",
|
||||
"static_check_endpoint": "Ceci est juste un point de terminaison de vérification à utiliser par votre proxy inverse.",
|
||||
"static_check_endpoint": "Ceci est juste un point de terminaison de vérification pour votre proxy inverse à utiliser.",
|
||||
"authorization_required": "Autorisation requise",
|
||||
"cookies_disabled": "Les cookies sont désactivés dans votre navigateur. Anubis a recours aux cookies pour l'intérêt légitime de s'assurer que vous êtes un client valide. Veuillez activer les cookies pour ce domaine.",
|
||||
"access_denied": "Accès refusé : code d'erreur",
|
||||
"dronebl_entry": "DroneBL a rapporté une entrée",
|
||||
"cookies_disabled": "Votre navigateur est configuré pour désactiver les cookies. Anubis nécessite des cookies pour l'intérêt légitime de s'assurer que vous êtes un client valide. Veuillez activer les cookies pour ce domaine",
|
||||
"access_denied": "Accès refusé : code d'erreur",
|
||||
"dronebl_entry": "DroneBL a signalé une entrée",
|
||||
"see_dronebl_lookup": "voir",
|
||||
"internal_server_error": "Erreur interne du serveur : l'administrateur·rice a mal configuré Anubis. Veuillez contacter l'administrateur·rice et lui demander de consulter les logs autour de",
|
||||
"internal_server_error": "Erreur interne du serveur : l'administrateur a mal configuré Anubis. Veuillez contacter l'administrateur et lui demander de consulter les logs autour de",
|
||||
"invalid_redirect": "Redirection invalide",
|
||||
"redirect_not_parseable": "URL de redirection non analysable",
|
||||
"redirect_domain_not_allowed": "Domaine de redirection non autorisé",
|
||||
"failed_to_sign_jwt": "échec de la signature du JWT",
|
||||
"failed_to_sign_jwt": "échec de la signature JWT",
|
||||
"invalid_invocation": "Invocation invalide de MakeChallenge",
|
||||
"client_error_browser": "Erreur client : Veuillez vous assurer que votre navigateur est à jour et réessayez plus tard.",
|
||||
"oh_noes": "Oh non !",
|
||||
"benchmarking_anubis": "Je vérifie les performances d'Anubis !",
|
||||
"you_are_not_a_bot": "Vous n'êtes pas un robot !",
|
||||
"making_sure_not_bot": "Je m'assure que vous n'êtes pas un robot !",
|
||||
"celphase": "CELPHASE",
|
||||
"js_web_crypto_error": "L'élément web.crypto de votre navigateur n'est pas fonctionnel. Consultez-vous bien cette page dans un contexte sécurisé ?",
|
||||
"js_web_workers_error": "Votre navigateur ne prend pas en charge les web workers (Anubis les utilise pour éviter de bloquer votre navigateur). Avez-vous installé un plugin comme JShelter ?",
|
||||
"js_cookies_error": "Votre navigateur ne stocke pas les cookies. Anubis a recours aux cookies pour déterminer quels clients ont réussi les défis en stockant un jeton signé dans un cookie. Veuillez activer le stockage des cookies pour ce domaine. Le nom des cookies stockés par Anubis peut varier à tout moment. Le nom et la valeur des cookies ne font pas partie de l'API publique.",
|
||||
"js_context_not_secure": "Votre contexte n'est pas sécurisé !",
|
||||
"js_context_not_secure_msg": "Essayez de vous connecter via HTTPS ou demandez à l'administrateur·rice de configurer HTTPS. Pour plus d'informations, consultez <a href=\"https://developer.mozilla.org/en-US/docs/Web/Security/Secure_Contexts#when_is_a_context_considered_secure\">MDN</a>.",
|
||||
"client_error_browser": "Erreur client : Veuillez vous assurer que votre navigateur est à jour et réessayez plus tard.",
|
||||
"oh_noes": "Oh non !",
|
||||
"benchmarking_anubis": "Test de performance d'Anubis !",
|
||||
"you_are_not_a_bot": "Vous n'êtes pas un robot !",
|
||||
"making_sure_not_bot": "Vérification que vous n'êtes pas un robot !",
|
||||
"celphase": "PHASE de CEL",
|
||||
"js_web_crypto_error": "Votre navigateur n'a pas d'élément web.crypto fonctionnel. Consultez-vous cette page dans un contexte sécurisé ?",
|
||||
"js_web_workers_error": "Votre navigateur ne prend pas en charge les web workers (Anubis les utilise pour éviter de bloquer votre navigateur). Avez-vous un plugin comme JShelter installé ?",
|
||||
"js_cookies_error": "Votre navigateur ne stocke pas les cookies. Anubis utilise des cookies pour déterminer quels clients ont réussi les défis en stockant un jeton signé dans un cookie. Veuillez activer le stockage des cookies pour ce domaine. Les noms des cookies qu'Anubis stocke peuvent varier sans préavis. Les noms et valeurs des cookies ne font pas partie de l'API publique.",
|
||||
"js_context_not_secure": "Votre contexte n'est pas sécurisé !",
|
||||
"js_context_not_secure_msg": "Essayez de vous connecter via HTTPS ou informez l'administrateur de configurer HTTPS. Pour plus d'informations, voir <a href=\"https://developer.mozilla.org/en-US/docs/Web/Security/Secure_Contexts#when_is_a_context_considered_secure\">MDN</a>.",
|
||||
"js_calculating": "Calcul en cours...",
|
||||
"js_missing_feature": "Fonctionnalité manquante",
|
||||
"js_challenge_error": "Erreur de défi !",
|
||||
"js_challenge_error": "Erreur de défi !",
|
||||
"js_challenge_error_msg": "Échec de la résolution de l'algorithme de vérification. Vous pouvez essayer de recharger la page.",
|
||||
"js_calculating_difficulty": "Calcul en cours...<br/>Difficulté :",
|
||||
"js_speed": "Vitesse :",
|
||||
"js_calculating_difficulty": "Calcul en cours...<br/>Difficulté :",
|
||||
"js_speed": "Vitesse :",
|
||||
"js_verification_longer": "La vérification prend plus de temps que prévu. Veuillez ne pas actualiser la page.",
|
||||
"js_success": "Vérification réussie !",
|
||||
"js_done_took": "Terminé ! Cela aura nécessité",
|
||||
"js_success": "Succès !",
|
||||
"js_done_took": "Terminé ! A pris",
|
||||
"js_iterations": "itérations",
|
||||
"js_finished_reading": "J'ai fini de lire, continuer →",
|
||||
"js_calculation_error": "Erreur de calcul !",
|
||||
"js_calculation_error_msg": "Échec du calcul du défi :",
|
||||
"missing_required_forwarded_headers": "En-têtes X-Forwarded-* manquants",
|
||||
"simplified_explanation": "Ceci est une mesure contre les robots et les requêtes malveillantes, similaire à un CAPTCHA. Cependant, au lieu d'avoir à faire le travail vous-même, votre navigateur se voit confier une tâche de calcul qu'il doit résoudre pour confirmer qu'il est un client valide. Ce concept est nommé <a href=\"https://en.wikipedia.org/wiki/Proof_of_work\">Preuve de travail</a>. La tâche s'effectue en quelques secondes, puis vous avez accès au site Web. Merci pour votre compréhension et votre patience."
|
||||
"js_finished_reading": "J'ai fini de lire, continuer →",
|
||||
"js_calculation_error": "Erreur de calcul !",
|
||||
"js_calculation_error_msg": "Échec du calcul du défi :",
|
||||
"missing_required_forwarded_headers": "En-têtes X-Forwarded-* requis manquants",
|
||||
"simplified_explanation": "Il s'agit d'une mesure contre les robots et les requêtes malveillantes similaire à un CAPTCHA. Cependant, au lieu d'avoir à faire le travail vous-même, votre navigateur se voit confier une tâche de calcul qu'il doit résoudre pour s'assurer qu'il est un client valide. Ce concept s'appelle <a href=\"https://en.wikipedia.org/wiki/Proof_of_work\">Preuve de travail</a>. La tâche est calculée en quelques secondes et vous avez accès au site Web. Merci de votre compréhension et de votre patience."
|
||||
}
|
||||
|
||||
@@ -0,0 +1,44 @@
|
||||
package policy
|
||||
|
||||
import (
|
||||
"net/http"
|
||||
"testing"
|
||||
|
||||
"github.com/TecharoHQ/anubis/internal/dns"
|
||||
"github.com/TecharoHQ/anubis/lib/config"
|
||||
"github.com/TecharoHQ/anubis/lib/store/memory"
|
||||
)
|
||||
|
||||
func newTestDNS(t *testing.T) *dns.Dns {
|
||||
t.Helper()
|
||||
|
||||
ctx := t.Context()
|
||||
memStore := memory.New(ctx)
|
||||
cache := dns.NewDNSCache(300, 300, memStore)
|
||||
return dns.New(ctx, cache)
|
||||
}
|
||||
|
||||
func TestCELChecker_MapIterationWrappers(t *testing.T) {
|
||||
cfg := &config.ExpressionOrList{
|
||||
Expression: `headers.exists(k, k == "Accept") && query.exists(k, k == "format")`,
|
||||
}
|
||||
|
||||
checker, err := NewCELChecker(cfg, newTestDNS(t))
|
||||
if err != nil {
|
||||
t.Fatalf("creating CEL checker failed: %v", err)
|
||||
}
|
||||
|
||||
req, err := http.NewRequest(http.MethodGet, "https://example.com/?format=json", nil)
|
||||
if err != nil {
|
||||
t.Fatalf("making request failed: %v", err)
|
||||
}
|
||||
req.Header.Set("Accept", "application/json")
|
||||
|
||||
got, err := checker.Check(req)
|
||||
if err != nil {
|
||||
t.Fatalf("checking expression failed: %v", err)
|
||||
}
|
||||
if !got {
|
||||
t.Fatal("expected expression to evaluate true")
|
||||
}
|
||||
}
|
||||
@@ -66,7 +66,9 @@ func (h HTTPHeaders) Get(key ref.Val) ref.Val {
|
||||
return result
|
||||
}
|
||||
|
||||
func (h HTTPHeaders) Iterator() traits.Iterator { panic("TODO(Xe): implement me") }
|
||||
func (h HTTPHeaders) Iterator() traits.Iterator {
|
||||
return newMapIterator(h.Header)
|
||||
}
|
||||
|
||||
func (h HTTPHeaders) IsZeroValue() bool {
|
||||
return len(h.Header) == 0
|
||||
|
||||
@@ -0,0 +1,60 @@
|
||||
package expressions
|
||||
|
||||
import (
|
||||
"errors"
|
||||
"maps"
|
||||
"reflect"
|
||||
"slices"
|
||||
|
||||
"github.com/google/cel-go/common/types"
|
||||
"github.com/google/cel-go/common/types/ref"
|
||||
"github.com/google/cel-go/common/types/traits"
|
||||
)
|
||||
|
||||
var ErrNotImplemented = errors.New("expressions: not implemented")
|
||||
|
||||
type stringSliceIterator struct {
|
||||
keys []string
|
||||
idx int
|
||||
}
|
||||
|
||||
func (s *stringSliceIterator) Value() any {
|
||||
return s
|
||||
}
|
||||
|
||||
func (s *stringSliceIterator) ConvertToNative(typeDesc reflect.Type) (any, error) {
|
||||
return nil, ErrNotImplemented
|
||||
}
|
||||
|
||||
func (s *stringSliceIterator) ConvertToType(typeValue ref.Type) ref.Val {
|
||||
return types.NewErr("can't convert from %q to %q", types.IteratorType, typeValue)
|
||||
}
|
||||
|
||||
func (s *stringSliceIterator) Equal(other ref.Val) ref.Val {
|
||||
return types.NewErr("can't compare %q to %q", types.IteratorType, other.Type())
|
||||
}
|
||||
|
||||
func (s *stringSliceIterator) Type() ref.Type {
|
||||
return types.IteratorType
|
||||
}
|
||||
|
||||
func (s *stringSliceIterator) HasNext() ref.Val {
|
||||
return types.Bool(s.idx < len(s.keys))
|
||||
}
|
||||
|
||||
func (s *stringSliceIterator) Next() ref.Val {
|
||||
if s.HasNext() != types.True {
|
||||
return nil
|
||||
}
|
||||
|
||||
val := s.keys[s.idx]
|
||||
s.idx++
|
||||
return types.String(val)
|
||||
}
|
||||
|
||||
func newMapIterator(m map[string][]string) traits.Iterator {
|
||||
return &stringSliceIterator{
|
||||
keys: slices.Collect(maps.Keys(m)),
|
||||
idx: 0,
|
||||
}
|
||||
}
|
||||
@@ -1,7 +1,6 @@
|
||||
package expressions
|
||||
|
||||
import (
|
||||
"errors"
|
||||
"net/url"
|
||||
"reflect"
|
||||
"strings"
|
||||
@@ -11,8 +10,6 @@ import (
|
||||
"github.com/google/cel-go/common/types/traits"
|
||||
)
|
||||
|
||||
var ErrNotImplemented = errors.New("expressions: not implemented")
|
||||
|
||||
// URLValues is a type wrapper to expose url.Values into CEL programs.
|
||||
type URLValues struct {
|
||||
url.Values
|
||||
@@ -69,7 +66,9 @@ func (u URLValues) Get(key ref.Val) ref.Val {
|
||||
return result
|
||||
}
|
||||
|
||||
func (u URLValues) Iterator() traits.Iterator { panic("TODO(Xe): implement me") }
|
||||
func (u URLValues) Iterator() traits.Iterator {
|
||||
return newMapIterator(u.Values)
|
||||
}
|
||||
|
||||
func (u URLValues) IsZeroValue() bool {
|
||||
return len(u.Values) == 0
|
||||
|
||||
Vendored
-12
@@ -1,12 +0,0 @@
|
||||
bots:
|
||||
- name: deny
|
||||
user_agent_regex: DENY
|
||||
action: DENY
|
||||
|
||||
- name: challenge
|
||||
user_agent_regex: CHALLENGE
|
||||
action: CHALLENGE
|
||||
|
||||
- name: allow
|
||||
user_agent_regex: ALLOW
|
||||
action: ALLOW
|
||||
Generated
+282
-310
File diff suppressed because it is too large
Load Diff
+6
-6
@@ -20,11 +20,11 @@
|
||||
"author": "",
|
||||
"license": "ISC",
|
||||
"devDependencies": {
|
||||
"@commitlint/cli": "^20.4.3",
|
||||
"@commitlint/config-conventional": "^20.4.3",
|
||||
"baseline-browser-mapping": "^2.10.0",
|
||||
"cssnano": "^7.1.3",
|
||||
"cssnano-preset-advanced": "^7.0.11",
|
||||
"@commitlint/cli": "^20.4.1",
|
||||
"@commitlint/config-conventional": "^20.4.1",
|
||||
"baseline-browser-mapping": "^2.9.19",
|
||||
"cssnano": "^7.1.2",
|
||||
"cssnano-preset-advanced": "^7.0.10",
|
||||
"esbuild": "^0.27.3",
|
||||
"husky": "^9.1.7",
|
||||
"playwright": "^1.52.0",
|
||||
@@ -36,7 +36,7 @@
|
||||
},
|
||||
"dependencies": {
|
||||
"@aws-crypto/sha256-js": "^5.2.0",
|
||||
"preact": "^10.28.4"
|
||||
"preact": "^10.28.3"
|
||||
},
|
||||
"commitlint": {
|
||||
"extends": [
|
||||
|
||||
Reference in New Issue
Block a user