docs(challenge): fix panic when validating challenges in privacy-mode browsers

fix(challenge): add difficulty and policy rule hash to challenge metadata
fix(main): correct formatting and improve readability in main.go
2026-04-09 10:08:45 +00:00 · 2025-11-14 15:56:53 -08:00 · 2025-11-14 15:53:20 -08:00 · 2025-11-14 15:51:28 -08:00 · 2025-11-14 15:50:46 -08:00
31 changed files with 115 additions and 134 deletions
--- a/cmd/robots2policy/robots2policy_test.go
+++ b/cmd/robots2policy/robots2policy_test.go
@@ -22,9 +22,9 @@ type TestCase struct {
 type TestOptions struct {
 	format           string
 	action           string
 	crawlDelayWeight int
 	policyName       string
 	deniedAction     string
 	crawlDelayWeight int
 }
 func TestDataFileConversion(t *testing.T) {
--- a/decaymap/decaymap.go
+++ b/decaymap/decaymap.go
@@ -13,13 +13,13 @@ func Zilch[T any]() T {
 // Impl is a lazy key->value map. It's a wrapper around a map and a mutex. If values exceed their time-to-live, they are pruned at Get time.
 type Impl[K comparable, V any] struct {
 	data map[K]decayMapEntry[V]
 	lock sync.RWMutex
 	// deleteCh receives decay-deletion requests from readers.
 	deleteCh chan deleteReq[K]
 	// stopCh stops the background cleanup worker.
 	stopCh chan struct{}
 	wg     sync.WaitGroup
 	lock   sync.RWMutex
 }
 type decayMapEntry[V any] struct {
--- a/docs/docs/CHANGELOG.md
+++ b/docs/docs/CHANGELOG.md
@@ -21,7 +21,6 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - Allow Renovate as an OCI registry client.
 - Properly handle 4in6 addresses so that IP matching works with those addresses.
 - Add support to simple Valkey/Redis cluster mode
 - Stabilize the CVE-2025-24369 regression test by always submitting an invalid proof instead of relying on random POW failures.
 ## v1.23.1: Lyse Hext - Echo 1
--- a/docs/docs/admin/environments/nginx.mdx
+++ b/docs/docs/admin/environments/nginx.mdx
@@ -55,9 +55,8 @@ server {
 # proxy all traffic to the target via Anubis.
 server {
  # Listen on TCP port 443 with TLS (https) and HTTP/2
-  listen 443 ssl;
+  listen 443 ssl http2;
-  listen [::]:443 ssl;
+  listen [::]:443 ssl http2;
  http2 on;
  location / {
    proxy_set_header Host $host;
@@ -114,9 +113,8 @@ Then in a server block:
 server {
  # Listen on 443 with SSL
-  listen 443 ssl;
+  listen 443 ssl http2;
-  listen [::]:443 ssl;
+  listen [::]:443 ssl http2;
  http2 on;
  # Slipstream via Anubis
  include "conf-anubis.inc";
--- a/internal/headers.go
+++ b/internal/headers.go
@@ -87,7 +87,7 @@ func XForwardedForToXRealIP(next http.Handler) http.Handler {
 	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		if xffHeader := r.Header.Get("X-Forwarded-For"); r.Header.Get("X-Real-Ip") == "" && xffHeader != "" {
 			ip := xff.Parse(xffHeader)
-			slog.Debug("setting X-Real-Ip from X-Forwarded-For", "to", ip, "x-forwarded-for", xffHeader)
+			slog.Debug("setting x-real-ip", "val", ip)
 			r.Header.Set("X-Real-Ip", ip)
 		}
@@ -129,8 +129,6 @@ func XForwardedForUpdate(stripPrivate bool, next http.Handler) http.Handler {
 		} else {
 			r.Header.Set("X-Forwarded-For", xffHeaderString)
 		}
 		slog.Debug("updating X-Forwarded-For", "original", origXFFHeader, "new", xffHeaderString)
 	})
 }
--- a/internal/ogtags/ogtags.go
+++ b/internal/ogtags/ogtags.go
@@ -22,10 +22,9 @@ const (
 )
 type OGTagCache struct {
-	targetURL  *url.URL
+	cache     store.JSON[map[string]string]
-	client     *http.Client
+	targetURL *url.URL
-	ogOverride map[string]string
+	client    *http.Client
 	cache      store.JSON[map[string]string]
 	// Pre-built strings for optimization
 	unixPrefix          string // "http://unix"
@@ -34,6 +33,7 @@ type OGTagCache struct {
 	ogTimeToLive        time.Duration
 	ogCacheConsiderHost bool
 	ogPassthrough       bool
 	ogOverride          map[string]string
 }
 func NewOGTagCache(target string, conf config.OpenGraph, backend store.Interface) *OGTagCache {
--- a/lib/anubis.go
+++ b/lib/anubis.go
@@ -68,14 +68,14 @@ var (
 type Server struct {
 	next        http.Handler
 	store       store.Interface
 	mux         *http.ServeMux
 	policy      *policy.ParsedConfig
 	OGTags      *ogtags.OGTagCache
 	logger      *slog.Logger
 	opts        Options
 	ed25519Priv ed25519.PrivateKey
 	hs512Secret []byte
 	opts        Options
 	store       store.Interface
 	logger      *slog.Logger
 }
 func (s *Server) getTokenKeyfunc() jwt.Keyfunc {
--- a/lib/anubis_test.go
+++ b/lib/anubis_test.go
@@ -152,34 +152,10 @@ func handleChallengeZeroDifficulty(t *testing.T, ts *httptest.Server, cli *http.
 	return resp
 }
 func handleChallengeInvalidProof(t *testing.T, ts *httptest.Server, cli *http.Client, chall challengeResp) *http.Response {
 	t.Helper()
 	req, err := http.NewRequest(http.MethodGet, ts.URL+"/.within.website/x/cmd/anubis/api/pass-challenge", nil)
 	if err != nil {
 		t.Fatalf("can't make request: %v", err)
 	}
 	q := req.URL.Query()
 	q.Set("response", strings.Repeat("f", 64)) // "hash" that never starts with the nonce
 	q.Set("nonce", "0")
 	q.Set("redir", "/")
 	q.Set("elapsedTime", "0")
 	q.Set("id", chall.ID)
 	req.URL.RawQuery = q.Encode()
 	resp, err := cli.Do(req)
 	if err != nil {
 		t.Fatalf("can't do request: %v", err)
 	}
 	return resp
 }
 type loggingCookieJar struct {
 	t       *testing.T
 	cookies map[string][]*http.Cookie
 	lock    sync.Mutex
 	cookies map[string][]*http.Cookie
 }
 func (lcj *loggingCookieJar) Cookies(u *url.URL) []*http.Cookie {
@@ -271,7 +247,7 @@ func TestCVE2025_24369(t *testing.T) {
 	cli := httpClient(t)
 	chall := makeChallenge(t, ts, cli)
-	resp := handleChallengeInvalidProof(t, ts, cli, chall)
+	resp := handleChallengeZeroDifficulty(t, ts, cli, chall)
 	if resp.StatusCode == http.StatusFound {
 		t.Log("Regression on CVE-2025-24369")
@@ -771,9 +747,9 @@ func TestStripBasePrefixFromRequest(t *testing.T) {
 	testCases := []struct {
 		name            string
 		basePrefix      string
 		stripBasePrefix bool
 		requestPath     string
 		expectedPath    string
 		stripBasePrefix bool
 	}{
 		{
 			name:            "strip disabled - no change",
--- a/lib/challenge/challenge.go
+++ b/lib/challenge/challenge.go
@@ -4,12 +4,12 @@ import "time"
 // Challenge is the metadata about a single challenge issuance.
 type Challenge struct {
-	IssuedAt       time.Time         `json:"issuedAt"`
+	ID             string            `json:"id"`                       // UUID identifying the challenge
-	Metadata       map[string]string `json:"metadata"`
+	Method         string            `json:"method"`                   // Challenge method
-	ID             string            `json:"id"`
+	RandomData     string            `json:"randomData"`               // The random data the client processes
-	Method         string            `json:"method"`
+	IssuedAt       time.Time         `json:"issuedAt"`                 // When the challenge was issued
-	RandomData     string            `json:"randomData"`
+	Metadata       map[string]string `json:"metadata"`                 // Challenge metadata such as IP address and user agent
-	PolicyRuleHash string            `json:"policyRuleHash,omitempty"`
+	Spent          bool              `json:"spent"`                    // Has the challenge already been solved?
-	Difficulty     int               `json:"difficulty,omitempty"`
+	Difficulty     int               `json:"difficulty,omitempty"`     // Difficulty that was in effect when issued
-	Spent          bool              `json:"spent"`
+	PolicyRuleHash string            `json:"policyRuleHash,omitempty"` // Hash of the policy rule that issued this challenge
 }
--- a/lib/config.go
+++ b/lib/config.go
@@ -29,24 +29,24 @@ import (
 type Options struct {
 	Next                 http.Handler
 	Policy               *policy.ParsedConfig
-	Logger               *slog.Logger
+	Target               string
-	OpenGraph            config.OpenGraph
+	CookieDynamicDomain  bool
 	PublicUrl            string
 	CookieDomain         string
-	JWTRestrictionHeader string
+	CookieExpiration     time.Duration
 	CookiePartitioned    bool
 	BasePrefix           string
 	WebmasterEmail       string
 	Target               string
 	RedirectDomains      []string
 	ED25519PrivateKey    ed25519.PrivateKey
 	HS512Secret          []byte
-	CookieExpiration     time.Duration
+	StripBasePrefix      bool
-	CookieSameSite       http.SameSite
+	OpenGraph            config.OpenGraph
 	ServeRobotsTXT       bool
 	CookieSecure         bool
-	StripBasePrefix      bool
+	CookieSameSite       http.SameSite
-	CookiePartitioned    bool
+	Logger               *slog.Logger
-	CookieDynamicDomain  bool
+	PublicUrl            string
 	JWTRestrictionHeader string
 	DifficultyInJWT      bool
 }
--- a/lib/http_test.go
+++ b/lib/http_test.go
@@ -13,9 +13,9 @@ import (
 func TestSetCookie(t *testing.T) {
 	for _, tt := range []struct {
 		name       string
 		options    Options
 		host       string
 		cookieName string
 		options    Options
 	}{
 		{
 			name:       "basic",
--- a/lib/policy/config/asn_test.go
+++ b/lib/policy/config/asn_test.go
@@ -8,9 +8,9 @@ import (
 func TestASNsValid(t *testing.T) {
 	for _, tt := range []struct {
 		err   error
 		input *ASNs
 		name  string
 		input *ASNs
 		err   error
 	}{
 		{
 			name: "basic valid",
--- a/lib/policy/config/config.go
+++ b/lib/policy/config/config.go
@@ -62,11 +62,13 @@ type BotConfig struct {
 	Expression     *ExpressionOrList `json:"expression,omitempty" yaml:"expression,omitempty"`
 	Challenge      *ChallengeRules   `json:"challenge,omitempty" yaml:"challenge,omitempty"`
 	Weight         *Weight           `json:"weight,omitempty" yaml:"weight,omitempty"`
 	GeoIP          *GeoIP            `json:"geoip,omitempty"`
 	ASNs           *ASNs             `json:"asns,omitempty"`
 	Name           string            `json:"name" yaml:"name"`
 	Action         Rule              `json:"action" yaml:"action"`
 	RemoteAddr     []string          `json:"remote_addresses,omitempty" yaml:"remote_addresses,omitempty"`
 	// Thoth features
 	GeoIP *GeoIP `json:"geoip,omitempty"`
 	ASNs  *ASNs  `json:"asns,omitempty"`
 }
 func (b BotConfig) Zero() bool {
@@ -322,13 +324,13 @@ func (sc StatusCodes) Valid() error {
 }
 type fileConfig struct {
 	Bots        []BotOrImport       `json:"bots"`
 	DNSBL       bool                `json:"dnsbl"`
 	OpenGraph   openGraphFileConfig `json:"openGraph,omitempty"`
 	Impressum   *Impressum          `json:"impressum,omitempty"`
 	Store       *Store              `json:"store"`
 	Bots        []BotOrImport       `json:"bots"`
 	Thresholds  []Threshold         `json:"thresholds"`
 	StatusCodes StatusCodes         `json:"status_codes"`
-	DNSBL       bool                `json:"dnsbl"`
+	Store       *Store              `json:"store"`
 	Thresholds  []Threshold         `json:"thresholds"`
 }
 func (c *fileConfig) Valid() error {
@@ -460,13 +462,13 @@ func Load(fin io.Reader, fname string) (*Config, error) {
 }
 type Config struct {
 	Impressum   *Impressum
 	Store       *Store
 	OpenGraph   OpenGraph
 	Bots        []BotConfig
 	Thresholds  []Threshold
 	StatusCodes StatusCodes
 	DNSBL       bool
 	Impressum   *Impressum
 	OpenGraph   OpenGraph
 	StatusCodes StatusCodes
 	Store       *Store
 }
 func (c Config) Valid() error {
--- a/lib/policy/config/config_test.go
+++ b/lib/policy/config/config_test.go
@@ -15,9 +15,9 @@ func p[V any](v V) *V { return &v }
 func TestBotValid(t *testing.T) {
 	var tests = []struct {
 		bot  BotConfig
 		err  error
 		name string
 		bot  BotConfig
 	}{
 		{
 			name: "simple user agent",
--- a/lib/policy/config/expressionorlist_test.go
+++ b/lib/policy/config/expressionorlist_test.go
@@ -11,10 +11,10 @@ import (
 func TestExpressionOrListMarshalJSON(t *testing.T) {
 	for _, tt := range []struct {
 		err    error
 		input  *ExpressionOrList
 		name   string
 		input  *ExpressionOrList
 		output []byte
 		err    error
 	}{
 		{
 			name: "single expression",
@@ -74,10 +74,10 @@ func TestExpressionOrListMarshalJSON(t *testing.T) {
 func TestExpressionOrListMarshalYAML(t *testing.T) {
 	for _, tt := range []struct {
 		err    error
 		input  *ExpressionOrList
 		name   string
 		input  *ExpressionOrList
 		output []byte
 		err    error
 	}{
 		{
 			name: "single expression",
@@ -217,8 +217,8 @@ func TestExpressionOrListUnmarshalJSON(t *testing.T) {
 func TestExpressionOrListString(t *testing.T) {
 	for _, tt := range []struct {
 		name string
 		out  string
 		in   ExpressionOrList
 		out  string
 	}{
 		{
 			name: "single expression",
--- a/lib/policy/config/geoip_test.go
+++ b/lib/policy/config/geoip_test.go
@@ -7,9 +7,9 @@ import (
 func TestGeoIPValid(t *testing.T) {
 	for _, tt := range []struct {
 		err   error
 		input *GeoIP
 		name  string
 		input *GeoIP
 		err   error
 	}{
 		{
 			name: "basic valid",
--- a/lib/policy/config/impressum_test.go
+++ b/lib/policy/config/impressum_test.go
@@ -8,9 +8,9 @@ import (
 func TestImpressumValid(t *testing.T) {
 	for _, cs := range []struct {
 		err  error
 		inp  Impressum
 		name string
 		inp  Impressum
 		err  error
 	}{
 		{
 			name: "basic happy path",
--- a/lib/policy/config/opengraph.go
+++ b/lib/policy/config/opengraph.go
@@ -13,17 +13,17 @@ var (
 )
 type openGraphFileConfig struct {
 	Override     map[string]string `json:"override,omitempty" yaml:"override,omitempty"`
 	TimeToLive   string            `json:"ttl" yaml:"ttl"`
 	Enabled      bool              `json:"enabled" yaml:"enabled"`
 	ConsiderHost bool              `json:"considerHost" yaml:"enabled"`
 	TimeToLive   string            `json:"ttl" yaml:"ttl"`
 	Override     map[string]string `json:"override,omitempty" yaml:"override,omitempty"`
 }
 type OpenGraph struct {
 	Override     map[string]string `json:"override,omitempty" yaml:"override,omitempty"`
 	TimeToLive   time.Duration     `json:"ttl" yaml:"ttl"`
 	Enabled      bool              `json:"enabled" yaml:"enabled"`
 	ConsiderHost bool              `json:"considerHost" yaml:"enabled"`
 	Override     map[string]string `json:"override,omitempty" yaml:"override,omitempty"`
 	TimeToLive   time.Duration     `json:"ttl" yaml:"ttl"`
 }
 func (og *openGraphFileConfig) Valid() error {
--- a/lib/policy/config/opengraph_test.go
+++ b/lib/policy/config/opengraph_test.go
@@ -7,9 +7,9 @@ import (
 func TestOpenGraphFileConfigValid(t *testing.T) {
 	for _, tt := range []struct {
 		err   error
 		input *openGraphFileConfig
 		name  string
 		input *openGraphFileConfig
 		err   error
 	}{
 		{
 			name: "basic happy path",
--- a/lib/policy/config/store_test.go
+++ b/lib/policy/config/store_test.go
@@ -12,9 +12,9 @@ import (
 func TestStoreValid(t *testing.T) {
 	for _, tt := range []struct {
 		err   error
 		name  string
 		input config.Store
 		err   error
 	}{
 		{
 			name:  "no backend",
--- a/lib/policy/config/threshold.go
+++ b/lib/policy/config/threshold.go
@@ -31,10 +31,10 @@ var (
 )
 type Threshold struct {
 	Expression *ExpressionOrList `json:"expression" yaml:"expression"`
 	Challenge  *ChallengeRules   `json:"challenge" yaml:"challenge"`
 	Name       string            `json:"name" yaml:"name"`
 	Expression *ExpressionOrList `json:"expression" yaml:"expression"`
 	Action     Rule              `json:"action" yaml:"action"`
 	Challenge  *ChallengeRules   `json:"challenge" yaml:"challenge"`
 }
 func (t Threshold) Valid() error {
--- a/lib/policy/config/threshold_test.go
+++ b/lib/policy/config/threshold_test.go
@@ -10,9 +10,9 @@ import (
 func TestThresholdValid(t *testing.T) {
 	for _, tt := range []struct {
 		err   error
 		input *Threshold
 		name  string
 		input *Threshold
 		err   error
 	}{
 		{
 			name: "basic allow",
--- a/lib/policy/expressions/environment_test.go
+++ b/lib/policy/expressions/environment_test.go
@@ -14,11 +14,11 @@ func TestBotEnvironment(t *testing.T) {
 	t.Run("missingHeader", func(t *testing.T) {
 		tests := []struct {
 			headers     map[string]string
 			name        string
 			expression  string
-			description string
+			headers     map[string]string
 			expected    types.Bool
 			description string
 		}{
 			{
 				name:       "missing-header",
@@ -167,10 +167,10 @@ func TestBotEnvironment(t *testing.T) {
 		t.Run("invalid", func(t *testing.T) {
 			for _, tt := range []struct {
 				env             any
 				name            string
 				description     string
 				expression      string
 				env             any
 				wantFailCompile bool
 				wantFailEval    bool
 			}{
@@ -244,11 +244,11 @@ func TestThresholdEnvironment(t *testing.T) {
 	}
 	tests := []struct {
 		variables     map[string]interface{}
 		name          string
 		expression    string
-		description   string
+		variables     map[string]interface{}
 		expected      types.Bool
 		description   string
 		shouldCompile bool
 	}{
 		{
--- a/lib/policy/expressions/loadavg.go
+++ b/lib/policy/expressions/loadavg.go
@@ -10,8 +10,8 @@ import (
 )
 type loadAvg struct {
 	data *load.AvgStat
 	lock sync.RWMutex
 	data *load.AvgStat
 }
 func (l *loadAvg) updateThread(ctx context.Context) {
--- a/lib/policy/policy.go
+++ b/lib/policy/policy.go
@@ -29,15 +29,16 @@ var (
 )
 type ParsedConfig struct {
-	Store             store.Interface
+	orig *config.Config
-	orig              *config.Config
+
 	Impressum         *config.Impressum
 	OpenGraph         config.OpenGraph
 	Bots              []Bot
 	Thresholds        []*Threshold
 	StatusCodes       config.StatusCodes
 	DefaultDifficulty int
 	DNSBL             bool
 	Impressum         *config.Impressum
 	OpenGraph         config.OpenGraph
 	DefaultDifficulty int
 	StatusCodes       config.StatusCodes
 	Store             store.Interface
 }
 func newParsedConfig(orig *config.Config) *ParsedConfig {
--- a/lib/redirect_security_test.go
+++ b/lib/redirect_security_test.go
@@ -13,7 +13,7 @@ import (
 func TestRedirectSecurity(t *testing.T) {
 	tests := []struct {
-		reqHost  string
+		name     string
 		testType string // "constructRedirectURL", "serveHTTPNext", "renderIndex"
 		// For constructRedirectURL tests
@@ -23,16 +23,17 @@ func TestRedirectSecurity(t *testing.T) {
 		// For serveHTTPNext tests
 		redirParam string
-		name       string
+		reqHost    string
 		errorContains  string
 		expectedStatus int
 		// For renderIndex tests
 		returnHTTPStatusOnly bool
-		shouldError          bool
+
-		shouldNotRedirect    bool
+		// Expected results
-		shouldBlock          bool
+		expectedStatus    int
 		shouldError       bool
 		shouldNotRedirect bool
 		shouldBlock       bool
 		errorContains     string
 	}{
 		// constructRedirectURL tests - X-Forwarded-Proto validation
 		{
--- a/lib/store/bbolt/factory_test.go
+++ b/lib/store/bbolt/factory_test.go
@@ -17,9 +17,9 @@ func TestFactoryValid(t *testing.T) {
 	t.Run("invalid config", func(t *testing.T) {
 		for _, tt := range []struct {
 			err  error
 			name string
 			cfg  Config
 			err  error
 		}{
 			{
 				name: "missing path",
--- a/lib/store/s3api/factory.go
+++ b/lib/store/s3api/factory.go
@@ -88,8 +88,8 @@ func (Factory) Valid(data json.RawMessage) error {
 }
 type Config struct {
 	BucketName string `json:"bucketName"`
 	PathStyle  bool   `json:"pathStyle"`
 	BucketName string `json:"bucketName"`
 }
 func (c Config) Valid() error {
--- a/lib/store/s3api/s3api_test.go
+++ b/lib/store/s3api/s3api_test.go
@@ -17,10 +17,10 @@ import (
 // mockS3 is an in-memory mock of the methods we use.
 type mockS3 struct {
 	mu     sync.RWMutex
 	bucket string
 	data   map[string][]byte
 	meta   map[string]map[string]string
 	bucket string
 	mu     sync.RWMutex
 }
 func (m *mockS3) PutObject(ctx context.Context, in *s3.PutObjectInput, _ ...func(*s3.Options)) (*s3.PutObjectOutput, error) {
--- a/lib/store/storetest/storetest.go
+++ b/lib/store/storetest/storetest.go
@@ -21,9 +21,9 @@ func Common(t *testing.T, f store.Factory, config json.RawMessage) {
 	}
 	for _, tt := range []struct {
 		err  error
 		doer func(t *testing.T, s store.Interface) error
 		name string
 		doer func(t *testing.T, s store.Interface) error
 		err  error
 	}{
 		{
 			name: "basic get set delete",
--- a/lib/store/valkey/valkey_test.go
+++ b/lib/store/valkey/valkey_test.go
@@ -2,14 +2,20 @@ package valkey
 import (
 	"encoding/json"
 	"fmt"
 	"os"
 	"testing"
 	"github.com/TecharoHQ/anubis/internal"
 	"github.com/TecharoHQ/anubis/lib/store/storetest"
 	"github.com/testcontainers/testcontainers-go"
 	"github.com/testcontainers/testcontainers-go/wait"
 )
 func init() {
 	internal.UnbreakDocker()
 }
 func TestImpl(t *testing.T) {
 	if os.Getenv("DONT_USE_NETWORK") != "" {
 		t.Skip("test requires network egress")
@@ -18,26 +24,26 @@ func TestImpl(t *testing.T) {
 	testcontainers.SkipIfProviderIsNotHealthy(t)
-	valkeyC, err := testcontainers.Run(
+	req := testcontainers.ContainerRequest{
-		t.Context(), "valkey/valkey:8",
+		Image:      "valkey/valkey:8",
-		testcontainers.WithExposedPorts("6379/tcp"),
+		WaitingFor: wait.ForLog("Ready to accept connections"),
-		testcontainers.WithWaitStrategy(
+	}
-			wait.ForListeningPort("6379/tcp"),
+	valkeyC, err := testcontainers.GenericContainer(t.Context(), testcontainers.GenericContainerRequest{
-			wait.ForLog("Ready to accept connections"),
+		ContainerRequest: req,
-		),
+		Started:          true,
-	)
+	})
 	testcontainers.CleanupContainer(t, valkeyC)
 	if err != nil {
 		t.Fatal(err)
 	}
-	endpoint, err := valkeyC.PortEndpoint(t.Context(), "6379/tcp", "redis")
+	containerIP, err := valkeyC.ContainerIP(t.Context())
 	if err != nil {
 		t.Fatal(err)
 	}
 	data, err := json.Marshal(Config{
-		URL: endpoint,
+		URL: fmt.Sprintf("redis://%s:6379/0", containerIP),
 	})
 	if err != nil {
 		t.Fatal(err)
Author	SHA1	Message	Date
Jason Cameron	a6207ea99f	docs(challenge): fix panic when validating challenges in privacy-mode browsers	2025-11-14 15:56:53 -08:00
Jason Cameron	c5fde0af1a	fix(challenge): add difficulty and policy rule hash to challenge metadata	2025-11-14 15:53:20 -08:00
Jason Cameron	7d26adaec5	fix(main): correct formatting and improve readability in main.go	2025-11-14 15:51:28 -08:00
Jason Cameron	5eb165b299	fix(localization): correct formatting of Swedish loading message	2025-11-14 15:50:46 -08:00