test(palemoon): actually invoke timeout

Signed-off-by: Xe Iaso <me@xeiaso.net>

.github/actions/spelling/expect.txt

@@ -204,7 +204,7 @@ nobots
 NONINFRINGEMENT
 nosleep
 OCOB
-ogtags
+ogtag
 omgili
 omgilibot
 openai

docs/docs/CHANGELOG.md

@@ -17,6 +17,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - [Custom-AsyncHttpClient](https://github.com/AsyncHttpClient/async-http-client)'s default User-Agent has an increased weight by default ([#852](https://github.com/TecharoHQ/anubis/issues/852)).
 - The [`segments`](./admin/configuration/expressions.mdx#segments) function was added for splitting a path into its slash-separated segments.
 - When issuing a challenge, Anubis stores information about that challenge into the store. That stored information is later used to validate challenge responses. This works around nondeterminism in bot rules. ([#917](https://github.com/TecharoHQ/anubis/issues/917))
+- When parsing [Open Graph tags](./admin/configuration/open-graph.mdx), add any URLs found in the responses to a temporary "allow cache" so that social preview images work.
 
 ## v1.21.3: Minfilia Warde - Echo 3
 

internal/ogtags/cache.go

@@ -5,7 +5,9 @@ import (
 	"errors"
 	"log/slog"
 	"net/url"
+	"strings"
 	"syscall"
+	"time"
 )
 
 // GetOGTags is the main function that retrieves Open Graph tags for a URL
@@ -45,6 +47,18 @@ func (c *OGTagCache) GetOGTags(ctx context.Context, url *url.URL, originalHost s
 	// Store in cache
 	c.cache.Set(ctx, cacheKey, ogTags, c.ogTimeToLive)
 
+	for k, v := range ogTags {
+		switch {
+		case strings.HasSuffix(k, "image"), strings.HasSuffix(k, "audio"), strings.HasSuffix(k, "secure_url"), strings.HasSuffix(k, "video"):
+			v, _ = strings.CutPrefix(v, "http://")
+			v, _ = strings.CutPrefix(v, "https://")
+			slog.Debug("setting ogtags allow for", "url", k)
+			if err := c.cache.Underlying.Set(ctx, "ogtags:allow:"+v, []byte(k), time.Hour); err != nil {
+				slog.Debug("can't set ogtag allow cache", "err", err)
+			}
+		}
+	}
+
 	return ogTags, nil
 }
 

internal/ogtags/cache_test.go

@@ -1,6 +1,7 @@
 package ogtags
 
 import (
+	"errors"
 	"net/http"
 	"net/http/httptest"
 	"net/url"
@@ -9,6 +10,7 @@ import (
 	"time"
 
 	"github.com/TecharoHQ/anubis/lib/policy/config"
+	"github.com/TecharoHQ/anubis/lib/store"
 	"github.com/TecharoHQ/anubis/lib/store/memory"
 )
 
@@ -166,8 +168,13 @@ func TestGetOGTags(t *testing.T) {
 		if !ok || initialValue != cachedValue {
 			t.Errorf("Cache does not line up: expected %s: %s, got: %s", key, initialValue, cachedValue)
 		}
-
 	}
+
+	t.Run("ensure image is cached as allow", func(t *testing.T) {
+		if _, err := cache.cache.Underlying.Get(t.Context(), "ogtags:allow:example.com/image.jpg"); errors.Is(err, store.ErrNotFound) {
+			t.Fatal("ogtags allow caching for example.com/image.jpg did not work")
+		}
+	})
 }
 
 // TestGetOGTagsWithHostConsideration tests the behavior of the cache with and without host consideration and for multiple hosts in a theoretical setup.

lib/anubis.go

@@ -152,6 +152,12 @@ func (s *Server) maybeReverseProxyOrPage(w http.ResponseWriter, r *http.Request)
 func (s *Server) maybeReverseProxy(w http.ResponseWriter, r *http.Request, httpStatusOnly bool) {
 	lg := internal.GetRequestLogger(r)
 
+	if val, _ := s.store.Get(r.Context(), fmt.Sprintf("ogtags:allow:%s%s", r.Host, r.URL.String())); val != nil {
+		lg.Debug("serving opengraph tag asset")
+		s.ServeHTTPNext(w, r)
+		return
+	}
+
 	// Adjust cookie path if base prefix is not empty
 	cookiePath := "/"
 	if anubis.BasePrefix != "" {

test/palemoon/amd64/test.sh

@@ -13,6 +13,11 @@ function capture_vnc_snapshots() {
   done
 }
 
+function timeout() {
+  sleep 180
+  exit 1
+}
+
 source ../../lib/lib.sh
 
 if [ "$GITHUB_ACTIONS" = "true" ]; then
@@ -24,6 +29,7 @@ set -euo pipefail
 build_anubis_ko
 mint_cert relayd
 
+timeout &
 go run ../../cmd/cipra/ --compose-name $(basename $(pwd))
 
 docker compose down -t 1 || :