chore: spelling

Signed-off-by: Xe Iaso <me@xeiaso.net>
fix(default-config): also block alibaba cloud
2026-04-13 03:58:45 +00:00 · 2025-08-20 22:55:02 +00:00 · 2025-08-20 22:53:30 +00:00
8 changed files with 10 additions and 113 deletions
--- a/.github/actions/spelling/expect.txt
+++ b/.github/actions/spelling/expect.txt
@@ -341,7 +341,6 @@ xff
 XForwarded
 XNG
 XOB
 XOriginal
 XReal
 yae
 YAMLTo
--- a/docs/docs/CHANGELOG.md
+++ b/docs/docs/CHANGELOG.md
@@ -12,7 +12,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 ## [Unreleased]
 <!-- This changes the project to: -->
- Added a missing link to the Caddy installation environment in the installation documentation.
+
 - Downstream consumers can change the default [log/slog#Logger](https://pkg.go.dev/log/slog#Logger) instance that Anubis uses by setting `opts.Logger` to your slog instance of choice ([#864](https://github.com/TecharoHQ/anubis/issues/864)).
 - The [Thoth client](https://anubis.techaro.lol/docs/admin/thoth) is now public in the repo instead of being an internal package.
 - [Custom-AsyncHttpClient](https://github.com/AsyncHttpClient/async-http-client)'s default User-Agent has an increased weight by default ([#852](https://github.com/TecharoHQ/anubis/issues/852)).
@@ -40,13 +40,12 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - Bump AI-robots.txt to version 1.39
 - Add a default block rule for Huawei Cloud.
 - Add a default block rule for Alibaba Cloud.
 - Add X-Request-URI support so that Subrequest Authentication has path support.
 ### Security-relevant changes
 #### Fix potential double-spend for challenges
-Anubis operates by issuing a challenge and having the client present a solution for that challenge. Challenges are identified by a unique UUID, which is stored in the database.
+Anubis operates by issuing a challenge and having the client present a solution for that challenge. Challenges are identified by a unique UUID, which is tored in the database.
 The problem is that a challenge could potentially be used twice by a dedicated attacker making a targeted attack against Anubis. Challenge records did not have a "spent" or "used" field. In total, a dedicated attacker could solve a challenge once and reuse that solution across multiple sessions in order to mint additional tokens.
--- a/docs/docs/admin/frameworks/wordpress.mdx
+++ b/docs/docs/admin/frameworks/wordpress.mdx
@@ -1,6 +1,6 @@
-# WordPress
+# Wordpress
-WordPress is the most popular blog engine on the planet.
+Wordpress is the most popular blog engine on the planet.
 ## Using a multi-site setup with Anubis
@@ -27,7 +27,7 @@ flowchart LR
    US --> |whatever you're doing| B
 ```
-WordPress may not realize that the underlying connection is being done over HTTPS. This could lead to a redirect loop in the `/wp-admin/` routes. In order to fix this, add the following to your `wp-config.php` file:
+Wordpress may not realize that the underlying connection is being done over HTTPS. This could lead to a redirect loop in the `/wp-admin/` routes. In order to fix this, add the following to your `wp-config.php` file:
 ```php
 if (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] === 'https') {
@@ -36,4 +36,4 @@ if (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROT
 }
 ```
-This will make WordPress think that your connection is over HTTPS instead of plain HTTP.
+This will make Wordpress think that your connection is over HTTPS instead of plain HTTP.
--- a/docs/docs/admin/installation.mdx
+++ b/docs/docs/admin/installation.mdx
@@ -178,7 +178,6 @@ Alternatively here is a key generated by your browser:
 To get Anubis filtering your traffic, you need to make sure it's added to your HTTP load balancer or platform configuration. See the [environments category](/docs/category/environments) for detailed information on individual environments.
 - [Apache](./environments/apache.mdx)
 - [Caddy](./environments/caddy.mdx)
 - [Docker compose](./environments/docker-compose.mdx)
 - [Kubernetes](./environments/kubernetes.mdx)
 - [Nginx](./environments/nginx.mdx)
--- a/lib/policy/checker.go
+++ b/lib/policy/checker.go
@@ -102,13 +102,6 @@ func NewPathChecker(rexStr string) (checker.Impl, error) {
 }
 func (pc *PathChecker) Check(r *http.Request) (bool, error) {
 	originalUrl := r.Header.Get("X-Original-URI")
 	if originalUrl != "" {
 		if pc.regexp.MatchString(originalUrl) {
 			return true, nil
 		}
 	}
 	if pc.regexp.MatchString(r.URL.Path) {
 		return true, nil
 	}
--- a/lib/policy/checker_test.go
+++ b/lib/policy/checker_test.go
@@ -198,96 +198,3 @@ func TestHeaderExistsChecker(t *testing.T) {
 		})
 	}
 }
 func TestPathChecker_XOriginalURI(t *testing.T) {
 	tests := []struct {
 		name          string
 		regex         string
 		xOriginalURI  string
 		urlPath       string
 		headerKey     string
 		expectedMatch bool
 		expectError   bool
 	}{
 		{
 			name:          "X-Original-URI matches regex (with trailing space - current typo)",
 			regex:         "^/api/.*",
 			xOriginalURI:  "/api/users",
 			urlPath:       "/different/path",
 			headerKey:     "X-Original-URI",
 			expectedMatch: true,
 			expectError:   false,
 		},
 		{
 			name:          "X-Original-URI doesn't match, falls back to URL.Path",
 			regex:         "^/admin/.*",
 			xOriginalURI:  "/api/users",
 			urlPath:       "/admin/dashboard",
 			headerKey:     "X-Original-URI",
 			expectedMatch: true,
 			expectError:   false,
 		},
 		{
 			name:          "Neither X-Original-URI nor URL.Path match",
 			regex:         "^/admin/.*",
 			xOriginalURI:  "/api/users",
 			urlPath:       "/public/info",
 			headerKey:     "X-Original-URI ",
 			expectedMatch: false,
 			expectError:   false,
 		},
 		{
 			name:          "Empty X-Original-URI, URL.Path matches",
 			regex:         "^/static/.*",
 			xOriginalURI:  "",
 			urlPath:       "/static/css/style.css",
 			headerKey:     "X-Original-URI",
 			expectedMatch: true,
 			expectError:   false,
 		},
 		{
 			name:          "Complex regex matching X-Original-URI",
 			regex:         `^/api/v[0-9]+/(users|posts)/[0-9]+$`,
 			xOriginalURI:  "/api/v1/users/123",
 			urlPath:       "/different",
 			headerKey:     "X-Original-URI",
 			expectedMatch: true,
 			expectError:   false,
 		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
 			// Create the PathChecker
 			pc, err := NewPathChecker(tt.regex)
 			if err != nil {
 				if !tt.expectError {
 					t.Fatalf("NewPathChecker() unexpected error: %v", err)
 				}
 				return
 			}
 			if tt.expectError {
 				t.Fatal("NewPathChecker() expected error but got none")
 			}
 			req, err := http.NewRequest("GET", "http://example.com"+tt.urlPath, nil)
 			if err != nil {
 				t.Fatalf("Failed to create request: %v", err)
 			}
 			if tt.xOriginalURI != "" {
 				req.Header.Set(tt.headerKey, tt.xOriginalURI)
 			}
 			match, err := pc.Check(req)
 			if err != nil {
 				t.Fatalf("Check() unexpected error: %v", err)
 			}
 			if match != tt.expectedMatch {
 				t.Errorf("Check() = %v, want %v", match, tt.expectedMatch)
 			}
 		})
 	}
 }
--- a/package-lock.json
+++ b/package-lock.json
@@ -1,12 +1,12 @@
 {
  "name": "@techaro/anubis",
-  "version": "1.22.0-pre1",
+  "version": "1.21.3",
  "lockfileVersion": 3,
  "requires": true,
  "packages": {
    "": {
      "name": "@techaro/anubis",
-      "version": "1.22.0-pre1",
+      "version": "1.21.3",
      "license": "ISC",
      "dependencies": {
        "@aws-crypto/sha256-js": "^5.2.0"
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
  "name": "@techaro/anubis",
-  "version": "1.22.0-pre1",
+  "version": "1.21.3",
  "description": "",
  "main": "index.js",
  "scripts": {
Author	SHA1	Message	Date
Xe Iaso	f6ed08336d	chore: spelling Signed-off-by: Xe Iaso <me@xeiaso.net>	2025-08-20 22:55:02 +00:00
Xe Iaso	4d41f48675	fix(default-config): also block alibaba cloud Signed-off-by: Xe Iaso <me@xeiaso.net>	2025-08-20 22:53:30 +00:00