ci(smoke-tests): add smoke test for haproxy (simple)

Signed-off-by: Xe Iaso <me@xeiaso.net>

.github/workflows/smoke-tests.yml

@@ -24,6 +24,7 @@ jobs:
           - i18n
           - log-file
           - nginx
+          - haproxy-simple
           - palemoon/amd64
           #- palemoon/i386
           - robots_txt

VERSION

@@ -1 +1 @@
-1.25.0
+1.24.0

cmd/anubis/main.go

@@ -418,8 +418,8 @@ func main() {
 
 	var redirectDomainsList []string
 	if *redirectDomains != "" {
-		domains := strings.SplitSeq(*redirectDomains, ",")
-		for domain := range domains {
+		domains := strings.Split(*redirectDomains, ",")
+		for _, domain := range domains {
 			_, err = url.Parse(domain)
 			if err != nil {
 				log.Fatalf("cannot parse redirect-domain %q: %s", domain, err.Error())

cmd/robots2policy/main.go

@@ -10,7 +10,6 @@ import (
 	"net/http"
 	"os"
 	"regexp"
-	"slices"
 	"strings"
 
 	"github.com/TecharoHQ/anubis/lib/config"
@@ -211,8 +210,11 @@ func parseRobotsTxt(input io.Reader) ([]RobotsRule, error) {
 
 	// Mark blacklisted user agents (those with "Disallow: /")
 	for i := range rules {
-		if slices.Contains(rules[i].Disallows, "/") {
-			rules[i].IsBlacklist = true
+		for _, disallow := range rules[i].Disallows {
+			if disallow == "/" {
+				rules[i].IsBlacklist = true
+				break
+			}
 		}
 	}
 

cmd/robots2policy/robots2policy_test.go

@@ -158,8 +158,8 @@ func TestDataFileConversion(t *testing.T) {
 			}
 
 			if strings.ToLower(*outputFormat) == "yaml" {
-				var actualData []any
-				var expectedData []any
+				var actualData []interface{}
+				var expectedData []interface{}
 
 				err = yaml.Unmarshal(actualOutput, &actualData)
 				if err != nil {
@@ -178,8 +178,8 @@ func TestDataFileConversion(t *testing.T) {
 					t.Errorf("Output mismatch for %s\nExpected:\n%s\n\nActual:\n%s", tc.name, expectedStr, actualStr)
 				}
 			} else {
-				var actualData []any
-				var expectedData []any
+				var actualData []interface{}
+				var expectedData []interface{}
 
 				err = json.Unmarshal(actualOutput, &actualData)
 				if err != nil {
@@ -419,6 +419,6 @@ Disallow: /`
 
 // compareData performs a deep comparison of two data structures,
 // ignoring differences that are semantically equivalent in YAML/JSON
-func compareData(actual, expected any) bool {
+func compareData(actual, expected interface{}) bool {
 	return reflect.DeepEqual(actual, expected)
 }

docs/docs/CHANGELOG.md

@@ -11,32 +11,6 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
-<!-- This changes the project to: -->
-
-## v1.25.0: Necron
-
-Hey all,
-
-I'm sure you've all been aware that things have been slowing down a little with Anubis development, and I want to apologize for that. A lot has been going on in my life lately (my blog will have a post out on Friday with more information), and as a result I haven't really had the energy to work on Anubis in publicly visible ways. There are things going on behind the scenes, but nothing is really shippable yet, sorry!
-
-I've also been feeling some burnout in the wake of perennial waves of anger directed towards me. I'm handling it, I'll be fine, I've just had a lot going on in my life and it's been rough.
-
-I've been missing the sense of wanderlust and discovery that comes with the artistic way I playfully develop software. I suspect that some of the stresses I've been through (setting up a complicated surgery in a country whose language you aren't fluent in is kind of an experience) have been sapping my energy. I'd gonna try to mess with things on my break, but realistically I'm probably just gonna be either watching Stargate SG-1 or doing unreasonable amounts of ocean fishing in Final Fantasy 14. Normally I'd love to keep the details about my medical state fairly private, but I'm more of a public figure now than I was this time last year so I don't really get the invisibility I'm used to for this.
-
-I've also had a fair amount of negativity directed at me for simply being much more visible than the anonymous threat actors running the scrapers that are ruining everything, which though understandable has not helped.
-
-Anyways, it all worked out and I'm about to be in the hospital for a week, so if things go really badly with this release please downgrade to the last version and/or upgrade to the main branch when the fix PR is inevitably merged. I hoped to have time to tame GPG and set up full release automation in the Anubis repo, but that didn't work out this time and that's okay.
-
-If I can challenge you all to do something, go out there and try to actually create something new somehow. Combine ideas you've never mixed before. Be creative, be human, make something purely for yourself to scratch an itch that you've always had yet never gotten around to actually mending.
-
-At the very least, try to be an example of how you want other people to act, even when you're in a situation where software written by someone else is configured to require a user agent to execute javascript to access a webpage.
-
-Be well,
-
-Xe
-
-PS: if you're well-versed in FFXIV lore, the release title should give you an idea of the kind of stuff I've been going through mentally.
-
 - Add iplist2rule tool that lets admins turn an IP address blocklist into an Anubis ruleset.
 - Add Polish locale ([#1292](https://github.com/TecharoHQ/anubis/pull/1309))
 - Fix honeypot and imprint links missing `BASE_PREFIX` when deployed behind a path prefix ([#1402](https://github.com/TecharoHQ/anubis/issues/1402))
@@ -44,6 +18,8 @@ PS: if you're well-versed in FFXIV lore, the release title should give you an id
 - Improve idle performance in memory storage
 - Add HAProxy Configurations to Docs ([#1424](https://github.com/TecharoHQ/anubis/pull/1424))
 
+<!-- This changes the project to: -->
+
 ## v1.24.0: Y'shtola Rhul
 
 Anubis is back and better than ever! Lots of minor fixes with some big ones interspersed.

internal/glob/glob.go

@@ -36,7 +36,7 @@ func Glob(pattern, subj string) bool {
 	end := len(parts) - 1
 
 	// Go over the leading parts and ensure they match.
-	for i := range end {
+	for i := 0; i < end; i++ {
 		idx := strings.Index(subj, parts[i])
 
 		switch i {

internal/hash_bench_test.go

@@ -184,7 +184,7 @@ func TestHashCollisions(t *testing.T) {
 	for _, prefix := range prefixes {
 		for _, suffix := range suffixes {
 			for _, variation := range variations {
-				for i := range 100 {
+				for i := 0; i < 100; i++ {
 					input := fmt.Sprintf("%s%s%s-%d", prefix, suffix, variation, i)
 					hash := XXHash64sum(input)
 					if existing, exists := xxhashHashes[hash]; exists {
@@ -211,7 +211,7 @@ func TestHashCollisions(t *testing.T) {
 
 	seqCount := 0
 	for _, pattern := range patterns {
-		for i := range 10000 {
+		for i := 0; i < 10000; i++ {
 			input := fmt.Sprintf(pattern, i)
 			hash := XXHash64sum(input)
 			if existing, exists := xxhashHashes[hash]; exists {

internal/honeypot/naive/naive.go

@@ -120,7 +120,7 @@ func (i *Impl) makeAffirmations() []string {
 	count := rand.IntN(5) + 1
 
 	var result []string
-	for range count {
+	for j := 0; j < count; j++ {
 		result = append(result, i.affirmation.Spin())
 	}
 
@@ -131,7 +131,7 @@ func (i *Impl) makeSpins() []string {
 	count := rand.IntN(5) + 1
 
 	var result []string
-	for range count {
+	for j := 0; j < count; j++ {
 		result = append(result, i.body.Spin())
 	}
 

internal/listor.go

@@ -16,7 +16,7 @@ func (lo *ListOr[T]) UnmarshalJSON(data []byte) error {
 
 	// Check if first non-whitespace character is '['
 	firstChar := data[0]
-	for i := range data {
+	for i := 0; i < len(data); i++ {
 		if data[i] != ' ' && data[i] != '\t' && data[i] != '\n' && data[i] != '\r' {
 			firstChar = data[i]
 			break
@@ -36,4 +36,4 @@ func (lo *ListOr[T]) UnmarshalJSON(data []byte) error {
 	}
 
 	return nil
-}
+}

internal/ogtags/mem_test.go

@@ -95,7 +95,7 @@ func TestMemoryUsage(t *testing.T) {
 
 	// Run getTarget many times
 	u, _ := url.Parse("/path/to/resource?query=1&foo=bar&baz=qux")
-	for range 10000 {
+	for i := 0; i < 10000; i++ {
 		_ = cache.getTarget(u)
 	}
 
@@ -129,7 +129,7 @@ func TestMemoryUsage(t *testing.T) {
 	runtime.GC()
 	runtime.ReadMemStats(&m1)
 
-	for range 1000 {
+	for i := 0; i < 1000; i++ {
 		_ = cache.extractOGTags(doc)
 	}
 

internal/ogtags/ogtags_fuzz_test.go

@@ -3,7 +3,6 @@ package ogtags
 import (
 	"context"
 	"net/url"
-	"slices"
 	"strings"
 	"testing"
 	"unicode/utf8"
@@ -79,7 +78,7 @@ func FuzzGetTarget(f *testing.F) {
 		}
 
 		// Ensure no memory corruption by calling multiple times
-		for range 3 {
+		for i := 0; i < 3; i++ {
 			result2 := cache.getTarget(u)
 			if result != result2 {
 				t.Errorf("getTarget not deterministic: %q != %q", result, result2)
@@ -149,8 +148,11 @@ func FuzzExtractOGTags(f *testing.F) {
 				}
 			}
 			if !approved {
-				if slices.Contains(cache.approvedTags, property) {
-					approved = true
+				for _, tag := range cache.approvedTags {
+					if property == tag {
+						approved = true
+						break
+					}
 				}
 			}
 			if !approved {
@@ -258,8 +260,11 @@ func FuzzExtractMetaTagInfo(f *testing.F) {
 				}
 			}
 			if !approved {
-				if slices.Contains(cache.approvedTags, property) {
-					approved = true
+				for _, tag := range cache.approvedTags {
+					if property == tag {
+						approved = true
+						break
+					}
 				}
 			}
 			if !approved {

internal/ogtags/parse.go

@@ -1,7 +1,6 @@
 package ogtags
 
 import (
-	"slices"
 	"strings"
 
 	"golang.org/x/net/html"
@@ -66,8 +65,10 @@ func (c *OGTagCache) extractMetaTagInfo(n *html.Node) (property, content string)
 	}
 
 	// Check exact matches
-	if slices.Contains(c.approvedTags, propertyKey) {
-		return propertyKey, content
+	for _, tag := range c.approvedTags {
+		if propertyKey == tag {
+			return propertyKey, content
+		}
 	}
 
 	return "", content

internal/test/playwright_test.go

@@ -270,7 +270,7 @@ func TestPlaywrightBrowser(t *testing.T) {
 
 				var performedAction action
 				var err error
-				for i := range 5 {
+				for i := 0; i < 5; i++ {
 					performedAction, err = executeTestCase(t, tc, typ, anubisURL)
 					if performedAction == tc.action {
 						break

lib/anubis.go

@@ -81,11 +81,11 @@ type Server struct {
 func (s *Server) getTokenKeyfunc() jwt.Keyfunc {
 	// return ED25519 key if HS512 is not set
 	if len(s.hs512Secret) == 0 {
-		return func(token *jwt.Token) (any, error) {
+		return func(token *jwt.Token) (interface{}, error) {
 			return s.ed25519Priv.Public().(ed25519.PublicKey), nil
 		}
 	} else {
-		return func(token *jwt.Token) (any, error) {
+		return func(token *jwt.Token) (interface{}, error) {
 			return s.hs512Secret, nil
 		}
 	}

lib/anubis_test.go

@@ -38,8 +38,8 @@ func NewTLogWriter(t *testing.T) io.Writer {
 
 // Write splits input on newlines and logs each line separately.
 func (w *TLogWriter) Write(p []byte) (n int, err error) {
-	lines := strings.SplitSeq(string(p), "\n")
-	for line := range lines {
+	lines := strings.Split(string(p), "\n")
+	for _, line := range lines {
 		if line != "" {
 			w.t.Log(line)
 		}

lib/config/config.go

@@ -228,8 +228,8 @@ type ImportStatement struct {
 }
 
 func (is *ImportStatement) open() (fs.File, error) {
-	if after, ok := strings.CutPrefix(is.Import, "(data)/"); ok {
-		fname := after
+	if strings.HasPrefix(is.Import, "(data)/") {
+		fname := strings.TrimPrefix(is.Import, "(data)/")
 		fin, err := data.BotPolicies.Open(fname)
 		return fin, err
 	}
@@ -325,7 +325,7 @@ func (sc StatusCodes) Valid() error {
 }
 
 type fileConfig struct {
-	OpenGraph   openGraphFileConfig `json:"openGraph"`
+	OpenGraph   openGraphFileConfig `json:"openGraph,omitempty"`
 	Impressum   *Impressum          `json:"impressum,omitempty"`
 	Store       *Store              `json:"store"`
 	Bots        []BotOrImport       `json:"bots"`

lib/config/config_test.go

@@ -188,6 +188,7 @@ func TestBotValid(t *testing.T) {
 	}
 
 	for _, cs := range tests {
+		cs := cs
 		t.Run(cs.name, func(t *testing.T) {
 			err := cs.bot.Valid()
 			if err == nil && cs.err == nil {
@@ -215,6 +216,7 @@ func TestConfigValidKnownGood(t *testing.T) {
 	}
 
 	for _, st := range finfos {
+		st := st
 		t.Run(st.Name(), func(t *testing.T) {
 			fin, err := os.Open(filepath.Join("testdata", "good", st.Name()))
 			if err != nil {
@@ -301,6 +303,7 @@ func TestConfigValidBad(t *testing.T) {
 	}
 
 	for _, st := range finfos {
+		st := st
 		t.Run(st.Name(), func(t *testing.T) {
 			fin, err := os.Open(filepath.Join("testdata", "bad", st.Name()))
 			if err != nil {

lib/config_test.go

@@ -24,6 +24,7 @@ func TestBadConfigs(t *testing.T) {
 	}
 
 	for _, st := range finfos {
+		st := st
 		t.Run(st.Name(), func(t *testing.T) {
 			if _, err := LoadPoliciesOrDefault(t.Context(), filepath.Join("config", "testdata", "bad", st.Name()), anubis.DefaultDifficulty, "info"); err == nil {
 				t.Fatal(err)
@@ -41,6 +42,7 @@ func TestGoodConfigs(t *testing.T) {
 	}
 
 	for _, st := range finfos {
+		st := st
 		t.Run(st.Name(), func(t *testing.T) {
 			t.Run("with-thoth", func(t *testing.T) {
 				ctx := thothmock.WithMockThoth(t)

lib/http.go

@@ -182,7 +182,10 @@ func makeCode(err error) string {
 	enc := base64.StdEncoding.EncodeToString(buf.Bytes())
 	var builder strings.Builder
 	for i := 0; i < len(enc); i += width {
-		end := min(i+width, len(enc))
+		end := i + width
+		if end > len(enc) {
+			end = len(enc)
+		}
 		builder.WriteString(enc[i:end])
 		builder.WriteByte('\n')
 	}

lib/policy/expressions/environment_test.go

@@ -103,7 +103,7 @@ func TestBotEnvironment(t *testing.T) {
 					t.Fatalf("failed to compile expression %q: %v", tt.expression, err)
 				}
 
-				result, _, err := prog.Eval(map[string]any{
+				result, _, err := prog.Eval(map[string]interface{}{
 					"headers": tt.headers,
 				})
 				if err != nil {
@@ -168,7 +168,7 @@ func TestBotEnvironment(t *testing.T) {
 					t.Fatalf("failed to compile expression %q: %v", tt.expression, err)
 				}
 
-				result, _, err := prog.Eval(map[string]any{
+				result, _, err := prog.Eval(map[string]interface{}{
 					"path": tt.path,
 				})
 				if err != nil {
@@ -280,7 +280,7 @@ func TestBotEnvironment(t *testing.T) {
 					t.Fatalf("failed to compile expression %q: %v", tt.expression, err)
 				}
 
-				result, _, err := prog.Eval(map[string]any{})
+				result, _, err := prog.Eval(map[string]interface{}{})
 				if err != nil {
 					t.Fatalf("failed to evaluate expression %q: %v", tt.expression, err)
 				}
@@ -359,7 +359,7 @@ func TestBotEnvironment(t *testing.T) {
 						t.Fatalf("failed to compile expression %q: %v", tt.expression, err)
 					}
 
-					result, _, err := prog.Eval(map[string]any{})
+					result, _, err := prog.Eval(map[string]interface{}{})
 					if err != nil {
 						t.Fatalf("failed to evaluate expression %q: %v", tt.expression, err)
 					}
@@ -421,7 +421,7 @@ func TestBotEnvironment(t *testing.T) {
 						t.Fatalf("failed to compile expression %q: %v", tt.expression, err)
 					}
 
-					result, _, err := prog.Eval(map[string]any{})
+					result, _, err := prog.Eval(map[string]interface{}{})
 					if err != nil {
 						t.Fatalf("failed to evaluate expression %q: %v", tt.expression, err)
 					}
@@ -514,7 +514,7 @@ func TestBotEnvironment(t *testing.T) {
 						t.Fatalf("failed to compile expression %q: %v", tt.expression, err)
 					}
 
-					result, _, err := prog.Eval(map[string]any{})
+					result, _, err := prog.Eval(map[string]interface{}{})
 					if err != nil {
 						t.Fatalf("failed to evaluate expression %q: %v", tt.expression, err)
 					}
@@ -572,7 +572,7 @@ func TestBotEnvironment(t *testing.T) {
 						t.Fatalf("failed to compile expression %q: %v", tt.expression, err)
 					}
 
-					result, _, err := prog.Eval(map[string]any{})
+					result, _, err := prog.Eval(map[string]interface{}{})
 					if tt.evalError {
 						if err == nil {
 							t.Errorf("%s: expected an evaluation error, but got none", tt.description)
@@ -598,7 +598,7 @@ func TestThresholdEnvironment(t *testing.T) {
 	}
 
 	tests := []struct {
-		variables     map[string]any
+		variables     map[string]interface{}
 		name          string
 		expression    string
 		description   string
@@ -608,7 +608,7 @@ func TestThresholdEnvironment(t *testing.T) {
 		{
 			name:          "weight-variable-available",
 			expression:    `weight > 100`,
-			variables:     map[string]any{"weight": 150},
+			variables:     map[string]interface{}{"weight": 150},
 			expected:      types.Bool(true),
 			description:   "should support weight variable in expressions",
 			shouldCompile: true,
@@ -616,7 +616,7 @@ func TestThresholdEnvironment(t *testing.T) {
 		{
 			name:          "weight-variable-false-case",
 			expression:    `weight > 100`,
-			variables:     map[string]any{"weight": 50},
+			variables:     map[string]interface{}{"weight": 50},
 			expected:      types.Bool(false),
 			description:   "should correctly evaluate weight comparisons",
 			shouldCompile: true,
@@ -624,7 +624,7 @@ func TestThresholdEnvironment(t *testing.T) {
 		{
 			name:          "missingHeader-not-available",
 			expression:    `missingHeader(headers, "Test")`,
-			variables:     map[string]any{},
+			variables:     map[string]interface{}{},
 			expected:      types.Bool(false), // not used
 			description:   "should not have missingHeader function available",
 			shouldCompile: false,
@@ -667,7 +667,7 @@ func TestNewEnvironment(t *testing.T) {
 	tests := []struct {
 		name          string
 		expression    string
-		variables     map[string]any
+		variables     map[string]interface{}
 		expectBool    *bool // nil if we just want to test compilation or non-bool result
 		description   string
 		shouldCompile bool
@@ -675,7 +675,7 @@ func TestNewEnvironment(t *testing.T) {
 		{
 			name:          "randInt-function-compilation",
 			expression:    `randInt(10)`,
-			variables:     map[string]any{},
+			variables:     map[string]interface{}{},
 			expectBool:    nil, // Don't check result, just compilation
 			description:   "should compile randInt function",
 			shouldCompile: true,
@@ -683,7 +683,7 @@ func TestNewEnvironment(t *testing.T) {
 		{
 			name:          "randInt-range-validation",
 			expression:    `randInt(10) >= 0 && randInt(10) < 10`,
-			variables:     map[string]any{},
+			variables:     map[string]interface{}{},
 			expectBool:    boolPtr(true),
 			description:   "should return values in correct range",
 			shouldCompile: true,
@@ -691,7 +691,7 @@ func TestNewEnvironment(t *testing.T) {
 		{
 			name:          "strings-extension-size",
 			expression:    `"hello".size() == 5`,
-			variables:     map[string]any{},
+			variables:     map[string]interface{}{},
 			expectBool:    boolPtr(true),
 			description:   "should support string extension functions",
 			shouldCompile: true,
@@ -699,7 +699,7 @@ func TestNewEnvironment(t *testing.T) {
 		{
 			name:          "strings-extension-contains",
 			expression:    `"hello world".contains("world")`,
-			variables:     map[string]any{},
+			variables:     map[string]interface{}{},
 			expectBool:    boolPtr(true),
 			description:   "should support string contains function",
 			shouldCompile: true,
@@ -707,7 +707,7 @@ func TestNewEnvironment(t *testing.T) {
 		{
 			name:          "strings-extension-startsWith",
 			expression:    `"hello world".startsWith("hello")`,
-			variables:     map[string]any{},
+			variables:     map[string]interface{}{},
 			expectBool:    boolPtr(true),
 			description:   "should support string startsWith function",
 			shouldCompile: true,

lib/policy/policy_test.go

@@ -32,6 +32,7 @@ func TestGoodConfigs(t *testing.T) {
 	}
 
 	for _, st := range finfos {
+		st := st
 		t.Run(st.Name(), func(t *testing.T) {
 			t.Run("with-thoth", func(t *testing.T) {
 				fin, err := os.Open(filepath.Join("..", "config", "testdata", "good", st.Name()))
@@ -70,6 +71,7 @@ func TestBadConfigs(t *testing.T) {
 	}
 
 	for _, st := range finfos {
+		st := st
 		t.Run(st.Name(), func(t *testing.T) {
 			fin, err := os.Open(filepath.Join("..", "config", "testdata", "bad", st.Name()))
 			if err != nil {

lib/store/s3api/s3api_test.go

@@ -6,7 +6,6 @@ import (
 	"encoding/json"
 	"fmt"
 	"io"
-	"maps"
 	"sync"
 	"testing"
 	"time"
@@ -37,7 +36,9 @@ func (m *mockS3) PutObject(ctx context.Context, in *s3.PutObjectInput, _ ...func
 	m.data[aws.ToString(in.Key)] = bytes.Clone(b)
 	if in.Metadata != nil {
 		m.meta[aws.ToString(in.Key)] = map[string]string{}
-		maps.Copy(m.meta[aws.ToString(in.Key)], in.Metadata)
+		for k, v := range in.Metadata {
+			m.meta[aws.ToString(in.Key)][k] = v
+		}
 	}
 	m.bucket = aws.ToString(in.Bucket)
 	return &s3.PutObjectOutput{}, nil

lib/store/valkey/factory.go

@@ -103,7 +103,7 @@ func (s Sentinel) Valid() error {
 // redisClient is satisfied by *valkey.Client and *valkey.ClusterClient.
 type redisClient interface {
 	Get(ctx context.Context, key string) *valkey.StringCmd
-	Set(ctx context.Context, key string, value any, expiration time.Duration) *valkey.StatusCmd
+	Set(ctx context.Context, key string, value interface{}, expiration time.Duration) *valkey.StatusCmd
 	Del(ctx context.Context, keys ...string) *valkey.IntCmd
 	Ping(ctx context.Context) *valkey.StatusCmd
 }

lib/thoth/auth.go

@@ -11,8 +11,8 @@ func authUnaryClientInterceptor(token string) grpc.UnaryClientInterceptor {
 	return func(
 		ctx context.Context,
 		method string,
-		req any,
-		reply any,
+		req interface{},
+		reply interface{},
 		cc *grpc.ClientConn,
 		invoker grpc.UnaryInvoker,
 		opts ...grpc.CallOption,

package-lock.json

@@ -1,12 +1,12 @@
 {
   "name": "@techaro/anubis",
-  "version": "1.25.0",
+  "version": "1.24.0",
   "lockfileVersion": 3,
   "requires": true,
   "packages": {
     "": {
       "name": "@techaro/anubis",
-      "version": "1.25.0",
+      "version": "1.24.0",
       "license": "ISC",
       "dependencies": {
         "@aws-crypto/sha256-js": "^5.2.0",

package.json

@@ -1,6 +1,6 @@
 {
   "name": "@techaro/anubis",
-  "version": "1.25.0",
+  "version": "1.24.0",
   "description": "",
   "main": "index.js",
   "scripts": {
@@ -66,4 +66,4 @@
     "trailingComma": "all",
     "printWidth": 80
   }
-}
+}

test/haproxy-simple/anubis.env

@@ -0,0 +1,11 @@
+# /etc/anubis/default.env
+
+BIND=/shared/anubis.sock
+BIND_NETWORK=unix
+SOCKET_MODE=0666
+DIFFICULTY=4
+METRICS_BIND=:9090
+COOKIE_DYNAMIC_DOMAIN=true
+# address and port of the actual application (httpdebug container)
+TARGET=http://httpdebug:3000
+POLICY_FNAME=/cfg/anubis.yaml

test/haproxy-simple/conf/anubis/anubis.yaml

@@ -0,0 +1,11 @@
+bots:
+  - name: mozilla
+    user_agent_regex: Mozilla
+    action: CHALLENGE
+    challenge:
+      difficulty: 2
+      algorithm: fast
+
+status_codes:
+  CHALLENGE: 401
+  DENY: 403

test/haproxy-simple/conf/haproxy/haproxy.cfg

@@ -0,0 +1,27 @@
+# /etc/haproxy/haproxy.cfg
+
+frontend FE-application
+  mode http
+  timeout client 5s
+  timeout connect 5s
+  timeout server 5s
+  bind :80
+  # ssl offloading on port 8443 using a certificate from /etc/haproxy/ssl/
+  bind :8443 ssl crt /etc/techaro/pki/haproxy-simple.test.pem alpn h2,http/1.1 ssl-min-ver TLSv1.2 no-tls-tickets
+
+  # set X-Real-IP header required for Anubis
+  http-request set-header X-Real-IP "%[src]"
+
+  # redirect HTTP to HTTPS
+  http-request redirect scheme https code 301 unless { ssl_fc }
+  # add HSTS header
+  http-response set-header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
+
+  # route to Anubis backend by default
+  default_backend BE-anubis-application
+
+backend BE-anubis-application
+  mode http
+  timeout connect 5s
+  timeout server 5s
+  server anubis /shared/anubis.sock

test/haproxy-simple/docker-compose.yaml

@@ -0,0 +1,27 @@
+services:
+  haproxy:
+    image: haproxytech/haproxy-alpine:3.0
+    ports:
+      - 80:80
+      - 8443:8443
+    volumes:
+      - ./conf/haproxy/haproxy.cfg:/usr/local/etc/haproxy/haproxy.cfg
+      - ./pki:/etc/techaro/pki:ro
+      - anubis-socket:/shared
+
+  anubis:
+    image: ghcr.io/techarohq/anubis:main
+    env_file: ./anubis.env
+    user: root
+    volumes:
+      - anubis-socket:/shared
+      - ./conf/anubis:/cfg:ro
+    depends_on:
+      - httpdebug
+
+  httpdebug:
+    image: ghcr.io/xe/x/httpdebug
+    pull_policy: always
+
+volumes:
+  anubis-socket:

test/haproxy-simple/test.mjs

@@ -0,0 +1,39 @@
+#!/usr/bin/env node
+
+async function main() {
+  console.log("Starting HAProxy simple smoke test...");
+
+  console.log("trying to hit backend through haproxy");
+  let resp = await fetch(
+    "https://localhost:8443",
+    {
+      headers: {
+        "User-Agent": "Anubis testing",
+      }
+    }
+  );
+
+  if (resp.status !== 200) {
+    throw new Error(`Expected 200, got ${resp.status}`);
+  }
+  console.log("Got 200 as expected");
+
+  console.log("trying to get stopped by anubis");
+  resp = await fetch(
+    "https://localhost:8443",
+    {
+      headers: {
+        "User-Agent": "Mozilla/5.0",
+      }
+    }
+  );
+
+  if (resp.status !== 401) {
+    throw new Error(`Expected 401, got ${resp.status}`);
+  }
+  console.log("Got 401 as expected");
+
+  console.log("All runtime tests passed successfully!");
+}
+
+await main();

test/haproxy-simple/test.sh

@@ -0,0 +1,31 @@
+#!/usr/bin/env bash
+
+source ../lib/lib.sh
+
+export KO_DOCKER_REPO=ko.local
+
+set -euo pipefail
+
+# Step 1: Config validation
+mint_cert haproxy-simple.test
+
+# Combine cert and key for HAProxy SSL directory format
+cat pki/haproxy-simple.test/cert.pem pki/haproxy-simple.test/key.pem >pki/haproxy-simple.test/haproxy.pem
+
+docker run --rm \
+	-v $PWD/conf/haproxy:/usr/local/etc/haproxy:ro \
+	-v $PWD/pki:/etc/techaro/pki:ro \
+	haproxytech/haproxy-alpine:3.0 \
+	haproxy -c -f /usr/local/etc/haproxy/haproxy.cfg
+
+# Step 2: Runtime testing
+echo "Starting services..."
+docker compose up -d
+
+sleep 5
+
+echo "Services are healthy. Starting runtime tests..."
+export NODE_TLS_REJECT_UNAUTHORIZED=0
+node test.mjs
+
+# Cleanup happens automatically via trap in lib.sh