3771a3b627
Since the challenge is done off of the main thread, there is no simple way to report the progress done towards completing it. This change adds a callback parameter, `progressCallback`, which is called with the most recently attempted nonce every ~1024 iterations (should this be configurable?). For the single-threaded "slow" algorithm, this is exactly every 1024 iterations. For the multi-threaded "fast" algorithm, threads take turns reporting in a round-robin as then notice they have passed a multiple of 1024. This complexity is to avoid individual threads falling behind their siblings due to the overhead of messaging the main thread. To minimize this overhead as much as possible, a regular number is sent instead of an object. With the new information provided by the callback, a hash rate display is added to the challenge page. This display is updated at most once per second and set with tabular numbers to avoid the constantly changing value being too visually distracting. * web: show a progress bar based on completion probability To provide more feedback to the user, the spinner is replaced with a progress bar of the probability the challenge is complete. Since it looks a little weird that a progress bar would fill up a quarter of the way and then jump to the end (even though the probability would make that happen 1 in 4 times), the bar is mapped with a quadratic easing function to move faster at the beginning and then slow down as the probability of redirection increases. If the probability exceeds 90%, a message appears letting the user know things are taking longer than expected and to continue being patient. Signed-off-by: Xe Iaso <me@xeiaso.net>
5.5 KiB
sidebar_position
| sidebar_position |
|---|
| 999 |
Changelog
All notable changes to this project will be documented in this file.
The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.
[Unreleased]
-
Added a no-store Cache-Control header to the challenge page
-
Hide the directory listings for Anubis' internal static content
-
Changed
--debug-x-real-ip-defaultto--use-remote-address, getting the IP address from the request's socket address instead. -
DroneBL lookups have been disabled by default
-
Static asset builds are now done on demand instead of the results being committed to source control
-
The Dockerfile has been removed as it is no longer in use
-
Developer documentation has been added to the docs site
-
Show more errors when some predictable challenge page errors happen (#150)
-
Verification page now shows hash rate and a progress bar for completion probability.
v1.15.0
Zenos yae Galvus
Yes...the coming days promise to be most interesting. Most interesting.
Headline changes:
- ed25519 signing keys for Anubis can be stored in the flag
--ed25519-private-key-hexor envvarED25519_PRIVATE_KEY_HEX; if one is not provided when Anubis starts, a new one is generated and logged - Add the ability to set the cookie domain with the envvar
COOKIE_DOMAIN=techaro.lolfor all domains undertecharo.lol - Add the ability to set the cookie partitioned flag with the envvar
COOKIE_PARTITIONED=true
Many other small changes were made, including but not limited to:
- Fixed and clarified installation instructions
- Introduced integration tests using Playwright
- Refactor & Split up Anubis into cmd and lib.go
- Fixed bot check to only apply if address range matches
- Fix default difficulty setting that was broken in a refactor
- Linting fixes
- Make dark mode diff lines readable in the documentation
- Fix CI based browser smoke test
Users running Anubis' test suite may run into issues with the integration tests on Windows hosts. This is a known issue and will be fixed at some point in the future. In the meantime, use the Windows Subsystem for Linux (WSL).
v1.14.2
Livia sas Junius: Echo 2
- Remove default RSS reader rule as it may allow for a targeted attack against rails apps #67
- Whitelist MojeekBot in botPolicies #47
- botPolicies regex has been cleaned up #66
v1.14.1
Livia sas Junius: Echo 1
- Set the
X-Real-Ipheader based on the contents ofX-Forwarded-For#62
v1.14.0
Livia sas Junius
Fail to do as my lord commands...and I will spare him the trouble of blocking you.
-
Add explanation of what Anubis is doing to the challenge page #25
-
Administrators can now define artificially hard challenges using the "slow" algorithm:
{ "name": "generic-bot-catchall", "user_agent_regex": "(?i:bot|crawler)", "action": "CHALLENGE", "challenge": { "difficulty": 16, "report_as": 4, "algorithm": "slow" } }This allows administrators to cause particularly malicious clients to use unreasonable amounts of CPU. The UI will also lie to the client about the difficulty.
-
Docker images now explicitly call
docker.io/library/<thing>to increase compatibility with Podman et. al #21 -
Don't overflow the image when browser windows are small (eg. on phones) #27
-
Lower the default difficulty to 4 from 5
-
Don't duplicate work across multiple threads #36
-
Documentation has been moved to https://anubis.techaro.lol/ with sources in docs/
-
Removed several visible AI artifacts (e.g., 6 fingers) #37
-
Fixed hang when navigator.hardwareConcurrency is undefined
-
Support Unix domain sockets #45
-
Allow filtering by remote addresses:
{ "name": "qwantbot", "user_agent_regex": "\\+https\\:\\/\\/help\\.qwant\\.com/bot/", "action": "ALLOW", "remote_addresses": ["91.242.162.0/24"] }This also works at an IP range level:
{ "name": "internal-network", "action": "ALLOW", "remote_addresses": ["100.64.0.0/10"] }
1.13.0
- Proof-of-work challenges are drastically sped up #19
- Docker images are now built with the timestamp set to the commit timestamp
- The README now points to TecharoHQ/anubis instead of Xe/x
- Images are built using ko instead of
docker buildx build#13