anubis

mirror of https://github.com/TecharoHQ/anubis.git synced 2026-02-09 05:19:24 -06:00

Author	SHA1	Message	Date
Xe Iaso	6ee14db3ec	feat(data): add default-config macro Closes #1152 Signed-off-by: Xe Iaso <me@xeiaso.net>	2025-10-13 15:17:49 +00:00
Xe Iaso	c09c86778d	fix(default-config): remove preact challenge (#1184 ) * fix(default-config): remove the preact challenge from the default config Signed-off-by: Xe Iaso <me@xeiaso.net> * docs: update CHANGELOG Signed-off-by: Xe Iaso <me@xeiaso.net> --------- Signed-off-by: Xe Iaso <me@xeiaso.net>	2025-10-11 09:22:07 -04:00
Xe Iaso	9c47c180d0	fix(default-config): make the default config far less paranoid (#1179 ) * test: add httpdebug tool Signed-off-by: Xe Iaso <me@xeiaso.net> * fix(data/clients/git): more strictly match the git client Signed-off-by: Xe Iaso <me@xeiaso.net> * fix(default-config): make the default config far less paranoid This uses a variety of heuristics to make sure that clients that claim to be browsers are more likely to behave like browsers. Most of these are based on the results of a lot of reverse engineering and data collection from honeypot servers. Signed-off-by: Xe Iaso <me@xeiaso.net> * docs: update CHANGELOG Signed-off-by: Xe Iaso <me@xeiaso.net> --------- Signed-off-by: Xe Iaso <me@xeiaso.net> Signed-off-by: Xe Iaso <xe.iaso@techaro.lol>	2025-10-11 08:48:12 -04:00
Xe Iaso	d51d32726c	fix(lib): serve CSS properly (#1158 ) Signed-off-by: Xe Iaso <me@xeiaso.net>	2025-09-27 22:16:23 -04:00
dependabot[bot]	ff33982ee9	build(deps): bump github.com/docker/docker (#1131 ) Bumps [github.com/docker/docker](https://github.com/docker/docker) from 28.3.2+incompatible to 28.3.3+incompatible. - [Release notes](https://github.com/docker/docker/releases) - [Commits](https://github.com/docker/docker/compare/v28.3.2...v28.3.3) --- updated-dependencies: - dependency-name: github.com/docker/docker dependency-version: 28.3.3+incompatible dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-09-27 14:29:07 -04:00
dependabot[bot]	ec90a8b87d	build(deps): bump github.com/ulikunitz/xz from 0.5.12 to 0.5.14 (#1132 ) Bumps [github.com/ulikunitz/xz](https://github.com/ulikunitz/xz) from 0.5.12 to 0.5.14. - [Commits](https://github.com/ulikunitz/xz/compare/v0.5.12...v0.5.14) --- updated-dependencies: - dependency-name: github.com/ulikunitz/xz dependency-version: 0.5.14 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-09-27 13:46:23 -04:00
dependabot[bot]	5731477e0a	build(deps-dev): bump esbuild from 0.25.9 to 0.25.10 in the npm group (#1147 ) Bumps the npm group with 1 update: [esbuild](https://github.com/evanw/esbuild). Updates `esbuild` from 0.25.9 to 0.25.10 - [Release notes](https://github.com/evanw/esbuild/releases) - [Changelog](https://github.com/evanw/esbuild/blob/main/CHANGELOG.md) - [Commits](https://github.com/evanw/esbuild/compare/v0.25.9...v0.25.10) --- updated-dependencies: - dependency-name: esbuild dependency-version: 0.25.10 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: npm ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-09-27 13:46:12 -04:00
Xe Iaso	714c85dbc4	fix(lib): enable multiple consecutive slash support (#1155 ) * fix(lib): enable multiple consecutive slash support Closes #754 Closes #808 Closes #815 Apparently more applications use multiple slashes in a row than I thought. There is no easy way around this other than to do this hacky fix to avoid net/http#ServeMux's URL cleaning. * test(double_slash): add sourceware case Signed-off-by: Xe Iaso <me@xeiaso.net> * test(lib): fix tests for double slash fix Signed-off-by: Xe Iaso <me@xeiaso.net> --------- Signed-off-by: Xe Iaso <xe.iaso@techaro.lol> Signed-off-by: Xe Iaso <me@xeiaso.net>	2025-09-27 13:44:46 -04:00
Jamie McClelland	75ea1b60d5	enable auto setting of SNI based on host header (#1129 ) With this change, setting targetSNI to 'auto' causes anubis to use the request host name as the SNI name, allowing multiple sites to use the same anubis instance and same backend, while still securely connecting to the backend via https. See https://github.com/TecharoHQ/anubis/issues/424	2025-09-25 08:08:16 +00:00
violet	1cf03535a5	feat: support reading real client IP from a custom header (#1138 ) * feat: support reading real client IP from a custom header * pr reviews --------- Co-authored-by: violet <violet@tsukuyomi>	2025-09-25 04:01:24 -04:00
Sunniva Løvstad	c3ed405dbc	Update Nynorsk translation (#1143 ) * chore: fix capitalisation in bokmål and nynorsk * stadfest → e-verb Signed-off-by: Sunniva Løvstad <github@turtle.garden> --------- Signed-off-by: Sunniva Løvstad <github@turtle.garden>	2025-09-25 04:01:02 -04:00
Xe Iaso	8cdf58c9e6	ci(ssh): re-enable aarch64-16k Signed-off-by: Xe Iaso <me@xeiaso.net>	2025-09-20 15:30:29 +00:00
Xe Iaso	1c170988c8	fix: mend auth cookie name stutter (#1139 ) Signed-off-by: Xe Iaso <me@xeiaso.net>	2025-09-19 13:51:11 -04:00
Xe Iaso	9439466ff2	ci(ssh): disable aarch64-16k until my SFP connecter comes in on friday Signed-off-by: Xe Iaso <me@xeiaso.net>	2025-09-17 16:00:10 +00:00
Richard Mahn	4787aeca51	Add Door43 link to known instances documentation (#1136 ) Signed-off-by: Richard Mahn <richmahn@users.noreply.github.com>	2025-09-17 13:11:11 +00:00
Xe Iaso	fb3637df95	feat(metarefresh): randomly use the Refresh header (#1133 ) * feat(lib/challenge): expose ResponseWriter to challenge issuers Signed-off-by: Xe Iaso <me@xeiaso.net> * feat(metarefresh): randomly use the Refresh header There are several ways to trigger an automatic refresh without JavaScript. One of them is the "meta refresh" method[1], but the other is with the Refresh header[2]. Both are semantically identical and supported with browsers as old as Chrome version 1. Given that they are basically the same thing, this patch makes Anubis randomly select between them by using the challenge random data's first character. This will fire about 50% of the time. I expect this to have no impact. If this works out fine, then I will implement some kind of fallback logic for the fast challenge such that admins can opt into allowing clients with a no-js configuration to pass the fast challenge. This needs to bake in the oven though. [1]: https://developer.mozilla.org/en-US/docs/Web/HTML/Reference/Elements/meta/http-equiv [2]: https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Refresh Signed-off-by: Xe Iaso <me@xeiaso.net> * docs: update CHANGELOG Signed-off-by: Xe Iaso <me@xeiaso.net> * feat(metarefresh): simplify random logic Signed-off-by: Xe Iaso <me@xeiaso.net> --------- Signed-off-by: Xe Iaso <me@xeiaso.net> Signed-off-by: Xe Iaso <xe.iaso@techaro.lol>	2025-09-16 17:32:13 -04:00
dependabot[bot]	26076b8520	build(deps): bump github.com/docker/docker in /test (#1130 ) Bumps [github.com/docker/docker](https://github.com/docker/docker) from 28.3.2+incompatible to 28.3.3+incompatible. - [Release notes](https://github.com/docker/docker/releases) - [Commits](https://github.com/docker/docker/compare/v28.3.2...v28.3.3) --- updated-dependencies: - dependency-name: github.com/docker/docker dependency-version: 28.3.3+incompatible dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-09-16 16:22:28 -04:00
NetSysFire	edb84f03b7	convert issue templates into issue forms (#1115 )	2025-09-16 13:14:10 +00:00
Jan Pieter Waagmeester	b2d525bba4	Update nl.json removeing literal translated 'cookie' (koekje) with 'cookie' (#1126 ) Signed-off-by: Jan Pieter Waagmeester <jieter@jieter.nl>	2025-09-16 07:53:30 -04:00
dependabot[bot]	00679aed66	build(deps): bump the github-actions group with 3 updates (#1118 ) Bumps the github-actions group with 3 updates: [actions-hub/kubectl](https://github.com/actions-hub/kubectl), [astral-sh/setup-uv](https://github.com/astral-sh/setup-uv) and [github/codeql-action](https://github.com/github/codeql-action). Updates `actions-hub/kubectl` from 1.34.0 to 1.34.1 - [Release notes](https://github.com/actions-hub/kubectl/releases) - [Commits](`af345ed727...f14933a23b`) Updates `astral-sh/setup-uv` from 6.6.1 to 6.7.0 - [Release notes](https://github.com/astral-sh/setup-uv/releases) - [Commits](`557e51de59...b75a909f75`) Updates `github/codeql-action` from 3.30.1 to 3.30.3 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](`f1f6e5f6af...192325c861`) --- updated-dependencies: - dependency-name: actions-hub/kubectl dependency-version: 1.34.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions - dependency-name: astral-sh/setup-uv dependency-version: 6.7.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: github/codeql-action dependency-version: 3.30.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-09-15 18:23:31 -04:00
dependabot[bot]	03299024c5	build(deps): bump the npm group with 2 updates (#1117 ) Bumps the npm group with 2 updates: [preact](https://github.com/preactjs/preact) and [postcss-import-url](https://github.com/unlight/postcss-import-url). Updates `preact` from 10.27.1 to 10.27.2 - [Release notes](https://github.com/preactjs/preact/releases) - [Commits](https://github.com/preactjs/preact/compare/10.27.1...10.27.2) Updates `postcss-import-url` from 1.0.0 to 7.2.0 - [Release notes](https://github.com/unlight/postcss-import-url/releases) - [Changelog](https://github.com/unlight/postcss-import-url/blob/master/CHANGELOG.md) - [Commits](https://github.com/unlight/postcss-import-url/commits/v7.2.0) --- updated-dependencies: - dependency-name: preact dependency-version: 10.27.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: npm - dependency-name: postcss-import-url dependency-version: 7.2.0 dependency-type: direct:development update-type: version-update:semver-major dependency-group: npm ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-09-15 18:23:15 -04:00
Anna	f745d37d90	fix(run/openrc): truncate runtime directory before starting Anubis (#1122 ) If Anubis is not shut down correctly and there are leftover socket files, Anubis will refuse to start. As "checkpath -D" currently does not work as expected (https://github.com/OpenRC/openrc/issues/335), simply use "rm -rf" before starting Anubis. Signed-off-by: Anna @CyberTailor <cyber@sysrq.in>	2025-09-15 07:44:35 -04:00
Xe Iaso	d12993e31d	feat(expressions): add contentLength to bot expressions (#1120 ) Signed-off-by: Xe Iaso <me@xeiaso.net>	2025-09-15 01:41:45 +00:00
Xe Iaso	88b3e457ee	docs: update BotStopper docs based on new features Signed-off-by: Xe Iaso <me@xeiaso.net>	2025-09-14 20:16:43 +00:00
Xe Iaso	bb2b113b63	ci(ssh): don't print uname -av output (#1114 ) Signed-off-by: Xe Iaso <me@xeiaso.net>	2025-09-14 03:03:46 +00:00
Xe Iaso	6c283d0cd9	ci: add aarch64 for ssh CI (#1112 ) * ci: add aarch64 for ssh CI Signed-off-by: Xe Iaso <me@xeiaso.net> * ci: better comment aile and t-elos' roles Signed-off-by: Xe Iaso <me@xeiaso.net> * ci: fix aile Signed-off-by: Xe Iaso <me@xeiaso.net> * ci: update ssh known hosts secret Signed-off-by: Xe Iaso <me@xeiaso.net> * ci(ssh): replace raw connection strings with arch-quirks Signed-off-by: Xe Iaso <me@xeiaso.net> * ci(ssh): disable this check in PRs again Signed-off-by: Xe Iaso <me@xeiaso.net> --------- Signed-off-by: Xe Iaso <me@xeiaso.net>	2025-09-14 00:15:23 +00:00
agoujot	0037e214a1	add link to preact in challenge list (#1111 ) Preact was added in 1.22, but it currently isn't listed in the "Challenges" page. Signed-off-by: agoujot <145840578+agoujot@users.noreply.github.com>	2025-09-13 17:31:36 -04:00
Valentin Lab	29ae2a4b87	feat: fallback to SameSite Lax mode if cookie is not secure (#1105 ) Also, will allow to set cookie `SameSite` mode on command line or environment. Note that `None` mode will be forced to ``Lax`` if cookie is set to not be secure. Signed-off-by: Valentin Lab <valentin.lab@kalysto.org>	2025-09-13 10:56:54 +00:00
Xe Iaso	401e18f29f	feat(store/bbolt): implement actor pattern (#1107 ) * feat(store/bbolt): implement actor pattern Signed-off-by: Xe Iaso <me@xeiaso.net> * docs(internal/actorify): document package Signed-off-by: Xe Iaso <me@xeiaso.net> * Update metadata check-spelling run (pull_request) for Xe/actorify Signed-off-by: check-spelling-bot <check-spelling-bot@users.noreply.github.com> on-behalf-of: @check-spelling <check-spelling-bot@check-spelling.dev> --------- Signed-off-by: Xe Iaso <me@xeiaso.net> Signed-off-by: check-spelling-bot <check-spelling-bot@users.noreply.github.com>	2025-09-12 18:35:22 +00:00
Xe Iaso	63591866aa	fix(decaymap): fix lock convoy (#1106 ) * fix(decaymap): fix lock convoy Ref #1103 This uses the actor pattern to delay deletion instead of making things fight over a lock. It also properly fixes locking logic to prevent the convoy problem. Signed-off-by: Xe Iaso <me@xeiaso.net> * docs: update CHANGELOG Signed-off-by: Xe Iaso <me@xeiaso.net> --------- Signed-off-by: Xe Iaso <me@xeiaso.net>	2025-09-12 16:43:08 +00:00
Xe Iaso	f79d36d21e	docs: update CHANGELOG properly It helps if you save your editor buffer! Signed-off-by: Xe Iaso <me@xeiaso.net>	2025-09-11 14:07:52 +00:00
Xe Iaso	f5b5243b5e	docs: update CHANGELOG Signed-off-by: Xe Iaso <me@xeiaso.net>	2025-09-11 14:04:32 +00:00
Xe Iaso	2011b83a44	chore: port client-side JS to TypeScript (#1100 ) * chore(challenge/preact): port to typescript Signed-off-by: Xe Iaso <me@xeiaso.net> * chore(js/algorithms): port to typescript Signed-off-by: Xe Iaso <me@xeiaso.net> * chore(js/worker): port to typescript Signed-off-by: Xe Iaso <me@xeiaso.net> * chore(web): fix TypeScript build logic Signed-off-by: Xe Iaso <me@xeiaso.net> * chore(web): port bench.mjs to typescript Signed-off-by: Xe Iaso <me@xeiaso.net> * chore(web): port main.mjs to typescript Signed-off-by: Xe Iaso <me@xeiaso.net> * Update metadata check-spelling run (pull_request) for Xe/use-typescript Signed-off-by: check-spelling-bot <check-spelling-bot@users.noreply.github.com> on-behalf-of: @check-spelling <check-spelling-bot@check-spelling.dev> * fix(js/algorithms/fast): handle old browsers Closes #1082 Signed-off-by: Xe Iaso <me@xeiaso.net> --------- Signed-off-by: Xe Iaso <me@xeiaso.net> Signed-off-by: check-spelling-bot <check-spelling-bot@users.noreply.github.com>	2025-09-11 10:03:10 -04:00
Martin	8ed89a6c6e	feat(lib): Add option for adding difficulty field to JWT claims (#1063 ) * Add option for difficulty JWT field * Add DIFFICULTY_IN_JWT option to docs * Add missing_required_forwarded_headers to lt translation via Google Translate * docs(CHANGELOG): move CHANGELOG entry to the top Signed-off-by: Xe Iaso <me@xeiaso.net> --------- Signed-off-by: Xe Iaso <me@xeiaso.net> Co-authored-by: Xe Iaso <me@xeiaso.net>	2025-09-11 13:50:33 +00:00
Xe Iaso	9430d0e6a5	fix(cmd/containerbuild): support commas in --docker-tags (#1099 ) Signed-off-by: Xe Iaso <me@xeiaso.net>	2025-09-08 22:19:42 +00:00
Xe Iaso	8b9dafac51	security: npm audit fix for GHSA-hfm8-9jrf-7g9w et. al (#1098 ) * security: npm audit fix for GHSA-hfm8-9jrf-7g9w et. al Closes #1097 I'm not sure that this is required, but I'd sleep better at night not finding out that it is required the hard way. Signed-off-by: Xe Iaso <me@xeiaso.net> * chore: bump postcss version Signed-off-by: Xe Iaso <me@xeiaso.net> --------- Signed-off-by: Xe Iaso <me@xeiaso.net>	2025-09-08 14:17:59 -04:00
dependabot[bot]	9997130a7c	build(deps): bump the github-actions group with 4 updates (#1093 ) Co-authored-by: Jason Cameron <git@jasoncameron.dev>	2025-09-07 22:01:27 -04:00
Jason Cameron	e239083944	docs: add reminder for verified signatures in PR template (#1092 )	2025-09-07 16:15:26 -04:00
Jason Cameron	abf6c8de57	feat: Warn on missing signing keys when persisting challenges (#1088 )	2025-09-07 15:43:58 -04:00
Xe Iaso	7e1b5d9951	fix: demote temporal assurance checks * fix(challenge): demote temporal assurance to 80% instead of 95% Signed-off-by: Xe Iaso <me@xeiaso.net> * fix(challenge/preact): wait a little longer to be extra safe Signed-off-by: Xe Iaso <me@xeiaso.net> * fix(challenge/metarefresh): wait a little longer to be extra safe Signed-off-by: Xe Iaso <me@xeiaso.net> * docs(CHANGELOG): add fix notes Signed-off-by: Xe Iaso <me@xeiaso.net> --------- Signed-off-by: Xe Iaso <me@xeiaso.net>	2025-09-07 16:10:54 +00:00
Xe Iaso	98945fb56f	feat(lib/store): add s3api storage backend (#1089 ) * feat(lib/store): add s3api storage backend Signed-off-by: Xe Iaso <me@xeiaso.net> * docs(store/s3api): replace fake S3 API keys with the bee movie script Signed-off-by: Xe Iaso <me@xeiaso.net> * docs(store/s3api): fix spelling sin Signed-off-by: Xe Iaso <me@xeiaso.net> * fix(store/s3api): remove vestigal experiment Signed-off-by: Xe Iaso <me@xeiaso.net> * chore: spelling Signed-off-by: Xe Iaso <me@xeiaso.net> * chore: spelling Signed-off-by: Xe Iaso <me@xeiaso.net> * chore(store/s3api): support IsPersistent call Ref #1088 Signed-off-by: Xe Iaso <me@xeiaso.net> * chore: spelling Signed-off-by: Xe Iaso <me@xeiaso.net> * chore(test): go mod tidy Signed-off-by: Xe Iaso <me@xeiaso.net> --------- Signed-off-by: Xe Iaso <me@xeiaso.net>	2025-09-07 09:24:14 -04:00
Jason Cameron	82099d9e05	fix(robots2policy): handle multiple user agents under one block (#925 )	2025-09-06 22:35:19 -04:00
dependabot[bot]	87c2f1e0e6	build(deps): bump the github-actions group across 1 directory with 8 updates (#1071 ) Co-authored-by: Jason Cameron <git@jasoncameron.dev>	2025-09-06 22:30:43 -04:00
Jason Cameron	f0199d014f	docs: document some missing env vars (#1087 )	2025-09-07 01:34:42 +00:00
Jason Cameron	75109f6b73	docs(installation): add SLOG_LEVEL environment variable to configuration (#1086 ) * docs(installation): add SLOG_LEVEL environment variable to configuration * docs(installation): add SLOG_LEVEL environment variable to configuration	2025-09-06 20:59:02 -04:00
Xe Iaso	c43d7ca686	docs(botstopper): add HTML templating support Signed-off-by: Xe Iaso <me@xeiaso.net>	2025-09-06 23:42:23 +00:00
Xe Iaso	5d5c39e123	chore: v1.22.0 Signed-off-by: Xe Iaso <me@xeiaso.net> v1.22.0	2025-09-06 11:54:36 -04:00
Xe Iaso	d35e47c655	feat: glob matching for redirect domains (#1084 ) * feat: glob matching for redirect domains Signed-off-by: Xe Iaso <me@xeiaso.net> * chore: spelling Signed-off-by: Xe Iaso <me@xeiaso.net> * docs: update CHANGELOG Signed-off-by: Xe Iaso <me@xeiaso.net> --------- Signed-off-by: Xe Iaso <me@xeiaso.net>	2025-09-06 15:46:18 +00:00
Xe Iaso	48b49a0190	docs(CHANGELOG): add changelog entry for v1.22.0 Signed-off-by: Xe Iaso <me@xeiaso.net>	2025-09-05 22:42:08 +00:00
Xe Iaso	de94139789	test: ensure FORCED_LANGUAGE works (#1083 ) Closes #1077	2025-09-05 22:07:17 +00:00

1 2 3 4 5 ...

613 Commits