From 24f8ba729b180fb420995b8c6b592f23b3e5a552 Mon Sep 17 00:00:00 2001 From: Jason Cameron Date: Fri, 25 Apr 2025 14:39:38 -0400 Subject: [PATCH] feat: add support for a base prefix (#294) * fix: rename variable for preventing collision in ED25519 private key handling Signed-off-by: Jason Cameron * fix: remove unused import and debug print in xess.go Signed-off-by: Jason Cameron * feat: introduce base path configuration for Anubis endpoints Closes: #231 Signed-off-by: Jason Cameron * hack(internal/test): skip these tests for now Signed-off-by: Xe Iaso * fix(yeet): unbreak package builds Signed-off-by: Xe Iaso --------- Signed-off-by: Jason Cameron Signed-off-by: Xe Iaso Co-authored-by: Xe Iaso --- anubis.go | 8 +- cmd/anubis/main.go | 32 ++++--- docs/docs/CHANGELOG.md | 2 + docs/docs/admin/installation.mdx | 37 ++++++++ internal/test/playwright_test.go | 131 +++++++++++++++++++++++++++++ lib/anubis.go | 54 ++++++++---- lib/anubis_test.go | 139 +++++++++++++++++++++++++++++++ web/index.templ | 84 ++++++++++++------- web/index_templ.go | 87 ++++++++++--------- web/js/main.mjs | 19 +++-- xess/xess.go | 5 +- yeetfile.js | 2 +- 12 files changed, 490 insertions(+), 110 deletions(-) diff --git a/anubis.go b/anubis.go index b184a45..d626ebc 100644 --- a/anubis.go +++ b/anubis.go @@ -1,4 +1,4 @@ -// Package Anubis contains the version number of Anubis. +// Package anubis contains the version number of Anubis. package anubis // Version is the current version of Anubis. @@ -11,9 +11,15 @@ var Version = "devel" // access. const CookieName = "within.website-x-cmd-anubis-auth" +// BasePrefix is a global prefix for all Anubis endpoints. Can be emptied to remove the prefix entirely. +var BasePrefix = "" + // StaticPath is the location where all static Anubis assets are located. const StaticPath = "/.within.website/x/cmd/anubis/" +// APIPrefix is the location where all Anubis API endpoints are located. +const APIPrefix = "/.within.website/x/cmd/anubis/api/" + // DefaultDifficulty is the default "difficulty" (number of leading zeroes) // that must be met by the client in order to pass the challenge. const DefaultDifficulty = 4 diff --git a/cmd/anubis/main.go b/cmd/anubis/main.go index 47bafd1..ff2d14f 100644 --- a/cmd/anubis/main.go +++ b/cmd/anubis/main.go @@ -38,6 +38,7 @@ import ( ) var ( + basePrefix = flag.String("base-prefix", "", "base prefix (root URL) the application is served under e.g. /myapp") bind = flag.String("bind", ":8923", "network address to bind HTTP to") bindNetwork = flag.String("bind-network", "tcp", "network family to bind HTTP to, e.g. unix, tcp") challengeDifficulty = flag.Int("difficulty", anubis.DefaultDifficulty, "difficulty of the challenge") @@ -76,7 +77,7 @@ func keyFromHex(value string) (ed25519.PrivateKey, error) { } func doHealthCheck() error { - resp, err := http.Get("http://localhost" + *metricsBind + "/metrics") + resp, err := http.Get("http://localhost" + *metricsBind + anubis.BasePrefix + "/metrics") if err != nil { return fmt.Errorf("failed to fetch metrics: %w", err) } @@ -178,13 +179,6 @@ func main() { internal.InitSlog(*slogLevel) - if *healthcheck { - if err := doHealthCheck(); err != nil { - log.Fatal(err) - } - return - } - if *extractResources != "" { if err := extractEmbedFS(data.BotPolicies, ".", *extractResources); err != nil { log.Fatal(err) @@ -230,6 +224,11 @@ func main() { Action: config.RuleBenchmark, }} } + if *basePrefix != "" && !strings.HasPrefix(*basePrefix, "/") { + log.Fatalf("[misconfiguration] base-prefix must start with a slash, eg: /%s", *basePrefix) + } else if strings.HasSuffix(*basePrefix, "/") { + log.Fatalf("[misconfiguration] base-prefix must not end with a slash") + } var priv ed25519.PrivateKey if *ed25519PrivateKeyHex != "" && *ed25519PrivateKeyHexFile != "" { @@ -240,12 +239,12 @@ func main() { log.Fatalf("failed to parse and validate ED25519_PRIVATE_KEY_HEX: %v", err) } } else if *ed25519PrivateKeyHexFile != "" { - hexData, err := os.ReadFile(*ed25519PrivateKeyHexFile) + hexFile, err := os.ReadFile(*ed25519PrivateKeyHexFile) if err != nil { log.Fatalf("failed to read ED25519_PRIVATE_KEY_HEX_FILE %s: %v", *ed25519PrivateKeyHexFile, err) } - priv, err = keyFromHex(string(bytes.TrimSpace(hexData))) + priv, err = keyFromHex(string(bytes.TrimSpace(hexFile))) if err != nil { log.Fatalf("failed to parse and validate content of ED25519_PRIVATE_KEY_HEX_FILE: %v", err) } @@ -273,6 +272,7 @@ func main() { } s, err := libanubis.New(libanubis.Options{ + BasePrefix: *basePrefix, Next: rp, Policy: policy, ServeRobotsTXT: *robotsTxt, @@ -298,7 +298,6 @@ func main() { wg.Add(1) go metricsServer(ctx, wg.Done) } - go startDecayMapCleanup(ctx, s) var h http.Handler @@ -320,6 +319,7 @@ func main() { "debug-benchmark-js", *debugBenchmarkJS, "og-passthrough", *ogPassthrough, "og-expiry-time", *ogTimeToLive, + "base-prefix", *basePrefix, ) go func() { @@ -341,12 +341,20 @@ func metricsServer(ctx context.Context, done func()) { defer done() mux := http.NewServeMux() - mux.Handle("/metrics", promhttp.Handler()) + mux.Handle(anubis.BasePrefix+"/metrics", promhttp.Handler()) srv := http.Server{Handler: mux} listener, metricsUrl := setupListener(*metricsBindNetwork, *metricsBind) slog.Debug("listening for metrics", "url", metricsUrl) + if *healthcheck { + log.Println("running healthcheck") + if err := doHealthCheck(); err != nil { + log.Fatal(err) + } + return + } + go func() { <-ctx.Done() c, cancel := context.WithTimeout(context.Background(), 5*time.Second) diff --git a/docs/docs/CHANGELOG.md b/docs/docs/CHANGELOG.md index 128014c..2b38413 100644 --- a/docs/docs/CHANGELOG.md +++ b/docs/docs/CHANGELOG.md @@ -27,6 +27,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 - Added example nginx configuration to documentation - Added example Apache configuration to the documentation [#277](https://github.com/TecharoHQ/anubis/issues/277) - Move per-environment configuration details into their own pages +- Added support for running anubis behind a prefix (e.g. `/myapp`) - Added headers support to bot policy rules - Moved configuration file from JSON to YAML by default - Added documentation on how to use Anubis with Traefik in Docker @@ -35,6 +36,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 - Moved all CSS inline to the Xess package, changed colors to be CSS variables - Set or append to `X-Forwarded-For` header unless the remote connects over a loopback address [#328](https://github.com/TecharoHQ/anubis/issues/328) - Fixed mojeekbot user agent regex +- Added support for running anubis behind a base path (e.g. `/myapp`) ## v1.16.0 diff --git a/docs/docs/admin/installation.mdx b/docs/docs/admin/installation.mdx index d0dc725..57b5886 100644 --- a/docs/docs/admin/installation.mdx +++ b/docs/docs/admin/installation.mdx @@ -51,6 +51,7 @@ Anubis uses these environment variables for configuration: | Environment Variable | Default value | Explanation | | :----------------------------- | :---------------------- | :------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| `BASE_PREFIX` | unset | If set, adds a global prefix to all Anubis endpoints. For example, setting this to `/myapp` would make Anubis accessible at `/myapp/` instead of `/`. This is useful when running Anubis behind a reverse proxy that routes based on path prefixes. | | `BIND` | `:8923` | The network address that Anubis listens on. For `unix`, set this to a path: `/run/anubis/instance.sock` | | `BIND_NETWORK` | `tcp` | The address family that Anubis listens on. Accepts `tcp`, `unix` and anything Go's [`net.Listen`](https://pkg.go.dev/net#Listen) supports. | | `COOKIE_DOMAIN` | unset | The domain the Anubis challenge pass cookie should be set to. This should be set to the domain you bought from your registrar (EG: `techaro.lol` if your webapp is running on `anubis.techaro.lol`). See [here](https://stackoverflow.com/a/1063760) for more information. | @@ -72,6 +73,42 @@ Anubis uses these environment variables for configuration: For more detailed information on configuring Open Graph tags, please refer to the [Open Graph Configuration](./configuration/open-graph.mdx) page. +### Using Base Prefix + +The `BASE_PREFIX` environment variable allows you to run Anubis behind a path prefix. This is useful when: + +- You want to host multiple services on the same domain +- You're using a reverse proxy that routes based on path prefixes +- You need to integrate Anubis with an existing application structure + +For example, if you set `BASE_PREFIX=/myapp`, Anubis will: + +- Serve its challenge page at `/myapp/` instead of `/` +- Serve its API endpoints at `/myapp/.within.website/x/cmd/anubis/api/` instead of `/.within.website/x/cmd/anubis/api/` +- Serve its static assets at `/myapp/.within.website/x/cmd/anubis/` instead of `/.within.website/x/cmd/anubis/` + +When using this feature with a reverse proxy: + +1. Configure your reverse proxy to route requests for the specified path prefix to Anubis +2. Set the `BASE_PREFIX` environment variable to match the path prefix in your reverse proxy configuration +3. Ensure that your reverse proxy preserves the path when forwarding requests to Anubis + +Example with Nginx: + +```nginx +location /myapp/ { + proxy_pass http://anubis:8923/myapp; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; +} +``` + +With corresponding Anubis configuration: + +``` +BASE_PREFIX=/myapp +``` + ### Key generation To generate an ed25519 private key, you can use this command: diff --git a/internal/test/playwright_test.go b/internal/test/playwright_test.go index 8656f76..ce94c7b 100644 --- a/internal/test/playwright_test.go +++ b/internal/test/playwright_test.go @@ -265,6 +265,132 @@ func TestPlaywrightBrowser(t *testing.T) { } } +func TestPlaywrightWithBasePrefix(t *testing.T) { + if os.Getenv("DONT_USE_NETWORK") != "" { + t.Skip("test requires network egress") + return + } + + t.Skip("NOTE(Xe)\\ these tests require HTTPS support in #364") + + doesNPXExist(t) + startPlaywright(t) + + pw := setupPlaywright(t) + basePrefix := "/myapp" + anubisURL := spawnAnubisWithOptions(t, basePrefix) + + // Reset BasePrefix after test + t.Cleanup(func() { + anubis.BasePrefix = "" + }) + + browsers := []playwright.BrowserType{pw.Chromium} + + for _, typ := range browsers { + t.Run(typ.Name()+"/basePrefix", func(t *testing.T) { + browser, err := typ.Connect(buildBrowserConnect(typ.Name()), playwright.BrowserTypeConnectOptions{ + ExposeNetwork: playwright.String(""), + }) + if err != nil { + t.Fatalf("could not connect to remote browser: %v", err) + } + defer browser.Close() + + ctx, err := browser.NewContext(playwright.BrowserNewContextOptions{ + AcceptDownloads: playwright.Bool(false), + ExtraHttpHeaders: map[string]string{ + "X-Real-Ip": "127.0.0.1", + }, + UserAgent: playwright.String("Mozilla/5.0 (X11; Linux x86_64; rv:136.0) Gecko/20100101 Firefox/136.0"), + }) + if err != nil { + t.Fatalf("could not create context: %v", err) + } + defer ctx.Close() + + page, err := ctx.NewPage() + if err != nil { + t.Fatalf("could not create page: %v", err) + } + defer page.Close() + + // Test accessing the base URL with prefix + _, err = page.Goto(anubisURL+basePrefix, playwright.PageGotoOptions{ + Timeout: pwTimeout(testCases[0], time.Now().Add(5*time.Second)), + }) + if err != nil { + pwFail(t, page, "could not navigate to test server with base prefix: %v", err) + } + + // Check if challenge page is displayed + image := page.Locator("#image[src*=pensive], #image[src*=happy]") + err = image.WaitFor(playwright.LocatorWaitForOptions{ + Timeout: pwTimeout(testCases[0], time.Now().Add(5*time.Second)), + }) + if err != nil { + pwFail(t, page, "could not wait for challenge image: %v", err) + } + + isVisible, err := image.IsVisible() + if err != nil { + pwFail(t, page, "could not check if challenge image is visible: %v", err) + } + if !isVisible { + pwFail(t, page, "challenge image not visible") + } + + // Complete the challenge + // Wait for the challenge to be solved + anubisTest := page.Locator("#anubis-test") + err = anubisTest.WaitFor(playwright.LocatorWaitForOptions{ + Timeout: pwTimeout(testCases[0], time.Now().Add(30*time.Second)), + }) + if err != nil { + pwFail(t, page, "could not wait for challenge to be solved: %v", err) + } + + // Verify the challenge was solved + content, err := anubisTest.TextContent(playwright.LocatorTextContentOptions{}) + if err != nil { + pwFail(t, page, "could not get text content: %v", err) + } + + var tm int64 + if _, err := fmt.Sscanf(content, "%d", &tm); err != nil { + pwFail(t, page, "unexpected output: %s", content) + } + + // Check if the timestamp is reasonable + now := time.Now().Unix() + if tm < now-60 || tm > now+60 { + pwFail(t, page, "unexpected timestamp in output: %d not in range %d±60", tm, now) + } + + // Check if cookie has the correct path + cookies, err := ctx.Cookies() + if err != nil { + pwFail(t, page, "could not get cookies: %v", err) + } + + var found bool + for _, cookie := range cookies { + if cookie.Name == anubis.CookieName { + found = true + if cookie.Path != basePrefix+"/" { + t.Errorf("cookie path is wrong, wanted %s, got: %s", basePrefix+"/", cookie.Path) + } + break + } + } + + if !found { + t.Errorf("Cookie %q not found", anubis.CookieName) + } + }) + } +} + func buildBrowserConnect(name string) string { u, _ := url.Parse(*playwrightServer) @@ -431,6 +557,10 @@ func setupPlaywright(t *testing.T) *playwright.Playwright { } func spawnAnubis(t *testing.T) string { + return spawnAnubisWithOptions(t, "") +} + +func spawnAnubisWithOptions(t *testing.T, basePrefix string) string { t.Helper() h := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { @@ -457,6 +587,7 @@ func spawnAnubis(t *testing.T) string { Policy: policy, ServeRobotsTXT: true, Target: "http://" + host + ":" + port, + BasePrefix: basePrefix, }) if err != nil { t.Fatalf("can't construct libanubis.Server: %v", err) diff --git a/lib/anubis.go b/lib/anubis.go index 8ca6964..70eb37e 100644 --- a/lib/anubis.go +++ b/lib/anubis.go @@ -80,6 +80,7 @@ type Options struct { Target string WebmasterEmail string + BasePrefix string } func LoadPoliciesOrDefault(fname string, defaultDifficulty int) (*policy.ParsedConfig, error) { @@ -121,6 +122,8 @@ func New(opts Options) (*Server, error) { opts.PrivateKey = priv } + anubis.BasePrefix = opts.BasePrefix + result := &Server{ next: opts.Next, priv: opts.PrivateKey, @@ -134,26 +137,42 @@ func New(opts Options) (*Server, error) { mux := http.NewServeMux() xess.Mount(mux) - mux.Handle(anubis.StaticPath, internal.UnchangingCache(internal.NoBrowsing(http.StripPrefix(anubis.StaticPath, http.FileServerFS(web.Static))))) + // Helper to add global prefix + registerWithPrefix := func(pattern string, handler http.Handler, method string) { + if method != "" { + method = method + " " // methods must end with a space to register with them + } - if opts.ServeRobotsTXT { - mux.HandleFunc("/robots.txt", func(w http.ResponseWriter, r *http.Request) { - http.ServeFileFS(w, r, web.Static, "static/robots.txt") - }) + // Ensure there's no double slash when concatenating BasePrefix and pattern + basePrefix := strings.TrimSuffix(anubis.BasePrefix, "/") + prefix := method + basePrefix - mux.HandleFunc("/.well-known/robots.txt", func(w http.ResponseWriter, r *http.Request) { - http.ServeFileFS(w, r, web.Static, "static/robots.txt") - }) + // If pattern doesn't start with a slash, add one + if !strings.HasPrefix(pattern, "/") { + pattern = "/" + pattern + } + + mux.Handle(prefix+pattern, handler) } - // mux.HandleFunc("GET /.within.website/x/cmd/anubis/static/js/main.mjs", serveMainJSWithBestEncoding) + // Ensure there's no double slash when concatenating BasePrefix and StaticPath + stripPrefix := strings.TrimSuffix(anubis.BasePrefix, "/") + anubis.StaticPath + registerWithPrefix(anubis.StaticPath, internal.UnchangingCache(internal.NoBrowsing(http.StripPrefix(stripPrefix, http.FileServerFS(web.Static)))), "") - mux.HandleFunc("POST /.within.website/x/cmd/anubis/api/make-challenge", result.MakeChallenge) - mux.HandleFunc("GET /.within.website/x/cmd/anubis/api/pass-challenge", result.PassChallenge) - mux.HandleFunc("GET /.within.website/x/cmd/anubis/api/check", result.maybeReverseProxyHttpStatusOnly) - mux.HandleFunc("GET /.within.website/x/cmd/anubis/api/test-error", result.TestError) + if opts.ServeRobotsTXT { + registerWithPrefix("/robots.txt", http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + http.ServeFileFS(w, r, web.Static, "static/robots.txt") + }), "GET") + registerWithPrefix("/.well-known/robots.txt", http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + http.ServeFileFS(w, r, web.Static, "static/robots.txt") + }), "GET") + } - mux.HandleFunc("/", result.maybeReverseProxyOrPage) + registerWithPrefix(anubis.APIPrefix+"make-challenge", http.HandlerFunc(result.MakeChallenge), "POST") + registerWithPrefix(anubis.APIPrefix+"pass-challenge", http.HandlerFunc(result.PassChallenge), "GET") + registerWithPrefix(anubis.APIPrefix+"check", http.HandlerFunc(result.maybeReverseProxyHttpStatusOnly), "") + registerWithPrefix(anubis.APIPrefix+"test-error", http.HandlerFunc(result.TestError), "GET") + registerWithPrefix("/", http.HandlerFunc(result.maybeReverseProxyOrPage), "") result.mux = mux @@ -561,6 +580,11 @@ func (s *Server) PassChallenge(w http.ResponseWriter, r *http.Request) { return } + // Adjust cookie path if base prefix is not empty + cookiePath := "/" + if anubis.BasePrefix != "" { + cookiePath = strings.TrimSuffix(anubis.BasePrefix, "/") + "/" + } // generate JWT cookie token := jwt.NewWithClaims(jwt.SigningMethodEdDSA, jwt.MapClaims{ "challenge": challenge, @@ -585,7 +609,7 @@ func (s *Server) PassChallenge(w http.ResponseWriter, r *http.Request) { SameSite: http.SameSiteLaxMode, Domain: s.opts.CookieDomain, Partitioned: s.opts.CookiePartitioned, - Path: "/", + Path: cookiePath, }) challengesValidated.Inc() diff --git a/lib/anubis_test.go b/lib/anubis_test.go index baa92a4..4f3a165 100644 --- a/lib/anubis_test.go +++ b/lib/anubis_test.go @@ -6,6 +6,7 @@ import ( "net/http" "net/http/httptest" "os" + "strings" "testing" "github.com/TecharoHQ/anubis" @@ -254,3 +255,141 @@ func TestCheckDefaultDifficultyMatchesPolicy(t *testing.T) { }) } } + +func TestBasePrefix(t *testing.T) { + h := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + fmt.Fprintln(w, "OK") + }) + + testCases := []struct { + name string + basePrefix string + path string + expected string + }{ + { + name: "no prefix", + basePrefix: "", + path: "/.within.website/x/cmd/anubis/api/make-challenge", + expected: "/.within.website/x/cmd/anubis/api/make-challenge", + }, + { + name: "with prefix", + basePrefix: "/myapp", + path: "/myapp/.within.website/x/cmd/anubis/api/make-challenge", + expected: "/myapp/.within.website/x/cmd/anubis/api/make-challenge", + }, + { + name: "with prefix and trailing slash", + basePrefix: "/myapp/", + path: "/myapp/.within.website/x/cmd/anubis/api/make-challenge", + expected: "/myapp/.within.website/x/cmd/anubis/api/make-challenge", + }, + } + + for _, tc := range testCases { + t.Run(tc.name, func(t *testing.T) { + // Reset the global BasePrefix before each test + anubis.BasePrefix = "" + + pol := loadPolicies(t, "") + pol.DefaultDifficulty = 4 + + srv := spawnAnubis(t, Options{ + Next: h, + Policy: pol, + BasePrefix: tc.basePrefix, + }) + + ts := httptest.NewServer(internal.RemoteXRealIP(true, "tcp", srv)) + defer ts.Close() + + // Test API endpoint with prefix + resp, err := ts.Client().Post(ts.URL+tc.path, "", nil) + if err != nil { + t.Fatalf("can't request challenge: %v", err) + } + defer resp.Body.Close() + + if resp.StatusCode != http.StatusOK { + t.Errorf("expected status code %d, got: %d", http.StatusOK, resp.StatusCode) + } + + var chall challenge + if err := json.NewDecoder(resp.Body).Decode(&chall); err != nil { + t.Fatalf("can't read challenge response body: %v", err) + } + + if chall.Challenge == "" { + t.Errorf("expected non-empty challenge") + } + + // Test cookie path when passing challenge + // Find a nonce that produces a hash with the required number of leading zeros + nonce := 0 + var calculated string + for { + calcString := fmt.Sprintf("%s%d", chall.Challenge, nonce) + calculated = internal.SHA256sum(calcString) + if strings.HasPrefix(calculated, strings.Repeat("0", pol.DefaultDifficulty)) { + break + } + nonce++ + } + elapsedTime := 420 + redir := "/" + + cli := ts.Client() + cli.CheckRedirect = func(req *http.Request, via []*http.Request) error { + return http.ErrUseLastResponse + } + + // Construct the correct path for pass-challenge + passChallengePath := tc.path + passChallengePath = passChallengePath[:strings.LastIndex(passChallengePath, "/")+1] + "pass-challenge" + + req, err := http.NewRequest(http.MethodGet, ts.URL+passChallengePath, nil) + if err != nil { + t.Fatalf("can't make request: %v", err) + } + + q := req.URL.Query() + q.Set("response", calculated) + q.Set("nonce", fmt.Sprint(nonce)) + q.Set("redir", redir) + q.Set("elapsedTime", fmt.Sprint(elapsedTime)) + req.URL.RawQuery = q.Encode() + + resp, err = cli.Do(req) + if err != nil { + t.Fatalf("can't do challenge passing: %v", err) + } + + if resp.StatusCode != http.StatusFound { + t.Errorf("wanted %d, got: %d", http.StatusFound, resp.StatusCode) + } + + // Check cookie path + var ckie *http.Cookie + for _, cookie := range resp.Cookies() { + if cookie.Name == anubis.CookieName { + ckie = cookie + break + } + } + if ckie == nil { + t.Errorf("Cookie %q not found", anubis.CookieName) + return + } + + expectedPath := "/" + if tc.basePrefix != "" { + expectedPath = strings.TrimSuffix(tc.basePrefix, "/") + "/" + } + + if ckie.Path != expectedPath { + t.Errorf("cookie path is wrong, wanted %s, got: %s", expectedPath, ckie.Path) + } + }) + } +} diff --git a/web/index.templ b/web/index.templ index 4fdb4fc..872c8b1 100644 --- a/web/index.templ +++ b/web/index.templ @@ -10,16 +10,56 @@ templ base(title string, body templ.Component, challenge any, ogTags map[string] { title } - + for key, value := range ogTags { } + @templ.JSONScript("anubis_version", anubis.Version) if challenge != nil { @templ.JSONScript("anubis_challenge", challenge) } + @templ.JSONScript("anubis_base_prefix", anubis.BasePrefix)
@@ -44,20 +84,10 @@ templ base(title string, body templ.Component, challenge any, ogTags map[string] templ index() {
- Loading...

- +
Why am I seeing this?

You are seeing this because the administrator of this website has set up Anubis to protect the server against the scourge of AI companies aggressively scraping websites. This can and does cause downtime for the websites, which makes their resources inaccessible for everyone.

Anubis is a compromise. Anubis uses a Proof-of-Work scheme in the vein of Hashcash, a proposed proof-of-work scheme for reducing email spam. The idea is that at individual scales the additional load is ignorable, but at mass scraper levels it adds up and makes scraping much more expensive.

Ultimately, this is a hack whose real purpose is to give a \"good enough\" placeholder solution so that more time can be spent on fingerprinting and identifying headless browsers (EG: via how they do font rendering) so that the challenge proof of work page doesn't need to be presented to users that are much more likely to be legitimate.

Please note that Anubis requires the use of modern JavaScript features that plugins like JShelter will disable. Please disable JShelter or other such plugins for this domain.

") + templ_7745c5c3_Err = templruntime.WriteString(templ_7745c5c3_Buffer, 14, "\">
Why am I seeing this?

You are seeing this because the administrator of this website has set up Anubis to protect the server against the scourge of AI companies aggressively scraping websites. This can and does cause downtime for the websites, which makes their resources inaccessible for everyone.

Anubis is a compromise. Anubis uses a Proof-of-Work scheme in the vein of Hashcash, a proposed proof-of-work scheme for reducing email spam. The idea is that at individual scales the additional load is ignorable, but at mass scraper levels it adds up and makes scraping much more expensive.

Ultimately, this is a hack whose real purpose is to give a \"good enough\" placeholder solution so that more time can be spent on fingerprinting and identifying headless browsers (EG: via how they do font rendering) so that the challenge proof of work page doesn't need to be presented to users that are much more likely to be legitimate.

Please note that Anubis requires the use of modern JavaScript features that plugins like JShelter will disable. Please disable JShelter or other such plugins for this domain.

") if templ_7745c5c3_Err != nil { return templ_7745c5c3_Err } @@ -226,38 +232,38 @@ func errorPage(message string, mail string) templ.Component { templ_7745c5c3_Var11 = templ.NopComponent } ctx = templ.ClearChildren(ctx) - templ_7745c5c3_Err = templruntime.WriteString(templ_7745c5c3_Buffer, 14, "
\"Sad\"Sad

") + templ_7745c5c3_Err = templruntime.WriteString(templ_7745c5c3_Buffer, 16, "\">

") if templ_7745c5c3_Err != nil { return templ_7745c5c3_Err } var templ_7745c5c3_Var13 string templ_7745c5c3_Var13, templ_7745c5c3_Err = templ.JoinStringErrs(message) if templ_7745c5c3_Err != nil { - return templ.Error{Err: templ_7745c5c3_Err, FileName: `index.templ`, Line: 114, Col: 14} + return templ.Error{Err: templ_7745c5c3_Err, FileName: `index.templ`, Line: 141, Col: 14} } _, templ_7745c5c3_Err = templ_7745c5c3_Buffer.WriteString(templ.EscapeString(templ_7745c5c3_Var13)) if templ_7745c5c3_Err != nil { return templ_7745c5c3_Err } - templ_7745c5c3_Err = templruntime.WriteString(templ_7745c5c3_Buffer, 16, ".

") + templ_7745c5c3_Err = templruntime.WriteString(templ_7745c5c3_Buffer, 17, ".

") if templ_7745c5c3_Err != nil { return templ_7745c5c3_Err } if mail != "" { - templ_7745c5c3_Err = templruntime.WriteString(templ_7745c5c3_Buffer, 17, "

Go home or if you believe you should not be blocked, please contact the webmaster at Go home or if you believe you should not be blocked, please contact the webmaster at ") + templ_7745c5c3_Err = templruntime.WriteString(templ_7745c5c3_Buffer, 19, "\">") if templ_7745c5c3_Err != nil { return templ_7745c5c3_Err } var templ_7745c5c3_Var15 string templ_7745c5c3_Var15, templ_7745c5c3_Err = templ.JoinStringErrs(mail) if templ_7745c5c3_Err != nil { - return templ.Error{Err: templ_7745c5c3_Err, FileName: `index.templ`, Line: 120, Col: 11} + return templ.Error{Err: templ_7745c5c3_Err, FileName: `index.templ`, Line: 147, Col: 11} } _, templ_7745c5c3_Err = templ_7745c5c3_Buffer.WriteString(templ.EscapeString(templ_7745c5c3_Var15)) if templ_7745c5c3_Err != nil { return templ_7745c5c3_Err } - templ_7745c5c3_Err = templruntime.WriteString(templ_7745c5c3_Buffer, 19, "

") + templ_7745c5c3_Err = templruntime.WriteString(templ_7745c5c3_Buffer, 20, "

") if templ_7745c5c3_Err != nil { return templ_7745c5c3_Err } } else { - templ_7745c5c3_Err = templruntime.WriteString(templ_7745c5c3_Buffer, 20, "

Go home

") + templ_7745c5c3_Err = templruntime.WriteString(templ_7745c5c3_Buffer, 21, "

Go home

") if templ_7745c5c3_Err != nil { return templ_7745c5c3_Err } } - templ_7745c5c3_Err = templruntime.WriteString(templ_7745c5c3_Buffer, 21, "
") + templ_7745c5c3_Err = templruntime.WriteString(templ_7745c5c3_Buffer, 22, "") if templ_7745c5c3_Err != nil { return templ_7745c5c3_Err } @@ -318,7 +324,7 @@ func StaticHappy() templ.Component { templ_7745c5c3_Var16 = templ.NopComponent } ctx = templ.ClearChildren(ctx) - templ_7745c5c3_Err = templruntime.WriteString(templ_7745c5c3_Buffer, 22, "

This is just a check endpoint for your reverse proxy to use.

") + templ_7745c5c3_Err = templruntime.WriteString(templ_7745c5c3_Buffer, 24, "\">

This is just a check endpoint for your reverse proxy to use.

") if templ_7745c5c3_Err != nil { return templ_7745c5c3_Err } @@ -361,34 +367,33 @@ func bench() templ.Component { templ_7745c5c3_Var18 = templ.NopComponent } ctx = templ.ClearChildren(ctx) - templ_7745c5c3_Err = templruntime.WriteString(templ_7745c5c3_Buffer, 24, "
TimeIters
Time AIters ATime BIters B
TimeIters
Time AIters ATime BIters B

Loading...

") + templ_7745c5c3_Err = templruntime.WriteString(templ_7745c5c3_Buffer, 27, "\">
") if templ_7745c5c3_Err != nil { return templ_7745c5c3_Err } diff --git a/web/js/main.mjs b/web/js/main.mjs index 9bb6031..c50ed2b 100644 --- a/web/js/main.mjs +++ b/web/js/main.mjs @@ -14,8 +14,8 @@ const u = (url = "", params = {}) => { return result.toString(); }; -const imageURL = (mood, cacheBuster) => - u(`/.within.website/x/cmd/anubis/static/img/${mood}.webp`, { cacheBuster }); +const imageURL = (mood, cacheBuster, basePrefix) => + u(`${basePrefix}/.within.website/x/cmd/anubis/static/img/${mood}.webp`, { cacheBuster }); const dependencies = [ { @@ -81,6 +81,7 @@ function showContinueBar(hash, nonce, t0, t1) { const title = document.getElementById('title'); const progress = document.getElementById('progress'); const anubisVersion = JSON.parse(document.getElementById('anubis_version').textContent); + const basePrefix = JSON.parse(document.getElementById('anubis_base_prefix').textContent); const details = document.querySelector('details'); let userReadDetails = false; @@ -103,7 +104,7 @@ function showContinueBar(hash, nonce, t0, t1) { ohNoes({ titleMsg: "Your context is not secure!", statusMsg: `Try connecting over HTTPS or let the admin know to set up HTTPS. For more information, see MDN.`, - imageSrc: imageURL("reject", anubisVersion), + imageSrc: imageURL("reject", anubisVersion, basePrefix), }); return; } @@ -128,7 +129,7 @@ function showContinueBar(hash, nonce, t0, t1) { ohNoes({ titleMsg: `Missing feature ${name}`, statusMsg: msg, - imageSrc: imageURL("reject", anubisVersion), + imageSrc: imageURL("reject", anubisVersion, basePrefix), }); } } @@ -140,7 +141,7 @@ function showContinueBar(hash, nonce, t0, t1) { ohNoes({ titleMsg: "Challenge error!", statusMsg: `Failed to resolve check algorithm. You may want to reload the page.`, - imageSrc: imageURL("reject", anubisVersion), + imageSrc: imageURL("reject", anubisVersion, basePrefix), }); return; } @@ -198,7 +199,7 @@ function showContinueBar(hash, nonce, t0, t1) { title.innerHTML = "Success!"; status.innerHTML = `Done! Took ${t1 - t0}ms, ${nonce} iterations`; - image.src = imageURL("happy", anubisVersion); + image.src = imageURL("happy", anubisVersion, basePrefix); progress.style.display = "none"; if (userReadDetails) { @@ -223,7 +224,7 @@ function showContinueBar(hash, nonce, t0, t1) { function onDetailsExpand() { const redir = window.location.href; window.location.replace( - u("/.within.website/x/cmd/anubis/api/pass-challenge", { + u(`${basePrefix}/.within.website/x/cmd/anubis/api/pass-challenge`, { response: hash, nonce, redir, @@ -239,7 +240,7 @@ function showContinueBar(hash, nonce, t0, t1) { setTimeout(() => { const redir = window.location.href; window.location.replace( - u("/.within.website/x/cmd/anubis/api/pass-challenge", { + u(`${basePrefix}/.within.website/x/cmd/anubis/api/pass-challenge`, { response: hash, nonce, redir, @@ -253,7 +254,7 @@ function showContinueBar(hash, nonce, t0, t1) { ohNoes({ titleMsg: "Calculation error!", statusMsg: `Failed to calculate challenge: ${err.message}`, - imageSrc: imageURL("reject", anubisVersion), + imageSrc: imageURL("reject", anubisVersion, basePrefix), }); } })(); \ No newline at end of file diff --git a/xess/xess.go b/xess/xess.go index be5075e..458d6ad 100644 --- a/xess/xess.go +++ b/xess/xess.go @@ -32,6 +32,9 @@ func init() { URL = URL + "?cachebuster=" + anubis.Version } +// Mount registers the xess static file handlers on the given mux func Mount(mux *http.ServeMux) { - mux.Handle("/.within.website/x/xess/", internal.UnchangingCache(http.StripPrefix("/.within.website/x/xess/", http.FileServerFS(Static)))) + prefix := anubis.BasePrefix + "/.within.website/x/xess/" + + mux.Handle(prefix, internal.UnchangingCache(http.StripPrefix(prefix, http.FileServerFS(Static)))) } diff --git a/yeetfile.js b/yeetfile.js index 871153d..035de3c 100644 --- a/yeetfile.js +++ b/yeetfile.js @@ -12,7 +12,7 @@ $`npm run assets`; "./README.md": "README.md", "./LICENSE": "LICENSE", "./docs/docs/CHANGELOG.md": "CHANGELOG.md", - "./docs/docs/admin/policies.md": "policies.md", + "./docs/docs/admin/policies.mdx": "policies.md", "./docs/docs/admin/native-install.mdx": "native-install.mdx", "./data/botPolicies.json": "botPolicies.json", },