Victor Fernandes
292c470ada
Set cookies to have the Secure flag default to true ( #739 )
...
* Set Cookies to use the Secure Flag and default SameSite to None
* Add secure flag test
* Updated changelog and documentation for secure flag option
2025-06-30 14:58:31 -04:00
Rafael Fontenelle
12453fdc00
Fix translations in pt-BR.json ( #729 )
...
Signed-off-by: Rafael Fontenelle <rffontenelle@users.noreply.github.com>
2025-06-30 14:14:24 -04:00
Xe Iaso
f5b3bf81bc
feat: dev container support ( #734 )
...
* chore: add devcontainer for Anubis
Signed-off-by: Xe Iaso <me@xeiaso.net>
* chore(devcontainer): ensure user can write to $HOME
Signed-off-by: Xe Iaso <me@xeiaso.net>
* chore(devcontainer): forward ports, add launch config
Signed-off-by: Xe Iaso <me@xeiaso.net>
* chore(devcontainer): add playwright deps
Signed-off-by: Xe Iaso <me@xeiaso.net>
* docs: document devcontainer usage
Signed-off-by: Xe Iaso <me@xeiaso.net>
* chore: spelling
Signed-off-by: Xe Iaso <me@xeiaso.net>
* ci(devcontainer): fix action references
Signed-off-by: Xe Iaso <me@xeiaso.net>
* chore(devcontainer): fix ko on arm64
Signed-off-by: Xe Iaso <me@xeiaso.net>
---------
Signed-off-by: Xe Iaso <me@xeiaso.net>
2025-06-29 23:41:29 -04:00
dependabot[bot]
1820649987
build(deps): bump the gomod group with 2 updates ( #736 )
...
---
updated-dependencies:
- dependency-name: github.com/a-h/templ
dependency-version: 0.3.906
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: gomod
- dependency-name: sigs.k8s.io/yaml
dependency-version: 1.5.0
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: gomod
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-06-29 21:32:56 -04:00
dependabot[bot]
14eeeb56d6
build(deps): bump the github-actions group with 2 updates ( #735 )
...
Bumps the github-actions group with 2 updates: [astral-sh/setup-uv](https://github.com/astral-sh/setup-uv ) and [github/codeql-action](https://github.com/github/codeql-action ).
Updates `astral-sh/setup-uv` from 6.3.0 to 6.3.1
- [Release notes](https://github.com/astral-sh/setup-uv/releases )
- [Commits](445689ea25...bd01e18f51https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](ce28f5bb42...39edc492db
2025-06-29 20:53:14 -04:00
Martin
d9e0fbe905
feat(cmd): Add custom cookie prefix ( #732 )
...
* Add cookie prefix option
* Add explaination comment for TestCookieName
* Rename TestCookieName value from cookie-test-if-you-block-this-anubis-wont-work to cookie-verification
* Add changes to CHANGELOG.md
* Add values to CookieName and TestCookieName in anubis.go required for testcases
2025-06-29 20:03:09 -04:00
Martin
6aa17532da
fix: Dynamic cookie domain not working ( #731 )
...
* Fix cookieDynamicDomain option not being set in Options struct
* Fix using wrong cookie name when using dynamic cookie domains
* Adjust testcases for new cookie option structs
* Add known words to expect.txt and change typo in Zombocom
* Cleanup expect.txt
* Add changes to changelog
* Bump versions of grpc and apimachinery
* Fix testcases and add additional condition for dynamic cookie domain
2025-06-29 15:38:55 -04:00
Xe Iaso
b1edf84a7c
docs(blog/v1.20.0): i am smart
...
Signed-off-by: Xe Iaso <me@xeiaso.net>
2025-06-27 21:10:02 -04:00
Xe Iaso
d47a3406db
docs(blog/v1.20.0): how did CI not catch this?
...
Signed-off-by: Xe Iaso <me@xeiaso.net>
2025-06-27 19:55:58 -04:00
Xe Iaso
ff5991b5cf
docs(blog/v1.20.0): add cover image
...
Signed-off-by: Xe Iaso <me@xeiaso.net>
2025-06-27 19:20:12 -04:00
Xe Iaso
19f78f37ad
docs(blog/v1.20.0): fix typo
...
Signed-off-by: Xe Iaso <me@xeiaso.net>
2025-06-27 18:59:07 -04:00
Xe Iaso
b0b0a5c08a
feat(blog): v1.20.0 announcement post
...
Signed-off-by: Xe Iaso <me@xeiaso.net>
2025-06-27 18:56:09 -04:00
Rafael Fontenelle
261306dc63
Add Brazilian Portuguese translation ( #726 )
...
* Create pt-br.json
Signed-off-by: Rafael Fontenelle <rffontenelle@users.noreply.github.com>
* Enable pt-br locale
Signed-off-by: Rafael Fontenelle <rffontenelle@users.noreply.github.com>
* Fix language code
Signed-off-by: Rafael Fontenelle <rffontenelle@users.noreply.github.com>
* Update and rename pt-br.json to pt-BR.json
Signed-off-by: Rafael Fontenelle <rffontenelle@users.noreply.github.com>
* Update lib/localization/locales/pt-BR.json
Co-authored-by: Victor Fernandes <victorvalenca@gmail.com>
Signed-off-by: Rafael Fontenelle <rffontenelle@users.noreply.github.com>
---------
Signed-off-by: Rafael Fontenelle <rffontenelle@users.noreply.github.com>
Co-authored-by: Victor Fernandes <victorvalenca@gmail.com>
2025-06-27 20:56:56 +00:00
CXM
3520421757
fix: determine bind network from bind address ( #714 )
...
* fix: determine bind network from bind address
* docs: update CHANGELOG
Signed-off-by: Xe Iaso <me@xeiaso.net>
---------
Signed-off-by: Xe Iaso <me@xeiaso.net>
Co-authored-by: Xe Iaso <me@xeiaso.net>
2025-06-27 17:57:37 +00:00
Laurent Laffont
ad5430612f
feat: implement localization system ( #716 )
...
* lib/localization: implement localization system
Locale files are placed in lib/localization/locales/. If you add a
locale, update manifest.json with available locales.
* Exclude locales from check spelling
* tests(lib/localization): add comprehensive translations test
Signed-off-by: Xe Iaso <me@xeiaso.net>
* fix(challenge/metarefresh): enable localization
Signed-off-by: Xe Iaso <me@xeiaso.net>
* fix: use simple syntax for localization in templ
Also localize CELPHASE into French according to the wishes of the
artist.
Signed-off-by: Xe Iaso <me@xeiaso.net>
* chore: spelling
Signed-off-by: Xe Iaso <me@xeiaso.net>
* chore:(js): fix forbidden patterns
Signed-off-by: Xe Iaso <me@xeiaso.net>
* chore: add goi18n to tools
Signed-off-by: Xe Iaso <me@xeiaso.net>
* test(lib/localization): dynamically determine the list of supported languages
Signed-off-by: Xe Iaso <me@xeiaso.net>
---------
Signed-off-by: Xe Iaso <me@xeiaso.net>
Co-authored-by: Xe Iaso <me@xeiaso.net>
2025-06-27 17:49:15 +00:00
Xe Iaso
c2423d0688
chore: release v1.20.0
...
Signed-off-by: Xe Iaso <me@xeiaso.net>
2025-06-27 12:06:22 -04:00
Xe Iaso
a1b7d2ccda
feat: dynamic cookie domains ( #722 )
...
* feat: dynamic cookie domains
Replaces #685
I was having weird testing issues when trying to merge #685 , so I
rewrote it from scratch to be a lot more minimal.
* chore: spelling
Signed-off-by: Xe Iaso <me@xeiaso.net>
---------
Signed-off-by: Xe Iaso <me@xeiaso.net>
2025-06-26 12:11:59 +00:00
msporleder
7cf6ac5de6
remove incorrect module mentions ( #687 )
...
mod_proxy_html is for modifying html content in response bodies. The example configs are using mod_proxy_http.
https://httpd.apache.org/docs/2.4/mod/mod_proxy_html.html
vs
https://httpd.apache.org/docs/2.4/mod/mod_proxy_http.html
And anyway mod_proxy + mod_proxy_http should already be installed on almost all systems.
Signed-off-by: msporleder <msporleder@gmail.com>
2025-06-26 10:47:30 +00:00
Martin
59f5b07281
feat: Add option to use HS512 secret for JWT instead of ED25519 ( #680 )
...
* Add functionality for HS512 JWT tokens
* Add HS512_SECRET to installation docs
* Update CHANGELOG.md regarding HS512
* Move HS512_SECRET to advenced section in docs
* Move token Keyfunc logic to Server function
* Add Keyfunc to spelling
* chore: spelling
Signed-off-by: Xe Iaso <me@xeiaso.net>
---------
Signed-off-by: Xe Iaso <me@xeiaso.net>
Co-authored-by: Martin Weidenauer <mweidenauer@nanx0as46153.anx.local>
Co-authored-by: Xe Iaso <me@xeiaso.net>
2025-06-26 10:06:44 +00:00
Jason Cameron
1562f88c35
chore: Remove unused/dead code ( #703 )
...
* chore(xess): remove unused xess templates
Signed-off-by: Jason Cameron <git@jasoncameron.dev>
* chore(checker): remove unused staticHashChecker implementation
Signed-off-by: Jason Cameron <git@jasoncameron.dev>
* feat: add pinact and deadcode to go tools (pinact is used for the gha pinning)
Signed-off-by: Jason Cameron <git@jasoncameron.dev>
* chore: update Docker and kubectl actions to latest versions
Signed-off-by: Jason Cameron <git@jasoncameron.dev>
* chore: update Homebrew action from master to main in workflow files
See df537ec97f
2025-06-25 09:31:33 -04:00
Outvi V
15bd9b6a44
Populate OpenGraph configurations to Opens.OpenGraph ( #717 )
...
* chore: read OpenGraph configurations
* docs: update CHANGELOG
2025-06-24 15:12:26 +00:00
dependabot[bot]
1ca531b930
build(deps): bump the gomod group with 4 updates ( #709 )
...
Bumps the gomod group with 4 updates: [github.com/grpc-ecosystem/go-grpc-middleware/providers/prometheus](https://github.com/grpc-ecosystem/go-grpc-middleware ), [github.com/grpc-ecosystem/go-grpc-middleware/v2](https://github.com/grpc-ecosystem/go-grpc-middleware ), [google.golang.org/grpc](https://github.com/grpc/grpc-go ) and [k8s.io/apimachinery](https://github.com/kubernetes/apimachinery ).
Updates `github.com/grpc-ecosystem/go-grpc-middleware/providers/prometheus` from 1.0.1 to 1.1.0
- [Release notes](https://github.com/grpc-ecosystem/go-grpc-middleware/releases )
- [Commits](https://github.com/grpc-ecosystem/go-grpc-middleware/compare/providers/prometheus/v1.0.1...v1.1.0 )
Updates `github.com/grpc-ecosystem/go-grpc-middleware/v2` from 2.1.0 to 2.3.2
- [Release notes](https://github.com/grpc-ecosystem/go-grpc-middleware/releases )
- [Commits](https://github.com/grpc-ecosystem/go-grpc-middleware/compare/v2.1.0...v2.3.2 )
Updates `google.golang.org/grpc` from 1.72.2 to 1.73.0
- [Release notes](https://github.com/grpc/grpc-go/releases )
- [Commits](https://github.com/grpc/grpc-go/compare/v1.72.2...v1.73.0 )
Updates `k8s.io/apimachinery` from 0.33.1 to 0.33.2
- [Commits](https://github.com/kubernetes/apimachinery/compare/v0.33.1...v0.33.2 )
---
updated-dependencies:
- dependency-name: github.com/grpc-ecosystem/go-grpc-middleware/providers/prometheus
dependency-version: 1.1.0
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: gomod
- dependency-name: github.com/grpc-ecosystem/go-grpc-middleware/v2
dependency-version: 2.3.2
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: gomod
- dependency-name: google.golang.org/grpc
dependency-version: 1.73.0
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: gomod
- dependency-name: k8s.io/apimachinery
dependency-version: 0.33.2
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: gomod
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-06-23 15:59:08 -04:00
Xe Iaso
f9259299b9
chore: release v1.20.0-pre2
...
Signed-off-by: Xe Iaso <me@xeiaso.net>
2025-06-23 15:17:13 -04:00
Xe Iaso
16a4e04027
fix(lib): fix invalid response after success in Chrome ( #711 )
...
Closes #564
This one is really dumb. Take a seat and listen to my tale of woe.
While @victorvalenca was working on #693 we ran into a strange issue.
The tests would consistently pass on Firefox but instantly failed on
Chrome. After adding increasingly desperate debugging logs to the mix,
we found out that somehow Chrome was randomizing the contents of its
Accept-Language header. This was making the challenge string get
calculated differently, thus making things spuriously fail. I cannot
figure out what causes Chrome to do this other than you being in an
environment where you have more than one "system language" set.
Either way, this should finally fix this issue and bring peace to the
land forever*.
Signed-off-by: Xe Iaso <me@xeiaso.net>
2025-06-23 15:11:56 -04:00
dependabot[bot]
8c79870edb
build(deps): bump the github-actions group with 3 updates ( #708 )
...
Bumps the github-actions group with 3 updates: [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action ), [actions-hub/kubectl](https://github.com/actions-hub/kubectl ) and [astral-sh/setup-uv](https://github.com/astral-sh/setup-uv ).
Updates `docker/setup-buildx-action` from 3.10.0 to 3.11.1
- [Release notes](https://github.com/docker/setup-buildx-action/releases )
- [Commits](b5ca514318...e468171a9dhttps://github.com/actions-hub/kubectl/releases )
- [Commits](f632a31512...d50394b7d7https://github.com/astral-sh/setup-uv/releases )
- [Commits](f0ec1fc3b3...445689ea25
2025-06-23 08:41:04 -04:00
Eric T. Johnson
060b10ea2d
fix(web/js): broken progress bar with slow algo ( #673 )
...
This was revealed by the reformat in #546 .
Signed-off-by: Eric T. Johnson <yut23@users.noreply.github.com>
2025-06-22 20:05:37 -04:00
Xe Iaso
4c74934e9f
fix(default-config): Techaro -> Zombocom
...
Signed-off-by: Xe Iaso <me@xeiaso.net>
2025-06-22 20:04:40 -04:00
Xe Iaso
5870f7072c
feat: implement imprint/impressum support ( #706 )
...
* feat: implement imprint/impressum support
Closes #362
Signed-off-by: Xe Iaso <me@xeiaso.net>
* chore(docs/anubis): enable an imprint
Signed-off-by: Xe Iaso <me@xeiaso.net>
* chore: spelling
Signed-off-by: Xe Iaso <me@xeiaso.net>
* docs: fix the end of the sentence, comment out a default impressum
Signed-off-by: Xe Iaso <me@xeiaso.net>
* docs: link back to impressum page
Signed-off-by: Xe Iaso <me@xeiaso.net>
---------
Signed-off-by: Xe Iaso <me@xeiaso.net>
2025-06-22 18:09:37 -04:00
Xe Iaso
3c1d95d61e
fix(default-config): off-by-one error in the default thresholds ( #701 )
...
I don't know how I missed this in testing.
2025-06-20 11:47:34 -04:00
Jan Alexander Steffens
ab801a3597
Makefile: Build robots2policy ( #699 )
...
* Makefile: Build robots2policy
* Update metadata
check-spelling run (pull_request) for build-robots2policy
Signed-off-by: check-spelling-bot <check-spelling-bot@users.noreply.github.com>
on-behalf-of: @check-spelling <check-spelling-bot@check-spelling.dev>
---------
Signed-off-by: check-spelling-bot <check-spelling-bot@users.noreply.github.com>
Co-authored-by: Jason Cameron <git@jasoncameron.dev>
2025-06-20 11:08:56 -04:00
Xe Iaso
ecc716940e
chore: release v1.20.0-pre1
...
Signed-off-by: Xe Iaso <me@xeiaso.net>
2025-06-19 19:32:49 -04:00
Xe Iaso
4948036f39
feat: add default OpenGraph tags to configuration file ( #694 )
...
* feat(config): opengraph passthrough configuration
Signed-off-by: Xe Iaso <me@xeiaso.net>
* chore(ogtags): use config.OpenGraph for configuration
Signed-off-by: Xe Iaso <me@xeiaso.net>
* chore: wire up ogtags config in most of the app
Signed-off-by: Xe Iaso <me@xeiaso.net>
* feat(ogtags): return default tags if they are supplied
Signed-off-by: Xe Iaso <me@xeiaso.net>
* chore: make OpenGraph legal so we have some sanity in reviewing
Signed-off-by: Xe Iaso <me@xeiaso.net>
* chore: spelling
Signed-off-by: Xe Iaso <me@xeiaso.net>
* fix(lib): use OpenGraph.Enabled
Signed-off-by: Xe Iaso <me@xeiaso.net>
* test(lib): load default config file if one is not specified in spawnAnubis
Signed-off-by: Xe Iaso <me@xeiaso.net>
* chore(config): fix ST1005
Signed-off-by: Xe Iaso <me@xeiaso.net>
* docs: document open graph defaults and its new home in the policy file
Signed-off-by: Xe Iaso <me@xeiaso.net>
* docs(installation): point to weight threshold new home
Signed-off-by: Xe Iaso <me@xeiaso.net>
* chore: rename default to override
Signed-off-by: Xe Iaso <me@xeiaso.net>
* chore(default-config): add off-by-default opengraph settings to bot policy file
Signed-off-by: Xe Iaso <me@xeiaso.net>
* fix(anubis): make build
Signed-off-by: Xe Iaso <me@xeiaso.net>
* test(lib): fix build
Signed-off-by: Xe Iaso <me@xeiaso.net>
---------
Signed-off-by: Xe Iaso <me@xeiaso.net>
2025-06-19 18:00:44 -04:00
Xe Iaso
7aa732c700
fix(config): actually load threshold config ( #696 )
...
* fix(config): actually load threshold config
Signed-off-by: Xe Iaso <me@xeiaso.net>
* chore: spelling
Signed-off-by: Xe Iaso <me@xeiaso.net>
* test(lib): fix test failures
Signed-off-by: Xe Iaso <me@xeiaso.net>
---------
Signed-off-by: Xe Iaso <me@xeiaso.net>
2025-06-19 17:13:01 -04:00
Xe Iaso
226cf36bf7
feat(config): custom weight thresholds via CEL ( #688 )
...
* feat(config): add Thresholds to the top level config file
Signed-off-by: Xe Iaso <me@xeiaso.net>
* chore(config): make String() on ExpressionOrList join the component expressions
Signed-off-by: Xe Iaso <me@xeiaso.net>
* test(config): ensure unparseable json fails
Signed-off-by: Xe Iaso <me@xeiaso.net>
* fix(config): if no thresholds are set, use the default thresholds
Signed-off-by: Xe Iaso <me@xeiaso.net>
* feat(policy): half implement thresholds
Signed-off-by: Xe Iaso <me@xeiaso.net>
* chore(policy): continue wiring things up
Signed-off-by: Xe Iaso <me@xeiaso.net>
* feat(lib): wire up thresholds
Signed-off-by: Xe Iaso <me@xeiaso.net>
* test(lib): handle behavior from legacy configurations
Signed-off-by: Xe Iaso <me@xeiaso.net>
* docs: document thresholds
Signed-off-by: Xe Iaso <me@xeiaso.net>
* docs: update CHANGELOG, refer to threshold configuration
Signed-off-by: Xe Iaso <me@xeiaso.net>
* fix(lib): fix build
Signed-off-by: Xe Iaso <me@xeiaso.net>
* chore(lib): fix U1000
Signed-off-by: Xe Iaso <me@xeiaso.net>
---------
Signed-off-by: Xe Iaso <me@xeiaso.net>
Signed-off-by: Jason Cameron <git@jasoncameron.dev>
Co-authored-by: Jason Cameron <git@jasoncameron.dev>
2025-06-18 16:58:31 -04:00
Dryusdan
1d5fa49eb0
Bump ai.robots.txt to v1.37 ( #689 )
...
Signed-off-by: Jason Cameron <git@jasoncameron.dev>
2025-06-18 13:30:53 -04:00
Lothar Serra Mari
97c1d4f353
docs(known-instances): add extensions.typo3.org ( #691 )
...
Signed-off-by: Lothar Serra Mari <mail@serra.me>
2025-06-18 08:06:23 -04:00
hydrargyrum
244f1c505a
fix(geo): correct typo "counties" to "countries" ( #678 )
2025-06-17 23:50:42 -04:00
Jason Cameron
ae4d3b0ce5
chore: remove duplicate CHANGELOG entry ( #684 )
...
Signed-off-by: Jason Cameron <git@jasoncameron.dev>
2025-06-17 22:49:30 +00:00
prettysunflower
e60c43cdd2
docs(known-instances): add wiki.koha-community.org ( #683 )
...
Signed-off-by: prettysunflower <me@prettysunflower.moe>
2025-06-17 12:14:15 -04:00
Jason Cameron
b2b2679bae
perf: replace cidranger with bart for significant performance improvements ( #675 )
...
* feat: replace cidranger with bart improving performance by 3-20x
Signed-off-by: Jason Cameron <git@jasoncameron.dev>
* perf: replace cidranger with bart for IP range checking
- Replace cidranger.Ranger with bart.Lite in RemoteAddrChecker
- Use netip.ParsePrefix instead of net.ParseCIDR for modern IP handling
- Improve performance: 3-20x faster lookups with zero heap allocations
- Update imports to use github.com/gaissmai/bart and net/netip
- Remove cidranger dependency from go.mod
Benchmark results:
- IPv4 lookups: 4x faster (15.58ns vs 63.25ns, 0 vs 2 allocs)
- IPv6 lookups: 3x faster (26.51ns vs 76.96ns, 0 vs 2 allocs)
- Insertions: 20x faster (976ns vs 19,191ns)
- Large tables: 14x faster (5.2ns vs 74.85ns)
* docs: clarify CHANGELOG to not give false impressions
Signed-off-by: Jason Cameron <git@jasoncameron.dev>
* perf: optimize string concatenation in RemoteAddrChecker hash generation
Replace fmt.Fprintln with strings.Join for 7x faster performance:
- Before: 935.1 ns/op, 784 B/op, 22 allocs/op
- After: 133.2 ns/op, 192 B/op, 1 alloc/op
The hash is used for JWT cookie validation and error code generation.
Comma separation provides the same deterministic uniqueness as newlines
but with significantly better performance during policy initialization.
* chore: remove accidentally commited string benchmark
Signed-off-by: Jason Cameron <git@jasoncameron.dev>
* style: apply Copilot suggestions
Signed-off-by: Jason Cameron <git@jasoncameron.dev>
* fix: reference the right var name
i cannot write a merge commit
Signed-off-by: Jason Cameron <git@jasoncameron.dev>
---------
Signed-off-by: Jason Cameron <git@jasoncameron.dev>
2025-06-17 11:57:55 -04:00
Jason Cameron
e2b46fc5e7
perf: Replace internal SHA256 hashing with xxhash for 4-6x performance improvement ( #676 )
...
* perf(internal): Use FastHash for internal hashing
docs: Add xxhash performance improvement to changelog entry
feat(hash): Add fast non-cryptographic hash function
Signed-off-by: Jason Cameron <git@jasoncameron.dev>
* test(hash): add xxhash benchmarks and collision tests
Signed-off-by: Jason Cameron <git@jasoncameron.dev>
* Update metadata
check-spelling run (pull_request) for json/hash
Signed-off-by: check-spelling-bot <check-spelling-bot@users.noreply.github.com>
on-behalf-of: @check-spelling <check-spelling-bot@check-spelling.dev>
---------
Signed-off-by: Jason Cameron <git@jasoncameron.dev>
Signed-off-by: check-spelling-bot <check-spelling-bot@users.noreply.github.com>
2025-06-16 22:53:53 -04:00
hyperdefined
3437e575d4
chore(sponsors): update canine.tools logo ( #672 )
2025-06-16 14:09:35 -04:00
Xe Iaso
ae064be710
chore(docs/manifest): it helps if you terminate strings properly
...
Signed-off-by: Xe Iaso <me@xeiaso.net>
2025-06-16 12:11:04 -04:00
Xe Iaso
e3826df3ab
feat: implement a client for Thoth, the IP reputation database for Anubis ( #637 )
...
* feat(internal): add Thoth client and simple ASN checker
Signed-off-by: Xe Iaso <me@xeiaso.net>
* feat(thoth): cached ip to asn checker
Signed-off-by: Xe Iaso <me@xeiaso.net>
* chore: go mod tidy
Signed-off-by: Xe Iaso <me@xeiaso.net>
* fix(thoth): minor testing fixups, ensure ASNChecker is Checker
Signed-off-by: Xe Iaso <me@xeiaso.net>
* feat(thoth): make ASNChecker instances
Signed-off-by: Xe Iaso <me@xeiaso.net>
* feat(thoth): add GeoIP checker
Signed-off-by: Xe Iaso <me@xeiaso.net>
* feat(thoth): store a thoth client in a context
Signed-off-by: Xe Iaso <me@xeiaso.net>
* chore: refactor Checker type to its own package
Signed-off-by: Xe Iaso <me@xeiaso.net>
* test(thoth): add thoth mocking package, ignore context deadline exceeded errors
Signed-off-by: Xe Iaso <me@xeiaso.net>
* feat(thoth): pre-cache private ranges
Signed-off-by: Xe Iaso <me@xeiaso.net>
* feat(lib/policy/config): enable thoth ASNs and GeoIP checker parsing
Signed-off-by: Xe Iaso <me@xeiaso.net>
* chore(thoth): refactor to move checker creation to the checker files
Signed-off-by: Xe Iaso <me@xeiaso.net>
* feat(policy): enable thoth checks
Signed-off-by: Xe Iaso <me@xeiaso.net>
* feat(thothmock): test helper function for loading a mock thoth instance
Signed-off-by: Xe Iaso <me@xeiaso.net>
* feat: wire up Thoth, make thoth checks part of the default config
Signed-off-by: Xe Iaso <me@xeiaso.net>
* chore: spelling
Signed-off-by: Xe Iaso <me@xeiaso.net>
* fix(thoth): mend staticcheck errors
Signed-off-by: Xe Iaso <me@xeiaso.net>
* docs(admin): add Thoth docs
Signed-off-by: Xe Iaso <me@xeiaso.net>
* chore(policy): update Thoth links in error messages
Signed-off-by: Xe Iaso <me@xeiaso.net>
* docs: update CHANGELOG
Signed-off-by: Xe Iaso <me@xeiaso.net>
* chore: spelling
Signed-off-by: Xe Iaso <me@xeiaso.net>
* chore(docs/manifest): enable Thoth
Signed-off-by: Xe Iaso <me@xeiaso.net>
* chore: add THOTH_INSECURE for contacting Thoth over plain TCP in extreme circumstances
Signed-off-by: Xe Iaso <me@xeiaso.net>
* test(thoth): use mock thoth when credentials aren't detected in the environment
Signed-off-by: Xe Iaso <me@xeiaso.net>
* chore: spelling
Signed-off-by: Xe Iaso <me@xeiaso.net>
* fix(cmd/anubis): better warnings for half-configured Thoth setups
Signed-off-by: Xe Iaso <me@xeiaso.net>
* docs(botpolicies): link to Thoth geoip docs
Signed-off-by: Xe Iaso <me@xeiaso.net>
---------
Signed-off-by: Xe Iaso <me@xeiaso.net>
2025-06-16 11:57:32 -04:00
Xe Iaso
823d1be5d1
chore(docs/manifest): explicitly allow blog RSS feed
...
Signed-off-by: Xe Iaso <me@xeiaso.net>
2025-06-16 11:50:53 -04:00
Xe Iaso
0c6a820372
chore(docs/manifest): enable OG_PASSTHROUGH
...
Signed-off-by: Xe Iaso <me@xeiaso.net>
2025-06-16 09:31:56 -04:00
Xe Iaso
81f6380dd4
Add the blog section back ( #670 )
...
* Revert "docs/blog: remove (#273 )"
This reverts commit df3509ec998d002e8bcef6285c7c0bc16b54d513.
* chore: intro to the blog post
Signed-off-by: Xe Iaso <me@xeiaso.net>
---------
Signed-off-by: Xe Iaso <me@xeiaso.net>
2025-06-16 09:28:21 -04:00
dependabot[bot]
e5455c02d8
build(deps): bump the github-actions group with 3 updates ( #666 )
...
Bumps the github-actions group with 3 updates: [docker/login-action](https://github.com/docker/login-action ), [actions/attest-build-provenance](https://github.com/actions/attest-build-provenance ) and [github/codeql-action](https://github.com/github/codeql-action ).
Updates `docker/login-action` from 3.0.0 to 3.4.0
- [Release notes](https://github.com/docker/login-action/releases )
- [Commits](https://github.com/docker/login-action/compare/v3...74a5d142397b4f367a81961eba4e8cd7edddf772 )
Updates `actions/attest-build-provenance` from 2.3.0 to 2.4.0
- [Release notes](https://github.com/actions/attest-build-provenance/releases )
- [Changelog](https://github.com/actions/attest-build-provenance/blob/main/RELEASE.md )
- [Commits](db473fddc0...e8998f9491https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](fca7ace96b...ce28f5bb42
2025-06-15 21:13:56 -04:00
Colin Finck
1d8033d69e
Add ReactOS to known-instances.md ( #664 )
...
Signed-off-by: Colin Finck <colin@reactos.org>
2025-06-15 15:30:54 +00:00
Jason Cameron
e0781e4560
feat: add robots2policy CLI to convert robots.txt to Anubis CEL ( #657 )
...
* feat: add robots2policy CLI utility to convert robots.txt to Anubis challenge policies
* feat: add documentation for robots2policy CLI tool
* feat: implement crawl delay handling as weight adjustment in Anubis rules
* feat: add various robots.txt and YAML configurations for user agent handling and crawl delays
* test: add comprehensive tests for robots2policy conversion and parsing
* fix: update example URL in usage instructions for robots2policy CLI
* Update metadata
check-spelling run (pull_request) for json/robots2policycli
Signed-off-by: check-spelling-bot <check-spelling-bot@users.noreply.github.com>
on-behalf-of: @check-spelling <check-spelling-bot@check-spelling.dev>
* docs: add crawl delay weight adjustment and deny user agents option to robots2policy CLI
* Update cmd/robots2policy/main.go
Co-authored-by: Xe Iaso <me@xeiaso.net>
Signed-off-by: Jason Cameron <jasoncameron.all@gmail.com>
* Update cmd/robots2policy/main.go
Co-authored-by: Xe Iaso <me@xeiaso.net>
Signed-off-by: Jason Cameron <jasoncameron.all@gmail.com>
* fix(robots2policy): use sigs.k8s.io/yaml
Signed-off-by: Xe Iaso <me@xeiaso.net>
* feat(config): properly marshal bot policy rules
Signed-off-by: Xe Iaso <me@xeiaso.net>
* chore(yeetfile): expose robots2policy in libexec
Signed-off-by: Xe Iaso <me@xeiaso.net>
* fix(yeetfile): put robots2policy in $PATH
Signed-off-by: Xe Iaso <me@xeiaso.net>
* Update metadata
check-spelling run (pull_request) for json/robots2policycli
Signed-off-by: check-spelling-bot <check-spelling-bot@users.noreply.github.com>
on-behalf-of: @check-spelling <check-spelling-bot@check-spelling.dev>
* style: reorder imports
* refactor: use preexisting structs in config
* fix: correct flag check in main function
* fix: reorder fields in AnubisRule struct for better alignment
* style: improve alignment of struct fields in AnubisRule and OGTagCache
* Update metadata
check-spelling run (pull_request) for json/robots2policycli
Signed-off-by: check-spelling-bot <check-spelling-bot@users.noreply.github.com>
on-behalf-of: @check-spelling <check-spelling-bot@check-spelling.dev>
* fix: add validation for generated Anubis rules from robots.txt
* feat: add batch processing for robots.txt files to generate Anubis CEL policies
* fix: improve usage message and error handling for input file requirement
* refactor: update AnubisRule structure to use ExpressionOrList for improved expression handling
* refactor: reorganize policy definitions in YAML files for consistency and clarity
* fix: correct indentation in blacklist and complex YAML files for consistency
* test: enhance output comparison in robots2policy tests for YAML and JSON formats
* Revert "fix: improve usage message and error handling for input file requirement"
This reverts commit ddcde1f2a326545d3ef2ec32e5e03f55f4f931a8.
* fix: improve usage message and error handling in robots2policy
Signed-off-by: Jason Cameron <git@jasoncameron.dev>
---------
Signed-off-by: check-spelling-bot <check-spelling-bot@users.noreply.github.com>
Signed-off-by: Jason Cameron <jasoncameron.all@gmail.com>
Signed-off-by: Xe Iaso <me@xeiaso.net>
Signed-off-by: Jason Cameron <git@jasoncameron.dev>
Co-authored-by: Xe Iaso <me@xeiaso.net>
2025-06-14 23:41:00 -04:00
