TheCloud/anubis
1
0
Fork 0
mirror of https://github.com/TecharoHQ/anubis.git synced 2025-08-03 17:59:24 -04:00
Code Issues Packages Projects Releases Wiki Activity
anubis/docs
History
Xe Iaso 865d513e35
feat(checker): add CEL for matching complicated expressions (#421) 
* feat(lib/policy): add support for CEL checkers

This adds the ability for administrators to use Common Expression
Language[0] (CEL) for more advanced check logic than Anubis previously
offered.

These can be as simple as:

```yaml
- name: allow-api-routes
  action: ALLOW
  expression:
    and:
    - '!(method == "HEAD" || method == "GET")'
    - path.startsWith("/api/")
```

or get as complicated as:

```yaml
- name: allow-git-clients
  action: ALLOW
  expression:
    and:
    - userAgent.startsWith("git/") || userAgent.contains("libgit") || userAgent.startsWith("go-git") || userAgent.startsWith("JGit/") || userAgent.startsWith("JGit-")
    - >
      "Git-Protocol" in headers && headers["Git-Protocol"] == "version=2"
```

Internally these are compiled and evaluated with cel-go[1]. This also
leaves room for extensibility should that be desired in the future. This
will intersect with #338 and eventually intersect with TLS fingerprints
as in #337.

[0]: https://cel.dev/
[1]: https://github.com/google/cel-go

Signed-off-by: Xe Iaso <me@xeiaso.net>

* feat(data/apps): add API route allow rule for non-HEAD/GET

Signed-off-by: Xe Iaso <me@xeiaso.net>

* docs: document expression syntax

Signed-off-by: Xe Iaso <me@xeiaso.net>

* fix: fixes in review

Signed-off-by: Xe Iaso <me@xeiaso.net>

---------

Signed-off-by: Xe Iaso <me@xeiaso.net>
2025-05-03 14:26:54 -04:00
..
docs
feat(checker): add CEL for matching complicated expressions (#421)
2025-05-03 14:26:54 -04:00
manifest
cmd/anubis: allow setting key bytes in flag/envvar (#97)
2025-03-25 17:02:48 -04:00
src
fix(docs): make the docs respect light/dark mode (#334)
2025-04-23 04:01:02 +00:00
static
sponsor: Distrust
2025-04-25 00:25:03 -04:00
.dockerignore
add docs site based on docusarus (#35)
2025-03-20 15:06:58 -04:00
.gitignore
add docs site based on docusarus (#35)
2025-03-20 15:06:58 -04:00
Dockerfile
Explicitely define image sources in Dockerfile (#21)
2025-03-20 17:28:30 -04:00
docusaurus.config.ts
fix(docs): make the docs respect light/dark mode (#334)
2025-04-23 04:01:02 +00:00
package-lock.json
build(deps): bump estree-util-value-to-estree in /docs (#336)
2025-04-23 07:09:01 -04:00
package.json
add docs site based on docusarus (#35)
2025-03-20 15:06:58 -04:00
README.md
add docs site based on docusarus (#35)
2025-03-20 15:06:58 -04:00
sidebars.ts
add docs site based on docusarus (#35)
2025-03-20 15:06:58 -04:00
tsconfig.json
add docs site based on docusarus (#35)
2025-03-20 15:06:58 -04:00

README.md

Website

This website is built using Docusaurus, a modern static website generator.

Installation

$ yarn

Local Development

$ yarn start

This command starts a local development server and opens up a browser window. Most changes are reflected live without having to restart the server.

Build

$ yarn build

This command generates static content into the build directory and can be served using any static contents hosting service.

Deployment

Using SSH:

$ USE_SSH=true yarn deploy

Not using SSH:

$ GIT_USER=<Your GitHub username> yarn deploy

If you are using GitHub pages for hosting, this command is a convenient way to build the website and push to the gh-pages branch.