NUKE
Some checks failed
Docker image builds / build (push) Failing after 4m22s

This commit is contained in:
Soph :3 2026-02-07 14:27:38 +02:00
parent d2205b11a7
commit 02b9aebbe5
341 changed files with 1571 additions and 32574 deletions

View file

@ -13,17 +13,17 @@ import (
"strings"
"time"
"github.com/TecharoHQ/anubis"
"github.com/TecharoHQ/anubis/data"
"github.com/TecharoHQ/anubis/internal"
"github.com/TecharoHQ/anubis/internal/honeypot/naive"
"github.com/TecharoHQ/anubis/internal/ogtags"
"github.com/TecharoHQ/anubis/lib/challenge"
"github.com/TecharoHQ/anubis/lib/config"
"github.com/TecharoHQ/anubis/lib/localization"
"github.com/TecharoHQ/anubis/lib/policy"
"github.com/TecharoHQ/anubis/web"
"github.com/TecharoHQ/anubis/xess"
"git.sad.ovh/sophie/nuke"
"git.sad.ovh/sophie/nuke/data"
"git.sad.ovh/sophie/nuke/internal"
"git.sad.ovh/sophie/nuke/internal/honeypot/naive"
"git.sad.ovh/sophie/nuke/internal/ogtags"
"git.sad.ovh/sophie/nuke/lib/challenge"
"git.sad.ovh/sophie/nuke/lib/config"
"git.sad.ovh/sophie/nuke/lib/localization"
"git.sad.ovh/sophie/nuke/lib/policy"
"git.sad.ovh/sophie/nuke/web"
"git.sad.ovh/sophie/nuke/xess"
"github.com/a-h/templ"
)
@ -79,28 +79,28 @@ func LoadPoliciesOrDefault(ctx context.Context, fname string, defaultDifficulty
}
}(fin)
anubisPolicy, err := policy.ParseConfig(ctx, fin, fname, defaultDifficulty, logLevel)
nukePolicy, err := policy.ParseConfig(ctx, fin, fname, defaultDifficulty, logLevel)
if err != nil {
return nil, fmt.Errorf("can't parse policy file %s: %w", fname, err)
}
var validationErrs []error
for _, b := range anubisPolicy.Bots {
for _, b := range nukePolicy.Bots {
if _, ok := challenge.Get(b.Challenge.Algorithm); !ok {
validationErrs = append(validationErrs, fmt.Errorf("%w %s", policy.ErrChallengeRuleHasWrongAlgorithm, b.Challenge.Algorithm))
}
}
if len(validationErrs) != 0 {
return nil, fmt.Errorf("can't do final validation of Anubis config: %w", errors.Join(validationErrs...))
return nil, fmt.Errorf("can't do final validation of Nuke config: %w", errors.Join(validationErrs...))
}
return anubisPolicy, err
return nukePolicy, err
}
func New(opts Options) (*Server, error) {
if opts.Logger == nil {
opts.Logger = slog.With("subsystem", "anubis")
opts.Logger = slog.With("subsystem", "nuke")
}
if opts.ED25519PrivateKey == nil && opts.HS512Secret == nil {
@ -112,8 +112,8 @@ func New(opts Options) (*Server, error) {
opts.ED25519PrivateKey = priv
}
anubis.BasePrefix = strings.TrimRight(opts.BasePrefix, "/")
anubis.PublicUrl = opts.PublicUrl
nuke.BasePrefix = strings.TrimRight(opts.BasePrefix, "/")
nuke.PublicUrl = opts.PublicUrl
result := &Server{
next: opts.Next,
@ -140,7 +140,7 @@ func New(opts Options) (*Server, error) {
}
// Ensure there's no double slash when concatenating BasePrefix and pattern
basePrefix := strings.TrimSuffix(anubis.BasePrefix, "/")
basePrefix := strings.TrimSuffix(nuke.BasePrefix, "/")
prefix := method + basePrefix
// If pattern doesn't start with a slash, add one
@ -152,8 +152,8 @@ func New(opts Options) (*Server, error) {
}
// Ensure there's no double slash when concatenating BasePrefix and StaticPath
stripPrefix := strings.TrimSuffix(anubis.BasePrefix, "/") + anubis.StaticPath
registerWithPrefix(anubis.StaticPath, internal.UnchangingCache(internal.NoBrowsing(http.StripPrefix(stripPrefix, http.FileServerFS(web.Static)))), "")
stripPrefix := strings.TrimSuffix(nuke.BasePrefix, "/") + nuke.StaticPath
registerWithPrefix(nuke.StaticPath, internal.UnchangingCache(internal.NoBrowsing(http.StripPrefix(stripPrefix, http.FileServerFS(web.Static)))), "")
if opts.ServeRobotsTXT {
registerWithPrefix("/robots.txt", http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
@ -165,20 +165,20 @@ func New(opts Options) (*Server, error) {
}
if opts.Policy.Impressum != nil {
registerWithPrefix(anubis.APIPrefix+"imprint", http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
registerWithPrefix(nuke.APIPrefix+"imprint", http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
templ.Handler(
web.Base(opts.Policy.Impressum.Page.Title, opts.Policy.Impressum.Page, opts.Policy.Impressum, localization.GetLocalizer(r)),
).ServeHTTP(w, r)
}), "GET")
}
registerWithPrefix(anubis.APIPrefix+"pass-challenge", http.HandlerFunc(result.PassChallenge), "GET")
registerWithPrefix(anubis.APIPrefix+"check", http.HandlerFunc(result.maybeReverseProxyHttpStatusOnly), "")
registerWithPrefix(nuke.APIPrefix+"pass-challenge", http.HandlerFunc(result.PassChallenge), "GET")
registerWithPrefix(nuke.APIPrefix+"check", http.HandlerFunc(result.maybeReverseProxyHttpStatusOnly), "")
registerWithPrefix("/", http.HandlerFunc(result.maybeReverseProxyOrPage), "")
mazeGen, err := naive.New(result.store, result.logger)
if err == nil {
registerWithPrefix(anubis.APIPrefix+"honeypot/{id}/{stage}", mazeGen, http.MethodGet)
registerWithPrefix(nuke.APIPrefix+"honeypot/{id}/{stage}", mazeGen, http.MethodGet)
opts.Policy.Bots = append(
opts.Policy.Bots,
@ -204,9 +204,9 @@ func New(opts Options) (*Server, error) {
}
//goland:noinspection GoBoolExpressions
if anubis.Version == "devel" {
if nuke.Version == "devel" {
// make-challenge is only used in tests. Only enable while version is devel
registerWithPrefix(anubis.APIPrefix+"make-challenge", http.HandlerFunc(result.MakeChallenge), "POST")
registerWithPrefix(nuke.APIPrefix+"make-challenge", http.HandlerFunc(result.MakeChallenge), "POST")
}
for _, implKind := range challenge.Methods() {