sophie/nuke
1
0
Fork 0
Code Packages 1 Activity Actions

jane remover
Some checks failed
Docker image builds / build (push) Waiting to run
Details
Asset Build Verification / asset_verification (push) Has been cancelled
Details
Docs deploy / build (push) Has been cancelled
Details
Go Mod Tidy Check / go_mod_tidy_check (push) Has been cancelled
Details
Go / go_tests (push) Has been cancelled
Details
Package builds (unstable) / package_builds (push) Has been cancelled
Details
Smoke tests / smoke-test (default-config-macro) (push) Has been cancelled
Details
Smoke tests / smoke-test (docker-registry) (push) Has been cancelled
Details
Smoke tests / smoke-test (double_slash) (push) Has been cancelled
Details
Smoke tests / smoke-test (forced-language) (push) Has been cancelled
Details
Smoke tests / smoke-test (git-clone) (push) Has been cancelled
Details
Smoke tests / smoke-test (git-push) (push) Has been cancelled
Details
Smoke tests / smoke-test (healthcheck) (push) Has been cancelled
Details
Smoke tests / smoke-test (i18n) (push) Has been cancelled
Details
Smoke tests / smoke-test (log-file) (push) Has been cancelled
Details
Smoke tests / smoke-test (nginx) (push) Has been cancelled
Details
Smoke tests / smoke-test (palemoon/amd64) (push) Has been cancelled
Details
Smoke tests / smoke-test (robots_txt) (push) Has been cancelled
Details
Check Spelling / Check Spelling (push) Has been cancelled
Details
SSH CI / ssh (aarch64-16k) (push) Has been cancelled
Details
SSH CI / ssh (aarch64-4k) (push) Has been cancelled
Details
SSH CI / ssh (ppc64le) (push) Has been cancelled
Details
SSH CI / ssh (riscv64) (push) Has been cancelled
Details
zizmor / zizmor latest via PyPI (push) Has been cancelled
Details

Browse source
This commit is contained in:
Soph :3 2026-02-07 13:08:47 +02:00
parent d2205b11a7
commit 896858e027
332 changed files with 1482 additions and 33742 deletions
Download patch file Download diff file Expand all files Collapse all files

36
lib/http.go
View file

@ -13,14 +13,14 @@ import (
"strings"
"time"
"github.com/TecharoHQ/anubis"
"github.com/TecharoHQ/anubis/internal"
"github.com/TecharoHQ/anubis/internal/glob"
"github.com/TecharoHQ/anubis/lib/challenge"
"github.com/TecharoHQ/anubis/lib/localization"
"github.com/TecharoHQ/anubis/lib/policy"
"github.com/TecharoHQ/anubis/web"
"github.com/TecharoHQ/anubis/xess"
"git.sad.ovh/sophie/nuke"
"git.sad.ovh/sophie/nuke/internal"
"git.sad.ovh/sophie/nuke/internal/glob"
"git.sad.ovh/sophie/nuke/lib/challenge"
"git.sad.ovh/sophie/nuke/lib/localization"
"git.sad.ovh/sophie/nuke/lib/policy"
"git.sad.ovh/sophie/nuke/web"
"git.sad.ovh/sophie/nuke/xess"
"github.com/a-h/templ"
"github.com/golang-jwt/jwt/v5"
"golang.org/x/net/publicsuffix"
@ -29,7 +29,7 @@ import (
var domainMatchRegexp = regexp.MustCompile(`^((xn--)?[a-z0-9]+(-[a-z0-9]+)*\.)+[a-z]{2,}$`)
var (
ErrActualAnubisBug = errors.New("this is an actual bug in Anubis, please file an issue with the magic string 'taco bell'")
ErrActualNukeBug = errors.New("this is an actual bug in Nuke, please file an issue with the magic string 'taco bell'")
)
// matchRedirectDomain returns true if host matches any of the allowed redirect
@ -62,7 +62,7 @@ type CookieOpts struct {
func (s *Server) SetCookie(w http.ResponseWriter, cookieOpts CookieOpts) {
var domain = s.opts.CookieDomain
var name = anubis.CookieName
var name = nuke.CookieName
var path = "/"
var sameSite = s.opts.CookieSameSite
@ -100,7 +100,7 @@ func (s *Server) SetCookie(w http.ResponseWriter, cookieOpts CookieOpts) {
func (s *Server) ClearCookie(w http.ResponseWriter, cookieOpts CookieOpts) {
var domain = s.opts.CookieDomain
var name = anubis.CookieName
var name = nuke.CookieName
var path = "/"
var sameSite = s.opts.CookieSameSite
@ -222,7 +222,7 @@ func (s *Server) RenderIndex(w http.ResponseWriter, r *http.Request, cr policy.C
chall, err := s.issueChallenge(r.Context(), r, lg, cr, rule)
if err != nil {
lg.Error("can't get challenge", "err", err)
s.ClearCookie(w, CookieOpts{Name: anubis.TestCookieName, Host: r.Host})
s.ClearCookie(w, CookieOpts{Name: nuke.TestCookieName, Host: r.Host})
s.respondWithError(w, r, fmt.Sprintf("%s: %s", localizer.T("internal_server_error"), rule.Challenge.Algorithm), makeCode(err))
return
}
@ -242,14 +242,14 @@ func (s *Server) RenderIndex(w http.ResponseWriter, r *http.Request, cr policy.C
Value: chall.ID,
Host: r.Host,
Path: "/",
Name: anubis.TestCookieName,
Name: nuke.TestCookieName,
Expiry: 30 * time.Minute,
})
impl, ok := challenge.Get(chall.Method)
if !ok {
lg.Error("check failed", "err", "can't get algorithm", "algorithm", rule.Challenge.Algorithm)
s.ClearCookie(w, CookieOpts{Name: anubis.TestCookieName, Host: r.Host})
s.ClearCookie(w, CookieOpts{Name: nuke.TestCookieName, Host: r.Host})
s.respondWithError(w, r, fmt.Sprintf("%s: %s", localizer.T("internal_server_error"), rule.Challenge.Algorithm), makeCode(err))
return
}
@ -322,7 +322,7 @@ func (s *Server) RenderBench(w http.ResponseWriter, r *http.Request) {
localizer := localization.GetLocalizer(r)
templ.Handler(
web.Base(localizer.T("benchmarking_anubis"), web.Bench(localizer), s.policy.Impressum, localizer),
web.Base(localizer.T("benchmarking_nuke"), web.Bench(localizer), s.policy.Impressum, localizer),
).ServeHTTP(w, r)
}
@ -337,17 +337,17 @@ func (s *Server) respondWithStatus(w http.ResponseWriter, r *http.Request, msg,
}
func (s *Server) ServeHTTP(w http.ResponseWriter, r *http.Request) {
if strings.HasPrefix(r.URL.Path, anubis.BasePrefix+anubis.StaticPath) {
if strings.HasPrefix(r.URL.Path, nuke.BasePrefix+nuke.StaticPath) {
s.mux.ServeHTTP(w, r)
return
} else if strings.HasPrefix(r.URL.Path, anubis.BasePrefix+xess.BasePrefix) {
} else if strings.HasPrefix(r.URL.Path, nuke.BasePrefix+xess.BasePrefix) {
s.mux.ServeHTTP(w, r)
return
}
// Forward robots.txt requests to mux when ServeRobotsTXT is enabled
if s.opts.ServeRobotsTXT {
path := strings.TrimPrefix(r.URL.Path, anubis.BasePrefix)
path := strings.TrimPrefix(r.URL.Path, nuke.BasePrefix)
if path == "/robots.txt" || path == "/.well-known/robots.txt" {
s.mux.ServeHTTP(w, r)
return