feat(lib): ensure that clients store cookies (#501)

* feat(lib): ensure that clients store cookies If a client is misconfigured and does not store cookies, then they can get into a proof of work death spiral with Anubis. This fixes the problem by setting a test cookie whenever the user gets hit with a challenge page. If the test cookie is not there at challenge pass time, then they are blocked. Administrators will also get a log message explaining that the user intentionally broke cookie support and that this behavior is not an Anubis bug. Additionally, this ensures that clients being shown a challenge support gzip-compressed responses by showing the challenge page at gzip level 1. This level is intentionally chosen in order to minimize system impacts. The ClearCookie function is made more generic to account for cookie names as an argument. A correlating SetCookie function was also added to make it easier to set cookies. * chore(lib): clean up test code Signed-off-by: Xe Iaso <me@xeiaso.net> --------- Signed-off-by: Xe Iaso <me@xeiaso.net>
2025-05-16 13:03:40 -04:00 · 2025-05-16 13:03:40 -04:00 · b640c567da
commit b640c567da
parent 9e9982ab5d
11 changed files with 200 additions and 154 deletions
--- a/package.json
+++ b/package.json
@ -10,7 +10,7 @@
    "test:integration:docker": "npm run assets && go test -v ./internal/test --playwright-runner=docker",
    "assets": "go generate ./... && ./web/build.sh && ./xess/build.sh",
    "build": "npm run assets && go build -o ./var/anubis ./cmd/anubis",
-    "dev": "npm run assets && go run ./cmd/anubis --use-remote-address",
+    "dev": "npm run assets && go run ./cmd/anubis --use-remote-address --target http://localhost:3000",
    "container": "npm run assets && go run ./cmd/containerbuild",
    "package": "yeet",
    "lint": "make lint"
@ -27,4 +27,4 @@
    "postcss-import-url": "^7.2.0",
    "postcss-url": "^10.1.3"
  }
-}
+}