Commit graph

51 commits

Author SHA1 Message Date
Jason Cameron
69e9023cbb
docs: clarify usage of PUBLIC_URL and REDIRECT_DOMAINS in installatio… (#1286) 2025-11-17 12:11:34 -05:00
Thomas Anderson
a12b4bb755
changed redirect_domains docs (#1171) 2025-10-13 16:21:56 +00:00
Jamie McClelland
75ea1b60d5
enable auto setting of SNI based on host header (#1129)
With this change, setting targetSNI to 'auto' causes anubis to
use the request host name as the SNI name, allowing multiple sites
to use the same anubis instance and same backend, while still securely
connecting to the backend via https.

See https://github.com/TecharoHQ/anubis/issues/424
2025-09-25 08:08:16 +00:00
violet
1cf03535a5
feat: support reading real client IP from a custom header (#1138)
* feat: support reading real client IP from a custom header

* pr reviews

---------

Co-authored-by: violet <violet@tsukuyomi>
2025-09-25 04:01:24 -04:00
Xe Iaso
88b3e457ee
docs: update BotStopper docs based on new features
Signed-off-by: Xe Iaso <me@xeiaso.net>
2025-09-14 20:16:43 +00:00
Valentin Lab
29ae2a4b87
feat: fallback to SameSite Lax mode if cookie is not secure (#1105)
Also, will allow to set cookie `SameSite` mode on command line or
environment. Note that `None` mode will be forced to ``Lax`` if
cookie is set to not be secure.

Signed-off-by: Valentin Lab <valentin.lab@kalysto.org>
2025-09-13 10:56:54 +00:00
Martin
8ed89a6c6e
feat(lib): Add option for adding difficulty field to JWT claims (#1063)
* Add option for difficulty JWT field

* Add DIFFICULTY_IN_JWT option to docs

* Add missing_required_forwarded_headers to lt translation via Google Translate

* docs(CHANGELOG): move CHANGELOG entry to the top

Signed-off-by: Xe Iaso <me@xeiaso.net>

---------

Signed-off-by: Xe Iaso <me@xeiaso.net>
Co-authored-by: Xe Iaso <me@xeiaso.net>
2025-09-11 13:50:33 +00:00
Jason Cameron
abf6c8de57
feat: Warn on missing signing keys when persisting challenges (#1088) 2025-09-07 15:43:58 -04:00
Jason Cameron
f0199d014f
docs: document some missing env vars (#1087) 2025-09-07 01:34:42 +00:00
Jason Cameron
75109f6b73
docs(installation): add SLOG_LEVEL environment variable to configuration (#1086)
* docs(installation): add SLOG_LEVEL environment variable to configuration

* docs(installation): add SLOG_LEVEL environment variable to configuration
2025-09-06 20:59:02 -04:00
Julian Krieger
61682e4987
Update installation.mdx to include a link to the Caddy docs (#993)
* Update installation.mdx to include a link to the Caddy docs

Signed-off-by: Julian Krieger <julian.krieger@hm.edu>

* Update CHANGELOG.md to include documentation changes

Signed-off-by: Julian Krieger <julian.krieger@hm.edu>

---------

Signed-off-by: Julian Krieger <julian.krieger@hm.edu>
2025-08-20 23:02:49 +00:00
Martin
29d038835f
feat(web): Add option for customizable explanation text (#747)
* Add option for customizable explanation text

* Add changes to CHANGELOG.md

* Replace custom explanation text in favor of static simplified text

Also includes translations for the simple_explanation using Google
Translate as a placeholder so tests pass.

---------

Signed-off-by: Xe Iaso <xe.iaso@techaro.lol>
Co-authored-by: Xe Iaso <xe.iaso@techaro.lol>
2025-08-14 11:12:55 -04:00
Martin
ff691dfee8
feat(lib): Add optional restrictions for JWT based on a specific header value (#697)
* Add JWTRestrictionHeader funktionality

* Add JWTRestrictionHeader to docs

* Move JWT_RESTRICTION_HEADER from advanced section to normal one

* Add rull request URL to Changelog

* Set default value of JWT_RESTRICTION_HEADER to X-Real-IP
2025-08-13 23:27:42 +00:00
phoval
a8b7b2ad7b
feat: support HTTP redirect for forward authentication middleware in Traefik (#368)
* feat: support HTTP redirect for forward authentication middleware in Traefik

* fix(docs): fix my terrible merge 

Signed-off-by: Jason Cameron <jasoncameron.all@gmail.com>

* chore: fix typo in docs

Signed-off-by: Jason Cameron <jasoncameron.all@gmail.com>

* fix(ci): add forwardauth

Signed-off-by: Jason Cameron <jasoncameron.all@gmail.com>

* chore: improve doc, target must be a space

* chore: changelog

* fix: validate X-Forwarded headers and check redirect domain

* chore: refactor error handling

* fix(doc): cookie traefik

* fix: tests merge

* Update docs/docs/admin/environments/traefik.mdx

Co-authored-by: Henri Vasserman <henv@hot.ee>
Signed-off-by: Xe Iaso <me@xeiaso.net>

---------

Signed-off-by: Jason Cameron <git@jasoncameron.dev>
Signed-off-by: Jason Cameron <jasoncameron.all@gmail.com>
Signed-off-by: Xe Iaso <me@xeiaso.net>
Co-authored-by: Jason Cameron <git@jasoncameron.dev>
Co-authored-by: Jason Cameron <jasoncameron.all@gmail.com>
Co-authored-by: Xe Iaso <me@xeiaso.net>
Co-authored-by: Henri Vasserman <henv@hot.ee>
2025-08-12 20:59:45 -04:00
Mahid Sheikh
e79cd93b61
docs(installation): Clarify information about private keys and multiple instances (#788)
Signed-off-by: Mahid Sheikh <mahid@standingpad.org>
2025-07-09 10:54:36 +00:00
Xe Iaso
f6254b4b98
docs(installation): clarify BASE_PREFIX matches the /.within.website endpoints
Signed-off-by: Xe Iaso <me@xeiaso.net>
2025-07-05 13:47:02 +00:00
Victor Fernandes
292c470ada
Set cookies to have the Secure flag default to true (#739)
* Set Cookies to use the Secure Flag and default SameSite to None

* Add secure flag test

* Updated changelog and documentation for secure flag option
2025-06-30 14:58:31 -04:00
Xe Iaso
a1b7d2ccda
feat: dynamic cookie domains (#722)
* feat: dynamic cookie domains

Replaces #685

I was having weird testing issues when trying to merge #685, so I
rewrote it from scratch to be a lot more minimal.

* chore: spelling

Signed-off-by: Xe Iaso <me@xeiaso.net>

---------

Signed-off-by: Xe Iaso <me@xeiaso.net>
2025-06-26 12:11:59 +00:00
Martin
59f5b07281
feat: Add option to use HS512 secret for JWT instead of ED25519 (#680)
* Add functionality for HS512 JWT tokens

* Add HS512_SECRET to installation docs

* Update CHANGELOG.md regarding HS512

* Move HS512_SECRET to advenced section in docs

* Move token Keyfunc logic to Server function

* Add Keyfunc to spelling

* chore: spelling

Signed-off-by: Xe Iaso <me@xeiaso.net>

---------

Signed-off-by: Xe Iaso <me@xeiaso.net>
Co-authored-by: Martin Weidenauer <mweidenauer@nanx0as46153.anx.local>
Co-authored-by: Xe Iaso <me@xeiaso.net>
2025-06-26 10:06:44 +00:00
Xe Iaso
4948036f39
feat: add default OpenGraph tags to configuration file (#694)
* feat(config): opengraph passthrough configuration

Signed-off-by: Xe Iaso <me@xeiaso.net>

* chore(ogtags): use config.OpenGraph for configuration

Signed-off-by: Xe Iaso <me@xeiaso.net>

* chore: wire up ogtags config in most of the app

Signed-off-by: Xe Iaso <me@xeiaso.net>

* feat(ogtags): return default tags if they are supplied

Signed-off-by: Xe Iaso <me@xeiaso.net>

* chore: make OpenGraph legal so we have some sanity in reviewing

Signed-off-by: Xe Iaso <me@xeiaso.net>

* chore: spelling

Signed-off-by: Xe Iaso <me@xeiaso.net>

* fix(lib): use OpenGraph.Enabled

Signed-off-by: Xe Iaso <me@xeiaso.net>

* test(lib): load default config file if one is not specified in spawnAnubis

Signed-off-by: Xe Iaso <me@xeiaso.net>

* chore(config): fix ST1005

Signed-off-by: Xe Iaso <me@xeiaso.net>

* docs: document open graph defaults and its new home in the policy file

Signed-off-by: Xe Iaso <me@xeiaso.net>

* docs(installation): point to weight threshold new home

Signed-off-by: Xe Iaso <me@xeiaso.net>

* chore: rename default to override

Signed-off-by: Xe Iaso <me@xeiaso.net>

* chore(default-config): add off-by-default opengraph settings to bot policy file

Signed-off-by: Xe Iaso <me@xeiaso.net>

* fix(anubis): make build

Signed-off-by: Xe Iaso <me@xeiaso.net>

* test(lib): fix build

Signed-off-by: Xe Iaso <me@xeiaso.net>

---------

Signed-off-by: Xe Iaso <me@xeiaso.net>
2025-06-19 18:00:44 -04:00
Jason Cameron
3b3080d497
feat: add a strip-base-prefix option (#655)
* style: fix formatting in .air.toml and installation.mdx

* feat: add --strip-base-prefix flag to modify request paths when forwarding

Closes: #638

* refactor: apply structpacking (betteralign)

* fix: add validation for strip-base-prefix and base-prefix configuration

* fix: improve request path handling by cloning request and modifying URL path

* chore: remove integration tests as they are too annoying to debug on my system
2025-06-12 17:46:08 -04:00
David Chandek-Stark
d6e5561768
Adds ability to toggle off stripping of private addrs from XFF (#619)
* Adds ability to toggle off stripping of private addrs from XFF

* chore: spelling

Signed-off-by: Xe Iaso <me@xeiaso.net>

* chore: refactor to flow better

Signed-off-by: Xe Iaso <me@xeiaso.net>

---------

Signed-off-by: Xe Iaso <me@xeiaso.net>
Co-authored-by: Xe Iaso <me@xeiaso.net>
2025-06-09 13:33:19 +00:00
James Renken
6f08bcb481
feat: add TARGET_SNI to allow overriding the TLS handshake hostname when forwarding requests (#529)
* feat: add TARGET_SNI to allow overriding the TLS handshake hostname when forwarding requests

* chore: spelling

Signed-off-by: Xe Iaso <me@xeiaso.net>

---------

Signed-off-by: Xe Iaso <me@xeiaso.net>
Co-authored-by: Xe Iaso <me@xeiaso.net>
2025-05-23 16:27:35 +00:00
Max Chernoff
5e7bfa5ec2
docs: REDIRECT_DOMAINS must include port numbers (#521)
For websites hosted on non-standard ports (`https://example:com:8443`,
`http://www.example.net:8080`, etc.), the domains listed in
`REDIRECT_DOMAINS` must contain the port number. This commit documents
this requirement on the Installation page.

Fixes #517.

Signed-off-by: Max Chernoff <git@maxchernoff.ca>
2025-05-19 00:38:46 +00:00
OatmealDome
76849531cd
feat: add TARGET_HOST to allow overriding the Host header when forwarding requests (#507)
Signed-off-by: Xe Iaso <me@xeiaso.net>
Co-authored-by: Xe Iaso <me@xeiaso.net>
2025-05-16 16:46:47 +00:00
Xe Iaso
624b935ecc
feat: add TARGET_INSECURE_SKIP_VERIFY setting to allow self-signed HTTPS backends (#426)
Also discourage the use of this by putting it in a "scary" section of
the configuration docs.

Signed-off-by: Xe Iaso <me@xeiaso.net>
2025-05-09 16:56:24 +00:00
Josh Soref
52a6a65cc4
Spelling (#445)
* link: stackoverflow explanation of cookies

Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>

* spelling: bazaar

Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>

* spelling: enabling

Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>

* spelling: expressions

Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>

* spelling: implicitly

Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>

* spelling: intermediate

Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>

* spelling: nonexistent

Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>

* spelling: open graph

Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>

* spelling: really, really,

Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>

* spelling: receive

Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>

---------

Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
2025-05-05 10:52:02 -04:00
Jareth Gomes
91275c489f
feat: make authorization cookie default expiration time customizable (#389) 2025-05-01 10:05:33 +00:00
Jason Cameron
4184b42282
feat(og): Foward host header (#370)
* feat(ogtags): enhance target URL handling for OGTagCache, support Unix sockets

Closes: #323 #319
Signed-off-by: Jason Cameron <git@jasoncameron.dev>

* docs: update CHANGELOG.md to include Opengraph passthrough support for Unix sockets

Signed-off-by: Jason Cameron <git@jasoncameron.dev>

* docs: update CHANGELOG.md to include Opengraph passthrough support for Unix sockets

Signed-off-by: Jason Cameron <git@jasoncameron.dev>

* feat(ogtags): add option to consider host in Open Graph tag cache key

Signed-off-by: Jason Cameron <git@jasoncameron.dev>

* feat(ogtags): add option to consider host in OG tag cache key

Signed-off-by: Jason Cameron <git@jasoncameron.dev>

* test(ogtags): enhance tests for OGTagCache with host consideration scenarios

Signed-off-by: Jason Cameron <git@jasoncameron.dev>

* refactor(ogtags): extract constants for HTTP timeout and max content length

Signed-off-by: Jason Cameron <git@jasoncameron.dev>

* refactor(ogtags): restore fetchHTMLDocument method for cache key generation

Signed-off-by: Jason Cameron <git@jasoncameron.dev>

* refactor(ogtags): replace maxContentLength field with constant and ensure HTTP scheme is set correctly

Signed-off-by: Jason Cameron <git@jasoncameron.dev>

* fix(fetch): add proxy headers

Signed-off-by: Jason Cameron <git@jasoncameron.dev>

---------

Signed-off-by: Jason Cameron <git@jasoncameron.dev>
2025-04-29 08:20:04 -04:00
Jason Cameron
24f8ba729b
feat: add support for a base prefix (#294)
* fix: rename variable for preventing collision in ED25519 private key handling

Signed-off-by: Jason Cameron <git@jasoncameron.dev>

* fix: remove unused import and debug print in xess.go

Signed-off-by: Jason Cameron <git@jasoncameron.dev>

* feat: introduce base path configuration for Anubis endpoints

Closes: #231
Signed-off-by: Jason Cameron <git@jasoncameron.dev>

* hack(internal/test): skip these tests for now

Signed-off-by: Xe Iaso <me@xeiaso.net>

* fix(yeet): unbreak package builds

Signed-off-by: Xe Iaso <me@xeiaso.net>

---------

Signed-off-by: Jason Cameron <git@jasoncameron.dev>
Signed-off-by: Xe Iaso <me@xeiaso.net>
Co-authored-by: Xe Iaso <me@xeiaso.net>
2025-04-25 14:39:38 -04:00
Sandro
6858f66a62
Add check endpoint which can be used with nginx' auth_request function (#266)
* Add check endpoint which can be used with nginx' auth_request function

* feat(cmd): allow configuring redirect domains

* test: add test environment for the nginx_auth PR

This is a full local setup of the nginx_auth PR including HTTPS so that
it's easier to validate in isolation.

This requires an install of k3s (https://k3s.io) with traefik set to
listen on localhost. This will be amended in the future but for now this
works enough to ship it.

Signed-off-by: Xe Iaso <me@xeiaso.net>

* fix(cmd|lib): allow empty redirect domains variable

Signed-off-by: Xe Iaso <me@xeiaso.net>

* fix(test): add space to target variable in anubis container

Signed-off-by: Xe Iaso <me@xeiaso.net>

* docs(admin): rewrite subrequest auth docs, make generic

* docs(install): document REDIRECT_DOMAINS flag

Signed-off-by: Xe Iaso <me@xeiaso.net>

* feat(lib): clamp redirects to the same HTTP host

Only if REDIRECT_DOMAINS is not set.

Signed-off-by: Xe Iaso <me@xeiaso.net>

---------

Signed-off-by: Xe Iaso <me@xeiaso.net>
Co-authored-by: Xe Iaso <me@xeiaso.net>
2025-04-25 17:38:02 +00:00
Xe Iaso
a5d796c679
docs(install): note that Anubis needs certain paths proxied (#363)
Closes #310

Signed-off-by: Xe Iaso <me@xeiaso.net>
2025-04-25 17:32:29 +00:00
Xe Iaso
9b7bf8ee06
docs: update default difficulty to 4
Signed-off-by: Xe Iaso <me@xeiaso.net>
2025-04-21 17:41:22 -04:00
Xe Iaso
d40b5cfdab
lib: move config to yaml (#307)
* lib: move config to yaml

Signed-off-by: Xe Iaso <me@xeiaso.net>

* web: run go generate

Signed-off-by: Xe Iaso <me@xeiaso.net>

* Add Haiku to known instances (#304)

Signed-off-by: Asmodeus <46908100+AsmodeumX@users.noreply.github.com>

* Add headers bot rule (#300)

* Closes #291: add headers support to bot policy rules

* Fix config validator

* update docs for JSON -> YAML

Signed-off-by: Xe Iaso <me@xeiaso.net>

* docs: document http header based actions

Signed-off-by: Xe Iaso <me@xeiaso.net>

* lib: add missing test

Signed-off-by: Xe Iaso <me@xeiaso.net>

* Apply suggestions from code review

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Signed-off-by: Xe Iaso <me@xeiaso.net>

---------

Signed-off-by: Xe Iaso <me@xeiaso.net>
Signed-off-by: Asmodeus <46908100+AsmodeumX@users.noreply.github.com>
Co-authored-by: Asmodeus <46908100+AsmodeumX@users.noreply.github.com>
Co-authored-by: Neur0toxine <pashok9825@gmail.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
2025-04-21 00:09:27 +00:00
Snoweuph
022eb59ff3
feat(docs): added info on how to configure traefik (#255)
* feat(docs): added info on how to configure traefik

* docs/admin/config/traefik: typo fixes

Signed-off-by: Xe Iaso <me@xeiaso.net>

---------

Signed-off-by: Xe Iaso <me@xeiaso.net>
Co-authored-by: Xe Iaso <me@xeiaso.net>
2025-04-20 23:44:43 +00:00
Xe Iaso
75b97eb03d
docs/admin: break per-environment details into their own pages (#292)
Signed-off-by: Xe Iaso <me@xeiaso.net>
2025-04-19 12:29:36 -04:00
Xe Iaso
f5827721c3
docs/admin/installation: Apache documentation (#290)
* docs/admin/installation: Apache documentation

Closes #277

This adds step by step documentation for setting up Anubis in Apache.

* docs/admin/installation: add selinux troubleshooting

Signed-off-by: Xe Iaso <me@xeiaso.net>

---------

Signed-off-by: Xe Iaso <me@xeiaso.net>
2025-04-19 14:23:56 +00:00
Jeroen Massar
b20774d9a6
Docs: add nginx with Anubis in the middle configuration example (#282)
* Add documentation example for a NGINX configuration that demonstrates how to insert Anubis in the middle of a normal configuration.

Signed-off-by: Jeroen Massar <jeroen@massar.ch>

* Add changelog entry

Signed-off-by: Jeroen Massar <jeroen@massar.ch>

* docs/admin/installation: rephrasing and diagrams

Signed-off-by: Xe Iaso <me@xeiaso.net>

* docs/admin/installation: flatten down the nginx config

Signed-off-by: Xe Iaso <me@xeiaso.net>

* docs/admin/installation: other fixups and note the assumptions at play

Thanks @SuperSandro2000!

Signed-off-by: Xe Iaso <me@xeiaso.net>

---------

Signed-off-by: Jeroen Massar <jeroen@massar.ch>
Signed-off-by: Xe Iaso <me@xeiaso.net>
Co-authored-by: Xe Iaso <me@xeiaso.net>
2025-04-18 03:28:35 +00:00
eerielili
acce3604a4
Add variable WEBMASTER_EMAIL and if present, display it on error page (#235)
* Add variable WEBMASTER_EMAIL and if present, display it on error page

    - Adresses issue https://github.com/TecharoHQ/anubis/issues/115

* web: regenerate templates

Signed-off-by: Xe Iaso <me@xeiaso.net>

* update docs

Signed-off-by: Xe Iaso <me@xeiaso.net>

---------

Signed-off-by: Xe Iaso <me@xeiaso.net>
Co-authored-by: Xe Iaso <me@xeiaso.net>
2025-04-07 19:44:00 +00:00
Jason Cameron
77436207e6
feat: Add Open Graph tag support (#195)
* feat: Add Open Graph tag support (og-tags)

Signed-off-by: Jason Cameron <git@jasoncameron.dev>

* Fix: Prevent nil pointer dereference in test (og-tags)

Signed-off-by: Jason Cameron <git@jasoncameron.dev>

* feat!: Implement Open Graph tag caching and passthrough functionality (WIP)

I'm going to sleep. currently tags are passed to renderIndex.

see https://github.com/TecharoHQ/anubis/issues/131

Signed-off-by: Jason Cameron <git@jasoncameron.dev>

* feat: Add configuration for air tool with build and logger settings

Signed-off-by: Jason Cameron <git@jasoncameron.dev>

* feat: Move OG tags to base template (og-tags)

Moves the Open Graph (OG) tags from the index template to
the base template. This allows OG tags to be set on any
page, not just the index.  Also adds a
BaseWithOGTags function to the web package to allow
passing OG tags to the base template.  Removes the
ogTags parameter from the Index function and template.

Signed-off-by: Jason Cameron <git@jasoncameron.dev>

* Delete CHANGELOG.md

Signed-off-by: Jason Cameron <git@jasoncameron.dev>

* feat: Add language attribute to HTML tag in template

Signed-off-by: Jason Cameron <git@jasoncameron.dev>

* fix(tests):  Fix nil pointer ref

Signed-off-by: Jason Cameron <git@jasoncameron.dev>

* feat(og-tags): Add timeout to http client (og-tags)

Signed-off-by: Jason Cameron <git@jasoncameron.dev>

* style: fix line endings & indentation

Signed-off-by: Jason Cameron <git@jasoncameron.dev>

* style: add inspection comment for GoBoolExpressions in UnchangingCache

Signed-off-by: Jason Cameron <git@jasoncameron.dev>

* feat(og-tags): Implement Open Graph tag fetching and caching

Signed-off-by: Jason Cameron <git@jasoncameron.dev>

* fix(og-tags): Simplify Open Graph tag extraction logic

Signed-off-by: Jason Cameron <git@jasoncameron.dev>

* fix(og-tags): Add nil check in isOGMetaTag and enhance test cases

Signed-off-by: Jason Cameron <git@jasoncameron.dev>

* feat(og-tags): Add approved tags and prefixes for Open Graph extraction

Signed-off-by: Jason Cameron <git@jasoncameron.dev>

* test(og-tags): Update tests with approved tags and improve clarity

Signed-off-by: Jason Cameron <git@jasoncameron.dev>

* chore: Add changelog notes

Signed-off-by: Jason Cameron <git@jasoncameron.dev>

* fix: Improve stability of the target fetcher?

Signed-off-by: Jason Cameron <git@jasoncameron.dev>

* fix: Update template error handling and improve Open Graph tag integration

Signed-off-by: Jason Cameron <git@jasoncameron.dev>

* style: format files and remove deubg logs

Signed-off-by: Jason Cameron <git@jasoncameron.dev>

* feat: Credit CELPHASE for mascot design (og-tags)

Signed-off-by: Jason Cameron <git@jasoncameron.dev>

* feat: Credit CELPHASE for mascot design (og-tags)

Signed-off-by: Jason Cameron <git@jasoncameron.dev>

* feat: Allow twitter prefixed OG tags by default

Signed-off-by: Jason Cameron <git@jasoncameron.dev>

* chore: replace /tmp with /var

Signed-off-by: Jason Cameron <git@jasoncameron.dev>

* Update docs/docs/CHANGELOG.md

Co-authored-by: Xe Iaso <me@xeiaso.net>
Signed-off-by: Jason Cameron <jasoncameron.all@gmail.com>

* Update docs/docs/admin/configuration/open-graph.mdx

Co-authored-by: Xe Iaso <me@xeiaso.net>
Signed-off-by: Jason Cameron <jasoncameron.all@gmail.com>

* chore: add fediverse to default prefixes (#og-tags)

Signed-off-by: Jason Cameron <git@jasoncameron.dev>

* feat(og-tags): Remove og-query-distinct flag

This commit removes the `og-query-distinct` flag and
associated logic.  URLs with different query parameters
will now always be treated as the same cache key for Open
Graph tags.  This simplifies the caching logic and
improves performance.

Additionally, the http client used for fetching OG tags
is now a member of the OGTagCache struct, rather than a
global variable. This improves testability and allows
for more flexible configuration in the future.

Signed-off-by: Jason Cameron <git@jasoncameron.dev>

* Update docs/docs/admin/configuration/open-graph.mdx

Co-authored-by: Xe Iaso <me@xeiaso.net>
Signed-off-by: Jason Cameron <jasoncameron.all@gmail.com>

* docs: remove og tags references

Signed-off-by: Jason Cameron <git@jasoncameron.dev>

* refactor: rename url > u to not overlap package name

Signed-off-by: Jason Cameron <git@jasoncameron.dev>

* Update internal/ogtags/cache.go

Co-authored-by: Xe Iaso <me@xeiaso.net>
Signed-off-by: Jason Cameron <jasoncameron.all@gmail.com>

* Update internal/ogtags/cache.go

Co-authored-by: Xe Iaso <me@xeiaso.net>
Signed-off-by: Jason Cameron <jasoncameron.all@gmail.com>

* fix(tests): Don't use network when network access is disabled

Signed-off-by: Jason Cameron <git@jasoncameron.dev>

* Fix: Handle nil URL in GetOGTags (og-tags)

Signed-off-by: Jason Cameron <git@jasoncameron.dev>

* chore: sort installation docs alphabetically

Signed-off-by: Jason Cameron <git@jasoncameron.dev>

* fix(tests): validate that no duplicate requests are made

Signed-off-by: Jason Cameron <git@jasoncameron.dev>

* style(tests): remove unused ok var

Signed-off-by: Jason Cameron <git@jasoncameron.dev>

* docs: convert to table fmt

Signed-off-by: Jason Cameron <git@jasoncameron.dev>

* feat(og-tags): Enhance OG tag fetching and caching

Adds additional approved OG tags (`keywords`, `author`), improves

Signed-off-by: Jason Cameron <git@jasoncameron.dev>

* chore: update generated templ's after format

Signed-off-by: Jason Cameron <git@jasoncameron.dev>

* fix(tests): update integration_test.go to reflect the new behavior of fetchHTMLDocument

Signed-off-by: Jason Cameron <git@jasoncameron.dev>

* Revert "data/botPolicies: allow iMessage scraper by default (#178)"

This reverts commit 21a9d777

Signed-off-by: Jason Cameron <git@jasoncameron.dev>

* Fix: Simplify ogTags access in cache test.

Didn't know this was possible! wow!

Signed-off-by: Jason Cameron <git@jasoncameron.dev>

* Fix: Handle request timeouts when fetching OG tags (#og-tags)

Cache a nil result for half the TTL to avoid repeatedly
requesting a timed-out URL.

Signed-off-by: Jason Cameron <git@jasoncameron.dev>

* Fix: make OG tags passthrough option function.

Signed-off-by: Jason Cameron <git@jasoncameron.dev>

* Fix: Handle timeouts and non-200 responses when fetching OG tags (og-tags)

- Cache empty results for timeouts and non-200 status codes
  to avoid spamming the server.
- Use a non-nil empty map to represent empty results in the
  cache, as nil would be a cache miss.

Signed-off-by: Jason Cameron <git@jasoncameron.dev>

* feat(og-tags): switch to http.MaxBytesReader

Signed-off-by: Jason Cameron <git@jasoncameron.dev>

* chore(og-tags): add noindex, nofollow meta tag and update error line numbers

Signed-off-by: Jason Cameron <git@jasoncameron.dev>

---------

Signed-off-by: Jason Cameron <git@jasoncameron.dev>
Signed-off-by: Jason Cameron <jasoncameron.all@gmail.com>
Co-authored-by: Xe Iaso <me@xeiaso.net>
2025-04-06 20:02:12 -04:00
Xe Iaso
878b37178d
implement packaging proof of concept with yeet (#194)
* implement packaging proof of concept with yeet

Signed-off-by: Xe Iaso <me@xeiaso.net>

* docs/developer: add local dev docs for yeet

Signed-off-by: Xe Iaso <me@xeiaso.net>

* apply review feedback

Signed-off-by: Xe Iaso <me@xeiaso.net>

* build package artifacts in CI

Signed-off-by: Xe Iaso <me@xeiaso.net>

* tell CI to fetch all git metadata

Signed-off-by: Xe Iaso <me@xeiaso.net>

* rename package builds job

Signed-off-by: Xe Iaso <me@xeiaso.net>

* upload each package individually

Signed-off-by: Xe Iaso <me@xeiaso.net>

* split package build CI jobs

Signed-off-by: Xe Iaso <me@xeiaso.net>

* fix code injection?

Signed-off-by: Xe Iaso <me@xeiaso.net>

* fix ci?

Signed-off-by: Xe Iaso <me@xeiaso.net>

* fix security alert

Signed-off-by: Xe Iaso <me@xeiaso.net>

* docs/local-dev: point people to yeet v1.13.3

Signed-off-by: Xe Iaso <me@xeiaso.net>

---------

Signed-off-by: Xe Iaso <me@xeiaso.net>
2025-04-04 08:15:04 -04:00
Talya Connor
2b28439137
docs: document ED25519_PRIVATE_KEY_HEX_FILE (#186) 2025-03-31 22:35:51 -04:00
Henri Vasserman
57c3e9f1b2
Change how to make Anubis work without a reverse proxy (#86)
* Change how to make Anubis work without a reverse proxy

* Apply suggestions from code review

Co-authored-by: Xe Iaso <me@xeiaso.net>
Signed-off-by: Henri Vasserman <henv@hot.ee>

* add support for unix sockets.

* add env var docs

* lib: fix tests

Signed-off-by: Xe Iaso <me@xeiaso.net>

---------

Signed-off-by: Henri Vasserman <henv@hot.ee>
Signed-off-by: Xe Iaso <me@xeiaso.net>
Co-authored-by: Xe Iaso <me@xeiaso.net>
2025-03-28 13:38:34 -04:00
Xe Iaso
7d4be0dcec
Apply bits of the cookie settings PR one by one (#140)
Enables uses to change the cookie domain and partitioned flags.

Signed-off-by: Xe Iaso <me@xeiaso.net>
2025-03-27 15:24:03 -04:00
Xe Iaso
ecc6b47f90
Revert "lib/anubis: support setting extended cookie flags (#120)" (#134)
This reverts commit e7cbd349f3.
2025-03-26 20:50:54 -04:00
Xe Iaso
e7cbd349f3
lib/anubis: support setting extended cookie flags (#120)
* lib/anubis: support setting extended cookie flags

Signed-off-by: Xe Iaso <me@xeiaso.net>

* lib: use cookie name consistently

Signed-off-by: Xe Iaso <me@xeiaso.net>

---------

Signed-off-by: Xe Iaso <me@xeiaso.net>
2025-03-26 19:04:18 -04:00
Xe Iaso
4155719422
cmd/anubis: allow setting key bytes in flag/envvar (#97)
* cmd/anubis: allow setting key bytes in flag/envvar

Docs are updated to generate a random key on load and when people press
the recycle button.

Signed-off-by: Xe Iaso <me@xeiaso.net>

* review feedback fixups

Signed-off-by: Xe Iaso <me@xeiaso.net>

* Update cmd/anubis/main.go

Signed-off-by: Xe Iaso <me@xeiaso.net>

* Apply suggestions from code review

Co-authored-by: Ryan Cao <70191398+ryanccn@users.noreply.github.com>
Signed-off-by: Xe Iaso <me@xeiaso.net>

---------

Signed-off-by: Xe Iaso <me@xeiaso.net>
Co-authored-by: Ryan Cao <70191398+ryanccn@users.noreply.github.com>
2025-03-25 17:02:48 -04:00
soopyc
18cd8a66a2
docs: minor updates (#98)
* use _ instead of * for italicized text by convention

* remove mention of the `anubis` tag from /x/
2025-03-23 23:49:12 -04:00
Christian F. Coors
15d801be7d
fix: installation instructions and example (#75) 2025-03-22 07:45:32 -04:00
soopyc
1c00431098
general unix domain sockets support (#45)
* feat: allow binding to unix domain sockets

this is useful when the user does not want to expose more tcp ports than
needed. also simplifes configuration in some situation, like with nixos
modules as the socket paths can be automatically configured.

docs updated with additional configuration flags.

Signed-off-by: Cassie Cheung <me@soopy.moe>

* feat: graceful shutdown and cleanup on signal

this is needed to clean up left-over unix sockets, else on the next boot
listener panics with `address already in use`.

Co-authored-by: cat <cat@gensokyo.uk>
Signed-off-by: Cassie Cheung <me@soopy.moe>

* feat: support unix socket upstream targets

adds support for proxying unix socket upstreams, essentially allowing
anubis to run without listening on tcp sockets at all*.

*for metrics, neither prometheus and victoriametrics supports scraping
from unix sockets. if metrics are desired, tcp sockets are still needed.

Co-authored-by: cat <cat@gensokyo.uk>
Signed-off-by: Cassie Cheung <me@soopy.moe>

* docs: add changelog entry

---------

Signed-off-by: Cassie Cheung <me@soopy.moe>
Co-authored-by: cat <cat@gensokyo.uk>
2025-03-21 10:58:05 -04:00