Jason Cameron
e2b46fc5e7
perf: Replace internal SHA256 hashing with xxhash for 4-6x performance improvement ( #676 )
...
* perf(internal): Use FastHash for internal hashing
docs: Add xxhash performance improvement to changelog entry
feat(hash): Add fast non-cryptographic hash function
Signed-off-by: Jason Cameron <git@jasoncameron.dev>
* test(hash): add xxhash benchmarks and collision tests
Signed-off-by: Jason Cameron <git@jasoncameron.dev>
* Update metadata
check-spelling run (pull_request) for json/hash
Signed-off-by: check-spelling-bot <check-spelling-bot@users.noreply.github.com>
on-behalf-of: @check-spelling <check-spelling-bot@check-spelling.dev>
---------
Signed-off-by: Jason Cameron <git@jasoncameron.dev>
Signed-off-by: check-spelling-bot <check-spelling-bot@users.noreply.github.com>
2025-06-16 22:53:53 -04:00
Xe Iaso
e3826df3ab
feat: implement a client for Thoth, the IP reputation database for Anubis ( #637 )
...
* feat(internal): add Thoth client and simple ASN checker
Signed-off-by: Xe Iaso <me@xeiaso.net>
* feat(thoth): cached ip to asn checker
Signed-off-by: Xe Iaso <me@xeiaso.net>
* chore: go mod tidy
Signed-off-by: Xe Iaso <me@xeiaso.net>
* fix(thoth): minor testing fixups, ensure ASNChecker is Checker
Signed-off-by: Xe Iaso <me@xeiaso.net>
* feat(thoth): make ASNChecker instances
Signed-off-by: Xe Iaso <me@xeiaso.net>
* feat(thoth): add GeoIP checker
Signed-off-by: Xe Iaso <me@xeiaso.net>
* feat(thoth): store a thoth client in a context
Signed-off-by: Xe Iaso <me@xeiaso.net>
* chore: refactor Checker type to its own package
Signed-off-by: Xe Iaso <me@xeiaso.net>
* test(thoth): add thoth mocking package, ignore context deadline exceeded errors
Signed-off-by: Xe Iaso <me@xeiaso.net>
* feat(thoth): pre-cache private ranges
Signed-off-by: Xe Iaso <me@xeiaso.net>
* feat(lib/policy/config): enable thoth ASNs and GeoIP checker parsing
Signed-off-by: Xe Iaso <me@xeiaso.net>
* chore(thoth): refactor to move checker creation to the checker files
Signed-off-by: Xe Iaso <me@xeiaso.net>
* feat(policy): enable thoth checks
Signed-off-by: Xe Iaso <me@xeiaso.net>
* feat(thothmock): test helper function for loading a mock thoth instance
Signed-off-by: Xe Iaso <me@xeiaso.net>
* feat: wire up Thoth, make thoth checks part of the default config
Signed-off-by: Xe Iaso <me@xeiaso.net>
* chore: spelling
Signed-off-by: Xe Iaso <me@xeiaso.net>
* fix(thoth): mend staticcheck errors
Signed-off-by: Xe Iaso <me@xeiaso.net>
* docs(admin): add Thoth docs
Signed-off-by: Xe Iaso <me@xeiaso.net>
* chore(policy): update Thoth links in error messages
Signed-off-by: Xe Iaso <me@xeiaso.net>
* docs: update CHANGELOG
Signed-off-by: Xe Iaso <me@xeiaso.net>
* chore: spelling
Signed-off-by: Xe Iaso <me@xeiaso.net>
* chore(docs/manifest): enable Thoth
Signed-off-by: Xe Iaso <me@xeiaso.net>
* chore: add THOTH_INSECURE for contacting Thoth over plain TCP in extreme circumstances
Signed-off-by: Xe Iaso <me@xeiaso.net>
* test(thoth): use mock thoth when credentials aren't detected in the environment
Signed-off-by: Xe Iaso <me@xeiaso.net>
* chore: spelling
Signed-off-by: Xe Iaso <me@xeiaso.net>
* fix(cmd/anubis): better warnings for half-configured Thoth setups
Signed-off-by: Xe Iaso <me@xeiaso.net>
* docs(botpolicies): link to Thoth geoip docs
Signed-off-by: Xe Iaso <me@xeiaso.net>
---------
Signed-off-by: Xe Iaso <me@xeiaso.net>
2025-06-16 11:57:32 -04:00
dependabot[bot]
e5455c02d8
build(deps): bump the github-actions group with 3 updates ( #666 )
...
Bumps the github-actions group with 3 updates: [docker/login-action](https://github.com/docker/login-action ), [actions/attest-build-provenance](https://github.com/actions/attest-build-provenance ) and [github/codeql-action](https://github.com/github/codeql-action ).
Updates `docker/login-action` from 3.0.0 to 3.4.0
- [Release notes](https://github.com/docker/login-action/releases )
- [Commits](https://github.com/docker/login-action/compare/v3...74a5d142397b4f367a81961eba4e8cd7edddf772 )
Updates `actions/attest-build-provenance` from 2.3.0 to 2.4.0
- [Release notes](https://github.com/actions/attest-build-provenance/releases )
- [Changelog](https://github.com/actions/attest-build-provenance/blob/main/RELEASE.md )
- [Commits](db473fddc0...e8998f9491https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](fca7ace96b...ce28f5bb42
2025-06-15 21:13:56 -04:00
Jason Cameron
e0781e4560
feat: add robots2policy CLI to convert robots.txt to Anubis CEL ( #657 )
...
* feat: add robots2policy CLI utility to convert robots.txt to Anubis challenge policies
* feat: add documentation for robots2policy CLI tool
* feat: implement crawl delay handling as weight adjustment in Anubis rules
* feat: add various robots.txt and YAML configurations for user agent handling and crawl delays
* test: add comprehensive tests for robots2policy conversion and parsing
* fix: update example URL in usage instructions for robots2policy CLI
* Update metadata
check-spelling run (pull_request) for json/robots2policycli
Signed-off-by: check-spelling-bot <check-spelling-bot@users.noreply.github.com>
on-behalf-of: @check-spelling <check-spelling-bot@check-spelling.dev>
* docs: add crawl delay weight adjustment and deny user agents option to robots2policy CLI
* Update cmd/robots2policy/main.go
Co-authored-by: Xe Iaso <me@xeiaso.net>
Signed-off-by: Jason Cameron <jasoncameron.all@gmail.com>
* Update cmd/robots2policy/main.go
Co-authored-by: Xe Iaso <me@xeiaso.net>
Signed-off-by: Jason Cameron <jasoncameron.all@gmail.com>
* fix(robots2policy): use sigs.k8s.io/yaml
Signed-off-by: Xe Iaso <me@xeiaso.net>
* feat(config): properly marshal bot policy rules
Signed-off-by: Xe Iaso <me@xeiaso.net>
* chore(yeetfile): expose robots2policy in libexec
Signed-off-by: Xe Iaso <me@xeiaso.net>
* fix(yeetfile): put robots2policy in $PATH
Signed-off-by: Xe Iaso <me@xeiaso.net>
* Update metadata
check-spelling run (pull_request) for json/robots2policycli
Signed-off-by: check-spelling-bot <check-spelling-bot@users.noreply.github.com>
on-behalf-of: @check-spelling <check-spelling-bot@check-spelling.dev>
* style: reorder imports
* refactor: use preexisting structs in config
* fix: correct flag check in main function
* fix: reorder fields in AnubisRule struct for better alignment
* style: improve alignment of struct fields in AnubisRule and OGTagCache
* Update metadata
check-spelling run (pull_request) for json/robots2policycli
Signed-off-by: check-spelling-bot <check-spelling-bot@users.noreply.github.com>
on-behalf-of: @check-spelling <check-spelling-bot@check-spelling.dev>
* fix: add validation for generated Anubis rules from robots.txt
* feat: add batch processing for robots.txt files to generate Anubis CEL policies
* fix: improve usage message and error handling for input file requirement
* refactor: update AnubisRule structure to use ExpressionOrList for improved expression handling
* refactor: reorganize policy definitions in YAML files for consistency and clarity
* fix: correct indentation in blacklist and complex YAML files for consistency
* test: enhance output comparison in robots2policy tests for YAML and JSON formats
* Revert "fix: improve usage message and error handling for input file requirement"
This reverts commit ddcde1f2a326545d3ef2ec32e5e03f55f4f931a8.
* fix: improve usage message and error handling in robots2policy
Signed-off-by: Jason Cameron <git@jasoncameron.dev>
---------
Signed-off-by: check-spelling-bot <check-spelling-bot@users.noreply.github.com>
Signed-off-by: Jason Cameron <jasoncameron.all@gmail.com>
Signed-off-by: Xe Iaso <me@xeiaso.net>
Signed-off-by: Jason Cameron <git@jasoncameron.dev>
Co-authored-by: Xe Iaso <me@xeiaso.net>
2025-06-14 23:41:00 -04:00
Jason Cameron
2904ff974b
refactor(ogtags): optimize URL construction and memory allocations ( #647 )
...
* refactor(ogtags): optimize URL construction and memory allocations
* test(ogtags): add benchmarks and memory usage tests for OGTagCache
* refactor(ogtags): optimize OGTags subsystem to reduce allocations and improve request runtime by up to 66%
* Update docs/docs/CHANGELOG.md
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Signed-off-by: Jason Cameron <jasoncameron.all@gmail.com>
* refactor(ogtags): optimize URL string construction to reduce allocations
* Update internal/ogtags/ogtags.go
Co-authored-by: Xe Iaso <me@xeiaso.net>
Signed-off-by: Jason Cameron <jasoncameron.all@gmail.com>
* test(ogtags): add fuzz tests for getTarget and extractOGTags functions
* fix(ogtags): update memory calculation logic
Prev it would say that we had allocated 18pb
=== RUN TestMemoryUsage
mem_test.go:107: Memory allocated for 10k getTarget calls: 18014398509481904.00 KB
mem_test.go:135: Memory allocated for 1k extractOGTags calls: 18014398509481978.00
Now it's fixed with
=== RUN TestMemoryUsage
mem_test.go:109: Memory allocated for 10k getTarget calls:
mem_test.go:110: Total: 630.56 KB (0.62 MB)
mem_test.go:111: Per operation: 64.57 bytes
mem_test.go:140: Memory allocated for 1k extractOGTags calls:
mem_test.go:141: Total: 328.17 KB (0.32 MB)
mem_test.go:142: Per operation: 336.05 bytes
* refactor(ogtags): optimize meta tag extraction for improved performance
* Update metadata
check-spelling run (pull_request) for json/ogmem
Signed-off-by: check-spelling-bot <check-spelling-bot@users.noreply.github.com>
on-behalf-of: @check-spelling <check-spelling-bot@check-spelling.dev>
* chore: update CHANGELOG for recent optimizations and version bump
* refactor: improve URL construction and meta tag extraction logic
* style: cleanup fuzz tests
---------
Signed-off-by: Jason Cameron <jasoncameron.all@gmail.com>
Signed-off-by: check-spelling-bot <check-spelling-bot@users.noreply.github.com>
Signed-off-by: Jason Cameron <git@jasoncameron.dev>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Xe Iaso <me@xeiaso.net>
2025-06-13 09:53:10 -04:00
Jason Cameron
60ba8e9557
fix(ci): conditionally run SSH jobs for TecharoHQ/anubis repository ( #654 )
...
Signed-off-by: Jason Cameron <git@jasoncameron.dev>
2025-06-11 21:18:43 +00:00
Xe Iaso
d1452b6d39
test(ssh-ci): re-enable GOARCH=ppc64le ( #651 )
...
This reverts commit 5e95da6b6c
2025-06-11 14:01:48 -04:00
Xe Iaso
5e95da6b6c
test(ssh-ci): disable GOARCH=ppc64le for now
...
Signed-off-by: Xe Iaso <me@xeiaso.net>
2025-06-11 12:58:32 -04:00
Xe Iaso
f5140ae57b
test: introduce SSH based CI for non-native test hosts ( #644 )
...
* feat: ssh based CI
Signed-off-by: Xe Iaso <me@xeiaso.net>
* test: implement SSH ci with caches and github actions
Signed-off-by: Xe Iaso <me@xeiaso.net>
* test(ssh-ci): fix known hosts secret
Signed-off-by: Xe Iaso <me@xeiaso.net>
* test(ssh-ci): clone the repo, that's important
Signed-off-by: Xe Iaso <me@xeiaso.net>
* chore: spelling
Signed-off-by: Xe Iaso <me@xeiaso.net>
* test(ssh-ci): speed up ci by prebaking the SSH CI image
Signed-off-by: Xe Iaso <me@xeiaso.net>
* test(ssh-ci): set -euo
Signed-off-by: Xe Iaso <me@xeiaso.net>
* test(ssh-ci): enable pull_request_target so things work
Signed-off-by: Xe Iaso <me@xeiaso.net>
* chore: spelling
Signed-off-by: Xe Iaso <me@xeiaso.net>
* test(ssh-ci): oh goody it's broken
Signed-off-by: Xe Iaso <me@xeiaso.net>
* test(ssh-ci): add cronjob to rebuild ci runner image
Signed-off-by: Xe Iaso <me@xeiaso.net>
* test(ssh-ci): also run yeet
Signed-off-by: Xe Iaso <me@xeiaso.net>
* test(ssh-ci): force git version for yeet
Signed-off-by: Xe Iaso <me@xeiaso.net>
* test(ssh-ci): run set -x in the container
Signed-off-by: Xe Iaso <me@xeiaso.net>
* test(ssh-ci): fix yeet?
Signed-off-by: Xe Iaso <me@xeiaso.net>
* test(ssh-ci): remove yeet for now
Signed-off-by: Xe Iaso <me@xeiaso.net>
* test(ssh-ci): disable for PRs for now
Signed-off-by: Xe Iaso <me@xeiaso.net>
---------
Signed-off-by: Xe Iaso <me@xeiaso.net>
2025-06-11 12:50:01 -04:00
Xe Iaso
c638653172
feat(lib): implement request weight ( #621 )
...
* feat(lib): implement request weight
Replaces #608
This is a big one and will be what makes Anubis a generic web
application firewall. This introduces the WEIGH option, allowing
administrators to have facets of request metadata add or remove
"weight", or the level of suspicion. This really makes Anubis weigh
the soul of requests.
Signed-off-by: Xe Iaso <me@xeiaso.net>
* fix(lib): maintain legacy challenge behavior
Signed-off-by: Xe Iaso <me@xeiaso.net>
* fix(lib): make weight have dedicated checkers for the hashes
Signed-off-by: Xe Iaso <me@xeiaso.net>
* feat(data): convert some rules over to weight points
Signed-off-by: Xe Iaso <me@xeiaso.net>
* docs: document request weight
Signed-off-by: Xe Iaso <me@xeiaso.net>
* fix(CHANGELOG): spelling error
Signed-off-by: Xe Iaso <me@xeiaso.net>
* chore: spelling
Signed-off-by: Xe Iaso <me@xeiaso.net>
* docs: fix links to challenge information
Signed-off-by: Xe Iaso <me@xeiaso.net>
* docs(policies): fix formatting
Signed-off-by: Xe Iaso <me@xeiaso.net>
* fix(config): make default weight adjustment 5
Signed-off-by: Xe Iaso <me@xeiaso.net>
---------
Signed-off-by: Xe Iaso <me@xeiaso.net>
2025-06-09 15:25:04 -04:00
Fierelier
0fe46b48cf
Make progress bar styling more compatible (UXP, etc) ( #636 )
...
* Make progress bar styling more compatible (UXP, etc)
* Add 'Make progress bar styling more compatible (UXP, etc)'
* chore: spelling
Signed-off-by: Xe Iaso <me@xeiaso.net>
---------
Signed-off-by: Xe Iaso <me@xeiaso.net>
Co-authored-by: Fierelier <fier@airmail.cc>
Co-authored-by: Xe Iaso <me@xeiaso.net>
2025-06-09 12:19:38 -04:00
dependabot[bot]
6594ae0eef
build(deps): bump github/codeql-action in the github-actions group ( #635 )
...
Bumps the github-actions group with 1 update: [github/codeql-action](https://github.com/github/codeql-action ).
Updates `github/codeql-action` from 3.28.18 to 3.28.19
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](ff0a06e83c...fca7ace96b
2025-06-09 08:56:41 -04:00
Xe Iaso
4ac59c3a79
feat(lib/challenge): HTTP meta refresh challenge method ( #623 )
...
* feat(lib/challenge): HTTP meta refresh challenge method
Closes #95
This challenge method enables users that don't (or won't) support
JavaScript to pass Anubis challenges. It works by using HTML meta
refresh directives to ensure that the client is a browser.
This is OFF by default. In order to enable it, an administrator MUST
choose to make the default challenge method `metarefresh`.
TODO(Xe):
- [ ] Documentation on this challenge method
- [ ] Amend wording around Anubis being a proof of work proxy in the docs
- [ ] Add configuration file syntax for the default challenge method and settings
- [ ] Test with early customers
Signed-off-by: Xe Iaso <me@xeiaso.net>
* chore: spelling
Signed-off-by: Xe Iaso <me@xeiaso.net>
* fix(lib/challenge/metarefresh): use this value of err
Signed-off-by: Xe Iaso <me@xeiaso.net>
* docs: add metarefresh challenge info, Web AI Firewall Utility
Signed-off-by: Xe Iaso <me@xeiaso.net>
---------
Signed-off-by: Xe Iaso <me@xeiaso.net>
2025-06-06 21:18:55 -04:00
foosinn
9f1d791991
docs(subrequest-auth): document required policy changes ( #613 )
...
* docs(subrequest-auth): document required policy changes
Signed-off-by: foosinn <foosinn@f2o.io>
* chore: spelling
Signed-off-by: Xe Iaso <me@xeiaso.net>
---------
Signed-off-by: foosinn <foosinn@f2o.io>
Signed-off-by: Xe Iaso <me@xeiaso.net>
Co-authored-by: Xe Iaso <me@xeiaso.net>
2025-06-05 16:53:18 -04:00
Markus Sommer
76fa3e01a5
docs(known-instances): add Alliance of Hessian Libraries ( #611 )
...
Signed-off-by: Markus Sommer <markus@splork.de>
2025-06-04 02:03:57 +00:00
dependabot[bot]
ec73bcbaf1
build(deps): bump docker/build-push-action in the github-actions group ( #602 )
...
Bumps the github-actions group with 1 update: [docker/build-push-action](https://github.com/docker/build-push-action ).
Updates `docker/build-push-action` from 6.17.0 to 6.18.0
- [Release notes](https://github.com/docker/build-push-action/releases )
- [Commits](1dc7386353...263435318d
2025-06-01 23:39:05 -04:00
Corry Haines
de7dbfe6d6
Split up AI filtering files ( #592 )
...
* Split up AI filtering files
Create aggressive/moderate/permissive policies to allow administrators to choose their AI/LLM stance.
Aggressive policy matches existing default in Anubis.
Removes `Google-Extended` flag from `ai-robots-txt.yaml` as it doesn't exist in requests.
Rename `ai-robots-txt.yaml` to `ai-catchall.yaml` as the file is no longer a copy of the source repo/file.
* chore: spelling
* chore: fix embeds
* chore: fix data includes
* chore: fix file name typo
* chore: Ignore READMEs in configs
* chore(lib/policy/config): go tool goimports -w
Signed-off-by: Xe Iaso <me@xeiaso.net>
---------
Signed-off-by: Xe Iaso <me@xeiaso.net>
Co-authored-by: Xe Iaso <me@xeiaso.net>
2025-06-01 20:21:18 +00:00
Corry Haines
0d9ebebff6
Opt-in policies for OpenAI and MistralAI bots ( #590 )
...
* Define OpenAI bot ALLOW policies
Allows OpenAI bots to be allowlisted at the choice of the Anubis administrator. None are enabled by default.
* Define MistralAI bot ALLOW policy
* chore: spelling
2025-05-31 16:48:57 -04:00
Corry Haines
68a71c6a99
Add Applebot definition ( #589 )
...
* Add Applebot definition
Adds Apple's search indexing bot, and allowlists it by default.
Allowlisted by default because it is equivalent to Googlebot/Bingbot. Remove Applebot from `ai-robots-txt.yaml` for the same reasons.
Remove `Applebot-Extended` from `ai-robots-txt.yaml` as it has no effect.
* chore: spelling
Signed-off-by: Xe Iaso <me@xeiaso.net>
---------
Signed-off-by: Xe Iaso <me@xeiaso.net>
Co-authored-by: Xe Iaso <me@xeiaso.net>
2025-05-31 10:18:32 -04:00
jordigh
9ba10262e3
add Weblate to known-instances.md ( #571 )
...
Signed-off-by: jordigh <jordigh@octave.org>
2025-05-28 00:03:04 +00:00
dependabot[bot]
a28a3d155a
build(deps): bump astral-sh/setup-uv in the github-actions group ( #558 )
...
Bumps the github-actions group with 1 update: [astral-sh/setup-uv](https://github.com/astral-sh/setup-uv ).
Updates `astral-sh/setup-uv` from 6.0.1 to 6.1.0
- [Release notes](https://github.com/astral-sh/setup-uv/releases )
- [Commits](6b9c6063ab...f0ec1fc3b3
2025-05-27 11:12:31 -04:00
James Renken
6f08bcb481
feat: add TARGET_SNI to allow overriding the TLS handshake hostname when forwarding requests ( #529 )
...
* feat: add TARGET_SNI to allow overriding the TLS handshake hostname when forwarding requests
* chore: spelling
Signed-off-by: Xe Iaso <me@xeiaso.net>
---------
Signed-off-by: Xe Iaso <me@xeiaso.net>
Co-authored-by: Xe Iaso <me@xeiaso.net>
2025-05-23 16:27:35 +00:00
Dryusdan
11081aac08
Bump AI-robots.txt rules to version 1.31 ( #538 )
...
* Bump AI-robots.txt rules to version 1.31
* chore: spelling
Signed-off-by: Xe Iaso <me@xeiaso.net>
---------
Signed-off-by: Xe Iaso <me@xeiaso.net>
Co-authored-by: Xe Iaso <me@xeiaso.net>
2025-05-23 16:15:12 +00:00
Nathan Price
c78d830ecb
docs/docs/admin/native-install.mdx: correct the path for the default configuration file installation ( #535 )
...
Using the native-install instructions, default.env was installed as /etc/anubis rather than /etc/anubis/default.env
2025-05-22 18:34:06 +00:00
dependabot[bot]
7b8953303d
build(deps): bump the github-actions group with 4 updates ( #523 )
...
Bumps the github-actions group with 4 updates: [docker/build-push-action](https://github.com/docker/build-push-action ), [actions-hub/kubectl](https://github.com/actions-hub/kubectl ), [check-spelling/check-spelling](https://github.com/check-spelling/check-spelling ) and [github/codeql-action](https://github.com/github/codeql-action ).
Updates `docker/build-push-action` from 6.16.0 to 6.17.0
- [Release notes](https://github.com/docker/build-push-action/releases )
- [Commits](14487ce63c...1dc7386353https://github.com/actions-hub/kubectl/releases )
- [Commits](e81783053d...f632a31512https://github.com/check-spelling/check-spelling/releases )
- [Commits](67debf5066...c635c2f3f7https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](60168efe1c...ff0a06e83c
2025-05-19 00:35:59 +00:00
Xe Iaso
50e030d17e
chore(docs/deploy): move to new cluster ( #519 )
...
* chore(docs/deploy): move to new cluster
Signed-off-by: Xe Iaso <me@xeiaso.net>
* chore: spelling
Signed-off-by: Xe Iaso <me@xeiaso.net>
---------
Signed-off-by: Xe Iaso <me@xeiaso.net>
2025-05-18 20:25:12 +00:00
Xe Iaso
b640c567da
feat(lib): ensure that clients store cookies ( #501 )
...
* feat(lib): ensure that clients store cookies
If a client is misconfigured and does not store cookies, then they can
get into a proof of work death spiral with Anubis. This fixes the
problem by setting a test cookie whenever the user gets hit with a
challenge page. If the test cookie is not there at challenge pass time,
then they are blocked. Administrators will also get a log message
explaining that the user intentionally broke cookie support and that this
behavior is not an Anubis bug.
Additionally, this ensures that clients being shown a challenge support
gzip-compressed responses by showing the challenge page at gzip level 1.
This level is intentionally chosen in order to minimize system impacts.
The ClearCookie function is made more generic to account for cookie
names as an argument. A correlating SetCookie function was also added to
make it easier to set cookies.
* chore(lib): clean up test code
Signed-off-by: Xe Iaso <me@xeiaso.net>
---------
Signed-off-by: Xe Iaso <me@xeiaso.net>
2025-05-16 13:03:40 -04:00
Dryusdan
9e9982ab5d
feat(apps): Make SASL login work on bookstack with Anubis ( #502 )
...
* Make SASL login work on bookstack with Anubis
* chore: spelling
Signed-off-by: Xe Iaso <me@xeiaso.net>
---------
Signed-off-by: Xe Iaso <me@xeiaso.net>
Co-authored-by: Xe Iaso <me@xeiaso.net>
2025-05-16 17:01:34 +00:00
Xe Iaso
3b98368aa9
feat(apps): add SearXNG instance tracker policy and Qualys Labs SSL testing rules ( #512 )
...
* feat(apps): add SearXNG instance tracker policy
* feat(apps): add Qualys SSL Labs policy
* chore: spelling
Signed-off-by: Xe Iaso <me@xeiaso.net>
---------
Signed-off-by: Xe Iaso <me@xeiaso.net>
Co-authored-by: hyperdefined <contact@hyper.lol>
2025-05-16 16:59:15 +00:00
Xe Iaso
91c21fbb4b
docs: add HTMX workaround ( #511 )
...
* docs: add HTMX workaround
Signed-off-by: Xe Iaso <me@xeiaso.net>
* chore: spelling
Signed-off-by: Xe Iaso <me@xeiaso.net>
---------
Signed-off-by: Xe Iaso <me@xeiaso.net>
2025-05-16 16:37:39 +00:00
Xe Iaso
d51b7ec0aa
chore(spelling): add weblate
...
Signed-off-by: Xe Iaso <me@xeiaso.net>
2025-05-13 10:04:30 -04:00
Jason Cameron
659b577e0e
feat(ci): use dynamic repository owner and name in Docker actions ( #487 )
...
* feat(ci): use dynamic repository owner and name in Docker actions
Signed-off-by: Jason Cameron <git@jasoncameron.dev>
* feat(ci): support forks
Signed-off-by: Jason Cameron <git@jasoncameron.dev>
* feat(ci): support forks
Signed-off-by: Jason Cameron <git@jasoncameron.dev>
* feat(ci): add debug output for Docker repository information
Signed-off-by: Jason Cameron <git@jasoncameron.dev>
* feat(ci): update Docker image naming convention in workflow
Signed-off-by: Jason Cameron <git@jasoncameron.dev>
* feat(ci): set lowercase image name in Docker workflow
Signed-off-by: Jason Cameron <git@jasoncameron.dev>
* feat(ci): remove json/gha branch from Docker workflow triggers
Signed-off-by: Jason Cameron <git@jasoncameron.dev>
* feat(ci): simplify Docker registry configuration in workflow
Signed-off-by: Jason Cameron <git@jasoncameron.dev>
---------
Signed-off-by: Jason Cameron <git@jasoncameron.dev>
2025-05-09 20:18:53 -04:00
Xe Iaso
a0805cad16
chore(go.mod): move yeet to be a go tool ( #485 )
...
This means that yeet's version will be managed by `go.mod` and
auto-bumped with dependabot. This removes human error from the equation
and ensures that Anubis is always built with the newest version of yeet.
This also makes it trivial to make your own local packages for testing:
```text
go tool yeet
```
Signed-off-by: Xe Iaso <me@xeiaso.net>
2025-05-09 18:33:44 +00:00
Henri Vasserman
22ada6251f
test(playwright): Add Docker and Podman support ( #433 )
...
* test(playwright): Add support to run tests in Docker/Podman
* fix command name
Co-authored-by: Xe Iaso <me@xeiaso.net>
Signed-off-by: Henri Vasserman <henv@hot.ee>
* up the pw version as it is in package.json
* add convenience npm scripts
* chore: changelog update
Also removed a period from my other item.
* chore: fix spelling
Signed-off-by: Xe Iaso <me@xeiaso.net>
---------
Signed-off-by: Henri Vasserman <henv@hot.ee>
Signed-off-by: Xe Iaso <me@xeiaso.net>
Co-authored-by: Xe Iaso <me@xeiaso.net>
2025-05-09 13:58:55 -04:00
Xe Iaso
092b80ba55
ci(check-spelling): allow release names in spelling allowlists ( #483 )
...
Signed-off-by: Xe Iaso <me@xeiaso.net>
2025-05-09 17:22:26 +00:00
Josh Soref
39dc3c0317
ci: add check-spelling ( #462 )
...
This is a basic spell checker to make sure words are spelled correctly.
Signed-off-by: Xe Iaso <me@xeiaso.net>
Co-authored-by: Xe Iaso <me@xeiaso.net>
2025-05-09 17:02:41 +00:00
dependabot[bot]
2e54e839f1
build(deps): bump the gomod group across 1 directory with 4 updates ( #457 )
...
* build(deps): bump the gomod group across 1 directory with 4 updates
Bumps the gomod group with 4 updates in the / directory: [github.com/a-h/templ](https://github.com/a-h/templ ), [github.com/playwright-community/playwright-go](https://github.com/playwright-community/playwright-go ), [golang.org/x/net](https://github.com/golang/net ) and [k8s.io/apimachinery](https://github.com/kubernetes/apimachinery ).
Updates `github.com/a-h/templ` from 0.3.857 to 0.3.865
- [Release notes](https://github.com/a-h/templ/releases )
- [Changelog](https://github.com/a-h/templ/blob/main/.goreleaser.yaml )
- [Commits](https://github.com/a-h/templ/compare/v0.3.857...v0.3.865 )
Updates `github.com/playwright-community/playwright-go` from 0.5101.0 to 0.5200.0
- [Release notes](https://github.com/playwright-community/playwright-go/releases )
- [Commits](https://github.com/playwright-community/playwright-go/compare/v0.5101.0...v0.5200.0 )
Updates `golang.org/x/net` from 0.39.0 to 0.40.0
- [Commits](https://github.com/golang/net/compare/v0.39.0...v0.40.0 )
Updates `k8s.io/apimachinery` from 0.32.3 to 0.33.0
- [Commits](https://github.com/kubernetes/apimachinery/compare/v0.32.3...v0.33.0 )
---
updated-dependencies:
- dependency-name: github.com/a-h/templ
dependency-version: 0.3.865
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: gomod
- dependency-name: github.com/playwright-community/playwright-go
dependency-version: 0.5200.0
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: gomod
- dependency-name: golang.org/x/net
dependency-version: 0.40.0
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: gomod
- dependency-name: k8s.io/apimachinery
dependency-version: 0.33.0
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: gomod
...
Signed-off-by: dependabot[bot] <support@github.com>
* chore: go mod tidy && npm run assets
Signed-off-by: Xe Iaso <me@xeiaso.net>
* ci: use playwright managed by npm
Signed-off-by: Xe Iaso <me@xeiaso.net>
---------
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Xe Iaso <me@xeiaso.net>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Xe Iaso <me@xeiaso.net>
2025-05-07 17:48:10 -04:00
Xe Iaso
3701b2bc3d
ci(go): fix govulncheck ( #464 )
...
Signed-off-by: Xe Iaso <me@xeiaso.net>
2025-05-07 13:42:28 +00:00
Xe Iaso
16412a8bf9
ci: add govulncheck ( #456 )
...
This is intended to catch low-hanging fruit.
Signed-off-by: Xe Iaso <me@xeiaso.net>
2025-05-06 14:07:55 +00:00
Patrick Linnane
3b50b4c6c0
zizmor: add config file to silence unpinned-uses of Homebrew/actions ( #441 )
2025-05-05 01:22:36 +00:00
dependabot[bot]
8ee0529321
build(deps): bump the github-actions group with 3 updates ( #439 )
...
Bumps the github-actions group with 3 updates: [actions/attest-build-provenance](https://github.com/actions/attest-build-provenance ), [astral-sh/setup-uv](https://github.com/astral-sh/setup-uv ) and [github/codeql-action](https://github.com/github/codeql-action ).
Updates `actions/attest-build-provenance` from 2.2.3 to 2.3.0
- [Release notes](https://github.com/actions/attest-build-provenance/releases )
- [Changelog](https://github.com/actions/attest-build-provenance/blob/main/RELEASE.md )
- [Commits](c074443f1a...db473fddc0https://github.com/astral-sh/setup-uv/releases )
- [Commits](c7f87aa956...6b9c6063abhttps://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](28deaeda66...60168efe1c
2025-05-04 20:46:48 -04:00
Xe Iaso
f8e1000ab0
fix(yeetfile): copy all docs, data files, and botPolicies.yaml ( #419 )
...
* fix(yeetfile): copy all docs, data files, and botPolicies.yaml
Closes #415
Signed-off-by: Xe Iaso <me@xeiaso.net>
* ci: bump yeet
Signed-off-by: Xe Iaso <me@xeiaso.net>
---------
Signed-off-by: Xe Iaso <me@xeiaso.net>
2025-05-02 08:43:19 -04:00
dependabot[bot]
bd0e46dac3
build(deps): bump the github-actions group with 4 updates ( #387 )
...
Bumps the github-actions group with 4 updates: [docker/build-push-action](https://github.com/docker/build-push-action ), [actions-hub/kubectl](https://github.com/actions-hub/kubectl ), [astral-sh/setup-uv](https://github.com/astral-sh/setup-uv ) and [github/codeql-action](https://github.com/github/codeql-action ).
Updates `docker/build-push-action` from 6.15.0 to 6.16.0
- [Release notes](https://github.com/docker/build-push-action/releases )
- [Commits](471d1dc4e0...14487ce63chttps://github.com/actions-hub/kubectl/releases )
- [Commits](9270913c29...e81783053dhttps://github.com/astral-sh/setup-uv/releases )
- [Commits](d4b2f3b6ec...c7f87aa956https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](45775bd823...28deaeda66
2025-04-28 01:40:38 +00:00
Xe Iaso
5423ab013a
ci(packages): final pre-release yeet bump ( #384 )
...
Signed-off-by: Xe Iaso <me@xeiaso.net>
2025-04-27 16:54:03 +00:00
Xe Iaso
bec7199ab6
fix(docs): make the docs respect light/dark mode ( #334 )
...
Closes #333
I'm very bad at design so I just picked colors that looked reasonable
enough to me. Hopefully this will be enough to get us to the next stage!
Signed-off-by: Xe Iaso <me@xeiaso.net>
2025-04-23 04:01:02 +00:00
Xe Iaso
ac5a4bf58d
chore(ci): migrate to TecharoHQ/yeet ( #323 )
...
Signed-off-by: Xe Iaso <me@xeiaso.net>
2025-04-22 12:21:37 +00:00
dependabot[bot]
a14f917d68
build(deps): bump astral-sh/setup-uv in the github-actions group ( #312 )
...
Bumps the github-actions group with 1 update: [astral-sh/setup-uv](https://github.com/astral-sh/setup-uv ).
Updates `astral-sh/setup-uv` from 5.4.1 to 5.4.2
- [Release notes](https://github.com/astral-sh/setup-uv/releases )
- [Commits](0c5e2b8115...d4b2f3b6ec
2025-04-20 21:16:38 -04:00
Xe Iaso
2d22491e8c
undo depot for now until I have the corp set up
...
Signed-off-by: Xe Iaso <me@xeiaso.net>
2025-04-20 09:07:54 -04:00
Xe Iaso
736c3ade09
.github/funding: add GitHub sponsors
...
Signed-off-by: Xe Iaso <me@xeiaso.net>
2025-04-17 23:48:36 -04:00
dependabot[bot]
5d4d2e3e2a
build(deps): bump github/codeql-action in the github-actions group ( #264 )
...
Bumps the github-actions group with 1 update: [github/codeql-action](https://github.com/github/codeql-action ).
Updates `github/codeql-action` from 3.28.13 to 3.28.15
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](1b549b9259...45775bd823
2025-04-15 05:56:14 -04:00
