[chore] remove nollamas middleware for now (after discussions with a security advisor) (#4433)

i'll keep this on a separate branch for now while i experiment with other possible alternatives, but for now both our hacky implementation especially, and more popular ones (like anubis) aren't looking too great on the deterrent front: https://github.com/eternal-flame-AD/pow-buster

Co-authored-by: tobi <tobi.smethurst@protonmail.com>
Reviewed-on: https://codeberg.org/superseriousbusiness/gotosocial/pulls/4433
Co-authored-by: kim <grufwub@gmail.com>
Co-committed-by: kim <grufwub@gmail.com>

internal/config/config.go

@@ -279,13 +279,12 @@ type CacheConfiguration struct {
 }
 
 type AdvancedConfig struct {
-	CookiesSamesite   string                  `name:"cookies-samesite" usage:"'strict' or 'lax', see https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite"`
-	SenderMultiplier  int                     `name:"sender-multiplier" usage:"Multiplier to use per cpu for batching outgoing fedi messages. 0 or less turns batching off (not recommended)."`
-	CSPExtraURIs      []string                `name:"csp-extra-uris" usage:"Additional URIs to allow when building content-security-policy for media + images."`
-	HeaderFilterMode  string                  `name:"header-filter-mode" usage:"Set incoming request header filtering mode."`
-	RateLimit         RateLimitConfig         `name:"rate-limit"`
-	Throttling        ThrottlingConfig        `name:"throttling"`
-	ScraperDeterrence ScraperDeterrenceConfig `name:"scraper-deterrence"`
+	CookiesSamesite  string           `name:"cookies-samesite" usage:"'strict' or 'lax', see https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite"`
+	SenderMultiplier int              `name:"sender-multiplier" usage:"Multiplier to use per cpu for batching outgoing fedi messages. 0 or less turns batching off (not recommended)."`
+	CSPExtraURIs     []string         `name:"csp-extra-uris" usage:"Additional URIs to allow when building content-security-policy for media + images."`
+	HeaderFilterMode string           `name:"header-filter-mode" usage:"Set incoming request header filtering mode."`
+	RateLimit        RateLimitConfig  `name:"rate-limit"`
+	Throttling       ThrottlingConfig `name:"throttling"`
 }
 
 type RateLimitConfig struct {
@@ -297,8 +296,3 @@ type ThrottlingConfig struct {
 	Multiplier int           `name:"multiplier"  usage:"Multiplier to use per cpu for http request throttling. 0 or less turns throttling off."`
 	RetryAfter time.Duration `name:"retry-after" usage:"Retry-After duration response to send for throttled requests."`
 }
-
-type ScraperDeterrenceConfig struct {
-	Enabled    bool   `name:"enabled"    usage:"Enable proof-of-work based scraper deterrence on profile / status pages"`
-	Difficulty uint32 `name:"difficulty" usage:"The proof-of-work difficulty, which determines roughly how many hash-encode rounds required of each client."`
-}

internal/config/config_test.go

@@ -175,7 +175,6 @@ func TestCLIParsing(t *testing.T) {
 				"--config-path", "testdata/test3.yaml",
 			},
 			expected: expectedKV(
-				kv.Field{"advanced-scraper-deterrence-enabled", true},
 				kv.Field{"advanced-rate-limit-requests", 5000},
 			),
 		},

internal/config/defaults.go

@@ -154,11 +154,6 @@ var Defaults = Configuration{
 			Multiplier: 8, // 8 open requests per CPU
 			RetryAfter: 30 * time.Second,
 		},
-
-		ScraperDeterrence: ScraperDeterrenceConfig{
-			Enabled:    false,
-			Difficulty: 100000,
-		},
 	},
 
 	Cache: CacheConfiguration{

internal/config/testdata/test3.yaml

@@ -1,5 +1,3 @@
 advanced:
-  scraper-deterrence:
-    enabled: true
   rate-limit:
     requests: 5000