mirrors/gotosocial
1
0
Fork 0
mirror of https://github.com/superseriousbusiness/gotosocial.git synced 2025-11-04 05:42:25 -06:00
Code Issues Projects Releases Packages Wiki Activity Actions
gotosocial/web/source/index.js
kim d8c4d9fc5a [feature] proof of work scraper deterrence (#4043) 
This adds a proof-of-work based scraper deterrence to GoToSocial's middleware stack on profile and status web pages. Heavily inspired by https://github.com/TecharoHQ/anubis, but massively stripped back for our own usecase.

Todo:
- ~~add configuration option so this is disabled by default~~
- ~~fix whatever weirdness is preventing this working with CSP (even in debug)~~
- ~~use our standard templating mechanism going through apiutil helper func~~
- ~~probably some absurdly small performance improvements to be made in pooling re-used hex encode / hash encode buffers~~ the web endpoints aren't as hot a path as API / ActivityPub, will leave as-is for now as it is already very minimal and well optimized
- ~~verify the cryptographic assumptions re: using a portion of token as challenge data~~ this isn't a serious application of cryptography, if it turns out to be a problem we'll fix it, but it definitely should not be easily possible to guess a SHA256 hash from the first 1/4 of it even if mathematically it might make it a bit easier
- ~~theme / make look nice??~~
- ~~add a spinner~~
- ~~add entry in example configuration~~
- ~~add documentation~~

Verification page originally based on https://github.com/LucienV1/powtect

Co-authored-by: tobi <tobi.smethurst@protonmail.com>
Reviewed-on: https://codeberg.org/superseriousbusiness/gotosocial/pulls/4043
Reviewed-by: tobi <tsmethurst@noreply.codeberg.org>
Co-authored-by: kim <grufwub@gmail.com>
Co-committed-by: kim <grufwub@gmail.com>
2025-04-28 20:12:27 +00:00

126 lines
2.8 KiB
JavaScript
Raw Blame History

/*
GoToSocial
Copyright (C) GoToSocial Authors admin@gotosocial.org
SPDX-License-Identifier: AGPL-3.0-or-later
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU Affero General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU Affero General Public License for more details.
You should have received a copy of the GNU Affero General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
const skulk = require("skulk");
const fs = require("fs");
const path = require("path");
let cssEntryFiles = fs.readdirSync(path.join(__dirname, "./css")).map((file) => {
return path.join(__dirname, "./css", file);
});
const prodCfg = {
transform: [
["@browserify/uglifyify", {
global: true,
exts: ".js"
}],
["@browserify/envify", { global: true }]
]
};
skulk({
name: "GoToSocial",
basePath: __dirname,
assetPath: "../assets/",
prodCfg: {
servers: {
express: false,
livereload: false
}
},
servers: {
express: {
proxy: "http://127.0.0.1:8081",
assets: "/assets"
}
},
bundles: {
frontend: {
entryFile: "frontend",
outputFile: "frontend.js",
preset: ["js"],
prodCfg: prodCfg,
transform: [
["babelify", {
global: true,
ignore: [/node_modules\/(?!(.*photoswipe.*))/]
}]
],
},
frontend_prerender: {
entryFile: "frontend_prerender",
outputFile: "frontend_prerender.js",
preset: ["js"],
prodCfg: prodCfg,
transform: [
["babelify", { global: true }]
],
},
nollamas: {
entryFile: "nollamas",
outputFile: "nollamas.js",
preset: ["js"],
prodCfg: prodCfg,
transform: [
["babelify", { global: true }]
],
},
nollamasworker: {
entryFile: "nollamasworker",
outputFile: "nollamasworker.js",
preset: ["js"],
prodCfg: prodCfg,
transform: [
["babelify", { global: true }]
],
},
settings: {
entryFile: "settings",
outputFile: "settings.js",
prodCfg: prodCfg,
plugin: [
// Additional settings for TS are passed from tsconfig.json.
// See: https://github.com/TypeStrong/tsify#tsconfigjson
["tsify"]
],
transform: [
// tsify is called before babelify, so we're just babelifying
// commonjs here, no need for the typescript preset.
["babelify", {
global: true,
ignore: [/node_modules\/(?!(nanoid)|(wouter))/],
}]
],
presets: [
"react",
["postcss", {
output: "settings-style.css"
}]
]
},
css: {
entryFiles: cssEntryFiles,
outputFile: "_discard",
presets: [["postcss", {
output: "_split"
}]]
}
}
});
Reference in a new issue View git blame Copy permalink