mirror of
https://github.com/superseriousbusiness/gotosocial.git
synced 2025-10-29 15:32:25 -05:00
d8c4d9fc5a
This adds a proof-of-work based scraper deterrence to GoToSocial's middleware stack on profile and status web pages. Heavily inspired by https://github.com/TecharoHQ/anubis, but massively stripped back for our own usecase. Todo: - ~~add configuration option so this is disabled by default~~ - ~~fix whatever weirdness is preventing this working with CSP (even in debug)~~ - ~~use our standard templating mechanism going through apiutil helper func~~ - ~~probably some absurdly small performance improvements to be made in pooling re-used hex encode / hash encode buffers~~ the web endpoints aren't as hot a path as API / ActivityPub, will leave as-is for now as it is already very minimal and well optimized - ~~verify the cryptographic assumptions re: using a portion of token as challenge data~~ this isn't a serious application of cryptography, if it turns out to be a problem we'll fix it, but it definitely should not be easily possible to guess a SHA256 hash from the first 1/4 of it even if mathematically it might make it a bit easier - ~~theme / make look nice??~~ - ~~add a spinner~~ - ~~add entry in example configuration~~ - ~~add documentation~~ Verification page originally based on https://github.com/LucienV1/powtect Co-authored-by: tobi <tobi.smethurst@protonmail.com> Reviewed-on: https://codeberg.org/superseriousbusiness/gotosocial/pulls/4043 Reviewed-by: tobi <tsmethurst@noreply.codeberg.org> Co-authored-by: kim <grufwub@gmail.com> Co-committed-by: kim <grufwub@gmail.com> |
||
|---|---|---|
| .. | ||
| admin | ||
| ap | ||
| api | ||
| cache | ||
| cleaner | ||
| config | ||
| db | ||
| federation | ||
| filter | ||
| gtscontext | ||
| gtserror | ||
| gtsmodel | ||
| headerfilter | ||
| httpclient | ||
| id | ||
| iotools | ||
| language | ||
| log | ||
| media | ||
| messages | ||
| middleware | ||
| oauth | ||
| observability | ||
| oidc | ||
| paging | ||
| processing | ||
| queue | ||
| regexes | ||
| router | ||
| scheduler | ||
| state | ||
| storage | ||
| stream | ||
| subscriptions | ||
| text | ||
| trans | ||
| transport | ||
| typeutils | ||
| uris | ||
| util | ||
| validate | ||
| web | ||
| webpush | ||
| workers | ||