Skip to content
This repository has been archived by the owner on Jan 12, 2025. It is now read-only.

Commit

Permalink
Initial public release
Browse files Browse the repository at this point in the history
  • Loading branch information
s3rj1k committed Oct 31, 2020
0 parents commit b8cc405
Show file tree
Hide file tree
Showing 32 changed files with 1,752 additions and 0 deletions.
2 changes: 2 additions & 0 deletions .gitignore
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
nginx-js-challenge
.idea/
40 changes: 40 additions & 0 deletions .golangci.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,40 @@
run:
deadline: 5m
skip-dirs:
- vendor/.*
linters-settings:
errcheck:
check-type-assertions: true
govet:
check-shadowing: true
gocyclo:
min-complexity: 50
maligned:
suggest-new: true
depguard:
list-type: blacklist
include-go-root: true
packages:
- github.com/davecgh/go-spew/spew
misspell:
locale: US
lll:
line-length: 200
funlen:
lines: 500
statements: 500
gocognit:
min-complexity: 80
unparam:
# call graph construction algorithm (cha, rta). In general, use cha for libraries,
# and rta for programs with main packages. Default is cha.
algo: cha
prealloc:
for-loops: true
linters:
enable-all: true
disable:
- dupl
- godot
- gomnd
- nestif
21 changes: 21 additions & 0 deletions LICENSE
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
MIT License

Copyright (c) 2020 s3rj1k

Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:

The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.
28 changes: 28 additions & 0 deletions Makefile
Original file line number Diff line number Diff line change
@@ -0,0 +1,28 @@
GO_BIN ?= go
ENV_BIN ?= env
OUT_BIN = nginx-js-challenge

export PATH := $(PATH):/usr/local/go/bin

all: clean build

build:
$(GO_BIN) mod tidy
$(ENV_BIN) CGO_ENABLED=1 GOOS=linux $(GO_BIN) build -ldflags '-s -w -extldflags "-static"' -o $(OUT_BIN) -v

update:
$(ENV_BIN) GOPROXY=direct GOPRIVATE="github.com/s3rj1k/*" $(GO_BIN) get -u
$(GO_BIN) get -u github.com/golangci/golangci-lint/cmd/golangci-lint
$(GO_BIN) get -u github.com/mgechev/revive
$(GO_BIN) mod tidy

clean:
$(GO_BIN) clean
rm -f $(OUT_BIN)

test:
$(GO_BIN) test -failfast ./...

lint:
golangci-lint run ./...
revive -config revive.toml -exclude ./vendor/... ./...
24 changes: 24 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
# Build
## Build binaries
```shell script
make build
```

## Build Deb Package
```shell script
apt install make devscripts debhelper build-essential dh-systemd
debuild -us -uc -b
```

# Usage
## Start nginx-js-challenge backend
```shell script
./nginx-js-challenge -address=unix:/run/nginx-js-challenge.sock
```
## Test nginx-js-challenge backend
```shell script
curl --unix-socket /run/nginx-js-challenge.sock http:/example.com
```

## Nginx configuration
The ./nginx dir contains the vhost configuration template.
11 changes: 11 additions & 0 deletions debian/changelog
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
nginx-js-challenge (20191111) UNRELEASED; urgency=low

* More internal updates

-- s3rj1k <[email protected]> Thu, 31 Oct 2019 12:00:00 +0200

nginx-js-challenge (20190610) UNRELEASED; urgency=low

* Initial release

-- s3rj1k <[email protected]> Mon, 10 Jun 2019 12:00:00 +0200
1 change: 1 addition & 0 deletions debian/compat
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
9
13 changes: 13 additions & 0 deletions debian/control
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
Source: nginx-js-challenge
Section: net
Priority: optional
Maintainer: s3rj1k <[email protected]>
Build-Depends: debhelper (>= 9), dh-systemd (>= 1.5)
Standards-Version: 3.9.6

Package: nginx-js-challenge
Architecture: amd64
Depends: ${shlibs:Depends}, lsb-base
Suggests: nginx
Description: Nginx JS Challenge
This package contains simple Nginx JS challenge daemon.
5 changes: 5 additions & 0 deletions debian/copyright
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
This package was debianized by s3rj1k <[email protected]>
on Thu, 16 May 2019 15:00:00 +0200.

Files: *
Copyright: s3rj1k <[email protected]> 2019
5 changes: 5 additions & 0 deletions debian/nginx-js-challenge.default
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
# Defaults for nginx-js-challenge initscript
# sourced by /etc/init.d/nginx-js-challenge

# Additional options that are passed to nginx-js-challenge
DAEMON_ARGS=""
99 changes: 99 additions & 0 deletions debian/nginx-js-challenge.init
Original file line number Diff line number Diff line change
@@ -0,0 +1,99 @@
#!/bin/sh
### BEGIN INIT INFO
# Provides: nginx-js-challenge
# Required-Start: $network $remote_fs $local_fs
# Required-Stop: $network $remote_fs $local_fs
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: Stop/Start nginx-js-challenge
### END INIT INFO

# Author: s3rj1k <[email protected]>

PATH=/sbin:/usr/sbin:/bin:/usr/bin

if [ -L $0 ]; then
SCRIPTNAME=`/bin/readlink -f $0`
else
SCRIPTNAME=$0
fi

NAME="nginx-js-challenge"
DAEMON=${DAEMON:-/usr/sbin/nginx-js-challenge}
PIDFILE=${PIDFILE:-/run/nginx-js-challenge.pid}
DAEMON_ARGS=""

defaultconfig=`/usr/bin/basename $SCRIPTNAME`
[ -r /etc/default/$defaultconfig ] && . /etc/default/$defaultconfig

# Exit if the package is not installed
[ -x "$DAEMON" ] || exit 0

# Load the VERBOSE setting and other rcS variables
. /lib/init/vars.sh

# Define LSB log_* functions.
# Depend on lsb-base (>= 3.0-6) to ensure that this file is present.
. /lib/lsb/init-functions

do_start()
{
start-stop-daemon --start --quiet --background --no-close --make-pidfile --pidfile $PIDFILE --exec $DAEMON -- \
$DAEMON_ARGS > /var/log/$NAME.log 2>&1
RETVAL="$?"
return "$RETVAL"
}

do_stop()
{
start-stop-daemon --stop --quiet --oknodo --retry=TERM/30/KILL/5 --pidfile $PIDFILE
RETVAL="$?"
rm -f $PIDFILE
return "$RETVAL"
}

case "$1" in
start)
[ "$VERBOSE" != no ] && log_daemon_msg "Starting" "$NAME"
do_start
case "$?" in
0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;;
2) [ "$VERBOSE" != no ] && log_end_msg 1 ;;
esac
;;
stop)
[ "$VERBOSE" != no ] && log_daemon_msg "Stopping" "$NAME"
do_stop
case "$?" in
0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;;
2) [ "$VERBOSE" != no ] && log_end_msg 1 ;;
esac
;;
status)
status_of_proc -p "$PIDFILE" "$DAEMON" "$NAME" && exit 0 || exit $?
;;
restart)
log_daemon_msg "Restarting" "$NAME"
do_stop
case "$?" in
0|1)
do_start
case "$?" in
0) log_end_msg 0 ;;
1) log_end_msg 1 ;; # Old process is still running
*) log_end_msg 1 ;; # Failed to start
esac
;;
*)
# Failed to stop
log_end_msg 1
;;
esac
;;
*)
log_action_msg "Usage: $SCRIPTNAME {start|stop|status|restart}"
exit 3
;;
esac

exit $RETVAL
6 changes: 6 additions & 0 deletions debian/nginx-js-challenge.lintian-overrides
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
nginx-js-challenge: hardening-no-relro *
nginx-js-challenge: hardening-no-pie *
nginx-js-challenge: binary-without-manpage *
nginx-js-challenge: new-package-should-close-itp-bug
nginx-js-challenge: description-is-pkg-name *
nginx-js-challenge: init.d-script-does-not-implement-required-option *
20 changes: 20 additions & 0 deletions debian/nginx-js-challenge.service
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
[Unit]
Description=Nginx JS challenge service
After=network.target

[Service]
Type=simple

Environment="DAEMON_ARGS="
EnvironmentFile=-/etc/default/nginx-js-challenge

ExecStart=/usr/sbin/nginx-js-challenge -log-date-time=false ${DAEMON_ARGS}

Restart=on-failure
RestartSec=10

StandardOutput=journal
StandardError=journal

[Install]
WantedBy=multi-user.target
13 changes: 13 additions & 0 deletions debian/rules
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
#!/usr/bin/make -f

%:
dh $@ --with systemd

override_dh_builddeb:
dh_builddeb -- -Zgzip

override_dh_auto_install:
dh_install nginx-js-challenge usr/sbin
dh_install nginx/js_challenge_include.conf /usr/share/doc/nginx-js-challenge/
dh_install nginx/js_challenge_main.conf /usr/share/doc/nginx-js-challenge/
dh_install nginx/js_challenge_server.conf /usr/share/doc/nginx-js-challenge/
1 change: 1 addition & 0 deletions debian/source/format
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
3.0 (native)
33 changes: 33 additions & 0 deletions font.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,33 @@
package main

import (
"net/url"
"strings"
)

// isFontInURL checks that web-font is requested in URL.
func isFontInURL(uri string) bool {
u, err := url.Parse(uri)
if err != nil {
return false
}

value := strings.ToLower(u.Path)

switch {
case strings.HasSuffix(value, ".eot"):
return true
case strings.HasSuffix(value, ".otf"):
return true
case strings.HasSuffix(value, ".svg"):
return true
case strings.HasSuffix(value, ".ttf"):
return true
case strings.HasSuffix(value, ".woff"):
return true
case strings.HasSuffix(value, ".woff2"):
return true
}

return false
}
46 changes: 46 additions & 0 deletions gc.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,46 @@
package main

import (
"net/http"
"sync"
"time"
)

func cleanDB(db *sync.Map) {
for {
// sleep inside infinite loop
time.Sleep(15 * time.Second)

// range over db
db.Range(func(key interface{}, val interface{}) bool {
// cast key to string
if id, ok := key.(string); ok {
// cast value to challenge record
if record, ok := val.(challengeDBRecord); ok {
// check expiration time
if record.Expires.Before(time.Now()) {
Debug.Printf(
"%d, Domain:'%s', ID:'%s', %s\n",
http.StatusOK, record.Domain,
id, messageExpiredRecord,
)

// check then id is NOT UUID
if !reUUID.MatchString(id) {
Bot.Printf(
"%d, Domain:'%s', Addr:'%s', UA:'%s'\n",
http.StatusTeapot, record.Domain,
record.Address, record.UserAgent,
)
}

// delete key
db.Delete(key)
}
}
}

return true
})
}
}
Loading

0 comments on commit b8cc405

Please sign in to comment.