Import existing project
This commit is contained in:
		
							parent
							
								
									7887817595
								
							
						
					
					
						commit
						80b0cc4939
					
				
					 125 changed files with 16980 additions and 0 deletions
				
			
		
							
								
								
									
										77
									
								
								checkpoint_service/middleware/config/checkpoint.toml
									
										
									
									
									
										Normal file
									
								
							
							
						
						
									
										77
									
								
								checkpoint_service/middleware/config/checkpoint.toml
									
										
									
									
									
										Normal file
									
								
							|  | @ -0,0 +1,77 @@ | |||
| # ----------------------------------------------------------------------------- | ||||
| # Checkpoint Middleware Configuration (checkpoint.toml) | ||||
| # | ||||
| # All durations are parsed via time.ParseDuration (e.g. "24h"). | ||||
| # Arrays and tables map directly to the Config struct fields. | ||||
| # ----------------------------------------------------------------------------- | ||||
| 
 | ||||
| # === GENERAL SETTINGS === | ||||
| # Number of leading zeros required in PoW hash | ||||
| Difficulty = 4 | ||||
| # Validity period for issued tokens | ||||
| TokenExpiration = "24h" | ||||
| # Name of the cookie used to store the checkpoint token | ||||
| CookieName = "checkpoint_token" | ||||
| # Domain attribute for the cookie; empty = host-only (localhost) | ||||
| CookieDomain = "" | ||||
| # Length of the random salt in bytes for challenges | ||||
| SaltLength = 16 | ||||
| 
 | ||||
| # === RATE LIMITING & EXPIRATION === | ||||
| # Max PoW verification attempts per IP per hour | ||||
| MaxAttemptsPerHour = 10 | ||||
| # Max age for used nonces before cleanup | ||||
| MaxNonceAge = "24h" | ||||
| # Time allowed for solving a challenge | ||||
| ChallengeExpiration = "5m" | ||||
| 
 | ||||
| # === PERSISTENCE PATHS === | ||||
| # File where HMAC secret is stored | ||||
| SecretConfigPath = "./data/checkpoint_secret.json" | ||||
| # Directory for BadgerDB token store | ||||
| TokenStoreDBPath = "./data/checkpoint_tokendb" | ||||
| # Ordered fallback paths for interstitial HTML | ||||
| InterstitialPaths = [ | ||||
|   "./public/static/pow-interstitial.html", | ||||
|   "./develop/static/pow-interstitial.html" | ||||
| ] | ||||
| 
 | ||||
| # === SECURITY SETTINGS === | ||||
| # Enable Proof-of-Space-Time consistency checks | ||||
| CheckPoSTimes = true | ||||
| # Allowed ratio between slowest and fastest PoS runs | ||||
| PoSTimeConsistencyRatio = 1.35 | ||||
| 
 | ||||
| # === HTML CHECKPOINT EXCLUSIONS === | ||||
| # Path prefixes to skip PoW interstitial | ||||
| HTMLCheckpointExclusions = ["/api"] | ||||
| # File extensions to skip PoW check | ||||
| HTMLCheckpointExcludedExtensions = { ".jpg" = true, ".jpeg" = true, ".png" = true, ".gif" = true, ".svg" = true, ".webp" = true, ".ico" = true, ".bmp" = true, ".tif" = true, ".tiff" = true, ".mp4" = true, ".webm" = true, ".css" = true, ".js" = true, ".mjs" = true, ".woff" = true, ".woff2" = true, ".ttf" = true, ".otf" = true, ".eot" = true, ".json" = true, ".xml" = true, ".txt" = true, ".pdf" = true, ".map" = true, ".wasm" = true } | ||||
| 
 | ||||
| # === QUERY SANITIZATION === | ||||
| # Regex patterns (case-insensitive) to block in query strings | ||||
| DangerousQueryPatterns = [ | ||||
|   "(?i)union\\s+select", | ||||
|   "(?i)drop\\s+table", | ||||
|   "(?i)insert\\s+into", | ||||
|   "(?i)<script", | ||||
|   "(?i)javascript:", | ||||
|   "(?i)onerror=", | ||||
| ] | ||||
| # Block queries containing ';', '`', or '\\' | ||||
| BlockDangerousPathChars = true | ||||
| 
 | ||||
| # === USER-AGENT VALIDATION === | ||||
| # Path prefixes to skip UA validation | ||||
| UserAgentValidationExclusions = ["/api"] | ||||
| # Required UA prefix per path prefix | ||||
| [UserAgentRequiredPrefixes] | ||||
| "/demo1" = "Dart/" | ||||
| 
 | ||||
| # === REVERSE PROXY MAPPINGS === | ||||
| # Hostname-to-backend URL map | ||||
| [ReverseProxyMappings] | ||||
| "jellyfin.caileb.com" = "http://192.168.0.2:8096" | ||||
| "archive.caileb.com" = "http://192.168.0.2:7461" | ||||
| "music.caileb.com" = "http://192.168.0.2:4533" | ||||
| "gallery.caileb.com" = "http://192.168.0.2:2283" | ||||
		Reference in a new issue