Import existing project
This commit is contained in:
parent
7887817595
commit
80b0cc4939
125 changed files with 16980 additions and 0 deletions
77
middleware/config/checkpoint.toml
Normal file
77
middleware/config/checkpoint.toml
Normal file
|
|
@ -0,0 +1,77 @@
|
|||
# -----------------------------------------------------------------------------
|
||||
# Checkpoint Middleware Configuration (checkpoint.toml)
|
||||
#
|
||||
# All durations are parsed via time.ParseDuration (e.g. "24h").
|
||||
# Arrays and tables map directly to the Config struct fields.
|
||||
# -----------------------------------------------------------------------------
|
||||
|
||||
# === GENERAL SETTINGS ===
|
||||
# Number of leading zeros required in PoW hash
|
||||
Difficulty = 4
|
||||
# Validity period for issued tokens
|
||||
TokenExpiration = "24h"
|
||||
# Name of the cookie used to store the checkpoint token
|
||||
CookieName = "checkpoint_token"
|
||||
# Domain attribute for the cookie; empty = host-only (localhost)
|
||||
CookieDomain = ""
|
||||
# Length of the random salt in bytes for challenges
|
||||
SaltLength = 16
|
||||
|
||||
# === RATE LIMITING & EXPIRATION ===
|
||||
# Max PoW verification attempts per IP per hour
|
||||
MaxAttemptsPerHour = 10
|
||||
# Max age for used nonces before cleanup
|
||||
MaxNonceAge = "24h"
|
||||
# Time allowed for solving a challenge
|
||||
ChallengeExpiration = "5m"
|
||||
|
||||
# === PERSISTENCE PATHS ===
|
||||
# File where HMAC secret is stored
|
||||
SecretConfigPath = "./data/checkpoint_secret.json"
|
||||
# Directory for BadgerDB token store
|
||||
TokenStoreDBPath = "./data/checkpoint_tokendb"
|
||||
# Ordered fallback paths for interstitial HTML
|
||||
InterstitialPaths = [
|
||||
"./public/static/pow-interstitial.html",
|
||||
"./develop/static/pow-interstitial.html"
|
||||
]
|
||||
|
||||
# === SECURITY SETTINGS ===
|
||||
# Enable Proof-of-Space-Time consistency checks
|
||||
CheckPoSTimes = true
|
||||
# Allowed ratio between slowest and fastest PoS runs
|
||||
PoSTimeConsistencyRatio = 1.35
|
||||
|
||||
# === HTML CHECKPOINT EXCLUSIONS ===
|
||||
# Path prefixes to skip PoW interstitial
|
||||
HTMLCheckpointExclusions = ["/api"]
|
||||
# File extensions to skip PoW check
|
||||
HTMLCheckpointExcludedExtensions = { ".jpg" = true, ".jpeg" = true, ".png" = true, ".gif" = true, ".svg" = true, ".webp" = true, ".ico" = true, ".bmp" = true, ".tif" = true, ".tiff" = true, ".mp4" = true, ".webm" = true, ".css" = true, ".js" = true, ".mjs" = true, ".woff" = true, ".woff2" = true, ".ttf" = true, ".otf" = true, ".eot" = true, ".json" = true, ".xml" = true, ".txt" = true, ".pdf" = true, ".map" = true, ".wasm" = true }
|
||||
|
||||
# === QUERY SANITIZATION ===
|
||||
# Regex patterns (case-insensitive) to block in query strings
|
||||
DangerousQueryPatterns = [
|
||||
"(?i)union\\s+select",
|
||||
"(?i)drop\\s+table",
|
||||
"(?i)insert\\s+into",
|
||||
"(?i)<script",
|
||||
"(?i)javascript:",
|
||||
"(?i)onerror=",
|
||||
]
|
||||
# Block queries containing ';', '`', or '\\'
|
||||
BlockDangerousPathChars = true
|
||||
|
||||
# === USER-AGENT VALIDATION ===
|
||||
# Path prefixes to skip UA validation
|
||||
UserAgentValidationExclusions = ["/api"]
|
||||
# Required UA prefix per path prefix
|
||||
[UserAgentRequiredPrefixes]
|
||||
"/demo1" = "Dart/"
|
||||
|
||||
# === REVERSE PROXY MAPPINGS ===
|
||||
# Hostname-to-backend URL map
|
||||
[ReverseProxyMappings]
|
||||
"jellyfin.caileb.com" = "http://192.168.0.2:8096"
|
||||
"archive.caileb.com" = "http://192.168.0.2:7461"
|
||||
"music.caileb.com" = "http://192.168.0.2:4533"
|
||||
"gallery.caileb.com" = "http://192.168.0.2:2283"
|
||||
39
middleware/config/ipfilter.toml
Normal file
39
middleware/config/ipfilter.toml
Normal file
|
|
@ -0,0 +1,39 @@
|
|||
# IPFilter Configuration
|
||||
|
||||
# Page shown when a request is blocked
|
||||
defaultBlockPage = "default-block.html"
|
||||
# Cache block decisions (seconds)
|
||||
ipBlockCacheTTLSec = 300
|
||||
|
||||
# Country codes to block
|
||||
blockedCountryCodes = [
|
||||
"IN", "BH", "AE", "OM", "QA", "KW", "SA", "YE", "IR", "IQ",
|
||||
"LB", "PS", "CY", "TR", "AZ", "AM", "TM", "UZ", "KZ", "KG",
|
||||
"TJ", "KE", "ET", "SO", "SD", "SS", "KP", "UA", "IL"
|
||||
]
|
||||
|
||||
# === CONTINENT-BASED BLOCKING ===
|
||||
blockedContinentCodes = ["AF", "SA", "AS", "AN"]
|
||||
|
||||
# === ASN NUMBER GROUPS ===
|
||||
[blockedASNs]
|
||||
# empty by default
|
||||
|
||||
# === ASN NAME GROUPS ===
|
||||
[blockedASNNames]
|
||||
"Data Center" = [
|
||||
"Cloudflare", "GOOGLE-CLOUD-PLATFORM", "Microsoft", "Amazon", "AWS",
|
||||
"Digitalocean", "OVH", "HUAWEI CLOUDS", "HWCLOUDS", "M247",
|
||||
"Datacamp", "Datapacket", "Amanah", "Hern Labs"
|
||||
]
|
||||
|
||||
# === CUSTOM BLOCK PAGES ===
|
||||
[countryBlockPages]
|
||||
IN = "india-block.html"
|
||||
|
||||
[continentBlockPages]
|
||||
# none by default
|
||||
|
||||
# Custom pages by ASN group
|
||||
[asnGroupBlockPages]
|
||||
"Data Center" = "datacenter-block.html"
|
||||
Reference in a new issue