1
0
Fork 0
This repository has been archived on 2025-05-26. You can view files and clone it, but you cannot make any changes to it's state, such as pushing and creating new issues, pull requests or comments.
Checkpoint-Golang/middleware/config/checkpoint.toml
2025-05-26 12:42:36 -05:00

77 lines
No EOL
2.8 KiB
TOML

# -----------------------------------------------------------------------------
# Checkpoint Middleware Configuration (checkpoint.toml)
#
# All durations are parsed via time.ParseDuration (e.g. "24h").
# Arrays and tables map directly to the Config struct fields.
# -----------------------------------------------------------------------------
# === GENERAL SETTINGS ===
# Number of leading zeros required in PoW hash
Difficulty = 4
# Validity period for issued tokens
TokenExpiration = "24h"
# Name of the cookie used to store the checkpoint token
CookieName = "checkpoint_token"
# Domain attribute for the cookie; empty = host-only (localhost)
CookieDomain = ""
# Length of the random salt in bytes for challenges
SaltLength = 16
# === RATE LIMITING & EXPIRATION ===
# Max PoW verification attempts per IP per hour
MaxAttemptsPerHour = 10
# Max age for used nonces before cleanup
MaxNonceAge = "24h"
# Time allowed for solving a challenge
ChallengeExpiration = "5m"
# === PERSISTENCE PATHS ===
# File where HMAC secret is stored
SecretConfigPath = "./data/checkpoint_secret.json"
# Directory for BadgerDB token store
TokenStoreDBPath = "./data/checkpoint_tokendb"
# Ordered fallback paths for interstitial HTML
InterstitialPaths = [
"./public/static/pow-interstitial.html",
"./develop/static/pow-interstitial.html"
]
# === SECURITY SETTINGS ===
# Enable Proof-of-Space-Time consistency checks
CheckPoSTimes = true
# Allowed ratio between slowest and fastest PoS runs
PoSTimeConsistencyRatio = 1.35
# === HTML CHECKPOINT EXCLUSIONS ===
# Path prefixes to skip PoW interstitial
HTMLCheckpointExclusions = ["/api"]
# File extensions to skip PoW check
HTMLCheckpointExcludedExtensions = { ".jpg" = true, ".jpeg" = true, ".png" = true, ".gif" = true, ".svg" = true, ".webp" = true, ".ico" = true, ".bmp" = true, ".tif" = true, ".tiff" = true, ".mp4" = true, ".webm" = true, ".css" = true, ".js" = true, ".mjs" = true, ".woff" = true, ".woff2" = true, ".ttf" = true, ".otf" = true, ".eot" = true, ".json" = true, ".xml" = true, ".txt" = true, ".pdf" = true, ".map" = true, ".wasm" = true }
# === QUERY SANITIZATION ===
# Regex patterns (case-insensitive) to block in query strings
DangerousQueryPatterns = [
"(?i)union\\s+select",
"(?i)drop\\s+table",
"(?i)insert\\s+into",
"(?i)<script",
"(?i)javascript:",
"(?i)onerror=",
]
# Block queries containing ';', '`', or '\\'
BlockDangerousPathChars = true
# === USER-AGENT VALIDATION ===
# Path prefixes to skip UA validation
UserAgentValidationExclusions = ["/api"]
# Required UA prefix per path prefix
[UserAgentRequiredPrefixes]
"/demo1" = "Dart/"
# === REVERSE PROXY MAPPINGS ===
# Hostname-to-backend URL map
[ReverseProxyMappings]
"jellyfin.caileb.com" = "http://192.168.0.2:8096"
"archive.caileb.com" = "http://192.168.0.2:7461"
"music.caileb.com" = "http://192.168.0.2:4533"
"gallery.caileb.com" = "http://192.168.0.2:2283"