Remove my TOML configs & minor bypass key fixes

2025-05-29 14:05:20 -05:00 · 2025-05-29 14:05:20 -05:00 · 9372fe8f02
commit 9372fe8f02
parent 9bcdc532bb
6 changed files with 17 additions and 295 deletions
--- a/.gitignore
+++ b/.gitignore
@ -39,5 +39,7 @@ data
 # DB Folder
 db
-# My Configs
+# ignore all TOML files…
 *.toml
 # ...but don’t ignore the example files
 !*.toml.example
--- a/checkpoint.js
+++ b/checkpoint.js
@ -651,11 +651,23 @@ function CheckpointMiddleware() {
        // 2) Bypass via header keys
        for (const { Name, Value, Domains } of checkpointConfig.BypassHeaderKeys) {
-          const headerVal = request.headers.get(Name);
+          // Get header value case-insensitively by checking all headers
          let headerVal = null;
          const headersMap = Object.fromEntries([...request.headers.entries()].map(([k, v]) => [k.toLowerCase(), v]));
          headerVal = headersMap[Name.toLowerCase()] || request.headers.get(Name);
          console.log(`DEBUG - Checking header ${Name}: received="${headerVal}", expected="${Value}", domains=${JSON.stringify(Domains)}`);
          if (headerVal === Value) {
            console.log(`DEBUG - Header value matched for ${Name}`);
            if (!Array.isArray(Domains) || Domains.length === 0 || Domains.includes(host)) {
              console.log(`DEBUG - Domain check passed for ${host}`);
              return next();
            } else {
              console.log(`DEBUG - Domain check failed: ${host} not in ${JSON.stringify(Domains)}`);
            }
          } else {
            console.log(`DEBUG - Header value mismatch for ${Name}`);
          }
        }
--- a/config/checkpoint.toml
+++ b/config/checkpoint.toml
@ -1,114 +0,0 @@
 # =============================================================================
 # CHECKPOINT SECURITY CONFIGURATION
 # =============================================================================
 # This configuration controls the checkpoint security middleware that protects
 # your services with proof-of-work challenges and token-based authentication.
 # =============================================================================
 # -----------------------------------------------------------------------------
 # CORE SETTINGS
 # -----------------------------------------------------------------------------
 [Core]
 # Enable or disable the checkpoint system entirely
 Enabled = true
 # Cookie name for storing checkpoint tokens
 CookieName = "checkpoint_token"
 # Cookie domain (empty = host-only cookie for localhost)
 # Set to ".yourdomain.com" for all subdomains
 CookieDomain = ""
 # Enable URL path sanitization to prevent path traversal attacks
 SanitizeURLs = true
 # -----------------------------------------------------------------------------
 # PROOF OF WORK SETTINGS
 # -----------------------------------------------------------------------------
 [ProofOfWork]
 # Number of leading zeros required in the SHA-256 hash
 Difficulty = 4
 # Random salt length in bytes
 SaltLength = 16
 # Time allowed to solve a challenge before it expires
 ChallengeExpiration = "3m"
 # Maximum attempts per IP address per hour
 MaxAttemptsPerHour = 10
 # -----------------------------------------------------------------------------
 # PROOF OF SPACE-TIME SETTINGS (Optional additional verification)
 # -----------------------------------------------------------------------------
 [ProofOfSpaceTime]
 # Enable consistency checks for PoS-Time verification
 Enabled = true
 # Maximum allowed ratio between slowest and fastest PoS runs
 ConsistencyRatio = 1.35
 # -----------------------------------------------------------------------------
 # TOKEN SETTINGS
 # -----------------------------------------------------------------------------
 [Token]
 # How long tokens remain valid
 Expiration = "24h"
 # Maximum age for used nonces before cleanup
 MaxNonceAge = "24h"
 # -----------------------------------------------------------------------------
 # STORAGE PATHS
 # -----------------------------------------------------------------------------
 [Storage]
 # HMAC secret storage location
 SecretPath = "./data/checkpoint_secret.json"
 # Token database directory
 TokenDBPath = "./db/tokenstore"
 # Interstitial page templates (in order of preference)
 InterstitialTemplates = [
  "/pages/interstitial/page.html",
  "/pages/ipfilter/default.html"
 ]
 # -----------------------------------------------------------------------------
 # EXCLUSION RULES
 # -----------------------------------------------------------------------------
 # Define which requests should bypass the checkpoint system.
 # Each rule can specify:
 #   - Path (required): URL path or prefix to match
 #   - Hosts (optional): Specific hostnames this rule applies to
 #   - UserAgents (optional): User-Agent patterns to match
 # -----------------------------------------------------------------------------
 [[Exclusion]]
 # Skip checkpoint for all API endpoints (required for Immich and similar apps)
 Path = "/api"
 Hosts = ["gallery.caileb.com"]  # Optional: only for specific hosts
 [[Exclusion]]
 # Allows Git pushes w/ ForgeJo
 Path = "/info/refs"
 Hosts = ["git.caileb.com"]
 # -----------------------------------------------------------------------------
 # BYPASS KEYS
 # -----------------------------------------------------------------------------
 # Special keys that can bypass the checkpoint when provided
 [[BypassKeys]]
 # Query parameter bypass
 Type = "query"
 Key = "bypass_key"
 Value = "your-secret-key-here"
 Hosts = ["music.caileb.com"]  # Optional: restrict to specific hosts
 [[BypassKeys]]
 # Header bypass
 Type = "header"
 Key = "X-Bypass-Token"
 Value = "another-secret-key"
 # Hosts = []  # If empty or omitted, applies to all hosts
--- a/config/ipfilter.toml
+++ b/config/ipfilter.toml
@ -1,92 +0,0 @@
 # =============================================================================
 # IP FILTER CONFIGURATION
 # =============================================================================
 # This configuration controls the IP filtering middleware that blocks requests
 # based on geographic location (country/continent) and network (ASN) information.
 # =============================================================================
 # -----------------------------------------------------------------------------
 # CORE SETTINGS
 # -----------------------------------------------------------------------------
 [Core]
 # Enable or disable the IP filter entirely
 Enabled = true
 # MaxMind account ID for downloading GeoIP databases
 # Can also be set via MAXMIND_ACCOUNT_ID environment variable or .env file
 AccountID = ""
 # MaxMind license key for downloading GeoIP databases
 # Can also be set via MAXMIND_LICENSE_KEY environment variable or .env file
 LicenseKey = ""
 # How often to check for database updates (in hours)
 DBUpdateIntervalHours = 12
 # -----------------------------------------------------------------------------
 # CACHING SETTINGS
 # -----------------------------------------------------------------------------
 [Cache]
 # TTL for cached IP block decisions (in seconds)
 # 0 = cache indefinitely until server restart
 IPBlockCacheTTLSec = 300
 # Maximum number of cached IP decisions
 # 0 = unlimited
 IPBlockCacheMaxEntries = 10000
 # -----------------------------------------------------------------------------
 # BLOCKING RULES
 # -----------------------------------------------------------------------------
 [Blocking]
 # ISO country codes to block (2-letter codes)
 CountryCodes = [
  "IN", "BH", "AE", "OM", "QA", "KW", "SA", "YE", "IR", "IQ",
  "LB", "PS", "CY", "TR", "AZ", "AM", "TM", "UZ", "KZ", "KG",
  "TJ", "KE", "ET", "SO", "SD", "SS", "KP", "UA", "IL"
 ]
 # Continent codes to block
 ContinentCodes = ["AF", "SA", "AS", "AN"]
 # Default block page when no specific page is configured
 DefaultBlockPage = "/pages/ipfilter/default.html"
 # -----------------------------------------------------------------------------
 # ASN BLOCKING
 # -----------------------------------------------------------------------------
 # Block by Autonomous System Number (ASN)
 # Group ASNs by category for different block pages
 # [ASN.Example]
 # Numbers = [12345, 67890]
 # BlockPage = "pages/ipfilter/example.html"
 # -----------------------------------------------------------------------------
 # ASN NAME BLOCKING
 # -----------------------------------------------------------------------------
 # Block by ASN organization name patterns
 [ASNNames.DataCenter]
 # Block data center and cloud providers
 Patterns = [
  "Cloudflare", "GOOGLE-CLOUD-PLATFORM", "Microsoft", "Amazon", "AWS",
  "Digitalocean", "OVH", "HUAWEI CLOUDS", "HWCLOUDS", "M247",
  "Datacamp", "Datapacket", "Amanah", "Hern Labs"
 ]
 BlockPage = "/pages/ipfilter/datacenter.html"
 # -----------------------------------------------------------------------------
 # COUNTRY-SPECIFIC BLOCK PAGES
 # -----------------------------------------------------------------------------
 [CountryBlockPages]
 # Custom block pages for specific countries
 IN = "/pages/ipfilter/india.html"
 # -----------------------------------------------------------------------------
 # CONTINENT-SPECIFIC BLOCK PAGES
 # -----------------------------------------------------------------------------
 [ContinentBlockPages]
 # Custom block pages for specific continents
 # AS = "pages/ipfilter/asia.html"
 # AF = "pages/ipfilter/africa.html"
--- a/config/proxy.toml
+++ b/config/proxy.toml
@ -1,55 +0,0 @@
 # =============================================================================
 # PROXY CONFIGURATION
 # =============================================================================
 # This configuration controls the reverse proxy middleware that forwards
 # requests to backend services based on hostname mappings.
 # =============================================================================
 # -----------------------------------------------------------------------------
 # CORE SETTINGS
 # -----------------------------------------------------------------------------
 [Core]
 # Enable or disable the proxy middleware
 Enabled = true
 # -----------------------------------------------------------------------------
 # TIMEOUT SETTINGS
 # -----------------------------------------------------------------------------
 [Timeouts]
 # WebSocket connection timeout in milliseconds
 WebSocketTimeoutMs = 60000
 # Upstream HTTP request timeout in milliseconds
 UpstreamTimeoutMs = 30000
 # -----------------------------------------------------------------------------
 # PROXY MAPPINGS
 # -----------------------------------------------------------------------------
 # Map hostnames to backend service URLs
 # Format: "hostname" = "backend_url"
 # -----------------------------------------------------------------------------
 [[Mapping]]
 # Immich
 Host = "gallery.caileb.com"
 Target = "http://192.168.0.2:2283"
 [[Mapping]]
 # Navidrome
 Host = "music.caileb.com"
 Target = "http://192.168.0.2:4533"
 [[Mapping]]
 # ForgeJo
 Host = "git.caileb.com"
 Target = "http://192.168.0.2:3053"
 # [[Mapping]]
 # Example: API service
 # Host = "api.example.com"
 # Target = "http://localhost:3001"
 # [[Mapping]]
 # Example: Admin panel
 # Host = "admin.example.com"
 # Target = "http://localhost:3002"
--- a/config/stats.toml
+++ b/config/stats.toml
@ -1,31 +0,0 @@
 # =============================================================================
 # STATS CONFIGURATION
 # =============================================================================
 # This configuration controls the statistics collection and visualization
 # middleware that tracks events and provides a web UI for viewing metrics.
 # =============================================================================
 # -----------------------------------------------------------------------------
 # CORE SETTINGS
 # -----------------------------------------------------------------------------
 [Core]
 # Enable or disable the stats plugin
 Enabled = true
 # -----------------------------------------------------------------------------
 # STORAGE SETTINGS
 # -----------------------------------------------------------------------------
 [Storage]
 # TTL for stats entries
 # Format: "30d", "24h", "1h", etc.
 StatsTTL = "30d"
 # -----------------------------------------------------------------------------
 # WEB UI SETTINGS
 # -----------------------------------------------------------------------------
 [WebUI]
 # Path for stats UI
 StatsUIPath = "/stats"
 # Path for stats API
 StatsAPIPath = "/stats/api"