Websocket Fixes & New Config Examples

config/checkpoint.toml

@@ -90,22 +90,9 @@ Path = "/api"
 Hosts = ["gallery.caileb.com"]  # Optional: only for specific hosts
 
 [[Exclusion]]
-# Skip checkpoint for health checks
-Path = "/health"
-
-[[Exclusion]]
-# Skip checkpoint for metrics endpoint
-Path = "/metrics"
-
-# [[Exclusion]]
-# Example: Mobile app API with specific user agent
-# Path = "/mobile-api"
-# UserAgents = ["MyApp/", "Dart/"]
-
-# [[Exclusion]]
-# Example: Host-specific exclusion
-# Path = "/admin"
-# Hosts = ["admin.internal.com"]
+# Allows Git pushes w/ ForgeJo
+Path = "/info/refs"
+Hosts = ["git.caileb.com"]
 
 # -----------------------------------------------------------------------------
 # BYPASS KEYS

config/checkpoint.toml.example

@@ -0,0 +1,123 @@
+# =============================================================================
+# CHECKPOINT SECURITY CONFIGURATION
+# =============================================================================
+# This configuration controls the checkpoint security middleware that protects
+# your services with proof-of-work challenges and token-based authentication.
+# =============================================================================
+
+# -----------------------------------------------------------------------------
+# CORE SETTINGS
+# -----------------------------------------------------------------------------
+[Core]
+# Enable or disable the checkpoint system entirely
+Enabled = true
+
+# Cookie name for storing checkpoint tokens
+CookieName = "checkpoint_token"
+
+# Cookie domain (empty = host-only cookie for localhost)
+# Set to ".yourdomain.com" for all subdomains
+CookieDomain = ""
+
+# Enable URL path sanitization to prevent path traversal attacks
+SanitizeURLs = true
+
+# -----------------------------------------------------------------------------
+# PROOF OF WORK SETTINGS
+# -----------------------------------------------------------------------------
+[ProofOfWork]
+# Number of leading zeros required in the SHA-256 hash
+Difficulty = 4
+
+# Random salt length in bytes
+SaltLength = 16
+
+# Time allowed to solve a challenge before it expires
+ChallengeExpiration = "3m"
+
+# Maximum attempts per IP address per hour
+MaxAttemptsPerHour = 10
+
+# -----------------------------------------------------------------------------
+# PROOF OF SPACE-TIME SETTINGS (Optional additional verification)
+# -----------------------------------------------------------------------------
+[ProofOfSpaceTime]
+# Enable consistency checks for PoS-Time verification
+Enabled = true
+
+# Maximum allowed ratio between slowest and fastest PoS runs
+ConsistencyRatio = 1.35
+
+# -----------------------------------------------------------------------------
+# TOKEN SETTINGS
+# -----------------------------------------------------------------------------
+[Token]
+# How long tokens remain valid
+Expiration = "24h"
+
+# Maximum age for used nonces before cleanup
+MaxNonceAge = "24h"
+
+# -----------------------------------------------------------------------------
+# STORAGE PATHS
+# -----------------------------------------------------------------------------
+[Storage]
+# HMAC secret storage location
+SecretPath = "./data/checkpoint_secret.json"
+
+# Token database directory
+TokenDBPath = "./db/tokenstore"
+
+# Interstitial page templates (in order of preference)
+InterstitialTemplates = [
+  "/pages/interstitial/page.html",
+  "/pages/ipfilter/default.html"
+]
+
+# -----------------------------------------------------------------------------
+# EXCLUSION RULES
+# -----------------------------------------------------------------------------
+# Define which requests should bypass the checkpoint system.
+# Each rule can specify:
+#   - Path (required): URL path or prefix to match
+#   - Hosts (optional): Specific hostnames this rule applies to
+#   - UserAgents (optional): User-Agent patterns to match
+# -----------------------------------------------------------------------------
+
+[[Exclusion]]
+# Skip checkpoint for all API endpoints
+Path = "/api"
+Hosts = ["api.example.com"]  # Optional: only for specific hosts
+
+[[Exclusion]]
+# Allows Git operations
+Path = "/info/refs"
+Hosts = ["git.example.com"]
+
+[[Exclusion]]
+# Skip checkpoint for metrics endpoint
+Path = "/metrics"
+
+# [[Exclusion]]
+# Example: Mobile app API with specific user agent
+# Path = "/mobile-api"
+# UserAgents = ["MyApp/", "Dart/"]
+
+# -----------------------------------------------------------------------------
+# BYPASS KEYS
+# -----------------------------------------------------------------------------
+# Special keys that can bypass the checkpoint when provided
+
+[[BypassKeys]]
+# Query parameter bypass
+Type = "query"
+Key = "bypass_key"
+Value = "your-secret-key-here"
+Hosts = ["music.example.com"]  # Optional: restrict to specific hosts
+
+[[BypassKeys]]
+# Header bypass
+Type = "header"
+Key = "X-Bypass-Token"
+Value = "another-secret-key"
+# Hosts = []  # If empty or omitted, applies to all hosts 

config/ipfilter.toml.example

@@ -0,0 +1,89 @@
+# =============================================================================
+# IP FILTER CONFIGURATION
+# =============================================================================
+# This configuration controls the IP filtering middleware that blocks requests
+# based on geographic location (country/continent) and network (ASN) information.
+# =============================================================================
+
+# -----------------------------------------------------------------------------
+# CORE SETTINGS
+# -----------------------------------------------------------------------------
+[Core]
+# Enable or disable the IP filter entirely
+Enabled = false
+
+# MaxMind account ID for downloading GeoIP databases
+# Can also be set via MAXMIND_ACCOUNT_ID environment variable or .env file
+AccountID = ""
+
+# MaxMind license key for downloading GeoIP databases
+# Can also be set via MAXMIND_LICENSE_KEY environment variable or .env file
+LicenseKey = ""
+
+# How often to check for database updates (in hours)
+DBUpdateIntervalHours = 12
+
+# -----------------------------------------------------------------------------
+# CACHING SETTINGS
+# -----------------------------------------------------------------------------
+[Cache]
+# TTL for cached IP block decisions (in seconds)
+# 0 = cache indefinitely until server restart
+IPBlockCacheTTLSec = 300
+
+# Maximum number of cached IP decisions
+# 0 = unlimited
+IPBlockCacheMaxEntries = 10000
+
+# -----------------------------------------------------------------------------
+# BLOCKING RULES
+# -----------------------------------------------------------------------------
+[Blocking]
+# ISO country codes to block (2-letter codes)
+CountryCodes = [
+  "XX", "YY", "ZZ"  # Replace with actual country codes
+]
+
+# Continent codes to block
+ContinentCodes = []  # Example: ["AF", "AS"]
+
+# Default block page when no specific page is configured
+DefaultBlockPage = "/pages/ipfilter/default.html"
+
+# -----------------------------------------------------------------------------
+# ASN BLOCKING
+# -----------------------------------------------------------------------------
+# Block by Autonomous System Number (ASN)
+# Group ASNs by category for different block pages
+
+# [ASN.Example]
+# Numbers = [12345, 67890]
+# BlockPage = "pages/ipfilter/example.html"
+
+# -----------------------------------------------------------------------------
+# ASN NAME BLOCKING
+# -----------------------------------------------------------------------------
+# Block by ASN organization name patterns
+
+[ASNNames.DataCenter]
+# Block data center and cloud providers
+Patterns = [
+  "Cloudflare", "GOOGLE-CLOUD-PLATFORM", "Microsoft", "Amazon", "AWS",
+  "Digitalocean", "OVH", "HUAWEI CLOUDS"
+]
+BlockPage = "/pages/ipfilter/datacenter.html"
+
+# -----------------------------------------------------------------------------
+# COUNTRY-SPECIFIC BLOCK PAGES
+# -----------------------------------------------------------------------------
+[CountryBlockPages]
+# Custom block pages for specific countries
+XX = "/pages/ipfilter/country-xx.html"
+
+# -----------------------------------------------------------------------------
+# CONTINENT-SPECIFIC BLOCK PAGES
+# -----------------------------------------------------------------------------
+[ContinentBlockPages]
+# Custom block pages for specific continents
+# AS = "pages/ipfilter/asia.html"
+# AF = "pages/ipfilter/africa.html" 

config/proxy.toml

@@ -17,7 +17,7 @@ Enabled = true
 # -----------------------------------------------------------------------------
 [Timeouts]
 # WebSocket connection timeout in milliseconds
-WebSocketTimeoutMs = 5000
+WebSocketTimeoutMs = 60000
 
 # Upstream HTTP request timeout in milliseconds
 UpstreamTimeoutMs = 30000

config/proxy.toml.example

@@ -0,0 +1,55 @@
+# =============================================================================
+# PROXY CONFIGURATION
+# =============================================================================
+# This configuration controls the reverse proxy middleware that forwards
+# requests to backend services based on hostname mappings.
+# =============================================================================
+
+# -----------------------------------------------------------------------------
+# CORE SETTINGS
+# -----------------------------------------------------------------------------
+[Core]
+# Enable or disable the proxy middleware
+Enabled = true
+
+# -----------------------------------------------------------------------------
+# TIMEOUT SETTINGS
+# -----------------------------------------------------------------------------
+[Timeouts]
+# WebSocket connection timeout in milliseconds
+WebSocketTimeoutMs = 5000
+
+# Upstream HTTP request timeout in milliseconds
+UpstreamTimeoutMs = 30000
+
+# -----------------------------------------------------------------------------
+# PROXY MAPPINGS
+# -----------------------------------------------------------------------------
+# Map hostnames to backend service URLs
+# Format: "hostname" = "backend_url"
+# -----------------------------------------------------------------------------
+
+[[Mapping]]
+# Media server
+Host = "media.example.com"
+Target = "http://192.168.1.100:8096"
+
+[[Mapping]]
+# Music streaming service
+Host = "music.example.com"
+Target = "http://192.168.1.100:4533"
+
+[[Mapping]]
+# Git repository
+Host = "git.example.com"
+Target = "http://192.168.1.100:3000"
+
+# [[Mapping]]
+# API service
+# Host = "api.example.com"
+# Target = "http://localhost:3001"
+
+# [[Mapping]]
+# Admin panel
+# Host = "admin.example.com"
+# Target = "http://localhost:3002" 

config/stats.toml.example

@@ -0,0 +1,31 @@
+# =============================================================================
+# STATS CONFIGURATION
+# =============================================================================
+# This configuration controls the statistics collection and visualization
+# middleware that tracks events and provides a web UI for viewing metrics.
+# =============================================================================
+
+# -----------------------------------------------------------------------------
+# CORE SETTINGS
+# -----------------------------------------------------------------------------
+[Core]
+# Enable or disable the stats plugin
+Enabled = true
+
+# -----------------------------------------------------------------------------
+# STORAGE SETTINGS
+# -----------------------------------------------------------------------------
+[Storage]
+# TTL for stats entries
+# Format: "30d", "24h", "1h", etc.
+StatsTTL = "30d"
+
+# -----------------------------------------------------------------------------
+# WEB UI SETTINGS
+# -----------------------------------------------------------------------------
+[WebUI]
+# Path for stats UI
+StatsUIPath = "/stats"
+
+# Path for stats API
+StatsAPIPath = "/stats/api"