Compare commits
8 Commits
tls-entrie
...
build-test
| Author | SHA1 | Date | |
|---|---|---|---|
158462136b
|
|||
|
458022b3c2
|
|||
|
e1a318bc38 | ||
|
|
8323536e84 | ||
|
|
99ddb2b62b | ||
|
|
e4e5b0bc5d | ||
|
|
057bca753d | ||
|
d1d80c5078 |
@@ -22,8 +22,8 @@ local Build(mirror, go, alpine, os, arch) = {
|
||||
"apk update",
|
||||
"apk add --no-cache git",
|
||||
"mkdir .bin",
|
||||
"go build -v -pgo=auto -v -trimpath -ldflags=-buildid= -o ./.bin/go-away ./cmd/go-away",
|
||||
"go build -v -o ./.bin/test-wasm-runtime ./cmd/test-wasm-runtime",
|
||||
"go build -v -pgo=auto -v -trimpath -ldflags='-buildid= -bindnow' -buildmode pie -o ./.bin/go-away ./cmd/go-away",
|
||||
"go build -v -trimpath -ldflags='-buildid= -bindnow' -buildmode pie -o ./.bin/test-wasm-runtime ./cmd/test-wasm-runtime",
|
||||
],
|
||||
},
|
||||
{
|
||||
|
||||
20
.drone.yml
20
.drone.yml
@@ -14,8 +14,10 @@ steps:
|
||||
- apk update
|
||||
- apk add --no-cache git
|
||||
- mkdir .bin
|
||||
- go build -v -pgo=auto -v -trimpath -ldflags=-buildid= -o ./.bin/go-away ./cmd/go-away
|
||||
- go build -v -o ./.bin/test-wasm-runtime ./cmd/test-wasm-runtime
|
||||
- go build -v -pgo=auto -v -trimpath -ldflags='-buildid= -bindnow' -buildmode pie
|
||||
-o ./.bin/go-away ./cmd/go-away
|
||||
- go build -v -trimpath -ldflags='-buildid= -bindnow' -buildmode pie -o ./.bin/test-wasm-runtime
|
||||
./cmd/test-wasm-runtime
|
||||
image: golang:1.24-alpine3.21
|
||||
mirror: https://mirror.gcr.io
|
||||
name: build
|
||||
@@ -86,8 +88,10 @@ steps:
|
||||
- apk update
|
||||
- apk add --no-cache git
|
||||
- mkdir .bin
|
||||
- go build -v -pgo=auto -v -trimpath -ldflags=-buildid= -o ./.bin/go-away ./cmd/go-away
|
||||
- go build -v -o ./.bin/test-wasm-runtime ./cmd/test-wasm-runtime
|
||||
- go build -v -pgo=auto -v -trimpath -ldflags='-buildid= -bindnow' -buildmode pie
|
||||
-o ./.bin/go-away ./cmd/go-away
|
||||
- go build -v -trimpath -ldflags='-buildid= -bindnow' -buildmode pie -o ./.bin/test-wasm-runtime
|
||||
./cmd/test-wasm-runtime
|
||||
image: golang:1.24-alpine3.21
|
||||
mirror: https://mirror.gcr.io
|
||||
name: build
|
||||
@@ -158,8 +162,10 @@ steps:
|
||||
- apk update
|
||||
- apk add --no-cache git
|
||||
- mkdir .bin
|
||||
- go build -v -pgo=auto -v -trimpath -ldflags=-buildid= -o ./.bin/go-away ./cmd/go-away
|
||||
- go build -v -o ./.bin/test-wasm-runtime ./cmd/test-wasm-runtime
|
||||
- go build -v -pgo=auto -v -trimpath -ldflags='-buildid= -bindnow' -buildmode pie
|
||||
-o ./.bin/go-away ./cmd/go-away
|
||||
- go build -v -trimpath -ldflags='-buildid= -bindnow' -buildmode pie -o ./.bin/test-wasm-runtime
|
||||
./cmd/test-wasm-runtime
|
||||
image: golang:1.24-alpine3.21
|
||||
mirror: https://mirror.gcr.io
|
||||
name: build
|
||||
@@ -503,6 +509,6 @@ trigger:
|
||||
type: docker
|
||||
---
|
||||
kind: signature
|
||||
hmac: df53e4ea6f1c47df4d2a3f89b931b8513e83daa9c6c15baba2662d8112a721c8
|
||||
hmac: 9a3872c0b58810924c4342c9dbd338e16da20631c9a0848e3abd2bf6773f9ba6
|
||||
|
||||
...
|
||||
|
||||
71
.gitea/workflows/build.yaml
Normal file
71
.gitea/workflows/build.yaml
Normal file
@@ -0,0 +1,71 @@
|
||||
---
|
||||
name: CI/CD Pipeline
|
||||
on:
|
||||
push:
|
||||
branches: [master, build-test]
|
||||
pull_request:
|
||||
release:
|
||||
types: [published]
|
||||
workflow_dispatch:
|
||||
jobs:
|
||||
build:
|
||||
runs-on: ubuntu-latest
|
||||
strategy:
|
||||
matrix:
|
||||
architecture: [amd64, arm64]
|
||||
steps:
|
||||
- name: Checkout code
|
||||
uses: actions/checkout@v2
|
||||
- name: Set up Go
|
||||
uses: actions/setup-go@v2
|
||||
with:
|
||||
go-version: '1.24'
|
||||
- name: Install dependencies
|
||||
run: |
|
||||
sudo apt-get update
|
||||
sudo apt-get install -y git
|
||||
- name: Build go-away
|
||||
run: |
|
||||
mkdir .bin
|
||||
go build -v -pgo=auto -v -trimpath -ldflags='-buildid= -bindnow' -buildmode pie -o ./.bin/go-away ./cmd/go-away
|
||||
go build -v -trimpath -ldflags='-buildid= -bindnow' -buildmode pie -o ./.bin/test-wasm-runtime ./cmd/test-wasm-runtime
|
||||
- name: Check policy for Forgejo
|
||||
run: |
|
||||
./.bin/go-away --check --slog-level DEBUG --backend example.com=http://127.0.0.1:80 --policy examples/forgejo.yml --policy-snippets examples/snippets/
|
||||
- name: Check policy for Generic
|
||||
run: |
|
||||
./.bin/go-away --check --slog-level DEBUG --backend example.com=http://127.0.0.1:80 --policy examples/generic.yml --policy-snippets examples/snippets/
|
||||
- name: Check policy for SPA
|
||||
run: |
|
||||
./.bin/go-away --check --slog-level DEBUG --backend example.com=http://127.0.0.1:80 --policy examples/spa.yml --policy-snippets examples/snippets/
|
||||
- name: Test WASM Runtime Success
|
||||
run: |
|
||||
./.bin/test-wasm-runtime -wasm ./embed/challenge/js-pow-sha256/runtime/runtime.wasm -make-challenge ./embed/challenge/js-pow-sha256/test/make-challenge.json -make-challenge-out ./embed/challenge/js-pow-sha256/test/make-challenge-out.json -verify-challenge ./embed/challenge/js-pow-sha256/test/verify-challenge.json -verify-challenge-out 0
|
||||
- name: Test WASM Runtime Fail
|
||||
run: |
|
||||
./.bin/test-wasm-runtime -wasm ./embed/challenge/js-pow-sha256/runtime/runtime.wasm -make-challenge ./embed/challenge/js-pow-sha256/test/make-challenge.json -make-challenge-out ./embed/challenge/js-pow-sha256/test/make-challenge-out.json -verify-challenge ./embed/challenge/js-pow-sha256/test/verify-challenge-fail.json -verify-challenge-out 1
|
||||
publish:
|
||||
runs-on: ubuntu-latest
|
||||
needs: build
|
||||
if: github.ref == 'refs/heads/master' || startsWith(github.ref, 'refs/tags/')
|
||||
steps:
|
||||
- name: Checkout code
|
||||
uses: actions/checkout@v2
|
||||
- name: Set up Docker Buildx
|
||||
uses: docker/setup-buildx-action@v3
|
||||
- name: Log in to Git Forge registry
|
||||
uses: docker/login-action@v3
|
||||
with:
|
||||
registry: git.projectsegfau.lt
|
||||
username: ${{ secrets.GIT_USERNAME }}
|
||||
password: ${{ secrets.GIT_TOKEN }}
|
||||
- name: Build and push Docker images
|
||||
env:
|
||||
SOURCE_DATE_EPOCH: 0
|
||||
TZ: UTC
|
||||
run: |-
|
||||
docker buildx build \
|
||||
--platform linux/amd64,linux/arm64,linux/riscv64 \
|
||||
--tag git.projectsegfau.lt/${{ secrets.GIT_USERNAME }}/go-away:latest \
|
||||
--push \
|
||||
.
|
||||
17
Dockerfile
17
Dockerfile
@@ -24,18 +24,26 @@ ENV CGO_ENABLED=0
|
||||
ENV GOOS=${TARGETOS}
|
||||
ENV GOARCH=${TARGETARCH}
|
||||
ENV GOTOOLCHAIN=${GOTOOLCHAIN}
|
||||
ENV BUILDMODE=pie
|
||||
|
||||
# riscv64 requires GCC for pie buildmode
|
||||
# see https://github.com/golang/go/issues/64875
|
||||
RUN if [[ "$GOARCH" == "riscv64" ]]; then export BUILDMODE=exe; fi && \
|
||||
go build -v \
|
||||
-pgo=auto \
|
||||
-trimpath -ldflags='-buildid= -bindnow' -buildmode $BUILDMODE \
|
||||
-o "${GOBIN}/go-away" ./cmd/go-away
|
||||
|
||||
RUN go build -pgo=auto -v -trimpath -ldflags=-buildid= -o "${GOBIN}/go-away" ./cmd/go-away
|
||||
RUN test -e "${GOBIN}/go-away"
|
||||
|
||||
|
||||
FROM --platform=$TARGETPLATFORM ${from}
|
||||
FROM ${from}
|
||||
|
||||
COPY --from=build /go/bin/go-away /bin/go-away
|
||||
COPY examples/snippets/ /snippets/
|
||||
COPY docker-entrypoint.sh /
|
||||
|
||||
ENV TZ UTC
|
||||
ENV TZ=UTC
|
||||
|
||||
ENV GOAWAY_METRICS_BIND=""
|
||||
ENV GOAWAY_DEBUG_BIND=""
|
||||
@@ -52,7 +60,6 @@ ENV GOAWAY_CHALLENGE_TEMPLATE_LOGO=""
|
||||
ENV GOAWAY_SLOG_LEVEL="WARN"
|
||||
ENV GOAWAY_CLIENT_IP_HEADER=""
|
||||
ENV GOAWAY_BACKEND_IP_HEADER=""
|
||||
ENV GOAWAY_JWT_PRIVATE_KEY_SEED=""
|
||||
ENV GOAWAY_BACKEND=""
|
||||
ENV GOAWAY_ACME_AUTOCERT=""
|
||||
ENV GOAWAY_CACHE="/cache"
|
||||
@@ -63,6 +70,6 @@ EXPOSE 8080/udp
|
||||
EXPOSE 9090/tcp
|
||||
EXPOSE 6060/tcp
|
||||
|
||||
ENV JWT_PRIVATE_KEY_SEED="${GOAWAY_JWT_PRIVATE_KEY_SEED}"
|
||||
# Use GOAWAY_JWT_PRIVATE_KEY_SEED or JWT_PRIVATE_KEY_SEED secret mount to expose this value to docker
|
||||
|
||||
ENTRYPOINT ["/docker-entrypoint.sh"]
|
||||
|
||||
@@ -9,18 +9,17 @@ mkdir -p .bin/ 2>/dev/null
|
||||
|
||||
# Setup tinygo first
|
||||
if [[ ! -d .bin/tinygo ]]; then
|
||||
git clone --depth=1 --branch v0.37.0 https://github.com/tinygo-org/tinygo.git .bin/tinygo
|
||||
git clone --depth=1 --branch v0.38.0 https://github.com/tinygo-org/tinygo.git .bin/tinygo
|
||||
pushd .bin/tinygo
|
||||
git submodule update --init --recursive
|
||||
|
||||
go mod download -x && go mod verify
|
||||
|
||||
make binaryen STATIC=1
|
||||
make wasi-libc
|
||||
|
||||
make llvm-source
|
||||
make llvm-build
|
||||
|
||||
make binaryen STATIC=1
|
||||
|
||||
make build/release
|
||||
else
|
||||
pushd .bin/tinygo
|
||||
|
||||
@@ -154,7 +154,9 @@ func main() {
|
||||
var seed []byte
|
||||
|
||||
var kValue string
|
||||
if kValue = os.Getenv("JWT_PRIVATE_KEY_SEED"); kValue != "" {
|
||||
if kValue = os.Getenv("GOAWAY_JWT_PRIVATE_KEY_SEED"); kValue != "" {
|
||||
// prefer first
|
||||
} else if kValue = os.Getenv("JWT_PRIVATE_KEY_SEED"); kValue != "" {
|
||||
|
||||
} else if *jwtPrivateKeySeed != "" {
|
||||
kValue = *jwtPrivateKeySeed
|
||||
|
||||
Binary file not shown.
62
embed/templates/challenge-redlib.gohtml
Normal file
62
embed/templates/challenge-redlib.gohtml
Normal file
@@ -0,0 +1,62 @@
|
||||
<!DOCTYPE html>
|
||||
<html lang="en" class="fixed_navbar">
|
||||
<head>
|
||||
<title>{{ .Title }}</title>
|
||||
<meta charset="UTF-8" />
|
||||
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
||||
{{ range .MetaTags }}
|
||||
<meta {{ range $key, $value := . }}{{ $key | attr }}="{{ $value }}" {{end}}/>
|
||||
{{ end }}
|
||||
{{ range .LinkTags }}
|
||||
<link {{ range $key, $value := . }}{{ $key | attr }}="{{ $value }}" {{end}}/>
|
||||
{{ end }}
|
||||
{{ range .HeaderTags }}
|
||||
{{ . }}
|
||||
{{ end }}
|
||||
<link rel="stylesheet" type="text/css" href="/style.css?v=0.36.0">
|
||||
</head>
|
||||
|
||||
<body class="fixed_navbar">
|
||||
<!-- NAVIGATION BAR -->
|
||||
<nav class="fixed_navbar">
|
||||
<div id="logo">
|
||||
<a id="redlib" href="/"><span id="red">red</span><span id="lib">lib.</span></a>
|
||||
</div>
|
||||
</nav>
|
||||
|
||||
<!-- MAIN CONTENT -->
|
||||
<main>
|
||||
<div id="error">
|
||||
<h1 id="status">Please wait while we verify you aren't a robot!</h1>
|
||||
|
||||
{{ if .Challenge }}
|
||||
<h3 id="status">{{ .Strings.Get "status_loading_challenge" }} : {{.Challenge }}...</h3>
|
||||
{{ else if .Error }}
|
||||
<h3 id="status">{{ .Strings.Get "status_error" }} {{ .Error }}</h3>
|
||||
{{ else }}
|
||||
<h3 id="status">{{ .Strings.Get "status_loading" }}</h3>
|
||||
{{ end }}
|
||||
<details style="padding-top: 5px;">
|
||||
<summary>{{ .Strings.Get "details_title" }}</summary>
|
||||
|
||||
{{.Strings.Get "details_text"}}
|
||||
</details>
|
||||
{{ if .Redirect }}
|
||||
<h3><a href="{{ .Redirect }}">{{ .Strings.Get "button_refresh_page" }}</a></h3>
|
||||
</div>
|
||||
{{ end }}
|
||||
{{if .EndTags }}
|
||||
<noscript>
|
||||
{{ .Strings.Get "noscript_warning" }}
|
||||
</noscript>
|
||||
{{end}}
|
||||
</main>
|
||||
|
||||
<!-- FOOTER -->
|
||||
<footer>
|
||||
<div class="footer-buttons">
|
||||
<p><small>{{ .Strings.Get "details_contact_admin_with_request_id" }}: <em>{{ .Id }}</em></small></p>
|
||||
</div>
|
||||
</footer>
|
||||
</body>
|
||||
</html>
|
||||
@@ -368,7 +368,7 @@ func (d *RequestData) RequestHeaders(headers http.Header) {
|
||||
}
|
||||
}
|
||||
|
||||
if ja4, ok := d.fp["fp4"]; ok {
|
||||
if ja4, ok := d.fp["ja4"]; ok {
|
||||
headers.Set("X-TLS-Fingerprint-JA4", ja4)
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user