ProjectSegfault/go-away
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add packages / actions API and tools to forgejo example

Browse Source
This commit is contained in:
WeebDataHoarder
2025-04-07 08:56:09 +02:00
parent 02f3c1cb19
commit 40aa9709ea
1 changed files with 23 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
examples/forgejo.yml
View File

@@ -149,7 +149,7 @@ challenges:
# url: http://forgejo:3000/notifications/new # url: http://forgejo:3000/notifications/new
parameters: parameters:
http-method: GET http-method: GET
http-cookie: gammaspectra_session http-cookie: i_like_gitea
http-code: 200 http-code: 200
# todo: archive value of session within token to bind it # todo: archive value of session within token to bind it
@@ -176,15 +176,16 @@ conditions:
- 'path.startsWith("/repo-avatars/")' - 'path.startsWith("/repo-avatars/")'
- 'path.startsWith("/avatars/")' - 'path.startsWith("/avatars/")'
- 'path.startsWith("/avatar/")' - 'path.startsWith("/avatar/")'
- 'path.startsWith("/user/avatar/")'
- 'path.startsWith("/attachments/")' - 'path.startsWith("/attachments/")'
is-git-ua: is-git-ua:
- 'userAgent.startsWith("git/")' - 'userAgent.startsWith("git/") || userAgent.contains("libgit")'
- 'userAgent.startsWith("go-git")' - 'userAgent.startsWith("go-git")'
- 'userAgent.startsWith("JGit/") || userAgent.startsWith("JGit-")' - 'userAgent.startsWith("JGit/") || userAgent.startsWith("JGit-")'
# Golang proxy and initial fetch # Golang proxy and initial fetch
- 'userAgent.startsWith("GoModuleMirror/")' - 'userAgent.startsWith("GoModuleMirror/")'
- 'userAgent.startsWith("Go-http-client/") && "go-get" in query && query["go-get"] == "1" && (path.matches("^/[^/]+/[^/]+$") || path.matches("^/[^/]+/[^/]+/v[0-9]+$"))' - 'userAgent.startsWith("Go-http-client/") && "go-get" in query && query["go-get"] == "1"'
is-git-path: is-git-path:
- 'path.matches("^/[^/]+/[^/]+/(git-upload-pack|git-receive-pack|HEAD|info/refs|info/lfs|objects)")' - 'path.matches("^/[^/]+/[^/]+/(git-upload-pack|git-receive-pack|HEAD|info/refs|info/lfs|objects)")'
@@ -235,7 +236,7 @@ conditions:
# any search with a custom query # any search with a custom query
- '"q" in query && query.q != ""' - '"q" in query && query.q != ""'
# user activity tab # user activity tab
- 'path.matches("^/[^/]") && "tab" in query && query.tab == "activity"' - 'path.matches("^/[^/]+$") && "tab" in query && query.tab == "activity"'
# Rules and conditions are served this environment # Rules and conditions are served this environment
# remoteAddress (net.IP) - Connecting client remote address from headers or properties # remoteAddress (net.IP) - Connecting client remote address from headers or properties
@@ -280,6 +281,8 @@ rules:
- 'userAgent.contains("GPTBot") || userAgent.contains("OAI-SearchBot") || userAgent.contains("ChatGPT-User")' - 'userAgent.contains("GPTBot") || userAgent.contains("OAI-SearchBot") || userAgent.contains("ChatGPT-User")'
# Other AI crawlers # Other AI crawlers
- 'userAgent.contains("Amazonbot") || userAgent.contains("Google-Extended") || userAgent.contains("PanguBot") || userAgent.contains("AI2Bot") || userAgent.contains("Diffbot") || userAgent.contains("cohere-training-data-crawler") || userAgent.contains("Applebot-Extended")' - 'userAgent.contains("Amazonbot") || userAgent.contains("Google-Extended") || userAgent.contains("PanguBot") || userAgent.contains("AI2Bot") || userAgent.contains("Diffbot") || userAgent.contains("cohere-training-data-crawler") || userAgent.contains("Applebot-Extended")'
# SEO / Ads and marketing
- 'userAgent.contains("BLEXBot")'
action: poison action: poison
- name: unknown-crawlers - name: unknown-crawlers
@@ -334,7 +337,7 @@ rules:
- 'path == "/sitemap.xml" || path.matches("^/explore/(users|repos)/sitemap-[0-9]+\\.xml$")' - 'path == "/sitemap.xml" || path.matches("^/explore/(users|repos)/sitemap-[0-9]+\\.xml$")'
action: pass action: pass
# TODO: rss # TODO: rss
- name: api-call - name: api-call
conditions: conditions:
@@ -347,9 +350,14 @@ rules:
- 'path == "/user/events"' - 'path == "/user/events"'
- 'path == "/ssh_info"' - 'path == "/ssh_info"'
- 'path == "/api/healthz"' - 'path == "/api/healthz"'
# actions
- 'path.startsWith("/api/actions/") || path.startsWith("/api/actions_pipeline/")'
# user pubkeys # user pubkeys
- 'path.matches("^/[^/]+\\.keys$")' - 'path.matches("^/[^/]+\\.keys$")'
- 'path.matches("^/[^/]+\\.gpg")' - 'path.matches("^/[^/]+\\.gpg")'
# OCI packages API and package managers
- 'path.startsWith("/api/packages/") || path == "/api/packages"'
- 'path.startsWith("/v2/") || path == "/v2"'
action: pass action: pass
- name: preview-fetchers - name: preview-fetchers
@@ -374,6 +382,7 @@ rules:
conditions: conditions:
- 'path == "/"' - 'path == "/"'
# generic /*/*/ match gave too many options for scrapers to trigger random endpoints # generic /*/*/ match gave too many options for scrapers to trigger random endpoints
# todo: create negative match?
- 'path.matches("(?i)^/(WeebDataHoarder|P2Pool|mirror|git|S\\.O\\.N\\.G|FM10K|Sillycom|pwgen2155|kaitou|metonym)/[^/]+$")' - 'path.matches("(?i)^/(WeebDataHoarder|P2Pool|mirror|git|S\\.O\\.N\\.G|FM10K|Sillycom|pwgen2155|kaitou|metonym)/[^/]+$")'
action: pass action: pass
@@ -409,6 +418,15 @@ rules:
conditions: conditions:
- '!(method == "HEAD" || method == "GET")' - '!(method == "HEAD" || method == "GET")'
- name: standard-tools
action: challenge
challenges: [self-meta-refresh]
conditions:
- '($is-generic-robot-ua)'
- '($is-tool-ua)'
- name: standard-browser - name: standard-browser
action: challenge action: challenge
challenges: [http-cookie-check, self-meta-refresh, self-resource-load, js-pow-sha256] challenges: [http-cookie-check, self-meta-refresh, self-resource-load, js-pow-sha256]