update readme and add badge
This commit is contained in:
parent
a1110841f3
commit
124c004856
102
README.md
102
README.md
|
@ -1,4 +1,4 @@
|
|||
# Protection Against Web Scrapers (PAWS)
|
||||
# Protection Against Web Scrapers (PAWS) ![PAWS logo](https://git.barkshark.xyz/izaliamae/paws/raw/branch/master/paws/templates/media/logo.png "PAWS logo")
|
||||
|
||||
Web proxy for Mastodon that puts public profiles behind an auth layer.
|
||||
|
||||
|
@ -19,6 +19,8 @@ data/production.env:
|
|||
```
|
||||
# Path to mastodon instance. Defaults to current working dir
|
||||
MASTOPATH=/home/mastodon/glitch-soc
|
||||
|
||||
# The address to mastodon
|
||||
MASTOHOST=localhost:3000
|
||||
|
||||
# Listen address and port for PAWS. Can safely be ignored if running on same host as web server
|
||||
|
@ -32,6 +34,8 @@ PAWS_DOMAIN=bappypaws.example.com
|
|||
Extra environment variables (cannot be put in production.env):
|
||||
- LOGDATE: boolean (default: yes). Set to no to remove access times from the console log
|
||||
|
||||
If Mastodon is on a different host, you'll have to copy Mastodon's .env.production to the working directory or mount the Mastodon directory to make it accessible to PAWS
|
||||
|
||||
### Caddy
|
||||
|
||||
Append this to caddy's mastodon config:
|
||||
|
@ -57,9 +61,103 @@ proxy /auth localhost:3001 {
|
|||
}
|
||||
```
|
||||
|
||||
Config for PAWS domain:
|
||||
|
||||
```
|
||||
paws.bappypaws.example.com {
|
||||
proxy / localhost:3001 {
|
||||
transparent
|
||||
}
|
||||
}
|
||||
```
|
||||
|
||||
### Nginx
|
||||
|
||||
Coming soon. Convert caddy's config to nginx format if you know how for now
|
||||
Append this to the mastodon config (Thanks to [@finkeldoodle@transfur.online](https://transfur.online/@frinkeldoodle) for the conversion)
|
||||
|
||||
```
|
||||
## Note: Order of location blocks is IMPORTANT.
|
||||
## Nginx matches longest non-regex location block, then **FIRST** matching regex block takes preference.
|
||||
## (regex blocks are ones with ~ or ~* before the path)
|
||||
|
||||
## This file is designed to be dropped into the Mastodon server block, probably before all the location blocks.
|
||||
|
||||
## If starts with /users, ends with inbox, bypass filter
|
||||
location ~* ^/users[\s\S]*inbox {
|
||||
try_files $uri @proxy;
|
||||
}
|
||||
|
||||
## If starts with /users, /@, or /paws, enter filter
|
||||
location ~* ^/(users|@|paws) {
|
||||
try_files '' @paws;
|
||||
}
|
||||
|
||||
|
||||
location @paws {
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto https;
|
||||
proxy_set_header Proxy "";
|
||||
proxy_pass_header Server;
|
||||
|
||||
proxy_pass http://localhost:3001;
|
||||
}
|
||||
```
|
||||
|
||||
Config for PAWS domain:
|
||||
|
||||
```
|
||||
server {
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
server_name paws.bappypaws.example.com;
|
||||
root /home/mastodon/live/public;
|
||||
location /.well-known/acme-challenge/ { allow all; }
|
||||
location / { return 301 https://$host$request_uri; }
|
||||
}
|
||||
|
||||
server {
|
||||
listen 443 ssl http2;
|
||||
listen [::]:443 ssl http2;
|
||||
server_name paws.bappypaws.example.com;
|
||||
|
||||
ssl_protocols TLSv1.2 TLSv1.3;
|
||||
ssl_ciphers HIGH:!MEDIUM:!LOW:!aNULL:!NULL:!SHA;
|
||||
ssl_prefer_server_ciphers on;
|
||||
ssl_session_cache shared:SSL:10m;
|
||||
|
||||
# Uncomment these lines once you acquire a certificate:
|
||||
# ssl_certificate /etc/letsencrypt/live/paws.bappypaws.example.com/fullchain.pem;
|
||||
# ssl_certificate_key /etc/letsencrypt/live/paws.bappypaws.example.com/privkey.pem;
|
||||
|
||||
keepalive_timeout 70;
|
||||
sendfile on;
|
||||
client_max_body_size 80m;
|
||||
|
||||
gzip on;
|
||||
gzip_disable "msie6";
|
||||
gzip_vary on;
|
||||
gzip_proxied any;
|
||||
gzip_comp_level 6;
|
||||
gzip_buffers 16 8k;
|
||||
gzip_http_version 1.1;
|
||||
gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
|
||||
|
||||
add_header Strict-Transport-Security "max-age=31536000";
|
||||
|
||||
location / {
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto https;
|
||||
proxy_set_header Proxy "";
|
||||
proxy_pass_header Server;
|
||||
|
||||
proxy_pass http://localhost:3001;
|
||||
}
|
||||
}
|
||||
```
|
||||
|
||||
### Mastodon
|
||||
|
||||
|
|
|
@ -83,6 +83,7 @@ async def start_webserver():
|
|||
|
||||
logging.info(f'Starting webserver at socket: {sock_listen}')
|
||||
site = aiohttp.web.UnixSite(runner, sock_listen)
|
||||
os.chmod(sock_listen, 0o664)
|
||||
|
||||
else:
|
||||
logging.error('Windows cannot use unix sockets. Use an IP address instead. Exiting...')
|
||||
|
@ -93,15 +94,15 @@ async def start_webserver():
|
|||
address(listen)
|
||||
|
||||
except ValueError:
|
||||
logging.warning('Invalid IP address. Listening on "0.0.0.0" instead.')
|
||||
logging.warning('Invalid IP address. Listening on "127.0.0.1" instead.')
|
||||
listen = '127.0.0.1'
|
||||
|
||||
try:
|
||||
int(port)
|
||||
|
||||
except ValueError:
|
||||
logging.warning('Invalid port. Using 3621 instead.')
|
||||
port = 3621
|
||||
logging.warning('Invalid port. Using 3001 instead.')
|
||||
port = 3001
|
||||
|
||||
logging.info(f'Starting webserver at address: {listen}:{port}')
|
||||
site = aiohttp.web.TCPSite(runner, listen, port)
|
||||
|
|
162
paws/templates/components/badge.svg
Normal file
162
paws/templates/components/badge.svg
Normal file
|
@ -0,0 +1,162 @@
|
|||
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
|
||||
<!-- Created with Inkscape (http://www.inkscape.org/) -->
|
||||
|
||||
<svg
|
||||
xmlns:dc="http://purl.org/dc/elements/1.1/"
|
||||
xmlns:cc="http://creativecommons.org/ns#"
|
||||
xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
|
||||
xmlns:svg="http://www.w3.org/2000/svg"
|
||||
xmlns="http://www.w3.org/2000/svg"
|
||||
xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
|
||||
xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
|
||||
width="300"
|
||||
height="400"
|
||||
viewBox="0 0 79.374999 105.83333"
|
||||
version="1.1"
|
||||
id="svg8"
|
||||
inkscape:version="0.92.4 (5da689c313, 2019-01-14)"
|
||||
sodipodi:docname="logo.svg"
|
||||
inkscape:export-filename="/home/zoey/Desktop/logo.svg.png"
|
||||
inkscape:export-xdpi="96"
|
||||
inkscape:export-ydpi="96">
|
||||
<title
|
||||
id="title817">Gently Protected by PAWS</title>
|
||||
<defs
|
||||
id="defs2" />
|
||||
<sodipodi:namedview
|
||||
id="base"
|
||||
pagecolor="#ffffff"
|
||||
bordercolor="#666666"
|
||||
borderopacity="1.0"
|
||||
inkscape:pageopacity="0.0"
|
||||
inkscape:pageshadow="2"
|
||||
inkscape:zoom="1.4142136"
|
||||
inkscape:cx="-9.008941"
|
||||
inkscape:cy="193.715"
|
||||
inkscape:document-units="mm"
|
||||
inkscape:current-layer="svg8"
|
||||
showgrid="true"
|
||||
guidetolerance="10000"
|
||||
units="px"
|
||||
inkscape:window-width="1280"
|
||||
inkscape:window-height="972"
|
||||
inkscape:window-x="0"
|
||||
inkscape:window-y="27"
|
||||
inkscape:window-maximized="1"
|
||||
inkscape:snap-text-baseline="true">
|
||||
<inkscape:grid
|
||||
type="xygrid"
|
||||
id="grid815" />
|
||||
</sodipodi:namedview>
|
||||
<metadata
|
||||
id="metadata5">
|
||||
<rdf:RDF>
|
||||
<cc:Work
|
||||
rdf:about="">
|
||||
<dc:format>image/svg+xml</dc:format>
|
||||
<dc:type
|
||||
rdf:resource="http://purl.org/dc/dcmitype/StillImage" />
|
||||
<dc:title>Gently Protected by PAWS</dc:title>
|
||||
<cc:license
|
||||
rdf:resource="http://creativecommons.org/licenses/by-nc-sa/4.0/" />
|
||||
</cc:Work>
|
||||
<cc:License
|
||||
rdf:about="http://creativecommons.org/licenses/by-nc-sa/4.0/">
|
||||
<cc:permits
|
||||
rdf:resource="http://creativecommons.org/ns#Reproduction" />
|
||||
<cc:permits
|
||||
rdf:resource="http://creativecommons.org/ns#Distribution" />
|
||||
<cc:requires
|
||||
rdf:resource="http://creativecommons.org/ns#Notice" />
|
||||
<cc:requires
|
||||
rdf:resource="http://creativecommons.org/ns#Attribution" />
|
||||
<cc:prohibits
|
||||
rdf:resource="http://creativecommons.org/ns#CommercialUse" />
|
||||
<cc:permits
|
||||
rdf:resource="http://creativecommons.org/ns#DerivativeWorks" />
|
||||
<cc:requires
|
||||
rdf:resource="http://creativecommons.org/ns#ShareAlike" />
|
||||
</cc:License>
|
||||
</rdf:RDF>
|
||||
</metadata>
|
||||
<g
|
||||
inkscape:label="Layer 1"
|
||||
id="layer1"
|
||||
transform="translate(0,-191.16667)"
|
||||
inkscape:groupmode="layer">
|
||||
<rect
|
||||
style="fill:#2b0b1a;fill-opacity:1;stroke-width:0.26458332;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;paint-order:markers fill stroke"
|
||||
id="rect823"
|
||||
width="79.375"
|
||||
height="105.83333"
|
||||
x="0"
|
||||
y="191.16667"
|
||||
ry="15.874998" />
|
||||
<path
|
||||
style="fill:#5f0029;fill-opacity:0.99719891;stroke:#000000;stroke-width:0;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
|
||||
d="m 0,204.39584 c 3.1481224,75.36347 79.375466,35.7162 79.375,35.71875 l 0.02339,41.00745 C 79.407325,296.79004 63.5,297 63.5,297 H 15.875 C 0,297 0,281.125 0,281.125 v -76.72916"
|
||||
id="path825"
|
||||
inkscape:connector-curvature="0"
|
||||
sodipodi:nodetypes="ccscscc" />
|
||||
</g>
|
||||
<g
|
||||
inkscape:label="logo"
|
||||
id="paw_logo"
|
||||
transform="translate(0,-244.08334)"
|
||||
inkscape:groupmode="layer"
|
||||
style="display:inline">
|
||||
<circle
|
||||
id="pawpad"
|
||||
cx="39.026043"
|
||||
cy="280.46356"
|
||||
r="13.229166"
|
||||
style="fill:#ffebeb;fill-opacity:1;stroke-width:0.26458332" />
|
||||
<circle
|
||||
id="toebean1"
|
||||
cx="31.088533"
|
||||
cy="259.29691"
|
||||
r="5.2916665"
|
||||
style="fill:#ffebeb;fill-opacity:1;stroke-width:0.26458332" />
|
||||
<circle
|
||||
id="toebean2"
|
||||
cx="46.963547"
|
||||
cy="259.29691"
|
||||
r="5.2916665"
|
||||
style="fill:#ffebeb;fill-opacity:1;stroke-width:0.26458332" />
|
||||
<circle
|
||||
id="tobean3"
|
||||
cx="59.134399"
|
||||
cy="269.88037"
|
||||
r="5.2916665"
|
||||
style="display:inline;fill:#ffebeb;fill-opacity:1;stroke-width:0.26458332" />
|
||||
<circle
|
||||
id="toebean4"
|
||||
cx="18.917707"
|
||||
cy="269.88037"
|
||||
r="5.2916665"
|
||||
style="display:inline;fill:#ffebeb;fill-opacity:1;stroke-width:0.26458332" />
|
||||
</g>
|
||||
<flowRoot
|
||||
xml:space="preserve"
|
||||
id="textContainer"
|
||||
style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;font-size:40.47038651px;line-height:1.25;font-family:sans-serif;-inkscape-font-specification:'sans-serif, Bold';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-feature-settings:normal;text-align:start;letter-spacing:0px;word-spacing:0px;writing-mode:lr-tb;text-anchor:start;display:inline;fill:#f5f5f5;fill-opacity:1;stroke:none"
|
||||
transform="matrix(0.2966959,0,0,0.28422717,-4.0751446,-2.6908806)"
|
||||
inkscape:label="text"><flowRegion
|
||||
id="text"
|
||||
style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;font-size:40.47038651px;font-family:sans-serif;-inkscape-font-specification:'sans-serif, Bold';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-feature-settings:normal;text-align:start;writing-mode:lr-tb;text-anchor:start;fill:#f5f5f5;fill-opacity:1"><rect
|
||||
id="rect4533"
|
||||
width="235"
|
||||
height="150"
|
||||
x="30"
|
||||
y="225"
|
||||
style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;font-size:40.47038651px;font-family:sans-serif;-inkscape-font-specification:'sans-serif, Bold';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-feature-settings:normal;text-align:start;writing-mode:lr-tb;text-anchor:start;fill:#f5f5f5;fill-opacity:1" /></flowRegion><flowPara
|
||||
id="gently"
|
||||
style="text-align:center">Gently</flowPara><flowPara
|
||||
id="secured"
|
||||
style="text-align:center">Secured</flowPara><flowPara
|
||||
id="byPAWS"
|
||||
style="text-align:center">by PAWS</flowPara></flowRoot> <g
|
||||
inkscape:groupmode="layer"
|
||||
id="layer4"
|
||||
inkscape:label="text" />
|
||||
</svg>
|
After Width: | Height: | Size: 6.4 KiB |
|
@ -24,7 +24,7 @@
|
|||
</rdf:RDF>
|
||||
</metadata>
|
||||
<g
|
||||
inkscape:label="Layer 1"
|
||||
inkscape:label="logo"
|
||||
inkscape:groupmode="layer"
|
||||
id="paw_logo"
|
||||
transform="translate(0,-244.08334)">
|
||||
|
|
Before Width: | Height: | Size: 1.4 KiB After Width: | Height: | Size: 1.4 KiB |
BIN
paws/templates/media/badge.png
Normal file
BIN
paws/templates/media/badge.png
Normal file
Binary file not shown.
After Width: | Height: | Size: 25 KiB |
BIN
paws/templates/media/logo-small.png
Normal file
BIN
paws/templates/media/logo-small.png
Normal file
Binary file not shown.
After Width: | Height: | Size: 944 B |
BIN
paws/templates/media/logo.png
Normal file
BIN
paws/templates/media/logo.png
Normal file
Binary file not shown.
After Width: | Height: | Size: 2.6 KiB |
|
@ -1,5 +1,5 @@
|
|||
exec = ./server.py
|
||||
watch_ext = py, env
|
||||
ignore_dirs = build, data
|
||||
ignore_files = reload.py, test.py
|
||||
ignore_files = reload.py, test.py, heck.py
|
||||
log_level = INFO
|
||||
|
|
Loading…
Reference in a new issue