update readme and add badge

README.md

@@ -1,4 +1,4 @@
-# Protection Against Web Scrapers (PAWS)
+# Protection Against Web Scrapers (PAWS) ![PAWS logo](https://git.barkshark.xyz/izaliamae/paws/raw/branch/master/paws/templates/media/logo.png "PAWS logo")
 
 Web proxy for Mastodon that puts public profiles behind an auth layer.
 
@@ -19,6 +19,8 @@ data/production.env:
 ```
 # Path to mastodon instance. Defaults to current working dir
 MASTOPATH=/home/mastodon/glitch-soc
+
+# The address to mastodon
 MASTOHOST=localhost:3000
 
 # Listen address and port for PAWS. Can safely be ignored if running on same host as web server
@@ -32,6 +34,8 @@ PAWS_DOMAIN=bappypaws.example.com
 Extra environment variables (cannot be put in production.env):
 - LOGDATE: boolean (default: yes). Set to no to remove access times from the console log
 
+If Mastodon is on a different host, you'll have to copy Mastodon's .env.production to the working directory or mount the Mastodon directory to make it accessible to PAWS
+
 ### Caddy
 
 Append this to caddy's mastodon config:
@@ -57,9 +61,103 @@ proxy /auth localhost:3001 {
 }
 ```
 
+Config for PAWS domain:
+
+```
+paws.bappypaws.example.com {
+	proxy / localhost:3001 {
+		transparent
+	}
+}
+```
+
 ### Nginx
 
-Coming soon. Convert caddy's config to nginx format if you know how for now
+Append this to the mastodon config (Thanks to [@finkeldoodle@transfur.online](https://transfur.online/@frinkeldoodle) for the conversion)
+
+```
+## Note: Order of location blocks is IMPORTANT.
+## Nginx matches longest non-regex location block, then **FIRST** matching regex block takes preference.
+## (regex blocks are ones with ~ or ~* before the path)
+
+## This file is designed to be dropped into the Mastodon server block, probably before all the location blocks.
+
+## If starts with /users, ends with inbox, bypass filter
+location ~* ^/users[\s\S]*inbox {
+        try_files $uri @proxy;
+}
+
+## If starts with /users, /@, or /paws, enter filter
+location ~* ^/(users|@|paws) {
+        try_files '' @paws;
+}
+
+
+location @paws {
+        proxy_set_header Host                   $host;
+        proxy_set_header X-Real-IP              $remote_addr;
+        proxy_set_header X-Forwarded-For        $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto      https;
+        proxy_set_header Proxy                  "";
+        proxy_pass_header                       Server;
+
+        proxy_pass http://localhost:3001;
+}
+```
+
+Config for PAWS domain:
+
+```
+server {
+	listen 80;
+	listen [::]:80;
+	server_name paws.bappypaws.example.com;
+	root /home/mastodon/live/public;
+	location /.well-known/acme-challenge/ { allow all; }
+	location / { return 301 https://$host$request_uri; }
+}
+
+server {
+	listen 443 ssl http2;
+	listen [::]:443 ssl http2;
+	server_name paws.bappypaws.example.com;
+
+	ssl_protocols TLSv1.2 TLSv1.3;
+	ssl_ciphers HIGH:!MEDIUM:!LOW:!aNULL:!NULL:!SHA;
+	ssl_prefer_server_ciphers on;
+	ssl_session_cache shared:SSL:10m;
+
+	# Uncomment these lines once you acquire a certificate:
+	# ssl_certificate     /etc/letsencrypt/live/paws.bappypaws.example.com/fullchain.pem;
+	# ssl_certificate_key /etc/letsencrypt/live/paws.bappypaws.example.com/privkey.pem;
+
+	keepalive_timeout    70;
+	sendfile             on;
+	client_max_body_size 80m;
+
+	gzip on;
+	gzip_disable "msie6";
+	gzip_vary on;
+	gzip_proxied any;
+	gzip_comp_level 6;
+	gzip_buffers 16 8k;
+	gzip_http_version 1.1;
+	gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
+
+	add_header Strict-Transport-Security "max-age=31536000";
+
+	location / {
+			proxy_set_header Host                   $host;
+			proxy_set_header X-Real-IP              $remote_addr;
+			proxy_set_header X-Forwarded-For        $proxy_add_x_forwarded_for;
+			proxy_set_header X-Forwarded-Proto      https;
+			proxy_set_header Proxy                  "";
+			proxy_pass_header                       Server;
+
+			proxy_pass http://localhost:3001;
+	}
+}
+```
 
 ### Mastodon
 

paws/routes.py

@@ -83,6 +83,7 @@ async def start_webserver():
 
 			logging.info(f'Starting webserver at socket: {sock_listen}')
 			site = aiohttp.web.UnixSite(runner, sock_listen)
+			os.chmod(sock_listen, 0o664)
 
 		else:
 			logging.error('Windows cannot use unix sockets. Use an IP address instead. Exiting...')
@@ -93,15 +94,15 @@ async def start_webserver():
 			address(listen)
 
 		except ValueError:
-			logging.warning('Invalid IP address. Listening on "0.0.0.0" instead.')
+			logging.warning('Invalid IP address. Listening on "127.0.0.1" instead.')
 			listen = '127.0.0.1'
 
 		try:
 			int(port)
 
 		except ValueError:
-			logging.warning('Invalid port. Using 3621 instead.')
-			port = 3621
+			logging.warning('Invalid port. Using 3001 instead.')
+			port = 3001
 
 		logging.info(f'Starting webserver at address: {listen}:{port}')
 		site = aiohttp.web.TCPSite(runner, listen, port)

paws/templates/components/badge.svg

@@ -0,0 +1,162 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+   xmlns:dc="http://purl.org/dc/elements/1.1/"
+   xmlns:cc="http://creativecommons.org/ns#"
+   xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
+   xmlns:svg="http://www.w3.org/2000/svg"
+   xmlns="http://www.w3.org/2000/svg"
+   xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
+   xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
+   width="300"
+   height="400"
+   viewBox="0 0 79.374999 105.83333"
+   version="1.1"
+   id="svg8"
+   inkscape:version="0.92.4 (5da689c313, 2019-01-14)"
+   sodipodi:docname="logo.svg"
+   inkscape:export-filename="/home/zoey/Desktop/logo.svg.png"
+   inkscape:export-xdpi="96"
+   inkscape:export-ydpi="96">
+  <title
+     id="title817">Gently Protected by PAWS</title>
+  <defs
+     id="defs2" />
+  <sodipodi:namedview
+     id="base"
+     pagecolor="#ffffff"
+     bordercolor="#666666"
+     borderopacity="1.0"
+     inkscape:pageopacity="0.0"
+     inkscape:pageshadow="2"
+     inkscape:zoom="1.4142136"
+     inkscape:cx="-9.008941"
+     inkscape:cy="193.715"
+     inkscape:document-units="mm"
+     inkscape:current-layer="svg8"
+     showgrid="true"
+     guidetolerance="10000"
+     units="px"
+     inkscape:window-width="1280"
+     inkscape:window-height="972"
+     inkscape:window-x="0"
+     inkscape:window-y="27"
+     inkscape:window-maximized="1"
+     inkscape:snap-text-baseline="true">
+    <inkscape:grid
+       type="xygrid"
+       id="grid815" />
+  </sodipodi:namedview>
+  <metadata
+     id="metadata5">
+    <rdf:RDF>
+      <cc:Work
+         rdf:about="">
+        <dc:format>image/svg+xml</dc:format>
+        <dc:type
+           rdf:resource="http://purl.org/dc/dcmitype/StillImage" />
+        <dc:title>Gently Protected by PAWS</dc:title>
+        <cc:license
+           rdf:resource="http://creativecommons.org/licenses/by-nc-sa/4.0/" />
+      </cc:Work>
+      <cc:License
+         rdf:about="http://creativecommons.org/licenses/by-nc-sa/4.0/">
+        <cc:permits
+           rdf:resource="http://creativecommons.org/ns#Reproduction" />
+        <cc:permits
+           rdf:resource="http://creativecommons.org/ns#Distribution" />
+        <cc:requires
+           rdf:resource="http://creativecommons.org/ns#Notice" />
+        <cc:requires
+           rdf:resource="http://creativecommons.org/ns#Attribution" />
+        <cc:prohibits
+           rdf:resource="http://creativecommons.org/ns#CommercialUse" />
+        <cc:permits
+           rdf:resource="http://creativecommons.org/ns#DerivativeWorks" />
+        <cc:requires
+           rdf:resource="http://creativecommons.org/ns#ShareAlike" />
+      </cc:License>
+    </rdf:RDF>
+  </metadata>
+  <g
+     inkscape:label="Layer 1"
+     id="layer1"
+     transform="translate(0,-191.16667)"
+     inkscape:groupmode="layer">
+    <rect
+       style="fill:#2b0b1a;fill-opacity:1;stroke-width:0.26458332;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;paint-order:markers fill stroke"
+       id="rect823"
+       width="79.375"
+       height="105.83333"
+       x="0"
+       y="191.16667"
+       ry="15.874998" />
+    <path
+       style="fill:#5f0029;fill-opacity:0.99719891;stroke:#000000;stroke-width:0;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
+       d="m 0,204.39584 c 3.1481224,75.36347 79.375466,35.7162 79.375,35.71875 l 0.02339,41.00745 C 79.407325,296.79004 63.5,297 63.5,297 H 15.875 C 0,297 0,281.125 0,281.125 v -76.72916"
+       id="path825"
+       inkscape:connector-curvature="0"
+       sodipodi:nodetypes="ccscscc" />
+  </g>
+  <g
+     inkscape:label="logo"
+     id="paw_logo"
+     transform="translate(0,-244.08334)"
+     inkscape:groupmode="layer"
+     style="display:inline">
+    <circle
+       id="pawpad"
+       cx="39.026043"
+       cy="280.46356"
+       r="13.229166"
+       style="fill:#ffebeb;fill-opacity:1;stroke-width:0.26458332" />
+    <circle
+       id="toebean1"
+       cx="31.088533"
+       cy="259.29691"
+       r="5.2916665"
+       style="fill:#ffebeb;fill-opacity:1;stroke-width:0.26458332" />
+    <circle
+       id="toebean2"
+       cx="46.963547"
+       cy="259.29691"
+       r="5.2916665"
+       style="fill:#ffebeb;fill-opacity:1;stroke-width:0.26458332" />
+    <circle
+       id="tobean3"
+       cx="59.134399"
+       cy="269.88037"
+       r="5.2916665"
+       style="display:inline;fill:#ffebeb;fill-opacity:1;stroke-width:0.26458332" />
+    <circle
+       id="toebean4"
+       cx="18.917707"
+       cy="269.88037"
+       r="5.2916665"
+       style="display:inline;fill:#ffebeb;fill-opacity:1;stroke-width:0.26458332" />
+  </g>
+  <flowRoot
+     xml:space="preserve"
+     id="textContainer"
+     style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;font-size:40.47038651px;line-height:1.25;font-family:sans-serif;-inkscape-font-specification:'sans-serif, Bold';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-feature-settings:normal;text-align:start;letter-spacing:0px;word-spacing:0px;writing-mode:lr-tb;text-anchor:start;display:inline;fill:#f5f5f5;fill-opacity:1;stroke:none"
+     transform="matrix(0.2966959,0,0,0.28422717,-4.0751446,-2.6908806)"
+     inkscape:label="text"><flowRegion
+       id="text"
+       style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;font-size:40.47038651px;font-family:sans-serif;-inkscape-font-specification:'sans-serif, Bold';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-feature-settings:normal;text-align:start;writing-mode:lr-tb;text-anchor:start;fill:#f5f5f5;fill-opacity:1"><rect
+         id="rect4533"
+         width="235"
+         height="150"
+         x="30"
+         y="225"
+         style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;font-size:40.47038651px;font-family:sans-serif;-inkscape-font-specification:'sans-serif, Bold';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-feature-settings:normal;text-align:start;writing-mode:lr-tb;text-anchor:start;fill:#f5f5f5;fill-opacity:1" /></flowRegion><flowPara
+       id="gently"
+       style="text-align:center">Gently</flowPara><flowPara
+       id="secured"
+       style="text-align:center">Secured</flowPara><flowPara
+       id="byPAWS"
+       style="text-align:center">by PAWS</flowPara></flowRoot>  <g
+     inkscape:groupmode="layer"
+     id="layer4"
+     inkscape:label="text" />
+</svg>

paws/templates/components/logo.svg

@@ -24,7 +24,7 @@
 		</rdf:RDF>
 	</metadata>
 	<g
-		inkscape:label="Layer 1"
+		inkscape:label="logo"
 		inkscape:groupmode="layer"
 		id="paw_logo"
 		transform="translate(0,-244.08334)">

reload.cfg

@@ -1,5 +1,5 @@
 exec = ./server.py
 watch_ext = py, env
 ignore_dirs = build, data
-ignore_files = reload.py, test.py
+ignore_files = reload.py, test.py, heck.py
 log_level = INFO