remove uneccessary routes and update readme
This commit is contained in:
parent
1ea67bee39
commit
1bc181a76c
32
README.md
32
README.md
|
@ -4,7 +4,7 @@ Web proxy for Mastodon that puts public profiles behind an auth layer.
|
|||
|
||||
## How it works
|
||||
|
||||
PAWS sits between Mastodon and your front-facing web proxy to intercept incoming requests. If a profile, toot, or any related json is requested, it will be blocked unless authenticated.
|
||||
PAWS sits between Mastodon and your front-facing web proxy to intercept incoming requests. If a profile, toot, or any related json is requested, it will be blocked unless authenticated. If authenticated fetches on mastodon are disabled, PAWS will check signatures instead
|
||||
|
||||
Note: Still very much a WIP. Currently it's just simple http auth, but I plan on adding the ability to login via oauth
|
||||
|
||||
|
@ -12,15 +12,30 @@ Note: Still very much a WIP. Currently it's just simple http auth, but I plan on
|
|||
|
||||
Python 3.6.0+ (3.8.0 recommended)
|
||||
|
||||
`python3 setup.py install`
|
||||
`python3 -m pip install -r requirements.txt --user`
|
||||
|
||||
## Configuration
|
||||
|
||||
(eventually)
|
||||
data/production.env:
|
||||
|
||||
```
|
||||
# Path to mastodon instance. Defaults to current working dir
|
||||
MASTOPATH=/home/mastodon/glitch-soc
|
||||
|
||||
# Listen address and port for PAWS. Can safely be ignored if running on same host as web server
|
||||
PAWS_HOST=127.0.0.1
|
||||
PAWS_PORT=3001
|
||||
|
||||
# These will be phased out
|
||||
PAWS_USER=admin
|
||||
PAWS_PASS=password
|
||||
```
|
||||
|
||||
### Caddy
|
||||
|
||||
'''
|
||||
Append this to caddy's mastodon config:
|
||||
|
||||
```
|
||||
rewrite {
|
||||
if_op and
|
||||
if {path} starts_with /users
|
||||
|
@ -29,7 +44,9 @@ rewrite {
|
|||
}
|
||||
|
||||
rewrite {
|
||||
if_op or
|
||||
if {path} starts_with /@
|
||||
if {path} starts_with /authorize
|
||||
to {path} /auth/{path}
|
||||
}
|
||||
|
||||
|
@ -37,4 +54,9 @@ proxy /auth localhost:3001 {
|
|||
without /auth
|
||||
transparent
|
||||
}
|
||||
'''
|
||||
```
|
||||
|
||||
### Nginx
|
||||
|
||||
Coming soon. Convert caddy's config to nginx format if you know how for now
|
||||
|
||||
|
|
|
@ -62,18 +62,21 @@ def parse_ua(agent):
|
|||
elif 'Pleroma' in agent:
|
||||
ua2 = ua1[1].split(' <')
|
||||
|
||||
elif 'Misskey' in agent:
|
||||
elif 'Misskey' in agent or 'BarksharkRelay' in agent:
|
||||
ua2 = ua1[1].split(')')
|
||||
|
||||
elif 'Friendica' in agent:
|
||||
logging.info(ua1[1])
|
||||
logging.debug(ua1[1])
|
||||
return ua1[1]
|
||||
|
||||
elif 'activityrelay' in agent.lower():
|
||||
return ''
|
||||
|
||||
else:
|
||||
logging.warning(f'Unhandled user-agent: {agent}')
|
||||
|
||||
if len(ua2) > 1:
|
||||
logging.info(ua2[0])
|
||||
logging.debug(ua2[0])
|
||||
return ua2[0]
|
||||
|
||||
logging.warning(f'Invalid user-agent: {agent}')
|
||||
|
@ -99,7 +102,7 @@ async def passthrough(path, headers, post=None, query=None):
|
|||
if resp.status not in [200, 202]:
|
||||
print(data)
|
||||
logging.warning(f'Recieved error {resp.status} from Mastodon')
|
||||
json_error(504, f'Failed to forward request. Recieved error {resp.status} from Mastodon')
|
||||
json_error(resp.status, f'Failed to forward request. Recieved error {resp.status} from Mastodon')
|
||||
|
||||
raise aiohttp.web.HTTPOk(body=data, content_type=resp.content_type)
|
||||
|
||||
|
@ -209,7 +212,7 @@ async def http_filter(app, handler):
|
|||
async def http_filter_handler(request):
|
||||
ua = request.headers.get('user-agent')
|
||||
|
||||
if 'Mozilla/5.0' not in ua and 'aiohttp/3.3.2' not in ua:
|
||||
if not user_check(request.path):
|
||||
try:
|
||||
data = await request.json()
|
||||
actor = data.get('actor')
|
||||
|
|
|
@ -20,13 +20,7 @@ def webserver():
|
|||
])
|
||||
|
||||
web.add_routes([
|
||||
aiohttp.web.route('*', '/', views.heck),
|
||||
aiohttp.web.route('*', '/@{user}', views.heck),
|
||||
aiohttp.web.route('*', '/@{user}/{post}', views.heck),
|
||||
aiohttp.web.route('*', '/@{user}/{post}/activity', views.heck),
|
||||
aiohttp.web.route('*', '/users/{user}', views.heck),
|
||||
aiohttp.web.route('*', '/users/{user}/{post}', views.heck),
|
||||
aiohttp.web.route('*', '/users/{user}/{post}/activity', views.heck)
|
||||
aiohttp.web.route('GET', '/authorize', views.authorize),
|
||||
])
|
||||
|
||||
return web
|
||||
|
|
|
@ -1,9 +1,5 @@
|
|||
import aiohttp
|
||||
|
||||
async def heck(request):
|
||||
data = {
|
||||
'path': request.match_info.get('path'),
|
||||
'msg': 'UvU'
|
||||
}
|
||||
|
||||
async def authorize(request):
|
||||
data = {['heck']}
|
||||
return aiohttp.web.json_response(data)
|
||||
|
|
12
requirements.txt
Normal file
12
requirements.txt
Normal file
|
@ -0,0 +1,12 @@
|
|||
# todo: module version numbers
|
||||
dbutils
|
||||
pygresql
|
||||
tinydb
|
||||
tinyrecord
|
||||
tinydb-smartcache
|
||||
aiohttp
|
||||
pycryptodome
|
||||
tldextract
|
||||
envbash
|
||||
ipaddress
|
||||
|
Loading…
Reference in a new issue